[asterisk-bugs] [JIRA] (ASTERISK-24291) res_srtp module stops working after about 35.000 processed calls

Robert Hirschmann (JIRA) noreply at issues.asterisk.org
Sat Sep 13 12:20:29 CDT 2014 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-24291?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Robert Hirschmann updated ASTERISK-24291:
-----------------------------------------

    Status: Waiting for Feedback  (was: Waiting for Feedback)

Hello Rusty,

I just reproduced the issue.
Everyime it happens exactly between srtp call 34852 and 34853.
I have set "rtp set debug on" as well, but the logfile does not contain the rtp debug output.
Is there any additional keyword in logger.conf I need to enable?
Currently I use:
{noformat}
issue_24291_full_log => notice,warning,error,debug,verbose,dtmf
{noformat}

The other debug output in the file is the same as in the last trace I've sent.
The first thing I see is the "no srtp key management" message but nothing else:
{noformat}
[2014-09-13 19:00:03.425] DEBUG[29254][C-00008825] chan_sip.c: ** Our capability: (ulaw|alaw) Video flag: False Text flag: False
[2014-09-13 19:00:03.425] DEBUG[29254][C-00008825] chan_sip.c: ** Our prefcodec: (alaw) 
[2014-09-13 19:00:03.425] VERBOSE[29254][C-00008825] chan_sip.c: [2014-09-13 19:00:03.425] Audio is at 18496
[2014-09-13 19:00:03.425] WARNING[29254][C-00008825] chan_sip.c: No SRTP key management enabled
[2014-09-13 19:00:03.425] VERBOSE[29254][C-00008825] chan_sip.c: [2014-09-13 19:00:03.425] Adding codec 100004 (alaw) to SDP
[2014-09-13 19:00:03.425] VERBOSE[29254][C-00008825] chan_sip.c: [2014-09-13 19:00:03.425] Adding codec 100003 (ulaw) to SDP
[2014-09-13 19:00:03.425] DEBUG[29254][C-00008825] chan_sip.c: -- Done with adding codecs to SDP
[2014-09-13 19:00:03.425] DEBUG[29254][C-00008825] chan_sip.c: Done building SDP. Settling with this capability: (ulaw|alaw)
{noformat}

Do I need to increase the debug level to something higher than 5?
I could also trace RTP with tcpdump, but it might be useless because it's encrypted...

Thanks for your feedback,
Robert

> res_srtp module stops working after about 35.000 processed calls
> ----------------------------------------------------------------
>
>                 Key: ASTERISK-24291
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-24291
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/SRTP, Resources/res_srtp
>    Affects Versions: 11.11.0, 11.12.0
>         Environment: Ubuntu 12.04.5 LTS (GNU/Linux 3.13.0-34-generic x86_64) running on HP DL360 G6/7, latest  libsrtp0 version 1.4.4+20100615~dfsg-1build, SIP only environment
>            Reporter: Robert Hirschmann
>            Assignee: Robert Hirschmann
>            Severity: Critical
>         Attachments: issue_24291_full_log.14.txt
>
>
> When using encryption for RTP streams, asterisk does not accept any calls after about 35k calls (reproducable) have been processed correctly.
> All further inbound and outbound calls are rejected with a 
> "488 - Not Acceptable Here".
> When this happens, one asterisk machine shows:
> {noformat}
> [2014-08-29 17:32:23.807] DEBUG[28500][C-00009387]: chan_sip.c:10530 process_sdp: Processing media-level (audio) SDP a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:cYswzW2zYpdgsVkKgQWvdbUSLedzlE8nByMqEYiI... UNSUPPORTED OR FAILED.
> [2014-08-29 17:32:23.807] WARNING[28500][C-00009387]: chan_sip.c:10535 process_sdp: Rejecting secure audio stream without encryption details: audio 11070 RTP/SAVP 8 0 101
> {noformat}
> the destination asterisk shows:
> {noformat}
> WARNING[10222][C-0000883a]: chan_sip.c:12925 get_crypto_attrib: No SRTP key management enabled
> {noformat}
> Active srtp calls are not affected when this issue occurs, but all further Invites are rejected with the 488 response, so no more calls can be processed.
> The only solution at the moment is to restart asterisk or to wait until no more SRTP calls are active and then unload res_srtp.so followed by loading the module again.
> add info:
> - problem occurs regardless of using SIP over TLS or SIP without TLS
> - other (unencrypted) RTP connections are still working  
> If you need further info, just let me know.
> Thanks for checking into this!
> Robert
>     



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list