# Opensource communication frameworks: XMPP, SIP, AMQP, MQTT, CAP, IAX



## sidetone (Mar 22, 2021)

An opensource framework allows interoperable and inter-organizational use between different offerings (or servers). Signal can't be compared in this category, because it is simply an opensource client offered by one provider or organization, and not a standard for interoperable use: it can be compared to other opensource apps on a separate merit.

If one wants to host their own server or wants a choosing that is interoperable with others, or a choice of software clients to use, then an opensource messaging standard or framework is the way to go.

*IETF recognized frameworks*
IETF recognizes *XMPP* (Extensible Messaging and Presence Protocol) and *SIP* (Session Initiation Protocol) as opensource standards for secure communication. *IAX* (Inter-Asterisk eXchange 2) which is associated with Asterisk is acknowledged by IETF, but not at the level of a standard by this governing organization. *MGCP *(Media Gateway Control Protocol) is an IETF opensource framework for VOIP that has been surpassed by SIP and IAX.

IAX (eaks) makes up for some shortcomings of SIP. SIP is not practical for use behind a NAT, but IAX is.

There is overlap between XMPP/*Jingle* and SIP/*Simple*. XMPP was intended for text communications, and as a Jingle extension to allow voice and video. SIP was intended for voice communication, but later added Simple for text communication.

*OASIS recognized frameworks
AMQP* (Advanced Message Queuing Protocol), *MQTT* (Message Queuing Telemetry Transport) and *CAP* (Common Alerting Protocol) are open standards recognized by OASIS. CAP is an important but more specific offering by OASIS.

MQTT is meant for Internet of Things (IoT) or device communication. MQTT is useful for automation, logistics, manufacturing, smart home, energy and transportation. For some IoT purposes, MQTT can be used in place of Bluetooth. MQTT-SN addresses very constrained networks. Eclipse organization takes an active interest in MQTT. See: net/mosquitto and net/py-paho-mqtt

AMQP is an open standard for secure business messaging. It's used by a lot of financial firms. See: net/rabbitmq

CAP is an XML implementation used for emergency alerts. It's used by National Oceanic and Atmospheric Administration (NOAA), Emergency Alert Services (EAS), FEMA and other agencies.

*W3C*
World Wide Web Consortium (W3C) is an open standards platform organization for the Internet. International Digital Publishing Forum (IDPF) was an opensource standards organization which has merged with W3C in 2016. *ePub* was fostered by IDPF, and it is now under W3C. *WebRTC* is an open-source standard by W3C for VOIP communication on the web through an API. For an API, JavaScript is mentioned.

*More*
*LwM2M* (Lightweight Machine to Machine) is an open specification by OMA (Open Mobile Alliance) Specworks, which IPSO (Internet Protocol for Smart Objects) Alliance has merged with. *JupiterMesh* is an open specification by Zigbee. These are for hardware and IoT communication.

*Secure authentication and encryption of streams*
For secure communication, OMEMO or PGP is needed for XMPP. It is easy to verify whether OMEMO or PGP are switched on. OMEMO is an opensource technology originally developed for Signal messenger. Jingle and other file or media transports still need additional encryption.

SIP needs both _SIPS_ (SIP Secure) and _SRTP_ (Secure RTP) for secure communication, but this requires a professional to set up devices on both ends of the line. It is difficult to confirm whether SIP communications are encrypted, or when they become unencrypted, unless it is set up by an expert in such a way that calls drop the moment they become insecure. Many software offerings don't have SIPS availability: PJSIP. SIPS negotiates a link between clients and servers, then SRTP transports voice directly from client to client.

SRTP ports and port options:
* Asterisk ports have net/pjsip and SRTP options: both must be enabled
* net/pjsip has an EXTSRTP option, which must be enabled
* EXSRTP and SRTP options both pull in the net/libsrtp2 library
* net/libsrtp was long depreciated and replaced by a newer version, libsrtp2, because it conflicted with OpenSSL in base of previous FreeBSD versions
* audio/baresip is an SIP client which had the srtp option: DTLS_SRTP is now available as an option, but is marked as broken

For IAX, RSA key exchange or MD5 hashing only secures the authentication handshake. The communication stream also requires a dynamic key (aes128) or VPN.

MQTT's authentication is too basic to allow secure conversation, however it can use SSL/TLS.

*CoAP* (Constrained Application Protocol) is a framework from IETF as an alternative to MQTT, but it provides no security mechanisms.

*Sources*

https://www.ietf.org
https://www.oasis-open.org
https://www.w3.org/
asteriskdocs.org
https://www.eclipse.org: MQTT and CoAP, IoT Protocols
*Further Reading*

Thread xmpp-basics-security-constrained-networks.77220
Thread comparisons-of-xmpp-signal-mqtt-tox-telegram.65834
eclipse.org: MQTT 101 – How to Get Started with the lightweight IoT Protocol
*Tags*

https://forums.freebsd.org/tags/mqtt/
https://forums.freebsd.org/tags/xmpp/
https://forums.freebsd.org/tags/sipsimple/


----------



## BostonBSD (Mar 27, 2021)

That rabbitmq package looks pretty neat.  I think I could program a script to instant message myself an alert from a server with it.

{Financial data breaks a threshold, system stat breaks a threshold, some sort of device monitor breaks a threshold...the dog ran out of food...the house temp dropped below zero, etc.}

Edit: I suppose any xmpp terminal client should be able to do the same.


----------



## BostonBSD (Mar 27, 2021)

And there it is: sendxmpp
Config file {need to chmod 600 this file}:
~/.sendxmpprc

```
username: myusername
jserver: mychatserver.extension
port: 5222
password: mypassword
```

send a message {this server requires TLS}:

echo "hello world" | sendxmpp -t -a /usr/local/share/certs/ca-root-nss.crt -s hello someotheruser@servername.extension

Here's a perl script intended for crontab


```
#!/usr/local/bin/perl -w
#---------------------------#
# PROGRAM: XMPPSCRIPT        #
#---------------------------#


$TIME = `date "+%r"`;
$DATE = `date "+%m/%d/%Y"`;
chomp($DATE);
chomp($TIME);

$VAR1 = "echo \"Finished Collecting Weather Data @ $TIME on $DATE\" | sendxmpp -t -a /usr/local/share/certs/ca-root-nss.crt -s weatherupdate myname\@mychatserver.extension";

system("$VAR1");
```


----------



## BostonBSD (Mar 27, 2021)

Now my computer can message my cellphone/tablet via an XMPP android client.


----------



## BostonBSD (Mar 28, 2021)

https://metacpan.org/pod/Net::XMPP

Upon further reading the above is a Perl module that can be used to send and receive xmpp messages.

It's the same module that sendxmpp uses.  Anyways it looks really neat and easy to setup a control system with it where you can control a machine with your cellphone/tablet just by using Perl scripts and an xmpp client on the remote device.


----------



## sidetone (May 28, 2021)

ramon15v said:


> And it seems that MGCP is one of the most reliable solutions as an opensource framework for VOIP, isn't it?


What I read was in terms of how many people are using it, and that SIP and IAX have gained steam. IIRC, this was from one of the Asterisk books, which was pro IAX.

I looked a little more about the protocol. MGCP is also known as H.248. It uses plain-text, so that may mean it's not be ideal for secure communications. But it might be compatible with POTS switching.

If you know something about MGCP's strengths, let us know.


----------



## Lamia (May 28, 2021)

sidetone said:


> An opensource framework allows interoperable and inter-organizational use between different offerings (or servers). Signal can't be compared in this category, because it is simply an opensource client offered by one provider or organization, and not a standard for interoperable use: it can be compared to other opensource apps on a separate merit.
> 
> If one wants to host their own server or wants a choosing that is interoperable with others, or a choice of software clients to use, then an opensource messaging standard or framework is the way to go.
> 
> ...


What a succinct literature review with references!



This post will remain a reference point to signalling protocols and their implementations in FreeBSD for several people.

Thank you


----------



## Alain De Vos (May 29, 2021)

For ruby there is

```
rubygem-amqp
rubygem-amqp-utils
rubygem-bunny
```
For python there is

```
devel/py37-pika
net/py37-amqp
net/py37-pamqp
net/py37-txamqp
```


----------

