diff options
| author | Terry Wilson <twilson@digium.com> | 2011-11-21 21:09:59 +0000 |
|---|---|---|
| committer | Terry Wilson <twilson@digium.com> | 2011-11-21 21:09:59 +0000 |
| commit | 32d0faac9cb7576520d326ddd15d9fc7a0b47252 (patch) | |
| tree | f75414aa3d0e226e2cc130bf5f91e27c70a4d62c /CHANGES | |
| parent | 298d015828a638a8ab0f07f8f8205ef04026bdd8 (diff) | |
Default to nat=yes; warn when nat in general and peer differ
It is possible to enumerate SIP usernames when the general and user/peer
nat settings differ in whether to respond to the port a request is sent
from or the port listed for responses in the Via header. In 1.4 and 1.6.2,
this would mean if one setting was nat=yes or nat=route and the other was
either nat=no or nat=never. In 1.8 and 10, this would mean when one was
nat=force_rport and the other was nat=no.
In order to address this problem, it was decided to switch the default
behavior to nat=yes/force_rport as it is the most commonly used option
and to strongly discourage setting nat per-peer/user when at all possible.
For more discussion of the issue, please see:
http://lists.digium.com/pipermail/asterisk-dev/2011-November/052191.html
(closes issue ASTERISK-18862)
Review: https://reviewboard.asterisk.org/r/1591/
........
Merged revisions 345776 from http://svn.asterisk.org/svn/asterisk/branches/1.4
........
Merged revisions 345800 from http://svn.asterisk.org/svn/asterisk/branches/1.6.2
........
Merged revisions 345828 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 345830 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@345831 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -323,6 +323,11 @@ PBX Core SIP Changes ----------- + * Due to potential username discovery vulnerabilities, the 'nat' setting in sip.conf + now defaults to force_rport. It is very important that phones requiring nat=no be + specifically set as such instead of relying on the default setting. If at all + possible, all devices should have nat settings configured in the general section as + opposed to configuring nat per-device. * Added preferred_codec_only option in sip.conf. This feature limits the joint codecs sent in response to an INVITE to the single most preferred codec. * Added SIP_CODEC_OUTBOUND dialplan variable which can be used to set the codec |