forked from Mirrors/freeswitch
fix many nat woes, see changes to default config for details
git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@8391 d0543943-73ff-0310-b7d9-9358b9ac24b2
This commit is contained in:
parent
8541587db6
commit
dc757bc9cf
@ -35,10 +35,12 @@
|
||||
<!-- ip address to bind to -->
|
||||
<param name="sip-ip" value="$${local_ip_v4}"/>
|
||||
<param name="hold-music" value="$${hold_music}"/>
|
||||
<param name="apply-register-acl" value="rfc1918"/>
|
||||
<param name="apply-nat-acl" value="rfc1918"/>
|
||||
<!--<param name="enable-timer" value="false"/>-->
|
||||
<!--<param name="enable-100rel" value="false"/>-->
|
||||
<!--<param name="apply-inbound-acl" value="lan"/>-->
|
||||
<!--<param name="apply-register-acl" value="lan"/>-->
|
||||
<!--<param name="apply-inbound-acl" value="rfc1918"/>-->
|
||||
<!--<param name="apply-register-acl" value="rfc1918"/>-->
|
||||
<!--<param name="dtmf-type" value="info"/>-->
|
||||
<param name="record-template" value="$${base_dir}/recordings/${caller_id_number}.${strftime(%Y-%m-%d-%H-%M-%S)}.wav"/>
|
||||
<!--enable to use presense and mwi -->
|
||||
|
@ -339,6 +339,7 @@ static switch_status_t sofia_answer_channel(switch_core_session_t *session)
|
||||
const char *val;
|
||||
const char *b_sdp = NULL;
|
||||
int is_proxy = 0;
|
||||
char *sticky = NULL;
|
||||
|
||||
if (switch_test_flag(tech_pvt, TFLAG_ANS) || switch_channel_test_flag(channel, CF_OUTBOUND)) {
|
||||
return SWITCH_STATUS_SUCCESS;
|
||||
@ -406,8 +407,18 @@ static switch_status_t sofia_answer_channel(switch_core_session_t *session)
|
||||
}
|
||||
}
|
||||
|
||||
if (switch_test_flag(tech_pvt, TFLAG_NAT) ||
|
||||
(val = switch_channel_get_variable(channel, "sip-force-contact")) ||
|
||||
((val = switch_channel_get_variable(channel, "sip_sticky_contact")) && switch_true(val))) {
|
||||
sticky = tech_pvt->record_route;
|
||||
session_timeout = 20;
|
||||
}
|
||||
|
||||
|
||||
|
||||
nua_respond(tech_pvt->nh, SIP_200_OK,
|
||||
NUTAG_AUTOANSWER(0),
|
||||
TAG_IF(sticky, NUTAG_PROXY(tech_pvt->record_route)),
|
||||
NUTAG_SESSION_TIMER(session_timeout),
|
||||
SIPTAG_CONTACT_STR(tech_pvt->reply_contact),
|
||||
SOATAG_USER_SDP_STR(tech_pvt->local_sdp_str),
|
||||
@ -1039,6 +1050,9 @@ static switch_status_t sofia_receive_message(switch_core_session_t *session, swi
|
||||
break;
|
||||
case SWITCH_MESSAGE_INDICATE_PROGRESS:
|
||||
{
|
||||
char *sticky = NULL;
|
||||
const char *val = NULL;
|
||||
|
||||
if (!switch_test_flag(tech_pvt, TFLAG_ANS) && !switch_test_flag(tech_pvt, TFLAG_EARLY_MEDIA)) {
|
||||
|
||||
switch_set_flag_locked(tech_pvt, TFLAG_EARLY_MEDIA);
|
||||
@ -1087,9 +1101,18 @@ static switch_status_t sofia_receive_message(switch_core_session_t *session, swi
|
||||
}
|
||||
}
|
||||
switch_channel_mark_pre_answered(channel);
|
||||
|
||||
|
||||
if (switch_test_flag(tech_pvt, TFLAG_NAT) ||
|
||||
(val = switch_channel_get_variable(channel, "sip-force-contact")) ||
|
||||
((val = switch_channel_get_variable(channel, "sip_sticky_contact")) && switch_true(val))) {
|
||||
sticky = tech_pvt->record_route;
|
||||
}
|
||||
|
||||
nua_respond(tech_pvt->nh,
|
||||
SIP_183_SESSION_PROGRESS,
|
||||
NUTAG_AUTOANSWER(0),
|
||||
TAG_IF(sticky, NUTAG_PROXY(tech_pvt->record_route)),
|
||||
SIPTAG_CONTACT_STR(tech_pvt->reply_contact),
|
||||
SOATAG_REUSE_REJECTED(1),
|
||||
SOATAG_ORDERED_USER(1),
|
||||
@ -1865,6 +1888,8 @@ static switch_call_cause_t sofia_outgoing_channel(switch_core_session_t *session
|
||||
switch_ivr_transfer_variable(session, nsession, "sip_auto_answer");
|
||||
switch_ivr_transfer_variable(session, nsession, SOFIA_SIP_HEADER_PREFIX_T);
|
||||
switch_ivr_transfer_variable(session, nsession, "sip_video_fmtp");
|
||||
switch_ivr_transfer_variable(session, nsession, "sip-force-contact");
|
||||
switch_ivr_transfer_variable(session, nsession, "sip_sticky_contact");
|
||||
|
||||
if (switch_core_session_compare(session, nsession)) {
|
||||
/* It's another sofia channel! so lets cache what they use as a pt for telephone event so
|
||||
|
@ -172,7 +172,7 @@ typedef enum {
|
||||
TFLAG_REFER = (1 << 17),
|
||||
TFLAG_NOHUP = (1 << 18),
|
||||
TFLAG_XFER = (1 << 19),
|
||||
TFLAG_RESERVED = (1 << 20),
|
||||
TFLAG_NAT = (1 << 20),
|
||||
TFLAG_BUGGY_2833 = (1 << 21),
|
||||
TFLAG_SIP_HOLD = (1 << 22),
|
||||
TFLAG_INB_NOMEDIA = (1 << 23),
|
||||
@ -330,6 +330,8 @@ struct sofia_profile {
|
||||
uint32_t acl_count;
|
||||
char *reg_acl[SOFIA_MAX_ACL];
|
||||
uint32_t reg_acl_count;
|
||||
char *nat_acl[SOFIA_MAX_ACL];
|
||||
uint32_t nat_acl_count;
|
||||
|
||||
};
|
||||
|
||||
@ -394,6 +396,7 @@ struct private_object {
|
||||
char *gateway_name;
|
||||
char *local_crypto_key;
|
||||
char *remote_crypto_key;
|
||||
char *record_route;
|
||||
int crypto_tag;
|
||||
unsigned char local_raw_key[SWITCH_RTP_MAX_CRYPTO_LEN];
|
||||
unsigned char remote_raw_key[SWITCH_RTP_MAX_CRYPTO_LEN];
|
||||
@ -434,6 +437,8 @@ struct private_object {
|
||||
uint32_t video_count;
|
||||
sofia_dtmf_t dtmf_type;
|
||||
int q850_cause;
|
||||
char *remote_ip;
|
||||
int remote_port;
|
||||
};
|
||||
|
||||
struct callback_t {
|
||||
@ -444,7 +449,8 @@ struct callback_t {
|
||||
|
||||
typedef enum {
|
||||
REG_REGISTER,
|
||||
REG_INVITE
|
||||
REG_AUTO_REGISTER,
|
||||
REG_INVITE,
|
||||
} sofia_regtype_t;
|
||||
|
||||
typedef enum {
|
||||
|
@ -1299,6 +1299,12 @@ switch_status_t config_sofia(int reload, char *profile_name)
|
||||
profile->username = switch_core_strdup(profile->pool, val);
|
||||
} else if (!strcasecmp(var, "context")) {
|
||||
profile->context = switch_core_strdup(profile->pool, val);
|
||||
} else if (!strcasecmp(var, "apply-nat-acl")) {
|
||||
if (profile->acl_count < SOFIA_MAX_ACL) {
|
||||
profile->nat_acl[profile->nat_acl_count++] = switch_core_strdup(profile->pool, val);
|
||||
} else {
|
||||
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Max acl records of %d reached\n", SOFIA_MAX_ACL);
|
||||
}
|
||||
} else if (!strcasecmp(var, "apply-inbound-acl")) {
|
||||
if (profile->acl_count < SOFIA_MAX_ACL) {
|
||||
profile->acl[profile->acl_count++] = switch_core_strdup(profile->pool, val);
|
||||
@ -1529,6 +1535,9 @@ static void sofia_handle_sip_r_options(switch_core_session_t *session, int statu
|
||||
if (gateway) {
|
||||
if (status == 200 || status == 404) {
|
||||
//switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "ping success %s\n", gateway->name);
|
||||
if (gateway->state == REG_STATE_FAILED) {
|
||||
gateway->state = REG_STATE_UNREGED;
|
||||
}
|
||||
gateway->status = SOFIA_GATEWAY_UP;
|
||||
} else {
|
||||
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "ping failed %s\n", gateway->name);
|
||||
@ -2637,7 +2646,7 @@ void sofia_handle_sip_i_invite(nua_t *nua, sofia_profile_t *profile, nua_handle_
|
||||
uint32_t sess_max = switch_core_session_limit(0);
|
||||
int is_auth = 0, calling_myself = 0;
|
||||
su_addrinfo_t *my_addrinfo = msg_addrinfo(nua_current_request(nua));
|
||||
|
||||
int network_port = 0;
|
||||
|
||||
if (sess_count >= sess_max || !(profile->pflags & PFLAG_RUNNING)) {
|
||||
nua_respond(nh, 503, "Maximum Calls In Progress", SIPTAG_RETRY_AFTER_STR("300"), TAG_END());
|
||||
@ -2652,6 +2661,7 @@ void sofia_handle_sip_i_invite(nua_t *nua, sofia_profile_t *profile, nua_handle_
|
||||
|
||||
|
||||
get_addr(network_ip, sizeof(network_ip), &((struct sockaddr_in *) my_addrinfo->ai_addr)->sin_addr);
|
||||
network_port = ntohs(((struct sockaddr_in *) msg_addrinfo(nua_current_request(nua))->ai_addr)->sin_port);
|
||||
|
||||
if (profile->acl_count) {
|
||||
uint32_t x = 0;
|
||||
@ -2679,8 +2689,7 @@ void sofia_handle_sip_i_invite(nua_t *nua, sofia_profile_t *profile, nua_handle_
|
||||
|
||||
|
||||
if ((profile->pflags & PFLAG_AUTH_CALLS) || (!(profile->pflags & PFLAG_BLIND_AUTH) && (sip->sip_proxy_authorization || sip->sip_authorization))) {
|
||||
int rport = ntohs(((struct sockaddr_in *) msg_addrinfo(nua_current_request(nua))->ai_addr)->sin_port);
|
||||
if (!strcmp(network_ip, profile->sipip) && rport == profile->sip_port) {
|
||||
if (!strcmp(network_ip, profile->sipip) && network_port == profile->sip_port) {
|
||||
calling_myself++;
|
||||
} else {
|
||||
if (sofia_reg_handle_register(nua, profile, nh, sip, REG_INVITE, key, sizeof(key), &v_event)) {
|
||||
@ -2714,6 +2723,16 @@ void sofia_handle_sip_i_invite(nua_t *nua, sofia_profile_t *profile, nua_handle_
|
||||
}
|
||||
switch_mutex_init(&tech_pvt->flag_mutex, SWITCH_MUTEX_NESTED, switch_core_session_get_pool(session));
|
||||
|
||||
tech_pvt->remote_ip = switch_core_session_strdup(session, network_ip);
|
||||
tech_pvt->remote_port = network_port;
|
||||
|
||||
if (sip->sip_contact && sip->sip_contact->m_url) {
|
||||
tech_pvt->record_route = switch_core_session_sprintf(session, "sip:%s@%s:%d",
|
||||
sip->sip_contact->m_url->url_user,
|
||||
tech_pvt->remote_ip,
|
||||
tech_pvt->remote_port);
|
||||
}
|
||||
|
||||
if (*key != '\0') {
|
||||
tech_pvt->key = switch_core_session_strdup(session, key);
|
||||
}
|
||||
@ -3128,6 +3147,34 @@ void sofia_handle_sip_i_invite(nua_t *nua, sofia_profile_t *profile, nua_handle_
|
||||
sofia_glue_execute_sql(profile, &sql, SWITCH_TRUE);
|
||||
}
|
||||
|
||||
|
||||
if (profile->nat_acl_count) {
|
||||
uint32_t x = 0;
|
||||
int ok = 1;
|
||||
char *last_acl = NULL;
|
||||
const char *contact_host = NULL;
|
||||
|
||||
if (sip && sip->sip_contact && sip->sip_contact->m_url && sip->sip_contact->m_url->url_host) {
|
||||
contact_host = sip->sip_contact->m_url->url_host;
|
||||
}
|
||||
if (contact_host) {
|
||||
for (x = 0 ; x < profile->nat_acl_count; x++) {
|
||||
last_acl = profile->nat_acl[x];
|
||||
if (!(ok = switch_check_network_list_ip(contact_host, last_acl))) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (ok) {
|
||||
switch_set_flag(tech_pvt, TFLAG_NAT);
|
||||
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Setting NAT mode based on acl %s\n", last_acl);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -868,6 +868,7 @@ switch_status_t sofia_glue_do_invite(switch_core_session_t *session)
|
||||
uint32_t session_timeout = 0;
|
||||
const char *val;
|
||||
const char *rep;
|
||||
char *sticky;
|
||||
|
||||
rep = switch_channel_get_variable(channel, SOFIA_REPLACES_HEADER);
|
||||
|
||||
@ -1001,6 +1002,17 @@ switch_status_t sofia_glue_do_invite(switch_core_session_t *session)
|
||||
TAG_END());
|
||||
|
||||
|
||||
if (switch_test_flag(tech_pvt, TFLAG_NAT) ||
|
||||
(val = switch_channel_get_variable(channel, "sip-force-contact")) ||
|
||||
((val = switch_channel_get_variable(channel, "sip_sticky_contact")) && switch_true(val))) {
|
||||
tech_pvt->record_route = switch_core_session_strdup(tech_pvt->session, url_str);
|
||||
sticky = tech_pvt->record_route;
|
||||
session_timeout = 20;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
/* TODO: We should use the new tags for making an rpid and add profile options to turn this on/off */
|
||||
if (switch_test_flag(caller_profile, SWITCH_CPF_HIDE_NAME)) {
|
||||
priv = "name";
|
||||
@ -1091,6 +1103,7 @@ switch_status_t sofia_glue_do_invite(switch_core_session_t *session)
|
||||
sofia_glue_tech_patch_sdp(tech_pvt);
|
||||
}
|
||||
|
||||
|
||||
nua_invite(tech_pvt->nh,
|
||||
NUTAG_AUTOANSWER(0),
|
||||
NUTAG_SESSION_TIMER(session_timeout),
|
||||
|
@ -495,7 +495,8 @@ uint8_t sofia_reg_handle_register(nua_t * nua, sofia_profile_t *profile, nua_han
|
||||
authorization = sip->sip_proxy_authorization;
|
||||
}
|
||||
|
||||
if (regtype == REG_REGISTER && (profile->pflags & PFLAG_BLIND_REG)) {
|
||||
if (regtype == REG_AUTO_REGISTER || (regtype == REG_REGISTER && (profile->pflags & PFLAG_BLIND_REG))) {
|
||||
regtype = REG_REGISTER;
|
||||
goto reg;
|
||||
}
|
||||
|
||||
@ -716,20 +717,30 @@ void sofia_reg_handle_sip_i_register(nua_t * nua, sofia_profile_t *profile, nua_
|
||||
switch_event_t *v_event = NULL;
|
||||
char network_ip[80];
|
||||
su_addrinfo_t *my_addrinfo = msg_addrinfo(nua_current_request(nua));
|
||||
sofia_regtype_t type = REG_REGISTER;
|
||||
|
||||
if (profile->reg_acl_count) {
|
||||
uint32_t x = 0;
|
||||
int ok = 1;
|
||||
char *last_acl = NULL;
|
||||
|
||||
get_addr(network_ip, sizeof(network_ip), &((struct sockaddr_in *) my_addrinfo->ai_addr)->sin_addr);
|
||||
|
||||
for (x = 0 ; x < profile->reg_acl_count; x++) {
|
||||
if (!switch_check_network_list_ip(network_ip, profile->reg_acl[x])) {
|
||||
last_acl = profile->reg_acl[x];
|
||||
if (!(ok = switch_check_network_list_ip(network_ip, last_acl))) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (ok && !(profile->pflags & PFLAG_BLIND_REG)) {
|
||||
type = REG_AUTO_REGISTER;
|
||||
} else if (!ok) {
|
||||
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "IP %s Rejected by acl %s\n", network_ip, profile->reg_acl[x]);
|
||||
nua_respond(nh, SIP_403_FORBIDDEN, NUTAG_WITH_THIS(nua), TAG_END());
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if (!(profile->mflags & MFLAG_REGISTER)) {
|
||||
@ -749,7 +760,7 @@ void sofia_reg_handle_sip_i_register(nua_t * nua, sofia_profile_t *profile, nua_
|
||||
goto end;
|
||||
}
|
||||
|
||||
sofia_reg_handle_register(nua, profile, nh, sip, REG_REGISTER, key, sizeof(key), &v_event);
|
||||
sofia_reg_handle_register(nua, profile, nh, sip, type, key, sizeof(key), &v_event);
|
||||
|
||||
if (v_event) {
|
||||
switch_event_fire(&v_event);
|
||||
|
Loading…
Reference in New Issue
Block a user