Commit Graph

341 Commits

Author SHA1 Message Date
Richard Mudgett
20aed30d9a T.140: Fix format ref and memory leaks.
* channel.c:ast_sendtext(): Fix T.140 SendText memory leak.

* format_compatibility.c: T.140 RED and T.140 were swapped.

* res_rtp_asterisk.c:rtp_red_init(): Fix ast_format_t140_red ref leak.

* res_rtp_asterisk.c:rtp_red_init(): Fix data race after starting periodic
scheduled red_write().

* res_rtp_asterisk.c: Some other minor misc tweaks.

Change-Id: Ifa27a2e0f8a966b1cf628607c86fc4374b0b88cb
2017-01-25 13:46:41 -06:00
Richard Mudgett
6f3e8c8e01 PJPROJECT logging: Fix detection of max supported log level.
The mechanism used for detecting the maximum log level compiled into the
linked pjproject did not work.  The API call simply stores the requested
level into an integer and does no range checking.  Asterisk was assuming
that there was range checking and limited the new value to the allowable
range.  To get the actual maximum log level compiled into the linked
pjproject we need to get and save off the initial set log level from
pjproject.  This is the maximum log level supported.

* Get and save off the initial log level setting before altering it to the
desired level on startup.  This has to be done by a macro rather than
calling a core function to avoid incorrectly linking pjproject.

* Split the initial log level warning messages to warn if the linked
pjproject cannot support the requested startup level and if it is too low
to get the pjproject buildopts for "pjproject show buildopts".

* Adjust the CLI "pjproject set log level" to check the saved max log
level and to generate normal output messages instead of a warning message.

ASTERISK-26743 #close

Change-Id: I40aa76653e2a1dece66c3f8734594b4f0471cfb4
2017-01-24 11:25:19 -06:00
Lorenzo Miniero
1061539b75 media: Add experimental support for RTCP feedback.
This change adds experimental support for providing RTCP
feedback information to codec modules so they can dynamically
change themselves based on conditions.

ASTERISK-26584

Change-Id: Ifd6aa77fb4a7ff546c6025900fc2baf332c31857
2017-01-23 13:25:31 +01:00
Richard Mudgett
b576b58d74 res_rtp_asterisk.c: Fix uninitialized memory crash.
ast_rtp_remote_address_set() could pass an uninitialized 'us' parameter to
ast_ouraddrfor().  If ast_ouraddrfor() returns an error then the 'us'
parameter may not get initialized.  Thus when the code tries to save the
'us' parameter to the local address we could try to copy a ridiculous
sized memory buffer and segfault.

* Made pass an initialized 'us' parameter to ast_ouraddrfor().

* Optimized out the 'us' struct variable.

ASTERISK-26672 #close

Change-Id: I4acea5dcdf0813da2c7d3e11c2d6067d160d17dc
2016-12-22 12:25:15 -06:00
Richard Mudgett
2fc65173e5 res_rtp_asterisk.c: Initialize ourip passed to ast_find_ourip().
We access uninitialized memory when the 'ourip' parameter does not
have an initial guess to our IP address.

ASTERISK-26672

Change-Id: I35507ea1ad7455d2be188f6ccdd4add7bd150e15
2016-12-22 12:25:15 -06:00
Richard Mudgett
8b7d252987 res_rtp_asterisk.c: Fix off nominal memory leak.
Change-Id: I95b1088d11244a2edae6607c12fbf33b38658a75
2016-12-21 11:15:23 -06:00
Richard Mudgett
1dfa11b65c PJPROJECT logging: Made easier to get available logging levels.
Use of the new logging is as simple as issuing the new CLI command or
setting the new pjproject.conf option.

Other options that can affect the logging are how you have the pjproject
log levels mapped to Asterisk log types in pjproject.conf and if you have
configured Asterisk to log the DEBUG type messages.  Altering the
pjproject.conf level mapping shouldn't be necessary for most installations
as the default mapping is sensible.  Configuring Asterisk to log the DEBUG
message type is standard practice for collecting debug information.

* Added CLI "pjproject set log level" command to dynamically adjust the
maximum pjproject log message level.

* Added CLI "pjproject show log level" command to see the currently set
maximum pjproject log message level.

* Added pjproject.conf startup section "log_level" option to set the
initial maximum pjproject log message level so all messages could be
captured from initialization.

* Set PJ_LOG_MAX_LEVEL to 6 to compile in all defined logging levels into
bundled pjproject.  Pjproject will use the currently set run time log
level to determine if a log message is generated just like Asterisk
verbose and debug logging levels.

* In log_forwarder(), made always log enabled and mapped pjproject log
messages.  DEBUG mapped log messages are no longer gated by the current
Asterisk debug logging level.

* Removed RAII_VAR() from res_pjproject.c:get_log_level().

ASTERISK-26630 #close

Change-Id: I6dca12979f482ffb0450aaf58db0fe0f6d2e5389
2016-11-30 13:11:48 -06:00
gestoip2
d9b24cce0a res_rtp_asterisk: RTT miscalculation in RTCP
When retrieving RTCP stats for PJSIP channels, RTT values are unreliable.
RTT calculation is correct, but the data representation isn't.  RTT is
represented by a 32-bit fixed-point number with the integer part in the
first 16 bits and the fractional part in the last 16 bits.  In order to
get the RTT value, the fractional part is miscalculated, there is an
unnecessary 16 bit shift that causes overflow.  Besides this there is
another mistake, when transforming the integer value to the fixed point
fractional part via bitwise operation, that loses precision.

* RTT fractional part is no longer shifted, avoiding overflow.

* RTT fractional part is transformed to its fixed-point value more
precisely.

* Fixed timeval2ntp() and ntp2timeval() second fraction conversions.

* Fixed NTP timestamp report logging.  The usec was inexplicably
multiplied by 4096.

ASTERISK-26566 #close
Reported by Hector Royo Concepcion

Change-Id: Ie09bdabfee75afb3f1b8ddfd963e5219ada3b96f
2016-11-23 11:15:42 -05:00
George Joseph
935f5d003b build: Various OpenBSD issues
OpenBSD's 'find' doesn't take the -delete argument so you have to pipe
through 'xargs rm -rf'.

'echo -e' doesn't like \t starting a line. It just prints 't' which
causes the libasteriskpj.exports file to be garbage.  They were just
cosmetic so they were removed.

librt doesn't exist so the link of libasteriskpj.so fails. It's not
actually needed for linux anyway so -lrt was removed from the link.

res_rtp_asterisk was failing to load because of an undefined
DTLS_method. '|| defined(LIBRESSL_VERSION_NUMBER)' was added to the #if
so DTLSv1_method is used instead.

ASTERISK-26608

Change-Id: I926ec95b0b69633231e3ad1d6e803b977272c49c
2016-11-16 21:31:54 -05:00
Corey Farrell
a6e5bae3ef Remove ASTERISK_REGISTER_FILE.
ASTERISK_REGISTER_FILE no longer has any purpose so this commit removes
all traces of it.

Previously exported symbols removed:
* __ast_register_file
* __ast_unregister_file
* ast_complete_source_filename

This also removes the mtx_prof static variable that was declared when
MTX_PROFILE was enabled.  This variable was only used in lock.c so it
is now initialized in that file only.

ASTERISK-26480 #close

Change-Id: I1074af07d71f9e159c48ef36631aa432c86f9966
2016-10-27 09:53:55 -04:00
Joshua Colp
403c4f5833 pjsip: Support dual stack automatically.
This change adds support for dual stack automatically. No
configuration is required and the IP address and version
in the SIP messages and SDP will be automatically changed
based on the transport over which the message is being
sent. RTP usage has also been changed to listen on both
IPv4 and IPv6 simultaneously to allow media to flow, and
to allow ICE support on both simultaneously. This also
allows failover between IPv6 and IPv4 to work as expected.

ASTERISK-26309 #close

Change-Id: I235a421d8f9a326606d861b449fa6fe3a030572d
2016-10-23 13:53:55 +00:00
Michael Walton
3e96d491d0 res_rtp_asterisk: Add ice_blacklist option
Introduces ice_blacklist configuration in rtp.conf. Subnets listed in the
form ice_blacklist = <subnet spec>, e.g. ice_blacklist =
192.168.1.0/255.255.255.0, are excluded from ICE host, srflx and relay
discovery. This is useful for optimizing the ICE process where a system
has multiple host address ranges and/or physical interfaces and certain
of them are not expected to be used for RTP. Multiple ice_blacklist
configuration lines may be used. If left unconfigured, all discovered
host addresses are used, as per previous behavior.

Documention in rtp.conf.sample.

ASTERISK-26418 #close

Change-Id: Ibee88f80d7693874fda1cceaef94a03bd86012c9
2016-10-19 07:15:20 -05:00
Torrey Searle
cc269766b8 res_rtp_asterisk: Fix infinite DTMF issue when switching to P2P bridge
If a bridge switched to P2P when a DTMF was in progress it
was possible for the DTMF to continue being sent indefinitely.

Change-Id: I7e2a3efe0d59d4b214ed50cd0b5d0317e2d92e29
2016-10-10 17:00:23 -05:00
Joshua Colp
89764f7ae9 rtp: Preserve timestamps on video frames.
Currently when receiving video over RTP we store only
a calculated samples on the frame. When starting the video
it can take some time for this calculation to actually yield
a value as it requires constant changing timestamps. As well
if a video frame passes over multiple RTP packets this calculation
will fail as the timestamp is the same as the previous RTP
packet and the number of samples calculated will be 0.

This change preserves the timestamp on the frame and allows
it to pass through the core. When sending the video this timestamp
is used instead of a new one being calculated.

ASTERISK-26367 #close

Change-Id: Iba8179fb5c14c9443aee4baf670d2185da3ecfbd
2016-09-14 12:58:10 -05:00
Mark Michelson
8fe9f1f7f1 res_rtp_asterisk: Cache local RTCP address.
When an RTCP packet is sent or received, res_rtp_asterisk generates a
Stasis event that contains the RTCP report as well as the local and
remote addresses that the report pertains to.

The addresses are determined using ast_find_ourip(). For the local
address, this will typically result in a lookup of the hostname of the
server, and then a DNS lookup of that hostname. If you do not have the
host in /etc/hosts, then this results in a full DNS lookup, which can
potentially block for some time.

This is especially problematic when performing RTCP reads, since those
are done on the same thread responsible for reading and writing media.

This patch addresses the issue by performing a lookup of the local
address when RTCP is allocated. We then use this cached local address
for the Stasis events when necessary.

ASTERISK-26280 #close
Reported by Mark Michelson

Change-Id: I3dd61882c2e57036f09f0c390cf38f7c87e9b556
2016-08-09 16:22:56 -05:00
Alexander Traud
cb5e3445be res_rtp_asterisk: Count a roll-over of the sequence number even on lost packets.
With this change, the initial RTP sequence number is randomly chosen not between
0 and 65535 (0xffff) but 0 and 32767 (0x7fff). This assures, the roll-over
counter (ROC) synchronization is not lost for sRTP, when the very first RTP
packets get lost; see http://srtp.sourceforge.net/faq.html#Q6

ASTERISK-26207 #close

Change-Id: I9a527e3aa3ce8f3becc5131d7ba32b57b5845464
2016-07-18 12:19:56 +02:00
Alexander Traud
85212f2799 res_rtp_asterisk: Enable Forward Secrecy (PFS) for DTLS.
Since July 2014, TLS based protocols (SIP over TLS, Secure WebSockets, HTTPS)
support PFS thanks to ASTERISK-23905. In July 2015, the same feature was added
for DTLS. The source code from main/tcptls.c should have been re-used to ease
security audits. Therefore, this change rolls back the change from July 2015 and
re-uses the code from July 2014. This has the additional benefits to work under
CentOS 7 and enabling not just ECDHE but DHE based cipher suites as well.

ASTERISK-25659 #close
Reported by: StefanEng86, urbaniak, pay123
Tested by: sarumjanuch, traud
patches:
res_rtp_asterisk.patch submitted by sarumjanuch
dtls_centos_step_1.patch submitted by traud
dtls_centos_step_2.patch submitted by traud

Change-Id: I537cadf4421f092a613146b230f2c0ee1be28d5c
2016-07-13 18:46:59 +02:00
George Joseph
d293ead077 res_rtp_asterisk: Fix a self-comparison identified by gcc 6
gcc 6 caught a previously unidentified self-comparison in
ice_candidate_cmp.  Fixed it and re-ordered the predicates for better
short-circuiting.

ASTERISK-26140 #close

Change-Id: I3da713c568e24064430257b3502fbdafd35af7a7
2016-06-22 13:46:41 -05:00
Torrey Searle
804005d251 res_rtp_asterisk: fix memory leak in dtls
ensure that cert bios get freed after creating the fingerprint

ASTERISK-26129 #close

Change-Id: I44d23aea07dce80176ca1ff877c5ace9452ef451
2016-06-22 02:29:21 -05:00
Alexander Traud
6eb0354f2d res_rtp_asterisk: Use latest DTLS version available by underlying platform.
Do not use DTLSv1_method() but DTLS_method() when available in OpenSSL of the
underlying platform. This change enables DTLS 1.2 since OpenSSL 1.0.2, for
WebRTC (DTLS-SRTP via SIP-over-WebSockets). This change enables AEAD-based
cipher-suites.

ASTERISK-26130 #close

Change-Id: I41f24448d6d2953e8bdb97c9f4a6bc8a8f055fd0
2016-06-21 13:23:41 -05:00
Joshua Colp
051da5c3af Merge "res_rtp_asterisk: Use separate SRTP session for RTCP with DTLS" 2016-04-05 05:37:44 -05:00
George Joseph
724b9ab28f res_rtp_asterisk: Fix placement of txcount increment
Commit 1bce690ccb was incrementing txcount
for rtcp packets as well as rtp packets and that was causing sender reports
to be generated instead of receiver reports in cases where no rtp was actually
being sent.

Moved the txcount increment from __rtp_sento, which handles both rtp and rtcp,
to rtp_sento which only handles rtp packets.

Discovered by the hep/rtcp-receiver test.

Change-Id: Ie442e4bb947a68847a676497021ba10ffaf376d5
2016-03-30 09:52:47 -05:00
Jacek Konieczny
970803efcb res_rtp_asterisk: Use separate SRTP session for RTCP with DTLS
Asterisk uses separate UDP ports for RTP and RTCP traffic and RFC 5764
explicitly states:

  There MUST be a separate DTLS-SRTP session for each distinct pair of
  source and destination ports used by a media session

This means RTP keying material cannot be used for DTLS RTCP, which was
the reason why RTCP encryption would fail.

ASTERISK-25642

Change-Id: I7e8779d8b63e371088081bb113131361b2847e3a
2016-03-29 10:57:55 -05:00
George Joseph
44ffb5105a res_rtp_asterisk: Fix packet stats on bridged connection
rxcount, txcount, rxoctetcount and txoctetcount weren't being calculated
for bridged streams because the calulations were being done after the
bridged short-circuit.  Actually, rxoctetcount wasn't ever being calculated.

Moved the calculations so they occur for all valid received packets and
all transmitted packets.  Also added rxoctetcount and txoctetcount to
ast_rtp_instance_stat.

Change-Id: I08fb06011a82d38c3b4068867a615068fbe59cbb
2016-03-28 12:23:48 -05:00
Sean Bright
d83dba7099 res_rtp_asterisk: Allow ICE host candidates to be overriden
During ICE negotiation the IPs of the local interfaces are sent to the remote
peer as host candidates. In many cases Asterisk is behind a static one-to-one
NAT, so these host addresses will be internal IP addresses.

To help in hiding the topology of the internal network, this patch adds the
ability to override the host candidates by matching them against a
user-defined list of replacements.

Change-Id: I1c9541af97b83a4c690c8150d19bf7202c8bff1f
2016-02-03 17:06:20 -06:00
Joshua Colp
a1c43022d2 res_rtp_asterisk: Revert DTLS negotiation changes.
Due to locking issues within pjnath these changes are being
reverted until pjnath can be changed.

ASTERISK-25645

Revert "res_rtp_asterisk.c: Fix DTLS negotiation delays."

This reverts commit 24ae124e4f.

Change-Id: I2986cfb2c43dc14455c1bcaf92c3804f9da49705

Revert "res_rtp_asterisk: Resolve further timing issues with DTLS negotiation"

This reverts commit 965a0eee46.

Change-Id: Ie68fafde27dad4b03cb7a1e27ce2a8502c3f7bbe
2016-01-09 18:38:32 -06:00
Kevin Harwell
b8876711f3 res_rtp_asterisk: rtp->ice check not wrapped in HAVE_PJPROJECT ifdef
Change-Id: I19b49112e1b630bd04e859f14ccf96f8ebd6b151
2015-12-24 10:36:41 -06:00
Dade Brandon
648ca2b1b8 res_rtp_asterisk: Resolve further timing issues with DTLS negotiation
Resolves an edge case dtls negotiation delay for certain networks which
somehow manage to drop the rtcp side's packet when these are both sent
ast_rtp_remote_address_set, causing it to have to time-out and restart
the handshake.

Move dtls pending bio flush in to it's own function, and call it from
ast_rtp_on_ice_complete, when we're rtp->ice, rather than when
ast_rtp_remote_address_set.

Keep the existing flush from the recent change to res_rtp_remote_address_set
if ice is not being used.

ASTERISK-25614 #close
Reported-by: XenCALL
Tested by: XenCALL

Change-Id: Ie2caedbdee1783159f375589b6fd3845c8577ba5
2015-12-21 11:13:46 -08:00
server-pandora
32ec83f37f res_rtp_asterisk.c: Fix DTLS negotiation delays.
- Trigger pending DTLS packets to send out, once the RTP instance's remote
  address is set.
- Avoids locking the DTLS structure unnecessarily by only doing this if
  DTLS is passive.
- Add DTLS locks around the structurally sensitive calls in the SSL
  portion of __rtp_recvfrom, since dtls_srtp_check_pending does not lock
  inside of itself, and we're dealing with the SSL BIO in at least two
  threads.

WebRTC channels may receive a DTLS handshake before
ast_rtp_remote_address_set is called, which causes there to be a pending
response to send out.   Previous to 1ad827, this was handled by calling
dtls_srtp_check_pending on receipt of any RTP packet - a STUN or RTP
packet could trigger the pending handshake response.  Since that was
rightfully removed, whenever the DTLS handshake is received before the
remote address is set, we would have to wait until another SSL packet
arrives.

As of Chrome M47's optimizations to their handshake process, WebRTC
conversations between Chrome M47+ and Asterisk, where Asterisk is passive,
experience a 1 second delay without this patch, because the SSL handshake
is received before ICE negotation stores the remote_address, and the next
SSL packet isn't received until after a 1 second timeout in Chrome, which
causes a new handshake request.

ASTERISK-25614 #close

Change-Id: I547f1be7e302dbf71f6553dd8cbc0657b1d0b908
2015-12-15 07:31:18 -06:00
Steve Davies
d982b99e71 Further fixes to improper usage of scheduler
When ASTERISK-25449 was closed, a number of scheduler issues mentioned in
the comments were missed. These have since beed raised in ASTERISK-25476
and elsewhere.

This patch attempts to collect all of the scheduler issues discovered so
far and address them sensibly.

ASTERISK-25476 #close

Change-Id: I87a77d581e2e0d91d33b4b2fbff80f64a566d05b
2015-11-12 11:46:43 +00:00
Joshua Colp
7cbb091110 Merge "res/res_rtp_asterisk.c: Fix incorrect assignment of frame->subclass.frame_ending" 2015-10-07 11:58:58 -05:00
StefanEng86
cc131832aa res/res_rtp_asterisk.c: Fix incorrect assignment of frame->subclass.frame_ending
In ast_rtp_read, the value of the variable 'mark' which we try to assign to a
frame->subclass.frame_ending may be 0, 1 or (1<<23), but we should translate
it to 0 or 1.

ASTERISK-25451 #close
Change-Id: I53bdf5c026041730184a6a809009c028549ce626
2015-10-07 15:49:33 +02:00
Matt Jordan
4bf395e81e res/res_rtp_asterisk: Fix assignment after ao2 decrement
When we decide we will no longer schedule an RTCP write, we remove the
reference to the RTP instance, then assign -1 to the stored scheduler ID
in case something else comes along and wants to see if anything is scheduled.

That scheduler ID is on the RTP instance. After 60a9172d7e was merged to
fix the regression introduced by 3cf0f29310, this improper assignment on a
potentially destroyed object started getting tripped on the build agents.

Frankly, this should have been crashing a lot more often earlier. I can only
assume that the timing was changed just enough by both changes to start
actually hitting this problem.

As it is, simply moving the assignment prior to the ao2 deference is sufficient
to keep the RTP instance from being referenced when it is very, truly,
aboslutely dead.

(Note that it is still good practice to assign -1 to the scheduler ID when we
know we won't be scheduling it again, as the ao2 deref *may* not always destroy
the ao2 object.)

ASTERISK-25449

Change-Id: Ie6d3cb4adc7b1a6c078b1c38c19fc84cf787cda7
2015-10-06 20:51:48 -05:00
Matt Jordan
8cb614fe20 Fix improper usage of scheduler exposed by 5c713fdf18
When 5c713fdf18 was merged, it allowed for scheduled items to have an ID of
'0' returned. While this was valid per the documentation for the API, it was
apparently never returned previously. As a result, several users of the
scheduler API viewed the result as being invalid, causing them to reschedule
already scheduled items or otherwise fail in interesting ways.

This patch corrects the users such that they view '0' as valid, and a returned
ID of -1 as being invalid.

Note that the failing HEP RTCP tests now pass with this patch. These tests
failed due to a duplicate scheduling of the RTCP transmissions.

ASTERISK-25449 #close

Change-Id: I019a9aa8b6997584f66876331675981ac9e07e39
2015-10-06 07:40:29 -05:00
Joshua Colp
9f229d6a49 res_rtp_asterisk: Move "Set role" warning to be debug.
In practice the set_role API callback can be invoked even
when no ICE is present on an RTP instance. This can occur
if ICE has not been enabled on it.

ASTERISK-25438 #close

Change-Id: I0e17e4316f0f0d7f095c78c3d4fd73a913b6ba69
2015-09-30 13:46:00 -05:00
David M. Lee
8e5ed27a16 res_rtp_asterisk: Add more ICE debugging
In working through a recent ICE negotiation bug, I found the debug
logging in res_rtp_asterisk to be lacking. This patch adds a number of
debug and warning statements that were helpful.

Change-Id: I950c6d8f13a41f14b3d6334b4cafe7d4e997be80
2015-09-08 15:50:26 -05:00
David M. Lee
27c89053b0 Fix when remote candidates exceed PJ_ICE_MAX_CAND
We were passing the wrong count into pj_ice_sess_create_check_list(),
causing the create to fail if we ever received more than PJ_ICE_MAX_CAND
candidates.

Change-Id: I0303d8e1ecb20a8de9fe629a3209d216c4028378
2015-09-04 16:13:52 -05:00
Richard Mudgett
1a549ed134 rtp_engine.c: Initial split of payload types into rx and tx mappings.
There are numerous problems with the current implementation of the RTP
payload type mapping in Asterisk.  It uses only one mapping structure to
associate payload types to codecs.  The single mapping is overkill if all
of the payload type values are well known values.  Dynamic payload type
mappings do not work as well with the single mapping because RFC3264
allows each side of the link to negotiate different dynamic mappings for
what they want to receive.  Not only could you have the same codec mapped
for sending and receiving on different payload types you could wind up
with the same payload type mapped to different codecs for each direction.

1) An independent payload type mapping is needed for sending and
receiving.

2) The receive mapping needs to keep track of previous mappings because of
the slack to when negotiation happens and current packets in flight using
the old mapping arrive.

3) The transmit mapping only needs to keep track of the current negotiated
values since we are sending the packets and know when the switchover takes
place.

* Needed to create ast_rtp_codecs_payload_code_tx() and make some callers
use the new function because ast_rtp_codecs_payload_code() was used for
mappings in both directions.

* Needed to create ast_rtp_codecs_payloads_xover() for cases where we need
to pass preferred codec mappings to the peer channel for early media
bridging or when we need to prefer the offered mapping that RFC3264 says
we SHOULD use.

* ast_rtp_codecs_payloads_xover() and ast_rtp_codecs_payload_code_tx() are
the only new public functions created.  All the others were only used for
the tx or rx mapping direction so the function doxygen now reflects which
direction the function operates.

* chan_mgcp.c: Removed call to ast_rtp_codecs_payloads_clear() as doing
that makes no sense when processing an incoming SDP.  We would be wiping
out any mappings that we set for the possible outgoing SDP we sent
earlier.

ASTERISK-25166
Reported by: Kevin Harwell

ASTERISK-17410
Reported by: Boris Fox

Change-Id: Iaf6c227bca68cb7c414cf2fd4108a8ac98bd45ac
2015-08-19 17:09:58 -05:00
Joshua Colp
58effbc3f6 Merge "res_rtp_asterisk.c: Fix off-nominal crash potential." 2015-08-07 05:18:06 -05:00
Joshua Colp
7351d33a1f res_rtp_asterisk: Don't leak temporary key when enabling PFS.
A change recently went in which enabled perfect forward secrecy for
DTLS in res_rtp_asterisk. This was accomplished two different ways
depending on the availability of a feature in OpenSSL. The fallback
method created a temporary instance of a key but did not free it.
This change fixes that.

ASTERISK-25265

Change-Id: Iadc031b67a91410bbefb17ffb4218d615d051396
2015-08-05 10:25:53 -05:00
Richard Mudgett
33a465249b res_rtp_asterisk.c: Fix off-nominal crash potential.
ASTERISK-25296
Reported by: Richard Mudgett

Change-Id: I08549fb7c3ab40a559f41a3940f3732a4059b55b
2015-07-30 17:11:58 -05:00
Mark Duncan
1d081ec970 res/res_rtp_asterisk: Add ECDH support
This will add ECDH support to Asterisk. It will
detect auto ECDH support in OpenSSL
(1.0.2b and above) during ./configure. If this is
available, it will use it,
otherwise it will fall back to prime256v1 (this
behavior is consistent with
other projects such as Apache and nginx).

This fixes WebRTC being broken in Firefox 38+ due
to Firefox now only supporting
ciphers with perfect forward secrecy.

ASTERISK-25265 #close

Change-Id: I8c13b33a2a79c0bde2e69e4ba6afa5ab9351465b
2015-07-29 11:24:49 +09:00
Mark Michelson
2b42264e66 res_pjsip: Add rtp_keepalive endpoint option.
This adds an "rtp_keepalive" option for PJSIP endpoints. Similar to the
chan_sip option, this specifies an interval, in seconds, at which we
will send RTP comfort noise frames. This can be useful for keeping RTP
sessions alive as well as keeping NAT associations alive during lulls.

ASTERISK-25242 #close
Reported by Mark Michelson

Change-Id: I3b9903d99e35fe5d0b53ecc46df82c750776bc8d
2015-07-20 12:37:01 -05:00
Joshua Colp
9276415f65 res_rtp_asterisk: Ensure DTLS timeout timer is -1 if DTLS is not used.
This change fixes a bug where the DTLS timeout timer would be
initialized to 0 if DTLS was not used for an RTP session.

ASTERISK-25103

Change-Id: If8d26bb054f1d300838850da5b8db9044c2fe2ac
2015-07-08 04:28:21 -05:00
Joshua Colp
5717340ab3 res_rtp_asterisk: Prevent simultaneous access to DTLS SSL context.
This change moves logic for setting up the DTLS SSL contexts to
when the SDP is done being processed instead of when ICE negotiation
completes. It also stops handshakes from being initiated when we
are acting as a server.

Manipulating the SSL context when ICE negotiation has completed
is problematic as the SSL context is not protected and if acting
as a client the remote side may have started DTLS negotiation
already.

The retransmission timeout timer code has also been split up
and simplified some. Both RTP and RTCP now have their own timers
and the points at which the timer is stopped and started is now
more specific. When a packet is sent the timer is started. When
a response is received but before it is processed the timer is
stopped. This provides a guarantee that the timeout is not
occurring while the response is processed.

ASTERISK-22805 #close
ASTERISK-24550 #close
ASTERISK-24651 #close
ASTERISK-24832 #close
ASTERISK-25103 #close
ASTERISK-25127 #close

Change-Id: Ib75ea2546f29d6efc3d2d37c58df6986c7bd9b91
2015-07-07 14:31:32 -05:00
Joshua Colp
35ff01823b Merge "AST_MODULE_INFO: Format corrections to the usages of AST_MODULE_INFO macro." 2015-05-14 05:03:43 -05:00
Rodrigo Ramírez Norambuena
eec010829a AST_MODULE_INFO: Format corrections to the usages of AST_MODULE_INFO macro.
Change-Id: Icf88f9f861c6b2a16e5f626ff25795218a6f2723
2015-05-13 16:34:23 -05:00
Yousf Ateya
2ab5d22c0d res_rtp_asterisk: Correction for the limit which detects that a packet is DTLS.
First byte of DTLS packet shall be in range 20-63, not 20-64. Refer to RFC
https://tools.ietf.org/html/rfc5764#section-5.1.2 for correct values.

Change-Id: Iae6fa0d72b37c36a27fe40686e0ae6fba3afec31
2015-05-10 16:28:26 +02:00
Sean Bright
63c71c9f4a res_rtp_asterisk: Issue ERROR if res_srtp is not found.
While trying to get WebRTC working with chan_pjsip, I was running
into the following error:

    Attempted to set an invalid DTLS-SRTP configuration on RTP
    instance...

Josh helpfully pointed out that res_srtp.so might not be loaded, and
sure enough, it wasn't. This patch adds a ERROR indiciating as much
to hopefully help others having a similar problem.

Change-Id: I13aa477b47b299876728a21b130998a0ea6cd19f
2015-05-08 13:34:18 -05:00
Steve Davies
5e96584829 res_rtp_asterisk: Resolve 2 discrete memory leaks in DTLS
ao2 ref leak in res_rtp_asterisk.c when a DTLS policy is created.
The resources are linked into a table, but the original alloc refs
are never released. ast_strdup leak in rtp_engine.c. If
ast_rtp_dtls_cfg_copy() is called twice on the same destination struct,
a pointer to an alloc'd string is overwritten before the string is free'd.

ASTERISK-25022
Reported by: one47

Change-Id: I62a8ceb8679709f6c3769136dc6aa9a68202ff9b
2015-04-28 06:57:44 -05:00