[svn-commits] russell: tag 1.4.19.2 r115632 - in /tags/1.4.19.2: .version ChangeLog

SVN commits to the Digium repositories svn-commits at lists.digium.com
Mon May 12 10:03:35 CDT 2008


Author: russell
Date: Mon May 12 10:03:35 2008
New Revision: 115632

URL: http://svn.digium.com/view/asterisk?view=rev&rev=115632
Log:
update .version and ChangeLog

Modified:
    tags/1.4.19.2/.version
    tags/1.4.19.2/ChangeLog

Modified: tags/1.4.19.2/.version
URL: http://svn.digium.com/view/asterisk/tags/1.4.19.2/.version?view=diff&rev=115632&r1=115631&r2=115632
==============================================================================
--- tags/1.4.19.2/.version (original)
+++ tags/1.4.19.2/.version Mon May 12 10:03:35 2008
@@ -1,1 +1,1 @@
-1.4.19.1
+1.4.19.2

Modified: tags/1.4.19.2/ChangeLog
URL: http://svn.digium.com/view/asterisk/tags/1.4.19.2/ChangeLog?view=diff&rev=115632&r1=115631&r2=115632
==============================================================================
--- tags/1.4.19.2/ChangeLog (original)
+++ tags/1.4.19.2/ChangeLog Mon May 12 10:03:35 2008
@@ -1,3 +1,69 @@
+2008-05-12  Russell Bryant <russell at digium.com>
+
+	* Asterisk 1.4.19.2 released.
+
+2008-05-08 19:19 +0000 [r115545-115568]  Russell Bryant <russell at digium.com>
+
+	* /, channels/chan_iax2.c: Merged revisions 115564 via svnmerge
+	  from https://origsvn.digium.com/svn/asterisk/branches/1.2
+	  ........ r115564 | russell | 2008-05-08 14:14:04 -0500 (Thu, 08
+	  May 2008) | 25 lines Fix a race condition that bbryant just found
+	  while doing some IAX2 testing. He was running Asterisk trunk
+	  running IAX2 calls through a few Asterisk boxes, however, the
+	  audio was extremely choppy. We looked at a packet trace and saw a
+	  storm of INVAL and VNAK frames being sent from one box to
+	  another. It turned out that what had happened was that one box
+	  tried to send a CONTROL frame before the 3 way handshake had
+	  completed. So, that frame did not include the destination call
+	  number, because it didn't have it yet. Part of our recent work
+	  for security issues included an additional check to ensure that
+	  frames that are supposed to include the destination call number
+	  have the correct one. This caused the frame to be rejected with
+	  an INVAL. The frame would get retransmitted for forever, rejected
+	  every time ... This race condition exists in all versions that
+	  got the security changes, in theory. However, it is really only
+	  likely that this would cause a problem in Asterisk trunk. There
+	  was a control frame being sent (SRCUPDATE) at the _very_
+	  beginning of the call, which does not exist in 1.2 or 1.4.
+	  However, I am fixing all versions that could potentially be
+	  affected by the introduced race condition. These changes are what
+	  bbryant and I came up with to fix the issue. Instead of simply
+	  dropping control frames that get sent before the handshake is
+	  complete, the code attempts to wait a little while, since in most
+	  cases, the handshake will complete very quickly. If it doesn't
+	  complete after yielding for a little while, then the frame gets
+	  dropped. ........
+
+2008-04-30 16:30 +0000 [r114891]  Russell Bryant <russell at digium.com>
+
+	* channels/chan_iax2.c:
+	  Merge changes from team/russell/iax2_find_callno and
+	  iax2_find_callno_1.4 These changes address a critical performance
+	  issue introduced in the latest release. The fix for the latest
+	  security issue included a change that made Asterisk randomly
+	  choose call numbers to make them more difficult to guess by
+	  attackers. However, due to some inefficient (this is by far, an
+	  understatement) code, when Asterisk chose high call numbers,
+	  chan_iax2 became unusable after just a small number of calls. On
+	  a small embedded platform, it would not be able to handle a
+	  single call. On my Intel Core 2 Duo @ 2.33 GHz, I couldn't run
+	  more than about 16 IAX2 channels. Ouch. These changes address
+	  some performance issues of the find_callno() function that have
+	  bothered me for a very long time. On every incoming media frame,
+	  it iterated through every possible call number trying to find a
+	  matching active call. This involved a mutex lock and unlock for
+	  each call number checked. So, if the random call number chosen
+	  was 20000, then every media frame would cause 20000 locks and
+	  unlocks. Previously, this problem was not as obvious since
+	  Asterisk always chose the lowest call number it could. A second
+	  container for IAX2 pvt structs has been added. It is an astobj2
+	  hash table. When we know the remote side's call number, the pvt
+	  goes into the hash table with a hash value of the remote side's
+	  call number. Then, lookups for incoming media frames are a very
+	  fast hash lookup instead of an absolutely insane array traversal.
+	  In a quick test, I was able to get more than 3600% more IAX2
+	  channels on my machine with these changes.
+
 2008-04-22  Russell Bryant <russell at digium.com>
 
 	* Asterisk 1.4.19.1 released.




More information about the svn-commits mailing list