From 95935194838dc895d35ef2d828c2a3a50d3e34d0 Mon Sep 17 00:00:00 2001 From: Richard Fuchs Date: Mon, 16 Mar 2015 08:50:05 -0400 Subject: [PATCH 01/24] Leave unsupported (non-RTP) protocols alone when translation is requested Fixes #80 --- daemon/call.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/daemon/call.c b/daemon/call.c index ceb1258bf..d67ad1370 100644 --- a/daemon/call.c +++ b/daemon/call.c @@ -2434,11 +2434,14 @@ int monologue_offer_answer(struct call_monologue *other_ml, GQueue *streams, * but also lets endpoints re-negotiate. */ media->protocol = NULL; } + /* default is to leave the protocol unchanged */ + if (!media->protocol) + media->protocol = other_media->protocol; /* allow override of outgoing protocol even if we know it already */ - if (flags && flags->transport_protocol) + /* but only if this is an RTP-based protocol */ + if (flags && flags->transport_protocol + && other_media->protocol && other_media->protocol->rtp) media->protocol = flags->transport_protocol; - else if (!media->protocol) - media->protocol = other_media->protocol; /* copy parameters advertised by the sender of this message */ bf_copy_same(&other_media->media_flags, &sp->sp_flags, From 2103f4137d855c5e25cdd191927b75b5fbbff090 Mon Sep 17 00:00:00 2001 From: Jenkins User Date: Wed, 18 Mar 2015 14:15:06 +0100 Subject: [PATCH 02/24] Release new version 3.3.0.0+0~mr4.0.0.0 --- debian/changelog | 90 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) diff --git a/debian/changelog b/debian/changelog index 2983b8e55..ffa836f4b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,93 @@ +ngcp-rtpengine (3.3.0.0+0~mr4.0.0.0) unstable; urgency=low + + [ Sergey Lavrov ] + * [bb14eba] Fix %post/%preun directives. + * [fe5e129] Added rtpengine-ctl and dependency to spec file. + + [ Richard Fuchs ] + * [a0068f4] relax sdes key lifetime validation check + * [caba5be] MT#10583 remember the "created from" address in raw format + * [6e32379] MT#10583 support ipv6 control connection in simulator + * [02d27d5] MT#10583 support b2bua callback to sip proxy address + * [43cd3f5] reset other side's crypto params only in passthru mode + * [2af682b] use SSL_CTX_set_read_ahead to fix for openssl 1.0.1k + * [e24253a] move parse_ip(6)_port into aux.h + * [a81588e] provide convenience function get_log_level() + * [37d98ad] dump DTLS cert and keys + * [57c0a84] add locking to totalstats + * [f544471] fix compiler warnings + * [36c7141] change control_ng_stats into a hash and use locking and atomic ops + * [c0b2f3d] fix graphite code not to leak fds in error cases + * [965d989] static'ize graphite global vars + * [7175a26] decrease sleep time of graphite loop + * [3882285] decrease calls to time() in graphite code + * [de37ac0] use TLS buffer array for temporary strings + * [ee4f2d2] convert ilog() into macro + * [411a888] use atomic ops for stats + * [28c6db9] fix references and locking in CLI + * [20fd255] use UINT64F instead of %llu where appropriate + * [3bc1672] more atomic stats, and fix average length calc + * [fedaadd] remove superfluous \n from log messages + * [1e3f06a] split some perl SRTP stuff into module and add debug script + * [deba231] rename an old MP_ variable to RE_ + * [fb9ed6e] use trial & error approach to guess ROC in case of SRTP auth failures + * [f6dee07] fix initial seqnum in simulator + * [787d90f] rename atomic_uint64 to atomic64 for brevity + * [49328cd] implement atomic64 for non-64-bit platforms + * [da6b6a1] fix compiler warning on 32bit + * [ca149e6] "long" can be 32 bits only and may truncate math + * [b023d6c] update redis mod version to 7 + * [adeb0b3] the log rate limiter must take the prefix into account + * [fb667a8] turn tag and termination texts into array lookups + * [d79c68f] remove some unnecessary memsets + * [a5f7315] string handling fixes and improvements + * [037c6aa] shorter locking in stats loop + * [f7a1594] more descriptive warning for failed kernelizing + * [5fa9902] atomic vars should be volatile + * [c21193a] fix byte stats in kernel module + * [c2ff5c3] MT#9935 understand, learn, remember and report RTP payload types (codecs) + * [b586fa7] fix memory leak + * [65b3f66] use atomic64_t for kernel stats + * [4a97bb1] attempt to work around trickle ice + * [b44bb28] segfault fix + * [015b2a9] legacy tcp protocol fix + * [016f8b3] Rework logging a bit (primarily in NG) + * [91a85e6] fix for skewed stats + * [6173a7a] implement atomic bitfield ops + * [1f7c8a2] remove obsolete HAS_HANDLER flag + * [f224bab] segfault fix if no rtpmap attribute is present + * [26ca844] drop support for glib versions older than 2.30 + * [b83e80c] add makefile dependency to itself + * [956d07d] fix erroneously reported 0.0.0.0 address when bridging from ipv6 + * [f99d6d4] implement full ICE support + * [98e0b6d] update for redis plugin + * [0e4e6f2] revamp and move timeval functions + * [26137d2] move thread loop functions out of main.c + * [5fca71d] fix segfault when parsing server reflexive ICE candidates + * [3520617] remove ice-lite mention from readme + * [9593519] Leave unsupported (non-RTP) protocols alone when translation is requested + + [ Eric Tamme ] + * [b8b17bf] clear crypto for BOTH legs when in passthrough mode + * [506076b] add raddr and rport on all non host type candidates per rfc5245 section-15.1 + + [ Carsten Bock ] + * [9a2da87] Fix randomness source for key generation. + + [ Frederic-Philippe Metz ] + * [2ae0e35] Added functionality to report statistics to graphite + * [7446822] Forgot the files .. + * [61a72b1] Added some more statistics. + * [0ccb11a] Added statistics on control ng interface. + * [794709f] Changed retry behaviour for connecting to graphite server. + + [ Michael Prokop ] + * [fca4500] MT#9127 Bump Standards-Version to 3.9.6 + + [ Sipwise Jenkins Builder ] + + -- Sipwise Jenkins Builder Wed, 18 Mar 2015 14:15:06 +0100 + ngcp-rtpengine (3.3.0.0+0~mr3.8.0.0) unstable; urgency=low [ Richard Fuchs ] From 2db33efeccc3ebf05a44c6255f92dae19785a7e4 Mon Sep 17 00:00:00 2001 From: Richard Fuchs Date: Wed, 18 Mar 2015 09:23:13 -0400 Subject: [PATCH 03/24] reset ICE/STUN retransmit data on triggered checks fixes #84 --- daemon/ice.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/daemon/ice.c b/daemon/ice.c index dd5c09495..8119da3e6 100644 --- a/daemon/ice.c +++ b/daemon/ice.c @@ -559,6 +559,7 @@ void ice_init(void) { static void __fail_pair(struct ice_candidate_pair *pair) { ilog(LOG_DEBUG, "Setting ICE candidate pair "PAIR_FORMAT" as failed", PAIR_FMT(pair)); PAIR_SET(pair, FAILED); + PAIR_CLEAR(pair, IN_PROGRESS); } /* agent must NOT be locked, but call must be locked in R */ @@ -869,7 +870,9 @@ static void __trigger_check(struct ice_candidate_pair *pair) { ilog(LOG_DEBUG, "Triggering check for "PAIR_FORMAT, PAIR_FMT(pair)); mutex_lock(&ag->lock); - PAIR_CLEAR(pair, FAILED); + pair->retransmits = 0; + if (PAIR_CLEAR(pair, FAILED)) + PAIR_CLEAR(pair, IN_PROGRESS); if (ag->triggered.length < 4 * MAX_ICE_CANDIDATES && !PAIR_SET(pair, TRIGGERED)) g_queue_push_tail(&ag->triggered, pair); mutex_unlock(&ag->lock); From 20ac7cd5f7da6d26cfdb0d6b489812eee09fd68a Mon Sep 17 00:00:00 2001 From: Richard Fuchs Date: Fri, 20 Mar 2015 11:49:57 -0400 Subject: [PATCH 04/24] process nominating ICE request only once per pair --- daemon/ice.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/daemon/ice.c b/daemon/ice.c index 8119da3e6..4b43ae6b9 100644 --- a/daemon/ice.c +++ b/daemon/ice.c @@ -1081,11 +1081,9 @@ int ice_request(struct packet_stream *ps, struct sockaddr_in6 *src, struct in6_a ret = 0; - if (attrs->use) { + if (attrs->use && !PAIR_SET(pair, NOMINATED)) { ilog(LOG_DEBUG, "ICE pair "PAIR_FORMAT" has been nominated by peer", PAIR_FMT(pair)); - PAIR_SET(pair, NOMINATED); - mutex_lock(&ag->lock); g_tree_insert(ag->nominated_pairs, pair, pair); From eba4414fe9ed14f95782d153d17c46fd9d3f36c5 Mon Sep 17 00:00:00 2001 From: Peter Lemenkov Date: Mon, 23 Mar 2015 13:34:00 +0300 Subject: [PATCH 05/24] Remove BuildRoot This is no longer required even for EL5. Signed-off-by: Peter Lemenkov --- el/rtpengine.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/el/rtpengine.spec b/el/rtpengine.spec index dba62c65b..21c0ad090 100644 --- a/el/rtpengine.spec +++ b/el/rtpengine.spec @@ -8,7 +8,6 @@ License: GPLv3 URL: https://github.com/sipwise/rtpengine Source0: https://github.com/sipwise/rtpengine/archive/%{version}/%{name}-%{version}.tar.gz Conflicts: %{name}-kernel < %{version} -BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) BuildRequires: gcc make pkgconfig redhat-rpm-config BuildRequires: glib2-devel libcurl-devel openssl-devel pcre-devel From 597c35aae0906ad9c42a2b36c00eb7a4cbc4b111 Mon Sep 17 00:00:00 2001 From: Peter Lemenkov Date: Mon, 23 Mar 2015 13:36:48 +0300 Subject: [PATCH 06/24] Remove duplicated text in descriptions Signed-off-by: Peter Lemenkov --- el/rtpengine.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/el/rtpengine.spec b/el/rtpengine.spec index 21c0ad090..321236246 100644 --- a/el/rtpengine.spec +++ b/el/rtpengine.spec @@ -29,7 +29,7 @@ Requires: iptables iptables-ipv6 ngcp-rtpengine = %{version} Requires: ngcp-rtpengine-dkms = %{version} %description kernel -NGCP rtpengine in-kernel packet forwarding +%{summary}. %package dkms @@ -42,7 +42,7 @@ Requires(post): epel-release dkms Requires(preun): epel-release dkms %description dkms -Kernel module for rtpengine in-kernel packet forwarding +%{summary}. %prep From 49ed2a826c3427e40382657ad2e05686a275997f Mon Sep 17 00:00:00 2001 From: Peter Lemenkov Date: Mon, 23 Mar 2015 13:40:20 +0300 Subject: [PATCH 07/24] Remove autoadded deps Signed-off-by: Peter Lemenkov --- el/rtpengine.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/el/rtpengine.spec b/el/rtpengine.spec index 321236246..6b6238cb1 100644 --- a/el/rtpengine.spec +++ b/el/rtpengine.spec @@ -12,7 +12,7 @@ Conflicts: %{name}-kernel < %{version} BuildRequires: gcc make pkgconfig redhat-rpm-config BuildRequires: glib2-devel libcurl-devel openssl-devel pcre-devel BuildRequires: xmlrpc-c-devel zlib-devel -Requires: glibc libcurl openssl pcre xmlrpc-c nmap-ncat +Requires: nmap-ncat %description From b0240eecaa10d753484330b7209c3123831fd821 Mon Sep 17 00:00:00 2001 From: Peter Lemenkov Date: Mon, 23 Mar 2015 13:40:47 +0300 Subject: [PATCH 08/24] Use generic dependency name for nc Signed-off-by: Peter Lemenkov --- el/rtpengine.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/el/rtpengine.spec b/el/rtpengine.spec index 6b6238cb1..439e0196b 100644 --- a/el/rtpengine.spec +++ b/el/rtpengine.spec @@ -12,7 +12,7 @@ Conflicts: %{name}-kernel < %{version} BuildRequires: gcc make pkgconfig redhat-rpm-config BuildRequires: glib2-devel libcurl-devel openssl-devel pcre-devel BuildRequires: xmlrpc-c-devel zlib-devel -Requires: nmap-ncat +Requires: nc %description From cd70a8f8a5f8e0b0d729fe77feafeda4fb91f060 Mon Sep 17 00:00:00 2001 From: Peter Lemenkov Date: Mon, 23 Mar 2015 13:48:05 +0300 Subject: [PATCH 09/24] Use proper versionin scheme Signed-off-by: Peter Lemenkov --- el/rtpengine.spec | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/el/rtpengine.spec b/el/rtpengine.spec index 439e0196b..8719ab679 100644 --- a/el/rtpengine.spec +++ b/el/rtpengine.spec @@ -7,7 +7,7 @@ Group: System Environment/Daemons License: GPLv3 URL: https://github.com/sipwise/rtpengine Source0: https://github.com/sipwise/rtpengine/archive/%{version}/%{name}-%{version}.tar.gz -Conflicts: %{name}-kernel < %{version} +Conflicts: %{name}-kernel < %{version}-%{release} BuildRequires: gcc make pkgconfig redhat-rpm-config BuildRequires: glib2-devel libcurl-devel openssl-devel pcre-devel @@ -25,8 +25,9 @@ drop-in replacement for any of the other available RTP and media proxies. Summary: NGCP rtpengine in-kernel packet forwarding Group: System Environment/Daemons BuildRequires: gcc make redhat-rpm-config iptables-devel -Requires: iptables iptables-ipv6 ngcp-rtpengine = %{version} -Requires: ngcp-rtpengine-dkms = %{version} +Requires: iptables iptables-ipv6 +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: %{name}-dkms%{?_isa} = %{version}-%{release} %description kernel %{summary}. From 8d56ed506730441c21d96ecb0bfb8544eade53c2 Mon Sep 17 00:00:00 2001 From: Peter Lemenkov Date: Mon, 23 Mar 2015 14:10:41 +0300 Subject: [PATCH 10/24] Typo fix in Source0 url Signed-off-by: Peter Lemenkov --- el/rtpengine.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/el/rtpengine.spec b/el/rtpengine.spec index 8719ab679..00473c759 100644 --- a/el/rtpengine.spec +++ b/el/rtpengine.spec @@ -6,7 +6,7 @@ Summary: The Sipwise NGCP rtpengine Group: System Environment/Daemons License: GPLv3 URL: https://github.com/sipwise/rtpengine -Source0: https://github.com/sipwise/rtpengine/archive/%{version}/%{name}-%{version}.tar.gz +Source0: https://github.com/sipwise/rtpengine/archive/mr%{version}/%{name}-%{version}.tar.gz Conflicts: %{name}-kernel < %{version}-%{release} BuildRequires: gcc make pkgconfig redhat-rpm-config From 9890371a894f03bf1dce2587c18afab268e110b6 Mon Sep 17 00:00:00 2001 From: Peter Lemenkov Date: Mon, 23 Mar 2015 14:11:10 +0300 Subject: [PATCH 11/24] Remove no longer required section Signed-off-by: Peter Lemenkov --- el/rtpengine.spec | 4 ---- 1 file changed, 4 deletions(-) diff --git a/el/rtpengine.spec b/el/rtpengine.spec index 00473c759..26c6b6239 100644 --- a/el/rtpengine.spec +++ b/el/rtpengine.spec @@ -86,10 +86,6 @@ sed "s/__VERSION__/%{version}-%{release}/g" debian/dkms.conf.in > \ %{buildroot}/%{_usrsrc}/%{name}-%{version}-%{release}/dkms.conf -%clean -rm -rf %{buildroot} - - %pre /usr/sbin/groupadd -r rtpengine 2> /dev/null || : /usr/sbin/useradd -r -g rtpengine -s /sbin/nologin -c "rtpengine daemon" \ From 234b45441ac26d66d4164fbfcd71c4d1fb85a030 Mon Sep 17 00:00:00 2001 From: Peter Lemenkov Date: Mon, 23 Mar 2015 14:16:41 +0300 Subject: [PATCH 12/24] Use macro instead of /etc/rc.d/init.d Signed-off-by: Peter Lemenkov --- el/rtpengine.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/el/rtpengine.spec b/el/rtpengine.spec index 26c6b6239..601802752 100644 --- a/el/rtpengine.spec +++ b/el/rtpengine.spec @@ -66,7 +66,7 @@ install -D -p -m755 utils/rtpengine-ctl %{buildroot}/%{_sbindir}/rtpengine-ctl ## Install the init.d script and configuration file install -D -p -m755 el/rtpengine.init \ - %{buildroot}/%{_sysconfdir}/rc.d/init.d/rtpengine + %{buildroot}/%{_initrddir}/rtpengine install -D -p -m644 el/rtpengine.sysconfig \ %{buildroot}/%{_sysconfdir}/sysconfig/rtpengine mkdir -p %{buildroot}/%{_sharedstatedir}/rtpengine @@ -127,7 +127,7 @@ true %{_sbindir}/rtpengine-ctl # init.d script and configuration file -%{_sysconfdir}/rc.d/init.d/rtpengine +%{_initrddir}/rtpengine %config(noreplace) %{_sysconfdir}/sysconfig/rtpengine %dir %{_sharedstatedir}/rtpengine From 882731b8142a2dda8ddeb3817874267c6a12dcc2 Mon Sep 17 00:00:00 2001 From: Peter Lemenkov Date: Mon, 23 Mar 2015 14:18:42 +0300 Subject: [PATCH 13/24] Remove double slash Signed-off-by: Peter Lemenkov --- el/rtpengine.spec | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/el/rtpengine.spec b/el/rtpengine.spec index 601802752..b5bb3f65c 100644 --- a/el/rtpengine.spec +++ b/el/rtpengine.spec @@ -60,16 +60,16 @@ cd .. %install # Install the userspace daemon -install -D -p -m755 daemon/rtpengine %{buildroot}/%{_sbindir}/rtpengine +install -D -p -m755 daemon/rtpengine %{buildroot}%{_sbindir}/rtpengine # Install CLI (command line interface) -install -D -p -m755 utils/rtpengine-ctl %{buildroot}/%{_sbindir}/rtpengine-ctl +install -D -p -m755 utils/rtpengine-ctl %{buildroot}%{_sbindir}/rtpengine-ctl ## Install the init.d script and configuration file install -D -p -m755 el/rtpengine.init \ - %{buildroot}/%{_initrddir}/rtpengine + %{buildroot}%{_initrddir}/rtpengine install -D -p -m644 el/rtpengine.sysconfig \ - %{buildroot}/%{_sysconfdir}/sysconfig/rtpengine -mkdir -p %{buildroot}/%{_sharedstatedir}/rtpengine + %{buildroot}%{_sysconfdir}/sysconfig/rtpengine +mkdir -p %{buildroot}%{_sharedstatedir}/rtpengine # Install the iptables plugin install -D -p -m755 iptables-extension/libxt_RTPENGINE.so \ @@ -77,13 +77,13 @@ install -D -p -m755 iptables-extension/libxt_RTPENGINE.so \ ## DKMS module source install install -D -p -m644 kernel-module/Makefile \ - %{buildroot}/%{_usrsrc}/%{name}-%{version}-%{release}/Makefile + %{buildroot}%{_usrsrc}/%{name}-%{version}-%{release}/Makefile install -D -p -m644 kernel-module/xt_RTPENGINE.c \ - %{buildroot}/%{_usrsrc}/%{name}-%{version}-%{release}/xt_RTPENGINE.c + %{buildroot}%{_usrsrc}/%{name}-%{version}-%{release}/xt_RTPENGINE.c install -D -p -m644 kernel-module/xt_RTPENGINE.h \ - %{buildroot}/%{_usrsrc}/%{name}-%{version}-%{release}/xt_RTPENGINE.h + %{buildroot}%{_usrsrc}/%{name}-%{version}-%{release}/xt_RTPENGINE.h sed "s/__VERSION__/%{version}-%{release}/g" debian/dkms.conf.in > \ - %{buildroot}/%{_usrsrc}/%{name}-%{version}-%{release}/dkms.conf + %{buildroot}%{_usrsrc}/%{name}-%{version}-%{release}/dkms.conf %pre From d25b697f6aab867732077d6ae07aad5c276fd0ec Mon Sep 17 00:00:00 2001 From: Peter Lemenkov Date: Mon, 23 Mar 2015 14:29:23 +0300 Subject: [PATCH 14/24] Check for username,group before creating Just a cosmetic actually. Earlier we created user,group anyway and suppress error message if user or group already exists. Signed-off-by: Peter Lemenkov --- el/rtpengine.spec | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/el/rtpengine.spec b/el/rtpengine.spec index b5bb3f65c..8ded7d64c 100644 --- a/el/rtpengine.spec +++ b/el/rtpengine.spec @@ -87,10 +87,10 @@ sed "s/__VERSION__/%{version}-%{release}/g" debian/dkms.conf.in > \ %pre -/usr/sbin/groupadd -r rtpengine 2> /dev/null || : -/usr/sbin/useradd -r -g rtpengine -s /sbin/nologin -c "rtpengine daemon" \ - -d %{_sharedstatedir}/rtpengine rtpengine \ - 2> /dev/null || : +getent group rtpengine >/dev/null || /usr/sbin/groupadd -r rtpengine +getent passwd rtpengine >/dev/null || /usr/sbin/useradd -r -g rtpengine \ + -s /sbin/nologin -c "rtpengine daemon" -d %{_sharedstatedir}/rtpengine \ + rtpengine %post From e71a7e15d8f9dace65f632b74067d93a100421e2 Mon Sep 17 00:00:00 2001 From: Peter Lemenkov Date: Mon, 23 Mar 2015 14:34:14 +0300 Subject: [PATCH 15/24] Consistently use rtpengine name everywhere Signed-off-by: Peter Lemenkov --- el/rtpengine.init | 2 +- el/rtpengine.spec | 43 ++++++++++++++++++++++--------------------- 2 files changed, 23 insertions(+), 22 deletions(-) diff --git a/el/rtpengine.init b/el/rtpengine.init index 1fb33ce62..c6056242d 100644 --- a/el/rtpengine.init +++ b/el/rtpengine.init @@ -39,7 +39,7 @@ MODULE=0 build_opts() { shopt -s nocasematch - RPMS=`rpm -qa | grep ngcp-rtpengine-kernel` + RPMS=`rpm -qa | grep rtpengine-kernel` if [[ "$KERNEL" == "yes" && -n "$TABLE" && -n "$RPMS" ]] then MODULE=1 diff --git a/el/rtpengine.spec b/el/rtpengine.spec index 8ded7d64c..48f152c48 100644 --- a/el/rtpengine.spec +++ b/el/rtpengine.spec @@ -1,4 +1,4 @@ -Name: ngcp-rtpengine +Name: rtpengine Version: 2.3.6 Release: 0%{?dist} Summary: The Sipwise NGCP rtpengine @@ -13,6 +13,8 @@ BuildRequires: gcc make pkgconfig redhat-rpm-config BuildRequires: glib2-devel libcurl-devel openssl-devel pcre-devel BuildRequires: xmlrpc-c-devel zlib-devel Requires: nc +# Remain compat with other installations +Provides: ngcp-rtpengine = %{version}-%{release} %description @@ -60,16 +62,16 @@ cd .. %install # Install the userspace daemon -install -D -p -m755 daemon/rtpengine %{buildroot}%{_sbindir}/rtpengine +install -D -p -m755 daemon/%{name} %{buildroot}%{_sbindir}/%{name} # Install CLI (command line interface) -install -D -p -m755 utils/rtpengine-ctl %{buildroot}%{_sbindir}/rtpengine-ctl +install -D -p -m755 utils/%{name}-ctl %{buildroot}%{_sbindir}/%{name}-ctl ## Install the init.d script and configuration file -install -D -p -m755 el/rtpengine.init \ - %{buildroot}%{_initrddir}/rtpengine -install -D -p -m644 el/rtpengine.sysconfig \ - %{buildroot}%{_sysconfdir}/sysconfig/rtpengine -mkdir -p %{buildroot}%{_sharedstatedir}/rtpengine +install -D -p -m755 el/%{name}.init \ + %{buildroot}%{_initrddir}/%{name} +install -D -p -m644 el/%{name}.sysconfig \ + %{buildroot}%{_sysconfdir}/sysconfig/%{name} +mkdir -p %{buildroot}%{_sharedstatedir}/%{name} # Install the iptables plugin install -D -p -m755 iptables-extension/libxt_RTPENGINE.so \ @@ -82,20 +84,19 @@ install -D -p -m644 kernel-module/xt_RTPENGINE.c \ %{buildroot}%{_usrsrc}/%{name}-%{version}-%{release}/xt_RTPENGINE.c install -D -p -m644 kernel-module/xt_RTPENGINE.h \ %{buildroot}%{_usrsrc}/%{name}-%{version}-%{release}/xt_RTPENGINE.h -sed "s/__VERSION__/%{version}-%{release}/g" debian/dkms.conf.in > \ +sed "s/__VERSION__/%{version}-%{release}/g;s/ngcp-rtpengine/rtpengine/g" debian/dkms.conf.in > \ %{buildroot}%{_usrsrc}/%{name}-%{version}-%{release}/dkms.conf %pre -getent group rtpengine >/dev/null || /usr/sbin/groupadd -r rtpengine -getent passwd rtpengine >/dev/null || /usr/sbin/useradd -r -g rtpengine \ - -s /sbin/nologin -c "rtpengine daemon" -d %{_sharedstatedir}/rtpengine \ - rtpengine +getent group %{name} >/dev/null || /usr/sbin/groupadd -r %{name} +getent passwd %{name} >/dev/null || /usr/sbin/useradd -r -g %{name} \ + -s /sbin/nologin -c "%{name} daemon" -d %{_sharedstatedir}/%{name} %{name} %post if [ $1 -eq 1 ]; then - /sbin/chkconfig --add rtpengine || : + /sbin/chkconfig --add %{name} || : fi @@ -109,8 +110,8 @@ true %preun if [ $1 = 0 ] ; then - /sbin/service rtpengine stop >/dev/null 2>&1 - /sbin/chkconfig --del rtpengine + /sbin/service %{name} stop >/dev/null 2>&1 + /sbin/chkconfig --del %{name} fi @@ -122,14 +123,14 @@ true %files # Userspace daemon -%{_sbindir}/rtpengine +%{_sbindir}/%{name} # CLI (command line interface) -%{_sbindir}/rtpengine-ctl +%{_sbindir}/%{name}-ctl # init.d script and configuration file -%{_initrddir}/rtpengine -%config(noreplace) %{_sysconfdir}/sysconfig/rtpengine -%dir %{_sharedstatedir}/rtpengine +%{_initrddir}/%{name} +%config(noreplace) %{_sysconfdir}/sysconfig/%{name} +%dir %{_sharedstatedir}/%{name} # Documentation %doc LICENSE README.md el/README.el.md debian/changelog debian/copyright From a6ab5b5ebce32da4fb285189f28f50a29d461645 Mon Sep 17 00:00:00 2001 From: Peter Lemenkov Date: Mon, 23 Mar 2015 14:36:18 +0300 Subject: [PATCH 16/24] Restrict access to a working directory Signed-off-by: Peter Lemenkov --- el/rtpengine.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/el/rtpengine.spec b/el/rtpengine.spec index 48f152c48..70ec79399 100644 --- a/el/rtpengine.spec +++ b/el/rtpengine.spec @@ -130,7 +130,7 @@ true # init.d script and configuration file %{_initrddir}/%{name} %config(noreplace) %{_sysconfdir}/sysconfig/%{name} -%dir %{_sharedstatedir}/%{name} +%attr(0750,%{name},%{name}) %dir %{_sharedstatedir}/%{name} # Documentation %doc LICENSE README.md el/README.el.md debian/changelog debian/copyright From 9a12b4915a66c28d9fade1568704b95efb256bab Mon Sep 17 00:00:00 2001 From: Peter Lemenkov Date: Mon, 23 Mar 2015 15:31:46 +0300 Subject: [PATCH 17/24] Don't specify access rights for _usrsrc dir Signed-off-by: Peter Lemenkov --- el/rtpengine.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/el/rtpengine.spec b/el/rtpengine.spec index 70ec79399..784fffa97 100644 --- a/el/rtpengine.spec +++ b/el/rtpengine.spec @@ -141,7 +141,7 @@ true %files dkms -%attr(0755,root,root) %{_usrsrc}/%{name}-%{version}-%{release}/ +%{_usrsrc}/%{name}-%{version}-%{release}/ %changelog From 3b270318283738f04ed65761804d1ca1daddc030 Mon Sep 17 00:00:00 2001 From: Peter Lemenkov Date: Mon, 23 Mar 2015 15:33:17 +0300 Subject: [PATCH 18/24] Explicitly set rights on dkms.conf as 644 Signed-off-by: Peter Lemenkov --- el/rtpengine.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/el/rtpengine.spec b/el/rtpengine.spec index 784fffa97..493f6a038 100644 --- a/el/rtpengine.spec +++ b/el/rtpengine.spec @@ -84,8 +84,8 @@ install -D -p -m644 kernel-module/xt_RTPENGINE.c \ %{buildroot}%{_usrsrc}/%{name}-%{version}-%{release}/xt_RTPENGINE.c install -D -p -m644 kernel-module/xt_RTPENGINE.h \ %{buildroot}%{_usrsrc}/%{name}-%{version}-%{release}/xt_RTPENGINE.h -sed "s/__VERSION__/%{version}-%{release}/g;s/ngcp-rtpengine/rtpengine/g" debian/dkms.conf.in > \ - %{buildroot}%{_usrsrc}/%{name}-%{version}-%{release}/dkms.conf +sed -i -e "s/__VERSION__/%{version}-%{release}/g;s/ngcp-rtpengine/rtpengine/g" debian/dkms.conf.in +install -D -p -m644 debian/dkms.conf.in %{buildroot}%{_usrsrc}/%{name}-%{version}-%{release}/dkms.conf %pre From 93294f8c5f8aae3c93804e363a5827062c80aae3 Mon Sep 17 00:00:00 2001 From: Richard Fuchs Date: Mon, 23 Mar 2015 10:00:09 -0400 Subject: [PATCH 19/24] don't relearn addresses if the endpoint hasn't changed --- daemon/call.c | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/daemon/call.c b/daemon/call.c index d67ad1370..b5a27e9c7 100644 --- a/daemon/call.c +++ b/daemon/call.c @@ -1863,15 +1863,21 @@ static int __num_media_streams(struct call_media *media, unsigned int num_ports) return ret; } -static void __fill_stream(struct packet_stream *ps, const struct endpoint *ep, unsigned int port_off) { - ps->endpoint = *ep; - ps->endpoint.port += port_off; +static void __fill_stream(struct packet_stream *ps, const struct endpoint *epp, unsigned int port_off) { + struct endpoint ep; + + ep = *epp; + ep.port += port_off; + + /* if the endpoint hasn't changed, we do nothing */ + if (PS_ISSET(ps, FILLED) && !memcmp(&ps->advertised_endpoint, &ep, sizeof(ep))) + return; + + ps->endpoint = ep; + ps->advertised_endpoint = ep; /* we reset crypto params whenever the endpoint changes */ - if (PS_ISSET(ps, FILLED) && memcmp(&ps->advertised_endpoint, &ps->endpoint, sizeof(ps->endpoint))) { - crypto_reset(&ps->crypto); - dtls_shutdown(ps); - } - ps->advertised_endpoint = ps->endpoint; + crypto_reset(&ps->crypto); + dtls_shutdown(ps); PS_SET(ps, FILLED); } From 0b202d821f0c386e9f4632fbbc983adc0bc5a41c Mon Sep 17 00:00:00 2001 From: Richard Fuchs Date: Tue, 24 Mar 2015 10:47:09 -0400 Subject: [PATCH 20/24] Fall back to a different address family if the requested one is unavailable Fixes #90 --- daemon/call.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/daemon/call.c b/daemon/call.c index b5a27e9c7..b9227e09a 100644 --- a/daemon/call.c +++ b/daemon/call.c @@ -3485,7 +3485,15 @@ struct local_interface *get_local_interface(struct callmaster *m, const str *nam if (!name || !name->s) { GQueue *q; q = __interface_list_for_family(m, family); - return q->head ? q->head->data : NULL; + if (q->head) + return q->head->data; + q = __interface_list_for_family(m, AF_INET); + if (q->head) + return q->head->data; + q = __interface_list_for_family(m, AF_INET6); + if (q->head) + return q->head->data; + return NULL; } d.name = *name; From fd99ecf98c8daffb0a059d3dee859e9cf4ef08d2 Mon Sep 17 00:00:00 2001 From: Richard Fuchs Date: Thu, 26 Mar 2015 16:04:49 -0400 Subject: [PATCH 21/24] don't close call on UDP send error --- daemon/call.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daemon/call.c b/daemon/call.c index b9227e09a..c92d192e7 100644 --- a/daemon/call.c +++ b/daemon/call.c @@ -885,7 +885,7 @@ forward: ret = sendmsg(sink->sfd->fd.fd, &mh, 0); if (ret == -1) { - ret = -errno; + ret = 0; /* temp for address family mismatches */ ilog(LOG_DEBUG,"Error when sending message. Error: %s",strerror(errno)); atomic64_inc(&stream->stats.errors); atomic64_inc(&cm->statsps.errors); From c0fab9b47d0d1ee45ca1a9359ae6ad10288fb97b Mon Sep 17 00:00:00 2001 From: Richard Fuchs Date: Thu, 26 Mar 2015 16:06:06 -0400 Subject: [PATCH 22/24] various fixes related to ICE negotation and rtcp-mux closes #92 --- daemon/call.c | 12 +++++++-- daemon/ice.c | 68 +++++++++++++++++++++++++++++++-------------------- 2 files changed, 51 insertions(+), 29 deletions(-) diff --git a/daemon/call.c b/daemon/call.c index c92d192e7..34255e1d9 100644 --- a/daemon/call.c +++ b/daemon/call.c @@ -146,6 +146,7 @@ const char * get_tag_type_text(enum tag_type t) { } static void determine_handler(struct packet_stream *in, const struct packet_stream *out); +static void __call_media_state_machine(struct call_media *m); static int __k_null(struct rtpengine_srtp *s, struct packet_stream *); static int __k_srtp_encrypt(struct rtpengine_srtp *s, struct packet_stream *); @@ -645,7 +646,7 @@ static int stream_packet(struct stream_fd *sfd, str *s, struct sockaddr_in6 *fsi if (!stun_ret) goto unlock_out; if (stun_ret == 1) { - call_stream_state_machine(stream); + __call_media_state_machine(media); mutex_lock(&stream->in_lock); /* for the jump */ goto kernel_check; } @@ -1904,6 +1905,13 @@ enum call_stream_state call_stream_state_machine(struct packet_stream *ps) { return CSS_RUNNING; } +static void __call_media_state_machine(struct call_media *m) { + GList *l; + + for (l = m->streams.head; l; l = l->next) + call_stream_state_machine(l->data); +} + static int __init_stream(struct packet_stream *ps) { struct call_media *media = ps->media; struct call *call = ps->call; @@ -2472,7 +2480,6 @@ int monologue_offer_answer(struct call_monologue *other_ml, GQueue *streams, /* control rtcp-mux */ __rtcp_mux_logic(flags, media, other_media); - /* XXX update ICE if rtcp-mux changes */ /* SDES and DTLS */ __generate_crypto(flags, media, other_media); @@ -2548,6 +2555,7 @@ init: /* we are now ready to fire up ICE if so desired and requested */ ice_update(other_media->ice_agent, sp); + ice_update(media->ice_agent, NULL); /* this is in case rtcp-mux has changed */ } return 0; diff --git a/daemon/ice.c b/daemon/ice.c index 4b43ae6b9..9ab3404c6 100644 --- a/daemon/ice.c +++ b/daemon/ice.c @@ -317,8 +317,9 @@ void ice_update(struct ice_agent *ag, struct stream_params *sp) { int recalc = 0; unsigned int comps; struct packet_stream *components[MAX_COMPONENTS], *ps; + GQueue *candidates; - if (!ag || !sp) + if (!ag) return; media = ag->media; @@ -326,19 +327,25 @@ void ice_update(struct ice_agent *ag, struct stream_params *sp) { __role_change(ag, MEDIA_ISSET(media, ICE_CONTROLLING)); - /* check for ICE restarts */ - if (ag->ufrag[0].s && sp->ice_ufrag.s && str_cmp_str(&ag->ufrag[0], &sp->ice_ufrag)) - __ice_restart(ag); - else if (ag->pwd[0].s && sp->ice_pwd.s && str_cmp_str(&ag->pwd[0], &sp->ice_pwd)) - __ice_restart(ag); - else if (ag->local_interface != media->interface) - __ice_restart(ag); - - /* update remote info */ - if (sp->ice_ufrag.s) - call_str_cpy(call, &ag->ufrag[0], &sp->ice_ufrag); - if (sp->ice_pwd.s) - call_str_cpy(call, &ag->pwd[0], &sp->ice_pwd); + if (sp) { + /* check for ICE restarts */ + if (ag->ufrag[0].s && sp->ice_ufrag.s && str_cmp_str(&ag->ufrag[0], &sp->ice_ufrag)) + __ice_restart(ag); + else if (ag->pwd[0].s && sp->ice_pwd.s && str_cmp_str(&ag->pwd[0], &sp->ice_pwd)) + __ice_restart(ag); + else if (ag->local_interface != media->interface) + __ice_restart(ag); + + /* update remote info */ + if (sp->ice_ufrag.s) + call_str_cpy(call, &ag->ufrag[0], &sp->ice_ufrag); + if (sp->ice_pwd.s) + call_str_cpy(call, &ag->pwd[0], &sp->ice_pwd); + + candidates = &sp->ice_candidates; + } + else /* this is a dummy update in case rtcp-mux has changed */ + candidates = &ag->remote_candidates; /* get our component streams */ ZERO(components); @@ -349,7 +356,7 @@ void ice_update(struct ice_agent *ag, struct stream_params *sp) { components[1] = NULL; comps = 0; - for (l = sp->ice_candidates.head; l; l = l->next) { + for (l = candidates->head; l; l = l->next) { if (ag->remote_candidates.length >= MAX_ICE_CANDIDATES) { ilog(LOG_WARNING, "Maxmimum number of ICE candidates exceeded"); break; @@ -360,15 +367,16 @@ void ice_update(struct ice_agent *ag, struct stream_params *sp) { /* skip invalid */ if (!cand->component_id || cand->component_id > G_N_ELEMENTS(components)) continue; - /* skip if we don't have a candidate of our own */ ps = components[cand->component_id - 1]; - if (!ps) - continue; - comps = MAX(comps, cand->component_id); + if (ps) /* only count active components */ + comps = MAX(comps, cand->component_id); - /* check for duplicates */ dup = g_hash_table_lookup(ag->candidate_hash, cand); + if (!sp && dup) /* this isn't a real update, so only check pairings */ + goto pair; + + /* check for duplicates */ if (dup) { /* if this is peer reflexive, we've learned it through STUN. * otherwise it's simply one we've seen before. */ @@ -410,6 +418,9 @@ void ice_update(struct ice_agent *ag, struct stream_params *sp) { g_hash_table_insert(ag->foundation_hash, dup, dup); +pair: + if (!ps) + continue; for (k = ag->local_interface->list.head; k; k = k->next) { /* skip duplicates here also */ if (__pair_lookup(ag, dup, k->data)) @@ -1088,8 +1099,10 @@ int ice_request(struct packet_stream *ps, struct sockaddr_in6 *src, struct in6_a g_tree_insert(ag->nominated_pairs, pair, pair); - if (PAIR_ISSET(pair, SUCCEEDED)) + if (PAIR_ISSET(pair, SUCCEEDED)) { + PAIR_SET(pair, VALID); g_tree_insert(ag->valid_pairs, pair, pair); + } if (!AGENT_ISSET(ag, CONTROLLING)) ret = __check_valid(ag); @@ -1129,7 +1142,7 @@ static int __check_succeeded_complete(struct ice_agent *ag) { int ice_response(struct packet_stream *ps, struct sockaddr_in6 *src, struct in6_addr *dst, struct stun_attrs *attrs, u_int32_t transaction[3]) { - struct ice_candidate_pair *pair; + struct ice_candidate_pair *pair, *opair; struct ice_agent *ag; struct call_media *media = ps->media; const char *err; @@ -1222,20 +1235,21 @@ int ice_response(struct packet_stream *ps, struct sockaddr_in6 *src, struct in6_ cand = __foundation_lookup(ag, &pair->remote_candidate->foundation, component); if (!cand) continue; - pair = __pair_lookup(ag, cand, ifa); - if (!pair) + opair = __pair_lookup(ag, cand, ifa); + if (!opair) continue; - if (PAIR_ISSET(pair, FAILED)) + if (PAIR_ISSET(opair, FAILED)) continue; - if (!PAIR_CLEAR(pair, FROZEN)) + if (!PAIR_CLEAR(opair, FROZEN)) continue; - ilog(LOG_DEBUG, "Unfreezing related ICE pair "PAIR_FORMAT, PAIR_FMT(pair)); + ilog(LOG_DEBUG, "Unfreezing related ICE pair "PAIR_FORMAT, PAIR_FMT(opair)); } /* if this was previously nominated by the peer, it's now valid */ if (PAIR_ISSET(pair, NOMINATED)) { + PAIR_SET(pair, VALID); g_tree_insert(ag->valid_pairs, pair, pair); if (!AGENT_ISSET(ag, CONTROLLING)) From 3a45a169ef261f9ad8c7516b365983ac79feca2c Mon Sep 17 00:00:00 2001 From: Alexander Lutay Date: Fri, 27 Mar 2015 10:21:23 +0100 Subject: [PATCH 23/24] MT#7505 Add .gitreview file for rtpengine --- .gitreview | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 .gitreview diff --git a/.gitreview b/.gitreview new file mode 100644 index 000000000..90ab7e1d1 --- /dev/null +++ b/.gitreview @@ -0,0 +1,4 @@ +[gerrit] +host=gerrit.mgm.sipwise.com +port=29418 +project=rtpengine From cca0f2bf7115af5e8211e49fc83cee10d9296726 Mon Sep 17 00:00:00 2001 From: Frederic-Philippe Metz Date: Mon, 30 Mar 2015 11:24:15 +0200 Subject: [PATCH 24/24] Replaced rtpengine-ctl shell script with perl script. --- utils/rtpengine-ctl | 128 +++++++++++++++++++++++--------------------- 1 file changed, 67 insertions(+), 61 deletions(-) diff --git a/utils/rtpengine-ctl b/utils/rtpengine-ctl index e69deb12c..464fcf0d4 100755 --- a/utils/rtpengine-ctl +++ b/utils/rtpengine-ctl @@ -1,70 +1,76 @@ -#!/bin/bash -# +#!/usr/bin/perl -host=127.0.0.1 -port=9900 -error_rc=255 +use IO::Socket::INET; -prgname=${0##*/} -prgdir=${0%$prgname} +$num_args = $#ARGV + 1; +if ($num_args == 0) { + showusage(); + exit; +} + +# auto-flush on socket +$| = 1; + +my $argumentstring = ""; +my $ip = "127.0.0.1"; +my $port = "9900"; -showusage() { - echo "" - echo " $0 [ -ip -port ] " - echo "" - echo " Supported commands are:" - echo "" - echo " list [ numsessions | sessions | session ]" - echo " numsessions : prints the number of sessions" - echo " sessions : print one-liner session information" - echo " session : print detail about one session" - echo " totals : print total statistics (does not include current sessions)" - echo "" - echo " terminate [ all | ]" - echo " all : terminates all current sessions" - echo " : session is immediately terminated" - echo "" - echo "" - echo " Return Value:" - echo " 0 on success with ouput from server side, other values for failure." - echo "" - exit 0 +for (my $argnum=0; $argnum <= $#ARGV; $argnum++) { + if ($ARGV[$argnum] eq "-ip") { + die "No argument after -ip\n" unless $argnum+1<=$#ARGV; + $argnum = $argnum+1; + $ip = $ARGV[$argnum]; + } elsif ($ARGV[$argnum] eq "-port") { + die "No argument after -port\n" unless $argnum+1<=$#ARGV; + $argnum = $argnum+1; + $port = $ARGV[$argnum]; + } else { + $argumentstring .= "$ARGV[$argnum] "; + } } -if [ $# -eq 0 ]; then showusage; fi +# create a connecting socket +my $socket = new IO::Socket::INET ( + PeerHost => $ip, + PeerPort => $port, + Proto => 'tcp', +); +die "Cannot connect to the rtpengine $!\n" unless $socket; + +$argumentstring = trim($argumentstring); +my $size = $socket->send($argumentstring); + +# notify server that request has been sent +shutdown($socket, 1); + +# receive a response of up to 10MB +my $response = ""; +$socket->recv($response, 1024*1024*10); +print $response; -command -v nc 2>&1 >/dev/null -if [ $? -ne 0 ]; then - echo "Error: $0 requires netcat to be installed." - exit 0 -fi +$socket->close(); -while [ $# -gt 0 ]; do - case $1 in - "-?"|"-help"|"-h") - showusage - ;; - "-ip") - shift - if [ $# -gt 0 ]; then - host=$1 - else - echo "Missing parameter for option '-ip'" >&2 - fi - ;; - "-port") - shift - if [ $# -gt 0 ]; then - port=$1 - else - echo "Missing parameter for option '-port'" >&2 - fi - ;; - *) - varargs="$varargs $1" - esac - shift -done +sub showusage { + print "\n"; + print " rtpengine-ctl [ -ip -port ] \n"; + print "\n"; + print " Supported commands are:\n"; + print "\n"; + print " list [ numsessions | sessions | session | totals ]\n"; + print " numsessions : prints the number of sessions\n"; + print " sessions : print one-liner session information\n"; + print " session : print detail about one session\n"; + print " totals : print total statistics\n"; + print "\n"; + print " terminate [ all | ]\n"; + print " all : terminates all current sessions\n"; + print " : session is immediately terminated\n"; + print "\n"; + print "\n"; + print " Return Value:\n"; + print " 0 on success with ouput from server side, other values for failure.\n"; + print "\n"; +} -echo -n ${varargs} | nc ${host} ${port} +sub trim { my $s = shift; $s =~ s/^\s+|\s+$//g; return $s };