Hi,

If you want the signaling that is encrypted see in plaintext you can use Kamailio module siptrace.
sipdump and sipcapture maybe also good for that, I didn't use these. 


Krzysztof Drewicz <kdrewicz+kamailio@cludo.pl> schrieb am Mi., 25. Jan. 2023, 16:33:
pt., 20 sty 2023 o 18:13 Richard Fuchs <rfuchs@sipwise.com> napisał(a):
>
>
> You just need one invocation each: one for the offer, one for the
> answer. (Assuming single offer/answer exchange and no branches.)
>
> You can use rtpengine_manage() for either of them if you want to let the
> module figure out whether the message is an offer or an answer. But you
> will want to use different flags for the two cases, mostly depending on
> where the message is going to.
>

Thanks!

you were right (obviously)

>
> If the message is going to a plain RTP (non-SRTP, non-ICE, etc) client,
> use "RTP/AVP ICE=remove" etc. If the message is going to an SRTP,
> ICE-enabled client, use "RTP/SAVPF ICE=force" etc.

That is 100% true, also pad-crypto.


> If you want to manually distinguish between offers and answers instead
> of using rtpengine_manage(),

Nope, no need for that, just doing simple POC that - it could work.

Still - my encrypted party plays tricks with, me, is there a way - to
see unencrypted traffic towards TLS endpoint (maybe a simple pcap
before encryption or dumping in plain text somewhere),

my party needs a R-URI - blahblahblah.byoc.mypurecloud.de, so i do this:

  if(proto != TLS) {
                        xlog("L_INFO", "[R-MAIN] from my ciamajda to
my gienio non tls $ru from $si\n");
                          if (!ds_select_dst("19", "0")) {
                                xwarn("I:$var(i) DROP(DOWN!) FWD:$rm
[$fU->$tU] [SBCVIP] to $du\n");
                                sl_send_reply("503", "Destination down");
                                exit;
                        }
                xlog("L_INFO","Request URI was -> [$ou] [$ru] [$rU]\n");

rewritehostporttrans("blahblahblah.byoc.mypurecloud.de:5061;transport=tls");
                xlog("L_INFO","Request URI changed MAM [$ou] [$ru] [$rU]\n");



in dispach.list:


17      SIP:blahblahblah.byoc.mypurecloud.de:5061;transport=tls     0
1 socket=tls:1.2.3.24:5061
18      SIP:blahblahblah.byoc.mypurecloud.de:5061;transport=tls
19      SIP:blahblahblah.byoc.mypurecloud.de:5061;transport=tls  0 1
socket=tls:1.2.3.24:5061;ping_from=sip:myfqdnsbc.realhostname.gq

(mod dispatcher - as I believe can and whould give options via TLS -  right ?)

Any hints? Maybe someone has already tried and succeeded with
mypurecloud ? (not so popular like o365/ms-teams trunking but still)

thanks,
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe: