[Freeswitch-users] Week in Review Feb 23rd-Mar 01

Kathleen King kathleen.king at quentustech.com
Wed Mar 5 09:55:09 MSK 2014


Brian,

Check out a Freeswitch to Freeswitch SIP connection over TLS with sofia 
debug all 9, thanks to Travis' commit
d5760e0d6a05b7a13bdb044018b2334c69d6cfdf, you can see that Freeswitch is 
negotiating the signaling connection for SIP over AES-GCM as well. It is 
a cool Easter egg I found while practicing setting up secure VOIP. I've 
included some sample logs below.

Community,

Does anyone have any suggestions for Freeswitch related 
videos/screencast? I'm looking to set up some quickstart videos for 
Freeswitch on different platforms and some walkthroughs such as how to 
report a bug on Jira, etc.


Freeswitch logs of a Freeswitch <=> Freeswitch TLS version 1.2 
connection register packet:
freeswitch at kathleen03>
freeswitch at kathleen03>
freeswitch at kathleen03> tport.c:2757 tport_wakeup_pri() 
tport_wakeup_pri(0x7f37e0004860): events IN
tport.c:870 tport_alloc_secondary() 
tport_alloc_secondary(0x7f37e0004860): new secondary tport 0x7f37e0023a80
tport_type_tcp.c:203 tport_tcp_init_secondary() 
tport_tcp_init_secondary(0x7f37e0023a80): Setting TCP_KEEPIDLE to 30
tport_type_tcp.c:209 tport_tcp_init_secondary() 
tport_tcp_init_secondary(0x7f37e0023a80): Setting TCP_KEEPINTVL to 30
tport_type_tls.c:610 tport_tls_accept() 
tport_tls_accept(0x7f37e0023a80): new connection from 
tls/192.168.100.233:41248/sips
tport_tls.c:915 tls_connect() tls_connect(0x7f37e0023a80): events 
NEGOTIATING
tport_tls.c:915 tls_connect() tls_connect(0x7f37e0023a80): events 
NEGOTIATING
tport_tls.c:559 tls_post_connection_check() 
tls_post_connection_check(0x7f37e0023a80): TLS cipher chosen (name): 
ECDHE-RSA-AES256-GCM-SHA384
tport_tls.c:561 tls_post_connection_check() 
tls_post_connection_check(0x7f37e0023a80): TLS cipher chosen (version): 
TLSv1/SSLv3
tport_tls.c:564 tls_post_connection_check() 
tls_post_connection_check(0x7f37e0023a80): TLS cipher chosen 
(bits/alg_bits): 256/256
tport_tls.c:567 tls_post_connection_check() 
tls_post_connection_check(0x7f37e0023a80): TLS cipher chosen 
(description): ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=E
CDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD

tport_tls.c:572 tls_post_connection_check() 
tls_post_connection_check(0x7f37e0023a80): Peer did not provide X.509 
Certificate.
tport.c:2304 tport_set_secondary_timer() tport(0x7f37e0023a80): reset timer
tport.c:2781 tport_wakeup() tport_wakeup(0x7f37e0023a80): events IN
tport.c:2872 tport_recv_event() tport_recv_event(0x7f37e0023a80)
tport_type_tls.c:434 tport_tls_recv() tport_tls_recv(0x7f37e0023a80): 
tls_read() returned 637
tport.c:3213 tport_recv_iovec() tport_recv_iovec(0x7f37e0023a80) msg 
0x7f37e0041aa0 from (tls/192.168.100.233:41248) has 637 bytes, veclen = 1
recv 637 bytes from tls/[192.168.100.233]:41248 at 22:06:54.881930:
------------------------------------------------------------------------
    REGISTER sip:192.168.100.226:5070;transport=tls SIP/2.0
    Via: SIP/2.0/TLS 192.168.100.233:5070;branch=z9hG4bKK8037rS2BD90H




On 03/04/2014 08:52 PM, Brian West wrote:
> Kathleen,
> 	AES-GCM is only for RTP Encryption, We did and are still doing some work to clarify and improve our SRTP support and negotiation options.  I think we’ll be talking about some of these on our call tomorrow.
>
> I can confirm working build solutions for Mac OS X 10.7/10.8/10.9
>
> mod_v8 works on 10.8 and 10.9, I can not get it to compile on 10.7 yet.
>
> Solution is here: http://www.freeswitch.org/eg/Makefile.macosx
>
> I’ve noticed in some cases make install on OS X gets stuck in a loop.  If you see that please report it to JIRA, I couldn’t replicate it after ctrl+c then try again.
>
> As for NetBSD, I have master running on a NetBSD 6.1.3 (64bit) with some help and patches from Michael Taylor, In addition I was able to get Solaris 11.1 (64bit) to compile and run master using gcc with MANY HACKS to the build system.  These last two platforms do require more work but I’m waiting on pending work from Mike Jerris on moving all mods to autoconf/automake which will make those last two platforms easier to support.  As we work on our build system on the unix platforms I suspect all these things will get easier to support.
>
> On the Windows front, We did have an issue with the stable branch compiling in MSVC which is now fixed (Thanks Jeff), I’ve compiled master using MSVC 2012’2013 Ultimate and MSVC Express 2013 without problems after getting tripped up by that pesky autocrlf setting.
>
> We need to work on updating our install and build documentation on the wiki, its starting to show its age.  If anyone would like to help please sign up for a wiki account and email me so I can approve your account faster,  Then we can all work together to improve our documentation.
>
> Thanks,
> --
> Brian West
> brian at freeswitch.org
> FreeSWITCH Solutions, LLC
> PO BOX 2531
> Brookfield, WI 53008-2531
> Twitter: @FreeSWITCH , @briankwest
> http://www.freeswitchbook.com
> http://www.freeswitchcookbook.com
>
> T: +1.918.420.9001  |  F: +1.918.420.9002  |  M: +1.918.424.WEST
> iNUM: +883 5100 1420 9001
> ISN: 410*543
> Skype:briankwest
> PGP Key: http://www.bkw.org/key.txt (AB93356707C76CED)
>
>
>
> On Mar 4, 2014, at 9:33 PM, Kathleen King <kathleen.king at quentustech.com> wrote:
>
>> Hello, again. This week in the FreeSWITCH master branch we had 137 commits! That is an average of ten commits per day and roughly an average of one commit every hour over the entire week! Awesome! We had a neat new feature added with TLS and SRTP support for AES-GCM. This feature allows for fully encrypting calls(both signaling, and media) in a higher density and with latest TLS 1.2 so it's secure against some of the recent TLS security issues. More about this new feature can be found here on the wiki: http://en.wikipedia.org/wiki/Galois/Counter_Mode
>>
>> The following bugs were squashed:
>> 1d36f5b fixed so that max_registrations_per_extension does no limit concurrent call counts
>> Jira: http://jira.freeswitch.org/browse/FS-5915
>> f862c34 fixed bug in Freeswitch core dealing with calls not hanging up after hold
>> Jira: http://jira.freeswitch.org/browse/FS-6272
>> f751455 fix race condition where a transferring leg could be hungup on by the bridge partner from the previous bridge
>> fa92f81 fixed bug in delay retry and clarified log line in mod_json_cdr
>> Jira: http://jira.freeswitch.org/browse/FS-5888
>> New features that were added:
>> 8862fbc added 'join-only' conference flag
>> Jira: http://jira.freeswitch.org/browse/FS-5461
>> 5b26558 add json support for mod_event_sockets event_sink
>> Jira: http://jira.freeswitch.org/browse/FS-5207
>> aa78006 Added Windows equivalent of Linux's fail2ban. Thanks, drk.
>> Jira: http://jira.freeswitch.org/browse/FS-3588
>> 463f32c Support AES-GCM mode in SRTP
>> Jira: http://jira.freeswitch.org/browse/FS-5937
>> 5646957 more work to support AES-GCM mode in SRTP
>> Jira: http://jira.freeswitch.org/browse/FS-5937
>> a900ead added Support AES-GCM mode in SRTP
>> Jira: http://jira.freeswitch.org/browse/FS-5937
>> Improvements in cross platform build supports:
>> ffa14f3 remove python requirement for libsndfile build
>> 727ce93 more work getting FS-6271 to compile on Windows
>> Jira: http://jira.freeswitch.org/browse/FS-6271
>> 0c7946b improve srtp build on Dragonfly and NetBSD
>> 44410b7 work towards building on smartos
>> Jira: http://jira.freeswitch.org/browse/FS-6227
>> 691c454 tagged Freeswitch 1.5.10
>> d86bb20 added support for DESTDIR to modcheck
>> 62a2898 update the version string
>> 378caeb fixed building without SRTP
>> d7794af improved build support for Dragonfly
>> 645ab80 tagged Freeswitch version 1.5.8
>> d97b163 upgraded mod_ruby to SWIG 2.0
>> In terms of stability these were the use cases that were fixed:
>> 68692d9 fixed segfault in mod_voicemail_ivr related to profile naming
>> Jira: http://jira.freeswitch.org/browse/FS-5154
>> e398ede fixed memory corruption and leak in mod_erlang
>> Jira: http://jira.freeswitch.org/browse/FS-5975
>> 827c5ac fixed segfault on second call of gsm remove 1 in mod_gsmopen
>> Jira: http://jira.freeswitch.org/browse/FS-5908
>> Feedback welcome and the referenced commits are in the attached text file with corresponding Jira links.
>> -- 
>> Kathleen King
>> Quentus Technologies, INC
>> 1037 NE 65th St Suite 273
>> Seattle, WA 98115
>> Main:   (877) 211-9337
>> Cell:   (703) 859-3757
>>
>> kathleen.king at quentustech.com
>> <2014_2_23-2014_3_2oneline.txt>_________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

-- 
Kathleen King
Quentus Technologies, INC
1037 NE 65th St Suite 273
Seattle, WA 98115
Main:   (877) 211-9337
Cell:   (703) 859-3757
kathleen.king at quentustech.com




Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users mailing list