This commit introduces the security events API. This API is to be used by
Asterisk components to report events that have security implications.
A simple example is when a connection is made but fails authentication. These
events can be used by external tools manipulate firewall rules or something
similar after detecting unusual activity based on security events.
Inside of Asterisk, the events go through the ast_event API. This means that
they have a binary encoding, and it is easy to write code to subscribe to these
events and do something with them.
One module is provided that is a subscriber to these events - res_security_log.
This module turns security events into a parseable text format and sends them
to the "security" logger level. Using logger.conf, these log entries may be
sent to a file, or to syslog.
One service, AMI, has been fully updated for reporting security events.
AMI was chosen as it was a fairly straight forward service to convert.
The next target will be chan_sip. That will be more complicated and will
be done as its own project as the next phase of security events work.
For more information on the security events framework, see the documentation
generated from doc/tex/. "make asterisk.pdf"
Review: https://reviewboard.asterisk.org/r/273/
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@206021 f38db490-d61c-443f-a65b-d21fe96a405b
CEL is the new system for logging channel events. This was inspired after
facing many problems trying to represent what is possible to happen to a call
in Asterisk using CDR records. For more information on CEL, see the built in
HTML or PDF documentation generated from the files in doc/tex/.
Many thanks to Steve Murphy (murf) and Brian Degenhardt (bmd) for their hard
work developing this code. Also, thanks to Matt Nicholson (mnicholson) and
Sean Bright (seanbright) for their assistance in the final push to get this
code ready for Asterisk trunk.
Review: https://reviewboard.asterisk.org/r/239/
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@203638 f38db490-d61c-443f-a65b-d21fe96a405b
This patch add a new payload type for information elements, a set
of bit flags. The payload is transported as a 32-bit unsigned integer
but when matching is performed between events and subscribers,
the matching is done by using a bitwise AND instead of numeric value
comparison.
Review: http://reviewboard.asterisk.org/r/242/
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@191919 f38db490-d61c-443f-a65b-d21fe96a405b
- convert handling of IE PLTYPEs to switch statements
- add braces to various small blocks
- remove a bit of trailing whitespace
- remove a couple of unnecessary ast_strdupa() uses
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@191848 f38db490-d61c-443f-a65b-d21fe96a405b
This code comes from svn/asterisk/team/russell/event_performance/.
Here is a summary of the changes that have been made, in order of both
invasiveness and performance impact, from smallest to largest.
1) Asterisk 1.6.1 introduces some additional logic to be able to handle
distributed device state. This functionality comes at a cost.
One relatively minor change in this patch is that the extra processing
required for distributed device state is now completely bypassed if
it's not needed.
2) One of the things that I noticed when profiling this code was that a
_lot_ of time was spent doing string comparisons. I changed the way
strings are represented in an event to include a hash value at the front.
So, before doing a string comparison, we do an integer comparison on the
hash.
3) Finally, the code that handles the event cache has been re-written.
I tried to do this in a such a way that it had minimal impact on the API.
I did have to change one API call, though - ast_event_queue_and_cache().
However, the way it works now is nicer, IMO. Each type of event that
can be cached (MWI, device state) has its own hash table and rules for
hashing and comparing objects. This by far made the biggest impact on
performance.
For additional details regarding this code and how it was tested, please see the
review request.
(closes issue #14738)
Reported by: russell
Review: http://reviewboard.digium.com/r/205/
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@184339 f38db490-d61c-443f-a65b-d21fe96a405b
------------------------------------------------------------------------
r159808 | kpfleming | 2008-11-29 10:58:29 -0600 (Sat, 29 Nov 2008) | 7 lines
update dev-mode compiler flags to match the ones used by default on Ubuntu Intrepid, so all developers will see the same warnings and errors
since this branch already had some printf format attributes, enable checking for them and tag functions that didn't have them
format attributes in a consistent way
------------------------------------------------------------------------
in addition:
move some format attributes from main/utils.c to the header files they belong in, and fix up references to the relevant functions based on new compiler warnings
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@159818 f38db490-d61c-443f-a65b-d21fe96a405b
This commit pulls in a batch of improvements and additions to the event API.
Changes include:
- the ability to dynamically build a subscription. This is useful if you're
building a subscription based on something you receive from the network,
or from options in a configuration file.
- Add tables of event types and IE types and the corresponding string
representation for implementing text based protocols that use these
events, for showing events on the CLI, reading configuration that
references event information, among other things.
- Add a table that maps IE types and the corresponding payload type.
- an API call to get the total size of an event
- an API call to get all events from the cache that match a subscription
- a new IE payload type, raw, which I used for transporting the Entity ID in
my code for handling distributed device state.
- Code improvements to reduce code duplication
- Include the Entity ID of the server that originated the event in every event
- an additional event type, DEVICE_STATE_CHANGE, to help facilitate distributed
device state. DEVICE_STATE is a state change on one server, DEVICE_STATE_CHANGE
is the aggregate device state change across all servers.
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@121555 f38db490-d61c-443f-a65b-d21fe96a405b
to indicate there was more data than there really was, causing the iterator read beyond the end
of the event structure. This led to invalid memory reads and potential crashes.
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@103559 f38db490-d61c-443f-a65b-d21fe96a405b
in the event API.
ast_event_iterator_get_ie_type should return the ie type in
host byte order. Furthermore, ast_event_get_ie_raw should already
have its ie type argument in host byte order since it could be called
externally (and it in fact is called in this way by ast_event_get_cached).
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@103282 f38db490-d61c-443f-a65b-d21fe96a405b
get_unaligned functions as const
* In event.c, use get_unaligned_uint32() in a couple of places to fix issues on
architectures that don't allow unaligned access
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@92305 f38db490-d61c-443f-a65b-d21fe96a405b
build times - tested, there is no measureable difference before and
after this commit.
In this change:
use asterisk/compat.h to include a small set of system headers:
inttypes.h, unistd.h, stddef.h, stddint.h, sys/types.h, stdarg.h,
stdlib.h, alloca.h, stdio.h
Where available, the inclusion is conditional on HAVE_FOO_H as determined
by autoconf.
Normally, source files should not include any of the above system headers,
and instead use either "asterisk.h" or "asterisk/compat.h" which does it
better.
For the time being I have left alone second-level directories
(main/db1-ast, etc.).
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@89333 f38db490-d61c-443f-a65b-d21fe96a405b
- the *_CURRENT macros no longer need the list head pointer argument
- add AST_LIST_MOVE_CURRENT to encapsulate the remove/add operation when moving entries between lists
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@89106 f38db490-d61c-443f-a65b-d21fe96a405b
The way a device state change propagates is kind of silly, in my opinion. A
device state provider calls a function that indicates that the state of a
device has changed. Then, another thread goes back and calls a callback for
the device state provider to find out what the new state is before it can go
send it off to whoever cares.
I have changed it so that you can include the state that the device has changed
to in the first function call from the device state provider. This removes the
need to have to call the callback, which locks up critical containers to go find
out what the state changed to.
This change set changes the "simple" device state providers to use the new method.
This includes parking, meetme, and SLA.
I have also mostly converted chan_agent in my branch, but still have some more
things to think through before presenting the plan for converting channel drivers
to ensure all of the right events get generated ...
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@79027 f38db490-d61c-443f-a65b-d21fe96a405b
This set of changes introduces a new generic event API for use within Asterisk.
I am still working on a way for events to be shared between servers, but this
part is ready and can already be used inside of Asterisk.
This set of changes introduces the first use of the API, as well. I have
restructured the way that MWI (message waiting indication) is handled. It is
now event based instead of polling based. For example, if there are a bunch
of SIP phones subscribed to mailboxes, then chan_sip will not have to
constantly poll the mailboxes for changes. app_voicemail will generate events
when changes occur.
See UPGRADE.txt and CHANGES for some more information on the effects of these
changes from the user perspective. For developer information, see the text in
include/asterisk/event.h.
As always, additional feedback is welcome on the asterisk-dev mailing list.
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@62292 f38db490-d61c-443f-a65b-d21fe96a405b
russell