Asterisk SIP chan_sip2
Created by: oej,Last modification on Fri 03 of Feb, 2006 [09:11 UTC]
Placeholder...
(:arrow:) See http://bugs.digium.com/bug_view_page.php?bug_id=0000759
CHAN_SIP2 DEVELOPMENT IS NO LONGER... Look forward to chan_sip3 somewhere in the future :-)
CHANNEL_LIBS+=chan_sip2.so
* CHAN_SIP2.C: BETA SIP CHANNEL
* Modified by Olle E. Johansson, Edvina.net, oej@edvina.net
* With help from
* * Flavour - testing, suggestions
* * PWW - new functions for externip, localnet
* * Geertn - Compile time warnings fixes
*
* + Version: See your source file
*
* + Up to date with chan_sip cvs as of <<date>>
* - I've not added the new sip debug options of chan_sip yet
* - Or the filters to SIP show peers
* - Nor the OSP support
* + Better support for SRV, we now support the port argument
* from the DNS SRV record
*
* + A lot of the features in chan_sip2 are now ported to chan_sip :-)
*
* + WARNING: This version changes a lot of functionality in regards
* to authentication, we use the digest auth username to check
* credentials for INVITES, not the username@ in the From: URI
* INVITEs are authenticated this new way, not REGISTER/SUBSCRIBE
* yet
* ** This is not heavily tested, please help me test this **
* I've been using this in production for a while, it works for me.
* + Authentication based on REALMs. If another SIP proxy challenges us
* we now check for a username/secret for that realm and use that for
* auth.
*
* Format for authentication entry is
* auth=user:secret@realm
* in thegeneral section or a peer/user or friend
*
* + Sipdebugfilter function (not yet in CLI )
* sipdebugip=<ip address> ingeneral
* sipdebugport=<port> ingeneral
* both needs to be defined. Then do "sip debug" in CLI
* Headers are shown only for matches
* if sipdebugrestrict=yes, no OPTIONS or NOTIFY packets will be shown.
* *** The debug filter will change to the one in CVS head ***
* + Changed output format of sip debug
* + Save full contact data for later invites, which helps SNOM phones
* and some NAT middle boxes
* Now, we're not guessing or composing Contact: headers, just using
* what we get in registration.
* + Added manager SIPpeer command
template-name
* Then use it with "template=name" first in friend/user/peer definition
* You need to declare type= within template.
* + Template support for autocreatepeer
* Templatetemplate-autocreatepeer will be applied to all auto-
* created peers if defined in sip.conf
* You can use ACL for autocreatepeer to limit who can create peers
* + Templates implemented for users
* + Temporary support for MYSQL authentication - will be moved to ODBC
* dbname= Database name
* dbpass= Password
* dbhost= Hostname
* dbuser= Username for DB connection
*
* dbtable= Table to check To be implemented *****
* dbfield_user= Field for peer name
* dbfield_pwd= Field for password
*
* Right now defaults to 'subscriber' table, fields 'username' and 'password'
*
* You still need either a peer definition or an autocreatepeer
* secret=<db> for database authentication for this user
* You need to enable MYSQL_AUTH to get this functionality
* The MYSQL_FRIENDS define makes asterisk reades peer definition
* from a database as in the original chan_sip.c
* + Sends "WWW-authenticate" on REGISTER
* + Checks for sdp Content-type: header before processing it
* + Trying to add full support for SIP redirects
* + Support for symmetricrtp (symmetricrtp=yes in peer/user or global conf)
* This means that we're sending RTP to the port we receive it from
* not to where the SDP wants it. Good for clients that use STUN to
* expose their outside IP
* We still do not support direction in SDP, that's next on the list
* when I find a client that uses it.
* + Added manager events for SIPregistration based on code from Nicolas Gudino
* + Added support for realm based authentication on outbound calls
* Addauthentication section in sip.conf
* For each realm, add
* auth = <user>:<secret>@<realm>
* like
* auth = oej@mypassword@edvina.net
*
* Everytime someone challenges us for auth in the "edvina.net"
* realm, that username and password will be used for authentication.
* + Added new dialplan application SIPGetHeader
* + "Promiscredir" is meaningless in this channel, since we have a
* different support of 302 redirects than chan_sip. Let's try this way.
*
*
!!NEW VARIABLES TO USE IN THE DIAL PLAN
* + Added SIPFROMURI variable that shows the callers id
* + Added _SIPADDHEADER that adds a SIP header, any header
* Example of use : setvar(_SIPADDHEADER=X-myheader: ${EXTEN} ${PRIORITY})
* Requires patch http://bugs.digium.com/bug_view_page.php?bug_id=0000928
* to work. This will be made into an application sipaddheader()
*
* + Added many comments inline
* + Changed global variable name "type" to "channeltype" for clarity :-)
* + Changed a lot of "username"s to better variable/structure names
* With too many different things using the same name, the risk of confusion
* is too high...
*
* + 'sip show active' (extended) Only shows active peers
* i.e. those who registred or have default IP
* + 'sip debug <peername>' also works at CLI
* + 'sip debug all' disables filters
* + 'sip show stats' show some statistics (work in progress)
*
* regardless if the secret is blank or not
* This way, we get the auth user name from every client
* which is what we should match withuser or peer
*
* outboundproxy=
* outboundproxyport=
* This is implemented but is not heavily tested.
* If you have configured localnet= networks, these
* will be excluded from outbound proxy.
* You will have to add the outbound proxy as a peer
* Since all the traffic comes from the outbound proxy IP
* Matching on IP address will not work.
*
* + Support for domain restriction (realm + from: domain)
* Need list of acceptable domains for incoming into default context
* - Started with one default domain "domain=" in sip.conf, global_domain variable
* + Default extension for peer, "extension=" in sip.conf peer definition
* + Improved support for 302 redirects
/Olle
(:arrow:) See http://bugs.digium.com/bug_view_page.php?bug_id=0000759
CHAN_SIP2 DEVELOPMENT IS NO LONGER... Look forward to chan_sip3 somewhere in the future :-)
How to install
- Add chan_sip2 to the channels/Makefile
CHANNEL_LIBS+=chan_sip2.so
- Rename the file downloaded to chan_sip2.c and place it in the channels directory
- Open the source code in an editor (even if you're not a hacker) and READ THE FIRST PART. That's the documentation for chan_sip2.
- make / make install
- Change your modules.conf
- Add "noload=chan_sip.so" if you want to run chan_sip2
- If you want to switch back, add "noload=chan_sip2.so"
- Restart asterisk
From the source (READ THE LATEST IN THE SOURCE FILE YOU DOWNLOAD!)
* CHAN_SIP2.C: BETA SIP CHANNEL
* Modified by Olle E. Johansson, Edvina.net, oej@edvina.net
* With help from
* * Flavour - testing, suggestions
* * PWW - new functions for externip, localnet
* * Geertn - Compile time warnings fixes
*
* + Version: See your source file
*
* + Up to date with chan_sip cvs as of <<date>>
* - I've not added the new sip debug options of chan_sip yet
* - Or the filters to SIP show peers
* - Nor the OSP support
* + Better support for SRV, we now support the port argument
* from the DNS SRV record
*
* + A lot of the features in chan_sip2 are now ported to chan_sip :-)
*
* + WARNING: This version changes a lot of functionality in regards
* to authentication, we use the digest auth username to check
* credentials for INVITES, not the username@ in the From: URI
* INVITEs are authenticated this new way, not REGISTER/SUBSCRIBE
* yet
* ** This is not heavily tested, please help me test this **
* I've been using this in production for a while, it works for me.
* + Authentication based on REALMs. If another SIP proxy challenges us
* we now check for a username/secret for that realm and use that for
* auth.
*
* Format for authentication entry is
* auth=user
* in the
*
* + Sipdebugfilter function (not yet in CLI )
* sipdebugip=<ip address> in
* sipdebugport=<port> in
* both needs to be defined. Then do "sip debug" in CLI
* Headers are shown only for matches
* if sipdebugrestrict=yes, no OPTIONS or NOTIFY packets will be shown.
* *** The debug filter will change to the one in CVS head ***
* + Changed output format of sip debug
* + Save full contact data for later invites, which helps SNOM phones
* and some NAT middle boxes
* Now, we're not guessing or composing Contact: headers, just using
* what we get in registration.
* + Added manager SIPpeer command
- + Template support for peers and users in sip.conf
* Then use it with "template=name" first in friend/user/peer definition
* You need to declare type= within template.
* + Template support for autocreatepeer
* Template
* created peers if defined in sip.conf
* You can use ACL for autocreatepeer to limit who can create peers
* + Templates implemented for users
* + Temporary support for MYSQL authentication - will be moved to ODBC
* dbname= Database name
* dbpass= Password
* dbhost= Hostname
* dbuser= Username for DB connection
*
* dbtable= Table to check To be implemented *****
* dbfield_user= Field for peer name
* dbfield_pwd= Field for password
*
* Right now defaults to 'subscriber' table, fields 'username' and 'password'
*
* You still need either a peer definition or an autocreatepeer
* secret=<db> for database authentication for this user
* You need to enable MYSQL_AUTH to get this functionality
* The MYSQL_FRIENDS define makes asterisk reades peer definition
* from a database as in the original chan_sip.c
* + Sends "WWW-authenticate" on REGISTER
* + Checks for sdp Content-type: header before processing it
* + Trying to add full support for SIP redirects
* + Support for symmetricrtp (symmetricrtp=yes in peer/user or global conf)
* This means that we're sending RTP to the port we receive it from
* not to where the SDP wants it. Good for clients that use STUN to
* expose their outside IP
* We still do not support direction in SDP, that's next on the list
* when I find a client that uses it.
* + Added manager events for SIPregistration based on code from Nicolas Gudino
* + Added support for realm based authentication on outbound calls
* Add
* For each realm, add
* auth = <user>:<secret>@<realm>
* like
* auth = oej@mypassword@edvina.net
*
* Everytime someone challenges us for auth in the "edvina.net"
* realm, that username and password will be used for authentication.
* + Added new dialplan application SIPGetHeader
* + "Promiscredir" is meaningless in this channel, since we have a
* different support of 302 redirects than chan_sip. Let's try this way.
*
*
!!NEW VARIABLES TO USE IN THE DIAL PLAN
* + Added SIPFROMURI variable that shows the callers id
* + Added _SIPADDHEADER that adds a SIP header, any header
* Example of use : setvar(_SIPADDHEADER=X-myheader: ${EXTEN} ${PRIORITY})
* Requires patch http://bugs.digium.com/bug_view_page.php?bug_id=0000928
* to work. This will be made into an application sipaddheader()
*
CODE FIXES
* + Changed global variable names to global_* to make code easier to read* + Added many comments inline
* + Changed global variable name "type" to "channeltype" for clarity :-)
* + Changed a lot of "username"s to better variable/structure names
* With too many different things using the same name, the risk of confusion
* is too high...
*
NEW CLI COMMANDS/OPTIONS
* + 'sip show xpeers' (extended) shows useragent and Contact header* + 'sip show active' (extended) Only shows active peers
* i.e. those who registred or have default IP
* + 'sip debug <peername>' also works at CLI
* + 'sip debug all' disables filters
* + 'sip show stats' show some statistics (work in progress)
*
MAJOR AUTHENTICATION CHANGES
* + We now *always* challenge the UA to authenticate* regardless if the secret is blank or not
* This way, we get the auth user name from every client
* which is what we should match with
*
SUPPORT FOR OUTBOUND PROXY
* + Support for outbound proxy* outboundproxy=
* outboundproxyport=
* This is implemented but is not heavily tested.
* If you have configured localnet= networks, these
* will be excluded from outbound proxy.
* You will have to add the outbound proxy as a peer
* Since all the traffic comes from the outbound proxy IP
* Matching on IP address will not work.
*
* + Support for domain restriction (realm + from: domain)
* Need list of acceptable domains for incoming into default context
* - Started with one default domain "domain=" in sip.conf, global_domain variable
* + Default extension for peer, "extension=" in sip.conf peer definition
* + Improved support for 302 redirects
/Olle
Comments