9 Jan
2003
9 Jan
'03
5:02 p.m.
Is anybody aware of any SIP ALG developed or being developed for linux/freebsd?
Jaime
PS: If nobody is looking at the FCP client side for SER, I would like to
contribute in my spare time. Please let me know where should I start and may be
I could give it a try.
Jiri Kuthan <jiri(a)iptel.org> on 08/01/2003 21:39:20
To: Jaime GILL/EN/HTLUK@HTLUK
serusers(a)lists.iptel.org
cc:
Subject: Re: [Serusers] FCP support in SER
This piece of work is stalling for some reasons.
First, the gentlemen who was supposed to integrate an FCP
client silently stepped away from this assignment. FCP
server on linux is working.
The other problem with FCP is there are no real standards.
I was expecting the Midcom WG in the IETF to come up with one.
Instead, it spent two years with doing things whose use
I very strongly doubt.
If there is any volunteer on this mailing list who would
wish to complete or create the FCP client module, we will be
glad to provide guidance.
Users willing to traverse NATs may consider STUN/UPnP or ALGs
as an alternative solution. Users willing to traverse firewalls
may need to use an ALG or VPN technology. Unfortunately, NAT/FWs
break too many things and there is no one-size-fits-it-all
solution addressing all scenarios.
-Jiri
At 06:14 PM 1/8/2003, jaime.gill(a)orange.co.uk wrote:
Hi,
I am wondering if this is the right place to ask, but here it goes.
Is the SER software going to incorporate the client side of FCP (Firewall
Control Protcol) as a module at some point?
Regards,
Jaime
*******************************************************************************
Important.
Confidentiality: This communication is intended for the above-named person and
may be confidential and/or legally privileged. Any opinions expressed in this
communication are not necessarily those of the company. If it has come to you
in error you must take no action based on it, nor must you copy or show it to
anyone; please delete/destroy and inform the sender immediately.
Monitoring/Viruses
Orange may monitor all incoming and outgoing emails in line with current
legislation. Although we have taken steps to ensure that this email and
attachments are free from any virus, we advise that in keeping with good
computing practice the recipient should ensure they are actually virus free.
Orange PCS Limited is a subsidiary of Orange SA and is registered in England No
2178917, with its address at St James Court, Great Park Road, Almondsbury Park,
Bradley Stoke, Bristol BS32 4QJ.
*******************************************************************************
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
--
Jiri Kuthan http://iptel.org/~jiri/
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
*******************************************************************************
Important.
Confidentiality: This communication is intended for the above-named person and
may be confidential and/or legally privileged. Any opinions expressed in this
communication are not necessarily those of the company. If it has come to you
in error you must take no action based on it, nor must you copy or show it to
anyone; please delete/destroy and inform the sender immediately.
Monitoring/Viruses
Orange may monitor all incoming and outgoing emails in line with current
legislation. Although we have taken steps to ensure that this email and
attachments are free from any virus, we advise that in keeping with good
computing practice the recipient should ensure they are actually virus free.
Orange PCS Limited is a subsidiary of Orange SA and is registered in England No
2178917, with its address at St James Court, Great Park Road, Almondsbury Park,
Bradley Stoke, Bristol BS32 4QJ.
*******************************************************************************
9 Jan
9 Jan
5:32 p.m.
New subject: [Serusers] FCP support in SER
Hello Jaime,
check http://developer.berlios.de/project/?group_id=102
This is a FCP daemon for linux 2.4.x
Also check http://pizza4free.de There you can find description of FCP
protocol understood by the FCP daemon.
What is needed is a module for ser that will be able to communicate with the
FCP daemon.
Also look at http://iptel.org/~jiri/fcp - you can find some additional info
there.
My colleague has already developed some parts of the module for ser but it
doesn't work yet. I will review the code and send it to you if it is usable
so you will have some inspiration at least.
Nils (one of the authors of the FCP daemon) is subscribed to this mailing list
too so he might provide you with more information regarding the FCP daemon.
Jan.
On 09-01 15:02, jaime.gill(a)orange.co.uk wrote:
Is anybody aware of any SIP ALG developed or being developed for linux/freebsd?
Jaime
PS: If nobody is looking at the FCP client side for SER, I would like to
contribute in my spare time. Please let me know where should I start and may be
I could give it a try.
Jiri Kuthan <jiri(a)iptel.org> on 08/01/2003 21:39:20
To: Jaime GILL/EN/HTLUK@HTLUK
serusers(a)lists.iptel.org
cc:
Subject: Re: [Serusers] FCP support in SER
This piece of work is stalling for some reasons.
First, the gentlemen who was supposed to integrate an FCP
client silently stepped away from this assignment. FCP
server on linux is working.
The other problem with FCP is there are no real standards.
I was expecting the Midcom WG in the IETF to come up with one.
Instead, it spent two years with doing things whose use
I very strongly doubt.
If there is any volunteer on this mailing list who would
wish to complete or create the FCP client module, we will be
glad to provide guidance.
Users willing to traverse NATs may consider STUN/UPnP or ALGs
as an alternative solution. Users willing to traverse firewalls
may need to use an ALG or VPN technology. Unfortunately, NAT/FWs
break too many things and there is no one-size-fits-it-all
solution addressing all scenarios.
-Jiri
At 06:14 PM 1/8/2003, jaime.gill(a)orange.co.uk wrote:
Hi,
I am wondering if this is the right place to ask, but here it goes.
Is the SER software going to incorporate the client side of FCP (Firewall
Control Protcol) as a module at some point?
Regards,
Jaime
*******************************************************************************
Important.
Confidentiality: This communication is intended for the above-named person and
may be confidential and/or legally privileged. Any opinions expressed in this
communication are not necessarily those of the company. If it has come to you
in error you must take no action based on it, nor must you copy or show it to
anyone; please delete/destroy and inform the sender immediately.
Monitoring/Viruses
Orange may monitor all incoming and outgoing emails in line with current
legislation. Although we have taken steps to ensure that this email and
attachments are free from any virus, we advise that in keeping with good
computing practice the recipient should ensure they are actually virus free.
Orange PCS Limited is a subsidiary of Orange SA and is registered in England No
2178917, with its address at St James Court, Great Park Road, Almondsbury Park,
Bradley Stoke, Bristol BS32 4QJ.
*******************************************************************************
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
--
Jiri Kuthan http://iptel.org/~jiri/
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
*******************************************************************************
Important.
Confidentiality: This communication is intended for the above-named person and
may be confidential and/or legally privileged. Any opinions expressed in this
communication are not necessarily those of the company. If it has come to you
in error you must take no action based on it, nor must you copy or show it to
anyone; please delete/destroy and inform the sender immediately.
Monitoring/Viruses
Orange may monitor all incoming and outgoing emails in line with current
legislation. Although we have taken steps to ensure that this email and
attachments are free from any virus, we advise that in keeping with good
computing practice the recipient should ensure they are actually virus free.
Orange PCS Limited is a subsidiary of Orange SA and is registered in England No
2178917, with its address at St James Court, Great Park Road, Almondsbury Park,
Bradley Stoke, Bristol BS32 4QJ.
*******************************************************************************
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
11:16 p.m.
New subject: [Serusers] FCP support in SER
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello Jaime,
On Thursday 09 January 2003 16:32, Jan Janak wrote:
Hello Jaime,
check http://developer.berlios.de/project/?group_id=102
This is a FCP daemon for linux 2.4.x
The "official" site is http://fcpd.berlios.de. It contains links to latest
versions of our FCP protocol with some examples. Sadly their is not much more
information available.
Also check http://pizza4free.de There you can find
description of FCP
protocol understood by the FCP daemon.
What is needed is a module for ser that will be able to communicate with
the FCP daemon.
The communication with the FCP deamon should not be hard thing, because the
protocol is quite simple. From my point of view the hardest part is to
intercept SIP messages before they are forwarded, until you have received the
confirmation of the FCP deamon that it will open a hole in the firewall, or
reserved a port on the NAT box for media.
Also look at http://iptel.org/~jiri/fcp - you can find
some additional info
there.
My colleague has already developed some parts of the module for ser but it
doesn't work yet. I will review the code and send it to you if it is usable
so you will have some inspiration at least.
Nils (one of the authors of the FCP daemon) is subscribed to this mailing
list too so he might provide you with more information regarding the FCP
daemon.
For questions about where and how to intercept and change the messages in the
transaction management of SER Jiri is your man. I'll be glad to answer
questions about the FCP deamon, or fix bugs (their are probably a lot).
Nils
Jan.
On 09-01 15:02, jaime.gill(a)orange.co.uk wrote:
> Is anybody aware of any SIP ALG developed or being developed for
> linux/freebsd?
>
> Jaime
>
> PS: If nobody is looking at the FCP client side for SER, I would like to
> contribute in my spare time. Please let me know where should I start and
> may be I could give it a try.
>
>
>
>
>
> Jiri Kuthan <jiri(a)iptel.org> on 08/01/2003 21:39:20
>
>
>
>
> To: Jaime GILL/EN/HTLUK@HTLUK
> serusers(a)lists.iptel.org
> cc:
>
>
> Subject: Re: [Serusers] FCP support in SER
>
>
>
> This piece of work is stalling for some reasons.
>
> First, the gentlemen who was supposed to integrate an FCP
> client silently stepped away from this assignment. FCP
> server on linux is working.
>
> The other problem with FCP is there are no real standards.
> I was expecting the Midcom WG in the IETF to come up with one.
> Instead, it spent two years with doing things whose use
> I very strongly doubt.
>
> If there is any volunteer on this mailing list who would
> wish to complete or create the FCP client module, we will be
> glad to provide guidance.
>
> Users willing to traverse NATs may consider STUN/UPnP or ALGs
> as an alternative solution. Users willing to traverse firewalls
> may need to use an ALG or VPN technology. Unfortunately, NAT/FWs
> break too many things and there is no one-size-fits-it-all
> solution addressing all scenarios.
>
> -Jiri
>
> At 06:14 PM 1/8/2003, jaime.gill(a)orange.co.uk wrote:
> >Hi,
> >
> >I am wondering if this is the right place to ask, but here it goes.
> >
> >Is the SER software going to incorporate the client side of FCP
> > (Firewall Control Protcol) as a module at some point?
> >
> >Regards,
> >
> >Jaime
> >
> >
> >
> >************************************************************************
> >******* Important.
> >Confidentiality: This communication is intended for the above-named
> > person and may be confidential and/or legally privileged. Any opinions
> > expressed in this communication are not necessarily those of the
> > company. If it has come to you in error you must take no action based
> > on it, nor must you copy or show it to anyone; please delete/destroy
> > and inform the sender immediately.
> >
> >Monitoring/Viruses
> >Orange may monitor all incoming and outgoing emails in line with current
> >legislation. Although we have taken steps to ensure that this email and
> >attachments are free from any virus, we advise that in keeping with good
> >computing practice the recipient should ensure they are actually virus
> > free.
> >
> >Orange PCS Limited is a subsidiary of Orange SA and is registered in
> > England No 2178917, with its address at St James Court, Great Park
> > Road, Almondsbury Park, Bradley Stoke, Bristol BS32 4QJ.
> >************************************************************************
> >*******
> >
> >_______________________________________________
> >Serusers mailing list
> >serusers(a)lists.iptel.org
> >http://lists.iptel.org/mailman/listinfo/serusers
>
> --
> Jiri Kuthan http://iptel.org/~jiri/
>
> _______________________________________________
> Serusers mailing list
> serusers(a)lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
>
>
>
> *************************************************************************
>****** Important.
> Confidentiality: This communication is intended for the above-named
> person and may be confidential and/or legally privileged. Any opinions
> expressed in this communication are not necessarily those of the company.
> If it has come to you in error you must take no action based on it, nor
> must you copy or show it to anyone; please delete/destroy and inform the
> sender immediately.
>
> Monitoring/Viruses
> Orange may monitor all incoming and outgoing emails in line with current
> legislation. Although we have taken steps to ensure that this email and
> attachments are free from any virus, we advise that in keeping with good
> computing practice the recipient should ensure they are actually virus
> free.
>
> Orange PCS Limited is a subsidiary of Orange SA and is registered in
> England No 2178917, with its address at St James Court, Great Park Road,
> Almondsbury Park, Bradley Stoke, Bristol BS32 4QJ.
> *************************************************************************
>******
>
> _______________________________________________
> Serusers mailing list
> serusers(a)lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
- --
gpg-key: http://www.ohlmeier.org/public_key.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+Heabx8PydbrWykARAvXRAKCVwKBEOndV69/8KtGSf8vNoXMnawCfc6md
qmQE+o5ZdaCXM06xHdXzwFc=
=4Ptq
-----END PGP SIGNATURE-----
10 Jan
10 Jan
12:50 a.m.
New subject: [Serusers] FCP support in SER
At 10:16 PM 1/9/2003, Nils Ohlmeier wrote:
For questions about where and how to intercept and
change the messages in the
transaction management of SER Jiri is your man.
That's true unfortunately :-)
Let me start from the simplest case: firewalls. That is easier because
you do not need to mangle SIP requests. In firewall scenarios, you just
create a new module, link it with transaction module using callbacks
(those that are triggered on transaction completion), and when callbacks
occur, you open up or close pinholes.
Design issues:
- for efficency reasons, it is beneficial to open persistent connections
to the FCP server. Like in usrloc module each child process opens up
an SQL connection, each ser child in fcp-client module would have to
open up an FCP connection (they cannot share a single TCP connection).
- there is a question of time validity of the rules. Clearly, keeping
call state to be able to send rule keep-alives to fcpd is not very
efficient. I think the right way is to use session-timer -- that makes
UAs to send "SIP keep-alives" which are then translated into FCP
keep-alives by ser. Call state is kept only in end-devices and propagated
through proxy to firewall. It however assumes session-timer support.
Quite some phones do it today, quite few get it right. Well -- perhaps
we can afford throwing users of phones with missing or broken session-timer
support over board?
- early media -- if media is sent before INVITE completes, the FCP modules
should bind itself to some other callbacks too and watch for early-media
situations
- media sources -- with SIP, noone really knows from where media comes.
The rules thus look should permit any sender for a give destination.
If one wished to have a more restrictive policy, one could use heurisitcs,
and assume that other party's IP address in Contact is from where media
will be coming.
NATs are even worse -- digest firewalls first :-)
-Jiri
12:55 a.m.
New subject: [Serusers] FCP support in SER
At 04:02 PM 1/9/2003, jaime.gill(a)orange.co.uk wrote:
Is anybody aware of any SIP ALG developed or being
developed for linux/freebsd?
There used to be one by Billy Bigs, but it is no longer maintained
and it probably reflects an ancient SIP status. see
http://www.iptel.org/info/products/index.php?category=firewall&name=Fir…
-Jiri
7988
days inactive
7988
days old
4 comments
4 participants
participants (4)
-
jaime.gill@orange.co.uk -
Jan Janak -
Jiri Kuthan -
Nils Ohlmeier