When a message is received on the TURN socket, the code processing the
message needs to call into the ICE/STUN session for further processing.
This code path locks the TURN group lock then the ICE/STUN group lock. In
another thread an ICE/STUN timer can fire off to send a keep alive message
over the TURN socket. In this code path, the ICE/STUN group lock is
obtained then the TURN group lock is obtained to send the packet. A
classic deadlock case if the group locks are not the same.
* Made TURN get created using the ICE/STUN session's group lock.
NOTE: I was originally concerned that the ICE/STUN session can get
recreated by ice_reset_session() for an event like RTCP multiplexing
causing a change during SDP negotiation. In this case the TURN group lock
would become different. However, TURN is also recreated as part of the
ICE/STUN recreation in ice_create() when all known ICE candidates are
added to the new ICE session. While the ICE/STUN and TURN sessions are
being recreated there is a period where the group locks could be
different.
ASTERISK-27023 #close
Patches:
res_rtp_asterisk-turn-deadlock-fix.patch (license #6502)
patch uploaded by Michael Walton (modified)
Change-Id: Ic870edb99ce4988a8c8eb6e678ca7f19da1432b9
The video stream was using the audio stream RTP instance addresses to
check if the video RTP gets directed to an allowed direct media Access
Control List (ACL) address. There is no guarantee that the video RTP
instance uses the same addresses as the audio RTP instance.
This looks like it has been a bug since v11 when direct media ACL was
first added to chan_sip and then faithfully reproduced through a couple
code refactorings into the new bridging architecture.
Change-Id: I8ddd56320e0eea769f3ceed3fa5b6bdfb51d681a
This API was not actively maintained, was not added to new modules
(such as res_pjsip), and there exist better alternatives to acquire the
same information, such as the ARI.
Change-Id: I4b2185a83aeb74798b4ad43ff8f89f971096aa83
When sip.conf contained tcpenable=yes and autodomain=yes, the TCP domain was
added in any case, because of a local Boolean-negation error of the return value
of ast_sockaddr_cmp. After fixing this error for TCP and TLS, the TLS domain was
still always added with tlsenable=yes, because the domains were not compared
just on the address but also on the port – and TLS is always on a different port
than UDP/TCP.
ASTERISK-27106
Change-Id: I14fe9e319e238320b094016980445ef3a5b3337c
Because of a copy-and-paste error when the struct ast_sockaddr changed,
tlsbindaddr was not added, when sip.conf contained autodomain=yes; see
"show sip domains" on the command-line interface (CLI) of Asterisk.
ASTERISK-27106
Change-Id: I3d0957150017c223136968ef1266f275d0d6695e
The primary focus of this patch is adding a missing call to
ast_odbc_release_obj(), but is also a general cleanup of the ODBC
related code in app_voicemail.
ASTERISK-27093 #close
Change-Id: I8e285142eaeb3146b4287a928276b70db76c902b
Clear channel flag AST_FLAG_END_DTMF_ONLY in ast_waitfordigit_full when
ast_read returns NULL.
ASTERISK-27100 #close
Change-Id: Id3039e9a4e74e0cb359f636c9fd0c9740ebf7d9d
When a SIP message comes in on a transport, pjproject obtains the lock on
the transport and pulls the data out of the socket. Unlike UDP, the TCP
transport does not allow concurrent access. Without concurrency the
transport lock is not released when the transport's message complete
callback is called. The processing continues and eventually Asterisk
starts processing the SIP message. The first thing Asterisk tries to do
is determine the associated dialog of the message to determine the
associated serializer. To get the associated serializer safely requires
us to get the dialog lock.
To send a request or response message for a dialog, pjproject obtains the
dialog lock and then obtains the transport lock. Deadlock can result
because of the opposite order the locks are obtained.
* Fix the deadlock by obtaining the serializer associated with the dialog
another way that doesn't involve obtaining the dialog lock. In this case,
we use an ao2 container to hold the associated endpoint and serializer.
The new locks are held a brief time and won't overlap other existing lock
times.
ASTERISK-27090 #close
Change-Id: I9ed63f4da9649e9db6ed4be29c360968917a89bd
The OBJ_SEARCH_xxx defines should not be used as if they were individual
bits. They represent a multi-bit enumeration value field.
Change-Id: I32abc9a475396dab02402a7014357dd94284e17b
Fixed the following bugs:
* calls to stream_echo_write had the last two parameters swapped
* ast_read should have been ast_read_stream
* added a null check on the frame's subclass format
This also resets the update_sent flag upon receiving SRRCHANGE control frame.
This will then force a video update.
ASTERISK-26997
Change-Id: I6ad7c8253559b800800433c52339e7f5aa583566
There needed to be a way to notify handlers upstream that DTLS had been
established. This patch makes it so once DTLS has been estalished a source
change control frame is put into the read queue. Any handlers can then watch
for that frame and trigger off of it.
ASTERISK-27096 #close
Change-Id: I27ff344f5a8c691a1890dfe3254a4b1a49e7f4a0
There wasn't any good way to pass options like --host or --build
down to the pjproject configure which makes cross-compiling difficult.
* Added a new PJPROJECT_CONFIGURE_OPTS environment variable which
can be used to pass arbitrary options to pjproject configure.
* Automatically set the pjproject configure --host and --build
options to match those supplied for the asterisk configure.
ASTERISK-27097 #close
Reported-by: Kinsey Moore
Change-Id: I5fa776e110262851173002a26ffe1172e4c35b2e
When connected_line_method is "invite", we're supposed to determine
if the client can support UPDATE and if it can, send UPDATE instead
of INVITE to avoid the SDP renegotiation. Not only was pjproject
not setting the PJSIP_INV_SUPPORT_UPDATE flag, we were testing
that invite_tsx wasn't NULL which isn't always the case.
* Updated chan_pjsip/update_connected_line_information to drop the
requirement that invite_tsx isn't NULL.
* Submitted patch to pjproject sip_inv.c that sets the
PJSIP_INV_SUPPORT_UPDATE flag correctly.
* Updated pjsip.conf.sample to clarify what happens when "invite"
is specified.
ASTERISK-27095
Change-Id: Ic2381b3567b8052c616d96fbe79564c530e81560
The existing auto dtmf mode reverts to inband if 4733 fails to be
negotiated. This patch adds a new mode auto_info which will
switch to INFO instead of inband if 4733 is not available.
ASTERISK-27066 #close
Change-Id: Id185b11e84afd9191a2f269e8443019047765e91
The stream topology (list of streams and order) is now stored with the
configured PJSIP endpoints and used during the negotiation process.
Media negotiation state information has been changed to be stored
in a separate object. Two of these objects exist at any one time
on a session. The active media state information is what was previously
negotiated and the pending media state information is what the
media state will become if negotiation succeeds. Streams and other
state information is stored in this object using the index (or
position) of each individual stream for easy lookup.
The ability for a media type handler to specify a callback for
writing has been added as well as the ability to add file
descriptors with a callback which is invoked when data is available
to be read on them. This allows media logic to live outside of
the chan_pjsip module.
Direct media has been changed so that only the first audio and
video stream are directly connected. In the future once the RTP
engine glue API has been updated to know about streams each individual
stream can be directly connected as appropriate.
Media negotiation itself will currently answer all the provided streams
on an offer within configured limits and on an offer will use the
topology created as a result of the disallow/allow codec lines.
If a stream has been removed or declined we will now mark it as such
within the resulting SDP.
Applications can now also request that the stream topology change.
If we are told to do so we will limit any provided formats to the ones
configured on the endpoint and send a re-invite with the new topology.
Two new configuration options have also been added to PJSIP endpoints:
max_audio_streams: determines the maximum number of audio streams to
offer/accept from an endpoint. Defaults to 1.
max_video_streams: determines the maximum number of video streams to
offer/accept from an endpoint. Defaults to 1.
ASTERISK-27076
Change-Id: I8afd8dd2eb538806a39b887af0abd046266e14c7
When re-inviting to add more streams it is possible for
the role of existing ICE sessions to be changed to the
incorrect value. This results in subsequent refreshes
within the sessions getting a role conflict and the ICE
session breaking down. This change only sets the role to
be the new value if an ICE renegotiation is actually
going to happen, otherwise the existing role is preserved.
As well if we encounter a situation where a unidirectional
ICE negotiation happens and the other side does not send us
candidates we will not store any information for sending
traffic, even though we know where they are reachable. This
change fixes this by using the source of the ICE traffic
itself as the target if no candidates are known and we
receive some ICE traffic.
ASTERISK-27088
Change-Id: I71228181e358917fcefc3100fad21b2fc02a59a9
The T38 sdp callback incorrectly has a side effect of incrementing
the media_count. This can lead to core dumps.
Change-Id: I7bb2f4987de4046ec52cfc34e5ea0662dae32af8
There have been reports of deadlocks caused by an attempt to send a frame
to a channel's rtp instance after the channel has left the native bridge
and been destroyed. This patch effectively causes the bridge channel to
keep a reference to the glue and both the audio and video rtp instances
so what gets started will get stopped.
ASTERISK-26978 #close
Reported-by: Ross Beer
Change-Id: I9e1ac49fa4af68d64826ccccd152593cf8cdb21a
The fix for ASTERISK-25665 introduced a regression.
The return value of queue_exec used to be 0 in case of leavewhenempty
but it was changed to -1 (returned from wait_our_turn and passed
transparently by queue_exec), thus leading to hangup instead of returning
back to dialplan.
This commit resets the value back to 0 in this case, restoring
original behavior.
ASTERISK-27065 #close
Reported by: Marek Cervenka
Change-Id: Id9c83b75aeda463250155e88c5004be52bbca5ac
A new global option "imap_poll_logout" was added to specify whether need to
disconnect from the IMAP server after polling of mailboxes.
ASTERISK-27068 #close
Closing IMAP connection after loading mailbox from voicemail.conf
ASTERISK-24052 #close
Change-Id: Ib7558ba04516240a32b65f42e9be64372a0ae12a
Do not need to unsubscribe/subscribe on creating the ednpoint's contact.
The modified function create_mwi_subscriptions_for_endpoint adds
the subscription only if it does not exist.
The subscriptions aren't added for active contacts
which are retrieved on startup from realtime
if mwi_disable_initial_unsolicited=yes.
Because the mwi_contact_added is not called.
So the subscriptions also should be created on updating contact.
ASTERISK-26230 #close
Change-Id: I47e265af9296ca09aa42a316fdacac104148cee4
In an earlier version of Asterisk a local channel [un]lock all functions were
added in order to keep a crash from occurring when a channel hung up too early
during an attended transfer. Unfortunately, when a transfer failure occurs and
depending on the timing, the local channels sometime do not get properly
unlocked and deref'ed after being locked and ref'ed. This happens because the
underlying local channel structure gets NULLed out before unlocking.
This patch reworks those [un]lock functions and makes sure the values that get
locked and ref'ed later get unlocked and deref'ed.
ASTERISK-27074 #close
Change-Id: Ice96653e29bd9d6674ed5f95feb6b448ab148b09
If an attended transfer failed it was possible for some of the channels
involved to get "stuck" because Asterisk was not hanging up the transfer target.
This patch ensures Asterisk hangs up the transfer target when an attended
transfer failure occurs.
ASTERISK-27075 #close
Change-Id: I98a6ecd92d3461ab98c36f0d9451d23adaf3e5f9
* Update SDP unit tests to test negotiating with declined streams.
Generation of declined m= lines created and responded tested.
Change-Id: I5cb99f5010994ab0c7d9cf2d395eca23fab37b98
The SDP offer/answer model requires an answer to an offer before a new SDP
can be processed. This allows our local SDP creation to be deferred until
we know that we need to create an offer or an answer SDP. Once the local
SDP is created it won't change until the SDP negotiation is restarted.
An offer SDP in an initial SIP INVITE can receive more than one answer
SDP. In this case, we need to merge each answer SDP with our original
offer capabilities to get the currently negotiated capabilities. To
satisfy this requirement means that we cannot update our proposed
capabilities until the negotiations are restarted.
Local topology updates from ast_sdp_state_update_local_topology() are
merged together until the next offer SDP is created. These accumulated
updates are then merged with the current negotiated capabilities to create
the new proposed capabilities that the offer SDP is built.
Local topology updates are merged in several passes to attempt to be smart
about how streams from the system are matched with the previously
negotiated stream slots. To allow for T.38 support when merging, type
matching considers audio and image types to be equivalent. First streams
are matched by stream name and type. Then streams are matched by stream
type only. Any remaining unmatched existing streams are declined. Any
new active streams are either backfilled into pre-merge declined slots or
appended onto the end of the merged topology. Any excess new streams
above the maximum supported number of streams are simply discarded.
Remote topology negotiation merges depend if the topology is an offer or
answer. An offer remote topology negotiation dictates the stream slot
ordering and new streams can be added. A remote offer can do anything to
the previously negotiated streams except reduce the number of stream
slots. An answer remote topology negotiation is limited to what our offer
requested. The answer can only decline streams, pick codecs from the
offered list, or indicate the remote's stream hold state.
I had originally kept the RTP instance if the remote offer SDP changed a
stream type between audio and video since they both use RTP. However, I
later removed this support in favor of simply creating a new RTP instance
since the stream's purpose has to be changing anyway. Any RTP packets
from the old stream type might cause mischief for the bridged peer.
* Added ast_sdp_state_restart_negotiations() to restart the SDP
offer/answer negotiations. We will thus know to create a new local SDP
when it is time to create an offer or answer.
* Removed ast_sdp_state_reset(). Save the current topology before
starting T.38. To recover from T.38 simply update the local topology to
the saved topology and restart the SDP negotiations to get the offer SDP
renegotiating the previous configuration.
* Allow initial topology for ast_sdp_state_alloc() to be NULL so an
initial remote offer SDP can dictate the streams we start with. We can
always update the local topology later if it turns out we need to offer
SDP first because the remote chose to defer sending us a SDP.
* Made the ast_sdp_state_alloc() initial topology limit to max_streams,
limit to configured codecs, handle declined streams, and discard
unsupported types.
* Convert struct ast_sdp to ao2 object. Needed to easily save off a
remote SDP to refer to later for various reasons such as generating
declined m= lines in the local SDP.
* Improve converting remote SDP streams to a topology including stream
state. A stream state of AST_STREAM_STATE_REMOVED indicates the stream is
declined/dead.
* Improve merging streams to take into account the stream state.
* Added query for remote hold state.
* Added maximum streams allowed SDP config option.
* Added ability to create new streams as needed. New streams are created
with configured default audio, video, or image codecs depending on stream
type.
* Added global locally_held state along with a per stream local hold
state. Historically, Asterisk only has a global locally held state
because when the we put the remote on hold we do it for all active
streams.
* Added queries for a rejected offer and current SDP negotiation role.
The rejected query allows the using module to know how to respond to a
failed remote SDP set. Should the using module respond with a 488 Not
Acceptable Here or 500 Internal Error to the offer SDP?
* Moved sdp_state_capabilities.connection_address to ast_sdp_state. There
seems no reason to keep it in the sdp_state_capabilities struct since it
was only used by the ast_sdp_state.proposed_capabilities instance.
* Callbacks are now available to allow the using module some customization
of negotiated streams and to complete setting up streams for use. See the
typedef doxygen for each callback for what is allowable and when they are
called.
* Added topology answerer modify callback.
* Added topology pre and post apply callbacks.
* Added topology offerer modify callback.
* Added topology offerer configure callback.
* Had to rework the unit tests because I changed how SDP topologies are
merged. Replaced several unit tests with new negotiation tests.
Change-Id: If07fe6d79fbdce33968a9401d41d908385043a06
