sipcapture / homer

HOMER - 100% Open-Source SIP, VoIP, RTC Packet Capture & Monitoring
https://sipcapture.org
GNU Affero General Public License v3.0
1.64k stars 242 forks source link

destination_ip truncated when its length is 15 (xxx.xxx.xxx.xxx) #220

Closed marianojm closed 4 years ago

marianojm commented 7 years ago

For example when ip is 200.109.221.175, destination_ip is stored in mysql as 0.109.221.175... (kamailio 4.4.0)

adubovikov commented 7 years ago

how you sent HEP packet ? IMHO kamailio has received the corrupted IP

marianojm commented 7 years ago

Via siptrace module from another kamailio server.

adubovikov commented 7 years ago

can you please activate in the siptrace module option to store the data into DB directly ? just to be sure that IP has been correct parsed

marianojm commented 7 years ago

My server is in production, so now I can´t do that ´cause I need to restart kamailio... Just now I´m capturing traffic to look into HEP protocol header... (dst_ip)

adubovikov commented 7 years ago

ok, let us know

marianojm commented 7 years ago

Alex,

Destination IP seems to be wrong... 0.108.217.174 instead of (200.108.217.174) in HEPv2 packet captured from Kamailio siptrace/module ...

These data were captured in hex... protocol used is HEPv2

Source IP: a9 39 a1 fe (169.57.161.254) Destination IP: 00 6c d9 ae (0.108.217.174) seconds: 58 e4 f3 8f useconds: 00 01 ff a7 Capture ID node: 00 01 Reserved: 00 00

0000 06 a9 61 f4 96 84 06 0e ef 86 47 72 08 00 45 08 ..a.......Gr..E. 0010 05 dc e8 a0 20 00 40 11 d6 02 a9 39 a1 fe a9 39 .... .@....9...9 0020 a1 f4 13 c4 23 64 09 9a 3b ef 02 10 02 16 13 c4 ....#d..;....... 0030 c9 48 a9 39 a1 fe 00 6c d9 ae 8f f3 e4 58 a7 ff .H.9...l.....X.. 0040 01 00 01 00 00 00 49 4e 56 49 54 45 20 73 69 70 ......INVITE sip 0050 3a 31 33 30 32 40 32 30 30 2e 31 30 38 2e 32 31 :1302@200.108.21 0060 37 2e 31 37 34 3a 35 31 35 32 38 3b 74 72 61 6e 7.174:51528;tran 0070 73 70 6f 72 74 3d 77 73 20 53 49 50 2f 32 2e 30 sport=ws SIP/2.0 0080 0d 0a 52 65 63 6f 72 64 2d 52 6f 75 74 65 3a 20 ..Record-Route: 0090 3c 73 69 70 3a 31 36 39 2e 35 37 2e 31 36 31 2e <sip:169.57.161. 00a0 32 35 34 3b 74 72 61 6e 73 70 6f 72 74 3d 77 73 254;transport=ws 00b0 3b 72 32 3d 6f 6e 3b 6c 72 3d 6f 6e 3b 66 74 61 ;r2=on;lr=on;fta 00c0 67 3d 63 5a 33 58 4e 36 44 35 34 72 42 6d 46 3e g=cZ3XN6D54rBmF> 00d0 0d 0a 52 65 63 6f 72 64 2d 52 6f 75 74 65 3a 20 ..Record-Route: 00e0 3c 73 69 70 3a 31 36 39 2e 35 37 2e 31 36 31 2e <sip:169.57.161. 00f0 32 35 34 3b 72 32 3d 6f 6e 3b 6c 72 3d 6f 6e 3b 254;r2=on;lr=on; 0100 66 74 61 67 3d 63 5a 33 58 4e 36 44 35 34 72 42 ftag=cZ3XN6D54rB 0110 6d 46 3e 0d 0a 56 69 61 3a 20 53 49 50 2f 32 2e mF>..Via: SIP/2. 0120 30 2f 57 53 53 20 31 36 39 2e 35 37 2e 31 36 31 0/WSS 169.57.161 0130 2e 32 35 34 3b 62 72 61 6e 63 68 3d 7a 39 68 47 .254;branch=z9hG 0140 34 62 4b 37 61 39 61 2e 31 30 32 37 38 30 33 64 4bK7a9a.1027803d 0150 64 61 64 31 64 36 66 61 30 38 38 65 39 38 31 66 dad1d6fa088e981f 0160 63 38 33 62 63 62 32 32 2e 30 0d 0a 56 69 61 3a c83bcb22.0..Via: 0170 20 53 49 50 2f 32 2e 30 2f 55 44 50 20 31 36 39 SIP/2.0/UDP 169 0180 2e 35 37 2e 31 36 31 2e 32 35 32 3a 31 31 30 30 .57.161.252:1100 0190 30 3b 72 65 63 65 69 76 65 64 3d 31 36 39 2e 35 0;received=169.5 01a0 37 2e 31 36 31 2e 32 35 32 3b 72 70 6f 72 74 3d 7.161.252;rport= 01b0 31 31 30 30 30 3b 62 72 61 6e 63 68 3d 7a 39 68 11000;branch=z9h 01c0 47 34 62 4b 6d 74 55 37 53 48 5a 32 42 55 44 74 G4bKmtU7SHZ2BUDt 01d0 48 0d 0a 4d 61 78 2d 46 6f 72 77 61 72 64 73 3a H..Max-Forwards: 01e0 20 34 38 0d 0a 46 72 6f 6d 3a 20 22 4d 61 72 69 48..From: "Mari 01f0 61 6e 6f 20 4d 61 72 74 69 6e 22 20 3c 73 69 70 ano Martin" <sip 0200 3a 31 33 30 31 40 7a 65 72 6f 75 79 2e 73 70 2e :1301@zerouy.sp. 0210 78 65 6e 74 72 69 63 2e 63 6f 3e 3b 74 61 67 3d xentric.co>;tag= 0220 63 5a 33 58 4e 36 44 35 34 72 42 6d 46 0d 0a 54 cZ3XN6D54rBmF..T 0230 6f 3a 20 3c 73 69 70 3a 31 33 30 32 40 32 30 30 o: <sip:1302@200 0240 2e 31 30 38 2e 32 31 37 2e 31 37 34 3a 35 31 35 .108.217.174:515 0250 32 38 3b 74 72 61 6e 73 70 6f 72 74 3d 77 73 3e 28;transport=ws> 0260 0d 0a 43 61 6c 6c 2d 49 44 3a 20 61 37 36 64 66 ..Call-ID: a76df 0270 36 63 32 2d 64 39 39 62 2d 34 35 66 63 2d 38 39 6c2-d99b-45fc-89 0280 31 66 2d 65 61 61 61 61 38 65 35 63 61 31 66 0d 1f-eaaaa8e5ca1f. 0290 0a 43 53 65 71 3a 20 31 30 35 33 36 33 37 31 39 .CSeq: 105363719 02a0 20 49 4e 56 49 54 45 0d 0a 43 6f 6e 74 61 63 74 INVITE..Contact 02b0 3a 20 3c 73 69 70 3a 6d 6f 64 5f 73 6f 66 69 61 : <sip:mod_sofia 02c0 40 31 36 39 2e 35 37 2e 31 36 31 2e 32 35 32 3a @169.57.161.252: 02d0 31 31 30 30 30 3e 0d 0a 55 73 65 72 2d 41 67 65 11000>..User-Age 02e0 6e 74 3a 20 32 36 30 30 68 7a 0d 0a 41 6c 6c 6f nt: 2600hz..Allo 02f0 77 3a 20 49 4e 56 49 54 45 2c 20 41 43 4b 2c 20 w: INVITE, ACK, 0300 42 59 45 2c 20 43 41 4e 43 45 4c 2c 20 4f 50 54 BYE, CANCEL, OPT 0310 49 4f 4e 53 2c 20 4d 45 53 53 41 47 45 2c 20 49 IONS, MESSAGE, I 0320 4e 46 4f 2c 20 55 50 44 41 54 45 2c 20 52 45 47 NFO, UPDATE, REG 0330 49 53 54 45 52 2c 20 52 45 46 45 52 2c 20 4e 4f ISTER, REFER, NO 0340 54 49 46 59 2c 20 50 55 42 4c 49 53 48 2c 20 53 TIFY, PUBLISH, S 0350 55 42 53 43 52 49 42 45 0d 0a 53 75 70 70 6f 72 UBSCRIBE..Suppor 0360 74 65 64 3a 20 70 61 74 68 2c 20 72 65 70 6c 61 ted: path, repla 0370 63 65 73 0d 0a 41 6c 6c 6f 77 2d 45 76 65 6e 74 ces..Allow-Event 0380 73 3a 20 74 61 6c 6b 2c 20 68 6f 6c 64 2c 20 63 s: talk, hold, c 0390 6f 6e 66 65 72 65 6e 63 65 2c 20 70 72 65 73 65 onference, prese 03a0 6e 63 65 2c 20 61 73 2d 66 65 61 74 75 72 65 2d nce, as-feature- 03b0 65 76 65 6e 74 2c 20 64 69 61 6c 6f 67 2c 20 6c event, dialog, l 03c0 69 6e 65 2d 73 65 69 7a 65 2c 20 63 61 6c 6c 2d ine-seize, call- 03d0 69 6e 66 6f 2c 20 73 6c 61 2c 20 69 6e 63 6c 75 info, sla, inclu 03e0 64 65 2d 73 65 73 73 69 6f 6e 2d 64 65 73 63 72 de-session-descr 03f0 69 70 74 69 6f 6e 2c 20 70 72 65 73 65 6e 63 65 iption, presence 0400 2e 77 69 6e 66 6f 2c 20 6d 65 73 73 61 67 65 2d .winfo, message- 0410 73 75 6d 6d 61 72 79 2c 20 72 65 66 65 72 0d 0a summary, refer.. 0420 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 Content-Type: ap 0430 70 6c 69 63 61 74 69 6f 6e 2f 73 64 70 0d 0a 43 plication/sdp..C 0440 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 ontent-Dispositi 0450 6f 6e 3a 20 73 65 73 73 69 6f 6e 0d 0a 43 6f 6e on: session..Con 0460 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 32 34 tent-Length: 124 0470 37 0d 0a 52 65 6d 6f 74 65 2d 50 61 72 74 79 2d 7..Remote-Party- 0480 49 44 3a 20 22 4d 61 72 69 61 6e 6f 20 4d 61 72 ID: "Mariano Mar 0490 74 69 6e 22 20 3c 73 69 70 3a 31 33 30 31 40 7a tin" <sip:1301@z 04a0 65 72 6f 75 79 2e 73 70 2e 78 65 6e 74 72 69 63 erouy.sp.xentric 04b0 2e 63 6f 3e 3b 70 61 72 74 79 3d 63 61 6c 6c 69 .co>;party=calli 04c0 6e 67 3b 73 63 72 65 65 6e 3d 79 65 73 3b 70 72 ng;screen=yes;pr 04d0 69 76 61 63 79 3d 6f 66 66 0d 0a 0d 0a 76 3d 30 ivacy=off....v=0 04e0 0d 0a 6f 3d 46 72 65 65 53 57 49 54 43 48 20 31 ..o=FreeSWITCH 1 04f0 34 39 31 33 37 32 34 32 37 20 31 34 39 31 33 37 491372427 149137 0500 32 34 32 38 20 49 4e 20 49 50 34 20 31 36 39 2e 2428 IN IP4 169. 0510 35 37 2e 31 36 31 2e 32 35 32 0d 0a 73 3d 46 72 57.161.252..s=Fr 0520 65 65 53 57 49 54 43 48 0d 0a 63 3d 49 4e 20 49 eeSWITCH..c=IN I 0530 50 34 20 31 36 39 2e 35 37 2e 31 36 31 2e 32 35 P4 169.57.161.25 0540 32 0d 0a 74 3d 30 20 30 0d 0a 61 3d 6d 73 69 64 2..t=0 0..a=msid 0550 2d 73 65 6d 61 6e 74 69 63 3a 20 57 4d 53 20 4e -semantic: WMS N 0560 35 4f 48 72 52 4b 30 57 41 34 34 38 47 53 42 41 5OHrRK0WA448GSBA 0570 75 36 37 39 56 61 51 47 47 71 69 47 34 79 6b 0d u679VaQGGqiG4yk. 0580 0a 61 3d 65 6e 64 2d 6f 66 2d 63 61 6e 64 69 64 .a=end-of-candid 0590 61 74 65 73 0d 0a 6d 3d 61 75 64 69 6f 20 32 37 ates..m=audio 27 05a0 31 34 30 20 52 54 50 2f 53 41 56 50 46 20 31 30 140 RTP/SAVPF 10 05b0 32 20 31 38 20 30 20 38 20 33 20 31 30 33 20 31 2 18 0 8 3 103 1 05c0 30 34 20 31 30 31 20 31 33 0d 0a 61 3d 72 74 70 04 101 13..a=rtp 05d0 6d 61 70 3a 31 30 32 20 6f 70 75 73 2f 34 38 30 map:102 opus/480 05e0 30 30 2f 32 0d 0a 61 3d 66 6d 00/2..a=fmIs that ok?

adubovikov commented 7 years ago

can you please check if it's for IN or for OUT traffic ?

On 5 April 2017 at 16:28, Mariano Martin notifications@github.com wrote:

Alex,

Destination IP seems to be wrong... 0.108.217.174 insted of (200.108.217.174) in HEPv2 packet captured from Kamailio siptrace/module ...

This is data captured in hex... protocol used is HEPv2

Source IP: a9 39 a1 fe (169.57.161.254) Destination IP: 00 6c d9 ae (0.108.217.174) seconds: 58 e4 f3 8f useconds: 00 01 ff a7 Capture ID node: 00 01 Reserved: 00 00

0000 06 a9 61 f4 96 84 06 0e ef 86 47 72 08 00 45 08 ..a.......Gr..E. 0010 05 dc e8 a0 20 00 40 11 d6 02 a9 39 a1 fe a9 39 .... .@....9...9 0020 a1 f4 13 c4 23 64 09 9a 3b ef 02 10 02 16 13 c4 ....#d..;....... 0030 c9 48 a9 39 a1 fe 00 6c d9 ae 8f f3 e4 58 a7 ff .H.9...l.....X.. 0040 01 00 01 00 00 00 49 4e 56 49 54 45 20 73 69 70 ......INVITE sip 0050 3a 31 33 30 32 40 32 30 30 2e 31 30 38 2e 32 31 :1302@200.108.21 0060 37 2e 31 37 34 3a 35 31 35 32 38 3b 74 72 61 6e 7.174:51528;tran 0070 73 70 6f 72 74 3d 77 73 20 53 49 50 2f 32 2e 30 sport=ws SIP/2.0 0080 0d 0a 52 65 63 6f 72 64 2d 52 6f 75 74 65 3a 20 ..Record-Route: 0090 3c 73 69 70 3a 31 36 39 2e 35 37 2e 31 36 31 2e <sip:169.57.161. 00a0 32 35 34 3b 74 72 61 6e 73 70 6f 72 74 3d 77 73 254;transport=ws 00b0 3b 72 32 3d 6f 6e 3b 6c 72 3d 6f 6e 3b 66 74 61 ;r2=on;lr=on;fta 00c0 67 3d 63 5a 33 58 4e 36 44 35 34 72 42 6d 46 3e g=cZ3XN6D54rBmF> 00d0 0d 0a 52 65 63 6f 72 64 2d 52 6f 75 74 65 3a 20 ..Record-Route: 00e0 3c 73 69 70 3a 31 36 39 2e 35 37 2e 31 36 31 2e <sip:169.57.161. 00f0 32 35 34 3b 72 32 3d 6f 6e 3b 6c 72 3d 6f 6e 3b 254;r2=on;lr=on; 0100 66 74 61 67 3d 63 5a 33 58 4e 36 44 35 34 72 42 ftag=cZ3XN6D54rB 0110 6d 46 3e 0d 0a 56 69 61 3a 20 53 49 50 2f 32 2e mF>..Via: SIP/2. 0120 30 2f 57 53 53 20 31 36 39 2e 35 37 2e 31 36 31 0/WSS 169.57.161 0130 2e 32 35 34 3b 62 72 61 6e 63 68 3d 7a 39 68 47 .254;branch=z9hG 0140 34 62 4b 37 61 39 61 2e 31 30 32 37 38 30 33 64 4bK7a9a.1027803d 0150 64 61 64 31 64 36 66 61 30 38 38 65 39 38 31 66 dad1d6fa088e981f 0160 63 38 33 62 63 62 32 32 2e 30 0d 0a 56 69 61 3a c83bcb22.0..Via: 0170 20 53 49 50 2f 32 2e 30 2f 55 44 50 20 31 36 39 SIP/2.0/UDP 169 0180 2e 35 37 2e 31 36 31 2e 32 35 32 3a 31 31 30 30 .57.161.252:1100 0190 30 3b 72 65 63 65 69 76 65 64 3d 31 36 39 2e 35 0;received=169.5 01a0 37 2e 31 36 31 2e 32 35 32 3b 72 70 6f 72 74 3d 7.161.252;rport= 01b0 31 31 30 30 30 3b 62 72 61 6e 63 68 3d 7a 39 68 11000;branch=z9h 01c0 47 34 62 4b 6d 74 55 37 53 48 5a 32 42 55 44 74 G4bKmtU7SHZ2BUDt 01d0 48 0d 0a 4d 61 78 2d 46 6f 72 77 61 72 64 73 3a H..Max-Forwards: 01e0 20 34 38 0d 0a 46 72 6f 6d 3a 20 22 4d 61 72 69 48..From: "Mari 01f0 61 6e 6f 20 4d 61 72 74 69 6e 22 20 3c 73 69 70 ano Martin" <sip 0200 3a 31 33 30 31 40 7a 65 72 6f 75 79 2e 73 70 2e :1301@zerouy.sp. 0210 78 65 6e 74 72 69 63 2e 63 6f 3e 3b 74 61 67 3d xentric.co>;tag= 0220 63 5a 33 58 4e 36 44 35 34 72 42 6d 46 0d 0a 54 cZ3XN6D54rBmF..T 0230 6f 3a 20 3c 73 69 70 3a 31 33 30 32 40 32 30 30 o: <sip:1302@200 0240 2e 31 30 38 2e 32 31 37 2e 31 37 34 3a 35 31 35 .108.217.174:515 0250 32 38 3b 74 72 61 6e 73 70 6f 72 74 3d 77 73 3e 28;transport=ws> 0260 0d 0a 43 61 6c 6c 2d 49 44 3a 20 61 37 36 64 66 ..Call-ID: a76df 0270 36 63 32 2d 64 39 39 62 2d 34 35 66 63 2d 38 39 6c2-d99b-45fc-89 0280 31 66 2d 65 61 61 61 61 38 65 35 63 61 31 66 0d 1f-eaaaa8e5ca1f. 0290 0a 43 53 65 71 3a 20 31 30 35 33 36 33 37 31 39 .CSeq: 105363719 02a0 20 49 4e 56 49 54 45 0d 0a 43 6f 6e 74 61 63 74 INVITE..Contact 02b0 3a 20 3c 73 69 70 3a 6d 6f 64 5f 73 6f 66 69 61 : <sip:mod_sofia 02c0 40 31 36 39 2e 35 37 2e 31 36 31 2e 32 35 32 3a @169.57.161.252: 02d0 31 31 30 30 30 3e 0d 0a 55 73 65 72 2d 41 67 65 11000>..User-Age 02e0 6e 74 3a 20 32 36 30 30 68 7a 0d 0a 41 6c 6c 6f nt: 2600hz..Allo 02f0 77 3a 20 49 4e 56 49 54 45 2c 20 41 43 4b 2c 20 w: INVITE, ACK, 0300 42 59 45 2c 20 43 41 4e 43 45 4c 2c 20 4f 50 54 BYE, CANCEL, OPT 0310 49 4f 4e 53 2c 20 4d 45 53 53 41 47 45 2c 20 49 IONS, MESSAGE, I 0320 4e 46 4f 2c 20 55 50 44 41 54 45 2c 20 52 45 47 NFO, UPDATE, REG 0330 49 53 54 45 52 2c 20 52 45 46 45 52 2c 20 4e 4f ISTER, REFER, NO 0340 54 49 46 59 2c 20 50 55 42 4c 49 53 48 2c 20 53 TIFY, PUBLISH, S 0350 55 42 53 43 52 49 42 45 0d 0a 53 75 70 70 6f 72 UBSCRIBE..Suppor 0360 74 65 64 3a 20 70 61 74 68 2c 20 72 65 70 6c 61 ted: path, repla 0370 63 65 73 0d 0a 41 6c 6c 6f 77 2d 45 76 65 6e 74 ces..Allow-Event 0380 73 3a 20 74 61 6c 6b 2c 20 68 6f 6c 64 2c 20 63 s: talk, hold, c 0390 6f 6e 66 65 72 65 6e 63 65 2c 20 70 72 65 73 65 onference, prese 03a0 6e 63 65 2c 20 61 73 2d 66 65 61 74 75 72 65 2d nce, as-feature- 03b0 65 76 65 6e 74 2c 20 64 69 61 6c 6f 67 2c 20 6c event, dialog, l 03c0 69 6e 65 2d 73 65 69 7a 65 2c 20 63 61 6c 6c 2d ine-seize, call- 03d0 69 6e 66 6f 2c 20 73 6c 61 2c 20 69 6e 63 6c 75 info, sla, inclu 03e0 64 65 2d 73 65 73 73 69 6f 6e 2d 64 65 73 63 72 de-session-descr 03f0 69 70 74 69 6f 6e 2c 20 70 72 65 73 65 6e 63 65 iption, presence 0400 2e 77 69 6e 66 6f 2c 20 6d 65 73 73 61 67 65 2d .winfo, message- 0410 73 75 6d 6d 61 72 79 2c 20 72 65 66 65 72 0d 0a summary, refer.. 0420 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 Content-Type: ap 0430 70 6c 69 63 61 74 69 6f 6e 2f 73 64 70 0d 0a 43 plication/sdp..C 0440 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 ontent-Dispositi 0450 6f 6e 3a 20 73 65 73 73 69 6f 6e 0d 0a 43 6f 6e on: session..Con 0460 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 32 34 tent-Length: 124 0470 37 0d 0a 52 65 6d 6f 74 65 2d 50 61 72 74 79 2d 7..Remote-Party- 0480 49 44 3a 20 22 4d 61 72 69 61 6e 6f 20 4d 61 72 ID: "Mariano Mar 0490 74 69 6e 22 20 3c 73 69 70 3a 31 33 30 31 40 7a tin" <sip:1301@z 04a0 65 72 6f 75 79 2e 73 70 2e 78 65 6e 74 72 69 63 erouy.sp.xentric 04b0 2e 63 6f 3e 3b 70 61 72 74 79 3d 63 61 6c 6c 69 .co>;party=calli 04c0 6e 67 3b 73 63 72 65 65 6e 3d 79 65 73 3b 70 72 ng;screen=yes;pr 04d0 69 76 61 63 79 3d 6f 66 66 0d 0a 0d 0a 76 3d 30 ivacy=off....v=0 04e0 0d 0a 6f 3d 46 72 65 65 53 57 49 54 43 48 20 31 ..o=FreeSWITCH 1 04f0 34 39 31 33 37 32 34 32 37 20 31 34 39 31 33 37 491372427 149137 0500 32 34 32 38 20 49 4e 20 49 50 34 20 31 36 39 2e 2428 IN IP4 169. 0510 35 37 2e 31 36 31 2e 32 35 32 0d 0a 73 3d 46 72 57.161.252..s=Fr 0520 65 65 53 57 49 54 43 48 0d 0a 63 3d 49 4e 20 49 eeSWITCH..c=IN I 0530 50 34 20 31 36 39 2e 35 37 2e 31 36 31 2e 32 35 P4 169.57.161.25 0540 32 0d 0a 74 3d 30 20 30 0d 0a 61 3d 6d 73 69 64 2..t=0 0..a=msid 0550 2d 73 65 6d 61 6e 74 69 63 3a 20 57 4d 53 20 4e -semantic: WMS N 0560 35 4f 48 72 52 4b 30 57 41 34 34 38 47 53 42 41 5OHrRK0WA448GSBA 0570 75 36 37 39 56 61 51 47 47 71 69 47 34 79 6b 0d u679VaQGGqiG4yk. 0580 0a 61 3d 65 6e 64 2d 6f 66 2d 63 61 6e 64 69 64 .a=end-of-candid 0590 61 74 65 73 0d 0a 6d 3d 61 75 64 69 6f 20 32 37 ates..m=audio 27 05a0 31 34 30 20 52 54 50 2f 53 41 56 50 46 20 31 30 140 RTP/SAVPF 10 05b0 32 20 31 38 20 30 20 38 20 33 20 31 30 33 20 31 2 18 0 8 3 103 1 05c0 30 34 20 31 30 31 20 31 33 0d 0a 61 3d 72 74 70 04 101 13..a=rtp 05d0 6d 61 70 3a 31 30 32 20 6f 70 75 73 2f 34 38 30 map:102 opus/480 05e0 30 30 2f 32 0d 0a 61 3d 66 6d 00/2..a=fmIs that ok?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/sipcapture/homer/issues/220#issuecomment-291878845, or mute the thread https://github.com/notifications/unsubscribe-auth/AETdJZi85cBYf4IeQYQ9N0XjmaqjRmH6ks5rs6T7gaJpZM4M0HYR .

marianojm commented 7 years ago

OUT traffic (generated by kamailio to webrtc phone ... and WSS transport) When traffic comes from webrtc phone to kamailio: src_ip is ok ! (200.108.217.174)

marianojm commented 7 years ago

Alex, I forgot to tell you that siptrace/kamailio module is version 4.2.0

adubovikov commented 7 years ago

yeah, 4.2 is a little bit old and unforunately i don't have wss scenario right now. It will be nice do upgrade to 4.4 but before, please write to CDR or print out in the xlog ($si and $di) (source and destination ip) probably this is an issue inside of wss socket and ip has been cut of there.

marianojm commented 7 years ago

I'm afraid I can´t upgrade to 4.4 now and WSS is a must for us...so I'm thinking of installing captagent6 to fix the problem now and stop using siptrace module. (I have printed out in the xlog $si and $di .... but always shows null values for $di )

adubovikov commented 7 years ago

sorry, please check $Ri - Received IP address

oussamahammami commented 7 years ago

Hi,

I have a similar problem with the "destination_ip" in the sip_capture_call_XXXX table but only the first character is missing.

The destination address should be 79.142.255.106 and not 9.142.255.106, MSG ID 304

mysql> select id,date,method,source_ip,destination_ip,callid from homer_data.sip_capture_call_20171017 where id > 267;
+-----+---------------------+--------+----------------+----------------+--------------------------------------+
| id  | date                | method | source_ip      | destination_ip | callid                               |
+-----+---------------------+--------+----------------+----------------+--------------------------------------+
| 268 | 2017-10-17 12:53:03 | ACK    | 79.142.255.106 | 10.142.0.3     | upfgqif77usl67t85pc4                 |
| 269 | 2017-10-17 12:53:03 | 100    | 10.142.0.3     | 79.142.255.106 | upfgqif77usl67t85pc4                 |
| 270 | 2017-10-17 12:53:03 | 100    | 35.196.9.254   | 10.142.0.3     | upfgqif77usl67t85pc4                 |
| 271 | 2017-10-17 12:53:03 | 100    | 10.142.0.4     | 35.196.156.91  | upfgqif77usl67t85pc4                 |
| 272 | 2017-10-17 12:53:03 | INVITE | 35.196.9.254   | 10.142.0.5     | bd550c6f-cc8d-48da-9569-7d2c54c36ec1 |
| 273 | 2017-10-17 12:53:03 | INVITE | 35.196.9.254   | 10.142.0.5     | bd550c6f-cc8d-48da-9569-7d2c54c36ec1 |
| 274 | 2017-10-17 12:53:03 | 100    | 10.142.0.5     | 35.196.9.254   | bd550c6f-cc8d-48da-9569-7d2c54c36ec1 |
| 275 | 2017-10-17 12:53:03 | 100    | 35.185.104.74  | 10.142.0.4     | bd550c6f-cc8d-48da-9569-7d2c54c36ec1 |
| 276 | 2017-10-17 12:53:03 | INVITE | 10.142.0.4     | 35.185.104.74  | bd550c6f-cc8d-48da-9569-7d2c54c36ec1 |
| 277 | 2017-10-17 12:53:03 | INVITE | 10.142.0.5     | 54.171.127.194 | bd550c6f-cc8d-48da-9569-7d2c54c36ec1 |
| 278 | 2017-10-17 12:53:03 | 100    | 54.171.127.194 | 10.142.0.5     | bd550c6f-cc8d-48da-9569-7d2c54c36ec1 |
| 279 | 2017-10-17 12:53:07 | 183    | 54.171.127.194 | 10.142.0.5     | bd550c6f-cc8d-48da-9569-7d2c54c36ec1 |
| 280 | 2017-10-17 12:53:07 | 183    | 10.142.0.5     | 35.196.9.254   | bd550c6f-cc8d-48da-9569-7d2c54c36ec1 |
| 281 | 2017-10-17 12:53:07 | 183    | 35.185.104.74  | 10.142.0.4     | bd550c6f-cc8d-48da-9569-7d2c54c36ec1 |
| 282 | 2017-10-17 12:53:07 | 183    | 10.142.0.4     | 35.196.156.91  | upfgqif77usl67t85pc4                 |
| 283 | 2017-10-17 12:53:07 | 183    | 35.196.9.254   | 10.142.0.3     | upfgqif77usl67t85pc4                 |
| 284 | 2017-10-17 12:53:07 | 180    | 10.142.0.3     | 79.142.255.106 | upfgqif77usl67t85pc4                 |
| 285 | 2017-10-17 12:53:15 | 200    | 54.171.127.194 | 10.142.0.5     | bd550c6f-cc8d-48da-9569-7d2c54c36ec1 |
| 286 | 2017-10-17 12:53:15 | 200    | 10.142.0.5     | 35.196.9.254   | bd550c6f-cc8d-48da-9569-7d2c54c36ec1 |
| 287 | 2017-10-17 12:53:15 | 200    | 35.185.104.74  | 10.142.0.4     | bd550c6f-cc8d-48da-9569-7d2c54c36ec1 |
| 288 | 2017-10-17 12:53:15 | ACK    | 35.196.9.254   | 10.142.0.5     | bd550c6f-cc8d-48da-9569-7d2c54c36ec1 |
| 289 | 2017-10-17 12:53:15 | ACK    | 10.142.0.4     | 35.185.104.74  | bd550c6f-cc8d-48da-9569-7d2c54c36ec1 |
| 290 | 2017-10-17 12:53:15 | 200    | 10.142.0.4     | 35.196.156.91  | upfgqif77usl67t85pc4                 |
| 291 | 2017-10-17 12:53:15 | 200    | 35.196.9.254   | 10.142.0.3     | upfgqif77usl67t85pc4                 |
| 292 | 2017-10-17 12:53:15 | 200    | 10.142.0.3     | 79.142.255.106 | upfgqif77usl67t85pc4                 |
| 293 | 2017-10-17 12:53:15 | ACK    | 79.142.255.106 | 10.142.0.3     | upfgqif77usl67t85pc4                 |
| 294 | 2017-10-17 12:53:15 | ACK    | 35.196.156.91  | 10.142.0.4     | upfgqif77usl67t85pc4                 |
| 295 | 2017-10-17 12:53:34 | BYE    | 54.171.127.194 | 10.142.0.5     | bd550c6f-cc8d-48da-9569-7d2c54c36ec1 |
| 296 | 2017-10-17 12:53:34 | BYE    | 10.142.0.5     | 35.196.9.254   | bd550c6f-cc8d-48da-9569-7d2c54c36ec1 |
| 297 | 2017-10-17 12:53:34 | BYE    | 35.185.104.74  | 10.142.0.4     | bd550c6f-cc8d-48da-9569-7d2c54c36ec1 |
| 298 | 2017-10-17 12:53:34 | 200    | 35.196.9.254   | 10.142.0.5     | bd550c6f-cc8d-48da-9569-7d2c54c36ec1 |
| 299 | 2017-10-17 12:53:34 | 200    | 10.142.0.5     | 54.171.127.194 | bd550c6f-cc8d-48da-9569-7d2c54c36ec1 |
| 300 | 2017-10-17 12:53:34 | 200    | 10.142.0.4     | 35.185.104.74  | bd550c6f-cc8d-48da-9569-7d2c54c36ec1 |
| 301 | 2017-10-17 12:53:34 | BYE    | 10.142.0.4     | 35.196.156.91  | upfgqif77usl67t85pc4                 |
| 302 | 2017-10-17 12:53:34 | BYE    | 35.196.9.254   | 10.142.0.3     | upfgqif77usl67t85pc4                 |
| 303 | 2017-10-17 12:53:34 | BYE    | 35.196.9.254   | 10.142.0.3     | upfgqif77usl67t85pc4                 |
| 304 | 2017-10-17 12:53:34 | BYE    | 10.142.0.3     | 9.142.255.106  | upfgqif77usl67t85pc4                 |
| 305 | 2017-10-17 12:53:34 | 200    | 79.142.255.106 | 10.142.0.3     | upfgqif77usl67t85pc4                 |
| 306 | 2017-10-17 12:53:34 | 200    | 10.142.0.3     | 35.196.9.254   | upfgqif77usl67t85pc4                 |
| 307 | 2017-10-17 12:53:34 | 200    | 35.196.156.91  | 10.142.0.4     | upfgqif77usl67t85pc4                 |
+-----+---------------------+--------+----------------+----------------+--------------------------------------+
mysql> select * from homer_data.sip_capture_call_20171017 where id=304\G
*************************** 1. row ***************************
              id: 304
            date: 2017-10-17 12:53:34
        micro_ts: 1508244814848135
          method: BYE
    reply_reason:
            ruri: sip:7902@web-proxy-001.hammami.ch;gr=urn:uuid:87cc268c-c36b-4619-ac54-0d88a743dc80;alias=79.142.255.106~5248~6
       ruri_user: 7902
     ruri_domain: web-proxy-001.hammami.ch
       from_user: 46852500672
     from_domain: 10.142.0.4
        from_tag: 008e3c19-1124-4de0-97ad-1c714ba672de
         to_user: 7902
       to_domain: web-proxy-001.hammami.ch
          to_tag: 03n4tje9f1
        pid_user:
    contact_user:
       auth_user:
          callid: upfgqif77usl67t85pc4
     callid_aleg:
           via_1: SIP/2.0/WSS web-proxy-001.hammami.ch:5443;branch=z9hG4bKc998.e976dac70c6cd1955f7750f9d455ad2a.0
    via_1_branch: z9hG4bKc998.e976dac70c6cd1955f7750f9d455ad2a.0
            cseq: 15752 BYE
       diversion:
          reason: Q.850;cause=16
    content_type:
            auth:
      user_agent: Rebtel Media Gateway
       source_ip: 10.142.0.3
     source_port: 5443
  destination_ip: 9.142.255.106
destination_port: 5248
      contact_ip:
    contact_port: 0
   originator_ip:
 originator_port: 0
         expires: -1
  correlation_id: upfgqif77usl67t85pc4
   custom_field1:
   custom_field2:
   custom_field3:
           proto: 3
          family: 2
        rtp_stat:
            type: 1
            node: homer01
             msg: BYE sip:7902@web-proxy-001.hammami.ch;gr=urn:uuid:87cc268c-c36b-4619-ac54-0d88a743dc80;alias=79.142.255.106~5248~6 SIP/2.0
Via: SIP/2.0/WSS web-proxy-001.hammami.ch:5443;branch=z9hG4bKc998.e976dac70c6cd1955f7750f9d455ad2a.0
Via: SIP/2.0/UDP 35.196.9.254:5060;received=35.196.9.254;rport=5060;branch=z9hG4bKPj19493987-675d-4bce-bd36-074ced43fc42
From: <sip:46852500672@10.142.0.4>;tag=008e3c19-1124-4de0-97ad-1c714ba672de
To: "7902" <sip:7902@web-proxy-001.hammami.ch>;tag=03n4tje9f1
Call-ID: upfgqif77usl67t85pc4
CSeq: 15752 BYE
Reason: Q.850;cause=16
Max-Forwards: 69
User-Agent: Rebtel Media Gateway
Content-Length:  0

Only one BYE packet is affected ! the last one from Kamailio-webrtc to the Webrtc client.

screen shot 2017-10-17 at 14 55 49

The hep packet sent from Kamailio-webrtc :

U 10.142.0.3:5060 -> 10.142.0.9:9060
.....C..
......jBYE sip:7902@web-proxy-001.hammami.ch;gr=urn:uuid:87cc268c-c36b-4619-ac54-0d88a743dc80;alias=79.142.255.106~5248~6 SIP/2.0.
Via: SIP/2.0/WSS web-proxy-001.hammami.ch:5443;branch=z9hG4bKa3a9.8fd6f5d1223d1fc8521122c6fd8e8d3b.0.
Via: SIP/2.0/UDP 35.196.89.16:5060;received=35.196.89.16;rport=5060;branch=z9hG4bKPjb0fd9f08-e976-4585-ada7-f0c46c2ee801.
From: <sip:46852500672@10.142.0.2>;tag=6746f979-945d-4686-937b-c73b37074bd1.
To: "7902" <sip:7902@web-proxy-001.hammami.ch>;tag=hva6e3iocm.
Call-ID: upfgq54qnaosoa59ios9.
CSeq: 18741 BYE.
Reason: Q.850;cause=16.
Max-Forwards: 69.
User-Agent: Rebtel Media Gateway.
Content-Length:  0.

the data in Homer

screen shot 2017-10-17 at 17 14 39

I use kamailio 4.4.6 / Centos 7.

Thanks in advance for any help Ouss

adubovikov commented 7 years ago

is it websocket ?

oussamahammami commented 7 years ago

Hi,

yes, it is websocket and only websocket is affected by this pb, destination_ip so the Call-Flow are correct for normal sip calls.

/Ouss

adubovikov commented 7 years ago

Hi, any chance use 5.x and HEPv3 ?

Wbr, Alexandr

oussamahammami commented 7 years ago

I have installed Homer 5.x Kamailio 4.4.6

/Ouss

oussamahammami commented 7 years ago

Hi,

I have updated homer this morning to

define('CONFIG_VERSION', "2.1.2"); /* Please ALWAYS include CONFIGVERSION */
define('WEBHOMER_VERSION', "5.1.3"); /* WEBHOMER VERSION */

but still have the wrong destination_ip = '9.142.255.106' and only for the BYE

MySQL request:

insert into `sip_capture_call_20171018` (`date`,`micro_ts`,`method`,`reply_reason`,`ruri`,`ruri_user`,`from_user`,`from_tag`,`to_user`,`to_tag`,`pid_user`,`contact_user`,`auth_user`,`callid`,`callid_aleg`,`via_1`,`via_1_branch`,`cseq`,`reason`,`content_type`,`auth`,`user_agent`,`source_ip`,`source_port`,`destination_ip`,`destination_port`,`contact_ip`,`contact_port`,`originator_ip`,`originator_port`,`proto`,`family`,`rtp_stat`,`type`,`node`,`correlation_id`,`from_domain`,`to_domain`,`ruri_domain`,`msg` ) values ('2017-10-18 13:32:22',1508333542210111,'BYE','','sip:7902@web-proxy-001.hammami.ch;gr=urn:uuid:672399b7-5097-4439-bb6e-dff93e8a0bd0;alias=79.142.255.106~29301~6','7902','46852500672','2f7abdc3-ba30-45b1-b98e-ce62401d8f18','7902','o8rakkltpl','','','','ai78av8e4settrrjednn','','SIP/2.0/WSS web-proxy-001.hammami.ch:5443;branch=z9hG4bK6a06.56c912218e6dbfb0a27e3fb737784c88.0','z9hG4bK6a06.56c912218e6dbfb0a27e3fb737784c88.0','5010 BYE','Q.850;cause=16','','','Rebtel Media Gateway','10.142.0.3',5443,'9.142.255.106',29301,'',0,'',0,3,2,'',1,'homer01','ai78av8e4settrrjednn','10.142.0.2','web-proxy-001.hammami.ch','web-proxy-001.hammami.ch','BYE sip:7902@web-proxy-001.hammami.ch;gr=urn:uuid:672399b7-5097-4439-bb6e-dff93e8a0bd0;alias=79.142.255.106~29301~6 SIP/2.0\r\nVia: SIP/2.0/WSS web-proxy-001.hammami.ch:5443;branch=z9hG4bK6a06.56c912218e6dbfb0a27e3fb737784c88.0\r\nVia: SIP/2.0/UDP 35.196.89.16:5060;received=35.196.89.16;rport=5060;branch=z9hG4bKPje33ba03d-06cd-4a0a-b7fb-3b21ec3608a2\r\nFrom: <sip:46852500672@10.142.0.2>;tag=2f7abdc3-ba30-45b1-b98e-ce62401d8f18\r\nTo: \"7902\" <sip:7902@web-proxy-001.hammami.ch>;tag=o8rakkltpl\r\nCall-ID: ai78av8e4settrrjednn\r\nCSeq: 5010 BYE\r\nReason: Q.850;cause=16\r\nMax-Forwards: 69\r\nUser-Agent: Rebtel Media Gateway\r\nContent-Length:  0\r\n\r\n')

Should I update kamailio also ? from 4.4.6 to 5.0.x (kamailio-5.0.3)

/Ouss

oussamahammami commented 7 years ago

I have updated kamailio to 5.0.3, no chance .

adubovikov commented 7 years ago

i hope you have updated the original kamailio who sends the traffic?

oussamahammami commented 7 years ago

Hi, As you have suggest the problem was resolved by updating my kamailio "Webrtc" who send the traffic 😁 to version 5.0.X (5.0.3)

thanks again for your help 👍 /Ouss