Re: [SR-Users] Kamailio vulnerable to header smuggling possible due to bypass of remove_hf

Thanks Daniel for patching up the bug, however I think you are downplaying severity of the problem at hand. You see, from the point of view of outside world, kamailio is not just engine and default config. All APIs that are provided are also part of the product, especially those "core" ones. As

Re: [SR-Users] kamailio coring ver 5.1.2

Thanks Daniel. We did perform a restart of the AWS instance to apply a kernel patch and when the process started up during bootup, that's when we saw the messages. However, manually starting it seems to work. We will work on upgrading to 5.3.x as you suggested. On Tue, Sep 1, 2020 at 10:43 AM

Re: [SR-Users] worker processes

On 2020-09-01 13:34, Ali Taher wrote: That is clear. I decreased the max worker processes to 20 to be on the safe side. But what is confusing me is what about the 18 worker processes ran by Kamailio, will they overlap with postgres processes or they are the same , knowing that Kamailio role in

Re: [SR-Users] worker processes

Hi Alex, That is clear. I decreased the max worker processes to 20 to be on the safe side. But what is confusing me is what about the 18 worker processes ran by Kamailio, will they overlap with postgres processes or they are the same , knowing that Kamailio role in my case is just getting

Re: [SR-Users] worker processes

On 2020-09-01 12:08, Ali Taher wrote: I noticed that there is 48 database connections established by Kamailio (16 x 3) , can this cause an issue knowing that maximum worker processes is 24 ? Postgres's ability to serve clients and accommodate queries isn't limited by the number of

[SR-Users] kamailio coring ver 5.1.2

Hey guys, Our monitoring system caught kamailio coring. I did a dmesg and gave me this: [Tue Sep 1 09:12:34 2020] kamailio[1375]: segfault at 1 ip 0001 sp 7fff4203f098 error 14 in kamailio[563969b5a000+4a4000] [Tue Sep 1 09:12:34 2020] Code: Bad RIP value. [Tue Sep 1 09:12:34

Re: [SR-Users] worker processes

Hi Daniel, So in my case : * Server vcpus = 24 * Max_worker_processes in postgres = 24 * Max_parallel_workers in postgres = 24 * Children in Kamailio config = 12 * 1 udp listener I noticed that there is 48 database connections established by Kamailio (16 x 3) , can this

Re: [SR-Users] worker processes

Hello, in this case there are 3 distinct connections per process, so you have to multiply the number of processes by 3 to get the overall number of connections. You can run 'kamctl ps' to see all the processes of a kamailio instance. Actually a few kamailio processes may not open database

Re: [SR-Users] Kamailio vulnerable to header smuggling possible due to bypass of remove_hf

Hello, thanks Sandro for directing a lot of time and effort for stress testing and fuzzing Kamailio, it really helps to increase the security and stability of the application. In a very short summary version, the issue was caused by a bug in extracting the name of non-common standard headers

Re: [SR-Users] kamailio coring ver 5.1.2

Hello, first it is really recommended you run at least latest 5.1.x version, the 5.1.2 is old in 5.1.x release series and many bugs may have been fixed. Even more, 5.1.x is no longer maintained, so I would strongly recommend to upgrade to latest in series 5.3.x or 5.4.x. Then, searching on

Re: [SR-Users] worker processes

Hi Daniel, I meant that I'm defining 3 connection strings using sqlcon parameter of sqlops module as shown below: modparam("sqlops","sqlcon","cb=>postgres://postgres:kamailio@localhost:5432/cataleya") modparam("sqlops","sqlcon","mi=>postgres://postgres:kamailio@localhost:5432/cataleya_mitto")

Re: [SR-Users] Fwd: Keep evapi bind address alive on kamailio restart

Need somebody who develops this feature request https://github.com/kamailio/kamailio/issues/293 On Tue, Sep 1, 2020 at 3:37 PM Mehrdad EsmaeilPour < esmaeilpour.mehr...@gmail.com> wrote: > > Hi all, > > I have a question about evapi module. Is it possible to keep the bind > address of evapi

[SR-Users] Kamailio vulnerable to header smuggling possible due to bypass of remove_hf

Dear Kamailio Users, posting our security advisory here just in case anyone who was affected has not upgraded or mitigated the header smuggling issue. Advisory follows: # Kamailio vulnerable to header smuggling possible due to bypass of remove_hf - Fixed versions: Kamailio v5.4.0 - Enable

[SR-Users] Fwd: Keep evapi bind address alive on kamailio restart

Hi all, I have a question about evapi module. Is it possible to keep the bind address of evapi alive on kamailio restarts? How can I achieve high availability for evpai's bind address? Many thnaks -- *Kind Regards, Mehrdad Esmaeilpour *

Re: [SR-Users] Releasing Kamailio v5.4.1

It does happen every time. I'll see if I can get a full trace, though unfortunately it may not be until later this week. -A On Tuesday, September 1, 2020 1:21:40 AM CDT Daniel-Constantin Mierla wrote: > That's indeed on shutdown, depending on what the server is doing at that > time, some races

Re: [SR-Users] Kamailio drop calls with Teams

Hi Have you loaded the module? loadmodule "sipdump.so" On Tue, 1 Sep 2020 at 13:56, sip user wrote: > Hi pepelux.. When I set: > > modparam("sipdump", "enable", 1) > > > Error, Kamailio not start, error bad config.. > > Thanks > > El mar., 1 sept. 2020 a las 13:45, Pepelux () > escribió: > >>

Re: [SR-Users] Kamailio drop calls with Teams

Hi pepelux.. When I set: modparam("sipdump", "enable", 1) Error, Kamailio not start, error bad config.. Thanks El mar., 1 sept. 2020 a las 13:45, Pepelux () escribió: > Sorry, I've sent last mail without finishing :) > > https://kamailio.org/docs/modules/5.5.x/modules/sipdump.html > > You

Re: [SR-Users] Kamailio drop calls with Teams

Sorry, I've sent last mail without finishing :) https://kamailio.org/docs/modules/5.5.x/modules/sipdump.html You only have to load the module and set: modparam("sipdump", "enable", 1) Also you can enable or disable using RPC commands: kamcmd sipdump.enable kamcmd sipdump.enable 1 kamcmd

Re: [SR-Users] Kamailio drop calls with Teams

Hi https://kamailio.org/docs/modules/5.5.x/modules/sipdump.html You only have to load the module and set: modparam("sipdump", "enable", 1) kamcmd sipdump.enable 1 kamcmd sipdump.enable 0 modparam("sipdump", "enable", 1) On Tue, 1 Sep 2020 at 13:23, sip user wrote: > Hi Daniel.. > > And

Re: [SR-Users] Kamailio drop calls with Teams

Hi Daniel.. And how load sipdump? I'm using kamailio 5.2.1-1 and I think sipdump module is not available, right? Thanks El mar., 1 sept. 2020 a las 12:27, Daniel-Constantin Mierla (< mico...@gmail.com>) escribió: > Hello, > > it seems that the ACK comes in, but my guess is that the R-URI is

Re: [SR-Users] worker processes

hello, what do you mean by "3 connection strings"? Maybe you can give similar example here. Cheers, Daniel On 01.09.20 12:33, Ali Taher wrote: > > Thanks for your answer. > >   > > Please note that I have set 3 connection strings in SQLOPS module for > 3 Postgres databases. How many connections

Re: [SR-Users] worker processes

Thanks for your answer. Please note that I have set 3 connection strings in SQLOPS module for 3 Postgres databases. How many connections per database does Kamailio open? (knowing that children=12 and only one listening interface). Regards, Ali Taher From: Daniel-Constantin Mierla Sent:

Re: [SR-Users] Kamailio drop calls with Teams

Hello, it seems that the ACK comes in, but my guess is that the R-URI is not properly set. From the logs it looks like same value as for To header URI, while it should be the address in Contact header of 200ok for INVITE. Load the sipdump module and that will save all the sip traffic in a text

Re: [SR-Users] worker processes

Hello, note that other processes are created by kamailio, not only sip worker processes. For example, there will be timer processes. The dedicated worker processes are only for UDP sockets, not for tcp/tls (here is a single pool of workers for all tcp/tls sockets). If you do not receive traffic

[SR-Users] worker processes

Hi, I just want to ask regarding the children number and listening interfaces set in Kamailio configuration. I am given to understand that the total number of worker processes there will be (children_setting * listeners) , so assuming I have set children=12 and listen=udp:172.16.1.12:5060

[SR-Users] Kamailio v5.4.1 Released

Hello, Kamailio SIP Server v5.4.1 stable release is out. This is a maintenance release of the latest stable branch, 5.4, that includes fixes since the release of v5.4.1. There is no change to database schema or configuration language structure that you have to do on previous installations of

Re: [SR-Users] Kamailio drop calls with Teams

Hi Daniel, thanks for answered to me... With debug=3 I see that: kamailio[1096]: 9(1109) DEBUG: [core/parser/msg_parser.c:610]: parse_msg(): SIP Request: kamailio[1096]: 9(1109) DEBUG: [core/parser/msg_parser.c:612]: parse_msg(): method: kamailio[1096]: 9(1109) DEBUG:

Re: [SR-Users] Releasing Kamailio v5.4.1

Hello, I am soon starting packaging of Kamailio v5.4.1, therefore announce any commit to branch 5.4 to sr-dev or matrix kamailio room and wait for ack in order to avoid conflicts and get inconsistent release files. Once the announcement is out, commits can be pushed as usual. Cheers, Daniel On