<p>Walter Doekes has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.asterisk.org/c/asterisk/+/13678">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">chan_sip: Return 503 if we're out of RTP ports<br><br>If you're for some reason out of RTP ports, chan_sip would previously<br>responde to an INVITE with a 403, which will fail the call.<br><br>Now, it returns a 503, allowing the device/proxy to retry the call on a<br>different machine.<br><br>ASTERISK-28718<br><br>Change-Id: I968dcf6c1e30ecddcce397dcda36db727c83ca90<br>---<br>M channels/chan_sip.c<br>1 file changed, 53 insertions(+), 11 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/78/13678/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/channels/chan_sip.c b/channels/chan_sip.c</span><br><span>index 717e62d..000e66d 100644</span><br><span>--- a/channels/chan_sip.c</span><br><span>+++ b/channels/chan_sip.c</span><br><span>@@ -19625,6 +19625,54 @@</span><br><span> return check_user_full(p, req, sipmethod, uri, reliable, addr, NULL);</span><br><span> }</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+static void send_check_user_failure_response(struct sip_pvt *p, struct sip_request *req, int res, int reliable)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ const char *response;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ switch (res) {</span><br><span style="color: hsl(120, 100%, 40%);">+ case AUTH_SECRET_FAILED:</span><br><span style="color: hsl(120, 100%, 40%);">+ case AUTH_USERNAME_MISMATCH:</span><br><span style="color: hsl(120, 100%, 40%);">+ case AUTH_NOT_FOUND:</span><br><span style="color: hsl(120, 100%, 40%);">+ case AUTH_UNKNOWN_DOMAIN:</span><br><span style="color: hsl(120, 100%, 40%);">+ case AUTH_PEER_NOT_DYNAMIC:</span><br><span style="color: hsl(120, 100%, 40%);">+ case AUTH_BAD_TRANSPORT:</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_log(LOG_NOTICE, "Failed to authenticate device %s for %s, code = %d\n",</span><br><span style="color: hsl(120, 100%, 40%);">+ sip_get_header(req, "From"), sip_methods[p->method].text, res);</span><br><span style="color: hsl(120, 100%, 40%);">+ response = "403 Forbidden";</span><br><span style="color: hsl(120, 100%, 40%);">+ break;</span><br><span style="color: hsl(120, 100%, 40%);">+ case AUTH_SESSION_LIMIT:</span><br><span style="color: hsl(120, 100%, 40%);">+ /* Unexpected here, actually. As it's handled elsewhere. */</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_log(LOG_NOTICE, "Call limit reached for device %s for %s, code = %d\n",</span><br><span style="color: hsl(120, 100%, 40%);">+ sip_get_header(req, "From"), sip_methods[p->method].text, res);</span><br><span style="color: hsl(120, 100%, 40%);">+ response = "480 Temporarily Unavailable";</span><br><span style="color: hsl(120, 100%, 40%);">+ break;</span><br><span style="color: hsl(120, 100%, 40%);">+ case AUTH_RTP_FAILED:</span><br><span style="color: hsl(120, 100%, 40%);">+ /* We don't want to send a 403 in the RTP_FAILED case.</span><br><span style="color: hsl(120, 100%, 40%);">+ * The cause could be any one of:</span><br><span style="color: hsl(120, 100%, 40%);">+ * - out of memory or rtp ports</span><br><span style="color: hsl(120, 100%, 40%);">+ * - dtls/srtp requested but not loaded/invalid</span><br><span style="color: hsl(120, 100%, 40%);">+ * Neither of them warrant a 403. A 503 makes more</span><br><span style="color: hsl(120, 100%, 40%);">+ * sense, as this node is broken/overloaded. */</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_log(LOG_NOTICE, "RTP init failure for device %s for %s, code = %d\n",</span><br><span style="color: hsl(120, 100%, 40%);">+ sip_get_header(req, "From"), sip_methods[p->method].text, res);</span><br><span style="color: hsl(120, 100%, 40%);">+ response = "503 Service Unavailable";</span><br><span style="color: hsl(120, 100%, 40%);">+ break;</span><br><span style="color: hsl(120, 100%, 40%);">+ case AUTH_SUCCESSFUL:</span><br><span style="color: hsl(120, 100%, 40%);">+ case AUTH_CHALLENGE_SENT:</span><br><span style="color: hsl(120, 100%, 40%);">+ /* These should have been handled elsewhere. */</span><br><span style="color: hsl(120, 100%, 40%);">+ default:</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_log(LOG_NOTICE, "Unexpected error for device %s for %s, code = %d\n",</span><br><span style="color: hsl(120, 100%, 40%);">+ sip_get_header(req, "From"), sip_methods[p->method].text, res);</span><br><span style="color: hsl(120, 100%, 40%);">+ response = "503 Service Unavailable";</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (reliable) {</span><br><span style="color: hsl(120, 100%, 40%);">+ transmit_response_reliable(p, response, req);</span><br><span style="color: hsl(120, 100%, 40%);">+ } else {</span><br><span style="color: hsl(120, 100%, 40%);">+ transmit_response(p, response, req);</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> static int set_message_vars_from_req(struct ast_msg *msg, struct sip_request *req)</span><br><span> {</span><br><span> size_t x;</span><br><span>@@ -19741,8 +19789,7 @@</span><br><span> return;</span><br><span> }</span><br><span> if (res < 0) { /* Something failed in authentication */</span><br><span style="color: hsl(0, 100%, 40%);">- ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", sip_get_header(req, "From"));</span><br><span style="color: hsl(0, 100%, 40%);">- transmit_response(p, "403 Forbidden", req);</span><br><span style="color: hsl(120, 100%, 40%);">+ send_check_user_failure_response(p, req, res, 0);</span><br><span> sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);</span><br><span> return;</span><br><span> }</span><br><span>@@ -25857,8 +25904,7 @@</span><br><span> return 0;</span><br><span> }</span><br><span> if (res < 0) { /* Something failed in authentication */</span><br><span style="color: hsl(0, 100%, 40%);">- ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", sip_get_header(req, "From"));</span><br><span style="color: hsl(0, 100%, 40%);">- transmit_response(p, "403 Forbidden", req);</span><br><span style="color: hsl(120, 100%, 40%);">+ send_check_user_failure_response(p, req, res, 0);</span><br><span> sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);</span><br><span> return 0;</span><br><span> }</span><br><span>@@ -26651,8 +26697,7 @@</span><br><span> goto request_invite_cleanup;</span><br><span> }</span><br><span> if (res < 0) { /* Something failed in authentication */</span><br><span style="color: hsl(0, 100%, 40%);">- ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", sip_get_header(req, "From"));</span><br><span style="color: hsl(0, 100%, 40%);">- transmit_response_reliable(p, "403 Forbidden", req);</span><br><span style="color: hsl(120, 100%, 40%);">+ send_check_user_failure_response(p, req, res, 1);</span><br><span> p->invitestate = INV_COMPLETED;</span><br><span> sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);</span><br><span> goto request_invite_cleanup;</span><br><span>@@ -28375,8 +28420,7 @@</span><br><span> p->lastinvite = seqno;</span><br><span> return 0;</span><br><span> } else if (auth_result < 0) {</span><br><span style="color: hsl(0, 100%, 40%);">- ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", sip_get_header(req, "From"));</span><br><span style="color: hsl(0, 100%, 40%);">- transmit_response(p, "403 Forbidden", req);</span><br><span style="color: hsl(120, 100%, 40%);">+ send_check_user_failure_response(p, req, auth_result, 0);</span><br><span> sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);</span><br><span> ast_string_field_set(p, theirtag, NULL);</span><br><span> return 0;</span><br><span>@@ -28594,9 +28638,7 @@</span><br><span> if (res == AUTH_CHALLENGE_SENT) /* authpeer = NULL here */</span><br><span> return 0;</span><br><span> if (res != AUTH_SUCCESSFUL) {</span><br><span style="color: hsl(0, 100%, 40%);">- ast_log(LOG_NOTICE, "Failed to authenticate device %s for SUBSCRIBE\n", sip_get_header(req, "From"));</span><br><span style="color: hsl(0, 100%, 40%);">- transmit_response(p, "403 Forbidden", req);</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(120, 100%, 40%);">+ send_check_user_failure_response(p, req, res, 0);</span><br><span> pvt_set_needdestroy(p, "authentication failed");</span><br><span> return 0;</span><br><span> }</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/c/asterisk/+/13678">change 13678</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/c/asterisk/+/13678"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-Change-Id: I968dcf6c1e30ecddcce397dcda36db727c83ca90 </div>
<div style="display:none"> Gerrit-Change-Number: 13678 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Walter Doekes <walter+asterisk@wjd.nu> </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>