Hi All,
Try as I may I cannot force an outbound TCP request to use a non-ephemeral source port.
Looking at the documentation it seems that as long as I have a line like
listen=tcp:10.30.0.55:3339
I should be able to force an outbound connection to originate from that host and port, i.e. to establish a persistent connection from a specific socket to a remote host, but having tried to set it via $fs and set_send_socket() it always uses an ephemeral port.
Ideally I would like kamailio to use a specific source port for contacting a specific remote host and keep the TCP socket established, and it seems like it should be simple enough to do but it's not working as expected.
Best, Ross
Hi, to force kamailio to use, for outbound connections, a specific tcp port (define in a "listen" directive), you have to set the reuse_tcp_port parameter (https://www.kamailio.org/wiki/cookbooks/5.5.x/core#tcp_reuse_port ).
Cheers,
Federico
On Wed, Nov 10, 2021 at 4:36 PM Ross McKillop ross@rsmck.co.uk wrote:
Hi All,
Try as I may I cannot force an outbound TCP request to use a non-ephemeral source port.
Looking at the documentation it seems that as long as I have a line like
listen=tcp:10.30.0.55:3339I should be able to force an outbound connection to originate from that host and port, i.e. to establish a persistent connection from a specific socket to a remote host, but having tried to set it via $fs and set_send_socket() it always uses an ephemeral port.
Ideally I would like kamailio to use a specific source port for contacting a specific remote host and keep the TCP socket established, and it seems like it should be simple enough to do but it's not working as expected.
Best, Ross
Kamailio - Users Mailing List - Non Commercial Discussions
- sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
Hi,
Thanks, I was almost certain that is set but it seems it may not be so will double check that, thank you :)
Now to solve the other issue....
Ross
On 10 Nov 2021, at 17:14, Federico Cabiddu federico.cabiddu@gmail.com wrote:
Hi, to force kamailio to use, for outbound connections, a specific tcp port (define in a "listen" directive), you have to set the reuse_tcp_port parameter (https://www.kamailio.org/wiki/cookbooks/5.5.x/core#tcp_reuse_port https://www.kamailio.org/wiki/cookbooks/5.5.x/core#tcp_reuse_port).
Cheers,
Federico
On Wed, Nov 10, 2021 at 4:36 PM Ross McKillop <ross@rsmck.co.uk mailto:ross@rsmck.co.uk> wrote: Hi All,
Try as I may I cannot force an outbound TCP request to use a non-ephemeral source port.
Looking at the documentation it seems that as long as I have a line like
listen=tcp:10.30.0.55:3339 <http://10.30.0.55:3339/>I should be able to force an outbound connection to originate from that host and port, i.e. to establish a persistent connection from a specific socket to a remote host, but having tried to set it via $fs and set_send_socket() it always uses an ephemeral port.
Ideally I would like kamailio to use a specific source port for contacting a specific remote host and keep the TCP socket established, and it seems like it should be simple enough to do but it's not working as expected.
Best, Ross
Kamailio - Users Mailing List - Non Commercial Discussions
- sr-users@lists.kamailio.org mailto:sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
- https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio - Users Mailing List - Non Commercial Discussions
- sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
10 nov. 2021 kl. 18:21 skrev Ross McKillop ross@rsmck.co.uk:
Hi,
Thanks, I was almost certain that is set but it seems it may not be so will double check that, thank you :)
Now to solve the other issue….
Just a nit-picking note: All these are non-standard fixes. The standard based way is to use the outbound module, it’s the way to allow the sip server to use an inbound TCP connection for outbound requests. This applies to client2server connections.
For server2server connections there is a requirement of mutual TLS auth in order to be able to reuse the connection in both directions.
Cheers, /O
Ross
On 10 Nov 2021, at 17:14, Federico Cabiddu <federico.cabiddu@gmail.com mailto:federico.cabiddu@gmail.com> wrote:
Hi, to force kamailio to use, for outbound connections, a specific tcp port (define in a "listen" directive), you have to set the reuse_tcp_port parameter (https://www.kamailio.org/wiki/cookbooks/5.5.x/core#tcp_reuse_port https://www.kamailio.org/wiki/cookbooks/5.5.x/core#tcp_reuse_port).
Cheers,
Federico
On Wed, Nov 10, 2021 at 4:36 PM Ross McKillop <ross@rsmck.co.uk mailto:ross@rsmck.co.uk> wrote: Hi All,
Try as I may I cannot force an outbound TCP request to use a non-ephemeral source port.
Looking at the documentation it seems that as long as I have a line like
listen=tcp:10.30.0.55:3339 <http://10.30.0.55:3339/>I should be able to force an outbound connection to originate from that host and port, i.e. to establish a persistent connection from a specific socket to a remote host, but having tried to set it via $fs and set_send_socket() it always uses an ephemeral port.
Ideally I would like kamailio to use a specific source port for contacting a specific remote host and keep the TCP socket established, and it seems like it should be simple enough to do but it's not working as expected.
Best, Ross
Kamailio - Users Mailing List - Non Commercial Discussions
- sr-users@lists.kamailio.org mailto:sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
- https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio - Users Mailing List - Non Commercial Discussions
- sr-users@lists.kamailio.org mailto:sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
Kamailio - Users Mailing List - Non Commercial Discussions
- sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
On 11 Nov 2021, at 07:22, Olle E. Johansson oej@edvina.net wrote:
10 nov. 2021 kl. 18:21 skrev Ross McKillop <ross@rsmck.co.uk mailto:ross@rsmck.co.uk>:
Hi,
Thanks, I was almost certain that is set but it seems it may not be so will double check that, thank you :)
Now to solve the other issue….
Just a nit-picking note: All these are non-standard fixes. The standard based way is to use the outbound module, it’s the way to allow the sip server to use an inbound TCP connection for outbound requests. This applies to client2server connections.
For server2server connections there is a requirement of mutual TLS auth in order to be able to reuse the connection in both directions
I thought this would be possible with TCP too.
I looked at the outbound module but this is a 'drop in' replacement for something that already exists, so I'm trying to avoid rewriting headers as would be required for flow IDs etc, however it's a definite preferred method for improvement.
As an aside, and it may be the same issue in https://www.mail-archive.com/sr-users@lists.kamailio.org/msg15589.html https://www.mail-archive.com/sr-users@lists.kamailio.org/msg15589.html, when you force an outbound socket on a specific port and a reply is received on that port, both $Rp and $Rut show the port on the first listen directive, not the port it was actually received on, which makes it a bit harder to do what I was trying to as well :/
Ross
It is possible with TCP. Moreover Kamailio is trying to reuse the tcp connection whenever the destination address is matching an active one. The standard way is good, but in the real world you could face some devices which do not support "outbound" properly, so you can leverage functions exposed by nathelper module to ensure correct routing.
On Thu, Nov 11, 2021 at 4:50 PM Ross McKillop ross@rsmck.co.uk wrote:
On 11 Nov 2021, at 07:22, Olle E. Johansson oej@edvina.net wrote:
10 nov. 2021 kl. 18:21 skrev Ross McKillop ross@rsmck.co.uk:
Hi,
Thanks, I was almost certain that is set but it seems it may not be so will double check that, thank you :)
Now to solve the other issue….
Just a nit-picking note: All these are non-standard fixes. The standard based way is to use the outbound module, it’s the way to allow the sip server to use an inbound TCP connection for outbound requests. This applies to client2server connections.
For server2server connections there is a requirement of mutual TLS auth in order to be able to reuse the connection in both directions
I thought this would be possible with TCP too.
I looked at the outbound module but this is a 'drop in' replacement for something that already exists, so I'm trying to avoid rewriting headers as would be required for flow IDs etc, however it's a definite preferred method for improvement.
As an aside, and it may be the same issue in https://www.mail-archive.com/sr-users@lists.kamailio.org/msg15589.html, when you force an outbound socket on a specific port and a reply is received on that port, both $Rp and $Rut show the port on the first listen directive, not the port it was actually received on, which makes it a bit harder to do what I was trying to as well :/
Ross
Kamailio - Users Mailing List - Non Commercial Discussions
- sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
On 11 Nov 2021, at 12:48, Ross McKillop ross@rsmck.co.uk wrote:
On 11 Nov 2021, at 07:22, Olle E. Johansson <oej@edvina.net mailto:oej@edvina.net> wrote:
10 nov. 2021 kl. 18:21 skrev Ross McKillop <ross@rsmck.co.uk mailto:ross@rsmck.co.uk>:
Hi,
Thanks, I was almost certain that is set but it seems it may not be so will double check that, thank you :)
Now to solve the other issue….
Just a nit-picking note: All these are non-standard fixes. The standard based way is to use the outbound module, it’s the way to allow the sip server to use an inbound TCP connection for outbound requests. This applies to client2server connections.
For server2server connections there is a requirement of mutual TLS auth in order to be able to reuse the connection in both directions
I thought this would be possible with TCP too.
No, if a client opens a TCP connection and registers over TCP, it provides a contact. The server is required to use that contact to set up a session to the client. With SIP Outbound (and the module, the module implements this RFC) standard, the server is allowed to reuse the incoming TCP (or TCP/TLS) connection for outbound requests.
/O
I looked at the outbound module but this is a 'drop in' replacement for something that already exists, so I'm trying to avoid rewriting headers as would be required for flow IDs etc, however it's a definite preferred method for improvement.
As an aside, and it may be the same issue in https://www.mail-archive.com/sr-users@lists.kamailio.org/msg15589.html https://www.mail-archive.com/sr-users@lists.kamailio.org/msg15589.html, when you force an outbound socket on a specific port and a reply is received on that port, both $Rp and $Rut show the port on the first listen directive, not the port it was actually received on, which makes it a bit harder to do what I was trying to as well :/
Ross
Kamailio - Users Mailing List - Non Commercial Discussions
- sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
-
Arsen Semenov -
Federico Cabiddu -
Olle E. Johansson -
Ross McKillop