Added the stun_blacklist option to rtp.conf. Some multihomed servers have
IP interfaces that cannot reach the STUN server specified by stunaddr.
Blacklist those interface subnets from trying to send a STUN packet to
find the external IP address. Attempting to send the STUN packet
needlessly delays processing incoming and outgoing SIP INVITEs because we
will wait for a response that can never come until we give up on the
response. Multiple subnets may be listed.
ASTERISK-26890 #close
Change-Id: I3ff4f729e787f00c3e6e670fe6435acce38be342
We are currently passing in the capacity of the read buffer instead of the
number of bytes that we actually read off the wire.
Change-Id: I60465049727d955c7f9a5e529e6f2aaff04cda36
This change removes an assumption that when DTLS is stopped
an RTCP session will be present on the RTP session. This is not
always the case.
ASTERISK-26732
Change-Id: Ib9f7c09ce0b005efe362dbcc8795202b18f94611
This commit adds support for RFC 5761: Multiplexing RTP Data and Control
Packets on a Single Port. Specifically, it enables the feature when
using chan_pjsip.
A new option, "rtcp_mux" has been added to endpoint configuration in
pjsip.conf. If set, then Asterisk will attempt to use rtcp-mux with
whatever it communicates with. Asterisk follows the rules set forth in
RFC 5761 with regards to falling back to standard RTCP behavior if the
far end does not indicate support for rtcp-mux.
The lion's share of the changes in this commit are in
res_rtp_asterisk.c. This is because it was pretty much hard wired to
have an RTP and an RTCP transport. The strategy used here is that when
rtcp-mux is enabled, the current RTCP transport and its trappings (such
as DTLS SSL session) are freed, and the RTCP session instead just
mooches off the RTP session. This leads to a lot of specialized if
statements throughout.
ASTERISK-26732 #close
Reported by Dan Jenkins
Change-Id: If46a93ba1282418d2803e3fd7869374da8b77ab5
* Removed all 2.5.5 functional patches.
* Updated usages of pj_release_pool to be "safe".
* Updated configure options to disable webrtc.
* Updated config_site.h to disable webrtc in pjmedia.
* Added Richard Mudgett's recent resolver patches.
Change-Id: Ib400cc4dfca68b3d07ce14d314e829bfddc252c7
pjsip limits the total number of ICE candidates to PJ_ICE_MAX_CAND,
which is a compile-time constant. Instead of hard-coding 16 when we
enumerate local interfaces, use PJ_ICE_MAX_CAND so that we can
potentially collect more interfaces if the compile time options are
changed.
Tangentially related to ASTERISK~24464
Change-Id: I1b85509e39e33b1fed63c86261fc229ba14bbabd
Before Asterisk 13, signed linear was converted into network byte order by a
smoother before being sent over the network. We restore this behavior by
forcing the creation of a smoother when slinear is in use and setting the
appropriate flags so that the byte order conversion is always done.
ASTERISK-24858 #close
Reported-by: Frankie Chin
Change-Id: I868449617d1a7819578f218c8c6b2111ad84f5a9
* channel.c:ast_sendtext(): Fix T.140 SendText memory leak.
* format_compatibility.c: T.140 RED and T.140 were swapped.
* res_rtp_asterisk.c:rtp_red_init(): Fix ast_format_t140_red ref leak.
* res_rtp_asterisk.c:rtp_red_init(): Fix data race after starting periodic
scheduled red_write().
* res_rtp_asterisk.c: Some other minor misc tweaks.
Change-Id: Ifa27a2e0f8a966b1cf628607c86fc4374b0b88cb
The mechanism used for detecting the maximum log level compiled into the
linked pjproject did not work. The API call simply stores the requested
level into an integer and does no range checking. Asterisk was assuming
that there was range checking and limited the new value to the allowable
range. To get the actual maximum log level compiled into the linked
pjproject we need to get and save off the initial set log level from
pjproject. This is the maximum log level supported.
* Get and save off the initial log level setting before altering it to the
desired level on startup. This has to be done by a macro rather than
calling a core function to avoid incorrectly linking pjproject.
* Split the initial log level warning messages to warn if the linked
pjproject cannot support the requested startup level and if it is too low
to get the pjproject buildopts for "pjproject show buildopts".
* Adjust the CLI "pjproject set log level" to check the saved max log
level and to generate normal output messages instead of a warning message.
ASTERISK-26743 #close
Change-Id: I40aa76653e2a1dece66c3f8734594b4f0471cfb4
ast_rtp_remote_address_set() could pass an uninitialized 'us' parameter to
ast_ouraddrfor(). If ast_ouraddrfor() returns an error then the 'us'
parameter may not get initialized. Thus when the code tries to save the
'us' parameter to the local address we could try to copy a ridiculous
sized memory buffer and segfault.
* Made pass an initialized 'us' parameter to ast_ouraddrfor().
* Optimized out the 'us' struct variable.
ASTERISK-26672 #close
Change-Id: I4acea5dcdf0813da2c7d3e11c2d6067d160d17dc
We access uninitialized memory when the 'ourip' parameter does not
have an initial guess to our IP address.
ASTERISK-26672
Change-Id: I35507ea1ad7455d2be188f6ccdd4add7bd150e15
Use of the new logging is as simple as issuing the new CLI command or
setting the new pjproject.conf option.
Other options that can affect the logging are how you have the pjproject
log levels mapped to Asterisk log types in pjproject.conf and if you have
configured Asterisk to log the DEBUG type messages. Altering the
pjproject.conf level mapping shouldn't be necessary for most installations
as the default mapping is sensible. Configuring Asterisk to log the DEBUG
message type is standard practice for collecting debug information.
* Added CLI "pjproject set log level" command to dynamically adjust the
maximum pjproject log message level.
* Added CLI "pjproject show log level" command to see the currently set
maximum pjproject log message level.
* Added pjproject.conf startup section "log_level" option to set the
initial maximum pjproject log message level so all messages could be
captured from initialization.
* Set PJ_LOG_MAX_LEVEL to 6 to compile in all defined logging levels into
bundled pjproject. Pjproject will use the currently set run time log
level to determine if a log message is generated just like Asterisk
verbose and debug logging levels.
* In log_forwarder(), made always log enabled and mapped pjproject log
messages. DEBUG mapped log messages are no longer gated by the current
Asterisk debug logging level.
* Removed RAII_VAR() from res_pjproject.c:get_log_level().
ASTERISK-26630 #close
Change-Id: I6dca12979f482ffb0450aaf58db0fe0f6d2e5389
When retrieving RTCP stats for PJSIP channels, RTT values are unreliable.
RTT calculation is correct, but the data representation isn't. RTT is
represented by a 32-bit fixed-point number with the integer part in the
first 16 bits and the fractional part in the last 16 bits. In order to
get the RTT value, the fractional part is miscalculated, there is an
unnecessary 16 bit shift that causes overflow. Besides this there is
another mistake, when transforming the integer value to the fixed point
fractional part via bitwise operation, that loses precision.
* RTT fractional part is no longer shifted, avoiding overflow.
* RTT fractional part is transformed to its fixed-point value more
precisely.
* Fixed timeval2ntp() and ntp2timeval() second fraction conversions.
* Fixed NTP timestamp report logging. The usec was inexplicably
multiplied by 4096.
ASTERISK-26566 #close
Reported by Hector Royo Concepcion
Change-Id: Ie09bdabfee75afb3f1b8ddfd963e5219ada3b96f
OpenBSD's 'find' doesn't take the -delete argument so you have to pipe
through 'xargs rm -rf'.
'echo -e' doesn't like \t starting a line. It just prints 't' which
causes the libasteriskpj.exports file to be garbage. They were just
cosmetic so they were removed.
librt doesn't exist so the link of libasteriskpj.so fails. It's not
actually needed for linux anyway so -lrt was removed from the link.
res_rtp_asterisk was failing to load because of an undefined
DTLS_method. '|| defined(LIBRESSL_VERSION_NUMBER)' was added to the #if
so DTLSv1_method is used instead.
ASTERISK-26608
Change-Id: I926ec95b0b69633231e3ad1d6e803b977272c49c
This change adds support for dual stack automatically. No
configuration is required and the IP address and version
in the SIP messages and SDP will be automatically changed
based on the transport over which the message is being
sent. RTP usage has also been changed to listen on both
IPv4 and IPv6 simultaneously to allow media to flow, and
to allow ICE support on both simultaneously. This also
allows failover between IPv6 and IPv4 to work as expected.
ASTERISK-26309 #close
Change-Id: I235a421d8f9a326606d861b449fa6fe3a030572d
Introduces ice_blacklist configuration in rtp.conf. Subnets listed in the
form ice_blacklist = <subnet spec>, e.g. ice_blacklist =
192.168.1.0/255.255.255.0, are excluded from ICE host, srflx and relay
discovery. This is useful for optimizing the ICE process where a system
has multiple host address ranges and/or physical interfaces and certain
of them are not expected to be used for RTP. Multiple ice_blacklist
configuration lines may be used. If left unconfigured, all discovered
host addresses are used, as per previous behavior.
Documention in rtp.conf.sample.
ASTERISK-26418 #close
Change-Id: Ibee88f80d7693874fda1cceaef94a03bd86012c9
If a bridge switched to P2P when a DTMF was in progress it
was possible for the DTMF to continue being sent indefinitely.
Change-Id: I7e2a3efe0d59d4b214ed50cd0b5d0317e2d92e29
Currently when receiving video over RTP we store only
a calculated samples on the frame. When starting the video
it can take some time for this calculation to actually yield
a value as it requires constant changing timestamps. As well
if a video frame passes over multiple RTP packets this calculation
will fail as the timestamp is the same as the previous RTP
packet and the number of samples calculated will be 0.
This change preserves the timestamp on the frame and allows
it to pass through the core. When sending the video this timestamp
is used instead of a new one being calculated.
ASTERISK-26367 #close
Change-Id: Iba8179fb5c14c9443aee4baf670d2185da3ecfbd
When an RTCP packet is sent or received, res_rtp_asterisk generates a
Stasis event that contains the RTCP report as well as the local and
remote addresses that the report pertains to.
The addresses are determined using ast_find_ourip(). For the local
address, this will typically result in a lookup of the hostname of the
server, and then a DNS lookup of that hostname. If you do not have the
host in /etc/hosts, then this results in a full DNS lookup, which can
potentially block for some time.
This is especially problematic when performing RTCP reads, since those
are done on the same thread responsible for reading and writing media.
This patch addresses the issue by performing a lookup of the local
address when RTCP is allocated. We then use this cached local address
for the Stasis events when necessary.
ASTERISK-26280 #close
Reported by Mark Michelson
Change-Id: I3dd61882c2e57036f09f0c390cf38f7c87e9b556
With this change, the initial RTP sequence number is randomly chosen not between
0 and 65535 (0xffff) but 0 and 32767 (0x7fff). This assures, the roll-over
counter (ROC) synchronization is not lost for sRTP, when the very first RTP
packets get lost; see http://srtp.sourceforge.net/faq.html#Q6
ASTERISK-26207 #close
Change-Id: I9a527e3aa3ce8f3becc5131d7ba32b57b5845464
Since July 2014, TLS based protocols (SIP over TLS, Secure WebSockets, HTTPS)
support PFS thanks to ASTERISK-23905. In July 2015, the same feature was added
for DTLS. The source code from main/tcptls.c should have been re-used to ease
security audits. Therefore, this change rolls back the change from July 2015 and
re-uses the code from July 2014. This has the additional benefits to work under
CentOS 7 and enabling not just ECDHE but DHE based cipher suites as well.
ASTERISK-25659 #close
Reported by: StefanEng86, urbaniak, pay123
Tested by: sarumjanuch, traud
patches:
res_rtp_asterisk.patch submitted by sarumjanuch
dtls_centos_step_1.patch submitted by traud
dtls_centos_step_2.patch submitted by traud
Change-Id: I537cadf4421f092a613146b230f2c0ee1be28d5c
gcc 6 caught a previously unidentified self-comparison in
ice_candidate_cmp. Fixed it and re-ordered the predicates for better
short-circuiting.
ASTERISK-26140 #close
Change-Id: I3da713c568e24064430257b3502fbdafd35af7a7
Do not use DTLSv1_method() but DTLS_method() when available in OpenSSL of the
underlying platform. This change enables DTLS 1.2 since OpenSSL 1.0.2, for
WebRTC (DTLS-SRTP via SIP-over-WebSockets). This change enables AEAD-based
cipher-suites.
ASTERISK-26130 #close
Change-Id: I41f24448d6d2953e8bdb97c9f4a6bc8a8f055fd0
Commit 1bce690ccb was incrementing txcount
for rtcp packets as well as rtp packets and that was causing sender reports
to be generated instead of receiver reports in cases where no rtp was actually
being sent.
Moved the txcount increment from __rtp_sento, which handles both rtp and rtcp,
to rtp_sento which only handles rtp packets.
Discovered by the hep/rtcp-receiver test.
Change-Id: Ie442e4bb947a68847a676497021ba10ffaf376d5
Asterisk uses separate UDP ports for RTP and RTCP traffic and RFC 5764
explicitly states:
There MUST be a separate DTLS-SRTP session for each distinct pair of
source and destination ports used by a media session
This means RTP keying material cannot be used for DTLS RTCP, which was
the reason why RTCP encryption would fail.
ASTERISK-25642
Change-Id: I7e8779d8b63e371088081bb113131361b2847e3a
rxcount, txcount, rxoctetcount and txoctetcount weren't being calculated
for bridged streams because the calulations were being done after the
bridged short-circuit. Actually, rxoctetcount wasn't ever being calculated.
Moved the calculations so they occur for all valid received packets and
all transmitted packets. Also added rxoctetcount and txoctetcount to
ast_rtp_instance_stat.
Change-Id: I08fb06011a82d38c3b4068867a615068fbe59cbb
During ICE negotiation the IPs of the local interfaces are sent to the remote
peer as host candidates. In many cases Asterisk is behind a static one-to-one
NAT, so these host addresses will be internal IP addresses.
To help in hiding the topology of the internal network, this patch adds the
ability to override the host candidates by matching them against a
user-defined list of replacements.
Change-Id: I1c9541af97b83a4c690c8150d19bf7202c8bff1f
Due to locking issues within pjnath these changes are being
reverted until pjnath can be changed.
ASTERISK-25645
Revert "res_rtp_asterisk.c: Fix DTLS negotiation delays."
This reverts commit 24ae124e4f.
Change-Id: I2986cfb2c43dc14455c1bcaf92c3804f9da49705
Revert "res_rtp_asterisk: Resolve further timing issues with DTLS negotiation"
This reverts commit 965a0eee46.
Change-Id: Ie68fafde27dad4b03cb7a1e27ce2a8502c3f7bbe
Resolves an edge case dtls negotiation delay for certain networks which
somehow manage to drop the rtcp side's packet when these are both sent
ast_rtp_remote_address_set, causing it to have to time-out and restart
the handshake.
Move dtls pending bio flush in to it's own function, and call it from
ast_rtp_on_ice_complete, when we're rtp->ice, rather than when
ast_rtp_remote_address_set.
Keep the existing flush from the recent change to res_rtp_remote_address_set
if ice is not being used.
ASTERISK-25614 #close
Reported-by: XenCALL
Tested by: XenCALL
Change-Id: Ie2caedbdee1783159f375589b6fd3845c8577ba5
- Trigger pending DTLS packets to send out, once the RTP instance's remote
address is set.
- Avoids locking the DTLS structure unnecessarily by only doing this if
DTLS is passive.
- Add DTLS locks around the structurally sensitive calls in the SSL
portion of __rtp_recvfrom, since dtls_srtp_check_pending does not lock
inside of itself, and we're dealing with the SSL BIO in at least two
threads.
WebRTC channels may receive a DTLS handshake before
ast_rtp_remote_address_set is called, which causes there to be a pending
response to send out. Previous to 1ad827, this was handled by calling
dtls_srtp_check_pending on receipt of any RTP packet - a STUN or RTP
packet could trigger the pending handshake response. Since that was
rightfully removed, whenever the DTLS handshake is received before the
remote address is set, we would have to wait until another SSL packet
arrives.
As of Chrome M47's optimizations to their handshake process, WebRTC
conversations between Chrome M47+ and Asterisk, where Asterisk is passive,
experience a 1 second delay without this patch, because the SSL handshake
is received before ICE negotation stores the remote_address, and the next
SSL packet isn't received until after a 1 second timeout in Chrome, which
causes a new handshake request.
ASTERISK-25614 #close
Change-Id: I547f1be7e302dbf71f6553dd8cbc0657b1d0b908
When ASTERISK-25449 was closed, a number of scheduler issues mentioned in
the comments were missed. These have since beed raised in ASTERISK-25476
and elsewhere.
This patch attempts to collect all of the scheduler issues discovered so
far and address them sensibly.
ASTERISK-25476 #close
Change-Id: I87a77d581e2e0d91d33b4b2fbff80f64a566d05b
In ast_rtp_read, the value of the variable 'mark' which we try to assign to a
frame->subclass.frame_ending may be 0, 1 or (1<<23), but we should translate
it to 0 or 1.
ASTERISK-25451 #close
Change-Id: I53bdf5c026041730184a6a809009c028549ce626
When we decide we will no longer schedule an RTCP write, we remove the
reference to the RTP instance, then assign -1 to the stored scheduler ID
in case something else comes along and wants to see if anything is scheduled.
That scheduler ID is on the RTP instance. After 60a9172d7e was merged to
fix the regression introduced by 3cf0f29310, this improper assignment on a
potentially destroyed object started getting tripped on the build agents.
Frankly, this should have been crashing a lot more often earlier. I can only
assume that the timing was changed just enough by both changes to start
actually hitting this problem.
As it is, simply moving the assignment prior to the ao2 deference is sufficient
to keep the RTP instance from being referenced when it is very, truly,
aboslutely dead.
(Note that it is still good practice to assign -1 to the scheduler ID when we
know we won't be scheduling it again, as the ao2 deref *may* not always destroy
the ao2 object.)
ASTERISK-25449
Change-Id: Ie6d3cb4adc7b1a6c078b1c38c19fc84cf787cda7
When 5c713fdf18 was merged, it allowed for scheduled items to have an ID of
'0' returned. While this was valid per the documentation for the API, it was
apparently never returned previously. As a result, several users of the
scheduler API viewed the result as being invalid, causing them to reschedule
already scheduled items or otherwise fail in interesting ways.
This patch corrects the users such that they view '0' as valid, and a returned
ID of -1 as being invalid.
Note that the failing HEP RTCP tests now pass with this patch. These tests
failed due to a duplicate scheduling of the RTCP transmissions.
ASTERISK-25449 #close
Change-Id: I019a9aa8b6997584f66876331675981ac9e07e39
In practice the set_role API callback can be invoked even
when no ICE is present on an RTP instance. This can occur
if ICE has not been enabled on it.
ASTERISK-25438 #close
Change-Id: I0e17e4316f0f0d7f095c78c3d4fd73a913b6ba69
In working through a recent ICE negotiation bug, I found the debug
logging in res_rtp_asterisk to be lacking. This patch adds a number of
debug and warning statements that were helpful.
Change-Id: I950c6d8f13a41f14b3d6334b4cafe7d4e997be80
We were passing the wrong count into pj_ice_sess_create_check_list(),
causing the create to fail if we ever received more than PJ_ICE_MAX_CAND
candidates.
Change-Id: I0303d8e1ecb20a8de9fe629a3209d216c4028378
A change recently went in which enabled perfect forward secrecy for
DTLS in res_rtp_asterisk. This was accomplished two different ways
depending on the availability of a feature in OpenSSL. The fallback
method created a temporary instance of a key but did not free it.
This change fixes that.
ASTERISK-25265
Change-Id: Iadc031b67a91410bbefb17ffb4218d615d051396
This will add ECDH support to Asterisk. It will
detect auto ECDH support in OpenSSL
(1.0.2b and above) during ./configure. If this is
available, it will use it,
otherwise it will fall back to prime256v1 (this
behavior is consistent with
other projects such as Apache and nginx).
This fixes WebRTC being broken in Firefox 38+ due
to Firefox now only supporting
ciphers with perfect forward secrecy.
ASTERISK-25265 #close
Change-Id: I8c13b33a2a79c0bde2e69e4ba6afa5ab9351465b
This adds an "rtp_keepalive" option for PJSIP endpoints. Similar to the
chan_sip option, this specifies an interval, in seconds, at which we
will send RTP comfort noise frames. This can be useful for keeping RTP
sessions alive as well as keeping NAT associations alive during lulls.
ASTERISK-25242 #close
Reported by Mark Michelson
Change-Id: I06660ba672c0a343814af4cec838e6025cafd54b
This change fixes a bug where the DTLS timeout timer would be
initialized to 0 if DTLS was not used for an RTP session.
ASTERISK-25103
Change-Id: If8d26bb054f1d300838850da5b8db9044c2fe2ac
