Next
Previous
Contents
OpenH323 Gatekeeper - The GNU Gatekeeper
is an open-source project that implements an H.323 gatekeeper.
A gatekeeper provides call control services to the H.323 endpoints.
It is an integral part of most useful internet telephony
installations that are based on the H.323 standard.
According to Recommendation H.323, a gatekeeper shall provide the
following services:
- Address Translation
- Admissions Control
- Bandwidth Control
- Zone Management
- Call Control Signaling
- Call Authorization
- Bandwidth Management
- Call Management
The GNU Gatekeeper implements most of these functions
based on the
OpenH323
protocol stack.
Recommendation H.323 is an international standard published by the
ITU.
It is a communications standard for audio, video, and data over the Internet.
See also Paul Jones'
A Primer on the H.323 Series Standard.
For a detailed description of what a gatekeeper does, see
here.
It is covered by the
GNU General Public License (GNU GPL).
In addition to that, we explicitly grant
the right to link this code to the OpenH323 and OpenSSL library.
Generally speaking, the GNU GPL allows you to copy, distribute, resell or modify
the software, but it requires that all derived works must be published
under GNU GPL also.
That means that you must publish full source for all extensions to
the gatekeeper and for all programs you include the gatekeeper into.
See the file COPYING for details.
If that's not what you want, you must interface to the gatekeeper through
the status port and communicate via TCP with it.
That way you only have to integrate the basic functionality into
the gatekeeper (and provide source for that) and can keep other parts
of your application private.
The formal name of this project is
OpenH323 Gatekeeper - The GNU Gatekeeper,
short GnuGk.
Please don't confuse it with other gatekeeper projects.
There are several open-source gatekeeper projects based on the OpenH323 protocol stack.
To have different gatekeepers with very similar names is really
confusing for most users.
Since our "OpenH323 Gatekeeper" was the first on the scene,
it is not our fault that others have chosen similar names.
But to make the distinction a little more clear without confusing
people even more, we have decided to give the project a
subtitle "OpenH323 Gatekeeper - The GNU Gatekeeper" and start
using gnugk
as name for executables.
The version 2.2.4 contains the following new features and bugfixes:
- New call failover feature to retry failed calls on a different route.
- New Calling/CalledTypeOfNumber configuration variables in
RoutedMode
section and endpoint configuration.
FileIPAuth
modules extended to support prefixes.
- Firebird/Interbase driver for SQL modules.
- NAT support for unregistred callers.
- NumberAnalysis routing policy extended to support Setup messages.
- New
CapacityControl
module for controlling inbound traffic.
- Default
SignalTimeout
value increased from 15 to 30 seconds.
- New
StatusAcct
accounting module for the status port sponsored by Grupo Isec.
The version 2.2.3 contains the following new features and bugfixes:
- New
[RewriteCLI]
options to control CLIR features precisely.
- New CLIR/CLIP (Calling Line Identification Restriction/Presentation) features
in the
[RewriteCLI]
module. Ability to hide CLI (enable CLIR/CLIP) per endpoint.
- New
[RoutedMode] SocketCleanupTimeout
config variable. More reliable
socket management and better network error reporting.
- The
RewriteCLI
module rewrites outbound rules correctly for random
numbers separated by commas.
- Broadcast request are handled correctly in the LARGE_FDSET mode.
- New ENUM routing policy from Simon Horne.
- NetMeeting compatibility problems fixed.
- A new
[RasSrv::RRQFeatures] IRQPollCount
config variable. Default number
of "poll" IRQ messages changed from 2 to 1 to allow faster endpoint unregistration.
- Tunneled H.245 messages were not processed correctly (were ignored).
-
[FileIPAuth] module moved from the contrib
section into the main branch.
The version 2.2.2 contains the following new features and bugfixes:
- New CLI rewrite types - prefix replacement (*=) and identity match ( =).
- A new
TranslateFacility
config variable to enable Facility message conversion
between H.323v4 and previous versions of the protocol.
SignalTimeout
, AlertingTimeout
and %t, %p, %{ring-time}, %{alerting-time}
accounting variables ported from 2.0 branch. ConnectTimeout
config
variable replaced with SignalTimeout
and AlertingTimeout
.
- A new
%r
accounting variable to provide information about who
was the one that disconnected a call.
- A new, generic
SQLAuth module for RRQ, ARQ, LRQ
and Setup authentication and authorization.
- New --core command line argument to enable core dump generation for Unix.
- A new
Vendor
config variable for
[Endpoint]
section to provide vendor specific extensions when registering with a parent gatekeeper.
- LRQ nonStandardData field was not included for CiscoGK neighbors.
- New
[RewriteCLI] config section
that allows arbitrary rewriting of ANI/CLI numbers.
- New
numberanalysis routing policy.
- New FileIPAuth module in the contrib/ipauth directory.
- Call accounting updates/call disconnect handling is now more robust
and does not lock the whole call table and (effectively) the gatekeeper
for long time periods.
- Do not support multiple rewrite targets, as this feature does not work well
if rewrite is performed more than once.
- The gatekeeper could crash if the connection was closed before
the welcome message has been sent to the client.
- Different Username was reported during Setup auth
and acct step, if no sourceAddress has been present for an unregistered call.
- More missing config reload locks added to allow seamless config reload.
- A default value for the config variable
ForwardOnFacility
changed to 0
.
- Ability to encrypt all passwords in the config. A new
EncryptAllPasswords
config variable, KeyFilled
config variable usage extended.
- Ability to read config settings from an SQL database ported from 2.0 branch.
Read
[SQLConfig] for more details.
- Framed-IP-Address could not be determined for unregistered calls with
no Setup-UUIE.sourceCallSignalAddress field, causing authentication to fail.
- Provide proper handling of aliases of type partyNumber
(e164Number or privateNumber).
- A fix for RTP/Q931/H245/T120PortRange to correct a bug with port range
wraparound if the last port is 65535. This caused a next port to be set
to 0 and any subsequent port allocation to fail.
- Dynamic allocation of RTP ports did not work, use a fixed port range
1024-65535 as a default for the
RTPPortRange
config variable.
- Obsolete auth modules MySQLAliasAuth and MySQLPasswordAuth are now removed.
- SQL modules accept only one database host in the
Host
parameter.
The version 2.2.1 contains the following new features and bugfixes:
- Enhanced prefix matching for routing policies. A dot (
.
) matches any digit.
- Enhanced prefix matching for neighbors. A dot (
.
) matches any digit,
!
at the beginning disables the prefix.
- A missing lock during config reload caused the gatekeeper to crash.
- More reliable port number selection for Q.931, H.245, T.120 and RTP
port ranges (earlier, a config reload could cause many calls to fail
because of inability to allocate a new socket).
- Default value for RTPPortRange is now to let the OS select a port number.
- More flexible rewrite rules (both global and per-gw) with new '.' and '%'
wildcard characters.
- Enhanced prefix matching for gateways. A dot (
.
) matches any digit,
!
at the beginning disables the prefix.
- Insert missing Calling-Party-Number-IE/Display-IE if corresponding
Screen...
options are enabled.
- Shutdown the gatekeeper if there are errors in SQL auth/acct modules
configuration.
- Called-Station-Id number type can be selected between the original one
(dialed number) and the rewritten one. New
UseDialedNumber
config option
for
RadAuth/
RadAliasAuth
/
RadAcct modules, new %{Dialed-Number} variable
for
SQLAcct and
FileAcct modules.
- Ability to customize timestamp formats. New
TimestampFormat
config
variables for main,
[SqlAcct],
[RadAcct],
[FileAcct]
and
[CallTable] sections.
- RadAuth/RadAliasAuth modules can now add/remove endpoint aliases during
endpoint registration (using h323-ivr-in=terminal-alias: Cisco AV-Pair).
- New
TcpKeepAlive
option to solve the problem with network errors
and calls hanging in the call table. See docs/keepalive.txt for more
details.
- New status port
RouteToGateway
command.
The version 2.2.0 contains the following new features and bugfixes:
- New
RoundRobinGateways
config option.
- Call capacity limits and priority routing for gateways. New
EP::
config sections for per-endpoint configuration settings (see
Per-Endpoint Configuration Settings).
- RTP proxy handling moved to a separate RTP proxy threads, so processing
of signaling messages does not block RTP packets. New
RtpHandlerNumber
config option.
- REUSE_ADDRESS option enabled on listening sockets in non-LARGE_FDSET mode
to fix a bug with the gatekeeper being unable to open listening ports after
restart.
- Ability to set call destination in auth modules. RADIUS based call routing.
- Support for SqlBill tariff table import from an OpenOffice.org Calc spreadsheet.
- Fixed sourceInfo LRQ field handling - now it contains an H.323 identifier
of the gatekeeper. Nonstandard data and gatekeeperIdentifier fields are set
only when the neighbor is defined as GnuGk.
- Ability to set shared secrets for each radius server separately.
- New, much faster, Radius client implementation.
- Called-Party-Number-IE rewrite occurred too late, causing auth/acct modules
to receive the original number instead of the rewritten one.
- Fixed proxying of RTP packets, so RTP sockets are not closed on temporary
errors (like remote socket not yet ready). This bug affected especially
NAT traversal and situation, when audio was sent very early, when reverse
proxy path has not been yet established.
- Fixed handling of RRJ from an alternate GnuGk.
- New direct SQL accounting module (
[SQLAcct]).
- Handling multiple reply messages (RIP/LCF/LRJ) from neighbors fixed.
- Support for CallCreditServiceControl in RCF and ACF messages, which allows
reporting call duration limit and user's account balance to endpoints.
Currently RadAuth and RadAliasAuth modules support this feature.
- Log file rotation, new
LogFile
config section, new setlog
and rotatelog
status interface commands.
- Do not include an invalid access token (with null object identifier)
in LCF to prevent interoperability problems.
- Better handling of multiple calls over a single signaling channel
by setting multipleCalls and maintainConnection H.225.0 fields to FALSE
in all messages passing through the gatekeeper.
- Better User-Name, Calling-Station-Id and Called-Station-Id handling.
- IncludeEndpointIP flag for RadAuth, RadAliasAuth and RadAcct is obsolete,
these modules will always send Framed-IP-Address.
- New Gatekeeper::Auth flag SetupUnreg to toggle Q.931 Setup authentication
for unregistered endpoints only.
- New RADIUS h323-ivr-out=h323-call-id parameter that contains
an H.323 Call Identifier.
- The SQL billing from the contrib section can now authenticate users only
by their IP (ignoring User-Name) and has a new, more flexible tariff/rating
engine.
- RadAliasAuth can authenticate now Setup messages without sourceAddress
field present (it will use Calling-Party-Number instead).
- Better signal handling to prevent accidental gatekeeper crashes
(due to SIGPIPE, for example).
- CDR rotation per number of lines works correctly.
Of course, the major functions in version 2.0 are also included:
- The registration table and call record table are redesigned, thread-safe,
and very efficient. Support ten thousands of registrations and thousands of
concurrent calls.
- A new routed mode architecture that support H.225.0/Q.931 routed and
H.245 routed without forking additional threads. Thus the thread number
limit will not restrict the number of concurrent calls.
- Support H.323 proxy by routing all logical channels, including RTP/RTCP
media channels and T.120 data channels. Logical channels opened by H.245
tunneling and fast-connect procedure are also supported. In proxy mode,
there is no traffic between the calling and called parties directly. Thus
it is very useful if you have some endpoints using private IP behind an
NAT box and some endpoints using public IP outside the box.
- Support gatekeepers cluster by exchanging LRQ/LCF/LRJ (neighboring function).
If the destination of a received LRQ is unknown, the GnuGk can forward it
to next hop. Therefore the GnuGk can work as a directory gatekeeper.
- Support various authentication methods for selectable RAS requests, including
H.235 password (MD5, SHA-1 and CAT), IP pattern and prefixes matching.
- Support alternate gatekeepers for redundancy and load balancing. If the
GnuGk is overloaded, the endpoints can be redirected to other gatekeepers.
- Can work as an endpoint (gateway or terminal) by registering with a parent
gatekeeper. With this feature, building gatekeeper hierarchies is easily.
- Monitor and control the GnuGk via TCP status port, including registration
and call statistics.
- Output CDR(call detail record) to status port for backend billing system.
The CDR contains call identifier, calling and called IP, start and end time
and call duration.
- Most configurations are changeable at runtime. The GnuGk rereads the
configurations on receiving
reload
command via status port, or on
receiving HUP
signal (Unix platform).
The newest stable and a development version are available at
the download page.
The very latest source code is in the CVS at
Sourceforge
(
Web-GUI).
Beware - that's the bleeding edge.
You can also download some executables from
the download page.
There are two mailing list for the project, one for the developers and one for the users.
General user questions should be send to the
users mailing list. You can find the list archive
here.
To join this mailing list, click
here.
To report problems or submit bugs/patches, send mails to the
developers mailing list.
The list archive is
here. Please send user questions to the users mailing list and keep this list to development! If you want to contribute to the project, please
join the mailing list.
Note:
Please don't send your questions as private emails to individual developer.
We are usually busy. We would not like to be your private consultant,
unless you'd like to pay us.
Send your problems to the appropriate public mailing list so everybody
can help you.
Also please don't send the GnuGk specific problems to the OpenH323
mailing list, or vice verse.
They are different projects, though closely related.
Before you sending an email, make sure you have read the related documents
carefully. Describe your problems clearly and precisely. Show us the
error messages or logs if there is any.
The current project coordinator is
Jan Willamowius
<jan@willamowius.de>
The main features and functions of version 2.0 are contributed by
Chih-Wei Huang
<cwhuang@linux.org.tw>
and
Citron Network Inc.,
including thread-safe registration and call tables,
new routed mode architecture, H.323 proxy,
H.235 authentication and MySQL backend.
Michal Zygmuntowicz
<m.zygmuntowicz@onet.pl>
has done some great work on Radius support and other improvements.
The initial version of the gatekeeper has been developed by
Xiang Ping Chen, Joe Metzger and Rajat Todi.
Next
Previous
Contents