[asterisk-dev] Another IAX2 problem with the latest security fix ...
Nic Bellamy
nicb-lists at vadacom.co.nz
Wed Jun 4 16:10:56 CDT 2008
Russell Bryant wrote:
> Tim Panton wrote:
>
>> It makes no sense to have a LAGRQ packet without a call set up .
>> Arguably it makes no sense to have a PING without a call.
>>
>> For what it is worth, I think it would be better to
>> implement the initial 'hack' i.e. don't send LAGRQ or PING
>> untill the call is set up.
>> Then add an additional hack where these two don't have their
>> call numbers checked for backwards compatibility.
>>
>
> Agreed. So, we'll go with my original hack, plus your proposed hack #2 which
> will maintain backwards compatibility, without introducing any unsafe behavior.
>
Hi Russell,
just a bit of feedback on this fix, which ended up in 1.2.29 -
firstly, I've been running 1.2.29 for about 24 hours now, and haven't
had any VNAK/INVAL floods, so I think we can consider that solved.
The only oddity I've noticed is that a large proportion of the peers
with qualify=yes go LAGGED for a short period after an "iax2 reload",
with lag figures of 2000ms + nominal latency. Not exactly critical (at
least not to me), but perhaps related to the PING/LAGRQ changes.
Cheers,
Nic.
--
Nic Bellamy,
Head Of Engineering, Vadacom Ltd - http://www.vadacom.co.nz/
More information about the asterisk-dev
mailing list