[asterisk-bugs] [JIRA] (ASTERISK-28018) IP Fragmentation happening instead of DTLS fragmentation on handshake server hello certificate

Joshua Colp (JIRA) noreply at issues.asterisk.org
Tue Aug 21 05:17:54 CDT 2018 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-28018?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=244551#comment-244551 ] 

Joshua Colp edited comment on ASTERISK-28018 at 8/21/18 5:17 AM:
-----------------------------------------------------------------

i also tried 

<code removed>

in dtls_details_initialize function in res_rtp_asterisk.c but still ip fragmentation happening in wireshark.


was (Author: vijaykumar at drishti-soft.com):
i also tried 
int socket_mtu = 1000;
		 if (socket_mtu) {
		            if (socket_mtu < DTLS_get_link_min_mtu(dtls->ssl)) {
		            	ast_log(LOG_ERROR, "MTU too small. Must be at least %ld\n",
		                           DTLS_get_link_min_mtu(dtls->ssl));
		                BIO_free(dtls->write_bio);

		            } else {
		            	SSL_set_options(dtls->ssl, SSL_OP_NO_QUERY_MTU);
		            		            if (!DTLS_set_link_mtu(dtls->ssl, socket_mtu)) {
		            		                ast_log(LOG_ERROR, "Failed to set MTU\n");
		            		                BIO_free(dtls->write_bio);
		            		            }
		            }

		        } else {
		            BIO_ctrl(dtls->write_bio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
		  }

in dtls_details_initialize function in res_rtp_asterisk.c but still ip fragmentation happening in wireshark.

> IP Fragmentation happening instead of DTLS fragmentation on handshake server hello certificate
> ----------------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-28018
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28018
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_rtp_asterisk
>    Affects Versions: 13.16.0
>            Reporter: vijay kumar
>              Labels: security, webrtc
>         Attachments: dtls ip fragment.pcapng
>
>
> When checking in wireshark.
> IP Fragmentation happening instead of DTLS fragmentation on handshake server hello certificate.
> How can i avoid ip fragmentation in case of webrtc and asterisk 13. dtls handshake server hello certificate packet.?
>  



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list