[asterisk-dev] Require header

Mark Michelson mmichelson at digium.com
Fri Nov 2 10:34:37 CDT 2012 

On 11/01/2012 01:22 PM, Olle E. Johansson wrote:
>
> Let's implement a flag where the admin can select to be backwards compatible with previous Asterisk versions. You've convinced me that we need it. Enable it by default in old releases, disable it in trunk.
>
> If old Asterisk communicates with other implementations, the SIP session timer implemenetation has been so bad and has broken down calls, so in all my installations we've been forced to turn it off. I don't know if anyone with two asterisks really use this, since we do have the RTP checks as well and have no silence suppression.
>
> I do really want this to be correct so I can interoperate correctly with other implementations and turn it on again. Since most of the code is written, it can't be a huge task to enable it.
>
> /O
>
I'm not sure I see the benefit of having this flag. Let's examine 
session timers from both sides, the UAS and the UAC.

On the UAS side, Asterisk clearly has been doing things incorrectly by 
not sending "Require: timer" in its 200 OK responses. This absolutely 
has to be fixed and there should not be any sort of flag to dictate 
whether we send it. Not sending "Require: timer" can clearly be seen to 
have caused interop problems with implementations that expect such a 
header to be present. We absolutely will send this header henceforth.

On the UAC side, things are a bit different. This is where I think you 
intend for this flag to be used. If the flag is set one way (we'll call 
this "true"), then we only inspect a Session-Expires header in a 200 OK 
if there is also an accompanying "Require: timer" header present. If the 
flag is set the other way (we'll call this "false"), then we will be 
lenient and respect the Session-Expires header in a 200 OK even if there 
is no accompanying "Require: timer" header. You propose that the flag 
should be "false" by default in current versions of Asterisk and "true" 
in trunk.

First off, have I understood what your proposed flag is correctly, or 
have I misunderstood?

If I have the intended behavior correct, then I don't foresee any 
situation where having the flag set "true" will actually benefit anyone. 
If anything, it would hinder interoperability not only with earlier 
versions of Asterisk, but with any other UAS's implementation of session 
timers that may have been done incorrectly. Asterisk typically follows 
the road of accepting less-than-standard information if it means 
interoperating better, and this seems like a case where we'd be better 
off being lenient in all cases. I'd be perfectly willing to put the flag 
in if you can give me an example where Asterisk, as the UAC, would 
interoperate better by ignoring the Session-Expires header in an 
incoming 200 OK if no "Require: timer" header is present.

Mark Michelson

More information about the asterisk-dev mailing list