If set_outbound_initial_authentication_credentials() fails,
handle_client_registration() bails early without creating or
sending a register message.
[set_outbound_initial_authentication_credentials() failures
can occur during the process of retrieving an oauth access
token.]
The return from handle_client_registration is ignored, so
returning an error doesn't do any good.
This is a real problem when the registration request is a
re-register, because then the registration will still be
marked 'active' despite the re-register never being sent at all.
So instead, log a warning but let the registration be created
and sent (and probably fail) and follow the normal registration
failed retry/abort logic.
ASTERISK-29315 #close
Change-Id: I2e03b1ea7fba1fa1a8279086aa4b17679e7fa7fa
New responses sent within a PJSIP sessions are based on those that were
sent before. Therefore, adding/modifying a header once causes it to be
sent on all responses that follow.
Sending 181 Call Is Being Forwarded many times first adds "histinfo"
duplicated more and more, and eventually overflows past the array
boundary.
This commit adds a check preventing adding "histinfo" more than once,
and skipping it if there is no more space in the header.
Similar overflow situations can also occur in res_pjsip_path and
res_pjsip_outbound_registration so those were also modified to
check the bounds and suppress duplicate Supported values.
ASTERISK-29227
Reported by: Ivan Poddubny
Change-Id: Id43704a1f1a0293e35cc7f844026f0b04f2ac322
This reverts commit 2fe76dd816.
Reason for revert: Too many issues reported. Need to research and correct.
ASTERISK-29230
ASTERISK-29231
Reported by: Michael Maier
Change-Id: I6453af680e17d8ffe7af2c5de7e1b2a58c8793cb
* Instead of using the pjproject timer heap, we now use our own
pjsip_scheduler. This allows us to more easily debug and allows us to
see times in "pjsip show/list registrations" as well as being able to
see the registrations in "pjsip show scheduled_tasks".
* Added the last registration time, registration interval, and the next
registration time to the CLI output.
* Removed calls to pjsip_regc_info() except where absolutely necessary.
Most of the calls were just to get the server and client URIs for log
messages so we now just save them on the client_state object when we
create it.
* Added log messages where needed and updated most of the existong ones
to include the registration object name at the start of the message.
Change-Id: I4534a0fc78c7cb69f23b7b449dda9748c90daca2
In order to retry outbound registrations for some situations, we
need access to the tdata from the original request. For instance,
for 401/407 responses we need it to properly construct the
subsequent request with the authentication. We also need it if
we're iterating over a DNS SRV response record set so we can skip
entries we've already tried.
We've been getting the tdata from the server response rdata and
transaction but that only works for the failures where there was
actually a response (4XX, 5XX, etc). For timeouts there's no
response and therefore no rdata or transaction from which to get
the tdata. When processing a single A/AAAA record for a server,
this wasn't an issue as we just retried that same server after the
retry timer expired. If we got an SRV record set for the server
though, without the state from the tdata, we just kept trying the
first entry in the set repeatedly instead of skipping to the next
one in the list.
* Added a "last_tdata" member to the client state structure to keep
track of the sent tdata.
* Updated registration_client_send() to save the tdata it used into
the client_state.
* Updated sip_outbound_registration_response_cb() to use the tdata
saved in client_state when we don't get a response from the
server. We still use the tdata from the transaction when we DO
get a response from the server so we can properly handle 4XX
responses where our new request depends on it.
General note on timeouts:
Although res_pjsip_outbound_registration skips to the next record
immediately when a timeout occurs during SRV set traversal, it's
pjproject that determines how long to wait before a timeout is
declared. As with other SIP message types, pjproject will continue
trying the same server at an interval specified by "timer_t1" until
"timer_b" expires. Both of those timers are set in the pjsip.conf
"system" section.
ASTERISK-28746
Change-Id: I199b8274392d17661dd3ce3b4d69a3968368fa06
If the "max_retries" option is set to 0 then upon failure no
further attemps are made, so explicitly document the behavior.
ASTERISK-28602
Change-Id: I1e30daae9dd6c49ce18744164214d3def505acbf
Replace usage of ao2_container_alloc with ao2_container_alloc_hash or
ao2_container_alloc_list. Remove ao2_container_alloc macro.
Change-Id: I0907d78bc66efc775672df37c8faad00f2f6c088
This change adds the ability for subscriptions to indicate
which message types they are interested in accepting. By
doing so the filtering is done before being dispatched
to the subscriber, reducing the amount of work that has
to be done.
This is optional and if a subscriber does not add
message types they wish to accept and set the subscription
to selective filtering the previous behavior is preserved
and they receive all messages.
There is also the ability to explicitly force the reception
of all messages for cases such as AMI or ARI where a large
number of messages are expected that are then generically
converted into a different format.
ASTERISK-28103
Change-Id: I99bee23895baa0a117985d51683f7963b77aa190
This change implements a few different generic things which were brought
on by Google Voice SIP.
1. The concept of flow transports have been introduced. These are
configurable transports in pjsip.conf which can be used to reference a
flow of signaling to a target. These have runtime configuration that can
be changed by the signaling itself (such as Service-Routes and
P-Preferred-Identity). When used these guarantee an individual connection
(in the case of TCP or TLS) even if multiple flow transports exist to the
same target.
2. Service-Routes (RFC 3608) support has been added to the outbound
registration module which when received will be stored on the flow
transport and used for requests referencing it.
3. P-Associated-URI / P-Preferred-Identity (RFC 3325) support has been
added to the outbound registration module. If a P-Associated-URI header
is received it will be used on requests as the P-Preferred-Identity.
4. Configurable outbound extension support has been added to the outbound
registration module. When set the extension will be placed in the
Supported header.
5. Header parameters can now be configured on an outbound registration
which will be placed in the Contact header.
6. Google specific OAuth / Bearer token authentication
(draft-ietf-sipcore-sip-authn-02) has been added to the outbound
registration module.
All functionality changes are controlled by pjsip.conf configuration
options and do not affect non-configured pjsip endpoints otherwise.
ASTERISK-27971 #close
Change-Id: Id214c2d1c550a41fcf564b7df8f3da7be565bd58
ast_sip_push_task_synchronous() did not necessarily execute the passed in
task under the specified serializer. If the current thread is any
registered pjsip thread then it would execute the task immediately instead
of under the specified serializer. Reentrancy issues could result if the
task does not execute with the right serializer.
The original reason ast_sip_push_task_synchronous() checked to see if the
current thread was a registered pjsip thread was because of a deadlock
with masquerades and the channel technology's fixup callback
(ASTERISK_22936). A subsequent masquerade deadlock fix (ASTERISK_24356)
involving call pickups avoided the original deadlock situation entirely.
The PJSIP channel technology's fixup callback no longer needed to call
ast_sip_push_task_synchronous().
However, there are a few places where this unexpected behavior is still
required to avoid deadlocks. The pjsip monitor thread executes callbacks
that do calls to ast_sip_push_task_synchronous() that would deadlock if
the task were actually pushed to the specified serializer. I ran into one
dealing with the pubsub subscriptions where an ao2 destructor called
ast_sip_push_task_synchronous().
* Split ast_sip_push_task_synchronous() into
ast_sip_push_task_wait_servant() and ast_sip_push_task_wait_serializer().
ast_sip_push_task_wait_servant() has the old behavior of
ast_sip_push_task_synchronous(). ast_sip_push_task_wait_serializer() has
the new behavior where the task is always executed by the specified
serializer or a picked serializer if one is not passed in. Both functions
behave the same if the current thread is not a SIP servant.
* Redirected ast_sip_push_task_synchronous() to
ast_sip_push_task_wait_servant() to preserve API for released branches.
ASTERISK_26806
Change-Id: Id040fa42c0e5972f4c8deef380921461d213b9f3
A deadlock can happen when the PJSIP monitor thread is shutting down a
connection oriented transport (TCP/TLS) used by a subscription at the same
time as another thread tries to send something for that subscription. The
deadlock is between the pjsip monitor thread attempting to get the dialog
lock and another thread sending something for that dialog when it tries to
get the transport manager lock.
* res_pjsip_pubsub.c: Avoid the deadlock by pushing the subscription
removal to the subscription serializer.
* res_pjsip_registrar.c: Pushed off incoming registration contact removals
to a default serializer as a precaution. Removing the contacts involves
sorcery access which in this case will involve database access. Depending
upon the setup, the database may not be on the same machine and could take
awhile. We don't want to hold up the pjsip monitor thread with
potentially long access times.
ASTERISK-27706
Change-Id: I56b647aea565f24dba33e9e5ebeed4cd3f31f8c4
In an earlier release, inbound registrations on a reliable transport
were pruned on Asterisk restart since the TCP connection would have
been torn down and become unusable when Asterisk stopped. This same
process is now also applied to inbound subscriptions.
Also fixed issues in res_pjsip_registrar where it wasn't handling the
monitoring correctly when multiple registrations came in over the same
transport.
To accomplish this, the pjsip_transport_event feature needed to
be refactored to allow multiple monitors (multiple subcriptions or
registrations from the same endpoint) to exist on the same transport.
Since this changed the API, any external modules that may have used the
transport monitor feature (highly unlikey) will need to be changed.
ASTERISK-27612
Reported by: Ross Beer
Change-Id: Iee87cf4eb9b7b2b93d5739a72af52d6ca8fbbe36
This removes references that are no longer needed due to automatic
references created by module dependencies.
In addition this removes most calls to ast_module_check as they were
checking modules which are listed as dependencies.
Change-Id: I332a6e8383d4c72c8e89d988a184ab8320c4872e
I've audited all modules that include any header which includes
asterisk/optional_api.h. All modules which use OPTIONAL_API now declare
those dependencies in AST_MODULE_INFO using requires or optional_modules
as appropriate.
In addition ARI dependency declarations have been reworked. Instead of
declaring additional required modules in res/ari/resource_*.c we now add
them to an optional array "requiresModules" in api-docs for each module.
This allows the AST_MODULE_INFO dependencies to include those missing
modules.
Change-Id: Ia0c70571f5566784f63605e78e1ceccb4f79c606
* Declare 'requires' and 'enhances' text fields on module info structure.
* Rename 'nonoptreq' to 'optional_modules'.
* Update doxygen comments.
Still need to investigate dependencies among modules I cannot compile.
Change-Id: I3ad9547a0a6442409ff4e352a6d897bef2cc04bf
Incoming requests with non sip(s) URIs in the Request, To, From
or Contact URIs are now rejected with
PJSIP_SC_UNSUPPORTED_URI_SCHEME (416). This is performed in
pjsip_message_filter (formerly pjsip_message_ip_updater) and is
done at pjproject's "TRANSPORT" layer before a request can even
reach the distributor.
URIs read by res_pjsip_outbound_publish from pjsip.conf are now
also checked for both length and sip(s) scheme. Those URIs read
by outbound registration and aor were already being checked for
scheme but their error messages needed to be updated to include
scheme failure as well as length failure.
Change-Id: Ibb2f9f1d2dc7549da562af4cbd9156c44ffdd460
The fix for the issue is broken up into three parts.
This is part three which handles the client side of REGISTER requests.
The registered contact may no longer be valid on the server when the
transport used is reliable and the connection is broken.
* Re-REGISTER our contact if the reliable transport is broken after
registration completes. We attempt to re-REGISTER immediately to minimize
the time we are unreachable. Time may have already passed between the
connection being broken and the loss being detected.
* Reorder sip_outbound_registration_state_alloc() so the STATSD_GUAGE's
are still correct if an allocation failure happens.
ASTERISK-27147
Change-Id: I3668405b1ee75dfefb07c0d637826176f741ce83
* Remove unnecessary CMP_STOP.
* In handle_client_registration() use DEBUG_ATLEAST() to only do work
needed for the debug log message when the debug log message is needed.
* In sip_outbound_registration_state_destroy() check state->registration
for NULL.
Change-Id: I656d0fa11dda0b00048103efb1558e67a426fd80
In all non-pbx modules, AST_MODULE_LOAD_FAILURE has been changed
to AST_MODULE_LOAD_DECLINE. This prevents asterisk from exiting
if a module can't be loaded. If the user wishes to retain the
FAILURE behavior for a specific module, they can use the "require"
or "preload-require" keyword in modules.conf.
A new API was added to logger: ast_is_logger_initialized(). This
allows asterisk.c/check_init() to print to the error log once the
logger subsystem is ready instead of just to stdout. If something
does fail before the logger is initialized, we now print to stderr
instead of stdout.
Change-Id: I5f4b50623d9b5a6cb7c5624a8c5c1274c13b2b25
This change adds a PJSIP patch (which has been contributed upstream)
to allow the registration of IPv6 transport types.
Using this the res_pjsip_transport_websocket module now registers
an IPv6 Websocket transport and uses it for the corresponding
traffic.
ASTERISK-26685
Change-Id: Id1f9126f995b31dc38db8fdb58afd289b4ad1647
Outbound registration now subscribes to network change events
published by res_stun_monitor and refreshes all registrations
when an event happens.
The 'pjsip send (un)register' CLI commands were updated to accept
'*all' as an argument to operate on all registrations.
The 'PJSIP(Un)Register' AMI commands were also updated to
accept '*all'.
ASTERISK-26808 #close
Change-Id: Iad58a9e0aa5d340477fca200bf293187a6ca5a25
This change updates the documentation for the outbound_proxy option
to ensure it is consistently stated that a full SIP URI must be
provided for the option.
The res_pjsip_outbound_registration module has also been changed so
that the provided outbound_proxy value is checked to ensure it is a
URI and if not an error is output stating so.
ASTERISK-26782
Change-Id: I6c239a32274846fd44e65b44ad9bf6373479b593
Using the same auth section for inbound and outbound authentication is not
recommended. There is a difference in meaning for an empty realm setting
between inbound and outbound authentication uses.
An empty inbound auth realm represents the global section's default_realm
value when the authentication object is used to challenge an incoming
request. An empty outgoing auth realm is treated as a don't care wildcard
when the authentication object is used to respond to an incoming
authentication challenge.
ASTERISK-26799
Change-Id: Id3952f7cfa1b6683b9954f2c5d2352d2f11059ce
Increasing the testsuite shutdown timeout before forcibly killing
Asterisk allowed more events to be sent out. Some tests failed as
a result. The tests/channels/pjsip/statsd/registrations failed
because we now get the statsd events that a comment in the test
configuration stated couldn't be intercepted. Unfortunately, we
get a variable number of events because of internal status state
transition races generating redundant statsd events.
We were reporting redundant statsd PJSIP.registrations.state changes
for internal state changes that equated to the same thing publicly.
* Made update_client_state_status() filter out redundant statsd
updates.
ASTERISK-26527
Change-Id: If851c7d514bb530d9226e4941ba97dcf52000646
Nothing was cleaning up the registration state object when ast_sorcery_delete
was called on a registration. So, the registration was deleted from sorcery
but the state object went right on refreshing the registration (or failing
to refresh the registration) with the peer.
* Added a 'deleted' observer on registration that removes the state object.
ASTERISK-25964 #close
Reported-by Matt Jordan
Change-Id: I2db792145cdb1f72ebbf57dd9099596dbbf12c23
There are two types of SIP URIs indicating a secure transport:
* sips:user@example.org
* sip:user@example.org;transport=tls
When using a sips URI, Asterisk checks incoming INVITEs and answers from
the other side for sips URIs, and rejects the packet if there are only
sip URIs. So Asterisk should only generate a sips Contact URI if the
other side supports it.
This patch makes Asterisk generate either a sip or sips Contact URI
depending on the format of the server URI.
If you want a sip URI, use:
server_uri=sip:example.org\;transport=tls
If you want a sips URI, use:
server_uri=sips:example.org
ASTERISK-25990 #close
Reported-by: Sebastian Damm
Change-Id: I5ae57d6531ce940b5fc64d5cd2673e60db0f9ba2
Due to some ignored return values, Asterisk could crash if processing an
incoming REGISTER whose contact URI was above a certain length.
ASTERISK-25707 #close
Reported by George Joseph
Patches:
0001-res_pjsip-Validate-that-URIs-don-t-exceed-pjproject-.patch
AST-2016-004
Change-Id: I3ea7cee16f29c8088794de3085ca7523c1c4833d
The 'reload' mechanism actually involves closing the underlying
socket and calling the appropriate udp, tcp or tls start functions
again. Only outbound_registration, pubsub and session needed work
to reset the transport before sending requests to insure that the
pjsip transport didn't get pulled out from under them.
In my testing, no calls were dropped when a transport was changed
for any of the 3 transport types even if ip addresses or ports were
changed. To be on the safe side however, a new transport option was
added (allow_reload) which defaults to 'no'. Unless it's explicitly
set to 'yes' for a transport, changes to that transport will be ignored
on a reload of res_pjsip. This should preserve the current behavior.
Change-Id: I5e759850e25958117d4c02f62ceb7244d7ec9edf
Attempting to load a transport from realtime was forcing asterisk into an
infinite recursion loop. The first thing transport_apply did was to do a
sorcery retrieve by id for an existing transport of the same name. For files,
this just returns the previous object from res_sorcery_config's internal
container, if any. For realtime, the res_sourcery_realtime driver looks in the
database and finds the existing row but now it has to rehydrate it into a
sorcery object which means calling... transport_apply. And so it goes.
The main issue with loading from realtime (apart from the loop) was that
transport stores structures and pointers directly in the ast_sip_transport
structure instead of the separate ast_transport_state structure. This patch
separates those items into the ast_sip_transport_state structure. The pattern
is roughly the same as res_pjsip_outbound_registration.
Although all current usages of ast_sip_transport and ast_sip_transport_state
were modified to use the new ast_sip_get_transport_state API, the original
items are left in ast_sip_transport and kept updated to maintain ABI
compatability for third-party modules. They are marked as deprecated and
noted that they're now in ast_sip_transport_state.
ASTERISK-25606 #close
Reported-by: Martin Moučka
Change-Id: Ic7a836ea8e786e8def51fe3f8cce855ea54f5f19
This patch adds outbound registration statistics for StatsD. This includes
the following:
* A GUAGE metric for the overall count of outbound registrations.
* A GUAGE metric for each state an outbound registration can be in. As the
outbound registrations change state, the overall count of how many
outbound registrations are in the particular state is changed.
These statistics are particularly useful for systems with a large number of
SIP trunks, and where measuring the change in state of the trunks is useful
for monitoring.
ASTERISK-25571
Change-Id: Iba6ff248f5d1c1e01acbb63e9f0da1901692eb37
When Asterisk is configured to use a dynamic sorcery backend (such as
res_sorcery_astdb) with 'registration' objects, it will fail to create the
internal state objects associated with the registration objects on module
load. This is due to nothing actually querying for the specific objects
and calling their sorcery apply handler during module load.
This patch fixes that by calling get_registrations in the sorcery observer's
object_type_loaded handler. Doing this causes the sorcery backends to be
asked for the current state of all registration objects, which causes the
apply handler to be called and the internal run-time state to be created.
ASTERISK-25575 #close
Change-Id: Ie9306e797098c6d4da7bcf4a5434a15891508b23
Receiving a 423 Interval Too Brief response after authentication for an
outbound registration attempt results in assuming that the registrar has
rejected the registration permanently. If there are no configured retries
for fatal responses then the outbound registration is stopped for that
endpoint.
For registrations, PJSIP/PJPROJECT intercepts the handling of 423
responses and does not include any authentication in the updated
registration request. When the updated request is challenged then the
Asterisk code assumes that we were challenged again because the peer
rejected the authentication we sent earlier.
* Made registration challenges keep track of the CSeq number to determine
if the received challenge response was for the request we thought we sent.
If the response's CSeq number differs from the CSeq number we last sent
with authentication then authenticate again because it is a challenge to a
different request.
Change-Id: I81b4bd36d1be095bab606e34b8b44e6302971b09
Add the ability to filter output from pjsip list and show commands
using the "like" predicate like chan_sip.
For endpoints, aors, auths, registrations, identifyies and transports,
the modification was a simple change of an ast_sorcery_retrieve_by_fields
call to ast_sorcery_retrieve_by_regex. For channels and contacts a
little more work had to be done because neither of those objects are
true sorcery objects. That was just removing the non-matching object
from the final container. Of course, a little extra plumbing in the
common pjsip_cli code was needed to parse the "like" and pass the regex
to the get_container callbacks.
Some of the get_container code in res_pjsip_endpoint_identifier was also
refactored for simplicity.
ASTERISK-25477 #close
Reported by: Bryant Zimmerman
Tested by: George Joseph
Change-Id: I646d9326b778aac26bb3e2bcd7fa1346d24434f1
During outbound registration it is possible to receive a fatal (any permanent/
non-temporary 4xx, 5xx, 6xx) response from the registrar that is simply due
to a problem with the registrar itself. Upon receiving the failure response
Asterisk terminates outbound registration for the given endpoint.
This patch adds an option, 'fatal_retry_interval', that when set continues
outbound registration at the given interval up to 'max_retries' upon receiving
a fatal response.
ASTERISK-25485 #close
Change-Id: Ibc2c7b47164ac89cc803433c0bbe7063bfa143a2
Alexander Traud
Josh Soref
Nick French
Ivan Poddubnyi
George Joseph
Kevin Harwell
Joshua Colp
Corey Farrell
Nick French
Richard Mudgett
Jenkins2
Sebastian Damm
Mark Michelson
George Joseph
David M. Lee
Matt Jordan