[Home]

Summary:ASTERISK-04778: [patch] SIP over TCP project
Reporter:Hyoungjoo Lee (hjlee)Labels:
Date Opened:2005-08-05 00:41:44Date Closed:2008-01-18 16:02:05.000-0600
Priority:MajorRegression?No
Status:Closed/CompleteComponents:
Versions:Frequency of
Occurrence
Related
Issues:
Environment:Attachments:( 0) asterisk-1.2.10-20060821-tcp.patch
( 1) asterisk-1.2.12.1-20060919-tcp.patch
( 2) asterisk-1.2.13-20061102-tcp.patch
( 3) asterisk-1.2.13-20061203-tcp.diff.patch
( 4) asterisk-1.2.14-1-tcp.patch
( 5) asterisk-1.2.24-tcp-patch
( 6) asterisk-1.2.4-tcp.patch
( 7) asterisk-1.2.6-tcp.patch
( 8) asterisk-1.2.7.1-tcp.patch
( 9) asterisk-20060822-tcp.patch
(10) asterisk-20060823-tcp.patch
(11) asterisk-20060912c-tcp.patch
(12) asterisk-20061102-tcp.patch
(13) asterisk-20061212-tcp.patch
(14) asterisk-tls-cert-key.zip
(15) chan_sip.c
(16) hjlee-debug-original.txt
(17) Shootist.java
(18) Shootist-0.1.java
(19) sip-20070808-1.4.9.tcp
(20) siptcpchanges.patch
(21) siptcpchanges-1.0.9.patch
(22) siptcpchanges-1.0.9-latest.patch
(23) siptcpchanges2.patch
(24) siptlschanges.patch
(25) SoC-Final-siptcpchanges.patch
(26) SoC-Final-siptcpchanges-1.0.9.patch
(27) tcptest_20061207.txt
(28) tcptest_20061212.txt
(29) test.xml
(30) TLS-asterisk.log
(31) TLS-registration-invite.cap
Description:I added TCP support to asterisk SIP channel. I put all my changes under #ifdef SIP_TCP_SUPPORT and left the original code. So if you search SIP_TCP_SUPPORT, you can find my changes very easily.

My changes
-Added TCP listening socket, siptcpsock.
-Added securechannel, sockfd, transport field to struct sip_pvt.
-Added transport, tcpsockfd field to struct sip_peer.
-Added TCP read in sipsock_read().
-Added siptcp_accept() to accept an incoming TCP connection request.
-Added transport, q parameter processing in Contact header parsing.
-Changed the hard-coded "UDP" in Via header to copy sip_pvt.transport.
-Added tcp_conenct() to make a TCP connection for outgoing message.
-Added TCP transmit in __sip_xmit().
-Saved TCP connecton socket to sip_peer.tcpsockfd, copied it to sip_pvt.sockfd when OPTIONS or INVITE is sent to the peer that is using TCP.

I tested it mainly xlite(UDP only free version) and Jain-SIP communicator. call signal is working well. One problem I am having is Jain-SIP communicator doesn't receive any audio, I don't know why. If any one has xlite-pro(TCP supported commercial version) or TCP supported SIP clients, I am looking forward to hear the test result.

Welcome any comment.
Thanks


****** ADDITIONAL INFORMATION ******

-= debug snipped by vechers and moved to hjlee-debug-original.txt =-
Comments:By: Tilghman Lesher (tilghman) 2005-08-05 07:59:29

We need you to file a disclaimer with Digium before we can even look at this.

By: Hyoungjoo Lee (hjlee) 2005-08-05 10:13:25

I faxed my disclaimer(short form) a few week ago.
My name is Hyoungjoo Lee.

By: Tilghman Lesher (tilghman) 2005-08-05 10:45:42

Okay, then you need to set the "Disclaimer on File" box to "Yes" for every bug you file.

By: Hyoungjoo Lee (hjlee) 2005-08-05 22:00:21

One problem I found today:
sip_peer.tcpsockfd saves the TCP connection fd to use it later. But if the peer closes the TCP connection or peer's SIP client crashes, then this tcpsockfd becomes invalid, so sip_peer.tcpsockfd should be reset to -1 to prevent from using this invalid or possiblly wrong socket fd.

By: Olle Johansson (oej) 2005-08-11 12:19:20

This is really cool, thank you. Let's move it to experimental features while we test it out. A lot of the IP interfaces in chan_sip will change shortly and this will have to be worked on in the 1.3 cvs head.

By: Hyoungjoo Lee (hjlee) 2005-08-11 12:55:23

I tested it with Avaya SIP sfotphone and xlite, both signaling and voice worked stably. With Jain-SIP communicator, I can hear only very short period of audio at the beginning, I think it is communicator issue, not asterisk. I will wait for next Jain SIP communicator that is supposed to be the end of August.

By: mikma (mikma) 2005-08-16 09:33:32

There is no guarantee that reading a tcp socket won't return a partial SIP message or multiple messages, since tcp is a streaming protocol. It doesn't look like it is handled correctly in the patch.

By: Hyoungjoo Lee (hjlee) 2005-08-17 16:17:00

Hi mikma,

Would give more details about your concern?

By: mikma (mikma) 2005-08-17 18:44:16

The sip protocol uses double CRLF sequences and the Content-Length header field for framing. You should keep reading from the socket until you find a double CRLF sequence, which terminates the header. The header must contain a Content-Length header field that indicates the size of the body which should be read next.

"TCP sends data as a continuous stream, not as discrete messages. It is up to the application to specify where one message ends and the next begins."
http://www.tcpipguide.com/free/t_TCPFunctionsWhatTCPDoes-2.htm

RFC 3261 section 18.3
"In the case of stream-oriented transports such as TCP, the Content-Length header field indicates the size of the body.  The Content-Length header field MUST be used with stream oriented transports."

By: Hyoungjoo Lee (hjlee) 2005-08-18 13:37:00

I think mikma's claim is correct, even though current TCP read works with Jain-SIP communicator, Avaya SIP phone and Vovida ua. I will add checking double CRLF, the length of readed data and Contect-Length header field to make sure TCP reads all the SIP messages.

Thanks mikma

By: Hyoungjoo Lee (hjlee) 2005-08-24 02:31:50

The basic TLS connection is working, I tested only registration and invite.
I test asterisk TLS mode by hacking the example code in Jain-SIP stack. It is in the Jain-SIP/src/example/tls/Shootist.java. The test configuration is xlite(UDP)-asterisk server-Shootist(TLS), the xlite and Shootist is run at the same computer. The Shootist registered successfully and I can hear ring from xlite
when the Shootist invites xlite.

To make the asterisk for TLS ready, you will need the following steps.
1. Apply my TLS patch.
2. Generate certificate for asterisk server based on the book "Network Security with OpenSSL" (see chapter 3.3) and put the certificate and private key to server.pem by $cat certificate.pem privatekey.pem > server.pem. Then copy it to /var/lib/asterisk/keys/.
3. Change the password of the encrpyted private key.
4. Run asterisk

To make Jain-SIP TLS example shootist.
1. Copy asterisk certificate to Jain-SIP directory, and import it to truststore. See the end part of http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html.
2. This example SSL context is set to SSLv2 protocol, change it to
TLSv1 by adding these two lines to src/gov/nist/javax/sip/stack/TLSMessageChannel.java and src/gov/nist/javax/sip/stack/IOHandler.java.
      String[] protocols = {"TLSv1"};
      sock.setEnabledProtocols(protocols);
3. Add shootist run target to build.xml
  <target name="tlsshootist" description="run the service.">
      <java classname="examples.tls.Shootist" fork="true">
          <classpath>
              <pathelement location="${classes}"/>
          </classpath>
          <jvmarg value="-Djavax.net.ssl.trustStore=truststore"/>
          <jvmarg value="-Djavax.net.ssl.trustStorePassword=kerdosa1"/>
      </java>
  </target>
Change the password to your password.
4. Get my Shootist.java.
5. Change all the configuration info such as IP address, user name...
inside this file.
5. ant tlsshootist    <enter key>
This will run a SIP client and will register and invite.

By: Hyoungjoo Lee (hjlee) 2005-08-25 23:57:45

I made a patch against release 1.0.9 version, so that other people can apply easily. This patch support TCP and TLS. Get siptcpchanges-1.0.9.patch and enjoy!



By: Hyoungjoo Lee (hjlee) 2005-08-27 01:48:46

TLS is done. I added
-SSL object clean up : SSL oject will be freed when sip_peer is freed.
-TLS configuration & default keys : TLS related config parameters can
be specified in sip.conf. I added the default config to
configs/sip.conf.sample and defaults certificates and keys to keys
directory. So if you do install and use default setting, TLS will work
with the default keys that I generated myself. If you want to change
the asterisk certificate file other than default, then copy it to
/var/lib/asterisk/keys and specify it to sip.conf.

Please get siptcpchanges.patch of 8/27.

By: Michael Jerris (mikej) 2005-08-27 01:59:38

why are the patches for 1.0.9 so small, and the patches for head are essentially removing the entire file and replacing it?

By: Hyoungjoo Lee (hjlee) 2005-08-27 09:31:28

I did $cvs diff -u > siptcpchanges.patch for both head and 1.0.9 source tree. The 1.0.9 patch picked only difference, but head patch is against current head chan_sip.c. I pulled my head version last July 20. Anyway I think this head patch will not work. So please use 1.0.9 patch for testing. I will merge my chan_sip.c to current latest head source, then I will make head patch. Also key files are in cvs tree, so it isn't included in patch. I posted a separated zip file of key files, please unzip it in asterisk/keys directory before install.

By: Hyoungjoo Lee (hjlee) 2005-08-27 09:35:37

Hi bug marshall,

I want to delete some old patch files that I posted.
Would you give me delete permission?

By: Michael Jerris (mikej) 2005-08-27 09:38:20

I can't give you permissions to delete, but I can delete, just list the files here or contact me on irc.

By: Hyoungjoo Lee (hjlee) 2005-08-31 21:25:23

SoC-Final patch fixes the following bugs.
-Added TCP connection clean up routine when asterisk detects a remote peer closes the connection. So sip_peer or sip_pvt will not have any stalled connection and this is also the place SSL object is freed.
-Added a checking of the Content-Length header and message length in TCP, if the read bytes is less than the length of message, TCP will read again until it reads more than the length of message.

By: Brian West (bkw918) 2005-09-05 07:01:55

Can you provide a diff against CVS-HEAD?
/b

By: Hyoungjoo Lee (hjlee) 2005-09-05 09:17:30

How about patch against 1.2beta release rather than head because head changes everyday, it may not work all the time.

By: Brian West (bkw918) 2005-09-10 00:08:28

You do realize that head is going to be beta2

By: Ian Wang (ian wang) 2005-10-02 23:33:43

Register functon failed with chan_sip.c(Revision 1.5 and less).
When register Asterisk to the other SIP Proxy as SIP client configured in SIP.conf, "Via" filed in Message Header missed.

Example:
register => 2345:password@mysipprovider.com/1234
[mysipprovider-out]
type=peer
secret=password
username=2345
host=sipserver.mysipprovider.com
fromuser=2345
fromdomain=fwd.pulver.com
nat=yes
context=from-mysipprovider

By: Olle Johansson (oej) 2005-11-17 13:37:55.000-0600

Can we get an updated patch that only works with the current cvs head? Then please specify which files has to stay, and I'll remove the rest of them from this bugs report.

By: Matt O'Gorman (mogorman) 2006-01-08 10:05:26.000-0600

for the people that have tested this oej etc, what is the stability / workability of this patch?  is an updated version ready for merge?

By: Hyoungjoo Lee (hjlee) 2006-01-08 23:05:26.000-0600

It is not ready for merge. I can't work on this bug any more, becasue I got a new job last October and new company doesn't allow working on Asterisk. My new company has a VoIP related development. So I want somebody to take over this bug and finish it.

By: Olle Johansson (oej) 2006-01-09 01:00:43.000-0600

I see this as experimental and not ready for commit at all. Will use it for chan_sip3 when the new socket interface is done.

By: Bayan Towfiq (implicit) 2006-02-04 23:11:49.000-0600

Hi Oej,
If you have some time lets discuss section "18.1.1 Sending Requests" of 3261 with you to try and implement sending of messages over MTU. This seems to be more of an issue for more and more people with Video calls and the addition of custom header fields, there are also an increasing number of proxies (SER) and user agents (SNOM, Tandberg, polycom videoconferencing, etc) supporting it. I should be on IRC more soon, so we can talk there.

By: Olle Johansson (oej) 2006-02-05 08:46:16.000-0600

I will have a training class the coming week, so I need to focus on that...
Find me after that and I will be happy to discuss! Also read my mail on this topic in -dev

/O

By: Andrew Novikov (asaw) 2006-03-01 08:30:38.000-0600

I've just uploaded asterisk-1.2.4-tcp.patch. As you can guess from the name it is TCP/TLS patch ported to asterisk 1.2.4. I haven't tested TLS yet, but plain tcp just works. Hope this is useful.

By: Serge Vecher (serge-v) 2006-03-01 11:16:34.000-0600

asaw: thanks for your contribution. In order to move forward with this feature, it needs to be integrated into trunk before it makes it into stable series. Please release your patch for the latest trunk, so it can be tested and evaluated for inclusion ...

Thanks.

By: Olle Johansson (oej) 2006-03-02 01:50:08.000-0600

vechers: This code is still very experimental and far away from a complete implementation at this stage.

Asaw: We need you to confirm that you have sent a disclaimer to Digium for your additions to this code. Thank you for contributing!

By: Andrew Novikov (asaw) 2006-03-02 08:48:03.000-0600

oej, I haven't sent a disclaimer to Digium yet. Frankly, I didn't think such a contribution needs a disclaimer. Could you please provide me with information on how to do it (besides what is written in the GPL)?
As for the patch itself, it is indeed highly experimental. We are now trying to make ms live communication server work with Asterisk. Once it works I'll probably update the patch and port it to latest Asterisk.

By: Olle Johansson (oej) 2006-03-02 08:53:52.000-0600

Read the bug guidelines on the front page for information!

This patch may be able to set up a tcp connection, but you will get a lot of signalling errors since the signalling is not adopted to a reliable transport. However, I still would like this code to be disclaimed so we can work on it.

By: Andrew Novikov (asaw) 2006-03-02 09:48:33.000-0600

OK, I've just sent a fax with disclaimer. Sorry for dumb question (guidelines are not easy to find though).

By: Serge Vecher (serge-v) 2006-05-04 15:27:17

asaw: when you get a chance, please update the patch to latest trunk

By: Serge Vecher (serge-v) 2006-05-31 09:22:23

asaw, thanks for the 1.2.7.1 patch, but it is not the trunk one I was asking for.

By: Andrew Novikov (asaw) 2006-05-31 09:23:53

I've uploaded a new patch for version 1.2.7.1.
It fixes some bugs in tcp-related code and adds new option "transport=" to SIP device definition in the sip.conf configuration file. This option, if used, defines transport to be used for initiation of outgoing connections. This option accepts one of the following values: "tcp", "tls" or "udp".

For example:

[someproxy]
type=peer
host=domain.com
outboundproxy=somehostproxy.somedomain.com
disallow=all
allow=ulaw
allow=alaw
context=internal
fromdomain=domain.com
transport=tcp

This patch has been successfully tested with TCP/UDP clients, TLS is still untested. So, if someone can test TLS please do it.

By: Andrew Novikov (asaw) 2006-05-31 09:25:37

vechers, I'll update it to the trunk soon.



By: Serge Vecher (serge-v) 2006-06-12 20:24:45

Moving this to post 1.4. If somebody doesn't agree, please provide a fully-tested functional patch before the freeze :)

By: Olle Johansson (oej) 2006-06-13 02:54:59

Vechers: This is considered experimentel, not a candidate for inclusion in Asterisk as it is. Removing "Post 1.4".

By: Tilghman Lesher (tilghman) 2006-07-26 08:45:11

asaw: do we have an update for trunk yet?

By: Andrew Novikov (asaw) 2006-08-01 09:33:19

Not yet. Unfortunately, SIP implementation in asterisk is rather far from RFC and I don't have time now to fix it :( sorry...

By: William Emmanuel S. Yu (hip2b2) 2006-08-21 05:34:36

Updated patch against latest SVN trunk (2006-08-21).

By: Serge Vecher (serge-v) 2006-08-21 10:51:24

hip2b2:

Thanks for working on this. A couple of quick comments.
1) Please get a disclaimer on file and make a note here in the bug when done.
2) Please keep the patches against trunk, not release (1.2 or 1.4) branches.

By: William Emmanuel S. Yu (hip2b2) 2006-08-21 17:33:50

i patched it against http://svn.digium.com/svn/asterisk/branches/1.2 asterisk-1.2. i believe you want me to patch it against http://svn.digium.com/view/asterisk/trunk/?

will send disclaimer later? can i just scan and email it?

By: William Emmanuel S. Yu (hip2b2) 2006-08-22 02:53:01

uploaded patch against the latest Asterisk SVN trunk. i have tested this on a basic asterisk system (it builds and runs and basic UDP still works) but have not done a thorough test yet as i have not access to my test environment today. will post back to this forum once i have gotten around to doing some thorough testing it on my test system.

By: Serge Vecher (serge-v) 2006-08-22 08:55:11

hip2b2:
1) yes, you can scan&email a disclaimer form to kpfleming at digium d0t com
2) also, please post patches in uncompressed format for ease of review.
3) finally, the preferred method of making patches against trunk is with 'svn diff' command. Please see here for more info http://www.asterisk.org/developers/Patch_Howto.
that's it for now ... keep up the good work and let us know how the testing goes ;)

By: William Emmanuel S. Yu (hip2b2) 2006-08-22 23:53:04

sent disclaimer and re-uploaded patch.

By: William Emmanuel S. Yu (hip2b2) 2006-08-23 01:45:26

tested the asterisk-1.2.10-20060821-tcp.patch on the following phones for SIP UDP only: welltech lanphone 201, linksys ATA and Ekiga. i am still looking for a good TCP SIP test phone to work with for testing.

By: William Emmanuel S. Yu (hip2b2) 2006-08-23 09:29:15

tested the asterisk-20060823-tcp.patch on the following phones for SIP UDP only: welltech lanphone 201, linksys ATA and Ekiga. just got a Windows copy of the X-Lite TCP client. now will have to look for a windows PC to test it on.

By: William Emmanuel S. Yu (hip2b2) 2006-08-27 20:42:32

Thanks to Counterpath for providing me with an Eyebeam client!

I tested TCP connectivity with client and i am successfully able to connect and make calls. This is definitely a good thing. I was not able to test TLS support yet because the Eyebeam client expects a valid X.509 certificate. right now, i am just using a self-signed certificate which the eyebeam client rejects.

Client: Counterpath EyeBeam_Win32_1004p_32422

By: William Emmanuel S. Yu (hip2b2) 2006-09-11 17:12:35

Reported case where TCP clients do not close sessions properly on restart causing a problem with the TCP port 5060 not being available. I am still trying to reproduce the problem.

By: William Emmanuel S. Yu (hip2b2) 2006-09-12 02:54:01

uploaded patch against latest trunk 42823 (2006/09/12). this fixes a bug in the transport string matching. asterisk-20060912b-tcp.patch.



By: William Emmanuel S. Yu (hip2b2) 2006-09-13 17:31:28

uploaed the file asterisk-1.2.12.1-20060821-tcp.patch which is a patch against the current asterisk 1.2.12.1 branch. i will try to keep the 1.2 branch updated because most of the users who deploy this patch use that branch. so it is good for testing.

aside from updating the patch to fit the branch. the patch already contains the transport mis-match bug fix also include in 42823.

By: William Emmanuel S. Yu (hip2b2) 2006-09-18 18:27:17

updated patch to fix a "missing else" bug. this causes the transport string to not be propagated properly when the connection is not UDP.

By: Serge Vecher (serge-v) 2006-09-19 08:23:54

cleaning up old patches ...

By: Olle Johansson (oej) 2006-10-31 05:26:52.000-0600

This work is still considered experimental, but seems to be making some progress. In it's current state, it's not a candidate for inclusion in subversion.

By: William Emmanuel S. Yu (hip2b2) 2006-11-01 21:45:36.000-0600

updated patches for Asterisk SVN trunk (20061102) and Asterisk 1.2.13.

By: tanischen (tanischen) 2006-12-04 00:06:36.000-0600

updated patches for fixing chan_sip stop response problem after reloaded. asterisk-1.2.13-20061203-tcp.diff.patch

Hail hip2b2:
I found a bug that chan_sip stop response udp after reloaded till it got a tcp packet.
Then chan_sip will keep working on handling SIP request,though chan_sip has stopped response for a couple of time.

I make a patch follow the description of issue ASTERISK-7733,so make sure chan_sip will work fine after reloaded.
The patch file is "asterisk-1.2.13-20061203-tcp.diff.patch" which originated from "asterisk-1.2.13-20061203-tcp.patch".

The main part which I made is by adding the following 2 values:
#ifdef SIP_TCP_SUPPORT
static int *siptcpsock_read_id;
static int *siptlssock_read_id;
#endif
And two new functions which include this 2 value ,to solve issue ASTERISK-7733 on tcp&tls channel.

I test the tcp channel with Live Communication 2005 SP1,it works fine on my ast1.2.13 server.
And same as tls channel on SIPp,I used SIPp to test tls and it works.

But I am not good at c program,so maybe you want to check if this patch works.

Any comment is welcome.

Hope this help and thanks for this work.

By: tanischen (tanischen) 2006-12-07 02:21:37.000-0600

Sorry for the failure test above,I should do more detail test before I make any discuss.
The reload problems is not exist,it just need more time on my system that service 20(or more) people.

So patch "asterisk-1.2.13-20061203-tcp.diff.patch" is no use.Please remove it,thx.

This patch works for TCP client like LCS/CounterPath eyeBeam,But not stable enough when testing with sipp,it looks that the patch still need more work.

Any way,I do a couple of test to see if it is stable,and I posted the test report on the file test_20061207.txt so you can re-product the full test.

Hope this helps and thanks the works.



By: Serge Vecher (serge-v) 2006-12-07 10:07:35.000-0600

tanischen: fyi, this feature is considered experimental, so there is now way it will ever be considered for 1.2.x. You are obviously welcome to do whatever you want; however, if you'd like to see this feature considered for inclusion into the release branch, please redo and test the patch against the current trunk code instead of or in addition to making it work on 1.2.x.

By: William Emmanuel S. Yu (hip2b2) 2006-12-07 18:41:48.000-0600

hi tanischen, i have not been testing this patch for quite some time but would be glad to merge your changes with both 1.2 and SVN trunks. just me me a patch against my changes. this saves me merging time. thanks!

By: tanischen (tanischen) 2006-12-11 23:38:00.000-0600

updated patches for Asterisk SVN trunk (20061212)
uploaded test report tcptest_20061212.txt

Sorry for the delay test.
I redo full test on SVN 20061212.

This time asterisk did not crash anymore when using this patch with ssl mode,but found following bugs:

1.Asterisk can't response correct SIP TCP on peer regist,even add the "transport=tcp" into conf setting.
[409]
type=peer
host=dynamic
username=409
callerid=409 <409>
nat=yes
qualify=yes
canreinvite=no
context=default
pickupgroup=1
callgroup=1
disallow=all
allow=gsm
transport=tcp

2.Asterisk can't response correct SIP TCP on peer OPTIONS,even add the "transport=tcp" into conf setting.
[192.168.10.192]
type=peer
host=192.168.10.192
username=lcs
fromuser=lcs
callerid=lcs <lcs>
insecure=no
nat=yes
qualify=yes
canreinvite=no
context=sipproxy
port=5060
dtmfmode=rfc2833
usereqphone=yes
disallow=all
allow=ulaw
transport=tcp

Also,I post a new tcp patch so can apply it to the latest SVN version.
(The string srvlookup in patch was changed to global_srvlookup at SVN 20061212)

Hope this helps and Thanks for the reply.



By: sparvata (sparvata) 2006-12-19 12:24:36.000-0600

Hi,

I have asterisk 1.4.0-beta3 installed. Can I install this patch for that version?

Thanks in advance.

By: Serge Vecher (serge-v) 2006-12-19 12:36:47.000-0600

sparvata: as has been mentioned numerous times (most recently in 0056070), the new feature patches are to be developed strictly against trunk. While we allow the current trunk patches to be complemented with "release branch" patches; these are provided with no support and there is to be absolutely no discussion of performance of release branch patches on the bug-tracker. Thanks for understanding.

By: sparvata (sparvata) 2006-12-19 15:47:52.000-0600

Hi,

Ok I applied the patch to the trunk and the compilation went fine. However, I am not able to start the asterisk server. I get the following error when the command "asterisk -dd" was issued:
[root@localhost channels]# asterisk -dd
Parsing /etc/asterisk/asterisk.conf
Parsing /etc/asterisk/extconfig.conf
Parsing /etc/asterisk/logger.conf
[Dec 19 13:44:42] NOTICE[24580]: manager.c:2999 init_manager: Invalid keyword <displaysystemname> = <yes> in manager.conf [general]
[Dec 19 13:44:42] NOTICE[24580]: cdr.c:1093 do_reload: CDR simple logging enabled.
[Dec 19 13:44:42] NOTICE[24580]: loader.c:793 load_modules: 135 modules will be loaded.
[Dec 19 13:44:42] WARNING[24580]: res_smdi.c:725 load_module: No SMDI interfaces are available to listen on, not starting SDMI listener.
[Dec 19 13:44:42] WARNING[24580]: loader.c:363 load_dynamic_module: Error loading module 'func_curl.so': libcurl.so.4: cannot open shared object file: No such file or directory
asterisk: relocation error: /usr/lib/asterisk/modules/chan_sip.so: undefined symbol: SSL_library_init

Do I have to set the library path or anything for ssl library?
I have openssl-devel-0.9.7a-20.2 and openssl-0.9.7a-20.2 on red hat version 9 with kernel 2.6.18.

By: William Emmanuel S. Yu (hip2b2) 2006-12-19 18:16:05.000-0600

is your ssl library path in the ld.so.conf? also did you do a ldconfig after adding it there? also ensure that you have the curl libraries.

By: kumar vivek (kumarvivek_24) 2007-01-18 04:23:47.000-0600

hello all

i have successfully patched asterisk with tcp patch but i don't know the procedure to test tls with eyebeam sip client. please help me how can i create certificate on server and how to use them on eyebeam sip client.
reply soon.
thanks



By: William Emmanuel S. Yu (hip2b2) 2007-02-01 16:36:18.000-0600

updated patch against 1.2.14.

By: Serge Vecher (serge-v) 2007-02-05 13:33:00.000-0600

hip2b2: don't forget to always upload a corresponding trunk patch. Thanks.

By: Gabriel Michaud (gmichaud) 2007-03-24 20:03:28

Hello,

I'm trying to use your patch to connect with Microsoft Speech Server 2007 which only supports SIP over TCP. Upon connection, Speech Server returns a 302 Moved Temporarily message. It seems that the 302 Moved Temporarily message is not handled properly; Asterisk connects to the new URI using UDP even if transport=TCP is specified in the 302 Moved Temporarily message.

Here's my SIP debug log. Any help would be appreciated.

We're at 192.168.1.201 port 12224
Adding codec 0x4 (ulaw) to SDP
Adding non-codec 0x1 (telephone-event) to SDP
13 headers, 10 lines
Reliably Transmitting (no NAT) to 192.168.1.203:5060:TCP
with fd -1
INVITE sip:1234@192.168.1.203;user=phone SIP/2.0
Via: SIP/2.0/TCP 192.168.1.201:5060;branch=z9hG4bK0d024e7b;rport
From: "Gabriel (MacBook)" <sip:105@192.168.1.201>;tag=as100070e8
To: <sip:1234@192.168.1.203;user=phone>
Contact: <sip:105@192.168.1.201;transport=TCP>
Call-ID: 02fd64aa0204028f4b480aae495bdf97@192.168.1.201
CSeq: 102 INVITE
User-Agent: Asterisk PBX
Max-Forwards: 70
Date: Sun, 25 Mar 2007 00:58:04 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Content-Type: application/sdp
Content-Length: 218

v=0
o=root 10075 10075 IN IP4 192.168.1.201
s=session
c=IN IP4 192.168.1.201
t=0 0
m=audio 12224 RTP/AVP 0 101
a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=silenceSupp:off - - - -

---
 == Successfuly TCP connected fd 31 to 192.168.1.203:5060
TCP write: fd 31
asterisk1*CLI>
<-- Sip read from 192.168.1.203:5060:TCP
SIP/2.0 100 Trying
FROM: "Gabriel (MacBook)"<sip:105@192.168.1.201>;tag=as100070e8
TO: <sip:1234@192.168.1.203;user=phone>
CSEQ: 102 INVITE
CALL-ID: 02fd64aa0204028f4b480aae495bdf97@192.168.1.201
MAX-FORWARDS: 70
VIA: SIP/2.0/TCP 192.168.1.201:5060;branch=z9hG4bK0d024e7b;rport
CONTENT-LENGTH: 0


--- (8 headers 0 lines) ---
asterisk1*CLI>
<-- Sip read from 192.168.1.203:5060:TCP
SIP/2.0 302 Moved Temporarily
FROM: "Gabriel (MacBook)"<sip:105@192.168.1.201>;tag=as100070e8
TO: <sip:1234@192.168.1.203;user=phone>;tag=809da54512
CSEQ: 102 INVITE
CALL-ID: 02fd64aa0204028f4b480aae495bdf97@192.168.1.201
MAX-FORWARDS: 70
VIA: SIP/2.0/TCP 192.168.1.201:5060;branch=z9hG4bK0d024e7b;rport
CONTACT: <sip:1234@192.168.1.203:1404;user=phone;transport=Tcp;maddr=192.168.1.203;x-mss-call-id=02fd64aa0204028f4b480aae495bdf97%40192.168.1.201>
CONTENT-LENGTH: 0
SERVER: RTCC/3.0.0.0


--- (10 headers 0 lines) ---
Transmitting (no NAT) to 192.168.1.203:5060:TCP
with fd 31
ACK sip:1234@192.168.1.203;user=phone SIP/2.0
Via: SIP/2.0/TCP 192.168.1.201:5060;branch=z9hG4bK0d024e7b;rport
From: "Gabriel (MacBook)" <sip:105@192.168.1.201>;tag=as100070e8
To: <sip:1234@192.168.1.203;user=phone>;tag=809da54512
Contact: <sip:105@192.168.1.201;transport=TCP>
Call-ID: 02fd64aa0204028f4b480aae495bdf97@192.168.1.201
CSeq: 102 ACK
User-Agent: Asterisk PBX
Max-Forwards: 70
Content-Length: 0


---
TCP write: fd 31
We're at 192.168.1.201 port 18948
Adding codec 0x100 (g729) to SDP
Adding codec 0x4 (ulaw) to SDP
Adding codec 0x8 (alaw) to SDP
Adding non-codec 0x1 (telephone-event) to SDP
13 headers, 13 lines
Reliably Transmitting (no NAT) to 192.168.1.203:1404:UDP
with fd -1
INVITE sip:1234@192.168.1.203:1404 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.201:5060;branch=z9hG4bK23022408;rport
From: "Gabriel (MacBook)" <sip:105@192.168.1.201>;tag=as0d13dd5a
To: <sip:1234@192.168.1.203:1404>
Contact: <sip:105@192.168.1.201;transport=UDP>
Call-ID: 2ebefbb91b7f7bf83347da64158eafc4@192.168.1.201
CSeq: 102 INVITE
User-Agent: Asterisk PBX
Max-Forwards: 70
Date: Sun, 25 Mar 2007 00:58:05 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Content-Type: application/sdp
Content-Length: 289

v=0
o=root 10075 10075 IN IP4 192.168.1.201
s=session
c=IN IP4 192.168.1.201
t=0 0
m=audio 18948 RTP/AVP 18 0 8 101
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=silenceSupp:off - - - -

---
UDP write: fd -1
Destroying call '02fd64aa0204028f4b480aae495bdf97@192.168.1.201'
Retransmitting #1 (no NAT) to 192.168.1.203:1404:
INVITE sip:1234@192.168.1.203:1404 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.201:5060;branch=z9hG4bK23022408;rport
From: "Gabriel (MacBook)" <sip:105@192.168.1.201>;tag=as0d13dd5a
To: <sip:1234@192.168.1.203:1404>
Contact: <sip:105@192.168.1.201;transport=UDP>
Call-ID: 2ebefbb91b7f7bf83347da64158eafc4@192.168.1.201
CSeq: 102 INVITE
User-Agent: Asterisk PBX
Max-Forwards: 70
Date: Sun, 25 Mar 2007 00:58:05 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Content-Type: application/sdp
Content-Length: 289

v=0
o=root 10075 10075 IN IP4 192.168.1.201
s=session
c=IN IP4 192.168.1.201
t=0 0
m=audio 18948 RTP/AVP 18 0 8 101
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=silenceSupp:off - - - -
a=silenceSupp:off - - - -

By: Jon Webster (jon) 2007-03-26 13:06:24

I ran into the same problem with Exchange 2007. I found the commandlet
Set-UMDialPlan -Identity "Test" -VOIPSecurity:unsecured

using unsecured disabled the Moved Temporarily message, though more important projects have prevented me from working on this further.

By: iwaoka (iwaoka) 2007-03-28 20:43:22

I encountered the same problem, too.

In my case
I am running the Exchange2007 evaluation version with a virtual machine of the x86 base.
Asterisk1.2.13 is used on FreeBSD, and Asterisk-1.2.13-20061102-tcp.patch is used.

Consequentially, operation was able to be confirmed by changing chan_sip.c.

The changed point is as follows.

in function create_addr()
 It set it to TCP compulsorily for specific IP.
 ->It is not smart.

in function sipsock_read()
 It corresponded to double CRLF.
 It corresponded when two or more headers were read by one reception.
 ->It might be a peculiar problem to FreeBSD.
   SIP/SD was not treatable well by double CRLF.
   There was a thing that read two or more headers by the read()
   function and was not treatable.

*******************
I am sorry. Because English was not understood well, the translation site was
used.

By: Gregory Hinton Nietsky (irroot) 2007-08-08 03:55:15

this seems to have stagnated here is a patch i put together for 1.4.9 it does not do TLS i tred to keep it as clean as possible i need it for the RFC4662 support im werkin on...

ASTERISK-9999

By: Jon Webster (jon) 2007-08-08 11:11:33

There was an update to this issue in the dev mailing list, which is worth a read.
http://lists.digium.com/pipermail/asterisk-dev/2006-February/018483.html

By: Russell Bryant (russell) 2007-08-08 13:19:42

Here is another related mailing list post:

http://lists.digium.com/pipermail/asterisk-dev/2007-July/028454.html

By: Gregory Hinton Nietsky (irroot) 2007-08-10 08:12:15

thx for the 411.

as im trying to do the bare bones and try keep inline with the RFC here a few things required.

in the hope of it benifiting ill continue ... besides im learning a bit more about sip at the same time

from the RFC
----------
  All SIP elements MUST implement UDP and TCP.  SIP elements MAY
  implement other protocols.

     Making TCP mandatory for the UA is a substantial change from RFC
     2543.  It has arisen out of the need to handle larger messages,
     which MUST use TCP, as discussed below.  Thus, even if an element
     never sends large messages, it may receive one and needs to be
     able to handle them.

  o  RFC 2543 mandated retransmission of INVITE responses over TCP, but
     noted it was really only needed for 2xx.  That was an artifact of
     insufficient protocol layering.  With a more coherent transaction
     layer defined here, that is no longer needed.  Only 2xx responses
     to INVITEs are retransmitted over TCP.

Timer changes

Timer D  > 32s for UDP    Section 17.1.1.2     Wait time for response
        0s for TCP/SCTP                       retransmit
Timer I  T4 for UDP       Section 17.2.1       Wait time for
        0s for TCP/SCTP                       ACK retransmits
Timer J  64*T1 for UDP    Section 17.2.2       Wait time for
        0s for TCP/SCTP                       non-INVITE request
Timer K  T4 for UDP       Section 17.1.2.2     Wait time for
        0s for TCP/SCTP                       response retransmits
Timer A  initially T1     Section 17.1.1.2     INVITE request retransmit
                                              interval, for UDP only

By: thermalwetland (thermalwetland) 2007-09-09 03:26:11

Is there anything you need to do to enable this beside:
transport=tcp
tcpenable=yes

transport=tcp is in the sip.conf context I am trying dial out with.

The debug files still show UDP being used.  I am using 1.4.9 with the patch.

Any help would be appreciated.

Thanks,
Thermal



By: Daniel Fernandez (student) 2007-09-13 13:29:56

Hello,

I'm experimenting exactly the same issue as "thermalwetland" stated. I read in another forum that ip phones usually look at the dns srv entry, to see if the server supports tls or not. Maybe that's the solution. I'll check if it works.

Regards,
Student

By: Dinesh Nair (alphaque) 2007-09-26 05:59:23

i've attached file asterisk-1.2.24-tcp-patch which is essentially  asterisk-1.2.14-1-tcp.patch cleaned up to apply cleanly to asterisk 1.2.24. i've also tested asterisk 1.2.24 with SIP TCP over the Nokia E61 mobile clients and it does seem to work.

By: Michiel van Baak (mvanbaak) 2007-09-26 06:06:18

alphaque: Can you provide a patch against current svn trunk ?
As serge-v stated several times this is a new feature and should be developed for trunk, not a release (1.2 or 1.4)

By: Dinesh Nair (alphaque) 2007-09-26 06:51:28

mvanbaak, i provided the patch against 1.2.x because that is run and to have this on mantis for those still running 1.2.x. i do know that it wont be committed into the 1.2.x branch.

unfortunately, my 1.4.x kungfu is not yet strong enough for me to make the necessary changes for a patch to 1.4.x. hopefully someone could extend the 1.2.x patch for 1.4.x in some foreseeable future.

By: james.chiang (jamesnet) 2007-10-24 03:47:04

I get some sip over tcp problem with the patch to access exchange 2007 UM.

Porblem: Can't received sip over tcp packet from sipsock_read when UM not reply the tcp ack after asterisk request invite.

P.S In this case eyebem and sipx both are work well.

Success flow as folling  
1.asterisk: tcp syn ack
2.UM : tcp ack
3.asterisk: sip over tcp invite
4.UM : tcp ack
5.UM : sip over tcp 100 trying
6.UM : sip over tcp 180 ringing
7.UM : sip over tcp 200 ok

Failure flow as folling  
1.asterisk: tcp syn ack
2.UM : tcp ack
3.asterisk: sip over tcp invite
4.UM : sip over tcp 100 trying
5.UM : sip over tcp 180 ringing -- missed
6.UM : sip over tcp 200 ok -- missed

Any help would be appreciated.

Thanks,
James



By: Raj Jain (rjain) 2007-11-03 09:33:04

I haven't studied this patch in great detail. However, one thing about supporting SIP-over-TCP is that it is much more than delineating SIP messages in a TCP byte stream. There are quite a few issues that one needs to grapple with. Some of us wrote an internet-draft in the IETF to provide guidelines to implementers who wish to develop SIP over connection-oriented transport protocols such as TCP and SCTP:

http://www.croczilla.com/zap/rfcs/draft-gurbani-sipping-connection-guidelines-01.txt

In general, SIP-over-TCP implementations face some major issues such as the following:

1. NAT Traversal: The problem of SIP NAT traversal is much worst w/ TCP than w/ UDP. Basically, you'll have to always initiate the TCP connection from the client sitting behind the NAT and keep it open otherwise the NAT will block the call from Asterisk to user/peer. The I-D below discusses this topic in plenty detail:

http://www.ietf.org/internet-drafts/draft-ietf-sip-outbound-10.txt

2. The need for persistent-connections becomes really important when you run SIP/TLS/TCP. The issue is latency introduced in TLS connection establishments which will add to post-dial latency. So, this becomes a pretty critical requirement for SIP trunking scenarios. The I-D below discusses this topic (it proposes using LRU for managing TCP sockets and also offers a nice optimization that allows you to use one TCP socket for transactions in opposite directions):

http://www.ietf.org/internet-drafts/draft-ietf-sip-connect-reuse-08.txt

If someone has given any thought to these issues with respect to SIP-over-TCP support in Asterisk then please share your insight.



By: Digium Subversion (svnbot) 2008-01-18 16:02:05.000-0600

Repository: asterisk
Revision: 99085

U   trunk/CHANGES
U   trunk/CREDITS
U   trunk/channels/chan_sip.c
U   trunk/configs/sip.conf.sample
A   trunk/doc/siptls.txt
U   trunk/include/asterisk/http.h
A   trunk/include/asterisk/tcptls.h
U   trunk/main/Makefile
U   trunk/main/http.c
U   trunk/main/manager.c
A   trunk/main/tcptls.c

------------------------------------------------------------------------
r99085 | russell | 2008-01-18 16:02:03 -0600 (Fri, 18 Jan 2008) | 13 lines

Merge changes from team/group/sip-tcptls

This set of changes introduces TCP and TLS support for chan_sip.  There are various
new options in configs/sip.conf.sample that are used to enable these features.  Also,
there is a document, doc/siptls.txt that describes some things in more detail.

This code was implemented by Brett Bryant and James Golovich.  It was reviewed
by Joshua Colp and myself.  A number of other people participated in the testing
of this code, but since it was done outside of the bug tracker, I do not have their
names.  If you were one of them, thanks a lot for the help!

(closes issue ASTERISK-4778, but with completely different code that what exists there.)

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=99085