[kamailio/kamailio] Confusing wss transport with ws transport while forwarding sip messages (Issue #3340)
### Description
For secure websocket connections (wss), Kamailio seems to forget that the connection is secure, later trying to use a regular TCP `listen` option to send out messags.
I'd be happy to propose a patch, but I'm not sure what the expected behavior of Kamailio would be here.
Setup:
- One Kamailio acting as websocket endpoint with TLS configured, forwarding all packets via udp to another kamailio - Another Kamailio handling all dialplan logic, including registers/invites
We have traced the issue:
- Client sends a `REGISTER` over secure websockets - Kamailio1 forwards this to Kamailio 2, with `Path: sip:kamailio1:port1;lr;received=sip:1.1.1.1:11111%3Btransport%3Dws` - Kamailio 2 stores the AOR in database using `registrar.store` - In the location table, we can see `received = sip:1.1.1.1:11111;transport=ws` - We try to send a SIP INVITE to the WebRTC client - Kamailio 2 creates invite, adds header `Route: ` with option `transport=ws` - INVITE arrives at Kamailio 1, which forwards it to the client using `t_relay` - Kamailio 1 ends up in `get_send_socket2`, with parameter `proto = ws` - Following the source code, we end up [here](https://github.com/kamailio/kamailio/blob/master/src/core/forward.c#L286), this will end up picking `sendipv4_tcp` as `send_sock` - This picks a *TCP* listener, while in fact we need a *TLS* listener - As a result, the outgoing message contains a wrong endpoint in the `Record-Route` header, causing issues in the SIP dialog later on
### Troubleshooting
#### Reproduction
Reproducing from scratch requires quite some setup, hopefully the above information will be enough to diagnose.
#### Debugging Data
See above.
#### Log Messages
See above.
#### SIP Traffic
See above, can provide exact SIP traces if required.
### Possible Solutions
We have been able to work around the issue like this:
``` if (pcre_match("$(hdr(Route)[0]{nameaddr.uri}{uri.param,received})", "%3Btransport%3Dws")) { # Kamailio bug? # in the received parameter of the route header, there is ';transport=ws' # so kamailio starts looking for a *tcp* connection, while it should be looking for a *tls* # connection. xlog("L_NOTICE", "Websocket detected; forcing wss transport"); set_send_socket("tls:WEBSOCKET_IP:WEBSOCKET_PORT"); } ```
### Additional Information
* **Kamailio Version** - output of `kamailio -v`
Tested with 5.4.4, but code doesn't seem to be changed in master.
* **Operating System**:
Ubuntu Focal.
Hi @nbruning - please try to seek guidance from this in the mailing lists (https://www.kamailio.org/w/mailing-lists/) as this doesn't immediately look like a bug, but most likely a usage issue. Of note is that you mention `transport=ws` which is an unencrypted method (whereas `wss` would be encrypted).
Closed #3340 as completed.
-
Fred Posner -
Nathan