When networks experience disruptions, there can be large gaps of time
between receiving packets. When strictrtp is enabled, this created
issues where a flood of packets could come in and be seen as an attack.
Another option - seqno - has been added to the strictrtp option that
ignores the time interval and goes strictly by sequence number for
validity.
Change-Id: I8a42b8d193673899c8fc22fe7f98ea87df89be71
app_voicemail was using the stasis cache to build and maintain a
list of mailboxes that had subscribers. It then used this list
to determine if a mailbox should be polled for new messages if
polling was enabled. For this to work, stasis had to cache every
subscription and unsubscription to the mailbox which caused a lot of
overhead, both cpu and memory related.
Since polling is only required when changes are being made to
mailboxes outside of app_voicemail and since the number of mailboxes
that don't have any subscribers is likely to be very low, all
mailboxes are now polled instead of just the ones with subscribers.
This paves the way for disabling the caching of stasis subscription
change messages.
Also fixed cleanup in some of the unit tests that not only left
test users in the users list but also caused segfaults if the tests
were run more than once.
ASTERISK-27121
Change-Id: I5cceb737246949f9782955c64425b8bd25a9e9ee
Change disables loading of res_hep.so in default installation. Loading
res_hep has a performance impact whether it's used or not. This disables
loading of it in sample config files.
Change-Id: I5ec150cf941634fabc72973e5bf1a965cb0ef9d0
(cherry picked from commit c8bacd45f1)
It is valid for a config file to be empty or contain only comments, but
not valid for a config value to be set when no uncommented context
exists. This caused an error to be loged numerous times during start
when loading the default pjsip.conf.
Change-Id: Icf3b0d69b4ecb6e935eecd43c99ed8b32a5a1cf6
A new option 'suppress_q850_reason_headers' has been added to the
endpoint object. Some devices can't accept multiple Reason headers and
get confused when both 'SIP' and 'Q.850' Reason headers are received.
This option allows the 'Q.850' Reason header to be suppressed.
The default value is 'no'.
ASTERISK-27949
Reported-by: Ross Beer
Change-Id: I54cf37a827d77de2079256bb3de7e90fa5e1deb1
The Websocket transport uses the built-in HTTP server. As a result
the TLS configuration is done in http.conf and not in pjsip.conf.
This change adds a warning if this is configured in pjsip.conf and
also clarifies in the sample configuration file.
Change-Id: I187d994d328c3ed274b6754fd4c2a4955bdc6dd9
pjproject by default currently will follow media forked during an INVITE
on outbound calls if the To tag is different on a subsequent response as
that on an earlier response. We handle this correctly. There have
been reported cases where the To tag is the same but we still need to
follow the media. The pjproject patch in this commit adds the
capability to sip_inv and also adds the capability to control it at
runtime. The original "different tag" behavior was always controllable
at runtime but we never did anything with it and left it to default to
TRUE.
So, along with the pjproject patch, this commit adds options to both the
system and endpoint objects to control the two behaviors, and a small
logic change to session_inv_on_media_update in res_pjsip_session to
control the behavior at the endpoint level.
The default behavior for "different tags" remains the same at TRUE and
the default for "same tag" is FALSE.
Change-Id: I64d071942b79adb2f0a4e13137389b19404fe3d6
ASTERISK-27936
Reported-by: Ross Beer
The OUTPUTDIR variable in ast_debug_tools.conf.sample is now set
to "/tmp" instead of "/some/directory".
Variables set on the command line or that are already in the
environment now take predecence over variables set in the config files.
ASTERISK-27846
Reported by: Ted G
Change-Id: Ie8baec52d531886bf5849ec1d59bb59dc87ad387
If the two formats on a channel are equal, we don't transcode and since
the generic plc needs slin to work, it doesn't get invoked.
* A new configuration option "genericplc_on_equal_codecs" was added
to the "plc" section of codecs.conf to allow generic packet loss
concealment even if no transcoding was originally needed.
Transcoding via SLIN is forced in this case.
ASTERISK-27743
Change-Id: I0577026a179dea34232e63123254b4e0508378f4
The pool cache gets in the way of finding use after free errors of memory
pool contents. Tools like valgrind and MALLOC_DEBUG don't know when a
pool is released because it gets put into the cache instead of being
freed.
* Added the "cache_pools" option to pjproject.conf. Disabling the option
helps track down pool content mismanagement when using valgrind or
MALLOC_DEBUG. The cache gets in the way of determining if the pool
contents are used after free and who freed it.
To disable the pool caching simply disable the cache_pools option in
pjproject.conf and restart Asterisk.
Sample pjproject.conf setting:
[startup]
cache_pools=no
* Made current users of the caching pool factory initialization and
destruction calls call common routines to create and destroy cached pools.
ASTERISK-27704
Change-Id: I64d5befbaeed2532f93aa027a51eb52347d2b828
When a line is the maximum length "\n" is found at sizeof(buf) - 2 since
the last character is actually the null terminator. In addition if a
line was exactly 8190 plus a multiple of 8192 characters long the config
parser would skip the following line.
Additionally fix comment in voicemail.conf sample config. It previously
stated that emailbody can only contain up to 512 characters which is
always wrong. The buffer is normally 8192 characters unless LOW_MEMORY
is enabled then it is 512 characters. The updated comment states that
the line can be up to 8190 or 510 characters since the line feed and
NULL terminator each use a character.
ASTERISK-26688 #close
Change-Id: I80864a0d40d2e2d8cd79d72af52a8f0a3a99c015
The dsp_talking_threshold does not represent time in milliseconds. It
represents the average magnitude per sample in the audio packets. This is
what the DSP uses to determine if a packet is silence or talking/noise.
Change-Id: If6f939c100eb92a5ac6c21236559018eeaf58443
This patch adds the ability to configure a prompt which will be read
to the "winner" who pressed 1 (or the configured value) and received
the call.
ASTERISK-24372 #close
Change-Id: I6ec1c6c883347f7d1e1f597189544993c8d65272
The type=identify endpoint identification method can match by IP address
and by SIP header. However, the SIP header matching has limited
usefulness because you cannot specify the SIP header matching priority
relative to the IP address matching. All the matching happens at the same
priority and the order of evaluating the identify sections is
indeterminate. e.g., If you had two type=identify sections where one
matches by IP address for endpoint alice and the other matches by SIP
header for endpoint bob then you couldn't predict which endpoint is
matched when a request comes in that matches both.
* Extract the SIP header matching criteria into its own "header" endpoint
identification method so the user can specify the relative priority of the
SIP header and the IP address matching criteria in the global
endpoint_identifier_order option. The "ip" endpoint identification method
now only matches by IP address.
ASTERISK-27491
Change-Id: I9df142a575b7e1e3471b7cda5d3ea156cef08095
The mute/unmute sounds are only played when the
action is initiated using the DTMF menu.
ASTERISK-24756
Change-Id: I55b3dd5bc166096bf5e2f547ddd0ce355f36e3dc
We should not do flood detection on video RTP streams. Video RTP streams
are very bursty by nature. They send out a burst of packets to update the
video frame then wait for the next video frame update. Really only audio
streams can be checked for flooding. The others are either bursty or
don't have a set rate.
* Added code to selectively disable packet flood detection for video RTP
streams.
ASTERISK-27440
Change-Id: I78031491a6e75c2d4b1e9c2462dc498fe9880a70
This no longer appears to exist, so no sense in causing confusion.
ASTERISK-27175 #close
Reported by: Tzafrir Cohen
Change-Id: Idde967924c69f6a741dc9a5ab7dacb44d22cf100
With Asterisk 12 (commit 866d968), the default of "icesupport" changed to
- "yes" in the module "res_rtp_asterisk" and
- "no" in the module "chan_sip".
The latter was reflected in the sample configuration file for "sip.conf". The
former did not make it into "rtp.conf.sample".
ASTERISK-20643
Change-Id: I2a2e0a900455d0767a99ea576e30adc6d7608a36
The OUTPUTDIR environment variable can now be set either in the
environment itself or in ast_debug_tools.conf. If set, it's used
for all work products instead of /tmp.
Also added the --tarball-config option that includes the contents
of /etc/asterisk when either --tarball-coredumps or --tarball-results
are used.
Change-Id: I66b2553319df61caea5b313d084f51978f730b4c
The media frame cache gets in the way of finding use after free errors of
media frames. Tools like valgrind and MALLOC_DEBUG don't know when a
frame is released because it gets put into the cache instead of being
freed.
* Added the "cache_media_frames" option to asterisk.conf. Disabling the
option helps track down media frame mismanagement when using valgrind or
MALLOC_DEBUG. The cache gets in the way of determining if the frame is
used after free and who freed it. NOTE: This option has no effect when
Asterisk is compiled with the LOW_MEMORY compile time option enabled
because the cache code does not exist.
To disable the media frame cache simply disable the cache_media_frames
option in asterisk.conf and restart Asterisk.
Sample asterisk.conf setting:
[options]
cache_media_frames=no
ASTERISK-27413
Change-Id: I0ab2ce0f4547cccf2eb214901835c2d951b78c00
When the identify_by option on an endpoint is set to ip it will
only be identified using the res_pjsip_endpoint_identifier_ip module.
This ensures that it is not mistakenly matched using the username of
the From header. To ensure behavior has not changed the default has
been changed to "username,ip" for the identify_by option.
ASTERISK-27206
Change-Id: I2170b86a7f7e221b4f00bf14aa1ef1ac5b050bbd
When "rewrite_contact" is enabled, the "max_contacts" count option can
block re-registrations because the source port from the endpoint can be
random. When the re-registration is blocked, the endpoint may give up
re-registering and require manual intervention.
* The "remove_existing" option now allows a registration to succeed by
displacing any existing contacts that now exceed the "max_contacts" count.
Any removed contacts are the next to expire. The behaviour change is
beneficial when "rewrite_contact" is enabled and "max_contacts" is greater
than one. The removed contact is likely the old contact created by
"rewrite_contact" that the device is refreshing.
ASTERISK-27192
Change-Id: I64c107a10b70db1697d17136051ae6bf22b5314b
Incoming requests with non sip(s) URIs in the Request, To, From
or Contact URIs are now rejected with
PJSIP_SC_UNSUPPORTED_URI_SCHEME (416). This is performed in
pjsip_message_filter (formerly pjsip_message_ip_updater) and is
done at pjproject's "TRANSPORT" layer before a request can even
reach the distributor.
URIs read by res_pjsip_outbound_publish from pjsip.conf are now
also checked for both length and sip(s) scheme. Those URIs read
by outbound registration and aor were already being checked for
scheme but their error messages needed to be updated to include
scheme failure as well as length failure.
Change-Id: Ibb2f9f1d2dc7549da562af4cbd9156c44ffdd460
A new endpoint parameter "incoming_mwi_mailbox" allows Asterisk to
receive unsolicited MWI NOTIFY requests and make them available to
other modules via the stasis message bus.
res_pjsip_pubsub has a new handler "pubsub_on_rx_mwi_notify_request"
that parses a simple-message-summary body and, if
endpoint->incoming_mwi_account is set, calls ast_publish_mwi_state
with the voice-message counts from the message.
Change-Id: I08bae3d16e77af48fcccc2c936acce8fc0ef0f3c
An admin can configure app_minivm with an externnotify program to be run
when a voicemail is received. The app_minivm application MinivmNotify
uses ast_safe_system() for this purpose which is vulnerable to command
injection since the Caller-ID name and number values given to externnotify
can come from an external untrusted source.
* Add ast_safe_execvp() function. This gives modules the ability to run
external commands with greater safety compared to ast_safe_system().
Specifically when some parameters are filled by untrusted sources the new
function does not allow malicious input to break argument encoding. This
may be of particular concern where CALLERID(name) or CALLERID(num) may be
used as a parameter to a script run by ast_safe_system() which could
potentially allow arbitrary command execution.
* Changed app_minivm.c:run_externnotify() to use the new ast_safe_execvp()
instead of ast_safe_system() to avoid command injection.
* Document code injection potential from untrusted data sources for other
shell commands that are under user control.
ASTERISK-27103
Change-Id: I7552472247a84cde24e1358aaf64af160107aef1
Add ability to use tokens instead of passwords according to Google OAuth 2.0
protocol.
ASTERISK-27169
Reported by: Andrey Egorov
Tested by: Andrey Egorov
Change-Id: I07f7052a502457ab55010a4d3686653b60f4c8db
This adds support for parsing timelen values from config files. This
includes support for all flags which apply to PARSE_INT32. Support for
this parser is added to ACO via the OPT_TIMELEN_T option type.
Fixes an issue where extra characters provided to ast_app_parse_timelen
were ignored, they now cause an error.
Testing is included.
ASTERISK-27117 #close
Change-Id: I6b333feca7e3f83b4ef5bf2636fc0fd613742554
By default, when res_musiconhold reloads or unloads, it sends a HUP
signal to custom applications (and all descendants), waits 100ms,
then sends a TERM signal, waits 100ms, then finally sends a KILL
signal. An application which is interacting with an external
device and/or spawns children of its own may not be able to exit
cleanly in the default times, expecially if sent a KILL signal, or
if it's children are getting signals directly from
res_musiconhoild.
* To allow extra time, the 'kill_escalation_delay'
class option can be used to set the number of milliseconds
res_musiconhold waits before escalating kill signals, with the
default being the current 100ms.
* To control to whom the signals are sent, the "kill_method" class
option can be set to "process_group" (the default, existing
behavior), which sends signals to the application and its
descendants directly, or "process" which sends signals only to the
application itself.
Change-Id: Iff70a1a9405685a9021a68416830c0db5158603b
When connected_line_method is "invite", we're supposed to determine
if the client can support UPDATE and if it can, send UPDATE instead
of INVITE to avoid the SDP renegotiation. Not only was pjproject
not setting the PJSIP_INV_SUPPORT_UPDATE flag, we were testing
that invite_tsx wasn't NULL which isn't always the case.
* Updated chan_pjsip/update_connected_line_information to drop the
requirement that invite_tsx isn't NULL.
* Submitted patch to pjproject sip_inv.c that sets the
PJSIP_INV_SUPPORT_UPDATE flag correctly.
* Updated pjsip.conf.sample to clarify what happens when "invite"
is specified.
ASTERISK-27095
Change-Id: Ic2381b3567b8052c616d96fbe79564c530e81560
A new global option "imap_poll_logout" was added to specify whether need to
disconnect from the IMAP server after polling of mailboxes.
ASTERISK-27068 #close
Closing IMAP connection after loading mailbox from voicemail.conf
ASTERISK-24052 #close
Change-Id: Ib7558ba04516240a32b65f42e9be64372a0ae12a
This option was added to control whether to notify dialog-info state
'early' or 'confirmed' on Ringing when already INUSE.
The value "yes" is useful for some SIP phones (Cisco SPA)
to be able to indicate and pick up ringing devices.
ASTERISK-26919 #close
Change-Id: Ie050bc30023543c7dfb4365c5be3ce58c738c711
