<p>George Joseph <strong>merged</strong> this change.</p><p><a href="https://gerrit.asterisk.org/8336">View Change</a></p><div style="white-space:pre-wrap">Approvals:
  Jenkins2: Verified
  George Joseph: Looks good to me, approved; Approved for Submit

</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">AST-2018-005: res_pjsip_transport_management:  Move to core<br><br>Since res_pjsip_transport_management provides several attack<br>mitigation features, its functionality moved to res_pjsip and<br>this module has been removed.  This way the features will always<br>be available if res_pjsip is loaded.<br><br>ASTERISK-27618<br>Reported By: Sandro Gauci<br><br>Change-Id: I21a2d33d9dda001452ea040d350d7a075f9acf0d<br>---<br>M CHANGES<br>M UPGRADE.txt<br>M res/res_pjsip.c<br>M res/res_pjsip/include/res_pjsip_private.h<br>R res/res_pjsip/pjsip_transport_management.c<br>5 files changed, 56 insertions(+), 27 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">diff --git a/CHANGES b/CHANGES<br>index 175d0f0..f731b2e 100644<br>--- a/CHANGES<br>+++ b/CHANGES<br>@@ -9,6 +9,17 @@<br> ==============================================================================<br> <br> ------------------------------------------------------------------------------<br>+--- Functionality changes from Asterisk 14.7.5 to Asterisk 14.7.6 ------------<br>+------------------------------------------------------------------------------<br>+<br>+res_pjsip_transport_management<br>+------------------<br>+ * Since res_pjsip_transport_management provides several attack<br>+   mitigation features, its functionality moved to res_pjsip and<br>+   this module has been removed.  This way the features will always<br>+   be available if res_pjsip is loaded.<br>+<br>+------------------------------------------------------------------------------<br> --- Functionality changes from Asterisk 14.6.0 to Asterisk 14.7.0 ------------<br> ------------------------------------------------------------------------------<br> <br>diff --git a/UPGRADE.txt b/UPGRADE.txt<br>index aaf236b..aaaa2f2 100644<br>--- a/UPGRADE.txt<br>+++ b/UPGRADE.txt<br>@@ -22,6 +22,14 @@<br> === UPGRADE-13.txt  -- Upgrade info for 12 to 13<br> ===========================================================<br> <br>+From 14.7.5 to 14.7.6:<br>+<br>+res_pjsip_transport_management:<br>+ - Since res_pjsip_transport_management provides several attack<br>+   mitigation features, its functionality moved to res_pjsip and<br>+   this module has been removed.  This way the features will always<br>+   be available if res_pjsip is loaded.<br>+<br> From 14.6.0 to 14.7.0:<br> <br> Core:<br>diff --git a/res/res_pjsip.c b/res/res_pjsip.c<br>index 0d816a3..0a409a2 100644<br>--- a/res/res_pjsip.c<br>+++ b/res/res_pjsip.c<br>@@ -4674,6 +4674,7 @@<br>                ast_res_pjsip_cleanup_options_handling();<br>             ast_res_pjsip_cleanup_message_filter();<br>               ast_sip_destroy_distributor();<br>+               ast_sip_destroy_transport_management();<br>               ast_res_pjsip_destroy_configuration();<br>                ast_sip_destroy_system();<br>             ast_sip_destroy_global_headers();<br>@@ -4839,6 +4840,11 @@<br>     ast_sip_initialize_resolver();<br>        ast_sip_initialize_dns();<br> <br>+ if (ast_sip_initialize_transport_management()) {<br>+             ast_log(LOG_ERROR, "Failed to initialize SIP transport management. Aborting load\n");<br>+              goto error;<br>+  }<br>+<br>  if (ast_sip_initialize_distributor()) {<br>               ast_log(LOG_ERROR, "Failed to register distributor module. Aborting load\n");<br>               goto error;<br>diff --git a/res/res_pjsip/include/res_pjsip_private.h b/res/res_pjsip/include/res_pjsip_private.h<br>index 5ce3c6f..32a33d8 100644<br>--- a/res/res_pjsip/include/res_pjsip_private.h<br>+++ b/res/res_pjsip/include/res_pjsip_private.h<br>@@ -395,4 +395,32 @@<br>  */<br> int ast_sip_destroy_scheduler(void);<br> <br>+/*!<br>+ * \internal<br>+ * \brief Initialize the transport management module<br>+ * \since 13.20.0<br>+ *<br>+ * The transport management module is responsible for 3 things...<br>+ * 1.  It automatically destroys any reliable transport that does not<br>+ * receive a valid request within system/timer_b milliseconds of the<br>+ * connection being opened. (Attack mitigation)<br>+ * 2.  Since it increments the reliable transport's reference count<br>+ * for that period of time, it also prevents issues if the transport<br>+ * disconnects while we're still trying to process a response.<br>+ *  (Attack mitigation)<br>+ * 3.  If enabled by global/keep_alive_interval, it sends '\r\n'<br>+ * keepalives on reliable transports at the interval specified.<br>+ *<br>+ * \retval -1 Failure<br>+ * \retval 0 Success<br>+ */<br>+int ast_sip_initialize_transport_management(void);<br>+<br>+/*!<br>+ * \internal<br>+ * \brief Destruct the transport management module.<br>+ * \since 13.20.0<br>+ */<br>+void ast_sip_destroy_transport_management(void);<br>+<br> #endif /* RES_PJSIP_PRIVATE_H_ */<br>diff --git a/res/res_pjsip_transport_management.c b/res/res_pjsip/pjsip_transport_management.c<br>similarity index 93%<br>rename from res/res_pjsip_transport_management.c<br>rename to res/res_pjsip/pjsip_transport_management.c<br>index eb92eb7..efda37d 100644<br>--- a/res/res_pjsip_transport_management.c<br>+++ b/res/res_pjsip/pjsip_transport_management.c<br>@@ -16,12 +16,6 @@<br>  * at the top of the source tree.<br>  */<br> <br>-/*** MODULEINFO<br>- <depend>pjproject</depend><br>-       <depend>res_pjsip</depend><br>-       <support_level>core</support_level><br>- ***/<br>-<br> #include "asterisk.h"<br> <br> #include <signal.h><br>@@ -32,6 +26,7 @@<br> #include "asterisk/res_pjsip.h"<br> #include "asterisk/module.h"<br> #include "asterisk/astobj2.h"<br>+#include "include/res_pjsip_private.h"<br> <br> /*! \brief Number of buckets for monitored transports */<br> #define TRANSPORTS_BUCKETS 127<br>@@ -319,11 +314,9 @@<br>         .on_rx_request = idle_monitor_on_rx_request,<br> };<br> <br>-static int load_module(void)<br>+int ast_sip_initialize_transport_management(void)<br> {<br>   struct ao2_container *transports;<br>-<br>- CHECK_PJSIP_MODULE_LOADED();<br> <br>       transports = ao2_container_alloc(TRANSPORTS_BUCKETS, monitored_transport_hash_fn,<br>             monitored_transport_cmp_fn);<br>@@ -356,11 +349,10 @@<br>   ast_sorcery_observer_add(ast_sip_get_sorcery(), "global", &keepalive_global_observer);<br>  ast_sorcery_reload_object(ast_sip_get_sorcery(), "global");<br> <br>-     ast_module_shutdown_ref(ast_module_info->self);<br>    return AST_MODULE_LOAD_SUCCESS;<br> }<br> <br>-static int unload_module(void)<br>+void ast_sip_destroy_transport_management(void)<br> {<br>         if (keepalive_interval) {<br>             keepalive_interval = 0;<br>@@ -381,20 +373,4 @@<br>         sched = NULL;<br> <br>      ao2_global_obj_release(monitored_transports);<br>-<br>-     return 0;<br> }<br>-<br>-static int reload_module(void)<br>-{<br>-        ast_sorcery_reload_object(ast_sip_get_sorcery(), "global");<br>-        return 0;<br>-}<br>-<br>-AST_MODULE_INFO(ASTERISK_GPL_KEY, AST_MODFLAG_LOAD_ORDER, "PJSIP Reliable Transport Management",<br>-        .support_level = AST_MODULE_SUPPORT_CORE,<br>-    .load = load_module,<br>- .reload = reload_module,<br>-     .unload = unload_module,<br>-     .load_pri = AST_MODPRI_CHANNEL_DEPEND - 4,<br>-);<br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/8336">change 8336</a>. To unsubscribe, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/8336"/><meta itemprop="name" content="View Change"/></div></div>

<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: 14 </div>
<div style="display:none"> Gerrit-MessageType: merged </div>
<div style="display:none"> Gerrit-Change-Id: I21a2d33d9dda001452ea040d350d7a075f9acf0d </div>
<div style="display:none"> Gerrit-Change-Number: 8336 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: George Joseph <gjoseph@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: George Joseph <gjoseph@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Jenkins2 </div>