SIP messages out of order

sipcapture / homer

HOMER - 100% Open-Source SIP, VoIP, RTC Packet Capture & Monitoring

https://sipcapture.org

GNU Affero General Public License v3.0

1.61k stars 240 forks source link

SIP messages out of order #572

Closed jrozhon closed 1 year ago

jrozhon commented 1 year ago

Hi, on a fresh-installed Homer 7 (via apt repository), I get some of the SIP messages out of the expected order. I checked that there was a similar issue already reported about 3 years ago, but in my case the timestamps are already wrong (see figure).

I have heplify-server 1.59.3 and Asterisk 18.14 with hep module loaded and configured.

I have also checked the system time on both servers.

Any idea would be appreciated. Thanks.

homer

github-actions[bot] commented 1 year ago

Please star this repository to motivate the developers and to get higher priority! :star:

lmangani commented 1 year ago

I have heplify-server 1.59.3 and Asterisk 18.14 with hep module loaded and configured.

This could have multiple causes, and a single message doesn't tell much. In HEPv3 timestamps are marked by the sender. Is the time syncronized between your hosts?

jrozhon commented 1 year ago

Thanks for such a quick response. Yes, both have NTP up and running and I checked it manually as well. Moreover, all messages are from the same Asterisk server so in case of misaligned time I would expect for all messages to be slightly off but in correct order.

lmangani commented 1 year ago

Accurate timestamping is only available in HEPv2/3 and its designed to avoid exactly this scenario. If you're not doing any TLS on your instance, just replace the internal res_hep with hepfliy to confirm if that's the case.

adubovikov commented 1 year ago

just to be sure, do you have HEP only from your asterisk or do you have on one box asterisk and another has heplify client ? (not server)

adubovikov commented 1 year ago

because the 401 has rounded milliseconds timestamp: 621000 - the last 000 should be bigger than 339. Also, please check the capture_id and the capture IP on 401 and INVITE

jrozhon commented 1 year ago

As a "client" I have Asterisk with res_hep/res_hep_pjsip. No heplify there or anywhere else yet, but will try it after business hours as per Lorenzo's advice.

Yes, I can also see the rounding, but can't really figure where it happens as it seems that it is done for incoming messages and not for the outgoing ones.

I am inclined to think that it has something to do with res_hep in Asterisk, though.

jrozhon commented 1 year ago

Capture IDs are ok, both are 1.

jrozhon commented 1 year ago

So, heplify (client) sends the timestamps without rounding, so I guess it is clear now. Thank you both for support.

lmangani commented 1 year ago

Thanks for confirming @jrozhon we'll see if's even possible to patch the native HEP driver but we always suggest the passive approach when encryption is not at play. Welcome to the club!