[SR-Users] dmq_is_from_node() issue

Asgaroth 00asgaroth00 at gmail.com
Wed Jul 22 16:58:15 CEST 2015 

Hi Charles,

Thanks for the information, I was intending to use dmq_is_from_node as a 
security check to ensure that the dmq message arrived from a node that 
it saw as part of the notification address list (excluding itself of 
course).

I see that it is not intended to be used this way. I'll build on your 
snippet along with ipops to check these messages.

Thanks again.

On 22/07/2015 15:46, Charles Chance wrote:
> Hi,
>
> This is expected. The point of DMQ is to enable dynamic scaling 
> without having to define every node in advance in Kamailio config.
>
> You should not use dmq_is_from_node() with dmq_handle_message() - it 
> is not intended to be a security check for KDMQ messages, but for 
> other messages replicated directly in your config (e.g. REGISTER).
>
> For KDMQ, you should listen on a dedicated IP and/or port and lock 
> down at network/firewall level. Then your DMQ handling block should 
> look something like:
>
>         if (method == "KDMQ") {
>                 if ($Rp == 5070) {
>                         dmq_handle_message();
>                 } else {
>                         drop;
>                 }
>         }
>
> Do this help? Or is there something else you're looking to achieve?
>
> Cheers,
> Charles
>
>
> On 22 July 2015 at 15:22, Asgaroth <00asgaroth00 at gmail.com 
> <mailto:00asgaroth00 at gmail.com>> wrote:
>
>     Hi All,
>
>     I have an issue with the dmq_is_from_node() function, whereby it
>     does not detect a node is on the bus if it has been removed from
>     its "table" due to previously failed, i presume, ping requests.
>
>     I have the following snippet in my main routing block:
>
>     if(is_method("KDMQ")) {
>             if (dmq_is_from_node()) {
>                 dmq_handle_message();
>                 exit;
>             } else {
>                 xlog("L_INFO", "KDMQ message recieved from node not on
>     our bus!! ($si:$sp) Dropping.");
>                 exit;
>             }
>         }
>
>     I have the following dmq module parameters enabled for dmq:
>
>     modparam("dmq", "server_address", DMQ_ADDRESS)
>     modparam("dmq", "notification_address", "sip:lb.domain.com:5060
>     <http://lb.domain.com:5060>")
>     modparam("dmq", "multi_notify", 1)
>     modparam("dmq", "num_workers", 4)
>
>     DMQ_ADDRESS is set to each of the addresses in the lb.domain.com
>     <http://lb.domain.com> for each local kamailio instance
>
>     lb.domain.com <http://lb.domain.com> resolves to the following
>     addresses:
>         10.6.0.109
>         10.6.0.110
>         10.6.0.111
>
>     If I start up the 1st instance of kamailio and do not start the
>     other 2 within the default ping timout then I get the expected log
>     message of dmq removing the nodes from its table, for example:
>
>     kamailio[26657]: ERROR: dmq [notification_peer.c:588]:
>     notification_resp_callback_f(): deleting server
>     sip:10.6.0.111:5060 <http://10.6.0.111:5060> because of failed request
>     kamailio[26657]: ERROR: dmq [notification_peer.c:588]:
>     notification_resp_callback_f(): deleting server
>     sip:10.6.0.110:5060 <http://10.6.0.110:5060> because of failed request
>
>     However, if I then start one, or both, of the other nodes, then
>     the KDMQ requests are dropped due to my snippet above, I presume,
>     because dmq_is_from_node() checks its "active" table. See messages
>     below as an example of the above snippet in action:
>
>     kamailio[26656]: INFO: <script>: KDMQ message recieved from node
>     not on our bus!! (10.6.0.110:5060 <http://10.6.0.110:5060>) Dropping.
>     kamailio[26656]: INFO: <script>: KDMQ message recieved from node
>     not on our bus!! (10.6.0.111:5060 <http://10.6.0.111:5060>) Dropping.
>
>     Is this expected behaviour from the dmq_is_from_node() function? I
>     would have expected it to always check the addresses resolved in
>     the notification address, or am I using this function in a manner
>     not intended.
>
>     Any suggestions/tips would be greatly appreciated.
>
>     Thanks
>
>
>     _______________________________________________
>     SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing
>     list
>     sr-users at lists.sip-router.org <mailto:sr-users at lists.sip-router.org>
>     http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
>
>
>
> *** We're rebranding! Learn more here 
> <http://www.sipcentric.com/2015/07/were-rebranding/> ***
>
> www.sipcentric.com <http://www.sipcentric.com/>
>
> Follow us on twitter @sipcentric <http://twitter.com/sipcentric>
>
> Sipcentric Ltd. Company registered in England & Wales no. 7365592. 
> Registered office: Faraday Wharf, Innovation Birmingham Campus, Holt 
> Street, Birmingham Science Park, Birmingham B7 4BB.
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20150722/29241317/attachment.html>

More information about the sr-users mailing list