SSDP for device discovery - embedded

I am developing a hardware device that should be automatically discovered in Windows, so I prefer to do it through SSDP instead of mDNS (Zeroconf, etc.) to avoid to force users to install its support applications.
I just need that the device appears in the network in Windows Explorer, and clicking on it to open the default browser using the device IP address in the URL. I've already made the code (answering in unicast to multicast M-SEARCH requests and sending NOTIFY messages on boot and periodically), I can see the messages in Wireshark on the Windows PC but the device still doesn't appear in the explorer network folder, and I can see there other devices like my printer, TV, media player, etc, and I see their messages also on Wireshark.
I'm searching for some advice in the content of the notify and response messages, and also in the xml file with the device profile for such a simple device - I just want to advertise that the device has a webserver on its IP address.
These are the messages that I'm sending:
In multicast:
NOTIFY * HTTP/1.1
HOST: 239.255.255.250:1900
CACHE-CONTROL: max-age=100
NT: upnp:rootdevice
USN: uuid:c5baf4a1-0c8e-44da-9714-ef0123411223::upnp:rootdevice
NTS: ssdp:alive
SERVER: NodeMCU/20150415 UPnP/1.1 xpto/0.1
Location: http://192.168.3.246/deviceprofile.xml
In unicast as a reply to the M-SEARCH:
HTTP/1.1 200 OK
Cache-Control: max-age=100
EXT:
SERVER: NodeMCU/20150415 UPnP/1.1 xpto/0.1
ST: upnp:rootdevice
USN: uuid:c5baf4a1-0c8e-44da-9714-ef0123411223
Location: http://192.168.3.246/deviceprofile.xml
deviceprofile.xml:
<?xml version='1.0'?>
<root xmlns='urn:schemas-upnp-org:device-1-0'>
<device>
<deviceType>urn:schemas-upnp-org:device:Basic:1</deviceType>
<presentationURL>http://192.168.3.246/</presentationURL>
<friendlyName>Remote control</friendlyName>
<manufacturer>xpto.com</manufacturer>
<manufacturerURL>http://xpto.com/</manufacturerURL>
<serialNumber>10275488</serialNumber>
<UDN>uuid:c5baf4a1-0c8e-44da-9714-ef0123411223</UDN>
<serviceList>
<service>
<serviceType>urn:schemas-upnp-org:service:Basic:1</serviceType>
<serviceId>urn:upnp-org:serviceId:1</serviceId>
</service>
</serviceList>
</device></root>
Anything else needed in order for the device to show up in the windows explorer network folder?
Thanks in advance
Fernando

Your deviceprofile.xml is not well formed according to UPnP Specification.
Other element is needed under<service> tag. Also, urn:schemas-upnp-org:service:Basic:1 is illegal, you need to change to UPnP pre-defined or customise under your own namespace. An example could be:
<service>
<serviceType>urn:schemas-upnp-org:service:XXXX:1</serviceType>
<serviceId>urn:upnp-org:serviceId:1</serviceId>
<SCPDURL>URL to service description.xml</SCPDURL>
<controlURL>URL for control</controlURL>
<eventSubURL>URL for eventing</eventSubURL>
</service>
You can check: Part2.3 of
http://upnp.org/specs/arch/UPnP-arch-DeviceArchitecture-v1.1.pdf

Related

How do I configure apache-traffic-server to forward an http request to an https remote server?

I have an esp8266 which was directly sending http requests to http://fcm.googleapis.com/fcm/send but since google seems have stopped allowing requests to be send via http, I need to find a new solution.
I started down a path to have the esp8266 directly send the request via https and while it works on a small example the memory footprint required for the https request is to much in my full application and I end up crashing the esp8266. While there are still some avenues to explore that might allow me to continue to directly send messages to the server, I think I would like to solve this by sending the request via http to a local "server" raspberry pi, and have that send the request via https.
While I could run a small web server and some code to do handle the requests, it seems like this is exactly something traffic-server should be able to do for me.
I thought this should be a one liner. I added the following the the remap.config file.
redirect http://192.168.86.77/fcm/send https://fcm.googleapis.com/fcm/send
where 192.168.86.77 is the local address of my raspberry pi.
When I send requests to http://192.168.86.77/fcm/send:8080 I get back the following:
HTTP/1.1 404 Not Found
Date: Fri, 20 Sep 2019 16:22:14 GMT
Server: Apache/2.4.10 (Raspbian)
Content-Length: 288
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /fcm/send:8080 was not found on this server.</p>
<hr>
<address>Apache/2.4.10 (Raspbian) Server at localhost Port 80</address>
</body></html>
I think 8080 is the right port.
I am guessing this is not the one liner I thought it should be.
Is this a good fit for apache-traffic-controller?
Can someone point me to what I am doing wrong and what is the right way to accomplish my goal?
Update:
Based on Miles Libbey answer below, I needed to make the following update to the Arduino/esp8266 code.
Change:
http_.begin("http://fcm.googleapis.com/fcm/send");
To:
http_.begin("192.168.86.77", 8080, "http://192.168.86.77/fcm/send");
where http_ is the instance of the HTTPClient
And after installing trafficserver on the my raspberry pi, I needed to add the following two lines to the /etc/trafficserver/remap.config
map http://192.168.86.77/fcm/send https://fcm.googleapis.com/fcm/send
reverse_map https://fcm.googleapis.com/fcm/send http://192.168.86.77/fcm/send
Note the reverse_map line is only needed if you want to get feedback from fcm, ie if the post was successful or not.
I would try a few changes:
- I'd use map:
map http://192.168.86.77/fcm/send https://fcm.googleapis.com/fcm/send instead of redirect. The redirect is meant to send your client a 301, and then your client would follow it, which sounds like it'd defeat your purpose. map should have ATS do the proxying.
- I think your curl may have been off -- the port usually goes after the domain part -- eg, curl "http://192.168.86.77:8080/fcm/send". (and probably better:
curl -x 192.168.86.77:8080 "http://192.168.86.77:8080/fcm/send", so that the port isn't part of the remapping.

Timeout during allocate while making RFC call

I am trying to create a SAP RFC connection to a new system.
AFAIK the firewall (in this case to port 3321) is open.
I get this message at the client:
RFC_COMMUNICATION_FAILURE (rc=1): key=RFC_COMMUNICATION_FAILURE, message=
LOCATION SAP-Gateway on host ax-swb-q06.prod.lokal / sapgw21
ERROR timeout during allocate
TIME Thu Jul 26 16:45:48 2018
RELEASE 753
COMPONENT SAP-Gateway
VERSION 2
RC 242
MODULE /bas/753_REL/src/krn/si/gw/gwr3cpic.c
LINE 2210
DETAIL no connect of TP sapdp21 from host 10.190.10.32 after 20 sec
COUNTER 3
[MSG: class=, type=, number=, v1-4:=;;;]
And this message on the SAP server
Any clue what needs to be done, to get RFC working?
With this little info no one can know what the issue is here.
But it is something related to your network and SAP system configuration.
I guess your firewall does some network address translation (NAT) and the new IP behind the firewall does not match anymore with the known one. SAP is doing some own IP / host name security checks.
If not already done, check with opening the ports 3221, 3321 and 4821 in the firewall. Also check the SAP gateway configuration which IP addresses and host names are configured to be valid ones for it (look at what is traced in the beginning of the gateway trace file dev_rd at ABAP side).
Also consider if maybe the usage of a SAProuter would be the better option for your needs.
it works in my case if ashost is the host name, and not an IP address!
Do not ask me why, but this fails:
Connection(user='x', passwd='...', ashost='10.190.10.32', sysnr='21', client='494')
But this works:
Connection(user='x', passwd='...', ashost='ax-swb-q06.prod.lokal', sysnr='21', client='494')
This is strange, since DNS resolution happens before TCP communication.
It seems that the ashost value gets used inside the connection. Strange. For most normal protocols (http, ftp, pop3, ...) this does not matter. Or you get at least a better error message.

FusionPBX Inbound Route ACL Error Can't Find User

i've changed my sip providers ip to MY.SIP.PROV.IP and their domain to MYSIPPROVIDER.COM and also my phone number to XXXXXXXXXX....
This is the CLI log. I'm able to dial out but I cannot get inbound routes working... Any help is appreciated.
Main part I'm not understanding:
2016-03-09 22:59:50.981898 [DEBUG] sofia.c:9124 IP MY.SIP.PROV.IP Rejected by acl "domains". Falling back to Digest auth.
Second Part....
2016-03-09 22:59:50.981898 [WARNING] sofia_reg.c:2852 Can't find user [#MYSIPPROVIDER.COM] from MY.SIP.PROV.IP
You must define a domain called 'MYSIPPROVIDER.COM' in your directory and add a user with the id="" attribute
and you must configure your device to use the proper domain in it's authentication credentials.
2016-03-09 22:59:50.981898 [WARNING] sofia_reg.c:1703 SIP auth failure (INVITE) on sofia profile 'internal' for [XXXXXXXXXX#MYSIPPROVIDER.COM] from ip MY.SIP.PROV.IP
If you look at the vars.xml file (located in /etc/freeswitch/vars.xml if you installed from the FreeSWITCH package) you'll see two relevant settings..
<X-PRE-PROCESS cmd="set" data="internal_sip_port=5060"/>
<X-PRE-PROCESS cmd="set" data="external_sip_port=5080"/>
In short, if a SIP packet is sent to your FreeSWITCH box on port 5080, it get's routed to the /etc/freeswitch/dialplan/public.xml file. Which, if you installed from package, also includes any .xml in /etc/freeswitch/dialplan/public/ using the line..
<X-PRE-PROCESS cmd="include" data="public/*.xml"/>
Otherwise, if you receive a packet on port 5060 of your FreeSWITCH box it gets treated as an 'internal' call. These get treated a little differently. If you're using default/example configuration, one of the differences is the FreeSWITCH ACL or 'Access Control List'.
Basically, any call made to 5060 will be parsed by the ACL. Which you can perceive as a sort of firewall. If it doesn't match a rule in there, FreeSWITCH refuses it with the error.
2016-03-09 22:59:50.981898 [DEBUG] sofia.c:9124 IP MY.SIP.PROV.IP Rejected by acl "domains". Falling back to Digest auth.
And this part...
2016-03-09 22:59:50.981898 [WARNING] sofia_reg.c:2852 Can't find user [#MYSIPPROVIDER.COM] from MY.SIP.PROV.IP
You must define a domain called 'MYSIPPROVIDER.COM' in your directory and add a user with the id="" attribute
and you must configure your device to use the proper domain in it's authentication credentials.
...is being generated by this part of the ACL config...
<list name="domains" default="deny">
<node type="allow" domain="$${domain}"/>
</list>
...Take not of the "Allow any SIP packet where the 'domain' (eg the #mysipprovider.com part of the SIP URI) is part of a user defined in the 'FreeSWITCH Directory'.
In short, the ACL is used as an added measure of authenticating INTERNAL DEVICES, in the context where FreeSWITCH is used as an 'internal PBX'.
You have two options..
Ask mysipprovider to route inbound SIP packets to port 5080, and then look at managing inbound calls via the default /etc/freeswitch/dialplan/public/00_inbound_did.xml file
Add a specific line in the ACL to approve calls from mysipprovider. Maybe something like..
..then type..
fs_cli -x 'reloadacl'
..to apply it.

WebRTC vs Asterisk 12 (With secure sockets) : No Audio

I am creating a project based on WebRTC and Asterisk. I'm forced tu use HTTPS, WSS, SRTP & DTLS, because new browser don't support non-secure connections ... etc
Asterisk 12.8.2
SipJS 0.7.3
Centos 6.7
Chrome 48.0.2
Self-signed certificate (for testing only)
Secure socket used between browser and Asterisk (wss://149.56.XX.XX:8089/ws)
Libsrtp (SRTP) & Pjproject installed
Asterisk server Directly connected to the Internet (Public IP)
Browser is behinf NAT
DTLS-SRTP
WebRTC javascript code located in the same server as Asterisk.
IP's:
Asterisk IP: 149.56.XX.XX
Browser Public IP: 67.212.XX.XX
Browser Local IP: 192.168.0.115
The signaling phase is correct, the peer is well connected to the server.
The aim is to listen to a Playback or Saydigits from Asterisk server. When I run the call, I see that all goes well (SIP and RTP), but no sound in the browser (The volume is up).
I searched on Google, in the forums, but no results .... is that it is a SRTP decryption problem?
Anyone tried this before?
SIP.CONF
[1060]
type=friend
username=1060
host=dynamic
secret=lookrtctest
encryption=yes
avpf=yes
icesupport=yes
context=outgoing
directmedia=no
transport=ws,wss
force_avp=yes
disallow=all
allow=ulaw
allow=alaw
dtlsenable=yes
dtlsverify=fingerprint
dtlscertfile=/etc/asterisk/keys/asterisk.pem
dtlscafile=/etc/asterisk/keys/ca.crt
dtlssetup=actpass
nat=yes,force_rport
Extensions.conf:
[outgoing]
exten => _X.,1,Noop(*** Start Call *** )
exten => _X.,n,Answer()
exten => _X.,n,Playback(vm-from)
exten => _X.,n,SayDigits(123456)
exten => _X.,n,Hangup()
RTP.conf:
[general]
rtpstart=10000
rtpend=20000
icesupport=yes
stunaddr=stun.l.google.com:19302
Http.conf:
[general]
enabled=yes
bindaddr=0.0.0.0
tlsenable=yes
tlsbindaddr=0.0.0.0:8089
tlsprivatekey=/etc/asterisk/keys/asterisk.pem
tlscertfile=/etc/asterisk/keys/asterisk.pem
RTP traces
Sip Traces
Wireshark traces

Google CCS (GCM) - project not whitelisted

I'm trying to get the Python code working that I found on:
http://developer.android.com/google/gcm/ccs.html
I've change the first 2 rows with (I think) the correct data.
The projectnr and api key is fake, it's just to show you how it almost looks.
import sys, json, xmpp
SERVER = ('gcm.googleapis.com', 5235)
USERNAME = '489713985816'
PASSWORD = 'AIzd237jjN_iT7yRxLWiHRreqax45XaMJQ6VJ98'
I've created a google api project (tried it with 2 different projects).
Activated GCM.
Copied the following:
Project Number: 489713985816
API key : AIzd237jjN_iT7yRxLWiHRreqax45XaMJQ6VJ98
Tried the code with a Key for server, and a key for browser apps, both with and without a specific IP address.
When I execute the code with #python ccs.py I get the following result:
If this is my problem, how do I get my project whitelisted?
Invalid debugflag given: socket
DEBUG:
DEBUG: Debug created for /usr/lib/python2.7/dist-packages/xmpp/client.py
DEBUG: flags defined: socket
DEBUG: socket start Plugging <xmpp.transports.TCPsocket instance at 0x1ea2950>
into <xmpp.client.Client instance at 0x1ea27a0>
DEBUG: socket start Successfully connected to remote
host ('gcm.googleapis.com', 5235)
DEBUG: socket sent <?xml version='1.0'?>
<stream:stream xmlns="jabber:client" to="gcm.googleapis.com" version="1.0"
xmlns:stream="http://etherx.jabber.org/streams" >
DEBUG: socket got
<stream:stream from="gcm.googleapis.com" id="FD82304ADA8C8019" version="1.0"
xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client">
<stream:features>
<mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
<mechanism>X-OAUTH2</mechanism>
<mechanism>X-GOOGLE-TOKEN</mechanism>
<mechanism>PLAIN</mechanism>
</mechanisms>
</stream:features>
DEBUG: socket sent <auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl"
mechanism="PLAIN">MjgzMVqTl9p\nVDdUTZWSjk4\n</auth>
DEBUG: socket got <failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
<temporary-auth-failure/>
<text xmlns="urn:ietf:params:xml:ns:xmpp-stanzas">
Project 489713985816 not whitelisted.</text>
</failure>
</stream:stream>
Authentication failed!
you might wan't to try the following guide http://www.androidhive.info/2012/10/android-push-notifications-using-google-cloud-messaging-gcm-php-and-mysql/
I was having the same problem that you are but following this guide has helped me get my push notifications through without having to sign up to be whitelisted.
After 3 months of waiting, I've just received an email from a Google employee.
My GCM whitelist request has been approved.
Thank you Ashish.
Now, let the fun begin!
In the documentation, it is mentioned several times that to use Up-stream messaging, you need to ask authorization (be whitelisted).
You can do that here: https://services.google.com/fb/forms/gcm/
You can still use the old "Cloud to device" messaging. You can read more about this, including links to a sample project here.