Hello, we are running kamailio 1.4. Some days ago one of our subscribers SIP phone went crazy and bombarded our proxy with thousands of REGISTER requests. Actually, it didn't wait for any response of the proxy, it just kept sending REGISTER messages (same packet always). Since we are running with nonce_reuse disabled, it stalled the server due to "auth:challenge: failed to generate nonce". I don't have the whole figure but the packet capture I inspected showed that the terminal sent more than 200 thousand REGISTER messages in 15 seconds. We may not be able to replace those terminals at this moment. So to avoid this problem to happen again, we enabled nonce_reuse. However this only will solve the nonce problem but still we will have a lot of hits to database. So I was thinking, maybe I should create a transaction before sending the challenge so that REGISTER retransmissions would be absorbed. I was thinking in doing something like this:
if (!proxy_authorize("", "subscriber")) { t_newtran(); proxy_challenge("", "0"); exit; }
Does anyone see any problem/shortcoming with this?
regards, takeshi
mayamatakeshi writes:
So I was thinking, maybe I should create a transaction before sending the challenge so that REGISTER retransmissions would be absorbed. I was thinking in doing something like this:
if (!proxy_authorize("", "subscriber")) { t_newtran(); proxy_challenge("", "0"); exit; }
Does anyone see any problem/shortcoming with this?
you could also use pike module to drop too frequent requests.
-- juha
> was thinking in doing something like this: > > if (!proxy_authorize("", "subscriber")) { > t_newtran(); > proxy_challenge("", "0"); > exit; > } > > Does anyone see any problem/shortcoming with this?
you could also use pike module to drop too frequent requests.
Thanks, I'll use this module.
try this one: http://www.kamailio.org/docs/modules/devel/htable.html#id2454064
mayamatakeshi schrieb:
Hello, we are running kamailio 1.4. Some days ago one of our subscribers SIP phone went crazy and bombarded our proxy with thousands of REGISTER requests. Actually, it didn't wait for any response of the proxy, it just kept sending REGISTER messages (same packet always). Since we are running with nonce_reuse disabled, it stalled the server due to "auth:challenge: failed to generate nonce". I don't have the whole figure but the packet capture I inspected showed that the terminal sent more than 200 thousand REGISTER messages in 15 seconds. We may not be able to replace those terminals at this moment. So to avoid this problem to happen again, we enabled nonce_reuse. However this only will solve the nonce problem but still we will have a lot of hits to database. So I was thinking, maybe I should create a transaction before sending the challenge so that REGISTER retransmissions would be absorbed. I was thinking in doing something like this:
if (!proxy_authorize("", "subscriber")) { t_newtran(); proxy_challenge("", "0"); exit; }
Does anyone see any problem/shortcoming with this?
regards, takeshi
Kamailio (OpenSER) - Users mailing list Users@lists.kamailio.org http://lists.kamailio.org/cgi-bin/mailman/listinfo/users http://lists.openser-project.org/cgi-bin/mailman/listinfo/users
On Tue, Mar 24, 2009 at 6:43 PM, Klaus Darilion klaus.mailinglists@pernau.at wrote:
try this one: http://www.kamailio.org/docs/modules/devel/htable.html#id2454064
Thanks. I can't use this right now as I'm still working with branch 1.4. I'll go with it when we migrate to a newer branch.
mayamatakeshi schrieb:
Hello, we are running kamailio 1.4. Some days ago one of our subscribers SIP phone went crazy and bombarded our proxy with thousands of REGISTER requests. Actually, it didn't wait for any response of the proxy, it just kept sending REGISTER messages (same packet always). Since we are running with nonce_reuse disabled, it stalled the server due to "auth:challenge: failed to generate nonce". I don't have the whole figure but the packet capture I inspected showed that the terminal sent more than 200 thousand REGISTER messages in 15 seconds. We may not be able to replace those terminals at this moment. So to avoid this problem to happen again, we enabled nonce_reuse. However this only will solve the nonce problem but still we will have a lot of hits to database. So I was thinking, maybe I should create a transaction before sending the challenge so that REGISTER retransmissions would be absorbed. I was thinking in doing something like this:
if (!proxy_authorize("", "subscriber")) { t_newtran(); proxy_challenge("", "0"); exit; }
On 03/24/2009 07:03 PM, mayamatakeshi wrote:
On Tue, Mar 24, 2009 at 6:43 PM, Klaus Darilion klaus.mailinglists@pernau.at wrote:
try this one: http://www.kamailio.org/docs/modules/devel/htable.html#id2454064
Thanks. I can't use this right now as I'm still working with branch 1.4. I'll go with it when we migrate to a newer branch.
if one really needs htable, then you can just copy from 1.5 to 1.4, compile&install. I am using it in may 1.4 deployments.
Cheers, Daniel
mayamatakeshi schrieb:
Hello, we are running kamailio 1.4. Some days ago one of our subscribers SIP phone went crazy and bombarded our proxy with thousands of REGISTER requests. Actually, it didn't wait for any response of the proxy, it just kept sending REGISTER messages (same packet always). Since we are running with nonce_reuse disabled, it stalled the server due to "auth:challenge: failed to generate nonce". I don't have the whole figure but the packet capture I inspected showed that the terminal sent more than 200 thousand REGISTER messages in 15 seconds. We may not be able to replace those terminals at this moment. So to avoid this problem to happen again, we enabled nonce_reuse. However this only will solve the nonce problem but still we will have a lot of hits to database. So I was thinking, maybe I should create a transaction before sending the challenge so that REGISTER retransmissions would be absorbed. I was thinking in doing something like this:
if (!proxy_authorize("", "subscriber")) { t_newtran(); proxy_challenge("", "0"); exit; }
Kamailio (OpenSER) - Users mailing list Users@lists.kamailio.org http://lists.kamailio.org/cgi-bin/mailman/listinfo/users http://lists.openser-project.org/cgi-bin/mailman/listinfo/users
2009/3/24 mayamatakeshi mayamatakeshi@gmail.com:
So I was thinking, maybe I should create a transaction before sending the challenge so that REGISTER retransmissions would be absorbed. I was thinking in doing something like this:
if (!proxy_authorize("", "subscriber")) { t_newtran(); proxy_challenge("", "0"); exit; }
Do all the REGISTER have the same "branch" parameter? If not, t_newtran will do nothing since they are not retransmissions.
On Tue, Mar 24, 2009 at 7:37 PM, Iñaki Baz Castillo ibc@aliax.net wrote:
2009/3/24 mayamatakeshi mayamatakeshi@gmail.com:
So I was thinking, maybe I should create a transaction before sending the challenge so that REGISTER retransmissions would be absorbed. I was thinking in doing something like this:
if (!proxy_authorize("", "subscriber")) { t_newtran(); proxy_challenge("", "0"); exit; }
Do all the REGISTER have the same "branch" parameter? If not, t_newtran will do nothing since they are not retransmissions.
Yes. The UA was not trying to register, it was simply sending the exact same message all the time. So it should work, but I'll try the pike module instead.
Hello I'm getting this error when I try to do URI calls:
LOG ---> T_ON_REPLY ERROR:tm:t_forward_nonack: no branch for forwarding ERROR:tm:w_t_relay: t_forward_nonack failed CRITICAL:tm:t_should_relay_response: pick_branch failed (lowest==-1) for code 408
And X-Lite says: "Server error occurred"
My config is based in the sample configuration file that comes with Kamailio. Here is my route[1], where the call should be routed:
route[1] {
if (check_route_param("nat=yes")) { setbflag(6); } if (isflagset(5) || isbflagset(6)) { route(5); }
/* example how to enable some additional event routes */ if (is_method("INVITE")) { #t_on_branch("1"); log(3, "LOG ---> T_ON_REPLY \n"); t_on_reply("1"); t_on_failure("1"); }
if (!t_relay()) { sl_reply_error(); } exit; }
My "branch_route", "on_reply_route" and "failure_route" are just like in kamailio.cfg.sample.
What could be causing this errors? Thanks Regards Joao Pereira
Hello,
do you call t_relay() or route(1) in your failure route?
Post your failure route here. Seems you try to forward a failed transaction without adding a new branch.
Cheers, Daniel
On 03/24/2009 09:31 PM, Joao Gomes Pereira wrote:
Hello I'm getting this error when I try to do URI calls:
LOG ---> T_ON_REPLY ERROR:tm:t_forward_nonack: no branch for forwarding ERROR:tm:w_t_relay: t_forward_nonack failed CRITICAL:tm:t_should_relay_response: pick_branch failed (lowest==-1) for code 408
And X-Lite says: "Server error occurred"
My config is based in the sample configuration file that comes with Kamailio. Here is my route[1], where the call should be routed:
route[1] {
if (check_route_param("nat=yes")) { setbflag(6); } if (isflagset(5) || isbflagset(6)) { route(5); } /* example how to enable some additional event routes */ if (is_method("INVITE")) { #t_on_branch("1"); log(3, "LOG ---> T_ON_REPLY \n"); t_on_reply("1"); t_on_failure("1"); } if (!t_relay()) { sl_reply_error(); } exit;}
My "branch_route", "on_reply_route" and "failure_route" are just like in kamailio.cfg.sample.
What could be causing this errors? Thanks Regards Joao Pereira
Kamailio (OpenSER) - Users mailing list Users@lists.kamailio.org http://lists.kamailio.org/cgi-bin/mailman/listinfo/users http://lists.openser-project.org/cgi-bin/mailman/listinfo/users
Hello here is the failure route:
failure_route[1] {
if (is_method("INVITE") && (isbflagset(6) || isflagset(5))) { unforce_rtp_proxy(); }
if (t_was_cancelled()) { exit; } }
Do I need to add t_relay() or route(1) ? Thanks Joao Pereira
Daniel-Constantin Mierla wrote:
Hello,
do you call t_relay() or route(1) in your failure route?
Post your failure route here. Seems you try to forward a failed transaction without adding a new branch.
Cheers, Daniel
On 03/24/2009 09:31 PM, Joao Gomes Pereira wrote:
Hello I'm getting this error when I try to do URI calls:
LOG ---> T_ON_REPLY ERROR:tm:t_forward_nonack: no branch for forwarding ERROR:tm:w_t_relay: t_forward_nonack failed CRITICAL:tm:t_should_relay_response: pick_branch failed (lowest==-1) for code 408
And X-Lite says: "Server error occurred"
My config is based in the sample configuration file that comes with Kamailio. Here is my route[1], where the call should be routed:
route[1] {
if (check_route_param("nat=yes")) { setbflag(6); } if (isflagset(5) || isbflagset(6)) { route(5); } /* example how to enable some additional event routes */ if (is_method("INVITE")) { #t_on_branch("1"); log(3, "LOG ---> T_ON_REPLY \n"); t_on_reply("1"); t_on_failure("1"); } if (!t_relay()) { sl_reply_error(); } exit;}
My "branch_route", "on_reply_route" and "failure_route" are just like in kamailio.cfg.sample.
What could be causing this errors? Thanks Regards Joao Pereira
Kamailio (OpenSER) - Users mailing list Users@lists.kamailio.org http://lists.kamailio.org/cgi-bin/mailman/listinfo/users http://lists.openser-project.org/cgi-bin/mailman/listinfo/users
2009/3/24 Joao Gomes Pereira gomespereira@startel.pt:
Inline:
Hello I'm getting this error when I try to do URI calls:
LOG ---> T_ON_REPLY ERROR:tm:t_forward_nonack: no branch for forwarding ERROR:tm:w_t_relay: t_forward_nonack failed CRITICAL:tm:t_should_relay_response: pick_branch failed (lowest==-1) for code 408
And X-Lite says: "Server error occurred"
My config is based in the sample configuration file that comes with Kamailio. Here is my route[1], where the call should be routed:
route[1] {
Add a xlog here and show the $ru
if (check_route_param("nat=yes")) { setbflag(6); } if (isflagset(5) || isbflagset(6)) { route(5); }
/* example how to enable some additional event routes */ if (is_method("INVITE")) { #t_on_branch("1"); log(3, "LOG ---> T_ON_REPLY \n"); t_on_reply("1"); t_on_failure("1"); }
if (!t_relay()) { sl_reply_error(); } exit; }
-
Daniel-Constantin Mierla -
Iñaki Baz Castillo -
jh@tutpro.com -
Joao Gomes Pereira -
Klaus Darilion -
mayamatakeshi