kenmirrors
/
freeswitch
mirror of https://github.com/signalwire/freeswitch.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix mitm to be more reliable 

git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@13443 d0543943-73ff-0310-b7d9-9358b9ac24b2
This commit is contained in:
Brian West 2009-05-27 01:40:11 +00:00
parent f382d5327c
commit d9c41bc7b4
2 changed files with 28 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/include/switch_types.h
View File

@ -499,7 +499,8 @@ typedef enum {
SWITCH_RTP_FLAG_STICKY_FLUSH = (1 << 22),
SWITCH_ZRTP_FLAG_SECURE_SEND = (1 << 23),
SWITCH_ZRTP_FLAG_SECURE_RECV = (1 << 24),
SWITCH_ZRTP_FLAG_SECURE_MITM = (1 << 25)
SWITCH_ZRTP_FLAG_SECURE_MITM_SEND = (1 << 25),
SWITCH_ZRTP_FLAG_SECURE_MITM_RECV = (1 << 26)
} switch_rtp_flag_enum_t;
typedef uint32_t switch_rtp_flag_t;

27
src/switch_rtp.c
View File

@ -445,7 +445,8 @@ static void zrtp_event_callback(zrtp_stream_t *stream, unsigned event)
case ZRTP_EVENT_IS_SECURE:
switch_set_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_SEND);
switch_set_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_RECV);
switch_set_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM);
switch_set_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND);
switch_set_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_RECV);
if (zrtp_status_ok == zrtp_session_get(rtp_session->zrtp_session, &zrtp_session_info)) {
if (zrtp_session_info.sas_is_ready) {
@ -510,7 +511,8 @@ static void zrtp_event_callback(zrtp_stream_t *stream, unsigned event)
case ZRTP_EVENT_IS_PENDINGCLEAR:
switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_SEND);
switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_RECV);
switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM);
switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND);
switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_RECV);
rtp_session->zrtp_mitm_tries = 0;
break;
case ZRTP_EVENT_NO_ZRTP:
@ -2257,14 +2259,20 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_zerocopy_read_frame(switch_rtp_t *rtp
frame->m = rtp_session->recv_msg.header.m ? SWITCH_TRUE : SWITCH_FALSE;
#ifdef ENABLE_ZRTP
if (zrtp_on && switch_test_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM)) {
if (zrtp_on && switch_test_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_RECV)) {
zrtp_session_info_t zrtp_session_info;
if (zrtp_status_ok == zrtp_session_get(rtp_session->zrtp_session, &zrtp_session_info)) {
if (zrtp_session_info.sas_is_ready) {
frame->extra_data = rtp_session->zrtp_ctx;
switch_set_flag(frame, SFF_ZRTP);
if (rtp_session->zrtp_mitm_tries > 10) {
switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM);
if (rtp_session->zrtp_mitm_tries > 20) {
switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_RECV);
}
rtp_session->zrtp_mitm_tries++;
}
}
}
#endif
if (bytes < 0) {
@ -2689,13 +2697,18 @@ SWITCH_DECLARE(int) switch_rtp_write_frame(switch_rtp_t *rtp_session, switch_fra
}
#ifdef ENABLE_ZRTP
if (zrtp_on && switch_test_flag(frame, SFF_ZRTP)) {
if (zrtp_on && switch_test_flag(frame, SFF_ZRTP) && switch_test_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND)) {
zrtp_session_info_t zrtp_session_info;
if (zrtp_status_ok == zrtp_session_get(rtp_session->zrtp_session, &zrtp_session_info)) {
if (zrtp_session_info.sas_is_ready) {
if (zrtp_status_ok == zrtp_resolve_mitm_call(frame->extra_data, rtp_session->zrtp_ctx)) {
switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM);
switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND);
}
rtp_session->zrtp_mitm_tries++;
}
}
}
#endif
fwd = (switch_test_flag(rtp_session, SWITCH_RTP_FLAG_RAW_WRITE) && switch_test_flag(frame, SFF_RAW_RTP)) ? 1 : 0;