sr-users November 2024

sr-users@lists.kamailio.org

38 participants
40 discussions

dynamic selection of authentication algorithm
by Juha Heinanen 28 Oct '25

28 Oct '25

How about this new function that sets the algorithm? -- Juha iff --git a/src/modules/auth/auth_mod.c b/src/modules/auth/auth_mod.c index 534ad9e20f..4e3a584d22 100644 --- a/src/modules/auth/auth_mod.c +++ b/src/modules/auth/auth_mod.c @@ -74,6 +74,10 @@ int w_consume_credentials(struct sip_msg *msg, char *s1, char *s2); * Check for credentials with given realm */ int w_has_credentials(struct sip_msg *msg, char *s1, char *s2); +/* + * Set authentication algorithm + */ +int w_auth_algorithm(struct sip_msg *msg, char *alg, char* s2); static int pv_proxy_authenticate( struct sip_msg *msg, char *realm, char *passwd, char *flags); @@ -170,6 +174,8 @@ static cmd_export_t cmds[] = { REQUEST_ROUTE}, {"pv_auth_check", (cmd_function)w_pv_auth_check, 4, fixup_pv_auth_check, 0, REQUEST_ROUTE}, + {"auth_algorithm", w_auth_algorithm, 1, fixup_spve_null, 0, + REQUEST_ROUTE}, {"bind_auth_s", (cmd_function)bind_auth_s, 0, 0, 0}, {0, 0, 0, 0, 0, 0} @@ -475,6 +481,35 @@ int w_has_credentials(sip_msg_t *msg, char *realm, char *s2) return -1; } return ki_has_credentials(msg, &srealm); + +} +/** + * + */ +int w_auth_algorithm(sip_msg_t *msg, char* alg, char* s2) +{ + if (fixup_get_svalue(msg, (gparam_t*)alg, &auth_algorithm) < 0) { + LM_ERR("failed to get algorithm value\n"); + return -1; + } + + if (strcmp(auth_algorithm.s, "MD5") == 0) { + hash_hex_len = HASHHEXLEN; + calc_HA1 = calc_HA1_md5; + calc_response = calc_response_md5; + } + else if (strcmp(auth_algorithm.s, "SHA-256") == 0) { + hash_hex_len = HASHHEXLEN_SHA256; + calc_HA1 = calc_HA1_sha256; + calc_response = calc_response_sha256; + } + else { + LM_ERR("Invalid algorithm provided." + " Possible values are \"\", \"MD5\" or \"SHA-256\"\n"); + return -1; + } + + return 1; } #ifdef USE_NC

5 13

SIP Trunk registration In Kamailio
by tanmoykarmakar10＠gmail.com 14 Oct '25

14 Oct '25

I want to register SIP Trunk directly in Kamailio. How can I register the SIP trunk in Kamailio. Please find the below sample SIP trunk details. Network IP 10.2.2.2 Subnet Mask 255.255.255.252 Customer IP 10.3.3.3 Gateway IP 10.1.1.1 SBCIP 10.4.4.4 Username 12345678 Password 1234 Please help me with configuration to register SIP trunk in kamailio.

4 4

Support for TLS server_name extension (aka SNI=server name indication)
by Barry Flanagan 04 Sep '25

04 Sep '25

Hi, Back in Kamailio 1.5, the release notes state: "support for TLS server_name extension (aka SNI=server name indication)" However, I cannot find any indication of this in the current TLS docs, and trying to set tls_server_name or server_name in tls.cfg fails with "unsupported option". Is this actually supported? Thanks. -Barry Flanagan

5 7

[4.2] how to send out BYE successfully to close a TCP/TLS connection which misses the connection ID?
by Jack Wang 02 Sep '25

02 Sep '25

For some reasons, My settings will cause kamailio to be restarted even if there were connections connected to it. And when one SIP client in a connection wanted to hangup the call with a WebRTC Client (SIP over websocket) after the proxy-restarting, local client was closed, however , the other side was not. >From the log below it seems that the connection missed. Jan 30 18:19:31 ./kamailio[27857]: WARNING: <core> [msg_translator.c:2777]: via_builder(): TCP/TLS connection (id: 0) for WebSocket could not be found Jan 30 18:19:31 ./kamailio[27857]: ERROR: tm [t_msgbuilder.c:1365]: assemble_via(): assemble_via: via building failed Jan 30 18:19:31 ./kamailio[27857]: ERROR: tm [t_msgbuilder.c:1545]: build_uac_req(): build_uac_req(): Error while assembling Via Jan 30 18:19:31 ./kamailio[27857]: ERROR: tm [uac.c:379]: t_uac_prepare(): t_uac: Error while building message So, Is it equivalent to connection ID missing? And is there any way to make Websocket found the connection? Btw, after proxy-restarting for seconds , I typed `sh kamctl stats` : websocket:ws_current_connections = 1 It showed that the WebRTC Client will re-connect automatically, So I think this connection could be found by proxy, Any suggestion? Thanks :)

2 3

[Serusers] Digest Authentication with Tenor DX
by Ashutosh Kumar 29 Apr '25

29 Apr '25

Hi, Does someone have any idea/experience with Quintum DX radius server's support for digest mode authentication. The Access-Request packets sent by SER are getting an error back. Guide. Regards, Ashutosh Kumar Chetu, Inc. Ph : 1(305) 402 6724 - Witin US Ph : 91 120 5323340 - Outside US Fax:1 (305) 832 5987 For more information, please visit http://www.chetu.com

2 1

kamcmd tls.reload issue
by Yuriy Nasida 14 Jan '25

14 Jan '25

Hello, I am using letsencrypt cert and key and do not want to restart kamailio every 3 months to load new ones. I know that there is: kamcmd tls.reload method but it has an error for me. error: 500 - Error while fixing TLS configuration (consult server log) I am checking the logs and see: kamailio[3865480]: INFO: tls [tls_domain.c:345]: ksr_tls_fill_missing(): TLSs<default>: tls_method=3 kamailio[3865480]: INFO: tls [tls_domain.c:357]: ksr_tls_fill_missing(): TLSs<default>: certificate='/etc/kamailio/certs/my_cert.crt' kamailio[3865480]: INFO: tls [tls_domain.c:364]: ksr_tls_fill_missing(): TLSs<default>: ca_list='(null)' kamailio[3865480]: INFO: tls [tls_domain.c:371]: ksr_tls_fill_missing(): TLSs<default>: ca_path='(null)' kamailio[3865480]: INFO: tls [tls_domain.c:378]: ksr_tls_fill_missing(): TLSs<default>: crl='(null)' kamailio[3865480]: INFO: tls [tls_domain.c:382]: ksr_tls_fill_missing(): TLSs<default>: require_certificate=0 kamailio[3865480]: INFO: tls [tls_domain.c:390]: ksr_tls_fill_missing(): TLSs<default>: cipher_list='(null)' kamailio[3865480]: INFO: tls [tls_domain.c:397]: ksr_tls_fill_missing(): TLSs<default>: private_key='/etc/kamailio/certs/private.key' kamailio[3865480]: INFO: tls [tls_domain.c:401]: ksr_tls_fill_missing(): TLSs<default>: verify_certificate=0 kamailio[3865480]: INFO: tls [tls_domain.c:406]: ksr_tls_fill_missing(): TLSs<default>: verify_depth=9 kamailio[3865480]: INFO: tls [tls_domain.c:410]: ksr_tls_fill_missing(): TLSs<default>: verify_client=0 kamailio[3865480]: NOTICE: tls [tls_domain.c:1168]: ksr_tls_fix_domain(): registered server_name callback handler for socket [:0], server_name='<default>' ... kamailio[3865480]: ERROR: tls [tls_domain.c:590]: load_cert(): TLSs<default>: Unable to load certificate file '/etc/kamailio/certs/my_cert.crt' kamailio[3865480]: ERROR: tls [tls_util.h:49]: tls_err_ret(): load_cert:error:03000072:digital envelope routines::decode error (sni: unknown) kamailio[3865480]: ERROR: tls [tls_util.h:49]: tls_err_ret(): load_cert:error:0A00018F:SSL routines::ee key too small (sni: unknown) Any advice ? It's interesting that there are not any errors in case I restart kamailio. I can make TLS calls without problems. deb 12.5 version: kamailio 5.7.4 (x86_64/linux)

4 5

Freezing development for 6.0.x series
by Daniel-Constantin Mierla 16 Dec '24

16 Dec '24

Hello, I propose to aim freezing the development for 6.0.x series at the end of the 16th of December 2024 (Monday). New features that one wants to get in this release series have to be pushed to git repository or pull requests made for them. Afterwards usually follows a 4-6 weeks of testing till the first release 6.0.0. Unfreezing will happen earlier, after the first weeks of testing when the 6.0 branch will be created. Cheers, Daniel -- Daniel-Constantin Mierla (@ asipto.com) twitter.com/miconda -- linkedin.com/in/miconda Kamailio Consultancy, Training and Development Services -- asipto.com

1 1

Updated: Online devel meeting on matrix - 15:00 UTC, Dec 9, 2024
by Daniel-Constantin Mierla 09 Dec '24

09 Dec '24

Hello, we should consider an online devel meeting sometime soon to summarize what was done at (and still needs to be done after) devel meeting in Dusseldorf and plan a bit the targets for next major release 6.0. If considered useful, I propose Dec 9, 2024 (Monday) at 15:00UTC (16:00 Berlin/Paris/Madrid/Rome), but we can also look for other dates as well. Topics to be discussed can be added at: - https://github.com/kamailio/kamailio-wiki/blob/main/docs/devel/irc-meetings… Pull requests can be made by users without git access. Cheers, Daniel -- Daniel-Constantin Mierla -- www.asipto.com www.twitter.com/miconda -- www.linkedin.com/in/miconda

1 2

Potential Bug in Kamailio: Base64 Decode Transformation Not Working in Lua but Works in kamailio.cfg
by Dirk Brouwers | CM.com 28 Nov '24

28 Nov '24

Dear Kamailio Developers, I am writing to report a potential bug in Kamailio's handling of base64 decoding when using the Lua scripting interface (app_lua). It appears that base64 decoding behaves inconsistently between Lua scripts and kamailio.cfg. When using `$(var(encoded_json){s.decode.base64t})` in kamailio.cfg, where $var(encoded_json) contains the encoded base64 string: `eyJmb28iOiJiYXIifQ` it decodes to the correct `{"foo":"bar"}`. But when using the same transformation in Lua `KSR.xlog.xinfo("Decoded in Lua: ".. KSR.pv.get("$(var(encoded_json){s.decode.base64t})"))` it logs a corrupted encoded base64 string: `Decoded in Lua: ..]..#035z{b.?...#036..-....` Thank you in advance for looking into this issue. Please let me know if you need additional details or test cases. Kind regards, Dbrcm

3 4

"Intermittent Issue: Kamailio Presence Server Not Generating NOTIFY Packets"
by satyaprakash ch 27 Nov '24

27 Nov '24

Hi We have FreeSWITCH and Kamailio presence servers set up. FreeSWITCH sends XML RPC messages to the Kamailio presence servers for PUBLISH operations, and we receive 200 OK responses in return. These responses include the SIP-ETag and Expires headers. However, the Kamailio presence server is not consistently generating NOTIFY packets. This issue seems to occur randomly. Can you please suggest this for presence servers. Thank you in advance.

1 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

sr-users November 2024