Changes made to apps/Makefile to optionally build all three app_voicemail
variations at the same time: 1) file (default), 2) odbc, and 3) imap.
This functionality was requested by users. modules.conf.sample warns the
user to make sure only one voicemail is loaded at a time.
Change-Id: Iba3cd8ffb4b7e8b1c64a11dd383e1eafcd3ed0e7
This change adds support for larger TLS certificates by allowing
OpenSSL to fragment the DTLS packets according to the configured
MTU. By default this is set to 1200.
This is accomplished by implementing our own BIO method that
supports MTU querying. The configured MTU is returned to OpenSSL
which fragments the packet accordingly. When a packet is to be
sent it is done directly out the RTP instance.
ASTERISK-28018
Change-Id: If2d5032019a28ffd48f43e9e93ed71dbdbf39c06
This patch adds basic Asterisk channel statistics to the res_prometheus
module. This includes:
* asterisk_calls_sum: A running sum of the total number of
processed calls
* asterisk_calls_count: The current number of calls
* asterisk_channels_count: The current number of channels
* asterisk_channels_state: The state of any particular channel
* asterisk_channels_duration_seconds: How long a channel has existed,
in seconds
In all cases, enough information is provided with each channel metric
to determine a unique instance of Asterisk that provided the data, as
well as the name, type, unique ID, and - if present - linked ID of each
channel.
ASTERISK-28403
Change-Id: I0db306ec94205d4f58d1e7fbabfe04b185869f59
Prometheus is the defacto monitoring tool for containerized applications.
This patch adds native support to Asterisk for serving up Prometheus
compatible metrics, such that a Prometheus server can scrape an Asterisk
instance in the same fashion as it does other HTTP services.
The core module in this patch provides an API that future work can build
on top of. The API manages metrics in one of two ways:
(1) Registered metrics. In this particular case, the API assumes that
the metric (either allocated on the stack or on the heap) will have
its value updated by the module registering it at will, and not
just when Prometheus scrapes Asterisk. When a scrape does occur,
the metrics are locked so that the current value can be retrieved.
(2) Scrape callbacks. In this case, the API allows consumers to be
called via a callback function when a Prometheus initiated scrape
occurs. The consumers of the API are responsible for populating
the response to Prometheus themselves, typically using stack
allocated metrics that are then formatted properly into strings
via this module's convenience functions.
These two mechanisms balance the different ways in which information is
generated within Asterisk: some information is generated in a fashion
that makes it appropriate to update the relevant metrics immediately;
some information is better to defer until a Prometheus server asks for
it.
Note that some care has been taken in how metrics are defined to
minimize the impact on performance. Prometheus's metric definition
and its support for nesting metrics based on labels - which are
effectively key/value pairs - can make storage and managing of metrics
somewhat tricky. While a naive approach, where we allow for any number
of labels and perform a lot of heap allocations to manage the information,
would absolutely have worked, this patch instead opts to try to place
as much information in length limited arrays, stack allocations, and
vectors to minimize the performance impacts of scrapes. The author of
this patch has worked on enough systems that were driven to their knees
by poor monitoring implementations to be a bit cautious.
Additionally, this patch only adds support for gauges and counters.
Additional work to add summaries, histograms, and other Prometheus
metric types may add value in the future. This would be of particular
interest if someone wanted to track SIP response types.
Finally, this patch includes unit tests for the core APIs.
ASTERISK-28403
Change-Id: I891433a272c92fd11c705a2c36d65479a415ec42
You can now add the "include_local_address" flag to an entry in
rtp.conf "[ice_host_candidates]" to include both the advertized
address and the local address in ICE negotiation:
[ice_host_candidates]
192.168.1.1 = 1.2.3.4,include_local_address
This causes both 192.168.1.1 and 1.2.3.4 to be advertized.
Change-Id: Ide492cd45ce84546175ca7d557de80d9770513db
When producing a combined REMB value the normal behavior
is to have a REMB value which is unique for each sender
based on all of their receivers. This can result in one
sender having low bitrate while all the rest are high.
This change adds "all" variants which produces a bridge
level REMB value instead. All REMB reports are combined
together into a single REMB value that is the same for
each sender.
ASTERISK-28401
Change-Id: I883e6cc26003b497c8180b346111c79a131ba88c
There a long history here:
In commit dd1e62c095 has introduce by default shared_lastcall = true by
default but this now only happen is there not [general] directive in
queues.conf
After that, the commit 4b50e3f1ee fix the
sample file.
We'll need to keep the same setting if there a general or not section in
configuration file since the shared_lastcall is by a long time in
sample files as default value to 'no'.
Change-Id: Id44faec370136df8d57902b453ad4059ed21b94c
Added a new PJSIP global setting called norefersub.
Default is true to keep support working as before.
res_pjsip_refer: Configures PJSIP norefersub capability accordingly.
Checks the PJSIP global setting value.
If it is true (default) it adds the norefersub capability to PJSIP.
If it is false (disabled) it does not add the norefersub capability
to PJSIP.
This is useful for Cisco switches that do not follow RFC4488.
ASTERISK-28375 #close
Reported-by: Dan Cropp
Change-Id: I0b1c28ebc905d881f4a16e752715487a688b30e9
chan_sip will always ignore 183 responses that do not contain SDP
however, chan_pjsip will currently always translate it into a
183 with SDP. This new flag allows chan_pjsip to have the same
behavior as chan_sip.
ASTERISK-28322 #close
Change-Id: If81cfaa17c11b6ac703e3d71696f259d86c6be4a
The res_pjsip_websocket module requires the res_http_websocket
module so ensure it is loaded. As well the res_pjsip_notify
module needs the pjsip_notify.conf configuration file so
ensure it is installed.
ASTERISK-28272
Change-Id: I261659b84e7a6ac4cb49990d9badb4b2ad01bacd
To prevent one subsystem's taskprocessors from causing others
to stall, new capabilities have been added to taskprocessors.
* Any taskprocessor name that has a '/' will have the part
before the '/' saved as its "subsystem".
Examples:
"sorcery/acl-0000006a" and "sorcery/aor-00000019"
will be grouped to subsystem "sorcery".
"pjsip/distributor-00000025" and "pjsip/distributor-00000026"
will bn grouped to subsystem "pjsip".
Taskprocessors with no '/' have an empty subsystem.
* When a taskprocessor enters high-water alert status and it
has a non-empty subsystem, the subsystem alert count will
be incremented.
* When a taskprocessor leaves high-water alert status and it
has a non-empty subsystem, the subsystem alert count will be
decremented.
* A new api ast_taskprocessor_get_subsystem_alert() has been
added that returns the number of taskprocessors in alert for
the subsystem.
* A new CLI command "core show taskprocessor alerted subsystems"
has been added.
* A new unit test was addded.
REMINDER: The taskprocessor code itself doesn't take any action
based on high-water alerts or overloading. It's up to taskprocessor
users to check and take action themselves. Currently only the pjsip
distributor does this.
* A new pjsip/global option "taskprocessor_overload_trigger"
has been added that allows the user to select the trigger
mechanism the distributor uses to pause accepting new requests.
"none": Don't pause on any overload condition.
"global": Pause on ANY taskprocessor overload (the default and
current behavior)
"pjsip_only": Pause only on pjsip taskprocessor overloads.
* The core pjsip pool was renamed from "SIP" to "pjsip" so it can
be properly grouped into the "pjsip" subsystem.
* stasis taskprocessor names were changed to "stasis" as the
subsystem.
* Sorcery core taskprocessor names were changed to "sorcery" to
match the object taskprocessors.
Change-Id: I8c19068bb2fc26610a9f0b8624bdf577a04fcd56
When Asterisk is connected and used with a database the response
time of the database can cause problems in Asterisk if it is long.
Normally the only way to see this problem would be to retrieve a
backtrace from Asterisk and examine where things are blocked, or
examine the database to see if there is any indication of a
problem.
This change adds some basic query logging to make it easier to
investigate such a problem. When logging is enabled res_odbc will
now keep track of the number of queries executed, as well as the
query that has taken the longest time to execute. There is also
an option which will cause a WARNING message to be output if a
query takes longer than a configurable amount of time to execute.
This makes it easier and clearer for users that their database may
be experiencing a problem that could impact Asterisk.
ASTERISK-28277
Change-Id: I173cf4928b10754478a6a8c27dfa96ede0f058a6
The option value "sdp" for some of the settings was removed a while back,
however the sample conf was not updated.
This patch removes any wording with regards to the old "sdp" option value,
and adjusts the defaults to what they are now.
ASTERISK-28263
Change-Id: I41bfa44e9f69446bcc5c8fd92e3675c676fdc445
You can now define an "aliases" context in voicemail.conf
whose entries point to actual mailboxes. These can be used anywhere
the mailbox is specified.
Example:
[general]
aliasescontext = myaliases
[default]
1234 = yadayada
[myaliases]
4321@devices = 1234@default
Now you can use 4321@devices to refer to the 1234@default mailbox.
This can be useful to provide channel drivers with constant
mailbox specifications such as <extension>@devices leaving
app_voicemail to control exactly which mailbox the alias points to.
Now, only voicemail has to be reloaded to make changes instead of
individual channel drivers which are usually more expensive to
reload.
Change-Id: I395b9205c91523a334fe971be0d1de4522067b04
The commit I2f97ebfa79969a36a97bb7b9afd5b6268cf1a07d removed sending out
the ContactStatus AMI event when a contact is updated.
Thist change broke things which rely on old behavior.
This patch adds a new PJSIP global configuration option
'send_contact_status_on_update_registration' to be able to preserve old
ContactStatus behavior.
By default new behavior, i.e. the ContactStatus event will not be sent when a
device refreshes its registration.
Change-Id: I706adf7584e7077eb6bde6d9799ca408bc82ce46
This reverts commit 29115e2384.
That commit closed a long standing hole which allowed subscriptions
to mailboxes that weren't configured in voicemail.conf. This
caused an issue with FreePBX which depdended on that behavior.
The commit is being reverted until FreePBX can handle the new
behavior.
ASTERISK-28151
Reported by: Ronald Raikes
Change-Id: I57b7b85e75d7dd97c742b5c69d718a0f61260c15
When a channel snapshot was created it used to be done
from scratch, copying all data (many strings). This incurs
a cost when doing so.
This change segments the channel snapshot into different
components which can be reused if unchanged from the
previous snapshot creation, reducing the cost. In normal
cases this results in some pointers being copied with
reference count being bumped, some integers being set,
and a string or two copied. The other benefit is that it
is now possible to determine if a channel snapshot update
is redundant and thus stop it before a message is published
to stasis.
The specific segments in the channel snapshot were split up
based on whether they are changed together, how often they
are changed, and their general grouping. In practice only
1 (or 0) of the segments actually get changed in normal
operation.
Invalidation is done by setting a flag on the channel when
the segment source is changed, forcing creation of a new
segment when the channel snapshot is created.
ASTERISK-28119
Change-Id: I5d7ef3df963a88ac47bc187d73c5225c315f8423
This patch adds new options 'trust_connected_line' and 'send_connected_line'
to the endpoint.
The option 'trust_connected_line' is to control if connected line updates
are accepted from this endpoint.
The option 'send_connected_line' is to control if connected line updates
can be sent to this endpoint.
The default value is 'yes' for both options.
Change-Id: I16af967815efd904597ec2f033337e4333d097cd
This officially deprecates chan_sip in Asterisk 17+. A warning is
printed upon startup or module load to tell users that they should
consider migrating. chan_sip is still built by default but the default
modules.conf skips loading it at startup.
Very important to note we are not scheduling a time where chan_sip will
be removed. The goal of this change is to accurately inform end users
of the current state of chan_sip and encourage movement to the fully
supported chan_pjsip.
Change-Id: Icebd8848f63feab94ef882d36b2e99d73155af93
This change implements a few different generic things which were brought
on by Google Voice SIP.
1. The concept of flow transports have been introduced. These are
configurable transports in pjsip.conf which can be used to reference a
flow of signaling to a target. These have runtime configuration that can
be changed by the signaling itself (such as Service-Routes and
P-Preferred-Identity). When used these guarantee an individual connection
(in the case of TCP or TLS) even if multiple flow transports exist to the
same target.
2. Service-Routes (RFC 3608) support has been added to the outbound
registration module which when received will be stored on the flow
transport and used for requests referencing it.
3. P-Associated-URI / P-Preferred-Identity (RFC 3325) support has been
added to the outbound registration module. If a P-Associated-URI header
is received it will be used on requests as the P-Preferred-Identity.
4. Configurable outbound extension support has been added to the outbound
registration module. When set the extension will be placed in the
Supported header.
5. Header parameters can now be configured on an outbound registration
which will be placed in the Contact header.
6. Google specific OAuth / Bearer token authentication
(draft-ietf-sipcore-sip-authn-02) has been added to the outbound
registration module.
All functionality changes are controlled by pjsip.conf configuration
options and do not affect non-configured pjsip endpoints otherwise.
ASTERISK-27971 #close
Change-Id: Id214c2d1c550a41fcf564b7df8f3da7be565bd58
When networks experience disruptions, there can be large gaps of time
between receiving packets. When strictrtp is enabled, this created
issues where a flood of packets could come in and be seen as an attack.
Another option - seqno - has been added to the strictrtp option that
ignores the time interval and goes strictly by sequence number for
validity.
Change-Id: I8a42b8d193673899c8fc22fe7f98ea87df89be71
app_voicemail was using the stasis cache to build and maintain a
list of mailboxes that had subscribers. It then used this list
to determine if a mailbox should be polled for new messages if
polling was enabled. For this to work, stasis had to cache every
subscription and unsubscription to the mailbox which caused a lot of
overhead, both cpu and memory related.
Since polling is only required when changes are being made to
mailboxes outside of app_voicemail and since the number of mailboxes
that don't have any subscribers is likely to be very low, all
mailboxes are now polled instead of just the ones with subscribers.
This paves the way for disabling the caching of stasis subscription
change messages.
Also fixed cleanup in some of the unit tests that not only left
test users in the users list but also caused segfaults if the tests
were run more than once.
ASTERISK-27121
Change-Id: I5cceb737246949f9782955c64425b8bd25a9e9ee
Change disables loading of res_hep.so in default installation. Loading
res_hep has a performance impact whether it's used or not. This disables
loading of it in sample config files.
Change-Id: I5ec150cf941634fabc72973e5bf1a965cb0ef9d0
It is valid for a config file to be empty or contain only comments, but
not valid for a config value to be set when no uncommented context
exists. This caused an error to be loged numerous times during start
when loading the default pjsip.conf.
Change-Id: Icf3b0d69b4ecb6e935eecd43c99ed8b32a5a1cf6
A new option 'suppress_q850_reason_headers' has been added to the
endpoint object. Some devices can't accept multiple Reason headers and
get confused when both 'SIP' and 'Q.850' Reason headers are received.
This option allows the 'Q.850' Reason header to be suppressed.
The default value is 'no'.
ASTERISK-27949
Reported-by: Ross Beer
Change-Id: I54cf37a827d77de2079256bb3de7e90fa5e1deb1
The Websocket transport uses the built-in HTTP server. As a result
the TLS configuration is done in http.conf and not in pjsip.conf.
This change adds a warning if this is configured in pjsip.conf and
also clarifies in the sample configuration file.
Change-Id: I187d994d328c3ed274b6754fd4c2a4955bdc6dd9
pjproject by default currently will follow media forked during an INVITE
on outbound calls if the To tag is different on a subsequent response as
that on an earlier response. We handle this correctly. There have
been reported cases where the To tag is the same but we still need to
follow the media. The pjproject patch in this commit adds the
capability to sip_inv and also adds the capability to control it at
runtime. The original "different tag" behavior was always controllable
at runtime but we never did anything with it and left it to default to
TRUE.
So, along with the pjproject patch, this commit adds options to both the
system and endpoint objects to control the two behaviors, and a small
logic change to session_inv_on_media_update in res_pjsip_session to
control the behavior at the endpoint level.
The default behavior for "different tags" remains the same at TRUE and
the default for "same tag" is FALSE.
Change-Id: I64d071942b79adb2f0a4e13137389b19404fe3d6
ASTERISK-27936
Reported-by: Ross Beer
ConfBridge can now send events to participants via in-dialog MESSAGEs.
All current Confbridge events are supported, such as ConfbridgeJoin,
ConfbridgeLeave, etc. In addition to those events, a new event
ConfbridgeWelcome has been added that will send a list of all
current participants to a new participant.
For all but the ConfbridgeWelcome event, the JSON message contains
information about the bridge, such as its id and name, and information
about the channel that triggered the event such as channel name,
callerid info, mute status, and the MSID labels for their audio and
video tracks. You can use the labels to correlate callerid and mute
status to specific video elements in a webrtc client.
To control this behavior, the following options have been added to
confbridge.conf:
bridge_profile/enable_events: This must be enabled on any bridge where
events are desired.
user_profile/send_events: This must be set for a user profile to send
events. Different user profiles connected to the same bridge can have
different settings. This allows admins to get events but not normal
users for instance.
user_profile/echo_events: In some cases, you might not want the user
triggering the event to get the event sent back to them. To prevent it,
set this to false.
A change was also made to res_pjsip_sdp_rtp to save the generated msid
to the stream so it can be re-used. This allows participant A's video
stream to appear as the same label to all other participants.
Change-Id: I26420aa9f101f0b2387dc9e2fd10733197f1318e
The OUTPUTDIR variable in ast_debug_tools.conf.sample is now set
to "/tmp" instead of "/some/directory".
Variables set on the command line or that are already in the
environment now take predecence over variables set in the config files.
ASTERISK-27846
Reported by: Ted G
Change-Id: Ie8baec52d531886bf5849ec1d59bb59dc87ad387
Analog phones dial overlap dialing and it is chan_dahdi's job to read the
numbers. It has three timeout constants that this commit converts to
channel-level configuration options:
* firstdigit_timeout: Default time (ms) to detect first digit
* interdigit_timeout: Default time (ms) to detect following digits
* matchdigit_timeout: Default time (ms) to wait in case of ambiguous
match. This happens when the dialed digits match a number in the current
context but are also the prefix of another number.
Change-Id: Ib728fa900a4f6ae56d1ed810aba61b6593fb7213
This change adds the ability for multiple REMB reports in
bridge_softmix to be combined according to a configured
behavior into a single report. This single report is sent
back to the sender of video, which adjusts the encoding bitrate
to be at or below the bitrate of the report. The available
behaviors are: lowest, highest, and average. Lowest uses the
lowest received bitrate. Highest uses the highest received
bitrate. Average goes through the received bitrates adding
them to the previous average and creates a new average.
Other behaviors can be added in the future and the existing
average one may be adjusted, but this provides the foundation
to do so.
Support for configuring which behavior to use has been
added to app_confbridge.
ASTERISK-27804
Change-Id: I9eafe4e7c1f72d67074a8d6acb26bfcf19322b66
This change adds a configuration option to app_confbridge which can be
used to set the interval at which we will send a combined REMB (remote
estimated maximum bitrate) frame to sources of video. The bridging API
has also been extended slightly to allow setting this so bridge_softmix
can use it.
ASTERISK-27786
Change-Id: I0e49eae60f369c86434414f3cb8278709c793c82
If the two formats on a channel are equal, we don't transcode and since
the generic plc needs slin to work, it doesn't get invoked.
* A new configuration option "genericplc_on_equal_codecs" was added
to the "plc" section of codecs.conf to allow generic packet loss
concealment even if no transcoding was originally needed.
Transcoding via SLIN is forced in this case.
ASTERISK-27743
Change-Id: I0577026a179dea34232e63123254b4e0508378f4
The pool cache gets in the way of finding use after free errors of memory
pool contents. Tools like valgrind and MALLOC_DEBUG don't know when a
pool is released because it gets put into the cache instead of being
freed.
* Added the "cache_pools" option to pjproject.conf. Disabling the option
helps track down pool content mismanagement when using valgrind or
MALLOC_DEBUG. The cache gets in the way of determining if the pool
contents are used after free and who freed it.
To disable the pool caching simply disable the cache_pools option in
pjproject.conf and restart Asterisk.
Sample pjproject.conf setting:
[startup]
cache_pools=no
* Made current users of the caching pool factory initialization and
destruction calls call common routines to create and destroy cached pools.
ASTERISK-27704
Change-Id: I64d5befbaeed2532f93aa027a51eb52347d2b828
When a line is the maximum length "\n" is found at sizeof(buf) - 2 since
the last character is actually the null terminator. In addition if a
line was exactly 8190 plus a multiple of 8192 characters long the config
parser would skip the following line.
Additionally fix comment in voicemail.conf sample config. It previously
stated that emailbody can only contain up to 512 characters which is
always wrong. The buffer is normally 8192 characters unless LOW_MEMORY
is enabled then it is 512 characters. The updated comment states that
the line can be up to 8190 or 510 characters since the line feed and
NULL terminator each use a character.
ASTERISK-26688 #close
Change-Id: I80864a0d40d2e2d8cd79d72af52a8f0a3a99c015
The dsp_talking_threshold does not represent time in milliseconds. It
represents the average magnitude per sample in the audio packets. This is
what the DSP uses to determine if a packet is silence or talking/noise.
Change-Id: If6f939c100eb92a5ac6c21236559018eeaf58443
The sample modules.conf explicitly loaded res_musiconhold.so. This is
redundent as autoload=yes is already set. It causes warnings if
res_musiconhold.so was not installed and results in an unexpected load
if the admin disables autoload without remembering to remove the
res_musiconhold load statement.
Also remove reference to unknown module pbx_gtkconsole.
Change-Id: Ib01888994d9f1364b14d3c9fb6ff96774a6e580a
This patch adds the ability to configure a prompt which will be read
to the "winner" who pressed 1 (or the configured value) and received
the call.
ASTERISK-24372 #close
Change-Id: I6ec1c6c883347f7d1e1f597189544993c8d65272
The type=identify endpoint identification method can match by IP address
and by SIP header. However, the SIP header matching has limited
usefulness because you cannot specify the SIP header matching priority
relative to the IP address matching. All the matching happens at the same
priority and the order of evaluating the identify sections is
indeterminate. e.g., If you had two type=identify sections where one
matches by IP address for endpoint alice and the other matches by SIP
header for endpoint bob then you couldn't predict which endpoint is
matched when a request comes in that matches both.
* Extract the SIP header matching criteria into its own "header" endpoint
identification method so the user can specify the relative priority of the
SIP header and the IP address matching criteria in the global
endpoint_identifier_order option. The "ip" endpoint identification method
now only matches by IP address.
ASTERISK-27491
Change-Id: I9df142a575b7e1e3471b7cda5d3ea156cef08095
This patch adds the ability to set the wrapuptime on the queue member
config.
When the option is set the wrapuptime on the queue member is used instead
of the queue's wrapuptime.
ASTERISK-27483 #close
Change-Id: I11c85809537f974eb44dc5bbf82bcedd8a458902
The mute/unmute sounds are only played when the
action is initiated using the DTMF menu.
ASTERISK-24756
Change-Id: I55b3dd5bc166096bf5e2f547ddd0ce355f36e3dc
We should not do flood detection on video RTP streams. Video RTP streams
are very bursty by nature. They send out a burst of packets to update the
video frame then wait for the next video frame update. Really only audio
streams can be checked for flooding. The others are either bursty or
don't have a set rate.
* Added code to selectively disable packet flood detection for video RTP
streams.
ASTERISK-27440
Change-Id: I78031491a6e75c2d4b1e9c2462dc498fe9880a70
This no longer appears to exist, so no sense in causing confusion.
ASTERISK-27175 #close
Reported by: Tzafrir Cohen
Change-Id: Idde967924c69f6a741dc9a5ab7dacb44d22cf100
With Asterisk 12 (commit 866d968), the default of "icesupport" changed to
- "yes" in the module "res_rtp_asterisk" and
- "no" in the module "chan_sip".
The latter was reflected in the sample configuration file for "sip.conf". The
former did not make it into "rtp.conf.sample".
ASTERISK-20643
Change-Id: I2a2e0a900455d0767a99ea576e30adc6d7608a36
Beanstalkd is a simple to use job queue. It provides a means to
create multiple job queues called "tubes". Each tube can store
multiple jobs, with varying priorities with the queue. Queue
processing is available via a simple TCP socket or via well defined
libraries, avaialble at
https://github.com/kr/beanstalkd/wiki/client-libraries
This module is based upon the beanstalk-client library, available
for download at: https://github.com/deepfryed/beanstalk-client
This module currently doesn't support user defined events.
Change-Id: Ic3a087faeeac045d69a2a018e60e29831ddb95ab
The OUTPUTDIR environment variable can now be set either in the
environment itself or in ast_debug_tools.conf. If set, it's used
for all work products instead of /tmp.
Also added the --tarball-config option that includes the contents
of /etc/asterisk when either --tarball-coredumps or --tarball-results
are used.
Change-Id: I66b2553319df61caea5b313d084f51978f730b4c
The media frame cache gets in the way of finding use after free errors of
media frames. Tools like valgrind and MALLOC_DEBUG don't know when a
frame is released because it gets put into the cache instead of being
freed.
* Added the "cache_media_frames" option to asterisk.conf. Disabling the
option helps track down media frame mismanagement when using valgrind or
MALLOC_DEBUG. The cache gets in the way of determining if the frame is
used after free and who freed it. NOTE: This option has no effect when
Asterisk is compiled with the LOW_MEMORY compile time option enabled
because the cache code does not exist.
To disable the media frame cache simply disable the cache_media_frames
option in asterisk.conf and restart Asterisk.
Sample asterisk.conf setting:
[options]
cache_media_frames=no
ASTERISK-27413
Change-Id: I0ab2ce0f4547cccf2eb214901835c2d951b78c00
This mimics the behavior of Chrome and Firefox and creates an ephemeral
X.509 certificate for each DTLS session.
Currently, the only supported key type is ECDSA because of its faster
generation time, but other key types can be added in the future as
necessary.
ASTERISK-27395
Change-Id: I5122e5f4b83c6320cc17407a187fcf491daf30b4
When the identify_by option on an endpoint is set to ip it will
only be identified using the res_pjsip_endpoint_identifier_ip module.
This ensures that it is not mistakenly matched using the username of
the From header. To ensure behavior has not changed the default has
been changed to "username,ip" for the identify_by option.
ASTERISK-27206
Change-Id: I2170b86a7f7e221b4f00bf14aa1ef1ac5b050bbd
Beanstalkd is a simple to use job queue. It provides a means to
create multiple job queues called "tubes". Each tube can store
multiple jobs, with varying priorities with the queue. Queue
processing is available via a simple TCP socket or via well defined
libraries, avaialble at
https://github.com/kr/beanstalkd/wiki/client-libraries
This module is based upon the beanstalk-client library, available
for download at: https://github.com/deepfryed/beanstalk-client
Change-Id: I5fe4089a34ab3b39230786d9bbfddafa56715f48
When "rewrite_contact" is enabled, the "max_contacts" count option can
block re-registrations because the source port from the endpoint can be
random. When the re-registration is blocked, the endpoint may give up
re-registering and require manual intervention.
* The "remove_existing" option now allows a registration to succeed by
displacing any existing contacts that now exceed the "max_contacts" count.
Any removed contacts are the next to expire. The behaviour change is
beneficial when "rewrite_contact" is enabled and "max_contacts" is greater
than one. The removed contact is likely the old contact created by
"rewrite_contact" that the device is refreshing.
ASTERISK-27192
Change-Id: I64c107a10b70db1697d17136051ae6bf22b5314b
Incoming requests with non sip(s) URIs in the Request, To, From
or Contact URIs are now rejected with
PJSIP_SC_UNSUPPORTED_URI_SCHEME (416). This is performed in
pjsip_message_filter (formerly pjsip_message_ip_updater) and is
done at pjproject's "TRANSPORT" layer before a request can even
reach the distributor.
URIs read by res_pjsip_outbound_publish from pjsip.conf are now
also checked for both length and sip(s) scheme. Those URIs read
by outbound registration and aor were already being checked for
scheme but their error messages needed to be updated to include
scheme failure as well as length failure.
Change-Id: Ibb2f9f1d2dc7549da562af4cbd9156c44ffdd460
A new endpoint parameter "incoming_mwi_mailbox" allows Asterisk to
receive unsolicited MWI NOTIFY requests and make them available to
other modules via the stasis message bus.
res_pjsip_pubsub has a new handler "pubsub_on_rx_mwi_notify_request"
that parses a simple-message-summary body and, if
endpoint->incoming_mwi_account is set, calls ast_publish_mwi_state
with the voice-message counts from the message.
Change-Id: I08bae3d16e77af48fcccc2c936acce8fc0ef0f3c
An admin can configure app_minivm with an externnotify program to be run
when a voicemail is received. The app_minivm application MinivmNotify
uses ast_safe_system() for this purpose which is vulnerable to command
injection since the Caller-ID name and number values given to externnotify
can come from an external untrusted source.
* Add ast_safe_execvp() function. This gives modules the ability to run
external commands with greater safety compared to ast_safe_system().
Specifically when some parameters are filled by untrusted sources the new
function does not allow malicious input to break argument encoding. This
may be of particular concern where CALLERID(name) or CALLERID(num) may be
used as a parameter to a script run by ast_safe_system() which could
potentially allow arbitrary command execution.
* Changed app_minivm.c:run_externnotify() to use the new ast_safe_execvp()
instead of ast_safe_system() to avoid command injection.
* Document code injection potential from untrusted data sources for other
shell commands that are under user control.
ASTERISK-27103
Change-Id: I7552472247a84cde24e1358aaf64af160107aef1
Add ability to use tokens instead of passwords according to Google OAuth 2.0
protocol.
ASTERISK-27169
Reported by: Andrey Egorov
Tested by: Andrey Egorov
Change-Id: I07f7052a502457ab55010a4d3686653b60f4c8db
Setting this option will cause the Queue application to only announce
the caller's position if it has improved since the last time that we
announced it.
Change-Id: I173a124121422209485b043e2bf784f54242fce6
This change does a few things to improve packet loss and renegotiation:
1. On outgoing RTP streams we will now properly reflect out of order
packets and packet loss in the sequence number. This allows the
remote jitterbuffer to better reorder things.
2. Video updates can now be discarded for a period of time
after one has been sent to prevent flooding of clients.
3. For declined and removed streams we will now release any
media session resources associated with them. This was not
previously done and caused an issue where old state was being
used for a new stream.
4. RTP bundling was not actually removing bundled RTP instances
from the parent. This has been resolved by removing based on
the RTP instance itself and not the SSRC.
5. The code did not properly handle explicitly unbundling an
RTP instance from its parent. This now works as expected.
ASTERISK-27143
Change-Id: Ibd91362f0e4990b6129638e712bc8adf0899fd45
This patch creates a new configuration option called "webrtc". When enabled it
defaults and enables the following options that are needed in order for webrtc
to work in Asterisk:
rtcp-mux, use_avpf, ice_support, and use_received_transport=enabled
media_encryption=dtls
dtls_verify=fingerprint
dtls_setup=actpass
When "webrtc" is enabled, this patch also parses the "msid" media level
attribute from an SDP. It will also appropriately add it onto the outgoing
session when applicable.
Lastly, when "webrtc" is enabled h264 RTCP FIR feedback frames are now sent.
ASTERISK-27119 #close
Change-Id: I5ec02e07c5d5b9ad86a34fdf31bf2f9da9aac6fd
This adds support for parsing timelen values from config files. This
includes support for all flags which apply to PARSE_INT32. Support for
this parser is added to ACO via the OPT_TIMELEN_T option type.
Fixes an issue where extra characters provided to ast_app_parse_timelen
were ignored, they now cause an error.
Testing is included.
ASTERISK-27117 #close
Change-Id: I6b333feca7e3f83b4ef5bf2636fc0fd613742554
By default, when res_musiconhold reloads or unloads, it sends a HUP
signal to custom applications (and all descendants), waits 100ms,
then sends a TERM signal, waits 100ms, then finally sends a KILL
signal. An application which is interacting with an external
device and/or spawns children of its own may not be able to exit
cleanly in the default times, expecially if sent a KILL signal, or
if it's children are getting signals directly from
res_musiconhoild.
* To allow extra time, the 'kill_escalation_delay'
class option can be used to set the number of milliseconds
res_musiconhold waits before escalating kill signals, with the
default being the current 100ms.
* To control to whom the signals are sent, the "kill_method" class
option can be set to "process_group" (the default, existing
behavior), which sends signals to the application and its
descendants directly, or "process" which sends signals only to the
application itself.
Change-Id: Iff70a1a9405685a9021a68416830c0db5158603b
When connected_line_method is "invite", we're supposed to determine
if the client can support UPDATE and if it can, send UPDATE instead
of INVITE to avoid the SDP renegotiation. Not only was pjproject
not setting the PJSIP_INV_SUPPORT_UPDATE flag, we were testing
that invite_tsx wasn't NULL which isn't always the case.
* Updated chan_pjsip/update_connected_line_information to drop the
requirement that invite_tsx isn't NULL.
* Submitted patch to pjproject sip_inv.c that sets the
PJSIP_INV_SUPPORT_UPDATE flag correctly.
* Updated pjsip.conf.sample to clarify what happens when "invite"
is specified.
ASTERISK-27095
Change-Id: Ic2381b3567b8052c616d96fbe79564c530e81560
The stream topology (list of streams and order) is now stored with the
configured PJSIP endpoints and used during the negotiation process.
Media negotiation state information has been changed to be stored
in a separate object. Two of these objects exist at any one time
on a session. The active media state information is what was previously
negotiated and the pending media state information is what the
media state will become if negotiation succeeds. Streams and other
state information is stored in this object using the index (or
position) of each individual stream for easy lookup.
The ability for a media type handler to specify a callback for
writing has been added as well as the ability to add file
descriptors with a callback which is invoked when data is available
to be read on them. This allows media logic to live outside of
the chan_pjsip module.
Direct media has been changed so that only the first audio and
video stream are directly connected. In the future once the RTP
engine glue API has been updated to know about streams each individual
stream can be directly connected as appropriate.
Media negotiation itself will currently answer all the provided streams
on an offer within configured limits and on an offer will use the
topology created as a result of the disallow/allow codec lines.
If a stream has been removed or declined we will now mark it as such
within the resulting SDP.
Applications can now also request that the stream topology change.
If we are told to do so we will limit any provided formats to the ones
configured on the endpoint and send a re-invite with the new topology.
Two new configuration options have also been added to PJSIP endpoints:
max_audio_streams: determines the maximum number of audio streams to
offer/accept from an endpoint. Defaults to 1.
max_video_streams: determines the maximum number of video streams to
offer/accept from an endpoint. Defaults to 1.
ASTERISK-27076
Change-Id: I8afd8dd2eb538806a39b887af0abd046266e14c7
A new global option "imap_poll_logout" was added to specify whether need to
disconnect from the IMAP server after polling of mailboxes.
ASTERISK-27068 #close
Closing IMAP connection after loading mailbox from voicemail.conf
ASTERISK-24052 #close
Change-Id: Ib7558ba04516240a32b65f42e9be64372a0ae12a
This option was added to control whether to notify dialog-info state
'early' or 'confirmed' on Ringing when already INUSE.
The value "yes" is useful for some SIP phones (Cisco SPA)
to be able to indicate and pick up ringing devices.
ASTERISK-26919 #close
Change-Id: Ie050bc30023543c7dfb4365c5be3ce58c738c711
Additional variable to work alongside QUEUE_MAX_PENALTY and QUEUE_MIN_PENALTY,
including an extra parameter in queuerules.conf. This value causes lower
Agent penalty values to "raise up" so that they can join higher penalty agents
and be treated equally after a period of time.
ASTERISK-26995 #close
Change-Id: If1c6421a983667a5ac4c359f6dac25b212b4c459
This option was added to turn off notifying the progress details
on Blind Transfer. If this option is not set then the chan_pjsip
will send NOTIFY "200 OK" immediately after "202 Accepted".
Some SIP phones like Mitel/Aastra or Snom keep the line busy until
receive "200 OK".
ASTERISK-26333 #close
Change-Id: Id606fbff2e02e967c02138457badc399144720f2
This change adds the required logic to allow the SIP
Call-ID to be placed into the HEP RTCP traffic if the
chan_sip module is used. In cases where the option is
enabled but the channel is not either SIP or PJSIP then
the code will fallback to the channel name as done
previously.
Based on the change on Nir's branch at:
team/nirs/hep-chan-sip-support
ASTERISK-26427
Change-Id: I09ffa5f6e2fdfd99ee999650ba4e0a7aad6dc40d
All log messages go to a queue serviced by a single thread
which does all the IO. This setting controls how big that
queue can get (and therefore how much memory is allocated)
before new messages are discarded. The default is 1000.
Should something go bezerk and log tons of messages in a tight
loop, this will prevent memory escalation.
When the limit is reached, a WARNING is logged to that effect
and messages are discarded until the queue is empty again. At
that time another WARNING will be logged with the count of
discarded messages. There's no "low water mark" for this queue
because the logger thread empties the entire queue and processes it
in 1 batch before going back and waiting on the queue again.
Implementing a low water mark would mean additional locking as
the thread processes each message and it's not worth it.
A "test" was added to test_logger.c but since the outcome is
non-deterministic, it's really just a cli command, not a unit
test.
Change-Id: Ib4520c95e1ca5325dbf584c7989ce391649836d1
Added the stun_blacklist option to rtp.conf. Some multihomed servers have
IP interfaces that cannot reach the STUN server specified by stunaddr.
Blacklist those interface subnets from trying to send a STUN packet to
find the external IP address. Attempting to send the STUN packet
needlessly delays processing incoming and outgoing SIP INVITEs because we
will wait for a response that can never come until we give up on the
response. Multiple subnets may be listed.
ASTERISK-26890 #close
Change-Id: I3ff4f729e787f00c3e6e670fe6435acce38be342
This include was accidentally removed in changeset
Ia79aea64de89531362e993e34230c2044a70aa93. My bad.
Change-Id: I1d716c7f9590b4e97909fb8bca1f2ed9bd0e4082
This change adds database tables for the PUBLISH support so it
can be configured using realtime. A minor fix to the
res_pjsip_publish_asterisk module was done so that it read the
sorcery configuration from the correct section. Finally the
sample configuration files have been updated.
ASTERISK-26928
Change-Id: I81991ae5c75af98d247f7eacd1c0b0a763675952
Two new parameters have been added to the pjsip config wizard.
* Setting 'sends_line_with_registrations' to true will cause the wizard
to skip the creation of an identify object to match incoming request
to the endpoint and instead add the line and endpoint parameters to
the outbound registration object.
* Setting 'outbound_proxy' is a shortcut for adding individual
endpoint/outbound_proxy, aor/outbound_proxy and
registration/outbound_proxy parameters.
Change-Id: I678e5f80765734c056620528a6d40d82736ceeb0
(cherry picked from commit a827892ff7)
(cherry picked from commit 27344675be)
Dynamic payload types were statically defined in Asterisk. This unfortunately
limited the number of dynamic payloads that could be registered. With this patch
dynamic payload type numbers are now assigned dynamically and per RTP instance.
However, in order to limit any issues where some clients expect the old
statically defined value this patch makes it so the value Asterisk used to pre-
designate is used for the dynamic assignment if available.
An option, "rtp_use_dynamic", has also been added (can be set in asterisk.conf)
that turns the new dynamic behavior on or off. When off it reverts back to using
statically defined payload values. This option defaults to "yes" in Asterisk 15.
ASTERISK-26515 #close
patches:
ASTERISK-26515.diff submitted by jcolp (license 5000
Change-Id: I7653465c5ebeaf968f1a1cc8f3f4f5c4321da7fc
Support for RFC3578 overlap dialling (i.e. 484 Response to partially matched
destinations) as currently provided by chan_sip is missing from res_pjsip.
This patch adds a new endpoint attribute (allow_overlap) [defaults to yes]
which when set to yes enables 484 responses to partial destination
matches rather than the current 404.
ASTERISK-26864
Change-Id: Iea444da3ee7c7d4f1fde1d01d138a3d7b0fe40f6
A new transport parameter 'symmetric_transport' has been added.
When a request from a dynamic contact comes in on a transport with
this option set to 'yes', the transport name will be saved and used
for subsequent outgoing requests like OPTIONS, NOTIFY and INVITE.
It's saved as a contact uri parameter named 'x-ast-txp' and will
display with the contact uri in CLI, AMI, and ARI output. On the
outgoing request, if a transport wasn't explicitly set on the
endpoint AND the request URI is not a hostname, the saved transport
will be used and the 'x-ast-txp' parameter stripped from the
outgoing packet.
* config_transport was modified to accept and store the new parameter.
* config_transport/transport_apply was updated to store the transport
name in the pjsip_transport->info field using the pjsip_transport->pool
on UDP transports.
* A 'multihomed_on_rx_message' function was added to
pjsip_message_ip_updater that, for incoming requests, retrieves the
transport name from pjsip_transport->info and retrieves the transport.
If transport->symmetric_transport is set, an 'x-ast-txp' uri parameter
containing the transport name is added to the incoming Contact header.
* An 'ast_sip_get_transport_name' function was added to res_pjsip.
It takes an ast_sip_endpoint and a pjsip_sip_uri and returns a
transport name if endpoint->transport is set or if there's an
'x-ast-txp' parameter on the uri and the uri host is an ipv4 or
ipv6 address. Otherwise it returns NULL.
* An 'ast_sip_dlg_set_transport' function was added to res_pjsip
which takes an ast_sip_endpoint, a pjsip_dialog, and an optional
pjsip_tpselector. It calls ast_sip_get_transport_name() and if
a non-NULL is returned, sets the selector and sets the transport
on the dialog. If a selector was passed in, it's updated.
* res_pjsip/ast_sip_create_dialog_uac and ast_sip_create_dialog_uas
were modified to call ast_sip_dlg_set_transport() instead of their
original logic.
* res_pjsip/create_out_of_dialog_request was modified to call
ast_sip_get_transport_name() and pjsip_tx_data_set_transport()
instead of its original logic.
* Existing transport logic was removed from endpt_send_request
since that can only be called after a create_out_of_dialog_request.
* res_pjsip/ast_sip_create_rdata was converted to a wrapper around
a new 'ast_sip_create_rdata_with_contact' function which allows
a contact_uri to be specified in addition to the existing
parameters. (See below)
* res_pjsip_pubsub/internal_pjsip_evsub_send_request was eliminated
since all it did was transport selection and that is now done in
ast_sip_create_dialog_uac and ast_sip_create_dialog_uas.
* 'contact_uri' was added to subscription_persistence. This was
necessary because although the parsed rdata contact header has the
x-ast-txp parameter added (if appropriate),
subscription_persistence_update stores the raw packet which
doesn't have it. subscription_persistence_recreate was then
updated to call ast_sip_create_rdata_with_contact with the
persisted contact_uri so the recreated subscription has the
correct transport info to send the NOTIFYs.
* res_pjsip_session/internal_pjsip_inv_send_msg was eliminated since
all it did was transport selection and that is now done in
ast_sip_create_dialog_uac.
* pjsip_message_ip_updater/multihomed_on_tx_message was updated
to remove all traces of the x-ast-txp parameter from the
outgoing headers.
NOTE: This change does NOT modify the behavior of permanent
contacts specified on an aor. To do so would require that the
permanent contact's contact uri be updated with the x-ast-txp
parameter and the aor sorcery object updated. If we need to
persue this, we need to think about cloning permanent contacts into
the same store as the dynamic ones on an aor load so they can be
updated without disturbing the originally configured value.
You CAN add the x-ast-txp parameter to a permanent contact's uri
but it would be much simpler to just set endpoint->transport.
Change-Id: I4ee1f51473da32ca54b877cd158523efcef9655f
This patch updates the documenation in hep.conf.sample to better specify
how the various HEP modules interact.
ASTERISK-26717 #close
Change-Id: I337fb742a89e3ec5edc7fc7a7a0295218d841124
* apps/app_voicemail.c fromstring field added to mailbox which will
override the global fromstring if set.
ASTERISK-24562 #close
Change-Id: I5e90e3a1ec2b2d5340b49a0db825e4bbb158b2fe
This change updates the documentation for the outbound_proxy option
to ensure it is consistently stated that a full SIP URI must be
provided for the option.
The res_pjsip_outbound_registration module has also been changed so
that the provided outbound_proxy value is checked to ensure it is a
URI and if not an error is output stating so.
ASTERISK-26782
Change-Id: I6c239a32274846fd44e65b44ad9bf6373479b593
Using the same auth section for inbound and outbound authentication is not
recommended. There is a difference in meaning for an empty realm setting
between inbound and outbound authentication uses.
An empty inbound auth realm represents the global section's default_realm
value when the authentication object is used to challenge an incoming
request. An empty outgoing auth realm is treated as a don't care wildcard
when the authentication object is used to respond to an incoming
authentication challenge.
ASTERISK-26799
Change-Id: Id3952f7cfa1b6683b9954f2c5d2352d2f11059ce
Original patch by John Covert, slight modifications by me.
ASTERISK-17428 #close
Reported by: John Covert
Patches:
app_voicemail.c.patch (license #5512) patch uploaded by
John Covert
Change-Id: Ic3361b0782e5a5397a19ab18eb8550923a9bd6a6
The entry for 'identify' was incorrectly placed in the
res_pjsip section when it should be in
res_pjsip_endpoint_identifier_ip.
ASTERISK-26785 #close
Change-Id: Ia1372b12a952bfe2df6b1b1e0e725ca306a5d41a
This change adds experimental support for providing RTCP
feedback information to codec modules so they can dynamically
change themselves based on conditions.
ASTERISK-26584
Change-Id: Ifd6aa77fb4a7ff546c6025900fc2baf332c31857
ast_loggrabber gathers log files from customizable search patterns,
optionally converts POSIX timestamps to a readable format and
tarballs the results.
Also a few tweaks were made to ast_coredumper.
Change-Id: I8bfe1468ada24c1344ce4abab7b002a59a659495
(cherry picked from commit c709152878)
This utility allows easy manipulation of asterisk coredumps.
* Configurable search paths and patterns for existing coredumps
* Can generate a consistent coredump from the running instance
* Can dump the lock_infos table from a coredump
* Dumps backtraces to separate files...
- thread apply 1 bt full -> <coredump>.thread1.txt
- thread apply all bt -> <coredump>.brief.txt
- thread apply all bt full -> <coredump>.full.txt
- lock_infos table -> <coredump>.locks.txt
* Can tarball corefiles and optionally delete them after processing
* Can tarball results files and optionally delete them after processing
* Converts ':' in coredump and results file names '-' to facilitate
uploading. Jira for instance, won't accept file names with colons
in them.
Tested on Fedora24+, Ubuntu14+, Debian6+, CentOS6+ and FreeBSD9+[1].
[1] For *BSDs, the "devel/gdb" package might have to be installed to
get a recent gdb. The utility will check all instances of gdb
it finds in $PATH and if one isn't found that can run python, it
prints a friendly error.
Change-Id: I935d37ab9db85ef923f32b05579897f0893d33cd
(cherry picked from commit cb47b45560)
Use of the new logging is as simple as issuing the new CLI command or
setting the new pjproject.conf option.
Other options that can affect the logging are how you have the pjproject
log levels mapped to Asterisk log types in pjproject.conf and if you have
configured Asterisk to log the DEBUG type messages. Altering the
pjproject.conf level mapping shouldn't be necessary for most installations
as the default mapping is sensible. Configuring Asterisk to log the DEBUG
message type is standard practice for collecting debug information.
* Added CLI "pjproject set log level" command to dynamically adjust the
maximum pjproject log message level.
* Added CLI "pjproject show log level" command to see the currently set
maximum pjproject log message level.
* Added pjproject.conf startup section "log_level" option to set the
initial maximum pjproject log message level so all messages could be
captured from initialization.
* Set PJ_LOG_MAX_LEVEL to 6 to compile in all defined logging levels into
bundled pjproject. Pjproject will use the currently set run time log
level to determine if a log message is generated just like Asterisk
verbose and debug logging levels.
* In log_forwarder(), made always log enabled and mapped pjproject log
messages. DEBUG mapped log messages are no longer gated by the current
Asterisk debug logging level.
* Removed RAII_VAR() from res_pjproject.c:get_log_level().
ASTERISK-26630 #close
Change-Id: I6dca12979f482ffb0450aaf58db0fe0f6d2e5389
This works the same as for AMI manager variables. Set
"channelvars=foo,bar" in your ari.conf general section, and then the
channel variables "foo" and "bar" (along with their values), will
appear in every Stasis websocket channel event.
ASTERISK-26492 #close
patches:
ari_vars.diff submitted by Mark Michelson
Change-Id: I5609ba239259577c0948645df776d7f3bc864229
Since adding all remaining rates of Signed Linear (ASTERISK-24274), SILK
(Gerrit 3136) and Codec 2 (ASTERISK-26217), no RTP Payload Type is left in the
dynamic range (96-127). RFC 3551 section 3 allows to reassign other ranges.
Consequently, when the dynamic range is exhausted, this change utilizes payload
types in the range between 35 and 63 giving room for another 29 payload types.
ASTERISK-26311 #close
Change-Id: I7bc96ab764bc30098a178b841cbf7146f9d64964
codecs.conf.sample was missing codec opus's configuration options, descriptions,
and examples. This patch adds the configuration options and examples to
codecs.conf.sample that can be used with codec_opus.
ASTERISK-26538 #close
Change-Id: I1d89bb5e01d3e3b5bd78951b8dd0ff077a83dc8b
Removing explicit transport definition for endpoints and registrations. It
isn't necessary and isn't generally advised.
ASTERISK-26514 #close
Change-Id: Ifdec5e631962438a4683600968dfa4bfd15909fb
Support for referring to DAHDI channels by logical names was added in
(FIXME: when? Asterisk 11? 1.8?) and was intended to be part of support
of refering to channels by name.
While technically usable, it has never been properly supported in
dahdi-tools, as using it would require many changes at the Asterisk
level. Instead logical mapping was added at the kernel level.
Thus it seems that refering to DAHDI channels by name is not really used
by anyone, and therefore should probably be removed.
Change-Id: I7d50bbfd9d957586f5cd06570244ef87bd54b485
When channel format changes occurred as a result of an RTP
re-negotiation the bridge was not informed this had happened.
As a result the bridge technology was not re-evaluated and the
channel may have been in a bridge technology that was incompatible
with its formats. The bridge is now unbridged and the technology
re-evaluated when this occurs.
The chan_pjsip module also allowed asymmetric codecs for sending
and receiving. This did not work with all devices and caused one
way audio problems. The default has been changed to NOT do this
but to match the sending codec to the receiving codec. For users
who want asymmetric codecs an option has been added, asymmetric_rtp_codec,
which will return chan_pjsip to the previous behavior.
The codecs returned by the chan_pjsip module when queried by
the bridge_native_rtp module were also not reflective of the
actual negotiated codecs. The nativeformats are now returned as
they reflect the actual negotiated codecs.
ASTERISK-26423 #close
Change-Id: I6ec88c6e3912f52c334f1a26983ccb8f267020dc
This change adds support for dual stack automatically. No
configuration is required and the IP address and version
in the SIP messages and SDP will be automatically changed
based on the transport over which the message is being
sent. RTP usage has also been changed to listen on both
IPv4 and IPv6 simultaneously to allow media to flow, and
to allow ICE support on both simultaneously. This also
allows failover between IPv6 and IPv4 to work as expected.
ASTERISK-26309 #close
Change-Id: I235a421d8f9a326606d861b449fa6fe3a030572d
Introduces ice_blacklist configuration in rtp.conf. Subnets listed in the
form ice_blacklist = <subnet spec>, e.g. ice_blacklist =
192.168.1.0/255.255.255.0, are excluded from ICE host, srflx and relay
discovery. This is useful for optimizing the ICE process where a system
has multiple host address ranges and/or physical interfaces and certain
of them are not expected to be used for RTP. Multiple ice_blacklist
configuration lines may be used. If left unconfigured, all discovered
host addresses are used, as per previous behavior.
Documention in rtp.conf.sample.
ASTERISK-26418 #close
Change-Id: Ibee88f80d7693874fda1cceaef94a03bd86012c9
We use a lot res_calendar, we are very happy with that, especially
because you use libical, the almost alone opensource library that
supports really ical format with all types of recurrency.
Nevertheless, some features are missed for our business use cases.
This first patch adds a new option in calendar.conf:
fetch_again_at_reload. Be my guest for a better name.
If it's true, when you'll launch "module reload res_calendar.so",
Asterisk will download again the calendar.
The business use case is that we have a WebUI with a scheduler planner,
we know when the calendars are modified.
For now, we need to define 1 minute of timeout to have a chance that
our user doesn't wait too long between the modification and the real
test. But it generates a lot of useless HTTP traffic.
ASTERISK-26422 #close
Change-Id: I384b02ebfa42b142bbbd5b7221458c7f4dee7077
The pooling, shared_connection, limit, and idlecheck options
are no longer used in res_odbc.
ASTERISK-26389
Change-Id: I2fde7b467d01f9d1c82cc0a339bb4f7e1dd6bbe6
* Make 'cdrzone=UTC' work properly.
* Fix the documentation of cdr_mysql.conf: it's cdrzone and not timezone
ASTERISK-26359 #close
Change-Id: I2a6f67b71bbbe77cac31a34d0bbfb1d67c933778
This implements the chan_sip legacy_useroption_parsing option but with a
better name.
* Made the caller-id number and redirecting number strings obtained from
incoming SIP URI user fields always truncated at the first semicolon.
People don't care about anything after the semicolon showing up on their
displays even though the RFC allows the semicolon.
ASTERISK-26316 #close
Reported by: Kevin Harwell
Change-Id: Ib42b0e940dd34d84c7b14bc2e90d1ba392624f62
This patch add config to pjsip by endpoint.
;preferred_codec_only=yes
; Respond to a SIP invite with the single most preferred codec
; rather than advertising all joint codec capabilities. This
; limits the other side's codec choice to exactly what we prefer.
ASTERISK-26317 #close
Reported by: AaronAn
Tested by: AaronAn
Change-Id: Iad04dc55055403bbf5ec050997aee2dadc4f0762
When 'tlsclientmethod' is not specified in sip.conf, chan_sip uses the OpenSSL
SSLv23_method. This was documented incorrectly in the file sip.conf.sample.
SSLv23_method got its name in the 90s. Today, with OpenSSL 1.0.2, this method
enables (just) the secure TLSv1.0 and TLSv1.2. Or stated differently, that
function should have been called 'secure_method' or 'automatic_method' back in
the 90s.
Consequently please, specify 'tlsclientmethod=tlsv1' in your sip.conf only if
you face a server which has problems like not falling back to TLSv1.0
automatically.
ASTERISK-24425
Change-Id: I502ce6146b4504cadfd3973af8d6ec3994f54fa3
contact_user, when specified on an endpoint, will override the user
portion of the Contact header on outgoing requests.
Change-Id: Icd4ebfda2f2e44d3ac749d0b4066630e988407d4
The Exchanging Device and Mailbox States could not working
if the Entity ID (EID) is not set manually and can't be obtained
from ethernet interface.
This patch replaces debug message to warning
and addes missing description about option 'entityid' to
asterisk.conf.sample.
With this patch the asterisk also:
(1) decline loading the modules which won't work without EID:
res_corosync and res_pjsip_publish_asterisk.
(2) warn if EID is empty on loading next modules:
pbx_dundi, res_xmpp
Starting with v197 systemd/udev will automatically assign "predictable"
names for all local Ethernet interfaces.
This patch also addes some new ethernet prefixes "eno" and "ens".
ASTERISK-26164 #close
Change-Id: I72d712f1ad5b6f64571bb179c5cb12461e7c58c6
The PJSIP taskprocessors could be overflowed on startup
if there are many (thousands) realtime endpoints
configured with unsolicited mwi.
The PJSIP stack could be totally unresponsive for a few minutes
after boot completed.
This patch creates a separate PJSIP serializers pool for mwi
and makes unsolicited mwi use serializers from this pool.
This patch also adds 2 new global options to tune taskprocessor
alert levels: 'mwi_tps_queue_high' and 'mwi_tps_queue_low'.
This patch also adds new global option 'mwi_disable_initial_unsolicited'
to disable sending unsolicited mwi to all endpoints on startup.
If disabled then unsolicited mwi will start processing
on next endpoint's contact update.
ASTERISK-26230 #close
Change-Id: I4c8ecb82c249eb887930980a800c9f87f28f861a
On heavy loaded system with IMAP or DB storage,
'app_voicemail' taskprocessor queue could reach 500 scheduled tasks.
It could happen when the IMAP or DB server dies or is unreachable.
It could happen on startup when there are many (thousands)
realtime endpoints configured with unsolicited mwi.
If the taskprocessor queue reaches the high water level
then the alert is triggered and pjsip stops processing new requests
until the queue reaches the low water level to clear the alert.
This patch adds 2 new 'general' configuration options
to tune taskprocessor alert levels:
'tps_queue_high' - Taskprocessor high water alert trigger level.
'tps_queue_low' - Taskprocessor low water clear alert level
ASTERISK-26229 #close
Change-Id: I766294fbffedf64053c0d9ac0bedd3109f043ee8
The new option allows the channel driver's faxdetect option to timeout on
a call after the specified number of seconds into a call. The new feature
is disabled if the timeout is set to zero. The option is disabled by
default.
* Don't clear dsp_features after passing them to the dsp code in
my_pri_ss7_open_media(). We should still remember them especially for the
new faxdetect_timeout option.
ASTERISK-26214
Reported by: Richard Mudgett
Change-Id: Ieffd3fe788788d56282844774365546dce8ac810
The new endpoint option allows the PJSIP channel driver's fax_detect
endpoint option to timeout on a call after the specified number of
seconds into a call. The new feature is disabled if the timeout is set
to zero. The option is disabled by default.
ASTERISK-26214
Reported by: Richard Mudgett
Change-Id: Id5a87375fb2c4f9dc1d4b44c78ec8735ba65453d
Following the principle of least surprise, we should not be sending
massive numbers of PJSIP and RTCP HEP packets out into the ether to some
only-slightly-random IP address. Having 'enabled' set to 'no' in the
sample configuration file should prevent this from happening for those
who run 'make samples'.
ASTERISK-26159 #close
Change-Id: I1753a64ca83a3442a6ebdc31061f8185c062d9b1
This patch removes the following modules:
- pbx_functions: It never existed.
- res_pjsip_log_forwarder: It no longer exists.
- res_hep_pjsip: The base HEP module wasn't loaded, and most basic PBXs
aren't going to be installing HOMER
- res_pjsip_phoneprov_provider: The basic res_phoneprov module isn't
loaded, and we aren't configured to make use of the
module
Change-Id: Id91f68cae7c9c8c3d370029fe1268cb51e4ff5a5
Testing has shown that our usage of UnixODBC is problematic
due to bugs within UnixODBC itself as well as the heavy weight
cost of connecting and disconnecting database connections, even
when pooling is enabled.
For users of UnixODBC 2.3.1 and earlier crashes would occur due
to insufficient protection of the disconnect operation. This was
fixed in UnixODBC 2.3.2 and above.
For users of UnixODBC 2.3.3 and higher a slow-down would occur
under heavy database use due to repeated connection establishment.
A regression is present where on each connection the database
configuration is cached again, with the cache growing out of
control.
The connection pool implementation present in this change helps
to mitigate these issues by reducing how much we connect and
disconnect database connections. We also solve the issue of
crashes under UnixODBC 2.3.1 by defaulting the maximum number of
connections to 1, returning us to the previous working behavior.
For users who may have a fixed version the maximum concurrent
connection limit can be increased helping with performance.
The connection pool works by keeping a list of active connections.
If the connection limit has not been reached a new connection is
established. If the connection limit has been reached then the
request waits until a connection becomes available before
continuing.
ASTERISK-26074 #close
ASTERISK-26054 #close
Change-Id: I6774bf4bac49a0b30242c76a09c403d2e856ecff
Add the option 'enable_callee_prompt' to followme.conf. Enabled by
default. If disabled, a callee is not prompted to accept or reject
the forwarded call.
ASTERISK-26064 #close
Change-Id: I0a8b19d4cf95c86a07c992813babb9e4a4acfff5
Signed-off-by: Tzafrir Cohen <tzafrir.cohen@xorcom.com>
func_odbc was changed in Asterisk 13.9.0
to make func_odbc use a single database connection per DSN
because of reported bug ASTERISK-25938
with MySQL/MariaDB LAST_INSERT_ID().
This is drawback in performance when func_odbc is used
very often in dialplan.
Single database connection should be optional.
ASTERISK-26010
Change-Id: I7091783a7150252de8eeb455115bd00514dfe843
At one point in time, it seemed like a good idea to use the Asterisk
channel name as the HEP correlation UUID. In particular, it felt like
this would be a useful identifier to tie PJSIP messages and RTCP
messages together, along with whatever other data we may eventually send
to Homer. This also had the benefit of keeping the correlation UUID
channel technology agnostic.
In practice, it isn't as useful as hoped, for two reasons:
1) The first INVITE request received doesn't have a channel. As a
result, there is always an 'odd message out', leading it to be
potentially uncorrelated in Homer.
2) Other systems sending capture packets (Kamailio) use the SIP Call-ID.
This causes RTCP information to be uncorrelated to the SIP message
traffic seen by those capture nodes.
In order to support both (in case someone is trying to use res_hep_rtcp
with a non-PJSIP channel), this patch adds a new option, uuid_type, with
two valid values - 'call-id' and 'channel'. The uuid_type option is used
by a module to determine the preferred UUID type. When available, that
source of a correlation UUID is used; when not, the more readily available
source is used.
For res_hep_pjsip:
- uuid_type = call-id: the module uses the SIP Call-ID header value
- uuid_type = channel: the module uses the channel name if available,
falling back to SIP Call-ID if not
For res_hep_rtcp:
- uuid_type = call-id: the module uses the SIP Call-ID header if the
channel type is PJSIP and we have a channel,
falling back to the Stasis event provided
channel name if not
- uuid_type = channel: the module uses the channel name
ASTERISK-25352 #close
Change-Id: Ide67e59a52d9c806e3cc0a797ea1a4b88a00122c
* No need to set language in a miniml configuration. 'en' will do just
fine.
* It would be useful to have an example of setting it to a different
language.
* Setting the documentation language explicitly is likewise not
required. Setting it to a different value is not common. At least
until there is a set of translated documentation.
Change-Id: I94d91ea34e129925f25af81ef8dc0906fb568cb7
Signed-off-by: Tzafrir Cohen <tzafrir.cohen@xorcom.com>
Note the default of remmed-out options. To clarify that those values are
not the defaults.
Change-Id: I849c29b7a710f0abc37355fcb5bfee335ae30738
Signed-off-by: Tzafrir Cohen <tzafrir.cohen@xorcom.com>
A minimal configuration does not need to explicitly spell out the
directories. The built-in defaults will do just fine. In many cases
they are wrong.
Change-Id: Id1a671e5c5e9923765a4156b57f9f7e263fdd26c
Signed-off-by: Tzafrir Cohen <tzafrir.cohen@xorcom.com>
This patch allows for having app_confbridge register the name of the
conference as an extension into a specific context, similar to
regcontext for chan_sip. This variant is not quite as involved as the
one in chan_sip and doesn't allow for multiple contexts or custom
extensions, you can only specify the context and the conference name
will always be used as the extension to register.
ASTERISK-25989 #close
Change-Id: Icacf94d9f2b5dfd31ef36f6cb702392619a7902f
Note: When packagers use these files (as an example) the paths are never
really used when they are split using '='.
Note: Thirdparty applications will also have trouble parsing the file when
expecting '=>'.
Change-Id: I0ada647f588e81f023fb1333ca15a1a333fd6004
A feature of chan_sip that service providers relied upon was the ability to
identify by the Authorization username. This is most often used when customers
have a PBX that needs to register rather than identify by IP address. From my
own experiance, this is pretty common with small businesses who otherwise
don't need a static IP.
In this scenario, a register from the customer's PBX may succeed because From
will usually contain the PBXs account id but an INVITE will contain the caller
id. With nothing recognizable in From, the service provider's Asterisk can
never match to an endpoint and the INVITE just stays unauthorized.
The fixes:
A new value "auth_username" has been added to endpoint/identify_by that
will use the username and digest fields in the Authorization header
instead of username and domain in the the From header to match an endpoint,
or the To header to match an aor. This code as added to
res_pjsip_endpoint_identifier_user rather than creating a new module.
Although identify_by was always a comma-separated list, there was only
1 choice so order wasn't preserved. So to keep the order, a vector was added
to the end of ast_sip_endpoint. This is only used by res_pjsip_registrar
to find the aor. The res_pjsip_endpoint_identifier_* modules are called in
globals/endpoint_identifier_order.
Along the way, the logic in res_pjsip_registrar was corrected to match
most-specific to least-specific as res_pjsip_endpoint_identifier_user does.
The order is:
username@domain
username@domain_alias
username
Auth by username does present 1 problem however, the first INVITE won't have
an Authorization header so the distributor, not finding a match on anything,
sends a securty_alert. It still sends a 401 with a challenge so the next
INVITE will have the Authorization header and presumably succeed. As a result
though, that first security alert is actually a false alarm.
To address this, a new feature has been added to pjsip_distributor that keeps
track of unidentified requests and only sends the security alert if a
configurable number of unidentified requests come from the same IP in a
configurable amout of time. Those configuration options have been added to
the global config object. This feature is only used when auth_username
is enabled.
Finally, default_realm was added to the globals object to replace the hard
coded "asterisk" used when an endpoint is not yet identified.
The testsuite tests all pass but new tests are forthcoming for this new
feature.
ASTERISK-25835 #close
Reported-by: Ross Beer
Change-Id: I30ba62d208e6f63439600916fcd1c08a365ed69d
This patch added new global pjsip option 'disable_multi_domain'.
Disabling Multi Domain can improve Realtime performance by reducing
number of database requests.
ASTERISK-25930 #close
Change-Id: I2e7160f3aae68475d52742107949a799aa2c7dc7
res_pjsip_mwi was missing the chan_sip "vmexten" functionality which adds
the Message-Account header to the MWI NOTIFY. Also, specifying mailboxes
on endpoints for unsolicited mwi and on aors for subscriptions required
that the admin know in advance which the client wanted. If you specified
mailboxes on the endpoint, subscriptions were rejected even if you also
specified mailboxes on the aor.
Voicemail extension:
* Added a global default_voicemail_extension which defaults to "".
* Added voicemail_extension to both endpoint and aor.
* Added ast_sip_subscription_get_dialog for support.
* Added ast_sip_subscription_get_sip_uri for support.
When an unsolicited NOTIFY is constructed, the From header is parsed, the
voicemail extension from the endpoint is substituted for the user, and the
result placed in the Message-Account field in the body.
When a subscribed NOTIFY is constructed, the subscription dialog local uri
is parsed, the voicemail_extension from the aor (looked up from the
subscription resource name) is substituted for the user, and the result
placed in the Message-Account field in the body.
If no voicemail extension was defined, the Message-Account field is not added
to the NOTIFY body.
mwi_subscribe_replaces_unsolicited:
* Added mwi_subscribe_replaces_unsolicited to endpoint.
The previous behavior was to reject a subscribe if a previous internal
subscription for unsolicited MWI was found for the mailbox. That remains the
default. However, if there are mailboxes also set on the aor and the client
subscribes and mwi_subscribe_replaces_unsolicited is set, the existing internal
subscription is removed and replaced with the external subscription. This
allows an admin to configure mailboxes on both the endpoint and aor and allows
the client to select which to use.
ASTERISK-25865 #close
Reported-by: Ross Beer
Change-Id: Ic15a9415091760539c7134a5ba3dc4a6a1217cea
There were a number of places in the res_pjsip stack that were getting
all endpoints or all aors, and then filtering them locally.
A good example is pjsip_options which, on startup, retrieves all
endpoints, then the aors for those endpoints, then tests the aors to see
if the qualify_frequency is > 0. One issue was that it never did
anything with the endpoints other than retrieve the aors so we probably
could have skipped a step and just retrieved all aors. But nevermind.
This worked reasonably well with local config files but with a realtime
backend and thousands of objects, this was a nightmare. The issue
really boiled down to the fact that while realtime supports predicates
that are passed to the database engine, the non-realtime sorcery
backends didn't.
They do now.
The realtime engines have a scheme for doing simple comparisons. They
take in an ast_variable (or list) for matching, and the name of each
variable can contain an operator. For instance, a name of
"qualify_frequency >" and a value of "0" would create a SQL predicate
that looks like "where qualify_frequency > '0'". If there's no operator
after the name, the engines add an '=' so a simple name of
"qualify_frequency" and a value of "10" would return exact matches.
The non-realtime backends decide whether to include an object in a
result set by calling ast_sorcery_changeset_create on every object in
the internal container. However, ast_sorcery_changeset_create only does
exact string matches though so a name of "qualify_frequency >" and a
value of "0" returns nothing because the literal "qualify_frequency >"
doesn't match any name in the objset set.
So, the real task was to create a generic string matcher that can take a
left value, operator and a right value and perform the match. To that
end, strings.c has a new ast_strings_match(left, operator, right)
function. Left and right are the strings to operate on and the operator
can be a string containing any of the following: = (or NULL or ""), !=,
>, >=, <, <=, like or regex. If the operator is like or regex, the
right string should be a %-pattern or a regex expression. If both left
and right can be converted to float, then a numeric comparison is
performed, otherwise a string comparison is performed.
To use this new function on ast_variables, 2 new functions were added to
config.c. One that compares 2 ast_variables, and one that compares 2
ast_variable lists. The former is useful when you want to compare 2
ast_variables that happen to be in a list but don't want to traverse the
list. The latter will traverse the right list and return true if all
the variables in it match the left list.
Now, the backends' fields_cmp functions call ast_variable_lists_match
instead of ast_sorcery_changeset_create and they can now process the
same syntax as the realtime engines. The realtime backend just passes
the variable list unaltered to the engine. The only gotcha is that
there's no common realtime engine support for regex so that's been noted
in the api docs for ast_sorcery_retrieve_by_fields.
Only one more change to sorcery was done... A new config flag
"allow_unqualified_fetch" was added to reg_sorcery_realtime.
"no": ignore fetches if no predicate fields were supplied.
"error": same as no but emit an error. (good for testing)
"yes": allow (the default);
"warn": allow but emit a warning. (good for testing)
Now on to res_pjsip...
pjsip_options was modified to retrieve aors with qualify_frequency > 0
rather than all endpoints then all aors. Not only was this a big
improvement in realtime retrieval but even for config files there's an
improvement because we're not going through endpoints anymore.
res_pjsip_mwi was modified to retieve only endpoints with something in
the mailboxes field instead of all endpoints then testing mailboxes.
res_pjsip_registrar_expire was completely refactored. It was retrieving
all contacts then setting up scheduler entries to check for expiration.
Now, it's a single thread (like keepalive) that periodically retrieves
only contacts whose expiration time is < now and deletes them. A new
contact_expiration_check_interval was added to global with a default of
30 seconds.
Ross Beer reports that with this patch, his Asterisk startup time dropped
from around an hour to under 30 seconds.
There are still objects that can't be filtered at the database like
identifies, transports, and registrations. These are not going to be
anywhere near as numerous as endpoints, aors, auths, contacts however.
Back to allow_unqualified_fetch. If this is set to yes and you have a
very large number of objects in the database, the pjsip CLI commands
will attempt to retrive ALL of them if not qualified with a LIKE.
Worse, if you type "pjsip show endpoint <tab>" guess what's going to
happen? :) Having a cache helps but all the objects will have to be
retrieved at least once to fill the cache. Setting
allow_unqualified_fetch=no prevents the mass retrieve and should be used
on endpoints, auths, aors, and contacts. It should NOT be used for
identifies, registrations and transports since these MUST be
retrieved in bulk.
Example sorcery.conf:
[res_pjsip]
endpoint=config,pjsip.conf,criteria=type=endpoint
endpoint=realtime,ps_endpoints,allow_unqualified_fetch=error
ASTERISK-25826 #close
Reported-by: Ross Beer
Tested-by: Ross Beer
Change-Id: Id2691e447db90892890036e663aaf907b2dc1c67
The 'reload' mechanism actually involves closing the underlying
socket and calling the appropriate udp, tcp or tls start functions
again. Only outbound_registration, pubsub and session needed work
to reset the transport before sending requests to insure that the
pjsip transport didn't get pulled out from under them.
In my testing, no calls were dropped when a transport was changed
for any of the 3 transport types even if ip addresses or ports were
changed. To be on the safe side however, a new transport option was
added (allow_reload) which defaults to 'no'. Unless it's explicitly
set to 'yes' for a transport, changes to that transport will be ignored
on a reload of res_pjsip. This should preserve the current behavior.
Change-Id: I5e759850e25958117d4c02f62ceb7244d7ec9edf
Previously you could add [!dnid] to the SIP dial string to alter the To:
header. This change allows you to alter the From header as well.
SIP dial string extra options now look like this:
[![touser[@todomain]][![fromuser][@fromdomain]]]
INCOMPATIBLE CHANGE: If you were using an exclamation mark in your To:
header, that is no longer possible.
ASTERISK-25803 #close
Change-Id: I2457e9ba7a89eb1da22084bab5a4d4328e189db7
Warnings and errors in the pjproject libraries are generally handled by
Asterisk. In many cases, Asterisk wouldn't even consider them to be warnings
or errors so the messages emitted by pjproject directly are either superfluous
or misleading. A good exampe of this are the level-0 errors pjproject emits
when it can't open a TCP/TLS socket to a client to send an OPTIONS. We don't
consider a failure to qualify a UDP client an "ERROR", why should a TCP/TLS
client be treated any differently?
A config file for res_pjproject has bene added (pjproject.conf) and a new
log_mappings object allows mapping pjproject levels to Asterisk levels
(or nothing). The defaults if no pjproject.conf file is found are the same
as those that were hard-coded into res_pjproject initially: 0,1 = LOG_ERROR,
2 = LOG_WARNING, 3,4,5 = LOG_DEBUG<level>
Change-Id: Iba7bb349c70397586889b8f45b8c3d6c6c8c3898
* changes:
app_confbridge: Add ability to get the muted conference state.
app_confbridge.c: Update CONFBRIDGE and CONFBRIDGE_INFO documentation.
app_confbridge: Make non-admin users join a muted conference muted.
During ICE negotiation the IPs of the local interfaces are sent to the remote
peer as host candidates. In many cases Asterisk is behind a static one-to-one
NAT, so these host addresses will be internal IP addresses.
To help in hiding the topology of the internal network, this patch adds the
ability to override the host candidates by matching them against a
user-defined list of replacements.
Change-Id: I1c9541af97b83a4c690c8150d19bf7202c8bff1f
This change exposes the configuration of various aspects of the TLS
support and sets the default to the modern standards.
The TLS cipher is now set to the best values according to the
Mozilla OpSec team, different TLS versions can now be disabled, and
the cipher order can be forced to be that of the server instead of
the client.
ASTERISK-24972 #close
Change-Id: I0a10f2883f7559af5e48dee0901251dbf30d45b8
Chris-Savinovich
Joshua Colp
Kirsty Tyerman
Friendly Automation
Matt Jordan
George Joseph
Rodrigo Ramírez Norambuena
Dan Cropp
Torrey Searle
Sean Bright
Kevin Harwell
Alexei Gradinari
David M. Lee
Corey Farrell
Richard Mudgett
Nick French
Ben Ford
Matthew Fredrickson
Tzafrir Cohen
ghjm
Alexander Traud
Nir Simionovich
Andrey Egorov
Mark Michelson
Martin Tomec
Steve Davies
Walter Doekes
zuul
Richard Begg
Daniel Journo
frahaase
Lorenzo Miniero
Sebastian Gutierrez
Sebastien Duthil
Rusty Newton
Michael Walton
Ludovic Gasc (GMLudo)
Aaron An
Timo Teräs
Tzafrir Cohen
Jaco Kroon
Diederik de Groot
George Joseph
Leif Madsen
Philip Correia
Walter Doekes