George Joseph [Wed, 21 Aug 2019 18:29:57 +0000 (12:29 -0600)]
chan_rtp: Accept hostname as well as ip address as destination
The UnicastRTP channel driver provided by chan_rtp now accepts
"<hostname>:<port>" as an alternative to "<ip_address>:<port>"
in the destination. The first AAAA (preferred) or A record resolved
will be used as the destination. The lookup is synchronous so beware
of possible dialplan delays if you specify a hostname.
George Joseph [Wed, 21 Aug 2019 17:03:26 +0000 (11:03 -0600)]
dns_core: Create new API ast_dns_resolve_ipv6_and_ipv4
The new function takes in a pointer to an ast_sockaddr structure,
a hostname and an optional port and then dispatches parallel
"AAAA" and "A" record queries. If an "AAAA" record is returned,
it's parsed into the ast_sockaddr structure along with the port
if it was supplied. If no "AAAA" record was returned, the
first "A" record returned (if any) is parsed instead.
This is a synchronous call. If you need asynchronous lookups,
use ast_dns_query_set_resolve_async and roll your own.
George Joseph [Tue, 20 Aug 2019 18:04:56 +0000 (12:04 -0600)]
res_ari.c: Prefer exact handler match over wildcard
Given the following request path and 2 handler paths...
Request: /channels/externalMedia
Handler: /channels/{channelId} "wildcard"
Handler: /channels/externalmedia "non-wildcard"
...if /channels/externalMedia was registered as a handler after
/channels/{channelId} as shown above, the request would automatically
match the wildcard handler and attempt to parse "externalMedia" into
the channelId variable which isn't what was intended. It'd work
if the non-wildard entry was defined in rest-api/api-docs/channels.json
before the wildcard entry but that makes the json files
order-dependent which isn't a good thing.
To combat this issue, the search loop saves any wildcard match but
continues looking for exact matches at the same level. If it finds
one, it's used. If it hasn't found an exact match at the end of
the current level, the wildcard is used. Regardless, after
searching the current level, the wildcard is cleared so it won't
accidentally match for a different object or a higher level.
BTW, it's currently not possible for more than 1 wildcard entry
to be defined for a level. For instance, there couldn't be:
Handler: /channels/{channelId}
Handler: /channels/{channelName}
We wouldn't know which one to match.
Sean Bright [Fri, 9 Aug 2019 20:53:03 +0000 (16:53 -0400)]
audiohook.c: Substitute silence for unavailable audio frames
There are 4 scenarios to consider when capturing audio from a channel
with an audiohook:
1. There is no rx and no tx audio, so return nothing.
2. There is rx but no tx audio, so return rx.
3. There is tx but no rx audio, so return tx.
4. There is rx and tx audio, so mix them and return.
The file passed as the primary argument to MixMonitor will be written to
in scenarios 2, 3, and 4. However, if you pass the r() and t() options
to MixMonitor, a frame will only be written to the r() file if there was
rx audio and a frame will only be written to the t() file if there was
tx audio.
If you subsequently take the r() and t() files and try to mix them, the
sides of the conversation will 'drift' and be non-representative of the
user experience.
This patch adds a new 'S' option to MixMonitor that injects a frame of
silence on either the r() side or the t() side of the channel so that
when later mixed, there is no such drift.
Alexei Gradinari [Wed, 14 Aug 2019 19:52:01 +0000 (15:52 -0400)]
app_voicemail/IMAP: check mailstream not NULL in leave_voicemail
The function leave_voicemail checks if expungeonhangup is set,
but does not check if IMAP stream is closed,
so it could call imap function with NULL stream.
This leads to segfault.
Kevin Harwell [Wed, 7 Aug 2019 22:54:34 +0000 (17:54 -0500)]
srtp: Fix possible race condition, and add NULL checks
Somehow it's possible for the srtp session object to be NULL even though the
Asterisk srtp object itself is valid. When this happened it would cause a
crash down in the srtp code when attempting to protect or unprotect data.
After looking at the code there is at least one spot that makes this situation
possible. If Asterisk fails to unprotect the data, and after several retries
it still can't then the srtp->session gets freed, and set to NULL while still
leaving the Asterisk srtp object around. However, according to the original
issue reporter this does not appear to be their situation since they found
no errors logged stating the above happened (which Asterisk does for that
situation).
An issue was found however, where a possible race condition could occur between
the pjsip incoming negotiation, and the receiving of RTP packets. Both places
could attempt to create/setup srtp for the same rtp instance at the same time.
This potentially could be the cause of the problem as well.
Given the above this patch adds locking around srtp setup for a given rtp, or
rtcp instance. NULL checks for the session have also been added within the
protect and unprotect functions as a precaution. These checks should at least
stop Asterisk from crashing if it gets in this situation again.
This patch also fixes one other issue noticed during investigation. When doing
a replace the old object was freed before creating the replacement. If the new
replacement object failed to create then the rtp/rtcp instance would now point
to freed srtp data which could potentially cause a crash as well when the next
attempt to reference it was made. This is now fixed so the old srtp object is
kept upon replacement failure.
Lastly, more logging has been added to help diagnose future issues.
George Joseph [Thu, 8 Aug 2019 12:12:18 +0000 (06:12 -0600)]
CI: Add "throttle" label and "skip_gate" capability
To make throttling by label fully active, the "throttle" option
has to be specified with a specific label.
You can now specify "skip_gate" in the Gerrit comments when you
do a +2 code review to tell Jenkins not to actually run the
gate. You'd do this if you plan to manually merge the change.
Also updated the "printenv" debug output to better sort multi-line
comments.
Joshua Colp [Mon, 5 Aug 2019 12:23:53 +0000 (09:23 -0300)]
cdr / cel: Use event time at event creation instead of processing.
When updating times on CDR or CEL records using the time at which
it is done can result in times being incorrect if the system is
heavily loaded and stasis message processing is delayed.
This change instead makes it so CDR and CEL use the time at which
the stasis messages that drive the systems are created. This allows
them to be backed up while still producing correct records.
George Joseph [Tue, 6 Aug 2019 15:40:54 +0000 (09:40 -0600)]
CI: Make node labels job-specific
Originally, the eligible nodes for a job were labelled only by
"swdev-docker". So basically any node could run any job. We had
found that allowing a node to run more than 1 gate at a time was
problematic so we limited the nodes to processing 1 job at a time.
With the creation of the Asterisk 17 branches however, we now have
so many active branches that getting checks and gates through in
a timely manner is problematic when a node can run only 1 job
at a time.
Now the nodes are also labelled by the job type they can run.
For instance: "asterisk-check", "asterisk-gate", etc. With the
"Throttle Concurrent Builds" plugin, we can now allow a node to
run more than 1 job BUT throttle by job type. For instance:
Allow 2 jobs but only 1 asterisk-gate at a time.
Now a node can run 2 checks or 1 check and 1 gate or 1 gate but
not 2 gates at a time.
Kevin Harwell [Thu, 1 Aug 2019 21:22:01 +0000 (16:22 -0500)]
various modules: json integer overflow
There were still a few places in the code that could overflow when "packing"
a json object with a value outside the base type integer's range. For instance:
unsigned int value = INT_MAX + 1
ast_json_pack("{s: i}", value);
would result in a negative number being "packed". In those situations this patch
alters those values to a ast_json_int_t, which widens the value up to a long or
long long.
Joshua Colp [Thu, 1 Aug 2019 10:07:45 +0000 (10:07 +0000)]
res_pjsip: Fix multiple of the same contact in "pjsip show contacts".
The code for gathering contacts could result in the same contact
being retrieved and added to the list multiple times. The container
which stores the contacts to display will now only allow a contact
to be added to it once instead of multiple times.
Sean Bright [Wed, 24 Jul 2019 20:12:49 +0000 (16:12 -0400)]
manager: Send fewer packets
The functions that build manager message headers do so in a way that
results in a single messages being split across multiple packets. While
this doesn't matter to the remote end, it makes network captures noisier
and harder to follow, and also means additional system calls.
With this patch, we build up more of the message content into the TLS
buffer before flushing to the network. This change is completely
internal to the manager code and does not affect any of the existing
API's consumers.
George Joseph [Mon, 29 Jul 2019 13:31:56 +0000 (07:31 -0600)]
loader.c: Fix possible SEGV when a module fails to register
When a module fails to register itself (usually a coding error
in the module), dlerror() can return NULL. We weren't checking
for that in load_dlopen() before trying to strdup the error message
so a SEGV was thrown. dlerror() is now surrounded with an S_OR
so we don't SEGV.
George Joseph [Wed, 24 Jul 2019 20:15:27 +0000 (14:15 -0600)]
CI: Don't enable non-core modules in Certified branches
We don't support non-core modules for Certified releases but we
were enabling them for CI builds which was causing lots of test
failures. Now we don't.
Details:
- The memcpy() call copied part of "dahdi_conf" and not "dahdi_conf.mfcr2"
- As a result, the memcmp() in dahdi_r2_get_link() always fails
- This cause dahdi_r2_get_link() to create new link for every channel
(instead of a new link for every ~30 channels)
- With the fix, far less links are generated -- so we use far less threads
George Joseph [Fri, 19 Jul 2019 16:20:38 +0000 (10:20 -0600)]
CI: Add cleanWs to cleanup steps in jenkinsfiles
We're at the point where there are enough Jenkins jobs for
Asterisk branches than even cleaned checkouts of Asterisk
will add up to more disk space than is available on the
in-memory workspace mount. Since we archive all relevent
artifacts anyway, there's no need to keep the workspace
around after the job finishes, whether it succeeds or fails.
Dan Cropp [Tue, 2 Apr 2019 19:42:44 +0000 (14:42 -0500)]
chan_pjsip: Transmit REFER waits for the REFER result setting TRANSFERSTATUS
Previously, when a Transfer (REFER) was performed, chan_pjsip would set
the TRANSFERSTATUS to SUCCESS when the REFER was queued up. This did not
reflect a successful/unsuccessful transfer the way chan_sip did.
Added a callback module to process the refer subscription information.
Now depends on res_pjsip_pubsub so call transfer progress can be monitored
and reported
ASTERISK-26968 #close Reported-by: Dan Cropp
Change-Id: If6c27c757c66f71e8b75e3fe49da53ebe62395dc
Walter Doekes [Wed, 17 Jul 2019 13:06:12 +0000 (15:06 +0200)]
sched: Don't allow ast_sched_del to deadlock ast_sched_runq from same thread
When fixing ASTERISK~24212, a change was done so a scheduled callback could not
be removed while it was running. The caller of ast_sched_del would have to wait.
However, when the caller of ast_sched_del is the callback itself (however wrong
this might be), this new check would cause a deadlock: it would wait forever
for itself.
This changeset introduces an additional check: if ast_sched_del is called
by the callback itself, it is immediately rejected (along with an ERROR log and
a backtrace). Additionally, the AST_SCHED_DEL_UNREF macro is adjusted so the
after-ast_sched_del-refcall function is only run if ast_sched_del returned
success.
This should fix the following spurious race condition found in chan_sip:
- thread 1: schedule sip_poke_peer_now (using AST_SCHED_REPLACE)
- thread 2: run sip_poke_peer_now
- thread 2: blank out sched-ID (too soon!)
- thread 1: set sched-ID (too late!)
- thread 2: try to delete the currently running sched-ID
After this fix, an ERROR would be logged, but no deadlocks (in do_monitor) nor
excess calls to sip_unref_peer(peer) (causing double frees of rtp_instances and
other madness) should occur.
(Thanks Richard Mudgett for reviewing/improving this "scary" change.)
Note that this change does not fix the observed race condition: unlocked
access to peer->pokeexpire (and potentially other scheduled items in chan_sip),
causing AST_SCHED_DEL_UNREF to look at a changing id. But it will make the
deadlock go away. And in the observed case, it will not have adverse affects
(like memory leaks) because the scheduled item is removed through a different
path.
George Joseph [Tue, 16 Jul 2019 13:15:14 +0000 (07:15 -0600)]
Build: Add separate header install/uninstall targets
Two new Makefile targets have been added... "install-headers" and
"uninstall-headers" to separately control header installation.
The existing behavior has not changed so "make install" and
"make uninstall" will continue to also install/uninstall the headers.
The new targets were added for forward compatibility with Asterisk 17
in which the headers are no longer installed/uninstalled with the
"install" and "uninstall" targets.
Also corrects an issue where /usr/include/asterisk.h was never
being removed at all.
chan_sip: Handle invalid SDP answer to T.38 re-invite
The chan_sip module performs a T.38 re-invite using a single media
stream of udptl, and expects the SDP answer to be the same.
If an SDP answer is received instead that contains an additional
media stream with no joint codec a crash will occur as the code
assumes that at least one joint codec will exist in this
scenario.
Fixes a crash in chan_dahdi occurring on 32-bit systems. A previous
patch introduced a variable of type unassigned long long which is 64-bits.
Casting it as 'ast_json_int_t' along with JSON type 'I' makes it work
with 32-bit systems.
George Joseph [Thu, 27 Jun 2019 17:46:44 +0000 (11:46 -0600)]
pjproject_bundled: Add peer information to most SSL/TLS errors
Most SSL/TLS error messages coming from pjproject now have either
the peer address:port or peer hostname, depending on what was
available at the time and code location where the error was
generated.
George Joseph [Wed, 19 Jun 2019 16:58:39 +0000 (10:58 -0600)]
CI: New way to determnine libdir
We were using the presence of /usr/lib64 to determine where
shared libraries should be installed. This only existed on
Redhat based systems and was safe. If it existed, use it,
otherwise use /usr/lib.
Unfortunately, Ubuntu 19 decided to create a /usr/lib64 BUT
NOT INCLUDE IT IN THE DEFAULT ld.so.conf. So if anything is
installed there, it won't work.
The new method, just looks for $ID in /etc/os-release and if it's
centos or fedora, uses /usr/lib64 and if ubuntu, uses /usr/lib.
NOTE: This applies only to the CI scripts. Normal asterisk
build and install is not affected.
George Joseph [Mon, 17 Jun 2019 17:11:49 +0000 (11:11 -0600)]
chan_dahdi: Address gcc9 issues
Fixed format-truncation issues in chan_dahdi.c and
sig_analog.c. Since they're related to fields provided
by dahdi-tools we can't change the buffer sizes so we're just
checking the return from snprintf and printing an errior if we
overflow.
Alexei Gradinari [Fri, 14 Jun 2019 20:45:39 +0000 (16:45 -0400)]
translate.c do not log WARNING on empty audio frame
There is WARNING "no samples for ..." on each Playtones.
The function ast_playtones_start calls ast_activate_generator,
which calls ast_prod.
The function ast_prod calls ast_write with empty audio frame.
In this case it's spam log.
George Joseph [Mon, 10 Jun 2019 21:58:59 +0000 (15:58 -0600)]
app_confbridge: Attended transfer event fixup
When a channel already in a conference bridge is attended transfered
to another extension, or when an existing call is attended
transferred into a conference bridge, we now generate ConfbridgeJoin
and ConfbridgeLeave events for the entering and departing channels.
Joshua Colp [Tue, 11 Jun 2019 12:26:42 +0000 (09:26 -0300)]
res_rtp_asterisk: Add support for DTLS packet fragmentation.
This change adds support for larger TLS certificates by allowing
OpenSSL to fragment the DTLS packets according to the configured
MTU. By default this is set to 1200.
This is accomplished by implementing our own BIO method that
supports MTU querying. The configured MTU is returned to OpenSSL
which fragments the packet accordingly. When a packet is to be
sent it is done directly out the RTP instance.
agupta [Thu, 6 Jun 2019 12:48:18 +0000 (18:18 +0530)]
chan_pjsip.c: Check for channel and session to not be NULL in hangup
We have seen some rare case of segmentation fault in hangup function
and we could notice that channel pointer was NULL. Debug log shows
that there is a 200 OK answer and SIP timeout at the same time. It
looks that while the SIP session was being destroyed due to timeout
call hangup due to answer event lead to race condition and channel
is being destroyed from two different places. The check ensures we
check it not to be NULL before freeing it.
Fixes an error occurring in function pgsql_reconnect() caused when value of
hostname is blank. Which in turn will cause the connection string to look
like this: "host= port=xx", which creates a sintax error. This fix now checks
if the corresponding values for host, port, dbname, and user are blank. Note
that since this is a reconnect function the database library will replace any
missing value pairs with default ones.
[custom_atxfer]
exten => s,1,
same => n,Playback(pbx-transfer)
same => n,Read(dest,dial,10,i,3,3)
same => n,AttendedTransfer(${dest})
same => n,Return()
Alexei Gradinari [Wed, 29 May 2019 22:54:16 +0000 (18:54 -0400)]
res_fax: gateway sends T.38 request to both endpoints if V.21 detected
According T.38 Gateway 'Use case 3'
https://wiki.asterisk.org/wiki/display/AST/T.38+Gateway
T.38 Gateway should send T.38 negotiation request to called endpoint
if FAX preamble (using V.21 detector) generated by called endpoint.
But it does not, because fax_gateway_detect_v21 constructs T.38
negotiation request, but forwards it only to other channel,
not to the channel on which FAX preamble is detected.
Some SIP endpoints could be improperly configured to rely on the other side
to initiate T.38 re-INVITEs.
With this patch the T.38 Gateway tries to negotiate with both sides
by sending T.38 negotiation request to both endpoints supported T.38.
Alexei Gradinari [Tue, 28 May 2019 22:15:40 +0000 (18:15 -0400)]
res_fax: add channel name to CLI 'fax show session'
This patch adds a channel name to output of CLI 'fax show session'
and also expands the channel name field up to 30 characters on
CLI 'fax show sessions'
Alexei Gradinari [Tue, 28 May 2019 20:35:17 +0000 (16:35 -0400)]
res_fax: fix segfault on inactive "reserved" fax session
The change #10017 "Handle fax gateway being started more than once"
introdiced a bug which leads to segfault in res_fax_spandsp.
The res_fax_spandsp module does not support reserving sessions, so
fax_session_reserve returns a fax session with state AST_FAX_STATE_INACTIVE.
The fax_gateway_start does not create a real fax session if the fax session
is already present and the state is not AST_FAX_STATE_RESERVED.
But the "reserved" session created for res_fax_spandsp has state
AST_FAX_STATE_INACTIVE, so fax_gateway_start not starting.
Then when fax_gateway_framehook is called and gateway T.38 state is
NEGOTIATED the call of gateway->s->tech->write(gateway->s, f) leads to
segfault, because session tech_pvt is not set, i.e. the tech session
was not initialized/started.
This patch adds check also on AST_FAX_STATE_INACTIVE to the "reserved"
session created for res_fax_spandsp will start.
This patch also adds extra check and log ERROR if tech_pvt is not set
before call tech->write.
projects / thirdparty / asterisk.git / log
