Hello,
How can I set the destination URI for an INVITE to be a websocket-secure destination? Is it possible? Summary I've a proxy with tcp_connection_match=1, but websocket URIs always have transport=ws (never transport=wss) in them, so relaying a call to a WSS connection always fails. I tested running kamailio 6.0.0-dev2 compiled from a commit made this week. This proxy server uses nathelper rather than outbound module. Detail We know that "transport=ws" is used for both WS and WSS. I've a proxy server that receives an INVITE for a WSS destination, and this proxy supports both WS and WSS. This proxy server must have core parameter tcp_connection_match=1 set, and this leads the t_relay() to fail. When an INVITE comes, these are the steps. - The URI is something like sip:user@anonymous.invalid;alias=198.51.100.10~52833~6;transport=ws. - First handle_ruri_alias() removes the alias (which has ~6 in it, for wss) and sets the $du to something like sip:198.51.100.10:52833;transport=ws. - Then loose_route_preloaded() processes the Route header fields and forces the outbound socket to the TLS websocket one. - Then t_relay() fails to relay the INVITE and responds with 477 or 500. If, however, there's a non-TLS websocket connection open to the proxy, the INVITE would be erroneously relayed over that (using the wrong kamailio-side TCP port). I can go deeper with testing if required. I wonder whether this is a bug.
Kamailio can act as a WebSocket server only (accept connections), so it is not possible to forward SIP traffic via WebSocket if the connection does not exist.
There is a module lwsc that implements a ws client using libwebsocket, but that is designed for interconnect with external non-SIP servers (e.g., right now can be used by rtpengine module).
Cheers, Daniel
-- Daniel-Constantin Mierla (@ asipto.com) twitter.com/miconda -- linkedin.com/in/miconda Kamailio Consultancy, Training and Development Services -- asipto.com Kamailio Advanced Training, October 8-10, 2024 -- asipto.com