channels: Allow updating variable value
[asterisk/asterisk.git] / res / res_pjsip / config_transport.c
1 /*
2  * Asterisk -- An open source telephony toolkit.
3  *
4  * Copyright (C) 2013, Digium, Inc.
5  *
6  * Joshua Colp <jcolp@digium.com>
7  *
8  * See http://www.asterisk.org for more information about
9  * the Asterisk project. Please do not directly contact
10  * any of the maintainers of this project for assistance;
11  * the project provides a web site, mailing lists and IRC
12  * channels for your use.
13  *
14  * This program is free software, distributed under the terms of
15  * the GNU General Public License Version 2. See the LICENSE file
16  * at the top of the source tree.
17  */
18
19 #include "asterisk.h"
20
21 #include <math.h>
22 #include <pjsip.h>
23 #include <pjlib.h>
24
25 #include "asterisk/res_pjsip.h"
26 #include "asterisk/res_pjsip_cli.h"
27 #include "asterisk/logger.h"
28 #include "asterisk/astobj2.h"
29 #include "asterisk/sorcery.h"
30 #include "asterisk/acl.h"
31 #include "asterisk/utils.h"
32 #include "include/res_pjsip_private.h"
33 /* We're only using a #define from http_websocket.h, no OPTIONAL_API symbols are used. */
34 #include "asterisk/http_websocket.h"
35
36 #define MAX_POINTER_STRING 33
37
38 /*! \brief Default number of state container buckets */
39 #define DEFAULT_STATE_BUCKETS 53
40 static struct ao2_container *transport_states;
41
42 struct internal_state {
43         char *id;
44         /*! Set if there was a change detected */
45         int change_detected;
46         /*! \brief Transport configuration object */
47         struct ast_sip_transport *transport;
48         /*! \brief Transport state information */
49         struct ast_sip_transport_state *state;
50 };
51
52 static void temp_state_store_cleanup(void *data)
53 {
54         struct ast_sip_transport_state **temp_state = data;
55
56         ao2_cleanup(*temp_state);
57         ast_free(data);
58 }
59
60 AST_THREADSTORAGE_CUSTOM(temp_state_store, NULL, temp_state_store_cleanup);
61
62 /*! \brief hashing function for state objects */
63 static int internal_state_hash(const void *obj, const int flags)
64 {
65         const struct internal_state *object;
66         const char *key;
67
68         switch (flags & OBJ_SEARCH_MASK) {
69         case OBJ_SEARCH_KEY:
70                 key = obj;
71                 break;
72         case OBJ_SEARCH_OBJECT:
73                 object = obj;
74                 key = object->id;
75                 break;
76         default:
77                 ast_assert(0);
78                 return 0;
79         }
80         return ast_str_hash(key);
81 }
82
83 /*! \brief comparator function for state objects */
84 static int internal_state_cmp(void *obj, void *arg, int flags)
85 {
86         const struct internal_state *object_left = obj;
87         const struct internal_state *object_right = arg;
88         const char *right_key = arg;
89         int cmp;
90
91         switch (flags & OBJ_SEARCH_MASK) {
92         case OBJ_SEARCH_OBJECT:
93                 right_key = object_right->id;
94                 /* Fall through */
95         case OBJ_SEARCH_KEY:
96                 cmp = strcmp(object_left->id, right_key);
97                 break;
98         case OBJ_SEARCH_PARTIAL_KEY:
99                 /* Not supported by container. */
100                 ast_assert(0);
101                 return 0;
102         default:
103                 cmp = 0;
104                 break;
105         }
106         if (cmp) {
107                 return 0;
108         }
109         return CMP_MATCH;
110 }
111
112 /*! \brief hashing function for state objects */
113 static int transport_state_hash(const void *obj, const int flags)
114 {
115         const struct ast_sip_transport_state *object;
116         const char *key;
117
118         switch (flags & OBJ_SEARCH_MASK) {
119         case OBJ_SEARCH_KEY:
120                 key = obj;
121                 break;
122         case OBJ_SEARCH_OBJECT:
123                 object = obj;
124                 key = object->id;
125                 break;
126         default:
127                 ast_assert(0);
128                 return 0;
129         }
130         return ast_str_hash(key);
131 }
132
133 /*! \brief comparator function for state objects */
134 static int transport_state_cmp(void *obj, void *arg, int flags)
135 {
136         const struct ast_sip_transport_state *object_left = obj;
137         const struct ast_sip_transport_state *object_right = arg;
138         const char *right_key = arg;
139         int cmp;
140
141         switch (flags & OBJ_SEARCH_MASK) {
142         case OBJ_SEARCH_OBJECT:
143                 right_key = object_right->id;
144                 /* Fall through */
145         case OBJ_SEARCH_KEY:
146                 cmp = strcmp(object_left->id, right_key);
147                 break;
148         case OBJ_SEARCH_PARTIAL_KEY:
149                 /* Not supported by container. */
150                 ast_assert(0);
151                 return 0;
152         default:
153                 cmp = 0;
154                 break;
155         }
156         if (cmp) {
157                 return 0;
158         }
159         return CMP_MATCH;
160 }
161
162 static int sip_transport_to_ami(const struct ast_sip_transport *transport,
163                                 struct ast_str **buf)
164 {
165         return ast_sip_sorcery_object_to_ami(transport, buf);
166 }
167
168 static int format_ami_endpoint_transport(const struct ast_sip_endpoint *endpoint,
169                                          struct ast_sip_ami *ami)
170 {
171         RAII_VAR(struct ast_str *, buf, NULL, ast_free);
172         RAII_VAR(struct ast_sip_transport *, transport, NULL, ao2_cleanup);
173
174         if (ast_strlen_zero(endpoint->transport)) {
175                 return 0;
176         }
177
178         buf = ast_sip_create_ami_event("TransportDetail", ami);
179         if (!buf) {
180                 return -1;
181         }
182
183         transport = ast_sorcery_retrieve_by_id(ast_sip_get_sorcery(), "transport",
184                 endpoint->transport);
185         if (!transport) {
186                 astman_send_error_va(ami->s, ami->m, "Unable to retrieve "
187                                      "transport %s\n", endpoint->transport);
188                 return -1;
189         }
190
191         sip_transport_to_ami(transport, &buf);
192
193         ast_str_append(&buf, 0, "EndpointName: %s\r\n",
194                        ast_sorcery_object_get_id(endpoint));
195
196         astman_append(ami->s, "%s\r\n", ast_str_buffer(buf));
197         ami->count++;
198
199         return 0;
200 }
201
202 struct ast_sip_endpoint_formatter endpoint_transport_formatter = {
203         .format_ami = format_ami_endpoint_transport
204 };
205
206 int ast_sip_transport_state_set_transport(const char *transport_name, pjsip_transport *transport)
207 {
208         struct ast_sip_transport_state *transport_state;
209
210         /* To make it easier on callers we allow an empty transport name */
211         if (ast_strlen_zero(transport_name)) {
212                 return 0;
213         }
214
215         transport_state = ast_sip_get_transport_state(transport_name);
216         if (!transport_state) {
217                 return -1;
218         }
219
220         if (!transport_state->flow) {
221                 ao2_ref(transport_state, -1);
222                 return 0;
223         }
224
225         ao2_lock(transport_state);
226         if (transport_state->transport != transport) {
227                 if (transport_state->transport) {
228                         pjsip_transport_dec_ref(transport_state->transport);
229                 }
230                 transport_state->transport = transport;
231                 if (transport_state->transport) {
232                         pjsip_transport_add_ref(transport_state->transport);
233                 }
234         }
235         ao2_unlock(transport_state);
236
237         ao2_ref(transport_state, -1);
238
239         return 0;
240 }
241
242 int ast_sip_transport_state_set_preferred_identity(const char *transport_name, const char *identity)
243 {
244         struct ast_sip_transport_state *transport_state;
245
246         if (ast_strlen_zero(transport_name)) {
247                 return 0;
248         }
249
250         transport_state = ast_sip_get_transport_state(transport_name);
251         if (!transport_state) {
252                 return -1;
253         }
254
255         if (!transport_state->flow) {
256                 ao2_ref(transport_state, -1);
257                 return 0;
258         }
259
260         ao2_lock(transport_state);
261         ast_free(transport_state->preferred_identity);
262         transport_state->preferred_identity = ast_strdup(identity);
263         ao2_unlock(transport_state);
264
265         ao2_ref(transport_state, -1);
266
267         return 0;
268 }
269
270 int ast_sip_transport_state_set_service_routes(const char *transport_name, struct ast_sip_service_route_vector *service_routes)
271 {
272         struct ast_sip_transport_state *transport_state;
273
274         if (ast_strlen_zero(transport_name)) {
275                 ast_sip_service_route_vector_destroy(service_routes);
276                 return 0;
277         }
278
279         transport_state = ast_sip_get_transport_state(transport_name);
280         if (!transport_state) {
281                 ast_sip_service_route_vector_destroy(service_routes);
282                 return -1;
283         }
284
285         if (!transport_state->flow) {
286                 ao2_ref(transport_state, -1);
287                 ast_sip_service_route_vector_destroy(service_routes);
288                 return 0;
289         }
290
291         ao2_lock(transport_state);
292         ast_sip_service_route_vector_destroy(transport_state->service_routes);
293         transport_state->service_routes = service_routes;
294         ao2_unlock(transport_state);
295
296         ao2_ref(transport_state, -1);
297
298         return 0;
299 }
300
301 void ast_sip_message_apply_transport(const char *transport_name, pjsip_tx_data *tdata)
302 {
303         struct ast_sip_transport_state *transport_state;
304
305         if (ast_strlen_zero(transport_name)) {
306                 return;
307         }
308
309         /* We only currently care about requests that are of the INVITE, CANCEL, or OPTIONS
310          * type but in the future we could support other messages.
311          */
312         if (tdata->msg->type != PJSIP_REQUEST_MSG ||
313                 (pjsip_method_cmp(&tdata->msg->line.req.method, &pjsip_invite_method) &&
314                 pjsip_method_cmp(&tdata->msg->line.req.method, &pjsip_cancel_method) &&
315                 pjsip_method_cmp(&tdata->msg->line.req.method, &pjsip_options_method))) {
316                 return;
317         }
318
319         transport_state = ast_sip_get_transport_state(transport_name);
320         if (!transport_state) {
321                 return;
322         }
323
324         if (!transport_state->flow) {
325                 ao2_ref(transport_state, -1);
326                 return;
327         }
328
329         ao2_lock(transport_state);
330
331         /* If a Preferred Identity has been set then add it to the request */
332         if (transport_state->preferred_identity) {
333                 ast_sip_add_header(tdata, "P-Preferred-Identity", transport_state->preferred_identity);
334         }
335
336         /* If Service Routes have been set then add them to the request */
337         if (transport_state->service_routes) {
338                 int idx;
339
340                 for (idx = 0; idx < AST_VECTOR_SIZE(transport_state->service_routes); ++idx) {
341                         char *service_route = AST_VECTOR_GET(transport_state->service_routes, idx);
342
343                         ast_sip_add_header(tdata, "Route", service_route);
344                 }
345         }
346
347         ao2_unlock(transport_state);
348
349         ao2_ref(transport_state, -1);
350 }
351
352 struct ast_sip_service_route_vector *ast_sip_service_route_vector_alloc(void)
353 {
354         struct ast_sip_service_route_vector *service_routes;
355
356         service_routes = ast_calloc(1, sizeof(*service_routes));
357         if (!service_routes) {
358                 return NULL;
359         }
360
361         AST_VECTOR_INIT(service_routes, 0);
362
363         return service_routes;
364 }
365
366 void ast_sip_service_route_vector_destroy(struct ast_sip_service_route_vector *service_routes)
367 {
368         if (!service_routes) {
369                 return;
370         }
371
372         AST_VECTOR_CALLBACK_VOID(service_routes, ast_free);
373         ast_free(service_routes);
374 }
375
376 static void set_qos(struct ast_sip_transport *transport, pj_qos_params *qos)
377 {
378         int tos_as_dscp = transport->tos >> 2;
379
380         if (transport->tos) {
381                 qos->flags |= PJ_QOS_PARAM_HAS_DSCP;
382                 qos->dscp_val = tos_as_dscp;
383         }
384         if (transport->cos) {
385                 qos->flags |= PJ_QOS_PARAM_HAS_SO_PRIO;
386                 qos->so_prio = transport->cos;
387         }
388 }
389
390 /*! \brief Destructor for transport */
391 static void sip_transport_destroy(void *obj)
392 {
393         struct ast_sip_transport *transport = obj;
394
395         ast_string_field_free_memory(transport);
396 }
397
398 /*! \brief Allocator for transport */
399 static void *sip_transport_alloc(const char *name)
400 {
401         struct ast_sip_transport *transport = ast_sorcery_generic_alloc(sizeof(*transport), sip_transport_destroy);
402
403         if (!transport) {
404                 return NULL;
405         }
406
407         if (ast_string_field_init(transport, 256)) {
408                 ao2_cleanup(transport);
409                 return NULL;
410         }
411
412         return transport;
413 }
414
415 static int destroy_sip_transport_state(void *data)
416 {
417         struct ast_sip_transport_state *transport_state = data;
418
419         ast_free(transport_state->id);
420         ast_free_ha(transport_state->localnet);
421
422         if (transport_state->external_signaling_address_refresher) {
423                 ast_dnsmgr_release(transport_state->external_signaling_address_refresher);
424         }
425         if (transport_state->external_media_address_refresher) {
426                 ast_dnsmgr_release(transport_state->external_media_address_refresher);
427         }
428         if (transport_state->transport) {
429                 pjsip_transport_shutdown(transport_state->transport);
430         }
431
432         return 0;
433 }
434
435 /*! \brief Destructor for ast_sip_transport state information */
436 static void sip_transport_state_destroy(void *obj)
437 {
438         struct ast_sip_transport_state *state = obj;
439
440         ast_sip_push_task_wait_servant(NULL, destroy_sip_transport_state, state);
441 }
442
443 /*! \brief Destructor for ast_sip_transport state information */
444 static void internal_state_destroy(void *obj)
445 {
446         struct internal_state *state = obj;
447
448         ast_free(state->id);
449         ao2_cleanup(state->transport);
450         ao2_cleanup(state->state);
451 }
452
453 static struct internal_state *find_internal_state_by_transport(const struct ast_sip_transport *transport)
454 {
455         const char *key = ast_sorcery_object_get_id(transport);
456
457         return ao2_find(transport_states, key, OBJ_SEARCH_KEY | OBJ_NOLOCK);
458 }
459
460 static struct ast_sip_transport_state *find_state_by_transport(const struct ast_sip_transport *transport)
461 {
462         struct internal_state *state;
463         struct ast_sip_transport_state *trans_state;
464
465         state = find_internal_state_by_transport(transport);
466         if (!state) {
467                 return NULL;
468         }
469         trans_state = ao2_bump(state->state);
470         ao2_ref(state, -1);
471
472         return trans_state;
473 }
474
475 static int remove_temporary_state(void)
476 {
477         struct ast_sip_transport_state **state;
478
479         state = ast_threadstorage_get(&temp_state_store, sizeof(state));
480         if (!state) {
481                 return -1;
482         }
483
484         ao2_cleanup(*state);
485         *state = NULL;
486         return 0;
487 }
488
489 static struct ast_sip_transport_state *find_temporary_state(struct ast_sip_transport *transport)
490 {
491         struct ast_sip_transport_state **state;
492
493         state = ast_threadstorage_get(&temp_state_store, sizeof(state));
494         if (state && *state) {
495                 ao2_ref(*state, +1);
496                 return *state;
497         }
498
499         return NULL;
500 }
501
502 static struct internal_state *internal_state_alloc(struct ast_sip_transport *transport)
503 {
504         struct internal_state *internal_state;
505
506         internal_state = ao2_alloc(sizeof(*internal_state), internal_state_destroy);
507         if (!internal_state) {
508                 return NULL;
509         }
510
511         internal_state->id = ast_strdup(ast_sorcery_object_get_id(transport));
512         if (!internal_state->id) {
513                 ao2_cleanup(internal_state);
514                 return NULL;
515         }
516
517         /* We're transferring the reference from find_temporary_state */
518         internal_state->state = find_temporary_state(transport);
519         if (!internal_state->state) {
520                 ao2_cleanup(internal_state);
521                 return NULL;
522         }
523         internal_state->transport = ao2_bump(transport);
524         internal_state->transport->state = internal_state->state;
525         remove_temporary_state();
526
527         return internal_state;
528 }
529
530 /*!
531  * \internal
532  * \brief Should only be called by the individual field handlers
533  */
534 static struct ast_sip_transport_state *find_or_create_temporary_state(struct ast_sip_transport *transport)
535 {
536         struct ast_sip_transport_state **state;
537         struct ast_sip_transport_state *new_state;
538
539         if ((new_state = find_temporary_state(transport))) {
540                 return new_state;
541         }
542
543         state = ast_threadstorage_get(&temp_state_store, sizeof(state));
544         if (!state || *state) {
545                 return NULL;
546         }
547
548         new_state = ao2_alloc(sizeof(**state), sip_transport_state_destroy);
549         if (!new_state) {
550                 return NULL;
551         }
552         new_state->id = ast_strdup(ast_sorcery_object_get_id(transport));
553         new_state->type = transport->type;
554
555         pjsip_tls_setting_default(&new_state->tls);
556 #ifdef HAVE_PJSIP_TLS_TRANSPORT_PROTO
557         /* proto must be forced to 0 to enable all protocols otherwise only TLS will work */
558         new_state->tls.proto = 0;
559 #endif
560         new_state->tls.ciphers = new_state->ciphers;
561
562         ao2_ref(new_state, +1);
563         *state = new_state;
564
565         return new_state;
566 }
567
568 static void copy_state_to_transport(struct ast_sip_transport *transport)
569 {
570         ast_assert(transport && transport->state);
571
572         memcpy(&transport->host, &transport->state->host, sizeof(transport->host));
573         memcpy(&transport->tls, &transport->state->tls, sizeof(transport->tls));
574         memcpy(&transport->ciphers, &transport->state->ciphers, sizeof(transport->ciphers));
575         transport->localnet = transport->state->localnet;
576         transport->external_address_refresher = transport->state->external_signaling_address_refresher;
577         memcpy(&transport->external_address, &transport->state->external_signaling_address, sizeof(transport->external_signaling_address));
578 }
579
580 static int has_state_changed(struct ast_sip_transport_state *a, struct ast_sip_transport_state *b)
581 {
582         if (a->type != b->type) {
583                 return -1;
584         }
585
586         if (pj_sockaddr_cmp(&a->host, &b->host)) {
587                 return -1;
588         }
589
590         if ((a->localnet || b->localnet)
591                 && ((!a->localnet != !b->localnet)
592                 || ast_sockaddr_cmp(&a->localnet->addr, &b->localnet->addr)
593                 || ast_sockaddr_cmp(&a->localnet->netmask, &b->localnet->netmask)))
594         {
595                 return -1;
596         }
597
598         if (ast_sockaddr_cmp(&a->external_signaling_address, &b->external_signaling_address)) {
599                 return -1;
600         }
601
602         if (ast_sockaddr_cmp(&a->external_media_address, &b->external_media_address)) {
603                 return -1;
604         }
605
606         if (a->tls.method != b->tls.method
607                 || a->tls.ciphers_num != b->tls.ciphers_num
608 #ifdef HAVE_PJSIP_TLS_TRANSPORT_PROTO
609                 || a->tls.proto != b->tls.proto
610 #endif
611                 || a->tls.verify_client != b->tls.verify_client
612                 || a->tls.verify_server != b->tls.verify_server
613                 || a->tls.require_client_cert != b->tls.require_client_cert) {
614                 return -1;
615         }
616
617         if (memcmp(a->ciphers, b->ciphers, sizeof(pj_ssl_cipher) * fmax(a->tls.ciphers_num, b->tls.ciphers_num))) {
618                 return -1;
619         }
620
621         return 0;
622 }
623
624 static void states_cleanup(void *states)
625 {
626         if (states) {
627                 ao2_unlock(states);
628         }
629 }
630
631 /*! \brief Apply handler for transports */
632 static int transport_apply(const struct ast_sorcery *sorcery, void *obj)
633 {
634         struct ast_sip_transport *transport = obj;
635         const char *transport_id = ast_sorcery_object_get_id(obj);
636         RAII_VAR(struct ao2_container *, states, transport_states, states_cleanup);
637         RAII_VAR(struct internal_state *, temp_state, NULL, ao2_cleanup);
638         RAII_VAR(struct internal_state *, perm_state, NULL, ao2_cleanup);
639         RAII_VAR(struct ast_variable *, changes, NULL, ast_variables_destroy);
640         pj_status_t res = -1;
641         int i;
642 #define BIND_TRIES 3
643 #define BIND_DELAY_US 100000
644
645         if (!states) {
646                 return -1;
647         }
648
649         /*
650          * transport_apply gets called for EVERY retrieval of a transport when using realtime.
651          * We need to prevent multiple threads from trying to mess with underlying transports
652          * at the same time.  The container is the only thing we have to lock on.
653          */
654         ao2_wrlock(states);
655
656         temp_state = internal_state_alloc(transport);
657         if (!temp_state) {
658                 ast_log(LOG_ERROR, "Transport '%s' failed to allocate memory\n", transport_id);
659                 return -1;
660         }
661
662         perm_state = find_internal_state_by_transport(transport);
663         if (perm_state) {
664                 ast_sorcery_diff(sorcery, perm_state->transport, transport, &changes);
665                 if (!changes && !has_state_changed(perm_state->state, temp_state->state)) {
666                         /* In case someone is using the deprecated fields, reset them */
667                         transport->state = perm_state->state;
668                         copy_state_to_transport(transport);
669                         ao2_replace(perm_state->transport, transport);
670                         return 0;
671                 }
672
673                 if (!transport->allow_reload && !transport->flow) {
674                         if (!perm_state->change_detected) {
675                                 perm_state->change_detected = 1;
676                                 ast_log(LOG_WARNING, "Transport '%s' is not reloadable, maintaining previous values\n", transport_id);
677                         }
678                         /* In case someone is using the deprecated fields, reset them */
679                         transport->state = perm_state->state;
680                         copy_state_to_transport(transport);
681                         ao2_replace(perm_state->transport, transport);
682                         return 0;
683                 }
684         }
685
686         if (!transport->flow) {
687                 if (temp_state->state->host.addr.sa_family != PJ_AF_INET && temp_state->state->host.addr.sa_family != PJ_AF_INET6) {
688                         ast_log(LOG_ERROR, "Transport '%s' could not be started as binding not specified\n", transport_id);
689                         return -1;
690                 }
691
692                 /* Set default port if not present */
693                 if (!pj_sockaddr_get_port(&temp_state->state->host)) {
694                         pj_sockaddr_set_port(&temp_state->state->host, (transport->type == AST_TRANSPORT_TLS) ? 5061 : 5060);
695                 }
696         }
697
698         /* Now that we know what address family we can set up a dnsmgr refresh for the external addresses if present */
699         if (!ast_strlen_zero(transport->external_signaling_address)) {
700                 if (temp_state->state->host.addr.sa_family == pj_AF_INET()) {
701                         temp_state->state->external_signaling_address.ss.ss_family = AF_INET;
702                 } else if (temp_state->state->host.addr.sa_family == pj_AF_INET6()) {
703                         temp_state->state->external_signaling_address.ss.ss_family = AF_INET6;
704                 } else {
705                         ast_log(LOG_ERROR, "Unknown address family for transport '%s', could not get external signaling address\n",
706                                         transport_id);
707                         return -1;
708                 }
709
710                 if (ast_dnsmgr_lookup(transport->external_signaling_address, &temp_state->state->external_signaling_address, &temp_state->state->external_signaling_address_refresher, NULL) < 0) {
711                         ast_log(LOG_ERROR, "Could not create dnsmgr for external signaling address on '%s'\n", transport_id);
712                         return -1;
713                 }
714         }
715
716         if (!ast_strlen_zero(transport->external_media_address)) {
717                 if (temp_state->state->host.addr.sa_family == pj_AF_INET()) {
718                         temp_state->state->external_media_address.ss.ss_family = AF_INET;
719                 } else if (temp_state->state->host.addr.sa_family == pj_AF_INET6()) {
720                         temp_state->state->external_media_address.ss.ss_family = AF_INET6;
721                 } else {
722                         ast_log(LOG_ERROR, "Unknown address family for transport '%s', could not get external media address\n",
723                                         transport_id);
724                         return -1;
725                 }
726
727                 if (ast_dnsmgr_lookup(transport->external_media_address, &temp_state->state->external_media_address, &temp_state->state->external_media_address_refresher, NULL) < 0) {
728                         ast_log(LOG_ERROR, "Could not create dnsmgr for external media address on '%s'\n", transport_id);
729                         return -1;
730                 }
731         }
732
733         if (transport->flow) {
734                 pj_str_t address;
735
736                 ast_debug(1, "Ignoring any bind configuration on transport '%s' as it is a child of another\n",
737                         transport_id);
738                 pj_sockaddr_parse(pj_AF_UNSPEC(), 0, pj_cstr(&address, "0.0.0.0"), &temp_state->state->host);
739
740                 temp_state->state->flow = 1;
741                 res = PJ_SUCCESS;
742         } else if (transport->type == AST_TRANSPORT_UDP) {
743
744                 for (i = 0; i < BIND_TRIES && res != PJ_SUCCESS; i++) {
745                         if (perm_state && perm_state->state && perm_state->state->transport) {
746                                 pjsip_udp_transport_pause(perm_state->state->transport,
747                                         PJSIP_UDP_TRANSPORT_DESTROY_SOCKET);
748                                 usleep(BIND_DELAY_US);
749                         }
750
751                         if (temp_state->state->host.addr.sa_family == pj_AF_INET()) {
752                                 res = pjsip_udp_transport_start(ast_sip_get_pjsip_endpoint(),
753                                         &temp_state->state->host.ipv4, NULL, transport->async_operations,
754                                         &temp_state->state->transport);
755                         } else if (temp_state->state->host.addr.sa_family == pj_AF_INET6()) {
756                                 res = pjsip_udp_transport_start6(ast_sip_get_pjsip_endpoint(),
757                                         &temp_state->state->host.ipv6, NULL, transport->async_operations,
758                                         &temp_state->state->transport);
759                         }
760                 }
761
762                 if (res == PJ_SUCCESS) {
763                         temp_state->state->transport->info = pj_pool_alloc(temp_state->state->transport->pool,
764                                 (AST_SIP_X_AST_TXP_LEN + strlen(transport_id) + 2));
765
766                         sprintf(temp_state->state->transport->info, "%s:%s", AST_SIP_X_AST_TXP, transport_id);
767
768                         if (transport->tos || transport->cos) {
769                                 pj_sock_t sock;
770                                 pj_qos_params qos_params;
771                                 sock = pjsip_udp_transport_get_socket(temp_state->state->transport);
772                                 pj_sock_get_qos_params(sock, &qos_params);
773                                 set_qos(transport, &qos_params);
774                                 pj_sock_set_qos_params(sock, &qos_params);
775                         }
776                 }
777         } else if (transport->type == AST_TRANSPORT_TCP) {
778                 pjsip_tcp_transport_cfg cfg;
779                 static int option = 1;
780
781                 pjsip_tcp_transport_cfg_default(&cfg, temp_state->state->host.addr.sa_family);
782                 cfg.bind_addr = temp_state->state->host;
783                 cfg.async_cnt = transport->async_operations;
784                 set_qos(transport, &cfg.qos_params);
785                 /* sockopt_params.options is copied to each newly connected socket */
786                 cfg.sockopt_params.options[0].level = pj_SOL_TCP();
787                 cfg.sockopt_params.options[0].optname = pj_TCP_NODELAY();
788                 cfg.sockopt_params.options[0].optval = &option;
789                 cfg.sockopt_params.options[0].optlen = sizeof(option);
790                 cfg.sockopt_params.cnt = 1;
791
792                 for (i = 0; i < BIND_TRIES && res != PJ_SUCCESS; i++) {
793                         if (perm_state && perm_state->state && perm_state->state->factory
794                                 && perm_state->state->factory->destroy) {
795                                 perm_state->state->factory->destroy(perm_state->state->factory);
796                                 usleep(BIND_DELAY_US);
797                         }
798
799                         res = pjsip_tcp_transport_start3(ast_sip_get_pjsip_endpoint(), &cfg,
800                                 &temp_state->state->factory);
801                 }
802         } else if (transport->type == AST_TRANSPORT_TLS) {
803                 static int option = 1;
804
805                 if (transport->async_operations > 1 && ast_compare_versions(pj_get_version(), "2.5.0") < 0) {
806                         ast_log(LOG_ERROR, "Transport: %s: When protocol=tls and pjproject version < 2.5.0, async_operations can't be > 1\n",
807                                         ast_sorcery_object_get_id(obj));
808                         return -1;
809                 }
810
811                 temp_state->state->tls.password = pj_str((char*)transport->password);
812                 set_qos(transport, &temp_state->state->tls.qos_params);
813
814                 /* sockopt_params.options is copied to each newly connected socket */
815                 temp_state->state->tls.sockopt_params.options[0].level = pj_SOL_TCP();
816                 temp_state->state->tls.sockopt_params.options[0].optname = pj_TCP_NODELAY();
817                 temp_state->state->tls.sockopt_params.options[0].optval = &option;
818                 temp_state->state->tls.sockopt_params.options[0].optlen = sizeof(option);
819                 temp_state->state->tls.sockopt_params.cnt = 1;
820
821                 for (i = 0; i < BIND_TRIES && res != PJ_SUCCESS; i++) {
822                         if (perm_state && perm_state->state && perm_state->state->factory
823                                 && perm_state->state->factory->destroy) {
824                                 perm_state->state->factory->destroy(perm_state->state->factory);
825                                 usleep(BIND_DELAY_US);
826                         }
827
828                         res = pjsip_tls_transport_start2(ast_sip_get_pjsip_endpoint(), &temp_state->state->tls,
829                                 &temp_state->state->host, NULL, transport->async_operations,
830                                 &temp_state->state->factory);
831                 }
832         } else if ((transport->type == AST_TRANSPORT_WS) || (transport->type == AST_TRANSPORT_WSS)) {
833                 if (transport->cos || transport->tos) {
834                         ast_log(LOG_WARNING, "TOS and COS values ignored for websocket transport\n");
835                 } else if (!ast_strlen_zero(transport->ca_list_file) || !ast_strlen_zero(transport->ca_list_path) ||
836                         !ast_strlen_zero(transport->cert_file) || !ast_strlen_zero(transport->privkey_file)) {
837                         ast_log(LOG_WARNING, "TLS certificate values ignored for websocket transport as they are configured in http.conf\n");
838                 }
839                 res = PJ_SUCCESS;
840         }
841
842         if (res != PJ_SUCCESS) {
843                 char msg[PJ_ERR_MSG_SIZE];
844
845                 pj_strerror(res, msg, sizeof(msg));
846                 ast_log(LOG_ERROR, "Transport '%s' could not be started: %s\n", ast_sorcery_object_get_id(obj), msg);
847                 return -1;
848         }
849
850         copy_state_to_transport(transport);
851         if (perm_state) {
852                 ao2_unlink_flags(states, perm_state, OBJ_NOLOCK);
853         }
854         ao2_link_flags(states, temp_state, OBJ_NOLOCK);
855
856         return 0;
857 }
858
859 /*! \brief Custom handler for type just makes sure the state is created */
860 static int transport_state_init(const struct aco_option *opt, struct ast_variable *var, void *obj)
861 {
862         struct ast_sip_transport *transport = obj;
863         struct ast_sip_transport_state *state = find_or_create_temporary_state(transport);
864
865         ao2_cleanup(state);
866
867         return 0;
868 }
869
870 /*! \brief Custom handler for TLS method setting */
871 static int transport_tls_file_handler(const struct aco_option *opt, struct ast_variable *var, void *obj)
872 {
873         struct ast_sip_transport *transport = obj;
874         RAII_VAR(struct ast_sip_transport_state *, state, find_or_create_temporary_state(transport), ao2_cleanup);
875
876         if (!state) {
877                 return -1;
878         }
879
880         if (ast_strlen_zero(var->value)) {
881                 /* Ignore empty options */
882                 return 0;
883         }
884
885         if (!ast_file_is_readable(var->value)) {
886                 ast_log(LOG_ERROR, "Transport: %s: %s %s is either missing or not readable\n",
887                         ast_sorcery_object_get_id(obj), var->name, var->value);
888                 return -1;
889         }
890
891         if (!strcasecmp(var->name, "ca_list_file")) {
892                 state->tls.ca_list_file = pj_str((char*)var->value);
893                 ast_string_field_set(transport, ca_list_file, var->value);
894         } else if (!strcasecmp(var->name, "ca_list_path")) {
895 #ifdef HAVE_PJ_SSL_CERT_LOAD_FROM_FILES2
896                 state->tls.ca_list_path = pj_str((char*)var->value);
897                 ast_string_field_set(transport, ca_list_path, var->value);
898 #else
899                 ast_log(LOG_WARNING, "Asterisk has been built against a version of pjproject that does not "
900                                 "support the 'ca_list_path' option. Please upgrade to version 2.4 or later.\n");
901 #endif
902         } else if (!strcasecmp(var->name, "cert_file")) {
903                 state->tls.cert_file = pj_str((char*)var->value);
904                 ast_string_field_set(transport, cert_file, var->value);
905         } else if (!strcasecmp(var->name, "priv_key_file")) {
906                 state->tls.privkey_file = pj_str((char*)var->value);
907                 ast_string_field_set(transport, privkey_file, var->value);
908         }
909
910         return 0;
911 }
912
913 static int ca_list_file_to_str(const void *obj, const intptr_t *args, char **buf)
914 {
915         const struct ast_sip_transport *transport = obj;
916
917         *buf = ast_strdup(transport->ca_list_file);
918
919         return 0;
920 }
921
922 static int ca_list_path_to_str(const void *obj, const intptr_t *args, char **buf)
923 {
924         const struct ast_sip_transport *transport = obj;
925
926         *buf = ast_strdup(transport->ca_list_path);
927
928         return 0;
929 }
930
931 static int cert_file_to_str(const void *obj, const intptr_t *args, char **buf)
932 {
933         const struct ast_sip_transport *transport = obj;
934
935         *buf = ast_strdup(transport->cert_file);
936
937         return 0;
938 }
939
940 static int privkey_file_to_str(const void *obj, const intptr_t *args, char **buf)
941 {
942         const struct ast_sip_transport *transport = obj;
943
944         *buf = ast_strdup(transport->privkey_file);
945
946         return 0;
947 }
948
949 /*! \brief Custom handler for turning a string protocol into an enum */
950 static int transport_protocol_handler(const struct aco_option *opt, struct ast_variable *var, void *obj)
951 {
952         struct ast_sip_transport *transport = obj;
953         RAII_VAR(struct ast_sip_transport_state *, state, find_or_create_temporary_state(transport), ao2_cleanup);
954
955         if (!state) {
956                 return -1;
957         }
958
959         if (!strcasecmp(var->value, "flow")) {
960                 transport->flow = 1;
961         } else {
962                 if (!strcasecmp(var->value, "udp")) {
963                         transport->type = AST_TRANSPORT_UDP;
964                 } else if (!strcasecmp(var->value, "tcp")) {
965                         transport->type = AST_TRANSPORT_TCP;
966                 } else if (!strcasecmp(var->value, "tls")) {
967                         transport->type = AST_TRANSPORT_TLS;
968                 } else if (!strcasecmp(var->value, "ws")) {
969                         transport->type = AST_TRANSPORT_WS;
970                 } else if (!strcasecmp(var->value, "wss")) {
971                         transport->type = AST_TRANSPORT_WSS;
972                 } else {
973                         return -1;
974                 }
975                 transport->flow = 0;
976         }
977
978         state->type = transport->type;
979
980         return 0;
981 }
982
983 static const char *transport_types[] = {
984         [AST_TRANSPORT_UDP] = "udp",
985         [AST_TRANSPORT_TCP] = "tcp",
986         [AST_TRANSPORT_TLS] = "tls",
987         [AST_TRANSPORT_WS] = "ws",
988         [AST_TRANSPORT_WSS] = "wss"
989 };
990
991 static int transport_protocol_to_str(const void *obj, const intptr_t *args, char **buf)
992 {
993         const struct ast_sip_transport *transport = obj;
994
995         if (transport->flow) {
996                 *buf = ast_strdup("flow");
997         } else if (ARRAY_IN_BOUNDS(transport->type, transport_types)) {
998                 *buf = ast_strdup(transport_types[transport->type]);
999         }
1000
1001         return 0;
1002 }
1003
1004 /*! \brief Custom handler for turning a string bind into a pj_sockaddr */
1005 static int transport_bind_handler(const struct aco_option *opt, struct ast_variable *var, void *obj)
1006 {
1007         struct ast_sip_transport *transport = obj;
1008         pj_str_t buf;
1009         int rc;
1010         RAII_VAR(struct ast_sip_transport_state *, state, find_or_create_temporary_state(transport), ao2_cleanup);
1011
1012         if (!state) {
1013                 return -1;
1014         }
1015
1016         rc = pj_sockaddr_parse(pj_AF_UNSPEC(), 0, pj_cstr(&buf, var->value), &state->host);
1017
1018         return rc != PJ_SUCCESS ? -1 : 0;
1019 }
1020
1021 static int transport_bind_to_str(const void *obj, const intptr_t *args, char **buf)
1022 {
1023         const struct ast_sip_transport *transport = obj;
1024         RAII_VAR(struct ast_sip_transport_state *, state, find_state_by_transport(transport), ao2_cleanup);
1025
1026         if (!state) {
1027                 return -1;
1028         }
1029
1030         if (!(*buf = ast_calloc(MAX_OBJECT_FIELD, sizeof(char)))) {
1031                 return -1;
1032         }
1033
1034         /* include port as well as brackets if IPv6 */
1035         pj_sockaddr_print(&state->host, *buf, MAX_OBJECT_FIELD, 1 | 2);
1036
1037         return 0;
1038 }
1039
1040 /*! \brief Custom handler for TLS boolean settings */
1041 static int transport_tls_bool_handler(const struct aco_option *opt, struct ast_variable *var, void *obj)
1042 {
1043         struct ast_sip_transport *transport = obj;
1044         RAII_VAR(struct ast_sip_transport_state *, state, find_or_create_temporary_state(transport), ao2_cleanup);
1045
1046         if (!state) {
1047                 return -1;
1048         }
1049
1050         if (!strcasecmp(var->name, "verify_server")) {
1051                 state->tls.verify_server = ast_true(var->value) ? PJ_TRUE : PJ_FALSE;
1052         } else if (!strcasecmp(var->name, "verify_client")) {
1053                 state->tls.verify_client = ast_true(var->value) ? PJ_TRUE : PJ_FALSE;
1054         } else if (!strcasecmp(var->name, "require_client_cert")) {
1055                 state->tls.require_client_cert = ast_true(var->value) ? PJ_TRUE : PJ_FALSE;
1056         } else {
1057                 return -1;
1058         }
1059
1060         return 0;
1061 }
1062
1063 static int verify_server_to_str(const void *obj, const intptr_t *args, char **buf)
1064 {
1065         const struct ast_sip_transport *transport = obj;
1066         RAII_VAR(struct ast_sip_transport_state *, state, find_state_by_transport(transport), ao2_cleanup);
1067
1068         if (!state) {
1069                 return -1;
1070         }
1071
1072         *buf = ast_strdup(AST_YESNO(state->tls.verify_server));
1073
1074         return 0;
1075 }
1076
1077 static int verify_client_to_str(const void *obj, const intptr_t *args, char **buf)
1078 {
1079         const struct ast_sip_transport *transport = obj;
1080         RAII_VAR(struct ast_sip_transport_state *, state, find_state_by_transport(transport), ao2_cleanup);
1081
1082         if (!state) {
1083                 return -1;
1084         }
1085
1086         *buf = ast_strdup(AST_YESNO(state->tls.verify_client));
1087
1088         return 0;
1089 }
1090
1091 static int require_client_cert_to_str(const void *obj, const intptr_t *args, char **buf)
1092 {
1093         const struct ast_sip_transport *transport = obj;
1094         RAII_VAR(struct ast_sip_transport_state *, state, find_state_by_transport(transport), ao2_cleanup);
1095
1096         if (!state) {
1097                 return -1;
1098         }
1099
1100         *buf = ast_strdup(AST_YESNO(state->tls.require_client_cert));
1101
1102         return 0;
1103 }
1104
1105 /*! \brief Custom handler for TLS method setting */
1106 static int transport_tls_method_handler(const struct aco_option *opt, struct ast_variable *var, void *obj)
1107 {
1108         struct ast_sip_transport *transport = obj;
1109         RAII_VAR(struct ast_sip_transport_state *, state, find_or_create_temporary_state(transport), ao2_cleanup);
1110
1111         if (!state) {
1112                 return -1;
1113         }
1114
1115         if (ast_strlen_zero(var->value) || !strcasecmp(var->value, "default")) {
1116                 state->tls.method = PJSIP_SSL_DEFAULT_METHOD;
1117         } else if (!strcasecmp(var->value, "unspecified")) {
1118                 state->tls.method = PJSIP_SSL_UNSPECIFIED_METHOD;
1119         } else if (!strcasecmp(var->value, "tlsv1")) {
1120                 state->tls.method = PJSIP_TLSV1_METHOD;
1121 #ifdef HAVE_PJSIP_TLS_TRANSPORT_PROTO
1122         } else if (!strcasecmp(var->value, "tlsv1_1")) {
1123                 state->tls.method = PJSIP_TLSV1_1_METHOD;
1124         } else if (!strcasecmp(var->value, "tlsv1_2")) {
1125                 state->tls.method = PJSIP_TLSV1_2_METHOD;
1126 #endif
1127         } else if (!strcasecmp(var->value, "sslv2")) {
1128                 state->tls.method = PJSIP_SSLV2_METHOD;
1129         } else if (!strcasecmp(var->value, "sslv3")) {
1130                 state->tls.method = PJSIP_SSLV3_METHOD;
1131         } else if (!strcasecmp(var->value, "sslv23")) {
1132                 state->tls.method = PJSIP_SSLV23_METHOD;
1133         } else {
1134                 return -1;
1135         }
1136
1137         return 0;
1138 }
1139
1140 static const char *tls_method_map[] = {
1141         [PJSIP_SSL_UNSPECIFIED_METHOD] = "unspecified",
1142         [PJSIP_TLSV1_METHOD] = "tlsv1",
1143 #ifdef HAVE_PJSIP_TLS_TRANSPORT_PROTO
1144         [PJSIP_TLSV1_1_METHOD] = "tlsv1_1",
1145         [PJSIP_TLSV1_2_METHOD] = "tlsv1_2",
1146 #endif
1147         [PJSIP_SSLV2_METHOD] = "sslv2",
1148         [PJSIP_SSLV3_METHOD] = "sslv3",
1149         [PJSIP_SSLV23_METHOD] = "sslv23",
1150 };
1151
1152 static int tls_method_to_str(const void *obj, const intptr_t *args, char **buf)
1153 {
1154         const struct ast_sip_transport *transport = obj;
1155         RAII_VAR(struct ast_sip_transport_state *, state, find_state_by_transport(transport), ao2_cleanup);
1156
1157         if (!state) {
1158                 return -1;
1159         }
1160
1161         if (ARRAY_IN_BOUNDS(state->tls.method, tls_method_map)) {
1162                 *buf = ast_strdup(tls_method_map[state->tls.method]);
1163         }
1164
1165         return 0;
1166 }
1167
1168 /*! \brief Helper function which turns a cipher name into an identifier */
1169 static pj_ssl_cipher cipher_name_to_id(const char *name)
1170 {
1171         pj_ssl_cipher ciphers[PJ_SSL_SOCK_MAX_CIPHERS];
1172         unsigned int cipher_num = PJ_ARRAY_SIZE(ciphers);
1173         unsigned int pos;
1174
1175         if (pj_ssl_cipher_get_availables(ciphers, &cipher_num)) {
1176                 return 0;
1177         }
1178
1179         for (pos = 0; pos < cipher_num; ++pos) {
1180                 const char *pos_name = pj_ssl_cipher_name(ciphers[pos]);
1181                 if (pos_name && !strcmp(pos_name, name)) {
1182                         return ciphers[pos];
1183                 }
1184         }
1185
1186         return 0;
1187 }
1188
1189 /*!
1190  * \internal
1191  * \brief Add a new cipher to the transport's cipher list array.
1192  *
1193  * \param transport Which transport to add the cipher to.
1194  * \param name Cipher identifier name.
1195  *
1196  * \retval 0 on success.
1197  * \retval -1 on error.
1198  */
1199 static int transport_cipher_add(struct ast_sip_transport_state *state, const char *name)
1200 {
1201         pj_ssl_cipher cipher;
1202         int idx;
1203
1204         cipher = cipher_name_to_id(name);
1205         if (!cipher) {
1206                 /* TODO: Check this over/tweak - it's taken from pjsua for now */
1207                 if (!strnicmp(name, "0x", 2)) {
1208                         pj_str_t cipher_st = pj_str((char *) name + 2);
1209                         cipher = pj_strtoul2(&cipher_st, NULL, 16);
1210                 } else {
1211                         cipher = atoi(name);
1212                 }
1213         }
1214
1215         if (pj_ssl_cipher_is_supported(cipher)) {
1216                 for (idx = state->tls.ciphers_num; idx--;) {
1217                         if (state->ciphers[idx] == cipher) {
1218                                 /* The cipher is already in the list. */
1219                                 return 0;
1220                         }
1221                 }
1222                 state->ciphers[state->tls.ciphers_num++] = cipher;
1223                 return 0;
1224         } else {
1225                 ast_log(LOG_ERROR, "Cipher '%s' is unsupported\n", name);
1226                 return -1;
1227         }
1228 }
1229
1230 /*! \brief Custom handler for TLS cipher setting */
1231 static int transport_tls_cipher_handler(const struct aco_option *opt, struct ast_variable *var, void *obj)
1232 {
1233         struct ast_sip_transport *transport = obj;
1234         char *parse;
1235         char *name;
1236         int res = 0;
1237         RAII_VAR(struct ast_sip_transport_state *, state, find_or_create_temporary_state(transport), ao2_cleanup);
1238
1239         if (!state) {
1240                 return -1;
1241         }
1242
1243         parse = ast_strdupa(S_OR(var->value, ""));
1244         while ((name = ast_strip(strsep(&parse, ",")))) {
1245                 if (ast_strlen_zero(name)) {
1246                         continue;
1247                 }
1248                 if (ARRAY_LEN(state->ciphers) <= state->tls.ciphers_num) {
1249                         ast_log(LOG_ERROR, "Too many ciphers specified\n");
1250                         res = -1;
1251                         break;
1252                 }
1253                 res |= transport_cipher_add(state, name);
1254         }
1255         return res ? -1 : 0;
1256 }
1257
1258 static void cipher_to_str(char **buf, const pj_ssl_cipher *ciphers, unsigned int cipher_num)
1259 {
1260         struct ast_str *str;
1261         unsigned int idx;
1262
1263         str = ast_str_create(128);
1264         if (!str) {
1265                 *buf = NULL;
1266                 return;
1267         }
1268
1269         for (idx = 0; idx < cipher_num; ++idx) {
1270                 ast_str_append(&str, 0, "%s", pj_ssl_cipher_name(ciphers[idx]));
1271                 if (idx < cipher_num - 1) {
1272                         ast_str_append(&str, 0, ", ");
1273                 }
1274         }
1275
1276         *buf = ast_strdup(ast_str_buffer(str));
1277         ast_free(str);
1278 }
1279
1280 static int transport_tls_cipher_to_str(const void *obj, const intptr_t *args, char **buf)
1281 {
1282         const struct ast_sip_transport *transport = obj;
1283         RAII_VAR(struct ast_sip_transport_state *, state, find_state_by_transport(transport), ao2_cleanup);
1284
1285         if (!state) {
1286                 return -1;
1287         }
1288
1289         cipher_to_str(buf, state->ciphers, state->tls.ciphers_num);
1290         return *buf ? 0 : -1;
1291 }
1292
1293 static char *handle_pjsip_list_ciphers(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
1294 {
1295         pj_ssl_cipher ciphers[PJ_SSL_SOCK_MAX_CIPHERS];
1296         unsigned int cipher_num = PJ_ARRAY_SIZE(ciphers);
1297         char *buf;
1298
1299         switch (cmd) {
1300         case CLI_INIT:
1301                 e->command = "pjsip list ciphers";
1302                 e->usage = "Usage: pjsip list ciphers\n"
1303                         "       List available OpenSSL cipher names.\n";
1304                 return NULL;
1305         case CLI_GENERATE:
1306                 return NULL;
1307         }
1308
1309         if (pj_ssl_cipher_get_availables(ciphers, &cipher_num) || !cipher_num) {
1310                 buf = NULL;
1311         } else {
1312                 cipher_to_str(&buf, ciphers, cipher_num);
1313         }
1314
1315         if (!ast_strlen_zero(buf)) {
1316                 ast_cli(a->fd, "Available ciphers: '%s'\n", buf);
1317         } else {
1318                 ast_cli(a->fd, "No available ciphers\n");
1319         }
1320         ast_free(buf);
1321         return CLI_SUCCESS;
1322 }
1323
1324 /*! \brief Custom handler for localnet setting */
1325 static int transport_localnet_handler(const struct aco_option *opt, struct ast_variable *var, void *obj)
1326 {
1327         struct ast_sip_transport *transport = obj;
1328         int error = 0;
1329         RAII_VAR(struct ast_sip_transport_state *, state, find_or_create_temporary_state(transport), ao2_cleanup);
1330
1331         if (!state) {
1332                 return -1;
1333         }
1334
1335         if (ast_strlen_zero(var->value)) {
1336                 ast_free_ha(state->localnet);
1337                 state->localnet = NULL;
1338                 return 0;
1339         }
1340
1341         /* We use only the ast_apply_ha() which defaults to ALLOW
1342          * ("permit"), so we add DENY rules. */
1343         if (!(state->localnet = ast_append_ha("deny", var->value, state->localnet, &error))) {
1344                 return -1;
1345         }
1346
1347         return error;
1348 }
1349
1350 static int localnet_to_vl(const void *obj, struct ast_variable **fields)
1351 {
1352         const struct ast_sip_transport *transport = obj;
1353         char str[MAX_OBJECT_FIELD];
1354         struct ast_variable *head = NULL;
1355         struct ast_ha *ha;
1356         RAII_VAR(struct ast_sip_transport_state *, state, find_state_by_transport(transport), ao2_cleanup);
1357
1358         if (!state) {
1359                 return -1;
1360         }
1361
1362         for (ha = state->localnet; ha; ha = ha->next) {
1363                 const char *addr = ast_strdupa(ast_sockaddr_stringify_addr(&ha->addr));
1364                 snprintf(str, MAX_OBJECT_FIELD, "%s%s/%s", ha->sense == AST_SENSE_ALLOW ? "!" : "",
1365                         addr, ast_sockaddr_stringify_addr(&ha->netmask));
1366
1367                 ast_variable_list_append(&head, ast_variable_new("local_net", str, ""));
1368         }
1369
1370         if (head) {
1371                 *fields = head;
1372         }
1373
1374         return 0;
1375 }
1376
1377 static int localnet_to_str(const void *obj, const intptr_t *args, char **buf)
1378 {
1379         RAII_VAR(struct ast_str *, str, ast_str_create(MAX_OBJECT_FIELD), ast_free);
1380         const struct ast_sip_transport *transport = obj;
1381         RAII_VAR(struct ast_sip_transport_state *, state, find_state_by_transport(transport), ao2_cleanup);
1382
1383         if (!state) {
1384                 return -1;
1385         }
1386
1387         ast_ha_join(state->localnet, &str);
1388         *buf = ast_strdup(ast_str_buffer(str));
1389         return 0;
1390 }
1391
1392 /*! \brief Custom handler for TOS setting */
1393 static int transport_tos_handler(const struct aco_option *opt, struct ast_variable *var, void *obj)
1394 {
1395         struct ast_sip_transport *transport = obj;
1396         unsigned int value;
1397
1398         if (ast_str2tos(var->value, &value)) {
1399                 ast_log(LOG_ERROR, "Error configuring transport '%s' - Could not "
1400                         "interpret 'tos' value '%s'\n",
1401                         ast_sorcery_object_get_id(transport), var->value);
1402                 return -1;
1403         }
1404
1405         if (value % 4) {
1406                 value = value >> 2;
1407                 value = value << 2;
1408                 ast_log(LOG_WARNING,
1409                         "transport '%s' - 'tos' value '%s' uses bits that are "
1410                         "discarded when converted to DSCP. Using equivalent %u instead.\n",
1411                         ast_sorcery_object_get_id(transport), var->value, value);
1412         }
1413
1414         transport->tos = value;
1415         return 0;
1416 }
1417
1418 static int tos_to_str(const void *obj, const intptr_t *args, char **buf)
1419 {
1420         const struct ast_sip_transport *transport = obj;
1421
1422         if (ast_asprintf(buf, "%u", transport->tos) == -1) {
1423                 return -1;
1424         }
1425         return 0;
1426 }
1427
1428 static struct ao2_container *cli_get_container(const char *regex)
1429 {
1430         RAII_VAR(struct ao2_container *, container, NULL, ao2_cleanup);
1431         struct ao2_container *s_container;
1432
1433         container = ast_sorcery_retrieve_by_regex(ast_sip_get_sorcery(), "transport",
1434                 regex);
1435         if (!container) {
1436                 return NULL;
1437         }
1438
1439         s_container = ao2_container_alloc_list(AO2_ALLOC_OPT_LOCK_NOLOCK, 0,
1440                 ast_sorcery_object_id_sort, ast_sorcery_object_id_compare);
1441         if (!s_container) {
1442                 return NULL;
1443         }
1444
1445         if (ao2_container_dup(s_container, container, 0)) {
1446                 ao2_ref(s_container, -1);
1447                 return NULL;
1448         }
1449
1450         return s_container;
1451 }
1452
1453 static int cli_iterate(void *container, ao2_callback_fn callback, void *args)
1454 {
1455         const struct ast_sip_endpoint *endpoint = container;
1456         struct ast_sip_transport *transport = ast_sorcery_retrieve_by_id(ast_sip_get_sorcery(),
1457                 "transport", endpoint->transport);
1458
1459         if (!transport) {
1460                 return -1;
1461         }
1462
1463         return callback(transport, args, 0);
1464 }
1465
1466 static void *cli_retrieve_by_id(const char *id)
1467 {
1468         return ast_sorcery_retrieve_by_id(ast_sip_get_sorcery(), "transport", id);
1469 }
1470
1471 static int cli_print_header(void *obj, void *arg, int flags)
1472 {
1473         struct ast_sip_cli_context *context = arg;
1474         int indent = CLI_INDENT_TO_SPACES(context->indent_level);
1475         int filler = CLI_MAX_WIDTH - indent - 61;
1476
1477         ast_assert(context->output_buffer != NULL);
1478
1479         ast_str_append(&context->output_buffer, 0,
1480                 "%*s:  <TransportId........>  <Type>  <cos>  <tos>  <BindAddress%*.*s>\n",
1481                 indent, "Transport", filler, filler, CLI_HEADER_FILLER);
1482
1483         return 0;
1484 }
1485
1486 static int cli_print_body(void *obj, void *arg, int flags)
1487 {
1488         struct ast_sip_transport *transport = obj;
1489         struct ast_sip_cli_context *context = arg;
1490         char hoststr[PJ_INET6_ADDRSTRLEN];
1491         RAII_VAR(struct ast_sip_transport_state *, state, find_state_by_transport(transport), ao2_cleanup);
1492
1493         if (!state) {
1494                 return -1;
1495         }
1496
1497         ast_assert(context->output_buffer != NULL);
1498
1499         pj_sockaddr_print(&state->host, hoststr, sizeof(hoststr), 3);
1500
1501         ast_str_append(&context->output_buffer, 0, "%*s:  %-21s  %6s  %5u  %5u  %s\n",
1502                 CLI_INDENT_TO_SPACES(context->indent_level), "Transport",
1503                 ast_sorcery_object_get_id(transport),
1504                 ARRAY_IN_BOUNDS(transport->type, transport_types) ? transport_types[transport->type] : "Unknown",
1505                 transport->cos, transport->tos, hoststr);
1506
1507         if (context->show_details
1508                 || (context->show_details_only_level_0 && context->indent_level == 0)) {
1509                 ast_str_append(&context->output_buffer, 0, "\n");
1510                 ast_sip_cli_print_sorcery_objectset(transport, context, 0);
1511         }
1512
1513         return 0;
1514 }
1515
1516 static struct ast_cli_entry cli_commands[] = {
1517         AST_CLI_DEFINE(handle_pjsip_list_ciphers, "List available OpenSSL cipher names"),
1518         AST_CLI_DEFINE(ast_sip_cli_traverse_objects, "List PJSIP Transports",
1519                 .command = "pjsip list transports",
1520                 .usage = "Usage: pjsip list transports [ like <pattern> ]\n"
1521                                 "       List the configured PJSIP Transports\n"
1522                                 "       Optional regular expression pattern is used to filter the list.\n"),
1523         AST_CLI_DEFINE(ast_sip_cli_traverse_objects, "Show PJSIP Transports",
1524                 .command = "pjsip show transports",
1525                 .usage = "Usage: pjsip show transports [ like <pattern> ]\n"
1526                                 "       Show the configured PJSIP Transport\n"
1527                                 "       Optional regular expression pattern is used to filter the list.\n"),
1528         AST_CLI_DEFINE(ast_sip_cli_traverse_objects, "Show PJSIP Transport",
1529                 .command = "pjsip show transport",
1530                 .usage = "Usage: pjsip show transport <id>\n"
1531                                  "       Show the configured PJSIP Transport\n"),
1532 };
1533
1534 static struct ast_sip_cli_formatter_entry *cli_formatter;
1535
1536 struct ast_sip_transport_state *ast_sip_get_transport_state(const char *transport_id)
1537 {
1538         struct internal_state *state = NULL;
1539         struct ast_sip_transport_state *trans_state;
1540
1541         if (!transport_states) {
1542                 return NULL;
1543         }
1544
1545         state = ao2_find(transport_states, transport_id, OBJ_SEARCH_KEY);
1546         if (!state) {
1547                 return NULL;
1548         }
1549
1550         trans_state = ao2_bump(state->state);
1551         ao2_ref(state, -1);
1552
1553         /* If this is a child transport see if the transport is actually dead */
1554         if (trans_state->flow) {
1555                 ao2_lock(trans_state);
1556                 if (trans_state->transport && trans_state->transport->is_shutdown == PJ_TRUE) {
1557                         pjsip_transport_dec_ref(trans_state->transport);
1558                         trans_state->transport = NULL;
1559                 }
1560                 ao2_unlock(trans_state);
1561         }
1562
1563         return trans_state;
1564 }
1565
1566 static int populate_transport_states(void *obj, void *arg, int flags)
1567 {
1568         struct internal_state *state = obj;
1569         struct ao2_container *container = arg;
1570
1571         ao2_link(container, state->state);
1572
1573         return CMP_MATCH;
1574 }
1575
1576 struct ao2_container *ast_sip_get_transport_states(void)
1577 {
1578         struct ao2_container *states = ao2_container_alloc_hash(AO2_ALLOC_OPT_LOCK_MUTEX, 0,
1579                 DEFAULT_STATE_BUCKETS, transport_state_hash, NULL, transport_state_cmp);
1580
1581         if (!states) {
1582                 return NULL;
1583         }
1584
1585         ao2_callback(transport_states, OBJ_NODATA | OBJ_MULTIPLE, populate_transport_states, states);
1586         return states;
1587 }
1588
1589 /*! \brief Initialize sorcery with transport support */
1590 int ast_sip_initialize_sorcery_transport(void)
1591 {
1592         struct ast_sorcery *sorcery = ast_sip_get_sorcery();
1593         struct ao2_container *transports = NULL;
1594
1595         /* Create outbound registration states container. */
1596         transport_states = ao2_container_alloc_hash(AO2_ALLOC_OPT_LOCK_MUTEX, 0,
1597                 DEFAULT_STATE_BUCKETS, internal_state_hash, NULL, internal_state_cmp);
1598         if (!transport_states) {
1599                 ast_log(LOG_ERROR, "Unable to allocate transport states container\n");
1600                 return -1;
1601         }
1602
1603         ast_sorcery_apply_default(sorcery, "transport", "config", "pjsip.conf,criteria=type=transport");
1604
1605         if (ast_sorcery_object_register(sorcery, "transport", sip_transport_alloc, NULL, transport_apply)) {
1606                 return -1;
1607         }
1608
1609         /* Normally type is a OPT_NOOP_T but we're using it to make sure that state is created */
1610         ast_sorcery_object_field_register_custom(sorcery, "transport", "type", "", transport_state_init, NULL, NULL, 0, 0);
1611         ast_sorcery_object_field_register_custom(sorcery, "transport", "protocol", "udp", transport_protocol_handler, transport_protocol_to_str, NULL, 0, 0);
1612         ast_sorcery_object_field_register_custom(sorcery, "transport", "bind", "", transport_bind_handler, transport_bind_to_str, NULL, 0, 0);
1613         ast_sorcery_object_field_register(sorcery, "transport", "async_operations", "1", OPT_UINT_T, 0, FLDSET(struct ast_sip_transport, async_operations));
1614
1615         ast_sorcery_object_field_register_custom(sorcery, "transport", "ca_list_file", "", transport_tls_file_handler, ca_list_file_to_str, NULL, 0, 0);
1616         ast_sorcery_object_field_register_custom(sorcery, "transport", "ca_list_path", "", transport_tls_file_handler, ca_list_path_to_str, NULL, 0, 0);
1617         ast_sorcery_object_field_register_custom(sorcery, "transport", "cert_file", "", transport_tls_file_handler, cert_file_to_str, NULL, 0, 0);
1618         ast_sorcery_object_field_register_custom(sorcery, "transport", "priv_key_file", "", transport_tls_file_handler, privkey_file_to_str, NULL, 0, 0);
1619
1620         ast_sorcery_object_field_register(sorcery, "transport", "password", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_transport, password));
1621         ast_sorcery_object_field_register(sorcery, "transport", "external_signaling_address", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_transport, external_signaling_address));
1622         ast_sorcery_object_field_register(sorcery, "transport", "external_signaling_port", "0", OPT_UINT_T, PARSE_IN_RANGE, FLDSET(struct ast_sip_transport, external_signaling_port), 0, 65535);
1623         ast_sorcery_object_field_register(sorcery, "transport", "external_media_address", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_transport, external_media_address));
1624         ast_sorcery_object_field_register(sorcery, "transport", "domain", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_transport, domain));
1625         ast_sorcery_object_field_register_custom(sorcery, "transport", "verify_server", "", transport_tls_bool_handler, verify_server_to_str, NULL, 0, 0);
1626         ast_sorcery_object_field_register_custom(sorcery, "transport", "verify_client", "", transport_tls_bool_handler, verify_client_to_str, NULL, 0, 0);
1627         ast_sorcery_object_field_register_custom(sorcery, "transport", "require_client_cert", "", transport_tls_bool_handler, require_client_cert_to_str, NULL, 0, 0);
1628         ast_sorcery_object_field_register_custom(sorcery, "transport", "method", "", transport_tls_method_handler, tls_method_to_str, NULL, 0, 0);
1629         ast_sorcery_object_field_register_custom(sorcery, "transport", "cipher", "", transport_tls_cipher_handler, transport_tls_cipher_to_str, NULL, 0, 0);
1630         ast_sorcery_object_field_register_custom(sorcery, "transport", "local_net", "", transport_localnet_handler, localnet_to_str, localnet_to_vl, 0, 0);
1631         ast_sorcery_object_field_register_custom(sorcery, "transport", "tos", "0", transport_tos_handler, tos_to_str, NULL, 0, 0);
1632         ast_sorcery_object_field_register(sorcery, "transport", "cos", "0", OPT_UINT_T, 0, FLDSET(struct ast_sip_transport, cos));
1633         ast_sorcery_object_field_register(sorcery, "transport", "websocket_write_timeout", AST_DEFAULT_WEBSOCKET_WRITE_TIMEOUT_STR, OPT_INT_T, PARSE_IN_RANGE, FLDSET(struct ast_sip_transport, write_timeout), 1, INT_MAX);
1634         ast_sorcery_object_field_register(sorcery, "transport", "allow_reload", "no", OPT_BOOL_T, 1, FLDSET(struct ast_sip_transport, allow_reload));
1635         ast_sorcery_object_field_register(sorcery, "transport", "symmetric_transport", "no", OPT_BOOL_T, 1, FLDSET(struct ast_sip_transport, symmetric_transport));
1636
1637         ast_sip_register_endpoint_formatter(&endpoint_transport_formatter);
1638
1639         cli_formatter = ao2_alloc(sizeof(struct ast_sip_cli_formatter_entry), NULL);
1640         if (!cli_formatter) {
1641                 ast_log(LOG_ERROR, "Unable to allocate memory for cli formatter\n");
1642                 return -1;
1643         }
1644         cli_formatter->name = "transport";
1645         cli_formatter->print_header = cli_print_header;
1646         cli_formatter->print_body = cli_print_body;
1647         cli_formatter->get_container = cli_get_container;
1648         cli_formatter->iterate = cli_iterate;
1649         cli_formatter->get_id = ast_sorcery_object_get_id;
1650         cli_formatter->retrieve_by_id = cli_retrieve_by_id;
1651
1652         ast_sip_register_cli_formatter(cli_formatter);
1653         ast_cli_register_multiple(cli_commands, ARRAY_LEN(cli_commands));
1654
1655         /* trigger load of transports from realtime by trying to revrieve them all */
1656         transports = ast_sorcery_retrieve_by_fields(sorcery, "transport", AST_RETRIEVE_FLAG_ALL | AST_RETRIEVE_FLAG_MULTIPLE, NULL);
1657         ao2_cleanup(transports);
1658
1659         return 0;
1660 }
1661
1662 int ast_sip_destroy_sorcery_transport(void)
1663 {
1664         ast_cli_unregister_multiple(cli_commands, ARRAY_LEN(cli_commands));
1665         ast_sip_unregister_cli_formatter(cli_formatter);
1666
1667         ast_sip_unregister_endpoint_formatter(&endpoint_transport_formatter);
1668
1669         ao2_ref(transport_states, -1);
1670         transport_states = NULL;
1671
1672         return 0;
1673 }