Hi,
Here's an example kamailio.cfg that uses record_route so in-dialog requests
will go through the Kamailio proxy:
https://github.com/kamailio/kamailio/blob/master/etc/kamailio.cfg
There are many other example cfg files:
https://github.com/kamailio/kamailio/tree/master/misc/examples
Any server that wants to see the in-dialog messages needs to add itself to
the record route list when receiving the initial INVITE for example. If a
server is not in the list of record routes, then in-dialog requests will
not be sent to the server. Headers that are most important in terms of
routing are R-URI, Route, Record-Route, Contact, Via.
Via header is for routing responses, while Record-Route is for in-dialog
requests.
I've put a few tips and some resources here about starting with Kamailio,
which hopefully may help you a bit:
http://tao-communications-ltd.simplesite.com/447576389
Cheers,
Yufei
>* Message: 7
*>* Date: Thu, 5 Nov 2020 12:26:16 +0200
*>* From: "Adrian Tabacioiu" <Adi.Tabacioiu at c-s.ro
<https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>>
*>* To: sr-users at lists.kamailio.org
<https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
*>* Subject: [SR-Users] Proxy configuration that exit dialog afer INVITE
*>* -> OK
*>* Message-ID: <7449102a9f3dbe38b6dba753d1cffcd8.squirrel at
mail.c-s.ro <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>>
*>* Content-Type: text/plain;charset=iso-8859-1
*>>>* Hello all,
*>>* Am I new in the usage of kamailio, sorry if I ask somehow something simple
*>* or terribly wrong .
*>>* I need to test a configuration of Kamailio which exit the dialog between
*>* UA after the first OK (that means it will not receive the following ACK,
*>* BYE).
*>>* I understand that in theory this is possible in two configuration types:
*>* - no Record Route header
*>* - or stateless proxy
*>>* First question:
*>* Am I correct with the choices above?
*>* Can I find example configuration for this two modes ?
*>>* Question 2:
*>* two or more proxy should be inter-connected, removing the Record Route
*>* header would interfere with proxy routing ? (should not the "Via"
*>* information be sufficient?)
*>>* Thank you in advance for help.
*>>* Best regards,
*>* Adrian Tabacioiu
*>
Is there a similar hook to make kamailio dump its current configuration it
is reading including ... included files, i.e. similar to nginx -T
root@main:/home/brandon# nginx -h
nginx version: nginx/1.14.2
Usage: nginx [-?hvVtTq] [-s signal] [-c filename] [-p prefix] [-g
directives]
Options:
-?,-h : this help
-v : show version and exit
-V : show version and configure options then exit
-t : test configuration and exit
-T : test configuration, dump it and exit
-q : suppress non-error messages during configuration testing
-s signal : send signal to a master process: stop, quit, reopen,
reload
-p prefix : set prefix path (default: /usr/share/nginx/)
-c filename : set configuration file (default: /etc/nginx/nginx.conf)
-g directives : set global directives out of configuration file
Thanks for your time in advance!
Many times (especially when there is a hacking attempt) I want to close
TCP or TLS session after sending reply. So, for example, I write:
set_reply_close();
send_reply("403", "Forbidden");
It would be more convenient if these two calls could be combined into
one, for example:
send_reply_and_close("403", "Forbidden");
-- Juha
Hi,
Here's an example kamailio.cfg that uses record_route so in-dialog requests
will go through the Kamailio proxy:
https://github.com/kamailio/kamailio/blob/master/etc/kamailio.cfg
There are many other example cfg files:
https://github.com/kamailio/kamailio/tree/master/misc/examples
Any server that wants to see the in-dialog messages needs to add itself to
the record route list when receiving the initial INVITE for example. If a
server is not in the list of record routes, then in-dialog requests will
not be sent to the server. Headers that are most important in terms of
routing are R-URI, Route, Record-Route, Contact, Via.
Via header is for routing responses, while Record-Route is for in-dialog
requests.
Cheers,
Yufei
> Message: 7
> Date: Thu, 5 Nov 2020 12:26:16 +0200
> From: "Adrian Tabacioiu" <Adi.Tabacioiu(a)c-s.ro>
> To: sr-users(a)lists.kamailio.org
> Subject: [SR-Users] Proxy configuration that exit dialog afer INVITE
> -> OK
> Message-ID: <7449102a9f3dbe38b6dba753d1cffcd8.squirrel(a)mail.c-s.ro>
> Content-Type: text/plain;charset=iso-8859-1
>
>
> Hello all,
>
> Am I new in the usage of kamailio, sorry if I ask somehow something simple
> or terribly wrong .
>
> I need to test a configuration of Kamailio which exit the dialog between
> UA after the first OK (that means it will not receive the following ACK,
> BYE).
>
> I understand that in theory this is possible in two configuration types:
> - no Record Route header
> - or stateless proxy
>
> First question:
> Am I correct with the choices above?
> Can I find example configuration for this two modes ?
>
> Question 2:
> two or more proxy should be inter-connected, removing the Record Route
> header would interfere with proxy routing ? (should not the "Via"
> information be sufficient?)
>
> Thank you in advance for help.
>
> Best regards,
> Adrian Tabacioiu
>
>
Hi,
I want add some custom Table Creation during installation of Kamailio.
I want to add my Custom Table during the execution of
kamdbctl create
command. Currently I am adding my script in
share/kamailio/mysql/auth_db-create.sql
Thanks,
Hi,
I have several Kamailio proxies - loadbalancer which is used as TLS offload
and Authorization server and behind registrar servers.
In this case I can't make tsilo work on the registrar server.
I'm always getting: "tm [t_append_branches.c:172]: t_append_branches():
failure to add branches (-1)"
If I use just one Kamailio which is used as Authorization and Registrar
server then tsilo works as expected.
Looks like kamailio where I run ts_append tries to connect to UAC directly
and not through Loadbalancer.
Any ideas? How can I troubleshoot this?
Thank you!
Jurijs
Hello all,
Am I new in the usage of kamailio, sorry if I ask somehow something simple
or terribly wrong .
I need to test a configuration of Kamailio which exit the dialog between
UA after the first OK (that means it will not receive the following ACK,
BYE).
I understand that in theory this is possible in two configuration types:
- no Record Route header
- or stateless proxy
First question:
Am I correct with the choices above?
Can I find example configuration for this two modes ?
Question 2:
two or more proxy should be inter-connected, removing the Record Route
header would interfere with proxy routing ? (should not the "Via"
information be sufficient?)
Thank you in advance for help.
Best regards,
Adrian Tabacioiu
Hello list,
Hope you are all good!
Recently, the issue https://github.com/kamailio/kamailio/issues/2535 has
been investigated and the utilization of the feature vsphere Fault
Tolerance is linked as a source of network latency and probably CPU
allocation latency. This increases the chances of the mentioned issue to
happen.
So I would just like to ask if anyone out there is using Kamilio in a
VMware environment with Fault Tolerance on? How is the experience?
Kind regards,
Patrick Wakano
Nov 2 21:13:28 main kamailio[1331]: INFO: <script>: AUTH_TOKEN_EXPIRED,
lets retrieve a new one
Nov 2 21:13:28 main kamailio[1331]: INFO: <script>: AUTH_TOKEN_RECEIVED,
{"data":{"token":{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJDUllZIiwiaWF0IjoxNjA0MzUxNjA4LCJleHAiOjE2MDQzNTUyMDgsIm1ldGhvZCI6InBvc3Q6YXV0aDp0b2tlbiIsImFjY291bnQiOnsiaWQiOiIxIiwiZmlyc3RuYW1lIjoiVGVzdCIsImxhc3RuYW1lIjoiQXJtc3RlYWQiLCJlbWFpbCI6ImJyYW5kb25AY3J5eS5jb20ifSwic291cmNlIjp7ImFkZHJlc3MiOiIzNC45NC4xMjMuMTIxIn19.sUQImDqDfE-xdA1SQ-7I5TnFMZaPh8WB2c-S-ut1hog","header":{"alg":"HS256","typ":"JWT"},"payload":{"iss":"CRYY","iat":1604351608,"exp":1604355208,"method":"post:auth:token","account":{"id":"1","firstname":"Test","lastname":"Armstead","email":"
brandon(a)cryy.com
"},"source":{"address":"34.94.123.121"}},"signature":"sUQImDqDfE-xdA1SQ-7I5TnFMZaPh8WB2c-S-ut1hog"}}}
Nov 2 21:13:28 main kamailio[1331]: INFO: <script>: AUTH_TOKEN_TIME,
1604351608
root@main:/etc/kamailio# kamcmd htable.dump server
{
entry: 11
size: 1
slot: {
{
name: auth::token
value:
{"data":{"token":{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJDUllZIiwiaWF0IjoxNjA0MzUxNjA4LCJleHAiOjE2MDQzNTUyMDgsIm1ldGhvZCI6InBvc3Q6YXV0aDp0b2tlbiIsImFjY291bnQiOnsiaWQiOiIxIiwiZmlyc3RuYW1lIjoiVGVzdCIsImxhc3RuYW1lIjoiQXJtc3RlYWQiLCJlbWFpbCI6ImJyYW5kb25AY3J5eS5jb20ifSwic291cmNlIjp7ImFkZHJlc3MiOiIzNC45NC4xMjMuMTIxIn19.sUQImDqDfE-xdA1SQ-7I5TnFMZaPh8WB2c-S-ut1hog","header":{"alg":"HS256","typ":"JWT"},"payload":{"iss":"CRYY","iat":1604351608,"exp":1604355208,"method":"post:auth:token","account":{"id":"1","firstname":"Test","lastname":"Armstead","email":"
brandon(a)cryy.com
"},"source":{"address":"34.94.123.121"}},"signature":"sUQImDqDfE-xdA1SQ-7I5TnFMZaPh8WB2c-S-ut1hog"}}}
type: str
}
}
}
Nov 2 21:13:48 main kamailio[1334]: INFO: <script>: AUTH_TOKEN_EXPIRED,
lets retrieve a new one
Nov 2 21:13:48 main kamailio[1334]: INFO: <script>: AUTH_TOKEN_RECEIVED,
{"data":{"token":{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJDUllZIiwiaWF0IjoxNjA0MzUxNjI4LCJleHAiOjE2MDQzNTUyMjgsIm1ldGhvZCI6InBvc3Q6YXV0aDp0b2tlbiIsImFjY291bnQiOnsiaWQiOiIxIiwiZmlyc3RuYW1lIjoiVGVzdCIsImxhc3RuYW1lIjoiQXJtc3RlYWQiLCJlbWFpbCI6ImJyYW5kb25AY3J5eS5jb20ifSwic291cmNlIjp7ImFkZHJlc3MiOiIzNC45NC4xMjMuMTIxIn19.stW5JzPR-Gz3oVvQEb1wxF7I0GcZ1KjkkQhinHGEivQ","header":{"alg":"HS256","typ":"JWT"},"payload":{"iss":"CRYY","iat":1604351628,"exp":1604355228,"method":"post:auth:token","account":{"id":"1","firstname":"Test","lastname":"Armstead","email":"
brandon(a)cryy.com
"},"source":{"address":"34.94.123.121"}},"signature":"stW5JzPR-Gz3oVvQEb1wxF7I0GcZ1KjkkQhinHGEivQ"}}}
Nov 2 21:13:48 main kamailio[1334]: INFO: <script>: AUTH_TOKEN_TIME,
1604351628
root@main:/etc/kamailio# kamcmd htable.dump server
{
entry: 0
size: 1
slot: {
{
name: auth::time
value: 1604351628
type: int
}
}
}
Nov 2 21:14:08 main kamailio[1331]: INFO: <script>: AUTH_TOKEN_EXPIRED,
lets retrieve a new one
Nov 2 21:14:08 main kamailio[1331]: INFO: <script>: AUTH_TOKEN_RECEIVED,
{"data":{"token":{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJDUllZIiwiaWF0IjoxNjA0MzUxNjQ4LCJleHAiOjE2MDQzNTUyNDgsIm1ldGhvZCI6InBvc3Q6YXV0aDp0b2tlbiIsImFjY291bnQiOnsiaWQiOiIxIiwiZmlyc3RuYW1lIjoiVGVzdCIsImxhc3RuYW1lIjoiQXJtc3RlYWQiLCJlbWFpbCI6ImJyYW5kb25AY3J5eS5jb20ifSwic291cmNlIjp7ImFkZHJlc3MiOiIzNC45NC4xMjMuMTIxIn19.P52y8GIkL2FEeT51WbYicjIdjdWp-1FXpIRPLHFmlw4","header":{"alg":"HS256","typ":"JWT"},"payload":{"iss":"CRYY","iat":1604351648,"exp":1604355248,"method":"post:auth:token","account":{"id":"1","firstname":"Test","lastname":"Armstead","email":"
brandon(a)cryy.com
"},"source":{"address":"34.94.123.121"}},"signature":"P52y8GIkL2FEeT51WbYicjIdjdWp-1FXpIRPLHFmlw4"}}}
Nov 2 21:14:08 main kamailio[1331]: INFO: <script>: AUTH_TOKEN_TIME,
1604351648
root@main:/etc/kamailio# kamcmd htable.dump server
{
entry: 11
size: 1
slot: {
{
name: auth::token
value:
{"data":{"token":{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJDUllZIiwiaWF0IjoxNjA0MzUxNjQ4LCJleHAiOjE2MDQzNTUyNDgsIm1ldGhvZCI6InBvc3Q6YXV0aDp0b2tlbiIsImFjY291bnQiOnsiaWQiOiIxIiwiZmlyc3RuYW1lIjoiVGVzdCIsImxhc3RuYW1lIjoiQXJtc3RlYWQiLCJlbWFpbCI6ImJyYW5kb25AY3J5eS5jb20ifSwic291cmNlIjp7ImFkZHJlc3MiOiIzNC45NC4xMjMuMTIxIn19.P52y8GIkL2FEeT51WbYicjIdjdWp-1FXpIRPLHFmlw4","header":{"alg":"HS256","typ":"JWT"},"payload":{"iss":"CRYY","iat":1604351648,"exp":1604355248,"method":"post:auth:token","account":{"id":"1","firstname":"Test","lastname":"Armstead","email":"
brandon(a)cryy.com
"},"source":{"address":"34.94.123.121"}},"signature":"P52y8GIkL2FEeT51WbYicjIdjdWp-1FXpIRPLHFmlw4"}}}
type: str
}
}
}
On Mon, Nov 2, 2020 at 12:44 PM Brandon Armstead <brandon(a)cryy.com> wrote:
> Also to add one more thing, I added a third static variable into the mix
> to test when using the "bad config" just setting server=>auth::name to
> "brandon" and introducing the 3rd variable seems to just make kamailio hang
> when doing kamcmd htable.dump server <---- (no results returned).
>
> On Mon, Nov 2, 2020 at 12:41 PM Brandon Armstead <brandon(a)cryy.com> wrote:
>
>> Daniel,
>>
>> In short kamcmd does not reflect the value set in $sht(server=>auth
>> ::token)
>>
>> It alternates between being set and not being set (reflecting in kamcmd
>> htable.dump
>>
>> root@main:/etc/kamailio# kamcmd htable.dump server
>>
>> {
>>
>> entry: 11
>>
>> size: 1
>>
>> slot: {
>>
>> {
>>
>> name: auth::token
>>
>> value:
>> {"data":{"token":{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJDUllZIiwiaWF0IjoxNjA0MzQ2NzgzLCJleHAiOjE2MDQzNTAzODMsIm1ldGhvZCI6InBvc3Q6YXV0aDp0b2tlbiIsImFjY291bnQiOnsiaWQiOiIxIiwiZmlyc3RuYW1lIjoiVGVzdCIsImxhc3RuYW1lIjoiQXJtc3RlYWQiLCJlbWFpbCI6ImJyYW5kb25AY3J5eS5jb20ifSwic291cmNlIjp7ImFkZHJlc3MiOiIzNC45NC4xMjMuMTIxIn19.aFGWqQg31oNnw10XfZ61Xm5Jncvt7RoNri2ZuDJ6yLQ","header":{"alg":"HS256","typ":"JWT"},"payload":{"iss":"CRYY","iat":1604346783,"exp":1604350383,"method":"post:auth:token","account":{"id":"1","firstname":"Test","lastname":"Armstead","email":"
>> brandon(a)cryy.com
>> "},"source":{"address":"34.94.123.121"}},"signature":"aFGWqQg31oNnw10XfZ61Xm5Jncvt7RoNri2ZuDJ6yLQ"}}}
>>
>> type: str
>>
>> }
>>
>> }
>>
>> }
>>
>>
>> In the kamailio logs it always shows AUTH_TOKEN_RECEIVED (correctly, with
>> the correct auth token), kamcmd dump of htable alternates between execution
>> of this route: htable:expired:server
>>
>> Exec 1:
>>
>> auth::time => [timestamp]
>>
>> Exec 2:
>>
>> auth::token => token
>>
>> Exec 3:
>>
>> auth::time => [timestamp]
>>
>> So on and so forth, [ kamcmd htable.dump server ] it does not correctly
>> hold both $sht(server=>auth::time) and $sht(server=>auth::token) like it
>> should, despite kamailio logs showing the HTTP_AUTH_TOKEN received message
>> with the correct auth token (100% of the time).
>>
>> It's almost like there is a race condition when using the modules
>> http_client_query in both init and expired event route.
>>
>> When I changed it to the resolved code block above separating the calls
>> and introducing http_async_client inside htable:expired:server
>>
>> The result is 100% of the time auth token exists correctly, just like the
>> logs 100% of the time show the auth token received regardless of
>> event_route implementation.
>>
>> So somewhere somehow the problematic config causes the hash table to not
>> store HTTP_AUTH_TOKEN it receives and logs.
>>
>
kamailio 5.5.0-dev3
I'm unsure if this is expected behavior, so thought I would ask...
When using http_async_query("URI", "ROUTENAME")
request_route {
route(AUTH);
# this does not get executed below route(AUTH)
xinfo("[$ci][$rm] we hit this line");
}
route[AUTH] {
t_newtran();
http_async_query("URI", "ROUTENAME");
}
route[ROUTENAME] {
# do stuff here to check authentication and return
if(auth + registration) {
append_hf("Path....");
msg_apply_changes(); # this fails and errors out about incorrect
route
# ^ invalid usage - not in request route or a reply
save("location");
}
if(auth + invite) {
# route to pstn
}
}
Expected behavior: to be able to obtain some processing / information
gathering about authentication with the call and additional information
possibly and return to normal routing. As-is now I've to move the actions
all into ROUTENAME for kamailio to continue processing, it does not go back
to request_route { }.
# this does not get executed below route(AUTH)
Is this expected behavior, or am I missing something?
If I do catch route(AUTH) with a hash table and prevent its execution after
first run, the avp's from the transaction created are not available in
request_route that were set in ROUTENAME.
