sr-users April 2024

sr-users@lists.kamailio.org

69 participants
66 discussions

apt-key deprecation
by tom＠tomlynn.com 11 Nov '24

11 Nov '24

When I look at the debian repositories maintained by the project, there are instructions to import the public key of the repository for apt using this command: wget -O http://deb.kamailio.org/kamailiodebkey.gpg | sudo apt-key add - which results in: Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)). gpg: no valid OpenPGP data found. Is there an alternate method that can be posted in the repository that will get better results? Thank you, TL

5 5

Getting the name of an already set onreply_route
by Denys Pozniak 14 Oct '24

14 Oct '24

Hello! Is it possible to find out the name of the onreply_route that was set before? Something like this: t_on_reply("MANAGE_REPLY"); ... if ( t_is_set("onreply_route") ) { get_onreply_route_name(); ... } -- BR, Denys Pozniak

3 5

TLS module doesn't support TLSV1
by o.atef＠fiberme.com 15 Aug '24

15 Aug '24

Hello Brothers, I've installed kamailio throw "apt install" on Debian and it's installed version: kamailio 5.6.3 (x86_64/linux). Now I've a big problem that kamailio cannot running with TLSv1 and it has to be TLSv1.2+ as tls.cfg doc said: # We do not enable anything else than TLSv1.2+ # over the public internet. Clients do not have # to present client certificates by default. How could I avoid this restriction please to enable TLSv1? Thank you,

5 5

http_async_query on carrierfailureroute changes rd back to carrieroute primary
by Maharaja Azhagiah 07 Aug '24

07 Aug '24

Hi I am running kamailio 5.4 on debian I have carrierfailureroute configured incase of primary service provider fails. I also have Stirshaken configured to add Identity header on outbound calls. Issue is when call fail overs to carrierfailureroute, http_async_query changes $ru to the primary carrier From the debug logs, when primary carrier sends a 488 (primary carrier expects SIP TLS but my call is UDP - to test the failover scenario) 39(285) DEBUG: {1 18398 INVITE 8EmmsLqNuMRYBduMqFgX3w4JHAn4C2xn} tmx [t_var.c:561]: pv_get_tm_reply_code(): reply code is <488> 39(285) DEBUG: {1 18398 INVITE 8EmmsLqNuMRYBduMqFgX3w4JHAn4C2xn} carrierroute [cr_func.c:178]: set_next_domain_on_rule(): searching for matching routing rules39(285) INFO: {1 18398 INVITE 8EmmsLqNuMRYBduMqFgX3w4JHAn4C2xn} carrierroute [cr_func.c:197]: set_next_domain_on_rule(): next_domain is 47987 Carrier route rewrites the failover carrier 39(285) INFO: {1 18398 INVITE 8EmmsLqNuMRYBduMqFgX3w4JHAn4C2xn} carrierroute [cr_func.c:706]: cr_do_route(): uri 14371234567 was rewritten to sip:14371234567@sip.primaryprovider.com, carrier 1, domain 47987 Before http_async_query rd and ru are still the failover carrier 39(285) INFO: {1 18398 INVITE 8EmmsLqNuMRYBduMqFgX3w4JHAn4C2xn} <script>: [callid: 8EmmsLqNuMRYBduMqFgX3w4JHAn4C2xn] - [cfg:2976] - Debug testing ----- rd is sip.primaryprovider.com ----- ru is sip:14371234567@sip.primaryprovider.com 39(285) DEBUG: {1 18398 INVITE 8EmmsLqNuMRYBduMqFgX3w4JHAn4C2xn} http_async_client [async_http.c:469]: async_send_query(): transaction suspended [5261:1830449764] 39(285) DEBUG: {1 18398 INVITE 8EmmsLqNuMRYBduMqFgX3w4JHAn4C2xn} http_async_client [async_http.c:625]: async_push_query(): query sent [ https://authn-uat.ccid.neustar.biz/ccid/authn/v2/identity?apiKey=randomkey] (0x7fdcad097e60) to worker 1 However, when the route is being called after the http_async_query it changes to the primary one: 26(272) DEBUG: tm [t_lookup.c:1612]: t_lookup_ident_filter(): transaction found 26(272) DEBUG: http_async_client [async_http.c:235]: async_http_cb(): resuming transaction (5261:1830449764) 26(272) DEBUG: tm [t_lookup.c:1612]: t_lookup_ident_filter(): transaction found 26(272) INFO: <script>: [callid: 8EmmsLqNuMRYBduMqFgX3w4JHAn4C2xn] - [cfg:2995] - Debug testing ----- rd is 1.2.3.4 ----- ru is sip:14371234567@1.2.3.4:5061;transport=TLS Due to this, call keeps going to the primary and it fails if ( http_async_query(STIRSHAKEN_AS_URL, "AS_RESPONSE") == -1 ) { xlog("L_ERR ", "[cfg:$cfg(line)] Failed to connect AS service for token $fu -> $tu \n"); return; } route[AS_RESPONSE] { xlog("L_INFO", "[callid: $ci] - [cfg:$cfg(line)] - Debug testing ----- rd is $rd ----- ru is $ru\n"); if ($http_ok) { xlog("L_INFO", "[cfg:$cfg(line)] Resuming outbound call transaction for $fu -> $tu Received - $http_rb \n"); # Add identity and Date headers if (jansson_get("identity", $http_rb, "$var(identity)")) { insert_hf("Identity: $var(identity)\n", "Content-Length"); } if (jansson_get("date", $http_rb, "$var(date)")) { if ($hdr(Date) != $null){ remove_hf("Date"); } insert_hf("Date: $var(date)\n", "Identity"); } } else { xlog("L_ERR", "[cfg:$cfg(line)] Resuming outbound call transaction. Error - $http_err)\n"); } route(RELAY); exit; } Please help to understand why rd / ru changes to primary carrier. Regards, Maharaja Azhagiah

3 7

Via header force change protocol to TLS?
by Anthony Alba 30 May '24

30 May '24

I have kamailio behind a TLS termination proxy so the sockets are correctly deduced to be TCP. However the clients only talk TLS to the proxy and are confused when the top Via header added by Kamailio is TCP. Is there a way for Kamailio to forcibly pretend its protocol is TLS? Like advertised_address but "advertised_protocol" instead. (With pjsip testing: it has a flag use_tls which ignores TCP from Kamailio and continues to use the persistent TLS transport to proxy. Linphone fails because it tries to honor TCP in Via and is unable to establish TCP transport). BTW I am using t_relay_to_tcp so Kamailio will return traffic to the proxy as TCP even though the contact addresses specify transport=TLS.

4 10

q_malloc.c:520 WARNINGs
by Joel Serrano 20 May '24

20 May '24

Hi, Does anyone know what this WARNING means or how to fix it? 2024-03-09T00:39:15.406674-05:00 csbc03 csbc[33024]: WARNING: {1 1 INVITE CALL-ID} <core> [core/mem/q_malloc.c:520]: qm_free(): WARNING: free(0) called from dialplan: dp_db.c: pcre2_free(206) 2024-03-09T00:39:15.406823-05:00 csbc03 csbc[33024]: WARNING: {1 1 INVITE CALL-ID} <core> [core/mem/q_malloc.c:520]: qm_free(): WARNING: free(0) called from dialplan: dp_db.c: pcre2_free(206) 2024-03-09T00:39:15.406973-05:00 csbc03 csbc[33024]: WARNING: {1 1 INVITE CALL-ID} <core> [core/mem/q_malloc.c:520]: qm_free(): WARNING: free(0) called from dialplan: dp_db.c: pcre2_free(206) 2024-03-09T00:39:15.407089-05:00 csbc03 csbc[33024]: WARNING: {1 1 INVITE CALL-ID} <core> [core/mem/q_malloc.c:520]: qm_free(): WARNING: free(0) called from dialplan: dp_db.c: pcre2_free(206) 2024-03-09T00:39:15.407178-05:00 csbc03 csbc[33024]: WARNING: {1 1 INVITE CALL-ID} <core> [core/mem/q_malloc.c:520]: qm_free(): WARNING: free(0) called from dialplan: dp_db.c: pcre2_free(206) 2024-03-09T00:39:15.407278-05:00 csbc03 csbc[33024]: WARNING: {1 1 INVITE CALL-ID} <core> [core/mem/q_malloc.c:520]: qm_free(): WARNING: free(0) called from dialplan: dp_db.c: pcre2_free(206) 2024-03-09T00:39:15.407375-05:00 csbc03 csbc[33024]: WARNING: {1 1 INVITE CALL-ID} <core> [core/mem/q_malloc.c:520]: qm_free(): WARNING: free(0) called from dialplan: dp_db.c: pcre2_free(206) It happens after running dp_translate(). These are my settings: debug=L_DBG debug=L_NOTICE memdbg=L_INFO memlog=L_INFO corelog=L_ERR mem_summary=12 log_stderror=no log_facility=LOG_LOCAL0 log_name="csbc" log_prefix="{$mt $hdr(CSeq) $ci} " mem_join=1 Any ideas? Thanks, Joel.

2 5

dynamic selection of authentication algorithm
by Juha Heinanen 14 May '24

14 May '24

How about this new function that sets the algorithm? -- Juha iff --git a/src/modules/auth/auth_mod.c b/src/modules/auth/auth_mod.c index 534ad9e20f..4e3a584d22 100644 --- a/src/modules/auth/auth_mod.c +++ b/src/modules/auth/auth_mod.c @@ -74,6 +74,10 @@ int w_consume_credentials(struct sip_msg *msg, char *s1, char *s2); * Check for credentials with given realm */ int w_has_credentials(struct sip_msg *msg, char *s1, char *s2); +/* + * Set authentication algorithm + */ +int w_auth_algorithm(struct sip_msg *msg, char *alg, char* s2); static int pv_proxy_authenticate( struct sip_msg *msg, char *realm, char *passwd, char *flags); @@ -170,6 +174,8 @@ static cmd_export_t cmds[] = { REQUEST_ROUTE}, {"pv_auth_check", (cmd_function)w_pv_auth_check, 4, fixup_pv_auth_check, 0, REQUEST_ROUTE}, + {"auth_algorithm", w_auth_algorithm, 1, fixup_spve_null, 0, + REQUEST_ROUTE}, {"bind_auth_s", (cmd_function)bind_auth_s, 0, 0, 0}, {0, 0, 0, 0, 0, 0} @@ -475,6 +481,35 @@ int w_has_credentials(sip_msg_t *msg, char *realm, char *s2) return -1; } return ki_has_credentials(msg, &srealm); + +} +/** + * + */ +int w_auth_algorithm(sip_msg_t *msg, char* alg, char* s2) +{ + if (fixup_get_svalue(msg, (gparam_t*)alg, &auth_algorithm) < 0) { + LM_ERR("failed to get algorithm value\n"); + return -1; + } + + if (strcmp(auth_algorithm.s, "MD5") == 0) { + hash_hex_len = HASHHEXLEN; + calc_HA1 = calc_HA1_md5; + calc_response = calc_response_md5; + } + else if (strcmp(auth_algorithm.s, "SHA-256") == 0) { + hash_hex_len = HASHHEXLEN_SHA256; + calc_HA1 = calc_HA1_sha256; + calc_response = calc_response_sha256; + } + else { + LM_ERR("Invalid algorithm provided." + " Possible values are \"\", \"MD5\" or \"SHA-256\"\n"); + return -1; + } + + return 1; } #ifdef USE_NC

3 6

How to use environment variable
by Pavan Kumar 07 May '24

07 May '24

Hi everyone, I am trying to assign environment variable as follows listen=udp:0.0.0.0:5060 advertise $env(MY_IP):5060 Looks like using the environment variable as above is an invalid configuration. Is there a way to use IP from env var to advertise. Even better, is there a way to use result in a stun query as an advertised address? Thank you, Pavan Kumar

2 3

http_async_client and sl_send_reply()
by Masud Muborakshohi 02 May '24

02 May '24

Hello! I have a problem when sending a response sl_send_reply("415", "The other party does not support video calling!"); in route[HTTP_REPLY]. When I make a request using http_async_query() to send a push notification to a mobile device, I need to process the response from the push server and respond with a SIP message to the client. Before sending the request I do $http_req(suspend) = 0; What am I doing wrong? Why are $fU and $ru equal to null ? #processing HTTP responses route[HTTP_REPLY] { if ($http_ok && $http_rs == 200) { xlog("L_INFO", "route[HTTP_REPLY]: status $http_rs\n"); xlog("L_INFO", "route[HTTP_REPLY]: body $http_rb\n"); } else if($http_rs == 415 || $http_rs == "415") { xlog("L_ERR", "route[HTTP_REPLY]: caller: $fU phone: $ru error: $http_err)\n"); send_reply("415", "The other party does not support video calling!"); } else { xlog("L_ALERT", "route[HTTP_REPLY]: error $http_err)\n"); } #exit; }

3 5

Kamailio works but voice is not present during the calls!
by christian.marinelli＠hotmail.it 02 May '24

02 May '24

Hi all, i have a problem with my Kamailio SIP Server. I set up a Kamailio SIP server in a virtual machine on a private network and i connect to this with a WireGuard VPN. The problem is that i can connect to the SIP server throught different clients and users and i can call the other users, the devices ring and i can answer to the calls but unfortunatly there is no audio during the call :( I can't understand why, it seems all si OK, a year ago i set up another SIP server with the same configuration and all works correctly with it. Can anyone help me to understand why? I can copy and paste here all the config files if you need it. Thank you so much in advance Christian

8 29

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

sr-users April 2024