Hello community,
We're currently facing a couple of issues in our setup involving Kamailio (v6.1.0-dev1), RTPEngine, and FreeSWITCH, primarily with WebRTC/WSS endpoints and media handling. I would appreciate any guidance or suggestions to help resolve them.
Issue 1: ACK Dropped Due to .invalid Hostname – Call Drops After 32s
We are experiencing a problem when using t_on_reply() where ACKs fail to route correctly, resulting in the following error:
<core> [core/resolve.c:1773]: …
[View More]sip_hostport2su(): could not resolve hostname: "2f3d6480-4e78-11f0-a25d-ad05fd2deba0.invalid"
<core> [core/forward.c:536]: forward_request_mode(): bad host name 2f3d6480-4e78-11f0-a25d-ad05fd2deba0.invalid, dropping packet
sl [sl_funcs.c:430]: sl_reply_error(): stateless error reply used: Unresolvable destination (478/SL)
This causes ACKs to fail and calls to drop after 32 seconds (likely due to lack of ACK for 200 OK).
Here is my WITHINDLG function.
route[WITHINDLG] {
if (has_totag()) {
if (is_method("ACK")) {
# Fix invalid domains before forwarding
if ($du =~ ".invalid") {
xlog("L_WARN", "Fixing ACK destination for invalid domain: $ru\n");
handle_ruri_alias();
}
xlog("L_INFO", "Processing ACK for call ID: $ci $ru\n");
if (t_check_trans()) {
xlog("L_INFO", "Stateful ACK - relaying\n");
route(RELAY);
exit;
} else {
xlog("L_WARN", "Stateless ACK - relaying anyway to ensure call stability $proto $ru\n");
route(RELAY);
exit;
}
}
if (loose_route()) {
xlog("L_INFO", "Loose routing enabled for $rm\n");
if ($du == "") {
if (!handle_ruri_alias()) {
xlog("L_ERR", "Bad alias <$ru>\n");
sl_send_reply("400", "Bad Request");
exit;
}
}
route(DLGURI);
if (is_method("BYE")) {
setflag(FLT_ACC); # Do accounting
setflag(FLT_ACCFAILED); # Even if the transaction fails
}
if (is_method("NOTIFY")) {
record_route();
}
route(RELAY);
exit;
} else {
if (is_method("SUBSCRIBE") && uri == myself) {
xlog("L_INFO", "Processing in-dialog SUBSCRIBE request\n");
exit;
}
if (is_method("ACK")) {
xlog("L_WARN", "Standalone ACK detected, ignoring\n");
exit;
}
sl_send_reply("404", "Not Here");
exit;
}
}
}
Questions:
Is there a more reliable way to handle .invalid hostnames in $du/$ru caused by upstream or downstream Contact headers?
Should I forcibly rewrite $du/$ru or avoid using t_on_reply() for certain scenarios?
Issue 2: Media Not Flowing Correctly – RTPEngine Flags for WSS ➝ Freeswitch ➝ WSS
We’re testing a WebRTC (WSS) → Freeswitch → WebRTC (WSS) flow, where Freeswitch is generating media with media_webrtc=true.
The general flow is:
Device Registred on Kamailio (WSS client) → Freeswitch → Kamailio/RTPEngine → WSS client
Our branch logic is as follows:
route[LOCATION] {
t_on_branch("BRANCH_MEDIA");
lookup("location");
t_relay();
exit;
}
branch_route[BRANCH_MEDIA] {
if (is_method("INVITE")) {
xlog("L_INFO", "BRANCH_MEDIA.......................................\n");
xlog("L_INFO", "Request for $proto $ru $du");
if ($ru =~ "transport=ws") {
xlog("L_INFO", "This is a WSS phone call request to $proto $ru");
if (sdp_with_transport_like("RTP/SAVPF"))
{
rtpengine_offer("ICE=force-relay replace-origin DTLS=passive");
xlog("L_INFO", "[REPLY_WS_TO_WS]Request to REPLY_WS_TO_WS");
t_on_reply("REPLY_WS_TO_WS");
}else {
rtpengine_offer("trust-address replace-origin replace-session-connection ICE=force RTP/SAVPF SDES-off rtcp-mux-offer");
xlog("L_INFO", "[REPLY_FROM_WS]Request to REPLY_FROM_WS");
t_on_reply("REPLY_FROM_WS");
}
}
else if ($proto =~ "ws") {
$var(rtpengine_offer_flags) = "trust-address replace-origin replace-session-connection rtcp-mux-demux ICE=remove UDP/TLS/RTP/SAVP";
t_on_reply("REPLY_TO_WS");
rtpengine_offer("$var(rtpengine_offer_flags)");
}
else {
$var(rtpengine_offer_flags) = "trust-address replace-origin replace-session-connection rtcp-mux-demux ICE=remove RTP/AVP";
t_on_reply("MANAGE_CLASSIC_REPLY");
rtpengine_offer("$var(rtpengine_offer_flags)");
}
}
route(NATMANAGE);
}
onreply_route[REPLY_WS_TO_WS]
{
if(status=~"[12][0-9][0-9]") {
rtpengine_answer("ICE=force-relay replace-origin DTLS=passive");
route(NATMANAGE);
}
if (nat_uac_test("1")) {
fix_nated_contact();
}
}
onreply_route[REPLY_TO_WS] {
if (is_method("INVITE") && has_totag() && t_check_status("200")) {
xlog("L_INFO", "[REPLY_TO_WS]Reply from webrtc client: $rs");
$var(rtpengine_REPLY_TO_WS_flags) = "trust-address replace-origin replace-session-connection SDES-off ICE=force";
route(NATMANAGE);
xlog("L_INFO","[REPLY_TO_WS] RTP Engine Flags Answer--------->: $var(rtpengine_REPLY_TO_WS_flags)\n");
rtpengine_answer("$var(rtpengine_REPLY_TO_WS_flags)");
}
if (nat_uac_test("1")) {
fix_nated_contact();
}
}
onreply_route[REPLY_FROM_WS] {
if(status=~"[12][0-9][0-9]")
{
rtpengine_answer("trust-address replace-origin replace-session-connection DTLS=passive ICE=remove RTP/AVP rtcp-mux-demux label=$fU");
xlog("L_INFO", "----- $fU | Change RTP sources for WS reply $rs in REPLY_FROM_WS- M=$rm R=$ru F=$fu T=$tu IP=$pr:$si:$sp -----\n");
route(NATMANAGE);
}
if (nat_uac_test("1")) {
fix_nated_contact();
}
}
onreply_route[MANAGE_CLASSIC_REPLY] {
if (is_method("INVITE") && has_totag() && t_check_status("200")) {
xlog("L_INFO", "[MANAGE_CLASSIC_REPLY]Boring reply from softphone: $rs");
$var(rtpengine_flags) = "rtcp-mux-demux DTLS=off SDES-on ICE=remove RTP/SAVP inject-DTMF";
route(NATMANAGE);
xlog("L_INFO","[MANAGE_CLASSIC_REPLY] RTP Engine Flags Answer--------->: $var(rtpengine_flags)\n");
rtpengine_answer("$var(rtpengine_flags)");
}
if (nat_uac_test("1")) {
fix_nated_contact();
}
}
Despite this, media is not flowing properly between WSS clients, and we're suspecting either the wrong RTPEngine flags or SDP modifications.
Questions:
Is this the correct way to differentiate flags based on WSS versus UDP endpoints?
Is it recommended to split branch_route vs onreply_route in this manner?
Any help or suggestions from the community would be greatly appreciated. Thanks in advance!
Best regards,
[View Less]
<!-- Kamailio Pull Request Template -->
<!--
IMPORTANT:
- for detailed contributing guidelines, read:
https://github.com/kamailio/kamailio/blob/master/.github/CONTRIBUTING.md
- pull requests must be done to master branch, unless they are backports
of fixes from master branch to a stable branch
- backports to stable branches must be done with 'git cherry-pick -x ...'
- code is contributed under BSD for core and main components (tm, sl, auth, …
[View More]tls)
- code is contributed GPLv2 or a compatible license for the other components
- GPL code is contributed with OpenSSL licensing exception
-->
#### Pre-Submission Checklist
<!-- Go over all points below, and after creating the PR, tick all the checkboxes that apply -->
<!-- All points should be verified, otherwise, read the CONTRIBUTING guidelines from above-->
<!-- If you're unsure about any of these, don't hesitate to ask on sr-dev mailing list -->
- [ ] Commit message has the format required by CONTRIBUTING guide
- [ ] Commits are split per component (core, individual modules, libs, utils, ...)
- [ ] Each component has a single commit (if not, squash them into one commit)
- [ ] No commits to README files for modules (changes must be done to docbook files
in `doc/` subfolder, the README file is autogenerated)
#### Type Of Change
- [ ] Small bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds new functionality)
- [ ] Breaking change (fix or feature that would change existing functionality)
#### Checklist:
<!-- Go over all points below, and after creating the PR, tick the checkboxes that apply -->
- [ ] PR should be backported to stable branches
- [ ] Tested changes locally
- [ ] Related to issue #XXXX (replace XXXX with an open issue number)
#### Description
<!-- Describe your changes in detail -->
You can view, comment on, or merge this pull request online at:
https://github.com/kamailio/kamailio/pull/4276
-- Commit Summary --
* add remove all header function
-- File Changes --
M src/modules/pv_headers/pv_headers.c (9)
M src/modules/pv_headers/pvh_func.c (19)
M src/modules/pv_headers/pvh_func.h (1)
-- Patch Links --
https://github.com/kamailio/kamailio/pull/4276.patchhttps://github.com/kamailio/kamailio/pull/4276.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/4276
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/pull/4276(a)github.com>
[View Less]
Hey everyone,
I am diving into Kamailio & trying to wrap my head around how to handle some custom SIP scenarios, when it comes to module integration. I have gone through some of the docs but still feel a bit lost on choosing the right modules & how they interact for use cases such as custom header manipulation or building out a basic call-routing logic beyond the default examples.
I am not sure if I should be using `dialog`, `tm`, or maybe even `uac` for this. Also, does anyone here …
[View More]have experience using Kamailio with external APIs for call control or authentication purposes? Any examples, tips or gotchas I should be aware of ? Also i have check this <a href="https://www.kamailio.org/w/features/">https://www.kamailio.org/w/features/</a>
<a href="https://www.igmguru.com/project-management/capm-certification-training">capm course</a> witch is good still need your help.
I appreciate if someone could point me to a working config or give some practical advice from experience. Still new to SIP routing logic, so trying to learn the right way early on.
Thank you.:)
[View Less]
<!-- Kamailio Pull Request Template -->
<!--
IMPORTANT:
- for detailed contributing guidelines, read:
https://github.com/kamailio/kamailio/blob/master/.github/CONTRIBUTING.md
- pull requests must be done to master branch, unless they are backports
of fixes from master branch to a stable branch
- backports to stable branches must be done with 'git cherry-pick -x ...'
- code is contributed under BSD for core and main components (tm, sl, auth, …
[View More]tls)
- code is contributed GPLv2 or a compatible license for the other components
- GPL code is contributed with OpenSSL licensing exception
-->
#### Pre-Submission Checklist
<!-- Go over all points below, and after creating the PR, tick all the checkboxes that apply -->
<!-- All points should be verified, otherwise, read the CONTRIBUTING guidelines from above-->
<!-- If you're unsure about any of these, don't hesitate to ask on sr-dev mailing list -->
- [x] Commit message has the format required by CONTRIBUTING guide
- [x] Commits are split per component (core, individual modules, libs, utils, ...)
- [x] Each component has a single commit (if not, squash them into one commit)
- [x] No commits to README files for modules (changes must be done to docbook files
in `doc/` subfolder, the README file is autogenerated)
#### Type Of Change
- [x] Small bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds new functionality)
- [ ] Breaking change (fix or feature that would change existing functionality)
#### Checklist:
<!-- Go over all points below, and after creating the PR, tick the checkboxes that apply -->
- [ ] PR should be backported to stable branches
- [x] Tested changes locally
- [ ] Related to issue #XXXX (replace XXXX with an open issue number)
#### Description
<!-- Describe your changes in detail -->
This PR allows the functions `allow_address_group` and `allow_source_address_group` to search for Longest Prefix Match (LPM) when searching for an IP is in a subnet instead of the first found.
Since this is a stricter check, i don't think we require an extra param for it, but feel free to suggest otherwise if there are any use-cases that required the first matched.
You can view, comment on, or merge this pull request online at:
https://github.com/kamailio/kamailio/pull/4297
-- Commit Summary --
* permissions: Perform LPM to find the longest matching subnet
-- File Changes --
M src/modules/permissions/hash.c (23)
-- Patch Links --
https://github.com/kamailio/kamailio/pull/4297.patchhttps://github.com/kamailio/kamailio/pull/4297.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/4297
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/pull/4297(a)github.com>
[View Less]
Module: kamailio
Branch: master
Commit: 64635de552896fbf354e52656ec4ee93f1d87e6f
URL: https://github.com/kamailio/kamailio/commit/64635de552896fbf354e52656ec4ee9…
Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
Committer: Daniel-Constantin Mierla <miconda(a)gmail.com>
Date: 2025-06-30T08:33:35+02:00
secsipid: docs update to reflect better the use of private/public key
---
Modified: src/modules/secsipid/doc/secsipid_admin.xml
---
Diff: https://github.com/kamailio/…
[View More]kamailio/commit/64635de552896fbf354e52656ec4ee9…
Patch: https://github.com/kamailio/kamailio/commit/64635de552896fbf354e52656ec4ee9…
---
diff --git a/src/modules/secsipid/doc/secsipid_admin.xml b/src/modules/secsipid/doc/secsipid_admin.xml
index 4009f745149..ed70d1d2ea1 100644
--- a/src/modules/secsipid/doc/secsipid_admin.xml
+++ b/src/modules/secsipid/doc/secsipid_admin.xml
@@ -203,9 +203,9 @@ modparam("secsipid", "libopt", "CacheExpires=0")
<function moreinfo="none">secsipid_check_identity(keyPath)</function>
</title>
<para>
- Check the validity of the Identity header using the keys stored
+ Check the validity of the Identity header using the public keys stored
in the file specified by "keyPath". If the parameter is empty,
- the function is downloading the key using the URL from "info"
+ the function is downloading the public key using the URL from "info"
parameter of the Identity header, using the value of "timeout"
parameter to limit the download time. The validity of the JWT
body in the Identity header is also checked against the "expire"
@@ -271,9 +271,9 @@ request_route {
<function moreinfo="none">secsipid_check(sIdentity, keyPath)</function>
</title>
<para>
- Check the validity of the "sIdentity" parameter using the keys stored
+ Check the validity of the "sIdentity" parameter using the public keys stored
in the file specified by "keyPath". If the keyPath parameter is empty,
- the function is downloading the key using the URL from "info"
+ the function is downloading the public key using the URL from "info"
parameter of the sIdentity, using the value of "timeout"
parameter to limit the download time. The validity of the JWT
in the sIdentity value is also checked against the "expire"
@@ -384,7 +384,7 @@ request_route {
<function moreinfo="none">secsipid_add_identity(origTN, destTN, attest, origID, x5u, keyPath)</function>
</title>
<para>
- Add Identity header using the key specified by "keyPath" to sign the JWT body.
+ Add Identity header using the private key specified by "keyPath" to sign the JWT body.
If origID is empty, a UUID string is generated to fill the field. The origTN
represents the origination telephone number; destTN represents the destination
telephone number; x5u is the HTTP URL referencing to the public key that
@@ -416,7 +416,7 @@ request_route {
<function moreinfo="none">secsipid_build_identity(origTN, destTN, attest, origID, x5u, keyPath)</function>
</title>
<para>
- Build Identity value using the key specified by "keyPath" to sign the JWT body.
+ Build Identity value using the key specified by private "keyPath" to sign the JWT body.
If origID is empty, a UUID string is generated to fill the field. The origTN
represents the origination telephone number; destTN represents the destination
telephone number; x5u is the HTTP URL referencing to the public key that
@@ -482,7 +482,7 @@ request_route {
<function moreinfo="none">secsipid_sign(sheaders, spaypload, keyPath)</function>
</title>
<para>
- Build Identity value using the key specified by "keyPath" to sign the JWT body.
+ Build Identity value using the private key specified by "keyPath" to sign the JWT body.
The sheaders and spayload have to be string representation of JSON
headers and payload to be signed. On success, the Indentity value is
stored in variable $secsipid(val). It also sets $secsipid(ret) to
[View Less]
Module: kamailio
Branch: master
Commit: b2ac541e934bba5758c7af4e59091da24bc96ca6
URL: https://github.com/kamailio/kamailio/commit/b2ac541e934bba5758c7af4e59091da…
Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
Committer: Daniel-Constantin Mierla <miconda(a)gmail.com>
Date: 2025-06-30T08:19:55+02:00
core: formatted the list of dns error messages
---
Modified: src/core/dns_cache.c
---
Diff: https://github.com/kamailio/kamailio/commit/b2ac541e934bba5758c7af4e59091da……
[View More]Patch: https://github.com/kamailio/kamailio/commit/b2ac541e934bba5758c7af4e59091da…
---
diff --git a/src/core/dns_cache.c b/src/core/dns_cache.c
index fbc5e83f27c..6c5f8c38e1b 100644
--- a/src/core/dns_cache.c
+++ b/src/core/dns_cache.c
@@ -120,14 +120,24 @@ static atomic_t *dns_servers_up = NULL;
#endif
-static const char *dns_str_errors[] = {"no error",
- "no more records", /* not an error, but and end condition */
- "unknown error", "internal error", "bad SRV entry",
- "unresolvable SRV request", "bad A or AAAA entry",
- "unresolvable A or AAAA request", "invalid ip in A or AAAA record",
- "blocklisted ip", "name too long ", /* try again with a shorter name */
- "ip AF mismatch", /* address family mismatch */
- "unresolvable NAPTR request", "bug - critical error"};
+/* clang-format off */
+static const char *dns_str_errors[] = {
+ "no error",
+ "no more records", /* not an error, but and end condition */
+ "unknown error",
+ "internal error",
+ "bad SRV entry",
+ "unresolvable SRV request",
+ "bad A or AAAA entry",
+ "unresolvable A or AAAA request",
+ "invalid ip in A or AAAA record",
+ "blocklisted ip",
+ "name too long ", /* try again with a shorter name */
+ "ip AF mismatch", /* address family mismatch */
+ "unresolvable NAPTR request",
+ "bug - critical error"
+};
+/* clang-format on */
void dns_set_local_ttl(int ttl)
[View Less]