Hello Vlad, I tested and confirmed it is OK now. Thanks. Regards, Takeshi
On Wed, Aug 7, 2013 at 4:52 AM, Vlad Paiu <vladp...@opensips.org> wrote: > Hello, > > What are you thinking about more exactly here in terms of security ? > > The OpenSIPS worker processes that listen for BIN replicated packages do > not perform any IP authentication by themselves, so if you leave those UDP > ports open from the outside, you are leaving yourself exposed to outside > attackers coming in and either deleting some of the existing dialogs ( by > sending you some binary packages that destroy an ongoing dialog ) or > filling up your shared memory ( by sending you 'new dialog' binary packages > ). > > Currently, it's left to the OpenSIPS administrator to properly configure > the firewall so that the binary interface listeners ( the ones specified by > bin_listen=127.0.0.1:9999 ) are only open for the other OpenSIPS instance > IPs. > > Best Regards, > > Vlad Paiu > OpenSIPS Developer > http://www.opensips-solutions.**com <http://www.opensips-solutions.com> > > > On 08/01/2013 07:58 PM, Nick Khamis wrote: > >> What needs to be considered in terms of security? >> >> Nick. >> >> On 7/31/13, Bogdan-Andrei Iancu <bog...@opensips.org> wrote: >> >>> Hi Ryan, >>> >>> This has nothing to do with dialog pining or accounting - the new >>> interface allows OpenSIPS to replicate the dialog state to another >>> OpenSIPS instance. If I misunderstood you, please rephrase :) >>> >>> Regards, >>> >>> Bogdan-Andrei Iancu >>> OpenSIPS Founder and Developer >>> http://www.opensips-solutions.**com <http://www.opensips-solutions.com> >>> >>> >>> On 07/29/2013 08:20 PM, Ryan Bullock wrote: >>> >>>> This is pretty exciting! >>>> >>>> What are the plans for how this will work with features such as dialog >>>> pinging and accounting? >>>> >>>> Regards, >>>> >>>> Ryan >>>> >>>> >>>> On Mon, Jul 29, 2013 at 9:46 AM, Bogdan-Andrei Iancu >>>> <bog...@opensips.org <mailto:bog...@opensips.org>> wrote: >>>> >>>> In long term we plan to use the BIN interface to replicate even >>>> more internal data between multiple OpenSIPS instances, like doing >>>> registration replication (instead of doing it from script via >>>> SIP). Theoretically it may be used for replicating even >>>> transaction state between 2 OpenSIPS instances - imagine having a >>>> call ringing on instance A and being accepted on instance B (after >>>> a failover) - 0% losses ! >>>> >>>> Aside realtime data replication, the BIN interface is to be used >>>> also for exchanging any other type of information between OpenSIPS >>>> instances, like federating multiple instances. >>>> >>>> The main advantages of the BIN interface over the MI interface : >>>> - BIN is binary encoded so much faster (as performance) >>>> - BIN interface has both sender and receiver in OpenSIPS (MI >>>> has only the receiver) >>>> - MI is for external usage, while BIN is internal >>>> (opensips2opensips) >>>> >>>> Regards, >>>> >>>> Bogdan-Andrei Iancu >>>> OpenSIPS Founder and Developer >>>> http://www.opensips-solutions.**com<http://www.opensips-solutions.com> >>>> >>>> >>>> On 07/29/2013 06:22 PM, Liviu Chircu wrote: >>>> >>>>> Hello all, >>>>> >>>>> OpenSIPS just got better with a /new core interface/ and a /new >>>>> failover mechanism/! >>>>> >>>>> The purpose of the new *Binary Internal Interface *is to offer a >>>>> fast and efficient communication channel between OpenSIPS >>>>> instances. OpenSIPS modules can now use this core interface to >>>>> send/receive packets with specific information. A common usage >>>>> case for this feature would be data replication between a primary >>>>> instance and a backup one. >>>>> >>>>> This is especially useful in scenarios with OpenSIPS instances >>>>> which handle large amounts of concurrent calls, so that failover >>>>> through a database backend is not feasible anymore due to the >>>>> significant time required in order to load the needed tables. >>>>> >>>>> As an example of using the interface, the dialog module now >>>>> offers the possibility of *replicating dialogs* to another >>>>> instance. The script writer may now configure a set of proxies >>>>> which will receive dialog-related events: /creation/, >>>>> /confirmation/ and /deletion/, all in /realtime/. These messages >>>>> are compact and they are sent over UDP. The dialog module now >>>>> also exports several new statistics which show the total >>>>> sent/received replication packets. >>>>> >>>>> Configuring UDP listeners for the new interface is trivial and >>>>> explained in the OpenSIPS manuals [1]. >>>>> >>>>> [1]: >>>>> http://www.opensips.org/**Documentation/Interface-Binary<http://www.opensips.org/Documentation/Interface-Binary> >>>>> >>>>> Best regards, >>>>> -- >>>>> Liviu Chircu >>>>> OpenSIPS Developer >>>>> >>>>> http://www.opensips-solutions.**com<http://www.opensips-solutions.com> >>>>> >>>>> >>>>> >>>>> ______________________________**_________________ >>>>> Users mailing list >>>>> Users@lists.opensips.org >>>>> <mailto:Users@lists.opensips.**org<Users@lists.opensips.org> >>>>> > >>>>> >>>>> http://lists.opensips.org/cgi-**bin/mailman/listinfo/users<http://lists.opensips.org/cgi-bin/mailman/listinfo/users> >>>>> >>>> ______________________________**_________________ >>>> Devel mailing list >>>> de...@lists.opensips.org >>>> <mailto:Devel@lists.opensips.**org<de...@lists.opensips.org> >>>> > >>>> >>>> http://lists.opensips.org/cgi-**bin/mailman/listinfo/devel<http://lists.opensips.org/cgi-bin/mailman/listinfo/devel> >>>> >>>> >>>> >>>> ______________________________**_________________ >>>> Devel mailing list >>>> de...@lists.opensips.org >>>> http://lists.opensips.org/cgi-**bin/mailman/listinfo/devel<http://lists.opensips.org/cgi-bin/mailman/listinfo/devel> >>>> >>> ______________________________**_________________ >> Users mailing list >> Users@lists.opensips.org >> http://lists.opensips.org/cgi-**bin/mailman/listinfo/users<http://lists.opensips.org/cgi-bin/mailman/listinfo/users> >> > > > ______________________________**_________________ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-**bin/mailman/listinfo/users<http://lists.opensips.org/cgi-bin/mailman/listinfo/users> >
_______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users