"") { $rules .= "rdr on {$iface} proto udp from any to !($iface) port {$port} -> 127.0.0.1 port {$port}\n"; } } break; case 'filter': case 'rule': foreach ($ifaces as $iface) { if ($iface <> "") { $rules .= "# allow SIP signaling and RTP traffic\n"; $rules .= "pass in on {$iface} proto udp from any to any port = {$port}\n"; if ($siproxd_conf['rtpenable'] == "1") { $rules .= "pass in on {$iface} proto udp from any to any port {$rtplower}:{$rtpupper}\n"; } } } break; } return $rules; } function siproxd_create_chroot() { $siproxd_chroot = "/var/siproxd/"; safe_mkdir($siproxd_chroot); @chown($siproxd_chroot, "nobody"); @chgrp($siproxd_chroot, "nobody"); } function sync_package_siproxd() { global $config, $pfs_version; conf_mount_rw(); siproxd_create_chroot(); if (is_array($config['installedpackages']['siproxdsettings'])) { $siproxd_conf = &$config['installedpackages']['siproxdsettings']['config'][0]; } else { $siproxd_conf = array(); } $siproxd_conffile = SIPROXD . '/etc/siproxd.conf'; $siproxd_pwfile = SIPROXD . '/etc/siproxd_passwd.cfg'; $siproxd_chroot = "/var/siproxd/"; $pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3); if ($pfs_version == '2.2') { $siproxd_bin = SIPROXD . '/bin/siproxd'; } else { $siproxd_bin = SIPROXD . '/sbin/siproxd'; } $plugindir = SIPROXD . '/lib/siproxd'; $fout = fopen($siproxd_conffile, "w"); fwrite($fout, "# This file was automatically generated by the pfSense\n"); fwrite($fout, "# package management system.\n\n"); /* if proxy is turned off in package settings, stop service, remove rc script and do nothing else */ if ($siproxd_conf['sipenable'] != "on") { fclose($fout); if (is_service_running('siproxd')) { stop_service("siproxd"); sleep(3); } unlink_if_exists(SIPROXD . '/etc/rc.d/siproxd.sh'); return; } if ($siproxd_conf['if_inbound'] != "") { fwrite($fout, "if_inbound = " . convert_friendly_interface_to_real_interface_name($siproxd_conf['if_inbound']) . "\n"); } if ($siproxd_conf['if_outbound'] != "") { fwrite($fout, "if_outbound = " . convert_friendly_interface_to_real_interface_name($siproxd_conf['if_outbound']) . "\n"); } if ($siproxd_conf['port'] != "") { fwrite($fout, "sip_listen_port = " . $siproxd_conf['port'] . "\n"); } else { fwrite($fout, "sip_listen_port = 5060\n"); } fwrite($fout, "daemonize = 1\n"); fwrite($fout, "silence_log = 0\n"); //fwrite($fout, "log_calls = 1\n"); fwrite($fout, "user = nobody\n"); fwrite($fout, "chrootjail = {$siproxd_chroot}\n"); fwrite($fout, "registration_file = siproxd_registrations\n"); fwrite($fout, "autosave_registrations = 10\n"); fwrite($fout, "pid_file = siproxd.pid\n"); if ($siproxd_conf['rtpenable'] != "") { fwrite($fout, "rtp_proxy_enable = " . $siproxd_conf['rtpenable'] . "\n"); } else { fwrite($fout, "rtp_proxy_enable = 1\n"); } if (($siproxd_conf['rtplower'] != "") && ($siproxd_conf['rtpupper'] != "")) { fwrite($fout, "rtp_port_low = " . $siproxd_conf['rtplower'] . "\n"); fwrite($fout, "rtp_port_high = " . $siproxd_conf['rtpupper'] . "\n"); } else { fwrite($fout, "rtp_port_low = 7070\n"); fwrite($fout, "rtp_port_high = 7079\n"); } if ($siproxd_conf['rtptimeout'] != "") { fwrite($fout, "rtp_timeout = " . $siproxd_conf['rtptimeout'] . "\n"); } else { fwrite($fout, "rtp_timeout = 300\n"); } if ($siproxd_conf['defaulttimeout'] != "") { fwrite($fout, "default_expires = " . $siproxd_conf['defaulttimeout'] . "\n"); } else { fwrite($fout, "default_expires = 600\n"); } if ($siproxd_conf['authentication']) { fwrite($fout, "proxy_auth_realm = Authentication_Realm\n"); fwrite($fout, "proxy_auth_pwfile = {$siproxd_pwfile}\n"); } if ($siproxd_conf['debug_level'] != "") { fwrite($fout, "debug_level = " . $siproxd_conf['debug_level'] . "\n"); } else { fwrite($fout, "debug_level = 0x00000000\n"); } if ($siproxd_conf['debug_port'] != "") { fwrite($fout, "debug_port = " . $siproxd_conf['debug_port'] . "\n"); } if ($siproxd_conf['outboundproxyhost'] != "") { if ($siproxd_conf['outboundproxyport'] != "") { fwrite($fout, "outbound_proxy_host = " . $siproxd_conf['outboundproxyhost'] . "\n"); fwrite($fout, "outbound_proxy_port = " . $siproxd_conf['outboundproxyport'] . "\n"); } } if ($siproxd_conf['expeditedforwarding'] != "") { fwrite($fout, "rtp_dscp = 46\n"); } if ($siproxd_conf['expeditedsipforwarding'] != "") { fwrite($fout, "sip_dscp = 26\n"); } if ($siproxd_conf['rtp_input_dejitter'] != "") { fwrite($fout, "rtp_input_dejitter = " . $siproxd_conf['rtp_input_dejitter'] . "\n"); } if ($siproxd_conf['rtp_output_dejitter'] != "") { fwrite($fout, "rtp_output_dejitter = " . $siproxd_conf['rtp_output_dejitter'] . "\n"); } if ($siproxd_conf['tcp_timeout'] != "") { fwrite($fout, "tcp_timeout = " . $siproxd_conf['tcp_timeout'] . "\n"); } if ($siproxd_conf['tcp_connect_timeout'] != "") { fwrite($fout, "tcp_connect_timeout = " . $siproxd_conf['tcp_connect_timeout'] . "\n"); } if ($siproxd_conf['tcp_keepalive'] != "") { fwrite($fout, "tcp_keepalive = " . $siproxd_conf['tcp_keepalive'] . "\n"); } fwrite($fout, "plugindir={$plugindir}\n"); fwrite($fout, "load_plugin=plugin_logcall.la\n"); if ($siproxd_conf['plugin_defaulttarget'] != "") { fwrite($fout, "load_plugin=plugin_defaulttarget.la\n"); } if (($siproxd_conf['plugin_defaulttarget'] != "") && ($siproxd_conf['plugin_defaulttarget_log'] != "")) { fwrite($fout, "plugin_defaulttarget_log = 1\n"); } if (($siproxd_conf['plugin_defaulttarget'] != "") && ($siproxd_conf['plugin_defaulttarget_target'] != "")) { fwrite($fout, "plugin_defaulttarget_target = " . $siproxd_conf['plugin_defaulttarget_target'] . "\n"); } if ($siproxd_conf['plugin_fix_bogus_via'] != "") { fwrite($fout, "load_plugin=plugin_fix_bogus_via.la\n"); } if (($siproxd_conf['plugin_fix_bogus_via'] != "") && ($siproxd_conf['plugin_fix_bogus_via_networks'] != "")) { fwrite($fout, "plugin_fix_bogus_via_networks = " . $siproxd_conf['plugin_fix_bogus_via_networks'] . "\n"); } if ($siproxd_conf['plugin_stun'] != "") { fwrite($fout, "load_plugin=plugin_stun.la\n"); } if (($siproxd_conf['plugin_stun'] != "") && ($siproxd_conf['plugin_stun_server'] != "")) { fwrite($fout, "plugin_stun_server = " . $siproxd_conf['plugin_stun_server'] . "\n"); } if (($siproxd_conf['plugin_stun'] != "") && ($siproxd_conf['plugin_stun_port'] != "")) { fwrite($fout, "plugin_stun_port = " . $siproxd_conf['plugin_stun_port'] . "\n"); } if (($siproxd_conf['plugin_stun'] != "") && ($siproxd_conf['plugin_stun_period'] != "")) { fwrite($fout, "plugin_stun_period = " . $siproxd_conf['plugin_stun_period'] . "\n"); } fclose($fout); write_rcfile(array( "file" => "siproxd.sh", "start" => "{$siproxd_bin} -c {$siproxd_conffile} &", "stop" => "/usr/bin/killall -9 siproxd" ) ); if (is_service_running('siproxd')) { stop_service("siproxd"); sleep(3); } /* Only (re)start the service when siproxd is enabled */ if ($siproxd_conf['sipenable'] == "on") { start_service("siproxd"); sleep(3); } filter_configure(); conf_mount_ro(); } function validate_form_siproxd($post, &$input_errors) { if ($post['port'] && !is_port($post['port'])) { $input_errors[] = 'Invalid port entered for "Listening Port"'; } if ($post['rtplower'] && !is_port($post['rtplower'])) { $input_errors[] = 'Invalid port entered for "RTP port range (lower)".'; } if ($post['rtpupper'] && !is_port($post['rtpupper'])) { $input_errors[] = 'Invalid port entered for "RTP port range (upper)".'; } if ($post['rtplower'] && $post['rtpupper'] && ($post['rtplower'] >= $post['rtpupper'])) { $input_errors[] = 'RTP lower port cannot be equal to or higher than the RTP upper port.'; } if ($post['rtptimeout'] && (!is_numeric($post['rtptimeout']) || ($post['rtptimeout'] < 0))) { $input_errors[] = '"RTP stream timeout" must be numeric and greater than 0.'; } if ($post['defaulttimeout'] && (!is_numeric($post['defaulttimeout']) || ($post['defaulttimeout'] < 0))) { $input_errors[] = '"Default expiration timeout" must be numeric and greater than 0.'; } if ($post['outboundproxyhost'] && (!is_hostname($post['outboundproxyhost']) && !is_ipaddr($post['outboundproxyhost']))) { $input_errors[] = 'Invalid hostname or IP address entered for "Outbound Proxy Host".'; } if ($post['outboundproxyport'] && !is_port($post['outboundproxyport'])) { $input_errors[] = 'Invalid port entered for "Outbound Proxy Port".'; } if ($post['rtp_input_dejitter'] && (!is_numeric($post['rtp_input_dejitter']) || ($post['rtp_input_dejitter'] < 0))) { $input_errors[] = '"Input Dejitter" must be numeric and greater than 0.'; } if ($post['rtp_output_dejitter'] && (!is_numeric($post['rtp_output_dejitter']) || ($post['rtp_output_dejitter'] < 0))) { $input_errors[] = '"Output Dejitter" must be numeric and greater than 0.'; } if ($post['tcp_timeout'] && (!is_numeric($post['tcp_timeout']) || ($post['tcp_timeout'] < 0))) { $input_errors[] = '"TCP inactivity timeout" must be numeric and greater than 0.'; } if ($post['tcp_connect_timeout'] && (!is_numeric($post['tcp_connect_timeout']) || ($post['tcp_connect_timeout'] < 0))) { $input_errors[] = '"TCP Connect Timeout" must be numeric and greater than 0.'; } if ($post['tcp_keepalive'] && (!is_numeric($post['tcp_keepalive']) || ($post['tcp_keepalive'] < 0))) { $input_errors[] = '"TCP Keepalive" must be numeric and greater than 0.'; } if ($post['plugin_stun_server'] && (!is_hostname($post['plugin_stun_server']) && !is_ipaddr($post['plugin_stun_server']))) { $input_errors[] = 'Invalid hostname or IP address entered for "STUN Server".'; } if ($post['plugin_stun_port'] && !is_port($post['plugin_stun_port'])) { $input_errors[] = 'Invalid port entered for "STUN Port".'; } if ($post['plugin_stun_period'] && (!is_numeric($post['plugin_stun_period']) || ($post['plugin_stun_period'] < 0))) { $input_errors[] = '"STUN Period" must be numeric and greater than 0.'; } } ?>