Re: [SR-Users] sipML5 through kamailio

[Wilkins, Steve]

I just verified that I do have logging in all pertinent areas.  I added tls and 
I do see "TLS accept successful" in the kamailio logs, however, I see no log 
being generated in route[xhttp:request], and I do have logging in the first 
line of this route.  I don't think it is getting there.  Also, I noticed I have 
event_route[xhttp:request] not route[xhttp:request].

Thank you,
-Steve


___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] sipML5 through kamailio

[Wilkins, Steve]

I just verified that I do have logging in all pertinent areas.  I added tls and 
I do see “TLS accept successful” in the logs, however, I see no log being 
generated in route[xhttp:request], and I do have logging in the first line of 
this route.  I don’t think it is getting there.  Also, I noticed I have 
event_route[xhttp:request] not route[xhttp:request].

From: sr-users [mailto:sr-users-boun...@lists.kamailio.org] On Behalf Of SamyGo
Sent: Thursday, November 23, 2017 12:40 PM
To: Kamailio (SER) - Users Mailing List 
Subject: Re: [SR-Users] sipML5 through kamailio

Can you clarify the IP addressing scheme as you've mentioned. There is no TLS 
interface?
Advertised address for 5060 but not for WSS interface. Both listen and 
advertise are public IPs ?
Also,you're handling WSS requests. Do you've xlog ines in the 
route[xhttp:request] to view when a request lands.!

My config has this:

#!substdef "!MY_IP_ADDR!123.134.156.167!g"
#!substdef "!MY_WS_PORT!6010!g"
#!substdef "!MY_WSS_PORT!6011!g"

listen=tcp:MY_IP_ADDR:MY_WS_PORT
listen=tls:MY_IP_ADDR:MY_WSS_PORT

Then the xhttp event route:

```
event_route[xhttp:request] {
set_reply_close();
set_reply_no_connect();

#Deny any HTTP requests on any port other than WS/WSS ports.
if ($Rp != MY_WS_PORT && $Rp != MY_WSS_PORT ) {
xlog("L_WARN", "HTTP request received on $Rp\n");
xhttp_reply("403", "Forbidden", "", "");
exit;
}

#Handle HTTP(s) onwards.
xlog("L_INFO", "HTTP Request Received\n");
```


On Thu, Nov 23, 2017 at 12:18 PM, Wilkins, Steve 
> wrote:
Hi Sammy,

First of all, thank you for taking the time to respond.

Yes, port 10443 is opened.  I have used this port before as asterisk’s WebRTC 
port and iptables shows it as open.  No, I can’t even get a registration using 
the configuration I listed.  I have an xdbg log statement right after the 
request_route, and I see nothing.  I do know that my xdbg logs are working 
though because, if I register or make a call using any sip tool, I see all my 
logging and everything works correctly.

-Steve

From: sr-users 
[mailto:sr-users-boun...@lists.kamailio.org]
 On Behalf Of SamyGo
Sent: Thursday, November 23, 2017 12:00 PM
To: Kamailio (SER) - Users Mailing List 
>
Subject: Re: [SR-Users] sipML5 through kamailio

Hi Steve,
Can you confirm that port 10443 is reachable behind the NAT to Kamailio server, 
validate iptables too Does your SIPml5 demo client register successfully to 
Kamailio? are there enough xlog lines to print out if anything lands in 
Kamailio.

Regards,
Sammy



On Thu, Nov 23, 2017 at 11:34 AM, Wilkins, Steve 
> wrote:
Hello,

I am attempting to use sipML5 to test WebRTC.  I have not been successful in 
getting messages through to Kamailio though. I am running Kamailio 5.0.3 on 
Cento 7.

My listen’s in the kamailio configuration file are =>
listen=tcp:112.22.3.108:5060 advertise 
34.226.187.61:5060
listen=udp:112.22.3.108:5060 advertise 
34.226.187.61:5060
listen=tcp:112.22.3.108:10443 (which I will use in 
the sipML5 Expert mode)

My sipML5 settings are =>
Public Identity - sip:user1@112.22.3.108
Realm - 112.22.3.108

Export mode setting are =>
WebSocket Server URL - wss://112.22.3.108:10443 (I 
have also tried wss://112.22.3.108:10443/ws)
SIP outbound Proxy URL - udp://112.22.3.108:5060 (I 
have also left this blank)

When I make a call I see no Kamailio activity (I have logging at the start of 
request_route) so I am not sure where the configuration error is.  If I change 
the sipML5 configuration IP Address to use the asterisk IP Address, sipML5 
works.  My goal is to go WebRTC Client => Kamailio => Asterisk and eventually 
through some sort of media proxy.

Thank you,
-Steve



___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users


___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] *** GMX Spamverdacht *** Re: Cannot disable EC Diffie Hellman cipher suite

[Ilyas Keskin]

Hey otron,

good call, but in the meantime I already tried setting the following 
which should exclude all cipher suites and only use AES128 (afaik):


    cipher_list = NONE:AES128-SHA256


Best regards,
Ilyas Keskin

Am 24.11.2017 um 20:48 schrieb otron2...@gmail.com:
Just a guess but maybe later entries [like +HIGH:+MEDIUM:+LOW] put it 
back.  Try switching the order so that !ECDHE and the others you're 
trying to exclude come after.







Sent from Samsung Mobile



 Original message 
From: Ilyas Keskin 
Date: 11/24/2017 10:19 AM (GMT-08:00)
To: mico...@gmail.com,"Kamailio (SER) - Users Mailing List" 


Subject: Re: [SR-Users] Cannot disable EC Diffie Hellman cipher suite


Hi Daniel,

yes I am using the tls.cfg file. I tried your suggestion to add the 
cipher suite string (notice the !EDCHE which I also added to the httpd 
ssl.conf) but nothing changed.


    [server:default]
    method = TLSv1
    cipher_list = 
!DH:!ECDHE:!EDH:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

    verify_certificate = no
    require_certificate = no
    private_key = /etc/letsencrypt/live/webrtc.ddnss.de/privkey.pem
    certificate = /etc/letsencrypt/live/webrtc.ddnss.de/fullchain.pem
    #ca_list = ./modules/tls/cacert.pem
    #crl = ./modules/tls/crl.pem

Also here is a log snippet from tls module section of kamailio 
initialization. Notice first two lines. Also it seems to me the module 
actually ignores the local openssl installation and uses its own which 
has been compiled with the module itself (?).

Other than that it seems to be accepting the cipher_list value just fine:

Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_mod.c:355]: mod_init(): With ECDH-Support!
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_mod.c:358]: mod_init(): With Diffie Hellman
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_init.c:587]: init_tls_h(): tls: _init_tls_h:  compiled with  
openssl  version "OpenSSL 1.0.1e-fips 11 Feb 2013" (0x1000105f), 
kerberos support: on, compression: on
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_init.c:595]: init_tls_h(): tls: init_tls_h: installed openssl 
library version "OpenSSL 1.0.1e-fips 11 Feb 2013" (0x1000105f), 
kerberos support: on,  zlib compression:
compiler: gcc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DZLIB 
-DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT 
-m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: WARNING: tls 
[tls_init.c:649]: init_tls_h(): tls: openssl bug #1491 (crash/mem 
leaks on low memory) workaround enabled (on low memory tls operations 
will fail preemptively) with free
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO:  
[cfg/cfg_ctx.c:613]: cfg_set_now(): INFO: cfg_set_now(): 
tls.low_mem_threshold1 has been changed to 7864320
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO:  
[cfg/cfg_ctx.c:613]: cfg_set_now(): INFO: cfg_set_now(): 
tls.low_mem_threshold2 has been changed to 3932160
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: WARNING: tm 
[tm.c:594]: fixup_routes(): WARNING: t_on_branch("MANAGE_BRANCH"): 
empty/non existing route
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: WARNING: tm 
[tm.c:594]: fixup_routes(): WARNING: t_on_reply("MANAGE_REPLY"): 
empty/non existing route
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: WARNING: tm 
[tm.c:594]: fixup_routes(): WARNING: t_on_failure("MANAGE_FAILURE"): 
empty/non existing route
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO:  
[udp_server.c:175]: probe_max_receive_buffer(): SO_RCVBUF is initially 
212992
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO:  
[udp_server.c:225]: probe_max_receive_buffer(): SO_RCVBUF is finally 
425984
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_domain.c:275]: fill_missing(): TLSs: tls_method=12
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_domain.c:287]: fill_missing(): TLSs: 
certificate='/etc/letsencrypt/live/webrtc.ddnss.de/fullchain.pem'
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_domain.c:294]: fill_missing(): TLSs: ca_list='(null)'
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_domain.c:301]: fill_missing(): TLSs: crl='(null)'
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_domain.c:305]: fill_missing(): TLSs: require_certificate=0
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_domain.c:312]: fill_missing(): TLSs: 
cipher_list='!DH:!ECDHE:!EDH:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL'
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_domain.c:319]: fill_missing(): TLSs: 
private_key='/etc/letsencrypt/live/webrtc.ddnss.de/privkey.pem'
Nov 24 18:56:20 kamailio-sip 

Re: [SR-Users] sipML5 through kamailio

[otron2...@gmail.com]

"So, tls is required for wss?"

Yes, as of the last rfc.  It can work without it if the client software 
(browser) will accept it though by now most will treat it as insecure.  I 
forget whether sipML5 will but my guess would be no. 




 Original message 
From: "Wilkins, Steve"  
Date: 11/24/2017  9:57 AM  (GMT-08:00) 
To: "Kamailio (SER) - Users Mailing List"  
Subject: Re: [SR-Users] sipML5 through kamailio 
 
Hello SamyGo,
 
So, tls is required for wss?  I thought that when I set a listen to 
Kamailio-Server-IPAddress:10443 and I sent a request through that IP and Port, 
that Kamailio would at least see the request and attempt to do something with 
it.  I will go add tls and try again.  Thank you!
 
From: sr-users [mailto:sr-users-boun...@lists.kamailio.org] On Behalf Of SamyGo
Sent: Thursday, November 23, 2017 12:40 PM
To: Kamailio (SER) - Users Mailing List 
Subject: Re: [SR-Users] sipML5 through kamailio
 
Can you clarify the IP addressing scheme as you've mentioned. There is no TLS 
interface?
Advertised address for 5060 but not for WSS interface. Both listen and 
advertise are public IPs ?
Also,you're handling WSS requests. Do you've xlog ines in the 
route[xhttp:request] to view when a request lands.!
 
My config has this:
 
#!substdef "!MY_IP_ADDR!123.134.156.167!g"
#!substdef "!MY_WS_PORT!6010!g"
#!substdef "!MY_WSS_PORT!6011!g"
 
listen=tcp:MY_IP_ADDR:MY_WS_PORT
listen=tls:MY_IP_ADDR:MY_WSS_PORT
 
Then the xhttp event route:
 
```
event_route[xhttp:request] {
        set_reply_close();
        set_reply_no_connect();
 
        #Deny any HTTP requests on any port other than WS/WSS ports.
        if ($Rp != MY_WS_PORT && $Rp != MY_WSS_PORT ) {
                xlog("L_WARN", "HTTP request received on $Rp\n");
                xhttp_reply("403", "Forbidden", "", "");
                exit;
        }
 
        #Handle HTTP(s) onwards.
        xlog("L_INFO", "HTTP Request Received\n");
```
 
 
On Thu, Nov 23, 2017 at 12:18 PM, Wilkins, Steve  wrote:
Hi Sammy,
 
First of all, thank you for taking the time to respond.
 
Yes, port 10443 is opened.  I have used this port before as asterisk’s WebRTC 
port and iptables shows it as open.  No, I can’t even get a registration using 
the configuration I listed.  I have an xdbg log statement right after the 
request_route, and I see nothing.  I do know that my xdbg logs are working 
though because, if I register or make a call using any sip tool, I see all my 
logging and everything works correctly.
 
-Steve
 
From: sr-users [mailto:sr-users-boun...@lists.kamailio.org] On Behalf Of SamyGo
Sent: Thursday, November 23, 2017 12:00 PM
To: Kamailio (SER) - Users Mailing List 
Subject: Re: [SR-Users] sipML5 through kamailio
 
Hi Steve,
Can you confirm that port 10443 is reachable behind the NAT to Kamailio server, 
validate iptables too Does your SIPml5 demo client register successfully to 
Kamailio? are there enough xlog lines to print out if anything lands in 
Kamailio.
 
Regards,
Sammy
 
 
 
On Thu, Nov 23, 2017 at 11:34 AM, Wilkins, Steve  wrote:
Hello,
 
I am attempting to use sipML5 to test WebRTC.  I have not been successful in 
getting messages through to Kamailio though. I am running Kamailio 5.0.3 on 
Cento 7.
 
My listen’s in the kamailio configuration file are =>
listen=tcp:112.22.3.108:5060 advertise 34.226.187.61:5060
listen=udp:112.22.3.108:5060 advertise 34.226.187.61:5060
listen=tcp:112.22.3.108:10443 (which I will use in the sipML5 Expert mode)
 
My sipML5 settings are =>
Public Identity - sip:user1@112.22.3.108
Realm - 112.22.3.108
 
Export mode setting are =>
WebSocket Server URL - wss://112.22.3.108:10443 (I have also tried 
wss://112.22.3.108:10443/ws)
SIP outbound Proxy URL - udp://112.22.3.108:5060 (I have also left this blank)
 
When I make a call I see no Kamailio activity (I have logging at the start of 
request_route) so I am not sure where the configuration error is.  If I change 
the sipML5 configuration IP Address to use the asterisk IP Address, sipML5 
works.  My goal is to go WebRTC Client => Kamailio => Asterisk and eventually 
through some sort of media proxy.
 
Thank you,
-Steve
 
 

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

 

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

 ___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Cannot disable EC Diffie Hellman cipher suite

[otron2...@gmail.com]

Just a guess but maybe later entries [like +HIGH:+MEDIUM:+LOW] put it back.  
Try switching the order so that !ECDHE and the others you're trying to exclude 
come after. 






Sent from Samsung Mobile

 Original message 
From: Ilyas Keskin  
Date: 11/24/2017  10:19 AM  (GMT-08:00) 
To: mico...@gmail.com,"Kamailio (SER) - Users Mailing List" 
 
Subject: Re: [SR-Users] Cannot disable EC Diffie Hellman cipher suite 
 
Hi Daniel,

yes I am using the tls.cfg file. I tried your suggestion to add the cipher 
suite string (notice the !EDCHE which I also added to the httpd ssl.conf) but 
nothing changed.
    [server:default]
    method = TLSv1
    cipher_list = 
!DH:!ECDHE:!EDH:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    verify_certificate = no
    require_certificate = no
    private_key = /etc/letsencrypt/live/webrtc.ddnss.de/privkey.pem
    certificate = /etc/letsencrypt/live/webrtc.ddnss.de/fullchain.pem
    #ca_list = ./modules/tls/cacert.pem
    #crl = ./modules/tls/crl.pem

Also here is a log snippet from tls module section of kamailio initialization. 
Notice first two lines. Also it seems to me the module actually ignores the 
local openssl installation and uses its own which has been compiled with the 
module itself (?). 
Other than that it seems to be accepting the cipher_list value just fine:
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_mod.c:355]: mod_init(): With ECDH-Support!
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_mod.c:358]: mod_init(): With Diffie Hellman
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_init.c:587]: init_tls_h(): tls: _init_tls_h:  compiled  with  openssl  
version "OpenSSL 1.0.1e-fips 11 Feb 2013" (0x1000105f), kerberos support: on, 
compression: on
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_init.c:595]: init_tls_h(): tls: init_tls_h: installed openssl library 
version "OpenSSL 1.0.1e-fips 11 Feb 2013" (0x1000105f), kerberos support: on,  
zlib compression:
    compiler: gcc -I. -I.. 
-I../include  -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT 
-DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall 
-Wp,-D_
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: WARNING: tls 
[tls_init.c:649]: init_tls_h(): tls: openssl bug #1491 (crash/mem leaks on low 
memory) workaround enabled (on low memory   tls operations will fail 
preemptively) with free
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO:  
[cfg/cfg_ctx.c:613]: cfg_set_now(): INFO: cfg_set_now(): tls.low_mem_threshold1 
has been changed to 7864320
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO:  
[cfg/cfg_ctx.c:613]: cfg_set_now(): INFO: cfg_set_now(): tls.low_mem_threshold2 
has been changed to 3932160
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: WARNING: tm [tm.c:594]: 
fixup_routes(): WARNING: t_on_branch("MANAGE_BRANCH"): empty/non existing route
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: WARNING: tm [tm.c:594]: 
fixup_routes(): WARNING: t_on_reply("MANAGE_REPLY"): empty/non existing route
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: WARNING: tm [tm.c:594]: 
fixup_routes(): WARNING: t_on_failure("MANAGE_FAILURE"): empty/non existing 
route
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO:  
[udp_server.c:175]: probe_max_receive_buffer(): SO_RCVBUF is initially 212992
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO:  
[udp_server.c:225]: probe_max_receive_buffer(): SO_RCVBUF is finally 425984
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_domain.c:275]: fill_missing(): TLSs: tls_method=12
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_domain.c:287]: fill_missing(): TLSs: 
certificate='/etc/letsencrypt/live/webrtc.ddnss.de/fullchain.pem'
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_domain.c:294]: fill_missing(): TLSs: ca_list='(null)'
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_domain.c:301]: fill_missing(): TLSs: crl='(null)'
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_domain.c:305]: fill_missing(): TLSs: require_certificate=0
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_domain.c:312]: fill_missing(): TLSs: 
cipher_list='!DH:!ECDHE:!EDH:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL'
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_domain.c:319]: fill_missing(): TLSs: 
private_key='/etc/letsencrypt/live/webrtc.ddnss.de/privkey.pem'
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_domain.c:323]: fill_missing(): TLSs: verify_certificate=0
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_domain.c:326]: fill_missing(): TLSs: verify_depth=9

Re: [SR-Users] Cannot disable EC Diffie Hellman cipher suite

[Ilyas Keskin]

Hi Daniel,

yes I am using the tls.cfg file. I tried your suggestion to add the 
cipher suite string (notice the !EDCHE which I also added to the httpd 
ssl.conf) but nothing changed.


    [server:default]
    method = TLSv1
    cipher_list = 
!DH:!ECDHE:!EDH:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

    verify_certificate = no
    require_certificate = no
    private_key = /etc/letsencrypt/live/webrtc.ddnss.de/privkey.pem
    certificate = /etc/letsencrypt/live/webrtc.ddnss.de/fullchain.pem
    #ca_list = ./modules/tls/cacert.pem
    #crl = ./modules/tls/crl.pem

Also here is a log snippet from tls module section of kamailio 
initialization. Notice first two lines. Also it seems to me the module 
actually ignores the local openssl installation and uses its own which 
has been compiled with the module itself (?).

Other than that it seems to be accepting the cipher_list value just fine:

Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_mod.c:355]: mod_init(): With ECDH-Support!
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_mod.c:358]: mod_init(): With Diffie Hellman
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_init.c:587]: init_tls_h(): tls: _init_tls_h:  compiled  with 
openssl  version "OpenSSL 1.0.1e-fips 11 Feb 2013" (0x1000105f), 
kerberos support: on, compression: on
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_init.c:595]: init_tls_h(): tls: init_tls_h: installed openssl 
library version "OpenSSL 1.0.1e-fips 11 Feb 2013" (0x1000105f), kerberos 
support: on,  zlib compression:
    compiler: gcc 
-I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS 
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall 
-O2 -g -pipe -Wall -Wp,-D_
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: WARNING: tls 
[tls_init.c:649]: init_tls_h(): tls: openssl bug #1491 (crash/mem leaks 
on low memory) workaround enabled (on low memory tls operations will 
fail preemptively) with free
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO:  
[cfg/cfg_ctx.c:613]: cfg_set_now(): INFO: cfg_set_now(): 
tls.low_mem_threshold1 has been changed to 7864320
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO:  
[cfg/cfg_ctx.c:613]: cfg_set_now(): INFO: cfg_set_now(): 
tls.low_mem_threshold2 has been changed to 3932160
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: WARNING: tm 
[tm.c:594]: fixup_routes(): WARNING: t_on_branch("MANAGE_BRANCH"): 
empty/non existing route
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: WARNING: tm 
[tm.c:594]: fixup_routes(): WARNING: t_on_reply("MANAGE_REPLY"): 
empty/non existing route
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: WARNING: tm 
[tm.c:594]: fixup_routes(): WARNING: t_on_failure("MANAGE_FAILURE"): 
empty/non existing route
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO:  
[udp_server.c:175]: probe_max_receive_buffer(): SO_RCVBUF is initially 
212992
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO:  
[udp_server.c:225]: probe_max_receive_buffer(): SO_RCVBUF is finally 425984
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_domain.c:275]: fill_missing(): TLSs: tls_method=12
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_domain.c:287]: fill_missing(): TLSs: 
certificate='/etc/letsencrypt/live/webrtc.ddnss.de/fullchain.pem'
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_domain.c:294]: fill_missing(): TLSs: ca_list='(null)'
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_domain.c:301]: fill_missing(): TLSs: crl='(null)'
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_domain.c:305]: fill_missing(): TLSs: require_certificate=0
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_domain.c:312]: fill_missing(): TLSs: 
cipher_list='!DH:!ECDHE:!EDH:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL'
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_domain.c:319]: fill_missing(): TLSs: 
private_key='/etc/letsencrypt/live/webrtc.ddnss.de/privkey.pem'
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_domain.c:323]: fill_missing(): TLSs: verify_certificate=0
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_domain.c:326]: fill_missing(): TLSs: verify_depth=9
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_domain.c:670]: set_verification(): TLSs: No client 
certificate required and no checks performed
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_domain.c:275]: fill_missing(): TLSc: tls_method=12
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: tls 
[tls_domain.c:287]: fill_missing(): TLSc: certificate='(null)'
Nov 24 18:56:20 kamailio-sip /usr/sbin/kamailio[2864]: INFO: 

Re: [SR-Users] sipML5 through kamailio

[Wilkins, Steve]

Hello SamyGo,

So, tls is required for wss?  I thought that when I set a listen to 
Kamailio-Server-IPAddress:10443 and I sent a request through that IP and Port, 
that Kamailio would at least see the request and attempt to do something with 
it.  I will go add tls and try again.  Thank you!

From: sr-users [mailto:sr-users-boun...@lists.kamailio.org] On Behalf Of SamyGo
Sent: Thursday, November 23, 2017 12:40 PM
To: Kamailio (SER) - Users Mailing List 
Subject: Re: [SR-Users] sipML5 through kamailio

Can you clarify the IP addressing scheme as you've mentioned. There is no TLS 
interface?
Advertised address for 5060 but not for WSS interface. Both listen and 
advertise are public IPs ?
Also,you're handling WSS requests. Do you've xlog ines in the 
route[xhttp:request] to view when a request lands.!

My config has this:

#!substdef "!MY_IP_ADDR!123.134.156.167!g"
#!substdef "!MY_WS_PORT!6010!g"
#!substdef "!MY_WSS_PORT!6011!g"

listen=tcp:MY_IP_ADDR:MY_WS_PORT
listen=tls:MY_IP_ADDR:MY_WSS_PORT

Then the xhttp event route:

```
event_route[xhttp:request] {
set_reply_close();
set_reply_no_connect();

#Deny any HTTP requests on any port other than WS/WSS ports.
if ($Rp != MY_WS_PORT && $Rp != MY_WSS_PORT ) {
xlog("L_WARN", "HTTP request received on $Rp\n");
xhttp_reply("403", "Forbidden", "", "");
exit;
}

#Handle HTTP(s) onwards.
xlog("L_INFO", "HTTP Request Received\n");
```


On Thu, Nov 23, 2017 at 12:18 PM, Wilkins, Steve 
> wrote:
Hi Sammy,

First of all, thank you for taking the time to respond.

Yes, port 10443 is opened.  I have used this port before as asterisk’s WebRTC 
port and iptables shows it as open.  No, I can’t even get a registration using 
the configuration I listed.  I have an xdbg log statement right after the 
request_route, and I see nothing.  I do know that my xdbg logs are working 
though because, if I register or make a call using any sip tool, I see all my 
logging and everything works correctly.

-Steve

From: sr-users 
[mailto:sr-users-boun...@lists.kamailio.org]
 On Behalf Of SamyGo
Sent: Thursday, November 23, 2017 12:00 PM
To: Kamailio (SER) - Users Mailing List 
>
Subject: Re: [SR-Users] sipML5 through kamailio

Hi Steve,
Can you confirm that port 10443 is reachable behind the NAT to Kamailio server, 
validate iptables too Does your SIPml5 demo client register successfully to 
Kamailio? are there enough xlog lines to print out if anything lands in 
Kamailio.

Regards,
Sammy



On Thu, Nov 23, 2017 at 11:34 AM, Wilkins, Steve 
> wrote:
Hello,

I am attempting to use sipML5 to test WebRTC.  I have not been successful in 
getting messages through to Kamailio though. I am running Kamailio 5.0.3 on 
Cento 7.

My listen’s in the kamailio configuration file are =>
listen=tcp:112.22.3.108:5060 advertise 
34.226.187.61:5060
listen=udp:112.22.3.108:5060 advertise 
34.226.187.61:5060
listen=tcp:112.22.3.108:10443 (which I will use in 
the sipML5 Expert mode)

My sipML5 settings are =>
Public Identity - sip:user1@112.22.3.108
Realm - 112.22.3.108

Export mode setting are =>
WebSocket Server URL - wss://112.22.3.108:10443 (I 
have also tried wss://112.22.3.108:10443/ws)
SIP outbound Proxy URL - udp://112.22.3.108:5060 (I 
have also left this blank)

When I make a call I see no Kamailio activity (I have logging at the start of 
request_route) so I am not sure where the configuration error is.  If I change 
the sipML5 configuration IP Address to use the asterisk IP Address, sipML5 
works.  My goal is to go WebRTC Client => Kamailio => Asterisk and eventually 
through some sort of media proxy.

Thank you,
-Steve



___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users


___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Kamailio KEMI Framework Tutorial

[Samuel F .]

Hey,


Almost done with a POC. Should I open up a PR and we can review / iterate on it 
or is there a better of way of sharing the code?


Cheers,

Samuel


From: Daniel-Constantin Mierla 
Sent: Friday, November 24, 2017 3:41:35 PM
To: Samuel F.; Kamailio (SER) - Users Mailing List
Subject: Re: [SR-Users] Kamailio KEMI Framework Tutorial


Hello,

On 24.11.17 13:43, Samuel F. wrote:

Hey,


Just tested and it seems to work well! I compared the output to the output from 
app_lua to run some type of sanity check and it seems to show the same 
information.

I think that KSR.x package doesn't have exit() and drop() functions in 
app_python ... but not sure if KSR.x is dumped via rpc.


However, there is one issue with the rpc app_lua.api_list, when running the RPC 
command it returns the result set twice so you get a msize of twice the msize 
of app_python and duplicated data.

I will check.

Cheers,
Daniel



// Samuel


From: Daniel-Constantin Mierla 
Sent: Thursday, November 23, 2017 12:52:24 PM
To: Samuel F.; Kamailio (SER) - Users Mailing List
Subject: Re: [SR-Users] Kamailio KEMI Framework Tutorial


Hello,


I just pushed the rpc command app_python.api_list to master branch. Can you 
test and see if works? If all ok, then I will push it to branch 5.1 as well.


Cheers,
Daniel

On 23.11.17 08:31, Daniel-Constantin Mierla wrote:

Hello,

On 22.11.17 19:47, Samuel F. wrote:

Hi again,


Regarding RPC list: I do not think it is implemented for python?

it is not, indeed, I just looked at the code. I am not much into python myself, 
so it was overlooked -- I just added kemi support for it on top of the previous 
app_python.


I checked the source and couldn't find anything that would handle the RPC call:

kamctl rpc app_python.api_list

Regarding the documentation:
I didn't mean to document in the source code, sorry for not expressing myself 
clearly,

That was a proposal on the IRC devel meeting to add doxygen docs for kemi 
function, which is good to have anyhow, but for something with more details and 
examples, doxygen can become a mess.

 I ment to generate the Kemi function list documentation from the source code 
automatically via a script instead of updating it manually (so the 
documentation doesn't become stale). One example could be to run the RPC 
api_list and take that list to generate a documentation file that shows all 
available functions. I tried to check that out now but couldn't get it working 
for python because I think the command is missing (v5.0.4).

So to condense my proposal on how we could structure the KEMI docs I would 
suggest:
- General documentation about how KEMI works: As it is now, great
- Document special functions that are only implemented in KEMI /or differs from 
the original module implementation: As it is now, great
- Not have sections for each and every module, just one section with a long 
list of exported KEMI functions with a link to the original documentation

I'm happy to take a shot at generating a script for this but would need help to 
understand how I can export the python API list.

I am going to add the rpc command to app_python, then you can try to build your 
tool for it.

Cheers,
Daniel


// Samuel


From: Daniel-Constantin Mierla 
Sent: Tuesday, November 21, 2017 3:20:21 PM
To: Samuel F.; Kamailio (SER) - Users Mailing List
Subject: Re: [SR-Users] Kamailio KEMI Framework Tutorial


Hello,

On 21.11.17 10:20, Samuel F. wrote:

Hi Daniel,


First, I'd just like to say thanks and let you know we are very grateful for 
the KEMI framework. We have developed three small applications running on 
python KEMI in production serving calls every day successfully without any 
issues at all. The development process was very smooth and quick.

thanks for the feedback, really appreciated! It is good to know that KEMI is 
being used in production and also it shows its potential for various needs.



I reviewed the documentation and think it's great that the KEMI framework gets 
an extensive documentation.


One thought I had regarding documenting the exported functions is that I think 
it's good if they are exported to the docs automatically from the source code. 
My opinion is that it is better to have documentation that reflects the current 
state of the source code rather than having stale/out-of-date documentation.


Perhaps having a parser that locates all the exported functions, lists them in 
appropriate modules with the return value and then a link to the actual modules 
documentation?

There is an RPC command that lists the exported KEMI functions for a running 
Kamailio. It reflects exactly what functions are available from the kemi 
framework internal structure. This is like an auto discovery, it is done 
automatically.

Addition docs can be added in the 

[SR-Users] Request Time Out

[Vasim Antule]

Hello,

 

I am new to SIP/Kamailio , I am attempting to use Kamailio 5.0 in test
environment.

I am getting Request Time Out for Android Phones.

Apple to Apple phones are working fine. But Android to Apple and Android to
Android I am getting Request Time Out.

Please Guide.

 

Regards,

Vasim Antule

 

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Cannot disable EC Diffie Hellman cipher suite

[Daniel-Constantin Mierla]

Hello,


On 23.11.17 22:42, Ilyas Keskin wrote:
>
> Hi there,
>
> I have set up a Kamailio 4.2.0 SIP server (centOS 7) for a university
> project regarding WebRTC comunication. While kamailio handles the
> signaling path I use the SIP.js demo phone js application (hosted on
> the same machine as kamaillio) for actual WebRTC stuff.
> For a deeper understanding and documetation purposes I have been
> trying to sniff the traffic with wireshark but failed due to the fact
> that kamailio uses Elliptic Curve Diffie Hellmann cipher suite (see
> wireshark snippet below) which is not decryptable.
>
> Secure Sockets Layer
>     TLSv1.2 Record Layer: Handshake Protocol: Server Hello
>     Content Type: Handshake (22)
>     Version: TLS 1.2 (0x0303)
>     Length: 89
>     Handshake Protocol: Server Hello
>     Handshake Type: Server Hello (2)
>     Length: 85
>     Version: TLS 1.2 (0x0303)
>     Random: b8916e4e0f7c712503a77afcf4c9228598092c166353be50...
>     Session ID Length: 32
>     Session ID:
> b0a31a6699a001b7991645dc61064ca4c4b073eff6913f26...
>     Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
>     Compression Method: null (0)
>     Extensions Length: 13
>     Extension: renegotiation_info (len=1)
>     Extension: ec_point_formats (len=4)
>
> I already tried importing captured SSLKEYLOG pre master secret from
> chrome and private key file issued by letsencrypt without success.
>
> On top of that I set this line
>
>     SSLCipherSuite
> !DH:!ECDH:!EDH:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>
>
> in /etc/httpd/conf.d/ssl.conf and compiled openssl with no-ec no-dh
> (which worked see below).
>
> [admin@kamailio-sip ~]$ openssl ciphers
> SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:PSK-AES128-CBC-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:SRP-3DES-EDE-CBC-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA
> [admin@kamailio-sip ~]$
>
>
> Setting
>
>     modparam("tls", "cipher_list", "AESCCM")
>
> (or different ciphers) in /etc/kamailio/kamailio.cfg seems to have no
> effect on the actual negoiated cipher suite.
>
> Am I missing something? Any help or pointers into the right direction
> will be much appreciated.
>
>
are you also using tls.cfg? If yes, there is an attribute for chiper
list in it as well, try and see if works with it.

Cheers,
Daniel

-- 
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - www.asipto.com
Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Issue dumping an huge htable through xmlrpc

[Daniel-Constantin Mierla]

Hello,


On 24.11.17 15:26, Marco Capetta wrote:
> Hello everyone,
>
> On Kamailio version 4.4.6 I have an issue dumping an huge htable
> through xmlrpc.
>
> We are using htables to store the subscriber registration attempts to
> prevent bruteforcing password attacks.
> Usually there aren't any issues to dump information using xmlrpc.
> On the contrary, if the number of records in the htable become huge
> (in the order of 10.000), xmlrpc output is truncated, therefore it is
> not possible to parse it.
>
> I have the same results either using a Perl library or the
> "xmlrpc_test.py" script included in package.
> I tried to increase the module parameters "binrpc_max_body_size" and
> "binrpc_struct_max_body_size" without success.
>
>
> Do you have any other suggestion?
parameters for ctl module matter only when you use kamcmd.

In your case, check to see if xmlrpc module has any related parameter,
if not, then it uses the tcp write buffer from core, so you have to
adjust them.

Cheers,
Daniel

>
>
> Thank you
> Regards
> Marco
>
>
>
> -- 
> *Marco Capetta *
> Operations Engineer
>
> Sipwise GmbH  , Campus 21/Europaring F15
> AT-2345 Brunn am Gebirge
>
> Phone:  +43(0)1 301 2044 
> Email:  mcape...@sipwise.com 
> Website:  www.sipwise.com 
>
> Particulars according Austrian Companies Code paragraph 14
> "Sipwise GmbH" - Europaring F15 - 2345 Brunn am Gebirge
> FN:305595f, Commercial Court Vienna, ATU64002206
>
>
>
> ___
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - www.asipto.com
Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Kamailio KEMI Framework Tutorial

[Daniel-Constantin Mierla]

Hello,


On 24.11.17 13:43, Samuel F. wrote:
>
> Hey,
>
>
> Just tested and it seems to work well! I compared the output to the
> output from app_lua to run some type of sanity check and it seems to
> show the same information.
>
I think that KSR.x package doesn't have exit() and drop() functions in
app_python ... but not sure if KSR.x is dumped via rpc.
>
>
> However, there is one issue with the rpc app_lua.api_list, when
> running the RPC command it returns the result set twice so you get a
> msize of twice the msize of app_python and duplicated data.
>
I will check.

Cheers,
Daniel

>
> // Samuel
>
> 
> *From:* Daniel-Constantin Mierla 
> *Sent:* Thursday, November 23, 2017 12:52:24 PM
> *To:* Samuel F.; Kamailio (SER) - Users Mailing List
> *Subject:* Re: [SR-Users] Kamailio KEMI Framework Tutorial
>  
>
> Hello,
>
>
> I just pushed the rpc command app_python.api_list to master branch.
> Can you test and see if works? If all ok, then I will push it to
> branch 5.1 as well.
>
>
> Cheers,
> Daniel
>
>
> On 23.11.17 08:31, Daniel-Constantin Mierla wrote:
>>
>> Hello,
>>
>>
>> On 22.11.17 19:47, Samuel F. wrote:
>>>
>>> Hi again,
>>>
>>>
>>> Regarding RPC list: I do not think it is implemented for python?
>>>
>> it is not, indeed, I just looked at the code. I am not much into
>> python myself, so it was overlooked -- I just added kemi support for
>> it on top of the previous app_python.
>>
>>> I checked the source and couldn't find anything that would handle
>>> the RPC call:
>>>
>>> kamctl rpc app_python.api_list
>>>
>>>
>>> Regarding the documentation:
>>> I didn't mean to document in the source code, sorry for not
>>> expressing myself clearly,
>>
>> That was a proposal on the IRC devel meeting to add doxygen docs for
>> kemi function, which is good to have anyhow, but for something with
>> more details and examples, doxygen can become a mess.
>>
>>>  I ment to generate the Kemi function list documentation from the
>>> source code automatically via a script instead of updating it
>>> manually (so the documentation doesn't become stale). One example
>>> could be to run the RPC api_list and take that list to generate a
>>> documentation file that shows all available functions. I tried to
>>> check that out now but couldn't get it working for python because I
>>> think the command is missing (v5.0.4).
>>>
>>> So to condense my proposal on how we could structure the KEMI docs I
>>> would suggest:
>>> - General documentation about how KEMI works: As it is now, great
>>> - Document special functions that are only implemented in KEMI /or
>>> differs from the original module implementation: As it is now, great
>>> - Not have sections for each and every module, just one section with
>>> a long list of exported KEMI functions with a link to the original
>>> documentation
>>>
>>> I'm happy to take a shot at generating a script for this but would
>>> need help to understand how I can export the python API list.
>>
>> I am going to add the rpc command to app_python, then you can try to
>> build your tool for it.
>>
>> Cheers,
>> Daniel
>>
>>>
>>> // Samuel
>>>
>>> 
>>> *From:* Daniel-Constantin Mierla 
>>> 
>>> *Sent:* Tuesday, November 21, 2017 3:20:21 PM
>>> *To:* Samuel F.; Kamailio (SER) - Users Mailing List
>>> *Subject:* Re: [SR-Users] Kamailio KEMI Framework Tutorial
>>>  
>>>
>>> Hello,
>>>
>>>
>>> On 21.11.17 10:20, Samuel F. wrote:

 Hi Daniel,


 First, I'd just like to say thanks and let you know we are very
 grateful for the KEMI framework. We have developed three
 small applications running on python KEMI in production serving
 calls every day successfully without any issues at all. The
 development process was very smooth and quick.

>>>
>>> thanks for the feedback, really appreciated! It is good to know that
>>> KEMI is being used in production and also it shows its potential for
>>> various needs.
>>>

 I reviewed the documentation and think it's great that the KEMI
 framework gets an extensive documentation.


 One thought I had regarding documenting the exported functions is
 that I think it's good if they are exported to the docs
 automatically from the source code. My opinion is that it is better
 to have documentation that reflects the current state of the source
 code rather than having stale/out-of-date documentation.


 Perhaps having a parser that locates all the exported functions,
 lists them in appropriate modules with the return value and then a
 link to the actual modules documentation?

>>>
>>> There is an RPC command that lists the exported KEMI functions for a
>>> running Kamailio. It reflects exactly what functions are available
>>> from the kemi framework internal 

[SR-Users] Issue dumping an huge htable through xmlrpc

[Marco Capetta]

Hello everyone,

On Kamailio version 4.4.6 I have an issue dumping an huge htable through 
xmlrpc.


We are using htables to store the subscriber registration attempts to 
prevent bruteforcing password attacks.

Usually there aren't any issues to dump information using xmlrpc.
On the contrary, if the number of records in the htable become huge (in 
the order of 10.000), xmlrpc output is truncated, therefore it is not 
possible to parse it.


I have the same results either using a Perl library or the 
"xmlrpc_test.py" script included in package.
I tried to increase the module parameters "binrpc_max_body_size" and 
"binrpc_struct_max_body_size" without success.



Do you have any other suggestion?


Thank you
Regards
Marco



--
*Marco Capetta *
Operations Engineer

Sipwise GmbH  , Campus 21/Europaring F15
AT-2345 Brunn am Gebirge

Phone: +43(0)1 301 2044 
Email: mcape...@sipwise.com 
Website: www.sipwise.com 

Particulars according Austrian Companies Code paragraph 14
"Sipwise GmbH" - Europaring F15 - 2345 Brunn am Gebirge
FN:305595f, Commercial Court Vienna, ATU64002206

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Kamailio KEMI Framework Tutorial

[Samuel F .]

Hey,


Just tested and it seems to work well! I compared the output to the output from 
app_lua to run some type of sanity check and it seems to show the same 
information.


However, there is one issue with the rpc app_lua.api_list, when running the RPC 
command it returns the result set twice so you get a msize of twice the msize 
of app_python and duplicated data.


// Samuel


From: Daniel-Constantin Mierla 
Sent: Thursday, November 23, 2017 12:52:24 PM
To: Samuel F.; Kamailio (SER) - Users Mailing List
Subject: Re: [SR-Users] Kamailio KEMI Framework Tutorial


Hello,


I just pushed the rpc command app_python.api_list to master branch. Can you 
test and see if works? If all ok, then I will push it to branch 5.1 as well.


Cheers,
Daniel

On 23.11.17 08:31, Daniel-Constantin Mierla wrote:

Hello,

On 22.11.17 19:47, Samuel F. wrote:

Hi again,


Regarding RPC list: I do not think it is implemented for python?

it is not, indeed, I just looked at the code. I am not much into python myself, 
so it was overlooked -- I just added kemi support for it on top of the previous 
app_python.


I checked the source and couldn't find anything that would handle the RPC call:

kamctl rpc app_python.api_list

Regarding the documentation:
I didn't mean to document in the source code, sorry for not expressing myself 
clearly,

That was a proposal on the IRC devel meeting to add doxygen docs for kemi 
function, which is good to have anyhow, but for something with more details and 
examples, doxygen can become a mess.

 I ment to generate the Kemi function list documentation from the source code 
automatically via a script instead of updating it manually (so the 
documentation doesn't become stale). One example could be to run the RPC 
api_list and take that list to generate a documentation file that shows all 
available functions. I tried to check that out now but couldn't get it working 
for python because I think the command is missing (v5.0.4).

So to condense my proposal on how we could structure the KEMI docs I would 
suggest:
- General documentation about how KEMI works: As it is now, great
- Document special functions that are only implemented in KEMI /or differs from 
the original module implementation: As it is now, great
- Not have sections for each and every module, just one section with a long 
list of exported KEMI functions with a link to the original documentation

I'm happy to take a shot at generating a script for this but would need help to 
understand how I can export the python API list.

I am going to add the rpc command to app_python, then you can try to build your 
tool for it.

Cheers,
Daniel


// Samuel


From: Daniel-Constantin Mierla 
Sent: Tuesday, November 21, 2017 3:20:21 PM
To: Samuel F.; Kamailio (SER) - Users Mailing List
Subject: Re: [SR-Users] Kamailio KEMI Framework Tutorial


Hello,

On 21.11.17 10:20, Samuel F. wrote:

Hi Daniel,


First, I'd just like to say thanks and let you know we are very grateful for 
the KEMI framework. We have developed three small applications running on 
python KEMI in production serving calls every day successfully without any 
issues at all. The development process was very smooth and quick.

thanks for the feedback, really appreciated! It is good to know that KEMI is 
being used in production and also it shows its potential for various needs.



I reviewed the documentation and think it's great that the KEMI framework gets 
an extensive documentation.


One thought I had regarding documenting the exported functions is that I think 
it's good if they are exported to the docs automatically from the source code. 
My opinion is that it is better to have documentation that reflects the current 
state of the source code rather than having stale/out-of-date documentation.


Perhaps having a parser that locates all the exported functions, lists them in 
appropriate modules with the return value and then a link to the actual modules 
documentation?

There is an RPC command that lists the exported KEMI functions for a running 
Kamailio. It reflects exactly what functions are available from the kemi 
framework internal structure. This is like an auto discovery, it is done 
automatically.

Addition docs can be added in the code using doxygen, however, while that is 
good for short descriptions, I don't find it good to add extensive docs and 
especially usage examples in the code. Also, from past experiences, 
non-developer users tend not to look at the code, therefore the improvements to 
docs in code from general users are very low.

Anyhow, this tutorial was started with the initial goal of covering the KEMI 
framework in general, and the special functions. For the functions exported by 
modules I added only the acc as an example (which is also a skeleton at this 
moment).

As I said, I am open for suggestions on how to do the docs for 

Re: [SR-Users] Kamailio didn't start before increasing fork_delay

[Daniel-Constantin Mierla]

Hello,

it can be some other limits set in the system, I encountered also with
centos/redhat and couldn't figure out myself (well, not a sysadmin
here). It is the reason I added fork_delay and modinit_delay. You have
to dig in the settings of the system and try to tune them.

Happening can be somehow random, a matter of how busy the system is at
that moment.

Cheers,
Daniel


On 24.11.17 11:30, igor.potjevle...@gmail.com wrote:
>
> Hello Daniel,
>
>  
>
> Both Kamailio and MySQL are running under RHEL. But SELinux is
> deactivated.
>
>  
>
> Regards,
>
>  
>
> Igor.
>
>  
>
> *De :*Daniel-Constantin Mierla [mailto:mico...@gmail.com]
> *Envoyé :* jeudi 23 novembre 2017 12:56
> *À :* Kamailio (SER) - Users Mailing List
> ; igor.potjevle...@gmail.com
> *Objet :* Re: [SR-Users] Kamailio didn't start before increasing
> fork_delay
>
>  
>
> Hello,
>
> are you running on centos/redhat with selinux?
>
> Cheers,
> Daniel
>
>  
>
> On 23.11.17 10:45, igor.potjevle...@gmail.com
>  wrote:
>
> Hello,
>
>  
>
> We suddenly had an issue on one Kamailio instance: we were not
> able to restart. Kamailio started to boot and fork and suddenly
> crashed.
>
> The last logs reported a failure regarding the ability to connect
> to one MySQL instance.
>
>  
>
> I finally succeed  to restart after increasing: fork_delay=5000 to
> fork_delay=9000.
>
>  
>
> How this could happen suddenly? We already restarted Kamailio on
> this server.
>
>  
>
> Regards,
>
>  
>
> Igor.
>
>
>
>
> ___
>
> Kamailio (SER) - Users Mailing List
>
> sr-users@lists.kamailio.org 
>
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
>
>
> -- 
> Daniel-Constantin Mierla
> www.twitter.com/miconda  -- 
> www.linkedin.com/in/miconda 
> Kamailio Advanced Training - www.asipto.com 
> Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com 
> 

-- 
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - www.asipto.com
Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] Failed to find command http_client_query

[Daniel-Constantin Mierla]

Hello,

can you provide here all the http_client_query(...) you have in your
config and list in which route block are they used (like request_route,
failure_route, ...)? You can replace IP addresses, usernames, passwords
with other strings, but if you use any kamailio variables (e.g. $rU),
let them in place.

Cheers,
Daniel

On 23.11.17 20:54, Alexandru Covalschi wrote:
> sip:172.21.0.14:5060 is the local address of the server, it seems like
> a bug in http_client, as I don't have such http_query call anywhere :/ 
> just re-checked
> Also the fact that it works perfectly on 4.4.6 tells that it's not a
> configuration issue
>
> 
> Alexandru Covalschi
> VoIP Engineer and System Administrator
> tel: +373 673 98 493
>
>> 23 нояб. 2017 г., в 16:59, Daniel-Constantin Mierla
>> > написал(а):
>>
>> There was a mistake in the exports structure, the name of the
>> function with 4 parameter was http_query instead of
>> http_client_query. I pushed a patch to fix it.
>>
>> Then, related to the issue with cannot resolve the host, the debug
>> messages show an invalid http url being used:
>>
>> Nov 21 04:18:20 ast1 /usr/sbin/kamailio[20804]: DEBUG: http_client 
>> [functions.c:146]: curL_query_url(): ** # CURL URL 
>> [sip:172.21.0.14:5060]
>>
>> The it fails to do the dns stuff with it...
>>
>> Cheers,
>> Daniel
>>
>> On 22.11.17 22:38, Alexandru Covalschi wrote:
>>> Just wanted to ask if you need my help to test/check/etc.
>>>
>>> 
>>> Alexandru Covalschi
>>> VoIP Engineer and System Administrator
>>> tel: +373 673 98 493
>>>
 21 нояб. 2017 г., в 11:58, Alexandru Covalschi <568...@gmail.com
 > написал(а):

 Kamailio is actually starting, please take a look at that debug=4
 log
 file: 
 https://filebin.net/r54y3jkmzdyk9zak/syslog_http_client_query_failed.txt
 at line 1042 http_client module is successfully loading, but at
 line 12785 it fails to load http_client_query

 Also please check line 50385
 in https://filebin.net/352vff41fwx7uowg/syslog_http_query_curl_6.txt 
 I'm using http_query here with 5.0.4 http_client, you can see that
 http_client makes a request, but afterwards it returns curl error
 6, but the weirdest thing is - at line 19887 I request token from
 the very same IP address, only url is changed, and it actually
 works fine.
 
 Alexandru Covalschi
 VoIP Engineer and System Administrator
 tel: +373 673 98 493

> 21 нояб. 2017 г., в 10:44, Daniel-Constantin Mierla
> > написал(а):
>
> But then kamailio is not starting, or?
>
> Can you provide all the error message as they are printed in
> syslog file? File, line and other details are part of the logs
> message, allowing to identify the location in the source code
> where that happens ...
>
> Cheers,
> Daniel
>
>
> On 21.11.17 09:38, Alexandru Covalschi wrote:
>> It is still one of the issues
>>
>> 
>> Alexandru Covalschi
>> VoIP Engineer and System Administrator
>> tel: +373 673 98 493
>>
>>> 21 нояб. 2017 г., в 9:40, Daniel-Constantin Mierla
>>> > написал(а):
>>>
>>> Hello,
>>>
>>> in your email in this thread, you said:
>>>
>>> > When I try to change http_query to http_client_query it fails
>>> to load with  error "failed to find command http_client_query".
>>>
>>> Is it still the case, or that was sorted out?
>>>
>>> Cheers,
>>> Daniel
>>>
>>> On 20.11.17 22:43, Alexandru Covalschi wrote:
 Works ok on 4.4.6. So I suppose it's a weird 5.0.4 + my
 environment bug. I'm rolling back to 4.4.6 right now, will keep
 one 5.0.4 machine for testing (on debian 9)
 Let me know if I can provide any dumps/cores etc.

 
 Alexandru Covalschi
 VoIP Engineer and System Administrator
 tel: +373 673 98 493

> 20 нояб. 2017 г., в 23:29, Alexandru Covalschi
> <568...@gmail.com > написал(а):
>
> So the weirdest thing is Kamailio actually sends the request,
> but it returns curl error 6 in the answer variable. I have a
> plenty of clonned servers and same behaviour is on all of
> them, also just now tried on a fresh debian 9 - same result.
> I'm inside a virtual machine (vmware), but not sure it matters...
>
> 
> Alexandru Covalschi
> VoIP Engineer and System Administrator
> tel: +373 673 98 493
>
>> 20 нояб. 2017 г., в 22:37, Alexandru Covalschi
>> 

Re: [SR-Users] Kamailio didn't start before increasing fork_delay

[igor.potjevlesch]

Hello Daniel,

 

Both Kamailio and MySQL are running under RHEL. But SELinux is deactivated.

 

Regards,

 

Igor.

 

De : Daniel-Constantin Mierla [mailto:mico...@gmail.com] 
Envoyé : jeudi 23 novembre 2017 12:56
À : Kamailio (SER) - Users Mailing List ;
igor.potjevle...@gmail.com
Objet : Re: [SR-Users] Kamailio didn't start before increasing fork_delay

 

Hello,

are you running on centos/redhat with selinux?

Cheers,
Daniel

 

On 23.11.17 10:45, igor.potjevle...@gmail.com
  wrote:

Hello,

 

We suddenly had an issue on one Kamailio instance: we were not able to
restart. Kamailio started to boot and fork and suddenly crashed.

The last logs reported a failure regarding the ability to connect to one
MySQL instance.

 

I finally succeed  to restart after increasing: fork_delay=5000 to
fork_delay=9000.

 

How this could happen suddenly? We already restarted Kamailio on this
server.

 

Regards,

 

Igor.






___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org  
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users





-- 
Daniel-Constantin Mierla
www.twitter.com/miconda   --
www.linkedin.com/in/miconda  
Kamailio Advanced Training - www.asipto.com  
Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com
 
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users