Hi List
I'm looking into the perl module.
Am I right, that I can not add or remove HF from an app_perl subroutine?
I would need to pass an AVP from perl to tell Kamailio what to do?
Goal is an attempt to re-build part of the topos functionality in
perl but only handling RR and Route Header only on one leg, not on
both.
--
Mit freundlichen Grüssen
-Benoît Panizzon- @ HomeOffice und normal erreichbar
--
I m p r o W a r e A G - Leiter Commerce Kunden
______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 Pratteln Fax +41 61 826 93 01
Schweiz Web http://www.imp.ch
______________________________________________________
Hi,
I noticed that if I enable tcp_accept_haproxy kamailio still can accept connections without the PROXY-protocol header.
The documentation on the wiki has the following note:
"Please note that enabling this option will reject any inbound TCP connection that does not conform to the PROXY-protocol spec."
https://www.kamailio.org/wiki/cookbooks/devel/core#tcp_accept_haproxy
This could be true up until a specific version of kamalio but from 5.7.4+ this limitation is seems to be removed.
Enabling tcp_accept_haproxy is breaking the outbound/rr module because it con’t find the socket based on the address and port from the flow token.
The flow tokens created by a REGISTER on a connection without a PROXY header can be used.
Flow tokens created from a connection with PROXY-protocol header will fail with "cannot find socket from flow-token” once loose_route is invoked.
loose.c:561
/* First, force the local socket */
si = find_si(&rcv->dst_ip, rcv->dst_port, rcv->proto);
if(si)
set_force_socket(_m, si);
else {
LM_INFO("cannot find socket from flow-token\n");
return -1;
}
I’m not sure if the address and/or port values stored in the flow token are incorrect or the problem lies in the matiching in find_is(…).
Wolter
Hello,
I am using letsencrypt cert and key and do not want to restart kamailio
every 3 months to load new ones.
I know that there is: kamcmd tls.reload method but it has an error for me.
error: 500 - Error while fixing TLS configuration (consult server log)
I am checking the logs and see:
kamailio[3865480]: INFO: tls [tls_domain.c:345]: ksr_tls_fill_missing():
TLSs<default>: tls_method=3
kamailio[3865480]: INFO: tls [tls_domain.c:357]: ksr_tls_fill_missing():
TLSs<default>: certificate='/etc/kamailio/certs/my_cert.crt'
kamailio[3865480]: INFO: tls [tls_domain.c:364]: ksr_tls_fill_missing():
TLSs<default>: ca_list='(null)'
kamailio[3865480]: INFO: tls [tls_domain.c:371]: ksr_tls_fill_missing():
TLSs<default>: ca_path='(null)'
kamailio[3865480]: INFO: tls [tls_domain.c:378]: ksr_tls_fill_missing():
TLSs<default>: crl='(null)'
kamailio[3865480]: INFO: tls [tls_domain.c:382]: ksr_tls_fill_missing():
TLSs<default>: require_certificate=0
kamailio[3865480]: INFO: tls [tls_domain.c:390]: ksr_tls_fill_missing():
TLSs<default>: cipher_list='(null)'
kamailio[3865480]: INFO: tls [tls_domain.c:397]: ksr_tls_fill_missing():
TLSs<default>: private_key='/etc/kamailio/certs/private.key'
kamailio[3865480]: INFO: tls [tls_domain.c:401]: ksr_tls_fill_missing():
TLSs<default>: verify_certificate=0
kamailio[3865480]: INFO: tls [tls_domain.c:406]: ksr_tls_fill_missing():
TLSs<default>: verify_depth=9
kamailio[3865480]: INFO: tls [tls_domain.c:410]: ksr_tls_fill_missing():
TLSs<default>: verify_client=0
kamailio[3865480]: NOTICE: tls [tls_domain.c:1168]: ksr_tls_fix_domain():
registered server_name callback handler for socket [:0],
server_name='<default>' ...
kamailio[3865480]: ERROR: tls [tls_domain.c:590]: load_cert():
TLSs<default>: Unable to load certificate file
'/etc/kamailio/certs/my_cert.crt'
kamailio[3865480]: ERROR: tls [tls_util.h:49]: tls_err_ret():
load_cert:error:03000072:digital envelope routines::decode error (sni:
unknown)
kamailio[3865480]: ERROR: tls [tls_util.h:49]: tls_err_ret():
load_cert:error:0A00018F:SSL routines::ee key too small (sni: unknown)
Any advice ?
It's interesting that there are not any errors in case I restart kamailio.
I can make TLS calls without problems.
deb 12.5
version: kamailio 5.7.4 (x86_64/linux)
Hello,
FOSDEM'25 will host again a RTC DevRoom during the afternoon of February
1, 2025 (Saturday) -- more details and the call for presentation can be
read at:
- https://lists.fosdem.org/pipermail/fosdem/2024q4/003584.html
I am not sure if I can participate (chances are more towards no, than to
yes), but if anyone considers to go to the event, it will be good to
submit a proposal to cover a bit Kamailio as well (it doesn't have to be
entirely about Kamailio).
Note that FOSDEM imposes a strict deadline this time for submissions
(Dec 1, 2024), thus is no much time left. Should anyone in these groups
plans to submit a proposal, let us know, so the others have an idea
about it.
Cheers,
Daniel
--
Daniel-Constantin Mierla (@ asipto.com)
twitter.com/miconda -- linkedin.com/in/miconda
Kamailio Consultancy, Training and Development Services -- asipto.com
Hi,
we would like to replicate a SIP-message ("REGISTER" in our case) to a
set of nodes for further asynchronous processing. The message is already
processed on the local Kamailio.
We thought about using the tm-module in conjunction with the dispatcher
module so we can reliably forward the message.
This seems to work, however we get a new problem: Kamailio forwards the
response it gets from those nodes.
When we drop the response in the reply_route, it gets dropped before TM
can see it.
When we drop the response in the on_reply_route, it still will be
forwarded. (adding or removing a header here works, however) $du is set
to $null.
Is there any clean way to suppress that response being forwarded back to
the original requester?
Best regards
Christian Berger
--
Christian Berger - berger(a)sipgate.de
Telefon: +49 (0)211-63 55 55-0
Telefax: +49 (0)211-63 55 55-22
sipgate GmbH - Gladbacher Str. 74 - 40219 Düsseldorf
HRB Düsseldorf 39841 - Geschäftsführer: Thilo Salmon, Tim Mois
Steuernummer: 106/5724/7147, Umsatzsteuer-ID: DE219349391
www.sipgate.de - www.sipgate.co.uk
Im using the module RTPengine. im having issues when ever i try to do a
call using SRTP im using microsip i have checked the SDP everything ok. But
when ever i place the call it gets rejected. if i disable SRTP then the
calls work
if (!rtpengine_offer("replace-origin replace-session-connection ICE=force
RTP/SAVP RTP/AVP")) {
I only need to encrypt client -> proxy from proxy -> asterisk should be
plain rtp i hope someone can help me out thank you.
The log in rtpengine shows this
[1731055305.417896] ERR: [2a721ebf2c73414ab8e739d7bde912f9//1 port 14124]:
[srtp] SRTP output wanted, but no crypto suite was negotiated
Hi all
I've installed a (pretty old) presence_dfks module that allows setting the presence using the following command:
kamctl fifo pua_publish sip:1000@10.10.99.254 3600 as-feature-event application/x-as-feature-event+xml . . . "<?xml version='1.0' encoding='ISO-8859-1'?><ForwardingEvent><device><notKnown/></device><forwardingType>forwardImmediate</forwardingType><forwardStatus>true</forwardStatus><forwardTo>1234</forwardTo></ForwardingEvent>"
The "pua_mi" module was however removed in Kamailio and jsonrpcs/xmlrpcs are supposed to be an alternative.
I've tried both the following calls, but neither does recognize the pua_publish/pua.publish as a valid method.
Attempt with jsonrpc:
curl -H "Content-Type: application/json" -X POST -d '{"jsonrpc": "2.0", "method": "pua.publish", "params": [""], "id":1}' https://sbctest.tel.redacted.xx:5061/RPC/
ERROR: jsonrpcs [jsonrpcs_mod.c:1422]: ki_jsonrpcs_dispatch(): method callback not found [pua.publish]
Attempt with xmlrpc:
curl -H "Content-Type: text/xml" -X POST -d '<?xml version="1.0" ?><methodCall><methodName>pua_publish</methodName><params><param><value><string>sip:jh@sbctest.tel.redacted.xx</string></value></param><param><value><string>7776000</string></value></param><param><value><string>as-feature-event</string></value></param><param><value><string>application/as-feature-event</string></value></param><param><value><string>.</string></value></param><param><value><string>a.1481534683.13958.6.7</string></value></param><param><value><string>sip:127.0.0.1:5080;transport=tcp</string></value></param><param><value><string>P-Flags: 0</string></value></param><param><value><string>Messages-Waiting: yesMessage-Account: sip:jh@sbctest.tel.redacted.xxVoice-Message: 2/0 (0/0)</string></value></param></params></methodCall>' https://sbctest.tel.redacted.xx:5061/RPC/
<?xml version="1.0"?>
<methodResponse>
<fault>
<value>
<struct>
<member>
<name>faultCode</name>
<value><int>500</int></value>
</member>
<member>
<name>faultString</name>
<value><string>Method Not Found</string></value>
</member>
</struct>
</value>
</fault>
Anyone who had some luck in this matter?
Best regards,
Dries
Hi all
I've installed a custom presence_dkfs module (https://github.com/tombeard/presence_dfks) in an effort to make our Grandstream devices (connected over TLS) display a server set callforward using Broadsoft's Device Feature Key Sync.
The module was installed succesfully, but it appears that the NOTIFY upon SUBSCRIBE cannot be sent over TLS. This part seems to use the default presence module however so I'm taking my chances here to ask for some advice. I have already disabled verify_certificate in tls.cfg. The "dst addr: 193.19x.x.x:0" does seem to have an incorrect port as I should expect 5061?
INFO: {1 600000 SUBSCRIBE 319937814-5062-3(a)BHC.DA.GB.CD} presence [notify.c:1744]: send_notify_request(): NOTIFY sip:544460@sbctest.tel.redacted.xx via sip:544460@172.30.61.23:5062;transport=tls on behalf of sip:544460@sbctest.tel.redacted.xx for event as-feature-event : 319937814-5062-3(a)BHC.DA.GB.CD
ERROR: tls [tls_server.c:1312]: tls_h_read_f(): protocol level error
ERROR: tls [tls_util.h:50]: tls_err_ret(): TLS connect:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure (sni: unknown)
ERROR: tls [tls_server.c:1316]: tls_h_read_f(): src addr: 172.30.61.23:5062
ERROR: tls [tls_server.c:1319]: tls_h_read_f(): dst addr: 193.19x.x.x:0
ERROR: <core> [core/tcp_read.c:1526]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f6d55b4b360 r: 0x7f6d55b4b488 (-1)
Your advice is most appreciated!
Cheers,
Dries
Hi,
I am trying to use dlg_req_within() for a 3pcc-style call setup, to set up media via a reinvite:
1. Store original SDP offer from caller in $dlg_var()s;
2. Later, after e2e ACK is processed for initial INVITE transaction, send reinvite to callee using dlg_req_within(). I call rtpengine_offer() and feed it the original SDP offer (via read_sdp_pv modparam), and take the RTPEngine-transformed SDP and feed that to dlg_req_within():
dlg_req_within("callee", "INVITE", "application/sdp", "$var(sdp_from_rtpengine)");
3. I have found that event_route[tm:local-response] does not allow me to capture the 200 OK / SDP answer to this reinvite; it is internally absorbed.
However, it is possible to arm an onreply_route in event_route[tm:local-request], to receive the 200 OK:
event_route[tm:local-request] {
if(method == "INVITE" && has_body("application/sdp"))
t_on_reply("REINVITE_REPLY");
}
4. My intent is for this reinvite reply handler to set off a reinvite to the caller side:
onreply_route[REINVITE_REPLY] {
if(method == "INVITE" && has_body("application/sdp") && t_check_status("200")) {
...
$var(rtpengine_use_this_sdp) = $rb;
rtpengine_answer("...");
dlg_req_within("caller", "INVITE", "application/sdp", "$var(sdp_from_rtpengine)");
}
This ensures proper relay symmetry. Otherwise, the caller will continue to send RTP to the previous upstream endpoint of the call, prior to any reinvite.
However, dlg_req_within() doesn't work in this later context, even though the documentation says it can be used from ANY_ROUTE. Kamailio doesn't complain, there is no error. It just doesn't initiate a reinvite to the caller.
I considered the possibility that this may be because the calling scope is that of a pending reinvite transaction to the callee, but there is no obvious way to defer that into the future. If I send it to an async task worker, the transaction scope required for dlg_req_within() to know which dialog it's operating on will be lost.
Any ideas appreciated, and thank you in advance!
-- Alex
--
Alex Balashov
Principal Consultant
Evariste Systems LLC
Web: https://evaristesys.com
Tel: +1-706-510-6800
