Re: [Freeswitch-users] MPL and licensing
There are no legal uncertainties with respect to patents in GPL v3. You cannot assert them in code you license under it. There was ambiguities in GPL v2 in this respect which some companies liked. I prefer to deal with honest companies rather than those that are anti-social or might choose legal ambush later, so any that feel they cannot accept the greater legal certainty of GPL v3 in this respect are probably companies that I would not choose to have any kind of relationship with anyway ;). I recall there were other technical reasons why some have preferred the MPL, especially over the language of the Lesser GNU General Public License prior to v3. I remember having a lovely discussion about this with Craig Southern a few years back who conceeded that if the language (of the older LGPL) had been corrected for C++ use cases and object oriented practices (inlines, templates, derived classes, etc, all were problems...), he would likely have used it at the time instead of the MPL for OpenH323. Steve Underwood wrote: > paul.degt wrote: >> Yes, that's one of the reasons. Another point is that GPL v.3 is defined >> more clearly from legal perspective, at least from our legal adviser >> point of view. >> > While the legal status of MPL is widely considered to be vague, is GPL 3 > any better? GPL 2 is pretty sound, and has stood the test of time. > However a number of large companies have banned their employees from > working on anything involving GPL 3 code, because of legal > uncertainties, especially with regard to patents. > > Steve > > > ___ > Freeswitch-users mailing list > Freeswitch-users@lists.freeswitch.org > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users > http://www.freeswitch.org begin:vcard fn:David Sugar n:Sugar;David org:GNU Telephony email;internet:dy...@gnutelephony.org tel;work:+1 609 465 5336 url:http://www.gnutelephony.org version:2.1 end:vcard ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] FS + encryption
If I can find funding for travel presently I would. Anthony Minessale wrote: > Hey David! > > You should come by to this year's ClueCon! > We still have some speaking slots left. > > > On Thu, May 7, 2009 at 11:08 AM, David Sugar <mailto:dy...@gnutelephony.org>> wrote: > > SIP TLS will protect the SIP session information with static keys via a > certificate, assuming of course the call is direct between two peers. > It will do nothing for the actual voice channel. > > There is SRTP, which can be used to create a cryptographic context over > RTP. However, the key question is how to exchange the keys. If they > are exchanged in the SIP session, even TLS SIP, then there are > certificates around, and it is possible to acquire a past rtp session > that has been intercepted. > > ZRTP offers a solution for setting up SRTP cryptographic contexts using > distributed and self generated keys (much like gnupg or ssh) that are > exchanged between the peers over RTP itself, and validated through a > fingerprint hash at both ends. It is of course essential to initially > validate the keys in a secure network first, but once that is done, a > man-in-the-middle in the key exchange process will then stick out like a > sore thumb. Furthermore, since each call uses different per-session > generated keys, there is no forward knowledge; breaking one call does > not allow one to also decrypt all past calls. > > Paul wrote: > > Yes, I've seen this http://wiki.freeswitch.org/wiki/SIP_TLS. > > I was just curious if the only way to have true end to end secure > communications with FS would have to be a SIP trunk from one FS > system to another encrypted SIP system on the other with no > POTS/PRI/BRI circuits used in transit. I'm assuming if there's any > POTS/BRI/PRI/DSS circuits used in transit, anyone with a lineman's > handset could still eavesdrop on any conversations. Is this not the > case? > > > > Paul > > > > > > > > > > > > > > ___ > > Freeswitch-users mailing list > > Freeswitch-users@lists.freeswitch.org > <mailto:Freeswitch-users@lists.freeswitch.org> > > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users > > > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users > > http://www.freeswitch.org > > ___ > Freeswitch-users mailing list > Freeswitch-users@lists.freeswitch.org > <mailto:Freeswitch-users@lists.freeswitch.org> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users > http://www.freeswitch.org > > > > > -- > Anthony Minessale II > > FreeSWITCH http://www.freeswitch.org/ > ClueCon http://www.cluecon.com/ > > AIM: anthm > MSN:anthony_miness...@hotmail.com > <mailto:msn%3aanthony_miness...@hotmail.com> > GTALK/JABBER/PAYPAL:anthony.miness...@gmail.com > <mailto:paypal%3aanthony.miness...@gmail.com> > IRC: irc.freenode.net <http://irc.freenode.net> #freeswitch > > FreeSWITCH Developer Conference > sip:8...@conference.freeswitch.org > <mailto:sip%3a...@conference.freeswitch.org> > iax:gu...@conference.freeswitch.org/888 > <http://iax:gu...@conference.freeswitch.org/888> > googletalk:conf+...@conference.freeswitch.org > <mailto:googletalk%3aconf%2b...@conference.freeswitch.org> > pstn:213-799-1400 > > > > > ___ > Freeswitch-users mailing list > Freeswitch-users@lists.freeswitch.org > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users > http://www.freeswitch.org begin:vcard fn:David Sugar n:Sugar;David org:GNU Telephony email;internet:dy...@gnutelephony.org tel;work:+1 609 465 5336 url:http://www.gnutelephony.org version:2.1 end:vcard ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] FS + encryption
SIP TLS will protect the SIP session information with static keys via a certificate, assuming of course the call is direct between two peers. It will do nothing for the actual voice channel. There is SRTP, which can be used to create a cryptographic context over RTP. However, the key question is how to exchange the keys. If they are exchanged in the SIP session, even TLS SIP, then there are certificates around, and it is possible to acquire a past rtp session that has been intercepted. ZRTP offers a solution for setting up SRTP cryptographic contexts using distributed and self generated keys (much like gnupg or ssh) that are exchanged between the peers over RTP itself, and validated through a fingerprint hash at both ends. It is of course essential to initially validate the keys in a secure network first, but once that is done, a man-in-the-middle in the key exchange process will then stick out like a sore thumb. Furthermore, since each call uses different per-session generated keys, there is no forward knowledge; breaking one call does not allow one to also decrypt all past calls. Paul wrote: > Yes, I've seen this http://wiki.freeswitch.org/wiki/SIP_TLS. > I was just curious if the only way to have true end to end secure > communications with FS would have to be a SIP trunk from one FS system to > another encrypted SIP system on the other with no POTS/PRI/BRI circuits used > in transit. I'm assuming if there's any POTS/BRI/PRI/DSS circuits used in > transit, anyone with a lineman's handset could still eavesdrop on any > conversations. Is this not the case? > > Paul > > > > > > > ___ > Freeswitch-users mailing list > Freeswitch-users@lists.freeswitch.org > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users > http://www.freeswitch.org begin:vcard fn:David Sugar n:Sugar;David org:GNU Telephony email;internet:dy...@gnutelephony.org tel;work:+1 609 465 5336 url:http://www.gnutelephony.org version:2.1 end:vcard ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] Sip for Skype - g.729 requirement
They require one use g.729, which is patent encumbered as well as rather computationally intensive. Dan wrote: > You probably already saw this but > > http://www.skypeforsip.com/ > > Skype is supporting sip for business users. > > > > > ___ > Freeswitch-users mailing list > Freeswitch-users@lists.freeswitch.org > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users > http://www.freeswitch.org begin:vcard fn:David Sugar n:Sugar;David org:GNU Telephony email;internet:dy...@gnutelephony.org tel;work:+1 609 465 5336 url:http://www.gnutelephony.org version:2.1 end:vcard ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] SIP server? PBX vs. softswitch?
Where this is distinguished, it is not directly at the level that user's experience the end result. In the case of what is called a "softswitch", one answer is found in organizations like the ISC (International Softswitch Consortium) and vendors who built products around their architecture recommendations. These systems tend to be very complex and componetized, where basic functionality operates in self-contained components that then interact with the whole through defined open standards and network protocols, such as SIP. The primary reason for ISC-style architectures is a result of proprietary development, where code and internal operations cannot be shared or modified. Hence, by breaking up functionality into subcomponents, it is possible to replace a component subsystem as a whole while retaining the interfaces. A perfect example is call forwarding. In a "traditional" proprietary (ISC-model) softswitch, call forwarding would be an entirely separate self-contained proprietary "feature" server interacting over SIP. If someone wants to create a different call forwarding behavior, one slips in an alternate server. By contrast, it is far easier in an open source/free software PBX to simply modify the feature code that implements call forwarding directly to create new and specialized versions of that feature. Hence, you do not find or have need for micro-services for tiny features in pbx software that originated as open source and free software or that did not follow the path of proprietary architectures, such as Bayonne, Asterisk, or FreeSwitch. A perfect example of a traditional "softswitch" architecture is SipX, which originated as a proprietary VoIP pbx codebase. However, even at this point, such distinctions I think are still somewhat artificial, as Brian suggests. What does distinguish architectures that may be relevant to end users is whether a IP-PBX solution operates as a B2BUA (back-to-back user agent) or not. A pure B2BUA solution is one where all media as well as signalling goes directly through the central PBX switch. A perfect example of this is how Asterisk traditionally works. This makes it very easy to adapt and connect multi-protocol endpoints, to convert media formats for endpoints who do not have common codecs, etc, since all media endpoints talk to the switch rather than each other. However, since all media goes through a central point, the scalability of such systems can often become "compute-bound", and extra latency is induced. A "pure" network solution by contrast has all media connect directly peer to peer by the user agent endpoints, and the "pbx" really only handles and coordinate independently operating endpoints through signalling. This often requires separate servers for gateways to the PSTN or other protocols. But it does offer better latency and scalability, and the ability to provide end-to-end media security, such as when using ZRTP. This difference, between B2BUA and non-B2BUA, is I think far more relevant today than traditional classifications such as IP-PBX, softswitch, "SIP Server", etc. Brian West wrote: > It depends on how you look at it... most will say there is no > difference... but last I checked you usually don't run heavy apps on a > softswitch. > > FreeSWITCH can be everything from softphone to softswitch and everything > in between including PBX. The default config comes configured as a PBX. > > /b > > On Feb 28, 2009, at 9:47 AM, Fred wrote: > >> Hello >> >> Even though I successfully set up an Asterisk voice server, I'm no >> telecom expert, and would like some clarification about the following >> things: >> - What is an SIP server as opposed to a IP PBX? >> - What is the different between a PBX like Asterisk and a softswitch? >> >> Thank you. > > > > > ___ > Freeswitch-users mailing list > Freeswitch-users@lists.freeswitch.org > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users > http://www.freeswitch.org begin:vcard fn:David Sugar n:Sugar;David org:GNU Telephony email;internet:dy...@gnutelephony.org tel;work:+1 609 465 5336 url:http://www.gnutelephony.org version:2.1 end:vcard ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] Freeswitch optimization as a registrar
Well, there are worse virus's one could be infected with, I suppose ;). Actually recently I had been surviving focusing on secure VoIP and wireless... Giovanni Maruzzelli wrote: > Hi David, > > very happy to read you on the FS list! > > We met in 2001 at OSCon San Diego, where you "infected" me with the > telephony virus :-). > > You did great work with the Bayonne project, really breaking new ground. > > Thank you, > > happy hacking, > > happy new year > > > > Sincerely, > > Giovanni Maruzzelli > = > Company : Celliax > Website: www.celliax.org > Address : via Pierlombardo 9, 20135 Milano > Country/Territory : Italy > Business Email: gmaruzz at celliax dot org > Cell : 39-347-2665618 > Fax : 39-02-87390039 > > > > > On Tue, Dec 30, 2008 at 2:07 PM, David Sugar wrote: >> You actually have potentially ~1320 effective "SIP transactions" per >> second to support 4 registered ua's with a 60s refresh. This is >> because the ua sends it's registration refresh unauthenticated. The >> registrar will then push back an authentication challenge request so the >> ua can prove its identity, at which point the ua then repeats the same >> transaction, but with authentication credentials attached. >> >> rod wrote: >>> Hi all, >>> >>> I know that freeswitch has not been designed as a pure sip >>> proxy/registrar, but I'm wondering how many subscribers could be handled >>> by FS. >>> >>> I setup the following test environment: >>> - Kamailio 1.4.2 as the registrar >>> - all invite requests are flowing through FS, even for a call >>> between 2 registered subscribers. Many reasons for this: the calls CDR >>> are centralized in the same format, I can easily add a billing ID to a >>> call, proceed to recording, set the caller as anonymous if requested... >>> - FS is used also as a SBC >>> >>> There is still a lot of work to do, mainly on the call forwarding >>> feature and this is why I'm wondering (simply out of curiosity) what >>> could have been achieved using only FS (easier to setup when only one >>> equipment is involved :) ). >>> >>> I'd like to register 40 000 subscribers (if each user registers every >>> 60s, you have approx 670 registration per second, this setup is working >>> on Kamailio). >>> >>> I did the following to increase FS performance regarding registration: >>> - put the directory containing users in a RAMDISK >>> - put the db directory in a RAMDISK >>> >>> with this I was able to reach 190 registration per second (50 without >>> the ramdisk) but for one SIP account, not too useful :p (for your >>> information I see a huge improvement when switching from 1.0.1 phoenix: >>> 150cps to FS svn 105xx: 190) >>> When trying with 25000 SIP accounts, I got no more than 30cps. >>> >>> Then I tried to use the odbc mysql for registration, using this I was >>> able to achieve 50cps. The mysql DB is not in a RAMDISK. For all these >>> tests, the presence support has been disabled. >>> >>> As the IO performance seems to be a bottleneck, I'd like to know if >>> there is a way to store the registration in memory only without database >>> persistency. >>> >>> This thread is there only to share tips, not to complain about FS poor >>> performance as a SIP registrar when compared to Kamailio. If I compare >>> FS to a commercial SBC I'm using in production, I have to say that FS is >>> really a great piece of software (lacks only statistics module, snmp, >>> and heartbeat redundancy for failover). >>> >>> regards, >>> rod >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> ___ >>> Freeswitch-users mailing list >>> Freeswitch-users@lists.freeswitch.org >>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users >>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users >>> http://www.freeswitch.org >> ___ >> Freeswitch-users mailing list >> Freeswitch-users@lists.freeswitch.org >> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users >> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users >> http://www.freeswitch.org >> >> > > ___ > Freeswitch-users mailing list > Freeswitch-users@lists.freeswitch.org > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users > http://www.freeswitch.org begin:vcard fn:David Sugar n:Sugar;David org:GNU Telephony email;internet:dy...@gnutelephony.org tel;work:+1 609 465 5336 url:http://www.gnutelephony.org version:2.1 end:vcard ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] Freeswitch optimization as a registrar - a cute hack
I actually have found an alternate approach that we optionally use in sipwitch. Basically, sipwitch can be set to recognize a "trusted" subnet, and automatically accepts a refresh from any actively registered ua on the trusted subnet(s) without requesting an authentication challenge, so long as the ua refreshes from the same sip port and ip address it originally registered and authenticated from. It will also do the same for invites and other otherwise "authentication challenge" sip requests that can originate from ua's on the trusted subnet(s). Using this option of course kills any ability to proxy register multiple ua's through another sip server, although this can be solved by recognizing certain id's as explicitly not trustable. However, for most common configurations and use cases, it works very well and does effectively halve sip network traffic :). Michael Giagnocavo wrote: >>> This is >>> because the ua sends it's registration refresh unauthenticated. The >>> registrar will then push back an authentication challenge request so the >>> ua can prove its identity, at which point the ua then repeats the same >>> transaction, but with authentication credentials attached. >> Why does it do that? Every time I do a debug, I see the first request >> denied as unauthorized and then it always comes right back and gets > > Welcome to HTTP Digest authentication. The request has to get challenged to > get a new nonce from the server (so as to mitigate replay attacks). > > You could TLS and auth off of the client cert, except few devices support > that, and you'd have the "overhead" of TCP (which is like bad or something). > > -Michael > > ___ > Freeswitch-users mailing list > Freeswitch-users@lists.freeswitch.org > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users > http://www.freeswitch.org begin:vcard fn:David Sugar n:Sugar;David org:GNU Telephony email;internet:dy...@gnutelephony.org tel;work:+1 609 465 5336 url:http://www.gnutelephony.org version:2.1 end:vcard ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
Re: [Freeswitch-users] Freeswitch optimization as a registrar
You actually have potentially ~1320 effective "SIP transactions" per second to support 4 registered ua's with a 60s refresh. This is because the ua sends it's registration refresh unauthenticated. The registrar will then push back an authentication challenge request so the ua can prove its identity, at which point the ua then repeats the same transaction, but with authentication credentials attached. rod wrote: > Hi all, > > I know that freeswitch has not been designed as a pure sip > proxy/registrar, but I'm wondering how many subscribers could be handled > by FS. > > I setup the following test environment: > - Kamailio 1.4.2 as the registrar > - all invite requests are flowing through FS, even for a call > between 2 registered subscribers. Many reasons for this: the calls CDR > are centralized in the same format, I can easily add a billing ID to a > call, proceed to recording, set the caller as anonymous if requested... > - FS is used also as a SBC > > There is still a lot of work to do, mainly on the call forwarding > feature and this is why I'm wondering (simply out of curiosity) what > could have been achieved using only FS (easier to setup when only one > equipment is involved :) ). > > I'd like to register 40 000 subscribers (if each user registers every > 60s, you have approx 670 registration per second, this setup is working > on Kamailio). > > I did the following to increase FS performance regarding registration: > - put the directory containing users in a RAMDISK > - put the db directory in a RAMDISK > > with this I was able to reach 190 registration per second (50 without > the ramdisk) but for one SIP account, not too useful :p (for your > information I see a huge improvement when switching from 1.0.1 phoenix: > 150cps to FS svn 105xx: 190) > When trying with 25000 SIP accounts, I got no more than 30cps. > > Then I tried to use the odbc mysql for registration, using this I was > able to achieve 50cps. The mysql DB is not in a RAMDISK. For all these > tests, the presence support has been disabled. > > As the IO performance seems to be a bottleneck, I'd like to know if > there is a way to store the registration in memory only without database > persistency. > > This thread is there only to share tips, not to complain about FS poor > performance as a SIP registrar when compared to Kamailio. If I compare > FS to a commercial SBC I'm using in production, I have to say that FS is > really a great piece of software (lacks only statistics module, snmp, > and heartbeat redundancy for failover). > > regards, > rod > > > > > > > > > > > ___ > Freeswitch-users mailing list > Freeswitch-users@lists.freeswitch.org > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users > http://www.freeswitch.org begin:vcard fn:David Sugar n:Sugar;David org:GNU Telephony email;internet:dy...@gnutelephony.org tel;work:+1 609 465 5336 url:http://www.gnutelephony.org version:2.1 end:vcard ___ Freeswitch-users mailing list Freeswitch-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org