Proxychain Experimental Source Code
Proxychain  is an efficient, scalable and robust authentication protocol for the Session Initiation Protocol (SIP). Like a number of cellular and VoIP providers, Proxychain is built around a single centralized authentication service working with proxy nodes distributed across a wide geographic area. Proxychain reduces the impact of the latency and load associated with this architecture through the use of a modified hash chain construction. In addition to providing an efficient mechanism for mutual authentication, Proxychain also provides vastly improved scalability through the use of secure caching of temporary authentication credentials at the SIP proxies.
To evaluate its performance and scalability, Proxychain was implemented in an experimental testbed based on open source components. The test bed consisted of: a database (MySQL), several SIP proxies (OpenSIPS) and user agents generating traffic load (SIPp). The proxies and the user agents were modified to support Proxychain. In the database server, a separate a concurrent-process server application was implemented to handle the Proxychain queries from the proxies. The modifications to OpenSIPS and SIPp are available below in the form of software patches, as well as the source code for the database server module. The instructions on how to apply and use our experimental code are also provided, including example configuration files.
It is important to notice that this is experimental code and it is not intended for production environments. The code has been tested with the versions of OpenSIPS and SIPp described below. It may not work with newer versions of these components. Please contact me if you have problems or questions regarding Proxychain.
Compiling OpenSIPS 1.5.2 with Proxychain support
In OpenSIPS, only modifications to the auth_db module were required. To compile OpenSIPS (SIP proxy) with Proxychain support use the following steps:
Configuring OpenSIPS to use Proxychain
After compiling OpenSIPS with Proxychain support, new functions and parameters are available in the auth_db module. The parameters can be used in the OpenSIPS configuration file using the modparam operator (i.e., modparam("auth_db", "hc_enable", 1)). The new functions and parameters added are:
An example of an OpenSIPS configuration file using Proxychain authentication for INVITE messages, preloading the credentials at boot time and no prefetching, can be downloaded here: [opensips.cfg]. An example of a file with offline credentials (200,000 users) can be downloaded here: [rand_credentials.dat].
Compiling SIPp 3.1 with support for Proxychain
To add Proxychain support to SIPp, use the following steps:
Configuring SIPp to use Proxychain
The use of Proxychain in SIPp is transparent to the user. SIPp will decide to use Proxychain based on the information in the challenge from the proxy (Proxy-Authenticate header). Specifically, when a SIPp instance receives a Proxy-Authenticate header starting with the value "PC" (instead of MD5), the SIPp instance will use Proxychain authentication instead of Digest authentication.
An example of an SIPp scenario file (-sf option) with INVITE authentication can be downloaded here: [uac_INVITE_auth.xml]. Also, a similar scenario but including BYE authentication: [uac_INVITE_BYE_auth.xml]. Finally, an example caller injection file (-inf option) can be found here: [callers.inf]
Compiling Proxychain Database Module
The DB client module is an independent process that runs in database server. To compile it, use the following steps:
Configuring the Proxychain Database Module
The DBclient module has the following command options:
The DBclient process should be executed as a background process. At boot time, each proxy process will establish a TCP connection with the DBclient module. The DBclient process will spawn children processes, one per proxy process. Each children DBclient process will serve the corresponding proxy process until the TCP connection expires. This is an example of how to execute the DBclient module:
./DBclient -n 10 -p 1976 -h 192.168.0.32 -d opensips -u root -P mypasswd &