asterisk

Commit Graph

Author	SHA1	Message	Date
George Joseph	628f8d7a43	Stir/Shaken Refactor Why do we need a refactor? The original stir/shaken implementation was started over 3 years ago when little was understood about practical implementation. The result was an implementation that wouldn't actually interoperate with any other stir-shaken implementations. There were also a number of stir-shaken features and RFC requirements that were never implemented such as TNAuthList certificate validation, sending Reason headers in SIP responses when verification failed but we wished to continue the call, and the ability to send Media Key(mky) grants in the Identity header when the call involved DTLS. Finally, there were some performance concerns around outgoing calls and selection of the correct certificate and private key. The configuration was keyed by an arbitrary name which meant that for every outgoing call, we had to scan the entire list of configured TNs to find the correct cert to use. With only a few TNs configured, this wasn't an issue but if you have a thousand, it could be. What's changed? * Configuration objects have been refactored to be clearer about their uses and to fix issues. * The "general" object was renamed to "verification" since it contains parameters specific to the incoming verification process. It also never handled ca_path and crl_path correctly. * A new "attestation" object was added that controls the outgoing attestation process. It sets default certificates, keys, etc. * The "certificate" object was renamed to "tn" and had it's key change to telephone number since outgoing call attestation needs to look up certificates by telephone number. * The "profile" object had more parameters added to it that can override default parameters specified in the "attestation" and "verification" objects. * The "store" object was removed altogther as it was never implemented. * We now use libjwt to create outgoing Identity headers and to parse and validate signatures on incoming Identiy headers. Our previous custom implementation was much of the source of the interoperability issues. * General code cleanup and refactor. * Moved things to better places. * Separated some of the complex functions to smaller ones. * Using context objects rather than passing tons of parameters in function calls. * Removed some complexity and unneeded encapsuation from the config objects. Resolves: #351 Resolves: #46 UserNote: Asterisk's stir-shaken feature has been refactored to correct interoperability, RFC compliance, and performance issues. See https://docs.asterisk.org/Deployment/STIR-SHAKEN for more information. UpgradeNote: The stir-shaken refactor is a breaking change but since it's not working now we don't think it matters. The stir_shaken.conf file has changed significantly which means that existing ones WILL need to be changed. The stir_shaken.conf.sample file in configs/samples/ has quite a bit more information. This is also an ABI breaking change since some of the existing objects needed to be changed or removed, and new ones added. Additionally, if res_stir_shaken is enabled in menuselect, you'll need to either have the development package for libjwt v1.15.3 installed or use the --with-libjwt-bundled option with ./configure.	2 years ago
romryz	162c920f90	res_rtp_asterisk.c: Correct coefficient in MOS calculation. Media Experience Score relies on incorrect pseudo_mos variable calculation. According to forming an opinion section of the documentation, calculation relies on ITU-T G.107 standard: https://docs.asterisk.org/Deployment/Media-Experience-Score/#forming-an-opinion ITU-T G.107 Annex B suggests to calculate MOS with a coefficient "seven times ten to the power of negative six", 7 * 10^(-6). which would mean 6 digits after the decimal point. Current implementation has 7 digits after the decimal point, which downrates the calls. Fixes: #597	2 years ago
George Joseph	6871d1cdfc	Reduce startup/shutdown verbose logging When started with a verbose level of 3, asterisk can emit over 1500 verbose message that serve no real purpose other than to fill up logs. When asterisk shuts down, it emits another 1100 that are of even less use. Since the testsuite runs asterisk with a verbose level of 3, and asterisk starts and stops for every one of the 700+ tests, the number of log messages is staggering. Besides taking up resources, it also makes it hard to debug failing tests. This commit changes the log level for those verbose messages to 5 instead of 3 which reduces the number of log messages to only a handful. Of course, NOTICE, WARNING and ERROR message are unaffected. There's also one other minor change... ast_context_remove_extension_callerid2() logs a DEBUG message instead of an ERROR if the extension you're deleting doesn't exist. The pjsip_config_wizard calls that function to clean up the config and has been triggering that annoying error message for years. Resolves: #582	2 years ago
Flole998	775352ee6c	res_pjsip_outbound_registration.c: Add User-Agent header override This introduces a setting for outbound registrations to override the global User-Agent header setting. Resolves: #515 UserNote: PJSIP outbound registrations now support a per-registration User-Agent header	2 years ago
Sean Bright	b916e9c66b	res_pjsip_t38.c: Permit IPv6 SDP connection addresses. The existing code prevented IPv6 addresses from being properly parsed. Fixes #558	2 years ago
Sean Bright	db945243e6	res_pjsip_session.c: Correctly format SDP connection addresses. Resolves a regression identified by @justinludwig involving the rendering of IPv6 addresses in outgoing SDP. Also updates `media_address` on PJSIP endpoints so that if we are able to parse the configured value as an IP we store it in a format that we can directly use later. Based on my reading of the code it appeared that one could configure `media_address` as: ``` [foo] type = endpoint ... media_address = [2001:db8::] ``` And that value would be blindly copied into the outgoing SDP without regard to its format. Fixes #541	2 years ago
Naveen Albert	f4845f756f	res_calendar_icalendar: Print iCalendar error on parsing failure. If libical fails to parse a calendar, print the error message it provdes. Resolves: #492	2 years ago
George Joseph	09052bfa51	Revert "core & res_pjsip: Improve topology change handling." This reverts commit `315eb551db`. Over the past year, we've had several reports of "topology storms" occurring where 2 external facing channels connected by one or more local channels and bridges will get themselves in a state where they continually send each other topology change requests. This usually manifests itself in no-audio calls and a flood of "Exceptionally long queue length" messages. It appears that this commit is the cause so we're reverting it for now until we can determine a more appropriate solution. Resolves: #530	2 years ago
Maximilian Fridrich	14bd1ceef6	res_pjsip_nat: Fix potential use of uninitialized transport details The ast_sip_request_transport_details must be zero initialized, otherwise this could lead to a SEGV. Resolves: #509	2 years ago
George Joseph	8c3ececb12	res_rtp_asterisk: Fix regression issues with DTLS client check * Since ICE candidates are used for the check and pjproject is required to use ICE, res_rtp_asterisk was failing to compile when pjproject wasn't available. The check is now wrapped with an #ifdef HAVE_PJPROJECT. * The rtp->ice_active_remote_candidates container was being used to check the address on incoming packets but that container doesn't contain peer reflexive candidates discovered during negotiation. This was causing the check to fail where it shouldn't. We now check against pjproject's real_ice->rcand array which will contain those candidates. * Also fixed a bug in ast_sockaddr_from_pj_sockaddr() where we weren't zeroing out sin->sin_zero before returning. This was causing ast_sockaddr_cmp() to always return false when one of the inputs was converted from a pj_sockaddr, even if both inputs had the same address and port. Resolves: #500 Resolves: #503 Resolves: #505	2 years ago
Gitea	a1ca026825	res_pjsip_header_funcs: Duplicate new header value, don't copy. When updating an existing header the 'update' code incorrectly just copied the new value into the existing buffer. If the new value exceeded the available buffer size memory outside of the buffer would be written into, potentially causing a crash. This change makes it so that the 'update' now duplicates the new header value instead of copying it into the existing buffer.	2 years ago
Mike Bradeen	39760d109b	res_pjsip: disable raw bad packet logging Add patch to split the log level for invalid packets received on the signaling port. The warning regarding the packet will move to level 2 so that it can still be displayed, while the raw packet will be at level 4.	2 years ago
George Joseph	d7d7764cb0	res_rtp_asterisk.c: Check DTLS packets against ICE candidate list When ICE is in use, we can prevent a possible DOS attack by allowing DTLS protocol messages (client hello, etc) only from sources that are in the active remote candidates list. Resolves: GHSA-hxj9-xwr8-w8pq	2 years ago
Naveen Albert	d1fb397cfc	general: Fix broken links. This fixes a number of broken links throughout the tree, mostly caused by wiki.asterisk.org being replaced with docs.asterisk.org, which should eliminate the need for sporadic fixes as in `f28047db36`. Resolves: #430	2 years ago
Matthew Fredrickson	45da3ff9fa	res_odbc.c: Allow concurrent access to request odbc connections There are valid scenarios where res_odbc's connection pool might have some dead or stuck connections while others are healthy (imagine network elements/firewalls/routers silently timing out connections to a single DB and a single IP address, or a heterogeneous connection pool connected to potentially multiple IPs/instances of a replicated DB using a DNS front end for load balancing and one replica fails). In order to time out those unhealthy connections without blocking access to other parts of Asterisk that may attempt access to the connection pool, it would be beneficial to not lock/block access around the entire pool in _ast_odbc_request_obj2 while doing potentially blocking operations on connection pool objects such as the connection_dead() test, odbc_obj_connect(), or by dereferencing a struct odbc_obj for the last time and triggering a odbc_obj_disconnect(). This would facilitate much quicker and concurrent timeout of dead connections via the connection_dead() test, which could block potentially for a long period of time depending on odbc.ini or other odbc connector specific timeout settings. This also would make rapid failover (in the clustered DB scenario) much quicker. This patch changes the locking in _ast_odbc_request_obj2() to not lock around odbc_obj_connect(), _disconnect(), and connection_dead(), while continuing to lock around truly shared, non-immutable state like the connection_cnt member and the connections list on struct odbc_class. Fixes: #465	2 years ago
Sean Bright	8d87d403bc	res_pjsip_header_funcs.c: Check URI parameter length before copying. Fixes #477	2 years ago
Sean Bright	83636e4b92	res_rtp_asterisk.c: Update for OpenSSL 3+. In `5ac5c2b0` we defined `OPENSSL_SUPPRESS_DEPRECATED` to silence deprecation warnings. This commit switches over to using non-deprecated API.	2 years ago
Sean Bright	611010d67d	res_http_websocket.c: Set hostname on client for certificate validation. Additionally add a `assert()` to in the TLS client setup code to ensure that hostname is set when it is supposed to be. Fixes #433	2 years ago
Sean Bright	c19470497f	resource_channels.c: Explicit codec request when creating UnicastRTP. Fixes #394	2 years ago
Sean Bright	c040179fcf	doc: Update IP Quality of Service links. Fixes #328	2 years ago
George Joseph	f309ffad3d	chan_pjsip: Add PJSIPHangup dialplan app and manager action See UserNote below. Exposed the existing Hangup AMI action in manager.c so we can use all of it's channel search and AMI protocol handling without duplicating that code in dialplan_functions.c. Added a lookup function to res_pjsip.c that takes in the string represenation of the pjsip_status_code enum and returns the actual status code. I.E. ast_sip_str2rc("DECLINE") returns 603. This allows the caller to specify PJSIPHangup(decline) in the dialplan, just like Hangup(call_rejected). Also extracted the XML documentation to its own file since it was almost as large as the code itself. UserNote: A new dialplan app PJSIPHangup and AMI action allows you to hang up an unanswered incoming PJSIP call with a specific SIP response code in the 400 -> 699 range.	2 years ago
Holger Hans Peter Freyther	69590ba33e	ari: Provide the caller ID RDNIS for the channels Provide the caller ID RDNIS when available. This will allow an application to follow the redirect.	2 years ago
Brad Smith	6ec59e1e04	res_rtp_asterisk.c: Fix runtime issue with LibreSSL The module will fail to load. Use proper function DTLS_method() with LibreSSL.	2 years ago
Naveen Albert	b94f8bb216	res_pjsip: Include cipher limit in config error message. If too many ciphers are specified in the PJSIP config, include the maximum number of ciphers that may be specified in the user-facing error message. Resolves: #396	2 years ago
Mike Bradeen	f666dd0dd8	res_speech: allow speech to translate input channel * Allow res_speech to translate the input channel if the format is translatable to a format suppored by the speech provider. Resolves: #129 UserNote: res_speech now supports translation of an input channel to a format supported by the speech provider, provided a translation path is available between the source format and provider capabilites.	2 years ago
Sean Bright	99527745eb	res_rtp_asterisk.c: Fix memory leak in ephemeral certificate creation. Fixes #386	2 years ago
Sean Bright	8283aa40a0	res_pjsip_dtmf_info.c: Add 'INFO' to Allow header. Fixes #376	2 years ago
Sean Bright	8a27d7ef89	pjsip_configuration.c: Disable DTLS renegotiation if WebRTC is enabled. Per RFC8827: Implementations MUST NOT implement DTLS renegotiation and MUST reject it with a "no_renegotiation" alert if offered. So we disable it when webrtc=yes is set. Fixes #378 UpgradeNote: The dtls_rekey will be disabled if webrtc support is requested on an endpoint. A warning will also be emitted.	2 years ago
George Joseph	c32d090e77	res_pjsip_exten_state,res_pjsip_mwi: Allow unload on shutdown Commit `f66f77f` last year prevents the res_pjsip_exten_state and res_pjsip_mwi modules from unloading due to possible pjproject asserts if the modules are reloaded. A side effect of the implementation is that the taskprocessors these modules use aren't being released. When asterisk is doing a graceful shutdown, it waits AST_TASKPROCESSOR_SHUTDOWN_MAX_WAIT seconds for all taskprocessors to stop but since those 2 modules don't release theirs, the shutdown hangs for that amount of time. This change allows the modules to be unloaded and their resources to be released when ast_shutdown_final is true. Resolves: #379	2 years ago
sungtae kim	ddb5c377fd	res_pjsip: Expanding PJSIP endpoint ID and relevant resource length to 255 characters This commit introduces an extension to the endpoint and relevant resource sizes for PJSIP, transitioning from its current 40-character constraint to a more versatile 255-character capacity. This enhancement significantly overcomes limitations related to domain qualification and practical usage, ultimately delivering improved functionality. In addition, it includes adjustments to accommodate the expanded realm size within the ARI, specifically enhancing the maximum realm length. Resolves: #345 UserNote: With this update, the PJSIP realm lengths have been extended to support up to 255 characters. UpgradeNote: As part of this update, the maximum allowable length for PJSIP endpoints and relevant resources has been increased from 40 to 255 characters. To take advantage of this enhancement, it is recommended to run the necessary procedures (e.g., Alembic) to update your schemas.	2 years ago
Mike Bradeen	2694792e13	res_stasis: signal when new command is queued res_statsis's app loop sleeps for up to .2s waiting on input to a channel before re-checking the command queue. This can cause delays between channel setup and bridge. This change is to send a SIGURG on the sleeping thread when a new command is enqueued. This exits the sleeping thread out of the ast_waitfor() call triggering the new command being processed on the channel immediately. Resolves: #362 UserNote: Call setup times should be significantly improved when using ARI.	2 years ago
Holger Hans Peter Freyther	b99606955e	ari/stasis: Indicate progress before playback on a bridge Make it possible to start a playback and the calling party to receive audio on a bridge before the call is connected. Model the implementation after play_on_channel and deliver a AST_CONTROL_PROGRESS before starting the playback. For a PJSIP channel this will result in sending a SIP 183 Session Progress.	2 years ago
Mike Bradeen	2291f196c5	res_pjsip: update qualify_timeout documentation with DNS note The documentation on qualify_timeout does not explicitly state that the timeout includes any time required to perform any needed DNS queries on the endpoint. If the OPTIONS response is delayed due to the DNS query, it can still render an endpoint as Unreachable if the net time is enough for qualify_timeout to expire. Resolves: #352	2 years ago
Mike Bradeen	1885d0677c	res_speech_aeap: add aeap error handling res_speech_aeap previously did not register an error handler with aeap, so it was not notified of a disconnect. This resulted in SpeechBackground never exiting upon a websocket disconnect. Resolves: #303	2 years ago
Tinet-mucw	671eeeca24	res_pjsip_transport_websocket: Prevent transport from being destroyed before message finishes. From the gdb information, ast_websocket_read reads a message successfully, then transport_read is called in the serializer. During execution of pjsip_transport_down, ws_session->stream->fd is closed; ast_websocket_read encounters an error and exits the while loop. After executing transport_shutdown, the transport's reference count becomes 0, causing a crash when sending SIP messages. This was due to pjsip_transport_dec_ref executing earlier than pjsip_rx_data_clone, leading to this issue. In websocket_cb executeing pjsip_transport_add_ref, this we now ensure the transport is not destroyed while in the loop. Resolves: asterisk#299	2 years ago
Vitezslav Novy	8079e5eec4	res_rtp_asterisk: fix wrong counter management in ioqueue objects In function rtp_ioqueue_thread_remove counter in ioqueue object is not decreased which prevents unused ICE TURN threads from being removed. Resolves: #301	2 years ago
George Joseph	6cc101d886	res_pjsip_pubsub: Add body_type to test_handler for unit tests The ast_sip_subscription_handler "test_handler" used for the unit tests didn't set "body_type" so the NULL value was causing a SEGV in build_subscription_tree(). It's now set to "". Resolves: #335	2 years ago
Sean Bright	8cc92b2638	res_stasis_recording.c: Save recording state when unmuted. Fixes #322	2 years ago
Mike Bradeen	62541787f2	res_speech_aeap: check for null format on response * Fixed issue in res_speech_aeap when unable to provide an input format to check against.	2 years ago
Bastian Triller	468df4a12d	res_pjsip_session: Send Session Interval too small response Handle session interval lower than endpoint's configured minimum timer when sending first answer. Timer setting is checked during this step and needs to handled appropriately. Before this change, no response was sent at all. After this change a response with 422 Session Interval too small is sent to UAC.	2 years ago
MikeNaso	eabf036f3d	res_pjsip.c: Set contact_user on incoming call local Contact header If the contact_user is configured on the endpoint it will now be set on the local Contact header URI for incoming calls. The contact_user has already been set on the local Contact header URI for outgoing calls. Resolves: #226	2 years ago
Sean Bright	3b806a3303	extconfig: Allow explicit DB result set ordering to be disabled. Added a new boolean configuration flag - `order_multi_row_results_by_initial_column` - to both res_pgsql.conf and res_config_odbc.conf that allows the administrator to disable the explicit `ORDER BY` that was previously being added to all generated SQL statements that returned multiple rows. Fixes: #179	2 years ago
Naveen Albert	00070bc6bc	res_pjsip_header_funcs: Make prefix argument optional. The documentation for PJSIP_HEADERS claims that prefix is optional, but in the code it is actually not. However, there is no inherent reason for this, as users may want to retrieve all header names, not just those beginning with a certain prefix. This makes the prefix optional for this function, simply fetching all header names if not specified. As a result, the documentation is now correct. Resolves: #230 UserNote: The prefix argument to PJSIP_HEADERS is now optional. If not specified, all header names will be returned.	2 years ago
George Joseph	c3c82441a2	Prepare master for Asterisk 22	2 years ago
Maximilian Fridrich	51a7b18038	core/ari/pjsip: Add refer mechanism This change adds support for refers that are not session based. It includes a refer implementation for the PJSIP technology which results in out-of-dialog REFERs being sent to a PJSIP endpoint. These can be triggered using the new ARI endpoint `/endpoints/refer`. Resolves: #71 UserNote: There is a new ARI endpoint `/endpoints/refer` for referring an endpoint to some URI or endpoint.	2 years ago
Holger Hans Peter Freyther	f335da6b74	res_prometheus: Do not generate broken metrics In `8d6fdf9c3a` invisible bridges were skipped but that lead to producing metrics with no name and no help. Keep track of the number of metrics configured and then only emit these. Add a basic testcase that verifies that there is no '(NULL)' in the output. ASTERISK-30474	2 years ago
Sean Bright	c52b4ce11c	res_pjsip: Enable TLS v1.3 if present. Fixes #221 UserNote: res_pjsip now allows TLS v1.3 to be enabled if supported by the underlying PJSIP library. The bundled version of PJSIP supports TLS v1.3.	2 years ago
Sean Bright	fe467d595c	res_geolocation: Ensure required 'location_info' is present. Fixes #189	2 years ago
zhengsh	d3c4f93ca6	res_rtp_asterisk: Move ast_rtp_rtcp_report_alloc using `rtp->themssrc_valid` into the scope of the rtp_instance lock. From the gdb information, it was found that when calling __ast_free, the size of the allocated space pointed to by the pointer matches the size created when rtp->themssrc_valid is equal to 0. However, in reality, when reading the value of rtp->themssrc_valid in gdb, it is found to be 1. Within ast_rtcp_write(), the call to ast_rtp_rtcp_report_alloc() uses rtp->themssrc_valid, which is outside the protection of the rtp_instance lock. However, ast_rtcp_generate_report(), which is called by ast_rtcp_generate_compound_prefix(), uses rtp->themssrc_valid within the protection of the rtp_instance lock. This can lead to the possibility that the value of rtp->themssrc_valid used in the call to ast_rtp_rtcp_report_alloc() may be different from the value of rtp->themssrc_valid used within ast_rtcp_generate_report(). Resolves: asterisk#63	2 years ago
Mike Bradeen	e84fe59cb2	res_musiconhold: avoid moh state access on unlocked chan Move channel unlock to after moh state access to avoid potential unlocked access to state. Resolves: #133	2 years ago

1 2 3 4 5 ...

5470 Commits (628f8d7a43517e5da5becda33471dc2c44841bb6)