We still need to figure out how a bad header is getting into the
outgoing message but this patch to pjproject prevents attempting
to print that header and causing a crash.
For several users, this crash happens when sending 183 progress
messages.
ASTERISK-26832
Reported by: Ross Beer, Jan Rozhon
Change-Id: Ie5c5a921c890c843587763e7f33f987dfe66bd16
When an older GCC version is called with a too new warning option, GCC exited
with an error and Asterisk was not built. Therefore, the configure script tests
the installed compiler whether it supports that warning option. If not, Asterisk
does not pass it to the installed compiler. However, some compilers (like clang)
do not exit (error) but give just a warning in such a case. Because the compiler
did not exit, Asterisk passed the unknown-warning option.
ASTERISK-27560
Change-Id: Ia9d148e689c173df4e91699113605dab2de36038
When we fail over to a new target we create a new transaction
and it becomes the current INVITE transaction. This does not
prevent the previous transaction from raising state changes
and causing the session to be prematurely disconnected if a
transport error occurs immediately.
This change backports a fix from PJSIP that eliminates the
incorrect state change and reduces when they would be raised
in the first place.
ASTERISK-27408
Change-Id: Id22d087591782eee31311753d11e7eca4b95ef34
The definition in config_site.h and the argument to the
configure script are not necessary to disable WebRTC
support. The correct argument, --disable-libwebrtc, is
already passed.
ASTERISK-26980
Change-Id: I27da2c894f87914956a72710222e17462d8a44bc
If a 183 with sdp response is receive without a To tag the sdp is not
negotiated. According to RFC 3261 section 12.1.2 while a To tag is required,
the client needs to still be able to handle the missing tag case for
backwards compatibility.
This patch, accepted by and applied to pjproject, makes it so if an incoming
180/183 with SDP comes in without a To tag it gets appropriately handled.
ASTERISK-27442 #close
Change-Id: Ic9d6b01e05e8f4874eebbd7adfe05d932025d203
The default return code for pjsip_find_msg was PJ_SUCCESS so if
a Content-Length header wasn't found at all, pjsip_find_msg was
returning PJ_SUCCESS instead of PJSIP_EMISSINGHDR.
Also added the volatile keyword to a few variables that are used
both inside and outside the PJ_TRY/PJ_CATCH block.
Partial fix for ASTERISK_27408
Change-Id: If82ba9de921e3d57df9c68cf96ee45ccc1491f7a
Update from 2.7 to 2.7.1 for bundled pjproject. Changed version
and removed patch files included in the update.
Change-Id: I55cea8e734b318c2df9daf86aa0802c559ec8357
If a transport is created with the same transport type, source
IP address, and source port as one that already exists the old
transport is moved into a linked list called "tp_list".
If this old transport is later shutdown it will not be destroyed
as the process checks whether the transport is valid or not. This
check does not look at the "tp_list" when making the determination
causing the transport to not be destroyed.
This change updates the logic to query not just the main storage
method for transports but also the "tp_list".
Upstream issue https://trac.pjsip.org/repos/ticket/2061
ASTERISK-27411
Change-Id: Ic5c2bb60226df0ef1c8851359ed8d4cd64469429
Parsing the numeric header fields like cseq, ttl, port, etc. all
had the potential to overflow, either causing unintended values to
be captured or, if the values were subsequently converted back to
strings, a buffer overrun. To address this, new "strto" functions
have been created that do range checking and those functions are
used wherever possible in the parser.
* Created pjlib/include/limits.h and pjlib/include/compat/limits.h
to either include the system limits.h or define common numeric
limits if there is no system limits.h.
* Created strto*_validate functions in sip_parser that take bounds
and on failure call the on_str_parse_error function which prints
an error message and calls PJ_THROW.
* Updated sip_parser to validate the numeric fields.
* Fixed an issue in sip_transport that prevented error messages
from being properly displayed.
* Added "volatile" to some variables referenced in PJ_CATCH blocks
as the optimizer was sometimes optimizing them away.
* Fixed length calculation in sip_transaction/create_tsx_key_2543
to account for signed ints being 11 characters, not 9.
ASTERISK-27319
Reported by: Youngsung Kim at LINE Corporation
Change-Id: I48de2e4ccf196990906304e8d7061f4ffdd772ff
OpenSSL has 2 levels or error processing. It's possible for the
top layer to return SSL_ERROR_SYSCALL but the lower layer return
no error, in which case processing should continue. Only the top
layer was being examined though so connections were being torn
down when they didn't need to be. This patch adds the examination
of the lower level codes, and if they return no errors, allows
processing to continue.
ASTERISK-27001
Reported-by: Ian Gilmour
patches:
pjproject-2.6.patch submitted by Ian Gilmour (license 6889)
Updated-by: George Joseph and Sauw Ming (Teluu)
Merged to upstream pjproject on 7/27/2017 (commit 5631)
Change-Id: I23844ca0c68ef1ee550f14d46f6dae57d33b7bd2
The maximum packet size for PJSIP has been increased to handle the
multiple streams being added for WebRTC.
Change-Id: I9ea1e8d02668c544acadcb1c6200e1cc1bd588b3
When connected_line_method is "invite", we're supposed to determine
if the client can support UPDATE and if it can, send UPDATE instead
of INVITE to avoid the SDP renegotiation. Not only was pjproject
not setting the PJSIP_INV_SUPPORT_UPDATE flag, we were testing
that invite_tsx wasn't NULL which isn't always the case.
* Updated chan_pjsip/update_connected_line_information to drop the
requirement that invite_tsx isn't NULL.
* Submitted patch to pjproject sip_inv.c that sets the
PJSIP_INV_SUPPORT_UPDATE flag correctly.
* Updated pjsip.conf.sample to clarify what happens when "invite"
is specified.
ASTERISK-27095
Change-Id: Ic2381b3567b8052c616d96fbe79564c530e81560
When the Asterisk channel driver res_pjsip offers SIP-over-TLS, sometimes, not
reproducible, Asterisk crashed in pj_ssl_sock_get_info() because a NULL pointer
was read. This change avoids this crash.
ASTERISK-26927 #close
Change-Id: I24a6011b44d1426d159742ff4421cf806a52938b
0035-r5572-svn-backport-dialog-transaction-deadlock.patch
0036-r5573-svn-backport-ua-pjsua-transaction-deadlock.patch
0037-r5576-svn-backport-session-timer-crash.patch
Also removed the progress bar from wget download to stdout.
ASTERISK-26905 #close
Reported-by: Ross Beer
Change-Id: I268fb3cf71a3bb24283ff0d24bd8b03239d81256
This change adds a PJSIP patch (which has been contributed upstream)
to allow the registration of IPv6 transport types.
Using this the res_pjsip_transport_websocket module now registers
an IPv6 Websocket transport and uses it for the corresponding
traffic.
ASTERISK-26685
Change-Id: Id1f9126f995b31dc38db8fdb58afd289b4ad1647
* Removed all 2.5.5 functional patches.
* Updated usages of pj_release_pool to be "safe".
* Updated configure options to disable webrtc.
* Updated config_site.h to disable webrtc in pjmedia.
* Added Richard Mudgett's recent resolver patches.
Change-Id: Ib400cc4dfca68b3d07ce14d314e829bfddc252c7
* Re #1945 (misc): Don't trigger SRV complete callback when there is a
parse error.
* srv_resolver.c: Don't try to send query if already considered resolved.
** In resolve_hostnames() don't try to resolve a query that is already
considered resolved.
** In resolve_hostnames() fix DNS typo in comments.
** In build_server_entries() move a common expression assigning to cnt
earlier.
* sip_transport.c: Fix tdata object name to actually contain the pointer.
It helps if the logs referencing a tdata object buffer actually have a
name that includes the correct pointer as part of the name. Also since
the tdata has its own pool it helps if any logs referencing the pool have
the same name as the tdata object. This change brings tdata logging in
line with how tsx objects are named.
ASTERISK-26669 #close
ASTERISK-26738 #close
Change-Id: I56af2ded25476b3e870ca586ee69ed6954ef75af
This patch fixes 2 original issues and more that those 2 exposed.
* When we send a NOTIFY, and the client either doesn't respond or
responds with a non OK, pjproject only calls our
pubsub_on_evsub_state callback, no others. Since
pubsub_on_evsub_state (which does the sub_tree cleanup) does not
expect to be called back without the other callbacks being called
first, it just returns leaving the sub_tree orphaned. Now
pubsub_on_evsub_state checks the event for PJSIP_EVENT_TSX_STATE
which is what pjproject will set to tell us that it was the
transaction that timed out or failed and not the subscription
itself timing our or being terminated by the client. If is
TSX_STATE, pubsub_on_evsub_state now does the proper cleanup
regardless of the state of the subscription.
* When a client renews a subscription, we don't update the
persisted subscription with the new expires timestamp. This causes
subscription_persistence_recreate to prune the subscription if/when
asterisk restarts. Now, pubsub_on_rx_refresh calls
subscription_persistence_update to apply the new expires timestamp.
This exposed other issues however...
* When creating a dialog from rdata (which sub_persistence_recreate
does from the packet buffer) there must NOT be a tag on the To
header (which there will be when a client refreshes a
subscription). If there is one, pjsip_dlg_create_uas will fail.
To address this, subscription_persistence_update now accepts a flag
that indicates that the original packet buffer must not be updated.
New subscribes don't set the flag and renews do. This makes sure
that when the rdata is recreated on asterisk startup, it's done
from the original subscribe packet which won't have the tag on To.
* When creating a dialog from rdata, we were setting the dialog's
remote (SUBSCRIBE) cseq to be the same as the local (NOTIFY) cseq.
When the client tried to resubscribe after a restart with the
correct cseq, we'd reject the request with an Invalid CSeq error.
* The acts of creating a dialog and evsub by themselves when
recreating a subscription does NOT restart pjproject's subscription
timer. The result was that even if we did correctly recreate the
subscription, we never removed it if the client happened to go away
or send a non-OK response to a NOTIFY. However, there is no
pjproject function exposed to just set the timer on an evsub that
wasn't created by an incoming subscribe request. To address this,
we create our own timer using ast_sip_schedule_task. This timer is
used only for re-establishing subscriptions after a restart.
An earlier approach was to add support for setting pjproject's
timer (via a pjproject patch) and while that patch is still included
here, we don't use that call at the moment.
While addressing these issues, additional debugging was added and
some existing messages made more useful. A few formatting changes
were also made to 'pjsip show scheduled tasks' to make displaying
the subscription timers a little more friendly.
ASTERISK-26696
ASTERISK-26756
Change-Id: I8c605fc1e3923f466a74db087d5ab6f90abce68e
An earlier attempt to prevent pjsua from spitting out an extra 6795
lines of debug output every time the testsuite called it was also
turning off the ability for asterisk to output debug info when it
needed to. This patch reverts the earlier fix and instead adds
a pjproject patch that sets the startup log level to 1 for pjsua
pjsystest and the pjsua python binding. This is an asterisk-only
patch that does not affect pjproject functionality and will not be
submitted upstream.
Change-Id: I347a8b58b2626f2906ccfc1d339e907627a0c9e8
A while back, we changed config_site.h to set PJ_LOG_MAX_LEVEL = 6.
This allowed us to control the log level better from inside Asterisk.
An unfortunate side effect of this was that the pjsua binary and
python bindings were also compiled with log level set to 6 so whenever
a testsuite test that uses pjsua runs, it spits out 6795 lines of
debug in an instant even before the test starts. I believe this
overruns the Jenkins capture buffer and prevents the test from
properly terminating. In turn, this results in the testsuite just
hanging until the job is killed. It's more frequent on the higher
end agents because they can spit out the messages faster.
Unfortunately, the messages are all spit out before we have control
of the python pj.Lib instance where we can set logging levels so the
only alternative was to actually compile pjsua and _pjsua.so with an
overridden PJ_LOG_MAX_LEVEL. Although defining a lower max level was
done in the Makefile, the define in config_site.h had to be wrapped
with "#ifndef" so the change would take effect.
Change-Id: I2af9e7d48dde1927279c586c9c725d868fe6f3ff
Occasionally SIP message transactions are not found when they should be.
In the particular case an incoming INVITE transaction is CANCELed but the
INVITE transaction cannot be found so a 481 response is returned for the
CANCEL. The problematic calls have a '_' character in the Via branch
parameter.
The problem is in the pjproject PJ_HASH_USE_OWN_TOLOWER feature's code.
The problem with the "own tolower" code is that it does not calculate the
same hash value as when the pj_tolower() function is used. The "own
tolower" code will erroneously modify the ASCII characters '@', '[', '\\',
']', '^', and '_'. Calls to pj_hash_calc_tolower() can use the
PJ_HASH_USE_OWN_TOLOWER substitute algorithm when enabled. Calls to
pj_hash_get_lower(), pj_hash_set_lower(), and pj_hash_set_np_lower() call
find_entry() which never uses the PJ_HASH_USE_OWN_TOLOWER algorithm. As a
result you may not be able to find a hash tabled entry because the
calculated hash values would differ.
* Simply disable PJ_HASH_USE_OWN_TOLOWER.
ASTERISK-26490 #close
Change-Id: If89bfdb5f301b8b685881a9a2a6e0c3c5af32253
Use of the new logging is as simple as issuing the new CLI command or
setting the new pjproject.conf option.
Other options that can affect the logging are how you have the pjproject
log levels mapped to Asterisk log types in pjproject.conf and if you have
configured Asterisk to log the DEBUG type messages. Altering the
pjproject.conf level mapping shouldn't be necessary for most installations
as the default mapping is sensible. Configuring Asterisk to log the DEBUG
message type is standard practice for collecting debug information.
* Added CLI "pjproject set log level" command to dynamically adjust the
maximum pjproject log message level.
* Added CLI "pjproject show log level" command to see the currently set
maximum pjproject log message level.
* Added pjproject.conf startup section "log_level" option to set the
initial maximum pjproject log message level so all messages could be
captured from initialization.
* Set PJ_LOG_MAX_LEVEL to 6 to compile in all defined logging levels into
bundled pjproject. Pjproject will use the currently set run time log
level to determine if a log message is generated just like Asterisk
verbose and debug logging levels.
* In log_forwarder(), made always log enabled and mapped pjproject log
messages. DEBUG mapped log messages are no longer gated by the current
Asterisk debug logging level.
* Removed RAII_VAR() from res_pjproject.c:get_log_level().
ASTERISK-26630 #close
Change-Id: I6dca12979f482ffb0450aaf58db0fe0f6d2e5389
The PJ_ICE_MAX_CHECKS constant is used by pjproject to determine how
many pairs of local/remote candidates will be made. If for some reason
we reach this upper bound, ICE will generally fail and no media will
flow between the browser and Asterisk.
This patch makes PJ_ICE_MAX_CHECKS set to the total possible number of
pairs of candidates we'd theoretically allow, which is
PJ_ICE_MAX_CAND^2. Prior to this patch, we simply multiplied
PJ_ICE_MAX_CAND by two; on systems with multiple interfaces (I blame
Docker), this is far too low to allow WebRTC calls to succeed.
Setting this to be PJ_ICE_MAX_CAND^2 allowed WebRTC calls to succeed
even when the system Asterisk was running on had quite a few virtual
interfaces.
Change-Id: Icd4f17de0ac9d3a83dddfc8bf1cb7616bc107d55
PJPROJECT 2.5.5 introduced a race condition with the -r5349 IPv6 DNS
patch.
The patch below fixes a write to freed memory under cartain DNS lookup
conditions.
0006-r5477-svn-backport-Fix-DNS-write-on-freed-memory.patch
ASTERISK-26516
Reported by: Richard Mudgett
Change-Id: Ifdfae9ecf1e41b53080f33aab44ce1a220f349c5
The res_pjsip_sdp_rtp module did not restrict the number of
formats added to a media stream in the SDP to the defined
limit. If allow=all was used with additional loaded codecs this
could result in the next media stream being overwritten some.
This change restricts the module to limit it to the defined
maximum and also increases the maximum in our bundled pjproject.
ASTERISK-26541 #close
Change-Id: I0dc5f59d3891246cafa2f3df5ec406f088559ee8
In order for pjsua and its python binding to actually negotiate
audio for the testsuite tests, it needs g711 and resample. The
pj* libraries themselves do not. Unfortunately, pjproject relies
on a brand new libresample that most distros don't ship so we need
to use the libresample already bundled with pjproject. Only the pjsua
executable and the _pjsua.so python library are linked with it so it
shouldn't interfere with asterisk itself.
Also it was pointed out that apply_patches couldn't handle multiple
patches that depended on each other during the dry-run, so the
dry-run was removed.
Change-Id: I24f397462b486dcdde0dcafe40e6c55a6593f098
PJPROJECT 2.5.5 introduced a race condition with the -r5349 IPv6 DNS
patch.
The patches below fix the DNS lookup race condition crash caused by
attempting to send the same message twice for the single DNS lookup.
0006-r5471-svn-backport-Various-fixes-for-DNS-IPv6.patch
0006-r5473-svn-backport-Fix-pending-query.patch
The patch below removes a cached DNS response from the hash table when
another thread is referencing the old entry. The table still contained
the entry when it was destroyed which can result in inexplicable crashes.
0006-r5475-svn-backport-Remove-DNS-cache-entry.patch
ASTERISK-26344 #close
Reported by: Ian Gilmour
ASTERISK-26387 #close
Reported by: Harley Peters
Change-Id: I17fde80359e66f65a91341ceca58d914d0f61cc4
Older versions of tar don't support the --strip-components option so
instead of doing 'tar --strip-components=1 -C source', we now just
untar to the tarball's root directory (pjproject-<version>) and
rename that directory to 'source'.
Also fixed an issue where the pjproject source directory is a hard
coded absolute pathname.
ASTERISK-26510 #close
ASTERISK-22480 #close
Change-Id: I9ec92952507a91ff4e4d01e0149e09fd8e8f32b0
* CFLAGS is now properly set when using older gcc.
* All third-party pjproject targets have been removed. This fixes
an issue with older libsrtp in some distros.
* Manually removing the source directory now causes a rebuild.
* EXTERNALS_CACHE_DIR is now properly checked.
* Whitespace fixes.
Change-Id: I98fec6847efc5602a9f41cb95096fd660a49fa60
Addresses crashes when an attempt is made to operate on an SSL socket
after the socket has been closed.
ASTERISK-26477 #close
Change-Id: I421305b357558b4f9e690210dc0f4831ef4b3002
pjproject_bundled will now use the asterisk memory debugging APIs
if MALLOC_DEBUG is turned on in menuselect.
Because this required stubs for the executable programs and the python
bindings, some Makefile reorganization was needed to properly handle
the dependencies. As a result, the makefile now individually makes
each of the pjproject libraries separately instead of making them all
in 1 shot. The only visible change is that there are separate status
lines printed for each library instead oif 1 for all libs. Also, the
making of the pjproject dependency files was eliminated. They're not
needed for building unless you're actively modifying pjproject source
files and it makes the build process faster. Finally, any issues with
parallel builds should be resolved again making the build faster.
Change-Id: Icc5e3d658fbfb00e0a46b44c66dcc2522d5171b0
A name server that returns "Server Failure" is indicating only that
the server couldn't process that particular request. We should NOT
assume that the name server is incapable of serving other requests.
Here's the scenario we've been encountering...
* 2 local name servers configured in resolv.conf.
* An OPTIONS request causes a request for A and AAAA records to go out
to both nameservers.
* The A responses both come back successfully resolved.
* Because of an issue at some upstream nameserver, the AAAA responses
for that particular query come back as "SERVFAIL" from both local
name servers.
* Both local servers are marked as bad and no further queries can be
sent until the 60 second ttl expires. Only previously cached results
can be used.
* In this case, 60 seconds is just enough time for another OPTIONS
request to go out to the same host so the cycle repeats.
We could set the bad ttl really low but that also affects REFUSED and
NOTAUTH which probably DO signal a real server issue. Besides, even
a really low bad ttl would be an issue on a pbx.
Although we use our own resolver in 14 and master and don't have this
issue there, Teluu has merged this patch upstream so it's appropriate
to cherry-pick to 14 and master to keep pjproject consistent.
Change-Id: Ie03ba902288e274aff23f9b9bb2786e1e8be09e0
On heavy loaded system the TCP/TLS incoming calls could be
disconnected by pjproject while these calls are being
processed by asterisk which could use the session's memory pools.
If the session in the disconnected state then the session memory
pools were already freed, so we get segfault.
This patch adds a lifetime control on an INVITE session to pjproject.
The lifetime of the session is manipulated by calling
pjsip_inv_add_ref/pjsip_inv_dec_ref.
This patch uses these functions to inform pjproject that the
session is in use.
This patch adds check if the session state is not disconnected
and also checks if the memory pool is not NULL.
This patch also places tasks 'session_end' and 'session_end_completion'
into session's serializer to avoid race condition.
ASTERISK-26291 #close
Change-Id: I4d28b1fb3b91f0492a911d110049d670fdc3c8d7
The reason for the disable is that while Asterisk works fine with older
libsrtp versions, newer versions of pjproject won't compile with them.
Debian 6 for instance, has libsrtp 1.4.4 which is older than what
pjproject is expecting.
We don't use most of pjmedia but we DO use it for SDP negotiation.
Luckily disabling srtp in pjmedia doesn't interfere with it's ability
to negitiate a secure channel. The proper crypto attributes are
negotiated in both directions.
ASTERISK-26279 #close
Change-Id: Id25a92cdf3df97a26c53cffae65b6b82de33c8e2
PJProject supports a lot of platforms even Windows, some with different defaults
when it comes to IPv6. In many Linux platforms like Ubuntu 16.04 LTS,
"/proc/sys/net/ipv6/bindv6only" is set to 0 (false). Different than in Windows.
Because of this, if configured with just an IPv6 address/transport, PJProject
listens to both IPv4 and IPv6. However, this is not supported by the PJProject
team. As consequence, you end-up with IPv4-mapped IPv6 addresses in SDP,
incompatible with IPv4-only clients. Technically, you end-up with an IPv6-only
server which accepts incoming connections on IPv4.
If you try to configure two transports, one with IPv4 and one with IPv6 on the
same interface, as expected by the PJProject team, the IPv4 transport is not
able to bind because the IPv6 transport listens to both already.
One solution would be to change "/proc/sys/net/ipv6/bindv6only" system-wide.
Then, you are able to configure two transports, one for each IP version on the
same interface. That way, you get a server which works with IPv4 clients and
IPv6 clients at the same time over the same interface.
Here, this change sets this parameter directly within PJProject to match the
expectations of the PJProject team in any case. This allows IPv4/IPv6 Dual Stack
servers out of the box like in chan_sip. This change was accepted by the
PJProject team as <http://trac.pjsip.org/repos/changeset/5403> and is expected
to arrive in the next version, PJProject 2.6.0. Until then, this change is
incorporated in the bundled PJProject of Asterisk.
ASTERISK-26309
Change-Id: I3335d8718f79f4b2feae91b5b005a3ce684a63ae
