[Freeswitch-users] Secure RTP

Jim Burke jim at evolutiontel.net
Thu May 21 21:17:07 PDT 2009 

Hi All,

Have been trying to workout how to solve a call scenario involving
SRTP and need some help.

The scenario is:
Eyebeam ---->FS----->Eyebeam with make and accept only encrypted calls set.

What I am hoping to acheive is, if the A leg does not have SRTP set
and no SRTP Descriptors are sent in the INVITE to the B leg, when the
B leg responds with 415 Bad Security Level this is intercepted and a
re-invite is sent with the security descriptions so this call, 1,
terminates and 2, is B leg secure.

In my dialplan I have CONTINUE_ON_FAILURE set for 79 and then set
BYPASS_MEDIA=FALSE (was SET true earlier in the Dialplan) and EXPORT
SIP_SECURE_MEDIA=TRUE then finaly bridge the call once more.

What I get is

Eyebeam                                   FS                             Eyebeam
           ---->INVITE no SRTP---->
           <---100 Trying <---------
                                                     ---->INVITE no SRTP---->
                                                     <---415 Bad Security<----
                                                     ---->INVITE no SRTP---->

Based on the following debug snippet showing the continue on fail
occuring, the Local Key is generated, however it is not added to the
second INVITE message when sent out.

2009-05-22 13:23:40 [DEBUG] switch_ivr_originate.c:2094
switch_ivr_originate() Originate Resulted in Error Cause: 79
[SERVICE_NOT_IMPLEMENTED]
2009-05-22 13:23:40 [INFO] mod_dptools.c:2074 audio_bridge_function()
Originate Failed.  Cause: SERVICE_NOT_IMPLEMENTED
2009-05-22 13:23:40 [DEBUG] mod_dptools.c:2101 audio_bridge_function()
Continue on fail [true]:  Cause: SERVICE_NOT_IMPLEMENTED
EXECUTE sofia/internal/0631000002 at sip.evolutiontel.net set(bypass_media=false)
2009-05-22 13:23:40 [DEBUG] mod_dptools.c:748 set_function()
sofia/internal/0631000002 at sip.evolutiontel.net SET
[bypass_media]=[false]
EXECUTE sofia/internal/0631000002 at sip.evolutiontel.net
export(sip_secure_media=true)
2009-05-22 13:23:40 [DEBUG] mod_dptools.c:886 export_function() EXPORT
[sip_secure_media]=[true]
EXECUTE sofia/internal/0631000002 at sip.evolutiontel.net
export(sip_crypto_mandatory=true)
2009-05-22 13:23:40 [DEBUG] mod_dptools.c:886 export_function() EXPORT
[sip_crypto_mandatory]=[true]
EXECUTE sofia/internal/0631000002 at sip.evolutiontel.net
bridge({sip_from_uri=sip:0631000002 at sip.evolutiontel.net}sofia/sip.evolutiontel.net/0631000006 at 192.168.0.3^103 at sip.evolutiontel.net)
2009-05-22 13:23:40 [DEBUG] switch_ivr_originate.c:1082
switch_ivr_originate() variable string 0 =
[sip_from_uri=sip:0631000002 at sip.evolutiontel.net]
2009-05-22 13:23:40 [NOTICE] switch_channel.c:602
switch_channel_set_name() New Channel
sofia/internal/0631000006 at 192.168.0.3
[b0e7a29c-b154-4b9c-b851-4d987669571f]
2009-05-22 13:23:40 [DEBUG] mod_sofia.c:2659 sofia_outgoing_channel()
(sofia/internal/0631000006 at 192.168.0.3) State Change CS_NEW -> CS_INIT
2009-05-22 13:23:40 [DEBUG] switch_core_session.c:933
switch_core_session_signal_state_change() Send signal
sofia/internal/0631000006 at 192.168.0.3 [BREAK]
2009-05-22 13:23:40 [NOTICE] switch_core_session.c:1085
switch_core_session_thread() Session 225
(sofia/internal/0631000006 at 192.168.0.3) Ended
2009-05-22 13:23:40 [NOTICE] switch_core_session.c:1087
switch_core_session_thread() Close Channel
sofia/internal/0631000006 at 192.168.0.3 [CS_DESTROY]
2009-05-22 13:23:40 [DEBUG] switch_core_state_machine.c:559
switch_core_session_destroy_state()
(sofia/internal/0631000006 at 192.168.0.3) State DESTROY
2009-05-22 13:23:40 [DEBUG] mod_sofia.c:240 sofia_on_destroy()
sofia/internal/0631000006 at 192.168.0.3 SOFIA DESTROY
2009-05-22 13:23:40 [DEBUG] switch_core_state_machine.c:60
switch_core_standard_on_destroy()
sofia/internal/0631000006 at 192.168.0.3 Standard DESTROY
2009-05-22 13:23:40 [DEBUG] switch_core_state_machine.c:559
switch_core_session_destroy_state()
(sofia/internal/0631000006 at 192.168.0.3) State DESTROY going to sleep
2009-05-22 13:23:40 [DEBUG] switch_core_state_machine.c:397
switch_core_session_run() (sofia/internal/0631000006 at 192.168.0.3)
Running State Change CS_INIT
2009-05-22 13:23:40 [DEBUG] switch_core_state_machine.c:480
switch_core_session_run() (sofia/internal/0631000006 at 192.168.0.3)
State INIT
2009-05-22 13:23:40 [DEBUG] mod_sofia.c:83 sofia_on_init()
sofia/internal/0631000006 at 192.168.0.3 SOFIA INIT
2009-05-22 13:23:40 [DEBUG] sofia_glue.c:1972
sofia_glue_build_crypto() Set Local Key [1 AES_CM_128_HMAC_SHA1_32
inline:0mENEM7ab0d6DtmcCMgDmbHXlYIHpdXdLnVCtFYX]
2009-05-22 13:23:40 [DEBUG] mod_sofia.c:111 sofia_on_init()
(sofia/internal/0631000006 at 192.168.0.3) State Change CS_INIT ->
CS_ROUTING
2009-05-22 13:23:40 [DEBUG] switch_core_session.c:933
switch_core_session_signal_state_change() Send signal
sofia/internal/0631000006 at 192.168.0.3 [BREAK]
2009-05-22 13:23:40 [DEBUG] sofia.c:2911 sofia_handle_sip_i_state()
Channel sofia/internal/0631000006 at 192.168.0.3 entering state
[calling][0]
2009-05-22 13:23:40 [DEBUG] switch_core_state_machine.c:480
switch_core_session_run() (sofia/internal/0631000006 at 192.168.0.3)
State INIT going to sleep
2009-05-22 13:23:40 [DEBUG] switch_core_state_machine.c:397
switch_core_session_run() (sofia/internal/0631000006 at 192.168.0.3)
Running State Change CS_ROUTING
2009-05-22 13:23:40 [DEBUG] switch_core_state_machine.c:483
switch_core_session_run() (sofia/internal/0631000006 at 192.168.0.3)
State ROUTING
2009-05-22 13:23:40 [DEBUG] mod_sofia.c:130 sofia_on_routing()
sofia/internal/0631000006 at 192.168.0.3 SOFIA ROUTING
2009-05-22 13:23:40 [DEBUG] switch_ivr_originate.c:63
originate_on_routing() (sofia/internal/0631000006 at 192.168.0.3) State
Change CS_ROUTING -> CS_CONSUME_MEDIA
2009-05-22 13:23:40 [DEBUG] switch_core_session.c:933
switch_core_session_signal_state_change() Send signal
sofia/internal/0631000006 at 192.168.0.3 [BREAK]
2009-05-22 13:23:40 [DEBUG] switch_core_state_machine.c:483
switch_core_session_run() (sofia/internal/0631000006 at 192.168.0.3)
State ROUTING going to sleep
2009-05-22 13:23:40 [DEBUG] switch_core_state_machine.c:397
switch_core_session_run() (sofia/internal/0631000006 at 192.168.0.3)
Running State Change CS_CONSUME_MEDIA
2009-05-22 13:23:40 [DEBUG] switch_core_state_machine.c:502
switch_core_session_run() (sofia/internal/0631000006 at 192.168.0.3)
State CONSUME_MEDIA
2009-05-22 13:23:40 [DEBUG] switch_core_state_machine.c:502
switch_core_session_run() (sofia/internal/0631000006 at 192.168.0.3)
State CONSUME_MEDIA going to sleep
2009-05-22 13:23:40 [DEBUG] sofia.c:2911 sofia_handle_sip_i_state()
Channel sofia/internal/0631000006 at 192.168.0.3 entering state
[terminated][415]


If I swap and A leg is set to have SRTP and B party does not it will
be setup with only the A leg having SRTP and the B leg being normal
RTP.

Let me know if you need any further info, or if this is a fault and
will need a jira ticket opened.

FreeSWITCH Version 1.0.trunk (13232)

Thanks,
Jim

More information about the FreeSWITCH-users mailing list