I am extremely new at this, but trying to set up TLS with a carrier. TLS connection is good, Invite goes out, we get the 100 and the 200, but subsequent messages (ACK and BYE) are being sent with UDP and I cannot figure out how to get them to maintain the TLS transport. Any suggestions? I think this is the section I'm looking for.
# Manage incoming replies in transaction context
onreply_route[MANAGE_REPLY] {
xdbg("incoming reply\n");
if(status=~"[12][0-9][0-9]") {
route(NATMANAGE);
}
if (has_body("application/sdp")) {
xdbg("rtpengine_manage loop-protect MANAGE_REPLY");
#rtpengine_manage("loop-protect");
}
}
Hi all,
I face a problem when trying to forward an UPDATE request to the IMS which
communicates with UDP transport protocol on one side UDP and SCTP on other
side. When I try to send UPDATE towards the UDP side of IMs I see following
error on kamailio side and request cannot be forwarded
Jun 25 16:19:18 prashant-0lk-sbc-1 /usr/sbin/kamailio[1223341]: ERROR:
<core> [core/udp_server.c:597]: udp_send(): sendto(sock, buf:
0x7fc180deb5f0, len: 1509, 0, dst: (172.18.0.20:5060), tolen: 16) - err:
Invalid argument (22)
Jun 25 16:19:18 prashant-0lk-sbc-1 /usr/sbin/kamailio[1223341]: CRITICAL:
<core> [core/udp_server.c:603]: udp_send(): invalid sendtoparameters#012one
possible reason is the server is bound to localhost and#012attempts to send
to the net
The UPDATE message which is tried to be forwarded is as follow:
Here there are double rr one is UDP and one is sctp (Route: <
sip:mt@172.18.0.20;lr;did=6aa.aaa;ftag=49IZjY2irfb;r2=on>, <
sip:mt@172.18.0.20;lr;transport=sctp;did=6aa.aaa;ftag=49IZjY2irfb;r2=on>)
)
That would be great if you can help why this UPDATE cannot be forwarded.
By the way double rr is on on kamailio config
Jun 25 16:19:18 prashant-0lk-sbc-1 /usr/sbin/kamailio[1223341]: DEBUG:
<core> [core/forward.c:577]: forward_request(): Sending:#012UPDATE
sip:alice@10.10.141.188;ob;sbc-id=xpllrk47odqh4pb2ofpib6vsym
SIP/2.0#015#012Via: SIP/2.0/UDP
127.0.0.1:50601;branch=z9hG4bKddab.3554948ce3cfe321729448a2b082c2f3.0#015#012Via:
SIP/2.0/UDP 127.0.0.1:7060;branch=z9hG4bKnHN8Q3ya#015#012To: <
sip:alice@ims.wingcon.com>;tag=49IZjY2irfb#015#012From: <
sip:bob@ims.wingcon.com>;tag=hfdqjj2pmui#015#012Call-Id:
3mzzecWt3Cbgvy#015#012CSeq: 1 UPDATE#015#012Max-Forwards:
70#015#012Contact:
<sip:bob@10.10.141.188;ob;sbc-id=o7dpxe7qu2r34zwzio5pis2vqi>#015#012Content-Type:
application/sdp#015#012Route:
<sip:mt@172.18.0.20;lr;did=6aa.aaa;ftag=49IZjY2irfb;r2=on>,
<sip:mt@172.18.0.20;lr;transport=sctp;did=6aa.aaa;ftag=49IZjY2irfb;r2=on>, <
sip:mo@172.18.0.20;lr;did=6aa.9aa;ftag=49IZjY2irfb;r2=on>, <
sip:mo@172.18.0.20;lr;transport=sctp;did=6aa.9aa;ftag=49IZjY2irfb;r2=on>, <
sip:mo@172.18.0.120;lr>#015#012Session-Expires:
180;refresher=uas#015#012Supported: replaces, 100rel, timer,
norefersub#015#012Min-SE: 90#015#012P-Charging-Vector:
icid-value=e277783432fd11efba03fa163eed425f;icid-generated-at=172.18.0.120;orig-ioi=172.18.0.120;term-ioi=172.18.0.120#015#012User-Agent:
PJSUA v2.14 Linux-5.4.0.172/x86_64/glibc-2.35#015#012Content-Length:
409#015#012#015#012v=0#015#012o=- 3928313948 3928313950 IN IP4
172.18.0.120#015#012s=pjmedia#015#012b=AS:84#015#012t=0
0#015#012a=X-nat:0#015#012m=audio 30106 RTP/AVP 8 96 97 121 120#015#012c=IN
IP4 172.18.0.120#015#012b=TIAS:64000#015#012a=ssrc:1986855169
cname:1fca52e812ced466#015#012a=rtpmap:8 PCMA/8000#015#012a=rtpmap:96
AMR/8000#015#012a=rtpmap:97 AMR-WB/16000#015#012a=rtpmap:121
telephone-event/16000#015#012a=fmtp:121 0-16#015#012a=rtpmap:120
telephone-event/8000#015#012a=fmtp:120
0-16#015#012a=sendrecv#015#012a=rtcp:30107#015#012.
Regards
Serkan
Hello,
I am considering to release Kamailio v5.6.6 (out of branch 5.6) later
this week (likely on Wednesday, July 3, 2024). If anyone is aware of
issues not yet on the bug tracker, report them there asap in order to
have a better chance to be fixed.
This is going to be the last release out of branch 5.6 to mark the end
of official/packaging maintenance.
Cheers,
Daniel
--
Daniel-Constantin Mierla (@ asipto.com)
twitter.com/miconda -- linkedin.com/in/miconda
Kamailio Consultancy, Training and Development Services -- asipto.com
Hello,
I am considering to release Kamailio v5.7.6 (out of branch 5.7) on
Tuesday, July 2, 2024. If anyone is aware of issues not yet on the bug
tracker, report them there asap in order to have a better chance to be
fixed.
Cheers,
Daniel
--
Daniel-Constantin Mierla (@ asipto.com)
twitter.com/miconda -- linkedin.com/in/miconda
Kamailio Consultancy, Training and Development Services -- asipto.com
I have a scenario where Kamailio is receiving a retransmit of a 200 OK to a late offer INVITE after it has sent the ACK, and after it has begun to handle a reInvite from the calling party. This results in the following commands to the rtpengine: Offer (reInvite), Offer (200 retransmit), Answer (ACK to retransmitted 200). At this point, I see STUN binding errors both in Chrome, where the webRTC client (called party) is running, and in the rtpengine logs.
ERROR:port.cc(498)]: Received STUN BINDING error response: class=4 number=1 reason='Unauthorized'
[core] STUN authentication mismatch from x.x.x.x:63396
[ice] Received ICE/STUN response code 487 for candidate pair dl2efuRG06eK4nFs:2713745946:1 from x.x.x.x::64509 to x.x.x.x
[ice] ICE role change, now controlled
[ice] Recalculating all ICE pair priorities
[ice] Triggering check for dl2efuRG06eK4nFs:2713745946:1
[ice] ICE/STUN response with unknown transaction received (from x.x.x.x:64509 on interface x.x.x.x:16184)
So, briefly, the call flow up to the point of error looks like this:
INVITE w/o SDP
200 OK w/SDP, Offer to rtpengine
ACK w/SDP, Answer to rtpengine
reInvite w/SDP, Offer to rtpengine
retransmission of 200 OK, Offer to rtpengine
ACK to retransmitted 200, Answer to rtpengine
I have dialog tracking enabled in my config, and it seems like Kamailio is behaving as expected when the retransmitted 200 and ACK are forwarded on, but I'm curious if other people have run into a scenario like this and how they have dealt with it.
Hello,
I need to implement Event: presence, application/pidf+xml as described in
RFC-3856. I understand I need to use the presence_xml module and generate
PUBLISH requests to update the information and ensure that the NOTIFY get
sent. I know nothing abour XCAP or wether I need it or not. Any
information source out there that could help me?
Regards,
Michel Pelletier
Hi everyone. Wanting to see if someone could point me in the right
direction. Still very knew to Kamailio but I am beginning to understand it
better. I'm making an outbound proxy and have everything working well
besides stir/shaken. I'm looking at the module page and have went back and
forth with chatGPT and can't seem to figure this part out. I keep getting
errors on the modparam lines.
Obviously this is a self signed cert because I'm just testing. I am able to
reach and download the cert from the Web server.
Thank you for any assistance.
# SECSIPID for Stir/Shaken
modparam("secsipid", "private_key", "/etc/kamailio/secsipid/private.key")
modparam("secsipid", "certificate", "/etc/kamailio/secsipid/cert.crt")
modparam("secsipid", "authority_cert", "/etc/kamailio/secsipid/ca.crt")
modparam("secsipid", "expire", 600) modparam("secsipid", "timeout", 2)
route[STIRSHAKEN] {
if (is_method("INVITE")) {
if (!secsipid_add_identity("$fU", "$rU", "A", "", "
http://myIPaddress.com/stir_shaken_cert.crt
<http://myipaddress.com/stir_shaken_cert.crt>",
"/etc/kamailio/secsipid/private.key")) {
xlog("L_ERR", "Failed to sign call with ID: $ci - From: $fU\n");
send_reply("500", "Internal Server Error");
exit;
} else {
xlog("L_INFO", "Successfully signed call with ID: $ci - From:
$fU\n");
}
}
# Relay the call after signing
route(RELAY);
}
Hello,
I noticed that Kamailio can route either to IP and FQDN.
This means the server certificate CN is not checked by the client.
How to enable something like the 'verify_peer' option?
Thanks
Hello everyone,
I have a question regarding the usage of core keywords, specifically the possibility of printing their values in log messages. While I understand that core keywords such as 'dst_port' and 'af' etc... can be accessed directly in if conditions, I am interested to know if there is a way to print the values of these core keywords for logging purposes.
Thank you.
El Wed, 19 Jun 2024 11:54:05 -0500
Brett Nemeroff <brett(a)voicefoxtelephony.com> escribió:
> What you should expect using this method is blocking while the exec runs
> which could run you out of child processes while they complete. I'd also
> expect to see an "unusual amount of CPU activity" which will be the result
> of the forked shells being created and destroyed.
>
> All of that being said, yes it works. It's architecturally overly simple
> and very inefficient. If your load is tiny, it might be ok. Anything
> moderate like Henning and others have said, will use an inordinate amount
> of cpu. I would not personally risk it.
>
>
Thank you Brett, Henning and Alex
Sadly the load won't be tiny and cannot risk it. For now I'll deploy a local
nginx and fpm to run the scripts, which are in php, and will use the http_async
method.
Sadly we have to "http all the things" nowadays.
Let's see if I'm able to write down all the logic tomorrow and do some testing.
cheers,
Jon
--
PekePBX, the multitenant PBX solution
https://pekepbx.com
HI Team,
I use tls and xhttp module to enable websocket interface for webrtc client
to connect.
I wanted to add "Strict-Transport-Security" header to xhttp response to add
security. But currently I don't see a way to add it anywhere.
I can see only server_header as an option, But this will get added to SIP
messages as well.
It 'd be great if anybody has a suggestion around this.
Thanks
Varunan
El Tue, 18 Jun 2024 13:54:41 -0500
Brett Nemeroff <brett(a)voicefoxtelephony.com> escribió:
> Just want to add that exec is heavy and slow. I would not recommend it.
>
> Is there a reason you want to do this over http-ifying your script and
> using async?
>
>
Not really. The scripts are provided. Maybe I'm against "http all the
things" which seems to be what everyone does nowadays.
Why would http client be lighter than executing a script? That would be a
design problem, right?
--
PekePBX, the multitenant PBX solution
https://pekepbx.com
Hi all
I've been working with async http client and async db queries in the past but
now I have to execute scripts and store the return values in avps.
Since I have no experience with that, I wonder how to achieve concurrency with
that scenario. Is there a way to exec async or suspend until the exec has
finished and resume later?
cheers,
Jon
--
PekePBX, the multitenant PBX solution
https://pekepbx.com
Hello,
I am doing BLF but I want different users to be able to setup different
dialog info initial states. My question is if there's an already
implemented way for doing that?
I've looked over docs and C code so far and this is what I've found:
1. modparam("presence_dialoginfo", "force_dummy_dialog", 1) => will force sending initial NOTIFY with dialog state "terminated"
2. Function calls: dlginfo_agg_nbody()->dlginfo_agg_nbody_empty() which
will build the pre-defined xml body with that "terminated" state. If not
implemented so far, maybe this can be used to set a different initial
state for a user (e.g. export a cfg function or take that info from DB?)
Any opinions on this?
Thank you,
Stefan
When I start Kamailio master version that has been build on Debian 12
with default-libmysqlclient-dev depending on libmariadb-dev-compat, I
get several warnings like this:
2024-06-17T14:48:27.702827+03:00 siika /usr/bin/sip-proxy[297246]: WARNING: db_mysql [km_my_con.c:187]: db_mysql_new_connection(): opt_ssl_ca option not supported by mysql version (value (null)) - ignoring
How can I prevent them?
-- Juha
Hello kamailio lovers,
I am currently working on a Kamailio configuration where I need to check the source port of incoming SIP messages. Initially, I used the $sp pseudo-variable to get the source port, which worked perfectly while testing with SIPp.
Here is the snippets code that I use
"
if ($sp != 5080 && $sp != 8080 && $sp != 5060){
sl_send_reply(403, "forbidden");
xlog("this $rm received, is forbidden\n");
exit;
}
"
However, I encountered an issue when I switched to using sipsak for testing.
It seems that sipsak uses a randomly assigned port for the actual network connection, even though it sets the source port in the SIP headers (e.g., Via, To and Contact headers) to a specified port using the -l option.
Here is the sipsak command that I use "sipsak -vv -s sip:jack@192.168.1.2:5060-l 5080"
My goal is to have Kamailio check the source port as specified in the application layer, rather than the transport layer port (i.e., the ephemeral port assigned by the OS randomly like 54691, 33017...).
Could anyone guide me on how to properly configure Kamailio to extract and check the port from the application layer or SIP headers, or am I doing this in the wrong way? Any advice or examples would be greatly appreciated.
"I am not a native english speak, so I use chatGPT to make my questions clear"
Thank you!
Hello,
I am using topos module to hide Record-Route and Route header as per the
requirement from carrier. But the topos module hides, contact, via and
routing headers also. Due to this reason when I am getting bye from the
carrier I am not able to route the bye back to the agent.
Bye from Agent to carrier is working fine.
Bye from carrier to my internal network interface is not routing to client
through public interface. I assume this may be because Via / Contact header
has been hidden and changed by the topos module with the invite
please help me for this
Thanks
Arun
Hello,
Kamailio SIP Server v5.8.2 stable release is out.
This is a maintenance release of the latest stable branch, 5.8, that
includes fixes since the release of v5.8.1. There is no change to
database schema or configuration language structure that you have to do
on previous installations of v5.8.x. Deployments running previous v5.8.x
versions are strongly recommended to be upgraded to v5.8.2.
For more details about version 5.8.2 (including links and guidelines to
download the tarball or from GIT repository), visit:
* https://www.kamailio.org/w/2024/06/kamailio-v5-8-2-released/
RPM, Debian/Ubuntu packages will be available soon as well.
Many thanks to all contributing and using Kamailio!
Cheers,
Daniel
--
Daniel-Constantin Mierla (@ asipto.com)
twitter.com/miconda -- linkedin.com/in/miconda
Kamailio Consultancy, Training and Development Services -- asipto.com
Hello,
I am considering to release Kamailio v5.8.2 (out of branch 5.8) on
Wednesday,
June 12, 2024. If anyone is aware of issues not yet on the bug tracker,
report them there asap in order to have a better chance to be fixed.
Cheers,
Daniel
--
Daniel-Constantin Mierla (@ asipto.com)
twitter.com/miconda -- linkedin.com/in/miconda
Kamailio Consultancy, Training and Development Services -- asipto.com
Hi,
In the "Kamailio v5.8.0 Release Notes" I see: "SIP overload control support
for server (RFC7339)". Where can I find some more details about the feature?
Also, the similar question about the new "influxdbc" module. What are the
possible use cases for this module?
Thank you,
Leonid Fainshtein
Xorcom Ltd
I am trying to proxy a request from server A to server C with me being server B. i send the invite from A to B, then i need to send to server R which returns back to me a 300 redirect, which i then need to take the answer from the Contsct and then proxy the original invite from A to C. server A can not handle 3xx responses and must be proxied. I havent been able to find any examples where the 300 is intercepted and a new invite to the target is sent. i have the following code but it results in no new INVITE and the original session is hung until it is canceled. Any idea what i may be doing wrong? In the example below i am just hardcoding the uri for the new invite instead of getting from the Contact as a debug exercise. I am using Kamailio 5.7.3
route[HANDLEREDIRECT] {
xlog("L_INFO", "DBG: HANDLEREDIRECT");
msg_apply_changes();
$var(test) = $hdr(Contact);
xlog("L_INFO","DBG: redirect headers [$var(test)]: from=[$fu] from_user=[$fU], to=[$tu] to_user=[$tU]");
# send to gateway
$var(new_uri) = "sip:" + $tU + "@" + "gateway";
if ($var(new_uri) != "") {
xlog("DBG: Redirecting to: $var(new_uri)\n");
$ru = $var(new_uri);
$tu = $ru;
record_route();
route(RELAY);
exit;
# i have also tried using
#t_newtran();
# and
#t_relay();
} else {
xlog("DBG: No contact header found in 300 response\n");
}
}
# Manage outgoing branches
branch_route[MANAGE_BRANCH] {
xdbg("DBG: new branch [$T_branch_idx] to $ru\n");
xlog("L_INFO", "DBG: manage branch");
route(NATMANAGE);
return;
}
onreply_route[MANAGE_REPLY] {
xdbg("DBG: incoming reply\n");
xlog("L_INFO", "DBG: manage reply");
if (t_check_status("3[0-9][0-9]")) {
xlog("L_INFO", "DBG: got 3xx redirect");
route(HANDLEREDIRECT);
drop;
}
return;
}
I also tried using uac_redirect module, but it stalls the incoming invite also, and i cant figure out how to modify the uri from the contact before sending (to add params)
# Manage failure routing cases
failure_route[MANAGE_FAILURE] {
route(NATMANAGE);
if (t_is_canceled()) exit;
if (t_check_status("3[0-9][0-9]")) {
xlog("L_INFO", "DBG: following 3xx redirect");
get_redirects("3:1");
t_relay();
exit;
}
}
Rob Green
Chief Information Officer (CIO)
Tel: 1-352-218-1490
Cell: 1-407-620-0932
Email: rob.green(a)nuwave.com
Web: www.nuwave.com
This communication is the Property of NUWAVE Communications and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in Error, Please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
Hi everyone,
I am creating a dialogue when I receive INVITE. Is there a way to set
key/value pair like attributes at dialog level, so that, when I receive BYE
message I can retrieve that information and do some processing?
Thank you,
Pavan Kumar
Hi
I wonder if anyone could maybe recommend what to use as signaling B2BUA
to work with Kamailio to handle spiralling / looping calls and to reduce
the number of Route, Via Header and message size, which cause issue
with a large number of CPE.
Requirements:
* New CallID needs to be generated
* Handling Route and Via
* ~ 2000 concurrent calls.
* Preserving custom SIP X- header
* Routing NOTIFY for MWI etc.
Handling RTP is not required!
What I have been looking at more closely:
= FreeSwitch =
Got stuck trying to solve the dependencies to get it to run/build on
ubuntu jammy.
Has anyone experience in running it in a docker container? Will it
perform?
= Sippy =
Very small, very simple, unfortunately removes customer SIP headers and
does not forward NOTIFY. (It's python, so maybe this could be easily
implemented/fixed).
= SEMS =
Does not seem to be actively developed in the last, couple of years.
Looks quite bloated to me for what I need.
= Asterisk =
Each customer header has to be copied, wants to handle RTP and bridge
by issuing Re-Invites. Not sure how to route stuff like NOTIFY.
Also from experience I fear asterisk would translate sip reply codes
(like 608 and 607) it does not know to some 4XX default.
--
Mit freundlichen Grüssen
-Benoît Panizzon- @ HomeOffice und normal erreichbar
--
I m p r o W a r e A G - Leiter Commerce Kunden
______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 Pratteln Fax +41 61 826 93 01
Schweiz Web http://www.imp.ch
______________________________________________________
Hi all
I'm trying to make kamailio not to insert a row in missed_calls table when
reply code is 407. But even if I set the "failed_filter" modparam the 407 row
is inserted.
The acc mmodparams are:
modparam("acc", "db_table_acc", "kam_acc")
modparam("acc", "db_flag", FLT_ACC)
modparam("acc", "db_missed_flag", FLT_ACC_MISS)
modparam("acc", "db_url",DBURL)
modparam("acc", "db_insert_mode", 1)
modparam("acc", "time_mode", 2)
modparam("acc", "time_attr", "time_hires")
modparam("acc", "failed_filter", "401,407")
modparam("acc", "db_extra", "whatever"
db is mysql. Kamailio version is 5.7.4
When I send a call that receives a 407 and after auth a 480 y get both rows in
missed_calls table.
Log:
DEBUG: acc [acc_mod.c:404]: mod_init(): acc db table initialized to: kam_acc
DEBUG: acc [acc_mod.c:362]: parse_failed_filter(): failed_filter 0 = 401
DEBUG: acc [acc_mod.c:362]: parse_failed_filter(): failed_filter 1 = 407
DEBUG: acc [acc_logic.c:721]: tmcb_func(): acc callback called for
t(0x7f7cec807480) event type 512, reply code 407
DEBUG: acc [acc_logic.c:443]: should_acc_reply(): probing acc state - code: 407
flags: 0x220
DEBUG: acc [acc_logic.c:449]: should_acc_reply(): failed acc is off
DEBUG: acc [acc_logic.c:721]: tmcb_func(): acc callback called for
t(0x7f7cebf59bc0) event type 512, reply code 486
DEBUG: acc [acc_logic.c:443]: should_acc_reply(): probing acc state - code: 486
flags: 0x220
DEBUG: acc [acc_logic.c:449]: should_acc_reply(): failed acc is off
am I configuring this wrong?
cheers,
Jon
--
PekePBX, the multitenant PBX solution
https://pekepbx.com
Hey everyone,
I have the following setup:
External User/Trunk <===> Kamailio <===> FreeSWITCH
I have configured FreeSWITCH and Kamailio to work only with phone numbers
in E.164 format. Recently, I needed to integrate a new SIP trunk that sends
phone numbers in an 11-digit US format.
My initial idea to solve this is to use Kamailio as a translator that
converts 11-digit numbers to E.164 when sending to FreeSWITCH, and back to
11-digit when sending to the trunk.
Before writing the code, I want to know if there is already a solution to
this problem in one of the modules, so that I won't reinvent the wheel.
Thanks,
Pavan Kumar
Hi, I'm setting up shared user location for 2 instances of kamailio via
dmq_usrloc.
Everything seems fine except my setup is multi-domains.
The issue arises when the producer node produces the Contact of domain X,
Contact of domain Y separately, but the consumer node stores both as the
Contact of domain Y (seen in kamcmd ul.dump), in which Y is set in
usrloc_domain.
modparam("dmq_usrloc", "usrloc_domain", "{{domain_Y}}")
modparam("usrloc", "use_domain", 1)
====
I had a quick ngrep and see the domain was put in the "aor" key of the body
in KMQ message for usrloc
{"action":1,"aor":"test_username_0dppxcl@$domain_X"}
But I'm not sure how to make my consumer node to store the contact in
appropriate domain.
Any help will be appreciated.
Thanks and regards,
Loi Dang Thanh
Phone : +84. 774.735.448
Email : loi.dangthanh(a)gmail.com
Issue : Not getting relay of ACK and BYE to the next hop after the call is
answered
my Scenario : Asterisk ------->kamailio sip proxy------------------->
carrier (outgoing call)
My carrier is not allowed to send the SIP packet with Record-Route header.
So that I have removed record_route(). After that the call is getting
connected.
I am getting 200 OK (SDP) from carrier side and forwarded that to the
Asterisk on the other side. As a response I am getting ACK from asterisk.
But the kamailio is not forwarding the ACK to the carrier side. I
understood this is because the record-route is not there. The same thing is
happening for BYE also. The Bye is not forwarding to carrier side.
Kindly suggest me a solution for this for relaying ACK and bye without
Record-Route in kamailio
Bellow is the 200 OK SDP I am sending back to asterisk
2024/06/02 10:27:04.756610 103.155.114.101:5060 -> 103.182.153.113:5060
SIP/2.0 200 OK
Call-ID: 1d2897fc-8ae2-4835-b7ac-a96cc28adcc2
Via: SIP/2.0/UDP 103.182.153.113:5060
;received=103.182.153.113;rport=5060;branch=z9hG4bKPj463fedcf-6258-4655-a53d-58ea57f144af
To: <sip:09496381412@103.155.114.101
>;tag=6541fd97-665bfb9a2aea9a78-gm-po-lucentPCSF-109109
From: <sip:917946357720@gaesip.teleforce.in
>;tag=8dba28f5-d250-48c6-99fc-35d84590cfc1
CSeq: 22823 INVITE
Allow:
INVITE,BYE,REGISTER,ACK,OPTIONS,CANCEL,SUBSCRIBE,NOTIFY,INFO,REFER,UPDATE
Contact: <sip:lucentNGFS-115804@10.5.110.117:5060
;alias=10.5.110.117~5060~1;x-afi=11>
Content-Type: application/sdp
Session-Expires: 7200;refresher=uas
Supported: timer
Content-Length: 248
v=0
o=LucentPCSF 130227946 130227946 IN IP4 103.155.114.101
s=-
c=IN IP4 103.155.114.101
t=0 0
m=audio 12806 RTP/AVP 8 101
-------------------------------------------------------------------------------------------------------
The ACK I am getting back from asterisk is
2024/06/02 10:27:04.760392 103.182.153.113:5060 -> 103.155.114.101:5060
ACK sip:lucentNGFS-115804@103.155.114.101:5060;alias=10.5.110.117~5060~1;x-afi=11
SIP/2.0
Via: SIP/2.0/UDP 103.182.153.113:5060
;rport;branch=z9hG4bKPjb7299c25-13d3-484e-8e78-e7c83620edce
From: <sip:917946357720@gaesip.teleforce.in
>;tag=8dba28f5-d250-48c6-99fc-35d84590cfc1
To: <sip:09496381412@103.155.114.101
>;tag=6541fd97-665bfb9a2aea9a78-gm-po-lucentPCSF-109109
Call-ID: 1d2897fc-8ae2-4835-b7ac-a96cc28adcc2
CSeq: 22823 ACK
Max-Forwards: 70
User-Agent: Asterisk PBX 18.13.0
Content-Length: 0
Thanks
Arun
Hello all!
I am struggling on compiling StriShaken module on RHEL 9.2.
So far, the module was compiled as well as libstirshaken.
Below are the steps used to compile (as sudo) both library and module (I
hope this may help someone) and, of course, correct me if I am wrong in any
step or if there is a better way.
Also, note that the RHEL 9,2 is in a VM environment without access to the
WWW, instead it uses Red Hat Satellite to download packages (via Yum or
DNF), if available.
Lib LibKS
download libks from https://github.com/signalwire/libks
unzip
move to dir created by Unzip
run
yum groupinstall "Development Tools"
dnf install libuuid-devel libatomic openssl-devel
cmake .
make
make install
cp /usr/lib/pkgconfig/libks2.pc /usr/lib64/pkgconfig/.
For module LibStirShaken:
download https://github.com/signalwire/libstirshaken
unzip
move to dir
if using OpenSSL3.0 or + edit file configure.ac and add after line 28:
if test x$HAVE_OPENSSL = x1; then
openssl_CFLAGS="$openssl_CFLAGS -DHAVE_OPENSSL";
/* PATCH FOR OPENSSL3 */
AC_MSG_CHECKING([for OpenSSL >= 3.0.0])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <openssl/opensslv.h>
#if OPENSSL_VERSION_PREREQ(3,0)
#error "you_have_version_3"
#endif
]], [[]])],
[ AC_MSG_RESULT([no]) ],
[ AC_MSG_RESULT([yes]);
AC_DEFINE(OPENSSL_SUPPRESS_DEPRECATED, 1, [disable openssl
deprecated-function warnings]) ])
/* END OF PATCH */
else
AC_MSG_ERROR([OpenSSL >= 1.0.1e and associated developement headers
required])
fi
run
configure
make
sudo make install
next, move to dir /root/kamailio/kamailio-5.7.4/src/modules/stirshaken
cd /root/kamailio/kamailio-5.7.4/src/modules/stirshaken
ln -s /root/stirshakenlib/libks-master/src/include/libks libks
make
make install
All seem to compile OK , *but* when starting Kamailio I get the following
errors:
May 29 17:42:02 kamailio1 kamailio[248991]: ERROR: <core>
[core/sr_module.c:599]: ksr_load_module(): could not open module
</usr/local/lib64/kamailio/modules/stirshaken.so>: libstirshaken.so.1:
cannot open shared object file: No such file or directory
May 29 17:42:02 kamailio1 kamailio[248991]: CRITICAL: <core>
[core/cfg.y:3915]: yyerror_at(): parse error in config file
/usr/local/etc/kamailio/kamailio_stir_shaken_mod.cfg, line 106, column
12-26: failed to load module
I haven't found a solution for this.
Can anyone help?
Thanks in advance!
*Sérgio Charrua*
Hi
To determine, if rtpengine was engaged during an invite or not, I make
use of rr params for all messages in following transactions and I set
an avp for all messages in the current transaction.
When the call is canceled, I would need to call rtpengine_delete to
make sure rtpengine stops listening for rtp packets.
Unfortunately, the avp I set during the INVITE, does not seem to be
present while the CANCEL message is processed, despite to my
understanding being in the same transaction.
How can I pass some information from an INVITE to the corresponding
CANCEL?
Mit freundlichen Grüssen
-Benoît Panizzon-
--
I m p r o W a r e A G - Leiter Commerce Kunden
______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 Pratteln Fax +41 61 826 93 01
Schweiz Web http://www.imp.ch
______________________________________________________
trying to use
msg_apply_changes();
subst_hf("Via","/TCP/TLS/","f");
But as i don't seem to have access the top-most via, i can'it doesn't
work... i cam change the incoming Via, but not the outgoing...
I need this urgently.. any help anyone?
> Sergey,
>
> Thanks for pointing me to the PR but that's not exactly what i need, let
> me explain:
>
> We have an AWS an NLB on which our clients connect to and terminate TLS
> connections and from then on into our proxies it is TCP. Now when clients
> send invites (with TLS in their VIA as protocol) and we reply to them
> (because the socket is TCP) I need to set the protocol on the Via to be
> TLS. Otherwise, the client would not understand. This message or will
> believe that it's not. about the same connection
>
> I haven't figured out a way of doing this since it can't get the actual
> VIA that will be sent out. I've tried on the onsend_route (enabling
> onsend_route_reply)
>
> Help is greatly appreciated!
>
>
> Regards,
>
> David Villasmil
> email: david.villasmil.work(a)gmail.com
> phone: +34669448337
>
>
> On Thu, May 30, 2024 at 11:44 PM David Villasmil <
> david.villasmil.work(a)gmail.com> wrote:
>
>> HEllo Sergey,
>>
>> i can send one. yes.
>>
>> Regards,
>>
>> David Villasmil
>> email: david.villasmil.work(a)gmail.com
>> phone: +34669448337
>>
>>
>> On Thu, May 23, 2024 at 5:14 PM Sergey Safarov <s.safarov(a)gmail.com>
>> wrote:
>>
>>> Hi David
>>> Could you send PCAP for an inbound call via TCP connection?
>>>
>>> Sergey
>>>
>>> On Thu, May 23, 2024 at 5:53 PM David Villasmil <
>>> david.villasmil.work(a)gmail.com> wrote:
>>>
>>>> it's still in progress though.
>>>> Regards,
>>>>
>>>> David Villasmil
>>>> email: david.villasmil.work(a)gmail.com
>>>> phone: +34669448337
>>>>
>>>>
>>>> On Thu, May 23, 2024 at 4:51 PM David Villasmil <
>>>> david.villasmil.work(a)gmail.com> wrote:
>>>>
>>>>> Thanks, I'll check it out!
>>>>> Regards,
>>>>>
>>>>> David Villasmil
>>>>> email: david.villasmil.work(a)gmail.com
>>>>> phone: +34669448337
>>>>>
>>>>>
>>>>> On Thu, May 23, 2024 at 4:16 PM Sergey Safarov <s.safarov(a)gmail.com>
>>>>> wrote:
>>>>>
>>>>>> We have tested this PR using the Linphone app.
>>>>>> So your case will be resolved using this PR.
>>>>>> Need to enable HAproxy protocol headers.
>>>>>>
>>>>>> On Wed, May 22, 2024 at 4:36 PM Sergey Safarov <s.safarov(a)gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Please try Kamailio PR
>>>>>>> https://github.com/kamailio/kamailio/pull/3731
>>>>>>>
>>>>>>> We have developed this PR for use case you have described.
>>>>>>> We have tested Route and Record-Route headers not Via.
>>>>>>> So will provide some review for this PR then will be fine.
>>>>>>>
>>>>>>> On Wed, May 22, 2024 at 2:22 PM David Villasmil <
>>>>>>> david.villasmil.work(a)gmail.com> wrote:
>>>>>>>
>>>>>>>> Hello Sergey,
>>>>>>>>
>>>>>>>> Thanks for the suggestion. Not sure if his is what i'm looking for,
>>>>>>>> allow me to explain further:
>>>>>>>> We set up an NetworkLoadBalancer on AWS to offload tls on it. This
>>>>>>>> Load balancer is a TLS listener on the outside and a TCP connection to the
>>>>>>>> proxy inside.
>>>>>>>> So when sending an INVITE to the connected client, the via has a
>>>>>>>> TCP protocol like
>>>>>>>>
>>>>>>>> Via: SIP/2.0/TCP
>>>>>>>> mydomain:port;branch=z9hG4bKf176.53ac8af0d7090a31e44548f15ea420ff.0
>>>>>>>>
>>>>>>>> and the client (linphone) disconnects and tries to contact the
>>>>>>>> proxy on that address on a TCP socket, which doesn't exist. I tried many
>>>>>>>> solutions none of which actually work... last one setting $du =$du +
>>>>>>>> ";transport=tls" and forcing the socket to the TCP socket to the load
>>>>>>>> balancer, but of course i'm getting warnings about this.
>>>>>>>>
>>>>>>>> is this something that PR (not merged) would be addressing, i
>>>>>>>> didn't see that.
>>>>>>>> If not, is there a way of doing this without any trickery?
>>>>>>>>
>>>>>>>> Thanks!
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>>
>>>>>>>> David Villasmil
>>>>>>>> email: david.villasmil.work(a)gmail.com
>>>>>>>> phone: +34669448337
>>>>>>>>
>>>>>>>>
>>>>>>>> On Wed, May 22, 2024 at 12:16 PM Sergey Safarov <
>>>>>>>> s.safarov(a)gmail.com> wrote:
>>>>>>>>
>>>>>>>>> Probable you need this PR
>>>>>>>>> https://github.com/kamailio/kamailio/pull/3810
>>>>>>>>>
>>>>>>>>> Or you can try
>>>>>>>>> https://github.com/kamailio/kamailio/pull/3731
>>>>>>>>> In this PR we faced the same issue and solved this.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Wed, May 22, 2024 at 3:43 AM David Villasmil via sr-users <
>>>>>>>>> sr-users(a)lists.kamailio.org> wrote:
>>>>>>>>>
>>>>>>>>>> Hello Anthony, did you solve this problem? I'm facing the same
>>>>>>>>>> problem
>>>>>>>>>>
>>>>>>>>>> Thanks!
>>>>>>>>>> Regards,
>>>>>>>>>>
>>>>>>>>>> David Villasmil
>>>>>>>>>> email: david.villasmil.work(a)gmail.com
>>>>>>>>>> phone: +34669448337
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Mon, Feb 5, 2018 at 5:57 AM Anthony Alba <
>>>>>>>>>> ascanio.alba7(a)gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> I have kamailio behind a TLS termination proxy so the sockets
>>>>>>>>>>> are correctly deduced to be TCP. However the clients only talk TLS to the
>>>>>>>>>>> proxy and are confused when the top Via header added by Kamailio is TCP. Is
>>>>>>>>>>> there a way for Kamailio to forcibly pretend its protocol is TLS? Like
>>>>>>>>>>> advertised_address but "advertised_protocol" instead.
>>>>>>>>>>>
>>>>>>>>>>> (With pjsip testing: it has a flag use_tls which ignores TCP
>>>>>>>>>>> from Kamailio and continues to use the persistent TLS transport to proxy.
>>>>>>>>>>> Linphone fails because it tries to honor TCP in Via and is unable to
>>>>>>>>>>> establish TCP transport).
>>>>>>>>>>>
>>>>>>>>>>> BTW I am using t_relay_to_tcp so Kamailio will return traffic to
>>>>>>>>>>> the proxy as TCP even though the contact addresses specify transport=TLS.
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> Kamailio (SER) - Users Mailing List
>>>>>>>>>>> sr-users(a)lists.kamailio.org
>>>>>>>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>>>>>>>
>>>>>>>>>> __________________________________________________________
>>>>>>>>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>>>>>>>>> To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
>>>>>>>>>> Important: keep the mailing list in the recipients, do not reply
>>>>>>>>>> only to the sender!
>>>>>>>>>> Edit mailing list options or unsubscribe:
>>>>>>>>>>
>>>>>>>>>
Hi All,
I have a quick question regarding verification on incoming calls regarding the stir/shaken policy. I'm using the secsipid library to check the identity header, but the problem I'm running into is that there is no identity header in the invite from the incoming call (It's showing up as null). Have most carriers enabled passing along an identity header, or is this something that is still in the works for some of them.
Would I need to request and get the certificate from the terminating carrier? I've tried using the auth_identity module to see if i need to use the verification functions to get/request the certificate, but I have had no luck so far.
Would anyone be able to provide direction on how to request/get/pass along the identity header from an incoming call with stir/shaken.
(I am using kamailio v5.6 and debian 12)
Thanks in advance,
Temi
I have kamailio behind a TLS termination proxy so the sockets are correctly
deduced to be TCP. However the clients only talk TLS to the proxy and are
confused when the top Via header added by Kamailio is TCP. Is there a way
for Kamailio to forcibly pretend its protocol is TLS? Like
advertised_address but "advertised_protocol" instead.
(With pjsip testing: it has a flag use_tls which ignores TCP from Kamailio
and continues to use the persistent TLS transport to proxy. Linphone fails
because it tries to honor TCP in Via and is unable to establish TCP
transport).
BTW I am using t_relay_to_tcp so Kamailio will return traffic to the proxy
as TCP even though the contact addresses specify transport=TLS.
Hi All,
I am attempting to install the stirshaken module for kamailio and I ran into a couple issues installing the open source c library for libstirshaken. When I use the make command, I'm getting this error:
src/stir_shaken.c: In function 'stir_shaken_is_key_trusted':
src/stir_shaken.c:726:9: error: 'EVP_PKEY_cmp' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
726 | if (!EVP_PKEY_cmp(pkey, candidate_pkey)) {
| ^~
In file included from /usr/include/openssl/x509.h:29,
from /usr/include/openssl/ssl.h:31,
from /usr/include/libks2/libks/ks_ssl.h:25,
from /usr/include/libks2/libks/ks.h:80,
from include/stir_shaken.h:15,
from src/stir_shaken.c:1:
/usr/include/openssl/evp.h:1418:5: note: declared here
1418 | int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
| ^~~~~~~~~~~~
At top level:
cc1: note: unrecognized command-line option '-Wno-gnu-zero-variadic-macro-arguments' may have been intended to silence earlier diagnostics
cc1: all warnings being treated as errors
make: *** [Makefile:1337: src/stir_shaken.lo] Error 1
I tried going into the stir_shaken file and changing EVP_PKEY_cmp to EVP_PKEY_eq, but it just brings up more deprecation errors. I also tried rolling back the openssl version on my machine to openssl version 1.1 and changing EVP_PKEY_eq back to EVP_PKEY_cmp, but the same error persists. Is there any way to resolve this error, or is there another library that can be used to get the stirshaken module for kamailio?
Thanks in advance,
Temi
Hello,
I have a dockerized IMS setup using kamailio from git commit id
4fb8accc6747ad56fec3dc84d70cb2b8bbd7316e (tag 5.8.x), where I am seeing an
issue faced by one of the users of the dockerized IMS. The issue is that
the SIP request (in UDP) even though it exceed the MTU of 1300
(udp_mtu=1300 and udp_mtu_try_proto=TCP) the SIP request from P-CSCF is not
sent out as a TCP.
The pcap and P-CSCF logs in debug can be found in the github issue -
https://github.com/herlesupreeth/docker_open5gs/issues/316#issuecomment-213…
IP of the containers are follows:
P-CSCF - 172.22.0.21
S-CSCF - 172.22.0.20
SIP Client - 192.168.101.x
P-CSCF is configured with udp_mtu=1300 and udp_mtu_try_proto=TCP
In the pcap you can notice that the SIP NOTIFY originating from S-CSCF is
forwarded to P-CSCF (packet no. 698) and packet length is 2716. At this
point P-CSCF should have tried to convey the SIP packet to SIP client via
TCP. But I dont see any TCP connection establishment either and eventually
request times out (packet 1147).
[image: image.png]
Any help or insights would be highly appreciated.
Thanks and Regards,
Supreeth
Hello,
We are trying to integrate Kamailio as the IMS server with our 5G core
emulator by following the steps listed out at
https://open5gs.org/open5gs/docs/tutorial/02-VoLTE-setup/. In our case, we
have our own 5G core emulator instead of the Open5GS core.
We are using sipp scripts to generate the SIP calls. The PCRF component of
the 5G core is emulated by us and is capable of handling Diamater calls
from Kamailio over the Rx interface.
We have got the setup working to the point where the SIP Register calls are
landing on the PCSCF which in turn is sending out AA Requests to PCRF and
the PCRF is responding. However there is an internal error in the Kamailio
log
"4(3682133) ERROR: ims_qos [ims_qos_mod.c:1305]: w_rx_aar_register(): This
contact does not exist in PCSCF usrloc - error in cfg file"
Please help us in identifying if we are missing anything in the Kamailio
set up.
The packet capture and syslog excerpts from the VM where Kamailio is
running are attached; here we are trying to perform SIP Registration for
three SIP endpoints 001010123456791, 001010123456792 and 001010123456793.
If there is any additional information required, please let us know.
Regards,
Shantanu Kumar Roy
Hello!
I need advice on how to intercept local SIP OPTIONS requests from the
nathelper module for some adjustments?
As far as I tested, it does not fall into the
*event_route[tm:local-request]*
Thanks in advance!
# kamailio -v
version: kamailio 5.7.1 (x86_64/linux) 1cf389-dirty
--
BR,
Denys Pozniak
Hi Henning,
thank you for your reply. I did a lot testings during the past days and I think I found a solution that is working, although it's very dirty...
I found out it is possible to send a manual KDMQ-Message to all Proxy-Nodes including the one that it sending die KDMQ-Message. So I create a dialog state 4 message on ACK and indeed the Dialog on all Peers are Updated correctly to state 4. I also tried this for state 3 on 200 OK, but this does not work. I haven't had a look into the code yet but my experiments shows, that there is never is state 3 update via DMQ, so I think it's not implemented.
Interestingly the TM-Timer still times out after 300 seconds but in normal circumstances this doesn't bother, because either the failed Kamailio will not trigger this, because the Software or the Server crashed, or it tries to send a CANCEL that is denied because we are in dialog state 4.
The only thing is your really have to be careful about your hash tables. You have to delete them at the correct point.
I really need to test a lot at this point, but till now, billing seems to be OK even on failover scenarios.
This is why I really like Kamailio :)
BR, Björn
Am 09.05.24 um 20:57 schrieb Henning Westerholt:
Hello,
thanks for the detailed e-mail. As also indicated in the module documentation, the dialog module DMQ replication will not replicate everything, its main use-case is for profile data sharing. https://kamailio.org/docs/modules/5.8.x/modules/dialog.html#dialog.p.enable…
In the past months there have been some other discussions on the users lists about similar scenarios (I think related to billing/accounting) and dialog with DMQ, which might be interesting for you in this regard.
If you find issues where the DMQ synchronisation is lacking some functionality in the dialog module, you can create a feature request in our issue tracker. There is of course no guarantee that this limitation is also timely addressed.
Regarding the INVITE and CANCEL scenario, this is usually not related to dialog but to the tm module. As you also mentioned, there is no replication of transaction state in tm.
Cheers,
Henning
--
Björn Klasen, Senior Specialist (VoIP)
TNG Stadtnetz GmbH, TNG-Technik
Gerhard-Fröhler-Straße 12
24106 Kiel・Deutschland
T +49 431 7097-10
F +49 431 7097-555
bklasen(a)tng.de<mailto:bklasen@tng.de>
https://www.tng.de
Executive board (Geschäftsführer):
Dr. Sven Willert (CEO/Vorsitz),
Gunnar Peter, Sven Schade,
Carsten Tolkmit, Bernd Sontheimer
Amtsgericht Kiel HRB 6002 KI
USt-ID: DE225201428
Die Information über die Verarbeitung Ihrer Daten
gemäß Artikel 12 DSGVO können Sie unter https://www.tng.de/datenschutz/ abrufen.
______________________________________________________________________
Hi Gang
To process spiraling calls without the dialog module. I'm trying to use
a rr param to identify in which iteration I am.
So when I have a call spiraling through the same instance 3 times,
every time I process an invite I would do something like:
add_rr_param(";sp-count=$avp(sp-count)");
But to initialize that counter, I need to be able to read what is in
there beforehand.
if (check_route_param("sp-count=") {
get_route_param(msg, "sp-count", $avp(sp-count))
$avp(sp-count) = $avp(sp-count) + 1;
add_rr_param(";sp-count=$avp(sp-count)");
} else {
add_rr_param(";sp-count=1");
}
But what do I pass as msg parameter?
Is it the PV $msg(hdrs) ?
PS: I need this to append this to the call ID for rtpengine so I
hopefully can match new transactions no matter from which side they are
initiated to the correct rtp stream.
Mit freundlichen Grüssen
-Benoît Panizzon-
--
I m p r o W a r e A G - Leiter Commerce Kunden
______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 Pratteln Fax +41 61 826 93 01
Schweiz Web http://www.imp.ch
______________________________________________________
Hi everyone,
I have a kamailio configured to send invites from different phone numbers registered in kamailio to different endpoints.
The configuration that I have right now is a big if chain with the phone numbers that then sends the invite using dispatcher module.
Example:
If (phone number in invite = phone number X) { dispatcher sends to endpoint X}
If (phone number in invite = phone number Y) { dispatcher sends to endpoint Y}
If (phone number in invite = phone number Z) { dispatcher sends to endpoint Z}
Im not sure if this is the correct way of doing this or if there is any module that can do this allowing me to configure it using BBDD instead of kamailio configuration.
I started doing it like this on our test environment while I was learning how to use kamailio and I'd like to know if this is the right way to do it or if I should do it with other methods
Thank you in advance
Rtpengine support-
I am re-posting again, as I noticed on the SR-USERs web page no HTML
or inline images are showing
(https://lists.kamailio.org/mailman3/hyperkitty/list/sr-users@lists.kamailio…).
The Wireshark screencap that demonstrates the issue is uploaded at:
https://www.signalogic.com/images/rtpengine_wireshark_capture_timestamp_jum…
all other info remains the same.
Thanks, Jeff
----- Forwarded message from Jeff Brower <jbrower(a)signalogic.com> -----
Date: Fri, 17 May 2024 17:10:10 +0000
From: Jeff Brower <jbrower(a)signalogic.com>
Subject: Fwd: [SR-Users] rtpengine timestamp jumps
To: sr-users(a)lists.kamailio.org
Reposting this. If there is an issue with HTML format and/or wireshark
screen cap and I need to upload that separately somewhere else, please
let me know. Thanks.
-Jeff
----- Forwarded message from Jeff Brower <jbrower(a)signalogic.com> -----
Date: Thu, 09 May 2024 05:32:27 +0000
From: Jeff Brower <jbrower(a)signalogic.com>
Subject: [SR-Users] rtpengine timestamp jumps
To: sr-users(a)lists.kamailio.org
Hi rtpengine experts,
We have some customers processing long multi-party call pcaps using
mediaMin who are reporting large amounts of packets with timestamp
jumps but no packet loss (for instance 10% of packets over a 1 hr 45
min call). For example, in the Wireshark excerpt shown below, packets
6 and 8 sent by rtpengine show a timestamp increment of 640, but
sequence number increment of 1:
[screencap link at
https://www.signalogic.com/images/wireshark_capture_timestamp_jump.png]
In the mediaMin output packet log we typically see sections similar to:
:
:
Seq num 98584 timestamp = 3902252372, rtp pyld len = 33 media-R
Seq num 98585 timestamp = 3902252692, rtp pyld len = 33 media
Seq num 98586 timestamp = 3902253012, rtp pyld len = 33 media-R
Seq num 98587 timestamp = 3902253332, rtp pyld len = 33 media
Seq num 98588 timestamp = 3902253652, rtp pyld len = 33 media-R
Seq num 98589 timestamp = 3902253972, rtp pyld len = 33 media
Seq num 98590 timestamp = 3902254292, rtp pyld len = 33 media
Seq num 98591 timestamp = 3902254612, rtp pyld len = 33 media-R
Seq num 98592 timestamp = 3902254932, rtp pyld len = 33 media
Seq num 98593 timestamp = 3902255252, rtp pyld len = 33 media
Seq num 98594 timestamp = 3902255572, rtp pyld len = 33 media-R
Seq num 98595 timestamp = 3902255892, rtp pyld len = 33 media
Seq num 98596 timestamp = 3902256212, rtp pyld len = 33 media
Seq num 98597 timestamp = 3902256532, rtp pyld len = 33 media
Seq num 98598 timestamp = 3902256852, rtp pyld len = 33 media-R
Seq num 98599 timestamp = 3902257172, rtp pyld len = 33 media
Seq num 98600 timestamp = 3902257492, rtp pyld len = 33 media-R
Seq num 98601 timestamp = 3902257812, rtp pyld len = 33 media
Seq num 98602 timestamp = 3902258132, rtp pyld len = 33 media
Seq num 98603 timestamp = 3902258452, rtp pyld len = 33 media
Seq num 98604 timestamp = 3902258772, rtp pyld len = 33 media-R
Seq num 98605 timestamp = 3902259092, rtp pyld len = 33 media
:
:
where media-R packets are timestamp gap repairs (i.e. frame loss
concealment). The behavior tends to be bursty, but once it gets going
it goes for a while and seems relatively consistent.
Is this expected behavior for rtpengine ? If so is rptengine in turn
dealing with some type of "slow packet rate" issue from a remote
sender ?
Thanks, Jeff
----- End forwarded message -----
----- End forwarded message -----
Hello all, im not clear on the children setting, currently we’re listening in a single UDP port, i do understand that children are how many forks per listener ip:port, but i have this question, is this value tied on how many requests are received?
In our case every requests takes an average of 80ms to be processed (there are a few external queries executed per request), so, example which value for children should i use if i have 200req/s, 300, 400?
Right now im using 16 but i can see some cpu peaks in high traffic hours.
thanks
Hello,
We are trying to integrate Kamailio as the IMS server with our 5G core
emulator by following the steps listed out at
https://open5gs.org/open5gs/docs/tutorial/02-VoLTE-setup/. In our case, we
have our own 5G core emulator instead of the Open5GS core.
We are using sipp scripts to generate the SIP calls. The PCRF component of
the 5G core is emulated by us and is capable of handling Diamater calls
from Kamailio over the Rx interface.
We have got the setup working to the point where the SIP Register calls are
landing on the PCSCF which in turn is sending out AA Requests to PCRF and
the PCRF is responding. However there is an internal error in the Kamailio
log
"4(3682133) ERROR: ims_qos [ims_qos_mod.c:1305]: w_rx_aar_register(): This
contact does not exist in PCSCF usrloc - error in cfg file"
Please help us in identifying if we are missing anything in the Kamailio
set up.
The packet capture and syslog excerpts from the VM where Kamailio is
running are attached; here we are trying to perform SIP Registration for
three SIP endpoints 001010123456791, 001010123456792 and 001010123456793.
If there is any additional information required, please let us know.
Regards,
Shantanu
Checking Kamailio in a VoLTE environment we are finding issues to make it work.
First issues arise when getting AS to extract the required info from third party registration, primarily IMPUs.
Third party registration is sent to AS with IMPI in To header, preventing the AS from extracting the IMPU from the most obvious place, the To header, according to 3GPP 24.229:
"Notification of Application Servers about registration status
[...] the To header field, which shall contain a non-barred public user identity belonging to the service profile of the processed Filter Criteria. It may be either a public user identity as contained in the REGISTER request received from the UE or one of the implicitly registered public user identities in the service profile, as configured by the operator;"
On the other hand, the third party registration can only embed in its body either the original request or the original response but not both (notice mutually exclusive "else if" statements in third_party_reg.c). Both are needed to extract Feature-Caps (from original request) and IMPUs (for instance from P-Associated-URI in original response).
Therefore to extract that info the AS should subscribe to the reg info in S-CSCF, but such SUBSCRIBE is rejected with 403. From Registrar IMS SCSCF documenation it looks like this is not supported:
"This function checks to see that a SUBSCRIBE request is authorised to subscribe to the particular identity. Only 3 entities can subscribe:
The user agent to its own state
The P-CSCF specified in the path header for that user
Application Server (AS) not yet implemented"
Therefore question to the community is how these limitations are overcome in existing VoLTE deployments with Kamailio? Any advice?
Hi all,
I was reviewing the `ims_ipsec_pcscf` code and noticed that this module creates a pool of sockets using different ports (ipsec_max_connections). I'm unclear on the necessity of this approach. Can't we simply create one server listener and one client listener to handle all UE connections? If this is feasible, is there still a need to create the pool at startup?
I'm curious if this is due to an architectural limitation or if the IPSec module can be modified to replace the current implementation with a more efficient one.
Thank you for your insights.
Best regards,Hossein
Hello
In the context of an IMS deployment, does anybody know if Shared iFC mechanism is supported in Kamailio? I don't see configuration options for it, and just wanted to confirm if only regular iFCs (residing on HSS) are supported.
Thank you
Hi,
I am trying to set up VoNR with version 5.8.1, but I cannot find the configuration information and documentation anywhere. Has anyone tested a VoNR call?
Thanks.
We've noticed an issue with UDP endpoints and the usrloc module not sending keepalive packets to them for a long time. Eventually, usrloc will begin doing it, but sometimes it's anywhere between 10 minutes and multiple hours before the endpoint starts receiving an OPTIONS packet.
TCP and TLS endpoints do not have this issue - they being receiving OPTIONS after registration + ka_timeout elapsed.
Has anyone else seen this? It can be very easily seen with a pcap on a device registering via UDP.