Hello,
The tcpdump (below) shows packet reaching em3 interface. The firewalld command (below) shows UDP port 5060 open.
netcat doesn't do specific interfaces. Can't do ALL interfaces, since em4 is a pcap of hundreds of thousands of live UDP 5060.
I'll have to write a standalone to prove that the firewall allows UDP 5060 through the em3 interface, post firewall... (betting it does). Should have test prog tomorrow.
Thanks,
Dan
Daniel-Constantin Mierla wrote on 10/12/21 4:27 PM:
Hello,
tcpdump and other network sniffers (e.g., ngrep, sngrep) capture the sip traffic before firewall, so even if you see packets with them, the application can still not get them due to firewall.
To test, you can replace kamailio with netcat listening on UDP port 5060 and see if it receives the sip traffic.
Cheers,
Daniel
On 12.10.21 19:08, dem@htsweb.com wrote:
After 4 (long) days of trying to receive any UDP SIP, I'm hoping someone can point out what I'm doing wrong. I've looked at the kamailio code. I'm beginning to think it's the 'polling' code, but it looks fine. It could be Centos or a Dell network driver, but not seeing any errors anywhere.
- stock build/compile...
Version: kamailio 5.5.2 (x86_64/linux) 0d53d9
Compile flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES
MAX_RECV_BUFFER_SIZE=262144
MAX_URI_SIZE=1024
BUF_SIZE=65535
DEFAULT PKG_SIZE=8MB
DEFAULT SHM_SIZE=64MB
ADAPTIVE_WAIT_LOOPS=1024
TCP poll methods: poll, epoll_lt, epoll_et, sigio_rt, select
Source code revision ID: 0d53d9
Compiled with: gcc 4.8.5
Compiled architecture: x86_64
Compiled on: 08:44:19 Oct 11 2021
Running Centos 7 all updated. Dell R630.
# sestatus
SELinux status: disabled
# firewall-cmd --list-all
ports: 5666/tcp 873/tcp 873/udp 80/tcp 443/tcp 5060/tcp 5060/udp 5061/tcp 5061/udp
- Just trying to send SIP INVITE from trunk provider to R630 kamailio...
(SIP trunk) UDP 172.200.200.202:5060 -> (firewall) UDP 172.250.250.162:5060 -> 1:1 NAT -> (R630) UDP 10.102.88.81:5060
- I can 'see' the packet hit the em3 network...
# tcpdump -i em3 -e -vv -n port 5060
11:53:33.260892 99:99:ef:3e:69:c1 > 99:99:1c:48:4e:e3, ethertype IPv4 (0x0800), length 1366: (tos 0x0, ttl 54, id 20430, offset 0, flags [none], proto UDP (17), length 1352)
172.200.200.202.sip > 10.102.88.81.sip: [udp sum ok] SIP, length: 1324
INVITE sip:+18005551234@172.250.250.162:5060 SIP/2.0
...
At this point, I just need to see a SIP INVITE received. Then I can go back to working on a real config.
I've tried with TCP on/off, listening on all networks, alias on/off, strace and everything else I could think of. Truly appreciate any guidance.
Tried every sample config possible, but I just need to test receiving the SIP UDP packet, so this 'should' be minimum config...
#!KAMAILIO
debug=9
log_stderror=no
log_facility=LOG_LOCAL0
log_prefix="{$mt $hdr(CSeq) $ci} "
children=2
disable_tcp=yes
udp4_raw=on
auto_aliases=no
alias="sbc01.mysite.com"
listen=udp:10.102.88.81:5060
loadmodule "debugger.so"
loadmodule "jsonrpcs.so"
loadmodule "kex.so"
loadmodule "corex.so"
loadmodule "sl.so"
loadmodule "rr.so"
loadmodule "pv.so"
loadmodule "textops.so"
loadmodule "siputils.so"
loadmodule "xlog.so"
loadmodule "sanity.so"
loadmodule "ctl.so"
loadmodule "cfg_rpc.so"
modparam("debugger", "cfgtrace", 1)
request_route {
xlog("SIP received xxxxxxxxxxxxxxxxxxx\n");
}
# kamcmd ps
11578 main process - attendant
11579 udp receiver child=0 sock=10.102.88.81:5060
11580 udp receiver child=1 sock=10.102.88.81:5060
11581 slow timer
11583 timer
11584 secondary timer
11585 JSONRPCS FIFO
11586 JSONRPCS DATAGRAM
11587 ctl handler
- I get plenty of logging, but the logging just waits here...
Oct 12 11:38:04 sbc01 /usr/local/sbin/kamailio[10060]: INFO: ctl [io_listener.c:210]: io_listen_loop(): io_listen_loop: using epoll_lt as the io watch method (auto detected)
Oct 12 11:38:04 sbc01 /usr/local/sbin/kamailio[10060]: DEBUG: <core> [core/mem/q_malloc.c:374]: qm_malloc(): qm_malloc(0x7fd2a8bae010, 4800) called from core: core/io_wait.c: init_io_wait(469)
Oct 12 11:38:04 sbc01 /usr/local/sbin/kamailio[10059]: DEBUG: <core> [core/mem/q_malloc.c:419]: qm_malloc(): qm_malloc(0x7fd2a8bae010, 65456) returns address 0x7fd2a8c652d8 frag. 0x7fd2a8c652a0 (size=65456) on 1 -th hit
Oct 12 11:38:04 sbc01 /usr/local/sbin/kamailio[10060]: DEBUG: <core> [core/mem/q_malloc.c:419]: qm_malloc(): qm_malloc(0x7fd2a8bae010, 4800) returns address 0x7fd2a8c652d8 frag. 0x7fd2a8c652a0 (size=4800) on 1 -th hit
Oct 12 11:38:04 sbc01 /usr/local/sbin/kamailio[10060]: DEBUG: <core> [core/mem/q_malloc.c:374]: qm_malloc(): qm_malloc(0x7fd2a8bae010, 2400) called from core: core/io_wait.c: init_io_wait(516)
Oct 12 11:38:04 sbc01 /usr/local/sbin/kamailio[10060]: DEBUG: <core> [core/mem/q_malloc.c:419]: qm_malloc(): qm_malloc(0x7fd2a8bae010, 2400) returns address 0x7fd2a8c66600 frag. 0x7fd2a8c665c8 (size=2400) on 1 -th hit
Oct 12 11:38:04 sbc01 /usr/local/sbin/kamailio[10060]: DEBUG: ctl [io_listener.c:246]: io_listen_loop(): io_listen_loop: adding socket 8, type 2, transport 3 (/var/run/kamailio//kamailio_ctl)
Oct 12 11:38:04 sbc01 /usr/local/sbin/kamailio[10060]: DEBUG: ctl [../../core/io_wait.h:375]: io_watch_add(): DBG: io_watch_add(0x7fd2a70a5360, 8, 2, 0x2439960), fd_no=0
- The only other thing that I see is transport 3. Isn't that a UNIXS_SOCK?
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * sr-users@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users-- Daniel-Constantin Mierla -- www.asipto.com www.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio Advanced Training - Online Nov 08-11, 2021 (Europe Timezone) - Nov 22-25, 2021 (America Timezone) * https://www.asipto.com/sw/kamailio-advanced-training-online/