From b265477654426952d659459f931263df388cb38c Mon Sep 17 00:00:00 2001
From: Richard Fuchs <rfuchs@sipwise.com>
Date: Tue, 3 Oct 2023 11:40:21 -0400
Subject: [PATCH] MT#55283 add SDES-prefer option

Change-Id: I8c90c68a2c1a093d0a017d1edb6cac9b2f0bc5a1
---
 daemon/call.c               | 10 ++++++++++
 daemon/call_interfaces.c    |  4 ++++
 docs/ng_control_protocol.md |  8 ++++++++
 include/call_interfaces.h   |  1 +
 4 files changed, 23 insertions(+)

diff --git a/daemon/call.c b/daemon/call.c
index 904635a4a..0bcc3a6ca 100644
--- a/daemon/call.c
+++ b/daemon/call.c
@@ -2104,6 +2104,16 @@ static void __dtls_logic(const struct sdp_ng_flags *flags,
 			&sp->sp_flags, SP_FLAG_SETUP_PASSIVE);
 
 	if (flags) {
+		/* Allow overriding preference of DTLS over SDES */
+		if ((flags->opmode == OP_OFFER || flags->opmode == OP_PUBLISH)
+				&& flags->sdes_prefer
+				&& MEDIA_ISSET(other_media, SDES))
+		{
+			MEDIA_CLEAR(other_media, DTLS);
+			MEDIA_CLEAR(other_media, SETUP_ACTIVE);
+			MEDIA_CLEAR(other_media, SETUP_PASSIVE);
+		}
+
 		/* Special case: if this is an offer and actpass is being offered (as it should),
 		 * we would normally choose to be active. However, if this is a reinvite and we
 		 * were passive previously, we should retain this role. */
diff --git a/daemon/call_interfaces.c b/daemon/call_interfaces.c
index 0c3a42f95..bd6bb2227 100644
--- a/daemon/call_interfaces.c
+++ b/daemon/call_interfaces.c
@@ -561,6 +561,10 @@ INLINE void ng_sdes_option(struct sdp_ng_flags *out, str *s, void *dummy) {
 		case CSH_LOOKUP("nonew"):
 			out->sdes_nonew = 1;
 			break;
+		case CSH_LOOKUP("prefer"):
+		case CSH_LOOKUP("priority"):
+			out->sdes_prefer = 1;
+			break;
 		default:
 			ilog(LOG_WARN, "Unknown 'SDES' flag encountered: '"STR_FORMAT"'",
 					STR_FMT(s));
diff --git a/docs/ng_control_protocol.md b/docs/ng_control_protocol.md
index 1f7fbcd34..d56087ced 100644
--- a/docs/ng_control_protocol.md
+++ b/docs/ng_control_protocol.md
@@ -637,6 +637,14 @@ Optionally included keys are:
 		and instead leave the previously negotiated crypto suite in place. Only useful in
 		subsequent `answer` messages and ignored in `offer` messages.
 
+	- `prefer`
+
+        If an `offer` or `publish` contain both DTLS and SDES options, by
+        default *rtpengine* prefers DTLS over SDES and would end up accepting
+        DTLS. With this option set, in this scenario SDES would be preferred
+        and accepted, while DTLS would be rejected. Useful in combination with
+        `DTLS=off`.
+
 * `supports`
 
 	Contains a list of strings. Each string indicates support for an additional feature
diff --git a/include/call_interfaces.h b/include/call_interfaces.h
index 47216c542..14c174b19 100644
--- a/include/call_interfaces.h
+++ b/include/call_interfaces.h
@@ -195,6 +195,7 @@ struct sdp_ng_flags {
 	             sdes_pad:1,
 	             sdes_static:1,
 	             sdes_nonew:1,
+	             sdes_prefer:1,
 	             drop_traffic_start:1,
 	             drop_traffic_stop:1,
 	             passthrough_on:1,