There's no need to open ports on non-primary interfaces if ICE is not in
use as these ports will not be used or seen by anyone.
This mostly obsoletes the `save-interface-ports` config option, with the
exception of ICE advertised by the offerer. We currently have no option
to reject ICE from the offerer during the offer phase, so ports would
always be opened on that side.
Relevant to #1164 and 001abe5
Change-Id: I43df70bc0ec49b81f63aec97c776e48617b2acfd
This enables the same behaviour towards the offerer when rtcp-mux=demux
or =accept is used, as we have towards the answerer when
rtcp-mux=require is used.
Change-Id: I56a1cea84efce0c2db1b58c500629d0e54d582f4
Special handling for codec lists that were received as part of an
answer: If the list includes a codec that was not offered, ignore that
codec. This prevents transcoders from being set up that were not
requested.
This brought to light some tests that were actually broken.
Change-Id: Iac71056ec5e10b5de5567917974f2c4e0261eb0c
We must now hold the master lock for reads from the socket as the socket
may get closed after the poller has already fired an event for it.
Change-Id: I1ab4b38f09988e8569a70c449de17c208ef2aa96
This has become important after the latest change to run rtpengine as
non-root user as it requires reloading the kernel module with the new
user/group permissions.
Change-Id: Iedf2624402397f5d444955e9d5d6d5aa414be1c3
If DTLS is rejected in an answer via `DTLS=off` we must forget that DTLS
was previously offered, as otherwise a re-invite would detect the
fingerprint as changed if the re-invite doesn't offer DTLS again. We
also make sure DTLS is shut down if during stream init DTLS is not
given, when it was present before.
Change-Id: I48ee6f0ec5ec02f558a6799951552ea2272d0e96
All crypto suites except AEAD have an explicit packet authentication
stage. If authentication fails for a packet, we take some guesses about
a ROC mismatch and see if authentication can succeed with a different
ROC. If a working ROC is found, our tracked ROC is updated and
decryption proceeds.
AEAD doesn't have an explicit authentication stage and authentication is
performed implicitly by the decryption engine, which simply returns a
decryption error if the authentication fails. We must therefore add the
same ROC guessing logic at this step for AEAD.
Change-Id: Ic1a70daa667e23976b74d2303c823b8d8c7bcb2b
This is useful for functions which are used both from a timer and from
other callers. These functions would reset the logging context at their
end to free the reference held by the logging context, which would
wrongly reset the logging context when the same function was called from
a different code path. Using a stack with push/pop semantics makes it
safe to use these functions from any code path.
Additionally introduce an explicit reset function that clears the entire
stack regardless of context. This reset function is called at the end of
every work iteration in every worker thread, just in case not everything
was popped from the stack.
Change-Id: I0e2c142b95806b26473c65a882737e39d161d24d
*) Create dedicated rtpengine user in postinst and remove it in postrm.
*) Use RuntimeDirectory= systemd unit config.
*) Use dedicated user for /proc interface and set file umask to hide it
from other users.
*) Set owner and permissions on default directories used for call recording.
Change-Id: I8e225b36d065d46da2489fb8286916371950f490
If the config only lists a port for the HTTP/WS bindings then we must
not try to create both a v4 and a v6 binding on that port as
libwebsockets handles the 4/6 mapping internally. In this case we make
sure to only create the v6 binding.
Further requirement for #1432
Change-Id: I9bf7ec5c041d0b5d4a22d507d993b85e2d4d3155
Add an explicit test to see if libwebsockets has been compiled with
support for IPv6. If it hasn't then we don't try to create v6 bindings.
Closes#1432
Change-Id: I6902f5b4203aa09cb28a8edb46f97b339677ed75
The hexint modparam type became available in 5.10.
The stream_open() function became available at some point in 5.0.x.
Closes#1431
Change-Id: I4965d05a2c4c0f0bf526ea0bf3f76f5ca2f9dff6
Richard Fuchs
Stefan Mititelu
Anton Voylenko
Michael Prokop
Sipwise Jenkins Builder
hdikme