Add a new identify_by option to res_pjsip_endpoint_identifier_ip
called 'transport' this matches endpoints based on the bound
ip address (local) instead of the 'ip' option, which matches on
the source ip address (remote).
UserNote: set identify_by=transport for the pjsip endpoint. Then
use the existing 'match' option and the new 'transport' option of
the identify.
Fixes: #672
(cherry picked from commit c8769f3d5a)
* OpenSSL 1.0.2 doesn't support X509_get0_pubkey so we now use
X509_get_pubkey. The difference is that X509_get_pubkey requires
the caller to free the EVP_PKEY themselves so we now let
RAII_VAR do that.
* OpenSSL 1.0.2 doesn't support upreffing an X509_STORE so we now
wrap it in an ao2 object.
* OpenSSL 1.0.2 doesn't support X509_STORE_get0_objects to get all
the certs from an X509_STORE and there's no easy way to polyfill
it so the CLI commands that list profiles will show a "not
supported" message instead of listing the certs in a store.
Resolves: #676
(cherry picked from commit 16b264d6a9)
There were a few references in the embedded documentation XML
where the case didn't match or where the referenced app or function
simply didn't exist any more. These were causing 404 responses
in docs.asterisk.org.
(cherry picked from commit 9e2179baa1)
Add ability to match against PJSIP request URI.
UserNote: this new feature let users match endpoints based on the
indound SIP requests' URI. To do so, add 'request_uri' to the
endpoint's 'identify_by' option. The 'match_request_uri' option of
the identify can be an exact match for the entire request uri, or a
regular expression (between slashes). It's quite similar to the
header identifer.
Fixes: #599
(cherry picked from commit ac297d15f8)
Commit 729cb1d390 added logic to retry
opening DAHDI channels on "dahdi restart" if they failed initially,
up to 1,000 times in a loop, to address cases where the channel was
still in use. However, this retry loop does not use the actual error,
which means chan_dahdi will also retry opening nonexistent channels
1,000 times per channel, causing a flood of unnecessary warning logs
for an operation that will never succeed, with tens or hundreds of
thousands of open attempts being made.
The original patch would have been more targeted if it only retried
on the specific relevant error (likely EBUSY, although it's hard to
say since the original issue is no longer available).
To avoid the problem above while avoiding the possibility of breakage,
this skips the retry logic if the error is ENXIO (No such device or
address), since this will never succeed.
Resolves: #669
(cherry picked from commit 63aa08fa0b)
This commit introduces configurable TCP keepalive settings for both TCP and TLS transports. The changes allow for finer control over TCP connection keepalives, enhancing stability and reliability in environments prone to connection timeouts or where intermediate devices may prematurely close idle connections. This has proven necessary and has already been tested in production in several specialized environments where access to the underlying transport is unreliable in ways invisible to the operating system directly, so these keepalive and timeout mechanisms are necessary.
Fixes#657
(cherry picked from commit 555eb9d3d2)
There was functionality in chan_sip to get REFER headers, with GET_TRANSFERRER_DATA variable. This commit implements the same functionality in pjsip, to ease transfer from chan_sip to pjsip.
Fixes: #579
UserNote: the GET_TRANSFERRER_DATA dialplan variable can now be used also in pjsip.
(cherry picked from commit cba82273ae)
SQLAlchemy 2.0 changed the way that commits/rollbacks are handled
causing the final `UPDATE` to our `alembic_version_<whatever>` tables
to be rolled back instead of committed.
We now use one connection to determine which
`alembic_version_<whatever>` table to use and another to run the
actual migrations. This prevents the erroneous rollback.
This change is compatible with both SQLAlchemy 1.4 and 2.0.
(cherry picked from commit 1944c9d72e)
manager.c: Add new parameter 'PreDialGoSub' to Originate AMI action
The action originate does not has the ability to run an subroutine at initial channel, like the Aplication Originate. This update give this ability for de action originate too.
For example, we can run a routine via Gosub on the channel to request an automatic answer, so the caller does not need to accept the call when using the originate command via manager, making the operation more efficient.
UserNote: When using the Originate AMI Action, we now can pass the PreDialGoSub parameter, instructing the asterisk to perform an subrouting at channel before call start. With this parameter an call initiated by AMI can request the channel to start the call automaticaly, adding a SIP header to using GoSUB, instructing to autoanswer the channel, and proceeding the outbuound extension executing. Exemple of an context to perform the previus indication:
[addautoanswer]
exten => _s,1,Set(PJSIP_HEADER(add,Call-Info)=answer-after=0)
exten => _s,n,Set(PJSIP_HEADER(add,Alert-Info)=answer-after=0)
exten => _s,n,Return()
(cherry picked from commit d4b79cb466)
It is possible for dialplan to result in an infinite
recursion of variable substitution, which eventually
leads to stack overflow. If we detect this, abort
substitution and log an error for the user to fix
the broken dialplan.
Resolves: #480
UpgradeNote: The maximum amount of dialplan recursion
using variable substitution (such as by using EVAL_EXTEN)
is capped at 15.
(cherry picked from commit 310c8a7c68)
The prometheus exposition format requires each line to be unique[1].
This is handled by struct prometheus_metric having a list of children
that is managed when registering a metric. In case the scrape callback
is used, it is the responsibility of the implementation to handle this
correctly.
Originally the bridge callback didn't handle NULL snapshots, the crash
fix lead to NULL metrics, and fixing that lead to duplicates.
The original code assumed that snapshots are not NULL and then relied on
"if (i > 0)" to establish the parent/children relationship between
metrics of the same class. This is not workerable as the first bridge
might be invisible/lacks a snapshot.
Fix this by keeping a separate array of the first metric by class.
Instead of relying on the index of the bridge, check whether the array
has an entry. Use that array for the output.
Add a test case that verifies that the help text is not duplicated.
Resolves: #642
[1] https://prometheus.io/docs/instrumenting/exposition_formats/#grouping-and-sorting
(cherry picked from commit d45c8e165f)
This adds a CLI command that can be used to manually
kick specific AMI sessions.
Resolves: #485
UserNote: The "manager kick session" CLI command now
allows kicking a specified AMI session.
(cherry picked from commit f4fba80708)
The existing "waitfordialtone" setting in chan_dahdi.conf
applies permanently to a specific channel, regardless of
how it is being used. This rather restrictively prevents
a system from simultaneously being able to pick free lines
for outgoing calls while also allowing barge-in to a trunk
by some other arrangement.
This allows specifying "waitfordialtone" using the CHANNEL
function for only the next call that will be placed, allowing
significantly more flexibility in the use of trunk interfaces.
Resolves: #472
UserNote: "waitfordialtone" may now be specified for DAHDI
trunk channels on a per-call basis using the CHANNEL function.
(cherry picked from commit 7f51313725)
Currently, if a parking lot is full, bridge setup returns -1,
causing dialplan execution to terminate without TryExec.
However, such failures should be handled more gracefully,
the same way they are on other paths, as indicated by the
module's author, here:
http://lists.digium.com/pipermail/asterisk-dev/2018-December/077144.html
Now, callers will hear the parking failure announcement, and dialplan
will continue, which is consistent with existing failure modes.
Resolves: #624
(cherry picked from commit e1dfa20797)
In handle_negotiated_sdp the pending_media_state->read_callbacks must be
reset before they are added in the SDP handlers in
handle_negotiated_sdp_session_media. Otherwise, old callbacks for
removed streams and file descriptors could be added to the channel and
Asterisk would poll on non-existing file descriptors.
Resolves: #611
(cherry picked from commit c5a6d8a6db)
* Added checks for missing session, session->channel and rdata
in stir_shaken_incoming_request.
* Added checks for missing session, session->channel and tdata
in stir_shaken_outgoing_request.
Resolves: #645
Add a timeout option to control the amount of time
to wait if no early media is received before giving
up. This allows aborting early if the destination
is not being responsive.
Resolves: #588
UserNote: The timeout argument to Dial now allows
specifying the maximum amount of time to dial if
early media is not received.
(cherry picked from commit bdf9327a33)
Most app_voicemail unit tests were not properly cleaning up
after themselves after running. This led to test mailboxes
lingering around in the system. It also meant that if any
unit tests in app_voicemail that create mailboxes were executed
and the module was not unloaded/loaded again prior to running
the test_voicemail_vm_info unit test, Asterisk would segfault
due to an attempt to copy a NULL string.
The load_config test did actually have logic to reinitialize
the config after the test. However, this did not work in practice
since load_config() would not reload the config since voicemail.conf
had not changed during the test; thus, additional logic has been
added to ensure that voicemail.conf is truly reloaded, after any
unit tests which modify the users list.
This prevents the SEGV due to invalid mailboxes lingering around,
and also ensures that the system state is restored to what it was
prior to the tests running.
Resolves: #629
(cherry picked from commit 2ac9c8fb5c)
This adds an option to allow preventing callers from leaving
messages marked as 'urgent'.
Resolves: #619
UserNote: The leaveurgent mailbox option can now be used to
control whether callers may leave messages marked as 'Urgent'.
(cherry picked from commit 190b6eafb3)
This migrates the relevant schema objects from the `('yes', 'no')`
definition to the `('0', '1', 'off', 'on', 'false', 'true', 'yes', 'no')`
one.
Fixes#617
(cherry picked from commit 1a94502551)
In as_check_common_config, we were calling ast_std_free on
raw_key but raw_key was allocated with ast_malloc so it
should be freed with ast_free.
Resolves: #636
(cherry picked from commit 1b94c90524)
The default location for the stir_shaken cache is
/var/lib/asterisk/keys/stir_shaken/cache but we were only creating
/var/lib/asterisk/keys/stir_shaken on istall. We now create
the cache sub-directory.
Resolves: #634
(cherry picked from commit 215424aa76)
Why do we need a refactor?
The original stir/shaken implementation was started over 3 years ago
when little was understood about practical implementation. The
result was an implementation that wouldn't actually interoperate
with any other stir-shaken implementations.
There were also a number of stir-shaken features and RFC
requirements that were never implemented such as TNAuthList
certificate validation, sending Reason headers in SIP responses
when verification failed but we wished to continue the call, and
the ability to send Media Key(mky) grants in the Identity header
when the call involved DTLS.
Finally, there were some performance concerns around outgoing
calls and selection of the correct certificate and private key.
The configuration was keyed by an arbitrary name which meant that
for every outgoing call, we had to scan the entire list of
configured TNs to find the correct cert to use. With only a few
TNs configured, this wasn't an issue but if you have a thousand,
it could be.
What's changed?
* Configuration objects have been refactored to be clearer about
their uses and to fix issues.
* The "general" object was renamed to "verification" since it
contains parameters specific to the incoming verification
process. It also never handled ca_path and crl_path
correctly.
* A new "attestation" object was added that controls the
outgoing attestation process. It sets default certificates,
keys, etc.
* The "certificate" object was renamed to "tn" and had it's key
change to telephone number since outgoing call attestation
needs to look up certificates by telephone number.
* The "profile" object had more parameters added to it that can
override default parameters specified in the "attestation"
and "verification" objects.
* The "store" object was removed altogther as it was never
implemented.
* We now use libjwt to create outgoing Identity headers and to
parse and validate signatures on incoming Identiy headers. Our
previous custom implementation was much of the source of the
interoperability issues.
* General code cleanup and refactor.
* Moved things to better places.
* Separated some of the complex functions to smaller ones.
* Using context objects rather than passing tons of parameters
in function calls.
* Removed some complexity and unneeded encapsuation from the
config objects.
Resolves: #351Resolves: #46
UserNote: Asterisk's stir-shaken feature has been refactored to
correct interoperability, RFC compliance, and performance issues.
See https://docs.asterisk.org/Deployment/STIR-SHAKEN for more
information.
UpgradeNote: The stir-shaken refactor is a breaking change but since
it's not working now we don't think it matters. The
stir_shaken.conf file has changed significantly which means that
existing ones WILL need to be changed. The stir_shaken.conf.sample
file in configs/samples/ has quite a bit more information. This is
also an ABI breaking change since some of the existing objects
needed to be changed or removed, and new ones added. Additionally,
if res_stir_shaken is enabled in menuselect, you'll need to either
have the development package for libjwt v1.15.3 installed or use
the --with-libjwt-bundled option with ./configure.
(cherry picked from commit 2e0d837e01)
The new mode lists for each codec translation the actual real cost in cpu microseconds per second translated audio.
This allows to compare the real cpu usage of translations and helps in evaluation of codec implementation changes regarding performance (regression testing).
- add new table mode
- hide the 999999 comp values, as these only indicate an issue with transcoding
- hide the 0 values, as these also do not contain any information (only indicate a multistep transcoding)
Resolves: #601
(cherry picked from commit 3c72bc8a7b)
If a dynamic string is created with an initial length of 0,
`ast_str_buffer(…)` will return an invalid pointer.
This was a secondary discovery when fixing #65.
(cherry picked from commit 31ab82840b)
Media Experience Score relies on incorrect pseudo_mos variable
calculation. According to forming an opinion section of the
documentation, calculation relies on ITU-T G.107 standard:
https://docs.asterisk.org/Deployment/Media-Experience-Score/#forming-an-opinion
ITU-T G.107 Annex B suggests to calculate MOS with a coefficient
"seven times ten to the power of negative six", 7 * 10^(-6). which
would mean 6 digits after the decimal point. Current implementation
has 7 digits after the decimal point, which downrates the calls.
Fixes: #597
(cherry picked from commit a7a03bc294)
If ast_dsp_process is called with a codec besides slin, ulaw,
or alaw, a warning is logged that in-band DTMF is not supported,
but this message is not always appropriate or correct, because
ast_dsp_process is much more generic than just DTMF detection.
This logs a more generic message in those cases, and also improves
codec-mismatch logging throughout dsp.c by ensuring incompatible
codecs are printed out.
Resolves: #595
(cherry picked from commit 6ddcdfce1f)
Under rare circumstances, it's possible for the original audio
session in the active_media_state default_session to be corrupted
instead of removed when switching to the t38/image media session
during fax negotiation. This can cause a segfault when a "pjsip
show channelstats" attempts to print that audio media session's
rtp statistics. In these cases, the active_media_state
topology is correctly showing only a single t38/image stream
so we now check that there's an audio stream in the topology
before attempting to use the audio media session to get the rtp
statistics.
Resolves: #592
(cherry picked from commit adcfbcd50e)
When started with a verbose level of 3, asterisk can emit over 1500
verbose message that serve no real purpose other than to fill up
logs. When asterisk shuts down, it emits another 1100 that are of
even less use. Since the testsuite runs asterisk with a verbose
level of 3, and asterisk starts and stops for every one of the 700+
tests, the number of log messages is staggering. Besides taking up
resources, it also makes it hard to debug failing tests.
This commit changes the log level for those verbose messages to 5
instead of 3 which reduces the number of log messages to only a
handful. Of course, NOTICE, WARNING and ERROR message are
unaffected.
There's also one other minor change...
ast_context_remove_extension_callerid2() logs a DEBUG message
instead of an ERROR if the extension you're deleting doesn't exist.
The pjsip_config_wizard calls that function to clean up the config
and has been triggering that annoying error message for years.
Resolves: #582
(cherry picked from commit a5ae546b88)
The last time configure was run, it was run on a system that
did not enable -std=gnu11 by default, which meant that the
restrict qualifier would not be recognized on certain platforms.
This regenerates the configure files from running bootstrap.sh,
so that these should be recognized on all supported platforms.
Resolves: #586
(cherry picked from commit d0d09ef010)
Fixes: #406
UserNote: Bundled pjproject has been upgraded to 2.14. For more
information on what all is included in this change, check out the
pjproject Github page: https://github.com/pjsip/pjproject/releases
(cherry picked from commit 6efa51f512)
This introduces a setting for outbound registrations to override the
global User-Agent header setting.
Resolves: #515
UserNote: PJSIP outbound registrations now support a per-registration
User-Agent header
(cherry picked from commit c7fc6ae362)
Adds 'p' option to SpeechBackground() application.
With this option, when the app timeout is reached,
whatever the backend speech engine collected will
be returned as if it were the final, full result.
(This works for engines that make partial results.)
Resolves: #572
UserNote: The SpeechBackground dialplan application now supports a 'p'
option that will return partial results from speech engines that
provide them when a timeout occurs.
(cherry picked from commit c863e0d77d)
