Starting from draft 2 of RFC 5456 (October 23, 2006) plaintext auth
is not supported in IAX2 protocol. Please refer to section 8.6.13 of
RFC 5456.
But plaintext auth is still supported by Asterisk implementation of IAX2.
This support should be dropped.
Patch, based on asterisk-dev discussion, adds deprecation warning on
startup if 'auth' is set to 'plaintext', changes default values of
'auth' from 'md5, plaintext' to 'md5'.
Patch is safe in terms of backwards compatibility, will work even if
remote peers have auth=plaintext and we have defaults.
auth=plaintext setting will remain deprecated in Asterisk 14 and 15,
and IAX2 plaintext support will be removed in Asterisk 16.
ASTERISK-22820 #close
Change-Id: I5d2f3830cb57645604818f87518916e8a5c317bf
NOTE: This patch was submitted earlier and reverted because of a failing
test. The test has been patched so that it adjusts for the changes here,
so this is being resubmitted for review.
One feature that confbridge has is the ability to play sounds to all
participants in the conference. Prior to this commit, the algorithm for
this was as follows:
* Grab the playback lock
* Push the conference announcer channel into the bridge
* Play back the sound
* Pull the conference announcer channel from the bridge
* Release the playback lock
The issue here is that the act of adding the playback channel to the
bridge and removing it for each announcement is expensive. Amongst the
expenses:
* The announcer channel is imparted into the bridge, meaning a new
thread is spun up for each playback.
* When the announcer is added or removed from the bridge, it results
in the BRIDGEPEER channel variable being set on all channels in the
bridge. This requires keeping the bridge locked and locking each
individual channel in order to set it.
* There's also just the general overhead of adding the channel and
removing it from the bridge. The bridge potentially has to reconfigure
every single time
With this commit, the paradigm for playing back announcements has
shifted.
* The announcer channel is now added to the bridge when the conference
is allocated, and it is hung up when the conference is destroyed.
* A taskprocessor is used to queue playbacks onto the announcer channel.
This keeps the behavior from before where playbacks do not overlap.
* The announcer channel is no longer placed into the bridge as
departable. Since we are not constantly removing the channel from
the bridge, it is safe to add the channel using an independent thread
and simply hang the channel up when it is time for the conference to
be destroyed.
The use of the taskprocessor for playbacks opens up the interesting
possibility of having asynchronous announcements played. In this commit,
however, the behavior is still exactly the same as it previously was.
ASTERISK-26289
Reported by Mark Michelson
Change-Id: Ica9fa4907c2f3728cdd1cf0bc564ef4eb40754a0
The compilation failed for devmode
--enable DONT_OPTIMIZE
--enable BETTER_BACKTRACES
--enable DO_CRASH
--enable TEST_FRAMEWORK
res_pjsip/pjsip_configuration.c: In function dtls_handler:
res_pjsip/pjsip_configuration.c:974:20: error:
back may be used uninitialized in this function [-Werror=maybe-uninitialized]
int size = strlen(front);
^
cc1: all warnings being treated as errors
Change-Id: I7f082ead0312792a577ec7c73015ba64dabca580
When res_odbc_transaction depended on res_odbc, it got the generic_odbc
headers and libs implicitly. Now that it no longer depends on res_odbc,
its dependency on generic_odbc must be explicit.
Change-Id: I9db88f7af7388437f49903d3008ba8d4890d5911
PJProject supports a lot of platforms even Windows, some with different defaults
when it comes to IPv6. In many Linux platforms like Ubuntu 16.04 LTS,
"/proc/sys/net/ipv6/bindv6only" is set to 0 (false). Different than in Windows.
Because of this, if configured with just an IPv6 address/transport, PJProject
listens to both IPv4 and IPv6. However, this is not supported by the PJProject
team. As consequence, you end-up with IPv4-mapped IPv6 addresses in SDP,
incompatible with IPv4-only clients. Technically, you end-up with an IPv6-only
server which accepts incoming connections on IPv4.
If you try to configure two transports, one with IPv4 and one with IPv6 on the
same interface, as expected by the PJProject team, the IPv4 transport is not
able to bind because the IPv6 transport listens to both already.
One solution would be to change "/proc/sys/net/ipv6/bindv6only" system-wide.
Then, you are able to configure two transports, one for each IP version on the
same interface. That way, you get a server which works with IPv4 clients and
IPv6 clients at the same time over the same interface.
Here, this change sets this parameter directly within PJProject to match the
expectations of the PJProject team in any case. This allows IPv4/IPv6 Dual Stack
servers out of the box like in chan_sip. This change was accepted by the
PJProject team as <http://trac.pjsip.org/repos/changeset/5403> and is expected
to arrive in the next version, PJProject 2.6.0. Until then, this change is
incorporated in the bundled PJProject of Asterisk.
ASTERISK-26309
Change-Id: I3335d8718f79f4b2feae91b5b005a3ce684a63ae
updated the uri handler to include the url prefix of the http server
this enables res_ari to add it to the uris when generating docs
Change-Id: I279335a2625261a8492206c37219698f42591c2e
(cherry picked from commit 6f448f32fe)
When using the migration script sip_to_pjsip.py, cert_file was not migrated to
pjsip.conf. A previous change regarding this contained a copy/paste error.
ASTERISK-22374
Change-Id: I0fa72e9412117d53b4284fc6b83fa5b2b95ba03b
When 'tlsclientmethod' is not specified in sip.conf, chan_sip uses the OpenSSL
SSLv23_method. This was documented incorrectly in the file sip.conf.sample.
SSLv23_method got its name in the 90s. Today, with OpenSSL 1.0.2, this method
enables (just) the secure TLSv1.0 and TLSv1.2. Or stated differently, that
function should have been called 'secure_method' or 'automatic_method' back in
the 90s.
Consequently please, specify 'tlsclientmethod=tlsv1' in your sip.conf only if
you face a server which has problems like not falling back to TLSv1.0
automatically.
ASTERISK-24425
Change-Id: I502ce6146b4504cadfd3973af8d6ec3994f54fa3
Historically, Asterisk has always specified annexb=no for the g729 format.
However, when using res_pjsip no format attribute was specified. This patch
makes it so the SDP now contains a format attribute line with annexb=no.
Note, that this means only g729a is negotiated. Even for pass through support.
According to rfc7261 the type of annex used (a or b) is dependent upon the
answerer. However, Asterisk being a back to back user agent makes this tricky
to support at this time, thus we only allow annex 'a' for now.
ASTERISK-26228 #close
patches:
res_format_attr_g729.c submitted by Jason Parker (license 4993)
Change-Id: I76bc20cc0a01af01536e9915afef319c269c22d0
Given resource paths did not have 'json' substituted in for the '{format}'. For
some auto generated documentation/comment strings it resulted in something like
the following:
"... REST handler for /api-docs/sounds.{format}"
This patch makes sure the resource api's path is properly substituted.
ASTERISK-25472 #close
Change-Id: Ie3e950a35db4043e284019d6c9061f3b03922e23
The MODULEINFO dependencies between these 2 modules was reversed.
res_odbc should depend on res_odbc_transaction, not the other way
around.
ASTERISK-25984 #close
Change-Id: Ifcfbb49c0b51cf6640a5446d47cd6c48caf1331f
A recent update had a copy/paste error where the unused variable 'val' was
being passed to the set_value function instead of the 'method' value itself.
This patch passes in the right variable.
ASTERISK-22374
Change-Id: I895b7b3779ce4442bc58b8ec40d59dd29bb43f06
One feature that confbridge has is the ability to play sounds to all
participants in the conference. Prior to this commit, the algorithm for
this was as follows:
* Grab the playback lock
* Push the conference announcer channel into the bridge
* Play back the sound
* Pull the conference announcer channel from the bridge
* Release the playback lock
The issue here is that the act of adding the playback channel to the
bridge and removing it for each announcement is expensive. Amongst the
expenses:
* The announcer channel is imparted into the bridge, meaning a new
thread is spun up for each playback.
* When the announcer is added or removed from the bridge, it results
in the BRIDGEPEER channel variable being set on all channels in the
bridge. This requires keeping the bridge locked and locking each
individual channel in order to set it.
* There's also just the general overhead of adding the channel and
removing it from the bridge. The bridge potentially has to reconfigure
every single time
With this commit, the paradigm for playing back announcements has
shifted.
* The announcer channel is now added to the bridge when the conference
is allocated, and it is hung up when the conference is destroyed.
* A taskprocessor is used to queue playbacks onto the announcer channel.
This keeps the behavior from before where playbacks do not overlap.
* The announcer channel is no longer placed into the bridge as
departable. Since we are not constantly removing the channel from
the bridge, it is safe to add the channel using an independent thread
and simply hang the channel up when it is time for the conference to
be destroyed.
The use of the taskprocessor for playbacks opens up the interesting
possibility of having asynchronous announcements played. In this commit,
however, the behavior is still exactly the same as it previously was.
ASTERISK-26289
Reported by Mark Michelson
Change-Id: Ic5cd2c4b98a1eaa1715eb7a5b35d62f1a76d78a5
When using the migration script sip_to_pjsip.py and tlsclientmethod is not set
in sip.conf, the default value of chan_sip (sslv23) is copied to pjsip.conf, to
overwrite the default of the PJProject (tlsv1). This makes sure, res_pjsip is
offering/using not just TLSv1.0 but TLSv1.2 as well.
ASTERISK-22374
Change-Id: Ie530a3dae9926ae14f3920a21be1e2edb15bda4f
When using the migration script sip_to_pjsip.py, no section of type=system or
type=general were created. Therefore the keys compactheaders, timerb, timert1,
and useragent were not migrated to pjsip.conf.
ASTERISK-22374
Change-Id: I318a453843227ea36bf130d392d4abd7bd26b5a1
When using the migration script sip_to_pjsip.py, session-timers=accept and
session-timers=refuse were mapped to wrong values.
ASTERISK-22374
Change-Id: Ie4e90d5f6a29aff07837b7fe5bc8aea5fb6fc092
When using the migration script sip_to_pjsip.py, now the (mandatory) username is
written to pjsip.conf, even if there was no (optional) authname in the register
string in sip.conf.
ASTERISK-22374
Change-Id: Ie53e1997104cd2674821688b8a8247249f5e156f
When using the migration script sip_to_pjsip.py and the register string
started with a transport in sip.conf - like tls://... - register was not parsed
correctly and therefore not migrated correctly to pjsip.conf.
ASTERISK-22374
Change-Id: I44c12104eea2bd8558ada6d25d77edfecd92edd2
When using the migration script sip_to_pjsip.py, those keys got missing. These
keys might appear several times and the function "merge_value" tried to collect
those. However, because these keys have different names in sip.conf and
pjsip.conf, "merge_value" was not able to find the new key name in sip.conf.
This change lets "merge_value" search with the old key name in sip.conf and
write with the new key name in pjsip.conf.
ASTERISK-22374
Change-Id: Ie53c5278ae6f1cb8fa7e96c5289877d46981d9d2
When using the migration script sip_to_pjsip.py, the externhost or externip of
sip.conf were erroneously written to Endpoints instead to Transports.
ASTERISK-22374
Change-Id: I2c5873386cfc388899fa9cf2368639dd12f1b8e4
When using the migration script sip_to_pjsip.py, defaultexpiry, maxexpiry, and
minexpiry were not migrated to pjsip.conf.
ASTERISK-22374
Change-Id: I007fbf543dcadc96fc3ed71c54da502bcb209b7b
When using the migration script sip_to_pjsip.py, encryption=yes got missing and
media_encryption=sdes was not written to pjsip.conf, because of a typo.
ASTERISK-22374
Change-Id: I0fc3e55dc512a57603ae0fef41baacccf2a35c05