[SR-Users] REGISTER with http_async_client ?

Federico Cabiddu federico.cabiddu at gmail.com
Thu Feb 10 17:39:59 CET 2022 

Hi Cyril,
happy to hear that you solved the problem.
About switching back to request_route type is not possible, it has to do
with the kamailio mechanism to suspend transactions. The callback route is
always a failure route.
The solution for rtpengine is either to call rtpengine_offer explicitly or
call rtpengine_manage in a branch_route, as you are doing and it's imho
among the best practices for kamailio.

Cheers,

Federico


On Tue, Feb 8, 2022 at 10:34 AM Cyril Ramière <cyril.ramiere at gmail.com>
wrote:

> Hi Federico,
>
> Thank you, this was the solution!
>
> You were right about trying to log $T(reply_code), this triggers the
> critical error and sends a 500 internal server error message.
> Since I was using the same xlog line across my entire code, $T(reply_code)
> was called multiple times, I didn't think it would cause such an issue
> since the documentation states that it returns 0 in the worst case.
>
> I stumbled across another issue, my rtpengine stopped working, it was due
> to the fact that the http async client (so async framework) uses a
> "failure_route" when triggering the callback route, so the first action of
> rtpengine_manage() is to DELETE the transaction if in failure_route.
>
> I moved/refactored some logic to trigger rtpengine inside a branch_route,
> but I'm wondering if there is a way after my http query is done to revert
> back to the request_route instead of the failure_route.
>
> Cheers,
>
> Cyril
>
> Le ven. 4 févr. 2022 à 10:00, Federico Cabiddu <federico.cabiddu at gmail.com>
> a écrit :
>
>> Hi Cyril,
>> I tried your script and changing
>>     sl_send_reply("200","OK");
>> with
>>     send_reply("200","OK")  or     t_reply("200","OK");
>> it works, a 200 OK reply is sent out.
>>
>> The message
>>
>> "CRITICAL: tmx [t_var.c:546]: pv_get_tm_reply_code(): no picked branch
>> (-1) for a final response in MODE_ONFAILURE"
>>
>> comes from trying, in the xlog call, to access $T(reply_code) where there
>> is actually no reply code for the transaction (no reply has been
>> received/generated)
>>
>> Could you try the following snippet based on http_async_client?
>>
>> request_route {
>>     xlog("L_NOTICE", "ROOT - New request - M=$rm UAC-IP=$si:$sp
>> LB-IP=$tcp(c_si):$tcp(c_sp) UA='$ua' ID=$ci\n");
>>
>>     if (is_method("REGISTER")){
>>         xlog("L_NOTICE", "[ROOT] Got REGISTER. method=$rm -
>> code=$T(reply_code) - Destination=$ru - Origin=[$fU@$si:$sp]\n");
>>         if(!is_present_hf("Authorization")){
>>             xlog("L_INFO","[ROOT::REGISTER] No auth provided, sending
>> CHALLENGE for $fU ($fu) (FINAL)\n");
>>             www_challenge("$td","1");
>>             exit;
>>         }
>>         else{
>>             xlog("L_INFO","[ROOT::REGISTER] Auth provided, Go to
>> AUTH_DOQUERY using http_async_client\n");
>>             t_newtran();
>>             http_async_query("http://127.0.0.1:8000/","AUTH_REPLY");
>>         }
>>     }
>>
>>     exit;
>> }
>>
>> route[AUTH_REPLY]{
>>     xlog("L_NOTICE", "[AUTH_REPLY]: http_rs=$http_rs\n");
>>     send_reply("200","OK");
>>     exit;
>> }
>>
>> (I'm running a simple http server always replying 200 on the loopback
>> interface)
>>
>> Cheers,
>>
>> Federico
>>
>> On Thu, Feb 3, 2022 at 12:13 PM Cyril Ramière <cyril.ramiere at gmail.com>
>> wrote:
>>
>>> Okay, so I have done that,
>>>
>>> Please find here :
>>> https://zerobin.net/?7743b78716b00c72#Jzmdq+5ZlFfZId+M/hP+52Ih0AMAMNUjeUT1cN7jL7Q=
>>>
>>> My full config (I redacted some parts like IPs and domains), with the
>>> minimal routing blocks to reproduce and the logs.
>>>
>>> If you don't mind checking it, it would be great :)
>>>
>>> Cheers,
>>>
>>> Cyril
>>>
>>> Le jeu. 3 févr. 2022 à 11:39, Federico Cabiddu <
>>> federico.cabiddu at gmail.com> a écrit :
>>>
>>>> I have to admit that even looking at the debug logs I cannot understand
>>>> what's going on in your case.
>>>> As said I'm running an authentication scenario very similar to yours,
>>>> being the challenge the only difference.
>>>> What I can suggest to further digging is to reduce your configuration
>>>> as much as possible (e.g. I see that you are using topoh) and see if we can
>>>> understand better what is causing the issue.
>>>>
>>>> Cheers,
>>>>
>>>> Federico
>>>>
>>>>
>>>> On Thu, Feb 3, 2022 at 7:58 AM Olle E. Johansson <oej at edvina.net>
>>>> wrote:
>>>>
>>>>>
>>>>>
>>>>> On 2 Feb 2022, at 23:58, Cyril Ramière <cyril.ramiere at gmail.com>
>>>>> wrote:
>>>>>
>>>>> Hi Karsten,
>>>>>
>>>>> Thanks for the clue, unfortunately I can't use this module because the
>>>>> clients are "dumb" sip phones.
>>>>>
>>>>> The goal of my implementation is to use our application API to handle
>>>>> the login.
>>>>>
>>>>> The plan was that a sip phone sends a REGISTER, I ask the API endpoint
>>>>> if this user/password is ok to connect and allow/deny based on the reply
>>>>> and informations provided by the API.
>>>>>
>>>>> Everything is relying on the fact that I can make my HTTP call when
>>>>> handling the REGISTER, sadly for me, it doesn't work and I still can't
>>>>> figure why.
>>>>>
>>>>> Try http_client. I’ve used it a lot of time for authentication. It
>>>>> will block your thread while waiting for response, but you can handle some
>>>>> of those issues by caching secrets for a short time with htable.
>>>>>
>>>>> /O
>>>>>
>>>>>
>>>>> Cheers,
>>>>>
>>>>> Cyril
>>>>>
>>>>> Le mer. 2 févr. 2022 à 19:49, Karsten Horsmann <khorsmann at gmail.com>
>>>>> a écrit :
>>>>>
>>>>>> Hi Cyril,
>>>>>>
>>>>>> This Kamailio module could imho do the same
>>>>>>
>>>>>>
>>>>>> https://www.kamailio.org/docs/modules/devel/modules/auth_ephemeral.html
>>>>>>
>>>>>>
>>>>>> Cyril Ramière <cyril.ramiere at gmail.com> schrieb am Do., 27. Jan.
>>>>>> 2022, 08:04:
>>>>>>
>>>>>>> Hi there,
>>>>>>>
>>>>>>> I have a weird issue with kamailio (latest docker
>>>>>>> image kamailio-ci:5.5.2-alpine) and http_async_client.
>>>>>>>
>>>>>>> Before posting a lot of logs, let me describe what I want to achieve.
>>>>>>>
>>>>>>> I have a Kamailio and a SIP Phone.
>>>>>>>
>>>>>>> The SIP phone sends a REGISTER to kamailio, then in my routing
>>>>>>> block, I check if I have an Authorization header.
>>>>>>>
>>>>>>> Since I don't have an Authorization (first message), I
>>>>>>> use "www_challenge()".
>>>>>>> This replies to the SIP phone, and then the SIP phone sends a new
>>>>>>> REGISTER with the correct Authorization header.
>>>>>>>
>>>>>>> So far so good.
>>>>>>>
>>>>>>> Now, when I get the REGISTER with Authorization header, I want to
>>>>>>> ask an HTTP endpoint if this user is allowed to connect and check the
>>>>>>> password using http_async_query().
>>>>>>>
>>>>>>> The problem is that when the transaction resumes, the tmx module is
>>>>>>> unhappy and throws this error :
>>>>>>>
>>>>>>> 30(36) CRITICAL: tmx [t_var.c:546]: pv_get_tm_reply_code(): no
>>>>>>> picked branch (-1) for a final response in MODE_ONFAILURE
>>>>>>>
>>>>>>> And a 500 error is sent back to the sip phone.
>>>>>>> The AUTH_REPLY route is still called and I can use the $http* values.
>>>>>>>
>>>>>>> Do you see something that I am doing wrong or missing in my logic?
>>>>>>> Is pausing/resuming to use the async http client is allowed if I'm
>>>>>>> handling a REGISTER transaction?
>>>>>>>
>>>>>>> Here's a simplified version of my routing block (not far from
>>>>>>> reality):
>>>>>>>
>>>>>>> ##### SNIP
>>>>>>>
>>>>>>> request_route{
>>>>>>>
>>>>>>> route(AUTH);
>>>>>>>
>>>>>>>
>>>>>>> route[AUTH]{
>>>>>>>
>>>>>>>     if (is_method("REGISTER"){
>>>>>>>
>>>>>>>         if(no_auth_header){
>>>>>>>
>>>>>>>             www_challenge("$td","1");
>>>>>>>
>>>>>>>             exit;
>>>>>>>
>>>>>>>         }
>>>>>>>
>>>>>>>         else{
>>>>>>>
>>>>>>>             t_newtran();
>>>>>>>
>>>>>>>             http_async_query("http://xxx.xxx.xxx.xxx:9000/auth?foo=bar", "AUTH_REPLY");
>>>>>>>
>>>>>>>         }
>>>>>>>
>>>>>>>     }
>>>>>>>
>>>>>>> }
>>>>>>>
>>>>>>>
>>>>>>> route[AUTH_REPLY]{
>>>>>>>
>>>>>>>     xlog("L_INFO", "route[HTTP_REPLY]: status $http_rs\n");
>>>>>>>
>>>>>>> }
>>>>>>>
>>>>>>>
>>>>>>> }
>>>>>>>
>>>>>>> ##### END SNIP
>>>>>>>
>>>>>>>
>>>>>>> Best regards!
>>>>>>> __________________________________________________________
>>>>>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>>>>>>   * sr-users at lists.kamailio.org
>>>>>>> Important: keep the mailing list in the recipients, do not reply
>>>>>>> only to the sender!
>>>>>>> Edit mailing list options or unsubscribe:
>>>>>>>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>>>
>>>>>> __________________________________________________________
>>>>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>>>>>   * sr-users at lists.kamailio.org
>>>>>> Important: keep the mailing list in the recipients, do not reply only
>>>>>> to the sender!
>>>>>> Edit mailing list options or unsubscribe:
>>>>>>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>>
>>>>> __________________________________________________________
>>>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>>>>  * sr-users at lists.kamailio.org
>>>>> Important: keep the mailing list in the recipients, do not reply only
>>>>> to the sender!
>>>>> Edit mailing list options or unsubscribe:
>>>>>  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>
>>>>>
>>>>> __________________________________________________________
>>>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>>>>   * sr-users at lists.kamailio.org
>>>>> Important: keep the mailing list in the recipients, do not reply only
>>>>> to the sender!
>>>>> Edit mailing list options or unsubscribe:
>>>>>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>
>>>> __________________________________________________________
>>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>>>   * sr-users at lists.kamailio.org
>>>> Important: keep the mailing list in the recipients, do not reply only
>>>> to the sender!
>>>> Edit mailing list options or unsubscribe:
>>>>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>> __________________________________________________________
>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>>   * sr-users at lists.kamailio.org
>>> Important: keep the mailing list in the recipients, do not reply only to
>>> the sender!
>>> Edit mailing list options or unsubscribe:
>>>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>
>> __________________________________________________________
>> Kamailio - Users Mailing List - Non Commercial Discussions
>>   * sr-users at lists.kamailio.org
>> Important: keep the mailing list in the recipients, do not reply only to
>> the sender!
>> Edit mailing list options or unsubscribe:
>>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
>   * sr-users at lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> Edit mailing list options or unsubscribe:
>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20220210/f5a69cf3/attachment.htm>

More information about the sr-users mailing list