Integrated STIR/SHAKEN support with incoming INVITES. Upon receiving an
INVITE, the Identity header is retrieved, parsing the message to verify
the signature. If any of the parsing fails,
AST_STIR_SHAKEN_VERIFY_NOT_PRESENT will be added to the channel for this
caller ID. If verification itself fails,
AST_STIR_SHAKEN_VERIFY_SIGNATURE_FAILED will be added. If anything in
the payload does not line up with the SIP signaling,
AST_STIR_SHAKEN_VERIFY_MISMATCH will be added. If all of the above steps
pass, then AST_STIR_SHAKEN_VERIFY_PASSED will be added, completing the
verification process.

A new config option has been added to the general section for
stir_shaken.conf. "signature_timeout" is the amount of time a signature
will be considered valid. If an INVITE is received and the amount of
time between when it was received and when it was signed is greater than
signature_timeout, verification will fail.

Some changes were also made to signing and verification. There was an
error where the whole JSON string was being signed rather than the
header combined with the payload. This has been changed to sign the
correct thing. Verification has been changed to do this as well, and the
unit tests have been updated to reflect these changes.

A couple of utility functions have also been added. One decodes a BASE64
string and returns the decoded string, doing all the length calculations
for you. The other retrieves a string value from a header in a rdata
object.

Change-Id: I855f857be3d1c63b64812ac35d9ce0534085b913

If a frame is written to a channel in a bridge we
would normally queue this frame up and the channel
thread would then act upon it. If this frame had no
stream mapping on the channel it would then be
discarded.

This change adds a check before the queueing occurs
to determine if a mapping exists. If it does not
exist then the frame is not even queued at all. This
stops a frame duplication from happening and from
the channel thread having to wake up and deal with
it.

Change-Id: I17189b9b1dec45fc7e4490e8081d444a25a00bda

In a particular fax gateway scenario whereby it would
have to translate using the read translation path on a
channel the frame being translated would be consumed.
When the frame is in the write path it is not permitted
to free the frame as the caller expects it to continue
to exist.

This change makes it so that the frame is only consumed
on the read path where it is acceptable to free it.

ASTERISK-28900

Change-Id: I011c321288a1b056d92b37c85e229f4a28ee737d

The previous change missed that 'make' uses 'PJPROJECT_BUNDLED' anyway.

ASTERISK-28929

Change-Id: I7ef0e78a06ea391b59d95b99d46bbed3fec4fed9

When writing tx messages to pcap files, Asterisk is using the wrong
pointer resulting in lots of wasted space. This patch fixes it to use
the correct pointer.

ASTERISK-28932 #close

Change-Id: I5b8253dd59a083a2ca2c81f232f1d14d33c6fd23

If the bridge show all command could not get the bridge snapshot, it causes null pointer exception.
Fixed it to check the snapshot is null.

ASTERISK-28920

Change-Id: I3521fc1b832bfc69644d0833f2c78177e1e51f58

What's wrong with ast_debug?

  ast_debug is fine for general purpose debug output but it's not
  really geared for scope tracing since it doesn't present its
  output in a way that makes capturing and analyzing flow through
  Asterisk easy.

How is scope tracing better?

  Scope tracing uses the same "cleanup" attribute that RAII_VAR
  uses to print messages to a separate "trace" log level.  Even
  better, the messages are indented and unindented based on a
  thread-local call depth counter.  When output to a separate log
  file, the output is uncluttered and easy to follow.

  Here's an example of the output. The leading timestamps and
  thread ids are removed and the output cut off at 68 columns for
  commit message restrictions but you get the idea.

--> res_pjsip_session.c:3680 handle_incoming PJSIP/1173-00000001
	--> res_pjsip_session.c:3661 handle_incoming_response PJSIP/1173
		--> res_pjsip_session.c:3669 handle_incoming_response PJSIP/
			--> chan_pjsip.c:3265 chan_pjsip_incoming_response_after
				--> chan_pjsip.c:3194 chan_pjsip_incoming_response P
					    chan_pjsip.c:3245 chan_pjsip_incoming_respon
				<-- chan_pjsip.c:3194 chan_pjsip_incoming_response P
			<-- chan_pjsip.c:3265 chan_pjsip_incoming_response_after
		<-- res_pjsip_session.c:3669 handle_incoming_response PJSIP/
	<-- res_pjsip_session.c:3661 handle_incoming_response PJSIP/1173
<-- res_pjsip_session.c:3680 handle_incoming PJSIP/1173-00000001

  The messages with the "-->" or "<--" were produced by including
  the following at the top of each function:

  SCOPE_TRACE(1, "%s\n", ast_sip_session_get_name(session));

  Scope isn't limited to functions any more than RAII_VAR is.  You
  can also see entry and exit from "if", "for", "while", etc blocks.

  There is also an ast_trace() macro that doesn't track entry or
  exit but simply outputs a message to the trace log using the
  current indent level.  The deepest message in the sample
  (chan_pjsip.c:3245) was used to indicate which "case" in a
  "select" was executed.

How do you use it?

  More documentation is available in logger.h but here's an overview:

  * Configure with --enable-dev-mode.  Like debug, scope tracing
    is #ifdef'd out if devmode isn't enabled.

  * Add a SCOPE_TRACE() call to the top of your function.

  * Set a logger channel in logger.conf to output the "trace" level.

  * Use the CLI (or cli.conf) to set a trace level similar to setting
    debug level... CLI> core set trace 2 res_pjsip.so

Summary Of Changes:

  * Added LOG_TRACE logger level.  Actually it occupies the slot
    formerly occupied by the now defunct "event" level.

  * Added core asterisk option "trace" similar to debug.  Includes
	ability to specify global trace level in asterisk.conf and CLI
	commands to turn on/off and set levels.  Levels can be set
	globally (probably not a good idea), or by module/source file.

  * Updated sample asterisk.conf and logger.conf.  Tracing is
    disabled by default in both.

  * Added __ast_trace() to logger.c which keeps track of the indent
    level using TLS. It's #ifdef'd out if devmode isn't enabled.

  * Added ast_trace() and SCOPE_TRACE() macros to logger.h.
    These are all #ifdef'd out if devmode isn't enabled.

Why not use gcc's -finstrument-functions capability?

  gcc's facility doesn't allow access to local data and doesn't
  operate on non-function scopes.

Known Issues:

  The only know issue is that we currently don't know the line
  number where the scope exited.  It's reported as the same place
  the scope was entered.  There's probably a way to get around it
  but it might involve looking at the stack and doing an 'addr2line'
  to get the line number.  Kind of like ast_backtrace() does.
  Not sure if it's worth it.

Change-Id: Ic5ebb859883f9c10a08c5630802de33500cad027

files

fwrite() does return the number of elements written and not the
number of bytes. However asterisk is currently comparing the return
value to the size of the written element what means that asterisk logs
five WARNING messages on every packet written to the pcap file.

This patch changes the code to check for the correct value, which will
always be 1.

ASTERISK-28921 #close

Change-Id: I2455032d9cb4c5a500692923f9e2a22e68b08fc2

When replacing the user portion of the Contact URI the code
was using the ephemeral pool instead of the tdata pool. This
could cause the Contact user value to become invalid after a
period of time.

The code will now use the tdata pool which persists for the
lifetime of the message instead.

ASTERISK-28794

Change-Id: I31e7b958e397cbdaeedd0ebb70bcf8dd2ed3c4d5

While asterisk is filtering out the x-ast-orig-host parameter from the
contact on response messages, it is not filtering it out from the
request URI and the to header on SIP requests (for example INVITE).

ASTERISK-28884 #close

Change-Id: Id032b33098a1befea9b243ca994184baecccc59e

When bridging channels we were trying to match the audio
formats of both sides in combination with the configured
formats. While this is allowed in SDP in practice this
causes extra reinvites and problems. This change ensures
that audio streams use the formats of the first existing
active audio stream. It is only when other stream types
(like video) exist that this will result in re-negotiation
occurring for those streams only.

ASTERISK-28871

Change-Id: I22f5a3e7db29e00c165e74d05d10856f6086fe47

When a configuration file in Asterisk is loaded
information about it is stored such that on a
reload it is not reloaded if nothing has changed.
This can be problematic when an error exists in
a configuration file in PJSIP since the error
will be output at start and not subsequently on
reload if the file is unchanged.

This change makes it so that if an error is
encountered when res_sorcery_config is loading
a configuration file a reload will always read
in the configuration file, allowing the error
to be seen easier.

Change-Id: If2e05a017570f1f5f4f49120da09601e9ecdf9ed

The flags of a previous selection could have been set within the
object 'srtp', for example, when the previous selection returned
failure after setting just 'some' flags. Now, not to clutter the
code, all possible flags are cleared first, and then the selected
flags are set as before.

ASTERISK-28903

Change-Id: I1b9d7aade7d5120244ce7e3a8865518cbd6e0eee

When receiving audio from a channel we determine if it
is talking or silence based on a threshold value. If
this threshold is met we always mix the audio into the
conference bridge. If this threshold is not met we also
mix the audio into the conference bridge UNLESS the
drop silence option is enabled.

The code that removed the audio from the mixed frame
assumed that it was always not present if it did not
meet the threshold to be considered talking. This is
incorrect. If it has been stated that the audio was
mixed into the mixed frame then it has been mixed into
the mixed frame. By not removing audio that was
considered non-talking it was possible for a channel
to receive a slight echo of audio of itself at times.

This change ensures that the audio is always removed
from the mixed frame going back to the channel so it
no longer receives the slight echo.

ASTERISK-28898

Change-Id: I7b1b582cc1bcdb318ecc60c9d2e3d87ae31d55cb

Added two unit tests, one for signing and another for verifying.
stir_shaken_sign checks to make sure that all the required parameters
are passed in and then signs the actual payload. If a signature is
produced and a payload returned as a result, the test passes.
stir_shaken_verify takes the signature from a signed payload to verify.
This unit test also verifies that all the required information is passed
in, and then attempts to verify the signature. If verification is
successful and a payload is returned, the test passes.

Change-Id: I9fa43380f861ccf710cd0f6b6c102a517c86ea13

The PJSIP packet logger now has the following CLI commands:

pjsip set logger pcap <filename>

When used this will create a pcap file containing the incoming
and outgoing SIP packets, in unencrypted form.

pjsip set logger verbose <on / off>

This allows you to toggle logging to verbose on and off.

pjsip set logger host <IP/subnet mask> add

This allows you to add an additional IP address or subnet
mask to logging, allowing you to log multiple instead of
just a single IP address or all traffic.

The normal "pjsip set logger host" CLI command has also been
expanded to allow subnet masks as well.

ASTERISK-28895

Change-Id: If5859161a72b0d7dd2d1f92d45bed88e0cd07d0e

A warning was triggered that there may be a problem regarding file
extension (which is correct and should not be set anyway). The warning
also appeared if there was dot within the path itself.

E.g.
[sales-queue-hold]
mode=playlist
entry=/var/www/domain.tld/moh/funky_music

The music played correctly but you get a warning message.

Now there will be a check if the position of a potential dot character
is after the last position of a slash character. This dot charachter
will be treated as a extension naming. Dots within the path then ignored.

ASTERISK-28892
Reported-By: Nicholas John Koch

Change-Id: I2ec35a613413affbf5fcc01c8c181eba24865b9e

Added freeifaddrs() for memory releasing.

ASTERISK-28904

Change-Id: I109403866e85a30659351946903a679de9727a8f

This change adds the same variable functionality that
is available for originating a channel to the create
call. Now when creating a channel you can specify
dialplan variables to set instead of having to do another
API call.

ASTERISK-28896

Change-Id: If13997ba818136d7c070585504fc4164378aa992

1. Modify sip_resolve and sip_resolve_callback to request AAAA lookups
   when an IPV6 transport type has been requested.

2. Rename all occurrences of pjsip_transport_get_type_name to
   pjsip_transport_get_type_desc. This ensures that the log/debug info
   shows whether the transport is IPv6 or IPv4.

3. Do not add the constant PJSIP_TRANSPORT_IPV6 to existing transport
   types. This results in invalid values. Use a bitwise or instead.

ASTERISK-26780
Patches:
    pjsip_resolver.c uploaded by Peter Sokolov (License #7070)

Change-Id: I8b1e298f8efa682d0a7644113258fe76d9889c58

Adds the "STIR_SHAKEN" dialplan function and an API call to add a
STIR_SHAKEN verification result to a channel. This information will be
held in a datastore on the channel that can later be queried through the
"STIR_SHAKEN" dialplan funtion to get information on STIR_SHAKEN results
including identity, attestation, and verify_result. Here are some
examples:

STIR_SHAKEN(count)
STIR_SHAKEN(0, identity)
STIR_SHAKEN(1, attestation)
STIR_SHAKEN(2, verify_result)

Getting the count can be used to iterate through the results and pull
information by specifying the index and the field you want to retrieve.

Change-Id: Ice6d52a3a7d6e4607c9c35b28a1f7c25f5284a82

Pjproject makefiles miss some dependencies which can cause race
conditions when building with parallel make processes. This patch
adds such dependencies correctly.

ASTERISK-28879 #close
Reported-by: Dmitry Wagin <dmitry.wagin@ya.ru>

Change-Id: Ie1b0dc365dafe4a84c5248097fe8d73804043c22

Changed source and destination address fields in struct
pjsip_history_entry so that they are long enough to hold an IPv6
address.

ASTERISK-28854

Change-Id: Id65bb9aa961e9ecbcb500815e18170f774e34d3e

ASTERISK-28797

Change-Id: Iab364a2c2519fd9d11d1c28293fda43d61b64c28

Ensure that output buffers for the osp_convert_inout
function have sufficient space for additional data
such as brackets and ports.

ASTERISK-28804

Change-Id: Ie54c8241ff0cc653910539c2db00ff2a4869750b

fork before exec

Posix does only allow async-signal-safe syscalls after fork before exec.
As asterisk ignores this, functions like TrySystem or System sometimes
end up in a deadlocked child process. The patch prevents the use of
non-async-signal-safe syscalls.

ASTERISK-28776

Change-Id: Idc76365c0592ee3f3b3bd72a4f48f7a098978e8e

ast_stream_topology_create_from_format_cap() was setting the
stream->formats directly but not freeing the default formats.  This
causes a memory leak.

* ast_stream_topology_create_from_format_cap() now calls
  ast_stream_set_formats() which properly cleans up the existing
  stream formats.

When cloning a stream, the source stream's format caps _pointer_ is
copied to the new stream and it's reference count bumped.  If
either stream is set to "removed", this will cause _both_ streams
to have their format caps cleared.

* ast_stream_clone() now creates a new format caps object and copies
  the formats from the source stream instead of just copying the
  pointer.

ASTERISK-28870

Change-Id: If697d81c3658eb7baeea6dab413b13423938fb53

Add a new "masquarade" channel event, and use it in app_queue to track unique id's.

Testcase is submitted as https://gerrit.asterisk.org/c/testsuite/+/14210

ASTERISK-28829 #close
ASTERISK-25844 #close

Change-Id: Ifc5f9f9fd70903f3c6e49738d3bc632b085d2df6

These are not provided by standards, and as a result causes failure to
compile on musl.

https://wiki.musl-libc.org/faq.html#Q:-When-compiling-something-against-musl,-I-get-error-messages-about-%3Ccode%3Esys/cdefs.h%3C/code%3E

Change-Id: I6a357cefd106c72cfecafd898638f6b5692c2e05

The configure.m4 script for pjproject contains some += syntax, which
is specific to bash, replacing it with string substitutions makes
the script compatible with traditional Bourne shells.

ASTERISK-28866 #close
Reported-by: Christoph Moench-Tegeder <cmt@FreeBSD.org>

Change-Id: I382a78160e028044598b7da83ec7e1ff42b91c05

Change-Id: Ice5d92ecea2f1101c80487484f48ef98be2f1824

There are a lot of moving parts in this patch, but the focus of it is on
the verification of the signature using a public key located at the
public key URL provided in the JSON payload. First, we check the
database to see if we have already downloaded the key. If so, check to
see if it has expired. If it has, redownload from the URL. If we don't
have an entry in the database, just go ahead and download the public
key. The expiration is tested each time we download the file. After
that, read the public key from the file and use it to verify the
signature. All sanity checking is done when the payload is first
received, so the verification is complete once this point is reached.

The XML has also been added since a new config option was added to
general (curl_timeout). The maximum amount of time to wait for a
download can be configured through this option, with a low value by
default.

Change-Id: I3ba4c63880493bf8c7d17a9cfca1af0e934d1a1c

The gcc 10 -Wrestrict option was causing "overlap" errors when
snprintf was copying one char[256] structure member to another
char[256] member in the same structure.

Using ast_alloca instead of declaring the structure inline
solves the issue.

Here's a link to the "enhancement":
https://gcc.gnu.org/legacy-ml/gcc-patches/2019-10/msg00570.html

We may follow up with a gcc bug report.

Change-Id: Ie0099adcb0a9727bd9aa99e024dd912a67eaf534

In practice it has been seen that some users come
close to our maximum ICE candidate count of 32.
In case people have gone over this increases the
count to 64, giving ample room.

ASTERISK-28859

Change-Id: I35cd68948ec0ada86c14eb53092cdaf8b62996cf

In a Dialplan, the channel drivers 'chan_sip' and 'chan_iax2' support
the channel items 'secure_bridge_media' and 'secure_bridge_signaling'.
That way, a channel can be forced to use encryption even if not
specified in its configuration.

However, when the Local Proxy kicks in, for example, in case of a
forwarding (SIP status 302), Local Proxy stated it does not know those
items. Consequently, such a call could not be proxied how clever your
Dialplan was. Because local calls within Asterisk are always secure,
Local Proxy accepts such a request now.

ASTERISK-22920

Change-Id: I4c143bb70f686790953cc04c5a4b810bbb03636c

Recently code accessing nochecksums variable has been added without including #ifdef SO_NO_CHECK protection, while the variable is created only when such constant is defined.

ASTERISK-28852 #close

Change-Id: I381718893b80599ab8635f2b594a10c1000d595e

While testing the latest RC on FreeBSD I noticed this new file fails to build. On FreeBSD inlcuding resolv.h requires sockaddr_in to be defined, and it's defined in netinet/in.h. So I added this include.

ASTERISK-28853 #close

Change-Id: I6997daf3956e6eb70ab6cb358628d162fad80079

In contrast to RFC 3551, section 4.2, several SIP/RTP clients misbehave
severly (up to crashing). This patch adds another smoother for the audio
received via bt. Therefore the audio frames sent to the core will be
CHANNEL_FRAME_SIZE.

ASTERISK-28832 #close

Change-Id: Ic5f9e2f35868ae59cc9356afbd1388b779a1267f

Since Asterisk 14, app_fax did not compile at all because Asterisk
requires that not malloc but ast_malloc is used everywhere. However,
the system headers of SpanDSP use malloc. Because we cannot (and do
not need to) change system headers, let us ignore this.

ASTERISK-28848

Change-Id: I31f7a6b92a07032c5cef1c16b8901b107fe35546

Some places in Asterisk did not treat the formats on a stream
as immutable when they are.

The ast_stream_get_formats function is now const to enforce this
and parts of Asterisk have been updated to take this into account.
Some violations of this were also fixed along the way.

An additional minor tweak is that streams are now allocated with
an empty format capabilities structure removing the need in various
places to check that one is present on the stream.

ASTERISK-28846

Change-Id: I32f29715330db4ff48edd6f1f359090458a9bfbe