[SR-Users] Kamailio to capture mirrored traffic

Igor Olhovskiy igorolhovskiy at gmail.com
Sat Oct 26 20:39:07 CEST 2019 

I'm trying to avoid SIP packet touching at all. Plus, I can't move third-party soft to other port/interface or so.

Idea is I don't want for Kamailio to be a proxy, but a sip packet analyzer for mirrored port, but on same machine.
On Oct 26 2019, at 6:40 pm, David Villasmil <david.villasmil.work at gmail.com> wrote:
> Why not just receiving with kamailio and transparently proxying to the pbx after capturing? I.e.: kamailio in the middle
>
>
> On Sat, 26 Oct 2019 at 14:46, Igor Olhovskiy <igorolhovskiy at gmail.com (mailto:igorolhovskiy at gmail.com)> wrote:
> > Hi!
> >
> > I'm trying to get Kamailio working as a traffic capture on a same machine with other PBX software installed.
> > Actually, traffic is mirrored with
> > iptables -A PREROUTING -t mangle -i eth0 -p udp --dport 5060 -j TEE --gateway 127.0.0.2 (https://link.getmailspring.com/link/AB5F9D36-533D-4A52-ADE3-FB76B813163C@getmailspring.com/0?redirect=127.0.0.2&recipient=c3ItdXNlcnNAbGlzdHMua2FtYWlsaW8ub3Jn)
> > iptables -t nat -A PREROUTING -d 127.0.0.2 -p udp --dport 5060 -j DNAT --to 127.0.0.1:5062 (https://link.getmailspring.com/link/AB5F9D36-533D-4A52-ADE3-FB76B813163C@getmailspring.com/1?redirect=127.0.0.1%3A5062&recipient=c3ItdXNlcnNAbGlzdHMua2FtYWlsaW8ub3Jn)
> >
> >
> > Kamailio request route is super simple
> > request_route {
> > xlog("L_ALERT", "[SIP-PACKET] Got packet [F=$fu R=$ru D=$du M=$rm IP=($si:$sp $Ri:$Rp) ID=$ci]\n");
> > drop;
> > }
> >
> > I was trying to get Kamailio just listen on interface 127.0.0.1:5062, but no luck
> > listen=udp:127.0.0.1:5062 (http://127.0.0.1:5062)
> > Next was to use sipcapture module with following parameters
> > loadmodule "sipcapture.so"
> > modparam("sipcapture", "db_url", "text:///tmp/")
> > modparam("sipcapture", "raw_socket_listen", "127.0.0.1:5060-5062")
> > modparam("sipcapture", "raw_interface", "lo")
> > modparam("sipcapture", "promiscious_on", 1)
> >
> > Also no luck. Means Kamailio can't see packets, but I see em with wireshark on lo interface.
> > What is best way to get it working? Or I'm missing something?
> > Thanks!
> > _______________________________________________
> > Kamailio (SER) - Users Mailing List
> > sr-users at lists.kamailio.org (mailto:sr-users at lists.kamailio.org)
> > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
>
>
> --
> Regards,
>
> David Villasmil
> email: david.villasmil.work at gmail.com (https://link.getmailspring.com/link/440604DA-8F73-4D71-9038-78658920F906@getmailspring.com/0?redirect=mailto%3Adavid.villasmil.work%40gmail.com&recipient=c3ItdXNlcnNAbGlzdHMua2FtYWlsaW8ub3Jn)
> phone: +34669448337
>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20191026/a177e62e/attachment.html>

More information about the sr-users mailing list