asterisk

Commit Graph

Author	SHA1	Message	Date
George Joseph	71a2e8c599	Add SHA-256 and SHA-512-256 as authentication digest algorithms * Refactored pjproject code to support the new algorithms and added a patch file to third-party/pjproject/patches * Added new parameters to the pjsip auth object: * password_digest = <algorithm>:<digest> * supported_algorithms_uac = List of algorithms to support when acting as a UAC. * supported_algorithms_uas = List of algorithms to support when acting as a UAS. See the auth object in pjsip.conf.sample for detailed info. * Updated both res_pjsip_authenticator_digest.c (for UAS) and res_pjsip_outbound_authentocator_digest.c (UAC) to suport the new algorithms. The new algorithms are only available with the bundled version of pjproject, or an external version > 2.14.1. OpenSSL version 1.1.1 or greater is required to support SHA-512-256. Resolves: #948 UserNote: The SHA-256 and SHA-512-256 algorithms are now available for authentication as both a UAS and a UAC.	10 months ago
Kent	3dee037446	res_pjsip: Add new AOR option "qualify_2xx_only" Added a new option "qualify_2xx_only" to the res_pjsip AOR qualify feature to mark a contact as available only if an OPTIONS request returns a 2XX response. If the option is not specified or is false, any response to the OPTIONS request marks the contact as available. UserNote: The pjsip.conf AOR section now has a "qualify_2xx_only" option that can be set so that only 2XX responses to OPTIONS requests used to qualify a contact will mark the contact as available.	10 months ago
Jaco Kroon	b3d9c11b54	res_odbc: release threads from potential starvation. Whenever a slot is freed up due to a failed connection, wake up a waiter before failing. In the case of a dead connection there could be waiters, for example, let's say two threads tries to acquire objects at the same time, with one in the cached connections, one will acquire the dead connection, and the other will enter into the wait state. The thread with the dead connection will clear up the dead connection, and then attempt a re-acquire (at this point there cannot be cached connections else the other thread would have received that and tried to clean up), as such, at this point we're guaranteed that either there are no waiting threads, or that the maxconnections - connection_cnt threads will attempt to re-acquire connections, and then either succeed, using those connections, or failing, and then signalling to release more waiters. Also fix the pointer log for ODBC handle %p dead which would always reflect NULL. Signed-off-by: Jaco Kroon <jaco@uls.co.za>	11 months ago
Viktor Litvinov	f30ad96b3f	res_rtp_asterisk.c: Set Mark on rtp when timestamp skew is too big Set Mark bit in rtp stream when timestamp skew is bigger than MAX_TIMESTAMP_SKEW. Fixes: #927	11 months ago
Alexey Vasilyev	dc64d485d7	res_rtp_asterisk.c: Fix bridged_payload matching with sample rate for DTMF Fixes #1004	11 months ago
George Joseph	1646b78986	res_stir_shaken: Allow sending Identity headers for unknown TNs Added a new option "unknown_tn_attest_level" to allow Identity headers to be sent when a callerid TN isn't explicitly configured in stir_shaken.conf. Since there's no TN object, a private_key_file and public_cert_url must be configured in the attestation or profile objects. Since "unknown_tn_attest_level" uses the same enum as attest_level, some of the sorcery macros had to be refactored to allow sharing the enum and to/from string conversion functions. Also fixed a memory leak in crypto_utils:pem_file_cb(). Resolves: #921 UserNote: You can now set the "unknown_tn_attest_level" option in the attestation and/or profile objects in stir_shaken.conf to enable sending Identity headers for callerid TNs not explicitly configured.	12 months ago
George Joseph	2694f78d03	res_pjsip: Change suppress_moh_on_sendonly to OPT_BOOL_T The suppress_moh_on_sendonly endpoint option should have been defined as OPT_BOOL_T in pjsip_configuration.c and AST_BOOL_VALUES in the alembic script instead of OPT_YESNO_T and YESNO_VALUES. Also updated contrib/ast-db-manage/README.md to indicate that AST_BOOL_VALUES should always be used and provided an example. Resolves: #995	12 months ago
George Joseph	02e2000653	res_pjsip: Add new endpoint option "suppress_moh_on_sendonly" Normally, when one party in a call sends Asterisk an SDP with a "sendonly" or "inactive" attribute it means "hold" and causes Asterisk to start playing MOH back to the other party. This can be problematic if it happens at certain times, such as in a 183 Progress message, because the MOH will replace any early media you may be playing to the calling party. If you set this option to "yes" on an endpoint and the endpoint receives an SDP with "sendonly" or "inactive", Asterisk will NOT play MOH back to the other party. Resolves: #979 UserNote: The new "suppress_moh_on_sendonly" endpoint option can be used to prevent playing MOH back to a caller if the remote end sends "sendonly" or "inactive" (hold) to Asterisk in an SDP.	12 months ago
Sean Bright	db79bcb82f	res_pjsip.c: Fix Contact header rendering for IPv6 addresses. Fix suggested by @nvsystems. Fixes #985	12 months ago
George Joseph	3e9b00a115	res_pjsip: Move tenantid to end of ast_sip_endpoint The tenantid field was originally added to the ast_sip_endpoint structure at the end of the AST_DECLARE_STRING_FIELDS block. This caused everything after it in the structure to move down in memory and break ABI compatibility. It's now at the end of the structure as an AST_STRING_FIELD_EXTENDED. Given the number of string fields in the structure now, the initial string field allocation was also increased from 64 to 128 bytes. Resolves: #982	12 months ago
Thomas Guebels	5d26fef407	pjsip_transport_events: handle multiple addresses for a domain The key used for transport monitors was the remote host name for the transport and not the remote address resolved for this domain. This was problematic for domains returning multiple addresses as several transport monitors were created with the same key. Whenever a subsystem wanted to register a callback it would always end up attached to the first transport monitor with a matching key. The key used for transport monitors is now the remote address and port the transport actually connected to. Fixes: #932	12 months ago
George Joseph	d5a0626889	res_srtp: Change Unsupported crypto suite msg from verbose to debug There's really no point in spamming logs with a verbose message for every unsupported crypto suite an older client may send in an SDP. If none are supported, there will be an error or warning.	1 year ago
Ben Ford	fbe8f8ff46	Add res_pjsip_config_sangoma external module. Adds res_pjsip_config_sangoma as an external module that can be downloaded via menuselect. It lives under the Resource Modules section.	1 year ago
Thomas Guebels	ef6f3ef0e7	pjsip_transport_events: Avoid monitor destruction When a transport is disconnected, several events can arrive following each other. The first event will be PJSIP_TP_STATE_DISCONNECT and it will trigger the destruction of the transport monitor object. The lookup for the transport monitor to destroy is done using the transport key, that contains the transport destination host:port. A reconnect attempt by pjsip will be triggered as soon something needs to send a packet using that transport. This can happen directly after a disconnect since ca Subsequent events can arrive later like PJSIP_TP_STATE_DESTROY and will also try to trigger the destruction of the transport monitor if not already done. Since the lookup for the transport monitor to destroy is done using the transport key, it can match newly created transports towards the same destination and destroy their monitor object. Because of this, it was sometimes not possible to monitor a transport after one or more disconnections. This fix adds an additional check on the transport pointer to ensure only a monitor for that specific transport is removed. Fixes: #923	1 year ago
Sean Bright	c13ef65f21	Revert "res_rtp_asterisk: Count a roll-over of the sequence number even on lost packets." This reverts commit `cb5e3445be`. The original change from 16 to 15 bit sequence numbers was predicated on the following from the now-defunct libSRTP FAQ on sourceforge.net: > Q6. The use of implicit synchronization via ROC seems > dangerous. Can senders and receivers lose ROC synchronization? > > A. It is possible to lose ROC synchronization between sender and > receiver(s), though it is not likely in practice, and practical > steps can be taken to avoid it. A burst loss of 2^16 packets or more > will always break synchronization. For example, a conversational > voice codec that sends 50 packets per second will have its ROC > increment about every 22 minutes. A network with a burst of packet > loss that long has problems other than ROC synchronization. > > There is a higher sensitivity to loss at the very outset of an SRTP > stream. If the sender's initial sequence number is close to the > maximum value of 2^16-1, and all packets are lost from the initial > packet until the sequence number cycles back to zero, the sender > will increment its ROC, but the receiver will not. The receiver > cannot determine that the initial packets were lost and that > sequence-number rollover has occurred. In this case, the receiver's > ROC would be zero whereas the sender's ROC would be one, while their > sequence numbers would be so close that the ROC-guessing algorithm > could not detect this fact. > > There is a simple solution to this problem: the SRTP sender should > randomly select an initial sequence number that is always less than > 2^15. This ensures correct SRTP operation so long as fewer than 2^15 > initial packets are lost in succession, which is within the maximum > tolerance of SRTP packet-index determination (see Appendix A and > page 14, first paragraph of RFC 3711). An SRTP receiver should > carefully implement the index-guessing algorithm. A naive > implementation can unintentionally guess the value of > 0xffffffffffffLL whenever the SEQ in the packet is greater than 2^15 > and the locally stored SEQ and ROC are zero. (This can happen when > the implementation fails to treat those zero values as a special > case.) > > When ROC synchronization is lost, the receiver will not be able to > properly process the packets. If anti-replay protection is turned > on, then the desynchronization will appear as a burst of replay > check failures. Otherwise, if authentication is being checked, then > it will appear as a burst of authentication failures. Otherwise, if > encryption is being used, the desynchronization may not be detected > by the SRTP layer, and the packets may be improperly decrypted. However, modern libSRTP (as of 1.0.1[1]) now mentions the following in their README.md[2]: > The sequence number in the rtp packet is used as the low 16 bits of > the sender's local packet index. Note that RTP will start its > sequence number in a random place, and the SRTP layer just jumps > forward to that number at its first invocation. An earlier version > of this library used initial sequence numbers that are less than > 32,768; this trick is no longer required as the > rdbx_estimate_index(...) function has been made smarter. So truncating our initial sequence number to 15 bit is no longer necessary. 1. `0eb007f0dc/CHANGES (L271-L289)` 2. `2de20dd9e9/README.md (implementation-notes)`	1 year ago
Sean Bright	e76f671810	res_agi.c: Ensure SIGCHLD handler functions are properly balanced. Calls to `ast_replace_sigchld()` and `ast_unreplace_sigchld()` must be balanced to ensure that we can capture the exit status of child processes when we need to. This extends to functions that call `ast_replace_sigchld()` and `ast_unreplace_sigchld()` such as `ast_safe_fork()` and `ast_safe_fork_cleanup()`. The primary change here is ensuring that we do not call `ast_safe_fork_cleanup()` in `res_agi.c` if we have not previously called `ast_safe_fork()`. Additionally we reinforce some of the documentation and add an assertion to, ideally, catch this sooner were this to happen again. Fixes #922	1 year ago
Naveen Albert	d1bba7efc0	main, res, tests: Fix compilation errors on FreeBSD. asterisk.c, manager.c: Increase buffer sizes to avoid truncation warnings. config.c: Include header file for WIFEXITED/WEXITSTATUS macros. res_timing_kqueue: Use more portable format specifier. test_crypto: Use non-linux limits.h header file. Resolves: #916	1 year ago
George Joseph	5d978ffcce	res_rtp_asterisk: Fix dtls timer issues causing FRACKs and SEGVs In dtls_srtp_handle_timeout(), when DTLSv1_get_timeout() returned success but with a timeout of 0, we were stopping the timer and decrementing the refcount on instance but not resetting the timeout_timer to -1. When dtls_srtp_stop_timeout_timer() was later called, it was atempting to stop a stale timer and could decrement the refcount on instance again which would then cause the instance destructor to run early. This would result in either a FRACK or a SEGV when ast_rtp_stop(0 was called. According to the OpenSSL docs, we shouldn't have been stopping the timer when DTLSv1_get_timeout() returned success and the new timeout was 0 anyway. We should have been calling DTLSv1_handle_timeout() again immediately so we now reschedule the timer callback for 1ms (almost immediately). Additionally, instead of scheduling the timer callback at a fixed interval returned by the initial call to DTLSv1_get_timeout() (usually 999 ms), we now reschedule the next callback based on the last call to DTLSv1_get_timeout(). Resolves: #487	1 year ago
jiangxc	c0d3fbb5ae	res_agi.c: Prevent possible double free during `SPEECH RECOGNIZE` When using the speech recognition module, crashes can occur sporadically due to a "double free or corruption (out)" error. Now, in the section where the audio stream is being captured in a loop, each time after releasing fr, it is set to NULL to prevent repeated deallocation. Fixes #772	1 year ago
George Joseph	4b998482bc	stir_shaken: Fix propagation of attest_level and a few other values attest_level, send_mky and check_tn_cert_public_url weren't propagating correctly from the attestation object to the profile and tn. * In the case of attest_level, the enum needed to be changed so the "0" value (the default) was "NOT_SET" instead of "A". This now allows the merging of the attestation object, profile and tn to detect when a value isn't set and use the higher level value. * For send_mky and check_tn_cert_public_url, the tn default was forced to "NO" which always overrode the profile and attestation objects. Their defaults are now "NOT_SET" so the propagation happens correctly. * Just to remove some redundant code in tn_config.c, a bunch of calls to generate_sorcery_enum_from_str() and generate_sorcery_enum_to_str() were replaced with a single call to generate_acfg_common_sorcery_handlers(). Resolves: #904	1 year ago
George Joseph	454ee03a0c	res_stir_shaken: Remove stale include for jansson.h in verification.c verification.c had an include for jansson.h left over from previous versions of the module. Since res_stir_shaken no longer has a dependency on jansson, the bundled version wasn't added to GCC's include path so if you didn't also have a jansson development package installed, the compile would fail. Removing the stale include was the only thing needed. Resolves: #889	1 year ago
George Joseph	edb8eebeff	res_stir_shaken.c: Fix crash when stir_shaken.conf is invalid * If the call to ast_config_load() returns CONFIG_STATUS_FILEINVALID, check_for_old_config() now returns LOAD_DECLINE instead of continuing on with a bad pointer. * If CONFIG_STATUS_FILEMISSING is returned, check_for_old_config() assumes the config is being loaded from realtime and now returns LOAD_SUCCESS. If it's actually not being loaded from realtime, sorcery will catch that later on. * Also refactored the error handling in load_module() a bit. Resolves: #884	1 year ago
George Joseph	dd348e55aa	res_stir_shaken: Check for disabled before param validation For both attestation and verification, we now check whether they've been disabled either globally or by the profile before validating things like callerid, orig_tn, dest_tn, etc. This prevents useless error messages. Resolves: #879	1 year ago
George Joseph	2f5b143b08	res_resolver_unbound: Test for NULL ub_result in unbound_resolver_callback The ub_result pointer passed to unbound_resolver_callback by libunbound can be NULL if the query was for something malformed like `.1` or `[.1]`. If it is, we now set a 'ns_r_formerr' result and return instead of crashing with a SEGV. This causes pjproject to simply cancel the transaction with a "No answer record in the DNS response" error. The existing "off nominal" unit test was also updated to check this condition. Although not necessary for this fix, we also made ast_dns_resolver_completed() tolerant of a NULL result. Resolves: GHSA-v428-g3cw-7hv9	1 year ago
Mike Bradeen	055031dfcb	res_pjsip_sdp_rtp: Use negotiated DTMF Payload types on bitrate mismatch When Asterisk sends an offer to Bob that includes 48K and 8K codecs with matching 4733 offers, Bob may want to use the 48K audio codec but can not accept 48K digits and so negotiates for a mixed set. Asterisk will now check Bob's offer to make sure Bob has indicated this is acceptible and if not, will use Bob's preference. Fixes: #847	1 year ago
George Joseph	e203c227bd	security_agreements.c: Refactor the to_str functions and fix a few other bugs * A static array of security mechanism type names was created. * ast_sip_str_to_security_mechanism_type() was refactored to do a lookup in the new array instead of using fixed "if/else if" statments. * security_mechanism_to_str() and ast_sip_security_mechanisms_to_str() were refactored to use ast_str instead of a fixed length buffer to store the result. * ast_sip_security_mechanism_type_to_str was removed in favor of just referencing the new type name array. Despite starting with "ast_sip_", it was a static function so removing it doesn't affect ABI. * Speaking of "ast_sip_", several other static functions that started with "ast_sip_" were renamed to avoid confusion about their public availability. * A few VECTOR free loops were replaced with AST_VECTOR_RESET(). * Fixed a meomry leak in pjsip_configuration.c endpoint_destructor caused by not calling ast_sip_security_mechanisms_vector_destroy(). * Fixed a memory leak in res_pjsip_outbound_registration.c add_security_headers() caused by not specifying OBJ_NODATA in an ao2_callback. * Fixed a few ao2_callback return code misuses. Resolves: #845	1 year ago
Alexei Gradinari	2acd9982de	res_pjsip_sdp_rtp fix leaking astobj2 ast_format PR #700 added a preferred_format for the struct ast_rtp_codecs, but when set the preferred_format it leaks an astobj2 ast_format. In the next code ast_rtp_codecs_set_preferred_format(&codecs, ast_format_cap_get_format(joint, 0)); both functions ast_rtp_codecs_set_preferred_format and ast_format_cap_get_format increases the ao2 reference count. Fixes: #856	1 year ago
Sean Bright	30a936cd25	res_pjsip_logger.c: Fix 'OPTIONS' tab completion. Fixes #843	1 year ago
Mike Bradeen	b2455b2732	res_pjsip_notify: add dialplan application Add dialplan application PJSIPNOTIFY to send either pre-configured NOTIFY messages from pjsip_notify.conf or with headers defined in dialplan. Also adds the ability to send pre-configured NOTIFY commands to a channel via the CLI. Resolves: #799 UserNote: A new dialplan application PJSIPNotify is now available which can send SIP NOTIFY requests from the dialplan. The pjsip send notify CLI command has also been enhanced to allow sending NOTIFY messages to a specific channel. Syntax: pjsip send notify <option> channel <channel>	1 year ago
Ben Ford	fb0e46e464	channel: Add multi-tenant identifier. This patch introduces a new identifier for channels: tenantid. It's a stringfield on the channel that can be used for general purposes. It will be inherited by other channels the same way that linkedid is. You can set tenantid in a few ways. The first is to set it in the dialplan with the Set and CHANNEL functions: exten => example,1,Set(CHANNEL(tenantid)=My tenant ID) It can also be accessed via CHANNEL: exten => example,2,NoOp(CHANNEL(tenantid)) Another method is to use the new tenantid option for pjsip endpoints in pjsip.conf: [my_endpoint] type=endpoint tenantid=My tenant ID This is considered the best approach since you will be able to see the tenant ID as early as the Newchannel event. It can also be set using set_var in pjsip.conf on the endpoint like setting other channel variable: set_var=CHANNEL(tenantid)=My tenant ID Note that set_var will not show tenant ID on the Newchannel event, however. Tenant ID has also been added to CDR. It's read-only and can be accessed via CDR(tenantid). You can also get the tenant ID of the last channel communicated with via CDR(peertenantid). Tenant ID will also show up in CEL records if it has been set, and the version number has been bumped accordingly. Fixes: #740 UserNote: tenantid has been added to channels. It can be read in dialplan via CHANNEL(tenantid), and it can be set using Set(CHANNEL(tenantid)=My tenant ID). In pjsip.conf, it is recommended to use the new tenantid option for pjsip endpoints (e.g., tenantid=My tenant ID) so that it will show up in Newchannel events. You can set it like any other channel variable using set_var in pjsip.conf as well, but note that this will NOT show up in Newchannel events. Tenant ID is also available in CDR and can be accessed with CDR(tenantid). The peer tenant ID can also be accessed with CDR(peertenantid). CEL includes tenant ID as well if it has been set. UpgradeNote: A new versioned struct (ast_channel_initializers) has been added that gets passed to __ast_channel_alloc_ap. The new function ast_channel_alloc_with_initializers should be used when creating channels that require the use of this struct. Currently the only value in the struct is for tenantid, but now more fields can be added to the struct as necessary rather than the __ast_channel_alloc_ap function. A new option (tenantid) has been added to endpoints in pjsip.conf as well. CEL has had its version bumped to include tenant ID.	1 year ago
gibbz00	99a5064a07	feat: ARI "ChannelToneDetected" event A stasis event is now produced when using the TONE_DETECT dialplan function. This event is published over ARI using the ChannelToneDetected event. This change does not make it available over AMI. Fixes: #811 UserNote: Setting the TONE_DETECT dialplan function on a channel in ARI will now cause a ChannelToneDetected ARI event to be raised when the specified tone is detected.	1 year ago
Mike Bradeen	a824a0cdb4	res_stasis: fix intermittent delays on adding channel to bridge Previously, on command execution, the control thread was awoken by sending a SIGURG. It was found that this still resulted in some instances where the thread was not immediately awoken. This change instead sends a null frame to awaken the control thread, which awakens the thread more consistently. Resolves: #801	1 year ago
Tinet-mucw	291c1e4c1f	res_pjsip_sdp_rtp.c: Fix DTMF Handling in Re-INVITE with dtmf_mode set to auto When the endpoint dtmf_mode is set to auto, a SIP request is sent to the UAC, and the SIP SDP from the UAC does not include the telephone-event. Later, the UAC sends an INVITE, and the SIP SDP includes the telephone-event. In this case, DTMF should be sent by RFC2833 rather than using inband signaling. Resolves: asterisk#826	1 year ago
George Joseph	a02fc685a8	stir_shaken: CRL fixes and a new CLI command * Fixed a bug in crypto_show_cli_store that was causing asterisk to crash if there were certificate revocation lists in the verification certificate store. We're also now prefixing certificates with "Cert:" and CRLs with "CRL:" to distinguish them in the list. * Added 'untrusted_cert_file' and 'untrusted_cert_path' options to both verification and profile objects. If you have CRLs that are signed by a different CA than the incoming X5U certificate (indirect CRL), you'll need to provide the certificate of the CRL signer here. Thse will show up as 'Untrusted" when showing the verification or profile objects. * Fixed loading of crl_path. The OpenSSL API we were using to load CRLs won't actually load them from a directory, only a file. We now scan the directory ourselves and load the files one-by-one. * Fixed the verification flags being set on the certificate store. - Removed the CRL_CHECK_ALL flag as this was causing all certificates to be checked for CRL extensions and failing to verify the cert if there was none. This basically caused all certs to fail when a CRL was provided via crl_file or crl_path. - Added the EXTENDED_CRL_SUPPORT flag as it is required to handle indirect CRLs. * Added a new CLI command... `stir_shaken verify certificate_file <certificate_file> [ <profile> ]` which will assist troubleshooting certificate problems by allowing the user to manually verify a certificate file against either the global verification certificate store or the store for a specific profile. * Updated the XML documentation and the sample config file. Resolves: #809	1 year ago
George Joseph	f45f8781d0	res_pjsip_config_wizard.c: Refactor load process The way we have been initializing the config wizard prevented it from registering its objects if res_pjsip happened to load before it. * We now use the object_type_registered sorcery observer to kick things off instead of the wizard_mapped observer. * The load_module function now checks if res_pjsip has been loaded already and if it was it fires the proper observers so the objects load correctly. Resolves: #816 UserNote: The res_pjsip_config_wizard.so module can now be reloaded.	1 year ago
Igor Goncharovsky	55f4e6dd03	res_pjsip_path.c: Fix path when dialing using PJSIP_DIAL_CONTACTS() When using the PJSIP_DIAL_CONTACTS() function for use in the Dial() command, the contacts are returned in text form, so the input to the path_outgoing_request() function is a contact value of NULL. The issue was reported in ASTERISK-28211, but was not actually fixed in ASTERISK-30100. This fix brings back the code that was previously removed and adds code to search for a contact to extract the path value from it.	1 year ago
Mike Bradeen	52bdfe09ab	res_pjsip_sdp_rtp: Add support for default/mismatched 8K RFC 4733/2833 digits After change made in `624f509` to add support for non 8K RFC 4733/2833 digits, Asterisk would only accept RFC 4733/2833 offers that matched the sample rate of the negotiated codec(s). This change allows Asterisk to accept 8K RFC 4733/2833 offers if the UAC offfers 8K RFC 4733/2833 but negotiates for a non 8K bitrate codec. A number of corresponding tests in tests/channels/pjsip/dtmf_sdp also needed to be re-written to allow for these scenarios. Fixes: #776	1 year ago
George Joseph	0092dd62c5	security_agreement.c: Always add the Require and Proxy-Require headers The `Require: mediasec` and `Proxy-Require: mediasec` headers need to be sent whenever we send `Security-Client` or `Security-Verify` headers but the logic to do that was only in add_security_headers() in res_pjsip_outbound_register. So while we were sending them on REGISTER requests, we weren't sending them on INVITE requests. This commit moves the logic to send the two headers out of res_pjsip_outbound_register:add_security_headers() and into security_agreement:ast_sip_add_security_headers(). This way they're always sent when we send `Security-Client` or `Security-Verify`. Resolves: #789	1 year ago
Sean Bright	f3e88d366c	xml.c: Update deprecated libxml2 API usage. Two functions are deprecated as of libxml2 2.12: * xmlSubstituteEntitiesDefault * xmlParseMemory So we update those with supported API. Additionally, `res_calendar_caldav` has been updated to use libxml2's xmlreader API instead of the SAX2 API which has always felt a little hacky (see deleted comment block in `res_calendar_caldav.c`). The xmlreader API has been around since libxml2 2.5.0 which was released in 2003. Fixes #725	1 year ago
George Joseph	85241bd229	Revert "res_pjsip_endpoint_identifier_ip: Add endpoint identifier transport address." This reverts PR #602 Resolves: #GHSA-qqxj-v78h-hrf9	1 year ago
Mike Bradeen	3b4d2a6506	rtp_engine: add support for multirate RFC2833 digits Add RFC2833 DTMF support for 16K, 24K, and 32K bitrate codecs. Asterisk currently treats RFC2833 Digits as a single rtp payload type with a fixed bitrate of 8K. This change would expand that to 8, 16, 24 and 32K. This requires checking the offered rtp types for any of these bitrates and then adding an offer for each (if configured for RFC2833.) DTMF generation must also be changed in order to look at the current outbound codec in order to generate appropriately timed rtp. For cases where no outgoing audio has yet been sent prior to digit generation, Asterisk now has a concept of a 'preferred' codec based on offer order. On inbound calls Asterisk will mimic the payload types of the RFC2833 digits. On outbound calls Asterisk will choose the next free payload types starting with 101. UserNote: No change in configuration is required in order to enable this feature. Endpoints configured to use RFC2833 will automatically have this enabled. If the endpoint does not support this, it should not include it in the SDP offer/response. Resolves: #699	1 year ago
Fabrice Fontaine	7fc25285fa	res/stasis/control.c: include signal.h Include signal.h to avoid the following build failure with uclibc-ng raised since `2694792e13`: stasis/control.c: In function 'exec_command_on_condition': stasis/control.c:313:3: warning: implicit declaration of function 'pthread_kill'; did you mean 'pthread_yield'? [-Wimplicit-function-declaration] 313 \| pthread_kill(control->control_thread, SIGURG); \| ^~~~~~~~~~~~ \| pthread_yield stasis/control.c:313:41: error: 'SIGURG' undeclared (first use in this function) 313 \| pthread_kill(control->control_thread, SIGURG); \| ^~~~~~ cherry-pick-to: 18 cherry-pick-to: 20 cherry-pick-to: 21 Fixes: #729	2 years ago
Naveen Albert	077962dd7b	res_pjsip_logger: Preserve logging state on reloads. Currently, reloading res_pjsip will cause logging to be disabled. This is because logging can also be controlled via the debug option in pjsip.conf and this defaults to "no". To improve this, logging is no longer disabled on reloads if logging had not been previously enabled using the debug option from the config. This ensures that logging enabled from the CLI will persist through a reload. ASTERISK-29912 #close Resolves: #246 UserNote: Issuing "pjsip reload" will no longer disable logging if it was previously enabled from the CLI.	2 years ago
Henrik Liljedahl	b267629b77	res_pjsip_sdp_rtp.c: Initial RTP inactivity check must consider the rtp_timeout setting. First rtp activity check was performed after 500ms regardless of the rtp_timeout setting. Having a call in ringing state for more than rtp_timeout and the first rtp package is received more than 500ms after sdp negotiation and before the rtp_timeout, erronously caused the call to be hungup. Changed to perform the first rtp inactivity check after the timeout setting preventing calls to be disconnected before the rtp_timeout has elapsed since sdp negotiation. Fixes #710	2 years ago
George Joseph	758ed2b9fd	stir_shaken: Fix memory leak, typo in config, tn canonicalization * Fixed possible memory leak in tn_config:tn_get_etn() where we weren't releasing etn if tn or eprofile were null. * We now canonicalize TNs before using them for lookups or adding them to Identity headers. * Fixed a typo in stir_shaken.conf.sample. Resolves: #716	2 years ago
Sperl Viktor	0ab4a5ef6b	res_pjsip_endpoint_identifier_ip: Add endpoint identifier transport address. Add a new identify_by option to res_pjsip_endpoint_identifier_ip called 'transport' this matches endpoints based on the bound ip address (local) instead of the 'ip' option, which matches on the source ip address (remote). UserNote: set identify_by=transport for the pjsip endpoint. Then use the existing 'match' option and the new 'transport' option of the identify. Fixes: #672	2 years ago
George Joseph	b23f089472	res_stir_shaken: Fix compilation for CentOS7 (openssl 1.0.2) * OpenSSL 1.0.2 doesn't support X509_get0_pubkey so we now use X509_get_pubkey. The difference is that X509_get_pubkey requires the caller to free the EVP_PKEY themselves so we now let RAII_VAR do that. * OpenSSL 1.0.2 doesn't support upreffing an X509_STORE so we now wrap it in an ao2 object. * OpenSSL 1.0.2 doesn't support X509_STORE_get0_objects to get all the certs from an X509_STORE and there's no easy way to polyfill it so the CLI commands that list profiles will show a "not supported" message instead of listing the certs in a store. Resolves: #676	2 years ago
George Joseph	f6b9d9e7d7	Fix incorrect application and function documentation references There were a few references in the embedded documentation XML where the case didn't match or where the referenced app or function simply didn't exist any more. These were causing 404 responses in docs.asterisk.org.	2 years ago
Sperl Viktor	895ab9d798	res_pjsip_endpoint_identifier_ip: Endpoint identifier request URI Add ability to match against PJSIP request URI. UserNote: this new feature let users match endpoints based on the indound SIP requests' URI. To do so, add 'request_uri' to the endpoint's 'identify_by' option. The 'match_request_uri' option of the identify can be an exact match for the entire request uri, or a regular expression (between slashes). It's quite similar to the header identifer. Fixes: #599	2 years ago
Joshua Elson	c8ab570c6f	Implement Configurable TCP Keepalive Settings in PJSIP Transports This commit introduces configurable TCP keepalive settings for both TCP and TLS transports. The changes allow for finer control over TCP connection keepalives, enhancing stability and reliability in environments prone to connection timeouts or where intermediate devices may prematurely close idle connections. This has proven necessary and has already been tested in production in several specialized environments where access to the underlying transport is unreliable in ways invisible to the operating system directly, so these keepalive and timeout mechanisms are necessary. Fixes #657	2 years ago

1 2 3 4 5 ...

5527 Commits (71a2e8c5998a1520ddc1ea2756c61c611a0d419e)