[asterisk-commits] kmoore: branch kmoore/pimp_sip_srtp r386531 - in /team/kmoore/pimp_sip_srtp: ...

Thu Apr 25 12:18:01 CDT 2013

Author: kmoore
Date: Thu Apr 25 12:17:57 2013
New Revision: 386531

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=386531
Log:
Add AVPF handling and associated configuration option

Modified:
    team/kmoore/pimp_sip_srtp/include/asterisk/res_sip.h
    team/kmoore/pimp_sip_srtp/res/res_sip/sip_configuration.c
    team/kmoore/pimp_sip_srtp/res/res_sip_sdp_rtp.c

Modified: team/kmoore/pimp_sip_srtp/include/asterisk/res_sip.h
URL: http://svnview.digium.com/svn/asterisk/team/kmoore/pimp_sip_srtp/include/asterisk/res_sip.h?view=diff&rev=386531&r1=386530&r2=386531
==============================================================================

--- team/kmoore/pimp_sip_srtp/include/asterisk/res_sip.h (original)
+++ team/kmoore/pimp_sip_srtp/include/asterisk/res_sip.h Thu Apr 25 12:17:57 2013
@@ -251,7 +251,7 @@
 
 enum ast_sip_session_media_encryption {
 	/*! Invalid media encryption configuration */
-	AST_SIP_MEDIA_ENCRYPT_INVALID = 0,
+	AST_SIP_MEDIA_TRANSPORT_INVALID = 0,
 	/*! Do not allow any encryption of session media */
 	AST_SIP_MEDIA_ENCRYPT_DENY,
 	/*! Do not offer media encryption, but accept it if offered */
@@ -343,6 +343,8 @@
 	unsigned int send_rpid;
 	/*! Do we use media encryption? what type? */
 	enum ast_sip_session_media_encryption media_encryption;
+	/*! Do we use AVPF exclusively for this endpoint? */
+	unsigned int use_avpf;
 };
 
 /*!

Modified: team/kmoore/pimp_sip_srtp/res/res_sip/sip_configuration.c
URL: http://svnview.digium.com/svn/asterisk/team/kmoore/pimp_sip_srtp/res/res_sip/sip_configuration.c?view=diff&rev=386531&r1=386530&r2=386531
==============================================================================
--- team/kmoore/pimp_sip_srtp/res/res_sip/sip_configuration.c (original)
+++ team/kmoore/pimp_sip_srtp/res/res_sip/sip_configuration.c Thu Apr 25 12:17:57 2013
@@ -369,6 +369,7 @@
 	ast_sorcery_object_field_register(sip_sorcery, "endpoint", "send_pai", "no", OPT_BOOL_T, 1, FLDSET(struct ast_sip_endpoint, send_pai));
 	ast_sorcery_object_field_register(sip_sorcery, "endpoint", "send_rpid", "no", OPT_BOOL_T, 1, FLDSET(struct ast_sip_endpoint, send_rpid));
 	ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "media_encryption", "no", media_encryption_handler, NULL, 0, 0);
+	ast_sorcery_object_field_register(sip_sorcery, "endpoint", "use_avpf", "no", OPT_BOOL_T, 1, FLDSET(struct ast_sip_endpoint, use_avpf));
 
 	if (ast_sip_initialize_sorcery_transport(sip_sorcery)) {
 		ast_log(LOG_ERROR, "Failed to register SIP transport support with sorcery\n");

Modified: team/kmoore/pimp_sip_srtp/res/res_sip_sdp_rtp.c
URL: http://svnview.digium.com/svn/asterisk/team/kmoore/pimp_sip_srtp/res/res_sip_sdp_rtp.c?view=diff&rev=386531&r1=386530&r2=386531
==============================================================================
--- team/kmoore/pimp_sip_srtp/res/res_sip_sdp_rtp.c (original)
+++ team/kmoore/pimp_sip_srtp/res/res_sip_sdp_rtp.c Thu Apr 25 12:17:57 2013
@@ -475,47 +475,54 @@
  * \param endpoint_encryption Media encryption configured for the endpoint
  * \param stream pjmedia_sdp_media stream description
  *
- * \retval AST_SIP_MEDIA_ENCRYPT_INVALID on encryption mismatch
+ * \retval AST_SIP_MEDIA_TRANSPORT_INVALID on encryption mismatch
  * \retval The encryption requested in the SDP
  */
-static enum ast_sip_session_media_encryption check_endpoint_media_encryption(
-	enum ast_sip_session_media_encryption endpoint_encryption,
+static enum ast_sip_session_media_encryption check_endpoint_media_transport(
+	struct ast_sip_endpoint *endpoint,
 	const struct pjmedia_sdp_media *stream)
 {
 	enum ast_sip_session_media_encryption incoming_encryption;
+
+	if (endpoint->use_avpf) {
+		char transport_end = stream->desc.transport.ptr[stream->desc.transport.slen - 1];
+		if (transport_end != 'F') {
+			return AST_SIP_MEDIA_TRANSPORT_INVALID;
+		}
+	}
 
 	incoming_encryption = get_media_encryption_type(stream->desc.transport);
 	if (incoming_encryption == AST_SIP_MEDIA_ENCRYPT_DTLS) {
 		/* DTLS not yet supported */
-		return AST_SIP_MEDIA_ENCRYPT_INVALID;
-	}
-
-	if (incoming_encryption == endpoint_encryption) {
+		return AST_SIP_MEDIA_TRANSPORT_INVALID;
+	}
+
+	if (incoming_encryption == endpoint->media_encryption) {
 		return incoming_encryption;
 	}
 
-	switch (endpoint_encryption) {
+	switch (endpoint->media_encryption) {
 	case AST_SIP_MEDIA_ENCRYPT_DENY:
 		if (incoming_encryption != AST_SIP_MEDIA_ENCRYPT_NONE) {
 			/* Encryption offered, but not allowed */
-			return AST_SIP_MEDIA_ENCRYPT_INVALID;
+			return AST_SIP_MEDIA_TRANSPORT_INVALID;
 		}
 		break;
 	case AST_SIP_MEDIA_ENCRYPT_NONE:
 		if (incoming_encryption != AST_SIP_MEDIA_ENCRYPT_SDES) {
 			/* Can only silently upgrade to SDES from no encryption */
-			return AST_SIP_MEDIA_ENCRYPT_INVALID;
+			return AST_SIP_MEDIA_TRANSPORT_INVALID;
 		}
 		break;
 	case AST_SIP_MEDIA_ENCRYPT_SDES:
 		/* Can't silently upgrade or downgrade from SDES */
-		return AST_SIP_MEDIA_ENCRYPT_INVALID;
+		return AST_SIP_MEDIA_TRANSPORT_INVALID;
 	case AST_SIP_MEDIA_ENCRYPT_DTLS:
 		/* Can't silently upgrade or downgrade from DTLS */
-		return AST_SIP_MEDIA_ENCRYPT_INVALID;
-	case AST_SIP_MEDIA_ENCRYPT_INVALID:
+		return AST_SIP_MEDIA_TRANSPORT_INVALID;
+	case AST_SIP_MEDIA_TRANSPORT_INVALID:
 		/* This shouldn't ever happen */
-		return AST_SIP_MEDIA_ENCRYPT_INVALID;
+		return AST_SIP_MEDIA_TRANSPORT_INVALID;
 	}
 
 	return incoming_encryption;
@@ -559,9 +566,9 @@
 		return 0;
 	}
 
-	/* Ensure incoming encryption is compatible with the endpoint's configuration */
-	incoming_encryption = check_endpoint_media_encryption(session->endpoint->media_encryption, stream);
-	if (incoming_encryption == AST_SIP_MEDIA_ENCRYPT_INVALID) {
+	/* Ensure incoming transport is compatible with the endpoint's configuration */
+	incoming_encryption = check_endpoint_media_transport(session->endpoint, stream);
+	if (incoming_encryption == AST_SIP_MEDIA_TRANSPORT_INVALID) {
 		return -1;
 	}
 
@@ -647,7 +654,7 @@
 
 	media->desc.media = pj_str(session_media->stream_type);
 	media->desc.transport = pj_str(ast_sdp_get_rtp_profile(
-		!crypto_res, session_media->rtp, 0 /* not using AVPF */));
+		!crypto_res, session_media->rtp, session->endpoint->use_avpf));
 
 	/* Add connection level details */
 	if (direct_media_enabled) {


