Description

For secure websocket connections (wss), Kamailio seems to forget that the connection is secure, later trying to use a regular TCP listen option to send out messags.

I'd be happy to propose a patch, but I'm not sure what the expected behavior of Kamailio would be here.

Setup:

• One Kamailio acting as websocket endpoint with TLS configured, forwarding all packets via udp to another kamailio
• Another Kamailio handling all dialplan logic, including registers/invites

We have traced the issue:

• Client sends a REGISTER over secure websockets
  • Kamailio1 forwards this to Kamailio 2, with Path: <sip:kamailio1:port1;lr;received=sip:1.1.1.1:11111%3Btransport%3Dws>
  • Kamailio 2 stores the AOR in database using registrar.store
  • In the location table, we can see received = sip:1.1.1.1:11111;transport=ws
• We try to send a SIP INVITE to the WebRTC client
  • Kamailio 2 creates invite, adds header Route: with option transport=ws
  • INVITE arrives at Kamailio 1, which forwards it to the client using t_relay
  • Kamailio 1 ends up in get_send_socket2, with parameter proto = ws
  • Following the source code, we end up here, this will end up picking sendipv4_tcp as send_sock
  • This picks a TCP listener, while in fact we need a TLS listener
  • As a result, the outgoing message contains a wrong endpoint in the Record-Route header, causing issues in the SIP dialog later on

Troubleshooting

Reproduction

Reproducing from scratch requires quite some setup, hopefully the above information will be enough to diagnose.

Debugging Data

See above.

Log Messages

See above.

SIP Traffic

See above, can provide exact SIP traces if required.

Possible Solutions

We have been able to work around the issue like this:

if (pcre_match("$(hdr(Route)[0]{nameaddr.uri}{uri.param,received})", "%3Btransport%3Dws")) {
    # Kamailio bug?
    # in the received parameter of the route header, there is ';transport=ws'
    # so kamailio starts looking for a *tcp* connection, while it should be looking for a *tls*
    # connection.
    xlog("L_NOTICE", "Websocket detected; forcing wss transport");
    set_send_socket("tls:WEBSOCKET_IP:WEBSOCKET_PORT");
}

Additional Information

• Kamailio Version - output of kamailio -v

Tested with 5.4.4, but code doesn't seem to be changed in master.

• Operating System:

Ubuntu Focal.

—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <kamailio/kamailio/issues/3340@github.com>