master stir shaken refactor draft #98
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Member
gtjoseph
commented
Dec 12, 2023
gtjoseph
commented
- .github: Fix cherry-pick reminder issues
- app_queue: Add support for applying caller priority change immediately.
- func_export: Use correct function argument as variable name.
- extensions.conf.sample: Remove reference to missing context.
- func_cut: Add example to documentation.
- res_pjsip: Enable TLS v1.3 if present.
- res_prometheus: Do not generate broken metrics
- sig_analog: Allow three-way flash to time out to silence.
- audiohook: Unlock channel in mute if no audiohooks present.
- chan_dahdi: Allow autoreoriginating after hangup.
- core/ari/pjsip: Add refer mechanism
- Prepare master for Asterisk 22
- manager: Tolerate stasis messages with no channel snapshot.
- pjproject_bundled: Increase PJSIP_MAX_MODULE to 38
- res_pjsip_header_funcs: Make prefix argument optional.
- extconfig: Allow explicit DB result set ordering to be disabled.
- res_pjsip.c: Set contact_user on incoming call local Contact header
- install_prereq: Fix dependency install on aarch64.
- .github: Use generic releaser
- Revert "app_stack: Print proper exit location for PBXless channels."
- sig_analog: Add Called Subscriber Held capability.
- main/refer.c: Fix double free in refer_data_destructor + potential leak
- download_externals: Fix a few version related issues
- app_audiosocket: Fixed timeout with -1 to avoid busy loop.
- pbx.c: Fix gcc 12 compiler warning.
- alembic: Fix quoting of the 100rel column
- app_voicemail: Fix for loop declarations
- app_dial: Fix infinite loop when sending digits.
- .github: Update workflow-application-token-action to v2
- res_pjsip_session: Send Session Interval too small response
- ari-stubs: Fix broken documentation anchors
- ari-stubs: Fix more local anchor references
- variables: Add additional variable dialplan functions.
- app_queue: periodic announcement configurable start time.
- chan_rtp: Implement RTP glue for UnicastRTP channels
- safe_asterisk: Change directory permissions to 755
- func_periodic_hook: Don't truncate channel name
- res_speech_aeap: check for null format on response
- res_stasis_recording.c: Save recording state when unmuted.
- func_periodic_hook: Add hangup step to avoid timeout
- make_buildopts_h, et. al. Allow adding all cflags to buildopts.h
- res_pjsip_pubsub: Add body_type to test_handler for unit tests
- res_rtp_asterisk: fix wrong counter management in ioqueue objects
- chan_iax2: Improve authentication debugging.
- file.c: Add ability to search custom dir for sounds
- chan_console: Fix deadlock caused by unclean thread exit.
- cel: add publish user event helper
- res_pjsip_transport_websocket: Prevent transport from being destroyed before message finishes.
- asterisk.c: Use the euid's home directory to read/write cli history
- lock.c: Separate DETECT_DEADLOCKS from DEBUG_THREADS
- codec_builtin: Use multiples of 20 for maximum_ms
- app_voicemail: Disable ADSI if unavailable.
- func_json: Fix crashes for some types
- chan_dahdi: Clarify scope of callgroup/pickupgroup.
- .github: Block PR tests until approved
- Add libjwt to third-party
- res_speech_aeap: add aeap error handling
- res_pjsip: update qualify_timeout documentation with DNS note
- logger.h: Add ability to change the prefix on SCOPE_TRACE output
- .github: Fix job prereqs in PROpenedUpdated
- func_curl.c: Ensure channel is locked when manipulating datastores.
- ari/stasis: Indicate progress before playback on a bridge
- res_stasis: signal when new command is queued
- .github: New PR Submit workflows
- .github: Remove start_version from Releaser
- .github: PRSubmitActions: Fix adding reviewers to PR
- res_pjsip: Expanding PJSIP endpoint ID and relevant resource length to 255 characters
- res_pjsip_exten_state,res_pjsip_mwi: Allow unload on shutdown
- configs: Fix typo in pjsip.conf.sample.
- pjsip_configuration.c: Disable DTLS renegotiation if WebRTC is enabled.
- api.wiki.mustache: Fix indentation in generated markdown
- Update issue guidelines link for bug reports.
- res_pjsip_dtmf_info.c: Add 'INFO' to Allow header.
- res_rtp_asterisk.c: Fix memory leak in ephemeral certificate creation.
- res_speech: allow speech to translate input channel
- res_pjsip: Include cipher limit in config error message.
- bridge_simple: Suppress unchanged topology change requests
- app_queue.c: Emit unpause reason with PauseQueueMember event.
- app_voicemail: Add AMI event for mailbox PIN changes.
- Remove files that are no longer updated
- core_local: Fix local channel parsing with slashes.
- app_directory: Add ADSI support to Directory.
- res_rtp_asterisk.c: Fix runtime issue with LibreSSL
- main/utils: Implement ast_get_tid() for OpenBSD
- ari: Provide the caller ID RDNIS for the channels
- stasis: Update the snapshot after setting the redirect
- chan_dahdi: Warn if nonexistent cadence is requested.
- chan_iax2.c: Ensure all IEs are displayed when dumping frame contents.
- chan_pjsip: Add PJSIPHangup dialplan app and manager action
- doc: Update IP Quality of Service links.
- Remove existing stir/shaken implementation
- Stir/Shaken Refactor DRAFT
The app_queue module provides both an AMI action and a CLI command to change the priority of a caller in a queue. Up to now this change of priority has only been reflected to new callers into the queue. This change adds an "immediate" option to both the AMI action and CLI command which immediately applies the priority change respective to the other callers already in the queue. This can allow, for example, a caller to be placed at the head of the queue immediately if their priority is sufficient. Resolves: #202 UserNote: The 'queue priority caller' CLI command and 'QueueChangePriorityCaller' AMI action now have an 'immediate' argument which allows the caller priority change to be reflected immediately, causing the position of a caller to move within the queue depending on the priorities of the other callers.
c3ff464 removed the [iaxtel700] context but neglected to remove references to it. This commit addresses that and also removes iaxtel and freeworlddialup references from other config files.
This adds an example to the XML documentation clarifying usage of the CUT function to address a common misusage.
Fixes #221 UserNote: res_pjsip now allows TLS v1.3 to be enabled if supported by the underlying PJSIP library. The bundled version of PJSIP supports TLS v1.3.
In 8d6fdf9 invisible bridges were skipped but that lead to producing metrics with no name and no help. Keep track of the number of metrics configured and then only emit these. Add a basic testcase that verifies that there is no '(NULL)' in the output. ASTERISK-30474
sig_analog allows users to flash and use the three-way dial tone as a primitive hold function, simply by never timing it out. Some systems allow this dial tone to time out to silence, so the user is not annoyed by a persistent dial tone. This option allows the dial tone to time out normally to silence. ASTERISK-30004 #close Resolves: #205 UserNote: The threewaysilenthold option now allows the three-way dial tone to time out to silence, rather than continuing forever.
In the case where mute was called on a channel that had no audiohooks the code was not unlocking the channel, resulting in a deadlock. Resolves: #233
Currently, if an FXS channel is still off hook when all calls on the line have hung up, the user is provided reorder tone until going back on hook again. In addition to not reflecting what most commercial switches actually do, it's very common for switches to automatically reoriginate for the user so that dial tone is provided without the user having to depress and release the hookswitch manually. This can increase convenience for users. This behavior is now supported for kewlstart FXS channels. It's supported only for kewlstart (FXOKS) mainly because the behavior doesn't make any sense for ground start channels, and loop start signalling doesn't provide the necessary DAHDI event that makes this easy to implement. Likely almost everyone is using FXOKS over FXOLS anyways since FXOLS is pretty useless these days. ASTERISK-30357 #close Resolves: #224 UserNote: The autoreoriginate setting now allows for kewlstart FXS channels to automatically reoriginate and provide dial tone to the user again after all calls on the line have cleared. This saves users from having to manually hang up and pick up the receiver again before making another call.
This change adds support for refers that are not session based. It includes a refer implementation for the PJSIP technology which results in out-of-dialog REFERs being sent to a PJSIP endpoint. These can be triggered using the new ARI endpoint `/endpoints/refer`. Resolves: #71 UserNote: There is a new ARI endpoint `/endpoints/refer` for referring an endpoint to some URI or endpoint.
In some cases I have yet to determine some stasis messages may be created without a channel snapshot. This change adds some tolerance to this scenario, preventing a crash from occurring.
The default is 32 with 8 being used by pjproject itself. Recent commits have put us over the limit resulting in assertions in pjproject. Since this value is used in invites, dialogs, transports and subscriptions as well as the global pjproject endpoint, we don't want to increase it too much. Resolves: #255
The documentation for PJSIP_HEADERS claims that prefix is optional, but in the code it is actually not. However, there is no inherent reason for this, as users may want to retrieve all header names, not just those beginning with a certain prefix. This makes the prefix optional for this function, simply fetching all header names if not specified. As a result, the documentation is now correct. Resolves: #230 UserNote: The prefix argument to PJSIP_HEADERS is now optional. If not specified, all header names will be returned.
Added a new boolean configuration flag - `order_multi_row_results_by_initial_column` - to both res_pgsql.conf and res_config_odbc.conf that allows the administrator to disable the explicit `ORDER BY` that was previously being added to all generated SQL statements that returned multiple rows. Fixes: #179
If the contact_user is configured on the endpoint it will now be set on the local Contact header URI for incoming calls. The contact_user has already been set on the local Contact header URI for outgoing calls. Resolves: #226
Fixes dependency solutions in install_prereq for Debian aarch64 platforms. install_prereq was attempting to forcibly install 32-bit armhf packages due to the aptitude search for dependencies. Resolves: #37
This reverts commit 617dad4. apps/app_stack.c: Revert buggy gosub patch This seems to break the case when a predial macro calls a gosub. When the gosub calls return, the Return function outputs: app_stack.c:423 return_exec: Return without Gosub: stack is empty This returns -1 to the calling macro, which returns to app_dial and causes the call to hangup instead of proceeding with the macro that invoked the gosub. Resolves: #253
This adds support for Called Subscriber Held for FXS lines, which allows users to go on hook when receiving a call and resume the call later from another phone on the same line, without disconnecting the call. This is a convenience mechanism that most real PSTN telephone switches support. ASTERISK-30372 #close Resolves: #240 UserNote: Called Subscriber Held is now supported for analog FXS channels, using the calledsubscriberheld option. This allows a station user to go on hook when receiving an incoming call and resume from another phone on the same line by going on hook, without disconnecting the call.
* Fixed issue with the script not parsing the new tag format for certified releases. The format changed from certified/18.9-cert5 to certified-18.9-cert5. * Fixed issue where the asterisk version wasn't being considered when looking for cached versions. Resolves: #263
Resolves: asterisk#234
Resolves: #277
Add quoting around the ps_endpoints 100rel column in the ALTER statements. Although alembic doesn't complain when generating sql statements, postgresql does (rightly so). Resolves: #274
Resolve for loop initial declarations added in cli changes. Resolves: #275
If the called party hangs up while digits are being sent, -1 is returned to indicate so, but app_dial was not checking the return value, resulting in the hangup being lost and looping forever until the caller manually hangs up the channel. We now abort if digit sending fails. ASTERISK-29428 #close Resolves: #281
Handle session interval lower than endpoint's configured minimum timer when sending first answer. Timer setting is checked during this step and needs to handled appropriately. Before this change, no response was sent at all. After this change a response with 422 Session Interval too small is sent to UAC.
Per RFC8827:
Implementations MUST NOT implement DTLS renegotiation and MUST
reject it with a "no_renegotiation" alert if offered.
So we disable it when webrtc=yes is set.
Fixes #378
UpgradeNote: The dtls_rekey will be disabled if webrtc support is
requested on an endpoint. A warning will also be emitted.
The '*' list indicator for default values and allowable values for path, query and POST parameters need to be indented 4 spaces instead of 2. Should resolve issue 38 in the documentation repo.
* Allow res_speech to translate the input channel if the format is translatable to a format suppored by the speech provider. Resolves: #129 UserNote: res_speech now supports translation of an input channel to a format supported by the speech provider, provided a translation path is available between the source format and provider capabilites.
If too many ciphers are specified in the PJSIP config, include the maximum number of ciphers that may be specified in the user-facing error message. Resolves: #396
In simple_bridge_join, we were sending topology change requests even when the new and old topologies were the same. In some circumstances, this can cause unnecessary re-invites and even a re-invite flood. We now suppress those. Resolves: #384
This adds an AMI event that is emitted whenever a mailbox password is successfully changed, allowing AMI consumers to process these. UserNote: The VoicemailPasswordChange event is now emitted whenever a mailbox password is updated, containing the mailbox information and the new password. Resolves: #398
Fixes: #360
Currently, trying to call a Local channel with a slash in the extension will fail due to the parsing of characters after such a slash as being dial modifiers. Additionally, core_local is inconsistent and incomplete with its parsing of Local dial strings in that sometimes it uses the first slash and at other times it uses the last. For instance, something like DAHDI/5 or PJSIP/device is a perfectly usable extension in the dialplan, but Local channels in particular prevent these from being called. This creates inconsistent behavior for users, since using a slash in an extension is perfectly acceptable, and using a Goto to accomplish this works fine, but if specified through a Local channel, the parsing prevents this. This fixes this by explicitly parsing options from the last slash in the extension, rather than the first one, which doesn't cause an issue for extensions with slashes. ASTERISK-30013 #close Resolves: #248
This adds optional ADSI support to the Directory application, which allows callers with ADSI CPE to navigate the Directory system significantly faster than is possible using the audio prompts. Callers can see the directory name (and optionally extension) on their screenphone and confirm or reject a match immediately rather than waiting for it to be spelled out, enhancing usability. Resolves: #356
The module will fail to load. Use proper function DTLS_method() with LibreSSL.
Implement the ast_get_tid() function for OpenBSD. OpenBSD supports getting the TID via getthrid().
Provide the caller ID RDNIS when available. This will allow an application to follow the redirect.
The previous commit added the caller_rdnis attribute. Make it avialble during a possible ChanngelHangupRequest.
If attempting to ring a channel using a nonexistent cadence, emit a warning, before falling back to the default cadence. Resolves: #409
When IAX2 debugging was enabled (`iax2 set debug on`), if the last IE in a frame was one that may not have any data - such as the CALLTOKEN IE in an NEW request - it was not getting displayed.
See UserNote below.
Exposed the existing Hangup AMI action in manager.c so we can use
all of it's channel search and AMI protocol handling without
duplicating that code in dialplan_functions.c.
Added a lookup function to res_pjsip.c that takes in the
string represenation of the pjsip_status_code enum and returns
the actual status code. I.E. ast_sip_str2rc("DECLINE") returns
603. This allows the caller to specify PJSIPHangup(decline) in
the dialplan, just like Hangup(call_rejected).
Also extracted the XML documentation to its own file since it was
almost as large as the code itself.
UserNote: A new dialplan app PJSIPHangup and AMI action allows you
to hang up an unanswered incoming PJSIP call with a specific SIP
response code in the 400 -> 699 range.
Fixes #328
To make reviewing the stir/shaken refactor easier, we're going to remove stir/shaken first, then add it back in in the next commit. THIS COMMIT WILL NOT APPEAR IN THE FINAL REFACTOR
THIS IS A DRAFT PR/COMMIT and will not be merged as is. To make
reviewing easier, there's an earlier commit that removes the
existing completely. Otherwise, the review diffs would be an
unfollowable mess of deletions and additions. The final commit
will be a traditional single "update" commit without the removal.
There are also outstanding items that I'm waiting on resolution of.
* Do we need to support the compact form of the Identity PASSporT?
Based on ATIS-10000074, I don't _think_ we do but I'm awaiting
clarification. NOT AT THIS TIME.
* ATIS-10000074 also states that we must not follow redirections or
attempt to retrieve certificates using URLs that have
user:password components or path or query parameters. I still need
to implement that check. DONE.
* RFC-8224 says we must include one or more "mky" Media Key entries
in the PASSporT containing the fingerprints in the SDP if DTLS
is in use. Although this is now implemented, it defaults to
"off" because I can't find any other implementation that respects
them. In fact OpenSIPS will fail to validate any Identity header
that has them.
* Many enums and functions that are private to res_stir_shaken still
have "ast_stir_shaken" prefixes on them. They should be renamed
just for clarity's sake.
* It was my intention to have the stir-shaken internals set error
codes and text responses in the contexts to be passed back to the
outside caller so the caller could decide whether to emit
messages or not. I never got to that and need to either
implement that or remove the associated fields in the contexts
and clean up the error messages.
Things that need to be done ouside this commit:
* Implement dialplan function that allows a dialplan author to
reject a call with a specific SIP response code if they deem it
necessary based on the stir-shaken results passed to them.
DONE
* Add alembic scripts so the configuration can be database based.
* Decide if/how to implement RFC-9090 Certificate Delegation.
* Decide if/how to implement validation of the TNAuthList
extension in certificates. Right now we only validate that
it's present, not its content.
* Decide if/how to implement RFC-8946 Diverted Calls.
* Decide if/how to handle multiple Identity headers.
* Decide if/how to handle passing received identity headers to an
outgoing INVITE.
REAL COMMIT MESSAGE:
Why do we need a refactor?
The original stir/shaken implementation was started over 3 years ago
when little was understood about practical implementation. The
result was an implementation that, until now, wouldn't interoperate
with any other stir-shaken implementations.
There were also a number of stir-shaken features and RFC
requirements that were never implemented such as TNAuthList
certificate validation, sending Reason headers in SIP responses
when verification failed but we wished to continue the call, and
the ability to send Media Key(mky) grants in the Identity header
when the call involved DTLS.
Finally, there were some performance concerns around outgoing
calls and selection of the correct certificate and private key.
The configuration was keyed by an arbitrary name which meant that
for every outgoing call, we had to scan the entire list of
configured TNs to find the correct cert to use. With only a few
TNs configured, this wasn't an issue but if you have a thousand,
it could be.
What's changed?
* Configuration objects have been refactored to be clearer about
their uses and to fix issues.
* The "general" object was renamed to "verification" since it
contains parameters specific to the incoming verification
process. It also never handled ca_path and crl_path
correctly.
* A new "attestation" object was added that controls the
outgoing attestation process. It sets default certificates,
keys, etc.
* The "certificate" object was renamed to "tn" and had it's key
change to telephone number since outgoing call attestation
needs to look up certificates by telephone number.
* The "profile" object had more parameters added to it that can
override default parameters specified in the "attestation"
and "verification" objects.
* The "store" object was removed altogther as it was never
implemented.
* We now use libjwt to create outgoing Identity headers and to
parse and validate signatures on incoming Identiy headers. Our
previous custom implementation was much of the source of the
interoperability issues.
* General code cleanup and refactor.
* Moved things to better places.
* Separated some of the complex functions to smaller ones.
* Using context objects rather than passing tons of parameters
in function calls.
* Removed some complexity and unneeded encapsuation from the
config objects.
UserNote: Asterisk's stir-shaken feature has been refactored to
correct interoperability, RFC compliance, and performance issues.
See https://docs.asterisk.org/Deployment/STIR-SHAKEN for more
information.
UpgradeNote: The stir-shaken refactor is a breaking change but since
it's not working now we don't think it matters. The
stir_shaken.conf file has changed significantly which means that
existing ones WILL need to be changed. The stir_shaken.conf.sample
file in configs/samples/ has quite a bit more information. This is
also an ABI breaking change since some of the existing objects
needed to be changed or removed, and new ones added.
gtjoseph
pushed a commit
to gtjoseph/asterisk-gh-test
that referenced
this pull request
Jun 27, 2024
The Caller ID generation routine currently is hardcoded to always use the system time zone. This makes it possible to optionally specify any TZ-format time zone. Resolves: asterisk#98 ASTERISK-30330
gtjoseph
pushed a commit
to gtjoseph/asterisk-gh-test
that referenced
this pull request
Jun 27, 2024
The Caller ID generation routine currently is hardcoded to always use the system time zone. This makes it possible to optionally specify any TZ-format time zone. Resolves: asterisk#98 ASTERISK-30330
mbradeen
pushed a commit
to mbradeen/asterisk-gh-test
that referenced
this pull request
Nov 4, 2024
The Caller ID generation routine currently is hardcoded to always use the system time zone. This makes it possible to optionally specify any TZ-format time zone. Resolves: asterisk#98 ASTERISK-30330
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.