1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
|
#!/usr/bin/python
import optparse
import socket
import urlparse # Python 2.7 required for Literal IPv6 Addresses
import astdicts
import astconfigparser
PREFIX = 'pjsip_'
###############################################################################
### some utility functions
###############################################################################
def section_by_type(section, pjsip, type):
"""Finds a section based upon the given type, adding it if not found."""
def __find_dict(mdicts, key, val):
"""Given a list of multi-dicts, return the multi-dict that contains
the given key/value pair."""
def found(d):
return key in d and val in d[key]
try:
return [d for d in mdicts if found(d)][0]
except IndexError:
raise LookupError("Dictionary not located for key = %s, value = %s"
% (key, val))
try:
return __find_dict(pjsip.section(section), 'type', type)
except LookupError:
# section for type doesn't exist, so add
sect = pjsip.add_section(section)
sect['type'] = type
return sect
def set_value(key=None, val=None, section=None, pjsip=None,
nmapped=None, type='endpoint'):
"""Sets the key to the value within the section in pjsip.conf"""
def _set_value(k, v, s, r, n):
set_value(key if key else k, v, s, r, n, type)
# if no value or section return the set_value
# function with the enclosed key and type
if not val and not section:
return _set_value
# otherwise try to set the value
section_by_type(section, pjsip, type)[key] = \
val[0] if isinstance(val, list) else val
def merge_value(key=None, val=None, section=None, pjsip=None,
nmapped=None, type='endpoint', section_to=None,
key_to=None):
"""Merge values from the given section with those from the default."""
def _merge_value(k, v, s, r, n):
merge_value(key if key else k, v, s, r, n, type, section_to, key_to)
# if no value or section return the merge_value
# function with the enclosed key and type
if not val and not section:
return _merge_value
# should return a single value section list
try:
sect = sip.section(section)[0]
except LookupError:
sect = sip.default(section)[0]
# for each merged value add it to pjsip.conf
for i in sect.get_merged(key):
set_value(key_to if key_to else key, i,
section_to if section_to else section,
pjsip, nmapped, type)
def non_mapped(nmapped):
"""Write non-mapped sip.conf values to the non-mapped object"""
def _non_mapped(section, key, val):
"""Writes a non-mapped value from sip.conf to the non-mapped object."""
if section not in nmapped:
nmapped[section] = astconfigparser.Section()
if isinstance(val, list):
for v in val:
# since coming from sip.conf we can assume
# single section lists
nmapped[section][0][key] = v
else:
nmapped[section][0][key] = val
return _non_mapped
###############################################################################
### mapping functions -
### define f(key, val, section) where key/val are the key/value pair to
### write to given section in pjsip.conf
###############################################################################
def set_dtmfmode(key, val, section, pjsip, nmapped):
"""
Sets the dtmfmode value. If value matches allowable option in pjsip
then map it, otherwise set it to none.
"""
key = 'dtmf_mode'
# available pjsip.conf values: rfc4733, inband, info, none
if val == 'inband' or val == 'info':
set_value(key, val, section, pjsip, nmapped)
elif val == 'rfc2833':
set_value(key, 'rfc4733', section, pjsip, nmapped)
else:
nmapped(section, key, val + " ; did not fully map - set to none")
set_value(key, 'none', section, pjsip, nmapped)
def setup_udptl(section, pjsip, nmapped):
"""Sets values from udptl into the appropriate pjsip.conf options."""
try:
val = sip.get(section, 't38pt_udptl')[0]
except LookupError:
try:
val = sip.get('general', 't38pt_udptl')[0]
except LookupError:
return
ec = 'none'
if 'yes' in val:
set_value('t38_udptl', 'yes', section, pjsip, nmapped)
if 'no' in val:
set_value('t38_udptl', 'no', section, pjsip, nmapped)
if 'redundancy' in val:
ec = 'redundancy'
if 'fec' in val:
ec = 'fec'
set_value('t38_udptl_ec', ec, section, pjsip, nmapped)
def from_nat(key, val, section, pjsip, nmapped):
"""Sets values from nat into the appropriate pjsip.conf options."""
# nat from sip.conf can be comma separated list of values:
# yes/no, [auto_]force_rport, [auto_]comedia
if 'yes' in val:
set_value('rtp_symmetric', 'yes', section, pjsip, nmapped)
set_value('rewrite_contact', 'yes', section, pjsip, nmapped)
if 'comedia' in val:
set_value('rtp_symmetric', 'yes', section, pjsip, nmapped)
if 'force_rport' in val:
set_value('force_rport', 'yes', section, pjsip, nmapped)
set_value('rewrite_contact', 'yes', section, pjsip, nmapped)
def set_timers(key, val, section, pjsip, nmapped):
"""
Sets the timers in pjsip.conf from the session-timers option
found in sip.conf.
"""
# pjsip.conf values can be yes/no, required, always
# 'required' is a new feature of chan_pjsip, which rejects
# all SIP clients not supporting Session Timers
# 'Accept' is the default value of chan_sip and maps to 'yes'
# chan_sip ignores the case, for example 'session-timers=Refuse'
val = val.lower()
if val == 'originate':
set_value('timers', 'always', section, pjsip, nmapped)
elif val == 'refuse':
set_value('timers', 'no', section, pjsip, nmapped)
else:
set_value('timers', 'yes', section, pjsip, nmapped)
def set_direct_media(key, val, section, pjsip, nmapped):
"""
Maps values from the sip.conf comma separated direct_media option
into pjsip.conf direct_media options.
"""
if 'yes' in val:
set_value('direct_media', 'yes', section, pjsip, nmapped)
if 'update' in val:
set_value('direct_media_method', 'update', section, pjsip, nmapped)
if 'outgoing' in val:
set_value('directed_media_glare_mitigation', 'outgoing', section,
pjsip, nmapped)
if 'nonat' in val:
set_value('disable_directed_media_on_nat', 'yes', section, pjsip,
nmapped)
if 'no' in val:
set_value('direct_media', 'no', section, pjsip, nmapped)
def from_sendrpid(key, val, section, pjsip, nmapped):
"""Sets the send_rpid/pai values in pjsip.conf."""
if val == 'yes' or val == 'rpid':
set_value('send_rpid', 'yes', section, pjsip, nmapped)
elif val == 'pai':
set_value('send_pai', 'yes', section, pjsip, nmapped)
def set_media_encryption(key, val, section, pjsip, nmapped):
"""Sets the media_encryption value in pjsip.conf"""
try:
dtls = sip.get(section, 'dtlsenable')[0]
if dtls == 'yes':
# If DTLS is enabled, then that overrides SDES encryption.
return
except LookupError:
pass
if val == 'yes':
set_value('media_encryption', 'sdes', section, pjsip, nmapped)
def from_recordfeature(key, val, section, pjsip, nmapped):
"""
If record on/off feature is set to automixmon then set
one_touch_recording, otherwise it can't be mapped.
"""
set_value('one_touch_recording', 'yes', section, pjsip, nmapped)
set_value(key, val, section, pjsip, nmapped)
def set_record_on_feature(key, val, section, pjsip, nmapped):
"""Sets the record_on_feature in pjsip.conf"""
from_recordfeature('record_on_feature', val, section, pjsip, nmapped)
def set_record_off_feature(key, val, section, pjsip, nmapped):
"""Sets the record_off_feature in pjsip.conf"""
from_recordfeature('record_off_feature', val, section, pjsip, nmapped)
def from_progressinband(key, val, section, pjsip, nmapped):
"""Sets the inband_progress value in pjsip.conf"""
# progressinband can = yes/no/never
if val == 'never':
val = 'no'
set_value('inband_progress', val, section, pjsip, nmapped)
def build_host(config, host, section='general', port_key=None):
"""
Returns a string composed of a host:port. This assumes that the host
may have a port as part of the initial value. The port_key overrides
a port in host, see parameter 'bindport' in chan_sip.
"""
try:
socket.inet_pton(socket.AF_INET6, host)
if not host.startswith('['):
# SIP URI will need brackets.
host = '[' + host + ']'
except socket.error:
pass
# Literal IPv6 (like [::]), IPv4, or hostname
# does not work for IPv6 without brackets; case catched above
url = urlparse.urlparse('sip://' + host)
if port_key:
try:
port = config.get(section, port_key)[0]
host = url.hostname # no port, but perhaps no brackets
try:
socket.inet_pton(socket.AF_INET6, host)
if not host.startswith('['):
# SIP URI will need brackets.
host = '[' + host + ']'
except socket.error:
pass
return host + ':' + port
except LookupError:
pass
# Returns host:port, in brackets if required
# TODO Does not compress IPv6, for example 0:0:0:0:0:0:0:0 should get [::]
return url.netloc
def from_host(key, val, section, pjsip, nmapped):
"""
Sets contact info in an AOR section in pjsip.conf using 'host'
and 'port' data from sip.conf
"""
# all aors have the same name as the endpoint so makes
# it easy to set endpoint's 'aors' value
set_value('aors', section, section, pjsip, nmapped)
if val == 'dynamic':
# Easy case. Just set the max_contacts on the aor and we're done
set_value('max_contacts', 1, section, pjsip, nmapped, 'aor')
return
result = 'sip:'
# More difficult case. The host will be either a hostname or
# IP address and may or may not have a port specified. pjsip.conf
# expects the contact to be a SIP URI.
user = None
try:
user = sip.multi_get(section, ['defaultuser', 'username'])[0]
result += user + '@'
except LookupError:
# It's fine if there's no user name
pass
result += build_host(sip, val, section, 'port')
set_value('contact', result, section, pjsip, nmapped, 'aor')
def from_mailbox(key, val, section, pjsip, nmapped):
"""
Determines whether a mailbox configured in sip.conf should map to
an endpoint or aor in pjsip.conf. If subscribemwi is true, then the
mailboxes are set on an aor. Otherwise the mailboxes are set on the
endpoint.
"""
try:
subscribemwi = sip.get(section, 'subscribemwi')[0]
except LookupError:
# No subscribemwi option means default it to 'no'
subscribemwi = 'no'
set_value('mailboxes', val, section, pjsip, nmapped, 'aor'
if subscribemwi == 'yes' else 'endpoint')
def setup_auth(key, val, section, pjsip, nmapped):
"""
Sets up authentication information for a specific endpoint based on the
'secret' setting on a peer in sip.conf
"""
set_value('username', section, section, pjsip, nmapped, 'auth')
# In chan_sip, if a secret and an md5secret are both specified on a peer,
# then in practice, only the md5secret is used. If both are encountered
# then we build an auth section that has both an md5_cred and password.
# However, the auth_type will indicate to authenticators to use the
# md5_cred, so like with sip.conf, the password will be there but have
# no purpose.
if key == 'secret':
set_value('password', val, section, pjsip, nmapped, 'auth')
else:
set_value('md5_cred', val, section, pjsip, nmapped, 'auth')
set_value('auth_type', 'md5', section, pjsip, nmapped, 'auth')
realms = [section]
try:
auths = sip.get('authentication', 'auth')
for i in auths:
user, at, realm = i.partition('@')
realms.append(realm)
except LookupError:
pass
realm_str = ','.join(realms)
set_value('auth', section, section, pjsip, nmapped)
set_value('outbound_auth', realm_str, section, pjsip, nmapped)
def setup_ident(key, val, section, pjsip, nmapped):
"""
Examines the 'type' field for a sip.conf peer and creates an identify
section if the type is either 'peer' or 'friend'. The identify section uses
either the host or defaultip field of the sip.conf peer.
"""
if val != 'peer' and val != 'friend':
return
try:
ip = sip.get(section, 'host')[0]
except LookupError:
return
if ip == 'dynamic':
try:
ip = sip.get(section, 'defaultip')[0]
except LookupError:
return
set_value('endpoint', section, section, pjsip, nmapped, 'identify')
set_value('match', ip, section, pjsip, nmapped, 'identify')
def from_encryption_taglen(key, val, section, pjsip, nmapped):
"""Sets the srtp_tag32 option based on sip.conf encryption_taglen"""
if val == '32':
set_value('srtp_tag_32', 'yes', section, pjsip, nmapped)
def from_dtlsenable(key, val, section, pjsip, nmapped):
"""Optionally sets media_encryption=dtls based on sip.conf dtlsenable"""
if val == 'yes':
set_value('media_encryption', 'dtls', section, pjsip, nmapped)
###############################################################################
# options in pjsip.conf on an endpoint that have no sip.conf equivalent:
# type, 100rel, trust_id_outbound, aggregate_mwi,
# connected_line_method
# known sip.conf peer keys that can be mapped to a pjsip.conf section/key
peer_map = [
# sip.conf option mapping function pjsip.conf option(s)
###########################################################################
['context', set_value],
['dtmfmode', set_dtmfmode],
['disallow', merge_value],
['allow', merge_value],
['nat', from_nat], # rtp_symmetric, force_rport,
# rewrite_contact
['rtptimeout', set_value('rtp_timeout')],
['icesupport', set_value('ice_support')],
['autoframing', set_value('use_ptime')],
['outboundproxy', set_value('outbound_proxy')],
['mohsuggest', set_value('moh_suggest')],
['session-timers', set_timers], # timers
['session-minse', set_value('timers_min_se')],
['session-expires', set_value('timers_sess_expires')],
# identify_by ?
['canreinvite', set_direct_media], # direct_media alias
['directmedia', set_direct_media], # direct_media
# direct_media_method
# directed_media_glare_mitigation
# disable_directed_media_on_nat
['callerid', set_value], # callerid
['callingpres', set_value('callerid_privacy')],
['cid_tag', set_value('callerid_tag')],
['trustpid', set_value('trust_id_inbound')],
['sendrpid', from_sendrpid], # send_pai, send_rpid
['send_diversion', set_value],
['encryption', set_media_encryption],
['avpf', set_value('use_avpf')],
['recordonfeature', set_record_on_feature], # automixon
['recordofffeature', set_record_off_feature], # automixon
['progressinband', from_progressinband], # in_band_progress
['callgroup', set_value('call_group')],
['pickupgroup', set_value('pickup_group')],
['namedcallgroup', set_value('named_call_group')],
['namedpickupgroup', set_value('named_pickup_group')],
['allowtransfer', set_value('allow_transfer')],
['fromuser', set_value('from_user')],
['fromdomain', set_value('from_domain')],
['mwifrom', set_value('mwi_from_user')],
['tos_audio', set_value],
['tos_video', set_value],
['cos_audio', set_value],
['cos_video', set_value],
['sdpowner', set_value('sdp_owner')],
['sdpsession', set_value('sdp_session')],
['tonezone', set_value('tone_zone')],
['language', set_value],
['allowsubscribe', set_value('allow_subscribe')],
['subminexpiry', set_value('sub_min_expiry')],
['rtp_engine', set_value],
['mailbox', from_mailbox],
['busylevel', set_value('device_state_busy_at')],
['secret', setup_auth],
['md5secret', setup_auth],
['type', setup_ident],
['dtlsenable', from_dtlsenable],
['dtlsverify', set_value('dtls_verify')],
['dtlsrekey', set_value('dtls_rekey')],
['dtlscertfile', set_value('dtls_cert_file')],
['dtlsprivatekey', set_value('dtls_private_key')],
['dtlscipher', set_value('dtls_cipher')],
['dtlscafile', set_value('dtls_ca_file')],
['dtlscapath', set_value('dtls_ca_path')],
['dtlssetup', set_value('dtls_setup')],
['encryption_taglen', from_encryption_taglen],
############################ maps to an aor ###################################
['host', from_host], # contact, max_contacts
['qualifyfreq', set_value('qualify_frequency', type='aor')],
['maxexpiry', set_value('maximum_expiration', type='aor')],
['minexpiry', set_value('minimum_expiration', type='aor')],
['defaultexpiry', set_value('default_expiration', type='aor')],
############################# maps to auth#####################################
# type = auth
# username
# password
# md5_cred
# realm
# nonce_lifetime
# auth_type
######################### maps to acl/security ################################
['permit', merge_value(type='acl', section_to='acl')],
['deny', merge_value(type='acl', section_to='acl')],
['acl', merge_value(type='acl', section_to='acl')],
['contactpermit', merge_value(type='acl', section_to='acl', key_to='contact_permit')],
['contactdeny', merge_value(type='acl', section_to='acl', key_to='contact_deny')],
['contactacl', merge_value(type='acl', section_to='acl', key_to='contact_acl')],
########################### maps to transport #################################
# type = transport
# protocol
# bind
# async_operations
# ca_list_file
# ca_list_path
# cert_file
# privkey_file
# password
# external_signaling_address - externip & externhost
# external_signaling_port
# external_media_address
# domain
# verify_server
# verify_client
# require_client_cert
# method
# cipher
# localnet
######################### maps to domain_alias ################################
# type = domain_alias
# domain
######################### maps to registration ################################
# type = registration
# server_uri
# client_uri
# contact_user
# transport
# outbound_proxy
# expiration
# retry_interval
# max_retries
# auth_rejection_permanent
# outbound_auth
########################### maps to identify ##################################
# type = identify
# endpoint
# match
]
def split_hostport(addr):
"""
Given an address in the form 'host:port' separate the host and port
components.
Returns a two-tuple of strings, (host, port). If no port is present in the
string, then the port section of the tuple is None.
"""
try:
socket.inet_pton(socket.AF_INET6, addr)
if not addr.startswith('['):
return (addr, None)
except socket.error:
pass
# Literal IPv6 (like [::]), IPv4, or hostname
# does not work for IPv6 without brackets; case catched above
url = urlparse.urlparse('sip://' + addr)
# TODO Does not compress IPv6, for example 0:0:0:0:0:0:0:0 should get [::]
return (url.hostname, url.port)
def set_transport_common(section, sip, pjsip, protocol, nmapped):
"""
sip.conf has several global settings that in pjsip.conf apply to individual
transports. This function adds these global settings to each individual
transport.
The settings included are:
externaddr (or externip)
externhost
externtcpport for TCP
externtlsport for TLS
localnet
tos_sip
cos_sip
"""
try:
extern_addr = sip.multi_get('general', ['externaddr', 'externip',
'externhost'])[0]
host, port = split_hostport(extern_addr)
try:
port = sip.get('general', 'extern' + protocol + 'port')[0]
except LookupError:
pass
set_value('external_media_address', host, section, pjsip,
nmapped, 'transport')
set_value('external_signaling_address', host, section, pjsip,
nmapped, 'transport')
if port:
set_value('external_signaling_port', port, section, pjsip,
nmapped, 'transport')
except LookupError:
pass
try:
merge_value('localnet', sip.get('general', 'localnet')[0], 'general',
pjsip, nmapped, 'transport', section, "local_net")
except LookupError:
# No localnet options configured. Move on.
pass
try:
set_value('tos', sip.get('general', 'tos_sip')[0], section, pjsip,
nmapped, 'transport')
except LookupError:
pass
try:
set_value('cos', sip.get('general', 'cos_sip')[0], section, pjsip,
nmapped, 'transport')
except LookupError:
pass
def get_bind(sip, pjsip, protocol):
"""
Given the protocol (udp, tcp, or tls), return
- the bind address, like [::] or 0.0.0.0
- name of the section to be created
"""
section = 'transport-' + protocol
# UDP cannot be disabled in chan_sip
if protocol != 'udp':
try:
enabled = sip.get('general', protocol + 'enable')[0]
except LookupError:
# No value means disabled by default. Don't create this transport
return (None, section)
if enabled != 'yes':
return (None, section)
try:
bind = pjsip.get(section, 'bind')[0]
# The first run created an transport already but this
# server was not configured for IPv4/IPv6 Dual Stack
return (None, section)
except LookupError:
pass
try:
bind = pjsip.get(section + '6', 'bind')[0]
# The first run created an IPv6 transport, because
# the server was configured with :: as bindaddr.
# Now, re-use its port and create the IPv4 transport
host, port = split_hostport(bind)
bind = '0.0.0.0'
if port:
bind += ':' + str(port)
except LookupError:
# This is the first run, no transport in pjsip exists.
try:
bind = sip.get('general', protocol + 'bindaddr')[0]
except LookupError:
if protocol == 'udp':
try:
bind = sip.get('general', 'bindaddr')[0]
except LookupError:
bind = '0.0.0.0'
else:
try:
bind = pjsip.get('transport-udp6', 'bind')[0]
except LookupError:
bind = pjsip.get('transport-udp', 'bind')[0]
# Only TCP reuses host:port of UDP, others reuse just host
if protocol == 'tls':
bind, port = split_hostport(bind)
host, port = split_hostport(bind)
if host == '::':
section += '6'
if protocol == 'udp':
host = build_host(sip, bind, 'general', 'bindport')
else:
host = build_host(sip, bind)
return (host, section)
def create_udp(sip, pjsip, nmapped):
"""
Creates a 'transport-udp' section in the pjsip.conf file based
on the following settings from sip.conf:
bindaddr (or udpbindaddr)
bindport
"""
protocol = 'udp'
bind, section = get_bind(sip, pjsip, protocol)
set_value('protocol', protocol, section, pjsip, nmapped, 'transport')
set_value('bind', bind, section, pjsip, nmapped, 'transport')
set_transport_common(section, sip, pjsip, protocol, nmapped)
def create_tcp(sip, pjsip, nmapped):
"""
Creates a 'transport-tcp' section in the pjsip.conf file based
on the following settings from sip.conf:
tcpenable
tcpbindaddr (or bindaddr)
"""
protocol = 'tcp'
bind, section = get_bind(sip, pjsip, protocol)
if not bind:
return
set_value('protocol', protocol, section, pjsip, nmapped, 'transport')
set_value('bind', bind, section, pjsip, nmapped, 'transport')
set_transport_common(section, sip, pjsip, protocol, nmapped)
def set_tls_cert_file(val, pjsip, section, nmapped):
"""Sets cert_file based on sip.conf tlscertfile"""
set_value('cert_file', val, section, pjsip, nmapped,
'transport')
def set_tls_private_key(val, pjsip, section, nmapped):
"""Sets privkey_file based on sip.conf tlsprivatekey or sslprivatekey"""
set_value('priv_key_file', val, section, pjsip, nmapped,
'transport')
def set_tls_cipher(val, pjsip, section, nmapped):
"""Sets cipher based on sip.conf tlscipher or sslcipher"""
set_value('cipher', val, section, pjsip, nmapped, 'transport')
def set_tls_cafile(val, pjsip, section, nmapped):
"""Sets ca_list_file based on sip.conf tlscafile"""
set_value('ca_list_file', val, section, pjsip, nmapped,
'transport')
def set_tls_capath(val, pjsip, section, nmapped):
"""Sets ca_list_path based on sip.conf tlscapath"""
set_value('ca_list_path', val, section, pjsip, nmapped,
'transport')
def set_tls_verifyclient(val, pjsip, section, nmapped):
"""Sets verify_client based on sip.conf tlsverifyclient"""
set_value('verify_client', val, section, pjsip, nmapped,
'transport')
def set_tls_verifyserver(val, pjsip, section, nmapped):
"""Sets verify_server based on sip.conf tlsdontverifyserver"""
if val == 'no':
set_value('verify_server', 'yes', section, pjsip, nmapped,
'transport')
else:
set_value('verify_server', 'no', section, pjsip, nmapped,
'transport')
def create_tls(sip, pjsip, nmapped):
"""
Creates a 'transport-tls' section in pjsip.conf based on the following
settings from sip.conf:
tlsenable (or sslenable)
tlsbindaddr (or sslbindaddr or bindaddr)
tlsprivatekey (or sslprivatekey)
tlscipher (or sslcipher)
tlscafile
tlscapath (or tlscadir)
tlscertfile (or sslcert or tlscert)
tlsverifyclient
tlsdontverifyserver
tlsclientmethod (or sslclientmethod)
"""
protocol = 'tls'
bind, section = get_bind(sip, pjsip, protocol)
if not bind:
return
set_value('protocol', protocol, section, pjsip, nmapped, 'transport')
set_value('bind', bind, section, pjsip, nmapped, 'transport')
set_transport_common(section, sip, pjsip, protocol, nmapped)
tls_map = [
(['tlscertfile', 'sslcert', 'tlscert'], set_tls_cert_file),
(['tlsprivatekey', 'sslprivatekey'], set_tls_private_key),
(['tlscipher', 'sslcipher'], set_tls_cipher),
(['tlscafile'], set_tls_cafile),
(['tlscapath', 'tlscadir'], set_tls_capath),
(['tlsverifyclient'], set_tls_verifyclient),
(['tlsdontverifyserver'], set_tls_verifyserver)
]
for i in tls_map:
try:
i[1](sip.multi_get('general', i[0])[0], pjsip, section, nmapped)
except LookupError:
pass
try:
method = sip.multi_get('general', ['tlsclientmethod',
'sslclientmethod'])[0]
if section != 'transport-' + protocol + '6': # print only once
print 'In chan_sip, you specified the TLS version. With chan_sip,' \
' this was just for outbound client connections. In' \
' chan_pjsip, this value is for client and server. Instead,' \
' consider not to specify \'tlsclientmethod\' for chan_sip' \
' and \'method = sslv23\' for chan_pjsip.'
except LookupError:
"""
OpenSSL emerged during the 90s. SSLv2 and SSLv3 were the only
existing methods at that time. The OpenSSL project continued. And as
of today (OpenSSL 1.0.2) this does not start SSLv2 and SSLv3 anymore
but TLSv1.0 and v1.2. Or stated differently: This method should
have been called 'method = secure' or 'method = automatic' back in
the 90s. The PJProject did not realize this and uses 'tlsv1' as
default when unspecified, which disables TLSv1.2. chan_sip used
'sslv23' as default when unspecified, which gives TLSv1.0 and v1.2.
"""
method = 'sslv23'
set_value('method', method, section, pjsip, nmapped, 'transport')
def map_transports(sip, pjsip, nmapped):
"""
Finds options in sip.conf general section pertaining to
transport configuration and creates appropriate transport
configuration sections in pjsip.conf.
sip.conf only allows a single UDP transport, TCP transport,
and TLS transport for each IP version. As such, the mapping
into PJSIP can be made consistent by defining six sections:
transport-udp6
transport-udp
transport-tcp6
transport-tcp
transport-tls6
transport-tls
To accommodate the default behaviors in sip.conf, we'll need to
create the UDP transports first, followed by the TCP and TLS transports.
"""
# First create a UDP transport. Even if no bind parameters were provided
# in sip.conf, chan_sip would always bind to UDP 0.0.0.0:5060
create_udp(sip, pjsip, nmapped)
create_udp(sip, pjsip, nmapped)
# TCP settings may be dependent on UDP settings, so do it second.
create_tcp(sip, pjsip, nmapped)
create_tcp(sip, pjsip, nmapped)
create_tls(sip, pjsip, nmapped)
create_tls(sip, pjsip, nmapped)
def map_auth(sip, pjsip, nmapped):
"""
Creates auth sections based on entries in the authentication section of
sip.conf. pjsip.conf section names consist of "auth_" followed by the name
of the realm.
"""
try:
auths = sip.get('authentication', 'auth')
except LookupError:
return
for i in auths:
creds, at, realm = i.partition('@')
if not at and not realm:
# Invalid. Move on
continue
user, colon, secret = creds.partition(':')
if not secret:
user, sharp, md5 = creds.partition('#')
if not md5:
#Invalid. move on
continue
section = "auth_" + realm
set_value('realm', realm, section, pjsip, nmapped, 'auth')
set_value('username', user, section, pjsip, nmapped, 'auth')
if secret:
set_value('password', secret, section, pjsip, nmapped, 'auth')
else:
set_value('md5_cred', md5, section, pjsip, nmapped, 'auth')
set_value('auth_type', 'md5', section, pjsip, nmapped, 'auth')
class Registration:
"""
Class for parsing and storing information in a register line in sip.conf.
"""
def __init__(self, line, retry_interval, max_attempts, outbound_proxy):
self.retry_interval = retry_interval
self.max_attempts = max_attempts
self.outbound_proxy = outbound_proxy
self.parse(line)
def parse(self, line):
"""
Initial parsing routine for register lines in sip.conf.
This splits the line into the part before the host, and the part
after the '@' symbol. These two parts are then passed to their
own parsing routines
"""
# register =>
# [peer?][transport://]user[@domain][:secret[:authuser]]@host[:port][/extension][~expiry]
prehost, at, host_part = line.rpartition('@')
if not prehost:
raise
self.parse_host_part(host_part)
self.parse_user_part(prehost)
def parse_host_part(self, host_part):
"""
Parsing routine for the part after the final '@' in a register line.
The strategy is to use partition calls to peel away the data starting
from the right and working to the left.
"""
pre_expiry, sep, expiry = host_part.partition('~')
pre_extension, sep, self.extension = pre_expiry.partition('/')
self.host, sep, self.port = pre_extension.partition(':')
self.expiry = expiry if expiry else '120'
def parse_user_part(self, user_part):
"""
Parsing routine for the part before the final '@' in a register line.
The only mandatory part of this line is the user portion. The strategy
here is to start by using partition calls to remove everything to
the right of the user, then finish by using rpartition calls to remove
everything to the left of the user.
"""
self.peer = ''
self.protocol = 'udp'
protocols = ['udp', 'tcp', 'tls']
for protocol in protocols:
position = user_part.find(protocol + '://')
if -1 < position:
post_transport = user_part[position + 6:]
self.peer, sep, self.protocol = user_part[:position + 3].rpartition('?')
user_part = post_transport
break
colons = user_part.count(':')
if (colons == 3):
# :domainport:secret:authuser
pre_auth, sep, port_auth = user_part.partition(':')
self.domainport, sep, auth = port_auth.partition(':')
self.secret, sep, self.authuser = auth.partition(':')
elif (colons == 2):
# :secret:authuser
pre_auth, sep, auth = user_part.partition(':')
self.secret, sep, self.authuser = auth.partition(':')
elif (colons == 1):
# :secret
pre_auth, sep, self.secret = user_part.partition(':')
elif (colons == 0):
# No port, secret, or authuser
pre_auth = user_part
else:
# Invalid setting
raise
self.user, sep, self.domain = pre_auth.partition('@')
def write(self, pjsip, nmapped):
"""
Write parsed registration data into a section in pjsip.conf
Most of the data in self will get written to a registration section.
However, there will also need to be an auth section created if a
secret or authuser is present.
General mapping of values:
A combination of self.host and self.port is server_uri
A combination of self.user, self.domain, and self.domainport is
client_uri
self.expiry is expiration
self.extension is contact_user
self.protocol will map to one of the mapped transports
self.secret and self.authuser will result in a new auth section, and
outbound_auth will point to that section.
XXX self.peer really doesn't map to anything :(
"""
section = 'reg_' + self.host
set_value('retry_interval', self.retry_interval, section, pjsip,
nmapped, 'registration')
set_value('max_retries', self.max_attempts, section, pjsip, nmapped,
'registration')
if self.extension:
set_value('contact_user', self.extension, section, pjsip, nmapped,
'registration')
set_value('expiration', self.expiry, section, pjsip, nmapped,
'registration')
if self.protocol == 'udp':
set_value('transport', 'transport-udp', section, pjsip, nmapped,
'registration')
elif self.protocol == 'tcp':
set_value('transport', 'transport-tcp', section, pjsip, nmapped,
'registration')
elif self.protocol == 'tls':
set_value('transport', 'transport-tls', section, pjsip, nmapped,
'registration')
auth_section = 'auth_reg_' + self.host
if hasattr(self, 'secret') and self.secret:
set_value('password', self.secret, auth_section, pjsip, nmapped,
'auth')
set_value('username', self.authuser if hasattr(self, 'authuser')
else self.user, auth_section, pjsip, nmapped, 'auth')
set_value('outbound_auth', auth_section, section, pjsip, nmapped,
'registration')
client_uri = "sip:%s@" % self.user
if self.domain:
client_uri += self.domain
else:
client_uri += self.host
if hasattr(self, 'domainport') and self.domainport:
client_uri += ":" + self.domainport
elif self.port:
client_uri += ":" + self.port
set_value('client_uri', client_uri, section, pjsip, nmapped,
'registration')
server_uri = "sip:%s" % self.host
if self.port:
server_uri += ":" + self.port
set_value('server_uri', server_uri, section, pjsip, nmapped,
'registration')
if self.outbound_proxy:
set_value('outboundproxy', self.outbound_proxy, section, pjsip,
nmapped, 'registration')
def map_registrations(sip, pjsip, nmapped):
"""
Gathers all necessary outbound registration data in sip.conf and creates
corresponding registration sections in pjsip.conf
"""
try:
regs = sip.get('general', 'register')
except LookupError:
return
try:
retry_interval = sip.get('general', 'registertimeout')[0]
except LookupError:
retry_interval = '20'
try:
max_attempts = sip.get('general', 'registerattempts')[0]
except LookupError:
max_attempts = '10'
try:
outbound_proxy = sip.get('general', 'outboundproxy')[0]
except LookupError:
outbound_proxy = ''
for i in regs:
reg = Registration(i, retry_interval, max_attempts, outbound_proxy)
reg.write(pjsip, nmapped)
def map_peer(sip, section, pjsip, nmapped):
"""
Map the options from a peer section in sip.conf into the appropriate
sections in pjsip.conf
"""
for i in peer_map:
try:
# coming from sip.conf the values should mostly be a list with a
# single value. In the few cases that they are not a specialized
# function (see merge_value) is used to retrieve the values.
i[1](i[0], sip.get(section, i[0])[0], section, pjsip, nmapped)
except LookupError:
pass # key not found in sip.conf
setup_udptl(section, pjsip, nmapped)
def find_non_mapped(sections, nmapped):
"""
Determine sip.conf options that were not properly mapped to pjsip.conf
options.
"""
for section, sect in sections.iteritems():
try:
# since we are pulling from sip.conf this should always
# be a single value list
sect = sect[0]
# loop through the section and store any values that were not
# mapped
for key in sect.keys(True):
for i in peer_map:
if i[0] == key:
break
else:
nmapped(section, key, sect[key])
except LookupError:
pass
def map_system(sip, pjsip, nmapped):
section = 'system' # Just a label; you as user can change that
type = 'system' # Not a label, therefore not the same as section
try:
user_agent = sip.get('general', 'useragent')[0]
set_value('user_agent', user_agent, 'global', pjsip, nmapped, 'global')
except LookupError:
pass
try:
sipdebug = sip.get('general', 'sipdebug')[0]
set_value('debug', sipdebug, 'global', pjsip, nmapped, 'global')
except LookupError:
pass
try:
useroption_parsing = sip.get('general', 'legacy_useroption_parsing')[0]
set_value('ignore_uri_user_options', useroption_parsing, 'global', pjsip, nmapped, 'global')
except LookupError:
pass
try:
timer_t1 = sip.get('general', 'timert1')[0]
set_value('timer_t1', timer_t1, section, pjsip, nmapped, type)
except LookupError:
pass
try:
timer_b = sip.get('general', 'timerb')[0]
set_value('timer_b', timer_b, section, pjsip, nmapped, type)
except LookupError:
pass
try:
compact_headers = sip.get('general', 'compactheaders')[0]
set_value('compact_headers', compact_headers, section, pjsip, nmapped, type)
except LookupError:
pass
def convert(sip, filename, non_mappings, include):
"""
Entry point for configuration file conversion. This
function will create a pjsip.conf object and begin to
map specific sections from sip.conf into it.
Returns the new pjsip.conf object once completed
"""
pjsip = astconfigparser.MultiOrderedConfigParser()
non_mappings[filename] = astdicts.MultiOrderedDict()
nmapped = non_mapped(non_mappings[filename])
if not include:
# Don't duplicate transport and registration configs
map_system(sip, pjsip, nmapped)
map_transports(sip, pjsip, nmapped)
map_registrations(sip, pjsip, nmapped)
map_auth(sip, pjsip, nmapped)
for section in sip.sections():
if section == 'authentication':
pass
else:
map_peer(sip, section, pjsip, nmapped)
find_non_mapped(sip.defaults(), nmapped)
find_non_mapped(sip.sections(), nmapped)
for key, val in sip.includes().iteritems():
pjsip.add_include(PREFIX + key, convert(val, PREFIX + key,
non_mappings, True)[0])
return pjsip, non_mappings
def write_pjsip(filename, pjsip, non_mappings):
"""
Write pjsip.conf file to disk
"""
try:
with open(filename, 'wt') as fp:
fp.write(';--\n')
fp.write(';;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;\n')
fp.write('Non mapped elements start\n')
fp.write(';;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;\n\n')
astconfigparser.write_dicts(fp, non_mappings[filename])
fp.write(';;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;\n')
fp.write('Non mapped elements end\n')
fp.write(';;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;\n')
fp.write('--;\n\n')
# write out include file(s)
pjsip.write(fp)
except IOError:
print "Could not open file ", filename, " for writing"
###############################################################################
def cli_options():
"""
Parse command line options and apply them. If invalid input is given,
print usage information
"""
global PREFIX
usage = "usage: %prog [options] [input-file [output-file]]\n\n" \
"Converts the chan_sip configuration input-file to the chan_pjsip output-file.\n" \
"The input-file defaults to 'sip.conf'.\n" \
"The output-file defaults to 'pjsip.conf'."
parser = optparse.OptionParser(usage=usage)
parser.add_option('-p', '--prefix', dest='prefix', default=PREFIX,
help='output prefix for include files')
options, args = parser.parse_args()
PREFIX = options.prefix
sip_filename = args[0] if len(args) else 'sip.conf'
pjsip_filename = args[1] if len(args) == 2 else 'pjsip.conf'
return sip_filename, pjsip_filename
if __name__ == "__main__":
sip_filename, pjsip_filename = cli_options()
# configuration parser for sip.conf
sip = astconfigparser.MultiOrderedConfigParser()
print 'Please, report any issue at:'
print ' https://issues.asterisk.org/'
print 'Reading', sip_filename
sip.read(sip_filename)
print 'Converting to PJSIP...'
pjsip, non_mappings = convert(sip, pjsip_filename, dict(), False)
print 'Writing', pjsip_filename
write_pjsip(pjsip_filename, pjsip, non_mappings)
|
