[Freeswitch-branches] [commit] r6638 - in freeswitch/branches/stkn/sofia-exp/trunk: . conf/sip_profiles src/mod/endpoints/mod_sofia
Freeswitch SVN
stkn at freeswitch.org
Tue Dec 11 07:57:46 EST 2007
Author: stkn
Date: Tue Dec 11 07:57:45 2007
New Revision: 6638
Modified:
freeswitch/branches/stkn/sofia-exp/trunk/Makefile.am
freeswitch/branches/stkn/sofia-exp/trunk/conf/sip_profiles/default.xml
freeswitch/branches/stkn/sofia-exp/trunk/src/mod/endpoints/mod_sofia/mod_sofia.h
freeswitch/branches/stkn/sofia-exp/trunk/src/mod/endpoints/mod_sofia/sofia.c
freeswitch/branches/stkn/sofia-exp/trunk/src/mod/endpoints/mod_sofia/sofia_glue.c
Log:
Basic TLS support, listening for TLS connections works, first few packets of outgoing connections are encrypted but the connection will drop back to non-tls tcp (probably a "sip:" vs "sips:" uri issue). Also includes SCTP support (needs more testing too).
Modified: freeswitch/branches/stkn/sofia-exp/trunk/Makefile.am
==============================================================================
--- freeswitch/branches/stkn/sofia-exp/trunk/Makefile.am (original)
+++ freeswitch/branches/stkn/sofia-exp/trunk/Makefile.am Tue Dec 11 07:57:45 2007
@@ -168,7 +168,7 @@
install-data-local:
@echo Installing $(NAME)
- @for x in conf conf/dialplan conf/directory conf/sip_profiles mod db log log/xml_cdr bin scripts htdocs grammar ; do \
+ @for x in conf conf/dialplan conf/directory conf/sip_profiles conf/ssl mod db log log/xml_cdr bin scripts htdocs grammar ; do \
$(mkinstalldirs) $(DESTDIR)$(prefix)/$$x ; \
done
for conffile in `find conf -name \*.xml && find conf -name \*.conf && find conf -name \*.tpl && find conf -name mime.types` ; do \
Modified: freeswitch/branches/stkn/sofia-exp/trunk/conf/sip_profiles/default.xml
==============================================================================
--- freeswitch/branches/stkn/sofia-exp/trunk/conf/sip_profiles/default.xml (original)
+++ freeswitch/branches/stkn/sofia-exp/trunk/conf/sip_profiles/default.xml Tue Dec 11 07:57:45 2007
@@ -36,6 +36,15 @@
<param name="inbound-codec-negotiation" value="generous"/>
<!-- if you want to send any special bind params of your own -->
<!--<param name="bind-params" value="transport=udp"/>-->
+
+ <!-- TLS: disabled by default, set to "true" to enable -->
+ <!--<param name="tls" value="false"/>-->
+ <!-- additional bind parameters for TLS -->
+ <!--<param name="tls-bind-params" value="transport=tcp"/>-->
+ <!-- Port to listen on for TLS requests, if unspecified sip-port+1 will be used -->
+ <!--<param name="tls-sip-port" value="5061"/>-->
+ <!-- Location of the agent.pem and cafile.pem ssl certificates (needed for TLS server) -->
+ <!--<param name="tls-cert-dir" value="/opt/freeswitch/conf/ssl"/>-->
<!--If you don't want to pass through timestampes from 1 RTP call to another (on a per call basis with rtp_rewrite_timestamps chanvar)-->
<!--<param name="rtp-rewrite-timestamps" value="true"/>-->
Modified: freeswitch/branches/stkn/sofia-exp/trunk/src/mod/endpoints/mod_sofia/mod_sofia.h
==============================================================================
--- freeswitch/branches/stkn/sofia-exp/trunk/src/mod/endpoints/mod_sofia/mod_sofia.h (original)
+++ freeswitch/branches/stkn/sofia-exp/trunk/src/mod/endpoints/mod_sofia/mod_sofia.h Tue Dec 11 07:57:45 2007
@@ -113,7 +113,8 @@
PFLAG_RESPAWN = (1 << 9),
PFLAG_GREEDY = (1 << 10),
PFLAG_MULTIREG = (1 << 11),
- PFLAG_SUPRESS_CNG = (1 << 12)
+ PFLAG_SUPRESS_CNG = (1 << 12),
+ PFLAG_TLS = (1 << 13)
} PFLAGS;
typedef enum {
@@ -219,13 +220,16 @@
char *username;
char *url;
char *bindurl;
+ char *tls_bindurl;
char *sipdomain;
char *timer_name;
char *hold_music;
char *bind_params;
+ char *tls_bind_params;
char *reg_domain;
char *user_agent;
int sip_port;
+ int tls_sip_port;
char *codec_string;
int running;
int dtmf_duration;
@@ -368,6 +372,14 @@
AUTH_STALE,
} auth_res_t;
+typedef enum {
+ SOFIA_TRANSPORT_UNKNOWN = 0,
+ SOFIA_TRANSPORT_UDP,
+ SOFIA_TRANSPORT_TCP,
+ SOFIA_TRANSPORT_TCP_TLS,
+ SOFIA_TRANSPORT_SCTP,
+} sofia_transport_t;
+
#define sofia_test_pflag(obj, flag) ((obj)->pflags & flag)
#define sofia_set_pflag(obj, flag) (obj)->pflags |= (flag)
#define sofia_set_pflag_locked(obj, flag) assert(obj->flag_mutex != NULL);\
@@ -468,7 +480,7 @@
void sofia_presence_set_hash_key(char *hash_key, int32_t len, sip_t const *sip);
void sofia_glue_sql_close(sofia_profile_t *profile);
int sofia_glue_init_sql(sofia_profile_t *profile);
-char *sofia_overcome_sip_uri_weakness(switch_core_session_t *session, const char *uri, const char *transport, switch_bool_t uri_only);
+char *sofia_overcome_sip_uri_weakness(switch_core_session_t *session, const char *uri, const sofia_transport_t transport, switch_bool_t uri_only);
switch_bool_t sofia_glue_execute_sql_callback(sofia_profile_t *profile,
switch_bool_t master,
switch_mutex_t *mutex,
Modified: freeswitch/branches/stkn/sofia-exp/trunk/src/mod/endpoints/mod_sofia/sofia.c
==============================================================================
--- freeswitch/branches/stkn/sofia-exp/trunk/src/mod/endpoints/mod_sofia/sofia.c (original)
+++ freeswitch/branches/stkn/sofia-exp/trunk/src/mod/endpoints/mod_sofia/sofia.c Tue Dec 11 07:57:45 2007
@@ -353,7 +353,9 @@
profile->nua = nua_create(profile->s_root, /* Event loop */
sofia_event_callback, /* Callback for processing events */
profile, /* Additional data to pass to callback */
- NUTAG_URL(profile->bindurl), NTATAG_UDP_MTU(65536), TAG_END()); /* Last tag should always finish the sequence */
+ NUTAG_URL(profile->bindurl),
+ TAG_IF(profile->pflags & PFLAG_TLS, NUTAG_SIPS_URL(profile->tls_bindurl)),
+ NTATAG_UDP_MTU(65536), TAG_END()); /* Last tag should always finish the sequence */
if (!profile->nua) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Error Creating SIP UA for profile: %s\n", profile->name);
@@ -978,6 +980,18 @@
} else {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Duration out of bounds!\n");
}
+
+ /*
+ * handle TLS params #1
+ */
+ } else if (!strcasecmp(var, "tls")) {
+ if (switch_true(val)) {
+ profile->pflags |= PFLAG_TLS;
+ }
+ } else if (!strcasecmp(var, "tls-bind-params")) {
+ profile->tls_bind_params = switch_core_strdup(profile->pool, val);
+ } else if (!strcasecmp(var, "tls-sip-port")) {
+ profile->tls_sip_port = atoi(val);
}
}
@@ -1034,7 +1048,26 @@
char *url = profile->bindurl;
profile->bindurl = switch_core_sprintf(profile->pool, "%s;%s", url, profile->bind_params);
}
-
+
+ /*
+ * handle TLS params #2
+ */
+ if (profile->pflags & PFLAG_TLS) {
+ if (!profile->tls_sip_port) {
+ profile->tls_sip_port = profile->sip_port + 1;
+ }
+
+ if (profile->extsipip) {
+ profile->tls_bindurl = switch_core_sprintf(profile->pool, "sips:mod_sofia@%s:%d;maddr=%s", profile->extsipip, profile->tls_sip_port, profile->sipip);
+ } else {
+ profile->tls_bindurl = switch_core_sprintf(profile->pool, "sips:mod_sofia@%s:%d", profile->sipip, profile->tls_sip_port);
+ }
+
+ if (profile->tls_bind_params) {
+ char *url = profile->tls_bindurl;
+ profile->tls_bindurl = switch_core_sprintf(profile->pool, "%s;%s", url, profile->tls_bind_params);
+ }
+ }
}
if (profile) {
switch_xml_t aliases_tag, alias_tag;
Modified: freeswitch/branches/stkn/sofia-exp/trunk/src/mod/endpoints/mod_sofia/sofia_glue.c
==============================================================================
--- freeswitch/branches/stkn/sofia-exp/trunk/src/mod/endpoints/mod_sofia/sofia_glue.c (original)
+++ freeswitch/branches/stkn/sofia-exp/trunk/src/mod/endpoints/mod_sofia/sofia_glue.c Tue Dec 11 07:57:45 2007
@@ -447,20 +447,73 @@
return SWITCH_STATUS_SUCCESS;
}
-char *sofia_overcome_sip_uri_weakness(switch_core_session_t *session, const char *uri, const char *transport, switch_bool_t uri_only)
+static sofia_transport_t sofia_glue_str2transport(const char *str)
+{
+ if (!strcasecmp(str, "udp")) {
+ return SOFIA_TRANSPORT_UDP;
+ }
+ else if (!strcasecmp(str, "tcp")) {
+ return SOFIA_TRANSPORT_TCP;
+ }
+ else if (!strcasecmp(str, "sctp")) {
+ return SOFIA_TRANSPORT_SCTP;
+ }
+ else if (!strcasecmp(str, "tls")) {
+ return SOFIA_TRANSPORT_TCP_TLS;
+ }
+
+ return SOFIA_TRANSPORT_UNKNOWN;
+}
+
+static const char *sofia_glue_transport2str(const sofia_transport_t tp)
+{
+ switch(tp) {
+ case SOFIA_TRANSPORT_TCP:
+ return "tcp";
+
+ case SOFIA_TRANSPORT_TCP_TLS:
+ return "tls";
+
+ case SOFIA_TRANSPORT_SCTP:
+ return "sctp";
+
+ default:
+ return "udp";
+ }
+}
+
+static const char *sofia_glue_transport2scheme(const sofia_transport_t tp)
+{
+ switch (tp) {
+ case SOFIA_TRANSPORT_TCP_TLS:
+ return "sips";
+
+ default:
+ return "sip";
+ }
+}
+
+char *sofia_overcome_sip_uri_weakness(switch_core_session_t *session, const char *uri, const sofia_transport_t transport, switch_bool_t uri_only)
{
char *stripped = switch_core_session_strdup(session, uri);
char *new_uri = NULL;
stripped = sofia_glue_get_url_from_contact(stripped, 0);
- if (transport && strcasecmp(transport, "udp")) {
+ if (transport && transport != SOFIA_TRANSPORT_UDP) {
+ const char *scheme = sofia_glue_transport2scheme(transport);
+ char *tmp;
+
+ if ((tmp = strchr(stripped, ':')) != NULL) {
+ stripped = ++tmp;
+ }
+
if (switch_stristr("port=", stripped)) {
- new_uri = switch_core_session_sprintf(session, "%s%s%s", uri_only ? "" : "<", stripped, uri_only ? "" : ">");
+ new_uri = switch_core_session_sprintf(session, "%s%s:%s%s", uri_only ? "" : "<", scheme, stripped, uri_only ? "" : ">");
} else {
if (strchr(stripped, ';')) {
- new_uri = switch_core_session_sprintf(session, "%s%s&transport=%s%s", uri_only ? "" : "<", stripped, transport, uri_only ? "" : ">");
+ new_uri = switch_core_session_sprintf(session, "%s%s:%s&transport=%s%s", uri_only ? "" : "<", scheme, stripped, sofia_glue_transport2str(transport), uri_only ? "" : ">");
} else {
- new_uri = switch_core_session_sprintf(session, "%s%s;transport=%s%s", uri_only ? "" : "<", stripped, transport, uri_only ? "" : ">");
+ new_uri = switch_core_session_sprintf(session, "%s%s:%s;transport=%s%s", uri_only ? "" : "<", scheme, stripped, sofia_glue_transport2str(transport), uri_only ? "" : ">");
}
}
} else {
@@ -541,8 +594,9 @@
if (!tech_pvt->nh) {
char *d_url = NULL, *url = NULL;
sofia_private_t *sofia_private;
+ sofia_transport_t transport = SOFIA_TRANSPORT_UDP;
char *invite_contact = NULL, *to_str, *use_from_str, *from_str, *url_str;
- const char *transport = "udp", *t_var;
+ const char *t_var;
char *rpid_domain = "cluecon.com", *p;
const char *priv = "off";
const char *screen = "no";
@@ -583,20 +637,22 @@
rpid_domain = "cluecon.com";
}
- if (switch_stristr("port=tcp", url)) {
- transport = "tcp";
+ if (switch_stristr("tport=tcp", url)) {
+ transport = SOFIA_TRANSPORT_TCP;
} else {
if ((t_var = switch_channel_get_variable(channel, "sip_transport"))) {
- if (!strcasecmp(t_var, "tcp") || !strcasecmp(t_var, "udp")) {
- transport = t_var;
+ sofia_transport_t t_val;
+
+ if ((t_val = sofia_glue_str2transport(t_var)) != SOFIA_TRANSPORT_UNKNOWN) {
+ transport = t_val;
}
}
}
url_str = sofia_overcome_sip_uri_weakness(session, url, transport, SWITCH_TRUE);
invite_contact = sofia_overcome_sip_uri_weakness(session, tech_pvt->invite_contact, transport, SWITCH_FALSE);
- from_str = sofia_overcome_sip_uri_weakness(session, use_from_str, NULL, SWITCH_FALSE);
- to_str = sofia_overcome_sip_uri_weakness(session, tech_pvt->dest_to, NULL, SWITCH_FALSE);
+ from_str = sofia_overcome_sip_uri_weakness(session, use_from_str, 0, SWITCH_FALSE);
+ to_str = sofia_overcome_sip_uri_weakness(session, tech_pvt->dest_to, 0, SWITCH_FALSE);
/*
Does the "genius" who wanted SIP to be "text-based" so it was "easier to read" even use it now,
More information about the Freeswitch-branches
mailing list