[SR-Users] No secure attributes from rtpengine in SRTP/RTP bridge mode

Fri Apr 25 13:51:19 CEST 2014

Hello!

I have been experimenting with drop-in replacement of old "rtpproxy-ng"
module with new "rtpengine". Wondering what is wrong in my configuration:
there are no security attributes in rtpengine answer on RTP/SAVPF offer.
Neither "fingerprint" (DTLS)  nor "crypto" (SDES).

I used Firefox 29 during this test.

1. Here's original offer :

INVITE sip:user5 at ..... SIP/2.0
> Via: SIP/2.0/WS 9mk86fpn2d35.invalid;branch=z9hG4bK1997444
> Max-Forwards: 69
> To: <sip:user5 at ......>
> From: "user4" <sip:user4 at ......>;tag=dvf1co8urv
> Call-ID: phmq9o62cv21timhfnpf
> CSeq: 4233 INVITE
> Proxy-Authorization: Digest algorithm=MD5, username="user4",
> realm="......", nonce="U1o8H1NaOvP3wxegsYCKOJX7S7DV/r1N", uri="sip:user5 at ......",
> response="44e7b16c55d3237f63e04b3c0b194f45"
> Contact: <sip:user4@
> ......;gr=urn:uuid:c193bcd4-aa2e-47ef-a106-22e60f5fde9e;ob>
> Allow: ACK,CANCEL,BYE,OPTIONS,INVITE,MESSAGE
> Content-Type: application/sdp
> Supported: path, outbound, gruu
> User-Agent: JsSIP 0.3.7
> Content-Length: 607
>
> v=0
> o=Mozilla-SIPUA-29.0 15825 0 IN IP4 0.0.0.0
> s=SIP Call
> t=0 0
> a=ice-ufrag:2102f082
> a=ice-pwd:8733e5248a7fb087b40ea45b3ca6f634
> *a=fingerprint:sha-256
> 32:AA:85:DB:D8:3C:E6:C3:46:07:11:9E:9F:54:B9:42:7F:5C:37:5F:9D:D1:AD:19:22:A3:AC:9C:6C:A5:A6:CD*
> m=audio 62290 *RTP/SAVPF* 109 0 8 101
> c=IN IP4 .....
> a=rtpmap:109 opus/48000/2
> a=ptime:20
> a=rtpmap:0 PCMU/8000
> a=rtpmap:8 PCMA/8000
> a=rtpmap:101 telephone-event/8000
> a=fmtp:101 0-15
> a=sendrecv
> .....
>

Here's the snippet for translation SRTP-RTP:

rtpengine_offer("force trust-address symmetric replace-origin
replace-session-connection ICE=force_relay *RTP/AVP*");

2. Here's final answer (from rtpengine):

SIP/2.0 200 OK
> Via: SIP/2.0/WS 9mk86fpn2d35.invalid;branch=z9hG4bK1997444
> Record-Route: <sip:......;lr;nat=yes>
> Record-Route: <sip:.....:15060;transport=udp;lr;ovid=3207d8cd>
> Record-Route: <sip:95f6551e81 at .......:10080;transport=ws;lr;ovid=3207d8cd>
> Contact: <sip:user5 at ......1:49362>
> To: <sip:user5 at .....>;tag=4d436110
> From: "user4"<sip:user4 at ....>;tag=dvf1co8urv
> Call-ID: phmq9o62cv21timhfnpf
> CSeq: 4233 INVITE
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
> SUBSCRIBE, INFO
> Content-Type: application/sdp
> Supported: replaces, eventlist
>
> User-Agent: X-Lite release 4.5.4 stamp 70864
> Content-Length: 432
>
> v=0
> o=- 1398422264455879 3 IN IP4 .....
> s=X-Lite 4 release 4.5.4 stamp 70864
> c=IN IP4 ......
> t=0 0
> m=audio 30002 *RTP/SAVPF* 109 0 8 101
> a=rtpmap:109 opus/48000/2
> a=fmtp:109 useinbandfec=1
> a=rtpmap:101 telephone-event/8000
> a=fmtp:101 0-15
> a=sendrecv
> a=rtcp:30003
> ....
>

Error from JsSIP:

{name: "INTERNAL_ERROR", message: "Could not negotiate answer SDP; cause =
> *NO_DTLS_FINGERPRINT*", __exposedProps__: Object}
>

Here's the snippet for translation RTP-SRTP:

rtpengine_answer("force trust-address symmetric replace-origin
replace-session-connection rtcp-mux-demux ICE=force *RTP/SAVPF* ");

There was another test with Chrome 34 with the same result.

Offer:

INVITE sip:user5 at .... SIP/2.0 Via: SIP/2.0/WS
ja9i6d3am6k8.invalid;branch=z9hG4bK6193236 Max-Forwards: 69 To:
<sip:user5 at ....>
From: "user4" <sip:user4 at ....>;tag=jupqetdp1v Call-ID: 7jbhpjb4r4qt8m4s2pdb
CSeq: 957 INVITE Proxy-Authorization: Digest algorithm=MD5,
username="user4", realm=".....", nonce="U1pKZ1NaSTtLo2vjK9TGyBu6Axb+EtyN",
uri="sip:user5 at ...", response="98f6275d3636664b611ff1411af982af" Contact:
<sip:user4 at ....;gr=urn:uuid:8cd4e797-7314-485f-b191-4a15a6581c42;ob> Allow:
ACK,CANCEL,BYE,OPTIONS,INVITE,MESSAGE Content-Type: application/sdp
Supported: path, outbound, gruu User-Agent: JsSIP 0.3.7 Content-Length:
1586 v=0 o=- 7510391807340598328 2 IN IP4 127.0.0.1 s=- t=0 0
a=group:BUNDLE audio a=msid-semantic: WMS
ErnvtgCDe9aR6LWxNRgT83r0mxtyAV87LUxT m=audio 51672 *RTP/SAVPF *111 103 104
0 8 106 105 13 126 c=IN IP4 10.61.2.151 a=rtcp:51672 IN IP4 .... ......
a=ice-ufrag:EMn7uHfSS7ulRGU2 a=ice-pwd:FskTdhj7qT6ELP7uTIb+gquQ
a=ice-options:google-ice *a=fingerprint:sha-256
46:6E:E0:18:4A:C5:06:A8:26:85:ED:FE:16:C1:86:5E:8D:BC:4D:D9:F2:1A:75:81:A1:A7:CE:5A:79:4D:B7:22*a=setup:actpass
a=mid:audio a=extmap:1
urn:ietf:params:rtp-hdrext:ssrc-audio-level a=sendrecv a=rtcp-mux *a=crypto:0
AES_CM_128_HMAC_SHA1_32 inline:R6qaiU7Cm471zNF6f3Q87TyXbHjEt/VhLgUgY2ZZ
a=crypto:1 AES_CM_128_HMAC_SHA1_80
inline:lch+mfN/hi9QmseWu+ss1M2vA8mwRh8GQYChaJvc* a=rtpmap:111 opus/48000/2
....
Answer:

SIP/2.0 200 OK Via: SIP/2.0/WS ja9i6d3am6k8.invalid;branch=z9hG4bK6193236
> Record-Route: <sip:...;lr;nat=yes> Record-Route:
> <sip:....:15060;transport=udp;lr;ovid=3207d8cd> Record-Route:
> <sip:712a450958 at ...:10080;transport=ws;lr;ovid=3207d8cd> Contact: <
> sip:user5 at 10.61.2.151:49362> To: <sip:user5 at ....>;tag=b8c8ee57 From:
> "user4"<sip:user4 at ...>;tag=jupqetdp1v Call-ID: 7jbhpjb4r4qt8m4s2pdb CSeq:
> 957 INVITE Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY,
> MESSAGE, SUBSCRIBE, INFO Content-Type: application/sdp Supported: replaces,
> eventlist User-Agent: X-Lite release 4.5.4 stamp 70864 Content-Length: 432
> v=0 o=- 1398425917116411 3 IN IP4 ... s=X-Lite 4 release 4.5.4 stamp 70864
> c=IN IP4 .... t=0 0 m=audio 30006 *RTP/SAVPF* 111 0 8 126 a=rtpmap:111
> opus/48000/2 a=fmtp:111 useinbandfec=1 a=rtpmap:126 telephone-event/8000
> a=fmtp:126 0-15 a=sendrecv a=rtcp:30007 ....
>

Error is JsSIP:

Failed to set remote answer sdp: Called with a SDP without crypto enabled
>

Any help on this issue would be greatly appreciated!

best regards,
Alexey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20140425/a4bf5a76/attachment.html>