[asterisk-users] IAX2 and INVAL packets

Tilghman Lesher tlesher at digium.com
Thu Nov 18 16:38:36 CST 2010 

On Thursday 18 November 2010 14:01:49 Sebastian wrote:
> Is anybody here familiar with the meaning of INVAL packets for IAX2?
> 
> Every few days I get a dropped outgoing call in the middle of the
> conversation (the outgoing call has been connected for few minutes) when
> an incoming call comes in. The log reads the following when this
> happens:
> 
> 
> 
> [Nov 17 15:25:04] DEBUG[5138] chan_iax2.c: Immediately destroying 2963,
> having received INVAL
> [Nov 17 15:25:04] DEBUG[5138] chan_iax2.c: Destroying call 2963
> [Nov 17 15:25:04] DEBUG[11242] chan_iax2.c: We're hanging up
> IAX2/ihs_trunk_out-2963 now...
> [Nov 17 15:25:04] VERBOSE[11242] chan_iax2.c:     -- Hungup
> 'IAX2/ihs_trunk_out-2963'
> 
> 
> 
> And more setup details, for those who still have the will to live :-)
> 
> Asterisk version: 1.6.2.13
> Internal externsions: everything on SIP - 3 Grandstream GXP-2000, 2
> analog phones on a pci OpenVox card and 2 Linphone softphones
> Trunks: IAX2
> Trunks provider: Gradwell
> Asterisk machine: 800Mhz Intel Pentium, 512MB of RAM
> Internet connection: Tiscali business ADSL
> 
> I am happy to post here any config files and logs you might think would
> be relevant.
> 
> This is not consistent - and I've managed to have 4 concurrent calls
> which held 30 minutes (before I hung them up) when I tried. So not easy
> to replicate.

An INVAL response basically means that the remote Asterisk box received
a packet for a call that it did not think existed.  So likely, something
else caused the call to hangup (such as an unrelated error crashing a
process, and the replacement process had no record of such a call, so it
sent an INVAL response to any subsequent packet).

Technically, this could also be done as a MITM attack.  If something were
to see even a single packet related to the call, it is able to fake an
INVAL packet.  BTW, this is not unique to IAX2; a MITM attack can also fake
a SIP CANCEL.

-- 
Tilghman Lesher
Digium, Inc. | Senior Software Developer
twitter: Corydon76 | IRC: Corydon76-dig (Freenode)
Check us out at: www.digium.com & www.asterisk.org

More information about the asterisk-users mailing list