sip5060.net / en es
Add REST API for SIP stack statistics (/api/v1/stats) Introduces /api/v1/stats endpoint for retrieving and resetting SIP stack statistics in JSON format. Implements async stats delivery using condition variables and mutexes, with timeout and HTTP 504 support. Updates WebAdmin and ReproRunner to handle and dispatch statistics messages. Adds helpers for compact JSON serialization of stats. Updates documentation and method signatures accordingly.
Allow user/domain change with password on update Enhance RestAdmin user update logic to permit changing username and domain, but require a new password if either field is modified, since the password hash is bound to user+realm. Update error handling, record fetching, and user-facing messages to reflect this requirement. Update API documentation accordingly. Add validation of this logic on the HTML WebAdmin side as well.
-fix linux build issue
Add REST API alongside existing HTML WebAdmin interface
Adds a JSON/REST interface under /api/v1/ that shares the same HTTP
listener, authentication (Basic auth against users.txt), and process as
the existing HTML admin. No new ports or config required.
New class RestAdmin handles dispatch and JSON encoding using cajun.
WebAdmin::buildPage detects the /api/v1/ prefix after authentication
and delegates to RestAdmin.
Endpoints:
GET /api/v1/registrations
GET /api/v1/publications
GET /api/v1/domains
POST /api/v1/domains?uri=...&tlsPort=...
DELETE /api/v1/domains/{uri}
GET /api/v1/users
POST /api/v1/users?user=...&domain=...&password=...&name=...&email=...
GET /api/v1/users/{user@domain}
PUT /api/v1/users/{user@domain}?password=...&name=...&email=...
DELETE /api/v1/users/{user@domain}
GET /api/v1/acls
POST /api/v1/acls?hostOrIp=...&port=...&transport=...
DELETE /api/v1/acls/{key}
GET /api/v1/routes
POST /api/v1/routes?uri=...&destination=...&method=...&event=...&order=...
PUT /api/v1/routes/{key}?...
DELETE /api/v1/routes/{key}
GET /api/v1/filters
GET /api/v1/settings
GET /api/v1/stats
GET /api/v1/congestion
GET /api/v1/loglevel
PUT /api/v1/loglevel?level=...
GET /api/v1/dnscache
DELETE /api/v1/dnscache
POST /api/v1/dnscache/reload
POST /api/v1/restart
POST /api/v1/certs/reload
Write operations use query parameters rather than request bodies to
avoid parsing inbound HTTP bodies. Filter add/edit/delete are not
exposed via REST due to the field count and regex escaping concerns;
use the HTML interface for those. Registration delete removes all
contacts for an AOR. PUT on users and routes has partial-update
semantics (omitted fields are left unchanged).
Response envelopes:
{"data": ...} on success
{"status": "ok"} on action success with no payload
{"error": {"code": N, "message":...}} on error
Required plumbing changes:
- HttpBase::buildPage virtual now takes the HTTP method as its first
parameter; HttpConnection::tryParse captures it from the request
line and passes it through.
- HttpConnection::setPage handles status codes 400, 405, 501, and 503
(previously 200/301/401/404/500 only), and preserves the caller's
body for application/json responses rather than substituting a
canned HTML page on 401/404.
- WebAdmin owns a std::unique_ptr<RestAdmin>, declares RestAdmin as a
friend so it can reach shared state (store, registration/
publication DBs, proxy, DNS cache machinery), and exposes
setApiResponse() as a JSON-aware wrapper around setPage().
Authentication is identical to the HTML admin: HTTP Basic against the
existing users.txt file. The DisableHttpAuth config flag applies to
REST calls as well.Refactor SIP capability handling in InviteSession - update stored peer capabilties with mid-dialog INVITEs or UPDATEs - UPDATE messaging only updates stored peer UserAgent and P-Asserted-Identities, and a new mPeerSupportSessionTimers boolean - fixes issue where initially a peer doesn't support Session Timers, then later in the session advertised support for it
Extend HttpGetMessage with status, headers, userData Added support for HTTP status codes, user data, and response headers to HttpGetMessage, including new constructor, accessors, and encode methods. Introduced case-insensitive header lookup. Updated clone to use new fields. Extended HttpProvider with a backward-compatible get overload.
Handle OPTIONS separately in session timer logic OPTIONS requests no longer trigger session timer refreshes when both sides support session timers. This ensures only INVITE and UPDATE methods affect session timer state. OPTIONS requests no longer update peer P-Asserted-Identity
Add IdentityCategory header tests Added comprehensive tests for IdentityCategory header parsing, parameter extraction, encoding, and copy construction in testParserCategories.cxx
Add Tuple::isSpecialPurposeAddress() per RFC 6890 Implement detection of special-purpose IP addresses (RFC 6890) in Tuple, covering private, loopback, link-local, multicast, and reserved ranges for both IPv4 and IPv6. Add static Tuple instances for these ranges and declare the new method in Tuple.hxx. Add unit tests to verify correct identification of special-purpose addresses.
recon: fix race condition crash - don't store reference to RemoteParticipantDialogSet in MediaStreamEvents since it might go away before being processed - instead pass ParticipantHandle so that it can be safely looked up and discarded if call has gone away
- add missing files to fixed visual studio 2022 project - fixup FlowManagerSipXSocket for windows (broken from recent changes)
Merge branch 'master' of https://github.com/resiprocate/resiprocate
-reTurn: do not respond to responses
- try again
- fix recent build error
- fix up some lingering build issues from last commit
Resolve /w3 and SDL compilation errors/warnings on Visual Studio builds - Part2
Resolve /w3 and SDL compilation errors/warnings on Visual Studio builds - Part1
Merge branch 'master' of https://github.com/resiprocate/resiprocate
- improve reTurn nonce generation - use crypto random for private part of nonce - incorporate senders protocol, IP and port into nonce, so nonce is unique per sender
Merge pull request #466 from mykhailopopivniak/param-name-log resip/stack: downgrade duplicate parameter-name log to INFO level
- change IdentityHeader to use new parser
- Security.hxx - add missing X509_free call to checkAndSetIdentity
- DialogUsageManager.hxx - remove unused members
- Data class - add prefixNoCase and postfixNoCase methods - add unit tests to testData.cxx
resip/stack: downgrade duplicate parameter-name log to INFO level Duplicate parameters are a protocol violation per RFC 3261 ยง7.3.1 and ยง19.1.1, but the stack already handles them gracefully by silently skipping the duplicate. Using WarningLog implies operator attention is needed, which is not the case here. Downgrade to InfoLog to avoid noise in production environments where non-compliant peers may frequently send duplicate parameters.
Cleanup SecurityAttributes - add copy constructor - cleanup code formatting - optimize operator<< - modify SipMessage copy logic to use SecurityAttributes copy constructor - add unit test for SecurityAttributes copy in SipMessage assignment - repro/HttpConnection.cxx - fix typo in 404 responses
Add new parameters and parsing for RFC8224 Identity headers - Identity header parsing remains as StringCategory for now, until RFC8224 can be fully implemented
Update windows CMake builds from OpenSSL 1.1.1q (zero-c nuget package) to OpenSSL 3.5.5 (openssl-native nuget package) - moved linux install of config.h from /usr/include to /usr/include/resip
Make sure new transport flag: RESIP_TRANSPORT_FLAG_SYMMETRIC_CONNECTIONS uses SO_RESUSEPORT on linux - fix testTransportSelector issues on linux, but using new transport flag to allow multiple test transports to bind to the same port
Fix failure ACK routing over TLS when stack has multiple TLS transports - ACK could use different transport than INVITE - issue introduced in PR https://github.com/resiprocate/resiprocate/pull/367 - TransportSelector, if port is specified in source make sure we select the correct TLS transport - Tuple: add new isEqual method to Tuple to allow comparison without checking the port - testTransportSelector - added TLS transport based tests for source searches using port 0 and transports bound to INADDR_ANY, corrected other tests - Misc: fix some spelling errors
Improve Session Timer Support when Refresher - if DUM is the refresher and sends a reINITE or UPDATE to refresh the session timer and we receive an error response that doesn't tear down the INVITE session, then we need to make sure we timeout the session when it eventaully expires - start a 2nd timer on the refresher side to ensure we timeout the session if refresh attempts fail - also retry the refresh at half the duration of the previous attempt if it failed to get a success response - add better logging of timers
Merge pull request #462 from mykhailopopivniak/rinstance_uri_param
resip/stack: consider known parameters when comparing URIs Previously, URI comparison logic treated URIs with different known parameter values as equal. Per RFC 3261 ยง19.1.4, parameters present in both URIs must match. Add related unit tests. Relates to #385.
- expose Helper::getSdpRecurse for use cases where modifying the SdpContents is needed
Merge pull request #461 from Anjali515/Avtec_Symm_Conn Symmetric Connection
Remove closesocket() Socket close not needed as the socket failed to open.
Closing socket Closing socket when Invalid or when fail to bind or configure.
Symmetric Connection Added a transport flag for Symmetric Connection. When this flag is set, bind outbound client connections to the same port as the listening socket. This ensures the TCP source port matches the advertised SIP port in Via/Contact header, enabling proper connection reuse by SIP servers.
- fix up tfm/StunServer.hxx for StunMessage namespace change
- move definition of StunMessage to resip namespace to avoid collisions with StunMessage in sipXtapi
- fix linux compilation errors and warnings
Add Digest Authentication Support for SHA256 and SHA512/256 algorithms
- SHA256 and SHA512/256 algorithms requires OpenSSL linking, ie: USE_SSL (WITH_SSL) set to true
- modified ClientAuthManager to look through all WWWAuthenticate or ProxyAuthenticate headers for one
with a supported algorithm
- classes that issue digest challenges now take a configurable ordered list of algorithms supported, a
header for each supported algorithm will be added to the resulting digest challenges, clients are
expected to use the first one they support from the list. An empty list implies only MD5 support.
Classes extended:
- dum/ServerAuthManager, dum/RADIUSServerAuthManager,
- repro/ReproServerAuthManager, repro/RADIUSServerAuthManager,
- repro/monkeys/DigestAuthenticator, repro/monkeys/RADIUSDigestAuthenticator, repro/monkeys/StaticRoute
- UserProfile::setDigestCredential now accepts a new format for password hashes, in order to support the
new algorithms
- Modified UserStore to store all supported password hashes when a new user is added with clear text password
- New repro setting: DigestChallengeAlgorithms
- Helper changes
- reordered methods in source file to match header ordering
- new methods:
- isDigestAlgorithmSupported
- createResipA1HashString
- extractA1FromResipA1HashString
- isDigestTypeSupportedInResipA1HashString
- addChallenge
- makeResponseDigest
- makeResponseDigestWithA1
- methods extended to support adding new SHA algorithms to challenges
- makeProxyChallenge
- makeWWWChallenge
- makeChallenge
- Added many new unit tests to testDigestAuthentication, so that all new and existing Helper digest methods
are now coveredAdd new DigestStream class, capable of MD5, SHA1, SHA256, SHA512 and SHA512/256 hash algorithms -all algorithms support with OpenSSL, only MD5 and SHA1 support without OpenSSL -deprecate MD5Stream and SHA1Stream classes -update all uses MD5Stream and SHA1Stream to use new DigestStream -will leave deprecated classes in rutil for now, to give users a chance to transition to new DigestStream class -rename SHA1 class to Sha1 to avoid conflict with new DigestBuffer enum for DigestType
Support Public IP/Port use in transport RecordRoutes - make sure we recognize custom/public address/port used in Route headers as belonging to us (Proxy::isMyUri), by checking inbound route headers against our configured RecordRoute's -small optimization to DialogUsageManager::sendUsingOutboundIfAppropriate, put cheaper check first
- do normal preload process when using WinSecurity.cxx, so that domain certificates can be loaded
Merge pull request #453 from szokovacs/DNSReturnAllResults Expose ARES_FLAG_NOCHECKRESP ares flag in resip
Added comment explaing the effect of the new flag
repro: RFC5626 Outbound fix to not remove contact registration on locally generated 408 timeouts Locally generated 408 timeouts are now ignored to prevent premature registration teardown. We only remove contacts on hard transport failures (local 503 or 430/410 responses), ensuring that transient network or app-layer lag doesn't wipe our registration database while the RFC 5626 Flow is still physically established.
Merge pull request #454 from szokovacs/changenameservers expose already existing possibility to change the DNS servers to the …
- sdpcontainer::Sdp - add get mediaLineAtIndex api - sdpcontainer::SdpMediaLine - add more crypto type definitions
-CMake: build resipmedia by default, add separate flag so not dependant on recon being enabled
- complete move of sdpcontainer to resipmedia - complete rename of SdpHelperResip to SdpHelper
Move SdpContainer used in recon to resipmedia library for use in other projects
- small cleanup of TlsConnection handshake error logs - previous text was misleading (missing client cert it not necessarily a problem)
resolve conflict between TFM and ARES
still
typo fix
following up missing ExternalDns change
expose already existing possibility to change the DNS servers to the DnsStub API