110 likes | 341 Views
Modeling the SIP proxy using Promela. Jong Yul Kim December 21, 2009. INVITE sip:alice@columbia.edu. 180 Ringing. 200 OK. ACK. “Hi, how are you?”. Session Initiation Protocol. User Agent Client (UAC). User Agent Server (UAS).
E N D
Modeling the SIP proxy using Promela Jong Yul Kim December 21, 2009
INVITE sip:alice@columbia.edu 180 Ringing 200 OK ACK “Hi, how are you?” Session Initiation Protocol User Agent Client (UAC) User Agent Server (UAS) • A signaling protocol widely used for multimedia session setup and teardown • Used with Real Time Protocol (RTP) to send voice/video • During setup (negotiation): • UAC offers a range of session types and codecs • UAS answers with a range of session types and codecs • During teardown: • One of the parties sends a BYE message. The other replies “OK”.
Related Work • “Understanding SIP through Model-Checking” by Dr. Pamela Zave • Her Promela code models the initial session setup + termination between one UAC and one UAS.
Abstractions in the Basic model • We’re modeling the topmost layer of the SIP stack. • No syntax checking, no retransmission, no timers, … • Many failure messages are also out. UAC / UAS core Transaction Transport The SIP Stack
The FIFO/Pruned Model • Two channels • Assume one TCP connection each from both sides • Two processes • One UAC process • One UAS process • Many messages • invite, prack, update, ack, cancel, info, bye, unProv, relProv, invSucc, invFail, prackRsp, cancRsp, updSucc, updFail,infoRsp, byeRsp proctype UAC proctype UAS
SIP proxy • A SIP proxy is a server that relays SIP signals between two endpoints. • Usually, UAS registers to a proxy to receive calls. • Two modes of operation: • Stateless : “blindly” forwards message from one side to the other • Stateful : keeps track of state to do more interesting things
Modeling a SIP proxy proctype proxy • Four channels • Three processes • Same messages proctype UAC proctype UAS proctype proxy() { mtype message, sdp; end: do :: c2p?message,sdp; p2s!message,sdp :: s2p?message,sdp; p2c!message,sdp od }
INVITE bob INVITE bob failed failed Stateless SIP Proxy UAS1 UAC Proxy UAS2 proctype proxy() { mtype message, sdp; byte uasid; c2p?invite,sdp; do :: true; uasid = 0; break; :: true; uasid = 1; break; od; p2s[uasid]!invite,sdp; end: do :: c2p?message,sdp; p2s[uasid]!message,sdp :: s2p[uasid]?message,sdp; p2c!message,sdp od } • If there are multiple UAS registered, then pick one and forward.
INVITE bob INVITE bob failed INVITE OK OK Stateful SIP Proxy: Sequential Search UAS1 UAC Proxy UAS2 • Search multiple UAS in order. • Establish connection with first one that answers. • However, • Had to change UAC as well. • Proxy forwards provisional response to UAC. • UAC may receive provisional responses from multiple UAS. • Variables intended for single UAC-UAS transaction changed to arrays.
Simulation of Sequential Search • Verification of the model using • Partial Order Reduction • Compression • Reveals that there’s an invalid end state at depth 284. • Hopefully will be fixed by Wednesday.
Lessons Learned • Promela / SPIN is a tool that can be used to check network protocols. • To make a model, need to abstract a lot of details out. Finding the right level of abstraction in the problem you’re interested in is important. • Making or modifying a model from plain English-based standards documents is not an easy task. But the resulting model is very useful.