Re: [OpenSIPS-Users] stir_shaken date header discrepancy

2024-02-20 Thread James Seer 
Hello Liviu,

I am already running the last version of OpenSIPS.
opensips -V
version: opensips 3.4.3 (x86_64/linux)
deb https://apt.opensips.org bookworm 3.4-releases

In my example, the "iat" PASSporT value is correct. The only issue lies
with the Date header field.

Le mar. 20 févr. 2024 à 14:55, Liviu Chircu  a écrit :

> Hi James,
>
> Make sure you're running a recent OpenSIPS build, I recall this bug was
> caught a few months ago
> <https://github.com/OpenSIPS/opensips/commit/75a168a9f43>.
>
> Best regards,
>
> Liviu Chircuwww.twitter.com/liviuchircu | www.opensips-solutions.com
> OpenSIPS Summit 2024 Valencia, May 14-17 | www.opensips.org/events
>
> On 20.02.2024 15:03, James Seer wrote:
>
> Hello,
>
> I have a question regarding Date Header Verification in our setup:
>
> Server Timezone: Central European Time
> Configuration:
> require_date_hdr: false
> verify_date_freshness : 300 seconds
> SIP INVITE Date Header: Tue, 20 Feb 2024 00:26:05 GMT
> Server time: 2024-02-20T00:26:06 CET
> Identity header payload "iat" value: 1708385165
>
> Despite the Date header being in the future, OpenSIPS proceeded with
> verification. While I can see there's an existing error code (-6: Date
> header value is older than local policy for freshness), it only addresses
> cases where the header is "older" than the local policy.
>
> This could be easily handled in script code, but shouldn't opensips
> trigger a distinct failure with a new error code, considering the
> discrepancy between the Date header and server time ? (More than 300
> seconds of difference)
>
> Thank you
>
> ___
> Users mailing 
> listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] stir_shaken date header discrepancy

2024-02-20 Thread James Seer 
Hello,

I have a question regarding Date Header Verification in our setup:

Server Timezone: Central European Time
Configuration:
require_date_hdr: false
verify_date_freshness : 300 seconds
SIP INVITE Date Header: Tue, 20 Feb 2024 00:26:05 GMT
Server time: 2024-02-20T00:26:06 CET
Identity header payload "iat" value: 1708385165

Despite the Date header being in the future, OpenSIPS proceeded with
verification. While I can see there's an existing error code (-6: Date
header value is older than local policy for freshness), it only addresses
cases where the header is "older" than the local policy.

This could be easily handled in script code, but shouldn't opensips trigger
a distinct failure with a new error code, considering the discrepancy
between the Date header and server time ? (More than 300 seconds of
difference)

Thank you
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] replicate to HEP using the advertised address - OPENSIPS 3.3.9

2024-01-08 Thread James Seer 
Hi Liviu,

Thanks for the patch. However I can't apply it as my OpenSIPS is installed
as a binary package and not compiled from source.
I've also created an issue on GitHub to track this.
https://github.com/OpenSIPS/opensips/issues/3276

Le lun. 8 janv. 2024 à 11:13, Liviu Chircu  a écrit :

> On 26.12.2023 22:54, James Seer wrote:
>
> Aaaa the good old days before commit 4bd50335a (2023-12-12 by Vlad Paiu),
> life was simpler when my vip network interface and VIP itself were just one
> happy entity in HOMER's eyes :P
>
> This recent commit with its replication to HEP using the advertised
> address has complicated things in homer heplify by treating them as two
> different entities in the sip sequence (precisely during ACKs CANCEL and
> BYEs). Any chance we could make this an optional feature?
>
> Hi James,
>
> First of all, VIP issue aside, there seems to be a bug in that patch where
> the *sourceIP* and *sourcePort* are changed to *destinationIP *and
> *destinationPort* without a good reason (currently started a discussion
> with Vlad - we'll get to the bottom of it).  Maybe if this were tweaked,
> your SIP flows would return back to looking normal?!
>
> Nonetheless, if you have a 3.3 source tree to work with, try the following
> patch onto your root sources directory and see if the behavior improves by
> just fixing the bug instead of reverting the patch:
>
> git apply <(base64 -d <
> H4sIA91Ry26DMBA8w1fsqUoCJpCSZ9U0HxD11lMUWcYPZBUwsk3US/+9hiQNOQT13Is9
>
> Hs/ujsdMCgEI5dICmZaKNQU3U6sJ5fqyRRSyRze+rBj/goTN6ex5nq2iKF2ss3XGkiUkcbxIUx8h
>
> 9LizHwTBQPfdDtAsSVdhEkNwBY40llhJQVYWjKxxpx8Zqxt6JkqTw8QtIXRXWFZC4RraLeyqCp5j
>
> UZB87IP37YNbDbfYKPqJqSqasjIjYBk+kcIc0mP4i+c9vHBYaFW6eVkjROgjz3Mz0VbTU5S5YDBh
>
> THNj0Jaw07m58xgVvHq7mnW1rQgm46eB0sthc9MwY7GsQ4C/DhzQ1UrbzV3nlglvrWutrBq/+IHn
>
> 3RwYTTsHd8SDwuF8l71MVz28dtiqfrpD7x/2/a//pY33GloSHyMHIitL3jLwCi0cvX/s9530B7QY
> 9NXwAwAA
> EOF
> )
>
> Best regards,
>
> --
> Liviu Chircuwww.twitter.com/liviuchircu | www.opensips-solutions.com
> OpenSIPS Summit 2024 Valencia, May 14-17 | www.opensips.org/events
>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] replicate to HEP using the advertised address - OPENSIPS 3.3.9

2023-12-26 Thread James Seer 
Aaaa the good old days before commit 4bd50335a (2023-12-12 by Vlad Paiu),
life was simpler when my vip network interface and VIP itself were just one
happy entity in HOMER's eyes :P

This recent commit with its replication to HEP using the advertised address
has complicated things in homer heplify by treating them as two different
entities in the sip sequence (precisely during ACKs CANCEL and BYEs). Any
chance we could make this an optional feature?
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] 3.2.12 upgrade >> fifo_reply permission denied error

2023-04-24 Thread James Seer 
Hello,
After an upgrade to OpenSIPS 3.2.12 , I cant run opensips-cli -x mi using
root. It's been working with the previous versions.

Apr 21 14:02:51 test-opensips/usr/sbin/opensips[705536]:
ERROR:mi_fifo:mi_open_reply_pipe: open error
(/tmp/opensips_fifo_reply_705551_1682078571_0451558): Permission denied
Apr 21 14:02:51 test-opensips  /usr/sbin/opensips[705536]:
NOTICE:mi_fifo:mi_fifo_callback: cannot open reply pipe
/tmp/opensips_fifo_reply_705551_1682078571_0451558

changing reply folder from tmp to another non sticky bit one , with full
rights (for test purposes) does not change anything :

root@test-opensips:~# ls -dl /var/run/fiforeply/
drwsrwsrwt 2 opensips opensips 60 Apr 21 14:11 /var/run/fiforeply/

Apr 21 14:11:11 test-opensips /usr/sbin/opensips[705725]:
ERROR:mi_fifo:mi_open_reply_pipe: open error
(/var/run/fiforeply/opensips_fifo_reply_705741_1682079071_2581842):
Permission denied
Apr 21 14:11:11 test-opensips /usr/sbin/opensips[705725]:
NOTICE:mi_fifo:mi_fifo_callback: cannot open reply pipe
/var/run/fiforeply/opensips_fifo_reply_705741_1682079071_2581842

Opensips-cli version is the same before and after the upgrade : OpenSIPS
CLI 0.2.0

As a current workaround i'm running it through opensips user :
runuser -u opensips -- opensips-cli -x mi uptime




opensips-cli config :

[default]
log_level: WARNING
prompt_name: opensips-cli
prompt_intro: Welcome to OpenSIPS Command Line Interface!
prompt_emptyline_repeat_cmd: False
history_file: ~/.opensips-cli.history
history_file_size: 1000
output_type: pretty-print
communication_type: fifo
fifo_file: /var/run/opensips/opensips_fifo

Opensips config file  :

 FIFO Management Interface
loadmodule "mi_fifo.so"
modparam("mi_fifo", "fifo_name", "/var/run/opensips/opensips_fifo")
modparam("mi_fifo", "fifo_mode", 0666)

root@test-opensips:~# ps aux |grep opensips
opensips  705724  0.0  0.6 541560 13984 ?S14:11   0:00
/usr/sbin/opensips -P /run/opensips/opensips.pid -f
/etc/opensips/opensips.cfg -m 500 -M 8
opensips  705725  0.0  0.3 542060  6780 ?S14:11   0:00
/usr/sbin/opensips -P /run/opensips/opensips.pid -f
/etc/opensips/opensips.cfg -m 500 -M 8
...
...
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] Invalid dialog

2023-04-18 Thread James Seer 
Hello,

I am experiencing strange behaviour from one specific provider.
80% of calls work properly, some of them fall into the validate_dialog
condition, returncode = -1
i've checked INVITE and ACK message , i don't see anything that could cause
that.
fix_dialog_route seems to fix the problem but I would love to understand
what is causing it.
i noticed that with other providers when the dialog is not valid there is
an ERROR message in the log files
"ERROR:dialog:dlg_validate_dialog: failed to validate remote contact"
with this one , there is no error.
I compared the call with another working one from the same provider , I see
no difference.
Here are the initial invite, the 200 ok from opensips to provider, and the
ACK that does not match during dialog validation.

proxyfqdn.example:  my opensips FQDN
pro.vid.der.ip : provider ip address
my.pbx.behind.opensips.ip : my pbx behind opensips (asterisk box)

INITIAL INVITE :

INVITE sip:010010@proxyfqdn.example SIP/2.0
Via: SIP/2.0/UDP pro.vid.der.ip:5060;branch=z9hG4bK695c5157
Max-Forwards: 70
From: "anonymous" ;tag=as6a0e2632
To: 
Contact: 
Call-ID: 0211c8466462c5e942f58e7479e81...@pro.vid.der.ip:5060
CSeq: 102 INVITE
User-Agent: Asterisk PBX 18.3.0
Date: Mon, 17 Apr 2023 18:52:49 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO,
PUBLISH, MESSAGE
Supported: replaces, timer
X-ADDTIONAL-UUID: 
XSHDATAID: T1798
Diversion: ;reason=unconditional
Content-Type: application/sdp
Content-Length: 250

v=0
o=root 665874795 665874795 IN IP4 pro.vid.der.ip
s=Asterisk PBX 18.3.0
c=IN IP4 pro.vid.der.ip
t=0 0
m=audio 7162 RTP/AVP 8 101
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=maxptime:150
a=sendrecv


--

200 OK (Proxy to provider)

SIP/2.0 200 OK
Via: SIP/2.0/UDP pro.vid.der.ip:5060;branch=z9hG4bK695c5157
Record-Route:

From: "anonymous" ;tag=as6a0e2632
To: ;tag=as2b2572fa
Call-ID: 0211c8466462c5e942f58e7479e81...@pro.vid.der.ip:5060
CSeq: 102 INVITE
Server: Asterisk PBX 13.11.2
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO,
PUBLISH, MESSAGE
Supported: replaces, timer
Session-Expires: 1800;refresher=uas
Contact: 
Content-Type: application/sdp
Require: timer
Content-Length: 237

v=0
o=root 1475118129 1475118129 IN IP4 my.pbx.behind.opensips.ip
s=MYMEDIASERVER
c=IN IP4 my.pbx.behind.opensips.ip
t=0 0
m=audio 17486 RTP/AVP 8 101
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=maxptime:150
a=sendrecv



ACK that cause dialog invalidation :


ACK sip:+xx10...@my.pbx.behind.opensips.ip:5060 SIP/2.0
Via: SIP/2.0/UDP pro.vid.der.ip:5060;branch=z9hG4bK11c1df1f
Route: 
Max-Forwards: 70
From: "anonymous" ;tag=as6a0e2632
To: ;tag=as2b2572fa
Contact: 
Call-ID: 0211c8466462c5e942f58e7479e81...@pro.vid.der.ip:5060
CSeq: 102 ACK
User-Agent: Asterisk PBX 18.3.0
Content-Length: 0
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] Ratelimit CPS Algorithms

2023-01-30 Thread James Seer 
Hello,
I'm trying to find the best way to control calls coming to my opensips box
using the Ratelimit module.
i'm setting a specific cps limit to each customer via its ip source and i
want precision and accuracy without exhausting my server (vultr virtual
machine 2 cores, 4gb ram with 2gb dedicated to opensips shared memory and
32m shared + 8 udp workers with a profile scalling up to 16 workers on 70%
load)
I was able to achieve what I wanted by using the SBT algorithm, a
window_size of 1 second and slot_period of 200 milliseconds, 5 slots in
total. Most of my customers have a 5 to 20 cps limit.

modparam("ratelimit", "window_size", 1)
modparam("ratelimit", "slot_period", 200)

if(!rl_check("RL_$si", 5, "SBT")) send_reply("403", "Cps Exceeded");

I admit not being able to understand how the SBT algorithm works via the
documentation, I wanted to know if the values i set for window_size and
slot_period are the best for CPS Limitation.
Also do you confirm that SBT is the most accurate among other ratelimit
algorithms for calls per second limitation ?

Thank you
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users