asterisk

Commit Graph

Author	SHA1	Message	Date
James Terhune	fc390cf785	main/stasis_channels.c: Fix crash when setting a global variable with invalid UTF8 characters Add check for null value of chan before referencing it with ast_channel_name() Resolves: #999 (cherry picked from commit `d6b7554012`)	5 months ago
Ben Ford	4d80d7ab22	manager.c: Restrict ListCategories to the configuration directory. When using the ListCategories AMI action, it was possible to traverse upwards through the directories to files outside of the configured configuration directory. This action is now restricted to the configured directory and an error will now be returned if the specified file is outside of this limitation. Resolves: #GHSA-33x6-fj46-6rfh UserNote: The ListCategories AMI action now restricts files to the configured configuration directory.	5 months ago
George Joseph	2f8d008103	core_unreal.c: Fix memory leak in ast_unreal_new_channels() When the channel tech is multistream capable, the reference to chan_topology was passed to the new channel. When the channel tech isn't multistream capable, the reference to chan_topology was never released. "Local" channels are multistream capable so it didn't affect them but the confbridge "CBAnn" and the bridge_media "Recorder" channels are not so they caused a leak every time one of them was created. Also added tracing to ast_stream_topology_alloc() and stream_topology_destroy() to assist with debugging. Resolves: #938 (cherry picked from commit `41162f963b`)	7 months ago
Allan Nathanson	039baa0317	dnsmgr.c: dnsmgr_refresh() incorrectly flags change with DNS round-robin The dnsmgr_refresh() function checks to see if the IP address associated with a name/service has changed. The gotcha is that the ast_get_ip_or_srv() function only returns the first IP address returned by the DNS query. If there are multiple IPs associated with the name and the returned order is not consistent (e.g. with DNS round-robin) then the other IP addresses are not included in the comparison and the entry is flagged as changed even though the IP is still valid. Updated the code to check all IP addresses and flag a change only if the original IP is no longer valid. Resolves: #924 (cherry picked from commit `338e191539`)	7 months ago
George Joseph	04b882397f	manager.c: Add unit test for Originate app and appdata permissions This unit test checks that dialplan apps and app data specified as parameters for the Originate action are allowed with the permissions the user has. (cherry picked from commit `9ecccb21ed`)	7 months ago
Sean Bright	682ad186fb	res_agi.c: Ensure SIGCHLD handler functions are properly balanced. Calls to `ast_replace_sigchld()` and `ast_unreplace_sigchld()` must be balanced to ensure that we can capture the exit status of child processes when we need to. This extends to functions that call `ast_replace_sigchld()` and `ast_unreplace_sigchld()` such as `ast_safe_fork()` and `ast_safe_fork_cleanup()`. The primary change here is ensuring that we do not call `ast_safe_fork_cleanup()` in `res_agi.c` if we have not previously called `ast_safe_fork()`. Additionally we reinforce some of the documentation and add an assertion to, ideally, catch this sooner were this to happen again. Fixes #922 (cherry picked from commit `e1f2866bb6`)	7 months ago
Naveen Albert	ab79321a29	main, res, tests: Fix compilation errors on FreeBSD. asterisk.c, manager.c: Increase buffer sizes to avoid truncation warnings. config.c: Include header file for WIFEXITED/WEXITSTATUS macros. res_timing_kqueue: Use more portable format specifier. test_crypto: Use non-linux limits.h header file. Resolves: #916 (cherry picked from commit `b939d840db`)	7 months ago
Ben Ford	c7beb10006	manager.c: Restrict ModuleLoad to the configured modules directory. When using the ModuleLoad AMI action, it was possible to traverse upwards through the directories to files outside of the configured modules directory. We decided it would be best to restrict access to modules exclusively in the configured directory. You will now get an error when the specified module is outside of this limitation. Fixes: #897 UserNote: The ModuleLoad AMI action now restricts modules to the configured modules directory. (cherry picked from commit `ee9a0f056e`)	7 months ago
Naveen Albert	1372eeba51	astfd.c: Avoid calling fclose with NULL argument. Don't pass through a NULL argument to fclose, which is undefined behavior, and instead return -1 and set errno appropriately. This also avoids a compiler warning with glibc 2.38 and newer, as glibc commit 71d9e0fe766a3c22a730995b9d024960970670af added the nonnull attribute to this argument. Resolves: #900 (cherry picked from commit `2c583be963`)	7 months ago
Peter Jannesen	2f44ac22b2	channel: Preserve CHANNEL(userfield) on masquerade. In certain circumstances a channel may undergo an operation referred to as a masquerade. If this occurs the CHANNEL(userfield) value was not preserved causing it to get lost. This change makes it so that this field is now preserved. Fixes: #882 (cherry picked from commit `fd196e9113`)	7 months ago
George Joseph	6dc00f642a	Fix application references to Background The app is actually named "BackGround" but several references in XML documentation were spelled "Background" with the lower case "g". This was causing documentation links to return "not found" messages. (cherry picked from commit `f71668f0b9`)	7 months ago
George Joseph	56d3070939	manager: Enhance event filtering for performance UserNote: You can now perform more granular filtering on events in manager.conf using expressions like `eventfilter(name(Newchannel),header(Channel),method(starts_with)) = PJSIP/` This is much more efficient than `eventfilter = Event: Newchannel.*Channel: PJSIP/` Full syntax guide is in configs/samples/manager.conf.sample. (cherry picked from commit `b8d16fd800`)	7 months ago
George Joseph	2ca93f0cdc	manager.c: Split XML documentation to manager_doc.xml (cherry picked from commit `dd643bf827`)	7 months ago
George Joseph	6297462fd2	db.c: Remove limit on family/key length Consumers like media_cache have been running into issues with the previous astdb "/family/key" limit of 253 bytes when needing to store things like long URIs. An Amazon S3 URI is a good example of this. Now, instead of using a static 256 byte buffer for "/family/key", we use ast_asprintf() to dynamically create it. Both test_db.c and test_media_cache.c were also updated to use keys/URIs over the old 253 character limit. Resolves: #881 UserNote: The `ast_db_()` APIs have had the 253 byte limit on "/family/key" removed and will now accept families and keys with a total length of up to SQLITE_MAX_LENGTH (currently 1e9!). This affects the `DB` dialplan applications, dialplan functions, manager actions and `databse` CLI commands. Since the media_cache also uses the `ast_db_*()` APIs, you can now store resources with URIs longer than 253 bytes. (cherry picked from commit `ff7d094803`)	7 months ago
Alexei Gradinari	a06c18e8bd	autoservice: Do not sleep if autoservice_stop is called within autoservice thread It's possible that ast_autoservice_stop is called within the autoservice thread. In this case the autoservice thread is stuck in an endless sleep. To avoid endless sleep ast_autoservice_stop must check that it's not called within the autoservice thread. Fixes: #763 (cherry picked from commit `6c5c1e5426`)	9 months ago
George Joseph	b506faaa2d	res_resolver_unbound: Test for NULL ub_result in unbound_resolver_callback The ub_result pointer passed to unbound_resolver_callback by libunbound can be NULL if the query was for something malformed like `.1` or `[.1]`. If it is, we now set a 'ns_r_formerr' result and return instead of crashing with a SEGV. This causes pjproject to simply cancel the transaction with a "No answer record in the DNS response" error. The existing "off nominal" unit test was also updated to check this condition. Although not necessary for this fix, we also made ast_dns_resolver_completed() tolerant of a NULL result. Resolves: GHSA-v428-g3cw-7hv9 (cherry picked from commit `d2d0c507ff`)	9 months ago
Mike Bradeen	add94582ba	res_pjsip_sdp_rtp: Use negotiated DTMF Payload types on bitrate mismatch When Asterisk sends an offer to Bob that includes 48K and 8K codecs with matching 4733 offers, Bob may want to use the 48K audio codec but can not accept 48K digits and so negotiates for a mixed set. Asterisk will now check Bob's offer to make sure Bob has indicated this is acceptible and if not, will use Bob's preference. Fixes: #847 (cherry picked from commit `4972cc8668`)	9 months ago
Alexei Gradinari	045d6c5fc1	res_pjsip_sdp_rtp fix leaking astobj2 ast_format PR #700 added a preferred_format for the struct ast_rtp_codecs, but when set the preferred_format it leaks an astobj2 ast_format. In the next code ast_rtp_codecs_set_preferred_format(&codecs, ast_format_cap_get_format(joint, 0)); both functions ast_rtp_codecs_set_preferred_format and ast_format_cap_get_format increases the ao2 reference count. Fixes: #856 (cherry picked from commit `6ef4548223`)	9 months ago
George Joseph	2328a0ab3a	manager.c: Fix FRACK when doing CoreShowChannelMap in DEVMODE If you run an AMI CoreShowChannelMap on a channel that isn't in a bridge and you're in DEVMODE, you can get a FRACK because the bridge id is empty. We now simply return an empty list for that request.	10 months ago
Ben Ford	fb0e46e464	channel: Add multi-tenant identifier. This patch introduces a new identifier for channels: tenantid. It's a stringfield on the channel that can be used for general purposes. It will be inherited by other channels the same way that linkedid is. You can set tenantid in a few ways. The first is to set it in the dialplan with the Set and CHANNEL functions: exten => example,1,Set(CHANNEL(tenantid)=My tenant ID) It can also be accessed via CHANNEL: exten => example,2,NoOp(CHANNEL(tenantid)) Another method is to use the new tenantid option for pjsip endpoints in pjsip.conf: [my_endpoint] type=endpoint tenantid=My tenant ID This is considered the best approach since you will be able to see the tenant ID as early as the Newchannel event. It can also be set using set_var in pjsip.conf on the endpoint like setting other channel variable: set_var=CHANNEL(tenantid)=My tenant ID Note that set_var will not show tenant ID on the Newchannel event, however. Tenant ID has also been added to CDR. It's read-only and can be accessed via CDR(tenantid). You can also get the tenant ID of the last channel communicated with via CDR(peertenantid). Tenant ID will also show up in CEL records if it has been set, and the version number has been bumped accordingly. Fixes: #740 UserNote: tenantid has been added to channels. It can be read in dialplan via CHANNEL(tenantid), and it can be set using Set(CHANNEL(tenantid)=My tenant ID). In pjsip.conf, it is recommended to use the new tenantid option for pjsip endpoints (e.g., tenantid=My tenant ID) so that it will show up in Newchannel events. You can set it like any other channel variable using set_var in pjsip.conf as well, but note that this will NOT show up in Newchannel events. Tenant ID is also available in CDR and can be accessed with CDR(tenantid). The peer tenant ID can also be accessed with CDR(peertenantid). CEL includes tenant ID as well if it has been set. UpgradeNote: A new versioned struct (ast_channel_initializers) has been added that gets passed to __ast_channel_alloc_ap. The new function ast_channel_alloc_with_initializers should be used when creating channels that require the use of this struct. Currently the only value in the struct is for tenantid, but now more fields can be added to the struct as necessary rather than the __ast_channel_alloc_ap function. A new option (tenantid) has been added to endpoints in pjsip.conf as well. CEL has had its version bumped to include tenant ID.	10 months ago
gibbz00	99a5064a07	feat: ARI "ChannelToneDetected" event A stasis event is now produced when using the TONE_DETECT dialplan function. This event is published over ARI using the ChannelToneDetected event. This change does not make it available over AMI. Fixes: #811 UserNote: Setting the TONE_DETECT dialplan function on a channel in ARI will now cause a ChannelToneDetected ARI event to be raised when the specified tone is detected.	10 months ago
George Joseph	0f67c2696f	manager.c: Add entries to Originate blacklist Added Reload and DBdeltree to the list of dialplan application that can't be executed via the Originate manager action without also having write SYSTEM permissions. Added CURL, DB, FILE, ODBC and REALTIME to the list of dialplan functions that can't be executed via the Originate manager action without also having write SYSTEM permissions. If the Queue application is attempted to be run by the Originate manager action and an AGI parameter is specified in the app data, it'll be rejected unless the manager user has either the AGI or SYSTEM permissions. Resolves: #GHSA-c4cg-9275-6w44	10 months ago
George Joseph	cee50bab7a	rtp_engine.c: Prevent segfault in ast_rtp_codecs_payloads_unset() There can be empty slots in payload_mapping_tx corresponding to dynamic payload types that haven't been seen before so we now check for NULL before attempting to use 'type' in the call to ast_format_cmp. Note: Currently only chan_sip calls ast_rtp_codecs_payloads_unset() Resolves: #822	11 months ago
George Joseph	b8c440a52f	stasis_channels: Use uniqueid and name to delete old snapshots Whenver a new channel snapshot is created or when a channel is destroyed, we need to delete any existing channel snapshot from the snapshot cache. Historically, we used the channel->snapshot pointer to delete any existing snapshots but this has two issues. First, if something (possibly ast_channel_internal_swap_snapshots) sets channel->snapshot to NULL while there's still a snapshot in the cache, we wouldn't be able to delete it and it would be orphaned when the channel is destroyed. Since we use the cache to list channels from the CLI, AMI and ARI, it would appear as though the channel was still there when it wasn't. Second, since there are actually two caches, one indexed by the channel's uniqueid, and another indexed by the channel's name, deleting from the caches by pointer requires a sequential search of all of the hash table buckets in BOTH caches to find the matching snapshots. Not very efficient. So, we now delete from the caches using the channel's uniqueid and name. This solves both issues. This doesn't address how channel->snapshot might have been set to NULL in the first place because although we have concrete evidence that it's happening, we haven't been able to reproduce it. Resolves: #783	12 months ago
George Joseph	6e73af341a	app_voicemail_odbc: Allow audio to be kept on disk This commit adds a new voicemail.conf option 'odbc_audio_on_disk' which when set causes the ODBC variant of app_voicemail to leave the message and greeting audio files on disk and only store the message metadata in the database. This option came from a concern that the database could grow to large and cause remote access and/or replication to become slow. In a clustering situation with this option, all asterisk instances would share the same database for the metadata and either use a shared filesystem or other filesystem replication service much more suitable for synchronizing files. The changes to app_voicemail to implement this feature were actually quite small but due to the complexity of the module, the actual source code changes were greater. They fall into the following categories: * Tracing. The module is so complex that it was impossible to figure out the path taken for various scenarios without the addition of many SCOPE_ENTER, SCOPE_EXIT and ast_trace statements, even in code that's not related to the functional change. Making this worse was the fact that many "if" statements in this module didn't use braces. Since the tracing macros add multiple statements, many "if" statements had to be converted to use braces. * Excessive use of PATH_MAX. Previous maintainers of this module used PATH_MAX to allocate character arrays for filesystem paths and SQL statements as though they cost nothing. In fact, PATH_MAX is defined as 4096 bytes! Some functions had (and still have) multiples of these. One function has 7. Given that the vast majority of installations use the default spool directory path `/var/spool/asterisk/voicemail`, the actual path length is usually less than 80 bytes. That's over 4000 bytes wasted. It was the same for SQL statement buffers. A 4K buffer for statement that only needed 60 bytes. All of these PATH_MAX allocations in the ODBC related code were changed to dynamically allocated buffers. The rest will have to be addressed separately. * Bug fixes. During the development of this feature, several pre-existing ODBC related bugs were discovered and fixed. They had to do with leaving orphaned files on disk, not preserving original message ids when moving messages between folders, not honoring the "formats" config parameter in certain circumstances, etc. UserNote: This commit adds a new voicemail.conf option 'odbc_audio_on_disk' which when set causes the ODBC variant of app_voicemail_odbc to leave the message and greeting audio files on disk and only store the message metadata in the database. Much more information can be found in the voicemail.conf.sample file.	12 months ago
Tinet-mucw	7d28165cb1	bridge_basic.c: Make sure that ast_bridge_channel is not destroyed while iterating over bridge->channels. From the gdb information, we can see that while iterating over bridge->channels, the ast_bridge_channel reference count is 0, indicating it has already been destroyed.Additionally, when ast_bridge_channel is removed from bridge->channels, the bridge is first locked. Therefore, locking the bridge before iterating over bridge->channels can resolve the race condition. Resolves: https://github.com/asterisk/asterisk/issues/768	12 months ago
Alexei Gradinari	4280d7cd77	pbx.c: expand fields width of "core show hints" The current width for "extension" is 20 and "device state id" is 20, which is too small. The "extension" field contains "ext"@"context", so 20 characters is not enough. The "device state id" field, for example for Queue pause state contains Queue:"queue_name"_pause_PSJIP/"endpoint", so the 20 characters is not enough. Increase the width of "extension" field to 30 characters and the width of the "device state id" field to 60 characters. Resolves: #770 UserNote: The fields width of "core show hints" were increased. The width of "extension" field to 30 characters and the width of the "device state id" field to 60 characters.	12 months ago
Sean Bright	26eabed246	manager.c: Properly terminate `CoreShowChannelMap` event. Fixes #761	1 year ago
Bastian Triller	843cc8f2cd	cli: Show configured cache dir Since Asterisk 19 it is possible to cache recorded files into another directory [1] [2]. Show configured location of cache dir in CLI's core show settings. [1] ASTERISK-29143 [2] `b08427134f`	1 year ago
Sean Bright	f3e88d366c	xml.c: Update deprecated libxml2 API usage. Two functions are deprecated as of libxml2 2.12: * xmlSubstituteEntitiesDefault * xmlParseMemory So we update those with supported API. Additionally, `res_calendar_caldav` has been updated to use libxml2's xmlreader API instead of the SAX2 API which has always felt a little hacky (see deleted comment block in `res_calendar_caldav.c`). The xmlreader API has been around since libxml2 2.5.0 which was released in 2003. Fixes #725	1 year ago
Sean Bright	e1db3027af	asterisk.c: Don't log an error if .asterisk_history does not exist. Fixes #751	1 year ago
Sean Bright	f3449f3370	file.h: Rename function argument to avoid C++ keyword clash. Fixes #744	1 year ago
Mike Bradeen	3b4d2a6506	rtp_engine: add support for multirate RFC2833 digits Add RFC2833 DTMF support for 16K, 24K, and 32K bitrate codecs. Asterisk currently treats RFC2833 Digits as a single rtp payload type with a fixed bitrate of 8K. This change would expand that to 8, 16, 24 and 32K. This requires checking the offered rtp types for any of these bitrates and then adding an offer for each (if configured for RFC2833.) DTMF generation must also be changed in order to look at the current outbound codec in order to generate appropriately timed rtp. For cases where no outgoing audio has yet been sent prior to digit generation, Asterisk now has a concept of a 'preferred' codec based on offer order. On inbound calls Asterisk will mimic the payload types of the RFC2833 digits. On outbound calls Asterisk will choose the next free payload types starting with 101. UserNote: No change in configuration is required in order to enable this feature. Endpoints configured to use RFC2833 will automatically have this enabled. If the endpoint does not support this, it should not include it in the SDP offer/response. Resolves: #699	1 year ago
Ivan Poddubny	29675e3aab	asterisk.c: Fix sending incorrect messages to systemd notify Send "RELOADING=1" instead of "RELOAD=1" to follow the format expected by systemd (see sd_notify(3) man page). Do not send STOPPING=1 in remote console mode: attempting to execute "asterisk -rx" by the main process leads to a warning if NotifyAccess=main (the default) or to a forced termination if NotifyAccess=all.	1 year ago
Naveen Albert	1f1c5bb902	logger: Add unique verbose prefixes for levels 5-10. Add unique verbose prefixes for levels higher than 4, so that these can be visually differentiated from each other. Resolves: #721	1 year ago
Naveen Albert	7cffbabe5c	say.c: Fix cents off-by-one due to floating point rounding. Some of the money announcements can be off by one cent, due to the use of floating point in the money calculations, which is bad for obvious reasons. This replaces floating point with simple string parsing to ensure the cents value is converted accurately. Resolves: #525	1 year ago
Naveen Albert	01ff5c8140	loader.c: Allow dependent modules to be unloaded recursively. Because of the (often recursive) nature of module dependencies in Asterisk, hot swapping a module on the fly is cumbersome if a module is depended on by other modules. Currently, dependencies must be popped manually by unloading dependents, unloading the module of interest, and then loading modules again in reverse order. To make this easier, the ability to do this recursively in certain circumstances has been added, as an optional extension to the "module refresh" command. If requested, Asterisk will check if a module that has a positive usecount could be unloaded safely if anything recursively dependent on it were unloaded. If so, it will go ahead and unload all these modules and load them back again. This makes hot swapping modules that provide dependencies much easier. Resolves: #474 UserNote: In certain circumstances, modules with dependency relations can have their dependents automatically recursively unloaded and loaded again using the "module refresh" CLI command or the ModuleLoad AMI command.	1 year ago
George Joseph	8e119a72f0	tcptls/iostream: Add support for setting SNI on client TLS connections If the hostname field of the ast_tcptls_session_args structure is set (which it is for websocket client connections), that hostname will now automatically be used in an SNI TLS extension in the client hello. Resolves: #713 UserNote: Secure websocket client connections now send SNI in the TLS client hello.	1 year ago
Spiridonov Dmitry	7e7a603360	sorcery.c: Fixed crash error when executing "module reload" Fixed crash error when cli "module reload". The error appears when compiling with res_prometheus and using the sorcery memory cache for registrations	1 year ago
Naveen Albert	c1b69d460d	callerid.c: Parse previously ignored Caller ID parameters. Commit `f2f397c1a8` previously made it possible to send Caller ID parameters to FXS stations which, prior to that, could not be sent. This change is complementary in that we now handle receiving all these parameters on FXO lines and provide these up to the dialplan, via chan_dahdi. In particular: * If a redirecting reason is provided, the channel's redirecting reason is set. No redirecting number is set, since there is no parameter for this in the Caller ID protocol, but the reason can be checked to determine if and why a call was forwarded. * If the Call Qualifier parameter is received, the Call Qualifier variable is set. * Some comments have been added to explain why some of the code is the way it is, to assist other people looking at it. With this change, Asterisk's Caller ID implementation is now reasonably complete for both FXS and FXO operation. Resolves: #681	1 year ago
Naveen Albert	a0b579807c	file.c, channel.c: Don't emit warnings if progress received. Silently ignore AST_CONTROL_PROGRESS where appropriate, as most control frames already are. Resolves: #696	1 year ago
George Joseph	70fd8f1c93	rtp_engine and stun: call ast_register_atexit instead of ast_register_cleanup rtp_engine.c and stun.c were calling ast_register_cleanup which is skipped if any loadable module can't be cleanly unloaded when asterisk shuts down. Since this will always be the case, their cleanup functions never get run. In a practical sense this makes no difference since asterisk is shutting down but if you're in development mode and trying to use the leak sanitizer, the leaks from both of those modules clutter up the output.	1 year ago
George Joseph	52881ef6e5	manager.c: Add missing parameters to Login documentation * Added the AuthType and Key parameters for MD5 authentication. * Added the Events parameter. Resolves: #689	1 year ago
George Joseph	f6b9d9e7d7	Fix incorrect application and function documentation references There were a few references in the embedded documentation XML where the case didn't match or where the referenced app or function simply didn't exist any more. These were causing 404 responses in docs.asterisk.org.	1 year ago
Sean Bright	2b5673b68d	cli.c: `core show channels concise` is not really deprecated. Fixes #675	1 year ago
jonatascalebe	988986bdc9	manager.c: Add new parameter 'PreDialGoSub' to Originate AMI action manager.c: Add new parameter 'PreDialGoSub' to Originate AMI action The action originate does not has the ability to run an subroutine at initial channel, like the Aplication Originate. This update give this ability for de action originate too. For example, we can run a routine via Gosub on the channel to request an automatic answer, so the caller does not need to accept the call when using the originate command via manager, making the operation more efficient. UserNote: When using the Originate AMI Action, we now can pass the PreDialGoSub parameter, instructing the asterisk to perform an subrouting at channel before call start. With this parameter an call initiated by AMI can request the channel to start the call automaticaly, adding a SIP header to using GoSUB, instructing to autoanswer the channel, and proceeding the outbuound extension executing. Exemple of an context to perform the previus indication: [addautoanswer] exten => _s,1,Set(PJSIP_HEADER(add,Call-Info)=answer-after=0) exten => _s,n,Set(PJSIP_HEADER(add,Alert-Info)=answer-after=0) exten => _s,n,Return()	1 year ago
Naveen Albert	fc80bed5a7	pbx_variables.c: Prevent SEGV due to stack overflow. It is possible for dialplan to result in an infinite recursion of variable substitution, which eventually leads to stack overflow. If we detect this, abort substitution and log an error for the user to fix the broken dialplan. Resolves: #480 UpgradeNote: The maximum amount of dialplan recursion using variable substitution (such as by using EVAL_EXTEN) is capped at 15.	1 year ago
Naveen Albert	ef7788e0e4	manager.c: Add CLI command to kick AMI sessions. This adds a CLI command that can be used to manually kick specific AMI sessions. Resolves: #485 UserNote: The "manager kick session" CLI command now allows kicking a specified AMI session.	1 year ago
George Joseph	628f8d7a43	Stir/Shaken Refactor Why do we need a refactor? The original stir/shaken implementation was started over 3 years ago when little was understood about practical implementation. The result was an implementation that wouldn't actually interoperate with any other stir-shaken implementations. There were also a number of stir-shaken features and RFC requirements that were never implemented such as TNAuthList certificate validation, sending Reason headers in SIP responses when verification failed but we wished to continue the call, and the ability to send Media Key(mky) grants in the Identity header when the call involved DTLS. Finally, there were some performance concerns around outgoing calls and selection of the correct certificate and private key. The configuration was keyed by an arbitrary name which meant that for every outgoing call, we had to scan the entire list of configured TNs to find the correct cert to use. With only a few TNs configured, this wasn't an issue but if you have a thousand, it could be. What's changed? * Configuration objects have been refactored to be clearer about their uses and to fix issues. * The "general" object was renamed to "verification" since it contains parameters specific to the incoming verification process. It also never handled ca_path and crl_path correctly. * A new "attestation" object was added that controls the outgoing attestation process. It sets default certificates, keys, etc. * The "certificate" object was renamed to "tn" and had it's key change to telephone number since outgoing call attestation needs to look up certificates by telephone number. * The "profile" object had more parameters added to it that can override default parameters specified in the "attestation" and "verification" objects. * The "store" object was removed altogther as it was never implemented. * We now use libjwt to create outgoing Identity headers and to parse and validate signatures on incoming Identiy headers. Our previous custom implementation was much of the source of the interoperability issues. * General code cleanup and refactor. * Moved things to better places. * Separated some of the complex functions to smaller ones. * Using context objects rather than passing tons of parameters in function calls. * Removed some complexity and unneeded encapsuation from the config objects. Resolves: #351 Resolves: #46 UserNote: Asterisk's stir-shaken feature has been refactored to correct interoperability, RFC compliance, and performance issues. See https://docs.asterisk.org/Deployment/STIR-SHAKEN for more information. UpgradeNote: The stir-shaken refactor is a breaking change but since it's not working now we don't think it matters. The stir_shaken.conf file has changed significantly which means that existing ones WILL need to be changed. The stir_shaken.conf.sample file in configs/samples/ has quite a bit more information. This is also an ABI breaking change since some of the existing objects needed to be changed or removed, and new ones added. Additionally, if res_stir_shaken is enabled in menuselect, you'll need to either have the development package for libjwt v1.15.3 installed or use the --with-libjwt-bundled option with ./configure.	1 year ago
Sebastian Jennen	ea8ead4e13	translate.c: implement new direct comp table mode The new mode lists for each codec translation the actual real cost in cpu microseconds per second translated audio. This allows to compare the real cpu usage of translations and helps in evaluation of codec implementation changes regarding performance (regression testing). - add new table mode - hide the 999999 comp values, as these only indicate an issue with transcoding - hide the 0 values, as these also do not contain any information (only indicate a multistep transcoding) Resolves: #601	1 year ago

1 2 3 4 5 ...

6872 Commits (42629c695d402b01ab8fd5f4385a29b61a003b9f)