From 07cf2c4b20230ddedee1bf9dddc1e7cd407385f5 Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Thu, 5 Feb 2015 10:02:24 -0200 Subject: Packages repo cleanup: - Drop support for pfSense < 2 - Remove archive/, old files can be reached using git - Remove old and unused packages - Move stale files from config subdir to a package subdir --- config/siproxd/siproxd.inc | 310 ++++++++++++++++++++++++ config/siproxd/siproxd.xml | 344 +++++++++++++++++++++++++++ config/siproxd/siproxd_registered_phones.php | 163 +++++++++++++ config/siproxd/siproxdusers.xml | 104 ++++++++ 4 files changed, 921 insertions(+) create mode 100644 config/siproxd/siproxd.inc create mode 100644 config/siproxd/siproxd.xml create mode 100644 config/siproxd/siproxd_registered_phones.php create mode 100644 config/siproxd/siproxdusers.xml (limited to 'config/siproxd') diff --git a/config/siproxd/siproxd.inc b/config/siproxd/siproxd.inc new file mode 100644 index 00000000..d76f79d3 --- /dev/null +++ b/config/siproxd/siproxd.inc @@ -0,0 +1,310 @@ + "") + $rules .= "rdr on {$iface} proto udp from any to !($iface) port {$port} -> 127.0.0.1 port {$port}\n"; + } + break; + case 'filter': + case 'rule': + foreach ($ifaces as $iface) { + if($iface <> "") { + $rules .= "# allow SIP signaling and RTP traffic\n"; + $rules .= "pass in on {$iface} proto udp from any to any port = {$port}\n"; + if($siproxd_conf['rtpenable'] == "1") { + $rules .= "pass in on {$iface} proto udp from any to any port {$rtplower}:{$rtpupper}\n"; + } + } + } + break; + } + + return $rules; +} + +function sync_package_siproxd() { + global $config; + + // put the constant to a variable + $varSIPROXD = SIPROXD; + + conf_mount_rw(); + + $siproxd_chroot = "/var/siproxd/"; + @mkdir($siproxd_chroot); + @chown($siproxd_chroot, "nobody"); + @chgrp($siproxd_chroot, "nobody"); + + unlink_if_exists("$varSIPROXD/etc/rc.d/siproxd"); + $siproxd_conf = &$config['installedpackages']['siproxdsettings']['config'][0]; + $fout = fopen("$varSIPROXD/etc/siproxd.conf","w"); + + fwrite($fout, "# This file was automatically generated by the pfSense\n"); + fwrite($fout, "# package management system.\n\n"); + + /* proxy is turned off in package settings */ + if($siproxd_conf['sipenable'] == "0") { + fclose($fout); + return; + } + + if($siproxd_conf['if_inbound'] != "") { + fwrite($fout, "if_inbound = " . convert_friendly_interface_to_real_interface_name($siproxd_conf['if_inbound']) . "\n"); + } + + if($siproxd_conf['if_outbound'] != "") { + if(intval($config['version']) < 6 && $config['interfaces'][$siproxd_conf['if_outbound']]['ipaddr'] == "pppoe") { + fwrite($fout, "if_outbound = ng0\n"); + } else { + fwrite($fout, "if_outbound = " . convert_friendly_interface_to_real_interface_name($siproxd_conf['if_outbound']) . "\n"); + } + } + + if($siproxd_conf['port'] != "") { + fwrite($fout, "sip_listen_port = " . $siproxd_conf['port'] . "\n"); + } else { + fwrite($fout, "sip_listen_port = 5060\n"); + } + + fwrite($fout, "daemonize = 1\n"); + fwrite($fout, "silence_log = 0\n"); + //fwrite($fout, "log_calls = 1\n"); + fwrite($fout, "user = nobody\n"); + fwrite($fout, "chrootjail = {$siproxd_chroot}\n"); + fwrite($fout, "registration_file = siproxd_registrations\n"); + fwrite($fout, "autosave_registrations = 10\n"); + fwrite($fout, "pid_file = siproxd.pid\n"); + + if($siproxd_conf['rtpenable'] != "") { + fwrite($fout, "rtp_proxy_enable = " . $siproxd_conf['rtpenable'] . "\n"); + } else { + fwrite($fout, "rtp_proxy_enable = 1\n"); + } + + if(($siproxd_conf['rtplower'] != "") && ($siproxd_conf['rtpupper'] != "")) { + fwrite($fout, "rtp_port_low = " . $siproxd_conf['rtplower'] . "\n"); + fwrite($fout, "rtp_port_high = " . $siproxd_conf['rtpupper'] . "\n"); + } else { + fwrite($fout, "rtp_port_low = 7070\n"); + fwrite($fout, "rtp_port_high = 7079\n"); + } + + if($siproxd_conf['rtptimeout'] != "") { + fwrite($fout, "rtp_timeout = " . $siproxd_conf['rtptimeout'] . "\n"); + } else { + fwrite($fout, "rtp_timeout = 300\n"); + } + + if($siproxd_conf['defaulttimeout'] != "") { + fwrite($fout, "default_expires = " . $siproxd_conf['defaulttimeout'] . "\n"); + } else { + fwrite($fout, "default_expires = 600\n"); + } + + if($siproxd_conf['authentication']) { + fwrite($fout, "proxy_auth_realm = Authentication_Realm\n"); + fwrite($fout, "proxy_auth_pwfile = $varSIPROXD/etc/siproxd_passwd.cfg\n"); + } + + if($siproxd_conf['debug_level'] != "") { + fwrite($fout, "debug_level = " . $siproxd_conf['debug_level'] . "\n"); + } else { + fwrite($fout, "debug_level = 0x00000000\n"); + } + + if($siproxd_conf['debug_port'] != "") { + fwrite($fout, "debug_port = " . $siproxd_conf['debug_port'] . "\n"); + } + + if($siproxd_conf['outboundproxyhost'] != "") { + if($siproxd_conf['outboundproxyport'] != "") { + fwrite($fout, "outbound_proxy_host = " . $siproxd_conf['outboundproxyhost'] . "\n"); + fwrite($fout, "outbound_proxy_port = " . $siproxd_conf['outboundproxyport'] . "\n"); + } + } + + if($siproxd_conf['expeditedforwarding'] != "") + fwrite($fout, "rtp_dscp = 46\n"); + if($siproxd_conf['expeditedsipforwarding'] != "") + fwrite($fout, "sip_dscp = 26\n"); + + if ($siproxd_conf['rtp_input_dejitter'] != "") + fwrite($fout, "rtp_input_dejitter = " . $siproxd_conf['rtp_input_dejitter'] . "\n"); + if ($siproxd_conf['rtp_output_dejitter'] != "") + fwrite($fout, "rtp_output_dejitter = " . $siproxd_conf['rtp_output_dejitter'] . "\n"); + if ($siproxd_conf['tcp_timeout'] != "") + fwrite($fout, "tcp_timeout = " . $siproxd_conf['tcp_timeout'] . "\n"); + if ($siproxd_conf['tcp_connect_timeout'] != "") + fwrite($fout, "tcp_connect_timeout = " . $siproxd_conf['tcp_connect_timeout'] . "\n"); + if ($siproxd_conf['tcp_keepalive'] != "") + fwrite($fout, "tcp_keepalive = " . $siproxd_conf['tcp_keepalive'] . "\n"); + + fwrite($fout, "plugindir=$varSIPROXD/lib/siproxd/\n"); + fwrite($fout, "load_plugin=plugin_logcall.la\n"); + + if ($siproxd_conf['plugin_defaulttarget'] != "") + fwrite($fout, "load_plugin=plugin_defaulttarget.la\n"); + if (($siproxd_conf['plugin_defaulttarget'] != "") && ($siproxd_conf['plugin_defaulttarget_log'] != "")) + fwrite($fout, "plugin_defaulttarget_log = 1\n"); + if (($siproxd_conf['plugin_defaulttarget'] != "") && ($siproxd_conf['plugin_defaulttarget_target'] != "")) + fwrite($fout, "plugin_defaulttarget_target = " . $siproxd_conf['plugin_defaulttarget_target'] . "\n"); + + if ($siproxd_conf['plugin_fix_bogus_via'] != "") + fwrite($fout, "load_plugin=plugin_fix_bogus_via.la\n"); + if (($siproxd_conf['plugin_fix_bogus_via'] != "") && ($siproxd_conf['plugin_fix_bogus_via_networks'] != "")) + fwrite($fout, "plugin_fix_bogus_via_networks = " . $siproxd_conf['plugin_fix_bogus_via_networks'] . "\n"); + + if ($siproxd_conf['plugin_stun'] != "") + fwrite($fout, "load_plugin=plugin_stun.la\n"); + if (($siproxd_conf['plugin_stun'] != "") && ($siproxd_conf['plugin_stun_server'] != "")) + fwrite($fout, "plugin_stun_server = " . $siproxd_conf['plugin_stun_server'] . "\n"); + if (($siproxd_conf['plugin_stun'] != "") && ($siproxd_conf['plugin_stun_port'] != "")) + fwrite($fout, "plugin_stun_port = " . $siproxd_conf['plugin_stun_port'] . "\n"); + if (($siproxd_conf['plugin_stun'] != "") && ($siproxd_conf['plugin_stun_period'] != "")) + fwrite($fout, "plugin_stun_period = " . $siproxd_conf['plugin_stun_period'] . "\n"); + + fclose($fout); + + write_rcfile(array( + "file" => "siproxd.sh", + "start" => "$varSIPROXD/sbin/siproxd -c $varSIPROXD/etc/siproxd.conf &", + "stop" => "/usr/bin/killall -9 siproxd" + ) + ); + + exec("killall -9 siproxd"); + + sleep(3); + + start_service("siproxd"); + + sleep(3); + + filter_configure(); + + conf_mount_ro(); + +} + +function validate_form_siproxd($post, &$input_errors) { + if ($post['port'] && !is_port($post['port'])) + $input_errors[] = 'Invalid port entered for "Listening Port"'; + if ($post['rtplower'] && !is_port($post['rtplower'])) + $input_errors[] = 'Invalid port entered for "RTP port range (lower)".'; + if ($post['rtpupper'] && !is_port($post['rtpupper'])) + $input_errors[] = 'Invalid port entered for "RTP port range (upper)".'; + if ($post['rtplower'] && $post['rtpupper'] && ($post['rtplower'] >= $post['rtpupper'])) + $input_errors[] = 'RTP lower port cannot be equal to or higher than the RTP upper port.'; + if ($post['rtptimeout'] && (!is_numeric($post['rtptimeout']) || ($post['rtptimeout'] < 0))) + $input_errors[] = '"RTP stream timeout" must be numeric and greater than 0.'; + if ($post['defaulttimeout'] && (!is_numeric($post['defaulttimeout']) || ($post['defaulttimeout'] < 0))) + $input_errors[] = '"Default expiration timeout" must be numeric and greater than 0.'; + if ($post['outboundproxyhost'] && (!is_hostname($post['outboundproxyhost']) && !is_ipaddr($post['outboundproxyhost']))) + $input_errors[] = 'Invalid hostname or IP address entered for "Outbound Proxy Host".'; + if ($post['outboundproxyport'] && !is_port($post['outboundproxyport'])) + $input_errors[] = 'Invalid port entered for "Outbound Proxy Port".'; + if ($post['rtp_input_dejitter'] && (!is_numeric($post['rtp_input_dejitter']) || ($post['rtp_input_dejitter'] < 0))) + $input_errors[] = '"Input Dejitter" must be numeric and greater than 0.'; + if ($post['rtp_output_dejitter'] && (!is_numeric($post['rtp_output_dejitter']) || ($post['rtp_output_dejitter'] < 0))) + $input_errors[] = '"Output Dejitter" must be numeric and greater than 0.'; + if ($post['tcp_timeout'] && (!is_numeric($post['tcp_timeout']) || ($post['tcp_timeout'] < 0))) + $input_errors[] = '"TCP inactivity timeout" must be numeric and greater than 0.'; + if ($post['tcp_connect_timeout'] && (!is_numeric($post['tcp_connect_timeout']) || ($post['tcp_connect_timeout'] < 0))) + $input_errors[] = '"TCP Connect Timeout" must be numeric and greater than 0.'; + if ($post['tcp_keepalive'] && (!is_numeric($post['tcp_keepalive']) || ($post['tcp_keepalive'] < 0))) + $input_errors[] = '"TCP Keepalive" must be numeric and greater than 0.'; + if ($post['plugin_stun_server'] && (!is_hostname($post['plugin_stun_server']) && !is_ipaddr($post['plugin_stun_server']))) + $input_errors[] = 'Invalid hostname or IP address entered for "STUN Server".'; + if ($post['plugin_stun_port'] && !is_port($post['plugin_stun_port'])) + $input_errors[] = 'Invalid port entered for "STUN Port".'; + if ($post['plugin_stun_period'] && (!is_numeric($post['plugin_stun_period']) || ($post['plugin_stun_period'] < 0))) + $input_errors[] = '"STUN Period" must be numeric and greater than 0.'; + +} + +?> diff --git a/config/siproxd/siproxd.xml b/config/siproxd/siproxd.xml new file mode 100644 index 00000000..8b1b5856 --- /dev/null +++ b/config/siproxd/siproxd.xml @@ -0,0 +1,344 @@ + + + + + + + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + siproxdsettings + 0.8.0_2 pkg v1.0.2 + siproxd: Settings + /usr/local/pkg/siproxd.inc + /pkg_edit.php?xml=siproxd.xml&id=0 + + siproxd + Modify siproxd users and settings. +
Services
+ /pkg_edit.php?xml=siproxd.xml&id=0 +
+ + siproxd + siproxd.sh + siproxd + + + + Settings + /pkg_edit.php?xml=siproxd.xml&id=0 + + + + Users + /pkg.php?xml=siproxdusers.xml + + + Registered Phones + /siproxd_registered_phones.php + + + + /usr/local/pkg/ + 077 + https://packages.pfsense.org/packages/config/siproxd/siproxdusers.xml + + + /usr/local/pkg/ + 077 + https://packages.pfsense.org/packages/config/siproxd/siproxd.inc + + + /usr/local/www/ + 077 + https://packages.pfsense.org/packages/config/siproxd/siproxd_registered_phones.php + + + + Enable siproxd + sipenable + Enable or disable siproxd + checkbox + + + Inbound interface + if_inbound + Select the inbound interface. + interfaces_selection + + + Outbound interface + if_outbound + Select the outbound interface. + interfaces_selection + + + Listening port + port + Enter the port on which to listen for SIP traffic (default 5060). Do not change this unless you know what you're doing. + input + + + Default expiration timeout + defaulttimeout + If a REGISTER request dose not contain an Expires header or expires= parameter, this number of seconds will be used and reported back to the UA in the answer. + input + + + RTP Settings + listtopic + + + Enable RTP proxy + rtpenable + Enable or disable the RTP proxy. (default is enabled) + select + + + + + + + RTP port range (lower) + rtplower + Enter the bottom edge of the port range siproxd will allocate for incoming RTP traffic. This range must be one not blocked by the firewall (default 7070). + input + + + RTP port range (upper) + rtpupper + Enter the top edge of the port range siproxd will allocate for incoming RTP traffic. This range must be one not blocked by the firewall (default 7079). + input + + + RTP stream timeout + rtptimeout + After this number of seconds, an RTP stream is considered dead and proxying it will be stopped (default 300sec). + input + + + Dejittering Settings + listtopic + + + Input Dejitter + rtp_input_dejitter + Artificial delay to be used to de-jitter RTP data streams. This time is in microseconds. 0 - completely disable dejitter (default) + input + + + Output Dejitter + rtp_output_dejitter + Artificial delay to be used to de-jitter RTP data streams. This time is in microseconds. 0 - completely disable dejitter (default) + input + + + SIP over TCP Settings + listtopic + + + TCP inactivity timeout + tcp_timeout + Inactivity timeout (seconds). After that an idling TCP connection is disconnected. NOTE: Making this too short may cause multiple parallel registrations for the same phone. This timeout must be set larger than the used registration interval. + input + + + TCP Connect Timeout + tcp_connect_timeout + Defines How many msecs siproxd will wait for an successful connect when establishing an outgoing SIP signalling connection. This should be kept as short as possible as waiting for an TCP connection to establish is a BLOCKING operation - while waiting for a connect to succeed no SIP messages are processed (RTP is not affected). + input + + + TCP Keepalive + tcp_keepalive + For TCP SIP signalling, if > 0 empty SIP packets will be sent every 'n' seconds to keep the connection alive. Default is off. + input + + + Proxy Settings + listtopic + + + Enable proxy authentication + authentication + If this is checked, clients will be forced to authenticate themselves at the proxy (for registration only). + checkbox + + + Outbound proxy hostname + outboundproxyhost + Enter the hostname of an outbound proxy to send all traffic to. This is only useful if you have multiple masquerading firewalls to cross. + input + + + Outbound proxy port + outboundproxyport + Enter the port of the outbound proxy to send all traffic to. This is only useful if you have multiple masquerading firewalls to cross. + input + + + DSCP Settings + listtopic + + + Expedited RTP Forwarding + expeditedforwarding + This service is designed to allow ISPs to offer a service with attributes similar to a "leased line". This service offers the ULTIMATE IN LOW LOSS, LOW LATENCY AND LOW JITTER by ensuring that there is always sufficient room in output queues for the contracted expedited forwarding traffic. + + checkbox + + + Expedited SIP Forwarding + expeditedsipforwarding + This service is designed to allow ISPs to offer a service with attributes similar to a "leased line". This service offers the ULTIMATE IN LOW LOSS, LOW LATENCY AND LOW JITTER by ensuring that there is always sufficient room in output queues for the contracted expedited forwarding traffic. + checkbox + + + Plugin Settings - Default Target + listtopic + + + Enable Default Target Plugin + plugin_defaulttarget + Redirect unknown calls to a specified target. + checkbox + + + Log redirected calls + plugin_defaulttarget_log + Log redirected calls. + checkbox + + + Default Target + plugin_defaulttarget_target + Target must be a full SIP URI with the syntax sip:user@host[:port] + input + + + Plugin Settings - Bogus VIA Networks + listtopic + + + Enable Fix Bogus Via Networks Plugin + plugin_fix_bogus_via + Incoming (from public network) SIP messages are checked for broken SIP Via headers. If the IP address in the latest Via Header is part of the list below, it will be replaced by the IP where the SIP message has been received from. + checkbox + + + Bogus Via Networks + plugin_fix_bogus_via_networks + Comma separated list of networks which should have their via headers rewritten. Example: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 + input + + + Plugin Settings - STUN + listtopic + + + Enable STUN Plugin + plugin_stun + Uses an external STUN server to determine the public IP address of siproxd. Useful for "in-front-of-NAT-router" scenarios. + checkbox + + + STUN Hostname + plugin_stun_server + External STUN server hostname. + input + + + STUN Port + plugin_stun_port + External STUN server port. + input + + + STUN Period + plugin_stun_period + Period in seconds to request IP info from STUN server. + input + + + Debug Options + listtopic + + + Debug Level + debug_level + select + 1 + + + + + + + + + + + + + + + + + + + + + TCP Debug Port + debug_port + You may connect to this port from a remote machine and receive debug output. This allows better creation of debug output on embedded systems that do not have enough memory for large disk files. Port number 0 means this feature is disabled. + input + + + + + + sync_package_siproxd(); + + + sync_package_siproxd(); + + siproxd_generate_rules + + validate_form_siproxd($_POST, $input_errors); + +
diff --git a/config/siproxd/siproxd_registered_phones.php b/config/siproxd/siproxd_registered_phones.php new file mode 100644 index 00000000..a8789d7f --- /dev/null +++ b/config/siproxd/siproxd_registered_phones.php @@ -0,0 +1,163 @@ + + + + + +
+ + + + + + + + + + +
+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Real PhoneNAT AddressRegistered With 
TypeUserHostPort TypeUserHostPort TypeUserHostPort Expires
No Phone Data Found
No Active Phones
   
+
+
+ + + + diff --git a/config/siproxd/siproxdusers.xml b/config/siproxd/siproxdusers.xml new file mode 100644 index 00000000..4ed4abc7 --- /dev/null +++ b/config/siproxd/siproxdusers.xml @@ -0,0 +1,104 @@ + + + + + + . + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. + siproxdusers + 0.5.9 + siproxd: Users + /usr/local/pkg/siproxd.inc + + + Settings + /pkg_edit.php?xml=siproxd.xml&id=0 + + + Users + /pkg.php?xml=siproxdusers.xml + + + + Registered Phones + /siproxd_registered_phones.php + + + installedpackages->package->$packagename->configuration->settings + + + Username + username + + + Description + description + + + + + Username + username + Enter the username here + input + + + Password + password + Enter the password here + password + + + Username Description + description + Enter the description of the user here + input + + + + sync_package_sipproxd_users(); + + + sync_package_sipproxd_users(); + + \ No newline at end of file -- cgit v1.2.3