The Websocket transport uses the built-in HTTP server. As a result
the TLS configuration is done in http.conf and not in pjsip.conf.
This change adds a warning if this is configured in pjsip.conf and
also clarifies in the sample configuration file.
Change-Id: I187d994d328c3ed274b6754fd4c2a4955bdc6dd9
If we initiated a T.38 reINVITE, we would crash if we received any other
1xx response message except 100 if it were followed by a 200 response.
* Made ignore any 1xx response so we do not close out the T.38 negotiation
too early. For good measure we'll now accept any 2xx response as
acceptance of the reINVITE T.38 offer.
ASTERISK-27944
Change-Id: I0ca88aae708d091db7335af73f41035a212adff4
Incoming publications need to ensure that the module remains
loaded for the lifetime of them. This is now done by holding
a reference to the module while the publication exists. This
mirrors that of inbound subscriptions.
ASTERISK-27783
Change-Id: Ia98c95a15e11af25728d5fb3e56e12cda0cfc7c0
In addition to text/* content types, incoming_in_dialog_request now
accepts application/* content types.
Also fixed a length issue when copying the body text. It was one
character short.
ASTERISK-27942
Change-Id: I4e54d8cc6158dc47eb8fdd6ba0108c6fd53f2818
pjproject by default currently will follow media forked during an INVITE
on outbound calls if the To tag is different on a subsequent response as
that on an earlier response. We handle this correctly. There have
been reported cases where the To tag is the same but we still need to
follow the media. The pjproject patch in this commit adds the
capability to sip_inv and also adds the capability to control it at
runtime. The original "different tag" behavior was always controllable
at runtime but we never did anything with it and left it to default to
TRUE.
So, along with the pjproject patch, this commit adds options to both the
system and endpoint objects to control the two behaviors, and a small
logic change to session_inv_on_media_update in res_pjsip_session to
control the behavior at the endpoint level.
The default behavior for "different tags" remains the same at TRUE and
the default for "same tag" is FALSE.
Change-Id: I64d071942b79adb2f0a4e13137389b19404fe3d6
ASTERISK-27936
Reported-by: Ross Beer
* Fix several instances where we were bumping a ref in the parameter and
then unrefing the object if it failed. The way the AST_VECTOR_APPEND()
and AST_VECTOR_REPLACE() macros are implemented means if it fails the new
value was never evaluated.
Change-Id: I2847872a455b11ea7e5b7ce697c0a455a1d0ac9a
There can be one and only one thread handling a channel's media at a time.
Otherwise, we don't know which thread is going to handle the media frames.
ASTERISK-27625
Change-Id: I4d6a2fe7386ea447ee199003bf8ad681cb30454e
ConfBridge can now send events to participants via in-dialog MESSAGEs.
All current Confbridge events are supported, such as ConfbridgeJoin,
ConfbridgeLeave, etc. In addition to those events, a new event
ConfbridgeWelcome has been added that will send a list of all
current participants to a new participant.
For all but the ConfbridgeWelcome event, the JSON message contains
information about the bridge, such as its id and name, and information
about the channel that triggered the event such as channel name,
callerid info, mute status, and the MSID labels for their audio and
video tracks. You can use the labels to correlate callerid and mute
status to specific video elements in a webrtc client.
To control this behavior, the following options have been added to
confbridge.conf:
bridge_profile/enable_events: This must be enabled on any bridge where
events are desired.
user_profile/send_events: This must be set for a user profile to send
events. Different user profiles connected to the same bridge can have
different settings. This allows admins to get events but not normal
users for instance.
user_profile/echo_events: In some cases, you might not want the user
triggering the event to get the event sent back to them. To prevent it,
set this to false.
A change was also made to res_pjsip_sdp_rtp to save the generated msid
to the stream so it can be re-used. This allows participant A's video
stream to appear as the same label to all other participants.
Change-Id: I26420aa9f101f0b2387dc9e2fd10733197f1318e
Previously, Asterisk used its script ./configure, to test whether OpenSSL was
built with no-srtp (or was simply too old). However, the header file
<openssl/opensslconf.h> is the preferred way to detect the local configuration
of OpenSSL.
As a positive side-effect the script ./configure does not interleave the
detection of the Open Settlement Protocol Toolkit (OSPTK) with the detection of
individual features of OpenSSL anymore.
Change-Id: I3c77c7b00b2ffa2e935632097fa057b9fdf480c0
When endpoint specific ACL rules block a SIP request they respond with a
403 forbidden. However, if an endpoint is not identified then a 401
unauthorized response is sent. This vulnerability just discloses which
requests hit a defined endpoint. The ACL rules cannot be bypassed to gain
access to the disclosed endpoints.
* Made endpoint specific ACL rules now respond with a 401 unauthorized
which is the same as if an endpoint were not identified. The fix is
accomplished by replacing the found endpoint with the artificial endpoint
which always fails authentication.
ASTERISK-27818
Change-Id: Icb275a54ff8e2df6c671a6d9bda37b5d732b3b32
Furthermore, allow OpenSSL configured with no-dh. Additionally, this change
allows auto-negotiation of the elliptic curve/group for servers, not only with
OpenSSL 1.0.2 but also with OpenSSL 1.1.0 and newer. This enables X25519
(since OpenSSL 1.1.0) and X448 (since OpenSSL 1.1.1) as a side-effect.
ASTERISK-27910
Change-Id: I5b0dd47c5194ee17f830f869d629d7ef212cf537
Currentrly pjsip_options code does not handle the situation when the
AOR qualify options were changed.
Also there is no way to find out what qualify options are using.
This patch add CLI commands to show and synchronize Aor qualify options:
pjsip show qualify endpoint <id>
Show the current qualify options for all Aors on the PJSIP endpoint.
pjsip show qualify aor <id>
Show the PJSIP Aor current qualify options.
pjsip reload qualify endpoint <id>
Synchronize the qualify options for all Aors on the PJSIP endpoint.
pjsip reload qualify aor <id>
Synchronize the PJSIP Aor qualify options.
ASTERISK-27872
Change-Id: I1746d10ef2b7954f2293f2e606cdd7428068c38c
Currentrly pjsip_options code does not handle the situation when the
qualify options were changed in realtime database.
Only 'module reload res_pjsip' helps.
This patch add a check on contact add/update observers if the contact
qualify options are different than local aor qualify options.
If the qualify options were modified then synchronize
the pjsip_options AOR local state.
ASTERISK-27872
Change-Id: Id55210a18e62ed5d35a88e408d5fe84a3c513c62
Certain race conditions between changing bridge types and DTMF can
cause the current FLAG_NEED_MARKER_BIT to send the marker bit before
the actual first packet of native bridging.
This logic keeps track of the ssrc the bridge is currently sending
and will correctly ensure the marker bit is set if SSRC as changed
from the previous sent packet.
ASTERISK-27845
Change-Id: I01858bd0235f1e5e629e20de71b422b16f55759b
When RTP was originally created it had the ability to place a single
extension in an RTP packet. In practice people wanted to potentially
put multiple extensions in one and so RFC 5285 (obsoleted by RFC
8285) came into existence. This allows RTP extensions to be negotiated
with a unique identifier to be used in the RTP packet, allowing
multiple extensions to be present in the packet.
This change extends the RTP engine API to add support for this. A
user of it can enable extensions and the API provides the ability to
retrieve the information (to construct SDP for example) and to provide
negotiated information (from SDP). The end result is that the RTP
engine can then query to see if the extension has been negotiated and
what unique identifier is to be used. It is then up to the RTP engine
implementation to construct the packet appropriately.
The first extension to use this support is abs-send-time which is
defined in the REMB draft[1] and is a second timestamp placed in an
RTP packet which is for when the packet has left the sending system.
It is used to more accurately determine the available bandwidth.
ASTERISK-27831
[1] https://tools.ietf.org/html/draft-alvestrand-rmcat-remb-03
Change-Id: I508deac557867b1e27fc7339be890c8018171588
This function originally was used in chan_sip to enable some simplifying
assumptions and eventually was copy and pasted into res_pjsip_logger and
res_hep. Since it's replicated in three places, it's probably best to
move it into the public netsock2 API for these modules to use.
Change-Id: Id52e23be885601c51d70259f62de1a5e59d38d04
Asterisk uses Reference Counting to track whether a module can be unloaded.
Every consumer who requires a module, increases the reference count. When the
consumer goes, is unloaded itself, it has to decrease the reference count on
all its used/required modules. That way
core stop gracefully
works on the command-line interface (CLI): One module after the other is
unloaded. A recent change broke this for the module res_pjsip.
ASTERISK-27861
Change-Id: I261abcb411d026bbb0691cc78f28300bfd3103a3
This fixes build warnings found by GCC 8. In some cases format
truncation is intentional so the warning is just suppressed.
ASTERISK-27824 #close
Change-Id: I724f146cbddba8b86619d4c4a9931ee877995c84
Previously, only an IP address would be accepted for the capture_address config
setting in hep.conf. This change allows capture_address to be a resolvable
hostname or an IP address.
ASTERISK-27796 #close
Reported-By: Sebastian Gutierrez
Change-Id: I33e1a37a8b86e20505dadeda760b861a9ef51f6f
The "ari set debug" code for incoming requests incorrectly assumed
that all requests would contain a body. If one did not exist the
request would be incorrectly rejected. The response that was sent
was also incomplete as an incorrect function was used to construct
the response.
The code has now been changed to no longer require a request to have
a body and the response updated to use the correct function.
ASTERISK-27801
Change-Id: I4eef036ad54550a4368118cc348765ecac25e0f8
* Increase maximum number of ciphers from 100 to 256 (or whatever
PJ_SSL_SOCK_MAX_CIPHERS is #define'd to)
* Simplify logic in cipher_name_to_id()
* Make signed/unsigned comparison consistent
Re: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897412
Reported by: Ondřej Holas
Change-Id: Iea620f03915a1b873e79743154255c3148a514e7
When the local SSRC changes we need to update the SRTP information
so that the proper key is used. This is commonly done as a result
of bridging two channels together. Previously we only updated
the SRTP information if media had already flowed, but in practice
the channel driver may have already performed SRTP negotiation and
set up the previous SSRC. We now always do it on a local SSRC
change.
ASTERISK-27795
ASTERISK-27800
Change-Id: Ia7c8e74c28841388b5244ac0b8fd6c1dc6ee4c10
How it works today:
media_cache tries to parse out the extension of the media file to be played
from the URI provided to Asterisk while caching the file.
What's expected:
Better will be to have Asterisk get extension from other ways too. One of the
common ways is to get the type of content from the CONTENT-TYPE header in the
HTTP response for fetching the media file using the URI provided.
Steps to Reproduce:
Provide a URL of the form: http://host/media/1234 to Asterisk for media
playback. It fails to play and logs show the following error line:
[Sep 15 15:48:05] WARNING [29148] [C-00000092] file.c:
File http://host/media/1234 does not exist in any format
Scenario this issue is blocking:
In the case where the media files are stored in some cloud object store,
following can block the media being played via Asterisk:
Cloud storage generally needs authenticated access to the storage. The way
to do that is by using signed URIs. With the signed URIs there's no way to
preserve the name of the file.
In most cases Cloud storage returns a key to access the object and preserving
file name is also not a thing there
ASTERISK-27286
Reporter: Gaurav Khurana
Change-Id: I1b14692a49b2c1ac67688f58757184122e92ba89
The OPTIONS support in PJSIP has organically grown, like many things in
Asterisk. It has been tweaked, changed, and adapted based on situations
run into. Unfortunately this has taken its toll. Configuration file
based objects have poor performance and even dynamic ones aren't that
great.
This change scraps the existing code and starts fresh with new eyes. It
leverages all of the APIs made available such as sorcery observers and
serializers to provide a better implementation.
1. The state of contacts, AORs, and endpoints relevant to the qualify
process is maintained. This state can be updated by external forces (such
as a device registering/unregistering) and also the reload process. This
state also includes the association between endpoints and AORs.
2. AORs are scheduled and not contacts. This reduces the amount of work
spent juggling scheduled items.
3. Manipulation of which AORs are being qualified and the endpoint states
all occur within a serializer to reduce the conflict that can occur with
multiple threads attempting to modify things.
4. Operations regarding an AOR use a serializer specific to that AOR.
5. AORs and endpoint state act as state compositors. They take input
from lower level objects (contacts feed AORs, AORs feed endpoint state)
and determine if a sufficient enough change has occurred to be fed further
up the chain.
6. Realtime is supported by using observers to know when a contact has
been registered. If state does not exist for the associated AOR then it
is retrieved and becomes active as appropriate.
The end result of all of this is best shown with a configuration file of
3000 endpoints each with an AOR that has a static contact. In the old
code it would take over a minute to load and use all 8 of my cores. This
new code takes 2-3 seconds and barely touches the CPU even while dealing
with all of the OPTIONS requests.
ASTERISK-26806
Change-Id: I6a5ebbfca9001dfe933eaeac4d3babd8d2e6f082