From d162789c4d221446e07f9156e8ba51d62d5dab6c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jeremy=20Lain=C3=A9?= <jeremy.laine@m4x.org>
Date: Wed, 19 May 2021 20:13:36 +0200
Subject: [PATCH] res_rtp_asterisk: make it possible to remove SOFTWARE
 attribute

By default Asterisk reports the PJSIP version in a SOFTWARE attribute
of every STUN packet it sends. This may not be desired in a production
environment, and RFC5389 recommends making the use of the SOFTWARE
attribute a configurable option:

https://datatracker.ietf.org/doc/html/rfc5389#section-16.1.2

This patch adds a `stun_software_attribute` yes/no option to make it
possible to omit the SOFTWARE attribute from STUN packets.

ASTERISK-29434

Change-Id: Id3f2b1dd9584536ebb3a1d7e8395fd8b3e46860b
---
 configs/samples/rtp.conf.sample                      |  5 +++++
 .../res_rtp_asterisk_stun_software_attribute.txt     |  8 ++++++++
 res/res_rtp_asterisk.c                               | 12 ++++++++++++
 3 files changed, 25 insertions(+)
 create mode 100644 doc/CHANGES-staging/res_rtp_asterisk_stun_software_attribute.txt

diff --git a/configs/samples/rtp.conf.sample b/configs/samples/rtp.conf.sample
index 7ab81b3bc4..1207c7805e 100644
--- a/configs/samples/rtp.conf.sample
+++ b/configs/samples/rtp.conf.sample
@@ -90,6 +90,11 @@ rtpend=20000
 ;
 ; For historic reasons stun_blacklist is an alias for stun_deny.
 ;
+; Whether to report the PJSIP version in a SOFTWARE attribute for all
+; outgoing STUN packets. This option is enabled by default.
+;
+; stun_software_attribute=yes
+;
 ; Hostname or address for the TURN server to be used as a relay. The port
 ; number is optional. If omitted the default value of 3478 will be used.
 ; This option is disabled by default.
diff --git a/doc/CHANGES-staging/res_rtp_asterisk_stun_software_attribute.txt b/doc/CHANGES-staging/res_rtp_asterisk_stun_software_attribute.txt
new file mode 100644
index 0000000000..93905f6d0a
--- /dev/null
+++ b/doc/CHANGES-staging/res_rtp_asterisk_stun_software_attribute.txt
@@ -0,0 +1,8 @@
+Subject: res_rtp_asterisk
+
+By default Asterisk reports the PJSIP version in all
+STUN packets it sends.
+
+This behaviour may not be desired in a production
+environment and can now be disabled by setting the
+stun_software_attribute option to 'no' in rtp.conf.
diff --git a/res/res_rtp_asterisk.c b/res/res_rtp_asterisk.c
index 20504cbb3f..0f883e9462 100644
--- a/res/res_rtp_asterisk.c
+++ b/res/res_rtp_asterisk.c
@@ -184,6 +184,7 @@ enum strict_rtp_mode {
 #define DEFAULT_STRICT_RTP STRICT_RTP_YES	/*!< Enabled by default */
 #define DEFAULT_SRTP_REPLAY_PROTECTION 1
 #define DEFAULT_ICESUPPORT 1
+#define DEFAULT_STUN_SOFTWARE_ATTRIBUTE 1
 #define DEFAULT_DTLS_MTU 1200
 
 extern struct ast_srtp_res *res_srtp;
@@ -211,6 +212,7 @@ static int dtls_mtu = DEFAULT_DTLS_MTU;
 #endif
 #ifdef HAVE_PJPROJECT
 static int icesupport = DEFAULT_ICESUPPORT;
+static int stun_software_attribute = DEFAULT_STUN_SOFTWARE_ATTRIBUTE;
 static struct sockaddr_in stunaddr;
 static pj_str_t turnaddr;
 static int turnport = DEFAULT_TURN_PORT;
@@ -1652,6 +1654,9 @@ static void ast_rtp_ice_turn_request(struct ast_rtp_instance *instance, enum ast
 	}
 
 	pj_stun_config_init(&stun_config, &cachingpool.factory, 0, rtp->ioqueue->ioqueue, rtp->ioqueue->timerheap);
+	if (!stun_software_attribute) {
+		stun_config.software_name = pj_str(NULL);
+	}
 
 	/* Use ICE session group lock for TURN session to avoid deadlock */
 	pj_turn_sock_cfg_default(&turn_sock_cfg);
@@ -3766,6 +3771,9 @@ static int ice_create(struct ast_rtp_instance *instance, struct ast_sockaddr *ad
 	pj_thread_register_check();
 
 	pj_stun_config_init(&stun_config, &cachingpool.factory, 0, NULL, timer_heap);
+	if (!stun_software_attribute) {
+		stun_config.software_name = pj_str(NULL);
+	}
 
 	ufrag = pj_str(rtp->local_ufrag);
 	passwd = pj_str(rtp->local_passwd);
@@ -9374,6 +9382,7 @@ static int rtp_reload(int reload, int by_external_config)
 
 #ifdef HAVE_PJPROJECT
 	icesupport = DEFAULT_ICESUPPORT;
+	stun_software_attribute = DEFAULT_STUN_SOFTWARE_ATTRIBUTE;
 	turnport = DEFAULT_TURN_PORT;
 	memset(&stunaddr, 0, sizeof(stunaddr));
 	turnaddr = pj_str(NULL);
@@ -9449,6 +9458,9 @@ static int rtp_reload(int reload, int by_external_config)
 	if ((s = ast_variable_retrieve(cfg, "general", "icesupport"))) {
 		icesupport = ast_true(s);
 	}
+	if ((s = ast_variable_retrieve(cfg, "general", "stun_software_attribute"))) {
+		stun_software_attribute = ast_true(s);
+	}
 	if ((s = ast_variable_retrieve(cfg, "general", "stunaddr"))) {
 		stunaddr.sin_port = htons(STANDARD_STUN_PORT);
 		if (ast_parse_arg(s, PARSE_INADDR, &stunaddr)) {
-- 
GitLab