debug=3         # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=no # (cmd line: -E)
sip_warning=no

/* Uncomment these lines to enter debugging mode
# fork=no
# log_stderror=yes
*/

check_via=no    # (cmd. line: -v)
dns=no          # (cmd. line: -r)
rev_dns=no      # (cmd. line: -R)
disable_dns_blacklist=yes
disable_tcp=yes
disable_tls=yes
port=5060
children=20

# --------- AVP aliases ----------------------------------------------
avp_aliases="srcdev=i:1"
avp_aliases="snid=i:2"
avp_aliases="cinfo=i:3"
avp_aliases="from=i:10"

# --------- module loading -------------------------------------------
mpath="/usr/local/lib/opensips/modules"
loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "maxfwd.so"
loadmodule "rr.so"
loadmodule "textops.so"
loadmodule "usrloc.so"
loadmodule "signaling.so"
loadmodule "registrar.so"
loadmodule "auth.so"
loadmodule "mi_fifo.so"
loadmodule "options.so"
loadmodule "xlog.so"
loadmodule "avpops.so"
# Load OSP module
loadmodule "osp.so"
# For SIP From header modification
# loadmodule "uac.so"

# --------- setting module-specific parameters -----------------------

#
# PEERING PARAMETERS
# ====================================================================
# This section contains configuration parameters that enables OpenSIPS
# to communicate with one or more OSP servers for routing and CDR
# collection. The parameter sp1_uri must be configured. Additional
# detail on OSP Module parameters and functions is provided in the
# "OSP Module for Secure, Multi-Lateral Peering" document located at
# http://www.opensips.org/html/docs/modules/devel/osp.html
#

#
# Configure Work Mode
# ====================================================================
# This parameter is used to tell the OSP module the work mode it
# should work in.  The default value is 0.
#
# 0 - Direct
# 1 - Indirect
#
# modparam("osp", "work_mode", 0)

#
# Configure Service Type
# ====================================================================
# This parameter is used to tell the OSP module the service type it
# should provide.  The default value is 0.
#
# 0 - Normal voice service
# 1 - Ported number query service
#
# modparam("osp", "service_type", 0)

#
# Configure OSP Servers
# ====================================================================
# OpenSIPS can be configured to query up to 16 OSP servers for routing
# information, number portability correction and peering authorization
# tokens using the sp1_uri to sp16_uri parameters.  Each spX_uri is
# the configuration for an OSP server.  A configuration for sp1_uri
# is required. Configuring other OSP servers, using sp2_uri, ...,
# sp16_uri parameters, is optional. The OSP server address should be
# configured as a standard URL beginning with either http:// or
# https:// followed by the domain name of the OSP server or the IP
# address enclosed in brackets. The domain name or IP address should
# be followed by the peering server TCP port number and uniform
# resource identifier. Below are example configurations.
#
modparam("osp", "sp1_uri", "http://osptestserver.transnexus.com:5045/osp")
# modparam("osp", "sp2_uri", "https://[1.2.3.4]:1443/osp")

#
# OpenSIPS IP Address
# ====================================================================
# device_ip is a recommended parameter that explicitly defines the IP
# address of OpenSIPS in an OSP AuthorizationRequest message (as
# SourceAlternate type=transport).  The IP address must be in brackets
# as shown in the example below.
#
# modparam("osp", "device_ip", "[127.0.0.1]:5060")

#
# Use OSP Security Features
# ====================================================================
# This parameter is used to tell the OSP module if the OSP security
# features should be used.  The default value is 0.
#
# 0 - OSP module will not use the OSP security features.
# 1 - OSP module will use the OSP security features.
#
# modparam("osp", "use_security_features", 0)

#
# Peering Token Validation
# ====================================================================
# When OpenSIPS receives a SIP INVITE with an OSP peering token, the
# OSP Module will validate the token to determine whether or not the
# call has been authorized by a trusted OSP server.  OSP peering
# tokens may, or may not, be digitally signed.  This parameter defines
# if OpenSIPS will validate signed or unsigned tokens or both. The
# values for "token format" are defined below.  The default value
# is 2. If the use_security_features parameter is set to 0, signed
# tokens cannot be validated.
#
# 0 - Validate only signed tokens.  Calls with valid signed tokens are
#     allowed.
# 1 - Validate only unsigned tokens.  Calls with valid unsigned tokens
#     are allowed.
# 2 - Validate both signed and unsigned tokens are allowed.  Calls
#     with valid tokens are allowed.
#
# modparam("osp", "token_format", 2)

#
# Crypto files from Peering Server Enrollment
# ====================================================================
# These parameters identify crypto files used for validating peering
# authorization tokens and establishing a secure channel between
# OpenSIPS and an OSP server using SSL.  The files may be generated
# using the 'Enroll' utility from the OSP Toolkit.  By default, the
# proxy will look for pkey.pem, localcert.pem, and cacart_0.pem in the
# default configuration directory.
#
# The default config directory is set at compile time using CFG_DIR
# and defaults to /usr/local/etc/opensips/.  The files may be copied
# to the expected file location or the parameters below may be
# changed. If the use_security_features parameter is set to 0, these
# parameters will be ignored.
#
# If the default CFG_DIR value was used at compile time, the files
# will be loaded from:
# modparam("osp", "private_key", "/usr/local/etc/opensips/pkey.pem")
# modparam("osp", "local_certificate", "/usr/local/etc/opensips/localcert.pem")
# modparam("osp", "ca_certificates", "/usr/local/etc/opensips/cacert_0.pem")

#
# Use Remote-Party-ID for calling number
# ====================================================================
# This parameter is used to tell the OSP module if the calling number
# should be obtained from RPID header.  The default value is 1.
#
# 0 - OSP module will use the calling number in From header.
# 1 - OSP module will use the calling number in RPID header if a RPID
#     header exists.
#
# modparam("osp", "use_rpid_for_calling_number", 1)

#
# Use Number Portability parameters
# ====================================================================
# This parameter is used to tell the OSP module if the number
# portability parameters should be obtained from RURI.  The default
# value is 1.
#
# 0 - OSP module will not use the number portability parameters.
# 1 - OSP module will use the number portability parameters in RURI in
#     Authorization Request to OSP server if these parameters exist in
#     the INVITE received from the UA.
#
# modparam("osp", "use_number_portability", 1)

#
# URI Format for Redirection Messages
# ====================================================================
# This parameter is used to tell the OSP module which URI format
# should be used for SIP redirect messages.  The default value is 0.
#
# 0 - "xxxxxxxxxx@xxx.xxx.xxx.xxx"
# 1 - "<xxxxxxxxxx@xxx.xxx.xxx.xxx>". (For Cisco 2600 IP-IP gateway)
#
# modparam("osp", "redirection_uri_format", 0)

#
# Append "user=phone" Parameter
# ====================================================================
# This parameter is used to tell the OSP module if the "user=phone"
# parameter, which indicates that the user portion of the URI should
# be treated as a tel URI, should be appended.  The default value is
# 0.
#
# modparam("osp", "append_userphone", 0)

#
# Append Destination Network ID
# ====================================================================
# This parameter is used to tell the OSP module if destination
# network ID should be appended. If it is set to 0, network ID is not
# appended in outbound destination URIs. If it is set to 1, network ID
# is appended.  The default value is 1.
#
# modparam("osp", "append_networkid", 1)

#
# Source Device IP AVP
# ====================================================================
# This parameter is used to tell the OSP module which AVP is used to
# store source device IP in the indirect work mode.  The default
# value is "$avp(s:_osp_source_device_)".
#
# modparam("osp", "source_device_avp", "$avp(s:_osp_source_device_)")
modparam("osp", "source_device_avp", "$avp(srcdev)")

#
# Source Network ID AVP
# ====================================================================
# This parameter is used to tell the OSP module which AVP is used to
# store source network ID.  The default value is
# "$avp(s:_osp_source_networkid_)".
#
# modparam("osp", "source_networkid_avp", "$avp(s:_osp_source_networkid_)")
modparam("osp", "source_networkid_avp", "$avp(snid)")

#
# Custom Information AVP
# ====================================================================
# This parameter is used to tell the OSP module which AVP is used to
# store custom information.  The default value is
# "$avp(s:_osp_custom_info_)".
#
# modparam("osp", "custom_info_avp", "$avp(s:_osp_custom_info_)")
modparam("osp", "custom_info_avp", "$avp(cinfo)")

#
# -- mi_fifo params --
#
# The name of the FIFO file to be created for listening and reading
# external commands.
#
modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")

# -- usrloc params --
#
# Disable the usrloc module to utilize database for persistent
# contact storage.
#
modparam("usrloc", "db_mode", 0)

# -- rr params --
#
# Use ";lr=on" instead of ";lr". This is to overcome problems with
# broken UAs which strip ";lr" parameter when generating Route header
# fields from Record-Route.
#
modparam("rr", "enable_full_lr", 1)

#
# Enable append_fromtag, request's from-tag is appended to
# Record-Route. This is useful for understanding whether subsequent
# requests (such as BYE) come from caller (route's from-tag==BYE's
# from-tag) or callee (route's from-tag==BYE's to-tag).
#
modparam("rr", "append_fromtag", 1)

# -- tm params --
#
# Timer which hits if there is no response (including provisional
# messages such as 100, 180, 183, ..., etc.) for a request such as
# INVITE, RE-INVITE or BYE after fr_timer seconds.
#
# For the INVITE use case, if the proxy does not receive a response
# to an INVITE before this timer expires, the proxy will retry the
# call and send an INVITE to the next VoIP destination in the routing
# list.
#
# For the RE-INVITE and BYE use cases, if the proxy does not receive
# a response before this timer expires, the proxy will send a SIP 408
# Timeout message to the source of the request.
#
modparam("tm", "fr_timer", 2)

#
# Timer which hits if no final reply for an INVITE arrives after a
# provisional message was received (in seconds).  For example, user is
# not picking up the phone.
#
modparam("tm", "fr_inv_timer", 300)


# --------- request routing logic ------------------------------------

# main routing logic
route{
    xlog("L_INFO", "----ROUTE: Route IN - M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n");

    # initial sanity checks
    if (!mf_process_maxfwd_header("10")) {
        xlog("L_WARN", "----ROUTE: Too many hops, $rm from '$fu' to '$tu'\n");
        sl_send_reply("483", "Too Many Hops");
        return;
    };

    if (msg:len >= max_len) {
        xlog("L_WARN", "----ROUTE: Message too big, $rm from '$fu' to '$tu'\n");
        sl_send_reply("513", "Message Too Big");
        return;
    };

    # we record-route all messages -- to make sure that
    # subsequent messages will go through our proxy; this
    # is useful if upstream and downstream entities
    # use different transport protocol
    record_route();

    # loose-route processing
    if (loose_route()) {
        if (method=="INVITE") {
            log(2, "----ROUTE: Relay re-INVITE\n");
            # send it out now; use stateful forwarding as it works
            # reliably even for UDP2TCP
            if (!t_relay()) {
                sl_reply_error();
            }
            return;
        } else if (method=="ACK") {
            log(2, "----ROUTE: Relay ACK\n");
            # send it out now; use stateful forwarding as it works
            # reliably even for UDP2TCP
            if (!t_relay()) {
                sl_reply_error();
            }
            return;
        }
    } else {
        if (method=="BYE") {
            xlog("L_WARN", "----ROUTE: Processing BYE without route header - F=$fu T=$tu IP=$si ID=$ci\n");
            if (t_check_trans()) {
                log(2, "----ROUTE: Duplicated BYE\n");
            } else {
                # NOTE - don't t_relay before reporting usage
                if (is_direction("downstream")) {
                    log(2, "----ROUTE: BYE from SOURCE\n");
                    if (!reportospusage("0")) {
                        xlog("L_WARN", "----ROUTE: failed to report usage, from '$fu' to '$tu'\n");
                    }
                } else {
                    log(2, "----ROUTE: BYE from DESTINATION\n");
                    if (!reportospusage("1")) {
                        xlog("L_WARN", "----ROUTE: failed to report usage, from '$fu' to '$tu'\n");
                    }
                }
                sl_send_reply("400", "Bad Request - no route header in BYE message");
            }
            return;
        }
    }

    if (method=="INVITE") {
        log(2, "----ROUTE: Processing INVITE\n");

        # Stop retransmission
        sl_send_reply("100", "Trying");

        if (t_check_trans()) {
            log(2, "----ROUTE: Duplicated INVITE\n");
            return;
        }

        # Authentication
        log(3, "OSP authorization validation logic\n");

        if ($hdr(P-Source-Device) != NULL) {
            $avp(srcdev) = $hdr(P-Source-Device);
        }

        # This function looks for OSP peering token in the message.
        # It will fail if the token is not present
        if (checkospheader()) {
            log(3, "With OSP token, validate it\n");

            # The function validates OSP tokens.  It will fail if the
            # token is not valid or has expired
            validateospheader();
            switch ($retcode) {
                case 1:
                    # Authorization is valid.  The proxy can now use
                    # its own database of registered users for
                    # routing information.
                    # The proxy could also issue another OSP peering
                    # authorization and routing request by calling
                    # route(1) function.
                    log(3, "OSP authorization valid\n");

                    # Remove the OSP peering token from the received
                    # message otherwise it will be forwarded on to
                    # the next hop
                    remove_hf("P-OSP-Auth-Token");
                    break;
                case -2:
                    log(2, "----ROUTE: Internal server error\n");
                    sl_send_reply("500", "Internal Server Error");
                    return;
                default:
                    log(2, "----ROUTE: OSP authorization invalid\n");
                    sl_send_reply("401", "Unauthorized");
                    return;
            };
        } else {
            log(3, "Without OSP token, apply different authentication strategy\n");
            log(3, "Go ahead, everyone is welcomed\n");

            # Implement authentication strategy here or simply add the
            # statements below to block all invites without OSP
            # peering tokens
            # sl_send_reply("401", "Unauthorized");
            # return;
        }

        log(2, "----ROUTE: Authentication passed\n");

        # Routing

#        if (lookup("location")) {
#            log(2, "----ROUTE: Registered user, forward the message\n");
#            append_hf("P-hint: usrloc\r\n");
#            t_relay();
#        } else {
#            log(2, "----ROUTE: Unregistered user, use OSP to get routing\n");
#            route(2);
#        }

        log(2, "----ROUTE: Use OSP to get routing\n");
        route(2);
    } else if (method=="ACK") {
        log(2, "----ROUTE: Processing ACK\n");

        if (t_check_trans()) {
            log(2, "----ROUTE: Relay E2E ACK\n");
            t_relay();
        } else {
            log(2, "----ROUTE: Not to relay ACK");
        }
    } else if (method=="BYE") {
        log(2, "----ROUTE: Processing BYE\n");

        xlog("L_INFO", "----ROUTE: R=$hdr(Route)\n");

        if (t_check_trans()) {
            log(2, "----ROUTE: Duplicated BYE\n");
            return;
        }

        # NOTE - don't t_relay before reporting usage
        if (is_direction("downstream")) {
            log(2, "----ROUTE: BYE from SOURCE\n");
            if (!reportospusage("0")) {
                xlog("L_WARN", "----ROUTE: failed to report usage, from '$fu' to '$tu'\n");
            }
        } else {
            log(2, "----ROUTE: BYE from DESTINATION\n");
            if (!reportospusage("1")) {
                xlog("L_WARN", "----ROUTE: failed to report usage, from '$fu' to '$tu'\n");
            }
        }
        t_relay();
    } else if (method=="CANCEL") {
        log(2, "----ROUTE: Processing CANCEL\n");
        if (t_check_trans()) {
            t_relay();
        } else {
            xlog("L_WARN", "----ROUTE: CANCEL without matching transaction, from '$fu' to '$tu'\n");
        }
    } else if ((method=="OPTIONS") && (uri==myself)) {
        log(2, "----ROUTE: Processing OPTIONS\n");
        options_reply();
    } else if (method=="PRACK") {
        log(2, "----ROUTE: Processing PRACK\n");
        t_relay();
    } else if (method=="INFO") {
        log(2, "----ROUTE: Processing INFO\n");
        t_relay();
    } else if (method=="UPDATE") {
        log(2, "----ROUTE: Processing UPDATE\n");
        t_relay();
#    } else if (method=="REGISTER") {
#        log(2, "----ROUTE: Processing REGISTER\n");
#
#        # Stop retransmission
#        sl_send_reply("100", "Trying");
#
#        if (uri==myself) {
#            log(2, "----ROUTE: Registered\n");
#            save("location");
#        } else {
#            log(2, "----ROUTE: Register from outside domain rejected\n");
#            sl_send_reply("488", "Unknown Domain");
#        }
    } else {
        xlog("L_WARN", "----ROUTE: Unsupported message, $rm from '$fu' to '$tu'\n");
        sl_send_reply("500", "Unsupported Message");
    }

    log(3, "----ROUTE: Route OUT\n");
}


# OSP Authorization and Routing
route[2] {
    log(3, "OSP authorization and routing logic\n");

    # Is request to a phone number?
    # A phone number consists of digits (0 through 9)
    # and can begin with +
#    if (uri=~"sip:[+,0-9][0-9]*@") {
        # Requesting OSP peering routing and authorization
        # The request may fail if:
        #  o OSP peering servers are not available
        #  o Authentication failed
        #  o There is no route to destination or the route is blocked
        log(3, "Requesting OSP authorization and routing\n");

        # Get source network ID
        # OpenSIPS can include a specific header parameter as the
        # source NetworkId in an OSP AuthorizationRequest to an OSP
        # server. Below are two example configurations for this
        # feature.
        #
        # Uncomment the line below to use the otg parameter value in
        # the From URI ($fu) as the source NetworkId ($avp(snid)).
        # if ($(fu{param.value, otg}) != NULL) {
        #     $avp(snid) = $(fu{param.value, otg});
        # }
        #
        # Uncomment the line below to use P-Call-Owner SIP header
        # value as the source NetworkId ($avp(snid)).
        # if ($hdr(P-Call-Owner) != NULL) {
        #     $avp(snid) = $hdr(P-Call-Owner);
        # }
        #
        # Uncomment the line below to use P-Network-ID SIP header
        # value as the source NetworkId ($avp(snid)).
        if ($hdr(P-Network-ID) != NULL) {
            $avp(snid) = $hdr(P-Network-ID);
        }

        # Get custom info
        if ($hdr(P-Custom-Info) != NULL) {
            $avp(cinfo) = $hdr(P-Custom-Info);
        }

        requestosprouting();
        switch ($retcode) {
            # To change the OpenSIPS response for specific use cases,
            # edit the 'sl_send-reply...' lines in the cases above.
            # For example, to change the SIP response for a blocked
            # route from 403 to 404 change the line
            #   sl_send_reply("403", "Forbidden - Call is blocked");
            # to
            #   sl_send_reply("404", "Forbidden - Call is blocked");
            case 1:
                log(3, "Response received\n");

                # Now we have 3 options.
                #  o route(3) - sends a redirect to all available
                #    routes
                #  o route(4) - fork off to all available routes
                #  o route(5) in conjunction with failure_route(1) -
                #    sequentially tries all routes

                # route(3);
                # route(4);
                route(5);

                break;
            case -403:
                xlog("L_WARN", "----ROUTE: Call to '$tU' from source device '$si' is blocked on OSP Server.\n");
                sl_send_reply("403", "Forbidden - Call is blocked");
                break;
            case -404:
                xlog("L_WARN", "----ROUTE: No route on OSP server for call to '$tU' from source device '$si'.\n");
                sl_send_reply("404", "Route Not Found");
                break;
            case -2:
                log(2, "----ROUTE: Internal server error\n");
                sl_send_reply("500", "Internal Server Error");
                break;
            default:
                log(2, "----ROUTE: OSP Authorization failed\n");
                sl_send_reply("503", "Service Not Available");
        }
#    } else {
#        log(3, "Wrong phone number\n");
#        sl_send_reply("401", "Not Phone Number");
#    }
}


# The SIP 300 message indicates multiple destinations are returned
# for the call.  The user agent can try one or more the destinations
# to complete the call.
# The SIP 301 message indicates that the called party has moved
# permanently and cannot be found at the Request-URI address.  A 301
# response would not be a expected response for an OSP query.
# The SIP 302 message indicates the user agent SHOULD retry the request
# at the new address(es) given in the redirect Contact header field.
#
# To change the SIP response for the route[3] use case, edit the
# sl_send_reply... configuration.  For example, to change the 300
# response to 302, change from
#   sl_send_reply("300", "Redirect");
# to
#   sl_send_reply("302", "Redirect");
route[3] {
    log(3, "Prepare all routes and redirect\n");

    if (prepareallosproutes()) {
        sl_send_reply("300", "Redirect");
    } else {
        log(3, "Failed to prepare all routes\n");
        sl_send_reply("500", "Internal Server Error");
    }
}


route[4] {
    log(3, "Prepare all routes and fork-off\n");

    if (prepareallosproutes()) {
        t_relay();
    } else {
        log(3, "Failed to prepare all routes\n");
        sl_send_reply("500", "Internal Server Error");
    }
}


route[5] {
    log(3, "Try the 1st route\n");

    if (checkosproute()) {
        t_on_branch("1");

        t_on_failure("1");

        # For SIP From header modification
        # route(6);

        t_relay();
    } else {
        log(3, "Could  not use the 1st route\n");
        sl_send_reply("500", "Internal Server Error");
    }
}


# For SIP From header modification
#route[6] {
#    log(3, "Remove otg parameter\n");
#
#    if ($(fu{param.value, otg})) {
#        $avp(from) = $fu;
#        avp_subst("$avp(from)", "/(.*);otg=([^;]*)(.*)/\1\3/");
#        xlog("L_INFO", "----ROUTE: New From URI = $avp(from)\n");
#        uac_replace_from("$avp(from)");
#    } else {
#        log(3, "Without otg parameter\n");
#    }
#}


failure_route[1] {
    if (t_check_status("487")) {
        log(3, "Call canceled (status 487)\n");
        return;
    }

    if (t_check_status("486")) {
        log(3, "User busy (status 486)\n");
        return;
    }

    if (t_check_status("408")) {
        if (!t_local_replied("last")) {
            log(3, "User unavailable (status 408)\n");
            return;
        }
    }

    log(3, "Try the next route\n");

    if (checkosproute()) {
        t_on_branch("1");

        t_on_failure("1");

        t_relay();
    } else {
        xlog("L_WARN", "----ROUTE: All destinations attempted for call ID '$ci'. Call cannot be completed.\n");
        t_reply("503", "Service Not Available - Call cannot be completed");
    }
}


branch_route[1] {
    log(3, "Prepare route specific OSP information\n");

    prepareosproute();

    # Only add/change Remote-Party-ID if calling number is translated
    if (checkcallingtranslation()) {
        log(3, "Calling number translated, add a new RPID header\n");

        # Remove the Remote_Party-ID from the received message
        # Otherwise it will be forwarded on to the next hop
        remove_hf("Remote-Party-ID");

        # Append a new Remote_Party
        append_rpid_hf();
    }
}