How can I set the destination URI for an INVITE to be a websocket-secure destination? Is it possible?
Summary I've a proxy with tcp_connection_match=1, but websocket URIs always have transport=ws (never transport=wss) in them, so relaying a call to a WSS connection always fails. I tested running kamailio 6.0.0-dev2 compiled from a commit made this week. This proxy server uses nathelper rather than outbound module.
Detail We know that "transport=ws" is used for both WS and WSS. I've a proxy server that receives an INVITE for a WSS destination, and this proxy supports both WS and WSS. This proxy server must have core parameter tcp_connection_match=1 set, and this leads the t_relay() to fail. When an INVITE comes, these are the steps. - The URI is something like sip:user@anonymous.invalid;alias=198.51.100.10~52833~6;transport=ws. - First handle_ruri_alias() removes the alias (which has ~6 in it, for wss) and sets the $du to something like sip:198.51.100.10:52833;transport=ws. - Then loose_route_preloaded() processes the Route header fields and forces the outbound socket to the TLS websocket one. - Then t_relay() fails to relay the INVITE and responds with 477 or 500.
If, however, there's a non-TLS websocket connection open to the proxy, the INVITE would be erroneously relayed over that (using the wrong kamailio-side TCP port). I can go deeper with testing if required. I wonder whether this is a bug.
James