背景
上章我们介绍了siptrace模块,可以把sip信令存储到数据库或者发送给第三方的Hep server中,
本章sipdump模块,可以记录sip信令到文件。
kamailio的siptrace+sipdump= opensips的tracer模块, opensips的tracer之前的章节有介绍,可以查看。
但是在存文件的功能上, opensips比较单一,kamailio可以自动回滚文件,删除过期文件,多种文件类型。
kamailio的官方推荐:
- 开发环境使用
sipdump
- 生产环境使用
siptrace或者sipcapture 发送给Homer
sipdump的官方文档地址:sipdump, 本次测试的kamailio版本是:
version: kamailio 5.8.5 (x86_64/linux)
配置参数分析
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
# 是否开启,默认0
modparam("sipdump", "enable", 1)
# bit位置: 0,写到text文件;1,产生event route;2,写到pcap文件;3, 添加`P-KSR-SIPDump`头到SIP消息,然后写到pcap文件
modparam("sipdump", "mode", 3)
# 当没有sip消息到时等待多少毫秒,默认100
modparam("sipdump", "wait", 2000)
# 文件回滚的时间间隔,默认7200秒
modparam("sipdump", "rotate", 3600)
# 文件保存路径
modparam("sipdump", "folder", "/run/kamailio")
# 文件名前缀,默认kamailio-sipdump-, yyyy-mm-dd-hh-mm-ss会追加到前缀后面
modparam("sipdump", "fprefix", "ksipdump-")
# 创建多久的文件被删除,单位s, 清除的定时器每10分钟执行一次,默认0,不删除。
modparam("sipdump", "fage", 172800) # 2days
|
mode 是按位算的,二进制1: 写text文件, 10 执行event route, 100: 写pcap文件, 1000: 添加P-KSR-SIPDump头到SIP消息,然后写到pcap文件
modparam("sipdump", "mode", 3) 3就是11,
函数
sipdump_send(tag)
发送当前的SIP消息到写进程,然后存文件. tag可以是任何字符串。
实战
配置示例
1
2
3
4
5
6
7
8
9
10
11
|
loadmodule "sipdump.so"
modparam("sipdump", "enable", 1)
modparam("sipdump", "mode", 3)
modparam("sipdump", "wait", 2000)
modparam("sipdump", "rotate", 3600)
modparam("sipdump", "folder", "/run/kamailio")
modparam("sipdump", "fage", 172800)
event_route[sipdump:msg] {
xinfo("[$sipdump(tag)] [[$sipdump(buf)]]\n");
}
|
效果
mode = 3
- 注册
-
event_route[sipdump:msg]会打印出注册的SIP消息。
rev: 收到SIP消息, snd: 发送SIP消息
-
保存的文件/run/kamailio/
如果设置modparam("sipdump", "rotate", 60), 60s的效果:
可以看到如果在60s之后,有新的sip信息产生,那么会记录到新的文件。
-
kamailio-sipdump-2025-04-03–10-49-15.data 数据内容:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
====================
tag: rcv
pid: 5744
process: 2
time: 1743648555.167981
date: Thu Apr 3 10:49:15 2025
proto: udp ipv4
srcip: 172.16.80.3
srcport: 65398
dstip: 172.16.4.113
dstport: 5460
~~~~~~~~~~~~~~~~~~~~
REGISTER sip:172.16.4.113:5460 SIP/2.0
Via: SIP/2.0/UDP 172.16.80.3:65398;rport;branch=z9hG4bKPj220c0fe63bb746879d404a28e02066c4
Max-Forwards: 70
From: <sip:1002@172.16.4.113>;tag=ffd48e15af3642fb91df63ee47130c6a
To: <sip:1002@172.16.4.113>
Call-ID: 958acb18b530498191314703f7abbf88
CSeq: 28845 REGISTER
User-Agent: MicroSIP/3.21.6
Contact: <sip:1002@172.16.80.3:65398;ob>
Expires: 0
Content-Length: 0
||||||||||||||||||||
====================
tag: snd
pid: 5744
process: 2
time: 1743648555.168626
date: Thu Apr 3 10:49:15 2025
proto: udp ipv4
srcip: 172.16.4.113
srcport: 5460
dstip: 172.16.80.3
dstport: 65398
~~~~~~~~~~~~~~~~~~~~
SIP/2.0 200 OK
Via: SIP/2.0/UDP 172.16.80.3:65398;rport=65398;received=172.16.80.3;branch=z9hG4bKPj220c0fe63bb746879d404a28e02066c4
From: <sip:1002@172.16.4.113>;tag=ffd48e15af3642fb91df63ee47130c6a
To: <sip:1002@172.16.4.113>;tag=ca36158e07626139fe33104dfec02b96.6776fc32
Call-ID: 958acb18b530498191314703f7abbf88
CSeq: 28845 REGISTER
Server: kamailio (5.8.5 (x86_64/linux))
Content-Length: 0
||||||||||||||||||||
====================
tag: rcv
pid: 5745
process: 3
time: 1743648555.947732
date: Thu Apr 3 10:49:15 2025
proto: udp ipv4
srcip: 172.16.80.3
srcport: 65398
dstip: 172.16.4.113
dstport: 5460
~~~~~~~~~~~~~~~~~~~~
REGISTER sip:172.16.4.113:5460 SIP/2.0
Via: SIP/2.0/UDP 172.16.80.3:65398;rport;branch=z9hG4bKPj8da8a9dd97df4c5581fe1001cf637b49
Max-Forwards: 70
From: <sip:1002@172.16.4.113>;tag=543412e2b3e74c24a73c619373266378
To: <sip:1002@172.16.4.113>
Call-ID: a7bf0e550c074020b45c2f304f8d6c9b
CSeq: 10448 REGISTER
User-Agent: MicroSIP/3.21.6
Contact: <sip:1002@172.16.80.3:65398;ob>
Expires: 200
Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, INFO, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS
Content-Length: 0
||||||||||||||||||||
====================
tag: snd
pid: 5745
process: 3
time: 1743648555.948576
date: Thu Apr 3 10:49:15 2025
proto: udp ipv4
srcip: 172.16.4.113
srcport: 5460
dstip: 172.16.80.3
dstport: 65398
~~~~~~~~~~~~~~~~~~~~
SIP/2.0 200 OK
Via: SIP/2.0/UDP 172.16.80.3:65398;rport=65398;received=172.16.80.3;branch=z9hG4bKPj8da8a9dd97df4c5581fe1001cf637b49
From: <sip:1002@172.16.4.113>;tag=543412e2b3e74c24a73c619373266378
To: <sip:1002@172.16.4.113>;tag=ca36158e07626139fe33104dfec02b96.f2184574
Call-ID: a7bf0e550c074020b45c2f304f8d6c9b
CSeq: 10448 REGISTER
Contact: <sip:1002@172.16.80.3:65398;ob>;expires=200
Server: kamailio (5.8.5 (x86_64/linux))
Content-Length: 0
||||||||||||||||||||
====================
|
- kamailio-sipdump-2025-04-03–10-49-15.meta 的内容:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
v: 1.0
version: kamailio 5.8.5
start: Thu Apr 3 10:49:04 2025
nrprocs: 46
process: 0 5741 main process - attendant
process: 1 5743 udp receiver child=0 sock=172.16.4.113:5460
process: 2 5744 udp receiver child=1 sock=172.16.4.113:5460
process: 3 5745 udp receiver child=2 sock=172.16.4.113:5460
process: 4 5746 udp receiver child=3 sock=172.16.4.113:5460
process: 5 5747 udp receiver child=4 sock=172.16.4.113:5460
process: 6 5748 udp receiver child=5 sock=172.16.4.113:5460
process: 7 5749 udp receiver child=6 sock=172.16.4.113:5460
process: 8 5750 udp receiver child=7 sock=172.16.4.113:5460
process: 9 5751 udp receiver child=0 sock=172.16.4.113:5464
process: 10 5752 udp receiver child=1 sock=172.16.4.113:5464
process: 11 5753 udp receiver child=2 sock=172.16.4.113:5464
process: 12 5754 udp receiver child=3 sock=172.16.4.113:5464
process: 13 5755 udp receiver child=4 sock=172.16.4.113:5464
process: 14 5756 udp receiver child=5 sock=172.16.4.113:5464
process: 15 5757 udp receiver child=6 sock=172.16.4.113:5464
process: 16 5758 udp receiver child=7 sock=172.16.4.113:5464
process: 17 5759 udp receiver child=0 sock=172.16.4.113:5465
process: 18 5760 udp receiver child=1 sock=172.16.4.113:5465
process: 19 5761 udp receiver child=2 sock=172.16.4.113:5465
process: 20 5762 udp receiver child=3 sock=172.16.4.113:5465
process: 21 5763 udp receiver child=4 sock=172.16.4.113:5465
process: 22 5764 udp receiver child=5 sock=172.16.4.113:5465
process: 23 5765 udp receiver child=6 sock=172.16.4.113:5465
process: 24 5766 udp receiver child=7 sock=172.16.4.113:5465
process: 25 5767 slow timer
process: 26 5768 timer
process: 27 5769 secondary timer
process: 28 5770 JSONRPCS FIFO
process: 29 5771 JSONRPCS DATAGRAM
process: 30 5772 USRLOC Timer
process: 31 5773 ctl handler
process: 32 5774 TIMER NH
process: 33 5775 WEBSOCKET KEEPALIVE
process: 34 5776 WEBSOCKET TIMER
process: 35 5777 Dialog Clean Timer
process: 36 5778 SIPDUMP WRITE TIMER
process: 37 5779 tcp receiver (generic) child=0
process: 38 5780 tcp receiver (generic) child=1
process: 39 5781 tcp receiver (generic) child=2
process: 40 5782 tcp receiver (generic) child=3
process: 41 5783 tcp receiver (generic) child=4
process: 42 5784 tcp receiver (generic) child=5
process: 43 5785 tcp receiver (generic) child=6
process: 44 5786 tcp receiver (generic) child=7
process: 45 5787 tcp main process
|
wss注册的情况:
- event_route 事件产生
.data数据:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
====================
tag: rcv
pid: 6301
process: 37
time: 1743651209.118606
date: Thu Apr 3 11:33:29 2025
proto: tls ipv4
srcip: 172.16.80.3
srcport: 53099
dstip: 172.16.4.113
dstport: 5462
~~~~~~~~~~~~~~~~~~~~
GET / HTTP/1.1
Host: sbc001.abc:5462
Connection: Upgrade
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
Upgrade: websocket
Origin: null
Sec-WebSocket-Version: 13
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: zh-CN,zh;q=0.9
Sec-WebSocket-Key: g+6VfakF0iemlALkcrqQzg==
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Sec-WebSocket-Protocol: sip
||||||||||||||||||||
====================
tag: rcv
pid: 6301
process: 37
time: 1743651209.122952
date: Thu Apr 3 11:33:29 2025
proto: wss ipv4
srcip: 172.16.80.3
srcport: 53099
dstip: 172.16.4.113
dstport: 5462
~~~~~~~~~~~~~~~~~~~~
REGISTER sip:sbc001.abc:5462 SIP/2.0
Via: SIP/2.0/WSS 247b5g7epaou.invalid;branch=z9hG4bK5563369
Max-Forwards: 69
To: <sip:1007@sbc001.abc:5462>
From: "1007" <sip:1007@sbc001.abc:5462>;tag=sagp76d6l3
Call-ID: a6g0dtj2pi05mnfrre5jjq
CSeq: 4 REGISTER
X-SBC: Dinstar Mediant
Contact: <sip:1007@247b5g7epaou.invalid;transport=ws>;+sip.ice;reg-id=1;+sip.instance="<urn:uuid:86509451-8dd3-4056-8273-756c451940fe>";expires=600
Expires: 600
Allow: INVITE,ACK,CANCEL,BYE,UPDATE,MESSAGE,OPTIONS,REFER,INFO,NOTIFY,SUBSCRIBE
Supported: path,gruu,outbound
User-Agent: Dinstar WebRTC SDK. Simple phone 1.17.0 Chrome/134
Content-Length: 0
||||||||||||||||||||
====================
tag: snd
pid: 6301
process: 37
time: 1743651209.123431
date: Thu Apr 3 11:33:29 2025
proto: wss ipv4
srcip: 172.16.4.113
srcport: 5462
dstip: 172.16.80.3
dstport: 53099
~~~~~~~~~~~~~~~~~~~~
SIP/2.0 200 OK
Via: SIP/2.0/WSS 247b5g7epaou.invalid;branch=z9hG4bK5563369;rport=53099;received=172.16.80.3
To: <sip:1007@sbc001.abc:5462>;tag=ca36158e07626139fe33104dfec02b96.ccae0000
From: "1007" <sip:1007@sbc001.abc:5462>;tag=sagp76d6l3
Call-ID: a6g0dtj2pi05mnfrre5jjq
CSeq: 4 REGISTER
Contact: <sip:1007@172.16.80.3:53099;transport=ws>;expires=600;received="sip:172.16.80.3:53099;transport=ws";+sip.instance="<urn:uuid:86509451-8dd3-4056-8273-756c451940fe>";reg-id=1
Server: kamailio (5.8.5 (x86_64/linux))
Content-Length: 0
||||||||||||||||||||
|
mode = 4
- 注册
-
日志这块确实没有event_route事件产生:
-
保存的文件/run/kamailio/:
产生了.pcap和.meta文件, .meta和上面的一样,就不看了,使用wireshark打开.pcap文件,看到的效果:
-
wss 的.pcap内容:
可以看到, kamailio把wss解析后转成了udp存储到.pcap文件中.
mode = 12
不能mode=8,必须是8+4(写pcap文件+P-KSR-SIPDump头)
-
wss注册
- 产生的
.pcap文件,使用wireshark打开之后的结果:
可以看到还是把wss解析后转成了udp存储到.pcap文件中. REGISTER信令带了P-KSR-SIPDump头。
回复的200OK也是带了P-KSR-SIPDump头:
使用sipdump_send
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
loadmodule "sipdump.so"
modparam("sipdump", "enable", 1)
modparam("sipdump", "mode", 3)
modparam("sipdump", "wait", 2000)
modparam("sipdump", "rotate", 60)
modparam("sipdump", "folder", "/run/kamailio")
modparam("sipdump", "fage", 120)
route[REGISTRAR] {
if (!is_method("REGISTER")) return;
sipdump_send("reg");# 跟踪REGISTER信令
if(isflagset(FLT_NATS)) {
}
}
|
查看生成的.data数据,可以看到有tag为reg的进来数据:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
====================
tag: rcv
pid: 6710
process: 37
time: 1743663241.182846
date: Thu Apr 3 14:54:01 2025
proto: tls ipv4
srcip: 172.16.80.3
srcport: 3757
dstip: 172.16.4.113
dstport: 5462
~~~~~~~~~~~~~~~~~~~~
GET / HTTP/1.1
Host: sbc001.abc:5462
Connection: Upgrade
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
Upgrade: websocket
Origin: null
Sec-WebSocket-Version: 13
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: zh-CN,zh;q=0.9
Sec-WebSocket-Key: FEb0cVfwgJRa4dJrL5Ping==
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Sec-WebSocket-Protocol: sip
||||||||||||||||||||
====================
tag: rcv
pid: 6710
process: 37
time: 1743663241.198303
date: Thu Apr 3 14:54:01 2025
proto: wss ipv4
srcip: 172.16.80.3
srcport: 3757
dstip: 172.16.4.113
dstport: 5462
~~~~~~~~~~~~~~~~~~~~
REGISTER sip:sbc001.abc:5462 SIP/2.0
Via: SIP/2.0/WSS v7xc2nukc192.invalid;branch=z9hG4bK5988756
Max-Forwards: 69
To: <sip:1007@sbc001.abc:5462>
From: "1007" <sip:1007@sbc001.abc:5462>;tag=uckhn179rv
Call-ID: vk44j9hdgsjohp5g5m63tr
CSeq: 12 REGISTER
X-SBC: Dinstar Mediant
Contact: <sip:1007@v7xc2nukc192.invalid;transport=ws>;+sip.ice;reg-id=1;+sip.instance="<urn:uuid:91dfb460-6e55-465c-a3fa-df50b4a8e284>";expires=600
Expires: 600
Allow: INVITE,ACK,CANCEL,BYE,UPDATE,MESSAGE,OPTIONS,REFER,INFO,NOTIFY,SUBSCRIBE
Supported: path,gruu,outbound
User-Agent: Dinstar WebRTC SDK. Simple phone 1.17.0 Chrome/134
Content-Length: 0
||||||||||||||||||||
====================
tag: reg
pid: 6710
process: 37
time: 1743663241.198688
date: Thu Apr 3 14:54:01 2025
proto: wss ipv4
srcip: 172.16.80.3
srcport: 3757
dstip: 172.16.4.113
dstport: 5462
~~~~~~~~~~~~~~~~~~~~
REGISTER sip:sbc001.abc:5462 SIP/2.0
Via: SIP/2.0/WSS v7xc2nukc192.invalid;branch=z9hG4bK5988756
Max-Forwards: 68
To: <sip:1007@sbc001.abc:5462>
From: "1007" <sip:1007@sbc001.abc:5462>;tag=uckhn179rv
Call-ID: vk44j9hdgsjohp5g5m63tr
CSeq: 12 REGISTER
X-SBC: Dinstar Mediant
Contact: <sip:1007@v7xc2nukc192.invalid;transport=ws>;+sip.ice;reg-id=1;+sip.instance="<urn:uuid:91dfb460-6e55-465c-a3fa-df50b4a8e284>";expires=600
Expires: 600
Allow: INVITE,ACK,CANCEL,BYE,UPDATE,MESSAGE,OPTIONS,REFER,INFO,NOTIFY,SUBSCRIBE
Supported: path,gruu,outbound
User-Agent: Dinstar WebRTC SDK. Simple phone 1.17.0 Chrome/134
Content-Length: 0
||||||||||||||||||||
====================
tag: snd
pid: 6710
process: 37
time: 1743663241.198832
date: Thu Apr 3 14:54:01 2025
proto: wss ipv4
srcip: 172.16.4.113
srcport: 5462
dstip: 172.16.80.3
dstport: 3757
~~~~~~~~~~~~~~~~~~~~
SIP/2.0 200 OK
Via: SIP/2.0/WSS v7xc2nukc192.invalid;branch=z9hG4bK5988756;rport=3757;received=172.16.80.3
To: <sip:1007@sbc001.abc:5462>;tag=ca36158e07626139fe33104dfec02b96.94ce0000
From: "1007" <sip:1007@sbc001.abc:5462>;tag=uckhn179rv
Call-ID: vk44j9hdgsjohp5g5m63tr
CSeq: 12 REGISTER
Contact: <sip:1007@172.16.80.3:3757;transport=ws>;expires=600;received="sip:172.16.80.3:3757;transport=ws";+sip.instance="<urn:uuid:91dfb460-6e55-465c-a3fa-df50b4a8e284>";reg-id=1
Server: kamailio (5.8.5 (x86_64/linux))
Content-Length: 0
||||||||||||||||||||
|
可以看到带reg只有进来的数据没有出去的数据,所以还要在回复的路由处加sipdump_send("reg");。
根据目前的场景看,此函数有点鸡肋。
总结
- 只要写的是文件,就会产生两个文件
.data或.pcap和.meta
kamailio会把wss解析后转成udp存储到.pcap文件中.- 当
fage的时间到了之后,真的会把过时的文件删除掉。
