Hello,
I have this xhttp event_route on Kamailio that I am using to signal
the proxy to reload dialplans and htable when necessary:
event_route[xhttp:request] {
if(src_ip!=127.0.0.1) {
xhttp_reply("403", "Forbidden", "text/html",
"<html><body>Not allowed from $si</body></html>");
exit;
}
if ($hu =~ "^/RPC") {
jsonrpc_dispatch();
} else {
xhttp_reply("200", "OK", "text/html",
"<html><body>Wrong URL $hu</body></html>");
}
return;
}
Now instead of returning 403 forbidden for requests coming from other
src_ip than proxy itsef, I would like to authenticate the http request
via proxy database. How can this be done if possible?
Cheers,
Olli
Hi all,
i try to configure an SBC OS config [1] based kamailio 5.2.3 [2] with
dispatcher and rtpengine.
I used transport=tcp to see the plain traffic and then switched to TLS
(with tls.cfg, valid certificate and stuff).
After starting up, the Target is marked as "down".
Due the encryption its hard to debug that.
Any hints? Did i made an mistake in the configuration?
TLS calls from the target to my kamailio proxy works. So its "half broken"
:) at the moment.
[1]
https://github.com/voiceboys/sbcOS/blob/master/SbcOS/configs/voice/kamailio…
[2]
kamailio -v
version: kamailio 5.2.3 (x86_64/linux) c36229
flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS,
DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC,
Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX,
FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR,
USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144 MAX_URI_SIZE 1024,
BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: c36229
compiled on 11:28:11 May 22 2019 with gcc 4.8.5
-- %< --------------------- kamctl dispatcher dump
"SET": {
"ID": 1004,
"TARGETS": [{
"DEST": {
"URI": "sip:sip101.example.de;transport=tls",
"FLAGS": "TP",
"PRIORITY": 0,
"ATTRS": {
"BODY":
"access=212.xx.xx.xx:5061;socket=tls:212.xx.xx.xx:5061;weight=100;ping_from=sip:
mykamailio.example.de",
"DUID": "",
"MAXLOAD": 0,
"WEIGHT": 100,
"RWEIGHT": 0,
"SOCKET": "tls:212.xx.xx.xx:5061"
},
"LATENCY": {
"AVG": 30000,
"STD": 0,
"EST": 30000,
"MAX": 30000,
"TIMEOUT": 1
}
}
}]
}
},
-- %< --------------------- kamctl dispatcher dump
WARNING: <script>: Destination down: OPTIONS
ru=sip101.example.de;transport=tls
du=<null>
-- %< --------------------- tls.cfg
[server:default]
method = TLSv1
verify_certificate = no
require_certificate = no
private_key = /etc/pki/tls/private/mykamailio.example.de.pem
certificate = /etc/pki/tls/private/mykamailio.example.de.pem
server_name = mykamailio.example.de
[server:212.xx.xx.xx:5061]
method = TLSv1+
verify_certificate = no
require_certificate = no
private_key = /etc/pki/tls/private/mykamailio.example.de.pem
certificate = /etc/pki/tls/private/mykamailio.example.de.pem
server_name = mykamailio.example.de
# This is the default client domain, settings
# in this domain will be used for all outgoing
# TLS connections that do not match any other
# client domain in this configuration file.
# We require that servers present valid certificate.
#
[client: 212.xx.xx.xx:5061]
method = TLSv1+
verify_certificate = no
require_certificate = no
private_key = /etc/pki/tls/private/mykamailio.example.de.pem
certificate = /etc/pki/tls/private/mykamailio.example.de.pem
server_name = mykamailio.example.de
[client:default]
verify_certificate = no
require_certificate = no
-- %< --------------------- tls.cfg
Cheers Karsten
--
Mit freundlichen Grüßen
*Karsten Horsmann*
Greetings,
I have some questions about dispatcher's probing mechanics :
1 - In my SBC i have 26 gateways being probed. However, if i do a SIP
capture no more than 16 gateways are probed each minute. Some gateways are
always probed, others only once in a while.
2 - I have two SBC working in a pair with DB being replicated and with HA
IPs. That being said i configure one NAP twice, each configuration with one
HA socket. Is this configuration supported? I get very weird behaviours
when i configure it like this.
Best Regards,
Duarte Rocha
I am using dmq_usrloc, to replicate user locations across multiple Kamailio
instances. Everything works fine. The problem occurs when a user on Kam1
wants to call a user on Kam2. How can I query the in-memory location table
to see where the user is registered?
PS: I use a Path header to specify the server that each user is registered
on.
Hi all,
According to this SO question
<https://stackoverflow.com/questions/32519551/kamailio-concurrent-calls-afte…>
I
tried to forward received message to multiple destinations with the
following Lua script. But in the second UA I got duplicate Via header. Here
is the Lua script:
```Lua
KSR.forward_uri("sip:ali@192.168.1.50:7080;transport=UDP");
KSR.forward_uri("sip:tes@192.168.1.50:9080;transport=UDP");
```
And here is the received Via headers is `tes` UA:
```
Via: SIP/2.0/UDP
192.168.1.21;branch=z9hG4bKbe8c.953ed42f0bcc438c6991121d3483010b.0
Via: SIP/2.0/UDP
192.168.1.21;branch=z9hG4bKbe8c.953ed42f0bcc438c6991121d3483010b.0
Via: SIP/2.0/UDP 10.189.219.4:5060
;rport=5060;rport=5060;branch=z9hG4bK-4177-1-2
```
Would you please help me to forward message to multiple destination without
duplicate Via headers?
Regards,
Ali
Hi :)
I'm trying to save a failed call in the kamailio_router.acc_cdrs database
after sending the 403 Forbidden by router, using the module acc, if is it
possible?
https://www.kamailio.org/docs/modules/5.2.x/modules/acc.html
Something like this:
route[IS_CALLER_BLACKLISTED] {
python_exec("check_caller_blacklisted");
if ($var(callerBlacklisted) == 1){
t_send_reply("403", "Forbidden");
IT’S POSSIBLE HERE SAVE A CALL ON KAMAILIO_ROUTER.ACC_CDRS?
exit;
}
Thanks in advance!
Miro
I understand, to get the cdr you should have created the dialog before
replying.
Cheers,
Federico
On Fri, 14 Jun 2019, 17:05 Pejic, Miroslav, <miroslav.pejic(a)cloud.timenet.it>
wrote:
> [image: image.png]
>
> The call doesn't even begin, I immediately block it. :)
>
> Il giorno ven 14 giu 2019 alle ore 16:59 Pejic, Miroslav <
> miroslav.pejic(a)cloud.timenet.it> ha scritto:
>
>> Hi Federico,
>>
>> i tryied also with `modparam("acc", "cdr_on_failed", 1)`
>> but in my case the call is not saved at all on `acc_cdrs`,
>> with the second method i mentioned works :)
>> Thanks
>> Miro
>>
>> Il giorno ven 14 giu 2019 alle ore 16:14 Federico Cabiddu <
>> federico.cabiddu(a)gmail.com> ha scritto:
>>
>>> Hi,
>>> dialog CDR for failed calls can be generated enabling
>>>
>>> http://www.kamailio.org/docs/modules/devel/modules/acc.html#acc.p.cdr_on_fa…
>>>
>>> It has been some time since I last tested it, but it still should work :)
>>>
>>> Cheers,
>>>
>>> Federico
>>>
>>> On Fri, Jun 14, 2019 at 3:25 PM Daniel-Constantin Mierla <
>>> miconda(a)gmail.com> wrote:
>>>
>>>> Hello,
>>>>
>>>> it should be ok also with 2) if it gives what you want. Kamailio is
>>>> just writing to acc_cdrs, if you have extra columns, it should not be
>>>> affected.
>>>>
>>>> Cheers,
>>>> Daniel
>>>> On 14.06.19 14:16, Pejic, Miroslav wrote:
>>>>
>>>> Hi Daniel :)
>>>>
>>>> i tryied 2 methods to save it
>>>>
>>>> 1) i created a new table on kamailio_router called `acc`
>>>>
>>>> from `utils/kamctl/mysql/acc-create.sql`
>>>>
>>>> ```
>>>> CREATE TABLE `acc` (
>>>> `id` INT(10) UNSIGNED AUTO_INCREMENT PRIMARY KEY NOT NULL,
>>>> `method` VARCHAR(16) DEFAULT '' NOT NULL,
>>>> `from_tag` VARCHAR(128) DEFAULT '' NOT NULL,
>>>> `to_tag` VARCHAR(128) DEFAULT '' NOT NULL,
>>>> `callid` VARCHAR(255) DEFAULT '' NOT NULL,
>>>> `sip_code` VARCHAR(3) DEFAULT '' NOT NULL,
>>>> `sip_reason` VARCHAR(128) DEFAULT '' NOT NULL,
>>>> `time` DATETIME NOT NULL
>>>> );
>>>> CREATE INDEX callid_idx ON acc (`callid`);
>>>> ```
>>>> then
>>>>
>>>> ```
>>>> route[IS_CALLER_BLACKLISTED] {
>>>>
>>>> python_exec("check_caller_blacklisted");
>>>>
>>>> if ($var(callerBlacklisted) == 1){
>>>>
>>>> t_send_reply("403", "Forbidden");
>>>>
>>>> acc_db_request("403 Forbidden", "acc");
>>>>
>>>> exit;
>>>>
>>>> }
>>>>
>>>> ```
>>>>
>>>> in `acc` i have now calls that were not answered with 200ok :)
>>>>
>>>>
>>>> 2) add new fields on exsisting acc_cdrs table used to store cdrs
>>>>
>>>> ```
>>>> ALTER TABLE `acc_cdrs` ADD COLUMN `from_tag` varchar(128) DEFAULT NULL
>>>> AFTER `dst_domain`;
>>>> ALTER TABLE `acc_cdrs` ADD COLUMN `to_tag` VARCHAR(128) DEFAULT NULL
>>>> AFTER `from_tag`;
>>>> ALTER TABLE `acc_cdrs` ADD COLUMN `sip_code` VARCHAR(3) DEFAULT NULL
>>>> AFTER `to_tag`;
>>>> ALTER TABLE `acc_cdrs` ADD COLUMN `sip_reason` varchar(128) DEFAULT
>>>> NULL AFTER `sip_code`;
>>>> ALTER TABLE `acc_cdrs` ADD COLUMN `time` datetime DEFAULT NULL AFTER
>>>> `sip_reason`;
>>>> ```
>>>>
>>>> ```
>>>> route[IS_CALLER_BLACKLISTED] {
>>>>
>>>> python_exec("check_caller_blacklisted");
>>>>
>>>> if ($var(callerBlacklisted) == 1){
>>>>
>>>> t_send_reply("403", "Forbidden");
>>>>
>>>> acc_db_request("403 Forbidden", "acc_cdrs");
>>>>
>>>> exit;
>>>>
>>>> }
>>>>
>>>> ```
>>>>
>>>> In this way i have both stored calls that were not answered with 200ok
>>>> and that were answered with 200ok.
>>>> The idea is to have all in one table `acc_cdrs`.
>>>>
>>>> Can be ok also the second solution?
>>>>
>>>> Thank you very much!
>>>> Miro
>>>>
>>>> Il giorno ven 14 giu 2019 alle ore 09:06 Daniel-Constantin Mierla <
>>>> miconda(a)gmail.com> ha scritto:
>>>>
>>>>> Hello,
>>>>>
>>>>> I don't think that you can get a dialog-based CDR for calls that were
>>>>> not answered with 200ok. But you can get a record in acc table, by storing
>>>>> failed transaction record (see the mod params for acc and failed
>>>>> transaction flag or use acc_db_request()).
>>>>>
>>>>> Cheers,
>>>>> Daniel
>>>>> On 13.06.19 22:45, Pejic, Miroslav wrote:
>>>>>
>>>>> Hi :)
>>>>>
>>>>>
>>>>> I'm trying to save a failed call in the kamailio_router.acc_cdrs
>>>>> database
>>>>>
>>>>> after sending the 403 Forbidden by router, using the module acc, if is
>>>>> it possible?
>>>>>
>>>>>
>>>>> https://www.kamailio.org/docs/modules/5.2.x/modules/acc.html
>>>>>
>>>>>
>>>>> Something like this:
>>>>>
>>>>>
>>>>> route[IS_CALLER_BLACKLISTED] {
>>>>>
>>>>>
>>>>> python_exec("check_caller_blacklisted");
>>>>>
>>>>>
>>>>> if ($var(callerBlacklisted) == 1){
>>>>>
>>>>>
>>>>> t_send_reply("403", "Forbidden");
>>>>>
>>>>>
>>>>> IT’S POSSIBLE HERE SAVE A CALL ON KAMAILIO_ROUTER.ACC_CDRS?
>>>>>
>>>>>
>>>>>
>>>>> exit;
>>>>>
>>>>> }
>>>>>
>>>>>
>>>>> Thanks in advance!
>>>>>
>>>>> Miro
>>>>>
>>>>> _______________________________________________
>>>>> Kamailio (SER) - Users Mailing Listsr-users@lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>
>>>>> --
>>>>> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda
>>>>>
>>>>> --
>>>> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda
>>>>
>>>> _______________________________________________
>>>> Kamailio (SER) - Users Mailing List
>>>> sr-users(a)lists.kamailio.org
>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>>