sr-users September 2024

sr-users@lists.kamailio.org

37 participants
51 discussions

dynamic selection of authentication algorithm
by Juha Heinanen 28 Oct '25

28 Oct '25

How about this new function that sets the algorithm? -- Juha iff --git a/src/modules/auth/auth_mod.c b/src/modules/auth/auth_mod.c index 534ad9e20f..4e3a584d22 100644 --- a/src/modules/auth/auth_mod.c +++ b/src/modules/auth/auth_mod.c @@ -74,6 +74,10 @@ int w_consume_credentials(struct sip_msg *msg, char *s1, char *s2); * Check for credentials with given realm */ int w_has_credentials(struct sip_msg *msg, char *s1, char *s2); +/* + * Set authentication algorithm + */ +int w_auth_algorithm(struct sip_msg *msg, char *alg, char* s2); static int pv_proxy_authenticate( struct sip_msg *msg, char *realm, char *passwd, char *flags); @@ -170,6 +174,8 @@ static cmd_export_t cmds[] = { REQUEST_ROUTE}, {"pv_auth_check", (cmd_function)w_pv_auth_check, 4, fixup_pv_auth_check, 0, REQUEST_ROUTE}, + {"auth_algorithm", w_auth_algorithm, 1, fixup_spve_null, 0, + REQUEST_ROUTE}, {"bind_auth_s", (cmd_function)bind_auth_s, 0, 0, 0}, {0, 0, 0, 0, 0, 0} @@ -475,6 +481,35 @@ int w_has_credentials(sip_msg_t *msg, char *realm, char *s2) return -1; } return ki_has_credentials(msg, &srealm); + +} +/** + * + */ +int w_auth_algorithm(sip_msg_t *msg, char* alg, char* s2) +{ + if (fixup_get_svalue(msg, (gparam_t*)alg, &auth_algorithm) < 0) { + LM_ERR("failed to get algorithm value\n"); + return -1; + } + + if (strcmp(auth_algorithm.s, "MD5") == 0) { + hash_hex_len = HASHHEXLEN; + calc_HA1 = calc_HA1_md5; + calc_response = calc_response_md5; + } + else if (strcmp(auth_algorithm.s, "SHA-256") == 0) { + hash_hex_len = HASHHEXLEN_SHA256; + calc_HA1 = calc_HA1_sha256; + calc_response = calc_response_sha256; + } + else { + LM_ERR("Invalid algorithm provided." + " Possible values are \"\", \"MD5\" or \"SHA-256\"\n"); + return -1; + } + + return 1; } #ifdef USE_NC

5 13

SIP Trunk registration In Kamailio
by tanmoykarmakar10＠gmail.com 14 Oct '25

14 Oct '25

I want to register SIP Trunk directly in Kamailio. How can I register the SIP trunk in Kamailio. Please find the below sample SIP trunk details. Network IP 10.2.2.2 Subnet Mask 255.255.255.252 Customer IP 10.3.3.3 Gateway IP 10.1.1.1 SBCIP 10.4.4.4 Username 12345678 Password 1234 Please help me with configuration to register SIP trunk in kamailio.

4 4

Support for TLS server_name extension (aka SNI=server name indication)
by Barry Flanagan 04 Sep '25

04 Sep '25

Hi, Back in Kamailio 1.5, the release notes state: "support for TLS server_name extension (aka SNI=server name indication)" However, I cannot find any indication of this in the current TLS docs, and trying to set tls_server_name or server_name in tls.cfg fails with "unsupported option". Is this actually supported? Thanks. -Barry Flanagan

5 7

[4.2] how to send out BYE successfully to close a TCP/TLS connection which misses the connection ID?
by Jack Wang 02 Sep '25

02 Sep '25

For some reasons, My settings will cause kamailio to be restarted even if there were connections connected to it. And when one SIP client in a connection wanted to hangup the call with a WebRTC Client (SIP over websocket) after the proxy-restarting, local client was closed, however , the other side was not. >From the log below it seems that the connection missed. Jan 30 18:19:31 ./kamailio[27857]: WARNING: <core> [msg_translator.c:2777]: via_builder(): TCP/TLS connection (id: 0) for WebSocket could not be found Jan 30 18:19:31 ./kamailio[27857]: ERROR: tm [t_msgbuilder.c:1365]: assemble_via(): assemble_via: via building failed Jan 30 18:19:31 ./kamailio[27857]: ERROR: tm [t_msgbuilder.c:1545]: build_uac_req(): build_uac_req(): Error while assembling Via Jan 30 18:19:31 ./kamailio[27857]: ERROR: tm [uac.c:379]: t_uac_prepare(): t_uac: Error while building message So, Is it equivalent to connection ID missing? And is there any way to make Websocket found the connection? Btw, after proxy-restarting for seconds , I typed `sh kamctl stats` : websocket:ws_current_connections = 1 It showed that the WebRTC Client will re-connect automatically, So I think this connection could be found by proxy, Any suggestion? Thanks :)

2 3

[Serusers] Digest Authentication with Tenor DX
by Ashutosh Kumar 29 Apr '25

29 Apr '25

Hi, Does someone have any idea/experience with Quintum DX radius server's support for digest mode authentication. The Access-Request packets sent by SER are getting an error back. Guide. Regards, Ashutosh Kumar Chetu, Inc. Ph : 1(305) 402 6724 - Witin US Ph : 91 120 5323340 - Outside US Fax:1 (305) 832 5987 For more information, please visit http://www.chetu.com

2 1

Kamailio Developers Meeting, Nov 19-20, 2024, in Dusseldorf
by Daniel-Constantin Mierla 14 Nov '24

14 Nov '24

Hello, Kamailio SIP Server project is organizing another meeting of its developers and community members during November 19-20, 2024 (Tue-Wed), hosted again by sipgate.de in Dusseldorf, Germany. The event is intended to facilitate the interaction between Kamailio developers and contributors in order to offer a convenient environment for working together on several topics of high interest for the project, including writing code for Kamailio and its tools, improving documentation, or discuss about future development. Everyone from the community is welcome to join, developer or user interested in helping the project. Please note we have a limited capacity of seats in the meeting room, the main policy for accepting participants being first come first server. Also, very important to be aware that this is not an event to learn how to use Kamailio. More details about the event, the venue, how to register, are available at: * https://www.kamailio.org/w/developers-meeting/ Looking forward to those two intensive hacking Kamailio days in Dusseldorf! Cheers, Daniel -- Daniel-Constantin Mierla (@ asipto.com) twitter.com/miconda -- linkedin.com/in/miconda Kamailio Consultancy, Training and Development Services -- asipto.com

2 4

apt-key deprecation
by tom＠tomlynn.com 11 Nov '24

11 Nov '24

When I look at the debian repositories maintained by the project, there are instructions to import the public key of the repository for apt using this command: wget -O http://deb.kamailio.org/kamailiodebkey.gpg | sudo apt-key add - which results in: Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)). gpg: no valid OpenPGP data found. Is there an alternate method that can be posted in the repository that will get better results? Thank you, TL

5 5

Getting the name of an already set onreply_route
by Denys Pozniak 14 Oct '24

14 Oct '24

Hello! Is it possible to find out the name of the onreply_route that was set before? Something like this: t_on_reply("MANAGE_REPLY"); ... if ( t_is_set("onreply_route") ) { get_onreply_route_name(); ... } -- BR, Denys Pozniak

3 5

TLS module crashes with FIPS OpenSSL
by Marat Gareev 08 Oct '24

08 Oct '24

Hello, I encountered a problem stopping Kamailio with FIPS OpenSSL: Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007ff7292380ac in OPENSSL_sk_pop () from /lib64/libcrypto.so.3 Missing separate debuginfos, use: dnf debuginfo-install kamailio-5.7.3-4816.x86_64 (gdb) bt #0 0x00007ff7292380ac in OPENSSL_sk_pop () from /lib64/libcrypto.so.3 #1 0x00007ff72914bf5b in conf_modules_finish_int () from /lib64/libcrypto.so.3 #2 0x00007ff72914c694 in CONF_modules_unload () from /lib64/libcrypto.so.3 #3 0x00007ff7291efff9 in OPENSSL_cleanup () from /lib64/libcrypto.so.3 #4 0x00007ff72954702b in ?? () #5 0x0000000100061c08 in ?? () #6 0x00007ff7190566c8 in ?? () #7 0x00007ffccf196a20 in ?? () #8 0x000000000071da8a in futex_release (lock=0x7ff729f08b50 <syslog>) at core/mem/../mem/../futexlock.h:134 #9 0x00000000006e9448 in destroy_tls () at core/tls_hooks.c:75 #10 0x000000000041f278 in cleanup (show_status=1) at main.c:594 #11 0x0000000000420af1 in shutdown_children (sig=15, show_status=1) at main.c:721 #12 0x0000000000421717 in handle_sigs () at main.c:752 #13 0x0000000000430c88 in main_loop () at main.c:1988 #14 0x0000000000439d13 in main (argc=14, argv=0x7ffccf1973f8) at main.c:3212 (gdb) Environment: Oracle Linux Server 9.3 Kamailio 5.7.3 yum list --installed | grep ssl openssl.x86_64 10:3.0.7-24.0.3.el9_fips @tools openssl-libs.x86_64 10:3.0.7-24.0.3.el9_fips @tools openssl-pkcs11.x86_64 0.4.11-7.el9 @anaconda xmlsec1-openssl.x86_64 1.2.29-9.el9 @AppStream What can I do for further investigation? Thanks

5 12

kamailio sending from udp non-listening port
by David Villasmil 04 Oct '24

04 Oct '24

Hello guys, i'm seeing something weird, and i'm working if you can let me know. I have a kamailio in AWS with a private IP listening on several sockets: Listening on udp: 10.1.2.36:5070 udp: 10.1.2.36:5080 udp: 10.1.2.36:5160 advertise 4.3.2.1:5160 udp: 0.0.0.0:5066 tls: 10.1.2.36:443 advertise sip.something.com:443 tls: 10.1.2.36:444 advertise sip.something.com:444 tls: 10.1.2.36:5061 When forwarding a udp invite received on 10.1.2.36:5080 to a public ip provider say on 8.8.8.8:5060, i'm forcing the outgoing socket with force_socket via 10.1.2.36:5160. But the outgoing invite does NOT use 5160, it uses some random port... Anybody knows why this might be? my problem is, that call goes to freeswitch... call is setup properly and connects fine. But 15 minutes later the end provider sends back a reINVITE, which freeswitch then sends TO THE RANDOM PORT kamailio used to send the INVITE... but by this time kamailio doesn't seem to even see the packet... help is greatly appreciated! David Regards, David Villasmil email: david.villasmil.work(a)gmail.com

4 9

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

sr-users September 2024