This reverts commit d524ad523d.
Reason for revert: This causes Contact and Via headers to have the wrong
transport address.
ASTERISK-28309 #close
Change-Id: Ibba4d6176f68e39279fcd9a545f81d56e747bed8
When a contact was removed by the registrar it did not always check to see if
the circumstances involved a monitored reliable transport. For instance, if the
'remove_existing' option was set to 'true' then when existing contacts were
removed due to 'max_contacts' being reached, those existing contacts being
removed did not unregister the transport monitor.
Also, it was possible to add more than one monitor on a reliable transport for
a given aor and contact.
This patch makes it so all contact removals done by the registrar also remove
any associated transport monitors if necessary. It also makes it so duplicate
monitors cannot be added for a given transport.
ASTERISK-28213
Change-Id: I94b06f9026ed177d6adfd538317c784a42c1b17a
To prevent one subsystem's taskprocessors from causing others
to stall, new capabilities have been added to taskprocessors.
* Any taskprocessor name that has a '/' will have the part
before the '/' saved as its "subsystem".
Examples:
"sorcery/acl-0000006a" and "sorcery/aor-00000019"
will be grouped to subsystem "sorcery".
"pjsip/distributor-00000025" and "pjsip/distributor-00000026"
will bn grouped to subsystem "pjsip".
Taskprocessors with no '/' have an empty subsystem.
* When a taskprocessor enters high-water alert status and it
has a non-empty subsystem, the subsystem alert count will
be incremented.
* When a taskprocessor leaves high-water alert status and it
has a non-empty subsystem, the subsystem alert count will be
decremented.
* A new api ast_taskprocessor_get_subsystem_alert() has been
added that returns the number of taskprocessors in alert for
the subsystem.
* A new CLI command "core show taskprocessor alerted subsystems"
has been added.
* A new unit test was addded.
REMINDER: The taskprocessor code itself doesn't take any action
based on high-water alerts or overloading. It's up to taskprocessor
users to check and take action themselves. Currently only the pjsip
distributor does this.
* A new pjsip/global option "taskprocessor_overload_trigger"
has been added that allows the user to select the trigger
mechanism the distributor uses to pause accepting new requests.
"none": Don't pause on any overload condition.
"global": Pause on ANY taskprocessor overload (the default and
current behavior)
"pjsip_only": Pause only on pjsip taskprocessor overloads.
* The core pjsip pool was renamed from "SIP" to "pjsip" so it can
be properly grouped into the "pjsip" subsystem.
* stasis taskprocessor names were changed to "stasis" as the
subsystem.
* Sorcery core taskprocessor names were changed to "sorcery" to
match the object taskprocessors.
Change-Id: I8c19068bb2fc26610a9f0b8624bdf577a04fcd56
The context specified by 'regcontext' was not being created, so when Asterisk
attempted to later dynamically add an extension it would fail. This patch now
creates the context if a 'regcontext' is specified.
ASTERISK-28238
Change-Id: I0f36cf4ab0a93ff4b1cc5548d617ecfd45e09265
The transport management code that checks for idle connections keeps a
reference to PJSIP's transport for IDLE_TIMEOUT milliseconds (32000 by
default). Because of this, if the transport is closed before this
timeout, the idle checking code will keep the transport from actually
being shutdown until the timeout expires.
Rather than passing the AO2 object to the scheduler task, we just pass
its key and look it up when it is time to potentially close the idle
connection. The other transport management code handles cleaning up
everything else for us.
Additionally, because we use the address of the transport when
generating its name, we concatenate an incrementing ID to the end of the
name to guarantee uniqueness.
Related to ASTERISK~28231
Change-Id: I02ee9f4073b6abca9169d30c47aa69b5e8ae9afb
The commit I2f97ebfa79969a36a97bb7b9afd5b6268cf1a07d removed sending out
the ContactStatus AMI event when a contact is updated.
Thist change broke things which rely on old behavior.
This patch adds a new PJSIP global configuration option
'send_contact_status_on_update_registration' to be able to preserve old
ContactStatus behavior.
By default new behavior, i.e. the ContactStatus event will not be sent when a
device refreshes its registration.
Change-Id: I706adf7584e7077eb6bde6d9799ca408bc82ce46
When a channel snapshot was created it used to be done
from scratch, copying all data (many strings). This incurs
a cost when doing so.
This change segments the channel snapshot into different
components which can be reused if unchanged from the
previous snapshot creation, reducing the cost. In normal
cases this results in some pointers being copied with
reference count being bumped, some integers being set,
and a string or two copied. The other benefit is that it
is now possible to determine if a channel snapshot update
is redundant and thus stop it before a message is published
to stasis.
The specific segments in the channel snapshot were split up
based on whether they are changed together, how often they
are changed, and their general grouping. In practice only
1 (or 0) of the segments actually get changed in normal
operation.
Invalidation is done by setting a flag on the channel when
the segment source is changed, forcing creation of a new
segment when the channel snapshot is created.
ASTERISK-28119
Change-Id: I5d7ef3df963a88ac47bc187d73c5225c315f8423
Replace usage of ao2_container_alloc with ao2_container_alloc_hash or
ao2_container_alloc_list. Remove ao2_container_alloc macro.
Change-Id: I0907d78bc66efc775672df37c8faad00f2f6c088
When Asterisk's taskprocessors get overloaded we need to reduce the work
load. res_pjsip currently ignores new SIP requests and relies on SIP
retransmissions in the hope that the overload condition will clear soon
enough to handle the retransmitted SIP request.
This change adds the following code after ast_taskprocessor_alert_get()
has returned TRUE:
1- identifies transport type. If non-udp then send a 503 response
2- if transport type is udp/udp6 then ignore, as before.
Change-Id: I1c230b40d43a254ea0f226b7acf9ee480a5d3836
This patch adds new options 'trust_connected_line' and 'send_connected_line'
to the endpoint.
The option 'trust_connected_line' is to control if connected line updates
are accepted from this endpoint.
The option 'send_connected_line' is to control if connected line updates
can be sent to this endpoint.
The default value is 'yes' for both options.
Change-Id: I16af967815efd904597ec2f033337e4333d097cd
Add a new global flag to res_pjsip to allow the callerid to be used
as the username in the contact header. This allows chan_pjsip to have
the same behavour as chan_sip
ASTERISK-28087 #close
Change-Id: I9a720e058323f6862a91c62f8a8c1a4b5c087b95
This change implements a few different generic things which were brought
on by Google Voice SIP.
1. The concept of flow transports have been introduced. These are
configurable transports in pjsip.conf which can be used to reference a
flow of signaling to a target. These have runtime configuration that can
be changed by the signaling itself (such as Service-Routes and
P-Preferred-Identity). When used these guarantee an individual connection
(in the case of TCP or TLS) even if multiple flow transports exist to the
same target.
2. Service-Routes (RFC 3608) support has been added to the outbound
registration module which when received will be stored on the flow
transport and used for requests referencing it.
3. P-Associated-URI / P-Preferred-Identity (RFC 3325) support has been
added to the outbound registration module. If a P-Associated-URI header
is received it will be used on requests as the P-Preferred-Identity.
4. Configurable outbound extension support has been added to the outbound
registration module. When set the extension will be placed in the
Supported header.
5. Header parameters can now be configured on an outbound registration
which will be placed in the Contact header.
6. Google specific OAuth / Bearer token authentication
(draft-ietf-sipcore-sip-authn-02) has been added to the outbound
registration module.
All functionality changes are controlled by pjsip.conf configuration
options and do not affect non-configured pjsip endpoints otherwise.
ASTERISK-27971 #close
Change-Id: Id214c2d1c550a41fcf564b7df8f3da7be565bd58
This patch sets the callerid_tag to empty string by default.
If the callerid_tag is set to NULL then the tag does not
become part of a connected line update.
For example:
Alice's tag is "Alice".
Bob's tag is empty.
Charlie's tag is "Charlie".
Alice calls Bob and then does attended transfer to Charlie.
When Alice hangs up the CONNECTEDLINE(tag) is "Alice"
on the interception routine on the Charlie's channel, but should be empty.
Ths patch also fix memory leaks if there are more then one options
"callerid", "callerid_tag", "voicemail_extension" and "contact_user"
in the pjsip.conf endpoint definition.
Change-Id: I86ba455c4677ca8d516d9a04ce7fb4d24dd576e4
CLI command 'pjsip show contacts' inefficiently make a lot of DB requests.
For example if there are 10k aors then asterisk requests these 10k records
of aor and then does 10k requests of contact - one request per aor.
Even if use 'like <pattern>' the asterisk requests all aor's and contact's
records and then filters them by itself.
This patch gathers contact's container by
- retrieving all dynamic contacts by regex (filtered by reg_server)
- retrieving all aors with permanent contacts
- finally filters container by regex
ASTERISK-28077 #close
Change-Id: Id0ad65d14952a02fb213273a90f3f680a8149618
This change brings in PJSIP 2.8, removes all the patches
that were merged upstream, and makes a minor change to
support a breaking change that was done.
ASTERISK-28059
Change-Id: I5097772b11b0f95c3c1f52df6400158666f0a189
Both pjsip_tx_data.tp_info.dst_name and pjsip_rx_data.pkt_info.src_name
store IPv6 addresses without enclosing brackets. This causes some log
output to be confusing because it is difficult to separate the IPv6
address from a port specification.
* Use pj_sockaddr_print() along with pjsip_tx_data.tp_info.dst_addr and
pjsip_rx_data.pkt_info.src_addr where possible for consistent IPv6
output.
* When a pj_sockaddr is not available, explicitly wrap IPv6 addresses
in brackets.
* When assigning pjsip_rx_data.pkt_info.src_name ourselves, make sure
to also set pjsip_rx_data.pkt_info.src_addr.
Change-Id: I5cfe997ced7883862a12b9c7d8551d76ae02fcf8
When a Contact is updated the only material change that qualify
support cares about is the underlying configuration for the AOR.
In this case we will update things with the new AOR information but
otherwise the callback to indicate the Contact has changed can be
ignored.
This is because it is only when a Contact is added or deleted that
material changes occur within the qualify support. An update can't
change the URI since it would result in a new Contact so it can be
ignored.
Change-Id: I2f97ebfa79969a36a97bb7b9afd5b6268cf1a07d
sip_options_get_endpoint_state_compositor_state leaked a reference to
the first available endpoint state compositor that was found.
Change-Id: Idb6be19f7219b6eed1dfb19c1e740dd40cb3fdc7
The authors of PJProject undef s_addr because of some issue in Microsoft
Windows. However in Oracle Solaris, s_addr is not a structure member, but
defined to map to the real structure member.
Updates the patch from ASTERISK_20366
ASTERISK-27997
Change-Id: I8223026d4d54e2a46521085fcc94bfa6ebe35b11
* Don't include pjlib.h twice in res_pjsip.h
* Consistently use #include <> form for pjproject includes.
(pjsip.h and pjlib.h)
Change-Id: I3f7b42044840de64edf7e9d7695cb60c45990dc7
A change recently went in which disabled the built-in PJSIP
keepalive. This defaulted to 90 seconds and kept TCP/TLS
connections alive. Disabling this functionality has resulted
in a behavior change of not doing keepalives by default resulting
in TCP/TLS connections dropping for some people.
This change makes our default keepalive interval 90 seconds
to match the previous behavior and preserve it.
ASTERISK-27978
Change-Id: Ibd9a45f3cbe5d9bb6d2161268696645ff781b1d6
* Use the replacement function ast_sip_push_task_wait_servant() instead of
the deprecated ast_sip_push_task_synchronous().
Change-Id: I145b550ba7054640c7faa3b644e63137f505c612
A problem I've seen countless times is a global or system section
for PJSIP not getting applied. This is inevitably the result of
the "type=" line missing. This change alleviates that problem.
The ability to specify an explicit section name has been
added to res_sorcery_config. If the configured section
name matches this and there are no unknown things configured
the section is taken as being for the given type.
Both the PJSIP "global" and "system" types now support this
so you can just name your section "global" or "system" and it
will be matched and used, even without a "type=" line.
ASTERISK-27972
Change-Id: Ie22723663c1ddd24f869af8c9b4c1b59e2476893
A new option 'suppress_q850_reason_headers' has been added to the
endpoint object. Some devices can't accept multiple Reason headers and
get confused when both 'SIP' and 'Q.850' Reason headers are received.
This option allows the 'Q.850' Reason header to be suppressed.
The default value is 'no'.
ASTERISK-27949
Reported-by: Ross Beer
Change-Id: I54cf37a827d77de2079256bb3de7e90fa5e1deb1
Using the keep_alive_interval option can result in a deadlock between the
pjproject transport manager group lock and the monitored transports ao2
container lock. The pjproject transport manager group lock has to be
superior in the locking order to the monitored transports ao2 container
lock because of pjproject callbacks called when already holding the group
lock. The lock inversion happens when Asterisk attempts to send a keep
alive packet over the reliable transports.
* Made keepalive_transport_thread() iterate over the monitored transports
container rather than use the ao2_callback() method. This avoids holding
the container lock when sending the keep alive packet.
ASTERISK-26686
Change-Id: I5d5392a52e698bbe41a93f7d8e92bf0e61fe3951
The Websocket transport uses the built-in HTTP server. As a result
the TLS configuration is done in http.conf and not in pjsip.conf.
This change adds a warning if this is configured in pjsip.conf and
also clarifies in the sample configuration file.
Change-Id: I187d994d328c3ed274b6754fd4c2a4955bdc6dd9
pjproject by default currently will follow media forked during an INVITE
on outbound calls if the To tag is different on a subsequent response as
that on an earlier response. We handle this correctly. There have
been reported cases where the To tag is the same but we still need to
follow the media. The pjproject patch in this commit adds the
capability to sip_inv and also adds the capability to control it at
runtime. The original "different tag" behavior was always controllable
at runtime but we never did anything with it and left it to default to
TRUE.
So, along with the pjproject patch, this commit adds options to both the
system and endpoint objects to control the two behaviors, and a small
logic change to session_inv_on_media_update in res_pjsip_session to
control the behavior at the endpoint level.
The default behavior for "different tags" remains the same at TRUE and
the default for "same tag" is FALSE.
Change-Id: I64d071942b79adb2f0a4e13137389b19404fe3d6
ASTERISK-27936
Reported-by: Ross Beer
* Fix several instances where we were bumping a ref in the parameter and
then unrefing the object if it failed. The way the AST_VECTOR_APPEND()
and AST_VECTOR_REPLACE() macros are implemented means if it fails the new
value was never evaluated.
Change-Id: I2847872a455b11ea7e5b7ce697c0a455a1d0ac9a
When endpoint specific ACL rules block a SIP request they respond with a
403 forbidden. However, if an endpoint is not identified then a 401
unauthorized response is sent. This vulnerability just discloses which
requests hit a defined endpoint. The ACL rules cannot be bypassed to gain
access to the disclosed endpoints.
* Made endpoint specific ACL rules now respond with a 401 unauthorized
which is the same as if an endpoint were not identified. The fix is
accomplished by replacing the found endpoint with the artificial endpoint
which always fails authentication.
ASTERISK-27818
Change-Id: Icb275a54ff8e2df6c671a6d9bda37b5d732b3b32
Currentrly pjsip_options code does not handle the situation when the
AOR qualify options were changed.
Also there is no way to find out what qualify options are using.
This patch add CLI commands to show and synchronize Aor qualify options:
pjsip show qualify endpoint <id>
Show the current qualify options for all Aors on the PJSIP endpoint.
pjsip show qualify aor <id>
Show the PJSIP Aor current qualify options.
pjsip reload qualify endpoint <id>
Synchronize the qualify options for all Aors on the PJSIP endpoint.
pjsip reload qualify aor <id>
Synchronize the PJSIP Aor qualify options.
ASTERISK-27872
Change-Id: I1746d10ef2b7954f2293f2e606cdd7428068c38c
Currentrly pjsip_options code does not handle the situation when the
qualify options were changed in realtime database.
Only 'module reload res_pjsip' helps.
This patch add a check on contact add/update observers if the contact
qualify options are different than local aor qualify options.
If the qualify options were modified then synchronize
the pjsip_options AOR local state.
ASTERISK-27872
Change-Id: Id55210a18e62ed5d35a88e408d5fe84a3c513c62
This fixes build warnings found by GCC 8. In some cases format
truncation is intentional so the warning is just suppressed.
ASTERISK-27824 #close
Change-Id: I724f146cbddba8b86619d4c4a9931ee877995c84
* Increase maximum number of ciphers from 100 to 256 (or whatever
PJ_SSL_SOCK_MAX_CIPHERS is #define'd to)
* Simplify logic in cipher_name_to_id()
* Make signed/unsigned comparison consistent
Re: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897412
Reported by: Ondřej Holas
Change-Id: Iea620f03915a1b873e79743154255c3148a514e7
The OPTIONS support in PJSIP has organically grown, like many things in
Asterisk. It has been tweaked, changed, and adapted based on situations
run into. Unfortunately this has taken its toll. Configuration file
based objects have poor performance and even dynamic ones aren't that
great.
This change scraps the existing code and starts fresh with new eyes. It
leverages all of the APIs made available such as sorcery observers and
serializers to provide a better implementation.
1. The state of contacts, AORs, and endpoints relevant to the qualify
process is maintained. This state can be updated by external forces (such
as a device registering/unregistering) and also the reload process. This
state also includes the association between endpoints and AORs.
2. AORs are scheduled and not contacts. This reduces the amount of work
spent juggling scheduled items.
3. Manipulation of which AORs are being qualified and the endpoint states
all occur within a serializer to reduce the conflict that can occur with
multiple threads attempting to modify things.
4. Operations regarding an AOR use a serializer specific to that AOR.
5. AORs and endpoint state act as state compositors. They take input
from lower level objects (contacts feed AORs, AORs feed endpoint state)
and determine if a sufficient enough change has occurred to be fed further
up the chain.
6. Realtime is supported by using observers to know when a contact has
been registered. If state does not exist for the associated AOR then it
is retrieved and becomes active as appropriate.
The end result of all of this is best shown with a configuration file of
3000 endpoints each with an AOR that has a static contact. In the old
code it would take over a minute to load and use all 8 of my cores. This
new code takes 2-3 seconds and barely touches the CPU even while dealing
with all of the OPTIONS requests.
ASTERISK-26806
Change-Id: I6a5ebbfca9001dfe933eaeac4d3babd8d2e6f082