Rightly the use of wildcards in certificates is disallowed in accordance
with RFC5922. However, RFC2818 does make some allowances with regards to
their use when using subject alt names with DNS name types.
As such this patch creates a new setting for TLS transports called
'allow_wildcard_certs', which when it and 'verify_server' are both enabled
allows DNS name types, as well as the common name that start with '*.'
to match as a wildcard.
For instance: *.example.com
will match for: foo.example.com
Partial matching is not allowed, e.g. f*.example.com, foo.*.com, etc...
And the starting wildcard only matches for a single level.
For instance: *.example.com
will NOT match for: foo.bar.example.com
The new setting is disabled by default.
ASTERISK-30072 #close
Change-Id: If0be3fdab2e09c2a66bb54824fca406ebaac3da4
When a pjsip endpoint is defined with timers=always, this has been a
functional noop. This patch correctly sets the feature bitmap to both
enable support for session timers and to enable them even when the
endpoint itself does not request or support timers.
ASTERISK-29603
Reported-By: Ray Crumrine
Change-Id: I8b5eeaa9ec7f50cc6d96dd34c2b4aa9c53fb5440
added new global config option "allow_sending_180_after_183"
that if enabled will preserve 180 after a 183
ASTERISK-29842
Change-Id: I8a53f8c35595b6d16d8e86e241b5f110d92f3d18
The async_operations setting on a transport configures how
many simultaneous incoming packets the transport can handle
when multiple threads are polling and waiting on the transport.
As we only use a single thread this was needlessly creating
incoming packets when set to a non-default value, wasting memory.
ASTERISK-30006
Change-Id: I1915973ef352862dc2852a6ba4cfce2ed536e68f
Adds a new configuration option, stir_shaken_profile, in pjsip.conf that
can be specified on a per endpoint basis. This option will reference a
stir_shaken_profile that can be configured in stir_shaken.conf. The type
of this option must be 'profile'. The stir_shaken option can be
specified on this object with the same values as before (attest, verify,
on), but it cannot be off since having the profile itself implies wanting
STIR/SHAKEN support. You can also specify an ACL from acl.conf (along
with permit and deny lines in the object itself) that will be used to
limit what interfaces Asterisk will attempt to retrieve information from
when reading the Identity header.
ASTERISK-29476
Change-Id: I87fa61f78a9ea0cd42530691a30da3c781842406
Treat time_t's as entirely unique and use the POSIX API's for
converting to/from strings.
Lastly, a 64-bit integer formats as 20 digits at most in base10.
Don't need to have any 100 byte buffers to hold that.
ASTERISK-29674 #close
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Change-Id: Id7b25bdca8f92e34229f6454f6c3e500f2cd6f56
Added the missing xml-stylesheet and Xinclude namespace
declarations in pjsip_config.xml and pjsip_manager.xml.
Updated make_xml_documentation to show detailed errors when
xmlstarlet is the validator. It's now run once with the '-q'
option to suppress harmless/expected messages and if it actually
fails, it's run again without '-q' but with '-e' to show
the actual errors.
Change-Id: I4bdc9d2ea6741e8d2e5eb82df60c68ccc59e1f5e
Moved the xmldoc build logic from the top-level Makefile into
its own script "make_xml_documentation" in the build_tools
directory.
Created a new utility script "get_sourceable_makeopts", also in
the build_tools directory, that dumps the top-level "makeopts"
file in a format that can be "sourced" from shell sscripts.
This allows scripts to easily get the values of common make
build variables such as the location of the GREP, SED, AWK, etc.
utilities as well as the AST* and library *_LIB and *_INCLUDE
variables.
Besides moving logic out of the Makefile, some optimizations
were done like removing "third-party" from the list of
subdirectories to be searched for documentation and changing some
assignments from "=" to ":=" so they're only evaluated once.
The speed increase is noticeable.
The makeopts.in file was updated to include the paths to
REALPATH and DIRNAME. The ./conifgure script was setting them
but makeopts.in wasn't including them.
So...
With this change, you can now place documentation in any"c"
source file AND you can now place it in a separate XML file
altogether. The following are examples of valid locations:
res/res_pjsip.c
Using the existing /*** DOCUMENTATION ***/ fragment.
res/res_pjsip/pjsip_configuration.c
Using the existing /*** DOCUMENTATION ***/ fragment.
res/res_pjsip/pjsip_doc.xml
A fully-formed XML file. The "configInfo", "manager",
"managerEvent", etc. elements that would be in the "c"
file DOCUMENTATION fragment should be wrapped in proper
XML. Example for "somemodule.xml":
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE docs SYSTEM "appdocsxml.dtd">
<docs>
<configInfo>
...
</configInfo>
</docs>
It's the "appdocsxml.dtd" that tells make_xml_documentation
that this is a documentation XML file and not some other XML file.
It also allows many XML-capable editors to do formatting and
validation.
Other than the ".xml" suffix, the name of the file is not
significant.
As a start... This change also moves the documentation that was
in res_pjsip.c to 2 new XML files in res/res_pjsip:
pjsip_config.xml and pjsip_manager.xml. This cut the number of
lines in res_pjsip.c in half. :)
Change-Id: I486c16c0b5a44d7a8870008e10c941fb19b71ade
Neither pjsip_message_filter's filter_on_tx_message() nor
res_pjsip_session's session_outgoing_nat_hook() were multipart
aware and just assumed that an SDP would be the only thing in
a message body. Both were changed to use the new
pjsip_get_sdp_info() function which searches for an sdp in
both single- and multi- part message bodies.
ASTERISK-29813
Change-Id: I8f5b8cfdc27f1d4bd3e7491ea9090951a4525c56
The stir_shaken configuration option now has 4 different choices to pick
from: off, attest, verify, and on. Off and on behave the same way they
do now. Attest will only perform attestation on the endpoint, and verify
will only perform verification on the endpoint.
Certain responses are required to be sent based on certain conditions
for STIR/SHAKEN. For example, if we get a Date header that is outside of
the time range that is considered valid, a 403 Stale Date response
should be sent. This and several other responses have been added.
Change-Id: I4ac1ecf652cd0e336006b0ca638dc826b5b1ebf7
In res_pjsip_sdp_rtp, the bind_rtp_to_media_address option and the
fallback use of the transport's bind address solve problems sending
media on systems that cannot send ipv4 packets on ipv6 sockets, and
certain other situations. This change extends both of these behaviors
to UDPTL sessions as well in res_pjsip_t38, to fix fax-specific
problems on these systems, introducing a new option
endpoint/t38_bind_udptl_to_media_address.
ASTERISK-29402
Change-Id: I87220c0e9cdd2fe9d156846cb906debe08c63557
The behavior of max_contacts and remove_existing are connected. If
remove_existing is enabled, the soonest expiring contacts are removed.
This may occur when there is an unavailable contact. Similarly,
when remove_existing is not enabled, registrations from good
endpoints are rejected in favor of retaining unavailable contacts.
This commit adds a new AOR option remove_unavailable, and the effect
of this setting will depend on remove_existing. If remove_existing
is set to no, we will still remove unavailable contacts when they
exceed max_contacts, if there are any. If remove_existing is set to
yes, we will prioritize the removal of unavailable contacts before
those that are expiring soonest.
ASTERISK-29525
Change-Id: Ia2711b08f2b4d1177411b1be23e970d7fdff5784
Set preferred transport when querying the local address to use in
filter_on_tx_messages(). This prevents the module to erroneously select
the wrong transport if more than one transports of the same type (TCP or
TLS) are configured.
ASTERISK-29241
Change-Id: I598e60257a7f92b29efce1fb3e9a2fc06f1439b6
For connection oriented transports PJSIP uses factories to
produce transports. When doing a partial transport reload
we need to also move the factory of the transport over so
that anything referencing the transport (such as an endpoint)
has the factory available.
ASTERISK-29441
Change-Id: Ieae0fb98eab2d9257cad996a1136e5a62d307161
RFC7616 and RFC8760 allow more than one WWW-Authenticate or
Proxy-Authenticate header per realm, each with different digest
algorithms (including new ones like SHA-256 and SHA-512-256).
Thankfully however a UAS can NOT send back multiple Authenticate
headers for the same realm with the same digest algorithm. The
UAS is also supposed to send the headers in order of preference
with the first one being the most preferred. We're supposed to
send an Authorization header for the first one we encounter for a
realm that we can support.
The UAS can also send multiple realms, especially when it's a
proxy that has forked the request in which case the proxy will
aggregate all of the Authenticate headers and then send them all
back to the UAC.
It doesn't stop there though... Each realm can require a
different username from the others. There's also nothing
preventing each digest algorithm from having a unique password
although I'm not sure if that adds any benefit.
So now... For each Authenticate header we encounter, we have to
determine if we support the digest algorithm and, if not, just
skip the header. We then have to find an auth object that
matches the realm AND the digest algorithm or find a wildcard
object that matches the digest algorithm. If we find one, we add
it to the results vector and read the next Authenticate header.
If the next header is for the same realm AND we already added an
auth object for that realm, we skip the header. Otherwise we
repeat the process for the next header.
In the end, we'll have accumulated a list of credentials we can
pass to pjproject that it can use to add Authentication headers
to a request.
NOTE: Neither we nor pjproject can currently handle digest
algorithms other than MD5. We don't even have a place for it in
the ast_sip_auth object. For this reason, we just skip processing
any Authenticate header that's not MD5. When we support the
others, we'll move the check into the loop that searches the
objects.
Changes:
* Added a new API ast_sip_retrieve_auths_vector() that takes in
a vector of auth ids (usually supplied on a call to
ast_sip_create_request_with_auth()) and populates another
vector with the actual objects.
* Refactored res_pjsip_outbound_authenticator_digest to handle
multiple Authenticate headers and set the stage for handling
additional digest algorithms.
* Added a pjproject patch that allows them to ignore digest
algorithms they don't support. This patch has already been
merged upstream.
* Updated documentation for auth objects in the XML and
in pjsip.conf.sample.
* Although res_pjsip_authenticator_digest isn't affected
by this change, some debugging and a testsuite AMI event
was added to facilitate testing.
Discovered during OpenSIPit 2021.
ASTERISK-29397
Change-Id: I3aef5ce4fe1d27e48d61268520f284d15d650281
Some configuration items for a transport do not result in
the underlying transport changing, but instead are just
state we keep ourselves and use. It is perfectly reasonable
to change these items.
These include local_net and external_* information.
ASTERISK-29354
Change-Id: I027857ccfe4419f460243e562b5f098434b3d43a
Segfault occurs during outbound UDP registration when all
transport states are being iterated over. The transport object
in the transport is accessed, but flow transports have a NULL
transport object.
Modify to not iterate over any flow transport
ASTERISK-29210 #close
Change-Id: If28dc3a18bdcbd0a49598b09b7fe4404d45c996a
RFC 3261 says that the Accept-Encoding header should be present
in an options response. Permitted values according to RFC 2616
are only compression algorithms like gzip or the default identity
encoding. Therefore "text/plain" is not a correct value here.
As long as the header is hard coded, it should be set to "identity".
Without this fix an Alcatel OmniPCX periodically logs warnings like
"[sip_acceptIncorrectHeader] Header Accept-Encoding is malformed"
on a SIP Trunk.
ASTERISK-29165 #close
Change-Id: I0aa2211ebf0b4c2ed554ac7cda794523803a3840
* Added a ONESHOT type that never reschedules.
* Added "like" capability to "pjsip show scheduled_tasks" so you can do
the following:
CLI> pjsip show scheduled_tasks like outreg
PJSIP Scheduled Tasks:
Task Name Interval Times Run ...
============================================= ========= ========= ...
pjsip/outreg/testtrunk-reg-0-00000074 50.000 oneshot ...
pjsip/outreg/voipms-reg-0-00000073 110.000 oneshot ...
* Fixed incorrect display of "Next Start".
* Compacted the displays of times in the CLI.
* Added two new functions (ast_sip_sched_task_get_times2,
ast_sip_sched_task_get_times_by_name2) that retrieve the interval,
next start time, and next run time in addition to the times already
returned by ast_sip_sched_task_get_times().
Change-Id: Ie718ca9fd30490b8a167bedf6b0b06d619dc52f3
This patch initializes a couple of local variables to some default values.
Interestingly, in the 'pj_status_t dlg_status' case the value not being
initialized caused memory to grow, and not be recovered, in the off nominal
path (at least on my machine).
Change-Id: I22ee65e1e1bff8efacea8a167c6c8428898523f7
This changes the outgoing offer call preference
default option to match the behavior of previous
versions of Asterisk.
The additional advanced codec negotiation options
have also been removed from the sample configuration
and marked as reserved for future functionality in
XML documentation.
The codec preference options have also been fixed to
enforce local codec configuration.
ASTERISK-29109
Change-Id: Iad19347bd5f3d89900c15ecddfebf5e20950a1c2
Implemention of History-Info capable of interworking with Diversion
Header following RFC7544
ASTERISK-29027 #close
Change-Id: I2296369582d4b295c5ea1e60bec391dd1d318fa6
When reading in a codec preference configuration option
the value would be set on the respective option before
applying any default adjustments, resulting in the
configuration not being as expected.
This was exposed by the REST API push configuration as
it used the configuration returned by Asterisk to then do
a modification. In the case of codec preferences one of
the options had a transcode value of "unspecified" when the
defaults should have ensured it would be "allow" instead.
This also renames the options in other places that were
missed.
Change-Id: I4ad42e74fdf181be2e17bc75901c62591d403964
This change renames the codec preference endpoint options.
incoming_offer_codec_prefs becomes codec_prefs_incoming_offer
to keep the options together when showing an endpoint.
Change-Id: I6202965b4723777f22a83afcbbafcdafb1d11c8d
Added a new configuration option for PJSIP endpoints - stir_shaken. If
set to yes, then STIR/SHAKEN support will be added to inbound and
outbound INVITEs. The default is no. Alembic has been updated to include
this option.
Previously the dialplan function was not trimming the whitespace from
the parameters it recieved. Now it does.
Also added a conditional that, when TEST_FRAMEWORK is enabled, the
timestamp in the identity header will be overlooked. This is just for
testing, since the testsuite will rely on a SIPp scenario with a preset
identity header to trigger the MISMATCH result.
Change-Id: I43d67f1489b8c1c5729ed3ca8d71e35ddf438df1
This commit adds the endpoint options required to control
Advanced Codec Negotiation.
incoming_offer_codec_prefs
outgoing_offer_codec_prefs
incoming_answer_codec_prefs
outgoing_answer_codec_prefs
The documentation may need tweaking and some additional edits
added, especially for the "answer" prefs. That'll be handled
when things finalize.
This commit is safe to merge as it doens't alter any existing
functionality nor does it alter the previous codec negotiation
work which may now be obsolete.
Change-Id: I920ba925d7dd36430dfd2ebd9d82d23f123d0e11
Currently when the pjsip making an outgoing request, it keep adding the
rport parameter in a request message as a default.
This causes unexpected rport handle at the other end.
Added option for disable this behaviour in the pjsip.conf.
This is a system option, but working as a gloabl option.
ASTERISK-28959
Change-Id: I9596675e52a742774738b5aad5d1fec32f477abc
The outbound proxy for an AOR was not being applied to
any statically configured Contacts. This resulted in the
OPTIONS requests being sent to the wrong target.
This change sets the outbound proxy on statically configured
contacts once the AOR configuration is done being
applied.
ASTERISK-28965
Change-Id: Ia60f3e93ea63f819c5a46bc8b54be2e588dfa9e0
1. Modify sip_resolve and sip_resolve_callback to request AAAA lookups
when an IPV6 transport type has been requested.
2. Rename all occurrences of pjsip_transport_get_type_name to
pjsip_transport_get_type_desc. This ensures that the log/debug info
shows whether the transport is IPv6 or IPv4.
3. Do not add the constant PJSIP_TRANSPORT_IPV6 to existing transport
types. This results in invalid values. Use a bitwise or instead.
ASTERISK-26780
Patches:
pjsip_resolver.c uploaded by Peter Sokolov (License #7070)
Change-Id: I8b1e298f8efa682d0a7644113258fe76d9889c58
When an AOR is modified endpoints are updated that reference
the AOR so they can start receiving updates and reflect the
correct state. If this is the case then we shouldn't change
the endpoint to be offline if it does not reference the AOR
but instead only when the endpoint is completely updated for
all its AORs.
ASTERISK-28056
patches:
pjsip_options-aor.diff submitted by jhord (license 6978)
Change-Id: I3ee00023be2393113cd4e056599f23f3499ef164
This unit test runs through combinations of...
* Local codecs
* Remote Codecs
* Codec Preference
* Incoming/Outgoing
A few new APIs were created to make it easier to test
the functionality but didn't result in any actual
functional change.
ASTERISK_28777
Change-Id: Ic8957c43e7ceeab0e9272af60ea53f056164f164
Based on this new endpoint setting, a joint list of preferred codecs
between those received from the Asterisk core (remote), and those
specified in the endpoint's "allow" parameter (local) is created and
is used to create the outgoing SDP offer.
* Add outgoing_call_offer_pref to pjsip_configuration (endpoint)
* Add "call_direction" to res_pjsip_session.
* Update pjsip_session_caps.c to make the functions more generic
so they could be used for both incoming and outgoing.
* Update ast_sip_session_create_outgoing to create the
pending_media_state->topology with the results of
ast_sip_session_create_joint_call_stream().
* The endpoint "preferred_codec_only" option now automatically sets
AST_SIP_CALL_CODEC_PREF_FIRST in incoming_call_offer_pref.
* A helper function ast_stream_get_format_count() was added to
streams to return the current count of formats.
ASTERISK-28777
Change-Id: Id4ec0b4a906c2ae5885bf947f101c59059935437
Add a new option, incoming_call_offer_pref, to res_pjsip endpoints that
specifies the preferred order of codecs after receiving an offer.
This patch does the following:
Adds a new enumeration, ast_sip_call_codec_pref, used by the the new
configuration option that's added to the endpoint media structure.
Adds a new ast_sip_session_caps structure that's set for each session media
object.
Creates a new file, res_pjsip_session_caps that "implements" the new
structure and option, and is compiled into the res_pjsip_session library.
ASTERISK-28756 #close
Change-Id: I35e7a2a0c236cfb6bd9cdf89539f57a1ffefc76f
This change extends the Sorcery API to allow a wizard to be
told to explicitly reload objects or a specific object type
even if the wizard believes that nothing has changed.
This has been leveraged by res_pjsip and res_pjsip_acl to
reload endpoints and PJSIP ACLs when a named ACL changes.
ASTERISK-28697
Change-Id: Ib8fee9bd9dd490db635132c479127a4114c1ca0b
RFC3261 Section 10 "Registrations", specifically paragraph
"10.2.4: Refreshing Bindings", states that a user agent compares
each contact address (in a 200 REGISTER response) to see if it
created the contact. If the Asterisk endpoint has the
rewrite_contact option set however, the contact host and port sent
back in the 200 response will be the rewritten one and not the
one sent by the user agent. This prevents the user agent from
matching its own contact. Some user agents get very upset when
this happens and will not consider the registration successful.
While this is rare, it is acceptable behavior especially if more
than 1 user agent is allowed to register to a single endpoint/aor.
This commit updates res_pjsip_nat (where rewrite_contact is
implemented) to store the original incoming Contact header in
a new "x-ast-orig-host" URI parameter before rewriting it, and to
restore the original host and port to the Contact headers in the
outgoing response.
This is only done if the request is a REGISTER and rewrite_contact
is enabled.
pjsip_message_filter was also updated to ensure that if a request
comes in with any existing x-ast-* URI parameters, we remove them
so they don't conflict. Asterisk will never send a request
with those headers in it but someone might just decide to add them
to a request they craft and send to Asterisk.
NOTE: If a device changes its contact address and registers again,
it's a NEW registration. If the device didn't unregister the
original registration then all existing behavior based
on aor/remove_existing and aor/max_contacts apply.
ASTERISK-28502
Reported-by: Ross Beer
Change-Id: Idc263ad2d2d7bd8faa047e5804d96a5fe1cd282e
This patch fixes several issues reported by the lgtm code analysis tool:
https://lgtm.com/projects/g/asterisk/asterisk
Not all reported issues were addressed in this patch. This patch mostly fixes
confirmed reported errors, potential problematic code points, and a few other
"low hanging" warnings or recommendations found in core supported modules.
These include, but are not limited to the following:
* innapropriate stack allocation in loops
* buffer overflows
* variable declaration "hiding" another variable declaration
* comparisons results that are always the same
* ambiguously signed bit-field members
* missing header guards
Change-Id: Id4a881686605d26c94ab5409bc70fcc21efacc25
When modifying an already defined variable in some channel drivers they
add a new variable with the same name to the list, but that value is
never used, only the first one found.
Introduce ast_variable_list_replace() and use it where appropriate.
ASTERISK-23756 #close
Patches:
setvar-multiplie.patch submitted by Michael Goryainov
Change-Id: Ie1897a96c82b8945e752733612ee963686f32839
The code for gathering contacts could result in the same contact
being retrieved and added to the list multiple times. The container
which stores the contacts to display will now only allow a contact
to be added to it once instead of multiple times.
ASTERISK-28228
Change-Id: I805185cfcec03340f57d2b9e6cc43c49401812df
When multiple endpoints try to register close together using the same
AOR with qualify_frequency set, one contact would qualify immediately
while the other contacts would have to wait out the duration of the
timer before being able to qualify. Changing the conditional to check
the contact container count for a non-zero value allows all contacts to
qualify immediately.
Change-Id: I79478118ee7e0d6e76af7c354d66684220db9415
Added a new PJSIP global setting called norefersub.
Default is true to keep support working as before.
res_pjsip_refer: Configures PJSIP norefersub capability accordingly.
Checks the PJSIP global setting value.
If it is true (default) it adds the norefersub capability to PJSIP.
If it is false (disabled) it does not add the norefersub capability
to PJSIP.
This is useful for Cisco switches that do not follow RFC4488.
ASTERISK-28375 #close
Reported-by: Dan Cropp
Change-Id: I0b1c28ebc905d881f4a16e752715487a688b30e9
chan_sip will always ignore 183 responses that do not contain SDP
however, chan_pjsip will currently always translate it into a
183 with SDP. This new flag allows chan_pjsip to have the same
behavior as chan_sip.
ASTERISK-28322 #close
Change-Id: If81cfaa17c11b6ac703e3d71696f259d86c6be4a
This reverts commit d524ad523d.
Reason for revert: This causes Contact and Via headers to have the wrong
transport address.
ASTERISK-28309 #close
Change-Id: Ibba4d6176f68e39279fcd9a545f81d56e747bed8
When a contact was removed by the registrar it did not always check to see if
the circumstances involved a monitored reliable transport. For instance, if the
'remove_existing' option was set to 'true' then when existing contacts were
removed due to 'max_contacts' being reached, those existing contacts being
removed did not unregister the transport monitor.
Also, it was possible to add more than one monitor on a reliable transport for
a given aor and contact.
This patch makes it so all contact removals done by the registrar also remove
any associated transport monitors if necessary. It also makes it so duplicate
monitors cannot be added for a given transport.
ASTERISK-28213
Change-Id: I94b06f9026ed177d6adfd538317c784a42c1b17a
To prevent one subsystem's taskprocessors from causing others
to stall, new capabilities have been added to taskprocessors.
* Any taskprocessor name that has a '/' will have the part
before the '/' saved as its "subsystem".
Examples:
"sorcery/acl-0000006a" and "sorcery/aor-00000019"
will be grouped to subsystem "sorcery".
"pjsip/distributor-00000025" and "pjsip/distributor-00000026"
will bn grouped to subsystem "pjsip".
Taskprocessors with no '/' have an empty subsystem.
* When a taskprocessor enters high-water alert status and it
has a non-empty subsystem, the subsystem alert count will
be incremented.
* When a taskprocessor leaves high-water alert status and it
has a non-empty subsystem, the subsystem alert count will be
decremented.
* A new api ast_taskprocessor_get_subsystem_alert() has been
added that returns the number of taskprocessors in alert for
the subsystem.
* A new CLI command "core show taskprocessor alerted subsystems"
has been added.
* A new unit test was addded.
REMINDER: The taskprocessor code itself doesn't take any action
based on high-water alerts or overloading. It's up to taskprocessor
users to check and take action themselves. Currently only the pjsip
distributor does this.
* A new pjsip/global option "taskprocessor_overload_trigger"
has been added that allows the user to select the trigger
mechanism the distributor uses to pause accepting new requests.
"none": Don't pause on any overload condition.
"global": Pause on ANY taskprocessor overload (the default and
current behavior)
"pjsip_only": Pause only on pjsip taskprocessor overloads.
* The core pjsip pool was renamed from "SIP" to "pjsip" so it can
be properly grouped into the "pjsip" subsystem.
* stasis taskprocessor names were changed to "stasis" as the
subsystem.
* Sorcery core taskprocessor names were changed to "sorcery" to
match the object taskprocessors.
Change-Id: I8c19068bb2fc26610a9f0b8624bdf577a04fcd56
The context specified by 'regcontext' was not being created, so when Asterisk
attempted to later dynamically add an extension it would fail. This patch now
creates the context if a 'regcontext' is specified.
ASTERISK-28238
Change-Id: I0f36cf4ab0a93ff4b1cc5548d617ecfd45e09265
The transport management code that checks for idle connections keeps a
reference to PJSIP's transport for IDLE_TIMEOUT milliseconds (32000 by
default). Because of this, if the transport is closed before this
timeout, the idle checking code will keep the transport from actually
being shutdown until the timeout expires.
Rather than passing the AO2 object to the scheduler task, we just pass
its key and look it up when it is time to potentially close the idle
connection. The other transport management code handles cleaning up
everything else for us.
Additionally, because we use the address of the transport when
generating its name, we concatenate an incrementing ID to the end of the
name to guarantee uniqueness.
Related to ASTERISK~28231
Change-Id: I02ee9f4073b6abca9169d30c47aa69b5e8ae9afb
The commit I2f97ebfa79969a36a97bb7b9afd5b6268cf1a07d removed sending out
the ContactStatus AMI event when a contact is updated.
Thist change broke things which rely on old behavior.
This patch adds a new PJSIP global configuration option
'send_contact_status_on_update_registration' to be able to preserve old
ContactStatus behavior.
By default new behavior, i.e. the ContactStatus event will not be sent when a
device refreshes its registration.
Change-Id: I706adf7584e7077eb6bde6d9799ca408bc82ce46
When a channel snapshot was created it used to be done
from scratch, copying all data (many strings). This incurs
a cost when doing so.
This change segments the channel snapshot into different
components which can be reused if unchanged from the
previous snapshot creation, reducing the cost. In normal
cases this results in some pointers being copied with
reference count being bumped, some integers being set,
and a string or two copied. The other benefit is that it
is now possible to determine if a channel snapshot update
is redundant and thus stop it before a message is published
to stasis.
The specific segments in the channel snapshot were split up
based on whether they are changed together, how often they
are changed, and their general grouping. In practice only
1 (or 0) of the segments actually get changed in normal
operation.
Invalidation is done by setting a flag on the channel when
the segment source is changed, forcing creation of a new
segment when the channel snapshot is created.
ASTERISK-28119
Change-Id: I5d7ef3df963a88ac47bc187d73c5225c315f8423
Replace usage of ao2_container_alloc with ao2_container_alloc_hash or
ao2_container_alloc_list. Remove ao2_container_alloc macro.
Change-Id: I0907d78bc66efc775672df37c8faad00f2f6c088
When Asterisk's taskprocessors get overloaded we need to reduce the work
load. res_pjsip currently ignores new SIP requests and relies on SIP
retransmissions in the hope that the overload condition will clear soon
enough to handle the retransmitted SIP request.
This change adds the following code after ast_taskprocessor_alert_get()
has returned TRUE:
1- identifies transport type. If non-udp then send a 503 response
2- if transport type is udp/udp6 then ignore, as before.
Change-Id: I1c230b40d43a254ea0f226b7acf9ee480a5d3836
This patch adds new options 'trust_connected_line' and 'send_connected_line'
to the endpoint.
The option 'trust_connected_line' is to control if connected line updates
are accepted from this endpoint.
The option 'send_connected_line' is to control if connected line updates
can be sent to this endpoint.
The default value is 'yes' for both options.
Change-Id: I16af967815efd904597ec2f033337e4333d097cd
Add a new global flag to res_pjsip to allow the callerid to be used
as the username in the contact header. This allows chan_pjsip to have
the same behavour as chan_sip
ASTERISK-28087 #close
Change-Id: I9a720e058323f6862a91c62f8a8c1a4b5c087b95
This change implements a few different generic things which were brought
on by Google Voice SIP.
1. The concept of flow transports have been introduced. These are
configurable transports in pjsip.conf which can be used to reference a
flow of signaling to a target. These have runtime configuration that can
be changed by the signaling itself (such as Service-Routes and
P-Preferred-Identity). When used these guarantee an individual connection
(in the case of TCP or TLS) even if multiple flow transports exist to the
same target.
2. Service-Routes (RFC 3608) support has been added to the outbound
registration module which when received will be stored on the flow
transport and used for requests referencing it.
3. P-Associated-URI / P-Preferred-Identity (RFC 3325) support has been
added to the outbound registration module. If a P-Associated-URI header
is received it will be used on requests as the P-Preferred-Identity.
4. Configurable outbound extension support has been added to the outbound
registration module. When set the extension will be placed in the
Supported header.
5. Header parameters can now be configured on an outbound registration
which will be placed in the Contact header.
6. Google specific OAuth / Bearer token authentication
(draft-ietf-sipcore-sip-authn-02) has been added to the outbound
registration module.
All functionality changes are controlled by pjsip.conf configuration
options and do not affect non-configured pjsip endpoints otherwise.
ASTERISK-27971 #close
Change-Id: Id214c2d1c550a41fcf564b7df8f3da7be565bd58
This patch sets the callerid_tag to empty string by default.
If the callerid_tag is set to NULL then the tag does not
become part of a connected line update.
For example:
Alice's tag is "Alice".
Bob's tag is empty.
Charlie's tag is "Charlie".
Alice calls Bob and then does attended transfer to Charlie.
When Alice hangs up the CONNECTEDLINE(tag) is "Alice"
on the interception routine on the Charlie's channel, but should be empty.
Ths patch also fix memory leaks if there are more then one options
"callerid", "callerid_tag", "voicemail_extension" and "contact_user"
in the pjsip.conf endpoint definition.
Change-Id: I86ba455c4677ca8d516d9a04ce7fb4d24dd576e4
CLI command 'pjsip show contacts' inefficiently make a lot of DB requests.
For example if there are 10k aors then asterisk requests these 10k records
of aor and then does 10k requests of contact - one request per aor.
Even if use 'like <pattern>' the asterisk requests all aor's and contact's
records and then filters them by itself.
This patch gathers contact's container by
- retrieving all dynamic contacts by regex (filtered by reg_server)
- retrieving all aors with permanent contacts
- finally filters container by regex
ASTERISK-28077 #close
Change-Id: Id0ad65d14952a02fb213273a90f3f680a8149618
This change brings in PJSIP 2.8, removes all the patches
that were merged upstream, and makes a minor change to
support a breaking change that was done.
ASTERISK-28059
Change-Id: I5097772b11b0f95c3c1f52df6400158666f0a189
Both pjsip_tx_data.tp_info.dst_name and pjsip_rx_data.pkt_info.src_name
store IPv6 addresses without enclosing brackets. This causes some log
output to be confusing because it is difficult to separate the IPv6
address from a port specification.
* Use pj_sockaddr_print() along with pjsip_tx_data.tp_info.dst_addr and
pjsip_rx_data.pkt_info.src_addr where possible for consistent IPv6
output.
* When a pj_sockaddr is not available, explicitly wrap IPv6 addresses
in brackets.
* When assigning pjsip_rx_data.pkt_info.src_name ourselves, make sure
to also set pjsip_rx_data.pkt_info.src_addr.
Change-Id: I5cfe997ced7883862a12b9c7d8551d76ae02fcf8
When a Contact is updated the only material change that qualify
support cares about is the underlying configuration for the AOR.
In this case we will update things with the new AOR information but
otherwise the callback to indicate the Contact has changed can be
ignored.
This is because it is only when a Contact is added or deleted that
material changes occur within the qualify support. An update can't
change the URI since it would result in a new Contact so it can be
ignored.
Change-Id: I2f97ebfa79969a36a97bb7b9afd5b6268cf1a07d
sip_options_get_endpoint_state_compositor_state leaked a reference to
the first available endpoint state compositor that was found.
Change-Id: Idb6be19f7219b6eed1dfb19c1e740dd40cb3fdc7
The authors of PJProject undef s_addr because of some issue in Microsoft
Windows. However in Oracle Solaris, s_addr is not a structure member, but
defined to map to the real structure member.
Updates the patch from ASTERISK_20366
ASTERISK-27997
Change-Id: I8223026d4d54e2a46521085fcc94bfa6ebe35b11
* Don't include pjlib.h twice in res_pjsip.h
* Consistently use #include <> form for pjproject includes.
(pjsip.h and pjlib.h)
Change-Id: I3f7b42044840de64edf7e9d7695cb60c45990dc7
A change recently went in which disabled the built-in PJSIP
keepalive. This defaulted to 90 seconds and kept TCP/TLS
connections alive. Disabling this functionality has resulted
in a behavior change of not doing keepalives by default resulting
in TCP/TLS connections dropping for some people.
This change makes our default keepalive interval 90 seconds
to match the previous behavior and preserve it.
ASTERISK-27978
Change-Id: Ibd9a45f3cbe5d9bb6d2161268696645ff781b1d6
* Use the replacement function ast_sip_push_task_wait_servant() instead of
the deprecated ast_sip_push_task_synchronous().
Change-Id: I145b550ba7054640c7faa3b644e63137f505c612
A problem I've seen countless times is a global or system section
for PJSIP not getting applied. This is inevitably the result of
the "type=" line missing. This change alleviates that problem.
The ability to specify an explicit section name has been
added to res_sorcery_config. If the configured section
name matches this and there are no unknown things configured
the section is taken as being for the given type.
Both the PJSIP "global" and "system" types now support this
so you can just name your section "global" or "system" and it
will be matched and used, even without a "type=" line.
ASTERISK-27972
Change-Id: Ie22723663c1ddd24f869af8c9b4c1b59e2476893
A new option 'suppress_q850_reason_headers' has been added to the
endpoint object. Some devices can't accept multiple Reason headers and
get confused when both 'SIP' and 'Q.850' Reason headers are received.
This option allows the 'Q.850' Reason header to be suppressed.
The default value is 'no'.
ASTERISK-27949
Reported-by: Ross Beer
Change-Id: I54cf37a827d77de2079256bb3de7e90fa5e1deb1
Using the keep_alive_interval option can result in a deadlock between the
pjproject transport manager group lock and the monitored transports ao2
container lock. The pjproject transport manager group lock has to be
superior in the locking order to the monitored transports ao2 container
lock because of pjproject callbacks called when already holding the group
lock. The lock inversion happens when Asterisk attempts to send a keep
alive packet over the reliable transports.
* Made keepalive_transport_thread() iterate over the monitored transports
container rather than use the ao2_callback() method. This avoids holding
the container lock when sending the keep alive packet.
ASTERISK-26686
Change-Id: I5d5392a52e698bbe41a93f7d8e92bf0e61fe3951
The Websocket transport uses the built-in HTTP server. As a result
the TLS configuration is done in http.conf and not in pjsip.conf.
This change adds a warning if this is configured in pjsip.conf and
also clarifies in the sample configuration file.
Change-Id: I187d994d328c3ed274b6754fd4c2a4955bdc6dd9
pjproject by default currently will follow media forked during an INVITE
on outbound calls if the To tag is different on a subsequent response as
that on an earlier response. We handle this correctly. There have
been reported cases where the To tag is the same but we still need to
follow the media. The pjproject patch in this commit adds the
capability to sip_inv and also adds the capability to control it at
runtime. The original "different tag" behavior was always controllable
at runtime but we never did anything with it and left it to default to
TRUE.
So, along with the pjproject patch, this commit adds options to both the
system and endpoint objects to control the two behaviors, and a small
logic change to session_inv_on_media_update in res_pjsip_session to
control the behavior at the endpoint level.
The default behavior for "different tags" remains the same at TRUE and
the default for "same tag" is FALSE.
Change-Id: I64d071942b79adb2f0a4e13137389b19404fe3d6
ASTERISK-27936
Reported-by: Ross Beer
* Fix several instances where we were bumping a ref in the parameter and
then unrefing the object if it failed. The way the AST_VECTOR_APPEND()
and AST_VECTOR_REPLACE() macros are implemented means if it fails the new
value was never evaluated.
Change-Id: I2847872a455b11ea7e5b7ce697c0a455a1d0ac9a
When endpoint specific ACL rules block a SIP request they respond with a
403 forbidden. However, if an endpoint is not identified then a 401
unauthorized response is sent. This vulnerability just discloses which
requests hit a defined endpoint. The ACL rules cannot be bypassed to gain
access to the disclosed endpoints.
* Made endpoint specific ACL rules now respond with a 401 unauthorized
which is the same as if an endpoint were not identified. The fix is
accomplished by replacing the found endpoint with the artificial endpoint
which always fails authentication.
ASTERISK-27818
Change-Id: Icb275a54ff8e2df6c671a6d9bda37b5d732b3b32
Currentrly pjsip_options code does not handle the situation when the
AOR qualify options were changed.
Also there is no way to find out what qualify options are using.
This patch add CLI commands to show and synchronize Aor qualify options:
pjsip show qualify endpoint <id>
Show the current qualify options for all Aors on the PJSIP endpoint.
pjsip show qualify aor <id>
Show the PJSIP Aor current qualify options.
pjsip reload qualify endpoint <id>
Synchronize the qualify options for all Aors on the PJSIP endpoint.
pjsip reload qualify aor <id>
Synchronize the PJSIP Aor qualify options.
ASTERISK-27872
Change-Id: I1746d10ef2b7954f2293f2e606cdd7428068c38c
Currentrly pjsip_options code does not handle the situation when the
qualify options were changed in realtime database.
Only 'module reload res_pjsip' helps.
This patch add a check on contact add/update observers if the contact
qualify options are different than local aor qualify options.
If the qualify options were modified then synchronize
the pjsip_options AOR local state.
ASTERISK-27872
Change-Id: Id55210a18e62ed5d35a88e408d5fe84a3c513c62
This fixes build warnings found by GCC 8. In some cases format
truncation is intentional so the warning is just suppressed.
ASTERISK-27824 #close
Change-Id: I724f146cbddba8b86619d4c4a9931ee877995c84
* Increase maximum number of ciphers from 100 to 256 (or whatever
PJ_SSL_SOCK_MAX_CIPHERS is #define'd to)
* Simplify logic in cipher_name_to_id()
* Make signed/unsigned comparison consistent
Re: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897412
Reported by: Ondřej Holas
Change-Id: Iea620f03915a1b873e79743154255c3148a514e7
Kevin Harwell
Trevor Peirce
Mark Petersen
Joshua C. Colp
Ben Ford
Philip Prindeville
George Joseph
Alexander Traud
Josh Soref
Matthew Kern
Joseph Nadiv
Bernd Zobl
Sean Bright
Nick French
Alexander Greiner-Baer
Kevin Harwell
Torrey Searle
sungtae kim
Roger James
Joshua Colp
Dan Cropp
Alexei Gradinari
Torrey Searle
Corey Farrell
Chris-Savinovich
Nick French
Richard Mudgett
Jenkins2