A pure blacklist is not good enough, we need a whitelist mechanism as
well, and the simplest way to do that is to re-use existing ACL
infrastructure.
This makes it simpler to blacklist say an entire block (/24) except a
smaller block (eg, a /29 or even a /32). Normally you'd need to
recursively split the block, so if you want to blacklist a /24 except
for a /29 you'd end up with a blacklit for a /25, /26, /27 and /28. I
feel that having an ACL instead of a blacklist only is clearer.
Change-Id: Id57a8df51fcfd3bd85ea67c489c85c6c3ecd7b30
Signed-off-by: Jaco Kroon <jaco@uls.co.za>
It said "restrict [...] which peers should be able to pass [audio]
to each other".
However, these settings are not global (for which you would expect
signaling IPs to be checked). These settings are available per peer
only, and the IPs being checked, are the RTP IPs.
Change-Id: I2a6c6cd7c2f5f30d1df4844e3e0308a077021660
In order to reduce the amount of AMI and ARI events generated,
the global "Message/ast_msg_queue" channel can be set to suppress
it's normal channel housekeeping events such as "Newexten",
"VarSet", etc. This can greatly reduce load on the manager
and ARI applications when the Digium Phone Module for Asterisk
is in use. To enable, set "hide_messaging_ami_events" in
asterisk.conf to "yes" In Asterisk versions <18, the default
is "no" preserving existing behavior. Beginning with
Asterisk 18, the option will default to "yes".
NOTE: This change does not affect UserEvents or the ARI
TextMessageReceived events.
* Added the "hide_messaging_ami_events" option to asterisk.conf.
* Changed message.c to set the AST_CHAN_TP_INTERNAL property on
the "Message/ast_msg_queue" channel if the option is set in
asterisk.conf. This suppresses the reporting of the events.
Change-Id: Ia2e3516d43f4e0df994fc6598565d6bba2d7018b
Add a new configuration option 'enable_status' which allows the
/httpstatus URI handler to be administratively disabled.
We also no longer unconditionally register the /static and /httpstatus
URI handlers, but instead do it based upon configuration.
Behavior change: If enable_static was turned off, the URI handler was
still installed but returned a 403 when it was accessed. Because we
now register/unregister the URI handlers as appropriate, if the
/static URI is disabled we will return a 404 instead.
Additionally:
* Change 'enablestatic' to 'enable_static' but keep the former for
backwards compatibility.
* Improve some internal variable names
ASTERISK-28710 #close
Change-Id: I647510f796473793b1d3ce1beb32659813be69e1
Adds source port matching support when IP matching is used:
[example]
type = identify
match = 1.2.3.4:5060/32, 1.2.3.4:6000/32, asterisk.org:4444
If the IP matches but the source port does not, we reject and search for
alternatives. SRV lookups are still performed if enabled (srv_lookups = yes),
unless the configured FQDN includes a port number in which case just a host
lookup is performed.
ASTERISK-28639 #close
Reported by: Mitch Claborn
Change-Id: I256d5bd5d478b95f526e2f80ace31b690eebba92
ConfBridge has the ability to move between different sample
rates for mixing the conference bridge. Up until now there has
only been the ability to set the conference bridge to mix at
a specific sample rate, or to let it move between sample rates
as necessary. This change adds the ability to configure a
conference bridge with a maximum sample rate so it can move
between sample rates but only up to the configured maximum.
ASTERISK-28658
Change-Id: Idff80896ccfb8a58a816e4ce9ac4ebde785963ee
Allow the list of files to be played to be provided explicitly in the
music class's configuration. The primary driver for this change is to
allow URLs to be used for MoH.
Change-Id: I9f43b80b43880980b18b2bee26ec09429d0b92fa
This change adds support for larger TLS certificates by allowing
OpenSSL to fragment the DTLS packets according to the configured
MTU. By default this is set to 1200.
This is accomplished by implementing our own BIO method that
supports MTU querying. The configured MTU is returned to OpenSSL
which fragments the packet accordingly. When a packet is to be
sent it is done directly out the RTP instance.
ASTERISK-28018
Change-Id: If2d5032019a28ffd48f43e9e93ed71dbdbf39c06
You can now add the "include_local_address" flag to an entry in
rtp.conf "[ice_host_candidates]" to include both the advertized
address and the local address in ICE negotiation:
[ice_host_candidates]
192.168.1.1 = 1.2.3.4,include_local_address
This causes both 192.168.1.1 and 1.2.3.4 to be advertized.
Change-Id: Ide492cd45ce84546175ca7d557de80d9770513db
When producing a combined REMB value the normal behavior
is to have a REMB value which is unique for each sender
based on all of their receivers. This can result in one
sender having low bitrate while all the rest are high.
This change adds "all" variants which produces a bridge
level REMB value instead. All REMB reports are combined
together into a single REMB value that is the same for
each sender.
ASTERISK-28401
Change-Id: I883e6cc26003b497c8180b346111c79a131ba88c
Added a new PJSIP global setting called norefersub.
Default is true to keep support working as before.
res_pjsip_refer: Configures PJSIP norefersub capability accordingly.
Checks the PJSIP global setting value.
If it is true (default) it adds the norefersub capability to PJSIP.
If it is false (disabled) it does not add the norefersub capability
to PJSIP.
This is useful for Cisco switches that do not follow RFC4488.
ASTERISK-28375 #close
Reported-by: Dan Cropp
Change-Id: I0b1c28ebc905d881f4a16e752715487a688b30e9
chan_sip will always ignore 183 responses that do not contain SDP
however, chan_pjsip will currently always translate it into a
183 with SDP. This new flag allows chan_pjsip to have the same
behavior as chan_sip.
ASTERISK-28322 #close
Change-Id: If81cfaa17c11b6ac703e3d71696f259d86c6be4a
To prevent one subsystem's taskprocessors from causing others
to stall, new capabilities have been added to taskprocessors.
* Any taskprocessor name that has a '/' will have the part
before the '/' saved as its "subsystem".
Examples:
"sorcery/acl-0000006a" and "sorcery/aor-00000019"
will be grouped to subsystem "sorcery".
"pjsip/distributor-00000025" and "pjsip/distributor-00000026"
will bn grouped to subsystem "pjsip".
Taskprocessors with no '/' have an empty subsystem.
* When a taskprocessor enters high-water alert status and it
has a non-empty subsystem, the subsystem alert count will
be incremented.
* When a taskprocessor leaves high-water alert status and it
has a non-empty subsystem, the subsystem alert count will be
decremented.
* A new api ast_taskprocessor_get_subsystem_alert() has been
added that returns the number of taskprocessors in alert for
the subsystem.
* A new CLI command "core show taskprocessor alerted subsystems"
has been added.
* A new unit test was addded.
REMINDER: The taskprocessor code itself doesn't take any action
based on high-water alerts or overloading. It's up to taskprocessor
users to check and take action themselves. Currently only the pjsip
distributor does this.
* A new pjsip/global option "taskprocessor_overload_trigger"
has been added that allows the user to select the trigger
mechanism the distributor uses to pause accepting new requests.
"none": Don't pause on any overload condition.
"global": Pause on ANY taskprocessor overload (the default and
current behavior)
"pjsip_only": Pause only on pjsip taskprocessor overloads.
* The core pjsip pool was renamed from "SIP" to "pjsip" so it can
be properly grouped into the "pjsip" subsystem.
* stasis taskprocessor names were changed to "stasis" as the
subsystem.
* Sorcery core taskprocessor names were changed to "sorcery" to
match the object taskprocessors.
Change-Id: I8c19068bb2fc26610a9f0b8624bdf577a04fcd56
When Asterisk is connected and used with a database the response
time of the database can cause problems in Asterisk if it is long.
Normally the only way to see this problem would be to retrieve a
backtrace from Asterisk and examine where things are blocked, or
examine the database to see if there is any indication of a
problem.
This change adds some basic query logging to make it easier to
investigate such a problem. When logging is enabled res_odbc will
now keep track of the number of queries executed, as well as the
query that has taken the longest time to execute. There is also
an option which will cause a WARNING message to be output if a
query takes longer than a configurable amount of time to execute.
This makes it easier and clearer for users that their database may
be experiencing a problem that could impact Asterisk.
ASTERISK-28277
Change-Id: I173cf4928b10754478a6a8c27dfa96ede0f058a6
The option value "sdp" for some of the settings was removed a while back,
however the sample conf was not updated.
This patch removes any wording with regards to the old "sdp" option value,
and adjusts the defaults to what they are now.
ASTERISK-28263
Change-Id: I41bfa44e9f69446bcc5c8fd92e3675c676fdc445
You can now define an "aliases" context in voicemail.conf
whose entries point to actual mailboxes. These can be used anywhere
the mailbox is specified.
Example:
[general]
aliasescontext = myaliases
[default]
1234 = yadayada
[myaliases]
4321@devices = 1234@default
Now you can use 4321@devices to refer to the 1234@default mailbox.
This can be useful to provide channel drivers with constant
mailbox specifications such as <extension>@devices leaving
app_voicemail to control exactly which mailbox the alias points to.
Now, only voicemail has to be reloaded to make changes instead of
individual channel drivers which are usually more expensive to
reload.
Change-Id: I395b9205c91523a334fe971be0d1de4522067b04
The commit I2f97ebfa79969a36a97bb7b9afd5b6268cf1a07d removed sending out
the ContactStatus AMI event when a contact is updated.
Thist change broke things which rely on old behavior.
This patch adds a new PJSIP global configuration option
'send_contact_status_on_update_registration' to be able to preserve old
ContactStatus behavior.
By default new behavior, i.e. the ContactStatus event will not be sent when a
device refreshes its registration.
Change-Id: I706adf7584e7077eb6bde6d9799ca408bc82ce46
This reverts commit 29115e2384.
That commit closed a long standing hole which allowed subscriptions
to mailboxes that weren't configured in voicemail.conf. This
caused an issue with FreePBX which depdended on that behavior.
The commit is being reverted until FreePBX can handle the new
behavior.
ASTERISK-28151
Reported by: Ronald Raikes
Change-Id: I57b7b85e75d7dd97c742b5c69d718a0f61260c15
This patch adds new options 'trust_connected_line' and 'send_connected_line'
to the endpoint.
The option 'trust_connected_line' is to control if connected line updates
are accepted from this endpoint.
The option 'send_connected_line' is to control if connected line updates
can be sent to this endpoint.
The default value is 'yes' for both options.
Change-Id: I16af967815efd904597ec2f033337e4333d097cd
When networks experience disruptions, there can be large gaps of time
between receiving packets. When strictrtp is enabled, this created
issues where a flood of packets could come in and be seen as an attack.
Another option - seqno - has been added to the strictrtp option that
ignores the time interval and goes strictly by sequence number for
validity.
Change-Id: I8a42b8d193673899c8fc22fe7f98ea87df89be71
app_voicemail was using the stasis cache to build and maintain a
list of mailboxes that had subscribers. It then used this list
to determine if a mailbox should be polled for new messages if
polling was enabled. For this to work, stasis had to cache every
subscription and unsubscription to the mailbox which caused a lot of
overhead, both cpu and memory related.
Since polling is only required when changes are being made to
mailboxes outside of app_voicemail and since the number of mailboxes
that don't have any subscribers is likely to be very low, all
mailboxes are now polled instead of just the ones with subscribers.
This paves the way for disabling the caching of stasis subscription
change messages.
Also fixed cleanup in some of the unit tests that not only left
test users in the users list but also caused segfaults if the tests
were run more than once.
ASTERISK-27121
Change-Id: I5cceb737246949f9782955c64425b8bd25a9e9ee
Change disables loading of res_hep.so in default installation. Loading
res_hep has a performance impact whether it's used or not. This disables
loading of it in sample config files.
Change-Id: I5ec150cf941634fabc72973e5bf1a965cb0ef9d0
(cherry picked from commit c8bacd45f1)
It is valid for a config file to be empty or contain only comments, but
not valid for a config value to be set when no uncommented context
exists. This caused an error to be loged numerous times during start
when loading the default pjsip.conf.
Change-Id: Icf3b0d69b4ecb6e935eecd43c99ed8b32a5a1cf6
A new option 'suppress_q850_reason_headers' has been added to the
endpoint object. Some devices can't accept multiple Reason headers and
get confused when both 'SIP' and 'Q.850' Reason headers are received.
This option allows the 'Q.850' Reason header to be suppressed.
The default value is 'no'.
ASTERISK-27949
Reported-by: Ross Beer
Change-Id: I54cf37a827d77de2079256bb3de7e90fa5e1deb1
The Websocket transport uses the built-in HTTP server. As a result
the TLS configuration is done in http.conf and not in pjsip.conf.
This change adds a warning if this is configured in pjsip.conf and
also clarifies in the sample configuration file.
Change-Id: I187d994d328c3ed274b6754fd4c2a4955bdc6dd9
pjproject by default currently will follow media forked during an INVITE
on outbound calls if the To tag is different on a subsequent response as
that on an earlier response. We handle this correctly. There have
been reported cases where the To tag is the same but we still need to
follow the media. The pjproject patch in this commit adds the
capability to sip_inv and also adds the capability to control it at
runtime. The original "different tag" behavior was always controllable
at runtime but we never did anything with it and left it to default to
TRUE.
So, along with the pjproject patch, this commit adds options to both the
system and endpoint objects to control the two behaviors, and a small
logic change to session_inv_on_media_update in res_pjsip_session to
control the behavior at the endpoint level.
The default behavior for "different tags" remains the same at TRUE and
the default for "same tag" is FALSE.
Change-Id: I64d071942b79adb2f0a4e13137389b19404fe3d6
ASTERISK-27936
Reported-by: Ross Beer
ConfBridge can now send events to participants via in-dialog MESSAGEs.
All current Confbridge events are supported, such as ConfbridgeJoin,
ConfbridgeLeave, etc. In addition to those events, a new event
ConfbridgeWelcome has been added that will send a list of all
current participants to a new participant.
For all but the ConfbridgeWelcome event, the JSON message contains
information about the bridge, such as its id and name, and information
about the channel that triggered the event such as channel name,
callerid info, mute status, and the MSID labels for their audio and
video tracks. You can use the labels to correlate callerid and mute
status to specific video elements in a webrtc client.
To control this behavior, the following options have been added to
confbridge.conf:
bridge_profile/enable_events: This must be enabled on any bridge where
events are desired.
user_profile/send_events: This must be set for a user profile to send
events. Different user profiles connected to the same bridge can have
different settings. This allows admins to get events but not normal
users for instance.
user_profile/echo_events: In some cases, you might not want the user
triggering the event to get the event sent back to them. To prevent it,
set this to false.
A change was also made to res_pjsip_sdp_rtp to save the generated msid
to the stream so it can be re-used. This allows participant A's video
stream to appear as the same label to all other participants.
Change-Id: I26420aa9f101f0b2387dc9e2fd10733197f1318e
The OUTPUTDIR variable in ast_debug_tools.conf.sample is now set
to "/tmp" instead of "/some/directory".
Variables set on the command line or that are already in the
environment now take predecence over variables set in the config files.
ASTERISK-27846
Reported by: Ted G
Change-Id: Ie8baec52d531886bf5849ec1d59bb59dc87ad387
Analog phones dial overlap dialing and it is chan_dahdi's job to read the
numbers. It has three timeout constants that this commit converts to
channel-level configuration options:
* firstdigit_timeout: Default time (ms) to detect first digit
* interdigit_timeout: Default time (ms) to detect following digits
* matchdigit_timeout: Default time (ms) to wait in case of ambiguous
match. This happens when the dialed digits match a number in the current
context but are also the prefix of another number.
Change-Id: Ib728fa900a4f6ae56d1ed810aba61b6593fb7213
This change adds the ability for multiple REMB reports in
bridge_softmix to be combined according to a configured
behavior into a single report. This single report is sent
back to the sender of video, which adjusts the encoding bitrate
to be at or below the bitrate of the report. The available
behaviors are: lowest, highest, and average. Lowest uses the
lowest received bitrate. Highest uses the highest received
bitrate. Average goes through the received bitrates adding
them to the previous average and creates a new average.
Other behaviors can be added in the future and the existing
average one may be adjusted, but this provides the foundation
to do so.
Support for configuring which behavior to use has been
added to app_confbridge.
ASTERISK-27804
Change-Id: I9eafe4e7c1f72d67074a8d6acb26bfcf19322b66
This change adds a configuration option to app_confbridge which can be
used to set the interval at which we will send a combined REMB (remote
estimated maximum bitrate) frame to sources of video. The bridging API
has also been extended slightly to allow setting this so bridge_softmix
can use it.
ASTERISK-27786
Change-Id: I0e49eae60f369c86434414f3cb8278709c793c82
If the two formats on a channel are equal, we don't transcode and since
the generic plc needs slin to work, it doesn't get invoked.
* A new configuration option "genericplc_on_equal_codecs" was added
to the "plc" section of codecs.conf to allow generic packet loss
concealment even if no transcoding was originally needed.
Transcoding via SLIN is forced in this case.
ASTERISK-27743
Change-Id: I0577026a179dea34232e63123254b4e0508378f4
The pool cache gets in the way of finding use after free errors of memory
pool contents. Tools like valgrind and MALLOC_DEBUG don't know when a
pool is released because it gets put into the cache instead of being
freed.
* Added the "cache_pools" option to pjproject.conf. Disabling the option
helps track down pool content mismanagement when using valgrind or
MALLOC_DEBUG. The cache gets in the way of determining if the pool
contents are used after free and who freed it.
To disable the pool caching simply disable the cache_pools option in
pjproject.conf and restart Asterisk.
Sample pjproject.conf setting:
[startup]
cache_pools=no
* Made current users of the caching pool factory initialization and
destruction calls call common routines to create and destroy cached pools.
ASTERISK-27704
Change-Id: I64d5befbaeed2532f93aa027a51eb52347d2b828
When a line is the maximum length "\n" is found at sizeof(buf) - 2 since
the last character is actually the null terminator. In addition if a
line was exactly 8190 plus a multiple of 8192 characters long the config
parser would skip the following line.
Additionally fix comment in voicemail.conf sample config. It previously
stated that emailbody can only contain up to 512 characters which is
always wrong. The buffer is normally 8192 characters unless LOW_MEMORY
is enabled then it is 512 characters. The updated comment states that
the line can be up to 8190 or 510 characters since the line feed and
NULL terminator each use a character.
ASTERISK-26688 #close
Change-Id: I80864a0d40d2e2d8cd79d72af52a8f0a3a99c015
The dsp_talking_threshold does not represent time in milliseconds. It
represents the average magnitude per sample in the audio packets. This is
what the DSP uses to determine if a packet is silence or talking/noise.
Change-Id: If6f939c100eb92a5ac6c21236559018eeaf58443
The sample modules.conf explicitly loaded res_musiconhold.so. This is
redundent as autoload=yes is already set. It causes warnings if
res_musiconhold.so was not installed and results in an unexpected load
if the admin disables autoload without remembering to remove the
res_musiconhold load statement.
Also remove reference to unknown module pbx_gtkconsole.
Change-Id: Ib01888994d9f1364b14d3c9fb6ff96774a6e580a
This patch adds the ability to configure a prompt which will be read
to the "winner" who pressed 1 (or the configured value) and received
the call.
ASTERISK-24372 #close
Change-Id: I6ec1c6c883347f7d1e1f597189544993c8d65272
The type=identify endpoint identification method can match by IP address
and by SIP header. However, the SIP header matching has limited
usefulness because you cannot specify the SIP header matching priority
relative to the IP address matching. All the matching happens at the same
priority and the order of evaluating the identify sections is
indeterminate. e.g., If you had two type=identify sections where one
matches by IP address for endpoint alice and the other matches by SIP
header for endpoint bob then you couldn't predict which endpoint is
matched when a request comes in that matches both.
* Extract the SIP header matching criteria into its own "header" endpoint
identification method so the user can specify the relative priority of the
SIP header and the IP address matching criteria in the global
endpoint_identifier_order option. The "ip" endpoint identification method
now only matches by IP address.
ASTERISK-27491
Change-Id: I9df142a575b7e1e3471b7cda5d3ea156cef08095
