Hi,
If you want the signaling that is encrypted see in plaintext you can use Kamailio module siptrace. sipdump and sipcapture maybe also good for that, I didn't use these.
Krzysztof Drewicz kdrewicz+kamailio@cludo.pl schrieb am Mi., 25. Jan. 2023, 16:33:
pt., 20 sty 2023 o 18:13 Richard Fuchs rfuchs@sipwise.com napisał(a):
You just need one invocation each: one for the offer, one for the answer. (Assuming single offer/answer exchange and no branches.)
You can use rtpengine_manage() for either of them if you want to let the module figure out whether the message is an offer or an answer. But you will want to use different flags for the two cases, mostly depending on where the message is going to.
Thanks!
you were right (obviously)
If the message is going to a plain RTP (non-SRTP, non-ICE, etc) client, use "RTP/AVP ICE=remove" etc. If the message is going to an SRTP, ICE-enabled client, use "RTP/SAVPF ICE=force" etc.
That is 100% true, also pad-crypto.
If you want to manually distinguish between offers and answers instead of using rtpengine_manage(),
Nope, no need for that, just doing simple POC that - it could work.
Still - my encrypted party plays tricks with, me, is there a way - to see unencrypted traffic towards TLS endpoint (maybe a simple pcap before encryption or dumping in plain text somewhere),
my party needs a R-URI - blahblahblah.byoc.mypurecloud.de, so i do this:
if(proto != TLS) { xlog("L_INFO", "[R-MAIN] from my ciamajda to my gienio non tls $ru from $si\n"); if (!ds_select_dst("19", "0")) { xwarn("I:$var(i) DROP(DOWN!) FWD:$rm [$fU->$tU] [SBCVIP] to $du\n"); sl_send_reply("503", "Destination down"); exit; } xlog("L_INFO","Request URI was -> [$ou] [$ru] [$rU]\n");
rewritehostporttrans("blahblahblah.byoc.mypurecloud.de:5061 ;transport=tls"); xlog("L_INFO","Request URI changed MAM [$ou] [$ru] [$rU]\n");
in dispach.list:
17 SIP:blahblahblah.byoc.mypurecloud.de:5061;transport=tls 0 1 socket=tls:1.2.3.24:5061 18 SIP:blahblahblah.byoc.mypurecloud.de:5061;transport=tls 19 SIP:blahblahblah.byoc.mypurecloud.de:5061;transport=tls 0 1 socket=tls:1.2.3.24:5061;ping_from=sip:myfqdnsbc.realhostname.gq
(mod dispatcher - as I believe can and whould give options via TLS - right ?)
Any hints? Maybe someone has already tried and succeeded with mypurecloud ? (not so popular like o365/ms-teams trunking but still)
thanks, __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: