[asterisk-dev] [Code Review] IAX2 retransmit with encryption enabled fix

Tim Panton thp at westhawk.co.uk
Wed Mar 11 16:07:30 CDT 2009


I don't understand the cause of the problem.
Why does the iseq have to be updated?

I realize that _strictly_ the iseq indicates all the packets that we  
have seen to date,
but since it is only treated as an ack why would it be bad if re- 
transmit just re-sent the
original packet unaltered (except for the retransmit bit flag - which  
isn't in the encrypted
part of the packet) ?

I haven't looked at the code (yet).

Tim.

On 11 Mar 2009, at 02:59, David Vossel wrote:

>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> http://reviewboard.digium.com/r/192/
> -----------------------------------------------------------
>
> Review request for Asterisk Developers and Russell Bryant.
>
>
> Summary
> -------
>
> If an iax channel is encrypted, and a retransmit frame is sent, that  
> packet's iseqno is updated while it is encrypted.  This causes the  
> entire frame to be corrupted.  When the corrupted frame is sent, the  
> other side decrypts it and sends a VNAK back because the decrypted  
> frame doesn't make any sense.  When we get the VNAK, we look through  
> the sent queue and send the same corrupted frame causing a loop.
>
> To fix this, encrypted frames requiring retransmission are  
> decrypted, updated, then re-encrypted.  Since key-rotation may  
> change the key held by the pvt struct, the keys used for encryption/ 
> decryption are held within the iax_frame to guarantee they remain  
> correct.
>
>
> This addresses bug 0014607.
>    http://bugs.digium.com/view.php?id=0014607
>
>
> Diffs
> -----
>
>  /trunk/channels/iax2-parser.h 180714
>  /trunk/channels/chan_iax2.c 180714
>
> Diff: http://reviewboard.digium.com/r/192/diff
>
>
> Testing
> -------
>
>
> Thanks,
>
> David
>
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-dev

Tim Panton - Web/VoIP consultant and implementor
www.westhawk.co.uk



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2419 bytes
Desc: not available
Url : http://lists.digium.com/pipermail/asterisk-dev/attachments/20090311/73ef7684/attachment.bin 


More information about the asterisk-dev mailing list