Kamailio Configuration

#!KAMAILIO

# --- Listen on IPv4 + IPv6 ---

enable_tls=yes
listen=tls:[::]:5061

#!define DBURL "mysql://kamailio:kamailio_rw_password@127.0.0.1/kamailio"
#!define DOMAIN "{{ SIP Server Domain Name }}"

# --- Load modules ---

loadmodule "tls.so" # TLS Support
loadmodule "ctl.so" # Remote Procedure Call (RPC) admin interface - kamcmd
loadmodule "tm.so" # Transaction Module (Statefull Transactions)
loadmodule "sl.so" # Stateless Reply
loadmodule "rr.so" # Record Route (Keep Kamailio in dialoge path)
loadmodule "textops.so" # Text Operations (Modify SIP Headers and Content)
loadmodule "maxfwd.so" # Preventing Loops
loadmodule "usrloc.so" # User Location Storage (Registered users)
loadmodule "registrar.so" # Registration (Handles REGISTER requests)
loadmodule "db_mysql.so" # MYSQL database connector
loadmodule "auth.so" # SIP Authenticator
loadmodule "auth_db.so" # Authentication with DB backend
loadmodule "pike.so" # Anti Flood protection (Rate Limiting)
loadmodule "sanity.so" # Drop malformed packets

# --- Module params ---
modparam("usrloc", "db_url", DBURL) # Use db url sql server
modparam("usrloc", "db_mode", 2) # And use db register store

modparam("auth_db", "db_url", DBURL)
modparam("auth_db", "calculate_ha1", 0)
modparam("auth_db", "password_column", "ha1")
modparam("auth_db", "password_column_2", "ha1b")
modparam("auth_db", "use_domain", 1)

# Rate limiting
modparam("pike", "sampling_time_unit", 5) # MAX every 5 seconds
modparam("pike", "reqs_density_per_unit", 20) # 20 requests

modparam("ctl", "binrpc", "unix:/run/kamailio/kamailio_ctl")

modparam("tls", "config", "/etc/kamailio/tls.cfg") # TLS Config

# --- Main routing logic ---

route[REQUIRE_SRTP] {
    if (!has_body("application/sdp")) {
        sl_send_reply("488", "SDP Required");
        exit;
    }

    if (search_body("RTP/SAVP") || search_body("RTP/SAVPF") || search_body("a=crypto:")) {
        return;
    }

    sl_send_reply("488", "SRTP Required");
    exit;
}

request_route {
	# Drop malformed requests
	if (!sanity_check("1511", "7")) {
		exit;
	}
	# Drop spam
	if (!pike_check_req()) {
		sl_send_reply("403", "Flood detected");
		exit;
	}
    # Prevent loops
    if (!mf_process_maxfwd_header("10")) {
        sl_send_reply("483", "Too Many Hops");
        exit;
    }

    # If Kamailio is in singnal path
    if (loose_route()) {
        # Handle BYE
		#if (is_method("BYE")) {
		# Logging goes here
		#}

		if (!t_relay()) {
			sl_reply_error();
		}
		exit;
	}

    # Handle REGISTER
    if (is_method("REGISTER")) {
        if (!www_authorize(DOMAIN, "subscriber")) {
            www_challenge(DOMAIN, "0");
            exit;
        }
        consume_credentials();

        if (!save("location")) {
            sl_reply_error();
        }
    exit;
    }

    # Handle INVITE (calls)
	if (is_method("INVITE")) {

		# Drop unathorized calls
		if (!proxy_authorize(DOMAIN, "subscriber")) {
			proxy_challenge(DOMAIN, "0");
			exit;
		}
		consume_credentials();

		route(REQUIRE_SRTP);

		# Drop unregisterd numbers
		if (!lookup("location")) {
			sl_send_reply("404", "Not Found");
			exit;
		}

		# Keep Kamailio in signaling path
		record_route();

		if (!t_relay()) {
		    sl_reply_error();
			}
		exit;
	}

	# Handle CANCEL
	if (is_method("CANCEL")) {
	    if (t_check_trans()) {
	        if (!t_relay()) {
			    sl_reply_error();
			}
	    }
	    exit;
	}

	# Handle ACK
	if (is_method("ACK")) {
	    if (t_check_trans()) {
	        if (!t_relay()) {
			    sl_reply_error();
			}
	    }
	    exit;
	}

	# Handle OPTIONS
	if (is_method("OPTIONS")) {
	    sl_send_reply("200", "OK");
	    exit;
	}

    # Default reply
	sl_send_reply("405", "Method Not Allowed");
	exit;
}