Hi list, upgrade to 5.1.2 broke my setup due to some different behaviour in rtpengine.so.
I use:
rtpengine_manage("DTLS=off ICE=remove");
1. I don't send any rtpengine_manage flags (RTP UDP SAVP). UAC sends RTP/SAVP in SDP, rtpengine changes to UDP/TLS/RTP/SAVP.
Reverted to 5.1.1, and see that rtpengine sends RTP/SAVP
2. To SDP body, rtpengine is adding:
a=setup:actpass a=fingerprint:sha-1 D6:D7:DA:AA:2D:DB:AD:94:29:46:FA:C4:D8:AE:0F:03:96:6F:8A:4F
For some reason this broke FreeSWITCH which does not like this.
Anthony
Hello,
what UAC is there and what version of freeswitch you are using?
According to RFC 5764 the token shall be UDP/TLS/RTP/SAVPF:
8 Session Description for RTP/SAVP over DTLS
This specification defines new tokens to describe the protocol used in SDP media descriptions ("m=" lines and their associated parameters). The new values defined for the proto field are:
o When a RTP/SAVP or RTP/SAVPF [RFC5124] stream is transported over DTLS with the Datagram Congestion Control Protocol (DCCP), then the token SHALL be DCCP/TLS/RTP/SAVP or DCCP/TLS/RTP/SAVPF respectively.
o When a RTP/SAVP or RTP/SAVPF stream is transported over DTLS with UDP, the token SHALL be UDP/TLS/RTP/SAVP or UDP/TLS/RTP/SAVPF respectively.
Can you try adding transport-protocol=RTP/SAVP ?
I will try to see what solution can be added to make it flexible to work in both cases...
Cheers, Daniel
On 02.03.18 09:38, Anthony Alba wrote:
Hi list, upgrade to 5.1.2 broke my setup due to some different behaviour in rtpengine.so.
I use:
rtpengine_manage("DTLS=off ICE=remove");
- I don't send any rtpengine_manage flags (RTP UDP SAVP). UAC sends
RTP/SAVP in SDP, rtpengine changes to UDP/TLS/RTP/SAVP.
Reverted to 5.1.1, and see that rtpengine sends RTP/SAVP
- To SDP body, rtpengine is adding:
a=setup:actpass a=fingerprint:sha-1 D6:D7:DA:AA:2D:DB:AD:94:29:46:FA:C4:D8:AE:0F:03:96:6F:8A:4F
For some reason this broke FreeSWITCH which does not like this.
Anthony
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
If it was not clear, adding transport-protocol=RTP/SAVP is to rtpengine_manage() parameter.
Cheers, Daniel
On 02.03.18 09:58, Daniel-Constantin Mierla wrote:
Hello,
what UAC is there and what version of freeswitch you are using?
According to RFC 5764 the token shall be UDP/TLS/RTP/SAVPF:
8 Session Description for RTP/SAVP over DTLS This specification defines new tokens to describe the protocol used in SDP media descriptions ("m=" lines and their associated parameters). The new values defined for the proto field are: o When a RTP/SAVP or RTP/SAVPF [RFC5124] stream is transported over DTLS with the Datagram Congestion Control Protocol (DCCP), then the token SHALL be DCCP/TLS/RTP/SAVP or DCCP/TLS/RTP/SAVPF respectively. o When a RTP/SAVP or RTP/SAVPF stream is transported over DTLS with UDP, the token SHALL be UDP/TLS/RTP/SAVP or UDP/TLS/RTP/SAVPF respectively.Can you try adding transport-protocol=RTP/SAVP ?
I will try to see what solution can be added to make it flexible to work in both cases...
Cheers, Daniel
On 02.03.18 09:38, Anthony Alba wrote:
Hi list, upgrade to 5.1.2 broke my setup due to some different behaviour in rtpengine.so.
I use:
rtpengine_manage("DTLS=off ICE=remove");
- I don't send any rtpengine_manage flags (RTP UDP SAVP). UAC sends
RTP/SAVP in SDP, rtpengine changes to UDP/TLS/RTP/SAVP.
Reverted to 5.1.1, and see that rtpengine sends RTP/SAVP
- To SDP body, rtpengine is adding:
a=setup:actpass a=fingerprint:sha-1 D6:D7:DA:AA:2D:DB:AD:94:29:46:FA:C4:D8:AE:0F:03:96:6F:8A:4F
For some reason this broke FreeSWITCH which does not like this.
Anthony
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla www.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio Advanced Training - March 5-7, 2018, Berlin - www.asipto.com Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com
On Fri, Mar 02, 2018 at 09:58:15AM +0100, Daniel-Constantin Mierla wrote:
Hello,
what UAC is there and what version of freeswitch you are using?
The UACs are based on PJSIP 2.7 and FreeSWITCH is 1.6.20.
I am using SDES (not DTLS) so I set:
rtpengine_manage("DTLS=off ICE=remove");
Now there are two changes:
1. SDP is changed from RTP/SAVP to UDP/TLS/RTP/SAVP. Since the UACs are not using DTLS, the connection is dropped. When I set transport-protocol=RTP/SAVP it works.
I think DTLS/SDES is misdetected by the module.
2. After fixing transport=protocol I have a different problem with FreeSWITCH (conference bridge). I compare working SDP with non-working SDP. The only difference is two lines
a=setup:actpass a=fingerprint:xxxxxxxxxxxxxxxxxxx
I do not know why rtpengine decided to add them in. In 5.1.1 they are not there, and in 5.1.2 they suddenly appeared. When I sniff the traffic I confirm that the UAC did not add those lines and they definitely come back from rtpengine.
rtpengine is 6.0.1
Thanks Anthony
I compared the commands from kamailio->rtpengine between 5.1.1 and 5.1.2.
5.1.2 is ignoring DTLS=off:
5.1.1 "Good" SDP b'record-call': b'on', b'DTLS': b'off', b'ICE': b'remove', b'transport-protocol': b'RTP/SAVP', b'call-id': b'9074afcb-0c7d-4b0d-b99f-e97634d077dd', b'received-from': [b'IP4', b'10.13.20.14'], b'from-tag': b'45a0d471-4ab2-48c6-b4fc-0b932ce90195', b'command': b'offer'}
5.1.2 "Bad" SDP b'record-call': b'on', b'ICE': b'remove', b'transport-protocol': b'UDP/TLS/RTP/SAVP', b'call-id': b'be76321a-0072-4d91-a691-d1ab7a8ae46e', b'received-from': [b'IP4', b'10.13.20.14'], b'from-tag': b'cec50da3-e024-4915-bb7a-cd5822c23b09', b'command': b'offer'}
Anthony
I think I understand the issue: previously rtpengine module will pass-thru the command DTLS=off.
In 5.1.2 we have, diff from 5.1.1 to 5.1.2:
+ else if (str_eq(&key, "DTLS")) + ng_flags->transport |= 0x104;
now 5.1.2 no longer pass-thru DTLS=off, so rtpengine has different behaviour.
DTLS=off is treated as UDP/TLS/RTP/SAVP.
This could be considered a regression as rtpengine uses the DTLS key for its own purposes.
Thanks Anthony
It is the same on master branch -- I decided to do the backport after PR 1460:
* https://github.com/kamailio/kamailio/pull/1460
Open an issue on Kamailio's github tracker so it can be analyzed by the developer of rtpengine and come up with the best solution here.
Thanks for all the troubleshooting!
Cheers, Daniel
On 02.03.18 11:27, Anthony Alba wrote:
I think I understand the issue: previously rtpengine module will pass-thru the command DTLS=off.
In 5.1.2 we have, diff from 5.1.1 to 5.1.2:
else if (str_eq(&key, "DTLS"))ng_flags->transport |= 0x104;now 5.1.2 no longer pass-thru DTLS=off, so rtpengine has different behaviour.
DTLS=off is treated as UDP/TLS/RTP/SAVP.
This could be considered a regression as rtpengine uses the DTLS key for its own purposes.
Thanks Anthony
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-
Anthony Alba -
Daniel-Constantin Mierla