HCOLON = *( LOWCTL / SP ) ":" SWS
LOWCTL = %x00-1F ; CTL without DEL
This discrepancy meant that SIP proxies in front of Asterisk with
chan_sip could pass on unknown headers with \x00-\x1F in them, which
would be treated by Asterisk as a different (known) header. For
example, the "To\x01:" header would gladly be forwarded by some proxies
as irrelevant, but chan_sip would treat it as the relevant "To:" header.
Those relying on a SIP proxy to scrub certain headers could mistakenly
get unexpected and unvalidated data fed to Asterisk.
This change fixes so chan_sip only considers SP/HTAB as valid tokens
before the colon, making it agree on the headers with other speakers of
SIP.
Joshua Colp [Tue, 15 Nov 2016 00:18:21 +0000 (00:18 +0000)]
res_format_attr_opus: Fix crash when fmtp contains spaces.
When an opus offer or answer was received that contained an
fmtp line with spaces between the attributes the module would
fail to properly parse it and crash due to recursion.
This change makes the module handle the space properly and
also removes the recursion requirement.
Richard Mudgett [Tue, 6 Dec 2016 22:45:38 +0000 (16:45 -0600)]
Bundled pjproject: Fix finding SIP transactions.
Occasionally SIP message transactions are not found when they should be.
In the particular case an incoming INVITE transaction is CANCELed but the
INVITE transaction cannot be found so a 481 response is returned for the
CANCEL. The problematic calls have a '_' character in the Via branch
parameter.
The problem is in the pjproject PJ_HASH_USE_OWN_TOLOWER feature's code.
The problem with the "own tolower" code is that it does not calculate the
same hash value as when the pj_tolower() function is used. The "own
tolower" code will erroneously modify the ASCII characters '@', '[', '\\',
']', '^', and '_'. Calls to pj_hash_calc_tolower() can use the
PJ_HASH_USE_OWN_TOLOWER substitute algorithm when enabled. Calls to
pj_hash_get_lower(), pj_hash_set_lower(), and pj_hash_set_np_lower() call
find_entry() which never uses the PJ_HASH_USE_OWN_TOLOWER algorithm. As a
result you may not be able to find a hash tabled entry because the
calculated hash values would differ.
George Joseph [Tue, 6 Dec 2016 18:06:45 +0000 (11:06 -0700)]
pjproject_bundled: Fix missing inclusion of symbols
Added back in a -g3, and an -O3 when DONT_OPTIMIZE is not set, to
the CFLAGS. Not sure how they went missing.
Also fixed an uninstall problem where we weren't removing the
symlink from libasteriskpj.so.2 to libasteriskpj.so. While I was
there, I fixed it for libasteriskssl as well.
Increasing the testsuite shutdown timeout before forcibly killing
Asterisk allowed more events to be sent out. Some tests failed as
a result. The tests/channels/pjsip/statsd/registrations failed
because we now get the statsd events that a comment in the test
configuration stated couldn't be intercepted. Unfortunately, we
get a variable number of events because of internal status state
transition races generating redundant statsd events.
We were reporting redundant statsd PJSIP.registrations.state changes
for internal state changes that equated to the same thing publicly.
* Made update_client_state_status() filter out redundant statsd
updates.
Guido Falsi [Tue, 22 Nov 2016 17:20:06 +0000 (18:20 +0100)]
res_rtp: Fix regression when IPv6 is not available.
The latest Release candidate fails to create RTP streams when IPv6
is not available. Due to the changes made in September the ast_sockaddr
structure passed around to create these streams is always of AF_INET6
type, causing failure when used for IPv4. This patch adds a utility
function to check for availability of IPv6 and applies such check
at startup to determine how to create the ast_sockaddr structures.
res_calendar_caldav: Add support reading gmail calendar
The response from gmail calendar includes the string name
"caldav:calendar-data". res_calendar_caldav implements
the example included in RFC 4791: string "C:calendar-data".
When reading the calendar, res_calendar_caldav compare the
string and if does not match just discards the event.
This commit compares the response to both strings,
successfully loading gmail calendar events.
Writing to gmail calendar is working prior to this fix.
Richard Mudgett [Thu, 24 Nov 2016 00:27:54 +0000 (18:27 -0600)]
PJPROJECT logging: Made easier to get available logging levels.
Use of the new logging is as simple as issuing the new CLI command or
setting the new pjproject.conf option.
Other options that can affect the logging are how you have the pjproject
log levels mapped to Asterisk log types in pjproject.conf and if you have
configured Asterisk to log the DEBUG type messages. Altering the
pjproject.conf level mapping shouldn't be necessary for most installations
as the default mapping is sensible. Configuring Asterisk to log the DEBUG
message type is standard practice for collecting debug information.
* Added CLI "pjproject set log level" command to dynamically adjust the
maximum pjproject log message level.
* Added CLI "pjproject show log level" command to see the currently set
maximum pjproject log message level.
* Added pjproject.conf startup section "log_level" option to set the
initial maximum pjproject log message level so all messages could be
captured from initialization.
* Set PJ_LOG_MAX_LEVEL to 6 to compile in all defined logging levels into
bundled pjproject. Pjproject will use the currently set run time log
level to determine if a log message is generated just like Asterisk
verbose and debug logging levels.
* In log_forwarder(), made always log enabled and mapped pjproject log
messages. DEBUG mapped log messages are no longer gated by the current
Asterisk debug logging level.
* Removed RAII_VAR() from res_pjproject.c:get_log_level().
The recent change that made frame deferral into an API had a behavior
change to it. When frame deferral was completed, we would take all of
the deferred frames and queue them all onto the channel in one call to
ast_queue_frame_head(). Before frame deferral was API-ized, places that
performed manual frame deferral would actually take each deferred frame
and queue them onto the channel.
This change in behavior caused the confbridge_recording test to start
failing consistently. Without going too crazily deep into the details,
a channel was getting "stuck" in an ast_safe_sleep(). An AMI redirect
was attempting to break it out of the sleep, but because there were more
frames in the channel read queue than expected, the channel ended up
being unable to break from its sleep loop.
By restoring the behavior of individual frame queuing after deferral,
the test starts passing again.
Note, this points to a potential underlying issue pointing to an
"unbalance" that can occur when queuing multiple frames at once,
and so a follow-up issue is being created to investigate that
possibility.
Tzafrir Cohen [Tue, 28 Jun 2016 21:26:59 +0000 (23:26 +0200)]
OpenSSL 1.1.0 support
OpenSSL 1.1.0 includes some major changes in the interface. See
https://wiki.openssl.org/index.php/1.1_API_Changes .
Status: Right now there are still a few deprecation notes with OpenSSL
1.1.0. But it's a start.
Changes:
* CRYPTO_LOCK is no longer available. Replace it with its value for now.
I don't completely understand what it is used for there.
* Remove several functions from libasteriskssl that seem to no longer be
needed.
* Structures have become opaque and are accesses with accessors.
* ERR_remove_thread_state() no longer needed.
* SSLv2 code now could no longer be used in 1.1.
Matt Jordan [Tue, 22 Nov 2016 16:27:46 +0000 (10:27 -0600)]
res_pjsip/chan_sip: Advertise 'ws' in the SIP URI transport parameter
Per RFC 7118 5.2, the SIP URI 'transport' parameter should advertise
'ws' when WebSockets are to be used as the transport. This applies to
both secure and insecure WebSockets.
There were two bugs in Asterisk with respect to this:
(1) The most egregious occurs in res_pjsip. There, we advertise 'ws' for
insecure websockets and 'wss' for secure websockets. While this
would seem to make sense - since 'WS' and 'WSS' are used for the Via
Transport parameter - this is not the case for the SIP URI. This
patch corrects that by registering the secure websockets with
pjproject using the shorthand 'WS', and by returning 'ws' when asked
for the transport parameter. Note that in pjproject, it is perfectly
valid to have multiple transports use the same shorthand.
(2) In chan_sip, we return an upper-case version of the transport 'WS'
instead of 'ws'. Since we should be strict in what we send and
liberal in what we accept (within reason), this patch lower-cases
the transport before appending it to the parameter.
Timo Teräs [Thu, 17 Nov 2016 14:25:41 +0000 (16:25 +0200)]
codec_dahdi: Fix poll.h include.
POSIX defines poll.h. sys/poll.h should not be used as it is c-library
internal header which may or may not exist. Notably in musl including
sys/poll.h generates warning of being incorrect.
Michael Kuron [Sat, 26 Nov 2016 16:57:03 +0000 (17:57 +0100)]
chan_sip: Fix segfault during module unload
If a TCP/TLS connection was pending (not accepted and not timed out) during
unload of chan_sip, Asterisk would segfault when trying to send a signal to
a thread whose thread ID hadn't been recorded yet. This commit fixes that by
recording the thread ID before calling the blocking connect() syscall.
This was a regression introduced by 776a14386a55b5425c7e9617eff8af8b45427144.
The above wasn't enough to fix the segfault, which was now delayed to the
point where connect() timed out. Therefore, it was necessary to also remove
the SA_RESTART flag from the SIGURG sigaction so that pthread_kill() could be
used to interruput the connect() syscall.
This was a regression introduced by 5d313f51b982a18f7321adcf7c7a4e822d8b2714.
gestoip2 [Fri, 11 Nov 2016 14:16:50 +0000 (14:16 +0000)]
res_rtp_asterisk: RTT miscalculation in RTCP
When retrieving RTCP stats for PJSIP channels, RTT values are unreliable.
RTT calculation is correct, but the data representation isn't. RTT is
represented by a 32-bit fixed-point number with the integer part in the
first 16 bits and the fractional part in the last 16 bits. In order to
get the RTT value, the fractional part is miscalculated, there is an
unnecessary 16 bit shift that causes overflow. Besides this there is
another mistake, when transforming the integer value to the fixed point
fractional part via bitwise operation, that loses precision.
* RTT fractional part is no longer shifted, avoiding overflow.
* RTT fractional part is transformed to its fixed-point value more
precisely.
* Fixed timeval2ntp() and ntp2timeval() second fraction conversions.
* Fixed NTP timestamp report logging. The usec was inexplicably
multiplied by 4096.
ASTERISK-26566 #close
Reported by Hector Royo Concepcion
Michael Kuron [Tue, 15 Nov 2016 19:44:13 +0000 (20:44 +0100)]
tcptls: Use new certificate upon sip reload
Previously, a TLS server socket would only be restarted upon sip reload if the
bind address had changed. This commit adds checking for changes to TLS
parameters like certificate, ciphers, etc. so they get picked up without
requiring a reload of the entire chan_sip module. This does not affect open
connections in any way, but new connections will use the new TLS parameters.
The changes also apply to HTTP and Manager.
Timo Teräs [Fri, 11 Nov 2016 06:29:40 +0000 (08:29 +0200)]
addons/chan_mobile: do not use strerror_r
The two reasons why it might be used are that some systems do not
implement strerror in thread safe manner, and that strerror_r returns
the error code in the string in case there's no error message.
However, all of asterisk elsewhere uses strerror() and assumes it
to be thread safe. And in chan_mobile the errno is also explicitly
printed so neither of the above reasons are valid.
The reasoning to remove usage is that there are actually two versions
of strerror_r: XSI and GNU. They are incompatible in their return
value, and there's no easy way to figure out which one is being
used. glibc gives you the GNU version if _GNU_SOURCE is defined,
but the same feature test macro is needed for other symbols. On
all other systems you assumedly get XSI symbol, and compilation warnings
as well as non-working error printing.
Thus the easiest solution is to just remove strerror_r and use
strerror as rest of the code. Alternative is to introduce ast_strerror
in separate translation unit so it can request the XSI symbol in
glibc case, and replace all usage of strerror.
George Joseph [Mon, 21 Nov 2016 15:40:59 +0000 (08:40 -0700)]
build: Backport addition of librt check to configure.ac
A while back, a master-only change was made to check for librt which
should probably have been cherry-picked to 13 at that time. Sometime
between then and now, part of that change did make it into 13 but it
was incomplete and non-functional. This patch backports the rest
of the librt check and allows the link of libasteriskpj to use the
results.
George Joseph [Wed, 16 Nov 2016 18:05:43 +0000 (11:05 -0700)]
pjproject_bundled: Improve reliability of pjproject download
The download process now has a timeout which will cause wget to retry
if it stops retrieving data for 5 seconds and fetch and curl to timeout
if the whole retrieval take smore than 30 seconds.
If the tarball retrieval works, the MD5SUM file is retrieved from
the downloads site and the md5 checksum is verified.
If either the tarball retrieval or MD5SUM retrieval fails, or the
checksums don't match, the entire process is retried once. If it
fails again, any incomplete tarball is deleted.
.DELETE_ON_ERROR: was also added to the Makefile. Not only does
this delete the tarball on failure, it till also delete corrupted
library files from the pjproject source directory should they
fail to build correctly.
Tested all the way back to FreeBSD 9, CentOS 6, Debian 6 and
Ubuntu 14.
George Joseph [Thu, 17 Nov 2016 02:24:08 +0000 (19:24 -0700)]
build: Various OpenBSD issues
OpenBSD's 'find' doesn't take the -delete argument so you have to pipe
through 'xargs rm -rf'.
'echo -e' doesn't like \t starting a line. It just prints 't' which
causes the libasteriskpj.exports file to be garbage. They were just
cosmetic so they were removed.
librt doesn't exist so the link of libasteriskpj.so fails. It's not
actually needed for linux anyway so -lrt was removed from the link.
res_rtp_asterisk was failing to load because of an undefined
DTLS_method. '|| defined(LIBRESSL_VERSION_NUMBER)' was added to the #if
so DTLSv1_method is used instead.
Mark Michelson [Wed, 16 Nov 2016 21:42:39 +0000 (15:42 -0600)]
res_format_attr_opus: Fix fmtp generation.
res_format_attr_opus assumed that the string being passed into it was
empty. It tried to determine if the only thing it had written was
a=fmtp:<num>
And if it had, it would reset the string. Its calculation was off when
working with chan_sip, though. chan_sip passes the entire built SDP
rather than an empty string. This resulted in always putting an empty
fmtp line in the SDP.
Richard Mudgett [Tue, 15 Nov 2016 22:23:35 +0000 (16:23 -0600)]
codec_opus: Fix warning when Opus negotiated but codec_opus not loaded.
When Opus is negotiated but not loaded, the log is spammed with messages
because the system does not know how to calculate the number of samples in
a frame.
* Suppress the warning by supplying a function that assumes 20ms of
samples in the frame. For pass through support it doesn't really seem to
matter what number of samples is returned anyway.
Richard Mudgett [Mon, 14 Nov 2016 20:36:52 +0000 (14:36 -0600)]
res_pjsip_outbound_authenticator_digest.c: Fix memory pool leak.
Responding to authentication challenges leaks PJSIP memory pools.
The leak was introduced with a pjproject 2.5.5 API change.
https://trac.pjsip.org/repos/ticket/1929 changed the API usage of
pjsip_auth_clt_init() to require the new API pjsip_auth_clt_deinit() to
clean up cached authentication allocations that get allocated with
pjsip_auth_clt_reinit_req().
Alexei Gradinari [Tue, 15 Nov 2016 21:01:27 +0000 (16:01 -0500)]
chan_pjsip: fix switching sending codec when asymmetric_rtp_codec=no
The sending codec is switched to the receiving codec and then
is switched back to the best native codec on EVERY receiving RTP packets.
This is because after call of ast_channel_set_rawwriteformat there is call
of ast_set_write_format which calls set_format which sets rawwriteformat
to the best native format.
This patch adds a new function ast_set_write_format_path which set
specific write path on channel and uses this function to switch
the sending codec.
George Joseph [Tue, 15 Nov 2016 18:01:04 +0000 (11:01 -0700)]
file.c/__ast_file_read_dirs: Fix issues on filesystems without d_type
One of the code paths in __ast_file_read_dirs will only get executed if
the OS doesn't support dirent->d_type OR if the filesystem the
particular file is on doesn't support it. So, while standard Linux
systems support the field, some filesystems like XFS do not. In this
case, we need to call stat() to determine whether the directory entry
is a file or directory so we append the filename to the supplied
directory path and call stat. We forgot to truncate path back to just
the directory afterwards though so we were passing a complete file name
to the callback in the dir_name parameter instead of just the directory
name.
The logic has been re-written to only create a full_path if we need to
call stat() or if we need to descend into another directory.
Matt Jordan [Mon, 14 Nov 2016 21:57:08 +0000 (15:57 -0600)]
pjproject: Use a much higher limit for PJ_ICE_MAX_CHECKS
The PJ_ICE_MAX_CHECKS constant is used by pjproject to determine how
many pairs of local/remote candidates will be made. If for some reason
we reach this upper bound, ICE will generally fail and no media will
flow between the browser and Asterisk.
This patch makes PJ_ICE_MAX_CHECKS set to the total possible number of
pairs of candidates we'd theoretically allow, which is
PJ_ICE_MAX_CAND^2. Prior to this patch, we simply multiplied
PJ_ICE_MAX_CAND by two; on systems with multiple interfaces (I blame
Docker), this is far too low to allow WebRTC calls to succeed.
Setting this to be PJ_ICE_MAX_CAND^2 allowed WebRTC calls to succeed
even when the system Asterisk was running on had quite a few virtual
interfaces.
Matt Jordan [Mon, 14 Nov 2016 21:32:14 +0000 (15:32 -0600)]
apps/app_echo: Only relay a single video source change frame
In 9785e8d0, app_echo was updated to relay video source updates to the
channel for the purposes of displaying video in WebRTC tests.
Unfortunately, this can cause a Kafkaesque nightmare if two or more
Local channels are in a bridge together where their ends are in
app_echo. When this situation occurs, a video update sent into app_echo
will cause the video update to be relayed to the other Local channels,
causing another round of video updates, etc. In not much time at all,
the channel length queues will be overwhelmed, channel alert pipes will
fail, and all hell will break loose as Asterisk merrily continues to
throw more video update requests onto the channels.
This patch updates app_echo to *only* relay a single video update. Once
a video update has been made, all further video updates are dropped.
This meets the intended purpose of the original patch: if we get a video
update and we're in app_echo, go ahead and ask the sender to update
themselves. However, once we've got that video stream sync'd up, don't
keep spamming the world.
Matt Jordan [Tue, 8 Nov 2016 16:11:41 +0000 (10:11 -0600)]
res/ari/resource_bridges: Add the ability to manipulate the video source
In multi-party bridges, Asterisk currently supports two video modes:
* Follow the talker, in which the speaker with the most energy is shown
to all participants but the speaker, and the speaker sees the
previous video source
* Explicitly set video sources, in which all participants see a locked
video source
Prior to this patch, ARI had no ability to manipulate the video source.
This isn't important for two-party bridges, in which Asterisk merely
relays the video between the participants. However, in a multi-party
bridge, it can be advantageous to allow an external application to
manipulate the video source.
This patch provides two new routes to accomplish this:
(1) setVideoSource: POST /bridges/{bridgeId}/videoSource/{channelId}
Sets a video source to an explicit channel
(2) clearVideoSource: DELETE /bridges/{bridgeId}/videoSource
Removes any explicit video source, and sets the video mode to talk
detection
George Joseph [Mon, 14 Nov 2016 18:16:03 +0000 (11:16 -0700)]
cli: Fix ast_el_read_char to work with libedit >= 3.1
Libedit 3.1 is not build with unicode on as a default and so the
prototype for the el_gets callback changed from expecting a char buffer
to accepting a wchar buffer. If ast_el_read_char isn't changed,
the cli reads garbage from teh terminal.
Added a configure test for (*el_rfunc_t)(EditLine *, wchar_t *) and
updated ast_el_read_char to use the HAVE_ define to detemrine whether
to use char or wchar.
* Don't hold the req_wrapper lock too long in endpt_send_request(). We
could block the PJSIP monitor thread if the timeout timer expires.
sip_get_tpselector_from_endpoint() does a sorcery access that could take
awhile accessing a database. pjsip_endpt_send_request() might take awhile
if selecting a transport.
* Shorten the time that the req_wrapper lock is held in the callback
functions.
George Joseph [Thu, 10 Nov 2016 00:18:00 +0000 (17:18 -0700)]
build: Fix default values for some SANITIZER options
2 of the sanitizers didn't have default values so in systems that
don't support sanitizers menuselect would spit out warnings. They
were harmless but confusing. They've now been set to "0".
Mark Michelson [Tue, 8 Nov 2016 16:48:32 +0000 (10:48 -0600)]
res_pjsip_session: Do not call session supplements when it's too late.
res_pjsip_sesssion was hooking into transaction and invite state
changes. One of the reasons for doing so was due to the
PJSIP_EVENT_TX_MSG event. The idea was that we were hooking into the
message sending process, and so we should call session supplements to
alter the outgoing message.
In reality, this event was meant to indicate that the message either
a) had already been sent, or
b) required a DNS lookup and would be sent when the DNS query
completed.
In case (a), this meant we were altering an already-sent
request/response for no reason. In case (b), this potentially meant we
could be trying to alter a request/response at the same time that the
DNS resolution completed. In this case, it meant we might be stomping on
memory being used by the thread actually sending the message. This
caused potential crashes and memory corruption.
This patch removes the calls to session supplements from the case where
the PJSIP_EVENT_TX_MSG event occurs. In all of these cases, trying to
alter the message at this point is too late, and it can cause nothing
but harm to try to do it. Because there were no longer any calls to the
handle_outgoing() function, it has been removed.
projects / thirdparty / asterisk.git / log
