I haven't checked the code for a definitive answer, but, iirc, tcp can
indeed have some limitations in accepting anything.
This is because TCP is a stream protocol, so the reading function needs
to know when to split the traffic in messages. With SIP is done via a
lightweight parser that searches as it reads for Content-Length. Then
once it encounters double \r\n it assumes the end if headers and expects
to read the body of the size specified by CL value.
For http, it relies either on CL or, if core parameter
tcp_accept_no_cl=yes, can handle as well chunked body which carries the
size with each chunk, last one being of size 0 (iirc). The tcp reader
can handle also MSRP or STUN messages.
But a random sequence of bytes may be rejected, as it cannot decide what
is the marker for end of a message.
The variants I could see now:
1) encapsulate the message as body of http (or sip with random values
for caller, callee, etc.. -- they are going to be discarded anyhow, but
perhaps they will get blocked by provider, if that was the concern, http
being safer from this point of view)
2) try with custom message format that has only the header
Content-Length: NUMBER followed by \r\n\r\n and the encrypted message as
body
3) think of a simple generic framing format (e.g., netstring) to send
over TCP the encrypted messages and patch the C code in Kamailio
tcp_read.c to get the message out of the frame
Cheers,
Daniel
On 20/09/14 19:12, Muhammad Shahzad wrote:
There is something wrong with your encryption setup, the event_route
[network:msg] gets raw messages that was either just received from the
network interface or the final message that is about to be sent over
network socket. The SIP parsing is done AFTER message has been
processed by this route. So, if SIP parsing fails then it means the
message was not correctly decrypted in event_route [network:msg].
Thank you.
On Sat, Sep 20, 2014 at 3:25 PM, Rahul MathuR
<[email protected] <mailto:[email protected]>> wrote:
Hello Gents,
Thanks for guiding me in the correct direction.
However, it so came out that when encrypted packets come to
kamailio over transport 'TCP' then it gets rejected from
tcp_read.c even before coming to corex module.
I guess, maybe it is getting rejected due to header parsing failure.
Any pointers here would be very helpful !!
Thanks one again..
On Wed, Sep 17, 2014 at 12:44 PM, Daniel-Constantin Mierla
<[email protected] <mailto:[email protected]>> wrote:
Hello,
the corex has a function to tell if the message is received by
kamailio or sent out:
-
http://kamailio.org/docs/modules/devel/modules/corex.html#idp29928
If you interconnect with other servers/gateways when you don't
what to do special encoding, then you need to test src ip or
look ar r-uri/dst uri.
Cheers,
Daniel
On 17/09/14 04:24, Rahul MathuR wrote:
Hi,
Did you get some free cycles to look at it ?
On Wed, Sep 17, 2014 at 12:12 AM, Rahul MathuR
<[email protected] <mailto:[email protected]>>
wrote:
Thanks for replying !
But how to check whether a particular message received by
Kamailio was sent by UAC or SIP Server ?
Also, on the same lines - how to know whether a
particular message about to be send from Kamailio is
bound to UAC or SIP Server ?
On Tue, Sep 16, 2014 at 10:51 PM, Muhammad Shahzad
<[email protected] <mailto:[email protected]>> wrote:
Hi,
The network io intercept feature basically allows
kamailio script writer to do whatever s/he may want
to do with raw SIP packets (that are just received by
kamailio or about to be sent out by kamailio), e.g.
encryption, compression or any final touches to sip
message before it is processed by kamailio core. That
is why it is purposely kept abstract and any
particular use or implementation is left to the
script writer.
In your case the encryption / decryption code is in
C/C++, you can try one of the followings,
1. Writeup a C/C++ program that receives outgoing SIP
message as text (and some other parameters, e.g.
encryption key) in input arguments and returns the
encrypted message in event_route [ network:msg ] and
vice versa (for incoming messages). You can call this
program directly from kamailio.cfg script.
2. Writeup e.g. a PERL wrapper for your encryption /
decryption C/C++ code and call it using kamailio
app_perl module within event_route [ network:msg ] as
demonstrated in this example,
http://kamailio.org/docs/modules/devel/modules/corex.html#idp125704
You can also use any other kamailio language bind of
you choice as well, e.g. Python, LUA, JAVA and so on.
I would recommend the second option, as it has less
processing overhead for kamailio.
Thank you.
On Tue, Sep 16, 2014 at 6:09 PM, Rahul MathuR
<[email protected]
<mailto:[email protected]>> wrote:
Hello,
I was going through the new features and stumbled
upon this new one - developed by Mohd. Shahzad Shafi.
As already mentioned on the wiki about this
module, I intend to use it for my custom security
layer between UACs and SIP Proxy (Kamailio) but
the issue is - the custom security layer
(encryption/decryption code) is written in C and
should precisely be applied for the messages
between UAC and Proxy.
Is there a way I can achieve this using Corex
module since it does intercept the network I/O
messages ?
Any help here would be really appreciated.
--
Warm Regds.
MathuRahul
_______________________________________________
sr-dev mailing list
[email protected]
<mailto:[email protected]>
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
_______________________________________________
sr-dev mailing list
[email protected]
<mailto:[email protected]>
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
--
Warm Regds.
MathuRahul
--
Warm Regds.
MathuRahul
_______________________________________________
sr-dev mailing list
[email protected] <mailto:[email protected]>
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda <http://twitter.com/#%21/miconda>
-http://www.linkedin.com/in/miconda
Next Kamailio Advanced Trainings 2014 -http://www.asipto.com
Sep 22-25, Berlin, Germany
_______________________________________________
sr-dev mailing list
[email protected] <mailto:[email protected]>
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
--
Warm Regds.
MathuRahul
_______________________________________________
sr-dev mailing list
[email protected] <mailto:[email protected]>
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Next Kamailio Advanced Trainings 2014 - http://www.asipto.com
Sep 22-25, Berlin, Germany
_______________________________________________
sr-dev mailing list
[email protected]
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
