<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
I haven't checked the code for a definitive answer, but, iirc, tcp
can indeed have some limitations in accepting anything. <br>
<br>
This is because TCP is a stream protocol, so the reading function
needs to know when to split the traffic in messages. With SIP is
done via a lightweight parser that searches as it reads for
Content-Length. Then once it encounters double \r\n it assumes the
end if headers and expects to read the body of the size specified by
CL value.<br>
<br>
For http, it relies either on CL or, if core parameter
tcp_accept_no_cl=yes, can handle as well chunked body which carries
the size with each chunk, last one being of size 0 (iirc). The tcp
reader can handle also MSRP or STUN messages.<br>
<br>
But a random sequence of bytes may be rejected, as it cannot decide
what is the marker for end of a message.<br>
<br>
The variants I could see now:<br>
1) encapsulate the message as body of http (or sip with random
values for caller, callee, etc.. -- they are going to be discarded
anyhow, but perhaps they will get blocked by provider, if that was
the concern, http being safer from this point of view)<br>
2) try with custom message format that has only the header
Content-Length: NUMBER followed by \r\n\r\n and the encrypted
message as body<br>
3) think of a simple generic framing format (e.g., netstring) to
send over TCP the encrypted messages and patch the C code in
Kamailio tcp_read.c to get the message out of the frame<br>
<br>
Cheers,<br>
Daniel<br>
<br>
<div class="moz-cite-prefix">On 20/09/14 19:12, Muhammad Shahzad
wrote:<br>
</div>
<blockquote
cite="mid:CAFZQphwxr6TbVV98tF5bGAcfi7822POMGGhadP4_x77XZw+hDg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>There is something wrong with your encryption setup, the
event_route [network:msg] gets raw messages that was either
just received from the network interface or the final message
that is about to be sent over network socket. The SIP parsing
is done AFTER message has been processed by this route. So, if
SIP parsing fails then it means the message was not correctly
decrypted in event_route [network:msg].<br>
<br>
</div>
Thank you.<br>
<div><br>
<br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Sat, Sep 20, 2014 at 3:25 PM, Rahul
MathuR <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:rahul.ultimate@gmail.com" target="_blank">rahul.ultimate@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hello Gents,
<div><br>
</div>
<div>Thanks for guiding me in the correct direction.</div>
<div><br>
</div>
<div>However, it so came out that when encrypted packets
come to kamailio over transport 'TCP' then it gets
rejected from tcp_read.c even before coming to corex
module.</div>
<div>I guess, maybe it is getting rejected due to header
parsing failure.</div>
<div><br>
</div>
<div>Any pointers here would be very helpful !!</div>
<div><br>
</div>
<div>Thanks one again..</div>
<div><br>
</div>
<div><br>
</div>
</div>
<div class="HOEnZb">
<div class="h5">
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Sep 17, 2014 at 12:44
PM, Daniel-Constantin Mierla <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:miconda@gmail.com" target="_blank">miconda@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Hello,<br>
<br>
the corex has a function to tell if the message
is received by kamailio or sent out:<br>
<br>
- <a moz-do-not-send="true"
href="http://kamailio.org/docs/modules/devel/modules/corex.html#idp29928"
target="_blank">http://kamailio.org/docs/modules/devel/modules/corex.html#idp29928</a><br>
<br>
If you interconnect with other servers/gateways
when you don't what to do special encoding, then
you need to test src ip or look ar r-uri/dst
uri.<br>
<br>
Cheers,<br>
Daniel
<div>
<div><br>
<br>
<div>On 17/09/14 04:24, Rahul MathuR wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi,
<div><br>
</div>
<div>Did you get some free cycles to
look at it ?</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Sep 17,
2014 at 12:12 AM, Rahul MathuR <span
dir="ltr"><<a
moz-do-not-send="true"
href="mailto:rahul.ultimate@gmail.com"
target="_blank">rahul.ultimate@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div dir="ltr">Thanks for replying !
<div><br>
</div>
<div>But how to check whether a
particular message received by
Kamailio was sent by UAC or SIP
Server ?</div>
<div>Also, on the same lines - how
to know whether a particular
message about to be send from
Kamailio is bound to UAC or SIP
Server ?</div>
</div>
<div class="gmail_extra">
<div>
<div><br>
<div class="gmail_quote">On
Tue, Sep 16, 2014 at 10:51
PM, Muhammad Shahzad <span
dir="ltr"><<a
moz-do-not-send="true"
href="mailto:shaheryarkh@gmail.com"
target="_blank">shaheryarkh@gmail.com</a>></span>
wrote:<br>
<blockquote
class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div dir="ltr">
<div>
<div>Hi,<br>
<br>
</div>
The network io
intercept feature
basically allows
kamailio script writer
to do whatever s/he
may want to do with
raw SIP packets (that
are just received by
kamailio or about to
be sent out by
kamailio), e.g.
encryption,
compression or any
final touches to sip
message before it is
processed by kamailio
core. That is why it
is purposely kept
abstract and any
particular use or
implementation is left
to the script writer.<br>
<br>
</div>
<div>In your case the
encryption /
decryption code is in
C/C++, you can try one
of the followings,<br>
<br>
</div>
<div>1. Writeup a C/C++
program that receives
outgoing SIP message
as text (and some
other parameters, e.g.
encryption key) in
input arguments and
returns the encrypted
message in event_route
[ network:msg ] and
vice versa (for
incoming messages).
You can call this
program directly from
kamailio.cfg script.<br>
<br>
</div>
<div>2. Writeup e.g. a
PERL wrapper for your
encryption /
decryption C/C++ code
and call it using
kamailio app_perl
module within
event_route [
network:msg ] as
demonstrated in this
example,<br>
<br>
<a
moz-do-not-send="true"
href="http://kamailio.org/docs/modules/devel/modules/corex.html#idp125704"
target="_blank">http://kamailio.org/docs/modules/devel/modules/corex.html#idp125704</a><br>
<br>
</div>
<div>You can also use
any other kamailio
language bind of you
choice as well, e.g.
Python, LUA, JAVA and
so on.<br>
</div>
<div>
<div><br>
</div>
<div>I would recommend
the second option,
as it has less
processing overhead
for kamailio.<br>
</div>
<div><br>
<div>Thank you.<br>
</div>
<div><br>
<br>
</div>
</div>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">
<div>
<div>On Tue, Sep 16,
2014 at 6:09 PM,
Rahul MathuR <span
dir="ltr"><<a
moz-do-not-send="true" href="mailto:rahul.ultimate@gmail.com"
target="_blank">rahul.ultimate@gmail.com</a>></span>
wrote:<br>
</div>
</div>
<blockquote
class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">
<div>
<div>
<div dir="ltr">Hello,
<div><br>
</div>
<div>I was
going through
the new
features and
stumbled upon
this new one -
developed by
Mohd. Shahzad
Shafi.</div>
<div>As
already
mentioned on
the wiki about
this module, I
intend to use
it for my
custom
security layer
between UACs
and SIP Proxy
(Kamailio) but
the issue is -
the custom
security layer
(encryption/decryption
code) is
written in C
and should
precisely be
applied for
the messages
between UAC
and Proxy.</div>
<div><br>
</div>
<div>Is there
a way I can
achieve this
using Corex
module since
it does
intercept the
network I/O
messages ?</div>
<div><br>
</div>
<div>Any help
here would be
really
appreciated.<span><font
color="#888888"><br clear="all">
<div><br>
</div>
-- <br>
Warm Regds.<br>
MathuRahul<br>
</font></span></div>
</div>
<br>
</div>
</div>
_______________________________________________<br>
sr-dev mailing list<br>
<a
moz-do-not-send="true"
href="mailto:sr-dev@lists.sip-router.org" target="_blank">sr-dev@lists.sip-router.org</a><br>
<a
moz-do-not-send="true"
href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev"
target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
_______________________________________________<br>
sr-dev mailing list<br>
<a moz-do-not-send="true"
href="mailto:sr-dev@lists.sip-router.org" target="_blank">sr-dev@lists.sip-router.org</a><br>
<a moz-do-not-send="true"
href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev"
target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
</div>
</div>
<span><font color="#888888">-- <br>
Warm Regds.<br>
MathuRahul<br>
</font></span></div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
Warm Regds.<br>
MathuRahul<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
sr-dev mailing list
<a moz-do-not-send="true" href="mailto:sr-dev@lists.sip-router.org" target="_blank">sr-dev@lists.sip-router.org</a>
<a moz-do-not-send="true" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev" target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev</a>
</pre>
</blockquote>
<br>
</div>
</div>
<pre cols="72"><span><font color="#888888">--
Daniel-Constantin Mierla
</font></span><span><a moz-do-not-send="true" href="http://twitter.com/#%21/miconda" target="_blank">http://twitter.com/#!/miconda</a> - <a moz-do-not-send="true" href="http://www.linkedin.com/in/miconda" target="_blank">http://www.linkedin.com/in/miconda</a>
Next Kamailio Advanced Trainings 2014 - <a moz-do-not-send="true" href="http://www.asipto.com" target="_blank">http://www.asipto.com</a>
Sep 22-25, Berlin, Germany</span></pre>
</div>
<br>
_______________________________________________<br>
sr-dev mailing list<br>
<a moz-do-not-send="true"
href="mailto:sr-dev@lists.sip-router.org"
target="_blank">sr-dev@lists.sip-router.org</a><br>
<a moz-do-not-send="true"
href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev"
target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
Warm Regds.<br>
MathuRahul<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
sr-dev mailing list<br>
<a moz-do-not-send="true"
href="mailto:sr-dev@lists.sip-router.org">sr-dev@lists.sip-router.org</a><br>
<a moz-do-not-send="true"
href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev"
target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla
<a class="moz-txt-link-freetext" href="http://twitter.com/#!/miconda">http://twitter.com/#!/miconda</a> - <a class="moz-txt-link-freetext" href="http://www.linkedin.com/in/miconda">http://www.linkedin.com/in/miconda</a>
Next Kamailio Advanced Trainings 2014 - <a class="moz-txt-link-freetext" href="http://www.asipto.com">http://www.asipto.com</a>
Sep 22-25, Berlin, Germany</pre>
</body>
</html>