[asterisk-dev] Require header

Mark Michelson mmichelson at digium.com
Tue Nov 20 10:33:12 CST 2012


On 11/02/2012 10:34 AM, Mark Michelson wrote:
> On 11/01/2012 01:22 PM, Olle E. Johansson wrote:
>>
>> Let's implement a flag where the admin can select to be backwards 
>> compatible with previous Asterisk versions. You've convinced me that 
>> we need it. Enable it by default in old releases, disable it in trunk.
>>
>> If old Asterisk communicates with other implementations, the SIP 
>> session timer implemenetation has been so bad and has broken down 
>> calls, so in all my installations we've been forced to turn it off. I 
>> don't know if anyone with two asterisks really use this, since we do 
>> have the RTP checks as well and have no silence suppression.
>>
>> I do really want this to be correct so I can interoperate correctly 
>> with other implementations and turn it on again. Since most of the 
>> code is written, it can't be a huge task to enable it.
>>
>> /O
>>
> I'm not sure I see the benefit of having this flag. Let's examine 
> session timers from both sides, the UAS and the UAC.
>
> On the UAS side, Asterisk clearly has been doing things incorrectly by 
> not sending "Require: timer" in its 200 OK responses. This absolutely 
> has to be fixed and there should not be any sort of flag to dictate 
> whether we send it. Not sending "Require: timer" can clearly be seen 
> to have caused interop problems with implementations that expect such 
> a header to be present. We absolutely will send this header henceforth.
>
> On the UAC side, things are a bit different. This is where I think you 
> intend for this flag to be used. If the flag is set one way (we'll 
> call this "true"), then we only inspect a Session-Expires header in a 
> 200 OK if there is also an accompanying "Require: timer" header 
> present. If the flag is set the other way (we'll call this "false"), 
> then we will be lenient and respect the Session-Expires header in a 
> 200 OK even if there is no accompanying "Require: timer" header. You 
> propose that the flag should be "false" by default in current versions 
> of Asterisk and "true" in trunk.
>
> First off, have I understood what your proposed flag is correctly, or 
> have I misunderstood?
>
> If I have the intended behavior correct, then I don't foresee any 
> situation where having the flag set "true" will actually benefit 
> anyone. If anything, it would hinder interoperability not only with 
> earlier versions of Asterisk, but with any other UAS's implementation 
> of session timers that may have been done incorrectly. Asterisk 
> typically follows the road of accepting less-than-standard information 
> if it means interoperating better, and this seems like a case where 
> we'd be better off being lenient in all cases. I'd be perfectly 
> willing to put the flag in if you can give me an example where 
> Asterisk, as the UAC, would interoperate better by ignoring the 
> Session-Expires header in an incoming 200 OK if no "Require: timer" 
> header is present.
>
> Mark Michelson
>

Hi Olle,

I haven't heard back in a couple of weeks on this matter, and in that 
period, I've gotten "Ship its" on my code reviews.

I'm going to commit the changes I already have. If you're able to 
provide a scenario where, as the UAC, the fact we do not inspect the 
Require header for a "timer" value in a 200 OK response can cause 
issues, please let me know and I will revert or add what is necessary to 
make it right.

Mark Michelson



More information about the asterisk-dev mailing list