******************************************************************************* IRC MEETING LOG: MAY 16, 2013 at #Kamailio on irc.freenode.org ******************************************************************************* *** #Kamailio was created on Wednesday 2008/07/30 03:46:08 PM ***************** MEETING STARTS ***************************************** hi everyone! preparing to start in 1-2 min, to allow some people getting in... :-) :-) [16:01] meanwhile, check the agenda: https://www.kamailio.org/wiki/devel/irc-meetings/2013a and add there or propose here if you have something new to discuss ok … so I guess we can start now first one - any critical issue with the latest stable series? (I will try to follow the topics from the wiki, with the last one being the roadmap to next major release v4.1.0) [16:04] we did a minor release 4.0.1 recently, from that moment not many changes, iirc perhaps we will do 4.0.2 after few more weeks any comments? or I am disconnected :-) [16:06] No comments from me non lurking I'm here! - I've just added a possible feature to the agenda no need to reply everytime for no comments, I was just probing for this one... [16:07] hughw: ok hughw: nice one ok, so moving to next [16:08] compile time enabled features from core to be moved as module sctp is the one left from the list of stun and dnssec any other you are aware of? I don't know of anything else. Neither do I ************** COMPILE-TIME OPTIONS VS CONFIGURATION FILE OPTIONS ************* Are there any compile-time options that should be configuration file options? [16:10] regarding sctp: i looked a bit at, I thought would be easy to make an api just for the functions related to libsctp There's some old flags for TLS and IPv6 in the build system, but I think the meaning got lost years ago... but it is not that simple I will try another approach moving all as module, including the core parameters for sctp and make an api for the core as oposite of an api for sctp options set via libsctp [16:11] IPv6 can still be disabled at compile time Yes, but I realize it's not depending on external libx libs oej: perhaps removal of old flags and consideration over whether any should be runtime in configuration file should be done during any code re-structuring? Presumably the Makefiles will need a lot of changing then anyway? [16:12] but making it a runtime option might not be useful (we need to force people use ipv6, so we compile it by default, if they don't want ipv6, they need to work a bit) ************************* TLS COMPILE SETTINGS ****************************** for TLS, I don't have proper knowledge at this moment [16:13] have to check the makefiles, but iirc, Andrei let an option to link the tls module statically to the core might be that one ... I don't know if all the TLS flags are valid since we made it a module. Is it possible to compile TLS without the module? [16:14] afaik, there is no tls code in the core but core may be able to link the files from the module when this core-tls option is enabled [16:15] Well, as I said in a private conversation, I think it's time for some TLS work later. :-) Mainly, I want to be able to verify the connection properties on outbound TLS connections BEFORE we send the first message. If I'm not happy with the cert I should be able to close connection and fail. [16:16] Didn't you promise me a beer for something related to that ;-) I think I already owe you a few beers, so let's add one for that... guess beer will come if this will be added … now waiting for the commit notification We need beer-bountys. [16:17] I just suggested how it might be done. oej said he had an idea as to who might do it... oej: yes, some work to refresh a bit tls options and flexibility won't harm at all ***************** OPENSSL VS GNUTLS ISSUE ********************************** BTW: can you remember me what is the problem about openssl vs gnutls The difference is that OpenSSL is poorly documented. And so is gnuTLS too… [16:18] Not much of a difference ;-) linuxmaniac: implementation, Andrei Pelinescu-Onciul went with openssl back in 2004 or so but if someone wants to do a gnutls alternative, it is ok [16:19] might be easier now as it is just a module, thus it needs to implement an interface OpenSSL licensing has issues with GNU GPL if I remember correctly. But GNUtls had more issues with Tekelec commercial side I guess. Are all parts that use TLS using the module? [16:20] What if LDAP or Postgres use TLS? There are other modules that use OpenSSL too. in the past it was in the core, an alternative would have been a bigger problem so maybe we can create a gnutls module? That could lead to SSL initialization issues. Kevin solved that with a libwrapper in Asterisk. no, each module links by its own outbound, websocket, and stun all link to it to make use of some of the encryption and hashing functions. Not going to be easy to use OpenSSL or GnuTLS and still have all the features available in both. [16:21] So each module initialize. As long as they are in different processes I don't think that's a problem. But if a core process use SIP/TLS and PGSql with TLS we're in trouble. oej: not sure tekelec ever used tls, such transport layer hasn't penetrated carriers :-) Used to be that you had to link core with OpenSSL for STUN. Shouldn't need to at all now that STUN is in its own module. Well, we have no bug reports on OpenSSL init problems, so let's let that sleep. [16:22] linuxmaniac: What would be then benefit of GNUtls? oej: there were some problems in the past Ok, waking up. we (I :-) ) solved it somehow need to check the logs oej: be able to package a kamailio-tls for debian :-P [16:23] In Asterisk we had problems with 3rd party libraries using OpenSSL at the same time as the core process. i think we initialize tls first time, via mod_register() linuxmaniac: Sorry, haven't followed that thread. Why is it not possible today? then the rest of the modules linuxmaniac, oej: and package outbound, websocket, and stun for Debian too pdunkley: sure [16:24] We should make the interfaces that these modules use available through the TLS module. oej: it's a bit of a heavy-weight solution putting interfaces into TLS. These other modules just use a couple of hashing and encryption functions. [16:25] Like? [16:26] Especially if you want to make those interfaces generic enough that other libraries could be used. You'll end up with all sorts of extra data copying and munging to get it to fit. in short: gpl claims openssl license is not compatible, and needs an exception from developers Just stuff like HMAC-SHA1 [16:27] what is not clear for me: the exception must be given by all developers of kamailio, or just by developers of modules linking to openssl Yes, we did that in Asterisk. I belive those modules are part of deb packages Literally a few single function calls without any related state in OpenSSL. if only developers of the modules, then should be easy at least pdunkley can do it for its modules I think it just has to be in the project docs I've never given a personal statement in regards of this in Asterisk. [16:28] http://lists.debian.org/debian-legal/2004/05/msg00595.html It's in our LICENSE file for Asterisk [16:29] "Specific permission is also granted to link Asterisk with OpenSSL, OpenH323 and/or the UW IMAP Toolkit and distribute the resulting binary files." I have to ask for advice on debian-legal [16:30] if a module or library is under GPL everything which links to it should be GPL. I think we just have to mail sr-dev and ask if any of the developers object to adding a text like this (or the one in the mail) to our LICENSE that is why they invented LGPL I mean GPL or GPL compatible in should be GPL. [16:31] oej: we can tr that The mail you linked to is very clear, I don't think we have to ask. We just ask everyone on sr-dev if it's ok, add a LICENSE.OpenSSL to the git repo and the tar.gz files this mail is from 2004 I suggest we make a decision here to move forward with this process. [16:32] Yes, but we also have Asterisk that did this and is accepted by Debian. oej: ok Given that many other modules link to lots of other libraries are there other examples of this that should be handled at the same time? Have we done a license review lately? [16:33] There was a library I asked about a number of times on the list, but got no answer. I don't remember what it was now. Libunistring should be no problem. There was a change in memcache [16:34] Chairman: Just thinking that, instead of asking on the list about OpenSSL, there should be one email covering all module/license related issues. Get it sorted in one go. The only one we are aware of is OpenSSL yes, memcache is using a different lib now, from what I could understand from Henning's commits There's a number of recent modules doing json and other things too. ok .. so we can discuss on sr-dev what to do review and ask devs Let's try to make a wiki page with all third party libraries and their licenses and package names in centos and debian [16:36] oej: yes, we should do that If I understand right we have two proposals: 1. Start a process of adding an OpenSSL exception to our LICENSE [16:37] 2. Create a wiki page to list all possible 3rd party library dependencies - name, URL, license and various package names DId I forget anything proposed? As part of 2 make sure there are no other exceptions needed in LICENSE [16:38] Right! Or accidents that may not be compatible with our GNU license. 3. Create a mechanism to appropriately chastise developers who add/change 3rd party library dependencies and don't update the wiki [16:39] Have them buy a round of beer at next dev meeting. I would suggest :-) ok … next topic? 3. Add a process for reviewing license of 3rd party libraries BEFORE you start using it in a module. That'll really cramp my hacking at 2am style of working ;-) [16:40] Oh, I'm sure that there are other developers awake in some weird time zone, like Texas. ******* TM MODULE - FAILURE ROUTES ON DELIVERY ERRORS ************************* ok -- on to: t.m module failure routes on delivery errors [16:41] practically, related to tcp/tls when connection does not exists and cannot be created now t_relay() returns error some people want to trigger failure route yes, it would greatly simplify cinfig [16:42] especially the new one added by hughw - branch failure route yes, at this point that would be most important to me bits to clarify: 1) should t_relay() return true in this case? [16:43] Although, if all the branches fail in that way presumably you'd need failure_route to trigger as well? 2) what return code should be generated? Is this also where Kamailio use some non-standard SIP response codes? [16:44] i would say that return code is 408 we patch the standard, if needed :-) To add to the soup If a request is parallel forked, but only one of the branches fails to make a connection, the entire t_relay() call is still a success. What kind of response codes should T_relay give when we connect and can't accept a TLS certificate? We propably need to overhaul or add a more detailed response code in addition to the return value. [16:45] if some parallel branch succeeds then t_relay() succeeds too. Right. So a code we can read in branch_failure_route. [16:46] jh__: usually t_relay() does not wait for branch completion hello if udp destination is unreacheble 408 is returned after a while. in case of tco 408 should be returned immediately in case of wrong tls cert, i guess some other response code should be invented unless there is a standard one (perhaps not acceptable here) [16:48] 488 relates to SDP. Probably going to cause problems if it is reused for other things like TLS. That's a 408, but a different one. We need to add warning codes 408a?!? [16:49] Warning/reason headers something. Like the 488 has a reason for IPv6 perhaps we can make a mod param for it ... Create a Kamailio class of responses 7xx :-) Just make sure none of them leak out to the real world. I would suggest reason codes 9xx :-) [16:50] 7xx was reserved for geoloc stuff a while ago 7xx is taken by siemens, iirc What a bunch of hackers new class for local codes is ok if they don't leak which can be prevented in config ohh, its quite crowded in 7xx room :-) the idea from oej might be good [16:51] a pv that gives independent codes that can be used for config logic http://www.iana.org/assignments/sip-parameters/sip-parameters.xml#sip-parameters-5 These are additional information to response codes There are no for TLS, but there should be yes, for tls failure there definitely should be an ietf assigned code [16:52] There are 380 and 381 for SIPS, but nothing for TLS errors I've discussed that at a number of SIPits but it boils down to "so go write a draft". I have a number of drafts waiting to be written. [16:53] Anyhow, I think this is the way to go, that we have a PV for warning codes We should also be able to add them to responses I wonder why all are in the 3xx class oej: sounds resonable "A first digit of "3" [16:54] indicates warnings specific to SIP. " From RFC 3261 [16:55] once the response code is selected, is it difficult to get branch failure route triggered from t_fwr? So for really private ones, we should be able to use 9xx And don't let the slip outside. anything else for this topic? [16:57] - sip code configurable - internal warning code via pv If a failure to deliver is detected (either failed TCP or invalid TLS) we still need to send an response back to the previous hop. If a response goes through branch_failure and failure, it may be sent back to the caller. If someone creates those routes they should be presumed to know enough to catch and drop stuff that should be kept local (or convert it to something OK to send outside). [16:58] At the moment we have checks such as t_branch_timeout() and others to find out if this was locally generated. now out goes 477 which is not standard I think those private response codes needs to go and be replaced by standard + warning code. If there's not a generic warning code, use one in the 9xx class. [16:59] I might need to use that between two Kamailio's to know what's going on, but that's soemthing I will have to code. Then we can create a funciton in tmx called add_warning_code_header(code, "text") [17:00] That sounds good to me I think warning codes are cool :-) That'll be why no-one uses them. [17:01] ************ DIALOG VS DIALOG_NG ********************************************** ok -- next topic dialog vs dialog_ng not sure any of dialog_ng devs is here?!?! [17:02] if not, we can take it to sr-dev I wanted to know how far dialog_ng implemented what's on the wiki for the new dialog it's a bit confusing to have two of them, if are not compatible [17:03] agree. i would rather use a different name like ims_dialog if it is strictly built for ims moules if dialog_ng wants to be "next generation" they have to work to complete it as a full replacement. oej: yes Otherwise, let's rename it to ims_dialog and "backport" stuff to dialog if needed [17:04] but if it's to ims specific, it might be heavy to use it on casual cases... yes, let's challenge them on the mailing list :-) ************** SOURCE TREE RESTRUCTURING ************************************** ok next topic: source tree restructuring move the core code to /xmpp to hide it from new developers. [17:05] there were voices about grouping core code in a dedicated dir Sorry. Could not resist. :-) i could prefer shallow struccture, i.e.. core at root oej: even goolge is dropping xmpp :-D I think it's hard to find text docs and examples since everything is in one big messy dir +1 for core dir [17:06] I want people to read all the docs we have, make it more visible so move to /core or /src - but move all code away from / i would rather move all code in src/ with core/ lib/ modules/ and tools/ there tools being parts of utils dir now "there" being where? there being src like: src/core/... [17:07] src/modules/... +1 from Sweden (made myself Sweden's representative in the kingdom of Kamailio) src/core means more writing or clicking when moving around in tools will be what is strictly related to kamailio operations (kamctl and sercmd now) [17:08] Any other options? I like the idea of src/core Maybe a few more clicks, but it makes the tree much neater. Maybe a few more clicks, but it makes the whole tree much neater. fine, it is not a big issue to me as long as *.c files don't appear at root [17:09] it's not going to be an easy task, a lot of #includes have to be updated not to say about Makefiles from core perhaps a script could be written to automate the update with src we can probably move main makefiles in src leaving in the root dir a simple one that invokes commands in src [17:10] Should the include files in / that other modules use be moved to core/include when we're up to cleaning ? btw, I have a question regarding to list of modules and dependencies, is there any easy way to collect them instead of parsing Makefile's ? I'd like to build ncurses-based gui tool to choose a modules instead of cli eZz: not on this part of the agenda. Pls stand by [17:11] We'll discuss that later. eZz: perhaps we can add some specs for such needs let's discuss a bit later ok, thanks, will wait So where are we? [17:12] Seems like there are no objections about moving all the source to /src we have ./src/*... vs ./core and move the .[ch] files in the current root directory to /src/core Time to speak up now, fellow developers! [17:13] I like it this is related to the src tree: would there be an advantage to putting modules in their own repos and then use git submodules? but have includes in the same or separate directory? mgw: that would be awful when doing developer branches, wouldn't it. torrey: That's what I asked - is that a good idea? might make grepping the api a bit easier... [17:14] That's what I thought too. Anyone else having opinions? oej: keeping core (and lib) includes that modules use in a separate directory would be nice. The lib include files still are in their own directories [17:15] Or? Would mean that directory could be added to the include path and just use #include <---> instead of #include "../../---" Since we have to change a *lot* of include directives we might as well do this in my opinion oej: would it? I guess it might be hard to keep the submodules pinned correctly. This is where sed might come in handy... Any reg-ex experts around? mgw: There are a lot of module interdependencies sounds good, and if they ever move again, fixing will just be a makefile change +1 [17:16] And a top-level included Makefile change at that. miconda: any opinion on include files? I don't have anything against collecting in a folder but hast to be with some hierarchy inside it Ok. [17:17] like mem/ , parser/ ... So I guess we need to book an evening or time when we can have a commit war and make this happen. Or open a shared branch to play with Because things will be broken while this is going on yes, we have to plan that ... [17:18] I guess we have to start a wiki on this one as well play separately with branches to build migration tools good idea i.e., to allow time for pdunkley to learn regexps :-) Seems like we have reached a general agreement on the direction on this. We can hash details out on sr-dev [17:19] pdunkley: is already planning a holiday for the time this is happening. pdunkley: Oreilly has a great regexp book. I understood most of the first couple of chapters. Then I got lost. ok, let aim to collect some sed/perl commands that will do the most of the job [17:20] them plan a hacking day/night for it where at least some devs are available where 'some devs' mean more than 1 :-) we need pdunkley's holiday planning too. [17:21] I'm travelling a lot over the next few months, but if I am around I will join in. ok … going to next topic? Fine with me ohh .. i'm done, @pdunkley turn now OK [17:22] ************** OUTBOUND/GRUU ************************************************** Outbound/GRUU. Does any more need done? If so, does anyone want to do it? i'm happy with the current capabilities except for the missing branch failure stuff we already discussed about [17:23] oej? I'm not really up to date. I would like to "unhide" gruu's. But that's not a dependency on outbound. http://www.kamailio.org/wiki/devel/completing_outbound I never like stuff that happens like magic. If a gruu is a r-uri I want to handle that as a gruu in the config script ;-) [17:24] pdunkley: in single server mode, is there any path? I'd like to tidy up the single-server stuff so that received parameters and AVPs aren't needed (unless you want them). But it isn't something I can prioritise now. No Path: in a single server. i don't use path in single server mode But that's tidying up. What's needed to make it work (tm) oej: there is a function _is_gruu() to detect such cases That's one of the things that needs sorted to do it properly. [17:25] miconda: But how are gruu's resolved into contacts? by lookup() if(is_gruu) lookup(…) yes But the gruu's aren't visible in the location table - are they? yes they are [17:26] Worth doing a myself check at the same time as is_gruu() or you end up trying to resolve a non-local gruu. pdunkley: i'm confused about first bullet regarding registrar module at: http://www.kamailio.org/wiki/devel/completing_outbound ok. I rest my case until furhter investigation ;-) yes, ie_gruu test is done only when there is no more entries left in route set after loose_route() My thoughts were to fudge an entry into the location Path field and then make registrar spot that the Route: it was added was local and effectively loose_route() there and then. My thoughts were to fudge an entry into the location Path field and then make registrar spot that the Route: it added was local and effectively loose_route() there and then. my tests are working fine without anything extra in route header uris [17:28] if there is a path header, registrar will add it as route header but you want to be immediately visible? yes, and the path uri will point to ob proxy [17:29] registrar will set dst_uri to the first address in path jh__: but isn't this the case for single server, no ob proxy at all? in single server case, there is no path header Basically, in single server mode (using outbound instead of received parameters and AVPs) you need some way to get the flow-token into the location table. [17:30] Once that flow token is in the location table you need to use it to set $du, not the Contact: address. Although the Contact: address still becomes the R-URI after lookup(). So adding a path to token@localhost is a good call oej: yes ok, i'll give it some thoughts [17:31] But to avoid Kamailio wasting effort looping a request back to itself, you want to detect that the Route: added is indeed local, remove it, and set $du after lookup(). now we use received to keep the src address if you do that, make it configurable, since i don't like at flow tokens in the uris. as i have explained, they break gruu. might be the right place to store token@localhost received field is used only for natted devices [17:32] I use an edge proxy at the moment, so I've not had to get single-server outbound working properly. ok … so now is a bit more clear we can move to next topic ... [17:33] in my test i have two proxies where each acts are ob and registrar How does flow tokens break gruu? if contact uri changes, flow leads to dead end That's a 431 right [17:34] 430 is flow broken Right SO branch_failure can take care of that. It's basically the thread on dispatch@ietf.org . Probably best to leave the debate on there. [17:35] but since route set cannot change during the dialog, there is nothing you can do to fix the flow token ok, lets leave the topic. as i said, i'm currently fine what peter has implemented - branch failure [17:36] hughw get's the credit for that one. hughw gets the credit for that one. Next topic? [17:37] * oej gives hughw lots of credit Thanks :) Next topic! oej: hughw doesn't drink beer Oh, we can fix that too :-) ******************* MSRP ****************************************************** MSRP: http://www.kamailio.org/wiki/devel/completing_msrp [17:38] msrp Couple of things missing from the current MSRP Relay implementation MSRP replies are hop-by-hop. So if there is a failure in a relay a REPORT needs to be generated and sent back (if the SEND indicates that one is needed). [17:39] for report, might be easier not to do it by storing required info inside the cmap MSRP relays can receive infinitely large messages over TCP. A relay needs to be able to handle this. On Kamailio we wait until we've received the entire message. [17:40] is the report hop by hop as well? REPORT is end-to-end ok, so practically we need to store the headers [17:41] We need to be able to chunk large SENDs into multiple smaller ones. So we receive a huge SEND in and send lots of small ones out (that have the same message ID). Yes. until we get the reply if the reply is ok, then drop the headers I think the solution to the REPORT and the SEND chunking are related. We need some transaction state for SENDs that are bigger than the receive buffer and for ones which may need a report generated. isn't any option to tell back to use smaller chunks? [17:42] just as quick option ... This will allow the REPORT to be generated if there is no reply or if the reply is a failure one. Also allows us to add the headers to the subsequent chunks. miconda: unfortunately not. MSRP relies entirely on TCP-level flow control. ok When the the window is full stop sending, but it is still the same message. The Crocodile MSRP stack (in Javascript) does chunking itself to work around this for now, but other clients don't (as they don't have too). I've started (and stopped) work on this a few times. But never got as far as having anything remotely working (or code worth keeping). [17:44] There is some very broken stuff in a branch where I was trying to add a transaction map to the msrp module. so chunking, it has to change byte-range [17:45] I'll get back to it at some point - just wanted to see if anyone could help. anything else? or the other headers stay the same? The rest of the headers are the same. Which memory is used for caching here? my problem with this extension is lack of clients If I send a 4mb video - where does it end up before you start chunking away? Like a tour of the new Abba museum in Stockholm [17:46] If any chunk gets an error response from the next-hop then you send a failure REPORT back (if they are turned on for the SEND) and an immediate failure reply too. That should stop the sender continuing. ok … we can discuss on sr-dev when someone has time to start, just shout there [17:47] oej: Kamailio shouldn't receive the whole 4Mb file before it starts chunking. If the Kamailio TCP buffer is 16 kb then you should chunk and send out the chunks at less than 16 kb intervals so as not to overflow the buffer. i may look at report generation [17:48] Basically, you relay stuff as quickly as you can. Next? yes ******************** RTCWEB_BREAKER ******************************************* http://www.kamailio.org/wiki/devel/rtcweb_breaker This is something else I hope to start soon. But any help would be appreciated. [17:49] I think we need a simple way to connect WebRTC and non-WebRTC sessions without a B2BUA or media server. What about ICE and DTLS? RTCWebBreaker is an rtp-relay that can DE-Ice the stream if needed? [17:50] it's a breaker That's the point. It's a bit like an RTP proxy that decrypts DTLS and does ice-lite on one side and has ordinary RTP on the other. it must do transcoding rtp/savpf to whatever else [17:51] It doesn't need to change the actual content. not media transcoding Just the container for the content. It's a huge effort to get it right. Yes, but I think it is needed. At the moment you have to use media gateways that B2BUA the signalling. I would expect that in the future more and more clients will support RTP/SAVPF But you would have to do huge SDP rewrites too oej: yes [17:52] And somehow fake ICE. The side without ICE will be confused about re-invites coming You don't have to add STUN or TURN candidates yourself though. Local candidate lines and STUN pinging (send to candidates you've received and accept for local candidates) is needed. [17:53] I think it's crazy, but crazy stuff is cool. Go for it. Alternative is to keep using media servers and lose a lot of signalling. Or wait until all the clients and servers (and interconnects) already out there support RTP/SAVPF. That should happen later this century. [17:54] We don't really know how the DTLS certs will be handled But yes, this seems like an easy upgrade path. I'm just worried that you will have to build a b2bua in the end No-one does yet. how much traffic do you expect to have using RTP/SAVPF? [17:55] On the cloud system I am building that uses WebRTC... All of it. the question here (I think) is the return investment well, in that case, is it worth implementing something like this Asterisk, Freeswitch, and Doubango, all have media stacks that do the ICE-lite and RTP/SAVPF (as far as it is specified now). [17:56] it all depends how slow.fast the world wide adoption of RTP/SAVPF will go Probably slower than IPv6 adoption. iirc, I heard sipwise wanted to extend their media proxy to do some ice and more on rtp if more and more clients will support it, then it's not worth implementing it [17:57] but not sure if this is in their plans, Andreas was here earlier, but no longer now Who said IPv6? How many ITSPs are there? How long will it take even a small percentage of them to upgrade? Plus people running old or bespoke client versions. I think you should discuss with Andreas if this can be part of his project too. Why write mroe RTP proxys than we already have? [17:58] yes, it will take forever before pstn gw vendors support rtp/savpf Yup. And how transparent is the signalling through Asterisk (oej and I talked about this earlier). Well, after ten years most SIP vendors fail to understand TLS correctly. It will take some time to get DTLS and SRTP Oh, as long as Asterisk has ISDN in the core, it's gonna be messy. pdunkley: any lib that can be used for de-dtls-izing the rtp? OK. I'll talk to sipwise and update sr-dev if/when this work get's underway. we do need a more SIP-centric b2bua pbx miconda: I know that Asterisk uses an SRTP library. it might be easy to link rtpproxy for it srtp is good for nothing in terms of sucurity. zrtp would be needed, but for some reason that is not part of webrtc. DTLS is supported by OpenSSL and is just the key exchange [18:00] http://srtp.sourceforge.net then the key is used with plain SRTP People love and hate that library. it was a long discussion on ml about sipwise media proxy, where I think I read about their plans with ice because they pass the entire sdp back and forth OK. I'll get in touch with Andreas about this. or at kamailio world discussion … not sure, but somehow was in my mind we can discuss on mailing list, indeed [18:01] everyone is there ok ******************* PRESENCE ************************************************** Next presence. Nothing's changes since last time, but just wanted to see if there is anything on the list classed as urgent? I may look at xcap-diff [18:02] external refererences to external servers would be nice to have supported http://www.kamailio.org/wiki/devel/completing_presence at some point :-), hopefully soon [ the rtpproxy-ng dev page on the wiki has the previous enhancements listed ] http://www.kamailio.org/wiki/devel/rtpproxy-ng jh__: think that becomes easier when you have a proper XCAP client and server working. Again, not something I can spend a lot of time on now, but I'd love to get Kamailio presence and XCAP working with Blink. [18:03] how about notifiers. is postgre still needed or can mysql support it too? [18:04] It seems to be the most complete presence client now. There was some MySQL work done recently. Don't know if it complete though. oej? pdunkley: not a trusted source, though i have tested blink and found several bugs in its presence implementation [18:05] miconda: but there isn't a huge choice out there. Unless someone here is writing a client. i'm still waiting comments on my latest show stopper bug when testing with k Kamailio bug or Blink bug? We did add transactions to Mysql. I need to check the second part, but I remember seeing code. [18:06] unfortunately i have not found any working presence/xcap client yet jh__: any bug in presence modules of k, or just missing features? All presence implementations have bugs - and they don't work together. blink bugs or actually bugs in python-sipsimle xquery is used somewhere? [18:07] i found the escape bugs and fixed them. after that i found blink bugs (two of them) and waiting for them to be fixed before i'm able to continue or required by clients to work with the server? It's used to find contacts to add to your contact-list. It's an OMA extension. [18:08] It gives you a Skype-like search feature. OMA has a lot of extensions [18:09] but no operators ever tried to deploy :-) If we continue down the SIMPLE path we can discuss forever... I know of at least one deployment with XQuery... ok [18:10] But it isn't an implementation that I can currently share. so, let's see what can be done on this devel cycle as i said, i'll look at xcap diff on xcap_server good to look at xcap-diff. [18:11] Great. Second last of mine. and the rest as I find resources ... anything else or move to next topic? Doing a lot of work on Amazon right now. Planning to add some stuff to support various AWS DB services and things. Again, just wondered if anyone else is interested in this stuff? [18:12] I never interacted with I think it's a good story. if you have them and you want to publish them, why not Not done them yet. you will get more feedback and more testers :) [18:13] Again, just asking as if anyone else wants it and can help it'd be appreciated and probably done faster. ask on ml (more audience) **************** EVENT ROUTE FIRED WHEN A TCP CONNECTION CLOSES *************** Last item of mine. [18:14] Added it because oej is here. he he An event_route that fires when a TCP connection closes. for such things I am more customer driven … it might get on top unexpected quickly or never :-) sound like a good thing to have in order to be able to unregister contacts this is something I keep remembering I have to look at [18:15] :-) Good thing I keep all of you on your toes I tried adding it. The event_route code is trivial. Just couldn't work out where to trigger it from. The question is how to present any data? Which connection got closed? I was hoping there'd be a nice, single place in TCP to do it. probably connection id and local/remote sockets Same as I did with the WebSocket close event. [18:16] Is it related to something - an outbound flow, another SIP proxy, a TLS conenction? Fill in the receive_info details and stuff like $si and $sp work. If it's connected to an outbound flow, we need the RUID And the new $conid PV I just added does too. can that lead to ruid? If you want the RUID store it in an htable that is mapped on $si:$sp. [18:17] oej: perhaps the safest for usrloc record removing is to do it in the module It's what I do. If an edge proxy drops a connection to a UA is one case nathelper can do that now for udp contacts that are behind nat if a core proxy drops a connection to an edge proxy - multiplexed and used for many flows - what do we do then? if they don't respond on options keepalive for tcp will take a timer base check to see if the connection is still open [18:18] looks easier to get from usrloc to connection id, than from connection id to usrloc record I think we will have to play around with this idea on the mailing list to get the requirements hashed out tcp level keepalives could tell when connection is broken perhaps we can use a flag to mark what connections have to be checked (like we do for udp to send options keepalives) [18:19] jh__: maybe we can hook some callback to that event [18:20] let's see … ok, so we will discuss more on mailing list if needed pdunkley: do you have the code in some branch? Probably not. I'll have a look later. ok next topic then ... osas: I guess you are ... [18:22] *************************** XHTTP ********************************************* sure xhttp: improve the API by providing a response buffer to build in http replies isn't there a buffer inside the module for that? [18:23] is it? I don't remember seeing one or you want to stack stuff in it … and then send? I thought it is, but I might be wrong ... should be no problem to add one I would like to add parts of the reply to it and do a flush and when the whole reply is built, do a send [18:24] this will solve large rpc replies like dumping the registration table ok … so this needs vim+c code but is nice to have, indeed [18:25] also, it would be nice to integrate xmlrpc with xhttp it is some duplicated code there, right so we have a common base for all http related operations we should clean that up agree [18:26] and I haven't checked, but it would be great to load the xhttp module only for workers that are tcp workers and subsequentiqally, all the modules that are on top of xhttp modules are loaded before forking I see ... but maybe you need child init only for tcp workers well, we can leave with it :) ok anything else? [18:28] yes, at least not initialize (and cosume pkg mem) on UDP workers I think that would be it for now ok, next topic hughw: your turn ********************* DEBUG LEVEL PER MODULE ********************************** - debug level per module [18:29] it is a good feature, it's missing a developer :-) I think that's a great idea it would be nice to have the ability to control the debug level per module via an rpc command RPC command Exactly! [18:30] also, a module parameter would be good I had a look at the dprint code last night. I can see there is already a 'local_debug'level' which I didn't know about before on server restart, to keep the desired debug level It could very well be config variables. Then we have both config script support as well as RPC automatically. But this requires a shared map of module => debug level [18:31] Config variables. hughw: local_debug is used by some config functions to set/reset debug level in routing blocks you can have something like: setdebug(x)l lookup(…); resetdebug(); [18:32] so lookup is executed with debug=x the problem I see with per module debug is when executing functions that are using code from other modules via API [18:33] like auth_db executes db_mysql functions I need to leave. Thanks for a good meeting. Keep calm and carry on, Kamailians! auth_check() from auth_db module executes code from db_mydql and when running presence with notifier you get so much debug level stuff out the DB and presence modules that you can't see anything else at all. [18:34] Yep. The current debug uses the MODULE_NAME at compile time to create the debug strings through macros. Is ther a way to use something similar to lookup a shared memory map, so that debug from a module knows the current level [18:35] for that modu;e i'll give some thoughts on it ... [18:37] at this moment I have some ideas, but might be wrong will continue on dev ml if nobody has more to add [18:38] OK. next topic then ... *********************** NCURSES-BASED TOOL ************************************ eZz: you wanted to about mods dependencies [18:39] this should be last before last yes I'm thinking about to write some ncurses-based tool [18:40] like asterisk's make menuselect ok, it would be nice to have it is no spec file to define dependencies but should be not hard to add we need to define a format but found a problem, no easy way to track a dependencies instead of parse makefiles and xxx.lst [18:41] since it is not something that dynamic we can build it manually we add new modules once in a while probably takes longer to write a tool to automatically generate it than writing it and maintained by hand ok, maybe just define a spec like rh-based spec files ? and if that tool will find this file in modules dir - show it in menu [18:43] maybe we can have it a more flexible or what you mean by rh spec file? I was thinking to put a bit more than just dependencies there [18:44] e.g., a short description yes [18:45] from my view it will have 1-module options, 2-depends, 3-description if you have something in mind already, send a proposal on devel list with an example ... I mean -- about the format of the spec file [18:46] alright, I will send this on ml when I will have something resonable maybe we can list there also external libs maybe also option to auto-install ;) [18:47] at least just for info :-) why not, like cpan ok … that will be ng version yes you can start discussion on mailing list before you have something [18:48] other people might be interested in helping out ok, I will at least with ideas (you see, we have plenty of them) ok :-) yes can I ask one more question ? [18:49] ******************* NEXT MAJOR RELEASE **************************************** so last topic -- next major release oops I guess it is going to be sometime in autumn at previous meeting we thought of doing a short devel cycle for 4.1 to get outbound module but pdunkley did it for 4.0 anything that is demanding a 4.1 rather soone?!? [18:50] ok, if not, we should make an more accurate release date proposal after the summer [18:51] i don;t remember now but there are sone new ob/gruu related stuff in master that is missing from 4.0 yes, it is branch failure route [18:52] that still need the work for t m module and connections [18:53] once those are in, we could issue 4.1 in early autumn and I won't rush into a major release quickly after a change there, needs some testing early autumn is bad, because people are in vacation during testing period :-) [18:54] but we can adjust according to releases, can I merge my local branches with uac/tm/sdpops with master till master ? let say end of sept then *till autumn eZz: if you have changes in your branches, you can merge before [18:55] just ask for review if it is not on your modules and it is recommended to do it before to allow testing it's not just mine, it's global pushing before freeze means less testing time ... ok, I understand, thank [18:56] yes -- anyone can merge before we announce code freeze code in personal branches should be kept until is something desired for master branch [18:57] personal branches should be used only for short period of time, while prototyping/playing with new stuff merging late may create lots of conflicts ok --- looks like we are done only 3 hours :-) any ad hoc topics?!? [18:58] openrcs.com purpose/direction? if not, looks like we have a lot of ideas to code ... admorten: we can discuss after anything related to kamailio devel [18:59] which might not be anymore ... That's fine. so last call, anything else to discuss about kamailio development?!?! ok, nothing, good! [19:00] thanks everyone! good input, now let's see the follow up actions I will put a summary of this conversation (read as: copy and paste the log, removing irrelevant parts) on the wiki during next days [19:01] that's all for the development meeting … free conversations now [19:02] ****************** FREE CONVERSATIONS ***************************************** ok, what about a bug I described yesterday? [19:03] about uac which is adding '<' char admorten: the goal with that service is to have a server where people can play with sip and last features of kamailio at FOSDEM we had a panel discussion about federating [19:04] there is iptel.org service, but not related to kamailio that much Right. voipuser.org still striving to get the website back (the sip server is still up and running) eZz: you have to put a SIP URI there [19:05] not a header < > were added to fix other bug it will need an extension to be able to specify display name you should add a feature request on tracker ... [19:06] miconda: I've attempted to sign up for an openrcs.com account, but haven't got a confirmation e-mail yet. admorten: check your spam folder?!? Several times. :) Wasn't able to give my fully attention to this meeting earlier. I did want to mention earlier that we've rolled out the sca module, and now have 6000+ active SCA subscribers, with a likely final total ~10000. [19:09] all working fine? admorten: That's excellent to hear. [19:10] Yes, working well. it is quire some subscriber base for shared lines ... Yes, turned out to be a very important feature from the legacy system. [19:11] :-) We've successfully tested group sizes up to 20 so far. admorten: sca is all in one, no need of dialog or other presence modules, right? Correct. That could change with some concerted effort, of course. sometime is good to have it like this, afaik, the specs were floating on sla/bla with broadsoft bringing on its own flavour [19:13] Yes, SCA's tied a bit more to the INVITE dialog than the bla sipping draft. admorten: That's with mostly/all Polycom handsets I suppose? Or do others support it? Our deployment is all Polycoms, but I've been testing with a Cisco SPA 303, Yealink T22P, Aastra 6757i and Aastra 6731i. [19:14] Works across all of them. I've been meaning to add a wiki page on the subject, but the rollout was taking most of my attention. :) [19:15] Nice, glad to hear it's more than just Polycoms (although they're nice). Are you aweare of any softphones that support it? (Expecting to get a Snom for evaluation, too.) [19:16] I'm not aware of any softphones doing SCA, but that's because I haven't really looked. [19:17] I have to go for a while, i'll be back later Gotcha. Either way, glad to hear that's working really well. I've been keeping an eye on that module. Great, thanks. Let me know if you've got questions. Will do, thanks [19:19]