diff options
author | Jenkins2 <jenkins2@gerrit.asterisk.org> | 2017-09-21 11:57:46 -0500 |
---|---|---|
committer | Gerrit Code Review <gerrit2@gerrit.digium.api> | 2017-09-21 11:57:46 -0500 |
commit | 040487b90eb1830deb571e9b5ee6b1230071ff45 (patch) | |
tree | c48f34d953d2a058563ee363812340cec9e58956 | |
parent | 8ee7ed020f184b0d93c3fc5c6088d721979990ea (diff) | |
parent | 73da3df7b6d0037c825c676f6404749ffbaa4d82 (diff) |
Merge "res_srtp: lower log level of auth failures" into 14
-rw-r--r-- | res/res_srtp.c | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/res/res_srtp.c b/res/res_srtp.c index a77a90b47..4fa3c1120 100644 --- a/res/res_srtp.c +++ b/res/res_srtp.c @@ -448,11 +448,25 @@ tryagain: } if (res != err_status_ok && res != err_status_replay_fail ) { - if ((srtp->warned >= 10) && !((srtp->warned - 10) % 100)) { - ast_log(AST_LOG_WARNING, "SRTP unprotect failed with: %s %d\n", srtp_errstr(res), srtp->warned); - srtp->warned = 11; + /* + * Authentication failures happen when an active attacker tries to + * insert malicious RTP packets. Furthermore, authentication failures + * happen, when the other party encrypts the sRTP data in an unexpected + * way. This happens quite often with RTCP. Therefore, when you see + * authentication failures, try to identify the implementation + * (author and product name) used by your other party. Try to investigate + * whether they use a custom library or an outdated version of libSRTP. + */ + if (rtcp) { + ast_verb(2, "SRTCP unprotect failed because of %s\n", srtp_errstr(res)); } else { - srtp->warned++; + if ((srtp->warned >= 10) && !((srtp->warned - 10) % 150)) { + ast_verb(2, "SRTP unprotect failed because of %s %d\n", + srtp_errstr(res), srtp->warned); + srtp->warned = 11; + } else { + srtp->warned++; + } } errno = EAGAIN; return -1; |