Asterisk SIP chan_sip2

• CHAN_SIP2.C: BETA SIP CHANNEL
• Modified by Olle E. Johansson, Edvina.net, oej@edvina.net
• With help from
• * Flavour - testing, suggestions
• * PWW - new functions for externip, localnet
• * Geertn - Compile time warnings fixes
• + Version: See your source file
• + Up to date with chan_sip cvs as of <<date>>
• - I've not added the new sip debug options of chan_sip yet
• - Or the filters to SIP show peers
• - Nor the OSP support
• + Better support for SRV, we now support the port argument
• from the DNS SRV record
• + A lot of the features in chan_sip2 are now ported to chan_sip :-)
• + WARNING: This version changes a lot of functionality in regards
• to authentication, we use the digest auth username to check
• credentials for INVITES, not the username@ in the From: URI
• INVITEs are authenticated this new way, not REGISTER/SUBSCRIBE
• yet
• ** This is not heavily tested, please help me test this **
• I've been using this in production for a while, it works for me.
• + Authentication based on REALMs. If another SIP proxy challenges us
• we now check for a username/secret for that realm and use that for
• auth.
• Format for authentication entry is
• auth=user:secret@realm
• in the general section or a peer/user or friend
• + Sipdebugfilter function (not yet in CLI )
• sipdebugip=<ip address> in general
• sipdebugport=<port> in general
• both needs to be defined. Then do "sip debug" in CLI
• Headers are shown only for matches
• if sipdebugrestrict=yes, no OPTIONS or NOTIFY packets will be shown.
• *** The debug filter will change to the one in CVS head ***
• + Changed output format of sip debug
• + Save full contact data for later invites, which helps SNOM phones
• and some NAT middle boxes
• Now, we're not guessing or composing Contact: headers, just using
• what we get in registration.
• + Added manager SIPpeer command
• + Template support for peers and users in sip.conf
• Define template template-name
• Then use it with "template=name" first in friend/user/peer definition
• You need to declare type= within template.
• + Template support for autocreatepeer
• Template template-autocreatepeer will be applied to all auto-
• created peers if defined in sip.conf
• You can use ACL for autocreatepeer to limit who can create peers
• + Templates implemented for users
• + Temporary support for MYSQL authentication - will be moved to ODBC
• dbname= Database name
• dbpass= Password
• dbhost= Hostname
• dbuser= Username for DB connection
• dbtable= Table to check To be implemented *****
• dbfield_user= Field for peer name
• dbfield_pwd= Field for password
• Right now defaults to 'subscriber' table, fields 'username' and 'password'
• You still need either a peer definition or an autocreatepeer
• secret=<db> for database authentication for this user
• You need to enable MYSQL_AUTH to get this functionality
• The MYSQL_FRIENDS define makes asterisk reades peer definition
• from a database as in the original chan_sip.c
• + Sends "WWW-authenticate" on REGISTER
• + Checks for sdp Content-type: header before processing it
• + Trying to add full support for SIP redirects
• + Support for symmetricrtp (symmetricrtp=yes in peer/user or global conf)
• This means that we're sending RTP to the port we receive it from
• not to where the SDP wants it. Good for clients that use STUN to
• expose their outside IP
• We still do not support direction in SDP, that's next on the list
• when I find a client that uses it.
• + Added manager events for SIPregistration based on code from Nicolas Gudino
• + Added support for realm based authentication on outbound calls
• Add authentication section in sip.conf
• For each realm, add
• auth = <user>:<secret>@<realm>
• like
• auth = oej@mypassword@edvina.net
• Everytime someone challenges us for auth in the "edvina.net"
• realm, that username and password will be used for authentication.
• + Added new dialplan application SIPGetHeader
• + "Promiscredir" is meaningless in this channel, since we have a
• different support of 302 redirects than chan_sip. Let's try this way.

NEW VARIABLES TO USE IN THE DIAL PLAN

• + Added SIPFROMURI variable that shows the callers id
• + Added _SIPADDHEADER that adds a SIP header, any header
• Example of use : setvar(_SIPADDHEADER=X-myheader: ${EXTEN} ${PRIORITY})
• Requires patch http://bugs.digium.com/bug_view_page.php?bug_id=0000928
• to work. This will be made into an application sipaddheader()

CODE FIXES

• + Changed global variable names to global_* to make code easier to read
• + Added many comments inline
• + Changed global variable name "type" to "channeltype" for clarity :-)
• + Changed a lot of "username"s to better variable/structure names
• With too many different things using the same name, the risk of confusion
• is too high...

NEW CLI COMMANDS/OPTIONS

• + 'sip show xpeers' (extended) shows useragent and Contact header
• + 'sip show active' (extended) Only shows active peers
• i.e. those who registred or have default IP
• + 'sip debug <peername>' also works at CLI
• + 'sip debug all' disables filters
• + 'sip show stats' show some statistics (work in progress)

MAJOR AUTHENTICATION CHANGES

• + We now *always* challenge the UA to authenticate
• regardless if the secret is blank or not
• This way, we get the auth user name from every client
• which is what we should match with user or peer

SUPPORT FOR OUTBOUND PROXY

• + Support for outbound proxy
• outboundproxy=
• outboundproxyport=
• This is implemented but is not heavily tested.
• If you have configured localnet= networks, these
• will be excluded from outbound proxy.
• You will have to add the outbound proxy as a peer
• Since all the traffic comes from the outbound proxy IP
• Matching on IP address will not work.
• + Support for domain restriction (realm + from: domain)
• Need list of acceptable domains for incoming into default context
• - Started with one default domain "domain=" in sip.conf, global_domain variable
• + Default extension for peer, "extension=" in sip.conf peer definition
• + Improved support for 302 redirects