This reverts commit 315eb551db.
Over the past year, we've had several reports of "topology storms"
occurring where 2 external facing channels connected by one or more
local channels and bridges will get themselves in a state where
they continually send each other topology change requests. This
usually manifests itself in no-audio calls and a flood of
"Exceptionally long queue length" messages. It appears that this
commit is the cause so we're reverting it for now until we can
determine a more appropriate solution.
Resolves: #530
(cherry picked from commit c31cd32b82)
The ast_sip_request_transport_details must be zero initialized,
otherwise this could lead to a SEGV.
Resolves: #509
(cherry picked from commit 81188ada5f)
This fixes a number of broken links throughout the
tree, mostly caused by wiki.asterisk.org being replaced
with docs.asterisk.org, which should eliminate the
need for sporadic fixes as in f28047db36.
Resolves: #430
(cherry picked from commit 3bb34477d4)
There are valid scenarios where res_odbc's connection pool might have some dead
or stuck connections while others are healthy (imagine network
elements/firewalls/routers silently timing out connections to a single DB and a
single IP address, or a heterogeneous connection pool connected to potentially
multiple IPs/instances of a replicated DB using a DNS front end for load
balancing and one replica fails).
In order to time out those unhealthy connections without blocking access to
other parts of Asterisk that may attempt access to the connection pool, it would
be beneficial to not lock/block access around the entire pool in
_ast_odbc_request_obj2 while doing potentially blocking operations on connection
pool objects such as the connection_dead() test, odbc_obj_connect(), or by
dereferencing a struct odbc_obj for the last time and triggering a
odbc_obj_disconnect().
This would facilitate much quicker and concurrent timeout of dead connections
via the connection_dead() test, which could block potentially for a long period
of time depending on odbc.ini or other odbc connector specific timeout settings.
This also would make rapid failover (in the clustered DB scenario) much quicker.
This patch changes the locking in _ast_odbc_request_obj2() to not lock around
odbc_obj_connect(), _disconnect(), and connection_dead(), while continuing to
lock around truly shared, non-immutable state like the connection_cnt member and
the connections list on struct odbc_class.
Fixes: #465
(cherry picked from commit e0bf65bde6)
In 5ac5c2b0 we defined `OPENSSL_SUPPRESS_DEPRECATED` to silence
deprecation warnings. This commit switches over to using
non-deprecated API.
(cherry picked from commit 05924e30f9)
Additionally add a `assert()` to in the TLS client setup code to
ensure that hostname is set when it is supposed to be.
Fixes#433
(cherry picked from commit 40a9f5a88c)
See UserNote below.
Exposed the existing Hangup AMI action in manager.c so we can use
all of it's channel search and AMI protocol handling without
duplicating that code in dialplan_functions.c.
Added a lookup function to res_pjsip.c that takes in the
string represenation of the pjsip_status_code enum and returns
the actual status code. I.E. ast_sip_str2rc("DECLINE") returns
603. This allows the caller to specify PJSIPHangup(decline) in
the dialplan, just like Hangup(call_rejected).
Also extracted the XML documentation to its own file since it was
almost as large as the code itself.
UserNote: A new dialplan app PJSIPHangup and AMI action allows you
to hang up an unanswered incoming PJSIP call with a specific SIP
response code in the 400 -> 699 range.
(cherry picked from commit af7e89ebf8)
If too many ciphers are specified in the PJSIP config,
include the maximum number of ciphers that may be
specified in the user-facing error message.
Resolves: #396
(cherry picked from commit d4185ca025)
* Allow res_speech to translate the input channel if the
format is translatable to a format suppored by the
speech provider.
Resolves: #129
UserNote: res_speech now supports translation of an input channel
to a format supported by the speech provider, provided a translation
path is available between the source format and provider capabilites.
(cherry picked from commit e8fbdca40b)
Per RFC8827:
Implementations MUST NOT implement DTLS renegotiation and MUST
reject it with a "no_renegotiation" alert if offered.
So we disable it when webrtc=yes is set.
Fixes#378
UpgradeNote: The dtls_rekey will be disabled if webrtc support is
requested on an endpoint. A warning will also be emitted.
(cherry picked from commit c7afd5357c)
Commit f66f77f last year prevents the res_pjsip_exten_state and
res_pjsip_mwi modules from unloading due to possible pjproject
asserts if the modules are reloaded. A side effect of the
implementation is that the taskprocessors these modules use aren't
being released. When asterisk is doing a graceful shutdown, it
waits AST_TASKPROCESSOR_SHUTDOWN_MAX_WAIT seconds for all
taskprocessors to stop but since those 2 modules don't release
theirs, the shutdown hangs for that amount of time.
This change allows the modules to be unloaded and their resources to
be released when ast_shutdown_final is true.
Resolves: #379
(cherry picked from commit b9ee664440)
This commit introduces an extension to the endpoint and relevant
resource sizes for PJSIP, transitioning from its current 40-character
constraint to a more versatile 255-character capacity. This enhancement
significantly overcomes limitations related to domain qualification and
practical usage, ultimately delivering improved functionality. In
addition, it includes adjustments to accommodate the expanded realm size
within the ARI, specifically enhancing the maximum realm length.
Resolves: #345
UserNote: With this update, the PJSIP realm lengths have been extended
to support up to 255 characters.
UpgradeNote: As part of this update, the maximum allowable length
for PJSIP endpoints and relevant resources has been increased from
40 to 255 characters. To take advantage of this enhancement, it is
recommended to run the necessary procedures (e.g., Alembic) to
update your schemas.
(cherry picked from commit 9b70b18dec)
res_statsis's app loop sleeps for up to .2s waiting on input
to a channel before re-checking the command queue. This can
cause delays between channel setup and bridge.
This change is to send a SIGURG on the sleeping thread when
a new command is enqueued. This exits the sleeping thread out
of the ast_waitfor() call triggering the new command being
processed on the channel immediately.
Resolves: #362
UserNote: Call setup times should be significantly improved
when using ARI.
(cherry picked from commit 7ea0e3bfda)
Make it possible to start a playback and the calling party
to receive audio on a bridge before the call is connected.
Model the implementation after play_on_channel and deliver a
AST_CONTROL_PROGRESS before starting the playback.
For a PJSIP channel this will result in sending a SIP 183
Session Progress.
(cherry picked from commit 624c7ac883)
The documentation on qualify_timeout does not explicitly state that the timeout
includes any time required to perform any needed DNS queries on the endpoint.
If the OPTIONS response is delayed due to the DNS query, it can still render an
endpoint as Unreachable if the net time is enough for qualify_timeout to expire.
Resolves: #352
(cherry picked from commit 323a51fd6c)
res_speech_aeap previously did not register an error handler
with aeap, so it was not notified of a disconnect. This resulted
in SpeechBackground never exiting upon a websocket disconnect.
Resolves: #303
(cherry picked from commit e921f5e010)
From the gdb information, ast_websocket_read reads a message successfully,
then transport_read is called in the serializer. During execution of pjsip_transport_down,
ws_session->stream->fd is closed; ast_websocket_read encounters an error and exits the while loop.
After executing transport_shutdown, the transport's reference count becomes 0, causing a crash when sending SIP messages.
This was due to pjsip_transport_dec_ref executing earlier than pjsip_rx_data_clone, leading to this issue.
In websocket_cb executeing pjsip_transport_add_ref, this we now ensure the transport is not destroyed while in the loop.
Resolves: asterisk#299
(cherry picked from commit a38add11e6)
In function rtp_ioqueue_thread_remove counter in ioqueue object is not decreased
which prevents unused ICE TURN threads from being removed.
Resolves: #301
(cherry picked from commit 56244a7371)
The ast_sip_subscription_handler "test_handler" used for the unit
tests didn't set "body_type" so the NULL value was causing
a SEGV in build_subscription_tree(). It's now set to "".
Resolves: #335
(cherry picked from commit 71d75373f9)
* Since ICE candidates are used for the check and pjproject is
required to use ICE, res_rtp_asterisk was failing to compile
when pjproject wasn't available. The check is now wrapped
with an #ifdef HAVE_PJPROJECT.
* The rtp->ice_active_remote_candidates container was being
used to check the address on incoming packets but that
container doesn't contain peer reflexive candidates discovered
during negotiation. This was causing the check to fail
where it shouldn't. We now check against pjproject's
real_ice->rcand array which will contain those candidates.
* Also fixed a bug in ast_sockaddr_from_pj_sockaddr() where
we weren't zeroing out sin->sin_zero before returning. This
was causing ast_sockaddr_cmp() to always return false when
one of the inputs was converted from a pj_sockaddr, even
if both inputs had the same address and port.
Resolves: #500Resolves: #503Resolves: #505
When updating an existing header the 'update' code incorrectly
just copied the new value into the existing buffer. If the
new value exceeded the available buffer size memory outside
of the buffer would be written into, potentially causing
a crash.
This change makes it so that the 'update' now duplicates
the new header value instead of copying it into the existing
buffer.
Add patch to split the log level for invalid packets received on the
signaling port. The warning regarding the packet will move to level 2
so that it can still be displayed, while the raw packet will be at level
4.
When ICE is in use, we can prevent a possible DOS attack by allowing
DTLS protocol messages (client hello, etc) only from sources that
are in the active remote candidates list.
Resolves: GHSA-hxj9-xwr8-w8pq
Handle session interval lower than endpoint's configured minimum timer
when sending first answer. Timer setting is checked during this step and
needs to handled appropriately.
Before this change, no response was sent at all. After this change a
response with 422 Session Interval too small is sent to UAC.
(cherry picked from commit 9284dca636)
If the contact_user is configured on the endpoint it will now be set on the local Contact header URI for incoming calls. The contact_user has already been set on the local Contact header URI for outgoing calls.
Resolves: #226
(cherry picked from commit 720813dc97)
Added a new boolean configuration flag -
`order_multi_row_results_by_initial_column` - to both res_pgsql.conf
and res_config_odbc.conf that allows the administrator to disable the
explicit `ORDER BY` that was previously being added to all generated
SQL statements that returned multiple rows.
Fixes: #179
(cherry picked from commit 1171beb7e4)
An earlier cherry-pick that involved rest-api somehow didn't include
a comment change in res/ari/resource_endpoints.h. This commit
corrects that. No changes other than the comment.
(cherry picked from commit 21b0522abd)
The documentation for PJSIP_HEADERS claims that
prefix is optional, but in the code it is actually not.
However, there is no inherent reason for this, as users
may want to retrieve all header names, not just those
beginning with a certain prefix.
This makes the prefix optional for this function,
simply fetching all header names if not specified.
As a result, the documentation is now correct.
Resolves: #230
UserNote: The prefix argument to PJSIP_HEADERS is now
optional. If not specified, all header names will be
returned.
(cherry picked from commit 2179082eaf)
This change adds support for refers that are not session based. It
includes a refer implementation for the PJSIP technology which results
in out-of-dialog REFERs being sent to a PJSIP endpoint. These can be
triggered using the new ARI endpoint `/endpoints/refer`.
Resolves: #71
UserNote: There is a new ARI endpoint `/endpoints/refer` for referring
an endpoint to some URI or endpoint.
In 8d6fdf9c3a invisible bridges were
skipped but that lead to producing metrics with no name and no help.
Keep track of the number of metrics configured and then only emit these.
Add a basic testcase that verifies that there is no '(NULL)' in the
output.
ASTERISK-30474
Fixes#221
UserNote: res_pjsip now allows TLS v1.3 to be enabled if supported by
the underlying PJSIP library. The bundled version of PJSIP supports
TLS v1.3.
From the gdb information, it was found that when calling __ast_free, the size of the
allocated space pointed to by the pointer matches the size created when rtp->themssrc_valid
is equal to 0. However, in reality, when reading the value of rtp->themssrc_valid in gdb,
it is found to be 1.
Within ast_rtcp_write(), the call to ast_rtp_rtcp_report_alloc() uses rtp->themssrc_valid,
which is outside the protection of the rtp_instance lock. However,
ast_rtcp_generate_report(), which is called by ast_rtcp_generate_compound_prefix(), uses
rtp->themssrc_valid within the protection of the rtp_instance lock.
This can lead to the possibility that the value of rtp->themssrc_valid used in the call to
ast_rtp_rtcp_report_alloc() may be different from the value of rtp->themssrc_valid used
within ast_rtcp_generate_report().
Resolves: asterisk#63
Added two new functions (ast_sip_session_get_dialog and
ast_sip_session_get_pjsip_inv_state) that retrieve the dialog and the
pjsip_inv_state respectively from the pjsip_inv_session on the
ast_sip_session struct. This is due to pjproject adding a new field to
the pjsip_inv_session struct that caused crashes when trying to access
fields that were no longer where they were expected to be if a module
was compiled against a different version of pjproject.
Resolves: #145
