Really thanks :).<br><br><div class="gmail_quote">2012/9/19 Peter Dunkley <span dir="ltr"><<a href="mailto:peter.dunkley@crocodile-rcs.com" target="_blank">peter.dunkley@crocodile-rcs.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<u></u>
<div>
Hello,<br>
<br>
I found an issue with checking the Host: header when you are using a non-default port (that is not 80 or 443) for WebSockets.<br>
<br>
I have updated the WebSockets example kamailio.cfg in git master with a fix.<br>
<br>
Regards,<br>
<br>
Peter<div><div class="h5"><br>
<br>
On Fri, 2012-09-14 at 11:55 +0200, Jesús Pérez Rubio wrote:<br>
<blockquote type="CITE">
Hi, I had the same problem and I solve it changing this line on my kamailio.cfg:<br>
<br>
# DIRTY WORKARROUND :P <br>
#if ($hdr(Host) == $null || !is_myself($hdr(Host))) { <br>
if ($hdr(Host) == $null) {<br>
xlog("L_WARN", "Bad host $hdr(Host)\n");<br>
xhttp_reply("403", "Forbidden", "", "");<br>
exit;<br>
}<br>
<br>
Could anybode confirm me if this solution is correct (and secure) please?<br>
<br>
Thanks in advance :).<br>
<br>
</blockquote>
<blockquote type="CITE">
2012/8/8 Carlos Ruiz Díaz <<a href="mailto:carlos.ruizdiaz@gmail.com" target="_blank">carlos.ruizdiaz@gmail.com</a>><br>
<blockquote>
Thank you for your time Peter.
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<br>
<br>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
I'll setup a VM with Windows to continue with my tests and I'll come back later with more feedback.
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<br>
<br>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
Regards.
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<br>
<br>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<font color="#888888">Carlos.</font>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<br>
<br>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
On Wed, Aug 8, 2012 at 12:22 PM, Peter Dunkley <<a href="mailto:peter.dunkley@crocodile-rcs.com" target="_blank">peter.dunkley@crocodile-rcs.com</a>> wrote:<br>
<blockquote>
Hi,<br>
<br>
I have added some comments in-line below.<br>
<br>
Regards,<br>
<br>
Peter
</blockquote>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<blockquote>
<br>
> 1. After setting up the proxy ip:port in the call.htm file (of sipml5) to<br>
<br>
</blockquote>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<blockquote>
> *<br>
> 127.0.0.1:5060* the client started to work but kamailio script refused to
</blockquote>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<blockquote>
> establish my connection because the following condition was not satisfied:<br>
><br>
><br>
<br>
</blockquote>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<blockquote>
> *if ($Rp != MY_WS_PORT && $Rp != MY_WSS_PORT) {*<br>
> * xlog("L_WARN", "HTTP request received on $Rp\n");*<br>
> * xhttp_reply("403", "Forbidden", "", "");*<br>
> * exit;*<br>
> *}*<br>
><br>
> *MY_WS_PORT* and *MY_WSS_PORT *are set to 80 and 443 respectively, as the
</blockquote>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<blockquote>
> default config example of websocket module says so.<br>
><br>
<br>
</blockquote>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<blockquote>
> Then, I decided to change the ip:port to *127.0.0.1:80*, always in the
</blockquote>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<blockquote>
> call.htm file and afterwards the condition was satisfied but sipml5 dies<br>
> with<br>
><br>
> SIP stack start: proxy='<a href="http://127.0.0.1:80" target="_blank">127.0.0.1:80</a>', realm='<sip:127.0.0.1>',<br>
> impi='2000', impu='<<a href="mailto:sip%3A2000@127.0.0.1" target="_blank">sip:2000@127.0.0.1</a>>'<br>
<br>
</blockquote>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<blockquote>
> tsk_utils.js:97<<a href="http://127.0.0.1/sipml5/src/tinySAK/src/tsk_utils.js?svn=5" target="_blank">http://127.0.0.1/sipml5/src/tinySAK/src/tsk_utils.js?svn=5</a>>
</blockquote>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<blockquote>
> Connecting to 'ws://<a href="http://127.0.0.1:80" target="_blank">127.0.0.1:80</a>'<br>
<br>
</blockquote>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<blockquote>
> tsk_utils.js:97<<a href="http://127.0.0.1/sipml5/src/tinySAK/src/tsk_utils.js?svn=5" target="_blank">http://127.0.0.1/sipml5/src/tinySAK/src/tsk_utils.js?svn=5</a>><br>
> Stack starting<br>
> tsk_utils.js:97<<a href="http://127.0.0.1/sipml5/src/tinySAK/src/tsk_utils.js?svn=5" target="_blank">http://127.0.0.1/sipml5/src/tinySAK/src/tsk_utils.js?svn=5</a>><br>
> Unexpected response code: 200 :1 <<a href="http://127.0.0.1/" target="_blank">http://127.0.0.1/</a>><br>
> __tsip_transport_ws_onerror<br>
> tsk_utils.js:97<<a href="http://127.0.0.1/sipml5/src/tinySAK/src/tsk_utils.js?svn=5" target="_blank">http://127.0.0.1/sipml5/src/tinySAK/src/tsk_utils.js?svn=5</a>><br>
> __tsip_transport_ws_onclose<br>
> tsk_utils.js:97<<a href="http://127.0.0.1/sipml5/src/tinySAK/src/tsk_utils.js?svn=5" target="_blank">http://127.0.0.1/sipml5/src/tinySAK/src/tsk_utils.js?svn=5</a>>
</blockquote>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<blockquote>
> Failed to connet to the server<br>
><br>
> Finally, I ended up commenting the condition block and restored the<br>
<br>
</blockquote>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<blockquote>
> original values of ip:port to *127.0.0.1:5060* .
</blockquote>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<blockquote>
><br>
> Having done that, I tried again and another error was thrown but this<br>
> time,<br>
<br>
</blockquote>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<blockquote>
> in the next condition block: * if ($hdr(Host) == $null ||<br>
> !is_myself($hdr(Host))) *
</blockquote>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<blockquote>
><br>
> <script>: WebSocket<br>
> Aug 8 11:30:53 carlosrdcnx-laptop kamailio[16238]: DEBUG: <script>:<br>
> Host:<br>
> <a href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a><br>
> Aug 8 11:30:53 carlosrdcnx-laptop kamailio[16238]: DEBUG: <script>:<br>
> Origin: <a href="http://127.0.0.1" target="_blank">http://127.0.0.1</a><br>
> Aug 8 11:30:53 carlosrdcnx-laptop kamailio[16238]: DEBUG: <core><br>
> [socket_info.c:589]: grep_sock_info - checking if host==us: 14==9 && [<br>
> <a href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a>] == [127.0.0.1]<br>
> Aug 8 11:30:53 carlosrdcnx-laptop kamailio[16238]: DEBUG: <core><br>
> [socket_info.c:589]: grep_sock_info - checking if host==us: 14==9 && [<br>
> <a href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a>] == [127.0.0.2]<br>
> Aug 8 11:30:53 carlosrdcnx-laptop kamailio[16238]: DEBUG: <core><br>
> [socket_info.c:589]: grep_sock_info - checking if host==us: 14==13 && [<br>
> <a href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a>] == [192.168.10.95]<br>
> Aug 8 11:30:53 carlosrdcnx-laptop kamailio[16238]: DEBUG: <core><br>
> [socket_info.c:589]: grep_sock_info - checking if host==us: 14==13 && [<br>
> <a href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a>] == [192.168.10.55]<br>
> Aug 8 11:30:53 carlosrdcnx-laptop kamailio[16238]: DEBUG: <core><br>
> [socket_info.c:589]: grep_sock_info - checking if host==us: 14==9 && [<br>
> <a href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a>] == [127.0.0.1]<br>
> Aug 8 11:30:53 carlosrdcnx-laptop kamailio[16238]: DEBUG: <core><br>
> [socket_info.c:589]: grep_sock_info - checking if host==us: 14==9 && [<br>
> <a href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a>] == [127.0.0.2]<br>
> Aug 8 11:30:53 carlosrdcnx-laptop kamailio[16238]: DEBUG: <core><br>
> [socket_info.c:589]: grep_sock_info - checking if host==us: 14==13 && [<br>
> <a href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a>] == [192.168.10.95]<br>
> Aug 8 11:30:53 carlosrdcnx-laptop kamailio[16238]: DEBUG: <core><br>
> [socket_info.c:589]: grep_sock_info - checking if host==us: 14==13 && [<br>
> <a href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a>] == [192.168.10.55]<br>
> Aug 8 11:30:53 carlosrdcnx-laptop kamailio[16238]: DEBUG: <core><br>
<br>
</blockquote>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<blockquote>
> [forward.c:462]: *check_self: host != me*
</blockquote>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<blockquote>
> Aug 8 11:30:53 carlosrdcnx-laptop kamailio[16238]: WARNING: <script>: Bad<br>
> host <a href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a><br>
><br>
> I commented the block too and only then sipml5 was able to register<br>
> itself.<br>
><br>
> What am I doing wrong here?<br>
><br>
<br>
<br>
</blockquote>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<blockquote>
When I tested this I was hosting sipml5 on a web-server on a separate<br>
machine from Kamailio, and my web-browser was on a separate machine from<br>
both Kamailio and the web-server. The example configuration works for<br>
that scenario (which is likely to be the way it would be deployed in a<br>
real system). I suspect that the Kamailio listen directives (or something<br>
else related) aren't set-up quite right for your environment.<br>
<br>
Host: is a required header when establishing a WebSocket connection. The<br>
Host: header added by the client should indicate the name of the server<br>
the client is trying to connect to as indicated in the WebSocket URI (so<br>
if you put an IP address in the URI that will be in the Host: header, if<br>
you put a hostname in the URI then it will be in the Host: header). The<br>
WebSocket server (in this case Kamailio) should check that this header<br>
matches what it believes it's externally visible name is before accepting<br>
the connection.<br>
<br>
This check needs to be performed in kamailio.cfg instead of the WebSocket<br>
module in order for the check to be flexible. The check in the example<br>
kamailio.cfg is:<br>
- Making sure the Host: header is present<br>
- Making sure the name in the Host: header is an IP address (as defined in<br>
the listen directives) or alias (for example a domain name) that the<br>
Kamailio instance believes it is authoritative for.<br>
<br>
As the WebSocket stack in a web-browser will add the Host: header<br>
automatically, any problem with this suggests that the WebSocket URI set<br>
in sipml5 and the listen/alias directives in kamailio.cfg don't match -<br>
which would be consistent with the first part your connection<br>
establishment problem too.<br>
<br>
I would suggest that you should re-instate these lines as, by commenting<br>
them out (rather than fixing the underlying problems in the test set-up),<br>
you may be moving the issues down-stream.
</blockquote>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<blockquote>
<br>
> 2. I registered a legacy softphone (twinkle) to attempt to initiate a call<br>
> in both ways, but the was something wrong with the signaling, probably<br>
> some<br>
> frame decoding garbage in the buffer of the SIP message. Perhaps these<br>
> bytes are part of the frame control header but since I haven't read the<br>
> RFC<br>
> (yet) I am mentioning it anyway.<br>
><br>
<br>
</blockquote>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<blockquote>
> tcp_send: buf=*#012�~#003�*INVITE
</blockquote>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<blockquote>
> sip:2000@df7jal23ls0d.invalid;transport=ws<br>
> SIP/2.0#015#012Record-Route:<br>
> <sip:127.0.0.1;transport=ws;r2=on;lr=on>#015#012Record-Route:<br>
> <sip:127.0.0.1;r2=on;lr=on>#015#012Via: SIP/2.0/WS<br>
> 127.0.0.1;branch=z9hG4bK90a8.b1a7035e13ed19880dd12a1f4c86adbb.0#015#012Via:<br>
> SIP/2.0/UDP<br>
> 127.0.0.1:5062;rport=5062;branch=z9hG4bKimixlbyp#015#012Max-Forwards:<br>
> 69#015#012To: <<a href="mailto:sip%3A2000@127.0.0.1" target="_blank">sip:2000@127.0.0.1</a>>#015#012From: "1000"<br>
> <<a href="mailto:sip%3A1000@127.0.0.1" target="_blank">sip:1000@127.0.0.1</a>>;tag=lrtfz#015#012Call-ID:<br>
> gxsqobolphfchfq@carlosrdcnx-laptop.site#015#012CSeq: 654<br>
> INVITE#015#012Contact: <<a href="http://sip:1000@127.0.0.1:5062" target="_blank">sip:1000@127.0.0.1:5062</a>>#015#012Content-Type:<br>
> application/sdp#015#012Allow:<br>
> INVITE,ACK,BYE,CANCEL,OPTIONS,PRACK,REFER,NOTIFY,SUBSCRIBE,INFO,MESSAGE#015#012Supported:<br>
> replaces,norefersub,100rel#015#012User-Agent:<br>
> Twinkle/1.4.2#015#012Content-Length:<br>
> 302#015#012#015#012v=0#015#012o=twinkle 391470222 1383232165 IN IP4<br>
> 127.0.0.1#015#012s=-#015#012c=IN IP4 127.0.0.1#015#012t=0 0#015#012m=audio<br>
> 8008 RTP/AVP <a href="tel:98%2097%208%200%203%20101%23015%23" target="_blank">98 97 8 0 3 101#015#</a>012a=rtpmap:98<br>
> speex/16000#015#012a=rtpmap:97 speex/8000#015#012a=rtpmap:8<br>
> PCMA/8000#015#012a=rtpmap:0 PCMU/8000#015#012a=rtpmap:3<br>
> GSM/8000#015#012a=rtpmap:101 telephone-event/8000#015#012a=fmtp:101<br>
> 0-15#015#012a=ptime:20#015#012<br>
><br>
<br>
<br>
</blockquote>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<blockquote>
That INVITE is for a call towards sipml5 on a WebSocket connection. So<br>
this isn't a SIP message over TCP, it is a SIP message over WebSockets<br>
over TCP - and those are not the same thing. The stuff at the start of<br>
the TCP buffer is the WebSocket framing and it is meant to be there.<br>
<br>
The WebSocket framing will not be present on the connection to Twinkle.
</blockquote>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<blockquote>
<br>
> 3. Does Twinkle support the minimum media requirements for testing? If<br>
> not,<br>
> what (Linux) softphone is suitable for this purpose?<br>
><br>
<br>
<br>
</blockquote>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<blockquote>
When using an up-to-date Google Chrome you need to use a client that<br>
supports RTP/SAVPF. Boghe (from Doubango) is a Windows client that<br>
supports this. I don't know which (if any) Linux clients support this<br>
feature.<br>
<br>
<font color="#888888">--</font><br>
<font color="#888888">Peter Dunkley</font><br>
<font color="#888888">Technical Director</font><br>
<font color="#888888">Crocodile RCS Ltd</font><br>
<br>
<br>
<font color="#888888">_______________________________________________</font><br>
<font color="#888888">sr-dev mailing list</font><br>
<font color="#888888"><a href="mailto:sr-dev@lists.sip-router.org" target="_blank">sr-dev@lists.sip-router.org</a></font><br>
<font color="#888888"><a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev" target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev</a></font>
</blockquote>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<br>
<br>
</blockquote>
</blockquote>
<blockquote type="CITE">
<blockquote>
<br>
_______________________________________________<br>
sr-dev mailing list<br>
<a href="mailto:sr-dev@lists.sip-router.org" target="_blank">sr-dev@lists.sip-router.org</a><br>
<a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev" target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev</a><br>
<br>
</blockquote>
</blockquote>
<blockquote type="CITE">
<br>
<br>
<br>
-- <br>
Jesús Pérez<br>
VoIP Engineer at Quobis<br>
<br>
Fixed: <a href="tel:%2B34%20902%20999%20465" value="+34902999465" target="_blank">+34 902 999 465</a><br>
Site: <a href="http://www.quobis.com/" target="_blank">http://www.quobis.com</a><br>
<br>
<pre>_______________________________________________
sr-dev mailing list
<a href="mailto:sr-dev@lists.sip-router.org" target="_blank">sr-dev@lists.sip-router.org</a>
<a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev" target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev</a>
</pre>
</blockquote>
<br>
<table cellpadding="0" cellspacing="0" width="100%">
<tbody><tr>
<td>
<pre>--
Peter Dunkley
Technical Director
Crocodile RCS Ltd
</pre>
</td>
</tr>
</tbody></table>
</div></div></div>
<br>_______________________________________________<br>
sr-dev mailing list<br>
<a href="mailto:sr-dev@lists.sip-router.org">sr-dev@lists.sip-router.org</a><br>
<a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev" target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">Jesús Pérez</span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">VoIP Engineer at Quobis</span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)"><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">Fixed: </span><a title="Llama ahora" style="color:rgb(0,101,204);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">+34 902 999 465</a><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">
<span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">Site: </span><a href="http://www.quobis.com/" style="color:rgb(0,101,204);font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)" target="_blank">http://www.quobis.com</a><br>
<br>