sr-dev October 2019

sr-dev@lists.kamailio.org

22 participants
436 discussions

git:5.2:722b8f0f: tls: switch to TLSv1.2 in example cfg, usage of TLS 1.0 is not recommended anymore

by Henning Westerholt

Module: kamailio Branch: 5.2 Commit: 722b8f0f3147359ce20bf6a2ba1a463ae79f6d93 URL: https://github.com/kamailio/kamailio/commit/722b8f0f3147359ce20bf6a2ba1a463… Author: Henning Westerholt <hw(a)skalatan.de> Committer: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-15T14:18:44+02:00 tls: switch to TLSv1.2 in example cfg, usage of TLS 1.0 is not recommended anymore (cherry picked from commit 3fa7b04cb6ac4170343455fa4f591fa95f7a3ff9) --- Modified: src/modules/tls/tls.cfg --- Diff: https://github.com/kamailio/kamailio/commit/722b8f0f3147359ce20bf6a2ba1a463… Patch: https://github.com/kamailio/kamailio/commit/722b8f0f3147359ce20bf6a2ba1a463… --- diff --git a/src/modules/tls/tls.cfg b/src/modules/tls/tls.cfg index b84ba8fcfc..d8b20049ae 100644 --- a/src/modules/tls/tls.cfg +++ b/src/modules/tls/tls.cfg @@ -8,12 +8,12 @@ # connections that do not match any other server # domain in this configuration file. # -# We do not enable anything else than TLSv1 +# We do not enable anything else than TLSv1.2 # over the public internet. Clients do not have # to present client certificates by default. # [server:default] -method = TLSv1 +method = TLSv1.2 verify_certificate = no require_certificate = no private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key @@ -29,21 +29,21 @@ certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem # We require that servers present valid certificate. # [client:default] -#method = TLSv1 +#method = TLSv1.2 verify_certificate = yes require_certificate = yes # --- # This is an example server domain for TLS connections # received from the loopback interface. We allow -# the use of TLSv1 protocols here, we do +# the use of TLSv1.2 protocols here, we do # not require that clients present client certificates # but if they present it it must be valid. We also use # a special certificate and CA list for loopback # interface. # #[server:5.6.7.8:5061] -#method = TLSv1 +#method = TLSv1.2 #verify_certificate = yes #require_certificate = no #private_key = /usr/local/etc/kamailio/tls/local_key.pem @@ -76,7 +76,7 @@ require_certificate = yes # - it requires to have 'server_name' to match on SNI (domain and subdomains) # #[server:any] -#method = TLSv1 +#method = TLSv1.2 #verify_certificate = yes #require_certificate = no #private_key = /usr/local/etc/kamailio/tls/mysipserver_org_key.pem @@ -93,7 +93,7 @@ require_certificate = yes # - it requires to have 'server_name' to match on SNI (only subdomains) # #[server:any] -#method = TLSv1 +#method = TLSv1.2 #verify_certificate = yes #require_certificate = no #private_key = /usr/local/etc/kamailio/tls/mysipserver_net_key.pem

5 years, 1 month

git:master:3fa7b04c: tls: switch to TLSv1.2 in example cfg, usage of TLS 1.0 is not recommended anymore

by Henning Westerholt

Module: kamailio Branch: master Commit: 3fa7b04cb6ac4170343455fa4f591fa95f7a3ff9 URL: https://github.com/kamailio/kamailio/commit/3fa7b04cb6ac4170343455fa4f591fa… Author: Henning Westerholt <hw(a)skalatan.de> Committer: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-15T14:14:16+02:00 tls: switch to TLSv1.2 in example cfg, usage of TLS 1.0 is not recommended anymore --- Modified: src/modules/tls/tls.cfg --- Diff: https://github.com/kamailio/kamailio/commit/3fa7b04cb6ac4170343455fa4f591fa… Patch: https://github.com/kamailio/kamailio/commit/3fa7b04cb6ac4170343455fa4f591fa… --- diff --git a/src/modules/tls/tls.cfg b/src/modules/tls/tls.cfg index b84ba8fcfc..d8b20049ae 100644 --- a/src/modules/tls/tls.cfg +++ b/src/modules/tls/tls.cfg @@ -8,12 +8,12 @@ # connections that do not match any other server # domain in this configuration file. # -# We do not enable anything else than TLSv1 +# We do not enable anything else than TLSv1.2 # over the public internet. Clients do not have # to present client certificates by default. # [server:default] -method = TLSv1 +method = TLSv1.2 verify_certificate = no require_certificate = no private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key @@ -29,21 +29,21 @@ certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem # We require that servers present valid certificate. # [client:default] -#method = TLSv1 +#method = TLSv1.2 verify_certificate = yes require_certificate = yes # --- # This is an example server domain for TLS connections # received from the loopback interface. We allow -# the use of TLSv1 protocols here, we do +# the use of TLSv1.2 protocols here, we do # not require that clients present client certificates # but if they present it it must be valid. We also use # a special certificate and CA list for loopback # interface. # #[server:5.6.7.8:5061] -#method = TLSv1 +#method = TLSv1.2 #verify_certificate = yes #require_certificate = no #private_key = /usr/local/etc/kamailio/tls/local_key.pem @@ -76,7 +76,7 @@ require_certificate = yes # - it requires to have 'server_name' to match on SNI (domain and subdomains) # #[server:any] -#method = TLSv1 +#method = TLSv1.2 #verify_certificate = yes #require_certificate = no #private_key = /usr/local/etc/kamailio/tls/mysipserver_org_key.pem @@ -93,7 +93,7 @@ require_certificate = yes # - it requires to have 'server_name' to match on SNI (only subdomains) # #[server:any] -#method = TLSv1 +#method = TLSv1.2 #verify_certificate = yes #require_certificate = no #private_key = /usr/local/etc/kamailio/tls/mysipserver_net_key.pem

5 years, 1 month

Kamailio jwt module or Lua script

by Joey Golan

Hi all, I would like to authenticate subscribers using JWT tokens and I wonder which approach is better: 1. Writhing a dedicated kamailio module. 2. Writing a Lua script. What would work better performance wise? Thanks, Joey.

5 years, 1 month

git:master:8ee71161: dispatcher: add some debug logging for ds_update_state function

by Henning Westerholt

Module: kamailio Branch: master Commit: 8ee71161f907201e1734a4b2476636cfb518dab3 URL: https://github.com/kamailio/kamailio/commit/8ee71161f907201e1734a4b2476636c… Author: Henning Westerholt <hw(a)skalatan.de> Committer: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-14T14:35:17+02:00 dispatcher: add some debug logging for ds_update_state function --- Modified: src/modules/dispatcher/dispatch.c --- Diff: https://github.com/kamailio/kamailio/commit/8ee71161f907201e1734a4b2476636c… Patch: https://github.com/kamailio/kamailio/commit/8ee71161f907201e1734a4b2476636c… --- diff --git a/src/modules/dispatcher/dispatch.c b/src/modules/dispatcher/dispatch.c index a3c33a0cbb..483ddb418f 100644 --- a/src/modules/dispatcher/dispatch.c +++ b/src/modules/dispatcher/dispatch.c @@ -2688,6 +2688,7 @@ int ds_update_state(sip_msg_t *msg, int group, str *address, int state) LM_ERR("destination set [%d] not found\n", group); return -1; } + LM_DBG("update state for %.*s in group %d to %d\n", address->len, address->s, group, state); while(i < idx->nr) { if(idx->dlist[i].uri.len == address->len @@ -2718,12 +2719,15 @@ int ds_update_state(sip_msg_t *msg, int group, str *address, int state) if(state & DS_TRYING_DST) { idx->dlist[i].message_count++; + LM_DBG("destination did not replied %d times, threshold %d\n", + idx->dlist[i].message_count, probing_threshold); /* Destination is not replying.. Increasing failure counter */ if(idx->dlist[i].message_count >= probing_threshold) { - /* Destionation has too much lost messages.. Bringing it to inactive state */ + /* Destination has too much lost messages.. Bringing it to inactive state */ idx->dlist[i].flags &= ~DS_TRYING_DST; idx->dlist[i].flags |= DS_INACTIVE_DST; idx->dlist[i].message_count = 0; + LM_DBG("deactivate destination, threshold %d reached\n", probing_threshold); } } else { if(!(init_state & DS_TRYING_DST) @@ -2733,9 +2737,12 @@ int ds_update_state(sip_msg_t *msg, int group, str *address, int state) if(idx->dlist[i].message_count < inactive_threshold) { /* Destination has not enough successful replies.. Leaving it into inactive state */ idx->dlist[i].flags |= DS_INACTIVE_DST; + LM_DBG("destination replied successful %d times, threshold %d\n", + idx->dlist[i].message_count, inactive_threshold); } else { /* Destination has enough replied messages.. Bringing it to active state */ idx->dlist[i].message_count = 0; + LM_DBG("activate destination, threshold %d reached\n", inactive_threshold); } } else { idx->dlist[i].message_count = 0; @@ -2753,6 +2760,7 @@ int ds_update_state(sip_msg_t *msg, int group, str *address, int state) ds_reinit_rweight_on_state_change( old_state, idx->dlist[i].flags, idx); + LM_DBG("old state was %d, set new state to %d\n", old_state, idx->dlist[i].flags); return 0; } i++;

5 years, 1 month

git:master:82195c2a: nathelper: removed exe flag from c file

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: 82195c2a51c5020ca0024f59492a4e2faef0e15a URL: https://github.com/kamailio/kamailio/commit/82195c2a51c5020ca0024f59492a4e2… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2019-10-11T14:02:57+02:00 nathelper: removed exe flag from c file --- Modified: src/modules/nathelper/nathelper.c --- Diff: https://github.com/kamailio/kamailio/commit/82195c2a51c5020ca0024f59492a4e2… Patch: https://github.com/kamailio/kamailio/commit/82195c2a51c5020ca0024f59492a4e2… --- diff --git a/src/modules/nathelper/nathelper.c b/src/modules/nathelper/nathelper.c old mode 100755 new mode 100644

5 years, 1 month

Re: [sr-dev] [SR-Users] Kamailio v5.2.5 Released

by Andrew Chen

Awesome. Thanks. On Thu, Oct 10, 2019 at 1:04 PM Joel Serrano <joel(a)textplus.com> wrote: > Hey Andy, > > I think you probably checked before the CI pipeline finished preparing the > packages haha... Right now v5.2.5 is available in the repo: > > http://deb.kamailio.org/kamailio52/pool/main/k/kamailio/ > > > Cheers, > Joel. > > > > On Thu, Oct 10, 2019 at 7:17 AM Andrew Chen <achen(a)fuze.com> wrote: > >> Hi Daniel, >> >> Can we have this available in apt repository as well? I don't seem to >> see it: >> >> kamailio | 5.2.4+bionic | http://deb.kamailio.org/kamailio52 >> bionic/main amd64 Packages >> kamailio | 5.2.4+bionic | http://deb.kamailio.org/kamailio52 >> bionic/main Sources >> >> This is all I see even after apt-get update. >> >> Thanks. >> --Andy >> >> >> On Thu, Oct 10, 2019 at 8:26 AM Daniel-Constantin Mierla < >> miconda(a)gmail.com> wrote: >> >>> Hello, >>> >>> Kamailio SIP Server v5.2.5 stable release is out. >>> >>> This is a maintenance release of the latest stable branch, 5.2, that >>> includes fixes since the release of v5.2.4. There is no change to >>> database schema or configuration language structure that you have to do >>> on previous installations of v5.2.x. Deployments running previous v5.2.x >>> versions are strongly recommended to be upgraded to v5.2.5. >>> >>> For more details about version 5.2.5 (including links and guidelines to >>> download the tarball or from GIT repository), visit: >>> >>> * https://www.kamailio.org/w/2019/10/kamailio-v5-2-5-released/ >>> >>> RPM, Debian/Ubuntu packages will be available soon as well. >>> >>> Many thanks to all contributing and using Kamailio! >>> >>> Cheers, >>> Daniel >>> >>> -- >>> Daniel-Constantin Mierla -- www.asipto.com >>> www.twitter.com/miconda -- www.linkedin.com/in/miconda >>> Kamailio Advanced Training, Oct 21-23, 2019, Berlin, Germany -- >>> https://asipto.com/u/kat >>> >>> >>> _______________________________________________ >>> Kamailio (SER) - Users Mailing List >>> sr-users(a)lists.kamailio.org >>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> >> >> >> -- >> Andy Chen >> Sr. Telephony Lead Engineer >> 415 516 5535 (M) >> achen@ <achen(a)thinkingphones.com>fuze.com >> >> >> *Confidentiality Notice: The information contained in this e-mail and any >> attachments may be confidential. If you are not an intended recipient, you >> are hereby notified that any dissemination, distribution or copying of >> this >> e-mail is strictly prohibited. If you have received this e-mail in error, >> please notify the sender and permanently delete the e-mail and any >> attachments immediately. You should not retain, copy or use this e-mail or >> any attachment for any purpose, nor disclose all or any part of the >> contents to any other person. Thank you.* >> _______________________________________________ >> Kamailio (SER) - Users Mailing List >> sr-users(a)lists.kamailio.org >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> > _______________________________________________ > Kamailio (SER) - Users Mailing List > sr-users(a)lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > -- Andy Chen Sr. Telephony Lead Engineer 415 516 5535 (M) achen@ <achen(a)thinkingphones.com>fuze.com -- *Confidentiality Notice: The information contained in this e-mail and any attachments may be confidential. If you are not an intended recipient, you are hereby notified that any dissemination, distribution or copying of this e-mail is strictly prohibited. If you have received this e-mail in error, please notify the sender and permanently delete the e-mail and any attachments immediately. You should not retain, copy or use this e-mail or any attachment for any purpose, nor disclose all or any part of the contents to any other person. Thank you.*

5 years, 1 month

Kamailio v5.2.5 Released

by Daniel-Constantin Mierla

Hello, Kamailio SIP Server v5.2.5 stable release is out. This is a maintenance release of the latest stable branch, 5.2, that includes fixes since the release of v5.2.4. There is no change to database schema or configuration language structure that you have to do on previous installations of v5.2.x. Deployments running previous v5.2.x versions are strongly recommended to be upgraded to v5.2.5. For more details about version 5.2.5 (including links and guidelines to download the tarball or from GIT repository), visit: * https://www.kamailio.org/w/2019/10/kamailio-v5-2-5-released/ RPM, Debian/Ubuntu packages will be available soon as well. Many thanks to all contributing and using Kamailio! Cheers, Daniel -- Daniel-Constantin Mierla -- www.asipto.com www.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio Advanced Training, Oct 21-23, 2019, Berlin, Germany -- https://asipto.com/u/kat

5 years, 1 month

git:master:038158c9: core: new global parameter uri_host_extra_chars

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: 038158c99da96933c26b11a919ed1cbe29af9fab URL: https://github.com/kamailio/kamailio/commit/038158c99da96933c26b11a919ed1cb… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2019-10-10T14:25:43+02:00 core: new global parameter uri_host_extra_chars - allow specifying additional chars to be allowed in host part - example: uri_host_extra_chars = "_" --- Modified: src/core/cfg.lex Modified: src/core/cfg.y Modified: src/core/globals.h Modified: src/core/parser/parse_uri.c --- Diff: https://github.com/kamailio/kamailio/commit/038158c99da96933c26b11a919ed1cb… Patch: https://github.com/kamailio/kamailio/commit/038158c99da96933c26b11a919ed1cb… --- diff --git a/src/core/cfg.lex b/src/core/cfg.lex index a640bd158f..25671d1127 100644 --- a/src/core/cfg.lex +++ b/src/core/cfg.lex @@ -470,6 +470,8 @@ LATENCY_LIMIT_DB latency_limit_db LATENCY_LIMIT_ACTION latency_limit_action LATENCY_LIMIT_CFG latency_limit_cfg +URI_HOST_EXTRA_CHARS "uri_host_extra_chars" + MSG_TIME msg_time ONSEND_RT_REPLY "onsend_route_reply" CFG_DESCRIPTION "description"|"descr"|"desc" @@ -980,6 +982,7 @@ IMPORTFILE "import_file" <INITIAL>{LOADPATH} { count(); yylval.strval=yytext; return LOADPATH; } <INITIAL>{MODPARAM} { count(); yylval.strval=yytext; return MODPARAM; } <INITIAL>{CFGENGINE} { count(); yylval.strval=yytext; return CFGENGINE; } +<INITIAL>{URI_HOST_EXTRA_CHARS} { yylval.strval=yytext; return URI_HOST_EXTRA_CHARS; } <INITIAL>{EQUAL} { count(); return EQUAL; } <INITIAL>{ADDEQ} { count(); return ADDEQ; } diff --git a/src/core/cfg.y b/src/core/cfg.y index 0042af8327..56a8c9ab8c 100644 --- a/src/core/cfg.y +++ b/src/core/cfg.y @@ -503,6 +503,7 @@ extern char *default_routename; %token LATENCY_LIMIT_CFG %token MSG_TIME %token ONSEND_RT_REPLY +%token URI_HOST_EXTRA_CHARS %token FLAGS_DECL %token AVPFLAGS_DECL @@ -1437,6 +1438,8 @@ assign_stm: user_agent_hdr.len=strlen(user_agent_hdr.s); } | USER_AGENT_HEADER EQUAL error { yyerror("string value expected"); } + | URI_HOST_EXTRA_CHARS EQUAL STRING { _sr_uri_host_extra_chars=$3; } + | URI_HOST_EXTRA_CHARS EQUAL error { yyerror("string value expected"); } | REPLY_TO_VIA EQUAL NUMBER { reply_to_via=$3; } | REPLY_TO_VIA EQUAL error { yyerror("boolean value expected"); } | LISTEN EQUAL id_lst { diff --git a/src/core/globals.h b/src/core/globals.h index 2149eeccd6..81fad0b284 100644 --- a/src/core/globals.h +++ b/src/core/globals.h @@ -215,6 +215,8 @@ extern int ksr_route_locks_size; extern str _ksr_xavp_via_params; extern str _ksr_xavp_via_fields; +extern char *_sr_uri_host_extra_chars; + #ifdef USE_DNS_CACHE extern int dns_cache_init; /* if 0, the DNS cache is not initialized at startup */ extern unsigned int dns_timer_interval; /* gc timer interval in s */ diff --git a/src/core/parser/parse_uri.c b/src/core/parser/parse_uri.c index dbf5a7f9f7..ec39ea7cf2 100644 --- a/src/core/parser/parse_uri.c +++ b/src/core/parser/parse_uri.c @@ -37,6 +37,25 @@ static char _sr_uri_empty_buf[2] = {0}; static str _sr_uri_empty = { _sr_uri_empty_buf, 0 }; +/* extra chars that should be allowed in URI host */ +char *_sr_uri_host_extra_chars = ""; + +int uri_host_char_allowed(char c) +{ + int i = 0; + + if(_sr_uri_host_extra_chars==NULL || _sr_uri_host_extra_chars[0]=='\0') { + return 0; + } + while(_sr_uri_host_extra_chars[i]!='\0') { + if(_sr_uri_host_extra_chars[i]==c) { + return 1; + } + i++; + } + return 0; +} + /* buf= pointer to begining of uri (sip:x@foo.bar:5060;a=b?h=i) * len= len of uri * returns: fills uri & returns <0 on error or 0 if ok @@ -542,7 +561,8 @@ int parse_uri(char* buf, int len, struct sip_uri* uri) switch(*p) { check_host_end; default: - if(!isalnum(*p) && (*p != '.') && (*p != '-')) { + if(!isalnum(*p) && (*p != '.') && (*p != '-') + && !uri_host_char_allowed(*p)) { goto error_bad_host; } }

5 years, 1 month

git:5.2:62d35f9e: ChangeLog: content updated for v5.2.5

by Daniel-Constantin Mierla

Module: kamailio Branch: 5.2 Commit: 62d35f9e80577f511371ef3e4571773ecaa18b03 URL: https://github.com/kamailio/kamailio/commit/62d35f9e80577f511371ef3e4571773… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2019-10-10T10:44:09+02:00 ChangeLog: content updated for v5.2.5 --- Modified: ChangeLog --- Diff: https://github.com/kamailio/kamailio/commit/62d35f9e80577f511371ef3e4571773… Patch: https://github.com/kamailio/kamailio/commit/62d35f9e80577f511371ef3e4571773…

5 years, 1 month

git:5.2:8d08d3fd: Makefile.defs: version set to 5.2.5

by Daniel-Constantin Mierla

Module: kamailio Branch: 5.2 Commit: 8d08d3fdb8f70955ae0bcbf62a32761d653383a3 URL: https://github.com/kamailio/kamailio/commit/8d08d3fdb8f70955ae0bcbf62a32761… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2019-10-10T10:33:45+02:00 Makefile.defs: version set to 5.2.5 --- Modified: src/Makefile.defs --- Diff: https://github.com/kamailio/kamailio/commit/8d08d3fdb8f70955ae0bcbf62a32761… Patch: https://github.com/kamailio/kamailio/commit/8d08d3fdb8f70955ae0bcbf62a32761… --- diff --git a/src/Makefile.defs b/src/Makefile.defs index fe15cda4d1..483a11eb27 100644 --- a/src/Makefile.defs +++ b/src/Makefile.defs @@ -106,7 +106,7 @@ INSTALL_FLAVOUR=$(FLAVOUR) # version number VERSION = 5 PATCHLEVEL = 2 -SUBLEVEL = 4 +SUBLEVEL = 5 EXTRAVERSION = # memory manager switcher

5 years, 1 month

← Newer
1
...
22
23
24
25
26
27
28
...
44
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev October 2019