Major standards bodies including 3GPP, ITU-T, and ETSI have all adopted SIP as the core signalling protocol for services such as LTE , VoIP, conferencing, Video on Demand (VoD), IPTV (Internet Television), presence, and Instant Messaging (IM) etc. With the continous evolution of SIP as the defacto VoIP protocol , we need to underatdn the risk mitigartion practices around it .

I have written about VoIP and security in these blogs before

• Certificates , compliances and Security in VoIP which describes HIPPA , SOX, COPPA , CPNI , CDPR , CCPA , PDP, SPIT and FCC E911https://telecom.altanai.com/2020/01/20/certificates-compliances-and-security-in-voip/

For Security around web browser based calling via webrtc i have written

• Webrtc Security –https://telecom.altanai.com/2015/04/24/webrtc-security/ , which describes browser threat modal , access to local resource , Same Orogin Policy (SOP) and Cross Resource Sharing ( CORS) as well as Location sharing , ICE , TUEN and threats to privacy with screen sharing , microgone camera long term access and probable mid call attacks .
• Genric secrutity of web Application build around hosting platform of webrtc . https://telecom.altanai.com/2014/10/03/security-for-webrtc-applications/ . Includs concepts like Identity management , browser security – cross site security amd clickjacking , Authetication of devices and applications , Media Encryption and regex checking.

Also Written about VoIP security at protocl level with SRTP /DTLS using TLS https://telecom.altanai.com/2018/03/16/secure-communication-with-rtp-srtp-zrtp-and-dtls/ and specifically using avaialble pre added modules on kamailio SIP server https://telecom.altanai.com/2018/02/17/kamailio-security/ . It describes Sanity checks , ACL lists with permissions , hiding topology details , countering Flood using pike and Fail2Ban as well as Traffic monitoring and detection .

In this article we will cover types of attacks on SIP systems

Types of attacks on SIP based systems

Registration Hijacking

malicious registrations on registrar by a third party who modifies From header field of a SIP request.

exmaple implementation :
attacker de-registers all existing contacts for a URI
attacker can also register their own device as the appropriate contact address, thereby directing all requests for the affected user to him

solution – Autheticaion of user

Impersonating a Server

attacker impersonates the remote server
user’s request can now be intercepted by some other party
user’s request may be forwarded to insecure locations

solution –
confidentiality, integrity, and authentication of proxy servers
Proxy/redirect sever, and registrars SHOULD possess a site certificate issued by CA which could be validated by UA

Temparing Message bodies

If users are relying on SIP message bodies to communicate either of

• session encryption keys for a media session
• MIME bodies
• SDP
• encapsulated telephony signals
  Then the atackers on proxy server can modify the session key or can act as a man-in-the-middle and do eaves droppng

exmaple implementation :
attacker can point RTP media streams to a wiretapping device
can changes Subject header field to appear to users as spam

solution – end to end ecryption over TLS + Digest Authorization

mid-session threats like tearing down session

Request forging
attacker learns the params of the session like To , From tags etc then he can alter ongoing session parameters and even bring it down

example implementation :
attacker inserts a BYE in a ongoing session thereby tearing it down
can insert re INVITE and redierct the stream to wiretaping device

solution – authetication on every request
signing and encrypting of MIME bodies, and transference of credentials with S/MIME

Denial of Service and Amplification

DOS attacks – rendering a particular network element unavailable, usually by directing an excessive amount of network traffic at its interfaces.
dDOS – multiple network hosts to flood a target host with a large amount of network traffic.

Can be created by sending falsified sip requests to other parties such that numerous transactions originating in the backwards direction comes to the target server created congestion.

exmaple implementation :
attackers creates a falsified source IP address and a corresponding Via header field that identify a targeted host as the originator of the request. Then send this to large number of SIP network element . This geneerates DOS aimed at target.

attackers uses falsified Route header field values in a request that identify the target host and then send such messages to forking proxies that will amplify messaging sent to the target.

Flooding with register attacks can deplete available memory and disk resources of a registrar by registering huge numbers of bindings.
Flooding a stateful proxy server causes it to consume computational expense associated with processing a SIP transaction

Solution –
detect flooding and pike in traffic and use ipban to block
challenge questionable requests with only a single 401 (Unauthorized) or 407 (Proxy Authentication Required), forgoing the normal response retransmission algorithm, and thus behaving statelessly towards unauthenticated requests.

Security mchanisms

Full encryption vs hop by hop encrption

SIP mssages cannot be encrypted end-to-end in their entirety since
message fields such as the Request-URI, Route, and Via need to be visible to proxies in most network architectures
so that SIP requests are routed correctly.
proxy servers need to also update the message with via headers

Thus SIP uses low level security along with hop by hop encrption and auth headers to verify the identity of proxy servers

Transport and Network Layer Security

IPsec – used where set of hosts or administrative domains have an existing trust relationship with one another.

TLS – used where hop-by-hop security is required between hosts with no pre-existing trust association.

SIPS URI Scheme

Used as an address-of-record for a particular user, signifies that each hop over which the request is forwarded, must be secured with TLS

HTTP Authentication

Reuse of the HTTP Digest authentication via 401 and 407 response codes that implement challenge for autehtication
provides replay protection and one-way authentication.

S/MIME

allows SIP UAs to encrypt MIME bodies within SIP, securing these bodies end-to-end without affecting message headers.
provides end-to-end confidentiality and integrity for message bodies

nonce-count

provides replay protection

SIP over TLS

SIP messages can be secured using TLS. There is also TLS for Datagrams called DTLS.

Security of SIP signalling is different from security of protocols used in concert with SIP like RTP , RTCP. and that will be covered in later topics of this article.

TLS operation consists of two phases: handshake phase and bulk data encryption phase

Handshake phase

Prepare algorithm to be used during TLS session

Server Authentication

server sends its certificate to the client, which then verifies the certificate using a certificate authority’s (CA’s) public key.

Client Authentication

Server sends an additional CertificateRequest message to request the client’s certificate. The client responds with

1. Certificate message containing the client certificate with the client public key and
2. CertificateVerify message containing a digest signature of the handshake messages signed by clients private key

Server authenticates client by client’s public key , since only client holding correct private key can sign the message.

prepare the shared secret for bulk data encryption

client generate a pre_master_secret, and encrypt it using the server’s public key obtained from the server’s certificate. The server decrypts the pre_master_secret using its own private key.
Both the server and client then compute a master_secret they share based on the same pre_master_secret. The master_secret is further used to generate the shared symmetric keys for bulk data encryption and message authentication

Public key cryptographic operations such as RSA are much more expensive than shared key cryptography. This is why TLS uses public key cryptography to establish the shared secret key in the handshake phase, and then uses symmetric key cryptography with the negotiated shared secret as the data encryption key.

Stateless proxy servers do not maintain state information about the SIP session and therefore tend to be more scalable. However, many standard application functionalities, such as authentication, authorization, accounting, and call forking require the proxy server to operate in a stateful
mode by keeping different levels of session state information.

Steps :

1. The SIP proxy server enforces proxy authentication with
   407 Proxy Authentication Required challenge.
2. UAC provides credentials that verify its claimed identity (e.g., based on MD5 [34] digest algorithm) and retransmits in authorization header

Security of RTP

confidentiality protection of the RTP session and integrity protection of the RTP/RTCP packets requires source authentication of all the packets to ensure no man-in-the-middle (MITM) attack is taking place.

end to end media encryption – SRTP ( Secure RTP )

encodes the voice into encrypted IP packages and transport those via the internet from the transmitter  to receive

References

• The Impact of TLS on SIP Server Performance – Charles Shen† Erich Nahum‡ Henning Schulzrinne† Charles Wright , Department of Computer Science, Columbia University,IBM T.J. Watson Research Center

• Kamailio security – https://telecom.altanai.com/2018/02/17/kamailio-security/ .
• Secure Communication – https://telecom.altanai.com/2018/03/16/secure-communication-with-rtp-srtp-zrtp-and-dtls/

SIPp is an opensource (GNU GPL license) performance testing tool for the SIP protocol and is widely used for Quality assurabce of callflows in voip applications for UAC / UASs cenarios.

It can emulate functioing of a sip phone such as REGISTER , establishes and releases multiple calls with the INVITE and BYE methods , send other SIP requests and wait for reponses based on dafult of custom xml scenario files.

Plus factor is the dynamic display of statistics about running tests (call rate, round trip delay, and message statistics), periodic CSV statistics dumps, TCP and UDP over multiple sockets or multiplexed with retransmission management, regular expressions and variables in scenario files, and dynamically adjustable call rates.

sipp -sn uac -d 10000 -s 9876543210 127.0.0.1:5060  -l 10

It is widley used as aperformnace and load testing tool since it can test SIP equipements like SIP proxies, B2BUAs, SIP media servers, SIP/x gateways, and SIP PBXes and can also emulate thousands of user agents calling your SIP system.

More on SIPp scripts and various exmaples can be read from

https://github.com/altanai/kamailioexamples/tree/master/sipp

Installation

Pre-requisites to compile SIPp are:
– C++ Compiler
– curses or ncurses library
– For TLS support: OpenSSL >= 0.9.8
– For pcap play support: libpcap and libnet
– For SCTP support: lksctp-tools
– For distributed pauses: Gnu Scientific Libraries

sudo apt-get install dh-autoreconf ncurses-dev libssl-dev libpcap-dev libncurses5-dev libsctp-dev lksctp-tools

Either get source code from git

git clone https://github.com/SIPp/sipp.git
cd sipp
cmake . -DUSE_SSL=1 -DUSE_SCTP=1 -DUSE_PCAP=1 -DUSE_GSL=1
make

or download readymade tar , then extract and build with options like

tar -xvzf sipp-xxx.tar.gz
cd sipp
./configure --with-sctp --with-pcap --with-openssl
make

Building certs for TLS based sipp UAS server

make master dir for all certs

mkdir certs 
chmod 0700 certs
cd certs

Make CA folder, create cert and check

mkdir demoCA
cd demoCA
mkdir newcerts
echo '01' > serial
touch index.txt
openssl req -new -x509 -extensions v3_ca -keyout key.pem -out cert.pem -days 3650

Validation of the contents of certs ( optional )

openssl x509 -in cert.pem -noout -text
openssl x509 -in cert.pem -noout -dates
openssl x509 -in cert.pem -noout -purpose

Make domain folder and create the certs for the sip domain name from parent and check

cd ..
mkdir 10.10.10.10
openssl req -new -nodes -keyout key.pem -out req.pem
cd ..
openssl ca -days 730 -out 10.10.10.10/cert.pem -keyfile demoCA/key.pem -cert demoCA/cert.pem -infiles 10.10.10.10/req.pem

Verify the generated certificate for for SIP domain

openssl x509 -in 10.10.10.10/cert.pem -noout -text

Run sipp

sipp -sn uas -p 5077 -t l1 -tls_key /home/ubuntu/certs/10.10.10.10/key.pem  -tls_cert /home/ubuntu/certs/10.10.10.10/cert.pem  -i 10.10.10.10

Verify installation

Run sipp with embedded server (uas) scenario:

sipp -sn uas

On the same host, run sipp with embedded client (uac) scenario:

sipp -sn uac 127.0.0.1 -trace_msg -trace_err

output for server 

 # sipp -sn uas

------------------------------ Scenario Screen -------- [1-9]: Change Screen --

  Port   Total-time  Total-calls  Transport
  5060      32.95 s           61  UDP

0 new calls during 0.874 s period      1 ms scheduler resolution
  19 calls                               Peak was 41 calls, after 28 s
  0 Running, 63 Paused, 12 Woken up
  0 dead call msg (discarded)          
  3 open sockets                        

                             Messages  Retrans   Timeout   Unexpected-Msg

----------> INVITE             61        0         0         0 
<---------- 180                61        0                               <---------- 200                61        0         0                     ----------> ACK         E-RTD1 61        0         0         0               

----------> BYE                61        0         0         0        
   <---------- 200                61        0                            
   [   4000ms] Pause              61                            0        
 ------------------------------ Test Terminated --------------------------------

----------------------------- Statistics Screen ------- [1-9]: Change Screen --

  Start Time             | 2019-02-04    13:04:32.108663 1549265672.108663         
  Last Reset Time        | 2019-02-04    13:05:04.189720 1549265704.189720         
  Current Time           | 2019-02-04    13:05:05.065119 1549265705.065119         
-------------------------+---------------------------+--------------------------
  Counter Name           | Periodic value            | Cumulative value
-------------------------+---------------------------+--------------------------
  Elapsed Time           | 00:00:00:875000           | 00:00:32:956000          
  Call Rate              |    0.000 cps              |    1.851 cps             
-------------------------+---------------------------+--------------------------

  Incoming call created  |        0                  |       61                 

  OutGoi traceings 

———————————————– 2019-02-04 13:08:13.939148
UDP message sent (530 bytes):

INVITE sip:service@127.0.0.1:5060 SIP/2.0
 Via: SIP/2.0/UDP 192.x.x.x:5061;branch=z9hG4bK-52422-25-0
 From: sipp ;tag=52422SIPpTag0025
 To: service 
 Call-ID: 25-52422@192.x.x.x
 CSeq: 1 INVITE
 Contact: sip:sipp@192.x.x.x:5061
 Max-Forwards: 70
 Subject: Performance Test
 Content-Type: application/sdp
 Content-Length:   135

v=0
o=user1 53655765 2353687637 IN IP4 192.x.x.x
s=-
c=IN IP4 192.x.x.x
t=0 0
m=audio 6004 RTP/AVP 0
a=rtpmap:0 PCMU/8000

———————————————– 2019-02-04 13:08:13.939310
UDP message received [321] bytes :

SIP/2.0 180 Ringing
Via: SIP/2.0/UDP 192.x.x.x:5061;branch=z9hG4bK-52422-1-0
From: sipp ;tag=52422SIPpTag001
To: service ;tag=52416SIPpTag011
Call-ID: 1-52422@192.x.x.x
CSeq: 1 INVITE
Contact: 
Content-Length: 0

———————————————– 2019-02-04 13:08:13.939905
UDP message received [486] bytes :

SIP/2.0 200 OK
Via: SIP/2.0/UDP 192.x.x.x:5061;branch=z9hG4bK-52422-1-0
From: sipp ;tag=52422SIPpTag001
To: service ;tag=52416SIPpTag011
Call-ID: 1-52422@192.x.x.x
CSeq: 1 INVITE
Contact: 
Content-Type: application/sdp
Content-Length:   135

v=0
o=user1 53655765 2353687637 IN IP4 192.x.x.x
s=-
c=IN IP4 192.x.x.x
t=0 0
m=audio 6000 RTP/AVP 0
a=rtpmap:0 PCMU/8000

———————————————– 2019-02-04 13:08:13.940159
UDP message sent (371 bytes):

ACK sip:service@127.0.0.1:5060 SIP/2.0
Via: SIP/2.0/UDP 192.x.x.x:5061;branch=z9hG4bK-52422-1-5
From: sipp ;tag=52422SIPpTag001
To: service ;tag=52416SIPpTag011
Call-ID: 1-52422@192.x.x.x
CSeq: 1 ACK
Contact: sip:sipp@192.x.x.x:5061
Max-Forwards: 70
Subject: Performance Test
Content-Length: 0

~ RTP

———————————————– 2019-02-04 13:08:13.941658
UDP message sent (371 bytes):

BYE sip:service@127.0.0.1:5060 SIP/2.0
Via: SIP/2.0/UDP 192.x.x.x:5061;branch=z9hG4bK-52422-1-7
From: sipp ;tag=52422SIPpTag001
To: service ;tag=52416SIPpTag011
Call-ID: 1-52422@192.x.x.x
CSeq: 2 BYE
Contact: sip:sipp@192.x.x.x:5061
Max-Forwards: 70
Subject: Performance Test
Content-Length: 0

———————————————– 2019-02-04 13:08:13.952888
UDP message received [313] bytes :

SIP/2.0 200 OK
Via: SIP/2.0/UDP 192.x.x.x:5061;branch=z9hG4bK-52422-1-7
From: sipp ;tag=52422SIPpTag001
To: service ;tag=52416SIPpTag011
Call-ID: 1-52422@192.x.x.x
CSeq: 2 BYE
Contact: 
Content-Length: 0

Time

---------------------------- Repartition Screen ------- [1-9]: Change Screen --

  Average Response Time Repartition 1                                           

           0 ms <= n <        10 ms :        293                                
          10 ms <= n <        20 ms :          9                                
          20 ms <= n <        30 ms :          0                                
          30 ms <= n <        40 ms :          0                                
          40 ms <= n <        50 ms :          0                                
          50 ms <= n <       100 ms :          0                                
         100 ms <= n <       150 ms :          0                                
         150 ms <= n <       200 ms :          0                                
                   n >=      200 ms :          0                                

  Average Call Length Repartition                                               

           0 ms <= n <        10 ms :          0                                
          10 ms <= n <        50 ms :          0                                
          50 ms <= n <       100 ms :          0                                
         100 ms <= n <       500 ms :          0                                
         500 ms <= n <      1000 ms :          0                                
        1000 ms <= n <      5000 ms :        262                                
        5000 ms <= n <     10000 ms :          0                                
                   n >=    10000 ms :          0                                

------------------------------ Sipp Server Mode -------------------------------

Output for client

uac.xml
 
SIPp UAC Remote
 |(1) INVITE |
 |------------------>|
 |(2) 100 (optional) |
 |<------------------| 
 |(3) 180 (optional) | 
  |<------------------| 
|(4) 200             | 
|<------------------| 
|(5) ACK             | 
|------------------>|
 |                     |
 |(6) PAUSE             |
 |                     |
 |(7) BYE             |
 |------------------>|
 |(8) 200             |
 |<------------------|

sipp -sn uac 127.0.0.1 -trace_msg -trace_err
Resolving remote host ‘127.0.0.1’… Done.
—————————— Scenario Screen ——– [1-9]: Change Screen —
Call-rate(length) Port Total-time Total-calls Remote-host
10.0(0 ms)/1.000s 5061 17.32 s 98 127.0.0.1:5060(UDP)

3 new calls during 0.286 s period 1 ms scheduler resolution
0 calls (limit 30) Peak was 25 calls, after 10 s
0 Running, 101 Paused, 7 Woken up
0 dead call msg (discarded) 0 out-of-call msg (discarded)
3 open sockets

                             Messages  Retrans   Timeout   Unexpected-Msg
  INVITE ---------->         98        0         0                  
     100 <----------         0         0         0         0        
     180 <----------         98        0         0         0        
     183 <----------         0         0         0         0        
     200          98        0                            
   Pause [      0ms]         98                            0        
     BYE ---------->         98        0         0                  
     200 <----------         98        0         0         0        

—————————— Test Terminated ——————————–

----------------------------- Statistics Screen ------- [1-9]: Change Screen --

  Start Time             | 2019-02-04    13:08:03.908208 1549265883.908208         
  Last Reset Time        | 2019-02-04    13:08:20.954289 1549265900.954289         
  Current Time           | 2019-02-04    13:08:21.241152 1549265901.241152         

-------------------------+---------------------------+--------------------------
  Counter Name           | Periodic value            | Cumulative value

-------------------------+---------------------------+--------------------------
  Elapsed Time           | 00:00:00:286000           | 00:00:17:332000          

  Call Rate  

Tracings

———————————————– 2019-02-04 13:08:13.934840
UDP message received [527] bytes :

INVITE sip:service@127.0.0.1:5060 SIP/2.0
Via: SIP/2.0/UDP 192.x.x.x:5061;branch=z9hG4bK-52422-1-0
From: sipp ;tag=52422SIPpTag001
To: service 
Call-ID: 1-52422@192.x.x.x
CSeq: 1 INVITE
Contact: sip:sipp@192.x.x.x:5061
Max-Forwards: 70
Subject: Performance Test
Content-Type: application/sdp
Content-Length:   135

v=0
o=user1 53655765 2353687637 IN IP4 192.x.x.x
s=-
c=IN IP4 192.x.x.x
t=0 0
m=audio 6004 RTP/AVP 0
a=rtpmap:0 PCMU/8000

———————————————– 2019-02-04 13:08:13.936616
UDP message sent (321 bytes):

SIP/2.0 180 Ringing
Via: SIP/2.0/UDP 192.x.x.x:5061;branch=z9hG4bK-52422-1-0
From: sipp ;tag=52422SIPpTag001
To: service ;tag=52416SIPpTag011
Call-ID: 1-52422@192.x.x.x
CSeq: 1 INVITE
Contact: 
Content-Length: 0

———————————————– 2019-02-04 13:08:13.937003
UDP message sent (486 bytes):

SIP/2.0 200 OK
Via: SIP/2.0/UDP 192.x.x.x:5061;branch=z9hG4bK-52422-1-0
From: sipp ;tag=52422SIPpTag001
To: service ;tag=52416SIPpTag011
Call-ID: 1-52422@192.x.x.x
CSeq: 1 INVITE
Contact: 
Content-Type: application/sdp
Content-Length:   135

v=0
o=user1 53655765 2353687637 IN IP4 192.x.x.x
s=-
c=IN IP4 192.x.x.x
t=0 0
m=audio 6000 RTP/AVP 0
a=rtpmap:0 PCMU/8000

———————————————– 2019-02-04 13:08:13.948679
UDP message received [371] bytes :

ACK sip:service@127.0.0.1:5060 SIP/2.0
Via: SIP/2.0/UDP 192.x.x.x:5061;branch=z9hG4bK-52422-1-5
From: sipp ;tag=52422SIPpTag001
To: service ;tag=52416SIPpTag011
Call-ID: 1-52422@192.x.x.x
CSeq: 1 ACK
Contact: sip:sipp@192.x.x.x:5061
Max-Forwards: 70
Subject: Performance Test
Content-Length: 0

~ RTP

———————————————– 2019-02-04 13:08:13.949168
UDP message received [371] bytes :

BYE sip:service@127.0.0.1:5060 SIP/2.0
Via: SIP/2.0/UDP 192.x.x.x:5061;branch=z9hG4bK-52422-1-7
From: sipp ;tag=52422SIPpTag001
To: service ;tag=52416SIPpTag011
Call-ID: 1-52422@192.x.x.x
CSeq: 2 BYE
Contact: sip:sipp@192.x.x.x:5061
Max-Forwards: 70
Subject: Performance Test
Content-Length: 0

———————————————– 2019-02-04 13:08:13.949245
UDP message sent (313 bytes):

SIP/2.0 200 OK
Via: SIP/2.0/UDP 192.x.x.x:5061;branch=z9hG4bK-52422-1-7
From: sipp ;tag=52422SIPpTag001
To: service ;tag=52416SIPpTag011
Call-ID: 1-52422@192.x.x.x
CSeq: 2 BYE
Contact: 
Content-Length: 0

time

---------------------------- Repartition Screen ------- [1-9]: Change Screen --

  Average Response Time Repartition 1                                           

           0 ms <= n <        10 ms :        657                                
          10 ms <= n <        20 ms :         20                                
          20 ms <= n <        30 ms :          0                                
          30 ms <= n <        40 ms :          0                                
          40 ms <= n <        50 ms :          0                                
          50 ms <= n <       100 ms :          0                                
         100 ms <= n <       150 ms :          0                                
         150 ms <= n <       200 ms :          0                                
                   n >=      200 ms :          0                                

  Average Call Length Repartition                                               

           0 ms <= n <        10 ms :        649                                
          10 ms <= n <        50 ms :         28                                
          50 ms <= n <       100 ms :          0                                
         100 ms <= n <       500 ms :          0                                
         500 ms <= n <      1000 ms :          0                                
        1000 ms <= n <      5000 ms :          0                                
        5000 ms <= n <     10000 ms :          0                                
                   n >=    10000 ms :          0                                

------ [+|-|*|/]: Adjust rate ---- [q]: Soft exit ---- [p]: Pause traffic -----

Last Error: Overload warning: the major watchdog timer 3000ms has been t…

UAC with Media

SIPp UAC            Remote
    |(1) INVITE         |
    |------------------>|
    |(2) 100 (optional) |
    |<------------------|
    |(3) 180 (optional) |
    |<------------------|
    |(4) 200            |
    |<------------------|
    |(5) ACK            |
    |------------------>|
    |                   |
    |(6) RTP send (8s)  |
    |==================>|
    |                   |
    |(7) RFC2833 DIGIT 1|
    |==================>|
    |                   |
    |(8) BYE            |
    |------------------>|
    |(9) 200            |
    |<------------------|

sipp Usage:

sipp remote_host[:remote_port] [options]

Run SIPp with embedded server (uas) scenario: ./sipp -sn uas On the same host, run SIPp with embedded client (uac) scenario: ./sipp -sn uac 127.0.0.1

Scenario file options:

• -sd : Dumps a default scenario (embedded in the SIPp executable)
• -sf : Loads an alternate XML scenario file. To learn more about XML scenario syntax, use the -sd option to dump embedded scenarios. They contain all the necessary help.
• -oocsf : Load out-of-call scenario.
• -oocsn : Load out-of-call scenario.
• -sn : Use a default scenario (embedded in the SIPp executable). If this option is omitted, the Standard SipStone UAC scenario is loaded. Available values in this version: 
  • ‘uac’ : Standard SipStone UAC (default).
  • ‘uas’ : Simple UAS responder.
  • ‘regexp’ : Standard SipStone UAC – with regexp and variables.
  • ‘branchc’ : Branching and conditional branching in scenarios – client.
  • ‘branchs’ : Branching and conditional branching in scenarios – server.
  Default 3pcc scenarios (see -3pcc option):
  • ‘3pcc-C-A’ : Controller A side (must be started after all other 3pcc scenarios)
  • ‘3pcc-C-B’ : Controller B side.
  • ‘3pcc-A’ : A side.
  • ‘3pcc-B’ : B side.

IP, port and protocol options

• -t : Set the transport mode:
  • u1: UDP with one socket (default),
  • un: UDP with one socket per call,
  • ui: UDP with one socket per IP address. The IP addresses must be defined in the injection file.
  • t1: TCP with one socket,
  • tn: TCP with one socket per call,
  • l1: TLS with one socket,
  • ln: TLS with one socket per call,
  • c1: u1 + compression (only if compression plugin loaded),
  • cn: un + compression (only if compression plugin loaded). This plugin is not provided with SIPp.
• -i : Set the local IP address for ‘Contact:’,’Via:’, and ‘From:’ headers. Default is primary host IP address.
• -p : Set the local port number. Default is a random free port chosen by the system 
• -bind_local : Bind socket to local IP address, i.e. the local IP address is used as the source IP address. If SIPp runs in server mode it will only listen on the local IP address instead of all IP addresses.
• -ci : Set the local control IP address
• -cp : Set the local control port number. Default is 8888.
• -max_socket : Set the max number of sockets to open simultaneously. This option is significant if you use one socket per call. Once this limit is reached, traffic is distributed over the sockets already opened. Default value is 50000
• -max_reconnect : Set the the maximum number of reconnection.
• -reconnect_close : Should calls be closed on reconnect?
• -reconnect_sleep : How long (in milliseconds) to sleep between the close and reconnect?
• -rsa : Set the remote sending address to host:port for sending the messages.
• -tls_cert : Set the name for TLS Certificate file. Default is ‘cacert.pem
• -tls_key : Set the name for TLS Private Key file. Default is ‘cakey.pem’
• -tls_ca : Set the name for TLS CA file. If not specified, X509 verification is not activated.
• -tls_crl : Set the name for Certificate Revocation List file. If not specified, X509 CRL is not activated.
• -tls_version : Set the TLS protocol version to use (1.0, 1.1, 1.2) — default is autonegotiate

SIPp overall behavior options:

• -v : Display version and copyright information.
• -bg : Launch SIPp in background mode.
• -nostdin : Disable stdin.
• -plugin : Load a plugin.
• -sleep : How long to sleep for at startup. Default unit is seconds.
• -skip_rlimit : Do not perform rlimit tuning of file descriptor limits. Default: false.
• -buff_size : Set the send and receive buffer size.
• -sendbuffer_warn : Produce warnings instead of errors on SendBuffer failures.
• -lost : Set the number of packets to lose by default (scenario specifications override this value).
• -key : keyword value Set the generic parameter named “keyword” to “value”.
• -set : variable value Set the global variable parameter named “variable” to “value”.
• -tdmmap : Generate and handle a table of TDM circuits. A circuit must be available for the call to be placed. Format: -tdmmap {0-3}{99}{5-8}{1-31}
• -dynamicStart : variable value Set the start offset of dynamic_id variable
• -dynamicMax : variable value Set the maximum of dynamic_id variable 
• -dynamicStep : variable value Set the increment of dynamic_id variable

Call behavior options:

• -aa : Enable automatic 200 OK answer for INFO, NOTIFY, OPTIONS and UPDATE.
• -base_cseq : Start value of [cseq] for each call.
• -cid_str : Call ID string (default %u-%p@%s). %u=call_number, %s=ip_address, %p=process_number, %%=% (in any order).
• -d : Controls the length of calls. More precisely, this controls the duration of ‘pause’ instructions in the scenario, if they do not have a ‘milliseconds’ section. Default value is 0 and default unit is milliseconds.
• -deadcall_wait : How long the Call-ID and final status of calls should be kept to improve message and error logs (default unit is ms).
• -auth_uri : Force the value of the URI for authentication. By default, the URI is composed of remote_ip:remote_port.
• -au : Set authorization username for authentication challenges. Default is taken from -s argument
• -ap : Set the password for authentication challenges. Default is ‘password’
• -s : Set the username part of the request URI. Default is ‘service’.
• -default_behaviors: Set the default behaviors that SIPp will use. Possible values are:
  • all Use all default behaviors
  • none Use no default behaviors
  • bye Send byes for aborted calls
  • abortunexp Abort calls on unexpected messages
  • pingreply Reply to ping requests If a behavior is prefaced with a -, then it is turned off. Example: all,-bye
• -nd : No Default. Disable all default behavior of SIPp which are the following:
• On UDP retransmission timeout, abort the call by sending a BYE or a CANCEL
• On receive timeout with no ontimeout attribute, abort the call by sending a BYE or a CANCEL
• On unexpected BYE send a 200 OK and close the call
• On unexpected CANCEL send a 200 OK and close the call
• On unexpected PING send a 200 OK and continue the call
• On any other unexpected message, abort the call by sending a BYE or a CANCEL
• -pause_msg_ign : Ignore the messages received during a pause defined in the scenario 
• -callid_slash_ign: Don’t treat a triple-slash in Call-IDs as indicating an extra SIPp prefix.

Injection file options:

• -inf : Inject values from an external CSV file during calls into the scenarios. First line of this file say whether the data is to be read in sequence (SEQUENTIAL), random (RANDOM), or user (USER) order. Each line corresponds to one call and has one or more ‘;’ delimited data fields. Those fields can be referred as [field0], [field1], … in the xml scenario file. Several CSV files can be used simultaneously (syntax: -inf f1.csv -inf f2.csv …)
• -infindex : file field Create an index of file using field. For example -inf ../path/to/users.csv -infindex users.csv 0 creates an index on the first key.
• -ip_field : Set which field from the injection file contains the IP address from which the client will send its messages. If this option is omitted and the ‘-t ui’ option is present, then field 0 is assumed. Use this option together with ‘-t ui’

RTP behaviour options:

• -mi : Set the local media IP address (default: local primary host IP address)
• -rtp_echo : Enable RTP echo. RTP/UDP packets received on port defined by -mp are echoed to their sender. RTP/UDP packets coming on this port + 2 are also echoed to their sender (used for sound and video echo).
• -mb : Set the RTP echo buffer size (default: 2048).
• -mp : Set the local RTP echo port number. Default is 6000.
• -rtp_payload : RTP default payload type.
• -rtp_threadtasks : RTP number of playback tasks per thread.
• -rtp_buffsize : Set the rtp socket send/receive buffer size.

Call rate options:

• -r : Set the call rate (in calls per seconds). This value can bechanged during test by pressing ‘+’, ‘_’, ‘*’ or ‘/’. Default is 10.
  • pressing ‘+’ key to increase call rate by 1 * rate_scale,
  • pressing ‘-‘ key to decrease call rate by 1 * rate_scale,
  • pressing ‘*’ key to increase call rate by 10 * rate_scale,
  • pressing ‘/’ key to decrease call rate by 10 * rate_scale.
• -rp : Specify the rate period for the call rate. Default is 1 second and default unit is milliseconds. This allows you to have n calls every m milliseconds(by using -r n -rp m). Example: -r 7 -rp 2000 ==> 7 calls every 2 seconds. -r 10 -rp 5s => 10 calls every 5 seconds.
• -rate_scale : Control the units for the ‘+’, ‘-‘, ‘*’, and ‘/’ keys.
• -rate_increase : Specify the rate increase every -rate_interval units (default is seconds). This allows you to increase the load for each independent logging period. Example: -rate_increase 10 -rate_interval 10s ==> increase calls by 10 every 10 seconds.
• -rate_max : 

If -rate_increase is set, then quit after the rate reaches this value. Example: -rate_increase 10 -rate_max 100 ==> increase calls by 10 until 100 cps is hit.

• -rate_interval : Set the interval by which the call rate is increased. Defaults to the value of -fd.
• -no_rate_quit : If -rate_increase is set, do not quit after the rate reaches -rate_max.
• -l :  Set the maximum number of simultaneous calls. Once this limit is reached, traffic is decreased until the number of open calls goes down. Default: (3 * call_duration (s) * rate).

• -m : Stop the test and exit when ‘calls’ calls are processed
• -users : Instead of starting calls at a fixed rate, begin ‘users’ calls at startup, and keep the number of calls constant.

Retransmission and timeout options:

• -recv_timeout : Global receive timeout. Default unit is milliseconds. If the expected message is not received, the call times out and is aborted.
• -send_timeout : Global send timeout. Default unit is milliseconds. If a message is not sent (due to congestion), the call times out and is aborted.
• -timeout : Global timeout. Default unit is seconds. If this option is set, SIPp quits after nb units (-timeout 20s quits after 20 seconds).
• -timeout_error : SIPp fails if the global timeout is reached is set (-timeout option required).
• -max_retrans : Maximum number of UDP retransmissions before call ends on timeout. Default is 5 for INVITE transactions and 7 for others.
• -max_invite_retrans: Maximum number of UDP retransmissions for invite transactions before call ends on timeout.
• -max_non_invite_retrans: Maximum number of UDP retransmissions for non-invite transactions before call ends on timeout.
• -nr : Disable retransmission in UDP mode.
• -rtcheck : Select the retransmission detection method: full (default) or loose.
• -T2 : Global T2-timer in milli seconds

Third-party call control options:

• -3pcc : Launch the tool in 3pcc mode (“Third Party call control”). The passed IP address depends on the 3PCC role.
  • When the first twin command is ‘sendCmd’ then this is the address of the remote twin socket. SIPp will try to connect to this address:port to send the twin command (This instance must be started after all other 3PCC scenarios). Example: 3PCC-C-A scenario.
  • When the first twin command is ‘recvCmd’ then this is the address of the local twin socket. SIPp will open this address:port to listen for twin command. Example: 3PCC-C-B scenario.
• -master : 3pcc extended mode: indicates the master number
• -slave : 3pcc extended mode: indicates the slave number
• -slave_cfg : 3pcc extended mode: indicates the file where the master and slave addresses are stored

Performance and watchdog options:

• -timer_resol
  Set the timer resolution. Default unit is milliseconds. This option has an impact on timers precision.Small values allow more precise scheduling but impacts CPU usage.If the compression is on, the value is set to 50ms. The default value is 10ms.
• -max_recv_loops Set the maximum number of messages received read per cycle. Increase this value for high traffic level. The default value is 1000.
• -max_sched_loops Set the maximum number of calls run per event loop. Increase this value for high traffic level. The default value is 1000.
• -watchdog_interval : Set gap between watchdog timer firings. Default is 400.
• -watchdog_reset : If the watchdog timer has not fired in more than this time period, then reset the max triggers counters. Default is 10 minutes.
• -watchdog_minor_threshold: If it has been longer than this period between watchdog executions count a minor trip. Default is 500.
• -watchdog_major_threshold: If it has been longer than this period between watchdog executions count a major trip. Default is 3000.
• -watchdog_major_maxtriggers : How many times the major watchdog timer can be tripped before the test is terminated. Default is 10.
• -watchdog_minor_maxtriggers: How many times the minor watchdog timer can be tripped before the test is terminated. Default is 120.

Tracing, logging and statistics options:

• -f : Set the statistics report frequency on screen. Default is 1 and default unit is seconds.
• -trace_stat : Dumps all statistics in <scenario_name>_.csv file. Use the ‘-h stat’ option for a detailed description of the statistics file content.
• -stat_delimiter : Set the delimiter for the statistics file
• -stf : Set the file name to use to dump statistics
• -fd : Set the statistics dump log report frequency. Default is 60 and default unit is seconds.
• -periodic_rtd : Reset response time partition counters each logging interval.
• -trace_msg : Displays sent and received SIP messages in __messages.log
• -message_file : Set the name of the message log file.
• -message_overwrite: Overwrite the message log file (default true).
• -trace_shortmsg : Displays sent and received SIP messages as CSV in <scenario file name>__shortmessages.log
• -shortmessage_file: Set the name of the short message log file.
• -shortmessage_overwrite: Overwrite the short message log file (default true).
• -trace_counts : Dumps individual message counts in a CSV file.
• -trace_err : Trace all unexpected messages in __errors.log.
• -error_file : Set the name of the error log file.
• -error_overwrite : Overwrite the error log file (default true).
• -trace_error_codes: Dumps the SIP response codes of unexpected messages to <scenario file name>__error_codes.log.
• -trace_calldebug : Dumps debugging information about aborted calls to <scenario_name>__calldebug.log file.
• -calldebug_file : Set the name of the call debug file.
• -calldebug_overwrite: Overwrite the call debug file (default true).
• -trace_screen : Dump statistic screens in the <scenario_name>__screens.log file when quitting SIPp. Useful to get a final status report in background mode (-bg option).
• -screen_file : Set the name of the screen file.
• -screen_overwrite: Overwrite the screen file (default true).
• -trace_rtt : Allow tracing of all response times in __rtt.csv.
• -rtt_freq : freq is mandatory. Dump response times every freq calls in the log file defined by -trace_rtt. Default value is 200.
• -trace_logs : Allow tracing of actions in __logs.log.
• -log_file : Set the name of the log actions log file.
• -log_overwrite : Overwrite the log actions log file (default true).
• -ringbuffer_files: How many error, message, shortmessage and calldebug files should be kept after rotation?
• -ringbuffer_size : How large should error, message, shortmessage and calldebug files be before they get rotated?
• -max_log_size : What is the limit for error, message, shortmessage and calldebug file sizes.

Signal handling:

SIPp can be controlled using POSIX signals. The following signals are handled: USR1: Similar to pressing the ‘q’ key. It triggers a soft exit of SIPp. No more new calls are placed and all ongoing calls are finished before SIPp exits. Example: kill -SIGUSR1 732 USR2: Triggers a dump of all statistics screens in <scenario_name>__screens.log file. Especially useful in background mode to know what the current status is. Example: kill -SIGUSR2 732

Exit codes:

Upon exit (on fatal error or when the number of asked calls (-m option) is reached, SIPp exits with one of the following exit code: 0: All calls were successful 1: At least one call failed 97: Exit on internal command. Calls may have been processed 99: Normal exit without calls processed -1: Fatal error -2: Fatal error binding a socket

Debugging

Issue1  The commonName field needed to be supplied and was missing 

Solution Given the common name while generating the certs

Issue2 If cmake error appears such as “command not found: cmake” then 

solutionsudo apt-get install build-essential cmake

References :

• https://media.readthedocs.org/pdf/sipp-wip/latest/sipp-wip.pdf
• https://github.com/SIPp/sipp.git