There are rare cases in which a frame's delivery timestamp is slightly less than the iax2_pvt's offset. This causes the pvt's timestamp to be a small negative number, but since the timestamp value is unsigned it looks like a huge positive number. This patch checks for this negative case and sets the ms to zero. A similar check is already done right below this one in the 'else' statement.
(closes issue #15032)
Reported by: guillecabeza
Patches:
chan_iax2.c.patch_timestamp uploaded by guillecabeza (license 380)
Tested by: guillecabeza
(closes issue #14216)
Reported by: Andrey Sofronov
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@195991 65c4cc65-6c06-0410-ace0-fbb531ad65f3
IAX was not sending REGREJ to terminate invalid registrations. Instead it sent another REGAUTH if the authentication challenge failed. This caused a loop of REGREQ and REGAUTH frames.
(Related to Security fix AST-2009-001)
(closes issue #14867)
Reported by: aragon
Tested by: dvossel
(closes issue #14717)
Reported by: mobeck
Patches:
regauth_loop_update_patch.diff uploaded by dvossel (license 671)
Tested by: dvossel
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@194873 65c4cc65-6c06-0410-ace0-fbb531ad65f3
There is a bug tracker issue where people are reporting "Ghost" channels in their 'iax2 show channels' output. The confusion is caused by channels being listed as "(NONE)" with format "unknown". These are not channels of coarse. They are usually just pending registration or poke requests, but it is confusing output. To help make sense of this I have added two columns to 'iax2 show channels'. One shows the first message which started the transaction, and the second shows the last message sent by either side of the call. This helps diagnose why the entry exists and why it may not go away.
(closes issue #14207)
Reported by: clive18
Review: https://reviewboard.asterisk.org/r/246/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@194557 65c4cc65-6c06-0410-ace0-fbb531ad65f3
mohinterpret and mohsuggest global variables were not copied over during build_users and build_peers.
(closes issue #14728)
Reported by: dimas
Patches:
v1-14728.patch uploaded by dimas (license 88)
Tested by: dimas, dvossel
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@192213 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The 16-32 byte random padding at the beginning of an encrypted IAX2 frame turns out to not be all that random at all. This patch calls ast_random to fill the padding buffer with random data. The padding is randomized at the beginning of every encrypted call and for every encrypted retransmit frame.
Review: http://reviewboard.digium.com/r/193/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@182281 65c4cc65-6c06-0410-ace0-fbb531ad65f3
If an iax channel is encrypted, and a retransmit frame is sent, that packet's iseqno is updated while it is encrypted. This causes the entire frame to be corrupted. When the corrupted frame is sent, the other side decrypts it and sends a VNAK back because the decrypted frame doesn't make any sense. When we get the VNAK, we look through the sent queue and send the same corrupted frame causing a loop. To fix this, encrypted frames requiring retransmission are decrypted, updated, then re-encrypted. Since key-rotation may change the key held by the pvt struct, the keys used for encryption/decryption are held within the iax_frame to guarantee they remain correct.
(closes issue #14607)
Reported by: stevenla
Tested by: dvossel
Review: http://reviewboard.digium.com/r/192/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@181340 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The main problem here was that cstdlib was undefining free thereby causing the
proper debug macros to not be used. ast_h323.cxx has been changed to call
ast_free instead to avoid the issue. Because using the ast prefix calls are
a better choice, ast_free_ptr is the new wrapper for free to pass to functions.
Also, a little bit of clean up was done to avoid the debug macros intentionally
being redefined.
(closes issue #13593)
Reported by: pj
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@181133 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Now prune_users() and prune_peers() are called instead of reload_config() to prune all users/peers that are realtime. These functions remove all users/peers with the rtfriend and delme flags set. iax2_prune_realtime() also lacked the code to properly delete a single friend. For example. if iax2 prune realtime <friend> was called, only the peer instance would be removed. The user would still remain.
(closes issue #14479)
Reported by: mousepad99
Review: http://reviewboard.digium.com/r/176/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@178838 65c4cc65-6c06-0410-ace0-fbb531ad65f3
During iax2 call negotiation, supported codecs are passed in an Information Element containing a 2 byte field where each bit correlates to a specific codec. In 1.4 only audio codec bits 0-12 are defined, leaving bits 13-15 undefined. By default all bits are enabled unless specified otherwise. Since its a 2 byte field and 13-15 are not defined, these bits are never turned off. In trunk, bits 13-15 are defined, which means 1.4 is advertising support for codecs it does not have when talking to trunk. I fixed this by adding #define for undefined audio codec bits. These bits are then removed from iax2's full bandwidth capabilities.
(closes issue #14283)
Reported by: jcovert
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@177696 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This should have been committed with rev176247, but I missed it. srcupdate frames no longer break out of the native bridge, but are not being sent to the other call leg either. This fixs that.
issue #13749
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@176354 65c4cc65-6c06-0410-ace0-fbb531ad65f3
In iax2, when a AST_CONTROL_SRCUPDATE is received it breaks from the native bridge, but since there is no code path to handle srcupdate it just goes to be beginning of the loop. This was causing packet storms of srcupdate frames between servers. Now srcupdate frames do not break the native bridge for processing.
(closes issue #13749)
Reported by: adiemus
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@176247 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Fixes issue with IAX2 transfers not taking place. As it was, a call that was being transfered would never be handed off correctly to the call ends because of how call numbers were stored in a hash table. The hash table, "iax_peercallno_pvt", storing all the current call numbers did not take into account the complications associated with transferring a call, so a separate hash table was required. This second hash table "iax_transfercallno_pvt" handles calls being transfered, once the call transfer is complete the call is removed from the transfer hash table and added to the peer hash table resuming normal operations. Addition functions were created to handle storing, removing, and comparing items in the iax_transfercallno_pvt table.
(issue #13468)
Review: http://reviewboard.digium.com/r/140/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@173248 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The important changes here are related to the synchronization between threads
adding items into the scheduler and the scheduler handling thread. By adjusting
the lock and condition handling, we ensure that the scheduler thread sleeps no
longer and no less than it is supposed to. We also ensure that it does not
wake up more often than it has to.
There is no bug report associated with this. It is just something that I found
while putting scheduler thread handling into a reusable form (review 129).
Review: http://reviewboard.digium.com/r/131/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@171452 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Reported by: tzafrir
Replace a bunch of if defined checks for Zaptel/DAHDI through several new defines in dahdi_compat.h. This removes a lot of code duplication. Example from bug:
#ifdef HAVE_ZAPTEL
fd = open("/dev/zap/pseudo", O_RDWR);
#else
fd = open("/dev/dahdi/pseudo", O_RDWR);
#endif
is replaced with:
fd = open(DAHDI_FILE_PSEUDO, O_RDRW);
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@165991 65c4cc65-6c06-0410-ace0-fbb531ad65f3
was initiated but not yet completed. If the bridge is immediately retried,
then we may send a storm of TXREQ packets, even though the first set is sent
reliably (retransmitted). Fixes AST-137.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@160570 65c4cc65-6c06-0410-ace0-fbb531ad65f3
both have the potential to send control frames in the middle of call setup. We
have to wait until we have received a message back from the remote end before
we try to send any more frames. Otherwise, the remote end will consider it
invalid, and we'll get stuck in an INVAL/VNAK storm.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@160003 65c4cc65-6c06-0410-ace0-fbb531ad65f3
since this branch already had some printf format attributes, enable checking for them and tag functions that didn't have them
format attributes in a consistent way
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@159808 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Reported by: yraber
Patches:
12694.2nd.diff uploaded by murf (license 17)
Tested by: murf, laurav
Thanks to file (Joshua Colp) for his IAX fix.
the change to cdr.c allows no-answer to percolate
up into CDR's, and feels like the right place to
locate this fix; if BUSY is done here, no-answer
should be, too.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@159316 65c4cc65-6c06-0410-ace0-fbb531ad65f3
to be sent, and instead, schedule a task to destroy the iax2 pvt structure
10 seconds later. This allows the IAX2 HANGUP packet to be queued,
transmitted, and ACKed before the pvt is destroyed.
(closes issue #13645)
Reported by: dzajro
Patches:
20081111__bug13645__3.diff.txt uploaded by Corydon76 (license 14)
Tested by: vazir
Reviewed: http://reviewboard.digium.com/r/51/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@156229 65c4cc65-6c06-0410-ace0-fbb531ad65f3
of code to change, unless the structure is locked to ensure a consistent
state.
(closes issue #13717)
Reported by: kowalma
Patches:
20081102__bug13717.diff.txt uploaded by Corydon76 (license 14)
Tested by: kowalma
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@154365 65c4cc65-6c06-0410-ace0-fbb531ad65f3
workspace. To signal an error (and no change to the workspace), -1 should be
returned instead.
(closes issue #13340)
Reported by: kryptolus
Patches:
20080827__bug13340__2.diff.txt uploaded by Corydon76 (license 14)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@146799 65c4cc65-6c06-0410-ace0-fbb531ad65f3
something a bit strange. In all cases where we provide
a callback function to ao2_container_alloc, the callback
function would only return 0 or CMP_MATCH. After inspecting
the ao2_callback() code carefully, I found that if you're
only looking for one specific item, then you should return
CMP_MATCH | CMP_STOP. Otherwise, astobj2 will continue
traversing the current bucket until the end searching for
more matches.
In cases like chan_iax2 where in 1.4, all the peers are
shoved into a single bucket, this makes for potentially
terrible performance since the entire bucket will be
traversed even if the peer is one of the first ones come
across in the bucket.
All the changes I have made were for cases where the
callback function defined was passed to ao2_container_alloc
so that calls to ao2_find could find a unique instance
of whatever object was being stored in the container.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@140488 65c4cc65-6c06-0410-ace0-fbb531ad65f3
used here to allow newly scheduled tasks to wake up the scheduler just in case
the new task needs to run sooner than the current wakeup time when the thread
is sleeping. However, there was a race condition such that a newly scheduled
task would not properly wake up the scheduler or affect the wake up period.
The order of execution would have been:
1) Scheduler thread determines wake up time of N ms.
2) Another thread schedules a task and signals the condition, with an
execution time of < N ms.
3) Scheduler thread locks and goes to sleep for N ms.
By moving the sleep time determination to inside the critical section, this
possibility is avoided.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@140051 65c4cc65-6c06-0410-ace0-fbb531ad65f3
was perverted. This change reverts IAX2 to the original meaning, which was,
that the callerid set on the client should be overridden on the server, even if
that means the resulting callerid is blank. In other words, if you set
"callerid=" in the IAX config, then the callerid should be overridden to blank,
even if set on the client. Note that there's a distinction, even on realtime,
between the field not existing (NULL in databases) and the field existing, but
set to blank (override callerid to blank).
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@135747 65c4cc65-6c06-0410-ace0-fbb531ad65f3
registration). Related to revisions 132466 in trunk, and 132467 in 1.6.0. Earlier I had accidently tested 1.4 with a backport from those revisions,
so I didn't see this problem (oops).
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@132506 65c4cc65-6c06-0410-ace0-fbb531ad65f3
just when a remote callerid is set. Also, if not set in the user, allow the
remote CallerID to pass through.
(closes issue #12875)
Reported by: dimas
Patches:
20080714__bug12875.diff.txt uploaded by Corydon76 (license 14)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@130889 65c4cc65-6c06-0410-ace0-fbb531ad65f3
the destination call number matching to be more strict and reliable.
(closes issue #12963)
Reported by: jpgrayson
Patches:
chan_iax2_dup_new_fix3.patch uploaded by jpgrayson (license 492)
Tested by: jpgrayson, Corydon76
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@129803 65c4cc65-6c06-0410-ace0-fbb531ad65f3
