Sorry for putting this question on both dev and user mailing lists, as it is a rather theoretical question and i hope some SIP guru on either mail list will answer.
For non-WS endpoints which use TCP or UDP for SIP transport, each upstream request has top most VIA header pointing to the previous hop which forwarded the request to current hop while each downstream request has top most VIA header pointing to next hop to which it will be forwarded from current hop.
But for WS endpoints, the top most VIA has dummy static value, so there is no way to identify who sent this request or to whom the reply is going to.
Please note that i am not specifically interested in network address of remote endpoint (though VIA header is suppose to provide it), i only need to match requests and responses from / to a specific device using SIP v2.0 standard.
Any help is highly appreciated.
Thank you.
On 22.08.14 03:26, Muhammad Shahzad wrote:
Sorry for putting this question on both dev and user mailing lists, as it is a rather theoretical question and i hope some SIP guru on either mail list will answer.
For non-WS endpoints which use TCP or UDP for SIP transport, each upstream request has top most VIA header pointing to the previous hop which forwarded the request to current hop while each downstream request has top most VIA header pointing to next hop to which it will be forwarded from current hop.
But for WS endpoints, the top most VIA has dummy static value, so there is no way to identify who sent this request or to whom the reply is going to.
Please note that i am not specifically interested in network address of remote endpoint (though VIA header is suppose to provide it), i only need to match requests and responses from / to a specific device using SIP v2.0 standard.
Any help is highly appreciated.
Thank you.
Can you provide an example of scenario you want to create ? Do you want to understand how transaction and dialog matching works in SIP ?
Not really, the main context of this question is in reference to this thread,
https://www.mail-archive.com/sr-users@lists.sip-router.org/msg19962.html
A patched to allow network IO intercept in kamailio corex module was add to trunk as discussed in this thread,
https://www.mail-archive.com/sr-users@lists.sip-router.org/msg20183.html
Currently i am able to compress / decompress entire sip message coming from or going to remote endpoint in kamailio server. It works fine. Now i want to try ITV encryption algorithm for this on-wire data.
For this i need to keep track of remote endpoint. At this low level, i only have raw data received from or being transmitted to remote UA, without even the remote socket address, so i have no choice but to look at this raw data to determine the identity of remote endpoint. For non-WS transport, i can easily look at topmost VIA and extract network address to use as "unique identification" of endpoint who sent the data or would receive the data. However, for WS transport this topmost VIA is useless static constant string. So VIA checking is pointless (all remote endpoints will or may have same top most VIA).
So i was thinking if there is another way to do it? I thought of using GRUU, but it is not always present, especially in SIP replies.
Thank you.
On Mon, Aug 25, 2014 at 3:24 PM, Vitaliy Aleksandrov <vitalik.voip@gmail.com
wrote:
On 22.08.14 03:26, Muhammad Shahzad wrote:
Sorry for putting this question on both dev and user mailing lists, as it is a rather theoretical question and i hope some SIP guru on either mail list will answer.
For non-WS endpoints which use TCP or UDP for SIP transport, each upstream request has top most VIA header pointing to the previous hop which forwarded the request to current hop while each downstream request has top most VIA header pointing to next hop to which it will be forwarded from current hop.
But for WS endpoints, the top most VIA has dummy static value, so there is no way to identify who sent this request or to whom the reply is going to.
Please note that i am not specifically interested in network address of remote endpoint (though VIA header is suppose to provide it), i only need to match requests and responses from / to a specific device using SIP v2.0 standard.
Any help is highly appreciated.
Thank you.
Can you provide an example of scenario you want to create ? Do you want to understand how transaction and dialog matching works in SIP ?
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
When kamailio processes a request script writer can check if there any Route header or valid R-URI or R-URI alias parameter to determine the destination. You can check it manually maybe reusing kamailio sip parser.
As you've already said to find a destination where kamailio is going to send a reply you can parse via header or its "received" and "rport" parameters. Even when via doesn't have valid destination (ws/wss transport) it has correct "received" and "rport" parameters which kamailio adds during a request processing.
"Via" header in INVITE received from WSS client and forwarded to a destination looks like this: "Via: SIP/2.0/WSS df7jal23ls0d.invalid;received=1.2.3.4;branch=z9hG4bKTp9lzCApgHsdbRUrFcZ4XTCI49EZbbDf;rport=37213"
Not really, the main context of this question is in reference to this thread,
https://www.mail-archive.com/sr-users@lists.sip-router.org/msg19962.html
A patched to allow network IO intercept in kamailio corex module was add to trunk as discussed in this thread,
https://www.mail-archive.com/sr-users@lists.sip-router.org/msg20183.html
Currently i am able to compress / decompress entire sip message coming from or going to remote endpoint in kamailio server. It works fine. Now i want to try ITV encryption algorithm for this on-wire data.
For this i need to keep track of remote endpoint. At this low level, i only have raw data received from or being transmitted to remote UA, without even the remote socket address, so i have no choice but to look at this raw data to determine the identity of remote endpoint. For non-WS transport, i can easily look at topmost VIA and extract network address to use as "unique identification" of endpoint who sent the data or would receive the data. However, for WS transport this topmost VIA is useless static constant string. So VIA checking is pointless (all remote endpoints will or may have same top most VIA).
So i was thinking if there is another way to do it? I thought of using GRUU, but it is not always present, especially in SIP replies.
Thank you.
On Mon, Aug 25, 2014 at 3:24 PM, Vitaliy Aleksandrov <vitalik.voip@gmail.com mailto:vitalik.voip@gmail.com> wrote:
On 22.08.14 03:26, Muhammad Shahzad wrote: Sorry for putting this question on both dev and user mailing lists, as it is a rather theoretical question and i hope some SIP guru on either mail list will answer. For non-WS endpoints which use TCP or UDP for SIP transport, each upstream request has top most VIA header pointing to the previous hop which forwarded the request to current hop while each downstream request has top most VIA header pointing to next hop to which it will be forwarded from current hop. But for WS endpoints, the top most VIA has dummy static value, so there is no way to identify who sent this request or to whom the reply is going to. Please note that i am not specifically interested in network address of remote endpoint (though VIA header is suppose to provide it), i only need to match requests and responses from / to a specific device using SIP v2.0 standard. Any help is highly appreciated. Thank you. Can you provide an example of scenario you want to create ? Do you want to understand how transaction and dialog matching works in SIP ? _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org <mailto:sr-users@lists.sip-router.org> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
OK, this is interesting. However, i think the received parameter and rport are added by kamailio, so it can only be checked for outgoing messages, these will still be unavailable in incoming messages. Is this correct or they will be available in every incoming messages too (except of course the the very first incoming messages)?
Looking at RFC7118, it says the WS VIA header domain part will contain "random string" followed by ".invalid" to make it a correct domain name. This may provide some uniqueness, though this random string may not necessarily be unique as well.
Thank you.
On Mon, Aug 25, 2014 at 5:23 PM, Vitaliy Aleksandrov <vitalik.voip@gmail.com
wrote:
When kamailio processes a request script writer can check if there any Route header or valid R-URI or R-URI alias parameter to determine the destination. You can check it manually maybe reusing kamailio sip parser.
As you've already said to find a destination where kamailio is going to send a reply you can parse via header or its "received" and "rport" parameters. Even when via doesn't have valid destination (ws/wss transport) it has correct "received" and "rport" parameters which kamailio adds during a request processing.
"Via" header in INVITE received from WSS client and forwarded to a destination looks like this: "Via: SIP/2.0/WSS df7jal23ls0d.invalid;received=1.2.3.4;branch=z9hG4bKTp9lzCApgHsdbRUrFcZ4XTCI49EZbbDf;rport=37213"
Not really, the main context of this question is in reference to this thread,
https://www.mail-archive.com/sr-users@lists.sip-router.org/msg19962.html
A patched to allow network IO intercept in kamailio corex module was add to trunk as discussed in this thread,
https://www.mail-archive.com/sr-users@lists.sip-router.org/msg20183.html
Currently i am able to compress / decompress entire sip message coming from or going to remote endpoint in kamailio server. It works fine. Now i want to try ITV encryption algorithm for this on-wire data.
For this i need to keep track of remote endpoint. At this low level, i only have raw data received from or being transmitted to remote UA, without even the remote socket address, so i have no choice but to look at this raw data to determine the identity of remote endpoint. For non-WS transport, i can easily look at topmost VIA and extract network address to use as "unique identification" of endpoint who sent the data or would receive the data. However, for WS transport this topmost VIA is useless static constant string. So VIA checking is pointless (all remote endpoints will or may have same top most VIA).
So i was thinking if there is another way to do it? I thought of using GRUU, but it is not always present, especially in SIP replies.
Thank you.
On Mon, Aug 25, 2014 at 3:24 PM, Vitaliy Aleksandrov < vitalik.voip@gmail.com> wrote:
On 22.08.14 03:26, Muhammad Shahzad wrote:
Sorry for putting this question on both dev and user mailing lists, as it is a rather theoretical question and i hope some SIP guru on either mail list will answer.
For non-WS endpoints which use TCP or UDP for SIP transport, each upstream request has top most VIA header pointing to the previous hop which forwarded the request to current hop while each downstream request has top most VIA header pointing to next hop to which it will be forwarded from current hop.
But for WS endpoints, the top most VIA has dummy static value, so there is no way to identify who sent this request or to whom the reply is going to.
Please note that i am not specifically interested in network address of remote endpoint (though VIA header is suppose to provide it), i only need to match requests and responses from / to a specific device using SIP v2.0 standard.
Any help is highly appreciated.
Thank you.
Can you provide an example of scenario you want to create ? Do you want to understand how transaction and dialog matching works in SIP ?
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing listsr-users@lists.sip-router.orghttp://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Not sure what you trying to do, but the Via header is for transactions. It may be different for every transaction. Thus, if you need transaction matching (requests to responses) then you are fine and should use purely the branch id.
If you want to match messages from one transaction to messages from another transaction (e.g. dialog matching or matching multiple dialogs from the same user) then the Via is probably the wrong choice. Please also note, that the user can put any data into the Via header and this may confuse your application if you blindly trusts all the data in the Via header.
For matching dialogs you should use call-id and tags (or use the dialog module).
For matching requests from a certain user agent: I think there is no reliable way - GRUU may work if available.
But as you are talking about encryption it is more "peer" related then user-agent related. I say "peer" as the peer may be another proxy with several user agents behind. To identify peers you should use the data from the transport: IP, port, protocol. That should be unique for a peer. For received messages it should be simple to extract them, for sending, the data should be available too (e.g. in DURI or some references to a TCP connection).
regards Klaus
On 22.08.2014 02:26, Muhammad Shahzad wrote:
Sorry for putting this question on both dev and user mailing lists, as it is a rather theoretical question and i hope some SIP guru on either mail list will answer.
For non-WS endpoints which use TCP or UDP for SIP transport, each upstream request has top most VIA header pointing to the previous hop which forwarded the request to current hop while each downstream request has top most VIA header pointing to next hop to which it will be forwarded from current hop.
But for WS endpoints, the top most VIA has dummy static value, so there is no way to identify who sent this request or to whom the reply is going to.
Please note that i am not specifically interested in network address of remote endpoint (though VIA header is suppose to provide it), i only need to match requests and responses from / to a specific device using SIP v2.0 standard.
Any help is highly appreciated.
Thank you.
sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
Thank you so much for your informative response.
Yes the "peer" may be correct term in this sense as i am trying to identify "devices" (SIP UAs or Proxy) that are directly connected to Kamailio via SIP signalling (i.e. there is no other intermediate SIP device [SIP UA or Proxy] in the middle). That is why top most VIA header looks interesting as it has peer network address that can be used to identify that peer uniquely for both incoming and outgoing SIP requests and responses.
However, this works perfectly fine ONLY for TCP, TLS and UDP transports. For WS and WSS, there is no network address, just some random string, which is not guaranteed to be unique in peer context.
Anyways for the moment the only workaround i see fit for the situation is to modify WS client code such that i generates this random string uniquely (e.g. something like GUID used by Windows OS or UUID generated by libuuid in Linux).
Any other suggestions are warmly welcome.
Thank you.
On Tue, Sep 2, 2014 at 4:22 PM, Klaus Darilion <klaus.mailinglists@pernau.at
wrote:
Not sure what you trying to do, but the Via header is for transactions. It may be different for every transaction. Thus, if you need transaction matching (requests to responses) then you are fine and should use purely the branch id.
If you want to match messages from one transaction to messages from another transaction (e.g. dialog matching or matching multiple dialogs from the same user) then the Via is probably the wrong choice. Please also note, that the user can put any data into the Via header and this may confuse your application if you blindly trusts all the data in the Via header.
For matching dialogs you should use call-id and tags (or use the dialog module).
For matching requests from a certain user agent: I think there is no reliable way - GRUU may work if available.
But as you are talking about encryption it is more "peer" related then user-agent related. I say "peer" as the peer may be another proxy with several user agents behind. To identify peers you should use the data from the transport: IP, port, protocol. That should be unique for a peer. For received messages it should be simple to extract them, for sending, the data should be available too (e.g. in DURI or some references to a TCP connection).
regards Klaus
On 22.08.2014 02:26, Muhammad Shahzad wrote:
Sorry for putting this question on both dev and user mailing lists, as it is a rather theoretical question and i hope some SIP guru on either mail list will answer.
For non-WS endpoints which use TCP or UDP for SIP transport, each upstream request has top most VIA header pointing to the previous hop which forwarded the request to current hop while each downstream request has top most VIA header pointing to next hop to which it will be forwarded from current hop.
But for WS endpoints, the top most VIA has dummy static value, so there is no way to identify who sent this request or to whom the reply is going to.
Please note that i am not specifically interested in network address of remote endpoint (though VIA header is suppose to provide it), i only need to match requests and responses from / to a specific device using SIP v2.0 standard.
Any help is highly appreciated.
Thank you.
sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
On 03.09.2014 03:09, Muhammad Shahzad wrote:
Thank you so much for your informative response.
Yes the "peer" may be correct term in this sense as i am trying to identify "devices" (SIP UAs or Proxy) that are directly connected to Kamailio via SIP signalling (i.e. there is no other intermediate SIP device [SIP UA or Proxy] in the middle). That is why top most VIA header looks interesting as it has peer network address that can be used to identify that peer uniquely for both incoming and outgoing SIP requests and responses.
However, this works perfectly fine ONLY for TCP, TLS and UDP transports. For WS and WSS, there is no network address, just some random string, which is not guaranteed to be unique in peer context.
Anyways for the moment the only workaround i see fit for the situation is to modify WS client code such that i generates this random string uniquely (e.g. something like GUID used by Windows OS or UUID generated by libuuid in Linux).
Any other suggestions are warmly welcome.
I disagree. IMO it is a bad choice to rely on the Via header. Your software should use only data which is generated locally (and thus trustworthy). The Via header is generated by the peer and may be false or manipulated, and it does not serve your needs. Thus, instead of changing clients to add data tot he Via header you should look for another option.
For example, when a client uses outbound and GRUU, Kamailio also has to map some identifiers to transport connections. Thus, I guess there is already some code in Kamailio.
Another method, as stated in my previous email, is the IP:port:proto. But not extracted from the Via header, but extracted from the transport layer (e.g. $si, $sp, $proto, ....)
regards Klaus
-
Klaus Darilion -
Muhammad Shahzad -
Vitaliy Aleksandrov