From denys.pozniak at gmail.com Tue Jan 3 11:58:47 2023 From: denys.pozniak at gmail.com (Denys Pozniak) Date: Tue, 3 Jan 2023 13:58:47 +0200 Subject: [OpenSIPS-Users] Cluster (anycast) adds extra hex 00 in the tail to replicated responses. Message-ID: Hello! I'm trying to build a classic anycast cluster topology with two OpenSIPS nodes, in which requests are processed by one proxy and responses by another. The client and server are emulated via baresip. But I ran into a problem in that the replicated responses have an extra 00 in the tail of the reply (the original reply from baresip UAS does not have it). ngrep -x: # U 192.168.100.100:5060 -> 192.168.56.103:37279 #5 53 49 50 2f 32 2e 30 20 31 38 30 20 52 69 6e 67 SIP/2.0 180 Ring 69 6e 67 0d 0a 52 65 63 6f 72 64 2d 52 6f 75 74 ing..Record-Rout 65 3a 20 3c 73 69 70 3a 31 39 32 2e 31 36 38 2e e: ..Via 3a 20 53 49 50 2f 32 2e 30 2f 55 44 50 20 31 39 : SIP/2.0/UDP 19 32 2e 31 36 38 2e 35 36 2e 31 30 33 3a 33 37 32 2.168.56.103:372 37 39 3b 72 65 63 65 69 76 65 64 3d 31 39 32 2e 79;received=192. 31 36 38 2e 35 36 2e 31 30 33 3b 62 72 61 6e 63 168.56.103;branc 68 3d 7a 39 68 47 34 62 4b 62 65 63 38 65 38 66 h=z9hG4bKbec8e8f 30 32 36 62 65 39 31 34 61 3b 72 70 6f 72 74 3d 026be914a;rport= 33 37 32 37 39 0d 0a 54 6f 3a 20 3c 73 69 70 3a 37279..To: ;tag=27e3c218e 30 65 61 31 32 30 64 0d 0a 46 72 6f 6d 3a 20 3c 0ea120d..From: < 73 69 70 3a 32 30 30 40 31 39 32 2e 31 36 38 2e sip:200 at 192.168. 31 30 30 2e 31 30 30 3a 35 30 36 30 3e 3b 74 61 100.100:5060>;ta 67 3d 35 36 38 35 66 33 38 39 61 39 37 66 65 31 g=5685f389a97fe1 30 32 0d 0a 43 61 6c 6c 2d 49 44 3a 20 31 32 34 02..Call-ID: 124 39 37 61 63 37 36 65 38 30 34 66 35 36 0d 0a 43 97ac76e804f56..C 53 65 71 3a 20 36 33 37 30 37 20 49 4e 56 49 54 Seq: 63707 INVIT 45 0d 0a 53 65 72 76 65 72 3a 20 62 61 72 65 73 E..Server: bares 69 70 20 76 32 2e 31 30 2e 30 20 28 78 38 36 5f ip v2.10.0 (x86_ 36 34 2f 4c 69 6e 75 78 29 0d 0a 43 6f 6e 74 61 64/Linux)..Conta 63 74 3a 20 3c 73 69 70 3a 31 30 30 2d 30 78 63 ct: ..Allo 77 3a 20 49 4e 56 49 54 45 2c 41 43 4b 2c 42 59 w: INVITE,ACK,BY 45 2c 43 41 4e 43 45 4c 2c 4f 50 54 49 4f 4e 53 E,CANCEL,OPTIONS 2c 4e 4f 54 49 46 59 2c 53 55 42 53 43 52 49 42 ,NOTIFY,SUBSCRIB 45 2c 49 4e 46 4f 2c 4d 45 53 53 41 47 45 2c 55 E,INFO,MESSAGE,U 50 44 41 54 45 2c 52 45 46 45 52 0d 0a 43 6f 6e PDATE,REFER..Con 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a tent-Length: 0.. 0d 0a 00 ... # So it throws a Baresip error: call: SIP Progress: 100 Trying-2 (/) call: SIP Progress: 100 Giving it a try (/) call: SIP Progress: 180 Ringing (/) call: could not decode SDP answer: Bad message [74] 192.168.56.103 - baresip UAC 192.168.56.106 - baresip UAS 192.168.100.100 - anycast OpenSIPS opensips.cfg (node2): ... socket = udp:192.168.100.100 anycast socket= bin:192.168.56.105:5566 ... modparam ("tm", "tm_replication_cluster", 1) modparam("clusterer", "db_mode", 0) modparam("clusterer", "my_node_id", 2) modparam("clusterer", "my_node_info", "cluster_id=1, url=bin: 192.168.56.105:5566") modparam("clusterer", "neighbor_node_info", "cluster_id=1,node_id=1,url=bin: 192.168.56.104:5566") modparam("clusterer", "sharing_tag", "vip1/2=active") ... ####### Routing Logic ######## route{ if ( !mf_process_maxfwd_header(10) ) { send_reply(483,"Too Many Hops"); exit; } sl_send_reply(100, "Trying-2"); if (has_totag()) { if ( !loose_route() && !t_check_trans() ) { if ( is_method("ACK") ) { t_anycast_replicate(); exit; } } t_relay(); exit; } if (is_method("CANCEL")) { if (t_check_trans()) { t_relay(); } else { t_anycast_replicate(); } exit; } t_check_trans(); if (!is_method("REGISTER|MESSAGE")) { record_route(); } if ( is_method("INVITE") && $si!="5080" ) { $du = "sip:192.168.56.106:5080"; } t_relay(); exit; } [root at localhost opensips]# opensips -V version: opensips 3.3.2 (x86_64/linux) flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, HP_MALLOC, DBG_MALLOC, FAST_LOCK-ADAPTIVE_WAIT ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535 poll method support: poll, epoll, sigio_rt, select. main.c compiled on 16:12:02 Oct 19 2022 with gcc 4.8.5 -- BR, Denys Pozniak -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: extra_00.pcap Type: application/octet-stream Size: 6476 bytes Desc: not available URL: From bogdan at opensips.org Tue Jan 3 18:13:37 2023 From: bogdan at opensips.org (Bogdan-Andrei Iancu) Date: Tue, 3 Jan 2023 20:13:37 +0200 Subject: [OpenSIPS-Users] disabling / filtering some logs In-Reply-To: References: Message-ID: Hi Kingsley, Unfortunately that is not possible, you can control via the log_level the verbosity of the opensips code (all of it) and via the xlog_level the verbosity of the script logs. Regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer https://www.opensips-solutions.com OpenSIPS Bootcamp 5-16 Dec 2022, online https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/ On 12/13/22 12:52 PM, Kingsley Tart wrote: > Hi, > > Is it possible to filter what gets logged into syslog, with more fine > grained detail than just setting the log level? > > I have essentially this code: > > if (!validate_dialog()) { > if ($rc == -4) { > send_reply(481, "Call does not exist"); > exit; > } else if (!fix_route_dialog()) { > xlog("L_WARN", "$cfg_file/$cfg_line @ $Tsm: failed to fix route dialog; rc=$rc\n"); > send_reply(488, "Unable to fix dialog"); > exit; > } > > I'm getting loads of entries in opensips.log where validate_dialog() > fails with rc -2 but the call still works because fix_route_dialog() is > successful, eg: > > ERROR:dialog:dlg_validate_dialog: failed to validate remote contact: dlg=[sip:65.151.23.22:5060] , req=[sip:65.151.23.22:5060;user=phone] > > I would prefer to not have opensips.log littered with these, but still > want to see other errors. > > Is this possible? > > Cheers, > Kingsley. > > > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users From bogdan at opensips.org Tue Jan 3 18:16:23 2023 From: bogdan at opensips.org (Bogdan-Andrei Iancu) Date: Tue, 3 Jan 2023 20:16:23 +0200 Subject: [OpenSIPS-Users] special characters on password field In-Reply-To: References: Message-ID: <10c64814-d0a6-75c5-12f9-06c686b88304@opensips.org> Hi Andrei, it looks like some escaping is needed. Please open a bug report (with this issue) here https://github.com/OpenSIPS/opensips-cli Regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer https://www.opensips-solutions.com OpenSIPS Bootcamp 5-16 Dec 2022, online https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/ On 12/13/22 1:08 PM, Andrei G. wrote: > Hello, > > I'm trying to add a user with password containing % character: > > ~# opensips-cli -i opensips-1 -f /etc/opensips-cli.cfg -x user > password 1234 at sip.domain.com '%1234' > > ERROR: cannot execute query: UPDATE subscriber SET ha1 = > '1460228c41f725017708f4f684b7edb1', password = '%1234', ha1b = > '580f8f81d95fcec5e7044f9aba97868a' WHERE username = '1234' AND domain > = ' sip.domain.com ' > ERROR: (_mysql_exceptions.ProgrammingError) not enough arguments for > format string > [SQL: UPDATE subscriber SET ha1 = '1460228c41f725017708f4f684b7edb1', >  password = '%1234', ha1b = '580f8f81d95fcec5e7044f9aba97868a' WHERE > username = '1234' AND domain = ' sip.domain.com '] > (Background on this error at: http://sqlalche.me/e/f405 > ) > > Please advice > > Thanks > Andrei > > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users -------------- next part -------------- An HTML attachment was scrubbed... URL: From bogdan at opensips.org Tue Jan 3 18:26:47 2023 From: bogdan at opensips.org (Bogdan-Andrei Iancu) Date: Tue, 3 Jan 2023 20:26:47 +0200 Subject: [OpenSIPS-Users] mid_registrar and vpn and nat In-Reply-To: References: Message-ID: Hi Alberto, Yes, in the registration record the Contact URI is kept as received and the "fixed" src IP is stored into the "received" field. Upon lookup the contact URI goes into RURI (as you observed) and the "received" goes into dst_uri (destination URI) or $du. When OpenSIPS relays, the $du takes precedence to the $ru, the requests goes to the right destination. Best regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer https://www.opensips-solutions.com OpenSIPS Bootcamp 5-16 Dec 2022, online https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/ On 12/14/22 1:50 AM, Alberto wrote: > Hi, > I have a problem with a vpn setup, not really nat, or maybe it's nat... > > The setup I have is: > Phone - openvpn - opensips - public internet - asterisk > > openvpn subnet: 10.0.0.0/24 > openvpn server: 172.172.0.2/24 > opensips server: 172.172.0.10/24 > > In my configuration I have: > > loadmodule "mid_registrar.so" > modparam("mid_registrar", "max_contacts", 1) > modparam("mid_registrar", "mode", 0) > modparam("mid_registrar", "received_avp", "$avp(rcv)") > modparam("mid_registrar", "tcp_persistent_flag", > "TCP_PERSIST_REGISTRATIONS") > > if (nat_uac_test(119)) { >   setbflag("NAT"); >   if (is_method("REGISTER")) { >     fix_nated_register(); >   } else { >     fix_nated_contact(); >   } > } > > if (is_method("REGISTER")) { >   mid_registrar_save("location", "p0"); >   ..... > } > > if ($(tu{uri.param,ctid}) != NULL && mid_registrar_lookup("location")) { >   if (!t_relay()) { >     send_reply(500, "Internal Error"); >   } > } > > So, when the phone sends a REGISTER to opensips, the contact header > contains the private ip of the vpn (10.0.0.X/24). > fix_nated_register is able to detect that the ip in the contact is > different from the source ip and sets the received avp. > But if I do opensips-cli -x mi ul_dump, I see that the contact still > contains the openvpn ip, and the received field contains the correct > openvpn ip. > This is a problem because when I do the mid_registrar_lookup, $ru is > set to the contact, which contains an ip that the opensips server is > not aware of. > It should instead contain the openvpn server ip (172.172.0.2), that > could then route the call to the phone. > > I tried to change $rd manually, but that just breaks routing for ACK > messages. > What am I doing wrong? > > Thanks > > > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users -------------- next part -------------- An HTML attachment was scrubbed... URL: From bogdan at opensips.org Tue Jan 3 18:57:02 2023 From: bogdan at opensips.org (Bogdan-Andrei Iancu) Date: Tue, 3 Jan 2023 20:57:02 +0200 Subject: [OpenSIPS-Users] wss and tls In-Reply-To: References: Message-ID: <44084382-c494-efc2-06ee-96b7bf43ec33@opensips.org> Hi, Check with tcpdump to see what happens at TCP layer - it may be the client closing the conn while opensips is performing the accept. Regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer https://www.opensips-solutions.com OpenSIPS Bootcamp 5-16 Dec 2022, online https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/ On 12/15/22 6:35 PM, nutxase via Users wrote: > Hi All > > I am trying to get tls working with my letsencrypt cert but i keep > getting this error > > ERROR:tls_openssl:openssl_tls_accept: SSL_ERROR_SYSCALL err=Success(0) > ERROR:tls_openssl:openssl_tls_accept: New TLS connection from > xxxx:47817 failed to accept > Dec 15 16:32:54 [localhost] /usr/sbin/opensips[4373]: > ERROR:proto_wss:wss_read_req: cannot fix read connection > > my config is as follows > loadmodule "tls_openssl.so" > > modparam("tls_mgm", "server_domain", "sip") > modparam("tls_mgm", "ca_list", "[sip]/etc/letsencrypt/fullchain.pem") > modparam("tls_mgm", "certificate", "[sip]/etc/opensips/tls/cert.pem") > modparam("tls_mgm", "private_key", "[sip]/etc/opensips/tls/ckey.pem") > modparam("tls_mgm", "require_cert", "[sip]0") > modparam("tls_mgm", "tls_method", "[sip]TLSv1") > modparam("tls_mgm", "verify_cert", "[sip]0") > modparam("tls_mgm", "match_sip_domain", "[sip]*") > modparam("tls_mgm", "match_ip_address", "[sip]*") > > modparam("tls_mgm", "client_domain", "sip1") > modparam("tls_mgm", "ca_list", "[sip1]/etc/letsencrypt/fullchain.pem") > modparam("tls_mgm", "certificate", "[sip1]/etc/opensips/tls/cert.pem") > modparam("tls_mgm", "private_key", "[sip1]/etc/opensips/tls/ckey.pem") > modparam("tls_mgm", "require_cert", "[sip1]0") > modparam("tls_mgm", "tls_method", "[sip1]TLSv1") > modparam("tls_mgm", "verify_cert", "[sip1]0") > modparam("tls_mgm", "match_sip_domain", "[sip]*") > modparam("tls_mgm", "match_ip_address", "[sip]*") > > loadmodule "proto_wss.so" > modparam("proto_wss", "require_origin", no) > loadmodule "proto_ws.so" > modparam("proto_ws", "require_origin", no) > > i have tried wolfssl aswell > any ideas :( > > > Sent with Proton Mail secure email. > > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users -------------- next part -------------- An HTML attachment was scrubbed... URL: From bogdan at opensips.org Tue Jan 3 18:59:38 2023 From: bogdan at opensips.org (Bogdan-Andrei Iancu) Date: Tue, 3 Jan 2023 20:59:38 +0200 Subject: [OpenSIPS-Users] Help to Make Call to A Gateway In-Reply-To: References: Message-ID: Hi, Take a look at the drouting module [1]. For a working script, see the auto-generated cfg [2] , the residential option. [1] https://opensips.org/html/docs/modules/3.2.x/drouting.html [2] https://www.opensips.org/Documentation/Generating-Configs-3-2 Regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer https://www.opensips-solutions.com OpenSIPS Bootcamp 5-16 Dec 2022, online https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/ On 12/18/22 9:28 PM, Anubhav Singh wrote: > Hi, > > I am new to opensips. Can you please help to create dialplan and > routing to make call with prefix '0' though gateway. > > Regards, > Anuhav Singh > > > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users -------------- next part -------------- An HTML attachment was scrubbed... URL: From bogdan at opensips.org Tue Jan 3 19:02:29 2023 From: bogdan at opensips.org (Bogdan-Andrei Iancu) Date: Tue, 3 Jan 2023 21:02:29 +0200 Subject: [OpenSIPS-Users] REPLICATION / SQL_CACHER / Local CacheDB Collection In-Reply-To: References: Message-ID: <8aa9b878-298b-87a1-e3a1-1537b48c05a2@opensips.org> Hi Wadii, By internal design, the sql_cacher cannot work with a cache that may change the data by itself (like via replication) - in order to properly work, sql_cacher MUST be the only one manipulating the data in the cache. Regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer https://www.opensips-solutions.com OpenSIPS Bootcamp 5-16 Dec 2022, online https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/ On 12/19/22 4:43 PM, Wadii ELMAJDI | Evenmedia wrote: > > Hello , > > I am trying to cache an entire MySQL table containing CLIDs/Clients > Mapping. > My use case is to check pre every call , if the $fU used belongs to > the client (via its ip source). > I am using SQL CACHER (ondemand = 0) mode module, my opensips box is > clustered. > the cached_url for SQL_CACHER is a local collection > (cachedb_url=local:///clid) > > I am getting an error that I cannot use an opensips replicatedcache db : > > Dec 19 15:31:18 primary /usr/sbin/opensips[41751]: > ERROR:sql_cacher:db_init_test_conn: Cannot use an OpenSIPS replicated > cached > Dec 19 15:31:18 primary /usr/sbin/opensips[41751]: > ERROR:sql_cacher:mod_init: Failed to validate db conns for cache entry > > Dec 19 15:31:18 primary /usr/sbin/opensips[41751]: > ERROR:core:init_mod: failed to initialize module sql_cacher > > Dec 19 15:31:18 primary /usr/sbin/opensips[41751]: ERROR:core:main: > error while initializing modules > > I can use cachedb_local module elsewhere, all cached data is > replicated via the cluster with no problem. I don’t see why it causes > such problem only when using SQLCACHER. > > Is there anyway to exclude one specific collection from the > replication mode ?  is there any better approach for my use case ? > > I know I can use REDIS or MongoDB for such use case, but I’m trying to > lower the numbers of servers to monitor 😊 > > > Thank you > > > > > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users -------------- next part -------------- An HTML attachment was scrubbed... URL: From bogdan at opensips.org Tue Jan 3 19:05:10 2023 From: bogdan at opensips.org (Bogdan-Andrei Iancu) Date: Tue, 3 Jan 2023 21:05:10 +0200 Subject: [OpenSIPS-Users] b2b_logic modules and transport protocol (TCP/TLS) conversion In-Reply-To: References: Message-ID: <94b2b450-b44e-21f0-c609-6b99e0663a66@opensips.org> Hi Ross, before creating the client, try to force the outbound socket to a TCP one https://opensips.org/Documentation/Script-CoreVar-3-2#socket_out Regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer https://www.opensips-solutions.com OpenSIPS Bootcamp 5-16 Dec 2022, online https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/ On 12/21/22 1:17 PM, Ross McKillop via Users wrote: > Hi, > > I’m hoping I’m missing something obvious here (and explain well enough below what the problem is) - I can get logs etc if required of course. > > I’m using the OpenSIPS b2bua module(s) in a scenario where one side of the leg is TCP and the other is TLS as follows. > > Host A —TLS---> OpenSIPS —TCP—> Host B > > The configuration is something like the below (variables replaced with what they contain for clarity) > > b2b_server_new(“s”); > b2b_client_new(“c”, “sip:user at hostb.example.com:5555;transport=tcp”, “sip:hostb.example.com:5555;transport=tcp”) > # have also tried the above without the proxy parameter > b2b_init_request(“b2b_ab”, “”, “b2b_ab_request”, “b2b_ab_reply”); > > If the incoming A leg is also TCP this works as expected, however if the incoming leg is TLS the connection attempt is made to hostb.example.com on port 5061 (default TLS port, ignoring the 5555 specified in the b2b_client_new call) > > The INVITE RURI is correct (e.g. INVITE sip:user at hostb.example.com:5555;transport=tcp) but the Contact header contains a reference to the TLS listening port (e.g. Contact: ) > > As this is acting as a B2BUA I would have expected the Contact to be the TCP interface on the opensips, and the INVITE to be sent to the URI (and transport protocol) provided in the b2b_init_request in the config. > > I’ve also tried setting b2bl_from_spec_param as follows; > > modparam("b2b_logic", "b2bl_from_spec_param”,”sip:opensips.example.com:5060;transport=tcp”) > > However, this doesn’t change the observed behaviour. > > Why is the port and transport selection being ignored, or am I missing something? > > (All the above is based on opensips 3.3.2, if the behaviour has been changed/corrected in 3.4 then accept my apologies, I’ll be trying that shortly, but wanted to ask here first in case I was missing something obvious!) > > Any insight anyone can offer would be much appreciated. > > Best, > Ross > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users From bogdan at opensips.org Tue Jan 3 19:07:48 2023 From: bogdan at opensips.org (Bogdan-Andrei Iancu) Date: Tue, 3 Jan 2023 21:07:48 +0200 Subject: [OpenSIPS-Users] TLS verify client In-Reply-To: References: Message-ID: <87c153f4-b5a1-1753-bf8a-10cd410090ac@opensips.org> Hi Matt, I guess the "require_cert" should 0 for both domains, right ? Regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer https://www.opensips-solutions.com OpenSIPS Bootcamp 5-16 Dec 2022, online https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/ On 12/23/22 9:55 PM, L S wrote: > Hi, > We are upgrading from 1.11.5 tls to 3.2.9. In 1.11 we had issues with > the client certificate so we had to set the following: > > # 1.11 parameters > tls_verify_server = 1 > tls_verify_client = 0 tls_require_client_certificate = 0 > > TLS works fine for us with those settings. Now we are trying to > migrate them to 3.2.9 and having issues. Just wanted to confirm > if the following is correct way to migrate those parameters to 3.2? > (Just included those parameters - the domains are set up correctly) > > Server domain > modparam("tls_mgm", "verify_cert", "[dom1]0") > modparam("tls_mgm", "require_cert", "[dom1]0") > > Client domain > modparam("tls_mgm", "verify_cert", "[dom2]1") > modparam("tls_mgm", "require_cert", "[dom2]1") > > Thanks, > Matt > > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users -------------- next part -------------- An HTML attachment was scrubbed... URL: From bogdan at opensips.org Tue Jan 3 19:11:29 2023 From: bogdan at opensips.org (Bogdan-Andrei Iancu) Date: Tue, 3 Jan 2023 21:11:29 +0200 Subject: [OpenSIPS-Users] RTPPROXY / OPENSIPS In-Reply-To: References: Message-ID: <00f65353-ed3a-4b8f-58d3-b21bf898fecb@opensips.org> Hi Wadii, I haven;t checked the implementation, but the rtpproxy_engage should take care of the 183 with SDP. Have you tested it? Regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer https://www.opensips-solutions.com OpenSIPS Bootcamp 5-16 Dec 2022, online https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/ On 12/23/22 9:42 PM, Wadii ELMAJDI | Evenmedia wrote: > hello , i do have a question related to rtpproxy module documentation. > > The doc describes that rewriting sdp body should happen during either > INVITE , 200 OK or ACK. > In the case of SDP presence on invite <=> 200 , one should > rtpproxy_offer during the invite and rtpproxy_answer during the 200 OK. > > "Documentation : RewritesSDPbody to ensure that media is passed > through anRTPproxy. To be invoked on INVITE for the cases the SDPs are > in INVITE and 200 OK and on 200 OK when SDPs are in 200 OK and ACK." > > But sometimes opensips receives a 183 Session Progress containing SDP > before the 200 which i think is related to earlymedia . > I think those sdp packets should also be rewritten with the right rtp > proxy ip/port. In which case the doc should mention "SDPs are in > INVITE and 200 OK /183 Session Progress". > > My second question : since we can handle most cases with > rtpproxy_offer/answer methods, what is the purpose of rtpproxy_engage > ? is it to ease the management i described above ? > > Thank you > > > > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users -------------- next part -------------- An HTML attachment was scrubbed... URL: From bogdan at opensips.org Tue Jan 3 19:12:10 2023 From: bogdan at opensips.org (Bogdan-Andrei Iancu) Date: Tue, 3 Jan 2023 21:12:10 +0200 Subject: [OpenSIPS-Users] OpenSIPS Equivalent to Kamailio's cfg_get In-Reply-To: References: Message-ID: Hi David, not sure what this cfg_get is suppose to do :( Regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer https://www.opensips-solutions.com OpenSIPS Bootcamp 5-16 Dec 2022, online https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/ On 12/27/22 1:35 PM, David Villasmil wrote: > Hello folks, > > Is there such a thing? cfgutils seems to be an alternative, but looks > like too much for such a simple thing. > > Regards, > > David Villasmil > email: david.villasmil.work at gmail.com > > phone: +34669448337 > > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users -------------- next part -------------- An HTML attachment was scrubbed... URL: From bogdan at opensips.org Tue Jan 3 19:14:00 2023 From: bogdan at opensips.org (Bogdan-Andrei Iancu) Date: Tue, 3 Jan 2023 21:14:00 +0200 Subject: [OpenSIPS-Users] suspend transaction In-Reply-To: <5NoDcGaZIx1exwvRcAMTukXn1jUGfoU2DUSrwqkkxCfns1QBNIBnkW0JftCSmVOKqMCYlSLm6RsvbE92N_eYIYkIUSEUI4_vruWkmqI3JJw=@proton.me> References: <5NoDcGaZIx1exwvRcAMTukXn1jUGfoU2DUSrwqkkxCfns1QBNIBnkW0JftCSmVOKqMCYlSLm6RsvbE92N_eYIYkIUSEUI4_vruWkmqI3JJw=@proton.me> Message-ID: <0f8413ef-691a-d829-6a14-ebda79f9cf0d@opensips.org> Hi, I don't think there was a t_suspend() ever in OpenSIPS. In which version were you using it?? Regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer https://www.opensips-solutions.com OpenSIPS Bootcamp 5-16 Dec 2022, online https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/ On 12/29/22 6:27 PM, nutxase via Users wrote: > Hi All > > i notice this is no longer working in 3.3 > > if (!t_suspend()) { >    xlog("Failed to suspend transaction\n"); >    exit; > > any idea what replaced t_suspend? > > > > Sent with Proton Mail secure email. > > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users -------------- next part -------------- An HTML attachment was scrubbed... URL: From nutxase at proton.me Wed Jan 4 14:37:16 2023 From: nutxase at proton.me (nutxase) Date: Wed, 04 Jan 2023 14:37:16 +0000 Subject: [OpenSIPS-Users] Re-invite on mid_registrar Message-ID: Hi All! I am trying to get opensips to send a re-invite to asterisk on incoming calls my scenario is - Call comes to opensips - Opensips runs a custom script to wake up a device - Device sends a new registration to asterisk - Opensips needs to send a re-invite to asterisk(need help here) - Opensips Looks up the location with the below and sends the call if (!mid_registrar_lookup("location")) { t_reply(404, "Not Found"); exit; } t_relay(); exit; } my complete code is: if (is_method("INVITE|MESSAGE") { if (exec("/etc/opensips/pusher.sh $tu", , $var(out))) { xlog ("we pushed"); } else { xlog("no push happened"); } t_reply(100, "SUSPEND"); route(push); route[push] { xlog("suspending transaction"); sleep(5); t_reply(100,"RESUME"); route (resume_route); } route[resume_route] { xlog("resuming transaction"); if (!mid_registrar_lookup("location")) { t_reply(404, "Not Found"); exit; } t_relay(); exit; } Sent with [Proton Mail](https://proton.me/) secure email. -------------- next part -------------- An HTML attachment was scrubbed... URL: From bogdan at opensips.org Wed Jan 4 17:40:16 2023 From: bogdan at opensips.org (Bogdan-Andrei Iancu) Date: Wed, 4 Jan 2023 19:40:16 +0200 Subject: [OpenSIPS-Users] TLS verify client In-Reply-To: References: <87c153f4-b5a1-1753-bf8a-10cd410090ac@opensips.org> Message-ID: Right, but in the new cfg you should have modparam("tls_mgm", "require_cert", "[dom2]0") and not "1" Regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer https://www.opensips-solutions.com OpenSIPS Bootcamp 5-16 Dec 2022, online https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/ On 1/4/23 2:59 AM, L S wrote: > Hi Bogdan, > > This worked for us: > > server verify_cert=0 > server require_cert=1 > client verify_cert=1 > client require_cert=1 > > Thanks. > > On Tue, Jan 3, 2023, 2:07 PM Bogdan-Andrei Iancu > wrote: > > Hi Matt, > > I guess the "require_cert" should 0 for both domains, right ? > > Regards, > > Bogdan-Andrei Iancu > > OpenSIPS Founder and Developer > https://www.opensips-solutions.com > OpenSIPS Bootcamp 5-16 Dec 2022, online > https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/ > > On 12/23/22 9:55 PM, L S wrote: >> Hi, >> We are upgrading from 1.11.5 tls to 3.2.9. In 1.11 we had issues >> with the client certificate so we had to set the following: >> >> # 1.11 parameters >> tls_verify_server = 1 >> tls_verify_client = 0 tls_require_client_certificate = 0 >> >> TLS works fine for us with those settings. Now we are trying to >> migrate them to 3.2.9 and having issues. Just wanted to confirm >> if the following is correct way to migrate those parameters to >> 3.2? (Just included those parameters - the domains are set up >> correctly) >> >> Server domain >> modparam("tls_mgm", "verify_cert", "[dom1]0") >> modparam("tls_mgm", "require_cert", "[dom1]0") >> >> Client domain >> modparam("tls_mgm", "verify_cert", "[dom2]1") >> modparam("tls_mgm", "require_cert", "[dom2]1") >> >> Thanks, >> Matt >> >> _______________________________________________ >> Users mailing list >> Users at lists.opensips.org >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From marcin at voipplus.net Thu Jan 5 00:12:59 2023 From: marcin at voipplus.net (Marcin Groszek) Date: Wed, 4 Jan 2023 18:12:59 -0600 Subject: [OpenSIPS-Users] stir shaken verification Message-ID: <97b4659a-5afe-2a48-fee2-38edb9b3906b@voipplus.net> Opensips version 3.1.5 I am having some issues with stir_shaken setup. I am sure this not an issue with the module, but me. |stir_shaken_auth works just fine and I am able to sign the calls, however I was unable to find any document how to use a ca file available for download at iconectiv/download-list as well as via API. They do come in as jwt file, but after little manipulation individual certificates can be extracted, and the first one is the root certificate; I think, and the rest are trusted STI-CA. ||I guess my question is how do I use this file or any other cert file as |"ca_list" and/or "ca_dir" . After weeks and hundreds attempts I was unsuccessful, and I was unable to locate any document explaining preparation/setup/steps to setup verification. All I get is : ERROR:stir_shaken:load_cert: Failed to parse certificate ERROR:stir_shaken:w_stir_verify: Failed to load certificate on INVITE with valid identity header. When I remove or replace  "ca_list" file with something bogus opensips does not even start  with errors: ERROR:stir_shaken:init_cert_validation: Failed to load trustefd CAs ERROR:core:init_mod: failed to initialize module stir_shaken I would really appreciate some guidance on this one. || || -------------- next part -------------- An HTML attachment was scrubbed... URL: From jjackson at aninetworks.net Thu Jan 5 01:37:55 2023 From: jjackson at aninetworks.net (Joseph Jackson) Date: Thu, 5 Jan 2023 01:37:55 +0000 Subject: [OpenSIPS-Users] stir shaken verification In-Reply-To: <97b4659a-5afe-2a48-fee2-38edb9b3906b@voipplus.net> References: <97b4659a-5afe-2a48-fee2-38edb9b3906b@voipplus.net> Message-ID: Hi Marcin, We have a process that downloads the CA list from iconectiv nightly, decodes the jwt and stores the certs in a single file in /etc/ssl/sti-ca/sti-ca.pem Here is the opensips modparam #stir and shaken loadmodule "stir_shaken.so" modparam("stir_shaken", "verify_date_freshness", 300) modparam("stir_shaken", "auth_date_freshness", 300) modparam("stir_shaken", "e164_strict_mode", 0) #list of root certs for stir / shaken verification modparam("stir_shaken", "ca_list", "/etc/ssl/sti-ca/sti-ca.pem") This is on opensips v3.1.11 ________________________________ From: Users on behalf of Marcin Groszek Sent: Wednesday, January 4, 2023 6:12 PM To: users at lists.opensips.org Subject: [OpenSIPS-Users] stir shaken verification Opensips version 3.1.5 I am having some issues with stir_shaken setup. I am sure this not an issue with the module, but me. stir_shaken_auth works just fine and I am able to sign the calls, however I was unable to find any document how to use a ca file available for download at iconectiv/download-list as well as via API. They do come in as jwt file, but after little manipulation individual certificates can be extracted, and the first one is the root certificate; I think, and the rest are trusted STI-CA. I guess my question is how do I use this file or any other cert file as "ca_list" and/or "ca_dir" . After weeks and hundreds attempts I was unsuccessful, and I was unable to locate any document explaining preparation/setup/steps to setup verification. All I get is : ERROR:stir_shaken:load_cert: Failed to parse certificate ERROR:stir_shaken:w_stir_verify: Failed to load certificate on INVITE with valid identity header. When I remove or replace "ca_list" file with something bogus opensips does not even start with errors: ERROR:stir_shaken:init_cert_validation: Failed to load trustefd CAs ERROR:core:init_mod: failed to initialize module stir_shaken I would really appreciate some guidance on this one. -------------- next part -------------- An HTML attachment was scrubbed... URL: From krishdinesh at yahoo.com Thu Jan 5 05:31:30 2023 From: krishdinesh at yahoo.com (Dinesh Krishnamurthy) Date: Thu, 5 Jan 2023 05:31:30 +0000 (UTC) Subject: [OpenSIPS-Users] OpenSIPS on Cloud (AWS or Azure) References: <2089326536.7760172.1672896690727.ref@mail.yahoo.com> Message-ID: <2089326536.7760172.1672896690727@mail.yahoo.com> Hi, We are trying to install OpenSIPS on AWS or Azure and would like to seek some suggestions  1. What is the system configuration we should use ? 2. Is there a preference of cloud providers or the performance is similar across AWS, Azure  Thank you in advance DK  -------------- next part -------------- An HTML attachment was scrubbed... URL: From bogdan at opensips.org Thu Jan 5 08:55:36 2023 From: bogdan at opensips.org (Bogdan-Andrei Iancu) Date: Thu, 5 Jan 2023 10:55:36 +0200 Subject: [OpenSIPS-Users] OpenSIPS Equivalent to Kamailio's cfg_get In-Reply-To: References: Message-ID: <3c7fb35c-7297-d273-dfd9-46f2c7262320@opensips.org> Hi David, Are these cfg values static during runtime? if so, you can simple use the defines provided by the template'ing support -> https://www.opensips.org/Documentation/Templating-Config-Files-3-2 Regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer https://www.opensips-solutions.com OpenSIPS Bootcamp 5-16 Dec 2022, online https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/ On 1/4/23 12:07 AM, David Villasmil wrote: > Hey Bodgan! > > It’s used to dynamically set constants, I.e.: a variable you use > throughout the script. > > You can set it initially like > > Myvar = 3 > > Then via cli you can change it. > > I finally did it in opensips with cfgutils, if there’s a better way to > do it, please let me know. > > Many thanks! > > David > > On Tue, 3 Jan 2023 at 20:12, Bogdan-Andrei Iancu > wrote: > > Hi David, > > not sure what this cfg_get is suppose to do :( > > Regards, > > Bogdan-Andrei Iancu > > OpenSIPS Founder and Developer > https://www.opensips-solutions.com > OpenSIPS Bootcamp 5-16 Dec 2022, online > https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/ > > On 12/27/22 1:35 PM, David Villasmil wrote: >> Hello folks, >> >> Is there such a thing? cfgutils seems to be an alternative, but >> looks like too much for such a simple thing. >> >> Regards, >> >> David Villasmil >> email: david.villasmil.work at gmail.com >> >> phone: +34669448337 >> >> _______________________________________________ >> Users mailing list >> Users at lists.opensips.org >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > -- > Regards, > > David Villasmil > email: david.villasmil.work at gmail.com > > phone: +34669448337 -------------- next part -------------- An HTML attachment was scrubbed... URL: From bogdan at opensips.org Thu Jan 5 09:53:43 2023 From: bogdan at opensips.org (Bogdan-Andrei Iancu) Date: Thu, 5 Jan 2023 11:53:43 +0200 Subject: [OpenSIPS-Users] OpenSIPS Equivalent to Kamailio's cfg_get In-Reply-To: References: <3c7fb35c-7297-d273-dfd9-46f2c7262320@opensips.org> Message-ID: <0549c429-a7f8-8ddf-c26e-ab228bdd5855@opensips.org> OK, so they are changeable at runtime (via MI I guess). In this case there is 99% similarity with the shvals from cfgutils. Regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer https://www.opensips-solutions.com OpenSIPS Bootcamp 5-16 Dec 2022, online https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/ On 1/5/23 11:47 AM, David Villasmil wrote: > No, that’s the thing. I want to be able to change them without > restarting opensips > > On Thu, 5 Jan 2023 at 09:55, Bogdan-Andrei Iancu > wrote: > > Hi David, > > Are these cfg values static during runtime? if so, you can simple > use the defines provided by the template'ing support -> > https://www.opensips.org/Documentation/Templating-Config-Files-3-2 > > > Regards, > > Bogdan-Andrei Iancu > > OpenSIPS Founder and Developer > https://www.opensips-solutions.com > OpenSIPS Bootcamp 5-16 Dec 2022, online > https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/ > > On 1/4/23 12:07 AM, David Villasmil wrote: >> Hey Bodgan! >> >> It’s used to dynamically set constants, I.e.: a variable you use >> throughout the script. >> >> You can set it initially like >> >> Myvar = 3 >> >> Then via cli you can change it. >> >> I finally did it in opensips with cfgutils, if there’s a better >> way to do it, please let me know. >> >> Many thanks! >> >> David >> >> On Tue, 3 Jan 2023 at 20:12, Bogdan-Andrei Iancu >> > wrote: >> >> Hi David, >> >> not sure what this cfg_get is suppose to do :( >> >> Regards, >> >> Bogdan-Andrei Iancu >> >> OpenSIPS Founder and Developer >> https://www.opensips-solutions.com >> OpenSIPS Bootcamp 5-16 Dec 2022, online >> https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/ >> >> On 12/27/22 1:35 PM, David Villasmil wrote: >>> Hello folks, >>> >>> Is there such a thing? cfgutils seems to be an alternative, >>> but looks like too much for such a simple thing. >>> >>> Regards, >>> >>> David Villasmil >>> email: david.villasmil.work at gmail.com >>> >>> phone: +34669448337 >>> >>> _______________________________________________ >>> Users mailing list >>> Users at lists.opensips.org >>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> >> -- >> Regards, >> >> David Villasmil >> email: david.villasmil.work at gmail.com >> >> phone: +34669448337 > > -- > Regards, > > David Villasmil > email: david.villasmil.work at gmail.com > > phone: +34669448337 -------------- next part -------------- An HTML attachment was scrubbed... URL: From david.villasmil.work at gmail.com Thu Jan 5 10:11:00 2023 From: david.villasmil.work at gmail.com (David Villasmil) Date: Thu, 5 Jan 2023 11:11:00 +0100 Subject: [OpenSIPS-Users] OpenSIPS Equivalent to Kamailio's cfg_get In-Reply-To: <0549c429-a7f8-8ddf-c26e-ab228bdd5855@opensips.org> References: <3c7fb35c-7297-d273-dfd9-46f2c7262320@opensips.org> <0549c429-a7f8-8ddf-c26e-ab228bdd5855@opensips.org> Message-ID: Great; thanks for confirming this On Thu, 5 Jan 2023 at 10:53, Bogdan-Andrei Iancu wrote: > OK, so they are changeable at runtime (via MI I guess). In this case there > is 99% similarity with the shvals from cfgutils. > > Regards, > > Bogdan-Andrei Iancu > > OpenSIPS Founder and Developer > https://www.opensips-solutions.com > OpenSIPS Bootcamp 5-16 Dec 2022, online > https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/ > > On 1/5/23 11:47 AM, David Villasmil wrote: > > No, that’s the thing. I want to be able to change them without restarting > opensips > > On Thu, 5 Jan 2023 at 09:55, Bogdan-Andrei Iancu > wrote: > >> Hi David, >> >> Are these cfg values static during runtime? if so, you can simple use the >> defines provided by the template'ing support -> >> https://www.opensips.org/Documentation/Templating-Config-Files-3-2 >> >> Regards, >> >> Bogdan-Andrei Iancu >> >> OpenSIPS Founder and Developer >> https://www.opensips-solutions.com >> OpenSIPS Bootcamp 5-16 Dec 2022, online >> https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/ >> >> On 1/4/23 12:07 AM, David Villasmil wrote: >> >> Hey Bodgan! >> >> It’s used to dynamically set constants, I.e.: a variable you use >> throughout the script. >> >> You can set it initially like >> >> Myvar = 3 >> >> Then via cli you can change it. >> >> I finally did it in opensips with cfgutils, if there’s a better way to do >> it, please let me know. >> >> Many thanks! >> >> David >> >> On Tue, 3 Jan 2023 at 20:12, Bogdan-Andrei Iancu >> wrote: >> >>> Hi David, >>> >>> not sure what this cfg_get is suppose to do :( >>> >>> Regards, >>> >>> Bogdan-Andrei Iancu >>> >>> OpenSIPS Founder and Developer >>> https://www.opensips-solutions.com >>> OpenSIPS Bootcamp 5-16 Dec 2022, online >>> https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/ >>> >>> On 12/27/22 1:35 PM, David Villasmil wrote: >>> >>> Hello folks, >>> >>> Is there such a thing? cfgutils seems to be an alternative, but looks >>> like too much for such a simple thing. >>> >>> Regards, >>> >>> David Villasmil >>> email: david.villasmil.work at gmail.com >>> phone: +34669448337 >>> >>> _______________________________________________ >>> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users >>> >>> >>> -- >> Regards, >> >> David Villasmil >> email: david.villasmil.work at gmail.com >> phone: +34669448337 >> >> >> -- > Regards, > > David Villasmil > email: david.villasmil.work at gmail.com > phone: +34669448337 > > > -- Regards, David Villasmil email: david.villasmil.work at gmail.com phone: +34669448337 -------------- next part -------------- An HTML attachment was scrubbed... URL: From nutxase at proton.me Thu Jan 5 16:15:32 2023 From: nutxase at proton.me (nutxase) Date: Thu, 05 Jan 2023 16:15:32 +0000 Subject: [OpenSIPS-Users] Re-invite on mid_registrar In-Reply-To: References: Message-ID: anyone have any idea how i can get opensips to request a new invite here :( Sent with [Proton Mail](https://proton.me/) secure email. ------- Original Message ------- On Wednesday, January 4th, 2023 at 2:37 PM, nutxase via Users wrote: > Hi All! > > I am trying to get opensips to send a re-invite to asterisk on incoming calls > my scenario is > > - Call comes to opensips > - Opensips runs a custom script to wake up a device > - Device sends a new registration to asterisk > - Opensips needs to send a re-invite to asterisk(need help here) > - Opensips Looks up the location with the below and sends the call > > if (!mid_registrar_lookup("location")) { > t_reply(404, "Not Found"); > exit; > } > > t_relay(); > > exit; > } > > my complete code is: > > if (is_method("INVITE|MESSAGE") { > if (exec("/etc/opensips/pusher.sh $tu", , $var(out))) { > xlog ("we pushed"); > } else { > xlog("no push happened"); > } > t_reply(100, "SUSPEND"); > > route(push); > > route[push] { > > xlog("suspending transaction"); > > sleep(5); > t_reply(100,"RESUME"); > route (resume_route); > > } > route[resume_route] { > > xlog("resuming transaction"); > > if (!mid_registrar_lookup("location")) { > t_reply(404, "Not Found"); > exit; > } > > t_relay(); > > exit; > } > > Sent with [Proton Mail](https://proton.me/) secure email. -------------- next part -------------- An HTML attachment was scrubbed... URL: From marcin at voipplus.net Thu Jan 5 16:16:07 2023 From: marcin at voipplus.net (Marcin Groszek) Date: Thu, 5 Jan 2023 10:16:07 -0600 Subject: [OpenSIPS-Users] stir shaken verification In-Reply-To: References: <97b4659a-5afe-2a48-fee2-38edb9b3906b@voipplus.net> Message-ID: Joseph, Thank you very much for your respond. I have downloaded and apply new sti-ca file but certificate validation fails. INFO:stir_shaken:verify_callback: certificate validation failed: certificate signature failure INFO:stir_shaken:w_stir_verify: Invalid certificate DBG:core:comp_scriptvar: int 26 : -8 / 0 [1637] stir_shaken_verify() failed: 437, Unsupported Credential Perhaps I am not processing the sti-ca file properly. I am testing this with a valid token , in fact test calls are coming from major cellular carrier in US and the verification fails. I can see curl download the public cert, storing it in local cache and then attempt to verify, but it fails. Upon next call with same token, the public cert is pulled from local cache and still fails. On 1/4/2023 7:37 PM, Joseph Jackson wrote: > Hi Marcin, > > We have a process that downloads the CA list from iconectiv nightly, > decodes the jwt and stores the certs in a single file in > /etc/ssl/sti-ca/sti-ca.pem > > Here is the opensips modparam > > #stir and shaken > loadmodule "stir_shaken.so" > modparam("stir_shaken", "verify_date_freshness", 300) > modparam("stir_shaken", "auth_date_freshness", 300) > modparam("stir_shaken", "e164_strict_mode", 0) > #list of root certs for stir / shaken verification > modparam("stir_shaken", "ca_list", "/etc/ssl/sti-ca/sti-ca.pem") > > This is on opensips v3.1.11 > > > ------------------------------------------------------------------------ > *From:* Users on behalf of Marcin > Groszek > *Sent:* Wednesday, January 4, 2023 6:12 PM > *To:* users at lists.opensips.org > *Subject:* [OpenSIPS-Users] stir shaken verification > > Opensips version 3.1.5 > > I am having some issues with stir_shaken setup. I am sure this not an > issue with the module, but me. > > |stir_shaken_auth works just fine and I am able to sign the calls, > however I was unable to find any document how to use a ca file > available for download at iconectiv/download-list as well as via API. > They do come in as jwt file, but after little manipulation individual > certificates can be extracted, and the first one is the root > certificate; I think, and the rest are trusted STI-CA. ||I guess my > question is how do I use this file or any other cert file as > |"ca_list" and/or "ca_dir" . > > After weeks and hundreds attempts I was unsuccessful, and I was unable > to locate any document explaining preparation/setup/steps to setup > verification. > > All I get is : > > ERROR:stir_shaken:load_cert: Failed to parse certificate > ERROR:stir_shaken:w_stir_verify: Failed to load certificate > on INVITE with valid identity header. > > When I remove or replace  "ca_list" file with something bogus opensips > does not even start  with errors: > > ERROR:stir_shaken:init_cert_validation: Failed to load trustefd CAs > ERROR:core:init_mod: failed to initialize module stir_shaken > > I would really appreciate some guidance on this one. > > > || > > || > > > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users -- Best Regards: Marcin Groszek Business Phone Service https://www.voipplus.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From jjackson at aninetworks.net Thu Jan 5 19:18:38 2023 From: jjackson at aninetworks.net (Joseph Jackson) Date: Thu, 5 Jan 2023 19:18:38 +0000 Subject: [OpenSIPS-Users] stir shaken verification In-Reply-To: References: <97b4659a-5afe-2a48-fee2-38edb9b3906b@voipplus.net> Message-ID: Hi Marcin, I suspect you are correct that its how you are decoding the ca cert file from iconectiv. attached is what we have currently and it works in our production enviroment. If the maillist strips out that attachment let me know. You can reach me directly at jjackson at aninetworks.net Joseph ________________________________ From: Users on behalf of Marcin Groszek Sent: Thursday, January 5, 2023 10:16 AM To: users at lists.opensips.org Subject: Re: [OpenSIPS-Users] stir shaken verification Joseph, Thank you very much for your respond. I have downloaded and apply new sti-ca file but certificate validation fails. INFO:stir_shaken:verify_callback: certificate validation failed: certificate signature failure INFO:stir_shaken:w_stir_verify: Invalid certificate DBG:core:comp_scriptvar: int 26 : -8 / 0 [1637] stir_shaken_verify() failed: 437, Unsupported Credential Perhaps I am not processing the sti-ca file properly. I am testing this with a valid token , in fact test calls are coming from major cellular carrier in US and the verification fails. I can see curl download the public cert, storing it in local cache and then attempt to verify, but it fails. Upon next call with same token, the public cert is pulled from local cache and still fails. On 1/4/2023 7:37 PM, Joseph Jackson wrote: Hi Marcin, We have a process that downloads the CA list from iconectiv nightly, decodes the jwt and stores the certs in a single file in /etc/ssl/sti-ca/sti-ca.pem Here is the opensips modparam #stir and shaken loadmodule "stir_shaken.so" modparam("stir_shaken", "verify_date_freshness", 300) modparam("stir_shaken", "auth_date_freshness", 300) modparam("stir_shaken", "e164_strict_mode", 0) #list of root certs for stir / shaken verification modparam("stir_shaken", "ca_list", "/etc/ssl/sti-ca/sti-ca.pem") This is on opensips v3.1.11 ________________________________ From: Users on behalf of Marcin Groszek Sent: Wednesday, January 4, 2023 6:12 PM To: users at lists.opensips.org Subject: [OpenSIPS-Users] stir shaken verification Opensips version 3.1.5 I am having some issues with stir_shaken setup. I am sure this not an issue with the module, but me. stir_shaken_auth works just fine and I am able to sign the calls, however I was unable to find any document how to use a ca file available for download at iconectiv/download-list as well as via API. They do come in as jwt file, but after little manipulation individual certificates can be extracted, and the first one is the root certificate; I think, and the rest are trusted STI-CA. I guess my question is how do I use this file or any other cert file as "ca_list" and/or "ca_dir" . After weeks and hundreds attempts I was unsuccessful, and I was unable to locate any document explaining preparation/setup/steps to setup verification. All I get is : ERROR:stir_shaken:load_cert: Failed to parse certificate ERROR:stir_shaken:w_stir_verify: Failed to load certificate on INVITE with valid identity header. When I remove or replace "ca_list" file with something bogus opensips does not even start with errors: ERROR:stir_shaken:init_cert_validation: Failed to load trustefd CAs ERROR:core:init_mod: failed to initialize module stir_shaken I would really appreciate some guidance on this one. _______________________________________________ Users mailing list Users at lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users -- Best Regards: Marcin Groszek Business Phone Service https://www.voipplus.net -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: sti-ca.pem Type: application/x-x509-ca-cert Size: 13032 bytes Desc: sti-ca.pem URL: From marcin at voipplus.net Thu Jan 5 22:19:11 2023 From: marcin at voipplus.net (Marcin Groszek) Date: Thu, 5 Jan 2023 16:19:11 -0600 Subject: [OpenSIPS-Users] stir shaken verification In-Reply-To: References: <97b4659a-5afe-2a48-fee2-38edb9b3906b@voipplus.net> Message-ID: <754b3d6e-77e0-461a-7752-d43088928a97@voipplus.net> Thank you very much. I have the same file, and verification is still failing. Perhaps  my config: $var(found) = cache_fetch("local", $identity(x5u), $var(cert)); if (!$var(found) || !stir_shaken_check_cert("$var(cert)")) {     rest_get( "$identity(x5u)", $var(cert), $var(ctype), $var(http_rc));     if ($rc<0 || $var(http_rc) != 200) {         send_reply(436, "Bad Identity Info");         exit;     }     cache_store("local", $identity(x5u), $var(cert), 60); } stir_shaken_verify( "$var(cert)", $var(err_sip_code), $var(err_sip_reason)); if ($rc < 0) {     xlog("stir_shaken_verify() failed: $var(err_sip_code), $var(err_sip_reason) \n");     send_reply( $var(err_sip_code), $var(err_sip_reason));     exit; } I figured this much: $var(cert) is a public certificate downloaded from $identity(x5u), if it does not exists in local cache it gets pulled and stored, stir_shaken_check_cert("$var(cert)") is generating these errors: ERROR:stir_shaken:load_cert: Failed to parse certificate ERROR:stir_shaken:w_stir_check_cert: Failed to load certificate ( because the entry does not exists in local cashdb) this forces the download of the public cert from $identity(x5u) and store in local cashdb second attempt does not generate this errors, however calls with deferent identity header and url for public cert should generate same errors again as the public cert from new url is not in local cashdb, but it is NOT generating same error. Also, I have minimize cache_store  down to 1 second and after that second call with same $identity(x5u) should generate same errors , but it is not. an example at shaken-not-stirred page have : rest_get( "$identity(x5u)", "$var(cert)", $var(ctype), $var(http_rc)); but this fails a start-up with error ERROR:core:fix_cmd: Param [2] expected to be a variable so I removed the double quotes from around $var(cert) . On 1/5/2023 1:18 PM, Joseph Jackson wrote: > Hi Marcin, > > I suspect you are correct that its how you are decoding the ca cert > file from iconectiv. > > attached is what we have currently and it works in our production > enviroment. > > If the maillist strips out that attachment let me know.  You can reach > me directly at jjackson at aninetworks.net > > Joseph > > ------------------------------------------------------------------------ > *From:* Users on behalf of Marcin > Groszek > *Sent:* Thursday, January 5, 2023 10:16 AM > *To:* users at lists.opensips.org > *Subject:* Re: [OpenSIPS-Users] stir shaken verification > > Joseph, Thank you very much for your respond. > > > I have downloaded and apply new sti-ca file but certificate validation > fails. > > INFO:stir_shaken:verify_callback: certificate validation failed: > certificate signature failure > INFO:stir_shaken:w_stir_verify: Invalid certificate > DBG:core:comp_scriptvar: int 26 : -8 / 0 > [1637] stir_shaken_verify() failed: 437, Unsupported Credential > > > Perhaps I am not processing the sti-ca file properly. > > > I am testing this with a valid token , in fact test calls are coming > from major cellular carrier in US and the verification fails. > > I can see curl download the public cert, storing it in local cache and > then attempt to verify, but it fails. > > Upon next call with same token, the public cert is pulled from local > cache and still fails. > > > > > On 1/4/2023 7:37 PM, Joseph Jackson wrote: >> Hi Marcin, >> >> We have a process that downloads the CA list from iconectiv nightly,  >> decodes the jwt and stores the certs in a single file in >> /etc/ssl/sti-ca/sti-ca.pem >> >> Here is the opensips modparam >> >> #stir and shaken >> loadmodule "stir_shaken.so" >> modparam("stir_shaken", "verify_date_freshness", 300) >> modparam("stir_shaken", "auth_date_freshness", 300) >> modparam("stir_shaken", "e164_strict_mode", 0) >> #list of root certs for stir / shaken verification >> modparam("stir_shaken", "ca_list", "/etc/ssl/sti-ca/sti-ca.pem") >> >> This is on opensips v3.1.11 >> >> >> ------------------------------------------------------------------------ >> *From:* Users >> on behalf of Marcin Groszek >> >> *Sent:* Wednesday, January 4, 2023 6:12 PM >> *To:* users at lists.opensips.org >> >> *Subject:* [OpenSIPS-Users] stir shaken verification >> >> Opensips version 3.1.5 >> >> I am having some issues with stir_shaken setup. I am sure this not an >> issue with the module, but me. >> >> |stir_shaken_auth works just fine and I am able to sign the calls, >> however I was unable to find any document how to use a ca file >> available for download at iconectiv/download-list as well as via API. >> They do come in as jwt file, but after little manipulation individual >> certificates can be extracted, and the first one is the root >> certificate; I think, and the rest are trusted STI-CA. ||I guess my >> question is how do I use this file or any other cert file as >> |"ca_list" and/or "ca_dir" . >> >> After weeks and hundreds attempts I was unsuccessful, and I was >> unable to locate any document explaining preparation/setup/steps to >> setup verification. >> >> All I get is : >> >> ERROR:stir_shaken:load_cert: Failed to parse certificate >> ERROR:stir_shaken:w_stir_verify: Failed to load certificate >> on INVITE with valid identity header. >> >> When I remove or replace  "ca_list" file with something bogus >> opensips does not even start  with errors: >> >> ERROR:stir_shaken:init_cert_validation: Failed to load trustefd CAs >> ERROR:core:init_mod: failed to initialize module stir_shaken >> >> I would really appreciate some guidance on this one. >> >> >> || >> >> || >> >> >> _______________________________________________ >> Users mailing list >> Users at lists.opensips.org >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users > -- > Best Regards: > Marcin Groszek > Business Phone Service > https://www.voipplus.net > > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users -- Best Regards: Marcin Groszek Business Phone Service https://www.voipplus.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From jjackson at aninetworks.net Thu Jan 5 22:40:48 2023 From: jjackson at aninetworks.net (Joseph Jackson) Date: Thu, 5 Jan 2023 22:40:48 +0000 Subject: [OpenSIPS-Users] stir shaken verification In-Reply-To: <754b3d6e-77e0-461a-7752-d43088928a97@voipplus.net> References: <97b4659a-5afe-2a48-fee2-38edb9b3906b@voipplus.net> <754b3d6e-77e0-461a-7752-d43088928a97@voipplus.net> Message-ID: We have it slightly different but otherwise close to yours cache_fetch("local", $identity(x5u), $var(cert)); if (!stir_shaken_check_cert($var(cert))) { xlog("--[$ci] STI Getting a fresh certificate, existing one doesn't exist or is invalid\n"); $var(rc) = rest_get($identity(x5u), $var(cert)); if ($var(rc) < 0) { xlog("--[$ci] STI Failed to get the certificate\n"); send_reply(436, "Bad Identity Info"); exit; } xlog("--[$ci] STI got certificate[$var(cert)]\n"); cache_store("local", $identity(x5u), $var(cert)); } else { xlog("--[$ci] Using cached certificate\n"); } ________________________________ From: Users on behalf of Marcin Groszek Sent: Thursday, January 5, 2023 4:19 PM To: users at lists.opensips.org Subject: Re: [OpenSIPS-Users] stir shaken verification Thank you very much. I have the same file, and verification is still failing. Perhaps my config: $var(found) = cache_fetch("local", $identity(x5u), $var(cert)); if (!$var(found) || !stir_shaken_check_cert("$var(cert)")) { rest_get( "$identity(x5u)", $var(cert), $var(ctype), $var(http_rc)); if ($rc<0 || $var(http_rc) != 200) { send_reply(436, "Bad Identity Info"); exit; } cache_store("local", $identity(x5u), $var(cert), 60); } stir_shaken_verify( "$var(cert)", $var(err_sip_code), $var(err_sip_reason)); if ($rc < 0) { xlog("stir_shaken_verify() failed: $var(err_sip_code), $var(err_sip_reason) \n"); send_reply( $var(err_sip_code), $var(err_sip_reason)); exit; } I figured this much: $var(cert) is a public certificate downloaded from $identity(x5u), if it does not exists in local cache it gets pulled and stored, stir_shaken_check_cert("$var(cert)") is generating these errors: ERROR:stir_shaken:load_cert: Failed to parse certificate ERROR:stir_shaken:w_stir_check_cert: Failed to load certificate ( because the entry does not exists in local cashdb) this forces the download of the public cert from $identity(x5u) and store in local cashdb second attempt does not generate this errors, however calls with deferent identity header and url for public cert should generate same errors again as the public cert from new url is not in local cashdb, but it is NOT generating same error. Also, I have minimize cache_store down to 1 second and after that second call with same $identity(x5u) should generate same errors , but it is not. an example at shaken-not-stirred page have : rest_get( "$identity(x5u)", "$var(cert)", $var(ctype), $var(http_rc)); but this fails a start-up with error ERROR:core:fix_cmd: Param [2] expected to be a variable so I removed the double quotes from around $var(cert) . On 1/5/2023 1:18 PM, Joseph Jackson wrote: Hi Marcin, I suspect you are correct that its how you are decoding the ca cert file from iconectiv. attached is what we have currently and it works in our production enviroment. If the maillist strips out that attachment let me know. You can reach me directly at jjackson at aninetworks.net Joseph ________________________________ From: Users on behalf of Marcin Groszek Sent: Thursday, January 5, 2023 10:16 AM To: users at lists.opensips.org Subject: Re: [OpenSIPS-Users] stir shaken verification Joseph, Thank you very much for your respond. I have downloaded and apply new sti-ca file but certificate validation fails. INFO:stir_shaken:verify_callback: certificate validation failed: certificate signature failure INFO:stir_shaken:w_stir_verify: Invalid certificate DBG:core:comp_scriptvar: int 26 : -8 / 0 [1637] stir_shaken_verify() failed: 437, Unsupported Credential Perhaps I am not processing the sti-ca file properly. I am testing this with a valid token , in fact test calls are coming from major cellular carrier in US and the verification fails. I can see curl download the public cert, storing it in local cache and then attempt to verify, but it fails. Upon next call with same token, the public cert is pulled from local cache and still fails. On 1/4/2023 7:37 PM, Joseph Jackson wrote: Hi Marcin, We have a process that downloads the CA list from iconectiv nightly, decodes the jwt and stores the certs in a single file in /etc/ssl/sti-ca/sti-ca.pem Here is the opensips modparam #stir and shaken loadmodule "stir_shaken.so" modparam("stir_shaken", "verify_date_freshness", 300) modparam("stir_shaken", "auth_date_freshness", 300) modparam("stir_shaken", "e164_strict_mode", 0) #list of root certs for stir / shaken verification modparam("stir_shaken", "ca_list", "/etc/ssl/sti-ca/sti-ca.pem") This is on opensips v3.1.11 ________________________________ From: Users on behalf of Marcin Groszek Sent: Wednesday, January 4, 2023 6:12 PM To: users at lists.opensips.org Subject: [OpenSIPS-Users] stir shaken verification Opensips version 3.1.5 I am having some issues with stir_shaken setup. I am sure this not an issue with the module, but me. stir_shaken_auth works just fine and I am able to sign the calls, however I was unable to find any document how to use a ca file available for download at iconectiv/download-list as well as via API. They do come in as jwt file, but after little manipulation individual certificates can be extracted, and the first one is the root certificate; I think, and the rest are trusted STI-CA. I guess my question is how do I use this file or any other cert file as "ca_list" and/or "ca_dir" . After weeks and hundreds attempts I was unsuccessful, and I was unable to locate any document explaining preparation/setup/steps to setup verification. All I get is : ERROR:stir_shaken:load_cert: Failed to parse certificate ERROR:stir_shaken:w_stir_verify: Failed to load certificate on INVITE with valid identity header. When I remove or replace "ca_list" file with something bogus opensips does not even start with errors: ERROR:stir_shaken:init_cert_validation: Failed to load trustefd CAs ERROR:core:init_mod: failed to initialize module stir_shaken I would really appreciate some guidance on this one. _______________________________________________ Users mailing list Users at lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users -- Best Regards: Marcin Groszek Business Phone Service https://www.voipplus.net _______________________________________________ Users mailing list Users at lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users -- Best Regards: Marcin Groszek Business Phone Service https://www.voipplus.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From david.villasmil.work at gmail.com Thu Jan 5 22:45:28 2023 From: david.villasmil.work at gmail.com (David Villasmil) Date: Thu, 5 Jan 2023 23:45:28 +0100 Subject: [OpenSIPS-Users] stir shaken verification In-Reply-To: <754b3d6e-77e0-461a-7752-d43088928a97@voipplus.net> References: <97b4659a-5afe-2a48-fee2-38edb9b3906b@voipplus.net> <754b3d6e-77e0-461a-7752-d43088928a97@voipplus.net> Message-ID: Is $var(cert) actually set? Print it out On Thu, 5 Jan 2023 at 23:19, Marcin Groszek wrote: > Thank you very much. I have the same file, and verification is still > failing. Perhaps my config: > > > $var(found) = cache_fetch("local", $identity(x5u), $var(cert)); > if (!$var(found) || !stir_shaken_check_cert("$var(cert)")) { > rest_get( "$identity(x5u)", $var(cert), $var(ctype), $var(http_rc)); > if ($rc<0 || $var(http_rc) != 200) { > send_reply(436, "Bad Identity Info"); > exit; > } > cache_store("local", $identity(x5u), $var(cert), 60); > } > > stir_shaken_verify( "$var(cert)", $var(err_sip_code), > $var(err_sip_reason)); > if ($rc < 0) { > xlog("stir_shaken_verify() failed: $var(err_sip_code), > $var(err_sip_reason) \n"); > send_reply( $var(err_sip_code), $var(err_sip_reason)); > exit; > } > > > I figured this much: > > $var(cert) is a public certificate downloaded from $identity(x5u), if it > does not exists in local cache it gets pulled and stored, > > stir_shaken_check_cert("$var(cert)") is generating these errors: > > ERROR:stir_shaken:load_cert: Failed to parse certificate > ERROR:stir_shaken:w_stir_check_cert: Failed to load certificate ( because > the entry does not exists in local cashdb) > > this forces the download of the public cert from $identity(x5u) and store > in local cashdb > > second attempt does not generate this errors, however calls with deferent > identity header and url for public cert should generate same errors again > as the public cert from new url is not in local cashdb, but it is NOT > generating same error. > > Also, I have minimize cache_store down to 1 second and after that second > call with same $identity(x5u) should generate same errors , but it is not. > > an example at shaken-not-stirred page have : > > rest_get( "$identity(x5u)", "$var(cert)", > $var(ctype), $var(http_rc)); > > but this fails a start-up with error ERROR:core:fix_cmd: Param [2] > expected to be a variable so I removed the double quotes from around > $var(cert) . > > > > On 1/5/2023 1:18 PM, Joseph Jackson wrote: > > Hi Marcin, > > I suspect you are correct that its how you are decoding the ca cert file > from iconectiv. > > attached is what we have currently and it works in our production > enviroment. > > If the maillist strips out that attachment let me know. You can reach me > directly at jjackson at aninetworks.net > > Joseph > > ------------------------------ > *From:* Users > on behalf of Marcin Groszek > > *Sent:* Thursday, January 5, 2023 10:16 AM > *To:* users at lists.opensips.org > > *Subject:* Re: [OpenSIPS-Users] stir shaken verification > > > Joseph, Thank you very much for your respond. > > > I have downloaded and apply new sti-ca file but certificate validation > fails. > > INFO:stir_shaken:verify_callback: certificate validation failed: > certificate signature failure > INFO:stir_shaken:w_stir_verify: Invalid certificate > DBG:core:comp_scriptvar: int 26 : -8 / 0 > [1637] stir_shaken_verify() failed: 437, Unsupported Credential > > > Perhaps I am not processing the sti-ca file properly. > > > I am testing this with a valid token , in fact test calls are coming from > major cellular carrier in US and the verification fails. > > I can see curl download the public cert, storing it in local cache and > then attempt to verify, but it fails. > > Upon next call with same token, the public cert is pulled from local cache > and still fails. > > > > > On 1/4/2023 7:37 PM, Joseph Jackson wrote: > > Hi Marcin, > > We have a process that downloads the CA list from iconectiv nightly, > decodes the jwt and stores the certs in a single file in > /etc/ssl/sti-ca/sti-ca.pem > > Here is the opensips modparam > > #stir and shaken > loadmodule "stir_shaken.so" > modparam("stir_shaken", "verify_date_freshness", 300) > modparam("stir_shaken", "auth_date_freshness", 300) > modparam("stir_shaken", "e164_strict_mode", 0) > #list of root certs for stir / shaken verification > modparam("stir_shaken", "ca_list", "/etc/ssl/sti-ca/sti-ca.pem") > > This is on opensips v3.1.11 > > > ------------------------------ > *From:* Users > on behalf of Marcin Groszek > > *Sent:* Wednesday, January 4, 2023 6:12 PM > *To:* users at lists.opensips.org > > *Subject:* [OpenSIPS-Users] stir shaken verification > > > Opensips version 3.1.5 > > I am having some issues with stir_shaken setup. I am sure this not an > issue with the module, but me. > > stir_shaken_auth works just fine and I am able to sign the calls, however > I was unable to find any document how to use a ca file available for > download at iconectiv/download-list as well as via API. They do come in as > jwt file, but after little manipulation individual certificates can be > extracted, and the first one is the root certificate; I think, and the rest > are trusted STI-CA. I guess my question is how do I use this file or any > other cert file as "ca_list" and/or "ca_dir" . > > After weeks and hundreds attempts I was unsuccessful, and I was unable to > locate any document explaining preparation/setup/steps to setup > verification. > > All I get is : > > ERROR:stir_shaken:load_cert: Failed to parse certificate > ERROR:stir_shaken:w_stir_verify: Failed to load certificate > on INVITE with valid identity header. > > When I remove or replace "ca_list" file with something bogus opensips > does not even start with errors: > > ERROR:stir_shaken:init_cert_validation: Failed to load trustefd CAs > ERROR:core:init_mod: failed to initialize module stir_shaken > > I would really appreciate some guidance on this one. > > > > _______________________________________________ > Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users > > -- > Best Regards: > Marcin Groszek > Business Phone Servicehttps://www.voipplus.net > > > _______________________________________________ > Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users > > -- > Best Regards: > Marcin Groszek > Business Phone Servicehttps://www.voipplus.net > > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > -- Regards, David Villasmil email: david.villasmil.work at gmail.com phone: +34669448337 -------------- next part -------------- An HTML attachment was scrubbed... URL: From marcin at voipplus.net Thu Jan 5 23:23:58 2023 From: marcin at voipplus.net (Marcin Groszek) Date: Thu, 5 Jan 2023 17:23:58 -0600 Subject: [OpenSIPS-Users] stir shaken verification In-Reply-To: References: <97b4659a-5afe-2a48-fee2-38edb9b3906b@voipplus.net> <754b3d6e-77e0-461a-7752-d43088928a97@voipplus.net> Message-ID: <5c821f4c-ded9-765f-195b-c5cb45dd3fa2@voipplus.net> in 3.1.5 when I try to use stir_shaken_check_cert($var(cert)) without double quotes it trows an error on first INVITE after restart: ERROR:core:get_cmd_fixups: Variable in param [1] is not a string ERROR:core:do_action: Failed to get fixups for command So I am using stir_shaken_check_cert("$var(cert)") , but it does not seam to make any deference. I attempted your config for cert management, got certificate in xlog, but verification still fails. I guess, I'll try to upgrade to 3.1.11 On 1/5/2023 4:40 PM, Joseph Jackson wrote: > We have it slightly different but otherwise close to yours > >     cache_fetch("local", $identity(x5u), $var(cert)); >     if (!stir_shaken_check_cert($var(cert))) { > xlog("--[$ci] STI Getting a fresh certificate, existing one doesn't > exist or is invalid\n"); > >         $var(rc) = rest_get($identity(x5u), $var(cert)); > >         if ($var(rc) < 0) { > xlog("--[$ci] STI Failed to get the certificate\n"); > send_reply(436, "Bad Identity Info"); >             exit; >         } > > xlog("--[$ci] STI got certificate[$var(cert)]\n"); > > cache_store("local", $identity(x5u), $var(cert)); >     } else { > > xlog("--[$ci] Using cached certificate\n"); > >     } > > > ------------------------------------------------------------------------ > *From:* Users on behalf of Marcin > Groszek > *Sent:* Thursday, January 5, 2023 4:19 PM > *To:* users at lists.opensips.org > *Subject:* Re: [OpenSIPS-Users] stir shaken verification > > Thank you very much. I have the same file, and verification is still > failing. Perhaps  my config: > > > $var(found) = cache_fetch("local", $identity(x5u), $var(cert)); > if (!$var(found) || !stir_shaken_check_cert("$var(cert)")) { >     rest_get( "$identity(x5u)", $var(cert), $var(ctype), $var(http_rc)); >     if ($rc<0 || $var(http_rc) != 200) { >         send_reply(436, "Bad Identity Info"); >         exit; >     } >     cache_store("local", $identity(x5u), $var(cert), 60); > } > > stir_shaken_verify( "$var(cert)", $var(err_sip_code), > $var(err_sip_reason)); > if ($rc < 0) { >     xlog("stir_shaken_verify() failed: $var(err_sip_code), > $var(err_sip_reason) \n"); >     send_reply( $var(err_sip_code), $var(err_sip_reason)); >     exit; > } > > > I figured this much: > > $var(cert) is a public certificate downloaded from $identity(x5u), if > it does not exists in local cache it gets pulled and stored, > > stir_shaken_check_cert("$var(cert)") is generating these errors: > > ERROR:stir_shaken:load_cert: Failed to parse certificate > ERROR:stir_shaken:w_stir_check_cert: Failed to load certificate ( > because the entry does not exists in local cashdb) > > this forces the download of the public cert from $identity(x5u) and > store in local cashdb > > second attempt does not generate this errors, however calls with > deferent identity header and url for public cert should generate same > errors again as the public cert from new url is not in local cashdb, > but it is NOT generating same error. > > Also, I have minimize cache_store  down to 1 second and after that > second call with same $identity(x5u) should generate same errors , but > it is not. > > an example at shaken-not-stirred page have : > > rest_get( "$identity(x5u)", "$var(cert)", > $var(ctype), $var(http_rc)); > > but this fails a start-up with error ERROR:core:fix_cmd: Param [2] > expected to be a variable so I removed the double quotes from around > $var(cert) . > > > > On 1/5/2023 1:18 PM, Joseph Jackson wrote: >> Hi Marcin, >> >> I suspect you are correct that its how you are decoding the ca cert >> file from iconectiv. >> >> attached is what we have currently and it works in our production >> enviroment. >> >> If the maillist strips out that attachment let me know.  You can >> reach me directly at jjackson at aninetworks.net >> >> >> Joseph >> >> ------------------------------------------------------------------------ >> *From:* Users >> on behalf of Marcin Groszek >> >> *Sent:* Thursday, January 5, 2023 10:16 AM >> *To:* users at lists.opensips.org >> >> *Subject:* Re: [OpenSIPS-Users] stir shaken verification >> >> Joseph, Thank you very much for your respond. >> >> >> I have downloaded and apply new sti-ca file but certificate >> validation fails. >> >> INFO:stir_shaken:verify_callback: certificate validation failed: >> certificate signature failure >> INFO:stir_shaken:w_stir_verify: Invalid certificate >> DBG:core:comp_scriptvar: int 26 : -8 / 0 >> [1637] stir_shaken_verify() failed: 437, Unsupported Credential >> >> >> Perhaps I am not processing the sti-ca file properly. >> >> >> I am testing this with a valid token , in fact test calls are coming >> from major cellular carrier in US and the verification fails. >> >> I can see curl download the public cert, storing it in local cache >> and then attempt to verify, but it fails. >> >> Upon next call with same token, the public cert is pulled from local >> cache and still fails. >> >> >> >> >> On 1/4/2023 7:37 PM, Joseph Jackson wrote: >>> Hi Marcin, >>> >>> We have a process that downloads the CA list from iconectiv nightly, >>> decodes the jwt and stores the certs in a single file in >>> /etc/ssl/sti-ca/sti-ca.pem >>> >>> Here is the opensips modparam >>> >>> #stir and shaken >>> loadmodule "stir_shaken.so" >>> modparam("stir_shaken", "verify_date_freshness", 300) >>> modparam("stir_shaken", "auth_date_freshness", 300) >>> modparam("stir_shaken", "e164_strict_mode", 0) >>> #list of root certs for stir / shaken verification >>> modparam("stir_shaken", "ca_list", "/etc/ssl/sti-ca/sti-ca.pem") >>> >>> This is on opensips v3.1.11 >>> >>> >>> ------------------------------------------------------------------------ >>> *From:* Users >>> on behalf of Marcin >>> Groszek >>> *Sent:* Wednesday, January 4, 2023 6:12 PM >>> *To:* users at lists.opensips.org >>> >>> *Subject:* [OpenSIPS-Users] stir shaken verification >>> >>> Opensips version 3.1.5 >>> >>> I am having some issues with stir_shaken setup. I am sure this not >>> an issue with the module, but me. >>> >>> |stir_shaken_auth works just fine and I am able to sign the calls, >>> however I was unable to find any document how to use a ca file >>> available for download at iconectiv/download-list as well as via >>> API. They do come in as jwt file, but after little manipulation >>> individual certificates can be extracted, and the first one is the >>> root certificate; I think, and the rest are trusted STI-CA. ||I >>> guess my question is how do I use this file or any other cert file >>> as |"ca_list" and/or "ca_dir" . >>> >>> After weeks and hundreds attempts I was unsuccessful, and I was >>> unable to locate any document explaining preparation/setup/steps to >>> setup verification. >>> >>> All I get is : >>> >>> ERROR:stir_shaken:load_cert: Failed to parse certificate >>> ERROR:stir_shaken:w_stir_verify: Failed to load certificate >>> on INVITE with valid identity header. >>> >>> When I remove or replace  "ca_list" file with something bogus >>> opensips does not even start  with errors: >>> >>> ERROR:stir_shaken:init_cert_validation: Failed to load trustefd CAs >>> ERROR:core:init_mod: failed to initialize module stir_shaken >>> >>> I would really appreciate some guidance on this one. >>> >>> >>> || >>> >>> || >>> >>> >>> _______________________________________________ >>> Users mailing list >>> Users at lists.opensips.org >>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> -- >> Best Regards: >> Marcin Groszek >> Business Phone Service >> https://www.voipplus.net >> >> _______________________________________________ >> Users mailing list >> Users at lists.opensips.org >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users > -- > Best Regards: > Marcin Groszek > Business Phone Service > https://www.voipplus.net > > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users -- Best Regards: Marcin Groszek Business Phone Service https://www.voipplus.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From marcin at voipplus.net Thu Jan 5 23:24:33 2023 From: marcin at voipplus.net (Marcin Groszek) Date: Thu, 5 Jan 2023 17:24:33 -0600 Subject: [OpenSIPS-Users] stir shaken verification In-Reply-To: References: <97b4659a-5afe-2a48-fee2-38edb9b3906b@voipplus.net> <754b3d6e-77e0-461a-7752-d43088928a97@voipplus.net> Message-ID: <41d8146f-dca8-fca1-f6de-4cefbac2b58a@voipplus.net> Yes it is, I sent it to xlog it  an it does. On 1/5/2023 4:45 PM, David Villasmil wrote: > Is $var(cert) actually set? Print it out > > On Thu, 5 Jan 2023 at 23:19, Marcin Groszek > wrote: > > Thank you very much. I have the same file, and verification is > still failing. Perhaps  my config: > > > $var(found) = cache_fetch("local", $identity(x5u), $var(cert)); > if (!$var(found) || !stir_shaken_check_cert("$var(cert)")) { >     rest_get( "$identity(x5u)", $var(cert), $var(ctype), > $var(http_rc)); >     if ($rc<0 || $var(http_rc) != 200) { >         send_reply(436, "Bad Identity Info"); >         exit; >     } >     cache_store("local", $identity(x5u), $var(cert), 60); > } > > stir_shaken_verify( "$var(cert)", $var(err_sip_code), > $var(err_sip_reason)); > if ($rc < 0) { >     xlog("stir_shaken_verify() failed: $var(err_sip_code), > $var(err_sip_reason) \n"); >     send_reply( $var(err_sip_code), $var(err_sip_reason)); >     exit; > } > > > I figured this much: > > $var(cert) is a public certificate downloaded from $identity(x5u), > if it does not exists in local cache it gets pulled and stored, > > stir_shaken_check_cert("$var(cert)") is generating these errors: > > ERROR:stir_shaken:load_cert: Failed to parse certificate > ERROR:stir_shaken:w_stir_check_cert: Failed to load certificate ( > because the entry does not exists in local cashdb) > > this forces the download of the public cert from $identity(x5u) > and store in local cashdb > > second attempt does not generate this errors, however calls with > deferent identity header and url for public cert should generate > same errors again as the public cert from new url is not in local > cashdb, but it is NOT generating same error. > > Also, I have minimize cache_store  down to 1 second and after that > second call with same $identity(x5u) should generate same errors , > but it is not. > > an example at shaken-not-stirred page have : > > rest_get( "$identity(x5u)", "$var(cert)", > $var(ctype), $var(http_rc)); > > but this fails a start-up with error ERROR:core:fix_cmd: Param [2] > expected to be a variable so I removed the double quotes from > around $var(cert) . > > > > On 1/5/2023 1:18 PM, Joseph Jackson wrote: >> Hi Marcin, >> >> I suspect you are correct that its how you are decoding the ca >> cert file from iconectiv. >> >> attached is what we have currently and it works in our production >> enviroment. >> >> If the maillist strips out that attachment let me know.  You can >> reach me directly at jjackson at aninetworks.net >> >> >> Joseph >> >> ------------------------------------------------------------------------ >> *From:* Users >> on behalf of Marcin >> Groszek >> *Sent:* Thursday, January 5, 2023 10:16 AM >> *To:* users at lists.opensips.org >> >> *Subject:* Re: [OpenSIPS-Users] stir shaken verification >> >> Joseph, Thank you very much for your respond. >> >> >> I have downloaded and apply new sti-ca file but certificate >> validation fails. >> >> INFO:stir_shaken:verify_callback: certificate validation failed: >> certificate signature failure >> INFO:stir_shaken:w_stir_verify: Invalid certificate >> DBG:core:comp_scriptvar: int 26 : -8 / 0 >> [1637] stir_shaken_verify() failed: 437, Unsupported Credential >> >> >> Perhaps I am not processing the sti-ca file properly. >> >> >> I am testing this with a valid token , in fact test calls are >> coming from major cellular carrier in US and the verification fails. >> >> I can see curl download the public cert, storing it in local >> cache and then attempt to verify, but it fails. >> >> Upon next call with same token, the public cert is pulled from >> local cache and still fails. >> >> >> >> >> On 1/4/2023 7:37 PM, Joseph Jackson wrote: >>> Hi Marcin, >>> >>> We have a process that downloads the CA list from iconectiv >>> nightly,  decodes the jwt and stores the certs in a single file >>> in /etc/ssl/sti-ca/sti-ca.pem >>> >>> Here is the opensips modparam >>> >>> #stir and shaken >>> loadmodule "stir_shaken.so" >>> modparam("stir_shaken", "verify_date_freshness", 300) >>> modparam("stir_shaken", "auth_date_freshness", 300) >>> modparam("stir_shaken", "e164_strict_mode", 0) >>> #list of root certs for stir / shaken verification >>> modparam("stir_shaken", "ca_list", "/etc/ssl/sti-ca/sti-ca.pem") >>> >>> This is on opensips v3.1.11 >>> >>> >>> ------------------------------------------------------------------------ >>> *From:* Users >>> on behalf of Marcin >>> Groszek >>> *Sent:* Wednesday, January 4, 2023 6:12 PM >>> *To:* users at lists.opensips.org >>> >>> *Subject:* [OpenSIPS-Users] stir shaken verification >>> >>> Opensips version 3.1.5 >>> >>> I am having some issues with stir_shaken setup. I am sure this >>> not an issue with the module, but me. >>> >>> |stir_shaken_auth works just fine and I am able to sign the >>> calls, however I was unable to find any document how to use a ca >>> file available for download at iconectiv/download-list as well >>> as via API. They do come in as jwt file, but after little >>> manipulation individual certificates can be extracted, and the >>> first one is the root certificate; I think, and the rest are >>> trusted STI-CA. ||I guess my question is how do I use this file >>> or any other cert file as |"ca_list" and/or "ca_dir" . >>> >>> After weeks and hundreds attempts I was unsuccessful, and I was >>> unable to locate any document explaining preparation/setup/steps >>> to setup verification. >>> >>> All I get is : >>> >>> ERROR:stir_shaken:load_cert: Failed to parse certificate >>> ERROR:stir_shaken:w_stir_verify: Failed to load certificate >>> on INVITE with valid identity header. >>> >>> When I remove or replace  "ca_list" file with something bogus >>> opensips does not even start with errors: >>> >>> ERROR:stir_shaken:init_cert_validation: Failed to load trustefd CAs >>> ERROR:core:init_mod: failed to initialize module stir_shaken >>> >>> I would really appreciate some guidance on this one. >>> >>> >>> || >>> >>> || >>> >>> >>> _______________________________________________ >>> Users mailing list >>> Users at lists.opensips.org >>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> -- >> Best Regards: >> Marcin Groszek >> Business Phone Service >> https://www.voipplus.net >> >> _______________________________________________ >> Users mailing list >> Users at lists.opensips.org >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > -- > Best Regards: > Marcin Groszek > Business Phone Service > https://www.voipplus.net > > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > -- > Regards, > > David Villasmil > email: david.villasmil.work at gmail.com > > phone: +34669448337 > > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users -- Best Regards: Marcin Groszek Business Phone Service https://www.voipplus.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From marcin at voipplus.net Fri Jan 6 16:27:13 2023 From: marcin at voipplus.net (Marcin Groszek) Date: Fri, 6 Jan 2023 10:27:13 -0600 Subject: [OpenSIPS-Users] stir shaken verification In-Reply-To: <41d8146f-dca8-fca1-f6de-4cefbac2b58a@voipplus.net> References: <97b4659a-5afe-2a48-fee2-38edb9b3906b@voipplus.net> <754b3d6e-77e0-461a-7752-d43088928a97@voipplus.net> <41d8146f-dca8-fca1-f6de-4cefbac2b58a@voipplus.net> Message-ID: <36e30af0-2d45-5c55-9fc0-ed6f8dc73f04@voipplus.net> Thank you for all your help. My test opensips installation was on CentOS 7 and cert verification has been failing. The certificates are verifying with same opensips version 3.1.5 and same configuration on Oracle linux 8.6. Thank you again for all your answers and help. On 1/5/2023 5:24 PM, Marcin Groszek wrote: > > Yes it is, I sent it to xlog it  an it does. > > On 1/5/2023 4:45 PM, David Villasmil wrote: >> Is $var(cert) actually set? Print it out >> >> On Thu, 5 Jan 2023 at 23:19, Marcin Groszek > > wrote: >> >> Thank you very much. I have the same file, and verification is >> still failing. Perhaps  my config: >> >> >> $var(found) = cache_fetch("local", $identity(x5u), $var(cert)); >> if (!$var(found) || !stir_shaken_check_cert("$var(cert)")) { >>     rest_get( "$identity(x5u)", $var(cert), $var(ctype), >> $var(http_rc)); >>     if ($rc<0 || $var(http_rc) != 200) { >>         send_reply(436, "Bad Identity Info"); >>         exit; >>     } >>     cache_store("local", $identity(x5u), $var(cert), 60); >> } >> >> stir_shaken_verify( "$var(cert)", $var(err_sip_code), >> $var(err_sip_reason)); >> if ($rc < 0) { >>     xlog("stir_shaken_verify() failed: $var(err_sip_code), >> $var(err_sip_reason) \n"); >>     send_reply( $var(err_sip_code), $var(err_sip_reason)); >>     exit; >> } >> >> >> I figured this much: >> >> $var(cert) is a public certificate downloaded from >> $identity(x5u), if it does not exists in local cache it gets >> pulled and stored, >> >> stir_shaken_check_cert("$var(cert)") is generating these errors: >> >> ERROR:stir_shaken:load_cert: Failed to parse certificate >> ERROR:stir_shaken:w_stir_check_cert: Failed to load certificate ( >> because the entry does not exists in local cashdb) >> >> this forces the download of the public cert from $identity(x5u) >> and store in local cashdb >> >> second attempt does not generate this errors, however calls with >> deferent identity header and url for public cert should generate >> same errors again as the public cert from new url is not in local >> cashdb, but it is NOT generating same error. >> >> Also, I have minimize cache_store  down to 1 second and after >> that second call with same $identity(x5u) should generate same >> errors , but it is not. >> >> an example at shaken-not-stirred page have : >> >> rest_get( "$identity(x5u)", "$var(cert)", >> $var(ctype), $var(http_rc)); >> >> but this fails a start-up with error ERROR:core:fix_cmd: Param >> [2] expected to be a variable so I removed the double quotes from >> around $var(cert) . >> >> >> >> On 1/5/2023 1:18 PM, Joseph Jackson wrote: >>> Hi Marcin, >>> >>> I suspect you are correct that its how you are decoding the ca >>> cert file from iconectiv. >>> >>> attached is what we have currently and it works in our >>> production enviroment. >>> >>> If the maillist strips out that attachment let me know.  You can >>> reach me directly at jjackson at aninetworks.net >>> >>> >>> Joseph >>> >>> ------------------------------------------------------------------------ >>> *From:* Users >>> on behalf of Marcin >>> Groszek >>> *Sent:* Thursday, January 5, 2023 10:16 AM >>> *To:* users at lists.opensips.org >>> >>> *Subject:* Re: [OpenSIPS-Users] stir shaken verification >>> >>> Joseph, Thank you very much for your respond. >>> >>> >>> I have downloaded and apply new sti-ca file but certificate >>> validation fails. >>> >>> INFO:stir_shaken:verify_callback: certificate validation failed: >>> certificate signature failure >>> INFO:stir_shaken:w_stir_verify: Invalid certificate >>> DBG:core:comp_scriptvar: int 26 : -8 / 0 >>> [1637] stir_shaken_verify() failed: 437, Unsupported Credential >>> >>> >>> Perhaps I am not processing the sti-ca file properly. >>> >>> >>> I am testing this with a valid token , in fact test calls are >>> coming from major cellular carrier in US and the verification fails. >>> >>> I can see curl download the public cert, storing it in local >>> cache and then attempt to verify, but it fails. >>> >>> Upon next call with same token, the public cert is pulled from >>> local cache and still fails. >>> >>> >>> >>> >>> On 1/4/2023 7:37 PM, Joseph Jackson wrote: >>>> Hi Marcin, >>>> >>>> We have a process that downloads the CA list from iconectiv >>>> nightly,  decodes the jwt and stores the certs in a single file >>>> in /etc/ssl/sti-ca/sti-ca.pem >>>> >>>> Here is the opensips modparam >>>> >>>> #stir and shaken >>>> loadmodule "stir_shaken.so" >>>> modparam("stir_shaken", "verify_date_freshness", 300) >>>> modparam("stir_shaken", "auth_date_freshness", 300) >>>> modparam("stir_shaken", "e164_strict_mode", 0) >>>> #list of root certs for stir / shaken verification >>>> modparam("stir_shaken", "ca_list", "/etc/ssl/sti-ca/sti-ca.pem") >>>> >>>> This is on opensips v3.1.11 >>>> >>>> >>>> ------------------------------------------------------------------------ >>>> *From:* Users >>>> on behalf of Marcin >>>> Groszek >>>> *Sent:* Wednesday, January 4, 2023 6:12 PM >>>> *To:* users at lists.opensips.org >>>> >>>> >>>> *Subject:* [OpenSIPS-Users] stir shaken verification >>>> >>>> Opensips version 3.1.5 >>>> >>>> I am having some issues with stir_shaken setup. I am sure this >>>> not an issue with the module, but me. >>>> >>>> |stir_shaken_auth works just fine and I am able to sign the >>>> calls, however I was unable to find any document how to use a >>>> ca file available for download at iconectiv/download-list as >>>> well as via API. They do come in as jwt file, but after little >>>> manipulation individual certificates can be extracted, and the >>>> first one is the root certificate; I think, and the rest are >>>> trusted STI-CA. ||I guess my question is how do I use this file >>>> or any other cert file as |"ca_list" and/or "ca_dir" . >>>> >>>> After weeks and hundreds attempts I was unsuccessful, and I was >>>> unable to locate any document explaining >>>> preparation/setup/steps to setup verification. >>>> >>>> All I get is : >>>> >>>> ERROR:stir_shaken:load_cert: Failed to parse certificate >>>> ERROR:stir_shaken:w_stir_verify: Failed to load certificate >>>> on INVITE with valid identity header. >>>> >>>> When I remove or replace  "ca_list" file with something bogus >>>> opensips does not even start with errors: >>>> >>>> ERROR:stir_shaken:init_cert_validation: Failed to load trustefd CAs >>>> ERROR:core:init_mod: failed to initialize module stir_shaken >>>> >>>> I would really appreciate some guidance on this one. >>>> >>>> >>>> || >>>> >>>> || >>>> >>>> >>>> _______________________________________________ >>>> Users mailing list >>>> Users at lists.opensips.org >>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>> -- >>> Best Regards: >>> Marcin Groszek >>> Business Phone Service >>> https://www.voipplus.net >>> >>> _______________________________________________ >>> Users mailing list >>> Users at lists.opensips.org >>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> >> -- >> Best Regards: >> Marcin Groszek >> Business Phone Service >> https://www.voipplus.net >> >> _______________________________________________ >> Users mailing list >> Users at lists.opensips.org >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> >> -- >> Regards, >> >> David Villasmil >> email: david.villasmil.work at gmail.com >> >> phone: +34669448337 >> >> _______________________________________________ >> Users mailing list >> Users at lists.opensips.org >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users > -- > Best Regards: > Marcin Groszek > Business Phone Service > https://www.voipplus.net > > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users -- Best Regards: Marcin Groszek Business Phone Service https://www.voipplus.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From ffshoh at gmail.com Fri Jan 6 16:36:37 2023 From: ffshoh at gmail.com (Jonathan Abrams) Date: Fri, 6 Jan 2023 10:36:37 -0600 Subject: [OpenSIPS-Users] stir shaken verification In-Reply-To: <36e30af0-2d45-5c55-9fc0-ed6f8dc73f04@voipplus.net> References: <97b4659a-5afe-2a48-fee2-38edb9b3906b@voipplus.net> <754b3d6e-77e0-461a-7752-d43088928a97@voipplus.net> <41d8146f-dca8-fca1-f6de-4cefbac2b58a@voipplus.net> <36e30af0-2d45-5c55-9fc0-ed6f8dc73f04@voipplus.net> Message-ID: IIRC, the issue you were having with the validation failures on CentOS 7 was related to a shared library. OpenSSL I think. -Jon Abrams On Fri, Jan 6, 2023, 10:30 AM Marcin Groszek wrote: > Thank you for all your help. > > My test opensips installation was on CentOS 7 and cert verification has > been failing. > > The certificates are verifying with same opensips version 3.1.5 and same > configuration on Oracle linux 8.6. > > Thank you again for all your answers and help. > > > On 1/5/2023 5:24 PM, Marcin Groszek wrote: > > Yes it is, I sent it to xlog it an it does. > On 1/5/2023 4:45 PM, David Villasmil wrote: > > Is $var(cert) actually set? Print it out > > On Thu, 5 Jan 2023 at 23:19, Marcin Groszek wrote: > >> Thank you very much. I have the same file, and verification is still >> failing. Perhaps my config: >> >> >> $var(found) = cache_fetch("local", $identity(x5u), $var(cert)); >> if (!$var(found) || !stir_shaken_check_cert("$var(cert)")) { >> rest_get( "$identity(x5u)", $var(cert), $var(ctype), $var(http_rc)); >> if ($rc<0 || $var(http_rc) != 200) { >> send_reply(436, "Bad Identity Info"); >> exit; >> } >> cache_store("local", $identity(x5u), $var(cert), 60); >> } >> >> stir_shaken_verify( "$var(cert)", $var(err_sip_code), >> $var(err_sip_reason)); >> if ($rc < 0) { >> xlog("stir_shaken_verify() failed: $var(err_sip_code), >> $var(err_sip_reason) \n"); >> send_reply( $var(err_sip_code), $var(err_sip_reason)); >> exit; >> } >> >> >> I figured this much: >> >> $var(cert) is a public certificate downloaded from $identity(x5u), if it >> does not exists in local cache it gets pulled and stored, >> >> stir_shaken_check_cert("$var(cert)") is generating these errors: >> >> ERROR:stir_shaken:load_cert: Failed to parse certificate >> ERROR:stir_shaken:w_stir_check_cert: Failed to load certificate ( because >> the entry does not exists in local cashdb) >> >> this forces the download of the public cert from $identity(x5u) and store >> in local cashdb >> >> second attempt does not generate this errors, however calls with deferent >> identity header and url for public cert should generate same errors again >> as the public cert from new url is not in local cashdb, but it is NOT >> generating same error. >> >> Also, I have minimize cache_store down to 1 second and after that second >> call with same $identity(x5u) should generate same errors , but it is not. >> >> an example at shaken-not-stirred page have : >> >> rest_get( "$identity(x5u)", "$var(cert)", >> $var(ctype), $var(http_rc)); >> >> but this fails a start-up with error ERROR:core:fix_cmd: Param [2] >> expected to be a variable so I removed the double quotes from around >> $var(cert) . >> >> >> >> On 1/5/2023 1:18 PM, Joseph Jackson wrote: >> >> Hi Marcin, >> >> I suspect you are correct that its how you are decoding the ca cert file >> from iconectiv. >> >> attached is what we have currently and it works in our production >> enviroment. >> >> If the maillist strips out that attachment let me know. You can reach me >> directly at jjackson at aninetworks.net >> >> Joseph >> >> ------------------------------ >> *From:* Users >> on behalf of Marcin Groszek >> >> *Sent:* Thursday, January 5, 2023 10:16 AM >> *To:* users at lists.opensips.org >> >> *Subject:* Re: [OpenSIPS-Users] stir shaken verification >> >> >> Joseph, Thank you very much for your respond. >> >> >> I have downloaded and apply new sti-ca file but certificate validation >> fails. >> >> INFO:stir_shaken:verify_callback: certificate validation failed: >> certificate signature failure >> INFO:stir_shaken:w_stir_verify: Invalid certificate >> DBG:core:comp_scriptvar: int 26 : -8 / 0 >> [1637] stir_shaken_verify() failed: 437, Unsupported Credential >> >> >> Perhaps I am not processing the sti-ca file properly. >> >> >> I am testing this with a valid token , in fact test calls are coming from >> major cellular carrier in US and the verification fails. >> >> I can see curl download the public cert, storing it in local cache and >> then attempt to verify, but it fails. >> >> Upon next call with same token, the public cert is pulled from local >> cache and still fails. >> >> >> >> >> On 1/4/2023 7:37 PM, Joseph Jackson wrote: >> >> Hi Marcin, >> >> We have a process that downloads the CA list from iconectiv nightly, >> decodes the jwt and stores the certs in a single file in >> /etc/ssl/sti-ca/sti-ca.pem >> >> Here is the opensips modparam >> >> #stir and shaken >> loadmodule "stir_shaken.so" >> modparam("stir_shaken", "verify_date_freshness", 300) >> modparam("stir_shaken", "auth_date_freshness", 300) >> modparam("stir_shaken", "e164_strict_mode", 0) >> #list of root certs for stir / shaken verification >> modparam("stir_shaken", "ca_list", "/etc/ssl/sti-ca/sti-ca.pem") >> >> This is on opensips v3.1.11 >> >> >> ------------------------------ >> *From:* Users >> on behalf of Marcin Groszek >> >> *Sent:* Wednesday, January 4, 2023 6:12 PM >> *To:* users at lists.opensips.org >> >> *Subject:* [OpenSIPS-Users] stir shaken verification >> >> >> Opensips version 3.1.5 >> >> I am having some issues with stir_shaken setup. I am sure this not an >> issue with the module, but me. >> >> stir_shaken_auth works just fine and I am able to sign the calls, however >> I was unable to find any document how to use a ca file available for >> download at iconectiv/download-list as well as via API. They do come in as >> jwt file, but after little manipulation individual certificates can be >> extracted, and the first one is the root certificate; I think, and the rest >> are trusted STI-CA. I guess my question is how do I use this file or any >> other cert file as "ca_list" and/or "ca_dir" . >> >> After weeks and hundreds attempts I was unsuccessful, and I was unable to >> locate any document explaining preparation/setup/steps to setup >> verification. >> >> All I get is : >> >> ERROR:stir_shaken:load_cert: Failed to parse certificate >> ERROR:stir_shaken:w_stir_verify: Failed to load certificate >> on INVITE with valid identity header. >> >> When I remove or replace "ca_list" file with something bogus opensips >> does not even start with errors: >> >> ERROR:stir_shaken:init_cert_validation: Failed to load trustefd CAs >> ERROR:core:init_mod: failed to initialize module stir_shaken >> >> I would really appreciate some guidance on this one. >> >> >> >> _______________________________________________ >> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users >> >> -- >> Best Regards: >> Marcin Groszek >> Business Phone Servicehttps://www.voipplus.net >> >> >> _______________________________________________ >> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users >> >> -- >> Best Regards: >> Marcin Groszek >> Business Phone Servicehttps://www.voipplus.net >> >> _______________________________________________ >> Users mailing list >> Users at lists.opensips.org >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> > -- > Regards, > > David Villasmil > email: david.villasmil.work at gmail.com > phone: +34669448337 > > _______________________________________________ > Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users > > -- > Best Regards: > Marcin Groszek > Business Phone Servicehttps://www.voipplus.net > > > _______________________________________________ > Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users > > -- > Best Regards: > Marcin Groszek > Business Phone Servicehttps://www.voipplus.net > > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From denys.pozniak at gmail.com Mon Jan 9 08:03:52 2023 From: denys.pozniak at gmail.com (Denys Pozniak) Date: Mon, 9 Jan 2023 10:03:52 +0200 Subject: [OpenSIPS-Users] Cluster (anycast) adds extra hex 00 in the tail to replicated responses. In-Reply-To: References: Message-ID: Hello! Sorry to bring the topic up, but so far I have no idea what the problem is. Or do I need to open an issue on github? вт, 3 янв. 2023 г. в 13:58, Denys Pozniak : > Hello! > > I'm trying to build a classic anycast cluster topology with two OpenSIPS > nodes, in which requests are processed by one proxy and responses by > another. > The client and server are emulated via baresip. > But I ran into a problem in that the replicated responses have an extra 00 > in the tail of the reply (the original reply from baresip UAS does not have > it). > > ngrep -x: > # > U 192.168.100.100:5060 -> 192.168.56.103:37279 #5 > 53 49 50 2f 32 2e 30 20 31 38 30 20 52 69 6e 67 SIP/2.0 180 Ring > 69 6e 67 0d 0a 52 65 63 6f 72 64 2d 52 6f 75 74 ing..Record-Rout > 65 3a 20 3c 73 69 70 3a 31 39 32 2e 31 36 38 2e e: 31 30 30 2e 31 30 30 3b 6c 72 3e 0d 0a 56 69 61 100.100;lr>..Via > 3a 20 53 49 50 2f 32 2e 30 2f 55 44 50 20 31 39 : SIP/2.0/UDP 19 > 32 2e 31 36 38 2e 35 36 2e 31 30 33 3a 33 37 32 2.168.56.103:372 > 37 39 3b 72 65 63 65 69 76 65 64 3d 31 39 32 2e 79;received=192. > 31 36 38 2e 35 36 2e 31 30 33 3b 62 72 61 6e 63 168.56.103;branc > 68 3d 7a 39 68 47 34 62 4b 62 65 63 38 65 38 66 h=z9hG4bKbec8e8f > 30 32 36 62 65 39 31 34 61 3b 72 70 6f 72 74 3d 026be914a;rport= > 33 37 32 37 39 0d 0a 54 6f 3a 20 3c 73 69 70 3a 37279..To: 31 30 30 40 31 39 32 2e 31 36 38 2e 31 30 30 2e 100 at 192.168.100. > 31 30 30 3b 74 72 61 6e 73 70 6f 72 74 3d 75 64 100;transport=ud > 70 3e 3b 74 61 67 3d 32 37 65 33 63 32 31 38 65 p>;tag=27e3c218e > 30 65 61 31 32 30 64 0d 0a 46 72 6f 6d 3a 20 3c 0ea120d..From: < > 73 69 70 3a 32 30 30 40 31 39 32 2e 31 36 38 2e sip:200 at 192.168. > 31 30 30 2e 31 30 30 3a 35 30 36 30 3e 3b 74 61 100.100:5060>;ta > 67 3d 35 36 38 35 66 33 38 39 61 39 37 66 65 31 g=5685f389a97fe1 > 30 32 0d 0a 43 61 6c 6c 2d 49 44 3a 20 31 32 34 02..Call-ID: 124 > 39 37 61 63 37 36 65 38 30 34 66 35 36 0d 0a 43 97ac76e804f56..C > 53 65 71 3a 20 36 33 37 30 37 20 49 4e 56 49 54 Seq: 63707 INVIT > 45 0d 0a 53 65 72 76 65 72 3a 20 62 61 72 65 73 E..Server: bares > 69 70 20 76 32 2e 31 30 2e 30 20 28 78 38 36 5f ip v2.10.0 (x86_ > 36 34 2f 4c 69 6e 75 78 29 0d 0a 43 6f 6e 74 61 64/Linux)..Conta > 63 74 3a 20 3c 73 69 70 3a 31 30 30 2d 30 78 63 ct: 62 63 31 39 30 40 31 39 32 2e 31 36 38 2e 35 36 bc190 at 192.168.56 > 2e 31 30 36 3a 35 30 38 30 3e 0d 0a 41 6c 6c 6f .106:5080>..Allo > 77 3a 20 49 4e 56 49 54 45 2c 41 43 4b 2c 42 59 w: INVITE,ACK,BY > 45 2c 43 41 4e 43 45 4c 2c 4f 50 54 49 4f 4e 53 E,CANCEL,OPTIONS > 2c 4e 4f 54 49 46 59 2c 53 55 42 53 43 52 49 42 ,NOTIFY,SUBSCRIB > 45 2c 49 4e 46 4f 2c 4d 45 53 53 41 47 45 2c 55 E,INFO,MESSAGE,U > 50 44 41 54 45 2c 52 45 46 45 52 0d 0a 43 6f 6e PDATE,REFER..Con > 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a tent-Length: 0.. > 0d 0a 00 ... > # > > So it throws a Baresip error: > call: SIP Progress: 100 Trying-2 (/) > call: SIP Progress: 100 Giving it a try (/) > call: SIP Progress: 180 Ringing (/) > call: could not decode SDP answer: Bad message [74] > > 192.168.56.103 - baresip UAC > 192.168.56.106 - baresip UAS > 192.168.100.100 - anycast OpenSIPS > > opensips.cfg (node2): > ... > socket = udp:192.168.100.100 anycast > socket= bin:192.168.56.105:5566 > ... > modparam ("tm", "tm_replication_cluster", 1) > modparam("clusterer", "db_mode", 0) > modparam("clusterer", "my_node_id", 2) > modparam("clusterer", "my_node_info", "cluster_id=1, url=bin: > 192.168.56.105:5566") > modparam("clusterer", "neighbor_node_info", > "cluster_id=1,node_id=1,url=bin:192.168.56.104:5566") > modparam("clusterer", "sharing_tag", "vip1/2=active") > ... > ####### Routing Logic ######## > > route{ > > if ( !mf_process_maxfwd_header(10) ) { > send_reply(483,"Too Many Hops"); > exit; > } > > sl_send_reply(100, "Trying-2"); > > if (has_totag()) { > > if ( !loose_route() && !t_check_trans() ) { > if ( is_method("ACK") ) { > t_anycast_replicate(); > exit; > } > } > > t_relay(); > exit; > } > > if (is_method("CANCEL")) { > if (t_check_trans()) { > t_relay(); > > } else { > t_anycast_replicate(); > } > > exit; > } > > t_check_trans(); > > if (!is_method("REGISTER|MESSAGE")) { > record_route(); > } > > if ( is_method("INVITE") && $si!="5080" ) { > $du = "sip:192.168.56.106:5080"; > } > > t_relay(); > exit; > > } > > [root at localhost opensips]# opensips -V > version: opensips 3.3.2 (x86_64/linux) > flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, > Q_MALLOC, F_MALLOC, HP_MALLOC, DBG_MALLOC, FAST_LOCK-ADAPTIVE_WAIT > ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, > MAX_URI_SIZE 1024, BUF_SIZE 65535 > poll method support: poll, epoll, sigio_rt, select. > main.c compiled on 16:12:02 Oct 19 2022 with gcc 4.8.5 > > > -- > > BR, > Denys Pozniak > > > -- BR, Denys Pozniak -------------- next part -------------- An HTML attachment was scrubbed... URL: From razvan at opensips.org Mon Jan 9 08:24:37 2023 From: razvan at opensips.org (=?UTF-8?Q?R=c4=83zvan_Crainea?=) Date: Mon, 9 Jan 2023 10:24:37 +0200 Subject: [OpenSIPS-Users] Cluster (anycast) adds extra hex 00 in the tail to replicated responses. In-Reply-To: References: Message-ID: Hi, Denys! I've just pushed a fix[1] in the master branch - can you please give it a try and let me know if this fixes your setup, so I can backport it down to 3.1? [1] https://github.com/OpenSIPS/opensips/commit/81e9b14a16acd284469d8958c57dcece69699a85 Best regards, Răzvan Crainea OpenSIPS Core Developer http://www.opensips-solutions.com On 1/9/23 10:03, Denys Pozniak wrote: > Hello! > > Sorry to bring the topic up, but so far I have no idea what the problem > is. Or do I need to open an issue on github? > > вт, 3 янв. 2023 г. в 13:58, Denys Pozniak >: > > Hello! > > I'm trying to build a classic anycast cluster topology with two > OpenSIPS nodes, in which requests are processed by one proxy and > responses by another. > The client and server are emulated via baresip. > But I ran into a problem in that the replicated responses have an > extra 00 in the tail of the reply (the original reply from baresip > UAS does not have it). > > ngrep -x: > # > U 192.168.100.100:5060 -> > 192.168.56.103:37279 #5 >   53 49 50 2f 32 2e 30 20    31 38 30 20 52 69 6e 67    SIP/2.0 180 > Ring >   69 6e 67 0d 0a 52 65 63    6f 72 64 2d 52 6f 75 74 >  ing..Record-Rout >   65 3a 20 3c 73 69 70 3a    31 39 32 2e 31 36 38 2e    e: >   31 30 30 2e 31 30 30 3b    6c 72 3e 0d 0a 56 69 61 >  100.100;lr>..Via >   3a 20 53 49 50 2f 32 2e    30 2f 55 44 50 20 31 39    : > SIP/2.0/UDP 19 >   32 2e 31 36 38 2e 35 36    2e 31 30 33 3a 33 37 32 > 2.168.56.103:372 >   37 39 3b 72 65 63 65 69    76 65 64 3d 31 39 32 2e >  79;received=192. >   31 36 38 2e 35 36 2e 31    30 33 3b 62 72 61 6e 63 >  168.56.103;branc >   68 3d 7a 39 68 47 34 62    4b 62 65 63 38 65 38 66 >  h=z9hG4bKbec8e8f >   30 32 36 62 65 39 31 34    61 3b 72 70 6f 72 74 3d >  026be914a;rport= >   33 37 32 37 39 0d 0a 54    6f 3a 20 3c 73 69 70 3a    37279..To: >   31 30 30 40 31 39 32 2e    31 36 38 2e 31 30 30 2e > 100 at 192.168.100. >   31 30 30 3b 74 72 61 6e    73 70 6f 72 74 3d 75 64 >  100;transport=ud >   70 3e 3b 74 61 67 3d 32    37 65 33 63 32 31 38 65 >  p>;tag=27e3c218e >   30 65 61 31 32 30 64 0d    0a 46 72 6f 6d 3a 20 3c >  0ea120d..From: < >   73 69 70 3a 32 30 30 40    31 39 32 2e 31 36 38 2e >  sip:200 at 192.168. >   31 30 30 2e 31 30 30 3a    35 30 36 30 3e 3b 74 61 >  100.100:5060>;ta >   67 3d 35 36 38 35 66 33    38 39 61 39 37 66 65 31 >  g=5685f389a97fe1 >   30 32 0d 0a 43 61 6c 6c    2d 49 44 3a 20 31 32 34 >  02..Call-ID: 124 >   39 37 61 63 37 36 65 38    30 34 66 35 36 0d 0a 43 >  97ac76e804f56..C >   53 65 71 3a 20 36 33 37    30 37 20 49 4e 56 49 54    Seq: 63707 > INVIT >   45 0d 0a 53 65 72 76 65    72 3a 20 62 61 72 65 73    E..Server: > bares >   69 70 20 76 32 2e 31 30    2e 30 20 28 78 38 36 5f    ip v2.10.0 > (x86_ >   36 34 2f 4c 69 6e 75 78    29 0d 0a 43 6f 6e 74 61 >  64/Linux)..Conta >   63 74 3a 20 3c 73 69 70    3a 31 30 30 2d 30 78 63    ct: >   62 63 31 39 30 40 31 39    32 2e 31 36 38 2e 35 36 >  bc190 at 192.168.56 >   2e 31 30 36 3a 35 30 38    30 3e 0d 0a 41 6c 6c 6f >  .106:5080>..Allo >   77 3a 20 49 4e 56 49 54    45 2c 41 43 4b 2c 42 59    w: > INVITE,ACK,BY >   45 2c 43 41 4e 43 45 4c    2c 4f 50 54 49 4f 4e 53 >  E,CANCEL,OPTIONS >   2c 4e 4f 54 49 46 59 2c    53 55 42 53 43 52 49 42 >  ,NOTIFY,SUBSCRIB >   45 2c 49 4e 46 4f 2c 4d    45 53 53 41 47 45 2c 55 >  E,INFO,MESSAGE,U >   50 44 41 54 45 2c 52 45    46 45 52 0d 0a 43 6f 6e >  PDATE,REFER..Con >   74 65 6e 74 2d 4c 65 6e    67 74 68 3a 20 30 0d 0a >  tent-Length: 0.. >   0d 0a 00                                              ... > # > > So it throws a Baresip error: > call: SIP Progress: 100 Trying-2 (/) > call: SIP Progress: 100 Giving it a try (/) > call: SIP Progress: 180 Ringing (/) > call: could not decode SDP answer: Bad message [74] > > 192.168.56.103 - baresip UAC > 192.168.56.106 - baresip UAS > 192.168.100.100 - anycast OpenSIPS > > opensips.cfg (node2): > ... > socket = udp:192.168.100.100 anycast > socket= bin:192.168.56.105:5566 > ... > modparam ("tm", "tm_replication_cluster", 1) > modparam("clusterer", "db_mode", 0) > modparam("clusterer", "my_node_id", 2) > modparam("clusterer", "my_node_info", "cluster_id=1, > url=bin:192.168.56.105:5566 ") > modparam("clusterer", "neighbor_node_info", > "cluster_id=1,node_id=1,url=bin:192.168.56.104:5566 > ") > modparam("clusterer", "sharing_tag", "vip1/2=active") > ... > ####### Routing Logic ######## > > route{ > >         if ( !mf_process_maxfwd_header(10) ) { >                 send_reply(483,"Too Many Hops"); >                 exit; >         } > >         sl_send_reply(100, "Trying-2"); > >         if (has_totag()) { > >                 if ( !loose_route() && !t_check_trans() ) { >                         if ( is_method("ACK") ) { >                                 t_anycast_replicate(); >                                 exit; >                         } >                 } > >                 t_relay(); >                 exit; >         } > >         if (is_method("CANCEL")) { >                 if (t_check_trans()) { >                         t_relay(); > >                 } else { >                         t_anycast_replicate(); >                 } > >                 exit; >         } > >         t_check_trans(); > >         if (!is_method("REGISTER|MESSAGE")) { >                 record_route(); >         } > >         if ( is_method("INVITE") && $si!="5080" ) { >                 $du = "sip:192.168.56.106:5080 > "; >         } > >         t_relay(); >         exit; > > } > > [root at localhost opensips]# opensips -V > version: opensips 3.3.2 (x86_64/linux) > flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, > Q_MALLOC, F_MALLOC, HP_MALLOC, DBG_MALLOC, FAST_LOCK-ADAPTIVE_WAIT > ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN > 16, MAX_URI_SIZE 1024, BUF_SIZE 65535 > poll method support: poll, epoll, sigio_rt, select. > main.c compiled on 16:12:02 Oct 19 2022 with gcc 4.8.5 > > > -- > > BR, > Denys Pozniak > > > > > -- > > BR, > Denys Pozniak > > > > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users From denys.pozniak at gmail.com Mon Jan 9 09:35:01 2023 From: denys.pozniak at gmail.com (Denys Pozniak) Date: Mon, 9 Jan 2023 11:35:01 +0200 Subject: [OpenSIPS-Users] Cluster (anycast) adds extra hex 00 in the tail to replicated responses. In-Reply-To: References: Message-ID: Hello! Thanks!!! Do we have a yum repository where packages from the master branch are built? пн, 9 янв. 2023 г. в 10:27, Răzvan Crainea : > Hi, Denys! > > I've just pushed a fix[1] in the master branch - can you please give it > a try and let me know if this fixes your setup, so I can backport it > down to 3.1? > > [1] > > https://github.com/OpenSIPS/opensips/commit/81e9b14a16acd284469d8958c57dcece69699a85 > > Best regards, > > Răzvan Crainea > OpenSIPS Core Developer > http://www.opensips-solutions.com > > On 1/9/23 10:03, Denys Pozniak wrote: > > Hello! > > > > Sorry to bring the topic up, but so far I have no idea what the problem > > is. Or do I need to open an issue on github? > > > > вт, 3 янв. 2023 г. в 13:58, Denys Pozniak > >: > > > > Hello! > > > > I'm trying to build a classic anycast cluster topology with two > > OpenSIPS nodes, in which requests are processed by one proxy and > > responses by another. > > The client and server are emulated via baresip. > > But I ran into a problem in that the replicated responses have an > > extra 00 in the tail of the reply (the original reply from baresip > > UAS does not have it). > > > > ngrep -x: > > # > > U 192.168.100.100:5060 -> > > 192.168.56.103:37279 #5 > > 53 49 50 2f 32 2e 30 20 31 38 30 20 52 69 6e 67 SIP/2.0 180 > > Ring > > 69 6e 67 0d 0a 52 65 63 6f 72 64 2d 52 6f 75 74 > > ing..Record-Rout > > 65 3a 20 3c 73 69 70 3a 31 39 32 2e 31 36 38 2e e: > > > 31 30 30 2e 31 30 30 3b 6c 72 3e 0d 0a 56 69 61 > > 100.100;lr>..Via > > 3a 20 53 49 50 2f 32 2e 30 2f 55 44 50 20 31 39 : > > SIP/2.0/UDP 19 > > 32 2e 31 36 38 2e 35 36 2e 31 30 33 3a 33 37 32 > > 2.168.56.103:372 > > 37 39 3b 72 65 63 65 69 76 65 64 3d 31 39 32 2e > > 79;received=192. > > 31 36 38 2e 35 36 2e 31 30 33 3b 62 72 61 6e 63 > > 168.56.103;branc > > 68 3d 7a 39 68 47 34 62 4b 62 65 63 38 65 38 66 > > h=z9hG4bKbec8e8f > > 30 32 36 62 65 39 31 34 61 3b 72 70 6f 72 74 3d > > 026be914a;rport= > > 33 37 32 37 39 0d 0a 54 6f 3a 20 3c 73 69 70 3a 37279..To: > > > 31 30 30 40 31 39 32 2e 31 36 38 2e 31 30 30 2e > > 100 at 192.168.100. > > 31 30 30 3b 74 72 61 6e 73 70 6f 72 74 3d 75 64 > > 100;transport=ud > > 70 3e 3b 74 61 67 3d 32 37 65 33 63 32 31 38 65 > > p>;tag=27e3c218e > > 30 65 61 31 32 30 64 0d 0a 46 72 6f 6d 3a 20 3c > > 0ea120d..From: < > > 73 69 70 3a 32 30 30 40 31 39 32 2e 31 36 38 2e > > sip:200 at 192.168. > > 31 30 30 2e 31 30 30 3a 35 30 36 30 3e 3b 74 61 > > 100.100:5060>;ta > > 67 3d 35 36 38 35 66 33 38 39 61 39 37 66 65 31 > > g=5685f389a97fe1 > > 30 32 0d 0a 43 61 6c 6c 2d 49 44 3a 20 31 32 34 > > 02..Call-ID: 124 > > 39 37 61 63 37 36 65 38 30 34 66 35 36 0d 0a 43 > > 97ac76e804f56..C > > 53 65 71 3a 20 36 33 37 30 37 20 49 4e 56 49 54 Seq: 63707 > > INVIT > > 45 0d 0a 53 65 72 76 65 72 3a 20 62 61 72 65 73 E..Server: > > bares > > 69 70 20 76 32 2e 31 30 2e 30 20 28 78 38 36 5f ip v2.10.0 > > (x86_ > > 36 34 2f 4c 69 6e 75 78 29 0d 0a 43 6f 6e 74 61 > > 64/Linux)..Conta > > 63 74 3a 20 3c 73 69 70 3a 31 30 30 2d 30 78 63 ct: > > > 62 63 31 39 30 40 31 39 32 2e 31 36 38 2e 35 36 > > bc190 at 192.168.56 > > 2e 31 30 36 3a 35 30 38 30 3e 0d 0a 41 6c 6c 6f > > .106:5080>..Allo > > 77 3a 20 49 4e 56 49 54 45 2c 41 43 4b 2c 42 59 w: > > INVITE,ACK,BY > > 45 2c 43 41 4e 43 45 4c 2c 4f 50 54 49 4f 4e 53 > > E,CANCEL,OPTIONS > > 2c 4e 4f 54 49 46 59 2c 53 55 42 53 43 52 49 42 > > ,NOTIFY,SUBSCRIB > > 45 2c 49 4e 46 4f 2c 4d 45 53 53 41 47 45 2c 55 > > E,INFO,MESSAGE,U > > 50 44 41 54 45 2c 52 45 46 45 52 0d 0a 43 6f 6e > > PDATE,REFER..Con > > 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a > > tent-Length: 0.. > > 0d 0a 00 ... > > # > > > > So it throws a Baresip error: > > call: SIP Progress: 100 Trying-2 (/) > > call: SIP Progress: 100 Giving it a try (/) > > call: SIP Progress: 180 Ringing (/) > > call: could not decode SDP answer: Bad message [74] > > > > 192.168.56.103 - baresip UAC > > 192.168.56.106 - baresip UAS > > 192.168.100.100 - anycast OpenSIPS > > > > opensips.cfg (node2): > > ... > > socket = udp:192.168.100.100 anycast > > socket= bin:192.168.56.105:5566 > > ... > > modparam ("tm", "tm_replication_cluster", 1) > > modparam("clusterer", "db_mode", 0) > > modparam("clusterer", "my_node_id", 2) > > modparam("clusterer", "my_node_info", "cluster_id=1, > > url=bin:192.168.56.105:5566 ") > > modparam("clusterer", "neighbor_node_info", > > "cluster_id=1,node_id=1,url=bin:192.168.56.104:5566 > > ") > > modparam("clusterer", "sharing_tag", "vip1/2=active") > > ... > > ####### Routing Logic ######## > > > > route{ > > > > if ( !mf_process_maxfwd_header(10) ) { > > send_reply(483,"Too Many Hops"); > > exit; > > } > > > > sl_send_reply(100, "Trying-2"); > > > > if (has_totag()) { > > > > if ( !loose_route() && !t_check_trans() ) { > > if ( is_method("ACK") ) { > > t_anycast_replicate(); > > exit; > > } > > } > > > > t_relay(); > > exit; > > } > > > > if (is_method("CANCEL")) { > > if (t_check_trans()) { > > t_relay(); > > > > } else { > > t_anycast_replicate(); > > } > > > > exit; > > } > > > > t_check_trans(); > > > > if (!is_method("REGISTER|MESSAGE")) { > > record_route(); > > } > > > > if ( is_method("INVITE") && $si!="5080" ) { > > $du = "sip:192.168.56.106:5080 > > "; > > } > > > > t_relay(); > > exit; > > > > } > > > > [root at localhost opensips]# opensips -V > > version: opensips 3.3.2 (x86_64/linux) > > flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, > > Q_MALLOC, F_MALLOC, HP_MALLOC, DBG_MALLOC, FAST_LOCK-ADAPTIVE_WAIT > > ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN > > 16, MAX_URI_SIZE 1024, BUF_SIZE 65535 > > poll method support: poll, epoll, sigio_rt, select. > > main.c compiled on 16:12:02 Oct 19 2022 with gcc 4.8.5 > > > > > > -- > > > > BR, > > Denys Pozniak > > > > > > > > > > -- > > > > BR, > > Denys Pozniak > > > > > > > > _______________________________________________ > > Users mailing list > > Users at lists.opensips.org > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > -- BR, Denys Pozniak -------------- next part -------------- An HTML attachment was scrubbed... URL: From nick at altmann.pro Mon Jan 9 09:41:26 2023 From: nick at altmann.pro (Nick Altmann) Date: Mon, 9 Jan 2023 10:41:26 +0100 Subject: [OpenSIPS-Users] Cluster (anycast) adds extra hex 00 in the tail to replicated responses. In-Reply-To: References: Message-ID: It's 3.4/nightly. -- Nick Hello! > Thanks!!! > > Do we have a yum repository where packages from the master branch are > built? > > > пн, 9 янв. 2023 г. в 10:27, Răzvan Crainea : > >> Hi, Denys! >> >> I've just pushed a fix[1] in the master branch - can you please give it >> a try and let me know if this fixes your setup, so I can backport it >> down to 3.1? >> >> [1] >> >> https://github.com/OpenSIPS/opensips/commit/81e9b14a16acd284469d8958c57dcece69699a85 >> >> Best regards, >> >> Răzvan Crainea >> OpenSIPS Core Developer >> http://www.opensips-solutions.com >> >> On 1/9/23 10:03, Denys Pozniak wrote: >> > Hello! >> > >> > Sorry to bring the topic up, but so far I have no idea what the problem >> > is. Or do I need to open an issue on github? >> > >> > вт, 3 янв. 2023 г. в 13:58, Denys Pozniak > > >: >> > >> > Hello! >> > >> > I'm trying to build a classic anycast cluster topology with two >> > OpenSIPS nodes, in which requests are processed by one proxy and >> > responses by another. >> > The client and server are emulated via baresip. >> > But I ran into a problem in that the replicated responses have an >> > extra 00 in the tail of the reply (the original reply from baresip >> > UAS does not have it). >> > >> > ngrep -x: >> > # >> > U 192.168.100.100:5060 -> >> > 192.168.56.103:37279 #5 >> > 53 49 50 2f 32 2e 30 20 31 38 30 20 52 69 6e 67 SIP/2.0 180 >> > Ring >> > 69 6e 67 0d 0a 52 65 63 6f 72 64 2d 52 6f 75 74 >> > ing..Record-Rout >> > 65 3a 20 3c 73 69 70 3a 31 39 32 2e 31 36 38 2e e: >> > > > 31 30 30 2e 31 30 30 3b 6c 72 3e 0d 0a 56 69 61 >> > 100.100;lr>..Via >> > 3a 20 53 49 50 2f 32 2e 30 2f 55 44 50 20 31 39 : >> > SIP/2.0/UDP 19 >> > 32 2e 31 36 38 2e 35 36 2e 31 30 33 3a 33 37 32 >> > 2.168.56.103:372 >> > 37 39 3b 72 65 63 65 69 76 65 64 3d 31 39 32 2e >> > 79;received=192. >> > 31 36 38 2e 35 36 2e 31 30 33 3b 62 72 61 6e 63 >> > 168.56.103;branc >> > 68 3d 7a 39 68 47 34 62 4b 62 65 63 38 65 38 66 >> > h=z9hG4bKbec8e8f >> > 30 32 36 62 65 39 31 34 61 3b 72 70 6f 72 74 3d >> > 026be914a;rport= >> > 33 37 32 37 39 0d 0a 54 6f 3a 20 3c 73 69 70 3a 37279..To: >> > > > 31 30 30 40 31 39 32 2e 31 36 38 2e 31 30 30 2e >> > 100 at 192.168.100. >> > 31 30 30 3b 74 72 61 6e 73 70 6f 72 74 3d 75 64 >> > 100;transport=ud >> > 70 3e 3b 74 61 67 3d 32 37 65 33 63 32 31 38 65 >> > p>;tag=27e3c218e >> > 30 65 61 31 32 30 64 0d 0a 46 72 6f 6d 3a 20 3c >> > 0ea120d..From: < >> > 73 69 70 3a 32 30 30 40 31 39 32 2e 31 36 38 2e >> > sip:200 at 192.168. >> > 31 30 30 2e 31 30 30 3a 35 30 36 30 3e 3b 74 61 >> > 100.100:5060>;ta >> > 67 3d 35 36 38 35 66 33 38 39 61 39 37 66 65 31 >> > g=5685f389a97fe1 >> > 30 32 0d 0a 43 61 6c 6c 2d 49 44 3a 20 31 32 34 >> > 02..Call-ID: 124 >> > 39 37 61 63 37 36 65 38 30 34 66 35 36 0d 0a 43 >> > 97ac76e804f56..C >> > 53 65 71 3a 20 36 33 37 30 37 20 49 4e 56 49 54 Seq: 63707 >> > INVIT >> > 45 0d 0a 53 65 72 76 65 72 3a 20 62 61 72 65 73 E..Server: >> > bares >> > 69 70 20 76 32 2e 31 30 2e 30 20 28 78 38 36 5f ip v2.10.0 >> > (x86_ >> > 36 34 2f 4c 69 6e 75 78 29 0d 0a 43 6f 6e 74 61 >> > 64/Linux)..Conta >> > 63 74 3a 20 3c 73 69 70 3a 31 30 30 2d 30 78 63 ct: >> > > > 62 63 31 39 30 40 31 39 32 2e 31 36 38 2e 35 36 >> > bc190 at 192.168.56 >> > 2e 31 30 36 3a 35 30 38 30 3e 0d 0a 41 6c 6c 6f >> > .106:5080>..Allo >> > 77 3a 20 49 4e 56 49 54 45 2c 41 43 4b 2c 42 59 w: >> > INVITE,ACK,BY >> > 45 2c 43 41 4e 43 45 4c 2c 4f 50 54 49 4f 4e 53 >> > E,CANCEL,OPTIONS >> > 2c 4e 4f 54 49 46 59 2c 53 55 42 53 43 52 49 42 >> > ,NOTIFY,SUBSCRIB >> > 45 2c 49 4e 46 4f 2c 4d 45 53 53 41 47 45 2c 55 >> > E,INFO,MESSAGE,U >> > 50 44 41 54 45 2c 52 45 46 45 52 0d 0a 43 6f 6e >> > PDATE,REFER..Con >> > 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a >> > tent-Length: 0.. >> > 0d 0a 00 ... >> > # >> > >> > So it throws a Baresip error: >> > call: SIP Progress: 100 Trying-2 (/) >> > call: SIP Progress: 100 Giving it a try (/) >> > call: SIP Progress: 180 Ringing (/) >> > call: could not decode SDP answer: Bad message [74] >> > >> > 192.168.56.103 - baresip UAC >> > 192.168.56.106 - baresip UAS >> > 192.168.100.100 - anycast OpenSIPS >> > >> > opensips.cfg (node2): >> > ... >> > socket = udp:192.168.100.100 anycast >> > socket= bin:192.168.56.105:5566 >> > ... >> > modparam ("tm", "tm_replication_cluster", 1) >> > modparam("clusterer", "db_mode", 0) >> > modparam("clusterer", "my_node_id", 2) >> > modparam("clusterer", "my_node_info", "cluster_id=1, >> > url=bin:192.168.56.105:5566 ") >> > modparam("clusterer", "neighbor_node_info", >> > "cluster_id=1,node_id=1,url=bin:192.168.56.104:5566 >> > ") >> > modparam("clusterer", "sharing_tag", "vip1/2=active") >> > ... >> > ####### Routing Logic ######## >> > >> > route{ >> > >> > if ( !mf_process_maxfwd_header(10) ) { >> > send_reply(483,"Too Many Hops"); >> > exit; >> > } >> > >> > sl_send_reply(100, "Trying-2"); >> > >> > if (has_totag()) { >> > >> > if ( !loose_route() && !t_check_trans() ) { >> > if ( is_method("ACK") ) { >> > t_anycast_replicate(); >> > exit; >> > } >> > } >> > >> > t_relay(); >> > exit; >> > } >> > >> > if (is_method("CANCEL")) { >> > if (t_check_trans()) { >> > t_relay(); >> > >> > } else { >> > t_anycast_replicate(); >> > } >> > >> > exit; >> > } >> > >> > t_check_trans(); >> > >> > if (!is_method("REGISTER|MESSAGE")) { >> > record_route(); >> > } >> > >> > if ( is_method("INVITE") && $si!="5080" ) { >> > $du = "sip:192.168.56.106:5080 >> > "; >> > } >> > >> > t_relay(); >> > exit; >> > >> > } >> > >> > [root at localhost opensips]# opensips -V >> > version: opensips 3.3.2 (x86_64/linux) >> > flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, >> > Q_MALLOC, F_MALLOC, HP_MALLOC, DBG_MALLOC, FAST_LOCK-ADAPTIVE_WAIT >> > ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN >> > 16, MAX_URI_SIZE 1024, BUF_SIZE 65535 >> > poll method support: poll, epoll, sigio_rt, select. >> > main.c compiled on 16:12:02 Oct 19 2022 with gcc 4.8.5 >> > >> > >> > -- >> > >> > BR, >> > Denys Pozniak >> > >> > >> > >> > >> > -- >> > >> > BR, >> > Denys Pozniak >> > >> > >> > >> > _______________________________________________ >> > Users mailing list >> > Users at lists.opensips.org >> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> >> _______________________________________________ >> Users mailing list >> Users at lists.opensips.org >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> > > > -- > > BR, > Denys Pozniak > > > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From denys.pozniak at gmail.com Mon Jan 9 10:43:19 2023 From: denys.pozniak at gmail.com (Denys Pozniak) Date: Mon, 9 Jan 2023 12:43:19 +0200 Subject: [OpenSIPS-Users] Cluster (anycast) adds extra hex 00 in the tail to replicated responses. In-Reply-To: References: Message-ID: Thanks! @Nick, maybe it is needed to add version 3.4 to the site as well since it is missing in the drop-down menu? https://yum.opensips.org/packages.php *OS: CentOS 7* *Build type: nightly* *OpenSIPS version: 3.3, 3.2, 3.1 * пн, 9 янв. 2023 г. в 11:43, Nick Altmann : > It's 3.4/nightly. > > -- > Nick > > > Hello! >> Thanks!!! >> >> Do we have a yum repository where packages from the master branch are >> built? >> >> >> пн, 9 янв. 2023 г. в 10:27, Răzvan Crainea : >> >>> Hi, Denys! >>> >>> I've just pushed a fix[1] in the master branch - can you please give it >>> a try and let me know if this fixes your setup, so I can backport it >>> down to 3.1? >>> >>> [1] >>> >>> https://github.com/OpenSIPS/opensips/commit/81e9b14a16acd284469d8958c57dcece69699a85 >>> >>> Best regards, >>> >>> Răzvan Crainea >>> OpenSIPS Core Developer >>> http://www.opensips-solutions.com >>> >>> On 1/9/23 10:03, Denys Pozniak wrote: >>> > Hello! >>> > >>> > Sorry to bring the topic up, but so far I have no idea what the >>> problem >>> > is. Or do I need to open an issue on github? >>> > >>> > вт, 3 янв. 2023 г. в 13:58, Denys Pozniak >> > >: >>> > >>> > Hello! >>> > >>> > I'm trying to build a classic anycast cluster topology with two >>> > OpenSIPS nodes, in which requests are processed by one proxy and >>> > responses by another. >>> > The client and server are emulated via baresip. >>> > But I ran into a problem in that the replicated responses have an >>> > extra 00 in the tail of the reply (the original reply from baresip >>> > UAS does not have it). >>> > >>> > ngrep -x: >>> > # >>> > U 192.168.100.100:5060 -> >>> > 192.168.56.103:37279 #5 >>> > 53 49 50 2f 32 2e 30 20 31 38 30 20 52 69 6e 67 SIP/2.0 >>> 180 >>> > Ring >>> > 69 6e 67 0d 0a 52 65 63 6f 72 64 2d 52 6f 75 74 >>> > ing..Record-Rout >>> > 65 3a 20 3c 73 69 70 3a 31 39 32 2e 31 36 38 2e e: >>> > >> > 31 30 30 2e 31 30 30 3b 6c 72 3e 0d 0a 56 69 61 >>> > 100.100;lr>..Via >>> > 3a 20 53 49 50 2f 32 2e 30 2f 55 44 50 20 31 39 : >>> > SIP/2.0/UDP 19 >>> > 32 2e 31 36 38 2e 35 36 2e 31 30 33 3a 33 37 32 >>> > 2.168.56.103:372 >>> > 37 39 3b 72 65 63 65 69 76 65 64 3d 31 39 32 2e >>> > 79;received=192. >>> > 31 36 38 2e 35 36 2e 31 30 33 3b 62 72 61 6e 63 >>> > 168.56.103;branc >>> > 68 3d 7a 39 68 47 34 62 4b 62 65 63 38 65 38 66 >>> > h=z9hG4bKbec8e8f >>> > 30 32 36 62 65 39 31 34 61 3b 72 70 6f 72 74 3d >>> > 026be914a;rport= >>> > 33 37 32 37 39 0d 0a 54 6f 3a 20 3c 73 69 70 3a 37279..To: >>> > >> > 31 30 30 40 31 39 32 2e 31 36 38 2e 31 30 30 2e >>> > 100 at 192.168.100. >>> > 31 30 30 3b 74 72 61 6e 73 70 6f 72 74 3d 75 64 >>> > 100;transport=ud >>> > 70 3e 3b 74 61 67 3d 32 37 65 33 63 32 31 38 65 >>> > p>;tag=27e3c218e >>> > 30 65 61 31 32 30 64 0d 0a 46 72 6f 6d 3a 20 3c >>> > 0ea120d..From: < >>> > 73 69 70 3a 32 30 30 40 31 39 32 2e 31 36 38 2e >>> > sip:200 at 192.168. >>> > 31 30 30 2e 31 30 30 3a 35 30 36 30 3e 3b 74 61 >>> > 100.100:5060>;ta >>> > 67 3d 35 36 38 35 66 33 38 39 61 39 37 66 65 31 >>> > g=5685f389a97fe1 >>> > 30 32 0d 0a 43 61 6c 6c 2d 49 44 3a 20 31 32 34 >>> > 02..Call-ID: 124 >>> > 39 37 61 63 37 36 65 38 30 34 66 35 36 0d 0a 43 >>> > 97ac76e804f56..C >>> > 53 65 71 3a 20 36 33 37 30 37 20 49 4e 56 49 54 Seq: 63707 >>> > INVIT >>> > 45 0d 0a 53 65 72 76 65 72 3a 20 62 61 72 65 73 E..Server: >>> > bares >>> > 69 70 20 76 32 2e 31 30 2e 30 20 28 78 38 36 5f ip v2.10.0 >>> > (x86_ >>> > 36 34 2f 4c 69 6e 75 78 29 0d 0a 43 6f 6e 74 61 >>> > 64/Linux)..Conta >>> > 63 74 3a 20 3c 73 69 70 3a 31 30 30 2d 30 78 63 ct: >>> > >> > 62 63 31 39 30 40 31 39 32 2e 31 36 38 2e 35 36 >>> > bc190 at 192.168.56 >>> > 2e 31 30 36 3a 35 30 38 30 3e 0d 0a 41 6c 6c 6f >>> > .106:5080>..Allo >>> > 77 3a 20 49 4e 56 49 54 45 2c 41 43 4b 2c 42 59 w: >>> > INVITE,ACK,BY >>> > 45 2c 43 41 4e 43 45 4c 2c 4f 50 54 49 4f 4e 53 >>> > E,CANCEL,OPTIONS >>> > 2c 4e 4f 54 49 46 59 2c 53 55 42 53 43 52 49 42 >>> > ,NOTIFY,SUBSCRIB >>> > 45 2c 49 4e 46 4f 2c 4d 45 53 53 41 47 45 2c 55 >>> > E,INFO,MESSAGE,U >>> > 50 44 41 54 45 2c 52 45 46 45 52 0d 0a 43 6f 6e >>> > PDATE,REFER..Con >>> > 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a >>> > tent-Length: 0.. >>> > 0d 0a 00 ... >>> > # >>> > >>> > So it throws a Baresip error: >>> > call: SIP Progress: 100 Trying-2 (/) >>> > call: SIP Progress: 100 Giving it a try (/) >>> > call: SIP Progress: 180 Ringing (/) >>> > call: could not decode SDP answer: Bad message [74] >>> > >>> > 192.168.56.103 - baresip UAC >>> > 192.168.56.106 - baresip UAS >>> > 192.168.100.100 - anycast OpenSIPS >>> > >>> > opensips.cfg (node2): >>> > ... >>> > socket = udp:192.168.100.100 anycast >>> > socket= bin:192.168.56.105:5566 >>> > ... >>> > modparam ("tm", "tm_replication_cluster", 1) >>> > modparam("clusterer", "db_mode", 0) >>> > modparam("clusterer", "my_node_id", 2) >>> > modparam("clusterer", "my_node_info", "cluster_id=1, >>> > url=bin:192.168.56.105:5566 ") >>> > modparam("clusterer", "neighbor_node_info", >>> > "cluster_id=1,node_id=1,url=bin:192.168.56.104:5566 >>> > ") >>> > modparam("clusterer", "sharing_tag", "vip1/2=active") >>> > ... >>> > ####### Routing Logic ######## >>> > >>> > route{ >>> > >>> > if ( !mf_process_maxfwd_header(10) ) { >>> > send_reply(483,"Too Many Hops"); >>> > exit; >>> > } >>> > >>> > sl_send_reply(100, "Trying-2"); >>> > >>> > if (has_totag()) { >>> > >>> > if ( !loose_route() && !t_check_trans() ) { >>> > if ( is_method("ACK") ) { >>> > t_anycast_replicate(); >>> > exit; >>> > } >>> > } >>> > >>> > t_relay(); >>> > exit; >>> > } >>> > >>> > if (is_method("CANCEL")) { >>> > if (t_check_trans()) { >>> > t_relay(); >>> > >>> > } else { >>> > t_anycast_replicate(); >>> > } >>> > >>> > exit; >>> > } >>> > >>> > t_check_trans(); >>> > >>> > if (!is_method("REGISTER|MESSAGE")) { >>> > record_route(); >>> > } >>> > >>> > if ( is_method("INVITE") && $si!="5080" ) { >>> > $du = "sip:192.168.56.106:5080 >>> > "; >>> > } >>> > >>> > t_relay(); >>> > exit; >>> > >>> > } >>> > >>> > [root at localhost opensips]# opensips -V >>> > version: opensips 3.3.2 (x86_64/linux) >>> > flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, >>> > Q_MALLOC, F_MALLOC, HP_MALLOC, DBG_MALLOC, FAST_LOCK-ADAPTIVE_WAIT >>> > ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN >>> > 16, MAX_URI_SIZE 1024, BUF_SIZE 65535 >>> > poll method support: poll, epoll, sigio_rt, select. >>> > main.c compiled on 16:12:02 Oct 19 2022 with gcc 4.8.5 >>> > >>> > >>> > -- >>> > >>> > BR, >>> > Denys Pozniak >>> > >>> > >>> > >>> > >>> > -- >>> > >>> > BR, >>> > Denys Pozniak >>> > >>> > >>> > >>> > _______________________________________________ >>> > Users mailing list >>> > Users at lists.opensips.org >>> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>> >>> _______________________________________________ >>> Users mailing list >>> Users at lists.opensips.org >>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>> >> >> >> -- >> >> BR, >> Denys Pozniak >> >> >> _______________________________________________ >> Users mailing list >> Users at lists.opensips.org >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > -- BR, Denys Pozniak -------------- next part -------------- An HTML attachment was scrubbed... URL: From nick at altmann.pro Mon Jan 9 11:05:45 2023 From: nick at altmann.pro (Nick Altmann) Date: Mon, 9 Jan 2023 12:05:45 +0100 Subject: [OpenSIPS-Users] Cluster (anycast) adds extra hex 00 in the tail to replicated responses. In-Reply-To: References: Message-ID: No, it's not for site. But you can make a link yourself by changing 3.3 nightly to 3.4, for example. -- Nick Thanks! > > @Nick, maybe it is needed to add version 3.4 to the site as well since it > is missing in the drop-down menu? > > https://yum.opensips.org/packages.php > > *OS: CentOS 7* > *Build type: nightly* > *OpenSIPS version: 3.3, 3.2, 3.1 * > > > пн, 9 янв. 2023 г. в 11:43, Nick Altmann : > >> It's 3.4/nightly. >> >> -- >> Nick >> >> >> Hello! >>> Thanks!!! >>> >>> Do we have a yum repository where packages from the master branch are >>> built? >>> >>> >>> пн, 9 янв. 2023 г. в 10:27, Răzvan Crainea : >>> >>>> Hi, Denys! >>>> >>>> I've just pushed a fix[1] in the master branch - can you please give it >>>> a try and let me know if this fixes your setup, so I can backport it >>>> down to 3.1? >>>> >>>> [1] >>>> >>>> https://github.com/OpenSIPS/opensips/commit/81e9b14a16acd284469d8958c57dcece69699a85 >>>> >>>> Best regards, >>>> >>>> Răzvan Crainea >>>> OpenSIPS Core Developer >>>> http://www.opensips-solutions.com >>>> >>>> On 1/9/23 10:03, Denys Pozniak wrote: >>>> > Hello! >>>> > >>>> > Sorry to bring the topic up, but so far I have no idea what the >>>> problem >>>> > is. Or do I need to open an issue on github? >>>> > >>>> > вт, 3 янв. 2023 г. в 13:58, Denys Pozniak >>> > >: >>>> > >>>> > Hello! >>>> > >>>> > I'm trying to build a classic anycast cluster topology with two >>>> > OpenSIPS nodes, in which requests are processed by one proxy and >>>> > responses by another. >>>> > The client and server are emulated via baresip. >>>> > But I ran into a problem in that the replicated responses have an >>>> > extra 00 in the tail of the reply (the original reply from baresip >>>> > UAS does not have it). >>>> > >>>> > ngrep -x: >>>> > # >>>> > U 192.168.100.100:5060 -> >>>> > 192.168.56.103:37279 #5 >>>> > 53 49 50 2f 32 2e 30 20 31 38 30 20 52 69 6e 67 SIP/2.0 >>>> 180 >>>> > Ring >>>> > 69 6e 67 0d 0a 52 65 63 6f 72 64 2d 52 6f 75 74 >>>> > ing..Record-Rout >>>> > 65 3a 20 3c 73 69 70 3a 31 39 32 2e 31 36 38 2e e: >>>> > >>> > 31 30 30 2e 31 30 30 3b 6c 72 3e 0d 0a 56 69 61 >>>> > 100.100;lr>..Via >>>> > 3a 20 53 49 50 2f 32 2e 30 2f 55 44 50 20 31 39 : >>>> > SIP/2.0/UDP 19 >>>> > 32 2e 31 36 38 2e 35 36 2e 31 30 33 3a 33 37 32 >>>> > 2.168.56.103:372 >>>> > 37 39 3b 72 65 63 65 69 76 65 64 3d 31 39 32 2e >>>> > 79;received=192. >>>> > 31 36 38 2e 35 36 2e 31 30 33 3b 62 72 61 6e 63 >>>> > 168.56.103;branc >>>> > 68 3d 7a 39 68 47 34 62 4b 62 65 63 38 65 38 66 >>>> > h=z9hG4bKbec8e8f >>>> > 30 32 36 62 65 39 31 34 61 3b 72 70 6f 72 74 3d >>>> > 026be914a;rport= >>>> > 33 37 32 37 39 0d 0a 54 6f 3a 20 3c 73 69 70 3a >>>> 37279..To: >>>> > >>> > 31 30 30 40 31 39 32 2e 31 36 38 2e 31 30 30 2e >>>> > 100 at 192.168.100. >>>> > 31 30 30 3b 74 72 61 6e 73 70 6f 72 74 3d 75 64 >>>> > 100;transport=ud >>>> > 70 3e 3b 74 61 67 3d 32 37 65 33 63 32 31 38 65 >>>> > p>;tag=27e3c218e >>>> > 30 65 61 31 32 30 64 0d 0a 46 72 6f 6d 3a 20 3c >>>> > 0ea120d..From: < >>>> > 73 69 70 3a 32 30 30 40 31 39 32 2e 31 36 38 2e >>>> > sip:200 at 192.168. >>>> > 31 30 30 2e 31 30 30 3a 35 30 36 30 3e 3b 74 61 >>>> > 100.100:5060>;ta >>>> > 67 3d 35 36 38 35 66 33 38 39 61 39 37 66 65 31 >>>> > g=5685f389a97fe1 >>>> > 30 32 0d 0a 43 61 6c 6c 2d 49 44 3a 20 31 32 34 >>>> > 02..Call-ID: 124 >>>> > 39 37 61 63 37 36 65 38 30 34 66 35 36 0d 0a 43 >>>> > 97ac76e804f56..C >>>> > 53 65 71 3a 20 36 33 37 30 37 20 49 4e 56 49 54 Seq: >>>> 63707 >>>> > INVIT >>>> > 45 0d 0a 53 65 72 76 65 72 3a 20 62 61 72 65 73 >>>> E..Server: >>>> > bares >>>> > 69 70 20 76 32 2e 31 30 2e 30 20 28 78 38 36 5f ip >>>> v2.10.0 >>>> > (x86_ >>>> > 36 34 2f 4c 69 6e 75 78 29 0d 0a 43 6f 6e 74 61 >>>> > 64/Linux)..Conta >>>> > 63 74 3a 20 3c 73 69 70 3a 31 30 30 2d 30 78 63 ct: >>>> > >>> > 62 63 31 39 30 40 31 39 32 2e 31 36 38 2e 35 36 >>>> > bc190 at 192.168.56 >>>> > 2e 31 30 36 3a 35 30 38 30 3e 0d 0a 41 6c 6c 6f >>>> > .106:5080>..Allo >>>> > 77 3a 20 49 4e 56 49 54 45 2c 41 43 4b 2c 42 59 w: >>>> > INVITE,ACK,BY >>>> > 45 2c 43 41 4e 43 45 4c 2c 4f 50 54 49 4f 4e 53 >>>> > E,CANCEL,OPTIONS >>>> > 2c 4e 4f 54 49 46 59 2c 53 55 42 53 43 52 49 42 >>>> > ,NOTIFY,SUBSCRIB >>>> > 45 2c 49 4e 46 4f 2c 4d 45 53 53 41 47 45 2c 55 >>>> > E,INFO,MESSAGE,U >>>> > 50 44 41 54 45 2c 52 45 46 45 52 0d 0a 43 6f 6e >>>> > PDATE,REFER..Con >>>> > 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a >>>> > tent-Length: 0.. >>>> > 0d 0a 00 ... >>>> > # >>>> > >>>> > So it throws a Baresip error: >>>> > call: SIP Progress: 100 Trying-2 (/) >>>> > call: SIP Progress: 100 Giving it a try (/) >>>> > call: SIP Progress: 180 Ringing (/) >>>> > call: could not decode SDP answer: Bad message [74] >>>> > >>>> > 192.168.56.103 - baresip UAC >>>> > 192.168.56.106 - baresip UAS >>>> > 192.168.100.100 - anycast OpenSIPS >>>> > >>>> > opensips.cfg (node2): >>>> > ... >>>> > socket = udp:192.168.100.100 anycast >>>> > socket= bin:192.168.56.105:5566 >>>> > ... >>>> > modparam ("tm", "tm_replication_cluster", 1) >>>> > modparam("clusterer", "db_mode", 0) >>>> > modparam("clusterer", "my_node_id", 2) >>>> > modparam("clusterer", "my_node_info", "cluster_id=1, >>>> > url=bin:192.168.56.105:5566 ") >>>> > modparam("clusterer", "neighbor_node_info", >>>> > "cluster_id=1,node_id=1,url=bin:192.168.56.104:5566 >>>> > ") >>>> > modparam("clusterer", "sharing_tag", "vip1/2=active") >>>> > ... >>>> > ####### Routing Logic ######## >>>> > >>>> > route{ >>>> > >>>> > if ( !mf_process_maxfwd_header(10) ) { >>>> > send_reply(483,"Too Many Hops"); >>>> > exit; >>>> > } >>>> > >>>> > sl_send_reply(100, "Trying-2"); >>>> > >>>> > if (has_totag()) { >>>> > >>>> > if ( !loose_route() && !t_check_trans() ) { >>>> > if ( is_method("ACK") ) { >>>> > t_anycast_replicate(); >>>> > exit; >>>> > } >>>> > } >>>> > >>>> > t_relay(); >>>> > exit; >>>> > } >>>> > >>>> > if (is_method("CANCEL")) { >>>> > if (t_check_trans()) { >>>> > t_relay(); >>>> > >>>> > } else { >>>> > t_anycast_replicate(); >>>> > } >>>> > >>>> > exit; >>>> > } >>>> > >>>> > t_check_trans(); >>>> > >>>> > if (!is_method("REGISTER|MESSAGE")) { >>>> > record_route(); >>>> > } >>>> > >>>> > if ( is_method("INVITE") && $si!="5080" ) { >>>> > $du = "sip:192.168.56.106:5080 >>>> > "; >>>> > } >>>> > >>>> > t_relay(); >>>> > exit; >>>> > >>>> > } >>>> > >>>> > [root at localhost opensips]# opensips -V >>>> > version: opensips 3.3.2 (x86_64/linux) >>>> > flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, >>>> > Q_MALLOC, F_MALLOC, HP_MALLOC, DBG_MALLOC, FAST_LOCK-ADAPTIVE_WAIT >>>> > ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN >>>> > 16, MAX_URI_SIZE 1024, BUF_SIZE 65535 >>>> > poll method support: poll, epoll, sigio_rt, select. >>>> > main.c compiled on 16:12:02 Oct 19 2022 with gcc 4.8.5 >>>> > >>>> > >>>> > -- >>>> > >>>> > BR, >>>> > Denys Pozniak >>>> > >>>> > >>>> > >>>> > >>>> > -- >>>> > >>>> > BR, >>>> > Denys Pozniak >>>> > >>>> > >>>> > >>>> > _______________________________________________ >>>> > Users mailing list >>>> > Users at lists.opensips.org >>>> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>>> >>>> _______________________________________________ >>>> Users mailing list >>>> Users at lists.opensips.org >>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>>> >>> >>> >>> -- >>> >>> BR, >>> Denys Pozniak >>> >>> >>> _______________________________________________ >>> Users mailing list >>> Users at lists.opensips.org >>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>> >> _______________________________________________ >> Users mailing list >> Users at lists.opensips.org >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> > > > -- > > BR, > Denys Pozniak > > > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From denys.pozniak at gmail.com Tue Jan 10 11:42:53 2023 From: denys.pozniak at gmail.com (Denys Pozniak) Date: Tue, 10 Jan 2023 13:42:53 +0200 Subject: [OpenSIPS-Users] Cluster (anycast) adds extra hex 00 in the tail to replicated responses. In-Reply-To: References: Message-ID: Hello! @Razvan fix works well, thank you! пн, 9 янв. 2023 г. в 13:08, Nick Altmann : > No, it's not for site. But you can make a link yourself by changing 3.3 > nightly to 3.4, for example. > > -- > Nick > > Thanks! >> >> @Nick, maybe it is needed to add version 3.4 to the site as well since >> it is missing in the drop-down menu? >> >> https://yum.opensips.org/packages.php >> >> *OS: CentOS 7* >> *Build type: nightly* >> *OpenSIPS version: 3.3, 3.2, 3.1 * >> >> >> пн, 9 янв. 2023 г. в 11:43, Nick Altmann : >> >>> It's 3.4/nightly. >>> >>> -- >>> Nick >>> >>> >>> Hello! >>>> Thanks!!! >>>> >>>> Do we have a yum repository where packages from the master branch are >>>> built? >>>> >>>> >>>> пн, 9 янв. 2023 г. в 10:27, Răzvan Crainea : >>>> >>>>> Hi, Denys! >>>>> >>>>> I've just pushed a fix[1] in the master branch - can you please give >>>>> it >>>>> a try and let me know if this fixes your setup, so I can backport it >>>>> down to 3.1? >>>>> >>>>> [1] >>>>> >>>>> https://github.com/OpenSIPS/opensips/commit/81e9b14a16acd284469d8958c57dcece69699a85 >>>>> >>>>> Best regards, >>>>> >>>>> Răzvan Crainea >>>>> OpenSIPS Core Developer >>>>> http://www.opensips-solutions.com >>>>> >>>>> On 1/9/23 10:03, Denys Pozniak wrote: >>>>> > Hello! >>>>> > >>>>> > Sorry to bring the topic up, but so far I have no idea what the >>>>> problem >>>>> > is. Or do I need to open an issue on github? >>>>> > >>>>> > вт, 3 янв. 2023 г. в 13:58, Denys Pozniak >>>> > >: >>>>> > >>>>> > Hello! >>>>> > >>>>> > I'm trying to build a classic anycast cluster topology with two >>>>> > OpenSIPS nodes, in which requests are processed by one proxy and >>>>> > responses by another. >>>>> > The client and server are emulated via baresip. >>>>> > But I ran into a problem in that the replicated responses have an >>>>> > extra 00 in the tail of the reply (the original reply from >>>>> baresip >>>>> > UAS does not have it). >>>>> > >>>>> > ngrep -x: >>>>> > # >>>>> > U 192.168.100.100:5060 -> >>>>> > 192.168.56.103:37279 #5 >>>>> > 53 49 50 2f 32 2e 30 20 31 38 30 20 52 69 6e 67 SIP/2.0 >>>>> 180 >>>>> > Ring >>>>> > 69 6e 67 0d 0a 52 65 63 6f 72 64 2d 52 6f 75 74 >>>>> > ing..Record-Rout >>>>> > 65 3a 20 3c 73 69 70 3a 31 39 32 2e 31 36 38 2e e: >>>>> > >>>> > 31 30 30 2e 31 30 30 3b 6c 72 3e 0d 0a 56 69 61 >>>>> > 100.100;lr>..Via >>>>> > 3a 20 53 49 50 2f 32 2e 30 2f 55 44 50 20 31 39 : >>>>> > SIP/2.0/UDP 19 >>>>> > 32 2e 31 36 38 2e 35 36 2e 31 30 33 3a 33 37 32 >>>>> > 2.168.56.103:372 >>>>> > 37 39 3b 72 65 63 65 69 76 65 64 3d 31 39 32 2e >>>>> > 79;received=192. >>>>> > 31 36 38 2e 35 36 2e 31 30 33 3b 62 72 61 6e 63 >>>>> > 168.56.103;branc >>>>> > 68 3d 7a 39 68 47 34 62 4b 62 65 63 38 65 38 66 >>>>> > h=z9hG4bKbec8e8f >>>>> > 30 32 36 62 65 39 31 34 61 3b 72 70 6f 72 74 3d >>>>> > 026be914a;rport= >>>>> > 33 37 32 37 39 0d 0a 54 6f 3a 20 3c 73 69 70 3a >>>>> 37279..To: >>>>> > >>>> > 31 30 30 40 31 39 32 2e 31 36 38 2e 31 30 30 2e >>>>> > 100 at 192.168.100. >>>>> > 31 30 30 3b 74 72 61 6e 73 70 6f 72 74 3d 75 64 >>>>> > 100;transport=ud >>>>> > 70 3e 3b 74 61 67 3d 32 37 65 33 63 32 31 38 65 >>>>> > p>;tag=27e3c218e >>>>> > 30 65 61 31 32 30 64 0d 0a 46 72 6f 6d 3a 20 3c >>>>> > 0ea120d..From: < >>>>> > 73 69 70 3a 32 30 30 40 31 39 32 2e 31 36 38 2e >>>>> > sip:200 at 192.168. >>>>> > 31 30 30 2e 31 30 30 3a 35 30 36 30 3e 3b 74 61 >>>>> > 100.100:5060>;ta >>>>> > 67 3d 35 36 38 35 66 33 38 39 61 39 37 66 65 31 >>>>> > g=5685f389a97fe1 >>>>> > 30 32 0d 0a 43 61 6c 6c 2d 49 44 3a 20 31 32 34 >>>>> > 02..Call-ID: 124 >>>>> > 39 37 61 63 37 36 65 38 30 34 66 35 36 0d 0a 43 >>>>> > 97ac76e804f56..C >>>>> > 53 65 71 3a 20 36 33 37 30 37 20 49 4e 56 49 54 Seq: >>>>> 63707 >>>>> > INVIT >>>>> > 45 0d 0a 53 65 72 76 65 72 3a 20 62 61 72 65 73 >>>>> E..Server: >>>>> > bares >>>>> > 69 70 20 76 32 2e 31 30 2e 30 20 28 78 38 36 5f ip >>>>> v2.10.0 >>>>> > (x86_ >>>>> > 36 34 2f 4c 69 6e 75 78 29 0d 0a 43 6f 6e 74 61 >>>>> > 64/Linux)..Conta >>>>> > 63 74 3a 20 3c 73 69 70 3a 31 30 30 2d 30 78 63 ct: >>>>> > >>>> > 62 63 31 39 30 40 31 39 32 2e 31 36 38 2e 35 36 >>>>> > bc190 at 192.168.56 >>>>> > 2e 31 30 36 3a 35 30 38 30 3e 0d 0a 41 6c 6c 6f >>>>> > .106:5080>..Allo >>>>> > 77 3a 20 49 4e 56 49 54 45 2c 41 43 4b 2c 42 59 w: >>>>> > INVITE,ACK,BY >>>>> > 45 2c 43 41 4e 43 45 4c 2c 4f 50 54 49 4f 4e 53 >>>>> > E,CANCEL,OPTIONS >>>>> > 2c 4e 4f 54 49 46 59 2c 53 55 42 53 43 52 49 42 >>>>> > ,NOTIFY,SUBSCRIB >>>>> > 45 2c 49 4e 46 4f 2c 4d 45 53 53 41 47 45 2c 55 >>>>> > E,INFO,MESSAGE,U >>>>> > 50 44 41 54 45 2c 52 45 46 45 52 0d 0a 43 6f 6e >>>>> > PDATE,REFER..Con >>>>> > 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a >>>>> > tent-Length: 0.. >>>>> > 0d 0a 00 ... >>>>> > # >>>>> > >>>>> > So it throws a Baresip error: >>>>> > call: SIP Progress: 100 Trying-2 (/) >>>>> > call: SIP Progress: 100 Giving it a try (/) >>>>> > call: SIP Progress: 180 Ringing (/) >>>>> > call: could not decode SDP answer: Bad message [74] >>>>> > >>>>> > 192.168.56.103 - baresip UAC >>>>> > 192.168.56.106 - baresip UAS >>>>> > 192.168.100.100 - anycast OpenSIPS >>>>> > >>>>> > opensips.cfg (node2): >>>>> > ... >>>>> > socket = udp:192.168.100.100 anycast >>>>> > socket= bin:192.168.56.105:5566 >>>>> > ... >>>>> > modparam ("tm", "tm_replication_cluster", 1) >>>>> > modparam("clusterer", "db_mode", 0) >>>>> > modparam("clusterer", "my_node_id", 2) >>>>> > modparam("clusterer", "my_node_info", "cluster_id=1, >>>>> > url=bin:192.168.56.105:5566 ") >>>>> > modparam("clusterer", "neighbor_node_info", >>>>> > "cluster_id=1,node_id=1,url=bin:192.168.56.104:5566 >>>>> > ") >>>>> > modparam("clusterer", "sharing_tag", "vip1/2=active") >>>>> > ... >>>>> > ####### Routing Logic ######## >>>>> > >>>>> > route{ >>>>> > >>>>> > if ( !mf_process_maxfwd_header(10) ) { >>>>> > send_reply(483,"Too Many Hops"); >>>>> > exit; >>>>> > } >>>>> > >>>>> > sl_send_reply(100, "Trying-2"); >>>>> > >>>>> > if (has_totag()) { >>>>> > >>>>> > if ( !loose_route() && !t_check_trans() ) { >>>>> > if ( is_method("ACK") ) { >>>>> > t_anycast_replicate(); >>>>> > exit; >>>>> > } >>>>> > } >>>>> > >>>>> > t_relay(); >>>>> > exit; >>>>> > } >>>>> > >>>>> > if (is_method("CANCEL")) { >>>>> > if (t_check_trans()) { >>>>> > t_relay(); >>>>> > >>>>> > } else { >>>>> > t_anycast_replicate(); >>>>> > } >>>>> > >>>>> > exit; >>>>> > } >>>>> > >>>>> > t_check_trans(); >>>>> > >>>>> > if (!is_method("REGISTER|MESSAGE")) { >>>>> > record_route(); >>>>> > } >>>>> > >>>>> > if ( is_method("INVITE") && $si!="5080" ) { >>>>> > $du = "sip:192.168.56.106:5080 >>>>> > "; >>>>> > } >>>>> > >>>>> > t_relay(); >>>>> > exit; >>>>> > >>>>> > } >>>>> > >>>>> > [root at localhost opensips]# opensips -V >>>>> > version: opensips 3.3.2 (x86_64/linux) >>>>> > flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, >>>>> > Q_MALLOC, F_MALLOC, HP_MALLOC, DBG_MALLOC, >>>>> FAST_LOCK-ADAPTIVE_WAIT >>>>> > ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN >>>>> > 16, MAX_URI_SIZE 1024, BUF_SIZE 65535 >>>>> > poll method support: poll, epoll, sigio_rt, select. >>>>> > main.c compiled on 16:12:02 Oct 19 2022 with gcc 4.8.5 >>>>> > >>>>> > >>>>> > -- >>>>> > >>>>> > BR, >>>>> > Denys Pozniak >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > -- >>>>> > >>>>> > BR, >>>>> > Denys Pozniak >>>>> > >>>>> > >>>>> > >>>>> > _______________________________________________ >>>>> > Users mailing list >>>>> > Users at lists.opensips.org >>>>> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>>>> >>>>> _______________________________________________ >>>>> Users mailing list >>>>> Users at lists.opensips.org >>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>>>> >>>> >>>> >>>> -- >>>> >>>> BR, >>>> Denys Pozniak >>>> >>>> >>>> _______________________________________________ >>>> Users mailing list >>>> Users at lists.opensips.org >>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>>> >>> _______________________________________________ >>> Users mailing list >>> Users at lists.opensips.org >>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>> >> >> >> -- >> >> BR, >> Denys Pozniak >> >> >> _______________________________________________ >> Users mailing list >> Users at lists.opensips.org >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > -- BR, Denys Pozniak -------------- next part -------------- An HTML attachment was scrubbed... URL: From darencrew at hotmail.com Thu Jan 12 15:26:56 2023 From: darencrew at hotmail.com (Daren FERREIRA) Date: Thu, 12 Jan 2023 16:26:56 +0100 Subject: [OpenSIPS-Users] Question on mid_registrar de-registrations Message-ID: Hello, I’m currently using mid_registrar without problems but according to the documentation: the mid-registrar will appropriately generate De-REGISTER requests and remove these contacts from the main registrar's location service as soon as it considers them to have expired. If I well understood, if a client is registered with a 500 seconds expiry, the server side is set to outgoing_expires, and, if the register is not renewed by the client, opensips should de-register. In my case, the de-registers that should be triggered are never triggered. I found no parameters relative to this in mid_registrar module, but, looking at the source code, it seems it depends on usrloc module. On usrloc module, it seems that contact_refresh_timer is in charge of treating events, like expires, so I tried to enable it, without success. Even after client expiry + timer_interval, the client is not de-registered on server side. Is there anything I may have missed? Here is an extract of modules configuration: #### USeR LOCation module loadmodule "usrloc.so" modparam("usrloc", "nat_bflag", "NAT") modparam("usrloc", "db_url", "mysql://XXX:YYY at localhost/opensips") modparam("usrloc", "working_mode_preset", "single-instance-sql-write-through") modparam("usrloc", "use_domain", 1) modparam("usrloc", "contact_refresh_timer", true) loadmodule "mid_registrar.so" modparam("mid_registrar", "tcp_persistent_flag", "TCP_PERSISTENT") modparam("mid_registrar", "received_avp", "$avp(received_nh)") modparam("mid_registrar", "max_contacts", 4) modparam("mid_registrar", "mode", 2) … The only commands related to mid_registrar I use in the script are: mid_registrar_save("location","v"); mid_registrar_lookup("location"); Thank you for your help -------------- next part -------------- An HTML attachment was scrubbed... URL: From venefax at gmail.com Fri Jan 13 04:29:26 2023 From: venefax at gmail.com (Saint Michael) Date: Thu, 12 Jan 2023 23:29:26 -0500 Subject: [OpenSIPS-Users] Version 3.1 it stops writing cdrs Message-ID: This is the nth times that it happens. Opensips 3.1 It stops writing cdr to the hard drive. The calls keep flowing, and I keep losing records, money. Is there a command that I may run without restarting opensips that restarts the process, internally? if I restart opensips I lose all the records. This is the script that I rn every 60 seconds #move .csv to .csx , flat_rotate, move .csx & process them LOCKFILE="/var/run/opensips_cdr_worker.lock" OPENSIPSCTL=/usr/local/bin/opensips-cli source /etc/profile lockfile -r 0 $LOCKFILE if [ $? -ne 0 ] ; then echo "ERROR FROM LOCKFILE ${LOCKFILE}" rm -f ${LOCKFILE}; exit fi trap "rm -f $LOCKFILE; exit" INT TERM EXIT ip=`hostname -I | cut -d " " -f1` cd /cdr if [[ -z "$(ls -1 *.csv 2>/dev/null)" ]] ; then echo "no files to process";exit;fi ... /usr/bin/timeout -k 5 5 ${OPENSIPSCTL} -x mi flat_rotate From stefan.carlsson at tetab.nu Fri Jan 13 12:17:27 2023 From: stefan.carlsson at tetab.nu (Stefan Carlsson) Date: Fri, 13 Jan 2023 12:17:27 +0000 Subject: [OpenSIPS-Users] Opensips ver 2.2.6 and tcp problem Message-ID: Hi folks ! I have a problem to enable tcp:5060 Did: loadmodule "proto_tcp.so" loadmodule "proto_udp.so" listen=udp:172.24.8.2:5060 # Tele2 SIP listen=tcp:172.24.8.2:5060 # Tele2 SIP The opensips only starts when listen=tcp ... is disabled. Nothing is shown in the opensips.log .... Any ideas ... Regards ... Stefan -------------- next part -------------- An HTML attachment was scrubbed... URL: From JPyle at fusionconnect.com Fri Jan 13 15:56:47 2023 From: JPyle at fusionconnect.com (Pyle, Jeff) Date: Fri, 13 Jan 2023 15:56:47 +0000 Subject: [OpenSIPS-Users] SST module dialog lifetime update problem Message-ID: Hello, This is on 3.2.10-1 installed via the Debian repo at apt.opensips.org. I have a simple stateful proxy with dialog support routing a call from one side to the other. Both the UAC and UAS have full session timer support. The INVITE arrives at the proxy with Min-SE: 90 and Session-Expires: 1800. OpenSIPS' sst module has min_se=90. The dialog is created and the SST flag is set. The first problem is the dialog lifetime is always set to the sst module's configured min_se value regardless of the Session-Expires value in the message. Is this a bug, or am I doing something wrong? Just for testing I increased the sst module's min_se to 1801, greater than the Session-Expires from the message. Looking at sst_handlers.c around line 300, this should send be handled a few different ways depending on various factors, but instead the process segfaults. Something seems unhappy here. Perhaps the two problems are related. - Jeff This message is subject to Fusion Connect, Inc.'s email communication policy: www.fusionconnect.com/email-policy -------------- next part -------------- An HTML attachment was scrubbed... URL: From JPyle at fusionconnect.com Fri Jan 13 18:58:52 2023 From: JPyle at fusionconnect.com (Pyle, Jeff) Date: Fri, 13 Jan 2023 18:58:52 +0000 Subject: [OpenSIPS-Users] SST module dialog lifetime update problem In-Reply-To: References: Message-ID: The INVITE that comes into the proxy contains the following: Supported: timer,100rel,precondition,replaces Session-Expires: 1800 Min-SE: 90 The subsequent 200 OK contains the following: Require: timer Supported: timer,replaces Session-Expires: 1800;refresher=uac I would expect the SST module to set the dialog's lifetime to 1800 seconds, but that's not what happens. The module configuration looks like this now: loadmodule "sst.so" modparam("sst", "min_se", 30) modparam("sst", "sst_interval", 3600) modparam("sst", "sst_flag", "SST_FLAG") Without the sst_interval option, the dialogs' timeouts are 30 seconds from creation. With the sst_interval option, they're 3600 seconds, and they update to 3600 seconds in the future whenever a re-INVITE comes through (session refresh, call hold, whatever) regardless of the Session-Expires passing through. That doesn't seem right. - Jeff ________________________________ From: Users on behalf of Pyle, Jeff Sent: Friday, January 13, 2023 10:56 To: users at lists.opensips.org Subject: [OpenSIPS-Users] SST module dialog lifetime update problem Hello, This is on 3.2.10-1 installed via the Debian repo at apt.opensips.org. I have a simple stateful proxy with dialog support routing a call from one side to the other. Both the UAC and UAS have full session timer support. The INVITE arrives at the proxy with Min-SE: 90 and Session-Expires: 1800. OpenSIPS' sst module has min_se=90. The dialog is created and the SST flag is set. The first problem is the dialog lifetime is always set to the sst module's configured min_se value regardless of the Session-Expires value in the message. Is this a bug, or am I doing something wrong? Just for testing I increased the sst module's min_se to 1801, greater than the Session-Expires from the message. Looking at sst_handlers.c around line 300, this should send be handled a few different ways depending on various factors, but instead the process segfaults. Something seems unhappy here. Perhaps the two problems are related. - Jeff This message is subject to Fusion Connect, Inc.'s email communication policy: www.fusionconnect.com/email-policy -------------- next part -------------- An HTML attachment was scrubbed... URL: From bogdan at opensips.org Mon Jan 16 15:18:40 2023 From: bogdan at opensips.org (Bogdan-Andrei Iancu) Date: Mon, 16 Jan 2023 17:18:40 +0200 Subject: [OpenSIPS-Users] Introducing OpenSIPS 3.4 In-Reply-To: <8d3ede60-a438-9b7e-5d9a-863da9215d60@opensips.org> References: <8d3ede60-a438-9b7e-5d9a-863da9215d60@opensips.org> Message-ID: <5ab0df00-26e1-7bd1-49f6-85e064b02054@opensips.org> Heads up, T-2 days to the deadline for the 3.4 Feature's Survey !     http://bit.ly/3VjBTfg Bogdan-Andrei Iancu OpenSIPS Founder and Developer https://www.opensips-solutions.com OpenSIPS Bootcamp 5-16 Dec 2022, online https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/ On 12/21/22 6:30 PM, Bogdan-Andrei Iancu wrote: > > Dear OpenSIPS'ers, > > We got to that time of year when we start baking a new OpenSIPS major > version. An new year, a new version, a new topic to be addressed. So > let me introduce you to the upcoming OpenSIPS 3.4 . > > For the upcoming OpenSIPS 3.4 release the main focus is on the > */consolidation /*topic, from the testing and features perspectives. > Shortly said, this mainly (not limited) translates into: > > * Performance testing and code profiling > * Conformity testing with SIP scenarios > * More MSRP features (chat, encryption, reports) > * More IMS features (IPsec, SIP Outbound) > * More Back2Back (better re-bridging ) > > For the full list with technical description and details, visit : > > https://www.opensips.org/Development/Opensips-3-4-Planning > > > *IMPORTANT* > > As community is important to us and we want to align the OpenSIPS > roadmap with the needs of our users, be part of the shaping and > decision making for the OpenSIPS 3.4 Dev Plan via this *Feature Survey > * - any feedback is important and it matters to us. > > > Best regards and enjoy the winter holidays!! > -- > Bogdan-Andrei Iancu > > OpenSIPS Founder and Developer > https://www.opensips-solutions.com > OpenSIPS Bootcamp 5-16 Dec 2022, online > https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/ > > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users -------------- next part -------------- An HTML attachment was scrubbed... URL: From liviu at opensips.org Mon Jan 16 17:06:17 2023 From: liviu at opensips.org (Liviu Chircu) Date: Mon, 16 Jan 2023 19:06:17 +0200 Subject: [OpenSIPS-Users] Version 3.1 it stops writing cdrs In-Reply-To: References: Message-ID: <6f271c4e-be30-8760-e6a7-bc93399a4d3e@opensips.org> On 13.01.2023 06:29, Saint Michael wrote: > This is the nth times that it happens. Opensips 3.1 It stops writing > cdr to the hard drive. The calls keep flowing, and I keep losing > records, money. Make sure you are running at least version 3.1.13, so you benefit from a couple race condition fixes in db_flatstore.  For example, something like what you are describing could happen due to a bug in 3.1.12 or older whenever you called "flat_rotate" 2+ times in the same second - this would internally bug some writers, which would continue writing to the old (rotated) file descriptor. However, a new "flat_rotate" should fix the internal state, even when the above bug occurs.  If that doesn't it for you, then the issue is probably not related to db_flatstore at all and you should review your ".sh" script. -- Liviu Chircu www.twitter.com/liviuchircu | www.opensips-solutions.com From liviu at opensips.org Mon Jan 16 17:06:35 2023 From: liviu at opensips.org (Liviu Chircu) Date: Mon, 16 Jan 2023 19:06:35 +0200 Subject: [OpenSIPS-Users] Question on mid_registrar de-registrations In-Reply-To: References: Message-ID: <71c61f52-418d-cde3-d32c-30f6f5c1d28b@opensips.org> On 12.01.2023 17:26, Daren FERREIRA wrote: > > In my case, the de-registers that should be triggered are never triggered. Hi Daren, Please provide the output of "opensips -V", so we have something to work with here. Best regards, -- Liviu Chircu www.twitter.com/liviuchircu | www.opensips-solutions.com From darencrew at hotmail.com Tue Jan 17 08:52:25 2023 From: darencrew at hotmail.com (Daren FERREIRA) Date: Tue, 17 Jan 2023 09:52:25 +0100 Subject: [OpenSIPS-Users] Question on mid_registrar de-registrations In-Reply-To: <71c61f52-418d-cde3-d32c-30f6f5c1d28b@opensips.org> References: <71c61f52-418d-cde3-d32c-30f6f5c1d28b@opensips.org> Message-ID: Hi Liviu Here you are version: opensips 3.1.13 (x86_64/linux) flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, HP_MALLOC, DBG_MALLOC, FAST_LOCK-ADAPTIVE_WAIT ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535 poll method support: poll, epoll, sigio_rt, select. main.c compiled on with gcc 10 Thank you Best regards > Le 16 janv. 2023 à 18:06, Liviu Chircu a écrit : > > On 12.01.2023 17:26, Daren FERREIRA wrote: >> >> In my case, the de-registers that should be triggered are never triggered. > > Hi Daren, > > Please provide the output of "opensips -V", so we have something to work with here. > > Best regards, > > -- > Liviu Chircu > www.twitter.com/liviuchircu | www.opensips-solutions.com > -------------- next part -------------- An HTML attachment was scrubbed... URL: From denys.pozniak at gmail.com Tue Jan 17 08:59:45 2023 From: denys.pozniak at gmail.com (Denys Pozniak) Date: Tue, 17 Jan 2023 10:59:45 +0200 Subject: [OpenSIPS-Users] How to process CANCEL in b2b anycast mode? Message-ID: Hello! I'm trying to build a solution with anycast + b2b. But I ran into a problem, if the dialogue is in an early state on node1, and CANCEL arrives on node2, then this request itself is no longer processed in the context of the b2b (does not jump into the route[b2b_request] on node2). If I turn off b2b, then everything works as it should. I attached a part of the script in the thread. Maybe I have an error in the logic of the script? Script snippet from node1: loadmodule "clusterer.so" modparam("clusterer", "db_mode", 0) modparam("clusterer", "my_node_id", 1) modparam("clusterer", "my_node_info", "cluster_id=1, url=bin: 192.168.56.104:5566, flags=seed") modparam("clusterer", "neighbor_node_info", "cluster_id=1,node_id=2,url=bin: 192.168.56.105:5566") modparam("clusterer", "sharing_tag", "anycast1/1=active") modparam("clusterer", "seed_fallback_interval", 10) loadmodule "b2b_entities.so" modparam("b2b_entities", "script_req_route", "b2b_request") modparam("b2b_entities", "script_reply_route", "b2b_reply") modparam("b2b_entities", "db_mode", 0) modparam("b2b_entities", "cluster_id", 1) loadmodule "b2b_logic.so" modparam("b2b_logic", "contact_user", 1) modparam("b2b_logic", "db_mode", 0) ####### Routing Logic ######## route{ sl_send_reply(100, "Trying-1"); create_dialog(); set_dlg_sharing_tag("anycast1"); if (is_method("INVITE") && !has_totag() ) { $du = "sip:192.168.56.106:5080"; b2b_init_request("top hiding"); exit; } #route(b2b_request); exit; } route[b2b_request] { if (is_method("CANCEL")) { sl_send_reply(100, "Canceling-1"); if (t_check_trans()) { b2b_pass_request(); } else { t_anycast_replicate(); } exit; } } [root at localhost opensips]# opensips-cli -x mi clusterer_list_cap { "Clusters": [ { "cluster_id": 1, "Capabilities": [ { "name": "b2be-entities-repl", "state": "Ok", "enabled": "yes" }, { "name": "dialog-dlg-repl", "state": "Ok", "enabled": "yes" }, { "name": "tm-repl", "state": "Ok", "enabled": "yes" } ] } ] } [root at localhost opensips]# opensips -V version: opensips 3.4.0-dev (x86_64/linux) flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, HP_MALLOC, DBG_MALLOC, CC_O0, FAST_LOCK-ADAPTIVE_WAIT ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535 poll method support: poll, epoll, sigio_rt, select. git revision: dda7717fa main.c compiled on 05:45:40 Jan 15 2023 with gcc 4.8.5 -- BR, Denys Pozniak -------------- next part -------------- An HTML attachment was scrubbed... URL: From liviu at opensips.org Tue Jan 17 14:13:12 2023 From: liviu at opensips.org (Liviu Chircu) Date: Tue, 17 Jan 2023 16:13:12 +0200 Subject: [OpenSIPS-Users] Question on mid_registrar de-registrations In-Reply-To: References: Message-ID: <988337e6-8b1a-f0a9-9af4-306b68d9ae22@opensips.org> On 12.01.2023 17:26, Daren FERREIRA wrote: > If I well understood, if a client is registered with a 500 seconds > expiry, the server side is set to outgoing_expires, and, if the > register is not renewed by the client, opensips should de-register. > > In my case, the de-registers that should be triggered are never triggered. > > I found no parameters relative to this in mid_registrar module, but, > looking at the source code, it seems it depends on usrloc module. > On usrloc module, it seems that contact_refresh_timer is in charge of > treating events, like expires, so I tried to enable it, without success. > Even after client expiry + timer_interval, the client is not > de-registered on server side. > > Is there anything I may have missed? Hi Daren, I notice you are using "mode == 2", which means De-REGISTERs will only be generated when the AoR gets deleted.  For example, if you have 2 SIP UAs registering to the same AoR and you are trying to kill one of them in an attempt to see a De-REGISTER being auto-generated downstream, that will never happen!  This is because the remaining Contact is enough to maintain "liveness" of the AoR to the downstream registrar. Let me know if this is the case - if not, we can continue digging.  Ideally, a SIP trace (.pcap or .txt) for the entire flow  would be helpful (you can email it to me personally, if privacy is an issue). Best regards, -- Liviu Chircu www.twitter.com/liviuchircu | www.opensips-solutions.com From darencrew at hotmail.com Tue Jan 17 15:09:49 2023 From: darencrew at hotmail.com (Daren FERREIRA) Date: Tue, 17 Jan 2023 16:09:49 +0100 Subject: [OpenSIPS-Users] Question on mid_registrar de-registrations In-Reply-To: <988337e6-8b1a-f0a9-9af4-306b68d9ae22@opensips.org> References: <988337e6-8b1a-f0a9-9af4-306b68d9ae22@opensips.org> Message-ID: Hi Liviu, Thank you for your reply. I don’t expect an unregister from one device to trigger a de-register for the two, that would be illogic. It would make sense only if the device is the last registered one. In our case, captures would be useless. That would only show no de-REGISTER is sent by OpenSIPS. Please, let me try to best describe the case and my understanding. We are in mode==2. You have several devices registering (2). The devices register with an expire < 3600 (in our case, around 600). Opensips registers with a default_expires (3600 by default) (that’s expected, that’s a way to throttle and reduce backend load). The devices are disconnected from internet, so their registry is not renewed, and expires (from client side view). OpenSIPS doesn’t send any de-register even if all endpoints registry have expired. My understanding was opensips should do the cleaning, as mentioned on the documentation. A common occurence is for some SIP User Agents to lose their network connection (especially when dealing with mobile devices), hence they do not properly de-register from the mid-registrar. In this case, in order to avoid stale registrations on the main registrar (which contains SIP contacts with greatly extended lifetimes!), the mid-registrar will appropriately generate De-REGISTER requests and remove these contacts from the main registrar's location service as soon as it considers them to have expired. Have I misunderstood? If not, what can explain the un-register to never been sent by OpenSIPS? Thank you Best regards > Le 17 janv. 2023 à 15:13, Liviu Chircu a écrit : > > On 12.01.2023 17:26, Daren FERREIRA wrote: >> If I well understood, if a client is registered with a 500 seconds expiry, the server side is set to outgoing_expires, and, if the register is not renewed by the client, opensips should de-register. >> >> In my case, the de-registers that should be triggered are never triggered. >> >> I found no parameters relative to this in mid_registrar module, but, looking at the source code, it seems it depends on usrloc module. >> On usrloc module, it seems that contact_refresh_timer is in charge of treating events, like expires, so I tried to enable it, without success. >> Even after client expiry + timer_interval, the client is not de-registered on server side. >> >> Is there anything I may have missed? > > Hi Daren, > > I notice you are using "mode == 2", which means De-REGISTERs will only be generated when the AoR gets deleted. For example, if you have 2 SIP UAs registering to the same AoR and you are trying to kill one of them in an attempt to see a De-REGISTER being auto-generated downstream, that will never happen! This is because the remaining Contact is enough to maintain "liveness" of the AoR to the downstream registrar. > > Let me know if this is the case - if not, we can continue digging. Ideally, a SIP trace (.pcap or .txt) for the entire flow would be helpful (you can email it to me personally, if privacy is an issue). > > Best regards, > > -- > Liviu Chircu > www.twitter.com/liviuchircu | www.opensips-solutions.com > -------------- next part -------------- An HTML attachment was scrubbed... URL: From liviu at opensips.org Tue Jan 17 15:57:34 2023 From: liviu at opensips.org (Liviu Chircu) Date: Tue, 17 Jan 2023 17:57:34 +0200 Subject: [OpenSIPS-Users] Question on mid_registrar de-registrations In-Reply-To: References: <988337e6-8b1a-f0a9-9af4-306b68d9ae22@opensips.org> Message-ID: <8551c416-6138-d959-eb31-db0629bbc1bc@opensips.org> On 17.01.2023 17:09, Daren FERREIRA wrote: > > My understanding was opensips should do the cleaning, as mentioned on > the documentation. > > /A common occurence is for some SIP User Agents to lose their network > connection (especially when dealing with mobile devices), hence they > do not properly de-register from the mid-registrar. In this case, in > order to avoid stale registrations on the main registrar (which > contains SIP contacts with greatly extended lifetimes!), the > mid-registrar will appropriately generate De-REGISTER requests and > remove these contacts from the main registrar's location service as > soon as it considers them to have expired. / > > Have I misunderstood? > If not, what can explain the un-register to never been sent by OpenSIPS? > You understood it perfectly.  My suggestion would be to skim through the code of mid_reg_aor_event() internal callback (it's pretty straight-forward), to get an idea of the DEBUG logging it can do, as well as "OK" code paths and "NOT OK" code paths. Once you know what to look for, try to put OpenSIPS in debug mode ("opensips-cli -x mi log_level 4") and follow with the DEBUG logs when the AoR is deleted by the timer process.  Let's see what it prints!  Of course, you should put it back to normal logging ASAP afterwards. Best regards, -- Liviu Chircu www.twitter.com/liviuchircu |www.opensips-solutions.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From darencrew at hotmail.com Tue Jan 17 17:01:50 2023 From: darencrew at hotmail.com (Daren FERREIRA) Date: Tue, 17 Jan 2023 18:01:50 +0100 Subject: [OpenSIPS-Users] Question on mid_registrar de-registrations In-Reply-To: <8551c416-6138-d959-eb31-db0629bbc1bc@opensips.org> References: <988337e6-8b1a-f0a9-9af4-306b68d9ae22@opensips.org> <8551c416-6138-d959-eb31-db0629bbc1bc@opensips.org> Message-ID: Great! Thank you for your tips. With the debug, I think I found the culprit: Jan 17 17:26:16 opensips[2810991]: DBG:usrloc:run_ul_callbacks: contact=0x7f90c91662b0, callback type 128/208, id 1 entered Jan 17 17:26:16 opensips[2810991]: DBG:mid_registrar:mid_reg_aor_event: AOR callback (128): contact=‘4413 at myhost.mydomain.com' Jan 17 17:26:16 opensips[2810991]: DBG:mid_registrar:build_unregister_hdrs: building contact from uri 'sip:4413%40myhost.mydomain.com at 192.168.10.11:5060' Jan 17 17:26:16 opensips[2810991]: DBG:mid_registrar:build_unregister_hdrs: extra hdrs: 'Contact: ;expires=0#015#012' Jan 17 17:26:16 opensips[2810991]: DBG:tm:t_uac: next_hop= Jan 17 17:26:16 opensips[2810991]: DBG:core:mk_proxy: doing DNS lookup... Jan 17 17:26:16 opensips[2810991]: DBG:core:sip_resolvehost: no port, no proto -> do NAPTR lookup! If I well understand, OpenSIPS tries to generate the de-register, and first, determine the destination of the de-register (from AOR ?) It considers it knows not enough about the protocol and port to use to generate the de-register and try to fill these informations from DNS. This logically fails because there is no SRV nor NAPTR records for the FQDN extracted (from AOR). On UL database we have: "AOR": "4413 at myhost.mydomain.com", "Contacts": [ { "Contact": "sip:4413 at 10.124.112.93:8851;rinstance=B470D0A1", "ContactID": "4067622841722148511", "Expires": "expired", "Q": "", "Callid": "9838BED5A44A0EC828005D9103086185EB431CDB", "Cseq": 106, "User-agent": "Clientt/4.6 (build 1377598; Android 11; arm64-v8a)", "Received": "sip:37.166.229.129:54630", "State": "CS_SYNC", "Flags": 0, "Cflags": "NAT", "Socket": "udp:192.168.10.11:5060", "Methods": 5183 } ] I didn’t find how to, either define the default port and protocol, or to add it to the UL database at mid_registrar_save. Should I generate a custom AOR containing something like sip:$domain:5060 at every mid_registrar_save ? Thank you very much for your help. Best regards > Le 17 janv. 2023 à 16:57, Liviu Chircu a écrit : > > On 17.01.2023 17:09, Daren FERREIRA wrote: >> >> My understanding was opensips should do the cleaning, as mentioned on the documentation. >> >> A common occurence is for some SIP User Agents to lose their network connection (especially when dealing with mobile devices), hence they do not properly de-register from the mid-registrar. In this case, in order to avoid stale registrations on the main registrar (which contains SIP contacts with greatly extended lifetimes!), the mid-registrar will appropriately generate De-REGISTER requests and remove these contacts from the main registrar's location service as soon as it considers them to have expired. >> >> Have I misunderstood? >> If not, what can explain the un-register to never been sent by OpenSIPS? >> > You understood it perfectly. My suggestion would be to skim through the code of mid_reg_aor_event() internal callback (it's pretty straight-forward), to get an idea of the DEBUG logging it can do, as well as "OK" code paths and "NOT OK" code paths. > > Once you know what to look for, try to put OpenSIPS in debug mode ("opensips-cli -x mi log_level 4") and follow with the DEBUG logs when the AoR is deleted by the timer process. Let's see what it prints! Of course, you should put it back to normal logging ASAP afterwards. > > Best regards, > > -- > Liviu Chircu > www.twitter.com/liviuchircu | www.opensips-solutions.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From liviu at opensips.org Tue Jan 17 17:37:24 2023 From: liviu at opensips.org (Liviu Chircu) Date: Tue, 17 Jan 2023 19:37:24 +0200 Subject: [OpenSIPS-Users] Question on mid_registrar de-registrations In-Reply-To: References: <988337e6-8b1a-f0a9-9af4-306b68d9ae22@opensips.org> <8551c416-6138-d959-eb31-db0629bbc1bc@opensips.org> Message-ID: <3fc215df-97fa-82a7-ad48-ddf13da29d09@opensips.org> On 17.01.2023 19:01, Daren FERREIRA wrote: > Jan 17 17:26:16 opensips[2810991]: > DBG:mid_registrar:build_unregister_hdrs: extra hdrs: 'Contact: > ;expires=0#015#012' > Jan 17 17:26:16 opensips[2810991]: DBG:tm:t_uac: > next_hop= > Jan 17 17:26:16 opensips[2810991]: DBG:core:mk_proxy: doing DNS lookup... > Jan 17 17:26:16 opensips[2810991]: DBG:core:sip_resolvehost: no port, > no proto -> do NAPTR lookup! > > If I well understand, OpenSIPS tries to generate the de-register, and > first, determine the destination of the de-register (from AOR ?) > It considers it knows not enough about the protocol and port to use to > generate the de-register and try to fill these informations from DNS. > This logically fails because there is no SRV nor NAPTR records for the > FQDN extracted (from AOR). The mid-registrar will typically *store* the R-URI ($ru) + Destination-URI ($du) combination, after you t_relay() the REGISTER towards the main registrar.  This info will be used in order to route a De-REGISTER in the exact same way (same message R-URI, sent to the same box). Apparently, you are routing the REGISTER without setting a *$du *(notice the *"adding next hop: ..."* debug log in send_unregister() , which is NOT printed), so the mid-registrar attempts to send the De-REGISTER to *sip:myhost.mydomain.com*, which was grabbed either from the R-URI (most likely) or To header of the initial REGISTER.  And, before sending the packet, of course it needs to resolve the hostname to an IP address.  If there are any issues during this resolution... you must let me know of any relevant logs, as I have no idea. Hopefully, you have some pointers to look out for now. Best regards, -- Liviu Chircu www.twitter.com/liviuchircu |www.opensips-solutions.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From nutxase at proton.me Tue Jan 17 17:56:16 2023 From: nutxase at proton.me (nutxase) Date: Tue, 17 Jan 2023 17:56:16 +0000 Subject: [OpenSIPS-Users] Registrar module Message-ID: Hi Guys I notice when i enable the registrar module any registration attempt is getting a 200 How can i stop this and make authenticate them based on what i have in mysql? Sent with [Proton Mail](https://proton.me/) secure email. -------------- next part -------------- An HTML attachment was scrubbed... URL: From wadii at evenmedia.fr Tue Jan 17 21:30:20 2023 From: wadii at evenmedia.fr (Wadii ELMAJDI | Evenmedia) Date: Tue, 17 Jan 2023 21:30:20 +0000 Subject: [OpenSIPS-Users] rabbitMq_publish (async ?) Message-ID: Hello, I am using the new rabbitmq module to send some informations as AMQP messages to a rabbitmq server. Mostly fraud detection + CDR. I wanted to know if rabbitmq_publish is considered a blocking function? for example in the case of fraud detection warning, my use case is to publish the message to rabbitmq server and continue the sip routing decision without hanging up the call. Should i use the launch statement , or is rabbitmq_publish not a blocking function already ? Ex : launch(rabbitmq_publish(...)); Thank you -------------- next part -------------- An HTML attachment was scrubbed... URL: From stefan.tobe at pmfactory.nl Wed Jan 18 11:40:44 2023 From: stefan.tobe at pmfactory.nl (=?UTF-8?B?U3RlZmFuIFRvYsOp?=) Date: Wed, 18 Jan 2023 12:40:44 +0100 Subject: [OpenSIPS-Users] opensips keeps restarting every 1:30 min on Centos7 Message-ID: Hi, I have an issue with Centos 7 running Opensips 3.2 *problem: * Opensips is restarting 1:30 min after the following command: #sudo systemctl restart opensips note: note: In between this interval the server works fine *logs*: I keep observing these logs every 1:30 min exactly in /var/log/messages: Jan 18 12:35:36 pmnlscscf02 opensips: Jan 18 12:35:35 [25370] DBG:db_mysql:db_mysql_connect: server version is 10.6.8-MariaDB-1:10.6.8+maria~focal-log Jan 18 12:35:36 pmnlscscf02 opensips: Jan 18 12:35:35 [25370] DBG:core:db_do_init: connection 0x7f479264b5a8 inserted in pool as 0x7f479264b870 Jan 18 12:35:36 pmnlscscf02 opensips: Jan 18 12:35:35 [25370] DBG:core:init_mod_child: type=CHILD, rank=7, module=rest_client Jan 18 12:35:36 pmnlscscf02 opensips: Jan 18 12:35:35 [25370] DBG:core:init_mod_child: type=CHILD, rank=7, module=json Jan 18 12:35:36 pmnlscscf02 opensips: Jan 18 12:35:35 [25370] DBG:core:init_mod_child: type=CHILD, rank=7, module=cachedb_local *Jan 18 12:37:05 pmnlscscf02 systemd: opensips.service start operation timed out. Terminating.Jan 18 12:37:05 pmnlscscf02 opensips: Jan 18 12:37:05 [25359] DBG:core:handle_sigs: SIGTERM received, program terminates*Jan 18 12:37:05 pmnlscscf02 opensips: Jan 18 12:37:05 [25359] DBG:core:shutdown_opensips: Asking process 1 [MI FIFO] to terminate Jan 18 12:37:05 pmnlscscf02 opensips: Jan 18 12:37:05 [25359] DBG:core:shutdown_opensips: Asking process 4 [SIP receiver udp: 10.130.2.141:5062] to terminate Jan 18 12:37:05 pmnlscscf02 opensips: Jan 18 12:37:05 [25359] DBG:core:shutdown_opensips: Asking process 5 [SIP receiver udp: 10.130.2.141:5062] to terminate Jan 18 12:37:05 pmnlscscf02 opensips: Jan 18 12:37:05 [25368] INFO:core:sig_usr: signal 15 received Jan 18 12:37:05 pmnlscscf02 opensips: Jan 18 12:37:05 [25359] DBG:core:shutdown_opensips: Asking process 6 [SIP receiver udp: 10.130.2.141:5062] to terminate Jan 18 12:37:05 pmnlscscf02 opensips: Jan 18 12:37:05 [25359] DBG:core:shutdown_opensips: Asking process 7 [SIP receiver udp: 10.130.2.141:5062] to terminate Jan 18 12:37:05 pmnlscscf02 opensips: Jan 18 12:37:05 [25359] DBG:core:shutdown_opensips: Asking process 8 [TCP receiver] to terminate Jan 18 12:37:05 pmnlscscf02 opensips: Jan 18 12:37:05 [25359] DBG:core:shutdown_opensips: Asking process 9 [TCP receiver] to terminate Jan 18 12:37:05 pmnlscscf02 opensips: Jan 18 12:37:05 [25359] DBG:core:shutdown_opensips: Asking process 10 [Timer handler] to terminate Jan 18 12:37:05 pmnlscscf02 opensips: Jan 18 12:37:05 [25359] DBG:core:shutdown_opensips: Asking process 11 [TCP main] to terminate Jan 18 12:37:05 pmnlscscf02 opensips: Listening on *analysis*: can it have something to do with process forking and default Centos 7 1:30 min timeout in systemd? -- mvg Stefan Tobé PM Factory B.V. Bolderweg 2 1332 AT Almere tel: 06 21 26 59 68 email: stefan.tobe at pmfactory.nl PGP public key: click here to download -------------- next part -------------- An HTML attachment was scrubbed... URL: From nutxase at proton.me Wed Jan 18 13:17:59 2023 From: nutxase at proton.me (nutxase) Date: Wed, 18 Jan 2023 13:17:59 +0000 Subject: [OpenSIPS-Users] auth_db Message-ID: Hey All I am trying to get my UAC to register to opensips using auth_db but i keep getting unathorised, and what i can see is the contact is showing the extension and the phone local ip any ideas what im missing? here is the config modparam("auth_db", "db_url", "mysql://xxxx:xxx at 172.17.0.3/opensips") modparam("auth_db", "user_column", "username") modparam("auth_db", "password_column", "password") modparam("auth_db", "calculate_ha1", 1) modparam("auth_db", "use_domain", 1) modparam("auth_db", "domain_column", "domain") modparam("auth_db", "uri_domain_column", "domain") modparam("auth_db", "uri_user_column", "username") modparam("auth_db", "load_credentials", "$avp(13)=rpid;email_address") if (is_method("REGISTER")) { if (!www_authorize("[sip.xxx.com](http://sip.sipalto.com)", "subscriber")) { if (!www_authorize("[sip.xxx.com](http://sip.sipalto.com)", "subscriber")) www_challenge("", "auth"); exit; } if (!proxy_authorize("", "subscriber")) proxy_challenge("", "auth"); #if (!db_is_from_authorized("uri")) { if (!db_does_uri_exist($ru, "subscriber")) { xlog("User $tu is not authorized to authenticate with $au credential\n"); sl_send_reply(403,"Forbidden auth ID"); exit; } -------------- next part -------------- An HTML attachment was scrubbed... URL: From darencrew at hotmail.com Wed Jan 18 13:30:25 2023 From: darencrew at hotmail.com (Daren FERREIRA) Date: Wed, 18 Jan 2023 14:30:25 +0100 Subject: [OpenSIPS-Users] Question on mid_registrar de-registrations In-Reply-To: <3fc215df-97fa-82a7-ad48-ddf13da29d09@opensips.org> References: <988337e6-8b1a-f0a9-9af4-306b68d9ae22@opensips.org> <8551c416-6138-d959-eb31-db0629bbc1bc@opensips.org> <3fc215df-97fa-82a7-ad48-ddf13da29d09@opensips.org> Message-ID: Hello Liviu, I just tested using $du, it solved the de-register not to be sent, but another issue is coming, the de-register challenge… When generating the de-register, the upstream server refuse it and send a challenge OpenSIPS can’t reply because, as a mid-registrar, OpenSIPS doesn’t know the clients credentials… The only way to achieve this would be the upstream and OpenSIPS to share a secret way to bypass auth only on generated de-register (an IP based bypass would be a huge breach as it would permit any proxified de/registers to be approved). I’m afraid there is no simple solution to this issue. Don’t you think so? Maybe you have an idea ? Thank you Best regards > Le 17 janv. 2023 à 18:37, Liviu Chircu a écrit : > > On 17.01.2023 19:01, Daren FERREIRA wrote: >> Jan 17 17:26:16 opensips[2810991]: DBG:mid_registrar:build_unregister_hdrs: extra hdrs: 'Contact: ;expires=0#015#012' >> Jan 17 17:26:16 opensips[2810991]: DBG:tm:t_uac: next_hop= >> Jan 17 17:26:16 opensips[2810991]: DBG:core:mk_proxy: doing DNS lookup... >> Jan 17 17:26:16 opensips[2810991]: DBG:core:sip_resolvehost: no port, no proto -> do NAPTR lookup! >> >> If I well understand, OpenSIPS tries to generate the de-register, and first, determine the destination of the de-register (from AOR ?) >> It considers it knows not enough about the protocol and port to use to generate the de-register and try to fill these informations from DNS. >> This logically fails because there is no SRV nor NAPTR records for the FQDN extracted (from AOR). > The mid-registrar will typically store the R-URI ($ru) + Destination-URI ($du) combination, after you t_relay() the REGISTER towards the main registrar. This info will be used in order to route a De-REGISTER in the exact same way (same message R-URI, sent to the same box). > > Apparently, you are routing the REGISTER without setting a $du (notice the "adding next hop: ..." debug log in send_unregister() , which is NOT printed), so the mid-registrar attempts to send the De-REGISTER to sip:myhost.mydomain.com, which was grabbed either from the R-URI (most likely) or To header of the initial REGISTER. And, before sending the packet, of course it needs to resolve the hostname to an IP address. If there are any issues during this resolution... you must let me know of any relevant logs, as I have no idea. > > Hopefully, you have some pointers to look out for now. > > Best regards, > > -- > Liviu Chircu > www.twitter.com/liviuchircu | www.opensips-solutions.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From darencrew at hotmail.com Wed Jan 18 13:48:59 2023 From: darencrew at hotmail.com (Daren FERREIRA) Date: Wed, 18 Jan 2023 14:48:59 +0100 Subject: [OpenSIPS-Users] Question on mid_registrar de-registrations In-Reply-To: References: <988337e6-8b1a-f0a9-9af4-306b68d9ae22@opensips.org> <8551c416-6138-d959-eb31-db0629bbc1bc@opensips.org> <3fc215df-97fa-82a7-ad48-ddf13da29d09@opensips.org> Message-ID: Hello again ;) I just found a workaround. This would be OpenSIPS to save the challenge informations it used on the upstream REGISTER, in order to be able to replay them on de-register. Since the upstream accept « stale » informations as permitted by RFC, the de-register would be successful. According to my understanding, there is actually no ways to do so for now. What do you think about this? Maybe you have a better idea. Thank you Best regards > Le 18 janv. 2023 à 14:30, Daren FERREIRA a écrit : > > Hello Liviu, > > I just tested using $du, it solved the de-register not to be sent, but another issue is coming, the de-register challenge… > > When generating the de-register, the upstream server refuse it and send a challenge OpenSIPS can’t reply because, as a mid-registrar, OpenSIPS doesn’t know the clients credentials… > > The only way to achieve this would be the upstream and OpenSIPS to share a secret way to bypass auth only on generated de-register (an IP based bypass would be a huge breach as it would permit any proxified de/registers to be approved). > > I’m afraid there is no simple solution to this issue. Don’t you think so? Maybe you have an idea ? > > > > Thank you > > Best regards > >> Le 17 janv. 2023 à 18:37, Liviu Chircu a écrit : >> >> On 17.01.2023 19:01, Daren FERREIRA wrote: >>> Jan 17 17:26:16 opensips[2810991]: DBG:mid_registrar:build_unregister_hdrs: extra hdrs: 'Contact: ;expires=0#015#012' >>> Jan 17 17:26:16 opensips[2810991]: DBG:tm:t_uac: next_hop= >>> Jan 17 17:26:16 opensips[2810991]: DBG:core:mk_proxy: doing DNS lookup... >>> Jan 17 17:26:16 opensips[2810991]: DBG:core:sip_resolvehost: no port, no proto -> do NAPTR lookup! >>> >>> If I well understand, OpenSIPS tries to generate the de-register, and first, determine the destination of the de-register (from AOR ?) >>> It considers it knows not enough about the protocol and port to use to generate the de-register and try to fill these informations from DNS. >>> This logically fails because there is no SRV nor NAPTR records for the FQDN extracted (from AOR). >> The mid-registrar will typically store the R-URI ($ru) + Destination-URI ($du) combination, after you t_relay() the REGISTER towards the main registrar. This info will be used in order to route a De-REGISTER in the exact same way (same message R-URI, sent to the same box). >> >> Apparently, you are routing the REGISTER without setting a $du (notice the "adding next hop: ..." debug log in send_unregister() , which is NOT printed), so the mid-registrar attempts to send the De-REGISTER to sip:myhost.mydomain.com, which was grabbed either from the R-URI (most likely) or To header of the initial REGISTER. And, before sending the packet, of course it needs to resolve the hostname to an IP address. If there are any issues during this resolution... you must let me know of any relevant logs, as I have no idea. >> >> Hopefully, you have some pointers to look out for now. >> >> Best regards, >> >> -- >> Liviu Chircu >> www.twitter.com/liviuchircu | www.opensips-solutions.com > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users -------------- next part -------------- An HTML attachment was scrubbed... URL: From nutxase at proton.me Wed Jan 18 16:13:47 2023 From: nutxase at proton.me (nutxase) Date: Wed, 18 Jan 2023 16:13:47 +0000 Subject: [OpenSIPS-Users] auth_db In-Reply-To: References: Message-ID: anyone have any pointers why uac's wont auth :( Sent with [Proton Mail](https://proton.me/) secure email. ------- Original Message ------- On Wednesday, January 18th, 2023 at 1:17 PM, nutxase via Users wrote: > Hey All > > I am trying to get my UAC to register to opensips using auth_db > but i keep getting unathorised, and what i can see is the contact is showing the extension and the phone local ip > > any ideas what im missing? > here is the config > > modparam("auth_db", "db_url", "mysql://xxxx:xxx at 172.17.0.3/opensips") > modparam("auth_db", "user_column", "username") > modparam("auth_db", "password_column", "password") > modparam("auth_db", "calculate_ha1", 1) > modparam("auth_db", "use_domain", 1) > modparam("auth_db", "domain_column", "domain") > modparam("auth_db", "uri_domain_column", "domain") > modparam("auth_db", "uri_user_column", "username") > modparam("auth_db", "load_credentials", "$avp(13)=rpid;email_address") > > if (is_method("REGISTER")) { > if (!www_authorize("[sip.xxx.com](http://sip.sipalto.com)", "subscriber")) > { > if (!www_authorize("[sip.xxx.com](http://sip.sipalto.com)", "subscriber")) > www_challenge("", "auth"); > exit; > } > if (!proxy_authorize("", "subscriber")) > proxy_challenge("", "auth"); > #if (!db_is_from_authorized("uri")) { > if (!db_does_uri_exist($ru, "subscriber")) { > > xlog("User $tu is not authorized to authenticate with $au credential\n"); > > sl_send_reply(403,"Forbidden auth ID"); > exit; > } -------------- next part -------------- An HTML attachment was scrubbed... URL: From aviator.nitesh.d at gmail.com Wed Jan 18 17:15:49 2023 From: aviator.nitesh.d at gmail.com (Nitesh Divecha) Date: Wed, 18 Jan 2023 12:15:49 -0500 Subject: [OpenSIPS-Users] - Clustering Message-ID: Hello All, I got two nodes in cluster formation and they are in sync. Running CLI opensips-cli -x mi ul_dump | grep "AOR\":\|Contact\":" on both nodes I can see ALL the registered endpoints . For testing purposes I have two endpoints registered on each node so a total four endpoints are visible. Node #1 - IP: 66.x.x.1, registered endpoint 2001 and 2002 Node #2 - IP: 3.x.x.9, registered endpoint 5467901 and 5467902 Endpoints in Node#1 can call each other (2001 <--> 2002) and endpoints in Node#2 can call each other (5467901 <--> 5467902) root at archer:/etc/opensips# opensips-cli -x mi ul_dump | grep "AOR\":\|Contact\":" "AOR": 5467901 at 3.x.x.9, "Contact":sip:5467901 at 143.x.x.7:29100, "AOR": 5467902 at 3.x.x.9, "Contact":sip:5467902 at 143.x.x.7:5062, "AOR": 2002 at 66.x.x.1, "Contact":sip:2002 at 143.x.x.6:12339;ob, "AOR": 2001 at 66.x.x.1, "Contact":sip:2001 at 143.x.x.6:5060;ob, But none of the nodes can call each other... Meaning Node#1-2001 or 2 can not call Node#2-5467901 or 2 and vice versa... On log it shows SIP 404, Not Found... and looking further in detail it shows it is only looking for the endpoint in the same Node, meaning when 2001 calls 5467901 it is looking for 5467901 at 66.x.x.1 on Node#1 instead of 5467901 at 3.x.x.9 on Node#2. #### USeR LOCation module loadmodule "usrloc.so" modparam("usrloc", "nat_bflag", "NATED_CALLEE") modparam("usrloc", "location_cluster", 2) modparam("usrloc", "working_mode_preset", "full-sharing-cluster") route[to_user] { # do lookup with method filtering if (!lookup("location","m")) { if (!db_does_uri_exist("$ru","subscriber")) { send_reply(404,"Not Found"); xlog("ERROR: rU is: ($rU) and ru is: $ru --> Not Found\n"); exit; } if(isflagset('HUNTGROUP')) { route(huntgroup); } t_reply(480, "Temporarily Unavailable"); exit; } $acc_extra(TYPE) = "USER"; route(relay); } Any help will be highly appreciated... Cheers, Nitesh -------------- next part -------------- An HTML attachment was scrubbed... URL: From aviator.nitesh.d at gmail.com Wed Jan 18 17:27:01 2023 From: aviator.nitesh.d at gmail.com (Nitesh Divecha) Date: Wed, 18 Jan 2023 12:27:01 -0500 Subject: [OpenSIPS-Users] - Clustering In-Reply-To: References: Message-ID: And using following: Node#1 # opensips -V version: opensips 3.3.2 (x86_64/linux) flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, HP_MALLOC, DBG_MALLOC, FAST_LOCK-ADAPTIVE_WAIT ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535 poll method support: poll, epoll, sigio_rt, select. main.c compiled on with gcc 11 Node#2 # opensips -V version: opensips 3.3.1 (x86_64/linux) flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, HP_MALLOC, DBG_MALLOC, FAST_LOCK-ADAPTIVE_WAIT ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535 poll method support: poll, epoll, sigio_rt, select. git revision: bf7c0eb89 main.c compiled on 14:53:50 Aug 30 2022 with gcc 10 Both Nodes are using OpenSIPS Control Panel 9.3.2. On Wed, Jan 18, 2023 at 12:15 PM Nitesh Divecha wrote: > Hello All, > > I got two nodes in cluster formation and they are in sync. Running CLI > opensips-cli -x mi ul_dump | grep "AOR\":\|Contact\":" on both nodes I can > see ALL the registered endpoints . For testing purposes I have two > endpoints registered on each node so a total four endpoints are visible. > > Node #1 - IP: 66.x.x.1, registered endpoint 2001 and 2002 > Node #2 - IP: 3.x.x.9, registered endpoint 5467901 and 5467902 > > Endpoints in Node#1 can call each other (2001 <--> 2002) and endpoints in > Node#2 can call each other (5467901 <--> 5467902) > > root at archer:/etc/opensips# opensips-cli -x mi ul_dump | grep > "AOR\":\|Contact\":" > "AOR": 5467901 at 3.x.x.9, > "Contact":sip:5467901 at 143.x.x.7:29100, > "AOR": 5467902 at 3.x.x.9, > "Contact":sip:5467902 at 143.x.x.7:5062, > "AOR": 2002 at 66.x.x.1, > "Contact":sip:2002 at 143.x.x.6:12339;ob, > "AOR": 2001 at 66.x.x.1, > "Contact":sip:2001 at 143.x.x.6:5060;ob, > > But none of the nodes can call each other... Meaning Node#1-2001 or 2 can > not call Node#2-5467901 or 2 and vice versa... On log it shows SIP 404, Not > Found... and looking further in detail it shows it is only looking for the > endpoint in the same Node, meaning when 2001 calls 5467901 it is looking > for 5467901 at 66.x.x.1 on Node#1 instead of 5467901 at 3.x.x.9 on Node#2. > > > #### USeR LOCation module > loadmodule "usrloc.so" > modparam("usrloc", "nat_bflag", "NATED_CALLEE") > modparam("usrloc", "location_cluster", 2) > modparam("usrloc", "working_mode_preset", "full-sharing-cluster") > > route[to_user] { > # do lookup with method filtering > if (!lookup("location","m")) { > if (!db_does_uri_exist("$ru","subscriber")) { > send_reply(404,"Not Found"); > xlog("ERROR: rU is: ($rU) and ru is: $ru --> Not > Found\n"); > exit; > } > if(isflagset('HUNTGROUP')) { > route(huntgroup); > } > t_reply(480, "Temporarily Unavailable"); > exit; > } > $acc_extra(TYPE) = "USER"; > route(relay); > } > > > Any help will be highly appreciated... > > Cheers, > Nitesh > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From adityavasava20 at gmail.com Thu Jan 19 07:01:53 2023 From: adityavasava20 at gmail.com (Ankit vasava) Date: Thu, 19 Jan 2023 12:31:53 +0530 Subject: [OpenSIPS-Users] openips SCA/SLA issue Message-ID: Hello All, I am doing call registration inside opensips(3.2.5). and using a Yealink SIP-T46U ip phone. I have registered 101 users in both the devices and enabled *"call shared appearance"* inside IP-PHONE devices. *Case:1* when incoming call received inside openips from *carrier ip* we relay it to end users which is registered inside opensips. when a call answered by one of the subscribers-> after that call is put on hold initiated by the subscriber. while putting call hold, other subscribers IP-phones (lights red) not blinking. For that I have used the *"**presence_callinfo"* module , and executed *sca_set_called _line();* function. and received error message like *"**used line > not found in hash. Using without seizing?"* Can anyone suggest to me why phone devices are not blinking and Here is the my configuration loadmodule "presence.so" loadmodule "presence_xml.so" loadmodule "presence_mwi.so" loadmodule "presence_dialoginfo.so" loadmodule "presence_callinfo.so" loadmodule "presence_xcapdiff.so" loadmodule "presence_dfks.so" loadmodule "xcap.so" loadmodule "pua.so" loadmodule "pua_dialoginfo.so" loadmodule "pua_mi.so" if (is_method("INVITE") and !has_totag()) { sca_set_calling_line(); } I have the above initial request route. -- *Regards,Ankit vasava* Sr. VoIP Developer *Phone: *+91-9879491525 *Skype: *ankit.vasava Http://in.linkedin.com/in/ankitvasava -------------- next part -------------- An HTML attachment was scrubbed... URL: From bogdan at opensips.org Thu Jan 19 07:07:06 2023 From: bogdan at opensips.org (Bogdan-Andrei Iancu) Date: Thu, 19 Jan 2023 09:07:06 +0200 Subject: [OpenSIPS-Users] open3.3 has no opensipsctlrc? In-Reply-To: <77f9a9b4.2565.185aab7080a.Coremail.clorisice@163.com> References: <172d3181.193c.184b858278e.Coremail.clorisice@163.com> <77f9a9b4.2565.185aab7080a.Coremail.clorisice@163.com> Message-ID: Please check https://github.com/OpenSIPS/opensips-cli/blob/master/docs/modules/database.md Regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer https://www.opensips-solutions.com OpenSIPS Bootcamp 5-16 Dec 2022, online https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/ On 1/13/23 12:40 PM, wl wrote: > > > hi thanks your answer very much, and i want to know further details > about how to use,such as DBENGIN=MYSQL  DBHOST=localhost  > DBNAME=opensips  which are formerlyset  in opensipsctlrc, how to > traslate these setting from opensipsctlrc to opensips-cli ,or can you > provide  some gudiance doc? > best regards! > > > > > > At 2022-12-06 19:15:18, "Bogdan-Andrei Iancu" wrote: > > Hi, > > OpenSIPS 3.3 does not use opensipsctl anymore, but opensips-cli > https://github.com/OpenSIPS/opensips-cli > > Best regards, > > Bogdan-Andrei Iancu > > OpenSIPS Founder and Developer > https://www.opensips-solutions.com > OpenSIPS Bootcamp 5-16 Dec 2022, online > https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/ > > On 11/27/22 11:08 AM, wl wrote: >> hello: >> I am using opensip-3.3.3  but after configure, make, make install >> , I cannot fnd the previous config file 'opensipsctlrc' >> at prefix_dir/etc/opensips/. why? is this file cancelled on new >> version? >> and >> I am trying to connect newest opensips to newest freeswitch, and >> I refer this article: >> >> https://www.opensips.org/Documentation/Tutorials-OpenSIPSF >> >> >> but it is based on opensips-1.8 ,is it obsolete to new version >> since I cannot find opensipsctlrc file agian , I dont't know how >> to integrate newest opensips with  freeswitch, can you provide >> new reference article for me? >> thanks a lot >> best reagarda >> looking forward your reply! >> >> >> _______________________________________________ >> Users mailing list >> Users at lists.opensips.org >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From denys.pozniak at gmail.com Thu Jan 19 15:25:32 2023 From: denys.pozniak at gmail.com (Denys Pozniak) Date: Thu, 19 Jan 2023 17:25:32 +0200 Subject: [OpenSIPS-Users] How to process CANCEL in b2b anycast mode? In-Reply-To: References: Message-ID: Hello! Sorry for bumping the topic up. Does anyone have any ideas about what could be the source of this problem? вт, 17 янв. 2023 г. в 10:59, Denys Pozniak : > Hello! > > I'm trying to build a solution with anycast + b2b. > But I ran into a problem, if the dialogue is in an early state on node1, > and CANCEL arrives on node2, then this request itself is no longer > processed in the context of the b2b (does not jump into the > route[b2b_request] on node2). > If I turn off b2b, then everything works as it should. I attached a part > of the script in the thread. > > Maybe I have an error in the logic of the script? > > Script snippet from node1: > > loadmodule "clusterer.so" > modparam("clusterer", "db_mode", 0) > modparam("clusterer", "my_node_id", 1) > modparam("clusterer", "my_node_info", "cluster_id=1, url=bin: > 192.168.56.104:5566, flags=seed") > modparam("clusterer", "neighbor_node_info", > "cluster_id=1,node_id=2,url=bin:192.168.56.105:5566") > modparam("clusterer", "sharing_tag", "anycast1/1=active") > modparam("clusterer", "seed_fallback_interval", 10) > > loadmodule "b2b_entities.so" > modparam("b2b_entities", "script_req_route", "b2b_request") > modparam("b2b_entities", "script_reply_route", "b2b_reply") > modparam("b2b_entities", "db_mode", 0) > modparam("b2b_entities", "cluster_id", 1) > > loadmodule "b2b_logic.so" > modparam("b2b_logic", "contact_user", 1) > modparam("b2b_logic", "db_mode", 0) > > ####### Routing Logic ######## > > route{ > > sl_send_reply(100, "Trying-1"); > create_dialog(); > set_dlg_sharing_tag("anycast1"); > > if (is_method("INVITE") && !has_totag() ) { > $du = "sip:192.168.56.106:5080"; > b2b_init_request("top hiding"); > exit; > } > > #route(b2b_request); > exit; > } > > route[b2b_request] { > > if (is_method("CANCEL")) { > sl_send_reply(100, "Canceling-1"); > if (t_check_trans()) { > b2b_pass_request(); > > } else { > t_anycast_replicate(); > } > > exit; > } > } > > [root at localhost opensips]# opensips-cli -x mi clusterer_list_cap > { > "Clusters": [ > { > "cluster_id": 1, > "Capabilities": [ > { > "name": "b2be-entities-repl", > "state": "Ok", > "enabled": "yes" > }, > { > "name": "dialog-dlg-repl", > "state": "Ok", > "enabled": "yes" > }, > { > "name": "tm-repl", > "state": "Ok", > "enabled": "yes" > } > ] > } > ] > } > > [root at localhost opensips]# opensips -V > version: opensips 3.4.0-dev (x86_64/linux) > flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, > Q_MALLOC, F_MALLOC, HP_MALLOC, DBG_MALLOC, CC_O0, FAST_LOCK-ADAPTIVE_WAIT > ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, > MAX_URI_SIZE 1024, BUF_SIZE 65535 > poll method support: poll, epoll, sigio_rt, select. > git revision: dda7717fa > main.c compiled on 05:45:40 Jan 15 2023 with gcc 4.8.5 > > -- > > BR, > Denys Pozniak > > > -- BR, Denys Pozniak -------------- next part -------------- An HTML attachment was scrubbed... URL: From nutxase at proton.me Thu Jan 19 18:27:47 2023 From: nutxase at proton.me (nutxase) Date: Thu, 19 Jan 2023 18:27:47 +0000 Subject: [OpenSIPS-Users] invalid contact wss Message-ID: <-qJ08HPslNhdMqJm8LjtKtvQeKsFxDOl-y0eEjIh5eNAzslv7xsmWrlXeIAZ2gSDXL9COQiE09MePhydRiBZol5K2COs_0um0mCLdBvvd2Y=@proton.me> Hi guys So i notice when i register a WSS client to opensips the contact shows something like Contact": "sip:62dntqm1 at rwtjcrhyne3j.invalid;transport=wss", which causes inbound calls to not route and show 476 unresolvable destination. any tips of where to look here? Sent with [Proton Mail](https://proton.me/) secure email. -------------- next part -------------- An HTML attachment was scrubbed... URL: From adityavasava20 at gmail.com Fri Jan 20 06:38:42 2023 From: adityavasava20 at gmail.com (Ankit vasava) Date: Fri, 20 Jan 2023 12:08:42 +0530 Subject: [OpenSIPS-Users] opensips presence_callinfo (SCA/SLA )issue Message-ID: Hello All, I am doing users registration inside opensips(3.2.5). and using a Yealink SIP-T46U ip phone. I have registered 101 users in both the devices and enabled *"call shared appearance"* inside IP-PHONE devices. Case:1 When an incoming call is received inside openips from carrier ip we relay it to end users which is registered inside opensips. when a call answered by one of the subscribers-> after that call is put on hold initiated by the subscriber. while putting call hold, other subscribers IP-phones (lights red) not blinking. For that I have used the *"**presence_callinfo"* module , and executed *sca_set_called _line();* function. and received an error message like *opensips[441950]: ERROR:presence_callinfo:sca_set_line: missing or bogus Call-Info header in INVITE* Can anyone suggest to me why phone devices are not blinking and Here is the my configuration When we received the first invite from the carrier provider we don;t have call-info headers and that function seemed to be looking for a call-info header. after that contact carrier provider and ask the please add it call-info headers , then after adding that headers we will receive error message like like *"**used line :5660 not found in hash. Using without seizing?"* loadmodule "presence.so" loadmodule "presence_xml.so" loadmodule "presence_mwi.so" loadmodule "presence_dialoginfo.so" loadmodule "presence_callinfo.so" loadmodule "presence_xcapdiff.so" loadmodule "presence_dfks.so" loadmodule "xcap.so" loadmodule "pua.so" loadmodule "pua_dialoginfo.so" loadmodule "pua_mi.so" if (is_method("INVITE") and !has_totag()) { sca_set_called_line(); } I have written above code inside initial request route. -- *Regards,Ankit vasava* Sr. VoIP Developer *Phone: *+91-9879491525 *Skype: *ankit.vasava Http://in.linkedin.com/in/ankitvasava -------------- next part -------------- An HTML attachment was scrubbed... URL: From bullehs at gmail.com Sat Jan 21 10:34:14 2023 From: bullehs at gmail.com (HS) Date: Sat, 21 Jan 2023 15:34:14 +0500 Subject: [OpenSIPS-Users] LATE SDP Script on Opensips 3.3 Message-ID: Hi all. I am trying to setup an Opensips 3.3 instance on AWS and have rtpengine installed. I am using a modified version of the script here: http://www.opensips.org/pub/docs/tutorials/websockets/opensips-late.cfg Two issues. 1. When I call a browser (Firefox or chrome), the call is rejected and I get the error: "Failed to get local SDP". 2. One-way audio in specific circumstances - log below. Investigating further I found that if I use "t_on_reply("handle_nat");" the calls go through fine. However, if I use "t_on_branch("handle_nat");" I see behaviour below. Thanks in advance. I am using 2 UA - Microsip and Linphone. When I call from Microsip (Laptop) to Linphone (Android) I have great audio and the logs show this: Jan 20 16:11:06 ip-172-31-13-220 rtpengine[42387]: INFO: [f75f1e374747457ca016e3a3a62ff4b3]: [control] Received command 'answer' from 127.0.0.1:33919 Jan 20 16:11:06 ip-172-31-13-220 rtpengine[42387]: INFO: [f75f1e374747457ca016e3a3a62ff4b3]: [control] Replying to 'answer' from 127.0.0.1:33919 (elapsed time 0.000268 sec) Jan 20 16:11:06 ip-172-31-13-220 /usr/sbin/opensips[79601]: incoming reply Jan 20 16:11:07 ip-172-31-13-220 dhclient[451]: DHCPREQUEST for 172.31.13.220 on ens5 to 172.31.0.1 port 67 Jan 20 16:11:07 ip-172-31-13-220 dhclient[451]: DHCPACK of 172.31.13.220 from 172.31.0.1 Jan 20 16:11:07 ip-172-31-13-220 dhclient[451]: bound to 172.31.13.220 -- renewal in 1607 seconds. Jan 20 16:11:10 ip-172-31-13-220 rtpengine[42387]: INFO: [f75f1e374747457ca016e3a3a62ff4b3 port 13215]: [core] Confirmed peer address as My.Pub.IP.Add:4011 Jan 20 16:11:21 ip-172-31-13-220 rtpengine[42387]: INFO: [f75f1e374747457ca016e3a3a62ff4b3]: [control] Received command 'delete' from 127.0.0.1:33919 Jan 20 16:11:21 ip-172-31-13-220 rtpengine[42387]: INFO: [f75f1e374747457ca016e3a3a62ff4b3]: [core] Scheduling deletion of call branch 'bGUEC~8' (via-branch '') in 30 seconds Jan 20 16:11:21 ip-172-31-13-220 rtpengine[42387]: INFO: [f75f1e374747457ca016e3a3a62ff4b3]: [core] Scheduling deletion of call branch '33a25bec39c742678ce74836e0ff40d1' (via-branch '') in 30 seconds Jan 20 16:11:21 ip-172-31-13-220 rtpengine[42387]: INFO: [f75f1e374747457ca016e3a3a62ff4b3]: [core] Scheduling deletion of entire call in 30 seconds Jan 20 16:11:21 ip-172-31-13-220 rtpengine[42387]: INFO: [f75f1e374747457ca016e3a3a62ff4b3]: [control] Replying to 'delete' from 127.0.0.1:33919 (elapsed time 0.000179 sec) However, when I call from Linphone to Microsip, there's one-way audio and the following in the logs: Jan 20 16:02:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: [control] Received command 'offer' from 127.0.0.1:40022 Jan 20 16:02:29 ip-172-31-13-220 rtpengine[42387]: NOTICE: [CjBB-HZqpe]: [core] Creating new call Jan 20 16:02:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: [control] Replying to 'offer' from 127.0.0.1:40022 (elapsed time 0.000500 sec) Jan 20 16:02:37 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: [control] Received command 'answer' from 127.0.0.1:40022 Jan 20 16:02:37 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: [control] Replying to 'answer' from 127.0.0.1:40022 (elapsed time 0.000209 sec) Jan 20 16:02:37 ip-172-31-13-220 /usr/sbin/opensips[79600]: incoming reply Jan 20 16:02:38 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: [control] Received command 'answer' from 127.0.0.1:40022 Jan 20 16:02:38 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: [control] Replying to 'answer' from 127.0.0.1:40022 (elapsed time 0.000178 sec) Jan 20 16:02:38 ip-172-31-13-220 /usr/sbin/opensips[79600]: incoming reply Jan 20 16:02:39 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: [control] Received command 'answer' from 127.0.0.1:40022 Jan 20 16:02:39 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: [control] Replying to 'answer' from 127.0.0.1:40022 (elapsed time 0.000139 sec) Jan 20 16:02:39 ip-172-31-13-220 /usr/sbin/opensips[79600]: incoming reply Jan 20 16:02:44 ip-172-31-13-220 dhclient[524]: XMT: Solicit on ens5, interval 111260ms. Jan 20 16:02:45 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe port 13139]: [core] Confirmed peer address as My.Pub.IP.Add:4007 Jan 20 16:02:46 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe port 13146]: [core] Confirmed peer address as My.Pub.IP.Add:7078 Jan 20 16:02:46 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe port 13146]: [core] Kernelizing media stream: My.Pub.IP.Add:7078 -> 172.31.13.220:13146 | 172.31.13.220:13138 -> My.Pub.IP.Add:4006 Jan 20 16:02:51 ip-172-31-13-220 rtpengine[42387]: INFO: [8fbde711f8864432ba7a37290d224a9a]: [core] Final packet stats: Jan 20 16:02:51 ip-172-31-13-220 rtpengine[42387]: INFO: [8fbde711f8864432ba7a37290d224a9a]: [core] --- Tag 'de22d68c1c7e4e759933a940e2f9eaa8', created 1:30 ago for branch '' Jan 20 16:02:51 ip-172-31-13-220 rtpengine[42387]: INFO: [8fbde711f8864432ba7a37290d224a9a]: [core] --- subscribed to 'PCjqSrP' Jan 20 16:02:51 ip-172-31-13-220 rtpengine[42387]: INFO: [8fbde711f8864432ba7a37290d224a9a]: [core] --- subscription for 'PCjqSrP' Jan 20 16:02:51 ip-172-31-13-220 rtpengine[42387]: INFO: [8fbde711f8864432ba7a37290d224a9a]: [core] ------ Media #1 (audio over RTP/AVP) using opus/48000/2 Jan 20 16:02:51 ip-172-31-13-220 rtpengine[42387]: INFO: [8fbde711f8864432ba7a37290d224a9a]: [core] --------- Port 172.31.13.220:13126 <> My.Pub.IP.Add:4004 , SSRC 3cca2cda, in 4 p, 185 b, 0 e, 83 ts, out 2 p, 67 b, 0 e Jan 20 16:02:51 ip-172-31-13-220 rtpengine[42387]: INFO: [8fbde711f8864432ba7a37290d224a9a]: [core] --------- Port 172.31.13.220:13127 <> My.Pub.IP.Add:4005 (RTCP), SSRC 3cca2cda, in 4 p, 276 b, 0 e, 83 ts, out 0 p, 0 b, 0 e Jan 20 16:02:51 ip-172-31-13-220 rtpengine[42387]: INFO: [8fbde711f8864432ba7a37290d224a9a]: [core] --- Tag 'PCjqSrP', created 1:30 ago for branch '' Jan 20 16:02:51 ip-172-31-13-220 rtpengine[42387]: INFO: [8fbde711f8864432ba7a37290d224a9a]: [core] --- subscribed to 'de22d68c1c7e4e759933a940e2f9eaa8' Jan 20 16:02:51 ip-172-31-13-220 rtpengine[42387]: INFO: [8fbde711f8864432ba7a37290d224a9a]: [core] --- subscription for 'de22d68c1c7e4e759933a940e2f9eaa8' Jan 20 16:02:51 ip-172-31-13-220 rtpengine[42387]: INFO: [8fbde711f8864432ba7a37290d224a9a]: [core] ------ Media #1 (audio over RTP/AVP) using opus/48000/2 Jan 20 16:02:51 ip-172-31-13-220 rtpengine[42387]: INFO: [8fbde711f8864432ba7a37290d224a9a]: [core] --------- Port 172.31.13.220:13112 <> My.Pub.IP.Add:7078 , SSRC 1a445cd2, in 2 p, 67 b, 0 e, 83 ts, out 4 p, 185 b, 0 e Jan 20 16:02:51 ip-172-31-13-220 rtpengine[42387]: INFO: [8fbde711f8864432ba7a37290d224a9a]: [core] --------- Port 172.31.13.220:13113 <> My.Pub.IP.Add:7079 (RTCP), SSRC 0, in 2 p, 40 b, 2 e, 83 ts, out 4 p, 276 b, 0 e Jan 20 16:02:52 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe port 13138]: [core] Confirmed peer address as My.Pub.IP.Add:4006 Jan 20 16:02:52 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe port 13138]: [core] Kernelizing media stream: My.Pub.IP.Add:4006 -> 172.31.13.220:13138 | 172.31.13.220:13146 -> My.Pub.IP.Add:7078 Jan 20 16:02:59 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: [control] Received command 'delete' from 127.0.0.1:40022 Jan 20 16:02:59 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: [core] Scheduling deletion of call branch '8Cn0Y-HU7' (via-branch '') in 30 seconds Jan 20 16:02:59 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: [core] Scheduling deletion of call branch 'eaaabeb8d95e4b849c4ebc092e9aee47' (via-branch '') in 30 seconds Jan 20 16:02:59 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: [core] Scheduling deletion of entire call in 30 seconds Jan 20 16:02:59 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: [control] Replying to 'delete' from 127.0.0.1:40022 (elapsed time 0.000111 sec) Jan 20 16:03:01 ip-172-31-13-220 CRON[79619]: (root) CMD ((cd /var/www/html/opensips-cp/; /usr/bin/php cron_job/get_opensips_stats.php)) Jan 20 16:03:01 ip-172-31-13-220 CRON[79618]: (CRON) info (No MTA installed, discarding output) Jan 20 16:03:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: [core] Final packet stats: Jan 20 16:03:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: [core] --- Tag '8Cn0Y-HU7', created 1:00 ago for branch '' Jan 20 16:03:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: [core] --- subscribed to 'eaaabeb8d95e4b849c4ebc092e9aee47' Jan 20 16:03:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: [core] --- subscription for 'eaaabeb8d95e4b849c4ebc092e9aee47' Jan 20 16:03:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: [core] ------ Media #1 (audio over RTP/AVP) using opus/48000/2 Jan 20 16:03:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: [core] --------- Port 172.31.13.220:13146 <> My.Pub.IP.Add:7078 , SSRC 3b8965ac, in 6 p, 242 b, 0 e, 35 ts, out 7 p, 322 b, 0 e Jan 20 16:03:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: [core] --------- Port 172.31.13.220:13147 <> My.Pub.IP.Add:7079 (RTCP), SSRC 3b8965ac, in 5 p, 228 b, 4 e, 49 ts, out 12 p, 916 b, 0 e Jan 20 16:03:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: [core] --- Tag 'eaaabeb8d95e4b849c4ebc092e9aee47', created 1:00 ago for branch '' Jan 20 16:03:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: [core] --- subscribed to '8Cn0Y-HU7' Jan 20 16:03:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: [core] --- subscription for '8Cn0Y-HU7' Jan 20 16:03:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: [core] ------ Media #1 (audio over RTP/AVP) using opus/48000/2 Jan 20 16:03:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: [core] --------- Port 172.31.13.220:13138 <> My.Pub.IP.Add:4006 , SSRC 52e506de, in 7 p, 322 b, 0 e, 37 ts, out 6 p, 242 b, 0 e Jan 20 16:03:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: [core] --------- Port 172.31.13.220:13139 <> My.Pub.IP.Add:4007 (RTCP), SSRC 52e506de, in 12 p, 916 b, 0 e, 29 ts, out 1 p, 148 b, 0 e Jan 20 16:03:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: [core] Removing media stream from kernel: local 172.31.13.220:13138 Jan 20 16:03:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: [core] Removing media stream from kernel: local 172.31.13.220:13146 Appreciate any feedback. -------------- next part -------------- An HTML attachment was scrubbed... URL: From hunterj91 at hotmail.com Mon Jan 23 09:59:25 2023 From: hunterj91 at hotmail.com (Jonathan Hunter) Date: Mon, 23 Jan 2023 09:59:25 +0000 Subject: [OpenSIPS-Users] AWS - SQS future support Message-ID: Hi Guys, I notice that back with 3.2 planning that the following got a no-go; Cloud-6 AWS CloudWatch, SQS, SNS 2.92 no-go Does this mean it will never be revisited due to changes required on a new back end interface for the Event Interface? Or it there scope to look at it again in future? Many thanks Jon Sent from Mail for Windows -------------- next part -------------- An HTML attachment was scrubbed... URL: From bogdan at opensips.org Mon Jan 23 11:56:37 2023 From: bogdan at opensips.org (Bogdan-Andrei Iancu) Date: Mon, 23 Jan 2023 13:56:37 +0200 Subject: [OpenSIPS-Users] Introducing OpenSIPS 3.4 In-Reply-To: <5ab0df00-26e1-7bd1-49f6-85e064b02054@opensips.org> References: <8d3ede60-a438-9b7e-5d9a-863da9215d60@opensips.org> <5ab0df00-26e1-7bd1-49f6-85e064b02054@opensips.org> Message-ID: <86b059df-49fc-34df-3d4f-69f4f02abc83@opensips.org> The result for the #opensips 3.4 Feature Poll are now available 🎉 https://www.opensips.org/Development/Opensips-3-4-Planning#poll-results Thanks to the #community members and friends to their involvement💗 Next.... the planing and the work 😉 Best regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer https://www.opensips-solutions.com OpenSIPS Bootcamp 5-16 Dec 2022, online https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/ On 1/16/23 5:18 PM, Bogdan-Andrei Iancu wrote: > Heads up, T-2 days to the deadline for the 3.4 Feature's Survey ! > http://bit.ly/3VjBTfg > Bogdan-Andrei Iancu > > OpenSIPS Founder and Developer > https://www.opensips-solutions.com > OpenSIPS Bootcamp 5-16 Dec 2022, online > https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/ > On 12/21/22 6:30 PM, Bogdan-Andrei Iancu wrote: >> >> Dear OpenSIPS'ers, >> >> We got to that time of year when we start baking a new OpenSIPS major >> version. An new year, a new version, a new topic to be addressed. So >> let me introduce you to the upcoming OpenSIPS 3.4 . >> >> For the upcoming OpenSIPS 3.4 release the main focus is on the >> */consolidation /*topic, from the testing and features perspectives. >> Shortly said, this mainly (not limited) translates into: >> >> * Performance testing and code profiling >> * Conformity testing with SIP scenarios >> * More MSRP features (chat, encryption, reports) >> * More IMS features (IPsec, SIP Outbound) >> * More Back2Back (better re-bridging ) >> >> For the full list with technical description and details, visit : >> >> https://www.opensips.org/Development/Opensips-3-4-Planning >> >> >> *IMPORTANT* >> >> As community is important to us and we want to align the OpenSIPS >> roadmap with the needs of our users, be part of the shaping and >> decision making for the OpenSIPS 3.4 Dev Plan via this *Feature >> Survey * - any feedback is important and it >> matters to us. >> >> >> Best regards and enjoy the winter holidays!! >> -- >> Bogdan-Andrei Iancu >> >> OpenSIPS Founder and Developer >> https://www.opensips-solutions.com >> OpenSIPS Bootcamp 5-16 Dec 2022, online >> https://www.opensips.org/training/OpenSIPS_eBootcamp_2022/ >> >> _______________________________________________ >> Users mailing list >> Users at lists.opensips.org >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users -------------- next part -------------- An HTML attachment was scrubbed... URL: From denys.pozniak at gmail.com Mon Jan 23 13:09:04 2023 From: denys.pozniak at gmail.com (Denys Pozniak) Date: Mon, 23 Jan 2023 15:09:04 +0200 Subject: [OpenSIPS-Users] How to dump dispatcher destinations from the db_text via opensips-cli? Message-ID: Hello! I need help understanding how I can use the dispatcher module in conjunction with db_text (I usually use a list file, but on this version, it is no longer possible). My database consists of two tables/files: version and dispatcher: *[root at localhost]# tree /etc/opensips/dbtext* */etc/opensips/dbtext* *├── dispatcher* *└── version* *[root at localhost]# cat /etc/opensips/dbtext/dispatcher* *id(int,auto) setid(int) destination(string) socket(string,null) state(int) probe_mode(int) weight(string) priority(int) attrs(string) description(string)* *1:1:sip\:127.0.0.1::1:2:3:4:'':''* When I try to display the entire structure of SIP peers, I always get "OK" only, although I would expect to see a list of destination/s: *[root at localhost]# opensips-cli -x mi dbt_dump* *"OK"* Script snippet: *loadmodule "db_text.so"* *modparam("db_text", "db_mode", 0)* *loadmodule "dispatcher.so"* *modparam("dispatcher", "db_url", "text:///etc/opensips/dbtext")* Version: *[root at localhost]# opensips -V* *version: opensips 3.4.0-dev (x86_64/linux)* *flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, HP_MALLOC, DBG_MALLOC, CC_O0, FAST_LOCK-ADAPTIVE_WAIT* *ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535* *poll method support: poll, epoll, sigio_rt, select.* *git revision: 42c8a20eb* *main.c compiled on 05:49:47 Jan 22 2023 with gcc 4.8.5* -- BR, Denys Pozniak -------------- next part -------------- An HTML attachment was scrubbed... URL: From denys.pozniak at gmail.com Mon Jan 23 13:15:04 2023 From: denys.pozniak at gmail.com (Denys Pozniak) Date: Mon, 23 Jan 2023 15:15:04 +0200 Subject: [OpenSIPS-Users] How to dump dispatcher destinations from the db_text via opensips-cli? In-Reply-To: References: Message-ID: Sorry for the noise, got the commands mixed up a bit: *opensips-cli -x mi ds_list* пн, 23 янв. 2023 г. в 15:09, Denys Pozniak : > > Hello! > > I need help understanding how I can use the dispatcher module in > conjunction with db_text (I usually use a list file, but on this version, > it is no longer possible). > My database consists of two tables/files: version and dispatcher: > > *[root at localhost]# tree /etc/opensips/dbtext* > */etc/opensips/dbtext* > *├── dispatcher* > *└── version* > > > *[root at localhost]# cat /etc/opensips/dbtext/dispatcher* > *id(int,auto) setid(int) destination(string) socket(string,null) > state(int) probe_mode(int) weight(string) priority(int) attrs(string) > description(string)* > *1:1:sip\:127.0.0.1::1:2:3:4:'':''* > > > When I try to display the entire structure of SIP peers, I always get "OK" > only, although I would expect to see a list of destination/s: > > *[root at localhost]# opensips-cli -x mi dbt_dump* > *"OK"* > > > Script snippet: > > *loadmodule "db_text.so"* > *modparam("db_text", "db_mode", 0)* > *loadmodule "dispatcher.so"* > *modparam("dispatcher", "db_url", "text:///etc/opensips/dbtext")* > > > Version: > > *[root at localhost]# opensips -V* > *version: opensips 3.4.0-dev (x86_64/linux)* > *flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, > Q_MALLOC, F_MALLOC, HP_MALLOC, DBG_MALLOC, CC_O0, FAST_LOCK-ADAPTIVE_WAIT* > *ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, > MAX_URI_SIZE 1024, BUF_SIZE 65535* > *poll method support: poll, epoll, sigio_rt, select.* > *git revision: 42c8a20eb* > *main.c compiled on 05:49:47 Jan 22 2023 with gcc 4.8.5* > > > -- > > BR, > Denys Pozniak > > > -- BR, Denys Pozniak -------------- next part -------------- An HTML attachment was scrubbed... URL: From kingsley at dns99.co.uk Mon Jan 23 13:25:10 2023 From: kingsley at dns99.co.uk (Kingsley Tart) Date: Mon, 23 Jan 2023 13:25:10 +0000 Subject: [OpenSIPS-Users] rtpengine not kernel packet forwarding Message-ID: <8de1fffe3afdb14c6c3af0639895f432730edf1e.camel@dns99.co.uk> Hi, I realise this is an OpenSIPS list and not an rtpengine list, but I'm stumped so am wondering whether anyone on here can shed any light on the issue. I have rtpengine working with OpenSIPS but if I try to use kernel packet forwarding it doesn't forward the packets. lsmod shows xt_RTPENGINE and x_tables loaded. With this in iptables, rtpengine works but forwards packets in user space: :rtpengine - [0:0] -A INPUT -p udp -j rtpengine -A rtpengine -p udp -m udp --dport 2223 -m set --match-set allowed-rtp-management src -j ACCEPT A rtpengine -p udp -j ACCEPT With this in iptables, no packets get forwarded: :rtpengine - [0:0] -A INPUT -p udp -j rtpengine -A rtpengine -p udp -m udp --dport 2223 -m set --match-set allowed-rtp-management src -j ACCEPT -A rtpengine -p udp -j RTPENGINE --id 0 /proc/rtpengine/0/list exists but remains empty. /proc/rtpengine/list only ever contains a zero. This is on Debian 11. rtpengine version is 10.5.3.1-1. This is in apt sources: deb [signed-by=/usr/share/keyrings/dfx.at-rtpengine-archive-keyring.gpg] https://dfx.at/rtpengine/10.5 bullseye main Any pointers would be greatly appreciated! Thanks in advance. -- Cheers, Kingsley. From john at voxtelesys.com Mon Jan 23 13:48:09 2023 From: john at voxtelesys.com (John Burke) Date: Mon, 23 Jan 2023 07:48:09 -0600 Subject: [OpenSIPS-Users] rtpengine not kernel packet forwarding Message-ID: The kernel module still requires a fallback user space rule for the first few packets. Once the user space daemon determines the forwarding rule set, it pushes to the kernel module. The kernel module can then pickup the packets. Their GitHub page has a detailed step by step for this process. -A INPUT -p udp -j rtpengine -A rtpengine -p udp -m udp --dport 2223 -m set --match-set allowed-rtp-management src -j ACCEPT -A rtpengine -p udp -j RTPENGINE --id 0 -A rtpengine -p udp -j ACCEPT Sent from my iPhone > On Jan 23, 2023, at 7:27 AM, Kingsley Tart wrote: > A rtpengine -p udp -j ACCEPT From kingsley at dns99.co.uk Mon Jan 23 14:50:14 2023 From: kingsley at dns99.co.uk (Kingsley Tart) Date: Mon, 23 Jan 2023 14:50:14 +0000 Subject: [OpenSIPS-Users] rtpengine not kernel packet forwarding In-Reply-To: References: Message-ID: <8d9ed018ab9cb6e12fa6d624aaa74ea1cc282a86.camel@dns99.co.uk> Oh wow, it was just a case of hanging on the test call for a bit longer - thank you so much! I never saw that crucial bit of info in any of the guides I found and it's perhaps a bit odd that the distro scripts added the 1st and 3rd (as quoted below) rules to iptables but didn't add the last one. Anyway, it does indeed seem that after a few seconds it switches over to kernel forwarding, so thank you once again - you have successfully managed to postpone my balding process ;) Cheers, Kingsley. On Mon, 2023-01-23 at 07:48 -0600, John Burke via Users wrote: > The kernel module still requires a fallback user space rule for the > first few packets. Once the user space daemon determines the > forwarding rule set, it pushes to the kernel module. The kernel > module can then pickup the packets. Their GitHub page has a detailed > step by step for this process. > > -A INPUT -p udp -j rtpengine > -A rtpengine -p udp -m udp --dport 2223 -m set --match-set allowed- > rtp-management src -j ACCEPT > -A rtpengine -p udp -j RTPENGINE --id 0 > -A rtpengine -p udp -j ACCEPT > > > > Sent from my iPhone > > > On Jan 23, 2023, at 7:27 AM, Kingsley Tart > > wrote: > > A rtpengine -p udp -j ACCEPT > > > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users From nutxase at proton.me Mon Jan 23 16:38:13 2023 From: nutxase at proton.me (nutxase) Date: Mon, 23 Jan 2023 16:38:13 +0000 Subject: [OpenSIPS-Users] WSS errors Message-ID: Hey All Strange error i have registrations working via WSS and all works fine about after about 5 incoming calls the log gets these errors and the only way to receive calls again is to restart opensips Jan 19 20:06:41 [localhost] /usr/sbin/opensips[4263]: ERROR:proto_wss:ws_sync_connect: tcp_blocking_connect failed Jan 19 20:06:41 [localhost] /usr/sbin/opensips[4263]: ERROR:proto_wss:ws_connect: connect failed Jan 19 20:06:41 [localhost] /usr/sbin/opensips[4263]: ERROR:proto_wss:proto_wss_send: connect failed Jan 19 20:06:41 [localhost] /usr/sbin/opensips[4263]: ERROR:tm:msg_send: send() to xxxx:39048 for proto wss/6 failed Jan 19 20:06:41 [localhost] /usr/sbin/opensips[4263]: ERROR:tm:t_forward_nonack: sending request failed Sent with [Proton Mail](https://proton.me/) secure email. -------------- next part -------------- An HTML attachment was scrubbed... URL: From denys.pozniak at gmail.com Tue Jan 24 10:58:40 2023 From: denys.pozniak at gmail.com (Denys Pozniak) Date: Tue, 24 Jan 2023 12:58:40 +0200 Subject: [OpenSIPS-Users] Displaying the state of the peer in the dispatcher Message-ID: Hello! Help me figure out how to set up a dispatcher in the new version of OpenSIPS. I need to constantly send SIP OPTIONS ping to all peers and change the status (mi dlg_list) if there is no answer from someone. Before I used to operate with flags, but in new versions, they were removed. Here I added 2 peers (active and fake) into dbtext/dispatcher: *id(int,auto) setid(int) destination(string) socket(string,null) state(int) probe_mode(int) weight(string) priority(int) attrs(string) description(string)* *0:1:sip\:192.168.100.100::2:1:1:1:'':''**1:1:sip\:127.0.0.1::2:1:1:1:'':''* *loadmodule "dispatcher.so"* *modparam("dispatcher", "db_url", "text:///etc/opensips/dbtext")* *modparam("dispatcher", "ds_ping_method", "OPTIONS")* *modparam("dispatcher", "ds_ping_from", "sip:ping at dispatcher")* *modparam("dispatcher", "ds_ping_interval", 1)* *modparam("dispatcher", "ds_probing_mode", 1)* *modparam("dispatcher", "options_reply_codes", "501,403,404,400,200")* But always the *mi ds_list* gives me the status of both as Probing, although I would expect the status of the fake peer (127.0.0.1) to become Inactive, the real one should be Active *# opensips-cli -x mi ds_list * *{* * "PARTITIONS": [* * {* * "name": "default",* * "SETS": [* * {* * "id": 1,* * "Destinations": [* * {* * "URI": "sip:192.168.100.100",* * "state": "Probing",* * "first_hit_counter": 0,* * "attr": "''",* * "resolved_addresses": [* * "192.168.100.100:5060 "* * ]* * },* * {* * "URI": "sip:127.0.0.1",* * "state": "Probing",* * "first_hit_counter": 0,* * "attr": "''",* * "resolved_addresses": [* * "127.0.0.1:5060 "* * ]* -- BR, Denys Pozniak -------------- next part -------------- An HTML attachment was scrubbed... URL: From denys.pozniak at gmail.com Wed Jan 25 14:09:49 2023 From: denys.pozniak at gmail.com (Denys Pozniak) Date: Wed, 25 Jan 2023 16:09:49 +0200 Subject: [OpenSIPS-Users] Displaying the state of the peer in the dispatcher In-Reply-To: References: Message-ID: Hello! I am still dealing with the problem, something was found in the logs: *Jan 25 15:06:30 localhost.localdomain /usr/sbin/opensips[5914]: ERROR:dispatcher:ds_options_callback: Setting the state failed (, group 1)* *Jan 25 15:06:31 localhost.localdomain /usr/sbin/opensips[5923]: ERROR:dispatcher:ds_options_callback: Setting the probing state failed (, group 1)* *Jan 25 15:06:32 localhost.localdomain /usr/sbin/opensips[5914]: ERROR:dispatcher:ds_options_callback: Setting the state failed (, group 1)* *Jan 25 15:06:33 localhost.localdomain /usr/sbin/opensips[5923]: DBG:dispatcher:ds_options_callback: OPTIONS-Request was finished with code 408 (to , group 1)* *Jan 25 15:06:33 localhost.localdomain /usr/sbin/opensips[5923]: ERROR:dispatcher:ds_options_callback: Setting the probing state failed (, group 1)* *Jan 25 15:06:34 localhost.localdomain /usr/sbin/opensips[5923]: DBG:dispatcher:ds_check_timer: probing set #1, URI sip:192.168.100.100* *Jan 25 15:06:34 localhost.localdomain /usr/sbin/opensips[5923]: DBG:dispatcher:ds_check_timer: probing set #1, URI sip:127.0.0.1* *Jan 25 15:06:34 localhost.localdomain /usr/sbin/opensips[5914]: DBG:dispatcher:ds_options_callback: OPTIONS-Request was finished with code 200 (to , group 1)* *Jan 25 15:06:34 localhost.localdomain /usr/sbin/opensips[5914]: ERROR:dispatcher:ds_options_callback: Setting the state failed (, group 1)* вт, 24 янв. 2023 г. в 12:58, Denys Pozniak : > Hello! > > Help me figure out how to set up a dispatcher in the new version of > OpenSIPS. > I need to constantly send SIP OPTIONS ping to all peers and change the > status (mi dlg_list) if there is no answer from someone. > Before I used to operate with flags, but in new versions, they were > removed. > > Here I added 2 peers (active and fake) into dbtext/dispatcher: > > > *id(int,auto) setid(int) destination(string) socket(string,null) > state(int) probe_mode(int) weight(string) priority(int) attrs(string) > description(string)* > *0:1:sip\:192.168.100.100::2:1:1:1:'':''* > *1:1:sip\:127.0.0.1::2:1:1:1:'':''* > > > *loadmodule "dispatcher.so"* > *modparam("dispatcher", "db_url", "text:///etc/opensips/dbtext")* > *modparam("dispatcher", "ds_ping_method", "OPTIONS")* > *modparam("dispatcher", "ds_ping_from", "sip:ping at dispatcher")* > *modparam("dispatcher", "ds_ping_interval", 1)* > *modparam("dispatcher", "ds_probing_mode", 1)* > *modparam("dispatcher", "options_reply_codes", "501,403,404,400,200")* > > > But always the *mi ds_list* gives me the status of both as Probing, > although I would expect the status of the fake peer (127.0.0.1) to become > Inactive, the real one should be Active > > *# opensips-cli -x mi ds_list * > *{* > * "PARTITIONS": [* > * {* > * "name": "default",* > * "SETS": [* > * {* > * "id": 1,* > * "Destinations": [* > * {* > * "URI": "sip:192.168.100.100",* > * "state": "Probing",* > * "first_hit_counter": 0,* > * "attr": "''",* > * "resolved_addresses": [* > * "192.168.100.100:5060 > "* > * ]* > * },* > * {* > * "URI": "sip:127.0.0.1",* > * "state": "Probing",* > * "first_hit_counter": 0,* > * "attr": "''",* > * "resolved_addresses": [* > * "127.0.0.1:5060 "* > * ]* > > > -- > BR, > Denys Pozniak > > > -- BR, Denys Pozniak -------------- next part -------------- An HTML attachment was scrubbed... URL: From denys.pozniak at gmail.com Thu Jan 26 09:41:57 2023 From: denys.pozniak at gmail.com (Denys Pozniak) Date: Thu, 26 Jan 2023 11:41:57 +0200 Subject: [OpenSIPS-Users] Displaying the state of the peer in the dispatcher In-Reply-To: References: Message-ID: Hello! The problem is present only in the master branch. In version 3.3 everything works as it should. Reported issue: https://github.com/OpenSIPS/opensips/issues/3000 ср, 25 янв. 2023 г. в 16:09, Denys Pozniak : > Hello! > > I am still dealing with the problem, something was found in the logs: > > *Jan 25 15:06:30 localhost.localdomain /usr/sbin/opensips[5914]: > ERROR:dispatcher:ds_options_callback: Setting the state failed > (, group 1)* > *Jan 25 15:06:31 localhost.localdomain /usr/sbin/opensips[5923]: > ERROR:dispatcher:ds_options_callback: Setting the probing state failed > (, group 1)* > *Jan 25 15:06:32 localhost.localdomain /usr/sbin/opensips[5914]: > ERROR:dispatcher:ds_options_callback: Setting the state failed > (, group 1)* > *Jan 25 15:06:33 localhost.localdomain /usr/sbin/opensips[5923]: > DBG:dispatcher:ds_options_callback: OPTIONS-Request was finished with code > 408 (to , group 1)* > *Jan 25 15:06:33 localhost.localdomain /usr/sbin/opensips[5923]: > ERROR:dispatcher:ds_options_callback: Setting the probing state failed > (, group 1)* > *Jan 25 15:06:34 localhost.localdomain /usr/sbin/opensips[5923]: > DBG:dispatcher:ds_check_timer: probing set #1, URI sip:192.168.100.100* > *Jan 25 15:06:34 localhost.localdomain /usr/sbin/opensips[5923]: > DBG:dispatcher:ds_check_timer: probing set #1, URI sip:127.0.0.1* > *Jan 25 15:06:34 localhost.localdomain /usr/sbin/opensips[5914]: > DBG:dispatcher:ds_options_callback: OPTIONS-Request was finished with code > 200 (to , group 1)* > *Jan 25 15:06:34 localhost.localdomain /usr/sbin/opensips[5914]: > ERROR:dispatcher:ds_options_callback: Setting the state failed > (, group 1)* > > > вт, 24 янв. 2023 г. в 12:58, Denys Pozniak : > >> Hello! >> >> Help me figure out how to set up a dispatcher in the new version of >> OpenSIPS. >> I need to constantly send SIP OPTIONS ping to all peers and change the >> status (mi dlg_list) if there is no answer from someone. >> Before I used to operate with flags, but in new versions, they were >> removed. >> >> Here I added 2 peers (active and fake) into dbtext/dispatcher: >> >> >> *id(int,auto) setid(int) destination(string) socket(string,null) >> state(int) probe_mode(int) weight(string) priority(int) attrs(string) >> description(string)* >> *0:1:sip\:192.168.100.100::2:1:1:1:'':''* >> *1:1:sip\:127.0.0.1::2:1:1:1:'':''* >> >> >> *loadmodule "dispatcher.so"* >> *modparam("dispatcher", "db_url", "text:///etc/opensips/dbtext")* >> *modparam("dispatcher", "ds_ping_method", "OPTIONS")* >> *modparam("dispatcher", "ds_ping_from", "sip:ping at dispatcher")* >> *modparam("dispatcher", "ds_ping_interval", 1)* >> *modparam("dispatcher", "ds_probing_mode", 1)* >> *modparam("dispatcher", "options_reply_codes", "501,403,404,400,200")* >> >> >> But always the *mi ds_list* gives me the status of both as Probing, >> although I would expect the status of the fake peer (127.0.0.1) to become >> Inactive, the real one should be Active >> >> *# opensips-cli -x mi ds_list * >> *{* >> * "PARTITIONS": [* >> * {* >> * "name": "default",* >> * "SETS": [* >> * {* >> * "id": 1,* >> * "Destinations": [* >> * {* >> * "URI": "sip:192.168.100.100",* >> * "state": "Probing",* >> * "first_hit_counter": 0,* >> * "attr": "''",* >> * "resolved_addresses": [* >> * "192.168.100.100:5060 >> "* >> * ]* >> * },* >> * {* >> * "URI": "sip:127.0.0.1",* >> * "state": "Probing",* >> * "first_hit_counter": 0,* >> * "attr": "''",* >> * "resolved_addresses": [* >> * "127.0.0.1:5060 "* >> * ]* >> >> >> -- >> BR, >> Denys Pozniak >> >> >> > > -- > > BR, > Denys Pozniak > > > -- BR, Denys Pozniak -------------- next part -------------- An HTML attachment was scrubbed... URL: From pkelly at gmail.com Thu Jan 26 11:51:03 2023 From: pkelly at gmail.com (Pete Kelly) Date: Thu, 26 Jan 2023 03:51:03 -0800 Subject: [OpenSIPS-Users] OpenSIPS 3.2 - cachedb_url / mongo+srv support Message-ID: Hi I am using the cachedb_url parameter in the usrloc module, in order to connect to a MongoDB cluster. However the connection string I need to use is mongodb+srv:// in order to do an SRV lookup to find the correct/current cluster node to connect to. OpenSIPS doesn’t seem to support this currently (v3.2.10) and gives the error: ERROR:core:cachedb_bind_mod: failed to bind to [mongodb+srv] module. Is it loaded ? Jan 26 11:47:26 opensips10 /usr/sbin/opensips[1714368]: ERROR:usrloc:ul_check_db: cannot bind functions for cachedb_url mongodb+srv:…. Is there a way around this somehow by modifying the connection string, or is it simply not currently supported? Pete -------------- next part -------------- An HTML attachment was scrubbed... URL: From bullehs at gmail.com Thu Jan 26 17:44:49 2023 From: bullehs at gmail.com (HS) Date: Thu, 26 Jan 2023 22:44:49 +0500 Subject: [OpenSIPS-Users] LATE SDP Script on Opensips 3.3 In-Reply-To: References: Message-ID: Hi all, Here's is a link to the log of 2 calls. First part is a call that has one-way audio and the second is a call that has great bi-directional audio. https://pastebin.com/ggUFUmsp Appreciate if someone can identify if opensips config is ok pls, or suggestions on how to fix pls. On Sat, Jan 21, 2023 at 3:34 PM HS wrote: > Hi all. > > I am trying to setup an Opensips 3.3 instance on AWS and have rtpengine > installed. I am using a modified version of the script here: > > http://www.opensips.org/pub/docs/tutorials/websockets/opensips-late.cfg > > Two issues. > 1. When I call a browser (Firefox or chrome), the call is rejected and I > get the error: "Failed to get local SDP". > 2. One-way audio in specific circumstances - log below. Investigating > further I found that if I use "t_on_reply("handle_nat");" the calls go > through fine. However, if I use "t_on_branch("handle_nat");" I see > behaviour below. > > Thanks in advance. > > I am using 2 UA - Microsip and Linphone. When I call from Microsip > (Laptop) to Linphone (Android) I have great audio and the logs show this: > > Jan 20 16:11:06 ip-172-31-13-220 rtpengine[42387]: INFO: > [f75f1e374747457ca016e3a3a62ff4b3]: [control] Received command 'answer' > from 127.0.0.1:33919 > Jan 20 16:11:06 ip-172-31-13-220 rtpengine[42387]: INFO: > [f75f1e374747457ca016e3a3a62ff4b3]: [control] Replying to 'answer' from > 127.0.0.1:33919 (elapsed time 0.000268 sec) > Jan 20 16:11:06 ip-172-31-13-220 /usr/sbin/opensips[79601]: incoming reply > Jan 20 16:11:07 ip-172-31-13-220 dhclient[451]: DHCPREQUEST for > 172.31.13.220 on ens5 to 172.31.0.1 port 67 > Jan 20 16:11:07 ip-172-31-13-220 dhclient[451]: DHCPACK of 172.31.13.220 > from 172.31.0.1 > Jan 20 16:11:07 ip-172-31-13-220 dhclient[451]: bound to 172.31.13.220 -- > renewal in 1607 seconds. > Jan 20 16:11:10 ip-172-31-13-220 rtpengine[42387]: INFO: > [f75f1e374747457ca016e3a3a62ff4b3 port 13215]: [core] Confirmed peer > address as My.Pub.IP.Add:4011 > Jan 20 16:11:21 ip-172-31-13-220 rtpengine[42387]: INFO: > [f75f1e374747457ca016e3a3a62ff4b3]: [control] Received command 'delete' > from 127.0.0.1:33919 > Jan 20 16:11:21 ip-172-31-13-220 rtpengine[42387]: INFO: > [f75f1e374747457ca016e3a3a62ff4b3]: [core] Scheduling deletion of call > branch 'bGUEC~8' (via-branch '') in 30 seconds > Jan 20 16:11:21 ip-172-31-13-220 rtpengine[42387]: INFO: > [f75f1e374747457ca016e3a3a62ff4b3]: [core] Scheduling deletion of call > branch '33a25bec39c742678ce74836e0ff40d1' (via-branch '') in 30 seconds > Jan 20 16:11:21 ip-172-31-13-220 rtpengine[42387]: INFO: > [f75f1e374747457ca016e3a3a62ff4b3]: [core] Scheduling deletion of entire > call in 30 seconds > Jan 20 16:11:21 ip-172-31-13-220 rtpengine[42387]: INFO: > [f75f1e374747457ca016e3a3a62ff4b3]: [control] Replying to 'delete' from > 127.0.0.1:33919 (elapsed time 0.000179 sec) > > > However, when I call from Linphone to Microsip, there's one-way audio and > the following in the logs: > > Jan 20 16:02:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: > [control] Received command 'offer' from 127.0.0.1:40022 > Jan 20 16:02:29 ip-172-31-13-220 rtpengine[42387]: NOTICE: [CjBB-HZqpe]: > [core] Creating new call > Jan 20 16:02:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: > [control] Replying to 'offer' from 127.0.0.1:40022 (elapsed time 0.000500 > sec) > Jan 20 16:02:37 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: > [control] Received command 'answer' from 127.0.0.1:40022 > Jan 20 16:02:37 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: > [control] Replying to 'answer' from 127.0.0.1:40022 (elapsed time > 0.000209 sec) > Jan 20 16:02:37 ip-172-31-13-220 /usr/sbin/opensips[79600]: incoming reply > Jan 20 16:02:38 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: > [control] Received command 'answer' from 127.0.0.1:40022 > Jan 20 16:02:38 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: > [control] Replying to 'answer' from 127.0.0.1:40022 (elapsed time > 0.000178 sec) > Jan 20 16:02:38 ip-172-31-13-220 /usr/sbin/opensips[79600]: incoming reply > Jan 20 16:02:39 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: > [control] Received command 'answer' from 127.0.0.1:40022 > Jan 20 16:02:39 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: > [control] Replying to 'answer' from 127.0.0.1:40022 (elapsed time > 0.000139 sec) > Jan 20 16:02:39 ip-172-31-13-220 /usr/sbin/opensips[79600]: incoming reply > Jan 20 16:02:44 ip-172-31-13-220 dhclient[524]: XMT: Solicit on ens5, > interval 111260ms. > Jan 20 16:02:45 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe port > 13139]: [core] Confirmed peer address as My.Pub.IP.Add:4007 > Jan 20 16:02:46 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe port > 13146]: [core] Confirmed peer address as My.Pub.IP.Add:7078 > Jan 20 16:02:46 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe port > 13146]: [core] Kernelizing media stream: My.Pub.IP.Add:7078 -> > 172.31.13.220:13146 | 172.31.13.220:13138 -> My.Pub.IP.Add:4006 > Jan 20 16:02:51 ip-172-31-13-220 rtpengine[42387]: INFO: > [8fbde711f8864432ba7a37290d224a9a]: [core] Final packet stats: > Jan 20 16:02:51 ip-172-31-13-220 rtpengine[42387]: INFO: > [8fbde711f8864432ba7a37290d224a9a]: [core] --- Tag > 'de22d68c1c7e4e759933a940e2f9eaa8', created 1:30 ago for branch '' > Jan 20 16:02:51 ip-172-31-13-220 rtpengine[42387]: INFO: > [8fbde711f8864432ba7a37290d224a9a]: [core] --- subscribed to 'PCjqSrP' > Jan 20 16:02:51 ip-172-31-13-220 rtpengine[42387]: INFO: > [8fbde711f8864432ba7a37290d224a9a]: [core] --- subscription for > 'PCjqSrP' > Jan 20 16:02:51 ip-172-31-13-220 rtpengine[42387]: INFO: > [8fbde711f8864432ba7a37290d224a9a]: [core] ------ Media #1 (audio over > RTP/AVP) using opus/48000/2 > Jan 20 16:02:51 ip-172-31-13-220 rtpengine[42387]: INFO: > [8fbde711f8864432ba7a37290d224a9a]: [core] --------- Port > 172.31.13.220:13126 <> My.Pub.IP.Add:4004 , SSRC 3cca2cda, in 4 p, 185 > b, 0 e, 83 ts, out 2 p, 67 b, 0 e > Jan 20 16:02:51 ip-172-31-13-220 rtpengine[42387]: INFO: > [8fbde711f8864432ba7a37290d224a9a]: [core] --------- Port > 172.31.13.220:13127 <> My.Pub.IP.Add:4005 (RTCP), SSRC 3cca2cda, in 4 > p, 276 b, 0 e, 83 ts, out 0 p, 0 b, 0 e > Jan 20 16:02:51 ip-172-31-13-220 rtpengine[42387]: INFO: > [8fbde711f8864432ba7a37290d224a9a]: [core] --- Tag 'PCjqSrP', created 1:30 > ago for branch '' > Jan 20 16:02:51 ip-172-31-13-220 rtpengine[42387]: INFO: > [8fbde711f8864432ba7a37290d224a9a]: [core] --- subscribed to > 'de22d68c1c7e4e759933a940e2f9eaa8' > Jan 20 16:02:51 ip-172-31-13-220 rtpengine[42387]: INFO: > [8fbde711f8864432ba7a37290d224a9a]: [core] --- subscription for > 'de22d68c1c7e4e759933a940e2f9eaa8' > Jan 20 16:02:51 ip-172-31-13-220 rtpengine[42387]: INFO: > [8fbde711f8864432ba7a37290d224a9a]: [core] ------ Media #1 (audio over > RTP/AVP) using opus/48000/2 > Jan 20 16:02:51 ip-172-31-13-220 rtpengine[42387]: INFO: > [8fbde711f8864432ba7a37290d224a9a]: [core] --------- Port > 172.31.13.220:13112 <> My.Pub.IP.Add:7078 , SSRC 1a445cd2, in 2 p, 67 > b, 0 e, 83 ts, out 4 p, 185 b, 0 e > Jan 20 16:02:51 ip-172-31-13-220 rtpengine[42387]: INFO: > [8fbde711f8864432ba7a37290d224a9a]: [core] --------- Port > 172.31.13.220:13113 <> My.Pub.IP.Add:7079 (RTCP), SSRC 0, in 2 p, 40 > b, 2 e, 83 ts, out 4 p, 276 b, 0 e > Jan 20 16:02:52 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe port > 13138]: [core] Confirmed peer address as My.Pub.IP.Add:4006 > Jan 20 16:02:52 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe port > 13138]: [core] Kernelizing media stream: My.Pub.IP.Add:4006 -> > 172.31.13.220:13138 | 172.31.13.220:13146 -> My.Pub.IP.Add:7078 > Jan 20 16:02:59 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: > [control] Received command 'delete' from 127.0.0.1:40022 > Jan 20 16:02:59 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: > [core] Scheduling deletion of call branch '8Cn0Y-HU7' (via-branch '') in 30 > seconds > Jan 20 16:02:59 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: > [core] Scheduling deletion of call branch > 'eaaabeb8d95e4b849c4ebc092e9aee47' (via-branch '') in 30 seconds > Jan 20 16:02:59 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: > [core] Scheduling deletion of entire call in 30 seconds > Jan 20 16:02:59 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: > [control] Replying to 'delete' from 127.0.0.1:40022 (elapsed time > 0.000111 sec) > Jan 20 16:03:01 ip-172-31-13-220 CRON[79619]: (root) CMD ((cd > /var/www/html/opensips-cp/; /usr/bin/php cron_job/get_opensips_stats.php)) > Jan 20 16:03:01 ip-172-31-13-220 CRON[79618]: (CRON) info (No MTA > installed, discarding output) > Jan 20 16:03:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: > [core] Final packet stats: > Jan 20 16:03:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: > [core] --- Tag '8Cn0Y-HU7', created 1:00 ago for branch '' > Jan 20 16:03:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: > [core] --- subscribed to 'eaaabeb8d95e4b849c4ebc092e9aee47' > Jan 20 16:03:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: > [core] --- subscription for 'eaaabeb8d95e4b849c4ebc092e9aee47' > Jan 20 16:03:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: > [core] ------ Media #1 (audio over RTP/AVP) using opus/48000/2 > Jan 20 16:03:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: > [core] --------- Port 172.31.13.220:13146 <> My.Pub.IP.Add:7078 , > SSRC 3b8965ac, in 6 p, 242 b, 0 e, 35 ts, out 7 p, 322 b, 0 e > Jan 20 16:03:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: > [core] --------- Port 172.31.13.220:13147 <> My.Pub.IP.Add:7079 > (RTCP), SSRC 3b8965ac, in 5 p, 228 b, 4 e, 49 ts, out 12 p, 916 b, 0 e > Jan 20 16:03:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: > [core] --- Tag 'eaaabeb8d95e4b849c4ebc092e9aee47', created 1:00 ago for > branch '' > Jan 20 16:03:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: > [core] --- subscribed to '8Cn0Y-HU7' > Jan 20 16:03:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: > [core] --- subscription for '8Cn0Y-HU7' > Jan 20 16:03:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: > [core] ------ Media #1 (audio over RTP/AVP) using opus/48000/2 > Jan 20 16:03:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: > [core] --------- Port 172.31.13.220:13138 <> My.Pub.IP.Add:4006 , > SSRC 52e506de, in 7 p, 322 b, 0 e, 37 ts, out 6 p, 242 b, 0 e > Jan 20 16:03:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: > [core] --------- Port 172.31.13.220:13139 <> My.Pub.IP.Add:4007 > (RTCP), SSRC 52e506de, in 12 p, 916 b, 0 e, 29 ts, out 1 p, 148 b, 0 e > Jan 20 16:03:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: > [core] Removing media stream from kernel: local 172.31.13.220:13138 > Jan 20 16:03:29 ip-172-31-13-220 rtpengine[42387]: INFO: [CjBB-HZqpe]: > [core] Removing media stream from kernel: local 172.31.13.220:13146 > > Appreciate any feedback. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From razvan at opensips.org Fri Jan 27 13:07:11 2023 From: razvan at opensips.org (=?UTF-8?Q?R=c4=83zvan_Crainea?=) Date: Fri, 27 Jan 2023 15:07:11 +0200 Subject: [OpenSIPS-Users] WSS errors In-Reply-To: References: Message-ID: <34ff4431-be7e-4cef-6a64-f129ef3d9b42@opensips.org> Hi, nutxase! Connection to your browser gets closed, and OpenSIPS tries to re-connect, but fails (due to browser jail, etc.) You should enable pinging in your setup to keep the connection open, and ideally reconnect from the browser if the connection gets closed. Best regards, Răzvan Crainea OpenSIPS Core Developer http://www.opensips-solutions.com On 1/23/23 18:38, nutxase via Users wrote: > Hey All > > Strange error > > i have registrations working via WSS and all works fine about after > about 5 incoming calls > the log gets these errors and the only way to receive calls again is to > restart opensips > > Jan 19 20:06:41 [localhost] /usr/sbin/opensips[4263]: ERROR:proto_wss:ws_sync_connect: tcp_blocking_connect failed > Jan 19 20:06:41 [localhost] /usr/sbin/opensips[4263]: ERROR:proto_wss:ws_connect: connect failed > Jan 19 20:06:41 [localhost] /usr/sbin/opensips[4263]: ERROR:proto_wss:proto_wss_send: connect failed > Jan 19 20:06:41 [localhost] /usr/sbin/opensips[4263]: ERROR:tm:msg_send: send() to xxxx:39048 for proto wss/6 failed > Jan 19 20:06:41 [localhost] /usr/sbin/opensips[4263]: ERROR:tm:t_forward_nonack: sending request failed > > > > Sent with Proton Mail secure email. > > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users From greg at switchtel.co.za Sun Jan 29 17:13:07 2023 From: greg at switchtel.co.za (Gregory Massel) Date: Sun, 29 Jan 2023 19:13:07 +0200 Subject: [OpenSIPS-Users] $si showing contact address Message-ID: <74c38493-4d02-2961-fa25-eaf8a7f386b3@switchtel.co.za> Good day all I'm picking up a weird issue where $si is reflecting the IP address of the contact rather then the IP packet header. If I run "opensips-cli -x mi ul_show_contact location redacted at domain" I get: "Contact": "sip:redacted at 1.2.3.1:45066", "Received": "sip:102.132.225.36:45066", When I look at my logs, it logged: ACL mismatch for _*udp:1.2.3.1:45066*_ on REGISTER request for redacted at domain with auth-user redacted; ACL: "redacted". xlog ("ACL mismatch for $socket_in(proto):*$si*:$sp on $rm request for $var(req_user)@$var(domain) with auth-user $au; ACL: \"$avp(acl)\".\n"); So it seems that, within this particular router, $si is actually being set to the contact IP rather than the IP source address. Note that this check is done only after the MD5 authentication has completed. Even if the source failed to NAT the packet and arrived with spoofed IP source IP 1.2.3.1, it would never get to this point as I would first reply with a SIP 401 requesting authentication and they would never actually receive that 401 message and never be able to send me back an authenticated request. If this were happening all the time, I'd expect to see tons of log entries with RFC1918 IP addresses, however, I don't and, in fact, this is an extreme rare log entry. I do have the following which may or may not be relevant: force_rport(); if (nat_uac_test(23)) { if (is_method("REGISTER")) { fix_nated_register(); setbflag("NAT"); } else { fix_nated_contact(); setflag("NAT"); } } However, I still don't understand why $si would ever reflect anything other then the actual source IP address as per the IP packet header. I cannot retrospectively sniff the registration that caused this, however, I have sniffer a subsequent REGISTER packet from the same endpoint: 2023/01/29 18:47:46.104058 102.132.225.36:45066 -> x.x.x.x:5060 REGISTERsip:domain SIP/2.0 Via: SIP/2.0/UDP 1.2.3.1:45066;branch=z9hG4bK1021971937;rport From:;tag=63384276 To: Call-ID:598699451-15089-1 at BJC.BGI.A.BAF CSeq: 3158 REGISTER Contact:;reg-id=1;+sip.instance="" Authorization: Digest username="redacted", realm="domain", nonce="63d6a350000179c64cd75dec932c20a438d014ba0ed633e2", uri="sip:domain", response="e549d1261c9cc5534aa0783db28529 ", algorithm=MD5 Max-Forwards: 70 User-Agent: redacted Supported: path Expires: 180 Allow: INVITE, ACK, OPTIONS, CANCEL, BYE, SUBSCRIBE, NOTIFY, INFO, REFER, UPDATE, MESSAGE Content-Length: 0 The script logged $si as 1.2.3.1 at 16:56:32, however, the above was sniffer at 18:47:46 and the script did NOT log 1.2.3.1. I initially considered that www_authorize() versus pv_www_authorize() may be introducing this, so I flushed my cache to ensure that I'd tested using both. It's not related to this. It really seems to be extremely arbitrary. There are tens of thousands of endpoints registered and, if this was happening consistently, I would expect to see at least hundreds, even thousands of such log entries, however, I've only found ONE so far. It appears to be to be a bug, however, before logging as such I would like to verify whether, perhaps, there is a valid case where $si may be reset to a contact IP (e.g. by one of the NAT helper functions)? Could the following, in any shape or form, ever result in $si being re-set to a new value: if ( $(si{ip.matches,$(avp(acl){csv.value,$var(i)})}) == 1 ) And, no, I never accidentally used '=' instead of '==' and the value of $avp(acl) would have been "165.165.0.0/16,102.132.128.0/17". I'm using OpenSIPS 3.1.13. Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From greg at switchtel.co.za Sun Jan 29 23:30:24 2023 From: greg at switchtel.co.za (Gregory Massel) Date: Mon, 30 Jan 2023 01:30:24 +0200 Subject: [OpenSIPS-Users] SQL injection in usernames Message-ID: I'm observing that fraudsters are attempting SQL injections within various SIP headers, e.g. Contact: From:;tag=t1cqzx35 Just a head's up to those using SQL queries in their dial plans to be careful to always *escape* the wrath! -------------- next part -------------- An HTML attachment was scrubbed... URL: From andres.lavariega at directo.com Fri Jan 6 05:50:58 2023 From: andres.lavariega at directo.com (=?iso-8859-1?Q?Andr=E9s_Alberto_Lavariega_Castellanos?=) Date: Fri, 06 Jan 2023 05:50:58 -0000 Subject: [OpenSIPS-Users] OpenSIPS on Cloud (AWS or Azure) Message-ID: I'm trying to install OpenSips on Digital Ocean's server, if the service has a public IP I think I should have no problem. [cid:image001.png at 01D92160.8422F200] Andres Lavariega Back End VoIP [cid:image002.png at 01D92160.8422F200] 5579192214 [cid:image003.png at 01D92160.8422F200] andres.lavariega at directo.com [cid:image004.png at 01D92160.8422F200] Torre Virreyes, Pedregal 24, piso 6 CDMX, México 11040 +52 55 5201 4550 [cid:image005.png at 01D92160.8422F200] www.directo.com AVISO DE CONFIDENCIALIDAD: Este correo electrónico y su contenido (incluyendo cualquier archivo adjunto o link hacia alguna URL), contiene información que es confidencial y/o legalmente privilegiada. La copia, revisión, uso, revelación y/o distribución de dicha información confidencial sin la autorización por escrito del remitente queda estrictamente prohibida. Si usted no es el destinatario a quien se dirige el presente correo, por favor notifique al remitente respondiendo al presente correo y elimine el correo original incluyendo cualquier archivo adjunto, así como cualquier copia del mismo. Mediante la recepción del presente correo usted reconoce y acepta que en caso de incumplimiento de su parte y/o de sus representantes a los términos antes mencionados, el remitente tendrá derecho a los daños y perjuicios que esto le cause. CONFIDENTIALITY NOTICE: This email and its contents (including any attachments or linked urls) may contain information that is confidential and/or legally privileged. Any unauthorized use, disclosure, and/or distribution of such information is prohibited. If you are not the intended recipient, please notify the sender, delete the original email and any attachments, and destroy any copies thereof. By receiving this e-mail, you acknowledge that any breach by you and/or your representatives of the above provisions may entitle the sender for damages. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 15995 bytes Desc: image001.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.png Type: image/png Size: 273 bytes Desc: image002.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image003.png Type: image/png Size: 453 bytes Desc: image003.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image004.png Type: image/png Size: 417 bytes Desc: image004.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image005.png Type: image/png Size: 585 bytes Desc: image005.png URL: From marcin at voipplus.net Fri Jan 6 16:47:08 2023 From: marcin at voipplus.net (Marcin Groszek) Date: Fri, 06 Jan 2023 16:47:08 -0000 Subject: [OpenSIPS-Users] stir shaken verification In-Reply-To: References: <97b4659a-5afe-2a48-fee2-38edb9b3906b@voipplus.net> <754b3d6e-77e0-461a-7752-d43088928a97@voipplus.net> <41d8146f-dca8-fca1-f6de-4cefbac2b58a@voipplus.net> <36e30af0-2d45-5c55-9fc0-ed6f8dc73f04@voipplus.net> Message-ID: <9ffe1611-ad17-0b6d-c8bd-84b88c99bec6@voipplus.net> I was/am suspecting openssl library, but I refuse to dedicate any more time to troubleshoot. It is quite easy to install new OS and try it again, especially for test environment. On 1/6/2023 10:36 AM, Jonathan Abrams wrote: > IIRC, the issue you were having with the validation failures on CentOS > 7 was related to a shared library. OpenSSL I think. > > -Jon Abrams > > > On Fri, Jan 6, 2023, 10:30 AM Marcin Groszek > wrote: > > Thank you for all your help. > > My test opensips installation was on CentOS 7 and cert > verification has been failing. > > The certificates are verifying with same opensips version 3.1.5 > and same configuration on Oracle linux 8.6. > > Thank you again for all your answers and help. > > > On 1/5/2023 5:24 PM, Marcin Groszek wrote: >> >> Yes it is, I sent it to xlog it  an it does. >> >> On 1/5/2023 4:45 PM, David Villasmil wrote: >>> Is $var(cert) actually set? Print it out >>> >>> On Thu, 5 Jan 2023 at 23:19, Marcin Groszek >> > wrote: >>> >>> Thank you very much. I have the same file, and verification >>> is still failing. Perhaps  my config: >>> >>> >>> $var(found) = cache_fetch("local", $identity(x5u), $var(cert)); >>> if (!$var(found) || !stir_shaken_check_cert("$var(cert)")) { >>>     rest_get( "$identity(x5u)", $var(cert), $var(ctype), >>> $var(http_rc)); >>>     if ($rc<0 || $var(http_rc) != 200) { >>>         send_reply(436, "Bad Identity Info"); >>>         exit; >>>     } >>>     cache_store("local", $identity(x5u), $var(cert), 60); >>> } >>> >>> stir_shaken_verify( "$var(cert)", $var(err_sip_code), >>> $var(err_sip_reason)); >>> if ($rc < 0) { >>>     xlog("stir_shaken_verify() failed: $var(err_sip_code), >>> $var(err_sip_reason) \n"); >>>     send_reply( $var(err_sip_code), $var(err_sip_reason)); >>>     exit; >>> } >>> >>> >>> I figured this much: >>> >>> $var(cert) is a public certificate downloaded from >>> $identity(x5u), if it does not exists in local cache it gets >>> pulled and stored, >>> >>> stir_shaken_check_cert("$var(cert)") is generating these errors: >>> >>> ERROR:stir_shaken:load_cert: Failed to parse certificate >>> ERROR:stir_shaken:w_stir_check_cert: Failed to load >>> certificate ( because the entry does not exists in local cashdb) >>> >>> this forces the download of the public cert from >>> $identity(x5u) and store in local cashdb >>> >>> second attempt does not generate this errors, however calls >>> with deferent identity header and url for public cert should >>> generate same errors again as the public cert from new url >>> is not in local cashdb, but it is NOT generating same error. >>> >>> Also, I have minimize cache_store  down to 1 second and >>> after that second call with same $identity(x5u) should >>> generate same errors , but it is not. >>> >>> an example at shaken-not-stirred page have : >>> >>> rest_get( "$identity(x5u)", "$var(cert)", >>> $var(ctype), $var(http_rc)); >>> >>> but this fails a start-up with error ERROR:core:fix_cmd: >>> Param [2] expected to be a variable so I removed the double >>> quotes from around $var(cert) . >>> >>> >>> >>> On 1/5/2023 1:18 PM, Joseph Jackson wrote: >>>> Hi Marcin, >>>> >>>> I suspect you are correct that its how you are decoding the >>>> ca cert file from iconectiv. >>>> >>>> attached is what we have currently and it works in our >>>> production enviroment. >>>> >>>> If the maillist strips out that attachment let me know.  >>>> You can reach me directly at jjackson at aninetworks.net >>>> >>>> >>>> Joseph >>>> >>>> ------------------------------------------------------------------------ >>>> *From:* Users >>>> on behalf of >>>> Marcin Groszek >>>> >>>> *Sent:* Thursday, January 5, 2023 10:16 AM >>>> *To:* users at lists.opensips.org >>>> >>>> >>>> *Subject:* Re: [OpenSIPS-Users] stir shaken verification >>>> >>>> Joseph, Thank you very much for your respond. >>>> >>>> >>>> I have downloaded and apply new sti-ca file but certificate >>>> validation fails. >>>> >>>> INFO:stir_shaken:verify_callback: certificate validation >>>> failed: certificate signature failure >>>> INFO:stir_shaken:w_stir_verify: Invalid certificate >>>> DBG:core:comp_scriptvar: int 26 : -8 / 0 >>>> [1637] stir_shaken_verify() failed: 437, Unsupported Credential >>>> >>>> >>>> Perhaps I am not processing the sti-ca file properly. >>>> >>>> >>>> I am testing this with a valid token , in fact test calls >>>> are coming from major cellular carrier in US and the >>>> verification fails. >>>> >>>> I can see curl download the public cert, storing it in >>>> local cache and then attempt to verify, but it fails. >>>> >>>> Upon next call with same token, the public cert is pulled >>>> from local cache and still fails. >>>> >>>> >>>> >>>> >>>> On 1/4/2023 7:37 PM, Joseph Jackson wrote: >>>>> Hi Marcin, >>>>> >>>>> We have a process that downloads the CA list from >>>>> iconectiv nightly,  decodes the jwt and stores the certs >>>>> in a single file in /etc/ssl/sti-ca/sti-ca.pem >>>>> >>>>> Here is the opensips modparam >>>>> >>>>> #stir and shaken >>>>> loadmodule "stir_shaken.so" >>>>> modparam("stir_shaken", "verify_date_freshness", 300) >>>>> modparam("stir_shaken", "auth_date_freshness", 300) >>>>> modparam("stir_shaken", "e164_strict_mode", 0) >>>>> #list of root certs for stir / shaken verification >>>>> modparam("stir_shaken", "ca_list", >>>>> "/etc/ssl/sti-ca/sti-ca.pem") >>>>> >>>>> This is on opensips v3.1.11 >>>>> >>>>> >>>>> ------------------------------------------------------------------------ >>>>> *From:* Users >>>>> on behalf of >>>>> Marcin Groszek >>>>> >>>>> *Sent:* Wednesday, January 4, 2023 6:12 PM >>>>> *To:* users at lists.opensips.org >>>>> >>>>> >>>>> *Subject:* [OpenSIPS-Users] stir shaken verification >>>>> >>>>> Opensips version 3.1.5 >>>>> >>>>> I am having some issues with stir_shaken setup. I am sure >>>>> this not an issue with the module, but me. >>>>> >>>>> |stir_shaken_auth works just fine and I am able to sign >>>>> the calls, however I was unable to find any document how >>>>> to use a ca file available for download at >>>>> iconectiv/download-list as well as via API. They do come >>>>> in as jwt file, but after little manipulation individual >>>>> certificates can be extracted, and the first one is the >>>>> root certificate; I think, and the rest are trusted >>>>> STI-CA. ||I guess my question is how do I use this file or >>>>> any other cert file as |"ca_list" and/or "ca_dir" . >>>>> >>>>> After weeks and hundreds attempts I was unsuccessful, and >>>>> I was unable to locate any document explaining >>>>> preparation/setup/steps to setup verification. >>>>> >>>>> All I get is : >>>>> >>>>> ERROR:stir_shaken:load_cert: Failed to parse certificate >>>>> ERROR:stir_shaken:w_stir_verify: Failed to load certificate >>>>> on INVITE with valid identity header. >>>>> >>>>> When I remove or replace  "ca_list" file with something >>>>> bogus opensips does not even start  with errors: >>>>> >>>>> ERROR:stir_shaken:init_cert_validation: Failed to load >>>>> trustefd CAs >>>>> ERROR:core:init_mod: failed to initialize module stir_shaken >>>>> >>>>> I would really appreciate some guidance on this one. >>>>> >>>>> >>>>> || >>>>> >>>>> || >>>>> >>>>> >>>>> _______________________________________________ >>>>> Users mailing list >>>>> Users at lists.opensips.org >>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>>> -- >>>> Best Regards: >>>> Marcin Groszek >>>> Business Phone Service >>>> https://www.voipplus.net >>>> >>>> _______________________________________________ >>>> Users mailing list >>>> Users at lists.opensips.org >>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>> >>> -- >>> Best Regards: >>> Marcin Groszek >>> Business Phone Service >>> https://www.voipplus.net >>> >>> _______________________________________________ >>> Users mailing list >>> Users at lists.opensips.org >>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>> >>> -- >>> Regards, >>> >>> David Villasmil >>> email: david.villasmil.work at gmail.com >>> >>> phone: +34669448337 >>> >>> _______________________________________________ >>> Users mailing list >>> Users at lists.opensips.org >>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> -- >> Best Regards: >> Marcin Groszek >> Business Phone Service >> https://www.voipplus.net >> >> _______________________________________________ >> Users mailing list >> Users at lists.opensips.org >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > -- > Best Regards: > Marcin Groszek > Business Phone Service > https://www.voipplus.net > > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users -- Best Regards: Marcin Groszek Business Phone Service https://www.voipplus.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From miagi_son at proton.me Wed Jan 18 21:10:57 2023 From: miagi_son at proton.me (MR Miagi) Date: Wed, 18 Jan 2023 21:10:57 +0000 Subject: [OpenSIPS-Users] Call Auth Message-ID: Sent with [Proton Mail](https://proton.me/) secure email. -------------- next part -------------- An HTML attachment was scrubbed... URL: From sj6502621 at gmail.com Thu Jan 19 19:04:18 2023 From: sj6502621 at gmail.com (James Seer) Date: Thu, 19 Jan 2023 20:04:18 +0100 Subject: [OpenSIPS-Users] Ratelimit CPS Algorithms Message-ID: Hello, I'm trying to find the best way to control calls coming to my opensips box using the Ratelimit module. i'm setting a specific cps limit to each customer via its ip source and i want precision and accuracy without exhausting my server (vultr virtual machine 2 cores, 4gb ram with 2gb dedicated to opensips shared memory and 32m shared + 8 udp workers with a profile scalling up to 16 workers on 70% load) I was able to achieve what I wanted by using the SBT algorithm, a window_size of 1 second and slot_period of 200 milliseconds, 5 slots in total. Most of my customers have a 5 to 20 cps limit. modparam("ratelimit", "window_size", 1) modparam("ratelimit", "slot_period", 200) if(!rl_check("RL_$si", 5, "SBT")) send_reply("403", "Cps Exceeded"); I admit not being able to understand how the SBT algorithm works via the documentation, I wanted to know if the values i set for window_size and slot_period are the best for CPS Limitation. Also do you confirm that SBT is the most accurate among other ratelimit algorithms for calls per second limitation ? Thank you -------------- next part -------------- An HTML attachment was scrubbed... URL: From miagi_son at proton.me Mon Jan 30 10:47:45 2023 From: miagi_son at proton.me (Pat M) Date: Mon, 30 Jan 2023 10:47:45 +0000 Subject: [OpenSIPS-Users] UAC to UAC prefix Message-ID: <3tjyXp17aW6KMnsLdERNabYZxNeYxLWY5BPPw3v9UlGY6ylklW5COay7dzbhGdBFowyfpnXDvqUnU2umXMbcEidMJOqYgchWD7f8vw4JENM=@proton.me> Hello I have set up opensips as a registrar server hosting my uac clients my users extensions are labelled like 2000-companyname but when i dial the extension it tries to make an outbound call as it does not look at the -prefix so my question is, how can i make it that if my from matches the domain it strips off the prefix and dials to the uac please can you point me to the correct direction Sent with [Proton Mail](https://proton.me/) secure email. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jjackson at aninetworks.net Mon Jan 30 19:18:26 2023 From: jjackson at aninetworks.net (Joseph Jackson) Date: Mon, 30 Jan 2023 19:18:26 +0000 Subject: [OpenSIPS-Users] OpenSIPS on Cloud (AWS or Azure) In-Reply-To: References: Message-ID: There are no issues running it on any of the cloud providers I've found so far - never used Azure tho. ________________________________ From: Users on behalf of Andrés Alberto Lavariega Castellanos Sent: Thursday, January 5, 2023 11:50 PM To: users at lists.opensips.org Subject: [OpenSIPS-Users] OpenSIPS on Cloud (AWS or Azure) I'm trying to install OpenSips on Digital Ocean's server, if the service has a public IP I think I should have no problem. [cid:image001.png at 01D92160.8422F200] Andres Lavariega Back End VoIP [cid:image002.png at 01D92160.8422F200] 5579192214 [cid:image003.png at 01D92160.8422F200] andres.lavariega at directo.com [cid:image004.png at 01D92160.8422F200] Torre Virreyes, Pedregal 24, piso 6 CDMX, México 11040 +52 55 5201 4550 [cid:image005.png at 01D92160.8422F200] www.directo.com AVISO DE CONFIDENCIALIDAD: Este correo electrónico y su contenido (incluyendo cualquier archivo adjunto o link hacia alguna URL), contiene información que es confidencial y/o legalmente privilegiada. La copia, revisión, uso, revelación y/o distribución de dicha información confidencial sin la autorización por escrito del remitente queda estrictamente prohibida. Si usted no es el destinatario a quien se dirige el presente correo, por favor notifique al remitente respondiendo al presente correo y elimine el correo original incluyendo cualquier archivo adjunto, así como cualquier copia del mismo. Mediante la recepción del presente correo usted reconoce y acepta que en caso de incumplimiento de su parte y/o de sus representantes a los términos antes mencionados, el remitente tendrá derecho a los daños y perjuicios que esto le cause. CONFIDENTIALITY NOTICE: This email and its contents (including any attachments or linked urls) may contain information that is confidential and/or legally privileged. Any unauthorized use, disclosure, and/or distribution of such information is prohibited. If you are not the intended recipient, please notify the sender, delete the original email and any attachments, and destroy any copies thereof. By receiving this e-mail, you acknowledge that any breach by you and/or your representatives of the above provisions may entitle the sender for damages. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 15995 bytes Desc: image001.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.png Type: image/png Size: 273 bytes Desc: image002.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image003.png Type: image/png Size: 453 bytes Desc: image003.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image004.png Type: image/png Size: 417 bytes Desc: image004.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image005.png Type: image/png Size: 585 bytes Desc: image005.png URL: From alain.bieuzent at free.fr Tue Jan 31 15:36:48 2023 From: alain.bieuzent at free.fr (Alain Bieuzent) Date: Tue, 31 Jan 2023 16:36:48 +0100 Subject: [OpenSIPS-Users] Ratelimit CPS Algorithms In-Reply-To: References: Message-ID: Hi James, After spending hours understanding how the different algorithms work, we selected the "TAILDROP" with the following parameters: modparam("ratelimit", "timer_interval", 1) modparam("ratelimit", "default_algorithm", "TAILDROP") modparam("ratelimit", "hash_size", 2048) it does the job (it drops what it takes!). The only thing I can advise you is to cache the limitation for each IP, because if you must query your database to obtain the limitation, in case of DDOS, your server will crash because of the possible slowdown of the database queries. Regards De : Users au nom de James Seer Répondre à : OpenSIPS users mailling list Date : lundi 30 janvier 2023 à 14:33 À : Objet : [OpenSIPS-Users] Ratelimit CPS Algorithms Hello, I'm trying to find the best way to control calls coming to my opensips box using the Ratelimit module. i'm setting a specific cps limit to each customer via its ip source and i want precision and accuracy without exhausting my server (vultr virtual machine 2 cores, 4gb ram with 2gb dedicated to opensips shared memory and 32m shared + 8 udp workers with a profile scalling up to 16 workers on 70% load) I was able to achieve what I wanted by using the SBT algorithm, a window_size of 1 second and slot_period of 200 milliseconds, 5 slots in total. Most of my customers have a 5 to 20 cps limit. modparam("ratelimit", "window_size", 1) modparam("ratelimit", "slot_period", 200) if(!rl_check("RL_$si", 5, "SBT")) send_reply("403", "Cps Exceeded"); I admit not being able to understand how the SBT algorithm works via the documentation, I wanted to know if the values i set for window_size and slot_period are the best for CPS Limitation. Also do you confirm that SBT is the most accurate among other ratelimit algorithms for calls per second limitation ? Thank you _______________________________________________ Users mailing list Users at lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users -------------- next part -------------- An HTML attachment was scrubbed... URL: From miagi_son at proton.me Tue Jan 31 15:48:44 2023 From: miagi_son at proton.me (Pat M) Date: Tue, 31 Jan 2023 15:48:44 +0000 Subject: [OpenSIPS-Users] Alias Message-ID: <5zf1V-jLszVsVELVNEfj2Vp3ITeyWOFKn6wd2pDSKQ7cI43ixOkKpTHe9cJlKRlgebtju_XFQZF-QFL_9SNHSM8J8fqiba8B97xlObQniIA=@proton.me> Konnichiwa, my users are labelled like 1020-tokyo and 1021-tokyo so i created an alias for them as 1020 and 1021 but when i dial between them it does not work and says 404 i followed here https://opensips.org/html/docs/modules/3.3.x/alias_db.html modparam("alias_db", "db_url", "mysql://xxxx:xxx at 172.17.0.3/opensips") modparam("alias_db", "user_column", "username") modparam("alias_db", "domain_column", "domain") modparam("alias_db", "alias_user_column", "user") modparam("alias_db", "alias_domain_column", "domain") modparam("alias_db", "domain_prefix", "sip.") modparam("alias_db", "append_branches", 1) if (!lookup("location")) { alias_db_lookup("dbaliases", "rd"); -------------- next part -------------- An HTML attachment was scrubbed... URL: From feiyingcheung at 126.com Mon Jan 30 10:25:05 2023 From: feiyingcheung at 126.com (Eagle Cheung) Date: Mon, 30 Jan 2023 10:25:05 -0000 Subject: [OpenSIPS-Users] b2b_logic - add/modifiy custom header on script_req_route/script_reply_route Message-ID: <1a1b1026.b5.186023536dd.Coremail.feiyingcheung@126.com> Hi, I want to know how to add/modifiy custom header on script_req_route/script_reply_route. cfg file statement ------------------------------------------ loadmodule "b2b_logic.so" modparam("b2b_logic", "script_req_route", "b2b_request") modparam("b2b_logic", "script_reply_route", "b2b_reply") modparam("b2b_logic", "custom_headers", "P-Local-Header") rotue { ... if (is_method("INVITE") && !has_totag()) { b2b_server_new("caller"); b2b_client_new("media", "sip:1234 at 192.168.216.1"); # !!!!!!!!!!!!!work fine, add header succeed. append_hf("P-Local-Header: test1\r\n"); b2b_init_request("base"); exit; } ... } route[b2b_request] { # !!!!!!!!!!!!!!!!dosen't work, could not to add. append_hf("P-Local-Header: test2\r\n"); b2b_pass_request(); } route[b2b_reply] { # !!!!!!!!!!!!!!dosen't work, could not to add. append_hf("P-Local-Header: test2\r\n"); b2b_handle_reply(); } -------------------------------------- looking forward your reply! BR Sam Cheung -------------- next part -------------- An HTML attachment was scrubbed... URL: