Hello,
I am using Kamailio and nathelper to connect UAs behind a NAT. However, I want to use presence and RLS in this system as well. The problem I have is that the presence and RLS modules are not nathelper aware and the NOTIFY requests that they generate are targeted at the private network IP address and port of the UA.
Has anyone any experience of this? Can anyone help?
I had a cunning plan where, in route[NAT], I detected SUBSCRIBE requests that originate from behind a NAT (and do not have myself as the last hop). When I see a request like this I use add_contact_alias(), record_route() and forward it to myself. I then added a handle_ruri_alias() to the WITH_NAT section of route[RELAY]. The theory being that an in-dialog NOTIFY from presence or RLS will use the route-set established by the SUBSCRIBE transaction.
This almost works. The presence.winfo NOTIFY from the presence module and the initial presence NOTIFY from the RLS module make it back to the client successfully. However, when this forwarding of the SUBSCRIBE is in place the RLS subscriptions don't happen. I know it is the forward of the SUBSCRIBE that is the trigger behind this problem because simply commenting that out (and allowing the first SUBSCRIBE to get to RLS) makes the RLS subscriptions happen (but in this case the NOTIFYs get back to the client and are 404'd because the request URI is not correct).
The only difference between the first SUBSCRIBE and the forwarded SUBSCRIBE is an additional "Via:" header and a "Record-Route:" header.
I ran Kamailio with the -E -ddd options and observed that:
* modules_k/rls/subscribe.c:rls_get_service_list() is outputting the line "searching document for user sip:@" * This function is called by modules_k/rls/subscribe.c:rls_handle_subscribe() and the output suggests that GET_FROM_PURI(msg)->user and GET_FROM_PURI(msg)->host are empty strings * However, parse_from_header(msg) is called near the top of rls_handle_subscribe() and clearly succeeds to find the "From:" header in the message * As I mentioned above the forwarded SUBSCRIBE is almost identical to the first SUBSCRIBE, and so it does contain a valid "From:" header
All I can think of is that Kamailio is becoming confused by the two near-identical SUBSCRIBE requests and that the "cleaning up" of the first (statelessly forwarded) SUBSCRIBE is also "cleaning up" the forwarded SUBSCRIBE that I am currently working with?
My route[NAT]:
route[NAT] { xlog("L_INFO", "$rm: route[NAT]\n"); #!ifdef WITH_NAT force_rport(); if (nat_uac_test("19") && $si!="MY_REAL_IP" && $si! ="127.0.0.1") { xlog("L_INFO", " Request from NAT'd UAC\n"); if (is_method("REGISTER")) { fix_nated_register(); } else if (is_method("SUBSCRIBE")) { add_contact_alias(); route(RECORD_ROUTE); forward(127.0.0.1, MY_REAL_PORT); exit; } else { fix_nated_contact(); } setflag(FLT_NATS); } #!endif return; }
My route[RECORD_ROUTE]:
route[RECORD_ROUTE] { # remove preloaded route headers remove_hf("Route"); if (is_method("INVITE|SUBSCRIBE")) record_route();
return; }
The start of my route[RELAY]:
route[RELAY] { xlog("L_INFO", "$rm: route[RELAY]\n"); #!ifdef WITH_NAT if (check_route_param("nat=yes")) { setbflag(FLB_NATB); } if (isflagset(FLT_NATS) || isbflagset(FLB_NATB)) { route(RTPPROXY); }
handle_ruri_alias(); #!endif
Regards,
Peter
peter,
i don't have experience with k rls module, but in my environment if initial subscribe comes from behind nat, i just call add_contact_alias and add a nat param to r-r header for in-dialog requests. notifys from rls server then contain ;alias param in request uri and the nat param in route header. based on these sip proxy is able to get thee get notifys to the uas behind nat.
-- juha
Hi Juha,
My configuration is trying to achieve exactly what you suggest.
The Kamailio presence and RLS modules send NOTIFYs using the route-set established by the SUBSCRIBE. This means that if I call add_contact_alias() and just pass the SUBSCRIBE to the module the NOTIFY will use that contact address as a request URI but the NOTIFY will not go back through the Kamailio route processing. Because it doesn't go back through the route processing handle_ruri_alias() is never called for it. The end result is that Kamailio attempts to route the NOTIFY to my private IP and fails.
My forwarding (looping) the SUBSCRIBE back to myself once forces NOTIFY requests from the presence and RLS modules to go through the Kamailio routing logic. This means that handle_ruri_alias() gets called and the request URIs of the NOTIFY (correctly) contain my private IP but the requests are (correctly) routed to my NAT devices public IP.
As I said, this works for the presence.winfo NOTIFY from presence and the first presence NOTIFY sent directly from RLS. The problem is that there seems to be a problem with the parsing of this forwarded SUBSCRIBE because rls_handle_subscribe() doesn't work. The RLS module never sends any SUBSCRIBEs for the contacts in my resource list.
Regards,
Peter
peter,
i don't have experience with k rls module, but in my environment if initial subscribe comes from behind nat, i just call add_contact_alias and add a nat param to r-r header for in-dialog requests. notifys from rls server then contain ;alias param in request uri and the nat param in route header. based on these sip proxy is able to get thee get notifys to the uas behind nat.
-- juha
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Hello,
can you send the log messages with debug=3 and ngrep of the SIP traffic on all interfaces (including loopback) for such case (from the initial subscribe, ideally sent for a resource list with one or two entries so that there are not so many requests flowing around)? It will help to understand and troubleshoot.
Thanks, Daniel
On 3/25/11 9:57 PM, Peter Dunkley wrote:
Hi Juha,
My configuration is trying to achieve exactly what you suggest.
The Kamailio presence and RLS modules send NOTIFYs using the route-set established by the SUBSCRIBE. This means that if I call add_contact_alias() and just pass the SUBSCRIBE to the module the NOTIFY will use that contact address as a request URI but the NOTIFY will not go back through the Kamailio route processing. Because it doesn't go back through the route processing handle_ruri_alias() is never called for it. The end result is that Kamailio attempts to route the NOTIFY to my private IP and fails.
My forwarding (looping) the SUBSCRIBE back to myself once forces NOTIFY requests from the presence and RLS modules to go through the Kamailio routing logic. This means that handle_ruri_alias() gets called and the request URIs of the NOTIFY (correctly) contain my private IP but the requests are (correctly) routed to my NAT devices public IP.
As I said, this works for the presence.winfo NOTIFY from presence and the first presence NOTIFY sent directly from RLS. The problem is that there seems to be a problem with the parsing of this forwarded SUBSCRIBE because rls_handle_subscribe() doesn't work. The RLS module never sends any SUBSCRIBEs for the contacts in my resource list.
Regards,
Peter
peter,
i don't have experience with k rls module, but in my environment if initial subscribe comes from behind nat, i just call add_contact_alias and add a nat param to r-r header for in-dialog requests. notifys from rls server then contain ;alias param in request uri and the nat param in route header. based on these sip proxy is able to get thee get notifys to the uas behind nat.
-- juha
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Hi,
The attached .zip file contains the full log and a .pcap file generated with ngrep for all SIP traffic on all interfaces.
For me the interesting stuff in the log is from line 3315 to line 3335: 3315: rls_handle_subscribe() is called here 3316: this is where the "searching document for user sip:@" message appears 3328: this is where the RLS module logs that it (unsurprisingly) found no documents 3335: this is where the RLS modules states "list not found - searched for uri sip:alice_all@46.38.172.248"
Thanks,
Peter
Hello,
can you send the log messages with debug=3 and ngrep of the SIP traffic on all interfaces (including loopback) for such case (from the initial subscribe, ideally sent for a resource list with one or two entries so that there are not so many requests flowing around)? It will help to understand and troubleshoot.
Thanks, Daniel
peter,
another weird thing is that all notifys contain two 'transport=tcp params in their contact uris. any idea where they come from?
-- juha
Hi Juha,
All of the NOTIFYs in the trace are generated by either the Kamailio presence module or the Kamailio RLS module.
I have no idea why this is happening.
Regards,
Peter
On Sat, 2011-03-26 at 06:45 +0200, Juha Heinanen wrote:
peter,
another weird thing is that all notifys contain two 'transport=tcp params in their contact uris. any idea where they come from?
-- juha
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Hello,
can you try again after fetching the latest git version of branch 3.1? I did a commit to make sure the From and To URIs are parsed when handling SUBSCRIBEs in RLS. Normally, upon authentication and other actions executed prior to rls handling, these fields should be parsed (probably the reason that this was not noticed so far), but in your config it seems it is not that case.
If you have to stick to the version you have now, before handling the subscribe with rls, add following lines to force parsing From/To URIs:
$var(tmp) = $fU; $var(tmp) = $tU;
Let me know if works this time.
Cheers, Daniel
On 3/25/11 10:55 PM, Peter Dunkley wrote:
Hi,
The attached .zip file contains the full log and a .pcap file generated with ngrep for all SIP traffic on all interfaces.
For me the interesting stuff in the log is from line 3315 to line 3335: 3315: rls_handle_subscribe() is called here 3316: this is where the "searching document for user sip:@" message appears 3328: this is where the RLS module logs that it (unsurprisingly) found no documents 3335: this is where the RLS modules states "list not found - searched for urisip:alice_all@46.38.172.248"
Thanks,
Peter
Hello,
can you send the log messages with debug=3 and ngrep of the SIP traffic on all interfaces (including loopback) for such case (from the initial subscribe, ideally sent for a resource list with one or two entries so that there are not so many requests flowing around)? It will help to understand and troubleshoot.
Thanks, Daniel
Hi Daniel,
I wasn't able to update the software, but adding the extra lines to the config file helped.
Thanks,
Peter
On Sat, 2011-03-26 at 18:51 +0100, Daniel-Constantin Mierla wrote:
Hello,
can you try again after fetching the latest git version of branch 3.1? I did a commit to make sure the From and To URIs are parsed when handling SUBSCRIBEs in RLS. Normally, upon authentication and other actions executed prior to rls handling, these fields should be parsed (probably the reason that this was not noticed so far), but in your config it seems it is not that case.
If you have to stick to the version you have now, before handling the subscribe with rls, add following lines to force parsing From/To URIs:
$var(tmp) = $fU; $var(tmp) = $tU;
Let me know if works this time.
Cheers, Daniel
On 3/25/11 10:55 PM, Peter Dunkley wrote:
Hi,
The attached .zip file contains the full log and a .pcap file generated with ngrep for all SIP traffic on all interfaces.
For me the interesting stuff in the log is from line 3315 to line 3335: 3315: rls_handle_subscribe() is called here 3316: this is where the "searching document for user sip:@" message appears 3328: this is where the RLS module logs that it (unsurprisingly) found no documents 3335: this is where the RLS modules states "list not found - searched for urisip:alice_all@46.38.172.248"
Thanks,
Peter
Hello,
can you send the log messages with debug=3 and ngrep of the SIP traffic on all interfaces (including loopback) for such case (from the initial subscribe, ideally sent for a resource list with one or two entries so that there are not so many requests flowing around)? It will help to understand and troubleshoot.
Thanks, Daniel
-
Daniel-Constantin Mierla -
Juha Heinanen -
Peter Dunkley