(enable with sofia profile param rfc-7989=true)
FS-11557 [mod_sofia, mod_conference, core] Add support for re-INVITE when setting Session-ID in conference after call has been answered.
FS-11557 [mod_conference] Missed a spot where APP_SESSION_ID needed to be set.
FS-11557: set session id for outbound (initial requests)
FS-11557: [mod_sofia] rename vars and functions "session id" -> "session uuid" to reflect the real meaning for rfc7989.
FS-11557: fix bug - colliding chan var names (session_id)
FS-11557: check nil session uuid
FS-11557 : replace CS_NEW with CS_INIT for when originating calls, generate new uuid.
FS-11557: handle inbound (UAS mode, one leg)
FS-11557: generic param handling and filter via new sip profile option "rfc-7989-filter", eg:
<param name="rfc-7989-filter" value="logme, sec-agree, privacy" />
FS-11557: renamed chan vars (reflect meaning only for RFC7989)
FS-11557: fallback to RFC7329 - "old" Session-ID
FS-11557: distinguish between request and replies when we read the header
(to provide compatibility with old RFC7329 - section 11 of RFC7989)
FS-11557: change more vars/consts names
FS-11557: move compat flag on the channel.
FS-11557: add Session-ID header in REFER
FS-11557: needs extra condition on received initial request
FS-11557: handle NOTIFY
FS-11557: support answer() in dialplan - it was sending back a 200 OK with Session-ID invalid, eg: A=NIL;B=X
FS-11557: add Session-ID for NOTIFY (more cases)
FS-11557: handle reply to SIP INFO (add Session-ID header)
FS-11557: handle case of BYE after REFER, when the channel is destroyed already (save the uuid on sofia_private)
FS-11557: handle more SIP reply cases (eg: 202 Accepted , more negative replies)
FS-11557: handle ACK (UAS role)
FS-11557: added "rfc-7989-force-old" profile param - to enforce old rfc7329 for the UAC role. default off.
enabled with "<param name="rfc-7989-force-old" value="true" />".
FS-11557: fallback to rfc7329 fixes.
FS-11557: set flag CF_RFC7329_COMPAT on partner channel where needed
FS-11557: fix crash (mod_conference)
Specifically:
* Send the a=ice-lite SDP attribute as a session-level attribute
* Suppress sending STUN connectivity checks when enabled
* Make sure FS is the controlled entity if it is declaring ICE-lite
* commit '720128b61ed0fba0c45ba7caa0d3d7a4bde2ffb4':
FS-11310 #resolve add more params for conference record stop event
FS-11310 #resolve add optional switch_core_file_pre_close() to stop writing to file and possible to get file size related params
MKI support for SRTP has been tested on calls to/from
Telnyx's Skype for Business from/to local extension registered to FS
and between Skype for Business clients connected to FreeSWITCH.
SfB -> FreeSWITCH -> User 1004
SRTP RTP
with
MKI
SfB <- FreeSWITCH <- User 1004
SRTP RTP
SfB <-> FreeSWITCH <-> SfB
SRTP/MKI SRTP/MKI
Channel variable "rtp_secure_media_mki" was added to drive offering
of MKI on outbound SRTP from FS.
How to use rtp_secure_media_mki
Set rtp_secure_media_mki=true to offer MKI for outgoing SRTP (if SRTP is used) in inbound call.
Export rtp_secure_media=true to offer MKI for outgoing SRTP (if SRTP is used) on outbound call.
... or set it in the codec string for bridged calls
<action application="set" data="rtp_secure_media_mki=true"/>
<action application="export" data="rtp_secure_media_mki=true"/>
<action application="bridge" data="[absolute_codec_string=^^:PCMU:PCMA:G729,rtp_secure_media=true,rtp_secure_media_mki=true]sofia/external/+12404373253@169.55.36.24:5060;transport=tls"/>
EXAMPLES
1. Set example
57 <extension name="telnyx_test_1_2">
58 <condition field="destination_number" expression="^(0012404373253)$">
59 <action application="set" data="rtp_secure_media=true"/>
60 <action application="set" data="rtp_secure_media_mki=true"/>
61 <action application="answer"/>
62 <action application="bridge" data="user/1004@${domain_name}"/>
63 </condition>
64 </extension>
Description: SRTP will be used on outbound leg in incoming call due to rtp_secure_media=true
set and MKI will be offered in SDP. SRTP will not be used on a bridged call to extension 1004.
2. Export example
75 <extension name="to_skype_for_business">
76 <condition field="destination_number" expression="^(840531022)$">
77 <action application="set" data="rtp_secure_media=optional"/>
78 <action application="export" data="rtp_secure_media_mki=true"/>
79 <action application="bridge" data="[absolute_codec_string=^^:PCMU:PCMA:G729,rtp_secure_media=true]sofia/external/+12404373728@169.55.36.24:5060;transport=tls"/>
80 </condition>
81 </extension>
Description: SRTP on inbound call has been set to optional therefore MKI will be used
on outbound SRTP in this call if SRTP is used at all. SRTP will be used on a bridged call
due to rtp_secure_media=true set in codec string and MKI will be used in offering SDP.
3. Bridging between Skype for Business clients: set
97 <extension name="S4B_fs_S4B">
98 <condition field="destination_number" expression="^(0012404373254)$">
99 <action application="set" data="rtp_secure_media=true"/>
100 <action application="set" data="rtp_secure_media_mki=true"/>
101 <action application="bridge" data="[absolute_codec_string=^^:PCMU:PCMA:G729,rtp_secure_media=true]sofia/external/+12404373253@169.55.36.$
102 </condition>
103 </extension>
Result:
2017-11-27 19:00:26.977704 [NOTICE] switch_ivr_originate.c:527 Ring Ready sofia/external/+12404373728@telnyxlab.com!
2017-11-27 19:00:32.657687 [NOTICE] switch_core_media.c:1534 Skipping MKI due to empty index
2017-11-27 19:00:32.657687 [INFO] switch_rtp.c:4079 Activating audio Secure RTP SEND
2017-11-27 19:00:32.657687 [INFO] switch_rtp.c:4057 Activating audio Secure RTP RECV
2017-11-27 19:00:32.657687 [NOTICE] sofia.c:8419 Channel [sofia/external/%2B12404373253@169.55.36.24:5060] has been answered
2017-11-27 19:00:35.317702 [INFO] switch_rtp.c:4079 Activating audio Secure RTP SEND (with MKI)
2017-11-27 19:00:35.317702 [INFO] switch_rtp.c:4057 Activating audio Secure RTP RECV (with MKI)
2017-11-27 19:00:35.317702 [NOTICE] sofia_media.c:92 Pre-Answer sofia/external/+12404373728@telnyxlab.com!
Description: SRTP with MKI is used on outbound leg of inbound call (due to use on inbound leg of this call and "set").
Standard SRTP is used in both legs of outbound call, because rtp_secure_media_mki wasn't exported
or set in codec string for the outbound call.
4. Bridging between Skype for Business clients: Set and export
97 <extension name="S4B_fs_S4B">
98 <condition field="destination_number" expression="^(0012404373254)$">
99 <action application="set" data="rtp_secure_media=true"/>
100 <action application="set" data="rtp_secure_media_mki=true"/>
101 <action application="export" data="rtp_secure_media_mki=true"/>
102 <action application="bridge" data="[absolute_codec_string=^^:PCMU:PCMA:G729,rtp_secure_media=true]sofia/external/+12404373253@169.55.36.24:5060;transport=tls"/>
103 </condition>
104 </extension>
Result:
2017-11-27 18:51:29.017689 [NOTICE] switch_ivr_originate.c:527 Ring Ready sofia/external/+12404373728@telnyxlab.com!
2017-11-27 18:51:35.097729 [INFO] switch_rtp.c:4079 Activating audio Secure RTP SEND (with MKI)
2017-11-27 18:51:35.097729 [INFO] switch_rtp.c:4057 Activating audio Secure RTP RECV (with MKI)
2017-11-27 18:51:35.097729 [NOTICE] sofia.c:8419 Channel [sofia/external/%2B12404373253@169.55.36.24:5060] has been answered
2017-11-27 18:51:37.797706 [INFO] switch_rtp.c:4079 Activating audio Secure RTP SEND (with MKI)
2017-11-27 18:51:37.797706 [INFO] switch_rtp.c:4057 Activating audio Secure RTP RECV (with MKI)
Description: Connecting Skype For Business client to Skype for Business client.
Send SRTP with MKI in both outbound streams:
- for inbound call: MKI was offered in incoming call and enabled for outbound leg with "set"
- for outbound call: MKI was enabled with "export"
5. Other examples
Setup to use SRTP with MKI only on the inbound SRTP on incoming call from Telnyx SfB
Tested dialing 0012404373253 from SfB to FS, leg SfB <-> FS uses SRTP with MKI
on inbound SRTP only
57 <extension name="telnyx_test_1_2">
58 <condition field="destination_number" expression="^(0012404373253)$">
59 <action application="set" data="rtp_secure_media=true"/>
61 <action application="answer"/>
62 <action application="bridge" data="user/1004@${domain_name}"/>
63 </condition>
64 </extension>
Result:
2017-11-23 20:44:35.406026 [INFO] mod_dialplan_xml.c:637 Processing Test02 <+12404373728>->0012404373253 in context public
2017-11-23 20:44:38.566022 [INFO] switch_rtp.c:4107 Activating audio Secure RTP SEND
2017-11-23 20:44:38.566022 [INFO] switch_rtp.c:4085 Activating audio Secure RTP RECV (with MKI)
Setup to send and receive SRTP with MKI on incoming call from Telnyx SfB
Tested dialing 0012404373253 from SfB to FS, leg SfB <-> FS uses SRTP with MKI
in both directions
57 <extension name="telnyx_test_1_2">
58 <condition field="destination_number" expression="^(0012404373253)$">
59 <action application="set" data="rtp_secure_media=true"/>
60 <action application="set" data="rtp_secure_media_mki"/>
61 <action application="answer"/>
62 <action application="bridge" data="user/1004@${domain_name}"/>
63 </condition>
64 </extension>
Result:
2017-11-23 20:42:06.026034 [INFO] mod_dialplan_xml.c:637 Processing Test02 <+12404373728>->0012404373253 in context public
2017-11-23 20:42:09.526034 [INFO] switch_rtp.c:4107 Activating audio Secure RTP SEND (with MKI)
2017-11-23 20:42:09.526034 [INFO] switch_rtp.c:4085 Activating audio Secure RTP RECV (with MKI)
Setup to offer MKI on outbound call to extension 1001 (X-Lite -> FS -> linphone)
Tested dialing 0012404373253 from user 1004, leg FS <-> 1001 uses SRTP with MKI
782 <extension name="telnyx_test_1_2">
783 <condition field="destination_number" expression="^(0012404373253)$">
784 <action application="export" data="rtp_secure_media_outbound=true"/>
785 <action application="export" data="rtp_secure_media_mki"/>
786 <action application="answer"/>
797 <action application="bridge" data="user/1001@${domain_name}"/>
798 </condition>
799 </extension>
Result:
2017-11-23 20:23:26.266034 [INFO] mod_dialplan_xml.c:637 Processing 1000 windows <1000>->0012404373253 in context default
2017-11-23 20:23:26.366035 [INFO] switch_rtp.c:4107 Activating audio Secure RTP SEND (with MKI)
2017-11-23 20:23:26.366035 [INFO] switch_rtp.c:4085 Activating audio Secure RTP RECV
SfB sometimes offers crypto with LIFETIME but no MKI index, e.g.:
a=crypto:5 AES_CM_128_HMAC_SHA1_80 inline:9OtFWi17H9E8ywlm0iazemjAqXu2RhJ3DZyo+VLJ|2^31
Defaulting to no-mki SRTP in case key material doesn't contain MKI index.
This commit causes a segfault when parsing destinations that are |
delimited. This patchset needs to be tested further before inclusion
into the tree.
This reverts commit b11955db0b.
This allows new endpoints (outbound channels) to be called, after an originate
is already in progress, where any of the originally called endpoints need to
continue to ring.
One use case would be to convert a 302 Moved Temporarily destination to SIP
endpoint(s) and then to add the new endpoints to an in-progress originate,
without cancelling any of the other (already ringing) outbound channels.