Hi List
I am just wondering...
When I am sending the initial INVITE to a customer CPE, this goes
throug the whole location lookup and through a branch route in which I
make some last adjustments to the headers, like removing header the
customer shall not get (like P-Asserted-Identity which would reveal the
caller identity on a callerid restricted call).
On a Re-Invite (session timer refresh) the call is being routed by
loose_route() and immediately sent to RELAY.
uac_replace and uac_restore seem to work fine for stuff like To and
From Header. But how do I prevent unwanted header to disclose
information to the customer which should ne be disclosed?
Do I need to re-arm the branch trigger also for within dialog calls?
Mit freundlichen Grüssen
-Benoît Panizzon-
--
I m p r o W a r e A G - Leiter Commerce Kunden
______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 Pratteln Fax +41 61 826 93 01
Schweiz Web http://www.imp.ch
______________________________________________________
Hi
https://lists.kamailio.org/pipermail/sr-users/2020-July/109801.html
I have the exact same issue.
When the B side is starting a new transaction (UPDATE to refresh the
session in my case) without topos enabled, that transaction contains
one or multiple route header and a to_tag.
Therefore loose_route() is true and the call is more or less sent to
route(RELAY) immediately without further checks.
If topos is enabled, all record-route header are removed and only one
Via sent to the CPE.
So when the CPE replies, there is no Route header.
Therefore loose_route returns false.
This makes me wonder, at which stage is topos restoring the route
headers? Shouldn't that happen before loose_route is evaluated?
Mit freundlichen Grüssen
-Benoît Panizzon-
--
I m p r o W a r e A G - Leiter Commerce Kunden
______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 Pratteln Fax +41 61 826 93 01
Schweiz Web http://www.imp.ch
______________________________________________________
Hi everybody,
I'm a little bit confused about the documentation of the Userblacklist
module as I think it has to be Userblocklist since version 5.x. Also
some of the commands and some column names in the database have changed.
I can remember that the documentation was right at some point, but the
it has been changed back to Userblacklist. I wonder if nobody noticed
that because the old commands do not work.
BR, Björn
--
Björn Klasen, Senior Specialist (VoIP)
TNG Stadtnetz GmbH, TNG-Technik
Gerhard-Fröhler-Straße 12
24106 Kiel・Deutschland
T +49 431 7097-10
F +49 431 7097-555
bklasen(a)tng.de
https://www.tng.de
Executive board (Geschäftsführer):
Dr. Sven Willert (CEO/Vorsitz),
Gunnar Peter, Sven Schade,
Carsten Tolkmit, Bernd Sontheimer
Amtsgericht Kiel HRB 6002 KI
USt-ID: DE225201428
Die Information über die Verarbeitung Ihrer Daten
gemäß Artikel 12 DSGVO können Sie unter https://www.tng.de/datenschutz/ abrufen.
______________________________________________________________________
Hi
I am running kamailio 5.4 on debian
I have carrierfailureroute configured incase of primary service provider
fails. I also have Stirshaken configured to add Identity header on outbound
calls. Issue is when call fail overs to carrierfailureroute,
http_async_query changes $ru to the primary carrier
From the debug logs, when primary carrier sends a 488 (primary carrier
expects SIP TLS but my call is UDP - to test the failover scenario)
39(285) DEBUG: {1 18398 INVITE 8EmmsLqNuMRYBduMqFgX3w4JHAn4C2xn} tmx
[t_var.c:561]: pv_get_tm_reply_code(): reply code is <488>
39(285) DEBUG: {1 18398 INVITE 8EmmsLqNuMRYBduMqFgX3w4JHAn4C2xn}
carrierroute [cr_func.c:178]: set_next_domain_on_rule(): searching for
matching routing rules39(285) INFO: {1 18398 INVITE
8EmmsLqNuMRYBduMqFgX3w4JHAn4C2xn} carrierroute [cr_func.c:197]:
set_next_domain_on_rule(): next_domain is 47987
Carrier route rewrites the failover carrier
39(285) INFO: {1 18398 INVITE 8EmmsLqNuMRYBduMqFgX3w4JHAn4C2xn}
carrierroute [cr_func.c:706]: cr_do_route(): uri 14371234567 was rewritten
to sip:14371234567@sip.primaryprovider.com, carrier 1, domain 47987
Before http_async_query rd and ru are still the failover carrier
39(285) INFO: {1 18398 INVITE 8EmmsLqNuMRYBduMqFgX3w4JHAn4C2xn} <script>:
[callid: 8EmmsLqNuMRYBduMqFgX3w4JHAn4C2xn] - [cfg:2976] - Debug testing
----- rd is sip.primaryprovider.com ----- ru is
sip:14371234567@sip.primaryprovider.com
39(285) DEBUG: {1 18398 INVITE 8EmmsLqNuMRYBduMqFgX3w4JHAn4C2xn}
http_async_client [async_http.c:469]: async_send_query(): transaction
suspended [5261:1830449764]
39(285) DEBUG: {1 18398 INVITE 8EmmsLqNuMRYBduMqFgX3w4JHAn4C2xn}
http_async_client [async_http.c:625]: async_push_query(): query sent [
https://authn-uat.ccid.neustar.biz/ccid/authn/v2/identity?apiKey=randomkey]
(0x7fdcad097e60) to worker 1
However, when the route is being called after the http_async_query it
changes to the primary one:
26(272) DEBUG: tm [t_lookup.c:1612]: t_lookup_ident_filter(): transaction
found
26(272) DEBUG: http_async_client [async_http.c:235]: async_http_cb():
resuming transaction (5261:1830449764)
26(272) DEBUG: tm [t_lookup.c:1612]: t_lookup_ident_filter(): transaction
found
26(272) INFO: <script>: [callid: 8EmmsLqNuMRYBduMqFgX3w4JHAn4C2xn] -
[cfg:2995] - Debug testing ----- rd is 1.2.3.4 ----- ru is
sip:14371234567@1.2.3.4:5061;transport=TLS
Due to this, call keeps going to the primary and it fails
if ( http_async_query(STIRSHAKEN_AS_URL, "AS_RESPONSE") == -1 ) {
xlog("L_ERR ", "[cfg:$cfg(line)] Failed to connect AS service for token $fu
-> $tu \n");
return;
}
route[AS_RESPONSE] {
xlog("L_INFO", "[callid: $ci] - [cfg:$cfg(line)] - Debug testing ----- rd
is $rd ----- ru is $ru\n");
if ($http_ok) {
xlog("L_INFO", "[cfg:$cfg(line)] Resuming outbound call transaction for $fu
-> $tu Received - $http_rb \n");
# Add identity and Date headers
if (jansson_get("identity", $http_rb, "$var(identity)")) {
insert_hf("Identity: $var(identity)\n", "Content-Length");
}
if (jansson_get("date", $http_rb, "$var(date)")) {
if ($hdr(Date) != $null){
remove_hf("Date");
}
insert_hf("Date: $var(date)\n", "Identity");
}
} else {
xlog("L_ERR", "[cfg:$cfg(line)] Resuming outbound call transaction. Error -
$http_err)\n");
}
route(RELAY);
exit;
}
Please help to understand why rd / ru changes to primary carrier.
Regards,
Maharaja Azhagiah
We have some scripts that are setting values in an htable for various things, one of which is to disable options replies to take a system “out of service”. We discovered today upon deploying 5.8.0 that the “htable.seti” command appears to be broken.
[root@ip-10-52-42-102 ~]# kamcmd htable.seti system_settings option_pings_off 1
error: 500 - Not enough parameters (htable name, key name and value)
however if we do htable.sets it works fine (although not an integer so it’s breaking our shutdown scripts).
[root@ip-10-52-42-102 ~]# kamcmd htable.sets system_settings option_pings_off 1
Ok. Key set to new value.
[root@ip-10-52-42-102 ~]#
I’ve looked through the commit history for htable and haven’t found anything that really stands out as a possible issue, so can the gurus please take a look?
Thanks!
Brooks Bridges
Sr. Developer
[https://files.skyetel.com/logo.png]
Direct: (888) 444‑1111
Office: (561) 453‑4085
Email: bbridges(a)skyetel.com
902 Clint Moore Road
Suite 206
Boca Raton, FL 33487
www.skyetel.com
Confidentiality Notice: This e-mail, and any attachment to it, contains privileged and confidential information intended only for the use of the individual(s) or entity named on the e-mail. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible for delivering it to the intended recipient, you are hereby notified that reading this e-mail is strictly prohibited. If you have received this e-mail in error, please immediately return it to the sender and delete it from your system.
Hello Experts,
I'm not an expert in Kamailio, but thanks to some excellent online resources, I managed to set up a basic interconnection between Teams and Kamailio.
So far, outbound calls, as well as blind and attended call transfers, are working smoothly. However, I'm facing a challenge with call disconnection for outbound calls. Specifically, when an outbound call is made and the called party hangs up, the BYE message isn't being relayed properly towards the Teams side.
In my routing configurations, I remove the Record-Route header received from Teams and add a new Record-Route header with Kamailio's IP before forwarding it to my IP PBX (FreeSwitch). For the BYE message to be processed correctly, Microsoft Teams requires the original contact in the Request URI (RURI) and the Route header to match the initial Record-Route included in the INVITE. Currently, my BYE message appears as follows:
BYE sip:api-du-a-auea.pstnhub.microsoft.com:443;x-i=5e96d703-b1e7-449c-aebf-a87bfa628176;x-c=f61b674bc597513ab8d888dbe7c560fb/d/8/9a6c508a9cbd44ebb892b62c33ba9b67 SIP/2.0
Via: SIP/2.0/UDP x.x.x.x:5060;branch=z9hG4bKeab5.b657e3455b6d11ed6975c69882632a27.0
Via: SIP/2.0/UDP x.x.x.x;received=x.x.x.x;rport=5060;branch=z9hG4bKK3HKQBUvX42ya
Max-Forwards: 69
From: <sip:+61403225xxx@kamsbc.xyzdomain.com:5061;user=phone>;tag=j5gptBSXXrXDc
To: "XYZ Pty Ltd" <sip:+61291455xxx@sip.pstnhub.microsoft.com:5061;user=phone>;tag=3a5f0c9e32bc4eb1bffed29dc954118f
Call-ID: f61b674bc597513ab8d888dbe7c560fb
CSeq: 80555743 BYE
User-Agent: Unknown/v1.0
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY
Supported: timer, path, replaces
Reason: MVTSLocal;cause=10;text="BYE received"
Content-Length: 0
Kamailio conducts a lookup for api-du-a-auea.pstnhub.microsoft.com but ends up sending the BYE message to an incorrect IP.
Below is a snippet of my routing block configurations:
####### Routing Logic ########
/* Main SIP request routing logic
* - processing of any incoming SIP request starts with this route
* - note: this is the same as route { ... } */
request_route {
# per request initial checks
route(REQINIT);
#check who is the sender
route(INITCHECK);
# CANCEL processing
if (is_method("CANCEL")) {
if (t_check_trans()) {
route(RELAY);
}
exit;
}
# handle retransmissions
if (!is_method("ACK")) {
if(t_precheck_trans()) {
t_check_trans();
exit;
}
t_check_trans();
}
# handle requests within SIP dialogs
route(WITHINDLG);
### only initial requests (no To tag)
# record routing for dialog forming requests (in case they are routed)
# - remove preloaded route headers
remove_hf("Route");
if (is_method("INVITE|SUBSCRIBE")) {
record_route();
}
# account only INVITEs
if (is_method("INVITE")) {
setflag(FLT_ACC); # do accounting
}
if ($rU==$null) {
# request with no Username in RURI
sl_send_reply("484","Address Incomplete");
exit;
}
# update $du to set the destination address for proxying
#$du = "sip:" + $rd + ":9";
route(RELAY);
exit;
}
route[INITCHECK] {
if(from_uri =~ ".*microsoft.com")
{
setflag(FROM_TEAMS);
$du = "sip:" + "MY_PBX_IP" + ":" + "5060";
//added by SHK
remove_hf("Record-Route"); // Remove existing Record-Route header
append_hf("Record-Route: <sip:KAM_IP:5060;transport=udp>\r\n");
route(HANDLE_RTP_FROM_TEAMS);
}
if(from_uri =~ ".*" + "MY_PBX_IP")
{
setflag(FROM_PBX);
$du="sip:sip.pstnhub.microsoft.com;transport=tls";
route(HANDLE_RTP_FROM_PBX);
}
}
#Manage RTP & transcoding comming from Teams to PBX
route[HANDLE_RTP_FROM_TEAMS] {
t_on_reply("PBX_REPLY_TO_TEAMS");
if (has_body("application/sdp"))
{
rtpengine_manage("RTP codec-mask=all codec-transcode=PCMA replace-origin replace-session-connection ICE=remove media-address=HOST_IP");
// record_route();
t_relay_to_udp("MY_PBX_IP","5060");
}
else
{
rtpengine_manage();
}
}
#Manage RTP & transcoding comming from PBX to Teams
route[HANDLE_RTP_FROM_PBX] {
t_on_reply("TEAMS_REPLY_TO_PBX");
if (has_body("application/sdp"))
{
rtpengine_manage("SRTP codec-mask=all ICE=force codec-transcode=PCMA replace-origin replace-session-connection media-address=ADVERTISE_IP");
$rd = "sip.pstnhub.microsoft.com";
$td = "kamsbc.xyzdomain.com";
$fd = "kamsbc.xyzdomain.com";
// record_route();
#Set TLS SNI (server name & server id)
$xavp(tls=>server_name) = "kamsbc.xyzdomain.com";
$xavp(tls=>server_id) = "kamsbc.xyzdomain.com";
t_relay();
}
else
{
rtpengine_manage();
}
}
# Wrapper for relaying requests
route[RELAY] {
# enable additional event routes for forwarded requests
# - serial forking, RTP relaying handling, a.s.o.
if (is_method("INVITE|BYE|SUBSCRIBE|UPDATE")) {
if(!t_is_set("branch_route")) t_on_branch("MANAGE_BRANCH");
}
if (is_method("INVITE|SUBSCRIBE|UPDATE")) {
if(!t_is_set("onreply_route")) t_on_reply("MANAGE_REPLY");
}
if (is_method("INVITE")) {
if(!t_is_set("failure_route")) t_on_failure("MANAGE_FAILURE");
}
if (!t_relay()) {
sl_reply_error();
}
exit;
}
# Per SIP request initial checks
route[REQINIT] {
if($ua =~ "friendly-scanner|sipcli|VaxSIPUserAgent") {
# silent drop for scanners - uncomment next line if want to reply
# sl_send_reply("200", "OK");
exit;
}
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
}
if(is_method("OPTIONS")) {
sl_send_reply("200","Keepalive");
exit;
}
if(!sanity_check("1511", "7")) {
xlog("Malformed SIP message from $si:$sp\n");
exit;
}
}
# Handle requests within SIP dialogs
route[WITHINDLG] {
if (!has_totag()) return;
#Teams reINVITEs
if(isflagset(FROM_TEAMS)) {
loose_route();
t_relay();
exit;
}
if(isflagset(FROM_PBX)) {
#Set TLS SNI (server name & server id)
$xavp(tls=>server_name) = "kamsbc.xyzdomain.com";
$xavp(tls=>server_id) = "kamsbc.xyzdomain.com";
loose_route();
t_relay();
exit;
}
# sequential request withing a dialog should
# take the path determined by record-routing
if (loose_route()) {
if (is_method("BYE")) {
setflag(FLT_ACC); # do accounting ...
setflag(FLT_ACCFAILED); # ... even if the transaction fails
#set coresponding cert on transactions
if($fd == "kamsbc.xyzdomain.com") {
$xavp(tls=>server_name) = "kamsbc.xyzdomain.com";
$xavp(tls=>server_id) = "kamsbc.xyzdomain.com";
}
} else if ( is_method("NOTIFY") ) {
# Add Record-Route for in-dialog NOTIFY as per RFC 6665.
record_route();
}
route(RELAY);
exit;
}
if ( is_method("ACK") ) {
if ( t_check_trans() ) {
# no loose-route, but stateful ACK;
# must be an ACK after a 487
# or e.g. 404 from upstream server
route(RELAY);
exit;
} else {
# ACK without matching transaction ... ignore and discard
exit;
}
}
sl_send_reply("404","Not here");
exit;
}
# Manage outgoing branches
branch_route[MANAGE_BRANCH] {
xdbg("new branch [$T_branch_idx] to $ru\n");
}
# Manage incoming replies
onreply_route[MANAGE_REPLY] {
xdbg("incoming reply\n");
}
#PBX On Reply
onreply_route[PBX_REPLY_TO_TEAMS]
{
if (has_body("application/sdp"))
{
rtpengine_manage("SRTP codec-mask=all codec-transcode=PCMA replace-origin replace-session-connection media-address=ADVERTISE_IP");
}
else
{
rtpengine_manage();
}
//added by SHK
if (status == "200" && method == "INVITE") {
remove_hf("Contact"); # Remove existing Contact header
append_hf("Contact: <sip:kamsbc.xyzdomain.com:5061;transport=tls>\r\n");
}
if (status=="200")
{
remove_hf("ALLOW:");
append_hf("ALLOW: INVITE,ACK,OPTIONS,CANCEL,BYE,NOTIFY \r\n","CONTENT-TYPE");
}
}
#From Teams On Reply
onreply_route[TEAMS_REPLY_TO_PBX]
{
if (has_body("application/sdp"))
{
rtpengine_manage("RTP codec-mask=all codec-transcode=PCMA replace-origin replace-session-connection media-address=HOST_IP");
}
else
{
rtpengine_manage();
}
}
# Manage failure routing cases
failure_route[MANAGE_FAILURE] {
if (t_is_canceled()) exit;
}
event_route[tm:local-request] {
if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") {
append_hf("Contact: <sip:kamsbc.xyzdomain.com:SBC_PORT;transport=tls>\r\n");
}
xlog("L_INFO", "Sent out tm request: $mb\n");
}
####### Routing Logic End ########
Given these details, I suspect the issue might be related to how I'm handling the Record-Route headers or potentially a misconfiguration in directing the BYE message. I would greatly appreciate any insights, suggestions, or guidance on how to correctly relay the BYE message back to Teams, or further refine my existing configuration.
Thank you in advance for your help and support!
Regards,
Shah Hussain
hi,
i have kamailio acting as SBC
i need hide topology like this
ds_select_dst(DSP_GRP_TRUNK, "6");
$tu = $(tu{re.subst,/PRIVATE_IP/IP_OF_CURRENT_SELECTED_DISPATCHER/g});
what is best way for IP extraction from $du?
thanks
Marek
Hello,
I have an issue with SCSF which challenge again after a successful first registration.
I have an error after the second register saying that no matching auth vector found.
I attach the logs and pcap file.
I don't see where is the issue. Could you help me?
Thanks a lot.
Anthony
I'm trying to add something simple like the following:
append_hf("X-testheader: True\r\n", "From");
However, I don't see my X-testheader in a packet capture. Are there
any common pitfalls that would prevent append_hf from working as
expected?