[asterisk-bugs] [Asterisk 0014607]: chan_iax2.c: Packet Decrypt Failed! encrypted IAX2 during packet loss causes hangup and end of call

Asterisk Bug Tracker noreply at bugs.digium.com
Wed Mar 11 12:25:33 CDT 2009


A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=14607 
====================================================================== 
Reported By:                stevenla
Assigned To:                dvossel
====================================================================== 
Project:                    Asterisk
Issue ID:                   14607
Category:                   Channels/chan_iax2
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     assigned
Asterisk Version:           1.4.23 
Regression:                 No 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Request Review:              
====================================================================== 
Date Submitted:             2009-03-04 22:20 CST
Last Modified:              2009-03-11 12:25 CDT
====================================================================== 
Summary:                    chan_iax2.c: Packet Decrypt Failed!  encrypted IAX2
during packet loss causes hangup and end of call
Description: 
When using an encrypted IAX2 session and the call encounters normal packet
loss, at the point the packet loss occures the error log places the errors
below in the error and the call is unrecoverable and hangs up  

using the same configuration while turning off encryption the problem 
no longer occures
-----------Cut------------------
..
..
..
..
[Mar  2 18:11:04] NOTICE[4477] chan_iax2.c: Packet Decrypt Failed!
[Mar  2 18:11:05] NOTICE[4477] chan_iax2.c: Packet Decrypt Failed!
[Mar  2 18:11:05] NOTICE[4479] chan_iax2.c: Packet Decrypt Failed!
[Mar  2 18:11:14] NOTICE[4483] chan_iax2.c: Packet Decrypt Failed!
[Mar  2 18:11:14] NOTICE[4484] chan_iax2.c: Packet Decrypt Failed!
[Mar  2 18:11:15] NOTICE[4481] chan_iax2.c: Packet Decrypt Failed!
[Mar  2 18:11:15] NOTICE[4479] chan_iax2.c: Packet Decrypt Failed!
[Mar  2 18:11:15] NOTICE[4480] chan_iax2.c: Packet Decrypt Failed!
[Mar  2 18:11:24] NOTICE[4483] chan_iax2.c: Packet Decrypt Failed!
[Mar  2 18:11:24] NOTICE[4484] chan_iax2.c: Packet Decrypt Failed!
[Mar  2 18:11:25] NOTICE[4481] chan_iax2.c: Packet Decrypt Failed!
[Mar  2 18:11:25] WARNING[4478] chan_iax2.c: Max retries exceeded to host
xx.xx.xx.xx on IAX2/XXXXXX.ip-16384 (type = 6, subclass = 2, ts=630048,
seqno=184)
----------------Cut----------------
====================================================================== 

---------------------------------------------------------------------- 
 (0101562) svnbot (reporter) - 2009-03-11 12:25
 http://bugs.digium.com/view.php?id=14607#c101562 
---------------------------------------------------------------------- 
Repository: asterisk
Revision: 181340

U   branches/1.4/channels/chan_iax2.c
U   branches/1.4/channels/iax2-parser.h

------------------------------------------------------------------------
r181340 | dvossel | 2009-03-11 12:25:31 -0500 (Wed, 11 Mar 2009) | 11
lines

encrypted IAX2 during packet loss causes decryption to fail on
retransmitted frames

If an iax channel is encrypted, and a retransmit frame is sent, that
packet's iseqno is updated while it is encrypted.  This causes the entire
frame to be corrupted.  When the corrupted frame is sent, the other side
decrypts it and sends a VNAK back because the decrypted frame doesn't make
any sense.  When we get the VNAK, we look through the sent queue and send
the same corrupted frame causing a loop.  To fix this, encrypted frames
requiring retransmission are decrypted, updated, then re-encrypted.  Since
key-rotation may change the key held by the pvt struct, the keys used for
encryption/decryption are held within the iax_frame to guarantee they
remain correct.

(closes issue http://bugs.digium.com/view.php?id=14607)
Reported by: stevenla
Tested by: dvossel

Review: http://reviewboard.digium.com/r/192/


------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=181340 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2009-03-11 12:25 svnbot         Note Added: 0101562                          
======================================================================




More information about the asterisk-bugs mailing list