RFC says SIP headers look like:
HCOLON = *( SP / HTAB ) ":" SWS
SWS = [LWS] ; sep whitespace
LWS = [*WSP CRLF] 1*WSP ; linear whitespace
WSP = SP / HTAB ; from rfc2234
chan_sip implemented this:
HCOLON = *( LOWCTL / SP ) ":" SWS
LOWCTL = %x00-1F ; CTL without DEL
This discrepancy meant that SIP proxies in front of Asterisk with
chan_sip could pass on unknown headers with \x00-\x1F in them, which
would be treated by Asterisk as a different (known) header. For
example, the "To\x01:" header would gladly be forwarded by some proxies
as irrelevant, but chan_sip would treat it as the relevant "To:" header.
Those relying on a SIP proxy to scrub certain headers could mistakenly
get unexpected and unvalidated data fed to Asterisk.
This change fixes so chan_sip only considers SP/HTAB as valid tokens
before the colon, making it agree on the headers with other speakers of
SIP.
ASTERISK-26433 #close
AST-2016-009
Change-Id: I78086fbc524ac733b8f7f78cb423c91075fd489b
When an opus offer or answer was received that contained an
fmtp line with spaces between the attributes the module would
fail to properly parse it and crash due to recursion.
This change makes the module handle the space properly and
also removes the recursion requirement.
ASTERISK-26579
Change-Id: I01f53e5d9fa9f1925a7365f8d25071b5b3ac2dc3
The PJSIPShowRegistrationsInbound AMI command was just dumping out
all AORs which was pretty useless and resource heavy since it had
to get all endpoints, then all aors for each endpoint, then all
contacts for each aor.
PJSIPShowRegistrationInboundContactStatuses sends ContactStatusDetail
events which meets the intended purpose of the other command and has
significantly less overhead. Also, some additional fields that were
added to Contact since the original creation of the ContactStatusDetail
event have been added to the end of the event.
For compatibility purposes, PJSIPShowRegistrationsInbound is left
intact.
ASTERISK-26644 #close
Change-Id: I326f12c9ecb52bf37ba03f0748749de4da01490a
Occasionally SIP message transactions are not found when they should be.
In the particular case an incoming INVITE transaction is CANCELed but the
INVITE transaction cannot be found so a 481 response is returned for the
CANCEL. The problematic calls have a '_' character in the Via branch
parameter.
The problem is in the pjproject PJ_HASH_USE_OWN_TOLOWER feature's code.
The problem with the "own tolower" code is that it does not calculate the
same hash value as when the pj_tolower() function is used. The "own
tolower" code will erroneously modify the ASCII characters '@', '[', '\\',
']', '^', and '_'. Calls to pj_hash_calc_tolower() can use the
PJ_HASH_USE_OWN_TOLOWER substitute algorithm when enabled. Calls to
pj_hash_get_lower(), pj_hash_set_lower(), and pj_hash_set_np_lower() call
find_entry() which never uses the PJ_HASH_USE_OWN_TOLOWER algorithm. As a
result you may not be able to find a hash tabled entry because the
calculated hash values would differ.
* Simply disable PJ_HASH_USE_OWN_TOLOWER.
ASTERISK-26490 #close
Change-Id: If89bfdb5f301b8b685881a9a2a6e0c3c5af32253
Added back in a -g3, and an -O3 when DONT_OPTIMIZE is not set, to
the CFLAGS. Not sure how they went missing.
Also fixed an uninstall problem where we weren't removing the
symlink from libasteriskpj.so.2 to libasteriskpj.so. While I was
there, I fixed it for libasteriskssl as well.
Change-Id: I9e00873b1e9082d05b5549d974534b48a2142556
Increasing the testsuite shutdown timeout before forcibly killing
Asterisk allowed more events to be sent out. Some tests failed as
a result. The tests/channels/pjsip/statsd/registrations failed
because we now get the statsd events that a comment in the test
configuration stated couldn't be intercepted. Unfortunately, we
get a variable number of events because of internal status state
transition races generating redundant statsd events.
We were reporting redundant statsd PJSIP.registrations.state changes
for internal state changes that equated to the same thing publicly.
* Made update_client_state_status() filter out redundant statsd
updates.
ASTERISK-26527
Change-Id: If851c7d514bb530d9226e4941ba97dcf52000646
The latest Release candidate fails to create RTP streams when IPv6
is not available. Due to the changes made in September the ast_sockaddr
structure passed around to create these streams is always of AF_INET6
type, causing failure when used for IPv4. This patch adds a utility
function to check for availability of IPv6 and applies such check
at startup to determine how to create the ast_sockaddr structures.
ASTERISK-26617 #close
Change-Id: I627a4e91795e821111e1cda523f083a40d0e0c3e
The response from gmail calendar includes the string name
"caldav:calendar-data". res_calendar_caldav implements
the example included in RFC 4791: string "C:calendar-data".
When reading the calendar, res_calendar_caldav compare the
string and if does not match just discards the event.
This commit compares the response to both strings,
successfully loading gmail calendar events.
Writing to gmail calendar is working prior to this fix.
ASTERISK-26624
Reported by: Eduardo S. Libardi
Change-Id: Ia1eef10552ae616efb645d390f5ffe81260d7d4a
Use of the new logging is as simple as issuing the new CLI command or
setting the new pjproject.conf option.
Other options that can affect the logging are how you have the pjproject
log levels mapped to Asterisk log types in pjproject.conf and if you have
configured Asterisk to log the DEBUG type messages. Altering the
pjproject.conf level mapping shouldn't be necessary for most installations
as the default mapping is sensible. Configuring Asterisk to log the DEBUG
message type is standard practice for collecting debug information.
* Added CLI "pjproject set log level" command to dynamically adjust the
maximum pjproject log message level.
* Added CLI "pjproject show log level" command to see the currently set
maximum pjproject log message level.
* Added pjproject.conf startup section "log_level" option to set the
initial maximum pjproject log message level so all messages could be
captured from initialization.
* Set PJ_LOG_MAX_LEVEL to 6 to compile in all defined logging levels into
bundled pjproject. Pjproject will use the currently set run time log
level to determine if a log message is generated just like Asterisk
verbose and debug logging levels.
* In log_forwarder(), made always log enabled and mapped pjproject log
messages. DEBUG mapped log messages are no longer gated by the current
Asterisk debug logging level.
* Removed RAII_VAR() from res_pjproject.c:get_log_level().
ASTERISK-26630 #close
Change-Id: I6dca12979f482ffb0450aaf58db0fe0f6d2e5389
The recent change that made frame deferral into an API had a behavior
change to it. When frame deferral was completed, we would take all of
the deferred frames and queue them all onto the channel in one call to
ast_queue_frame_head(). Before frame deferral was API-ized, places that
performed manual frame deferral would actually take each deferred frame
and queue them onto the channel.
This change in behavior caused the confbridge_recording test to start
failing consistently. Without going too crazily deep into the details,
a channel was getting "stuck" in an ast_safe_sleep(). An AMI redirect
was attempting to break it out of the sleep, but because there were more
frames in the channel read queue than expected, the channel ended up
being unable to break from its sleep loop.
By restoring the behavior of individual frame queuing after deferral,
the test starts passing again.
Note, this points to a potential underlying issue pointing to an
"unbalance" that can occur when queuing multiple frames at once,
and so a follow-up issue is being created to investigate that
possibility.
Change-Id: Ied5dacacda06d343dea751ed5814a03364fe5a7d
OpenSSL 1.1.0 includes some major changes in the interface. See
https://wiki.openssl.org/index.php/1.1_API_Changes .
Status: Right now there are still a few deprecation notes with OpenSSL
1.1.0. But it's a start.
Changes:
* CRYPTO_LOCK is no longer available. Replace it with its value for now.
I don't completely understand what it is used for there.
* Remove several functions from libasteriskssl that seem to no longer be
needed.
* Structures have become opaque and are accesses with accessors.
* ERR_remove_thread_state() no longer needed.
* SSLv2 code now could no longer be used in 1.1.
ASTERISK-26109 #close
Change-Id: I5e29d477d486ca29b6aae0dc2f5dff960c1cb82b
Per RFC 7118 5.2, the SIP URI 'transport' parameter should advertise
'ws' when WebSockets are to be used as the transport. This applies to
both secure and insecure WebSockets.
There were two bugs in Asterisk with respect to this:
(1) The most egregious occurs in res_pjsip. There, we advertise 'ws' for
insecure websockets and 'wss' for secure websockets. While this
would seem to make sense - since 'WS' and 'WSS' are used for the Via
Transport parameter - this is not the case for the SIP URI. This
patch corrects that by registering the secure websockets with
pjproject using the shorthand 'WS', and by returning 'ws' when asked
for the transport parameter. Note that in pjproject, it is perfectly
valid to have multiple transports use the same shorthand.
(2) In chan_sip, we return an upper-case version of the transport 'WS'
instead of 'ws'. Since we should be strict in what we send and
liberal in what we accept (within reason), this patch lower-cases
the transport before appending it to the parameter.
ASTERISK-24330 #close
Reported by: cervajs, Inaki Baz Castillo
Change-Id: Iff77b645f8cc3b7cd35168a6676c26b147f22f42
There are quite a few odd GNU/Linux platforms. Just call all of them
linux-gnu.
Specifically this fixes building the Debian platforms mips64el and x32.
And maybe also others.
ASTERISK-26546 #close
Change-Id: I06ec4bd7f0ee1c84b6b24d81538223b07c4174b1
POSIX defines poll.h. sys/poll.h should not be used as it is c-library
internal header which may or may not exist. Notably in musl including
sys/poll.h generates warning of being incorrect.
Change-Id: Ib318c1c7142a737bcf3caa4d8d72560bebe39252
If a TCP/TLS connection was pending (not accepted and not timed out) during
unload of chan_sip, Asterisk would segfault when trying to send a signal to
a thread whose thread ID hadn't been recorded yet. This commit fixes that by
recording the thread ID before calling the blocking connect() syscall.
This was a regression introduced by 776a14386a.
The above wasn't enough to fix the segfault, which was now delayed to the
point where connect() timed out. Therefore, it was necessary to also remove
the SA_RESTART flag from the SIGURG sigaction so that pthread_kill() could be
used to interruput the connect() syscall.
This was a regression introduced by 5d313f51b9.
ASTERISK-26586 #close
Change-Id: I76fd9d47d56e4264e2629bce8ec15fecba673e7b
When retrieving RTCP stats for PJSIP channels, RTT values are unreliable.
RTT calculation is correct, but the data representation isn't. RTT is
represented by a 32-bit fixed-point number with the integer part in the
first 16 bits and the fractional part in the last 16 bits. In order to
get the RTT value, the fractional part is miscalculated, there is an
unnecessary 16 bit shift that causes overflow. Besides this there is
another mistake, when transforming the integer value to the fixed point
fractional part via bitwise operation, that loses precision.
* RTT fractional part is no longer shifted, avoiding overflow.
* RTT fractional part is transformed to its fixed-point value more
precisely.
* Fixed timeval2ntp() and ntp2timeval() second fraction conversions.
* Fixed NTP timestamp report logging. The usec was inexplicably
multiplied by 4096.
ASTERISK-26566 #close
Reported by Hector Royo Concepcion
Change-Id: Ie09bdabfee75afb3f1b8ddfd963e5219ada3b96f
Previously, a TLS server socket would only be restarted upon sip reload if the
bind address had changed. This commit adds checking for changes to TLS
parameters like certificate, ciphers, etc. so they get picked up without
requiring a reload of the entire chan_sip module. This does not affect open
connections in any way, but new connections will use the new TLS parameters.
The changes also apply to HTTP and Manager.
ASTERISK-26604 #close
Change-Id: I169e86cefc6dcd627c915134015a6a1ab1aadbe6
The two reasons why it might be used are that some systems do not
implement strerror in thread safe manner, and that strerror_r returns
the error code in the string in case there's no error message.
However, all of asterisk elsewhere uses strerror() and assumes it
to be thread safe. And in chan_mobile the errno is also explicitly
printed so neither of the above reasons are valid.
The reasoning to remove usage is that there are actually two versions
of strerror_r: XSI and GNU. They are incompatible in their return
value, and there's no easy way to figure out which one is being
used. glibc gives you the GNU version if _GNU_SOURCE is defined,
but the same feature test macro is needed for other symbols. On
all other systems you assumedly get XSI symbol, and compilation warnings
as well as non-working error printing.
Thus the easiest solution is to just remove strerror_r and use
strerror as rest of the code. Alternative is to introduce ast_strerror
in separate translation unit so it can request the XSI symbol in
glibc case, and replace all usage of strerror.
Change-Id: I84d35225b5642d85d48bc35fdf399afbae28a91d
A while back, a master-only change was made to check for librt which
should probably have been cherry-picked to 13 at that time. Sometime
between then and now, part of that change did make it into 13 but it
was incomplete and non-functional. This patch backports the rest
of the librt check and allows the link of libasteriskpj to use the
results.
Change-Id: I1424008fd8c90f389dda53162ec4a340b253a3c1
The download process now has a timeout which will cause wget to retry
if it stops retrieving data for 5 seconds and fetch and curl to timeout
if the whole retrieval take smore than 30 seconds.
If the tarball retrieval works, the MD5SUM file is retrieved from
the downloads site and the md5 checksum is verified.
If either the tarball retrieval or MD5SUM retrieval fails, or the
checksums don't match, the entire process is retried once. If it
fails again, any incomplete tarball is deleted.
.DELETE_ON_ERROR: was also added to the Makefile. Not only does
this delete the tarball on failure, it till also delete corrupted
library files from the pjproject source directory should they
fail to build correctly.
Tested all the way back to FreeBSD 9, CentOS 6, Debian 6 and
Ubuntu 14.
Change-Id: Iea7d33b96a31622ab1b6e54baebaf271959514e1
OpenBSD's 'find' doesn't take the -delete argument so you have to pipe
through 'xargs rm -rf'.
'echo -e' doesn't like \t starting a line. It just prints 't' which
causes the libasteriskpj.exports file to be garbage. They were just
cosmetic so they were removed.
librt doesn't exist so the link of libasteriskpj.so fails. It's not
actually needed for linux anyway so -lrt was removed from the link.
res_rtp_asterisk was failing to load because of an undefined
DTLS_method. '|| defined(LIBRESSL_VERSION_NUMBER)' was added to the #if
so DTLSv1_method is used instead.
ASTERISK-26608
Change-Id: I926ec95b0b69633231e3ad1d6e803b977272c49c
