[SR-Users] siptrace: how to duplicate the complete dialog?

Daniel Tryba d.tryba at pocos.nl
Fri Aug 18 12:29:54 CEST 2017


I'm trying to trace a complete dialog on a loadbalancer/proxy:


UAC           <-> Proxy        <-> backend
109.235.34.a  <-> 109.235.32.b <-> 185.61.68.c

Proxy runs 4.3.x (but with 4.4.x I appear to have the same results).

siptrace config:
=============================================
modparam("siptrace", "duplicate_uri", "sip:10.11.12.13:9060")
modparam("siptrace", "hep_mode_on", 1)
modparam("siptrace", "trace_to_database", 0)
modparam("siptrace", "trace_flag", 22)
modparam("siptrace", "trace_on", 1)
=============================================


After REQINIT (which does pike and handles OPTIONS), I setflag(22) the
message. 

=============================================
route(REQINIT);

setflag(22);

route(NATDETECT);
route(WITHINDLG);
=============================================


Next depending in where the message comes from:
=============================================
if(!is_in_subnet($si, backends))
{
	ds_select_dst(1, 0);
	t_on_failure("RTF_DISPATCH");
}
else
{
	remove_hf("Route");
	loose_route();
}

route(RELAY);
=============================================

sip_trace() is being called in the routes:
WITHINDLG
MANAGE_BRANCH
MANAGE_REPLY
MANAGE_FAILURE
RTF_DISPATCH


The resulting duplicate packets are:

11:20:21.037 INVITE 109.235.34.a:39621 109.235.32.b:5060 tcp
11:20:21.040 INVITE 109.235.34.a:39621 109.235.32.b:5060 tcp
11:20:21.047 401    185.61.68.c:5060   109.235.32.b:5060 udp
11:20:21.073 ACK    109.235.34.a:39621 109.235.32.b:5060 tcp
11:20:21.117 INVITE 109.235.34.a:39621 109.235.32.b:5060 tcp
11:20:21.135 100    185.61.68.c:5060   109.235.32.b:5060 udp
11:20:21.450 180    185.61.68.c:5060   109.235.32.b:5060 udp
11:20:27.929 200    185.61.68.c:5060   109.235.32.b:5060 udp
11:20:28.106 ACK    109.235.34.a:39621 109.235.32.b:5060 tcp
11:20:30.625 BYE    185.61.68.c:5060   109.235.32.b:5060 udp
11:20:30.659 BYE    185.61.68.c:5060   109.235.32.b:5060 udp
11:20:30.663 BYE    109.235.32.b:5060  109.235.34.a:39621 tcp
11:20:30.664 200    109.235.34.a 39621 109.235.32.b:5060 tcp
11:20:30.664 200    109.235.32.b:5060  185.61.68.c:5060 udp

What is missing are the forwarded replies, there is an ACK that matches
the 401, but I have no clue what message was send to the UAC. Adding a
sip_trace after REQINIT shows nothing extra.

How (if possible) do I get all messages being send via the proxy?
I could use sngrep/sipgrep, but that is an other process to monitor for
failure.




More information about the sr-users mailing list