sr-users January 2014

sr-users@lists.kamailio.org

93 participants
141 discussions

SIP Security Architectural Question to Use RTP/Media Proxy or Not?

by Jr Richardson

Hi All, Background: We are a service provider offering VoIP/Data services to business customers. All hosted VoIP systems and Customers are mostly on-net, VoIP systems not exposed to the Internet, but all hosted PBX's do have public IP address. I do have some Customers with off-net phones/users so I basically white list their IP's so the phones can register back to their hosted PBX. This works well and keeps SIP attack vectors to a minimum. I've been working on a single point of registration Kamailio server to backend PBX's so I can further control public Internet access to hosted PBX's. I've got this working in the lab but have some concerns about RTP streams. I know I can use a RTP/Media Proxy to also have a single point of entry for media streams to the the backend PBX's but don't believe this to be the best method. Researching SBC's and what I know about SIP and RTP Streams, it's best to have media controlled via the B2BUA (Asterisk in this case) and since all my hosted PBX's have public IP's there would be no compelling reason to proxy RTP adding another hop, latency and point of failure other than for security. I'm not transcoding media or doing anything outside of the capability of the B2BUA as far as media goes. Question: Would it be prudent to open UDP media ports from Internet to PBX's on a case-by-case basis, basically white listing media streams or is there any attack vulnerability with UDP in the media port range or should I open up media port range to all PBX's and not worry about attacks. Are there any UDP Media exploits that I should be concerned with, or UDP flood attacks that could DOS my hosted PBX's? Thanks for any feedback. JR -- JR Richardson Engineering for the Masses

10 years, 10 months

Got SIP response 400 "Bad From URI"

by arun Jayaprakash

Hello, I have set up two extensions in my network, both have identical configurations. When I call from ext A to ext B I have no problem; ext B rings and I can hear audio. Now when I call from ext B to ext A I get the following error: "Got SIP response 400 "Bad From URI" back from 172.10.30.15". Could someone let me know why this happens, what could be the issue and what I need to check for? Thank you for your help. Arun Jayaprakash

10 years, 10 months

Kamailio World 2014 - Call for Speakers

by Daniel-Constantin Mierla

Hello, I would like to announce that call for speakers at Kamailio World 2014 is now open. Those interested in presenting at the event have to submit the proposal via the web form at: - http://conference.kamailio.com/k02/call-for-speakers/ Have a great 2014, Daniel -- Daniel-Constantin Mierla - http://www.asipto.com http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda

10 years, 10 months

Got SIP response 400 "Bad From URI"

by arun Jayaprakash

10 years, 10 months

t_reply in failure route with dialog module

by Efelin Novak

Hi, when I use t_reply("505", "Error"); in my failure route, the response is not forwarded and following is written into a log: kamailio[26216]: WARNING: tm [t_lookup.c:1559]: t_unref(): WARNING: script writer didn't release transaction plus next line is written exactly 416000 times into a log afterwards: kamailio[32685]: CRITICAL: dialog [dlg_hash.c:794]: log_next_state_dlg(): bogus event 4 in state 5 for dlg 0xb4af6588 [2575:7017] with clid '121d44f0-6555f4c8' and tags 'd12546d053aadc68o2' '' My point is to change the incoming code from users and append a Q.850 reason code. Is there any other way how to do this or a way how to fix this? I'm using Kamilio 4.0.4 on Debian 7.1 The code is as follows: failure_route[MANAGE_FAILURE] { if (t_is_canceled()) { exit; } if($T_reply_code == 408 && isflagset(10)) { xlog("Ringing timeout"); append_to_reply("Reason: Q.850;cause=28\r\n"); t_reply("505", "Error"); } }

10 years, 10 months

Missing Route headers in locally generated BYE

by Efelin Novak

Hi, I locally generate BYE using dlg_end_dlg. When I want to end a call that is "transport layer" bridged, the BYE is not sent to first hop in route_set but directly to the endpoint. In such BYE there are no Route headers. In non-bridging calls Routes are correctly placed and the message is routed to the first "hop". When the error happens, this is written to a log: WARNING: rr [loose.c:821]: after_loose(): no socket found for match second RR Here ([SR-Users] no socket found for match second RR) I have read this is only a warning, but in my configuration it seriously influences the message routing. My setup is phone1(192.168.10.3) <--TCP--> kamailio1(192.168.10.2) <--UDP--> kamailio2(192.168.5.3) <--UDP--> phone2 On kamailio1 I generate dlg_end_dlg and the BYE is sent to phone1 and phone2 directly. I'm using Kamailio 4.0.4 on Debian machines. How can I make the Kamailio1 to send the BYE to kamailio2 in the transport layer bridging scenario? Do I have some misconfiguration or this is not a correct behaviour? Thanks for answer Efelin

10 years, 10 months

tmrec_match function is not working

by José Seabra

Hi there, I'm trying use tmrec_match in order to create routing rules based on time, but without sucess, please have a look at my code and the errors that i got: Code block: if(tmrec_match("20130101T080500|24H|weekly|||MO,TU,WE,TH,FR")) { xlog("L_INFO", "time match R=$ru ID=$ci\n"); } Error: ERROR: <core> [tmrec.c:1320]: tr_parse_recurrence_string(): failed to parse time recurrence [20130101T080500|24H] My server has the following date/hour Seg Dez 30 18:35:57 WET 2013 Thank for your help -- Cumprimentos José Seabra

10 years, 10 months

Documentation "error" acc module 4.1

by Daniel Tryba

Regarding http://www.kamailio.org/docs/modules/4.1.x/modules/acc.html#acc.p.db_insert… "If set to 1, use INSERT DELAYED to add records to accounting tables when the DB driver has support for it. If no INSERT DELAYED support is offered by DB driver, then standard INSERT is used." With the switch to InnoDB in 4.1 acc is by default no longer a table that supports INSERT DELAYED. Mysqld generates an error when trying INSERT DELAYED on a backend that doesn't support this, the driver does support delayed but is oblivious to this not working on acc: /usr/sbin/kamailio[19378]: ERROR: db_mysql [km_dbase.c:122]: db_mysql_submit_query(): driver error on query: DELAYED option not supported for table 'acc' /usr/sbin/kamailio[19378]: ERROR: <core> [db_query.c:235]: db_do_insert_cmd(): error while submitting query /usr/sbin/kamailio[19378]: ERROR: acc [acc.c:504]: acc_db_request(): failed to insert delayed into database So beware if you use InnoDB and INSERT DELAYED. Maybe the documentation should mentioning the fact that the 4.1 defaults don't work for mysql. But people will figure this out fast when there is no accounting :) -- POCOS B.V. - Croy 9c - 5653 LC Eindhoven Telefoon: 040 293 8661 - Fax: 040 293 8658 http://www.pocos.nl/ - http://www.sipo.nl/ K.v.K. Eindhoven 17097024

10 years, 10 months

ingress timer

by Kelvin Chua

i would like to have an fr_inv_timer functionality on inbound INVITEs. the only way i imagine this to work is to use timer module, set a predefined timer value, and when reaching that value after the INVITE, execute a ROUTE that cancels the callee and sends a 500 or timeout message back to the caller. problem is, the timeout value for module is static. i need the timeout to be dynamic for different callers. are there any other methods on achieving this? Kelvin Chua

10 years, 10 months

Happy New Year!

by Daniel-Constantin Mierla

Another year packed in the archive, thanks everyone for filling it with excellent achievements and, along them, keeping Kamailio project moving forward! I expect another wonderful year ahead for the project and I am looking forward to collaborating further within this brilliant community as well as meeting many of you at Kamailio World and other events worldwide. I wish everyone a prosperous and successful 2014! Happy new year! Daniel -- Daniel-Constantin Mierla - http://www.asipto.com http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda

10 years, 10 months

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

sr-users January 2014