Unrated severityNVD Advisory· Published Apr 23, 2008· Updated Apr 23, 2026
CVE-2008-1897
CVE-2008-1897
Description
The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake. NOTE: this issue exists because of an incomplete fix for CVE-2008-1923.
Affected products
143cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.2:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.8:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk_business_edition:*:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:asterisk:asterisk_business_edition:*:*:*:*:*:*:*:*range: <=b.2.5.1
- cpe:2.3:a:asterisk:asterisk_business_edition:a:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:b.1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:b.1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:b.2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:b.2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0:beta7:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0:beta8:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:c.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:c.1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisk_business_edition:c.1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisknow:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:asterisk:asterisknow:*:*:*:*:*:*:*:*range: <=1.0.2
- cpe:2.3:a:asterisk:asterisknow:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:asterisknow:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:*:*:*:*:*:*:*:*+ 106 more
- cpe:2.3:a:asterisk:open_source:*:*:*:*:*:*:*:*range: <=1.2.27
- cpe:2.3:a:asterisk:open_source:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.0.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.0.11.1:patch:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.0.11:patch:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.0.12:patch:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.0.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.10:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.11:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.12.1:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.12:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.13:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.14:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.15:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.16:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.16:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.17:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.17:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.18:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.18:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.19:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.19:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.20:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.20:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.21:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.21.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.21.1:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.21:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.22:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.22:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.23:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.23:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.24:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.24:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.25:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.25:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.26:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.26.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.26.1:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.26.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.26.2:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.26:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.2:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.3:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.4:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.5:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.6:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.7.1:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.7:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.8:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.2.9.1:netsec:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.16.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.16.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.17:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.18:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.4.18.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:s800i:*:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:asterisk:s800i:*:*:*:*:*:*:*:*range: <=1.1.0.2
- cpe:2.3:a:asterisk:s800i:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:s800i:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:s800i:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:s800i:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:s800i:1.0.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:s800i:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:s800i:1.1.0.1:*:*:*:*:*:*:*
Patches
1060de4fbbdf3eMerged revisions 114558 via svnmerge from
1 file changed · +37 −21
channels/chan_iax2.c+37 −21 modified@@ -1383,13 +1383,13 @@ static struct iax_frame *iaxfrdup2(struct iax_frame *fr) #define NEW_ALLOW 1 #define NEW_FORCE 2 -static int match(struct sockaddr_in *sin, unsigned short callno, unsigned short dcallno, const struct chan_iax2_pvt *cur) +static int match(struct sockaddr_in *sin, unsigned short callno, unsigned short dcallno, const struct chan_iax2_pvt *cur, int full_frame) { if ((cur->addr.sin_addr.s_addr == sin->sin_addr.s_addr) && (cur->addr.sin_port == sin->sin_port)) { /* This is the main host */ - if ((cur->peercallno == callno) || - ((dcallno == cur->callno) && !cur->peercallno)) { + if ( (cur->peercallno == 0 || cur->peercallno == callno) && + (full_frame ? dcallno == cur->callno : 1) ) { /* That's us. Be sure we keep track of the peer call number */ return 1; } @@ -1491,7 +1491,7 @@ static int make_trunk(unsigned short callno, int locked) * * \note Calling this function while holding another pvt lock can cause a deadlock. */ -static int __find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int return_locked) +static int __find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int return_locked, int full_frame) { int res = 0; int x; @@ -1503,7 +1503,7 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s ast_mutex_lock(&iaxsl[x]); if (iaxs[x]) { /* Look for an exact match */ - if (match(sin, callno, dcallno, iaxs[x])) { + if (match(sin, callno, dcallno, iaxs[x], full_frame)) { res = x; } } @@ -1513,14 +1513,16 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s ast_mutex_lock(&iaxsl[x]); if (iaxs[x]) { /* Look for an exact match */ - if (match(sin, callno, dcallno, iaxs[x])) { + if (match(sin, callno, dcallno, iaxs[x], full_frame)) { res = x; } } ast_mutex_unlock(&iaxsl[x]); } } if ((res < 1) && (new >= NEW_ALLOW)) { + int start, found = 0; + /* It may seem odd that we look through the peer list for a name for * this *incoming* call. Well, it is weird. However, users don't * have an IP address/port number that we can match against. So, @@ -1529,15 +1531,29 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s * correct, but it will be changed if needed after authentication. */ if (!iax2_getpeername(*sin, host, sizeof(host))) snprintf(host, sizeof(host), "%s:%d", ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port)); + now = ast_tvnow(); - for (x=1;x<TRUNK_CALL_START;x++) { + start = 1 + (ast_random() % (TRUNK_CALL_START - 1)); + for (x = start; 1; x++) { + if (x == TRUNK_CALL_START) { + x = 0; + continue; + } + /* Find first unused call number that hasn't been used in a while */ ast_mutex_lock(&iaxsl[x]); - if (!iaxs[x] && ((now.tv_sec - lastused[x].tv_sec) > MIN_REUSE_TIME)) break; + if (!iaxs[x] && ((now.tv_sec - lastused[x].tv_sec) > MIN_REUSE_TIME)) { + found = 1; + break; + } ast_mutex_unlock(&iaxsl[x]); + + if (x == start - 1) { + break; + } } /* We've still got lock held if we found a spot */ - if (x >= TRUNK_CALL_START) { + if (x == start - 1 && !found) { ast_log(LOG_WARNING, "No more space\n"); return 0; } @@ -1575,14 +1591,14 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s return res; } -static int find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd) { +static int find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int full_frame) { - return __find_callno(callno, dcallno, sin, new, sockfd, 0); + return __find_callno(callno, dcallno, sin, new, sockfd, 0, full_frame); } -static int find_callno_locked(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd) { +static int find_callno_locked(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int full_frame) { - return __find_callno(callno, dcallno, sin, new, sockfd, 1); + return __find_callno(callno, dcallno, sin, new, sockfd, 1, full_frame); } static void iax2_frame_free(struct iax_frame *fr) @@ -7624,7 +7640,7 @@ static int socket_process_meta(int packet_len, struct ast_iax2_meta_hdr *meta, s /* Stop if we don't have enough data */ if (len > packet_len) break; - fr->callno = find_callno_locked(callno & ~IAX_FLAG_FULL, 0, sin, NEW_PREVENT, sockfd); + fr->callno = find_callno_locked(callno & ~IAX_FLAG_FULL, 0, sin, NEW_PREVENT, sockfd, 0); if (!fr->callno) continue; @@ -7807,7 +7823,7 @@ static int socket_process(struct iax2_thread *thread) } /* This is a video frame, get call number */ - fr->callno = find_callno(ntohs(vh->callno) & ~0x8000, dcallno, &sin, new, fd); + fr->callno = find_callno(ntohs(vh->callno) & ~0x8000, dcallno, &sin, new, fd, 0); minivid = 1; } else if ((meta->zeros == 0) && !(ntohs(meta->metacmd) & 0x8000)) return socket_process_meta(res, meta, &sin, fd, fr); @@ -7842,7 +7858,7 @@ static int socket_process(struct iax2_thread *thread) } if (!fr->callno) - fr->callno = find_callno(ntohs(mh->callno) & ~IAX_FLAG_FULL, dcallno, &sin, new, fd); + fr->callno = find_callno(ntohs(mh->callno) & ~IAX_FLAG_FULL, dcallno, &sin, new, fd, ntohs(mh->callno) & IAX_FLAG_FULL); if (fr->callno > 0) ast_mutex_lock(&iaxsl[fr->callno]); @@ -9424,7 +9440,7 @@ static int iax2_do_register(struct iax2_registry *reg) if (!reg->callno) { ast_debug(1, "Allocate call number\n"); - reg->callno = find_callno_locked(0, 0, ®->addr, NEW_FORCE, defaultsockfd); + reg->callno = find_callno_locked(0, 0, ®->addr, NEW_FORCE, defaultsockfd, 0); if (reg->callno < 1) { ast_log(LOG_WARNING, "Unable to create call for registration\n"); return -1; @@ -9475,7 +9491,7 @@ static int iax2_provision(struct sockaddr_in *end, int sockfd, char *dest, const memset(&ied, 0, sizeof(ied)); iax_ie_append_raw(&ied, IAX_IE_PROVISIONING, provdata.buf, provdata.pos); - callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd); + callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd, 0); if (!callno) return -1; @@ -9631,7 +9647,7 @@ static int iax2_poke_peer(struct iax2_peer *peer, int heldcall) } if (heldcall) ast_mutex_unlock(&iaxsl[heldcall]); - peer->callno = find_callno(0, 0, &peer->addr, NEW_FORCE, peer->sockfd); + peer->callno = find_callno(0, 0, &peer->addr, NEW_FORCE, peer->sockfd, 0); if (heldcall) ast_mutex_lock(&iaxsl[heldcall]); if (peer->callno < 1) { @@ -9710,7 +9726,7 @@ static struct ast_channel *iax2_request(const char *type, int format, void *data if (pds.port) sin.sin_port = htons(atoi(pds.port)); - callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd); + callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd, 0); if (callno < 1) { ast_log(LOG_WARNING, "Unable to create call\n"); *cause = AST_CAUSE_CONGESTION; @@ -11083,7 +11099,7 @@ static int cache_get_callno_locked(const char *data) ast_debug(1, "peer: %s, username: %s, password: %s, context: %s\n", pds.peer, pds.username, pds.password, pds.context); - callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd); + callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd, 0); if (callno < 1) { ast_log(LOG_WARNING, "Unable to create call\n"); return -1;
0670e43c3013Merged revisions 114558 via svnmerge from
1 file changed · +37 −21
channels/chan_iax2.c+37 −21 modified@@ -1383,13 +1383,13 @@ static struct iax_frame *iaxfrdup2(struct iax_frame *fr) #define NEW_ALLOW 1 #define NEW_FORCE 2 -static int match(struct sockaddr_in *sin, unsigned short callno, unsigned short dcallno, const struct chan_iax2_pvt *cur) +static int match(struct sockaddr_in *sin, unsigned short callno, unsigned short dcallno, const struct chan_iax2_pvt *cur, int full_frame) { if ((cur->addr.sin_addr.s_addr == sin->sin_addr.s_addr) && (cur->addr.sin_port == sin->sin_port)) { /* This is the main host */ - if ((cur->peercallno == callno) || - ((dcallno == cur->callno) && !cur->peercallno)) { + if ( (cur->peercallno == 0 || cur->peercallno == callno) && + (full_frame ? dcallno == cur->callno : 1) ) { /* That's us. Be sure we keep track of the peer call number */ return 1; } @@ -1491,7 +1491,7 @@ static int make_trunk(unsigned short callno, int locked) * * \note Calling this function while holding another pvt lock can cause a deadlock. */ -static int __find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int return_locked) +static int __find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int return_locked, int full_frame) { int res = 0; int x; @@ -1503,7 +1503,7 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s ast_mutex_lock(&iaxsl[x]); if (iaxs[x]) { /* Look for an exact match */ - if (match(sin, callno, dcallno, iaxs[x])) { + if (match(sin, callno, dcallno, iaxs[x], full_frame)) { res = x; } } @@ -1513,14 +1513,16 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s ast_mutex_lock(&iaxsl[x]); if (iaxs[x]) { /* Look for an exact match */ - if (match(sin, callno, dcallno, iaxs[x])) { + if (match(sin, callno, dcallno, iaxs[x], full_frame)) { res = x; } } ast_mutex_unlock(&iaxsl[x]); } } if ((res < 1) && (new >= NEW_ALLOW)) { + int start, found = 0; + /* It may seem odd that we look through the peer list for a name for * this *incoming* call. Well, it is weird. However, users don't * have an IP address/port number that we can match against. So, @@ -1529,15 +1531,29 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s * correct, but it will be changed if needed after authentication. */ if (!iax2_getpeername(*sin, host, sizeof(host))) snprintf(host, sizeof(host), "%s:%d", ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port)); + now = ast_tvnow(); - for (x=1;x<TRUNK_CALL_START;x++) { + start = 1 + (ast_random() % (TRUNK_CALL_START - 1)); + for (x = start; 1; x++) { + if (x == TRUNK_CALL_START) { + x = 0; + continue; + } + /* Find first unused call number that hasn't been used in a while */ ast_mutex_lock(&iaxsl[x]); - if (!iaxs[x] && ((now.tv_sec - lastused[x].tv_sec) > MIN_REUSE_TIME)) break; + if (!iaxs[x] && ((now.tv_sec - lastused[x].tv_sec) > MIN_REUSE_TIME)) { + found = 1; + break; + } ast_mutex_unlock(&iaxsl[x]); + + if (x == start - 1) { + break; + } } /* We've still got lock held if we found a spot */ - if (x >= TRUNK_CALL_START) { + if (x == start - 1 && !found) { ast_log(LOG_WARNING, "No more space\n"); return 0; } @@ -1575,14 +1591,14 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s return res; } -static int find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd) { +static int find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int full_frame) { - return __find_callno(callno, dcallno, sin, new, sockfd, 0); + return __find_callno(callno, dcallno, sin, new, sockfd, 0, full_frame); } -static int find_callno_locked(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd) { +static int find_callno_locked(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int full_frame) { - return __find_callno(callno, dcallno, sin, new, sockfd, 1); + return __find_callno(callno, dcallno, sin, new, sockfd, 1, full_frame); } static void iax2_frame_free(struct iax_frame *fr) @@ -7624,7 +7640,7 @@ static int socket_process_meta(int packet_len, struct ast_iax2_meta_hdr *meta, s /* Stop if we don't have enough data */ if (len > packet_len) break; - fr->callno = find_callno_locked(callno & ~IAX_FLAG_FULL, 0, sin, NEW_PREVENT, sockfd); + fr->callno = find_callno_locked(callno & ~IAX_FLAG_FULL, 0, sin, NEW_PREVENT, sockfd, 0); if (!fr->callno) continue; @@ -7807,7 +7823,7 @@ static int socket_process(struct iax2_thread *thread) } /* This is a video frame, get call number */ - fr->callno = find_callno(ntohs(vh->callno) & ~0x8000, dcallno, &sin, new, fd); + fr->callno = find_callno(ntohs(vh->callno) & ~0x8000, dcallno, &sin, new, fd, 0); minivid = 1; } else if ((meta->zeros == 0) && !(ntohs(meta->metacmd) & 0x8000)) return socket_process_meta(res, meta, &sin, fd, fr); @@ -7842,7 +7858,7 @@ static int socket_process(struct iax2_thread *thread) } if (!fr->callno) - fr->callno = find_callno(ntohs(mh->callno) & ~IAX_FLAG_FULL, dcallno, &sin, new, fd); + fr->callno = find_callno(ntohs(mh->callno) & ~IAX_FLAG_FULL, dcallno, &sin, new, fd, ntohs(mh->callno) & IAX_FLAG_FULL); if (fr->callno > 0) ast_mutex_lock(&iaxsl[fr->callno]); @@ -9424,7 +9440,7 @@ static int iax2_do_register(struct iax2_registry *reg) if (!reg->callno) { ast_debug(1, "Allocate call number\n"); - reg->callno = find_callno_locked(0, 0, ®->addr, NEW_FORCE, defaultsockfd); + reg->callno = find_callno_locked(0, 0, ®->addr, NEW_FORCE, defaultsockfd, 0); if (reg->callno < 1) { ast_log(LOG_WARNING, "Unable to create call for registration\n"); return -1; @@ -9475,7 +9491,7 @@ static int iax2_provision(struct sockaddr_in *end, int sockfd, char *dest, const memset(&ied, 0, sizeof(ied)); iax_ie_append_raw(&ied, IAX_IE_PROVISIONING, provdata.buf, provdata.pos); - callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd); + callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd, 0); if (!callno) return -1; @@ -9631,7 +9647,7 @@ static int iax2_poke_peer(struct iax2_peer *peer, int heldcall) } if (heldcall) ast_mutex_unlock(&iaxsl[heldcall]); - peer->callno = find_callno(0, 0, &peer->addr, NEW_FORCE, peer->sockfd); + peer->callno = find_callno(0, 0, &peer->addr, NEW_FORCE, peer->sockfd, 0); if (heldcall) ast_mutex_lock(&iaxsl[heldcall]); if (peer->callno < 1) { @@ -9710,7 +9726,7 @@ static struct ast_channel *iax2_request(const char *type, int format, void *data if (pds.port) sin.sin_port = htons(atoi(pds.port)); - callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd); + callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd, 0); if (callno < 1) { ast_log(LOG_WARNING, "Unable to create call\n"); *cause = AST_CAUSE_CONGESTION; @@ -11083,7 +11099,7 @@ static int cache_get_callno_locked(const char *data) ast_debug(1, "peer: %s, username: %s, password: %s, context: %s\n", pds.peer, pds.username, pds.password, pds.context); - callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd); + callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd, 0); if (callno < 1) { ast_log(LOG_WARNING, "Unable to create call\n"); return -1;
771b3d8749b3Merged revisions 114558 via svnmerge from
1 file changed · +37 −21
channels/chan_iax2.c+37 −21 modified@@ -1383,13 +1383,13 @@ static struct iax_frame *iaxfrdup2(struct iax_frame *fr) #define NEW_ALLOW 1 #define NEW_FORCE 2 -static int match(struct sockaddr_in *sin, unsigned short callno, unsigned short dcallno, const struct chan_iax2_pvt *cur) +static int match(struct sockaddr_in *sin, unsigned short callno, unsigned short dcallno, const struct chan_iax2_pvt *cur, int full_frame) { if ((cur->addr.sin_addr.s_addr == sin->sin_addr.s_addr) && (cur->addr.sin_port == sin->sin_port)) { /* This is the main host */ - if ((cur->peercallno == callno) || - ((dcallno == cur->callno) && !cur->peercallno)) { + if ( (cur->peercallno == 0 || cur->peercallno == callno) && + (full_frame ? dcallno == cur->callno : 1) ) { /* That's us. Be sure we keep track of the peer call number */ return 1; } @@ -1491,7 +1491,7 @@ static int make_trunk(unsigned short callno, int locked) * * \note Calling this function while holding another pvt lock can cause a deadlock. */ -static int __find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int return_locked) +static int __find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int return_locked, int full_frame) { int res = 0; int x; @@ -1503,7 +1503,7 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s ast_mutex_lock(&iaxsl[x]); if (iaxs[x]) { /* Look for an exact match */ - if (match(sin, callno, dcallno, iaxs[x])) { + if (match(sin, callno, dcallno, iaxs[x], full_frame)) { res = x; } } @@ -1513,14 +1513,16 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s ast_mutex_lock(&iaxsl[x]); if (iaxs[x]) { /* Look for an exact match */ - if (match(sin, callno, dcallno, iaxs[x])) { + if (match(sin, callno, dcallno, iaxs[x], full_frame)) { res = x; } } ast_mutex_unlock(&iaxsl[x]); } } if ((res < 1) && (new >= NEW_ALLOW)) { + int start, found = 0; + /* It may seem odd that we look through the peer list for a name for * this *incoming* call. Well, it is weird. However, users don't * have an IP address/port number that we can match against. So, @@ -1529,15 +1531,29 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s * correct, but it will be changed if needed after authentication. */ if (!iax2_getpeername(*sin, host, sizeof(host))) snprintf(host, sizeof(host), "%s:%d", ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port)); + now = ast_tvnow(); - for (x=1;x<TRUNK_CALL_START;x++) { + start = 1 + (ast_random() % (TRUNK_CALL_START - 1)); + for (x = start; 1; x++) { + if (x == TRUNK_CALL_START) { + x = 0; + continue; + } + /* Find first unused call number that hasn't been used in a while */ ast_mutex_lock(&iaxsl[x]); - if (!iaxs[x] && ((now.tv_sec - lastused[x].tv_sec) > MIN_REUSE_TIME)) break; + if (!iaxs[x] && ((now.tv_sec - lastused[x].tv_sec) > MIN_REUSE_TIME)) { + found = 1; + break; + } ast_mutex_unlock(&iaxsl[x]); + + if (x == start - 1) { + break; + } } /* We've still got lock held if we found a spot */ - if (x >= TRUNK_CALL_START) { + if (x == start - 1 && !found) { ast_log(LOG_WARNING, "No more space\n"); return 0; } @@ -1575,14 +1591,14 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s return res; } -static int find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd) { +static int find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int full_frame) { - return __find_callno(callno, dcallno, sin, new, sockfd, 0); + return __find_callno(callno, dcallno, sin, new, sockfd, 0, full_frame); } -static int find_callno_locked(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd) { +static int find_callno_locked(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int full_frame) { - return __find_callno(callno, dcallno, sin, new, sockfd, 1); + return __find_callno(callno, dcallno, sin, new, sockfd, 1, full_frame); } static void iax2_frame_free(struct iax_frame *fr) @@ -7624,7 +7640,7 @@ static int socket_process_meta(int packet_len, struct ast_iax2_meta_hdr *meta, s /* Stop if we don't have enough data */ if (len > packet_len) break; - fr->callno = find_callno_locked(callno & ~IAX_FLAG_FULL, 0, sin, NEW_PREVENT, sockfd); + fr->callno = find_callno_locked(callno & ~IAX_FLAG_FULL, 0, sin, NEW_PREVENT, sockfd, 0); if (!fr->callno) continue; @@ -7807,7 +7823,7 @@ static int socket_process(struct iax2_thread *thread) } /* This is a video frame, get call number */ - fr->callno = find_callno(ntohs(vh->callno) & ~0x8000, dcallno, &sin, new, fd); + fr->callno = find_callno(ntohs(vh->callno) & ~0x8000, dcallno, &sin, new, fd, 0); minivid = 1; } else if ((meta->zeros == 0) && !(ntohs(meta->metacmd) & 0x8000)) return socket_process_meta(res, meta, &sin, fd, fr); @@ -7842,7 +7858,7 @@ static int socket_process(struct iax2_thread *thread) } if (!fr->callno) - fr->callno = find_callno(ntohs(mh->callno) & ~IAX_FLAG_FULL, dcallno, &sin, new, fd); + fr->callno = find_callno(ntohs(mh->callno) & ~IAX_FLAG_FULL, dcallno, &sin, new, fd, ntohs(mh->callno) & IAX_FLAG_FULL); if (fr->callno > 0) ast_mutex_lock(&iaxsl[fr->callno]); @@ -9424,7 +9440,7 @@ static int iax2_do_register(struct iax2_registry *reg) if (!reg->callno) { ast_debug(1, "Allocate call number\n"); - reg->callno = find_callno_locked(0, 0, ®->addr, NEW_FORCE, defaultsockfd); + reg->callno = find_callno_locked(0, 0, ®->addr, NEW_FORCE, defaultsockfd, 0); if (reg->callno < 1) { ast_log(LOG_WARNING, "Unable to create call for registration\n"); return -1; @@ -9475,7 +9491,7 @@ static int iax2_provision(struct sockaddr_in *end, int sockfd, char *dest, const memset(&ied, 0, sizeof(ied)); iax_ie_append_raw(&ied, IAX_IE_PROVISIONING, provdata.buf, provdata.pos); - callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd); + callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd, 0); if (!callno) return -1; @@ -9631,7 +9647,7 @@ static int iax2_poke_peer(struct iax2_peer *peer, int heldcall) } if (heldcall) ast_mutex_unlock(&iaxsl[heldcall]); - peer->callno = find_callno(0, 0, &peer->addr, NEW_FORCE, peer->sockfd); + peer->callno = find_callno(0, 0, &peer->addr, NEW_FORCE, peer->sockfd, 0); if (heldcall) ast_mutex_lock(&iaxsl[heldcall]); if (peer->callno < 1) { @@ -9710,7 +9726,7 @@ static struct ast_channel *iax2_request(const char *type, int format, void *data if (pds.port) sin.sin_port = htons(atoi(pds.port)); - callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd); + callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd, 0); if (callno < 1) { ast_log(LOG_WARNING, "Unable to create call\n"); *cause = AST_CAUSE_CONGESTION; @@ -11083,7 +11099,7 @@ static int cache_get_callno_locked(const char *data) ast_debug(1, "peer: %s, username: %s, password: %s, context: %s\n", pds.peer, pds.username, pds.password, pds.context); - callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd); + callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd, 0); if (callno < 1) { ast_log(LOG_WARNING, "Unable to create call\n"); return -1;
51714a24347dMerged revisions 114558 via svnmerge from
1 file changed · +37 −21
channels/chan_iax2.c+37 −21 modified@@ -1383,13 +1383,13 @@ static struct iax_frame *iaxfrdup2(struct iax_frame *fr) #define NEW_ALLOW 1 #define NEW_FORCE 2 -static int match(struct sockaddr_in *sin, unsigned short callno, unsigned short dcallno, const struct chan_iax2_pvt *cur) +static int match(struct sockaddr_in *sin, unsigned short callno, unsigned short dcallno, const struct chan_iax2_pvt *cur, int full_frame) { if ((cur->addr.sin_addr.s_addr == sin->sin_addr.s_addr) && (cur->addr.sin_port == sin->sin_port)) { /* This is the main host */ - if ((cur->peercallno == callno) || - ((dcallno == cur->callno) && !cur->peercallno)) { + if ( (cur->peercallno == 0 || cur->peercallno == callno) && + (full_frame ? dcallno == cur->callno : 1) ) { /* That's us. Be sure we keep track of the peer call number */ return 1; } @@ -1491,7 +1491,7 @@ static int make_trunk(unsigned short callno, int locked) * * \note Calling this function while holding another pvt lock can cause a deadlock. */ -static int __find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int return_locked) +static int __find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int return_locked, int full_frame) { int res = 0; int x; @@ -1503,7 +1503,7 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s ast_mutex_lock(&iaxsl[x]); if (iaxs[x]) { /* Look for an exact match */ - if (match(sin, callno, dcallno, iaxs[x])) { + if (match(sin, callno, dcallno, iaxs[x], full_frame)) { res = x; } } @@ -1513,14 +1513,16 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s ast_mutex_lock(&iaxsl[x]); if (iaxs[x]) { /* Look for an exact match */ - if (match(sin, callno, dcallno, iaxs[x])) { + if (match(sin, callno, dcallno, iaxs[x], full_frame)) { res = x; } } ast_mutex_unlock(&iaxsl[x]); } } if ((res < 1) && (new >= NEW_ALLOW)) { + int start, found = 0; + /* It may seem odd that we look through the peer list for a name for * this *incoming* call. Well, it is weird. However, users don't * have an IP address/port number that we can match against. So, @@ -1529,15 +1531,29 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s * correct, but it will be changed if needed after authentication. */ if (!iax2_getpeername(*sin, host, sizeof(host))) snprintf(host, sizeof(host), "%s:%d", ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port)); + now = ast_tvnow(); - for (x=1;x<TRUNK_CALL_START;x++) { + start = 1 + (ast_random() % (TRUNK_CALL_START - 1)); + for (x = start; 1; x++) { + if (x == TRUNK_CALL_START) { + x = 0; + continue; + } + /* Find first unused call number that hasn't been used in a while */ ast_mutex_lock(&iaxsl[x]); - if (!iaxs[x] && ((now.tv_sec - lastused[x].tv_sec) > MIN_REUSE_TIME)) break; + if (!iaxs[x] && ((now.tv_sec - lastused[x].tv_sec) > MIN_REUSE_TIME)) { + found = 1; + break; + } ast_mutex_unlock(&iaxsl[x]); + + if (x == start - 1) { + break; + } } /* We've still got lock held if we found a spot */ - if (x >= TRUNK_CALL_START) { + if (x == start - 1 && !found) { ast_log(LOG_WARNING, "No more space\n"); return 0; } @@ -1575,14 +1591,14 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s return res; } -static int find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd) { +static int find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int full_frame) { - return __find_callno(callno, dcallno, sin, new, sockfd, 0); + return __find_callno(callno, dcallno, sin, new, sockfd, 0, full_frame); } -static int find_callno_locked(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd) { +static int find_callno_locked(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int full_frame) { - return __find_callno(callno, dcallno, sin, new, sockfd, 1); + return __find_callno(callno, dcallno, sin, new, sockfd, 1, full_frame); } static void iax2_frame_free(struct iax_frame *fr) @@ -7624,7 +7640,7 @@ static int socket_process_meta(int packet_len, struct ast_iax2_meta_hdr *meta, s /* Stop if we don't have enough data */ if (len > packet_len) break; - fr->callno = find_callno_locked(callno & ~IAX_FLAG_FULL, 0, sin, NEW_PREVENT, sockfd); + fr->callno = find_callno_locked(callno & ~IAX_FLAG_FULL, 0, sin, NEW_PREVENT, sockfd, 0); if (!fr->callno) continue; @@ -7807,7 +7823,7 @@ static int socket_process(struct iax2_thread *thread) } /* This is a video frame, get call number */ - fr->callno = find_callno(ntohs(vh->callno) & ~0x8000, dcallno, &sin, new, fd); + fr->callno = find_callno(ntohs(vh->callno) & ~0x8000, dcallno, &sin, new, fd, 0); minivid = 1; } else if ((meta->zeros == 0) && !(ntohs(meta->metacmd) & 0x8000)) return socket_process_meta(res, meta, &sin, fd, fr); @@ -7842,7 +7858,7 @@ static int socket_process(struct iax2_thread *thread) } if (!fr->callno) - fr->callno = find_callno(ntohs(mh->callno) & ~IAX_FLAG_FULL, dcallno, &sin, new, fd); + fr->callno = find_callno(ntohs(mh->callno) & ~IAX_FLAG_FULL, dcallno, &sin, new, fd, ntohs(mh->callno) & IAX_FLAG_FULL); if (fr->callno > 0) ast_mutex_lock(&iaxsl[fr->callno]); @@ -9424,7 +9440,7 @@ static int iax2_do_register(struct iax2_registry *reg) if (!reg->callno) { ast_debug(1, "Allocate call number\n"); - reg->callno = find_callno_locked(0, 0, ®->addr, NEW_FORCE, defaultsockfd); + reg->callno = find_callno_locked(0, 0, ®->addr, NEW_FORCE, defaultsockfd, 0); if (reg->callno < 1) { ast_log(LOG_WARNING, "Unable to create call for registration\n"); return -1; @@ -9475,7 +9491,7 @@ static int iax2_provision(struct sockaddr_in *end, int sockfd, char *dest, const memset(&ied, 0, sizeof(ied)); iax_ie_append_raw(&ied, IAX_IE_PROVISIONING, provdata.buf, provdata.pos); - callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd); + callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd, 0); if (!callno) return -1; @@ -9631,7 +9647,7 @@ static int iax2_poke_peer(struct iax2_peer *peer, int heldcall) } if (heldcall) ast_mutex_unlock(&iaxsl[heldcall]); - peer->callno = find_callno(0, 0, &peer->addr, NEW_FORCE, peer->sockfd); + peer->callno = find_callno(0, 0, &peer->addr, NEW_FORCE, peer->sockfd, 0); if (heldcall) ast_mutex_lock(&iaxsl[heldcall]); if (peer->callno < 1) { @@ -9710,7 +9726,7 @@ static struct ast_channel *iax2_request(const char *type, int format, void *data if (pds.port) sin.sin_port = htons(atoi(pds.port)); - callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd); + callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd, 0); if (callno < 1) { ast_log(LOG_WARNING, "Unable to create call\n"); *cause = AST_CAUSE_CONGESTION; @@ -11083,7 +11099,7 @@ static int cache_get_callno_locked(const char *data) ast_debug(1, "peer: %s, username: %s, password: %s, context: %s\n", pds.peer, pds.username, pds.password, pds.context); - callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd); + callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd, 0); if (callno < 1) { ast_log(LOG_WARNING, "Unable to create call\n"); return -1;
20ac3662f137Merged revisions 114558 via svnmerge from
1 file changed · +37 −21
channels/chan_iax2.c+37 −21 modified@@ -1383,13 +1383,13 @@ static struct iax_frame *iaxfrdup2(struct iax_frame *fr) #define NEW_ALLOW 1 #define NEW_FORCE 2 -static int match(struct sockaddr_in *sin, unsigned short callno, unsigned short dcallno, const struct chan_iax2_pvt *cur) +static int match(struct sockaddr_in *sin, unsigned short callno, unsigned short dcallno, const struct chan_iax2_pvt *cur, int full_frame) { if ((cur->addr.sin_addr.s_addr == sin->sin_addr.s_addr) && (cur->addr.sin_port == sin->sin_port)) { /* This is the main host */ - if ((cur->peercallno == callno) || - ((dcallno == cur->callno) && !cur->peercallno)) { + if ( (cur->peercallno == 0 || cur->peercallno == callno) && + (full_frame ? dcallno == cur->callno : 1) ) { /* That's us. Be sure we keep track of the peer call number */ return 1; } @@ -1491,7 +1491,7 @@ static int make_trunk(unsigned short callno, int locked) * * \note Calling this function while holding another pvt lock can cause a deadlock. */ -static int __find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int return_locked) +static int __find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int return_locked, int full_frame) { int res = 0; int x; @@ -1503,7 +1503,7 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s ast_mutex_lock(&iaxsl[x]); if (iaxs[x]) { /* Look for an exact match */ - if (match(sin, callno, dcallno, iaxs[x])) { + if (match(sin, callno, dcallno, iaxs[x], full_frame)) { res = x; } } @@ -1513,14 +1513,16 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s ast_mutex_lock(&iaxsl[x]); if (iaxs[x]) { /* Look for an exact match */ - if (match(sin, callno, dcallno, iaxs[x])) { + if (match(sin, callno, dcallno, iaxs[x], full_frame)) { res = x; } } ast_mutex_unlock(&iaxsl[x]); } } if ((res < 1) && (new >= NEW_ALLOW)) { + int start, found = 0; + /* It may seem odd that we look through the peer list for a name for * this *incoming* call. Well, it is weird. However, users don't * have an IP address/port number that we can match against. So, @@ -1529,15 +1531,29 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s * correct, but it will be changed if needed after authentication. */ if (!iax2_getpeername(*sin, host, sizeof(host))) snprintf(host, sizeof(host), "%s:%d", ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port)); + now = ast_tvnow(); - for (x=1;x<TRUNK_CALL_START;x++) { + start = 1 + (ast_random() % (TRUNK_CALL_START - 1)); + for (x = start; 1; x++) { + if (x == TRUNK_CALL_START) { + x = 0; + continue; + } + /* Find first unused call number that hasn't been used in a while */ ast_mutex_lock(&iaxsl[x]); - if (!iaxs[x] && ((now.tv_sec - lastused[x].tv_sec) > MIN_REUSE_TIME)) break; + if (!iaxs[x] && ((now.tv_sec - lastused[x].tv_sec) > MIN_REUSE_TIME)) { + found = 1; + break; + } ast_mutex_unlock(&iaxsl[x]); + + if (x == start - 1) { + break; + } } /* We've still got lock held if we found a spot */ - if (x >= TRUNK_CALL_START) { + if (x == start - 1 && !found) { ast_log(LOG_WARNING, "No more space\n"); return 0; } @@ -1575,14 +1591,14 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s return res; } -static int find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd) { +static int find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int full_frame) { - return __find_callno(callno, dcallno, sin, new, sockfd, 0); + return __find_callno(callno, dcallno, sin, new, sockfd, 0, full_frame); } -static int find_callno_locked(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd) { +static int find_callno_locked(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int full_frame) { - return __find_callno(callno, dcallno, sin, new, sockfd, 1); + return __find_callno(callno, dcallno, sin, new, sockfd, 1, full_frame); } static void iax2_frame_free(struct iax_frame *fr) @@ -7624,7 +7640,7 @@ static int socket_process_meta(int packet_len, struct ast_iax2_meta_hdr *meta, s /* Stop if we don't have enough data */ if (len > packet_len) break; - fr->callno = find_callno_locked(callno & ~IAX_FLAG_FULL, 0, sin, NEW_PREVENT, sockfd); + fr->callno = find_callno_locked(callno & ~IAX_FLAG_FULL, 0, sin, NEW_PREVENT, sockfd, 0); if (!fr->callno) continue; @@ -7807,7 +7823,7 @@ static int socket_process(struct iax2_thread *thread) } /* This is a video frame, get call number */ - fr->callno = find_callno(ntohs(vh->callno) & ~0x8000, dcallno, &sin, new, fd); + fr->callno = find_callno(ntohs(vh->callno) & ~0x8000, dcallno, &sin, new, fd, 0); minivid = 1; } else if ((meta->zeros == 0) && !(ntohs(meta->metacmd) & 0x8000)) return socket_process_meta(res, meta, &sin, fd, fr); @@ -7842,7 +7858,7 @@ static int socket_process(struct iax2_thread *thread) } if (!fr->callno) - fr->callno = find_callno(ntohs(mh->callno) & ~IAX_FLAG_FULL, dcallno, &sin, new, fd); + fr->callno = find_callno(ntohs(mh->callno) & ~IAX_FLAG_FULL, dcallno, &sin, new, fd, ntohs(mh->callno) & IAX_FLAG_FULL); if (fr->callno > 0) ast_mutex_lock(&iaxsl[fr->callno]); @@ -9424,7 +9440,7 @@ static int iax2_do_register(struct iax2_registry *reg) if (!reg->callno) { ast_debug(1, "Allocate call number\n"); - reg->callno = find_callno_locked(0, 0, ®->addr, NEW_FORCE, defaultsockfd); + reg->callno = find_callno_locked(0, 0, ®->addr, NEW_FORCE, defaultsockfd, 0); if (reg->callno < 1) { ast_log(LOG_WARNING, "Unable to create call for registration\n"); return -1; @@ -9475,7 +9491,7 @@ static int iax2_provision(struct sockaddr_in *end, int sockfd, char *dest, const memset(&ied, 0, sizeof(ied)); iax_ie_append_raw(&ied, IAX_IE_PROVISIONING, provdata.buf, provdata.pos); - callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd); + callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd, 0); if (!callno) return -1; @@ -9631,7 +9647,7 @@ static int iax2_poke_peer(struct iax2_peer *peer, int heldcall) } if (heldcall) ast_mutex_unlock(&iaxsl[heldcall]); - peer->callno = find_callno(0, 0, &peer->addr, NEW_FORCE, peer->sockfd); + peer->callno = find_callno(0, 0, &peer->addr, NEW_FORCE, peer->sockfd, 0); if (heldcall) ast_mutex_lock(&iaxsl[heldcall]); if (peer->callno < 1) { @@ -9710,7 +9726,7 @@ static struct ast_channel *iax2_request(const char *type, int format, void *data if (pds.port) sin.sin_port = htons(atoi(pds.port)); - callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd); + callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd, 0); if (callno < 1) { ast_log(LOG_WARNING, "Unable to create call\n"); *cause = AST_CAUSE_CONGESTION; @@ -11083,7 +11099,7 @@ static int cache_get_callno_locked(const char *data) ast_debug(1, "peer: %s, username: %s, password: %s, context: %s\n", pds.peer, pds.username, pds.password, pds.context); - callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd); + callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd, 0); if (callno < 1) { ast_log(LOG_WARNING, "Unable to create call\n"); return -1;
fe8b7f31db68Merged revisions 114558 via svnmerge from
1 file changed · +37 −21
channels/chan_iax2.c+37 −21 modified@@ -1383,13 +1383,13 @@ static struct iax_frame *iaxfrdup2(struct iax_frame *fr) #define NEW_ALLOW 1 #define NEW_FORCE 2 -static int match(struct sockaddr_in *sin, unsigned short callno, unsigned short dcallno, const struct chan_iax2_pvt *cur) +static int match(struct sockaddr_in *sin, unsigned short callno, unsigned short dcallno, const struct chan_iax2_pvt *cur, int full_frame) { if ((cur->addr.sin_addr.s_addr == sin->sin_addr.s_addr) && (cur->addr.sin_port == sin->sin_port)) { /* This is the main host */ - if ((cur->peercallno == callno) || - ((dcallno == cur->callno) && !cur->peercallno)) { + if ( (cur->peercallno == 0 || cur->peercallno == callno) && + (full_frame ? dcallno == cur->callno : 1) ) { /* That's us. Be sure we keep track of the peer call number */ return 1; } @@ -1491,7 +1491,7 @@ static int make_trunk(unsigned short callno, int locked) * * \note Calling this function while holding another pvt lock can cause a deadlock. */ -static int __find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int return_locked) +static int __find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int return_locked, int full_frame) { int res = 0; int x; @@ -1503,7 +1503,7 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s ast_mutex_lock(&iaxsl[x]); if (iaxs[x]) { /* Look for an exact match */ - if (match(sin, callno, dcallno, iaxs[x])) { + if (match(sin, callno, dcallno, iaxs[x], full_frame)) { res = x; } } @@ -1513,14 +1513,16 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s ast_mutex_lock(&iaxsl[x]); if (iaxs[x]) { /* Look for an exact match */ - if (match(sin, callno, dcallno, iaxs[x])) { + if (match(sin, callno, dcallno, iaxs[x], full_frame)) { res = x; } } ast_mutex_unlock(&iaxsl[x]); } } if ((res < 1) && (new >= NEW_ALLOW)) { + int start, found = 0; + /* It may seem odd that we look through the peer list for a name for * this *incoming* call. Well, it is weird. However, users don't * have an IP address/port number that we can match against. So, @@ -1529,15 +1531,29 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s * correct, but it will be changed if needed after authentication. */ if (!iax2_getpeername(*sin, host, sizeof(host))) snprintf(host, sizeof(host), "%s:%d", ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port)); + now = ast_tvnow(); - for (x=1;x<TRUNK_CALL_START;x++) { + start = 1 + (ast_random() % (TRUNK_CALL_START - 1)); + for (x = start; 1; x++) { + if (x == TRUNK_CALL_START) { + x = 0; + continue; + } + /* Find first unused call number that hasn't been used in a while */ ast_mutex_lock(&iaxsl[x]); - if (!iaxs[x] && ((now.tv_sec - lastused[x].tv_sec) > MIN_REUSE_TIME)) break; + if (!iaxs[x] && ((now.tv_sec - lastused[x].tv_sec) > MIN_REUSE_TIME)) { + found = 1; + break; + } ast_mutex_unlock(&iaxsl[x]); + + if (x == start - 1) { + break; + } } /* We've still got lock held if we found a spot */ - if (x >= TRUNK_CALL_START) { + if (x == start - 1 && !found) { ast_log(LOG_WARNING, "No more space\n"); return 0; } @@ -1575,14 +1591,14 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s return res; } -static int find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd) { +static int find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int full_frame) { - return __find_callno(callno, dcallno, sin, new, sockfd, 0); + return __find_callno(callno, dcallno, sin, new, sockfd, 0, full_frame); } -static int find_callno_locked(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd) { +static int find_callno_locked(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int full_frame) { - return __find_callno(callno, dcallno, sin, new, sockfd, 1); + return __find_callno(callno, dcallno, sin, new, sockfd, 1, full_frame); } static void iax2_frame_free(struct iax_frame *fr) @@ -7624,7 +7640,7 @@ static int socket_process_meta(int packet_len, struct ast_iax2_meta_hdr *meta, s /* Stop if we don't have enough data */ if (len > packet_len) break; - fr->callno = find_callno_locked(callno & ~IAX_FLAG_FULL, 0, sin, NEW_PREVENT, sockfd); + fr->callno = find_callno_locked(callno & ~IAX_FLAG_FULL, 0, sin, NEW_PREVENT, sockfd, 0); if (!fr->callno) continue; @@ -7807,7 +7823,7 @@ static int socket_process(struct iax2_thread *thread) } /* This is a video frame, get call number */ - fr->callno = find_callno(ntohs(vh->callno) & ~0x8000, dcallno, &sin, new, fd); + fr->callno = find_callno(ntohs(vh->callno) & ~0x8000, dcallno, &sin, new, fd, 0); minivid = 1; } else if ((meta->zeros == 0) && !(ntohs(meta->metacmd) & 0x8000)) return socket_process_meta(res, meta, &sin, fd, fr); @@ -7842,7 +7858,7 @@ static int socket_process(struct iax2_thread *thread) } if (!fr->callno) - fr->callno = find_callno(ntohs(mh->callno) & ~IAX_FLAG_FULL, dcallno, &sin, new, fd); + fr->callno = find_callno(ntohs(mh->callno) & ~IAX_FLAG_FULL, dcallno, &sin, new, fd, ntohs(mh->callno) & IAX_FLAG_FULL); if (fr->callno > 0) ast_mutex_lock(&iaxsl[fr->callno]); @@ -9424,7 +9440,7 @@ static int iax2_do_register(struct iax2_registry *reg) if (!reg->callno) { ast_debug(1, "Allocate call number\n"); - reg->callno = find_callno_locked(0, 0, ®->addr, NEW_FORCE, defaultsockfd); + reg->callno = find_callno_locked(0, 0, ®->addr, NEW_FORCE, defaultsockfd, 0); if (reg->callno < 1) { ast_log(LOG_WARNING, "Unable to create call for registration\n"); return -1; @@ -9475,7 +9491,7 @@ static int iax2_provision(struct sockaddr_in *end, int sockfd, char *dest, const memset(&ied, 0, sizeof(ied)); iax_ie_append_raw(&ied, IAX_IE_PROVISIONING, provdata.buf, provdata.pos); - callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd); + callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd, 0); if (!callno) return -1; @@ -9631,7 +9647,7 @@ static int iax2_poke_peer(struct iax2_peer *peer, int heldcall) } if (heldcall) ast_mutex_unlock(&iaxsl[heldcall]); - peer->callno = find_callno(0, 0, &peer->addr, NEW_FORCE, peer->sockfd); + peer->callno = find_callno(0, 0, &peer->addr, NEW_FORCE, peer->sockfd, 0); if (heldcall) ast_mutex_lock(&iaxsl[heldcall]); if (peer->callno < 1) { @@ -9710,7 +9726,7 @@ static struct ast_channel *iax2_request(const char *type, int format, void *data if (pds.port) sin.sin_port = htons(atoi(pds.port)); - callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd); + callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd, 0); if (callno < 1) { ast_log(LOG_WARNING, "Unable to create call\n"); *cause = AST_CAUSE_CONGESTION; @@ -11083,7 +11099,7 @@ static int cache_get_callno_locked(const char *data) ast_debug(1, "peer: %s, username: %s, password: %s, context: %s\n", pds.peer, pds.username, pds.password, pds.context); - callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd); + callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd, 0); if (callno < 1) { ast_log(LOG_WARNING, "Unable to create call\n"); return -1;
e0ef9bd22810Merged revisions 114558 via svnmerge from
1 file changed · +37 −21
channels/chan_iax2.c+37 −21 modified@@ -1383,13 +1383,13 @@ static struct iax_frame *iaxfrdup2(struct iax_frame *fr) #define NEW_ALLOW 1 #define NEW_FORCE 2 -static int match(struct sockaddr_in *sin, unsigned short callno, unsigned short dcallno, const struct chan_iax2_pvt *cur) +static int match(struct sockaddr_in *sin, unsigned short callno, unsigned short dcallno, const struct chan_iax2_pvt *cur, int full_frame) { if ((cur->addr.sin_addr.s_addr == sin->sin_addr.s_addr) && (cur->addr.sin_port == sin->sin_port)) { /* This is the main host */ - if ((cur->peercallno == callno) || - ((dcallno == cur->callno) && !cur->peercallno)) { + if ( (cur->peercallno == 0 || cur->peercallno == callno) && + (full_frame ? dcallno == cur->callno : 1) ) { /* That's us. Be sure we keep track of the peer call number */ return 1; } @@ -1491,7 +1491,7 @@ static int make_trunk(unsigned short callno, int locked) * * \note Calling this function while holding another pvt lock can cause a deadlock. */ -static int __find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int return_locked) +static int __find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int return_locked, int full_frame) { int res = 0; int x; @@ -1503,7 +1503,7 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s ast_mutex_lock(&iaxsl[x]); if (iaxs[x]) { /* Look for an exact match */ - if (match(sin, callno, dcallno, iaxs[x])) { + if (match(sin, callno, dcallno, iaxs[x], full_frame)) { res = x; } } @@ -1513,14 +1513,16 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s ast_mutex_lock(&iaxsl[x]); if (iaxs[x]) { /* Look for an exact match */ - if (match(sin, callno, dcallno, iaxs[x])) { + if (match(sin, callno, dcallno, iaxs[x], full_frame)) { res = x; } } ast_mutex_unlock(&iaxsl[x]); } } if ((res < 1) && (new >= NEW_ALLOW)) { + int start, found = 0; + /* It may seem odd that we look through the peer list for a name for * this *incoming* call. Well, it is weird. However, users don't * have an IP address/port number that we can match against. So, @@ -1529,15 +1531,29 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s * correct, but it will be changed if needed after authentication. */ if (!iax2_getpeername(*sin, host, sizeof(host))) snprintf(host, sizeof(host), "%s:%d", ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port)); + now = ast_tvnow(); - for (x=1;x<TRUNK_CALL_START;x++) { + start = 1 + (ast_random() % (TRUNK_CALL_START - 1)); + for (x = start; 1; x++) { + if (x == TRUNK_CALL_START) { + x = 0; + continue; + } + /* Find first unused call number that hasn't been used in a while */ ast_mutex_lock(&iaxsl[x]); - if (!iaxs[x] && ((now.tv_sec - lastused[x].tv_sec) > MIN_REUSE_TIME)) break; + if (!iaxs[x] && ((now.tv_sec - lastused[x].tv_sec) > MIN_REUSE_TIME)) { + found = 1; + break; + } ast_mutex_unlock(&iaxsl[x]); + + if (x == start - 1) { + break; + } } /* We've still got lock held if we found a spot */ - if (x >= TRUNK_CALL_START) { + if (x == start - 1 && !found) { ast_log(LOG_WARNING, "No more space\n"); return 0; } @@ -1575,14 +1591,14 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s return res; } -static int find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd) { +static int find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int full_frame) { - return __find_callno(callno, dcallno, sin, new, sockfd, 0); + return __find_callno(callno, dcallno, sin, new, sockfd, 0, full_frame); } -static int find_callno_locked(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd) { +static int find_callno_locked(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int full_frame) { - return __find_callno(callno, dcallno, sin, new, sockfd, 1); + return __find_callno(callno, dcallno, sin, new, sockfd, 1, full_frame); } static void iax2_frame_free(struct iax_frame *fr) @@ -7624,7 +7640,7 @@ static int socket_process_meta(int packet_len, struct ast_iax2_meta_hdr *meta, s /* Stop if we don't have enough data */ if (len > packet_len) break; - fr->callno = find_callno_locked(callno & ~IAX_FLAG_FULL, 0, sin, NEW_PREVENT, sockfd); + fr->callno = find_callno_locked(callno & ~IAX_FLAG_FULL, 0, sin, NEW_PREVENT, sockfd, 0); if (!fr->callno) continue; @@ -7807,7 +7823,7 @@ static int socket_process(struct iax2_thread *thread) } /* This is a video frame, get call number */ - fr->callno = find_callno(ntohs(vh->callno) & ~0x8000, dcallno, &sin, new, fd); + fr->callno = find_callno(ntohs(vh->callno) & ~0x8000, dcallno, &sin, new, fd, 0); minivid = 1; } else if ((meta->zeros == 0) && !(ntohs(meta->metacmd) & 0x8000)) return socket_process_meta(res, meta, &sin, fd, fr); @@ -7842,7 +7858,7 @@ static int socket_process(struct iax2_thread *thread) } if (!fr->callno) - fr->callno = find_callno(ntohs(mh->callno) & ~IAX_FLAG_FULL, dcallno, &sin, new, fd); + fr->callno = find_callno(ntohs(mh->callno) & ~IAX_FLAG_FULL, dcallno, &sin, new, fd, ntohs(mh->callno) & IAX_FLAG_FULL); if (fr->callno > 0) ast_mutex_lock(&iaxsl[fr->callno]); @@ -9424,7 +9440,7 @@ static int iax2_do_register(struct iax2_registry *reg) if (!reg->callno) { ast_debug(1, "Allocate call number\n"); - reg->callno = find_callno_locked(0, 0, ®->addr, NEW_FORCE, defaultsockfd); + reg->callno = find_callno_locked(0, 0, ®->addr, NEW_FORCE, defaultsockfd, 0); if (reg->callno < 1) { ast_log(LOG_WARNING, "Unable to create call for registration\n"); return -1; @@ -9475,7 +9491,7 @@ static int iax2_provision(struct sockaddr_in *end, int sockfd, char *dest, const memset(&ied, 0, sizeof(ied)); iax_ie_append_raw(&ied, IAX_IE_PROVISIONING, provdata.buf, provdata.pos); - callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd); + callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd, 0); if (!callno) return -1; @@ -9631,7 +9647,7 @@ static int iax2_poke_peer(struct iax2_peer *peer, int heldcall) } if (heldcall) ast_mutex_unlock(&iaxsl[heldcall]); - peer->callno = find_callno(0, 0, &peer->addr, NEW_FORCE, peer->sockfd); + peer->callno = find_callno(0, 0, &peer->addr, NEW_FORCE, peer->sockfd, 0); if (heldcall) ast_mutex_lock(&iaxsl[heldcall]); if (peer->callno < 1) { @@ -9710,7 +9726,7 @@ static struct ast_channel *iax2_request(const char *type, int format, void *data if (pds.port) sin.sin_port = htons(atoi(pds.port)); - callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd); + callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd, 0); if (callno < 1) { ast_log(LOG_WARNING, "Unable to create call\n"); *cause = AST_CAUSE_CONGESTION; @@ -11083,7 +11099,7 @@ static int cache_get_callno_locked(const char *data) ast_debug(1, "peer: %s, username: %s, password: %s, context: %s\n", pds.peer, pds.username, pds.password, pds.context); - callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd); + callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd, 0); if (callno < 1) { ast_log(LOG_WARNING, "Unable to create call\n"); return -1;
1fe14f38dd43Merged revisions 114558 via svnmerge from
1 file changed · +37 −21
channels/chan_iax2.c+37 −21 modified@@ -1383,13 +1383,13 @@ static struct iax_frame *iaxfrdup2(struct iax_frame *fr) #define NEW_ALLOW 1 #define NEW_FORCE 2 -static int match(struct sockaddr_in *sin, unsigned short callno, unsigned short dcallno, const struct chan_iax2_pvt *cur) +static int match(struct sockaddr_in *sin, unsigned short callno, unsigned short dcallno, const struct chan_iax2_pvt *cur, int full_frame) { if ((cur->addr.sin_addr.s_addr == sin->sin_addr.s_addr) && (cur->addr.sin_port == sin->sin_port)) { /* This is the main host */ - if ((cur->peercallno == callno) || - ((dcallno == cur->callno) && !cur->peercallno)) { + if ( (cur->peercallno == 0 || cur->peercallno == callno) && + (full_frame ? dcallno == cur->callno : 1) ) { /* That's us. Be sure we keep track of the peer call number */ return 1; } @@ -1491,7 +1491,7 @@ static int make_trunk(unsigned short callno, int locked) * * \note Calling this function while holding another pvt lock can cause a deadlock. */ -static int __find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int return_locked) +static int __find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int return_locked, int full_frame) { int res = 0; int x; @@ -1503,7 +1503,7 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s ast_mutex_lock(&iaxsl[x]); if (iaxs[x]) { /* Look for an exact match */ - if (match(sin, callno, dcallno, iaxs[x])) { + if (match(sin, callno, dcallno, iaxs[x], full_frame)) { res = x; } } @@ -1513,14 +1513,16 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s ast_mutex_lock(&iaxsl[x]); if (iaxs[x]) { /* Look for an exact match */ - if (match(sin, callno, dcallno, iaxs[x])) { + if (match(sin, callno, dcallno, iaxs[x], full_frame)) { res = x; } } ast_mutex_unlock(&iaxsl[x]); } } if ((res < 1) && (new >= NEW_ALLOW)) { + int start, found = 0; + /* It may seem odd that we look through the peer list for a name for * this *incoming* call. Well, it is weird. However, users don't * have an IP address/port number that we can match against. So, @@ -1529,15 +1531,29 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s * correct, but it will be changed if needed after authentication. */ if (!iax2_getpeername(*sin, host, sizeof(host))) snprintf(host, sizeof(host), "%s:%d", ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port)); + now = ast_tvnow(); - for (x=1;x<TRUNK_CALL_START;x++) { + start = 1 + (ast_random() % (TRUNK_CALL_START - 1)); + for (x = start; 1; x++) { + if (x == TRUNK_CALL_START) { + x = 0; + continue; + } + /* Find first unused call number that hasn't been used in a while */ ast_mutex_lock(&iaxsl[x]); - if (!iaxs[x] && ((now.tv_sec - lastused[x].tv_sec) > MIN_REUSE_TIME)) break; + if (!iaxs[x] && ((now.tv_sec - lastused[x].tv_sec) > MIN_REUSE_TIME)) { + found = 1; + break; + } ast_mutex_unlock(&iaxsl[x]); + + if (x == start - 1) { + break; + } } /* We've still got lock held if we found a spot */ - if (x >= TRUNK_CALL_START) { + if (x == start - 1 && !found) { ast_log(LOG_WARNING, "No more space\n"); return 0; } @@ -1575,14 +1591,14 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s return res; } -static int find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd) { +static int find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int full_frame) { - return __find_callno(callno, dcallno, sin, new, sockfd, 0); + return __find_callno(callno, dcallno, sin, new, sockfd, 0, full_frame); } -static int find_callno_locked(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd) { +static int find_callno_locked(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int full_frame) { - return __find_callno(callno, dcallno, sin, new, sockfd, 1); + return __find_callno(callno, dcallno, sin, new, sockfd, 1, full_frame); } static void iax2_frame_free(struct iax_frame *fr) @@ -7624,7 +7640,7 @@ static int socket_process_meta(int packet_len, struct ast_iax2_meta_hdr *meta, s /* Stop if we don't have enough data */ if (len > packet_len) break; - fr->callno = find_callno_locked(callno & ~IAX_FLAG_FULL, 0, sin, NEW_PREVENT, sockfd); + fr->callno = find_callno_locked(callno & ~IAX_FLAG_FULL, 0, sin, NEW_PREVENT, sockfd, 0); if (!fr->callno) continue; @@ -7807,7 +7823,7 @@ static int socket_process(struct iax2_thread *thread) } /* This is a video frame, get call number */ - fr->callno = find_callno(ntohs(vh->callno) & ~0x8000, dcallno, &sin, new, fd); + fr->callno = find_callno(ntohs(vh->callno) & ~0x8000, dcallno, &sin, new, fd, 0); minivid = 1; } else if ((meta->zeros == 0) && !(ntohs(meta->metacmd) & 0x8000)) return socket_process_meta(res, meta, &sin, fd, fr); @@ -7842,7 +7858,7 @@ static int socket_process(struct iax2_thread *thread) } if (!fr->callno) - fr->callno = find_callno(ntohs(mh->callno) & ~IAX_FLAG_FULL, dcallno, &sin, new, fd); + fr->callno = find_callno(ntohs(mh->callno) & ~IAX_FLAG_FULL, dcallno, &sin, new, fd, ntohs(mh->callno) & IAX_FLAG_FULL); if (fr->callno > 0) ast_mutex_lock(&iaxsl[fr->callno]); @@ -9424,7 +9440,7 @@ static int iax2_do_register(struct iax2_registry *reg) if (!reg->callno) { ast_debug(1, "Allocate call number\n"); - reg->callno = find_callno_locked(0, 0, ®->addr, NEW_FORCE, defaultsockfd); + reg->callno = find_callno_locked(0, 0, ®->addr, NEW_FORCE, defaultsockfd, 0); if (reg->callno < 1) { ast_log(LOG_WARNING, "Unable to create call for registration\n"); return -1; @@ -9475,7 +9491,7 @@ static int iax2_provision(struct sockaddr_in *end, int sockfd, char *dest, const memset(&ied, 0, sizeof(ied)); iax_ie_append_raw(&ied, IAX_IE_PROVISIONING, provdata.buf, provdata.pos); - callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd); + callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd, 0); if (!callno) return -1; @@ -9631,7 +9647,7 @@ static int iax2_poke_peer(struct iax2_peer *peer, int heldcall) } if (heldcall) ast_mutex_unlock(&iaxsl[heldcall]); - peer->callno = find_callno(0, 0, &peer->addr, NEW_FORCE, peer->sockfd); + peer->callno = find_callno(0, 0, &peer->addr, NEW_FORCE, peer->sockfd, 0); if (heldcall) ast_mutex_lock(&iaxsl[heldcall]); if (peer->callno < 1) { @@ -9710,7 +9726,7 @@ static struct ast_channel *iax2_request(const char *type, int format, void *data if (pds.port) sin.sin_port = htons(atoi(pds.port)); - callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd); + callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd, 0); if (callno < 1) { ast_log(LOG_WARNING, "Unable to create call\n"); *cause = AST_CAUSE_CONGESTION; @@ -11083,7 +11099,7 @@ static int cache_get_callno_locked(const char *data) ast_debug(1, "peer: %s, username: %s, password: %s, context: %s\n", pds.peer, pds.username, pds.password, pds.context); - callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd); + callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd, 0); if (callno < 1) { ast_log(LOG_WARNING, "Unable to create call\n"); return -1;
a8b180875b03Merged revisions 114558 via svnmerge from
1 file changed · +37 −21
channels/chan_iax2.c+37 −21 modified@@ -1383,13 +1383,13 @@ static struct iax_frame *iaxfrdup2(struct iax_frame *fr) #define NEW_ALLOW 1 #define NEW_FORCE 2 -static int match(struct sockaddr_in *sin, unsigned short callno, unsigned short dcallno, const struct chan_iax2_pvt *cur) +static int match(struct sockaddr_in *sin, unsigned short callno, unsigned short dcallno, const struct chan_iax2_pvt *cur, int full_frame) { if ((cur->addr.sin_addr.s_addr == sin->sin_addr.s_addr) && (cur->addr.sin_port == sin->sin_port)) { /* This is the main host */ - if ((cur->peercallno == callno) || - ((dcallno == cur->callno) && !cur->peercallno)) { + if ( (cur->peercallno == 0 || cur->peercallno == callno) && + (full_frame ? dcallno == cur->callno : 1) ) { /* That's us. Be sure we keep track of the peer call number */ return 1; } @@ -1491,7 +1491,7 @@ static int make_trunk(unsigned short callno, int locked) * * \note Calling this function while holding another pvt lock can cause a deadlock. */ -static int __find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int return_locked) +static int __find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int return_locked, int full_frame) { int res = 0; int x; @@ -1503,7 +1503,7 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s ast_mutex_lock(&iaxsl[x]); if (iaxs[x]) { /* Look for an exact match */ - if (match(sin, callno, dcallno, iaxs[x])) { + if (match(sin, callno, dcallno, iaxs[x], full_frame)) { res = x; } } @@ -1513,14 +1513,16 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s ast_mutex_lock(&iaxsl[x]); if (iaxs[x]) { /* Look for an exact match */ - if (match(sin, callno, dcallno, iaxs[x])) { + if (match(sin, callno, dcallno, iaxs[x], full_frame)) { res = x; } } ast_mutex_unlock(&iaxsl[x]); } } if ((res < 1) && (new >= NEW_ALLOW)) { + int start, found = 0; + /* It may seem odd that we look through the peer list for a name for * this *incoming* call. Well, it is weird. However, users don't * have an IP address/port number that we can match against. So, @@ -1529,15 +1531,29 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s * correct, but it will be changed if needed after authentication. */ if (!iax2_getpeername(*sin, host, sizeof(host))) snprintf(host, sizeof(host), "%s:%d", ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port)); + now = ast_tvnow(); - for (x=1;x<TRUNK_CALL_START;x++) { + start = 1 + (ast_random() % (TRUNK_CALL_START - 1)); + for (x = start; 1; x++) { + if (x == TRUNK_CALL_START) { + x = 0; + continue; + } + /* Find first unused call number that hasn't been used in a while */ ast_mutex_lock(&iaxsl[x]); - if (!iaxs[x] && ((now.tv_sec - lastused[x].tv_sec) > MIN_REUSE_TIME)) break; + if (!iaxs[x] && ((now.tv_sec - lastused[x].tv_sec) > MIN_REUSE_TIME)) { + found = 1; + break; + } ast_mutex_unlock(&iaxsl[x]); + + if (x == start - 1) { + break; + } } /* We've still got lock held if we found a spot */ - if (x >= TRUNK_CALL_START) { + if (x == start - 1 && !found) { ast_log(LOG_WARNING, "No more space\n"); return 0; } @@ -1575,14 +1591,14 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s return res; } -static int find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd) { +static int find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int full_frame) { - return __find_callno(callno, dcallno, sin, new, sockfd, 0); + return __find_callno(callno, dcallno, sin, new, sockfd, 0, full_frame); } -static int find_callno_locked(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd) { +static int find_callno_locked(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int full_frame) { - return __find_callno(callno, dcallno, sin, new, sockfd, 1); + return __find_callno(callno, dcallno, sin, new, sockfd, 1, full_frame); } static void iax2_frame_free(struct iax_frame *fr) @@ -7624,7 +7640,7 @@ static int socket_process_meta(int packet_len, struct ast_iax2_meta_hdr *meta, s /* Stop if we don't have enough data */ if (len > packet_len) break; - fr->callno = find_callno_locked(callno & ~IAX_FLAG_FULL, 0, sin, NEW_PREVENT, sockfd); + fr->callno = find_callno_locked(callno & ~IAX_FLAG_FULL, 0, sin, NEW_PREVENT, sockfd, 0); if (!fr->callno) continue; @@ -7807,7 +7823,7 @@ static int socket_process(struct iax2_thread *thread) } /* This is a video frame, get call number */ - fr->callno = find_callno(ntohs(vh->callno) & ~0x8000, dcallno, &sin, new, fd); + fr->callno = find_callno(ntohs(vh->callno) & ~0x8000, dcallno, &sin, new, fd, 0); minivid = 1; } else if ((meta->zeros == 0) && !(ntohs(meta->metacmd) & 0x8000)) return socket_process_meta(res, meta, &sin, fd, fr); @@ -7842,7 +7858,7 @@ static int socket_process(struct iax2_thread *thread) } if (!fr->callno) - fr->callno = find_callno(ntohs(mh->callno) & ~IAX_FLAG_FULL, dcallno, &sin, new, fd); + fr->callno = find_callno(ntohs(mh->callno) & ~IAX_FLAG_FULL, dcallno, &sin, new, fd, ntohs(mh->callno) & IAX_FLAG_FULL); if (fr->callno > 0) ast_mutex_lock(&iaxsl[fr->callno]); @@ -9424,7 +9440,7 @@ static int iax2_do_register(struct iax2_registry *reg) if (!reg->callno) { ast_debug(1, "Allocate call number\n"); - reg->callno = find_callno_locked(0, 0, ®->addr, NEW_FORCE, defaultsockfd); + reg->callno = find_callno_locked(0, 0, ®->addr, NEW_FORCE, defaultsockfd, 0); if (reg->callno < 1) { ast_log(LOG_WARNING, "Unable to create call for registration\n"); return -1; @@ -9475,7 +9491,7 @@ static int iax2_provision(struct sockaddr_in *end, int sockfd, char *dest, const memset(&ied, 0, sizeof(ied)); iax_ie_append_raw(&ied, IAX_IE_PROVISIONING, provdata.buf, provdata.pos); - callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd); + callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd, 0); if (!callno) return -1; @@ -9631,7 +9647,7 @@ static int iax2_poke_peer(struct iax2_peer *peer, int heldcall) } if (heldcall) ast_mutex_unlock(&iaxsl[heldcall]); - peer->callno = find_callno(0, 0, &peer->addr, NEW_FORCE, peer->sockfd); + peer->callno = find_callno(0, 0, &peer->addr, NEW_FORCE, peer->sockfd, 0); if (heldcall) ast_mutex_lock(&iaxsl[heldcall]); if (peer->callno < 1) { @@ -9710,7 +9726,7 @@ static struct ast_channel *iax2_request(const char *type, int format, void *data if (pds.port) sin.sin_port = htons(atoi(pds.port)); - callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd); + callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd, 0); if (callno < 1) { ast_log(LOG_WARNING, "Unable to create call\n"); *cause = AST_CAUSE_CONGESTION; @@ -11083,7 +11099,7 @@ static int cache_get_callno_locked(const char *data) ast_debug(1, "peer: %s, username: %s, password: %s, context: %s\n", pds.peer, pds.username, pds.password, pds.context); - callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd); + callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd, 0); if (callno < 1) { ast_log(LOG_WARNING, "Unable to create call\n"); return -1;
10da3dab24e8When we receive a full frame that is supposed to contain our call number,
1 file changed · +38 −22
channels/chan_iax2.c+38 −22 modified@@ -1239,13 +1239,13 @@ static struct iax_frame *iaxfrdup2(struct iax_frame *fr) #define NEW_ALLOW 1 #define NEW_FORCE 2 -static int match(struct sockaddr_in *sin, unsigned short callno, unsigned short dcallno, struct chan_iax2_pvt *cur) +static int match(struct sockaddr_in *sin, unsigned short callno, unsigned short dcallno, struct chan_iax2_pvt *cur, int full_frame) { if ((cur->addr.sin_addr.s_addr == sin->sin_addr.s_addr) && (cur->addr.sin_port == sin->sin_port)) { /* This is the main host */ - if ((cur->peercallno == callno) || - ((dcallno == cur->callno) && !cur->peercallno)) { + if ( (cur->peercallno == 0 || cur->peercallno == callno) && + (full_frame ? dcallno == cur->callno : 1) ) { /* That's us. Be sure we keep track of the peer call number */ return 1; } @@ -1336,7 +1336,7 @@ static int make_trunk(unsigned short callno, int locked) /*! * \note Calling this function while holding another pvt lock can cause a deadlock. */ -static int __find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int return_locked) +static int __find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int return_locked, int full_frame) { int res = 0; int x; @@ -1349,7 +1349,7 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s ast_mutex_lock(&iaxsl[x]); if (iaxs[x]) { /* Look for an exact match */ - if (match(sin, callno, dcallno, iaxs[x])) { + if (match(sin, callno, dcallno, iaxs[x], full_frame)) { res = x; } } @@ -1359,14 +1359,16 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s ast_mutex_lock(&iaxsl[x]); if (iaxs[x]) { /* Look for an exact match */ - if (match(sin, callno, dcallno, iaxs[x])) { + if (match(sin, callno, dcallno, iaxs[x], full_frame)) { res = x; } } ast_mutex_unlock(&iaxsl[x]); } } if ((res < 1) && (new >= NEW_ALLOW)) { + int start, found = 0; + /* It may seem odd that we look through the peer list for a name for * this *incoming* call. Well, it is weird. However, users don't * have an IP address/port number that we can match against. So, @@ -1375,15 +1377,29 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s * correct, but it will be changed if needed after authentication. */ if (!iax2_getpeername(*sin, host, sizeof(host))) snprintf(host, sizeof(host), "%s:%d", ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port)); - gettimeofday(&now, NULL); - for (x=1;x<TRUNK_CALL_START;x++) { + + now = ast_tvnow(); + start = 1 + (ast_random() % (TRUNK_CALL_START - 1)); + for (x = start; 1; x++) { + if (x == TRUNK_CALL_START) { + x = 0; + continue; + } + /* Find first unused call number that hasn't been used in a while */ ast_mutex_lock(&iaxsl[x]); - if (!iaxs[x] && ((now.tv_sec - lastused[x].tv_sec) > MIN_REUSE_TIME)) break; + if (!iaxs[x] && ((now.tv_sec - lastused[x].tv_sec) > MIN_REUSE_TIME)) { + found = 1; + break; + } ast_mutex_unlock(&iaxsl[x]); + + if (x == start - 1) { + break; + } } /* We've still got lock held if we found a spot */ - if (x >= TRUNK_CALL_START) { + if (x == start - 1 && !found) { ast_log(LOG_WARNING, "No more space\n"); return 0; } @@ -1420,14 +1436,14 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s return res; } -static int find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd) { +static int find_callno(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int full_frame) { - return __find_callno(callno, dcallno, sin, new, sockfd, 0); + return __find_callno(callno, dcallno, sin, new, sockfd, 0, full_frame); } -static int find_callno_locked(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd) { +static int find_callno_locked(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int new, int sockfd, int full_frame) { - return __find_callno(callno, dcallno, sin, new, sockfd, 1); + return __find_callno(callno, dcallno, sin, new, sockfd, 1, full_frame); } static void iax2_frame_free(struct iax_frame *fr) @@ -6871,7 +6887,7 @@ static int socket_process(struct iax2_thread *thread) } /* This is a video frame, get call number */ - fr->callno = find_callno(ntohs(vh->callno) & ~0x8000, dcallno, &sin, new, fd); + fr->callno = find_callno(ntohs(vh->callno) & ~0x8000, dcallno, &sin, new, fd, 0); minivid = 1; } else if ((meta->zeros == 0) && !(ntohs(meta->metacmd) & 0x8000)) { unsigned char metatype; @@ -6929,7 +6945,7 @@ static int socket_process(struct iax2_thread *thread) /* Stop if we don't have enough data */ if (len > res) break; - fr->callno = find_callno_locked(callno & ~IAX_FLAG_FULL, 0, &sin, NEW_PREVENT, fd); + fr->callno = find_callno_locked(callno & ~IAX_FLAG_FULL, 0, &sin, NEW_PREVENT, fd, 0); if (fr->callno) { /* If it's a valid call, deliver the contents. If not, we drop it, since we don't have a scallno to use for an INVAL */ @@ -7015,7 +7031,7 @@ static int socket_process(struct iax2_thread *thread) } if (!fr->callno) - fr->callno = find_callno(ntohs(mh->callno) & ~IAX_FLAG_FULL, dcallno, &sin, new, fd); + fr->callno = find_callno(ntohs(mh->callno) & ~IAX_FLAG_FULL, dcallno, &sin, new, fd, ntohs(mh->callno) & IAX_FLAG_FULL); if (fr->callno > 0) ast_mutex_lock(&iaxsl[fr->callno]); @@ -8510,7 +8526,7 @@ static int iax2_do_register(struct iax2_registry *reg) if (!reg->callno) { if (option_debug) ast_log(LOG_DEBUG, "Allocate call number\n"); - reg->callno = find_callno_locked(0, 0, ®->addr, NEW_FORCE, defaultsockfd); + reg->callno = find_callno_locked(0, 0, ®->addr, NEW_FORCE, defaultsockfd, 0); if (reg->callno < 1) { ast_log(LOG_WARNING, "Unable to create call for registration\n"); return -1; @@ -8571,7 +8587,7 @@ static int iax2_provision(struct sockaddr_in *end, int sockfd, char *dest, const memset(&ied, 0, sizeof(ied)); iax_ie_append_raw(&ied, IAX_IE_PROVISIONING, provdata.buf, provdata.pos); - callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd); + callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd, 0); if (!callno) return -1; @@ -8712,7 +8728,7 @@ static int iax2_poke_peer(struct iax2_peer *peer, int heldcall) } if (heldcall) ast_mutex_unlock(&iaxsl[heldcall]); - peer->callno = find_callno(0, 0, &peer->addr, NEW_FORCE, peer->sockfd); + peer->callno = find_callno(0, 0, &peer->addr, NEW_FORCE, peer->sockfd, 0); if (heldcall) ast_mutex_lock(&iaxsl[heldcall]); if (peer->callno < 1) { @@ -8792,7 +8808,7 @@ static struct ast_channel *iax2_request(const char *type, int format, void *data if (pds.port) sin.sin_port = htons(atoi(pds.port)); - callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd); + callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd, 0); if (callno < 1) { ast_log(LOG_WARNING, "Unable to create call\n"); *cause = AST_CAUSE_CONGESTION; @@ -10106,7 +10122,7 @@ static int cache_get_callno_locked(const char *data) ast_log(LOG_DEBUG, "peer: %s, username: %s, password: %s, context: %s\n", pds.peer, pds.username, pds.password, pds.context); - callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd); + callno = find_callno_locked(0, 0, &sin, NEW_FORCE, cai.sockfd, 0); if (callno < 1) { ast_log(LOG_WARNING, "Unable to create call\n"); return -1;
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
27- secunia.com/advisories/29927nvdVendor Advisory
- secunia.com/advisories/30010nvdVendor Advisory
- secunia.com/advisories/30042nvdVendor Advisory
- bugs.digium.com/view.phpnvd
- downloads.digium.com/pub/security/AST-2008-006.htmlnvd
- secunia.com/advisories/34982nvd
- security.gentoo.org/glsa/glsa-200905-01.xmlnvd
- www.altsci.com/concepts/page.phpnvd
- www.debian.org/security/2008/dsa-1563nvd
- www.securityfocus.com/archive/1/491220/100/0/threadednvd
- www.securityfocus.com/bid/28901nvd
- www.securitytracker.com/idnvd
- www.vupen.com/english/advisories/2008/1324nvd
- downloads.asterisk.org/pub/security/AST-2008-006.htmlnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/41966nvd
- github.com/jcollie/asterisk/commit/60de4fbbdf3ede49f158e23a9e3b679f2e519c1envd
- github.com/jcollie/asterisk/commit/771b3d8749b34b6eea4e03a2e514380da9582f90nvd
- github.com/jcollie/asterisk/commit/a8b180875b037b8da26f6a3bcc8e5e98b8c904d2nvd
- github.com/kaoru6/asterisk/commit/1fe14f38dd43dc894d21f85762b51208ba5c8acbnvd
- github.com/lyx2014/Asterisk/commit/0670e43c30135044e25cca7f80e1833e2c128653nvd
- github.com/mojolingo/asterisk/commit/20ac3662f137dbf7f42d5295590069a7d3b1166bnvd
- github.com/pruiz/asterisk/commit/e0ef9bd22810c6969a7f222eec04798f19a7e2d6nvd
- github.com/silentindark/asterisk-1/commit/fe8b7f31db687f8b9992864b82c93d22833019c7nvd
- github.com/xrg/asterisk-xrg/commit/10da3dab24e8ca08cf2c983f8d0206e383535b5anvd
- github.com/xrg/asterisk-xrg/commit/51714a24347dc57f9a208a4a8af84115ef407b83nvd
- www.redhat.com/archives/fedora-package-announce/2008-April/msg00581.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2008-April/msg00600.htmlnvd
News mentions
0No linked articles in our index yet.