<p>Joshua Colp <strong>submitted</strong> this change.</p><p><a href="https://gerrit.asterisk.org/c/asterisk/+/13760">View Change</a></p><div style="white-space:pre-wrap">Approvals:
  Sean Bright: Looks good to me, but someone else must approve
  Kevin Harwell: Looks good to me, but someone else must approve
  Joshua Colp: Looks good to me, approved; Approved for Submit

</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">chan_sip: Return 503 if we're out of RTP ports<br><br>If you're for some reason out of RTP ports, chan_sip would previously<br>responde to an INVITE with a 403, which will fail the call.<br><br>Now, it returns a 503, allowing the device/proxy to retry the call on a<br>different machine.<br><br>ASTERISK-28718<br><br>Change-Id: I968dcf6c1e30ecddcce397dcda36db727c83ca90<br>---<br>M channels/chan_sip.c<br>1 file changed, 53 insertions(+), 11 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/channels/chan_sip.c b/channels/chan_sip.c</span><br><span>index 319f775..3522cd9 100644</span><br><span>--- a/channels/chan_sip.c</span><br><span>+++ b/channels/chan_sip.c</span><br><span>@@ -19483,6 +19483,54 @@</span><br><span>    return check_user_full(p, req, sipmethod, uri, reliable, addr, NULL);</span><br><span> }</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+static void send_check_user_failure_response(struct sip_pvt *p, struct sip_request *req, int res, enum xmittype reliable)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+  const char *response;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+       switch (res) {</span><br><span style="color: hsl(120, 100%, 40%);">+        case AUTH_SECRET_FAILED:</span><br><span style="color: hsl(120, 100%, 40%);">+      case AUTH_USERNAME_MISMATCH:</span><br><span style="color: hsl(120, 100%, 40%);">+  case AUTH_NOT_FOUND:</span><br><span style="color: hsl(120, 100%, 40%);">+  case AUTH_UNKNOWN_DOMAIN:</span><br><span style="color: hsl(120, 100%, 40%);">+     case AUTH_PEER_NOT_DYNAMIC:</span><br><span style="color: hsl(120, 100%, 40%);">+   case AUTH_BAD_TRANSPORT:</span><br><span style="color: hsl(120, 100%, 40%);">+              ast_log(LOG_NOTICE, "Failed to authenticate device %s for %s, code = %d\n",</span><br><span style="color: hsl(120, 100%, 40%);">+                 sip_get_header(req, "From"), sip_methods[p->method].text, res);</span><br><span style="color: hsl(120, 100%, 40%);">+          response = "403 Forbidden";</span><br><span style="color: hsl(120, 100%, 40%);">+         break;</span><br><span style="color: hsl(120, 100%, 40%);">+        case AUTH_SESSION_LIMIT:</span><br><span style="color: hsl(120, 100%, 40%);">+              /* Unexpected here, actually. As it's handled elsewhere. */</span><br><span style="color: hsl(120, 100%, 40%);">+               ast_log(LOG_NOTICE, "Call limit reached for device %s for %s, code = %d\n",</span><br><span style="color: hsl(120, 100%, 40%);">+                 sip_get_header(req, "From"), sip_methods[p->method].text, res);</span><br><span style="color: hsl(120, 100%, 40%);">+          response = "480 Temporarily Unavailable";</span><br><span style="color: hsl(120, 100%, 40%);">+           break;</span><br><span style="color: hsl(120, 100%, 40%);">+        case AUTH_RTP_FAILED:</span><br><span style="color: hsl(120, 100%, 40%);">+         /* We don't want to send a 403 in the RTP_FAILED case.</span><br><span style="color: hsl(120, 100%, 40%);">+             * The cause could be any one of:</span><br><span style="color: hsl(120, 100%, 40%);">+              * - out of memory or rtp ports</span><br><span style="color: hsl(120, 100%, 40%);">+                * - dtls/srtp requested but not loaded/invalid</span><br><span style="color: hsl(120, 100%, 40%);">+                * Neither of them warrant a 403. A 503 makes more</span><br><span style="color: hsl(120, 100%, 40%);">+             * sense, as this node is broken/overloaded. */</span><br><span style="color: hsl(120, 100%, 40%);">+               ast_log(LOG_NOTICE, "RTP init failure for device %s for %s, code = %d\n",</span><br><span style="color: hsl(120, 100%, 40%);">+                   sip_get_header(req, "From"), sip_methods[p->method].text, res);</span><br><span style="color: hsl(120, 100%, 40%);">+          response = "503 Service Unavailable";</span><br><span style="color: hsl(120, 100%, 40%);">+               break;</span><br><span style="color: hsl(120, 100%, 40%);">+        case AUTH_SUCCESSFUL:</span><br><span style="color: hsl(120, 100%, 40%);">+ case AUTH_CHALLENGE_SENT:</span><br><span style="color: hsl(120, 100%, 40%);">+             /* These should have been handled elsewhere. */</span><br><span style="color: hsl(120, 100%, 40%);">+       default:</span><br><span style="color: hsl(120, 100%, 40%);">+              ast_log(LOG_NOTICE, "Unexpected error for device %s for %s, code = %d\n",</span><br><span style="color: hsl(120, 100%, 40%);">+                   sip_get_header(req, "From"), sip_methods[p->method].text, res);</span><br><span style="color: hsl(120, 100%, 40%);">+          response = "503 Service Unavailable";</span><br><span style="color: hsl(120, 100%, 40%);">+       }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+   if (reliable == XMIT_RELIABLE) {</span><br><span style="color: hsl(120, 100%, 40%);">+              transmit_response_reliable(p, response, req);</span><br><span style="color: hsl(120, 100%, 40%);">+ } else if (reliable == XMIT_UNRELIABLE) {</span><br><span style="color: hsl(120, 100%, 40%);">+             transmit_response(p, response, req);</span><br><span style="color: hsl(120, 100%, 40%);">+  }</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> static int set_message_vars_from_req(struct ast_msg *msg, struct sip_request *req)</span><br><span> {</span><br><span>    size_t x;</span><br><span>@@ -19599,8 +19647,7 @@</span><br><span>                  return;</span><br><span>              }</span><br><span>            if (res < 0) { /* Something failed in authentication */</span><br><span style="color: hsl(0, 100%, 40%);">-                      ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", sip_get_header(req, "From"));</span><br><span style="color: hsl(0, 100%, 40%);">-                     transmit_response(p, "403 Forbidden", req);</span><br><span style="color: hsl(120, 100%, 40%);">+                 send_check_user_failure_response(p, req, res, XMIT_UNRELIABLE);</span><br><span>                      sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);</span><br><span>                  return;</span><br><span>              }</span><br><span>@@ -25638,8 +25685,7 @@</span><br><span>                  return 0;</span><br><span>            }</span><br><span>            if (res < 0) { /* Something failed in authentication */</span><br><span style="color: hsl(0, 100%, 40%);">-                      ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", sip_get_header(req, "From"));</span><br><span style="color: hsl(0, 100%, 40%);">-                     transmit_response(p, "403 Forbidden", req);</span><br><span style="color: hsl(120, 100%, 40%);">+                 send_check_user_failure_response(p, req, res, XMIT_UNRELIABLE);</span><br><span>                      sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);</span><br><span>                  return 0;</span><br><span>            }</span><br><span>@@ -26432,8 +26478,7 @@</span><br><span>                  goto request_invite_cleanup;</span><br><span>                 }</span><br><span>            if (res < 0) { /* Something failed in authentication */</span><br><span style="color: hsl(0, 100%, 40%);">-                      ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", sip_get_header(req, "From"));</span><br><span style="color: hsl(0, 100%, 40%);">-                     transmit_response_reliable(p, "403 Forbidden", req);</span><br><span style="color: hsl(120, 100%, 40%);">+                        send_check_user_failure_response(p, req, res, XMIT_RELIABLE);</span><br><span>                        p->invitestate = INV_COMPLETED;</span><br><span>                   sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);</span><br><span>                  goto request_invite_cleanup;</span><br><span>@@ -28153,8 +28198,7 @@</span><br><span>               p->lastinvite = seqno;</span><br><span>            return 0;</span><br><span>    } else if (auth_result < 0) {</span><br><span style="color: hsl(0, 100%, 40%);">-                ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", sip_get_header(req, "From"));</span><br><span style="color: hsl(0, 100%, 40%);">-             transmit_response(p, "403 Forbidden", req);</span><br><span style="color: hsl(120, 100%, 40%);">+         send_check_user_failure_response(p, req, auth_result, XMIT_UNRELIABLE);</span><br><span>              sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);</span><br><span>          ast_string_field_set(p, theirtag, NULL);</span><br><span>             return 0;</span><br><span>@@ -28376,9 +28420,7 @@</span><br><span>          if (res == AUTH_CHALLENGE_SENT) /* authpeer = NULL here */</span><br><span>                   return 0;</span><br><span>            if (res != AUTH_SUCCESSFUL) {</span><br><span style="color: hsl(0, 100%, 40%);">-                   ast_log(LOG_NOTICE, "Failed to authenticate device %s for SUBSCRIBE\n", sip_get_header(req, "From"));</span><br><span style="color: hsl(0, 100%, 40%);">-                       transmit_response(p, "403 Forbidden", req);</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(120, 100%, 40%);">+                 send_check_user_failure_response(p, req, res, XMIT_UNRELIABLE);</span><br><span>                      pvt_set_needdestroy(p, "authentication failed");</span><br><span>                   return 0;</span><br><span>            }</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/c/asterisk/+/13760">change 13760</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/c/asterisk/+/13760"/><meta itemprop="name" content="View Change"/></div></div>

<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: 13 </div>
<div style="display:none"> Gerrit-Change-Id: I968dcf6c1e30ecddcce397dcda36db727c83ca90 </div>
<div style="display:none"> Gerrit-Change-Number: 13760 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Sean Bright <sean.bright@gmail.com> </div>
<div style="display:none"> Gerrit-Reviewer: Friendly Automation </div>
<div style="display:none"> Gerrit-Reviewer: Joshua Colp <jcolp@sangoma.com> </div>
<div style="display:none"> Gerrit-Reviewer: Kevin Harwell <kharwell@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Sean Bright <sean.bright@gmail.com> </div>
<div style="display:none"> Gerrit-Reviewer: Walter Doekes <walter+asterisk@wjd.nu> </div>
<div style="display:none"> Gerrit-MessageType: merged </div>