Closed perrfect closed 1 year ago
There's no limits at the receiving end, so you should look at the agent side and make sure the right settings are used to reassemble packets before encapsulation. What's your agent of choice?
There's no limits at the receiving end, so you should look at the agent side and make sure the right settings are used to reassemble packets before encapsulation. What's your agent of choice?
We are using captagent.
If you're only using UDP just change the following in your socket_pcap
configuration:
<param name="reasm" value="true"/>
If you're using TCP @kYroL01 will assist with the other settings 😉
If you're only using UDP just change the following in your
socket_pcap
configuration:<param name="reasm" value="true"/>
If you're using TCP @kYroL01 will assist with the other settings wink
Ok, thank you, I will try.
Hello. I changed reasm to true, but now I have the problem with filters:
<param name="filter">
<value>portrange 5060-5091 or (ip[6:2] & 0x3fff != 0x0000)</value>
</param>
: [NOTICE] Loaded socket_pcap
: [ERR] xmlread.c:170 Parse error at line [13]:[not well-formed (invalid token)]
: [ERR] socket_pcap.c:1109 Unable to open configuration file: /usr/local/captagent/etc/captagent//socket_pcap.xml
<param name="filter">
<value>portrange 5060-5091 or ip[6:2]</value>
</param>
67521]: [NOTICE] Using filter: (portrange 5060-5091 or ip[6:2])
67521]: [ERR] socket_pcap.c:885 Failed to compile filter "(portrange 5060-5091 or ip[6:2])": can't parse filter expression: syntax error
<param name="filter">
<value>portrange 5060-5091 or ((ip[6:2] & 0x3fff) != 0x0000)</value>
</param>
[ERR] xmlread.c:170 Parse error at line [13]:[not well-formed (invalid token)]
68512]: [ERR] socket_pcap.c:1109 Unable to open configuration file: /usr/local/captagent/etc/captagent//socket_pcap.xml
<param name="filter">
<value>portrange 5060-5091 or (ip[6:2] & 0x3fff != 0)</value>
</param>
<param name="filter">
<value>portrange 5060-5091 or (ip[6:2] and 0x3fff != 0x0000)</value>
</param>
[NOTICE] Loaded socket_pcap
Started SIP capture agent server daemon.
[NOTICE] Using filter: (portrange 5060-5091 or (ip[6:2] and 0x3fff != 0x0000))
[ERR] socket_pcap.c:885 Failed to compile filter "(portrange 5060-5091 or (ip[6:2] and 0x3fff != 0x0000))": can't parse filter expression: syntax error
Version captagent - 6.3.1
Hi @perrfect This is a bad BPF filter, as the error shows you. What are you trying to filter with ip[6:2] and 0x3fff !=
? Identification field for IP header ?
When you activate reasm = true
we internally already apply a BPF filter, so try to leave it simply portrange 5060-5091
.
Please try with the default one, thank you
Hello. I'm using homer in docker-containers and database postgresql and have noticed that not all INVITE requests are visible. It seems that INVITE requests are truncated when MTU is more than 1500 bytes. Maybe some INVITE requests are incorrect write to a DB?