Module: kamailio
Branch: master
Commit: 24d310e463754d29b60ad919e7fcbd150cfca7f1
URL: https://github.com/kamailio/kamailio/commit/24d310e463754d29b60ad919e7fcbd1…
Author: Kamailio Dev <kamailio.dev(a)kamailio.org>
Committer: Kamailio Dev <kamailio.dev(a)kamailio.org>
Date: 2025-07-24T12:46:10+02:00
modules: readme files regenerated - tls ... [skip ci]
---
Modified: src/modules/tls/README
---
Diff: https://github.com/kamailio/kamailio/commit/24d310e463754d29b60ad919e7fcbd1……
[View More]Patch: https://github.com/kamailio/kamailio/commit/24d310e463754d29b60ad919e7fcbd1…
---
diff --git a/src/modules/tls/README b/src/modules/tls/README
index 3a8f18e5774..b6f8a0c0ba2 100644
--- a/src/modules/tls/README
+++ b/src/modules/tls/README
@@ -73,6 +73,8 @@ Olle E. Johansson
10.39. engine_algorithms (string)
10.40. verify_client (string)
10.41. provider_quirks (integer)
+ 10.42. keylog_mode (int)
+ 10.43. keylog_file (str)
11. Functions
@@ -151,9 +153,11 @@ Olle E. Johansson
1.49. Set rand_engine parameter
1.50. Set verify_client modparam parameter
1.51. Set verify_client tls.cfg parameter
- 1.52. is_peer_verified usage
- 1.53. tls_set_connect_server_id usage
- 1.54. Use of event_route[tls:connection-out]
+ 1.52. Set keylog_mode parameter
+ 1.53. Set keylog_file parameter
+ 1.54. is_peer_verified usage
+ 1.55. tls_set_connect_server_id usage
+ 1.56. Use of event_route[tls:connection-out]
Chapter 1. Admin Guide
@@ -211,6 +215,8 @@ Chapter 1. Admin Guide
10.39. engine_algorithms (string)
10.40. verify_client (string)
10.41. provider_quirks (integer)
+ 10.42. keylog_mode (int)
+ 10.43. keylog_file (str)
11. Functions
@@ -651,6 +657,8 @@ Place holder
10.39. engine_algorithms (string)
10.40. verify_client (string)
10.41. provider_quirks (integer)
+ 10.42. keylog_mode (int)
+ 10.43. keylog_file (str)
10.1. tls_method (string)
@@ -1648,6 +1656,36 @@ verify_client = optional_no_ca
* 1 - create a new `OSSL_LIB_CTX` context in the child process. Known
to be required when using OpenSSL 3 pkcs11-provider.
+10.42. keylog_mode (int)
+
+ Control the TLS key logging functionality, available for libssl version
+ greater than 1.1.0. Its value is composed from bitwise values (can be
+ made as sum of them):
+ * 0 - keys logging inactive
+ * 1 (bit 1) - keys logging active
+ * 2 (bit 2) - write keys to NOTICE log
+ * 4 (bit 3) - write keys to file
+
+ The default value: 0.
+
+ Example 1.52. Set keylog_mode parameter
+...
+modparam("tls", "keylog_mode", 7)
+...
+
+10.43. keylog_file (str)
+
+ Path to the file where to write the TLS keys. The values are appended
+ to the content of the file. The value 4 (bit 3) has to be set to
+ keylog_mode parameter.
+
+ The default value: NULL.
+
+ Example 1.53. Set keylog_file parameter
+...
+modparam("tls", "keylog_file", "/tmp/kamailio-tls-keylog.txt")
+...
+
11. Functions
11.1. is_peer_verified()
@@ -1661,7 +1699,7 @@ verify_client = optional_no_ca
It can be used only in a request route.
- Example 1.52. is_peer_verified usage
+ Example 1.54. is_peer_verified usage
...
if (proto==TLS && !is_peer_verified()) {
sl_send_reply("400", "No certificate or verification failed");
@@ -1680,7 +1718,7 @@ verify_client = optional_no_ca
It can be used only in ANY_ROUTE.
- Example 1.53. tls_set_connect_server_id usage
+ Example 1.55. tls_set_connect_server_id usage
...
tls_set_connect_server_id("clientone");
...
@@ -1772,7 +1810,7 @@ verify_client = optional_no_ca
If drop() is executed in the event route, then the data is no longer
sent over the connection.
- Example 1.54. Use of event_route[tls:connection-out]
+ Example 1.56. Use of event_route[tls:connection-out]
...
event_route[tls:connection-out] {
if($sndto(ip)=="1.2.3.4") {
[View Less]
sergey-safarov created an issue (kamailio/kamailio#4315)
### Description
Use case WebRTC client connected to Kaamilio Edge proxy.
For network connectivity reasons, the flow token may no longer be valid. In this case, behavior should be described in the [RFC5626, 5.3.1 Processing Incoming Requests](https://datatracker.ietf.org/doc/html/rfc5626#section-5.3.1)
> If the flow no longer exists, the proxy SHOULD send a 430 (Flow Failed) response to the request.
Also [9.3 Incoming Call and Proxy …
[View More]Crash](https://datatracker.ietf.org/doc/html/rfc5626#section-9.3)
> Bob's authoritative proxy first tries the flow to EP1, but EP1 no longer has a flow to Bob, so it responds with a 430 (Flow Failed) response.
To get it working, it will be fine to use construction like
```
if (!loose_route()) {
switch($rc) {
case -4:
sl_send_reply("403", "Flow Failed");
exit;
case -2:
sl_send_reply("403", "Forbidden");
exit;
default:
xlog("L_ERR", "in request_route\n");
sl_reply_error();
exit;
}
}
```
Where `loose_route` returns a new error code (`-4` for example). This error code is generated when the flow token points to not existing TCP/TLS/WSS connection.
### Expected behavior
Kamailio `loose_route` allows the check of flow token validity before messages related via non-existent TCP/TLS/WSS connections.
#### Actual observed behavior
For now, Kamailio tries to relay messages to non-existent client connections and generate an error message like
```
477 Unfortunately error on sending to next hop occurred (477/TM)
500 Message processing error (2/TM)
```
#### How to reproduce
Required to start Kamailio with a config like
```
listen=udp:127.0.0.1:5060
listen=tcp:127.0.0.1:5060
loadmodule "pv.so"
loadmodule "xlog.so"
loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "siputils.so"
loadmodule "rr.so"
loadmodule "stun.so"
loadmodule "outbound.so"
modparam("outbound", "force_outbound_flag", 1)
modparam("outbound", "flow_token_secret", "kamailio")
loadmodule "debugger.so"
modparam("debugger", "cfgtrace", 1)
modparam("debugger", "log_level_name", "exec")
request_route {
loose_route();
switch($rc) {
case -3:
xlog("L_ERR", "loose_route code -3\n");
break;
case -2:
xlog("L_ERR", "loose_route code -2\n");
break;
case -1:
xlog("L_ERR", "loose_route code -1\n");
break;
case 1:
xlog("L_ERR", "loose_route code 1\n");
break;
case 2:
xlog("L_ERR", "loose_route code 2\n");
break;
}
record_route();
if (has_totag()) {
t_relay();
} else {
t_relay_to_udp("127.0.0.1", "5080");
}
}
```
Then need to start SIPp server script using the command
```
sipp -sf uas.xml -p 5080 -d 4000 -bind_local 127.0.0.1
```
And then start SIPp client script using the command
```
sipp -sf uac.xml -m 1 -t t1 127.0.0.1
```
Where `uac.xml` and `uas.xml` are attached
[sipp-scripts.tar.gz](https://github.com/user-attachments/files/21187724/sip…
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/4315
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/4315(a)github.com>
[View Less]
Module: kamailio
Branch: master
Commit: e49d77af246c52591e76cfdcf0d59970d7349e7e
URL: https://github.com/kamailio/kamailio/commit/e49d77af246c52591e76cfdcf0d5997…
Author: Kamailio Dev <kamailio.dev(a)kamailio.org>
Committer: Kamailio Dev <kamailio.dev(a)kamailio.org>
Date: 2025-07-23T19:46:09+02:00
modules: readme files regenerated - topos ... [skip ci]
---
Modified: src/modules/topos/README
---
Diff: https://github.com/kamailio/kamailio/commit/e49d77af246c52591e76cfdcf0d5997……
[View More]
Patch: https://github.com/kamailio/kamailio/commit/e49d77af246c52591e76cfdcf0d5997…
---
diff --git a/src/modules/topos/README b/src/modules/topos/README
index 60a06f6b705..3f4d931cf26 100644
--- a/src/modules/topos/README
+++ b/src/modules/topos/README
@@ -573,11 +573,14 @@ request_route {
It is executed before doing topology stripping processing for an
outgoing SIP message. If 'drop' is executed inside the event route,
- then the module skips doing the out part of topology hiding.
+ then the module skips doing the outbound part of topology stripping.
- Only fake msg is available in this event route. Inside the event route
- the variables $sndto(ip), $sndto(port) and $sndto(proto) point to the
- destination.
+ The event route is executed with an internal fake SIP message for the
+ purpose of performace (i.e., no parsing of the outgoing message is
+ done), therefore the R-URI, headers and body do not reflect the content
+ of the outgoing message. However, inside the event route the variables
+ $sndto(ip), $sndto(port) and $sndto(proto) point to the real
+ destination of the SIP message.
Example 1.24. Usage of event_route[topos:msg-outgoing]
...
@@ -593,11 +596,14 @@ event_route[topos:msg-outgoing] {
It is executed before doing topology stripping processing for a SIP
message to be sent out, being executed after
event_route[topos:msg-outgoing]. If 'drop' is executed inside the event
- route, then the module skips doing the out part of topology hiding.
+ route, then the module skips doing the outbound part of topology
+ stripping.
- A copy of the SIP msg to be sent out is available in this event route.
- Inside the event route the variables $sndto(ip), $sndto(port) and
- $sndto(proto) point to the destination.
+ A copy of the SIP message to be sent out is made available in this
+ event route, thefore the R-URI, headers and body reflect the content of
+ the outgoing SIP message. Inside the event route the variables
+ $sndto(ip), $sndto(port) and $sndto(proto) point to the real
+ destination of the SIP message.
Example 1.25. Usage of event_route[topos:msg-sending]
...
@@ -612,10 +618,14 @@ event_route[topos:msg-sending] {
It is executed before doing topology stripping processing for an
incoming SIP message. If 'drop' is executed inside this event route,
- then the module skips doing the in part of topology hiding.
+ then the module skips doing the inbound part of topology stripping.
- Only fake msg is available in this event route. $si, $sp and $proto
- will have default fake values.
+ The event route is executed with an internal fake SIP message for the
+ purpose of performace (i.e., no parsing of the incoming message is
+ done), therefore the R-URI, headers and body do not reflect the content
+ of the incoming message. However, inside the event route the variables
+ $si, $sp and $proto point to the real source address of the SIP
+ message, as well as the keywords src_port and dst_port.
Example 1.26. Usage of event_route[topos:msg-incoming]
...
@@ -631,11 +641,13 @@ event_route[topos:msg-incoming] {
It is executed before doing topology stripping processing for a SIP
message that was received, being executed after
event_route[topos:msg-incoing]. If 'drop' is executed inside this event
- route, then the module skips doing the in part of topology hiding.
+ route, then the module skips doing the inbound part of topology hiding.
- A copy of the received SIP msg is available in this event route. $si,
- $sp and $proto will have correct, expected values. Also src_port and
- dst_port can be used here.
+ A copy of the incoming SIP message is made available in this event
+ route, thefore the R-URI, headers and body reflect the content of the
+ incoming SIP message. Inside the event route the variables $si, $sp and
+ $proto point to the real source address of the SIP message, as well as
+ the keywords src_port and dst_port.
Example 1.27. Usage of event_route[topos:msg-receiving]
...
[View Less]
Module: kamailio
Branch: master
Commit: a9d6658862a5d266853456e5201e6e08b7c81de5
URL: https://github.com/kamailio/kamailio/commit/a9d6658862a5d266853456e5201e6e0…
Author: Kamailio Dev <kamailio.dev(a)kamailio.org>
Committer: Kamailio Dev <kamailio.dev(a)kamailio.org>
Date: 2025-07-23T19:01:10+02:00
modules: readme files regenerated - topos ... [skip ci]
---
Modified: src/modules/topos/README
---
Diff: https://github.com/kamailio/kamailio/commit/a9d6658862a5d266853456e5201e6e0……
[View More]
Patch: https://github.com/kamailio/kamailio/commit/a9d6658862a5d266853456e5201e6e0…
---
diff --git a/src/modules/topos/README b/src/modules/topos/README
index 9c82ff026e1..60a06f6b705 100644
--- a/src/modules/topos/README
+++ b/src/modules/topos/README
@@ -573,13 +573,11 @@ request_route {
It is executed before doing topology stripping processing for an
outgoing SIP message. If 'drop' is executed inside the event route,
- then the module skips doing the topology hiding.
+ then the module skips doing the out part of topology hiding.
- Inside the event route the variables $sndto(ip), $sndto(port) and
- $sndto(proto) point to the destination. The SIP message is not the one
- to be sent out, but an internally generated one at startup, to avoid
- reparsing the outgoing SIP message for the cases when topology hiding
- is not wanted.
+ Only fake msg is available in this event route. Inside the event route
+ the variables $sndto(ip), $sndto(port) and $sndto(proto) point to the
+ destination.
Example 1.24. Usage of event_route[topos:msg-outgoing]
...
@@ -594,11 +592,12 @@ event_route[topos:msg-outgoing] {
It is executed before doing topology stripping processing for a SIP
message to be sent out, being executed after
- event_route[topos:msg-outgoing].
+ event_route[topos:msg-outgoing]. If 'drop' is executed inside the event
+ route, then the module skips doing the out part of topology hiding.
+ A copy of the SIP msg to be sent out is available in this event route.
Inside the event route the variables $sndto(ip), $sndto(port) and
- $sndto(proto) point to the destination. The SIP message is the one to
- be sent out.
+ $sndto(proto) point to the destination.
Example 1.25. Usage of event_route[topos:msg-sending]
...
@@ -612,13 +611,11 @@ event_route[topos:msg-sending] {
5.3. event_route[topos:msg-incoming]
It is executed before doing topology stripping processing for an
- incoming SIP message. If 'drop' is executed inside the event route,
- then the module skips doing the topology hiding.
+ incoming SIP message. If 'drop' is executed inside this event route,
+ then the module skips doing the in part of topology hiding.
- Inside the event route the variables $si, $sp and $proto point to the
- source address. The SIP message is not the one to be sent out, but an
- internally generated one at startup, to avoid reparsing the outgoing
- SIP message for the cases when topology hiding is not wanted.
+ Only fake msg is available in this event route. $si, $sp and $proto
+ will have default fake values.
Example 1.26. Usage of event_route[topos:msg-incoming]
...
@@ -633,10 +630,12 @@ event_route[topos:msg-incoming] {
It is executed before doing topology stripping processing for a SIP
message that was received, being executed after
- event_route[topos:msg-incoing].
+ event_route[topos:msg-incoing]. If 'drop' is executed inside this event
+ route, then the module skips doing the in part of topology hiding.
- Inside the event route the variables $si, $sp and $proto point to the
- source address. The SIP message is the one to be sent out.
+ A copy of the received SIP msg is available in this event route. $si,
+ $sp and $proto will have correct, expected values. Also src_port and
+ dst_port can be used here.
Example 1.27. Usage of event_route[topos:msg-receiving]
...
@@ -644,5 +643,13 @@ event_route[topos:msg-receiving] {
if(is_request() and $fU=="alice") {
drop;
}
+
+ if($sp==5555 || $si=="1.2.3.4") {
+ drop;
+ }
+
+ if(src_port==1234 || dst_port==5678) {
+ drop;
+ }
}
...
[View Less]
Updated documentation.
<!-- Kamailio Pull Request Template -->
<!--
IMPORTANT:
- for detailed contributing guidelines, read:
https://github.com/kamailio/kamailio/blob/master/.github/CONTRIBUTING.md
- pull requests must be done to master branch, unless they are backports
of fixes from master branch to a stable branch
- backports to stable branches must be done with 'git cherry-pick -x ...'
- code is contributed under BSD for core and main …
[View More]components (tm, sl, auth, tls)
- code is contributed GPLv2 or a compatible license for the other components
- GPL code is contributed with OpenSSL licensing exception
-->
#### Pre-Submission Checklist
<!-- Go over all points below, and after creating the PR, tick all the checkboxes that apply -->
<!-- All points should be verified, otherwise, read the CONTRIBUTING guidelines from above-->
<!-- If you're unsure about any of these, don't hesitate to ask on sr-dev mailing list -->
- [X] Commit message has the format required by CONTRIBUTING guide
- [X] Commits are split per component (core, individual modules, libs, utils, ...)
- [X] Each component has a single commit (if not, squash them into one commit)
- [X] No commits to README files for modules (changes must be done to docbook files
in `doc/` subfolder, the README file is autogenerated)
#### Type Of Change
- [X] Small bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds new functionality)
- [ ] Breaking change (fix or feature that would change existing functionality)
#### Checklist:
<!-- Go over all points below, and after creating the PR, tick the checkboxes that apply -->
- [ ] PR should be backported to stable branches
- [X] Tested changes locally
- [ ] Related to issue #XXXX (replace XXXX with an open issue number)
#### Description
<!-- Describe your changes in detail -->
Right now if I try to log $sp in event_route[topos:msg-receiving], will have value 0.
Updated documentation too, related to those event routes.
You can view, comment on, or merge this pull request online at:
https://github.com/kamailio/kamailio/pull/4329
-- Commit Summary --
* topos: expose rcv data in event routes
-- File Changes --
M src/modules/topos/doc/topos_admin.xml (41)
M src/modules/topos/topos_mod.c (6)
-- Patch Links --
https://github.com/kamailio/kamailio/pull/4329.patchhttps://github.com/kamailio/kamailio/pull/4329.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/4329
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/pull/4329(a)github.com>
[View Less]