[Freeswitch-svn] [commit] r13443 - in freeswitch/trunk/src: . include

[FreeSWITCH SVN]

Author: brian
Date: Tue May 26 20:40:11 2009
New Revision: 13443

Log:
 fix mitm to be more reliable

Modified:
   freeswitch/trunk/src/include/switch_types.h
   freeswitch/trunk/src/switch_rtp.c

Modified: freeswitch/trunk/src/include/switch_types.h
==============================================================================
--- freeswitch/trunk/src/include/switch_types.h	(original)
+++ freeswitch/trunk/src/include/switch_types.h	Tue May 26 20:40:11 2009
@@ -499,7 +499,8 @@
 	SWITCH_RTP_FLAG_STICKY_FLUSH = (1 << 22),
 	SWITCH_ZRTP_FLAG_SECURE_SEND = (1 << 23),
 	SWITCH_ZRTP_FLAG_SECURE_RECV = (1 << 24),
-	SWITCH_ZRTP_FLAG_SECURE_MITM = (1 << 25)
+	SWITCH_ZRTP_FLAG_SECURE_MITM_SEND = (1 << 25),
+	SWITCH_ZRTP_FLAG_SECURE_MITM_RECV = (1 << 26)
 } switch_rtp_flag_enum_t;
 typedef uint32_t switch_rtp_flag_t;
 

Modified: freeswitch/trunk/src/switch_rtp.c
==============================================================================
--- freeswitch/trunk/src/switch_rtp.c	(original)
+++ freeswitch/trunk/src/switch_rtp.c	Tue May 26 20:40:11 2009
@@ -445,7 +445,8 @@
 	case ZRTP_EVENT_IS_SECURE:
 		switch_set_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_SEND);
 		switch_set_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_RECV);
-		switch_set_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM);
+		switch_set_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND);
+		switch_set_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_RECV);
 		if (zrtp_status_ok == zrtp_session_get(rtp_session->zrtp_session, &zrtp_session_info)) {
 			if (zrtp_session_info.sas_is_ready) {
 
@@ -510,7 +511,8 @@
 	case ZRTP_EVENT_IS_PENDINGCLEAR:
 		switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_SEND);
 		switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_RECV);
-		switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM);
+		switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND);
+		switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_RECV);
 		rtp_session->zrtp_mitm_tries = 0;
 		break;
 	case ZRTP_EVENT_NO_ZRTP:
@@ -2257,13 +2259,19 @@
 	frame->m = rtp_session->recv_msg.header.m ? SWITCH_TRUE : SWITCH_FALSE;
 
 #ifdef ENABLE_ZRTP
-	if (zrtp_on && switch_test_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM)) {
-		frame->extra_data = rtp_session->zrtp_ctx;
-		switch_set_flag(frame, SFF_ZRTP);
-		if (rtp_session->zrtp_mitm_tries > 10) {
-			switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM);
+	if (zrtp_on && switch_test_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_RECV)) {
+		zrtp_session_info_t zrtp_session_info;
+
+		if (zrtp_status_ok == zrtp_session_get(rtp_session->zrtp_session, &zrtp_session_info)) { 
+			if (zrtp_session_info.sas_is_ready) {    
+				frame->extra_data = rtp_session->zrtp_ctx;
+				switch_set_flag(frame, SFF_ZRTP);
+				if (rtp_session->zrtp_mitm_tries > 20) {
+					switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_RECV);
+				}
+				rtp_session->zrtp_mitm_tries++;
+			}
 		}
-		rtp_session->zrtp_mitm_tries++;
 	}
 #endif
 
@@ -2689,12 +2697,17 @@
 	}
 
 #ifdef ENABLE_ZRTP
-	if (zrtp_on && switch_test_flag(frame, SFF_ZRTP)) {
-		
-		if (zrtp_status_ok == zrtp_resolve_mitm_call(frame->extra_data, rtp_session->zrtp_ctx)) {
-			switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM);
+	if (zrtp_on && switch_test_flag(frame, SFF_ZRTP) && switch_test_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND)) {
+		zrtp_session_info_t zrtp_session_info;
+
+		if (zrtp_status_ok == zrtp_session_get(rtp_session->zrtp_session, &zrtp_session_info)) { 
+			if (zrtp_session_info.sas_is_ready) {    
+				if (zrtp_status_ok == zrtp_resolve_mitm_call(frame->extra_data, rtp_session->zrtp_ctx)) {
+					switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND);
+				}
+				rtp_session->zrtp_mitm_tries++;
+			}
 		}
-		rtp_session->zrtp_mitm_tries++;
 	}
 #endif