[Freeswitch-branches] [commit] r6638 - in freeswitch/branches/stkn/sofia-exp/trunk: . conf/sip_profiles src/mod/endpoints/mod_sofia

Freeswitch SVN stkn at freeswitch.org
Tue Dec 11 07:57:46 EST 2007


Author: stkn
Date: Tue Dec 11 07:57:45 2007
New Revision: 6638

Modified:
   freeswitch/branches/stkn/sofia-exp/trunk/Makefile.am
   freeswitch/branches/stkn/sofia-exp/trunk/conf/sip_profiles/default.xml
   freeswitch/branches/stkn/sofia-exp/trunk/src/mod/endpoints/mod_sofia/mod_sofia.h
   freeswitch/branches/stkn/sofia-exp/trunk/src/mod/endpoints/mod_sofia/sofia.c
   freeswitch/branches/stkn/sofia-exp/trunk/src/mod/endpoints/mod_sofia/sofia_glue.c

Log:
Basic TLS support, listening for TLS connections works, first few packets of outgoing connections are encrypted but the connection will drop back to non-tls tcp (probably a "sip:" vs "sips:" uri issue). Also includes SCTP support (needs more testing too).

Modified: freeswitch/branches/stkn/sofia-exp/trunk/Makefile.am
==============================================================================
--- freeswitch/branches/stkn/sofia-exp/trunk/Makefile.am	(original)
+++ freeswitch/branches/stkn/sofia-exp/trunk/Makefile.am	Tue Dec 11 07:57:45 2007
@@ -168,7 +168,7 @@
 
 install-data-local:
 	@echo Installing $(NAME)
-	@for x in conf conf/dialplan conf/directory conf/sip_profiles mod db log log/xml_cdr bin scripts htdocs grammar ; do \
+	@for x in conf conf/dialplan conf/directory conf/sip_profiles conf/ssl mod db log log/xml_cdr bin scripts htdocs grammar ; do \
 		$(mkinstalldirs) $(DESTDIR)$(prefix)/$$x ; \
 	 done
 	for conffile in `find conf -name \*.xml && find conf -name \*.conf && find conf -name \*.tpl && find conf -name mime.types` ; do \

Modified: freeswitch/branches/stkn/sofia-exp/trunk/conf/sip_profiles/default.xml
==============================================================================
--- freeswitch/branches/stkn/sofia-exp/trunk/conf/sip_profiles/default.xml	(original)
+++ freeswitch/branches/stkn/sofia-exp/trunk/conf/sip_profiles/default.xml	Tue Dec 11 07:57:45 2007
@@ -36,6 +36,15 @@
     <param name="inbound-codec-negotiation" value="generous"/>
     <!-- if you want to send any special bind params of your own -->
     <!--<param name="bind-params" value="transport=udp"/>-->
+
+    <!-- TLS: disabled by default, set to "true" to enable -->
+    <!--<param name="tls" value="false"/>-->
+    <!-- additional bind parameters for TLS -->
+    <!--<param name="tls-bind-params" value="transport=tcp"/>-->
+    <!-- Port to listen on for TLS requests, if unspecified sip-port+1 will be used -->
+    <!--<param name="tls-sip-port" value="5061"/>-->
+    <!-- Location of the agent.pem and cafile.pem ssl certificates (needed for TLS server) -->
+    <!--<param name="tls-cert-dir" value="/opt/freeswitch/conf/ssl"/>-->
     
     <!--If you don't want to pass through timestampes from 1 RTP call to another (on a per call basis with rtp_rewrite_timestamps chanvar)-->
     <!--<param name="rtp-rewrite-timestamps" value="true"/>-->

Modified: freeswitch/branches/stkn/sofia-exp/trunk/src/mod/endpoints/mod_sofia/mod_sofia.h
==============================================================================
--- freeswitch/branches/stkn/sofia-exp/trunk/src/mod/endpoints/mod_sofia/mod_sofia.h	(original)
+++ freeswitch/branches/stkn/sofia-exp/trunk/src/mod/endpoints/mod_sofia/mod_sofia.h	Tue Dec 11 07:57:45 2007
@@ -113,7 +113,8 @@
 	PFLAG_RESPAWN = (1 << 9),
 	PFLAG_GREEDY = (1 << 10),
 	PFLAG_MULTIREG = (1 << 11),
-	PFLAG_SUPRESS_CNG = (1 << 12)
+	PFLAG_SUPRESS_CNG = (1 << 12),
+	PFLAG_TLS = (1 << 13)
 } PFLAGS;
 
 typedef enum {
@@ -219,13 +220,16 @@
 	char *username;
 	char *url;
 	char *bindurl;
+	char *tls_bindurl;
 	char *sipdomain;
 	char *timer_name;
 	char *hold_music;
 	char *bind_params;
+	char *tls_bind_params;
 	char *reg_domain;
 	char *user_agent;
 	int sip_port;
+	int tls_sip_port;
 	char *codec_string;
 	int running;
 	int dtmf_duration;
@@ -368,6 +372,14 @@
 	AUTH_STALE,
 } auth_res_t;
 
+typedef enum {
+	SOFIA_TRANSPORT_UNKNOWN = 0,
+	SOFIA_TRANSPORT_UDP,
+	SOFIA_TRANSPORT_TCP,
+	SOFIA_TRANSPORT_TCP_TLS,
+	SOFIA_TRANSPORT_SCTP,
+} sofia_transport_t;
+
 #define sofia_test_pflag(obj, flag) ((obj)->pflags & flag)
 #define sofia_set_pflag(obj, flag) (obj)->pflags |= (flag)
 #define sofia_set_pflag_locked(obj, flag) assert(obj->flag_mutex != NULL);\
@@ -468,7 +480,7 @@
 void sofia_presence_set_hash_key(char *hash_key, int32_t len, sip_t const *sip);
 void sofia_glue_sql_close(sofia_profile_t *profile);
 int sofia_glue_init_sql(sofia_profile_t *profile);
-char *sofia_overcome_sip_uri_weakness(switch_core_session_t *session, const char *uri, const char *transport, switch_bool_t uri_only);
+char *sofia_overcome_sip_uri_weakness(switch_core_session_t *session, const char *uri, const sofia_transport_t transport, switch_bool_t uri_only);
 switch_bool_t sofia_glue_execute_sql_callback(sofia_profile_t *profile,
 											  switch_bool_t master,
 											  switch_mutex_t *mutex,

Modified: freeswitch/branches/stkn/sofia-exp/trunk/src/mod/endpoints/mod_sofia/sofia.c
==============================================================================
--- freeswitch/branches/stkn/sofia-exp/trunk/src/mod/endpoints/mod_sofia/sofia.c	(original)
+++ freeswitch/branches/stkn/sofia-exp/trunk/src/mod/endpoints/mod_sofia/sofia.c	Tue Dec 11 07:57:45 2007
@@ -353,7 +353,9 @@
 	profile->nua = nua_create(profile->s_root,	/* Event loop */
 							  sofia_event_callback,	/* Callback for processing events */
 							  profile,	/* Additional data to pass to callback */
-							  NUTAG_URL(profile->bindurl), NTATAG_UDP_MTU(65536), TAG_END());	/* Last tag should always finish the sequence */
+							  NUTAG_URL(profile->bindurl),
+							  TAG_IF(profile->pflags & PFLAG_TLS, NUTAG_SIPS_URL(profile->tls_bindurl)),
+							  NTATAG_UDP_MTU(65536), TAG_END());	/* Last tag should always finish the sequence */
 
 	if (!profile->nua) {
 		switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Error Creating SIP UA for profile: %s\n", profile->name);
@@ -978,6 +980,18 @@
 						} else {
 							switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Duration out of bounds!\n");
 						}
+
+					/*
+					 * handle TLS params #1
+					 */
+					} else if (!strcasecmp(var, "tls")) {
+						if (switch_true(val)) {
+							profile->pflags |= PFLAG_TLS;
+						}
+					} else if (!strcasecmp(var, "tls-bind-params")) {
+						profile->tls_bind_params = switch_core_strdup(profile->pool, val);
+					} else if (!strcasecmp(var, "tls-sip-port")) {
+						profile->tls_sip_port = atoi(val);
 					}
 				}
 
@@ -1034,7 +1048,26 @@
 					char *url = profile->bindurl;
 					profile->bindurl = switch_core_sprintf(profile->pool, "%s;%s", url, profile->bind_params);
 				}
-				
+
+				/*
+				 * handle TLS params #2
+				 */
+				if (profile->pflags & PFLAG_TLS) {
+					if (!profile->tls_sip_port) {
+						profile->tls_sip_port = profile->sip_port + 1;
+					}
+
+					if (profile->extsipip) {
+						profile->tls_bindurl = switch_core_sprintf(profile->pool, "sips:mod_sofia@%s:%d;maddr=%s", profile->extsipip, profile->tls_sip_port, profile->sipip);
+					} else {
+						profile->tls_bindurl = switch_core_sprintf(profile->pool, "sips:mod_sofia@%s:%d", profile->sipip, profile->tls_sip_port);
+					}
+
+					if (profile->tls_bind_params) {
+						char *url = profile->tls_bindurl;
+						profile->tls_bindurl = switch_core_sprintf(profile->pool, "%s;%s", url, profile->tls_bind_params);
+					}
+				}
 			}
 			if (profile) {
 				switch_xml_t aliases_tag, alias_tag;

Modified: freeswitch/branches/stkn/sofia-exp/trunk/src/mod/endpoints/mod_sofia/sofia_glue.c
==============================================================================
--- freeswitch/branches/stkn/sofia-exp/trunk/src/mod/endpoints/mod_sofia/sofia_glue.c	(original)
+++ freeswitch/branches/stkn/sofia-exp/trunk/src/mod/endpoints/mod_sofia/sofia_glue.c	Tue Dec 11 07:57:45 2007
@@ -447,20 +447,73 @@
 	return SWITCH_STATUS_SUCCESS;
 }
 
-char *sofia_overcome_sip_uri_weakness(switch_core_session_t *session, const char *uri, const char *transport, switch_bool_t uri_only)
+static sofia_transport_t sofia_glue_str2transport(const char *str)
+{
+	if (!strcasecmp(str, "udp")) {
+		return SOFIA_TRANSPORT_UDP;
+	}
+	else if (!strcasecmp(str, "tcp")) {
+		return SOFIA_TRANSPORT_TCP;
+	}
+	else if (!strcasecmp(str, "sctp")) {
+		return SOFIA_TRANSPORT_SCTP;
+	}
+	else if (!strcasecmp(str, "tls")) {
+		return SOFIA_TRANSPORT_TCP_TLS;
+	}
+
+	return SOFIA_TRANSPORT_UNKNOWN;
+}
+
+static const char *sofia_glue_transport2str(const sofia_transport_t tp)
+{
+	switch(tp) {
+	case SOFIA_TRANSPORT_TCP:
+		return "tcp";
+
+	case SOFIA_TRANSPORT_TCP_TLS:
+		return "tls";
+
+	case SOFIA_TRANSPORT_SCTP:
+		return "sctp";
+
+	default:
+		return "udp";
+	}
+}
+
+static const char *sofia_glue_transport2scheme(const sofia_transport_t tp)
+{
+	switch (tp) {
+	case SOFIA_TRANSPORT_TCP_TLS:
+		return "sips";
+
+	default:
+		return "sip";
+	}
+}
+
+char *sofia_overcome_sip_uri_weakness(switch_core_session_t *session, const char *uri, const sofia_transport_t transport, switch_bool_t uri_only)
 {
 	char *stripped = switch_core_session_strdup(session, uri);
 	char *new_uri = NULL;
 
 	stripped = sofia_glue_get_url_from_contact(stripped, 0);
-	if (transport && strcasecmp(transport, "udp")) {
+	if (transport && transport != SOFIA_TRANSPORT_UDP) {
+		const char *scheme = sofia_glue_transport2scheme(transport);
+		char *tmp;
+
+		if ((tmp = strchr(stripped, ':')) != NULL) {
+			stripped = ++tmp;
+		}
+
 		if (switch_stristr("port=", stripped)) {
-			new_uri = switch_core_session_sprintf(session, "%s%s%s", uri_only ? "" : "<", stripped, uri_only ? "" : ">");
+			new_uri = switch_core_session_sprintf(session, "%s%s:%s%s", uri_only ? "" : "<", scheme, stripped, uri_only ? "" : ">");
 		} else {
 			if (strchr(stripped, ';')) {
-				new_uri = switch_core_session_sprintf(session, "%s%s&transport=%s%s", uri_only ? "" : "<", stripped, transport, uri_only ? "" : ">");
+				new_uri = switch_core_session_sprintf(session, "%s%s:%s&transport=%s%s", uri_only ? "" : "<", scheme, stripped, sofia_glue_transport2str(transport), uri_only ? "" : ">");
 			} else {
-				new_uri = switch_core_session_sprintf(session, "%s%s;transport=%s%s", uri_only ? "" : "<", stripped, transport, uri_only ? "" : ">");
+				new_uri = switch_core_session_sprintf(session, "%s%s:%s;transport=%s%s", uri_only ? "" : "<", scheme, stripped, sofia_glue_transport2str(transport), uri_only ? "" : ">");
 			}
 		}
 	} else {
@@ -541,8 +594,9 @@
 	if (!tech_pvt->nh) {
 		char *d_url = NULL, *url = NULL;
 		sofia_private_t *sofia_private;
+		sofia_transport_t transport = SOFIA_TRANSPORT_UDP;
 		char *invite_contact = NULL, *to_str, *use_from_str, *from_str, *url_str;
-		const char *transport = "udp", *t_var;
+		const char *t_var;
 		char *rpid_domain = "cluecon.com", *p;
 		const char *priv = "off";
 		const char *screen = "no";
@@ -583,20 +637,22 @@
 			rpid_domain = "cluecon.com";
 		}
 
-		if (switch_stristr("port=tcp", url)) {
-			transport = "tcp";
+		if (switch_stristr("tport=tcp", url)) {
+			transport = SOFIA_TRANSPORT_TCP;
 		} else {
 			if ((t_var = switch_channel_get_variable(channel, "sip_transport"))) {
-				if (!strcasecmp(t_var, "tcp") || !strcasecmp(t_var, "udp")) {
-					transport = t_var;
+				sofia_transport_t t_val;
+
+				if ((t_val = sofia_glue_str2transport(t_var)) != SOFIA_TRANSPORT_UNKNOWN) {
+					transport = t_val;
 				}
 			}
 		}
 
 		url_str = sofia_overcome_sip_uri_weakness(session, url, transport, SWITCH_TRUE);
 		invite_contact = sofia_overcome_sip_uri_weakness(session, tech_pvt->invite_contact, transport, SWITCH_FALSE);
-		from_str = sofia_overcome_sip_uri_weakness(session, use_from_str, NULL, SWITCH_FALSE);
-		to_str = sofia_overcome_sip_uri_weakness(session, tech_pvt->dest_to, NULL, SWITCH_FALSE);
+		from_str = sofia_overcome_sip_uri_weakness(session, use_from_str, 0, SWITCH_FALSE);
+		to_str = sofia_overcome_sip_uri_weakness(session, tech_pvt->dest_to, 0, SWITCH_FALSE);
 		
 		/* 
 		   Does the "genius" who wanted SIP to be "text-based" so it was "easier to read" even use it now,



More information about the Freeswitch-branches mailing list