[asterisk-commits] oej: branch oej/oolong-path-support-1.8 r412876 - in /team/oej/oolong-path-su...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Tue Apr 22 03:19:26 CDT 2014


Author: oej
Date: Tue Apr 22 03:19:17 2014
New Revision: 412876

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=412876
Log:
Reset, resolve

Modified:
    team/oej/oolong-path-support-1.8/   (props changed)
    team/oej/oolong-path-support-1.8/CHANGES
    team/oej/oolong-path-support-1.8/channels/chan_sip.c
    team/oej/oolong-path-support-1.8/channels/sip/include/sip.h
    team/oej/oolong-path-support-1.8/configs/sip.conf.sample
    team/oej/oolong-path-support-1.8/main/http.c
    team/oej/oolong-path-support-1.8/main/manager.c

Propchange: team/oej/oolong-path-support-1.8/
------------------------------------------------------------------------------
    automerge = Is-there-life-off-net?

Propchange: team/oej/oolong-path-support-1.8/
------------------------------------------------------------------------------
--- svnmerge-integrated (original)
+++ svnmerge-integrated Tue Apr 22 03:19:17 2014
@@ -1,1 +1,1 @@
-/branches/1.8:1-412679
+/branches/1.8:1-412875

Modified: team/oej/oolong-path-support-1.8/CHANGES
URL: http://svnview.digium.com/svn/asterisk/team/oej/oolong-path-support-1.8/CHANGES?view=diff&rev=412876&r1=412875&r2=412876
==============================================================================
--- team/oej/oolong-path-support-1.8/CHANGES (original)
+++ team/oej/oolong-path-support-1.8/CHANGES Tue Apr 22 03:19:17 2014
@@ -7,6 +7,29 @@
 === and the other UPGRADE files for older releases.
 ===
 ======================================================================
+
+------------------------------------------------------------------------------
+--- Functionality changes since Asterisk 1.8.26.1 ----------------------------
+------------------------------------------------------------------------------
+
+chan_sip
+-----------
+ * SIP peers can now specify 'trust_id_outbound' which affects RPID/PAI
+   fields for prohibited callingpres information. Values are legacy, no, and
+   yes. By default, legacy is used.
+   trust_id_outbound=legacy - behavior remains the same as 1.8.26.1. When
+     dealing with prohibited callingpres and sendrpid=pai/rpid, RPID/PAI
+     headers are appended to outbound SIP messages just as they are with
+     allowed callingpres values, but data about the remote party's identity is
+     anonymized.
+     When sendrpid=rpid, only the remote party's domain is anonymized.
+   trust_id_outbound=no - when dealing with prohibited callingpres, RPID/PAI
+     headers are not sent.
+   trust_id_outbound=yes - RPID/PAI headers are applied with the full remote
+     party information in tact even for prohibited callingpres information.
+     In the case of PAI, a Privacy: id header will be appended for prohibited
+     calling information to communicate that the private information should
+     not be relayed to untrusted parties.
 
 ------------------------------------------------------------------------------
 --- Functionality changes since Asterisk 1.8.19.1 ----------------------------

Modified: team/oej/oolong-path-support-1.8/channels/chan_sip.c
URL: http://svnview.digium.com/svn/asterisk/team/oej/oolong-path-support-1.8/channels/chan_sip.c?view=diff&rev=412876&r1=412875&r2=412876
==============================================================================
--- team/oej/oolong-path-support-1.8/channels/chan_sip.c (original)
+++ team/oej/oolong-path-support-1.8/channels/chan_sip.c Tue Apr 22 03:19:17 2014
@@ -11463,15 +11463,39 @@
 	}
 	lid_pres = ast_party_id_presentation(&p->owner->connected.id);
 
-	fromdomain = S_OR(p->fromdomain, ast_sockaddr_stringify_host_remote(&p->ourip));
+	if (((lid_pres & AST_PRES_RESTRICTION) != AST_PRES_ALLOWED) &&
+			(ast_test_flag(&p->flags[1], SIP_PAGE2_TRUST_ID_OUTBOUND) == SIP_PAGE2_TRUST_ID_OUTBOUND_NO)) {
+		/* If pres is not allowed and we don't trust the peer, we don't apply an RPID header */
+		return 0;
+	}
+
+	fromdomain = p->fromdomain;
+	if (!fromdomain ||
+			((ast_test_flag(&p->flags[1], SIP_PAGE2_TRUST_ID_OUTBOUND) == SIP_PAGE2_TRUST_ID_OUTBOUND_YES) &&
+			!strcmp("anonymous.invalid", fromdomain))) {
+		/* If the fromdomain is NULL or if it was set to anonymous.invalid due to privacy settings and we trust the peer,
+		 * use the host IP address */
+		fromdomain = ast_sockaddr_stringify_host_remote(&p->ourip);
+	}
 
 	lid_num = ast_uri_encode(lid_num, tmp2, sizeof(tmp2), 0);
 
 	if (ast_test_flag(&p->flags[0], SIP_SENDRPID_PAI)) {
-		if ((lid_pres & AST_PRES_RESTRICTION) != AST_PRES_ALLOWED) {
-			ast_str_set(&tmp, -1, "%s", anonymous_string);
+		if (ast_test_flag(&p->flags[1], SIP_PAGE2_TRUST_ID_OUTBOUND) != SIP_PAGE2_TRUST_ID_OUTBOUND_LEGACY) {
+			/* trust_id_outbound = yes - Always give full information even if it's private, but append a privacy header
+			 * When private data is included */
+			ast_str_set(&tmp, -1, "\"%s\" <sip:%s@%s>", lid_name, lid_num, fromdomain);
+			if ((lid_pres & AST_PRES_RESTRICTION) != AST_PRES_ALLOWED) {
+				add_header(req, "Privacy", "id");
+			}
 		} else {
-			ast_str_set(&tmp, -1, "\"%s\" <sip:%s@%s>", lid_name, lid_num, fromdomain);
+			/* trust_id_outbound = legacy - behave in a non RFC-3325 compliant manner and send anonymized data when
+			 * when handling private data. */
+			if ((lid_pres & AST_PRES_RESTRICTION) == AST_PRES_ALLOWED) {
+				ast_str_set(&tmp, -1, "\"%s\" <sip:%s@%s>", lid_name, lid_num, fromdomain);
+			} else {
+				ast_str_set(&tmp, -1, "%s", anonymous_string);
+			}
 		}
 		add_header(req, "P-Asserted-Identity", ast_str_buffer(tmp));
 	} else {
@@ -17869,6 +17893,18 @@
 	return map_x_s(allowoverlapstr, mode, "<error>");
 }
 
+static const struct _map_x_s trust_id_outboundstr[] = {
+	{ SIP_PAGE2_TRUST_ID_OUTBOUND_LEGACY,  "Legacy" },
+	{ SIP_PAGE2_TRUST_ID_OUTBOUND_NO,      "No" },
+	{ SIP_PAGE2_TRUST_ID_OUTBOUND_YES,     "Yes" },
+	{ -1,                                  NULL }, /* terminator */
+};
+
+static const char *trust_id_outbound2str(int mode)
+{
+	return map_x_s(trust_id_outboundstr, mode, "<error>");
+}
+
 /*! \brief Destroy disused contexts between reloads
 	Only used in reload_config so the code for regcontext doesn't get ugly
 */
@@ -18434,6 +18470,7 @@
 			}
 			ast_cli(fd, "\n");
 		}
+		ast_cli(fd, "  TrustIDOutbnd: %s\n", trust_id_outbound2str(ast_test_flag(&peer->flags[1], SIP_PAGE2_TRUST_ID_OUTBOUND)));
 		ast_cli(fd, "  Subscriptions: %s\n", AST_CLI_YESNO(ast_test_flag(&peer->flags[1], SIP_PAGE2_ALLOWSUBSCRIBE)));
 		ast_cli(fd, "  Overlap dial : %s\n", allowoverlap2str(ast_test_flag(&peer->flags[1], SIP_PAGE2_ALLOWOVERLAP)));
 		if (peer->outboundproxy)
@@ -27838,6 +27875,19 @@
 	} else if (!strcasecmp(v->name, "rpid_immediate")) {
 		ast_set_flag(&mask[1], SIP_PAGE2_RPID_IMMEDIATE);
 		ast_set2_flag(&flags[1], ast_true(v->value), SIP_PAGE2_RPID_IMMEDIATE);
+	} else if (!strcasecmp(v->name, "trust_id_outbound")) {
+		ast_set_flag(&mask[1], SIP_PAGE2_TRUST_ID_OUTBOUND);
+		ast_clear_flag(&flags[1], SIP_PAGE2_TRUST_ID_OUTBOUND);
+		if (!strcasecmp(v->value, "legacy")) {
+			ast_set_flag(&flags[1], SIP_PAGE2_TRUST_ID_OUTBOUND_LEGACY);
+		} else if (ast_true(v->value)) {
+			ast_set_flag(&flags[1], SIP_PAGE2_TRUST_ID_OUTBOUND_YES);
+		} else if (ast_false(v->value)) {
+			ast_set_flag(&flags[1], SIP_PAGE2_TRUST_ID_OUTBOUND_NO);
+		} else {
+			ast_log(LOG_WARNING, "Unknown trust_id_outbound mode '%s' on line %d, using legacy\n", v->value, v->lineno);
+			ast_set_flag(&flags[1], SIP_PAGE2_TRUST_ID_OUTBOUND_LEGACY);
+		}
 	} else if (!strcasecmp(v->name, "g726nonstandard")) {
 		ast_set_flag(&mask[0], SIP_G726_NONSTANDARD);
 		ast_set2_flag(&flags[0], ast_true(v->value), SIP_G726_NONSTANDARD);

Modified: team/oej/oolong-path-support-1.8/channels/sip/include/sip.h
URL: http://svnview.digium.com/svn/asterisk/team/oej/oolong-path-support-1.8/channels/sip/include/sip.h?view=diff&rev=412876&r1=412875&r2=412876
==============================================================================
--- team/oej/oolong-path-support-1.8/channels/sip/include/sip.h (original)
+++ team/oej/oolong-path-support-1.8/channels/sip/include/sip.h Tue Apr 22 03:19:17 2014
@@ -349,13 +349,18 @@
 #define SIP_PAGE2_HAVEPEERCONTEXT           (1 << 28)   /*< Are we associated with a configured peer context? */
 #define SIP_PAGE2_USE_SRTP                  (1 << 29)   /*!< DP: Whether we should offer (only)  SRTP */
 
+#define SIP_PAGE2_TRUST_ID_OUTBOUND         (3 << 30)   /*!< DP: Do we trust the peer with private presence information? */
+#define SIP_PAGE2_TRUST_ID_OUTBOUND_LEGACY  (0 << 30)   /*!< Legacy, Do not provide private presence information, but include PAI/RPID when private */
+#define SIP_PAGE2_TRUST_ID_OUTBOUND_NO      (1 << 30)   /*!< No, Do not provide private presence information, do not include PAI/RPID when private */
+#define SIP_PAGE2_TRUST_ID_OUTBOUND_YES     (2 << 30)   /*!< Yes, provide private presence information in PAI/RPID headers */
+
 #define SIP_PAGE2_FLAGS_TO_COPY \
 	(SIP_PAGE2_ALLOWSUBSCRIBE | SIP_PAGE2_ALLOWOVERLAP | SIP_PAGE2_IGNORESDPVERSION | \
 	SIP_PAGE2_VIDEOSUPPORT | SIP_PAGE2_T38SUPPORT | SIP_PAGE2_RFC2833_COMPENSATE | \
 	SIP_PAGE2_BUGGY_MWI | SIP_PAGE2_TEXTSUPPORT | SIP_PAGE2_FAX_DETECT | \
 	SIP_PAGE2_UDPTL_DESTINATION | SIP_PAGE2_VIDEOSUPPORT_ALWAYS | SIP_PAGE2_PREFERRED_CODEC | \
 	SIP_PAGE2_RPID_IMMEDIATE | SIP_PAGE2_RPID_UPDATE | SIP_PAGE2_SYMMETRICRTP |\
-	SIP_PAGE2_Q850_REASON | SIP_PAGE2_HAVEPEERCONTEXT | SIP_PAGE2_USE_SRTP)
+	SIP_PAGE2_Q850_REASON | SIP_PAGE2_HAVEPEERCONTEXT | SIP_PAGE2_USE_SRTP | SIP_PAGE2_TRUST_ID_OUTBOUND)
 
 
 #define SIP_PAGE3_SNOM_AOC               (1 << 0)  /*!< DPG: Allow snom aoc messages */

Modified: team/oej/oolong-path-support-1.8/configs/sip.conf.sample
URL: http://svnview.digium.com/svn/asterisk/team/oej/oolong-path-support-1.8/configs/sip.conf.sample?view=diff&rev=412876&r1=412875&r2=412876
==============================================================================
--- team/oej/oolong-path-support-1.8/configs/sip.conf.sample (original)
+++ team/oej/oolong-path-support-1.8/configs/sip.conf.sample Tue Apr 22 03:19:17 2014
@@ -337,6 +337,17 @@
                                 ; transmit such UPDATE messages to it, then you must enable this option.
                                 ; Otherwise, we will have to wait until we can send a reinvite to
                                 ; transmit the information.
+;trust_id_outbound = no         ; Controls whether or not we trust this peer with private identity
+                                ; information (when the remote party has callingpres=prohib or equivalent).
+                                ; no - RPID/PAI headers will not be included for private peer information
+                                ; yes - RPID/PAI headers will include the private peer information. Privacy
+                                ;       requirements will be indicated in a Privacy header for sendrpid=pai
+                                ; legacy - RPID/PAI will be included for private peer information. In the
+                                ;       case of sendrpid=pai, private data that would be included in them
+                                ;       will be anonymized. For sendrpid=rpid, private data may be included
+                                ;       but the remote party's domain will be anonymized. The way legacy
+                                ;       behaves may violate RFC-3325, but it follows historic behavior.
+                                ; This option is set to 'legacy' by default
 ;prematuremedia=no              ; Some ISDN links send empty media frames before 
                                 ; the call is in ringing or progress state. The SIP 
                                 ; channel will then send 183 indicating early media
@@ -1143,6 +1154,7 @@
 ; autoframing
 ; insecure
 ; trustrpid
+; trust_id_outbound
 ; progressinband
 ; promiscredir
 ; useclientcode
@@ -1310,7 +1322,8 @@
 ;allow=g723.1                    ; Asterisk only supports g723.1 pass-thru!
 ;allow=g729                      ; Pass-thru only unless g729 license obtained
 ;callingpres=allowed_passed_screen ; Set caller ID presentation
-                                 ; See README.callingpres for more information
+                                 ; See function CALLERPRES documentation for possible
+                                 ; values.
 
 ;[xlite1]
 ; Turn off silence suppression in X-Lite ("Transmit Silence"=YES)!

Modified: team/oej/oolong-path-support-1.8/main/http.c
URL: http://svnview.digium.com/svn/asterisk/team/oej/oolong-path-support-1.8/main/http.c?view=diff&rev=412876&r1=412875&r2=412876
==============================================================================
--- team/oej/oolong-path-support-1.8/main/http.c (original)
+++ team/oej/oolong-path-support-1.8/main/http.c Tue Apr 22 03:19:17 2014
@@ -883,9 +883,25 @@
 	char *uri, *method;
 	enum ast_http_method http_method = AST_HTTP_UNKNOWN;
 	int remaining_headers;
+	struct protoent *p;
 
 	if (ast_atomic_fetchadd_int(&session_count, +1) >= session_limit) {
 		goto done;
+	}
+
+	/* here we set TCP_NODELAY on the socket to disable Nagle's algorithm.
+	 * This is necessary to prevent delays (caused by buffering) as we
+	 * write to the socket in bits and pieces. */
+	p = getprotobyname("tcp");
+	if (p) {
+		int arg = 1;
+		if( setsockopt(ser->fd, p->p_proto, TCP_NODELAY, (char *)&arg, sizeof(arg) ) < 0 ) {
+			ast_log(LOG_WARNING, "Failed to set TCP_NODELAY on HTTP connection: %s\n", strerror(errno));
+			ast_log(LOG_WARNING, "Some HTTP requests may be slow to respond.\n");
+		}
+	} else {
+		ast_log(LOG_WARNING, "Failed to set TCP_NODELAY on HTTP connection, getprotobyname(\"tcp\") failed\n");
+		ast_log(LOG_WARNING, "Some HTTP requests may be slow to respond.\n");
 	}
 
 	if (!fgets(buf, sizeof(buf), ser->f)) {

Modified: team/oej/oolong-path-support-1.8/main/manager.c
URL: http://svnview.digium.com/svn/asterisk/team/oej/oolong-path-support-1.8/main/manager.c?view=diff&rev=412876&r1=412875&r2=412876
==============================================================================
--- team/oej/oolong-path-support-1.8/main/manager.c (original)
+++ team/oej/oolong-path-support-1.8/main/manager.c Tue Apr 22 03:19:17 2014
@@ -5089,7 +5089,7 @@
 
 	/* here we set TCP_NODELAY on the socket to disable Nagle's algorithm.
 	 * This is necessary to prevent delays (caused by buffering) as we
-	 * write to the socket in bits and peices. */
+	 * write to the socket in bits and pieces. */
 	p = getprotobyname("tcp");
 	if (p) {
 		int arg = 1;




More information about the asterisk-commits mailing list