Re: [SR-Users] Source comparisons by DNS hostname
I think I found the answer in the ipops module. On Mon, Oct 30, 2017 at 11:32:40PM -0400, Alex Balashov wrote: > Hi, > > Is there a reasonable way, in Kamailio, to determine whether the source > of a given SIP message is equivalent to the IP address to which a given > DNS hostname resolves? > > i.e. > >if(src_ip == 'fqdn.domain.xyz') > > but not src_ip, obviously. > > I can't find any core keywords that would seem to fit the bill for a > composite comparison. Any other options? > > -- Alex > > -- > Alex Balashov | Principal | Evariste Systems LLC > > Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free) > Web: http://www.evaristesys.com/, http://www.csrpswitch.com/ > > ___ > Kamailio (SER) - Users Mailing List > sr-users@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users -- Alex Balashov | Principal | Evariste Systems LLC Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free) Web: http://www.evaristesys.com/, http://www.csrpswitch.com/ ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
[SR-Users] Source comparisons by DNS hostname
Hi, Is there a reasonable way, in Kamailio, to determine whether the source of a given SIP message is equivalent to the IP address to which a given DNS hostname resolves? i.e. if(src_ip == 'fqdn.domain.xyz') but not src_ip, obviously. I can't find any core keywords that would seem to fit the bill for a composite comparison. Any other options? -- Alex -- Alex Balashov | Principal | Evariste Systems LLC Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free) Web: http://www.evaristesys.com/, http://www.csrpswitch.com/ ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] Reinvite/ACK race
On Mon, Oct 30, 2017 at 01:37:57PM -0400, Frank Carmickle wrote: > It’s not clear to me if the 2xx reply from B is a retransmit, and thus > the dialog isn’t actually established everywhere? As you know, the 2xx > to the reinvite should be coming from A and not B. Maybe you meant to > say A here? Yep, I meant to say A there. :-) It's not a retransmission. > I’m not certain that I’m understanding your scenario, but if so, maybe this > would help. > > http://ietf-sip.1820103.n4.nabble.com/Re-Invite-before-ACK-td1820408.html Thanks! -- Alex Balashov | Principal | Evariste Systems LLC Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free) Web: http://www.evaristesys.com/, http://www.csrpswitch.com/ ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] Mutual TLS with Skype for Business 2015
Francisco, Please share your s_client command and output that is connecting appropriately. --FC > On Oct 30, 2017, at 1:43 PM, Daniel-Constantin Mierla> wrote: > > Hello, > > > On 27.10.17 17:12, Francisco Valentin Vinagrero wrote: >> Hi all, >> >> I’m still stuck with this even if I built a new VM to avoid any buggy >> configuration. >> >> Some thoughts on this: >> >> 1. I have tried to change verify_certificate = no on my server section >> of tls.cfg, so ideally the remote certificate will not be verified, but this >> is not changing anything. > to understand properly, even if you have verify_certificate = no, the > certificated is verified and fails? > > Otherwise I don't have access to Skype for Business 2015, so I cannot > troubleshoot much. > > Cheers, > Daniel > >> >> 2. My Kamailio cluster is part of a DNS alias, but the alias is >> defined as alias=:5061 in the Kamailio.cfg. Could this be affecting >> somehow the verification? My tls.cfg only has server:default and >> client:default section. >> >> 3. Every time I reload the configuration, the TLS info and debug >> messages for client and server are coherent with what I would expect from my >> tls.cfg: >> >> INFO: tls [tls_domain.c:278]: fill_missing(): TLSs: tls_method=20 >> >> INFO: tls [tls_domain.c:290]: fill_missing(): TLSs: >> certificate='/usr/local/etc/kamailio/tls/myCert.pem' >> INFO: tls [tls_domain.c:297]: fill_missing(): TLSs: >> ca_list='/usr/local/etc/kamailio/tls/myCAfile.pem' >> INFO: tls [tls_domain.c:304]: fill_missing(): TLSs: crl='(null)' >> >> INFO: tls [tls_domain.c:308]: fill_missing(): TLSs: >> require_certificate=1 >> INFO: tls [tls_domain.c:315]: fill_missing(): TLSs: >> cipher_list='(null)' >> INFO: tls [tls_domain.c:322]: fill_missing(): TLSs: >> private_key='/usr/local/etc/kamailio/tls/myKey.pem' >> INFO: tls [tls_domain.c:326]: fill_missing(): TLSs: >> verify_certificate=1 >> INFO: tls [tls_domain.c:329]: fill_missing(): TLSs: verify_depth=9 >> >> DEBUG: tls [tls_domain.c:968]: fix_domain(): using tls methods range: 20 >> >> DEBUG: tls [tls_domain.c:566]: load_crl(): TLSs: No CRL configured >> >> INFO: tls [tls_domain.c:658]: set_verification(): TLSs: Client MUST >> present valid certificate >> INFO: tls [tls_domain.c:278]: fill_missing(): TLSc: tls_method=20 >> >> INFO: tls [tls_domain.c:290]: fill_missing(): TLSc: >> certificate='/usr/local/etc/kamailio/tls/myCert.pem' >> INFO: tls [tls_domain.c:297]: fill_missing(): TLSc: >> ca_list='/usr/local/etc/kamailio/tls/myCAfile.pem' >> INFO: tls [tls_domain.c:304]: fill_missing(): TLSc: crl='(null)' >> >> INFO: tls [tls_domain.c:308]: fill_missing(): TLSc: >> require_certificate=1 >> INFO: tls [tls_domain.c:315]: fill_missing(): TLSc: >> cipher_list='(null)' >> INFO: tls [tls_domain.c:322]: fill_missing(): TLSc: >> private_key='/usr/local/etc/kamailio/tls/myKey.pem' >> INFO: tls [tls_domain.c:326]: fill_missing(): TLSc: >> verify_certificate=1 >> INFO: tls [tls_domain.c:329]: fill_missing(): TLSc: verify_depth=9 >> >> DEBUG: tls [tls_domain.c:968]: fix_domain(): using tls methods range: 20 >> >> DEBUG: tls [tls_domain.c:566]: load_crl(): TLSc: No CRL configured >> >> INFO: tls [tls_domain.c:658]: set_verification(): TLSc: Server MUST >> present valid certificate >> DEBUG: tls [tls_domain.c:1119]: load_private_key(): TLSs: Key >> '/usr/local/etc/kamailio/tls/myKey.pem' successfuly loaded >> DEBUG: tls [tls_domain.c:1119]: load_private_key(): TLSc: Key >> '/usr/local/etc/kamailio/tls/myKey.pem' successfuly loaded >> DEBUG: tls [tls_rpc.c:82]: tls_reload(): TLS configuration successfuly >> loaded >> >> 4. When the first handshake begins after reloading, it goes to the >> TLSs default domain: >> >> DEBUG:
Re: [SR-Users] Mutual TLS with Skype for Business 2015
Hello, On 27.10.17 17:12, Francisco Valentin Vinagrero wrote: > > Hi all, > > > > I’m still stuck with this even if I built a new VM to avoid any buggy > configuration. > > > > Some thoughts on this: > > > > 1. I have tried to change verify_certificate = no on my server > section of tls.cfg, so ideally the remote certificate will not be > verified, but this is not changing anything. > to understand properly, even if you have verify_certificate = no, the certificated is verified and fails? Otherwise I don't have access to Skype for Business 2015, so I cannot troubleshoot much. Cheers, Daniel > > > 2. My Kamailio cluster is part of a DNS alias, but the alias is > defined as alias=:5061 in the Kamailio.cfg. Could this be > affecting somehow the verification? My tls.cfg only has server:default > and client:default section. > > > > 3. Every time I reload the configuration, the TLS info and debug > messages for client and server are coherent with what I would expect > from my tls.cfg: > > > > INFO: tls [tls_domain.c:278]: fill_missing(): TLSs: > tls_method=20 > > > INFO: tls [tls_domain.c:290]: fill_missing(): TLSs: > certificate='/usr/local/etc/kamailio/tls/myCert.pem' > > INFO: tls [tls_domain.c:297]: fill_missing(): TLSs: > ca_list='/usr/local/etc/kamailio/tls/myCAfile.pem' > > INFO: tls [tls_domain.c:304]: fill_missing(): TLSs: > crl='(null)' > > > INFO: tls [tls_domain.c:308]: fill_missing(): TLSs: > require_certificate=1 > > > INFO: tls [tls_domain.c:315]: fill_missing(): TLSs: > cipher_list='(null)' > > > INFO: tls [tls_domain.c:322]: fill_missing(): TLSs: > private_key='/usr/local/etc/kamailio/tls/myKey.pem' > > INFO: tls [tls_domain.c:326]: fill_missing(): TLSs: > verify_certificate=1 > > > INFO: tls [tls_domain.c:329]: fill_missing(): TLSs: > verify_depth=9 > > > DEBUG: tls [tls_domain.c:968]: fix_domain(): using tls methods range: > 20 > > DEBUG: tls [tls_domain.c:566]: load_crl(): TLSs: No CRL > configured > > INFO: tls [tls_domain.c:658]: set_verification(): TLSs: > Client MUST present valid certificate > > INFO: tls [tls_domain.c:278]: fill_missing(): TLSc: > tls_method=20 > > > INFO: tls [tls_domain.c:290]: fill_missing(): TLSc: > certificate='/usr/local/etc/kamailio/tls/myCert.pem' > > INFO: tls [tls_domain.c:297]: fill_missing(): TLSc: > ca_list='/usr/local/etc/kamailio/tls/myCAfile.pem' > > INFO: tls [tls_domain.c:304]: fill_missing(): TLSc: > crl='(null)' > > > INFO: tls [tls_domain.c:308]: fill_missing(): TLSc: > require_certificate=1 > > > INFO: tls [tls_domain.c:315]: fill_missing(): TLSc: > cipher_list='(null)' > > > INFO: tls [tls_domain.c:322]: fill_missing(): TLSc: > private_key='/usr/local/etc/kamailio/tls/myKey.pem' > > INFO: tls [tls_domain.c:326]: fill_missing(): TLSc: > verify_certificate=1 > > > INFO: tls [tls_domain.c:329]: fill_missing(): TLSc: > verify_depth=9 > > > DEBUG: tls [tls_domain.c:968]: fix_domain(): using tls methods range: > 20 > > DEBUG: tls [tls_domain.c:566]: load_crl(): TLSc: No CRL > configured > > INFO: tls [tls_domain.c:658]: set_verification(): TLSc: > Server MUST present valid certificate > > DEBUG: tls [tls_domain.c:1119]: load_private_key(): TLSs: Key > '/usr/local/etc/kamailio/tls/myKey.pem' successfuly loaded > > DEBUG: tls [tls_domain.c:1119]: load_private_key(): TLSc: Key > '/usr/local/etc/kamailio/tls/myKey.pem' successfuly loaded > > DEBUG: tls [tls_rpc.c:82]: tls_reload(): TLS configuration successfuly > loaded > > > > 4. When the first handshake begins after reloading, it goes to > the TLSs default domain: > > > > DEBUG: [ip_addr.c:229]: print_ip(): tcpconn_new: new tcp > connection: 188.185.115.181 > > DEBUG: [tcp_main.c:985]: tcpconn_new(): on port 56404, type > 3
[SR-Users] Reinvite/ACK race
Hi, I've got a scenario like so: UA A -> Kamailio P > UA B 1. UA A initiates call through Kamailio P; 2. Dialog is established and confirmed, with Record-Route; 3. UA B sends reinvite #1 through P to A; 4. UA B sends 2xx reply; 5. UA B sends end-to-end ACK for reinvite #1 and almost simultaneously sends reinvite #2. The temporal delta is between reinvite #2 and ACK for reinvite #1 on the wire is 3 ms. So, the result — for all kinds of stochastic processing and userspace scheduling type reasons — is that the reinvite is forwarded first, before the ACK. That leads to a 500 / 491 scenario UA A. The cause, as we all know, is that Kamailio's worker threads are loosely coupled, and incoming UDP datagrams are distributed directly by the kernel. Is there any general guidance on what to do with these scenarios? I looked at RFC 5407 § 3.1.4, which appears to describe a similar, but not identical scenario involving an initial INVITE and subsequent reinvite. As far as I can tell, the recommendation in that standard is "space the messaging out more in time". Switching to TCP would presumably help, since any given flow would involve a single connection to a single worker thread and the transport would guarantee ordering. However, that's not really feasible in this implementation for a host of reasons. I know Kamailio has some config locking primitives, but I am extremely wary of complex synchronisation on dialog-identifying attributes, particularly if there is a possibility that such locks could stall a worker perpetually. Any other thoughts welcome! Cheers, -- Alex -- Alex Balashov | Principal | Evariste Systems LLC Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free) Web: http://www.evaristesys.com/, http://www.csrpswitch.com/ ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] no event received for call disconnection
Hello, On 30.10.17 17:29, Aleksandar Sosic wrote: > Hi Everyone, > > we're trying to implement cgrates in our kamailio nodes. > Everything is working fine except for the fact that kamailio is not > signaling the call end to cgrates for prepaid users... The versions, > logs and confs are: > > ``` > # kamailio -v > version: kamailio 5.0.3 (x86_64/linux) > flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, > DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, > Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, > FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, > USE_DST_BLACKLIST, HAVE_RESOLV_RES > ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, > MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB > poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. > id: unknown > compiled with gcc 5.3.1 > ``` > > ``` > # cgr-engine --version > CGRateS 0.9.1~rc8 git+15a0793 (2017-10-23T12:15:40+02:00) > ``` > > The kamailio conf regarding our problem is: > ``` > # Inform CGRateS about CALL_END (stop debit loops, perform accounting > if desired in this way) > route[CGR_CALL_END] { > if $sht(cgrconn=>cgr) == $null { > xlog("Charging controller unreachable"); > exit; > } > $var(callDur) = $TS - $dlg(start_ts); > evapi_relay("{\"event\":\"CGR_CALL_END\", > \"callid\":\"$dlg(callid)\", > \"from_tag\":\"$dlg(from_tag)\", > \"cgr_reqtype\":\"$dlg_var(cgrReqType)\", > \"cgr_tenant\":\"$dlg_var(cgrTenant)\", > \"cgr_account\":\"$dlg_var(cgrAccount)\", > \"cgr_destination\":\"$dlg_var(cgrDestination)\", > \"cgr_answertime\":\"$dlg(start_ts)\", > \"cgr_duration\":\"$var(callDur)\", > \"cgr_supplier\":\"$dlg_var(cgrSupplier)\", > \"cgr_disconnectcause\":\"$T_reply_code\"}"); > } > ``` > > The kamailio logs: > > ``` > 17(114) ERROR: evapi [evapi_dispatch.c:707]: _evapi_relay(): failed to > pass the pointer to evapi dispatcher > 17(114) ERROR: evapi [evapi_mod.c:261]: w_evapi_relay(): failed to > relay event: {"event":"CGR_CALL_END", > [...] does this happen on BYE or on dialog timeout? Cheers, Daniel -- Daniel-Constantin Mierla www.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio Advanced Training, Nov 13-15, 2017, in Berlin - www.asipto.com Kamailio World Conference - www.kamailioworld.com ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] unexpected behavior of save from registrar module
@Daniel, thanks for the answer and for the change accepting! have a nice day! -- Sent from: http://sip-router.1086192.n5.nabble.com/Users-f3.html ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] sanity passes invalid uri
Daniel-Constantin Mierla writes: > I don't remember any change recently to sanity, so probably it was > developed like this for long time. Yes, it is not a new bug. When I have extra time, I'll take a look at the code. -- Juha ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] unexpected behavior of save from registrar module
Hello, On 30.10.17 09:21, Vasiliy Ganchev wrote: > Hi there again! > > @Daniel, can you comment what do you think about the topic? > I changed to return -1. Not sure what was the reason to return 0 there, but was not the expected behaviour. Patch pushed to master and 5.0 branches for now. Cheers, Daniel -- Daniel-Constantin Mierla www.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio Advanced Training, Nov 13-15, 2017, in Berlin - www.asipto.com Kamailio World Conference - www.kamailioworld.com ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] Remove all cpecial characters (\n, \t etc)from xml body
Hi thx. I tried without double back slashes. Has no effect. But I already resolved it with different way Just decoded message to base64 formt and then sent to needed service where i encoded it and parsed (thx Alex Balashov for 2014 kamailio world presentantion) Was not sure about parsing string by kamailio (this it is not a best idea), think that logic on kamailio side should be as clear as it posible 2017-10-30 12:29 GMT+03:00 Daniel-Constantin Mierla: > Hello, > > > On 28.10.17 20:28, Yuriy Gorlichenko wrote: > > Hi. I building external presentity service for web based phones > > > > > > Main trouble that i have at the xml body of PUBLISH message \n \t > > characters and because of it can't set body as string to the redis > > > > So I trying to find a way to remove special characters form the xml > > body for get oneline string instead of multiline > > > > I use native .cfg file for now and, unfortunattely, can not use lua or > > phyton > > > > I tried > > > > $var(body)=$(rb{s.rm,$var(RemoveThisStaff)}) where > > $var(RemoveThisStaff) = "\n" and "\t" > > > > but it was unsuccesfull. Maybe someone will help to kno how to do it. > > > can you try with: > > $var(body)=$(rb{s.rm,\n}); > > or: > > $var(body)=$(rb{s.rm,\\n}); > > Not sure if needs double back slashes, that's why I said to try the both. > > Cheers, > Daniel > > -- > Daniel-Constantin Mierla > www.twitter.com/miconda -- www.linkedin.com/in/miconda > Kamailio Advanced Training, Nov 13-15, 2017, in Berlin - www.asipto.com > Kamailio World Conference - www.kamailioworld.com > > ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] sanity passes invalid uri
Hello, On 27.10.17 16:23, Juha Heinanen wrote: > I noticed that K 5.0 sanity() test passes uri that contains ` (back quote) > character. > > Config: > > modparam("sanity", "default_checks", 1024) /* URI checks */ > modparam("sanity", "uri_checks", 3) /* RURI, From */ > > xlog("L_INFO", "Checking $ru\n"); > if (!sanity_check()) > xlog("L_INFO", "Check failed\n"); > else > xlog("L_INFO", "Check passed\n"); > > Syslog: > > Oct 27 17:17:38 lohi /usr/bin/sip-proxy[31946]: INFO: Checking sip:jh@te`st.fi > Oct 27 17:17:38 lohi /usr/bin/sip-proxy[31946]: INFO: Check passed > > According to RFC3261: > > hostname = *( domainlabel "." ) toplabel [ "." ] > domainlabel = alphanum > / alphanum *( alphanum / "-" ) alphanum > > Is this a bug or am I missing something? > I don't remember any change recently to sanity, so probably it was developed like this for long time. You can go ahead and fix it in the code. As a quick fix, you can add an extra regexp condition in the config. Cheers, Daniel -- Daniel-Constantin Mierla www.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio Advanced Training, Nov 13-15, 2017, in Berlin - www.asipto.com Kamailio World Conference - www.kamailioworld.com ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] Remove all cpecial characters (\n, \t etc)from xml body
Hello, On 28.10.17 20:28, Yuriy Gorlichenko wrote: > Hi. I building external presentity service for web based phones > > > Main trouble that i have at the xml body of PUBLISH message \n \t > characters and because of it can't set body as string to the redis > > So I trying to find a way to remove special characters form the xml > body for get oneline string instead of multiline > > I use native .cfg file for now and, unfortunattely, can not use lua or > phyton > > I tried > > $var(body)=$(rb{s.rm,$var(RemoveThisStaff)}) where > $var(RemoveThisStaff) = "\n" and "\t" > > but it was unsuccesfull. Maybe someone will help to kno how to do it. > can you try with: $var(body)=$(rb{s.rm,\n}); or: $var(body)=$(rb{s.rm,\\n}); Not sure if needs double back slashes, that's why I said to try the both. Cheers, Daniel -- Daniel-Constantin Mierla www.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio Advanced Training, Nov 13-15, 2017, in Berlin - www.asipto.com Kamailio World Conference - www.kamailioworld.com ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] unexpected behavior of save from registrar module
Hi there again! @Daniel, can you comment what do you think about the topic? Thanks in advance! cheers! -- Sent from: http://sip-router.1086192.n5.nabble.com/Users-f3.html ___ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users