sr-users June 2024

sr-users@lists.kamailio.org

34 participants
26 discussions

Handling final response retransmissions after a reInvite

by hollis.rhonda＠gmail.com

I have a scenario where Kamailio is receiving a retransmit of a 200 OK to a late offer INVITE after it has sent the ACK, and after it has begun to handle a reInvite from the calling party. This results in the following commands to the rtpengine: Offer (reInvite), Offer (200 retransmit), Answer (ACK to retransmitted 200). At this point, I see STUN binding errors both in Chrome, where the webRTC client (called party) is running, and in the rtpengine logs. ERROR:port.cc(498)]: Received STUN BINDING error response: class=4 number=1 reason='Unauthorized' [core] STUN authentication mismatch from x.x.x.x:63396 [ice] Received ICE/STUN response code 487 for candidate pair dl2efuRG06eK4nFs:2713745946:1 from x.x.x.x::64509 to x.x.x.x [ice] ICE role change, now controlled [ice] Recalculating all ICE pair priorities [ice] Triggering check for dl2efuRG06eK4nFs:2713745946:1 [ice] ICE/STUN response with unknown transaction received (from x.x.x.x:64509 on interface x.x.x.x:16184) So, briefly, the call flow up to the point of error looks like this: INVITE w/o SDP 200 OK w/SDP, Offer to rtpengine ACK w/SDP, Answer to rtpengine reInvite w/SDP, Offer to rtpengine retransmission of 200 OK, Offer to rtpengine ACK to retransmitted 200, Answer to rtpengine I have dialog tracking enabled in my config, and it seems like Kamailio is behaving as expected when the retransmitted 200 and ACK are forwarded on, but I'm curious if other people have run into a scenario like this and how they have dealt with it.

1 day, 2 hours

Need help on how to implement presence_xml

by Michel Pelletier

Hello, I need to implement Event: presence, application/pidf+xml as described in RFC-3856. I understand I need to use the presence_xml module and generate PUBLISH requests to update the information and ensure that the NOTIFY get sent. I know nothing abour XCAP or wether I need it or not. Any information source out there that could help me? Regards, Michel Pelletier

1 day, 4 hours

replies using the wrong protocol

by sarah.martin＠nextiva.com

I am extremely new at this, but trying to set up TLS with a carrier. TLS connection is good, Invite goes out, we get the 100 and the 200, but subsequent messages (ACK and BYE) are being sent with UDP and I cannot figure out how to get them to maintain the TLS transport. Any suggestions? I think this is the section I'm looking for. # Manage incoming replies in transaction context onreply_route[MANAGE_REPLY] { xdbg("incoming reply\n"); if(status=~"[12][0-9][0-9]") { route(NATMANAGE); } if (has_body("application/sdp")) { xdbg("rtpengine_manage loop-protect MANAGE_REPLY"); #rtpengine_manage("loop-protect"); } }

1 day, 6 hours

SecSIPID Assistance

by Blake Ivey

Hi everyone. Wanting to see if someone could point me in the right direction. Still very knew to Kamailio but I am beginning to understand it better. I'm making an outbound proxy and have everything working well besides stir/shaken. I'm looking at the module page and have went back and forth with chatGPT and can't seem to figure this part out. I keep getting errors on the modparam lines. Obviously this is a self signed cert because I'm just testing. I am able to reach and download the cert from the Web server. Thank you for any assistance. # SECSIPID for Stir/Shaken modparam("secsipid", "private_key", "/etc/kamailio/secsipid/private.key") modparam("secsipid", "certificate", "/etc/kamailio/secsipid/cert.crt") modparam("secsipid", "authority_cert", "/etc/kamailio/secsipid/ca.crt") modparam("secsipid", "expire", 600) modparam("secsipid", "timeout", 2) route[STIRSHAKEN] { if (is_method("INVITE")) { if (!secsipid_add_identity("$fU", "$rU", "A", "", " http://myIPaddress.com/stir_shaken_cert.crt <http://myipaddress.com/stir_shaken_cert.crt>", "/etc/kamailio/secsipid/private.key")) { xlog("L_ERR", "Failed to sign call with ID: $ci - From: $fU\n"); send_reply("500", "Internal Server Error"); exit; } else { xlog("L_INFO", "Successfully signed call with ID: $ci - From: $fU\n"); } } # Relay the call after signing route(RELAY); }

6 days

TLS: client doesn't check certificate CN

by Marat Gareev

Hello, I noticed that Kamailio can route either to IP and FQDN. This means the server certificate CN is not checked by the client. How to enable something like the 'verify_peer' option? Thanks

6 days, 5 hours

Possibility to print values of Core Keywords in Kamailio configuration file

by sadik.oualla.mohamed＠gmail.com

Hello everyone, I have a question regarding the usage of core keywords, specifically the possibility of printing their values in log messages. While I understand that core keywords such as 'dst_port' and 'af' etc... can be accessed directly in if conditions, I am interested to know if there is a way to print the values of these core keywords for logging purposes. Thank you.

6 days, 12 hours

Re: exec concurrency

by Jon Bonilla (Manwe)

El Wed, 19 Jun 2024 11:54:05 -0500 Brett Nemeroff <brett(a)voicefoxtelephony.com> escribió: > What you should expect using this method is blocking while the exec runs > which could run you out of child processes while they complete. I'd also > expect to see an "unusual amount of CPU activity" which will be the result > of the forked shells being created and destroyed. > > All of that being said, yes it works. It's architecturally overly simple > and very inefficient. If your load is tiny, it might be ok. Anything > moderate like Henning and others have said, will use an inordinate amount > of cpu. I would not personally risk it. > > Thank you Brett, Henning and Alex Sadly the load won't be tiny and cannot risk it. For now I'll deploy a local nginx and fpm to run the scripts, which are in php, and will use the http_async method. Sadly we have to "http all the things" nowadays. Let's see if I'm able to write down all the logic tomorrow and do some testing. cheers, Jon -- PekePBX, the multitenant PBX solution https://pekepbx.com

1 week

Adding custom headers to HTTP server response xhttp

by Sasivarunan

HI Team, I use tls and xhttp module to enable websocket interface for webrtc client to connect. I wanted to add "Strict-Transport-Security" header to xhttp response to add security. But currently I don't see a way to add it anywhere. I can see only server_header as an option, But this will get added to SIP messages as well. It 'd be great if anybody has a suggestion around this. Thanks Varunan

1 week

Re: exec concurrency

by Jon Bonilla (Manwe)

El Tue, 18 Jun 2024 13:54:41 -0500 Brett Nemeroff <brett(a)voicefoxtelephony.com> escribió: > Just want to add that exec is heavy and slow. I would not recommend it. > > Is there a reason you want to do this over http-ifying your script and > using async? > > Not really. The scripts are provided. Maybe I'm against "http all the things" which seems to be what everyone does nowadays. Why would http client be lighter than executing a script? That would be a design problem, right? -- PekePBX, the multitenant PBX solution https://pekepbx.com

1 week

exec concurrency

by Jon Bonilla (Manwe)

Hi all I've been working with async http client and async db queries in the past but now I have to execute scripts and store the return values in avps. Since I have no experience with that, I wonder how to achieve concurrency with that scenario. Is there a way to exec async or suspend until the exec has finished and resume later? cheers, Jon -- PekePBX, the multitenant PBX solution https://pekepbx.com

1 week, 1 day

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

sr-users June 2024