asterisk

Commit Graph

Author	SHA1	Message	Date
Sean Bright	f9a359c5c5	xml.c: Update deprecated libxml2 API usage. Two functions are deprecated as of libxml2 2.12: * xmlSubstituteEntitiesDefault * xmlParseMemory So we update those with supported API. Additionally, `res_calendar_caldav` has been updated to use libxml2's xmlreader API instead of the SAX2 API which has always felt a little hacky (see deleted comment block in `res_calendar_caldav.c`). The xmlreader API has been around since libxml2 2.5.0 which was released in 2003. Fixes #725	1 year ago
George Joseph	c014b66554	Revert "res_pjsip_endpoint_identifier_ip: Add endpoint identifier transport address." This reverts PR #602 Resolves: #GHSA-qqxj-v78h-hrf9	1 year ago
Mike Bradeen	624f509ce4	rtp_engine: add support for multirate RFC2833 digits Add RFC2833 DTMF support for 16K, 24K, and 32K bitrate codecs. Asterisk currently treats RFC2833 Digits as a single rtp payload type with a fixed bitrate of 8K. This change would expand that to 8, 16, 24 and 32K. This requires checking the offered rtp types for any of these bitrates and then adding an offer for each (if configured for RFC2833.) DTMF generation must also be changed in order to look at the current outbound codec in order to generate appropriately timed rtp. For cases where no outgoing audio has yet been sent prior to digit generation, Asterisk now has a concept of a 'preferred' codec based on offer order. On inbound calls Asterisk will mimic the payload types of the RFC2833 digits. On outbound calls Asterisk will choose the next free payload types starting with 101. UserNote: No change in configuration is required in order to enable this feature. Endpoints configured to use RFC2833 will automatically have this enabled. If the endpoint does not support this, it should not include it in the SDP offer/response. Resolves: #699	1 year ago
Fabrice Fontaine	c47307567a	res/stasis/control.c: include signal.h Include signal.h to avoid the following build failure with uclibc-ng raised since `2694792e13`: stasis/control.c: In function 'exec_command_on_condition': stasis/control.c:313:3: warning: implicit declaration of function 'pthread_kill'; did you mean 'pthread_yield'? [-Wimplicit-function-declaration] 313 \| pthread_kill(control->control_thread, SIGURG); \| ^~~~~~~~~~~~ \| pthread_yield stasis/control.c:313:41: error: 'SIGURG' undeclared (first use in this function) 313 \| pthread_kill(control->control_thread, SIGURG); \| ^~~~~~ cherry-pick-to: 18 cherry-pick-to: 20 cherry-pick-to: 21 Fixes: #729	1 year ago
Naveen Albert	9fc596aaa7	res_pjsip_logger: Preserve logging state on reloads. Currently, reloading res_pjsip will cause logging to be disabled. This is because logging can also be controlled via the debug option in pjsip.conf and this defaults to "no". To improve this, logging is no longer disabled on reloads if logging had not been previously enabled using the debug option from the config. This ensures that logging enabled from the CLI will persist through a reload. ASTERISK-29912 #close Resolves: #246 UserNote: Issuing "pjsip reload" will no longer disable logging if it was previously enabled from the CLI.	1 year ago
Henrik Liljedahl	1423cfee29	res_pjsip_sdp_rtp.c: Initial RTP inactivity check must consider the rtp_timeout setting. First rtp activity check was performed after 500ms regardless of the rtp_timeout setting. Having a call in ringing state for more than rtp_timeout and the first rtp package is received more than 500ms after sdp negotiation and before the rtp_timeout, erronously caused the call to be hungup. Changed to perform the first rtp inactivity check after the timeout setting preventing calls to be disconnected before the rtp_timeout has elapsed since sdp negotiation. Fixes #710	2 years ago
George Joseph	b7ed77a7c5	stir_shaken: Fix memory leak, typo in config, tn canonicalization * Fixed possible memory leak in tn_config:tn_get_etn() where we weren't releasing etn if tn or eprofile were null. * We now canonicalize TNs before using them for lookups or adding them to Identity headers. * Fixed a typo in stir_shaken.conf.sample. Resolves: #716	2 years ago
Sperl Viktor	c8769f3d5a	res_pjsip_endpoint_identifier_ip: Add endpoint identifier transport address. Add a new identify_by option to res_pjsip_endpoint_identifier_ip called 'transport' this matches endpoints based on the bound ip address (local) instead of the 'ip' option, which matches on the source ip address (remote). UserNote: set identify_by=transport for the pjsip endpoint. Then use the existing 'match' option and the new 'transport' option of the identify. Fixes: #672	2 years ago
George Joseph	16b264d6a9	res_stir_shaken: Fix compilation for CentOS7 (openssl 1.0.2) * OpenSSL 1.0.2 doesn't support X509_get0_pubkey so we now use X509_get_pubkey. The difference is that X509_get_pubkey requires the caller to free the EVP_PKEY themselves so we now let RAII_VAR do that. * OpenSSL 1.0.2 doesn't support upreffing an X509_STORE so we now wrap it in an ao2 object. * OpenSSL 1.0.2 doesn't support X509_STORE_get0_objects to get all the certs from an X509_STORE and there's no easy way to polyfill it so the CLI commands that list profiles will show a "not supported" message instead of listing the certs in a store. Resolves: #676	2 years ago
George Joseph	9e2179baa1	Fix incorrect application and function documentation references There were a few references in the embedded documentation XML where the case didn't match or where the referenced app or function simply didn't exist any more. These were causing 404 responses in docs.asterisk.org.	2 years ago
Sperl Viktor	ac297d15f8	res_pjsip_endpoint_identifier_ip: Endpoint identifier request URI Add ability to match against PJSIP request URI. UserNote: this new feature let users match endpoints based on the indound SIP requests' URI. To do so, add 'request_uri' to the endpoint's 'identify_by' option. The 'match_request_uri' option of the identify can be an exact match for the entire request uri, or a regular expression (between slashes). It's quite similar to the header identifer. Fixes: #599	2 years ago
Joshua Elson	555eb9d3d2	Implement Configurable TCP Keepalive Settings in PJSIP Transports This commit introduces configurable TCP keepalive settings for both TCP and TLS transports. The changes allow for finer control over TCP connection keepalives, enhancing stability and reliability in environments prone to connection timeouts or where intermediate devices may prematurely close idle connections. This has proven necessary and has already been tested in production in several specialized environments where access to the underlying transport is unreliable in ways invisible to the operating system directly, so these keepalive and timeout mechanisms are necessary. Fixes #657	2 years ago
Martin Tomec	cba82273ae	res_pjsip_refer.c: Allow GET_TRANSFERRER_DATA There was functionality in chan_sip to get REFER headers, with GET_TRANSFERRER_DATA variable. This commit implements the same functionality in pjsip, to ease transfer from chan_sip to pjsip. Fixes: #579 UserNote: the GET_TRANSFERRER_DATA dialplan variable can now be used also in pjsip.	2 years ago
Martin Nystroem	dd91f09481	res_ari.c: Add additional output to ARI requests when debug is enabled When ARI debug is enabled the logs will now output http method and the uri. Fixes: #666	2 years ago
Holger Hans Peter Freyther	d45c8e165f	res_prometheus: Fix duplicate output of metric and help text The prometheus exposition format requires each line to be unique[1]. This is handled by struct prometheus_metric having a list of children that is managed when registering a metric. In case the scrape callback is used, it is the responsibility of the implementation to handle this correctly. Originally the bridge callback didn't handle NULL snapshots, the crash fix lead to NULL metrics, and fixing that lead to duplicates. The original code assumed that snapshots are not NULL and then relied on "if (i > 0)" to establish the parent/children relationship between metrics of the same class. This is not workerable as the first bridge might be invisible/lacks a snapshot. Fix this by keeping a separate array of the first metric by class. Instead of relying on the index of the bridge, check whether the array has an entry. Use that array for the output. Add a test case that verifies that the help text is not duplicated. Resolves: #642 [1] https://prometheus.io/docs/instrumenting/exposition_formats/#grouping-and-sorting	2 years ago
Naveen Albert	e1dfa20797	res_parking: Fail gracefully if parking lot is full. Currently, if a parking lot is full, bridge setup returns -1, causing dialplan execution to terminate without TryExec. However, such failures should be handled more gracefully, the same way they are on other paths, as indicated by the module's author, here: http://lists.digium.com/pipermail/asterisk-dev/2018-December/077144.html Now, callers will hear the parking failure announcement, and dialplan will continue, which is consistent with existing failure modes. Resolves: #624	2 years ago
Maximilian Fridrich	c5a6d8a6db	res_pjsip_session: Reset pending_media_state->read_callbacks In handle_negotiated_sdp the pending_media_state->read_callbacks must be reset before they are added in the SDP handlers in handle_negotiated_sdp_session_media. Otherwise, old callbacks for removed streams and file descriptors could be added to the channel and Asterisk would poll on non-existing file descriptors. Resolves: #611	2 years ago
George Joseph	51790abba7	res_pjsip_stir_shaken.c: Add checks for missing parameters * Added checks for missing session, session->channel and rdata in stir_shaken_incoming_request. * Added checks for missing session, session->channel and tdata in stir_shaken_outgoing_request. Resolves: #645	2 years ago
George Joseph	1b94c90524	attestation_config.c: Use ast_free instead of ast_std_free In as_check_common_config, we were calling ast_std_free on raw_key but raw_key was allocated with ast_malloc so it should be freed with ast_free. Resolves: #636	2 years ago
George Joseph	2e0d837e01	Stir/Shaken Refactor Why do we need a refactor? The original stir/shaken implementation was started over 3 years ago when little was understood about practical implementation. The result was an implementation that wouldn't actually interoperate with any other stir-shaken implementations. There were also a number of stir-shaken features and RFC requirements that were never implemented such as TNAuthList certificate validation, sending Reason headers in SIP responses when verification failed but we wished to continue the call, and the ability to send Media Key(mky) grants in the Identity header when the call involved DTLS. Finally, there were some performance concerns around outgoing calls and selection of the correct certificate and private key. The configuration was keyed by an arbitrary name which meant that for every outgoing call, we had to scan the entire list of configured TNs to find the correct cert to use. With only a few TNs configured, this wasn't an issue but if you have a thousand, it could be. What's changed? * Configuration objects have been refactored to be clearer about their uses and to fix issues. * The "general" object was renamed to "verification" since it contains parameters specific to the incoming verification process. It also never handled ca_path and crl_path correctly. * A new "attestation" object was added that controls the outgoing attestation process. It sets default certificates, keys, etc. * The "certificate" object was renamed to "tn" and had it's key change to telephone number since outgoing call attestation needs to look up certificates by telephone number. * The "profile" object had more parameters added to it that can override default parameters specified in the "attestation" and "verification" objects. * The "store" object was removed altogther as it was never implemented. * We now use libjwt to create outgoing Identity headers and to parse and validate signatures on incoming Identiy headers. Our previous custom implementation was much of the source of the interoperability issues. * General code cleanup and refactor. * Moved things to better places. * Separated some of the complex functions to smaller ones. * Using context objects rather than passing tons of parameters in function calls. * Removed some complexity and unneeded encapsuation from the config objects. Resolves: #351 Resolves: #46 UserNote: Asterisk's stir-shaken feature has been refactored to correct interoperability, RFC compliance, and performance issues. See https://docs.asterisk.org/Deployment/STIR-SHAKEN for more information. UpgradeNote: The stir-shaken refactor is a breaking change but since it's not working now we don't think it matters. The stir_shaken.conf file has changed significantly which means that existing ones WILL need to be changed. The stir_shaken.conf.sample file in configs/samples/ has quite a bit more information. This is also an ABI breaking change since some of the existing objects needed to be changed or removed, and new ones added. Additionally, if res_stir_shaken is enabled in menuselect, you'll need to either have the development package for libjwt v1.15.3 installed or use the --with-libjwt-bundled option with ./configure.	2 years ago
romryz	a7a03bc294	res_rtp_asterisk.c: Correct coefficient in MOS calculation. Media Experience Score relies on incorrect pseudo_mos variable calculation. According to forming an opinion section of the documentation, calculation relies on ITU-T G.107 standard: https://docs.asterisk.org/Deployment/Media-Experience-Score/#forming-an-opinion ITU-T G.107 Annex B suggests to calculate MOS with a coefficient "seven times ten to the power of negative six", 7 * 10^(-6). which would mean 6 digits after the decimal point. Current implementation has 7 digits after the decimal point, which downrates the calls. Fixes: #597	2 years ago
George Joseph	a5ae546b88	Reduce startup/shutdown verbose logging When started with a verbose level of 3, asterisk can emit over 1500 verbose message that serve no real purpose other than to fill up logs. When asterisk shuts down, it emits another 1100 that are of even less use. Since the testsuite runs asterisk with a verbose level of 3, and asterisk starts and stops for every one of the 700+ tests, the number of log messages is staggering. Besides taking up resources, it also makes it hard to debug failing tests. This commit changes the log level for those verbose messages to 5 instead of 3 which reduces the number of log messages to only a handful. Of course, NOTICE, WARNING and ERROR message are unaffected. There's also one other minor change... ast_context_remove_extension_callerid2() logs a DEBUG message instead of an ERROR if the extension you're deleting doesn't exist. The pjsip_config_wizard calls that function to clean up the config and has been triggering that annoying error message for years. Resolves: #582	2 years ago
Flole998	c7fc6ae362	res_pjsip_outbound_registration.c: Add User-Agent header override This introduces a setting for outbound registrations to override the global User-Agent header setting. Resolves: #515 UserNote: PJSIP outbound registrations now support a per-registration User-Agent header	2 years ago
Sean Bright	841cd1480c	res_pjsip_t38.c: Permit IPv6 SDP connection addresses. The existing code prevented IPv6 addresses from being properly parsed. Fixes #558	2 years ago
Sean Bright	9f20b4659f	res_pjsip_session.c: Correctly format SDP connection addresses. Resolves a regression identified by @justinludwig involving the rendering of IPv6 addresses in outgoing SDP. Also updates `media_address` on PJSIP endpoints so that if we are able to parse the configured value as an IP we store it in a format that we can directly use later. Based on my reading of the code it appeared that one could configure `media_address` as: ``` [foo] type = endpoint ... media_address = [2001:db8::] ``` And that value would be blindly copied into the outgoing SDP without regard to its format. Fixes #541	2 years ago
Naveen Albert	ef891529fa	res_calendar_icalendar: Print iCalendar error on parsing failure. If libical fails to parse a calendar, print the error message it provdes. Resolves: #492	2 years ago
George Joseph	c31cd32b82	Revert "core & res_pjsip: Improve topology change handling." This reverts commit `315eb551db`. Over the past year, we've had several reports of "topology storms" occurring where 2 external facing channels connected by one or more local channels and bridges will get themselves in a state where they continually send each other topology change requests. This usually manifests itself in no-audio calls and a flood of "Exceptionally long queue length" messages. It appears that this commit is the cause so we're reverting it for now until we can determine a more appropriate solution. Resolves: #530	2 years ago
Maximilian Fridrich	81188ada5f	res_pjsip_nat: Fix potential use of uninitialized transport details The ast_sip_request_transport_details must be zero initialized, otherwise this could lead to a SEGV. Resolves: #509	2 years ago
George Joseph	120cc1ea11	res_rtp_asterisk: Fix regression issues with DTLS client check * Since ICE candidates are used for the check and pjproject is required to use ICE, res_rtp_asterisk was failing to compile when pjproject wasn't available. The check is now wrapped with an #ifdef HAVE_PJPROJECT. * The rtp->ice_active_remote_candidates container was being used to check the address on incoming packets but that container doesn't contain peer reflexive candidates discovered during negotiation. This was causing the check to fail where it shouldn't. We now check against pjproject's real_ice->rcand array which will contain those candidates. * Also fixed a bug in ast_sockaddr_from_pj_sockaddr() where we weren't zeroing out sin->sin_zero before returning. This was causing ast_sockaddr_cmp() to always return false when one of the inputs was converted from a pj_sockaddr, even if both inputs had the same address and port. Resolves: #500 Resolves: #503 Resolves: #505	2 years ago
Gitea	510f7798d8	res_pjsip_header_funcs: Duplicate new header value, don't copy. When updating an existing header the 'update' code incorrectly just copied the new value into the existing buffer. If the new value exceeded the available buffer size memory outside of the buffer would be written into, potentially causing a crash. This change makes it so that the 'update' now duplicates the new header value instead of copying it into the existing buffer.	2 years ago
Mike Bradeen	6bc81d0c86	res_pjsip: disable raw bad packet logging Add patch to split the log level for invalid packets received on the signaling port. The warning regarding the packet will move to level 2 so that it can still be displayed, while the raw packet will be at level 4.	2 years ago
George Joseph	b9ebccf064	res_rtp_asterisk.c: Check DTLS packets against ICE candidate list When ICE is in use, we can prevent a possible DOS attack by allowing DTLS protocol messages (client hello, etc) only from sources that are in the active remote candidates list. Resolves: GHSA-hxj9-xwr8-w8pq	2 years ago
Naveen Albert	3bb34477d4	general: Fix broken links. This fixes a number of broken links throughout the tree, mostly caused by wiki.asterisk.org being replaced with docs.asterisk.org, which should eliminate the need for sporadic fixes as in `f28047db36`. Resolves: #430	2 years ago
Matthew Fredrickson	e0bf65bde6	res_odbc.c: Allow concurrent access to request odbc connections There are valid scenarios where res_odbc's connection pool might have some dead or stuck connections while others are healthy (imagine network elements/firewalls/routers silently timing out connections to a single DB and a single IP address, or a heterogeneous connection pool connected to potentially multiple IPs/instances of a replicated DB using a DNS front end for load balancing and one replica fails). In order to time out those unhealthy connections without blocking access to other parts of Asterisk that may attempt access to the connection pool, it would be beneficial to not lock/block access around the entire pool in _ast_odbc_request_obj2 while doing potentially blocking operations on connection pool objects such as the connection_dead() test, odbc_obj_connect(), or by dereferencing a struct odbc_obj for the last time and triggering a odbc_obj_disconnect(). This would facilitate much quicker and concurrent timeout of dead connections via the connection_dead() test, which could block potentially for a long period of time depending on odbc.ini or other odbc connector specific timeout settings. This also would make rapid failover (in the clustered DB scenario) much quicker. This patch changes the locking in _ast_odbc_request_obj2() to not lock around odbc_obj_connect(), _disconnect(), and connection_dead(), while continuing to lock around truly shared, non-immutable state like the connection_cnt member and the connections list on struct odbc_class. Fixes: #465	2 years ago
Sean Bright	002d6c2108	res_pjsip_header_funcs.c: Check URI parameter length before copying. Fixes #477	2 years ago
Sean Bright	05924e30f9	res_rtp_asterisk.c: Update for OpenSSL 3+. In `5ac5c2b0` we defined `OPENSSL_SUPPRESS_DEPRECATED` to silence deprecation warnings. This commit switches over to using non-deprecated API.	2 years ago
Sean Bright	40a9f5a88c	res_http_websocket.c: Set hostname on client for certificate validation. Additionally add a `assert()` to in the TLS client setup code to ensure that hostname is set when it is supposed to be. Fixes #433	2 years ago
Sean Bright	64603c4807	resource_channels.c: Explicit codec request when creating UnicastRTP. Fixes #394	2 years ago
Sean Bright	e4eeda6502	doc: Update IP Quality of Service links. Fixes #328	2 years ago
George Joseph	af7e89ebf8	chan_pjsip: Add PJSIPHangup dialplan app and manager action See UserNote below. Exposed the existing Hangup AMI action in manager.c so we can use all of it's channel search and AMI protocol handling without duplicating that code in dialplan_functions.c. Added a lookup function to res_pjsip.c that takes in the string represenation of the pjsip_status_code enum and returns the actual status code. I.E. ast_sip_str2rc("DECLINE") returns 603. This allows the caller to specify PJSIPHangup(decline) in the dialplan, just like Hangup(call_rejected). Also extracted the XML documentation to its own file since it was almost as large as the code itself. UserNote: A new dialplan app PJSIPHangup and AMI action allows you to hang up an unanswered incoming PJSIP call with a specific SIP response code in the 400 -> 699 range.	2 years ago
Holger Hans Peter Freyther	da0b1ac1c1	ari: Provide the caller ID RDNIS for the channels Provide the caller ID RDNIS when available. This will allow an application to follow the redirect.	2 years ago
Brad Smith	1d9c5faeb3	res_rtp_asterisk.c: Fix runtime issue with LibreSSL The module will fail to load. Use proper function DTLS_method() with LibreSSL.	2 years ago
Naveen Albert	d4185ca025	res_pjsip: Include cipher limit in config error message. If too many ciphers are specified in the PJSIP config, include the maximum number of ciphers that may be specified in the user-facing error message. Resolves: #396	2 years ago
Mike Bradeen	e8fbdca40b	res_speech: allow speech to translate input channel * Allow res_speech to translate the input channel if the format is translatable to a format suppored by the speech provider. Resolves: #129 UserNote: res_speech now supports translation of an input channel to a format supported by the speech provider, provided a translation path is available between the source format and provider capabilites.	2 years ago
Sean Bright	74a5c452de	res_rtp_asterisk.c: Fix memory leak in ephemeral certificate creation. Fixes #386	2 years ago
Sean Bright	3af55f14fa	res_pjsip_dtmf_info.c: Add 'INFO' to Allow header. Fixes #376	2 years ago
Sean Bright	c7afd5357c	pjsip_configuration.c: Disable DTLS renegotiation if WebRTC is enabled. Per RFC8827: Implementations MUST NOT implement DTLS renegotiation and MUST reject it with a "no_renegotiation" alert if offered. So we disable it when webrtc=yes is set. Fixes #378 UpgradeNote: The dtls_rekey will be disabled if webrtc support is requested on an endpoint. A warning will also be emitted.	2 years ago
George Joseph	b9ee664440	res_pjsip_exten_state,res_pjsip_mwi: Allow unload on shutdown Commit `f66f77f` last year prevents the res_pjsip_exten_state and res_pjsip_mwi modules from unloading due to possible pjproject asserts if the modules are reloaded. A side effect of the implementation is that the taskprocessors these modules use aren't being released. When asterisk is doing a graceful shutdown, it waits AST_TASKPROCESSOR_SHUTDOWN_MAX_WAIT seconds for all taskprocessors to stop but since those 2 modules don't release theirs, the shutdown hangs for that amount of time. This change allows the modules to be unloaded and their resources to be released when ast_shutdown_final is true. Resolves: #379	2 years ago
sungtae kim	9b70b18dec	res_pjsip: Expanding PJSIP endpoint ID and relevant resource length to 255 characters This commit introduces an extension to the endpoint and relevant resource sizes for PJSIP, transitioning from its current 40-character constraint to a more versatile 255-character capacity. This enhancement significantly overcomes limitations related to domain qualification and practical usage, ultimately delivering improved functionality. In addition, it includes adjustments to accommodate the expanded realm size within the ARI, specifically enhancing the maximum realm length. Resolves: #345 UserNote: With this update, the PJSIP realm lengths have been extended to support up to 255 characters. UpgradeNote: As part of this update, the maximum allowable length for PJSIP endpoints and relevant resources has been increased from 40 to 255 characters. To take advantage of this enhancement, it is recommended to run the necessary procedures (e.g., Alembic) to update your schemas.	2 years ago
Mike Bradeen	7ea0e3bfda	res_stasis: signal when new command is queued res_statsis's app loop sleeps for up to .2s waiting on input to a channel before re-checking the command queue. This can cause delays between channel setup and bridge. This change is to send a SIGURG on the sleeping thread when a new command is enqueued. This exits the sleeping thread out of the ast_waitfor() call triggering the new command being processed on the channel immediately. Resolves: #362 UserNote: Call setup times should be significantly improved when using ARI.	2 years ago

1 2 3 4 5 ...

5489 Commits (f55df3621ab1a80e7b2bc636636ccd7bffe09168)