Thursday, November 17, 2016

GNU Gatekeeper 4.3 released

I'm happy to announce the release of GNU Gatekeeper 4.3.

This new version contains a number bug fixes and some security fixes.

Fuzzy testing surfaced methods to crash GnuGk remotely, causing at least a denial of service. So all users are encouraged to update.

The most notable new feature are probably the events for Setup messages on the status port so now you can see all calls. In addition, LuaAuth has been given access to more information about received messages and can end your status port sessions with Ctrl-C now.

Important bug fixes are in the H.460 NAT traversal code where sometimes keep-alive intervals could be too long in older versions and a bug where GnuGk might have missed port re-negotiations in some cases.

The IgnoreSignaledIPs port detection code also has a few bug fixes to detect cases where it should be turned off automatically because its either not needed because the parties use another form of NAT traversal or non-symmetric ports where the detection algorithm may cause more harm than good.

You can download the new version from


Changes from GnuGk 4.2 to 4.3
  • BUGFIX(ProxyChannel.cxx, gkh235.cxx, gkauth.h) fix crashes found with PROTOS
  • new authentication policies LuaPasswordAuth, HttpPasswordAuth
  • BUGFIX( fix check for LUA 5.2 or higher
  • connection to the status port can now also be ended with Ctrl-C
  • new switch [Routing::DNS] RewriteARQDestination= to preserve URLs in ARQs
  • disable IgnoreSignaledIPs when one party is not using the same RTP ports for forward and reverse channels in same RTP session
  • BUGFIX(RasTbl.cxx) don't allow higher TTL for H.460.18 registrations  than set by H46018KeepAliveInterval= switch
  • add variables message, srcInfo and vendor to LuaAuth
  • print message on status port when Setup is received
  • BUGFIX(ProxyChannel.cxx) disregard IgnoreSignaledIPs=1 switch when caller supports some form of NAT traversal (to avoid both sides waiting for first RTP packet)
  • BUGFIX(ProxyChannel.cxx) enable H.245 tunneling for H.460.17 even when Innovaphone forgets the flag
  • BUGFIX(ProxyChannel.cxx) make sure CRV is 0 for all RAS messages when using H.460.17 even when they relate to a call
  • BUGFIX(ProxyChannel.cxx) re-do H.460.19 port detection when a new logical channel is opened on the same port
  • print number of CPU cores and thread configuration on startup
  • BUGFIX(RasTbl.cxx) fix display of H.460.17 for registrations on status port
  • BUGFIX(ProxyChannel.cxx) fix dead lock causing reroutes to fail