The stir_shaken configuration option now has 4 different choices to pick
from: off, attest, verify, and on. Off and on behave the same way they
do now. Attest will only perform attestation on the endpoint, and verify
will only perform verification on the endpoint.
Certain responses are required to be sent based on certain conditions
for STIR/SHAKEN. For example, if we get a Date header that is outside of
the time range that is considered valid, a 403 Stale Date response
should be sent. This and several other responses have been added.
Change-Id: I4ac1ecf652cd0e336006b0ca638dc826b5b1ebf7
In res_pjsip_sdp_rtp, the bind_rtp_to_media_address option and the
fallback use of the transport's bind address solve problems sending
media on systems that cannot send ipv4 packets on ipv6 sockets, and
certain other situations. This change extends both of these behaviors
to UDPTL sessions as well in res_pjsip_t38, to fix fax-specific
problems on these systems, introducing a new option
endpoint/t38_bind_udptl_to_media_address.
ASTERISK-29402
Change-Id: I87220c0e9cdd2fe9d156846cb906debe08c63557
The behavior of max_contacts and remove_existing are connected. If
remove_existing is enabled, the soonest expiring contacts are removed.
This may occur when there is an unavailable contact. Similarly,
when remove_existing is not enabled, registrations from good
endpoints are rejected in favor of retaining unavailable contacts.
This commit adds a new AOR option remove_unavailable, and the effect
of this setting will depend on remove_existing. If remove_existing
is set to no, we will still remove unavailable contacts when they
exceed max_contacts, if there are any. If remove_existing is set to
yes, we will prioritize the removal of unavailable contacts before
those that are expiring soonest.
ASTERISK-29525
Change-Id: Ia2711b08f2b4d1177411b1be23e970d7fdff5784
Set preferred transport when querying the local address to use in
filter_on_tx_messages(). This prevents the module to erroneously select
the wrong transport if more than one transports of the same type (TCP or
TLS) are configured.
ASTERISK-29241
Change-Id: I598e60257a7f92b29efce1fb3e9a2fc06f1439b6
For connection oriented transports PJSIP uses factories to
produce transports. When doing a partial transport reload
we need to also move the factory of the transport over so
that anything referencing the transport (such as an endpoint)
has the factory available.
ASTERISK-29441
Change-Id: Ieae0fb98eab2d9257cad996a1136e5a62d307161
RFC7616 and RFC8760 allow more than one WWW-Authenticate or
Proxy-Authenticate header per realm, each with different digest
algorithms (including new ones like SHA-256 and SHA-512-256).
Thankfully however a UAS can NOT send back multiple Authenticate
headers for the same realm with the same digest algorithm. The
UAS is also supposed to send the headers in order of preference
with the first one being the most preferred. We're supposed to
send an Authorization header for the first one we encounter for a
realm that we can support.
The UAS can also send multiple realms, especially when it's a
proxy that has forked the request in which case the proxy will
aggregate all of the Authenticate headers and then send them all
back to the UAC.
It doesn't stop there though... Each realm can require a
different username from the others. There's also nothing
preventing each digest algorithm from having a unique password
although I'm not sure if that adds any benefit.
So now... For each Authenticate header we encounter, we have to
determine if we support the digest algorithm and, if not, just
skip the header. We then have to find an auth object that
matches the realm AND the digest algorithm or find a wildcard
object that matches the digest algorithm. If we find one, we add
it to the results vector and read the next Authenticate header.
If the next header is for the same realm AND we already added an
auth object for that realm, we skip the header. Otherwise we
repeat the process for the next header.
In the end, we'll have accumulated a list of credentials we can
pass to pjproject that it can use to add Authentication headers
to a request.
NOTE: Neither we nor pjproject can currently handle digest
algorithms other than MD5. We don't even have a place for it in
the ast_sip_auth object. For this reason, we just skip processing
any Authenticate header that's not MD5. When we support the
others, we'll move the check into the loop that searches the
objects.
Changes:
* Added a new API ast_sip_retrieve_auths_vector() that takes in
a vector of auth ids (usually supplied on a call to
ast_sip_create_request_with_auth()) and populates another
vector with the actual objects.
* Refactored res_pjsip_outbound_authenticator_digest to handle
multiple Authenticate headers and set the stage for handling
additional digest algorithms.
* Added a pjproject patch that allows them to ignore digest
algorithms they don't support. This patch has already been
merged upstream.
* Updated documentation for auth objects in the XML and
in pjsip.conf.sample.
* Although res_pjsip_authenticator_digest isn't affected
by this change, some debugging and a testsuite AMI event
was added to facilitate testing.
Discovered during OpenSIPit 2021.
ASTERISK-29397
Change-Id: I3aef5ce4fe1d27e48d61268520f284d15d650281
Some configuration items for a transport do not result in
the underlying transport changing, but instead are just
state we keep ourselves and use. It is perfectly reasonable
to change these items.
These include local_net and external_* information.
ASTERISK-29354
Change-Id: I027857ccfe4419f460243e562b5f098434b3d43a
Segfault occurs during outbound UDP registration when all
transport states are being iterated over. The transport object
in the transport is accessed, but flow transports have a NULL
transport object.
Modify to not iterate over any flow transport
ASTERISK-29210 #close
Change-Id: If28dc3a18bdcbd0a49598b09b7fe4404d45c996a
RFC 3261 says that the Accept-Encoding header should be present
in an options response. Permitted values according to RFC 2616
are only compression algorithms like gzip or the default identity
encoding. Therefore "text/plain" is not a correct value here.
As long as the header is hard coded, it should be set to "identity".
Without this fix an Alcatel OmniPCX periodically logs warnings like
"[sip_acceptIncorrectHeader] Header Accept-Encoding is malformed"
on a SIP Trunk.
ASTERISK-29165 #close
Change-Id: I0aa2211ebf0b4c2ed554ac7cda794523803a3840
* Added a ONESHOT type that never reschedules.
* Added "like" capability to "pjsip show scheduled_tasks" so you can do
the following:
CLI> pjsip show scheduled_tasks like outreg
PJSIP Scheduled Tasks:
Task Name Interval Times Run ...
============================================= ========= ========= ...
pjsip/outreg/testtrunk-reg-0-00000074 50.000 oneshot ...
pjsip/outreg/voipms-reg-0-00000073 110.000 oneshot ...
* Fixed incorrect display of "Next Start".
* Compacted the displays of times in the CLI.
* Added two new functions (ast_sip_sched_task_get_times2,
ast_sip_sched_task_get_times_by_name2) that retrieve the interval,
next start time, and next run time in addition to the times already
returned by ast_sip_sched_task_get_times().
Change-Id: Ie718ca9fd30490b8a167bedf6b0b06d619dc52f3
This patch initializes a couple of local variables to some default values.
Interestingly, in the 'pj_status_t dlg_status' case the value not being
initialized caused memory to grow, and not be recovered, in the off nominal
path (at least on my machine).
Change-Id: I22ee65e1e1bff8efacea8a167c6c8428898523f7
This changes the outgoing offer call preference
default option to match the behavior of previous
versions of Asterisk.
The additional advanced codec negotiation options
have also been removed from the sample configuration
and marked as reserved for future functionality in
XML documentation.
The codec preference options have also been fixed to
enforce local codec configuration.
ASTERISK-29109
Change-Id: Iad19347bd5f3d89900c15ecddfebf5e20950a1c2
Implemention of History-Info capable of interworking with Diversion
Header following RFC7544
ASTERISK-29027 #close
Change-Id: I2296369582d4b295c5ea1e60bec391dd1d318fa6
When reading in a codec preference configuration option
the value would be set on the respective option before
applying any default adjustments, resulting in the
configuration not being as expected.
This was exposed by the REST API push configuration as
it used the configuration returned by Asterisk to then do
a modification. In the case of codec preferences one of
the options had a transcode value of "unspecified" when the
defaults should have ensured it would be "allow" instead.
This also renames the options in other places that were
missed.
Change-Id: I4ad42e74fdf181be2e17bc75901c62591d403964
This change renames the codec preference endpoint options.
incoming_offer_codec_prefs becomes codec_prefs_incoming_offer
to keep the options together when showing an endpoint.
Change-Id: I6202965b4723777f22a83afcbbafcdafb1d11c8d
Added a new configuration option for PJSIP endpoints - stir_shaken. If
set to yes, then STIR/SHAKEN support will be added to inbound and
outbound INVITEs. The default is no. Alembic has been updated to include
this option.
Previously the dialplan function was not trimming the whitespace from
the parameters it recieved. Now it does.
Also added a conditional that, when TEST_FRAMEWORK is enabled, the
timestamp in the identity header will be overlooked. This is just for
testing, since the testsuite will rely on a SIPp scenario with a preset
identity header to trigger the MISMATCH result.
Change-Id: I43d67f1489b8c1c5729ed3ca8d71e35ddf438df1
This commit adds the endpoint options required to control
Advanced Codec Negotiation.
incoming_offer_codec_prefs
outgoing_offer_codec_prefs
incoming_answer_codec_prefs
outgoing_answer_codec_prefs
The documentation may need tweaking and some additional edits
added, especially for the "answer" prefs. That'll be handled
when things finalize.
This commit is safe to merge as it doens't alter any existing
functionality nor does it alter the previous codec negotiation
work which may now be obsolete.
Change-Id: I920ba925d7dd36430dfd2ebd9d82d23f123d0e11
Currently when the pjsip making an outgoing request, it keep adding the
rport parameter in a request message as a default.
This causes unexpected rport handle at the other end.
Added option for disable this behaviour in the pjsip.conf.
This is a system option, but working as a gloabl option.
ASTERISK-28959
Change-Id: I9596675e52a742774738b5aad5d1fec32f477abc
The outbound proxy for an AOR was not being applied to
any statically configured Contacts. This resulted in the
OPTIONS requests being sent to the wrong target.
This change sets the outbound proxy on statically configured
contacts once the AOR configuration is done being
applied.
ASTERISK-28965
Change-Id: Ia60f3e93ea63f819c5a46bc8b54be2e588dfa9e0
1. Modify sip_resolve and sip_resolve_callback to request AAAA lookups
when an IPV6 transport type has been requested.
2. Rename all occurrences of pjsip_transport_get_type_name to
pjsip_transport_get_type_desc. This ensures that the log/debug info
shows whether the transport is IPv6 or IPv4.
3. Do not add the constant PJSIP_TRANSPORT_IPV6 to existing transport
types. This results in invalid values. Use a bitwise or instead.
ASTERISK-26780
Patches:
pjsip_resolver.c uploaded by Peter Sokolov (License #7070)
Change-Id: I8b1e298f8efa682d0a7644113258fe76d9889c58
When an AOR is modified endpoints are updated that reference
the AOR so they can start receiving updates and reflect the
correct state. If this is the case then we shouldn't change
the endpoint to be offline if it does not reference the AOR
but instead only when the endpoint is completely updated for
all its AORs.
ASTERISK-28056
patches:
pjsip_options-aor.diff submitted by jhord (license 6978)
Change-Id: I3ee00023be2393113cd4e056599f23f3499ef164
This unit test runs through combinations of...
* Local codecs
* Remote Codecs
* Codec Preference
* Incoming/Outgoing
A few new APIs were created to make it easier to test
the functionality but didn't result in any actual
functional change.
ASTERISK_28777
Change-Id: Ic8957c43e7ceeab0e9272af60ea53f056164f164
Based on this new endpoint setting, a joint list of preferred codecs
between those received from the Asterisk core (remote), and those
specified in the endpoint's "allow" parameter (local) is created and
is used to create the outgoing SDP offer.
* Add outgoing_call_offer_pref to pjsip_configuration (endpoint)
* Add "call_direction" to res_pjsip_session.
* Update pjsip_session_caps.c to make the functions more generic
so they could be used for both incoming and outgoing.
* Update ast_sip_session_create_outgoing to create the
pending_media_state->topology with the results of
ast_sip_session_create_joint_call_stream().
* The endpoint "preferred_codec_only" option now automatically sets
AST_SIP_CALL_CODEC_PREF_FIRST in incoming_call_offer_pref.
* A helper function ast_stream_get_format_count() was added to
streams to return the current count of formats.
ASTERISK-28777
Change-Id: Id4ec0b4a906c2ae5885bf947f101c59059935437
Add a new option, incoming_call_offer_pref, to res_pjsip endpoints that
specifies the preferred order of codecs after receiving an offer.
This patch does the following:
Adds a new enumeration, ast_sip_call_codec_pref, used by the the new
configuration option that's added to the endpoint media structure.
Adds a new ast_sip_session_caps structure that's set for each session media
object.
Creates a new file, res_pjsip_session_caps that "implements" the new
structure and option, and is compiled into the res_pjsip_session library.
ASTERISK-28756 #close
Change-Id: I35e7a2a0c236cfb6bd9cdf89539f57a1ffefc76f
This change extends the Sorcery API to allow a wizard to be
told to explicitly reload objects or a specific object type
even if the wizard believes that nothing has changed.
This has been leveraged by res_pjsip and res_pjsip_acl to
reload endpoints and PJSIP ACLs when a named ACL changes.
ASTERISK-28697
Change-Id: Ib8fee9bd9dd490db635132c479127a4114c1ca0b
RFC3261 Section 10 "Registrations", specifically paragraph
"10.2.4: Refreshing Bindings", states that a user agent compares
each contact address (in a 200 REGISTER response) to see if it
created the contact. If the Asterisk endpoint has the
rewrite_contact option set however, the contact host and port sent
back in the 200 response will be the rewritten one and not the
one sent by the user agent. This prevents the user agent from
matching its own contact. Some user agents get very upset when
this happens and will not consider the registration successful.
While this is rare, it is acceptable behavior especially if more
than 1 user agent is allowed to register to a single endpoint/aor.
This commit updates res_pjsip_nat (where rewrite_contact is
implemented) to store the original incoming Contact header in
a new "x-ast-orig-host" URI parameter before rewriting it, and to
restore the original host and port to the Contact headers in the
outgoing response.
This is only done if the request is a REGISTER and rewrite_contact
is enabled.
pjsip_message_filter was also updated to ensure that if a request
comes in with any existing x-ast-* URI parameters, we remove them
so they don't conflict. Asterisk will never send a request
with those headers in it but someone might just decide to add them
to a request they craft and send to Asterisk.
NOTE: If a device changes its contact address and registers again,
it's a NEW registration. If the device didn't unregister the
original registration then all existing behavior based
on aor/remove_existing and aor/max_contacts apply.
ASTERISK-28502
Reported-by: Ross Beer
Change-Id: Idc263ad2d2d7bd8faa047e5804d96a5fe1cd282e
This patch fixes several issues reported by the lgtm code analysis tool:
https://lgtm.com/projects/g/asterisk/asterisk
Not all reported issues were addressed in this patch. This patch mostly fixes
confirmed reported errors, potential problematic code points, and a few other
"low hanging" warnings or recommendations found in core supported modules.
These include, but are not limited to the following:
* innapropriate stack allocation in loops
* buffer overflows
* variable declaration "hiding" another variable declaration
* comparisons results that are always the same
* ambiguously signed bit-field members
* missing header guards
Change-Id: Id4a881686605d26c94ab5409bc70fcc21efacc25
When modifying an already defined variable in some channel drivers they
add a new variable with the same name to the list, but that value is
never used, only the first one found.
Introduce ast_variable_list_replace() and use it where appropriate.
ASTERISK-23756 #close
Patches:
setvar-multiplie.patch submitted by Michael Goryainov
Change-Id: Ie1897a96c82b8945e752733612ee963686f32839
The code for gathering contacts could result in the same contact
being retrieved and added to the list multiple times. The container
which stores the contacts to display will now only allow a contact
to be added to it once instead of multiple times.
ASTERISK-28228
Change-Id: I805185cfcec03340f57d2b9e6cc43c49401812df
When multiple endpoints try to register close together using the same
AOR with qualify_frequency set, one contact would qualify immediately
while the other contacts would have to wait out the duration of the
timer before being able to qualify. Changing the conditional to check
the contact container count for a non-zero value allows all contacts to
qualify immediately.
Change-Id: I79478118ee7e0d6e76af7c354d66684220db9415
Added a new PJSIP global setting called norefersub.
Default is true to keep support working as before.
res_pjsip_refer: Configures PJSIP norefersub capability accordingly.
Checks the PJSIP global setting value.
If it is true (default) it adds the norefersub capability to PJSIP.
If it is false (disabled) it does not add the norefersub capability
to PJSIP.
This is useful for Cisco switches that do not follow RFC4488.
ASTERISK-28375 #close
Reported-by: Dan Cropp
Change-Id: I0b1c28ebc905d881f4a16e752715487a688b30e9
chan_sip will always ignore 183 responses that do not contain SDP
however, chan_pjsip will currently always translate it into a
183 with SDP. This new flag allows chan_pjsip to have the same
behavior as chan_sip.
ASTERISK-28322 #close
Change-Id: If81cfaa17c11b6ac703e3d71696f259d86c6be4a
This reverts commit d524ad523d.
Reason for revert: This causes Contact and Via headers to have the wrong
transport address.
ASTERISK-28309 #close
Change-Id: Ibba4d6176f68e39279fcd9a545f81d56e747bed8
When a contact was removed by the registrar it did not always check to see if
the circumstances involved a monitored reliable transport. For instance, if the
'remove_existing' option was set to 'true' then when existing contacts were
removed due to 'max_contacts' being reached, those existing contacts being
removed did not unregister the transport monitor.
Also, it was possible to add more than one monitor on a reliable transport for
a given aor and contact.
This patch makes it so all contact removals done by the registrar also remove
any associated transport monitors if necessary. It also makes it so duplicate
monitors cannot be added for a given transport.
ASTERISK-28213
Change-Id: I94b06f9026ed177d6adfd538317c784a42c1b17a
To prevent one subsystem's taskprocessors from causing others
to stall, new capabilities have been added to taskprocessors.
* Any taskprocessor name that has a '/' will have the part
before the '/' saved as its "subsystem".
Examples:
"sorcery/acl-0000006a" and "sorcery/aor-00000019"
will be grouped to subsystem "sorcery".
"pjsip/distributor-00000025" and "pjsip/distributor-00000026"
will bn grouped to subsystem "pjsip".
Taskprocessors with no '/' have an empty subsystem.
* When a taskprocessor enters high-water alert status and it
has a non-empty subsystem, the subsystem alert count will
be incremented.
* When a taskprocessor leaves high-water alert status and it
has a non-empty subsystem, the subsystem alert count will be
decremented.
* A new api ast_taskprocessor_get_subsystem_alert() has been
added that returns the number of taskprocessors in alert for
the subsystem.
* A new CLI command "core show taskprocessor alerted subsystems"
has been added.
* A new unit test was addded.
REMINDER: The taskprocessor code itself doesn't take any action
based on high-water alerts or overloading. It's up to taskprocessor
users to check and take action themselves. Currently only the pjsip
distributor does this.
* A new pjsip/global option "taskprocessor_overload_trigger"
has been added that allows the user to select the trigger
mechanism the distributor uses to pause accepting new requests.
"none": Don't pause on any overload condition.
"global": Pause on ANY taskprocessor overload (the default and
current behavior)
"pjsip_only": Pause only on pjsip taskprocessor overloads.
* The core pjsip pool was renamed from "SIP" to "pjsip" so it can
be properly grouped into the "pjsip" subsystem.
* stasis taskprocessor names were changed to "stasis" as the
subsystem.
* Sorcery core taskprocessor names were changed to "sorcery" to
match the object taskprocessors.
Change-Id: I8c19068bb2fc26610a9f0b8624bdf577a04fcd56
The context specified by 'regcontext' was not being created, so when Asterisk
attempted to later dynamically add an extension it would fail. This patch now
creates the context if a 'regcontext' is specified.
ASTERISK-28238
Change-Id: I0f36cf4ab0a93ff4b1cc5548d617ecfd45e09265
The transport management code that checks for idle connections keeps a
reference to PJSIP's transport for IDLE_TIMEOUT milliseconds (32000 by
default). Because of this, if the transport is closed before this
timeout, the idle checking code will keep the transport from actually
being shutdown until the timeout expires.
Rather than passing the AO2 object to the scheduler task, we just pass
its key and look it up when it is time to potentially close the idle
connection. The other transport management code handles cleaning up
everything else for us.
Additionally, because we use the address of the transport when
generating its name, we concatenate an incrementing ID to the end of the
name to guarantee uniqueness.
Related to ASTERISK~28231
Change-Id: I02ee9f4073b6abca9169d30c47aa69b5e8ae9afb
The commit I2f97ebfa79969a36a97bb7b9afd5b6268cf1a07d removed sending out
the ContactStatus AMI event when a contact is updated.
Thist change broke things which rely on old behavior.
This patch adds a new PJSIP global configuration option
'send_contact_status_on_update_registration' to be able to preserve old
ContactStatus behavior.
By default new behavior, i.e. the ContactStatus event will not be sent when a
device refreshes its registration.
Change-Id: I706adf7584e7077eb6bde6d9799ca408bc82ce46
When a channel snapshot was created it used to be done
from scratch, copying all data (many strings). This incurs
a cost when doing so.
This change segments the channel snapshot into different
components which can be reused if unchanged from the
previous snapshot creation, reducing the cost. In normal
cases this results in some pointers being copied with
reference count being bumped, some integers being set,
and a string or two copied. The other benefit is that it
is now possible to determine if a channel snapshot update
is redundant and thus stop it before a message is published
to stasis.
The specific segments in the channel snapshot were split up
based on whether they are changed together, how often they
are changed, and their general grouping. In practice only
1 (or 0) of the segments actually get changed in normal
operation.
Invalidation is done by setting a flag on the channel when
the segment source is changed, forcing creation of a new
segment when the channel snapshot is created.
ASTERISK-28119
Change-Id: I5d7ef3df963a88ac47bc187d73c5225c315f8423
Replace usage of ao2_container_alloc with ao2_container_alloc_hash or
ao2_container_alloc_list. Remove ao2_container_alloc macro.
Change-Id: I0907d78bc66efc775672df37c8faad00f2f6c088
When Asterisk's taskprocessors get overloaded we need to reduce the work
load. res_pjsip currently ignores new SIP requests and relies on SIP
retransmissions in the hope that the overload condition will clear soon
enough to handle the retransmitted SIP request.
This change adds the following code after ast_taskprocessor_alert_get()
has returned TRUE:
1- identifies transport type. If non-udp then send a 503 response
2- if transport type is udp/udp6 then ignore, as before.
Change-Id: I1c230b40d43a254ea0f226b7acf9ee480a5d3836
This patch adds new options 'trust_connected_line' and 'send_connected_line'
to the endpoint.
The option 'trust_connected_line' is to control if connected line updates
are accepted from this endpoint.
The option 'send_connected_line' is to control if connected line updates
can be sent to this endpoint.
The default value is 'yes' for both options.
Change-Id: I16af967815efd904597ec2f033337e4333d097cd
Ben Ford
Matthew Kern
Joseph Nadiv
Bernd Zobl
Joshua C. Colp
George Joseph
Sean Bright
Alexander Traud
Nick French
Alexander Greiner-Baer
Kevin Harwell
Torrey Searle
sungtae kim
Roger James
Joshua Colp
Dan Cropp
Alexei Gradinari
Torrey Searle
Corey Farrell
Chris-Savinovich