res_rtp_asterisk: make it possible to remove SOFTWARE attribute

By default Asterisk reports the PJSIP version in a SOFTWARE attribute of every STUN packet it sends. This may not be desired in a production environment, and RFC5389 recommends making the use of the SOFTWARE attribute a configurable option: https://datatracker.ietf.org/doc/html/rfc5389#section-16.1.2 This patch adds a `stun_software_attribute` yes/no option to make it possible to omit the SOFTWARE attribute from STUN packets. ASTERISK-29434 Change-Id: Id3f2b1dd9584536ebb3a1d7e8395fd8b3e46860b
2025-09-05 12:16:00 +00:00 · 2021-05-19 20:13:36 +02:00
parent 9cc1d6fc22
commit d162789c4d
3 changed files with 25 additions and 0 deletions
--- a/configs/samples/rtp.conf.sample
+++ b/configs/samples/rtp.conf.sample
@@ -90,6 +90,11 @@ rtpend=20000
 ;
 ; For historic reasons stun_blacklist is an alias for stun_deny.
 ;
 ; Whether to report the PJSIP version in a SOFTWARE attribute for all
 ; outgoing STUN packets. This option is enabled by default.
 ;
 ; stun_software_attribute=yes
 ;
 ; Hostname or address for the TURN server to be used as a relay. The port
 ; number is optional. If omitted the default value of 3478 will be used.
 ; This option is disabled by default.
--- a/doc/CHANGES-staging/res_rtp_asterisk_stun_software_attribute.txt
+++ b/doc/CHANGES-staging/res_rtp_asterisk_stun_software_attribute.txt
@@ -0,0 +1,8 @@
 Subject: res_rtp_asterisk
 By default Asterisk reports the PJSIP version in all
 STUN packets it sends.
 This behaviour may not be desired in a production
 environment and can now be disabled by setting the
 stun_software_attribute option to 'no' in rtp.conf.
--- a/res/res_rtp_asterisk.c
+++ b/res/res_rtp_asterisk.c
@@ -184,6 +184,7 @@ enum strict_rtp_mode {
 #define DEFAULT_STRICT_RTP STRICT_RTP_YES	/*!< Enabled by default */
 #define DEFAULT_SRTP_REPLAY_PROTECTION 1
 #define DEFAULT_ICESUPPORT 1
 #define DEFAULT_STUN_SOFTWARE_ATTRIBUTE 1
 #define DEFAULT_DTLS_MTU 1200
 extern struct ast_srtp_res *res_srtp;
@@ -211,6 +212,7 @@ static int dtls_mtu = DEFAULT_DTLS_MTU;
 #endif
 #ifdef HAVE_PJPROJECT
 static int icesupport = DEFAULT_ICESUPPORT;
 static int stun_software_attribute = DEFAULT_STUN_SOFTWARE_ATTRIBUTE;
 static struct sockaddr_in stunaddr;
 static pj_str_t turnaddr;
 static int turnport = DEFAULT_TURN_PORT;
@@ -1652,6 +1654,9 @@ static void ast_rtp_ice_turn_request(struct ast_rtp_instance *instance, enum ast
 	}
 	pj_stun_config_init(&stun_config, &cachingpool.factory, 0, rtp->ioqueue->ioqueue, rtp->ioqueue->timerheap);
 	if (!stun_software_attribute) {
 		stun_config.software_name = pj_str(NULL);
 	}
 	/* Use ICE session group lock for TURN session to avoid deadlock */
 	pj_turn_sock_cfg_default(&turn_sock_cfg);
@@ -3766,6 +3771,9 @@ static int ice_create(struct ast_rtp_instance *instance, struct ast_sockaddr *ad
 	pj_thread_register_check();
 	pj_stun_config_init(&stun_config, &cachingpool.factory, 0, NULL, timer_heap);
 	if (!stun_software_attribute) {
 		stun_config.software_name = pj_str(NULL);
 	}
 	ufrag = pj_str(rtp->local_ufrag);
 	passwd = pj_str(rtp->local_passwd);
@@ -9374,6 +9382,7 @@ static int rtp_reload(int reload, int by_external_config)
 #ifdef HAVE_PJPROJECT
 	icesupport = DEFAULT_ICESUPPORT;
 	stun_software_attribute = DEFAULT_STUN_SOFTWARE_ATTRIBUTE;
 	turnport = DEFAULT_TURN_PORT;
 	memset(&stunaddr, 0, sizeof(stunaddr));
 	turnaddr = pj_str(NULL);
@@ -9449,6 +9458,9 @@ static int rtp_reload(int reload, int by_external_config)
 	if ((s = ast_variable_retrieve(cfg, "general", "icesupport"))) {
 		icesupport = ast_true(s);
 	}
 	if ((s = ast_variable_retrieve(cfg, "general", "stun_software_attribute"))) {
 		stun_software_attribute = ast_true(s);
 	}
 	if ((s = ast_variable_retrieve(cfg, "general", "stunaddr"))) {
 		stunaddr.sin_port = htons(STANDARD_STUN_PORT);
 		if (ast_parse_arg(s, PARSE_INADDR, &stunaddr)) {