This commit introduces configurable TCP keepalive settings for both TCP and TLS transports. The changes allow for finer control over TCP connection keepalives, enhancing stability and reliability in environments prone to connection timeouts or where intermediate devices may prematurely close idle connections. This has proven necessary and has already been tested in production in several specialized environments where access to the underlying transport is unreliable in ways invisible to the operating system directly, so these keepalive and timeout mechanisms are necessary.
Fixes#657
(cherry picked from commit 555eb9d3d2)
Fixes: #406
UserNote: Bundled pjproject has been upgraded to 2.14. For more
information on what all is included in this change, check out the
pjproject Github page: https://github.com/pjsip/pjproject/releases
(cherry picked from commit 6efa51f512)
Add patch to split the log level for invalid packets received on the
signaling port. The warning regarding the packet will move to level 2
so that it can still be displayed, while the raw packet will be at level
4.
The default is 32 with 8 being used by pjproject itself. Recent
commits have put us over the limit resulting in assertions in
pjproject. Since this value is used in invites, dialogs,
transports and subscriptions as well as the global pjproject
endpoint, we don't want to increase it too much.
Resolves: #255
(cherry picked from commit d3ee0e6516)
contributed pjproject - patch to check sub->pending_notify
in evsub.c:on_tsx_state before calling
pjsip_evsub_send_request()
res_pjsip_pubsub - change post pjsip 2.13 behavior to use
pubsub_on_refresh_timeout to avoid the ao2_cleanup call on
the sub_tree. This is is because the final NOTIFY send is no
longer the last place the sub_tree is referenced.
ASTERISK-30419
Change-Id: Ib5cc662ce578e9adcda312e16c58a10b6453e438
Removed multiple patches.
Code chages in res_pjsip_pubsub due to changes in evsub.
Pjsip now calls on_evsub_state() before on_rx_refresh(),
so the sub tree deletion that used to take place in
on_evsub_state() now must take place in on_rx_refresh().
Additionally, pjsip now requires that you send the NOTIFY
from within on_rx_refresh(), otherwise it will assert
when going to send the 200 OK. The idea is that it will
look for this NOTIFY and cache it until after sending the
response in order to deal with the self-imposed message
mis-order. Asterisk previously dealt with this by pushing
the NOTIFY in on_rx_refresh(), but pjsip now forces us
to use it's method.
Changes were required to configure in order to detect
which way pjsip handles this as the two are not
compatible for the reasons mentioned above.
A corresponding change in testsuite is required in order
to deal with the small interal timing changes caused by
moving the NOTIFY send.
ASTERISK-30325
Change-Id: I50b00cac89d950d3511d7b250a1c641965d9fe7f
Chrome has added more attributes, causing the limit to be
exceeded. This raises it up some more.
ASTERISK-30015
Change-Id: I964957c005c4e6f7871b15ea1ccd9b4659c7ef32
This change removes patches which have been merged into
upstream and updates some existing ones. It also adds
some additional config_site.h changes to restore previous
behavior, as well as a patch to allow multiple Authorization
headers. There seems to be some confusion or disagreement
on language in RFC 8760 in regards to whether multiple
Authorization headers are supported. The RFC implies it
is allowed, as does some past sipcore discussion. There is
also the catch all of "local policy" to allow it. In
the case of Asterisk we allow it.
ASTERISK-29351
Change-Id: Id39ece02dedb7b9f739e0e37ea47d76854af7191
Added the following APIs:
pjsip_multipart_find_part_by_header()
pjsip_multipart_find_part_by_header_str()
pjsip_multipart_find_part_by_cid_str()
pjsip_multipart_find_part_by_cid_uri()
Change-Id: I6aee3dcf59eb171f93aae0f0564ff907262ef40d
pjsip_msg_find_hdr(), pjsip_msg_find_hdr_by_name(), and
pjsip_msg_find_hdr_by_names() require a pjsip_msg to be passed in
so if you need to search a header list that's not in a pjsip_msg,
you have to do it yourself. This commit adds generic versions of
those 3 functions that take in the actual header list head instead
of a pjsip_msg so if you need to search a list of headers in
something like a pjsip_multipart_part, you can do so easily.
Change-Id: I6f2c127170eafda48e5e0d5d4d187bcd52b4df07
Adding upstream patch for pull request...
https://github.com/pjsip/pjproject/pull/2920
---------------------------------------------------------------
sip_inv: Additional multipart support (#2919)
sip_inv.c:inv_check_sdp_in_incoming_msg() deals with multipart
message bodies in rdata correctly. In the case where early media is
involved though, the existing sdp has to be retrieved from the last
tdata sent in this transaction. This, however, always assumes that
the sdp sent is in a non-multipart body. While there's a function
to retrieve the sdp from multipart and non-multpart rdata bodies,
no similar function for tdata exists. So...
* The existing pjsip_rdata_get_sdp_info2 was refactored to
find the sdp in any body, multipart or non-multipart, and
from either an rdata or tdata. The new function is
pjsip_get_sdp_info. This new function detects whether the
pjsip_msg->body->data is the text representation of the sdp
from an rdata or an existing pjmedia_sdp_session object
from a tdata, or whether pjsip_msg->body is a multipart
body containing either of the two sdp formats.
* The exsting pjsip_rdata_get_sdp_info and pjsip_rdata_get_sdp_info2
functions are now wrappers that get the body and Content-Type
header from the rdata and call pjsip_get_sdp_info.
* Two new wrappers named pjsip_tdata_get_sdp_info and
pjsip_tdata_get_sdp_info2 have been created that get the body
from the tdata and call pjsip_get_sdp_info.
* inv_offer_answer_test.c was updated to test multipart scenarios.
ASTERISK-29804
Change-Id: I483c7c3d413280c9e247a96ad581278347f9c71b
An issue was found where a particular manufacturer's phones add a
trailing space to the end of the rtpmap attribute when specifying
a payload type that has a "param" after the format name and clock
rate. For example:
a=rtpmap:120 opus/48000/2 \r\n
Because pjmedia_sdp_attr_get_rtpmap currently takes everything after
the second '/' up to the line end as the param, the space is
included in future comparisons, which then fail if the param being
compared to doesn't also have the space.
We now use pj_scan_get() to parse the param part of rtpmap so
trailing whitespace is automatically stripped.
ASTERISK-29654
Change-Id: Ibd0a4e243a69cde7ba9312275b13ab62ab86bc1b
If an SSL socket parent/listener was destroyed during the handshake,
depending on timing, it was possible for the handling callback to
attempt access of it after the fact thus causing a crash.
ASTERISK-29415 #close
Change-Id: I105dacdcd130ea7fdd4cf2010ccf35b5eaf1432d
RFC7616 and RFC8760 allow more than one WWW-Authenticate or
Proxy-Authenticate header per realm, each with different digest
algorithms (including new ones like SHA-256 and SHA-512-256).
Thankfully however a UAS can NOT send back multiple Authenticate
headers for the same realm with the same digest algorithm. The
UAS is also supposed to send the headers in order of preference
with the first one being the most preferred. We're supposed to
send an Authorization header for the first one we encounter for a
realm that we can support.
The UAS can also send multiple realms, especially when it's a
proxy that has forked the request in which case the proxy will
aggregate all of the Authenticate headers and then send them all
back to the UAC.
It doesn't stop there though... Each realm can require a
different username from the others. There's also nothing
preventing each digest algorithm from having a unique password
although I'm not sure if that adds any benefit.
So now... For each Authenticate header we encounter, we have to
determine if we support the digest algorithm and, if not, just
skip the header. We then have to find an auth object that
matches the realm AND the digest algorithm or find a wildcard
object that matches the digest algorithm. If we find one, we add
it to the results vector and read the next Authenticate header.
If the next header is for the same realm AND we already added an
auth object for that realm, we skip the header. Otherwise we
repeat the process for the next header.
In the end, we'll have accumulated a list of credentials we can
pass to pjproject that it can use to add Authentication headers
to a request.
NOTE: Neither we nor pjproject can currently handle digest
algorithms other than MD5. We don't even have a place for it in
the ast_sip_auth object. For this reason, we just skip processing
any Authenticate header that's not MD5. When we support the
others, we'll move the check into the loop that searches the
objects.
Changes:
* Added a new API ast_sip_retrieve_auths_vector() that takes in
a vector of auth ids (usually supplied on a call to
ast_sip_create_request_with_auth()) and populates another
vector with the actual objects.
* Refactored res_pjsip_outbound_authenticator_digest to handle
multiple Authenticate headers and set the stage for handling
additional digest algorithms.
* Added a pjproject patch that allows them to ignore digest
algorithms they don't support. This patch has already been
merged upstream.
* Updated documentation for auth objects in the XML and
in pjsip.conf.sample.
* Although res_pjsip_authenticator_digest isn't affected
by this change, some debugging and a testsuite AMI event
was added to facilitate testing.
Discovered during OpenSIPit 2021.
ASTERISK-29397
Change-Id: I3aef5ce4fe1d27e48d61268520f284d15d650281
In some cases it was possible for a STUN packet to be destroyed
prematurely or even destroyed partially multiple times.
This patch provided by Teluu fixes the lifetime of these
packets and ensures they aren't partially destroyed multiple
times.
https://github.com/pjsip/pjproject/pull/2709
ASTERISK-29377
Change-Id: Ie842ad24ddf345e01c69a4d333023f05f787abca
If a remote side is broken and sends an SDP that can not be
negotiated the call will be torn down but there is a window
where a second 183 Session Progress or 200 OK that is forked
can be received that also attempts to negotiate SDP. Since
the code marked the SDP negotiation as being done and complete
prior to this it assumes that there is an active local and remote
SDP which it can modify, while in fact there is not as the SDP
did not successfully negotiate. Since there is no local or remote
SDP a crash occurs.
This patch changes the pjmedia_sdp_neg_modify_local_offer2
function to no longer assume that a previous SDP negotiation
was successful.
ASTERISK-29196
Change-Id: I22de45916d3b05fdc2a67da92b3a38271ee5949e
In rewrite_uri asterisk was not making deep copies of strings when
changing the uri. This was in some cases causing garbage in the route
header and in other cases even crashing asterisk when receiving a
message with a record-route header set. Thanks to Ralf Kubis for
pointing out why this happens. A similar problem was found in
res_pjsip_transport_websocket.c. Pjproject needs as well to be patched
to avoid garbage in CANCEL messages.
ASTERISK-29024 #close
Change-Id: Ic5acd7fa2fbda3080f5f36ef12e46804939b198b
PJSIP, UDP transport with external_media_address and session timers
enabled. Connected to SIP server that is not in local net. Asterisk
initiated the connection and is refreshing the session after 150s
(timeout 300s). The 2nd refresh-INVITE triggered by the pjsip timer has
a malformed IP address in its SDP (garbage string). This only happens
when the SDP is modified by the nat-code to replace the local IP address
with the configured external_media_address.
Analysis: the code to modify the SDP (in
res_pjsip_session.c:session_outgoing_nat_hook() and also (redundantly?)
in res_pjsip_sdp_rtp.c:change_outgoing_sdp_stream_media_address()) uses
the tdata->pool to allocate the replacement string. But the same
pjmedia_sdp_stream that was modified for the 1st refresh-INVITE is also
used for the 2nd refresh-INVITE (because it is stored in pjmedia's
pjmedia_sdp_neg structure). The problem is, that at that moment, the
tdata->pool that holds the stringified external_media_address from the
1. refresh-INVITE has long been reused for something else.
Fix by Sauw Ming of pjproject (see
https://github.com/pjsip/pjproject/pull/2476): the local, potentially
modified pjmedia_sdp_stream is cloned in
pjproject/source/pjsip/src/pjmedia/sip_neg.c:process_answer() and the
clone is stored, thereby detaching from the tdata->pool (which is only
released *after* process_answer())
ASTERISK-28973
Reported-by: Michael Neuhauser
Change-Id: I272ac22436076596e06aa51b9fa23fd1c7734a0e
When dealing with a lot of video streams on WebRTC
the resulting SDPs can grow to be quite large. This
effectively doubles the maximum size to allow more
streams to exist.
The res_http_websocket module has also been changed
to use a buffer on the session for reading in packets
to ensure that the stack space usage is not excessive.
Change-Id: I31d4351d70c8e2c11564807a7528b984f3fbdd01
I noticed this while looking at another issue and brought
it up with Teluu. It was possible for an uninitialized timer
to be cancelled, resulting in the invalid timer id of 0
being placed into the timer heap causing issues.
This change is a backport from the pjproject repository
preventing this from happening.
Change-Id: I1ba318b1f153a6dd7458846396e2867282b428e7
This patch makes the usual necessary changes when upgrading to a new
version pjproject. For instance, version number bump, patches removed
from third-party, new *.md5 file added, etc..
This patch also includes a change to the Asterisk pjproject Makefile to
explicitly create the 'source/pjsip-apps/lib' directory. This directory
is no longer there by default so needs to be added so the Asterisk
malloc debug can be built.
This patch also includes some minor changes to Asterisk that were a result
of the upgrade. Specifically, there was a backward incompatibility change
made in 2.10 that modified the "expires header" variable field from a
signed to an unsigned value. This potentially effects comparison. Namely,
those check for a value less than zero. This patch modified a few locations
in the Asterisk code that may have been affected.
Lastly, this patch adds a new macro PJSIP_MINVERSION that can be used to
check a minimum version of pjproject at compile time.
ASTERISK-28899 #close
Change-Id: Iec8821c6cbbc08c369d0e3cd2f14e691b41d0c81
Pjproject makefiles miss some dependencies which can cause race
conditions when building with parallel make processes. This patch
adds such dependencies correctly.
ASTERISK-28879 #close
Reported-by: Dmitry Wagin <dmitry.wagin@ya.ru>
Change-Id: Ie1b0dc365dafe4a84c5248097fe8d73804043c22
In practice it has been seen that some users come
close to our maximum ICE candidate count of 32.
In case people have gone over this increases the
count to 64, giving ample room.
ASTERISK-28859
Change-Id: I35cd68948ec0ada86c14eb53092cdaf8b62996cf
When handling ICE negotiations, it's possible that there can be a delay
between STUN binding requests which in turn will cause a delay in ICE
completion, preventing media from flowing. It should be possible to send
media when there is at least one valid pair, preventing this scenario
from occurring.
A change was added to PJPROJECT that adds an optional callback
(on_valid_pair) that will be called when the first valid pair is found
during ICE negotiation. Asterisk uses this to start the DTLS handshake,
allowing media to flow. It will only be called once, either on the first
valid pair, or when ICE negotiation is complete.
ASTERISK-28716
Change-Id: Ia7b68c34f06d2a1d91c5ed51627b66fd0363d867
Issues in pjproject 2.9 caused us to revert some of their changes
as a work around. This introduced another issue where pjproject
wouldn't build with older gcc versions such as that found on
CentOS 6. This commit replaces the reverts with the official
fixes for the original issues and allows pjproject to be built
on CentOS 6 again.
ASTERISK-28574
Reported-by: Niklas Larsson
Change-Id: I06f8507bea553d1a01b0b8874197d35b9d47ec4c
We've found a connection re-use regression in pjproject 2.9
introduced by commit
"Close #1019: Support for multiple listeners."
https://trac.pjsip.org/repos/changeset/6002https://trac.pjsip.org/repos/ticket/1019
Normally, multiple SSL requests should reuse the same connection
if one already exists to the remote server. When a transport
error occurs, the next request should establish a new connection
and any following requests should use that same one. With this
patch, when a transport error occurs, every new request creates
a new connection so you can wind up with thousands of open tcp
sockets, possibly exhausting file handles, and increasing memory
usage.
Reverting pjproject commit 6002 (and related 6021) restores the
expected behavior.
We also found a memory leak in SSL processing that was introduced by
commit
"Fixed #2204: Add OpenSSL remote certificate chain info"
https://trac.pjsip.org/repos/changeset/6014https://trac.pjsip.org/repos/ticket/2204
Apparently the remote certificate chain is continually recreated
causing the leak.
Reverting pjproject commit 6014 (and related 6022) restores the
expected behavior.
Both of these issues have been acknowledged by Teluu.
ASTERISK-28521
Change-Id: I8ae7233c3ac4ec29a3b991f738e655dabcaba9f1
NEC SIP Station interface with authenticated registration only supports cnonce
up to 32 characters. In Linux, PJSIP would generate 36 character cnonce
which included hyphens. Teluu developed this patch adding a compile time
setting to default to not include the hyphens. They felt it best to still
generate the UUID and strip the hyphens.
They have indicated it will be part of PJSIP 2.10.
ASTERISK-28509
Reported-by: Dan Cropp
Change-Id: Ibdfcf845d4f8c0a14df09fd983b11f2d72c5f470
Most SSL/TLS error messages coming from pjproject now have either
the peer address:port or peer hostname, depending on what was
available at the time and code location where the error was
generated.
ASTERISK-28444
Reported by: Bernhard Schmidt
Change-Id: I41770e8a1ea5e96f6e16b236692c4269ce1ba91e
Fixed#2172: Avoid double reference counter decrements in
timer in the scenario of race condition between
pj_timer_heap_cancel() and pj_timer_heap_poll().
Change-Id: If000e9438c83ac5084b678eb811e902c035bd2d8
In ASTERISK-27095 an issue had been fixed because of which chan_pjsip was not
trying to send UPDATE messages when connected_line_method was set to invite.
However this only solved the issue for incoming INVITES. For outgoing INVITES
(important when transferring calls) the options variable needs to be updated
at a different place.
ASTERISK-28182 #close
Reported-by: nappsoft
Change-Id: I76cc06da4ca76ddd6dce814a8b97cc66b98aaf29
This change implements a few different generic things which were brought
on by Google Voice SIP.
1. The concept of flow transports have been introduced. These are
configurable transports in pjsip.conf which can be used to reference a
flow of signaling to a target. These have runtime configuration that can
be changed by the signaling itself (such as Service-Routes and
P-Preferred-Identity). When used these guarantee an individual connection
(in the case of TCP or TLS) even if multiple flow transports exist to the
same target.
2. Service-Routes (RFC 3608) support has been added to the outbound
registration module which when received will be stored on the flow
transport and used for requests referencing it.
3. P-Associated-URI / P-Preferred-Identity (RFC 3325) support has been
added to the outbound registration module. If a P-Associated-URI header
is received it will be used on requests as the P-Preferred-Identity.
4. Configurable outbound extension support has been added to the outbound
registration module. When set the extension will be placed in the
Supported header.
5. Header parameters can now be configured on an outbound registration
which will be placed in the Contact header.
6. Google specific OAuth / Bearer token authentication
(draft-ietf-sipcore-sip-authn-02) has been added to the outbound
registration module.
All functionality changes are controlled by pjsip.conf configuration
options and do not affect non-configured pjsip endpoints otherwise.
ASTERISK-27971 #close
Change-Id: Id214c2d1c550a41fcf564b7df8f3da7be565bd58
This patch is not in the upstream pjproject and does unsafe things with
the timer->_timer_id and timer->_grp_lock values in pj_timer_entry_reset()
outside of the timer heap lock. pj_timer_entry_reset() is also called for
timers that are not about to be rescheduled in a few places.
Change-Id: I4fe0b4bc648f7be5903cf4531b94fc87275713c1
This change brings in PJSIP 2.8, removes all the patches
that were merged upstream, and makes a minor change to
support a breaking change that was done.
ASTERISK-28059
Change-Id: I5097772b11b0f95c3c1f52df6400158666f0a189
The authors of PJProject undef s_addr because of some issue in Microsoft
Windows. However in Oracle Solaris, s_addr is not a structure member, but
defined to map to the real structure member.
Updates the patch from ASTERISK_20366
ASTERISK-27997
Change-Id: I8223026d4d54e2a46521085fcc94bfa6ebe35b11
The script configure from Teluu expects shared libraries (.so) in a subfolder
called 'lib', when --with-xyz=PATH is specified. However for OpenSSL, the
default location is the root of the source folder = PATH. Furthermore, Asterisk
supports both, 'lib' and root. For consistency and because Asterisk is using
(only) OpenSSL in PJProject, it is enhanced to support both locations, just
like Asterisk.
ASTERISK-27995
Change-Id: I8eb916a88b6b8c22e29bb40bee8faaca6c73406f
The tdata containing the response can be shared by both the dialog
object and the tsx object. In order to prevent the race condition
between the tsx retransmission and the dialog sending a response,
clone the tdata before modifying it for the dialog send response.
ASTERISK-27966 #close
Change-Id: Ic381004a3a212fe1d8eca0e707fe09dba4a6ab4e
Asterisk patched the pjproject source to avoid crashing when pjproject
sip_msg headers are encountered with NULL vptr's, but the patch also
output error messages for some valid headers which simply did not need
to be added to the message itself, such as hidden route headers.
pjproject has since applied a similar patch to their baseline to avoid
crashes, but their version also avoids the spurious error logging.
Lets use their patch instead.
ASTERISK-27961 #close
Change-Id: I2ddbd82c8da10e0dcc9807a48089d1f3c2d6e389
Turn off the periodic sending of CRLNCRLN. Default is on (90 seconds),
which conflicts with the global section's keep_alive_interval option in
pjsip.conf.
patches:
pjsip_keep_not_alive.patch submitted by Alexander Traud (License 6520)
ASTERISK-27347
Change-Id: I6a197f56e1830d3b7e5ec70f17025840a290b057
pjproject by default currently will follow media forked during an INVITE
on outbound calls if the To tag is different on a subsequent response as
that on an earlier response. We handle this correctly. There have
been reported cases where the To tag is the same but we still need to
follow the media. The pjproject patch in this commit adds the
capability to sip_inv and also adds the capability to control it at
runtime. The original "different tag" behavior was always controllable
at runtime but we never did anything with it and left it to default to
TRUE.
So, along with the pjproject patch, this commit adds options to both the
system and endpoint objects to control the two behaviors, and a small
logic change to session_inv_on_media_update in res_pjsip_session to
control the behavior at the endpoint level.
The default behavior for "different tags" remains the same at TRUE and
the default for "same tag" is FALSE.
Change-Id: I64d071942b79adb2f0a4e13137389b19404fe3d6
ASTERISK-27936
Reported-by: Ross Beer
There have been cases that when the transaction timer callback is called
the tsx is already destroyed. This causes a crash. We now check the
tsx state and return if the tsx is already destroyed.
Change-Id: If93acd5e48d9ca5bb553f2405d5afc836842fe1c
Added a new pj_timer_entry_reset function that resets a timer_entry
for re-use.
Changed direct settings of timer_entry fields to use
pj_timer_entry_init and pj_timer_entry_reset.
Fixed issues where timers were being rescheduled incorrectly.
Change-Id: I5b624bfbc5c1429117484b9b24567293002148e6
There have been some crashes in the past where something attempts
to use a pj_atomic after it's already been destroyed. This patch
tries to prevent it by making sure that pj_atomic_destroy sets
its mutex to NULL when it's done. The pj_mutex functions already check
for a NULL mutex and just return PJ_EINVAL.
Teluu also added some checks to the win32 implementation as well.
Change-Id: Id25f70b79fdedf44ead6e6e1763a4417d3b3f825
