一般的sip网关同时具有信令和媒体处理的能力，如下图。 但是也有信令和媒体分开的网关。在和网关信令交互过程中，网关会将媒体地址放到sdp中。 难点就来了，在nat存在的场景下，你并不知道sdp里的媒体地址是否是真实的地址。 那么你就要选择，是相信sdp中的媒体地址，还是把sip信令的源ip作为媒体地址呢？

1. 简介 媒体协商用来交换呼叫双方的媒体能力。如 支持的编码类型有哪些 采样频率是多少 媒体端口，ip 信息 … 媒体协商使用的是请求和应答模型。即一方向另一方发送含有 sdp 信息的消息，然后另一方更具对方提供的编码以及自己支持的编码，如果协商成功，则将协商后的消息 sdp 再次发送给对方。 2. 常见的几个协商方式 2.1 在 INVITE 中 offer 2.2 在 200 OK 中 offer 2.3 在 UPDATE 中 offer 2.4 在 PRACK 中 offer 3. 常见的几个问题 一般呼叫到中继测时，中继回的 183 信令是会携带 sdp 信息的 一般打到分机时，分机回的 180 信令是没有 sdp 信息的 不要先入为主的认为，某些请求一定带有 sdp，某些请求一定没有 sdp。而应当去测试请求或者响应消息上有没有携带 sdp 信息。 携带 sdp 信息的 sip 消息会出现下面的头 Content-Type: application/sdp

Decode As Udp wireshark 有时候并不能把udp包识别为rtp包，所以这边可能需要手动设置解码方式

opensips 1.x 使用各种flag去设置一个呼叫是否需要记录。从opensips 2.2开始，不再使用flag的方式，而使用 do_accounting() 函数去标记是否需要记录呼叫。 注意 do_accounting()函数并不是收到SIP消息后立即写呼叫记录，也仅仅是做一个标记。实际的写数据库或者写日志发生在事务或者dialog完成的时候。

# # this example shows how to use forking on failure # log_level=3 log_stderror=1 listen=192.168.2.16 # ------------------ module loading ---------------------------------- #set module path mpath="/usr/local/lib/opensips/modules/" # Uncomment this if you want to use SQL database loadmodule "tm.so" loadmodule "sl.so" loadmodule "maxfwd.so" # ------------------------- request routing logic ------------------- # main routing logic route{ # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; }; if ($ml >= 2048 ) { sl_send_reply("513", "Message too big"); exit; }; # skip register for testing purposes if (is_methos("REGISTER")) { sl_send_reply("200", "ok"); exit; }; if (is_method("INVITE")) { seturi("sip:xxx@192.168.2.16:5064"); # if transaction broken, try other an alternative route t_on_failure("1"); # if a provisional came, stop alternating t_on_reply("1"); }; t_relay(); } failure_route[1] { log(1, "trying at alternate destination\n"); seturi("sip:yyy@192.168.2.16:5064"); t_relay(); } onreply_route[1] { log(1, "reply came in\n"); if ($rs=~"18[0-9]") { log(1, "provisional -- resetting negative failure\n"); t_on_failure("0"); }; }

# # demo script showing how to set-up usrloc replication # # ----------- global configuration parameters ------------------------ log_level=3 # logging level (cmd line: -dddddddddd) log_stderror=yes # (cmd line: -E) # ------------------ module loading ---------------------------------- #set module path mpath="/usr/local/lib/opensips/modules/" loadmodule "db_mysql.so" loadmodule "sl.so" loadmodule "tm.so" loadmodule "maxfwd.so" loadmodule "usrloc.so" loadmodule "registrar.so" loadmodule "auth.so" loadmodule "auth_db.so" # ----------------- setting module-specific parameters --------------- # digest generation secret; use the same in backup server; # also, make sure that the backup server has sync'ed time modparam("auth", "secret", "alsdkhglaksdhfkloiwr") # ------------------------- request routing logic ------------------- # main routing logic route{ # initial sanity checks -- messages with # max_forwars==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; }; if ($ml >= 2048 ) { sl_send_reply("513", "Message too big"); exit; }; # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (is_myself("$rd")) { if ($rm=="REGISTER") { # verify credentials if (!www_authorize("foo.bar", "subscriber")) { www_challenge("foo.bar", "0"); exit; }; # if ok, update contacts and ... save("location"); # ... if this REGISTER is not a replica from our # peer server, replicate to the peer server $var(backup_ip) = "backup.foo.bar" {ip.resolve}; if (!$si==$var(backup_ip)) { t_replicate("sip:backup.foo.bar:5060"); }; exit; }; # do whatever else appropriate for your domain log("non-REGISTER\n"); }; }

# # $Id$ # # this example shows use of ser as stateless redirect server # # ------------------ module loading ---------------------------------- #set module path mpath="/usr/local/lib/opensips/modules/" loadmodule "sl.so" # ------------------------- request routing logic ------------------- # main routing logic route{ # for testing purposes, simply okay all REGISTERs if ($rm=="REGISTER") { log("REGISTER"); sl_send_reply("200", "ok"); return; }; # rewrite current URI, which is always part of destination ser rewriteuri("sip:parallel@siphub.net:9"); # append one more URI to the destination ser append_branch("sip:redirect@siphub.net:9"); # redirect now sl_send_reply("300", "Redirect"); }

# # $Id$ # # example: ser configured as PSTN gateway guard; PSTN gateway is located # at 192.168.0.10 # # ------------------ module loading ---------------------------------- #set module path mpath="/usr/local/lib/opensips/modules/" loadmodule "sl.so" loadmodule "tm.so" loadmodule "acc.so" loadmodule "rr.so" loadmodule "maxfwd.so" loadmodule "db_mysql.so" loadmodule "auth.so" loadmodule "auth_db.so" loadmodule "group.so" loadmodule "uri.so" # ----------------- setting module-specific parameters --------------- modparam("auth_db", "db_url","mysql://opensips:opensipsrw@localhost/opensips") modparam("auth_db", "calculate_ha1", yes) modparam("auth_db", "password_column", "password") # -- acc params -- modparam("acc", "log_level", 1) # that is the flag for which we will account -- don't forget to # set the same one :-) modparam("acc", "log_flag", 1 ) # ------------------------- request routing logic ------------------- # main routing logic route{ /* ********* ROUTINE CHECKS ********************************** */ # filter too old messages if (!mf_process_maxfwd_header("10")) { log("LOG: Too many hops\n"); sl_send_reply("483","Too Many Hops"); exit; }; if ($ml >= 2048 ) { sl_send_reply("513", "Message too big"); exit; }; /* ********* RR ********************************** */ /* grant Route routing if route headers present */ if (loose_route()) { t_relay(); exit; }; /* record-route INVITEs -- all subsequent requests must visit us */ if ($rm=="INVITE") { record_route(); }; # now check if it really is a PSTN destination which should be handled # by our gateway; if not, and the request is an invitation, drop it -- # we cannot terminate it in PSTN; relay non-INVITE requests -- it may # be for example BYEs sent by gateway to call originator if (!$ru=~"sip:\+?[0-9]+@.*") { if ($rm=="INVITE") { sl_send_reply("403", "Call cannot be served here"); } else { forward(); }; exit; }; # account completed transactions via syslog setflag(1); # free call destinations ... no authentication needed if ( is_user_in("Request-URI", "free-pstn") /* free destinations */ || $ru=~"sip:[79][0-9][0-9][0-9]@.*" /* local PBX */ || $ru=~"sip:98[0-9][0-9][0-9][0-9]") { log("free call"); } else if ($si==192.168.0.10) { # our gateway doesn't support digest authentication; # verify that a request is coming from it by source # address log("gateway-originated request"); } else { # in all other cases, we need to check the request against # access control lists; first of all, verify request # originator's identity if (!proxy_authorize( "gateway" /* realm */, "subscriber" /* table name */)) { proxy_challenge( "gateway" /* realm */, "0" /* no qop */ ); exit; }; # authorize only for INVITEs -- RR/Contact may result in weird # things showing up in d-uri that would break our logic; our # major concern is INVITE which causes PSTN costs if ($rm=="INVITE") { # does the authenticated user have a permission for local # calls (destinations beginning with a single zero)? # (i.e., is he in the "local" group?) if ($ru=~"sip:0[1-9][0-9]+@.*") { if (!is_user_in("credentials", "local")) { sl_send_reply("403", "No permission for local calls"); exit; }; # the same for long-distance (destinations begin with two zeros") } else if ($ru=~"sip:00[1-9][0-9]+@.*") { if (!is_user_in("credentials", "ld")) { sl_send_reply("403", " no permission for LD "); exit; }; # the same for international calls (three zeros) } else if ($ru=~"sip:000[1-9][0-9]+@.*") { if (!is_user_in("credentials", "int")) { sl_send_reply("403", "International permissions needed"); exit; }; # everything else (e.g., interplanetary calls) is denied } else { sl_send_reply("403", "Forbidden"); exit; }; }; # INVITE to authorized PSTN }; # authorized PSTN # if you have passed through all the checks, let your call go to GW! rewritehostport("192.168.0.10:5060"); # forward the request now if (!t_relay()) { sl_reply_error(); exit; }; }

# # simple quick-start config script including nathelper support # This default script includes nathelper support. To make it work # you will also have to install Maxim's RTP proxy. The proxy is enforced # if one of the parties is behind a NAT. # # If you have an endpoing in the public internet which is known to # support symmetric RTP (Cisco PSTN gateway or voicemail, for example), # then you don't have to force RTP proxy. If you don't want to enforce # RTP proxy for some destinations than simply use t_relay() instead of # route(1) # # Sections marked with !! Nathelper contain modifications for nathelper # # NOTE !! This config is EXPERIMENTAL ! # # ----------- global configuration parameters ------------------------ log_level=3 # logging level (cmd line: -dddddddddd) log_stderror=no # (cmd line: -E) /* Uncomment these lines to enter debugging mode */ #debug_mode=yes check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 # ------------------ module loading ---------------------------------- #set module path mpath="/usr/local/lib/opensips/modules/" # Uncomment this if you want to use SQL database #loadmodule "db_mysql.so" loadmodule "sl.so" loadmodule "tm.so" loadmodule "signaling.so" loadmodule "rr.so" loadmodule "maxfwd.so" loadmodule "usrloc.so" loadmodule "registrar.so" loadmodule "textops.so" loadmodule "mi_fifo.so" # Uncomment this if you want digest authentication # db_mysql.so must be loaded ! #loadmodule "auth.so" #loadmodule "auth_db.so" # !! Nathelper loadmodule "nathelper.so" loadmodule "rtpproxy.so" # ----------------- setting module-specific parameters --------------- # -- mi_fifo params -- modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo") # -- usrloc params -- modparam("usrloc", "db_mode", 0) # Uncomment this if you want to use SQL database # for persistent storage and comment the previous line #modparam("usrloc", "db_mode", 2) # -- auth params -- # Uncomment if you are using auth module #modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) #modparam("auth_db", "password_column", "password") # !! Nathelper modparam("usrloc","nat_bflag",6) modparam("nathelper","sipping_bflag",8) modparam("nathelper", "ping_nated_only", 1) # Ping only clients behind NAT # ------------------------- request routing logic ------------------- # main routing logic route{ # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; }; if ($ml >= 2048 ) { sl_send_reply("513", "Message too big"); exit; }; # !! Nathelper # Special handling for NATed clients; first, NAT test is # executed: it looks for via!=received and RFC1918 addresses # in Contact (may fail if line-folding is used); also, # the received test should, if completed, should check all # vias for rpesence of received if (nat_uac_test("3")) { # Allow RR-ed requests, as these may indicate that # a NAT-enabled proxy takes care of it; unless it is # a REGISTER if (is_method("REGISTER") || !is_present_hf("Record-Route")) { log("LOG:Someone trying to register from private IP, rewriting\n"); # This will work only for user agents that support symmetric # communication. We tested quite many of them and majority is # smart enough to be symmetric. In some phones it takes a # configuration option. With Cisco 7960, it is called # NAT_Enable=Yes, with kphone it is called "symmetric media" and # "symmetric signalling". # Rewrite contact with source IP of signalling fix_nated_contact(); if ( is_method("INVITE") ) { fix_nated_sdp("1"); # Add direction=active to SDP }; force_rport(); # Add rport parameter to topmost Via setbflag(6); # Mark as NATed # if you want sip nat pinging # setbflag(8); }; }; # subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); exit; }; # we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!is_method("REGISTER")) record_route(); if (!is_myself("$rd")) { # mark routing logic in request append_hf("P-hint: outbound\r\n"); route(1); exit; }; # if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (is_myself("$rd")) { if (is_method("REGISTER")) { # Uncomment this if you want to use digest authentication #if (!www_authorize("siphub.org", "subscriber")) { # www_challenge("siphub.org", "0"); # return; #}; save("location"); exit; }; lookup("aliases"); if (!is_myself("$rd")) { append_hf("P-hint: outbound alias\r\n"); route(1); exit; }; # native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); exit; }; }; append_hf("P-hint: usrloc applied\r\n"); route(1); } route[1] { # !! Nathelper if ($ru=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)" && !search("^Route:")){ sl_send_reply("479", "We don't forward to private IP addresses"); exit; }; # if client or server know to be behind a NAT, enable relay if (isbflagset(6)) { rtpproxy_offer(); }; # NAT processing of replies; apply to all transactions (for example, # re-INVITEs from public to private UA are hard to identify as # NATed at the moment of request processing); look at replies t_on_reply("1"); # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if (!t_relay()) { sl_reply_error(); }; } # !! Nathelper onreply_route[1] { # NATed transaction ? if (isbflagset(6) && $rs =~ "(183)|2[0-9][0-9]") { fix_nated_contact(); rtpproxy_answer(); # otherwise, is it a transaction behind a NAT and we did not # know at time of request processing ? (RFC1918 contacts) } else if (nat_uac_test("1")) { fix_nated_contact(); }; }

# # MSILO usage example # # $ID: daniel $ # children=2 check_via=no # (cmd. line: -v) dns=off # (cmd. line: -r) rev_dns=off # (cmd. line: -R) # ------------------ module loading ---------------------------------- #set module path mpath="/usr/local/lib/opensips/modules/" loadmodule "textops.so" loadmodule "sl.so" loadmodule "db_mysql.so" loadmodule "maxfwd.so" loadmodule "tm.so" loadmodule "usrloc.so" loadmodule "registrar.so" loadmodule "msilo.so" # ----------------- setting module-specific parameters --------------- # -- registrar params -- modparam("registrar", "default_expires", 120) # -- usrloc params -- modparam("usrloc", "db_mode", 0) # -- msilo params -- modparam("msilo", "db_url", "mysql://opensips:opensipsrw@localhost/opensips") # -- tm params -- modparam("tm", "fr_timer", 10 ) modparam("tm", "fr_inv_timer", 15 ) modparam("tm", "wt_timer", 10 ) route{ if ( !mf_process_maxfwd_header("10") ) { sl_send_reply("483","To Many Hops"); exit; }; if (is_myself("$rd")) { # for testing purposes, simply okay all REGISTERs # is_method("XYZ") is faster than ($rm=="XYZ") # but requires textops module if (is_method("REGISTER")) { save("location"); log("REGISTER received -> dumping messages with MSILO\n"); # MSILO - dumping user's offline messages if (m_dump()) { log("MSILO: offline messages dumped - if they were\n"); } else { log("MSILO: no offline messages dumped\n"); }; exit; }; # backup r-uri for m_dump() in case of delivery failure $avp(11) = $ru; # domestic SIP destinations are handled using our USRLOC DB if(!lookup("location")) { if (! t_newtran()) { sl_reply_error(); exit; }; # we do not care about anything else but MESSAGEs if (!is_method("MESSAGE")) { if (!t_reply("404", "Not found")) { sl_reply_error(); }; exit; }; log("MESSAGE received -> storing using MSILO\n"); # MSILO - storing as offline message if (m_store("$ru")) { log("MSILO: offline message stored\n"); if (!t_reply("202", "Accepted")) { sl_reply_error(); }; }else{ log("MSILO: offline message NOT stored\n"); if (!t_reply("503", "Service Unavailable")) { sl_reply_error(); }; }; exit; }; # if the downstream UA does not support MESSAGE requests # go to failure_route[1] t_on_failure("1"); t_relay(); exit; }; # forward anything else t_relay(); } failure_route[1] { # forwarding failed -- check if the request was a MESSAGE if (!is_method("MESSAGE")) exit; log(1,"MSILO: the downstream UA does not support MESSAGE requests ...\n"); # we have changed the R-URI with the contact address -- ignore it now if (m_store("$avp(11)")) { log("MSILO: offline message stored\n"); t_reply("202", "Accepted"); }else{ log("MSILO: offline message NOT stored\n"); t_reply("503", "Service Unavailable"); }; }