sr-users January 2024

sr-users@lists.kamailio.org

49 participants
60 discussions

by mm e

After using the uac module to initiate registration to the remote end, is there a method to call back to notify the registration result? I want to get the registration result, such as 200 or 403

7 months

Re: force TLS RSA cipher suite (SOLVED)

by marek

good catch. thanks for the record ECC [root@sbc live]# openssl x509 -text -noout -in /etc/letsencrypt/live/<my domain>/fullchain.pem |grep -i "Public Key Algorithm" Public Key Algorithm: id-ecPublicKey certbot certonly --key-type rsa --cert-name <my domain> --manual --preferred-challenges dns RSA [root@sbc live]# openssl x509 -text -noout -in /etc/letsencrypt/live/<my domain>/fullchain.pem |grep -i "Public Key Algorithm" Public Key Algorithm: rsaEncryption but there was another problem modparam("tls", "cipher_list", "RSA") from https://kamailio.org/docs/modules/5.7.x/modules/tls.html#tls.p.cipher_list does nothing 0(2294) INFO: tls [tls_domain.c:390]: ksr_tls_fill_missing(): TLSs<default>: cipher_list='(null)' valid option is in tls.cfg cipher_list = RSA 0(2328) INFO: tls [tls_domain.c:390]: ksr_tls_fill_missing(): TLSs<default>: cipher_list='RSA' ServerHello Version 3.3 session_id[0]= cipherSuite TLS_RSA_WITH_AES_256_GCM_SHA384 Marek Cervenka Dne 2024-01-10 v 13:06 Lukas Tribus napsal(a): > > > On Wednesday 10 January 2024, marek via sr-users > <sr-users(a)lists.kamailio.org> wrote: > > hi, > > i'm trying force cipher list through options like > > modparam("tls", "cipher_list", "TLS_RSA_WITH_AES_256_CBC_SHA256") > > modparam("tls", "cipher_list", "RSA") > > > You are trying a RSA cipher. > > > ... > > > but > > ssldump -i enp2s0 port 5061 shows every time > > ServerHello > Version 3.3 > > > In TLS 1.2 > > > > session_id[0]= > cipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 > > > But the negotiated cipher suggest that you have an ECC certificate. > > In TLSv1.2 and older, ciphers available are dependent on the > certificate type (RSA vs ECC). > > In TLSv1.3 its all different again and the certificate doesn't matter > for cipher negotiation. > > Get a RSA (2048bit) certificate instead of a ECC one from Let's > Encrypt, then you should be able to use those ciphers. > > > > Lukas

7 months

Timeout on forwarding REGISTRATION

by dries＠degendt.com

Hi all, My Kamailio server has been throwing a lot of errors during the manipulation and forwarding of registrations to my Asterisk server (192.168.96.97) using uac_req_send(); and t_relay() [core/tcp_main.c:1402]: tcp_do_connect(): connect 192.168.96.97:5060: (99) Cannot assign requested address [core/tcp_main.c:1399]: tcp_do_connect(): connect 192.168.96.97:5060 failed Cannot assign requested address When looking deeper into the code it appears that the errors are thrown when "tcp_async" is enabled. I've enabled this option a few weeks ago to make sure clients can REGISTER quickly. The parameter "tcp_reuse_port" is also set to yes. I'm suspecting that on busy moments, the destination can't be reached because no TCP connections are available. Is there any of the following parameters that I can adjust to prevent this issue? tcp_children = 25 disable_tcp = no tcp_max_connections = 63536 tcp_connection_lifetime = 3605 tcp_accept_aliases = no tcp_async = yes tcp_connect_timeout = 10 tcp_conn_wq_max = 65536 tcp_crlf_ping = yes tcp_delayed_ack = yes tcp_fd_cache = yes tcp_keepalive = yes tcp_keepcnt = 3 tcp_keepidle = 30 tcp_keepintvl = 10 tcp_linger2 = 30 tcp_rd_buf_size = 80000 tcp_send_timeout = 10 tcp_wq_blk_size = 2100 tcp_wq_max = 10485760 tcp_reuse_port=yes /* tcp_connection_match=1 */ open_files_limit=63536 A quick tcpdump doesn't show outgoing packet during the error events. Best regards, Dries

7 months, 1 week

force TLS RSA cipher suite

by marek

hi, i'm trying force cipher list through options like modparam("tls", "cipher_list", "TLS_RSA_WITH_AES_256_CBC_SHA256") modparam("tls", "cipher_list", "RSA") ... but ssldump -i enp2s0 port 5061 shows every time ServerHello Version 3.3 session_id[0]= cipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 i tried lower crypto policy to LEGACY. nothing changed https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/ht… certificates are from Lets Encrypt if that does matter OS Rocky9(RHEL9), kamailio 5.7.3 from official repo any ideas/tips? thanks Marek

7 months, 1 week

Re: uac_req_send + evroute + crash

by Péter Dr. Barabás

Hello, Any idea about the crash below? I found a ticket regarding to this, I made some comments and backtraces there also: https://github.com/kamailio/kamailio/issues/3635 Now this crash is very frequently, 3-4 times every day. There is a timer mechnism, where kamailio refreshes registrations towards asterisk automically to ensure continuous availability for mobile users. The crash exists 3-5 secs after this refresh process, but not always. Sometimes this process runs fine only CRITICAL logs appears (mentioned below) after it, but sometimes kamailio crashes during writing these CRITICAL logs. Peter From: Dr. Barabás Péter via sr-users <sr-users(a)lists.kamailio.org> Date: Wednesday, 2023. November 15. 17:03 To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org> Cc: Dr. Barabás Péter <dr.peter.barabas(a)gmail.com> Subject: [SR-Users] Re: uac_req_send + evroute + crash Hello Daniel, I’m using kamailio 5.7.2 currently and this misterious crash occurs again. Now core files are generated also, here is the trace: (gdb) bt #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007fae9a2d0859 in __GI_abort () at abort.c:79 #2 0x00005614ad79afd8 in qm_debug_check_frag (qm=0x7fae78e77000, f=0x7fae79805028, file=0x7fae77c8c134 "uac: uac_send.c", line=860, efile=0x5614ad936f99 "core/mem/q_malloc.c", eline=511) at core/mem/q_malloc.c:129 #3 0x00005614ad79f7c1 in qm_free (qmp=0x7fae78e77000, p=0x7fae79805060, file=0x7fae77c8c134 "uac: uac_send.c", func=0x7fae77c8cf10 <__func__.15157> "uac_send_tm_callback", line=860, mname=0x7fae77c8c014 "uac") at core/mem/q_malloc.c:511 #4 0x00005614ad7ab410 in qm_shm_free (qmp=0x7fae78e77000, p=0x7fae79805060, file=0x7fae77c8c134 "uac: uac_send.c", func=0x7fae77c8cf10 <__func__.15157> "uac_send_tm_callback", line=860, mname=0x7fae77c8c014 "uac") at core/mem/q_malloc.c:1350 #5 0x00007fae77c3686b in uac_send_tm_callback (t=0x7fae797dcf40, type=131072, ps=0x7fff8bd990d0) at uac_send.c:860 #6 0x00007fae783abc27 in run_trans_callbacks_internal (cb_lst=0x7fae797dcfe8, type=131072, trans=0x7fae797dcf40, params=0x7fff8bd990d0) at t_hooks.c:241 #7 0x00007fae783abd1e in run_trans_callbacks (type=131072, trans=0x7fae797dcf40, req=0x0, rpl=0x0, code=0) at t_hooks.c:261 #8 0x00007fae782bd8cb in free_cell_helper (dead_cell=0x7fae797dcf40, silent=0, fname=0x7fae783e9f62 "timer.c", fline=653) at h_table.c:165 #9 0x00007fae7837649c in wait_handler (ti=724701450, wait_tl=0x7fae797dcff8, data=0x7fae797dcf40) at timer.c:653 #10 0x00005614ad50be68 in timer_list_expire (t=724701450, h=0x7fae78ef5d18, slow_l=0x7fae78ef95e0, slow_mark=33641) at core/timer.c:857 #11 0x00005614ad50c3a7 in timer_handler () at core/timer.c:922 #12 0x00005614ad50c8d5 in timer_main () at core/timer.c:961 #13 0x00005614ad45fbf3 in main_loop () at main.c:1833 #14 0x00005614ad46ae93 in main (argc=14, argv=0x7fff8bd99b48) at main.c:3086 I think it occurs only if $uac_req(evroute) is set to 1 and I define the event_route[uac:reply] route. My uac_reply route is easy: if ($uac_req(evcode)==200) { xlog("L_INFO", "Registration for user $fU has been refreshed successfully."); $sht(vtp=>asterisk_restarted) = $null; route(SAVE_REG); } else { xlog("L_INFO", "Registration failed: $uac_req(evcode)"); } the SAVE_REG route is the following: route[SAVE_REG] { xlog("L_INFO", "Saving pbx registration...:$fU"); $var(maxExpiry) = MAX_PBX_REG_EXPIRY; route(GET_CLIENT_ID); sql_pvquery("ca", "select count(*) from pbxusers where user = '$fU'", "$var(pbxusersCnt)"); if ($var(pbxusersCnt)>0) { if ($var(clientId) == 0) { sql_query("ca", "update pbxusers set expiry = TIMESTAMPADD(SECOND, $var(maxExpiry), SYSDATE()), online=1 where user = '$fU'"); } else { sql_query("ca", "update pbxusers set client_id = '$var(clientId)', expiry = TIMESTAMPADD(SECOND, $var(maxExpiry), SYSDATE()), online=1 where user = '$fU'"); } } else { sql_query("ca", "insert into pbxusers (user, expiry, client_id, online) values ('$fU', TIMESTAMPADD(SECOND, $var(maxExpiry), SYSDATE()), '$var(clientId)', 0)"); } } And GET_CLIENT_ID route is: route[GET_CLIENT_ID] { $var(clientId) = 0; if (is_present_hf("X-AT-ClientId")) { $var(clientId) = $hdr(X-AT-ClientId); } } Any idea, is it a bug or I do something wrong in config files? Peter From: Dr. Barabás Péter via sr-users <sr-users(a)lists.kamailio.org> Date: Sunday, 2023. October 8. 18:49 To: miconda(a)gmail.com <miconda(a)gmail.com>, Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org> Cc: Dr. Barabás Péter <dr.peter.barabas(a)gmail.com> Subject: [SR-Users] Re: uac_req_send + evroute + crash Hello Daniel, I do not see any “failed to send request with authentication”. The next CRITICAL log appears after calling uac_req_send(): CRITICAL: <core> [core/mem/q_malloc.c:519]: qm_free(): BUG: freeing already freed pointer (0x7f114995ada8), called from uac: uac_send.c: uac_send_tm_callback(860), first free uac: uac_send.c: uac_resend_tm_callback(732) - ignoring Now we use kamailio 5.7.2 and no crash has come, but the critical logs above exist. I saw a ticket in github: https://github.com/kamailio/kamailio/issues/3522, may the crash be similar or the same to that? I will make a try next week with downgrading to 5.6.2 and try to reproduce the crash. Peter From: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: Friday, 2023. October 6. 13:55 To: Dr. Barabás Péter <dr.peter.barabas(a)gmail.com>, Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org> Subject: Re: [SR-Users] uac_req_send + evroute + crash Hello, do you also get error log messages that include "failed to send request with authentication"? Which CRITICAL log appears when you call uac_req_send()? You pasted a couple of them in the initial email? Cheers, Daniel On 05.10.23 17:32, Dr. Barabás Péter wrote: Hello, I used kamailio version 5.6.2. I refreshed to 5.7.2 today. As I remember it was in kamailio long time ago therefore I could skip evroute route. But this CRITICAL log appears always when I call uac_req_send(). I call it with settings: $uac_req(auser) = $var(username); $uac_req(apasswd) = $var(password); Where username and password are retrived from web service before call. In event_route I got first 401 after 200. Peter From: Daniel-Constantin Mierla <miconda(a)gmail.com><mailto:miconda@gmail.com> Date: Thursday, 2023. October 5. 17:25 To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org><mailto:sr-users@lists.kamailio.org> Cc: Dr. Barabás Péter <dr.peter.barabas(a)gmail.com><mailto:dr.peter.barabas@gmail.com> Subject: Re: [SR-Users] uac_req_send + evroute + crash Hello, On 05.10.23 16:34, Dr. Barabás Péter via sr-users wrote: Hi All, I use kamailio In front of Asterisk and kamailio needs to refresh registrations periodically towards Asterisk to ensure the availability of users from Asterisk side. I use uac module and call uac_req_send() for sending REGISTER requests. I set $uac_req(evroute)=1 The event_route[uac:reply] is called fine, but in kamailio logs I see the next lines: CRITICAL: <core> [core/mem/q_malloc.c:519]: qm_free(): BUG: freeing already freed pointer (0x7f114995ada8), called from uac: uac_send.c: uac_send_tm_callback(860), first free uac: uac_send.c: uac_resend_tm_callback(732) - ignoring After some time, kamailio has crashed. CRITICAL: <core> [core/mem/q_malloc.c:519]: qm_free(): BUG: freeing already freed pointer (0x7f114995ada8), called from uac: uac_send.c: uac_send_tm_callback(860), first free uac: uac_send.c: uac_resend_tm_callback(732) – ignoring CRITICAL: <core> [core/pass_fd.c:277]: receive_fd(): EOF on 34 ALERT: <core> [main.c:774]: handle_sigs(): child process 1407950 exited by a signal 6 what version of Kamailio are you using? Is Asterisk challenging for authentication? Does it happen every time or seldom? Cheers, Daniel -- Daniel-Constantin Mierla (@ asipto.com) twitter.com/miconda -- linkedin.com/in/miconda Kamailio Consultancy and Development Services Kamailio Advanced Training - Online - Nov 14-16, 2023 -- asipto.com -- Daniel-Constantin Mierla (@ asipto.com) twitter.com/miconda -- linkedin.com/in/miconda Kamailio Consultancy and Development Services Kamailio Advanced Training - Online - Nov 14-16, 2023 -- asipto.com

7 months, 1 week

Crash of Kamailio when using module http_async_client - function http_async_query, if module "tm.so" is not loaded (Kamailio 5.7.3)

by Chaigneau, Nicolas

Hello, When using http_async_query function, provided by module http_async_client: https://www.kamailio.org/docs/modules/devel/modules/http_async_client.html#… If module "tm.so" is not loaded, then immediately upon calling function http_async_query, Kamailio crashes: 9(3807541) CRITICAL: <core> [core/pass_fd.c:281]: receive_fd(): EOF on 8 0(3807527) ALERT: <core> [main.c:791]: handle_sigs(): child process 3807533 exited by a signal 11 0(3807527) ALERT: <core> [main.c:795]: handle_sigs(): core was generated 0(3807527) INFO: <core> [main.c:818]: handle_sigs(): terminating due to SIGCHLD Of course, I now know that I must load the module "tm.so". But I think it would be better to catch the issue when Kamailio starts, rather than crashing later on when trying to call http_async_query. What do you think ? Regards, Nicolas. This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.

7 months, 1 week

How to use uac.reg_add command?

by mm e

./kamcmd uac.reg_add 789798 789798 mydomain.com 789798 myteldomain.com . 789798 123456 . sip:sip6.telco.nl 360 0 10 mydomain.com:5060 udp:mydomain.com:5060 error: 400 - Invalid Parameters Can you provide me with a case, I don't know how to enter the correct format.

7 months, 1 week

DB invalid connection parameter

by Sergiu Pojoga

Hi, Facing the following error after bumping Kam from 5.3 => 5.4 => 5.5 => 5.6, following instructions on each step about DB structure and module changes. These errors show up since. Any clue what they mean? A couple other modules are using the same DB MySQL connector. The data in the DB also seems to get updated properly. Jan 03 15:08:30 sip kamailio[20881]: ERROR: <core> [db.c:489]: db_use_table(): invalid connection parameter *Jan 03 15:08:30 sip kamailio[20881]: ERROR: usrloc [ucontact.c:1170]: db_update_ucontact_ruid(): sql use_table failedJan 03 15:08:30 sip kamailio[20881]: ERROR: usrloc [urecord.c:438]: wb_timer(): updating contact in db failed (aor: user(a)domain.com <user(a)domain.com>)* version: kamailio 5.6.5 (x86_64/linux) 48d48f compiled on 02:32:48 Jan 2 2024 with gcc 4.9.2 DB structure: location | CREATE TABLE `location` ( `id` int(10) unsigned NOT NULL AUTO_INCREMENT, `ruid` varchar(64) NOT NULL DEFAULT '', `username` varchar(64) NOT NULL DEFAULT '', `domain` varchar(64) DEFAULT NULL, `contact` varchar(512) NOT NULL DEFAULT '', `received` varchar(128) DEFAULT NULL, `path` varchar(512) DEFAULT NULL, `expires` datetime NOT NULL DEFAULT '2030-05-28 21:32:15', `q` float(10,2) NOT NULL DEFAULT 1.00, `callid` varchar(255) NOT NULL DEFAULT 'Default-Call-ID', `cseq` int(11) NOT NULL DEFAULT 1, `last_modified` datetime NOT NULL DEFAULT '2000-01-01 00:00:01', `flags` int(11) NOT NULL DEFAULT 0, `cflags` int(11) NOT NULL DEFAULT 0, `user_agent` varchar(255) NOT NULL DEFAULT '', `socket` varchar(64) DEFAULT NULL, `methods` int(11) DEFAULT NULL, `instance` varchar(255) DEFAULT NULL, `reg_id` int(11) NOT NULL DEFAULT 0, `server_id` int(11) NOT NULL DEFAULT 0, `connection_id` int(11) NOT NULL DEFAULT 0, `keepalive` int(11) NOT NULL DEFAULT 0, `partition` int(11) NOT NULL DEFAULT 0, PRIMARY KEY (`id`), UNIQUE KEY `ruid_idx` (`ruid`), KEY `account_contact_idx` (`username`,`domain`,`contact`), KEY `expires_idx` (`expires`), KEY `connection_idx` (`server_id`,`connection_id`), *KEY `tcpcon_idx` (`connection_id`)* ) ENGINE=InnoDB AUTO_INCREMENT=287989 DEFAULT CHARSET=latin1 > select * from version where table_name='location'; table_name: location table_version: 9 Thanks.

7 months, 1 week

webRTC Test Client?

by Andy Newlands

Hi, I have a Freeswitch installation, fronted by a Kamailio proxy I would like to configure Kamailio to bridge SIP between webRTC clients and Freeswitch. The first issue I hit is how to set up a test webRTC client to make calls into Kamailio/FS. Can anyone point me to a simple webRTC client I can use to make test webRTC/SIP calls into my setup? Thanks BTW: I'm not JS experienced (I work with Python, C#, C/C++). Kind regards, Andy

7 months, 2 weeks

Kamailio - Initiating invite on REFER

by Muhammad Danish Moosa

Hi champs, In this flow like endpoint -> B2BUA 1-> kamailio -> B2BUA 2, there is a requirement that REFER should be handled by Kamailio and it should manage the transfer , initiating a new invite based on REFER. Any pointer will be helpful -- Danish

7 months, 2 weeks

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

sr-users January 2024