Missing initial INVITE when filtering out NOTIFY methods

[noahrotheray]

Hi Guys,

Ive got a Homer stack monitoring -+20 FreeSwitch servers.

Ive picked up an issue with 1 of the boxes. All the calls are being saved to the heplify-server without the initial INVITE for the calls, it does however contain INVITES if they occurred during the call (forwarding, proxy auth etc).

Extracting the PCAP also does not have the initial INVITE. Every other server, that is also using heplify, does not have this problem.

This box specifically has the below heplify configs: Version: 1.61 service file: [Unit] Description=Captures packets from wire and sends them to Homer After=network.target

[Service] ExecStart=/usr/bin/heplify -i any -hn SIPZACPT1 -hs homer.server.com:9060 -di OPTIONS,REGISTER,NOTIFY -d rtp,sip,rtcp ExecStop=/bin/kill ${MAINPID} Restart=on-failure RestartSec=10s Type=simple

[Install] WantedBy=multi-user.target

Let me know if you need anything else :)

Noah

[noahrotheray]

Did some more testing:

• Tested capturing the pcap locally without sending it to heplify-server, pcap contains initial INVITE
• Did the same test, this time with the -di OPTIONS,REGISTER,NOTIFY flag, pcap does not contain the initial INVITE
• Removed the NOTIFY from the -di flag, calls now contain the initial INVITE

Seems if NOTIFY is specified as part of the -di flag, the inital INVITE is missing? Think this needs more testing.

Current binary command im using now:

/usr/local/bin/heplify -i any -hn SIPZACPT1 -hs homer.server.com:9060 -di [OPTIONS,REGISTER] -d rtp,sip,rtcp

[lmangani]

Please show us an example of the initial INVITEs to see how they might be triggering the filter

[negbie]

-di will discard uninteresting packets by any string. Often you will find the Allow header in invites like: Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE

and that's probably your issue. So just use the right flag -dim to filter SIP methods.

[noahrotheray]

Thanks Negbie, this makes sense.