[asterisk-commits] irroot: branch irroot/distrotech-customers-10 r333487 - in /team/irroot/distr...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Sat Aug 27 04:13:52 CDT 2011 

Author: irroot
Date: Sat Aug 27 04:13:48 2011
New Revision: 333487

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=333487
Log:
Allow optional SRTP this was part of RB1173

Modified:
    team/irroot/distrotech-customers-10/CHANGES
    team/irroot/distrotech-customers-10/channels/chan_sip.c
    team/irroot/distrotech-customers-10/channels/sip/include/sip.h
    team/irroot/distrotech-customers-10/configs/sip.conf.sample

Modified: team/irroot/distrotech-customers-10/CHANGES
URL: http://svnview.digium.com/svn/asterisk/team/irroot/distrotech-customers-10/CHANGES?view=diff&rev=333487&r1=333486&r2=333487
==============================================================================
--- team/irroot/distrotech-customers-10/CHANGES (original)
+++ team/irroot/distrotech-customers-10/CHANGES Sat Aug 27 04:13:48 2011
@@ -180,6 +180,7 @@
 -----------
  * Add T38 support for REJECTED state where T.38 Negotiation is explicitly rejected.
  * Add option encryption_taglen to set auth taglen only 32 and 80 are supported currently.
+ * Enable Optional SRTP by setting encryption=try
 
 Queue changes
 -------------

Modified: team/irroot/distrotech-customers-10/channels/chan_sip.c
URL: http://svnview.digium.com/svn/asterisk/team/irroot/distrotech-customers-10/channels/chan_sip.c?view=diff&rev=333487&r1=333486&r2=333487
==============================================================================
--- team/irroot/distrotech-customers-10/channels/chan_sip.c (original)
+++ team/irroot/distrotech-customers-10/channels/chan_sip.c Sat Aug 27 04:13:48 2011
@@ -5489,17 +5489,23 @@
 
 		if (p->rtp && !p->srtp && setup_srtp(&p->srtp) < 0) {
 			ast_log(LOG_WARNING, "SRTP audio setup failed\n");
-			return -1;
+			if (!ast_test_flag(&p->flags[2], SIP_PAGE3_SRTP_TRY)) {
+				return -1;
+			}
 		}
 
 		if (p->vrtp && !p->vsrtp && setup_srtp(&p->vsrtp) < 0) {
 			ast_log(LOG_WARNING, "SRTP video setup failed\n");
-			return -1;
+			if (!ast_test_flag(&p->flags[2], SIP_PAGE3_SRTP_TRY)) {
+				return -1;
+			}
 		}
 
 		if (p->trtp && !p->tsrtp && setup_srtp(&p->tsrtp) < 0) {
 			ast_log(LOG_WARNING, "SRTP text setup failed\n");
-			return -1;
+			if (!ast_test_flag(&p->flags[2], SIP_PAGE3_SRTP_TRY)) {
+				return -1;
+			}
 		}
 	}
 
@@ -9016,32 +9022,48 @@
 
 	if (secure_audio && !(p->srtp && (ast_test_flag(p->srtp, SRTP_CRYPTO_OFFER_OK)))) {
 		ast_log(LOG_WARNING, "Can't provide secure audio requested in SDP offer\n");
-		res = -4;
-		goto process_sdp_cleanup;
+		if (!ast_test_flag(&p->flags[2], SIP_PAGE3_SRTP_TRY)) {
+			res = -4;
+			goto process_sdp_cleanup;
+		}
 	}
 
 	if (!secure_audio && p->srtp) {
 		ast_log(LOG_WARNING, "We are requesting SRTP, but they responded without it!\n");
-		res = -4;
-		goto process_sdp_cleanup;
+		if (ast_test_flag(&p->flags[2], SIP_PAGE3_SRTP_TRY)) {
+			sip_srtp_destroy(p->srtp);
+			p->srtp = NULL;
+		} else {
+			res = -4;
+			goto process_sdp_cleanup;
+		}
 	}
 
 	if (secure_video && !(p->vsrtp && (ast_test_flag(p->vsrtp, SRTP_CRYPTO_OFFER_OK)))) {
 		ast_log(LOG_WARNING, "Can't provide secure video requested in SDP offer\n");
-		res = -4;
-		goto process_sdp_cleanup;
+		if (!ast_test_flag(&p->flags[2], SIP_PAGE3_SRTP_TRY)) {
+			res = -4;
+			goto process_sdp_cleanup;
+		}
 	}
 
 	if (!p->novideo && !secure_video && p->vsrtp) {
 		ast_log(LOG_WARNING, "We are requesting SRTP, but they responded without it!\n");
-		res = -4;
-		goto process_sdp_cleanup;
+		if (ast_test_flag(&p->flags[2], SIP_PAGE3_SRTP_TRY)) {
+			sip_srtp_destroy(p->vsrtp);
+			p->vsrtp = NULL;
+		} else {
+			res = -4;
+			goto process_sdp_cleanup;
+		}
 	}
 
 	if (!(secure_audio || secure_video) && ast_test_flag(&p->flags[1], SIP_PAGE2_USE_SRTP)) {
 		ast_log(LOG_WARNING, "Matched device setup to use SRTP, but request was not!\n");
-		res = -4;
-		goto process_sdp_cleanup;
+		if (!ast_test_flag(&p->flags[2], SIP_PAGE3_SRTP_TRY)) {
+			res = -4;
+			goto process_sdp_cleanup;
+		}
 	}
 
 	if (udptlportno == -1) {
@@ -22956,7 +22978,8 @@
 				transmit_response_with_t38_sdp(p, "200 OK", req, (reinvite ? XMIT_RELIABLE : (req->ignore ?  XMIT_UNRELIABLE : XMIT_CRITICAL)));
 			} else if ((p->t38.state == T38_DISABLED) || (p->t38.state == T38_REJECTED)) {
 				/* If this is not a re-invite or something to ignore - it's critical */
-				if (p->srtp && !ast_test_flag(p->srtp, SRTP_CRYPTO_OFFER_OK)) {
+				if (p->srtp && !ast_test_flag(p->srtp, SRTP_CRYPTO_OFFER_OK) &&
+				    !ast_test_flag(&p->flags[2], SIP_PAGE3_SRTP_TRY)) {
 					ast_log(LOG_WARNING, "Target does not support required crypto\n");
 					transmit_response_reliable(p, "488 Not Acceptable Here (crypto)", req);
 				} else {
@@ -27593,7 +27616,13 @@
 			} else if (!strcasecmp(v->name, "use_q850_reason")) {
 				ast_set2_flag(&peer->flags[1], ast_true(v->value), SIP_PAGE2_Q850_REASON);
 			} else if (!strcasecmp(v->name, "encryption")) {
-				ast_set2_flag(&peer->flags[1], ast_true(v->value), SIP_PAGE2_USE_SRTP);
+				if (!strcasecmp(v->value, "try")) {
+					ast_set_flag(&peer->flags[1], SIP_PAGE2_USE_SRTP);
+					ast_set_flag(&peer->flags[2], SIP_PAGE3_SRTP_TRY);
+				} else {
+					ast_set2_flag(&peer->flags[1], ast_true(v->value), SIP_PAGE2_USE_SRTP);
+					ast_clear_flag(&peer->flags[2], SIP_PAGE3_SRTP_TRY);
+				}
 			} else if (!strcasecmp(v->name, "encryption_taglen")) {
 				ast_set2_flag(&peer->flags[2], !strcasecmp(v->value, "32"), SIP_PAGE3_SRTP_TAG_32);
 			} else if (!strcasecmp(v->name, "snom_aoc_enabled")) {

Modified: team/irroot/distrotech-customers-10/channels/sip/include/sip.h
URL: http://svnview.digium.com/svn/asterisk/team/irroot/distrotech-customers-10/channels/sip/include/sip.h?view=diff&rev=333487&r1=333486&r2=333487
==============================================================================
--- team/irroot/distrotech-customers-10/channels/sip/include/sip.h (original)
+++ team/irroot/distrotech-customers-10/channels/sip/include/sip.h Sat Aug 27 04:13:48 2011
@@ -354,9 +354,10 @@
 
 #define SIP_PAGE3_SNOM_AOC               (1 << 0)  /*!< DPG: Allow snom aoc messages */
 #define SIP_PAGE3_SRTP_TAG_32            (1 << 1)  /*!< DP: Use a 32bit auth tag in INVITE not 80bit */
+#define SIP_PAGE3_SRTP_TRY               (1 << 2)  /*!< DP: Attempt SRTP / do not enforce it *
 
 #define SIP_PAGE3_FLAGS_TO_COPY \
-	(SIP_PAGE3_SNOM_AOC | SIP_PAGE3_SRTP_TAG_32)
+	(SIP_PAGE3_SNOM_AOC | SIP_PAGE3_SRTP_TAG_32 | SIP_PAGE3_SRTP_TRY)
 
 /*@}*/
 

Modified: team/irroot/distrotech-customers-10/configs/sip.conf.sample
URL: http://svnview.digium.com/svn/asterisk/team/irroot/distrotech-customers-10/configs/sip.conf.sample?view=diff&rev=333487&r1=333486&r2=333487
==============================================================================
--- team/irroot/distrotech-customers-10/configs/sip.conf.sample (original)
+++ team/irroot/distrotech-customers-10/configs/sip.conf.sample Sat Aug 27 04:13:48 2011
@@ -901,7 +901,9 @@
 ;encryption=no                  ; Whether to offer SRTP encrypted media (and only SRTP encrypted media)
                                 ; on outgoing calls to a peer. Calls will fail with HANGUPCAUSE=58 if
                                 ; the peer does not support SRTP. Defaults to no.
-;encryption_taglen=80              ; Set the auth tag length offered in the INVITE either 32/80 default 80
+                                ; this option can be set to try to offer encryption and not fail if peer
+                                ; ignores the request. the peer may reject this based on local settings.
+;encryption_taglen=80           ; Set the auth tag length offered in the INVITE either 32/80 default 80
 
 ;----------------------------------------- REALTIME SUPPORT ------------------------
 ; For additional information on ARA, the Asterisk Realtime Architecture,

More information about the asterisk-commits mailing list