diff options
author | Jenkins2 <jenkins2@gerrit.asterisk.org> | 2017-09-21 12:07:57 -0500 |
---|---|---|
committer | Gerrit Code Review <gerrit2@gerrit.digium.api> | 2017-09-21 12:07:57 -0500 |
commit | 5ff46578aa20921cf3649809a9be9b7231acc507 (patch) | |
tree | 92d7c7044414fd60fcc71dff0d87519a41bdded4 /res | |
parent | b9da3d643c5025413496b78634badc307e936686 (diff) | |
parent | 1e4c1cec7fcaf1730c8176e44aaf51fdccdb70da (diff) |
Merge "res_srtp: lower log level of auth failures"
Diffstat (limited to 'res')
-rw-r--r-- | res/res_srtp.c | 23 |
1 files changed, 19 insertions, 4 deletions
diff --git a/res/res_srtp.c b/res/res_srtp.c index caedfb6c8..295c332e2 100644 --- a/res/res_srtp.c +++ b/res/res_srtp.c @@ -446,11 +446,26 @@ tryagain: } if (res != err_status_ok && res != err_status_replay_fail ) { - if ((srtp->warned >= 10) && !((srtp->warned - 10) % 100)) { - ast_log(AST_LOG_WARNING, "SRTP unprotect failed with: %s %d\n", srtp_errstr(res), srtp->warned); - srtp->warned = 11; + /* + * Authentication failures happen when an active attacker tries to + * insert malicious RTP packets. Furthermore, authentication failures + * happen, when the other party encrypts the sRTP data in an unexpected + * way. This happens quite often with RTCP. Therefore, when you see + * authentication failures, try to identify the implementation + * (author and product name) used by your other party. Try to investigate + * whether they use a custom library or an outdated version of libSRTP. + */ + if (rtcp) { + ast_verb(2, "SRTCP unprotect failed on SSRC %u because of %s\n", + ast_rtp_instance_get_ssrc(srtp->rtp), srtp_errstr(res)); } else { - srtp->warned++; + if ((srtp->warned >= 10) && !((srtp->warned - 10) % 150)) { + ast_verb(2, "SRTP unprotect failed on SSRC %u because of %s %d\n", + ast_rtp_instance_get_ssrc(srtp->rtp), srtp_errstr(res), srtp->warned); + srtp->warned = 11; + } else { + srtp->warned++; + } } errno = EAGAIN; return -1; |