When a configuration file in Asterisk is loaded
information about it is stored such that on a
reload it is not reloaded if nothing has changed.
This can be problematic when an error exists in
a configuration file in PJSIP since the error
will be output at start and not subsequently on
reload if the file is unchanged.
This change makes it so that if an error is
encountered when res_sorcery_config is loading
a configuration file a reload will always read
in the configuration file, allowing the error
to be seen easier.
Change-Id: If2e05a017570f1f5f4f49120da09601e9ecdf9ed
The flags of a previous selection could have been set within the
object 'srtp', for example, when the previous selection returned
failure after setting just 'some' flags. Now, not to clutter the
code, all possible flags are cleared first, and then the selected
flags are set as before.
ASTERISK-28903
Change-Id: I1b9d7aade7d5120244ce7e3a8865518cbd6e0eee
Added two unit tests, one for signing and another for verifying.
stir_shaken_sign checks to make sure that all the required parameters
are passed in and then signs the actual payload. If a signature is
produced and a payload returned as a result, the test passes.
stir_shaken_verify takes the signature from a signed payload to verify.
This unit test also verifies that all the required information is passed
in, and then attempts to verify the signature. If verification is
successful and a payload is returned, the test passes.
Change-Id: I9fa43380f861ccf710cd0f6b6c102a517c86ea13
The PJSIP packet logger now has the following CLI commands:
pjsip set logger pcap <filename>
When used this will create a pcap file containing the incoming
and outgoing SIP packets, in unencrypted form.
pjsip set logger verbose <on / off>
This allows you to toggle logging to verbose on and off.
pjsip set logger host <IP/subnet mask> add
This allows you to add an additional IP address or subnet
mask to logging, allowing you to log multiple instead of
just a single IP address or all traffic.
The normal "pjsip set logger host" CLI command has also been
expanded to allow subnet masks as well.
ASTERISK-28895
Change-Id: If5859161a72b0d7dd2d1f92d45bed88e0cd07d0e
A warning was triggered that there may be a problem regarding file
extension (which is correct and should not be set anyway). The warning
also appeared if there was dot within the path itself.
E.g.
[sales-queue-hold]
mode=playlist
entry=/var/www/domain.tld/moh/funky_music
The music played correctly but you get a warning message.
Now there will be a check if the position of a potential dot character
is after the last position of a slash character. This dot charachter
will be treated as a extension naming. Dots within the path then ignored.
ASTERISK-28892
Reported-By: Nicholas John Koch
Change-Id: I2ec35a613413affbf5fcc01c8c181eba24865b9e
This change adds the same variable functionality that
is available for originating a channel to the create
call. Now when creating a channel you can specify
dialplan variables to set instead of having to do another
API call.
ASTERISK-28896
Change-Id: If13997ba818136d7c070585504fc4164378aa992
1. Modify sip_resolve and sip_resolve_callback to request AAAA lookups
when an IPV6 transport type has been requested.
2. Rename all occurrences of pjsip_transport_get_type_name to
pjsip_transport_get_type_desc. This ensures that the log/debug info
shows whether the transport is IPv6 or IPv4.
3. Do not add the constant PJSIP_TRANSPORT_IPV6 to existing transport
types. This results in invalid values. Use a bitwise or instead.
ASTERISK-26780
Patches:
pjsip_resolver.c uploaded by Peter Sokolov (License #7070)
Change-Id: I8b1e298f8efa682d0a7644113258fe76d9889c58
Adds the "STIR_SHAKEN" dialplan function and an API call to add a
STIR_SHAKEN verification result to a channel. This information will be
held in a datastore on the channel that can later be queried through the
"STIR_SHAKEN" dialplan funtion to get information on STIR_SHAKEN results
including identity, attestation, and verify_result. Here are some
examples:
STIR_SHAKEN(count)
STIR_SHAKEN(0, identity)
STIR_SHAKEN(1, attestation)
STIR_SHAKEN(2, verify_result)
Getting the count can be used to iterate through the results and pull
information by specifying the index and the field you want to retrieve.
Change-Id: Ice6d52a3a7d6e4607c9c35b28a1f7c25f5284a82
Changed source and destination address fields in struct
pjsip_history_entry so that they are long enough to hold an IPv6
address.
ASTERISK-28854
Change-Id: Id65bb9aa961e9ecbcb500815e18170f774e34d3e
There are a lot of moving parts in this patch, but the focus of it is on
the verification of the signature using a public key located at the
public key URL provided in the JSON payload. First, we check the
database to see if we have already downloaded the key. If so, check to
see if it has expired. If it has, redownload from the URL. If we don't
have an entry in the database, just go ahead and download the public
key. The expiration is tested each time we download the file. After
that, read the public key from the file and use it to verify the
signature. All sanity checking is done when the payload is first
received, so the verification is complete once this point is reached.
The XML has also been added since a new config option was added to
general (curl_timeout). The maximum amount of time to wait for a
download can be configured through this option, with a low value by
default.
Change-Id: I3ba4c63880493bf8c7d17a9cfca1af0e934d1a1c
Recently code accessing nochecksums variable has been added without including #ifdef SO_NO_CHECK protection, while the variable is created only when such constant is defined.
ASTERISK-28852 #close
Change-Id: I381718893b80599ab8635f2b594a10c1000d595e
Some places in Asterisk did not treat the formats on a stream
as immutable when they are.
The ast_stream_get_formats function is now const to enforce this
and parts of Asterisk have been updated to take this into account.
Some violations of this were also fixed along the way.
An additional minor tweak is that streams are now allocated with
an empty format capabilities structure removing the need in various
places to check that one is present on the stream.
ASTERISK-28846
Change-Id: I32f29715330db4ff48edd6f1f359090458a9bfbe
Fixed it to copy the entire string from the requested endpoint body except tech-prefix.
ASTERISK-28847
Change-Id: I91b5f6708a1200363f3267b847dd6a0915222c25
This change fixes a few re-negotiation issues
uncovered with fax.
1. The fax support uses its own mechanism for
re-negotiation by conveying T.38 information in
its own frames. The new support for re-negotiating
when adding/removing/changing streams was also
being triggered for this causing multiple re-INVITEs.
The new support will no longer trigger when
transitioning between fax.
2. In off-nominal re-negotiation cases it was
possible for some state information to be left
over and used by the next re-negotiation. This
is now cleared.
ASTERISK-28811
ASTERISK-28839
Change-Id: I8ed5924b53be9fe06a385c58817e5584b0f25cc2
MODULEINFO is checked while buidling/linking the module.
AST_MODULE_INFO is checked while loading/running the module.
ASTERISK-28838
Change-Id: I4bb868532ca217fec1351885d99eb55c21b58042
When the receive buffer was flushed by a received packet while it
already contained a packet with the same sequence number, Asterisk
never left the while loop which tried to order the packets.
This change makes it so if the packet is in the receive buffer it
is retrieved and freed allowing the buffer to empty.
ASTERISK-28827
Change-Id: Idaa376101bc1ac880047c49feb6faee773e718b3
When the ast_data_buffer_put rejects to add a packet, for example because
the buffer already contains a packet with the same sequence number, the
payload will never be freed, resulting in a memory leak.
The data buffer will now return an error if this situation occurs
allowing the caller to free the payload. The res_rtp_asterisk module
has also been updated to do this.
ASTERISK-28826
Change-Id: Ie6c49495d1c921d5f997651c7d0f79646f095cf1
By using pjproject to give us a list of candidates, and then filtering,
if the host has >32 addresses configured, then it is possible that we
end up filtering out all 32 of those, and ending up with no candidates
at all. Instead, get getifaddrs (which pjsip is using underlying
anyway) to retrieve all local addresses, and iterate those, adding the
first 32 addresses not excluded by the ICE ACL.
In our setup at any point in time We've got between 6 and 328 addresses
on any given system. The lower limit is the lower limit but the upper
limit is growing on a near daily basis currently.
Change-Id: I109eaffc3e2b432f00bf958e3caa0f38cacb4edb
Signed-off-by: Jaco Kroon <jaco@uls.co.za>
This reverts commit a3a2fbaec6.
Reason for revert: There is a lot of code that relies on the broken
behavior that this fixes.
Change-Id: I410c395a0168acbdaf89e616e3cb5e1312d190cb
When an AOR is modified endpoints are updated that reference
the AOR so they can start receiving updates and reflect the
correct state. If this is the case then we shouldn't change
the endpoint to be offline if it does not reference the AOR
but instead only when the endpoint is completely updated for
all its AORs.
ASTERISK-28056
patches:
pjsip_options-aor.diff submitted by jhord (license 6978)
Change-Id: I3ee00023be2393113cd4e056599f23f3499ef164
This unit test runs through combinations of...
* Local codecs
* Remote Codecs
* Codec Preference
* Incoming/Outgoing
A few new APIs were created to make it easier to test
the functionality but didn't result in any actual
functional change.
ASTERISK_28777
Change-Id: Ic8957c43e7ceeab0e9272af60ea53f056164f164
Based on this new endpoint setting, a joint list of preferred codecs
between those received from the Asterisk core (remote), and those
specified in the endpoint's "allow" parameter (local) is created and
is used to create the outgoing SDP offer.
* Add outgoing_call_offer_pref to pjsip_configuration (endpoint)
* Add "call_direction" to res_pjsip_session.
* Update pjsip_session_caps.c to make the functions more generic
so they could be used for both incoming and outgoing.
* Update ast_sip_session_create_outgoing to create the
pending_media_state->topology with the results of
ast_sip_session_create_joint_call_stream().
* The endpoint "preferred_codec_only" option now automatically sets
AST_SIP_CALL_CODEC_PREF_FIRST in incoming_call_offer_pref.
* A helper function ast_stream_get_format_count() was added to
streams to return the current count of formats.
ASTERISK-28777
Change-Id: Id4ec0b4a906c2ae5885bf947f101c59059935437
This change provides functions that take in a JSON payload, verify that
the contents contain all the mandatory fields and required values (if
any), and signs the payload with the private key. Four fields are added
to the payload: x5u, attest, iat, and origid. As of now, these are just
placeholder values that will be set to actual values once the logic is
implemented for what to do when an actual payload is received, but the
functions to add these values have all been implemented and are ready to
use. Upon successful signing and the addition of those four values, a
ast_stir_shaken_payload is returned, containing other useful information
such as the algorithm and signature.
Change-Id: I74fa41c0640ab2a64a1a80110155bd7062f13393
RFC5621 requires any content type with a Content-Disposition
with handling=required to be rejected with a 415 response
ASTERISK-28782 #close
Change-Id: Iad969df75936730254b95c1a8bc3b48497070bb4
When an outgoing channel is created a list of formats may
optionally be provided which is used as a request that the
formats be used if possible. If an endpoint is not configured
for any of the formats we ignore this request and use what is
configured. This has the side effect of also including other
stream types (such as video) that were not present in the
requested formats.
This change makes it so that the intention of the request is
preserved - that is if only an audio format is requested then
even if there is no joint audio format between the request and
the configuration we will still only place an audio stream in
the outgoing call.
ASTERISK-28787
Change-Id: Ia54c0c63e94aca176169b9bae4bb8a8380ea245f
This commit sets up some of the initial framework for the module and
adds a way to read the private key from the specified file, which will
then be appended to the certificate object. This works fine for now, but
eventually some other structure will likely need to be used to store all
this information. Similarly, the caller_id_number is specified on the
certificate config object, but in the end we will want that information
to be tied to the certificate itself and read it from there.
A method has been added that will retrieve the private key associated
with the caller_id_number passed in. Tab completion for certificates and
stores has also been added.
Change-Id: Ic4bc1416fab5d6afe15a8e2d32f7ddd4e023295f
When examining a stream to determine hold/unhold information we
only care about the default audio stream. Other streams aren't
used for hold/unhold.
ASTERISK-28784
Change-Id: I7a1f10f07822c4aee1f98a38b9628849b578afe4
When the Asterisk receives 200 OK with invalid SDP,
the Asterisk/PJPROJECT terminating the session.
But if the channel was in the Bridge, Asterisk tries send
the Re-Invite before terminating the session.
And when the Asterisk sending the Re-Invite, it doesn't check
the SDP is NULL or not. This crashes the Asterisk.
Fixed it to close the session correctly if the UAS sends the
200 OK with wrong SDP.
ASTERISK-28743
Change-Id: Ifa864e0e125b1a7ed2f3abd4164187e1dddc56da
The state of the default audio stream is used for hold/unhold so we
restrict it to sendrecv as the core does not handle when it changes as
a result of hold/unhold.
This restriction does not apply to other media types though so we now
only restrict it to audio. This allows the other default streams to
store their state at all values, and not just sendrecv and removed.
ASTERISK-28783
Change-Id: I139740f38cea7f7d92a876ec2631ef50681f6625
Do not hang up a PJSIP channel on RTP timeout if that channel is in
a direct-media bridge. Also reset the time of the last received RTP packet when
direct-media ends (wait full rtp_timeout period before checking first time after
audio came back to Asterisk).
ASTERISK-28774
Reported-by: Michael Neuhauser
Change-Id: I8b62012be7685849e8fb2b1c5dd39d35313ca2d1
A pure blacklist is not good enough, we need a whitelist mechanism as
well, and the simplest way to do that is to re-use existing ACL
infrastructure.
This makes it simpler to blacklist say an entire block (/24) except a
smaller block (eg, a /29 or even a /32). Normally you'd need to
recursively split the block, so if you want to blacklist a /24 except
for a /29 you'd end up with a blacklit for a /25, /26, /27 and /28. I
feel that having an ACL instead of a blacklist only is clearer.
Change-Id: Id57a8df51fcfd3bd85ea67c489c85c6c3ecd7b30
Signed-off-by: Jaco Kroon <jaco@uls.co.za>
bridge_p2p_rtp_write will forward rtp to the bridged rtp instance
without modifying the ssrc. However, it is not updating the SSRC
in the bridged rtp. Thus, when SSRC packets are generated, they
have the correct SSRC for the sender.
ASTERISK-28773 #close
Change-Id: I39f923bde28ebb4f0fddc926b92494aed294a478
If ICE support is enabled but not negotiated, the rtp->ice structure is
not being destroyed. This leads to Asterisk waiting for ICE to complete
instead of immediately starting the DTLS handshake, resulting in the
call leg having no RTP.
ASTERISK-28769 #close
Change-Id: I17c137546dc9ecfb9583c24dcf4c2ced8bbd7a27
