Thanks James!

I had no idea that $var content would be kept between SIP messages, which implies between new SIP invites. I know the difference between $var and $avp (or I thought I knew...).
The way I read it and understand it, was that the scope of the variable would be tied to the whole session (global) or inside the routing function (local).

This also means that there might be other issues with other $var in the code....

Thanks for the tip! I will correct this ASAP.

Have a nice weekend!

Atenciosamente / Kind Regards / Cordialement / Un saludo,


Sérgio Charrua



On Fri, Oct 18, 2024 at 4:36 PM James Browne <james@frideo.com> wrote:
Hi
You have quotes around these variables.

$var(ruri)          = "$ru"; #request URI
$var(from)          = "$hdr(From)"; #$fU From header
$var(to)            = "$hdr(To)"; #$tU; To header
$var(contact)       = "$hdr(Contact)"; #Contact header
$var(callID)        = "$ci"; # Call ID
$var(identity)      = "$hdr(Identity)"; # Identity header

That seems like it's not what you want. I'm not sure, but I suspect it
might be causing your problems. The last one, for example, does not
put the Identity value into the variable, but puts the
fourteen-character string "$hdr(Identity)" into the variable. Then I'm
not sure what happens after that, but the jansson functions may be
resolving the variable somehow and getting it wrong. Note that the
$var variables are internal to the SIP workers, not tied to the SIP
message or transaction, and that they keep their values from a
previous message when processing a new SIP message.

My suggestions are these.
- Try removing the quotes.
- Try adding logging so that you can see what's going on at each step.

$var(identity)      = $hdr(Identity);
xlog("L_WARN", "[$ci] Identity variable has value $var(identity)\n");

James

On Fri, 18 Oct 2024 at 13:56, Sergio Charrua via sr-users
<sr-users@lists.kamailio.org> wrote:
>
> Hi all!
>
> My team and I are finalizing implementation of STIR/SHAKEN. The flow has been simplified and is something like: Call comes from SBC to Kamailio, Kamailio makes an HTTP request to a REST API, response is received by Kamailio (5.8.2) and depending on the response, it replies back to SBC with a SIP 300 Multiple Choice of a SIP 4xx error, denying the call.
>
> The INVITEs received by SBC may or may not contain the Identity header.
>
> On Kamailio side, the following code gets the required headers to build the JSON object sent to REST API:
>
> route[HANDLE_STIRSHAKEN]
> {
>     if (!is_method("INVITE")) {
>         return;
>     }
>
>     $var(requestTime)   = $utimef(%s);
>     $var(ruri)          = "$ru"; #request URI
>     $var(from)          = "$hdr(From)"; #$fU From header
>     $var(to)            = "$hdr(To)"; #$tU; To header
>     $var(contact)       = "$hdr(Contact)"; #Contact header
>     $var(callID)        = "$ci"; # Call ID
>     $var(identity)      = "$hdr(Identity)"; # Identity header
>
>     jansson_set("string","from"                 , $var(from)    , "$var(post)");
>     jansson_set("string","to"                   , $var(to)      , "$var(post)");
>     jansson_set("string","r-uri"                , $var(ruri)    , "$var(post)");
>     jansson_set("string","contact"              , $var(contact) , "$var(post)");
>     jansson_set("string","call-id"              , $var(callID)  , "$var(post)");
>     jansson_set("string","identity"             , $var(identity)  , "$var(post)");
>
>     http_connect("api1", "/stsh", "application/json","$var(post)","$var(result)");
>     xlog("L_DEBUG", "HANDLE_STIRSHAKEN - Result = $var(result)\n");
>
>     [... do some other irrelevant stuff ...]
> }
>
> The usual INVITE is similar to this:
>
> INVITE sip:+33142XXXXXX@10.242.XXX.YYY:5060;user=phone SIP/2.0
> Via: SIP/2.0/UDP 10.240.AAA.BBB:5064;branch=z9hG4bK+30f178b47ee25dd589f986ed7402b4eb3+sip+6+a64eb889
> From: "+493XXXXXXX" <sip:+493XXXXXXX@10.240.AAA.BBB;user=phone>;tag=10.240.AAA.BBB+6+ffe686f8+614d17a3
> To: +33142XXXXXX <sip:+33142XXXXXX@10.242.XXX.YYY>
> CSeq: 1 INVITE
> Expires: 180
> Content-Length: 234
> Call-Info: <sip:10.240.AAA.BBB:5064>;method="NOTIFY;Event=telephone-event;Duration=2000"
> Supported: timer, 100rel
> Contact: <sip:+493XXXXXXX@10.240.AAA.BBB:5064;user=phone>
> Content-Type: application/sdp
> Call-ID: 0gQAAC8WAAACBAAALxYAAHRfFdrMLbnN/iMYu2NTT6kvhuhZAFl7MG1V2ozJLUcXg9dxbyQZ/PtoswtdHtcv9g--@10.240.AAA.BBB
> Min-SE: 90
> Session-Expires: 90;refresher=uac
> X-dtmf: 5
> P-Asserted-Identity: "+493XXXXXXX" <sip:+493XXXXXXX@10.240.AAA.BBB>
> Accept: application/sdp
> Accept: application/dtmf-relay
> Max-Forwards: 66
> Allow: INVITE,CANCEL,BYE,ACK, INFO
> Identity: dGhpcyBpcyBzb21lIGR1bW15IGJhc2U2NCBlbmNvZGVkIElkZW50aXR5IGhlYWRlcg==.eW91IHdvdWxkIG5vdCBleHBlY3QgbWUgdG8gbGVhdmUgdGhlIHJlYWwgdmFsdWUgaGVyZSByaWdodD8=.dGhhbmtzIGZvciB5b3VyIGNvbXByZWhlbnNpb24=;info=<https://someURL.com/with/some/parameter;sc697295b.cer>;alg=ES256;ppt=shaken
> P-Origination-Id: 23A16F8B-F9AB-4536-9884-85C96EF3B964
> P-Attestation-Indicator: C
> has-sdp: present
> [SDP stuff]
>
> (I have replaced some of the values for obvious reasons).
>
> - SBC is sending every 70 secs 2 automatically generated INVITEs to kamailio
> - 1st call contains the Identity header, the other call does not contain Identity header.
> - Both calls have different Call-IDs and different FROM and TO values, so they are different calls and can be perfectly found in logs as separated calls
> - Kamailio receives each call and extracts headers, as shown in code above, and sends the JSON request to HTTP REST API
>
> Here is the weird part.... every now and then, completely random, the JSON object request sent to the HTTP REST API contains an Identity value, supposedly extracted from the SIP header *but* the SIP message captured in SNGrep doesn't have *any* Identity header!! In fact, in the kamailio logs, where I sent the header values extracted from INVITE, the identity is empty! BUT the JSON object has the identity set with value.
> And the worst part is that, when this issue happens, the value of the Identity set in JSON belongs to a completely different call that was processed a few minutes before !
>
> So I suspected about some Caching behaviour on the http_connect function and added the following lines before sending the JSON to REST API:
>
>     if ( is_present_hf("Identity") ) {
>          jansson_set("string","identity", $var(identity),  "$var(post)");
>     } else
>         jansson_set("string","identity", "",  "$var(post)");
>
> forcing the identity property of the JSON to an empty string, but this did not work either!
> I even added a new property which is the current timestamp making sure every request was unique, and that did not work either!
>
> The only way I could make it work was replacing the above lines using these lines:
>     if ( is_present_hf("Identity") ) {
>          jansson_set("string","identity",  @hf_value2.Identity,  "$var(post)");
>     } else
>         jansson_set("string","identity", "",  "$var(post)");
>
> So, instead of using $hdr(Identity) , Kamailio extracts the Identity header using  @hf_value2.Identity
>
> Question: why is this behaviour? Could this be a bug somewhere?
>
>
> Atenciosamente / Kind Regards / Cordialement / Un saludo,
>
>
> Sérgio Charrua
>
>
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
> To unsubscribe send an email to sr-users-leave@lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to the sender!
> Edit mailing list options or unsubscribe: