|
|
This is the manual for GNU Gatekeeper 2.2.7.
A manual for your version is in your GnuGk download archive.
Chapters:
Contents ·
Introduction ·
Installation ·
Getting started ·
Basic Config ·
Routed Mode & Proxy ·
Routing ·
RAS Config ·
Authentication ·
Accounting ·
Neighbors ·
Per Endpoint Config ·
Advanced Config ·
Monitoring
The following sections in the config file can be used to configure how calls are routed.
Each call gets passed down a chain of routing policies.
Each policy may route the call and terminate the chain or modify it and
pass it on. You can use the setting in the following sections to
specify which policies to use and modify their behavior.
This section explains how the various possible routing
policies within the gatekeeper work.
The incoming call requests can be routed using a number
of routing providers:
explicit
The destination is explicitly specified in the routing
request.
internal
The classical rule; search the destination in
RegistrationTable
parent
Route the call using information sent by the parent GK in
reply to an ARQ the gatekeeper will send.
neighbor
Route the call using neighbors by exchanging LRQ messages
dns
The destination is resolved from DNS, provided it is
resolvable
sql
Route calls by rewriting the called alias with a database query. The database parameters are specified in the
Routing::Sql section.
vqueue
Use the virtual queue mechanism and generate a RouteRequest
event to let an external application do the routing
numberanalysis
Provides support for overlapped digit sending for ARQ messages.
It also partially supports Setup messages (no overlapped sending
- only number length validation).
enum
ENUM (RFC3761) is a method to use DNS lookup to convert
real IDD E164 numbers into H323 dialing information. The servers
it looks up by default are e164.voxgratia.net, e164.org and e164.arpa.
To specify your own server you have may either specify the list in via the ENUMserver variable in
the RoutedMode section or specify an environmental variable PWLIB_ENUM_PATH with the address of your preferred
enum servers separated by a colon(:) on Linux and a semicolon (;) on windows.
(PWLIB_ENUM_PATH is supported starting with PWLib 1.8.0; 1.7.5.2 (Pandora) doesn't support it.)
The enum policy replaces the destination with the information returned by ENUM server,
so you must have the appropriate routing policies to finally route the call after the enum policy.
Usually you should also have the srv and dns policy after the enum policy, since the new location is often
returned in the form of 'number@gatekeeper' and the these policies are needed to resolve this.
Finally keep in mind that each routing check with the enum policy requires a DNS lookup.
To speed up your routing, make sure you resolve internal destinations before the enum policy is applied.
srv
DNS SRV or H.323 Annex O. allows for the routing of calls using the H.323 URI.
Addresses can be set as user (at) domain. The H.323 URI are stored in the
DNS domain records of the domain and are queried to find destination.
Records can be for the signalling address or for LRQ address.
rds
URN RDS or Universal resources name resolver discovery system is a system (as defined in RFC 2915 Sect 7.2
whereby domain names SRV records are hosted on other domains. In this policy the servers set by
[RoutedMode] RDSServers are queried to resolve URI's which domains do not have SRV records. This can be used
to virtually host URL domains or centralise the control of SRV records.
Default configuration for routing policies is as follows:
[RoutingPolicy]
default=explicit,internal,parent,neighbor
If one policy does not match, the next policy is tried.
These policies can be applied to a number of routing request types,
and routing input data. The different types are:
ARQ, LRQ, Setup and Facility (with the callForwarded reason)
There is also the general routing policy, which is kind of a
default for the other types.
- Example:
[RoutingPolicy]
h323_ID=dns,internal
002=neighbor,internal
Default=internal,neighbor,parent
When one of the messages is received which calls for a routing
decision, all calls to an alias of the h323_ID type will be
resolved using DNS. If DNS fails to resolve the alias, it is
matched against the internal registration table. If a call is
requested to an alias starting with 002, first the neighbors
are checked and then the internal registration table. If the
requested alias is not an h323_ID or an alias starting with
002, the default policy is used by querying the internal
registration table, then the neighbors, and if that fails the
parent.
For the ARQ, LRQ, Setup and Facility messages one would use the
[RoutingPolicy::OnARQ], [RoutingPolicy::OnLRQ],
[RoutingPolicy::OnSetup] and [RoutingPolicy::OnFacility] sections
using the syntax explained above.
- Example:
[RoutingPolicy::OnARQ]
default=numberanalysis,internal,neighbor
A typical ENUM routing setup would look like this:
- Example:
[RoutingPolicy]
default=explicit,internal,enum,dns,internal,parent,neighbor
This section defines the rewriting rules for dialedDigits (E.164 number).
- Format:
[!]original-prefix=target-prefix
If the number is beginning with original-prefix,
it is rewritten to target-prefix.
If the `!' flag precedes the original-prefix, the sense is inverted
and the target-prefix is prepended to the dialed number. Special wildcard
characters ('.' and '%') are available.
- Example:
08=18888
If you dial 08345718, it is rewritten to 18888345718.
- Example:
!08=18888
If you dial 09345718, it is rewritten to 1888809345718.
Option:
This section defines the rewriting rules for aliases. This can be used to
map gatekeeper assigned aliases to registered endpoints.
- Format:
[!]original-alias=target-alias
If the alias is original-alias,
it is rewritten to target-alias.
- Example:
bill=033123456
This section describes rewriting the dialedDigits E.164 number depending on
the gateway a call has come from or is being sent to. This allows for more
flexible manipulation of the dialedDigits for routing etc. In combination
with the
RasSrv::RewriteE164 you can have triple
stage rewriting:
Call from "gw1", dialedDigits 0867822
|
|
V
Input rules for "gw1", dialedDigits now 550867822
|
|
V
Global rules, dialedDigits now 440867822
|
|
V
Gateway selection, dialedDigits now 440867822, outbound gateway "gw2"
|
|
V
Output rules for "gw2", dialedDigits now 0867822
|
|
V
Call to "gw2", dialedDigits 0867822
- Format:
gw-alias=in|out=[!]original-prefix=target-prefix[;in|out...]
If the call matches the gateway, the direction and begins with
original-prefix it is rewritten to target-prefix.
If the `!' flag precedes the original-prefix, the sense is inverted.
Special wildcard characters ('.' and '%') are available.
Multiple rules for the same gateway should be separated by ';'.
- Example:
gw1=in=123=321
If a call is received from "gw1" to 12377897, it is rewritten to 32177897
before further action is taken.
Once you specify prefix(es) for your gatekeeper endpoint, the parent
gatekeeper will route calls with dialedDigits beginning with that prefixes.
The child gatekeeper can rewrite the destination according to the rules
specified in this section. By contrast, when an internal endpoint calls
an endpoint registered to the parent gatekeeper, the source will be
rewritten reversely.
- Format:
external prefix=internal prefix
For example, if you have the following configuration,
[Parent GK]
ID=CitronGK
/ \
/ \
/ \
/ \
[Child GK] [EP3]
ID=ProxyGK E164=18888200
Prefix=188886
/ \
/ \
/ \
[EP1] [EP2]
E164=601 E164=602
With this rule:
188886=6
When EP1 calls EP3 by 18888200, the CallingPartyNumber in the Q.931 Setup
will be rewritten to 18888601. Conversely, EP3 can reach EP1 and EP2
by calling 18888601 and 18888602, respectively. In consequence, an
endpoint registered to the child GK with prefix '6' will appear
as an endpoint with prefix '188886', for endpoints registered to
the parent gatekeeper.
The section does not relate to the section
RasSrv::RewriteE164,
though the later will take effect first.
Rewrite the called alias with an SQL query.
Supports routing OnARQ, OnLRQ and OnSetup.
If the string returned from the database is 'REJECT' (upper or lower case),
the call is rejected. If the string matches a dotted IP address, it is
taken as destination IP and else it is treated as new destination alias.
If 2 colums are returned, the first is treated as the new destination alias
and the second is treated as new destination IP.
When rejecting a call, the 2nd column can contain an integer designating the
reject reason (H.225 AdmissionRejectReason for registered calls,
H.225 LocationRejectReason for neighbor calls,
H.225 disconnect reason for unregistered calls).
If the database returns nothing, the call is passed on unchanged.
Driver=MySQL | PostgreSQL | Firebird | ODBC | SQLite
Default: N/A
SQL database driver to use. Currently, MySQL, PostgreSQL, Firebird, ODBC and SQLite drivers
are implemented.
Host=DNS[:PORT] | IP[:PORT]
Default: localhost
SQL server host address. Can be in the form of DNS[:PORT] or IP[:PORT].
Like sql.mycompany.com or sql.mycompany.com:3306 or 192.168.3.100.
Database=gnugk
Default: billing
The database name to connect to.
Username=gnugk
The username used to connect to the database.
Password=secret
The password used to connect to the database.
If the password is not specified, a database connection attempt
without any password will be made.
Query=SELECT ...
Default: N/A
Define an SQL query to fetch the new destination number.
The query is parameterized - that means parameter
replacement is made before each query is executed. The following parameters are defined:
%c - the called alias%p - the called IP (only available OnSetup, empty otherwise)%s - the calling IP%r - the calling alias%i - the call ID%m - the messageType (ARQ, LRQ or Setup)
Some of these can be empty if they aren't included in The ARQ, LRQ or Setup message.
If the query returns no rows, the current alias is used.
Otherwise, the first result row is used.
Query string examples:
SELECT destination FROM routes WHERE called = '%c'
SELECT concat(prefix,'%c') FROM routes WHERE route = substr('%c', 5)
This section defines rules for the numberanalysis routing policy.
The policy checks a dialed number for minimum and/or maximum number of digits
and sends ARJ, if necessary (number of digits is out of range), to support
overlapped digit sending. It also partially supports Setup messages (no overlapped sending
- only number length validation).
- Format:
prefix=MIN_DIGITS[:MAX_DIGITS]
If the number matches the prefix, it is verified to consist of at least
MIN_DIGITS digits and (if MAX_DIGITS is present) at most MAX_DIGITS
digits. Special wildcard characters (!, '.' and '%') are available.
If the number is too short, an ARJ is send with rejectReason set to incompleteAddress.
If the number is too long, an ARJ is send with rejectReason set to undefinedReason.
Prefix list is searched from the longest to the shortest prefix for a match.
For Setup messages, a Release Complete with "badFormatAddress" is sent when the number
has an incorrect length.
- Example:
[RoutingPolicy::OnARQ]
default=numberanalysis,internal
[Routing::NumberAnalysis]
0048=12
48=10
.=6:20
Calls to destinations starting with 0048 require at least 12 digits,
to 48 - 10 digits and to all other at least 6 and at most 20 digits.
This section contains a set of rewrite rules for ANI/CLI numbers (caller id).
The rewrite process is done at two stages - inbound rewrite and outbound rewrite.
The inbound rewrite is done before any other Q.931 Setup message processing
(like inbound GWRewrite, authentication, accounting, ...) and it will have
visible effect inside auth/acct modules, as it affects Calling-Station-Id.
The outbound rewrite takes place just before the Setup message is to be forwarded
and its effect is visible only to the callee.
An inbound rewrite rule can be matched by a caller's IP and a dialed number
or an original CLI/ANI.
An outbound rewrite rule can be matched by a caller's IP, callee's IP and
a dialed number or a destination number (the dialed number after rewrite)
or a CLI/ANI (after inbound rewrite).
This module also provides CLIR (Calling Line Identification Restriction)
feature that can be configured for each endpoint (rule).
ProcessSourceInfo=1
Default: 1
In addition to rewriting a Calling-Party-Number IE also a sourceInfo
element of a H.225.0 Setup message can be rewritten, so both contain
consistent information.
RemoveH323Id=1
Default: 1
When a sourceInfo element of an H.225.0 Setup message is rewritten,
aliases of type H323_ID, email_ID and url_ID can be left untouched
if this option is disabled.
CLIRPolicy=apply
Default: N/A
Here a global presentation indicator processing policy can be set up.
This policy will be applied to all CLI rewrite rules that do not override it.
Possible choices are forward - just forward the received PI as is,
apply - examine the received PI and hide CLI if it is set to "presentation
restricted" and applyforterminals - similar to apply except that the number
is removed only when the call is send to a terminal, not a gateway.
- Format for an inbound rule:
in:CALLER_IP=[pi=[allow|restrict][,forward|apply|applyforterminals]] [cli:|dno:]number_prefix(=|*=|~=)NEW_CLI[,NEW_CLI]...
The in: prefix tells that this is an inbound rule and the CALLER_IP
will be used to match the rule (it can be a single IP or a whole subnet).
The optional pi= parameter controls CLIR (Calling Line Identification Restriction)
features. Specifying either allow or restrict forces presentation indicator
to be set to "presentation allowed" or "presentation restricted". forward, apply
and applyforterminals controls how the received (if any) presentation indicator
is processed by the gatekeeper. forward means just to forward it to the callee as is,
apply means hiding CLI if the PI is set to "presentation restricted", applyforterminals
is similar to apply, except that CLI is hidden only when sending the call to a terminal,
not a gateway.
The prefix cli: or dno: (the default) selects what number will be used
to match the number_prefix - a caller id (CLI/ANI) or a dialed number.
Number matching/rewriting can be done in three ways:
= - a cli or dno number will be matched using a prefix
match against number_prefix and, if the match is found,
CLI will be replaced with NEW_CLI,~= - a cli or dno number will be matched using an identity
match against number_prefix and, if both numbers are the same,
CLI will be replaced with NEW_CLI,*= - (VALID ONLY FOR cli) a cli number will be matched using
a prefix match against number_prefix and, if the match is found,
the matched CLI prefix (number_prefix) will be replaced
with a NEW_CLI prefix.
After the equality (=/ =/*=) sign, there follows a list of new CLI values to be used.
If more than one value is specified, a one will be chosen on a random basis.
It's possible to specify whole number ranges, like 49173600000-49173699999
(for number ranges CLIs should have a fixed length).
There is a special string constant "any", that can be used in place
of the CALLER_IP or the number_prefix. To enable CLIR for this rule,
use a special string constant "hide" instead of the list of new CLI values.
Note that CLIR is far more useful for outbound rules.
- Example 1:
[RewriteCLI]
in:192.168.1.1=dno:5551=3003
in:192.168.1.1=cli:1001=2222
in:192.168.1.1=any=1111
These rules tell that for calls from the IP 192.168.1.1:
1) if the user dialed a number beginning with 5551, set CLI to 3003,
2) if the call is from user with CLI beginning with 1001, set CLI to 2222,
3) for other calls from this IP, set CLI to 1111.
- Example 2:
[RewriteCLI]
in:192.168.1.0/24=any=18001111
in:192.168.2.0/24=any=18002222
in:any=any=0
These rules tell that:
1) for calls from the network 192.168.1.0/24, set CLI to 18001111,
2) for calls from the network 192.168.2.0/24, set CLI to 18002222,
3) for other calls, set CLI to 0.
- Example 3:
[RewriteCLI]
%r1% in:192.168.1.0/24=0048*=48
%r2% in:192.168.1.0/24=0*=48
in:any=100.~=48900900900
These rules tell that:
1) for calls from the network 192.168.1.0/24, rewrite 0048 to 48 (example - 0048900900900 => 48900900900),
2) for other calls from the network 192.168.1.0/24, rewrite 0 to 48 (example - 0900900900 => 48900900900),
3) for other calls, if CLI is 4 digits and starts with 100, set it to 48900900900.
- Example 4 (CLIR):
[RewriteCLI]
in:192.168.1.0/24=any=hide
This example causes caller's number to be removed from Setup messages
originating from the 192.168.1.0/24 network. It also causes proper presentation
and screening indicators to be set in Setup messages.
- Format for an outbound rule:
out:CALLER_IP=CALLEE_IP [pi=[allow|restrict][,forward|apply|applyforterminals]] [cli:|dno:|cno:]number_prefix(=|~=|*=)NEW_CLI[,NEW_CLI]...
The out: prefix tells that this is an outbound rule, the CALLER_IP
and the CALLEE_IP will be used to match the rule and can be a single IP
or a whole network address.
The optional pi= parameter controls CLIR (Calling Line Identification Restriction)
features. Specifying either allow or restrict forces presentation indicator
to be set to "presentation allowed" or "presentation restricted". forward, apply
and applyforterminals controls how the received (if any) presentation indicator
is processed by the gatekeeper. forward means just to forward it to the callee as is,
apply means hiding CLI if the PI is set to "presentation restricted", applyforterminals
is similar to apply, except that CLI is hidden only when sending the call to a terminal,
not a gateway.
The prefix cli:, dno: (the default) or cno: selects what number
will be used to match the number_prefix - a caller id (CLI/ANI),
a dialed number or a destination/called number (the dialed number after rewrite).
Number matching/rewriting can be done in three ways:
= - a cli or dno number will be matched using a prefix
match against number_prefix and, if the match is found,
CLI will be replaced with NEW_CLI,~= - a cli or dno number will be matched using an identity
match against number_prefix and, if both numbers are the same,
CLI will be replaced with NEW_CLI,*= - (VALID ONLY FOR cli) a cli number will be matched using
a prefix match against number_prefix and, if the match is found,
the matched CLI prefix (number_prefix) will be replaced
with a NEW_CLI prefix.
After the equality sign (=/ =/*=), a list of new CLI values to be used follows.
If more than one value is specified, a one will be chosen on a random basis.
It's possible to specify whole number ranges, like 49173600000-49173699999.
There is a special string constant "any", that can be used in place
of the CALLER_IP, the CALLEE_IP or the number_prefix.
To enable CLIR for this rule, use a special string constant "hide"
or "hidefromterminals" instead of the list of new CLI values.
- Example 1:
[RewriteCLI]
out:any=192.168.1.1 any=1001
out:any=192.168.1.2 any=1002
These rules set a fixed ANI/CLI for each terminating IP:
1) present myself with ANI 1001, when sending calls to IP 192.168.1.1,
2) present myself with ANI 1002, when sending calls to IP 192.168.1.2.
- Example 2:
[RewriteCLI]
out:any=192.168.1.1 any=1001-1999,3001-3999
This rule randomly selects ANI/CLI from range 1001-1999, 3001-3999
for calls sent to 192.168.1.1.
- Example 3 (CLIR):
[RewriteCLI]
out:any=any any=hidefromterminals
out:192.168.1.1=any any=hide
In this example each subscriber has enabled CLIR. So all calls to terminals
will have a caller's number removed and presentation/screening indicators set.
Calls to gateways will have only a presentation indicator set to "presentation restricted"
and the caller's number will not be removed to allow proper call routing and number
removal at the destination equipment.
One exception to these rules are calls from 192.168.1.1 which will have a caller's number
always removed, no matter whether calling a terminal or a gateway.
- Example 4 (CLIP):
[RewriteCLI]
out:any=192.168.1.1 any=hide
In this example CLIP (Calling Line Identification Presentation) feature
is disabled for the user 192.168.1.1.
- Example 5 (CLIR):
[RewriteCLI]
out:192.168.1.1=any pi=restrict,apply cli:.*=.
out:any=any pi=allow cli:.*=.
These rules do not change CLI (.*=.) and:
1) enable CLIR for an endpoint 192.168.1.1. apply tells the gatekeeper
to not only set the PI, but also to hide the number actually,
2) force CLI presentation for other endpoints.
Rule matching process has a strictly defined order:
- the closest caller's IP match is determined (closest means with the longest
network mask - single IPs have the highest priority, "any" has the lowest
priority),
- (outbound rules) the closest callee's IP match is determined,
- the longest matching prefix/number is searched for the given IP/IP pair
in the following order:
dno: type (dialed number) rules are searched,cno: type (destination/called number) rules are searched,cli: type (caller id) rules are searched.
After a match for caller's/caller's IP is found, no more rules
are checked, even if no prefix/number is matched inside the set of rules
for these IPs.
On Windows platform, there is a problem with duplicated config
keys, so there is a workaround for this restriction. This example
will not work because of the same key (in:192.168.1.1):
[RewriteCLI]
in:192.168.1.1=1001=2001
in:192.168.1.1=any=2000
As workaround, you can use a string with percent signs (%) at the beginning
and at the end before the key. This prefix will be automatically stripped
from the key name before loading rules:
[RewriteCLI]
%r1% in:192.168.1.1=1001=2001
%r2% in:192.168.1.1=any=2000
Next
Previous
Contents
�
Chapters:
Contents ·
Introduction ·
Installation ·
Getting started ·
Basic Config ·
Routed Mode & Proxy ·
Routing ·
RAS Config ·
Authentication ·
Accounting ·
Neighbors ·
Per Endpoint Config ·
Advanced Config ·
Monitoring
|
