<p>Salah Ahmed has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.asterisk.org/c/asterisk/+/15385">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">res_rtp_asterisk: Check remote ICE reset and reset local ice attrb<br><br>This change will check is the remote ICE session got reset or not by<br>checking the offered ufrag and password with session. If the remote ICE<br>reset session then Asterisk reset its local ufrag and password to reject<br>binding request with Old ufrag and Password.<br><br>ASTERISK-29266<br><br>Change-Id: I9c55e79a7af98a8fbb497d336b828ba41bc34eeb<br>---<br>M include/asterisk/rtp_engine.h<br>M main/rtp_engine.c<br>M res/res_pjsip_sdp_rtp.c<br>M res/res_rtp_asterisk.c<br>4 files changed, 92 insertions(+), 0 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/85/15385/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/include/asterisk/rtp_engine.h b/include/asterisk/rtp_engine.h</span><br><span>index 0584f2c..384810f 100644</span><br><span>--- a/include/asterisk/rtp_engine.h</span><br><span>+++ b/include/asterisk/rtp_engine.h</span><br><span>@@ -507,6 +507,10 @@</span><br><span> const char *username, const char *password);</span><br><span> /*! Callback to alter the number of ICE components on a session */</span><br><span> void (*change_components)(struct ast_rtp_instance *instance, int num_components);</span><br><span style="color: hsl(120, 100%, 40%);">+ /*! Callback to check the remote ice restarted */</span><br><span style="color: hsl(120, 100%, 40%);">+ int (*check_remote_ice_restart)(struct ast_rtp_instance *instance, const char *remote_ufrag, const char *remote_pass);</span><br><span style="color: hsl(120, 100%, 40%);">+ /*! Callback to alter the local username password*/</span><br><span style="color: hsl(120, 100%, 40%);">+ void (*reset_ice_ufrag_password)(struct ast_rtp_instance *instance);</span><br><span> };</span><br><span> </span><br><span> /*! \brief DTLS setup types */</span><br><span>diff --git a/main/rtp_engine.c b/main/rtp_engine.c</span><br><span>index f88b877..5f87f64 100644</span><br><span>--- a/main/rtp_engine.c</span><br><span>+++ b/main/rtp_engine.c</span><br><span>@@ -2874,6 +2874,23 @@</span><br><span> ao2_unlock(instance);</span><br><span> }</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+static int rtp_ice_wrap_check_remote_ice_restart(struct ast_rtp_instance *instance,</span><br><span style="color: hsl(120, 100%, 40%);">+ const char *username, const char *password)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ int remote_ice_reset = 0;</span><br><span style="color: hsl(120, 100%, 40%);">+ ao2_lock(instance);</span><br><span style="color: hsl(120, 100%, 40%);">+ remote_ice_reset = instance->engine->ice->check_remote_ice_restart(instance, username, password;</span><br><span style="color: hsl(120, 100%, 40%);">+ ao2_unlock(instance);</span><br><span style="color: hsl(120, 100%, 40%);">+ return remote_ice_reset;</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+static void rtp_ice_wrap_reset_ice_ufrag_password(struct ast_rtp_instance *instance)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ ao2_lock(instance);</span><br><span style="color: hsl(120, 100%, 40%);">+ instance->engine->ice->reset_ice_ufrag_password(instance);</span><br><span style="color: hsl(120, 100%, 40%);">+ ao2_unlock(instance);</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> static struct ast_rtp_engine_ice rtp_ice_wrappers = {</span><br><span> .set_authentication = rtp_ice_wrap_set_authentication,</span><br><span> .add_remote_candidate = rtp_ice_wrap_add_remote_candidate,</span><br><span>diff --git a/res/res_pjsip_sdp_rtp.c b/res/res_pjsip_sdp_rtp.c</span><br><span>index 052f904..7896f6b 100644</span><br><span>--- a/res/res_pjsip_sdp_rtp.c</span><br><span>+++ b/res/res_pjsip_sdp_rtp.c</span><br><span>@@ -67,6 +67,8 @@</span><br><span> static const char STR_AUDIO[] = "audio";</span><br><span> static const char STR_VIDEO[] = "video";</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+static void check_remote_ice_reset(struct ast_sip_session *session, struct ast_sip_session_media *session_media, const struct pjmedia_sdp_session *remote, const struct pjmedia_sdp_media *remote_stream);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> static int send_keepalive(const void *data)</span><br><span> {</span><br><span> struct ast_sip_session_media *session_media = (struct ast_sip_session_media *) data;</span><br><span>@@ -1438,6 +1440,11 @@</span><br><span> /* If ICE support is enabled find all the needed attributes */</span><br><span> check_ice_support(session, session_media, stream);</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+ /* If ICE support is enabled then check remote ICE started? */</span><br><span style="color: hsl(120, 100%, 40%);">+ if (session_media->remote_ice) {</span><br><span style="color: hsl(120, 100%, 40%);">+ check_remote_ice_reset(session, session_media, sdp, stream);</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> if (ast_sip_session_is_pending_stream_default(session, asterisk_stream) && media_type == AST_MEDIA_TYPE_AUDIO) {</span><br><span> /* Check if incomming SDP is changing the remotely held state */</span><br><span> if (ast_sockaddr_isnull(addrs) ||</span><br><span>@@ -1584,6 +1591,45 @@</span><br><span> return 0;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+static void check_remote_ice_reset(struct ast_sip_session *session, struct ast_sip_session_media *session_media,</span><br><span style="color: hsl(120, 100%, 40%);">+ const struct pjmedia_sdp_session *remote, const struct pjmedia_sdp_media *remote_stream)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ struct ast_rtp_engine_ice *ice;</span><br><span style="color: hsl(120, 100%, 40%);">+ const pjmedia_sdp_attr *attr;</span><br><span style="color: hsl(120, 100%, 40%);">+ char remote_ufrag[256];</span><br><span style="color: hsl(120, 100%, 40%);">+ char remote_pwd[256];</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ /* If ICE support is not enabled or available exit early */</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!session->endpoint->media.rtp.ice_support || !(ice = ast_rtp_instance_get_ice(session_media->rtp))) {</span><br><span style="color: hsl(120, 100%, 40%);">+ return;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ attr = pjmedia_sdp_media_find_attr2(remote_stream, "ice-ufrag", NULL);</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!attr) {</span><br><span style="color: hsl(120, 100%, 40%);">+ attr = pjmedia_sdp_attr_find2(remote->attr_count, remote->attr, "ice-ufrag", NULL);</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ if (attr) {</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_copy_pj_str(remote_ufrag, (pj_str_t*)&attr->value, sizeof(remote_ufrag));</span><br><span style="color: hsl(120, 100%, 40%);">+ } else {</span><br><span style="color: hsl(120, 100%, 40%);">+ return;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ attr = pjmedia_sdp_media_find_attr2(remote_stream, "ice-pwd", NULL);</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!attr) {</span><br><span style="color: hsl(120, 100%, 40%);">+ attr = pjmedia_sdp_attr_find2(remote->attr_count, remote->attr, "ice-pwd", NULL);</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ if (attr) {</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_copy_pj_str(remote_pwd, (pj_str_t*)&attr->value, sizeof(remote_pwd));</span><br><span style="color: hsl(120, 100%, 40%);">+ } else {</span><br><span style="color: hsl(120, 100%, 40%);">+ return;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ int remote_ice_restarted = ice->check_remote_ice_restart(session_media->rtp, remote_ufrag, remote_pwd);</span><br><span style="color: hsl(120, 100%, 40%);">+ if (remote_ice_restarted) {</span><br><span style="color: hsl(120, 100%, 40%);">+ ice->reset_ice_ufrag_password(session_media->rtp);</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> /*! \brief Function which creates an outgoing stream */</span><br><span> static int create_outgoing_sdp_stream(struct ast_sip_session *session, struct ast_sip_session_media *session_media,</span><br><span> struct pjmedia_sdp_session *sdp, const struct pjmedia_sdp_session *remote, struct ast_stream *stream)</span><br><span>diff --git a/res/res_rtp_asterisk.c b/res/res_rtp_asterisk.c</span><br><span>index dfec8f5..171d42d 100644</span><br><span>--- a/res/res_rtp_asterisk.c</span><br><span>+++ b/res/res_rtp_asterisk.c</span><br><span>@@ -271,6 +271,8 @@</span><br><span> /*! \brief List of ICE host candidate mappings */</span><br><span> static AST_RWLIST_HEAD_STATIC(host_candidates, ast_ice_host_candidate);</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+static char *generate_random_string(char *buf, size_t size);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> #endif</span><br><span> </span><br><span> #define FLAG_3389_WARNING (1 << 0)</span><br><span>@@ -774,6 +776,27 @@</span><br><span> }</span><br><span> }</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+static int ast_rtp_check_remote_ice_restart(struct ast_rtp_instance *instance, const char *ufrag, const char *password)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ struct ast_rtp *rtp = ast_rtp_instance_get_data(instance);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!ast_strlen_zero(ufrag) && !ast_strlen_zero(password)) {</span><br><span style="color: hsl(120, 100%, 40%);">+ if ( strcmp(ufrag, rtp->remote_ufrag) ||</span><br><span style="color: hsl(120, 100%, 40%);">+ strcmp(password, rtp->remote_passwd)) {</span><br><span style="color: hsl(120, 100%, 40%);">+ return 1;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ return 0;</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+static void ast_rtp_reset_ice_ufrag_password(struct ast_rtp_instance *instance)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ struct ast_rtp *rtp = ast_rtp_instance_get_data(instance);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ generate_random_string(rtp->local_ufrag, sizeof(rtp->local_ufrag));</span><br><span style="color: hsl(120, 100%, 40%);">+ generate_random_string(rtp->local_passwd, sizeof(rtp->local_passwd));</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> static int ice_candidate_cmp(void *obj, void *arg, int flags)</span><br><span> {</span><br><span> struct ast_rtp_engine_ice_candidate *candidate1 = obj, *candidate2 = arg;</span><br><span>@@ -1730,6 +1753,8 @@</span><br><span> .set_role = ast_rtp_ice_set_role,</span><br><span> .turn_request = ast_rtp_ice_turn_request,</span><br><span> .change_components = ast_rtp_ice_change_components,</span><br><span style="color: hsl(120, 100%, 40%);">+ .check_remote_ice_restart = ast_rtp_check_remote_ice_restart,</span><br><span style="color: hsl(120, 100%, 40%);">+ .reset_ice_ufrag_password = ast_rtp_reset_ice_ufrag_password,</span><br><span> };</span><br><span> #endif</span><br><span> </span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/c/asterisk/+/15385">change 15385</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/c/asterisk/+/15385"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: 16 </div>
<div style="display:none"> Gerrit-Change-Id: I9c55e79a7af98a8fbb497d336b828ba41bc34eeb </div>
<div style="display:none"> Gerrit-Change-Number: 15385 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Salah Ahmed <txrubel@gmail.com> </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>