SEMS configuration¶
Yeti uses modified SEMS that has other configuration file format than mainstream version Configuration located at /etc/sems/sems.conf.
Section general¶
Section general contains some global daemon parameters:
general section example¶
general {
node_id = 8
daemon = yes
stderr = no
syslog_loglevel = 2
syslog_facility = LOCAL0
shutdown_mode {
code = 508
reason = "Node in shutdown mode"
allow_uac = true
}
#~ pcap_upload_queue = pcap
media_processor_threads = 1
session_processor_threads = 1
rtp_receiver_threads=1
sip_udp_server_threads = 1
sip_tcp_server_threads = 1
dead_rtp_time=30
max_shutdown_time = 10
max_forwards = 70
session_limit {
limit = 4000
code = 509
reason = "Node overloaded"
}
enable_srtp = yes
enable_zrtp = yes
}
- node_id
Unique node identifier. Value should be unique across cluster.
- daemon
To daemonize SEMS or not
- stderr
Enable logging to stderr. Usable for debug purposes.
- syslog_loglevel
Logs level for syslog log destination.
- syslog_facility
Syslog facility value
- shutdown_mode
Subsection to define behavior in shutdown mode
- shutdown_mode->code
SIP error code for new initial INVITES in shutdown mode
- shutdown_mode->reason
SIP error reason for new initial INVITES in shutdown mode
- shutdown_mode->allow_uac
Allow new LegB creation in shutdown mode.
- pcap_upload_queue
TODO
- media_processor_threads
TODO
- session_processor_threads
TODO
- sip_udp_server_threads
TODO
- sip_tcp_server_threads
TODO
- dead_rtp_time
TODO
Section signaling-interfaces¶
signaling-interfaces configuration example¶
signaling-interfaces {
interface input {
default-media-interface = input
ip4 {
sip-udp {
address = 193.186.15.24
port = 5061
use-raw-sockets = off
origination-acl {
whitelist = { 193.186.15.0/24 }
method = drop
}
register-acl {
whitelist = { 193.186.15.0/24 }
method = drop
}
}
sip-tcp {
address = 193.186.15.24
port = 5061
connect-timeout = 2000
static-client-port = on
idle-timeout=900000
use-raw-sockets = off
origination-acl {
whitelist = { 193.186.15.0/24 }
method = drop
}
register-acl {
whitelist = { 193.186.15.0/24 }
method = drop
}
}
sip-tls {
address = 193.186.15.24
port = 5061
static-client-port = on
connect-timeout = 2000
idle-timeout = 900000
client {
protocols = { TLSv1, TLSv1.1, TLSv1.2 }
certificate = /etc/sems/ssl/demo.yeti-switch.org.crt_bundle
certificate_key = /etc/sems/ssl/demo.yeti-switch.org.key.pkcs8
verify_certificate_chain = false
verify_certificate_cn = false
}
server {
protocols = { TLSv1, TLSv1.1, TLSv1.2 }
certificate = /etc/sems/ssl/demo.yeti-switch.org.crt_bundle
certificate_key = /etc/sems/ssl/demo.yeti-switch.org.key.pkcs8
ciphers = {ChaCha20Poly1305, AES-256/GCM, AES-128/GCM, AES-256/CCM, AES-128/CCM, AES-256, AES-128}
macs = {AEAD, SHA-256, SHA-384, SHA-1}
verify_client_certificate = false
require_client_certificate = false
}
}
}
ip6 {
sip-udp {
address = 2001:67c:1324:101::24
port = 5061
use-raw-sockets = off
origination-acl {
whitelist = { 2001:67c:1324:101::/64 }
method = drop
}
register-acl {
whitelist = { 2001:67c:1324:101::/64 }
method = drop
}
}
sip-tcp {
address = 2001:67c:1324:101::24
port = 5061
connect-timeout = 2000
static-client-port = on
idle-timeout=900000
use-raw-sockets = off
origination-acl {
whitelist = { 2001:67c:1324:101::/64 }
method = drop
}
register-acl {
whitelist = { 2001:67c:1324:101::/64 }
method = drop
}
}
sip-tls {
address = 2001:67c:1324:101::24
port = 5061
static-client-port = on
connect-timeout = 2000
idle-timeout = 900000
client {
protocols = { TLSv1, TLSv1.1, TLSv1.2 }
certificate = /etc/sems/ssl/demo.yeti-switch.org.crt_bundle
certificate_key = /etc/sems/ssl/demo.yeti-switch.org.key.pkcs8
verify_certificate_chain = false
verify_certificate_cn = false
}
server {
protocols = { TLSv1, TLSv1.1, TLSv1.2 }
certificate = /etc/sems/ssl/demo.yeti-switch.org.crt_bundle
certificate_key = /etc/sems/ssl/demo.yeti-switch.org.key.pkcs8
ciphers = {ChaCha20Poly1305, AES-256/GCM, AES-128/GCM, AES-256/CCM, AES-128/CCM, AES-256, AES-128}
macs = {AEAD, SHA-256, SHA-384, SHA-1}
verify_client_certificate = false
require_client_certificate = false
}
}
}
}
}
Section media-interfaces¶
media-interfaces configuration example¶
media-interfaces {
interface intern {
ip4 {
rtp {
address = 2001:67c:1324:101::24
low-port = 16383
high-port = 32767
dscp = 46
use-raw-sockets = off
srtp {
enable_srtp=yes
sdes {
profiles = { AES_256_CM_HMAC_SHA1_80, AES_256_CM_HMAC_SHA1_32, AES_CM_128_HMAC_SHA1_80, AES_CM_128_HMAC_SHA1_32 }
}
dtls {
client {
protocols = { DTLSv1, DTLSv1.2 }
certificate = /etc/sems/ssl/demo.yeti-switch.org.crt_bundle
certificate_key = /etc/sems/ssl/demo.yeti-switch.org.key.pkcs8
profiles = { AES_256_CM_HMAC_SHA1_80, AES_256_CM_HMAC_SHA1_32, AES_CM_128_HMAC_SHA1_80, AES_CM_128_HMAC_SHA1_32 }
verify_certificate_chain = false
verify_certificate_cn = false
}
server {
protocols = { DTLSv1, DTLSv1.2 }
certificate = /etc/sems/ssl/demo.yeti-switch.org.crt_bundle
certificate_key = /etc/sems/ssl/demo.yeti-switch.org.key.pkcs8
profiles = { AES_256_CM_HMAC_SHA1_80, AES_256_CM_HMAC_SHA1_32, AES_CM_128_HMAC_SHA1_80, AES_CM_128_HMAC_SHA1_32 }
ciphers = {ChaCha20Poly1305, AES-256/GCM, AES-128/GCM, AES-256/CCM, AES-128/CCM, AES-256, AES-128}
macs = {AEAD, SHA-256, SHA-384, SHA-1}
verify_client_certificate = false
require_client_certificate = false
}
}
}
}
}
ip6 {
rtp {
address = 2001:67c:1324:101::24
low-port = 16383
high-port = 32767
dscp = 46
use-raw-sockets = off
srtp {
enable_srtp=yes
sdes {
profiles = { AES_256_CM_HMAC_SHA1_80, AES_256_CM_HMAC_SHA1_32, AES_CM_128_HMAC_SHA1_80, AES_CM_128_HMAC_SHA1_32 }
}
dtls {
client {
protocols = { DTLSv1, DTLSv1.2 }
certificate = /etc/sems/ssl/demo.yeti-switch.org.crt_bundle
certificate_key = /etc/sems/ssl/demo.yeti-switch.org.key.pkcs8
profiles = { AES_256_CM_HMAC_SHA1_80, AES_256_CM_HMAC_SHA1_32, AES_CM_128_HMAC_SHA1_80, AES_CM_128_HMAC_SHA1_32 }
verify_certificate_chain = false
verify_certificate_cn = false
}
server {
protocols = { DTLSv1, DTLSv1.2 }
certificate = /etc/sems/ssl/demo.yeti-switch.org.crt_bundle
certificate_key = /etc/sems/ssl/demo.yeti-switch.org.key.pkcs8
profiles = { AES_256_CM_HMAC_SHA1_80, AES_256_CM_HMAC_SHA1_32, AES_CM_128_HMAC_SHA1_80, AES_CM_128_HMAC_SHA1_32 }
ciphers = {ChaCha20Poly1305, AES-256/GCM, AES-128/GCM, AES-256/CCM, AES-128/CCM, AES-256, AES-128}
macs = {AEAD, SHA-256, SHA-384, SHA-1}
verify_client_certificate = false
require_client_certificate = false
}
}
}
}
}
}
}
Section modules¶
Section modules describles which modules should be loaded. Module can optionally accept configuration.
modules configuration example¶
modules {
module "Module1" {
/* Module1 configuration */
}
module "Module2" {
/* Module2 configuration */
}
}
SEMS will lookup modules(.so binary libraries) at /usr/lib/sems/plug-in/ directory.
Section routing¶
SEMS is application server so it is possible to load multiple application at same time and route incoming requests/sessions based on some conditions. Routing section allows to configure rules how to route incoming requests/dialogs.
routing configuration example¶
routing {
application = yeti
}