Discussion:
[SR-Users] Fwd: Reqd. help on Corex (Obfuscate) - Kamailio 4.2.x
Rahul MathuR
2014-09-16 16:54:17 UTC
Permalink
Hello,

I was going through the new features and stumbled upon this new one -
developed by Mohd. Shahzad Shafi.
As already mentioned on the wiki about this module, I intend to use it for
my custom security layer between UACs and SIP Proxy (Kamailio) but the
issue is - the custom security layer (encryption/decryption code) is
written in C and should precisely be applied for the messages between UAC
and Proxy.

Is there a way I can achieve this using Corex module since it does
intercept the network I/O messages ?

Any help here would be really appreciated.
--
Warm Regds.
MathuRahul
Daniel-Constantin Mierla
2014-09-16 17:05:22 UTC
Permalink
Hello,

I would recommend to develop (or extend) a module for it if you have C
code -- this should be trivial if you have C knowledge and the other
code is already in C -- especially if the performance is a demand.

For a proof of concept, expecting that the encryption/description can be
done with a command line tool, look at exec module for options to
execute external applications, giving parameters from config and getting
the output in an avp variable that can be used further in config.

For exec option, you still need to use corex to have the needed
event_routes for network i/o executed.

Cheers,
Daniel
Post by Rahul MathuR
Hello,
I was going through the new features and stumbled upon this new one -
developed by Mohd. Shahzad Shafi.
As already mentioned on the wiki about this module, I intend to use it
for my custom security layer between UACs and SIP Proxy (Kamailio) but
the issue is - the custom security layer (encryption/decryption code)
is written in C and should precisely be applied for the messages
between UAC and Proxy.
Is there a way I can achieve this using Corex module since it does
intercept the network I/O messages ?
Any help here would be really appreciated.
--
Warm Regds.
MathuRahul
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Next Kamailio Advanced Trainings 2014 - http://www.asipto.com
Sep 22-25, Berlin, Germany
Rahul MathuR
2014-09-16 18:42:19 UTC
Permalink
Thanks for replying !

But how to check whether a particular message received by Kamailio was sent
by UAC or SIP Server ?
Also, on the same lines - how to know whether a particular message about to
be send from Kamailio is bound to UAC or SIP Server ?
Hi,
The network io intercept feature basically allows kamailio script writer
to do whatever s/he may want to do with raw SIP packets (that are just
received by kamailio or about to be sent out by kamailio), e.g. encryption,
compression or any final touches to sip message before it is processed by
kamailio core. That is why it is purposely kept abstract and any particular
use or implementation is left to the script writer.
In your case the encryption / decryption code is in C/C++, you can try one
of the followings,
1. Writeup a C/C++ program that receives outgoing SIP message as text (and
some other parameters, e.g. encryption key) in input arguments and returns
the encrypted message in event_route [ network:msg ] and vice versa (for
incoming messages). You can call this program directly from kamailio.cfg
script.
2. Writeup e.g. a PERL wrapper for your encryption / decryption C/C++ code
and call it using kamailio app_perl module within event_route [ network:msg
] as demonstrated in this example,
http://kamailio.org/docs/modules/devel/modules/corex.html#idp125704
You can also use any other kamailio language bind of you choice as well,
e.g. Python, LUA, JAVA and so on.
I would recommend the second option, as it has less processing overhead
for kamailio.
Thank you.
Post by Rahul MathuR
Hello,
I was going through the new features and stumbled upon this new one -
developed by Mohd. Shahzad Shafi.
As already mentioned on the wiki about this module, I intend to use it
for my custom security layer between UACs and SIP Proxy (Kamailio) but the
issue is - the custom security layer (encryption/decryption code) is
written in C and should precisely be applied for the messages between UAC
and Proxy.
Is there a way I can achieve this using Corex module since it does
intercept the network I/O messages ?
Any help here would be really appreciated.
--
Warm Regds.
MathuRahul
_______________________________________________
sr-dev mailing list
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
_______________________________________________
sr-dev mailing list
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
--
Warm Regds.
MathuRahul
Rahul MathuR
2014-09-17 02:24:21 UTC
Permalink
Hi,

Did you get some free cycles to look at it ?
Post by Rahul MathuR
Thanks for replying !
But how to check whether a particular message received by Kamailio was
sent by UAC or SIP Server ?
Also, on the same lines - how to know whether a particular message about
to be send from Kamailio is bound to UAC or SIP Server ?
Hi,
The network io intercept feature basically allows kamailio script writer
to do whatever s/he may want to do with raw SIP packets (that are just
received by kamailio or about to be sent out by kamailio), e.g. encryption,
compression or any final touches to sip message before it is processed by
kamailio core. That is why it is purposely kept abstract and any particular
use or implementation is left to the script writer.
In your case the encryption / decryption code is in C/C++, you can try
one of the followings,
1. Writeup a C/C++ program that receives outgoing SIP message as text
(and some other parameters, e.g. encryption key) in input arguments and
returns the encrypted message in event_route [ network:msg ] and vice versa
(for incoming messages). You can call this program directly from
kamailio.cfg script.
2. Writeup e.g. a PERL wrapper for your encryption / decryption C/C++
code and call it using kamailio app_perl module within event_route [
network:msg ] as demonstrated in this example,
http://kamailio.org/docs/modules/devel/modules/corex.html#idp125704
You can also use any other kamailio language bind of you choice as well,
e.g. Python, LUA, JAVA and so on.
I would recommend the second option, as it has less processing overhead
for kamailio.
Thank you.
Post by Rahul MathuR
Hello,
I was going through the new features and stumbled upon this new one -
developed by Mohd. Shahzad Shafi.
As already mentioned on the wiki about this module, I intend to use it
for my custom security layer between UACs and SIP Proxy (Kamailio) but the
issue is - the custom security layer (encryption/decryption code) is
written in C and should precisely be applied for the messages between UAC
and Proxy.
Is there a way I can achieve this using Corex module since it does
intercept the network I/O messages ?
Any help here would be really appreciated.
--
Warm Regds.
MathuRahul
_______________________________________________
sr-dev mailing list
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
_______________________________________________
sr-dev mailing list
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
--
Warm Regds.
MathuRahul
--
Warm Regds.
MathuRahul
Daniel-Constantin Mierla
2014-09-17 07:14:56 UTC
Permalink
Hello,

the corex has a function to tell if the message is received by kamailio
or sent out:

- http://kamailio.org/docs/modules/devel/modules/corex.html#idp29928

If you interconnect with other servers/gateways when you don't what to
do special encoding, then you need to test src ip or look ar r-uri/dst uri.

Cheers,
Daniel
Post by Rahul MathuR
Hi,
Did you get some free cycles to look at it ?
On Wed, Sep 17, 2014 at 12:12 AM, Rahul MathuR
Thanks for replying !
But how to check whether a particular message received by Kamailio
was sent by UAC or SIP Server ?
Also, on the same lines - how to know whether a particular message
about to be send from Kamailio is bound to UAC or SIP Server ?
On Tue, Sep 16, 2014 at 10:51 PM, Muhammad Shahzad
Hi,
The network io intercept feature basically allows kamailio
script writer to do whatever s/he may want to do with raw SIP
packets (that are just received by kamailio or about to be
sent out by kamailio), e.g. encryption, compression or any
final touches to sip message before it is processed by
kamailio core. That is why it is purposely kept abstract and
any particular use or implementation is left to the script writer.
In your case the encryption / decryption code is in C/C++, you
can try one of the followings,
1. Writeup a C/C++ program that receives outgoing SIP message
as text (and some other parameters, e.g. encryption key) in
input arguments and returns the encrypted message in
event_route [ network:msg ] and vice versa (for incoming
messages). You can call this program directly from
kamailio.cfg script.
2. Writeup e.g. a PERL wrapper for your encryption /
decryption C/C++ code and call it using kamailio app_perl
module within event_route [ network:msg ] as demonstrated in
this example,
http://kamailio.org/docs/modules/devel/modules/corex.html#idp125704
You can also use any other kamailio language bind of you
choice as well, e.g. Python, LUA, JAVA and so on.
I would recommend the second option, as it has less processing
overhead for kamailio.
Thank you.
On Tue, Sep 16, 2014 at 6:09 PM, Rahul MathuR
Hello,
I was going through the new features and stumbled upon
this new one - developed by Mohd. Shahzad Shafi.
As already mentioned on the wiki about this module, I
intend to use it for my custom security layer between UACs
and SIP Proxy (Kamailio) but the issue is - the custom
security layer (encryption/decryption code) is written in
C and should precisely be applied for the messages between
UAC and Proxy.
Is there a way I can achieve this using Corex module since
it does intercept the network I/O messages ?
Any help here would be really appreciated.
--
Warm Regds.
MathuRahul
_______________________________________________
sr-dev mailing list
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
_______________________________________________
sr-dev mailing list
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
--
Warm Regds.
MathuRahul
--
Warm Regds.
MathuRahul
_______________________________________________
sr-dev mailing list
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Next Kamailio Advanced Trainings 2014 - http://www.asipto.com
Sep 22-25, Berlin, Germany
Loading...