From a1c8d9f99ce8c092e1a3bdc9ff7d23cf16224f90 Mon Sep 17 00:00:00 2001 From: Jehan Monnier Date: Fri, 15 Jan 2016 15:36:13 +0100 Subject: [PATCH] make sure in case of SRTP DTLS enabled, ice reinvite is disabled & mandatory encryption is activated --- coreapi/bellesip_sal/sal_op_impl.c | 1 - coreapi/linphonecall.c | 40 +++++++++++++++++++----------- coreapi/linphonecore.c | 2 ++ coreapi/private.h | 2 ++ coreapi/sal.c | 4 ++- gtk/incall_view.c | 2 ++ include/sal/sal.h | 2 ++ mediastreamer2 | 2 +- oRTP | 2 +- tester/call_tester.c | 17 ++++++++++++- tester/flexisip_tester.c | 15 ++++++++--- tester/message_tester.c | 2 +- 12 files changed, 67 insertions(+), 24 deletions(-) diff --git a/coreapi/bellesip_sal/sal_op_impl.c b/coreapi/bellesip_sal/sal_op_impl.c index 9f654902c..345501b84 100644 --- a/coreapi/bellesip_sal/sal_op_impl.c +++ b/coreapi/bellesip_sal/sal_op_impl.c @@ -701,7 +701,6 @@ void sal_op_assign_recv_headers(SalOp *op, belle_sip_message_t *incoming){ const char *sal_op_get_remote_contact(const SalOp *op){ /* * remote contact is filled in process_response - * return sal_custom_header_find(op->base.recv_custom_headers,"Contact"); */ return op->base.remote_contact; } diff --git a/coreapi/linphonecall.c b/coreapi/linphonecall.c index 5429fe377..5718782ed 100644 --- a/coreapi/linphonecall.c +++ b/coreapi/linphonecall.c @@ -1092,7 +1092,9 @@ LinphoneCall * linphone_call_new_outgoing(struct _LinphoneCore *lc, LinphoneAddr linphone_call_get_local_ip(call, to); call->params = linphone_call_params_copy(params); linphone_call_init_common(call, from, to); - + + call->current_params->update_call_when_ice_completed = call->params->update_call_when_ice_completed; /*copy param*/ + linphone_call_fill_media_multicast_addr(call); if (linphone_core_get_firewall_policy(call->core) == LinphonePolicyUseIce) { @@ -1300,6 +1302,9 @@ LinphoneCall * linphone_call_new_incoming(LinphoneCore *lc, LinphoneAddress *fro */ /*set privacy*/ call->current_params->privacy=(LinphonePrivacyMask)sal_op_get_privacy(call->op); + /*config params*/ + call->current_params->update_call_when_ice_completed = call->params->update_call_when_ice_completed; /*copy config params*/ + /*set video support */ call->params->has_video = linphone_core_video_enabled(lc) && lc->video_policy.automatically_accept; if (md) { @@ -1754,7 +1759,8 @@ const LinphoneCallParams * linphone_call_get_current_params(LinphoneCall *call){ if ((all_streams_encrypted = linphone_call_all_streams_encrypted(call)) && linphone_call_get_authentication_token(call)) { call->current_params->media_encryption=LinphoneMediaEncryptionZRTP; } else { - ms_message("Encryption was requested to be %s, but isn't effective (all_streams_encrypted=%i, auth_token=%s)", + /*to avoid to many traces*/ + ms_debug("Encryption was requested to be %s, but isn't effective (all_streams_encrypted=%i, auth_token=%s)", linphone_media_encryption_to_string(call->params->media_encryption), all_streams_encrypted, call->auth_token == NULL ? "" : call->auth_token); call->current_params->media_encryption=LinphoneMediaEncryptionNone; } @@ -1766,7 +1772,8 @@ const LinphoneCallParams * linphone_call_get_current_params(LinphoneCall *call){ if (linphone_call_get_n_active_streams(call)==0 || (all_streams_encrypted = linphone_call_all_streams_encrypted(call))) { call->current_params->media_encryption = call->params->media_encryption; } else { - ms_message("Encryption was requested to be %s, but isn't effective (all_streams_encrypted=%i)", + /*to avoid to many traces*/ + ms_debug("Encryption was requested to be %s, but isn't effective (all_streams_encrypted=%i)", linphone_media_encryption_to_string(call->params->media_encryption), all_streams_encrypted); call->current_params->media_encryption=LinphoneMediaEncryptionNone; } @@ -1982,12 +1989,9 @@ const char *linphone_call_get_remote_user_agent(LinphoneCall *call){ * Returns the far end's sip contact as a string, if available. **/ const char *linphone_call_get_remote_contact(LinphoneCall *call){ - const LinphoneCallParams* lcp = linphone_call_get_remote_params(call); - if( lcp ){ - // we're not using sal_op_get_remote_contact() here because the returned value is stripped from - // params that we need, like the instanceid. Getting it from the headers will make sure we - // get everything - return linphone_call_params_get_custom_header(lcp, "Contact"); + if( call->op ){ + /*sal_op_get_remote_contact preserves header params*/ + return sal_op_get_remote_contact(call->op); } return NULL; } @@ -3101,7 +3105,7 @@ static void linphone_call_start_audio_stream(LinphoneCall *call, LinphoneCallSta } } - ms_media_stream_sessions_set_encryption_mandatory(&call->audiostream->ms.sessions,linphone_core_is_media_encryption_mandatory(call->core)); + ms_media_stream_sessions_set_encryption_mandatory(&call->audiostream->ms.sessions,call->current_params->encryption_mandatory); if (next_state == LinphoneCallPaused && captcard == NULL && playfile != NULL){ int pause_time=500; @@ -3280,7 +3284,7 @@ static void linphone_call_start_video_stream(LinphoneCall *call, LinphoneCallSta used_pt, &io); } } - ms_media_stream_sessions_set_encryption_mandatory(&call->videostream->ms.sessions,linphone_core_is_media_encryption_mandatory(call->core)); + ms_media_stream_sessions_set_encryption_mandatory(&call->videostream->ms.sessions,call->current_params->encryption_mandatory); _linphone_call_set_next_video_frame_decoded_trigger(call); } }else ms_warning("No video stream accepted."); @@ -3338,7 +3342,7 @@ static void linphone_call_start_text_stream(LinphoneCall *call) { text_stream_start(call->textstream, call->text_profile, rtp_addr, tstream->rtp_port, rtcp_addr, (linphone_core_rtcp_enabled(lc) && !is_multicast) ? (tstream->rtcp_port ? tstream->rtcp_port : tstream->rtp_port + 1) : 0, used_pt); ms_filter_add_notify_callback(call->textstream->rttsink, real_time_text_character_received, call, FALSE); - ms_media_stream_sessions_set_encryption_mandatory(&call->textstream->ms.sessions,linphone_core_is_media_encryption_mandatory(call->core)); + ms_media_stream_sessions_set_encryption_mandatory(&call->textstream->ms.sessions,call->current_params->encryption_mandatory); } else ms_warning("No text stream accepted."); } else { ms_message("No valid text stream defined."); @@ -3431,6 +3435,10 @@ void linphone_call_start_media_streams(LinphoneCall *call, LinphoneCallState nex ms_fatal("start_media_stream() called without prior init !"); return; } + if (call->params->media_encryption==LinphoneMediaEncryptionDTLS) { + call->current_params->encryption_mandatory = TRUE; + ms_message("Forcing encryption mandatory on call [%p]",call); + } call->nb_media_starts++; #if defined(VIDEO_ENABLED) @@ -3487,6 +3495,10 @@ void linphone_call_start_media_streams(LinphoneCall *call, LinphoneCallState nex set_dtls_fingerprint_on_all_streams(call); if ((call->ice_session != NULL) && (ice_session_state(call->ice_session) != IS_Completed)) { + if (call->params->media_encryption==LinphoneMediaEncryptionDTLS) { + call->current_params->update_call_when_ice_completed = FALSE; + ms_message("Disabling update call when ice completed on call [%p]",call); + } ice_session_start_connectivity_checks(call->ice_session); } else { /*should not start dtls until ice is completed*/ @@ -3913,7 +3925,7 @@ static bool_t ice_in_progress(LinphoneCallStats *stats){ /** * Indicates whether an operation is in progress at the media side. - * It can a bad idea to initiate signaling operations (adding video, pausing the call, removing video, changing video parameters) while + * It can be a bad idea to initiate signaling operations (adding video, pausing the call, removing video, changing video parameters) while * the media is busy in establishing the connection (typically ICE connectivity checks). It can result in failures generating loss of time * in future operations in the call. * Applications are invited to check this function after each call state change to decide whether certain operations are permitted or not. @@ -4266,7 +4278,7 @@ static void handle_ice_events(LinphoneCall *call, OrtpEvent *ev){ case IS_Completed: ice_session_select_candidates(call->ice_session); if (ice_session_role(call->ice_session) == IR_Controlling - && lp_config_get_int(call->core->config, "sip", "update_call_when_ice_completed", TRUE)) { + && params->update_call_when_ice_completed) { params->internal_call_update = TRUE; linphone_core_update_call(call->core, call, params); } diff --git a/coreapi/linphonecore.c b/coreapi/linphonecore.c index 18cc6d2fe..27965a84e 100644 --- a/coreapi/linphonecore.c +++ b/coreapi/linphonecore.c @@ -7060,6 +7060,8 @@ void linphone_core_init_default_params(LinphoneCore*lc, LinphoneCallParams *para params->real_early_media=lp_config_get_int(lc->config,"misc","real_early_media",FALSE); params->audio_multicast_enabled=linphone_core_audio_multicast_enabled(lc); params->video_multicast_enabled=linphone_core_video_multicast_enabled(lc); + params->update_call_when_ice_completed = lp_config_get_int(lc->config, "sip", "update_call_when_ice_completed", TRUE); + params->encryption_mandatory = linphone_core_is_media_encryption_mandatory(lc); } void linphone_core_set_device_identifier(LinphoneCore *lc,const char* device_id) { diff --git a/coreapi/private.h b/coreapi/private.h index de115f84f..3ed87ca78 100644 --- a/coreapi/private.h +++ b/coreapi/private.h @@ -164,6 +164,8 @@ struct _LinphoneCallParams{ bool_t video_multicast_enabled; bool_t audio_multicast_enabled; bool_t realtimetext_enabled; + bool_t update_call_when_ice_completed; + bool_t encryption_mandatory; }; BELLE_SIP_DECLARE_VPTR(LinphoneCallParams); diff --git a/coreapi/sal.c b/coreapi/sal.c index b2c4c97b1..701d68b90 100644 --- a/coreapi/sal.c +++ b/coreapi/sal.c @@ -613,7 +613,9 @@ void __sal_op_set_network_origin(SalOp *op, const char *origin){ } void __sal_op_set_remote_contact(SalOp *op, const char* remote_contact){ - SET_PARAM(op,remote_contact); + assign_address(&((SalOpBase*)op)->remote_contact_address,remote_contact);\ + /*to preserve header params*/ + assign_string(&((SalOpBase*)op)->remote_contact,remote_contact); \ } void __sal_op_set_network_origin_address(SalOp *op, SalAddress *origin){ diff --git a/gtk/incall_view.c b/gtk/incall_view.c index d37602201..cf97b5d53 100644 --- a/gtk/incall_view.c +++ b/gtk/incall_view.c @@ -635,6 +635,8 @@ static gboolean linphone_gtk_in_call_view_refresh(LinphoneCall *call){ } rating_to_color(rating,&color); gtk_widget_modify_bg(qi,GTK_STATE_NORMAL,&color); + + linphone_gtk_update_video_button(call); /*in case of no ice re-invite, video button status shall be checked by polling*/ return TRUE; } diff --git a/include/sal/sal.h b/include/sal/sal.h index d8106f6b7..721cefbea 100644 --- a/include/sal/sal.h +++ b/include/sal/sal.h @@ -656,7 +656,9 @@ const SalAddress *sal_op_get_contact_address(const SalOp *op); const char *sal_op_get_route(const SalOp *op); const MSList* sal_op_get_route_addresses(const SalOp *op); const char *sal_op_get_proxy(const SalOp *op); +/*raw contact header value with header params*/ const char *sal_op_get_remote_contact(const SalOp *op); +/*contact header address only (I.E without header params*/ const SalAddress* sal_op_get_remote_contact_address(const SalOp *op); /*for incoming requests, returns the origin of the packet as a sip uri*/ const char *sal_op_get_network_origin(const SalOp *op); diff --git a/mediastreamer2 b/mediastreamer2 index 66ad948e8..005c28b9f 160000 --- a/mediastreamer2 +++ b/mediastreamer2 @@ -1 +1 @@ -Subproject commit 66ad948e85e77f1d92545bb5e12823cd5a489d6a +Subproject commit 005c28b9fc0321957a8b339000272b4cb5de8cc0 diff --git a/oRTP b/oRTP index 3c0e10e3a..35b2e7354 160000 --- a/oRTP +++ b/oRTP @@ -1 +1 @@ -Subproject commit 3c0e10e3a4ec3e6b69820f890012db8fe3cba6f7 +Subproject commit 35b2e735421bcbaedd4422b637256987893368bc diff --git a/tester/call_tester.c b/tester/call_tester.c index c0e5858c7..996a0e974 100644 --- a/tester/call_tester.c +++ b/tester/call_tester.c @@ -321,10 +321,25 @@ bool_t call_with_params2(LinphoneCoreManager* caller_mgr && linphone_core_get_firewall_policy(callee_mgr->lc) == LinphonePolicyUseIce && !linphone_core_sdp_200_ack_enabled(caller_mgr->lc) /*ice does not work with sdp less invite*/ && lp_config_get_int(callee_mgr->lc->config, "sip", "update_call_when_ice_completed", TRUE) - && lp_config_get_int(caller_mgr->lc->config, "sip", "update_call_when_ice_completed", TRUE)) { + && lp_config_get_int(caller_mgr->lc->config, "sip", "update_call_when_ice_completed", TRUE) + && linphone_core_get_media_encryption(caller_mgr->lc) != LinphoneMediaEncryptionDTLS /*no ice-reinvite with DTLS*/) { BC_ASSERT_TRUE(wait_for(callee_mgr->lc,caller_mgr->lc,&caller_mgr->stat.number_of_LinphoneCallStreamsRunning,initial_caller.number_of_LinphoneCallStreamsRunning+2)); BC_ASSERT_TRUE(wait_for(callee_mgr->lc,caller_mgr->lc,&callee_mgr->stat.number_of_LinphoneCallStreamsRunning,initial_callee.number_of_LinphoneCallStreamsRunning+2)); + } else if (linphone_core_get_firewall_policy(caller_mgr->lc) == LinphonePolicyUseIce) { + /* check no ice re-invite received*/ + BC_ASSERT_FALSE(wait_for_until(callee_mgr->lc,caller_mgr->lc,&caller_mgr->stat.number_of_LinphoneCallStreamsRunning,initial_caller.number_of_LinphoneCallStreamsRunning+2,2000)); + BC_ASSERT_FALSE(wait_for_until(callee_mgr->lc,caller_mgr->lc,&callee_mgr->stat.number_of_LinphoneCallStreamsRunning,initial_callee.number_of_LinphoneCallStreamsRunning+2,2000)); + + } + if (linphone_core_get_media_encryption(caller_mgr->lc) == LinphoneMediaEncryptionDTLS ) { + if (linphone_core_get_current_call(caller_mgr->lc)->audiostream) + BC_ASSERT_TRUE(ms_media_stream_sessions_get_encryption_mandatory(&linphone_core_get_current_call(caller_mgr->lc)->audiostream->ms.sessions)); +#ifdef VIDEO_ENABLED + if (linphone_core_get_current_call(caller_mgr->lc)->videostream && video_stream_started(linphone_core_get_current_call(caller_mgr->lc)->videostream)) + BC_ASSERT_TRUE(ms_media_stream_sessions_get_encryption_mandatory(&linphone_core_get_current_call(caller_mgr->lc)->videostream->ms.sessions)); +#endif + } return result; } diff --git a/tester/flexisip_tester.c b/tester/flexisip_tester.c index c77655532..b75bd04f2 100644 --- a/tester/flexisip_tester.c +++ b/tester/flexisip_tester.c @@ -876,6 +876,7 @@ static void dos_module_trigger(void) { int i = 0; const char* passmsg = "This one should pass through"; int number_of_messge_to_send = 100; + LinphoneChatMessage * chat_msg = NULL; LinphoneCoreManager* marie = linphone_core_manager_new("marie_rc"); LinphoneCoreManager* pauline = linphone_core_manager_new(transport_supported(LinphoneTransportTls) ? "pauline_rc" : "pauline_tcp_rc"); @@ -887,7 +888,8 @@ static void dos_module_trigger(void) { do { char msg[128]; sprintf(msg, "Flood message number %i", i); - linphone_chat_room_send_message(chat_room, msg); + chat_msg = linphone_chat_room_create_message(chat_room, msg); + linphone_chat_room_send_chat_message(chat_room, chat_msg); ms_usleep(10000); i++; } while (i < number_of_messge_to_send); @@ -898,8 +900,8 @@ static void dos_module_trigger(void) { reset_counters(&marie->stat); reset_counters(&pauline->stat); - - linphone_chat_room_send_message(chat_room, passmsg); + chat_msg = linphone_chat_room_create_message(chat_room, passmsg); + linphone_chat_room_send_chat_message(chat_room, chat_msg); BC_ASSERT_TRUE(wait_for(pauline->lc,marie->lc,&marie->stat.number_of_LinphoneMessageReceived, 1)); BC_ASSERT_EQUAL(marie->stat.number_of_LinphoneMessageReceived, 1, int, "%d"); if (marie->stat.last_received_chat_message) { @@ -909,8 +911,9 @@ static void dos_module_trigger(void) { linphone_core_manager_destroy(pauline); } - +#define USE_PRESENCE_SERVER 0 static void test_subscribe_notify_with_sipp_publisher(void) { +#if USE_PRESENCE_SERVER char *scen; FILE * sipp_out; LinphoneCoreManager* pauline = linphone_core_manager_new( "pauline_rc"); @@ -943,8 +946,10 @@ static void test_subscribe_notify_with_sipp_publisher(void) { linphone_core_manager_destroy(marie); linphone_core_manager_destroy(pauline); +#endif } static void test_subscribe_notify_with_sipp_publisher_double_publish(void) { +#if USE_PRESENCE_SERVER char *scen; FILE * sipp_out; LinphoneCoreManager* pauline = linphone_core_manager_new( "pauline_rc"); @@ -977,6 +982,7 @@ static void test_subscribe_notify_with_sipp_publisher_double_publish(void) { linphone_core_manager_destroy(marie); linphone_core_manager_destroy(pauline); +#endif } static void test_publish_unpublish(void) { @@ -1035,6 +1041,7 @@ static void test_list_subscribe (void) { linphone_event_add_custom_header(lev,"Supported","eventlist"); linphone_event_add_custom_header(lev,"Accept","application/pidf+xml, application/rlmi+xml"); linphone_event_add_custom_header(lev,"Content-Disposition", "recipient-list"); + linphone_event_add_custom_header(lev,"Require", "recipient-list-subscribe"); linphone_event_send_subscribe(lev,content); diff --git a/tester/message_tester.c b/tester/message_tester.c index 78aeb0b69..e49d97979 100644 --- a/tester/message_tester.c +++ b/tester/message_tester.c @@ -1394,7 +1394,7 @@ static void real_time_text(bool_t audio_stream_enabled, bool_t srtp_enabled, boo LinphoneChatRoom *marie_chat_room = linphone_call_get_chat_room(marie_call); for (i = 0; i < strlen(message); i++) { - linphone_chat_message_put_char(rtt_message, message[i]); + BC_ASSERT_FALSE(linphone_chat_message_put_char(rtt_message, message[i])); BC_ASSERT_TRUE(wait_for_until(pauline->lc, marie->lc, &marie->stat.number_of_LinphoneIsComposingActiveReceived, i+1, 1000)); BC_ASSERT_EQUAL(linphone_chat_room_get_char(marie_chat_room), message[i], char, "%c"); }