diff options
Diffstat (limited to 'config/siproxd.inc')
| -rw-r--r-- | config/siproxd.inc | 172 |
1 files changed, 172 insertions, 0 deletions
diff --git a/config/siproxd.inc b/config/siproxd.inc new file mode 100644 index 00000000..ee1230c9 --- /dev/null +++ b/config/siproxd.inc @@ -0,0 +1,172 @@ +<?php +/* $Id$ */ +/* + siproxd.inc + Copyright (C) 2006 Scott Ullrich + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +function siproxd_generate_rules($type) { + global $config; + + $siproxd_conf = &$config['installedpackages']['siproxdsettings']['config'][0]; + if (!is_service_running('siproxd')) { + log_error("Sipproxd is installed but not started. Not installing redirect rules."); + return; + } + + /* proxy is turned off in package settings */ + if($siproxd_conf['rtpenable'] == "0") { + log_error("WARNING: siproxd RTP proxy has not been enabled. Not installing rules."); + return "\n"; + } + + $ifaces = explode(",", $siproxd_conf['if_inbound']); + $ifaces = array_map('convert_friendly_interface_to_real_interface_name', $ifaces); + $rtplower = ($siproxd_conf['rtplower'] ? $siproxd_conf['rtplower'] : 7070); + $rtpupper = ($siproxd_conf['rtpupper'] ? $siproxd_conf['rtpupper'] : 7079); + $port = ($siproxd_conf['proxy_port'] ? $siproxd_conf['proxy_port'] : 5060); + + switch($type) { + case 'nat': + $rules .= "\n# Setup Sipproxd proxy redirect\n"; + foreach ($ifaces as $iface) { + $rules .= "rdr on {$iface} proto udp from any to !($iface) port {$port} -> 127.0.0.1 port {$port}\n"; + } + break; + case 'filter': + foreach ($ifaces as $iface) { + $rules .= "# allow SIP signaling and RTP traffic\n"; + $rules .= "pass in quick on {$iface} proto udp from any to any port = {$port}\n"; + $rules .= "pass in quick on {$iface} proto udp from any to any port {$rtplower}:{$rtpupper}\n"; + } + break; + default: + log_error("Siproxd.inc -- error -- should not hit default case statement."); + break; + } + + return $rules; +} + +function sync_package_siproxd() { + global $config; + + unlink_if_exists("/usr/local/etc/rc.d/siproxd"); + + $conf = &$config['installedpackages']['siproxd']['config'][0]; + $fout = fopen("/usr/local/etc/siproxd.conf","w"); + + fwrite($fout, "# This file was automatically generated by the pfSense\n"); + fwrite($fout, "# package management system.\n\n"); + + /* proxy is turned off in package settings */ + if($_POST['rtpenable'] == "0") { + fclose($fout); + return; + } + + if($_POST['if_inbound'] != "") { + fwrite($fout, "if_inbound = " . convert_friendly_interface_to_real_interface_name($_POST['if_inbound']) . "\n"); + } + + if($_POST['if_outbound'] != "") { + if($config['interfaces'][$_POST['if_outbound']]['ipaddr'] == "pppoe") { + fwrite($fout, "if_outbound = ng0\n"); + } else { + fwrite($fout, "if_outbound = " . convert_friendly_interface_to_real_interface_name($_POST['if_outbound']) . "\n"); + } + } + + if($_POST['port'] != "") { + fwrite($fout, "sip_listen_port = " . $_POST['port'] . "\n"); + } else { + fwrite($fout, "sip_listen_port = 5060\n"); + } + + fwrite($fout, "daemonize = 1\n"); + fwrite($fout, "silence_log = 0\n"); + fwrite($fout, "log_calls = 1\n"); + fwrite($fout, "user = nobody\n"); + fwrite($fout, "chrootjail = /usr/local/siproxd/\n"); + fwrite($fout, "registration_file = siproxd_registrations\n"); + fwrite($fout, "pid_file = siproxd.pid\n"); + + if($_POST['rtpenable'] != "") { + fwrite($fout, "rtp_proxy_enable = " . $_POST['rtpenable'] . "\n"); + } else { + fwrite($fout, "rtp_proxy_enable = 1\n"); + } + + if($_POST['rtplower'] != "") { + if($_POST['rtpupper'] != "") { + fwrite($fout, "rtp_port_low = " . $_POST['rtplower'] . "\n"); + fwrite($fout, "rtp_port_high = " . $_POST['rtpupper'] . "\n"); + } + } + + if($_POST['rtptimeout'] != "") { + fwrite($fout, "rtp_timeout = " . $_POST['rtptimeout'] . "\n"); + } else { + fwrite($fout, "rtp_timeout = 300\n"); + } + + if($_POST['defaulttimeout'] != "") { + fwrite($fout, "default_expires = " . $_POST['defaulttimeout'] . "\n"); + } else { + fwrite($fout, "default_expires = 600\n"); + } + + if($_POST['authentication']) { + fwrite($fout, "proxy_auth_realm = Authentication_Realm\n"); + fwrite($fout, "proxy_auth_pwfile = /usr/local/etc/siproxd_passwd.cfg\n"); + } + + fwrite($fout, "debug_level = 0x00000000\n"); + if($_POST['outboundproxyhost'] != "") { + if($_POST['outboundproxyport'] != "") { + fwrite($fout, "outbound_proxy_host = " . $_POST['outboundproxyhost'] . "\n"); + fwrite($fout, "outbound_proxy_port = " . $_POST['outboundproxyport'] . "\n"); + } + } + + fclose($fout); + + write_rcfile(array( + "file" => "siproxd.sh", + "start" => "/usr/local/sbin/siproxd -c /usr/local/etc/siproxd.conf &", + "stop" => "/usr/bin/killall siproxd" + ) + ); + + exec("killall siproxd"); + + sleep(1); + + start_service("siproxd"); + + filter_configure(); + } + +?>
\ No newline at end of file |