Commit Graph

21399 Commits

Author SHA1 Message Date
Travis Cross 8513be49de enable inbound-late-negotiation in sample configs
We often tell people to enable this for various reasons; it likely
makes a sensible default.
2012-05-27 05:50:47 +00:00
Travis Cross 73614127fc whitespace cleanup 2012-05-27 05:44:14 +00:00
Travis Cross 9b569ec875 cleanup and consolidate mod_sofia configuration example 2012-05-27 05:23:29 +00:00
Anthony Minessale 03b92c9ba1 FS-4251 --resolve just a silly oversight in the code specific to this use case, thanks 2012-05-25 11:02:56 -05:00
Marc Olivier Chouinard 09bef08b83 FS-4254 --resolve
I've changed the variable name from cc_export to cc_export_vars to be more consistant from the original patch
2012-05-25 13:45:02 -04:00
Anthony Minessale 452e1d8271 FS-4249 --resolve 2012-05-25 07:54:11 -05:00
Marc Olivier Chouinard d7002351d7 mod_voicemail: Make sure vm_fsdb api create the user directory before trying to move file into it 2012-05-25 07:18:55 -04:00
Travis Cross 771819c430 setup-git.sh: set pull.rebase=true
git-pull learned about pull.rebase in git-1.7.9.  This value is used
as a fallback if branch.<name>.rebase isn't found.
2012-05-25 04:46:28 +00:00
Travis Cross 409ff21cc4 debian: improve policy compliance on debian/copyright 2012-05-25 02:45:00 +00:00
Jeff Lenk b0e95fdad6 vs2010 reswig mod_managed 2012-05-24 16:03:56 -05:00
Anthony Minessale 9b6702da67 swigall 2012-05-24 13:53:23 -05:00
Anthony Minessale 9daf595443 swigall 2012-05-24 13:52:53 -05:00
Travis Cross 23f8967c32
add enhanced zrtp passthrough (zrtp passthru) mode
ZRTP passthrough mode allows two ZRTP-capable clients to negotiate an
end-to-end security association through FreeSWITCH.  The clients are
therefore able to be certain that the FreeSWITCH instance mediating
the call cannot eavesdrop on their conversation.

Importantly, this capability is maintained across multiple FreeSWITCH
hops.  If widely deployed, this enables a global network architecture
where two people can speak securely with strong cryptographically
protected authentication and confidentiality.

With this commit we implement a zrtp-passthru mode that handles all
the details of the negotiation intelligently.  This mode can be
selected by setting the boolean parameter inbound-zrtp-passthru in the
sofia profile.  This will also force late-negotiation as it is
essential for correctly negotiating an end-to-end ZRTP security
association.

When an incoming call with a zrtp-hash is received and this mode is
enabled, we find the first audio and the first video zrtp-hash in the
SDP and store them as remote values on this channel.  Once a b-leg is
available, we set the local zrtp-hash values on that channel to the
remote zrtp-hash values collected from the a-leg.

Because zrtp-passthru absolutely requires that the channels negotiate
the same codec, we offer to the b-leg only codecs that the a-leg can
speak.  Once the b-leg accepts a codec, we will force that choice onto
the a-leg.

If the b-leg sends us zrtp-hash values in the signaling, we store
those as remote values on the b-leg and copy them to the local values
on the a-leg.

At this point, each leg has the zrtp-hash values from the other, and
we know we can do ZRTP passthrough mode on the call.  We send the
b-leg's zrtp-hash back to the a-leg in the 200 OK.

We then enable UDPTL mode on the rtp streams for both the audio and
the video so that we don't interfere in the ZRTP negotiation.

If the b-leg fails to return a zrtp-hash in the signaling, we set up a
ZRTP security association with the a-leg ourselves, if we are so
equipped.  Likewise, if the a-leg fails to send a zrtp-hash in the
signaling, we attempt to set up a ZRTP security association ourselves
with the b-leg.

The zrtp-passthru mode can also be enabled in the dialplan by setting
the boolean channel variable zrtp_passthru.  If enabled in this
manner, we can't force late-negotiation, so the user would need to be
sure this is configured.

If ZRTP passthrough mode is not enabled in either manner, this change
should have no effect.

Channel variables for each of the various zrtp-hash values are set,
though it is anticipated that there is no good reason to use them, so
they may be removed without warning.  For checking whether zrtp
passthrough mode was successful, we provide the channel variable
zrtp_passthru_active which is set on both legs.

Though not implemented by this commit, the changes here should make it
more straightforward to add correct zrtp-hash values to the signaling
and verify that correct hello hash values are received when FreeSWITCH
is acting as a terminating leg of the ZRTP security association.

A historical note...

This commit replaces the recently-added sdp_zrtp_hash_string method,
commit 2ab1605a88.

This prior method sets a channel variable from the a-leg's zrtp-hash,
then relies on the dialplan to export this channel variable to the
b-leg, where it is put into the SDP.

While it was a great start and wonderful for testing, this approach
has some drawbacks that motivated the present work:

 * There's no good way to pass the zrtp-hash from the b-leg back to
   the a-leg.  In fact, the implementation seems to send the a-leg's
   zrtp-hash back to the originating client in the 200 OK.  This is
   not correct.

 * To support video, we'd need to have a separate dialplan variable,
   and the dialplan author would need to deal with that explicitly.

 * The API is problematic as it requires the dialplan author to
   understand intricate details of how ZRTP works to implement a
   correct dialplan.  Further, by providing too fine-grained control
   (but at the same time, not enough control) it would limit our
   ability to make the behavior smarter once people started relying on
   this.
2012-05-24 20:39:03 +00:00
Anthony Minessale 8c889aa3a7 add param for scgi to monitor its own server process 2012-05-24 13:07:46 -05:00
Anthony Minessale 1cfd145c17 add support for variable expander to recognize 717 vars as specificly globals 2012-05-24 13:07:26 -05:00
Anthony Minessale 2a257a56a2 default to forking system on non-windows 2012-05-24 13:06:32 -05:00
Travis Cross 879a798ef3 debian: document a better way to build packaging 2012-05-24 17:27:34 +00:00
Travis Cross 1050a2a9f9 debian: version bump 2012-05-24 17:27:28 +00:00
Travis Cross 7b5a9193aa debian: remove support for building sounds and music
The various sounds and music have their own source packages now as
they have their own conventions and version numbers which fortunately
update less frequently than FreeSWITCH itself.
2012-05-24 17:27:23 +00:00
Travis Cross 343bdec239 remove .vcxproj.user file in tree 2012-05-24 08:04:49 +00:00
Travis Cross 56678528f8 gitignore TAGS anywhere in tree 2012-05-24 08:02:00 +00:00
Travis Cross f37b1f0c54 squelch another source of noise ZRTP protection drops 2012-05-24 03:59:09 +00:00
Travis Cross d470ae239c don't log ZRTP protection drops
At least until we can distinguish the meaningful ones from the noise.
2012-05-24 03:52:51 +00:00
Travis Cross 236b927780 lower log level on ZRTP protection drop
When a call is being setup, a couple seconds of audio may be sent
unencrypted.  This seems to trigger the log message here with every
such packet.
2012-05-24 03:50:42 +00:00
Travis Cross 0c1a95f745 fix gcc 4.7.0 warning related to enum type
This amends commit 7bd9efc7f5.

We changed away from using unsigned here because it caused a warning
on Windows.  Using the more specific type, however, is causing a
warning on gcc-4.7 (it notices that the switch statement contains
values not present in the specified enum type).  So we're switching
back to unsigned here while keeping the type casts and hoping that
keeps Windows happy.
2012-05-24 00:48:59 +00:00
Travis Cross 16cf43a68d fix indentation; whitespace 2012-05-23 23:46:21 +00:00
Travis Cross cb58e81c17 add editor variables to mod_sofia.h 2012-05-23 23:44:44 +00:00
Travis Cross 11d4658ac4 debian: package mod_say_fa (Say for Persian) 2012-05-23 23:42:36 +00:00
Anthony Minessale 6df4d7cdc5 FS-4245 --resolve 2012-05-23 13:13:32 -05:00
Anthony Minessale 0a70ea3e09 scgi updates 2012-05-23 13:12:32 -05:00
Anthony Minessale 4b2e7fc1f2 perl update 2012-05-23 11:31:17 -05:00
Anthony Minessale bb3f72cb66 add perl wrapper to scgi 2012-05-23 09:37:54 -05:00
Mathieu Rene a5cd951c53 Update the outgoing channel handler so it passes the "var_event" event down towards rtmp_send_incoming_call since variables passed using originate are not yet in the session before the outgoing channel function returns. 2012-05-22 14:00:39 -04:00
Anthony Minessale fb790bc320 block any inbound messages when queue is full; add debounce for mwi and pres on register; fix missing detach attr on new mode to process reg in new thread 2012-05-22 10:27:23 -05:00
Jeff Lenk 059ef54feb FS-4243 zrtp addition to vs2010 express try this and verify edited by hand 2012-05-22 10:21:14 -05:00
Anthony Minessale a672c99a57 FS-4224 --resolve this was a regression from d6374535 to fix FS-3029, when you find a profile you must release it 2012-05-22 07:59:21 -05:00
Michael Jerris 10617b6153 .gitignore 2012-05-22 00:24:48 -04:00
Anthony Minessale 792b004f36 add mwi-use-reg-callid 2012-05-21 13:55:50 -05:00
Michael Jerris 34df90196c bail out on make mod_modname when core build dies 2012-05-21 15:47:30 -04:00
Ken Rice e120f4b359 --resolve FS-4234 2012-05-21 09:58:02 -05:00
Anthony Minessale b3b2c37526 FS-3983 --resolve 2012-05-18 13:41:16 -05:00
Anthony Minessale bcd7a16290 indent 2012-05-18 10:15:08 -05:00
Jeff Lenk e32b90306e build warnings 2012-05-18 11:08:15 -05:00
Anthony Minessale 718a311a41 FS-4224 --resolve add optional wait param to sofia profile stop [sofia profile foo stop wait] 2012-05-18 07:52:58 -05:00
Anthony Minessale bbdcd33bde performance tweaks for sip message parsing and event system 2012-05-17 20:10:53 -05:00
Anthony Minessale b117a65c50 put a little contention in the reg in new thread feature to prevent endless pileup 2012-05-17 19:57:02 -05:00
Anthony Minessale ad7149bfa6 allow mod loopback bowout to reach out across stacked loopback bridges and remove all of them 2012-05-17 18:57:22 -05:00
Travis Cross 83e090c30d add some casts to make things work with both gcc and VS
This amends commit 7bd9efc7f5.

Using the more explicit typedef causes gcc to warn about the
incompatible types for the reasons noted in the earlier commit
message.  This is why we just used the unsigned type earlier so we
could avoid all this casting.

The things we do to make Windows happy...
2012-05-17 16:40:30 +00:00
Anthony Minessale 92eb698ddc FS-4231 --resolve declinatio mortuus obfirmo! 2012-05-17 11:27:57 -05:00
Jeff Lenk 021f48d02e FS-4169 --resolve compiler warning for solaris 2012-05-17 10:28:51 -05:00