After many failures because of broken libraries I managed to decrypt my problematic TLS sessions providing the private key of kamailio to wireshark.
With TLS+SRTP enabled my nokia phones send session progress and pracks with rtp port. This breaks NAT/rtpproxy in kamailio, which replaces the rtpproxy port in session progress, but then forgets about it for the 200 OK.
Attached is a tree overview and the conversations of each phone with kamailio.
hiro
Hello,
On 8/29/13 10:22 PM, hiro wrote:
After many failures because of broken libraries I managed to decrypt my problematic TLS sessions providing the private key of kamailio to wireshark.
With TLS+SRTP enabled my nokia phones send session progress and pracks with rtp port. This breaks NAT/rtpproxy in kamailio, which replaces the rtpproxy port in session progress, but then forgets about it for the 200 OK.
Attached is a tree overview and the conversations of each phone with kamailio.
can you try with latest branch 4.0? The issue was probably due to rtpproxy_manage() function not taking in consideration PRACKs with sdp. Alternative is to use rtpproxy_offer()/rtpproxy_answer() to control rtpproxy application.
Cheers, Daniel
For this installation I used the .deb from http://deb.kamailio.org/kamailio Sorry I forgot to include this critical information. Is 4.0.3 new enough? Else I can also compile tip, or head or whatever it's called ;)
kamailio -V version: kamailio 4.0.3 (x86_64/linux) flags: STATS: Off, USE_IPV6, USE_TCP, USE_TLS, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 4MB poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. id: unknown compiled on 17:01:35 Aug 19 2013 with gcc 4.7.2
On 9/4/13, Daniel-Constantin Mierla miconda@gmail.com wrote:
Hello,
On 8/29/13 10:22 PM, hiro wrote:
After many failures because of broken libraries I managed to decrypt my problematic TLS sessions providing the private key of kamailio to wireshark.
With TLS+SRTP enabled my nokia phones send session progress and pracks with rtp port. This breaks NAT/rtpproxy in kamailio, which replaces the rtpproxy port in session progress, but then forgets about it for the 200 OK.
Attached is a tree overview and the conversations of each phone with kamailio.
can you try with latest branch 4.0? The issue was probably due to rtpproxy_manage() function not taking in consideration PRACKs with sdp. Alternative is to use rtpproxy_offer()/rtpproxy_answer() to control rtpproxy application.
Cheers, Daniel
-- Daniel-Constantin Mierla - http://www.asipto.com http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Kamailio Advanced Trainings - Berlin, Oct 21-24; Miami, Nov 11-13, 2013
- more details about Kamailio trainings at http://www.asipto.com -
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Ok, I compiled the latest rtpproxy.so, the problem persists: the interesting facts are: the callee only answers with sdp port once, in the session progress message. the 200 ok does not have sdp body, but kamailio inserts sdp into it.
With the new rtpproxy.so kamailio responds to the session progress by sending a prack to the callee itself followed by a 200 ok to the caller that includes sdp but has CSeq: 893961 PRACK which never got requested by the caller though.
On 9/4/13, hiro 23hiro@gmail.com wrote:
For this installation I used the .deb from http://deb.kamailio.org/kamailio Sorry I forgot to include this critical information. Is 4.0.3 new enough? Else I can also compile tip, or head or whatever it's called ;)
kamailio -V version: kamailio 4.0.3 (x86_64/linux) flags: STATS: Off, USE_IPV6, USE_TCP, USE_TLS, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 4MB poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. id: unknown compiled on 17:01:35 Aug 19 2013 with gcc 4.7.2
On 9/4/13, Daniel-Constantin Mierla miconda@gmail.com wrote:
Hello,
On 8/29/13 10:22 PM, hiro wrote:
After many failures because of broken libraries I managed to decrypt my problematic TLS sessions providing the private key of kamailio to wireshark.
With TLS+SRTP enabled my nokia phones send session progress and pracks with rtp port. This breaks NAT/rtpproxy in kamailio, which replaces the rtpproxy port in session progress, but then forgets about it for the 200 OK.
Attached is a tree overview and the conversations of each phone with kamailio.
can you try with latest branch 4.0? The issue was probably due to rtpproxy_manage() function not taking in consideration PRACKs with sdp. Alternative is to use rtpproxy_offer()/rtpproxy_answer() to control rtpproxy application.
Cheers, Daniel
-- Daniel-Constantin Mierla - http://www.asipto.com http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Kamailio Advanced Trainings - Berlin, Oct 21-24; Miami, Nov 11-13, 2013
- more details about Kamailio trainings at http://www.asipto.com -
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Hello,
I doubt Kamailio adds any sdp body. Can you post here the ngrep with all the SIP signaling from the first INVITE?
Cheers, Daniel
On Sun, Sep 8, 2013 at 11:00 PM, hiro 23hiro@gmail.com wrote:
Ok, I compiled the latest rtpproxy.so, the problem persists: the interesting facts are: the callee only answers with sdp port once, in the session progress message. the 200 ok does not have sdp body, but kamailio inserts sdp into it.
With the new rtpproxy.so kamailio responds to the session progress by sending a prack to the callee itself followed by a 200 ok to the caller that includes sdp but has CSeq: 893961 PRACK which never got requested by the caller though.
On 9/4/13, hiro 23hiro@gmail.com wrote:
For this installation I used the .deb from
http://deb.kamailio.org/kamailio
Sorry I forgot to include this critical information. Is 4.0.3 new enough? Else I can also compile tip, or head or whatever it's called ;)
kamailio -V version: kamailio 4.0.3 (x86_64/linux) flags: STATS: Off, USE_IPV6, USE_TCP, USE_TLS, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 4MB poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. id: unknown compiled on 17:01:35 Aug 19 2013 with gcc 4.7.2
On 9/4/13, Daniel-Constantin Mierla miconda@gmail.com wrote:
Hello,
On 8/29/13 10:22 PM, hiro wrote:
After many failures because of broken libraries I managed to decrypt my problematic TLS sessions providing the private key of kamailio to wireshark.
With TLS+SRTP enabled my nokia phones send session progress and pracks with rtp port. This breaks NAT/rtpproxy in kamailio, which replaces the rtpproxy port in session progress, but then forgets about it for the 200 OK.
Attached is a tree overview and the conversations of each phone with kamailio.
can you try with latest branch 4.0? The issue was probably due to rtpproxy_manage() function not taking in consideration PRACKs with sdp. Alternative is to use rtpproxy_offer()/rtpproxy_answer() to control rtpproxy application.
Cheers, Daniel
-- Daniel-Constantin Mierla - http://www.asipto.com http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Kamailio Advanced Trainings - Berlin, Oct 21-24; Miami, Nov 11-13, 2013
- more details about Kamailio trainings at http://www.asipto.com -
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
ok, managed to find a better way to export decrypted sip from wireshark. An example log is in the attachment.
On 9/9/13, Daniel-Constantin Mierla miconda@gmail.com wrote:
Hello,
I doubt Kamailio adds any sdp body. Can you post here the ngrep with all the SIP signaling from the first INVITE?
Cheers, Daniel
On Sun, Sep 8, 2013 at 11:00 PM, hiro 23hiro@gmail.com wrote:
Ok, I compiled the latest rtpproxy.so, the problem persists: the interesting facts are: the callee only answers with sdp port once, in the session progress message. the 200 ok does not have sdp body, but kamailio inserts sdp into it.
With the new rtpproxy.so kamailio responds to the session progress by sending a prack to the callee itself followed by a 200 ok to the caller that includes sdp but has CSeq: 893961 PRACK which never got requested by the caller though.
On 9/4/13, hiro 23hiro@gmail.com wrote:
For this installation I used the .deb from
http://deb.kamailio.org/kamailio
Sorry I forgot to include this critical information. Is 4.0.3 new enough? Else I can also compile tip, or head or whatever it's called ;)
kamailio -V version: kamailio 4.0.3 (x86_64/linux) flags: STATS: Off, USE_IPV6, USE_TCP, USE_TLS, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 4MB poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. id: unknown compiled on 17:01:35 Aug 19 2013 with gcc 4.7.2
On 9/4/13, Daniel-Constantin Mierla miconda@gmail.com wrote:
Hello,
On 8/29/13 10:22 PM, hiro wrote:
After many failures because of broken libraries I managed to decrypt my problematic TLS sessions providing the private key of kamailio to wireshark.
With TLS+SRTP enabled my nokia phones send session progress and pracks with rtp port. This breaks NAT/rtpproxy in kamailio, which replaces the rtpproxy port in session progress, but then forgets about it for the 200 OK.
Attached is a tree overview and the conversations of each phone with kamailio.
can you try with latest branch 4.0? The issue was probably due to rtpproxy_manage() function not taking in consideration PRACKs with sdp. Alternative is to use rtpproxy_offer()/rtpproxy_answer() to control rtpproxy application.
Cheers, Daniel
-- Daniel-Constantin Mierla - http://www.asipto.com http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Kamailio Advanced Trainings - Berlin, Oct 21-24; Miami, Nov 11-13, 2013
- more details about Kamailio trainings at http://www.asipto.com -
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla http://www.asipto.com
-
Daniel-Constantin Mierla -
hiro