Hi Cyril, happy to hear that you solved the problem. About switching back to request_route type is not possible, it has to do with the kamailio mechanism to suspend transactions. The callback route is always a failure route. The solution for rtpengine is either to call rtpengine_offer explicitly or call rtpengine_manage in a branch_route, as you are doing and it's imho among the best practices for kamailio.
Cheers,
Federico
On Tue, Feb 8, 2022 at 10:34 AM Cyril Ramière cyril.ramiere@gmail.com wrote:
Hi Federico,
Thank you, this was the solution!
You were right about trying to log $T(reply_code), this triggers the critical error and sends a 500 internal server error message. Since I was using the same xlog line across my entire code, $T(reply_code) was called multiple times, I didn't think it would cause such an issue since the documentation states that it returns 0 in the worst case.
I stumbled across another issue, my rtpengine stopped working, it was due to the fact that the http async client (so async framework) uses a "failure_route" when triggering the callback route, so the first action of rtpengine_manage() is to DELETE the transaction if in failure_route.
I moved/refactored some logic to trigger rtpengine inside a branch_route, but I'm wondering if there is a way after my http query is done to revert back to the request_route instead of the failure_route.
Cheers,
Cyril
Le ven. 4 févr. 2022 à 10:00, Federico Cabiddu federico.cabiddu@gmail.com a écrit :
Hi Cyril, I tried your script and changing sl_send_reply("200","OK"); with send_reply("200","OK") or t_reply("200","OK"); it works, a 200 OK reply is sent out.
The message
"CRITICAL: tmx [t_var.c:546]: pv_get_tm_reply_code(): no picked branch (-1) for a final response in MODE_ONFAILURE"
comes from trying, in the xlog call, to access $T(reply_code) where there is actually no reply code for the transaction (no reply has been received/generated)
Could you try the following snippet based on http_async_client?
request_route { xlog("L_NOTICE", "ROOT - New request - M=$rm UAC-IP=$si:$sp LB-IP=$tcp(c_si):$tcp(c_sp) UA='$ua' ID=$ci\n");
if (is_method("REGISTER")){ xlog("L_NOTICE", "[ROOT] Got REGISTER. method=$rm -code=$T(reply_code) - Destination=$ru - Origin=[$fU@$si:$sp]\n"); if(!is_present_hf("Authorization")){ xlog("L_INFO","[ROOT::REGISTER] No auth provided, sending CHALLENGE for $fU ($fu) (FINAL)\n"); www_challenge("$td","1"); exit; } else{ xlog("L_INFO","[ROOT::REGISTER] Auth provided, Go to AUTH_DOQUERY using http_async_client\n"); t_newtran(); http_async_query("http://127.0.0.1:8000/%22,%22AUTH_REPLY"); } }
exit;}
route[AUTH_REPLY]{ xlog("L_NOTICE", "[AUTH_REPLY]: http_rs=$http_rs\n"); send_reply("200","OK"); exit; }
(I'm running a simple http server always replying 200 on the loopback interface)
Cheers,
Federico
On Thu, Feb 3, 2022 at 12:13 PM Cyril Ramière cyril.ramiere@gmail.com wrote:
Okay, so I have done that,
Please find here : https://zerobin.net/?7743b78716b00c72#Jzmdq+5ZlFfZId+M/hP+52Ih0AMAMNUjeUT1cN...
My full config (I redacted some parts like IPs and domains), with the minimal routing blocks to reproduce and the logs.
If you don't mind checking it, it would be great :)
Cheers,
Cyril
Le jeu. 3 févr. 2022 à 11:39, Federico Cabiddu < federico.cabiddu@gmail.com> a écrit :
I have to admit that even looking at the debug logs I cannot understand what's going on in your case. As said I'm running an authentication scenario very similar to yours, being the challenge the only difference. What I can suggest to further digging is to reduce your configuration as much as possible (e.g. I see that you are using topoh) and see if we can understand better what is causing the issue.
Cheers,
Federico
On Thu, Feb 3, 2022 at 7:58 AM Olle E. Johansson oej@edvina.net wrote:
On 2 Feb 2022, at 23:58, Cyril Ramière cyril.ramiere@gmail.com wrote:
Hi Karsten,
Thanks for the clue, unfortunately I can't use this module because the clients are "dumb" sip phones.
The goal of my implementation is to use our application API to handle the login.
The plan was that a sip phone sends a REGISTER, I ask the API endpoint if this user/password is ok to connect and allow/deny based on the reply and informations provided by the API.
Everything is relying on the fact that I can make my HTTP call when handling the REGISTER, sadly for me, it doesn't work and I still can't figure why.
Try http_client. I’ve used it a lot of time for authentication. It will block your thread while waiting for response, but you can handle some of those issues by caching secrets for a short time with htable.
/O
Cheers,
Cyril
Le mer. 2 févr. 2022 à 19:49, Karsten Horsmann khorsmann@gmail.com a écrit :
Hi Cyril,
This Kamailio module could imho do the same
https://www.kamailio.org/docs/modules/devel/modules/auth_ephemeral.html
Cyril Ramière cyril.ramiere@gmail.com schrieb am Do., 27. Jan. 2022, 08:04:
> Hi there, > > I have a weird issue with kamailio (latest docker > image kamailio-ci:5.5.2-alpine) and http_async_client. > > Before posting a lot of logs, let me describe what I want to achieve. > > I have a Kamailio and a SIP Phone. > > The SIP phone sends a REGISTER to kamailio, then in my routing > block, I check if I have an Authorization header. > > Since I don't have an Authorization (first message), I > use "www_challenge()". > This replies to the SIP phone, and then the SIP phone sends a new > REGISTER with the correct Authorization header. > > So far so good. > > Now, when I get the REGISTER with Authorization header, I want to > ask an HTTP endpoint if this user is allowed to connect and check the > password using http_async_query(). > > The problem is that when the transaction resumes, the tmx module is > unhappy and throws this error : > > 30(36) CRITICAL: tmx [t_var.c:546]: pv_get_tm_reply_code(): no > picked branch (-1) for a final response in MODE_ONFAILURE > > And a 500 error is sent back to the sip phone. > The AUTH_REPLY route is still called and I can use the $http* values. > > Do you see something that I am doing wrong or missing in my logic? > Is pausing/resuming to use the async http client is allowed if I'm > handling a REGISTER transaction? > > Here's a simplified version of my routing block (not far from > reality): > > ##### SNIP > > request_route{ > > route(AUTH); > > > route[AUTH]{ > > if (is_method("REGISTER"){ > > if(no_auth_header){ > > www_challenge("$td","1"); > > exit; > > } > > else{ > > t_newtran(); > > http_async_query("http://xxx.xxx.xxx.xxx:9000/auth?foo=bar", "AUTH_REPLY"); > > } > > } > > } > > > route[AUTH_REPLY]{ > > xlog("L_INFO", "route[HTTP_REPLY]: status $http_rs\n"); > > } > > > } > > ##### END SNIP > > > Best regards! > __________________________________________________________ > Kamailio - Users Mailing List - Non Commercial Discussions > * sr-users@lists.kamailio.org > Important: keep the mailing list in the recipients, do not reply > only to the sender! > Edit mailing list options or unsubscribe: > * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions
- sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
Kamailio - Users Mailing List - Non Commercial Discussions
- sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
Kamailio - Users Mailing List - Non Commercial Discussions
- sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
Kamailio - Users Mailing List - Non Commercial Discussions
- sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
Kamailio - Users Mailing List - Non Commercial Discussions
- sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
Kamailio - Users Mailing List - Non Commercial Discussions
- sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
Kamailio - Users Mailing List - Non Commercial Discussions
- sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: