Hello,
On 29.08.24 13:35, James Browne via sr-users wrote:
How can I set the destination URI for an INVITE to be
a
websocket-secure destination? Is it possible?
Summary
I've a proxy with tcp_connection_match=1, but websocket URIs always
have transport=ws (never transport=wss) in them, so relaying a call to
a WSS connection always fails.
I tested running kamailio 6.0.0-dev2 compiled from a commit made this
week. This proxy server uses nathelper rather than outbound module.
Detail
We know that "transport=ws" is used for both WS and WSS. I've a proxy
server that receives an INVITE for a WSS destination, and this proxy
supports both WS and WSS.
This proxy server must have core parameter tcp_connection_match=1 set,
and this leads the t_relay() to fail.
When an INVITE comes, these are the steps.
- The URI is something like
sip:user@anonymous.invalid;alias=198.51.100.10~52833~6;transport=ws.
- First handle_ruri_alias() removes the alias (which has ~6 in it, for
wss) and sets the $du to something like
sip:198.51.100.10:52833;transport=ws.
- Then loose_route_preloaded() processes the Route header fields and
forces the outbound socket to the TLS websocket one.
- Then t_relay() fails to relay the INVITE and responds with 477 or 500.
If, however, there's a non-TLS websocket connection open to the proxy,
the INVITE would be erroneously relayed over that (using the wrong
kamailio-side TCP port).
I can go deeper with testing if required. I wonder whether this is a bug.
Kamailio can act as a WebSocket server only (accept connections), so it
is not possible to forward SIP traffic via WebSocket if the connection
does not exist.
There is a module lwsc that implements a ws client using libwebsocket,
but that is designed for interconnect with external non-SIP servers
(e.g., right now can be used by rtpengine module).
Cheers, Daniel
--
Daniel-Constantin Mierla (@
asipto.com)
twitter.com/miconda --
linkedin.com/in/miconda
Kamailio Consultancy, Training and Development Services --
asipto.com
Kamailio Advanced Training, October 8-10, 2024 --
asipto.com