Details

    • Type: New Feature New Feature
    • Status: Closed
    • Severity: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Target Release Version/s: None
    • Labels:
      None
    • SVN Revision Number:
      48491
    • Mantis ID:
      5413
    • Regression:
      No

      Description

      This patch adds initial support for secure RTP using libsrt[1]. It can
      be used in for example an implementation of the sdecriptions draft[2].

      [1] http://srtp.sourceforge.net/srtp.html
      [2] http://www.ietf.org/internet-drafts/draft-ietf-mmusic-sdescriptions-12.txt

      Update (16/03/2010): Branch against trunk is located here http://svn.asterisk.org/svn/asterisk/team/group/srtp_reboot

          • IF TESTING, PLEASE USE THE ABOVE BRANCH AND NOT THE PATCHED ATTACHED TO THIS ISSUE AS THEY ARE OUT OF DATE ***
                • ADDITIONAL INFORMATION ******

      Example:

      #define CRYPTO_KEY_LEN 30

      /* Declarations */
      ast_policy_t *local_policy;
      unsigned char local_key[CRYPTO_KEY_LEN];
      char local_key64[50];
      ast_policy_t *remote_policy;
      unsigned char remote_key[CRYPTO_KEY_LEN];

      /* Allocate policies and generate key */
      remote_policy = ast_policy_alloc();
      local_policy = ast_policy_alloc();
      ast_get_random(local_key, CRYPTO_KEY_LEN);
      ast_policy_set_key(local_policy, local_key, CRYPTO_KEY_LEN);
      ast_base64encode(local_key64, local_key, CRYPTO_KEY_LEN, sizeof(local_key64));

      /* Activate SRTP */
      suite_val = AST_AES_CM_128_HMAC_SHA1_80;
      key_len = ast_base64decode(remote_key, salt, sizeof(remote_key));
      ast_policy_set_suite(local_policy, suite_val);
      ast_policy_set_suite(remote_policy, suite_val);
      ast_policy_set_key(remote_policy, remote_key, key_len);
      ast_rtp_set_io_policy(rtp, remote_policy, local_policy);

      (The return values should be checked, but I have removed it from the
      example to make it clearer)

      1. ast_srtp_depend.patch
        0.9 kB
      2. ast_srtp_r51249_mikey_r3124.patch
        94 kB
      3. ast_srtp_r61760_mikey_r3250.patch
        96 kB
      4. ast_srtp_r81432_mikey_r3412.patch
        96 kB
        mikma
      5. ast_srtp_trunk_r29093.patch
        27 kB
      6. ast_srtp_trunk_r48360.patch
        374 kB
      7. ast_srtp_trunk_r48491.patch
        375 kB
      8. ast_srtp6.patch
        38 kB
      9. ast_srtp7.patch
        2 kB
      10. asterisk-1.6.2.0-rc3-srtp.patch
        527 kB
        Stefan Tichy
      11. asterisk-1.6.2.0-rc3-srtp-test.patch
        0.4 kB
        Stefan Tichy
      12. asterisk-oej-securertp-trunk-r34330.patch
        10 kB
      13. asterisk-oej-securertp-trunk-r34481.patch
        20 kB
      14. srtp_ast-1.6.2_v3.patch
        55 kB
        Kristijan Vrban
      15. srtp_missing_free.patch
        0.4 kB
        Kristijan Vrban
      16. SRTP%20SoundPoint%20IP-TB25751_3725-17495-001_RevB.pdf
        165 kB

        Activity

        Hide
        joels added a comment -

        Call from a Nokia E72 (31.023) -> eyeBeam:

        <--- SIP read from TLS:86.96.229.88:55324 --->
        INVITE sips:5553000@sec.maeg.com;user=phone SIP/2.0
        Route: <sips:sec.maeg.com:6000;lr;transport=TCP>
        Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bK3b632jceelhc6trv07mgkmi;rport
        From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg
        To: <sips:5553000@sec.maeg.com;user=phone>
        Contact: <sips:4cWDAREngqRPezacKC47@192.168.178.104;transport=TCP>
        Supported: precondition,100rel,timer,sec-agree
        CSeq: 3096 INVITE
        Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9
        Allow: UPDATE,PRACK,SUBSCRIBE,REFER,NOTIFY,INVITE,ACK,CANCEL,OPTIONS,BYE
        User-Agent: Nokia RM-530 031.023 00-BD-3A-00-10-8C
        Expires: 120
        Privacy: None
        Session-Expires: 300
        Max-Forwards: 70
        Content-Type: application/sdp
        Accept-Language: de
        Content-Length: 524

        v=0
        o=5553001 63441302944196250 63441302944196250 IN IP4 192.168.178.104
        s=-
        c=IN IP4 192.168.178.104
        t=0 0
        m=audio 16384 RTP/SAVP 8 18 98
        a=sendrecv
        a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:VGI3Y2N5ZUFhM015UnZTZ0VnakVXeWJXdjRJQWhV
        a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:ZVBBUmhWQlc2SWJzTWl5Ml9Hc1psMFRBZEc0Q3VS
        a=curr:sec e2e none
        a=des:sec optional e2e sendrecv
        a=rtpmap:8 PCMA/8000
        a=ptime:20
        a=maxptime:200
        a=rtpmap:18 G729/8000
        a=fmtp:18 annexb=yes
        a=rtpmap:98 telephone-event/8000
        a=fmtp:98 0-15

        <------------->
        — (18 headers 18 lines) —
        Sending to 86.96.229.88 : 5060 (no NAT)
        Using INVITE request as basis request - yflivjE3oIccB07J2B7_JOYGHFZeU9
        Found peer '5553001' for '5553001' from 86.96.229.88:55324
        81-89-105-60*CLI>
        <--- Reliably Transmitting (NAT) to 86.96.229.88:55324 --->
        SIP/2.0 401 Unauthorized
        Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bK3b632jceelhc6trv07mgkmi;received=86.96.229.88;rport=55324
        From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg
        To: <sips:5553000@sec.maeg.com;user=phone>;tag=as59fd410d
        Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9
        CSeq: 3096 INVITE
        Server: MAEG TLS SEC
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
        Supported: replaces, timer
        WWW-Authenticate: Digest algorithm=MD5, realm="maeg.com", nonce="6ae9216f"
        Content-Length: 0

        <------------>
        Scheduling destruction of SIP dialog 'yflivjE3oIccB07J2B7_JOYGHFZeU9' in 32000 ms (Method: INVITE)
        81-89-105-60*CLI>
        <--- SIP read from TLS:86.96.229.88:55324 --->
        ACK sips:5553000@sec.maeg.com;user=phone SIP/2.0
        Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bK3b632jceelhc6trv07mgkmi;rport
        Route: <sips:sec.maeg.com:6000;lr;transport=TCP>
        From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg
        To: <sips:5553000@sec.maeg.com;user=phone>;tag=as59fd410d
        Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9
        CSeq: 3096 ACK
        Supported: sec-agree
        Max-Forwards: 70
        Content-Length: 0

        <------------->
        — (10 headers 0 lines) —
        81-89-105-60*CLI>
        <--- SIP read from TLS:86.96.229.88:55324 --->
        INVITE sips:5553000@sec.maeg.com;user=phone SIP/2.0
        Route: <sips:sec.maeg.com:6000;lr;transport=TCP>
        Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bKrvljqrmjo82unjm3e0p77j3;rport
        From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg
        To: <sips:5553000@sec.maeg.com;user=phone>
        Contact: <sips:4cWDAREngqRPezacKC47@192.168.178.104;transport=TCP>
        Supported: precondition,100rel,timer,sec-agree
        CSeq: 3097 INVITE
        Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9
        Allow: UPDATE,PRACK,SUBSCRIBE,REFER,NOTIFY,INVITE,ACK,CANCEL,OPTIONS,BYE
        User-Agent: Nokia RM-530 031.023 00-BD-3A-00-10-8C
        Expires: 120
        Privacy: None
        Session-Expires: 300
        Max-Forwards: 70
        Authorization: Digest realm="maeg.com",nonce="6ae9216f",algorithm=MD5,username="5553001",uri="sips:5553000@sec.maeg.com;user=phone",response="ee9ec3e329301a764d7b54cf61d08586"
        Content-Type: application/sdp
        Accept-Language: de
        Content-Length: 524

        v=0
        o=5553001 63441302944196250 63441302944196250 IN IP4 192.168.178.104
        s=-
        c=IN IP4 192.168.178.104
        t=0 0
        m=audio 16384 RTP/SAVP 8 18 98
        a=sendrecv
        a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:VGI3Y2N5ZUFhM015UnZTZ0VnakVXeWJXdjRJQWhV
        a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:ZVBBUmhWQlc2SWJzTWl5Ml9Hc1psMFRBZEc0Q3VS
        a=curr:sec e2e none
        a=des:sec optional e2e sendrecv
        a=rtpmap:8 PCMA/8000
        a=ptime:20
        a=maxptime:200
        a=rtpmap:18 G729/8000
        a=fmtp:18 annexb=yes
        a=rtpmap:98 telephone-event/8000
        a=fmtp:98 0-15

        <------------->
        — (19 headers 18 lines) —
        Sending to 86.96.229.88 : 55324 (NAT)
        Using INVITE request as basis request - yflivjE3oIccB07J2B7_JOYGHFZeU9
        Found peer '5553001' for '5553001' from 86.96.229.88:55324
        Found RTP audio format 8
        Found RTP audio format 18
        Found RTP audio format 98
        Found audio description format PCMA for ID 8
        Found audio description format G729 for ID 18
        Found audio description format telephone-event for ID 98
        Capabilities: us - 0x8 (alaw), peer - audio=0x108 (alaw|g729)/video=0x0 (nothing)/text=0x0 (nothing), combined - 0x8 (alaw)
        Non-codec capabilities (dtmf): us - 0x0 (nothing), peer - 0x1 (telephone-event|), combined - 0x0 (nothing)
        Peer audio RTP is at port 192.168.178.104:16384
        Looking for 5553000 in from-sip (domain sec.maeg.com)
        list_route: hop: <sips:4cWDAREngqRPezacKC47@192.168.178.104;transport=TCP>
        81-89-105-60*CLI>
        <--- Transmitting (NAT) to 86.96.229.88:55324 --->
        SIP/2.0 100 Trying
        Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bKrvljqrmjo82unjm3e0p77j3;received=86.96.229.88;rport=55324
        From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg
        To: <sips:5553000@sec.maeg.com;user=phone>
        Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9
        CSeq: 3097 INVITE
        Server: MAEG TLS SEC
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
        Supported: replaces, timer
        Require: timer
        Session-Expires: 300;refresher=uas
        Contact: <sip:5553000@65.49.14.19;transport=TLS>
        Content-Length: 0

        <------------>
        Audio is at 65.49.14.19 port 27064
        Adding codec 0x8 (alaw) to SDP
        Reliably Transmitting (NAT) to 86.96.229.88:50093:
        INVITE sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b SIP/2.0
        Via: SIP/2.0/TLS 65.49.14.19:5061;branch=z9hG4bK16f800a2;rport
        Max-Forwards: 70
        From: "Jochen E72 TLS UNCC" <sip:5553001@sec.maeg.com>;tag=as4ef71c16
        To: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>
        Contact: <sip:5553001@65.49.14.19;transport=TLS>
        Call-ID: 035b2c465a81dd720d193f00012f7e7d@sec.maeg.com
        CSeq: 102 INVITE
        User-Agent: MAEG TLS SEC
        Date: Wed, 05 May 2010 06:08:40 GMT
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
        Supported: replaces, timer
        Content-Type: application/sdp
        Content-Length: 280

        v=0
        o=MAEG 569318442 569318442 IN IP4 65.49.14.19
        s=MAEG TLS
        c=IN IP4 65.49.14.19
        t=0 0
        m=audio 27064 RTP/SAVP 8
        a=rtpmap:8 PCMA/8000
        a=silenceSupp:off - - - -
        a=ptime:20
        a=sendrecv
        a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:4lyVB4wPy9uP1olUfUDmRyGNC+u8wGxNWLMtnl70


        81-89-105-60*CLI>
        <--- SIP read from TLS:86.96.229.88:50093 --->
        SIP/2.0 180 Ringing
        Via: SIP/2.0/TLS 65.49.14.19:5061;branch=z9hG4bK16f800a2;rport=5061
        Contact: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>
        To: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>;tag=1e0be518
        From: "Jochen E72 TLS UNCC"<sip:5553001@sec.maeg.com>;tag=as4ef71c16
        Call-ID: 035b2c465a81dd720d193f00012f7e7d@sec.maeg.com
        CSeq: 102 INVITE
        User-Agent: eyeBeam release 1102q stamp 51814
        Content-Length: 0

        <------------->
        — (9 headers 0 lines) —
        81-89-105-60*CLI>
        <--- Transmitting (NAT) to 86.96.229.88:55324 --->
        SIP/2.0 180 Ringing
        Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bKrvljqrmjo82unjm3e0p77j3;received=86.96.229.88;rport=55324
        From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg
        To: <sips:5553000@sec.maeg.com;user=phone>;tag=as48b920d0
        Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9
        CSeq: 3097 INVITE
        Server: MAEG TLS SEC
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
        Supported: replaces, timer
        Require: timer
        Session-Expires: 300;refresher=uas
        Contact: <sip:5553000@65.49.14.19;transport=TLS>
        Content-Length: 0

        <------------>
        81-89-105-60*CLI>
        <--- SIP read from TLS:86.96.229.88:50093 --->

        <------------->
        81-89-105-60*CLI>
        <--- SIP read from TLS:86.96.229.88:50093 --->
        SIP/2.0 200 OK
        Via: SIP/2.0/TLS 65.49.14.19:5061;branch=z9hG4bK16f800a2;rport=5061
        Contact: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>
        To: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>;tag=1e0be518
        From: "Jochen E72 TLS UNCC"<sip:5553001@sec.maeg.com>;tag=as4ef71c16
        Call-ID: 035b2c465a81dd720d193f00012f7e7d@sec.maeg.com
        CSeq: 102 INVITE
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO
        Content-Type: application/sdp
        User-Agent: eyeBeam release 1102q stamp 51814
        Content-Length: 217

        v=0
        o=- 8 2 IN IP4 192.168.178.63
        s=CounterPath eyeBeam 1.5
        c=IN IP4 192.168.178.63
        t=0 0
        m=audio 19038 RTP/SAVP 8
        a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:0CpsUAIJO2Ww0QMEE9UkDtZQ9+FOPrJTVnLjVQsS
        a=sendrecv

        <------------->
        — (11 headers 8 lines) —
        Found RTP audio format 8
        Capabilities: us - 0x8 (alaw), peer - audio=0x8 (alaw)/video=0x0 (nothing)/text=0x0 (nothing), combined - 0x8 (alaw)
        Non-codec capabilities (dtmf): us - 0x0 (nothing), peer - 0x0 (nothing), combined - 0x0 (nothing)
        Peer audio RTP is at port 192.168.178.63:19038
        list_route: hop: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>
        set_destination: Parsing <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b> for address/port to send to
        set_destination: set destination to 86.96.229.88, port 50093
        Transmitting (NAT) to 86.96.229.88:50093:
        ACK sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b SIP/2.0
        Via: SIP/2.0/TLS 65.49.14.19:5061;branch=z9hG4bK76b0b58b;rport
        Max-Forwards: 70
        From: "Jochen E72 TLS UNCC" <sip:5553001@sec.maeg.com>;tag=as4ef71c16
        To: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>;tag=1e0be518
        Contact: <sip:5553001@65.49.14.19;transport=TLS>
        Call-ID: 035b2c465a81dd720d193f00012f7e7d@sec.maeg.com
        CSeq: 102 ACK
        User-Agent: MAEG TLS SEC
        Content-Length: 0


        Audio is at 65.49.14.19 port 30144
        Adding codec 0x8 (alaw) to SDP

        <--- Reliably Transmitting (NAT) to 86.96.229.88:55324 --->
        SIP/2.0 200 OK
        Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bKrvljqrmjo82unjm3e0p77j3;received=86.96.229.88;rport=55324
        From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg
        To: <sips:5553000@sec.maeg.com;user=phone>;tag=as48b920d0
        Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9
        CSeq: 3097 INVITE
        Server: MAEG TLS SEC
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
        Supported: replaces, timer
        Require: timer
        Session-Expires: 300;refresher=uas
        Contact: <sip:5553000@65.49.14.19;transport=TLS>
        Content-Type: application/sdp
        Content-Length: 280

        v=0
        o=MAEG 809561325 809561325 IN IP4 65.49.14.19
        s=MAEG TLS
        c=IN IP4 65.49.14.19
        t=0 0
        m=audio 30144 RTP/SAVP 8
        a=rtpmap:8 PCMA/8000
        a=silenceSupp:off - - - -
        a=ptime:20
        a=sendrecv
        a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:rqDJHu7XQpTyamgsQeoA9KkgTOfbGOLHvW87nyD9

        <------------>
        81-89-105-60*CLI>
        <--- SIP read from TLS:86.96.229.88:55324 --->
        ACK sip:5553000@65.49.14.19;transport=TLS SIP/2.0
        Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bKtrcnhoia12oprjm3qlh3cs3;rport
        To: <sips:5553000@sec.maeg.com;user=phone>;tag=as48b920d0
        From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg
        Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9
        CSeq: 3097 ACK
        Supported: sec-agree
        Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,INVITE,ACK,CANCEL,OPTIONS,BYE
        Max-Forwards: 70
        Authorization: Digest realm="maeg.com",nonce="6ae9216f",algorithm=MD5,username="5553001",uri="sips:5553000@sec.maeg.com;user=phone",response="ee9ec3e329301a764d7b54cf61d08586"
        Content-Length: 0

        <------------->
        — (11 headers 0 lines) —
        [May 5 06:09:00] NOTICE[30684]: res_rtp_asterisk.c:2128 ast_rtp_read: Unknown RTP codec 120 received from '86.96.229.88'
        81-89-105-60*CLI>
        <--- SIP read from TLS:86.96.229.88:55324 --->
        BYE sip:5553000@65.49.14.19;transport=TLS SIP/2.0
        Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bKqkiv8sk20phc73vsv576rsl;rport
        To: <sips:5553000@sec.maeg.com;user=phone>;tag=as48b920d0
        From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg
        Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9
        CSeq: 3098 BYE
        Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,INVITE,ACK,CANCEL,OPTIONS,BYE
        Max-Forwards: 70
        Content-Length: 0

        <------------->
        — (9 headers 0 lines) —
        Sending to 86.96.229.88 : 55324 (NAT)

        <--- Transmitting (NAT) to 86.96.229.88:55324 --->
        SIP/2.0 200 OK
        Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bKqkiv8sk20phc73vsv576rsl;received=86.96.229.88;rport=55324
        From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg
        To: <sips:5553000@sec.maeg.com;user=phone>;tag=as48b920d0
        Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9
        CSeq: 3098 BYE
        Server: MAEG TLS SEC
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
        Supported: replaces, timer
        Content-Length: 0

        <------------>
        Scheduling destruction of SIP dialog '035b2c465a81dd720d193f00012f7e7d@sec.maeg.com' in 18112 ms (Method: INVITE)
        set_destination: Parsing <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b> for address/port to send to
        set_destination: set destination to 86.96.229.88, port 50093
        Reliably Transmitting (NAT) to 86.96.229.88:50093:
        BYE sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b SIP/2.0
        Via: SIP/2.0/TLS 65.49.14.19:5061;branch=z9hG4bK10e987bd;rport
        Max-Forwards: 70
        From: "Jochen E72 TLS UNCC" <sip:5553001@sec.maeg.com>;tag=as4ef71c16
        To: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>;tag=1e0be518
        Call-ID: 035b2c465a81dd720d193f00012f7e7d@sec.maeg.com
        CSeq: 103 BYE
        User-Agent: MAEG TLS SEC
        X-Asterisk-HangupCause: Normal Clearing
        X-Asterisk-HangupCauseCode: 16
        Content-Length: 0


        81-89-105-60*CLI>
        <--- SIP read from TLS:86.96.229.88:50093 --->
        SIP/2.0 200 OK
        Via: SIP/2.0/TLS 65.49.14.19:5061;branch=z9hG4bK10e987bd;rport=5061
        Contact: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>
        To: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>;tag=1e0be518
        From: "Jochen E72 TLS UNCC"<sip:5553001@sec.maeg.com>;tag=as4ef71c16
        Call-ID: 035b2c465a81dd720d193f00012f7e7d@sec.maeg.com
        CSeq: 103 BYE
        User-Agent: eyeBeam release 1102q stamp 51814
        Content-Length: 0

        <------------->
        — (9 headers 0 lines) —
        Really destroying SIP dialog '035b2c465a81dd720d193f00012f7e7d@sec.maeg.com' Method: INVITE
        Really destroying SIP dialog 'yflivjE3oIccB07J2B7_JOYGHFZeU9' Method: BYE
        81-89-105-60*CLI>
        <--- SIP read from TLS:86.96.229.88:50093 --->

        <------------->
        Reliably Transmitting (NAT) to 86.96.229.88:50093:
        OPTIONS sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b SIP/2.0
        Via: SIP/2.0/TLS 65.49.14.19:5061;branch=z9hG4bK3497fb47;rport
        Max-Forwards: 70
        From: "asterisk" <sip:asterisk@sec.maeg.com>;tag=as4f0d4c84
        To: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>
        Contact: <sip:asterisk@65.49.14.19;transport=TLS>
        Call-ID: 2343369555c993812d027d3b58728dac@sec.maeg.com
        CSeq: 102 OPTIONS
        User-Agent: MAEG TLS SEC
        Date: Wed, 05 May 2010 06:09:15 GMT
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
        Supported: replaces, timer
        Content-Length: 0


        81-89-105-60*CLI>
        <--- SIP read from TLS:86.96.229.88:50093 --->
        SIP/2.0 200 OK
        Via: SIP/2.0/TLS 65.49.14.19:5061;branch=z9hG4bK3497fb47;rport=5061
        Contact: <sip:192.168.178.63:41141;transport=TLS>
        To: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>;tag=a6647e1e
        From: "asterisk"<sip:asterisk@sec.maeg.com>;tag=as4f0d4c84
        Call-ID: 2343369555c993812d027d3b58728dac@sec.maeg.com
        CSeq: 102 OPTIONS
        Accept: application/sdp
        Accept-Language: en
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO
        User-Agent: eyeBeam release 1102q stamp 51814
        Content-Length: 0

        <------------->
        — (12 headers 0 lines) —
        81-89-105-60*CLI>
        <--- SIP read from TLS:86.96.229.88:50093 --->
        SUBSCRIBE sip:5553000@sec.maeg.com:5061 SIP/2.0
        Via: SIP/2.0/TLS 192.168.178.63:41141;branch=z9hG4bK-d8754z-e87db67f1474f45a-1--d8754z;rport
        Max-Forwards: 70
        Contact: <sip:5553000@86.96.229.88:50093;transport=TLS>
        To: "MAEG ENCRYPTED"<sip:5553000@sec.maeg.com:5061>
        From: "MAEG ENCRYPTED"<sip:5553000@sec.maeg.com:5061>;tag=0d216377
        Call-ID: NDQ5MTU5MmZiM2VlMjk2YjY4ZjYzNWJjZWI5MTczMDk.
        CSeq: 1 SUBSCRIBE
        Expires: 300
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO
        User-Agent: eyeBeam release 1102q stamp 51814
        Event: message-summary
        Content-Length: 0

        <------------->
        — (13 headers 0 lines) —
        Creating new subscription
        Sending to 86.96.229.88 : 41141 (no NAT)
        list_route: hop: <sip:5553000@86.96.229.88:50093;transport=TLS>
        Found peer '5553000' for '5553000' from 86.96.229.88:50093

        <--- Transmitting (NAT) to 86.96.229.88:50093 --->
        SIP/2.0 401 Unauthorized
        Via: SIP/2.0/TLS 192.168.178.63:41141;branch=z9hG4bK-d8754z-e87db67f1474f45a-1--d8754z;received=86.96.229.88;rport=50093
        From: "MAEG ENCRYPTED"<sip:5553000@sec.maeg.com:5061>;tag=0d216377
        To: "MAEG ENCRYPTED"<sip:5553000@sec.maeg.com:5061>;tag=as5bec72bd
        Call-ID: NDQ5MTU5MmZiM2VlMjk2YjY4ZjYzNWJjZWI5MTczMDk.
        CSeq: 1 SUBSCRIBE
        Server: MAEG TLS SEC
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
        Supported: replaces, timer
        WWW-Authenticate: Digest algorithm=MD5, realm="maeg.com", nonce="3e0e64a3"
        Content-Length: 0

        <------------>
        Scheduling destruction of SIP dialog 'NDQ5MTU5MmZiM2VlMjk2YjY4ZjYzNWJjZWI5MTczMDk.' in 17920 ms (Method: SUBSCRIBE)
        Really destroying SIP dialog '2343369555c993812d027d3b58728dac@sec.maeg.com' Method: OPTIONS
        81-89-105-60*CLI>
        <--- SIP read from TLS:86.96.229.88:50093 --->
        SUBSCRIBE sip:5553000@sec.maeg.com:5061 SIP/2.0
        Via: SIP/2.0/TLS 192.168.178.63:41141;branch=z9hG4bK-d8754z-0a5ca014d30f4762-1--d8754z;rport
        Max-Forwards: 70
        Contact: <sip:5553000@86.96.229.88:50093;transport=TLS>
        To: "MAEG ENCRYPTED"<sip:5553000@sec.maeg.com:5061>
        From: "MAEG ENCRYPTED"<sip:5553000@sec.maeg.com:5061>;tag=0d216377
        Call-ID: NDQ5MTU5MmZiM2VlMjk2YjY4ZjYzNWJjZWI5MTczMDk.
        CSeq: 2 SUBSCRIBE
        Expires: 300
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO
        User-Agent: eyeBeam release 1102q stamp 51814
        Authorization: Digest username="5553000",realm="maeg.com",nonce="3e0e64a3",uri="sip:5553000@sec.maeg.com:5061",response="8d8381f5cdca8138a8e8f5219d58991f",algorithm=MD5
        Event: message-summary
        Content-Length: 0

        <------------->
        — (14 headers 0 lines) —
        Creating new subscription
        Sending to 86.96.229.88 : 50093 (NAT)
        Found peer '5553000' for '5553000' from 86.96.229.88:50093

        <--- Transmitting (NAT) to 86.96.229.88:50093 --->
        SIP/2.0 404 Not found (no mailbox)
        Via: SIP/2.0/TLS 192.168.178.63:41141;branch=z9hG4bK-d8754z-0a5ca014d30f4762-1--d8754z;received=86.96.229.88;rport=50093
        From: "MAEG ENCRYPTED"<sip:5553000@sec.maeg.com:5061>;tag=0d216377
        To: "MAEG ENCRYPTED"<sip:5553000@sec.maeg.com:5061>;tag=as5bec72bd
        Call-ID: NDQ5MTU5MmZiM2VlMjk2YjY4ZjYzNWJjZWI5MTczMDk.
        CSeq: 2 SUBSCRIBE
        Server: MAEG TLS SEC
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
        Supported: replaces, timer
        Content-Length: 0

        Show
        joels added a comment - Call from a Nokia E72 (31.023) -> eyeBeam: <--- SIP read from TLS:86.96.229.88:55324 ---> INVITE sips:5553000@sec.maeg.com;user=phone SIP/2.0 Route: <sips:sec.maeg.com:6000;lr;transport=TCP> Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bK3b632jceelhc6trv07mgkmi;rport From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg To: <sips:5553000@sec.maeg.com;user=phone> Contact: <sips:4cWDAREngqRPezacKC47@192.168.178.104;transport=TCP> Supported: precondition,100rel,timer,sec-agree CSeq: 3096 INVITE Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9 Allow: UPDATE,PRACK,SUBSCRIBE,REFER,NOTIFY,INVITE,ACK,CANCEL,OPTIONS,BYE User-Agent: Nokia RM-530 031.023 00-BD-3A-00-10-8C Expires: 120 Privacy: None Session-Expires: 300 Max-Forwards: 70 Content-Type: application/sdp Accept-Language: de Content-Length: 524 v=0 o=5553001 63441302944196250 63441302944196250 IN IP4 192.168.178.104 s=- c=IN IP4 192.168.178.104 t=0 0 m=audio 16384 RTP/SAVP 8 18 98 a=sendrecv a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:VGI3Y2N5ZUFhM015UnZTZ0VnakVXeWJXdjRJQWhV a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:ZVBBUmhWQlc2SWJzTWl5Ml9Hc1psMFRBZEc0Q3VS a=curr:sec e2e none a=des:sec optional e2e sendrecv a=rtpmap:8 PCMA/8000 a=ptime:20 a=maxptime:200 a=rtpmap:18 G729/8000 a=fmtp:18 annexb=yes a=rtpmap:98 telephone-event/8000 a=fmtp:98 0-15 <-------------> — (18 headers 18 lines) — Sending to 86.96.229.88 : 5060 (no NAT) Using INVITE request as basis request - yflivjE3oIccB07J2B7_JOYGHFZeU9 Found peer '5553001' for '5553001' from 86.96.229.88:55324 81-89-105-60*CLI> <--- Reliably Transmitting (NAT) to 86.96.229.88:55324 ---> SIP/2.0 401 Unauthorized Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bK3b632jceelhc6trv07mgkmi;received=86.96.229.88;rport=55324 From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg To: <sips:5553000@sec.maeg.com;user=phone>;tag=as59fd410d Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9 CSeq: 3096 INVITE Server: MAEG TLS SEC Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces, timer WWW-Authenticate: Digest algorithm=MD5, realm="maeg.com", nonce="6ae9216f" Content-Length: 0 <------------> Scheduling destruction of SIP dialog 'yflivjE3oIccB07J2B7_JOYGHFZeU9' in 32000 ms (Method: INVITE) 81-89-105-60*CLI> <--- SIP read from TLS:86.96.229.88:55324 ---> ACK sips:5553000@sec.maeg.com;user=phone SIP/2.0 Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bK3b632jceelhc6trv07mgkmi;rport Route: <sips:sec.maeg.com:6000;lr;transport=TCP> From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg To: <sips:5553000@sec.maeg.com;user=phone>;tag=as59fd410d Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9 CSeq: 3096 ACK Supported: sec-agree Max-Forwards: 70 Content-Length: 0 <-------------> — (10 headers 0 lines) — 81-89-105-60*CLI> <--- SIP read from TLS:86.96.229.88:55324 ---> INVITE sips:5553000@sec.maeg.com;user=phone SIP/2.0 Route: <sips:sec.maeg.com:6000;lr;transport=TCP> Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bKrvljqrmjo82unjm3e0p77j3;rport From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg To: <sips:5553000@sec.maeg.com;user=phone> Contact: <sips:4cWDAREngqRPezacKC47@192.168.178.104;transport=TCP> Supported: precondition,100rel,timer,sec-agree CSeq: 3097 INVITE Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9 Allow: UPDATE,PRACK,SUBSCRIBE,REFER,NOTIFY,INVITE,ACK,CANCEL,OPTIONS,BYE User-Agent: Nokia RM-530 031.023 00-BD-3A-00-10-8C Expires: 120 Privacy: None Session-Expires: 300 Max-Forwards: 70 Authorization: Digest realm="maeg.com",nonce="6ae9216f",algorithm=MD5,username="5553001",uri="sips:5553000@sec.maeg.com;user=phone",response="ee9ec3e329301a764d7b54cf61d08586" Content-Type: application/sdp Accept-Language: de Content-Length: 524 v=0 o=5553001 63441302944196250 63441302944196250 IN IP4 192.168.178.104 s=- c=IN IP4 192.168.178.104 t=0 0 m=audio 16384 RTP/SAVP 8 18 98 a=sendrecv a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:VGI3Y2N5ZUFhM015UnZTZ0VnakVXeWJXdjRJQWhV a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:ZVBBUmhWQlc2SWJzTWl5Ml9Hc1psMFRBZEc0Q3VS a=curr:sec e2e none a=des:sec optional e2e sendrecv a=rtpmap:8 PCMA/8000 a=ptime:20 a=maxptime:200 a=rtpmap:18 G729/8000 a=fmtp:18 annexb=yes a=rtpmap:98 telephone-event/8000 a=fmtp:98 0-15 <-------------> — (19 headers 18 lines) — Sending to 86.96.229.88 : 55324 (NAT) Using INVITE request as basis request - yflivjE3oIccB07J2B7_JOYGHFZeU9 Found peer '5553001' for '5553001' from 86.96.229.88:55324 Found RTP audio format 8 Found RTP audio format 18 Found RTP audio format 98 Found audio description format PCMA for ID 8 Found audio description format G729 for ID 18 Found audio description format telephone-event for ID 98 Capabilities: us - 0x8 (alaw), peer - audio=0x108 (alaw|g729)/video=0x0 (nothing)/text=0x0 (nothing), combined - 0x8 (alaw) Non-codec capabilities (dtmf): us - 0x0 (nothing), peer - 0x1 (telephone-event|), combined - 0x0 (nothing) Peer audio RTP is at port 192.168.178.104:16384 Looking for 5553000 in from-sip (domain sec.maeg.com) list_route: hop: <sips:4cWDAREngqRPezacKC47@192.168.178.104;transport=TCP> 81-89-105-60*CLI> <--- Transmitting (NAT) to 86.96.229.88:55324 ---> SIP/2.0 100 Trying Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bKrvljqrmjo82unjm3e0p77j3;received=86.96.229.88;rport=55324 From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg To: <sips:5553000@sec.maeg.com;user=phone> Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9 CSeq: 3097 INVITE Server: MAEG TLS SEC Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces, timer Require: timer Session-Expires: 300;refresher=uas Contact: <sip:5553000@65.49.14.19;transport=TLS> Content-Length: 0 <------------> Audio is at 65.49.14.19 port 27064 Adding codec 0x8 (alaw) to SDP Reliably Transmitting (NAT) to 86.96.229.88:50093: INVITE sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b SIP/2.0 Via: SIP/2.0/TLS 65.49.14.19:5061;branch=z9hG4bK16f800a2;rport Max-Forwards: 70 From: "Jochen E72 TLS UNCC" <sip:5553001@sec.maeg.com>;tag=as4ef71c16 To: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b> Contact: <sip:5553001@65.49.14.19;transport=TLS> Call-ID: 035b2c465a81dd720d193f00012f7e7d@sec.maeg.com CSeq: 102 INVITE User-Agent: MAEG TLS SEC Date: Wed, 05 May 2010 06:08:40 GMT Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces, timer Content-Type: application/sdp Content-Length: 280 v=0 o=MAEG 569318442 569318442 IN IP4 65.49.14.19 s=MAEG TLS c=IN IP4 65.49.14.19 t=0 0 m=audio 27064 RTP/SAVP 8 a=rtpmap:8 PCMA/8000 a=silenceSupp:off - - - - a=ptime:20 a=sendrecv a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:4lyVB4wPy9uP1olUfUDmRyGNC+u8wGxNWLMtnl70 — 81-89-105-60*CLI> <--- SIP read from TLS:86.96.229.88:50093 ---> SIP/2.0 180 Ringing Via: SIP/2.0/TLS 65.49.14.19:5061;branch=z9hG4bK16f800a2;rport=5061 Contact: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b> To: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>;tag=1e0be518 From: "Jochen E72 TLS UNCC"<sip:5553001@sec.maeg.com>;tag=as4ef71c16 Call-ID: 035b2c465a81dd720d193f00012f7e7d@sec.maeg.com CSeq: 102 INVITE User-Agent: eyeBeam release 1102q stamp 51814 Content-Length: 0 <-------------> — (9 headers 0 lines) — 81-89-105-60*CLI> <--- Transmitting (NAT) to 86.96.229.88:55324 ---> SIP/2.0 180 Ringing Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bKrvljqrmjo82unjm3e0p77j3;received=86.96.229.88;rport=55324 From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg To: <sips:5553000@sec.maeg.com;user=phone>;tag=as48b920d0 Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9 CSeq: 3097 INVITE Server: MAEG TLS SEC Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces, timer Require: timer Session-Expires: 300;refresher=uas Contact: <sip:5553000@65.49.14.19;transport=TLS> Content-Length: 0 <------------> 81-89-105-60*CLI> <--- SIP read from TLS:86.96.229.88:50093 ---> <-------------> 81-89-105-60*CLI> <--- SIP read from TLS:86.96.229.88:50093 ---> SIP/2.0 200 OK Via: SIP/2.0/TLS 65.49.14.19:5061;branch=z9hG4bK16f800a2;rport=5061 Contact: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b> To: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>;tag=1e0be518 From: "Jochen E72 TLS UNCC"<sip:5553001@sec.maeg.com>;tag=as4ef71c16 Call-ID: 035b2c465a81dd720d193f00012f7e7d@sec.maeg.com CSeq: 102 INVITE Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO Content-Type: application/sdp User-Agent: eyeBeam release 1102q stamp 51814 Content-Length: 217 v=0 o=- 8 2 IN IP4 192.168.178.63 s=CounterPath eyeBeam 1.5 c=IN IP4 192.168.178.63 t=0 0 m=audio 19038 RTP/SAVP 8 a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:0CpsUAIJO2Ww0QMEE9UkDtZQ9+FOPrJTVnLjVQsS a=sendrecv <-------------> — (11 headers 8 lines) — Found RTP audio format 8 Capabilities: us - 0x8 (alaw), peer - audio=0x8 (alaw)/video=0x0 (nothing)/text=0x0 (nothing), combined - 0x8 (alaw) Non-codec capabilities (dtmf): us - 0x0 (nothing), peer - 0x0 (nothing), combined - 0x0 (nothing) Peer audio RTP is at port 192.168.178.63:19038 list_route: hop: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b> set_destination: Parsing <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b> for address/port to send to set_destination: set destination to 86.96.229.88, port 50093 Transmitting (NAT) to 86.96.229.88:50093: ACK sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b SIP/2.0 Via: SIP/2.0/TLS 65.49.14.19:5061;branch=z9hG4bK76b0b58b;rport Max-Forwards: 70 From: "Jochen E72 TLS UNCC" <sip:5553001@sec.maeg.com>;tag=as4ef71c16 To: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>;tag=1e0be518 Contact: <sip:5553001@65.49.14.19;transport=TLS> Call-ID: 035b2c465a81dd720d193f00012f7e7d@sec.maeg.com CSeq: 102 ACK User-Agent: MAEG TLS SEC Content-Length: 0 — Audio is at 65.49.14.19 port 30144 Adding codec 0x8 (alaw) to SDP <--- Reliably Transmitting (NAT) to 86.96.229.88:55324 ---> SIP/2.0 200 OK Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bKrvljqrmjo82unjm3e0p77j3;received=86.96.229.88;rport=55324 From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg To: <sips:5553000@sec.maeg.com;user=phone>;tag=as48b920d0 Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9 CSeq: 3097 INVITE Server: MAEG TLS SEC Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces, timer Require: timer Session-Expires: 300;refresher=uas Contact: <sip:5553000@65.49.14.19;transport=TLS> Content-Type: application/sdp Content-Length: 280 v=0 o=MAEG 809561325 809561325 IN IP4 65.49.14.19 s=MAEG TLS c=IN IP4 65.49.14.19 t=0 0 m=audio 30144 RTP/SAVP 8 a=rtpmap:8 PCMA/8000 a=silenceSupp:off - - - - a=ptime:20 a=sendrecv a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:rqDJHu7XQpTyamgsQeoA9KkgTOfbGOLHvW87nyD9 <------------> 81-89-105-60*CLI> <--- SIP read from TLS:86.96.229.88:55324 ---> ACK sip:5553000@65.49.14.19;transport=TLS SIP/2.0 Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bKtrcnhoia12oprjm3qlh3cs3;rport To: <sips:5553000@sec.maeg.com;user=phone>;tag=as48b920d0 From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9 CSeq: 3097 ACK Supported: sec-agree Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,INVITE,ACK,CANCEL,OPTIONS,BYE Max-Forwards: 70 Authorization: Digest realm="maeg.com",nonce="6ae9216f",algorithm=MD5,username="5553001",uri="sips:5553000@sec.maeg.com;user=phone",response="ee9ec3e329301a764d7b54cf61d08586" Content-Length: 0 <-------------> — (11 headers 0 lines) — [May 5 06:09:00] NOTICE [30684] : res_rtp_asterisk.c:2128 ast_rtp_read: Unknown RTP codec 120 received from '86.96.229.88' 81-89-105-60*CLI> <--- SIP read from TLS:86.96.229.88:55324 ---> BYE sip:5553000@65.49.14.19;transport=TLS SIP/2.0 Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bKqkiv8sk20phc73vsv576rsl;rport To: <sips:5553000@sec.maeg.com;user=phone>;tag=as48b920d0 From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9 CSeq: 3098 BYE Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,INVITE,ACK,CANCEL,OPTIONS,BYE Max-Forwards: 70 Content-Length: 0 <-------------> — (9 headers 0 lines) — Sending to 86.96.229.88 : 55324 (NAT) <--- Transmitting (NAT) to 86.96.229.88:55324 ---> SIP/2.0 200 OK Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bKqkiv8sk20phc73vsv576rsl;received=86.96.229.88;rport=55324 From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg To: <sips:5553000@sec.maeg.com;user=phone>;tag=as48b920d0 Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9 CSeq: 3098 BYE Server: MAEG TLS SEC Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces, timer Content-Length: 0 <------------> Scheduling destruction of SIP dialog '035b2c465a81dd720d193f00012f7e7d@sec.maeg.com' in 18112 ms (Method: INVITE) set_destination: Parsing <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b> for address/port to send to set_destination: set destination to 86.96.229.88, port 50093 Reliably Transmitting (NAT) to 86.96.229.88:50093: BYE sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b SIP/2.0 Via: SIP/2.0/TLS 65.49.14.19:5061;branch=z9hG4bK10e987bd;rport Max-Forwards: 70 From: "Jochen E72 TLS UNCC" <sip:5553001@sec.maeg.com>;tag=as4ef71c16 To: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>;tag=1e0be518 Call-ID: 035b2c465a81dd720d193f00012f7e7d@sec.maeg.com CSeq: 103 BYE User-Agent: MAEG TLS SEC X-Asterisk-HangupCause: Normal Clearing X-Asterisk-HangupCauseCode: 16 Content-Length: 0 — 81-89-105-60*CLI> <--- SIP read from TLS:86.96.229.88:50093 ---> SIP/2.0 200 OK Via: SIP/2.0/TLS 65.49.14.19:5061;branch=z9hG4bK10e987bd;rport=5061 Contact: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b> To: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>;tag=1e0be518 From: "Jochen E72 TLS UNCC"<sip:5553001@sec.maeg.com>;tag=as4ef71c16 Call-ID: 035b2c465a81dd720d193f00012f7e7d@sec.maeg.com CSeq: 103 BYE User-Agent: eyeBeam release 1102q stamp 51814 Content-Length: 0 <-------------> — (9 headers 0 lines) — Really destroying SIP dialog '035b2c465a81dd720d193f00012f7e7d@sec.maeg.com' Method: INVITE Really destroying SIP dialog 'yflivjE3oIccB07J2B7_JOYGHFZeU9' Method: BYE 81-89-105-60*CLI> <--- SIP read from TLS:86.96.229.88:50093 ---> <-------------> Reliably Transmitting (NAT) to 86.96.229.88:50093: OPTIONS sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b SIP/2.0 Via: SIP/2.0/TLS 65.49.14.19:5061;branch=z9hG4bK3497fb47;rport Max-Forwards: 70 From: "asterisk" <sip:asterisk@sec.maeg.com>;tag=as4f0d4c84 To: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b> Contact: <sip:asterisk@65.49.14.19;transport=TLS> Call-ID: 2343369555c993812d027d3b58728dac@sec.maeg.com CSeq: 102 OPTIONS User-Agent: MAEG TLS SEC Date: Wed, 05 May 2010 06:09:15 GMT Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces, timer Content-Length: 0 — 81-89-105-60*CLI> <--- SIP read from TLS:86.96.229.88:50093 ---> SIP/2.0 200 OK Via: SIP/2.0/TLS 65.49.14.19:5061;branch=z9hG4bK3497fb47;rport=5061 Contact: <sip:192.168.178.63:41141;transport=TLS> To: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>;tag=a6647e1e From: "asterisk"<sip:asterisk@sec.maeg.com>;tag=as4f0d4c84 Call-ID: 2343369555c993812d027d3b58728dac@sec.maeg.com CSeq: 102 OPTIONS Accept: application/sdp Accept-Language: en Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO User-Agent: eyeBeam release 1102q stamp 51814 Content-Length: 0 <-------------> — (12 headers 0 lines) — 81-89-105-60*CLI> <--- SIP read from TLS:86.96.229.88:50093 ---> SUBSCRIBE sip:5553000@sec.maeg.com:5061 SIP/2.0 Via: SIP/2.0/TLS 192.168.178.63:41141;branch=z9hG4bK-d8754z-e87db67f1474f45a-1-- d8754z ;rport Max-Forwards: 70 Contact: <sip:5553000@86.96.229.88:50093;transport=TLS> To: "MAEG ENCRYPTED"<sip:5553000@sec.maeg.com:5061> From: "MAEG ENCRYPTED"<sip:5553000@sec.maeg.com:5061>;tag=0d216377 Call-ID: NDQ5MTU5MmZiM2VlMjk2YjY4ZjYzNWJjZWI5MTczMDk. CSeq: 1 SUBSCRIBE Expires: 300 Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO User-Agent: eyeBeam release 1102q stamp 51814 Event: message-summary Content-Length: 0 <-------------> — (13 headers 0 lines) — Creating new subscription Sending to 86.96.229.88 : 41141 (no NAT) list_route: hop: <sip:5553000@86.96.229.88:50093;transport=TLS> Found peer '5553000' for '5553000' from 86.96.229.88:50093 <--- Transmitting (NAT) to 86.96.229.88:50093 ---> SIP/2.0 401 Unauthorized Via: SIP/2.0/TLS 192.168.178.63:41141;branch=z9hG4bK-d8754z-e87db67f1474f45a-1-- d8754z ;received=86.96.229.88;rport=50093 From: "MAEG ENCRYPTED"<sip:5553000@sec.maeg.com:5061>;tag=0d216377 To: "MAEG ENCRYPTED"<sip:5553000@sec.maeg.com:5061>;tag=as5bec72bd Call-ID: NDQ5MTU5MmZiM2VlMjk2YjY4ZjYzNWJjZWI5MTczMDk. CSeq: 1 SUBSCRIBE Server: MAEG TLS SEC Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces, timer WWW-Authenticate: Digest algorithm=MD5, realm="maeg.com", nonce="3e0e64a3" Content-Length: 0 <------------> Scheduling destruction of SIP dialog 'NDQ5MTU5MmZiM2VlMjk2YjY4ZjYzNWJjZWI5MTczMDk.' in 17920 ms (Method: SUBSCRIBE) Really destroying SIP dialog '2343369555c993812d027d3b58728dac@sec.maeg.com' Method: OPTIONS 81-89-105-60*CLI> <--- SIP read from TLS:86.96.229.88:50093 ---> SUBSCRIBE sip:5553000@sec.maeg.com:5061 SIP/2.0 Via: SIP/2.0/TLS 192.168.178.63:41141;branch=z9hG4bK-d8754z-0a5ca014d30f4762-1-- d8754z ;rport Max-Forwards: 70 Contact: <sip:5553000@86.96.229.88:50093;transport=TLS> To: "MAEG ENCRYPTED"<sip:5553000@sec.maeg.com:5061> From: "MAEG ENCRYPTED"<sip:5553000@sec.maeg.com:5061>;tag=0d216377 Call-ID: NDQ5MTU5MmZiM2VlMjk2YjY4ZjYzNWJjZWI5MTczMDk. CSeq: 2 SUBSCRIBE Expires: 300 Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO User-Agent: eyeBeam release 1102q stamp 51814 Authorization: Digest username="5553000",realm="maeg.com",nonce="3e0e64a3",uri="sip:5553000@sec.maeg.com:5061",response="8d8381f5cdca8138a8e8f5219d58991f",algorithm=MD5 Event: message-summary Content-Length: 0 <-------------> — (14 headers 0 lines) — Creating new subscription Sending to 86.96.229.88 : 50093 (NAT) Found peer '5553000' for '5553000' from 86.96.229.88:50093 <--- Transmitting (NAT) to 86.96.229.88:50093 ---> SIP/2.0 404 Not found (no mailbox) Via: SIP/2.0/TLS 192.168.178.63:41141;branch=z9hG4bK-d8754z-0a5ca014d30f4762-1-- d8754z ;received=86.96.229.88;rport=50093 From: "MAEG ENCRYPTED"<sip:5553000@sec.maeg.com:5061>;tag=0d216377 To: "MAEG ENCRYPTED"<sip:5553000@sec.maeg.com:5061>;tag=as5bec72bd Call-ID: NDQ5MTU5MmZiM2VlMjk2YjY4ZjYzNWJjZWI5MTczMDk. CSeq: 2 SUBSCRIBE Server: MAEG TLS SEC Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces, timer Content-Length: 0
        Hide
        joels added a comment -

        Nokia's info:

        • RFC 2246 The TLS Protocol Version 1.0:
        o SIP stack does not support incoming TLS connections. Thus proxies/registrars must support persistent TLS connections and be able to use existing connections to deliver SIP requests to the clients (connection reuse).
        o The following cipher suites may be used when setting up the TLS connection for SIP:
        a. TLS_RSA_WITH_AES_256_CBC_SHA
        b. TLS_RSA_WITH_AES_128_CBC_SHA
        c. TLS_RSA_WITH_3DES_EDE_CBC_SHA
        d. TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
        e. TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
        f. TLS_RSA_WITH_RC4_128_SHA
        g. TLS_RSA_WITH_RC4_128_MD5
        h. TLS_RSA_WITH_DES_CBC_SHA
        i. TLS_DHE_DSS_WITH_DES_CBC_SHA
        j. TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
        k. TLS_RSA_EXPORT_WITH_RC4_40_MD5
        l. TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
        m. TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
        • RFC 3262 Reliability of Provisional Responses in the Session Initiation Protocol (SIP):
        o Secure VoIP session establishment using security preconditions uses provisional responses sent by the UAS before the UAC has sent the SIP message "PRACK". Implementation follows RFC 3262 to achieve end-to-end reliability in transmitting such responses. Non-100 provisional responses are sent reliably if the initial INVITE request contained either a SUPPORTED or REQUIRE header field with the option tag "100rel".
        • RFC 3711 The Secure Real-Time Transport Protocol (SRTP):
        o The SRTP use is signaled by either having defined secure RTP transport "RTP/SAVP" in an SDP media line or a=crypto as a media attribute in an SDP document. "RTP/SAVPF" is not supported.
        o Implementation supports RTP/RTCP stream authentication and encryption with replay protection according to RFC 3711:
        a. Same master key is shared with RTP/RTCP streams.
        b. Section 8.1.1 Use of the <From, To> for re-keying is not supported.
        • RFC 4568 Session Description Protocol Security Descriptions for Media Streams:
        o SDP attribute "crypto" is used to signal and negotiate cryptographic parameters for media streams. This negotiation is secured by TLS.
        o Implementation supports security descriptions according to RFC 4568 with the following restrictions:
        Implementation Specifications for Nokia S60 VoIP 17
        Forum.Nokia.com
        a. The following crypto suites are supported: AES_CM_128_HMAC_SHA1_80 (offered as default), F8_128_HMAC_SHA1_80 (supported if offered in the initial INVITE), AES_CM_128_HMAC_SHA1_32 (supported if offered in the initial INVITE).
        b. The following session parameters are supported: KDR.
        c. The following session parameters are not supported: UNENCRYPTED_SRTCP, UNENCRYPTED_SRTP, UNAUTHENTICATED_SRTP, FEC_ORDER, FEC_KEY, WSH.
        d. Re-keying is not recommended for IP telephony. Thus the optional lifetime field of the SRTP key parameter is not supported. Key rotation based on MKI is neither supported, though the MKI field in the SRTP key parameter is accepted if only one inline key parameter is provided with a=crypto attribute.
        e. Section 6.4.2. Sharing cryptographic contexts among Sessions or SSRCs is not supported.
        f. Section 7.1.4. Modifying the session: Only key parameters can be modified during the session. Initially negotiated crypto suite must remain the same through all session modifications. If new offer cannot be accepted, the old crypto parameters remain in place.
        • RFC 5027 Security Preconditions for Session Description Protocol Media Streams:
        o The negotiation of cryptographic parameters when establishing a secure VoIP session may take use of security preconditions, as defined in RFC 5027. The only supported precondition type is "sec". All the precondition attributes ("curr", "des", "conf") are supported as are all the precondition tags (strength, status, and direction). Strength is set as "optional" in the initial INVITE to increase interoperability with other vendors since security preconditions as a concept is published as a draft at this stage. When an offer with preconditions is received, the strength is increased to "mandatory" to prevent clipping effect and ghost calls from happening. Security descriptions may also be negotiated without using security preconditions if the other party does not support the concept.

        Show
        joels added a comment - Nokia's info: • RFC 2246 The TLS Protocol Version 1.0: o SIP stack does not support incoming TLS connections. Thus proxies/registrars must support persistent TLS connections and be able to use existing connections to deliver SIP requests to the clients (connection reuse). o The following cipher suites may be used when setting up the TLS connection for SIP: a. TLS_RSA_WITH_AES_256_CBC_SHA b. TLS_RSA_WITH_AES_128_CBC_SHA c. TLS_RSA_WITH_3DES_EDE_CBC_SHA d. TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA e. TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA f. TLS_RSA_WITH_RC4_128_SHA g. TLS_RSA_WITH_RC4_128_MD5 h. TLS_RSA_WITH_DES_CBC_SHA i. TLS_DHE_DSS_WITH_DES_CBC_SHA j. TLS_RSA_EXPORT_WITH_DES40_CBC_SHA k. TLS_RSA_EXPORT_WITH_RC4_40_MD5 l. TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA m. TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA • RFC 3262 Reliability of Provisional Responses in the Session Initiation Protocol (SIP): o Secure VoIP session establishment using security preconditions uses provisional responses sent by the UAS before the UAC has sent the SIP message "PRACK". Implementation follows RFC 3262 to achieve end-to-end reliability in transmitting such responses. Non-100 provisional responses are sent reliably if the initial INVITE request contained either a SUPPORTED or REQUIRE header field with the option tag "100rel". • RFC 3711 The Secure Real-Time Transport Protocol (SRTP): o The SRTP use is signaled by either having defined secure RTP transport "RTP/SAVP" in an SDP media line or a=crypto as a media attribute in an SDP document. "RTP/SAVPF" is not supported. o Implementation supports RTP/RTCP stream authentication and encryption with replay protection according to RFC 3711: a. Same master key is shared with RTP/RTCP streams. b. Section 8.1.1 Use of the <From, To> for re-keying is not supported. • RFC 4568 Session Description Protocol Security Descriptions for Media Streams: o SDP attribute "crypto" is used to signal and negotiate cryptographic parameters for media streams. This negotiation is secured by TLS. o Implementation supports security descriptions according to RFC 4568 with the following restrictions: Implementation Specifications for Nokia S60 VoIP 17 Forum.Nokia.com a. The following crypto suites are supported: AES_CM_128_HMAC_SHA1_80 (offered as default), F8_128_HMAC_SHA1_80 (supported if offered in the initial INVITE), AES_CM_128_HMAC_SHA1_32 (supported if offered in the initial INVITE). b. The following session parameters are supported: KDR. c. The following session parameters are not supported: UNENCRYPTED_SRTCP, UNENCRYPTED_SRTP, UNAUTHENTICATED_SRTP, FEC_ORDER, FEC_KEY, WSH. d. Re-keying is not recommended for IP telephony. Thus the optional lifetime field of the SRTP key parameter is not supported. Key rotation based on MKI is neither supported, though the MKI field in the SRTP key parameter is accepted if only one inline key parameter is provided with a=crypto attribute. e. Section 6.4.2. Sharing cryptographic contexts among Sessions or SSRCs is not supported. f. Section 7.1.4. Modifying the session: Only key parameters can be modified during the session. Initially negotiated crypto suite must remain the same through all session modifications. If new offer cannot be accepted, the old crypto parameters remain in place. • RFC 5027 Security Preconditions for Session Description Protocol Media Streams: o The negotiation of cryptographic parameters when establishing a secure VoIP session may take use of security preconditions, as defined in RFC 5027. The only supported precondition type is "sec". All the precondition attributes ("curr", "des", "conf") are supported as are all the precondition tags (strength, status, and direction). Strength is set as "optional" in the initial INVITE to increase interoperability with other vendors since security preconditions as a concept is published as a draft at this stage. When an offer with preconditions is received, the strength is increased to "mandatory" to prevent clipping effect and ghost calls from happening. Security descriptions may also be negotiated without using security preconditions if the other party does not support the concept.
        Hide
        savage1985 added a comment -

        res_rtp_asterisk.so => (Asterisk RTP Stack)
        Illegal instruction
        while start asterisk on Linux debian121 2.6.21.1-bigsmp #1 SMP Sun Apr 29 04:38:52 CST 2007 i686 GNU/Linux

        but start successfully on another machine
        with info
        res_rtp_asterisk.so => (Asterisk RTP Stack)
        – Loaded PUBLIC key 'iaxtel'
        – Loaded PUBLIC key 'freeworlddialup'

        what is the reason ???

        Show
        savage1985 added a comment - res_rtp_asterisk.so => (Asterisk RTP Stack) Illegal instruction while start asterisk on Linux debian121 2.6.21.1-bigsmp #1 SMP Sun Apr 29 04:38:52 CST 2007 i686 GNU/Linux but start successfully on another machine with info res_rtp_asterisk.so => (Asterisk RTP Stack) – Loaded PUBLIC key 'iaxtel' – Loaded PUBLIC key 'freeworlddialup' what is the reason ???
        Hide
        iscario added a comment -

        Hi,
        I gonna try to set-up srtp (and sip-tls too). Would it be possible to have a short dialplan as example ? and a sip.conf too ? (just the options which are needed to support srtp would be necessary of course)
        Plus, I would like to know what sip client you use (which is able to support srtp) : i read that minisip was named in this page, but the windows installer has vanished from their website... Do you have another one to advice which support both tls and srtp ?
        Thank you.

        Show
        iscario added a comment - Hi, I gonna try to set-up srtp (and sip-tls too). Would it be possible to have a short dialplan as example ? and a sip.conf too ? (just the options which are needed to support srtp would be necessary of course) Plus, I would like to know what sip client you use (which is able to support srtp) : i read that minisip was named in this page, but the windows installer has vanished from their website... Do you have another one to advice which support both tls and srtp ? Thank you.
        Hide
        Digium Subversion added a comment -

        Repository: asterisk
        Revision: 268894

        U trunk/CHANGES
        U trunk/build_tools/menuselect-deps.in
        U trunk/channels/chan_iax2.c
        U trunk/channels/chan_sip.c
        U trunk/channels/sip/dialplan_functions.c
        A trunk/channels/sip/include/sdp_crypto.h
        U trunk/channels/sip/include/sip.h
        A trunk/channels/sip/include/srtp.h
        A trunk/channels/sip/sdp_crypto.c
        A trunk/channels/sip/srtp.c
        U trunk/configure
        U trunk/configure.ac
        U trunk/doc/tex/asterisk.tex
        A trunk/doc/tex/secure-calls.tex
        U trunk/funcs/func_channel.c
        U trunk/include/asterisk/autoconfig.h.in
        U trunk/include/asterisk/frame.h
        U trunk/include/asterisk/global_datastores.h
        A trunk/include/asterisk/res_srtp.h
        U trunk/include/asterisk/rtp_engine.h
        U trunk/main/asterisk.exports.in
        U trunk/main/channel.c
        U trunk/main/global_datastores.c
        U trunk/main/rtp_engine.c
        U trunk/makeopts.in
        U trunk/res/res_rtp_asterisk.c
        A trunk/res/res_srtp.c
        A trunk/res/res_srtp.exports.in

        ------------------------------------------------------------------------
        r268894 | twilson | 2010-06-08 00:29:08 -0500 (Tue, 08 Jun 2010) | 17 lines

        Add SRTP support for Asterisk

        After 5 years in mantis and over a year on reviewboard, SRTP support is finally
        being comitted. This includes generic CHANNEL dialplan functions that work for
        getting the status of whether a call has secure media or signaling as defined
        by the underlying channel technology and for setting whether or not a new
        channel being bridged to a calling channel should have secure signaling or
        media. See doc/tex/secure-calls.tex for examples.

        Original patch by mikma, updated for trunk and revised by me.

        (closes issue ASTERISK-5267)
        Reported by: mikma
        Tested by: twilson, notthematrix, hemanshurpatel

        Review: https://reviewboard.asterisk.org/r/191/

        ------------------------------------------------------------------------

        http://svn.digium.com/view/asterisk?view=rev&revision=268894

        Show
        Digium Subversion added a comment - Repository: asterisk Revision: 268894 U trunk/CHANGES U trunk/build_tools/menuselect-deps.in U trunk/channels/chan_iax2.c U trunk/channels/chan_sip.c U trunk/channels/sip/dialplan_functions.c A trunk/channels/sip/include/sdp_crypto.h U trunk/channels/sip/include/sip.h A trunk/channels/sip/include/srtp.h A trunk/channels/sip/sdp_crypto.c A trunk/channels/sip/srtp.c U trunk/configure U trunk/configure.ac U trunk/doc/tex/asterisk.tex A trunk/doc/tex/secure-calls.tex U trunk/funcs/func_channel.c U trunk/include/asterisk/autoconfig.h.in U trunk/include/asterisk/frame.h U trunk/include/asterisk/global_datastores.h A trunk/include/asterisk/res_srtp.h U trunk/include/asterisk/rtp_engine.h U trunk/main/asterisk.exports.in U trunk/main/channel.c U trunk/main/global_datastores.c U trunk/main/rtp_engine.c U trunk/makeopts.in U trunk/res/res_rtp_asterisk.c A trunk/res/res_srtp.c A trunk/res/res_srtp.exports.in ------------------------------------------------------------------------ r268894 | twilson | 2010-06-08 00:29:08 -0500 (Tue, 08 Jun 2010) | 17 lines Add SRTP support for Asterisk After 5 years in mantis and over a year on reviewboard, SRTP support is finally being comitted. This includes generic CHANNEL dialplan functions that work for getting the status of whether a call has secure media or signaling as defined by the underlying channel technology and for setting whether or not a new channel being bridged to a calling channel should have secure signaling or media. See doc/tex/secure-calls.tex for examples. Original patch by mikma, updated for trunk and revised by me. (closes issue ASTERISK-5267 ) Reported by: mikma Tested by: twilson, notthematrix, hemanshurpatel Review: https://reviewboard.asterisk.org/r/191/ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=268894