When chan_sip does a re-INVITE to refresh a session and authentication
is required, the INVITE with the Authorization header containes a
second Session-Expires header without the ";refersher=" parameter.
This is causing some proxies to return a 400. Also, when Asterisk is
the uas and the refresher, it is including the Session-Expires and
Min-SE headers in OPTIONS messages which is not allowed per RFC4028.
This patch (based on the reporter's) Checks to see if a Session-Expires
header is already in the message before adding another one. It also
checks that the method is INVITE or UPDATE.
ASTERISK-26030 #close
Change-Id: I58a7b07bab5a3177748d8a7034fb8ad8e11ce1d9
Nothing was cleaning up the registration state object when ast_sorcery_delete
was called on a registration. So, the registration was deleted from sorcery
but the state object went right on refreshing the registration (or failing
to refresh the registration) with the peer.
* Added a 'deleted' observer on registration that removes the state object.
ASTERISK-25964 #close
Reported-by Matt Jordan
Change-Id: I2db792145cdb1f72ebbf57dd9099596dbbf12c23
Although it's perfectly legal to place multiple SIP messages in the same packet,
it can cause problems because the Linux default is to enable Path MTU Discovery
which sets the Don't Fragment bit on the packets. If adding a second message to
the packet causes the MTU to be exceeded, and the destination isn't equipped to
send a FRAGMENTATION NEEDED response to a large packet, the packet will just be
dropped.
We can't specifically tell the stack to send only 1 message per packet, but we
can turn on TCP_NODELAY when we create the transport. This will at least tell
the stack to send packets as soon as possible.
ASTERISK-26005 #close
Reported-by: Ross Beer
Change-Id: I820f23227183f2416ca5e393bec510e8fe1c8fbd
When 2d7a4a3357 was merged, it missed the fact that Verbose log messages
are formatted and handled by 'verbosers'. Verbosers are registered
functions that handle verbose messages only; they exist as a separate
class of callbacks. This was done to handle the 'magic' that must be
inserted into Verbose messages sent to remote consoles, so that the
consoles can format the messages correctly, i.e., the leading
tabs/characters.
In reality, verbosers are a weird appendage: they're a separate class of
formatters/message handlers outside of what handles all other log
messages in Asterisk. After some code inspection, it became clear that
simply passing a Verbose message along with its 'sublevel' importance
through the normal logging mechanisms removes the need for verbosers
altogether.
This patch removes the verbosers, and makes the default log formatter
aware that, if the log channel is a console log, it should simply insert
the 'verbose magic' into the log messages itself. This allows the
console handlers to interpret and format the verbose message
themselves.
This simplifies the code quite a lot, and should improve the performance
of printing verbose messages by a reasonable factor:
(1) It removes a number of memory allocations that were done on each
verobse message
(2) It removes the need to strip the verbose magic out of the verbose
log messages before passing them to non-console log channels
(3) It now performs fewer iterations over lists when handling verbose
messages
Since verbose messages are now handled like other log messages (for the
most part), the JSON formatting of the messages works as well.
ASTERISK-25425
Change-Id: I21bf23f0a1e489b5102f8a035fe8871552ce4f96
When bound to an 'any' address, e.g., 0.0.0.0, PJSIP reports as its
local address the 'any' address, as opposed to the IP address we
actually received the packet on. This can cause some confusion in Homer,
as it will dutifully report what we send it.
This patch uses the PJSIP inspection routines to determine which IP
address we probably received the packet on based on the remote party's
IP address. In the event that this fails, it falls back to the IP
address natively reported by the transport.
Change-Id: I076f835d2aef489e1ee1d01595b211eb2ce62da3
The Location headers returned by:
* /bridges/{bridgeId}/play
* /bridges/{bridgeId}/record
* /channels/{channelId}/play
* /channels/{channelId}/record
Did not have the '/ari' prefix, and in the case of the 'play' resources, were
using 'playback' instead of 'playbacks.'
Change-Id: I957c58a3a1471bf477dae7c67faa1b74fcd9241c
At one point in time, it seemed like a good idea to use the Asterisk
channel name as the HEP correlation UUID. In particular, it felt like
this would be a useful identifier to tie PJSIP messages and RTCP
messages together, along with whatever other data we may eventually send
to Homer. This also had the benefit of keeping the correlation UUID
channel technology agnostic.
In practice, it isn't as useful as hoped, for two reasons:
1) The first INVITE request received doesn't have a channel. As a
result, there is always an 'odd message out', leading it to be
potentially uncorrelated in Homer.
2) Other systems sending capture packets (Kamailio) use the SIP Call-ID.
This causes RTCP information to be uncorrelated to the SIP message
traffic seen by those capture nodes.
In order to support both (in case someone is trying to use res_hep_rtcp
with a non-PJSIP channel), this patch adds a new option, uuid_type, with
two valid values - 'call-id' and 'channel'. The uuid_type option is used
by a module to determine the preferred UUID type. When available, that
source of a correlation UUID is used; when not, the more readily available
source is used.
For res_hep_pjsip:
- uuid_type = call-id: the module uses the SIP Call-ID header value
- uuid_type = channel: the module uses the channel name if available,
falling back to SIP Call-ID if not
For res_hep_rtcp:
- uuid_type = call-id: the module uses the SIP Call-ID header if the
channel type is PJSIP and we have a channel,
falling back to the Stasis event provided
channel name if not
- uuid_type = channel: the module uses the channel name
ASTERISK-25352 #close
Change-Id: Ide67e59a52d9c806e3cc0a797ea1a4b88a00122c
With the old SIP module we can use IP access controls per peer.
PJSIP module missing this feature.
This patch added next configuration Endpoint options:
"acl" - list of IP ACL section names in acl.conf
"deny" - List of IP addresses to deny access from
"permit" - List of IP addresses to permit access from
"contact_acl" - List of Contact ACL section names in acl.conf
"contact_deny" - List of Contact header addresses to deny
"contact_permit" - List of Contact header addresses to permit
This patch also better logging failed request:
add custom message instead of "No matching endpoint found"
add SIP method to logging
ASTERISK-25900
Change-Id: I456dea3909d929d413864fb347d28578415ebf02
In 13.9.0, there was an issue where PJSIP contacts added to an AOR would
be deleted at seemingly random times.
One reason this was happening was because of an operation to retrieve
the contacts whose expiration time was less than or equal to the current
time. When retrieving existing contacts, the contact's expiration time
and the current time were converted from a string to a float, and those
two floats were compared.
On some systems, including mine, this conversion was horribly off. For
instance, I could regularly see the string "1463079214" get converted
into 1463079168.000000. When switching from using a float to using a
double, the conversion was as expected.
Why was the conversion to float off? My best guess is that the
conversion to float was attempting to store the entire value in the 23
bit significand of the IEEE-754 floating point number. In particular, if
you take only the 23 most significant bits of 1463079214, you get the
messed up 1463079168 that we were seeing in the conversion. It likely
was possible to get a more precise value by composing the number using
an exponent, but the conversion did not work that way. With a double,
you have a 52 bit significand, allowing the entire value to fit there,
and thereby allowing an accurate conversion.
ASTERISK-26007 #close
Reported by Greg Siemon
Change-Id: I83ca7944aae8b7cd994b254c78ec02411d321070
There are two types of SIP URIs indicating a secure transport:
* sips:user@example.org
* sip:user@example.org;transport=tls
When using a sips URI, Asterisk checks incoming INVITEs and answers from
the other side for sips URIs, and rejects the packet if there are only
sip URIs. So Asterisk should only generate a sips Contact URI if the
other side supports it.
This patch makes Asterisk generate either a sip or sips Contact URI
depending on the format of the server URI.
If you want a sip URI, use:
server_uri=sip:example.org\;transport=tls
If you want a sips URI, use:
server_uri=sips:example.org
ASTERISK-25990 #close
Reported-by: Sebastian Damm
Change-Id: I5ae57d6531ce940b5fc64d5cd2673e60db0f9ba2
During refactoring of this support the addition of
the PID to messages was removed. This change adds it
back in.
ASTERISK-25538 #close
Change-Id: Ie2d43b0652e59b7ac319a7dba94501540d70ba36
When running on a system that does not support or use AST_UNDEFINED_SANITIZER
or AST_LEAK_SANITIZER, the configure script would incorrectly set those
constants to a blank value, e.g., 'AST_UNDEFINED_SANITIZER='. This would
cause menuselect to error out, complaining that a blank value is not a
valid option. This patch corrects the issue by setting the value to 0 if
the options that those constants enable/disable is not found.
Change-Id: Ib39814aaf940f308d500c1e026edb3d70de47fba
FollowMe with the option a records the name of the caller and plays it
to the callee. However it has failed to clean up that recorded file
as it tried to delete the file name without the '.sln' extension.
ASTERISK-26008 #close
Change-Id: I79d7b1be7d5cde57bf076d9389e2a8a4422776ec
Signed-off-by: Tzafrir Cohen <tzafrir.cohen@xorcom.com>
* No need to set language in a miniml configuration. 'en' will do just
fine.
* It would be useful to have an example of setting it to a different
language.
* Setting the documentation language explicitly is likewise not
required. Setting it to a different value is not common. At least
until there is a set of translated documentation.
Change-Id: I94d91ea34e129925f25af81ef8dc0906fb568cb7
Signed-off-by: Tzafrir Cohen <tzafrir.cohen@xorcom.com>
Note the default of remmed-out options. To clarify that those values are
not the defaults.
Change-Id: I849c29b7a710f0abc37355fcb5bfee335ae30738
Signed-off-by: Tzafrir Cohen <tzafrir.cohen@xorcom.com>
A minimal configuration does not need to explicitly spell out the
directories. The built-in defaults will do just fine. In many cases
they are wrong.
Change-Id: Id1a671e5c5e9923765a4156b57f9f7e263fdd26c
Signed-off-by: Tzafrir Cohen <tzafrir.cohen@xorcom.com>
From the issue reporter:
"res_pjsip_outbound_authenticator_digest builds a nonce that is a hash of
the timestamp, the source address, the source port, a server UUID that is
calculated at startup, and the authentication realm.
Rather than caching nonces that we create, we instead attempt to re-calculate
the nonce when receiving an incoming request with authentication. We then
compare the re-calculated nonce to the incoming nonce, and if they don't match,
then authentication has failed early.
The problem is that it is possible, especially when using TCP, to receive two
requests from the same endpoint but have differing source ports for those
requests. Asterisk itself commonly will use different source ports for
outbound TCP requests."
This patch removes the source port dependency when building the nonce.
ASTERISK-25978 #close
Change-Id: I871b5f4adce102df1c4988066283095ec509dffe
The default tls settings for pjproject only allow TLS 1, TLS 1.1 and TLS 1.2.
SSL is not allowed. So, even if you specify "sslv3" for a transport method,
it's silently ignored and one of the TLS protocols is used. This was a new
behavior of pjsip_tls_setting_default() in 2.4 (when tls.proto was added) that
we never caught.
Now we need to set tls.proto = 0 after we call pjsip_tls_setting_default().
This tells pjproject to set the socket protocol to match the method.
ASTERISK-26004 #close
Change-Id: Icfb55c1ebe921298dedb4b1a1d3bdc3ca41dd078
This migrates res_pjsip_pubsub over to using the newly
introduce common datastores management API instead of using
its own implementations for both subscriptions and
publications.
As well the extension state data now provides a generic
datastores container instead of a subscription. This allows
the dialog-info+xml body generator to work for both
subscriptions and publications.
ASTERISK-25999 #close
Change-Id: I773f9e4f35092da0f653566736a8647e8cfebef1
This change introduces a common container based datastores
management API. This has been done in a few places across
the tree but this consolidates all of the logic into one
place in a generic fashion.
ASTERISK-25999
Change-Id: I72eb15941dcdbc2a37bb00a33ce00f8755bd336a
This patch allows for having app_confbridge register the name of the
conference as an extension into a specific context, similar to
regcontext for chan_sip. This variant is not quite as involved as the
one in chan_sip and doesn't allow for multiple contexts or custom
extensions, you can only specify the context and the conference name
will always be used as the extension to register.
ASTERISK-25989 #close
Change-Id: Icacf94d9f2b5dfd31ef36f6cb702392619a7902f
The pjsua and pjsystest apps are now built only if TEST_FRAMEWORK is set.
The python bindings are now built only if TEST_FRAMEWORK is set and a
python development package is installed.
libresample was also disabled.
ASTERISK-25993 #close
Reported-by: Joshua Colp
Change-Id: If4e91c503a02f113d5b71bc8b972081fa3ff6f03
The res_pjsip_authenticator_digest, res_pjsip_endpoint_identifier_*
and res_pjsip_registrar modules should load ASAP
to avoid "No matching endpoint found" for legitimate endpoint.
ASTERISK-25994
Change-Id: Iac95d95ad031e0be104189d29e923a2ad7c24a1b