Skip to content

Instantly share code, notes, and snippets.

@arsperger

arsperger/troubleshoot_tls_sip_sngrep.md

Last active July 30, 2021 15:36
Show Gist options
  • Save arsperger/7fa8269d6352f6144a870a181ec96696 to your computer and use it in GitHub Desktop.
Save arsperger/7fa8269d6352f6144a870a181ec96696 to your computer and use it in GitHub Desktop.
Download ZIP
Troubleshoot TLS SIP sngrep
Raw
troubleshoot_tls_sip_sngrep.md

Troubleshoot TLS SIP traffic

HEP/EEP version 3 packets work only with sngrep 1.4.7 and above

cat <<EOF >> ~/.sngrep
set capture.device lo
set eep.listen on
set eep.listen.version 2
set eep.listen.address 127.0.0.1
set eep.listen.port 8888
EOF

opensips setup

socket=hep_udp:127.0.0.1:6060 use_workers 1 ...

loadmodule "proto_hep.so"
modparam("proto_hep", "hep_id", "[hid] 127.0.0.1:8888; transport=udp; version=3" )

loadmodule "tracer.so"
modparam("tracer", "trace_on", 0)
modparam("tracer", "trace_id", "[tid]uri=sip:8.8.8.8:5060")
modparam("tracer", "trace_id", "[tid]uri=hep:hid")

Two tid is OK, this will send hep to local sngrep and sip to fake IP.

Sending to fake IP is useful in case if you need to catch RTP.

Create a TRACER route, catch dialog requests and transactions

route {
  if (!has_totag()) {
    if(is_method("INVITE") ) {
      trace("tid", "d", "sip");
    }
  } else {
    trace("tid", "t", "sip");
  }
  ...
}

If we want to trace locally generated requests, we setup tracing in the local_route route:

onreply_route[local_route_reply_handle] {
  trace("tid", "m", "sip");
}
local_route {
  trace("tid", "m", "sip");
  t_on_reply("local_route_reply_handle");
  ...
}

capturing

opensips-cli -x mi trace mode=on
opensips-cli -x mi trace mode=on id=tid
sngrep --calls -f /root/.sngrep

kamailio setup

loadmodule "siptrace.so"
  modparam("siptrace", "trace_mode", 0)
  modparam("siptrace", "trace_to_database", 0)
  modparam("siptrace", "trace_on", 1)
  modparam("siptrace", "duplicate_uri", "sip:127.0.0.1:8888")
  modparam("siptrace", "hep_mode_on", 1)
  modparam("siptrace", "hep_version", 2)
  modparam("siptrace", "hep_capture_id", 1)

At the beginning of the main request_route we trace all transactions:

request_route {
  sip_trace_mode("t");
  ...
}

We want to trace also relayed ACKs and we do that in the onsend_route:

onsend_route {
  if (is_method("ACK")) {
    sip_trace();
  }
}

We want to trace locally generated requests, we setup tracing in the tm:local-request route:

onreply_route[local_request] {
  sip_trace();
}
event_route[tm:local-request] {
  t_on_reply("local_request");
  sip_trace();
}

reference:

https://voipembedded.wordpress.com/ https://kamailio.org/docs/modules/5.5.x/modules/sipcapture.html https://opensips.org/docs/modules/3.0.x/tracer.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment