Rather than hard-coding UDP, allow consumers of the HEP API to specify
which protocol is in use. Update the PJSIP provider to pass in the
current protocol type.

ASTERISK-26850 #close

Change-Id: I54bbb0a001cfe4c6a87ad4b6f2014af233349978

We aren't validating that the URI we just parsed is a SIP/SIPS one before
trying to access the user, host, and port members of a possibly uninitialized
structure.

Also update the MessageSend documentation to indicate what 'from' formats are
accepted.

ASTERISK-26484 #close
Reported by: Vinod Dharashive

Change-Id: I476b5cc5f18a7713d0ee945374f2a1c164857d30

We are currently passing in the capacity of the read buffer instead of the
number of bytes that we actually read off the wire.

Change-Id: I60465049727d955c7f9a5e529e6f2aaff04cda36

struct ast_rtcp does not define the dtls member if SRTP is not enabled.

ASTERISK-26732

Change-Id: Id15ea212e04490e012f2cf4a56818b4dd948875e

We were inadvertenly referencing the cos_video option to determine if we
should set the tos_audio and cos_audio value on the RTP instance.

Change-Id: Ia7964f486801d39dc6f5dae570baff079e1595b0

If local_net is not defined on a transport, transport_state->localnet
will be NULL. ast_apply_ha will, be default, return AST_SENSE_ALLOW in
this case, causing the external_media_address, if set, to be skipped.

This patch causes us to only check if we are sending within a network if
local_net is defined.

ASTERISK-26879 #close

Change-Id: Ib661c31a954cabc9c99f1f25c9c9a5c5b82cbbfb

Currently a wildcard address is used for the local RTP socket, which
will not always result in the same address as used by the SIP socket
(e.g. if explicit transport addresses are configured).
Use the transport's host address when binding new local RTP sockets if
available.

ASTERISK-26851

Change-Id: I098c29c9d1f79a4f970d72ba894874ac75954f1a

A new transport parameter 'symmetric_transport' has been added.

When a request from a dynamic contact comes in on a transport with
this option set to 'yes', the transport name will be saved and used
for subsequent outgoing requests like OPTIONS, NOTIFY and INVITE.
It's saved as a contact uri parameter named 'x-ast-txp' and will
display with the contact uri in CLI, AMI, and ARI output.  On the
outgoing request, if a transport wasn't explicitly set on the
endpoint AND the request URI is not a hostname, the saved transport
will be used and the 'x-ast-txp' parameter stripped from the
outgoing packet.

* config_transport was modified to accept and store the new parameter.

* config_transport/transport_apply was updated to store the transport
  name in the pjsip_transport->info field using the pjsip_transport->pool
  on UDP transports.

* A 'multihomed_on_rx_message' function was added to
  pjsip_message_ip_updater that, for incoming requests, retrieves the
  transport name from pjsip_transport->info and retrieves the transport.
  If transport->symmetric_transport is set, an 'x-ast-txp' uri parameter
  containing the transport name is added to the incoming Contact header.

* An 'ast_sip_get_transport_name' function was added to res_pjsip.
  It takes an ast_sip_endpoint and a pjsip_sip_uri and returns a
  transport name if endpoint->transport is set or if there's an
  'x-ast-txp' parameter on the uri and the uri host is an ipv4 or
  ipv6 address.  Otherwise it returns NULL.

* An 'ast_sip_dlg_set_transport' function was added to res_pjsip
  which takes an ast_sip_endpoint, a pjsip_dialog, and an optional
  pjsip_tpselector.  It calls ast_sip_get_transport_name() and if
  a non-NULL is returned, sets the selector and sets the transport
  on the dialog.  If a selector was passed in, it's updated.

* res_pjsip/ast_sip_create_dialog_uac and ast_sip_create_dialog_uas
  were modified to call ast_sip_dlg_set_transport() instead of their
  original logic.

* res_pjsip/create_out_of_dialog_request was modified to call
  ast_sip_get_transport_name() and pjsip_tx_data_set_transport()
  instead of its original logic.

* Existing transport logic was removed from endpt_send_request
  since that can only be called after a create_out_of_dialog_request.

* res_pjsip/ast_sip_create_rdata was converted to a wrapper around
  a new 'ast_sip_create_rdata_with_contact' function which allows
  a contact_uri to be specified in addition to the existing
  parameters.  (See below)

* res_pjsip_pubsub/internal_pjsip_evsub_send_request was eliminated
  since all it did was transport selection and that is now done in
  ast_sip_create_dialog_uac and ast_sip_create_dialog_uas.

* 'contact_uri' was added to subscription_persistence.  This was
  necessary because although the parsed rdata contact header has the
  x-ast-txp parameter added (if appropriate),
  subscription_persistence_update stores the raw packet which
  doesn't have it.  subscription_persistence_recreate was then
  updated to call ast_sip_create_rdata_with_contact with the
  persisted contact_uri so the recreated subscription has the
  correct transport info to send the NOTIFYs.

* res_pjsip_session/internal_pjsip_inv_send_msg was eliminated since
  all it did was transport selection and that is now done in
  ast_sip_create_dialog_uac.

* pjsip_message_ip_updater/multihomed_on_tx_message was updated
  to remove all traces of the x-ast-txp parameter from the
  outgoing headers.

NOTE:  This change does NOT modify the behavior of permanent
contacts specified on an aor.  To do so would require that the
permanent contact's contact uri be updated with the x-ast-txp
parameter and the aor sorcery object updated.  If we need to
persue this, we need to think about cloning permanent contacts into
the same store as the dynamic ones on an aor load so they can be
updated without disturbing the originally configured value.

You CAN add the x-ast-txp parameter to a permanent contact's uri
but it would be much simpler to just set endpoint->transport.

Change-Id: I4ee1f51473da32ca54b877cd158523efcef9655f

This change removes an assumption that when DTLS is stopped
an RTCP session will be present on the RTP session. This is not
always the case.

ASTERISK-26732

Change-Id: Ib9f7c09ce0b005efe362dbcc8795202b18f94611

This commit adds support for RFC 5761: Multiplexing RTP Data and Control
Packets on a Single Port. Specifically, it enables the feature when
using chan_pjsip.

A new option, "rtcp_mux" has been added to endpoint configuration in
pjsip.conf. If set, then Asterisk will attempt to use rtcp-mux with
whatever it communicates with. Asterisk follows the rules set forth in
RFC 5761 with regards to falling back to standard RTCP behavior if the
far end does not indicate support for rtcp-mux.

The lion's share of the changes in this commit are in
res_rtp_asterisk.c. This is because it was pretty much hard wired to
have an RTP and an RTCP transport. The strategy used here is that when
rtcp-mux is enabled, the current RTCP transport and its trappings (such
as DTLS SSL session) are freed, and the RTCP session instead just
mooches off the RTP session. This leads to a lot of specialized if
statements throughout.

ASTERISK-26732 #close
Reported by Dan Jenkins

Change-Id: If46a93ba1282418d2803e3fd7869374da8b77ab5

When transfering to a URI without an extension, ensure that the
s extension of the dialplan is entered

ASTERISK-26869 #close

Change-Id: I07403df66cf93f09e00a40ab5b41bfc6f72b1525

This change ensures that if no header_match option is set on an
identify an error message is not output stating the option is set
to an invalid value.

ASTERISK-26863

Change-Id: I239bc6d2319dd3da24ba96a38d4d6e9b5526d62a

This patch adds a new features to the endpoint identifier module,
'match_header'. When set, inbound requests are matched by a provided SIP
header: value pair. This option works in conjunction with the existing
'match' configuration option, such that if any 'match*' attribute
matches an inbound request, the request is associated with the specified
endpoint.

Since this module now identifies by more than just IP address,
appropriate renaming of the module and/or variables can be done in a
non-release branch.

ASTERISK-26863 #close

Change-Id: Icfc14835c962f92e35e67bbdb235cf0589de5453
(cherry picked from commit 30f52d79)

* Added additional fields to ast_sdp_options.
* Re-organized ast_sdp.
* Updated field names to correspond to RFC4566 terminology.
* Created allocs/frees for SDP children.
* Created getters/setters for SDP children where appropriate.
* Added ast_sdp_create_from_state.
* Refactored res_sdp_translator_pjmedia for changes.

Change-Id: Iefbd877af7f5a4d3c74deead1bff8802661b0d48

Tabs > spaces. Always.

Change-Id: I899ff662361c7ab0327173bd7851a67b53dd65f1

* res_musiconhold.c: Ensure the general section is not treated as
a moh class.

ASTERISK-26353 #close

Change-Id: Ia3dbd11ea2b43ab3e6c820a9827811dd24bea82d

This change adds a PJSIP patch (which has been contributed upstream)
to allow the registration of IPv6 transport types.

Using this the res_pjsip_transport_websocket module now registers
an IPv6 Websocket transport and uses it for the corresponding
traffic.

ASTERISK-26685

Change-Id: Id1f9126f995b31dc38db8fdb58afd289b4ad1647

When doing some WebRTC testing, I found that the websocket would
disconnect whenever I attempted to place a call into Asterisk. After
looking into it, I pinpointed the problem to be due to the iostreams
change being merged in.

Under certain circumstances, a call to ast_iostream_read() can return a
negative value. However, in this circumstance, the websocket code was
treating this negative return as if it were a partial read from the
websocket. The expected length would get adjusted by this negative
value, resulting in the expected length being too large.

This patch simply adds an if check to be sure that we are only updating
the expected length of a read when the return from a read is positive.

ASTERISK-26842 #close
Reported by Mark Michelson

Change-Id: Ib4423239828a013d27d7bc477d317d2f02db61ab

According to the RFC[1] WSS should only be used in the Via header
for secure Websockets.

* Use WSS in Via for secure transport.

* Only register one transport with the WS name because it would be
ambiguous.  Outgoing requests may try to find the transport by name and
pjproject only finds the first one registered.  This may mess up unsecure
websockets but the impact should be minimal.  Firefox and Chrome do not
support anything other than secure websockets anymore.

* Added and updated some debug messages concerning websockets.

* security_events.c: Relax case restriction when determining security
transport type.

* The res_pjsip_nat module has been updated to not touch the transport
on Websocket originating messages.

[1] https://tools.ietf.org/html/rfc7118

ASTERISK-26796 #close

Change-Id: Ie3a0fb1a41101a4c1e49d875a8aa87b189e7ab12

res_config_pgsql should match the behavior of other realtime backend
drivers so that queue_log can disable adaptive logging.

ASTERISK-25628 #close
Reported by: Dmitry Wagin

Change-Id: Ic1fb1600c7ce10fdfb1bcdc43c5576b7e0014372

The find_table() functions NULL or a locked table pointer. We are
not consistently calling release_table() in failure paths.

Change-Id: I6f665b455799c84b036e5b34904b82b05eab9544

When a subscription was being recreated and the endpoint wasn't
found, we were trying to unref the endpoint.  This was causing
FRACKs.  Removed the unref.

ASTERISK-26823 #close

Change-Id: If86d2aecff8fe853c7f38a1bfde721fcef3cd164

This change fixes an assumption in res_pjsip that a contact will
always have a status. There is a race condition where this is
not true and would crash. The status will now be unknown when
this situation occurs.

ASTERISK-26623 #close

Change-Id: Id52d3ca4d788562d236da49990a319118f8d22b5

Outbound registration now subscribes to network change events
published by res_stun_monitor and refreshes all registrations
when an event happens.

The 'pjsip send (un)register' CLI commands were updated to accept
'*all' as an argument to operate on all registrations.

The 'PJSIP(Un)Register' AMI commands were also updated to
accept '*all'.

ASTERISK-26808 #close

Change-Id: Iad58a9e0aa5d340477fca200bf293187a6ca5a25

This change updates the documentation for the outbound_proxy option
to ensure it is consistently stated that a full SIP URI must be
provided for the option.

The res_pjsip_outbound_registration module has also been changed so
that the provided outbound_proxy value is checked to ensure it is a
URI and if not an error is output stating so.

ASTERISK-26782

Change-Id: I6c239a32274846fd44e65b44ad9bf6373479b593

 * Removed all 2.5.5 functional patches.
 * Updated usages of pj_release_pool to be "safe".
 * Updated configure options to disable webrtc.
 * Updated config_site.h to disable webrtc in pjmedia.
 * Added Richard Mudgett's recent resolver patches.

Change-Id: Ib400cc4dfca68b3d07ce14d314e829bfddc252c7

* A missing AST_LIST_UNLOCK() in find_table()

* The ESCAPE_STRING() macro uses pgsqlConn under the hood and we were
  not consistently locking before calling it.

* There were a handful of other places where pgsqlConn was accessed
  directly without appropriate locking.

Change-Id: Iea63f0728f76985a01e95b9912c3c5c6065836ed

The initial motivation for this patch was to properly handle memory
allocation failures - we weren't checking the return values from the
various LDAP library allocation functions.

In the process, because update_ldap() and update2_ldap() were
substantially the same code, they've been consolidated.

Change-Id: Iebcfe404177cc6860ee5087976fe97812221b822

All of the realtime backends create artificial ast_categorys to pass
back into the core as query results. These categories have no filename
or line number information associated with them and the backends differ
slightly on how they create them. So create a couple helper macros to
help make things more consistent.

Also updated the call sites to remove redundant error messages about
memory allocation failure.

Note that res_config_ldap sets the category filename to the 'table name'
but that is not read by anything in the core, so I've dropped it.

Change-Id: I3a1fd91e0c807dea1ce3b643b0a6fe5be9002897

The inbound authentication object is supposed to be immutable when it is
stored in sorcery.  However, the immutable property is violated if the
authentication object does not have a realm set.

The immutable contract violation has a different effect depending upon
what sorcery back end is used.  If it is the config file back end you
would get the same object back until res_pjsip is reloaded.  If it is the
real-time or AstDB back end you would get a new object on each query.  If
it is cached you would get the same object back until it is refreshed from
the database.

Once an inbound authentication object has its realm set it may or may not
get updated again if the default_realm changes.

If the same authentication object is used for inbound and outbound
authentication then the immutable violation can make it very hard to
determine why the outbound authentication now fails.  The only diagnostic
message is a complaint about no realms matching when it had worked
earlier.  It fails because of the difference in behaviour for an empty
realm setting between inbound and outbound authentication objects.

* Fixed the sorcery object immutable violation by creating a new object
and setting the default_realm on it instead.  The new object is a shallow
copy for speed.

* The auth_store thread storage no longer holds an auth ref.  It
interferes with the shallow copy and never needed a ref anyway.

ASTERISK-26799 #close

Change-Id: I2328a52f61b78ed5fbba38180b7f183ee7e08956

There was code attempting to update the artificial authentication object
whenever the default_realm changed.  However, once the artificial
authentication object was created it would never get updated.  The
artificial authentication object would require a system restart for a
change to the default_realm to take effect.

ASTERISK-26799

Change-Id: Id59036e9529c2d3ed728af2ed904dc36e7094802

Using the same auth section for inbound and outbound authentication is not
recommended.  There is a difference in meaning for an empty realm setting
between inbound and outbound authentication uses.

An empty inbound auth realm represents the global section's default_realm
value when the authentication object is used to challenge an incoming
request.  An empty outgoing auth realm is treated as a don't care wildcard
when the authentication object is used to respond to an incoming
authentication challenge.

ASTERISK-26799

Change-Id: Id3952f7cfa1b6683b9954f2c5d2352d2f11059ce

* Removed overloaded unmatched response ignore.  We obviously sent the
request so we shouldn't ignore it because it isn't new work.

ASTERISK-26669
ASTERISK-26738

Change-Id: I55fb5cadc83a8e6699b347c6dc7fa32c5a617d37

When listing a container, we now print the number of objects
in the container at the end of the list.

Change-Id: I791cbc3ee9da9a2af9adc655164b5d32953df812

OpenLDAP will raise an error when we try to delete an LDAP attribute
that doesn't exist. We need to filter out LDAP_MOD_DELETE requests
based on which attributes the current LDAP entry actually has. There
is of course a small window of opportunity for this to still fail,
but it is much less likely now.

Change-Id: I3fe1b04472733e43151563aaf9f8b49980273e6b

Extraneous line numbers were being output in many log messages. These
have been removed.

Change-Id: Ice9efa3d252ee87f37fa8f5ea852fda482675431

The code in update_ldap() and update2_ldap() was using both Asterisk's
memory allocation routines as well as OpenLDAP's. I've changed it so
that everything that is passed to OpenLDAP's functions are allocated
with their routines.

Change-Id: Iafec9c1fd8ea49ccc496d6316769a6a426daa804

The "_general" configuration section allows administrators to provide
both general configuration options (host, port, url, etc.) as well as a
global realtime-to-LDAP-attribute mapping that is a fallback if one of
the later sections do not override it. This neglected to exclude the
general configuration options from the mapping. As an example, during
my testing, chan_sip requested 'port' from realtime, and because I did
not have it defined, it pulled in the 'port' configuration option from
"_general." We now filter those out explicitly.

Change-Id: I1fc61560bf96b8ba623063cfb7e0a49c4690d778

We always treat the first change of our modification batch as a
replacement when it sometimes is actually a delete. So we have to pass
the correct arguments to the OpenLDAP library.

ASTERISK-26580 #close
Reported by: Nicholas John Koch
Patches:
	res_config_ldap.c-11.24.1.patch (license #6833) patch uploaded
	by Nicholas John Koch

Change-Id: I0741d25de07c9539f1edc6eff3696165dfb64fbe

When ast_config_load() fails with CONFIG_STATUS_FILEINVALID, it has
already destroyed the ast_config struct for us. Trying to do it again
results in a crash.

Change-Id: If6a5c0ca718ad428e01a1fb25beb209a9ac18bc6