<html>
<body>
<div style="font-family: Verdana, Arial, Helvetica, Sans-Serif;">
<table bgcolor="#f9f3c9" width="100%" cellpadding="8" style="border: 1px #c9c399 solid;">
<tr>
<td>
This is an automatically generated e-mail. To reply, visit:
<a href="https://reviewboard.asterisk.org/r/1803/">https://reviewboard.asterisk.org/r/1803/</a>
</td>
</tr>
</table>
<br />
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">Thanks for posting the patch here. For those who have not read the bugreport, I'll summarize my problems with this patch:
When dealing with peers, some should be allowed to see private/prohibited CLI's (CLIR) and some shouldn't -- sip2pstn links usually should and endusers usually shouldn't. I call these trusted and untrusted, but someone may have a better term form them.
Current behaviour in Asterisk is as follows:
- sendrpid=no => the peer does *not* get CLIR
- sendrpid=yes/rpid => the peer *does* get CLIR (with privacy=full tag)
- sendrpid=pai => the peer does *not* get CLIR (but Anonymous@...)
Yes, that is inconsistent, but that is the current situation.
What is good about this patch:
- The Privacy header is sent properly. However, IMO, this is only useful for these so-called 'trusted' peers.
- There is now a difference between trust levels.
My problems with this patch:
- It breaks backwards compatibility: sendrpid=pai will show CLIR to anyone.
- There is no way to disable sending of CLIR. When we don't trust the peer, the PAI should not get sent.
Now, all it does is set From to Anonymous, but still send the CLIR.
http://tools.ietf.org/html/rfc3325#section-10.2
"""The next proxy removes the P-Asserted-Identity
header field and the request for Privacy before forwarding this
request onward to the biloxi.com proxy server which it does not
trust."""
- The same goes for RPID, but there CLIR to untrusted peers should probably behave as PAI does now: set Anonymous@ in the header.
I like this fix, but it needs some tweaking IMO.</pre>
<br />
<p>- wdoekes</p>
<br />
<p>On March 6th, 2012, 5:16 p.m., jamicque wrote:</p>
<table bgcolor="#fefadf" width="100%" cellspacing="0" cellpadding="8" style="background-image: url('https://reviewboard.asterisk.org/media/rb/images/review_request_box_top_bg.png'); background-position: left top; background-repeat: repeat-x; border: 1px black solid;">
<tr>
<td>
<div>Review request for Asterisk Developers.</div>
<div>By jamicque.</div>
<p style="color: grey;"><i>Updated March 6, 2012, 5:16 p.m.</i></p>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Description </h1>
<table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" style="border: 1px solid #b8b5a0">
<tr>
<td>
<pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">It seams that in Asterisk privacy with PAI is not implemented correctly.
According to RFC 3325 when using privacy, FROM header should be set to anonymous@anonymous.invalid and PAI header should be set to caller num and name. The privacy is implemented by adding privacy: id header.
Now when we use pai and callpres=prohib in P-Asserted-Identity header we have something which is not correct to any rfc.
P-Asserted-Identity: "Anonymous" <sip:anonymous@anonymous.invalid>
What my patch does:
1) it adds Privacy header when PAI is used (values "none" or "id" depending on callpres)
2)
3) "sendrpid" configuration option have been expanded:
now it can have those values:
no - nothing changed
yes - rpid header is added, when call PRES=prohi, FROM header is not changed
rpid - the same as yes
pai - pai header is added, when call PRES=prohi, FROM header is not changed
NEW VALUES:
rpid,trusted (NEW) - the same as yes
rpid,untrusted (NEW) - rpid header is added, when call PRES=prohi, FROM header is chenged to anonymous@anonymous.invalid
pai,trusted (NEW) - the same as pai
pai,untrusted (NEW) - pai header is added, when call PRES=prohi, FROM header is chenged to anonymous@anonymous.invalid - as in RFC 3325
</pre>
</td>
</tr>
</table>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Testing </h1>
<table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" style="border: 1px solid #b8b5a0">
<tr>
<td>
<pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">I've done some basing test with outgoing calls and everything seems to wroks fine.</pre>
</td>
</tr>
</table>
<div style="margin-top: 1.5em;">
<b style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Bugs: </b>
<a href="https://issues.asterisk.org/jira/browse/ASTERISK-19465">ASTERISK-19465</a>
</div>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Diffs</b> </h1>
<ul style="margin-left: 3em; padding-left: 0;">
<li>/trunk/channels/chan_sip.c <span style="color: grey">(358434)</span></li>
<li>/trunk/channels/sip/include/sip.h <span style="color: grey">(358434)</span></li>
<li>/trunk/configs/sip.conf.sample <span style="color: grey">(358434)</span></li>
</ul>
<p><a href="https://reviewboard.asterisk.org/r/1803/diff/" style="margin-left: 3em;">View Diff</a></p>
</td>
</tr>
</table>
</div>
</body>
</html>