From 9fb21a461d9288c25c6b39188d68a3dbea08c12d Mon Sep 17 00:00:00 2001 From: Dmitry Date: Thu, 28 Aug 2025 15:54:21 +0300 Subject: [PATCH 1/5] fix stir/shaken x5u info --- en/best-practices/stir-shaken.rst | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/en/best-practices/stir-shaken.rst b/en/best-practices/stir-shaken.rst index a4004dc..2da927d 100644 --- a/en/best-practices/stir-shaken.rst +++ b/en/best-practices/stir-shaken.rst @@ -16,7 +16,7 @@ The Yeti system does not require any external components to perform these operat gw2[Termination provider] - gw1 -->|legA SIP initial INVITE
**Identity:.....;x5u=https:\/\/example.com/certs/pub.pem**| validation-logic + gw1 -->|legA SIP initial INVITE
**Identity:.....;info=https:\/\/example.com/certs/pub.pem**| validation-logic validation-logic --> call-routing validation-logic --> call-reject call-routing --> signing-logic @@ -52,11 +52,12 @@ Signature validation logic is controlled by :ref:`Customers Auth STIR/SHAKEN set Depending on the configuration, Yeti may take different actions if the signature is missing or invalid. The validation procedure requires a public key certificate to perform the cryptographic signature check. -This certificate is retrieved from a public repository according to the **X5U** parameter of the incoming Identity header. +This certificate is retrieved from a public repository according to the ``info`` parameter of the incoming Identity header. During signature validation, Yeti performs the following steps: - - Check if the public certificate repository URL from the **X5U** parameter is allowed by :ref:`Trusted repository configuration ` + - Check if Identity header patameter ``info`` is same as Identity payload claim ``x5u`` + - Check if the public certificate repository URL from the ``info`` parameter and ``x5u`` claim is allowed by :ref:`Trusted repository configuration ` - Retrieve the public certificate from the repository URL or from the internal cache - Verify that the public certificate is valid and not expired - Ensure that the certificate chain is linked to a trusted root certificate defined in :ref:`Trusted certificates configuration ` From e7bc0ecb350b213ebb69cfff83a60412a8f6911c Mon Sep 17 00:00:00 2001 From: Dmitry Date: Fri, 19 Sep 2025 16:03:42 +0300 Subject: [PATCH 2/5] fix --- en/best-practices/stir-shaken.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/en/best-practices/stir-shaken.rst b/en/best-practices/stir-shaken.rst index 2da927d..b1c3913 100644 --- a/en/best-practices/stir-shaken.rst +++ b/en/best-practices/stir-shaken.rst @@ -56,8 +56,8 @@ This certificate is retrieved from a public repository according to the ``info`` During signature validation, Yeti performs the following steps: - - Check if Identity header patameter ``info`` is same as Identity payload claim ``x5u`` - - Check if the public certificate repository URL from the ``info`` parameter and ``x5u`` claim is allowed by :ref:`Trusted repository configuration ` + - Check if Identity header patameter ``info`` is same as Identity JWT header ``x5u`` + - Check if the public certificate repository URL from the ``info`` parameter and ``x5u`` JWT header is allowed by :ref:`Trusted repository configuration ` - Retrieve the public certificate from the repository URL or from the internal cache - Verify that the public certificate is valid and not expired - Ensure that the certificate chain is linked to a trusted root certificate defined in :ref:`Trusted certificates configuration ` From 102d46dd97232be5ac3d6980b43b3a45669d9049 Mon Sep 17 00:00:00 2001 From: Dmitry Date: Fri, 19 Sep 2025 16:18:33 +0300 Subject: [PATCH 3/5] codec group fix --- en/web-interface/equipment/codec_groups.rst | 66 +++++++++++++-------- 1 file changed, 42 insertions(+), 24 deletions(-) diff --git a/en/web-interface/equipment/codec_groups.rst b/en/web-interface/equipment/codec_groups.rst index 2b670f8..fd2d392 100644 --- a/en/web-interface/equipment/codec_groups.rst +++ b/en/web-interface/equipment/codec_groups.rst @@ -1,28 +1,46 @@ - .. _codec_groups: -Codec groups -~~~~~~~~~~~~ - -Codec groups allows to create arbitrary sets of media codecs and applies them to the Gateways. Groups can differ in the composition of codecs, their priority and traffic codes, which allows to process different scenarios when processing calls. - -**Codec group**'s attributes: -````````````````````````````` - Id - Unique Codec group's id. - Name - Codec group's name. - Codecs - Each codec has the following attributes: - - Codec - Codec's name. All available codecs are presented in drop-down list. - Priority - Codec priority in SDP. Less value means higher priority. - Must be unique within group. - Dynamic payload type - Payload type override (allowed only values from dynamic range). - Format parameters - Non-standard value for fmt param SDP attribute. +============ +Codec Groups +============ + +Codec groups allow you to create arbitrary sets of media codecs and apply them to Gateways. +They may differ in codec composition, priority, and traffic parameters. +This flexibility enables handling of various call-processing scenarios. + +Codec Group Attributes +====================== + +Id + A unique identifier of the codec group. + +Name + The name of the codec group. + +Ptime + Packetization time in milliseconds. + + - If left empty, the system will use the default value (**20 ms**) in SDP offers. + - In SDP answers, the system accepts the value announced by the other leg. + + Different packetization times between call legs trigger the transcoding mechanism. + +Codecs + Each codec entry has the following attributes: + + Codec + The codec name. All available codecs are listed in the drop-down menu. + + Priority + The codec priority determines its order in SDP offers and answers. + + - A higher value means a higher position. + - Must be unique within the group. + + Dynamic Payload Type + Optional override of the codec’s payload type + (only values from the dynamic range are allowed). + Format Parameters + Custom value for the **fmtp** SDP attribute. From f08b4d211b3674c6d1f645478d461fee24cc5501 Mon Sep 17 00:00:00 2001 From: Dmitry Date: Fri, 19 Sep 2025 18:13:56 +0300 Subject: [PATCH 4/5] allow packetization word --- en/spelling_wordlist.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/en/spelling_wordlist.txt b/en/spelling_wordlist.txt index 0018e08..4ec51fa 100644 --- a/en/spelling_wordlist.txt +++ b/en/spelling_wordlist.txt @@ -127,6 +127,8 @@ pai param Params params +packetization +Packetization pcap pcap pgq From 42114d28a5078e7e4279bccc15b029c0106959da Mon Sep 17 00:00:00 2001 From: Dmitry Date: Mon, 13 Oct 2025 11:45:58 +0300 Subject: [PATCH 5/5] typo --- en/best-practices/stir-shaken.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/en/best-practices/stir-shaken.rst b/en/best-practices/stir-shaken.rst index b1c3913..812eee2 100644 --- a/en/best-practices/stir-shaken.rst +++ b/en/best-practices/stir-shaken.rst @@ -56,7 +56,7 @@ This certificate is retrieved from a public repository according to the ``info`` During signature validation, Yeti performs the following steps: - - Check if Identity header patameter ``info`` is same as Identity JWT header ``x5u`` + - Check if Identity header parameter ``info`` is same as Identity JWT header ``x5u`` - Check if the public certificate repository URL from the ``info`` parameter and ``x5u`` JWT header is allowed by :ref:`Trusted repository configuration ` - Retrieve the public certificate from the repository URL or from the internal cache - Verify that the public certificate is valid and not expired