[asterisk-commits] oej: branch oej/teapot-1.8 r412879 - in /team/oej/teapot-1.8: ./ channels/ ch...
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Tue Apr 22 03:23:33 CDT 2014
Author: oej
Date: Tue Apr 22 03:23:28 2014
New Revision: 412879
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=412879
Log:
Resetting
Modified:
team/oej/teapot-1.8/ (props changed)
team/oej/teapot-1.8/CHANGES
team/oej/teapot-1.8/channels/chan_sip.c
team/oej/teapot-1.8/channels/sip/include/sip.h
team/oej/teapot-1.8/configs/sip.conf.sample
team/oej/teapot-1.8/main/http.c
team/oej/teapot-1.8/main/manager.c
team/oej/teapot-1.8/main/tcptls.c
Propchange: team/oej/teapot-1.8/
------------------------------------------------------------------------------
automerge = Is-there-life-off-net?
Propchange: team/oej/teapot-1.8/
------------------------------------------------------------------------------
--- svnmerge-integrated (original)
+++ svnmerge-integrated Tue Apr 22 03:23:28 2014
@@ -1,1 +1,1 @@
-/branches/1.8:1-412694
+/branches/1.8:1-412878
Modified: team/oej/teapot-1.8/CHANGES
URL: http://svnview.digium.com/svn/asterisk/team/oej/teapot-1.8/CHANGES?view=diff&rev=412879&r1=412878&r2=412879
==============================================================================
--- team/oej/teapot-1.8/CHANGES (original)
+++ team/oej/teapot-1.8/CHANGES Tue Apr 22 03:23:28 2014
@@ -7,6 +7,29 @@
=== and the other UPGRADE files for older releases.
===
======================================================================
+
+------------------------------------------------------------------------------
+--- Functionality changes since Asterisk 1.8.26.1 ----------------------------
+------------------------------------------------------------------------------
+
+chan_sip
+-----------
+ * SIP peers can now specify 'trust_id_outbound' which affects RPID/PAI
+ fields for prohibited callingpres information. Values are legacy, no, and
+ yes. By default, legacy is used.
+ trust_id_outbound=legacy - behavior remains the same as 1.8.26.1. When
+ dealing with prohibited callingpres and sendrpid=pai/rpid, RPID/PAI
+ headers are appended to outbound SIP messages just as they are with
+ allowed callingpres values, but data about the remote party's identity is
+ anonymized.
+ When sendrpid=rpid, only the remote party's domain is anonymized.
+ trust_id_outbound=no - when dealing with prohibited callingpres, RPID/PAI
+ headers are not sent.
+ trust_id_outbound=yes - RPID/PAI headers are applied with the full remote
+ party information in tact even for prohibited callingpres information.
+ In the case of PAI, a Privacy: id header will be appended for prohibited
+ calling information to communicate that the private information should
+ not be relayed to untrusted parties.
------------------------------------------------------------------------------
--- Functionality changes since Asterisk 1.8.19.1 ----------------------------
Modified: team/oej/teapot-1.8/channels/chan_sip.c
URL: http://svnview.digium.com/svn/asterisk/team/oej/teapot-1.8/channels/chan_sip.c?view=diff&rev=412879&r1=412878&r2=412879
==============================================================================
--- team/oej/teapot-1.8/channels/chan_sip.c (original)
+++ team/oej/teapot-1.8/channels/chan_sip.c Tue Apr 22 03:23:28 2014
@@ -11482,15 +11482,39 @@
}
lid_pres = ast_party_id_presentation(&p->owner->connected.id);
- fromdomain = S_OR(p->fromdomain, ast_sockaddr_stringify_host_remote(&p->ourip));
+ if (((lid_pres & AST_PRES_RESTRICTION) != AST_PRES_ALLOWED) &&
+ (ast_test_flag(&p->flags[1], SIP_PAGE2_TRUST_ID_OUTBOUND) == SIP_PAGE2_TRUST_ID_OUTBOUND_NO)) {
+ /* If pres is not allowed and we don't trust the peer, we don't apply an RPID header */
+ return 0;
+ }
+
+ fromdomain = p->fromdomain;
+ if (!fromdomain ||
+ ((ast_test_flag(&p->flags[1], SIP_PAGE2_TRUST_ID_OUTBOUND) == SIP_PAGE2_TRUST_ID_OUTBOUND_YES) &&
+ !strcmp("anonymous.invalid", fromdomain))) {
+ /* If the fromdomain is NULL or if it was set to anonymous.invalid due to privacy settings and we trust the peer,
+ * use the host IP address */
+ fromdomain = ast_sockaddr_stringify_host_remote(&p->ourip);
+ }
lid_num = ast_uri_encode(lid_num, tmp2, sizeof(tmp2), 0);
if (ast_test_flag(&p->flags[0], SIP_SENDRPID_PAI)) {
- if ((lid_pres & AST_PRES_RESTRICTION) != AST_PRES_ALLOWED) {
- ast_str_set(&tmp, -1, "%s", anonymous_string);
+ if (ast_test_flag(&p->flags[1], SIP_PAGE2_TRUST_ID_OUTBOUND) != SIP_PAGE2_TRUST_ID_OUTBOUND_LEGACY) {
+ /* trust_id_outbound = yes - Always give full information even if it's private, but append a privacy header
+ * When private data is included */
+ ast_str_set(&tmp, -1, "\"%s\" <sip:%s@%s>", lid_name, lid_num, fromdomain);
+ if ((lid_pres & AST_PRES_RESTRICTION) != AST_PRES_ALLOWED) {
+ add_header(req, "Privacy", "id");
+ }
} else {
- ast_str_set(&tmp, -1, "\"%s\" <sip:%s@%s>", lid_name, lid_num, fromdomain);
+ /* trust_id_outbound = legacy - behave in a non RFC-3325 compliant manner and send anonymized data when
+ * when handling private data. */
+ if ((lid_pres & AST_PRES_RESTRICTION) == AST_PRES_ALLOWED) {
+ ast_str_set(&tmp, -1, "\"%s\" <sip:%s@%s>", lid_name, lid_num, fromdomain);
+ } else {
+ ast_str_set(&tmp, -1, "%s", anonymous_string);
+ }
}
add_header(req, "P-Asserted-Identity", ast_str_buffer(tmp));
} else {
@@ -17867,6 +17891,18 @@
return map_x_s(allowoverlapstr, mode, "<error>");
}
+static const struct _map_x_s trust_id_outboundstr[] = {
+ { SIP_PAGE2_TRUST_ID_OUTBOUND_LEGACY, "Legacy" },
+ { SIP_PAGE2_TRUST_ID_OUTBOUND_NO, "No" },
+ { SIP_PAGE2_TRUST_ID_OUTBOUND_YES, "Yes" },
+ { -1, NULL }, /* terminator */
+};
+
+static const char *trust_id_outbound2str(int mode)
+{
+ return map_x_s(trust_id_outboundstr, mode, "<error>");
+}
+
/*! \brief Destroy disused contexts between reloads
Only used in reload_config so the code for regcontext doesn't get ugly
*/
@@ -18421,6 +18457,7 @@
ast_cli(fd, " Ign SDP ver : %s\n", AST_CLI_YESNO(ast_test_flag(&peer->flags[1], SIP_PAGE2_IGNORESDPVERSION)));
ast_cli(fd, " Trust RPID : %s\n", AST_CLI_YESNO(ast_test_flag(&peer->flags[0], SIP_TRUSTRPID)));
ast_cli(fd, " Send RPID : %s\n", AST_CLI_YESNO(ast_test_flag(&peer->flags[0], SIP_SENDRPID)));
+ ast_cli(fd, " TrustIDOutbnd: %s\n", trust_id_outbound2str(ast_test_flag(&peer->flags[1], SIP_PAGE2_TRUST_ID_OUTBOUND)));
ast_cli(fd, " Subscriptions: %s\n", AST_CLI_YESNO(ast_test_flag(&peer->flags[1], SIP_PAGE2_ALLOWSUBSCRIBE)));
ast_cli(fd, " Overlap dial : %s\n", allowoverlap2str(ast_test_flag(&peer->flags[1], SIP_PAGE2_ALLOWOVERLAP)));
if (peer->outboundproxy)
@@ -28083,6 +28120,19 @@
} else if (!strcasecmp(v->name, "rpid_immediate")) {
ast_set_flag(&mask[1], SIP_PAGE2_RPID_IMMEDIATE);
ast_set2_flag(&flags[1], ast_true(v->value), SIP_PAGE2_RPID_IMMEDIATE);
+ } else if (!strcasecmp(v->name, "trust_id_outbound")) {
+ ast_set_flag(&mask[1], SIP_PAGE2_TRUST_ID_OUTBOUND);
+ ast_clear_flag(&flags[1], SIP_PAGE2_TRUST_ID_OUTBOUND);
+ if (!strcasecmp(v->value, "legacy")) {
+ ast_set_flag(&flags[1], SIP_PAGE2_TRUST_ID_OUTBOUND_LEGACY);
+ } else if (ast_true(v->value)) {
+ ast_set_flag(&flags[1], SIP_PAGE2_TRUST_ID_OUTBOUND_YES);
+ } else if (ast_false(v->value)) {
+ ast_set_flag(&flags[1], SIP_PAGE2_TRUST_ID_OUTBOUND_NO);
+ } else {
+ ast_log(LOG_WARNING, "Unknown trust_id_outbound mode '%s' on line %d, using legacy\n", v->value, v->lineno);
+ ast_set_flag(&flags[1], SIP_PAGE2_TRUST_ID_OUTBOUND_LEGACY);
+ }
} else if (!strcasecmp(v->name, "g726nonstandard")) {
ast_set_flag(&mask[0], SIP_G726_NONSTANDARD);
ast_set2_flag(&flags[0], ast_true(v->value), SIP_G726_NONSTANDARD);
Modified: team/oej/teapot-1.8/channels/sip/include/sip.h
URL: http://svnview.digium.com/svn/asterisk/team/oej/teapot-1.8/channels/sip/include/sip.h?view=diff&rev=412879&r1=412878&r2=412879
==============================================================================
--- team/oej/teapot-1.8/channels/sip/include/sip.h (original)
+++ team/oej/teapot-1.8/channels/sip/include/sip.h Tue Apr 22 03:23:28 2014
@@ -354,6 +354,11 @@
#define SIP_PAGE2_USE_SRTP (1 << 29) /*!< DP: Whether we should offer (only) SRTP */
#define SIP_PAGE2_ALLOW_CN (1 << 30) /*!< DP: If we allow Comfort Noise generation */
+#define SIP_PAGE2_TRUST_ID_OUTBOUND (3 << 30) /*!< DP: Do we trust the peer with private presence information? */
+#define SIP_PAGE2_TRUST_ID_OUTBOUND_LEGACY (0 << 30) /*!< Legacy, Do not provide private presence information, but include PAI/RPID when private */
+#define SIP_PAGE2_TRUST_ID_OUTBOUND_NO (1 << 30) /*!< No, Do not provide private presence information, do not include PAI/RPID when private */
+#define SIP_PAGE2_TRUST_ID_OUTBOUND_YES (2 << 30) /*!< Yes, provide private presence information in PAI/RPID headers */
+
#define SIP_PAGE2_FLAGS_TO_COPY \
(SIP_PAGE2_ALLOWSUBSCRIBE | SIP_PAGE2_ALLOWOVERLAP | SIP_PAGE2_IGNORESDPVERSION | \
SIP_PAGE2_VIDEOSUPPORT | SIP_PAGE2_T38SUPPORT | SIP_PAGE2_RFC2833_COMPENSATE | \
@@ -361,7 +366,7 @@
SIP_PAGE2_UDPTL_DESTINATION | SIP_PAGE2_VIDEOSUPPORT_ALWAYS | SIP_PAGE2_PREFERRED_CODEC | \
SIP_PAGE2_RPID_IMMEDIATE | SIP_PAGE2_RPID_UPDATE | SIP_PAGE2_SYMMETRICRTP |\
SIP_PAGE2_Q850_REASON | SIP_PAGE2_HAVEPEERCONTEXT | SIP_PAGE2_USE_SRTP |\
- SIP_PAGE2_ALLOW_CN )
+ SIP_PAGE2_ALLOW_CN | SIP_PAGE2_TRUST_ID_OUTBOUND)
#define SIP_PAGE3_SNOM_AOC (1 << 0) /*!< DPG: Allow snom aoc messages */
Modified: team/oej/teapot-1.8/configs/sip.conf.sample
URL: http://svnview.digium.com/svn/asterisk/team/oej/teapot-1.8/configs/sip.conf.sample?view=diff&rev=412879&r1=412878&r2=412879
==============================================================================
--- team/oej/teapot-1.8/configs/sip.conf.sample (original)
+++ team/oej/teapot-1.8/configs/sip.conf.sample Tue Apr 22 03:23:28 2014
@@ -350,6 +350,17 @@
; transmit such UPDATE messages to it, then you must enable this option.
; Otherwise, we will have to wait until we can send a reinvite to
; transmit the information.
+;trust_id_outbound = no ; Controls whether or not we trust this peer with private identity
+ ; information (when the remote party has callingpres=prohib or equivalent).
+ ; no - RPID/PAI headers will not be included for private peer information
+ ; yes - RPID/PAI headers will include the private peer information. Privacy
+ ; requirements will be indicated in a Privacy header for sendrpid=pai
+ ; legacy - RPID/PAI will be included for private peer information. In the
+ ; case of sendrpid=pai, private data that would be included in them
+ ; will be anonymized. For sendrpid=rpid, private data may be included
+ ; but the remote party's domain will be anonymized. The way legacy
+ ; behaves may violate RFC-3325, but it follows historic behavior.
+ ; This option is set to 'legacy' by default
;prematuremedia=no ; Some ISDN links send empty media frames before
; the call is in ringing or progress state. The SIP
; channel will then send 183 indicating early media
@@ -1187,6 +1198,7 @@
; autoframing
; insecure
; trustrpid
+; trust_id_outbound
; progressinband
; promiscredir
; useclientcode
@@ -1354,7 +1366,8 @@
;allow=g723.1 ; Asterisk only supports g723.1 pass-thru!
;allow=g729 ; Pass-thru only unless g729 license obtained
;callingpres=allowed_passed_screen ; Set caller ID presentation
- ; See README.callingpres for more information
+ ; See function CALLERPRES documentation for possible
+ ; values.
;[xlite1]
; Turn off silence suppression in X-Lite ("Transmit Silence"=YES)!
Modified: team/oej/teapot-1.8/main/http.c
URL: http://svnview.digium.com/svn/asterisk/team/oej/teapot-1.8/main/http.c?view=diff&rev=412879&r1=412878&r2=412879
==============================================================================
--- team/oej/teapot-1.8/main/http.c (original)
+++ team/oej/teapot-1.8/main/http.c Tue Apr 22 03:23:28 2014
@@ -883,9 +883,25 @@
char *uri, *method;
enum ast_http_method http_method = AST_HTTP_UNKNOWN;
int remaining_headers;
+ struct protoent *p;
if (ast_atomic_fetchadd_int(&session_count, +1) >= session_limit) {
goto done;
+ }
+
+ /* here we set TCP_NODELAY on the socket to disable Nagle's algorithm.
+ * This is necessary to prevent delays (caused by buffering) as we
+ * write to the socket in bits and pieces. */
+ p = getprotobyname("tcp");
+ if (p) {
+ int arg = 1;
+ if( setsockopt(ser->fd, p->p_proto, TCP_NODELAY, (char *)&arg, sizeof(arg) ) < 0 ) {
+ ast_log(LOG_WARNING, "Failed to set TCP_NODELAY on HTTP connection: %s\n", strerror(errno));
+ ast_log(LOG_WARNING, "Some HTTP requests may be slow to respond.\n");
+ }
+ } else {
+ ast_log(LOG_WARNING, "Failed to set TCP_NODELAY on HTTP connection, getprotobyname(\"tcp\") failed\n");
+ ast_log(LOG_WARNING, "Some HTTP requests may be slow to respond.\n");
}
if (!fgets(buf, sizeof(buf), ser->f)) {
Modified: team/oej/teapot-1.8/main/manager.c
URL: http://svnview.digium.com/svn/asterisk/team/oej/teapot-1.8/main/manager.c?view=diff&rev=412879&r1=412878&r2=412879
==============================================================================
--- team/oej/teapot-1.8/main/manager.c (original)
+++ team/oej/teapot-1.8/main/manager.c Tue Apr 22 03:23:28 2014
@@ -5089,7 +5089,7 @@
/* here we set TCP_NODELAY on the socket to disable Nagle's algorithm.
* This is necessary to prevent delays (caused by buffering) as we
- * write to the socket in bits and peices. */
+ * write to the socket in bits and pieces. */
p = getprotobyname("tcp");
if (p) {
int arg = 1;
Modified: team/oej/teapot-1.8/main/tcptls.c
URL: http://svnview.digium.com/svn/asterisk/team/oej/teapot-1.8/main/tcptls.c?view=diff&rev=412879&r1=412878&r2=412879
==============================================================================
--- team/oej/teapot-1.8/main/tcptls.c (original)
+++ team/oej/teapot-1.8/main/tcptls.c Tue Apr 22 03:23:28 2014
@@ -91,7 +91,12 @@
* way resources can be saved, as the process can already terminate or serve another connection).
*/
if ((ret = SSL_shutdown(cookie)) < 0) {
- ast_log(LOG_ERROR, "SSL_shutdown() failed: %d\n", SSL_get_error(cookie, ret));
+ int error = SSL_get_error(cookie, ret);
+ ast_log(LOG_ERROR, "SSL_shutdown() failed: I/O Error\n");
+ if (error == SSL_ERROR_SYSCALL) {
+ } else {
+ ast_log(LOG_ERROR, "SSL_shutdown() failed: %d\n", error);
+ }
}
if (!((SSL*)cookie)->server) {
More information about the asterisk-commits
mailing list