sr-users March 2024

sr-users@lists.kamailio.org

44 participants
49 discussions

loose_route false when using topos? At which point in the call flow, does topos restore the Route header?
by Benoit Panizzon 21 Mar '24

21 Mar '24

Hi https://lists.kamailio.org/pipermail/sr-users/2020-July/109801.html I have the exact same issue. When the B side is starting a new transaction (UPDATE to refresh the session in my case) without topos enabled, that transaction contains one or multiple route header and a to_tag. Therefore loose_route() is true and the call is more or less sent to route(RELAY) immediately without further checks. If topos is enabled, all record-route header are removed and only one Via sent to the CPE. So when the CPE replies, there is no Route header. Therefore loose_route returns false. This makes me wonder, at which stage is topos restoring the route headers? Shouldn't that happen before loose_route is evaluated? Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________

3 4

No 408 generated by tm module on fr_timer when redis crashes
by Patrick Karton 21 Mar '24

21 Mar '24

1 0

Wrong documentation for module 'Userblacklist'
by Björn Klasen 20 Mar '24

20 Mar '24

Hi everybody, I'm a little bit confused about the documentation of the Userblacklist module as I think it has to be Userblocklist since version 5.x. Also some of the commands and some column names in the database have changed. I can remember that the documentation was right at some point, but the it has been changed back to Userblacklist. I wonder if nobody noticed that because the old commands do not work. BR, Björn -- Björn Klasen, Senior Specialist (VoIP) TNG Stadtnetz GmbH, TNG-Technik Gerhard-Fröhler-Straße 12 24106 Kiel・Deutschland T +49 431 7097-10 F +49 431 7097-555 bklasen(a)tng.de https://www.tng.de Executive board (Geschäftsführer): Dr. Sven Willert (CEO/Vorsitz), Gunnar Peter, Sven Schade, Carsten Tolkmit, Bernd Sontheimer Amtsgericht Kiel HRB 6002 KI USt-ID: DE225201428 Die Information über die Verarbeitung Ihrer Daten gemäß Artikel 12 DSGVO können Sie unter https://www.tng.de/datenschutz/ abrufen. ______________________________________________________________________

2 1

Bug in htable in 5.8.0
by Brooks Bridges 18 Mar '24

18 Mar '24

We have some scripts that are setting values in an htable for various things, one of which is to disable options replies to take a system “out of service”. We discovered today upon deploying 5.8.0 that the “htable.seti” command appears to be broken. [root@ip-10-52-42-102 ~]# kamcmd htable.seti system_settings option_pings_off 1 error: 500 - Not enough parameters (htable name, key name and value) however if we do htable.sets it works fine (although not an integer so it’s breaking our shutdown scripts). [root@ip-10-52-42-102 ~]# kamcmd htable.sets system_settings option_pings_off 1 Ok. Key set to new value. [root@ip-10-52-42-102 ~]# I’ve looked through the commit history for htable and haven’t found anything that really stands out as a possible issue, so can the gurus please take a look? Thanks! Brooks Bridges Sr. Developer [https://files.skyetel.com/logo.png] Direct: (888) 444‑1111 Office: (561) 453‑4085 Email: bbridges(a)skyetel.com 902 Clint Moore Road Suite 206 Boca Raton, FL 33487 www.skyetel.com Confidentiality Notice: This e-mail, and any attachment to it, contains privileged and confidential information intended only for the use of the individual(s) or entity named on the e-mail. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible for delivering it to the intended recipient, you are hereby notified that reading this e-mail is strictly prohibited. If you have received this e-mail in error, please immediately return it to the sender and delete it from your system.

3 4

Need guidance on Teams interop with Kamailio
by Shah Hussain Khattak 17 Mar '24

17 Mar '24

Hello Experts, I'm not an expert in Kamailio, but thanks to some excellent online resources, I managed to set up a basic interconnection between Teams and Kamailio. So far, outbound calls, as well as blind and attended call transfers, are working smoothly. However, I'm facing a challenge with call disconnection for outbound calls. Specifically, when an outbound call is made and the called party hangs up, the BYE message isn't being relayed properly towards the Teams side. In my routing configurations, I remove the Record-Route header received from Teams and add a new Record-Route header with Kamailio's IP before forwarding it to my IP PBX (FreeSwitch). For the BYE message to be processed correctly, Microsoft Teams requires the original contact in the Request URI (RURI) and the Route header to match the initial Record-Route included in the INVITE. Currently, my BYE message appears as follows: BYE sip:api-du-a-auea.pstnhub.microsoft.com:443;x-i=5e96d703-b1e7-449c-aebf-a87bfa628176;x-c=f61b674bc597513ab8d888dbe7c560fb/d/8/9a6c508a9cbd44ebb892b62c33ba9b67 SIP/2.0 Via: SIP/2.0/UDP x.x.x.x:5060;branch=z9hG4bKeab5.b657e3455b6d11ed6975c69882632a27.0 Via: SIP/2.0/UDP x.x.x.x;received=x.x.x.x;rport=5060;branch=z9hG4bKK3HKQBUvX42ya Max-Forwards: 69 From: <sip:+61403225xxx@kamsbc.xyzdomain.com:5061;user=phone>;tag=j5gptBSXXrXDc To: "XYZ Pty Ltd" <sip:+61291455xxx@sip.pstnhub.microsoft.com:5061;user=phone>;tag=3a5f0c9e32bc4eb1bffed29dc954118f Call-ID: f61b674bc597513ab8d888dbe7c560fb CSeq: 80555743 BYE User-Agent: Unknown/v1.0 Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY Supported: timer, path, replaces Reason: MVTSLocal;cause=10;text="BYE received" Content-Length: 0 Kamailio conducts a lookup for api-du-a-auea.pstnhub.microsoft.com but ends up sending the BYE message to an incorrect IP. Below is a snippet of my routing block configurations: ####### Routing Logic ######## /* Main SIP request routing logic * - processing of any incoming SIP request starts with this route * - note: this is the same as route { ... } */ request_route { # per request initial checks route(REQINIT); #check who is the sender route(INITCHECK); # CANCEL processing if (is_method("CANCEL")) { if (t_check_trans()) { route(RELAY); } exit; } # handle retransmissions if (!is_method("ACK")) { if(t_precheck_trans()) { t_check_trans(); exit; } t_check_trans(); } # handle requests within SIP dialogs route(WITHINDLG); ### only initial requests (no To tag) # record routing for dialog forming requests (in case they are routed) # - remove preloaded route headers remove_hf("Route"); if (is_method("INVITE|SUBSCRIBE")) { record_route(); } # account only INVITEs if (is_method("INVITE")) { setflag(FLT_ACC); # do accounting } if ($rU==$null) { # request with no Username in RURI sl_send_reply("484","Address Incomplete"); exit; } # update $du to set the destination address for proxying #$du = "sip:" + $rd + ":9"; route(RELAY); exit; } route[INITCHECK] { if(from_uri =~ ".*microsoft.com") { setflag(FROM_TEAMS); $du = "sip:" + "MY_PBX_IP" + ":" + "5060"; //added by SHK remove_hf("Record-Route"); // Remove existing Record-Route header append_hf("Record-Route: <sip:KAM_IP:5060;transport=udp>\r\n"); route(HANDLE_RTP_FROM_TEAMS); } if(from_uri =~ ".*" + "MY_PBX_IP") { setflag(FROM_PBX); $du="sip:sip.pstnhub.microsoft.com;transport=tls"; route(HANDLE_RTP_FROM_PBX); } } #Manage RTP & transcoding comming from Teams to PBX route[HANDLE_RTP_FROM_TEAMS] { t_on_reply("PBX_REPLY_TO_TEAMS"); if (has_body("application/sdp")) { rtpengine_manage("RTP codec-mask=all codec-transcode=PCMA replace-origin replace-session-connection ICE=remove media-address=HOST_IP"); // record_route(); t_relay_to_udp("MY_PBX_IP","5060"); } else { rtpengine_manage(); } } #Manage RTP & transcoding comming from PBX to Teams route[HANDLE_RTP_FROM_PBX] { t_on_reply("TEAMS_REPLY_TO_PBX"); if (has_body("application/sdp")) { rtpengine_manage("SRTP codec-mask=all ICE=force codec-transcode=PCMA replace-origin replace-session-connection media-address=ADVERTISE_IP"); $rd = "sip.pstnhub.microsoft.com"; $td = "kamsbc.xyzdomain.com"; $fd = "kamsbc.xyzdomain.com"; // record_route(); #Set TLS SNI (server name & server id) $xavp(tls=>server_name) = "kamsbc.xyzdomain.com"; $xavp(tls=>server_id) = "kamsbc.xyzdomain.com"; t_relay(); } else { rtpengine_manage(); } } # Wrapper for relaying requests route[RELAY] { # enable additional event routes for forwarded requests # - serial forking, RTP relaying handling, a.s.o. if (is_method("INVITE|BYE|SUBSCRIBE|UPDATE")) { if(!t_is_set("branch_route")) t_on_branch("MANAGE_BRANCH"); } if (is_method("INVITE|SUBSCRIBE|UPDATE")) { if(!t_is_set("onreply_route")) t_on_reply("MANAGE_REPLY"); } if (is_method("INVITE")) { if(!t_is_set("failure_route")) t_on_failure("MANAGE_FAILURE"); } if (!t_relay()) { sl_reply_error(); } exit; } # Per SIP request initial checks route[REQINIT] { if($ua =~ "friendly-scanner|sipcli|VaxSIPUserAgent") { # silent drop for scanners - uncomment next line if want to reply # sl_send_reply("200", "OK"); exit; } if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; } if(is_method("OPTIONS")) { sl_send_reply("200","Keepalive"); exit; } if(!sanity_check("1511", "7")) { xlog("Malformed SIP message from $si:$sp\n"); exit; } } # Handle requests within SIP dialogs route[WITHINDLG] { if (!has_totag()) return; #Teams reINVITEs if(isflagset(FROM_TEAMS)) { loose_route(); t_relay(); exit; } if(isflagset(FROM_PBX)) { #Set TLS SNI (server name & server id) $xavp(tls=>server_name) = "kamsbc.xyzdomain.com"; $xavp(tls=>server_id) = "kamsbc.xyzdomain.com"; loose_route(); t_relay(); exit; } # sequential request withing a dialog should # take the path determined by record-routing if (loose_route()) { if (is_method("BYE")) { setflag(FLT_ACC); # do accounting ... setflag(FLT_ACCFAILED); # ... even if the transaction fails #set coresponding cert on transactions if($fd == "kamsbc.xyzdomain.com") { $xavp(tls=>server_name) = "kamsbc.xyzdomain.com"; $xavp(tls=>server_id) = "kamsbc.xyzdomain.com"; } } else if ( is_method("NOTIFY") ) { # Add Record-Route for in-dialog NOTIFY as per RFC 6665. record_route(); } route(RELAY); exit; } if ( is_method("ACK") ) { if ( t_check_trans() ) { # no loose-route, but stateful ACK; # must be an ACK after a 487 # or e.g. 404 from upstream server route(RELAY); exit; } else { # ACK without matching transaction ... ignore and discard exit; } } sl_send_reply("404","Not here"); exit; } # Manage outgoing branches branch_route[MANAGE_BRANCH] { xdbg("new branch [$T_branch_idx] to $ru\n"); } # Manage incoming replies onreply_route[MANAGE_REPLY] { xdbg("incoming reply\n"); } #PBX On Reply onreply_route[PBX_REPLY_TO_TEAMS] { if (has_body("application/sdp")) { rtpengine_manage("SRTP codec-mask=all codec-transcode=PCMA replace-origin replace-session-connection media-address=ADVERTISE_IP"); } else { rtpengine_manage(); } //added by SHK if (status == "200" && method == "INVITE") { remove_hf("Contact"); # Remove existing Contact header append_hf("Contact: <sip:kamsbc.xyzdomain.com:5061;transport=tls>\r\n"); } if (status=="200") { remove_hf("ALLOW:"); append_hf("ALLOW: INVITE,ACK,OPTIONS,CANCEL,BYE,NOTIFY \r\n","CONTENT-TYPE"); } } #From Teams On Reply onreply_route[TEAMS_REPLY_TO_PBX] { if (has_body("application/sdp")) { rtpengine_manage("RTP codec-mask=all codec-transcode=PCMA replace-origin replace-session-connection media-address=HOST_IP"); } else { rtpengine_manage(); } } # Manage failure routing cases failure_route[MANAGE_FAILURE] { if (t_is_canceled()) exit; } event_route[tm:local-request] { if(is_method("OPTIONS") && $ru =~ "pstnhub.microsoft.com") { append_hf("Contact: <sip:kamsbc.xyzdomain.com:SBC_PORT;transport=tls>\r\n"); } xlog("L_INFO", "Sent out tm request: $mb\n"); } ####### Routing Logic End ######## Given these details, I suspect the issue might be related to how I'm handling the Record-Route headers or potentially a misconfiguration in directing the BYE message. I would greatly appreciate any insights, suggestions, or guidance on how to correctly relay the BYE message back to Teams, or further refine my existing configuration. Thank you in advance for your help and support! Regards, Shah Hussain

2 2

topology hiding with active dispatcher ip
by marek 15 Mar '24

15 Mar '24

hi, i have kamailio acting as SBC i need hide topology like this ds_select_dst(DSP_GRP_TRUNK, "6"); $tu = $(tu{re.subst,/PRIVATE_IP/IP_OF_CURRENT_SELECTED_DISPATCHER/g}); what is best way for IP extraction from $du? thanks Marek

2 2

SCSF always challenge
by Anthony Blandin 14 Mar '24

14 Mar '24

Hello, I have an issue with SCSF which challenge again after a successful first registration. I have an error after the second register saying that no matching auth vector found. I attach the logs and pcap file. I don't see where is the issue. Could you help me? Thanks a lot. Anthony

1 0

append_hf not working
by Calvin E. 13 Mar '24

13 Mar '24

I'm trying to add something simple like the following: append_hf("X-testheader: True\r\n", "From"); However, I don't see my X-testheader in a packet capture. Are there any common pitfalls that would prevent append_hf from working as expected?

8 9

TLS requests get relayed over unencrypted TCP
by James Browne 13 Mar '24

13 Mar '24

Hi all I've set up a kamailio server on a public IP address to serve public clients. - The clients REGISTER over a mix of TCP and TLS, so kamailio has listeners on the same IP address: port 5060 for UDP/TCP and port 5061 for TLS. - Some clients REGISTER from the same public IP address, behind the same NAT. - Sometimes, the client-side NAT can use the same client-side IP address and port for two concurrent connections - one TCP and one TLS - which is normal because the server-side port is different (they're different 5-tuples). - Now when a request comes to kamailio, to be routed to a client, the the t_relay_to_tls() function sometimes can relay the request over a TCP connection instead of a TLS connection. I've enabled tcp_connection_match=1. This is helpful, but it doesn't completely resolve the problem. It helps when both connections (TCP and TLS) are open, because the TLS connection will always be used for TLS requests. However, when there's no TLS connection open, kamailio will erroneously use the TCP connection. Note that this setup depends on TCP/TLS connections being made from the client to the server, not the other way around. I've made a cut-down version of this setup to demonstrate the problem. - Client: 11.15.32.1 - Server: 11.15.32.11 - version: kamailio 5.9.0-dev0 (x86_64/linux) ################################################################# #!KAMAILIO enable_tls=yes listen=tls:11.15.32.11:5061 listen=tcp:11.15.32.11:5060 listen=udp:11.15.32.11:5060 loadmodule "tm" loadmodule "tls" loadmodule "pv" loadmodule "rr" fork=yes log_facility=LOG_LOCAL0 log_stderror=no children=2 debug=3 tcp_connection_match=1 modparam("tls", "low_mem_threshold1", -1) modparam("tls", "low_mem_threshold2", -1) modparam("tls", "certificate", "/usr/local/etc/kamailio/certs/chain") modparam("tls", "private_key", "/usr/local/etc/kamailio/certs/key") request_route { loose_route(); $fs="tls:11.15.32.11:5061"; t_relay_to_tls(); } ################################################################# This is a BYE message to be sent from internally in the network. ########################### BYE sip:user3@11.15.32.1:33333;transport=tls SIP/2.0 Via: SIP/2.0/UDP 0.0.0.0:11111;rport;branch=z9hG4bK-d8754z-cc2c63344f5218d3-1 Route: <sip:11.15.32.11:5060;transport=tcp;r2=on;lr;ftag=ZUrDU2m4Z9Zam> Route: <sip:11.15.32.11:5061;transport=tls;r2=on;lr;ftag=ZUrDU2m4Z9Zam> f: <sip:user1@server>;tag=ZUrDU2m4Z9Zam t: <sip:user3@server>;tag=gK0ea97395 i:sdfg8we790t874ujk CSeq: 102 BYE Content-Length: 0 ########################### When I send that to kamailio over UDP, kamailio relays it over a TCP connection, as seen with socat here (socat runs on the machine with address 11.15.32.1). ########################### $ socat - TCP:11.15.32.11:5060,bind=:33333 BYE sip:user3@11.15.32.1:33333;transport=tls SIP/2.0 Via: SIP/2.0/TLS 11.15.32.11:5061;branch=z9hG4bKd2bf.137932ff9a937cde941fd1790db040c9.0 Via: SIP/2.0/UDP 0.0.0.0:11111;received=11.15.32.11;rport=11111;branch=z9hG4bK-d8754z-cc2c63344f5218d3-1 f: <sip:user1@server>;tag=ZUrDU2m4Z9Zam t: <sip:user3@server>;tag=gK0ea97395 i:sdfg8we790t874ujk CSeq: 102 BYE Content-Length: 0 ########################### Note that - the RURI has transport=tls in it, - kamailio is forcing the TLS socket, - kamailio is using the t_relay_to_tls function, - the Route header field tells that TLS should be used, and - the Via header field shows that kamailio tried to send this over TLS, but - the BYE was sent over unencrypted TCP. If I use this socat command instead, then I can receive the BYE, showing that kamailio is able to use TLS if there's a connection available. - socat - OPENSSL:11.15.32.11:5061,bind=:33333,verify=no I can't find any setting to control this, so it looks to me like a kamailio bug. At that, I see this as a security flaw, because the SIP traffic should always be encrypted but now is leaked. Can anyone help? James

1 0

Lua classes in events function
by Michal Hajek 12 Mar '24

12 Mar '24

Hi, I use KEMI/Lua. I have simple lua class: myclass = {} myclass.event = function() KSR.xlog.xinfo("Event working...\n") end In kamailio.conf have: modparam("xhttp", "event_callback", "myclass.event") In debug log have: Mar 12 13:21:30 kamailio DEBUG: app_lua [app_lua_api.c:549]: sr_lua_reload_script(): No need to reload [/etc/kamailio/donjon.lua] is version 0 Mar 12 13:21:30 kamailio DEBUG: app_lua [app_lua_api.c:733]: app_lua_run_ex(): executing Lua function: [[myclass.event]] Mar 12 13:21:30 kamailio DEBUG: app_lua [app_lua_api.c:735]: app_lua_run_ex(): lua top index is: 40 Mar 12 13:21:30 kamailio DEBUG: app_lua [app_lua_mod.c:164]: sr_kemi_config_engine_lua(): execution of route type 513 with name [myclass.event] returned 1 The problem is that the event function in the myclasses class is not called. Is there any other way or syntax to do this? Of course, if I define a function without a class, it works. Thanks Michal

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

sr-users March 2024