If too many ciphers are specified in the PJSIP config,
include the maximum number of ciphers that may be
specified in the user-facing error message.
Resolves: #396
(cherry picked from commit d4185ca025)
* Allow res_speech to translate the input channel if the
format is translatable to a format suppored by the
speech provider.
Resolves: #129
UserNote: res_speech now supports translation of an input channel
to a format supported by the speech provider, provided a translation
path is available between the source format and provider capabilites.
(cherry picked from commit e8fbdca40b)
Per RFC8827:
Implementations MUST NOT implement DTLS renegotiation and MUST
reject it with a "no_renegotiation" alert if offered.
So we disable it when webrtc=yes is set.
Fixes#378
UpgradeNote: The dtls_rekey will be disabled if webrtc support is
requested on an endpoint. A warning will also be emitted.
(cherry picked from commit c7afd5357c)
Commit f66f77f last year prevents the res_pjsip_exten_state and
res_pjsip_mwi modules from unloading due to possible pjproject
asserts if the modules are reloaded. A side effect of the
implementation is that the taskprocessors these modules use aren't
being released. When asterisk is doing a graceful shutdown, it
waits AST_TASKPROCESSOR_SHUTDOWN_MAX_WAIT seconds for all
taskprocessors to stop but since those 2 modules don't release
theirs, the shutdown hangs for that amount of time.
This change allows the modules to be unloaded and their resources to
be released when ast_shutdown_final is true.
Resolves: #379
(cherry picked from commit b9ee664440)
This commit introduces an extension to the endpoint and relevant
resource sizes for PJSIP, transitioning from its current 40-character
constraint to a more versatile 255-character capacity. This enhancement
significantly overcomes limitations related to domain qualification and
practical usage, ultimately delivering improved functionality. In
addition, it includes adjustments to accommodate the expanded realm size
within the ARI, specifically enhancing the maximum realm length.
Resolves: #345
UserNote: With this update, the PJSIP realm lengths have been extended
to support up to 255 characters.
UpgradeNote: As part of this update, the maximum allowable length
for PJSIP endpoints and relevant resources has been increased from
40 to 255 characters. To take advantage of this enhancement, it is
recommended to run the necessary procedures (e.g., Alembic) to
update your schemas.
(cherry picked from commit 9b70b18dec)
res_statsis's app loop sleeps for up to .2s waiting on input
to a channel before re-checking the command queue. This can
cause delays between channel setup and bridge.
This change is to send a SIGURG on the sleeping thread when
a new command is enqueued. This exits the sleeping thread out
of the ast_waitfor() call triggering the new command being
processed on the channel immediately.
Resolves: #362
UserNote: Call setup times should be significantly improved
when using ARI.
(cherry picked from commit 7ea0e3bfda)
Make it possible to start a playback and the calling party
to receive audio on a bridge before the call is connected.
Model the implementation after play_on_channel and deliver a
AST_CONTROL_PROGRESS before starting the playback.
For a PJSIP channel this will result in sending a SIP 183
Session Progress.
(cherry picked from commit 624c7ac883)
The documentation on qualify_timeout does not explicitly state that the timeout
includes any time required to perform any needed DNS queries on the endpoint.
If the OPTIONS response is delayed due to the DNS query, it can still render an
endpoint as Unreachable if the net time is enough for qualify_timeout to expire.
Resolves: #352
(cherry picked from commit 323a51fd6c)
res_speech_aeap previously did not register an error handler
with aeap, so it was not notified of a disconnect. This resulted
in SpeechBackground never exiting upon a websocket disconnect.
Resolves: #303
(cherry picked from commit e921f5e010)
From the gdb information, ast_websocket_read reads a message successfully,
then transport_read is called in the serializer. During execution of pjsip_transport_down,
ws_session->stream->fd is closed; ast_websocket_read encounters an error and exits the while loop.
After executing transport_shutdown, the transport's reference count becomes 0, causing a crash when sending SIP messages.
This was due to pjsip_transport_dec_ref executing earlier than pjsip_rx_data_clone, leading to this issue.
In websocket_cb executeing pjsip_transport_add_ref, this we now ensure the transport is not destroyed while in the loop.
Resolves: asterisk#299
(cherry picked from commit a38add11e6)
In function rtp_ioqueue_thread_remove counter in ioqueue object is not decreased
which prevents unused ICE TURN threads from being removed.
Resolves: #301
(cherry picked from commit 56244a7371)
The ast_sip_subscription_handler "test_handler" used for the unit
tests didn't set "body_type" so the NULL value was causing
a SEGV in build_subscription_tree(). It's now set to "".
Resolves: #335
(cherry picked from commit 71d75373f9)
* Since ICE candidates are used for the check and pjproject is
required to use ICE, res_rtp_asterisk was failing to compile
when pjproject wasn't available. The check is now wrapped
with an #ifdef HAVE_PJPROJECT.
* The rtp->ice_active_remote_candidates container was being
used to check the address on incoming packets but that
container doesn't contain peer reflexive candidates discovered
during negotiation. This was causing the check to fail
where it shouldn't. We now check against pjproject's
real_ice->rcand array which will contain those candidates.
* Also fixed a bug in ast_sockaddr_from_pj_sockaddr() where
we weren't zeroing out sin->sin_zero before returning. This
was causing ast_sockaddr_cmp() to always return false when
one of the inputs was converted from a pj_sockaddr, even
if both inputs had the same address and port.
Resolves: #500Resolves: #503Resolves: #505
When updating an existing header the 'update' code incorrectly
just copied the new value into the existing buffer. If the
new value exceeded the available buffer size memory outside
of the buffer would be written into, potentially causing
a crash.
This change makes it so that the 'update' now duplicates
the new header value instead of copying it into the existing
buffer.
Add patch to split the log level for invalid packets received on the
signaling port. The warning regarding the packet will move to level 2
so that it can still be displayed, while the raw packet will be at level
4.
When ICE is in use, we can prevent a possible DOS attack by allowing
DTLS protocol messages (client hello, etc) only from sources that
are in the active remote candidates list.
Resolves: GHSA-hxj9-xwr8-w8pq
Handle session interval lower than endpoint's configured minimum timer
when sending first answer. Timer setting is checked during this step and
needs to handled appropriately.
Before this change, no response was sent at all. After this change a
response with 422 Session Interval too small is sent to UAC.
(cherry picked from commit 9284dca636)
If the contact_user is configured on the endpoint it will now be set on the local Contact header URI for incoming calls. The contact_user has already been set on the local Contact header URI for outgoing calls.
Resolves: #226
(cherry picked from commit 720813dc97)
Added a new boolean configuration flag -
`order_multi_row_results_by_initial_column` - to both res_pgsql.conf
and res_config_odbc.conf that allows the administrator to disable the
explicit `ORDER BY` that was previously being added to all generated
SQL statements that returned multiple rows.
Fixes: #179
(cherry picked from commit 1171beb7e4)
An earlier cherry-pick that involved rest-api somehow didn't include
a comment change in res/ari/resource_endpoints.h. This commit
corrects that. No changes other than the comment.
(cherry picked from commit 21b0522abd)
The documentation for PJSIP_HEADERS claims that
prefix is optional, but in the code it is actually not.
However, there is no inherent reason for this, as users
may want to retrieve all header names, not just those
beginning with a certain prefix.
This makes the prefix optional for this function,
simply fetching all header names if not specified.
As a result, the documentation is now correct.
Resolves: #230
UserNote: The prefix argument to PJSIP_HEADERS is now
optional. If not specified, all header names will be
returned.
(cherry picked from commit 2179082eaf)
This change adds support for refers that are not session based. It
includes a refer implementation for the PJSIP technology which results
in out-of-dialog REFERs being sent to a PJSIP endpoint. These can be
triggered using the new ARI endpoint `/endpoints/refer`.
Resolves: #71
UserNote: There is a new ARI endpoint `/endpoints/refer` for referring
an endpoint to some URI or endpoint.
In 8d6fdf9c3a invisible bridges were
skipped but that lead to producing metrics with no name and no help.
Keep track of the number of metrics configured and then only emit these.
Add a basic testcase that verifies that there is no '(NULL)' in the
output.
ASTERISK-30474
Fixes#221
UserNote: res_pjsip now allows TLS v1.3 to be enabled if supported by
the underlying PJSIP library. The bundled version of PJSIP supports
TLS v1.3.
From the gdb information, it was found that when calling __ast_free, the size of the
allocated space pointed to by the pointer matches the size created when rtp->themssrc_valid
is equal to 0. However, in reality, when reading the value of rtp->themssrc_valid in gdb,
it is found to be 1.
Within ast_rtcp_write(), the call to ast_rtp_rtcp_report_alloc() uses rtp->themssrc_valid,
which is outside the protection of the rtp_instance lock. However,
ast_rtcp_generate_report(), which is called by ast_rtcp_generate_compound_prefix(), uses
rtp->themssrc_valid within the protection of the rtp_instance lock.
This can lead to the possibility that the value of rtp->themssrc_valid used in the call to
ast_rtp_rtcp_report_alloc() may be different from the value of rtp->themssrc_valid used
within ast_rtcp_generate_report().
Resolves: asterisk#63
Added two new functions (ast_sip_session_get_dialog and
ast_sip_session_get_pjsip_inv_state) that retrieve the dialog and the
pjsip_inv_state respectively from the pjsip_inv_session on the
ast_sip_session struct. This is due to pjproject adding a new field to
the pjsip_inv_session struct that caused crashes when trying to access
fields that were no longer where they were expected to be if a module
was compiled against a different version of pjproject.
Resolves: #145
Add a parking space extension parameter (ParkingSpace) to the Park action.
Park action will attempt to park the call to that extension.
If the extension is already in use, then execution will continue at the next priority.
UserNote: New ParkingSpace parameter has been added to AMI action Park.
Adds the loop_last option to res_musiconhold,
which allows the last audio file in the directory
to be looped perpetually once reached, rather than
circling back to the beginning again.
Resolves: #122
ASTERISK-30462
UserNote: The loop_last option in musiconhold.conf now
allows the last file in the directory to be looped once reached.
Add new type 'sdp_label' when creating a bridge using the ARI. This will
add labels to the SDP for each stream, the label is set to the
corresponding channel id.
Resolves: #91
UserNote: When creating a bridge using the ARI the 'type' argument now
accepts a new value 'sdp_label' which will configure the bridge to add
labels for each stream in the SDP with the corresponding channel id.
The existing res_pjsip_pubsub APIs are somewhat limited in
what they can do. This adds a few API extensions that make
it possible for PJSIP pubsub modules to implement richer
features than is currently possible.
* Allow pubsub modules to get a handle to pjsip_rx_data on subscription
* Allow pubsub modules to run a callback when a subscription is renewed
* Allow pubsub modules to run a callback for outgoing NOTIFYs, with
a handle to the tdata, so that modules can append their own headers
to the NOTIFYs
This change does not add any features directly, but makes possible
several new features that will be added in future changes.
Resolves: #81
ASTERISK-30485 #close
Master-Only: True
We should also return all codecs on an re-INVITE without SDP for a
call that used late offer (e.g. no SDP in the initial INVITE, SDP
in the ACK). Bugfix for feature introduced in ASTERISK-30193
(https://issues.asterisk.org/jira/browse/ASTERISK-30193)
Migration from previous gerrit change that was not merged.
When using mediasec, requests sent after a 401 must still contain the
Security-Client header according to
draft-dawes-sipcore-mediasec-parameter.
Resolves: #48
The current STIR/SHAKEN signing process is inconsistent with the
RFCs in a couple ways that can cause interoperability issues.
RFC8225 specifies that the keys must be ordered lexicographically, but
currently the fields are simply ordered according to the order
in which they were added to the JSON object, which is not
compliant with the RFC and can cause issues with some carriers.
To fix this, we now leverage libjansson's ability to dump a JSON
object sorted by key value, yielding the correct field ordering.
Additionally, telephone numbers must have any leading + prefix removed
and must not contain characters outside of 0-9, *, and # in order
to comply with the RFCs. Numbers are now properly formatted as such.
ASTERISK-30407 #close
Change-Id: Iab76d39447c4b8cf133de85657dba02fda07f9a2
In a three party scenario with INVITE with replaces, we need to
unhold the call, otherwise one party continues to get music on
hold, and the call is not properly bridged between them.
ASTERISK-30428
Change-Id: I5675df11e739be5226b328f8828d4b8d81fbefb4
There are two main parts of the change associated with this
commit. These are driven by the change in call order of
pubsub_on_rx_refresh and pubsub_on_evsub_state by pjproject
when an in-dialog SUBSCRIBE is received.
First, the previous behavior was for pjproject to call
pubsub_on_rx_refresh before calling pubsub_on_evsub_state
when an in-dialog SUBSCRIBE was received that changes the
subscription state.
If that change was a termination due to a re-SUBSCRIBE with
an expires of 0, we used to use the call to pubsub_on_rx_refresh
to set the substate of the evsub to TERMINATE_PENDING before
pjproject could call pubsub_on_evsub_state.
This substate let pubsub_on_evsub_state know that the
subscription TERMINATED event could be ignored as there was
still a subsequent NOTIFY that needed to be generated and
another call to pubsub_on_evsub_state to come with it.
That NOTIFY was sent via serialized_pubsub_on_refresh_timeout
which would see the TERMINATE_PENDING state and transition it
to TERMINATE_IN_PROGRESS before triggering another call to
pubsub_on_evsub_state (which now would clean up the evsub.)
The new pjproject behavior is to call pubsub_on_evsub_state
before pubsub_on_rx_refresh. This means we no longer can set
the state to TERMINATE_PENDING to tell pubsub_on_evsub_state
that it can ignore the first TERMINATED event.
To handle this, we now look directly at the event type,
method type and the expires value to determine whether we
want to ignore the event or use it to trigger the evsub
cleanup.
Second, pjproject now expects the NOTIFY to actually be sent
during pubsub_on_rx_refresh and avoids the protocol violation
inherent in sending a NOTIFY before the SUBSCRIBE is
acknowledged by caching the sent NOTIFY then sending it
after responding to the SUBSCRIBE.
This requires we send the NOTIFY using the non-serialized
pubsub_on_refresh_timeout directly and let pjproject handle
the protocol violation.
ASTERISK-30469
Change-Id: I05c1d91a44fe28244ae93faa4a2268a3332b5fd7
