[asterisk-commits] oej: trunk r148473 - in /trunk: channels/chan_sip.c main/tcptls.c

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Mon Oct 13 10:49:01 CDT 2008


Author: oej
Date: Mon Oct 13 10:49:01 2008
New Revision: 148473

URL: http://svn.digium.com/view/asterisk?view=rev&rev=148473
Log:
Highlightning even more bugs in the current tcp/tls implementation.

Modified:
    trunk/channels/chan_sip.c
    trunk/main/tcptls.c

Modified: trunk/channels/chan_sip.c
URL: http://svn.digium.com/view/asterisk/trunk/channels/chan_sip.c?view=diff&rev=148473&r1=148472&r2=148473
==============================================================================
--- trunk/channels/chan_sip.c (original)
+++ trunk/channels/chan_sip.c Mon Oct 13 10:49:01 2008
@@ -729,6 +729,8 @@
 static char default_parkinglot[AST_MAX_CONTEXT]; /*!< Parkinglot */
 static int default_maxcallbitrate;	/*!< Maximum bitrate for call */
 static struct ast_codec_pref default_prefs;		/*!< Default codec prefs */
+static unsigned int default_transports;			/*!< Default Transports (enum sip_transport) that are acceptable */
+static unsigned int default_primary_transport;		/*!< Default primary Transport (enum sip_transport) for outbound connections to devices */
 
 /*! \brief a place to store all global settings for the sip channel driver */
 struct sip_settings {
@@ -1484,7 +1486,7 @@
 struct sip_peer {
 	char name[80];			/*!< peer->name is the unique name of this object */
 	struct sip_socket socket;	/*!< Socket used for this peer */
-	unsigned int transports:3; /*!< Transports (enum sip_transport) that are acceptable for this peer */
+	unsigned int transports:3;      /*!< Transports (enum sip_transport) that are acceptable for this peer */
 	char secret[80];		/*!< Password */
 	char md5secret[80];		/*!< Password in MD5 */
 	struct sip_auth *auth;		/*!< Realm authentication list */
@@ -2000,7 +2002,7 @@
 	else if (!(peer->transports & tmpl->socket.type)) {\
 		ast_log(LOG_ERROR, \
 			"'%s' is not a valid transport for '%s'. we only use '%s'! ending call.\n", \
-			get_transport(tmpl->socket.type), peer->name, get_transport_list(peer) \
+			get_transport(tmpl->socket.type), peer->name, get_transport_list(peer->transports) \
 			); \
 		ret = 1; \
 	} else if (peer->socket.type & SIP_TRANSPORT_TLS) { \
@@ -2300,7 +2302,7 @@
 	.master = AST_PTHREADT_NULL,
 	.tls_cfg = NULL,
 	.poll_timeout = -1,
-	.name = "sip tcp server",
+	.name = "SIP TCP server",
 	.accept_fn = ast_tcptls_server_root,
 	.worker_fn = sip_tcp_worker_fn,
 };
@@ -2311,7 +2313,7 @@
 	.master = AST_PTHREADT_NULL,
 	.tls_cfg = &sip_tls_cfg,
 	.poll_timeout = -1,
-	.name = "sip tls server",
+	.name = "SIP TLS server",
 	.accept_fn = ast_tcptls_server_root,
 	.worker_fn = sip_tcp_worker_fn,
 };
@@ -2385,6 +2387,8 @@
 	else
 		me->type = SIP_TRANSPORT_TCP;
 
+	ast_debug(2, "Starting thread for %s server\n", ser->ssl ? "SSL" : "TCP");
+
 	AST_LIST_LOCK(&threadl);
 	AST_LIST_INSERT_TAIL(&threadl, me, list);
 	AST_LIST_UNLOCK(&threadl);
@@ -2411,7 +2415,7 @@
 		}
 		res = ast_wait_for_input(ser->fd, -1);
 		if (res < 0) {
-			ast_debug(1, "ast_wait_for_input returned %d\n", res);
+			ast_debug(2, "SIP %s server :: ast_wait_for_input returned %d\n", ser->ssl ? "SSL": "TCP", res);
 			goto cleanup;
 		}
 
@@ -2430,6 +2434,7 @@
 		}
 		copy_request(&reqcpy, &req);
 		parse_request(&reqcpy);
+		/* In order to know how much to read, we need the content-length header */
 		if (sscanf(get_header(&reqcpy, "Content-Length"), "%d", &cl)) {
 			while (cl > 0) {
 				ast_mutex_lock(&ser->lock);
@@ -2445,6 +2450,9 @@
 				req.len = req.data->used;
 			}
 		}
+		/*! \todo XXX If there's no Content-Length or if the content-lenght and what
+				we receive is not the same - we should generate an error */
+
 		req.socket.ser = ser;
 		handle_request_do(&req, &ser->requestor);
 	}
@@ -2466,6 +2474,8 @@
 		ast_free(req.data);
 		req.data = NULL;
 	}
+
+	ast_debug(2, "Shutting down thread for %s server\n", ser->ssl ? "SSL" : "TCP");
 	
 
 	ao2_ref(ser, -1);
@@ -2774,8 +2784,9 @@
 	return sip_debug_test_addr(sip_real_dst(p));
 }
 
-static inline const char *get_transport_list(struct sip_peer *peer) {
-	switch (peer->transports) {
+/*! \brief Return configuration of transports for a device */
+static inline const char *get_transport_list(unsigned int transports) {
+	switch (transports) {
 		case SIP_TRANSPORT_UDP:
 			return "UDP";
 		case SIP_TRANSPORT_TCP:
@@ -2789,11 +2800,12 @@
 		case SIP_TRANSPORT_TCP | SIP_TRANSPORT_TLS:
 			return "TLS,TCP";
 		default:
-			return peer->transports ? 
+			return transports ? 
 				"TLS,TCP,UDP" : "UNKNOWN";	
 	}
 }
 
+/*! \brief Return transport as string */
 static inline const char *get_transport(enum sip_transport t)
 {
 	switch (t) {
@@ -2808,6 +2820,12 @@
 	return "UNKNOWN";
 }
 
+/*! \brief Return transport of dialog.
+	\note this is based on a false assumption. We don't always use the
+	outbound proxy for all requests in a dialog. It depends on the
+	"force" parameter. The FIRST request is always sent to the ob proxy.
+	\todo Fix this function to work correctly
+*/
 static inline const char *get_transport_pvt(struct sip_pvt *p)
 {
 	if (p->outboundproxy && p->outboundproxy->transport)
@@ -2826,7 +2844,7 @@
 	int res = 0;
 	const struct sockaddr_in *dst = sip_real_dst(p);
 
-	ast_debug(1, "Trying to put '%.10s' onto %s socket destined for %s:%d\n", data->str, get_transport_pvt(p), ast_inet_ntoa(dst->sin_addr), htons(dst->sin_port));
+	ast_debug(2, "Trying to put '%.10s' onto %s socket destined for %s:%d\n", data->str, get_transport_pvt(p), ast_inet_ntoa(dst->sin_addr), htons(dst->sin_port));
 
 	if (sip_prepare_socket(p) < 0)
 		return XMIT_ERROR;
@@ -2840,7 +2858,7 @@
 		if (p->socket.ser->f) 
 			res = ast_tcptls_server_write(p->socket.ser, data->str, len);
 		else
-			ast_debug(1, "No p->socket.ser->f len=%d\n", len);
+			ast_debug(2, "No p->socket.ser->f len=%d\n", len);
 	} 
 
 	if (p->socket.ser)
@@ -3117,14 +3135,15 @@
 
 	/* If the transport is something reliable (TCP or TLS) then don't really send this reliably */
 	/* I removed the code from retrans_pkt that does the same thing so it doesn't get loaded into the scheduler */
-	/* According to the RFC some packets need to be retransmitted even if its TCP, so this needs to get revisited */
+	/*! \todo According to the RFC some packets need to be retransmitted even if its TCP, so this needs to get revisited */
 	if (!(p->socket.type & SIP_TRANSPORT_UDP)) {
-		xmitres = __sip_xmit(dialog_ref(p, "pasing dialog ptr into callback..."), data, len);	/* Send packet */
+		xmitres = __sip_xmit(dialog_ref(p, "passing dialog ptr into callback..."), data, len);	/* Send packet */
 		if (xmitres == XMIT_ERROR) {	/* Serious network trouble, no need to try again */
 			append_history(p, "XmitErr", "%s", fatal ? "(Critical)" : "(Non-critical)");
 			return AST_FAILURE;
-		} else
+		} else {
 			return AST_SUCCESS;
+		}
 	}
 
 	if (!(pkt = ast_calloc(1, sizeof(*pkt) + len + 1)))
@@ -4402,7 +4421,7 @@
 
 		/* Let's see if we can find the host in DNS. First try DNS SRV records,
 		   then hostname lookup */
-		/*! \todo Fix this function. When we ask SRC, we should check all transports 
+		/*! \todo Fix this function. When we ask for SRV, we should check all transports 
 			  In the future, we should first check NAPTR to find out transport preference
 		 */
 		hostn = peername;
@@ -8976,8 +8995,10 @@
 			ast_string_field_build(p, our_contact, "<sip:%s%s%s:%d>", p->exten, ast_strlen_zero(p->exten) ? "" : "@", ast_inet_ntoa(p->ourip.sin_addr), ntohs(p->socket.port));
 		else
 			ast_string_field_build(p, our_contact, "<sip:%s%s%s>", p->exten, ast_strlen_zero(p->exten) ? "" : "@", ast_inet_ntoa(p->ourip.sin_addr));
-	} else 
+	} else  {
+		/*! \todo We should not always add port here. Port is only added if it's non-standard (see code above) */
 		ast_string_field_build(p, our_contact, "<sip:%s%s%s:%d;transport=%s>", p->exten, ast_strlen_zero(p->exten) ? "" : "@", ast_inet_ntoa(p->ourip.sin_addr), ntohs(p->socket.port), get_transport_pvt(p));
+	}
 }
 
 /*! \brief Build the Remote Party-ID & From using callingpres options */
@@ -10459,6 +10480,15 @@
 	contact2 = contact2_buf;
 
 	/* We have only the part in <brackets> here so we just need to parse a SIP URI.*/
+
+       /*! \brief This code is wrong, it assumes that the contact we receive will use the
+               same transport as the request. It's not a valid assumption. The contact for
+               a udp connection can be a SIPS uri, or request ;transport=tcp
+               \todo Fix this buggy code. It doesn't even parse transport!!!!
+
+		Note: The outbound proxy could be using UDP between the proxy and Asterisk.
+		We still need to be able to send to the remote agent through the proxy.
+       */
 	if (tcp) {
 		if (parse_uri(contact, "sips:", &contact, NULL, &host, &pt, NULL)) {
 			if (parse_uri(contact2, "sip:", &contact, NULL, &host, &pt, NULL))
@@ -10491,6 +10521,7 @@
 	if (ast_test_flag(&pvt->flags[0], SIP_NAT_ROUTE)) {
 		/* NAT: Don't trust the contact field.  Just use what they came to us
 		   with. */
+		/*! \todo We need to save the TRANSPORT here too */
 		pvt->sa = pvt->recv;
 		return 0;
 	}
@@ -11092,7 +11123,7 @@
 		ast_log(LOG_NOTICE, "Invalid to address: '%s' from %s (missing sip:) trying to use anyway...\n", c, ast_inet_ntoa(sin->sin_addr));
 	}
 
-	/* XXX here too we interpret a missing @domain as a name-only
+	/*! \todo XXX here too we interpret a missing @domain as a name-only
 	 * URI, whereas the RFC says this is a domain-only uri.
 	 */
 	/* Strip off the domain name */
@@ -11126,6 +11157,7 @@
 	}
 
 	if (peer) {
+		/*! \todo OEJ Remove this - there's never RTP in a REGISTER dialog... */
 		/* Set Frame packetization */
 		if (p->rtp) {
 			ast_rtp_codec_setpref(p->rtp, &peer->prefs);
@@ -13409,7 +13441,8 @@
 		ast_cli(fd, "  ToHost       : %s\n", peer->tohost);
 		ast_cli(fd, "  Addr->IP     : %s Port %d\n",  peer->addr.sin_addr.s_addr ? ast_inet_ntoa(peer->addr.sin_addr) : "(Unspecified)", ntohs(peer->addr.sin_port));
 		ast_cli(fd, "  Defaddr->IP  : %s Port %d\n", ast_inet_ntoa(peer->defaddr.sin_addr), ntohs(peer->defaddr.sin_port));
-		ast_cli(fd, "  Transport    : %s\n", get_transport(peer->socket.type));
+		ast_cli(fd, "  Prim.Transp. : %s\n", get_transport(peer->socket.type));
+		ast_cli(fd, "  Allowed.Trsp : %s\n", get_transport_list(peer->transports)); 
 		if (!ast_strlen_zero(global_regcontext))
 			ast_cli(fd, "  Reg. exten   : %s\n", peer->regexten);
 		ast_cli(fd, "  Def. Username: %s\n", peer->username);
@@ -13917,6 +13950,8 @@
 
 	ast_cli(a->fd, "\nDefault Settings:\n");
 	ast_cli(a->fd, "-----------------\n");
+	ast_cli(a->fd, "  Allowed transports:     %s\n", get_transport_list(default_transports)); 
+	ast_cli(a->fd, "  Outbound transport:	  %s\n", get_transport(default_primary_transport));
 	ast_cli(a->fd, "  Context:                %s\n", default_context);
 	ast_cli(a->fd, "  Nat:                    %s\n", nat2str(ast_test_flag(&global_flags[0], SIP_NAT)));
 	ast_cli(a->fd, "  DTMF:                   %s\n", dtmfmode2str(ast_test_flag(&global_flags[0], SIP_DTMF)));
@@ -15420,7 +15455,7 @@
 			/* Actually don't destroy us yet, wait for the 487 on our original 
 			   INVITE, but do set an autodestruct just in case we never get it. */
 		else {
-			/* We have a pending outbound invite, don't send someting
+			/* We have a pending outbound invite, don't send something
 				new in-transaction */
 			if (p->pendinginvite)
 				return;
@@ -19597,6 +19632,7 @@
 	return 1;
 }
 
+/*! \brief Handle incoming SIP message - request or response */
 static int handle_request_do(struct sip_request *req, struct sockaddr_in *sin) 
 {
 	struct sip_pvt *p;
@@ -19609,7 +19645,7 @@
 	if (pedanticsipchecking)
 		req->len = lws2sws(req->data->str, req->len);	/* Fix multiline headers */
 	if (req->debug) {
-		ast_verbose("\n<--- SIP read from %s://%s:%d --->\n%s\n<------------->\n", 
+		ast_verbose("\n<--- SIP read from %s:%s:%d --->\n%s\n<------------->\n", 
 			get_transport(req->socket.type), ast_inet_ntoa(sin->sin_addr), 
 			ntohs(sin->sin_port), req->data->str);
 	}
@@ -19698,7 +19734,7 @@
 		return s.port == htons(STANDARD_SIP_PORT);
 }
 
-/*! \todo document this function. */
+/*! \todo Find thread for TCP/TLS session (based on IP/Port */
 static struct ast_tcptls_session_instance *sip_tcp_locate(struct sockaddr_in *s)
 {
 	struct sip_threadinfo *th;
@@ -19716,7 +19752,7 @@
 	return NULL;
 }
 
-/*! \todo document this function. */
+/*! \todo Get socket for dialog, prepare if needed, and return file handle  */
 static int sip_prepare_socket(struct sip_pvt *p) 
 {
 	struct sip_socket *s = &p->socket;
@@ -19728,8 +19764,11 @@
 	};
 
 	if (s->fd != -1)
-		return s->fd;
-
+		return s->fd;	/* This socket is already active */
+
+	/*! \todo Check this... This might be wrong, depending on the proxy configuration
+		If proxy is in "force" mode its correct.
+	 */
 	if (p->outboundproxy && p->outboundproxy->transport) {
 		s->type = p->outboundproxy->transport;
 	}
@@ -19741,7 +19780,7 @@
 
 	ca.sin = *(sip_real_dst(p));
 
-	if ((ser = sip_tcp_locate(&ca.sin))) {
+	if ((ser = sip_tcp_locate(&ca.sin))) {	/* Check if we have a thread handling a socket connected to this IP/port */
 		s->fd = ser->fd;
 		if (s->ser) {
 			ao2_ref(s->ser, -1);
@@ -19768,7 +19807,7 @@
 	if (s->ser) {
 		/* the pvt socket already has a server instance ... */
 	} else {
-		s->ser = ast_tcptls_client_start(&ca);
+		s->ser = ast_tcptls_client_start(&ca); /* Start a client connection to this address */
 	}
 
 	if (!s->ser) {
@@ -21548,8 +21587,10 @@
 	}
 
 	if (!peer->socket.type) {
-		peer->transports  = SIP_TRANSPORT_UDP;
-		peer->socket.type = SIP_TRANSPORT_UDP;
+		/* Set default set of transports */
+		peer->transports  = default_transports;
+		/* Set default primary transport */
+		peer->socket.type = default_primary_transport;
 	}
 
 	if (fullcontact->used > 0) {
@@ -21737,6 +21778,7 @@
 	default_tls_cfg.cipher = ast_strdup("");
 	default_tls_cfg.cafile = ast_strdup("");
 	default_tls_cfg.capath = ast_strdup("");
+
 	
 	/* Initialize copy of current global_regcontext for later use in removing stale contexts */
 	ast_copy_string(oldcontexts, global_regcontext, sizeof(oldcontexts));
@@ -21762,6 +21804,8 @@
 	global_outboundproxy.ip.sin_port = htons(STANDARD_SIP_PORT);
 	global_outboundproxy.ip.sin_family = AF_INET;	/*!< Type of address: IPv4 */
 	global_outboundproxy.force = FALSE;		/*!< Don't force proxy usage, use route: headers */
+	default_transports = 0;				/*!< Reset default transport to zero here, default value later on */
+	default_primary_transport = 0;			/*!< Reset default primary transport to zero here, default value later on */
 	ourport_tcp = STANDARD_SIP_PORT;
 	ourport_tls = STANDARD_TLS_PORT;
 	bindaddr.sin_port = htons(STANDARD_SIP_PORT);
@@ -21903,6 +21947,25 @@
 			global_timer_b = global_t1 * 64;
 		} else if (!strcasecmp(v->name, "t1min")) {
 			global_t1min = atoi(v->value);
+		} else if (!strcasecmp(v->name, "transport") && !ast_strlen_zero(v->value)) {
+			char *val = ast_strdupa(v->value);
+			char *trans;
+
+			while ((trans = strsep(&val, ","))) {
+				trans = ast_skip_blanks(trans);
+
+				if (!strncasecmp(trans, "udp", 3)) 
+					default_transports |= SIP_TRANSPORT_UDP;
+				else if (!strncasecmp(trans, "tcp", 3))
+					default_transports |= SIP_TRANSPORT_TCP;
+				else if (!strncasecmp(trans, "tls", 3))
+					default_transports |= SIP_TRANSPORT_TLS;
+				else
+					ast_log(LOG_NOTICE, "'%s' is not a valid transport type. if no other is specified, udp will be used.\n", trans);
+				if (default_primary_transport == 0) {
+					default_primary_transport = default_transports;
+				}
+			}
 		} else if (!strcasecmp(v->name, "tcpenable")) {
 			sip_tcp_desc.sin.sin_family = ast_false(v->value) ? 0 : AF_INET;
 			ast_debug(2, "Enabling TCP socket for listening\n");
@@ -22253,6 +22316,10 @@
 		ast_log(LOG_WARNING, "To disallow external domains, you need to configure local SIP domains.\n");
 		allow_external_domains = 1;
 	}
+	/* If not configured, set default transports */
+	if (default_transports == 0) {
+		default_transports = default_primary_transport = SIP_TRANSPORT_UDP;
+	}
 	
 	/* Build list of authentication to various SIP realms, i.e. service providers */
  	for (v = ast_variable_browse(cfg, "authentication"); v ; v = v->next) {
@@ -22406,13 +22473,24 @@
 
 	/* Start TCP server */
 	ast_tcptls_server_start(&sip_tcp_desc);
+ 	if (sip_tcp_desc.accept_fd == -1 &&  sip_tcp_desc.sin.sin_family == AF_INET) {
+		/* TCP server start failed. Tell the admin */
+		ast_log(LOG_ERROR, "SIP TCP Server start failed. Not listening on TCP socket.\n");
+		sip_tcp_desc.sin.sin_family = 0;
+	} else {
+		ast_debug(2, "SIP TCP server started\n");
+	}
 
 	/* Start TLS server if needed */
 	memcpy(sip_tls_desc.tls_cfg, &default_tls_cfg, sizeof(default_tls_cfg));
 
-	if (ast_ssl_setup(sip_tls_desc.tls_cfg))
+	if (ast_ssl_setup(sip_tls_desc.tls_cfg)) {
 		ast_tcptls_server_start(&sip_tls_desc);
-	else if (sip_tls_desc.tls_cfg->enabled) {
+ 		if (default_tls_cfg.enabled && sip_tls_desc.accept_fd == -1) {
+			ast_log(LOG_ERROR, "TLS Server start failed. Not listening on TLS socket.\n");
+			sip_tls_desc.tls_cfg = NULL;
+		}
+	} else if (sip_tls_desc.tls_cfg->enabled) {
 		sip_tls_desc.tls_cfg = NULL;
 		ast_log(LOG_WARNING, "SIP TLS server did not load because of errors.\n");
 	}

Modified: trunk/main/tcptls.c
URL: http://svn.digium.com/view/asterisk/trunk/main/tcptls.c?view=diff&rev=148473&r1=148472&r2=148473
==============================================================================
--- trunk/main/tcptls.c (original)
+++ trunk/main/tcptls.c Mon Oct 13 10:49:01 2008
@@ -319,13 +319,14 @@
 		close(desc->accept_fd);
 
 	/* If there's no new server, stop here */
-	if (desc->sin.sin_family == 0)
+	if (desc->sin.sin_family == 0) {
+		ast_debug(2, "Server disabled:  %s\n", desc->name);
 		return;
+	}
 
 	desc->accept_fd = socket(AF_INET, SOCK_STREAM, 0);
 	if (desc->accept_fd < 0) {
-		ast_log(LOG_ERROR, "Unable to allocate socket for %s: %s\n",
-			desc->name, strerror(errno));
+		ast_log(LOG_ERROR, "Unable to allocate socket for %s: %s\n", desc->name, strerror(errno));
 		return;
 	}
 	
@@ -368,6 +369,7 @@
 	if (desc->accept_fd != -1)
 		close(desc->accept_fd);
 	desc->accept_fd = -1;
+	ast_debug(2, "Stopped server :: %s\n", desc->name);
 }
 
 /*! \brief




More information about the asterisk-commits mailing list