Commit Graph

34175 Commits

Author SHA1 Message Date
George Joseph
491256d7bf .github: Pass only single GATETEST_COMMAND to AsteriskGateComposite 2024-03-05 09:09:53 -07:00
George Joseph
628f8d7a43 Stir/Shaken Refactor
Why do we need a refactor?

The original stir/shaken implementation was started over 3 years ago
when little was understood about practical implementation.  The
result was an implementation that wouldn't actually interoperate
with any other stir-shaken implementations.

There were also a number of stir-shaken features and RFC
requirements that were never implemented such as TNAuthList
certificate validation, sending Reason headers in SIP responses
when verification failed but we wished to continue the call, and
the ability to send Media Key(mky) grants in the Identity header
when the call involved DTLS.

Finally, there were some performance concerns around outgoing
calls and selection of the correct certificate and private key.
The configuration was keyed by an arbitrary name which meant that
for every outgoing call, we had to scan the entire list of
configured TNs to find the correct cert to use.  With only a few
TNs configured, this wasn't an issue but if you have a thousand,
it could be.

What's changed?

* Configuration objects have been refactored to be clearer about
  their uses and to fix issues.
    * The "general" object was renamed to "verification" since it
      contains parameters specific to the incoming verification
      process.  It also never handled ca_path and crl_path
      correctly.
    * A new "attestation" object was added that controls the
      outgoing attestation process.  It sets default certificates,
      keys, etc.
    * The "certificate" object was renamed to "tn" and had it's key
      change to telephone number since outgoing call attestation
      needs to look up certificates by telephone number.
    * The "profile" object had more parameters added to it that can
      override default parameters specified in the "attestation"
      and "verification" objects.
    * The "store" object was removed altogther as it was never
      implemented.

* We now use libjwt to create outgoing Identity headers and to
  parse and validate signatures on incoming Identiy headers.  Our
  previous custom implementation was much of the source of the
  interoperability issues.

* General code cleanup and refactor.
    * Moved things to better places.
    * Separated some of the complex functions to smaller ones.
    * Using context objects rather than passing tons of parameters
      in function calls.
    * Removed some complexity and unneeded encapsuation from the
      config objects.

Resolves: #351
Resolves: #46

UserNote: Asterisk's stir-shaken feature has been refactored to
correct interoperability, RFC compliance, and performance issues.
See https://docs.asterisk.org/Deployment/STIR-SHAKEN for more
information.

UpgradeNote: The stir-shaken refactor is a breaking change but since
it's not working now we don't think it matters. The
stir_shaken.conf file has changed significantly which means that
existing ones WILL need to be changed.  The stir_shaken.conf.sample
file in configs/samples/ has quite a bit more information.  This is
also an ABI breaking change since some of the existing objects
needed to be changed or removed, and new ones added.  Additionally,
if res_stir_shaken is enabled in menuselect, you'll need to either
have the development package for libjwt v1.15.3 installed or use
the --with-libjwt-bundled option with ./configure.
2024-02-28 18:39:03 +00:00
Sebastian Jennen
ea8ead4e13 translate.c: implement new direct comp table mode
The new mode lists for each codec translation the actual real cost in cpu microseconds per second translated audio.
This allows to compare the real cpu usage of translations and helps in evaluation of codec implementation changes regarding performance (regression testing).

- add new table mode
- hide the 999999 comp values, as these only indicate an issue with transcoding
- hide the 0 values, as these also do not contain any information (only indicate a multistep transcoding)

Resolves: #601
2024-02-28 13:03:26 +00:00
Shyju Kanaprath
8d79e658d9 README.md: Removed outdated link
Removed outdated link http://www.quicknet.net from README.md

cherry-pick-to: 18
cherry-pick-to: 20
cherry-pick-to: 21
2024-02-24 18:29:00 +00:00
Sean Bright
a829125e37 strings.h: Ensure ast_str_buffer(…) returns a 0 terminated string.
If a dynamic string is created with an initial length of 0,
`ast_str_buffer(…)` will return an invalid pointer.

This was a secondary discovery when fixing #65.
2024-02-23 16:39:26 +00:00
George Joseph
650240aa92 .github: Add force_cherry_pick option to Releaser 2024-02-20 06:49:20 -07:00
romryz
162c920f90 res_rtp_asterisk.c: Correct coefficient in MOS calculation.
Media Experience Score relies on incorrect pseudo_mos variable
calculation. According to forming an opinion section of the
documentation, calculation relies on ITU-T G.107 standard:

    https://docs.asterisk.org/Deployment/Media-Experience-Score/#forming-an-opinion

ITU-T G.107 Annex B suggests to calculate MOS with a coefficient
"seven times ten to the power of negative six", 7 * 10^(-6). which
would mean 6 digits after the decimal point. Current implementation
has 7 digits after the decimal point, which downrates the calls.

Fixes: #597
2024-02-14 15:05:40 +00:00
Naveen Albert
526a6e0ce4 dsp.c: Fix and improve potentially inaccurate log message.
If ast_dsp_process is called with a codec besides slin, ulaw,
or alaw, a warning is logged that in-band DTMF is not supported,
but this message is not always appropriate or correct, because
ast_dsp_process is much more generic than just DTMF detection.

This logs a more generic message in those cases, and also improves
codec-mismatch logging throughout dsp.c by ensuring incompatible
codecs are printed out.

Resolves: #595
2024-02-14 13:19:13 +00:00
George Joseph
29a273618d pjsip show channelstats: Prevent possible segfault when faxing
Under rare circumstances, it's possible for the original audio
session in the active_media_state default_session to be corrupted
instead of removed when switching to the t38/image media session
during fax negotiation.  This can cause a segfault when a "pjsip
show channelstats" attempts to print that audio media session's
rtp statistics.  In these cases, the active_media_state
topology is correctly showing only a single t38/image stream
so we now check that there's an audio stream in the topology
before attempting to use the audio media session to get the rtp
statistics.

Resolves: #592
2024-02-14 13:17:40 +00:00
George Joseph
6871d1cdfc Reduce startup/shutdown verbose logging
When started with a verbose level of 3, asterisk can emit over 1500
verbose message that serve no real purpose other than to fill up
logs. When asterisk shuts down, it emits another 1100 that are of
even less use. Since the testsuite runs asterisk with a verbose
level of 3, and asterisk starts and stops for every one of the 700+
tests, the number of log messages is staggering.  Besides taking up
resources, it also makes it hard to debug failing tests.

This commit changes the log level for those verbose messages to 5
instead of 3 which reduces the number of log messages to only a
handful. Of course, NOTICE, WARNING and ERROR message are
unaffected.

There's also one other minor change...
ast_context_remove_extension_callerid2() logs a DEBUG message
instead of an ERROR if the extension you're deleting doesn't exist.
The pjsip_config_wizard calls that function to clean up the config
and has been triggering that annoying error message for years.

Resolves: #582
2024-02-12 18:46:32 +00:00
Naveen Albert
d715c76fcb configure: Rerun bootstrap on modern platform.
The last time configure was run, it was run on a system that
did not enable -std=gnu11 by default, which meant that the
restrict qualifier would not be recognized on certain platforms.
This regenerates the configure files from running bootstrap.sh,
so that these should be recognized on all supported platforms.

Resolves: #586
2024-02-12 18:42:16 +00:00
Ben Ford
6222e73cd8 Upgrade bundled pjproject to 2.14.
Fixes: #406

UserNote: Bundled pjproject has been upgraded to 2.14. For more
information on what all is included in this change, check out the
pjproject Github page: https://github.com/pjsip/pjproject/releases
2024-02-06 20:11:39 +00:00
cmaj
3f00a32d9d app_speech_utils.c: Allow partial speech results.
Adds 'p' option to SpeechBackground() application.
With this option, when the app timeout is reached,
whatever the backend speech engine collected will
be returned as if it were the final, full result.
(This works for engines that make partial results.)

Resolves: #572

UserNote: The SpeechBackground dialplan application now supports a 'p'
option that will return partial results from speech engines that
provide them when a timeout occurs.
2024-02-06 18:56:30 +00:00
Flole998
775352ee6c res_pjsip_outbound_registration.c: Add User-Agent header override
This introduces a setting for outbound registrations to override the
global User-Agent header setting.

Resolves: #515

UserNote: PJSIP outbound registrations now support a per-registration
User-Agent header
2024-02-06 18:56:29 +00:00
Joshua C. Colp
edf54951be utils: Make behavior of ast_strsep* match strsep.
Given the scenario of passing an empty string to the
ast_strsep functions the functions would return NULL
instead of an empty string. This is counter to how
strsep itself works.

This change alters the behavior of the functions to
match that of strsep.

Fixes: #565
2024-02-06 18:55:52 +00:00
Mike Bradeen
d7583f12b6 app_chanspy: Add 'D' option for dual-channel audio
Adds the 'D' option to app chanspy that causes the input and output
frames of the spied channel to be interleaved in the spy output frame.
This allows the input and output of the spied channel to be decoded
separately by the receiver.

If the 'o' option is also set, the 'D' option is ignored as the
audio being spied is inherently one direction.

Fixes: #569

UserNote: The ChanSpy application now accepts the 'D' option which
will interleave the spied audio within the outgoing frames. The
purpose of this is to allow the audio to be read as a Dual channel
stream with separate incoming and outgoing audio. Setting both the
'o' option and the 'D' option and results in the 'D' option being
ignored.
2024-02-06 17:21:26 +00:00
George Joseph
de806580f3 .github: Update github-script to v7 and fix a rest bug
Need to update the github-script to v7 to squash deprecation
warnings.

Also fixed the API name for github.rest.pulls.requestReviewers.
2024-02-05 08:31:47 -07:00
Naveen Albert
ea3b520bed app_if: Fix next priority calculation.
Commit fa3922a4d2 fixed
a branching issue but "overshoots" when calculating
the next priority. This fixes that; accompanying
test suite tests have also been extended.

Resolves: #560
2024-01-30 17:37:59 -07:00
Sean Bright
b916e9c66b res_pjsip_t38.c: Permit IPv6 SDP connection addresses.
The existing code prevented IPv6 addresses from being properly parsed.

Fixes #558
2024-01-30 19:06:40 +00:00
Brad Smith
bf57478a26 BuildSystem: Bump autotools versions on OpenBSD.
Bump up to the more commonly used and modern versions of
autoconf and automake.
2024-01-30 19:06:06 +00:00
Brad Smith
b0992fb771 main/utils: Simplify the FreeBSD ast_get_tid() handling
FreeBSD has had kernel threads for 20+ years.
2024-01-30 19:00:10 +00:00
Sean Bright
db945243e6 res_pjsip_session.c: Correctly format SDP connection addresses.
Resolves a regression identified by @justinludwig involving the
rendering of IPv6 addresses in outgoing SDP.

Also updates `media_address` on PJSIP endpoints so that if we are able
to parse the configured value as an IP we store it in a format that we
can directly use later. Based on my reading of the code it appeared
that one could configure `media_address` as:

```
[foo]
type = endpoint
...
media_address = [2001:db8::]
```

And that value would be blindly copied into the outgoing SDP without
regard to its format.

Fixes #541
2024-01-30 18:59:05 +00:00
Sean Bright
f2ac526172 rtp_engine.c: Correct sample rate typo for L16/44100.
Fixes #555
2024-01-30 18:58:08 +00:00
Naveen Albert
f1a9ec4703 manager.c: Fix erroneous reloads in UpdateConfig.
Currently, a reload will always occur if the
Reload header is provided for the UpdateConfig
action. However, we should not be doing a reload
if the header value has a falsy value, per the
documentation, so this makes the reload behavior
consistent with the existing documentation.

Resolves: #551
2024-01-30 18:57:21 +00:00
Naveen Albert
f4845f756f res_calendar_icalendar: Print iCalendar error on parsing failure.
If libical fails to parse a calendar, print the error message it provdes.

Resolves: #492
2024-01-23 18:18:56 +00:00
Sean Bright
53fac14e41 app_confbridge: Don't emit warnings on valid configurations.
The numeric bridge profile options `internal_sample_rate` and
`maximum_sample_rate` are documented to accept the special values
`auto` and `none`, respectively. While these values currently work,
they also emit warnings when used which could be confusing for users.

In passing, also ensure that we only accept the documented range of
sample rate values between 8000 and 192000.

Fixes #546
2024-01-23 16:36:18 +00:00
Mike Bradeen
0668e5494a app_voicemail_odbc: remove macrocontext from voicemail_messages table
When app_macro was deprecated, the macrocontext column was removed from
the INSERT statement but the binds were not renumbered. This broke the
insert.

This change removes the macrocontext column via alembic and re-numbers
the existing columns in the INSERT.

Fixes: #527

UserNote: The fix requires removing the macrocontext column from the
voicemail_messages table in the voicemail database via alembic upgrade.

UpgradeNote: The fix requires that the voicemail database be upgraded via
alembic. Upgrading to the latest voicemail database via alembic will
remove the macrocontext column from the voicemail_messages table.
2024-01-17 15:01:38 +00:00
Naveen Albert
a3be6a455f chan_dahdi: Allow MWI to be manually toggled on channels.
This adds a CLI command to manually toggle the MWI status
of a channel, useful for troubleshooting or resetting
MWI devices, similar to the capabilities offered with
SIP messaging to manually control MWI status.

UserNote: The 'dahdi set mwi' now allows MWI on channels
to be manually toggled if needed for troubleshooting.

Resolves: #440
2024-01-17 15:01:32 +00:00
Naveen Albert
ac71e40042 logger: Fix linking regression.
Commit 008731b0a4
caused a regression by resulting in logger.xml
being compiled and linked into the asterisk
binary in lieu of logger.c on certain platforms
if Asterisk was compiled in dev mode.

To fix this, we ensure the file has a unique
name without the extension. Most existing .xml
files have been named differently from any
.c files in the same directory or did not
pose this issue.

channels/pjsip/dialplan_functions.xml does not
pose this issue but is also being renamed
to adhere to this policy.

Resolves: #539
2024-01-17 15:01:07 +00:00
PeterHolik
5216a1133d chan_rtp.c: MulticastRTP missing refcount without codec option
Fixes: #529
2024-01-17 14:15:32 +00:00
PeterHolik
25fec97428 chan_rtp.c: Change MulticastRTP nameing to avoid memory leak
Fixes: asterisk#536
2024-01-17 14:13:02 +00:00
Naveen Albert
5cf75f9b2c func_frame_trace: Add CLI command to dump frame queue.
This adds a simple CLI command that can be used for
analyzing all frames currently queued to a channel.

A couple log messages are also adjusted to be more
useful in tracing bridging problems.

Resolves: #533
2024-01-17 14:11:30 +00:00
George Joseph
09052bfa51 Revert "core & res_pjsip: Improve topology change handling."
This reverts commit 315eb551db.

Over the past year, we've had several reports of "topology storms"
occurring where 2 external facing channels connected by one or more
local channels and bridges will get themselves in a state where
they continually send each other topology change requests.  This
usually manifests itself in no-audio calls and a flood of
"Exceptionally long queue length" messages.  It appears that this
commit is the cause so we're reverting it for now until we can
determine a more appropriate solution.

Resolves: #530
2024-01-12 15:42:53 +00:00
Naveen Albert
73997b39bd menuselect: Use more specific error message.
Instead of using the same error message for
missing dependencies and conflicts, be specific
about what actually went wrong.

Resolves: #520
2024-01-08 17:27:11 +00:00
Maximilian Fridrich
14bd1ceef6 res_pjsip_nat: Fix potential use of uninitialized transport details
The ast_sip_request_transport_details must be zero initialized,
otherwise this could lead to a SEGV.

Resolves: #509
2024-01-08 17:26:31 +00:00
Naveen Albert
58b16a538d app_if: Fix faulty EndIf branching.
This fixes faulty branching logic for the
EndIf application. Instead of computing
the next priority, which should be done
for false conditionals or ExitIf, we should
simply advance to the next priority.

Resolves: #341
2024-01-08 15:57:26 +00:00
Naveen Albert
fa3922a4d2 manager.c: Fix regression due to using wrong free function.
Commit 424be34563 introduced
a regression by calling ast_free on memory allocated by
realpath. This causes Asterisk to abort when executing this
function. Since the memory is allocated by glibc, it should
be freed using ast_std_free.

Resolves: #513
2024-01-02 12:07:05 +00:00
George Joseph
8c3ececb12 res_rtp_asterisk: Fix regression issues with DTLS client check
* Since ICE candidates are used for the check and pjproject is
  required to use ICE, res_rtp_asterisk was failing to compile
  when pjproject wasn't available.  The check is now wrapped
  with an #ifdef HAVE_PJPROJECT.

* The rtp->ice_active_remote_candidates container was being
  used to check the address on incoming packets but that
  container doesn't contain peer reflexive candidates discovered
  during negotiation. This was causing the check to fail
  where it shouldn't.  We now check against pjproject's
  real_ice->rcand array which will contain those candidates.

* Also fixed a bug in ast_sockaddr_from_pj_sockaddr() where
  we weren't zeroing out sin->sin_zero before returning.  This
  was causing ast_sockaddr_cmp() to always return false when
  one of the inputs was converted from a pj_sockaddr, even
  if both inputs had the same address and port.

Resolves: #500
Resolves: #503
Resolves: #505
2023-12-20 14:02:33 +00:00
Gitea
a1ca026825 res_pjsip_header_funcs: Duplicate new header value, don't copy.
When updating an existing header the 'update' code incorrectly
just copied the new value into the existing buffer. If the
new value exceeded the available buffer size memory outside
of the buffer would be written into, potentially causing
a crash.

This change makes it so that the 'update' now duplicates
the new header value instead of copying it into the existing
buffer.
2023-12-14 18:48:45 +00:00
Mike Bradeen
39760d109b res_pjsip: disable raw bad packet logging
Add patch to split the log level for invalid packets received on the
signaling port.  The warning regarding the packet will move to level 2
so that it can still be displayed, while the raw packet will be at level
4.
2023-12-14 18:48:22 +00:00
George Joseph
d7d7764cb0 res_rtp_asterisk.c: Check DTLS packets against ICE candidate list
When ICE is in use, we can prevent a possible DOS attack by allowing
DTLS protocol messages (client hello, etc) only from sources that
are in the active remote candidates list.

Resolves: GHSA-hxj9-xwr8-w8pq
2023-12-14 18:48:17 +00:00
Ben Ford
424be34563 manager.c: Prevent path traversal with GetConfig.
When using AMI GetConfig, it was possible to access files outside of the
Asterisk configuration directory by using filenames with ".." and "./"
even while live_dangerously was not enabled. This change resolves the
full path and ensures we are still in the configuration directory before
attempting to access the file.
2023-12-14 18:47:36 +00:00
Naveen Albert
183954bed3 config_options.c: Fix truncation of option descriptions.
This increases the format width of option descriptions
to avoid needless truncation for longer descriptions.

Resolves: #428
2023-12-12 14:40:22 +00:00
Naveen Albert
ce1f4b3018 manager.c: Improve clarity of "manager show connected".
Improve the "manager show connected" CLI command
to clarify that the last two columns are permissions
related, not counts, and use sufficient widths
to consistently display these values.

ASTERISK-30143 #close
Resolves: #482
2023-12-11 17:34:28 +00:00
Sean Bright
44a5b99cdd make_xml_documentation: Really collect LOCAL_MOD_SUBDIRS documentation.
Although `make_xml_documentation`'s `print_dependencies` command was
corrected by the previous fix (#461) for #142, the `create_xml` was
not properly handling `LOCAL_MOD_SUBDIRS` XML documentation.
2023-12-11 17:33:54 +00:00
Naveen Albert
d1fb397cfc general: Fix broken links.
This fixes a number of broken links throughout the
tree, mostly caused by wiki.asterisk.org being replaced
with docs.asterisk.org, which should eliminate the
need for sporadic fixes as in f28047db36.

Resolves: #430
2023-12-08 13:11:54 +00:00
George Joseph
63364bfbf4 MergeApproved.yml: Remove unneeded concurrency
The concurrency parameter on the MergeAndCherryPick job has
been rmeoved.  It was a hold-over from earlier days.
2023-12-06 14:27:01 -07:00
Maximilian Fridrich
3d7a7b1a47 app_dial: Add option "j" to preserve initial stream topology of caller
Resolves: #462

UserNote: The option "j" is now available for the Dial application which
uses the initial stream topology of the caller to create the outgoing
channels.
2023-12-06 21:25:18 +00:00
Sean Bright
1920639eab pbx_config.c: Don't crash when unloading module.
`pbx_config` subscribes to manager events to capture the `FullyBooted`
event but fails to unsubscribe if the module is loaded after that
event fires. If the module is unloaded, a crash occurs the next time a
manager event is raised.

We now unsubscribe when the module is unloaded if we haven't already
unsubscribed.

Fixes #470
2023-12-06 21:24:50 +00:00
George Joseph
1a0acabb8a ast_coredumper: Increase reliability
Instead of searching for the asterisk binary and the modules in the
filesystem, we now get their locations, along with libdir, from
the coredump itself...

For the binary, we can use `gdb -c <coredump> ... "info proc exe"`.
gdb can print this even without having the executable and symbols.

Once we have the binary, we can get the location of the modules with
`gdb ... "print ast_config_AST_MODULE_DIR`

If there was no result then either it's not an asterisk coredump
or there were no symbols loaded.  Either way, it's not usable.

For libdir, we now run "strings" on the note0 section of the
coredump (which has the shared library -> memory address xref) and
search for "libasteriskssl|libasteriskpj", then take the dirname.

Since we're now getting everything from the coredump, it has to be
correct as long as we're not crossing namespace boundaries like
running asterisk in a docker container but trying to run
ast_coredumper from the host using a shared file system (which you
shouldn't be doing).

There is still a case for using --asterisk-bin and/or --libdir: If
you've updated asterisk since the coredump was taken, the binary,
libraries and modules won't match the coredump which will render it
useless.  If you can restore or rebuild the original files that
match the coredump and place them in a temporary directory, you can
use --asterisk-bin, --libdir, and a new --moddir option to point to
them and they'll be correctly captured in a tarball created
with --tarball-coredumps.  If you also use --tarball-config, you can
use a new --etcdir option to point to what normally would be the
/etc/asterisk directory.

Also addressed many "shellcheck" findings.

Resolves: #445
2023-12-06 21:24:28 +00:00