[kamailio/kamailio] 5.1.2: rtpengine module hijacks DTLS key (#1468)

List overview All Threads
Download

newer

older

git:master:630a697c:...

git:5.1:db971272: rtpengine: allow...

aalba6675

2 Mar 2018 2 Mar '18

5:33 a.m.

### Description

rtpengine module is hijacking the DTLS key

rtpengine_manage("DTLS=off")

DTLS=off is a valid command to rtpengine, but the module uses that flag to set transport as UDP/TLS/RTP/SAVP

Unfortunately even though the transport can be fixed by RTP/SAVP, the lines outputted by rtpengine

a=setup:actpass a=fingerprint:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

confuse some UACs that were expecting only SDES. FreeSWITCH is affected.

### Troubleshooting

#### Reproduction

rtpengine_manage("DTLS=off"). tcpdump the traffic between kamailio and rtpengine. Obseve that there is no DTLS=off key.

#### Debugging Data

#### Log Messages

#### SIP Traffic

### Possible Solutions

Don't look for DTLS key, let that be passthrough to kamailio

### Additional Information

5.1.2

* **Operating System**: Linux CentOS 7.4

-- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/1468

Attachments:

attachment.html (text/html — 2.6 KB)

Show replies by date

aalba6675

2 Mar 2 Mar

5:45 a.m.

New subject: [kamailio/kamailio] 5.1.2: rtpengine module hijacks DTLS key (#1468)

@rfuchs hoping you can take a look at this. The merge to master and backport to 5.1.2 has broken my use of rtpengine_manage("DTLS=off") since the DTLS key is removed from the ng-protocol messaged and not processed by rtpengine.

It is needed specifically for FreeSWITCH in SDES (who for some reason does not like a=setup:actpass and a=fingerprint)

-- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/1468#issuecomment-369888212

Daniel-Constantin Mierla

5:56 a.m.

New subject: [kamailio/kamailio] 5.1.2: rtpengine module hijacks DTLS key (#1468)

It is a side effect of PR #1460.

More specific, from mailing list discussion (https://lists.kamailio.org/pipermail/sr-users/2018-March/100539.html), the related change should be:

``` + else if (str_eq(&key, "DTLS")) + ng_flags->transport |= 0x104; ```

-- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/1468#issuecomment-369890586

aalba6675

6:08 a.m.

New subject: [kamailio/kamailio] 5.1.2: rtpengine module hijacks DTLS key (#1468)

The following attempted workaround also fails: 1. don't use DTLS=off, force transport rtpengine_manage("ICE=remove transport-protocol=RTP/SAVP"); 2. rtpengine side use dtls-passive rtpengine --dtls-passive

For some reason this also doesn't work, as rtpengine after rewritng SDP adds

a=setup:actpass a=fingerprint:sha-1 0F:21:F8:06:56:09:51:EC:B2:0B:47:A8:2D:98:D0:E7:E9:F7:0F:A9

-- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/1468#issuecomment-369893139

jerzyptak

7:24 a.m.