- Features
- RFC3261 compliant
- Customisable and Felxible – Modular Architecture
- Call routing and control
- NAT traversal
- Data store integration
- Transport Layers supported
- Asynchronous TCP, UDP and SCTP
- Secure Communication ( TLS + AAA)
- IP and DNS
- Accounting
- External Integration
- Rich Communication Services ( RCS)
- Kamailio (OpenSER) SIP Server v4.3- default configuration script
- debug
- authentication
- persistent user location
- presence
- nat traversal
- RTPProxy
- PSTN gateway
- Block 3XX redirect repliest
- Database aliases lookup
- speed dial
- multi-domain support
- XMLRPC
- anti-flood detection
- Routing Logic
- WITHINDLG
- LOCATION
- PRESENCE
- AUTH
- NATDETECT
- NATMANAGE
- DLGURI
- SIPOUT
- PSTN
- XMLRPC
- TOVOICEMAIL
- MANAGE_BRANCH
- MANAGE_REPLY
- MANAGE_FAILURE
- kamctl
- kamdbctl
- Kamctlrc
- Kamailio.cfg
- kamcmd
- siremis
Kamailio™ (former OpenSER) is an Open Source SIP Server released under GPL.
Kamailio primarily acts as a SIP server for VOIP and telecommunications platforms under various roles and can handle load of hight CPS ( Calls per second ) with custom call routing logic with the help of scripts.
Rich features set suiting to telephony domain that includes IMS extensions for VoLTE; ENUM; DID and least cost routing; load balancing; routing fail-over; Json and XMLRPC control interface, SNMP monitoring.
To integrate with a carrier grade telecom network as SBC / gateway / inbound/outbound proxy , it can act as IPv4-IPv6 gateway , UDP/TCP/SCTP/WS translator and even had NAT and anti DOS attack support .
Features
If Kamailio is the central to the VoIP system it can also perform accounting with rich database extensions Mysql PostgreSQL UnixODBC Berkeley DB Oracle Redis, MongoDB Cassandra etc
- Kamailio is SIP (RFC3261) compliant
It can work as Registrar or Location server. For SIP call logic it can become a Proxy or SIP Application server. Can also act like a Redirect, Dispatcher or simply a SIP over websocket server.
- Customisable and Felxible
It can be embedded to devices as the binary file is small size. Additional modules can be appended for more functions with the same core.
Modular architecture – core, internal libraries , module interface and ability to extend functionality with scripts such as LUA, Kamailio can be readily integrated to a VOIP ecosystem.
Kamailio Architecture , Core and Modules.
- Call routing and control with Scripting and programming
Offers stateless and transactional stateful SIP Proxy processing ( suited for inbound gateways ) and serial and parallel forking.
Kamailio Transaction management describes branches, serial and paralle forking and TM module.
Also NAT traversal support for SIP and RTP traffic ( suited to be WebRTC server ) . Read more about kamailio DNS subsystem management , load balancing , NAT and NAThelper modules in Kamailio DNS and NAT.
Kamailio as a WebRTC SIP Server with mdules websocket , TLS , NATHelper and JSSIP integration.
Among other features it offers load balancing with many distribution algorithms and failover support, flexible least cost routing , routing failover and replication for High Availability (HA).
Can be readily integrated with external databases, caches, notification system ( SNS , APNS , GCM ), VoIP monitors, CDR processors, API systems etc for efficient call processing.
- Transport Layers supported
- UDP, TCP, TLS and SCTP
- IPv4 and IPv6
- gateways via (IPv4 to IPv6, UDP to TLS, a.s.o.)
- SCTP multi-homing and multi-streaming
- WebSocket for WebRTC
- Asynchronous TCP, UDP and SCTP
Asynchronous SIP message processing and inter-process message queues communication system
- Secure Communication ( TLS + AAA)
- Digest SIP User authentication
- Authorization via ACL or group membership
- IP and Network authentication
- TLS support for SIP signaling
- transparent handling of SRTP for secure audio
- TLS domain name extension support
- authentication and authorization against database (MySQL, PostgreSQL, UnixODBC, BerkeleyDB, Oracle, text files), RADIUS and DIAMETER
Kamailio Security here for snaity, ACL permission , firewall , flood detection , topology hiding and digests.
- IP and DNS
- support for SRV and NAPTR DNS lookups
- SRV DNS failover
- DNSsec support
- ENUM support
- internal DNS caching system – avoid DNS blocking
- IP level Blacklists
- multi-homed and multi-domain support
- topology hiding – hide IP addresses in SIP headers to protect your network architecture
- Accounting
Kamailio gives event based and configurable accounting data details. Can show multi-leg call accounting ( A leg to B leg ). It can store to database, Radius or Diameter based on module used . Has a prepaid engine.
- External Interaction
text-based management interface via FIFO file, udp, xmlrpc and unix sockets.
RPC control interface – via XMLRPC, UDP or TCP
- Rich Communication Services (RCS)
- SIP SIMPLE Presence Server (rich presence)
- Presence User Agent ( SUBSCRIBE , NOTIFY and PUBLSH)
- XCAP client capabilities and Embedded XCAP Server
- Presence DialogInfo support – SLA/BLA
- Instant Messaging ( IM)
- Embedded MSRP relay
- Monitoring and Troubleshooting
Support for SNMP – interface to Simple Network Management Protocol. For Debugging it has config debugger , remote control via XMLRPC and error message logging system .Provides internal statistics exported via RPC and SNMP.
- Extensibility APIs
The supported one are Perl , Java SIP Servlet Application Interface , Lua , Managed Code (C#) , Python.
Lua Scripts for kamailio Routing – KEMI interpreter , function , routing logic, PV variables
- Multiple Database Backends
(MySQL, PostgreSQL, SQLite, UnixODBC, BerkeleyDB, Oracle, text files) and other database types which have unixodbc drivers. ‘
It can have connections pool and different backends be used at same time (e.g., accounting to Oracle and authorization against MySQL).
Has connectors for Memcached, Redis , MongoDB and Cassandra no-SQL backends
- Interconnectivity
Acts as SIP to PSTN gateway and gateway to sms or xmpp and other IM services. Has Interoperability with SIP enabled devices and applications such as SIP phones (Snom, Cisco, etc.), Media Servers (Asterisk, FreeSwitch, etc). More details on Kamailio as Inbound/Outbound proxy or Session Border Controller (SBC) here
- IMS
- diameter support and authentication
- I-CSCF, P-CSCF, S-CSCF
- charging, QOS, ISC
- Miscellaneous
- CPL – Call Processing Language (RFC3880)
- Internal generic caching system
- Memcached connector
- Redis NoSQL database connector
- CLI – kamctl and sercmd
- Web Management Interface: Siremis
- SIP-T and SIP-I
- music on hold queue
- message body compression/decompression (gzip-deflate)
- Extensive documentation for both administrators and developers
Scalability with Kamailio system
- Kamailio can run on embedded systems, with limited resources – the performances can be up to hundreds of call setups per second
- used as load balancer in stateless mode, Kamailio can handle over 5000 call setups per second
- on systems with 4GB memory, Kamailio can serve a population over 300 000 online subscribers
- system can easily scale by adding more Kamailio servers
- Kamailio can be used in geographic distributed VoIP platforms
- Kamailio least-cost-routing scales up to millions of routing rules
- straightforward failover and redundancy
Start Kamalio
service kamailo start
Kamaiio Logs tailing
tail -f /var/log/kamailio
To Check if Kamailio instance is running
>ps -ax | grep “kamailio”
57411 ? S 0:01 /usr/sbin/kamailio -f /etc/kamailio/kamailio.cfg -P /var/run/kamailio/kamailio.pid -m 4096 -M 128 -u root -g root
Read RTP engine on kamailio SIP server which focuses on setting up sipwise rtpegine to proxy rtp traffic from kamailio app server. Also daemon and kernal modules. ,transcoding , in-kernel packet forwarding , ngcontrol protocol etc.
Installation and Configuration
Installing kamailio from git repo
clone kamailio from their github https://github.com/kamailio/kamailio
goto desired branch. The contents of clonned folder are
COPYING ChangeLog INSTALL ISSUES Makefile README README.md doc etc misc pkg test utils
run ‘make cfg’ which compiles using gcc abd created ‘src’ folder with contents
make cfg
Makefile Makefile.defs Makefile.groups Makefile.modules Makefile.rules Makefile.sources Makefile.utils core main.c modules.lst Makefile.cfg Makefile.dirs Makefile.libs Makefile.radius Makefile.shared Makefile.targets config.mak lib modules
Edit modules.lst to enable db_mysql and dialplan module
vim src/modules.lst
//the list of extra modules to compile include_modules= db_mysql
Use ‘make’ command followed by make all. Make sure to have gcc bison and flex installed
make cfg make all
Alternativey on debian system , use readymade measures like
apt install mysql-server apt install kamailio kamailio-mysql-modules
To validate and verify the location of kamillio use ‘which kamailio’ which returns /usr/sbin/kamailio
For Modules installation, check all avaible modules with command ‘apt search kamailio’and to install a new module such as websockt module use ‘apt install kamailio-websocket-modules’
Database access : After installaing kamailio , edit the kamailio.cfg file in /etc/kamailio to set the reachabe SIP domain, database engine, username/password etc to connect to databaseand enable the kamdbctl script to run and create users and tables, etc.
SIP_DOMAIN=kamailio.org
SIP_DOMAIN=17.3.4.5
chrooted directory
$CHROOT_DIR=”/path/to/chrooted/directory”
database type: MYSQL, PGSQL, ORACLE, DB_BERKELEY, DBTEXT, or SQLITE by default none is loaded
DBENGINE=MYSQL
Run kamdbctl to create users and database now
kamdbctl create
the database created is name kamailio and its tables are
+---------------------+ | Tables_in_kamailio | +---------------------+ | acc | | acc_cdrs | | active_watchers | | address | | aliases | | carrier_name | | carrierfailureroute | | carrierroute | | cpl | | dbaliases | | dialog | | dialog_vars | | dialplan | | dispatcher | | domain | | domain_attrs | | domain_name | | domainpolicy | | globalblacklist | | grp | | htable | | imc_members | | imc_rooms | | lcr_gw | | lcr_rule | | lcr_rule_target | | location | | location_attrs | | missed_calls | | mohqcalls | | mohqueues | | mtree | | mtrees | | pdt | | pl_pipes | | presentity | | pua | | purplemap | | re_grp | | rls_presentity | | rls_watchers | | rtpproxy | | sca_subscriptions | | silo | | sip_trace | | speed_dial | | subscriber | | trusted | | uacreg | | uid_credentials | | uid_domain | | uid_domain_attrs | | uid_global_attrs | | uid_uri | | uid_uri_attrs | | uid_user_attrs | | uri | | userblacklist | | usr_preferences | | version | | watchers | | xcap | +---------------------+
Kamctlrc
The Kamailio configuration file for the control tools. Can set variables used in the kamctl and kamdbctl setup scripts. Per default all variables here are commented out, the control tools will use their internal default values. This file lets to edit SIP domain, the database engine, username/password/ to connect to database, etc.
## your SIP domain SIP_DOMAIN=1.1.1.1
## chrooted directory # $CHROOT_DIR="/path/to/chrooted/directory" ## database type: MYSQL, PGSQL, ORACLE, DB_BERKELEY, DBTEXT, or SQLITE # by default none is loaded
# If you want to setup a database with kamdbctl, you must at least specify this parameter.
DBENGINE=MYSQL ## database host # DBHOST=localhost # DBPORT=3306 ## database name (for ORACLE this is TNS name) # DBNAME=kamailio # database path used by dbtext, db_berkeley or sqlite # DB_PATH="/usr/local/etc/kamailio/dbtext"
database read/write user # DBRWUSER="kamailio" ## password for database read/write user # DBRWPW="kamailiorw"
database read only user
# DBROUSER="kamailioro" ## password for database read only user # DBROPW="kamailioro" ## database access host (from where is kamctl used) # DBACCESSHOST=192.168.0.1
database super user (for ORACLE this is ‘scheme-creator’ user)
# DBROOTUSER="root" ## password for database super user ## - important: this is insecure, targeting the use only for automatic testing ## - known to work for: mysql # DBROOTPW="dbrootpw" ## database character set (used by MySQL when creating database) #CHARSET="latin1" ## user name column # USERCOL="username" # SQL definitions # If you change this definitions here, then you must change them # in db/schema/entities.xml too.
# FIXME # FOREVER="2030-05-28 21:32:15" # DEFAULT_Q="1.0" # Program to calculate a message-digest fingerprint # MD5="md5sum" # awk tool # AWK="awk" # gdb tool # GDB="gdb" # If you use a system with a grep and egrep that is not 100% gnu grep compatible, # e.g. solaris, install the gnu grep (ggrep) and specify this below. grep tool # GREP="grep" # egrep tool # EGREP="egrep" # sed tool # SED="sed" # tail tool # LAST_LINE="tail -n 1" # expr tool # EXPR="expr"
Describe what additional tables to install. Valid values for the variables below are yes/no/ask. With ask (default) it will interactively ask the user for an answer, while yes/no allow for automated, unassisted installs.
#If to install tables for the modules in the EXTRA_MODULES variable.
# INSTALL_EXTRA_TABLES=ask # If to install presence related tables. # INSTALL_PRESENCE_TABLES=ask # If to install uid modules related tables. # INSTALL_DBUID_TABLES=ask
Define what module tables should be installed.
If you use the postgres database and want to change the installed tables, then you must also adjust the STANDARD_TABLES or EXTRA_TABLES variable accordingly in the kamdbctl.base script.
standard modules
# STANDARD_MODULES=" standard acc lcr domain group permissions registrar usrloc msilo alias_db uri_db speeddial avpops auth_db pdt dialog dispatcher dialplan"
extra modules
# EXTRA_MODULES="imc cpl siptrace domainpolicy carrierroute userblacklist htable purple sca" type of aliases used: DB - database aliases; UL - usrloc aliases - default: none , ALIASES_TYPE="DB" control engine: RPCFIFO - default RPCFIFO CTLENGINE="RPCFIFO" ## path to FIFO file for engine RPCFIFO # RPCFIFOPATH="/var/run/kamailio/kamailio_rpc_fifo" ## check ACL names; default on (1); off (0) # VERIFY_ACL=1 ## ACL names-if VERIFY_ACL is set,only the ACL names from below list are accepted # ACL_GROUPS="local ld int voicemail free-pstn" ## check if user exists (used by some commands such as acl); ## - default on (1); off (0) # VERIFY_USER=1 ## verbose - debug purposes - default '0' # VERBOSE=1 ## do (1) or don't (0) store plaintext passwords ## in the subscriber table - default '1' # STORE_PLAINTEXT_PW=0
Kamailio START Options
PID file path – default is: /var/run/kamailio/kamailio.pid
# PID_FILE=/var/run/kamailio/kamailio.pid
Extra start options – default is: not set
# example: start Kamailio with 64MB share memory: STARTOPTIONS="-m 64" # STARTOPTIONS=
Kamailio.cfg
config files are used to customize and deploy SIP services since each and every SIP packet is route based on policies specified in conf file ( routing blocks ). Location when installed from source – /usr/local/etc/kamailio/kamailio.cfg , when installed from package – /etc/kamailio/kamailio.cfg
The features in config file :-
- User authentication
Kamailio doesn’t have user authentication by default , so to enable it one must
#!define WITH_MYSQL #!define WITH_AUTH
kamdbctl tool is to be used for creating and managing the database.
kamdbctl create
Kamctl is used for adding subscriber information and password.
kamctl add altanai1 123 mysql: [Warning] Using a password on the command line interface can be insecure. MySQL password for user 'kamailio@localhost': mysql: [Warning] Using a password on the command line interface can be insecure. new user 'altanai1' added
More details in Tools section below .
- IP authorization
- accounting
- registrar and location servicesTo have persisant location enabled so that records are not lost once kamailio are restarted , we need to save it to database and reload when restarting
#!define WITH_USRLOCDB
- attacks detection and blocking (anti-flood protection)
- NAT traversal
requires RTP proxy for RTP relay. NAT traversal support can be set by
#!define WITH_NAT
- short dialing on server
- multiple identities (aliases) for subscribers
- multi-domain support
- routing to a PSTN gateway
- routing to a voicemail server
- TLS encryption
- instant messaging (pager mode with MESSAGE requests)
- presence services
Kamailio (OpenSER) SIP Server v4.3- default configuration script
Several features can be enabled using ‘#!define WITH_FEATURE’ directives:
debugger params
define WITH_DEBUG
...
#!ifdef WITH_DEBUGs
modparam("debugger", "cfgtrace", 1)
#!endif
To run in debug mode:
#!ifdef WITH_DEBUG debug=4 log_stderror=yes #!else debug=2 log_stderror=no #!endif memdbg=5 memlog=5 log_facility=LOG_LOCAL0 fork=yes children=4
To enable mysql:
define WITH_MYSQL ... #!ifdef WITH_MYSQL loadmodule "db_mysql.so" #!endif
To enable authentication :
enable mysql define WITH_AUTH
To enable IP authentication execute: enable mysql , enable authentication , define WITH_IPAUTH and add IP addresses with group id ‘1’ to ‘address’ table.
To enable persistent user location :
enable mysql define WITH_USRLOCDB
To enable presence server :
enable mysql define WITH_PRESENCE
To enable nat traversal :
define WITH_NAT
RTPProxy
Install RTPProxy: http://www.rtpproxy.org
start RTPProxy:
rtpproxy -l your_public_ip -s udp:localhost:7722
option for NAT SIP OPTIONS keepalives: WITH_NATSIPPING
PSTN gateway
To enable PSTN gateway routing :
define WITH_PSTN
set the value of pstn.gw_ip
check route[PSTN] for regexp routing condition.
#!ifdef WITH_PSTN
pstn.gw_ip = "" desc "PSTN GW Address"
pstn.gw_port = "" desc "PSTN GW Port"
#!endif
Database aliases lookup
To enable database aliases lookup :
enable mysql define WITH_ALIASDB
To enable speed dial lookup execute:
enable mysql define WITH_SPEEDDIAL
To enable multi-domain support execute:
enable mysql define WITH_MULTIDOMAIN ... #!ifdef WITH_MULTIDOMAIN# - the value for 'use_domain' parameter #!define MULTIDOMAIN 1 #!else #!define MULTIDOMAIN 0 #!endif
To enable TLS support execute:
adjust CFGDIR/tls.cfg as needed define WITH_TLS
To enable XMLRPC support :
define WITH_XMLRPC
adjust route[XMLRPC] for access policy
To enable anti-flood detection execute:
adjust pike and htable=>ipban settings as needed (default is block if more than 16 requests in 2 seconds and ban for 300 seconds)
define WITH_ANTIFLOOD
...
route[REQINIT] {
#!ifdef WITH_ANTIFLOOD
# flood detection from same IP and traffic ban
if(src_ip!=myself) {
if($sht(ipban=>$si)!=$null) {
# ip is already blocked
xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)\n");
exit;
}
if (!pike_check_req()) {
xlog("L_ALERT","ALERT: pike blocking $rm from $fu (IP:$si:$sp)\n");
$sht(ipban=>$si) = 1;
exit;
}
}
if($ua =~ "friendly-scanner") {
sl_send_reply("200", "OK");
exit;
}
#!endif
..
}
To block 3XX redirect replies execute:
define WITH_BLOCK3XX
To enable VoiceMail routing :
define WITH_VOICEMAIL
set the value of voicemail.srv_ip and adjust the value of voicemail.srv_port
ifdef WITH_VOICEMAIL # VoiceMail Routing on offline, busy or no answer # - by default Voicemail server IP is empty to avoid misrouting voicemail.srv_ip = "" desc "VoiceMail IP Address" voicemail.srv_port = "5060" desc "VoiceMail Port" #!endif
To enhance accounting execute:
enable mysql define WITH_ACCDB
add following columns to database
define WITH_MYSQL define WITH_AUTH define WITH_USRLOCDB #!ifdef ACCDB_COMMENT ALTER TABLE acc ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT ''; ALTER TABLE acc ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT ''; ALTER TABLE acc ADD COLUMN src_ip varchar(64) NOT NULL default ''; ALTER TABLE acc ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT ''; ALTER TABLE acc ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT ''; ALTER TABLE acc ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT ''; ALTER TABLE missed_calls ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT ''; ALTER TABLE missed_calls ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT ''; ALTER TABLE missed_calls ADD COLUMN src_ip varchar(64) NOT NULL default ''; ALTER TABLE missed_calls ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT ''; ALTER TABLE missed_calls ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT ''; ALTER TABLE missed_calls ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT ''; #!endif
enhanced DB accounting
#!ifdef WITH_ACCDB
modparam("acc", "db_flag", FLT_ACC)
modparam("acc", "db_missed_flag", FLT_ACCMISSED)
modparam("acc", "db_url", DBURL)
modparam("acc", "db_extra",
"src_user=$fU;src_domain=$fd;src_ip=$si;"
"dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
#!endif
Include Local Config If Exists
import_file “kamailio-local.cfg”
Value defines – IDs used later in config #!ifdef WITH_MYSQL # – database URL – used to connect to database server by modules such # as: auth_db, acc, usrloc, a.s.o.
#!ifndef DBURL #!define DBURL "mysql://kamailio:kamailiorw@localhost/kamailio" #!define DBURL "mysql://kamailio:kamailiorw@localhost/kamailio" # !endif # FLT_ - per transaction (message) flags # FLB_ - per branch flags #!define FLT_ACC 1 #!define FLT_ACCMISSED 2 #!define FLT_ACCFAILED 3 #!define FLT_NATS 5 #!define FLB_NATB 6 #!define FLB_NATSIPPING !substdef "!MY_IP_ADDR!!g" #!substdef "!MY_DOMAIN!!g" #!substdef "!MY_WS_PORT!8080!g" #!substdef "!MY_WSS_PORT!4443!g" #!substdef "!MY_WS_ADDR!tcp:MY_IP_ADDR:MY_WS_PORT!g" #!substdef "!MY_WSS_ADDR!tls:MY_IP_ADDR:MY_WSS_PORT!g"</pre> #!define WITH_WEBSOCKETS
disable TCP (default on) #disable_tcp=yes enable_sctp = 0 disable the auto discovery of local aliases based on reverse DNS on IPs (default on) #auto_aliases=no
add local domain aliases
#alias=”sip.mydomain.com”
//port to listen port=5060 #!ifdef WITH_TLS enable_tls=yes #!endif
Life time of TCP connection when there is no traffic – a bit higher than registration expires to cope with UA behind NAT
Modules Section
set paths to location of modules (to sources or installation folders)
#!ifdef WITH_SRCPATH mpath="modules/" #!else mpath="/usr/lib/x86_64-linux-gnu/kamailio/modules/" #!endif
Load modules
loadmodule "mi_fifo.so" loadmodule "kex.so" loadmodule "corex.so" loadmodule "tm.so" loadmodule "tmx.so" loadmodule "sl.so" loadmodule "rr.so" loadmodule "pv.so" loadmodule "maxfwd.so" loadmodule "usrloc.so" loadmodule "registrar.so" loadmodule "textops.so" loadmodule "siputils.so" loadmodule "xlog.so" loadmodule "sanity.so" loadmodule "ctl.so" loadmodule "cfg_rpc.so" loadmodule "mi_rpc.so" loadmodule "acc.so" #!ifdef WITH_AUTH loadmodule "auth.so" loadmodule "auth_db.so" #!ifdef WITH_IPAUTH loadmodule "permissions.so" #!endif #!endif #!ifdef WITH_ALIASDB loadmodule "alias_db.so" #!endif #!ifdef WITH_SPEEDDIAL loadmodule "speeddial.so" #!endif #!ifdef WITH_MULTIDOMAIN loadmodule "domain.so" #!endif #!ifdef WITH_PRESENCE loadmodule "presence.so" loadmodule "presence_xml.so" #!endif #!ifdef WITH_NAT loadmodule "nathelper.so" loadmodule "rtpproxy.so" #!endif #!ifdef WITH_TLS loadmodule "tls.so" #!endif #!ifdef WITH_ANTIFLOOD loadmodule "htable.so" loadmodule "pike.so" #!endif #!ifdef WITH_XMLRPC loadmodule "xmlrpc.so" #!endif #!ifdef WITH_DEBUG loadmodule "debugger.so" #!endif #!ifdef WITH_WEBSOCKETS loadmodule "xhttp.so" #loadmodule "websocket.so" loadmodule "nathelper.so" #!endif
modules params for mi_fifo,ctl, tm and rr
----- mi_fifo params -----
#modparam("mi_fifo", "fifo_name", "/var/run/kamailio/kamailio_fifo")
----- ctl params -----
#modparam("ctl", "binrpc", "unix:/var/run/kamailio/kamailio_ctl")
----- tm params -----
# auto-discard branches from previous serial forking leg
modparam("tm", "failure_reply_mode", 3)
# default retransmission timeout: 30sec
modparam("tm", "fr_timer", 30000)
# default invite retransmission timeout after 1xx: 120sec
modparam("tm", "fr_inv_timer", 120000)
----- rr params -----
# set next param to 1 to add value to ;lr param (helps with some UAs)
modparam("rr", "enable_full_lr", 0)
# do not append from tag to the RR (no need for this script)
modparam("rr", "append_fromtag", 0)
registrar params
modparam("registrar", "method_filtering", 1)
/* uncomment the next line to disable parallel forking via location */
# modparam("registrar", "append_branches", 0)
/* uncomment the next line not to allow more than 10 contacts per AOR */
#modparam("registrar", "max_contacts", 10)
# max value for expires of registrations
modparam("registrar", "max_expires", 3600)
# set it to 1 to enable GRUU
modparam("registrar", "gruu_enabled", 0)
usrloc params – enable DB persistency for location entries
#!ifdef WITH_USRLOCDB
modparam("usrloc", "db_url", DBURL)
modparam("usrloc", "db_mode", 2)
modparam("usrloc", "use_domain", MULTIDOMAIN)
#!endif
auth_db params
#!ifdef WITH_AUTH
modparam("auth_db", "db_url", DBURL)
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")
modparam("auth_db", "load_credentials", "")
modparam("auth_db", "use_domain", MULTIDOMAIN)
#!endif
permissions params
#!ifdef WITH_IPAUTH
modparam("permissions", "db_url", DBURL)
modparam("permissions", "db_mode", 1)
#!endif
alias_db params
#!ifdef WITH_ALIASDB
modparam("alias_db", "db_url", DBURL)
modparam("alias_db", "use_domain", MULTIDOMAIN)
#!endif
speeddial params
#!ifdef WITH_SPEEDDIAL
modparam("speeddial", "db_url", DBURL)
modparam("speeddial", "use_domain", MULTIDOMAIN)
#!endif
domain params
#!ifdef WITH_MULTIDOMAIN
modparam("domain", "db_url", DBURL)
modparam("domain", "register_myself", 1)
#!endif
presence params
#!ifdef WITH_PRESENCE
modparam("presence", "db_url", DBURL)
!endif
presence_xml params
modparam("presence_xml", "db_url", DBURL)
modparam("presence_xml", "force_active", 1)
WITH_NAT
rtpproxy params
modparam("rtpproxy", "rtpproxy_sock", "udp:127.0.0.1:7722")
nathelper params
modparam("nathelper", "natping_interval", 30)
modparam("nathelper", "ping_nated_only", 1)
modparam("nathelper", "sipping_bflag", FLB_NATSIPPING)
modparam("nathelper", "sipping_from", "sip:pinger@kamailio.org")
params needed for NAT traversal in other modules
modparam("nathelper|registrar", "received_avp", "$avp(RECEIVED)")
modparam("usrloc", "nat_bflag", FLB_NATB)
tls params
#!ifdef WITH_TLS
modparam("tls", "config", "/etc/kamailio/tls.cfg")
#!endif
pike params
#!ifdef WITH_ANTIFLOOD
modparam("pike", "sampling_time_unit", 2)
modparam("pike", "reqs_density_per_unit", 16)
modparam("pike", "remove_latency", 4)
#!endif
htable params
ip ban htable with autoexpire after 5 minutes
modparam("htable", "htable", "ipban=>size=8;autoexpire=300;")
xmlrpc params
modparam("xmlrpc", "route", "XMLRPC");
modparam("xmlrpc", "url_match", "^/RPC")
nathelper params
#!ifdef WITH_WEBSOCKETS
modparam("nathelper|registrar", "received_avp", "$avp(RECEIVED)")
#!endif
Note: leaving NAT pings turned off here as nathelper is <em>only</em> being used for WebSocket connections. NAT pings are not needed as WebSockets have their own keep-alives.
Routing Logic
Main SIP request routing logic processing of any incoming SIP request starts with this route . Read more on Kamailio Call routing and Control
request_route {
# per request initial checks
route(REQINIT);
#!ifdef WITH_WEBSOCKETS
if (nat_uac_test(64)) {
force_rport();
if (is_method("REGISTER")) {
fix_nated_register();
} else {
fix_nated_contact();
if (!add_contact_alias()) {
xlog("L_ERR", "Error aliasing contact \n");
sl_send_reply("400", "Bad Request");
exit;
}
}
}
#!endif
# NAT detection
route(NATDETECT);
# CANCEL processing
if (is_method("CANCEL")) {
if (t_check_trans()) {
route(RELAY);
}
exit;
}
# handle requests within SIP dialogs
route(WITHINDLG);
### only initial requests (no To tag)
# handle retransmissions
if(t_precheck_trans()) {
t_check_trans();
exit;
}
t_check_trans();
# authentication
route(AUTH);
# record routing for dialog forming requests (in case they are routed) - remove preloaded route headers
remove_hf("Route");
if (is_method("INVITE|SUBSCRIBE"))
record_route();
# account only INVITEs
if (is_method("INVITE")) {
setflag(FLT_ACC); # do accounting
}
# dispatch requests to foreign domains
route(SIPOUT);
### requests for my local domains
# handle presence related requests
route(PRESENCE);
# handle registrations
route(REGISTRAR);
if ($rU==$null) {
# request with no Username in RURI
sl_send_reply("484","Address Incomplete");
exit;
}
# dispatch destinations to PSTN
route(PSTN);
# user location service
route(LOCATION);
}
Wrapper for relaying requests
enable additional event routes for forwarded requests – serial forking, RTP relaying handling, a.s.o.
route[RELAY] {
if (is_method("INVITE|BYE|SUBSCRIBE|UPDATE")) {
if(!t_is_set("branch_route"))
t_on_branch("MANAGE_BRANCH");
}
if (is_method("INVITE|SUBSCRIBE|UPDATE")) {
if(!t_is_set("onreply_route"))
t_on_reply("MANAGE_REPLY");
}
if (is_method("INVITE")) {
if(!t_is_set("failure_route"))
t_on_failure("MANAGE_FAILURE");
}
if (!t_relay()) {
sl_reply_error();
}
exit;
}
Per SIP request initial checks
route[REQINIT] {
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
}
if(is_method("OPTIONS") && uri==myself &&; $rU==$null) {
sl_send_reply("200","Keepalive");
exit;
}
if(!sanity_check("1511", "7")) {
xlog("Malformed SIP message from $si:$sp\n");
exit;
}
}
Handle requests within SIP dialogs
sequential request withing a dialog should take the path determined by record-routing
route[WITHINDLG] {
if (!has_totag()) return;
if (has_totag()) {
if (loose_route()) {
#!ifdef WITH_WEBSOCKETS
if ($du == "") {
if (!handle_ruri_alias()) {
xlog("L_ERR", "Bad alias <$ru>\n");
sl_send_reply("400", "Bad Request");
exit;
}
}
#!endif
}
exit;
}
if (loose_route()) {
route(DLGURI);
if (is_method("BYE")) {
setflag(FLT_ACC); # do accounting ...
setflag(FLT_ACCFAILED); # ... even if the transaction fails
}
else if ( is_method("ACK") ) {
# ACK is forwarded statelessy
route(NATMANAGE);
}
else if ( is_method("NOTIFY") ) {
# Add Record-Route for in-dialog NOTIFY as per RFC 6665.
record_route();
}
route(RELAY);
exit;
}
if (is_method("SUBSCRIBE") && uri == myself) {
# in-dialog subscribe requests
route(PRESENCE);
exit;
}
if ( is_method("ACK") ) {
if ( t_check_trans() ) {
# no loose-route, but stateful ACK;
# must be an ACK after a 487
# or e.g. 404 from upstream server
route(RELAY);
exit;
} else {
# ACK without matching transaction ... ignore and discard
exit;
}
}
sl_send_reply("404","Not here");
exit;
}
Handle SIP registrations
tbd
User location service
route[LOCATION] {
#!ifdef WITH_SPEEDDIAL
# search for short dialing - 2-digit extension
if($rU=~"^[0-9][0-9]$")
if(sd_lookup("speed_dial"))
route(SIPOUT);
#!endif
#!ifdef WITH_ALIASDB
# search in DB-based aliases
if(alias_db_lookup("dbaliases"))
route(SIPOUT);
#!endif
$avp(oexten) = $rU;
if (!lookup("location")) {
$var(rc) = $rc;
route(TOVOICEMAIL);
t_newtran();
switch ($var(rc)) {
case -1:
case -3:
send_reply("404", "Not Found");
exit;
case -2:
send_reply("405", "Method Not Allowed");
exit;
}
}
# when routing via usrloc, log the missed calls also
if (is_method("INVITE")) {
setflag(FLT_ACCMISSED);
}
route(RELAY);
exit;
}
Presence processing
route[PRESENCE] {
if(!is_method("PUBLISH|SUBSCRIBE"))
return;
if(is_method("SUBSCRIBE") && $hdr(Event)=="message-summary") {
route(TOVOICEMAIL);
# returns here if no voicemail server is configured
sl_send_reply("404", "No voicemail service");
exit;
}
#!ifdef WITH_PRESENCE
if (!t_newtran()) {
sl_reply_error();
exit;
}
if(is_method("PUBLISH")) {
handle_publish();
t_release();
} else if(is_method("SUBSCRIBE")) {
handle_subscribe();
t_release();
}
exit;
#!endif
# if presence enabled, this part will not be executed
if (is_method("PUBLISH") || $rU==$null) {
sl_send_reply("404", "Not here");
exit;
}
return;
}
IP authorization and user authentication
route[AUTH] {
#!ifdef WITH_AUTH
#!ifdef WITH_IPAUTH
if((!is_method("REGISTER")) && allow_source_address()) {
# source IP allowed
return;
}
#!endif
if (is_method("REGISTER") || from_uri==myself)
{
# authenticate requests
if (!auth_check("$fd", "subscriber", "1")) {
auth_challenge("$fd", "0");
exit;
}
# user authenticated - remove auth header
if(!is_method("REGISTER|PUBLISH"))
consume_credentials();
}
# if caller is not local subscriber, then check if it calls
# a local destination, otherwise deny, not an open relay here
if (from_uri!=myself && uri!=myself) {
sl_send_reply("403","Not relaying");
exit;
}
#!endif
return;
}
Caller NAT detection
route[NATDETECT] {
#!ifdef WITH_NAT
force_rport();
if (nat_uac_test("19")) {
if (is_method("REGISTER")) {
fix_nated_register();
} else {
if(is_first_hop())
set_contact_alias();
}
setflag(FLT_NATS);
}
#!endif
return;
}
RTPProxy control and signaling updates for NAT traversal
route[NATMANAGE] {
#!ifdef WITH_NAT
if (is_request()) {
if(has_totag()) {
if(check_route_param("nat=yes")) {
setbflag(FLB_NATB);
}
}
}
if (!(isflagset(FLT_NATS) || isbflagset(FLB_NATB)))
return;
rtpproxy_manage("co");
if (is_request()) {
if (!has_totag()) {
if(t_is_branch_route()) {
add_rr_param(";nat=yes");
}
}
}
if (is_reply()) {
if(isbflagset(FLB_NATB)) {
if(is_first_hop())
set_contact_alias();
}
}
#!endif
return;
}
URI update for dialog requests
route[DLGURI] {
#!ifdef WITH_NAT
if(!isdsturiset()) {
handle_ruri_alias();
}
#!endif
return;
}
Routing to foreign domains
route[SIPOUT] {
if (uri==myself) return;
append_hf("P-hint: outbound\r\n");
route(RELAY);
exit;
}
PSTN GW routing
route[PSTN] {
#!ifdef WITH_PSTN
# check if PSTN GW IP is defined
if (strempty($sel(cfg_get.pstn.gw_ip))) {
xlog("SCRIPT: PSTN routing enabled but pstn.gw_ip not defined\n");
return;
}
# route to PSTN dialed numbers starting with '+' or '00'(international format)
if(!($rU=~"^(\+|00)[1-9][0-9]{3,20}$"))
return;
# only local users allowed to call
if(from_uri!=myself) {
sl_send_reply("403", "Not Allowed");
exit;
}
if (strempty($sel(cfg_get.pstn.gw_port))) {
$ru = "sip:" + $rU + "@" + $sel(cfg_get.pstn.gw_ip);
} else {
$ru = "sip:" + $rU + "@" + $sel(cfg_get.pstn.gw_ip) + ":"
+ $sel(cfg_get.pstn.gw_port);
}
route(RELAY);
exit;
#!endif
return;
}
XMLRPC routing
#!ifdef WITH_XMLRPC
route[XMLRPC] {
if ((method=="POST" || method=="GET") && (src_ip==127.0.0.1)) {
# close connection only for xmlrpclib user agents
if ($hdr(User-Agent) =~ "xmlrpclib")
set_reply_close();
set_reply_no_connect();
dispatch_rpc();
exit;
}
send_reply("403", "Forbidden");
exit;
}
#!endif
Routing to voicemail server
route[TOVOICEMAIL] {
#!ifdef WITH_VOICEMAIL
if(!is_method("INVITE|SUBSCRIBE"))
return;
# check if VoiceMail server IP is defined
if (strempty($sel(cfg_get.voicemail.srv_ip))) {
xlog("SCRIPT: VoiceMail routing enabled but IP not defined\n");
return;
}
if(is_method("INVITE")) {
if($avp(oexten)==$null)
return;
$ru = "sip:" + $avp(oexten) + "@" + $sel(cfg_get.voicemail.srv_ip)+ ":" + $sel(cfg_get.voicemail.srv_port);
} else {
if($rU==$null)
return;
$ru = "sip:" + $rU + "@" + $sel(cfg_get.voicemail.srv_ip)
+ ":" + $sel(cfg_get.voicemail.srv_port);
}
route(RELAY);
exit;
#!endif
return;
}
Manage outgoing branches
branch_route[MANAGE_BRANCH] {
xdbg("new branch [$T_branch_idx] to $ru\n");
route(NATMANAGE);
}
Manage incoming replies
onreply_route[MANAGE_REPLY] {
xdbg("incoming reply\n");
if(status=~"[12][0-9][0-9]")
route(NATMANAGE);
}
Manage failure routing cases
failure_route[MANAGE_FAILURE] {
route(NATMANAGE);
if (t_is_canceled()) {
exit;
}
#!ifdef WITH_BLOCK3XX
# block call redirect based on 3xx replies.
if (t_check_status("3[0-9][0-9]")) {
t_reply("404","Not found");
exit;
}
#!endif
#!ifdef WITH_VOICEMAIL
# serial forking - route to voicemail on busy or no answer (timeout)
if (t_check_status("486|408")) {
$du = $null;
route(TOVOICEMAIL);
exit;
}
#!endif
}
Supports pseudo-variables to access and manage parts of the SIP messages and attributes specific to users and server. Transformations to modify existing pseudo-variables, accessing only the wanted parts of the information.
Already has over 1000 parameters, variables and functions exported to config file. Supports runtime update framework – to avoid restarting the SIP server when needing to change the config parameters.
kamctl
Manage kamailio from command line, providing lots of operations, such as adding/removing/updating SIP users, controlling the ACL for users, managing the records for LCR or load balancing, viewing registered users and internal statistics, etc. When needed to interact with Kamailio, it does it via FIFO file created by mi_fifo module.
kamdbctl
Helps to configure and database needed by kamailio . First we need to select a database engine in the kamctlrc file by DBENGINE parameter .
Valid values are: MYSQL, PGSQL, ORACLE, DB_BERKELEY, DBTEXT.
The tool can be used to create and manage the database structure needed by Kamailio, therefore it should be immediately after Kamailio installation, in case you plan to run Kamailio with a database backend.
kamcmd
send RPC commands to Kamailio from command line, requires ctl module
siremis
web management interface for Kamailio, written in PHP , AJAX , web 2.0 using MVC architecture
- system and database administration tools for Kamailio SIP Server
- subscriber, database aliases and speed dial management
- location table view
- dispatcher (load balancer), prefix-domain translation and least cost routing (lcr) management
- access control lists (user groups) and permissions management
- accounting records and missed calls vies
- manage call data records (generated from acc records)
- hash table, dial plan table and user preferences table management
- offline message storage, presence service and sip trace views
- communication with Kamailio SIP Server via XMLRPC , JSONRPC
- communication with FreeSWITCH via event socket
- create and display charts from statistic data stored by Kamailio
- user location statistics charts
- SIP traffic load charts
- memory usage charts
- accounting records charts and summary table
- SQL-based CDR generation and rating billing engine
Covered in this article
- Internal architecture
- Configuration language
- least cost routing
- load balancing
- traffic dispatching
- DID routing
- prefix based routing
- SIP trunks and peering
- traffic shaping
- topology hiding
- flood detection
- scanning attacks prevention
- anti-fraud policies
- SQL and noSQL connectors
- enum and DNS based routing
- authentication and authorization
- secure communication (TLS)
- registration and location services
- accounting and call data records
- call control – redirect, forward, baring
- redundancy and scalability
- high availability and failover
- websockets and webrtc
References :
- [1] Henning Westerholt – Kamailio project-1&1 Internet AG ( 2009 )
Proxying Media Streams via Kamailio’s RTP Proxy
Telecom R & D 