Files
asterisk/configs/samples/rtp.conf.sample
Ben Ford b11a6643cf res_rtp_asterisk.c: Add "seqno" strictrtp option
When networks experience disruptions, there can be large gaps of time
between receiving packets. When strictrtp is enabled, this created
issues where a flood of packets could come in and be seen as an attack.
Another option - seqno - has been added to the strictrtp option that
ignores the time interval and goes strictly by sequence number for
validity.

Change-Id: I8a42b8d193673899c8fc22fe7f98ea87df89be71
2018-09-26 13:27:03 -05:00

131 lines
5.1 KiB
Plaintext

;
; RTP Configuration
;
[general]
;
; RTP start and RTP end configure start and end addresses
;
; Defaults are rtpstart=5000 and rtpend=31000
;
rtpstart=10000
rtpend=20000
;
; Whether to enable or disable UDP checksums on RTP traffic
;
;rtpchecksums=no
;
; The amount of time a DTMF digit with no 'end' marker should be
; allowed to continue (in 'samples', 1/8000 of a second)
;
;dtmftimeout=3000
; rtcpinterval = 5000 ; Milliseconds between rtcp reports
;(min 500, max 60000, default 5000)
;
; Enable strict RTP protection. This will drop RTP packets that do not come
; from the recoginized source of the RTP stream. Strict RTP qualifies RTP
; packet stream sources before accepting them upon initial connection and
; when the connection is renegotiated (e.g., transfers and direct media).
; Initial connection and renegotiation starts a learning mode to qualify
; stream source addresses. Once Asterisk has recognized a stream it will
; allow other streams to qualify and replace the current stream for 5
; seconds after starting learning mode. Once learning mode completes the
; current stream is locked in and cannot change until the next
; renegotiation.
; Valid options are "no" to disable strictrtp, "yes" to enable strictrtp,
; and "seqno", which does the same thing as strictrtp=yes, but only checks
; to make sure the sequence number is correct rather than checking the time
; interval as well.
; This option is enabled by default.
; strictrtp=yes
;
; Number of packets containing consecutive sequence values needed
; to change the RTP source socket address. This option only comes
; into play while using strictrtp=yes. Consider changing this value
; if rtp packets are dropped from one or both ends after a call is
; connected. This option is set to 4 by default.
; probation=8
;
; Whether to enable or disable ICE support. This option is enabled by default.
; icesupport=false
;
; Hostname or address for the STUN server used when determining the external
; IP address and port an RTP session can be reached at. The port number is
; optional. If omitted the default value of 3478 will be used. This option is
; disabled by default.
;
; e.g. stundaddr=mystun.server.com:3478
;
; stunaddr=
;
; Some multihomed servers have IP interfaces that cannot reach the STUN
; server specified by stunaddr. Blacklist those interface subnets from
; trying to send a STUN packet to find the external IP address.
; Attempting to send the STUN packet needlessly delays processing incoming
; and outgoing SIP INVITEs because we will wait for a response that can
; never come until we give up on the response.
; * Multiple subnets may be listed.
; * Blacklisting applies to IPv4 only. STUN isn't needed for IPv6.
; * Blacklisting applies when binding RTP to specific IP addresses and not
; the wildcard 0.0.0.0 address. e.g., A PJSIP endpoint binding RTP to a
; specific address using the bind_rtp_to_media_address and media_address
; options. Or the PJSIP endpoint specifies an explicit transport that binds
; to a specific IP address.
;
; e.g. stun_blacklist = 192.168.1.0/255.255.255.0
; stun_blacklist = 10.32.77.0/255.255.255.0
;
; stun_blacklist =
;
; Hostname or address for the TURN server to be used as a relay. The port
; number is optional. If omitted the default value of 3478 will be used.
; This option is disabled by default.
;
; e.g. turnaddr=myturn.server.com:34780
;
; turnaddr=
;
; Username used to authenticate with TURN relay server.
; turnusername=
;
; Password used to authenticate with TURN relay server.
; turnpassword=
;
; Subnets to exclude from ICE host, srflx and relay discovery. This is useful
; to optimize the ICE process where a system has multiple host address ranges
; and/or physical interfaces and certain of them are not expected to be used
; for RTP. For example, VPNs and local interconnections may not be suitable or
; necessary for ICE. Multiple subnets may be listed. If left unconfigured,
; all discovered host addresses are used.
;
; e.g. ice_blacklist = 192.168.1.0/255.255.255.0
; ice_blacklist = 10.32.77.0/255.255.255.0
;
; ice_blacklist =
;
[ice_host_candidates]
;
; When Asterisk is behind a static one-to-one NAT and ICE is in use, ICE will
; expose the server's internal IP address as one of the host candidates.
; Although using STUN (see the 'stunaddr' configuration option) will provide a
; publicly accessible IP, the internal IP will still be sent to the remote
; peer. To help hide the topology of your internal network, you can override
; the host candidates that Asterisk will send to the remote peer.
;
; IMPORTANT: Only use this functionality when your Asterisk server is behind a
; one-to-one NAT and you know what you're doing. If you do define anything
; here, you almost certainly will NOT want to specify 'stunaddr' or 'turnaddr'
; above.
;
; The format for these overrides is:
;
; <local address> => <advertised address>
;
; The following will replace 192.168.1.10 with 1.2.3.4 during ICE
; negotiation:
;
;192.168.1.10 => 1.2.3.4
;
; You can define an override for more than 1 interface if you have a multihomed
; server. Any local interface that is not matched will be passed through
; unaltered. Both IPv4 and IPv6 addresses are supported.