MKI support for SRTP has been tested on calls to/from
Telnyx's Skype for Business from/to local extension registered to FS
and between Skype for Business clients connected to FreeSWITCH.
SfB -> FreeSWITCH -> User 1004
SRTP RTP
with
MKI
SfB <- FreeSWITCH <- User 1004
SRTP RTP
SfB <-> FreeSWITCH <-> SfB
SRTP/MKI SRTP/MKI
Channel variable "rtp_secure_media_mki" was added to drive offering
of MKI on outbound SRTP from FS.
How to use rtp_secure_media_mki
Set rtp_secure_media_mki=true to offer MKI for outgoing SRTP (if SRTP is used) in inbound call.
Export rtp_secure_media=true to offer MKI for outgoing SRTP (if SRTP is used) on outbound call.
... or set it in the codec string for bridged calls
<action application="set" data="rtp_secure_media_mki=true"/>
<action application="export" data="rtp_secure_media_mki=true"/>
<action application="bridge" data="[absolute_codec_string=^^:PCMU:PCMA:G729,rtp_secure_media=true,rtp_secure_media_mki=true]sofia/external/+12404373253@169.55.36.24:5060;transport=tls"/>
EXAMPLES
1. Set example
57 <extension name="telnyx_test_1_2">
58 <condition field="destination_number" expression="^(0012404373253)$">
59 <action application="set" data="rtp_secure_media=true"/>
60 <action application="set" data="rtp_secure_media_mki=true"/>
61 <action application="answer"/>
62 <action application="bridge" data="user/1004@${domain_name}"/>
63 </condition>
64 </extension>
Description: SRTP will be used on outbound leg in incoming call due to rtp_secure_media=true
set and MKI will be offered in SDP. SRTP will not be used on a bridged call to extension 1004.
2. Export example
75 <extension name="to_skype_for_business">
76 <condition field="destination_number" expression="^(840531022)$">
77 <action application="set" data="rtp_secure_media=optional"/>
78 <action application="export" data="rtp_secure_media_mki=true"/>
79 <action application="bridge" data="[absolute_codec_string=^^:PCMU:PCMA:G729,rtp_secure_media=true]sofia/external/+12404373728@169.55.36.24:5060;transport=tls"/>
80 </condition>
81 </extension>
Description: SRTP on inbound call has been set to optional therefore MKI will be used
on outbound SRTP in this call if SRTP is used at all. SRTP will be used on a bridged call
due to rtp_secure_media=true set in codec string and MKI will be used in offering SDP.
3. Bridging between Skype for Business clients: set
97 <extension name="S4B_fs_S4B">
98 <condition field="destination_number" expression="^(0012404373254)$">
99 <action application="set" data="rtp_secure_media=true"/>
100 <action application="set" data="rtp_secure_media_mki=true"/>
101 <action application="bridge" data="[absolute_codec_string=^^:PCMU:PCMA:G729,rtp_secure_media=true]sofia/external/+12404373253@169.55.36.$
102 </condition>
103 </extension>
Result:
2017-11-27 19:00:26.977704 [NOTICE] switch_ivr_originate.c:527 Ring Ready sofia/external/+12404373728@telnyxlab.com!
2017-11-27 19:00:32.657687 [NOTICE] switch_core_media.c:1534 Skipping MKI due to empty index
2017-11-27 19:00:32.657687 [INFO] switch_rtp.c:4079 Activating audio Secure RTP SEND
2017-11-27 19:00:32.657687 [INFO] switch_rtp.c:4057 Activating audio Secure RTP RECV
2017-11-27 19:00:32.657687 [NOTICE] sofia.c:8419 Channel [sofia/external/%2B12404373253@169.55.36.24:5060] has been answered
2017-11-27 19:00:35.317702 [INFO] switch_rtp.c:4079 Activating audio Secure RTP SEND (with MKI)
2017-11-27 19:00:35.317702 [INFO] switch_rtp.c:4057 Activating audio Secure RTP RECV (with MKI)
2017-11-27 19:00:35.317702 [NOTICE] sofia_media.c:92 Pre-Answer sofia/external/+12404373728@telnyxlab.com!
Description: SRTP with MKI is used on outbound leg of inbound call (due to use on inbound leg of this call and "set").
Standard SRTP is used in both legs of outbound call, because rtp_secure_media_mki wasn't exported
or set in codec string for the outbound call.
4. Bridging between Skype for Business clients: Set and export
97 <extension name="S4B_fs_S4B">
98 <condition field="destination_number" expression="^(0012404373254)$">
99 <action application="set" data="rtp_secure_media=true"/>
100 <action application="set" data="rtp_secure_media_mki=true"/>
101 <action application="export" data="rtp_secure_media_mki=true"/>
102 <action application="bridge" data="[absolute_codec_string=^^:PCMU:PCMA:G729,rtp_secure_media=true]sofia/external/+12404373253@169.55.36.24:5060;transport=tls"/>
103 </condition>
104 </extension>
Result:
2017-11-27 18:51:29.017689 [NOTICE] switch_ivr_originate.c:527 Ring Ready sofia/external/+12404373728@telnyxlab.com!
2017-11-27 18:51:35.097729 [INFO] switch_rtp.c:4079 Activating audio Secure RTP SEND (with MKI)
2017-11-27 18:51:35.097729 [INFO] switch_rtp.c:4057 Activating audio Secure RTP RECV (with MKI)
2017-11-27 18:51:35.097729 [NOTICE] sofia.c:8419 Channel [sofia/external/%2B12404373253@169.55.36.24:5060] has been answered
2017-11-27 18:51:37.797706 [INFO] switch_rtp.c:4079 Activating audio Secure RTP SEND (with MKI)
2017-11-27 18:51:37.797706 [INFO] switch_rtp.c:4057 Activating audio Secure RTP RECV (with MKI)
Description: Connecting Skype For Business client to Skype for Business client.
Send SRTP with MKI in both outbound streams:
- for inbound call: MKI was offered in incoming call and enabled for outbound leg with "set"
- for outbound call: MKI was enabled with "export"
5. Other examples
Setup to use SRTP with MKI only on the inbound SRTP on incoming call from Telnyx SfB
Tested dialing 0012404373253 from SfB to FS, leg SfB <-> FS uses SRTP with MKI
on inbound SRTP only
57 <extension name="telnyx_test_1_2">
58 <condition field="destination_number" expression="^(0012404373253)$">
59 <action application="set" data="rtp_secure_media=true"/>
61 <action application="answer"/>
62 <action application="bridge" data="user/1004@${domain_name}"/>
63 </condition>
64 </extension>
Result:
2017-11-23 20:44:35.406026 [INFO] mod_dialplan_xml.c:637 Processing Test02 <+12404373728>->0012404373253 in context public
2017-11-23 20:44:38.566022 [INFO] switch_rtp.c:4107 Activating audio Secure RTP SEND
2017-11-23 20:44:38.566022 [INFO] switch_rtp.c:4085 Activating audio Secure RTP RECV (with MKI)
Setup to send and receive SRTP with MKI on incoming call from Telnyx SfB
Tested dialing 0012404373253 from SfB to FS, leg SfB <-> FS uses SRTP with MKI
in both directions
57 <extension name="telnyx_test_1_2">
58 <condition field="destination_number" expression="^(0012404373253)$">
59 <action application="set" data="rtp_secure_media=true"/>
60 <action application="set" data="rtp_secure_media_mki"/>
61 <action application="answer"/>
62 <action application="bridge" data="user/1004@${domain_name}"/>
63 </condition>
64 </extension>
Result:
2017-11-23 20:42:06.026034 [INFO] mod_dialplan_xml.c:637 Processing Test02 <+12404373728>->0012404373253 in context public
2017-11-23 20:42:09.526034 [INFO] switch_rtp.c:4107 Activating audio Secure RTP SEND (with MKI)
2017-11-23 20:42:09.526034 [INFO] switch_rtp.c:4085 Activating audio Secure RTP RECV (with MKI)
Setup to offer MKI on outbound call to extension 1001 (X-Lite -> FS -> linphone)
Tested dialing 0012404373253 from user 1004, leg FS <-> 1001 uses SRTP with MKI
782 <extension name="telnyx_test_1_2">
783 <condition field="destination_number" expression="^(0012404373253)$">
784 <action application="export" data="rtp_secure_media_outbound=true"/>
785 <action application="export" data="rtp_secure_media_mki"/>
786 <action application="answer"/>
797 <action application="bridge" data="user/1001@${domain_name}"/>
798 </condition>
799 </extension>
Result:
2017-11-23 20:23:26.266034 [INFO] mod_dialplan_xml.c:637 Processing 1000 windows <1000>->0012404373253 in context default
2017-11-23 20:23:26.366035 [INFO] switch_rtp.c:4107 Activating audio Secure RTP SEND (with MKI)
2017-11-23 20:23:26.366035 [INFO] switch_rtp.c:4085 Activating audio Secure RTP RECV
SfB sometimes offers crypto with LIFETIME but no MKI index, e.g.:
a=crypto:5 AES_CM_128_HMAC_SHA1_80 inline:9OtFWi17H9E8ywlm0iazemjAqXu2RhJ3DZyo+VLJ|2^31
Defaulting to no-mki SRTP in case key material doesn't contain MKI index.
Various functions exposed via lua do not check their parameters for null
causing freeswitch to segfault.
This change adds checking for null parameters and returns an error
instead of segfaulting.
VARIABLE: bypass_media_sdp_filter
Can be set globally or per leg on the inbound side of a bypass_media bridge.
VALID FILTERS:
remove(): Removes the specified codec if it exists in the SDP.
only(): Removes all codecs besides the one specified (providing that it exists in the sdp) (will not remove telephone-event))
EXAMPLE 1 (remove everything leaving only g729):
<action application="set" data="bypass_media_sdp_filter=only(g729)"/>
<action application="set" data="bypass_media=true"/>
<action application="bridge" data="sofia/internal/1238@conference.freeswitch.org"/>
EXAMPLE 2 (remove everything leaving only g729 and also remove dtmf):
<action application="set" data="bypass_media_sdp_filter=only(g729)|remove(telephone-event)"/>
<action application="set" data="bypass_media=true"/>
<action application="bridge" data="sofia/internal/1238@conference.freeswitch.org"/>
EXAMPLE 3 (remove alaw and speex):
<action application="set" data="bypass_media_sdp_filter=remove(pcma)|remove(speex)"/>
<action application="set" data="bypass_media=true"/>
<action application="bridge" data="sofia/internal/1238@conference.freeswitch.org"/>
The `switch_split_date` and `switch_split_time` functions only set as
many variables as they believe exist values in the input string.
Since we didn't have defaults assigned we would read undefined stack
memory if the input string didn't contain e.g. an hour.
With this commit, we use 1970 if no year is present, January if no
month is present, the first day of the month if none is given, and
zero for each of a missing hour, minute, or second.
We're moving the variable declarations down to the smallest possible
scope (a good idea in general) so we can address the use of undefined
memory by the function in a later commit.
* commit '1affff9db4aaa29ab66f9f5db76f575eeabd86b5':
Fixed a clang-3.5 missing-prototype warning and added doxygen documentation for switch_channel_set_presence_data_vals. #doxygen
Fixed dead code.
Fixed trucation of value warning.
Removed a useless called to abs.
Removed an autological-pointer-compare from src/switch_utils.c.
Fixed trucation of value warning.
Anthony Minessale