From d9c41bc7b4fbfbddb6601b60c1acabee6491e254 Mon Sep 17 00:00:00 2001 From: Brian West Date: Wed, 27 May 2009 01:40:11 +0000 Subject: [PATCH] fix mitm to be more reliable git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@13443 d0543943-73ff-0310-b7d9-9358b9ac24b2 --- src/include/switch_types.h | 3 ++- src/switch_rtp.c | 39 +++++++++++++++++++++++++------------- 2 files changed, 28 insertions(+), 14 deletions(-) diff --git a/src/include/switch_types.h b/src/include/switch_types.h index 6d828b7a91..be2266bb78 100644 --- a/src/include/switch_types.h +++ b/src/include/switch_types.h @@ -499,7 +499,8 @@ typedef enum { SWITCH_RTP_FLAG_STICKY_FLUSH = (1 << 22), SWITCH_ZRTP_FLAG_SECURE_SEND = (1 << 23), SWITCH_ZRTP_FLAG_SECURE_RECV = (1 << 24), - SWITCH_ZRTP_FLAG_SECURE_MITM = (1 << 25) + SWITCH_ZRTP_FLAG_SECURE_MITM_SEND = (1 << 25), + SWITCH_ZRTP_FLAG_SECURE_MITM_RECV = (1 << 26) } switch_rtp_flag_enum_t; typedef uint32_t switch_rtp_flag_t; diff --git a/src/switch_rtp.c b/src/switch_rtp.c index 62ad9ffc7e..3ab899a6aa 100644 --- a/src/switch_rtp.c +++ b/src/switch_rtp.c @@ -445,7 +445,8 @@ static void zrtp_event_callback(zrtp_stream_t *stream, unsigned event) case ZRTP_EVENT_IS_SECURE: switch_set_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_SEND); switch_set_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_RECV); - switch_set_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM); + switch_set_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND); + switch_set_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_RECV); if (zrtp_status_ok == zrtp_session_get(rtp_session->zrtp_session, &zrtp_session_info)) { if (zrtp_session_info.sas_is_ready) { @@ -510,7 +511,8 @@ static void zrtp_event_callback(zrtp_stream_t *stream, unsigned event) case ZRTP_EVENT_IS_PENDINGCLEAR: switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_SEND); switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_RECV); - switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM); + switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND); + switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_RECV); rtp_session->zrtp_mitm_tries = 0; break; case ZRTP_EVENT_NO_ZRTP: @@ -2257,13 +2259,19 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_zerocopy_read_frame(switch_rtp_t *rtp frame->m = rtp_session->recv_msg.header.m ? SWITCH_TRUE : SWITCH_FALSE; #ifdef ENABLE_ZRTP - if (zrtp_on && switch_test_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM)) { - frame->extra_data = rtp_session->zrtp_ctx; - switch_set_flag(frame, SFF_ZRTP); - if (rtp_session->zrtp_mitm_tries > 10) { - switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM); + if (zrtp_on && switch_test_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_RECV)) { + zrtp_session_info_t zrtp_session_info; + + if (zrtp_status_ok == zrtp_session_get(rtp_session->zrtp_session, &zrtp_session_info)) { + if (zrtp_session_info.sas_is_ready) { + frame->extra_data = rtp_session->zrtp_ctx; + switch_set_flag(frame, SFF_ZRTP); + if (rtp_session->zrtp_mitm_tries > 20) { + switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_RECV); + } + rtp_session->zrtp_mitm_tries++; + } } - rtp_session->zrtp_mitm_tries++; } #endif @@ -2689,12 +2697,17 @@ SWITCH_DECLARE(int) switch_rtp_write_frame(switch_rtp_t *rtp_session, switch_fra } #ifdef ENABLE_ZRTP - if (zrtp_on && switch_test_flag(frame, SFF_ZRTP)) { - - if (zrtp_status_ok == zrtp_resolve_mitm_call(frame->extra_data, rtp_session->zrtp_ctx)) { - switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM); + if (zrtp_on && switch_test_flag(frame, SFF_ZRTP) && switch_test_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND)) { + zrtp_session_info_t zrtp_session_info; + + if (zrtp_status_ok == zrtp_session_get(rtp_session->zrtp_session, &zrtp_session_info)) { + if (zrtp_session_info.sas_is_ready) { + if (zrtp_status_ok == zrtp_resolve_mitm_call(frame->extra_data, rtp_session->zrtp_ctx)) { + switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND); + } + rtp_session->zrtp_mitm_tries++; + } } - rtp_session->zrtp_mitm_tries++; } #endif