[SR-Users] using bcrypt passwd hashing

Walter Martín Villalba wvillalba at gmail.com
Wed Dec 6 03:49:08 CET 2017


Hello everyone, and thanks very much for your feedback.  Some responses and
further questions below.

Daniel> Latest kamailio versions support also SHA256 algorithm

Martín> SHA256 is also a bad choice for storing passwords. See details here:
https://crackstation.net/hashing-security.htm

Daniel> However, the main blocker in suing a different hashing algorithm
are the sip client devices (mainly hardphones), which implement only MD5.
If you implement your own client app, then you can extend kamailio to
support whatever hashing you do in the client. Then, of course you can use
client side tls certificates for authentication, which should be better
than any hashing algorithm.

Martín> I do implement my own client app, even though I use a third party
SIP stack, which currently doesn't support any other auth methods besides
basic and MD5 (standard ones). I am planning to send username and passwd as
custom SIP headers in the REGISTER message, probably encrypted, and this
will travel on top of TLS. Then Kamailio can extract these custom headers
and call a custom python script to decrypt the values and do the
authentication (bcrypt password and compare with the one in database).
Client certificates are good but only in certain situations (e.g. not if
you want a zero footprint client such as a web-based client), and in most
cases a pain to manage when your user base grows.


Alex> Do you know of any mainstream SIP UACs which support anything other
than standard MD5 digest auth?

Martín> I don't, but haven't really worked much at all with 3rd party SIP
clients. I doubt there's any support for newer passwd hashing schemes,
unfortunately.

----------

Now the details....

I'm looking at sipcomm.cfg and see it calls www_authenticate (defined in
modules/auth_db/authorize.c). I believe I would need to create a similar
function, e.g. bcrypt_authenticate, and call this instead, with the
username and passwd values I get in my custom headers (as explained above).
The routine would decrypt the values, look up the user in the database,
bcrypt the passwd extracted from the custom header, and compare with the
one in the database. Doesn't sound too hard, but I do have some concerns
related to other functions that www_authenticate may be doing, that I would
also need to do in my bcrypt_authenticate function in order to keep
Kamailio functioning properly.

For example, www_authenticate could be changing some values in the database
and/or other temporary storage. I took a quick look at the implementation
and tried to follow the calls inside it. I see calls to
mark_authorized_cred, check_auth_hr (or auth_check_hdr_md5), and
generate_avps, and that some of these functions are indeed changing some
values here and there. So, before spending more time looking into these
details, I wanted to see if any of you have any suggestions about how to
handle this situation, i.e. maybe all I need to do in bcrypt_authenticate
is to check the credentials and then set one flag in the database for the
user that was just authenticated?

Does the explanation above make sense to you? Please let me know any
suggestions or further guidance you may have.

Thanks a lot,
Martín.



On Mon, Nov 13, 2017 at 3:00 AM, <sr-users-request at lists.kamailio.org>
wrote:

> Send sr-users mailing list submissions to
>         sr-users at lists.kamailio.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> or, via email, send a message with subject or body 'help' to
>         sr-users-request at lists.kamailio.org
>
> You can reach the person managing the list at
>         sr-users-owner at lists.kamailio.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of sr-users digest..."
>
>
> Today's Topics:
>
>    1. Branch 5.1 created (Daniel-Constantin Mierla)
>    2. Development open in master branch (to be v5.2.x)
>       (Daniel-Constantin Mierla)
>    3. Re: using bcrypt passwd hashing (Daniel-Constantin Mierla)
>    4. Re: t_set_fr behaviour (Daniel-Constantin Mierla)
>    5. Re: t_set_fr behaviour (Daniel-Constantin Mierla)
>    6. Re: AVPOPS: is_avp_set/avp_check "name" parameter as
>       variable. (Daniel-Constantin Mierla)
>    7. Re: strange --dialog in delete state is too old-- log line
>       managing dialog hashes (Daniel-Constantin Mierla)
>    8. Re: 183 acc records even if early_media equals to 0
>       (Marco Capetta)
>    9. Re: Kamailio issue (Daniel-Constantin Mierla)
>   10. Re: using bcrypt passwd hashing (Yuriy Gorlichenko)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 12 Nov 2017 14:42:35 +0100
> From: Daniel-Constantin Mierla <miconda at gmail.com>
> To: "Kamailio (SER) - Devel Mailing List" <sr-dev at lists.kamailio.org>,
>         "Kamailio (SER) - Users Mailing List" <sr-users at lists.kamailio.org
> >
> Subject: [SR-Users] Branch 5.1 created
> Message-ID: <dca81faa-dec2-4e12-704f-b382d23493d7 at gmail.com>
> Content-Type: text/plain; charset=utf-8
>
> Hello,
>
> the GIT branch 5.1 has just been created, it will host the release
> series 5.1.x. To get this branch from GIT, you can use:
>
>
>   git clone https://github.com/kamailio/kamailio.git kamailio
>   cd kamailio
>   git checkout -b 5.1 origin/5.1
>
>
> Hopefully in two-three weeks time frame the full release of 5.1.0 will
> be out.
>
> >From now on, any corresponding fix has to be pushed first to master
> branch and then cherry-picked to branch 5.1. No new features can get in
> branch 5.1. Enhancements to documentation or helping tools, as well as
> kemi exports are still allowed. If you are not sure about doing or not a
> backport, ask on sr-dev mailing list.
>
> Cheers,
> Daniel
>
>
> --
> Daniel-Constantin Mierla
> www.twitter.com/miconda -- www.linkedin.com/in/miconda
> Kamailio Advanced Training - www.asipto.com
> Kamailio World Conference - www.kamailioworld.com
>
>
>
> ------------------------------
>
> Message: 2
> Date: Sun, 12 Nov 2017 14:50:45 +0100
> From: Daniel-Constantin Mierla <miconda at gmail.com>
> To: "Kamailio (SER) - Devel Mailing List" <sr-dev at lists.kamailio.org>,
>         "Kamailio (SER) - Users Mailing List" <sr-users at lists.kamailio.org
> >
> Subject: [SR-Users] Development open in master branch (to be v5.2.x)
> Message-ID: <07baf03f-0d1b-30f6-45d2-cacfc3dfec99 at gmail.com>
> Content-Type: text/plain; charset=utf-8
>
> Hello,
>
> git branch 5.1 was just created (to host the release series v5.1.x),
> therefore new features can now be pushed again in master branch. They
> will be part of the next future release, likely to be numbered 5.2.x.
>
> Any fixes that affect existing code in branches 5.1 or older version
> have to be backported - push first to master and then cherry pick -- see
> the contributing guidelines at:
>
>   -
> https://www.kamailio.org/wiki/devel/git-commit-guidelines#
> backporting_commits
>
> Many thanks to all contributors so far! Testing of branch 5.1 and giving
> feedback for it is very appreciated!
>
> Cheers,
> Daniel
>
> --
> Daniel-Constantin Mierla
> www.twitter.com/miconda -- www.linkedin.com/in/miconda
> Kamailio Advanced Training - www.asipto.com
> Kamailio World Conference - www.kamailioworld.com
>
>
>
>
> ------------------------------
>
> Message: 3
> Date: Mon, 13 Nov 2017 09:22:17 +0100
> From: Daniel-Constantin Mierla <miconda at gmail.com>
> To: "Kamailio (SER) - Users Mailing List"
>         <sr-users at lists.kamailio.org>, Yuriy Gorlichenko <
> ovoshlook at gmail.com>
> Subject: Re: [SR-Users] using bcrypt passwd hashing
> Message-ID: <c7bb57e5-16dd-f5c2-f4ac-e3060f3b45bb at gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
>
>
> On 12.11.17 10:33, Yuriy Gorlichenko wrote:
> > You can realize any of auth methods by yourself and include it via
> > config file/kemi on lua/by adding module
> >
> > forexample I added SSO auth without any troubles instead of basid MD5
> > for some projects.
> Out of curiosity, what do you refer by SSO?
>
> Cheers,
> Daniel
> >
> > 2017-11-11 18:49 GMT+03:00 Alex Balashov <abalashov at evaristesys.com
> > <mailto:abalashov at evaristesys.com>>:
> >
> >     Do you know of any mainstream SIP UACs which support anything
> >     other than standard MD5 digest auth?
> >
> >     On November 10, 2017 7:11:26 PM EST, "Walter Martín Villalba"
> >     <wvillalba at gmail.com <mailto:wvillalba at gmail.com>> wrote:
> >     >Hello,
> >     >
> >     >I did some searches online and talked to some colleagues and it
> seems
> >     >Kamailio only supports the traditional HTTP digest authentication,
> >     >which
> >     >uses MD5. I would like to know if any of you has been successful in
> >     >using
> >     >bcrypt/scrypt/pbkdf2 passwd hashing, instead of MD5, which has been
> >     >deemed
> >     >as obsolete and insecure a long time ago. Perhaps you've written
> your
> >     >own
> >     >auth module, or just modified the config script to call some other
> >     >credential checking routine using a custom python/perl script (I'm
> >     >thinking
> >     >of doing the latter, of nothing better is available).
> >     >
> >     >If any of you have done something like this, using bcrypt or any
> >     other
> >     >current and secure hashing algorithm, I would appreciate some
> >     guidance.
> >     > If
> >     >you haven't, aren't you concerned about storing MD5 password
> >     hashes in
> >     >your
> >     >database?
> >     >
> >     >Note: if I can't find a good answer using this list, I will try the
> >     >developer's list next.
> >     >
> >     >Thanks in advance,
> >     >
> >     >Martín.
> >
> >
> >     -- Alex
> >
> >     --
> >     Sent via mobile, please forgive typos and brevity.
> >
> >     _______________________________________________
> >     Kamailio (SER) - Users Mailing List
> >     sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
> >     https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> >     <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
> >
> >
> >
> >
> > _______________________________________________
> > Kamailio (SER) - Users Mailing List
> > sr-users at lists.kamailio.org
> > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
> --
> Daniel-Constantin Mierla
> www.twitter.com/miconda -- www.linkedin.com/in/miconda
> Kamailio Advanced Training, Nov 13-15, 2017, in Berlin - www.asipto.com
> Kamailio World Conference - www.kamailioworld.com
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.kamailio.org/pipermail/sr-users/
> attachments/20171113/6ecfa303/attachment-0001.html>
>
> ------------------------------
>
> Message: 4
> Date: Mon, 13 Nov 2017 09:32:03 +0100
> From: Daniel-Constantin Mierla <miconda at gmail.com>
> To: "Kamailio (SER) - Users Mailing List"
>         <sr-users at lists.kamailio.org>, Kelvin Chua <kelchy at gmail.com>, SIP
>         Router - Kamailio "(OpenSER)" and SIP Express Router "(SER)" -
> Users
>         Mailing List <sr-users at lists.sip-router.org>
> Subject: Re: [SR-Users] t_set_fr behaviour
> Message-ID: <16c6f8a7-3526-79cd-3b34-e06a16206c81 at gmail.com>
> Content-Type: text/plain; charset=utf-8
>
> Hello,
>
>
> On 11.11.17 07:04, Kelvin Chua wrote:
> > hi guys,
> >
> > has anyone of you tried playing around with a scenario similar to this?
> >
> > A. invite -> t_set_fr() 2 seconds  - if "100 trying" not received in 2
> > seconds, timeout. works fine.
> > B. after receiving "100 trying" received, t_set_fr() 30 seconds - if
> > 18x not received in 30 seconds, timeout. works fine
> > C. after receiving the first 180, t_set_fr() 10 seconds - if "200 ok"
> > not received in 10 seconds, it will not timeout, but instead it will
> > timeout 30 seconds after B.
> >
> > i noticed this behavior recently and noticed that when a previous
> > t_set_fr() is bigger than the new one, it will be ignored. so if i did
> > 2 -> 10 -> 30, it works (swapping timeout values of B and C)
> >
> > my question is, is this an expected behavior?
> >
> just time for a very quick look at the code and I could see that only
> values for these timers are set by t_set_fr(), the transaction callback
> is not taken out and added to the timer lists. So, given that the
> previous timeout was longer, the callback was not executed yet and the
> new value is not seen. When the value is higher, then when callback is
> executed, then the new value is seen and used.
>
> I haven't implemented this part, and again, just a very quick look at
> the code, but for now is seems to be the way it works...
>
> Cheers,
> Daniel
>
> --
> Daniel-Constantin Mierla
> www.twitter.com/miconda -- www.linkedin.com/in/miconda
> Kamailio Advanced Training, Nov 13-15, 2017, in Berlin - www.asipto.com
> Kamailio World Conference - www.kamailioworld.com
>
>
>
>
> ------------------------------
>
> Message: 5
> Date: Mon, 13 Nov 2017 09:32:03 +0100
> From: Daniel-Constantin Mierla <miconda at gmail.com>
> To: "Kamailio (SER) - Users Mailing List"
>         <sr-users at lists.kamailio.org>, Kelvin Chua <kelchy at gmail.com>, SIP
>         Router - Kamailio "(OpenSER)" and SIP Express Router "(SER)" -
> Users
>         Mailing List <sr-users at lists.sip-router.org>
> Subject: Re: [SR-Users] t_set_fr behaviour
> Message-ID: <16c6f8a7-3526-79cd-3b34-e06a16206c81 at gmail.com>
> Content-Type: text/plain; charset=utf-8
>
> Hello,
>
>
> On 11.11.17 07:04, Kelvin Chua wrote:
> > hi guys,
> >
> > has anyone of you tried playing around with a scenario similar to this?
> >
> > A. invite -> t_set_fr() 2 seconds  - if "100 trying" not received in 2
> > seconds, timeout. works fine.
> > B. after receiving "100 trying" received, t_set_fr() 30 seconds - if
> > 18x not received in 30 seconds, timeout. works fine
> > C. after receiving the first 180, t_set_fr() 10 seconds - if "200 ok"
> > not received in 10 seconds, it will not timeout, but instead it will
> > timeout 30 seconds after B.
> >
> > i noticed this behavior recently and noticed that when a previous
> > t_set_fr() is bigger than the new one, it will be ignored. so if i did
> > 2 -> 10 -> 30, it works (swapping timeout values of B and C)
> >
> > my question is, is this an expected behavior?
> >
> just time for a very quick look at the code and I could see that only
> values for these timers are set by t_set_fr(), the transaction callback
> is not taken out and added to the timer lists. So, given that the
> previous timeout was longer, the callback was not executed yet and the
> new value is not seen. When the value is higher, then when callback is
> executed, then the new value is seen and used.
>
> I haven't implemented this part, and again, just a very quick look at
> the code, but for now is seems to be the way it works...
>
> Cheers,
> Daniel
>
> --
> Daniel-Constantin Mierla
> www.twitter.com/miconda -- www.linkedin.com/in/miconda
> Kamailio Advanced Training, Nov 13-15, 2017, in Berlin - www.asipto.com
> Kamailio World Conference - www.kamailioworld.com
>
>
>
>
> ------------------------------
>
> Message: 6
> Date: Mon, 13 Nov 2017 09:38:51 +0100
> From: Daniel-Constantin Mierla <miconda at gmail.com>
> To: "Kamailio (SER) - Users Mailing List"
>         <sr-users at lists.kamailio.org>, Asgaroth <00asgaroth00 at gmail.com>
> Subject: Re: [SR-Users] AVPOPS: is_avp_set/avp_check "name" parameter
>         as variable.
> Message-ID: <e04882b4-3c43-6bed-6631-cd193a42da63 at gmail.com>
> Content-Type: text/plain; charset=utf-8
>
> Hello,
>
> avp module comes from ser branch, probably it is the reason it was
> mentioned to be deprecated. However, avpops was developed with only one
> avp list in mind (caller list).
>
> Anyhow, avps do not evaluate the names as a string, but a single
> variable, maybe you can try like:
>
> $avp(x) = $_s(dm_ds_setid_$rm);
>
> then: is_avp_set("$avp($avp(x))")
>
> or: if($avp($avp(x))!=$null)
>
> If it is not in pair with avpops, then avp module won't be removed.
>
> Cheers,
> Daniel
>
> On 10.11.17 17:00, Asgaroth wrote:
> > Hi All,
> >
> > I was having a read of the AVP module documentation and I see
> > mentioned that in future releases of kamailio that the AVP module may
> > become deprecated in favour of using AVPOPS module. To this end, I
> > started looking to switch some of AVP functions over to AVPOPS
> > functions when I cam across an issue where I cannot have the name
> > parameter of the avp to check a variable.
> >
> > I have some attributes defined for a domain which I load up using
> > lookup_domain, one of these attributes is a dispatcher setid based on
> > the request method being processed. So, with AVP I can do something
> > like the following to see if it is set:
> >
> > if ( attr_exists( $_s(dm_ds_setid_$rm) ) )
> >
> > The above works as expected, but if I try using something equivelent
> > using avpops functions, something like:
> >
> > if ( is_avp_set("$avp(s:$_s(dm_ds_setid_$rm))") )
> > or
> > if ( is_avp_set("$avp(s:dm_ds_setid_$rm)") )
> > or
> > if ( is_avp_set("$avp($_s(dm_ds_setid_$rm))") )
> > or
> > if ( is_avp_set("$avp(dm_ds_setid_$rm)") )
> >
> > Then it fails the check even though the avp is set correctly, there
> > are no errors in the logs so it all appears to be okay.
> >
> > Likewise, when checking with the following AVP function, it works:
> >
> > if ( attr_equals("$_s(dm_ds_setid_$rm)", "100") )
> >
> > But, if I try with AVPOPS function, it fails (I'm guessing its bacause
> > the avp cannot be found)
> >
> > if ( avp_check("$avp(s:$_s(dm_ds_setid_$rm))", "100") )
> > or
> > if ( avp_check("$avp(s:dm_ds_setid_$rm)", "100") )
> > or
> > if ( avp_check("$avp($_s(dm_ds_setid_$rm))", "100") )
> > or
> > if ( avp_check("$avp(dm_ds_setid_$rm", "100") )
> >
> > Are the AVPOPS functions able to take nested variables like the above?
> > Is this a bug or am I using them incorrectly?
> >
> > I'm currently trying this out on kamailio v5.0.4.
> >
> > Any thoughts on the issue would be appreciated.
> >
> > Thanks
> >
> > _______________________________________________
> > Kamailio (SER) - Users Mailing List
> > sr-users at lists.kamailio.org
> > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
> --
> Daniel-Constantin Mierla
> www.twitter.com/miconda -- www.linkedin.com/in/miconda
> Kamailio Advanced Training, Nov 13-15, 2017, in Berlin - www.asipto.com
> Kamailio World Conference - www.kamailioworld.com
>
>
>
>
> ------------------------------
>
> Message: 7
> Date: Mon, 13 Nov 2017 09:42:38 +0100
> From: Daniel-Constantin Mierla <miconda at gmail.com>
> To: descartin at bts.io, "Kamailio (SER) - Users Mailing List"
>         <sr-users at lists.kamailio.org>, jgallart at systemonenoc.com
> Subject: Re: [SR-Users] strange --dialog in delete state is too old--
>         log line managing dialog hashes
> Message-ID: <9345d277-add2-0cbc-f013-0b8492967423 at gmail.com>
> Content-Type: text/plain; charset=utf-8
>
> Hello,
>
> I pushed two patches to dialog module few days ago, can you try with
> that version (or with those patches backported to your version)?
>
> Cheers,
> Daniel
>
> On 09.11.17 18:50, David Escartín wrote:
> > hello Daniel
> >
> > I might think they were not, at least i cannot see dialogs being
> > created with the same id and entry hash values in the previous hours
> > to the kamailio reset, but i'm not sure. I dont know if maybe they
> > could be some "lost" dialogs with more than 2 hours lifetime for some
> > strange reason, but i could not check the dailog profile list live
> > because i got a "reply too big" output using the kamcmd rpc command.
> > I guess i should increase  binrpc_max_body_size ?
> >
> > I can try to remove traffic from the server and see if after 2 hours i
> > have any remaining dialog. I don't think there would be any because i
> > checked generally other times that the number of dialogs go to 0 after
> > a while (2 hours or so) when i remove traffic from a kamailio
> > instance. But i can check it anyway.
> >
> > i will let you know
> >
> > best regards
> > david
> >
> >
> >
> > El 08/11/17 a las 08:40, Daniel-Constantin Mierla escribió:
> >> Hello,
> >>
> >>
> >> On 08.11.17 07:23, David Escartín wrote:
> >>> Hello Daniel
> >>>
> >>> sorry about that.
> >> no worries, it was more for the future to keep a conversation in a
> >> single place, if it is not some generic announcement or similar ...
> >>> yes, if we make a restart, after a while (not fixed time some times
> >>> minutes, some times 2 hours),  we start to see those types of messages
> >> Do you know if all these dialogs were active at the last restart? Or new
> >> dialogs after restart expose the same issue?
> >>
> >> Cheers,
> >> Daniel
> >>
> >>> i attach you the sip messages of the call of the logs in the first mail
> >>> the INVITE receiver is the Kamailio instance.
> >>>
> >>> thanks a lot and sorry again about the 2 email accounts
> >>> david
> >>>
> >>>
> >>> El 07/11/17 a las 18:40, Daniel-Constantin Mierla escribió:
> >>>> Hello,
> >>>>
> >>>> first: no need to post on both sr-users and sr-dev, it makes it
> >>>> hard to
> >>>> follow up if people answer on different lists.
> >>>>
> >>>> If it is about a stable release, you can use the sr-users, if it is
> >>>> about devel version, you can use sr-dev. Of course, if it is a bug,
> >>>> you
> >>>> can open an issue on:
> >>>>
> >>>>     - https://github.com/kamailio/kamailio/issues
> >>>>
> >>>> Now, back to the message itself -- have you done a recent restart
> >>>> before
> >>>> this situation is exposed? Do you capture the traffic in your network?
> >>>> If yes, can you extract the sip packets for one of these calls and
> >>>> send
> >>>> them over to me?
> >>>>
> >>>> Cheers,
> >>>> Daniel
> >>>>
> >>>>
> >>>> On 07.11.17 16:30, David Escartín wrote:
> >>>>> hello all
> >>>>>
> >>>>> recently we are seeing some weird messages handling with dialogs in
> >>>>> Kamailio version 5.0
> >>>>> we sometimes are seeing messages like
> >>>>> /usr/local/kamailio/sbin/kamailio[15372]: NOTICE: dialog
> >>>>> [dlg_hash.c:249]: dlg_clean_run(): dialog in delete state is too old
> >>>>> (0x7fa65445c850 ref 3)
> >>>>> /usr/local/kamailio/sbin/kamailio[15372]: NOTICE: dialog
> >>>>> [dlg_hash.c:235]: dlg_clean_run(): dialog in early state is too old
> >>>>> (0x7fa652d57110 ref 1)
> >>>>>
> >>>>> we increased the debug description adding some lines to the dialog
> >>>>> module code so we could track the calls of the calls that these
> >>>>> messages belong to, and we could see that those messages appeared in
> >>>>> calls just released at that moment, for example:
> >>>>>
> >>>>> <134>Nov  4 11:21:38 localhost
> >>>>> /usr/local/kamailio/sbin/kamailio[4108]: INFO: mad-localhost-1 Call
> >>>>> 97980 / Call-ID 1409565771_82382809 at 195.219.240.46: Creating dialog
> >>>>> [8043:21772] with hash id 21772 and hash entry 8043
> >>>>> <134>Nov  4 11:21:38 localhost
> >>>>> /usr/local/kamailio/sbin/kamailio[4106]: INFO: mad-localhost-1 Call
> >>>>> 97980 / Call-ID 1409565771_82382809 at 195.219.240.46: Status 100, 6610
> >>>>> <134>Nov  4 11:21:39 localhost
> >>>>> /usr/local/kamailio/sbin/kamailio[4111]: INFO: mad-localhost-1 Call
> >>>>> 97980 / Call-ID 1409565771_82382809 at 195.219.240.46: CANCEL
> >>>>> received in
> >>>>> A-Leg, relaying downstream
> >>>>> <134>Nov  4 11:21:39 localhost
> >>>>> /usr/local/kamailio/sbin/kamailio[4112]: INFO: mad-localhost-1 Call
> >>>>> 97980 / Call-ID 1409565771_82382809 at 195.219.240.46: Status 487, 6610
> >>>>> <133>Nov  4 11:21:39 localhost
> >>>>> /usr/local/kamailio/sbin/kamailio[4139]: NOTICE: dialog
> >>>>> [dlg_hash.c:251]: dlg_clean_run(): dialog in delete state is too old
> >>>>> (0x7fa0c02a6870 ref 3) with callid
> >>>>> '1409565771_82382809 at 195.219.240.46'
> >>>>> <129>Nov  4 11:21:39 mad-proxy-inout-1
> >>>>> /usr/local/kamailio/sbin/kamailio[4112]: ALERT: dialog
> >>>>> [dlg_handlers.c:1715]: dlg_run_event_route(): after event route -
> >>>>> dialog not found [8043:21772] (1/5) (0x7fa0c02a6870) with callid
> >>>>> '1409565771_82382809 at 195.219.240.46'
> >>>>>
> >>>>> we printed the dialog id and entry hash values and we can see there
> >>>>> are no other calls creating same values in the previous hours, or
> >>>>> using same memory allocation, or same callid, so it seems like there
> >>>>> was some kind of strange issue with the dialog timers....¿?
> >>>>> By the way, this is happening only few times (80-100 times) a day
> >>>>> having many thousands of calls, so it's quite difficult for us to
> >>>>> duplicate, we couldn't do it until now.
> >>>>> We also tried to use the timer_procs 0 or 1 to use a different proc
> >>>>> timer but seems the issue happens in both scenarios.
> >>>>>
> >>>>> The configuration change we made and seems it was done when these
> >>>>> messages started to appear is to use dialog event_route when ended
> >>>>> and
> >>>>> failed to do some stuff there managing some dialog variables.
> >>>>> Does ti make any sense that attempting to use those variables could
> >>>>> cause these behaviour?
> >>>>> Do you have any idea about it could be or how we can check it deeper?
> >>>>>
> >>>>> thanks a lot and regards
> >>>>> david escartin
> >>>>>
> >>>>> _______________________________________________
> >>>>> Kamailio (SER) - Users Mailing List
> >>>>> sr-users at lists.kamailio.org
> >>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> >
>
> --
> Daniel-Constantin Mierla
> www.twitter.com/miconda -- www.linkedin.com/in/miconda
> Kamailio Advanced Training, Nov 13-15, 2017, in Berlin - www.asipto.com
> Kamailio World Conference - www.kamailioworld.com
>
>
>
>
> ------------------------------
>
> Message: 8
> Date: Mon, 13 Nov 2017 09:46:09 +0100 (CET)
> From: Marco Capetta <mcapetta at sipwise.com>
> To: miconda at gmail.com,  "Kamailio (SER) - Users Mailing List"
>         <sr-users at lists.kamailio.org>
> Subject: Re: [SR-Users] 183 acc records even if early_media equals to
>         0
> Message-ID:
>         <1959637296.2141408.1510562769508.JavaMail.zimbra at sipwise.com>
> Content-Type: text/plain; charset=utf-8
>
> Hi Daniel,
>
> we left the test system running the whole weekend and so far we haven't
> see any new ACC record for provisional response messages.
> I think that the latest patch solved the issue.
>
> Thank you
>
> Cheers
> Marco
>
> ----- Original Message -----
> From: "Daniel-Constantin Mierla" <miconda at gmail.com>
> To: "Kamailio (SER) - Users Mailing List" <sr-users at lists.kamailio.org>,
> "Andrew Pogrebennyk" <apogrebennyk at sipwise.com>
> Sent: Friday, November 10, 2017 9:48:29 AM
> Subject: Re: [SR-Users] 183 acc records even if early_media equals to 0
>
>
>
> On 10.11.17 09:42, Andrew Pogrebennyk wrote:
> > On 11/10/2017 09:34 AM, Marco Capetta wrote:
> >> +
> >> if(relayed_msg->REPLY_STATUS==uas_rb->activ_type) {
> >> +
> >> run_trans_callbacks_with_buf( TMCB_RESPONSE_OUT, uas_rb, t->uas.request,
> >> +
>
> >> relayed_msg, relayed_code);
> >> +                                       }
> > my guess is that in case of fake reply like a 408 the relayed_msg is -1
> > so addressing the member by pointer fails.
> >
> > I have suggested Marco to try with if(relayed_msg==FAKED_REPLY ||
> > relayed_msg->REPLY_STATUS==uas_rb->activ_type)
> >
> > Not sure if there are any other cases where relayed_msg is a NULL but we
> > will test this and let you know if it helps.
> Indeed, I noticed that is the FAKED_REPLY looking at the locals in the
> backtrace he sent to me. I think it is better to use relayed_code
> instead of relayed_msg->REPLY_STATUS in that condition.
>
> Cheers,
> Daniel
>
> --
> Daniel-Constantin Mierla
> www.twitter.com/miconda -- www.linkedin.com/in/miconda
> Kamailio Advanced Training, Nov 13-15, 2017, in Berlin - www.asipto.com
> Kamailio World Conference - www.kamailioworld.com
>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
>
>
> ------------------------------
>
> Message: 9
> Date: Mon, 13 Nov 2017 09:49:56 +0100
> From: Daniel-Constantin Mierla <miconda at gmail.com>
> To: "Kamailio (SER) - Users Mailing List"
>         <sr-users at lists.kamailio.org>, bazou2 bazou2
>         <bazou2.bazou2 at hotmail.com>
> Subject: Re: [SR-Users] Kamailio issue
> Message-ID: <1c8181b4-60c0-f363-d230-665e1e5ca5ce at gmail.com>
> Content-Type: text/plain; charset="windows-1252"
>
> Hello,
>
>
> what do you mean that first time works? Do you have one call working ok
> and then trying with the second one fails? Or one leg of the first call
> works, but it doesn't get properly completed?
>
>
> Cheers,
> Daniel
>
>
>
> On 08.11.17 09:36, bazou2 bazou2 wrote:
> > Hello,
> >
> > I have a kamailio version 4.4 with an Asterisk 13 ... and i need to
> > make a call from a sip phone app.(i have a user subscribed on the
> > kamailio to be used on the sip phone app).
> > The weird thing that first time, the call works (I can see the sip
> > messages working fine between the app kamailio and asterisk) but when
> > i try again it doesn't work. SIP messages show that the kamailio and
> > Asterisk keep send trying request between them and the loop of these
> > kind of messages doesn't end..
> >
> > I need to know if i am missing something in the configuration file of
> > the kamailio or what?
> >
> > Regards
> >
> >
> > Sent from Outlook <http://aka.ms/weboutlook>
> >
> >
> > _______________________________________________
> > Kamailio (SER) - Users Mailing List
> > sr-users at lists.kamailio.org
> > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
> --
> Daniel-Constantin Mierla
> www.twitter.com/miconda -- www.linkedin.com/in/miconda
> Kamailio Advanced Training, Nov 13-15, 2017, in Berlin - www.asipto.com
> Kamailio World Conference - www.kamailioworld.com
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.kamailio.org/pipermail/sr-users/
> attachments/20171113/d4e10931/attachment-0001.html>
>
> ------------------------------
>
> Message: 10
> Date: Mon, 13 Nov 2017 12:40:10 +0300
> From: Yuriy Gorlichenko <ovoshlook at gmail.com>
> To: Daniel-Constantin Mierla <miconda at gmail.com>
> Cc: "Kamailio \(SER\) - Users Mailing List"
>         <sr-users at lists.kamailio.org>
> Subject: Re: [SR-Users] using bcrypt passwd hashing
> Message-ID:
>         <CABSP_VcagxhDPm-S+kkAUUF+NZaW+hKAgOPQv-K_0nK9587MeQ@
> mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi Daniel
>
> Some Single Sign On system.
>
> for example in the system that has multiple services but all works via one
> auth service by token for example.
> So in this case i changed standart-auth-SIP scheme to the token-based-auth
> scheme.
>
> Offcource it is not for mainstream clients software.
>
>
> 2017-11-13 11:22 GMT+03:00 Daniel-Constantin Mierla <miconda at gmail.com>:
>
> >
> >
> > On 12.11.17 10:33, Yuriy Gorlichenko wrote:
> >
> > You can realize any of auth methods by yourself and include it via config
> > file/kemi on lua/by adding module
> >
> > forexample I added SSO auth without any troubles instead of basid MD5 for
> > some projects.
> >
> > Out of curiosity, what do you refer by SSO?
> >
> > Cheers,
> > Daniel
> >
> >
> > 2017-11-11 18:49 GMT+03:00 Alex Balashov <abalashov at evaristesys.com>:
> >
> >> Do you know of any mainstream SIP UACs which support anything other than
> >> standard MD5 digest auth?
> >>
> >> On November 10, 2017 7:11:26 PM EST, "Walter Martín Villalba" <
> >> wvillalba at gmail.com> wrote:
> >> >Hello,
> >> >
> >> >I did some searches online and talked to some colleagues and it seems
> >> >Kamailio only supports the traditional HTTP digest authentication,
> >> >which
> >> >uses MD5. I would like to know if any of you has been successful in
> >> >using
> >> >bcrypt/scrypt/pbkdf2 passwd hashing, instead of MD5, which has been
> >> >deemed
> >> >as obsolete and insecure a long time ago. Perhaps you've written your
> >> >own
> >> >auth module, or just modified the config script to call some other
> >> >credential checking routine using a custom python/perl script (I'm
> >> >thinking
> >> >of doing the latter, of nothing better is available).
> >> >
> >> >If any of you have done something like this, using bcrypt or any other
> >> >current and secure hashing algorithm, I would appreciate some guidance.
> >> > If
> >> >you haven't, aren't you concerned about storing MD5 password hashes in
> >> >your
> >> >database?
> >> >
> >> >Note: if I can't find a good answer using this list, I will try the
> >> >developer's list next.
> >> >
> >> >Thanks in advance,
> >> >
> >> >Martín.
> >>
> >>
> >> -- Alex
> >>
> >> --
> >> Sent via mobile, please forgive typos and brevity.
> >>
> >> _______________________________________________
> >> Kamailio (SER) - Users Mailing List
> >> sr-users at lists.kamailio.org
> >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> >>
> >
> >
> >
> > _______________________________________________
> > Kamailio (SER) - Users Mailing Listsr-users at lists.kamailio.orghttps://
> lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> >
> >
> > --
> > Daniel-Constantin Mierlawww.twitter.com/miconda --
> www.linkedin.com/in/miconda
> > Kamailio Advanced Training, Nov 13-15, 2017, in Berlin - www.asipto.com
> > Kamailio World Conference - www.kamailioworld.com
> >
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.kamailio.org/pipermail/sr-users/
> attachments/20171113/aa33d4dd/attachment-0001.html>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> sr-users mailing list
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
>
> ------------------------------
>
> End of sr-users Digest, Vol 150, Issue 13
> *****************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20171205/2a57f6f7/attachment.html>


More information about the sr-users mailing list