<p>Jenkins2 <strong>merged</strong> this change.</p><p><a href="https://gerrit.asterisk.org/6521">View Change</a></p><div style="white-space:pre-wrap">Approvals:
Richard Mudgett: Looks good to me, but someone else must approve
Joshua Colp: Looks good to me, approved
Jenkins2: Approved for Submit
</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">res_srtp: lower log level of auth failures<br><br>Previously, sRTP authentication failures were reported on log level WARNING.<br>When such failures happen, each RT(C)P packet is affected, spamming the log.<br>Now, those failures are reported at log level VERBOSE 2. Furthermore, the<br>amount is further reduced (previously all two seconds, now all three seconds).<br>Additionally, the new log entry informs whether media (RTP) or statistics (RTCP)<br>are affected.<br><br>ASTERISK-16898 #close<br><br>Change-Id: I6c98d46b711f56e08655abeb01c951ab8e8d7fa0<br>---<br>M res/res_srtp.c<br>1 file changed, 19 insertions(+), 4 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">diff --git a/res/res_srtp.c b/res/res_srtp.c<br>index caedfb6..295c332 100644<br>--- a/res/res_srtp.c<br>+++ b/res/res_srtp.c<br>@@ -446,11 +446,26 @@<br> }<br> <br> if (res != err_status_ok && res != err_status_replay_fail ) {<br>- if ((srtp->warned >= 10) && !((srtp->warned - 10) % 100)) {<br>- ast_log(AST_LOG_WARNING, "SRTP unprotect failed with: %s %d\n", srtp_errstr(res), srtp->warned);<br>- srtp->warned = 11;<br>+ /*<br>+ * Authentication failures happen when an active attacker tries to<br>+ * insert malicious RTP packets. Furthermore, authentication failures<br>+ * happen, when the other party encrypts the sRTP data in an unexpected<br>+ * way. This happens quite often with RTCP. Therefore, when you see<br>+ * authentication failures, try to identify the implementation<br>+ * (author and product name) used by your other party. Try to investigate<br>+ * whether they use a custom library or an outdated version of libSRTP.<br>+ */<br>+ if (rtcp) {<br>+ ast_verb(2, "SRTCP unprotect failed on SSRC %u because of %s\n",<br>+ ast_rtp_instance_get_ssrc(srtp->rtp), srtp_errstr(res));<br> } else {<br>- srtp->warned++;<br>+ if ((srtp->warned >= 10) && !((srtp->warned - 10) % 150)) {<br>+ ast_verb(2, "SRTP unprotect failed on SSRC %u because of %s %d\n",<br>+ ast_rtp_instance_get_ssrc(srtp->rtp), srtp_errstr(res), srtp->warned);<br>+ srtp->warned = 11;<br>+ } else {<br>+ srtp->warned++;<br>+ }<br> }<br> errno = EAGAIN;<br> return -1;<br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/6521">change 6521</a>. To unsubscribe, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/6521"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-MessageType: merged </div>
<div style="display:none"> Gerrit-Change-Id: I6c98d46b711f56e08655abeb01c951ab8e8d7fa0 </div>
<div style="display:none"> Gerrit-Change-Number: 6521 </div>
<div style="display:none"> Gerrit-PatchSet: 2 </div>
<div style="display:none"> Gerrit-Owner: Alexander Traud <pabstraud@compuserve.com> </div>
<div style="display:none"> Gerrit-Reviewer: Alexander Traud <pabstraud@compuserve.com> </div>
<div style="display:none"> Gerrit-Reviewer: Jenkins2 </div>
<div style="display:none"> Gerrit-Reviewer: Joshua Colp <jcolp@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Richard Mudgett <rmudgett@digium.com> </div>