[SR-Users] rtpengine - SRTP <> RTP missing a=crypto

Rhys Hanrahan rhys at nexusone.com.au
Thu Mar 3 15:41:26 CET 2022 

OK, I know this might be better served on the rtpengine list but just wanted to quickly post a debug log incase you get a chance to take a look overnight (my night hehe). https://pastebin.com/iHRQSTuD

Thanks!
Rhys.

From: sr-users <sr-users-bounces at lists.kamailio.org> on behalf of Rhys Hanrahan <rhys at nexusone.com.au>
Reply to: "Kamailio (SER) - Users Mailing List" <sr-users at lists.kamailio.org>
Date: Friday, 4 March 2022 at 1:29 am
To: "Kamailio (SER) - Users Mailing List" <sr-users at lists.kamailio.org>
Subject: Re: [SR-Users] rtpengine - SRTP <> RTP missing a=crypto

Awesome, thank you for this. I did take a look at the rtpengine logs earlier but they didn’t seem particularly useful at the time. I will have to take a look tomorrow at how to enable debug logs, and will likely post on the rtpengine list for further advice, so thanks for pointing that out.

Thanks,
Rhys.

From: sr-users <sr-users-bounces at lists.kamailio.org> on behalf of Richard Fuchs <rfuchs at sipwise.com>
Organisation: Sipwise GmbH
Reply to: "Kamailio (SER) - Users Mailing List" <sr-users at lists.kamailio.org>
Date: Friday, 4 March 2022 at 1:17 am
To: "sr-users at lists.kamailio.org" <sr-users at lists.kamailio.org>
Subject: Re: [SR-Users] rtpengine - SRTP <> RTP missing a=crypto

On 03/03/2022 08.47, [EXT] Rhys Hanrahan wrote:
Hi Richard,

Yes, from what I’ve seen in the logs there are multiple branches happening. One between Teams and Kamailio and one between Kamailio and Asterisk.

In terms of the rtpengine processing, I’ve tried lots of different variations, but right now I’ve got:

  1.  Rtpengine_manage() by itself for new branches and replies (MANAGE_BRANCH, MANAGE_REPLY)
  2.  Rtpengine_manage(“RTP/AVP”) or rtpengine_manage(“RTP/SAVP”) essentially in request_route for the initial invites to/from Teams
  3.  I do also have the stock NATMANAGE using rtpengine but there’s no NAT involved here so I don’t think it applies.

So as far as I can tell, I shouldn’t be calling rtpengine_manage multiple times. Is this bad to do? I did have previous configs where I was doing this. E.g. during RELAY I would call it with general options and then just modify AVP or SAVP in another section.

Interestingly, I noticed that a new branch is created just as I answer the call, and this is when it fails, so perhaps the issue is with how I’m handling new branches then? Below is a bit of a log to try and summarise what’s happening. Unfortunately it’s not logging the MS Teams side of the call except for the initial invite.

What usually happens (and this is a common mistake that can be confirmed by looking at the logs produced by rtpengine) is that rtpengine is invoked multiple times for the same invite (once in each branch) with different options, but without telling rtpengine that these are branches. From rtpengine's POV these invites are all in the same branch then, and the options used in a later invocation are simply overriding the options used in previous invocations. So when the last invocation was using plain RTP and then the reply is using SRTP belonging to a different invocations, then rtpengine would not know about the SRTP attributes any more.

But without detailed logs this is just a speculation. You can see the actual signalling to rtpengine in the logs produced by rtpengine (especially with debug logging enabled). It's also possible that the signalling direction is reversed for example.

BTW we have a mailing list dedicated to rtpengine questions: https://rtpengine.com/mailing-list

Cheers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20220303/27ee5ced/attachment.htm>

More information about the sr-users mailing list