- h323plus - lists.packetizer.com

GNU Gatekeer 4.9 released
by Jan Willamowius 05 Apr '18

05 Apr '18

Hi, I have just released GNU Gatekeeper version 4.9. This version has new features and a few bug fixes. You can download it from https://www.gnugk.org/h323download.html Whats new ? We have 2 new accounting modules: HtttpAcct and AMQPAcct that allow you to send accounting events via HTTP GET or POST to a web service or push them into a RabbitMQ queue. There are also many new accounting placeholders that you can use with any of the accounting modules and there is a new accounting event 'reject' to track calls rejected with ARJ that went unnoticed before. The new RTP inactivity checking allows you to drop calls if there wasn't any RTP activity for a defined amount of time. GeoIP authentication has been significantly updated to support all RAS and all Q.931 messages and to support the new Maxmind database format (GeoIP2). There were also a few bug fixes: - BUGFIX(ProxyChannel.cxx) fix crash while handling RTP packets - BUGFIX(RasTbl.cxx) fix disconnecting unregistered endpoints - BUGFIX(RasSrv.cxx) fix crash in some Avaya endpoints when receiving GCF with a gatekeeperIdentifier - BUGFIX(RasSrv.cxx) fix crash when using IPv6 - BUGFIX(ProxyChannel.cxx) fix handling of CloseLogicalChannel Enjoy! -- Jan Willamowius, Founder of the GNU Gatekeeper Project EMail : jan(a)willamowius.de Website: https://www.gnugk.org Support: https://www.willamowius.com/gnugk-support.html Relaxed Communications GmbH Frahmredder 91 22393 Hamburg Geschäftsführer: Jan Willamowius HRB 125261 (Amtsgericht Hamburg) USt-IdNr: DE286003584

1 0

GNU Gatekeeper 4.8 released
by Jan Willamowius 17 Jan '18

17 Jan '18

Hi, I have just released GNU Gatekeeper version 4.8. This version has many new features. You can download the new version from https://www.gnugk.org/h323download.html Overview: New maintenance mode: When you need to take down your GnuGk server (eg. for an OS update), you can switch GnuGk to maintenance mode where it will only allow ongoing calls to finish and automatically redirects all idle endpoints to an alternate GnuGk server. The status port command is "MaintenanceMode <alternate IP>". Detailed information about ongoing calls: You can now display lots of information about each ongoing call (codecs, bandwidth used, IPs etc.). The web interface has been extended to to show this information. See https://www.gnugk.org/images/web7.jpg Easier installation on AWS and inside docker containers. You can now let GnuGk automatically detect the public IP of your AWS server, even from within a docker container. You can also automatically insert your public/external IP into your trace file names to store logs from many servers in the same directory. Extended API: Call routing with external applications has been expanded. You can now set the display names for participants and desired reject codes on the status port. You can also access the vendor information of all registered endpoints. The web interface has been extended to provide this information, too. HttpPasswordAuth has been greatly extended to fetch password information from backend servers. We now use curl to support https and you can add many new placeholders in your queries. Extended screening and rewriting of display names and calling party names. Important bug fixes: Multiplexed RTP is now much more robust and password authentication to parent gatekeepers has been fixed. There are also interop fixes for TCP keep-alives. Please see the full change log below for more details. Changes from 4.7 to 4.8 ======================= - HttpPasswordAuth: support https and add new placeholders - PrintAllRegistrationsVerbose now also shows the endpoint vendor - new status port command: MaintenanceMode - new status port command: PrintCallInfo - allow placeholder %{gkip} and %{external-ip} in [LogFile] Filename= - fetch AWS public/elastic IP if ExternalIP=AWSPublicIP - new commandline switch: -e / --externalip - extend status port command RouteReject to set reject reason - extend status port commands RouteToAlias, RouteToGateway etc. to set display IE for calling and called - new switch: [LogFile] DeleteOnRotation=1 to delete the old logfile when rotating instead of renaming it - new switches: [RoutedMode] AppendToCallingPartyNumberIE= / PrependToCallingPartyNumberIE= to add any string before or after the calling party number IE when ScreenCallingPartyNumberIE=RegisteredAlias - when [RoutedMode] ScreenCallingPartyNumberIE= is set to RegisteredAlias, GnuGk sets calling party number IE to the registered alias (forced screening) - delete DisplayIE when [RoutedMode] ScreenDisplayIE=Delete - new switch [Endpoint] Authenicators= - new default: [RoutedMode] GnuGkTcpKeepAliveMethodH225=EmptyFacility - new default: [RoutedMode] H460KeepAliveMethodH225=EmptyFacility for Cisco interop - new setting "None" for keep-alive methods - BUGFIX(ProxyChannel.cxx) fix bugs in H.460.19 RTP multiplexing - BUGFIX(ProxyChannel.cxx) don't send H.460 keep-alive to non-H.460 party when calling H.460 party - BUGFIX(Routing.cxx) show called port in RouteRequests (as documented) - BUGFIX(GkClient.*) fix password authentication with parent - BUGFIX(Routing.cxx) remove semicolon and pipe chars from vendor string in RouteRequests - better handling of IPv6 GRQ without RAS address - BUGFIX(ProxyChannel.cxx) turn off encryption proxy if DH key is negotiated, but TCS doesn't contain any H.235 entries - BUGFIX(ProxyChannel.cxx) fix running in proxy mode on FreeBSD when one Home IP is set - BUGFIX(ProxyChannel.cxx) fix DisableSettingUDPSourceIP=1 for Windows, NetBSD, OpenBSD and Solaris - BUGFIX(yasocket.cxx) fix LARGE_FDSET for NetBSD, OpenBSD and Solaris -- Jan Willamowius, Founder of the GNU Gatekeeper Project EMail : jan(a)willamowius.de Website: https://www.gnugk.org Support: https://www.willamowius.com/gnugk-support.html Relaxed Communications GmbH Frahmredder 91 22393 Hamburg Geschäftsführer: Jan Willamowius HRB 125261 (Amtsgericht Hamburg) USt-IdNr: DE286003584

1 0

H323Plus 1.26.9 released
by Jan Willamowius 16 Jan '18

16 Jan '18

Hi, I have just published the 1.26.9 release with many bug fixes compared to 1.26.8. Please download it from https://www.h323plus.org/source/ or directly from Github: https://github.com/willamowius/h323plus Regards, Jan -- Jan Willamowius, Founder of the GNU Gatekeeper Project EMail : jan(a)willamowius.de H.323 Support: https://www.willamowius.com/ Relaxed Communications GmbH Frahmredder 91 22393 Hamburg Geschäftsführer: Jan Willamowius HRB 125261 (Amtsgericht Hamburg) USt-IdNr: DE286003584

1 0

Size constraints for H225_ArrayOf_EnumeratedParameter
by Denis Kochmashev 29 Oct '17

29 Oct '17

Hello! I have encountered something which looks like a bug. When I add parameters to my custom H460_Feature via H460_FeatureTable table; : table.AddParameter(id, content); : SetCurrentTable(table); H323Plus produces malformed packet with incorrectly encoded size of H225_ArrayOf_EnumeratedParameter. I've found that size constraints for H225_ArrayOf_EnumeratedParameter are not beeing set, however, according to spec, they had to be set. So, if my conclusion is right, I propose a small patch like the following: --- h225_2.cxx.orig 2013-07-23 00:26:59.000000000 +0600 +++ h225_2.cxx 2017-10-23 11:00:27.000000000 +0500 @@ -19,6 +19,7 @@ H225_ArrayOf_EnumeratedParameter::H225_ArrayOf_EnumeratedParameter(unsigned tag, PASN_Object::TagClass tagClass) : PASN_Array(tag, tagClass) { + SetConstraintBounds(PASN_Object::FixedConstraint, 1, 512); } Regards, Denis

3 3

H323Plus source code moving to Github
by Jan Willamowius 13 Oct '17

13 Oct '17

Hi, SourceForge will close down all CVS repositories shortly. The H323Plus source repository is thus moving to Github. Along with it the repositories for GnuGk and our PTLib fork also move to Github. https://github.com/willamowius/h323plus https://github.com/willamowius/gnugk https://github.com/willamowius/ptlib Regards, Jan -- Jan Willamowius, Founder of the GNU Gatekeeper Project EMail : jan(a)willamowius.de H.323 Support: https://www.willamowius.com/ Relaxed Communications GmbH Frahmredder 91 22393 Hamburg Geschäftsführer: Jan Willamowius HRB 125261 (Amtsgericht Hamburg) USt-IdNr: DE286003584

1 0

GNU Gatekeeper 4.7 has been released (security update)
by Jan Willamowius 21 Sep '17

21 Sep '17

Hi, GNU Gatekeeper version 4.7 has just been released. This version is purely a security update and has no new features. All users are encouraged to update, especially if you use port detection (IgnoreSignaledIPs=1) you should update ASAP. It has been discovered that GnuGk is vulnerable in some configurations for RTP bleed attacks (https://rtpbleed.com/) By updating to version 4.7 only the first packets in each media stream influence the media destination. To further secure your configuration, you can set [Proxy] RestrictRTPSources=Net to only accept RTP from the same class C network that the call signaling came from. Please beware that this may break a few valid calls where this condition isn't met. You can download the new version from https://www.gnugk.org/h323download.html Please see the full change log below. Changes from 4.6 to 4.7 ======================= - fixes for RTP Bleed - new switch [Proxy] RestrictRTPSources=IP or Net to limit accepting RTP from the call signal IPs or the respective class C network - new switch [Proxy] LegacyPortDetection=1 to keep port detection help for some very old and broken endpoints that will make your gatekeeper vulnerable to RTP Bleed attacks - BUGFIX(ProxyChannel.cxx) replace @ip or ip## from aliases when using RedirectCallsToGkIP - BUGFIX(ProxyChannel.cxx) better initialization of sendmsg() structs - new command line option: now you can use -S instead of --strict (needed on BSD systems) -- Jan Willamowius, Founder of the GNU Gatekeeper Project EMail : jan(a)willamowius.de Website: https://www.gnugk.org Support: https://www.willamowius.com/gnugk-support.html Relaxed Communications GmbH Frahmredder 91 22393 Hamburg Geschäftsführer: Jan Willamowius HRB 125261 (Amtsgericht Hamburg) USt-IdNr: DE286003584

1 0

GNU Gatekeeper 4.6 is out
by Jan Willamowius 04 Sep '17

04 Sep '17

Hi, I'm happy to announce that GNU Gatekeeper version 4.6 has just been released. This version has a few new features as well as bug fixes. New features: - least used routing: distribute calls evenly between gateways or MCUs (new switch [RasSrv::ARQFeatures] LeastUsedRouting=1) - ability to log to the Unix syslog instead of the trace file (new switch [LogFile] TraceToSyslog=1) - new authentication module TwoAliasAuth this is not very safe, but you can use it with endpoints that do not support any password transmission - new switch [CTI::MakeCall] Bandwidth= to set the maximum bandwidth for the calls generated by the GnuGk status port API - status port command: UnregisterEP <ep-id> - a number of switches to fine tune TCP keepalives - new switch to remove load balancers from the call path ([RoutedMode] RedirectCallsToGkIP=1) Bug fixes: - fixed TCP keepalive for H.460 calls - fixes to port detection for unregistered calls - audio fix when GnuGk adds encryption to calls - many smaller fixes You can download the new version from https://www.gnugk.org/h323download.html Please see the full change log below. Changes from 4.5 to 4.6 ======================= - new switch: [RoutedMode] RedirectCallsToGkIP=1 - new switches: [RoutedMode] H460KeepAliveMethodH225=, H460KeepAliveMethodH245=, GnuGkTcpKeepAliveMethodH225=, GnuGkTcpKeepAliveMethodH245= - BUGFIX(ProxyChannel.cxx) TCP keep-alives for H.460.18 calls weren't always enabled correctly - don't open a status port listener if [Gatekeeper::Main] StatusPort=0 - BUGFIX(Toolkit.cxx) remove trailing chars before checking for DefaultDomain - add callID to H.245 trace messages for easier debugging - BUGFIX(ProxyChannel.cxx) forward ReleaseComplete from remaining party while doing call reroute - BUGFIX(ProxyChannel.cxx) drop un-en/decryptable RTP packets at end of call when adding encryption - new status port command: UnregisterEP <ep-id> - BUGFIX(RasSrv.cxx) remove IPv6 addresses before processing RRQs when IPv6 is not enabled - send Facility message as as non-H.460.18 keep-alive for H.225 - send non-standard H.245 userIndication as non-H.460.18 keep-alive for H.245 - new switch [RoutedMode] DisableGnuGkH245TcpKeepAlive=1 - new switch [LogFile] TraceToSyslog=1 to send trace output to syslog (Unix only) - BUGFIX(ProxyChannel.cxx) fix port detection for re-opened channels with IgnoreSignaledIPs=1 - new switch [CTI::MakeCall] Bandwidth= to set the maximum bandwidth for the call - new switch [RasSrv::ARQFeatures] LeastUsedRouting=1 to select the least used gateway - new authentication module TwoAliasAuth -- Jan Willamowius, Founder of the GNU Gatekeeper Project EMail : jan(a)willamowius.de Website: https://www.gnugk.org Support: https://www.willamowius.com/gnugk-support.html Relaxed Communications GmbH Frahmredder 91 22393 Hamburg Geschäftsführer: Jan Willamowius HRB 125261 (Amtsgericht Hamburg) USt-IdNr: DE286003584

1 0

H323Plus 1.26.8 release and h323plus.org website
by Jan Willamowius 03 Sep '17

03 Sep '17

Hi, I have just released H323Plus 1.26.8. This version contains a number of bug fixes that were only available through the CVS until now. https://www.h323plus.org/source/ I'm also taking over the maintenance of the h323plus.org website. If you run into any issues, please email me. Regards, Jan -- Jan Willamowius, Founder of the GNU Gatekeeper Project EMail : jan(a)willamowius.de Website: https://www.gnugk.org Support: https://www.willamowius.com/gnugk-support.html Relaxed Communications GmbH Frahmredder 91 22393 Hamburg Geschäftsführer: Jan Willamowius HRB 125261 (Amtsgericht Hamburg) USt-IdNr: DE286003584

1 0

H235 on extended video channel (H239)
by Diego Carvalho Domingos 18 Aug '17

18 Aug '17

Hi, all I'm successfully using both h239 and h235 (for audio and video channels) in my application. Now I also would like to encrypt the content video (extended video channel). It seems that the security capability is not being added to the H.239(H.264{sw} <1>) capability. Is there some way to enable it? Thanks in advance. Diego

1 1

problem about H.235
by gary 13 Aug '17

13 Aug '17

HI Simon and Jan after enabed the H235 media encryption, openmcu and H323 ep in the same network were work well . however , when they were in different networks， 1 . only audio PDU（200bytes）received at MCU , MCU can not receive video pdu（above 1000 bytes）.i am sure the ep had upload the audio and video packages . 2. the threads used for trasmit and receive data had been create , but no data send to H323 ep . some messages hint that PTLIB write Blocking ，but i don‘t know why , use fcntl() to set read/write NONBLOCKING , But not effective . please help thanks gary

2 1