[Asterisk-code-review] res_rtp_asterisk: make it possible to remove SOFTWARE attribute (asterisk[master])

Jeremy Lainé asteriskteam at digium.com
Fri May 21 10:37:25 CDT 2021


Jeremy Lainé has uploaded this change for review. ( https://gerrit.asterisk.org/c/asterisk/+/15922 )


Change subject: res_rtp_asterisk: make it possible to remove SOFTWARE attribute
......................................................................

res_rtp_asterisk: make it possible to remove SOFTWARE attribute

By default Asterisk reports the PJSIP version in a SOFTWARE attribute
of every STUN packet it sends. This may not be desired in a production
environment, and RFC5389 recommends making the use of the SOFTWARE
attribute a configurable option:

https://datatracker.ietf.org/doc/html/rfc5389#section-16.1.2

This patch adds a `stun_software_attribute` yes/no option to make it
possible to omit the SOFTWARE attribute from STUN packets.

ASTERISK-29434

Change-Id: Id3f2b1dd9584536ebb3a1d7e8395fd8b3e46860b
---
M configs/samples/rtp.conf.sample
A doc/CHANGES-staging/res_rtp_asterisk_stun_software_attribute.txt
M res/res_rtp_asterisk.c
3 files changed, 25 insertions(+), 0 deletions(-)



  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/22/15922/1

diff --git a/configs/samples/rtp.conf.sample b/configs/samples/rtp.conf.sample
index 7ab81b3..1207c78 100644
--- a/configs/samples/rtp.conf.sample
+++ b/configs/samples/rtp.conf.sample
@@ -90,6 +90,11 @@
 ;
 ; For historic reasons stun_blacklist is an alias for stun_deny.
 ;
+; Whether to report the PJSIP version in a SOFTWARE attribute for all
+; outgoing STUN packets. This option is enabled by default.
+;
+; stun_software_attribute=yes
+;
 ; Hostname or address for the TURN server to be used as a relay. The port
 ; number is optional. If omitted the default value of 3478 will be used.
 ; This option is disabled by default.
diff --git a/doc/CHANGES-staging/res_rtp_asterisk_stun_software_attribute.txt b/doc/CHANGES-staging/res_rtp_asterisk_stun_software_attribute.txt
new file mode 100644
index 0000000..93905f6
--- /dev/null
+++ b/doc/CHANGES-staging/res_rtp_asterisk_stun_software_attribute.txt
@@ -0,0 +1,8 @@
+Subject: res_rtp_asterisk
+
+By default Asterisk reports the PJSIP version in all
+STUN packets it sends.
+
+This behaviour may not be desired in a production
+environment and can now be disabled by setting the
+stun_software_attribute option to 'no' in rtp.conf.
diff --git a/res/res_rtp_asterisk.c b/res/res_rtp_asterisk.c
index 20504cb..0f883e9 100644
--- a/res/res_rtp_asterisk.c
+++ b/res/res_rtp_asterisk.c
@@ -184,6 +184,7 @@
 #define DEFAULT_STRICT_RTP STRICT_RTP_YES	/*!< Enabled by default */
 #define DEFAULT_SRTP_REPLAY_PROTECTION 1
 #define DEFAULT_ICESUPPORT 1
+#define DEFAULT_STUN_SOFTWARE_ATTRIBUTE 1
 #define DEFAULT_DTLS_MTU 1200
 
 extern struct ast_srtp_res *res_srtp;
@@ -211,6 +212,7 @@
 #endif
 #ifdef HAVE_PJPROJECT
 static int icesupport = DEFAULT_ICESUPPORT;
+static int stun_software_attribute = DEFAULT_STUN_SOFTWARE_ATTRIBUTE;
 static struct sockaddr_in stunaddr;
 static pj_str_t turnaddr;
 static int turnport = DEFAULT_TURN_PORT;
@@ -1652,6 +1654,9 @@
 	}
 
 	pj_stun_config_init(&stun_config, &cachingpool.factory, 0, rtp->ioqueue->ioqueue, rtp->ioqueue->timerheap);
+	if (!stun_software_attribute) {
+		stun_config.software_name = pj_str(NULL);
+	}
 
 	/* Use ICE session group lock for TURN session to avoid deadlock */
 	pj_turn_sock_cfg_default(&turn_sock_cfg);
@@ -3766,6 +3771,9 @@
 	pj_thread_register_check();
 
 	pj_stun_config_init(&stun_config, &cachingpool.factory, 0, NULL, timer_heap);
+	if (!stun_software_attribute) {
+		stun_config.software_name = pj_str(NULL);
+	}
 
 	ufrag = pj_str(rtp->local_ufrag);
 	passwd = pj_str(rtp->local_passwd);
@@ -9374,6 +9382,7 @@
 
 #ifdef HAVE_PJPROJECT
 	icesupport = DEFAULT_ICESUPPORT;
+	stun_software_attribute = DEFAULT_STUN_SOFTWARE_ATTRIBUTE;
 	turnport = DEFAULT_TURN_PORT;
 	memset(&stunaddr, 0, sizeof(stunaddr));
 	turnaddr = pj_str(NULL);
@@ -9449,6 +9458,9 @@
 	if ((s = ast_variable_retrieve(cfg, "general", "icesupport"))) {
 		icesupport = ast_true(s);
 	}
+	if ((s = ast_variable_retrieve(cfg, "general", "stun_software_attribute"))) {
+		stun_software_attribute = ast_true(s);
+	}
 	if ((s = ast_variable_retrieve(cfg, "general", "stunaddr"))) {
 		stunaddr.sin_port = htons(STANDARD_STUN_PORT);
 		if (ast_parse_arg(s, PARSE_INADDR, &stunaddr)) {

-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/15922
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Change-Id: Id3f2b1dd9584536ebb3a1d7e8395fd8b3e46860b
Gerrit-Change-Number: 15922
Gerrit-PatchSet: 1
Gerrit-Owner: Jeremy Lainé <jeremy.laine at m4x.org>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20210521/14aa88b2/attachment-0001.html>


More information about the asterisk-code-review mailing list