[Freeswitch-dev] mod_dingaling does not set crypto

Richard Screene richard.screene at netdev.co.uk
Tue Jul 17 14:12:00 MSD 2012 

Hello Anthony,

We're not quite there yet!

It would appear that TFLAG_SECURE is not set for the outbound call.  I've had to comment out the check in mdl_build_crypto().  Would we expect the the flag to be set for both legs of the call?

Also, I'm getting *a lot* of the following errors:
2012-07-17 11:05:36.128059 [ERR] switch_rtp.c:4296 Error: SRTP protection failed with code 13
I did see this once yesterday (with the previous version) but it went away so I assumed it was something I was doing.  Now, I'm getting it all the time.  If you'd like me to investigate further please let me know.

Thanks for your continuing help,
  Richard



On 16 Jul 2012, at 18:44, Anthony Minessale wrote:

> ok so I pushed the flag to be set so now it should work out of the
> box, thanks for testing.
> 
> 
> On Mon, Jul 16, 2012 at 8:05 AM, Richard Screene
> <richard.screene at netdev.co.uk> wrote:
>> Hello Anthony,
>> 
>> That seems to work better than my attempt!
>> 
>> Thanks for your help!
>>  Richard
>> 
>> 
>> On 13 Jul 2012, at 23:19, Anthony Minessale wrote:
>> 
>> try patch in latest head minus your plc hack.
>> I have not made any changes to mod_dingaling yet but the core should
>> not try to decode stun now.
>> 
>> 
>> On Thu, Jul 12, 2012 at 11:58 AM, Richard Screene
>> <richard.screene at netdev.co.uk> wrote:
>> 
>> Hello Anthony,
>> 
>> 
>> Thanks for your quick response!
>> 
>> 
>> does it work then? I had it disabled on purpose cos I have not
>> 
>> confirmed it works yet.
>> 
>> 
>> That would explain it then :-)
>> 
>> 
>> I have managed to get SRTP working for the outbound voice path, but it
>> 
>> required a couple of hacks:
>> 
>> 1) It was attempting to decrypt the STUN/ICE Bind Requests and failing.
>> 
>> I've bodged it for now by passing the SFF_PLC flag to
>> 
>> switch_rtp.c:read_rtp_packet() but I suspect this will stop inbound voice
>> 
>> paths from working!
>> 
>> 2) In mod_dingaling.c:try_secure() the incorrect crypto_type is passed to
>> 
>> switch_rtp_add_crypto_key().  I suspect there is some confusion between the
>> 
>> crypto_type and crypto_send_type/crypto_recv_type members of
>> 
>> tech_pvt->transports.  I've hacked it for now as shown below.
>> 
>> 
>> I hope this is useful to you.  I'm going to try with the outbound voice path
>> 
>> tomorrow.
>> 
>> 
>> Regards,
>> 
>> Richard
>> 
>> 
>> 
>> For reference here are the diffs:
>> 
>> 
>> 
>> 
>> diff --git a/src/mod/endpoints/mod_dingaling/mod_dingaling.c
>> 
>> b/src/mod/endpoints/mod_dingaling/
>> 
>> index c47f589..1dda789 100644
>> 
>> --- a/src/mod/endpoints/mod_dingaling/mod_dingaling.c
>> 
>> +++ b/src/mod/endpoints/mod_dingaling/mod_dingaling.c
>> 
>> @@ -956,9 +956,11 @@ switch_status_t mdl_build_crypto(struct private_object
>> 
>> *tech_pvt, ldl_tran
>> 
>>       char *p;
>> 
>> 
>> 
>> +/*
>> 
>>       if (!switch_test_flag(tech_pvt, TFLAG_SECURE)) {
>> 
>>               return SWITCH_STATUS_SUCCESS;
>> 
>>       }
>> 
>> +*/
>> 
>> 
>> 
>>       if (type == AES_CM_128_HMAC_SHA1_80) {
>> 
>> @@ -1056,10 +1058,13 @@ static switch_status_t mdl_add_crypto(struct
>> 
>> private_object *tech_pvt,
>> 
>> static void try_secure(struct private_object *tech_pvt,
>> 
>> ldl_transport_type_t ttype)
>> 
>> {
>> 
>> 
>> +/*
>> 
>>       if (!switch_test_flag(tech_pvt, TFLAG_SECURE)) {
>> 
>>               return;
>> 
>>       }
>> 
>> 
>> +*/
>> 
>> +       tech_pvt->transports[ttype].crypto_type =
>> 
>> tech_pvt->transports[ttype].crypto_recv_type;
>> 
>> 
>>       //if (tech_pvt->transports[ttype].crypto_type) {
>> 
>> 
>> switch_rtp_add_crypto_key(tech_pvt->transports[ttype].rtp_session,
>> 
>> 
>> 
>> 
>> 
>> diff --git a/src/switch_rtp.c b/src/switch_rtp.c
>> 
>> index 7d6ad29..99b4f83 100644
>> 
>> --- a/src/switch_rtp.c
>> 
>> +++ b/src/switch_rtp.c
>> 
>> @@ -3234,6 +3234,7 @@ static int rtp_common_read(switch_rtp_t *rtp_session,
>> 
>> switch_payload_t *p
>> 
>>                       if (read_pretriggered) {
>> 
>>                               read_pretriggered = 0;
>> 
>>                       } else {
>> 
>> +                               *flags |= SFF_PLC;
>> 
>>                               status = read_rtp_packet(rtp_session,
>> 
>> &bytes, flags, SWITCH_TRU
>> 
>> 
>> //switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH
>> 
>>                       }
>> 
>> 
>> 
>> 
>> On 12 Jul 2012, at 00:13, Anthony Minessale wrote:
>> 
>> 
>> does it work then? I had it disabled on purpose cos I have not
>> 
>> confirmed it works yet.
>> 
>> 
>> 
>> On Wed, Jul 11, 2012 at 4:47 AM, Richard Screene
>> 
>> <richard.screene at netdev.co.uk> wrote:
>> 
>> 
>> Hello,
>> 
>> 
>> 
>> Using mod_dingaling I am unable to get it to append the crypto details to
>> 
>> 
>> the session-accept Jingle stanza.  The message is sent as:
>> 
>> 
>> <snip>
>> 
>> 
>> 
>> 
>> _________________________________________________________________________
>> 
>> Professional FreeSWITCH Consulting Services:
>> 
>> consulting at freeswitch.org
>> 
>> http://www.freeswitchsolutions.com
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> Official FreeSWITCH Sites
>> 
>> http://www.freeswitch.org
>> 
>> http://wiki.freeswitch.org
>> 
>> http://www.cluecon.com
>> 
>> 
>> Join Us At ClueCon - Aug 7-9, 2012
>> 
>> 
>> FreeSWITCH-dev mailing list
>> 
>> FreeSWITCH-dev at lists.freeswitch.org
>> 
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
>> 
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
>> 
>> http://www.freeswitch.org
>> 
>> 
>> 
>> 
>> 
>> --
>> Anthony Minessale II
>> 
>> FreeSWITCH http://www.freeswitch.org/
>> ClueCon http://www.cluecon.com/
>> Twitter: http://twitter.com/FreeSWITCH_wire
>> 
>> AIM: anthm
>> MSN:anthony_minessale at hotmail.com
>> GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
>> IRC: irc.freenode.net #freeswitch
>> 
>> FreeSWITCH Developer Conference
>> sip:888 at conference.freeswitch.org
>> googletalk:conf+888 at conference.freeswitch.org
>> pstn:+19193869900
>> 
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>> 
>> 
>> 
>> 
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>> 
>> Join Us At ClueCon - Aug 7-9, 2012
>> 
>> FreeSWITCH-dev mailing list
>> FreeSWITCH-dev at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
>> http://www.freeswitch.org
>> 
>> 
>> Richard Screene
>> Senior Developer
>> NetDev Ltd  & Drum Collaboration
>> +44 1273 936125
>> www.netdev.co.uk
>> www.thisisdrum.com
>> Registered in England and Wales
>> Company Number 04741258
>> 
>> 
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>> 
>> 
>> 
>> 
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>> 
>> Join Us At ClueCon - Aug 7-9, 2012
>> 
>> FreeSWITCH-dev mailing list
>> FreeSWITCH-dev at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
>> http://www.freeswitch.org
>> 
> 
> 
> 
> -- 
> Anthony Minessale II
> 
> FreeSWITCH http://www.freeswitch.org/
> ClueCon http://www.cluecon.com/
> Twitter: http://twitter.com/FreeSWITCH_wire
> 
> AIM: anthm
> MSN:anthony_minessale at hotmail.com
> GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
> IRC: irc.freenode.net #freeswitch
> 
> FreeSWITCH Developer Conference
> sip:888 at conference.freeswitch.org
> googletalk:conf+888 at conference.freeswitch.org
> pstn:+19193869900
> 
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
> 
> 
> 
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
> 
> Join Us At ClueCon - Aug 7-9, 2012
> 
> FreeSWITCH-dev mailing list
> FreeSWITCH-dev at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
> http://www.freeswitch.org

Richard Screene
Senior Developer
NetDev Ltd  & Drum Collaboration 
+44 1273 936125
www.netdev.co.uk
www.thisisdrum.com
Registered in England and Wales 
Company Number 04741258

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-dev/attachments/20120717/0a88acd2/attachment-0001.html

Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-dev mailing list