[svn-commits] mmichelson: branch group/issue8824 r151312 - in /team/group/issue8824: ./ app...
SVN commits to the Digium repositories
svn-commits at lists.digium.com
Mon Oct 20 09:30:33 CDT 2008
Author: mmichelson
Date: Mon Oct 20 09:30:33 2008
New Revision: 151312
URL: http://svn.digium.com/view/asterisk?view=rev&rev=151312
Log:
Resolve conflict, reset automerge
Added:
team/group/issue8824/autoconf/
- copied from r151246, trunk/autoconf/
team/group/issue8824/autoconf/acx_pthread.m4
- copied unchanged from r151246, trunk/autoconf/acx_pthread.m4
team/group/issue8824/autoconf/ast_c_compile_check.m4
- copied unchanged from r151246, trunk/autoconf/ast_c_compile_check.m4
team/group/issue8824/autoconf/ast_c_define_check.m4
- copied unchanged from r151246, trunk/autoconf/ast_c_define_check.m4
team/group/issue8824/autoconf/ast_check_gnu_make.m4
- copied unchanged from r151246, trunk/autoconf/ast_check_gnu_make.m4
team/group/issue8824/autoconf/ast_check_mandatory.m4
- copied unchanged from r151246, trunk/autoconf/ast_check_mandatory.m4
team/group/issue8824/autoconf/ast_check_openh323.m4
- copied unchanged from r151246, trunk/autoconf/ast_check_openh323.m4
team/group/issue8824/autoconf/ast_check_pwlib.m4
- copied unchanged from r151246, trunk/autoconf/ast_check_pwlib.m4
team/group/issue8824/autoconf/ast_ext_lib.m4
- copied unchanged from r151246, trunk/autoconf/ast_ext_lib.m4
team/group/issue8824/autoconf/ast_ext_tool_check.m4
- copied unchanged from r151246, trunk/autoconf/ast_ext_tool_check.m4
team/group/issue8824/autoconf/ast_func_fork.m4
- copied unchanged from r151246, trunk/autoconf/ast_func_fork.m4
team/group/issue8824/autoconf/ast_gcc_attribute.m4
- copied unchanged from r151246, trunk/autoconf/ast_gcc_attribute.m4
team/group/issue8824/autoconf/ast_prog_egrep.m4
- copied unchanged from r151246, trunk/autoconf/ast_prog_egrep.m4
team/group/issue8824/autoconf/ast_prog_ld.m4
- copied unchanged from r151246, trunk/autoconf/ast_prog_ld.m4
team/group/issue8824/autoconf/ast_prog_ld_gnu.m4
- copied unchanged from r151246, trunk/autoconf/ast_prog_ld_gnu.m4
team/group/issue8824/autoconf/ast_prog_sed.m4
- copied unchanged from r151246, trunk/autoconf/ast_prog_sed.m4
Removed:
team/group/issue8824/acinclude.m4
Modified:
team/group/issue8824/ (props changed)
team/group/issue8824/apps/app_externalivr.c
team/group/issue8824/bootstrap.sh
team/group/issue8824/channels/chan_sip.c
team/group/issue8824/channels/chan_skinny.c
team/group/issue8824/configure
team/group/issue8824/configure.ac
team/group/issue8824/include/asterisk/tcptls.h
team/group/issue8824/main/config.c
team/group/issue8824/main/http.c
team/group/issue8824/main/manager.c
team/group/issue8824/main/tcptls.c
team/group/issue8824/pbx/pbx_config.c
Propchange: team/group/issue8824/
------------------------------------------------------------------------------
automerge = *
Propchange: team/group/issue8824/
------------------------------------------------------------------------------
Binary property 'branch-1.4-blocked' - no diff available.
Propchange: team/group/issue8824/
------------------------------------------------------------------------------
Binary property 'branch-1.4-merged' - no diff available.
Propchange: team/group/issue8824/
------------------------------------------------------------------------------
--- svnmerge-integrated (original)
+++ svnmerge-integrated Mon Oct 20 09:30:33 2008
@@ -1,1 +1,1 @@
-/trunk:1-150979
+/trunk:1-151311
Modified: team/group/issue8824/apps/app_externalivr.c
URL: http://svn.digium.com/view/asterisk/team/group/issue8824/apps/app_externalivr.c?view=diff&rev=151312&r1=151311&r2=151312
==============================================================================
--- team/group/issue8824/apps/app_externalivr.c (original)
+++ team/group/issue8824/apps/app_externalivr.c Mon Oct 20 09:30:33 2008
@@ -46,6 +46,7 @@
#include "asterisk/app.h"
#include "asterisk/utils.h"
#include "asterisk/tcptls.h"
+#include "asterisk/astobj2.h"
static const char *app = "ExternalIVR";
@@ -419,7 +420,7 @@
}
if (!strncmp(app_args[0], "ivr://", 6)) {
- struct server_args ivr_desc = {
+ struct ast_tcptls_session_args ivr_desc = {
.accept_fd = -1,
.name = "IVR",
};
@@ -438,9 +439,9 @@
}
ast_gethostbyname(hostname, &hp);
- ivr_desc.sin.sin_family = AF_INET;
- ivr_desc.sin.sin_port = htons(port);
- memmove(&ivr_desc.sin.sin_addr.s_addr, hp.hp.h_addr, hp.hp.h_length);
+ ivr_desc.local_address.sin_family = AF_INET;
+ ivr_desc.local_address.sin_port = htons(port);
+ memcpy(&ivr_desc.local_address.sin_addr.s_addr, hp.hp.h_addr, hp.hp.h_length);
ser = ast_tcptls_client_start(&ivr_desc);
if (!ser) {
Modified: team/group/issue8824/bootstrap.sh
URL: http://svn.digium.com/view/asterisk/team/group/issue8824/bootstrap.sh?view=diff&rev=151312&r1=151311&r2=151312
==============================================================================
--- team/group/issue8824/bootstrap.sh (original)
+++ team/group/issue8824/bootstrap.sh Mon Oct 20 09:30:33 2008
@@ -40,7 +40,7 @@
echo "Generating the configure script ..."
-aclocal${MY_AM_VER} 2>/dev/null
+aclocal${MY_AM_VER} -Iautoconf
autoconf${MY_AC_VER}
autoheader${MY_AC_VER}
automake${MY_AM_VER} --add-missing --copy 2>/dev/null
Modified: team/group/issue8824/channels/chan_sip.c
URL: http://svn.digium.com/view/asterisk/team/group/issue8824/channels/chan_sip.c?view=diff&rev=151312&r1=151311&r2=151312
==============================================================================
--- team/group/issue8824/channels/chan_sip.c (original)
+++ team/group/issue8824/channels/chan_sip.c Mon Oct 20 09:30:33 2008
@@ -31,41 +31,8 @@
* ********** IMPORTANT *
* \note TCP/TLS support is EXPERIMENTAL and WILL CHANGE. This applies to configuration
* settings, dialplan commands and dialplans apps/functions
+ * See \ref sip_tcp_tls
*
- * ******** TCP implementation changes needed
- * \todo Fix TCP/TLS handling in dialplan, SRV records, transfers and much more
- * \todo Save TCP/TLS sessions in registry
- * If someone registers a SIPS uri, this forces us to set up a TLS connection back.
- * \todo Add TCP/TLS information to function SIPPEER and SIPCHANINFO
- * \todo If tcpenable=yes, we must open a TCP socket on the same address as the IP for UDP.
- * The tcpbindaddr config option should only be used to open ADDITIONAL ports
- * So we should propably go back to
- * bindaddr= the default address to bind to. If tcpenable=yes, then bind this to both udp and TCP
- * if tlsenable=yes, open TLS port (provided we also have cert)
- * tcpbindaddr = extra address for additional TCP connections
- * tlsbindaddr = extra address for additional TCP/TLS connections
- * udpbindaddr = extra address for additional UDP connections
- * These three options should take multiple IP/port pairs
- * Note: Since opening additional listen sockets is a *new* feature we do not have today
- * the XXXbindaddr options needs to be disabled until we have support for it
- *
- * \todo Be prepared for one outbound and another incoming socket per pvt. This applies
- * specially to communication with other peers (proxies).
- * \todo We need to test TCP sessions with SIP proxies and in regards
- * to the SIP outbound specs.
- * \todo transport=tls was deprecated in RFC3261 and should not be used at all. See section 22.2.2.
- *
- * \todo If the message is smaller than the given Content-length, the request should get a 400 Bad request
- * message. If it's a response, it should be dropped. (RFC 3261, Section 18.3)
- * \todo Since we have had multidomain support in Asterisk for quite a while, we need to support
- * multiple domains in our TLS implementation, meaning one socket and one cert per domain
- * \todo Selection of transport for a request needs to be done after we've parsed all route headers,
- * also considering outbound proxy options.
- * First request: Outboundproxy, routes, (reg contact or URI. If URI doesn't have port: DNS naptr, srv, AAA)
- * Intermediate requests: Outboundproxy(only when forced), routes, contact/uri
- * DNS naptr support is crucial. A SIP uri might lead to a TLS connection.
- * Also note that due to outbound proxy settings, a SIPS uri might have to be sent on UDP (not to recommend though)
- *
*
* ******** General TODO:s
* \todo Better support of forking
@@ -120,6 +87,84 @@
* the sip_hangup() function
*/
+/*! \page sip_tcp_tls SIP TCP and TLS support
+ * The TCP and TLS support is unfortunately implemented in a way that is not
+ * SIP compliant and tested in a SIP infrastructure. We hope to fix this for
+ * at least release 1.6.2. This code was new in 1.6.0 and won't be fixed for
+ * that release, due to the current release policy. Only bugs compared with
+ * the working functionality in 1.4 will be fixed. Bugs in new features will
+ * be fixed in the next release. As 1.6.1 is already in release
+ * candidate mode, there will be a buggy SIP channel in that release too.
+ *
+ * If you have opinions about this release policy, send mail to the asterisk-dev
+ * mailing list.
+ *
+ * \par tcpfixes TCP implementation changes needed
+ * \todo Fix TCP/TLS handling in dialplan, SRV records, transfers and much more
+ * \todo Save TCP/TLS sessions in registry
+ * If someone registers a SIPS uri, this forces us to set up a TLS connection back.
+ * \todo Add TCP/TLS information to function SIPPEER and SIPCHANINFO
+ * \todo If tcpenable=yes, we must open a TCP socket on the same address as the IP for UDP.
+ * The tcpbindaddr config option should only be used to open ADDITIONAL ports
+ * So we should propably go back to
+ * bindaddr= the default address to bind to. If tcpenable=yes, then bind this to both udp and TCP
+ * if tlsenable=yes, open TLS port (provided we also have cert)
+ * tcpbindaddr = extra address for additional TCP connections
+ * tlsbindaddr = extra address for additional TCP/TLS connections
+ * udpbindaddr = extra address for additional UDP connections
+ * These three options should take multiple IP/port pairs
+ * Note: Since opening additional listen sockets is a *new* feature we do not have today
+ * the XXXbindaddr options needs to be disabled until we have support for it
+ *
+ * \todo re-evaluate the transport= setting in sip.conf. This is right now not well
+ * thought of. If a device in sip.conf contacts us via TCP, we should not switch transport,
+ * even if udp is the configured first transport.
+ *
+ * \todo Be prepared for one outbound and another incoming socket per pvt. This applies
+ * specially to communication with other peers (proxies).
+ * \todo We need to test TCP sessions with SIP proxies and in regards
+ * to the SIP outbound specs.
+ * \todo transport=tls was deprecated in RFC3261 and should not be used at all. See section 22.2.2.
+ *
+ * \todo If the message is smaller than the given Content-length, the request should get a 400 Bad request
+ * message. If it's a response, it should be dropped. (RFC 3261, Section 18.3)
+ * \todo Since we have had multidomain support in Asterisk for quite a while, we need to support
+ * multiple domains in our TLS implementation, meaning one socket and one cert per domain
+ * \todo Selection of transport for a request needs to be done after we've parsed all route headers,
+ * also considering outbound proxy options.
+ * First request: Outboundproxy, routes, (reg contact or URI. If URI doesn't have port: DNS naptr, srv, AAA)
+ * Intermediate requests: Outboundproxy(only when forced), routes, contact/uri
+ * DNS naptr support is crucial. A SIP uri might lead to a TLS connection.
+ * Also note that due to outbound proxy settings, a SIPS uri might have to be sent on UDP (not to recommend though)
+ * \todo Default transports are set to UDP, which cause the wrong behaviour when contacting remote
+ * devices directly from the dialplan. UDP is only a fallback if no other method works,
+ * in order to be compatible with RFC2543 (SIP/1.0) devices. For transactions that exceed the
+ * MTU (like INIVTE with video, audio and RTT) TCP should be preferred.
+ *
+ * When dialling unconfigured peers (with no port number) or devices in external domains
+ * NAPTR records MUST be consulted to find configured transport. If they are not found,
+ * SRV records for both TCP and UDP should be checked. If there's a record for TCP, use that.
+ * If there's no record for TCP, then use UDP as a last resort. If there's no SRV records,
+ * \note this only applies if there's no outbound proxy configured for the session. If an outbound
+ * proxy is configured, these procedures might apply for locating the proxy and determining
+ * the transport to use for communication with the proxy.
+ * \par Other bugs to fix ----
+ * __set_address_from_contact(const char *fullcontact, struct sockaddr_in *sin, int tcp)
+ * - sets TLS port as default for all TCP connections, unless other port is given in contact.
+ * parse_register_contact(struct sip_pvt *pvt, struct sip_peer *peer, struct sip_request *req)
+ * - assumes that the contact the UA registers is using the same transport as the REGISTER request, which is
+ * a bad guess.
+ * - Does not save any information about TCP/TLS connected devices, which is a severe BUG, as discussed on the mailing list.
+ * get_destination(struct sip_pvt *p, struct sip_request *oreq)
+ * - Doesn't store the information that we got an incoming SIPS request in the channel, so that
+ * we can require a secure signalling path OUT of Asterisk (on SIP or IAX2). Possibly, the call should
+ * fail on in-secure signalling paths if there's no override in our configuration. At least, provide a
+ * channel variable in the dialplan.
+ * get_refer_info(struct sip_pvt *transferer, struct sip_request *outgoing_req)
+ * - As above, if we have a SIPS: uri in the refer-to header
+ * - Does not check transport in refer_to uri.
+ */
+
/*** MODULEINFO
<depend>chan_local</depend>
***/
@@ -505,7 +550,7 @@
char name[MAXHOSTNAMELEN]; /*!< DNS name of domain/host or IP */
struct sockaddr_in ip; /*!< Currently used IP address and port */
time_t last_dnsupdate; /*!< When this was resolved */
- enum sip_transport transport;
+ enum sip_transport transport;
int force; /*!< If it's an outbound proxy, Force use of this outbound proxy for all outbound requests */
/* Room for a SRV record chain based on the name */
};
@@ -618,7 +663,8 @@
#define SIP_OPT_FROMCHANGE (1 << 17)
#define SIP_OPT_RECLISTINV (1 << 18)
#define SIP_OPT_RECLISTSUB (1 << 19)
-#define SIP_OPT_UNKNOWN (1 << 20)
+#define SIP_OPT_OUTBOUND (1 << 20)
+#define SIP_OPT_UNKNOWN (1 << 21)
/*! \brief List of well-known SIP options. If we get this in a require,
@@ -644,6 +690,8 @@
{ SIP_OPT_JOIN, NOT_SUPPORTED, "join" },
/* Disable the REFER subscription, RFC 4488 */
{ SIP_OPT_NOREFERSUB, NOT_SUPPORTED, "norefersub" },
+ /* SIP outbound - the final NAT battle - draft-sip-outbound */
+ { SIP_OPT_OUTBOUND, NOT_SUPPORTED, "outbound" },
/* RFC3327: Path support */
{ SIP_OPT_PATH, NOT_SUPPORTED, "path" },
/* RFC3840: Callee preferences */
@@ -736,7 +784,7 @@
/*! \brief Standard SIP unsecure port for UDP and TCP from RFC 3261. DO NOT CHANGE THIS */
#define STANDARD_SIP_PORT 5060
-/*! \brief Standard SIP TLS port for sips: from RFC 3261. DO NOT CHANGE THIS */
+/*! \brief Standard SIP TLS port from RFC 3261. DO NOT CHANGE THIS */
#define STANDARD_TLS_PORT 5061
/*! \note in many SIP headers, absence of a port number implies port 5060,
@@ -1848,11 +1896,11 @@
/* --- Sockets and networking --------------*/
-/*! \brief Main socket for SIP communication.
+/*! \brief Main socket for UDP SIP communication.
*
* sipsock is shared between the SIP manager thread (which handles reload
- * requests), the io handler (sipsock_read()) and the user routines that
- * issue writes (using __sip_xmit()).
+ * requests), the udp io handler (sipsock_read()) and the user routines that
+ * issue udp writes (using __sip_xmit()).
* The socket is -1 only when opening fails (this is a permanent condition),
* or when we are handling a reload() that changes its address (this is
* a transient situation during which we might have a harmless race, see
@@ -2068,6 +2116,7 @@
static void ast_quiet_chan(struct ast_channel *chan);
static int attempt_transfer(struct sip_dual *transferer, struct sip_dual *target);
static int do_magic_pickup(struct ast_channel *channel, const char *extension, const char *context);
+
/*!
* \brief generic function for determining if a correct transport is being
* used to contact a peer
@@ -2380,7 +2429,7 @@
static struct ast_tls_config default_tls_cfg;
/*! \brief The TCP server definition */
-static struct server_args sip_tcp_desc = {
+static struct ast_tcptls_session_args sip_tcp_desc = {
.accept_fd = -1,
.master = AST_PTHREADT_NULL,
.tls_cfg = NULL,
@@ -2391,7 +2440,7 @@
};
/*! \brief The TCP/TLS server definition */
-static struct server_args sip_tls_desc = {
+static struct ast_tcptls_session_args sip_tls_desc = {
.accept_fd = -1,
.master = AST_PTHREADT_NULL,
.tls_cfg = &sip_tls_cfg,
@@ -2545,7 +2594,7 @@
we receive is not the same - we should generate an error */
req.socket.ser = ser;
- handle_request_do(&req, &ser->requestor);
+ handle_request_do(&req, &ser->remote_address);
}
cleanup:
@@ -2589,7 +2638,7 @@
static struct sip_peer *ref_peer(struct sip_peer *peer, char *tag)
{
- ao2_t_ref(peer, 1,tag);
+ ao2_t_ref(peer, 1, tag);
return peer;
}
@@ -3716,6 +3765,8 @@
* \verbatim
* general form we are expecting is sip[s]:username[:password][;parameter]@host[:port][;...]
* \endverbatim
+ *
+ * \todo This function needs to look for ;transport= too
*/
static int parse_uri(char *uri, char *scheme,
char **ret_name, char **pass, char **domain, char **port, char **options)
@@ -7903,7 +7954,15 @@
add_header(req, "Route", r);
}
-/*! \brief Set destination from SIP URI */
+/*! \brief Set destination from SIP URI
+ *
+ * Parse uri to h (host) and port - uri is already just the part inside the <>
+ * general form we are expecting is sip[s]:username[:password][;parameter]@host[:port][;...]
+ * If there's a port given, turn NAPTR/SRV off. NAPTR might indicate SIPS preference even
+ * for SIP: uri's
+ *
+ * If there's a sips: uri scheme, TLS will be required.
+ */
static void set_destination(struct sip_pvt *p, char *uri)
{
char *h, *maddr, hostname[256];
@@ -7911,9 +7970,8 @@
struct hostent *hp;
struct ast_hostent ahp;
int debug=sip_debug_test_pvt(p);
-
- /* Parse uri to h (host) and port - uri is already just the part inside the <> */
- /* general form we are expecting is sip[s]:username[:password][;parameter]@host[:port][;...] */
+ int tls_on = FALSE;
+ int use_dns = global_srvlookup;
if (debug)
ast_verbose("set_destination: Parsing <%s> for address/port to send to\n", uri);
@@ -7924,10 +7982,12 @@
++h;
else {
h = uri;
- if (!strncasecmp(h, "sip:", 4))
+ if (!strncasecmp(h, "sip:", 4)) {
h += 4;
- else if (!strncasecmp(h, "sips:", 5))
+ } else if (!strncasecmp(h, "sips:", 5)) {
h += 5;
+ tls_on = TRUE;
+ }
}
hn = strcspn(h, ":;>") + 1;
if (hn > sizeof(hostname))
@@ -7941,9 +8001,9 @@
/* Parse port */
++h;
port = strtol(h, &h, 10);
- }
- else
- port = STANDARD_SIP_PORT;
+ use_dns = FALSE;
+ } else
+ port = tls_on ? STANDARD_TLS_PORT : STANDARD_SIP_PORT;
/* Got the hostname:port - but maybe there's a "maddr=" to override address? */
maddr = strstr(h, "maddr=");
@@ -7954,6 +8014,8 @@
hn = sizeof(hostname);
ast_copy_string(hostname, maddr, hn);
}
+
+ /*! \todo XXX If we have use_dns on, then look for NAPTR/SRV, otherwise, just look for A records */
hp = ast_gethostbyname(hostname, &ahp);
if (hp == NULL) {
@@ -9794,8 +9856,8 @@
ast_copy_string(to, get_header(&p->initreq, "To"), sizeof(to));
c = get_in_brackets(to);
- if (strncasecmp(c, "sip:", 4) && strncasecmp(c, "sips:", 5)) {
- ast_log(LOG_WARNING, "Huh? Not a SIP header (%s)?\n", c);
+ if (strncasecmp(to, "sip:", 4) && strncasecmp(to, "sips:", 5)) {
+ ast_log(LOG_WARNING, "Huh? Not a SIP header (%s)?\n", to);
return -1;
}
mto = remove_uri_parameters(c);
@@ -10494,6 +10556,7 @@
char referto[256];
char *ttag, *ftag;
char *theirtag = ast_strdupa(p->theirtag);
+ int use_tls=FALSE;
if (sipdebug)
ast_debug(1, "SIP transfer of %s to %s\n", p->callid, dest);
@@ -10512,21 +10575,23 @@
ast_copy_string(from, of, sizeof(from));
of = get_in_brackets(from);
ast_string_field_set(p, from, of);
- if (!strncasecmp(of, "sip:", 4))
+ if (!strncasecmp(of, "sip:", 4)) {
of += 4;
- else if (!strncasecmp(of, "sips:", 5))
+ }else if (!strncasecmp(of, "sips:", 5)) {
of += 5;
- else
- ast_log(LOG_NOTICE, "From address missing 'sip(s):', using it anyway\n");
+ use_tls = TRUE;
+ } else {
+ ast_log(LOG_NOTICE, "From address missing 'sip(s):', assuming sip:\n");
+ }
/* Get just the username part */
if ((c = strchr(dest, '@')))
c = NULL;
else if ((c = strchr(of, '@')))
*c++ = '\0';
if (c)
- snprintf(referto, sizeof(referto), "<sip:%s@%s>", dest, c);
+ snprintf(referto, sizeof(referto), "<sip%s:%s@%s>", use_tls ? "s" : "", dest, c);
else
- snprintf(referto, sizeof(referto), "<sip:%s>", dest);
+ snprintf(referto, sizeof(referto), "<sip%s:%s>", use_tls ? "s" : "", dest);
/* save in case we get 407 challenge */
sip_refer_allocate(p);
@@ -10785,6 +10850,7 @@
char contact_buf[256];
char contact2_buf[256];
char *contact, *contact2;
+ int use_tls = FALSE;
/* Work on a copy */
ast_copy_string(contact_buf, fullcontact, sizeof(contact_buf));
@@ -10803,11 +10869,14 @@
We still need to be able to send to the remote agent through the proxy.
*/
if (tcp) {
- if (parse_uri(contact, "sips:", &contact, NULL, &host, &pt, NULL)) {
+ if (!parse_uri(contact, "sips:", &contact, NULL, &host, &pt, NULL)) {
+ use_tls = TRUE;
+ } else {
if (parse_uri(contact2, "sip:", &contact, NULL, &host, &pt, NULL))
ast_log(LOG_NOTICE, "'%s' is not a valid SIP contact (missing sip:) trying to use anyway\n", contact);
}
port = !ast_strlen_zero(pt) ? atoi(pt) : STANDARD_TLS_PORT;
+ /*! \todo XXX why are we setting TLS port if there's no port given? parse_uri needs to return the transport. */
} else {
if (parse_uri(contact, "sip:", &contact, NULL, &host, &pt, NULL))
ast_log(LOG_NOTICE, "'%s' is not a valid SIP contact (missing sip:) trying to use anyway\n", contact);
@@ -10816,6 +10885,10 @@
/* XXX This could block for a long time XXX */
/* We should only do this if it's a name, not an IP */
+ /* \todo - if there's no PORT number in contact - we are required to check NAPTR/SRV records
+ to find transport, port address and hostname. If there's a port number, we have to
+ assume that the domain part is a host name and only look for an A/AAAA record in DNS.
+ */
hp = ast_gethostbyname(host, &ahp);
if (!hp) {
ast_log(LOG_WARNING, "Invalid host name in Contact: (can't resolve in DNS) : '%s'\n", host);
@@ -10917,6 +10990,12 @@
ast_string_field_build(pvt, our_contact, "<%s>", curi);
/* Make sure it's a SIP URL */
+ /*! \todo This code assumes that the Contact is using the same transport as the
+ REGISTER request. That might not be true at all. You can receive
+ sips: requests over any transport. Needs to be fixed.
+ Does not parse the ;transport uri parameter at this point, which might be handy
+ in some situations.
+ */
if (pvt->socket.type == SIP_TRANSPORT_TLS) {
if (parse_uri(curi, "sips:", &curi, NULL, &host, &pt, NULL)) {
if (parse_uri(curi2, "sip:", &curi, NULL, &host, &pt, NULL))
@@ -10933,6 +11012,7 @@
/* Check that they're allowed to register at this IP */
/* XXX This could block for a long time XXX */
+ /*! \todo Check NAPTR/SRV if we have not got a port in the URI */
hp = ast_gethostbyname(host, &ahp);
if (!hp) {
ast_log(LOG_WARNING, "Invalid host '%s'\n", host);
@@ -10941,7 +11021,7 @@
return PARSE_REGISTER_FAILED;
}
memcpy(&testsin.sin_addr, hp->h_addr, sizeof(testsin.sin_addr));
- if ( ast_apply_ha(global_contact_ha, &testsin) != AST_SENSE_ALLOW ||
+ if (ast_apply_ha(global_contact_ha, &testsin) != AST_SENSE_ALLOW ||
ast_apply_ha(peer->contactha, &testsin) != AST_SENSE_ALLOW) {
ast_log(LOG_WARNING, "Host '%s' disallowed by rule\n", host);
*peer->fullcontact = '\0';
@@ -10949,6 +11029,8 @@
return PARSE_REGISTER_FAILED;
}
+ /*! \todo This could come before the checking of DNS earlier on, to avoid
+ DNS lookups where we don't need it... */
if (!ast_test_flag(&peer->flags[0], SIP_NAT_ROUTE)) {
peer->addr.sin_family = AF_INET;
memcpy(&peer->addr.sin_addr, hp->h_addr, sizeof(peer->addr.sin_addr));
@@ -10976,7 +11058,7 @@
snprintf(data, sizeof(data), "%s:%d:%d:%s:%s", ast_inet_ntoa(peer->addr.sin_addr), ntohs(peer->addr.sin_port), expire, peer->username, peer->fullcontact);
/* Saving TCP connections is useless, we won't be able to reconnect
XXX WHY???? XXX
- \todo check this
+ \todo Fix this immediately.
*/
if (!peer->rt_fromcontact && (peer->socket.type & SIP_TRANSPORT_UDP))
ast_db_put("SIP/Registry", peer->name, data);
@@ -11388,12 +11470,15 @@
* Terminate the uri at the first ';' or space.
* Technically we should ignore escaped space per RFC3261 (19.1.1 etc)
* but don't do it for the time being. Remember the uri format is:
+ * (User-parameters was added after RFC 3261)
*\verbatim
*
- * sip:user:password at host:port;uri-parameters?headers
- * sips:user:password at host:port;uri-parameters?headers
+ * sip:user:password;user-parameters at host:port;uri-parameters?headers
+ * sips:user:password;user-parameters at host:port;uri-parameters?headers
*
*\endverbatim
+ * \todo As this function does not support user-parameters, it's considered broken
+ * and needs fixing.
*/
static char *terminate_uri(char *uri)
{
@@ -11902,6 +11987,10 @@
\return 0 on success (found a matching extension),
1 for pickup extension or overlap dialling support (if we support it),
-1 on error.
+
+ \note If the incoming uri is a SIPS: uri, we are required to carry this across
+ the dialplan, so that the outbound call also is a sips: call or encrypted
+ IAX2 call. If that's not available, the call should FAIL.
*/
static int get_destination(struct sip_pvt *p, struct sip_request *oreq)
{
@@ -12115,7 +12204,12 @@
}
/*! \brief Call transfer support (the REFER method)
- * Extracts Refer headers into pvt dialog structure */
+ * Extracts Refer headers into pvt dialog structure
+ *
+ * \note If we get a SIPS uri in the refer-to header, we're required to set up a secure signalling path
+ * to that extension. As a minimum, this needs to be added to a channel variable, if not a channel
+ * flag.
+ */
static int get_refer_info(struct sip_pvt *transferer, struct sip_request *outgoing_req)
{
@@ -12294,7 +12388,9 @@
}
-/*! \brief Call transfer support (old way, deprecated by the IETF)--*/
+/*! \brief Call transfer support (old way, deprecated by the IETF)
+ * \note does not account for SIPS: uri requirements, nor check transport
+ */
static int get_also_info(struct sip_pvt *p, struct sip_request *oreq)
{
char tmp[256] = "", *c, *a;
@@ -12700,6 +12796,8 @@
of2 = ast_strdupa(of);
/* ignore all fields but name */
+ /*! \todo Samme logical error as in many places above. Need a generic function for this.
+ */
if (p->socket.type == SIP_TRANSPORT_TLS) {
if (parse_uri(of, "sips:", &of, &dummy, &domain, &dummy, &dummy)) {
if (parse_uri(of2, "sip:", &of, &dummy, &domain, &dummy, &dummy))
@@ -13038,8 +13136,8 @@
ast_cli(a->fd, FORMAT2, "Host", "Port", "Transport", "Type");
AST_LIST_LOCK(&threadl);
AST_LIST_TRAVERSE(&threadl, th, list) {
- ast_cli(a->fd, FORMAT, ast_inet_ntoa(th->ser->requestor.sin_addr),
- ntohs(th->ser->requestor.sin_port),
+ ast_cli(a->fd, FORMAT, ast_inet_ntoa(th->ser->remote_address.sin_addr),
+ ntohs(th->ser->remote_address.sin_port),
get_transport(th->type),
(th->ser->client ? "Client" : "Server"));
@@ -14305,16 +14403,16 @@
ast_cli(a->fd, " UDP SIP Port: %d\n", ntohs(bindaddr.sin_port));
ast_cli(a->fd, " UDP Bindaddress: %s\n", ast_inet_ntoa(bindaddr.sin_addr));
ast_cli(a->fd, " TCP SIP Port: ");
- if (sip_tcp_desc.sin.sin_family == AF_INET) {
- ast_cli(a->fd, "%d\n", ntohs(sip_tcp_desc.sin.sin_port));
- ast_cli(a->fd, " TCP Bindaddress: %s\n", ast_inet_ntoa(sip_tcp_desc.sin.sin_addr));
+ if (sip_tcp_desc.local_address.sin_family == AF_INET) {
+ ast_cli(a->fd, "%d\n", ntohs(sip_tcp_desc.local_address.sin_port));
+ ast_cli(a->fd, " TCP Bindaddress: %s\n", ast_inet_ntoa(sip_tcp_desc.local_address.sin_addr));
} else {
ast_cli(a->fd, "Disabled\n");
}
ast_cli(a->fd, " TLS SIP Port: ");
if (default_tls_cfg.enabled != FALSE) {
- ast_cli(a->fd, "%d\n", ntohs(sip_tls_desc.sin.sin_port));
- ast_cli(a->fd, " TLS Bindaddress: %s\n", ast_inet_ntoa(sip_tls_desc.sin.sin_addr));
+ ast_cli(a->fd, "%d\n", ntohs(sip_tls_desc.local_address.sin_port));
+ ast_cli(a->fd, " TLS Bindaddress: %s\n", ast_inet_ntoa(sip_tls_desc.local_address.sin_addr));
} else {
ast_cli(a->fd, "Disabled\n");
}
@@ -15969,7 +16067,12 @@
p->owner->redirecting.reason = reason;
}
-/*! \brief Parse 302 Moved temporalily response */
+/*! \brief Parse 302 Moved temporalily response
+ \todo XXX Doesn't redirect over TLS on sips: uri's.
+ If we get a redirect to a SIPS: uri, this needs to be going back to the
+ dialplan (this is a request for a secure signalling path).
+ Note that transport=tls is deprecated, but we need to support it on incoming requests.
+*/
static void parse_moved_contact(struct sip_pvt *p, struct sip_request *req, char **name, char **number)
{
char contact[SIPBUFSIZE];
@@ -16005,6 +16108,7 @@
else {
if (strncasecmp(trans, "udp", 3))
ast_debug(1, "received contact with an invalid transport, '%s'\n", contact_number);
+ /* This will assume UDP for all unknown transports */
transport = SIP_TRANSPORT_UDP;
}
}
@@ -16419,6 +16523,16 @@
ast_string_field_set(p, theirtag, NULL);
proc_422_rsp(p, req);
break;
+
+ case 428: /* Use identity header - rfc 4474 - not supported by Asterisk yet */
+ xmitres = transmit_request(p, SIP_ACK, seqno, XMIT_UNRELIABLE, FALSE);
+ append_history(p, "Identity", "SIP identity is required. Not supported by Asterisk.");
+ ast_log(LOG_WARNING, "SIP identity required by proxy. SIP dialog '%s'. Giving up.\n", p->callid);
+ if (p->owner)
+ ast_queue_control(p->owner, AST_CONTROL_CONGESTION);
+ break;
+
+
case 487: /* Cancelled transaction */
/* We have sent CANCEL on an outbound INVITE
@@ -20453,9 +20567,9 @@
AST_LIST_LOCK(&threadl);
AST_LIST_TRAVERSE(&threadl, th, list) {
- if ((s->sin_family == th->ser->requestor.sin_family) &&
- (s->sin_addr.s_addr == th->ser->requestor.sin_addr.s_addr) &&
- (s->sin_port == th->ser->requestor.sin_port)) {
+ if ((s->sin_family == th->ser->remote_address.sin_family) &&
+ (s->sin_addr.s_addr == th->ser->remote_address.sin_addr.s_addr) &&
+ (s->sin_port == th->ser->remote_address.sin_port)) {
AST_LIST_UNLOCK(&threadl);
return th->ser;
}
@@ -20470,7 +20584,7 @@
struct sip_socket *s = &p->socket;
static const char name[] = "SIP socket";
struct ast_tcptls_session_instance *ser;
- struct server_args ca = {
+ struct ast_tcptls_session_args ca = {
.name = name,
.accept_fd = -1,
};
@@ -20490,9 +20604,9 @@
return s->fd;
}
- ca.sin = *(sip_real_dst(p));
-
- if ((ser = sip_tcp_locate(&ca.sin))) { /* Check if we have a thread handling a socket connected to this IP/port */
+ ca.remote_address = *(sip_real_dst(p));
+
+ if ((ser = sip_tcp_locate(&ca.remote_address))) { /* Check if we have a thread handling a socket connected to this IP/port */
s->fd = ser->fd;
if (s->ser) {
ao2_ref(s->ser, -1);
@@ -22447,16 +22561,16 @@
}
/* Initialize tcp sockets */
- memset(&sip_tcp_desc.sin, 0, sizeof(sip_tcp_desc.sin));
- memset(&sip_tls_desc.sin, 0, sizeof(sip_tls_desc.sin));
+ memset(&sip_tcp_desc.local_address, 0, sizeof(sip_tcp_desc.local_address));
+ memset(&sip_tls_desc.local_address, 0, sizeof(sip_tls_desc.local_address));
ast_free_ha(global_contact_ha);
global_contact_ha = NULL;
default_tls_cfg.enabled = FALSE; /* Default: Disable TLS */
- sip_tcp_desc.sin.sin_port = htons(STANDARD_SIP_PORT);
- sip_tls_desc.sin.sin_port = htons(STANDARD_TLS_PORT);
+ sip_tcp_desc.local_address.sin_port = htons(STANDARD_SIP_PORT);
+ sip_tls_desc.local_address.sin_port = htons(STANDARD_TLS_PORT);
if (reason != CHANNEL_MODULE_LOAD) {
ast_debug(4, "--------------- SIP reload started\n");
@@ -22691,17 +22805,17 @@
}
}
} else if (!strcasecmp(v->name, "tcpenable")) {
- sip_tcp_desc.sin.sin_family = ast_false(v->value) ? 0 : AF_INET;
+ sip_tcp_desc.local_address.sin_family = ast_false(v->value) ? 0 : AF_INET;
ast_debug(2, "Enabling TCP socket for listening\n");
} else if (!strcasecmp(v->name, "tcpbindaddr")) {
- int family = sip_tcp_desc.sin.sin_family;
- if (ast_parse_arg(v->value, PARSE_INADDR, &sip_tcp_desc.sin))
+ int family = sip_tcp_desc.local_address.sin_family;
+ if (ast_parse_arg(v->value, PARSE_INADDR, &sip_tcp_desc.local_address))
ast_log(LOG_WARNING, "Invalid %s '%s' at line %d of %s\n", v->name, v->value, v->lineno, config);
- sip_tcp_desc.sin.sin_family = family;
+ sip_tcp_desc.local_address.sin_family = family;
ast_debug(2, "Setting TCP socket address to %s\n", v->value);
} else if (!strcasecmp(v->name, "tlsenable")) {
default_tls_cfg.enabled = ast_true(v->value) ? TRUE : FALSE;
- sip_tls_desc.sin.sin_family = AF_INET;
+ sip_tls_desc.local_address.sin_family = AF_INET;
} else if (!strcasecmp(v->name, "tlscertfile")) {
ast_free(default_tls_cfg.certfile);
default_tls_cfg.certfile = ast_strdup(v->value);
@@ -22719,7 +22833,7 @@
} else if (!strcasecmp(v->name, "tlsdontverifyserver")) {
ast_set2_flag(&default_tls_cfg.flags, ast_true(v->value), AST_SSL_DONT_VERIFY_SERVER);
} else if (!strcasecmp(v->name, "tlsbindaddr")) {
- if (ast_parse_arg(v->value, PARSE_INADDR, &sip_tls_desc.sin))
+ if (ast_parse_arg(v->value, PARSE_INADDR, &sip_tls_desc.local_address))
ast_log(LOG_WARNING, "Invalid %s '%s' at line %d of %s\n", v->name, v->value, v->lineno, config);
} else if (!strcasecmp(v->name, "dynamic_exclude_static") || !strcasecmp(v->name, "dynamic_excludes_static")) {
global_dynamic_exclude_static = ast_true(v->value);
@@ -23197,10 +23311,10 @@
/* Start TCP server */
ast_tcptls_server_start(&sip_tcp_desc);
- if (sip_tcp_desc.accept_fd == -1 && sip_tcp_desc.sin.sin_family == AF_INET) {
+ if (sip_tcp_desc.accept_fd == -1 && sip_tcp_desc.local_address.sin_family == AF_INET) {
/* TCP server start failed. Tell the admin */
ast_log(LOG_ERROR, "SIP TCP Server start failed. Not listening on TCP socket.\n");
- sip_tcp_desc.sin.sin_family = 0;
+ sip_tcp_desc.local_address.sin_family = 0;
} else {
ast_debug(2, "SIP TCP server started\n");
}
@@ -23235,12 +23349,12 @@
ast_log(LOG_NOTICE, "Can't add wildcard IP address to domain list, please add IP address to domain manually.\n");
/* If TCP is running on a different IP than UDP, then add it too */
- if (sip_tcp_desc.sin.sin_addr.s_addr && !inaddrcmp(&bindaddr, &sip_tcp_desc.sin))
- add_sip_domain(ast_inet_ntoa(sip_tcp_desc.sin.sin_addr), SIP_DOMAIN_AUTO, NULL);
+ if (sip_tcp_desc.local_address.sin_addr.s_addr && !inaddrcmp(&bindaddr, &sip_tcp_desc.local_address))
+ add_sip_domain(ast_inet_ntoa(sip_tcp_desc.local_address.sin_addr), SIP_DOMAIN_AUTO, NULL);
/* If TLS is running on a differen IP than UDP and TCP, then add that too */
- if (sip_tls_desc.sin.sin_addr.s_addr && !inaddrcmp(&bindaddr, &sip_tls_desc.sin) && inaddrcmp(&sip_tcp_desc.sin, &sip_tls_desc.sin))
- add_sip_domain(ast_inet_ntoa(sip_tls_desc.sin.sin_addr), SIP_DOMAIN_AUTO, NULL);
+ if (sip_tls_desc.local_address.sin_addr.s_addr && !inaddrcmp(&bindaddr, &sip_tls_desc.local_address) && inaddrcmp(&sip_tcp_desc.local_address, &sip_tls_desc.local_address))
+ add_sip_domain(ast_inet_ntoa(sip_tls_desc.local_address.sin_addr), SIP_DOMAIN_AUTO, NULL);
/* Our extern IP address, if configured */
if (externip.sin_addr.s_addr)
Modified: team/group/issue8824/channels/chan_skinny.c
URL: http://svn.digium.com/view/asterisk/team/group/issue8824/channels/chan_skinny.c?view=diff&rev=151312&r1=151311&r2=151312
==============================================================================
--- team/group/issue8824/channels/chan_skinny.c (original)
+++ team/group/issue8824/channels/chan_skinny.c Mon Oct 20 09:30:33 2008
@@ -3827,6 +3827,11 @@
struct skinny_device *d = l->device;
struct ast_variable *v = NULL;
int fmt;
+
+ if (!l->device) {
+ ast_log(LOG_WARNING, "Device for line %s is not registered.\n", l->name);
+ return NULL;
+ }
tmp = ast_channel_alloc(1, state, l->cid_num, l->cid_name, l->accountcode, l->exten, l->context, l->amaflags, "Skinny/%s@%s-%d", l->name, d->name, callnums);
if (!tmp) {
Modified: team/group/issue8824/configure.ac
URL: http://svn.digium.com/view/asterisk/team/group/issue8824/configure.ac?view=diff&rev=151312&r1=151311&r2=151312
==============================================================================
--- team/group/issue8824/configure.ac (original)
+++ team/group/issue8824/configure.ac Mon Oct 20 09:30:33 2008
@@ -1369,7 +1369,7 @@
AST_CHECK_PWLIB_VERSION([PWLib], [PWLIB], [ptbuildopts.h], [1], [9], [2])
if test "${HAS_PWLIB:-unset}" != "unset"; then
- AST_CHECK_OPENH323_PLATFORM()
+ AST_CHECK_PWLIB_PLATFORM()
PLATFORM_PWLIB="pt_${PWLIB_PLATFORM}_r"
Modified: team/group/issue8824/include/asterisk/tcptls.h
URL: http://svn.digium.com/view/asterisk/team/group/issue8824/include/asterisk/tcptls.h?view=diff&rev=151312&r1=151311&r2=151312
==============================================================================
--- team/group/issue8824/include/asterisk/tcptls.h (original)
+++ team/group/issue8824/include/asterisk/tcptls.h Mon Oct 20 09:30:33 2008
@@ -45,12 +45,10 @@
*
*/
-
-#ifndef _ASTERISK_SERVER_H
-#define _ASTERISK_SERVER_H
+#ifndef _ASTERISK_TCPTLS_H
+#define _ASTERISK_TCPTLS_H
#include "asterisk/utils.h"
-#include "asterisk/astobj2.h"
#if defined(HAVE_OPENSSL) && (defined(HAVE_FUNOPEN) || defined(HAVE_FOPENCOOKIE))
#define DO_SSL /* comment in/out if you want to support ssl */
@@ -90,7 +88,7 @@
/*!
* The following code implements a generic mechanism for starting
* services on a TCP or TLS socket.
- * The service is configured in the struct server_args, and
+ * The service is configured in the struct session_args, and
* then started by calling server_start(desc) on the descriptor.
* server_start() first verifies if an instance of the service is active,
* and in case shuts it down. Then, if the service must be started, creates
@@ -105,38 +103,19 @@
* running the session, whose body is desc->worker_fn(). The argument of
* worker_fn() is a struct ast_tcptls_session_instance, which contains the address
* of the other party, a pointer to desc, the file descriptors (fd) on which
- * we can do a select/poll (but NOT IO/, and a FILE *on which we can do I/O.
+ * we can do a select/poll (but NOT I/O), and a FILE *on which we can do I/O.
* We have both because we want to support plain and SSL sockets, and
- * going through a FILE *lets us provide the encryption/decryption
+ * going through a FILE * lets us provide the encryption/decryption
* on the stream without using an auxiliary thread.
- *
- * NOTE: in order to let other parts of asterisk use these services,
[... 925 lines stripped ...]
More information about the svn-commits
mailing list