sr-users March 2018

sr-users@lists.kamailio.org

101 participants
131 discussions

Security announcement related to Kamailio

by Henning Westerholt

Hello, as already announced from Daniel-Constantin Mierla on the lists last Wednesday [1], we strongly advise you to update your Kamailio installation to the latest stable release for security reasons. All supported releases (4.4, 5.0. and 5.1) contains two important security fixes related to the tmx and lcr module. Technical details for the tmx issue: A specially crafted REGISTER message with a malformed branch or From tag triggers a so called "off-by-one heap overflow". This vulnerability existed in the tmx module and makes it possible to remotely crash the Kamailio service. If an attacker sends many of this messages this would lead to a Denial of Service of the attacked infrastructure. This is especially critical as no authentication for the remote source is needed. This vulnerability was found from Sandro Gauci and Alfred Farrugia from the Security Company Enable Security. Many thanks to them for finding the issue and reporting it to us. You find all the details including a proof of concept code in the published security announcement from them: https://github.com/EnableSecurity/advisories/tree/master/ES2018-05-kamailio… Technical details for the lcr issue: A vulnerability existed in the lcr next_gw() function. It happens when a very long R-URI username is sent with an INVITE due to an mistake in the function error code handling. It can be triggered from a remote source, but should be only from a trusted peer, as it expected that calls going through lcr are authenticated by user or IP address. This vulnerability was reported from an user in the Netherlands to us, thanks as well for the bug report. So far we are not aware of any public exploits of this errors. But as already mentioned, we advise you to update your Kamailio servers to the latest stable release as soon as possible, especially as the tmx vulnerability will reported to more security lists later today. Please address any detailed technical questions related to the two bugs to the developer list at sr-dev(a)lists.kamailio.org . In case of confidential remarks related to this or other security issues, please address them to the Kamailio Management at management(a)kamailio.org . Best regards, Henning Westerholt Kamailio Project [1] https://lists.kamailio.org/pipermail/sr-users/2018-March/100672.html

6 years, 11 months

msilo on proxy in front of registrar

by Stefan Sayer

Hello, I have a bit of a strange situation where I want to add SIP MESSAGE reliability (store and forward) for a proxy that is in front of the (message-wise unreliable) registrar/message originator. So I m_store MESSAGEs in the failure_route of MESSAGE requests. By default, msilo's m_dump works only for REQUEST_ROUTE, thus I can't use that in the 200 to REGISTER. But when I add a function to msilo for ONREPLY_ROUTE (without the check for MESSAGE support) it works. So, is there a reason that there's m_dump only for REQUEST_ROUTE? And, is this: if ((msg->first_line).type == SIP_REQUEST) the correct way to check whether we're handling a request or reply? Also, is there a way to check the expires of contacts in the 200 to REGISTER from the script, so I don't try to m_dump on de-REGISTER? Or does this have to go into the m_dump function for the ONREPLY_ROUTE case? Many thanks for hints! Stefan

6 years, 11 months

Some clarifications needed on async_task_route

by George Diamantopoulos

Hello all, I've been exploring the async module a little, and async_task_route() more specifically. I have async_workers set, and the async module loaded. However, whenever this async function is involved in SIP processing, kamailio returns a 500 error to the UAC. I was hoping that someone could confirm that this function is suitable for my needs, I'm not sure I understand the docs very well on this one. So the plan is to have some of the processing of the transaction performed asynchronously, as it is not required for routing etc. Here's an example of what I'm trying to achieve, it's not really critical if NICE_TO_HAVE route functions fail etc, I just need request_route processing to continue normally without waiting for async_task_route("NICE_TO_HAVE") to finish whatever it's going to be doing: request_route() { ... SIP_PROCESSING_A ... async_task_route("NICE_TO_HAVE") ... SIP_PROCESSING_B t_relay(); } route(NICE_TO_HAVE) { dlg_var(sth) = something_derived_from_global_vars(); } Is this possible, or am I completely out of scope here? Thanks! BR, George

6 years, 11 months

INFO: Relevant fixes in the last releases

by Daniel-Constantin Mierla

Hello, I want to highlight that the last stable versions (for the latest 3 release series: 4.4, 5.0 and 5.1) include fixes for two issues that can crash a running instance of Kamailio, therefore it is strongly recommended to upgrade if you are using tmx or lcr modules. Next week a CVE report is going to be created with more details about one of these issues. The issues were reported privately, one by security researchers and one by a community member, and were fixed quickly. The code related to the reported issues is rather old (few years by now) and there are no known incidents of exploiting these issues so far. However, once the CVE report comes public, there could be a higher risk of exploitation. Cheers, Daniel -- Daniel-Constantin Mierla www.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio Advanced Training - April 16-18, 2018, Berlin - www.asipto.com Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com

6 years, 11 months

Kamailio World 2018 - grants for students and underrepresented people

by Daniel-Constantin Mierla

Hello, we are glad to announces that, thanks to the sponsors, we can offer again couple of free seats at Kamailio World Conference, May 14-16, 2018, in Berlin, for students as well as for underrepresented people. In this way we are continuing the program from last years, based on the roots and the tight relation of Kamailio project with the academic environment, the eligible people being students enrolled in universities or research institutes (bachelor, master and PhD programs qualify) as well as people from underrepresented groups. If you think you are eligible and want to participate, email me directly (miconda(a)gmail.com) or to registration(a)kamailio.org . Participation to all the content of the event (workshops, conference and social event) is free, but you will have to take care of expenses for traveling and accommodation. Write a short description about your interest in real time communications and, when it is the case what is the university or the research institute you are affiliate to. Also, if you are not a student, but you are in touch with some or have access to students forums/mailing lists, it will be very appreciated if you forward these details. More information about Kamailio World is available on the web site: - https://www.kamailioworld.com Many thanks to the event sponsors that allowed to continue this program, respectively: Evosip, 2600hz, Sipwise, Sipgate, Simwood, NG-Voice, Evariste Systems, Digium, LOD.com, Pascom, Core Network Dynamics, FhG Fokus and Asipto. Expect a full house event! Looking forward to meeting many of you in Berlin! Cheers, Daniel -- Daniel-Constantin Mierla www.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio Advanced Training - April 16-18, 2018, Berlin - www.asipto.com Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com

6 years, 11 months

Select last URI from Record-Route

by John Petrini

Hello list, Does anyone how I can extract the last URI from a compact Record-Route header? I've tried using a negative index in the parameter of my select but it returns the first URI in the header instead of the last. $var(rr_last_uri) = @record_route.uri[-1]; Maybe there's another way instead of using selects? Thanks, John

6 years, 11 months

Select last URI from Record-Route

by Ilie Soltanici

Hi, Try $(hdr(Record-Route)[-1]), to extract URI only you can use: $(hdr(Record-Route)[0]{nameaddr.uri})

6 years, 11 months

Logging unregister

by Kjeld Flarup

Is there a way to get a log entry when a client unregisters incl. when tcp connection is lost for a registration. -- -------------------- Med Liberalistiske Hilsner ---------------------- Civilingeniør, Kjeld Flarup - Mit sind er mere åbent end min tegnebog Sofienlundvej 6B, 7560 Hjerm, Tlf: 40 29 41 49 Den ikke akademiske hjemmeside for liberalismen - www.liberalismen.dk

6 years, 11 months

kamailio as load balancer

by Seyed Mohammad Mirheydari

Hi I have 5 asterisk servers. And I want to use kamailio as load balancer. How can route sip calls from outside to asterisk servers? Note: I installed kamailio and mairadb , etc. I configured subscriber for kamailio. And add my 5 servers to databse. Hust to know how to change the file kamailio.cfg to route all incoming calls to my 5 asterisk server (round robin). thanks

6 years, 11 months

Need useful graphics ideas

by Karsten Horsmann

Hello List, I thought about some kind of Kamailio stats source (like registered users, calls active and some other things) to collect them into influx dB and draw them with grafana. How do you solved that? Timer based routes or statsd or whatever? Kind regards Karsten Horsmann

6 years, 11 months

← Newer
1
...
5
6
7
8
9
10
11
...
14
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

sr-users March 2018