[asterisk-bugs] [Asterisk 0014607]: chan_iax2.c: Packet Decrypt Failed! encrypted IAX2 during packet loss causes hangup and end of call
Asterisk Bug Tracker
noreply at bugs.digium.com
Wed Mar 11 12:25:33 CDT 2009
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=14607
======================================================================
Reported By: stevenla
Assigned To: dvossel
======================================================================
Project: Asterisk
Issue ID: 14607
Category: Channels/chan_iax2
Reproducibility: always
Severity: major
Priority: normal
Status: assigned
Asterisk Version: 1.4.23
Regression: No
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Request Review:
======================================================================
Date Submitted: 2009-03-04 22:20 CST
Last Modified: 2009-03-11 12:25 CDT
======================================================================
Summary: chan_iax2.c: Packet Decrypt Failed! encrypted IAX2
during packet loss causes hangup and end of call
Description:
When using an encrypted IAX2 session and the call encounters normal packet
loss, at the point the packet loss occures the error log places the errors
below in the error and the call is unrecoverable and hangs up
using the same configuration while turning off encryption the problem
no longer occures
-----------Cut------------------
..
..
..
..
[Mar 2 18:11:04] NOTICE[4477] chan_iax2.c: Packet Decrypt Failed!
[Mar 2 18:11:05] NOTICE[4477] chan_iax2.c: Packet Decrypt Failed!
[Mar 2 18:11:05] NOTICE[4479] chan_iax2.c: Packet Decrypt Failed!
[Mar 2 18:11:14] NOTICE[4483] chan_iax2.c: Packet Decrypt Failed!
[Mar 2 18:11:14] NOTICE[4484] chan_iax2.c: Packet Decrypt Failed!
[Mar 2 18:11:15] NOTICE[4481] chan_iax2.c: Packet Decrypt Failed!
[Mar 2 18:11:15] NOTICE[4479] chan_iax2.c: Packet Decrypt Failed!
[Mar 2 18:11:15] NOTICE[4480] chan_iax2.c: Packet Decrypt Failed!
[Mar 2 18:11:24] NOTICE[4483] chan_iax2.c: Packet Decrypt Failed!
[Mar 2 18:11:24] NOTICE[4484] chan_iax2.c: Packet Decrypt Failed!
[Mar 2 18:11:25] NOTICE[4481] chan_iax2.c: Packet Decrypt Failed!
[Mar 2 18:11:25] WARNING[4478] chan_iax2.c: Max retries exceeded to host
xx.xx.xx.xx on IAX2/XXXXXX.ip-16384 (type = 6, subclass = 2, ts=630048,
seqno=184)
----------------Cut----------------
======================================================================
----------------------------------------------------------------------
(0101562) svnbot (reporter) - 2009-03-11 12:25
http://bugs.digium.com/view.php?id=14607#c101562
----------------------------------------------------------------------
Repository: asterisk
Revision: 181340
U branches/1.4/channels/chan_iax2.c
U branches/1.4/channels/iax2-parser.h
------------------------------------------------------------------------
r181340 | dvossel | 2009-03-11 12:25:31 -0500 (Wed, 11 Mar 2009) | 11
lines
encrypted IAX2 during packet loss causes decryption to fail on
retransmitted frames
If an iax channel is encrypted, and a retransmit frame is sent, that
packet's iseqno is updated while it is encrypted. This causes the entire
frame to be corrupted. When the corrupted frame is sent, the other side
decrypts it and sends a VNAK back because the decrypted frame doesn't make
any sense. When we get the VNAK, we look through the sent queue and send
the same corrupted frame causing a loop. To fix this, encrypted frames
requiring retransmission are decrypted, updated, then re-encrypted. Since
key-rotation may change the key held by the pvt struct, the keys used for
encryption/decryption are held within the iax_frame to guarantee they
remain correct.
(closes issue http://bugs.digium.com/view.php?id=14607)
Reported by: stevenla
Tested by: dvossel
Review: http://reviewboard.digium.com/r/192/
------------------------------------------------------------------------
http://svn.digium.com/view/asterisk?view=rev&revision=181340
Issue History
Date Modified Username Field Change
======================================================================
2009-03-11 12:25 svnbot Note Added: 0101562
======================================================================
More information about the asterisk-bugs
mailing list