On Tue, May 11, 2010 at 2:02 PM, Staffan Kerker <ietf-li...@kerker.se> wrote: > Hi > > I just noticed that sipXbridge seems to remove the crytpo-attributes in SDP > if a call setup with SRTP information > is recieved. The RTP/SAVP profile is still there, but the crypto attributes > are gone...
Since sipxbridge/sipxrelay always relays media and SRTP works end to end, crypto attributes must be stripped; otherwise, the relay will be detected as a man in the middle attack and the call would be dropped. We have not implemented SRTP in sipXrelay and AFIK there are no plans to do so at present as NO ITSP supports it. Ranga > > > --- SDP in INVITE sent to sipXbridge (outgoing call) > > v=0 > o=- 1273600686040637 1273600686040637 IN IP4 192.168.0.101 > s= > c=IN IP4 192.168.0.101 > t=0 0 > m=audio 30248 RTP/SAVP 0 8 9 18 97 98 100 101 > c=x.x.x.x > a=rtpmap:18 G729/8000 > a=fmtp:18 annexb=yes > a=rtpmap:97 SPEEX/8000 > a=rtpmap:98 iLBC/8000 > a=rtpmap:100 SPEEX/16000 > a=rtpmap:101 telephone-event/8000 > a=fmtp:101 0-15 > a=crypto:1 AES_CM_128_HMAC_SHA1_80 > inline:meGWYnx3vHRSgLBhmsTYJIzwFrq0W+XumAtjc5i4 > a=crypto:2 AES_CM_128_HMAC_SHA1_32 > inline:meGWYnx3vHRSgLBhmsTYJIzwFrq0W+XumAtjc5i4 > a=sendrecv > a=candidate:1 1 UDP 659136 192.168.0.101 54168 typ host > a=candidate:1 2 UDP 659134 192.168.0.101 54169 typ host > a=x-sipx-ntap:Xx.x.x.x-x.x.x.x;0 > > > --- SDP in INVITE sent to ITSP from sipXbridge (outgoing call) > > v=0 > o=sipxbridge 9095192105124886549 1 IN IP4 85.24.164.41 > s= > c=IN IP4 x.x.x.x > t=0 0 > m=audio 30500 RTP/SAVP 0 8 9 18 97 98 100 101 > c=IN IP4 x.x.x.x > a=rtpmap:18 G729/8000 > a=fmtp:18 annexb=yes > a=rtpmap:97 SPEEX/8000 > a=rtpmap:98 iLBC/8000 > a=rtpmap:100 SPEEX/16000 > a=rtpmap:101 telephone-event/8000 > a=fmtp:101 0-15 > a=sendrecv > a=candidate:1 1 UDP 659136 192.168.0.101 54168 typ host > a=candidate:1 2 UDP 659134 192.168.0.101 54169 typ host > a=x-sipx-ntap:Xx.x.x.x-x.x.x.x1;0 > > > /Staffan > > > -- > Staffan Kerker > mail/sip/xmpp: staf...@kerker.se > > "There is absolutely no money above the 5th fret..." /Donald "Duck" Dunn > > _______________________________________________ > sipx-users mailing list sipx-users@list.sipfoundry.org > List Archive: http://list.sipfoundry.org/archive/sipx-users > Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users > sipXecs IP PBX -- http://www.sipfoundry.org/ > -- M. Ranganathan _______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
