sr-dev December 2012

sr-dev@lists.kamailio.org

34 participants
438 discussions

by Juha Heinanen

ice seems to be at least in theory supported by several sip clients: baresip, csipsimple, pjsip based clients, etc. one of the problems of ice is that is uses turn protocol to find ip addresses/ports of relays in case end-to-end connectivity cannot be established otherwise. turn server, on the other hand, must authenticates its clients. this doubles authentication work and, worse, a single turn server does not seem to be able to handle more than one domain. having each domain its own turn server is clearly not a scalable solution. so life would be easier without turn servers. mediaproxy module has solved this problem so that it adds the ice relay candidates to sdp on behalf of ice clients and therefore no separate turn servers nor turn client authentication are needed. have people who have worked on rtpproxy or mediaproxy-ng considered supporting ice in the way mediaproxy modules does today? any other thoughts about this? -- juha

11 years, 10 months

Freezing for next major release

by Daniel-Constantin Mierla

Hello, based on last irc devel meeting and feedback afterwards, most of the people seem to be fine releasing next major release a bit earlier, in order to: - make websockets support and the other new features available in a stable version - allow proper development time frame for other planned new features that wouldn't have been ready if the release would be 1-2 months later So, considering the winter holidays, I propose to freeze development on January 7, 2013, with full release about one month later. It seems that many people are already using devel version to play with websockets, meaning that we are staying very well with testing. Other opinions? Cheers, Daniel -- Daniel-Constantin Mierla - http://www.asipto.com http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda

11 years, 10 months

git:master: usrloc(k): option to store xavp per contact

by Daniel-Constantin Mierla

Module: sip-router Branch: master Commit: e6ad428f6699621b7ee622984eeea3e3e2f6cb80 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=e6ad428… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: Mon Dec 24 10:03:10 2012 +0100 usrloc(k): option to store xavp per contact - stored only in memory for the moment - the xavp can contain a list of xavps - new config parameter to specify the name of xavp --- modules_k/usrloc/README | 107 +++++++++++++++++++-------------- modules_k/usrloc/doc/usrloc_admin.xml | 21 +++++++ modules_k/usrloc/ucontact.c | 46 ++++++++++++++ modules_k/usrloc/ul_mod.c | 6 ++ modules_k/usrloc/ul_mod.h | 1 + modules_k/usrloc/usrloc.h | 9 +++ 6 files changed, 144 insertions(+), 46 deletions(-) Diff: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commitdiff;h=e6a…

11 years, 10 months

patches to no_naptr_srv_sip_resolvehost()

by Daniel-Constantin Mierla

Hello, please check the two patches I committed to your recently added function: 1) this is for trying all protocols in SRV -- if I didn't get it wrong, that should be done when no protocol is set. It seemed that was done when a protocol is set. Check it to be sure I haven't misunderstood. http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=17b3c70… 2) catch ip addresses - your function was replacing srv_sip_resolvehost(), which catches IP addresses. no_naptr_srv_sip_resolvehost() is wrapper of srv_sip_resolvehost() only for no-cache mode, for cache mode it calls dns_srv_get_he(). I haven't gotten deep in the code, but Juha reported a dns related error when trying to resolve IP addresses. The only change seems to be the new function introduced. http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=b2e5040… Cheers, Daniel -- Daniel-Constantin Mierla - http://www.asipto.com http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda

11 years, 10 months

avps in onreply_route

by Juha Heinanen

when reading mediaproxy module ice related sections, i found this: 5.7. ice_candidate_avp (string) Specification of the AVP which holds the ICE candidate that will be inserted in the SDP. The value specified in this AVP will override the value in ice_candidate module parameter. Note that if use_media_proxy() and end_media_session() functions are being used, the AVP will not be available in the reply route unless you set onreply_avp_mode from the tm module to '1', and if the AVP is not set, the default value will be used. kamailio tm module does not have onreply_avp_mode parameter. is it so that avps are automatically available in kamailio onreply_routes? if so, i'll fix the above text. -- juha ps. how mediaproxy module/madiaproxy handle ice makes sense to me, because it avoids the need for a separate turn server with its authentication problems.

11 years, 10 months

All The Best And A Happy 2013!

by Daniel-Constantin Mierla

This was it for 2012, one of the greatest years in the history of the project! One major release was done in the summer (version 3.3.x), another one is few days before testing phase, most probably to be out by mid of February. The next major release includes several great features and edevelopments: - support for websockets - IMS extensions in the main GIT branch - no more duplicated modules, integration of Kamailio and SER ended There are big plans for 2013. First is the next major release, together with participation at FOSDEM conference in Berlin. A bunch of other events will open the path to our first dedicated conference for Kamailio project - Kamailio World. We hope to meet many of you at Kamailio World conference, in Berlin, Germany, during April 16-17. Last organizing bits were sorted out and registration will open in the first days of 2013 -- you can see more details at: - http://conference.kamailio.com Looking forward to a great 2013 for Kamailio and everyone involved in the project, from developers to community members! All the best! Happy New Year! Daniel -- Daniel-Constantin Mierla - http://www.asipto.com http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda

11 years, 10 months

git:pd/outbound: Merge branch 'master' into outbound

by Peter Dunkley

Module: sip-router Branch: pd/outbound Commit: e2d144bd76f327ce7c52914ed0462f415e7d06a7 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=e2d144b… Author: Peter Dunkley <peter.dunkley(a)crocodile-rcs.com> Committer: Peter Dunkley <peter.dunkley(a)crocodile-rcs.com> Date: Mon Dec 31 17:12:01 2012 +0000 Merge branch 'master' into outbound * master: parser/sdp: added check on body length when looking for 'a=candidate:' parser/sdp: added 'a:remote-candidates' media stream attribute ---

11 years, 10 months

git:pd/outbound: modules_k/outbound: first draft of outbound module documentation

by Peter Dunkley

Module: sip-router Branch: pd/outbound Commit: 4a418276b50212feb3ef4d659c42e6772fc9fcd7 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=4a41827… Author: Peter Dunkley <peter.dunkley(a)crocodile-rcs.com> Committer: Peter Dunkley <peter.dunkley(a)crocodile-rcs.com> Date: Mon Dec 31 17:11:30 2012 +0000 modules_k/outbound: first draft of outbound module documentation --- modules_k/outbound/README | 129 +++++++++++++++++++++++++++- modules_k/outbound/doc/outbound_admin.xml | 121 ++++++++++++++++++++++++++- 2 files changed, 240 insertions(+), 10 deletions(-) diff --git a/modules_k/outbound/README b/modules_k/outbound/README index 7feab22..438ebb3 100644 --- a/modules_k/outbound/README +++ b/modules_k/outbound/README @@ -12,32 +12,123 @@ Peter Dunkley 1. Admin Guide 1. Overview + + 1.1. Edge Proxy Keep-Alives (STUN) + 1.2. Flow Timer + 2. Dependencies 2.1. Kamailio Modules 2.2. External Libraries or Applications 3. Parameters + + 3.1. force_outbound_bflag (integer) + 3.2. flow_token_key (string) + 4. Functions 5. MI Commands + List of Examples + + 1.1. Compiling Kamailio with STUN support + 1.2. Edge Proxy Configuration + 1.3. Registrar Configuration + 1.4. Set force_outbound_bflag parameter + 1.5. Set flow_token_key parameter + Chapter 1. Admin Guide Table of Contents 1. Overview + + 1.1. Edge Proxy Keep-Alives (STUN) + 1.2. Flow Timer + 2. Dependencies 2.1. Kamailio Modules 2.2. External Libraries or Applications 3. Parameters + + 3.1. force_outbound_bflag (integer) + 3.2. flow_token_key (string) + 4. Functions 5. MI Commands 1. Overview - ... + 1.1. Edge Proxy Keep-Alives (STUN) + 1.2. Flow Timer + + This module provides C-API functions to enable Kamailio to be used as + an outbound Edge Proxy (see RFC 5626 section 5). + + The path and rr will bind to this module if it is loaded before they + are. + +1.1. Edge Proxy Keep-Alives (STUN) + + Outbound Edge Proxies MUST support STUN NAT keep-alives on their SIP + UDP ports. Kamailio supports this as a compile-time option that is + disabled by default. + + Example 1.1. Compiling Kamailio with STUN support +make FLAVOUR=kamailio cfg STUN=1 +make all + +1.2. Flow Timer + + The maximum interval at which a User Agent must send a keep-alive may + be specified by the Registrar using the Flow-Timer: header in 2xx + responses to REGISTERs. + + When using TCP or TLS as the SIP transport care should be taken to set + the “tcp_connection_lifetime” on the Edge Proxy to a value slightly + larger than the interval the Registrar is using for flow timer. Setting + “tcp_connection_lifetime” to less than the interval could cause + connections to be lost, and setting it to a value much larger than the + interval will keep connections open far longer than is required (which + is wasteful). + + Application-layer keep-alives are optional when the underlying + transport already has a keep-alive mechanism. The WebSocket transport + has a transport-layer keep-alive. When using the WebSocket transport + the “keepalive_timeout” should be set to a value a little greater than + the Registrar flow timer interval and a little less than the + “tcp_connection_lifetime”. + + Example 1.2. Edge Proxy Configuration +... +#!define FLOW_TIMER 20 +... +tcp_connection_lifetime=FLOW_TIMER+10 +... +loadmodule "websocket.so" +loadmodule "outbound.so" +loadmodule "rr.so" +loadmodule "path.so" +... +modparam("websocket", "keepalive_timeout", FLOW_TIMER+5) +... +modparam("outbound", "flow_token_key", "!!!Kamailio rocks!!!") +... +###TBD### + + Example 1.3. Registrar Configuration +... +#!define FLOW_TIMER 20 +... +tcp_connection_lifetime=FLOW_TIMER+10 +... +loadmodule "registrar.so" +... +modparam("registrar", "flow_timer", FLOW_TIMER) +... +###TBD### 2. Dependencies @@ -46,7 +137,8 @@ Chapter 1. Admin Guide 2.1. Kamailio Modules - ... + The following modules must be loaded before this module: + * None 2.2. External Libraries or Applications @@ -56,12 +148,39 @@ Chapter 1. Admin Guide 3. Parameters - ... + 3.1. force_outbound_bflag (integer) + 3.2. flow_token_key (string) + +3.1. force_outbound_bflag (integer) + + A branch flag which, if set for a request, will force path and rr to + add flow tokens to Path: and Record-Route: headers regardless of the + request contents. + + Default value is -1. + + Example 1.4. Set force_outbound_bflag parameter +modparam("outbound", "force_outbound_bflag", 1) + +3.2. flow_token_key (string) + + The outbound flow token is generated using the algorithm described in + RFC 5626 section 5.2. This algorithm requires a 20 octet crypto random + key that is unique for each Edge Proxy. + +Note + + If this 20 character string is not set Kamailio will not start. + + Default value is: "". + + Example 1.5. Set flow_token_key parameter +modparam("outbound", "flow_token_key", "!!!Kamailio rocks!!!") 4. Functions - ... + None 5. MI Commands - ... + None diff --git a/modules_k/outbound/doc/outbound_admin.xml b/modules_k/outbound/doc/outbound_admin.xml index 0a08053..de3e3d3 100644 --- a/modules_k/outbound/doc/outbound_admin.xml +++ b/modules_k/outbound/doc/outbound_admin.xml @@ -15,14 +15,94 @@ <section> <title>Overview</title> - <para>...</para> + <para>This module provides C-API functions to enable &kamailio; to be + used as an outbound Edge Proxy (see RFC 5626 section 5).</para> + <para>The <emphasis>path</emphasis> and <emphasis>rr</emphasis> will + bind to this module if it is loaded before they are.</para> + <section> + <title>Edge Proxy Keep-Alives (STUN)</title> + <para>Outbound Edge Proxies MUST support STUN NAT keep-alives + on their SIP UDP ports. &kamailio; supports this as a + compile-time option that is disabled by default.</para> + <example> + <title>Compiling &kamailio; with STUN support</title> + <programlisting><![CDATA[ +make FLAVOUR=kamailio cfg STUN=1 +make all +]]></programlisting> + </example> + </section> + <section> + <title>Flow Timer</title> + <para>The maximum interval at which a User Agent must send a + keep-alive may be specified by the Registrar using the + Flow-Timer: header in 2xx responses to REGISTERs.</para> + <para>When using TCP or TLS as the SIP transport care should + be taken to set the <quote>tcp_connection_lifetime</quote> + on the Edge Proxy to a value slightly larger than the interval + the Registrar is using for flow timer. Setting + <quote>tcp_connection_lifetime</quote> to less than the + interval could cause connections to be lost, and setting it + to a value much larger than the interval will keep connections + open far longer than is required (which is wasteful).</para> + <para>Application-layer keep-alives are optional when the + underlying transport already has a keep-alive mechanism. The + WebSocket transport has a transport-layer keep-alive. When + using the WebSocket transport the + <quote>keepalive_timeout</quote> should be set to a value + a little greater than the Registrar flow timer interval and a + little less than the <quote>tcp_connection_lifetime</quote>. + </para> + </section> + <example> + <title>Edge Proxy Configuration</title> + <programlisting><![CDATA[ +... +#!define FLOW_TIMER 20 +... +tcp_connection_lifetime=FLOW_TIMER+10 +... +loadmodule "websocket.so" +loadmodule "outbound.so" +loadmodule "rr.so" +loadmodule "path.so" +... +modparam("websocket", "keepalive_timeout", FLOW_TIMER+5) +... +modparam("outbound", "flow_token_key", "!!!Kamailio rocks!!!") +... +###TBD### +]]></programlisting> + </example> + <example> + <title>Registrar Configuration</title> + <programlisting><![CDATA[ +... +#!define FLOW_TIMER 20 +... +tcp_connection_lifetime=FLOW_TIMER+10 +... +loadmodule "registrar.so" +... +modparam("registrar", "flow_timer", FLOW_TIMER) +... +###TBD### +]]></programlisting> + </example> </section> <section> <title>Dependencies</title> <section> <title>&kamailio; Modules</title> - <para>...</para> + <para> + The following modules must be loaded before this module: + <itemizedlist> + <listitem> + <para><emphasis>None</emphasis></para> + </listitem> + </itemizedlist> + </para> </section> <section> @@ -42,17 +122,48 @@ <section> <title>Parameters</title> - <para>...</para> + <section> + <title><varname>force_outbound_bflag</varname> (integer)</title> + <para>A branch flag which, if set for a request, will force + <emphasis>path</emphasis> and <emphasis>rr</emphasis> to add + flow tokens to Path: and Record-Route: headers regardless of + the request contents.</para> + <para><emphasis>Default value is -1.</emphasis></para> + <example> + <title>Set <varname>force_outbound_bflag</varname> parameter + </title> + <programlisting format="linespecific"> +modparam("outbound", "force_outbound_bflag", 1) +</programlisting> + </example> + </section> + <section> + <title><varname>flow_token_key</varname> (string)</title> + <para>The outbound flow token is generated using the algorithm + described in RFC 5626 section 5.2. This algorithm requires a 20 + octet crypto random key that is unique for each Edge Proxy. + </para> + <note><para>If this 20 character string is not set &kamailio; + will not start.</para></note> + <para><emphasis>Default value is: "".</emphasis></para> + <example> + <title>Set <varname>flow_token_key</varname> parameter + </title> + <programlisting format="linespecific"> +modparam("outbound", "flow_token_key", "!!!Kamailio rocks!!!") +</programlisting> + </example> + </section> </section> <section> <title>Functions</title> - <para>...</para> + <para><emphasis>None</emphasis></para> </section> <section> <title>MI Commands</title> - <para>...</para> + <para><emphasis>None</emphasis></para> </section> </chapter>

11 years, 10 months

git:pd/outbound: modules_k/outbound: Corrected check on flow_token_key length

by Peter Dunkley

Module: sip-router Branch: pd/outbound Commit: 72d8e454f29174673cc80f9795ac8d564c2ca1bb URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=72d8e45… Author: Peter Dunkley <peter.dunkley(a)crocodile-rcs.com> Committer: Peter Dunkley <peter.dunkley(a)crocodile-rcs.com> Date: Mon Dec 31 17:11:14 2012 +0000 modules_k/outbound: Corrected check on flow_token_key length --- modules_k/outbound/ob_mod.c | 7 +++++++ 1 files changed, 7 insertions(+), 0 deletions(-) diff --git a/modules_k/outbound/ob_mod.c b/modules_k/outbound/ob_mod.c index 7234044..ff5e072 100644 --- a/modules_k/outbound/ob_mod.c +++ b/modules_k/outbound/ob_mod.c @@ -93,6 +93,13 @@ static int mod_init(void) else ob_key.len = strlen(ob_key.s); + if (ob_key.len != 20) + { + LM_ERR("flow_token_key wrong length. Expected 20 got %d\n", + ob_key.len); + return -1; + } + return 0; }

11 years, 10 months

git:pd/outbound: modules_k/outbound: decode_flow_token() returns different values when an error occurs and when the string obviously isn 't a flow-token

by Peter Dunkley

Module: sip-router Branch: pd/outbound Commit: dccab57430d0014b386a8f97ca6c8506a81402e7 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=dccab57… Author: Peter Dunkley <peter.dunkley(a)crocodile-rcs.com> Committer: Peter Dunkley <peter.dunkley(a)crocodile-rcs.com> Date: Mon Dec 31 13:43:15 2012 +0000 modules_k/outbound: decode_flow_token() returns different values when an error occurs and when the string obviously isn't a flow-token --- modules_k/outbound/ob_mod.c | 49 +++++++++++++++++++++++++++++-------------- 1 files changed, 33 insertions(+), 16 deletions(-) diff --git a/modules_k/outbound/ob_mod.c b/modules_k/outbound/ob_mod.c index c9e55eb..6f16b59 100644 --- a/modules_k/outbound/ob_mod.c +++ b/modules_k/outbound/ob_mod.c @@ -92,7 +92,7 @@ static int mod_init(void) return 0; } -/* Structure of flow token +/* Structure of flow-token <HMAC-SHA1-80><protocol><dst_ip><dst_port><src_ip><src_port> 10 + 1 + 4or16 + 2 + 16 + 2 @@ -143,16 +143,20 @@ int encode_flow_token(str *flow_token, struct receive_info rcv) unenc_flow_token[pos++] = (rcv.dst_port >> 8) & 0xff; unenc_flow_token[pos++] = rcv.dst_port & 0xff; - /* HMAC-SHA1 the calculated flow token, truncate to 80 bits, and - prepend onto the flow token */ - HMAC(EVP_sha1(), ob_key.s, ob_key.len, + /* HMAC-SHA1 the calculated flow-token, truncate to 80 bits, and + prepend onto the flow-token */ + if (HMAC(EVP_sha1(), ob_key.s, ob_key.len, &unenc_flow_token[FLOW_TOKEN_START_POS], pos - FLOW_TOKEN_START_POS, - hmac_sha1, NULL); + hmac_sha1, NULL) == NULL) + { + LM_ERR("HMAC-SHA1 failed\n"); + return -1; + } memcpy(unenc_flow_token, &hmac_sha1[SHA1_LENGTH - SHA1_80_LENGTH], SHA1_80_LENGTH); - /* base64 encode the entire flow token and store for the caller to + /* base64 encode the entire flow-token and store for the caller to use */ flow_token->s = pkg_malloc(base64_enc_len(pos)); if (flow_token->s == NULL) @@ -179,34 +183,47 @@ int decode_flow_token(struct receive_info *rcv, str flow_token) if (flow_token.s == NULL) { - LM_INFO("no flow token provided\n"); - return -1; + LM_INFO("no flow-token provided\n"); + return -2; } if (flow_token.len != base64_enc_len(UNENC_FLOW_TOKEN_MIN_LENGTH) && flow_token.len != base64_enc_len(UNENC_FLOW_TOKEN_MAX_LENGTH)) { - LM_INFO("bad flow token length. Length is %d, expected %d" + LM_INFO("bad flow-token length. Length is %d, expected %d" " or %d.\n", flow_token.len, UNENC_FLOW_TOKEN_MIN_LENGTH, UNENC_FLOW_TOKEN_MAX_LENGTH); - return -1; + return -2; } - /* base64 decode the flow token */ + /* base64 decode the flow-token */ flow_length = base64_dec((unsigned char *) flow_token.s, flow_token.len, unenc_flow_token, UNENC_FLOW_TOKEN_MAX_LENGTH); + if (flow_length == 0) + { + LM_INFO("not a valid base64 encoded string\n"); + return -2; + } + + /* At this point the string is the correct length and a valid + base64 string. It is highly unlikely that this is not meant to be + a flow-token. - /* HMAC-SHA1 the flow token (after the hash) and compare with the - truncated hash at the start of the flow token. */ - HMAC(EVP_sha1(), ob_key.s, ob_key.len, + HMAC-SHA1 the flow-token (after the hash) and compare with the + truncated hash at the start of the flow-token. */ + if (HMAC(EVP_sha1(), ob_key.s, ob_key.len, &unenc_flow_token[FLOW_TOKEN_START_POS], flow_length - FLOW_TOKEN_START_POS, - hmac_sha1, NULL); + hmac_sha1, NULL) == NULL) + { + LM_ERR("HMAC-SHA1 failed\n"); + return -1; + } if (memcmp(unenc_flow_token, &hmac_sha1[SHA1_LENGTH - SHA1_80_LENGTH], SHA1_80_LENGTH) != 0) { - LM_INFO("flow token failed validation\n"); + LM_ERR("flow-token failed validation\n"); return -1; }

11 years, 10 months

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev December 2012