This shows you the differences between two versions of the page.
— | kamailio:presence:k31-made-simple [2010/10/25 20:29] (current) – created - external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== SIP SIMPLE Presence Made Simple with Kamailio 3.1.x ====== | ||
+ | |||
+ | <code c> | ||
+ | Author: Daniel-Constantin Mierla | ||
+ | 2010-09-29 | ||
+ | * http:// | ||
+ | |||
+ | ChangeLog: | ||
+ | * 2010-10-25: updated for Kamailio 3.1.0 release | ||
+ | </ | ||
+ | |||
+ | New **open source XCAP server** offered by Kamailio and SER projects can be used with their integrated SIMPLE Presence server or as stand-alone XCAP server. | ||
+ | |||
+ | {{http:// | ||
+ | |||
+ | [[http:// | ||
+ | |||
+ | The purpose of this document is to show how to build a SIP SIMPLE Presence server with XCAP capabilities. Over past years, SIMPLE extensions became famous for their complexity, by mixing SIP and HTTP and not only. Here we talk about a solution that is simple as concept and easy to deploy, everything relaying on open source and free software. | ||
+ | |||
+ | **Kamailio** is used to provide SIP SIMPLE presence server and XCAP server functionalities, | ||
+ | |||
+ | ===== About SIP SIMPLE Presence ===== | ||
+ | |||
+ | Kamailio introduced support for SIP SIMPLE presence many years ago. However, the complexity of specifications and architecture still prevent it to take off properly in the market. One of the show stoppers was the interaction with an XCAP server. XCAP is an XML based protocol using HTTP to carry documents to be stored on server side and used in many case by SIP Presence server. Such documents can be: | ||
+ | * buddy lists - your contacts | ||
+ | * presence access and manipulation rules - who is allowed to see your presence status and how | ||
+ | |||
+ | While there are few XCAP server implementations, | ||
+ | |||
+ | ==== References ==== | ||
+ | |||
+ | More about SIP SIMPLE presence and XCAP: | ||
+ | * RFCs: http:// | ||
+ | * Good introduction and examples in IBM WebSphere (R) documentation: | ||
+ | * http:// | ||
+ | |||
+ | |||
+ | ===== Embedded XCAP Server in Kamailio 3.1.x ===== | ||
+ | |||
+ | Kamailio 3.0 was able to handle HTTP, used only to process XMLRPC requests. v3.1.0 introduces a new module, xhttp, which is able to handle any kind of HTTP request. In top of it can be used another new module, xcap_server, | ||
+ | |||
+ | {{ http:// | ||
+ | |||
+ | Worth to mention that xhttp and xcap_server modules are completely independent one from the other. Meaning that if you send XCAP documents over SIP (and that is easy and secure over TLS), Kamailio can handle them, it is just a matter of configuration file. | ||
+ | |||
+ | Hopefully, ability of handling XCAP requests over SIP will attract some softphone implementors, | ||
+ | |||
+ | With the new xcap_server module, Kamailio 3.1.x completes the set of components required for a full implementation of SIP SIMPLE Presence server. The key benefits are: | ||
+ | * all-in-one solution - no need for external applications or exotic dependencies | ||
+ | * easy installation - it is installed with kamailio, runs wherever kamailio runs, it needs only libxml2 which is a requirement for the other old presence modules | ||
+ | * you can do XCAP operations via HTTP, HTTPS, and SIP (over TLS, TCP, UDP or SCTP) | ||
+ | * huge scalability - practically, | ||
+ | * security | ||
+ | * all security modules provided by Kamailio can be used, including digest authentication (you can authenticate with SIP username and password), IP filtering, etc. | ||
+ | * one port for both protocols - Kamailio is able to handle at the same time SIP and HTTP requests sent to port 5060 (or port 5061 in case of TLS connection (SIPS or HTTPS)), therefore less ports that should be left open in your firewall | ||
+ | * lightweight and compact solution - in case you want to run on embedded or limited resources system, you don't get a better option - everything is inside SIP server instance, compiled to machine code. | ||
+ | * simple to use - it is what this document tries to prove | ||
+ | |||
+ | You can browse the documentation for xhttp and xcap_server modules at: | ||
+ | * http:// | ||
+ | * http:// | ||
+ | |||
+ | ===== Deployment Description ===== | ||
+ | |||
+ | The Operating System used for this tutorial is Ubuntu 10.04, but we will use the generic installation from sources that applies to all Unix/Linux based distributions. | ||
+ | |||
+ | Requirements are the same as for old presence modules: | ||
+ | * core requirements: | ||
+ | * mysql server, client tool and library | ||
+ | * libxml2 library and development headers (libxml2-dev) | ||
+ | * optional: libssl library and development headers if you want to do XCAP over HTTPS/SIPS | ||
+ | |||
+ | As SIP softphone I used SIP Communicator, | ||
+ | |||
+ | The main focus in next sections is to show how to configure Kamailio to handle SIP SIMPLE presence and XCAP for storing buddy list and presence rules. There are other extensions of SIP SIMPLE that Kamailio supports, less common in practice, that will be skipped this time. | ||
+ | |||
+ | ===== Kamailio Installation ===== | ||
+ | |||
+ | For the sake of cleanness, this tutorial install Kamailio from sources, in a custom directory: / | ||
+ | |||
+ | Getting sources from GIT and install: | ||
+ | |||
+ | < | ||
+ | cd / | ||
+ | git clone --depth 1 git:// | ||
+ | cd kamailio-3.1.0 | ||
+ | git checkout -b 3.1 origin/3.1 | ||
+ | make PREFIX=/ | ||
+ | include_modules=" | ||
+ | make all | ||
+ | make install | ||
+ | </ | ||
+ | |||
+ | If you prefer to install from APT repository for Debian or Ubuntu distributions, | ||
+ | * http:// | ||
+ | |||
+ | In this case, you have to adapt the commands and content of config for the location of the files installed from deb packages. | ||
+ | |||
+ | ==== Add users ==== | ||
+ | |||
+ | Edit / | ||
+ | |||
+ | <code c> | ||
+ | SIP_DOMAIN=192.168.178.23 | ||
+ | DBENGINE=MYSQL | ||
+ | </ | ||
+ | |||
+ | Then create the database: | ||
+ | |||
+ | < | ||
+ | / | ||
+ | </ | ||
+ | |||
+ | Note: be sure you create presence tables. | ||
+ | |||
+ | Add your users: | ||
+ | |||
+ | <code c> | ||
+ | / | ||
+ | / | ||
+ | </ | ||
+ | |||
+ | To add users, you can use SIREMIS web management interface, more details about it at: | ||
+ | * http:// | ||
+ | |||
+ | {{ http:// | ||
+ | |||
+ | ==== Start Kamailio ==== | ||
+ | |||
+ | For the purpose of particular tutorial, you can start kamailio with: | ||
+ | |||
+ | < | ||
+ | / | ||
+ | </ | ||
+ | |||
+ | You can stop it with: | ||
+ | |||
+ | < | ||
+ | killall kamailio | ||
+ | </ | ||
+ | |||
+ | For alternatives, | ||
+ | |||
+ | ==== Configuration File ==== | ||
+ | |||
+ | Replace / | ||
+ | |||
+ | <code c> | ||
+ | |||
+ | #!KAMAILIO | ||
+ | # | ||
+ | # Kamailio (OpenSER) SIP Server v3.1 - default configuration script | ||
+ | # - web: http:// | ||
+ | # - git: http:// | ||
+ | # | ||
+ | # Direct your questions about this file to: < | ||
+ | # | ||
+ | # Refer to the Core CookBook at http:// | ||
+ | # for an explanation of possible statements, functions and parameters. | ||
+ | # | ||
+ | # Several features can be enabled using '# | ||
+ | # | ||
+ | # *** To run in debug mode: | ||
+ | # - define WITH_DEBUG | ||
+ | # | ||
+ | # *** To enable mysql: | ||
+ | # - define WITH_MYSQL | ||
+ | # | ||
+ | # *** To enable authentication execute: | ||
+ | # - enable mysql | ||
+ | # - define WITH_AUTH | ||
+ | # - add users using ' | ||
+ | # | ||
+ | # *** To enable IP authentication execute: | ||
+ | # - enable mysql | ||
+ | # - enable authentication | ||
+ | # - define WITH_IPAUTH | ||
+ | # - add IP addresses with group id ' | ||
+ | # | ||
+ | # *** To enable persistent user location execute: | ||
+ | # - enable mysql | ||
+ | # - define WITH_USRLOCDB | ||
+ | # | ||
+ | # *** To enable presence server execute: | ||
+ | # - enable mysql | ||
+ | # - define WITH_PRESENCE | ||
+ | # | ||
+ | # *** To enable nat traversal execute: | ||
+ | # - define WITH_NAT | ||
+ | # - install RTPProxy: http:// | ||
+ | # - start RTPProxy: | ||
+ | # rtpproxy -l _your_public_ip_ -s udp: | ||
+ | # | ||
+ | # *** To enable PSTN gateway routing execute: | ||
+ | # - define WITH_PSTN | ||
+ | # - set the value of pstn.gw_ip | ||
+ | # - check route[PSTN] for regexp routing condition | ||
+ | # | ||
+ | # *** To enable database aliases lookup execute: | ||
+ | # - enable mysql | ||
+ | # - define WITH_ALIASDB | ||
+ | # | ||
+ | # *** To enable multi-domain support execute: | ||
+ | # - enable mysql | ||
+ | # - define WITH_MULTIDOMAIN | ||
+ | # | ||
+ | # *** To enable TLS support execute: | ||
+ | # - adjust CFGDIR/ | ||
+ | # - define WITH_TLS | ||
+ | # | ||
+ | # *** To enable anti-flood detection execute: | ||
+ | # - adjust pike and htable=> | ||
+ | # block if more than 16 requests in 2 seconds and ban for 300 seconds) | ||
+ | # - define WITH_ANTIFLOOD | ||
+ | # | ||
+ | # *** To enhance accounting execute: | ||
+ | # - enable mysql | ||
+ | # - define WITH_ACCDB | ||
+ | # - add following columns to database | ||
+ | #!ifdef ACCDB_COMMENT | ||
+ | ALTER TABLE acc ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT ''; | ||
+ | ALTER TABLE acc ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT ''; | ||
+ | ALTER TABLE acc ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT ''; | ||
+ | ALTER TABLE acc ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT ''; | ||
+ | ALTER TABLE acc ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT ''; | ||
+ | ALTER TABLE missed_calls ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT ''; | ||
+ | ALTER TABLE missed_calls ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT ''; | ||
+ | ALTER TABLE missed_calls ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT ''; | ||
+ | ALTER TABLE missed_calls ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT ''; | ||
+ | ALTER TABLE missed_calls ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT ''; | ||
+ | #!endif | ||
+ | |||
+ | ####### Defined Values ######### | ||
+ | #!define WITH_MYSQL | ||
+ | #!define WITH_AUTH | ||
+ | #!define WITH_PRESENCE | ||
+ | #!define WITH_XCAPSRV | ||
+ | |||
+ | # *** Value defines - IDs used later in config | ||
+ | #!ifdef WITH_MYSQL | ||
+ | # - database URL - used to connect to database server by modules such | ||
+ | # as: auth_db, acc, usrloc, a.s.o. | ||
+ | #!define DBURL " | ||
+ | #!endif | ||
+ | #!ifdef WITH_MULTIDOMAIN | ||
+ | # - the value for ' | ||
+ | #!define MULTIDOMAIN 1 | ||
+ | #!else | ||
+ | #!define MULTIDOMAIN 0 | ||
+ | #!endif | ||
+ | |||
+ | # - flags | ||
+ | # FLT_ - per transaction (message) flags | ||
+ | # FLB_ - per branch flags | ||
+ | #!define FLT_ACC 1 | ||
+ | #!define FLT_ACCMISSED 2 | ||
+ | #!define FLT_ACCFAILED 3 | ||
+ | #!define FLT_NATS 5 | ||
+ | |||
+ | #!define FLB_NATB 6 | ||
+ | #!define FLB_NATSIPPING 7 | ||
+ | |||
+ | ####### Global Parameters ######### | ||
+ | |||
+ | #!ifdef WITH_DEBUG | ||
+ | debug=4 | ||
+ | log_stderror=yes | ||
+ | #!else | ||
+ | debug=2 | ||
+ | log_stderror=no | ||
+ | #!endif | ||
+ | |||
+ | memdbg=5 | ||
+ | memlog=5 | ||
+ | |||
+ | log_facility=LOG_LOCAL0 | ||
+ | |||
+ | fork=yes | ||
+ | children=4 | ||
+ | |||
+ | /* uncomment the next line to disable TCP (default on) */ | ||
+ | # | ||
+ | |||
+ | /* uncomment the next line to disable the auto discovery of local aliases | ||
+ | based on reverse DNS on IPs (default on) */ | ||
+ | # | ||
+ | |||
+ | /* add local domain aliases */ | ||
+ | # | ||
+ | |||
+ | /* uncomment and configure the following line if you want Kamailio to | ||
+ | bind on a specific interface/ | ||
+ | # | ||
+ | |||
+ | /* port to listen to | ||
+ | * - can be specified more than once if needed to listen on many ports */ | ||
+ | port=5060 | ||
+ | |||
+ | #!ifdef WITH_TLS | ||
+ | enable_tls=yes | ||
+ | #!endif | ||
+ | |||
+ | tcp_connection_lifetime=3604 | ||
+ | |||
+ | #!ifdef WITH_XCAPSRV | ||
+ | tcp_accept_no_cl=yes | ||
+ | #!endif | ||
+ | |||
+ | ####### Custom Parameters ######### | ||
+ | |||
+ | # These parameters can be modified runtime via RPC interface | ||
+ | # - see the documentation of ' | ||
+ | # | ||
+ | # Format: group.id = value ' | ||
+ | # Access: $sel(cfg_get.group.id) or @cfg_get.group.id | ||
+ | # | ||
+ | |||
+ | #!ifdef WITH_PSTN | ||
+ | # PSTN GW Routing | ||
+ | # | ||
+ | # - pstn.gw_ip: valid IP or hostname as string value, example: | ||
+ | # pstn.gw_ip = " | ||
+ | # | ||
+ | # - by default is empty to avoid misrouting | ||
+ | pstn.gw_ip = "" | ||
+ | #!endif | ||
+ | |||
+ | |||
+ | ####### Modules Section ######## | ||
+ | |||
+ | # set paths to location of modules | ||
+ | #!ifdef LOCAL_TEST_RUN | ||
+ | mpath=" | ||
+ | #!else | ||
+ | mpath="/ | ||
+ | #!endif | ||
+ | |||
+ | #!ifdef WITH_MYSQL | ||
+ | loadmodule " | ||
+ | #!endif | ||
+ | |||
+ | loadmodule " | ||
+ | loadmodule " | ||
+ | loadmodule " | ||
+ | loadmodule " | ||
+ | loadmodule " | ||
+ | loadmodule " | ||
+ | loadmodule " | ||
+ | loadmodule " | ||
+ | loadmodule " | ||
+ | loadmodule " | ||
+ | loadmodule " | ||
+ | loadmodule " | ||
+ | loadmodule " | ||
+ | loadmodule " | ||
+ | loadmodule " | ||
+ | loadmodule " | ||
+ | loadmodule " | ||
+ | |||
+ | #!ifdef WITH_AUTH | ||
+ | loadmodule " | ||
+ | loadmodule " | ||
+ | #!ifdef WITH_IPAUTH | ||
+ | loadmodule " | ||
+ | #!endif | ||
+ | #!endif | ||
+ | |||
+ | #!ifdef WITH_ALIASDB | ||
+ | loadmodule " | ||
+ | #!endif | ||
+ | |||
+ | #!ifdef WITH_MULTIDOMAIN | ||
+ | loadmodule " | ||
+ | #!endif | ||
+ | |||
+ | #!ifdef WITH_PRESENCE | ||
+ | loadmodule " | ||
+ | loadmodule " | ||
+ | #!endif | ||
+ | |||
+ | #!ifdef WITH_NAT | ||
+ | loadmodule " | ||
+ | loadmodule " | ||
+ | #!endif | ||
+ | |||
+ | #!ifdef WITH_TLS | ||
+ | loadmodule " | ||
+ | #!endif | ||
+ | |||
+ | #!ifdef WITH_ANTIFLOOD | ||
+ | loadmodule " | ||
+ | loadmodule " | ||
+ | #!endif | ||
+ | |||
+ | #!ifdef WITH_XCAPSRV | ||
+ | loadmodule " | ||
+ | loadmodule " | ||
+ | #!endif | ||
+ | |||
+ | # ----------------- setting module-specific parameters --------------- | ||
+ | |||
+ | |||
+ | # ----- mi_fifo params ----- | ||
+ | modparam(" | ||
+ | |||
+ | |||
+ | # ----- tm params ----- | ||
+ | # auto-discard branches from previous serial forking leg | ||
+ | modparam(" | ||
+ | # default retransmission timeout: 30sec | ||
+ | modparam(" | ||
+ | # default invite retransmission timeout after 1xx: 120sec | ||
+ | modparam(" | ||
+ | |||
+ | |||
+ | # ----- rr params ----- | ||
+ | # add value to ;lr param to cope with most of the UAs | ||
+ | modparam(" | ||
+ | # do not append from tag to the RR (no need for this script) | ||
+ | modparam(" | ||
+ | |||
+ | |||
+ | # ----- registrar params ----- | ||
+ | modparam(" | ||
+ | /* uncomment the next line to disable parallel forking via location */ | ||
+ | # modparam(" | ||
+ | /* uncomment the next line not to allow more than 10 contacts per AOR */ | ||
+ | # | ||
+ | |||
+ | |||
+ | # ----- acc params ----- | ||
+ | /* what special events should be accounted ? */ | ||
+ | modparam(" | ||
+ | modparam(" | ||
+ | modparam(" | ||
+ | /* by default ww do not adjust the direct of the sequential requests. | ||
+ | if you enable this parameter, be sure the enable " | ||
+ | in " | ||
+ | modparam(" | ||
+ | /* account triggers (flags) */ | ||
+ | modparam(" | ||
+ | modparam(" | ||
+ | modparam(" | ||
+ | " | ||
+ | modparam(" | ||
+ | /* enhanced DB accounting */ | ||
+ | #!ifdef WITH_ACCDB | ||
+ | modparam(" | ||
+ | modparam(" | ||
+ | modparam(" | ||
+ | modparam(" | ||
+ | " | ||
+ | #!endif | ||
+ | |||
+ | |||
+ | # ----- usrloc params ----- | ||
+ | /* enable DB persistency for location entries */ | ||
+ | #!ifdef WITH_USRLOCDB | ||
+ | modparam(" | ||
+ | modparam(" | ||
+ | modparam(" | ||
+ | #!endif | ||
+ | |||
+ | |||
+ | # ----- auth_db params ----- | ||
+ | #!ifdef WITH_AUTH | ||
+ | modparam(" | ||
+ | modparam(" | ||
+ | modparam(" | ||
+ | modparam(" | ||
+ | modparam(" | ||
+ | |||
+ | # ----- permissions params ----- | ||
+ | #!ifdef WITH_IPAUTH | ||
+ | modparam(" | ||
+ | modparam(" | ||
+ | #!endif | ||
+ | |||
+ | #!endif | ||
+ | |||
+ | |||
+ | # ----- alias_db params ----- | ||
+ | #!ifdef WITH_ALIASDB | ||
+ | modparam(" | ||
+ | modparam(" | ||
+ | #!endif | ||
+ | |||
+ | |||
+ | # ----- domain params ----- | ||
+ | #!ifdef WITH_MULTIDOMAIN | ||
+ | modparam(" | ||
+ | # use caching | ||
+ | modparam(" | ||
+ | # register callback to match myself condition with domains list | ||
+ | modparam(" | ||
+ | #!endif | ||
+ | |||
+ | |||
+ | #!ifdef WITH_PRESENCE | ||
+ | # ----- presence params ----- | ||
+ | modparam(" | ||
+ | modparam(" | ||
+ | modparam(" | ||
+ | |||
+ | # ----- presence_xml params ----- | ||
+ | modparam(" | ||
+ | modparam(" | ||
+ | modparam(" | ||
+ | #!endif | ||
+ | |||
+ | |||
+ | #!ifdef WITH_NAT | ||
+ | # ----- rtpproxy params ----- | ||
+ | modparam(" | ||
+ | |||
+ | # ----- nathelper params ----- | ||
+ | modparam(" | ||
+ | modparam(" | ||
+ | modparam(" | ||
+ | modparam(" | ||
+ | |||
+ | # params needed for NAT traversal in other modules | ||
+ | modparam(" | ||
+ | modparam(" | ||
+ | #!endif | ||
+ | |||
+ | |||
+ | #!ifdef WITH_TLS | ||
+ | # ----- tls params ----- | ||
+ | modparam(" | ||
+ | #!endif | ||
+ | |||
+ | #!ifdef WITH_ANTIFLOOD | ||
+ | # ----- pike params ----- | ||
+ | modparam(" | ||
+ | modparam(" | ||
+ | modparam(" | ||
+ | |||
+ | # ----- htable params ----- | ||
+ | # ip ban htable with autoexpire after 5 minutes | ||
+ | modparam(" | ||
+ | #!endif | ||
+ | |||
+ | #!ifdef WITH_XCAPSRV | ||
+ | # ----- xcap_server params ----- | ||
+ | modparam(" | ||
+ | #!endif | ||
+ | |||
+ | ####### Routing Logic ######## | ||
+ | |||
+ | |||
+ | # Main SIP request routing logic | ||
+ | # - processing of any incoming SIP request starts with this route | ||
+ | route { | ||
+ | |||
+ | # per request initial checks | ||
+ | route(REQINIT); | ||
+ | |||
+ | # NAT detection | ||
+ | route(NAT); | ||
+ | |||
+ | # handle requests within SIP dialogs | ||
+ | route(WITHINDLG); | ||
+ | |||
+ | ### only initial requests (no To tag) | ||
+ | |||
+ | # CANCEL processing | ||
+ | if (is_method(" | ||
+ | { | ||
+ | if (t_check_trans()) | ||
+ | t_relay(); | ||
+ | exit; | ||
+ | } | ||
+ | |||
+ | t_check_trans(); | ||
+ | |||
+ | # authentication | ||
+ | route(AUTH); | ||
+ | |||
+ | # record routing for dialog forming requests (in case they are routed) | ||
+ | # - remove preloaded route headers | ||
+ | remove_hf(" | ||
+ | if (is_method(" | ||
+ | record_route(); | ||
+ | |||
+ | # account only INVITEs | ||
+ | if (is_method(" | ||
+ | { | ||
+ | setflag(FLT_ACC); | ||
+ | } | ||
+ | |||
+ | # dispatch requests to foreign domains | ||
+ | route(SIPOUT); | ||
+ | |||
+ | ### requests for my local domains | ||
+ | |||
+ | # handle presence related requests | ||
+ | route(PRESENCE); | ||
+ | |||
+ | # handle registrations | ||
+ | route(REGISTRAR); | ||
+ | |||
+ | if ($rU==$null) | ||
+ | { | ||
+ | # request with no Username in RURI | ||
+ | sl_send_reply(" | ||
+ | exit; | ||
+ | } | ||
+ | |||
+ | # dispatch destinations to PSTN | ||
+ | route(PSTN); | ||
+ | |||
+ | # user location service | ||
+ | route(LOCATION); | ||
+ | |||
+ | route(RELAY); | ||
+ | } | ||
+ | |||
+ | |||
+ | route[RELAY] { | ||
+ | #!ifdef WITH_NAT | ||
+ | if (check_route_param(" | ||
+ | setbflag(FLB_NATB); | ||
+ | } | ||
+ | if (isflagset(FLT_NATS) || isbflagset(FLB_NATB)) { | ||
+ | route(RTPPROXY); | ||
+ | } | ||
+ | #!endif | ||
+ | |||
+ | /* example how to enable some additional event routes */ | ||
+ | if (is_method(" | ||
+ | # | ||
+ | t_on_reply(" | ||
+ | t_on_failure(" | ||
+ | } | ||
+ | |||
+ | if (!t_relay()) { | ||
+ | sl_reply_error(); | ||
+ | } | ||
+ | exit; | ||
+ | } | ||
+ | |||
+ | # Per SIP request initial checks | ||
+ | route[REQINIT] { | ||
+ | #!ifdef WITH_ANTIFLOOD | ||
+ | # flood dection from same IP and traffic ban for a while | ||
+ | # be sure you exclude checking trusted peers, such as pstn gateways | ||
+ | # - local host excluded (e.g., loop to self) | ||
+ | if(src_ip!=myself) | ||
+ | { | ||
+ | if($sht(ipban=> | ||
+ | { | ||
+ | # ip is already blocked | ||
+ | xdbg(" | ||
+ | exit; | ||
+ | } | ||
+ | if (!pike_check_req()) | ||
+ | { | ||
+ | xlog(" | ||
+ | $sht(ipban=> | ||
+ | exit; | ||
+ | } | ||
+ | } | ||
+ | #!endif | ||
+ | |||
+ | if (!mf_process_maxfwd_header(" | ||
+ | sl_send_reply(" | ||
+ | exit; | ||
+ | } | ||
+ | |||
+ | if(!sanity_check(" | ||
+ | { | ||
+ | xlog(" | ||
+ | exit; | ||
+ | } | ||
+ | } | ||
+ | |||
+ | # Handle requests within SIP dialogs | ||
+ | route[WITHINDLG] { | ||
+ | if (has_totag()) { | ||
+ | # sequential request withing a dialog should | ||
+ | # take the path determined by record-routing | ||
+ | if (loose_route()) { | ||
+ | if (is_method(" | ||
+ | setflag(FLT_ACC); | ||
+ | setflag(FLT_ACCFAILED); | ||
+ | } | ||
+ | route(RELAY); | ||
+ | } else { | ||
+ | if (is_method(" | ||
+ | # in-dialog subscribe requests | ||
+ | route(PRESENCE); | ||
+ | exit; | ||
+ | } | ||
+ | if ( is_method(" | ||
+ | if ( t_check_trans() ) { | ||
+ | # no loose-route, | ||
+ | # must be an ACK after a 487 | ||
+ | # or e.g. 404 from upstream server | ||
+ | t_relay(); | ||
+ | exit; | ||
+ | } else { | ||
+ | # ACK without matching transaction ... ignore and discard | ||
+ | exit; | ||
+ | } | ||
+ | } | ||
+ | sl_send_reply(" | ||
+ | } | ||
+ | exit; | ||
+ | } | ||
+ | } | ||
+ | |||
+ | # Handle SIP registrations | ||
+ | route[REGISTRAR] { | ||
+ | if (is_method(" | ||
+ | { | ||
+ | if(isflagset(FLT_NATS)) | ||
+ | { | ||
+ | setbflag(FLB_NATB); | ||
+ | # uncomment next line to do SIP NAT pinging | ||
+ | ## setbflag(FLB_SIPPING); | ||
+ | } | ||
+ | if (!save(" | ||
+ | sl_reply_error(); | ||
+ | |||
+ | exit; | ||
+ | } | ||
+ | } | ||
+ | |||
+ | # USER location service | ||
+ | route[LOCATION] { | ||
+ | |||
+ | #!ifdef WITH_ALIASDB | ||
+ | # search in DB-based aliases | ||
+ | alias_db_lookup(" | ||
+ | #!endif | ||
+ | |||
+ | if (!lookup(" | ||
+ | switch ($rc) { | ||
+ | case -1: | ||
+ | case -3: | ||
+ | t_newtran(); | ||
+ | t_reply(" | ||
+ | exit; | ||
+ | case -2: | ||
+ | sl_send_reply(" | ||
+ | exit; | ||
+ | } | ||
+ | } | ||
+ | |||
+ | # when routing via usrloc, log the missed calls also | ||
+ | if (is_method(" | ||
+ | { | ||
+ | setflag(FLT_ACCMISSED); | ||
+ | } | ||
+ | } | ||
+ | |||
+ | # Presence server route | ||
+ | route[PRESENCE] { | ||
+ | if(!is_method(" | ||
+ | return; | ||
+ | |||
+ | #!ifdef WITH_PRESENCE | ||
+ | if (!t_newtran()) | ||
+ | { | ||
+ | sl_reply_error(); | ||
+ | exit; | ||
+ | }; | ||
+ | |||
+ | if(is_method(" | ||
+ | { | ||
+ | handle_publish(); | ||
+ | t_release(); | ||
+ | } | ||
+ | else | ||
+ | if( is_method(" | ||
+ | { | ||
+ | handle_subscribe(); | ||
+ | t_release(); | ||
+ | } | ||
+ | exit; | ||
+ | #!endif | ||
+ | |||
+ | # if presence enabled, this part will not be executed | ||
+ | if (is_method(" | ||
+ | { | ||
+ | sl_send_reply(" | ||
+ | exit; | ||
+ | } | ||
+ | return; | ||
+ | } | ||
+ | |||
+ | # Authentication route | ||
+ | route[AUTH] { | ||
+ | #!ifdef WITH_AUTH | ||
+ | if (is_method(" | ||
+ | { | ||
+ | # authenticate the REGISTER requests (uncomment to enable auth) | ||
+ | if (!www_authorize(" | ||
+ | { | ||
+ | www_challenge(" | ||
+ | exit; | ||
+ | } | ||
+ | |||
+ | if ($au!=$tU) | ||
+ | { | ||
+ | sl_send_reply(" | ||
+ | exit; | ||
+ | } | ||
+ | } else { | ||
+ | |||
+ | #!ifdef WITH_IPAUTH | ||
+ | if(allow_source_address()) | ||
+ | { | ||
+ | # source IP allowed | ||
+ | return; | ||
+ | } | ||
+ | #!endif | ||
+ | |||
+ | # authenticate if from local subscriber | ||
+ | if (from_uri==myself) | ||
+ | { | ||
+ | if (!proxy_authorize(" | ||
+ | proxy_challenge(" | ||
+ | exit; | ||
+ | } | ||
+ | if (is_method(" | ||
+ | { | ||
+ | if ($au!=$tU) { | ||
+ | sl_send_reply(" | ||
+ | exit; | ||
+ | } | ||
+ | } else { | ||
+ | if ($au!=$fU) { | ||
+ | sl_send_reply(" | ||
+ | exit; | ||
+ | } | ||
+ | } | ||
+ | |||
+ | consume_credentials(); | ||
+ | # caller authenticated | ||
+ | } else { | ||
+ | # caller is not local subscriber, then check if it calls | ||
+ | # a local destination, | ||
+ | if (!uri==myself) | ||
+ | { | ||
+ | sl_send_reply(" | ||
+ | exit; | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | #!endif | ||
+ | return; | ||
+ | } | ||
+ | |||
+ | # Caller NAT detection route | ||
+ | route[NAT] { | ||
+ | #!ifdef WITH_NAT | ||
+ | force_rport(); | ||
+ | if (nat_uac_test(" | ||
+ | if (method==" | ||
+ | fix_nated_register(); | ||
+ | } else { | ||
+ | fix_nated_contact(); | ||
+ | } | ||
+ | setflag(FLT_NATS); | ||
+ | } | ||
+ | #!endif | ||
+ | return; | ||
+ | } | ||
+ | |||
+ | # RTPProxy control | ||
+ | route[RTPPROXY] { | ||
+ | #!ifdef WITH_NAT | ||
+ | if (is_method(" | ||
+ | unforce_rtp_proxy(); | ||
+ | } else if (is_method(" | ||
+ | force_rtp_proxy(); | ||
+ | } | ||
+ | if (!has_totag()) add_rr_param("; | ||
+ | #!endif | ||
+ | return; | ||
+ | } | ||
+ | |||
+ | # Routing to foreign domains | ||
+ | route[SIPOUT] { | ||
+ | if (!uri==myself) | ||
+ | { | ||
+ | append_hf(" | ||
+ | route(RELAY); | ||
+ | } | ||
+ | } | ||
+ | |||
+ | # PSTN GW routing | ||
+ | route[PSTN] { | ||
+ | #!ifdef WITH_PSTN | ||
+ | # check if PSTN GW IP is defined | ||
+ | if (strempty($sel(cfg_get.pstn.gw_ip))) { | ||
+ | xlog(" | ||
+ | return; | ||
+ | } | ||
+ | |||
+ | # route to PSTN dialed numbers starting with ' | ||
+ | # | ||
+ | # - update the condition to match your dialing rules for PSTN routing | ||
+ | if(!($rU=~" | ||
+ | return; | ||
+ | |||
+ | # only local users allowed to call | ||
+ | if(from_uri!=myself) { | ||
+ | sl_send_reply(" | ||
+ | exit; | ||
+ | } | ||
+ | |||
+ | $ru = " | ||
+ | |||
+ | route(RELAY); | ||
+ | exit; | ||
+ | #!endif | ||
+ | |||
+ | return; | ||
+ | } | ||
+ | |||
+ | # Sample branch router | ||
+ | branch_route[BRANCH_ONE] { | ||
+ | xdbg(" | ||
+ | } | ||
+ | |||
+ | # Sample onreply route | ||
+ | onreply_route[REPLY_ONE] { | ||
+ | xdbg(" | ||
+ | #!ifdef WITH_NAT | ||
+ | if ((isflagset(FLT_NATS) || isbflagset(FLB_NATB)) | ||
+ | && | ||
+ | force_rtp_proxy(); | ||
+ | } | ||
+ | if (isbflagset(" | ||
+ | fix_nated_contact(); | ||
+ | } | ||
+ | #!endif | ||
+ | } | ||
+ | |||
+ | # Sample failure route | ||
+ | failure_route[FAIL_ONE] { | ||
+ | #!ifdef WITH_NAT | ||
+ | if (is_method(" | ||
+ | && | ||
+ | unforce_rtp_proxy(); | ||
+ | } | ||
+ | #!endif | ||
+ | |||
+ | if (t_is_canceled()) { | ||
+ | exit; | ||
+ | } | ||
+ | |||
+ | # uncomment the following lines if you want to block client | ||
+ | # redirect based on 3xx replies. | ||
+ | ##if (t_check_status(" | ||
+ | ## | ||
+ | ## exit; | ||
+ | ##} | ||
+ | |||
+ | # uncomment the following lines if you want to redirect the failed | ||
+ | # calls to a different new destination | ||
+ | ##if (t_check_status(" | ||
+ | ## | ||
+ | ## | ||
+ | ## # do not set the missed call flag again | ||
+ | ## | ||
+ | ##} | ||
+ | } | ||
+ | |||
+ | |||
+ | #!ifdef WITH_XCAPSRV | ||
+ | #!define WITH_XHTTPAUTH | ||
+ | event_route[xhttp: | ||
+ | xdbg(" | ||
+ | #!ifdef WITH_XHTTPAUTH | ||
+ | if (!www_authorize(" | ||
+ | { | ||
+ | www_challenge(" | ||
+ | exit; | ||
+ | } | ||
+ | #!endif | ||
+ | if($hu=~" | ||
+ | { | ||
+ | set_reply_close(); | ||
+ | set_reply_no_connect(); | ||
+ | # xcap ops | ||
+ | $xcapuri(u=> | ||
+ | if($xcapuri(u=> | ||
+ | $var(uri) = $xcapuri(u=> | ||
+ | else if($xcapuri(u=> | ||
+ | $var(uri) = " | ||
+ | else | ||
+ | $var(uri) = " | ||
+ | xlog(" | ||
+ | if($xcapuri(u=> | ||
+ | { | ||
+ | $var(xbody) = | ||
+ | "<? | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | </ | ||
+ | < | ||
+ | </ | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | </ | ||
+ | </ | ||
+ | xhttp_reply(" | ||
+ | " | ||
+ | exit; | ||
+ | } | ||
+ | #!ifdef WITH_XHTTPAUTH | ||
+ | # be sure auth user access only its documents | ||
+ | if ($au!=$(var(uri){uri.user})) { | ||
+ | xhttp_reply(" | ||
+ | "< | ||
+ | exit; | ||
+ | } | ||
+ | |||
+ | #!endif | ||
+ | switch($rm) { | ||
+ | case " | ||
+ | xcaps_put(" | ||
+ | if($xcapuri(u=> | ||
+ | { | ||
+ | xlog(" | ||
+ | pres_update_watchers(" | ||
+ | pres_refresh_watchers(" | ||
+ | } | ||
+ | exit; | ||
+ | break; | ||
+ | case " | ||
+ | xlog(" | ||
+ | xcaps_get(" | ||
+ | exit; | ||
+ | break; | ||
+ | case " | ||
+ | xcaps_del(" | ||
+ | if($xcapuri(u=> | ||
+ | { | ||
+ | xlog(" | ||
+ | pres_update_watchers(" | ||
+ | pres_refresh_watchers(" | ||
+ | } | ||
+ | exit; | ||
+ | break; | ||
+ | } | ||
+ | } | ||
+ | |||
+ | # http ops | ||
+ | xhttp_reply(" | ||
+ | "< | ||
+ | exit; | ||
+ | } | ||
+ | #!endif | ||
+ | </ | ||
+ | |||
+ | Remember that any change in configuration file requires to restart Kamailio SIP server, therefore be sure you do it after replacing the config file with above content. | ||
+ | |||
+ | ==== Config Remarks ==== | ||
+ | |||
+ | * config file is based on default config file coming with 3.1.0 at this time, you can easily do a diff with stock default config to see the changes | ||
+ | * SIMPLE presence features are enabled by #!define WITH_PRESENCE - in addition, user authentication and persistent user location were enabled using as backend a MySQL server | ||
+ | * xcap server features are enabled by #!define WITH_XCAPSRV - just search for WITH_XCAPSRV token to discover the parts related to xcap server functionality | ||
+ | |||
+ | Regarding the XCAP server configuration, | ||
+ | |||
+ | Besides using the **xhttp** and **xcap_server** modules in your config, another important setting is | ||
+ | |||
+ | <code c> | ||
+ | tcp_accept_no_cl=yes | ||
+ | </ | ||
+ | |||
+ | Without it Kamailio is rejecting requests without content-lenght (a requirement in SIP over TCP but optional in HTTP). | ||
+ | |||
+ | A big chunk of XCAP's **event_route** is building the reply for XCAP capabilities query (**xcap-caps**): | ||
+ | |||
+ | ===== SIP Communicator Installation ===== | ||
+ | |||
+ | You can download latest version for your OS at: | ||
+ | * http:// | ||
+ | |||
+ | Configuration is easy via GUI. Starting SIP Communicator without a SIP account setup and no registration will indicate the state ' | ||
+ | |||
+ | {{ http:// | ||
+ | |||
+ | Select "Add a new account" | ||
+ | |||
+ | {{ http:// | ||
+ | |||
+ | Click on " | ||
+ | |||
+ | {{ http:// | ||
+ | |||
+ | Click next to see the summary of configuration and then sign in. | ||
+ | |||
+ | {{ http:// | ||
+ | |||
+ | After signing in, you can notice the status changed to ' | ||
+ | |||
+ | {{ http:// | ||
+ | |||
+ | Now you can add contacts (you can right-click on buddy list panel). Select the SIP account for that contact, then choose the group and set the SIP ID. | ||
+ | |||
+ | {{ http:// | ||
+ | |||
+ | The new contact will appear offline until it will add you in its contact list (specific to this particular version of SIP Communicator). | ||
+ | |||
+ | {{ http:// | ||
+ | |||
+ | Use a second SIP Communicator instance to setup second SIP account, following the steps above and add first account as contact. You can see in next image Alice on left, with Mac OS X, and Bob on right, with Ubuntu. When both instances are setup, each will see the other being ' | ||
+ | |||
+ | {{ http:// | ||
+ | |||
+ | As soon as you change the state in one SIP Communicator instance, it will become visible on the other instance. In next image, Bob sets the status to ' | ||
+ | |||
+ | {{ http:// | ||
+ | |||
+ | ===== Updates in Kamailio DB ===== | ||
+ | |||
+ | Several screenshots taken with SIREMIS show what was stored in Kamailio database. With Siremis 2.0, ' | ||
+ | |||
+ | The Wachers list is showing who is watching who - what users subscribed to presence states of other users. | ||
+ | |||
+ | {{ http:// | ||
+ | |||
+ | The Active Watchers list shows who has an active subscription - it is online, waiting for presence status notifications coming from its contacts. | ||
+ | |||
+ | {{ http:// | ||
+ | |||
+ | In Presentity list you can view what users published states. In this case, Alice published that she is online. | ||
+ | |||
+ | {{ http:// | ||
+ | |||
+ | XCAP list allow access to XCAP documents stored by users on XCAP server. There are two kind of documents in this case: presence rules and resource lists (contact lists). | ||
+ | |||
+ | {{ http:// | ||
+ | |||
+ | A detailed look at resource-lists document for user Alice shows that she has Bob in her contact list. | ||
+ | |||
+ | {{ http:// | ||
+ | |||
+ | A detailed look at pres-rules document for user Alice shows that she has allowed Bob to see her presence status. | ||
+ | |||
+ | {{ http:// | ||
+ | |||
+ | ===== Additional Tools ===== | ||
+ | |||
+ | There are more SIP clients implementing SIMPLE Presence extensions than XCAP support. The option is to either offer a web management interface where users can accept people willing to see their status. Also, Kamailio presence module can accept new watchers globally via ' | ||
+ | |||
+ | Besides these two options, an alternative is to use command line tools. A very handy is **curl**, an application which is very portable and spread across distributions. | ||
+ | |||
+ | For example, fetching the buddy list for user Alice: | ||
+ | |||
+ | < | ||
+ | # curl --digest -u alice: | ||
+ | | ||
+ | |||
+ | <?xml version=" | ||
+ | < | ||
+ | <list name=" | ||
+ | <entry uri=" | ||
+ | < | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | You can save the result in a file, say buddylist.xml, | ||
+ | |||
+ | < | ||
+ | # curl --digest -u alice: | ||
+ | | ||
+ | </ | ||
+ | |||
+ | Deleting the buddy list document from XCAP server can be done with: | ||
+ | |||
+ | < | ||
+ | # curl --digest -u alice: | ||
+ | | ||
+ | </ | ||
+ | |||
+ | Similar operations can be done over presence rules document, by using the proper URL: | ||
+ | |||
+ | < | ||
+ | # curl --digest -u alice: | ||
+ | | ||
+ | |||
+ | <?xml version=" | ||
+ | <ruleset xmlns=" | ||
+ | <rule id=" | ||
+ | < | ||
+ | < | ||
+ | <one id=" | ||
+ | </ | ||
+ | </ | ||
+ | < | ||
+ | < | ||
+ | </ | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | </ | ||
+ | < | ||
+ | < | ||
+ | </ | ||
+ | < | ||
+ | < | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | ===== Conclusions ===== | ||
+ | |||
+ | * turning Kamailio in an XCAP server is only a matter of configuration (less than 100 lines of configuration, | ||
+ | * handling XCAP over either HTTP, HTTPS or SIP is trivial, it is your choice. It is **no need** for a dedicated HTTP server. | ||
+ | * presence server and xcap server are now in the same application instance, therefore tightly integrated | ||
+ | * Kamailio can be used as a standalone XCAP server without problems, allowing other SIP servers to use it in this scope | ||
+ | * you can configure Kamailio to listen on port 80 (or 443) just by adding **port=80** in the configuration file | ||