sr-dev April 2024

sr-dev@lists.kamailio.org

12 participants
251 discussions

git:master:b0d16caf: kex: expose access to pkg stats

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: b0d16cafcfee44a8564e251c7a725324b25a1ff4 URL: https://github.com/kamailio/kamailio/commit/b0d16cafcfee44a8564e251c7a72532… Author: Ovidiu Sas <osas(a)voipembedded.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2024-04-04T13:00:14+02:00 kex: expose access to pkg stats --- Added: src/modules/kex/api.c Added: src/modules/kex/api.h Modified: src/modules/kex/kex_mod.c Modified: src/modules/kex/pkg_stats.c Modified: src/modules/kex/pkg_stats.h --- Diff: https://github.com/kamailio/kamailio/commit/b0d16cafcfee44a8564e251c7a72532… Patch: https://github.com/kamailio/kamailio/commit/b0d16cafcfee44a8564e251c7a72532…

7 months

[kamailio/kamailio] ndb_redis: docs - refine docs regarding client certificates (PR #3804)

by Jannik

#### Pre-Submission Checklist    - [x] Commit message has the format required by CONTRIBUTING guide - [x] Commits are split per component (core, individual modules, libs, utils, ...) - [x] Each component has a single commit (if not, squash them into one commit) - [x] No commits to README files for modules (changes must be done to docbook files in `doc/` subfolder, the README file is autogenerated) #### Type Of Change - [x] Small bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds new functionality) - [ ] Breaking change (fix or feature that would change existing functionality) #### Checklist:  - [ ] PR should be backported to stable branches - [x] Tested changes locally - [ ] Related to issue #XXXX (replace XXXX with an open issue number) #### Description The created ssl context in the `db_redis` and `ndb_redis` modules does not use client certificates [1], [2] which is against the default in current Redis configurations [3]. The used Redis server therefore needs to be configured to not use tls-auth-clients [3]. Without setting this configuration in Redis, no TLS connection to the Redis server can be established, since Redis will not accept unsigned/not-validated client certificates. There is also a small typo in "ac_path" in both docs which was fixed to "ca_path", added with some more specification to _which_ certificate is validated. [1]: https://github.com/kamailio/kamailio/blob/8047c958b42ea5af2e8f9ede0152f892a… [2]: https://github.com/kamailio/kamailio/blob/8047c958b42ea5af2e8f9ede0152f892a… [3]: https://redis.io/docs/management/security/encryption/#client-certificate-au… You can view, comment on, or merge this pull request online at: https://github.com/kamailio/kamailio/pull/3804 -- Commit Summary -- * db_redis: docs - refine docs regarding client certificates [skip ci] * ndb_redis: docs - refine docs regarding client certificates [skip ci] -- File Changes -- M src/modules/db_redis/doc/db_redis_admin.xml (10) M src/modules/ndb_redis/doc/ndb_redis_admin.xml (10) -- Patch Links -- https://github.com/kamailio/kamailio/pull/3804.patch https://github.com/kamailio/kamailio/pull/3804.diff -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/3804 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/pull/3804(a)github.com>

7 months

git:master:6faa1806: ndb_redis: docs - refine docs regarding client certificates [skip ci]

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: 6faa180661e799187eff3a498f8b13e96719fa92 URL: https://github.com/kamailio/kamailio/commit/6faa180661e799187eff3a498f8b13e… Author: Jannik Volkland <volkland(a)sipgate.de> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2024-04-04T12:55:38+02:00 ndb_redis: docs - refine docs regarding client certificates [skip ci] The created ssl context does not use client certificates [1,2] which is against the default in current Redis configurations [3]. The used Redis server therefore needs to be configured to not use tls-auth-clients [3]. There is also a small typo in "ac_path" which was fixed to "ca_path". [1]: https://github.com/kamailio/kamailio/blob/8047c958b42ea5af2e8f9ede0152f892a… [2]: https://github.com/kamailio/kamailio/blob/8047c958b42ea5af2e8f9ede0152f892a… [3]: https://redis.io/docs/management/security/encryption/#client-certificate-au… --- Modified: src/modules/ndb_redis/doc/ndb_redis_admin.xml --- Diff: https://github.com/kamailio/kamailio/commit/6faa180661e799187eff3a498f8b13e… Patch: https://github.com/kamailio/kamailio/commit/6faa180661e799187eff3a498f8b13e… --- diff --git a/src/modules/ndb_redis/doc/ndb_redis_admin.xml b/src/modules/ndb_redis/doc/ndb_redis_admin.xml index 74d35c75cc9..024b01315ac 100644 --- a/src/modules/ndb_redis/doc/ndb_redis_admin.xml +++ b/src/modules/ndb_redis/doc/ndb_redis_admin.xml @@ -75,6 +75,12 @@ many REDIS servers, just give different attributes and use the specific server name when querying the REDIS instance. </para> + <para> + If tls is enabled, the module will validate the REDIS server certificate against the + ca_path. There is currently no way to connect with a specified client certificate, the + <ulink url="https://redis.io/docs/management/security/encryption/#client-certificate-au…">corresponding configuration</ulink> + to check client certificates in the REDIS server must therefore be turned off. + </para> <para> <emphasis> Default value is NULL. @@ -330,9 +336,9 @@ modparam("ndb_redis", "debug", 1) </example> </section> <section id="ndb_redis.p.ca_path"> - <title><varname>ac_path</varname> (string)</title> + <title><varname>ca_path</varname> (string)</title> <para> - Sets the path where Certificates Authorities certs are stored. + Sets the path where Certificates Authorities certs for the REDIS server certificate are stored. </para> <para> Default value: "" (empty).

7 months

git:master:40a50243: db_redis: docs - refine docs regarding client certificates [skip ci]

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: 40a50243f0bae782b7acd97cf0a9b1138185068b URL: https://github.com/kamailio/kamailio/commit/40a50243f0bae782b7acd97cf0a9b11… Author: Jannik Volkland <volkland(a)sipgate.de> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2024-04-04T12:55:38+02:00 db_redis: docs - refine docs regarding client certificates [skip ci] The created ssl context does not use client certificates [1,2] which is against the default in current Redis configurations [3]. The used Redis server therefore needs to be configured to not use tls-auth-clients [3]. There is also a small typo in "ac_path" which was fixed to "ca_path". [1]: https://github.com/kamailio/kamailio/blob/8047c958b42ea5af2e8f9ede0152f892a… [2]: https://github.com/kamailio/kamailio/blob/8047c958b42ea5af2e8f9ede0152f892a… [3]: https://redis.io/docs/management/security/encryption/#client-certificate-au… --- Modified: src/modules/db_redis/doc/db_redis_admin.xml --- Diff: https://github.com/kamailio/kamailio/commit/40a50243f0bae782b7acd97cf0a9b11… Patch: https://github.com/kamailio/kamailio/commit/40a50243f0bae782b7acd97cf0a9b11… --- diff --git a/src/modules/db_redis/doc/db_redis_admin.xml b/src/modules/db_redis/doc/db_redis_admin.xml index a7e7c3bb3a9..15ed0ca61e2 100644 --- a/src/modules/db_redis/doc/db_redis_admin.xml +++ b/src/modules/db_redis/doc/db_redis_admin.xml @@ -224,6 +224,12 @@ modparam("db_redis", "verbosity", 0) Controls TLS usage while connecting to a remote DB. If set to 1, TLS is used to connect to the DB. </para> + <para> + If TLS is enabled, the module will validate the Redis server certificate against the + ca_path. There is currently no way to connect with a specified client certificate, the + <ulink url="https://redis.io/docs/management/security/encryption/#client-certificate-au…">corresponding configuration</ulink> + to check client certificates in the Redis server must therefore be turned off. + </para> <para> Default value: 0. </para> @@ -256,9 +262,9 @@ modparam("db_redis", "db_pass", "r3d1sPass") </section> <section id="db_redis.p.ca_path"> - <title><varname>ac_path</varname> (string)</title> + <title><varname>ca_path</varname> (string)</title> <para> - Sets the path where Certificates Authorities certs are stored. + Sets the path where Certificates Authorities certs for the Redis server certificate are stored. </para> <para> Default value: "" (empty).

7 months

git:master:eb8027f9: sdpops: added $sdp(m0:b:AS), $sdp(m0:b:RR) and $sdp(m0:b:RS)

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: eb8027f9292d46d70583168b76589fa55ccccb07 URL: https://github.com/kamailio/kamailio/commit/eb8027f9292d46d70583168b76589fa… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2024-04-04T12:16:24+02:00 sdpops: added $sdp(m0:b:AS), $sdp(m0:b:RR) and $sdp(m0:b:RS) - return string values for b=AS:.., b=RR:.., b=RS:.. --- Modified: src/modules/sdpops/sdpops_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/eb8027f9292d46d70583168b76589fa… Patch: https://github.com/kamailio/kamailio/commit/eb8027f9292d46d70583168b76589fa…

7 months

git:master:8047c958: sdpops: aliased $sdp(raw) to $sdp(body)

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: 8047c958b42ea5af2e8f9ede0152f892ac0eea3a URL: https://github.com/kamailio/kamailio/commit/8047c958b42ea5af2e8f9ede0152f89… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2024-04-03T20:16:21+02:00 sdpops: aliased $sdp(raw) to $sdp(body) --- Modified: src/modules/sdpops/sdpops_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/8047c958b42ea5af2e8f9ede0152f89… Patch: https://github.com/kamailio/kamailio/commit/8047c958b42ea5af2e8f9ede0152f89… --- diff --git a/src/modules/sdpops/sdpops_mod.c b/src/modules/sdpops/sdpops_mod.c index b443d1f84ac..96d0bd202b8 100644 --- a/src/modules/sdpops/sdpops_mod.c +++ b/src/modules/sdpops/sdpops_mod.c @@ -2259,6 +2259,12 @@ static int pv_parse_sdp_name(pv_spec_p sp, str *in) return -1; switch(in->len) { + case 3: + if(strncmp(in->s, "raw", 3) == 0) + sp->pvp.pvn.u.isname.name.n = 0; + else + goto error; + break; case 4: if(strncmp(in->s, "body", 4) == 0) sp->pvp.pvn.u.isname.name.n = 0;

7 months

git:master:3e73dbc6: sdpops: added $sdp(m0:raw) - get all lines of the first m= stream

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: 3e73dbc6b69c8e26f276690bb6aa1e6db380510e URL: https://github.com/kamailio/kamailio/commit/3e73dbc6b69c8e26f276690bb6aa1e6… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2024-04-03T19:19:27+02:00 sdpops: added $sdp(m0:raw) - get all lines of the first m= stream --- Modified: src/modules/sdpops/sdpops_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/3e73dbc6b69c8e26f276690bb6aa1e6… Patch: https://github.com/kamailio/kamailio/commit/3e73dbc6b69c8e26f276690bb6aa1e6… --- diff --git a/src/modules/sdpops/sdpops_mod.c b/src/modules/sdpops/sdpops_mod.c index b7ee2482616..b443d1f84ac 100644 --- a/src/modules/sdpops/sdpops_mod.c +++ b/src/modules/sdpops/sdpops_mod.c @@ -2201,6 +2201,21 @@ static int pv_get_sdp(sip_msg_t *msg, pv_param_t *param, pv_value_t *res) } } } + case 7: + /* m0:raw - all (raw) lines for m0 stream */ + if(sdp->sessions == NULL) { + return pv_get_null(msg, param, res); + } + if(sdp->sessions->streams == NULL) { + return pv_get_null(msg, param, res); + } + if(sdp->sessions->streams->raw_stream.s != NULL + && sdp->sessions->streams->raw_stream.len > 0) { + return pv_get_strval( + msg, param, res, &sdp->sessions->streams->raw_stream); + } + return pv_get_null(msg, param, res); + break; default: return pv_get_null(msg, param, res); @@ -2256,6 +2271,12 @@ static int pv_parse_sdp_name(pv_spec_p sp, str *in) else goto error; break; + case 6: + if(strncmp(in->s, "m0:raw", 6) == 0) + sp->pvp.pvn.u.isname.name.n = 7; + else + goto error; + break; case 11: if(strncmp(in->s, "m0:rtp:port", 11) == 0) sp->pvp.pvn.u.isname.name.n = 4;

7 months

git:master:ed60be16: pv: transformation to escape/unescape cr lf

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: ed60be162918fc1791ee6425f664eb2f76b9475e URL: https://github.com/kamailio/kamailio/commit/ed60be162918fc1791ee6425f664eb2… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2024-04-03T18:52:58+02:00 pv: transformation to escape/unescape cr lf - {s.escape.crlf}, {s.unescape.crlf} --- Modified: src/modules/pv/pv_trans.c Modified: src/modules/pv/pv_trans.h --- Diff: https://github.com/kamailio/kamailio/commit/ed60be162918fc1791ee6425f664eb2… Patch: https://github.com/kamailio/kamailio/commit/ed60be162918fc1791ee6425f664eb2… --- diff --git a/src/modules/pv/pv_trans.c b/src/modules/pv/pv_trans.c index 0cc6f8f2e2c..a3ce0f0ace3 100644 --- a/src/modules/pv/pv_trans.c +++ b/src/modules/pv/pv_trans.c @@ -566,6 +566,32 @@ int tr_eval_string( val->rs.s = _tr_buffer; val->rs.len = i; break; + case TR_S_ESCAPECRLF: + if(!(val->flags & PV_VAL_STR)) + val->rs.s = int2str(val->ri, &val->rs.len); + if(val->rs.len > TR_BUFFER_SIZE / 2 - 1) + return -1; + st.s = _tr_buffer; + st.len = TR_BUFFER_SIZE; + if(escape_crlf(&val->rs, &st)) + return -1; + memset(val, 0, sizeof(pv_value_t)); + val->flags = PV_VAL_STR; + val->rs = st; + break; + case TR_S_UNESCAPECRLF: + if(!(val->flags & PV_VAL_STR)) + val->rs.s = int2str(val->ri, &val->rs.len); + if(val->rs.len > TR_BUFFER_SIZE - 1) + return -1; + st.s = _tr_buffer; + st.len = TR_BUFFER_SIZE; + if(unescape_crlf(&val->rs, &st)) + return -1; + memset(val, 0, sizeof(pv_value_t)); + val->flags = PV_VAL_STR; + val->rs = st; + break; case TR_S_ESCAPEUSER: if(!(val->flags & PV_VAL_STR)) val->rs.s = int2str(val->ri, &val->rs.len); @@ -2768,6 +2794,12 @@ char *tr_parse_string(str *in, trans_t *t) && strncasecmp(name.s, "unescape.common", 15) == 0) { t->subtype = TR_S_UNESCAPECOMMON; goto done; + } else if(name.len == 11 && strncasecmp(name.s, "escape.crlf", 11) == 0) { + t->subtype = TR_S_ESCAPECRLF; + goto done; + } else if(name.len == 13 && strncasecmp(name.s, "unescape.crlf", 13) == 0) { + t->subtype = TR_S_UNESCAPECRLF; + goto done; } else if(name.len == 11 && strncasecmp(name.s, "escape.user", 11) == 0) { t->subtype = TR_S_ESCAPEUSER; goto done; diff --git a/src/modules/pv/pv_trans.h b/src/modules/pv/pv_trans.h index 827f74feb49..662d5a2b578 100644 --- a/src/modules/pv/pv_trans.h +++ b/src/modules/pv/pv_trans.h @@ -60,6 +60,8 @@ enum _tr_s_subtype TR_S_DECODEBASE64, TR_S_ESCAPECOMMON, TR_S_UNESCAPECOMMON, + TR_S_ESCAPECRLF, + TR_S_UNESCAPECRLF, TR_S_ESCAPEUSER, TR_S_UNESCAPEUSER, TR_S_ESCAPEPARAM,

7 months

git:master:6992c9ee: core: helper functions to escape/unescape cr lf

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: 6992c9eedeabd931fc255e5c1e992b0cfb01dbca URL: https://github.com/kamailio/kamailio/commit/6992c9eedeabd931fc255e5c1e992b0… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2024-04-03T18:48:29+02:00 core: helper functions to escape/unescape cr lf --- Modified: src/core/strutils.c Modified: src/core/strutils.h --- Diff: https://github.com/kamailio/kamailio/commit/6992c9eedeabd931fc255e5c1e992b0… Patch: https://github.com/kamailio/kamailio/commit/6992c9eedeabd931fc255e5c1e992b0… --- diff --git a/src/core/strutils.c b/src/core/strutils.c index 73e713cb451..475150dc0f7 100644 --- a/src/core/strutils.c +++ b/src/core/strutils.c @@ -109,6 +109,68 @@ int unescape_common(char *dst, char *src, int src_len) return j; } +/*! \brief + * add backslashes for CR LF + */ +int escape_crlf(str *sin, str *sout) +{ + int i, j; + + if(sout == 0 || sin == 0 || sin->len <= 0) + return -1; + j = 0; + for(i = 0; i < sin->len; i++) { + switch(sin->s[i]) { + case '\n': + sout->s[j++] = '\\'; + sout->s[j++] = 'n'; + break; + case '\r': + sout->s[j++] = '\\'; + sout->s[j++] = 'r'; + break; + default: + sout->s[j++] = sin->s[i]; + } + } + sout->len = j; + return 0; +} + +/*! \brief + * remove backslashes for CR LF + */ +int unescape_crlf(str *sin, str *sout) +{ + int i, j; + + if(sout == 0 || sin == 0 || sin->len <= 0) + return -1; + j = 0; + i = 0; + while(i < sin->len) { + if(sin->s[i] == '\\' && i + 1 < sin->len) { + switch(sin->s[i + 1]) { + case 'n': + sout->s[j++] = '\n'; + i++; + break; + case 'r': + sout->s[j++] = '\r'; + i++; + break; + default: + sout->s[j++] = sin->s[i]; + } + } else { + sout->s[j++] = sin->s[i]; + } + i++; + } + sout->len = j; + return 0; +} + /*! \brief Unscape all printable ASCII characters */ int unescape_user(str *sin, str *sout) { diff --git a/src/core/strutils.h b/src/core/strutils.h index b32e610512c..5781943dacb 100644 --- a/src/core/strutils.h +++ b/src/core/strutils.h @@ -56,6 +56,8 @@ int escape_common(char *dst, char *src, int src_len); /* remove backslashes to special characters */ int unescape_common(char *dst, char *src, int src_len); +int escape_crlf(str *sin, str *sout); +int unescape_crlf(str *sin, str *sout); int escape_user(str *sin, str *sout); int unescape_user(str *sin, str *sout); int escape_param(str *sin, str *sout);

7 months

git:master:ec7f3a21: sdops: typo fixed for $sdp(m0:rtcp:port)

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: ec7f3a2173c1de220afd5b4776d92c98bb901630 URL: https://github.com/kamailio/kamailio/commit/ec7f3a2173c1de220afd5b4776d92c9… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2024-04-03T17:02:14+02:00 sdops: typo fixed for $sdp(m0:rtcp:port) --- Modified: src/modules/sdpops/sdpops_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/ec7f3a2173c1de220afd5b4776d92c9… Patch: https://github.com/kamailio/kamailio/commit/ec7f3a2173c1de220afd5b4776d92c9… --- diff --git a/src/modules/sdpops/sdpops_mod.c b/src/modules/sdpops/sdpops_mod.c index 644ded5b064..b7ee2482616 100644 --- a/src/modules/sdpops/sdpops_mod.c +++ b/src/modules/sdpops/sdpops_mod.c @@ -2265,7 +2265,7 @@ static int pv_parse_sdp_name(pv_spec_p sp, str *in) case 12: if(strncmp(in->s, "sess_version", 12) == 0) sp->pvp.pvn.u.isname.name.n = 1; - else if(strncmp(in->s, "m0:rctp:port", 12) == 0) + else if(strncmp(in->s, "m0:rtcp:port", 12) == 0) sp->pvp.pvn.u.isname.name.n = 5; else goto error;

7 months

← Newer
1
...
19
20
21
22
23
24
25
26
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev April 2024