[asterisk-dev] directmediapermit/deny doesn't work in any way approaching correct for any Asterisk version and is poorly named, so we should rework it in trunk
Jonathan Rose
jrose at digium.com
Wed May 2 13:09:15 CDT 2012
None of us really know how this feature ended up going through quite as dysfunctional as it was. Here is a summary:
directmediapermit/deny should allow a user to specify host addresses which block and allow the use of certain host addresses with directmedia if it would otherwise be available. Allows supersede denies, so a user could specify something like:
directmediadeny=0.0.0.0
directmediapermit=192.168.10.203
for a peer to allow that peer to use directmedia when making calls only to 192.168.10.203. Meanwhile any calls to/from another host should keep Asterisk in the RTP path.
Unfortunately, that isn't what it does right now at all.
Currently, the permit/deny lists are only used for to the peer they are set for (calls coming from the peer aren't checked against that peer's permit/deny list at all) and to make matters even more ridiculous, the address that is compared against the permit/deny list is the address belonging to the peer the list was set for. To simplify, on directmedia will be blocked in all cases where the peer has blocked itself from callid and it will be allowed for all cases where it has permitted itself for callid. This basically makes this a completely useless feature.
This feature has never worked at any time since it was committed, so the current plan is to redesign the feature in trunk with a new name to the options (currently looking at directmediareachable/unreachable) and simply mark the option as broken in 1.8 and 10. If anyone has any commentary about this, I'm all ears.
More information about the asterisk-dev
mailing list