[SR-Users] REGISTER with http_async_client ?
Cyril Ramière
cyril.ramiere at gmail.com
Tue Feb 8 10:30:55 CET 2022
Hi Federico,
Thank you, this was the solution!
You were right about trying to log $T(reply_code), this triggers the
critical error and sends a 500 internal server error message.
Since I was using the same xlog line across my entire code, $T(reply_code)
was called multiple times, I didn't think it would cause such an issue
since the documentation states that it returns 0 in the worst case.
I stumbled across another issue, my rtpengine stopped working, it was due
to the fact that the http async client (so async framework) uses a
"failure_route" when triggering the callback route, so the first action of
rtpengine_manage() is to DELETE the transaction if in failure_route.
I moved/refactored some logic to trigger rtpengine inside a branch_route,
but I'm wondering if there is a way after my http query is done to revert
back to the request_route instead of the failure_route.
Cheers,
Cyril
Le ven. 4 févr. 2022 à 10:00, Federico Cabiddu <federico.cabiddu at gmail.com>
a écrit :
> Hi Cyril,
> I tried your script and changing
> sl_send_reply("200","OK");
> with
> send_reply("200","OK") or t_reply("200","OK");
> it works, a 200 OK reply is sent out.
>
> The message
>
> "CRITICAL: tmx [t_var.c:546]: pv_get_tm_reply_code(): no picked branch
> (-1) for a final response in MODE_ONFAILURE"
>
> comes from trying, in the xlog call, to access $T(reply_code) where there
> is actually no reply code for the transaction (no reply has been
> received/generated)
>
> Could you try the following snippet based on http_async_client?
>
> request_route {
> xlog("L_NOTICE", "ROOT - New request - M=$rm UAC-IP=$si:$sp
> LB-IP=$tcp(c_si):$tcp(c_sp) UA='$ua' ID=$ci\n");
>
> if (is_method("REGISTER")){
> xlog("L_NOTICE", "[ROOT] Got REGISTER. method=$rm -
> code=$T(reply_code) - Destination=$ru - Origin=[$fU@$si:$sp]\n");
> if(!is_present_hf("Authorization")){
> xlog("L_INFO","[ROOT::REGISTER] No auth provided, sending
> CHALLENGE for $fU ($fu) (FINAL)\n");
> www_challenge("$td","1");
> exit;
> }
> else{
> xlog("L_INFO","[ROOT::REGISTER] Auth provided, Go to
> AUTH_DOQUERY using http_async_client\n");
> t_newtran();
> http_async_query("http://127.0.0.1:8000/","AUTH_REPLY");
> }
> }
>
> exit;
> }
>
> route[AUTH_REPLY]{
> xlog("L_NOTICE", "[AUTH_REPLY]: http_rs=$http_rs\n");
> send_reply("200","OK");
> exit;
> }
>
> (I'm running a simple http server always replying 200 on the loopback
> interface)
>
> Cheers,
>
> Federico
>
> On Thu, Feb 3, 2022 at 12:13 PM Cyril Ramière <cyril.ramiere at gmail.com>
> wrote:
>
>> Okay, so I have done that,
>>
>> Please find here :
>> https://zerobin.net/?7743b78716b00c72#Jzmdq+5ZlFfZId+M/hP+52Ih0AMAMNUjeUT1cN7jL7Q=
>>
>> My full config (I redacted some parts like IPs and domains), with the
>> minimal routing blocks to reproduce and the logs.
>>
>> If you don't mind checking it, it would be great :)
>>
>> Cheers,
>>
>> Cyril
>>
>> Le jeu. 3 févr. 2022 à 11:39, Federico Cabiddu <
>> federico.cabiddu at gmail.com> a écrit :
>>
>>> I have to admit that even looking at the debug logs I cannot understand
>>> what's going on in your case.
>>> As said I'm running an authentication scenario very similar to yours,
>>> being the challenge the only difference.
>>> What I can suggest to further digging is to reduce your configuration as
>>> much as possible (e.g. I see that you are using topoh) and see if we can
>>> understand better what is causing the issue.
>>>
>>> Cheers,
>>>
>>> Federico
>>>
>>>
>>> On Thu, Feb 3, 2022 at 7:58 AM Olle E. Johansson <oej at edvina.net> wrote:
>>>
>>>>
>>>>
>>>> On 2 Feb 2022, at 23:58, Cyril Ramière <cyril.ramiere at gmail.com> wrote:
>>>>
>>>> Hi Karsten,
>>>>
>>>> Thanks for the clue, unfortunately I can't use this module because the
>>>> clients are "dumb" sip phones.
>>>>
>>>> The goal of my implementation is to use our application API to handle
>>>> the login.
>>>>
>>>> The plan was that a sip phone sends a REGISTER, I ask the API endpoint
>>>> if this user/password is ok to connect and allow/deny based on the reply
>>>> and informations provided by the API.
>>>>
>>>> Everything is relying on the fact that I can make my HTTP call when
>>>> handling the REGISTER, sadly for me, it doesn't work and I still can't
>>>> figure why.
>>>>
>>>> Try http_client. I’ve used it a lot of time for authentication. It will
>>>> block your thread while waiting for response, but you can handle some of
>>>> those issues by caching secrets for a short time with htable.
>>>>
>>>> /O
>>>>
>>>>
>>>> Cheers,
>>>>
>>>> Cyril
>>>>
>>>> Le mer. 2 févr. 2022 à 19:49, Karsten Horsmann <khorsmann at gmail.com> a
>>>> écrit :
>>>>
>>>>> Hi Cyril,
>>>>>
>>>>> This Kamailio module could imho do the same
>>>>>
>>>>> https://www.kamailio.org/docs/modules/devel/modules/auth_ephemeral.html
>>>>>
>>>>>
>>>>> Cyril Ramière <cyril.ramiere at gmail.com> schrieb am Do., 27. Jan.
>>>>> 2022, 08:04:
>>>>>
>>>>>> Hi there,
>>>>>>
>>>>>> I have a weird issue with kamailio (latest docker
>>>>>> image kamailio-ci:5.5.2-alpine) and http_async_client.
>>>>>>
>>>>>> Before posting a lot of logs, let me describe what I want to achieve.
>>>>>>
>>>>>> I have a Kamailio and a SIP Phone.
>>>>>>
>>>>>> The SIP phone sends a REGISTER to kamailio, then in my routing block,
>>>>>> I check if I have an Authorization header.
>>>>>>
>>>>>> Since I don't have an Authorization (first message), I
>>>>>> use "www_challenge()".
>>>>>> This replies to the SIP phone, and then the SIP phone sends a new
>>>>>> REGISTER with the correct Authorization header.
>>>>>>
>>>>>> So far so good.
>>>>>>
>>>>>> Now, when I get the REGISTER with Authorization header, I want to ask
>>>>>> an HTTP endpoint if this user is allowed to connect and check the password
>>>>>> using http_async_query().
>>>>>>
>>>>>> The problem is that when the transaction resumes, the tmx module is
>>>>>> unhappy and throws this error :
>>>>>>
>>>>>> 30(36) CRITICAL: tmx [t_var.c:546]: pv_get_tm_reply_code(): no picked
>>>>>> branch (-1) for a final response in MODE_ONFAILURE
>>>>>>
>>>>>> And a 500 error is sent back to the sip phone.
>>>>>> The AUTH_REPLY route is still called and I can use the $http* values.
>>>>>>
>>>>>> Do you see something that I am doing wrong or missing in my logic?
>>>>>> Is pausing/resuming to use the async http client is allowed if I'm
>>>>>> handling a REGISTER transaction?
>>>>>>
>>>>>> Here's a simplified version of my routing block (not far from
>>>>>> reality):
>>>>>>
>>>>>> ##### SNIP
>>>>>>
>>>>>> request_route{
>>>>>>
>>>>>> route(AUTH);
>>>>>>
>>>>>>
>>>>>> route[AUTH]{
>>>>>>
>>>>>> if (is_method("REGISTER"){
>>>>>>
>>>>>> if(no_auth_header){
>>>>>>
>>>>>> www_challenge("$td","1");
>>>>>>
>>>>>> exit;
>>>>>>
>>>>>> }
>>>>>>
>>>>>> else{
>>>>>>
>>>>>> t_newtran();
>>>>>>
>>>>>> http_async_query("http://xxx.xxx.xxx.xxx:9000/auth?foo=bar", "AUTH_REPLY");
>>>>>>
>>>>>> }
>>>>>>
>>>>>> }
>>>>>>
>>>>>> }
>>>>>>
>>>>>>
>>>>>> route[AUTH_REPLY]{
>>>>>>
>>>>>> xlog("L_INFO", "route[HTTP_REPLY]: status $http_rs\n");
>>>>>>
>>>>>> }
>>>>>>
>>>>>>
>>>>>> }
>>>>>>
>>>>>> ##### END SNIP
>>>>>>
>>>>>>
>>>>>> Best regards!
>>>>>> __________________________________________________________
>>>>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>>>>> * sr-users at lists.kamailio.org
>>>>>> Important: keep the mailing list in the recipients, do not reply only
>>>>>> to the sender!
>>>>>> Edit mailing list options or unsubscribe:
>>>>>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>>
>>>>> __________________________________________________________
>>>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>>>> * sr-users at lists.kamailio.org
>>>>> Important: keep the mailing list in the recipients, do not reply only
>>>>> to the sender!
>>>>> Edit mailing list options or unsubscribe:
>>>>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>
>>>> __________________________________________________________
>>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>>> * sr-users at lists.kamailio.org
>>>> Important: keep the mailing list in the recipients, do not reply only
>>>> to the sender!
>>>> Edit mailing list options or unsubscribe:
>>>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>>>
>>>> __________________________________________________________
>>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>>> * sr-users at lists.kamailio.org
>>>> Important: keep the mailing list in the recipients, do not reply only
>>>> to the sender!
>>>> Edit mailing list options or unsubscribe:
>>>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>> __________________________________________________________
>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>> * sr-users at lists.kamailio.org
>>> Important: keep the mailing list in the recipients, do not reply only to
>>> the sender!
>>> Edit mailing list options or unsubscribe:
>>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>
>> __________________________________________________________
>> Kamailio - Users Mailing List - Non Commercial Discussions
>> * sr-users at lists.kamailio.org
>> Important: keep the mailing list in the recipients, do not reply only to
>> the sender!
>> Edit mailing list options or unsubscribe:
>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
> * sr-users at lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> Edit mailing list options or unsubscribe:
> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20220208/ed967b49/attachment.htm>
More information about the sr-users
mailing list