diff options
author | George Joseph <gjoseph@digium.com> | 2018-02-06 11:07:18 -0700 |
---|---|---|
committer | George Joseph <gjoseph@digium.com> | 2018-02-21 08:14:56 -0700 |
commit | 758409de56f1bfc5e9b58230282f9a5382cb3846 (patch) | |
tree | d27d32cda329fd03230c60ba6b4cc94f409f383d /res | |
parent | de871515ba06e3c3e6343a09652d3079c3706215 (diff) |
AST-2018-005: res_pjsip_transport_management: Move to core
Since res_pjsip_transport_management provides several attack
mitigation features, its functionality moved to res_pjsip and
this module has been removed. This way the features will always
be available if res_pjsip is loaded.
ASTERISK-27618
Reported By: Sandro Gauci
Change-Id: I21a2d33d9dda001452ea040d350d7a075f9acf0d
Diffstat (limited to 'res')
-rw-r--r-- | res/res_pjsip.c | 6 | ||||
-rw-r--r-- | res/res_pjsip/include/res_pjsip_private.h | 28 | ||||
-rw-r--r-- | res/res_pjsip/pjsip_transport_management.c (renamed from res/res_pjsip_transport_management.c) | 29 |
3 files changed, 37 insertions, 26 deletions
diff --git a/res/res_pjsip.c b/res/res_pjsip.c index df4dd47c6..ca173a8af 100644 --- a/res/res_pjsip.c +++ b/res/res_pjsip.c @@ -4972,6 +4972,7 @@ static int unload_pjsip(void *data) ast_res_pjsip_cleanup_options_handling(); ast_res_pjsip_cleanup_message_filter(); ast_sip_destroy_distributor(); + ast_sip_destroy_transport_management(); ast_res_pjsip_destroy_configuration(); ast_sip_destroy_system(); ast_sip_destroy_global_headers(); @@ -5135,6 +5136,11 @@ static int load_module(void) ast_sip_initialize_resolver(); ast_sip_initialize_dns(); + if (ast_sip_initialize_transport_management()) { + ast_log(LOG_ERROR, "Failed to initialize SIP transport management. Aborting load\n"); + goto error; + } + if (ast_sip_initialize_distributor()) { ast_log(LOG_ERROR, "Failed to register distributor module. Aborting load\n"); goto error; diff --git a/res/res_pjsip/include/res_pjsip_private.h b/res/res_pjsip/include/res_pjsip_private.h index 7d434aa95..71947f840 100644 --- a/res/res_pjsip/include/res_pjsip_private.h +++ b/res/res_pjsip/include/res_pjsip_private.h @@ -361,4 +361,32 @@ int ast_sip_destroy_scheduler(void); int ast_sip_will_uri_survive_restart(pjsip_sip_uri *uri, struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata); +/*! + * \internal + * \brief Initialize the transport management module + * \since 13.20.0 + * + * The transport management module is responsible for 3 things... + * 1. It automatically destroys any reliable transport that does not + * receive a valid request within system/timer_b milliseconds of the + * connection being opened. (Attack mitigation) + * 2. Since it increments the reliable transport's reference count + * for that period of time, it also prevents issues if the transport + * disconnects while we're still trying to process a response. + * (Attack mitigation) + * 3. If enabled by global/keep_alive_interval, it sends '\r\n' + * keepalives on reliable transports at the interval specified. + * + * \retval -1 Failure + * \retval 0 Success + */ +int ast_sip_initialize_transport_management(void); + +/*! + * \internal + * \brief Destruct the transport management module. + * \since 13.20.0 + */ +void ast_sip_destroy_transport_management(void); + #endif /* RES_PJSIP_PRIVATE_H_ */ diff --git a/res/res_pjsip_transport_management.c b/res/res_pjsip/pjsip_transport_management.c index afaa24815..efda37d7c 100644 --- a/res/res_pjsip_transport_management.c +++ b/res/res_pjsip/pjsip_transport_management.c @@ -16,12 +16,6 @@ * at the top of the source tree. */ -/*** MODULEINFO - <depend>pjproject</depend> - <depend>res_pjsip</depend> - <support_level>core</support_level> - ***/ - #include "asterisk.h" #include <signal.h> @@ -32,6 +26,7 @@ #include "asterisk/res_pjsip.h" #include "asterisk/module.h" #include "asterisk/astobj2.h" +#include "include/res_pjsip_private.h" /*! \brief Number of buckets for monitored transports */ #define TRANSPORTS_BUCKETS 127 @@ -319,7 +314,7 @@ static pjsip_module idle_monitor_module = { .on_rx_request = idle_monitor_on_rx_request, }; -static int load_module(void) +int ast_sip_initialize_transport_management(void) { struct ao2_container *transports; @@ -354,11 +349,10 @@ static int load_module(void) ast_sorcery_observer_add(ast_sip_get_sorcery(), "global", &keepalive_global_observer); ast_sorcery_reload_object(ast_sip_get_sorcery(), "global"); - ast_module_shutdown_ref(ast_module_info->self); return AST_MODULE_LOAD_SUCCESS; } -static int unload_module(void) +void ast_sip_destroy_transport_management(void) { if (keepalive_interval) { keepalive_interval = 0; @@ -379,21 +373,4 @@ static int unload_module(void) sched = NULL; ao2_global_obj_release(monitored_transports); - - return 0; } - -static int reload_module(void) -{ - ast_sorcery_reload_object(ast_sip_get_sorcery(), "global"); - return 0; -} - -AST_MODULE_INFO(ASTERISK_GPL_KEY, AST_MODFLAG_LOAD_ORDER, "PJSIP Reliable Transport Management", - .support_level = AST_MODULE_SUPPORT_CORE, - .load = load_module, - .reload = reload_module, - .unload = unload_module, - .load_pri = AST_MODPRI_CHANNEL_DEPEND - 4, - .requires = "res_pjsip", -); |