From bca7b8518207d7e73e8d494d15c228b236abf4a0 Mon Sep 17 00:00:00 2001 From: George Joseph Date: Tue, 6 Feb 2018 11:07:18 -0700 Subject: [PATCH] AST-2018-005: res_pjsip_transport_management: Move to core Since res_pjsip_transport_management provides several attack mitigation features, its functionality moved to res_pjsip and this module has been removed. This way the features will always be available if res_pjsip is loaded. ASTERISK-27618 Reported By: Sandro Gauci Change-Id: I21a2d33d9dda001452ea040d350d7a075f9acf0d --- CHANGES | 11 +++++++ UPGRADE.txt | 8 +++++ res/res_pjsip.c | 6 ++++ res/res_pjsip/include/res_pjsip_private.h | 28 +++++++++++++++++ .../pjsip_transport_management.c} | 30 ++----------------- 5 files changed, 56 insertions(+), 27 deletions(-) rename res/{res_pjsip_transport_management.c => res_pjsip/pjsip_transport_management.c} (94%) diff --git a/CHANGES b/CHANGES index 175d0f0d86..f731b2eb57 100644 --- a/CHANGES +++ b/CHANGES @@ -8,6 +8,17 @@ === ============================================================================== +------------------------------------------------------------------------------ +--- Functionality changes from Asterisk 14.7.5 to Asterisk 14.7.6 ------------ +------------------------------------------------------------------------------ + +res_pjsip_transport_management +------------------ + * Since res_pjsip_transport_management provides several attack + mitigation features, its functionality moved to res_pjsip and + this module has been removed. This way the features will always + be available if res_pjsip is loaded. + ------------------------------------------------------------------------------ --- Functionality changes from Asterisk 14.6.0 to Asterisk 14.7.0 ------------ ------------------------------------------------------------------------------ diff --git a/UPGRADE.txt b/UPGRADE.txt index aaf236ba23..aaaa2f2727 100644 --- a/UPGRADE.txt +++ b/UPGRADE.txt @@ -22,6 +22,14 @@ === UPGRADE-13.txt -- Upgrade info for 12 to 13 =========================================================== +From 14.7.5 to 14.7.6: + +res_pjsip_transport_management: + - Since res_pjsip_transport_management provides several attack + mitigation features, its functionality moved to res_pjsip and + this module has been removed. This way the features will always + be available if res_pjsip is loaded. + From 14.6.0 to 14.7.0: Core: diff --git a/res/res_pjsip.c b/res/res_pjsip.c index 0d816a33c2..0a409a2c27 100644 --- a/res/res_pjsip.c +++ b/res/res_pjsip.c @@ -4674,6 +4674,7 @@ static int unload_pjsip(void *data) ast_res_pjsip_cleanup_options_handling(); ast_res_pjsip_cleanup_message_filter(); ast_sip_destroy_distributor(); + ast_sip_destroy_transport_management(); ast_res_pjsip_destroy_configuration(); ast_sip_destroy_system(); ast_sip_destroy_global_headers(); @@ -4839,6 +4840,11 @@ static int load_module(void) ast_sip_initialize_resolver(); ast_sip_initialize_dns(); + if (ast_sip_initialize_transport_management()) { + ast_log(LOG_ERROR, "Failed to initialize SIP transport management. Aborting load\n"); + goto error; + } + if (ast_sip_initialize_distributor()) { ast_log(LOG_ERROR, "Failed to register distributor module. Aborting load\n"); goto error; diff --git a/res/res_pjsip/include/res_pjsip_private.h b/res/res_pjsip/include/res_pjsip_private.h index 5ce3c6fafc..32a33d83a3 100644 --- a/res/res_pjsip/include/res_pjsip_private.h +++ b/res/res_pjsip/include/res_pjsip_private.h @@ -395,4 +395,32 @@ int ast_sip_initialize_scheduler(void); */ int ast_sip_destroy_scheduler(void); +/*! + * \internal + * \brief Initialize the transport management module + * \since 13.20.0 + * + * The transport management module is responsible for 3 things... + * 1. It automatically destroys any reliable transport that does not + * receive a valid request within system/timer_b milliseconds of the + * connection being opened. (Attack mitigation) + * 2. Since it increments the reliable transport's reference count + * for that period of time, it also prevents issues if the transport + * disconnects while we're still trying to process a response. + * (Attack mitigation) + * 3. If enabled by global/keep_alive_interval, it sends '\r\n' + * keepalives on reliable transports at the interval specified. + * + * \retval -1 Failure + * \retval 0 Success + */ +int ast_sip_initialize_transport_management(void); + +/*! + * \internal + * \brief Destruct the transport management module. + * \since 13.20.0 + */ +void ast_sip_destroy_transport_management(void); + #endif /* RES_PJSIP_PRIVATE_H_ */ diff --git a/res/res_pjsip_transport_management.c b/res/res_pjsip/pjsip_transport_management.c similarity index 94% rename from res/res_pjsip_transport_management.c rename to res/res_pjsip/pjsip_transport_management.c index eb92eb7a51..efda37d7cb 100644 --- a/res/res_pjsip_transport_management.c +++ b/res/res_pjsip/pjsip_transport_management.c @@ -16,12 +16,6 @@ * at the top of the source tree. */ -/*** MODULEINFO - pjproject - res_pjsip - core - ***/ - #include "asterisk.h" #include @@ -32,6 +26,7 @@ #include "asterisk/res_pjsip.h" #include "asterisk/module.h" #include "asterisk/astobj2.h" +#include "include/res_pjsip_private.h" /*! \brief Number of buckets for monitored transports */ #define TRANSPORTS_BUCKETS 127 @@ -319,12 +314,10 @@ static pjsip_module idle_monitor_module = { .on_rx_request = idle_monitor_on_rx_request, }; -static int load_module(void) +int ast_sip_initialize_transport_management(void) { struct ao2_container *transports; - CHECK_PJSIP_MODULE_LOADED(); - transports = ao2_container_alloc(TRANSPORTS_BUCKETS, monitored_transport_hash_fn, monitored_transport_cmp_fn); if (!transports) { @@ -356,11 +349,10 @@ static int load_module(void) ast_sorcery_observer_add(ast_sip_get_sorcery(), "global", &keepalive_global_observer); ast_sorcery_reload_object(ast_sip_get_sorcery(), "global"); - ast_module_shutdown_ref(ast_module_info->self); return AST_MODULE_LOAD_SUCCESS; } -static int unload_module(void) +void ast_sip_destroy_transport_management(void) { if (keepalive_interval) { keepalive_interval = 0; @@ -381,20 +373,4 @@ static int unload_module(void) sched = NULL; ao2_global_obj_release(monitored_transports); - - return 0; -} - -static int reload_module(void) -{ - ast_sorcery_reload_object(ast_sip_get_sorcery(), "global"); - return 0; } - -AST_MODULE_INFO(ASTERISK_GPL_KEY, AST_MODFLAG_LOAD_ORDER, "PJSIP Reliable Transport Management", - .support_level = AST_MODULE_SUPPORT_CORE, - .load = load_module, - .reload = reload_module, - .unload = unload_module, - .load_pri = AST_MODPRI_CHANNEL_DEPEND - 4, -);