### Description
For secure websocket connections (wss), Kamailio seems to forget that the
connection is secure, later trying to use a regular TCP `listen` option to send
out messags.
I'd be happy to propose a patch, but I'm not sure what the expected behavior of
Kamailio would be here.
Setup:
- One Kamailio acting as websocket endpoint with TLS configured, forwarding all
packets via udp to another kamailio
- Another Kamailio handling all dialplan logic, including registers/invites
We have traced the issue:
- Client sends a `REGISTER` over secure websockets
- Kamailio1 forwards this to Kamailio 2, with `Path:
<sip:kamailio1:port1;lr;received=sip:1.1.1.1:11111%3Btransport%3Dws>`
- Kamailio 2 stores the AOR in database using `registrar.store`
- In the location table, we can see `received =
sip:1.1.1.1:11111;transport=ws`
- We try to send a SIP INVITE to the WebRTC client
- Kamailio 2 creates invite, adds header `Route: ` with option `transport=ws`
- INVITE arrives at Kamailio 1, which forwards it to the client using
`t_relay`
- Kamailio 1 ends up in `get_send_socket2`, with parameter `proto = ws`
- Following the source code, we end up
[here](https://github.com/kamailio/kamailio/blob/master/src/core/forward.c#L286),
this will end up picking `sendipv4_tcp` as `send_sock`
- This picks a *TCP* listener, while in fact we need a *TLS* listener
- As a result, the outgoing message contains a wrong endpoint in the
`Record-Route` header, causing issues in the SIP dialog later on
### Troubleshooting
#### Reproduction
Reproducing from scratch requires quite some setup, hopefully the above
information will be enough to diagnose.
#### Debugging Data
See above.
#### Log Messages
See above.
#### SIP Traffic
See above, can provide exact SIP traces if required.
### Possible Solutions
We have been able to work around the issue like this:
```
if (pcre_match("$(hdr(Route)[0]{nameaddr.uri}{uri.param,received})",
"%3Btransport%3Dws")) {
# Kamailio bug?
# in the received parameter of the route header, there is ';transport=ws'
# so kamailio starts looking for a *tcp* connection, while it should be
looking for a *tls*
# connection.
xlog("L_NOTICE", "Websocket detected; forcing wss transport");
set_send_socket("tls:WEBSOCKET_IP:WEBSOCKET_PORT");
}
```
### Additional Information
* **Kamailio Version** - output of `kamailio -v`
Tested with 5.4.4, but code doesn't seem to be changed in master.
* **Operating System**:
Ubuntu Focal.
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3340
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/[email protected]>_______________________________________________
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to [email protected]
