Hello,
Kamailio SIP Server project is organizing another meeting of its
developers and community members during November 19-20, 2024 (Tue-Wed),
hosted again by sipgate.de in Dusseldorf, Germany.
The event is intended to facilitate the interaction between Kamailio
developers and contributors in order to offer a convenient environment
for working together on several topics of high interest for the project,
including writing code for Kamailio and its tools, improving
documentation, or discuss about future development.
Everyone from the community is welcome to join, developer or user
interested in helping the project. Please note we have a limited
capacity of seats in the meeting room, the main policy for accepting
participants being first come first server. Also, very important to be
aware that this is not an event to learn how to use Kamailio.
More details about the event, the venue, how to register, are available at:
* https://www.kamailio.org/w/developers-meeting/
Looking forward to those two intensive hacking Kamailio days in Dusseldorf!
Cheers,
Daniel
--
Daniel-Constantin Mierla (@ asipto.com)
twitter.com/miconda -- linkedin.com/in/miconda
Kamailio Consultancy, Training and Development Services -- asipto.com
Hello!
Is it possible to find out the name of the onreply_route that was set
before?
Something like this:
t_on_reply("MANAGE_REPLY");
...
if ( t_is_set("onreply_route") ) {
get_onreply_route_name();
...
}
--
BR,
Denys Pozniak
Hello,
I encountered a problem stopping Kamailio with FIPS OpenSSL:
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007ff7292380ac in OPENSSL_sk_pop () from /lib64/libcrypto.so.3
Missing separate debuginfos, use: dnf debuginfo-install
kamailio-5.7.3-4816.x86_64
(gdb) bt
#0 0x00007ff7292380ac in OPENSSL_sk_pop () from /lib64/libcrypto.so.3
#1 0x00007ff72914bf5b in conf_modules_finish_int () from /lib64/libcrypto.so.3
#2 0x00007ff72914c694 in CONF_modules_unload () from /lib64/libcrypto.so.3
#3 0x00007ff7291efff9 in OPENSSL_cleanup () from /lib64/libcrypto.so.3
#4 0x00007ff72954702b in ?? ()
#5 0x0000000100061c08 in ?? ()
#6 0x00007ff7190566c8 in ?? ()
#7 0x00007ffccf196a20 in ?? ()
#8 0x000000000071da8a in futex_release (lock=0x7ff729f08b50 <syslog>)
at core/mem/../mem/../futexlock.h:134
#9 0x00000000006e9448 in destroy_tls () at core/tls_hooks.c:75
#10 0x000000000041f278 in cleanup (show_status=1) at main.c:594
#11 0x0000000000420af1 in shutdown_children (sig=15, show_status=1) at
main.c:721
#12 0x0000000000421717 in handle_sigs () at main.c:752
#13 0x0000000000430c88 in main_loop () at main.c:1988
#14 0x0000000000439d13 in main (argc=14, argv=0x7ffccf1973f8) at main.c:3212
(gdb)
Environment:
Oracle Linux Server 9.3
Kamailio 5.7.3
yum list --installed | grep ssl
openssl.x86_64 10:3.0.7-24.0.3.el9_fips
@tools
openssl-libs.x86_64 10:3.0.7-24.0.3.el9_fips
@tools
openssl-pkcs11.x86_64 0.4.11-7.el9
@anaconda
xmlsec1-openssl.x86_64 1.2.29-9.el9
@AppStream
What can I do for further investigation?
Thanks
How can I set the destination URI for an INVITE to be a
websocket-secure destination? Is it possible?
Summary
I've a proxy with tcp_connection_match=1, but websocket URIs always
have transport=ws (never transport=wss) in them, so relaying a call to
a WSS connection always fails.
I tested running kamailio 6.0.0-dev2 compiled from a commit made this
week. This proxy server uses nathelper rather than outbound module.
Detail
We know that "transport=ws" is used for both WS and WSS. I've a proxy
server that receives an INVITE for a WSS destination, and this proxy
supports both WS and WSS.
This proxy server must have core parameter tcp_connection_match=1 set,
and this leads the t_relay() to fail.
When an INVITE comes, these are the steps.
- The URI is something like
sip:user@anonymous.invalid;alias=198.51.100.10~52833~6;transport=ws.
- First handle_ruri_alias() removes the alias (which has ~6 in it, for
wss) and sets the $du to something like
sip:198.51.100.10:52833;transport=ws.
- Then loose_route_preloaded() processes the Route header fields and
forces the outbound socket to the TLS websocket one.
- Then t_relay() fails to relay the INVITE and responds with 477 or 500.
If, however, there's a non-TLS websocket connection open to the proxy,
the INVITE would be erroneously relayed over that (using the wrong
kamailio-side TCP port).
I can go deeper with testing if required. I wonder whether this is a bug.
James
Hi,
I just tried to send numbers of SIP register to kamailio (release 5.8.2). It is reported that there are some memory leakage in shared memory after the expiry of all the registration sessions. After drill down the code. function save_pending(...) is called. (in ims_registrar_pcscf/save.c). Inside that function, it seems that "sec_verify_params" is not deallocated upon the function completes.
Findings:
- sec_verify_params uses the result from function cscf_get_security_verify(...)
- Function cscf_get_security_verify(...) returns the result of function parse_sec_agree(...)
- Function parse_sec_agree(...) returns "params" where "shm_malloc(...)" is called
It seems that the memory pointed by 'sec_verify_params' is not further referenced by others. Should shm_free(...) be called when leaving function save_pending(...) in order to free the unused memory of 'sec_verify_params'?
Please advice.
Thank you.
Regards,
Hong
Hello!
I need to disable topos for one specific SIP trunk (in-out), it looks like
it’s enough to use event_route with IP address filtering.
But for some reason, the incoming INVITE from the peer still gets processed
by topos and I also don’t see a mention of [msg-incoming] in the logs, only
this:
WARNING: <script>: [msg-outgoing] OPTIONS/you/1.1.1.1
Code snippet:
loadmodule "topos.so"
modparam("topos", "db_url", DBURL)
modparam("topos", "contact_mode", 1)
modparam("topos", "header_mode", 1)
modparam("topos", "methods_noinitial", "OPTIONS,SUBSCRIBE,PUBLISH")
modparam("topos", "dialog_expire", 7210)
modparam("topos", "rr_update", 1)
modparam("topos", "event_mode", 5)
/*
1 - execute event_route[topos:msg-outgoing]
2 - execute event_route[topos:msg-sending]
4 - execute event_route[topos:msg-incoming]
8 - execute event_route[topos:msg-receiving]
*/
request_route {
....
event_route[topos:msg-outgoing] {
if ( $sndto(ip) == "1.1.1.1" ) {
xlog("L_WARN","[msg-outgoing] $rm/$rU/$sndto(ip) \n");
drop;
}
}
}
event_route[topos:msg-incoming] {
if ( $si == "1.1.1.1" ) {
xlog("L_WARN","[msg-incoming] $rm/$rU/$si \n");
drop;
}
}
# kamailio -v
version: kamailio 5.7.1 (x86_64/linux) 1cf389-dirty
--
BR,
Denys Pozniak
Hello,
We have compiled openssl 3.0.9 from source because it's FIPS validated, and
want to use it with Kamailio. The server also has the Ubuntu openssl 3.0.2
package installed.
Does anyone know how we can tell Kamailio to use the openssl library in
/opt/openssl/lib64, and how we can verify that it really is using it?
Thanking you in advance,
--
David Cunningham, Voisonics Limited
http://voisonics.com/
USA: +1 213 221 1092
New Zealand: +64 (0)28 2558 3782
Hello,
I am considering to release Kamailio v5.8.3 (out of branch 5.8) sometime
next week, most likely on Wednesday, Sep 4, 2024. If anyone is aware of
issues not yet on the bug tracker, report them there asap in order to
have a better chance to be fixed.
Cheers,
Daniel
--
Daniel-Constantin Mierla (@ asipto.com)
twitter.com/miconda -- linkedin.com/in/miconda
Kamailio Consultancy, Training and Development Services -- asipto.com
Hi kamilians,
we have the intention to archive the app_mono module in a few[0]. Most likely at the end of next week. If you use app_mono and you don't want to see it fade away now it's the time to rise your voice.
Cheers,
Victor
[0] https://github.com/kamailio/kamailio/pull/3964
Hi All,
I am trying to replay a request to the destination via Kamailio, and I am using t_relay_to_tcp for that , but in that case Kamailio is adding its own address as the top VIA header. Is there a way I can instruct Kamailio not to add local via header ?