Details

    • Type: New Feature New Feature
    • Status: Closed
    • Severity: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Target Release Version/s: None
    • Labels:
      None
    • SVN Revision Number:
      48491
    • Mantis ID:
      5413
    • Regression:
      No

      Description

      This patch adds initial support for secure RTP using libsrt[1]. It can
      be used in for example an implementation of the sdecriptions draft[2].

      [1] http://srtp.sourceforge.net/srtp.html
      [2] http://www.ietf.org/internet-drafts/draft-ietf-mmusic-sdescriptions-12.txt

      Update (16/03/2010): Branch against trunk is located here http://svn.asterisk.org/svn/asterisk/team/group/srtp_reboot

          • IF TESTING, PLEASE USE THE ABOVE BRANCH AND NOT THE PATCHED ATTACHED TO THIS ISSUE AS THEY ARE OUT OF DATE ***
                • ADDITIONAL INFORMATION ******

      Example:

      #define CRYPTO_KEY_LEN 30

      /* Declarations */
      ast_policy_t *local_policy;
      unsigned char local_key[CRYPTO_KEY_LEN];
      char local_key64[50];
      ast_policy_t *remote_policy;
      unsigned char remote_key[CRYPTO_KEY_LEN];

      /* Allocate policies and generate key */
      remote_policy = ast_policy_alloc();
      local_policy = ast_policy_alloc();
      ast_get_random(local_key, CRYPTO_KEY_LEN);
      ast_policy_set_key(local_policy, local_key, CRYPTO_KEY_LEN);
      ast_base64encode(local_key64, local_key, CRYPTO_KEY_LEN, sizeof(local_key64));

      /* Activate SRTP */
      suite_val = AST_AES_CM_128_HMAC_SHA1_80;
      key_len = ast_base64decode(remote_key, salt, sizeof(remote_key));
      ast_policy_set_suite(local_policy, suite_val);
      ast_policy_set_suite(remote_policy, suite_val);
      ast_policy_set_key(remote_policy, remote_key, key_len);
      ast_rtp_set_io_policy(rtp, remote_policy, local_policy);

      (The return values should be checked, but I have removed it from the
      example to make it clearer)

      1. ast_srtp_depend.patch
        0.9 kB
      2. ast_srtp_r51249_mikey_r3124.patch
        94 kB
      3. ast_srtp_r61760_mikey_r3250.patch
        96 kB
      4. ast_srtp_r81432_mikey_r3412.patch
        96 kB
        mikma
      5. ast_srtp_trunk_r29093.patch
        27 kB
      6. ast_srtp_trunk_r48360.patch
        374 kB
      7. ast_srtp_trunk_r48491.patch
        375 kB
      8. ast_srtp6.patch
        38 kB
      9. ast_srtp7.patch
        2 kB
      10. asterisk-1.6.2.0-rc3-srtp.patch
        527 kB
        Stefan Tichy
      11. asterisk-1.6.2.0-rc3-srtp-test.patch
        0.4 kB
        Stefan Tichy
      12. asterisk-oej-securertp-trunk-r34330.patch
        10 kB
      13. asterisk-oej-securertp-trunk-r34481.patch
        20 kB
      14. srtp_ast-1.6.2_v3.patch
        55 kB
        Kristijan Vrban
      15. srtp_missing_free.patch
        0.4 kB
        Kristijan Vrban
      16. SRTP%20SoundPoint%20IP-TB25751_3725-17495-001_RevB.pdf
        165 kB

        Issue Links

          Activity

          Hide
          joels added a comment -

          Call from a Nokia E72 (31.023) -> eyeBeam:

          <--- SIP read from TLS:86.96.229.88:55324 --->
          INVITE sips:5553000@sec.maeg.com;user=phone SIP/2.0
          Route: <sips:sec.maeg.com:6000;lr;transport=TCP>
          Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bK3b632jceelhc6trv07mgkmi;rport
          From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg
          To: <sips:5553000@sec.maeg.com;user=phone>
          Contact: <sips:4cWDAREngqRPezacKC47@192.168.178.104;transport=TCP>
          Supported: precondition,100rel,timer,sec-agree
          CSeq: 3096 INVITE
          Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9
          Allow: UPDATE,PRACK,SUBSCRIBE,REFER,NOTIFY,INVITE,ACK,CANCEL,OPTIONS,BYE
          User-Agent: Nokia RM-530 031.023 00-BD-3A-00-10-8C
          Expires: 120
          Privacy: None
          Session-Expires: 300
          Max-Forwards: 70
          Content-Type: application/sdp
          Accept-Language: de
          Content-Length: 524

          v=0
          o=5553001 63441302944196250 63441302944196250 IN IP4 192.168.178.104
          s=-
          c=IN IP4 192.168.178.104
          t=0 0
          m=audio 16384 RTP/SAVP 8 18 98
          a=sendrecv
          a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:VGI3Y2N5ZUFhM015UnZTZ0VnakVXeWJXdjRJQWhV
          a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:ZVBBUmhWQlc2SWJzTWl5Ml9Hc1psMFRBZEc0Q3VS
          a=curr:sec e2e none
          a=des:sec optional e2e sendrecv
          a=rtpmap:8 PCMA/8000
          a=ptime:20
          a=maxptime:200
          a=rtpmap:18 G729/8000
          a=fmtp:18 annexb=yes
          a=rtpmap:98 telephone-event/8000
          a=fmtp:98 0-15

          <------------->
          — (18 headers 18 lines) —
          Sending to 86.96.229.88 : 5060 (no NAT)
          Using INVITE request as basis request - yflivjE3oIccB07J2B7_JOYGHFZeU9
          Found peer '5553001' for '5553001' from 86.96.229.88:55324
          81-89-105-60*CLI>
          <--- Reliably Transmitting (NAT) to 86.96.229.88:55324 --->
          SIP/2.0 401 Unauthorized
          Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bK3b632jceelhc6trv07mgkmi;received=86.96.229.88;rport=55324
          From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg
          To: <sips:5553000@sec.maeg.com;user=phone>;tag=as59fd410d
          Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9
          CSeq: 3096 INVITE
          Server: MAEG TLS SEC
          Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
          Supported: replaces, timer
          WWW-Authenticate: Digest algorithm=MD5, realm="maeg.com", nonce="6ae9216f"
          Content-Length: 0

          <------------>
          Scheduling destruction of SIP dialog 'yflivjE3oIccB07J2B7_JOYGHFZeU9' in 32000 ms (Method: INVITE)
          81-89-105-60*CLI>
          <--- SIP read from TLS:86.96.229.88:55324 --->
          ACK sips:5553000@sec.maeg.com;user=phone SIP/2.0
          Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bK3b632jceelhc6trv07mgkmi;rport
          Route: <sips:sec.maeg.com:6000;lr;transport=TCP>
          From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg
          To: <sips:5553000@sec.maeg.com;user=phone>;tag=as59fd410d
          Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9
          CSeq: 3096 ACK
          Supported: sec-agree
          Max-Forwards: 70
          Content-Length: 0

          <------------->
          — (10 headers 0 lines) —
          81-89-105-60*CLI>
          <--- SIP read from TLS:86.96.229.88:55324 --->
          INVITE sips:5553000@sec.maeg.com;user=phone SIP/2.0
          Route: <sips:sec.maeg.com:6000;lr;transport=TCP>
          Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bKrvljqrmjo82unjm3e0p77j3;rport
          From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg
          To: <sips:5553000@sec.maeg.com;user=phone>
          Contact: <sips:4cWDAREngqRPezacKC47@192.168.178.104;transport=TCP>
          Supported: precondition,100rel,timer,sec-agree
          CSeq: 3097 INVITE
          Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9
          Allow: UPDATE,PRACK,SUBSCRIBE,REFER,NOTIFY,INVITE,ACK,CANCEL,OPTIONS,BYE
          User-Agent: Nokia RM-530 031.023 00-BD-3A-00-10-8C
          Expires: 120
          Privacy: None
          Session-Expires: 300
          Max-Forwards: 70
          Authorization: Digest realm="maeg.com",nonce="6ae9216f",algorithm=MD5,username="5553001",uri="sips:5553000@sec.maeg.com;user=phone",response="ee9ec3e329301a764d7b54cf61d08586"
          Content-Type: application/sdp
          Accept-Language: de
          Content-Length: 524

          v=0
          o=5553001 63441302944196250 63441302944196250 IN IP4 192.168.178.104
          s=-
          c=IN IP4 192.168.178.104
          t=0 0
          m=audio 16384 RTP/SAVP 8 18 98
          a=sendrecv
          a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:VGI3Y2N5ZUFhM015UnZTZ0VnakVXeWJXdjRJQWhV
          a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:ZVBBUmhWQlc2SWJzTWl5Ml9Hc1psMFRBZEc0Q3VS
          a=curr:sec e2e none
          a=des:sec optional e2e sendrecv
          a=rtpmap:8 PCMA/8000
          a=ptime:20
          a=maxptime:200
          a=rtpmap:18 G729/8000
          a=fmtp:18 annexb=yes
          a=rtpmap:98 telephone-event/8000
          a=fmtp:98 0-15

          <------------->
          — (19 headers 18 lines) —
          Sending to 86.96.229.88 : 55324 (NAT)
          Using INVITE request as basis request - yflivjE3oIccB07J2B7_JOYGHFZeU9
          Found peer '5553001' for '5553001' from 86.96.229.88:55324
          Found RTP audio format 8
          Found RTP audio format 18
          Found RTP audio format 98
          Found audio description format PCMA for ID 8
          Found audio description format G729 for ID 18
          Found audio description format telephone-event for ID 98
          Capabilities: us - 0x8 (alaw), peer - audio=0x108 (alaw|g729)/video=0x0 (nothing)/text=0x0 (nothing), combined - 0x8 (alaw)
          Non-codec capabilities (dtmf): us - 0x0 (nothing), peer - 0x1 (telephone-event|), combined - 0x0 (nothing)
          Peer audio RTP is at port 192.168.178.104:16384
          Looking for 5553000 in from-sip (domain sec.maeg.com)
          list_route: hop: <sips:4cWDAREngqRPezacKC47@192.168.178.104;transport=TCP>
          81-89-105-60*CLI>
          <--- Transmitting (NAT) to 86.96.229.88:55324 --->
          SIP/2.0 100 Trying
          Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bKrvljqrmjo82unjm3e0p77j3;received=86.96.229.88;rport=55324
          From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg
          To: <sips:5553000@sec.maeg.com;user=phone>
          Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9
          CSeq: 3097 INVITE
          Server: MAEG TLS SEC
          Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
          Supported: replaces, timer
          Require: timer
          Session-Expires: 300;refresher=uas
          Contact: <sip:5553000@65.49.14.19;transport=TLS>
          Content-Length: 0

          <------------>
          Audio is at 65.49.14.19 port 27064
          Adding codec 0x8 (alaw) to SDP
          Reliably Transmitting (NAT) to 86.96.229.88:50093:
          INVITE sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b SIP/2.0
          Via: SIP/2.0/TLS 65.49.14.19:5061;branch=z9hG4bK16f800a2;rport
          Max-Forwards: 70
          From: "Jochen E72 TLS UNCC" <sip:5553001@sec.maeg.com>;tag=as4ef71c16
          To: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>
          Contact: <sip:5553001@65.49.14.19;transport=TLS>
          Call-ID: 035b2c465a81dd720d193f00012f7e7d@sec.maeg.com
          CSeq: 102 INVITE
          User-Agent: MAEG TLS SEC
          Date: Wed, 05 May 2010 06:08:40 GMT
          Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
          Supported: replaces, timer
          Content-Type: application/sdp
          Content-Length: 280

          v=0
          o=MAEG 569318442 569318442 IN IP4 65.49.14.19
          s=MAEG TLS
          c=IN IP4 65.49.14.19
          t=0 0
          m=audio 27064 RTP/SAVP 8
          a=rtpmap:8 PCMA/8000
          a=silenceSupp:off - - - -
          a=ptime:20
          a=sendrecv
          a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:4lyVB4wPy9uP1olUfUDmRyGNC+u8wGxNWLMtnl70


          81-89-105-60*CLI>
          <--- SIP read from TLS:86.96.229.88:50093 --->
          SIP/2.0 180 Ringing
          Via: SIP/2.0/TLS 65.49.14.19:5061;branch=z9hG4bK16f800a2;rport=5061
          Contact: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>
          To: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>;tag=1e0be518
          From: "Jochen E72 TLS UNCC"<sip:5553001@sec.maeg.com>;tag=as4ef71c16
          Call-ID: 035b2c465a81dd720d193f00012f7e7d@sec.maeg.com
          CSeq: 102 INVITE
          User-Agent: eyeBeam release 1102q stamp 51814
          Content-Length: 0

          <------------->
          — (9 headers 0 lines) —
          81-89-105-60*CLI>
          <--- Transmitting (NAT) to 86.96.229.88:55324 --->
          SIP/2.0 180 Ringing
          Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bKrvljqrmjo82unjm3e0p77j3;received=86.96.229.88;rport=55324
          From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg
          To: <sips:5553000@sec.maeg.com;user=phone>;tag=as48b920d0
          Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9
          CSeq: 3097 INVITE
          Server: MAEG TLS SEC
          Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
          Supported: replaces, timer
          Require: timer
          Session-Expires: 300;refresher=uas
          Contact: <sip:5553000@65.49.14.19;transport=TLS>
          Content-Length: 0

          <------------>
          81-89-105-60*CLI>
          <--- SIP read from TLS:86.96.229.88:50093 --->

          <------------->
          81-89-105-60*CLI>
          <--- SIP read from TLS:86.96.229.88:50093 --->
          SIP/2.0 200 OK
          Via: SIP/2.0/TLS 65.49.14.19:5061;branch=z9hG4bK16f800a2;rport=5061
          Contact: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>
          To: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>;tag=1e0be518
          From: "Jochen E72 TLS UNCC"<sip:5553001@sec.maeg.com>;tag=as4ef71c16
          Call-ID: 035b2c465a81dd720d193f00012f7e7d@sec.maeg.com
          CSeq: 102 INVITE
          Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO
          Content-Type: application/sdp
          User-Agent: eyeBeam release 1102q stamp 51814
          Content-Length: 217

          v=0
          o=- 8 2 IN IP4 192.168.178.63
          s=CounterPath eyeBeam 1.5
          c=IN IP4 192.168.178.63
          t=0 0
          m=audio 19038 RTP/SAVP 8
          a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:0CpsUAIJO2Ww0QMEE9UkDtZQ9+FOPrJTVnLjVQsS
          a=sendrecv

          <------------->
          — (11 headers 8 lines) —
          Found RTP audio format 8
          Capabilities: us - 0x8 (alaw), peer - audio=0x8 (alaw)/video=0x0 (nothing)/text=0x0 (nothing), combined - 0x8 (alaw)
          Non-codec capabilities (dtmf): us - 0x0 (nothing), peer - 0x0 (nothing), combined - 0x0 (nothing)
          Peer audio RTP is at port 192.168.178.63:19038
          list_route: hop: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>
          set_destination: Parsing <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b> for address/port to send to
          set_destination: set destination to 86.96.229.88, port 50093
          Transmitting (NAT) to 86.96.229.88:50093:
          ACK sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b SIP/2.0
          Via: SIP/2.0/TLS 65.49.14.19:5061;branch=z9hG4bK76b0b58b;rport
          Max-Forwards: 70
          From: "Jochen E72 TLS UNCC" <sip:5553001@sec.maeg.com>;tag=as4ef71c16
          To: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>;tag=1e0be518
          Contact: <sip:5553001@65.49.14.19;transport=TLS>
          Call-ID: 035b2c465a81dd720d193f00012f7e7d@sec.maeg.com
          CSeq: 102 ACK
          User-Agent: MAEG TLS SEC
          Content-Length: 0


          Audio is at 65.49.14.19 port 30144
          Adding codec 0x8 (alaw) to SDP

          <--- Reliably Transmitting (NAT) to 86.96.229.88:55324 --->
          SIP/2.0 200 OK
          Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bKrvljqrmjo82unjm3e0p77j3;received=86.96.229.88;rport=55324
          From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg
          To: <sips:5553000@sec.maeg.com;user=phone>;tag=as48b920d0
          Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9
          CSeq: 3097 INVITE
          Server: MAEG TLS SEC
          Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
          Supported: replaces, timer
          Require: timer
          Session-Expires: 300;refresher=uas
          Contact: <sip:5553000@65.49.14.19;transport=TLS>
          Content-Type: application/sdp
          Content-Length: 280

          v=0
          o=MAEG 809561325 809561325 IN IP4 65.49.14.19
          s=MAEG TLS
          c=IN IP4 65.49.14.19
          t=0 0
          m=audio 30144 RTP/SAVP 8
          a=rtpmap:8 PCMA/8000
          a=silenceSupp:off - - - -
          a=ptime:20
          a=sendrecv
          a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:rqDJHu7XQpTyamgsQeoA9KkgTOfbGOLHvW87nyD9

          <------------>
          81-89-105-60*CLI>
          <--- SIP read from TLS:86.96.229.88:55324 --->
          ACK sip:5553000@65.49.14.19;transport=TLS SIP/2.0
          Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bKtrcnhoia12oprjm3qlh3cs3;rport
          To: <sips:5553000@sec.maeg.com;user=phone>;tag=as48b920d0
          From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg
          Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9
          CSeq: 3097 ACK
          Supported: sec-agree
          Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,INVITE,ACK,CANCEL,OPTIONS,BYE
          Max-Forwards: 70
          Authorization: Digest realm="maeg.com",nonce="6ae9216f",algorithm=MD5,username="5553001",uri="sips:5553000@sec.maeg.com;user=phone",response="ee9ec3e329301a764d7b54cf61d08586"
          Content-Length: 0

          <------------->
          — (11 headers 0 lines) —
          [May 5 06:09:00] NOTICE[30684]: res_rtp_asterisk.c:2128 ast_rtp_read: Unknown RTP codec 120 received from '86.96.229.88'
          81-89-105-60*CLI>
          <--- SIP read from TLS:86.96.229.88:55324 --->
          BYE sip:5553000@65.49.14.19;transport=TLS SIP/2.0
          Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bKqkiv8sk20phc73vsv576rsl;rport
          To: <sips:5553000@sec.maeg.com;user=phone>;tag=as48b920d0
          From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg
          Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9
          CSeq: 3098 BYE
          Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,INVITE,ACK,CANCEL,OPTIONS,BYE
          Max-Forwards: 70
          Content-Length: 0

          <------------->
          — (9 headers 0 lines) —
          Sending to 86.96.229.88 : 55324 (NAT)

          <--- Transmitting (NAT) to 86.96.229.88:55324 --->
          SIP/2.0 200 OK
          Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bKqkiv8sk20phc73vsv576rsl;received=86.96.229.88;rport=55324
          From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg
          To: <sips:5553000@sec.maeg.com;user=phone>;tag=as48b920d0
          Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9
          CSeq: 3098 BYE
          Server: MAEG TLS SEC
          Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
          Supported: replaces, timer
          Content-Length: 0

          <------------>
          Scheduling destruction of SIP dialog '035b2c465a81dd720d193f00012f7e7d@sec.maeg.com' in 18112 ms (Method: INVITE)
          set_destination: Parsing <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b> for address/port to send to
          set_destination: set destination to 86.96.229.88, port 50093
          Reliably Transmitting (NAT) to 86.96.229.88:50093:
          BYE sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b SIP/2.0
          Via: SIP/2.0/TLS 65.49.14.19:5061;branch=z9hG4bK10e987bd;rport
          Max-Forwards: 70
          From: "Jochen E72 TLS UNCC" <sip:5553001@sec.maeg.com>;tag=as4ef71c16
          To: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>;tag=1e0be518
          Call-ID: 035b2c465a81dd720d193f00012f7e7d@sec.maeg.com
          CSeq: 103 BYE
          User-Agent: MAEG TLS SEC
          X-Asterisk-HangupCause: Normal Clearing
          X-Asterisk-HangupCauseCode: 16
          Content-Length: 0


          81-89-105-60*CLI>
          <--- SIP read from TLS:86.96.229.88:50093 --->
          SIP/2.0 200 OK
          Via: SIP/2.0/TLS 65.49.14.19:5061;branch=z9hG4bK10e987bd;rport=5061
          Contact: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>
          To: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>;tag=1e0be518
          From: "Jochen E72 TLS UNCC"<sip:5553001@sec.maeg.com>;tag=as4ef71c16
          Call-ID: 035b2c465a81dd720d193f00012f7e7d@sec.maeg.com
          CSeq: 103 BYE
          User-Agent: eyeBeam release 1102q stamp 51814
          Content-Length: 0

          <------------->
          — (9 headers 0 lines) —
          Really destroying SIP dialog '035b2c465a81dd720d193f00012f7e7d@sec.maeg.com' Method: INVITE
          Really destroying SIP dialog 'yflivjE3oIccB07J2B7_JOYGHFZeU9' Method: BYE
          81-89-105-60*CLI>
          <--- SIP read from TLS:86.96.229.88:50093 --->

          <------------->
          Reliably Transmitting (NAT) to 86.96.229.88:50093:
          OPTIONS sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b SIP/2.0
          Via: SIP/2.0/TLS 65.49.14.19:5061;branch=z9hG4bK3497fb47;rport
          Max-Forwards: 70
          From: "asterisk" <sip:asterisk@sec.maeg.com>;tag=as4f0d4c84
          To: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>
          Contact: <sip:asterisk@65.49.14.19;transport=TLS>
          Call-ID: 2343369555c993812d027d3b58728dac@sec.maeg.com
          CSeq: 102 OPTIONS
          User-Agent: MAEG TLS SEC
          Date: Wed, 05 May 2010 06:09:15 GMT
          Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
          Supported: replaces, timer
          Content-Length: 0


          81-89-105-60*CLI>
          <--- SIP read from TLS:86.96.229.88:50093 --->
          SIP/2.0 200 OK
          Via: SIP/2.0/TLS 65.49.14.19:5061;branch=z9hG4bK3497fb47;rport=5061
          Contact: <sip:192.168.178.63:41141;transport=TLS>
          To: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>;tag=a6647e1e
          From: "asterisk"<sip:asterisk@sec.maeg.com>;tag=as4f0d4c84
          Call-ID: 2343369555c993812d027d3b58728dac@sec.maeg.com
          CSeq: 102 OPTIONS
          Accept: application/sdp
          Accept-Language: en
          Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO
          User-Agent: eyeBeam release 1102q stamp 51814
          Content-Length: 0

          <------------->
          — (12 headers 0 lines) —
          81-89-105-60*CLI>
          <--- SIP read from TLS:86.96.229.88:50093 --->
          SUBSCRIBE sip:5553000@sec.maeg.com:5061 SIP/2.0
          Via: SIP/2.0/TLS 192.168.178.63:41141;branch=z9hG4bK-d8754z-e87db67f1474f45a-1--d8754z;rport
          Max-Forwards: 70
          Contact: <sip:5553000@86.96.229.88:50093;transport=TLS>
          To: "MAEG ENCRYPTED"<sip:5553000@sec.maeg.com:5061>
          From: "MAEG ENCRYPTED"<sip:5553000@sec.maeg.com:5061>;tag=0d216377
          Call-ID: NDQ5MTU5MmZiM2VlMjk2YjY4ZjYzNWJjZWI5MTczMDk.
          CSeq: 1 SUBSCRIBE
          Expires: 300
          Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO
          User-Agent: eyeBeam release 1102q stamp 51814
          Event: message-summary
          Content-Length: 0

          <------------->
          — (13 headers 0 lines) —
          Creating new subscription
          Sending to 86.96.229.88 : 41141 (no NAT)
          list_route: hop: <sip:5553000@86.96.229.88:50093;transport=TLS>
          Found peer '5553000' for '5553000' from 86.96.229.88:50093

          <--- Transmitting (NAT) to 86.96.229.88:50093 --->
          SIP/2.0 401 Unauthorized
          Via: SIP/2.0/TLS 192.168.178.63:41141;branch=z9hG4bK-d8754z-e87db67f1474f45a-1--d8754z;received=86.96.229.88;rport=50093
          From: "MAEG ENCRYPTED"<sip:5553000@sec.maeg.com:5061>;tag=0d216377
          To: "MAEG ENCRYPTED"<sip:5553000@sec.maeg.com:5061>;tag=as5bec72bd
          Call-ID: NDQ5MTU5MmZiM2VlMjk2YjY4ZjYzNWJjZWI5MTczMDk.
          CSeq: 1 SUBSCRIBE
          Server: MAEG TLS SEC
          Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
          Supported: replaces, timer
          WWW-Authenticate: Digest algorithm=MD5, realm="maeg.com", nonce="3e0e64a3"
          Content-Length: 0

          <------------>
          Scheduling destruction of SIP dialog 'NDQ5MTU5MmZiM2VlMjk2YjY4ZjYzNWJjZWI5MTczMDk.' in 17920 ms (Method: SUBSCRIBE)
          Really destroying SIP dialog '2343369555c993812d027d3b58728dac@sec.maeg.com' Method: OPTIONS
          81-89-105-60*CLI>
          <--- SIP read from TLS:86.96.229.88:50093 --->
          SUBSCRIBE sip:5553000@sec.maeg.com:5061 SIP/2.0
          Via: SIP/2.0/TLS 192.168.178.63:41141;branch=z9hG4bK-d8754z-0a5ca014d30f4762-1--d8754z;rport
          Max-Forwards: 70
          Contact: <sip:5553000@86.96.229.88:50093;transport=TLS>
          To: "MAEG ENCRYPTED"<sip:5553000@sec.maeg.com:5061>
          From: "MAEG ENCRYPTED"<sip:5553000@sec.maeg.com:5061>;tag=0d216377
          Call-ID: NDQ5MTU5MmZiM2VlMjk2YjY4ZjYzNWJjZWI5MTczMDk.
          CSeq: 2 SUBSCRIBE
          Expires: 300
          Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO
          User-Agent: eyeBeam release 1102q stamp 51814
          Authorization: Digest username="5553000",realm="maeg.com",nonce="3e0e64a3",uri="sip:5553000@sec.maeg.com:5061",response="8d8381f5cdca8138a8e8f5219d58991f",algorithm=MD5
          Event: message-summary
          Content-Length: 0

          <------------->
          — (14 headers 0 lines) —
          Creating new subscription
          Sending to 86.96.229.88 : 50093 (NAT)
          Found peer '5553000' for '5553000' from 86.96.229.88:50093

          <--- Transmitting (NAT) to 86.96.229.88:50093 --->
          SIP/2.0 404 Not found (no mailbox)
          Via: SIP/2.0/TLS 192.168.178.63:41141;branch=z9hG4bK-d8754z-0a5ca014d30f4762-1--d8754z;received=86.96.229.88;rport=50093
          From: "MAEG ENCRYPTED"<sip:5553000@sec.maeg.com:5061>;tag=0d216377
          To: "MAEG ENCRYPTED"<sip:5553000@sec.maeg.com:5061>;tag=as5bec72bd
          Call-ID: NDQ5MTU5MmZiM2VlMjk2YjY4ZjYzNWJjZWI5MTczMDk.
          CSeq: 2 SUBSCRIBE
          Server: MAEG TLS SEC
          Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
          Supported: replaces, timer
          Content-Length: 0

          Show
          joels added a comment - Call from a Nokia E72 (31.023) -> eyeBeam: <--- SIP read from TLS:86.96.229.88:55324 ---> INVITE sips:5553000@sec.maeg.com;user=phone SIP/2.0 Route: <sips:sec.maeg.com:6000;lr;transport=TCP> Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bK3b632jceelhc6trv07mgkmi;rport From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg To: <sips:5553000@sec.maeg.com;user=phone> Contact: <sips:4cWDAREngqRPezacKC47@192.168.178.104;transport=TCP> Supported: precondition,100rel,timer,sec-agree CSeq: 3096 INVITE Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9 Allow: UPDATE,PRACK,SUBSCRIBE,REFER,NOTIFY,INVITE,ACK,CANCEL,OPTIONS,BYE User-Agent: Nokia RM-530 031.023 00-BD-3A-00-10-8C Expires: 120 Privacy: None Session-Expires: 300 Max-Forwards: 70 Content-Type: application/sdp Accept-Language: de Content-Length: 524 v=0 o=5553001 63441302944196250 63441302944196250 IN IP4 192.168.178.104 s=- c=IN IP4 192.168.178.104 t=0 0 m=audio 16384 RTP/SAVP 8 18 98 a=sendrecv a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:VGI3Y2N5ZUFhM015UnZTZ0VnakVXeWJXdjRJQWhV a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:ZVBBUmhWQlc2SWJzTWl5Ml9Hc1psMFRBZEc0Q3VS a=curr:sec e2e none a=des:sec optional e2e sendrecv a=rtpmap:8 PCMA/8000 a=ptime:20 a=maxptime:200 a=rtpmap:18 G729/8000 a=fmtp:18 annexb=yes a=rtpmap:98 telephone-event/8000 a=fmtp:98 0-15 <-------------> — (18 headers 18 lines) — Sending to 86.96.229.88 : 5060 (no NAT) Using INVITE request as basis request - yflivjE3oIccB07J2B7_JOYGHFZeU9 Found peer '5553001' for '5553001' from 86.96.229.88:55324 81-89-105-60*CLI> <--- Reliably Transmitting (NAT) to 86.96.229.88:55324 ---> SIP/2.0 401 Unauthorized Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bK3b632jceelhc6trv07mgkmi;received=86.96.229.88;rport=55324 From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg To: <sips:5553000@sec.maeg.com;user=phone>;tag=as59fd410d Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9 CSeq: 3096 INVITE Server: MAEG TLS SEC Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces, timer WWW-Authenticate: Digest algorithm=MD5, realm="maeg.com", nonce="6ae9216f" Content-Length: 0 <------------> Scheduling destruction of SIP dialog 'yflivjE3oIccB07J2B7_JOYGHFZeU9' in 32000 ms (Method: INVITE) 81-89-105-60*CLI> <--- SIP read from TLS:86.96.229.88:55324 ---> ACK sips:5553000@sec.maeg.com;user=phone SIP/2.0 Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bK3b632jceelhc6trv07mgkmi;rport Route: <sips:sec.maeg.com:6000;lr;transport=TCP> From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg To: <sips:5553000@sec.maeg.com;user=phone>;tag=as59fd410d Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9 CSeq: 3096 ACK Supported: sec-agree Max-Forwards: 70 Content-Length: 0 <-------------> — (10 headers 0 lines) — 81-89-105-60*CLI> <--- SIP read from TLS:86.96.229.88:55324 ---> INVITE sips:5553000@sec.maeg.com;user=phone SIP/2.0 Route: <sips:sec.maeg.com:6000;lr;transport=TCP> Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bKrvljqrmjo82unjm3e0p77j3;rport From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg To: <sips:5553000@sec.maeg.com;user=phone> Contact: <sips:4cWDAREngqRPezacKC47@192.168.178.104;transport=TCP> Supported: precondition,100rel,timer,sec-agree CSeq: 3097 INVITE Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9 Allow: UPDATE,PRACK,SUBSCRIBE,REFER,NOTIFY,INVITE,ACK,CANCEL,OPTIONS,BYE User-Agent: Nokia RM-530 031.023 00-BD-3A-00-10-8C Expires: 120 Privacy: None Session-Expires: 300 Max-Forwards: 70 Authorization: Digest realm="maeg.com",nonce="6ae9216f",algorithm=MD5,username="5553001",uri="sips:5553000@sec.maeg.com;user=phone",response="ee9ec3e329301a764d7b54cf61d08586" Content-Type: application/sdp Accept-Language: de Content-Length: 524 v=0 o=5553001 63441302944196250 63441302944196250 IN IP4 192.168.178.104 s=- c=IN IP4 192.168.178.104 t=0 0 m=audio 16384 RTP/SAVP 8 18 98 a=sendrecv a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:VGI3Y2N5ZUFhM015UnZTZ0VnakVXeWJXdjRJQWhV a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:ZVBBUmhWQlc2SWJzTWl5Ml9Hc1psMFRBZEc0Q3VS a=curr:sec e2e none a=des:sec optional e2e sendrecv a=rtpmap:8 PCMA/8000 a=ptime:20 a=maxptime:200 a=rtpmap:18 G729/8000 a=fmtp:18 annexb=yes a=rtpmap:98 telephone-event/8000 a=fmtp:98 0-15 <-------------> — (19 headers 18 lines) — Sending to 86.96.229.88 : 55324 (NAT) Using INVITE request as basis request - yflivjE3oIccB07J2B7_JOYGHFZeU9 Found peer '5553001' for '5553001' from 86.96.229.88:55324 Found RTP audio format 8 Found RTP audio format 18 Found RTP audio format 98 Found audio description format PCMA for ID 8 Found audio description format G729 for ID 18 Found audio description format telephone-event for ID 98 Capabilities: us - 0x8 (alaw), peer - audio=0x108 (alaw|g729)/video=0x0 (nothing)/text=0x0 (nothing), combined - 0x8 (alaw) Non-codec capabilities (dtmf): us - 0x0 (nothing), peer - 0x1 (telephone-event|), combined - 0x0 (nothing) Peer audio RTP is at port 192.168.178.104:16384 Looking for 5553000 in from-sip (domain sec.maeg.com) list_route: hop: <sips:4cWDAREngqRPezacKC47@192.168.178.104;transport=TCP> 81-89-105-60*CLI> <--- Transmitting (NAT) to 86.96.229.88:55324 ---> SIP/2.0 100 Trying Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bKrvljqrmjo82unjm3e0p77j3;received=86.96.229.88;rport=55324 From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg To: <sips:5553000@sec.maeg.com;user=phone> Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9 CSeq: 3097 INVITE Server: MAEG TLS SEC Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces, timer Require: timer Session-Expires: 300;refresher=uas Contact: <sip:5553000@65.49.14.19;transport=TLS> Content-Length: 0 <------------> Audio is at 65.49.14.19 port 27064 Adding codec 0x8 (alaw) to SDP Reliably Transmitting (NAT) to 86.96.229.88:50093: INVITE sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b SIP/2.0 Via: SIP/2.0/TLS 65.49.14.19:5061;branch=z9hG4bK16f800a2;rport Max-Forwards: 70 From: "Jochen E72 TLS UNCC" <sip:5553001@sec.maeg.com>;tag=as4ef71c16 To: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b> Contact: <sip:5553001@65.49.14.19;transport=TLS> Call-ID: 035b2c465a81dd720d193f00012f7e7d@sec.maeg.com CSeq: 102 INVITE User-Agent: MAEG TLS SEC Date: Wed, 05 May 2010 06:08:40 GMT Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces, timer Content-Type: application/sdp Content-Length: 280 v=0 o=MAEG 569318442 569318442 IN IP4 65.49.14.19 s=MAEG TLS c=IN IP4 65.49.14.19 t=0 0 m=audio 27064 RTP/SAVP 8 a=rtpmap:8 PCMA/8000 a=silenceSupp:off - - - - a=ptime:20 a=sendrecv a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:4lyVB4wPy9uP1olUfUDmRyGNC+u8wGxNWLMtnl70 — 81-89-105-60*CLI> <--- SIP read from TLS:86.96.229.88:50093 ---> SIP/2.0 180 Ringing Via: SIP/2.0/TLS 65.49.14.19:5061;branch=z9hG4bK16f800a2;rport=5061 Contact: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b> To: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>;tag=1e0be518 From: "Jochen E72 TLS UNCC"<sip:5553001@sec.maeg.com>;tag=as4ef71c16 Call-ID: 035b2c465a81dd720d193f00012f7e7d@sec.maeg.com CSeq: 102 INVITE User-Agent: eyeBeam release 1102q stamp 51814 Content-Length: 0 <-------------> — (9 headers 0 lines) — 81-89-105-60*CLI> <--- Transmitting (NAT) to 86.96.229.88:55324 ---> SIP/2.0 180 Ringing Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bKrvljqrmjo82unjm3e0p77j3;received=86.96.229.88;rport=55324 From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg To: <sips:5553000@sec.maeg.com;user=phone>;tag=as48b920d0 Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9 CSeq: 3097 INVITE Server: MAEG TLS SEC Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces, timer Require: timer Session-Expires: 300;refresher=uas Contact: <sip:5553000@65.49.14.19;transport=TLS> Content-Length: 0 <------------> 81-89-105-60*CLI> <--- SIP read from TLS:86.96.229.88:50093 ---> <-------------> 81-89-105-60*CLI> <--- SIP read from TLS:86.96.229.88:50093 ---> SIP/2.0 200 OK Via: SIP/2.0/TLS 65.49.14.19:5061;branch=z9hG4bK16f800a2;rport=5061 Contact: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b> To: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>;tag=1e0be518 From: "Jochen E72 TLS UNCC"<sip:5553001@sec.maeg.com>;tag=as4ef71c16 Call-ID: 035b2c465a81dd720d193f00012f7e7d@sec.maeg.com CSeq: 102 INVITE Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO Content-Type: application/sdp User-Agent: eyeBeam release 1102q stamp 51814 Content-Length: 217 v=0 o=- 8 2 IN IP4 192.168.178.63 s=CounterPath eyeBeam 1.5 c=IN IP4 192.168.178.63 t=0 0 m=audio 19038 RTP/SAVP 8 a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:0CpsUAIJO2Ww0QMEE9UkDtZQ9+FOPrJTVnLjVQsS a=sendrecv <-------------> — (11 headers 8 lines) — Found RTP audio format 8 Capabilities: us - 0x8 (alaw), peer - audio=0x8 (alaw)/video=0x0 (nothing)/text=0x0 (nothing), combined - 0x8 (alaw) Non-codec capabilities (dtmf): us - 0x0 (nothing), peer - 0x0 (nothing), combined - 0x0 (nothing) Peer audio RTP is at port 192.168.178.63:19038 list_route: hop: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b> set_destination: Parsing <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b> for address/port to send to set_destination: set destination to 86.96.229.88, port 50093 Transmitting (NAT) to 86.96.229.88:50093: ACK sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b SIP/2.0 Via: SIP/2.0/TLS 65.49.14.19:5061;branch=z9hG4bK76b0b58b;rport Max-Forwards: 70 From: "Jochen E72 TLS UNCC" <sip:5553001@sec.maeg.com>;tag=as4ef71c16 To: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>;tag=1e0be518 Contact: <sip:5553001@65.49.14.19;transport=TLS> Call-ID: 035b2c465a81dd720d193f00012f7e7d@sec.maeg.com CSeq: 102 ACK User-Agent: MAEG TLS SEC Content-Length: 0 — Audio is at 65.49.14.19 port 30144 Adding codec 0x8 (alaw) to SDP <--- Reliably Transmitting (NAT) to 86.96.229.88:55324 ---> SIP/2.0 200 OK Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bKrvljqrmjo82unjm3e0p77j3;received=86.96.229.88;rport=55324 From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg To: <sips:5553000@sec.maeg.com;user=phone>;tag=as48b920d0 Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9 CSeq: 3097 INVITE Server: MAEG TLS SEC Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces, timer Require: timer Session-Expires: 300;refresher=uas Contact: <sip:5553000@65.49.14.19;transport=TLS> Content-Type: application/sdp Content-Length: 280 v=0 o=MAEG 809561325 809561325 IN IP4 65.49.14.19 s=MAEG TLS c=IN IP4 65.49.14.19 t=0 0 m=audio 30144 RTP/SAVP 8 a=rtpmap:8 PCMA/8000 a=silenceSupp:off - - - - a=ptime:20 a=sendrecv a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:rqDJHu7XQpTyamgsQeoA9KkgTOfbGOLHvW87nyD9 <------------> 81-89-105-60*CLI> <--- SIP read from TLS:86.96.229.88:55324 ---> ACK sip:5553000@65.49.14.19;transport=TLS SIP/2.0 Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bKtrcnhoia12oprjm3qlh3cs3;rport To: <sips:5553000@sec.maeg.com;user=phone>;tag=as48b920d0 From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9 CSeq: 3097 ACK Supported: sec-agree Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,INVITE,ACK,CANCEL,OPTIONS,BYE Max-Forwards: 70 Authorization: Digest realm="maeg.com",nonce="6ae9216f",algorithm=MD5,username="5553001",uri="sips:5553000@sec.maeg.com;user=phone",response="ee9ec3e329301a764d7b54cf61d08586" Content-Length: 0 <-------------> — (11 headers 0 lines) — [May 5 06:09:00] NOTICE [30684] : res_rtp_asterisk.c:2128 ast_rtp_read: Unknown RTP codec 120 received from '86.96.229.88' 81-89-105-60*CLI> <--- SIP read from TLS:86.96.229.88:55324 ---> BYE sip:5553000@65.49.14.19;transport=TLS SIP/2.0 Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bKqkiv8sk20phc73vsv576rsl;rport To: <sips:5553000@sec.maeg.com;user=phone>;tag=as48b920d0 From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9 CSeq: 3098 BYE Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,INVITE,ACK,CANCEL,OPTIONS,BYE Max-Forwards: 70 Content-Length: 0 <-------------> — (9 headers 0 lines) — Sending to 86.96.229.88 : 55324 (NAT) <--- Transmitting (NAT) to 86.96.229.88:55324 ---> SIP/2.0 200 OK Via: SIP/2.0/TLS 192.168.178.104:5060;branch=z9hG4bKqkiv8sk20phc73vsv576rsl;received=86.96.229.88;rport=55324 From: <sip:5553001@sec.maeg.com>;tag=9ai528m7n9hc642907mg To: <sips:5553000@sec.maeg.com;user=phone>;tag=as48b920d0 Call-ID: yflivjE3oIccB07J2B7_JOYGHFZeU9 CSeq: 3098 BYE Server: MAEG TLS SEC Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces, timer Content-Length: 0 <------------> Scheduling destruction of SIP dialog '035b2c465a81dd720d193f00012f7e7d@sec.maeg.com' in 18112 ms (Method: INVITE) set_destination: Parsing <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b> for address/port to send to set_destination: set destination to 86.96.229.88, port 50093 Reliably Transmitting (NAT) to 86.96.229.88:50093: BYE sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b SIP/2.0 Via: SIP/2.0/TLS 65.49.14.19:5061;branch=z9hG4bK10e987bd;rport Max-Forwards: 70 From: "Jochen E72 TLS UNCC" <sip:5553001@sec.maeg.com>;tag=as4ef71c16 To: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>;tag=1e0be518 Call-ID: 035b2c465a81dd720d193f00012f7e7d@sec.maeg.com CSeq: 103 BYE User-Agent: MAEG TLS SEC X-Asterisk-HangupCause: Normal Clearing X-Asterisk-HangupCauseCode: 16 Content-Length: 0 — 81-89-105-60*CLI> <--- SIP read from TLS:86.96.229.88:50093 ---> SIP/2.0 200 OK Via: SIP/2.0/TLS 65.49.14.19:5061;branch=z9hG4bK10e987bd;rport=5061 Contact: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b> To: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>;tag=1e0be518 From: "Jochen E72 TLS UNCC"<sip:5553001@sec.maeg.com>;tag=as4ef71c16 Call-ID: 035b2c465a81dd720d193f00012f7e7d@sec.maeg.com CSeq: 103 BYE User-Agent: eyeBeam release 1102q stamp 51814 Content-Length: 0 <-------------> — (9 headers 0 lines) — Really destroying SIP dialog '035b2c465a81dd720d193f00012f7e7d@sec.maeg.com' Method: INVITE Really destroying SIP dialog 'yflivjE3oIccB07J2B7_JOYGHFZeU9' Method: BYE 81-89-105-60*CLI> <--- SIP read from TLS:86.96.229.88:50093 ---> <-------------> Reliably Transmitting (NAT) to 86.96.229.88:50093: OPTIONS sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b SIP/2.0 Via: SIP/2.0/TLS 65.49.14.19:5061;branch=z9hG4bK3497fb47;rport Max-Forwards: 70 From: "asterisk" <sip:asterisk@sec.maeg.com>;tag=as4f0d4c84 To: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b> Contact: <sip:asterisk@65.49.14.19;transport=TLS> Call-ID: 2343369555c993812d027d3b58728dac@sec.maeg.com CSeq: 102 OPTIONS User-Agent: MAEG TLS SEC Date: Wed, 05 May 2010 06:09:15 GMT Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces, timer Content-Length: 0 — 81-89-105-60*CLI> <--- SIP read from TLS:86.96.229.88:50093 ---> SIP/2.0 200 OK Via: SIP/2.0/TLS 65.49.14.19:5061;branch=z9hG4bK3497fb47;rport=5061 Contact: <sip:192.168.178.63:41141;transport=TLS> To: <sip:5553000@86.96.229.88:50093;transport=TLS;rinstance=ce2ef0e4a7a3494b>;tag=a6647e1e From: "asterisk"<sip:asterisk@sec.maeg.com>;tag=as4f0d4c84 Call-ID: 2343369555c993812d027d3b58728dac@sec.maeg.com CSeq: 102 OPTIONS Accept: application/sdp Accept-Language: en Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO User-Agent: eyeBeam release 1102q stamp 51814 Content-Length: 0 <-------------> — (12 headers 0 lines) — 81-89-105-60*CLI> <--- SIP read from TLS:86.96.229.88:50093 ---> SUBSCRIBE sip:5553000@sec.maeg.com:5061 SIP/2.0 Via: SIP/2.0/TLS 192.168.178.63:41141;branch=z9hG4bK-d8754z-e87db67f1474f45a-1-- d8754z ;rport Max-Forwards: 70 Contact: <sip:5553000@86.96.229.88:50093;transport=TLS> To: "MAEG ENCRYPTED"<sip:5553000@sec.maeg.com:5061> From: "MAEG ENCRYPTED"<sip:5553000@sec.maeg.com:5061>;tag=0d216377 Call-ID: NDQ5MTU5MmZiM2VlMjk2YjY4ZjYzNWJjZWI5MTczMDk. CSeq: 1 SUBSCRIBE Expires: 300 Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO User-Agent: eyeBeam release 1102q stamp 51814 Event: message-summary Content-Length: 0 <-------------> — (13 headers 0 lines) — Creating new subscription Sending to 86.96.229.88 : 41141 (no NAT) list_route: hop: <sip:5553000@86.96.229.88:50093;transport=TLS> Found peer '5553000' for '5553000' from 86.96.229.88:50093 <--- Transmitting (NAT) to 86.96.229.88:50093 ---> SIP/2.0 401 Unauthorized Via: SIP/2.0/TLS 192.168.178.63:41141;branch=z9hG4bK-d8754z-e87db67f1474f45a-1-- d8754z ;received=86.96.229.88;rport=50093 From: "MAEG ENCRYPTED"<sip:5553000@sec.maeg.com:5061>;tag=0d216377 To: "MAEG ENCRYPTED"<sip:5553000@sec.maeg.com:5061>;tag=as5bec72bd Call-ID: NDQ5MTU5MmZiM2VlMjk2YjY4ZjYzNWJjZWI5MTczMDk. CSeq: 1 SUBSCRIBE Server: MAEG TLS SEC Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces, timer WWW-Authenticate: Digest algorithm=MD5, realm="maeg.com", nonce="3e0e64a3" Content-Length: 0 <------------> Scheduling destruction of SIP dialog 'NDQ5MTU5MmZiM2VlMjk2YjY4ZjYzNWJjZWI5MTczMDk.' in 17920 ms (Method: SUBSCRIBE) Really destroying SIP dialog '2343369555c993812d027d3b58728dac@sec.maeg.com' Method: OPTIONS 81-89-105-60*CLI> <--- SIP read from TLS:86.96.229.88:50093 ---> SUBSCRIBE sip:5553000@sec.maeg.com:5061 SIP/2.0 Via: SIP/2.0/TLS 192.168.178.63:41141;branch=z9hG4bK-d8754z-0a5ca014d30f4762-1-- d8754z ;rport Max-Forwards: 70 Contact: <sip:5553000@86.96.229.88:50093;transport=TLS> To: "MAEG ENCRYPTED"<sip:5553000@sec.maeg.com:5061> From: "MAEG ENCRYPTED"<sip:5553000@sec.maeg.com:5061>;tag=0d216377 Call-ID: NDQ5MTU5MmZiM2VlMjk2YjY4ZjYzNWJjZWI5MTczMDk. CSeq: 2 SUBSCRIBE Expires: 300 Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO User-Agent: eyeBeam release 1102q stamp 51814 Authorization: Digest username="5553000",realm="maeg.com",nonce="3e0e64a3",uri="sip:5553000@sec.maeg.com:5061",response="8d8381f5cdca8138a8e8f5219d58991f",algorithm=MD5 Event: message-summary Content-Length: 0 <-------------> — (14 headers 0 lines) — Creating new subscription Sending to 86.96.229.88 : 50093 (NAT) Found peer '5553000' for '5553000' from 86.96.229.88:50093 <--- Transmitting (NAT) to 86.96.229.88:50093 ---> SIP/2.0 404 Not found (no mailbox) Via: SIP/2.0/TLS 192.168.178.63:41141;branch=z9hG4bK-d8754z-0a5ca014d30f4762-1-- d8754z ;received=86.96.229.88;rport=50093 From: "MAEG ENCRYPTED"<sip:5553000@sec.maeg.com:5061>;tag=0d216377 To: "MAEG ENCRYPTED"<sip:5553000@sec.maeg.com:5061>;tag=as5bec72bd Call-ID: NDQ5MTU5MmZiM2VlMjk2YjY4ZjYzNWJjZWI5MTczMDk. CSeq: 2 SUBSCRIBE Server: MAEG TLS SEC Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces, timer Content-Length: 0
          Hide
          joels added a comment -

          Nokia's info:

          • RFC 2246 The TLS Protocol Version 1.0:
          o SIP stack does not support incoming TLS connections. Thus proxies/registrars must support persistent TLS connections and be able to use existing connections to deliver SIP requests to the clients (connection reuse).
          o The following cipher suites may be used when setting up the TLS connection for SIP:
          a. TLS_RSA_WITH_AES_256_CBC_SHA
          b. TLS_RSA_WITH_AES_128_CBC_SHA
          c. TLS_RSA_WITH_3DES_EDE_CBC_SHA
          d. TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
          e. TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
          f. TLS_RSA_WITH_RC4_128_SHA
          g. TLS_RSA_WITH_RC4_128_MD5
          h. TLS_RSA_WITH_DES_CBC_SHA
          i. TLS_DHE_DSS_WITH_DES_CBC_SHA
          j. TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
          k. TLS_RSA_EXPORT_WITH_RC4_40_MD5
          l. TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
          m. TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
          • RFC 3262 Reliability of Provisional Responses in the Session Initiation Protocol (SIP):
          o Secure VoIP session establishment using security preconditions uses provisional responses sent by the UAS before the UAC has sent the SIP message "PRACK". Implementation follows RFC 3262 to achieve end-to-end reliability in transmitting such responses. Non-100 provisional responses are sent reliably if the initial INVITE request contained either a SUPPORTED or REQUIRE header field with the option tag "100rel".
          • RFC 3711 The Secure Real-Time Transport Protocol (SRTP):
          o The SRTP use is signaled by either having defined secure RTP transport "RTP/SAVP" in an SDP media line or a=crypto as a media attribute in an SDP document. "RTP/SAVPF" is not supported.
          o Implementation supports RTP/RTCP stream authentication and encryption with replay protection according to RFC 3711:
          a. Same master key is shared with RTP/RTCP streams.
          b. Section 8.1.1 Use of the <From, To> for re-keying is not supported.
          • RFC 4568 Session Description Protocol Security Descriptions for Media Streams:
          o SDP attribute "crypto" is used to signal and negotiate cryptographic parameters for media streams. This negotiation is secured by TLS.
          o Implementation supports security descriptions according to RFC 4568 with the following restrictions:
          Implementation Specifications for Nokia S60 VoIP 17
          Forum.Nokia.com
          a. The following crypto suites are supported: AES_CM_128_HMAC_SHA1_80 (offered as default), F8_128_HMAC_SHA1_80 (supported if offered in the initial INVITE), AES_CM_128_HMAC_SHA1_32 (supported if offered in the initial INVITE).
          b. The following session parameters are supported: KDR.
          c. The following session parameters are not supported: UNENCRYPTED_SRTCP, UNENCRYPTED_SRTP, UNAUTHENTICATED_SRTP, FEC_ORDER, FEC_KEY, WSH.
          d. Re-keying is not recommended for IP telephony. Thus the optional lifetime field of the SRTP key parameter is not supported. Key rotation based on MKI is neither supported, though the MKI field in the SRTP key parameter is accepted if only one inline key parameter is provided with a=crypto attribute.
          e. Section 6.4.2. Sharing cryptographic contexts among Sessions or SSRCs is not supported.
          f. Section 7.1.4. Modifying the session: Only key parameters can be modified during the session. Initially negotiated crypto suite must remain the same through all session modifications. If new offer cannot be accepted, the old crypto parameters remain in place.
          • RFC 5027 Security Preconditions for Session Description Protocol Media Streams:
          o The negotiation of cryptographic parameters when establishing a secure VoIP session may take use of security preconditions, as defined in RFC 5027. The only supported precondition type is "sec". All the precondition attributes ("curr", "des", "conf") are supported as are all the precondition tags (strength, status, and direction). Strength is set as "optional" in the initial INVITE to increase interoperability with other vendors since security preconditions as a concept is published as a draft at this stage. When an offer with preconditions is received, the strength is increased to "mandatory" to prevent clipping effect and ghost calls from happening. Security descriptions may also be negotiated without using security preconditions if the other party does not support the concept.

          Show
          joels added a comment - Nokia's info: • RFC 2246 The TLS Protocol Version 1.0: o SIP stack does not support incoming TLS connections. Thus proxies/registrars must support persistent TLS connections and be able to use existing connections to deliver SIP requests to the clients (connection reuse). o The following cipher suites may be used when setting up the TLS connection for SIP: a. TLS_RSA_WITH_AES_256_CBC_SHA b. TLS_RSA_WITH_AES_128_CBC_SHA c. TLS_RSA_WITH_3DES_EDE_CBC_SHA d. TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA e. TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA f. TLS_RSA_WITH_RC4_128_SHA g. TLS_RSA_WITH_RC4_128_MD5 h. TLS_RSA_WITH_DES_CBC_SHA i. TLS_DHE_DSS_WITH_DES_CBC_SHA j. TLS_RSA_EXPORT_WITH_DES40_CBC_SHA k. TLS_RSA_EXPORT_WITH_RC4_40_MD5 l. TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA m. TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA • RFC 3262 Reliability of Provisional Responses in the Session Initiation Protocol (SIP): o Secure VoIP session establishment using security preconditions uses provisional responses sent by the UAS before the UAC has sent the SIP message "PRACK". Implementation follows RFC 3262 to achieve end-to-end reliability in transmitting such responses. Non-100 provisional responses are sent reliably if the initial INVITE request contained either a SUPPORTED or REQUIRE header field with the option tag "100rel". • RFC 3711 The Secure Real-Time Transport Protocol (SRTP): o The SRTP use is signaled by either having defined secure RTP transport "RTP/SAVP" in an SDP media line or a=crypto as a media attribute in an SDP document. "RTP/SAVPF" is not supported. o Implementation supports RTP/RTCP stream authentication and encryption with replay protection according to RFC 3711: a. Same master key is shared with RTP/RTCP streams. b. Section 8.1.1 Use of the <From, To> for re-keying is not supported. • RFC 4568 Session Description Protocol Security Descriptions for Media Streams: o SDP attribute "crypto" is used to signal and negotiate cryptographic parameters for media streams. This negotiation is secured by TLS. o Implementation supports security descriptions according to RFC 4568 with the following restrictions: Implementation Specifications for Nokia S60 VoIP 17 Forum.Nokia.com a. The following crypto suites are supported: AES_CM_128_HMAC_SHA1_80 (offered as default), F8_128_HMAC_SHA1_80 (supported if offered in the initial INVITE), AES_CM_128_HMAC_SHA1_32 (supported if offered in the initial INVITE). b. The following session parameters are supported: KDR. c. The following session parameters are not supported: UNENCRYPTED_SRTCP, UNENCRYPTED_SRTP, UNAUTHENTICATED_SRTP, FEC_ORDER, FEC_KEY, WSH. d. Re-keying is not recommended for IP telephony. Thus the optional lifetime field of the SRTP key parameter is not supported. Key rotation based on MKI is neither supported, though the MKI field in the SRTP key parameter is accepted if only one inline key parameter is provided with a=crypto attribute. e. Section 6.4.2. Sharing cryptographic contexts among Sessions or SSRCs is not supported. f. Section 7.1.4. Modifying the session: Only key parameters can be modified during the session. Initially negotiated crypto suite must remain the same through all session modifications. If new offer cannot be accepted, the old crypto parameters remain in place. • RFC 5027 Security Preconditions for Session Description Protocol Media Streams: o The negotiation of cryptographic parameters when establishing a secure VoIP session may take use of security preconditions, as defined in RFC 5027. The only supported precondition type is "sec". All the precondition attributes ("curr", "des", "conf") are supported as are all the precondition tags (strength, status, and direction). Strength is set as "optional" in the initial INVITE to increase interoperability with other vendors since security preconditions as a concept is published as a draft at this stage. When an offer with preconditions is received, the strength is increased to "mandatory" to prevent clipping effect and ghost calls from happening. Security descriptions may also be negotiated without using security preconditions if the other party does not support the concept.
          Hide
          savage1985 added a comment -

          res_rtp_asterisk.so => (Asterisk RTP Stack)
          Illegal instruction
          while start asterisk on Linux debian121 2.6.21.1-bigsmp #1 SMP Sun Apr 29 04:38:52 CST 2007 i686 GNU/Linux

          but start successfully on another machine
          with info
          res_rtp_asterisk.so => (Asterisk RTP Stack)
          – Loaded PUBLIC key 'iaxtel'
          – Loaded PUBLIC key 'freeworlddialup'

          what is the reason ???

          Show
          savage1985 added a comment - res_rtp_asterisk.so => (Asterisk RTP Stack) Illegal instruction while start asterisk on Linux debian121 2.6.21.1-bigsmp #1 SMP Sun Apr 29 04:38:52 CST 2007 i686 GNU/Linux but start successfully on another machine with info res_rtp_asterisk.so => (Asterisk RTP Stack) – Loaded PUBLIC key 'iaxtel' – Loaded PUBLIC key 'freeworlddialup' what is the reason ???
          Hide
          iscario added a comment -

          Hi,
          I gonna try to set-up srtp (and sip-tls too). Would it be possible to have a short dialplan as example ? and a sip.conf too ? (just the options which are needed to support srtp would be necessary of course)
          Plus, I would like to know what sip client you use (which is able to support srtp) : i read that minisip was named in this page, but the windows installer has vanished from their website... Do you have another one to advice which support both tls and srtp ?
          Thank you.

          Show
          iscario added a comment - Hi, I gonna try to set-up srtp (and sip-tls too). Would it be possible to have a short dialplan as example ? and a sip.conf too ? (just the options which are needed to support srtp would be necessary of course) Plus, I would like to know what sip client you use (which is able to support srtp) : i read that minisip was named in this page, but the windows installer has vanished from their website... Do you have another one to advice which support both tls and srtp ? Thank you.
          Hide
          Digium Subversion added a comment -

          Repository: asterisk
          Revision: 268894

          U trunk/CHANGES
          U trunk/build_tools/menuselect-deps.in
          U trunk/channels/chan_iax2.c
          U trunk/channels/chan_sip.c
          U trunk/channels/sip/dialplan_functions.c
          A trunk/channels/sip/include/sdp_crypto.h
          U trunk/channels/sip/include/sip.h
          A trunk/channels/sip/include/srtp.h
          A trunk/channels/sip/sdp_crypto.c
          A trunk/channels/sip/srtp.c
          U trunk/configure
          U trunk/configure.ac
          U trunk/doc/tex/asterisk.tex
          A trunk/doc/tex/secure-calls.tex
          U trunk/funcs/func_channel.c
          U trunk/include/asterisk/autoconfig.h.in
          U trunk/include/asterisk/frame.h
          U trunk/include/asterisk/global_datastores.h
          A trunk/include/asterisk/res_srtp.h
          U trunk/include/asterisk/rtp_engine.h
          U trunk/main/asterisk.exports.in
          U trunk/main/channel.c
          U trunk/main/global_datastores.c
          U trunk/main/rtp_engine.c
          U trunk/makeopts.in
          U trunk/res/res_rtp_asterisk.c
          A trunk/res/res_srtp.c
          A trunk/res/res_srtp.exports.in

          ------------------------------------------------------------------------
          r268894 | twilson | 2010-06-08 00:29:08 -0500 (Tue, 08 Jun 2010) | 17 lines

          Add SRTP support for Asterisk

          After 5 years in mantis and over a year on reviewboard, SRTP support is finally
          being comitted. This includes generic CHANNEL dialplan functions that work for
          getting the status of whether a call has secure media or signaling as defined
          by the underlying channel technology and for setting whether or not a new
          channel being bridged to a calling channel should have secure signaling or
          media. See doc/tex/secure-calls.tex for examples.

          Original patch by mikma, updated for trunk and revised by me.

          (closes issue ASTERISK-5267)
          Reported by: mikma
          Tested by: twilson, notthematrix, hemanshurpatel

          Review: https://reviewboard.asterisk.org/r/191/

          ------------------------------------------------------------------------

          http://svn.digium.com/view/asterisk?view=rev&revision=268894

          Show
          Digium Subversion added a comment - Repository: asterisk Revision: 268894 U trunk/CHANGES U trunk/build_tools/menuselect-deps.in U trunk/channels/chan_iax2.c U trunk/channels/chan_sip.c U trunk/channels/sip/dialplan_functions.c A trunk/channels/sip/include/sdp_crypto.h U trunk/channels/sip/include/sip.h A trunk/channels/sip/include/srtp.h A trunk/channels/sip/sdp_crypto.c A trunk/channels/sip/srtp.c U trunk/configure U trunk/configure.ac U trunk/doc/tex/asterisk.tex A trunk/doc/tex/secure-calls.tex U trunk/funcs/func_channel.c U trunk/include/asterisk/autoconfig.h.in U trunk/include/asterisk/frame.h U trunk/include/asterisk/global_datastores.h A trunk/include/asterisk/res_srtp.h U trunk/include/asterisk/rtp_engine.h U trunk/main/asterisk.exports.in U trunk/main/channel.c U trunk/main/global_datastores.c U trunk/main/rtp_engine.c U trunk/makeopts.in U trunk/res/res_rtp_asterisk.c A trunk/res/res_srtp.c A trunk/res/res_srtp.exports.in ------------------------------------------------------------------------ r268894 | twilson | 2010-06-08 00:29:08 -0500 (Tue, 08 Jun 2010) | 17 lines Add SRTP support for Asterisk After 5 years in mantis and over a year on reviewboard, SRTP support is finally being comitted. This includes generic CHANNEL dialplan functions that work for getting the status of whether a call has secure media or signaling as defined by the underlying channel technology and for setting whether or not a new channel being bridged to a calling channel should have secure signaling or media. See doc/tex/secure-calls.tex for examples. Original patch by mikma, updated for trunk and revised by me. (closes issue ASTERISK-5267 ) Reported by: mikma Tested by: twilson, notthematrix, hemanshurpatel Review: https://reviewboard.asterisk.org/r/191/ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=268894