diff --git a/modules/rtpengine/doc/rtpengine.xml b/modules/rtpengine/doc/rtpengine.xml
index 6b0e208973c..438baf2ca12 100644
--- a/modules/rtpengine/doc/rtpengine.xml
+++ b/modules/rtpengine/doc/rtpengine.xml
@@ -91,7 +91,7 @@
VoIPEmbedded Inc.
- 2013-2014
+ 2013-2015
Sipwise GmbH
diff --git a/modules/rtpengine/doc/rtpengine_admin.xml b/modules/rtpengine/doc/rtpengine_admin.xml
index 140ad6bd514..ecc5c1e2d80 100644
--- a/modules/rtpengine/doc/rtpengine_admin.xml
+++ b/modules/rtpengine/doc/rtpengine_admin.xml
@@ -476,11 +476,17 @@ rtpengine_offer();
trust-address - flags that IP address in &sdp; should
- be trusted. Without this flag, the &rtp; proxy ignores address in
+ be trusted. Starting with rtpengine 3.8, this is the default behaviour.
+ In older versions, without this flag the &rtp; proxy ignores the address in
the &sdp; and uses source address of the &sip; message as media
address which is passed to the &rtp; proxy.
+ SIP-source-address - the opposite of
+ trust-address. Restores the old default behaviour
+ of ignoring endpoint addresses in the &sdp; body.
+
+
replace-origin - flags that IP from the origin
description (o=) should be also changed.
@@ -590,6 +596,39 @@ rtpengine_offer();
immediate deletion. This option only makes sense for delete
operations.
+
+ strict-source - instructs the &rtp; proxy to check the
+ source addresses of all incoming &rtp; packets and drop the packets if the
+ address doesn't match.
+
+
+ media-handover - the antithesis of
+ strict-source. Instructs the &rtp; proxy not only to accept
+ mismatching &rtp; source addresses (as it normally would), but also to accept
+ them as the new endpoint address of the opposite media flow. Not recommended
+ as it allows media streams to be hijacked by an attacker.
+
+
+ DTLS=... - influence the behaviour of DTLS-SRTP. Possible
+ values are no
or off
to suppress offering or
+ accepting DTLS-SRTP, and passive
to prefer participating in
+ DTLS-SRTP in a passive role.
+
+
+ SDES-off - don't offer SDES when it normally would. In an SRTP
+ context, this leaves DTLS-SRTP as the only other option.
+
+
+ SDES-unencrypted_srtp, SDES-unencrypted_srtcp,
+ SDES-unauthenticated_srtp - these directly reflect the SDES session
+ parameters from RFC 4568 and will make the &rtp; proxy offer these parameters
+ when offering SDES.
+
+
+ SDES-encrypted_srtp, SDES-encrypted_srtcp,
+ SDES-authenticated_srtp - the opposites of the flags above. Useful
+ if accepting these parameters is not desired and they should be rejected instead.
+