Re: [OpenSIPS-Users] stir_shaken date header discrepancy
Hello Liviu, I am already running the last version of OpenSIPS. opensips -V version: opensips 3.4.3 (x86_64/linux) deb https://apt.opensips.org bookworm 3.4-releases In my example, the "iat" PASSporT value is correct. The only issue lies with the Date header field. Le mar. 20 févr. 2024 à 14:55, Liviu Chircu a écrit : > Hi James, > > Make sure you're running a recent OpenSIPS build, I recall this bug was > caught a few months ago > <https://github.com/OpenSIPS/opensips/commit/75a168a9f43>. > > Best regards, > > Liviu Chircuwww.twitter.com/liviuchircu | www.opensips-solutions.com > OpenSIPS Summit 2024 Valencia, May 14-17 | www.opensips.org/events > > On 20.02.2024 15:03, James Seer wrote: > > Hello, > > I have a question regarding Date Header Verification in our setup: > > Server Timezone: Central European Time > Configuration: > require_date_hdr: false > verify_date_freshness : 300 seconds > SIP INVITE Date Header: Tue, 20 Feb 2024 00:26:05 GMT > Server time: 2024-02-20T00:26:06 CET > Identity header payload "iat" value: 1708385165 > > Despite the Date header being in the future, OpenSIPS proceeded with > verification. While I can see there's an existing error code (-6: Date > header value is older than local policy for freshness), it only addresses > cases where the header is "older" than the local policy. > > This could be easily handled in script code, but shouldn't opensips > trigger a distinct failure with a new error code, considering the > discrepancy between the Date header and server time ? (More than 300 > seconds of difference) > > Thank you > > ___ > Users mailing > listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users > > ___ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] stir_shaken date header discrepancy
Hello, I have a question regarding Date Header Verification in our setup: Server Timezone: Central European Time Configuration: require_date_hdr: false verify_date_freshness : 300 seconds SIP INVITE Date Header: Tue, 20 Feb 2024 00:26:05 GMT Server time: 2024-02-20T00:26:06 CET Identity header payload "iat" value: 1708385165 Despite the Date header being in the future, OpenSIPS proceeded with verification. While I can see there's an existing error code (-6: Date header value is older than local policy for freshness), it only addresses cases where the header is "older" than the local policy. This could be easily handled in script code, but shouldn't opensips trigger a distinct failure with a new error code, considering the discrepancy between the Date header and server time ? (More than 300 seconds of difference) Thank you ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] replicate to HEP using the advertised address - OPENSIPS 3.3.9
Hi Liviu, Thanks for the patch. However I can't apply it as my OpenSIPS is installed as a binary package and not compiled from source. I've also created an issue on GitHub to track this. https://github.com/OpenSIPS/opensips/issues/3276 Le lun. 8 janv. 2024 à 11:13, Liviu Chircu a écrit : > On 26.12.2023 22:54, James Seer wrote: > > Aaaa the good old days before commit 4bd50335a (2023-12-12 by Vlad Paiu), > life was simpler when my vip network interface and VIP itself were just one > happy entity in HOMER's eyes :P > > This recent commit with its replication to HEP using the advertised > address has complicated things in homer heplify by treating them as two > different entities in the sip sequence (precisely during ACKs CANCEL and > BYEs). Any chance we could make this an optional feature? > > Hi James, > > First of all, VIP issue aside, there seems to be a bug in that patch where > the *sourceIP* and *sourcePort* are changed to *destinationIP *and > *destinationPort* without a good reason (currently started a discussion > with Vlad - we'll get to the bottom of it). Maybe if this were tweaked, > your SIP flows would return back to looking normal?! > > Nonetheless, if you have a 3.3 source tree to work with, try the following > patch onto your root sources directory and see if the behavior improves by > just fixing the bug instead of reverting the patch: > > git apply <(base64 -d < > H4sIA91Ry26DMBA8w1fsqUoCJpCSZ9U0HxD11lMUWcYPZBUwsk3US/+9hiQNOQT13Is9 > > Hs/ujsdMCgEI5dICmZaKNQU3U6sJ5fqyRRSyRze+rBj/goTN6ex5nq2iKF2ss3XGkiUkcbxIUx8h > > 9LizHwTBQPfdDtAsSVdhEkNwBY40llhJQVYWjKxxpx8Zqxt6JkqTw8QtIXRXWFZC4RraLeyqCp5j > > UZB87IP37YNbDbfYKPqJqSqasjIjYBk+kcIc0mP4i+c9vHBYaFW6eVkjROgjz3Mz0VbTU5S5YDBh > > THNj0Jaw07m58xgVvHq7mnW1rQgm46eB0sthc9MwY7GsQ4C/DhzQ1UrbzV3nlglvrWutrBq/+IHn > > 3RwYTTsHd8SDwuF8l71MVz28dtiqfrpD7x/2/a//pY33GloSHyMHIitL3jLwCi0cvX/s9530B7QY > 9NXwAwAA > EOF > ) > > Best regards, > > -- > Liviu Chircuwww.twitter.com/liviuchircu | www.opensips-solutions.com > OpenSIPS Summit 2024 Valencia, May 14-17 | www.opensips.org/events > > ___ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] replicate to HEP using the advertised address - OPENSIPS 3.3.9
Aaaa the good old days before commit 4bd50335a (2023-12-12 by Vlad Paiu), life was simpler when my vip network interface and VIP itself were just one happy entity in HOMER's eyes :P This recent commit with its replication to HEP using the advertised address has complicated things in homer heplify by treating them as two different entities in the sip sequence (precisely during ACKs CANCEL and BYEs). Any chance we could make this an optional feature? ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] 3.2.12 upgrade >> fifo_reply permission denied error
Hello, After an upgrade to OpenSIPS 3.2.12 , I cant run opensips-cli -x mi using root. It's been working with the previous versions. Apr 21 14:02:51 test-opensips/usr/sbin/opensips[705536]: ERROR:mi_fifo:mi_open_reply_pipe: open error (/tmp/opensips_fifo_reply_705551_1682078571_0451558): Permission denied Apr 21 14:02:51 test-opensips /usr/sbin/opensips[705536]: NOTICE:mi_fifo:mi_fifo_callback: cannot open reply pipe /tmp/opensips_fifo_reply_705551_1682078571_0451558 changing reply folder from tmp to another non sticky bit one , with full rights (for test purposes) does not change anything : root@test-opensips:~# ls -dl /var/run/fiforeply/ drwsrwsrwt 2 opensips opensips 60 Apr 21 14:11 /var/run/fiforeply/ Apr 21 14:11:11 test-opensips /usr/sbin/opensips[705725]: ERROR:mi_fifo:mi_open_reply_pipe: open error (/var/run/fiforeply/opensips_fifo_reply_705741_1682079071_2581842): Permission denied Apr 21 14:11:11 test-opensips /usr/sbin/opensips[705725]: NOTICE:mi_fifo:mi_fifo_callback: cannot open reply pipe /var/run/fiforeply/opensips_fifo_reply_705741_1682079071_2581842 Opensips-cli version is the same before and after the upgrade : OpenSIPS CLI 0.2.0 As a current workaround i'm running it through opensips user : runuser -u opensips -- opensips-cli -x mi uptime opensips-cli config : [default] log_level: WARNING prompt_name: opensips-cli prompt_intro: Welcome to OpenSIPS Command Line Interface! prompt_emptyline_repeat_cmd: False history_file: ~/.opensips-cli.history history_file_size: 1000 output_type: pretty-print communication_type: fifo fifo_file: /var/run/opensips/opensips_fifo Opensips config file : FIFO Management Interface loadmodule "mi_fifo.so" modparam("mi_fifo", "fifo_name", "/var/run/opensips/opensips_fifo") modparam("mi_fifo", "fifo_mode", 0666) root@test-opensips:~# ps aux |grep opensips opensips 705724 0.0 0.6 541560 13984 ?S14:11 0:00 /usr/sbin/opensips -P /run/opensips/opensips.pid -f /etc/opensips/opensips.cfg -m 500 -M 8 opensips 705725 0.0 0.3 542060 6780 ?S14:11 0:00 /usr/sbin/opensips -P /run/opensips/opensips.pid -f /etc/opensips/opensips.cfg -m 500 -M 8 ... ... ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] Invalid dialog
Hello, I am experiencing strange behaviour from one specific provider. 80% of calls work properly, some of them fall into the validate_dialog condition, returncode = -1 i've checked INVITE and ACK message , i don't see anything that could cause that. fix_dialog_route seems to fix the problem but I would love to understand what is causing it. i noticed that with other providers when the dialog is not valid there is an ERROR message in the log files "ERROR:dialog:dlg_validate_dialog: failed to validate remote contact" with this one , there is no error. I compared the call with another working one from the same provider , I see no difference. Here are the initial invite, the 200 ok from opensips to provider, and the ACK that does not match during dialog validation. proxyfqdn.example: my opensips FQDN pro.vid.der.ip : provider ip address my.pbx.behind.opensips.ip : my pbx behind opensips (asterisk box) INITIAL INVITE : INVITE sip:010010@proxyfqdn.example SIP/2.0 Via: SIP/2.0/UDP pro.vid.der.ip:5060;branch=z9hG4bK695c5157 Max-Forwards: 70 From: "anonymous" ;tag=as6a0e2632 To: Contact: Call-ID: 0211c8466462c5e942f58e7479e81...@pro.vid.der.ip:5060 CSeq: 102 INVITE User-Agent: Asterisk PBX 18.3.0 Date: Mon, 17 Apr 2023 18:52:49 GMT Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE Supported: replaces, timer X-ADDTIONAL-UUID: XSHDATAID: T1798 Diversion: ;reason=unconditional Content-Type: application/sdp Content-Length: 250 v=0 o=root 665874795 665874795 IN IP4 pro.vid.der.ip s=Asterisk PBX 18.3.0 c=IN IP4 pro.vid.der.ip t=0 0 m=audio 7162 RTP/AVP 8 101 a=rtpmap:8 PCMA/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-16 a=ptime:20 a=maxptime:150 a=sendrecv -- 200 OK (Proxy to provider) SIP/2.0 200 OK Via: SIP/2.0/UDP pro.vid.der.ip:5060;branch=z9hG4bK695c5157 Record-Route: From: "anonymous" ;tag=as6a0e2632 To: ;tag=as2b2572fa Call-ID: 0211c8466462c5e942f58e7479e81...@pro.vid.der.ip:5060 CSeq: 102 INVITE Server: Asterisk PBX 13.11.2 Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE Supported: replaces, timer Session-Expires: 1800;refresher=uas Contact: Content-Type: application/sdp Require: timer Content-Length: 237 v=0 o=root 1475118129 1475118129 IN IP4 my.pbx.behind.opensips.ip s=MYMEDIASERVER c=IN IP4 my.pbx.behind.opensips.ip t=0 0 m=audio 17486 RTP/AVP 8 101 a=rtpmap:8 PCMA/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-16 a=maxptime:150 a=sendrecv ACK that cause dialog invalidation : ACK sip:+xx10...@my.pbx.behind.opensips.ip:5060 SIP/2.0 Via: SIP/2.0/UDP pro.vid.der.ip:5060;branch=z9hG4bK11c1df1f Route: Max-Forwards: 70 From: "anonymous" ;tag=as6a0e2632 To: ;tag=as2b2572fa Contact: Call-ID: 0211c8466462c5e942f58e7479e81...@pro.vid.der.ip:5060 CSeq: 102 ACK User-Agent: Asterisk PBX 18.3.0 Content-Length: 0 ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] Ratelimit CPS Algorithms
Hello, I'm trying to find the best way to control calls coming to my opensips box using the Ratelimit module. i'm setting a specific cps limit to each customer via its ip source and i want precision and accuracy without exhausting my server (vultr virtual machine 2 cores, 4gb ram with 2gb dedicated to opensips shared memory and 32m shared + 8 udp workers with a profile scalling up to 16 workers on 70% load) I was able to achieve what I wanted by using the SBT algorithm, a window_size of 1 second and slot_period of 200 milliseconds, 5 slots in total. Most of my customers have a 5 to 20 cps limit. modparam("ratelimit", "window_size", 1) modparam("ratelimit", "slot_period", 200) if(!rl_check("RL_$si", 5, "SBT")) send_reply("403", "Cps Exceeded"); I admit not being able to understand how the SBT algorithm works via the documentation, I wanted to know if the values i set for window_size and slot_period are the best for CPS Limitation. Also do you confirm that SBT is the most accurate among other ratelimit algorithms for calls per second limitation ? Thank you ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users