[asterisk-bugs] [JIRA] (ASTERISK-24291) res_srtp module stops working after about 35.000 processed calls

Matt Jordan (JIRA) noreply at issues.asterisk.org
Sat Aug 30 14:38:29 CDT 2014


     [ https://issues.asterisk.org/jira/browse/ASTERISK-24291?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Matt Jordan updated ASTERISK-24291:
-----------------------------------

    Description: 
When using encryption for RTP streams, asterisk does not accept any calls after about 35k calls (reproducable) have been processed correctly.
All further inbound and outbound calls are rejected with a 
"488 - Not Acceptable Here".

When this happens, one asterisk machine shows:

{noformat}
[2014-08-29 17:32:23.807] DEBUG[28500][C-00009387]: chan_sip.c:10530 process_sdp: Processing media-level (audio) SDP a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:cYswzW2zYpdgsVkKgQWvdbUSLedzlE8nByMqEYiI... UNSUPPORTED OR FAILED.
[2014-08-29 17:32:23.807] WARNING[28500][C-00009387]: chan_sip.c:10535 process_sdp: Rejecting secure audio stream without encryption details: audio 11070 RTP/SAVP 8 0 101
{noformat}

the destination asterisk shows:
{noformat}
WARNING[10222][C-0000883a]: chan_sip.c:12925 get_crypto_attrib: No SRTP key management enabled
{noformat}

Active srtp calls are not affected when this issue occurs, but all further Invites are rejected with the 488 response, so no more calls can be processed.

The only solution at the moment is to restart asterisk or to wait until no more SRTP calls are active and then unload res_srtp.so followed by loading the module again.

add info:
- problem occurs regardless of using SIP over TLS or SIP without TLS
- other (unencrypted) RTP connections are still working  

If you need further info, just let me know.

Thanks for checking into this!
Robert

    

  was:
When using encryption for RTP streams, asterisk does not accept any calls after about 35k calls (reproducable) have been processed correctly.
All further inbound and outbound calls are rejected with a 
"488 - Not Acceptable Here".

When this happens, one asterisk machine shows:

[2014-08-29 17:32:23.807] DEBUG[28500][C-00009387]: chan_sip.c:10530 process_sdp: Processing media-level (audio) SDP a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:cYswzW2zYpdgsVkKgQWvdbUSLedzlE8nByMqEYiI... UNSUPPORTED OR FAILED.
[2014-08-29 17:32:23.807] WARNING[28500][C-00009387]: chan_sip.c:10535 process_sdp: Rejecting secure audio stream without encryption details: audio 11070 RTP/SAVP 8 0 101

the destination asterisk shows:
WARNING[10222][C-0000883a]: chan_sip.c:12925 get_crypto_attrib: No SRTP key management enabled

Active srtp calls are not affected when this issue occurs, but all further Invites are rejected with the 488 response, so no more calls can be processed.

The only solution at the moment is to restart asterisk or to wait until no more SRTP calls are active and then unload res_srtp.so followed by loading the module again.

add info:
- problem occurs regardless of using SIP over TLS or SIP without TLS
- other (unencrypted) RTP connections are still working  

If you need further info, just let me know.

Thanks for checking into this!
Robert

    


> res_srtp module stops working after about 35.000 processed calls
> ----------------------------------------------------------------
>
>                 Key: ASTERISK-24291
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-24291
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_srtp
>    Affects Versions: 11.11.0, 11.12.0
>         Environment: Ubuntu 12.04.5 LTS (GNU/Linux 3.13.0-34-generic x86_64) running on HP DL360 G6/7, latest  libsrtp0 version 1.4.4+20100615~dfsg-1build, SIP only environment
>            Reporter: Robert H.
>            Assignee: Robert H.
>            Severity: Critical
>
> When using encryption for RTP streams, asterisk does not accept any calls after about 35k calls (reproducable) have been processed correctly.
> All further inbound and outbound calls are rejected with a 
> "488 - Not Acceptable Here".
> When this happens, one asterisk machine shows:
> {noformat}
> [2014-08-29 17:32:23.807] DEBUG[28500][C-00009387]: chan_sip.c:10530 process_sdp: Processing media-level (audio) SDP a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:cYswzW2zYpdgsVkKgQWvdbUSLedzlE8nByMqEYiI... UNSUPPORTED OR FAILED.
> [2014-08-29 17:32:23.807] WARNING[28500][C-00009387]: chan_sip.c:10535 process_sdp: Rejecting secure audio stream without encryption details: audio 11070 RTP/SAVP 8 0 101
> {noformat}
> the destination asterisk shows:
> {noformat}
> WARNING[10222][C-0000883a]: chan_sip.c:12925 get_crypto_attrib: No SRTP key management enabled
> {noformat}
> Active srtp calls are not affected when this issue occurs, but all further Invites are rejected with the 488 response, so no more calls can be processed.
> The only solution at the moment is to restart asterisk or to wait until no more SRTP calls are active and then unload res_srtp.so followed by loading the module again.
> add info:
> - problem occurs regardless of using SIP over TLS or SIP without TLS
> - other (unencrypted) RTP connections are still working  
> If you need further info, just let me know.
> Thanks for checking into this!
> Robert
>     



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list