SipTrace Module

Daniel-Constantin Mierla

Edited by

Alexandr Dubovikov

Daniel-Constantin Mierla

Giacomo Vacca

Camille Oudot


Table of Contents

1. Admin Guide
1. Overview
2. Dependencies
2.1. Kamailio Modules
2.2. External Libraries or Applications
3. Parameters
3.1. db_url (str)
3.2. table (str)
3.3. trace_flag (integer)
3.4. trace_on (integer)
3.5. traced_user_avp (str)
3.6. trace_table_avp (str)
3.7. duplicate_uri (str)
3.8. trace_to_database (integer)
3.9. trace_local_ip (str)
3.10. trace_sl_acks (integer)
3.11. xheaders_write (integer)
3.12. xheaders_read (integer)
3.13. hep_mode_on (integer)
3.14. hep_version (integer)
3.15. hep_capture_id (integer)
3.16. trace_db_mode (integer)
3.17. trace_delayed (integer)
3.18. send_sock_name (str)
3.19. send_sock_addr (str)
3.20. force_send_sock (str)
3.21. trace_init_mode (integer)
3.22. trace_mode (integer)
3.23. data_mode (integer)
3.24. auth_key (integer)
3.25. evcb_msg (str)
3.26. trace_dialog_ack (str)
3.27. trace_dialog_spiral (str)
4. Functions
4.1. sip_trace([address][, correlation_id][, mode])
4.2. sip_trace_mode(tmode)
4.3. sip_trace_msg(vmsg, saddr, taddr, daddr, corrid)
4.4. hlog([correlation_id,] message)
5. RPC Commands
5.1. siptrace.status param
6. Event Routes
6.1. event_route[siptrace:msg]
7. Database setup
8. Known issues

List of Examples

1.1. Set db_url parameter
1.2. Set table parameter
1.3. Set trace_flag parameter
1.4. Set trace_on parameter
1.5. Set traced_user_avp parameter
1.6. Set trace_table_avp parameter
1.7. Set duplicate_uri parameter
1.8. Set trace_to_database parameter
1.9. Set trace_local_ip parameter
1.10. Set trace_sl_acks parameter
1.11. Set xheaders_write parameter
1.12. Set xheaders_read parameter
1.13. Set hep_mode_on parameter
1.14. Set hep_version parameter
1.15. Set hep_capture_id parameter
1.16. Set trace_db_mode parameter
1.17. Set trace_delayed parameter
1.18. Set send_sock_name parameter
1.19. Set send_sock_addr parameter
1.20. Set trace_init_mode parameter
1.21. Set trace_mode parameter
1.22. Set data_mode parameter
1.23. Set auth_key parameter
1.24. Set evcb_msg parameter
1.25. Set trace_dialog_ack parameter
1.26. Set trace_dialog_spiral parameter
1.27. sip_trace() usage
1.28. sip_trace_mode() usage
1.29. sip_trace_msg() usage
1.30. hlog() usage
1.31. Send relayed ACK message

Chapter 1. Admin Guide

1. Overview

The SIPtrace module offers a possibility to store incoming and outgoing SIP messages in a database and/or duplicate to the capturing server (using HEP, the Homer encapsulation protocol, or plain SIP mode). Since version 5.3.0 new levels of tracing are available. Transactions and dialogs can be traced.

There are multiple ways of storing information:

  • by calling the sip_trace() method explicitly in the Kamailio configuration file. In this case the original message is processed along with its corresponding transaction/dialog if certain flags are used.

  • by setting trace_mode to mirror or store to db all traffic.

The tracing can be turned on/off using Kamailio RPC commands.

kamctl rpc siptrace.status on

kamctl rpc siptrace.status off

2. Dependencies

2.1. Kamailio Modules

The following modules must be conditionally loaded before this module:

  • A database module - Mysql, Postgres, dbtext, unixODBC... Optional, if tracing to DB is enabled.

  • dialog, tm and sl modules - optional, only if you want to trace messages forwarded by these modules.

2.2. External Libraries or Applications

The following libraries or applications must be installed before running Kamailio with this module loaded:

  • None.

3. Parameters

3.1. db_url (str)

Database URL.

Default value is "mysql://kamailio:kamailiorw@localhost/kamailio".

Example 1.1. Set db_url parameter

...
modparam("siptrace", "db_url", "dbdriver://username:password@dbhost/dbname")
...

3.2. table (str)

Name of the table where to store the SIP messages.

Default value is sip_trace.

Example 1.2. Set table parameter

...
modparam("siptrace", "table", "strace")
...

3.3. trace_flag (integer)

Which flag is used to mark messages to trace without traced user.

Default value is "0".

Example 1.3. Set trace_flag parameter

...
modparam("siptrace", "trace_flag", 22)
...

3.4. trace_on (integer)

Parameter to enable/disable trace (on(1)/off(0))

Default value is "0".

Example 1.4. Set trace_on parameter

...
modparam("siptrace", "trace_on", 1)
...

3.5. traced_user_avp (str)

The name of the AVP storing the SIP URI of the traced user. If the AVP is set, messages are stored in a database table and the traced_user column is filled with AVP's value. You can store the message many times for many users by having multiple values for this AVP.

Default value is "NULL" (feature disabled).

Example 1.5. Set traced_user_avp parameter

...
modparam("siptrace", "traced_user_avp", "$avp(user)")
...

3.6. trace_table_avp (str)

The name of the AVP storing the name of the table where to store the SIP messages. If it is not set, the value of table parameter is used. In this way one can select dynamically where to store the traced messages. The table must exist, and must have the same structure as the sip_trace table.

Default value is "NULL" (feature disabled).

Example 1.6. Set trace_table_avp parameter

...
modparam("siptrace", "trace_table_avp", "$avp(i:345)")
modparam("siptrace", "trace_table_avp", "$avp(s:siptrace_table)")
...

3.7. duplicate_uri (str)

The address in form of a SIP URI where to send a duplicate of traced message.

Default value is "NULL".

Example 1.7. Set duplicate_uri parameter

...
modparam("siptrace", "duplicate_uri", "sip:10.1.1.1:5888")
...

3.8. trace_to_database (integer)

Parameter to enable/disable inserts to the database from this Kamailio.

In case we only want to send the SIP messages to the duplicate_uri and not store the information to the local database we can set this to "0".

Default value is "1".

Example 1.8. Set trace_to_database parameter

...
modparam("siptrace", "trace_to_database", 0)
...

3.9. trace_local_ip (str)

The address to be used in fromip field for locally generated messages. If not set, the module sets it to the address of the socket that will be used to send the message.

Default value is "NULL".

Example 1.9. Set trace_local_ip parameter

...
modparam("siptrace", "trace_local_ip", "10.1.1.1:5064")
...

3.10. trace_sl_acks (integer)

Parameter to enable/disable tracing of SL-filtered ACKs (on=1 / off=0).

By default all ACKs to replies generated by SL module are traced. There is no way to select among them. The SL module is able to run an event route when such an ACK arrives (event_route[sl:filtered-ack]). You can set this parameter to 0 and then execute sip_trace() in the event route, accompanied by config rules to decide which ACK to trace.

Default value is "1".

Example 1.10. Set trace_sl_acks parameter

...
modparam("siptrace", "trace_sl_acks", 0)
...

3.11. xheaders_write (integer)

Parameter to enable/disable writing of x-headers.

Stores fromip, toip, method and direction in X-Siptrace-* headers. This allows to transmit them to a second Kamailio server using the duplicate_uri feature. Because the headers are added after the data is written to the database, the headers only show up in the packets sent by duplicate_uri.

See xheaders_read, it should be used on the receiving side.

Note: The headers are first read, then written. This allows relaying the information over more than two Kamailio servers by setting both xheaders_write and xheaders_read to "1" on the servers in the middle.

Default value is "0".

Example 1.11. Set xheaders_write parameter

...
modparam("siptrace", "xheaders_write", 0)
...

3.12. xheaders_read (integer)

Parameter to enable/disable reading of x-headers.

Reads and removes the X-Siptrace-* headers. Packets not containing the headers are neither stored to the database nor relayed (duplicate_uri). See xheaders_write for further information.

Default value is "0".

Example 1.12. Set xheaders_read parameter

...
modparam("siptrace", "xheaders_read", 0)
...

3.13. hep_mode_on (integer)

Parameter to enable/disable Homer encapsulate mode (on(1)/off(0))

Default value is "0".

Example 1.13. Set hep_mode_on parameter

...
modparam("siptrace", "hep_mode_on", 1)
...

3.14. hep_version (integer)

The parameter indicate the version of the HEP protocol. Can be 1, 2 or 3. In HEPv2 and HEPv3 the timestamp and capture agent ID will be included in the HEP header.

Default value is "1".

Example 1.14. Set hep_version parameter

...
modparam("siptrace", "hep_version", 3)
...

3.15. hep_capture_id (integer)

The parameter indicate the capture agent ID for the HEPv2 or HEPv3 protocol. Limitation: 16-bit integer for HEPv2, 32-bit for HEPv3.

Default value is "1".

Example 1.15. Set hep_capture_id parameter

...
modparam("siptrace", "hep_capture_id", 234)
...

3.16. trace_db_mode (integer)

If set to 1, the module uses INSERT DELAYED to store to database (when it is available, otherwise falls back to INSERT).

If set to 2, the module uses ASYNC-INSERT to store to database (when it is available, otherwise falls back to INSERT).

Default value is 0 (use INSERT).

Example 1.16. Set trace_db_mode parameter

...
modparam("siptrace", "trace_db_mode", 1)
...

3.17. trace_delayed (integer)

Kept for backward compatibily, use trace_db_mode instead.

If set to non-zero, ot sets trace_db_mode parameter to 1 when the module is initialized.

Default value is 0.

Example 1.17. Set trace_delayed parameter

...
modparam("siptrace", "trace_delayed", 1)
...

3.18. send_sock_name (str)

The name of the local listen socket from where to send the duplicated traffic via SIP or HEP. In the absence of this parameter Kamailio automatically picks an interface. It has priority over 'send_sock_addr' parameter.

Example 1.18. Set send_sock_name parameter

...
modparam("siptrace", "send_sock_name", "sock1")
...

3.19. send_sock_addr (str)

The local interface in the form of SIP URI from where to send the duplicated traffic. In the absence of this parameter Kamailio automatically picks an interface.

Example 1.19. Set send_sock_addr parameter

...
modparam("siptrace", "send_sock_addr", "sip:10.1.1.2:5000")
...

3.20. force_send_sock (str)

It is the same as 'send_sock_addr' parameter, this being kept for backward compatibility when 'send_sock_name' and 'send_sock_addr' were introduced.

3.21. trace_init_mode (integer)

Control what tracing modes are initialized.

The value of the parameter can be a combination of next values:

  • 0 - all modes are initialized.

  • 1 - module initialized to do tracing only with core callback functions (see also 'trace_mode' parameter).

  • 2 - module initialized to do tracing only using config script flags and functions.

Default value is 0.

Example 1.20. Set trace_init_mode parameter

...
modparam("siptrace", "trace_init_mode", 1)
...

3.22. trace_mode (integer)

If not set to 0, the module uses core events triggered when receiving or sending SIP traffic to store it to database or mirror it to a SIP capture server using HEP or UDP forwarding. It will automatically do the handling of all SIP traffic. It is no longer needed to set the siptrace flag per request or execute sip_trace(), if it is done, then the storing and mirroring is duplicated.

The value of the parameter can be a combination of next values:

  • 0 - no automatic mirroring or storing of SIP traffic.

  • 1 (1st bit set) - mirror the traffic to HEP server.

  • 2 (2nd bit set) - store the traffic to database server.

  • 4 (3rd bit set) - mirror the traffic to the SIP URI specified by duplicate_uri.

The trace_on parameter still has to be set, allowing also to control this mode of mirroring via RPC commands.

Default value is 0.

Example 1.21. Set trace_mode parameter

...
modparam("siptrace", "trace_on", 1)
modparam("siptrace", "trace_mode", 1)
...
modparam("siptrace", "trace_mode", 3)
...

3.23. data_mode (integer)

A set of flags to control what data is used for the trace. If flag 1 (value 1) is set, then advertised address (when set) is used instead of socket bind address.

Default value is 0.

Example 1.22. Set data_mode parameter

...
modparam("siptrace", "data_mode", 1)
...

3.24. auth_key (integer)

A string with an authorization key. Supported on HEPv3 only.

Default value is empty.

Example 1.23. Set auth_key parameter

...
modparam("siptrace", "auth_key", "spoihepuirthpeuia")
...

3.25. evcb_msg (str)

Set the name of KEMI function to be executed instead of event_route[siptrace:msg].

Default value is empty.

Example 1.24. Set evcb_msg parameter

...
modparam("siptrace", "evcb_msg", "ksr_siptrace_msg")
...

3.26. trace_dialog_ack (str)

Enable tracing of in-dialog ACK. Before this param, one must have set the onsend() route and captured the outgoing ACK there.

Default value is 1 (enabled).

Example 1.25. Set trace_dialog_ack parameter

...
modparam("siptrace", "trace_dialog_ack", 1)
...

3.27. trace_dialog_spiral (str)

Enable tracing of dialog spirals. A spiraled dialog is a dialog established by a SIP INVITE that loops back to the same kamailio (as next hop). Right now, inside the siptrace code, a spiraled dialog is identified by (*params->param == NULL).

Default value is 1 (enabled).

Example 1.26. Set trace_dialog_spiral parameter

...
modparam("siptrace", "trace_dialog_spiral", 1)
...

4. Functions

4.1.  sip_trace([address][, correlation_id][, mode])

Store or forward the current processed SIP message/transaction/dialog in a database. It is stored in the form prior applying changes made to it. Based on mode, one can trace the current message('m'), the current transaction('t') or the current dialog('d'). If no mode is given, it falls back to the default mode - transaction tracking when trace_flag is set, otherwise only the current message.

Meaning of the parameters is as follows:

  • address - The address in form of SIP URI where to send a duplicate of traced message. This parameter trumps duplicate_uri and allows tracing to more than one server.

  • correlation_id - A string with a correlation ID to be added to the HEP header when using HEPv3. It's possible to use PVs.

  • mode - SIP messages to be traced. One can trace the current message (function can be called on either a reply or a request), the current transaction(the route must belong to a request) or the current dialog(the message has to be an invite).

This function can be used from REQUEST_ROUTE, FAILURE_ROUTE, ONREPLY_ROUTE, BRANCH_ROUTE.

Default value is "NULL".

Example 1.27. sip_trace() usage

...
sip_trace();
...
sip_trace("sip:10.1.1.2:5085");
...
sip_trace("sip:10.1.1.2:5085", "$ci-abc");
...
/* trace current dialog; needs to be done on initial INVITE and dialog has to be loaded */
sip_trace("sip:10.1.1.2:5085", "$ci-abc", "d");
...

4.2.  sip_trace_mode(tmode)

Set the tracing mode: message, transaction or dialog. Only the first character of the parameter matters: m or M for message; t or T for transaction; d or D for dialog.

In message tracing mode only the current message is stored or mirrored. In transaction tracing mode, all the messages of the current transaction are stored or mirrored. In dialog tracing mode, all the messages of the current dialog are stored or mirrored.

This function can be used in ANY_ROUTE.

Example 1.28. sip_trace_mode() usage

...
sip_trace_mode("t");
...

4.3.  sip_trace_msg(vmsg, saddr, taddr, daddr, corrid)

Send the value of vmsg to the HEP capture server located at daddr, by setting saddr as source address and taddr as target address for vmsg. Correlation ID can be provided with corrid parameter or left as an empty string. The saddr and taddr have to be provided in socket address format (proto:ip:port) and the daddr in SIP URI format.

This function can be used in ANY_ROUTE.

Example 1.29. sip_trace_msg() usage

...
sip_trace_msg("$var(msg)", "udp:127.0.0.1:5062", "udp:127.0.0.1:5064", "sip:127.0.0.1:5090", "");
...

4.4.  hlog([correlation_id,] message)

Sends a log event as a HEP3 packet to the homer host configured in duplicate_uri.

Meaning of the parameters is as follows:

  • correlation_id (optional) - Homer correlation ID for this event. If this parameter is not set, the current message's call-id will be used. (This parameter may contain PVs)

  • message - The text to send to Homer as log event. (This parameter may contain PVs)

Example 1.30. hlog() usage

...
hlog("[cfg:$cfg(line)] This is a log from kamailio to Homer");
...
hlog("$hdr(P-MyID)", "Another one with a custom correlation ID");
...

5. RPC Commands

5.1.  siptrace.status param

Name: siptrace.status

Parameters:

  • on or off: turns on/off SIP message tracing. Possible values are:

    • on

    • off

  • check does not change siptrace status, just reports the current status.

RPC Command Format:

...
kamcmd siptrace.status on
kamcmd siptrace.status off
kamcmd siptrace.status check
...

6. Event Routes

6.1.  event_route[siptrace:msg]

The event route is executed when mirroring SIP traffic using core event callbacks (data in/out on network). If drop() is used, then the mirroring is no longer done.

Note: now only message content (e.g., headers, body) can be used for conditions in the event route, the source and destination addresses are not yet available.

...
event_route[siptrace:msg] {
    if(is_method("OPTIONS")) {
        drop();
    }
}
...

7. Database setup

Before running Kamailio with siptrace and activated trace_to_database parameter, you have to setup the database tables where the module will store the data. For that, if the table were not created by the installation script or you choose to install everything by yourself you can use the siptrace-create.sql SQL script in the database directories in the kamailio/scripts folder as template. You can also find the complete database documentation on the project webpage, https://www.kamailio.org/docs/db-tables/kamailio-db-devel.html.

8. Known issues

Stateless forwarded messages (forward()) are not logged if you set the flag, use sip_trace() inside onsend_route block.

If dialog level tracing is used internally generated BYE transaction(in case of internal timeouts) won't be traced. At the moment kamailio offers no possibility to trace those messages.

Trace_info xavp name is reserved by this module. Any use of xavp with this name will result in overlapping internal avp used by the module therefore causing unknown consequences.

Example 1.31. Send relayed ACK message

...
onsend_route {
    if (is_method("ACK")) {
        sip_trace();
    }
}
...