RFC 8760 added new digest-access-authentication schemes. Testing
revealed that chan_sip does not pick MD5 if several schemes are offered
by the User Agent Server (UAS). This change does not implement any of
the new schemes like SHA-256. This change makes sure, MD5 is picked so
UAS with SHA-2 enabled, like the service www.linphone.org/freesip, can
still be used. This should have worked since day one because SIP/2.0
already envisioned several schemes (see RFC 3261 and its augmented BNF
for 'algorithm' which includes 'token' as third alternative; note: if
'algorithm' was not present, MD5 is still assumed even in RFC 7616).
Change-Id: I61ca0b1f74b5ec2b5f3062c2d661cafeaf597fcd
The ToHost parameter was not cleared when a peer's host value was
changed to dynamic. This causes invites to be sent to the original host.
ASTERISK-29011 #close
Change-Id: I9678d512741f71baca8f131a65b7523020b07d5c
chan_sip handle_response() function, for a 400 response to an INVITE,
calls handle_response_invite() and does not generate ACK.
handle_response_invite() does not recognize 400 response and has no
default response processing for unexpected responses, thus it does not
generate ACK either.
The ACK on response repetition comes from handle_response() mechanism
"We must re-send ACKs to re-transmitted final responses".
According to code history, 400 response specific processing was
introduced with commit
"channels/chan_sip: Add improved support for 4xx error codes"
This commit added support for :
- 400/414/493 in handle_response_subscribe() handle_response_register()
and handle_response().
- 414/493 only in handle_response_invite().
This fix adds 400 response support in handle_response_invite().
ASTERISK-28957
Change-Id: Ic71a087e5398dfc7273946b9ec6f9a36960218ad
It is possible to configure a TCP/TLS client without having a TCP/TLS
server. In that case, no error or warning was printed but the headers
Contact and Via in SIP REGISTER were "(null)".
ASTERISK-28798
Change-Id: I387ca5cb6a65f1eb675a29c5e41df8ec6c242ab2
If you're for some reason out of RTP ports, chan_sip would previously
responde to an INVITE with a 403, which will fail the call.
Now, it returns a 503, allowing the device/proxy to retry the call on a
different machine.
ASTERISK-28718
Change-Id: I968dcf6c1e30ecddcce397dcda36db727c83ca90
lws2sws() does not stop trying to handle header continuation lines
even after all headers have been found. This is problematic if the
first character of a SIP message body is a space or tab character, so
we update to recognize the end of the message header.
ASTERISK-28693 #close
Reported by: Frank Matano
Change-Id: Idec8fa58545cd3fd898cbe0075d76c223f8d33df
Fixes no-audio issues when the media source is changed and
strictrtp is enabled (default).
If the peer media source changes, the SDP session version also changes.
If it is lower than the one we had stored, chan_sip would ignore it.
This changeset keeps track of the remote media origin identifier,
comparing that as well. If it changes, the session version needn't be
higher for us to accept the SDP.
Common scenario where this would've caused problems: a separate media
gateway that informs the caller about premium rates before handing off
the call to the final destination.
(An alternative fix would be to set ignoresdpversion=yes on the peer.)
ASTERISK-28686
Change-Id: I88fdbc5aeb777b583e7738c084254c482a7776ee
The SIP transaction state was reset when emitting an UPDATE or a re-INVITE
related to a COLP, preventing RTP packets to be emitted.
ASTERISK-28647
Change-Id: Ie7a30fa7a97f711e7ba6cc17f221a0993d48bd8b
chan_sip.c:3782 __sip_xmit: sip_xmit of 0x7f1478069230 (len 600) to
213.150.203.60:1492 returned -2: Interrupted system call
returned -2 implies this wasn't actually an OS error, so errno makes no
sense either. Internal error was already logged higher up, and -2
generally means that either there isn't a valid connection available, or
the pipe notification failed, and that is already correctly logged.
ASTERISK-28651 #close
Change-Id: I46eb82924beeff9dfd86fa6c7eb87d2651b950f2
Signed-off-by: Jaco Kroon <jaco@uls.co.za>
During capabilities selection (joint capabilities of us and peer,
configured capability for this peer, or general configured
capabilities), if sip_new() does not keep framing information,
then directmedia activation will fail for any framing different
from default framing.
ASTERISK-28637
Change-Id: I99257502788653c2816fc991cac7946453082466
If the name of a peer is known and a SIP request is sent using that
peer's name, the address of the peer will change even if the request
fails the authentication challenge. This means that an endpoint can
be altered and even rendered unusuable, even if it was in a working
state previously. This can only occur when the nat option is set to the
default, or auto_force_rport.
This change checks the result of authentication first to ensure it is
successful before setting the address and the nat option.
ASTERISK-28589 #close
Change-Id: I581c5ed1da60ca89f590bd70872de2b660de02df
When modifying an already defined variable in some channel drivers they
add a new variable with the same name to the list, but that value is
never used, only the first one found.
Introduce ast_variable_list_replace() and use it where appropriate.
ASTERISK-23756 #close
Patches:
setvar-multiplie.patch submitted by Michael Goryainov
Change-Id: Ie1897a96c82b8945e752733612ee963686f32839
The chan_sip module performs a T.38 re-invite using a single media
stream of udptl, and expects the SDP answer to be the same.
If an SDP answer is received instead that contains an additional
media stream with no joint codec a crash will occur as the code
assumes that at least one joint codec will exist in this
scenario.
This change removes this assumption.
ASTERISK-28465
Change-Id: I8b02845b53344c6babe867a3f0a5231045c7ac87
There is enough MWI functionality to warrant it having its own 'c' and header
files. This patch moves all current core MWI data structures, and functions
into the following files:
main/mwi.h
main/mwi.c
Note, code was simply moved, and not modified. However, this patch is also in
preparation for core MWI changes, and additions to come.
Change-Id: I9dde8bfae1e7ec254fa63166e090f77e4d3097e0
The compiler complained about a couple of variables that weren't
initialized but were being used. Initializing them to NULL resolves the
warnings/errors.
ASTERISK-28362 #close
Change-Id: I6243afc5459b416edff6bbf571b0489f6b852e4b
Passing negative intervals to the scheduler rips a hole in the
space-time continuum.
ASTERISK-25792 #close
Reported by: Paul Sandys
Change-Id: Ie706f21cee05f76ffb6f7d89e9c867930ee7bcd7
Replace usage of ao2_container_alloc with ao2_container_alloc_hash or
ao2_container_alloc_list.
ao2_container_alloc is now restricted to modules only and is being
removed from Asterisk 17.
Change-Id: I0907d78bc66efc775672df37c8faad00f2f6c088
This change adds the ability for subscriptions to indicate
which message types they are interested in accepting. By
doing so the filtering is done before being dispatched
to the subscriber, reducing the amount of work that has
to be done.
This is optional and if a subscriber does not add
message types they wish to accept and set the subscription
to selective filtering the previous behavior is preserved
and they receive all messages.
There is also the ability to explicitly force the reception
of all messages for cases such as AMI or ARI where a large
number of messages are expected that are then generically
converted into a different format.
ASTERISK-28103
Change-Id: I99bee23895baa0a117985d51683f7963b77aa190
When a call pickup is performed using and invite with replaces header
the ast_do_pickup method is attempted and a PICKUP stasis message is sent.
ASTERISK-28081 #close
Reported-by: Luit van Drongelen
Change-Id: Ieb1442027a3ce6ae55faca47bc095e53972f947a
These macros have been documented as legacy for a long time but are
still used in new code because they exist. Remove all references to:
* ao2_container_alloc_options
* ao2_t_container_alloc_options
* ao2_t_container_alloc
These macro's are still available for use but only in modules. Only
ao2_container_alloc remains due to it's use in over 100 places.
Change-Id: I1a26258b5bf3deb081aaeed11a0baa175c933c7a
With tls and udp enabled asterisk generates a warning about sending
message via udp instead of tls.
sip notify command via cli works as expected and without warning.
asterisk has to set the connection information accordingly to connection
and not on presumption
ASTERISK-28057 #close
Change-Id: Ib43315aba1f2c14ba077b52d8c5b00be0006656e
As they're not actively used, they only grow stale. The moduleinfo field itself
is kept in Asterisk 13/15 for ABI compatibility.
ASTERISK-28046 #close
Change-Id: I8df66a7007f807840414bb348511a8c14c05a9fc
Also remove function peer_ipcmp_cb since it's not used (according to
rmudgett).
Prior to b2c4e8660a (ASTERISK_27457)
insecure=port was the defacto standard. That commit also prevented
insecure=port from being applied for sip/tcp or sip/tls.
Into consideration there are three sets of behaviour:
1. "previous" - before the above commit.
2. "current" - post above commit, pre this one.
3. "new" - post this commit.
The problem that the above commit tried to address was guests over TCP.
It succeeded in doing that but broke transport!=udp with host!=dynamic.
This commit attempts to restore sane behaviour with respect to
transport!=udp for host!=dynamic whilst still retaining the guest users
over tcp.
It should be noted that when looking for a peer, two passes are made, the
first pass doesn't have SIP_INSECURE_PORT set for the searched-for peer,
thus looking for full matches (IP + Port), the second pass sets
SIP_INSECURE_PORT, thus expecting matches on IP only where the matched
peer allows for that (in the author's opinion: UDP with insecure=port,
or any TCP based, non-dynamic host).
In previous behaviour there was special handling for transport=tcp|tls
whereby a peer would match during the first pass if the utilized
transport was TCP|TLS (and the peer allowed that specific transport).
This behaviour was wrong, or dubious at best. Consider two dynamic tcp
peers, both registering from the same IP (NAT), in this case either peer
could match for connections from an IP. It's also this behaviour that
prevented SIP guests over tcp.
The above referenced commit removed this behaviour, but kept applying
the SIP_INSECURE_PORT only to WS|WSS|UDP. Since WS and WSS is also TCP
based, the logic here should fall into the TCP category.
This patch updates things such that the previously non-explicit (TCP
behaviour) transport test gets performed explicitly (ie, matched peer
must allow for the used transport), as well as the indeterministic
source-port nature of the TCP protocol is taken into account. The new
match algorithm now looks like:
1. As per previous behaviour, IP address is matched first.
2. Explicit filter with respect to transport protocol, previous
behaviour was semi-implied in the test for TCP pure IP match - this now
made explicit.
3. During first pass (without SIP_INSECURE_PORT), always match on port.
4. If doing UDP, match if matched against peer also has
SIP_INSECURE_PORT, else don't match.
5. Match if not a dynamic host (for non-UDP protocols)
6. Don't match if this is WS|WSS, or we can't trust the Contact address
(presumably due to NAT)
7. Match (we have a valid Contact thus if the IP matches we have no
choice, this will likely only apply to non-NAT).
To logic-test this we need a few different scenarios. Towards this end,
I work with a set number of peers defined in sip.conf:
[peer1]
host=1.1.1.1
transport=tcp
[peer2]
host=1.1.1.1
transport=udp
[peer3]
host=1.1.1.1
port=5061
insecure=port
transport=udp
[peer4]
host=1.1.1.2
transport=udp,tcp
[peer5]
host=dynamic
transport=udp,tcp
Test cases for UDP:
1 - incoming UDP request from 1.1.1.1:
- previous:
- pass 1:
* peer1 or peer2 if from port 5060 (indeterminate, depends on peer
ordering)
* peer3 if from port 5061
* peer5 if registered from 1.1.1.1 and source port matches
- pass 2:
* peer3
- current: as per previous.
- new:
- pass 1:
* peer2 if from port 5060
* peer3 if from port 5061
* peer5 if registered from 1.1.1.1 and source port matches
- pass 2:
* peer3
2 - incoming UDP request from 1.1.1.2:
- previous:
- pass 1:
* peer5 if registered from 1.1.1.2 and port matches
* peer4 if source port is 5060
- pass 2:
* no match (guest)
- current: as previous.
- new as previous (with the variation that if peer5 didn't have udp as
allowed transport it would not match peer5 whereas previous
and current code could).
3 - incoming UDP request from anywhere else:
- previous:
- pass 1:
* peer5 if registered from that address and source port matches.
- pass 2:
* peer5 if insecure=port is additionally set.
* no match (guest)
- current - as per previous
- new - as per previous
Test cases for TCP based transports:
4 - incoming TCP request from 1.1.1.1
- previous:
- pass 1 (indeterministic, depends on ordering of peers in memory):
* peer1; or
* peer5 if peer5 registered from 1.1.1.1 (irrespective of source port); or
* peer2 if the source port happens to be 5060; or
* peer3 if the source port happens to be 5061.
- pass 2: cannot happen since pass 1 will always find a peer.
- current:
- pass 1:
* peer1 or peer2 if from source port 5060
* peer3 if from source port 5060
* peer5 if registered as 1.1.1.1 and source port matches
- pass 2:
* no match (guest)
- new:
- pass 1:
* peer 1 if from port 5060
* peer 5 if registered and source port matches
- pass 2:
* peer 1
5 - incoming TCP request from 1.1.1.2
- previous (indeterminate, depends on ordering):
- pass 1:
* peer4; or
* peer5 if peer5 registered from 1.1.1.2
- pass 2: cannot happen since pass 1 will always find a peer.
- current:
- pass 1:
* peer4 if source port is 5060
* peer5 if peer5 registered as 1.1.1.2 and source port matches
- pass 2:
* no match (guest).
- new:
- pass 1:
* peer4 if source port is 5060
* peer5 if peer5 registered as 1.1.1.2 and source port matches
- pass 2:
* peer4
6 - incoming TCP request from anywhere else:
- previous:
- pass 1:
* peer5 if registered from that address
- pass 2: cannot happen since pass 1 will always find a peer.
- current:
- pass 1:
* peer5 if registered from that address and port matches.
- pass 2:
* no match (guest)
- new: as per current.
It should be noted the test cases don't make explicit mention of TLS, WS
or WSS. WS and WSS previously followed UDP semantics, they will now
enforce source port matching. TLS follow TCP semantics.
The previous commit specifically tried to address test-case 6, but broke
test-cases 4 and 5 in the process.
ASTERISK-27881 #close
Change-Id: I61a9804e4feba9c7224c481f7a10bf7eb7c7f2a2
Otherwise console output
(get_refer_info): mutex 'peer' freed more times than we've locked!
(get_refer_info): Error releasing mutex: Operation not permitted
or
(get_refer_info): attempted unlock mutex 'peer' without owning it!
(__ast_read): 'peer' was locked here.
...dump_backtrace
(get_refer_info): Error releasing mutex: Operation not permitted
(__ast_read): mutex 'chan' freed more times than we've locked!
ASTERISK-28011 #close
Change-Id: I6e45f2764ba4f3273a943300f91ac9b461ac2893
This fixes build warnings found by GCC 8. In some cases format
truncation is intentional so the warning is just suppressed.
ASTERISK-27824 #close
Change-Id: I724f146cbddba8b86619d4c4a9931ee877995c84
There is a problem when an INVITE-with-Replaces transfer targets a channel
in a ConfBridge. The transfer will unconditionally swap out the
ConfBridge channel. Unfortunately, the ConfBridge state will not be aware
of this change. Unexpected behavior will happen as a result since
ConfBridge channels currently can only be replaced by a masquerade and not
normal bridge channel moves.
* We just need to pretend that the channel isn't in a bridge (like other
transfer methods already do) so the transfer channel will masquerade into
the ConfBridge channel.
Change-Id: I209beb0e748fa4f4b92a576f36afa8f495ba4c82
Given the below call scenario:
A -> Ast1 -> B
C <- Ast2 <- B
1) A calls B through Ast1
2) B calls C through Ast2
3) B transfers A to C
When party B transfers A to C, B sends a REFER to Ast1 causing Ast1 to
send an INVITE with replaces to Ast2. Ast2 then leaks a channel ref of
the channel between Ast1 and Ast2.
Channel ref leaks are easily seen in the CLI "core show channels" output.
The leaked channels appear in the output but you can do nothing with them
and they never go away unless you restart Asterisk.
* Properly account for the channel refs when imparting a channel into a
bridge when handling an INVITE with replaces in handle_invite_replaces().
The ast_bridge_impart() function steals a channel ref but the code didn't
account for how many refs were held by the code at the time and which ref
was stolen.
* Eliminated RAII_VAR in handle_invite_replaces().
ASTERISK-27740
Change-Id: I7edbed774314b55acf0067b2762bfe984ecaa9a4
Checking option_debug directly is incorrect as it ignores file/module
specific debug settings. This system-wide change replaces nearly all
direct checks for option_debug with the DEBUG_ATLEAST macro.
Change-Id: Ic342d4799a945dbc40ac085ac142681094a4ebf0
The "ptime" SDP parameter received in a SIP response was not honoured.
Moreover, in the abscence of this "ptime" parameter, locally configured
framing was lost during response processing.
This patch systematically stores the framing information in the
ast_rtp_codecs structure, taking it from the response or from the
configuration as appropriate.
ASTERISK-27674
Change-Id: I828a6a98d27a45a8afd07236a2bd0aa3cbd3fb2c
When constructing a dialog-info+xml NOTIFY message a ringing channel
is found if the state is ringing and further information is placed into
the message. Due to the migration to the Stasis message bus this did
not always work as expected.
This change raises a second ringing event in such a way to guarantee
that the event is received by chan_sip and another lookup is done to
find the ringing channel.
ASTERISK-24488
Change-Id: I547a458fc59721c918cb48be060cbfc3c88bcf9c
Check if initreq data string exists before using it when processing a
CANCEL request.
ASTERISK-27666
Change-Id: Id1d0f0fa4ec94e81b332b2973d93e5a14bb4cc97
A patch for sending in-dialog SIP NOTIFY message
with "SIPnotify" AMI action.
ASTERISK-27461
(created patch for 13 branch manually due to merge conflict)
Change-Id: I255067f02e2ce22c4b244f12134b9a48d210c22a
Per RFC 5245, the foundation specified with an ICE candidate can be up
to 32 characters but we are only allowing for 31.
ASTERISK-27498 #close
Reported by: Michele Prà
Change-Id: I05ce7a5952721a76a2b4c90366168022558dc7cf
Fix instances of:
* Retreive
* Recieve
* other then
* different then
* Repeated words ("the the", "an an", "and and", etc).
* othterwise, teh
ASTERISK-24198 #close
Change-Id: I3809a9c113b92fd9d0d9f9bac98e9c66dc8b2d31
In change_redirecting_information variables we use ast_strlen_zero to
see if a value should be saved. In the case where the value is not NULL
but is a zero length string we leaked.
handle_response_subscribe leaked a reference to the ccss monitor
instance.
Change-Id: Ib11444de69c3d5b2360a88ba2feb54d2c2e9f05f
Log a message to security events when an INVITE is received to an
invalid extension.
ASTERISK-25869 #close
Change-Id: I0da40cd7c2206c825c2f0d4e172275df331fcc8f
Stripping the DNID in a SIP dial string can result in attempting to call
the argument parsing macros on an empty string, causing a crash.
ASTERISK-26131 #close
Reported by: Dwayne Hubbard
Patches:
dw-asterisk-master-dnid-crash.patch (license #6257) patch
uploaded by Dwayne Hubbard
Change-Id: Ib84c1f740a9ec0539d582b09d847fc85ddca1c5e
