[Asterisk-code-review] AST-2018-005: res pjsip transport management: Move to core (asterisk[14.7])
George Joseph
asteriskteam at digium.com
Wed Feb 21 09:08:09 CST 2018
George Joseph has uploaded this change for review. ( https://gerrit.asterisk.org/8339
Change subject: AST-2018-005: res_pjsip_transport_management: Move to core
......................................................................
AST-2018-005: res_pjsip_transport_management: Move to core
Since res_pjsip_transport_management provides several attack
mitigation features, its functionality moved to res_pjsip and
this module has been removed. This way the features will always
be available if res_pjsip is loaded.
ASTERISK-27618
Reported By: Sandro Gauci
Change-Id: I21a2d33d9dda001452ea040d350d7a075f9acf0d
---
M CHANGES
M UPGRADE.txt
M res/res_pjsip.c
M res/res_pjsip/include/res_pjsip_private.h
R res/res_pjsip/pjsip_transport_management.c
5 files changed, 56 insertions(+), 27 deletions(-)
git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/39/8339/1
diff --git a/CHANGES b/CHANGES
index 175d0f0..f731b2e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,17 @@
==============================================================================
------------------------------------------------------------------------------
+--- Functionality changes from Asterisk 14.7.5 to Asterisk 14.7.6 ------------
+------------------------------------------------------------------------------
+
+res_pjsip_transport_management
+------------------
+ * Since res_pjsip_transport_management provides several attack
+ mitigation features, its functionality moved to res_pjsip and
+ this module has been removed. This way the features will always
+ be available if res_pjsip is loaded.
+
+------------------------------------------------------------------------------
--- Functionality changes from Asterisk 14.6.0 to Asterisk 14.7.0 ------------
------------------------------------------------------------------------------
diff --git a/UPGRADE.txt b/UPGRADE.txt
index aaf236b..aaaa2f2 100644
--- a/UPGRADE.txt
+++ b/UPGRADE.txt
@@ -22,6 +22,14 @@
=== UPGRADE-13.txt -- Upgrade info for 12 to 13
===========================================================
+From 14.7.5 to 14.7.6:
+
+res_pjsip_transport_management:
+ - Since res_pjsip_transport_management provides several attack
+ mitigation features, its functionality moved to res_pjsip and
+ this module has been removed. This way the features will always
+ be available if res_pjsip is loaded.
+
From 14.6.0 to 14.7.0:
Core:
diff --git a/res/res_pjsip.c b/res/res_pjsip.c
index 0d816a3..0a409a2 100644
--- a/res/res_pjsip.c
+++ b/res/res_pjsip.c
@@ -4674,6 +4674,7 @@
ast_res_pjsip_cleanup_options_handling();
ast_res_pjsip_cleanup_message_filter();
ast_sip_destroy_distributor();
+ ast_sip_destroy_transport_management();
ast_res_pjsip_destroy_configuration();
ast_sip_destroy_system();
ast_sip_destroy_global_headers();
@@ -4839,6 +4840,11 @@
ast_sip_initialize_resolver();
ast_sip_initialize_dns();
+ if (ast_sip_initialize_transport_management()) {
+ ast_log(LOG_ERROR, "Failed to initialize SIP transport management. Aborting load\n");
+ goto error;
+ }
+
if (ast_sip_initialize_distributor()) {
ast_log(LOG_ERROR, "Failed to register distributor module. Aborting load\n");
goto error;
diff --git a/res/res_pjsip/include/res_pjsip_private.h b/res/res_pjsip/include/res_pjsip_private.h
index 5ce3c6f..32a33d8 100644
--- a/res/res_pjsip/include/res_pjsip_private.h
+++ b/res/res_pjsip/include/res_pjsip_private.h
@@ -395,4 +395,32 @@
*/
int ast_sip_destroy_scheduler(void);
+/*!
+ * \internal
+ * \brief Initialize the transport management module
+ * \since 13.20.0
+ *
+ * The transport management module is responsible for 3 things...
+ * 1. It automatically destroys any reliable transport that does not
+ * receive a valid request within system/timer_b milliseconds of the
+ * connection being opened. (Attack mitigation)
+ * 2. Since it increments the reliable transport's reference count
+ * for that period of time, it also prevents issues if the transport
+ * disconnects while we're still trying to process a response.
+ * (Attack mitigation)
+ * 3. If enabled by global/keep_alive_interval, it sends '\r\n'
+ * keepalives on reliable transports at the interval specified.
+ *
+ * \retval -1 Failure
+ * \retval 0 Success
+ */
+int ast_sip_initialize_transport_management(void);
+
+/*!
+ * \internal
+ * \brief Destruct the transport management module.
+ * \since 13.20.0
+ */
+void ast_sip_destroy_transport_management(void);
+
#endif /* RES_PJSIP_PRIVATE_H_ */
diff --git a/res/res_pjsip_transport_management.c b/res/res_pjsip/pjsip_transport_management.c
similarity index 93%
rename from res/res_pjsip_transport_management.c
rename to res/res_pjsip/pjsip_transport_management.c
index eb92eb7..efda37d 100644
--- a/res/res_pjsip_transport_management.c
+++ b/res/res_pjsip/pjsip_transport_management.c
@@ -16,12 +16,6 @@
* at the top of the source tree.
*/
-/*** MODULEINFO
- <depend>pjproject</depend>
- <depend>res_pjsip</depend>
- <support_level>core</support_level>
- ***/
-
#include "asterisk.h"
#include <signal.h>
@@ -32,6 +26,7 @@
#include "asterisk/res_pjsip.h"
#include "asterisk/module.h"
#include "asterisk/astobj2.h"
+#include "include/res_pjsip_private.h"
/*! \brief Number of buckets for monitored transports */
#define TRANSPORTS_BUCKETS 127
@@ -319,11 +314,9 @@
.on_rx_request = idle_monitor_on_rx_request,
};
-static int load_module(void)
+int ast_sip_initialize_transport_management(void)
{
struct ao2_container *transports;
-
- CHECK_PJSIP_MODULE_LOADED();
transports = ao2_container_alloc(TRANSPORTS_BUCKETS, monitored_transport_hash_fn,
monitored_transport_cmp_fn);
@@ -356,11 +349,10 @@
ast_sorcery_observer_add(ast_sip_get_sorcery(), "global", &keepalive_global_observer);
ast_sorcery_reload_object(ast_sip_get_sorcery(), "global");
- ast_module_shutdown_ref(ast_module_info->self);
return AST_MODULE_LOAD_SUCCESS;
}
-static int unload_module(void)
+void ast_sip_destroy_transport_management(void)
{
if (keepalive_interval) {
keepalive_interval = 0;
@@ -381,20 +373,4 @@
sched = NULL;
ao2_global_obj_release(monitored_transports);
-
- return 0;
}
-
-static int reload_module(void)
-{
- ast_sorcery_reload_object(ast_sip_get_sorcery(), "global");
- return 0;
-}
-
-AST_MODULE_INFO(ASTERISK_GPL_KEY, AST_MODFLAG_LOAD_ORDER, "PJSIP Reliable Transport Management",
- .support_level = AST_MODULE_SUPPORT_CORE,
- .load = load_module,
- .reload = reload_module,
- .unload = unload_module,
- .load_pri = AST_MODPRI_CHANNEL_DEPEND - 4,
-);
--
To view, visit https://gerrit.asterisk.org/8339
To unsubscribe, visit https://gerrit.asterisk.org/settings
Gerrit-Project: asterisk
Gerrit-Branch: 14.7
Gerrit-MessageType: newchange
Gerrit-Change-Id: I21a2d33d9dda001452ea040d350d7a075f9acf0d
Gerrit-Change-Number: 8339
Gerrit-PatchSet: 1
Gerrit-Owner: George Joseph <gjoseph at digium.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20180221/f6839686/attachment-0001.html>
More information about the asterisk-code-review
mailing list