[sr-dev] Re: [kamailio/kamailio] Warnings emitted when calling functions from dialplan module (Issue #3851)

2024-06-17 Thread Ben Kaufman via sr-dev 
Problem still exists in 5.8.2.  Can this issue be re-opened?  

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3851#issuecomment-2173430421
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: [kamailio/kamailio] Warnings emitted when calling functions from dialplan module (Issue #3851)

2024-05-18 Thread Ben Kaufman via sr-dev 
Is there any indication if this is a functional problem, or just a case of 
logging that should be reduced - I'm trying to gauge if I should hold off 
before upgrading.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3851#issuecomment-2118838919
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] [kamailio/kamailio] Warnings emitted when calling functions from dialplan module (Issue #3851)

2024-05-15 Thread Ben Kaufman via sr-dev 
### Description

Calling functions from the `dialplan` module in 5.8 (`dp_translate()`, 
`dp_match()`) results in the following line being logged:

```
WARNING:  [core/mem/q_malloc.c:520]: qm_free(): WARNING: free(0) called 
from dialplan: dp_db.c: pcre2_free(206)
```

Is this a functional problem, or just a case of overly aggressive logging?

### Troubleshooting

 Reproduction
Reproducible with the following kamailio config:

```
#!KAMAILIO

loadmodule "pv"
loadmodule "db_sqlite"
loadmodule "xlog"
loadmodule "dialplan"

disable_tcp = true
force_rport = true

!!define DBFILE /etc/kamailio/kamailio.sqlite

modparamx("db_sqlite","db_set_readonly", "$def(DBFILE)")

modparamx("dialplan","db_url", "sqlite:///$def(DBFILE)")
modparam("dialplan", "attrs_pvar", "$avp(dp_attrs)")

request_route {
if ( $rm == "ACK" ) {
exit;
}

xinfo("$ci New request\n");

dp_match("1", "$rU");
exit;
}
```

The warning log is issued in 5.8 but not 5.7.  Reproduced by sending a request 
with SIPp:

```
sipp -sn uac  -m 1 -s 1555444 localhost
```

### Possible Solutions

Not sure if this is just a case of logging being overly aggressive, or an issue 
with the module's memory management.

### Additional Information

  * **Kamailio Version** - output of `kamailio -v`

```
version: kamailio 5.8.1 (x86_64/linux)
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, 
USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC, 
F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, 
USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, 
TLS_PTHREAD_MUTEX_SHARED
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_SEND_BUFFER_SIZE 
262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: unknown
compiled with gcc 12.2.0
```

Tested using docker `debian:12-slim` using the official packages from 
`http://deb.kamailio.org/kamailio58`


* **Operating System**:

Docker debian:12-slim,  but also observed in Alpine Linux/



-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3851
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: [kamailio/kamailio] secsipid method to only validate signature without checking the rest of the header (Issue #3784)

2024-05-08 Thread Ben Kaufman via sr-dev 
Issue auto marked marked as "stale", but the provided fix works.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3784#issuecomment-2101844186
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: [kamailio/kamailio] Less predictive algorithm for carrierroute hashing (Issue #3786)

2024-04-12 Thread Ben Kaufman via sr-dev 
My guess is that md5 would be sufficient.  It's still odd feeling that CRC32 
wasn't getting sufficient randomization against the actual Call-Ids I was 
receiving.  Anything requiring OpenSSL and actual cryptographic-quality 
algorithms seems overkill, though.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3786#issuecomment-2051699184
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: [kamailio/kamailio] DBURL can't read env params (Issue #3800)

2024-04-03 Thread Ben Kaufman via sr-dev 
I don't think macro replacement works inside of strings. I believe you should 
be able to achieve what you want using 
[#!defexp](https://github.com/kamailio/kamailio-wiki/blob/main/docs/cookbooks/5.7.x/core.md#defexp),
 as the examples in the core documentation are nearly identical to your example.

```
#!define IPADDR 127.0.0.1

#!defexp SIPURI "sip:" + IPADDR + ":5060"
#!defexp QSIPURI '"sip:' + IPADDR + ':5060"'

#!defexp V16 1<<4
```

Another possibility is using `modparamx()` and interpolating your strings there:
```
#!defenv MYSQL_IP 

#!modparamx("permissions, "db_url", 
"mysql://kamailio:kamailio@$def(MYSQL_IP)/kamailio");
```

Or even just:
```
#!modparamx("permissions, "db_url", 
"mysql://kamailio:kamailio@$env(MYSQL_IP)/kamailio");
```

The last form having the advantage that it's not available via the 
`core.ppdefines_full` rpc function thus reducing one possible point of exposure.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3800#issuecomment-2035042424
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: [kamailio/kamailio] secsipid method to only validate signature without checking the rest of the header (Issue #3784)

2024-03-27 Thread Ben Kaufman via sr-dev 
Confirmed that this is working.  Will it get ported to 5.8 or will it be the 
next `major.minor` release?


-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3784#issuecomment-2022908007
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: [kamailio/kamailio] secsipid method to only validate signature without checking the rest of the header (Issue #3784)

2024-03-20 Thread Ben Kaufman via sr-dev 
Is it possible to use the same logic for downloading (and caching) of the key 
as the `secsipid_check` function:

> If the keyPath parameter is empty, the function is downloading the key using 
> the URL from "info" parameter of the sIdentity, using the value of "timeout" 
> parameter to limit the download time


-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3784#issuecomment-2009737204
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: [kamailio/kamailio] secsipid method to only validate signature without checking the rest of the header (Issue #3784)

2024-03-20 Thread Ben Kaufman via sr-dev 
Ah - I see the function takes three arguments.  The third argument only has "A" 
as an allowed value?

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3784#issuecomment-2009659271
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: [kamailio/kamailio] secsipid method to only validate signature without checking the rest of the header (Issue #3784)

2024-03-20 Thread Ben Kaufman via sr-dev 
Sorry for the delayed reply - I had a few small issues compiling, but kamailio 
then fails to start with secsipid_verify() not found:

During startup:
```
 0(1) ERROR:  [core/cfg.y:3870]: yyparse(): cfg. parser: failed to find 
command secsipid_verify (params 2)
```

Versions:
```
[ben@NV0162~/projects/cnam_relay]$ dc exec cnam-sti-vs kamailio -v
version: kamailio 5.9.0-dev0 (x86_64/linux) 951ab1
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, 
USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC, 
F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, 
USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, 
TLS_PTHREAD_MUTEX_SHARED
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_SEND_BUFFER_SIZE 
262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: 951ab1
compiled on 21:42:15 Mar 19 2024 with gcc 12.2.0

[ben@NV0162~/projects/cnam_relay]$ dc exec cnam-sti-vs secsipidx -version
secsipidx v1.3.2
```

This is my Dockerfile in case I'm missing something in compilation:
```
FROM golang:1.22.1-bookworm AS secsipidbuilder
ARG SECSIPID_VERSION=v1.3.2
ENV GO111MODULE=off
RUNcd / \
&& git clone https://github.com/asipto/secsipidx.git \
&& cd secsipidx \
&& make \
&& make install \
&& cd / \
&& apt update \
&& apt upgrade -y \
&& apt install -y git make automake autoconf libtool libcurl4-openssl-dev \
  sngrep gnupg2 wget lsb-release openssl libssl-dev \
  pkg-config uuid-dev sip-tester \
&& apt install -y pkg-config gcc bison flex g++ libssl-dev libxml2-dev \
  libjson-c-dev libpcre3 libjansson-dev libpcre3-dev  \
  libhiredis-dev libsqlite3-dev libpq-dev libevent-dev \
  sqlite3 uuid-dev \
&& cd /secsipidx \
&& make install \
&& git clone \
-b master \
--single-branch https://github.com/kamailio/kamailio.git /kamailio \
&& cd /kamailio \
&& make include_modules="jansson json ndb_redis db_sqlite db_postgres \
 secsipid secsipid_proc http_async_client avpops \
 uuid" prefix="/" cfg \
&& make all \
&& make install \
&& apt clean \
&& apt-get autoremove --yes \
&& cd / \
&& rm -rf /var/lib/{apt,dpkg,cache,log}/ \
&& rm -rf /kamailio \
&& rm -rf /secsipidx

COPY etc/kamailio /etc/kamailio
```




-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3784#issuecomment-2009632594
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] [kamailio/kamailio] Less predictive algorithm for carrierroute hashing (Issue #3786)

2024-03-15 Thread Ben Kaufman via sr-dev 
### Description

Carrierroute's CRC32 algorithm over call_id tends to produce poor call 
distribution under real world examples.  Having 4 records for a given 
carrier/domain combo (assuming no flags, mask, or scan_prefix) and a 
probability of `0.25` using a hash source of `call_id`  I observed over 800 
hundred consecutive calls from a carrier (bandwidth.com) where `CRC32(call_id) 
% 1000` was less than 250.  

To be fair, the module does what it says - it uses a CRC32 hash over the call 
id, however the data from the UA generating the call is yielding poor results.  
Would it be possible to change to an alternate hashing mechanism (or add 
another hashing mechanism, selectable via `modparam`) such as MD5?

### Expected behavior

Even distribution across all hosts provided.

 Actual observed behavior

Uneven distribution under real-world conditions.

 Debugging Data

I can provide a list of > 800 call-ids observed that all routed to the same 
endpoint.  These are pulled from real world calls, and while there's not much 
danger in just having call-id's I would still prefer not to post it into github 
for posterity.

 Log Messages

Log messages end up looking similar to this.  I validated that the number is 
the CRC32 hash of the call id, so it's not a bug in the module.

```
proxy-1  |  1(7) DEBUG: carrierroute [cr_func.c:449]: rewrite_on_rule(): 
searching for matching routing rules 1(7) DEBUG: carrierroute 
[prime_hash.c:66]: hash_func(): hash: 2417021133 % 1000 = 133
proxy-1  |  1(7) INFO: carrierroute [cr_func.c:689]: ki_cr_do_route_helper(): 
uri service was rewritten to sip:service@host-d, carrier 1, domain 1
```


### Possible Solutions

Ability to use MD5, kamailio's core hash function or other such hashing function

### Additional Information

Problem validate in 5.7.3, but since it's *correct* by module design, it 
shouldn't have changed in 5.8


-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3786
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: [kamailio/kamailio] secsipid method to only validate signature without checking the rest of the header (Issue #3784)

2024-03-11 Thread Ben Kaufman via sr-dev 
I'll give the JWT module a peek.  Lack of caching is maybe an issue (but can be 
'farmed out' to something else for caching purposes).

Perhaps this would be better considered as an error with the existing 
`secsipid_check()` function in that it will only validate `shaken` passport 
types, and the ask should be simply to eliminate this check.

> _`secsipid_check(sIdentity, keyPath)`_
>
>Check the validity of the "sIdentity" parameter using the keys stored in the 
>file specified by "keyPath". If the keyPath parameter is empty, the function 
>is downloading the key using the URL from "info" parameter of the sIdentity, 
>using the value of "timeout" parameter to limit the download time. The 
>validity of the JWT in the sIdentity value is also checked against the 
>"expire" parameter.

The function notes, "Further checks can be done with config operations, 
decoding the JWT header and payload using {s.select} and {s.decode.base64t} 
transformations together with jansson module.", which is a very clean waay to 
handle this, and the function here should just be less opinionated on what is 
and isn't a valid Identity header?




-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3784#issuecomment-1988777507
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] [kamailio/kamailio] secsipid method to only validate signature without checking the rest of the header (Issue #3784)

2024-03-11 Thread Ben Kaufman via sr-dev 
### Description

Currently secsipid has a method to sign arbitrary (json) data 
(`secsipid_sign`), however it has no converse method to check the signature.  
Currently, an attempt to check a `div` signature for example will yield a 
`-303` error (`SIPHdrInfo`).  Rather than trying to have full parsing for every 
possible type of Identity header (which are likely to increase in variety), it 
would be good to simply check "is this signature valid by trusted key", 
possibly validating the `iat` timestamp as well, but without any other opinions 
on the header values.


### Expected behavior

A feature to check only the signature of an identity header.


 Actual observed behavior

Currently the `secsipid_check_` family of functions fails for non- `shaken` 
passport types.


 Debugging Data

The following DIV identity header was generated by secsipid's  
`secsipid_sign()` function, so it should be possible to reverse this to 
validate the signature:

```
Identity: 
eyJhbGciOiJFUzI1NiIsInBwdCI6ImRpdiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cHM6Ly9kLm10c2VjLm1lL2QzYTkvQmZUeGJVTlozS1FMLnBlbSJ9.eyJkZXN0Ijp7InRuIjpbIjE2MTI1NTU0MzIxIl19LCJpYXQiOiIxNzEwMTY5MzQ1Iiwib3JpZyI6eyJ0biI6IjE1NTU3MzU5MzA5In0sImRpdiI6eyJ0biI6IjE5NTI1NTU5ODc2In19.-0QF6-u6zgAQNoAhdiETuhAu7FuRDzxmFch_cTdhcbeWvUZ60NQXxdPM-JucpOtFaEdn9wnFreAZ_6vZoc_Phg;info=;alg=ES256;ppt=div
```

### Possible Solutions

Because it's fairly straight forward to investigate the JWT, it's not necessary 
to try to account for every possible passport type, etc.  The act of validating 
the signature is the complicated part, so a function that does only that would 
be convenient.

### Additional Information

  * **Kamailio Version** - output of `kamailio -v`

```
version: kamailio 5.7.4 (x86_64/linux)
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, 
USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC, 
F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, 
USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, 
TLS_PTHREAD_MUTEX_SHARED
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, 
BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: unknown
compiled with gcc 12.2.0
```

* **Operating System**:

Currently alpine linux 3.19 in a docker container, but it should be pretty 
reproducible everywhere.


-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3784
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: [kamailio/kamailio] callout from event_route [tm:local-response] only occurs once (Issue #3064)

2023-12-22 Thread Ben Kaufman via sr-dev 
I'll try to get around to this.  It was pretty simple to test if memory serves.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3064#issuecomment-1867686329
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] [kamailio/kamailio] `xavp_params_implode()` drops data from BIGINT datatype (Issue #3663)

2023-12-05 Thread Ben Kaufman via sr-dev 
### Description

I came across the following while trying to serialize SQL data to xavp 
(`sql_xquery()`) and then serializing the result to htable using 
`xavp_params_implode()`.  One of the data columns has a type of `BIGINT`.  The 
resulting string had neither the key nor value.

I recognize that Kamailio does not currently have support for 64 bit integers 
and that adding support for it is probably not a trivial matter.  My request 
here is really that if the value is going to be dropped it would be good if 
`pv` would omit a warning.


 Reproduction

MySQL table:

```sql
CREATE TABLE dids (
id INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
did varchar(11) NOT NULL,
route_id BIGINT NOT NULL,
failure_route_id INT NOT NULL,
description VARCHAR(255)
);
```

With data like this:
```sql
INSERT INTO dids
 ( did,route_id, failure_route_id, description ) VALUES
 ( '1551000',101, 1006, 'Alice' );
```

And the following Kamailio code:
```
$var(query) = "SELECT * "
   + "FROM dids "
   + "WHERE did = " + $(rU{sql.val.str});

sql_xquery("db", "$var(query)", "did_data");
xavp_params_implode("did_data", "$sht(did=>$rU)");
xinfo("Serialized query result: [$sht(did=>$rU)]\n");
```
The following log line results - the `route_id` is missing all together:
```
1(7) INFO:

[sr-dev] Re: [kamailio/kamailio] Add function `secsipid_sign_privkey` to SECSIPID module (Issue #3620)

2023-10-30 Thread Ben Kaufman via sr-dev 
Thank you. I think I'll be able to test tomorrow. 

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3620#issuecomment-1786078674
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] [kamailio/kamailio] Add function `secsipid_sign_privkey` to SECSIPID module (Issue #3620)

2023-10-27 Thread Ben Kaufman via sr-dev 
### Description

Add a function `secsipid_sign_privkey(sheaders, spaypload, keyData)` that 
accepts a pseudovariable with the PEM data analagous to the difference between 
the following functions:

- `secsipid_build_identity(origTN, destTN, attest, origID, x5u, keyPath)`
- `secsipid_build_identity_prvkey(origTN, destTN, attest, origID, x5u, keyData)`

With the difference being that ``secsipid_build_identity()` takes a key file as 
it's argument, and ``secsipid_build_identity_privkey()` allows having the key 
data in a pseudovariable. 



-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3620
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org