Permalink
Commits on May 31, 2016
  1. sip_transport_tcp/tls: Set factory on transports created from accept

    The ability to re-use tcp and tls transports when a factory is
    specified now depends on transport->factory being set which is a new field
    in 2.5.  This was being set only on new outgoing sockets not on
    incoming sockets.  The result was that a client REGISTER created a new
    socket but without the factory set, the next outgoing request to the
    client, OPTIONS, INVITE, etc, would attempt to create another socket
    which the client would refuse.
    
    This patch sets the factory on transports created as a result of an
    accept.
    gtjoseph committed May 30, 2016
  2. Import pjproject-2.5

    gtjoseph committed May 31, 2016
Commits on Mar 8, 2016
  1. Import pjproject-2.4.5

    jcolp committed Mar 8, 2016
Commits on Nov 6, 2015
  1. Backport Changeset 5195 from pjproject

    This patch makes PJSIP honor RFC 3265's rules regarding when
    subscriptions should be terminated when receiving an error response to a
    NOTIFY request.
    putnopvut committed Nov 6, 2015
Commits on Sep 11, 2015
  1. Backport revision 5178 of PJProject.

    r5178 | nanang | 2015-09-11 06:44:52 -0300 (Fri, 11 Sep 2015) | 3 lines
    
    Re #1885: Fixed race condition in evsub scenario 2 (Subscription timer callback vs subscription destroy).
    jcolp committed Sep 11, 2015
  2. Backport revision 5177 of PJProject.

    ------------------------------------------------------------------------
    r5177 | nanang | 2015-09-11 06:40:11 -0300 (Fri, 11 Sep 2015) | 3 lines
    
    Re #1885: Fixed race condition in evsub scenario 1 (Subscription timeout vs subscription refresh).
    
    Given the following scenario a crash will occur:
    
    Thread A is the thread that calls pjsip_endpt_handle_events() in order
    to accept incoming SIP traffic and to handle timers. For incoming
    requests/responses, thread A will dispatch the message to thread B to
    be handled.
    
    1. A subscription is established (Asterisk is the UAS) with a subscription
       timeout of 600 seconds.
    2. 600 seconds elapse.
    3. Thread B handles an incoming SUBSCRIBE request to refresh the subscription
       for a further 600 seconds. The UA layer locks the subscription dialog.
    4. At the same time, Thread A is tripped because the subscription has timed out.
       The timer callback is called, and it now is waiting on the dialog lock.
    5. Thread B finishes handling the incoming SUBSCRIBE request and schedules a timer
       entry for 600 seconds from now. In doing so, thread B sets the pjsip_evsub->timer.id
       to TIMER_TYPE_UAS_TIMEOUT.
    6. Thread B releases the dialog lock.
    7. Thread A acquires the dialog lock and immediately sets pjsip_evsub->timer.id to
       TIMER_TYPE_NONE. It calls into the on_server_timeout() callback.
    8. The on_server_timeout() callback sends a NOTIFY that terminates the subscription.
    9. Shortly after, the subscription is destroyed.
    10. When the subscription is destroyed, the timer that was previously scheduled is not
        cancelled because evsub->timer.id is TIMER_TYPE_NONE.
    
    At this point, we have a ticking time bomb in the timer heap.
    jcolp committed Sep 11, 2015
  3. Revert "evsub: Fix timer race condition between subscription refresh …

    …and timeout."
    
    This reverts commit 7041e3f.
    jcolp committed Sep 11, 2015
Commits on Sep 10, 2015
  1. evsub: Fix timer race condition between subscription refresh and time…

    …out.
    
    Given the following scenario a crash will occur:
    
    Thread A is the thread that calls pjsip_endpt_handle_events() in order
    to accept incoming SIP traffic and to handle timers. For incoming
    requests/responses, thread A will dispatch the message to thread B to
    be handled.
    
    1. A subscription is established (Asterisk is the UAS) with a subscription
       timeout of 600 seconds.
    2. 600 seconds elapse.
    3. Thread B handles an incoming SUBSCRIBE request to refresh the subscription
       for a further 600 seconds. The UA layer locks the subscription dialog.
    4. At the same time, Thread A is tripped because the subscription has timed out.
       The timer callback is called, and it now is waiting on the dialog lock.
    5. Thread B finishes handling the incoming SUBSCRIBE request and schedules a timer
       entry for 600 seconds from now. In doing so, thread B sets the pjsip_evsub->timer.id
       to TIMER_TYPE_UAS_TIMEOUT.
    6. Thread B releases the dialog lock.
    7. Thread A acquires the dialog lock and immediately sets pjsip_evsub->timer.id to
       TIMER_TYPE_NONE. It calls into the on_server_timeout() callback.
    8. The on_server_timeout() callback sends a NOTIFY that terminates the subscription.
    9. Shortly after, the subscription is destroyed.
    10. When the subscription is destroyed, the timer that was previously scheduled is not
        cancelled because evsub->timer.id is TIMER_TYPE_NONE.
    
    At this point, we have a ticking time bomb in the timer heap.
    jcolp committed Sep 10, 2015
Commits on Sep 9, 2015
  1. transport: Fix race condition when dereffing transport.

    Backport of revision 5173.
    
    The pjsip_transport_dec_ref function currently decrements the reference
    count of a transport, locks the transport manager, and then does an
    additional check to determine if the idle transport timer should be
    started.
    
    In an environment where another thread is handling I/O it is possible
    for the other thread to receive notification that the connection for
    the transport has closed and to initiate transport destruction. If
    transport destruction occurs before the thread invoking
    pjsip_transport_dec_ref is able to acquire the transport manager lock
    it will eventually end up accessing a transport that has been destroyed.
    This is worsened if the transport is reused from a caching pool and
    reinitialized for a new connection. The thread invoking
    pjsip_transport_dec_ref may start another idle timer causing the same
    timer to be scheduled twice in the timer heap.
    
    This change checks to determine if the transport is still registered
    when the transport manager lock is finally acquired before starting
    the idle timer.
    
    ASTERISK-25230
    https://trac.pjsip.org/repos/ticket/1883
    jcolp committed Sep 8, 2015
Commits on Sep 8, 2015
  1. Revert "transport: Fix race condition when dereffing transport."

    This reverts commit cc63baf.
    jcolp committed Sep 8, 2015
Commits on Sep 1, 2015
  1. transport: Fix race condition when dereffing transport.

    The pjsip_transport_dec_ref function currently decrements the reference
    count of a transport, locks the transport manager, and then does an
    additional check to determine if the idle transport timer should be
    started.
    
    In an environment where another thread is handling I/O it is possible
    for the other thread to receive notification that the connection for
    the transport has closed and to initiate transport destruction. If
    transport destruction occurs before the thread invoking
    pjsip_transport_dec_ref is able to acquire the transport manager lock
    it will eventually end up accessing a transport that has been destroyed.
    This is worsened if the transport is reused from a caching pool and
    reinitialized for a new connection. The thread invoking
    pjsip_transport_dec_ref may start another idle timer causing the same
    timer to be scheduled twice in the timer heap.
    
    ASTERISK-25230
    jcolp committed Sep 1, 2015
Commits on Jun 2, 2015
  1. Import pjproject-2.4

    putnopvut committed Jun 2, 2015
Commits on Sep 24, 2014
  1. Import pjproject-2.3

    Joshua Colp committed Sep 24, 2014
Commits on Feb 28, 2014
  1. Import pjproject-2.2

    leedm777 committed Feb 28, 2014
Commits on Mar 11, 2013
  1. Import pjproject-2.1

    qwell committed Mar 11, 2013
Commits on Jan 7, 2013
  1. Import pjproject-2.0.1

    leedm777 committed Jan 7, 2013