On Mon, Jan 16, 2017 at 10:29:39AM -0600, JR Richardson wrote:
Yes, I'm familiar with the methods sipcapture uses, I don't use HEP, using raw socket capture, I think this may be a sipcapture issue, debuging kamailio shows normal startup and processing of UDP SIP packets, but does not show any activity with TCP packets.
I never used HOMER sofar but when I saw your first message my thoughts was that this can't work in a simple way since for TCP you need to complete a 4 way handshake before you can start to send data.
Interesting. Are you referring to handshaking on the network stack or SIP TCP TLS handshaking? I guess I can see it two ways.
1) if your talking about TCP/IP handshake, even though the SIP packet comes into the mirror port on the host node, the kernel processing the TCP packet is not establishing a valid connection due to no TCP handshake because its only a monitor port, no transmit back, then the kernel network stack does not pass the SIP TCP packet to the kamailio process for capture because it drops the packet due to no valid handshake?
2) the kernel network stack is passing the SIP TCP packet to the kamailio process, but since kamailio cannot handshake back it drops the packet and does not process through the sipcapture module. This kinda breaks the whole capture ability for homer with SIP TCP. Using ngrep, I see all SIP TCP packets, invite -->, trying <--, session progress <--, request timeout <--, ack -->, etc...
So how would I diagnose if the network stack is the culprit? Debugging kamailio is pretty straight forward, setup and listening for SIP TCP, but never see any processing of any TCP packets.
Thanks.
JR
Somehow is not clear for me how you have the configuration there ... before commenting further, this needs to be clarified.
The node you presented the config is a sipcapture instance, right? What is sending traffic to it? Is another kamailio with siptrace module? Or the sipcature agent? Or you have a port mirroring in the router?
Cheers, Daniel
On 17/01/2017 16:37, JR Richardson wrote:
On Mon, Jan 16, 2017 at 10:29:39AM -0600, JR Richardson wrote:
Yes, I'm familiar with the methods sipcapture uses, I don't use HEP, using raw socket capture, I think this may be a sipcapture issue, debuging kamailio shows normal startup and processing of UDP SIP packets, but does not show any activity with TCP packets.
I never used HOMER sofar but when I saw your first message my thoughts was that this can't work in a simple way since for TCP you need to complete a 4 way handshake before you can start to send data.
Interesting. Are you referring to handshaking on the network stack or SIP TCP TLS handshaking? I guess I can see it two ways.
- if your talking about TCP/IP handshake, even though the SIP packet
comes into the mirror port on the host node, the kernel processing the TCP packet is not establishing a valid connection due to no TCP handshake because its only a monitor port, no transmit back, then the kernel network stack does not pass the SIP TCP packet to the kamailio process for capture because it drops the packet due to no valid handshake?
- the kernel network stack is passing the SIP TCP packet to the
kamailio process, but since kamailio cannot handshake back it drops the packet and does not process through the sipcapture module. This kinda breaks the whole capture ability for homer with SIP TCP. Using ngrep, I see all SIP TCP packets, invite -->, trying <--, session progress <--, request timeout <--, ack -->, etc...
So how would I diagnose if the network stack is the culprit? Debugging kamailio is pretty straight forward, setup and listening for SIP TCP, but never see any processing of any TCP packets.
Thanks.
JR
-
Daniel-Constantin Mierla -
JR Richardson