Sorry, please ignore. Replied to the wrong post.
On Wed, Aug 7, 2013 at 9:54 AM, mayamatakeshi <[email protected]>wrote: > Hello Vlad, > I tested and confirmed it is OK now. > Thanks. > > Regards, > Takeshi > > > > On Wed, Aug 7, 2013 at 4:52 AM, Vlad Paiu <[email protected]> wrote: > >> Hello, >> >> What are you thinking about more exactly here in terms of security ? >> >> The OpenSIPS worker processes that listen for BIN replicated packages do >> not perform any IP authentication by themselves, so if you leave those UDP >> ports open from the outside, you are leaving yourself exposed to outside >> attackers coming in and either deleting some of the existing dialogs ( by >> sending you some binary packages that destroy an ongoing dialog ) or >> filling up your shared memory ( by sending you 'new dialog' binary packages >> ). >> >> Currently, it's left to the OpenSIPS administrator to properly configure >> the firewall so that the binary interface listeners ( the ones specified by >> bin_listen=127.0.0.1:9999 ) are only open for the other OpenSIPS >> instance IPs. >> >> Best Regards, >> >> Vlad Paiu >> OpenSIPS Developer >> http://www.opensips-solutions.**com <http://www.opensips-solutions.com> >> >> >> On 08/01/2013 07:58 PM, Nick Khamis wrote: >> >>> What needs to be considered in terms of security? >>> >>> Nick. >>> >>> On 7/31/13, Bogdan-Andrei Iancu <[email protected]> wrote: >>> >>>> Hi Ryan, >>>> >>>> This has nothing to do with dialog pining or accounting - the new >>>> interface allows OpenSIPS to replicate the dialog state to another >>>> OpenSIPS instance. If I misunderstood you, please rephrase :) >>>> >>>> Regards, >>>> >>>> Bogdan-Andrei Iancu >>>> OpenSIPS Founder and Developer >>>> http://www.opensips-solutions.**com <http://www.opensips-solutions.com> >>>> >>>> >>>> On 07/29/2013 08:20 PM, Ryan Bullock wrote: >>>> >>>>> This is pretty exciting! >>>>> >>>>> What are the plans for how this will work with features such as dialog >>>>> pinging and accounting? >>>>> >>>>> Regards, >>>>> >>>>> Ryan >>>>> >>>>> >>>>> On Mon, Jul 29, 2013 at 9:46 AM, Bogdan-Andrei Iancu >>>>> <[email protected] <mailto:[email protected]>> wrote: >>>>> >>>>> In long term we plan to use the BIN interface to replicate even >>>>> more internal data between multiple OpenSIPS instances, like doing >>>>> registration replication (instead of doing it from script via >>>>> SIP). Theoretically it may be used for replicating even >>>>> transaction state between 2 OpenSIPS instances - imagine having a >>>>> call ringing on instance A and being accepted on instance B (after >>>>> a failover) - 0% losses ! >>>>> >>>>> Aside realtime data replication, the BIN interface is to be used >>>>> also for exchanging any other type of information between OpenSIPS >>>>> instances, like federating multiple instances. >>>>> >>>>> The main advantages of the BIN interface over the MI interface : >>>>> - BIN is binary encoded so much faster (as performance) >>>>> - BIN interface has both sender and receiver in OpenSIPS (MI >>>>> has only the receiver) >>>>> - MI is for external usage, while BIN is internal >>>>> (opensips2opensips) >>>>> >>>>> Regards, >>>>> >>>>> Bogdan-Andrei Iancu >>>>> OpenSIPS Founder and Developer >>>>> >>>>> http://www.opensips-solutions.**com<http://www.opensips-solutions.com> >>>>> >>>>> >>>>> On 07/29/2013 06:22 PM, Liviu Chircu wrote: >>>>> >>>>>> Hello all, >>>>>> >>>>>> OpenSIPS just got better with a /new core interface/ and a /new >>>>>> failover mechanism/! >>>>>> >>>>>> The purpose of the new *Binary Internal Interface *is to offer a >>>>>> fast and efficient communication channel between OpenSIPS >>>>>> instances. OpenSIPS modules can now use this core interface to >>>>>> send/receive packets with specific information. A common usage >>>>>> case for this feature would be data replication between a primary >>>>>> instance and a backup one. >>>>>> >>>>>> This is especially useful in scenarios with OpenSIPS instances >>>>>> which handle large amounts of concurrent calls, so that failover >>>>>> through a database backend is not feasible anymore due to the >>>>>> significant time required in order to load the needed tables. >>>>>> >>>>>> As an example of using the interface, the dialog module now >>>>>> offers the possibility of *replicating dialogs* to another >>>>>> instance. The script writer may now configure a set of proxies >>>>>> which will receive dialog-related events: /creation/, >>>>>> /confirmation/ and /deletion/, all in /realtime/. These messages >>>>>> are compact and they are sent over UDP. The dialog module now >>>>>> also exports several new statistics which show the total >>>>>> sent/received replication packets. >>>>>> >>>>>> Configuring UDP listeners for the new interface is trivial and >>>>>> explained in the OpenSIPS manuals [1]. >>>>>> >>>>>> [1]: >>>>>> http://www.opensips.org/**Documentation/Interface-Binary<http://www.opensips.org/Documentation/Interface-Binary> >>>>>> >>>>>> Best regards, >>>>>> -- >>>>>> Liviu Chircu >>>>>> OpenSIPS Developer >>>>>> >>>>>> http://www.opensips-solutions.**com<http://www.opensips-solutions.com> >>>>>> >>>>>> >>>>>> >>>>>> ______________________________**_________________ >>>>>> Users mailing list >>>>>> [email protected] >>>>>> <mailto:[email protected].**org<[email protected]> >>>>>> > >>>>>> >>>>>> http://lists.opensips.org/cgi-**bin/mailman/listinfo/users<http://lists.opensips.org/cgi-bin/mailman/listinfo/users> >>>>>> >>>>> ______________________________**_________________ >>>>> Devel mailing list >>>>> [email protected] >>>>> <mailto:[email protected].**org<[email protected]> >>>>> > >>>>> >>>>> http://lists.opensips.org/cgi-**bin/mailman/listinfo/devel<http://lists.opensips.org/cgi-bin/mailman/listinfo/devel> >>>>> >>>>> >>>>> >>>>> ______________________________**_________________ >>>>> Devel mailing list >>>>> [email protected] >>>>> http://lists.opensips.org/cgi-**bin/mailman/listinfo/devel<http://lists.opensips.org/cgi-bin/mailman/listinfo/devel> >>>>> >>>> ______________________________**_________________ >>> Users mailing list >>> [email protected] >>> http://lists.opensips.org/cgi-**bin/mailman/listinfo/users<http://lists.opensips.org/cgi-bin/mailman/listinfo/users> >>> >> >> >> ______________________________**_________________ >> Users mailing list >> [email protected] >> http://lists.opensips.org/cgi-**bin/mailman/listinfo/users<http://lists.opensips.org/cgi-bin/mailman/listinfo/users> >> > >
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
