<div dir="ltr"><div><span style="font-size:small;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">There is already a mechanism to roll over the value well below the int32 max so its safe logically but maybe not type wise.</span><br></div>%u is definitely better. We'll get that in there.  Its a non-issue since the logic in check_presence_epoch() should stay well below.</div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Aug 7, 2018 at 2:23 PM, Royce Mitchell III <span dir="ltr"><<a href="mailto:royce3@gmail.com" target="_blank">royce3@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:courier new,monospace">I finally got a chance to look at his packet captures, and it turns out the other device is the one actually generating invalid CSeq values. FreeSWITCH is appropriately rejecting the packets.</div><div class="gmail_default" style="font-family:courier new,monospace"><br></div><div class="gmail_default" style="font-family:courier new,monospace">However, I'm concerned that FreeSWITCH *could* generate invalid CSeq values based on what I found and the %d formats are definitely wrong.</div><div class="gmail_default" style="font-family:courier new,monospace"><br></div><div class="gmail_default" style="font-family:courier new,monospace"><br></div></div><div class="gmail_extra"><span class=""><br clear="all"><div><div class="m_9002575031724517042gmail_signature" data-smartmail="gmail_signature"><div><span style="font-family:arial;font-size:small"><br></span></div><div><span style="font-family:arial;font-size:small"><br></span></div><span style="font-family:arial;font-size:small">Royce Mitchell, </span>IT Consultant<div style="font-family:arial;font-size:small">ITAS Solutions</div><div style="font-family:arial;font-size:small"><a href="mailto:royce3@itas-solutions.com" target="_blank">royce3@itas-solutions.com</a></div></div></div>
<br></span><div><div class="h5"><div class="gmail_quote">On Tue, Aug 7, 2018 at 10:04 AM, Anthony Minessale <span dir="ltr"><<a href="mailto:anthony.minessale@gmail.com" target="_blank">anthony.minessale@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">It seems like getting a negative value is only possible if it rolled over but its designed to reset well before the 32 bit signed mark.  Is this somehow triggered by time changes on the box?<div>There is more nuance than just forcing the bit because many phones have crazy ideas about cseq having to be incremental.  I think it would be better to roll the offset back down to 0 if some error is detected so it will only impact phones once.  Many phones break until you reset the whole registration if they are unhappy with the cseq.  The reason for all the complexity in the first place is that the cseq must be continual with time even when FS is off, because you can reboot FS and keep the existing phone registration in tact including subscriptions to presence.  But if the CSEQ starts over many phones freak out and stop working.</div><div><br></div><div><br></div><div> </div></div><div class="gmail_extra"><div><div class="m_9002575031724517042h5"><br><div class="gmail_quote">On Tue, Aug 7, 2018 at 1:57 AM, Ken Rice <span dir="ltr"><<a href="mailto:krice@freeswitch.org" target="_blank">krice@freeswitch.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto">open i a jira so it can get tracked. also check jira to see if its already been reported/fixed<br><br><div id="m_9002575031724517042m_5455570861117962651m_-699201633951285022AppleMailSignature">Sent from my iPhone</div><div><div class="m_9002575031724517042m_5455570861117962651h5"><div><br>On Aug 7, 2018, at 00:28, Royce Mitchell III <<a href="mailto:royce3@gmail.com" target="_blank">royce3@gmail.com</a>> wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr"><div class="gmail_default">

<div class="gmail_default" style="font-family:"courier new",monospace">I would be happy to open a ticket for this, but given that I'm a newb when it comes to the source, I'd like some confirmation of what I've found before I do.</div><div class="gmail_default" style="font-family:"courier new",monospace"><br></div><div class="gmail_default" style="font-family:"courier new",monospace">According to RFC3261 8.1.1.5 "The sequence number value MUST be expressible as a 32-bit unsigned integer and MUST be less than 2**31"</div><div class="gmail_default" style="font-family:"courier new",monospace"><br></div><div class="gmail_default" style="font-family:"courier new",monospace">I also checked RFC2543 just for fun and similar wording is there.</div><div class="gmail_default" style="font-family:"courier new",monospace"><br></div><div class="gmail_default" style="font-family:"courier new",monospace">A client just informed me that he is seeing errors in the field where FreeSWITCH is generating CSeq headers with a negative sequence number and those requests are getting rejected by other endpoints.</div><div class="gmail_default" style="font-family:"courier new",monospace"><br></div><div class="gmail_default" style="font-family:"courier new",monospace">

<div class="gmail_default" style="font-size:small;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">=====================</div></div><div class="gmail_default" style="font-family:"courier new",monospace"><br></div><div class="gmail_default" style="font-family:"courier new",monospace"><br></div><div class="gmail_default" style="font-family:"courier new",monospace">In digging through the code, I found MASTER/src/mod/endpoints/mod_s<wbr>ofia/sofia_presence.c line 2134 defines a function sofia_presence_get_cseq() which appears to be responsible for creating the sequence value that ends up in the CSeq headers.</div><div class="gmail_default" style="font-family:"courier new",monospace"><br></div><div class="gmail_default" style="font-family:"courier new",monospace">A cursory glance at this logic leads me to believe that it is definitely capable of creating a sequence number with bit 31 set, which would be in violation of the RFC.</div><div class="gmail_default" style="font-family:"courier new",monospace"><br></div><div class="gmail_default" style="font-family:"courier new",monospace">I believe a simple fix with little side-effect would be to add the following line right before last_cseq is set ( line 2149 in MASTER ):</div><div class="gmail_default" style="font-family:"courier new",monospace"><br></div><div class="gmail_default" style="font-family:"courier new",monospace"><font face="courier new, monospace"> <span style="white-space:pre-wrap">               </span>}</font></div><div class="gmail_default" style="font-family:"courier new",monospace"><font face="courier new, monospace"> <span style="white-space:pre-wrap">     </span>}</font></div><div class="gmail_default" style="font-family:"courier new",monospace"><span style="font-family:"courier new",monospace">+</span><span style="font-family:"courier new",monospace;white-space:pre-wrap">   </span><span style="font-family:"courier new",monospace">callsequence &= 0x7FFFFFFF; // RFC3261 8.1.1.5 prohibits bit 31 to be set</span><br></div><div class="gmail_default" style="font-family:"courier new",monospace"><div class="gmail_default" style="font-family:arial,sans-serif;font-size:small;text-decoration-style:initial;text-decoration-color:initial"><font face="courier new, monospace"> <span style="white-space:pre-wrap">     </span>profile->last_cseq = callsequence;</font></div><br></div><div class="gmail_default" style="font-family:"courier new",monospace">=====================</div><div class="gmail_default" style="font-family:"courier new",monospace"><br></div><div class="gmail_default" style="font-family:"courier new",monospace"><br></div><div class="gmail_default" style="font-family:"courier new",monospace">Another small thing is that FreeSWITCH is generating a negative value in certain scenarios when outputting a CSeq header. This means that the sequence value is improperly being interpreted as a signed integer. This shouldn't matter because the high order bit isn't supposed to be set, but regardless the code is still technically wrong.</div><div class="gmail_default" style="font-family:"courier new",monospace"><br></div><div class="gmail_default" style="font-family:"courier new",monospace">In MASTER/libs/sofia-sip/libsofia<wbr>-sip-ua/sip/sip_basic.c I found a definition of sip_cseq_e() which correctly interprets the value as unsigned.</div><div class="gmail_default" style="font-family:"courier new",monospace"><br></div><div class="gmail_default" style="font-family:"courier new",monospace">There are a few logging examples that are wrong that I found using a simple grep, although these line #'s are probably off because it's from an old checkout. The "CSeq %d" in each of the following probably needs to be a "CSeq %u"<br></div><div class="gmail_default" style="font-family:"courier new",monospace"><br></div><div class="gmail_default"><div class="gmail_default" style="font-family:"courier new",monospace">nta\sl_utils_log.c:76       "%s%s "URL_FORMAT_STRING" (CSeq %d %s)\n",</div><div class="gmail_default" style="font-family:"courier new",monospace">nta\sl_utils_log.c:100      "%s%03u %s (CSeq %d %s)\n",</div><div class="gmail_default" style="font-family:"courier new",monospace">nta\sl_utils_print.c:69     "%s%s "URL_FORMAT_STRING" (CSeq %d %s)\n",</div><div class="gmail_default" style="font-family:"courier new",monospace">nta\sl_utils_print.c:86     "%s%03u %s (CSeq %d %s)\n",</div><div class="gmail_default" style="font-family:"courier new",monospace"><br></div><div class="gmail_default" style="font-family:"courier new",monospace"><br></div><div class="gmail_default" style="font-family:"courier new",monospace">However in MASTER/src/mod/endpoints/mod_s<wbr>ofia/sofia.c I found the following:</div><div class="gmail_default" style="font-family:"courier new",monospace"><br></div><div class="gmail_default" style="font-family:"courier new",monospace">line 381:</div><div class="gmail_default" style="font-family:"courier new",monospace"><br></div><div class="gmail_default" style="font-family:"courier new",monospace">-switch_snprintf(sip_cseq, sizeof(sip_cseq), "%d", sip->sip_cseq->cs_seq);<br></div><div class="gmail_default"><span style="font-family:"courier new",monospace">+switch_snprintf(sip_cseq, sizeof(sip_cseq), "%u", sip->sip_cseq->cs_seq);</span><br></div><div class="gmail_default"><font face="courier new, monospace"><br class="m_9002575031724517042m_5455570861117962651m_-699201633951285022gmail-Apple-interchange-newline"></font></div><div class="gmail_default" style="font-family:"courier new",monospace">line 1707:</div><div class="gmail_default" style="font-family:"courier new",monospace"><br></div><div class="gmail_default"><font face="courier new, monospace">-switch_snprintf(sip_cseq, sizeof(sip_cseq), "%d", sip->sip_cseq->cs_seq);</font><br></div><div class="gmail_default"><span style="font-family:"courier new",monospace">+switch_snprintf(sip_cseq, sizeof(sip_cseq), "%u", sip->sip_cseq->cs_seq);</span><br></div><div class="gmail_default" style="font-family:"courier new",monospace"><br></div></div><div class="gmail_default" style="font-family:"courier new",monospace">=====================<br></div><div class="gmail_default" style="font-family:"courier new",monospace"><br></div><div class="gmail_default" style="font-family:"courier new",monospace"><br></div><div class="gmail_default" style="font-family:"courier new",monospace">Something like the following might also be a consideration, but probably only in 1.8:</div><div class="gmail_default" style="font-family:"courier new",monospace"><br></div><div class="gmail_default" style="font-family:"courier new",monospace">In MASTER/libs/sofia-sip/libsofia<wbr>-sip-ua/sip/sip_basic.c line 1288 add something like the following:</div><div class="gmail_default" style="font-family:"courier new",monospace"><br></div><div class="gmail_default" style="font-family:"courier new",monospace">if ( seq & 0x80000000 )</div><div class="gmail_default" style="font-family:"courier new",monospace">{</div><div class="gmail_default" style="font-family:"courier new",monospace">    SU_DEBUG_1(("%s: CSeq header creation failed - sequence value %u violates RFC3261/<a href="http://8.1.1.5" target="_blank">8.1.1.5</a>", __func__, seq ));</div><div class="gmail_default" style="font-family:"courier new",monospace">    return NULL;</div><div class="gmail_default" style="font-family:"courier new",monospace">}</div><div class="gmail_default" style="font-family:"courier new",monospace"><br></div><div class="gmail_default" style="font-family:"courier new",monospace"><br></div><div class="gmail_default" style="font-family:"courier new",monospace"><br></div><div class="gmail_default" style="font-family:"courier new",monospace">P.S. I'd really like to see at least the first 2 changes proposed above ( callsequence masking and format string fixes ) back-ported to 1.6.</div><div style="font-family:"courier new",monospace"><div class="m_9002575031724517042m_5455570861117962651m_-699201633951285022gmail-m_3082767323673517340gmail_signature"><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><span style="font-family:arial;font-size:small"><br></span></div><br class="m_9002575031724517042m_5455570861117962651m_-699201633951285022gmail-m_3082767323673517340gmail-Apple-interchange-newline">

</div></div><br clear="all"></div><div><div class="m_9002575031724517042m_5455570861117962651m_-699201633951285022gmail-m_3082767323673517340gmail_signature"><div><span style="font-family:arial;font-size:small"><br></span></div><div><span style="font-family:arial;font-size:small"><br></span></div><span style="font-family:arial;font-size:small">Royce Mitchell, </span>IT Consultant<div style="font-family:arial;font-size:small">ITAS Solutions</div><div style="font-family:arial;font-size:small"><a href="mailto:royce3@itas-solutions.com" target="_blank">royce3@itas-solutions.com</a></div></div></div>
</div>
</div></blockquote></div></div><blockquote type="cite"><div><span>______________________________<wbr>______________________________<wbr>_____________</span><br><span>Professional FreeSWITCH Services</span><br><span><a href="mailto:sales@freeswitch.com" target="_blank">sales@freeswitch.com</a></span><br><span><a href="https://freeswitch.com" target="_blank">https://freeswitch.com</a></span><br><span></span><br><span>Official FreeSWITCH Sites</span><br><span><a href="https://freeswitch.com/oss" target="_blank">https://freeswitch.com/oss</a></span><br><span><a href="https://freeswitch.org/confluence" target="_blank">https://freeswitch.org/conflue<wbr>nce</a></span><br><span><a href="https://cluecon.com" target="_blank">https://cluecon.com</a></span><br><span></span><br><span>FreeSWITCH-dev mailing list</span><br><span><a href="mailto:FreeSWITCH-dev@lists.freeswitch.org" target="_blank">FreeSWITCH-dev@lists.freeswitc<wbr>h.org</a></span><br><span><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev" target="_blank">http://lists.freeswitch.org/ma<wbr>ilman/listinfo/freeswitch-dev</a></span><br><span>UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-dev" target="_blank">http://lists.frees<wbr>witch.org/mailman/options/free<wbr>switch-dev</a></span><br><span><a href="https://freeswitch.com" target="_blank">https://freeswitch.com</a></span></div></blockquote></div><br>______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Services<br>
<a href="mailto:sales@freeswitch.com" target="_blank">sales@freeswitch.com</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="https://freeswitch.com/oss" rel="noreferrer" target="_blank">https://freeswitch.com/oss</a><br>
<a href="https://freeswitch.org/confluence" rel="noreferrer" target="_blank">https://freeswitch.org/conflue<wbr>nce</a><br>
<a href="https://cluecon.com" rel="noreferrer" target="_blank">https://cluecon.com</a><br>
<br>
FreeSWITCH-dev mailing list<br>
<a href="mailto:FreeSWITCH-dev@lists.freeswitch.org" target="_blank">FreeSWITCH-dev@lists.freeswitc<wbr>h.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev" rel="noreferrer" target="_blank">http://lists.freeswitch.org/ma<wbr>ilman/listinfo/freeswitch-dev</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-dev" rel="noreferrer" target="_blank">http://lists.frees<wbr>witch.org/mailman/options/free<wbr>switch-dev</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a><br></blockquote></div><br><br clear="all"><div><br></div></div></div><span class="m_9002575031724517042HOEnZb"><font color="#888888">-- <br><div class="m_9002575031724517042m_5455570861117962651gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Anthony Minessale II</div><div dir="ltr">Founder, FreeSWITCH.</div><div dir="ltr"><div><a href="http://freeswitch.com" target="_blank">http://freeswitch.com</a></div><div><br></div><div><br></div><div><span style="font-size:12.8px"><a href="https://youtu.be/l_hOxzCt6X4" target="_blank">https://youtu.be/l_hOxzCt6X4</a></span><br></div><div><a href="https://www.youtube.com/watch?v=oAxXgyx5jUw" target="_blank">https://www.youtube.com/watch?<wbr>v=oAxXgyx5jUw</a><br></div><div><a href="https://www.youtube.com/watch?v=9XXgW34t40s" style="color:rgb(17,85,204);font-size:12.8000001907349px" target="_blank">https://www.youtube.com/watch?<wbr>v=9XXgW34t40s</a></div><div><a href="https://www.youtube.com/watch?v=NLaDpGQuZDA" target="_blank">https://www.youtube.com/watch?<wbr>v=NLaDpGQuZDA</a><br></div></div></div></div></div></div></div></div></div>
</font></span></div>
<br>______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Services<br>
<a href="mailto:sales@freeswitch.com" target="_blank">sales@freeswitch.com</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="https://freeswitch.com/oss" rel="noreferrer" target="_blank">https://freeswitch.com/oss</a><br>
<a href="https://freeswitch.org/confluence" rel="noreferrer" target="_blank">https://freeswitch.org/conflue<wbr>nce</a><br>
<a href="https://cluecon.com" rel="noreferrer" target="_blank">https://cluecon.com</a><br>
<br>
FreeSWITCH-dev mailing list<br>
<a href="mailto:FreeSWITCH-dev@lists.freeswitch.org" target="_blank">FreeSWITCH-dev@lists.freeswitc<wbr>h.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev" rel="noreferrer" target="_blank">http://lists.freeswitch.org/ma<wbr>ilman/listinfo/freeswitch-dev</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-dev" rel="noreferrer" target="_blank">http://lists.frees<wbr>witch.org/mailman/options/<wbr>freeswitch-dev</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a><br></blockquote></div><br></div></div></div>
<br>______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Services<br>
<a href="mailto:sales@freeswitch.com">sales@freeswitch.com</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="https://freeswitch.com/oss" rel="noreferrer" target="_blank">https://freeswitch.com/oss</a><br>
<a href="https://freeswitch.org/confluence" rel="noreferrer" target="_blank">https://freeswitch.org/<wbr>confluence</a><br>
<a href="https://cluecon.com" rel="noreferrer" target="_blank">https://cluecon.com</a><br>
<br>
FreeSWITCH-dev mailing list<br>
<a href="mailto:FreeSWITCH-dev@lists.freeswitch.org">FreeSWITCH-dev@lists.<wbr>freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev" rel="noreferrer" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>dev</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-dev" rel="noreferrer" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-dev</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Anthony Minessale II</div><div dir="ltr">Founder, FreeSWITCH.</div><div dir="ltr"><div><a href="http://freeswitch.com" target="_blank">http://freeswitch.com</a></div><div><br></div><div><br></div><div><span style="font-size:12.8px"><a href="https://youtu.be/l_hOxzCt6X4" target="_blank">https://youtu.be/l_hOxzCt6X4</a></span><br></div><div><a href="https://www.youtube.com/watch?v=oAxXgyx5jUw" target="_blank">https://www.youtube.com/watch?v=oAxXgyx5jUw</a><br></div><div><a href="https://www.youtube.com/watch?v=9XXgW34t40s" style="color:rgb(17,85,204);font-size:12.8000001907349px" target="_blank">https://www.youtube.com/watch?v=9XXgW34t40s</a></div><div><a href="https://www.youtube.com/watch?v=NLaDpGQuZDA" target="_blank">https://www.youtube.com/watch?v=NLaDpGQuZDA</a><br></div></div></div></div></div></div></div></div></div>
</div>