Is anybody aware of any SIP ALG developed or being developed for linux/freebsd?
Jaime
PS: If nobody is looking at the FCP client side for SER, I would like to contribute in my spare time. Please let me know where should I start and may be I could give it a try.
Jiri Kuthan jiri@iptel.org on 08/01/2003 21:39:20
To: Jaime GILL/EN/HTLUK@HTLUK serusers@lists.iptel.org cc:
Subject: Re: [Serusers] FCP support in SER
This piece of work is stalling for some reasons.
First, the gentlemen who was supposed to integrate an FCP client silently stepped away from this assignment. FCP server on linux is working.
The other problem with FCP is there are no real standards. I was expecting the Midcom WG in the IETF to come up with one. Instead, it spent two years with doing things whose use I very strongly doubt.
If there is any volunteer on this mailing list who would wish to complete or create the FCP client module, we will be glad to provide guidance.
Users willing to traverse NATs may consider STUN/UPnP or ALGs as an alternative solution. Users willing to traverse firewalls may need to use an ALG or VPN technology. Unfortunately, NAT/FWs break too many things and there is no one-size-fits-it-all solution addressing all scenarios.
-Jiri
At 06:14 PM 1/8/2003, jaime.gill@orange.co.uk wrote:
Hi,
I am wondering if this is the right place to ask, but here it goes.
Is the SER software going to incorporate the client side of FCP (Firewall Control Protcol) as a module at some point?
Regards,
Jaime
Important. Confidentiality: This communication is intended for the above-named person and may be confidential and/or legally privileged. Any opinions expressed in this communication are not necessarily those of the company. If it has come to you in error you must take no action based on it, nor must you copy or show it to anyone; please delete/destroy and inform the sender immediately.
Monitoring/Viruses Orange may monitor all incoming and outgoing emails in line with current legislation. Although we have taken steps to ensure that this email and attachments are free from any virus, we advise that in keeping with good computing practice the recipient should ensure they are actually virus free.
Orange PCS Limited is a subsidiary of Orange SA and is registered in England No 2178917, with its address at St James Court, Great Park Road, Almondsbury Park, Bradley Stoke, Bristol BS32 4QJ.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Jiri Kuthan http://iptel.org/~jiri/
_______________________________________________ Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
******************************************************************************* Important. Confidentiality: This communication is intended for the above-named person and may be confidential and/or legally privileged. Any opinions expressed in this communication are not necessarily those of the company. If it has come to you in error you must take no action based on it, nor must you copy or show it to anyone; please delete/destroy and inform the sender immediately.
Monitoring/Viruses Orange may monitor all incoming and outgoing emails in line with current legislation. Although we have taken steps to ensure that this email and attachments are free from any virus, we advise that in keeping with good computing practice the recipient should ensure they are actually virus free.
Orange PCS Limited is a subsidiary of Orange SA and is registered in England No 2178917, with its address at St James Court, Great Park Road, Almondsbury Park, Bradley Stoke, Bristol BS32 4QJ. *******************************************************************************
Hello Jaime,
check http://developer.berlios.de/project/?group_id=102 This is a FCP daemon for linux 2.4.x
Also check http://pizza4free.de There you can find description of FCP protocol understood by the FCP daemon.
What is needed is a module for ser that will be able to communicate with the FCP daemon.
Also look at http://iptel.org/~jiri/fcp - you can find some additional info there.
My colleague has already developed some parts of the module for ser but it doesn't work yet. I will review the code and send it to you if it is usable so you will have some inspiration at least.
Nils (one of the authors of the FCP daemon) is subscribed to this mailing list too so he might provide you with more information regarding the FCP daemon.
Jan.
On 09-01 15:02, jaime.gill@orange.co.uk wrote:
Is anybody aware of any SIP ALG developed or being developed for linux/freebsd?
Jaime
PS: If nobody is looking at the FCP client side for SER, I would like to contribute in my spare time. Please let me know where should I start and may be I could give it a try.
Jiri Kuthan jiri@iptel.org on 08/01/2003 21:39:20
To: Jaime GILL/EN/HTLUK@HTLUK serusers@lists.iptel.org cc:
Subject: Re: [Serusers] FCP support in SER
This piece of work is stalling for some reasons.
First, the gentlemen who was supposed to integrate an FCP client silently stepped away from this assignment. FCP server on linux is working.
The other problem with FCP is there are no real standards. I was expecting the Midcom WG in the IETF to come up with one. Instead, it spent two years with doing things whose use I very strongly doubt.
If there is any volunteer on this mailing list who would wish to complete or create the FCP client module, we will be glad to provide guidance.
Users willing to traverse NATs may consider STUN/UPnP or ALGs as an alternative solution. Users willing to traverse firewalls may need to use an ALG or VPN technology. Unfortunately, NAT/FWs break too many things and there is no one-size-fits-it-all solution addressing all scenarios.
-Jiri
At 06:14 PM 1/8/2003, jaime.gill@orange.co.uk wrote:
Hi,
I am wondering if this is the right place to ask, but here it goes.
Is the SER software going to incorporate the client side of FCP (Firewall Control Protcol) as a module at some point?
Regards,
Jaime
Important. Confidentiality: This communication is intended for the above-named person and may be confidential and/or legally privileged. Any opinions expressed in this communication are not necessarily those of the company. If it has come to you in error you must take no action based on it, nor must you copy or show it to anyone; please delete/destroy and inform the sender immediately.
Monitoring/Viruses Orange may monitor all incoming and outgoing emails in line with current legislation. Although we have taken steps to ensure that this email and attachments are free from any virus, we advise that in keeping with good computing practice the recipient should ensure they are actually virus free.
Orange PCS Limited is a subsidiary of Orange SA and is registered in England No 2178917, with its address at St James Court, Great Park Road, Almondsbury Park, Bradley Stoke, Bristol BS32 4QJ.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Jiri Kuthan http://iptel.org/~jiri/
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Important. Confidentiality: This communication is intended for the above-named person and may be confidential and/or legally privileged. Any opinions expressed in this communication are not necessarily those of the company. If it has come to you in error you must take no action based on it, nor must you copy or show it to anyone; please delete/destroy and inform the sender immediately.
Monitoring/Viruses Orange may monitor all incoming and outgoing emails in line with current legislation. Although we have taken steps to ensure that this email and attachments are free from any virus, we advise that in keeping with good computing practice the recipient should ensure they are actually virus free.
Orange PCS Limited is a subsidiary of Orange SA and is registered in England No 2178917, with its address at St James Court, Great Park Road, Almondsbury Park, Bradley Stoke, Bristol BS32 4QJ.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hello Jaime,
On Thursday 09 January 2003 16:32, Jan Janak wrote:
Hello Jaime,
check http://developer.berlios.de/project/?group_id=102 This is a FCP daemon for linux 2.4.x
The "official" site is http://fcpd.berlios.de. It contains links to latest versions of our FCP protocol with some examples. Sadly their is not much more information available.
Also check http://pizza4free.de There you can find description of FCP protocol understood by the FCP daemon.
What is needed is a module for ser that will be able to communicate with the FCP daemon.
The communication with the FCP deamon should not be hard thing, because the protocol is quite simple. From my point of view the hardest part is to intercept SIP messages before they are forwarded, until you have received the confirmation of the FCP deamon that it will open a hole in the firewall, or reserved a port on the NAT box for media.
Also look at http://iptel.org/~jiri/fcp - you can find some additional info there.
My colleague has already developed some parts of the module for ser but it doesn't work yet. I will review the code and send it to you if it is usable so you will have some inspiration at least.
Nils (one of the authors of the FCP daemon) is subscribed to this mailing list too so he might provide you with more information regarding the FCP daemon.
For questions about where and how to intercept and change the messages in the transaction management of SER Jiri is your man. I'll be glad to answer questions about the FCP deamon, or fix bugs (their are probably a lot).
Nils
Jan.
On 09-01 15:02, jaime.gill@orange.co.uk wrote:
Is anybody aware of any SIP ALG developed or being developed for linux/freebsd?
Jaime
PS: If nobody is looking at the FCP client side for SER, I would like to contribute in my spare time. Please let me know where should I start and may be I could give it a try.
Jiri Kuthan jiri@iptel.org on 08/01/2003 21:39:20
To: Jaime GILL/EN/HTLUK@HTLUK serusers@lists.iptel.org cc:
Subject: Re: [Serusers] FCP support in SER
This piece of work is stalling for some reasons.
First, the gentlemen who was supposed to integrate an FCP client silently stepped away from this assignment. FCP server on linux is working.
The other problem with FCP is there are no real standards. I was expecting the Midcom WG in the IETF to come up with one. Instead, it spent two years with doing things whose use I very strongly doubt.
If there is any volunteer on this mailing list who would wish to complete or create the FCP client module, we will be glad to provide guidance.
Users willing to traverse NATs may consider STUN/UPnP or ALGs as an alternative solution. Users willing to traverse firewalls may need to use an ALG or VPN technology. Unfortunately, NAT/FWs break too many things and there is no one-size-fits-it-all solution addressing all scenarios.
-Jiri
At 06:14 PM 1/8/2003, jaime.gill@orange.co.uk wrote:
Hi,
I am wondering if this is the right place to ask, but here it goes.
Is the SER software going to incorporate the client side of FCP (Firewall Control Protcol) as a module at some point?
Regards,
Jaime
******* Important. Confidentiality: This communication is intended for the above-named person and may be confidential and/or legally privileged. Any opinions expressed in this communication are not necessarily those of the company. If it has come to you in error you must take no action based on it, nor must you copy or show it to anyone; please delete/destroy and inform the sender immediately.
Monitoring/Viruses Orange may monitor all incoming and outgoing emails in line with current legislation. Although we have taken steps to ensure that this email and attachments are free from any virus, we advise that in keeping with good computing practice the recipient should ensure they are actually virus free.
Orange PCS Limited is a subsidiary of Orange SA and is registered in England No 2178917, with its address at St James Court, Great Park Road, Almondsbury Park, Bradley Stoke, Bristol BS32 4QJ.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Jiri Kuthan http://iptel.org/~jiri/
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
****** Important. Confidentiality: This communication is intended for the above-named person and may be confidential and/or legally privileged. Any opinions expressed in this communication are not necessarily those of the company. If it has come to you in error you must take no action based on it, nor must you copy or show it to anyone; please delete/destroy and inform the sender immediately.
Monitoring/Viruses Orange may monitor all incoming and outgoing emails in line with current legislation. Although we have taken steps to ensure that this email and attachments are free from any virus, we advise that in keeping with good computing practice the recipient should ensure they are actually virus free.
Orange PCS Limited is a subsidiary of Orange SA and is registered in England No 2178917, with its address at St James Court, Great Park Road, Almondsbury Park, Bradley Stoke, Bristol BS32 4QJ.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
- -- gpg-key: http://www.ohlmeier.org/public_key.asc
At 10:16 PM 1/9/2003, Nils Ohlmeier wrote:
For questions about where and how to intercept and change the messages in the transaction management of SER Jiri is your man.
That's true unfortunately :-)
Let me start from the simplest case: firewalls. That is easier because you do not need to mangle SIP requests. In firewall scenarios, you just create a new module, link it with transaction module using callbacks (those that are triggered on transaction completion), and when callbacks occur, you open up or close pinholes.
Design issues: - for efficency reasons, it is beneficial to open persistent connections to the FCP server. Like in usrloc module each child process opens up an SQL connection, each ser child in fcp-client module would have to open up an FCP connection (they cannot share a single TCP connection). - there is a question of time validity of the rules. Clearly, keeping call state to be able to send rule keep-alives to fcpd is not very efficient. I think the right way is to use session-timer -- that makes UAs to send "SIP keep-alives" which are then translated into FCP keep-alives by ser. Call state is kept only in end-devices and propagated through proxy to firewall. It however assumes session-timer support. Quite some phones do it today, quite few get it right. Well -- perhaps we can afford throwing users of phones with missing or broken session-timer support over board? - early media -- if media is sent before INVITE completes, the FCP modules should bind itself to some other callbacks too and watch for early-media situations - media sources -- with SIP, noone really knows from where media comes. The rules thus look should permit any sender for a give destination. If one wished to have a more restrictive policy, one could use heurisitcs, and assume that other party's IP address in Contact is from where media will be coming.
NATs are even worse -- digest firewalls first :-)
-Jiri
At 04:02 PM 1/9/2003, jaime.gill@orange.co.uk wrote:
Is anybody aware of any SIP ALG developed or being developed for linux/freebsd?
There used to be one by Billy Bigs, but it is no longer maintained and it probably reflects an ancient SIP status. see http://www.iptel.org/info/products/index.php?category=firewall&name=Fire...
-Jiri
-
jaime.gill@orange.co.uk -
Jan Janak -
Jiri Kuthan -
Nils Ohlmeier