Re: [Iaxclient-devel] Registration process losing REGACK packet

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi Mark,

On Tue, Apr 22, 2008 at 4:41 AM,  <mar...@op...> wrote:
> Hi,
>
>  Continuing with my investigations, I have identified an issue with
>  registrations that immediately follow a call hangup. There may also be other
>  scenarios which may cause similar problems, when the session pointer address
>  is being reused (read on for my explanation).
>
>  If a hangup is made on a call and the session is destroyed by calling the
>  destroy_session method of iax.c, frames still in the schedq associated with
>  the session being destroyed are marked as being sent by setting the retries
>  value to -1. In my case, not so long after, a registration sequence is
>  begun, which just happens to calloc the same address as the session pointer
>  used in the session for the call above (it is common to see addresses being
>  reused soon after being free'd). When the schedq is being processed in the
>  iax_get_event method of iax.c, a HANGUP frame from the previous call is
>  found, with frame->retries set to -1, frame->final set to 1 and
>  frame->session containing the same pointer address as the one we have been
>  allocated for use as the registration session. The frame processing decides
>  it's a good idea to destroy this session (again), which unfortunately
>  destroys the session being used for the registration, and we have a
>  registration failure as a result.

This sounds familiar. I think this has come up before, but I don't
remember all the details. It sounds like you have investigated it
pretty thoroughly.

>  My fix was to add a curs->frame->session = NULL; in destroy_session, for all
>  scheduled events with the same session in the queue, thus preventing the
>  session from being destroyed later on in iax_get_event of iax.c when the
>  HANGUP frame is scheduled. We know that this session is the one being
>  destroyed and is now invalid. Another possibility is to set
>  curs->frame->final = 0; but I felt that setting the session to NULL was more
>  "correct" (note to self: make sure that the rest of the code can handle
>  this). Those more experienced with the library code make like to offer
>  another solution.

Could you submit a patch with the changes you describe. I will review it.

Thanks so much for looking into this issue.

Pete