[asterisk-bugs] [Asterisk 0014386]: [patch] 1.2.31.1 changes create storm of IAX2 register authentication retries

Asterisk Bug Tracker noreply at bugs.digium.com
Tue Feb 17 08:36:42 CST 2009 

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=14386 
====================================================================== 
Reported By:                sabbathbh
Assigned To:                Corydon76
====================================================================== 
Project:                    Asterisk
Issue ID:                   14386
Category:                   Channels/chan_iax2
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     ready for testing
Asterisk Version:           1.2.X 
Regression:                 No 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!): 170690 
Request Review:              
====================================================================== 
Date Submitted:             2009-02-02 09:05 CST
Last Modified:              2009-02-17 08:36 CST
====================================================================== 
Summary:                    [patch] 1.2.31.1 changes create storm of IAX2
register authentication retries
Description: 
The changes on chan_iax2.c from 1.2.30.4 to 1.2.31.1 created this bug:

If "A" tries to register on "B" and the RSA key from "A" does not match
the key on "inkeys" on "B", "B" do not send a "REGREJ", instead it sends a
"REGAUTH" with a new "CHALLENGE", then "A" send a new "REGREQ" for this
"CHALLENGE" with the same wrong RSA key and it loops forever on this (with
a storm of REGREQ <--> REGAUTH packets).

The console from the server ("B") will be flooded with this:

Feb  2 12:00:35 NOTICE[24093]: chan_iax2.c:5436 register_verify: Host
planetfoneclient failed RSA authentication with inkeys 'planetfoneclient'
Feb  2 12:00:35 NOTICE[24093]: chan_iax2.c:5436 register_verify: Host
planetfoneclient failed RSA authentication with inkeys 'planetfoneclient'
Feb  2 12:00:35 NOTICE[24093]: chan_iax2.c:5436 register_verify: Host
planetfoneclient failed RSA authentication with inkeys 'planetfoneclient'
Feb  2 12:00:35 NOTICE[24093]: chan_iax2.c:5436 register_verify: Host
planetfoneclient failed RSA authentication with inkeys 'planetfoneclient'
Feb  2 12:00:35 NOTICE[24093]: chan_iax2.c:5436 register_verify: Host
planetfoneclient failed RSA authentication with inkeys 'planetfoneclient'
Feb  2 12:00:35 NOTICE[24093]: chan_iax2.c:5436 register_verify: Host
planetfoneclient failed RSA authentication with inkeys 'planetfoneclient'
Feb  2 12:00:35 NOTICE[24093]: chan_iax2.c:5436 register_verify: Host
planetfoneclient failed RSA authentication with inkeys 'planetfoneclient'
Feb  2 12:00:35 NOTICE[24093]: chan_iax2.c:5436 register_verify: Host
planetfoneclient failed RSA authentication with inkeys 'planetfoneclient'
Feb  2 12:00:35 NOTICE[24093]: chan_iax2.c:5436 register_verify: Host
planetfoneclient failed RSA authentication with inkeys 'planetfoneclient'
Feb  2 12:00:35 NOTICE[24093]: chan_iax2.c:5436 register_verify: Host
planetfoneclient failed RSA authentication with inkeys 'planetfoneclient'

See the IAX2 debug on additional information.

====================================================================== 

---------------------------------------------------------------------- 
 (0100245) sabbathbh (reporter) - 2009-02-17 08:36
 http://bugs.digium.com/view.php?id=14386#c100245 
---------------------------------------------------------------------- 
This patch fixed the storm when the RSA key is invalid but it broke the
register authentication when the RSA key is valid. Now the server always
rejects authentication:

Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 000 Type: IAX     Subclass:
REGREQ
   Timestamp: 00012ms  SCall: 08699  DCall: 00000 [192.168.0.1:4569]
   USERNAME        : planetfoneclient
   REFRESH         : 60

Tx-Frame Retry[000] -- OSeqno: 000 ISeqno: 001 Type: IAX     Subclass:
REGREJ
   Timestamp: 00013ms  SCall: 12982  DCall: 08699 [192.168.0.1:4569]
   CAUSE           : Registration Refused
   CAUSE CODE      : 29

Tx-Frame Retry[000] -- OSeqno: 001 ISeqno: 001 Type: IAX     Subclass:
REGAUTH
   Timestamp: 00016ms  SCall: 12982  DCall: 08699 [192.168.0.1:4569]
   AUTHMETHODS     : 4
   CHALLENGE       : 101018474
   USERNAME        : planetfoneclient

Rx-Frame Retry[ No] -- OSeqno: 001 ISeqno: 001 Type: IAX     Subclass:
ACK
   Timestamp: 00013ms  SCall: 08699  DCall: 12982 [192.168.0.1:4569]
Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 000 Type: IAX     Subclass:
INVAL
   Timestamp: 00000ms  SCall: 08699  DCall: 12982 [192.168.0.1:4569] 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2009-02-17 08:36 sabbathbh      Note Added: 0100245                          
======================================================================

More information about the asterisk-bugs mailing list