Hello,
I was going through the new features and stumbled upon this new one - developed by Mohd. Shahzad Shafi. As already mentioned on the wiki about this module, I intend to use it for my custom security layer between UACs and SIP Proxy (Kamailio) but the issue is - the custom security layer (encryption/decryption code) is written in C and should precisely be applied for the messages between UAC and Proxy.
Is there a way I can achieve this using Corex module since it does intercept the network I/O messages ?
Any help here would be really appreciated.
Hi,
The network io intercept feature basically allows kamailio script writer to do whatever s/he may want to do with raw SIP packets (that are just received by kamailio or about to be sent out by kamailio), e.g. encryption, compression or any final touches to sip message before it is processed by kamailio core. That is why it is purposely kept abstract and any particular use or implementation is left to the script writer.
In your case the encryption / decryption code is in C/C++, you can try one of the followings,
1. Writeup a C/C++ program that receives outgoing SIP message as text (and some other parameters, e.g. encryption key) in input arguments and returns the encrypted message in event_route [ network:msg ] and vice versa (for incoming messages). You can call this program directly from kamailio.cfg script.
2. Writeup e.g. a PERL wrapper for your encryption / decryption C/C++ code and call it using kamailio app_perl module within event_route [ network:msg ] as demonstrated in this example,
http://kamailio.org/docs/modules/devel/modules/corex.html#idp125704
You can also use any other kamailio language bind of you choice as well, e.g. Python, LUA, JAVA and so on.
I would recommend the second option, as it has less processing overhead for kamailio.
Thank you.
On Tue, Sep 16, 2014 at 6:09 PM, Rahul MathuR rahul.ultimate@gmail.com wrote:
Hello,
I was going through the new features and stumbled upon this new one - developed by Mohd. Shahzad Shafi. As already mentioned on the wiki about this module, I intend to use it for my custom security layer between UACs and SIP Proxy (Kamailio) but the issue is - the custom security layer (encryption/decryption code) is written in C and should precisely be applied for the messages between UAC and Proxy.
Is there a way I can achieve this using Corex module since it does intercept the network I/O messages ?
Any help here would be really appreciated.
-- Warm Regds. MathuRahul
sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
Thanks for replying !
But how to check whether a particular message received by Kamailio was sent by UAC or SIP Server ? Also, on the same lines - how to know whether a particular message about to be send from Kamailio is bound to UAC or SIP Server ?
On Tue, Sep 16, 2014 at 10:51 PM, Muhammad Shahzad shaheryarkh@gmail.com wrote:
Hi,
The network io intercept feature basically allows kamailio script writer to do whatever s/he may want to do with raw SIP packets (that are just received by kamailio or about to be sent out by kamailio), e.g. encryption, compression or any final touches to sip message before it is processed by kamailio core. That is why it is purposely kept abstract and any particular use or implementation is left to the script writer.
In your case the encryption / decryption code is in C/C++, you can try one of the followings,
- Writeup a C/C++ program that receives outgoing SIP message as text (and
some other parameters, e.g. encryption key) in input arguments and returns the encrypted message in event_route [ network:msg ] and vice versa (for incoming messages). You can call this program directly from kamailio.cfg script.
- Writeup e.g. a PERL wrapper for your encryption / decryption C/C++ code
and call it using kamailio app_perl module within event_route [ network:msg ] as demonstrated in this example,
http://kamailio.org/docs/modules/devel/modules/corex.html#idp125704
You can also use any other kamailio language bind of you choice as well, e.g. Python, LUA, JAVA and so on.
I would recommend the second option, as it has less processing overhead for kamailio.
Thank you.
On Tue, Sep 16, 2014 at 6:09 PM, Rahul MathuR rahul.ultimate@gmail.com wrote:
Hello,
I was going through the new features and stumbled upon this new one - developed by Mohd. Shahzad Shafi. As already mentioned on the wiki about this module, I intend to use it for my custom security layer between UACs and SIP Proxy (Kamailio) but the issue is - the custom security layer (encryption/decryption code) is written in C and should precisely be applied for the messages between UAC and Proxy.
Is there a way I can achieve this using Corex module since it does intercept the network I/O messages ?
Any help here would be really appreciated.
-- Warm Regds. MathuRahul
sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
Hi,
Did you get some free cycles to look at it ?
On Wed, Sep 17, 2014 at 12:12 AM, Rahul MathuR rahul.ultimate@gmail.com wrote:
Thanks for replying !
But how to check whether a particular message received by Kamailio was sent by UAC or SIP Server ? Also, on the same lines - how to know whether a particular message about to be send from Kamailio is bound to UAC or SIP Server ?
On Tue, Sep 16, 2014 at 10:51 PM, Muhammad Shahzad shaheryarkh@gmail.com wrote:
Hi,
The network io intercept feature basically allows kamailio script writer to do whatever s/he may want to do with raw SIP packets (that are just received by kamailio or about to be sent out by kamailio), e.g. encryption, compression or any final touches to sip message before it is processed by kamailio core. That is why it is purposely kept abstract and any particular use or implementation is left to the script writer.
In your case the encryption / decryption code is in C/C++, you can try one of the followings,
- Writeup a C/C++ program that receives outgoing SIP message as text
(and some other parameters, e.g. encryption key) in input arguments and returns the encrypted message in event_route [ network:msg ] and vice versa (for incoming messages). You can call this program directly from kamailio.cfg script.
- Writeup e.g. a PERL wrapper for your encryption / decryption C/C++
code and call it using kamailio app_perl module within event_route [ network:msg ] as demonstrated in this example,
http://kamailio.org/docs/modules/devel/modules/corex.html#idp125704
You can also use any other kamailio language bind of you choice as well, e.g. Python, LUA, JAVA and so on.
I would recommend the second option, as it has less processing overhead for kamailio.
Thank you.
On Tue, Sep 16, 2014 at 6:09 PM, Rahul MathuR rahul.ultimate@gmail.com wrote:
Hello,
I was going through the new features and stumbled upon this new one - developed by Mohd. Shahzad Shafi. As already mentioned on the wiki about this module, I intend to use it for my custom security layer between UACs and SIP Proxy (Kamailio) but the issue is - the custom security layer (encryption/decryption code) is written in C and should precisely be applied for the messages between UAC and Proxy.
Is there a way I can achieve this using Corex module since it does intercept the network I/O messages ?
Any help here would be really appreciated.
-- Warm Regds. MathuRahul
sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
-- Warm Regds. MathuRahul
Hello,
the corex has a function to tell if the message is received by kamailio or sent out:
- http://kamailio.org/docs/modules/devel/modules/corex.html#idp29928
If you interconnect with other servers/gateways when you don't what to do special encoding, then you need to test src ip or look ar r-uri/dst uri.
Cheers, Daniel
On 17/09/14 04:24, Rahul MathuR wrote:
Hi,
Did you get some free cycles to look at it ?
On Wed, Sep 17, 2014 at 12:12 AM, Rahul MathuR <rahul.ultimate@gmail.com mailto:rahul.ultimate@gmail.com> wrote:
Thanks for replying ! But how to check whether a particular message received by Kamailio was sent by UAC or SIP Server ? Also, on the same lines - how to know whether a particular message about to be send from Kamailio is bound to UAC or SIP Server ? On Tue, Sep 16, 2014 at 10:51 PM, Muhammad Shahzad <shaheryarkh@gmail.com <mailto:shaheryarkh@gmail.com>> wrote: Hi, The network io intercept feature basically allows kamailio script writer to do whatever s/he may want to do with raw SIP packets (that are just received by kamailio or about to be sent out by kamailio), e.g. encryption, compression or any final touches to sip message before it is processed by kamailio core. That is why it is purposely kept abstract and any particular use or implementation is left to the script writer. In your case the encryption / decryption code is in C/C++, you can try one of the followings, 1. Writeup a C/C++ program that receives outgoing SIP message as text (and some other parameters, e.g. encryption key) in input arguments and returns the encrypted message in event_route [ network:msg ] and vice versa (for incoming messages). You can call this program directly from kamailio.cfg script. 2. Writeup e.g. a PERL wrapper for your encryption / decryption C/C++ code and call it using kamailio app_perl module within event_route [ network:msg ] as demonstrated in this example, http://kamailio.org/docs/modules/devel/modules/corex.html#idp125704 You can also use any other kamailio language bind of you choice as well, e.g. Python, LUA, JAVA and so on. I would recommend the second option, as it has less processing overhead for kamailio. Thank you. On Tue, Sep 16, 2014 at 6:09 PM, Rahul MathuR <rahul.ultimate@gmail.com <mailto:rahul.ultimate@gmail.com>> wrote: Hello, I was going through the new features and stumbled upon this new one - developed by Mohd. Shahzad Shafi. As already mentioned on the wiki about this module, I intend to use it for my custom security layer between UACs and SIP Proxy (Kamailio) but the issue is - the custom security layer (encryption/decryption code) is written in C and should precisely be applied for the messages between UAC and Proxy. Is there a way I can achieve this using Corex module since it does intercept the network I/O messages ? Any help here would be really appreciated. -- Warm Regds. MathuRahul _______________________________________________ sr-dev mailing list sr-dev@lists.sip-router.org <mailto:sr-dev@lists.sip-router.org> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev _______________________________________________ sr-dev mailing list sr-dev@lists.sip-router.org <mailto:sr-dev@lists.sip-router.org> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev -- Warm Regds. MathuRahul-- Warm Regds. MathuRahul
sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
Hello Gents,
Thanks for guiding me in the correct direction.
However, it so came out that when encrypted packets come to kamailio over transport 'TCP' then it gets rejected from tcp_read.c even before coming to corex module. I guess, maybe it is getting rejected due to header parsing failure.
Any pointers here would be very helpful !!
Thanks one again..
On Wed, Sep 17, 2014 at 12:44 PM, Daniel-Constantin Mierla < miconda@gmail.com> wrote:
Hello,
the corex has a function to tell if the message is received by kamailio or sent out:
If you interconnect with other servers/gateways when you don't what to do special encoding, then you need to test src ip or look ar r-uri/dst uri.
Cheers, Daniel
On 17/09/14 04:24, Rahul MathuR wrote:
Hi,
Did you get some free cycles to look at it ?
On Wed, Sep 17, 2014 at 12:12 AM, Rahul MathuR rahul.ultimate@gmail.com wrote:
Thanks for replying !
But how to check whether a particular message received by Kamailio was sent by UAC or SIP Server ? Also, on the same lines - how to know whether a particular message about to be send from Kamailio is bound to UAC or SIP Server ?
On Tue, Sep 16, 2014 at 10:51 PM, Muhammad Shahzad <shaheryarkh@gmail.com
wrote:
Hi,
The network io intercept feature basically allows kamailio script writer to do whatever s/he may want to do with raw SIP packets (that are just received by kamailio or about to be sent out by kamailio), e.g. encryption, compression or any final touches to sip message before it is processed by kamailio core. That is why it is purposely kept abstract and any particular use or implementation is left to the script writer.
In your case the encryption / decryption code is in C/C++, you can try one of the followings,
- Writeup a C/C++ program that receives outgoing SIP message as text
(and some other parameters, e.g. encryption key) in input arguments and returns the encrypted message in event_route [ network:msg ] and vice versa (for incoming messages). You can call this program directly from kamailio.cfg script.
- Writeup e.g. a PERL wrapper for your encryption / decryption C/C++
code and call it using kamailio app_perl module within event_route [ network:msg ] as demonstrated in this example,
http://kamailio.org/docs/modules/devel/modules/corex.html#idp125704
You can also use any other kamailio language bind of you choice as well, e.g. Python, LUA, JAVA and so on.
I would recommend the second option, as it has less processing overhead for kamailio.
Thank you.
On Tue, Sep 16, 2014 at 6:09 PM, Rahul MathuR <rahul.ultimate@gmail.com
wrote:
Hello,
I was going through the new features and stumbled upon this new one - developed by Mohd. Shahzad Shafi. As already mentioned on the wiki about this module, I intend to use it for my custom security layer between UACs and SIP Proxy (Kamailio) but the issue is - the custom security layer (encryption/decryption code) is written in C and should precisely be applied for the messages between UAC and Proxy.
Is there a way I can achieve this using Corex module since it does intercept the network I/O messages ?
Any help here would be really appreciated.
-- Warm Regds. MathuRahul
sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
-- Warm Regds. MathuRahul
-- Warm Regds. MathuRahul
sr-dev mailing listsr-dev@lists.sip-router.orghttp://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
-- Daniel-Constantin Mierlahttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Next Kamailio Advanced Trainings 2014 - http://www.asipto.com Sep 22-25, Berlin, Germany
sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
There is something wrong with your encryption setup, the event_route [network:msg] gets raw messages that was either just received from the network interface or the final message that is about to be sent over network socket. The SIP parsing is done AFTER message has been processed by this route. So, if SIP parsing fails then it means the message was not correctly decrypted in event_route [network:msg].
Thank you.
On Sat, Sep 20, 2014 at 3:25 PM, Rahul MathuR rahul.ultimate@gmail.com wrote:
Hello Gents,
Thanks for guiding me in the correct direction.
However, it so came out that when encrypted packets come to kamailio over transport 'TCP' then it gets rejected from tcp_read.c even before coming to corex module. I guess, maybe it is getting rejected due to header parsing failure.
Any pointers here would be very helpful !!
Thanks one again..
On Wed, Sep 17, 2014 at 12:44 PM, Daniel-Constantin Mierla < miconda@gmail.com> wrote:
Hello,
the corex has a function to tell if the message is received by kamailio or sent out:
If you interconnect with other servers/gateways when you don't what to do special encoding, then you need to test src ip or look ar r-uri/dst uri.
Cheers, Daniel
On 17/09/14 04:24, Rahul MathuR wrote:
Hi,
Did you get some free cycles to look at it ?
On Wed, Sep 17, 2014 at 12:12 AM, Rahul MathuR rahul.ultimate@gmail.com wrote:
Thanks for replying !
But how to check whether a particular message received by Kamailio was sent by UAC or SIP Server ? Also, on the same lines - how to know whether a particular message about to be send from Kamailio is bound to UAC or SIP Server ?
On Tue, Sep 16, 2014 at 10:51 PM, Muhammad Shahzad < shaheryarkh@gmail.com> wrote:
Hi,
The network io intercept feature basically allows kamailio script writer to do whatever s/he may want to do with raw SIP packets (that are just received by kamailio or about to be sent out by kamailio), e.g. encryption, compression or any final touches to sip message before it is processed by kamailio core. That is why it is purposely kept abstract and any particular use or implementation is left to the script writer.
In your case the encryption / decryption code is in C/C++, you can try one of the followings,
- Writeup a C/C++ program that receives outgoing SIP message as text
(and some other parameters, e.g. encryption key) in input arguments and returns the encrypted message in event_route [ network:msg ] and vice versa (for incoming messages). You can call this program directly from kamailio.cfg script.
- Writeup e.g. a PERL wrapper for your encryption / decryption C/C++
code and call it using kamailio app_perl module within event_route [ network:msg ] as demonstrated in this example,
http://kamailio.org/docs/modules/devel/modules/corex.html#idp125704
You can also use any other kamailio language bind of you choice as well, e.g. Python, LUA, JAVA and so on.
I would recommend the second option, as it has less processing overhead for kamailio.
Thank you.
On Tue, Sep 16, 2014 at 6:09 PM, Rahul MathuR < rahul.ultimate@gmail.com> wrote:
Hello,
I was going through the new features and stumbled upon this new one
- developed by Mohd. Shahzad Shafi.
As already mentioned on the wiki about this module, I intend to use it for my custom security layer between UACs and SIP Proxy (Kamailio) but the issue is - the custom security layer (encryption/decryption code) is written in C and should precisely be applied for the messages between UAC and Proxy.
Is there a way I can achieve this using Corex module since it does intercept the network I/O messages ?
Any help here would be really appreciated.
-- Warm Regds. MathuRahul
sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
-- Warm Regds. MathuRahul
-- Warm Regds. MathuRahul
sr-dev mailing listsr-dev@lists.sip-router.orghttp://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
-- Daniel-Constantin Mierlahttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Next Kamailio Advanced Trainings 2014 - http://www.asipto.com Sep 22-25, Berlin, Germany
sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
-- Warm Regds. MathuRahul
sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
I haven't checked the code for a definitive answer, but, iirc, tcp can indeed have some limitations in accepting anything.
This is because TCP is a stream protocol, so the reading function needs to know when to split the traffic in messages. With SIP is done via a lightweight parser that searches as it reads for Content-Length. Then once it encounters double \r\n it assumes the end if headers and expects to read the body of the size specified by CL value.
For http, it relies either on CL or, if core parameter tcp_accept_no_cl=yes, can handle as well chunked body which carries the size with each chunk, last one being of size 0 (iirc). The tcp reader can handle also MSRP or STUN messages.
But a random sequence of bytes may be rejected, as it cannot decide what is the marker for end of a message.
The variants I could see now: 1) encapsulate the message as body of http (or sip with random values for caller, callee, etc.. -- they are going to be discarded anyhow, but perhaps they will get blocked by provider, if that was the concern, http being safer from this point of view) 2) try with custom message format that has only the header Content-Length: NUMBER followed by \r\n\r\n and the encrypted message as body 3) think of a simple generic framing format (e.g., netstring) to send over TCP the encrypted messages and patch the C code in Kamailio tcp_read.c to get the message out of the frame
Cheers, Daniel
On 20/09/14 19:12, Muhammad Shahzad wrote:
There is something wrong with your encryption setup, the event_route [network:msg] gets raw messages that was either just received from the network interface or the final message that is about to be sent over network socket. The SIP parsing is done AFTER message has been processed by this route. So, if SIP parsing fails then it means the message was not correctly decrypted in event_route [network:msg].
Thank you.
On Sat, Sep 20, 2014 at 3:25 PM, Rahul MathuR <rahul.ultimate@gmail.com mailto:rahul.ultimate@gmail.com> wrote:
Hello Gents, Thanks for guiding me in the correct direction. However, it so came out that when encrypted packets come to kamailio over transport 'TCP' then it gets rejected from tcp_read.c even before coming to corex module. I guess, maybe it is getting rejected due to header parsing failure. Any pointers here would be very helpful !! Thanks one again.. On Wed, Sep 17, 2014 at 12:44 PM, Daniel-Constantin Mierla <miconda@gmail.com <mailto:miconda@gmail.com>> wrote: Hello, the corex has a function to tell if the message is received by kamailio or sent out: - http://kamailio.org/docs/modules/devel/modules/corex.html#idp29928 If you interconnect with other servers/gateways when you don't what to do special encoding, then you need to test src ip or look ar r-uri/dst uri. Cheers, Daniel On 17/09/14 04:24, Rahul MathuR wrote:Hi, Did you get some free cycles to look at it ? On Wed, Sep 17, 2014 at 12:12 AM, Rahul MathuR <rahul.ultimate@gmail.com <mailto:rahul.ultimate@gmail.com>> wrote: Thanks for replying ! But how to check whether a particular message received by Kamailio was sent by UAC or SIP Server ? Also, on the same lines - how to know whether a particular message about to be send from Kamailio is bound to UAC or SIP Server ? On Tue, Sep 16, 2014 at 10:51 PM, Muhammad Shahzad <shaheryarkh@gmail.com <mailto:shaheryarkh@gmail.com>> wrote: Hi, The network io intercept feature basically allows kamailio script writer to do whatever s/he may want to do with raw SIP packets (that are just received by kamailio or about to be sent out by kamailio), e.g. encryption, compression or any final touches to sip message before it is processed by kamailio core. That is why it is purposely kept abstract and any particular use or implementation is left to the script writer. In your case the encryption / decryption code is in C/C++, you can try one of the followings, 1. Writeup a C/C++ program that receives outgoing SIP message as text (and some other parameters, e.g. encryption key) in input arguments and returns the encrypted message in event_route [ network:msg ] and vice versa (for incoming messages). You can call this program directly from kamailio.cfg script. 2. Writeup e.g. a PERL wrapper for your encryption / decryption C/C++ code and call it using kamailio app_perl module within event_route [ network:msg ] as demonstrated in this example, http://kamailio.org/docs/modules/devel/modules/corex.html#idp125704 You can also use any other kamailio language bind of you choice as well, e.g. Python, LUA, JAVA and so on. I would recommend the second option, as it has less processing overhead for kamailio. Thank you. On Tue, Sep 16, 2014 at 6:09 PM, Rahul MathuR <rahul.ultimate@gmail.com <mailto:rahul.ultimate@gmail.com>> wrote: Hello, I was going through the new features and stumbled upon this new one - developed by Mohd. Shahzad Shafi. As already mentioned on the wiki about this module, I intend to use it for my custom security layer between UACs and SIP Proxy (Kamailio) but the issue is - the custom security layer (encryption/decryption code) is written in C and should precisely be applied for the messages between UAC and Proxy. Is there a way I can achieve this using Corex module since it does intercept the network I/O messages ? Any help here would be really appreciated. -- Warm Regds. MathuRahul _______________________________________________ sr-dev mailing list sr-dev@lists.sip-router.org <mailto:sr-dev@lists.sip-router.org> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev _______________________________________________ sr-dev mailing list sr-dev@lists.sip-router.org <mailto:sr-dev@lists.sip-router.org> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev -- Warm Regds. MathuRahul -- Warm Regds. MathuRahul _______________________________________________ sr-dev mailing list sr-dev@lists.sip-router.org <mailto:sr-dev@lists.sip-router.org> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev-- Daniel-Constantin Mierla http://twitter.com/#!/miconda <http://twitter.com/#%21/miconda> -http://www.linkedin.com/in/miconda Next Kamailio Advanced Trainings 2014 -http://www.asipto.com Sep 22-25, Berlin, Germany _______________________________________________ sr-dev mailing list sr-dev@lists.sip-router.org <mailto:sr-dev@lists.sip-router.org> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev -- Warm Regds. MathuRahul _______________________________________________ sr-dev mailing list sr-dev@lists.sip-router.org <mailto:sr-dev@lists.sip-router.org> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
-
Daniel-Constantin Mierla -
Muhammad Shahzad -
Rahul MathuR