F1 REGISTER web browser -> webrtc2sip (transport WSS)

-- TODO--

F2 REGISTER webrtc2sip -> SIP-legacy network (transport UDP)

-- TODO --

F3 200 OK SIP-legacy network -> webrtc2sip (transport UDP)

--TODO--

F4 200 OK webrtc2sip -> web browser(transport WSS)

--TODO--

F4 200 OK webrtc2sip -> web browser(transport WSS)

--TODO--

F5 INVITE SIP-legacy endpoint -> SIP-legacy network (transport UDP)

--TODO--

F6 INVITE SIP-legacy network -> webrtc2sip (transport UDP)

--TODO--

F7 100Trying webrtc2sip -> SIP-legacy network (transport UDP)

--TODO--

F8 INVITE webrtc2sip -> web browser (transport WSS)

--TODO--

F9 200 OK web browser -> webrtc2sip (transport WSS)

--TODO--

F10 200 OK webrtc2sip -> SIP-legacy network (transport UDP)

--TODO--

F11 200 OK SIP-legacy network -> SIP-legacy endpoint (transport UDP)

--TODO--

3.3Media Coder

 

Figure 5: Media Coder architecture

The RTCWeb standard defined two MTI (Mandatory To Implement) audio codecs: opus and g.711.

For now there are intense discussions about the MTI video codecs. The choice is between VP8 and H.264. VP8 is royalty-free but not widely deployed while H.264 AVC is not free but widely deployed. Google has decided to use VP8 in Chrome while Ericsson uses H.264 AVC in Bowser. Mozilla and Opera Software will probably use VP8 and Microsoft H.264 AVC. As an example, the Media Coder will allow to make video calls between Chrome and Bowser. Another example is calling a Telepresence system (e.g. Cisco) which most likely uses H.264 SVC from Chrome.

The Media Coder is enabled using the xml configuration file and requires RTCWeb breaker module to be enabled.

3.4Click-to-Call

This is more a service than a module as it’s a complete SIP click-to-call solution based on the three other components. The goal is to allow any person receiving your mails, visiting your website, reading your twitts, watching your Facebook/Google+ profile to call you on your mobile phone with a single click.

The client is hosted at http://click2dial.org/

A short user guide is available at http://click2dial.org/u/ug.htm

 

Figure 6: click-to-call components

3.4.1SMTP client

This component is used to send activation mails for newly registered users. It’s coded from scratch and has no external dependencies.

3.4.2HTTPS server

For now, the HTTPS server is used exclusively by the JSON API to exchange content between the browser and the click-to-call service. It’s coded from scratch and depends on tinyHTTP (from Doubango VoIP framework).

3.4.3Database connector

Agnostic API functions to connect to any database used to store users information, configuration…

In this beta version, only SQLite is supported. Next release will add support to MySQL and SQL Server.

3.4.4JSON API

The JSON API is used to authenticate the users and manage their accounts. The documentation will be released soon at http://click2dial.org/doc.htm. On the server-side, the parser is based on Json-Cpp.

4Configuration

The gateway is configured using an xml file named config.xml and stored in the same folder where the gateway is running.

<?xml version="1.0" encoding="utf-8" ?>

<config>

  <debug-level>INFO</debug-level>

  <transport>udp;*;10060</transport>

  <transport>ws;*;10060</transport>

  <transport>wss;*;10062</transport>

  <enable-rtp-symetric>yes</enable-rtp-symetric>

  <enable-100rel>no</enable-100rel>

  <enable-media-coder>no</enable-media-coder>

  <enable-videojb>yes</enable-videojb>

  <video-size-pref>vga</video-size-pref>

  <rtp-buffsize>65535</rtp-buffsize>

  <avpf-tail-length>100;400</avpf-tail-length>

  <srtp-mode>optional</srtp-mode>

  <srtp-type>sdes;dtls</srtp-type>

  <dtmf-type>rfc4733</dtmf-type>

  <codecs>pcma;pcmu;gsm;vp8;h264-bp;h264-mp;h263;h263+</codecs>

  <nameserver>66.66.66.66</nameserver>

  <nameserver>77.77.77.77</nameserver>

  <ssl-certificates>

/tmp/priv.pem;

/tmp/pub.pem;

/tmp/cacert.pem;

no

</ssl-certificates>

<!-- ***CLICK-TO-CALL SERVICE*** -->

  <transport>c2c;*;10070</transport>

  <transport>c2cs;*;10072</transport>

  <database>sqlite;*</database>

  <account-mail>smtps;*;*;e.org;465;noreply@e.org;noreply@e.org;mysecret </account-mail>

  <account-sip-caller>*;sip:13131313@b.c;13131313;b.c;mysecret</account-sip-caller>

  <account-sip-caller>*;sip:13131313@a.c;13131313;a.c;mysecret</account-sip-caller>

</config>

Sample 1: config.xml

<debug-level />

Define the minimum debug-level to display.

Format: debug-level-value

Debug-level-value = INFO | WARN | ERROR | FATAL

<transport />

Each entry defines a protocol, local IP address and port to bind to.

Format: proto-value;local-ip-value;local-port-value

proto-value: udp | tcp | tls | ws | wss | c2c | c2cs

“ws” protocol defines WebSocket and “wss” the secure version. At least one WebSocket transport must be added to allow the web browser to connect to the server. The other protocols (tcp, tls and udp) are used to forward the request from the web browser to the SIP-legacy network. “C2c” and “c2cs” are used for the click-to-call service and runs on top of HTTP or HTTPS protocols respectively.

local-ip-value: Any valid IP address. Use star (*) to let the server choose the best local IP address to bind to. Examples: udp;*;5060 or ws;*;5061 or wss;192.168.0.10;5062

local-port-value: Any local free port to bind to. Use star (*) to let the server choose the best free port to bind to. Examples: udp;*;*, ws;*;*, wss;*;5062

<enable-rtp-symetric />

Format: enable-rtp-symetric-value

enable-rtp-symetric-value: yes | no

Available since: 2.1.0

This option is used to force symmetric RTP and RTCP streams to help NAT and firewall traversal. It only applies on remote RTP/RTCP as local stream is always symmetric. If both parties (remote and local) have successfully negotiated ICE candidates then, none will be forced to use symmetric RTP/RTCP.

An RTP/RTCP stream is symmetric if the same port is used to send and receive packets. This helps for NAT and firewall traversal as the outgoing packets open a pinhole for the ongoing ones.

Let’s imagine you have a server on public network and a client on private network:

1. Server: Public IP address is 1.1.1.1

2. Client: Private IP address is 2.2.2.2 and public IP address is 1.1.1.2

3. The SDP from the client to the sever will contain client’s private IP address (2.2.2.2) which is not reachable

4. The RTP/RTCP packets from the client to the server will be received with source IP address equal to the client’s public IP address (1.1.1.2)

5. If <enable-rtp-symetric /> option is used then, the server will send RTP/RTCP packets to 1.1.1.2 (learnt from the received packets) instead of 2.2.2.2 which is private.

<enable-100rel>

Format: enable-100rel-value

enable-100rel-value: yes|no

Indicates whether to enable SIP 100rel extension.

<enable-media-coder />

Format: enable-media-coder-value

enable-media-coder-value: yes|no

Indicates whether to enable the Media Coder module or not. This option requires the RTCWeb Breaker to be enabled at the web browser level. When the Media Coder is enabled the gateway acts as a b2bua and both audio and video streams are transcoded if the remote peers don’t share same codecs.

<enable-videojb />

Format: enable-videojb-value

enable-videojb-value : yes | no

This option is only useful if the RTCWeb Breaker module is enabled at the web browser side. Enabling video jitter buffer gives better quality and improve smoothness. No RTCP-NACK messages will be sent to request dropped RTP packets if this option is disabled.

<video-size-pref />

Format: video-size-pref-value

video-size-pref-value: sqcif | qcif | qvga | cif | hvga | vga | 4cif | svga | 480p | 720p | 16cif | 1080p

Available since: 2.1.0

This option defines the preferred video size to negotiate with the peers. There is no guarantee that the exact size will be used: video size to use = Min (Preferred, Proposed);

<rtp-buffsize />

Format: rtp-buffsize-value

rtp-buffsize-value: Any positive 32 bits integer value. Recommended: 65535.

Code usage:

setsockopt(SOL_SOCKET, SO_RCVBUF, rtp-buffsize-value);

setsockopt(SOL_SOCKET, SO_SNDBUF, rtp-buffsize-value);

Defines the internal buffer size to use for RTP sockets. The higher this value is, the lower will be the RTP packet loss. Please note that the maximum value depends on your system (e.g. 65535 on Windows). A very high value could introduce delay on video stream and it’s highly recommended to also enable videojb option.

<avpf-tail-length />

Format: avpf-tail-length-min;avpf-tail-length-max

avpf-tail-length-min: Any positive 32 bits integer

avpf-tail-length-max: Any positive 32 bits integer

Defines the minimum and maximum tail length used to honor RTCP-NACK requests. This option require the Media Breaker module to be enabled on the web browser size. The higher this value is, the better will be the video quality. The default length will be equal to the minimum value and it’s up to the server to increase this value depending on the number of unrecoverable packet loss. The final value will be at most equal to the maximum defined in the xml file. Unrecoverable packet loss occures when the b2bua receive an RTCP-NACK for a sequence number already removed (very common when network RTT is very high or bandwidth very low).

<srtp-mode />

Format: srtp-mode-value

srtp-mode-value: none | optional | mandatory

Defines the SRTP mode to use for negotiation when the RTCWeb Breaker is enabled. Please note that only optional and mandatory modes will work when the call is to a WebRTC endpoint.

Based on the mode, the SDP for the outgoing INVITEs will be formed like this:

none: pofile = RTP/AVP ||| neither crypto lines or certificate fingerprints

optional: profile = RTP/AVP ||| two crypto lines if <srtp-type /> includes ‘SDES’ plus certificate fingerprints if <srtp-type /> include ‘DTLS’.

mandatory: profile = RTP/SAVP if <srtp-type /> is eaqual to ‘SDES’ or UDP/TLS/RTP/SAVP if <srtp-type /> is equal to ‘DTLS’ ||| two crypto lines if <srtp-type /> is eaqual to ‘SDES’ or certificate fingerprints if <srtp-type /> is equal to ‘DTLS’

<srtp-type />

Format: srtp-type-value; (srtp-type-value)*

srtp-type-value: sdes | dtls

Available since: 2.1.0

Defines the list of all supported SRTP types. Defining multiple values only make sense if the <srtp-mode /> value is optional which means we want to negotiate the best one.

Please note that DTLS-SRTP requires valid TLS certificates and source code must be compiled with OpenSSL version 1.0.1 or later.

<dtmf-type />

Format: dtmf-type-value

dtmf-type-value: rfc4733 | rfc2833

Available since: 2.4.0

Defines the DTMF type to use when relaying the digits. Requires the RTCWeb Breaker to be enabled. rfc4733 will sends the DTMF digits using RTP packets while rfc2833 uses SIP INFO.

<codecs />

Format: codec-name (; codec-name)*

codec-name: pcma|pcmu|amr-nb-be|amr-nb-oa|speex-nb|speex-wb|speex-uwb|g729|gsm|g722|ilbc|h264-bp|h264-mp|vp8|h263|h263+|theora|mp4v-es

Defines the list of all supported codecs. Only G.711 is natively supported and all other codecs have to be enabled when building the Doubango IMS Framework source code.

<nameserver />

Format: nameserver-value

nameserver-value: Any IPv4 or IPv6 address.

Defines additional entries for DNS servers to use for SRV and NAPTR queries. Please note that this option is optional and should be used carefully.

On Windows and OS X the server will automatically load these values using APIs provided by the OS. On linux, the values come from /etc/resolv.conf. The port must not be defined and the gateway will always use 53.

<ssl-certificates />

Format: private-key-value;public-key-value;cacert-key-value; verify-value

private-key-value: A valid path to a PEM file.

public-key-value: A valid path to a PEM file.

cacert-key-value: A valid path to a certificate autority file. Should be equal to *.

Verify-value: Yes | No. This additional option is only available since version 2.1.0. It indicates whether the connection should fail if the remote peer certificate are missing or do not match.This option only applies to TLS/SIP or WSS and is useless for DTLS-SRTP as certificates are required.

Code usage:

SSL_CTX_use_PrivateKey_file(ssl_ctx, private-key-value, SSL_FILETYPE_PEM);

SSL_CTX_use_certificate_file(ssl_ctx, public-key-value, SSL_FILETYPE_PEM);

SSL_CTX_load_verify_locations(ssl_ctx, cacert-key-value, CaPath);

<database />

Format: db-type-value;db-connection-info-value

Available since: 2.3.0

db-type-value: sqlite | mysql. For now only “sqlite” is supported.

db-connection-info-value: A valid path to the database file if an embeded db is used (e.g. sqlite), otherwise it’s an escaped connection string. Use star (*) to let the server use a default value.

For now this configuration entry is only used for the click-to-call service.

<account-mail />

Format: scheme-value;local-ip-value;local-port-value;smtp-host-value;smtp-port-value;email-value;auth-name-value;auth-pwd-value

Available since: 2.3.0

scheme-value: smtp | smtps

local-ip-value: A valid local host name or IP address to be used by the SMTP client. Use star (*) to let the server use the best value.

local-port-value: A valid local port number to be used by the SMTP client. Use star (*) to let the server use a random value.

smtp-host-value: A valid host name or IP address of the SMTP server.

smtp-port-value: A valid port of the SMTP server.

email-value: Email address used as sender.

auth-name-value: Authorization name used to authenticate to the SMTP server. Most probably same value as your email address (email-value).

auth-pwd-value: Password used to authenticate to the SMTP server.

The email account is used to send activation mails to the newly registed users.

<account-sip-caller />

Format: displayname-value;impu-value;impi-value;realm-value;password-value

Available since: 2.3.0

displayname-value: SIP account display name. Optional.

impu-value: Public Identity. Must be a valid SIP address (e.g. sip:003@example.org).

impi-value: Private Identity (a.k.a authorization name) for authentication. Most probably the user part of the Public Identity (e.g. 003).

realm-value: SIP domain name (e.g. example.org). Should be same as the domain name in the Public Identity.

password-value: SIP authentication password.

The SIP account callers are used to make calls to users by the click-to-call service. The callers in the config.xml file are globals (shared by all users) and are override when a user define one using the JSON API.

5Building source code

This section explains how to build the project using CentOS 64 but could be easily adapted for Linux, Windows or OS X.

webrtc2sip gateway depends on Doubango IMS Framework v2.0.

1. 1.Preparing the system 

sudo yum update

sudo yum install make libtool autoconf subversion git cvs wget libogg-devel

5.1Building Doubango IMS Framework

Doubango is an IMS framework and contains all signaling protocols (SIP, SDP, WebSocket…) and media engine (RTP stack, audio/video codecs…) required by webrtc2sip gateway.

The first step is to checkout Doubango 2.0 source code:

svn checkout http://doubango.googlecode.com/svn/branches/2.0/doubango doubango

1. 1.Building libsrtp 

libsrtp is required.

cvs -d:pserver:anonymous@srtp.cvs.sourceforge.net:/cvsroot/srtp co -P srtp

cd srtp

CFLAGS="-fPIC" ./configure --enable-pic && make && make install

1. 2.Building OpenSSL 

OpenSSL is required if you want to use the RTCWeb Breaker module or Secure WebSocket transport (WSS). OpenSSL version 1.0.1 is required if you want support for DTLS-SRTP.

This section is only required if you don’t have OpenSSL installed on your system or using version prior to 1.0.1 and want to enable DTLS-SRTP.

A quick way to have OpenSSL may be installing openssl-devel package but this version will most likely be outdated (prior to 1.0.1). Anyway, you can check the version like this: openssl version.

wget http://www.openssl.org/source/openssl-1.0.1c.tar.gz

tar -xvzf openssl-1.0.1c.tar.gz

cd openssl-1.0.1c

./config shared --prefix=/usr/local --openssldir=/usr/local/openssl && make && make install

1. 3.Building libspeex and libspeexdsp 

libspeex (audio codec) an libspeexdsp (audio processing and jitter buffer) are optional. It’s highly recommended to enable libspeexdsp.

wget http://downloads.xiph.org/releases/speex/speex-1.2beta3.tar.gz

tar -xvzf speex-1.2beta3.tar.gz

cd speex-1.2beta3

./configure --disable-oggtest && make && make install

1. 4.Building YASM 

YASM is only required if you want to enable VPX (VP8 video codec) or x264 (H.264 codec).

wget http://www.tortall.net/projects/yasm/releases/yasm-1.2.0.tar.gz

tar -xvzf yasm-1.2.0.tar.gz

cd yasm-1.2.0

./configure && make && make install

1. 5.Building libvpx 

Date: December 1, 2012.

libvpx adds support for VP8 and is optional but highly recommended if you want support for video when using Google Chrome or Mozilla Firefox.

git clone http://git.chromium.org/webm/libvpx.git

cd libvpx

./configure --enable-realtime-only --enable-error-concealment --disable-examples --enable-vp8 --enable-pic --enable-shared --as=yasm

1. 6.Building libyuv 

libyuv is optional. Adds support for video scaling and chroma conversion.

mkdir libyuv && cd libyuv

svn co http://src.chromium.org/svn/trunk/tools/depot_tools .

./gclient config http://libyuv.googlecode.com/svn/trunk

./gclient sync && cd trunk

make -j6 V=1 -r libyuv BUILDTYPE=Release

make -j6 V=1 -r libjpeg BUILDTYPE=Release

cp out/Release/obj.target/libyuv.a /usr/local/lib

cp out/Release/obj.target/third_party/libjpeg_turbo/libjpeg_turbo.a /usr/local/lib

mkdir --parents /usr/local/include/libyuv/libyuv

cp -rf include/libyuv.h /usr/local/include/libyuv

cp -rf include/libyuv/*.h /usr/local/include/libyuv/libyuv

1. 7.Building opencore-amr 

opencore-amr is optional. Adds support for AMR audio codec.

git clone git://opencore-amr.git.sourceforge.net/gitroot/opencore-amr/opencore-amr

autoreconf --install && ./configure && make && make install

1. 8.Building libgsm 

libgsm is optional. Adds support for GSM audio codec.

wget http://www.quut.com/gsm/gsm-1.0.13.tar.gz

tar -xvzf gsm-1.0.13.tar.gz

cd gsm-1.0-pl13 && make && make install

#cp -rf ./inc/* /usr/local/include

#cp -rf ./lib/* /usr/local/lib

1. 9.Building g729 

G729 is optional. Adds support for G.729 audio codec.

svn co http://g729.googlecode.com/svn/trunk/ g729b

cd g729b

./autogen.sh && ./configure --enable-static --disable-shared && make && make install

1. 10.Building iLBC 

iLBC is optional. Adds support for iLBC audio codec.

svn co http://doubango.googlecode.com/svn/branches/2.0/doubango/thirdparties/scripts/ilbc

cd ilbc

wget http://www.ietf.org/rfc/rfc3951.txt

awk -f extract.awk rfc3951.txt

./autogen.sh && ./configure

make && make install

1. 11.Building x264 

Date: December 2, 2012

x264 is optional and adds support for H.264 video codec (requires FFmpeg).

wget ftp://ftp.videolan.org/pub/x264/snapshots/last_x264.tar.bz2

tar -xvjf last_x264.tar.bz2

# the output directory may be difference depending on the version and date

cd x264-snapshot-20121201-2245

./configure --enable-static --enable-pic && make && make install

1. 12.Building FFmpeg 

Date: December 2, 2012

FFmpeg is optional and adds support for H.263, H.264 (requires x264) and MP4V-ES video codecs.

git clone git://source.ffmpeg.org/ffmpeg.git ffmpeg

cd ffmpeg

# grap a release branch

git checkout n1.2

./configure \

--extra-cflags="-fPIC" \

--extra-ldflags="-lpthread" \

\

--enable-pic --enable-memalign-hack \

--enable-shared --disable-static \

--disable-network --disable-protocols --disable-pthreads \

--disable-devices --disable-filters --disable-bsfs --disable-muxers --disable-demuxers --disable-parsers --disable-hwaccels \

--disable-ffmpeg --disable-ffplay --disable-ffserver \

--disable-encoders --disable-decoders \

--disable-zlib \

\

--enable-gpl \

\

--disable-debug \

\

--enable-encoder=h263 --enable-encoder=h263p --enable-decoder=h263 \

\

--enable-encoder=mpeg4 --enable-decoder=mpeg4 \

\

--enable-libx264 --enable-encoder=libx264 --enable-decoder=h264

make && make install

1. 13.Building Doubango 

Minimal build

cd doubango && ./autogen.sh && ./configure --with-ssl --with-srtp

make && make install

Recommended build

cd doubango && ./autogen.sh && ./configure --with-ssl --with-srtp --with-speexdsp --enable-speexjb --with-ffmpeg --with-h264

make && make install

Full build

cd doubango && ./autogen.sh && ./configure --with-ssl --with-srtp --with-vpx --with-yuv --with-amr --with-speex --with-speexdsp --enable-speexresampler --enable-speexjb --enable-speexdenoiser --with-gsm --with-ilbc --with-g729 --with-ffmpeg --with-h264

make && make install

5.2Building webrtc2sip

webrtc2sip depends on Doubango IMS Framework v2.0 and libxml2.

The first step is to checkout the source code:

svn co http://webrtc2sip.googlecode.com/svn/trunk/ webrtc2sip

1. 4.Installing libxml2 

yum install libxml2-devel

1. 5.Building webrtc2sip 

export PREFIX=/opt/webrtc2sip

# use --with-doubango=PATH to set path to the doubango installation (‘lib’ and ‘include’ folders).

cd webrtc2sip && ./autogen.sh && ./configure --prefix=$PREFIX

make clean && make && make install

cp -f ./config.xml $PREFIX/sbin/config.xml

5.3Running webrtc2sip

Running webrtc2sip is as easy as executing “webrtc2sip” binary file. Please note that it requires a valid configuration file. The default configuration file should be named “config.xml” and placed in the same folder as “webrtc2sip”.

5.3.1Command line arguments

For more information on supported command line arguments, please execute webrtc2sip --help.

6Interoperability

This section contains good tips to help you to debug some issues you can find when you’re trying to make/receive calls to/from well-known SIP clients or servers using a web browser. Please note that if your preferred web browser is Google Chrome then, we highly recommend using the STABLE version.

6.1Servers

This section explains know issues and how to tackle them.

6.1.1Asterisk

Date: November 29, 2012

There are some issues (on both Asterisk and Chrome) to get both way audio and video when using Google Chrome stable. There are two solutions.

1. 1.Patching Asterisk: This is only recommended if you’re a developer and trying to learn new cool features. Please note that this will not allow video to flow as Asterisk doesn’t support VP8. For more information on how to patch Asterisk, visit http://code.google.com/p/sipml5/wiki/Asterisk 

2. 2.Enabling the RTCWeb Breaker: This is the recommended solution and it allows both audio and video to flow. Video stream will flow even if the web browser and the SIP client/server do not share the same codecs (thanks to the Media Coder module). 

6.1.2FreeSWITCH

The problem here is that FreeSWITCH do not support ICE and some other mandatory RTCWeb features. Enabling the RTCWeb Breaker module (web browser side) is enough to fix the issue.

6.2Web Browsers

6.2.1Google Chrome

Date: November 29, 2012

We highly recommend using the STABLE version for your tests. Please note that we don’t provide any kind of help or support if you’re using the DEV or CANARY versions.

1. 6.Chrome uses SAVPF profile. The S is for secure (SRTP) and the F for feedbacks (RFC 4585). If one of these features is not supported by the remote SIP client/server then you have to enable the RTCWeb Breaker module (web browser side). 

2. 7.Chrome only includes VP8 video codec which is not supported by most of SIP clients/servers (e.g. xlite, Asterisk…). If your SIP client/server supports H.264, H.263, Theora or MP4V-ES then, you have to enable both the RTCWeb Breaker (web browser side) and Media Coder (server side) modules to have video. Please note that the Media Coder module will most likely not be enabled on the sipml5.org hosted servers. 

6.2.2Firefox Nightly

Date January 14, 2012

Right now only Nightly version of Firefox natively supports RTCWeb. The latest version known to work is 21.0a1 (2013-01-12). Please also note that there is a known issue on DTLS-SRTCP decoding (check issue 194 for more information).

The RTCWeb implementation in Firefox Nightly uses DTLS-SRTP while Chrome uses SDES-SRTP which means you need to enable the RTCWeb Breaker module to make calls from one browser to another.

6.2.3Firefox, Safari, IE and Opera

Date: November 29, 2012

--This section intentionally left blank--

6.2.4Ericsson Bowser

Date: November 29, 2012

Ericsson Bowser does not support Secure RTP (SRTP) and only include H.264 video codec. Bowser can talk to most of SIP clients but is not compatible with Canary or any RTCWeb client.

Enabling the RTCWeb Breaker (browser side) will allow Bowser to talk to Chrome for audio only as G.711 is a common codec but video requires the Media Coder to be enabled (server side).

6.3JavaScript SIP stacks

Date: November 29, 2012

--This section intentionally left blank--

7Security issues

When the RTCWeb Breaker module is enabled on the client side (web browser) then, the server will act as a b2bua for all incoming and outgoing INVITEs to this web browser. Please note that this only apply to the SIP account tied to this particular web browser. Acting as a b2bua means the server will generate a completely new request for each INVITE. The new INVITE request from the b2bua could be challenged (SIP 401/407 response) by the remote SIP-legacy network which means the b2bua must have the SIP account credentials. Instead of sending the username and password to the b2bua we transmit an authentication token (HA1). Off course there is no possibility to retrieve the password from the token but it’s highly recommended not to allow any intermediate node to intercept it and this is why sipML5 automatically use secure websocket (WSS) when RTCWeb Breaker is enabled.

HA1 = MD5(username:realm:password)

INVITE sip:1061@sip2sip.info SIP/2.0

Via: SIP/2.0/WSS df7jal23ls0d.invalid;branch=z9hG4bK1tvqE4UJ9VNwxbRNKODUvXQeoDUPL

w2W;rport

From: <sip:13131313@sip2sip.info>;tag=JA2uxtI28xUAM4ZyForT

To: <sip:1061@sip2sip.info>

Contact: "13131313"<sip:13131313@df7jal23ls0d.invalid;rtcweb-breaker=yes;transpo

rt=wss>;impi=13131313;ha1=050a0170e77b5d345388598f70d2d1bf;+sip.ice

Call-ID: e7c9abfc-67ce-3192-75e6-4429cbdf2626

CSeq: 9517 INVITE

The above INVITE request is received from the web browser when RTCWeb Breaker module is enabled. The b2bua will not include the HA1 parameter when making a new INVITE to the SIP-legacy network even if a secure transport (e.g. DTLS or TLS) is used to forward it.