Skip to content

res_pjsip_config_wizard: Force reload on Named ACL change events#1644

Open
hajekmi wants to merge 1 commit intoasterisk:masterfrom
hajekmi:fix_pjsip_wizard_acl_2
Open

res_pjsip_config_wizard: Force reload on Named ACL change events#1644
hajekmi wants to merge 1 commit intoasterisk:masterfrom
hajekmi:fix_pjsip_wizard_acl_2

Conversation

@hajekmi
Copy link
Contributor

@hajekmi hajekmi commented Dec 10, 2025
edited by seanbright
Loading

Currently, endpoints created via the PJSIP Config Wizard do not update
their ACL rules if the underlying Named ACL (in acl.conf) changes.
This occurs because the wizard relies on file timestamp and content
caching of pjsip_wizard.conf, which remains unchanged during an external
ACL update. As a result, endpoints retain stale ACL rules even after
a reload.

This patch updates res_pjsip_config_wizard to subscribe to the
ast_named_acl_change_type Stasis event. A local generation counter is
incremented whenever an ACL change event is received.

During a reload, the wizard compares the current local generation against
the generation stored in the wizard object. If a change is detected:

  1. The file cache optimization (CONFIG_FLAG_FILEUNCHANGED) is bypassed.
  2. Wizard objects utilizing 'acl' or 'contact_acl' are forced to update,
    ensuring they pick up the new IP rules.

Signed-off-by: Michal Hajek [email protected]

Fixes: #1641

@phoneben
Copy link
Contributor

phoneben commented Dec 10, 2025
edited
Loading

i think cherry-pick should be in a separate comment .
not in the original .

github-actions[bot]
github-actions bot previously requested changes Dec 10, 2025
View reviewed changes
Copy link

@github-actions github-actions bot left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Checklist Complete

@github-actions github-actions bot added the has-pr-checklist A PR Checklist is present on the PR label Dec 10, 2025
@github-actions
Copy link

github-actions bot commented Dec 10, 2025

Workflow PRCheck completed successfully

@hajekmi
Copy link
Contributor Author

hajekmi commented Dec 10, 2025
edited
Loading

cherry-pick-to: 20
cherry-pick-to: 22
cherry-pick-to: 23

@phoneben
Copy link
Contributor

phoneben commented Dec 10, 2025

can not be cherry picked to 20 ?

@hajekmi
Copy link
Contributor Author

hajekmi commented Dec 10, 2025

can not be cherry picked to 20 ?

Unfortunately, I don't know... version 20 - I don't know how good the Stasis is there... :)

@jcolp
Copy link
Member

jcolp commented Dec 10, 2025

The specific pattern of subscribing for ACL change events has been in use since 2013.

@hajekmi hajekmi force-pushed the fix_pjsip_wizard_acl_2 branch from 1e7350d to f4969bf Compare December 10, 2025 14:49
@jcolp
Copy link
Member

jcolp commented Dec 10, 2025

21 is security fix only and does not receive bug fixes. You should also not add an additional comment, but edit your existing one.

@github-actions
Copy link

github-actions bot commented Dec 10, 2025

Workflow PRCheck completed successfully

@hajekmi
Copy link
Contributor Author

hajekmi commented Dec 15, 2025

Does my last commit look okay? :)

@jcolp
Copy link
Member

jcolp commented Dec 15, 2025

It has yet to be reviewed, when it is then you'll see updates/comments/etc.

jcolp
jcolp requested changes Dec 15, 2025
View reviewed changes
@hajekmi hajekmi force-pushed the fix_pjsip_wizard_acl_2 branch from f4969bf to 7161035 Compare January 7, 2026 16:11
@github-actions
Copy link

github-actions bot commented Jan 7, 2026

Workflow PRCheck failed
master-pjs1: FAILED TEST: channels/pjsip/geolocation/incoming/basic
master-pjs1: FAILED TEST: channels/pjsip/geolocation/incoming/profile_precedence

jcolp
jcolp requested changes Jan 8, 2026
View reviewed changes
@hajekmi hajekmi force-pushed the fix_pjsip_wizard_acl_2 branch from 7161035 to d66cff4 Compare January 9, 2026 08:46
@hajekmi
Copy link
Contributor Author

hajekmi commented Feb 11, 2026

I think you can merge it. Thanks

@jcolp jcolp removed stale pr-submit-tests-failed has-pr-checklist A PR Checklist is present on the PR labels Feb 11, 2026
seanbright
seanbright reviewed Feb 11, 2026
View reviewed changes
@hajekmi hajekmi force-pushed the fix_pjsip_wizard_acl_2 branch from d66cff4 to fa071ed Compare February 11, 2026 12:55
@github-actions
Copy link

github-actions bot commented Feb 11, 2026

Workflow PRCheck failed
master-pjs1: FAILED TEST: channels/pjsip/geolocation/incoming/basic
master-pjs1: FAILED TEST: channels/pjsip/geolocation/incoming/profile_precedence
master-pjs1: FAILED TEST: channels/pjsip/message/message_redirect
master-pjs1: FAILED TEST: channels/pjsip/message/message_redirect_multiple
master-pjs2: FAILED TEST: channels/pjsip/dialplan_functions/pjsip_header

@asteriskteam
Copy link
Contributor

asteriskteam commented Mar 12, 2026

This PR has been marked stale because it has been in "Changes Requested" or "submitter-action-required" state for 28 days or more. Please make the requested changes within 14 days or the PR will be closed.

@seanbright seanbright added recheckpr Trigger PR recheck and removed stale labels Mar 13, 2026
@github-actions github-actions bot dismissed their stale review March 13, 2026 20:58

Pull Request Checklist Complete

@github-actions
Copy link

github-actions bot commented Mar 13, 2026

Workflow Check failed
master-ari1: FAILED TEST: rest_api/authentication_user_acl
master-pjs1: FAILED TEST: channels/pjsip/geolocation/incoming/basic
master-pjs1: FAILED TEST: channels/pjsip/geolocation/incoming/profile_precedence
master-pjs1: FAILED TEST: channels/pjsip/message/message_out_dialog
master-pjs1: FAILED TEST: channels/pjsip/message/message_redirect
master-pjs1: FAILED TEST: channels/pjsip/message/message_redirect_multiple
master-pjs2: FAILED TEST: channels/pjsip/dialplan_functions/pjsip_header

@hajekmi @seanbright
res_pjsip_config_wizard: Force reload on Named ACL change events
2498412 
Currently, endpoints created via the PJSIP Config Wizard do not update
their ACL rules if the underlying Named ACL (in acl.conf) changes.
This occurs because the wizard relies on file timestamp and content
caching of pjsip_wizard.conf, which remains unchanged during an external
ACL update. As a result, endpoints retain stale ACL rules even after
a reload.

This patch updates res_pjsip_config_wizard to subscribe to the
ast_named_acl_change_type Stasis event. A local generation counter is
incremented whenever an ACL change event is received.

During a reload, the wizard compares the current local generation against
the generation stored in the wizard object. If a change is detected:
1. The file cache optimization (CONFIG_FLAG_FILEUNCHANGED) is bypassed.
2. Wizard objects utilizing 'acl' or 'contact_acl' are forced to update,
   ensuring they pick up the new IP rules.

Signed-off-by: Michal Hajek [email protected]

Fixes: asterisk#1641
@seanbright seanbright force-pushed the fix_pjsip_wizard_acl_2 branch from fa071ed to 2498412 Compare March 13, 2026 21:19
@github-actions
Copy link

github-actions bot commented Mar 13, 2026

Workflow Check failed
master-pjs5: FAILED TEST: channels/pjsip/subscriptions/rls/lists_of_lists/nominal/mwi/batched

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@seanbright seanbright seanbright left review comments

@jcolp jcolp jcolp approved these changes

@github-actions github-actions[bot] github-actions[bot] left review comments

Assignees

No one assigned

Labels

pr-submit-tests-failed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[bug]: res_pjsip_config_wizard: Endpoints fail to update when Named ACLs change after reload

5 participants

@hajekmi @phoneben @jcolp @asteriskteam @seanbright