Hello,
I am using letsencrypt cert and key and do not want to restart kamailio
every 3 months to load new ones.
I know that there is: kamcmd tls.reload method but it has an error for me.
error: 500 - Error while fixing TLS configuration (consult server log)
I am checking the logs and see:
kamailio[3865480]: INFO: tls [tls_domain.c:345]: ksr_tls_fill_missing():
TLSs<default>: tls_method=3
kamailio[3865480]: INFO: tls [tls_domain.c:357]: ksr_tls_fill_missing():
TLSs<default>: certificate='/etc/kamailio/certs/my_cert.crt'
kamailio[3865480]: INFO: tls [tls_domain.c:364]: ksr_tls_fill_missing():
TLSs<default>: ca_list='(null)'
kamailio[3865480]: INFO: tls [tls_domain.c:371]: ksr_tls_fill_missing():
TLSs<default>: ca_path='(null)'
kamailio[3865480]: INFO: tls [tls_domain.c:378]: ksr_tls_fill_missing():
TLSs<default>: crl='(null)'
kamailio[3865480]: INFO: tls [tls_domain.c:382]: ksr_tls_fill_missing():
TLSs<default>: require_certificate=0
kamailio[3865480]: INFO: tls [tls_domain.c:390]: ksr_tls_fill_missing():
TLSs<default>: cipher_list='(null)'
kamailio[3865480]: INFO: tls [tls_domain.c:397]: ksr_tls_fill_missing():
TLSs<default>: private_key='/etc/kamailio/certs/private.key'
kamailio[3865480]: INFO: tls [tls_domain.c:401]: ksr_tls_fill_missing():
TLSs<default>: verify_certificate=0
kamailio[3865480]: INFO: tls [tls_domain.c:406]: ksr_tls_fill_missing():
TLSs<default>: verify_depth=9
kamailio[3865480]: INFO: tls [tls_domain.c:410]: ksr_tls_fill_missing():
TLSs<default>: verify_client=0
kamailio[3865480]: NOTICE: tls [tls_domain.c:1168]: ksr_tls_fix_domain():
registered server_name callback handler for socket [:0],
server_name='<default>' ...
kamailio[3865480]: ERROR: tls [tls_domain.c:590]: load_cert():
TLSs<default>: Unable to load certificate file
'/etc/kamailio/certs/my_cert.crt'
kamailio[3865480]: ERROR: tls [tls_util.h:49]: tls_err_ret():
load_cert:error:03000072:digital envelope routines::decode error (sni:
unknown)
kamailio[3865480]: ERROR: tls [tls_util.h:49]: tls_err_ret():
load_cert:error:0A00018F:SSL routines::ee key too small (sni: unknown)
Any advice ?
It's interesting that there are not any errors in case I restart kamailio.
I can make TLS calls without problems.
deb 12.5
version: kamailio 5.7.4 (x86_64/linux)
Hello,
FOSDEM'25 will host again a RTC DevRoom during the afternoon of February
1, 2025 (Saturday) -- more details and the call for presentation can be
read at:
- https://lists.fosdem.org/pipermail/fosdem/2024q4/003584.html
I am not sure if I can participate (chances are more towards no, than to
yes), but if anyone considers to go to the event, it will be good to
submit a proposal to cover a bit Kamailio as well (it doesn't have to be
entirely about Kamailio).
Note that FOSDEM imposes a strict deadline this time for submissions
(Dec 1, 2024), thus is no much time left. Should anyone in these groups
plans to submit a proposal, let us know, so the others have an idea
about it.
Cheers,
Daniel
--
Daniel-Constantin Mierla (@ asipto.com)
twitter.com/miconda -- linkedin.com/in/miconda
Kamailio Consultancy, Training and Development Services -- asipto.com
Hi,
we would like to replicate a SIP-message ("REGISTER" in our case) to a
set of nodes for further asynchronous processing. The message is already
processed on the local Kamailio.
We thought about using the tm-module in conjunction with the dispatcher
module so we can reliably forward the message.
This seems to work, however we get a new problem: Kamailio forwards the
response it gets from those nodes.
When we drop the response in the reply_route, it gets dropped before TM
can see it.
When we drop the response in the on_reply_route, it still will be
forwarded. (adding or removing a header here works, however) $du is set
to $null.
Is there any clean way to suppress that response being forwarded back to
the original requester?
Best regards
Christian Berger
--
Christian Berger - berger(a)sipgate.de
Telefon: +49 (0)211-63 55 55-0
Telefax: +49 (0)211-63 55 55-22
sipgate GmbH - Gladbacher Str. 74 - 40219 Düsseldorf
HRB Düsseldorf 39841 - Geschäftsführer: Thilo Salmon, Tim Mois
Steuernummer: 106/5724/7147, Umsatzsteuer-ID: DE219349391
www.sipgate.de - www.sipgate.co.uk
Im using the module RTPengine. im having issues when ever i try to do a
call using SRTP im using microsip i have checked the SDP everything ok. But
when ever i place the call it gets rejected. if i disable SRTP then the
calls work
if (!rtpengine_offer("replace-origin replace-session-connection ICE=force
RTP/SAVP RTP/AVP")) {
I only need to encrypt client -> proxy from proxy -> asterisk should be
plain rtp i hope someone can help me out thank you.
The log in rtpengine shows this
[1731055305.417896] ERR: [2a721ebf2c73414ab8e739d7bde912f9//1 port 14124]:
[srtp] SRTP output wanted, but no crypto suite was negotiated
Hi all
I've installed a (pretty old) presence_dfks module that allows setting the presence using the following command:
kamctl fifo pua_publish sip:1000@10.10.99.254 3600 as-feature-event application/x-as-feature-event+xml . . . "<?xml version='1.0' encoding='ISO-8859-1'?><ForwardingEvent><device><notKnown/></device><forwardingType>forwardImmediate</forwardingType><forwardStatus>true</forwardStatus><forwardTo>1234</forwardTo></ForwardingEvent>"
The "pua_mi" module was however removed in Kamailio and jsonrpcs/xmlrpcs are supposed to be an alternative.
I've tried both the following calls, but neither does recognize the pua_publish/pua.publish as a valid method.
Attempt with jsonrpc:
curl -H "Content-Type: application/json" -X POST -d '{"jsonrpc": "2.0", "method": "pua.publish", "params": [""], "id":1}' https://sbctest.tel.redacted.xx:5061/RPC/
ERROR: jsonrpcs [jsonrpcs_mod.c:1422]: ki_jsonrpcs_dispatch(): method callback not found [pua.publish]
Attempt with xmlrpc:
curl -H "Content-Type: text/xml" -X POST -d '<?xml version="1.0" ?><methodCall><methodName>pua_publish</methodName><params><param><value><string>sip:jh@sbctest.tel.redacted.xx</string></value></param><param><value><string>7776000</string></value></param><param><value><string>as-feature-event</string></value></param><param><value><string>application/as-feature-event</string></value></param><param><value><string>.</string></value></param><param><value><string>a.1481534683.13958.6.7</string></value></param><param><value><string>sip:127.0.0.1:5080;transport=tcp</string></value></param><param><value><string>P-Flags: 0</string></value></param><param><value><string>Messages-Waiting: yesMessage-Account: sip:jh@sbctest.tel.redacted.xxVoice-Message: 2/0 (0/0)</string></value></param></params></methodCall>' https://sbctest.tel.redacted.xx:5061/RPC/
<?xml version="1.0"?>
<methodResponse>
<fault>
<value>
<struct>
<member>
<name>faultCode</name>
<value><int>500</int></value>
</member>
<member>
<name>faultString</name>
<value><string>Method Not Found</string></value>
</member>
</struct>
</value>
</fault>
Anyone who had some luck in this matter?
Best regards,
Dries
Hi all
I've installed a custom presence_dkfs module (https://github.com/tombeard/presence_dfks) in an effort to make our Grandstream devices (connected over TLS) display a server set callforward using Broadsoft's Device Feature Key Sync.
The module was installed succesfully, but it appears that the NOTIFY upon SUBSCRIBE cannot be sent over TLS. This part seems to use the default presence module however so I'm taking my chances here to ask for some advice. I have already disabled verify_certificate in tls.cfg. The "dst addr: 193.19x.x.x:0" does seem to have an incorrect port as I should expect 5061?
INFO: {1 600000 SUBSCRIBE 319937814-5062-3(a)BHC.DA.GB.CD} presence [notify.c:1744]: send_notify_request(): NOTIFY sip:544460@sbctest.tel.redacted.xx via sip:544460@172.30.61.23:5062;transport=tls on behalf of sip:544460@sbctest.tel.redacted.xx for event as-feature-event : 319937814-5062-3(a)BHC.DA.GB.CD
ERROR: tls [tls_server.c:1312]: tls_h_read_f(): protocol level error
ERROR: tls [tls_util.h:50]: tls_err_ret(): TLS connect:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure (sni: unknown)
ERROR: tls [tls_server.c:1316]: tls_h_read_f(): src addr: 172.30.61.23:5062
ERROR: tls [tls_server.c:1319]: tls_h_read_f(): dst addr: 193.19x.x.x:0
ERROR: <core> [core/tcp_read.c:1526]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f6d55b4b360 r: 0x7f6d55b4b488 (-1)
Your advice is most appreciated!
Cheers,
Dries
Hi,
I am trying to use dlg_req_within() for a 3pcc-style call setup, to set up media via a reinvite:
1. Store original SDP offer from caller in $dlg_var()s;
2. Later, after e2e ACK is processed for initial INVITE transaction, send reinvite to callee using dlg_req_within(). I call rtpengine_offer() and feed it the original SDP offer (via read_sdp_pv modparam), and take the RTPEngine-transformed SDP and feed that to dlg_req_within():
dlg_req_within("callee", "INVITE", "application/sdp", "$var(sdp_from_rtpengine)");
3. I have found that event_route[tm:local-response] does not allow me to capture the 200 OK / SDP answer to this reinvite; it is internally absorbed.
However, it is possible to arm an onreply_route in event_route[tm:local-request], to receive the 200 OK:
event_route[tm:local-request] {
if(method == "INVITE" && has_body("application/sdp"))
t_on_reply("REINVITE_REPLY");
}
4. My intent is for this reinvite reply handler to set off a reinvite to the caller side:
onreply_route[REINVITE_REPLY] {
if(method == "INVITE" && has_body("application/sdp") && t_check_status("200")) {
...
$var(rtpengine_use_this_sdp) = $rb;
rtpengine_answer("...");
dlg_req_within("caller", "INVITE", "application/sdp", "$var(sdp_from_rtpengine)");
}
This ensures proper relay symmetry. Otherwise, the caller will continue to send RTP to the previous upstream endpoint of the call, prior to any reinvite.
However, dlg_req_within() doesn't work in this later context, even though the documentation says it can be used from ANY_ROUTE. Kamailio doesn't complain, there is no error. It just doesn't initiate a reinvite to the caller.
I considered the possibility that this may be because the calling scope is that of a pending reinvite transaction to the callee, but there is no obvious way to defer that into the future. If I send it to an async task worker, the transaction scope required for dlg_req_within() to know which dialog it's operating on will be lost.
Any ideas appreciated, and thank you in advance!
-- Alex
--
Alex Balashov
Principal Consultant
Evariste Systems LLC
Web: https://evaristesys.com
Tel: +1-706-510-6800
Experimenting with KEMI for the first time, I ran into a few issues and hoping someone has feedback.
kamailio 5.8.3
In the following python example, 'if ksr.is_method("ACK"):' should never be reached. Below is debug.
if not ksr.siputils.has_totag():
ksr.info("has to tag")
sys.exit()
if ksr.is_method("ACK"):
if ksr.tm.t_check_trans():
ksr.relay()
sys.exit)
else:
sys.exit()
ksr.sl.send_reply(404, "Not here")
sys,exit()
.....
DEBUG: app_python3s [apy3s_kemi.c:365]: sr_apy_kemi_exec_func_ex(): execution of method: siputils.has_totag
DEBUG: siputils [checks.c:122]: has_totag(): no totag
DEBUG: app_python3s [apy3s_kemi.c:368]: sr_apy_kemi_exec_func_ex(): execution of method: is_method
DEBUG: app_python3s [apy3s_kemi.c:389]: sr_apy_kemi_exec_func_ex(): number of arguments: 1
DEBUG: app_python3s [apy3s_kemi.c:365]: sr_apy_kemi_exec_func_ex(): execution of method: sl.send_reply
DEBUG: app_python3s [apy3s_kemi.c:389]: sr_apy_kemi_exec_func_ex(): number of arguments: 2
DEBUG: sl [sl.c:306]: send_reply(): reply in stateless mode (sl)
.....
Second, here are a couple errors I have seen a few times but havent been able to identify the underlying issue, mainly hoping for more context on the meaning of 'execution of route type 1 with no name returned -1'.
ERROR: app_python3s [apy3s_kemi.c:146]: apy3s_exec_func(): error exception occurred
DEBUG: app_python3s [apy3s_kemi.c:230]: sr_kemi_config_engine_python(): execution of route type 1 with no name returned -1
Any input is appreciated.
*
dan
Thank you Henning!
Here are the configured limits for Kamailio
Limit Soft Limit Hard Limit Units
Max cpu time unlimited unlimited seconds
Max file size unlimited unlimited bytes
Max data size unlimited unlimited bytes
Max stack size 8388608 unlimited bytes
Max core file size unlimited unlimited bytes
Max resident set unlimited unlimited bytes
Max processes 31543 31543 processes
Max open files 16384 16384 files
Max locked memory unlimited unlimited bytes
Max address space unlimited unlimited bytes
Max file locks unlimited unlimited locks
Max pending signals 31543 31543 signals
Max msgqueue size 819200 819200 bytes
Max nice priority 0 0
Max realtime priority 0 0
Max realtime timeout unlimited unlimited us
This is what I know so far:
There seems to be a problem with siptrace module (going via TCP to a heplify-server on another host), but I’m not sure if this is a coincidence or the cause of the problems.
I see quite a bit of these before the actual problem arises:
Nov 4 07:54:01 kamailio-prod-westeurope-2 /usr/sbin/kamailio[322822]: ERROR: <core> [core/tcp_main.c:630]: _wbufq_add(): (591 bytes): write queue full or timeout (32498, total 43196, last write 0 s ago)
Nov 4 07:54:01 kamailio-prod-westeurope-2 /usr/sbin/kamailio[322822]: ERROR: siptrace [../../core/forward.h:261]: msg_send_buffer(): tcp_send failed
Nov 4 07:54:01 kamailio-prod-westeurope-2 /usr/sbin/kamailio[322822]: ERROR: siptrace [siptrace_hep.c:229]: trace_send_hep3_duplicate(): cannot send hep duplicate message
Nov 4 07:54:01 kamailio-prod-westeurope-2 /usr/sbin/kamailio[322829]: ERROR: <core> [core/tcp_main.c:4023]: handle_ser_child(): received CON_ERROR for 0x7fe054f8ae10 (id 727321), refcnt 2, flags 0x3096
At some point then all things go south and the log is flooded with these messages
Nov 4 07:54:01 kamailio-prod-westeurope-2 /usr/sbin/kamailio[322829]: CRITICAL: <core> [core/io_wait.h:596]: io_watch_del(): invalid fd 2244, not in [0, 482)
Nov 4 07:54:01 kamailio-prod-westeurope-2 /usr/sbin/kamailio[322829]: ERROR: <core> [core/tcp_main.c:4677]: handle_tcpconn_ev(): io_watch_del(3) failed: for 0x7fe054f8ae10, fd 2244
And then ultimately the above combined with the initially mentioned
Nov 4 07:54:01 kamailio-prod-westeurope-2 /usr/sbin/kamailio[322829]: CRITICAL: <core> [core/tcp_main.c:4264]: handle_ser_child(): failed to add new socket to the fd list
And occasionally also something like this
Nov 4 07:54:01 kamailio-prod-westeurope-2 /usr/sbin/kamailio[322829]: ERROR: <core> [core/io_wait.h:373]: io_watch_add(): trying to overwrite entry 2247 watched for 5 in the hash 0x5621dc404ee0 (fd:-601539712, type:22049, data:0x5621dc23c004) with (2247, 2, 0x7fe04f85c2a0)
In total these add up to roughly 3600 lines per second (!!) in the log, so it is quickly flooded with these.
Florian FLOIMAIR
Software Development - Symphony Cloud Services (1568)
Von: Henning Westerholt <hw(a)gilawa.com>
Datum: Montag, 11. November 2024 um 19:52
An: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>
Cc: Floimair Florian <f.floimair(a)commend.com>
Betreff: [External] RE: Question regarding error message "failed to add new socket to the fd list"
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Hello Florian,
Any other error messages before that error happens, e.g. something about the memory.
Otherwise, it could be indeed a ulimit issue. First step would be to check the actual configured limits for the kamailio user.
Cheers,
Henning
From: Floimair Florian via sr-users <sr-users(a)lists.kamailio.org>
Sent: Montag, 11. November 2024 17:45
To: sr-users(a)lists.kamailio.org
Cc: Floimair Florian <f.floimair(a)commend.com>
Subject: [SR-Users] Question regarding error message "failed to add new socket to the fd list"
Hi!
We have recently had issues with one of our Production Kamailios.
When those happened, the log was filled with the following message:
CRITICAL: <core> [core/tcp_main.c:4528]: handle_new_connect(): failed to add new socket to the fd list
Now I wonder what the best approach is to prevent this.
We are using TCP/TLS only and I think this might be related to the file ulimit, but I am not sure about that.
Shared memory is set to 512MB
Can you give me a hint on what to look for?
Thank you very much!
P.S.: Sorry, I accidentally replied to a previous post of a different topic before which is totally unrelated (I think I should stop working for today 😉)
FLORIAN FLOIMAIR
Software Development - Symphony Cloud Services
Commend International GmbH
Saalachstrasse 51
5020 Salzburg, Austria
[signature_2072127332]
commend.com
LG Salzburg / FN 178618z