search

signalwire / freeswitch

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a versatile software implementation that runs on any commodity hardware. From a Raspberry PI to a multi-core server, FreeSWITCH can unlock the telecommunications potential of any device.
https://freeswitch.com/#getting-started
Other
3.56k stars 1.41k forks source link

Freeswitch still negotiate SRTP even though rtp_secure_media set to forbidden #1980

Open ehelaya opened 1 year ago

ehelaya commented 1 year ago

Hi All,

I have a scenario where Freeswitch getting an INVITE with both RTP and SRTP offer. Even though I have set <X-PRE-PROCESS cmd="set" data="rtp_secure_media=forbidden"/> in vars.xml, Freeswitch still accepting SRTP instead of accepting RTP.

2023-02-28 15:28:00.166921 [NOTICE] switch_channel.c:1118 New Channel sofia/erlang/sipp@10.3.65.120:5061 [fd3710f0-7000-4620-bbdf-73badae89e9f]
2023-02-28 15:28:00.166921 [DEBUG] switch_core_state_machine.c:585 (sofia/erlang/sipp@10.3.65.120:5061) Running State Change CS_NEW (Cur 1 Tot 4)
2023-02-28 15:28:00.166921 [DEBUG] sofia.c:10279 sofia/erlang/sipp@10.3.65.120:5061 receiving invite from 10.3.65.120:5061 version: 1.10.3 -release.5 64bit
2023-02-28 15:28:00.166921 [DEBUG] sofia.c:7325 Channel sofia/erlang/sipp@10.3.65.120:5061 entering state [received][100]
2023-02-28 15:28:00.166921 [DEBUG] sofia.c:7335 Remote SDP:
v=0
o=user1 53655765 2353687637 IN IP4 10.3.65.120
s=-
c=IN IP4 10.3.65.120
t=0 0
m=audio 6000 RTP/SAVP 8 0 18 97 101 13
c=IN IP4 10.3.65.120
a=rtpmap:8 PCMA/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:97 RED/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=rtpmap:13 CN/8000
a=rtcp:7097 IN IP4 10.3.65.120
a=label:main-audio
a=mid:1
a=ptime:20
a=fingerprint:sha-256 75:71:69:F8:5A:A6:03:9D:10:9E:F5:63:67:82:7E:BD:B9:71:99:79:46:DE:CE:09:4B:8D:F7:5E:F2:C6:4C:A6
a=setup:actpass
a=rtcp-mux
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:1H4F/XQ4E+fZ3c+Vga7/L006GOhg4lsGf4qvZZDy|2^31
a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:vIGYkbPvakk0Z817JmmnxCpCWjRioOVRHkEqg9if|2^31
a=crypto:3 AES_256_CM_HMAC_SHA1_80 inline:0Kiu9t+TDO2Tqqe6H5WXBpxFp/EjDgkb+ORPRuCaL0U60vcRYMP+yoWo63fkEw==|2^31
a=crypto:4 AES_256_CM_HMAC_SHA1_32 inline:QFojzJaaW494dyFIav1xzOzREx6f87zr+SmY9aP8xk0JSqCcWiNxPj83MgzIFA==|2^31
m=audio 6000 RTP/AVP 8 0 18 97 101 13
c=IN IP4 10.3.65.120
a=rtpmap:8 PCMA/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:97 RED/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=rtpmap:13 CN/8000
a=rtcp:7097 IN IP4 10.3.65.120
a=label:main-audio
a=mid:2
a=ptime:20
a=rtcp-mux

......

2023-02-28 15:28:01.246932 [DEBUG] mod_erlang_event.c:157 Sending event CHANNEL_EXECUTE to attached session fd3710f0-7000-4620-bbdf-73badae89e9f
2023-02-28 15:28:01.246932 [DEBUG] switch_core_media.c:5592 Audio Codec Compare [PCMA:8:8000:20:64000:1]/[PCMU:0:8000:20:64000:1]
2023-02-28 15:28:01.246932 [DEBUG] switch_core_media.c:5592 Audio Codec Compare [PCMA:8:8000:20:64000:1]/[PCMA:8:8000:20:64000:1]
2023-02-28 15:28:01.246932 [DEBUG] switch_core_media.c:5647 Audio Codec Compare [PCMA:8:8000:20:64000:1] ++++ is saved as a match
2023-02-28 15:28:01.246932 [DEBUG] switch_core_media.c:5592 Audio Codec Compare [PCMU:0:8000:20:64000:1]/[PCMU:0:8000:20:64000:1]
2023-02-28 15:28:01.246932 [DEBUG] switch_core_media.c:5647 Audio Codec Compare [PCMU:0:8000:20:64000:1] ++++ is saved as a match
2023-02-28 15:28:01.246932 [DEBUG] switch_core_media.c:5592 Audio Codec Compare [PCMU:0:8000:20:64000:1]/[PCMA:8:8000:20:64000:1]
2023-02-28 15:28:01.246932 [DEBUG] switch_core_media.c:5592 Audio Codec Compare [G729:18:8000:20:8000:1]/[PCMU:0:8000:20:64000:1]
2023-02-28 15:28:01.246932 [DEBUG] switch_core_media.c:5592 Audio Codec Compare [G729:18:8000:20:8000:1]/[PCMA:8:8000:20:64000:1]
2023-02-28 15:28:01.246932 [DEBUG] switch_core_media.c:5592 Audio Codec Compare [RED:97:8000:20:0:1]/[PCMU:0:8000:20:64000:1]
2023-02-28 15:28:01.246932 [DEBUG] switch_core_media.c:5592 Audio Codec Compare [RED:97:8000:20:0:1]/[PCMA:8:8000:20:64000:1]
2023-02-28 15:28:01.246932 [DEBUG] switch_core_media.c:5508 Set telephone-event payload to 101@8000
2023-02-28 15:28:01.246932 [DEBUG] switch_core_media.c:3837 Set Codec sofia/erlang/sipp@10.3.65.120:5061 PCMA/8000 20 ms 160 samples 64000 bits 1 channels
2023-02-28 15:28:01.246932 [DEBUG] switch_core_codec.c:111 sofia/erlang/sipp@10.3.65.120:5061 Original read codec set to PCMA:8
2023-02-28 15:28:01.246932 [DEBUG] mod_erlang_event.c:157 Sending event CODEC to attached session fd3710f0-7000-4620-bbdf-73badae89e9f
2023-02-28 15:28:01.246932 [DEBUG] mod_erlang_event.c:157 Sending event CODEC to attached session fd3710f0-7000-4620-bbdf-73badae89e9f
2023-02-28 15:28:01.246932 [DEBUG] switch_core_media.c:5851 Set telephone-event payload to 101@8000
2023-02-28 15:28:01.246932 [DEBUG] switch_core_media.c:5909 sofia/erlang/sipp@10.3.65.120:5061 Set 2833 dtmf send payload to 101 recv payload to 101
2023-02-28 15:28:01.246932 [DEBUG] switch_core_media.c:8661 AUDIO RTP [sofia/erlang/sipp@10.3.65.120:5061] 10.3.65.120 port 21618 -> 10.3.65.120 port 6000 codec: 8 ms: 20
2023-02-28 15:28:01.246932 [DEBUG] switch_rtp.c:4413 Starting timer [soft] 160 bytes per 20ms
2023-02-28 15:28:01.246932 [DEBUG] switch_rtp.c:8810 Activate VAD codec PCMA 20ms
2023-02-28 15:28:01.246932 [DEBUG] switch_core_media.c:8834 AUDIO RTP Engage VAD for sofia/erlang/sipp@10.3.65.120:5061 ( in out )
2023-02-28 15:28:01.246932 [DEBUG] switch_core_media.c:8883 Activating RTCP PORT 6000
2023-02-28 15:28:01.246932 [DEBUG] switch_rtp.c:4811 RTCP send rate is: 1000 and packet rate is: 20000 Remote Port: 6000

2023-02-28 15:28:01.246932 [INFO] switch_rtp.c:3741 Activate RTP/RTCP audio DTLS client
2023-02-28 15:28:01.246932 [INFO] switch_rtp.c:3908 Changing audio DTLS state from OFF to HANDSHAKE

2023-02-28 15:28:01.246932 [DEBUG] switch_core_media.c:8975 sofia/erlang/sipp@10.3.65.120:5061 Set 2833 dtmf send payload to 101
2023-02-28 15:28:01.246932 [DEBUG] switch_core_media.c:8982 sofia/erlang/sipp@10.3.65.120:5061 Set 2833 dtmf receive payload to 101
2023-02-28 15:28:01.246932 [DEBUG] switch_core_media.c:9005 sofia/erlang/sipp@10.3.65.120:5061 Set rtp dtmf delay to 40
2023-02-28 15:28:01.246932 [NOTICE] sofia_media.c:92 Pre-Answer sofia/erlang/sipp@10.3.65.120:5061!
2023-02-28 15:28:01.246932 [DEBUG] mod_erlang_event.c:157 Sending event CHANNEL_PROGRESS_MEDIA to attached session fd3710f0-7000-4620-bbdf-73badae89e9f
2023-02-28 15:28:01.246932 [DEBUG] switch_channel.c:3565 (sofia/erlang/sipp@10.3.65.120:5061) Callstate Change RINGING -> EARLY
2023-02-28 15:28:01.246932 [DEBUG] mod_erlang_event.c:157 Sending event CHANNEL_CALLSTATE to attached session fd3710f0-7000-4620-bbdf-73badae89e9f
2023-02-28 15:28:01.246932 [DEBUG] switch_core_media.c:8643 Audio params are unchanged for sofia/erlang/sipp@10.3.65.120:5061.
2023-02-28 15:28:01.246932 [DEBUG] mod_sofia.c:898 Local SDP sofia/erlang/sipp@10.3.65.120:5061:
v=0
o=FreeSWITCH 1677536863 1677536864 IN IP4 10.3.65.120
s=FreeSWITCH
c=IN IP4 10.3.65.120
t=0 0
m=audio 21618 RTP/SAVP 8 101
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=sendrecv
a=fingerprint:sha-256 B9:99:38:88:E3:13:80:03:CE:2A:06:14:85:78:9A:F7:C0:CC:54:A0:D6:B1:5E:E3:3B:2E:30:3D:52:EA:5D:22
a=setup:active
a=rtcp-mux
a=rtcp:21618 IN IP4 10.3.65.120
m=audio 0 RTP/AVP 19

Freeswitch version: version: 1.10.3 -release.5 64bit

Much appreciate any leads. thanks in advance.

dragos-oancea commented 1 year ago

do you have rtp_secure_media_inbound or rtp_secure_media_outbound set ?

what if you set an invalid value for "rtp_secure_media", do you get a log line like "INVALID VALUE FOR %s defaulting to 'forbidden'" ?