Asterisk SIP chan_sip2

  * CHAN_SIP2.C: BETA SIP CHANNEL
  *      Modified by Olle E. Johansson, Edvina.net, [email protected]
  *      With help from
  *      * Flavour - testing, suggestions
  *      * PWW - new functions for externip, localnet
  *      * Geertn - Compile time warnings fixes
  *
  *  + Version: See your source file
  *
  *  + Up to date with chan_sip cvs as of <<date>>
  *    - I've not added the new sip debug options of chan_sip yet
  *    - Or the filters to SIP show peers
  *    - Nor the OSP support
  *  + Better support for SRV, we now support the port argument
  *    from the DNS SRV record
  *
  *  + A lot of the features in chan_sip2 are now ported to chan_sip :-)
 *
 *  + WARNING: This version changes a lot of functionality in regards
 *    to authentication, we use the digest auth username to check
 *    credentials for INVITES, not the username@ in the From: URI
 *    INVITEs are authenticated this new way, not REGISTER/SUBSCRIBE
 *    yet
 *    ** This is not heavily tested, please help me test this **
 *      I've been using this in production for a while, it works for me.
 *  + Authentication based on REALMs. If another SIP proxy challenges us
 *    we now check for a username/secret for that realm and use that for
 *    auth.
 *
 *    Format for authentication entry is
 *           auth=user[:secret]@realm
 *    in the [general] section or a [peer]/[user] or [friend]
 *
 *  + Sipdebugfilter function (not yet in CLI )
 *      sipdebugip=<ip address> in [general]
 *      sipdebugport=<port> in [general]
 *      both needs to be defined. Then do "sip debug" in CLI
 *      Headers are shown only for matches
 *      if sipdebugrestrict=yes, no OPTIONS or NOTIFY packets will be shown.
 *      *** The debug filter will change to the one in CVS head ***
 *  + Changed output format of sip debug
 *  + Save full contact data for later invites, which helps SNOM phones
 *    and some NAT middle boxes
 *    Now, we're not guessing or composing Contact: headers, just using
 *    what we get in registration.
 *  + Added manager SIPpeer command
*  + Template support for peers and users in sip.conf
 *    Define template [template-name]
 *    Then use it with "template=name" first in friend/user/peer definition
 *    You need to declare type= within template.
 *  + Template support for autocreatepeer
 *    Template [template-autocreatepeer] will be applied to all auto-
 *    created peers if defined in sip.conf
 *    You can use ACL for autocreatepeer to limit who can create peers
 *  + Templates implemented for users
 *  + Temporary support for MYSQL authentication - will be moved to ODBC
 *      dbname=         Database name
 *      dbpass=         Password
 *      dbhost=         Hostname
 *      dbuser=         Username for DB connection
 *
 *      dbtable=        Table to check           To be implemented *****
 *      dbfield_user=   Field for peer name
 *      dbfield_pwd=    Field for password
 *
 *    Right now defaults to 'subscriber' table, fields 'username' and 'password'
 *
 *    You still need either a peer definition or an autocreatepeer
 *       secret=<db> for database authentication for this user
 *    You need to enable MYSQL_AUTH to get this functionality
 *    The MYSQL_FRIENDS define makes asterisk reades peer definition
 *    from a database as in the original chan_sip.c
 *  + Sends "WWW-authenticate" on REGISTER
 *  + Checks for sdp Content-type: header before processing it
 *  + Trying to add full support for SIP redirects
 *  + Support for symmetricrtp  (symmetricrtp=yes in peer/user or global conf)
 *    This means that we're sending RTP to the port we receive it from
 *    not to where the SDP wants it. Good for clients that use STUN to
 *    expose their outside IP
 *    We still do not support direction in SDP, that's next on the list
 *    when I find a client that uses it.
 *  + Added manager events for SIPregistration based on code from Nicolas Gudino
 *  + Added support for realm based authentication on outbound calls
 *    Add [authentication] section in sip.conf
 *    For each realm, add
 *        auth = <user>:<secret>@<realm>
 *      like
 *        auth = oej@[email protected]
 *
 *      Everytime someone challenges us for auth in the "edvina.net"
 *      realm, that username and password will be used for authentication.
 *  + Added new dialplan application SIPGetHeader
 *  + "Promiscredir" is meaningless in this channel, since we have a
 *     different support of 302 redirects than chan_sip. Let's try this way.
 *
 *

NEW VARIABLES TO USE IN THE DIAL PLAN

• + Added SIPFROMURI variable that shows the callers id
• + Added _SIPADDHEADER that adds a SIP header, any header
• Example of use : setvar(_SIPADDHEADER=X-myheader: ${EXTEN} ${PRIORITY})
• Requires patch http://bugs.digium.com/bug_view_page.php?bug_id=0000928
• to work. This will be made into an application sipaddheader()

CODE FIXES

• + Changed global variable names to global_* to make code easier to read
• + Added many comments inline
• + Changed global variable name “type” to “channeltype” for clarity 🙂
• + Changed a lot of “username”s to better variable/structure names
• With too many different things using the same name, the risk of confusion
• is too high…

NEW CLI COMMANDS/OPTIONS

• + ‘sip show xpeers’ (extended) shows useragent and Contact header
• + ‘sip show active’ (extended) Only shows active peers
• i.e. those who registred or have default IP
• + ‘sip debug <peername>’ also works at CLI
• + ‘sip debug all’ disables filters
• + ‘sip show stats’ show some statistics (work in progress)

MAJOR AUTHENTICATION CHANGES

 *  + We now *always* challenge the UA to authenticate
 *    regardless if the secret is blank or not
 *    This way, we get the auth user name from every client
 *    which is what we should match with [user] or [peer]

SUPPORT FOR OUTBOUND PROXY

• + Support for outbound proxy
• outboundproxy=
• outboundproxyport=
• This is implemented but is not heavily tested.
• If you have configured localnet= networks, these
• will be excluded from outbound proxy.
• You will have to add the outbound proxy as a peer
• Since all the traffic comes from the outbound proxy IP
• Matching on IP address will not work.
• + Support for domain restriction (realm + from: domain)
• Need list of acceptable domains for incoming into default context
• – Started with one default domain “domain=” in sip.conf, global_domain variable
• + Default extension for peer, “extension=” in sip.conf peer definition
• + Improved support for 302 redirects