Summary: | ASTERISK-13931: IAX2 failed registration notices are spamming the CLI until /var/log/asterisk/messages file fills hard drive 100% | ||
Reporter: | David Brillert (aragon) | Labels: | |
Date Opened: | 2009-04-09 00:42:13 | Date Closed: | 2009-06-04 14:47:57 |
Priority: | Minor | Regression? | No |
Status: | Closed/Complete | Components: | Channels/chan_iax2 |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ||
Description: | The CLI is getting spammed with tonnes of this stuff in the CLI since upgrading to Asterisk 1.4.24.1 The CLI is now completely useless if a IAX2 friend is deleted and the remote keeps trying to authenticate. Eventually drive will fill and Asterisk will fail because /var/log/asterisk/messages file will consume drive very quickly. This was not an issue in 1.4.23 Getting tonnes of these messages if remote friend fails authentication [Apr 9 01:20:18] NOTICE[24061]: chan_iax2.c:5753 register_verify: Host x.x.x.x failed MD5 authentication for 'friend' (848b0a7791266fe45e26718bf5d4374f != 2ff7a17c272b51c08c2ded94a6952b96) [Apr 9 01:20:19] NOTICE[24061]: chan_iax2.c:5753 register_verify: Host x.x.x.x failed MD5 authentication for 'friend' (cc94d7df8db98552a4641d4df9a2de93 != 98d89984d389d6a9f3ae412e0b677b98) Getting tonnes of these messages if I delete the friend [Apr 9 01:22:20] NOTICE[24066]: chan_iax2.c:5686 register_verify: No registration for peer 'friend' (from x.x.x.x) [Apr 9 01:22:20] NOTICE[24062]: chan_iax2.c:5686 register_verify: No registration for peer 'friend' (from x.x.x.x) [Apr 9 01:22:20] NOTICE[24069]: chan_iax2.c:5686 register_verify: No registration for peer 'friend' (from x.x.x.x) [Apr 9 01:22:20] NOTICE[24067]: chan_iax2.c:5686 register_verify: No registration for peer 'friend' (from x.x.x.x) [Apr 9 01:22:20] NOTICE[24061]: chan_iax2.c:5686 register_verify: No registration for peer 'friend' (from x.x.x.x) | ||
Comments: | By: David Brillert (aragon) 2009-04-09 00:44:19 I should mention that I deleted the account less than two hours ago and /var/log/asterisk/messages is now over 450MB in size By: Tilghman Lesher (tilghman) 2009-04-09 00:50:10 Please set authdebug=0 in the [general] section of iax.conf. By: David Brillert (aragon) 2009-04-09 02:19:34 OK that suppressed all of the notices But now I don't get any warning that a remote IAX2 friend is trying to authenticate with an invalid password... How can I suppress the millions of notices and still some receive notice that someone is trying to register an account? this is my iax.conf general config [general] context = default-incoming-guest enabled = yes port = 4569 bindaddr = 0.0.0.0 allowfwdownload = no delayreject = 1 trunkfreq = 20 jitterbuffer = yes dropcount = 1 maxjitterbuffer = 500 minexcessbuffer = 10 maxexcessbuffer = 80 bandwidth = high tos = ef minregexpire = 60 maxregexpire = 3600 iaxthreadcount = 10 maxiaxthreadcount = 250 authdebug=0 I didn't get the spam until upgrading to 1.4.24... even with no authdebug=0 line in my iax.conf By: Tilghman Lesher (tilghman) 2009-04-09 10:09:49 It's a quick workaround to fix the MAJOR part of your issue. By: David Brillert (aragon) 2009-04-09 10:14:55 Ok, thanks Why is ticket still in feedback state? ;) By: tomsullivan (tomsullivan) 2009-04-20 03:10:08 I'm experiencing the major part of this issue, ie the excessive registration on failure. Is there a ticket which documents this? We are currently using Asterisk 1.4.24. Edit: To clarify, our Asterisk server is attempting to register an excessive number of times / sec to another Asterisk server. The username and password are known bad, but I would imagine that the registration timeout would preclude this kind of behaviour. The server registering is running: Asterisk 1.4.24 the server being registered to is running: Asterisk 1.2.31.1-BRIstuffed-0.3.0-PRE-1y-u By: David Vossel (dvossel) 2009-05-04 17:58:57 I can easily reproduce this, Asterisk is stuck in a registration loop, never properly sending the REGREJ message to terminate the registration. I should have a patch for this shortly. By: David Brillert (aragon) 2009-05-05 13:40:37 ping Any chance of the patch getting committed to 1.4.25 which I believe is to be released this week? By: David Vossel (dvossel) 2009-05-05 14:07:34 I've actually got a patch for this up for review right now. I'll commit it as soon as it gets positive feedback. I'm not sure how long that will take. Its a simple patch, but it involves some sensitive code that only a few people are familiar with. By: David Brillert (aragon) 2009-05-13 08:51:24 ping By: Digium Subversion (svnbot) 2009-05-15 17:43:22 Repository: asterisk Revision: 194873 U branches/1.4/channels/chan_iax2.c ------------------------------------------------------------------------ r194873 | dvossel | 2009-05-15 17:43:22 -0500 (Fri, 15 May 2009) | 17 lines IAX2 REGAUTH loop IAX was not sending REGREJ to terminate invalid registrations. Instead it sent another REGAUTH if the authentication challenge failed. This caused a loop of REGREQ and REGAUTH frames. (Related to Security fix AST-2009-001) (closes issue ASTERISK-13931) Reported by: aragon Tested by: dvossel (closes issue ASTERISK-13796) Reported by: mobeck Patches: regauth_loop_update_patch.diff uploaded by dvossel (license 671) Tested by: dvossel ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=194873 By: Digium Subversion (svnbot) 2009-05-15 17:44:53 Repository: asterisk Revision: 194874 _U trunk/ U trunk/channels/chan_iax2.c ------------------------------------------------------------------------ r194874 | dvossel | 2009-05-15 17:44:53 -0500 (Fri, 15 May 2009) | 23 lines Merged revisions 194873 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r194873 | dvossel | 2009-05-15 17:43:13 -0500 (Fri, 15 May 2009) | 17 lines IAX2 REGAUTH loop IAX was not sending REGREJ to terminate invalid registrations. Instead it sent another REGAUTH if the authentication challenge failed. This caused a loop of REGREQ and REGAUTH frames. (Related to Security fix AST-2009-001) (closes issue ASTERISK-13931) Reported by: aragon Tested by: dvossel (closes issue ASTERISK-13796) Reported by: mobeck Patches: regauth_loop_update_patch.diff uploaded by dvossel (license 671) Tested by: dvossel ........ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=194874 By: Digium Subversion (svnbot) 2009-05-15 17:46:00 Repository: asterisk Revision: 194875 _U branches/1.6.0/ U branches/1.6.0/channels/chan_iax2.c ------------------------------------------------------------------------ r194875 | dvossel | 2009-05-15 17:46:00 -0500 (Fri, 15 May 2009) | 30 lines Merged revisions 194874 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ................ r194874 | dvossel | 2009-05-15 17:44:44 -0500 (Fri, 15 May 2009) | 23 lines Merged revisions 194873 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r194873 | dvossel | 2009-05-15 17:43:13 -0500 (Fri, 15 May 2009) | 17 lines IAX2 REGAUTH loop IAX was not sending REGREJ to terminate invalid registrations. Instead it sent another REGAUTH if the authentication challenge failed. This caused a loop of REGREQ and REGAUTH frames. (Related to Security fix AST-2009-001) (closes issue ASTERISK-13931) Reported by: aragon Tested by: dvossel (closes issue ASTERISK-13796) Reported by: mobeck Patches: regauth_loop_update_patch.diff uploaded by dvossel (license 671) Tested by: dvossel ........ ................ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=194875 By: Digium Subversion (svnbot) 2009-05-15 17:47:03 Repository: asterisk Revision: 194876 _U branches/1.6.1/ U branches/1.6.1/channels/chan_iax2.c ------------------------------------------------------------------------ r194876 | dvossel | 2009-05-15 17:47:03 -0500 (Fri, 15 May 2009) | 30 lines Merged revisions 194874 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ................ r194874 | dvossel | 2009-05-15 17:44:44 -0500 (Fri, 15 May 2009) | 23 lines Merged revisions 194873 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r194873 | dvossel | 2009-05-15 17:43:13 -0500 (Fri, 15 May 2009) | 17 lines IAX2 REGAUTH loop IAX was not sending REGREJ to terminate invalid registrations. Instead it sent another REGAUTH if the authentication challenge failed. This caused a loop of REGREQ and REGAUTH frames. (Related to Security fix AST-2009-001) (closes issue ASTERISK-13931) Reported by: aragon Tested by: dvossel (closes issue ASTERISK-13796) Reported by: mobeck Patches: regauth_loop_update_patch.diff uploaded by dvossel (license 671) Tested by: dvossel ........ ................ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=194876 By: Digium Subversion (svnbot) 2009-05-15 17:48:21 Repository: asterisk Revision: 194877 _U branches/1.6.2/ U branches/1.6.2/channels/chan_iax2.c ------------------------------------------------------------------------ r194877 | dvossel | 2009-05-15 17:48:21 -0500 (Fri, 15 May 2009) | 30 lines Merged revisions 194874 via svnmerge from https://origsvn.digium.com/svn/asterisk/trunk ................ r194874 | dvossel | 2009-05-15 17:44:44 -0500 (Fri, 15 May 2009) | 23 lines Merged revisions 194873 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r194873 | dvossel | 2009-05-15 17:43:13 -0500 (Fri, 15 May 2009) | 17 lines IAX2 REGAUTH loop IAX was not sending REGREJ to terminate invalid registrations. Instead it sent another REGAUTH if the authentication challenge failed. This caused a loop of REGREQ and REGAUTH frames. (Related to Security fix AST-2009-001) (closes issue ASTERISK-13931) Reported by: aragon Tested by: dvossel (closes issue ASTERISK-13796) Reported by: mobeck Patches: regauth_loop_update_patch.diff uploaded by dvossel (license 671) Tested by: dvossel ........ ................ ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=194877 By: Digium Subversion (svnbot) 2009-06-04 14:37:43 Repository: asterisk Revision: 199204 U tags/1.4.25.1/channels/chan_iax2.c ------------------------------------------------------------------------ r199204 | dvossel | 2009-06-04 14:37:43 -0500 (Thu, 04 Jun 2009) | 17 lines IAX2 REGAUTH loop IAX was not sending REGREJ to terminate invalid registrations. Instead it sent another REGAUTH if the authentication challenge failed. This caused a loop of REGREQ and REGAUTH frames. (Related to Security fix AST-2009-001) (closes issue ASTERISK-13931) Reported by: aragon Tested by: dvossel (closes issue ASTERISK-13796) Reported by: mobeck Patches: regauth_loop_update_patch.diff uploaded by dvossel (license 671) Tested by: dvossel ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=199204 By: Digium Subversion (svnbot) 2009-06-04 14:39:17 Repository: asterisk Revision: 199206 U tags/1.6.0.10/channels/chan_iax2.c ------------------------------------------------------------------------ r199206 | dvossel | 2009-06-04 14:39:17 -0500 (Thu, 04 Jun 2009) | 17 lines IAX2 REGAUTH loop IAX was not sending REGREJ to terminate invalid registrations. Instead it sent another REGAUTH if the authentication challenge failed. This caused a loop of REGREQ and REGAUTH frames. (Related to Security fix AST-2009-001) (closes issue ASTERISK-13931) Reported by: aragon Tested by: dvossel (closes issue ASTERISK-13796) Reported by: mobeck Patches: regauth_loop_update_patch.diff uploaded by dvossel (license 671) Tested by: dvossel ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=199206 By: Digium Subversion (svnbot) 2009-06-04 14:47:56 Repository: asterisk Revision: 199208 U tags/1.6.1.1/channels/chan_iax2.c ------------------------------------------------------------------------ r199208 | dvossel | 2009-06-04 14:47:56 -0500 (Thu, 04 Jun 2009) | 16 lines IAX2 REGAUTH loop IAX was not sending REGREJ to terminate invalid registrations. Instead it sent another REGAUTH if the authentication challenge failed. This caused a loop of REGREQ and REGAUTH frames. (Related to Security fix AST-2009-001) (closes issue ASTERISK-13931) Reported by: aragon Tested by: dvossel (closes issue ASTERISK-13796) Reported by: mobeck Patches: regauth_loop_update_patch.diff uploaded by dvossel (license 671) Tested by: dvossel ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=199208 |