SEMS configuration
Configuration located at /etc/sems/sems.conf
WARNING
Yeti uses modified SEMS that has configuration file format not compatible with mainstream SEMS
Section general
Section general contains some global daemon parameters:
general {
node_id = 8
stderr = no
syslog_loglevel = 2
syslog_facility = LOCAL0
shutdown_mode {
code = 508
reason = "Node in shutdown mode"
allow_uac = true
}
#~ pcap_upload_queue = pcap
media_processor_threads = 1
session_processor_threads = 1
rtp_receiver_threads=1
sip_udp_server_threads = 1
sip_tcp_server_threads = 1
dead_rtp_time=300
max_shutdown_time = 10
max_forwards = 70
session_limit {
limit = 4000
code = 509
reason = "Node overloaded"
}
enable_srtp = yes
enable_zrtp = yes
}- node_id (default: 0)
- Unique node identifier. Value should be unique across cluster.
- log_dump_path (default: /var/spool/sems/logdump)
- Directory to save di_log module dumps on core.request.log.dump jsonrpc method call
- rsr_path (default: /var/spool/sems/rsr)
- Directory to save Raw SEMS Record files
- pcap_upload_queue (default: empty)
- destination name in the http_client module to automatically upload PCAP files
- skl_upload_queue (default: empty)
- destination name in the http_client module to automatically upload SKL (SSL Key Log) files
- max_shutdown_time (default: 10)
- max time in seconds to wait for sessions to cleanly end on shutdown
logging
- syslog_loglevel (default: info)
- Min log level for syslog log destination. allowed values: 0-5, error, warn, info, debug, debug2, debug3
- syslog_facility (default: DAEMON)
- Syslog facility value. allowed values: DAEMON, USER, LOCAL[0-7]
- stderr (default: false)
- Enable logging to stderr. Usable for debug purposes. Could be enabled by opt -E
- stderr_loglevel (default: info)
- Min log level for stderr log destination. allowed values: 0-5, error, warn, info, debug, debug2, debug3. Could be overridden by opt -D <level>
- log_parsed_messages (default: true)
- Whether to log parsed SIP requests in SipCtrlInterface at the DBG1 level
- log_raw_messages (default: debug)
- How to log raw SIP messages on send/recv. allowed values: error, warn, info, debug, debug2, debug3, no
- log_rtp_send_errors (default: error)
- How to log RTP stream packets sending errors. allowed values: error, warn, info, debug, debug2, debug3, no
- unhandled_reply_loglevel (default: error)
- How to log unhandled SIP provisional and success replies. allowed values: error, warn, info, debug, debug2, debug3, no
- log_events (default: false)
- Log events processing stages at the debug level
- log_sessions (default: false)
- Log new UAC/UAS sessions at the info level
signaling/media
- force_outbound_if (default: false)
- Force interface index for outgoing SIP and RTP packets. Uses IPPROTO_IP/IP_PKTINFO.ipi_ifindex, IPPROTO_IPV6/IPV6_PKTINFO.ipi6_ifindex for sendmsg
- use_raw_sockets (default: false)
- Global switch to use SOCK_RAW for outgoing SIP/UDP and RTP packets
- ssl_key_log_file (default: empty)
- Write TLS and SRTP secrets to the specified file in SSLKEYLOG format. Useful to decrypt signaling and media in the traces collected by the external tools.
signaling
- session_processor_threads (default: 10)
- Session processor threads count. Session processor threads handle events from the sessions events queues
- sip_udp_server_threads (default: 4)
- SIP UDP transport workers threads count. UDP transport workers receive UDP signaling traffic
- sip_tcp_server_threads (default: 4)
- SIP TCP transport workers threads count. TCP transport workers handle TCP/TLS/WS/WSS signaling traffic
- sip_nat_handling (default: false)
- Force SIP dialog Next Hop to be remote ip/port/trsp on requests with single Via header
- proxy_sticky_auth (default: false)
- Force uac_auth plugin to always send SIP request to the same endpoint that sent auth challenge (avoid DNS and DNS SRV balancing/failover)
- ignore_notify_lower_cseq (default: false)
- Ignore lower CSeq value for NOTIFY requests. fixes subscription dialog usage for implementations which follow 3265 instead of 5057
- accept_forked_dialogs (default: false)
- Use Via-branch to match dialogs in addition to the callid+remote_tag. By default requests with different Via-branch will be matched with the same dialog.
- shutdown_mode
- Subsection to define behavior in shutdown mode
- shutdown_mode.code (default: 503)
- SIP error code for new initial INVITES in shutdown mode
- shutdown_mode.reason (default: Server shutting down)
- SIP error reason for new initial INVITES in shutdown mode
- shutdown_mode.allow_uac (default: false)
- Allow new LegB creation in shutdown mode.
- max_forwards (default: 70)
- default value for the Max-Forwards header in the outgoing requests. allowed values: 1-70
- session_limit.limit (default: 0)
- limit active sessions count. reject incoming initial INVITES with session_limit.code (default: 503) session_limit.reason (default: Server overload). will increase sems_sessions_limit_rejects metric on rejects.
- options_session_limit.limit (default: 0)
- Reply with options_session_limit.code (default: 503) options_session_limit.reason (default: Server overload) for OPTIONS requests if active sessions count is greater than specified limit
- cps_limit.limit (default: 0)
- limit CPS. reject incoming initial INVITES with cps_limit.code (default: 503) cps_limit.reason (default: Server overload)
- sip_timer_{name}
- Override SIP timer default value in milliseconds. supported timers: A,B,D,E,F,K,G,H,I,J,L,M,C,BL
- outbound_proxy (default: empty)
- Use outbound proxy for all outgoing SIP requests
- force_outbound_proxy (default: false)
- Whether to apply outbound_proxy for in-dialog requests. will put outbound proxy URI at the top of the existent Route Set
- force_cancel_route_set (default: false)
- Add SIP dialog Route Set to CANCEL requests if true
- next_hop (default: empty)
- Force endpoint for SIP outgoing requests. Overrides message Next Hop lookup rules
- next_hop_1st_req (default: false)
- Apply next_hop for the first SIP request in the dialog
- udp_rcvbuf (default: -1)
- Set SIP/UDP socket recv buffer size (SO_RCVBUF)
- 100rel (default: supported)
- Set rel100 behavior. allowed values: disabled, supported, require
media processing
- media_processor_threads (default: 1)
- Media processor threads count. Media processor threads handle audio in the transcoding mode
- rtp_receiver_threads (default: 1)
- RTP receiver threads count. RTP receiver threads handle incoming RTP packets
- dead_rtp_time (default: 300)
- RTP timeout value in seconds. 0 means no timeout. will terminate session if no RTP packets received within dead_rtp_time interval
- enable_srtp (default: false)
- Global switch to enable SRTP processing. required for SRTP-SDES, SRTP-DTLS, SRTP-ZRTP
- enable_zrtp (default: true)
- Global switch to enable ZRTP processing.
- enable_ice (default: true)
- Enable ICE support. will reject SDP with ICE candidates otherwise
- symmetric_rtp_mode (default: packets)
- Symmetric RTP endpoint learning mode. allowed values: packets, delay
- symmetric_rtp_packets (default: 0)
- Minimal RTP packets count to leave passive mode in the 'packets' symmetric RTP endpoint learning mode
- symmetric_rtp_delay (default: 250)
- Minimal timeout in milliseconds to leave passive mode in the 'delay' symmetric RTP endpoint learning mode
- force_symmetric_rtp (default: false)
- Always create RTP streams in passive mode. By the default we use passive mode only if remote SDP contains 'direction' or 'setup' media aline with the 'active' value
- force_symmetric_candidate (default: false)
- Enable symmetric RTP for ICE candidates
- detect_inband_dtmf (default: false)
- Enable inband DTMF detection
- dtmf_offer_multirate (default: false)
- Add all supported rates for telephone-event payload in SDP offer
- dtmf_default_volume (default: 20)
- Volume level field value for telephone-event packets
- ignore_rtp_send_errors (default: false)
- Suppress RTP sending errors. By the default, RTP sending errors will call
onRtpSendingError()callback for session and for yeti module it will cause call termination with related internal disconnect code (144)
Section signaling-interfaces
signaling-interfaces {
interface input {
default-media-interface = input
ip4 {
sip-udp {
address = 193.186.15.24
port = 5061
use-raw-sockets = off
origination-acl {
whitelist = { 193.186.15.0/24 }
method = drop
}
register-acl {
whitelist = { 193.186.15.0/24 }
method = drop
}
}
sip-tcp {
address = 193.186.15.24
port = 5061
connect-timeout = 2000
static-client-port = on
idle-timeout=900000
use-raw-sockets = off
origination-acl {
whitelist = { 193.186.15.0/24 }
method = drop
}
register-acl {
whitelist = { 193.186.15.0/24 }
method = drop
}
}
sip-tls {
address = 193.186.15.24
port = 5061
static-client-port = on
connect-timeout = 2000
idle-timeout = 900000
client {
protocols = { TLSv1, TLSv1.1, TLSv1.2 }
certificate = /etc/sems/ssl/demo.yeti-switch.org.crt_bundle
certificate_key = /etc/sems/ssl/demo.yeti-switch.org.key.pkcs8
verify_certificate_chain = false
verify_certificate_cn = false
}
server {
protocols = { TLSv1, TLSv1.1, TLSv1.2 }
certificate = /etc/sems/ssl/demo.yeti-switch.org.crt_bundle
certificate_key = /etc/sems/ssl/demo.yeti-switch.org.key.pkcs8
ciphers = {ChaCha20Poly1305, AES-256/GCM, AES-128/GCM, AES-256/CCM, AES-128/CCM, AES-256, AES-128}
macs = {AEAD, SHA-256, SHA-384, SHA-1}
verify_client_certificate = false
require_client_certificate = false
}
}
}
ip6 {
sip-udp {
address = 2001:67c:1324:101::24
port = 5061
use-raw-sockets = off
origination-acl {
whitelist = { 2001:67c:1324:101::/64 }
method = drop
}
register-acl {
whitelist = { 2001:67c:1324:101::/64 }
method = drop
}
}
sip-tcp {
address = 2001:67c:1324:101::24
port = 5061
connect-timeout = 2000
static-client-port = on
idle-timeout=900000
use-raw-sockets = off
origination-acl {
whitelist = { 2001:67c:1324:101::/64 }
method = drop
}
register-acl {
whitelist = { 2001:67c:1324:101::/64 }
method = drop
}
}
sip-tls {
address = 2001:67c:1324:101::24
port = 5061
static-client-port = on
connect-timeout = 2000
idle-timeout = 900000
client {
protocols = { TLSv1, TLSv1.1, TLSv1.2 }
certificate = /etc/sems/ssl/demo.yeti-switch.org.crt_bundle
certificate_key = /etc/sems/ssl/demo.yeti-switch.org.key.pkcs8
verify_certificate_chain = false
verify_certificate_cn = false
}
server {
protocols = { TLSv1, TLSv1.1, TLSv1.2 }
certificate = /etc/sems/ssl/demo.yeti-switch.org.crt_bundle
certificate_key = /etc/sems/ssl/demo.yeti-switch.org.key.pkcs8
ciphers = {ChaCha20Poly1305, AES-256/GCM, AES-128/GCM, AES-256/CCM, AES-128/CCM, AES-256, AES-128}
macs = {AEAD, SHA-256, SHA-384, SHA-1}
verify_client_certificate = false
require_client_certificate = false
}
}
}
}
}Section media-interfaces
media-interfaces {
interface intern {
ip4 {
rtp {
address = 2001:67c:1324:101::24
low-port = 16383
high-port = 32767
dscp = 46
use-raw-sockets = off
srtp {
enable_srtp=yes
sdes {
profiles = { AES_256_CM_HMAC_SHA1_80, AES_256_CM_HMAC_SHA1_32, AES_CM_128_HMAC_SHA1_80, AES_CM_128_HMAC_SHA1_32 }
}
dtls {
client {
protocols = { DTLSv1, DTLSv1.2 }
certificate = /etc/sems/ssl/demo.yeti-switch.org.crt_bundle
certificate_key = /etc/sems/ssl/demo.yeti-switch.org.key.pkcs8
profiles = { AES_256_CM_HMAC_SHA1_80, AES_256_CM_HMAC_SHA1_32, AES_CM_128_HMAC_SHA1_80, AES_CM_128_HMAC_SHA1_32 }
verify_certificate_chain = false
verify_certificate_cn = false
}
server {
protocols = { DTLSv1, DTLSv1.2 }
certificate = /etc/sems/ssl/demo.yeti-switch.org.crt_bundle
certificate_key = /etc/sems/ssl/demo.yeti-switch.org.key.pkcs8
profiles = { AES_256_CM_HMAC_SHA1_80, AES_256_CM_HMAC_SHA1_32, AES_CM_128_HMAC_SHA1_80, AES_CM_128_HMAC_SHA1_32 }
ciphers = {ChaCha20Poly1305, AES-256/GCM, AES-128/GCM, AES-256/CCM, AES-128/CCM, AES-256, AES-128}
macs = {AEAD, SHA-256, SHA-384, SHA-1}
verify_client_certificate = false
require_client_certificate = false
}
}
}
}
}
ip6 {
rtp {
address = 2001:67c:1324:101::24
low-port = 16383
high-port = 32767
dscp = 46
use-raw-sockets = off
srtp {
enable_srtp=yes
sdes {
profiles = { AES_256_CM_HMAC_SHA1_80, AES_256_CM_HMAC_SHA1_32, AES_CM_128_HMAC_SHA1_80, AES_CM_128_HMAC_SHA1_32 }
}
dtls {
client {
protocols = { DTLSv1, DTLSv1.2 }
certificate = /etc/sems/ssl/demo.yeti-switch.org.crt_bundle
certificate_key = /etc/sems/ssl/demo.yeti-switch.org.key.pkcs8
profiles = { AES_256_CM_HMAC_SHA1_80, AES_256_CM_HMAC_SHA1_32, AES_CM_128_HMAC_SHA1_80, AES_CM_128_HMAC_SHA1_32 }
verify_certificate_chain = false
verify_certificate_cn = false
}
server {
protocols = { DTLSv1, DTLSv1.2 }
certificate = /etc/sems/ssl/demo.yeti-switch.org.crt_bundle
certificate_key = /etc/sems/ssl/demo.yeti-switch.org.key.pkcs8
profiles = { AES_256_CM_HMAC_SHA1_80, AES_256_CM_HMAC_SHA1_32, AES_CM_128_HMAC_SHA1_80, AES_CM_128_HMAC_SHA1_32 }
ciphers = {ChaCha20Poly1305, AES-256/GCM, AES-128/GCM, AES-256/CCM, AES-128/CCM, AES-256, AES-128}
macs = {AEAD, SHA-256, SHA-384, SHA-1}
verify_client_certificate = false
require_client_certificate = false
}
}
}
}
}
}
}Section modules
Section modules describes which modules should be loaded. Module can optionally accept configuration.
modules {
module "Module1" {
/* Module1 configuration */
}
module "Module2" {
/* Module2 configuration */
}
}SEMS will lookup modules(.so binary libraries) at /usr/lib/sems/plug-in/ directory.
- path (default: /usr/lib/sems/plug-in/)
- Path to lookup for modules *.so files
- config_path (default: /etc/sems/etc/)
- Path prefix for modules to lookup for the additional module-specific config files
- module "mod_name" { /*cfg*/ }
- Load mod_name module with the specified configuration
- global-module "mod_name" { /*cfg*/ }
- Similar to module but loads *.so with
RTLD_NOW | RTLD_GLOBALflags. Needed for some plug-ins which should export symbols globally
Section routing
SEMS is application server so it is possible to load multiple application at same time and route incoming requests/sessions based on some conditions. Routing section allows to configure rules how to route incoming requests/dialogs.
routing {
application = yeti
}- application (default: empty)
Specifies applications to handle initial SIP INVITE requests.
Format is the list of mappings separated by
|. Session factory will iterate mappings in order they were specified until one of them returned destination applicationEach mapping can be one of:
app_nameexplicit application name
$(ruri.user)get application name from the INVITE RURI-user
$(ruri.param)get application name from the INVITE RURI header
app$(apphdr)get application name from the INVITE
P-App-Nameheader$(mapping)use regex mapping from the
/etc/sems/etc/app_mapping.conf# sems application mapping # # the application mapping defined here is used, # if application=$(mapping) is set in sems.conf. # # the first regular expression which matches on the # request URI sets the application that is executed. # # format: # regexp=>application # lines starting with '#' and empty lines are ignored ^sip:100=>echo .*=>yeti
- register_application (default: empty)
Override application for REGISTER requests
- options_application (default: empty)
Override application for OPTIONS requests