kamailio can be started with multiple "-l" ("listen") parameters to tell
it which IPs to listen on. This can also be configured in kamailio.cfg,
of course.
This commit adds the ability to the init script to translate iface names
like "wan" into IP addresses and hand them over to kamailio as command
line arguments. This is useful when using a network connection where IPs
are dynamically assigned.
kamailio can also work with interface names, e.g. "eth0". But it may
listen to all IPs configured on the interface. To avoid this the commit
differentiates beteen IPv4 ("listen") and IPv6 ("listen6"). So if the
user wants kamailio to only listen on an IPv4 address configured on a
certain iface ("wan" for instance), he/she can just specify a list entry
"listen" with that iface.
An explanation is also added to the uci configuration file.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Commit f84dda74e6 ("kamailio-5.x: enable
FAST_LOCK for MIPS") turned out to be problematic, because it changed
the ARCH to "mips2" not only for "mips", but also for some "mipsel"
targets, which was unintentional.
Address this by filtering for "mips" specifically before setting the
variable.
Also, get rid of PKG_BUILD_PARALLEL, because adding it really didn't
change anything - due to the way "make" is called. Leave a comment to
prevent repetition (read: prevent _me_ from doing the same mistake again
in the future).
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This commit
- updates init script to use procd
- adds a default user 'kamailio' (kamailio will switch to this user)
- introduces uci init config (instead of /etc/default/kamailio)
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
rtpproxy expects IPs as parameters. Lots of OpenWrt devices use
connections where the IP is dynamically assigned. This commit adds shell
functions to convert an iface like 'wan' to an IP address before adding
the parameter to the rtpproxy command line.
Explanation is provided in /etc/config/rtpproxy. Some whitespace issues
were also fixed.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Add log_level option to uci config. Paired with the comment it makes
setting the log level easier when no man page is around.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Update rtpproxy init script to use procd.
Also increases the start priority to 90 (like the hotplug script) to
make sure rtpproxy is started before kamailio.
Fixes some whitespace issues along the way, too.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Install hotplug script along with rtpproxy. It will only be used if
enabled by the user (via uci config file).
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
With OpenWrt default awk - so awk from busybox - the filter is broken,
causing jsonrpc calls to fail, i.e. when running "kamctl ps". Below
patch makes the filter portable. Patch was already accepted upstream.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Add package for Opus codec support plugin. Variants for both asterisk13
and asterisk15 included.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
.. because the musl implementation doesn't seem to be fully compatible
with yate. We switched to the musl implementation in f6ad95d.
Yate has this regexp:
^([[:alpha:]][[:alnum:]]+:)?/?/?([^[:space:][:cntrl:]@]+@)?([[:alnum:]._+-]+|[[][[:xdigit:].:]+[]])(:[0-9]+)?
Given a string like
sip:012345678@11.111.11.111:5060;user=phone
musl's regexec() returns these matches:
index start end
0 -1 0
1 0 32 sip:012345678@11.111.11.111:5060
2 -1 -1
3 0 14 sip:012345678@
4 14 27 11.111.11.111
5 27 32 :5060
.. but this is what yate expects:
index start end
0 -1 0
1 0 32 sip:012345678@11.111.11.111:5060
2 0 4 sip:
3 4 14 012345678@
4 14 27 11.111.11.111
5 27 32 :5060
Fixes#378
Signed-off-by: Robert Högberg <robert.hogberg@gmail.com>
- bump version
- go back to using release tarballs (unavailable when 1.8.1 was
initially released)
- add OpenWrt mirror
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Add upstream fix for AST-2018-009: Remote crash vulnerability in HTTP
websocket upgrade
The vulnerability affects the res_http_websocket.so module.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Add upstream fix for AST-2018-009: Remote crash vulnerability in HTTP
websocket upgrade
The vulnerability affects the res_http_websocket.so module.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with
an invalid Via header causes a segmentation fault and crashes Kamailio. The
reason is missing input validation in the crcitt_string_array core function
for calculating a CRC hash for To tags. (An additional error is present in
the check_via_address core function: this function also misses input
validation.) This could result in denial of service and potentially the
execution of arbitrary code.
Patch from upstream.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This commit replaces /etc/default/freeswitch with /etc/config/freeswitch.
This way the init and hotplug configuration can be done with uci instead of
having to edit a file.
This also does away with the busybox ntpd warning. ntpd uses the same
configuration in system and it looks like busybox's ntpd is not used when
ntpd is installed.
Lastly some log strings are amended to start with a lowercase letter.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
There is a discussion ongoing if parallel builds should be enabled by
default. For freeswitch parallel builds are known to fail when certain
modules are enabled. This commit preemptively disables parallel builds
explicitly.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
A recent commit in packages/lang/perl is causing a problem with the
perlmod.mk include. Work around this by including perlver.mk instead and
setting up PERL_CMD and PERL_SITELIB manually.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
CVE-2018-14767: "In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a
crafted SIP message with a double "To" header and an empty "To" tag
causes a segmentation fault and crash. The reason is missing input
validation in the "build_res_buf_from_sip_req" core function. This could
result in denial of service and potentially the execution of arbitrary
code."
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Sometimes freeswitch doesn't exit after receiving the SIGTERM signal.
This can be reproduced by sending SIGTERM to a freeswitch instance which
is initializing (which can take quite some time).
Instead of just giving up and exiting - leaving a hung freeswitch
process on the system - this commit adds some lines to the init script
that send SIGKILL to freeswitch in case the attempt to terminate it with
SIGTERM fails.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Applied a patch, submitted upstream at
https://freeswitch.org/jira/browse/FS-11193
that fixes two memory leaks in mod_event_multicast.c
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
