George Joseph [Fri, 13 Sep 2024 14:23:08 +0000 (08:23 -0600)]
res_stir_shaken.c: Fix crash when stir_shaken.conf is invalid
* If the call to ast_config_load() returns CONFIG_STATUS_FILEINVALID,
check_for_old_config() now returns LOAD_DECLINE instead of continuing
on with a bad pointer.
* If CONFIG_STATUS_FILEMISSING is returned, check_for_old_config()
assumes the config is being loaded from realtime and now returns
LOAD_SUCCESS. If it's actually not being loaded from realtime,
sorcery will catch that later on.
* Also refactored the error handling in load_module() a bit.
George Joseph [Wed, 11 Sep 2024 16:19:23 +0000 (10:19 -0600)]
res_stir_shaken: Check for disabled before param validation
For both attestation and verification, we now check whether they've
been disabled either globally or by the profile before validating
things like callerid, orig_tn, dest_tn, etc. This prevents useless
error messages.
app_chanspy.c: resolving the issue writing frame to whisper audiohook.
ChanSpy(${channel}, qEoSw): because flags set o, ast_audiohook_set_frame_feed_direction(audiohook, AST_AUDIOHOOK_DIRECTION_READ); this will effect whisper audiohook and spy audiohook, this makes writing frame to whisper audiohook impossible. So add function start_whispering to starting whisper audiohook.
Mike Bradeen [Wed, 21 Aug 2024 16:11:31 +0000 (10:11 -0600)]
res_pjsip_sdp_rtp: Use negotiated DTMF Payload types on bitrate mismatch
When Asterisk sends an offer to Bob that includes 48K and 8K codecs with
matching 4733 offers, Bob may want to use the 48K audio codec but can not
accept 48K digits and so negotiates for a mixed set.
Asterisk will now check Bob's offer to make sure Bob has indicated this is
acceptible and if not, will use Bob's preference.
Tinet-mucw [Fri, 30 Aug 2024 05:45:32 +0000 (13:45 +0800)]
app_chanspy.c: resolving the issue with audiohook direction read
ChanSpy(${channel}, qEoS): When chanspy spy the direction read, reading frame is often failed when reading direction read audiohook. because chanspy only read audiohook direction read; write_factory_ms will greater than 100ms soon, then ast_slinfactory_flush will being called, then direction read will fail.
George Joseph [Sat, 17 Aug 2024 18:13:40 +0000 (12:13 -0600)]
security_agreements.c: Refactor the to_str functions and fix a few other bugs
* A static array of security mechanism type names was created.
* ast_sip_str_to_security_mechanism_type() was refactored to do
a lookup in the new array instead of using fixed "if/else if"
statments.
* security_mechanism_to_str() and ast_sip_security_mechanisms_to_str()
were refactored to use ast_str instead of a fixed length buffer
to store the result.
* ast_sip_security_mechanism_type_to_str was removed in favor of
just referencing the new type name array. Despite starting with
"ast_sip_", it was a static function so removing it doesn't affect
ABI.
* Speaking of "ast_sip_", several other static functions that
started with "ast_sip_" were renamed to avoid confusion about
their public availability.
* A few VECTOR free loops were replaced with AST_VECTOR_RESET().
* Fixed a meomry leak in pjsip_configuration.c endpoint_destructor
caused by not calling ast_sip_security_mechanisms_vector_destroy().
* Fixed a memory leak in res_pjsip_outbound_registration.c
add_security_headers() caused by not specifying OBJ_NODATA in
an ao2_callback.
Alexei Gradinari [Fri, 23 Aug 2024 20:28:24 +0000 (16:28 -0400)]
res_pjsip_sdp_rtp fix leaking astobj2 ast_format
PR #700 added a preferred_format for the struct ast_rtp_codecs,
but when set the preferred_format it leaks an astobj2 ast_format.
In the next code
ast_rtp_codecs_set_preferred_format(&codecs, ast_format_cap_get_format(joint, 0));
both functions ast_rtp_codecs_set_preferred_format
and ast_format_cap_get_format increases the ao2 reference count.
Cade Parker [Wed, 7 Aug 2024 21:11:16 +0000 (16:11 -0500)]
chan_mobile: decrease CHANNEL_FRAME_SIZE to prevent delay
On modern Bluetooth devices or lower-powered asterisk servers, decreasing the channel frame size significantly improves latency and delay on outbound calls with only a mild sacrifice to the quality of the call (the frame size before was massive overkill to begin with)
George Joseph [Thu, 8 Aug 2024 16:57:14 +0000 (10:57 -0600)]
manager.c: Fix FRACK when doing CoreShowChannelMap in DEVMODE
If you run an AMI CoreShowChannelMap on a channel that isn't in a
bridge and you're in DEVMODE, you can get a FRACK because the
bridge id is empty. We now simply return an empty list for that
request.
Ben Ford [Tue, 21 May 2024 16:11:26 +0000 (11:11 -0500)]
channel: Add multi-tenant identifier.
This patch introduces a new identifier for channels: tenantid. It's
a stringfield on the channel that can be used for general purposes. It
will be inherited by other channels the same way that linkedid is.
You can set tenantid in a few ways. The first is to set it in the
dialplan with the Set and CHANNEL functions:
Another method is to use the new tenantid option for pjsip endpoints in
pjsip.conf:
[my_endpoint]
type=endpoint
tenantid=My tenant ID
This is considered the best approach since you will be able to see the
tenant ID as early as the Newchannel event.
It can also be set using set_var in pjsip.conf on the endpoint like
setting other channel variable:
set_var=CHANNEL(tenantid)=My tenant ID
Note that set_var will not show tenant ID on the Newchannel event,
however.
Tenant ID has also been added to CDR. It's read-only and can be accessed
via CDR(tenantid). You can also get the tenant ID of the last channel
communicated with via CDR(peertenantid).
Tenant ID will also show up in CEL records if it has been set, and the
version number has been bumped accordingly.
Fixes: #740
UserNote: tenantid has been added to channels. It can be read in
dialplan via CHANNEL(tenantid), and it can be set using
Set(CHANNEL(tenantid)=My tenant ID). In pjsip.conf, it is recommended to
use the new tenantid option for pjsip endpoints (e.g., tenantid=My
tenant ID) so that it will show up in Newchannel events. You can set it
like any other channel variable using set_var in pjsip.conf as well, but
note that this will NOT show up in Newchannel events. Tenant ID is also
available in CDR and can be accessed with CDR(tenantid). The peer tenant
ID can also be accessed with CDR(peertenantid). CEL includes tenant ID
as well if it has been set.
UpgradeNote: A new versioned struct (ast_channel_initializers) has been
added that gets passed to __ast_channel_alloc_ap. The new function
ast_channel_alloc_with_initializers should be used when creating
channels that require the use of this struct. Currently the only value
in the struct is for tenantid, but now more fields can be added to the
struct as necessary rather than the __ast_channel_alloc_ap function. A
new option (tenantid) has been added to endpoints in pjsip.conf as well.
CEL has had its version bumped to include tenant ID.
Mike Bradeen [Wed, 10 Jul 2024 18:58:44 +0000 (12:58 -0600)]
res_stasis: fix intermittent delays on adding channel to bridge
Previously, on command execution, the control thread was awoken by
sending a SIGURG. It was found that this still resulted in some
instances where the thread was not immediately awoken.
This change instead sends a null frame to awaken the control thread,
which awakens the thread more consistently.
Tinet-mucw [Fri, 2 Aug 2024 08:49:58 +0000 (16:49 +0800)]
res_pjsip_sdp_rtp.c: Fix DTMF Handling in Re-INVITE with dtmf_mode set to auto
When the endpoint dtmf_mode is set to auto, a SIP request is sent to the UAC, and the SIP SDP from the UAC does not include the telephone-event. Later, the UAC sends an INVITE, and the SIP SDP includes the telephone-event. In this case, DTMF should be sent by RFC2833 rather than using inband signaling.
George Joseph [Fri, 19 Jul 2024 14:46:31 +0000 (08:46 -0600)]
stir_shaken: CRL fixes and a new CLI command
* Fixed a bug in crypto_show_cli_store that was causing asterisk
to crash if there were certificate revocation lists in the
verification certificate store. We're also now prefixing
certificates with "Cert:" and CRLs with "CRL:" to distinguish them
in the list.
* Added 'untrusted_cert_file' and 'untrusted_cert_path' options
to both verification and profile objects. If you have CRLs that
are signed by a different CA than the incoming X5U certificate
(indirect CRL), you'll need to provide the certificate of the
CRL signer here. Thse will show up as 'Untrusted" when showing
the verification or profile objects.
* Fixed loading of crl_path. The OpenSSL API we were using to
load CRLs won't actually load them from a directory, only a file.
We now scan the directory ourselves and load the files one-by-one.
* Fixed the verification flags being set on the certificate store.
- Removed the CRL_CHECK_ALL flag as this was causing all certificates
to be checked for CRL extensions and failing to verify the cert if
there was none. This basically caused all certs to fail when a CRL
was provided via crl_file or crl_path.
- Added the EXTENDED_CRL_SUPPORT flag as it is required to handle
indirect CRLs.
* Added a new CLI command...
`stir_shaken verify certificate_file <certificate_file> [ <profile> ]`
which will assist troubleshooting certificate problems by allowing
the user to manually verify a certificate file against either the
global verification certificate store or the store for a specific
profile.
* Updated the XML documentation and the sample config file.
George Joseph [Wed, 17 Jul 2024 16:44:17 +0000 (10:44 -0600)]
bridge_softmix: Fix queueing VIDUPDATE control frames
softmix_bridge_write_control() now calls ast_bridge_queue_everyone_else()
with the bridge_channel so the VIDUPDATE control frame isn't echoed back.
softmix_bridge_write_control() was setting bridge_channel to NULL
when calling ast_bridge_queue_everyone_else() for VIDUPDATE control
frames. This was causing the frame to be echoed back to the
channel it came from. In certain cases, like when two channels or
bridges are being recorded, this can cause a ping-pong effect that
floods the system with VIDUPDATE control frames.
George Joseph [Mon, 12 Aug 2024 17:58:12 +0000 (11:58 -0600)]
res_resolver_unbound: Test for NULL ub_result in unbound_resolver_callback
The ub_result pointer passed to unbound_resolver_callback by
libunbound can be NULL if the query was for something malformed
like `.1` or `[.1]`. If it is, we now set a 'ns_r_formerr' result
and return instead of crashing with a SEGV. This causes pjproject
to simply cancel the transaction with a "No answer record in the DNS
response" error. The existing "off nominal" unit test was also
updated to check this condition.
Although not necessary for this fix, we also made
ast_dns_resolver_completed() tolerant of a NULL result.
George Joseph [Mon, 22 Jul 2024 14:05:03 +0000 (08:05 -0600)]
manager.c: Add entries to Originate blacklist
Added Reload and DBdeltree to the list of dialplan application that
can't be executed via the Originate manager action without also
having write SYSTEM permissions.
Added CURL, DB*, FILE, ODBC and REALTIME* to the list of dialplan
functions that can't be executed via the Originate manager action
without also having write SYSTEM permissions.
If the Queue application is attempted to be run by the Originate
manager action and an AGI parameter is specified in the app data,
it'll be rejected unless the manager user has either the AGI or
SYSTEM permissions.
George Joseph [Thu, 25 Jul 2024 12:53:43 +0000 (06:53 -0600)]
rtp_engine.c: Prevent segfault in ast_rtp_codecs_payloads_unset()
There can be empty slots in payload_mapping_tx corresponding to
dynamic payload types that haven't been seen before so we now
check for NULL before attempting to use 'type' in the call to
ast_format_cmp.
Note: Currently only chan_sip calls ast_rtp_codecs_payloads_unset()
res_pjsip_path.c: Fix path when dialing using PJSIP_DIAL_CONTACTS()
When using the PJSIP_DIAL_CONTACTS() function for use in the Dial()
command, the contacts are returned in text form, so the input to
the path_outgoing_request() function is a contact value of NULL.
The issue was reported in ASTERISK-28211, but was not actually fixed
in ASTERISK-30100. This fix brings back the code that was previously
removed and adds code to search for a contact to extract the path
value from it.
Mike Bradeen [Fri, 21 Jun 2024 22:56:11 +0000 (16:56 -0600)]
res_pjsip_sdp_rtp: Add support for default/mismatched 8K RFC 4733/2833 digits
After change made in 624f509 to add support for non 8K RFC 4733/2833 digits,
Asterisk would only accept RFC 4733/2833 offers that matched the sample rate of
the negotiated codec(s).
This change allows Asterisk to accept 8K RFC 4733/2833 offers if the UAC
offfers 8K RFC 4733/2833 but negotiates for a non 8K bitrate codec.
A number of corresponding tests in tests/channels/pjsip/dtmf_sdp also needed to
be re-written to allow for these scenarios.
George Joseph [Tue, 9 Jul 2024 02:07:25 +0000 (20:07 -0600)]
ast-db-manage: Remove duplicate enum creation
Remove duplicate creation of ast_bool_values from
2b7c507d7d12_add_queue_log_option_log_restricted_.py. This was
causing alembic upgrades to fail since the enum was already created
in fe6592859b85_fix_mwi_subscribe_replaces_.py back in 2018.
George Joseph [Wed, 3 Jul 2024 20:50:47 +0000 (14:50 -0600)]
security_agreement.c: Always add the Require and Proxy-Require headers
The `Require: mediasec` and `Proxy-Require: mediasec` headers need
to be sent whenever we send `Security-Client` or `Security-Verify`
headers but the logic to do that was only in add_security_headers()
in res_pjsip_outbound_register. So while we were sending them on
REGISTER requests, we weren't sending them on INVITE requests.
This commit moves the logic to send the two headers out of
res_pjsip_outbound_register:add_security_headers() and into
security_agreement:ast_sip_add_security_headers(). This way
they're always sent when we send `Security-Client` or
`Security-Verify`.
George Joseph [Wed, 8 May 2024 17:32:36 +0000 (11:32 -0600)]
stasis_channels: Use uniqueid and name to delete old snapshots
Whenver a new channel snapshot is created or when a channel is
destroyed, we need to delete any existing channel snapshot from
the snapshot cache. Historically, we used the channel->snapshot
pointer to delete any existing snapshots but this has two issues.
First, if something (possibly ast_channel_internal_swap_snapshots)
sets channel->snapshot to NULL while there's still a snapshot in
the cache, we wouldn't be able to delete it and it would be orphaned
when the channel is destroyed. Since we use the cache to list
channels from the CLI, AMI and ARI, it would appear as though the
channel was still there when it wasn't.
Second, since there are actually two caches, one indexed by the
channel's uniqueid, and another indexed by the channel's name,
deleting from the caches by pointer requires a sequential search of
all of the hash table buckets in BOTH caches to find the matching
snapshots. Not very efficient.
So, we now delete from the caches using the channel's uniqueid
and name. This solves both issues.
This doesn't address how channel->snapshot might have been set
to NULL in the first place because although we have concrete
evidence that it's happening, we haven't been able to reproduce it.
George Joseph [Tue, 9 Apr 2024 13:23:36 +0000 (07:23 -0600)]
app_voicemail_odbc: Allow audio to be kept on disk
This commit adds a new voicemail.conf option 'odbc_audio_on_disk'
which when set causes the ODBC variant of app_voicemail to leave
the message and greeting audio files on disk and only store the
message metadata in the database. This option came from a concern
that the database could grow to large and cause remote access
and/or replication to become slow. In a clustering situation
with this option, all asterisk instances would share the same
database for the metadata and either use a shared filesystem
or other filesystem replication service much more suitable
for synchronizing files.
The changes to app_voicemail to implement this feature were actually
quite small but due to the complexity of the module, the actual
source code changes were greater. They fall into the following
categories:
* Tracing. The module is so complex that it was impossible to
figure out the path taken for various scenarios without the addition
of many SCOPE_ENTER, SCOPE_EXIT and ast_trace statements, even in
code that's not related to the functional change. Making this worse
was the fact that many "if" statements in this module didn't use
braces. Since the tracing macros add multiple statements, many "if"
statements had to be converted to use braces.
* Excessive use of PATH_MAX. Previous maintainers of this module
used PATH_MAX to allocate character arrays for filesystem paths
and SQL statements as though they cost nothing. In fact, PATH_MAX
is defined as 4096 bytes! Some functions had (and still have)
multiples of these. One function has 7. Given that the vast
majority of installations use the default spool directory path
`/var/spool/asterisk/voicemail`, the actual path length is usually
less than 80 bytes. That's over 4000 bytes wasted. It was the
same for SQL statement buffers. A 4K buffer for statement that
only needed 60 bytes. All of these PATH_MAX allocations in the
ODBC related code were changed to dynamically allocated buffers.
The rest will have to be addressed separately.
* Bug fixes. During the development of this feature, several
pre-existing ODBC related bugs were discovered and fixed. They
had to do with leaving orphaned files on disk, not preserving
original message ids when moving messages between folders,
not honoring the "formats" config parameter in certain circumstances,
etc.
UserNote: This commit adds a new voicemail.conf option
'odbc_audio_on_disk' which when set causes the ODBC variant of
app_voicemail_odbc to leave the message and greeting audio files
on disk and only store the message metadata in the database.
Much more information can be found in the voicemail.conf.sample
file.
Tinet-mucw [Fri, 14 Jun 2024 02:16:36 +0000 (19:16 -0700)]
bridge_basic.c: Make sure that ast_bridge_channel is not destroyed while iterating over bridge->channels.
From the gdb information, we can see that while iterating over bridge->channels, the ast_bridge_channel reference count is 0, indicating it has already been destroyed.Additionally, when ast_bridge_channel is removed from bridge->channels, the bridge is first locked. Therefore, locking the bridge before iterating over bridge->channels can resolve the race condition.
Alexei Gradinari [Wed, 12 Jun 2024 21:18:05 +0000 (17:18 -0400)]
app_queue: Add option to not log Restricted Caller ID to queue_log
Add a queue option log-restricted-caller-id to strip the Caller ID when storing the ENTERQUEUE event
in the queue log if the Caller ID is restricted.
Resolves: #765
UpgradeNote: Add a new column to the queues table:
queue_log_option_log_restricted ENUM('0','1','off','on','false','true','no','yes')
to control whether the Restricted Caller ID will be stored in the queue log.
UserNote: Add a Queue option log-restricted-caller-id to control whether the Restricted Caller ID
will be stored in the queue log.
If log-restricted-caller-id=no then the Caller ID will be stripped if the Caller ID is restricted.
Alexei Gradinari [Thu, 13 Jun 2024 16:09:08 +0000 (12:09 -0400)]
pbx.c: expand fields width of "core show hints"
The current width for "extension" is 20 and "device state id" is 20, which is too small.
The "extension" field contains "ext"@"context", so 20 characters is not enough.
The "device state id" field, for example for Queue pause state contains Queue:"queue_name"_pause_PSJIP/"endpoint", so the 20 characters is not enough.
Increase the width of "extension" field to 30 characters and the width of the "device state id" field to 60 characters.
Resolves: #770
UserNote: The fields width of "core show hints" were increased.
The width of "extension" field to 30 characters and
the width of the "device state id" field to 60 characters.
Various SIP headers permit a URI to be prefaced with a `display-name`
production that can include characters (like commas and parentheses)
that are problematic for Asterisk's dialplan parser and, specifically
in the case of this patch, the PJSIP_PARSE_URI function.
This patch introduces a new function - `PJSIP_PARSE_URI_FROM` - that
behaves identically to `PJSIP_PARSE_URI` except that the first
argument is now a variable name and not a literal URI.
Bastian Triller [Fri, 7 Jun 2024 10:57:52 +0000 (12:57 +0200)]
cli: Show configured cache dir
Since Asterisk 19 it is possible to cache recorded files into another
directory [1] [2].
Show configured location of cache dir in CLI's core show settings.
Sean Bright [Thu, 23 May 2024 14:23:03 +0000 (10:23 -0400)]
xml.c: Update deprecated libxml2 API usage.
Two functions are deprecated as of libxml2 2.12:
* xmlSubstituteEntitiesDefault
* xmlParseMemory
So we update those with supported API.
Additionally, `res_calendar_caldav` has been updated to use libxml2's
xmlreader API instead of the SAX2 API which has always felt a little
hacky (see deleted comment block in `res_calendar_caldav.c`).
The xmlreader API has been around since libxml2 2.5.0 which was
released in 2003.
chrsmj [Thu, 16 May 2024 20:12:51 +0000 (14:12 -0600)]
cdr_pgsql: Fix crash when the module fails to load multiple times.
Missing or corrupt cdr_pgsql.conf configuration file can cause the
second attempt to load the PostgreSQL CDR module to crash Asterisk via
the Command Line Interface because a null CLI command is registered on
the first failed attempt to load the module.
Mike Bradeen [Mon, 8 Apr 2024 17:00:14 +0000 (11:00 -0600)]
rtp_engine: add support for multirate RFC2833 digits
Add RFC2833 DTMF support for 16K, 24K, and 32K bitrate codecs.
Asterisk currently treats RFC2833 Digits as a single rtp payload type
with a fixed bitrate of 8K. This change would expand that to 8, 16,
24 and 32K.
This requires checking the offered rtp types for any of these bitrates
and then adding an offer for each (if configured for RFC2833.) DTMF
generation must also be changed in order to look at the current outbound
codec in order to generate appropriately timed rtp.
For cases where no outgoing audio has yet been sent prior to digit
generation, Asterisk now has a concept of a 'preferred' codec based on
offer order.
On inbound calls Asterisk will mimic the payload types of the RFC2833
digits.
On outbound calls Asterisk will choose the next free payload types starting
with 101.
UserNote: No change in configuration is required in order to enable this
feature. Endpoints configured to use RFC2833 will automatically have this
enabled. If the endpoint does not support this, it should not include it in
the SDP offer/response.
Ivan Poddubny [Sun, 5 May 2024 12:53:11 +0000 (14:53 +0200)]
asterisk.c: Fix sending incorrect messages to systemd notify
Send "RELOADING=1" instead of "RELOAD=1" to follow the format
expected by systemd (see sd_notify(3) man page).
Do not send STOPPING=1 in remote console mode:
attempting to execute "asterisk -rx" by the main process leads to
a warning if NotifyAccess=main (the default) or to a forced termination
if NotifyAccess=all.
Include signal.h to avoid the following build failure with uclibc-ng
raised since
https://github.com/asterisk/asterisk/commit/2694792e13c7f3ab1911c4a69fba0df32c544177:
stasis/control.c: In function 'exec_command_on_condition':
stasis/control.c:313:3: warning: implicit declaration of function 'pthread_kill'; did you mean 'pthread_yield'? [-Wimplicit-function-declaration]
313 | pthread_kill(control->control_thread, SIGURG);
| ^~~~~~~~~~~~
| pthread_yield
stasis/control.c:313:41: error: 'SIGURG' undeclared (first use in this function)
313 | pthread_kill(control->control_thread, SIGURG);
| ^~~~~~
Naveen Albert [Wed, 9 Aug 2023 22:41:24 +0000 (22:41 +0000)]
res_pjsip_logger: Preserve logging state on reloads.
Currently, reloading res_pjsip will cause logging
to be disabled. This is because logging can also
be controlled via the debug option in pjsip.conf
and this defaults to "no".
To improve this, logging is no longer disabled on
reloads if logging had not been previously
enabled using the debug option from the config.
This ensures that logging enabled from the CLI
will persist through a reload.
ASTERISK-29912 #close
Resolves: #246
UserNote: Issuing "pjsip reload" will no longer disable
logging if it was previously enabled from the CLI.
Naveen Albert [Sat, 2 Dec 2023 23:07:02 +0000 (18:07 -0500)]
loader.c: Allow dependent modules to be unloaded recursively.
Because of the (often recursive) nature of module dependencies in
Asterisk, hot swapping a module on the fly is cumbersome if a module
is depended on by other modules. Currently, dependencies must be
popped manually by unloading dependents, unloading the module of
interest, and then loading modules again in reverse order.
To make this easier, the ability to do this recursively in certain
circumstances has been added, as an optional extension to the
"module refresh" command. If requested, Asterisk will check if a module
that has a positive usecount could be unloaded safely if anything
recursively dependent on it were unloaded. If so, it will go ahead
and unload all these modules and load them back again. This makes
hot swapping modules that provide dependencies much easier.
Resolves: #474
UserNote: In certain circumstances, modules with dependency relations
can have their dependents automatically recursively unloaded and loaded
again using the "module refresh" CLI command or the ModuleLoad AMI command.
Henrik Liljedahl [Thu, 11 Apr 2024 10:56:55 +0000 (12:56 +0200)]
res_pjsip_sdp_rtp.c: Initial RTP inactivity check must consider the rtp_timeout setting.
First rtp activity check was performed after 500ms regardless of the rtp_timeout setting. Having a call in ringing state for more than rtp_timeout and the first rtp package is received more than 500ms after sdp negotiation and before the rtp_timeout, erronously caused the call to be hungup. Changed to perform the first rtp inactivity check after the timeout setting preventing calls to be disconnected before the rtp_timeout has elapsed since sdp negotiation.
George Joseph [Tue, 23 Apr 2024 20:15:20 +0000 (14:15 -0600)]
tcptls/iostream: Add support for setting SNI on client TLS connections
If the hostname field of the ast_tcptls_session_args structure is
set (which it is for websocket client connections), that hostname
will now automatically be used in an SNI TLS extension in the client
hello.
Resolves: #713
UserNote: Secure websocket client connections now send SNI in
the TLS client hello.
George Joseph [Thu, 25 Apr 2024 17:56:15 +0000 (11:56 -0600)]
stir_shaken: Fix memory leak, typo in config, tn canonicalization
* Fixed possible memory leak in tn_config:tn_get_etn() where we
weren't releasing etn if tn or eprofile were null.
* We now canonicalize TNs before using them for lookups or adding
them to Identity headers.
* Fixed a typo in stir_shaken.conf.sample.
George Joseph [Sat, 27 Apr 2024 20:40:28 +0000 (14:40 -0600)]
make_buildopts_h: Always include DETECT_DEADLOCKS
Since DETECT_DEADLOCKS is now split from DEBUG_THREADS, it must
always be included in buildopts.h instead of only when
ADD_CFLAGS_TO_BUILDOPTS_H is defined. A SEGV will result otherwise.
Naveen Albert [Mon, 1 Apr 2024 21:16:29 +0000 (17:16 -0400)]
callerid.c: Parse previously ignored Caller ID parameters.
Commit f2f397c1a8cc48913434ebb297f0ff50d96993db previously
made it possible to send Caller ID parameters to FXS stations
which, prior to that, could not be sent.
This change is complementary in that we now handle receiving
all these parameters on FXO lines and provide these up to
the dialplan, via chan_dahdi. In particular:
* If a redirecting reason is provided, the channel's redirecting
reason is set. No redirecting number is set, since there is
no parameter for this in the Caller ID protocol, but the reason
can be checked to determine if and why a call was forwarded.
* If the Call Qualifier parameter is received, the Call Qualifier
variable is set.
* Some comments have been added to explain why some of the code
is the way it is, to assist other people looking at it.
With this change, Asterisk's Caller ID implementation is now
reasonably complete for both FXS and FXO operation.
George Joseph [Tue, 9 Apr 2024 20:49:36 +0000 (14:49 -0600)]
logger.h: Add SCOPE_CALL and SCOPE_CALL_WITH_RESULT
If you're tracing a large function that may call another function
multiple times in different circumstances, it can be difficult to
see from the trace output exactly which location that function
was called from. There's no good way to automatically determine
the calling location. SCOPE_CALL and SCOPE_CALL_WITH_RESULT
simply print out a trace line before and after the call.
The difference between SCOPE_CALL and SCOPE_CALL_WITH_RESULT is
that SCOPE_CALL ignores the function's return value (if any) where
SCOPE_CALL_WITH_RESULT allows you to specify the type of the
function's return value so it can be assigned to a variable.
SCOPE_CALL_WITH_INT_RESULT is just a wrapper for SCOPE_CALL_WITH_RESULT
and the "int" return type.
George Joseph [Tue, 2 Apr 2024 20:28:35 +0000 (14:28 -0600)]
rtp_engine and stun: call ast_register_atexit instead of ast_register_cleanup
rtp_engine.c and stun.c were calling ast_register_cleanup which
is skipped if any loadable module can't be cleanly unloaded
when asterisk shuts down. Since this will always be the case,
their cleanup functions never get run. In a practical sense
this makes no difference since asterisk is shutting down but if
you're in development mode and trying to use the leak sanitizer,
the leaks from both of those modules clutter up the output.
Naveen Albert [Mon, 1 Apr 2024 21:24:13 +0000 (17:24 -0400)]
func_callerid: Emit warning if invalid redirecting reason set.
Emit a warning if REDIRECTING(reason) is set to an invalid
reason, consistent with what happens when
REDIRECTING(orig-reason) is set to an invalid reason.
Naveen Albert [Fri, 29 Mar 2024 14:46:18 +0000 (10:46 -0400)]
chan_dahdi: Add DAHDIShowStatus AMI action.
* Add an AMI action to correspond to the "dahdi show status"
command, allowing span information to be retrieved via AMI.
* Show span number and sig type in "dahdi show channels".
Sperl Viktor [Thu, 28 Mar 2024 15:22:24 +0000 (16:22 +0100)]
res_pjsip_endpoint_identifier_ip: Add endpoint identifier transport address.
Add a new identify_by option to res_pjsip_endpoint_identifier_ip
called 'transport' this matches endpoints based on the bound
ip address (local) instead of the 'ip' option, which matches on
the source ip address (remote).
UserNote: set identify_by=transport for the pjsip endpoint. Then
use the existing 'match' option and the new 'transport' option of
the identify.
George Joseph [Mon, 1 Apr 2024 20:10:32 +0000 (14:10 -0600)]
res_stir_shaken: Fix compilation for CentOS7 (openssl 1.0.2)
* OpenSSL 1.0.2 doesn't support X509_get0_pubkey so we now use
X509_get_pubkey. The difference is that X509_get_pubkey requires
the caller to free the EVP_PKEY themselves so we now let
RAII_VAR do that.
* OpenSSL 1.0.2 doesn't support upreffing an X509_STORE so we now
wrap it in an ao2 object.
* OpenSSL 1.0.2 doesn't support X509_STORE_get0_objects to get all
the certs from an X509_STORE and there's no easy way to polyfill
it so the CLI commands that list profiles will show a "not
supported" message instead of listing the certs in a store.
George Joseph [Mon, 1 Apr 2024 12:30:54 +0000 (06:30 -0600)]
Fix incorrect application and function documentation references
There were a few references in the embedded documentation XML
where the case didn't match or where the referenced app or function
simply didn't exist any more. These were causing 404 responses
in docs.asterisk.org.
Sperl Viktor [Thu, 28 Mar 2024 13:20:26 +0000 (14:20 +0100)]
res_pjsip_endpoint_identifier_ip: Endpoint identifier request URI
Add ability to match against PJSIP request URI.
UserNote: this new feature let users match endpoints based on the
indound SIP requests' URI. To do so, add 'request_uri' to the
endpoint's 'identify_by' option. The 'match_request_uri' option of
the identify can be an exact match for the entire request uri, or a
regular expression (between slashes). It's quite similar to the
header identifer.
Naveen Albert [Tue, 26 Mar 2024 11:43:32 +0000 (07:43 -0400)]
chan_dahdi: Don't retry opening nonexistent channels on restart.
Commit 729cb1d390b136ccc696430aa5c68d60ea4028be added logic to retry
opening DAHDI channels on "dahdi restart" if they failed initially,
up to 1,000 times in a loop, to address cases where the channel was
still in use. However, this retry loop does not use the actual error,
which means chan_dahdi will also retry opening nonexistent channels
1,000 times per channel, causing a flood of unnecessary warning logs
for an operation that will never succeed, with tens or hundreds of
thousands of open attempts being made.
The original patch would have been more targeted if it only retried
on the specific relevant error (likely EBUSY, although it's hard to
say since the original issue is no longer available).
To avoid the problem above while avoiding the possibility of breakage,
this skips the retry logic if the error is ENXIO (No such device or
address), since this will never succeed.
Joshua Elson [Mon, 18 Mar 2024 19:14:36 +0000 (15:14 -0400)]
Implement Configurable TCP Keepalive Settings in PJSIP Transports
This commit introduces configurable TCP keepalive settings for both TCP and TLS transports. The changes allow for finer control over TCP connection keepalives, enhancing stability and reliability in environments prone to connection timeouts or where intermediate devices may prematurely close idle connections. This has proven necessary and has already been tested in production in several specialized environments where access to the underlying transport is unreliable in ways invisible to the operating system directly, so these keepalive and timeout mechanisms are necessary.
Martin Tomec [Tue, 6 Feb 2024 16:39:18 +0000 (17:39 +0100)]
res_pjsip_refer.c: Allow GET_TRANSFERRER_DATA
There was functionality in chan_sip to get REFER headers, with GET_TRANSFERRER_DATA variable. This commit implements the same functionality in pjsip, to ease transfer from chan_sip to pjsip.
Fixes: #579
UserNote: the GET_TRANSFERRER_DATA dialplan variable can now be used also in pjsip.
(cherry picked from commit cba82273ae789c193128589a6c3f3679782b1ccd)
Sean Bright [Wed, 20 Mar 2024 16:20:40 +0000 (12:20 -0400)]
alembic: Fix compatibility with SQLAlchemy 2.0+.
SQLAlchemy 2.0 changed the way that commits/rollbacks are handled
causing the final `UPDATE` to our `alembic_version_<whatever>` tables
to be rolled back instead of committed.
We now use one connection to determine which
`alembic_version_<whatever>` table to use and another to run the
actual migrations. This prevents the erroneous rollback.
This change is compatible with both SQLAlchemy 1.4 and 2.0.
jonatascalebe [Thu, 14 Mar 2024 18:53:43 +0000 (15:53 -0300)]
manager.c: Add new parameter 'PreDialGoSub' to Originate AMI action
manager.c: Add new parameter 'PreDialGoSub' to Originate AMI action
The action originate does not has the ability to run an subroutine at initial channel, like the Aplication Originate. This update give this ability for de action originate too.
For example, we can run a routine via Gosub on the channel to request an automatic answer, so the caller does not need to accept the call when using the originate command via manager, making the operation more efficient.
UserNote: When using the Originate AMI Action, we now can pass the PreDialGoSub parameter, instructing the asterisk to perform an subrouting at channel before call start. With this parameter an call initiated by AMI can request the channel to start the call automaticaly, adding a SIP header to using GoSUB, instructing to autoanswer the channel, and proceeding the outbuound extension executing. Exemple of an context to perform the previus indication:
[addautoanswer]
exten => _s,1,Set(PJSIP_HEADER(add,Call-Info)=answer-after=0)
exten => _s,n,Set(PJSIP_HEADER(add,Alert-Info)=answer-after=0)
exten => _s,n,Return()
Naveen Albert [Mon, 4 Dec 2023 17:58:17 +0000 (12:58 -0500)]
pbx_variables.c: Prevent SEGV due to stack overflow.
It is possible for dialplan to result in an infinite
recursion of variable substitution, which eventually
leads to stack overflow. If we detect this, abort
substitution and log an error for the user to fix
the broken dialplan.
Resolves: #480
UpgradeNote: The maximum amount of dialplan recursion
using variable substitution (such as by using EVAL_EXTEN)
is capped at 15.
res_prometheus: Fix duplicate output of metric and help text
The prometheus exposition format requires each line to be unique[1].
This is handled by struct prometheus_metric having a list of children
that is managed when registering a metric. In case the scrape callback
is used, it is the responsibility of the implementation to handle this
correctly.
Originally the bridge callback didn't handle NULL snapshots, the crash
fix lead to NULL metrics, and fixing that lead to duplicates.
The original code assumed that snapshots are not NULL and then relied on
"if (i > 0)" to establish the parent/children relationship between
metrics of the same class. This is not workerable as the first bridge
might be invisible/lacks a snapshot.
Fix this by keeping a separate array of the first metric by class.
Instead of relying on the index of the bridge, check whether the array
has an entry. Use that array for the output.
Add a test case that verifies that the help text is not duplicated.
projects / thirdparty / asterisk.git / log
