pjsip_distributor leaks references to fake_auth when the default realm
has not changed.
ASTERISK-27306
Change-Id: I3fcf103b3680ad2d1d4610dcd6738eeaebf4d202
Currently privacy requests are only granted if the Privacy header
value is exactly "id" (defined in RFC 3325). It ignores any other
possible value (or a combination there of). This patch reverses the
logic from testing for "id" to grant privacy, to testing for "none" and
granting privacy for any other value. "none" must not be used in
combination with any other value (RFC 3323 section 4.2).
ASTERISK-27284 #close
Change-Id: If438a21f31a962da32d7a33ff33bdeb1e776fe56
When we are loading the calendars, we call libical's
icalcomponent_foreach_recurrence method for each VEVENT component that
we have in our calendar.
That method has no knowledge concerning the existence of the other
VEVENT components and will feed our callback with all ocurrences
matching the requested time span.
The occurrences generated by icalcomponent_foreach_recurrence while
expanding a recurring VEVENT's RRULE and RDATE properties can be
superceded by an other VEVENT sharing the same UID.
I use an external iterator (in libical terminology) to avoid messing
with the internal ones from the calling function, and search for
VEVENTS which could supersede the current occurrence.
The event which can invalidate this occurence needs to have:
- the same UID as our recurrent component (comp)
- a RECURRENCE-ID property, which represents the start time of this
occurrence
If one component is found, just clean and return.
ASTERISK-27296 #close
Reported by: Benoît Dereck-Tricot
Change-Id: I8587ae3eaa765af7cb21eda3b6bf84e8a1c87af8
This change adds 'video_sfu' as a requested bridge type when
creating a bridge. By specifying this a mixing type bridge is
created that exchanges video in an SFU fashion.
Change-Id: I2ada47cf5f3fc176518b647c0b4aa39d55339606
The pjsip_publishc_init() call was referenced with a misplaced
parentheses. As a result, outbound publication messages went out with an
expiration of 1 second.
ASTERISK-27298
Change-Id: I93622eabc8ee83e7a22e98c107f921284c605a08
The "res_pjsip: Filter out non SIP(S) requests" commit moved the
filtering of messages to pjproject's PJSIP_MOD_PRIORITY_TRANSPORT_LAYER
in order to filter out incoming bad uri schemes as early as possible.
Since the change affected outgoing messages as well and the TRANSPORT
layer is the last to be run on outgoing messages, we were overwriting
the setting of external_signaling_address (which is set earlier by
res_pjsip_nat) with an internal address.
* pjsip_message_filter now registers itself as a pjproject module
twice. Once in the TSX layer for the outgoing messages (as it was
originally), then a second time in the TRANSPORT layer for the
incoming messages to catch the invalid uri schemes.
ASTERISK-27295
Reported by: Sean Bright
Change-Id: I2c90190c43370f8a9d1c4693a19fd65840689c8c
The bridge_p2p_rtp_write() has potential reentrancy problems.
* Accessing the bridged RTP members must be done with the instance1 lock
held. The DTMF and asymmetric codec checks must be split to be done with
the correct RTP instance struct locked. i.e., They must be done when
working on the appropriate side of the point to point bridge.
* Forcing the RTP mark bit was referencing the wrong side of the point to
point bridge. The set mark bit is used everywhere else to set the mark
bit when sending not receiving.
The patches for ASTERISK_26745 and ASTERISK_27158 did not take into
account that not everything carried by RTP uses a codec. The telephony
DTMF events are not exchanged with a codec. As a result when
RFC2833/RFC4733 sent digits you would crash if "core set debug 1" is
enabled, the DTMF digits would always get passed to the core even though
the local native RTP bridge is active, and the DTMF digits would go out
using the wrong SSRC id.
* Add protection for non-format payload types like DTMF when updating the
lastrxformat and lasttxformat. Also protect against non-format payload
types when checking for asymmetric codecs.
ASTERISK-27292
Change-Id: I6344ab7de21e26f84503c4d1fca1a41579364186
This could have been fixed by subtracting 1 from the final value of
'len' but the way the packet was being constructed was confusing so I
took the opportunity to (I think) make it more clear.
We were sending 1 extra byte at the end of the SDES RTCP packet which
caused Chrome to complain (in its debug log):
Too little data (1 byte) remaining in buffer to parse
RTCP header (4 bytes).
We now send the correct number of bytes.
Change-Id: I9dcf087cdaf97da0374ae0acb7d379746a71e81b
If using a legitimate certificate from a trusted certificate authority,
you don't need to provide CA file.
Change-Id: I8623973b4209b44889243716d7880274caed8a6d
For some scenarios when an outgoing call was made only a subset of the
configured codecs were offered. If the codecs being offered happened to
not have a codec supported by the phone then the call would fail.
For instance Alice and Bob both are configured in Asterisk for g722 and ulaw(
allow=!all,g722,ulaw). Alice's endpoint however only supports g722 while Bob's
only supports ulaw. When Alice calls Bob, Alice negotiates g722 fine with
Asterisk. But when Asterisk sends the outgoing offer to Bob it only contains
g722 and not both g722 and ulaw, so the call ends.
This patch makes it so all the audio codecs configured on the endpoint always
get sent, and not just a subset. However priority is given to those codecs that
are compatible with the "other side".
ASTERISK-27259 #close
Change-Id: Iffabc373bd94cd1dc700925dcfe406e12918c696
When pruning a request to change the topology of a channel be
more intelligent about the resulting topology that is actually
used for SDP renegotiation.
In a case where a stream has not already been negotiated we
don't need to renegotiate and offer a declined stream. This can
occur if something in Asterisk (such as ConfBridge) requests
to add video to a PJSIP channel that has no video codecs configured.
In this case since the stream did not already exist we can safely
remove the stream from the requested topology, resulting in no
renegotiation occurring.
In a case where a renegotiation is requested with a codec that is
not supported we can reuse the formats of the existing stream if
it exists to ensure that the stream continues to flow, instead of
removing it.
Change-Id: I636540798d55922377318fe619c510fb6ed125fb
During a reinvite, if a remote endpoint error occurs and it returns a 500 the
session would end. This patch makes it so the session is not terminated, but
continues as it was.
The reason for this is because some endpoints may send non session terminating
"server errors" like a failed codec negotiation. So in this case instead of
ending the call it can hopefully continue. In the case of a real server error
the session is already "doomed", will be known soon enough and appropriately
ended by Asterisk later.
Change-Id: Ifeedae86b8cb44b92d52c79046522ec5f0aff1d5
When an INVITE came in with both audio and video streams but there
were no audio codecs defined for the endpoint, we weren't declining
the audio stream. Since it's usually the first/transport stream,
when the video stream was processed and tried to use the transport,
it was empty and caused a crash. We now decline the the stream if
there are no matching codecs so when the video stream is processed,
it's now the first/transport stream and processes normally.
Change-Id: Ic854eda54c95031e66b076ecfae3041d34daa692
Assertions in the v15+ AST-2017-008 patches found that we were not
handling the case if the incoming SDP did not specify the required SSRC
attributes for bundled to work.
* Be strict on matching SSRC for bundled instances including the parent
instance. If the SSRC doesn't match then discard the packet. Bundled has
to tell us in the SDP signaling what SSRC to expect. Otherwise, we will
not know how to find the bundled instance structure.
Change-Id: I152830bbff71c662408909042068fada39e617f9
Some endpoints do not like a stream being reused for a new
media stream. The frame/jitterbuffer can rely on underlying
attributes of the media stream in order to order the packets.
When a new stream takes its place without any notice the
buffer can get confused and the media ends up getting dropped.
This change uses the SSRC change to determine that a new source
is reusing an existing stream and then bridge_softmix renegotiates
each participant such that they see a new media stream. This
causes the frame/jitterbuffer to start fresh and work as expected.
ASTERISK-27277
Change-Id: I30ccbdba16ca073d7f31e0e59ab778c153afae07
There was an issue reported where an SDP received on a 183 Session
Progress message caused a crash because the pending streams had
already been processed when the OK was received. In that case the
pending topology was legitimately NULL. There was an assert for an
incorrect number of streams in the topology but not one for
topology being NULL. In any case, if you're not in dev-mode the
asserts don't do anything and since the scenario is legit, the
asserts weren't appropriate anyway.
* Changed several asserts to warning or debug messages and return
codes as appropriate.
ASTERISK-27264
Reported by: Daniel Heckl
Change-Id: I58daaa9d2938fa980857ab3ec41925ab5ff9c848
In PostgreSQL 9.1 the backslash are string literals and not the escape
of characters.
In previous issue ASTERISK_26057 was fixed the use of escape LIKE but the
support for old version of Postgresql than 9.1 was dropped. The sentence
before make was "ESCAPE '\'" but in version before than 9.1 need it to be
as follow "ESCAPE '\\'".
ASTERISK-27283
Change-Id: I96d9ee1ed7693ab17503cb36a9cd72847165f949
When a sip session is refreshed, the stream topology is looped
through, checking each stream for compatible formats. This would
cause a crash if the stream state was AST_STREAM_STATE_REMOVED,
since the formats would never be set for this stream, causing
a NULL value to be returned from ast_stream_get_formats. This
commit adds a check for streams with removed states.
Also removed a stray semicolon.
Change-Id: Ic86f8b65a4a26a60885b28b8b1a0b22e1b471d42
Previously, sRTP authentication failures were reported on log level WARNING.
When such failures happen, each RT(C)P packet is affected, spamming the log.
Now, those failures are reported at log level VERBOSE 2. Furthermore, the
amount is further reduced (previously all two seconds, now all three seconds).
Additionally, the new log entry informs whether media (RTP) or statistics (RTCP)
are affected.
ASTERISK-16898 #close
Change-Id: I6c98d46b711f56e08655abeb01c951ab8e8d7fa0
pubsub_on_rx_notify_request wasn't checking for a null
Content-Type header before checking that it was
application/simple-message-summary.
ASTERISK-27279
Reported by: Ross Beer
Change-Id: Iec2a6c4d2e74af37ff779ecc9fd35644c5c4ea52
ast_variables_destroy is NULL safe, so there is no need to check its
argument before passing it.
ASTERISK-25524 #close
Reported by: Jesper
Change-Id: Ib0f8057642e9d471960f1a79fd42e5a3ce587d3b
Validate RTCP packets before processing them.
* Validate that the received packet is of a minimum length and apply the
RFC3550 RTCP packet validation checks.
* Fixed potentially reading garbage beyond the received RTCP record data.
* Fixed rtp->themssrc only being set once when the remote could change
the SSRC. We would effectively stop handling the RTCP statistic records.
* Fixed rtp->themssrc to not treat a zero value as special by adding
rtp->themssrc_valid to indicate if rtp->themssrc is available.
ASTERISK-27274
Make strict RTP learning more flexible.
Direct media can cause strict RTP to attempt to learn a remote address
again before it has had a chance to learn the remote address the first
time. Because of the rapid relearn requests, strict RTP could latch onto
the first remote address and fail to latch onto the direct media remote
address. As a result, you have one way audio until the call is placed on
and off hold.
The new algorithm learns remote addresses for a set time (1.5 seconds)
before locking the remote address. In addition, we must see a configured
number of remote packets from the same address in a row before switching.
* Fixed strict RTP learning from always accepting the first new address
packet as the new stream.
* Fixed strict RTP to initialize the expected sequence number with the
last received sequence number instead of the last transmitted sequence
number.
* Fixed the predicted next sequence number calculation in
rtp_learning_rtp_seq_update() to handle overflow.
ASTERISK-27252
Change-Id: Ia2d3aa6e0f22906c25971e74f10027d96525f31c
Incoming requests with non sip(s) URIs in the Request, To, From
or Contact URIs are now rejected with
PJSIP_SC_UNSUPPORTED_URI_SCHEME (416). This is performed in
pjsip_message_filter (formerly pjsip_message_ip_updater) and is
done at pjproject's "TRANSPORT" layer before a request can even
reach the distributor.
URIs read by res_pjsip_outbound_publish from pjsip.conf are now
also checked for both length and sip(s) scheme. Those URIs read
by outbound registration and aor were already being checked for
scheme but their error messages needed to be updated to include
scheme failure as well as length failure.
Change-Id: Ibb2f9f1d2dc7549da562af4cbd9156c44ffdd460
* The way that we were looking at XML elements for CalDAV was extremely
fragile, so use SAX2 for increased robustness.
* Don't complain about a 'channel' not be specified if autoreminder is
not set. Assume that if 'channel' is not set, we don't want to be
notified.
* Fix some truncated CLI output in 'calendar show calendar' and make the
'Autoreminder' description a bit more clear
ASTERISK-24588 #close
Reported by: Stefan Gofferje
ASTERISK-25523 #close
Reported by: Jesper
Change-Id: I200d11afca6a47e7d97888f286977e2e69874b2c
A new endpoint parameter "incoming_mwi_mailbox" allows Asterisk to
receive unsolicited MWI NOTIFY requests and make them available to
other modules via the stasis message bus.
res_pjsip_pubsub has a new handler "pubsub_on_rx_mwi_notify_request"
that parses a simple-message-summary body and, if
endpoint->incoming_mwi_account is set, calls ast_publish_mwi_state
with the voice-message counts from the message.
Change-Id: I08bae3d16e77af48fcccc2c936acce8fc0ef0f3c
