He was running Asterisk trunk running IAX2 calls through a few Asterisk boxes,
however, the audio was extremely choppy. We looked at a packet trace and saw
a storm of INVAL and VNAK frames being sent from one box to another.
It turned out that what had happened was that one box tried to send a CONTROL
frame before the 3 way handshake had completed. So, that frame did not include
the destination call number, because it didn't have it yet. Part of our recent
work for security issues included an additional check to ensure that frames that
are supposed to include the destination call number have the correct one. This
caused the frame to be rejected with an INVAL. The frame would get retransmitted
for forever, rejected every time ...
This race condition exists in all versions that got the security changes,
in theory. However, it is really only likely that this would cause a problem in
Asterisk trunk. There was a control frame being sent (SRCUPDATE) at the _very_
beginning of the call, which does not exist in 1.2 or 1.4. However, I am fixing
all versions that could potentially be affected by the introduced race condition.
These changes are what bbryant and I came up with to fix the issue. Instead of
simply dropping control frames that get sent before the handshake is complete,
the code attempts to wait a little while, since in most cases, the handshake
will complete very quickly. If it doesn't complete after yielding for a little
while, then the frame gets dropped.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.2@115564 65c4cc65-6c06-0410-ace0-fbb531ad65f3
These changes address a critical performance issue introduced in the latest
release. The fix for the latest security issue included a change that made
Asterisk randomly choose call numbers to make them more difficult to guess by
attackers. However, due to some inefficient (this is by far, an understatement)
code, when Asterisk chose high call numbers, chan_iax2 became unusable after
just a small number of calls. On a small embedded platform, it would not be
able to handle a single call. On my Intel Core 2 Duo @ 2.33 GHz, I couldn't
run more than about 16 IAX2 channels. Ouch.
These changes address some performance issues of the find_callno() function
that have bothered me for a very long time. On every incoming media frame,
it iterated through every possible call number trying to find a matching
active call. This involved a mutex lock and unlock for each call number
checked. So, if the random call number chosen was 20000, then every media
frame would cause 20000 locks and unlocks. Previously, this problem was
not as obvious since Asterisk always chose the lowest call number it could.
A second container for IAX2 pvt structs has been added. It is an astobj2
hash table. When we know the remote side's call number, the pvt goes into
the hash table with a hash value of the remote side's call number. Then,
lookups for incoming media frames are a very fast hash lookup instead of an
absolutely insane array traversal.
In a quick test, I was able to get more than 3600% more IAX2 channels
on my machine with these changes.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.2@115296 65c4cc65-6c06-0410-ace0-fbb531ad65f3
fix. The dnsmgr is not appropriate here. The dnsmgr takes a pointer to an address
structure that a background thread continuously updates. However, in these cases,
a stack variable was passed. That means that the dnsmgr thread would be continuously
writing to bogus memory.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.2@110335 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Reported by: tyler
Do not force channel format changes when a generator is present. The generator may have changed the formats itself and changing them back would cause issues.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.2@76653 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Reported by: homesick
Patches:
rpid_1.4_75840.patch uploaded by homesick (license 91)
Accept Remote Party ID on guest calls.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.2@76560 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Reported by: fkasumovic
Patches:
chan_sip.patch uploaded by fkasumovic (license #101)
Drop any peer realm authentication entries when reloading so multiple entries do not get added to the peer.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.2@76080 65c4cc65-6c06-0410-ace0-fbb531ad65f3
deciding whether or not we need to request retransmissions by sending a VNAK.
This code could cause VNAKs to be sent erroneously in some cases, and to not
be sent in other cases when it should have been.
(closes issue #10237, reported and patched by mihai)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.2@75927 65c4cc65-6c06-0410-ace0-fbb531ad65f3
receiving a VNAK, handle sequence number wraparound so that all frames that
should be retransmitted actually do get retransmitted.
(issue #10227, reported and patched by mihai)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.2@75757 65c4cc65-6c06-0410-ace0-fbb531ad65f3
the size of the destination buffer is known in the iax_frame so that code
won't write past the end of the allocated buffer when sending outgoing frames.
(ASA-2007-014)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.2@75444 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Reported by: mmacvicar
Patches submitted by: bbryant, russell
Tested by: mmacvicar, marco, arcivanov, jmhunter, explidous
When using a TDM400P (and probably other analog cards) there was a chance that
you could hang up and pick the phone back up where it has been long enough to
be not considered a flash hook, but too soon such that the device reports that
it is busy and the person on the phone will only hear silence. This patch
makes chan_zap more tolerant of this and gives the device a couple of seconds
to succeed so the person on the phone happily gets their dialtone.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.2@75052 65c4cc65-6c06-0410-ace0-fbb531ad65f3
number. Fix the uses of this function to handle this instead of treating it
as the new call number. This would cause a deadlock and memory corruption.
(possible cause of issue #9614 and others, patch by me)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.2@74766 65c4cc65-6c06-0410-ace0-fbb531ad65f3
disallowed when reloading some/most PRI options (such as signalling) was disallowed.
Options such as polarityonanswerdelay and answeronpolarityswitch can safely be changed on a reload.
This corrects that behavior.
Issue 9186, patch by tzafrir.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.2@74158 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Reported by: makoto
Patches submitted by: makoto
This fixes a crash in chan_sip that happens when the bindaddr setting is not
valid on Asterisk startup, gets fixed, and then a reload gets issued.
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.2@73678 65c4cc65-6c06-0410-ace0-fbb531ad65f3
when a PRI disconnect is received depending on which cause code was received.
(issue #9588, original patch by softins, updated patch from jtexter3, and some
additional feedback from mhardeman)
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.2@70396 65c4cc65-6c06-0410-ace0-fbb531ad65f3
