asterisk

Commit Graph

Author	SHA1	Message	Date
Alexei Gradinari	336f6bd627	sorcery: Prevent duplicate objects and ensure missing objects are created on update This patch resolves two issues in Sorcery objectset handling with multiple backends: 1. Prevent duplicate objects: When an object exists in more than one backend (e.g., a contact in both 'astdb' and 'realtime'), the objectset previously returned multiple instances of the same logical object. This caused logic failures in components like the PJSIP registrar, where duplicate contact entries led to overcounting and incorrect deletions, when max_contacts=1 and remove_existing=yes. This patch ensures only one instance of an object with a given key is added to the objectset, avoiding these duplicate-related side effects. 2. Ensure missing objects are created: When using multiple writable backends, a temporary backend failure can lead to objects missing permanently from that backend. Currently, .update() silently fails if the object is not present, and no .create() is attempted. This results in inconsistent state across backends (e.g. astdb vs. realtime). This patch introduces a new global option in sorcery.conf: [general] update_or_create_on_update_miss = yes\|no Default: no (preserves existing behavior). When enabled: if .update() fails with no data found, .create() is attempted in that backend. This ensures that objects missing due to temporary backend outages are re-synchronized once the backend is available again. Added a new CLI command: sorcery show settings Displays global Sorcery settings, including the current value of update_or_create_on_update_miss. Updated tests to validate both flag enabled/disabled behavior. Fixes: #1289 UserNote: Users relying on Sorcery multiple writable backends configurations (e.g., astdb + realtime) may now enable update_or_create_on_update_miss = yes in sorcery.conf to ensure missing objects are recreated after temporary backend failures. Default behavior remains unchanged unless explicitly enabled.	2 months ago
Naveen Albert	c77247001b	sig_analog: Skip Caller ID spill if usecallerid=no. If Caller ID is disabled for an FXS port, then we should not send any Caller ID spill on the line, as we have no Caller ID information that we can/should be sending. Resolves: #1394	2 months ago
Sperl Viktor	c1f24b74d7	cel: Add STREAM_BEGIN, STREAM_END and DTMF event types. Fixes: #1280 UserNote: Enabling the tracking of the STREAM_BEGIN and the STREAM_END event types in cel.conf will log media files and music on hold played to each channel. The STREAM_BEGIN event's extra field will contain a JSON with the file details (path, format and language), or the class name, in case of music on hold is played. The DTMF event's extra field will contain a JSON with the digit and the duration in milliseconds.	2 months ago
zhou_jiajian	511d22ef5e	cdr: add CANCEL dispostion in CDR In the original implementation, both CANCEL and NO ANSWER states were consolidated under the NO ANSWER disposition. This patch introduces a separate CANCEL disposition, with an optional configuration switch to enable this new disposition. Resolves: #1323 UserNote: A new CDR option "canceldispositionenabled" has been added that when set to true, the NO ANSWER disposition will be split into two dispositions: CANCEL and NO ANSWER. The default value is 'no'	2 months ago
Naveen Albert	415daae95f	users.conf: Remove deprecated users.conf integration. users.conf was deprecated in Asterisk 21 and is now being removed for Asterisk 23, in accordance with the Asterisk deprecation policy. This consists of: * Removing integration with app_directory, app_voicemail, chan_dahdi, chan_iax2, and AMI. * users.conf was also partially used for res_phoneprov, and this remaining functionality is consolidated to a separate phoneprov_users.conf, used only by res_phoneprov. Resolves: #1292 UpgradeNote: users.conf has been removed and all channel drivers must be configured using their specific configuration files. The functionality previously in users.conf for res_phoneprov is now in phoneprov_users.conf.	3 months ago
George Joseph	fe341c2b0f	res_stir_shaken: Add "ignore_sip_date_header" config option. UserNote: A new STIR/SHAKEN verification option "ignore_sip_date_header" has been added that when set to true, will cause the verification process to not consider a missing or invalid SIP "Date" header to be a failure. This will make the IAT the sole "truth" for Date in the verification process. The option can be set in the "verification" and "profile" sections of stir_shaken.conf. Also fixed a bug in the port match logic. Resolves: #1251 Resolves: #1271	4 months ago
phoneben	c753fe44d1	app_queue: queue rules – Add support for QUEUE_RAISE_PENALTY=rN to raise penalties only for members within min/max range This update adds support for a new QUEUE_RAISE_PENALTY format: rN When QUEUE_RAISE_PENALTY is set to rN (e.g., r4), only members whose current penalty is greater than or equal to the defined min_penalty and less than or equal to max_penalty will have their penalty raised to N. Members with penalties outside the min/max range remain unchanged. Example behaviors: QUEUE_RAISE_PENALTY=4 → Raise all members with penalty < 4 (existing behavior) QUEUE_RAISE_PENALTY=r4 → Raise only members with penalty in [min_penalty, max_penalty] to 4 Implementation details: Adds parsing logic to detect the r prefix and sets the raise_respect_min flag Modifies the raise logic to skip members outside the defined penalty range when the flag is active UserNote: This change introduces QUEUE_RAISE_PENALTY=rN, allowing selective penalty raises only for members whose current penalty is within the [min_penalty, max_penalty] range. Members with lower or higher penalties are unaffected. This behavior is backward-compatible with existing queue rule configurations.	4 months ago
Jaco Kroon	0c68306b7c	res_odbc: cache_size option to limit the cached connections. Signed-off-by: Jaco Kroon <jaco@uls.co.za> UserNote: New cache_size option for res_odbc to on a per class basis limit the number of cached connections. Please reference the sample configuration for details.	4 months ago
Jaco Kroon	497eba4901	res_odbc: cache_type option for res_odbc. This enables setting cache_type classes to a round-robin queueing system rather than the historic stack mechanism. This should result in lower risk of connection drops due to shorter idle times (the first connection to go onto the stack could in theory never be used again, ever, but sit there consuming resources, there could be multiple of these). And with a queue rather than a stack, dead connections are guaranteed to be detected and purged eventually. This should end up better balancing connection_cnt with actual load over time, assuming the database doesn't keep connections open excessively long from it's side. Signed-off-by: Jaco Kroon <jaco@uls.co.za> UserNote: When using res_odbc it should be noted that back-end connections to the underlying database can now be configured to re-use the cached connections in a round-robin manner rather than repeatedly re-using the same connection. This helps to keep connections alive, and to purge dead connections from the system, thus more dynamically adjusting to actual load. The downside is that one could keep too many connections active for a longer time resulting in resource also begin consumed on the database side.	4 months ago
George Joseph	c873f2ae7e	ARI Outbound Websockets Asterisk can now establish websocket sessions _to_ your ARI applications as well as accepting websocket sessions _from_ them. Full details: http://s.asterisk.net/ari-outbound-ws Code change summary: * Added an ast_vector_string_join() function, * Added ApplicationRegistered and ApplicationUnregistered ARI events. * Converted res/ari/config.c to use sorcery to process ari.conf. * Added the "outbound-websocket" ARI config object. * Refactored res/ari/ari_websockets.c to handle outbound websockets. * Refactored res/ari/cli.c for the sorcery changeover. * Updated res/res_stasis.c for the sorcery changeover. * Updated apps/app_stasis.c to allow initiating per-call outbound websockets. * Added CLI commands to manage ARI websockets. * Added the new "outbound-websocket" object to ari.conf.sample. * Moved the ARI XML documentation out of res_ari.c into res/ari/ari_doc.xml UserNote: Asterisk can now establish websocket sessions _to_ your ARI applications as well as accepting websocket sessions _from_ them. Full details: http://s.asterisk.net/ari-outbound-ws	4 months ago
George Joseph	5a3164c0b2	res_websocket_client: Create common utilities for websocket clients. Since multiple Asterisk capabilities now need to create websocket clients it makes sense to create a common set of utilities rather than making each of those capabilities implement their own. * A new configuration file "websocket_client.conf" is used to store common client parameters in named configuration sections. * APIs are provided to list and retrieve ast_websocket_client objects created from the named configurations. * An API is provided that accepts an ast_websocket_client object, connects to the remote server with retries and returns an ast_websocket object. TLS is supported as is basic authentication. * An observer can be registered to receive notification of loaded or reloaded client objects. * An API is provided to compare an existing client object to one just reloaded and return the fields that were changed. The caller can then decide what action to take based on which fields changed. Also as part of thie commit, several sorcery convenience macros were created to make registering common object fields easier. UserNote: A new module "res_websocket_client" and config file "websocket_client.conf" have been added to support several upcoming new capabilities that need common websocket client configuration.	4 months ago
George Joseph	3a5ffe2842	asterisk.c: Add option to restrict shell access from remote consoles. UserNote: A new asterisk.conf option 'disable_remote_console_shell' has been added that, when set, will prevent remote consoles from executing shell commands using the '!' prefix. Resolves: #GHSA-c7p6-7mvq-8jq2	5 months ago
George Joseph	8f1982c4d6	Alternate Channel Storage Backends Full details: http://s.asterisk.net/dc679ec3 The previous proof-of-concept showed that the cpp_map_name_id alternate storage backed performed better than all the others so this final PR adds only that option. You still need to enable it in menuselect under the "Alternate Channel Storage Backends" category. To select which one is used at runtime, set the "channel_storage_backend" option in asterisk.conf to one of the values described in asterisk.conf.sample. The default remains "ao2_legacy". UpgradeNote: With this release, you can now select an alternate channel storage backend based on C++ Maps. Using the new backend may increase performance and reduce the chances of deadlocks on heavily loaded systems. For more information, see http://s.asterisk.net/dc679ec3	5 months ago
Naveen Albert	2ced79259a	sig_analog: Add Call Waiting Deluxe support. Adds support for Call Waiting Deluxe options to enhance the current call waiting feature. As part of this change, a mechanism is also added that allows a channel driver to queue an audio file for Dial() to play, which is necessary for the announcement function. ASTERISK-30373 #close Resolves: #271 UserNote: Call Waiting Deluxe can now be enabled for FXS channels by enabling its corresponding option.	5 months ago
phoneben	ac07cbe2c3	Add log-caller-id-name option to log Caller ID Name in queue log Add log-caller-id-name option to log Caller ID Name in queue log This patch introduces a new global configuration option, log-caller-id-name, to queues.conf to control whether the Caller ID name is logged when a call enters a queue. When log-caller-id-name=yes, the Caller ID name is logged as parameter 4 in the queue log, provided it’s allowed by the existing log_restricted_caller_id rules. If log-caller-id-name=no (the default), the Caller ID name is omitted from the logs. Fixes: #1091 UserNote: This patch adds a global configuration option, log-caller-id-name, to queues.conf to control whether the Caller ID name is logged as parameter 4 when a call enters a queue. When log-caller-id-name=yes, the Caller ID name is included in the queue log, Any '\|' characters in the caller ID name will be replaced with '_'. (provided it’s allowed by the existing log_restricted_caller_id rules). When log-caller-id-name=no (the default), the Caller ID name is omitted.	6 months ago
George Joseph	c52136c277	asterisk.c: Add "pre-init" and "pre-module" capability to cli.conf. Commands in the "[startup_commands]" section of cli.conf have historically run after all core and module initialization has been completed and just before "Asterisk Ready" is printed on the console. This meant that if you wanted to debug initialization of a specific module, your only option was to turn on debug for everything by setting "debug" in asterisk.conf. This commit introduces options to allow you to run CLI commands earlier in the asterisk startup process. A command with a value of "pre-init" will run just after logger initialization but before most core, and all module, initialization. A command with a value of "pre-module" will run just after all core initialization but before all module initialization. A command with a value of "fully-booted" (or "yes" for backwards compatibility) will run as they always have been...after all initialization and just before "Asterisk Ready" is printed on the console. This means you could do this... ``` [startup_commands] core set debug 3 res_pjsip.so = pre-module core set debug 0 res_pjsip.so = fully-booted ``` This would turn debugging on for res_pjsip.so to catch any module initialization debug messages then turn it off again after the module is loaded. UserNote: In cli.conf, you can now define startup commands that run before core initialization and before module initialization.	6 months ago
fabriziopicconi	cd60142c76	rtp.conf.sample: Correct stunaddr example.	9 months ago
Naveen Albert	78546868f9	sig_analog: Add Last Number Redial feature. This adds the Last Number Redial feature to simple switch. UserNote: Users can now redial the last number called if the lastnumredial setting is set to yes. Resolves: #437	9 months ago
Abdelkader Boudih	831b5ec11d	samples: Use "asterisk" instead of "postgres" for username	9 months ago
Abdelkader Boudih	a24853ecdf	res_config_pgsql: normalize database connection option with cel and cdr by supporting new options name	9 months ago
George Joseph	71a2e8c599	Add SHA-256 and SHA-512-256 as authentication digest algorithms * Refactored pjproject code to support the new algorithms and added a patch file to third-party/pjproject/patches * Added new parameters to the pjsip auth object: * password_digest = <algorithm>:<digest> * supported_algorithms_uac = List of algorithms to support when acting as a UAC. * supported_algorithms_uas = List of algorithms to support when acting as a UAS. See the auth object in pjsip.conf.sample for detailed info. * Updated both res_pjsip_authenticator_digest.c (for UAS) and res_pjsip_outbound_authentocator_digest.c (UAC) to suport the new algorithms. The new algorithms are only available with the bundled version of pjproject, or an external version > 2.14.1. OpenSSL version 1.1.1 or greater is required to support SHA-512-256. Resolves: #948 UserNote: The SHA-256 and SHA-512-256 algorithms are now available for authentication as both a UAS and a UAC.	9 months ago
Kent	3dee037446	res_pjsip: Add new AOR option "qualify_2xx_only" Added a new option "qualify_2xx_only" to the res_pjsip AOR qualify feature to mark a contact as available only if an OPTIONS request returns a 2XX response. If the option is not specified or is false, any response to the OPTIONS request marks the contact as available. UserNote: The pjsip.conf AOR section now has a "qualify_2xx_only" option that can be set so that only 2XX responses to OPTIONS requests used to qualify a contact will mark the contact as available.	10 months ago
Sperl Viktor	d5c0486175	app_queue: allow dynamically adding a queue member in paused state. Fixes: #1007 UserNote: use the p option of AddQueueMember() for paused member state. Optionally, use the r(reason) option to specify a custom reason for the pause.	10 months ago
Mike Pultz	b85e18b4ef	res_curl.conf.sample: clean up sample configuration and add new SSL options This update properly documents all the current configuration options supported by the curl implementation, including the new ssl_* options.	11 months ago
George Joseph	1646b78986	res_stir_shaken: Allow sending Identity headers for unknown TNs Added a new option "unknown_tn_attest_level" to allow Identity headers to be sent when a callerid TN isn't explicitly configured in stir_shaken.conf. Since there's no TN object, a private_key_file and public_cert_url must be configured in the attestation or profile objects. Since "unknown_tn_attest_level" uses the same enum as attest_level, some of the sorcery macros had to be refactored to allow sharing the enum and to/from string conversion functions. Also fixed a memory leak in crypto_utils:pem_file_cb(). Resolves: #921 UserNote: You can now set the "unknown_tn_attest_level" option in the attestation and/or profile objects in stir_shaken.conf to enable sending Identity headers for callerid TNs not explicitly configured.	11 months ago
George Joseph	02e2000653	res_pjsip: Add new endpoint option "suppress_moh_on_sendonly" Normally, when one party in a call sends Asterisk an SDP with a "sendonly" or "inactive" attribute it means "hold" and causes Asterisk to start playing MOH back to the other party. This can be problematic if it happens at certain times, such as in a 183 Progress message, because the MOH will replace any early media you may be playing to the calling party. If you set this option to "yes" on an endpoint and the endpoint receives an SDP with "sendonly" or "inactive", Asterisk will NOT play MOH back to the other party. Resolves: #979 UserNote: The new "suppress_moh_on_sendonly" endpoint option can be used to prevent playing MOH back to a caller if the remote end sends "sendonly" or "inactive" (hold) to Asterisk in an SDP.	11 months ago
chrsmj	e9682be4ab	samples: remove and/or change some wiki mentions Cleaned some dead links. Replaced word wiki with either docs or link to https://docs.asterisk.org/ Resolves: #974	11 months ago
George Joseph	76601805b2	geolocation.sample.conf: Fix comment marker at end of file Resolves: #937	1 year ago
Sean Bright	befe46162b	cdr_custom: Allow absolute filenames. A follow up to #893 that brings the same functionality to cdr_custom. Also update the sample configuration files to note support for absolute paths.	1 year ago
George Joseph	64278a22c0	manager.conf.sample: Fix mathcing typo	1 year ago
George Joseph	affeec710c	manager: Enhance event filtering for performance UserNote: You can now perform more granular filtering on events in manager.conf using expressions like `eventfilter(name(Newchannel),header(Channel),method(starts_with)) = PJSIP/` This is much more efficient than `eventfilter = Event: Newchannel.*Channel: PJSIP/` Full syntax guide is in configs/samples/manager.conf.sample.	1 year ago
George Joseph	e99184b3e7	stir_shaken.conf.sample: Fix bad references to private_key_path They should be private_key_file. Resolves: #854	1 year ago
Mike Bradeen	b2455b2732	res_pjsip_notify: add dialplan application Add dialplan application PJSIPNOTIFY to send either pre-configured NOTIFY messages from pjsip_notify.conf or with headers defined in dialplan. Also adds the ability to send pre-configured NOTIFY commands to a channel via the CLI. Resolves: #799 UserNote: A new dialplan application PJSIPNotify is now available which can send SIP NOTIFY requests from the dialplan. The pjsip send notify CLI command has also been enhanced to allow sending NOTIFY messages to a specific channel. Syntax: pjsip send notify <option> channel <channel>	1 year ago
Ben Ford	fb0e46e464	channel: Add multi-tenant identifier. This patch introduces a new identifier for channels: tenantid. It's a stringfield on the channel that can be used for general purposes. It will be inherited by other channels the same way that linkedid is. You can set tenantid in a few ways. The first is to set it in the dialplan with the Set and CHANNEL functions: exten => example,1,Set(CHANNEL(tenantid)=My tenant ID) It can also be accessed via CHANNEL: exten => example,2,NoOp(CHANNEL(tenantid)) Another method is to use the new tenantid option for pjsip endpoints in pjsip.conf: [my_endpoint] type=endpoint tenantid=My tenant ID This is considered the best approach since you will be able to see the tenant ID as early as the Newchannel event. It can also be set using set_var in pjsip.conf on the endpoint like setting other channel variable: set_var=CHANNEL(tenantid)=My tenant ID Note that set_var will not show tenant ID on the Newchannel event, however. Tenant ID has also been added to CDR. It's read-only and can be accessed via CDR(tenantid). You can also get the tenant ID of the last channel communicated with via CDR(peertenantid). Tenant ID will also show up in CEL records if it has been set, and the version number has been bumped accordingly. Fixes: #740 UserNote: tenantid has been added to channels. It can be read in dialplan via CHANNEL(tenantid), and it can be set using Set(CHANNEL(tenantid)=My tenant ID). In pjsip.conf, it is recommended to use the new tenantid option for pjsip endpoints (e.g., tenantid=My tenant ID) so that it will show up in Newchannel events. You can set it like any other channel variable using set_var in pjsip.conf as well, but note that this will NOT show up in Newchannel events. Tenant ID is also available in CDR and can be accessed with CDR(tenantid). The peer tenant ID can also be accessed with CDR(peertenantid). CEL includes tenant ID as well if it has been set. UpgradeNote: A new versioned struct (ast_channel_initializers) has been added that gets passed to __ast_channel_alloc_ap. The new function ast_channel_alloc_with_initializers should be used when creating channels that require the use of this struct. Currently the only value in the struct is for tenantid, but now more fields can be added to the struct as necessary rather than the __ast_channel_alloc_ap function. A new option (tenantid) has been added to endpoints in pjsip.conf as well. CEL has had its version bumped to include tenant ID.	1 year ago
gibbz00	99a5064a07	feat: ARI "ChannelToneDetected" event A stasis event is now produced when using the TONE_DETECT dialplan function. This event is published over ARI using the ChannelToneDetected event. This change does not make it available over AMI. Fixes: #811 UserNote: Setting the TONE_DETECT dialplan function on a channel in ARI will now cause a ChannelToneDetected ARI event to be raised when the specified tone is detected.	1 year ago
George Joseph	a02fc685a8	stir_shaken: CRL fixes and a new CLI command * Fixed a bug in crypto_show_cli_store that was causing asterisk to crash if there were certificate revocation lists in the verification certificate store. We're also now prefixing certificates with "Cert:" and CRLs with "CRL:" to distinguish them in the list. * Added 'untrusted_cert_file' and 'untrusted_cert_path' options to both verification and profile objects. If you have CRLs that are signed by a different CA than the incoming X5U certificate (indirect CRL), you'll need to provide the certificate of the CRL signer here. Thse will show up as 'Untrusted" when showing the verification or profile objects. * Fixed loading of crl_path. The OpenSSL API we were using to load CRLs won't actually load them from a directory, only a file. We now scan the directory ourselves and load the files one-by-one. * Fixed the verification flags being set on the certificate store. - Removed the CRL_CHECK_ALL flag as this was causing all certificates to be checked for CRL extensions and failing to verify the cert if there was none. This basically caused all certs to fail when a CRL was provided via crl_file or crl_path. - Added the EXTENDED_CRL_SUPPORT flag as it is required to handle indirect CRLs. * Added a new CLI command... `stir_shaken verify certificate_file <certificate_file> [ <profile> ]` which will assist troubleshooting certificate problems by allowing the user to manually verify a certificate file against either the global verification certificate store or the store for a specific profile. * Updated the XML documentation and the sample config file. Resolves: #809	1 year ago
George Joseph	79e0b50162	voicemail.conf.sample: Fix ':' comment typo ...and removed an errant trailing space. Resolves: #819	1 year ago
George Joseph	6e73af341a	app_voicemail_odbc: Allow audio to be kept on disk This commit adds a new voicemail.conf option 'odbc_audio_on_disk' which when set causes the ODBC variant of app_voicemail to leave the message and greeting audio files on disk and only store the message metadata in the database. This option came from a concern that the database could grow to large and cause remote access and/or replication to become slow. In a clustering situation with this option, all asterisk instances would share the same database for the metadata and either use a shared filesystem or other filesystem replication service much more suitable for synchronizing files. The changes to app_voicemail to implement this feature were actually quite small but due to the complexity of the module, the actual source code changes were greater. They fall into the following categories: * Tracing. The module is so complex that it was impossible to figure out the path taken for various scenarios without the addition of many SCOPE_ENTER, SCOPE_EXIT and ast_trace statements, even in code that's not related to the functional change. Making this worse was the fact that many "if" statements in this module didn't use braces. Since the tracing macros add multiple statements, many "if" statements had to be converted to use braces. * Excessive use of PATH_MAX. Previous maintainers of this module used PATH_MAX to allocate character arrays for filesystem paths and SQL statements as though they cost nothing. In fact, PATH_MAX is defined as 4096 bytes! Some functions had (and still have) multiples of these. One function has 7. Given that the vast majority of installations use the default spool directory path `/var/spool/asterisk/voicemail`, the actual path length is usually less than 80 bytes. That's over 4000 bytes wasted. It was the same for SQL statement buffers. A 4K buffer for statement that only needed 60 bytes. All of these PATH_MAX allocations in the ODBC related code were changed to dynamically allocated buffers. The rest will have to be addressed separately. * Bug fixes. During the development of this feature, several pre-existing ODBC related bugs were discovered and fixed. They had to do with leaving orphaned files on disk, not preserving original message ids when moving messages between folders, not honoring the "formats" config parameter in certain circumstances, etc. UserNote: This commit adds a new voicemail.conf option 'odbc_audio_on_disk' which when set causes the ODBC variant of app_voicemail_odbc to leave the message and greeting audio files on disk and only store the message metadata in the database. Much more information can be found in the voicemail.conf.sample file.	1 year ago
Alexei Gradinari	07aa0ffe6a	app_queue: Add option to not log Restricted Caller ID to queue_log Add a queue option log-restricted-caller-id to strip the Caller ID when storing the ENTERQUEUE event in the queue log if the Caller ID is restricted. Resolves: #765 UpgradeNote: Add a new column to the queues table: queue_log_option_log_restricted ENUM('0','1','off','on','false','true','no','yes') to control whether the Restricted Caller ID will be stored in the queue log. UserNote: Add a Queue option log-restricted-caller-id to control whether the Restricted Caller ID will be stored in the queue log. If log-restricted-caller-id=no then the Caller ID will be stripped if the Caller ID is restricted.	1 year ago
George Joseph	85241bd229	Revert "res_pjsip_endpoint_identifier_ip: Add endpoint identifier transport address." This reverts PR #602 Resolves: #GHSA-qqxj-v78h-hrf9	1 year ago
Ivan Poddubny	abe0018d85	configs: Fix a misleading IPv6 ACL example in Named ACLs "deny=::" is equivalent to "::/128". In order to mean "deny everything by default" it must be "::/0".	1 year ago
George Joseph	758ed2b9fd	stir_shaken: Fix memory leak, typo in config, tn canonicalization * Fixed possible memory leak in tn_config:tn_get_etn() where we weren't releasing etn if tn or eprofile were null. * We now canonicalize TNs before using them for lookups or adding them to Identity headers. * Fixed a typo in stir_shaken.conf.sample. Resolves: #716	1 year ago
Sperl Viktor	0ab4a5ef6b	res_pjsip_endpoint_identifier_ip: Add endpoint identifier transport address. Add a new identify_by option to res_pjsip_endpoint_identifier_ip called 'transport' this matches endpoints based on the bound ip address (local) instead of the 'ip' option, which matches on the source ip address (remote). UserNote: set identify_by=transport for the pjsip endpoint. Then use the existing 'match' option and the new 'transport' option of the identify. Fixes: #672	2 years ago
Sperl Viktor	895ab9d798	res_pjsip_endpoint_identifier_ip: Endpoint identifier request URI Add ability to match against PJSIP request URI. UserNote: this new feature let users match endpoints based on the indound SIP requests' URI. To do so, add 'request_uri' to the endpoint's 'identify_by' option. The 'match_request_uri' option of the identify can be an exact match for the entire request uri, or a regular expression (between slashes). It's quite similar to the header identifer. Fixes: #599	2 years ago
Joshua Elson	c8ab570c6f	Implement Configurable TCP Keepalive Settings in PJSIP Transports This commit introduces configurable TCP keepalive settings for both TCP and TLS transports. The changes allow for finer control over TCP connection keepalives, enhancing stability and reliability in environments prone to connection timeouts or where intermediate devices may prematurely close idle connections. This has proven necessary and has already been tested in production in several specialized environments where access to the underlying transport is unreliable in ways invisible to the operating system directly, so these keepalive and timeout mechanisms are necessary. Fixes #657	2 years ago
Naveen Albert	b5850941b1	app_voicemail: Allow preventing mark messages as urgent. This adds an option to allow preventing callers from leaving messages marked as 'urgent'. Resolves: #619 UserNote: The leaveurgent mailbox option can now be used to control whether callers may leave messages marked as 'Urgent'.	2 years ago
George Joseph	628f8d7a43	Stir/Shaken Refactor Why do we need a refactor? The original stir/shaken implementation was started over 3 years ago when little was understood about practical implementation. The result was an implementation that wouldn't actually interoperate with any other stir-shaken implementations. There were also a number of stir-shaken features and RFC requirements that were never implemented such as TNAuthList certificate validation, sending Reason headers in SIP responses when verification failed but we wished to continue the call, and the ability to send Media Key(mky) grants in the Identity header when the call involved DTLS. Finally, there were some performance concerns around outgoing calls and selection of the correct certificate and private key. The configuration was keyed by an arbitrary name which meant that for every outgoing call, we had to scan the entire list of configured TNs to find the correct cert to use. With only a few TNs configured, this wasn't an issue but if you have a thousand, it could be. What's changed? * Configuration objects have been refactored to be clearer about their uses and to fix issues. * The "general" object was renamed to "verification" since it contains parameters specific to the incoming verification process. It also never handled ca_path and crl_path correctly. * A new "attestation" object was added that controls the outgoing attestation process. It sets default certificates, keys, etc. * The "certificate" object was renamed to "tn" and had it's key change to telephone number since outgoing call attestation needs to look up certificates by telephone number. * The "profile" object had more parameters added to it that can override default parameters specified in the "attestation" and "verification" objects. * The "store" object was removed altogther as it was never implemented. * We now use libjwt to create outgoing Identity headers and to parse and validate signatures on incoming Identiy headers. Our previous custom implementation was much of the source of the interoperability issues. * General code cleanup and refactor. * Moved things to better places. * Separated some of the complex functions to smaller ones. * Using context objects rather than passing tons of parameters in function calls. * Removed some complexity and unneeded encapsuation from the config objects. Resolves: #351 Resolves: #46 UserNote: Asterisk's stir-shaken feature has been refactored to correct interoperability, RFC compliance, and performance issues. See https://docs.asterisk.org/Deployment/STIR-SHAKEN for more information. UpgradeNote: The stir-shaken refactor is a breaking change but since it's not working now we don't think it matters. The stir_shaken.conf file has changed significantly which means that existing ones WILL need to be changed. The stir_shaken.conf.sample file in configs/samples/ has quite a bit more information. This is also an ABI breaking change since some of the existing objects needed to be changed or removed, and new ones added. Additionally, if res_stir_shaken is enabled in menuselect, you'll need to either have the development package for libjwt v1.15.3 installed or use the --with-libjwt-bundled option with ./configure.	2 years ago
Mike Bradeen	39760d109b	res_pjsip: disable raw bad packet logging Add patch to split the log level for invalid packets received on the signaling port. The warning regarding the packet will move to level 2 so that it can still be displayed, while the raw packet will be at level 4.	2 years ago
Naveen Albert	d1fb397cfc	general: Fix broken links. This fixes a number of broken links throughout the tree, mostly caused by wiki.asterisk.org being replaced with docs.asterisk.org, which should eliminate the need for sporadic fixes as in `f28047db36`. Resolves: #430	2 years ago
Naveen Albert	44b955e237	configs: Improve documentation for bandwidth in iax.conf. This improves the documentation for the bandwidth setting in iax.conf by making it clearer what the ramifications of this setting are. It also changes the sample default from low to high, since only high is compatible with good codecs that people will want to use in the vast majority of cases, and this is a common gotcha that trips up new users. Resolves: #425	2 years ago

1 2 3 4 5 ...

2189 Commits (6fb811a5905a54a07a901b25f8f3af0ad9d3f7c9)