Bug#521641: asterisk: IAX2 Encryption: normal packet loss causes calls to terminate abrutly
Francois Marier
francois at debian.org
Sun Mar 29 05:00:42 UTC 2009
Package: asterisk
Version: 1:1.4.21.2~dfsg-3
Severity: normal
Tags: patch
As described upstream [0], IAX2 encryption is broken in the Debian version of asterisk:
If an iax channel is encrypted, and a retransmit frame is sent, that packet's iseqno
is updated while it is encrypted. This causes the entire frame to be corrupted. When
the corrupted frame is sent, the other side decrypts it and sends a VNAK back because
the decrypted frame doesn't make any sense. When we get the VNAK, we look through the
sent queue and send the same corrupted frame causing a loop. To fix this, encrypted
frames requiring retransmission are decrypted, updated, then re-encrypted. Since
key-rotation may change the key held by the pvt struct, the keys used for
encryption/decryption are held within the iax_frame to guarantee they remain correct.
This makes it practically impossible to turn IAX2 encryption in most of my calls
because the connection constantly cuts off.
I have attached a debdiff which applies the upstream patch.
I would be interested in pushing for this to get included in the next lenny release.
What do you think?
Cheers,
Francois
[0] http://bugs.digium.com/view.php?id=14607
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.28.9-grsec (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages asterisk depends on:
ii adduser 3.110 add and remove users and groups
pn asterisk-config | aste <none> (no description available)
pn asterisk-sounds-main <none> (no description available)
ii libasound2 1.0.19-1 shared library for ALSA applicatio
pn libc-client2007b <none> (no description available)
ii libc6 2.9-6 GNU C Library: Shared libraries
ii libcap2 1:2.16-4 support for getting/setting POSIX.
ii libcurl3 7.18.2-8.1 Multi-protocol file transfer libra
ii libgcc1 1:4.3.3-5 GCC support library
ii libgsm1 1.0.12-1 Shared libraries for GSM speech co
pn libiksemel3 <none> (no description available)
ii libncurses5 5.7+20090314-1 shared libraries for terminal hand
ii libnewt0.52 0.52.2-11.3 Not Erik's Windowing Toolkit - tex
ii libogg0 1.1.3-5 Ogg Bitstream Library
ii libpopt0 1.14-4 lib for parsing cmdline parameters
ii libpq5 8.3.7-1 PostgreSQL C client library
pn libpri1.0 <none> (no description available)
pn libradiusclient-ng2 <none> (no description available)
ii libsnmp15 5.4.1~dfsg-12 SNMP (Simple Network Management Pr
ii libspeex1 1.2~rc1-1 The Speex codec runtime library
ii libspeexdsp1 1.2~rc1-1 The Speex extended runtime library
pn libsqlite0 <none> (no description available)
ii libssl0.9.8 0.9.8g-15 SSL shared libraries
ii libstdc++6 4.3.3-5 The GNU Standard C++ Library v3
pn libtonezone1 <none> (no description available)
ii libvorbis0a 1.2.0.dfsg-4 The Vorbis General Audio Compressi
ii libvorbisenc2 1.2.0.dfsg-4 The Vorbis General Audio Compressi
pn libvpb0 <none> (no description available)
ii unixodbc 2.2.11-16 ODBC tools libraries
ii zlib1g 1:1.2.3.3.dfsg-13 compression library - runtime
asterisk recommends no packages.
Versions of packages asterisk suggests:
pn asterisk-dev <none> (no description available)
pn asterisk-doc <none> (no description available)
pn asterisk-h323 <none> (no description available)
ii ekiga 2.0.12-1+nmu1+b1 H.323 and SIP compatible VoIP clie
pn kphone <none> (no description available)
pn ohphone <none> (no description available)
ii twinkle 1:1.4.2-1 Voice over Internet Protocol (VoIP
-------------- next part --------------
A non-text attachment was scrubbed...
Name: asterisk_iax2encryption_fix.diff
Type: text/x-diff
Size: 11636 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-voip-maintainers/attachments/20090329/b8efc2b3/attachment.diff
More information about the Pkg-voip-maintainers
mailing list