FS-5257 --resolve you seem to be setting sip_secure_media on an inbound leg, this is not correct. This patch should auto-correct that but also beware that the variable has changed to rtp_secure_media after this commit

2025-04-17 17:22:21 +00:00 · 2013-04-02 20:05:46 -05:00 · 2013-04-02 20:05:46 -05:00 · 69c3c7d8e2
commit 69c3c7d8e2
parent 5544db8d5e
11 changed files with 37 additions and 22 deletions
--- a/conf/insideout/dialplan/default.xml
+++ b/conf/insideout/dialplan/default.xml
@ -95,9 +95,9 @@
 	<action application="info"/>
      </condition>
      <condition field="${rtp_has_crypto}" expression="^(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)$" break="never">
-	<action application="set" data="sip_secure_media=true"/>
+	<action application="set" data="rtp_secure_media=true"/>
 	<!-- Offer SRTP on outbound legs if we have it on inbound. -->
-	<!-- <action application="export" data="sip_secure_media=true"/> -->
+	<!-- <action application="export" data="rtp_secure_media=true"/> -->
      </condition>
      <condition>
 	<action application="db" data="insert/${domain_name}-spymap/${caller_id_number}/${uuid}"/>
@ -231,7 +231,7 @@
 	<anti-action application="db" data="insert/${domain_name}-call_return/${dialed_extension}/${caller_id_number}"/>
 	<anti-action application="db" data="insert/${domain_name}-last_dial_ext/${dialed_extension}/${uuid}"/>
 	<anti-action application="set" data="called_party_callgroup=${user_data(${dialed_extension}@${domain_name} var callgroup)}"/>
-	<!--<anti-action application="export" data="nolocal:sip_secure_media=${user_data(${dialed_extension}@${domain_name} var sip_secure_media)}"/>-->
+	<!--<anti-action application="export" data="nolocal:rtp_secure_media=${user_data(${dialed_extension}@${domain_name} var rtp_secure_media)}"/>-->
 	<anti-action application="db" data="insert/${domain_name}-last_dial/${called_party_callgroup}/${uuid}"/>
 	<anti-action application="bridge" data="user/${dialed_extension}@${domain_name}"/>
 	<anti-action application="answer"/>
--- a/conf/insideout/dialplan/features.xml
+++ b/conf/insideout/dialplan/features.xml
@ -40,7 +40,7 @@
    <extension name="is_secure">
      <!-- Only Truly consider it secure if its TLS and SRTP --> 
      <condition field="${sip_via_protocol}" expression="tls"/>
-      <condition field="${sip_secure_media_confirmed}" expression="^true$">
+      <condition field="${rtp_secure_media_confirmed}" expression="^true$">
 	<action application="sleep" data="1000"/>
 	<action application="playback" data="misc/call_secured.wav"/>
 	<anti-action application="eval" data="not_secure"/>
--- a/conf/insideout/directory/default/brian.xml
+++ b/conf/insideout/directory/default/brian.xml
@ -60,8 +60,8 @@
      <variable name="effective_caller_id_number" value="1000"/>
      <!-- Don't write a CDR if this is false valid values are: true, false, a_leg and b_leg -->
      <variable name="process_cdr" value="true"/>
-      <!-- sip_secure_media will offer mandatory SRTP on invite AES_CM_128_HMAC_SHA1_32, AES_CM_128_HMAC_SHA1_80 or true-->
-      <variable name="sip_secure_media" value="true"/>
+      <!-- rtp_secure_media will offer mandatory SRTP on invite AES_CM_128_HMAC_SHA1_32, AES_CM_128_HMAC_SHA1_80 or true-->
+      <variable name="rtp_secure_media" value="true"/>
      <!-- limit the max number of outgoing calls for this user -->
      <!--<variable name="max_calls" value="2"/>-->

--- a/conf/sbc/dialplan/default.xml
+++ b/conf/sbc/dialplan/default.xml
@ -95,9 +95,9 @@
 	<action application="info"/>
      </condition>
      <condition field="${rtp_has_crypto}" expression="^(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)$" break="never">
-	<action application="set" data="sip_secure_media=true"/>
+	<action application="set" data="rtp_secure_media=true"/>
 	<!-- Offer SRTP on outbound legs if we have it on inbound. -->
-	<!-- <action application="export" data="sip_secure_media=true"/> -->
+	<!-- <action application="export" data="rtp_secure_media=true"/> -->
      </condition>
      <condition>
 	<action application="db" data="insert/${domain_name}-spymap/${caller_id_number}/${uuid}"/>
@ -231,7 +231,7 @@
 	<anti-action application="db" data="insert/${domain_name}-call_return/${dialed_extension}/${caller_id_number}"/>
 	<anti-action application="db" data="insert/${domain_name}-last_dial_ext/${dialed_extension}/${uuid}"/>
 	<anti-action application="set" data="called_party_callgroup=${user_data(${dialed_extension}@${domain_name} var callgroup)}"/>
-	<!--<anti-action application="export" data="nolocal:sip_secure_media=${user_data(${dialed_extension}@${domain_name} var sip_secure_media)}"/>-->
+	<!--<anti-action application="export" data="nolocal:rtp_secure_media=${user_data(${dialed_extension}@${domain_name} var rtp_secure_media)}"/>-->
 	<anti-action application="db" data="insert/${domain_name}-last_dial/${called_party_callgroup}/${uuid}"/>
 	<anti-action application="bridge" data="user/${dialed_extension}@${domain_name}"/>
 	<anti-action application="answer"/>
--- a/conf/sbc/dialplan/features.xml
+++ b/conf/sbc/dialplan/features.xml
@ -40,7 +40,7 @@
    <extension name="is_secure">
      <!-- Only Truly consider it secure if its TLS and SRTP --> 
      <condition field="${sip_via_protocol}" expression="tls"/>
-      <condition field="${sip_secure_media_confirmed}" expression="^true$">
+      <condition field="${rtp_secure_media_confirmed}" expression="^true$">
 	<action application="sleep" data="1000"/>
 	<action application="playback" data="misc/call_secured.wav"/>
 	<anti-action application="eval" data="not_secure"/>
--- a/conf/vanilla/dialplan/default.xml
+++ b/conf/vanilla/dialplan/default.xml
@ -136,9 +136,9 @@
      </condition>
      -->
      <condition field="${rtp_has_crypto}" expression="^(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)$" break="never">
-	<action application="set" data="sip_secure_media=true"/>
+	<action application="set" data="rtp_secure_media=true"/>
 	<!-- Offer SRTP on outbound legs if we have it on inbound. -->
-	<!-- <action application="export" data="sip_secure_media=true"/> -->
+	<!-- <action application="export" data="rtp_secure_media=true"/> -->
      </condition>

      <!--
@ -147,9 +147,9 @@
 	-->
      <condition field="${endpoint_disposition}" expression="^(DELAYED NEGOTIATION)"/>
      <condition field="${switch_r_sdp}" expression="(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)" break="never">
-	<action application="set" data="sip_secure_media=true"/>
+	<action application="set" data="rtp_secure_media=true"/>
 	<!-- Offer SRTP on outbound legs if we have it on inbound. -->
-	<!-- <action application="export" data="sip_secure_media=true"/> -->
+	<!-- <action application="export" data="rtp_secure_media=true"/> -->
      </condition>


@ -274,7 +274,7 @@
 	<action application="set" data="called_party_callgroup=${user_data(${dialed_extension}@${domain_name} var callgroup)}"/>
 	<action application="hash" data="insert/${domain_name}-last_dial_ext/${called_party_callgroup}/${uuid}"/>
 	<action application="hash" data="insert/${domain_name}-last_dial_ext/global/${uuid}"/>
-	<!--<action application="export" data="nolocal:sip_secure_media=${user_data(${dialed_extension}@${domain_name} var sip_secure_media)}"/>-->
+	<!--<action application="export" data="nolocal:rtp_secure_media=${user_data(${dialed_extension}@${domain_name} var rtp_secure_media)}"/>-->
 	<action application="hash" data="insert/${domain_name}-last_dial/${called_party_callgroup}/${uuid}"/>
 	<action application="bridge" data="user/${dialed_extension}@${domain_name}"/>
 	<action application="answer"/>
--- a/conf/vanilla/dialplan/features.xml
+++ b/conf/vanilla/dialplan/features.xml
@ -56,7 +56,7 @@
    <extension name="is_secure" continue="true">
      <!-- Only Truly consider it secure if its TLS and SRTP --> 
      <condition field="${sip_via_protocol}" expression="tls"/>
-      <condition field="${sip_secure_media_confirmed}" expression="^true$">
+      <condition field="${rtp_secure_media_confirmed}" expression="^true$">
 	<action application="sleep" data="1000"/>
 	<action application="playback" data="misc/call_secured.wav"/>
 	<anti-action application="eval" data="not_secure"/>
--- a/conf/vanilla/directory/default/brian.xml
+++ b/conf/vanilla/directory/default/brian.xml
@ -62,8 +62,8 @@
      <variable name="effective_caller_id_number" value="1000"/>
      <!-- Don't write a CDR if this is false valid values are: true, false, a_leg and b_leg -->
      <variable name="process_cdr" value="true"/>
-      <!-- sip_secure_media will offer mandatory SRTP on invite AES_CM_128_HMAC_SHA1_32, AES_CM_128_HMAC_SHA1_80 or true-->
-      <variable name="sip_secure_media" value="true"/>
+      <!-- rtp_secure_media will offer mandatory SRTP on invite AES_CM_128_HMAC_SHA1_32, AES_CM_128_HMAC_SHA1_80 or true-->
+      <variable name="rtp_secure_media" value="true"/>
      <!-- limit the max number of outgoing calls for this user -->
      <!--<variable name="max_calls" value="2"/>-->

--- a/src/mod/endpoints/mod_sofia/mod_sofia.h
+++ b/src/mod/endpoints/mod_sofia/mod_sofia.h
@ -112,8 +112,8 @@ typedef struct private_object private_object_t;
 #define SOFIA_DEFAULT_PORT "5060"
 #define SOFIA_DEFAULT_TLS_PORT "5061"
 #define SOFIA_REFER_TO_VARIABLE "sip_refer_to"
-#define SOFIA_SECURE_MEDIA_VARIABLE "sip_secure_media"
-#define SOFIA_SECURE_MEDIA_CONFIRMED_VARIABLE "sip_secure_media_confirmed"
+#define SOFIA_SECURE_MEDIA_VARIABLE "rtp_secure_media"
+#define SOFIA_SECURE_MEDIA_CONFIRMED_VARIABLE "rtp_secure_media_confirmed"
 #define SOFIA_SECURE_VIDEO_CONFIRMED_VARIABLE "sip_secure_video_confirmed"
 //#define SOFIA_HAS_CRYPTO_VARIABLE "rtp_has_crypto"
 //#define SOFIA_HAS_VIDEO_CRYPTO_VARIABLE "sip_has_video_crypto"
--- a/src/switch_channel.c
+++ b/src/switch_channel.c
@ -3155,8 +3155,20 @@ SWITCH_DECLARE(void) switch_channel_check_zrtp(switch_channel_t *channel)
 	}
 }

+static void check_secure(switch_channel_t *channel)
+{
+	const char *var, *sec;

+	if (switch_channel_direction(channel) == SWITCH_CALL_DIRECTION_INBOUND) {
+		if ((sec = switch_channel_get_variable(channel, "rtp_secure_media")) && switch_true(sec)) {
+			if (!(var = switch_channel_get_variable(channel, "rtp_has_crypto"))) {
+				switch_log_printf(SWITCH_CHANNEL_CHANNEL_LOG(channel), SWITCH_LOG_WARNING, "rtp_secure_media invalid in this context.\n");
+				switch_channel_set_variable(channel, "rtp_secure_media", NULL);
+			}
+		}
+	}

+}

 SWITCH_DECLARE(switch_status_t) switch_channel_perform_mark_pre_answered(switch_channel_t *channel, const char *file, const char *func, int line)
 {
@ -3241,6 +3253,8 @@ SWITCH_DECLARE(switch_status_t) switch_channel_perform_pre_answer(switch_channel
 		return SWITCH_STATUS_SUCCESS;
 	}

+	check_secure(channel);
+
 	if (switch_channel_direction(channel) == SWITCH_CALL_DIRECTION_INBOUND) {
 		msg.message_id = SWITCH_MESSAGE_INDICATE_PROGRESS;
 		msg.from = channel->name;
@ -3511,7 +3525,8 @@ SWITCH_DECLARE(switch_status_t) switch_channel_perform_answer(switch_channel_t *
 	if (switch_channel_test_flag(channel, CF_ANSWERED)) {
 		return SWITCH_STATUS_SUCCESS;
 	}
-	
+
+	check_secure(channel);

 	msg.message_id = SWITCH_MESSAGE_INDICATE_ANSWER;
 	msg.from = channel->name;
--- a/src/switch_rtp.c
+++ b/src/switch_rtp.c
@ -2656,7 +2656,7 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_create(switch_rtp_t **new_rtp_session

 		int initiator = 0;
 		const char *zrtp_enabled = switch_channel_get_variable(channel, "zrtp_secure_media");
-		const char *srtp_enabled = switch_channel_get_variable(channel, "sip_secure_media");
+		const char *srtp_enabled = switch_channel_get_variable(channel, "rtp_secure_media");

 		if (switch_true(srtp_enabled) && switch_true(zrtp_enabled)) {
 			switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(rtp_session->session), SWITCH_LOG_WARNING,