This release note describes new features, the latest hardware and software requirements, known limitations and other pertinent release information for the latest release of SBC Core.
Please note that all Ribbon bugs reported by customers on a given software release will be fixed in the latest release on that software release branch.
To view and download the latest End of Product Sale (EoPS) and other End Of Life (EOL) notices, navigate to the Resource Library on the corporate website (https://ribboncommunications.com/company/get-help/resource-library).
Ribbon Release Notes are protected under the copyright laws of the United States of America. This work contains proprietary information of Ribbon Communications, Plano, TX 75023, USA. Use, disclosure, or reproduction in any form is strictly prohibited without prior authorization from Ribbon Communications.
The following Ribbon announcements (formerly known as WBAs) are referenced in this release note:
Bulletin ID | Description | Fixed In Release |
---|---|---|
Warning-14-00020748 | Verify system and databases are fully in sync prior to Live Software Upgrade (LSWU). Applies to all SBC platforms (HW, SWe, Cloud) except the SBCs deployed in a Distributed SBC (D-SBC) architecture. | N/A |
Warning-21-00029858 | The AWS SBC Might Fail to Come Up Due to a Metadata Query Failure from the Metadata Server. | 9.2.0 |
Warning-21-00029859 | Policy Data syncInProgress after Upgrade Revert. | 9.2.2 |
Warning-21-00029972 | The SBC upgrade may truncate the SQL configuration database due to too many historical alarms. | 9.1.0 |
To view/download Ribbon announcements, do the following:
For problems or questions, contact the Global Support Assistance Center:
Ribbon Support Portal: https://ribboncommunications.com/services/ribbon-support-portal
Voice: +1-833-RIBBON1 (1-833-742-2661)
The SBC Core platforms address the next-generation needs of SIP communications by delivering media transcoding, robust security and advanced call routing in a high-performance, 2RU, and 5RU form-factor devices enabling service providers and enterprises to quickly and securely enhance their network by implementing services like SIP trunking, secure Unified Communications and Voice over IP (VoIP).
For more product information, refer to the section About SBC Core in the main documentation space.
The SBC Core software interoperates with the following:
When using H.323-SIP and SIP-H.323 call flows, an additional Re-invite/Update may get generated towards the SIP side. To suppress this, enable the IP Signaling Profile (IPSP) flag Minimize Relaying Of Media Changes From Other Call Leg
at the SIP side.
H.323 is not supported on SBC SWe cloud deployments.
When upgrading your network, ensure to upgrade each product to the most current release to take advantage of the latest features, enhancements, and fixes.
For complete interoperability details between various Ribbon products, including backwards compatibility, refer to Ribbon Product Interoperability.
Refer to SBC Core Portfolio Interoperability Matrix for the latest and minimum compatible product versions supporting this release.
Issue ID | Feature | Description |
---|---|---|
SBX-101539 | SBX-116000 | After PSX 14.1 upgrade Attestation value needs to be in the v9.2 CDR | The SBC supports sending the PSX derived STI parameters by decoding the received Identity from the STI-AS, based on the control at the PSX. In earlier versions, the SBC sends the Ingress received P-Origination-Id and P-Attestation-Indicator. For the verification, the PSX now adds the capability to base64, decode the payload part of the SHAKEN Identity header to derive the STI parameters, in the absence of these parameters in the verification response from the STI-VS. |
SBX-102448 | SBC On-hold Race Condition | The SBC is enhanced with the addition of three gateway-specific flags in the SIP trunk group signaling configuration to support the handling of 100rel-based back-to-back 18x responses using SDP changes to block irrelevant Re-INVITE/UPDATE messages between gateways. This configuration will prevent potential one-way audio issues between gateways.
For more information, refer to: |
SBX-114819 | Treat AMR-WB/AMR full mode-set closed Offer as restricted mode-set | Ribbon recommends that operators use the mode-set attribute to restrict the mode-set range. When the endpoint supports all the modes, it must not insert the "mode-set" parameter in the Offer. If the mode-set parameter is inserted in the Offer, then calls are dropped as the payload is rejected. The SBC is enhanced to treat the mode-set = ABSENT and the mode-set =0,1,2,3,4,5,6,7 as different in the Offer Answer cycle. The mode-set attribute must get relayed on both the Offer and Answer path. This change is implemented unconditionally without any additional configuration flags. The feature allows the transparent relay of full mode-set. Note: If you deployed an SMM as a workaround, you must remove it. Example:
|
SBX-114823 | Increase sharedCacLimitsPool above 2,000 | Increased the limit of Shared CAC Limits Pool configuration to 4,000 to support customer networks. For more information, refer to SBC Provisioning Limits. |
SBX-114828 | ACL limit in SBC SWe is too low for some customer applications | The system SWe Config Profile provisioning option "largeuseracl" is added in this release to allow a higher number of IP ACLs (10,5926) for larger networks. The "largeuseracl" profile is applicable to the SBC SWe and SLB when VM Memory ≥ 18 GiB RAM. For more information, refer to: |
To view features in previous releases, refer to the following release notes:
To instantiate the SBC instances, the following templates can be used:
Example template files are packaged together in .tar.gz and .sha256 files separate from the SBC Core application installation and upgrade files:
The system hosting the SBC SWe Cloud must meet the below requirements.
The following tarball file is required to use the IaC environment to deploy SWe N:1 deployments on VMware:
The environment in which you place and expand the IaC tarball must include:
For more information on IaC, refer to Using the Ribbon IaC Environment to Deploy SBC SWe on VMware.
The following SBC 51x0/52x0, SBC 5400 and SBC 7000 software and firmware versions are required for this release. For 5xx0, the BIOS is installed during application installation; whereas, for 5400 and 7000, the BMC/BIOS is included in the firmware package and installed during the firmware upgrade.
The firmware package of SBC 5400 and 7000 includes BMC, BIOS, and other binaries. The firmware is upgraded from the BMC.
Use the EMA to verify the currently installed software and firmware versions.
Log on to the EMA, and from the main screen navigate to Monitoring > Dash43oard > System and Software Info.
The following software release bundles are available for download from the Customer Portal:
Download the appropriate software packages for your desired configuration from the Customer Portal (https://ribboncommunications.com/services/ribbon-support-portal-login) to your PC:
Beginning with version 9.0, the pre-install script now uses the .sha256 checksum files when validating file integrity. Previous versions (7.x and 8.x) use the .md5 checksums.
firmware-5XX0-V03.23.00-R000.img
firmware-5XX0-V03.23.00-R000.img.md5
bmc5X00_v3.23.0-R0.rom.md5sum
bmc5X00_v3.23.0-R0.rom
Perform the Method Of Procedure (MOP) only for upgrading the FPGA image of an SBC 7000 DSP-LC card when the SBC 7000 DSP-LC FPGA version is 0x14. The MOP can be applied at any version time, with the only restriction being that the BMC firmware version is at least 1.25.0. However, if the SBC application is running version V05.01.00R000 or higher, then the DSPs will be set to disabled and transcoding and transrating calls will fail if the SBC 7000 DSP-LC FPGA version is 0x14. Therefore, it is necessary to upgrade the SBC 7000 DSP-LC FPGA if the version is 0x14, before upgrading the SBC to 5.1.0. However, the MOP can be applied if the application version is higher than 5.1.0. Click Here to view the 550-06210_DSP-LC_FPGA_Upgrade_MOP.
The ConnexIP Operating System installation package for SBC Core:
Once the ConnexIP ISO procedure is completed, the SBC application package is automatically uploaded to SBC platforms.
Release 9.2 includes a new set of OS security patches, and also a new version of confD. Release 9.2.1 includes a new set of OS security patches including the fix for CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit).
The SBC Application installation and upgrade package for SBC Core:
sbc-V09.02.04R000-connexip-os_08.02.04-R000_816_amd64.qcow2.sha256
sbc-V09.02.04-R000.x86_64.tar.gz
sbc-V09.02.04-R000.x86_64.md5
For detailed information on installation and upgrade procedures, refer to SBC Core Software Installation and Upgrade Guide.
These files are for SBC SWe deployments in the OpenStack cloud using VNFM.
For VNFM deployment, the VNF Descriptor (VNFD) file is provided in a Cloud Service Archive (CSAR) package for the type of SBC cluster being deploying. VNFs are independent and CSAR definitions are imported into the VNFM via an Onboarding mechanism. There is a procedure for producing the required CSAR variant, for different personalities (S-SBC, M-SBC), different interface types (virtio, sriov).
Files required for CSAR creation:
For detailed information on installation and upgrade procedures, refer to SBC Core Software Installation and Upgrade Guide.
For details on CSAR creation, refer to Creating a CSAR Package File.
Using older versions of ESXi can trigger a VM instance shutdown. To prevent this from occurring, you must upgrade the VMware ESXi -- refer to the End of General Support column on https://lifecycle.vmware.com/#/ for supported versions.
A LSWU on an SBC 7000 should only be performed when the total number of active calls on the system is below 18,000. If the criteria is not met, a double failure during the upgrade may occur, thereby losing all active calls. If such a failure occurs, both active and standby SBC services will go down. Contact Ribbon Support immediately.
Customers upgrading from 9.2.2R1 using VMware or KVM need to run the following command as root user on both the active and standby instances:
touch /opt/sonus/conf/swe/capacityEstimates/.indexMarker
This is not required for upgrades from earlier releases.
The SBC 51xx and 52xx systems require 24GB of RAM to run 6.x code or higher.
Once the installation or upgrade completes on the SBC 51x0 and SBC SWe platforms, the copy of the installation package (SBC Core Installation and Upgrade Package) is automatically removed from the system.
Release 9.2 and later requires additional user account security practices for SBC SWe deployments in Openstack cloud environments. During upgrade of SBC SWe cloud instances deployed using Heat templates, you must use a template that includes SSH keys or passwords for the admin and linuxadmin accounts. The example Heat templates have been updated to include information on how to specify this type of data in the userdata section of a template.
In order to take advantage of performance improvements due to hyper-threading refer to the following MOP to increase the number of vCPUs prior to SBC SWe (KVM Hypervisor or VMware) upgrades from pre-07.01.00R000 release to 07.01.00R000 or higher.
The number of rules across SMM profiles in a system is limited to 10000, and the number of actions across profiles in a system is limited to 50000.
Ensure the above conditions are met before LSWU.
In NFV environments, the method used for upgrades involves rebuilding the instance, which requires additional disk space on the host. The minimum disk space needed for this operation is listed in the table below.
SWe SBC software enforces I-SBC instances to run only with a single vNUMA node in order to achieve deterministic performance. SWe SBC VM having >8 vCPUs hosted on dual-socket physical server with VMware ESXi software needs to follow the steps below to correct vNUMA topology before upgrading to latest SWe SBC software:
vsish -e get /net/pNics/<PKT port name - vmnicX>/properties | grep "NUMA"
If any of the above settings requires modification, follow the steps below on SWe SBC HA system:
numa.autosize.once = FALSE
numa.nodeAffinity’ = 0 or 1 (based on PKT port NIC affinity)
On ESXi 6.5 and above releases, vSphere web client can be used to add above rows under Edit settings > VM options > configuration parameters > add parameters;
On ESXi 6.0 and below releases, it can be added under Edit > Advanced > general > configuration parameters > add rows using vSphere client.
For more information, refer to:
Before beginning the upgrade on a SBC running code prior to 8.2R0, the following commands on all the DNS Groups needs to be issued if “ednsSupport” is enabled.
Failure statistics are not being mirrored correctly, and the LSWU state may stay in “syncing” if the “ednsFailures “ count is non-zero.
admin@PLUM> request addressContext default dnsGroup DnsGrp dnsServerReset
reason DNS Server statistics are Reset
[ok][2020-11-06 04:08:13]
admin@PLUM> show status addressContext default dnsGroup DnsGrp
dnsServerStatistics 2
{ ipAddress 10.xx.xx.xx; queries 0; timeouts 0; errors 0; referrals 0; totalTcpConnection 0; tcpConnectionFailed 0; tcpConnectionSuccess 0; tcpConnectiontorndown 0; tcpFallback 0; ednsStatus supported; ednsFailures 0; }
[ok][2020-11-06 04:08:22]
admin@PLUM>
2. Disable the ednsSupport to stop mirroring of the statistics if the error count is constantly incrementing or likely to increase during the upgrade.
set addressContext default dnsGroup DnsGrp ednsSupport disabled
Note: The ednsServer stats will be lost/reset during the upgrade.
If the TRF/MRB Features are configured and enabled – some calls are unable to be cleared post upgrade if using the TRF/MRB attributes.
The upgrade is successful and calls continue but some calls may fail to clean up release post upgrade. Session KeepAlive and RTP Inactivity functions will clean any stale calls.
Enable the sessionKeepalive or rtpInactivity monitoring to ensure that mirrored calls are cleaned up post upgrade.
set addressContext default zone ZONE_AS sipTrunkGroup TG_AS_SIPP signaling timers sessionKeepalive <value>
OR
set system media mediaPeerInactivity <value>
set profiles media packetServiceProfile DEFAULT peerAbsenceAction peerAbsenceTrapAndDisconnect
Upgrade from a pre 8.2 release with globalization support for registration enabled will see a registration drop during an upgrade.
If the following localNumberSupport is enabled, those registrations will be dropped after first switchover during LSWU.
% set addressContext <name> zone <name> sipTrunkGroup <name> signaling localNumberSupport <disabled | enabled>
Prior to performing an upgrade to this release, you must remove usernames that do not conform to the SBC user-naming rules to prevent upgrade failure. Upgrade can proceed successfully after removing all invalid usernames. The following user-naming rules apply:
Usernames can contain a maximum of 23 characters.
The following names are not allowed:
tty disk kmem dialout fax voice cdrom floppy tape sudo audio dip src utmp video sasl plugdev staff users nogroup i2c dba operator
Note: Any CLI usernames consisting of digits only or not conforming to new user naming rules will be removed after performing a restore config in release 9.2.4R000.
Prior to performing an upgrade to the 9.2 release, the dnsGroups with type mgmt must be specified/updated with the "interface" field. The steps are included in announcement "W-17-00022847".
If the above MOP is not run, the LSWU process may fail because of duplicate trunk group or zone names.
Prior to performing an upgrade to 9.2 release, the duplicate trunk groups or zones must be removed. The steps are included in announcement "W-17-00022689".
CPU resource allocation requirements for SBC SWe VM are strictly enforced. You must review and verify these VM settings (including co-hosted VMs) against the documented "VM Configuration Recommendations" on the For VMware page in the Hardware and Software Requirements section before upgrading.
If you encounter a problem, correct the CPU reservation settings as specified in step 6 of the "Adjust Resource Allocations" procedure on Creating a New SBC SWe VM Instance with VMXNET3:
Set the CPU reservation for the VM so that it equals the physical processor CPU speed, multiplied by the number of vCPUs divided by two.
For example, a configuration of 4 vCPUs with a processor of 2.99 GHz CPU speed, reserve: 2992 * 4/2 = 5984 MHz
If the VM uses the same number of vCPUs as the number of physical processors on the server, this reservation may not be possible. In this case, reduce the number of vCPUs assigned to VM by one and set the CPU reservation to the appropriate value.
When using the show table system serverSoftwareUpgradeStatus
command during the upgrade, the Standby server's LSWU status will always display "Upgrading" even though the upgrade may have failed due to host checker validation. To check if host validation failed for the Standby, check for HostCheck Validation Failed message in the upgrade.out
log.
As a prerequisite for SWe LSWU/upgrade, disable the Call Trace feature prior to performing the LSWU/upgrade and re-enable it once the LSWU/upgrade is completed.
Perform the following procedure on the Standby to check for the Hostcheck Validation Failed message in the upgrade.out
log.
/opt/sonus/staging/upgrade.out
(this log shows the Hostcheck Validation Failed error).show table system serverSoftwareUpgradeStatus
to confirm the successful upgrade.As of release 9.2.0R1, the Platform Manager (PM) runs an LSWU infrastructure, providing the ability to perform LSWU upgrades to later releases using the PM. However, this feature is not currently supported in 4.2.x releases and should not be used at this time.
Operators who are using the SBC to interoperate with MS Teams need to review and compare their configuration against the latest configuration guide, especially the SMM, as it might result in call failures after upgrade if the older SMM is left in place. For more information, refer to SBC 9.2 - MS Teams Solution Guide.
This release includes all bug fixes implemented in the releases which are documented in the Supported Upgrade Paths table of this release note.
To view bug fixes in previous releases, refer to the release note(s) of interest from the SBC 5xx0-7000-SWe Documentation Home page.
The SBC Core supports Live Software Upgrade from releases listed in the table below:
The following table displays the security vulnerability that was resolved in this release.
CVE | Risk | Description |
---|---|---|
CVE-2022-22824 | Critical | defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
CVE-2022-25315 | Critical | In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. |
CVE-2021-3177 | Critical | Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. |
CVE-2021-43527 | Critical | NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1. |
CVE-2022-25236 | Critical | xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. |
CVE-2022-22823 | Critical | build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
CVE-2022-23852 | Critical | Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. |
CVE-2022-23943 | Critical | Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. |
CVE-2022-23990 | Critical | Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. |
CVE-2022-22721 | Critical | If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. |
CVE-2021-44790 | Critical | A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. |
CVE-2022-0582 | Critical | Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file |
CVE-2022-25235 | Critical | xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. |
CVE-2022-22720 | Critical | Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling |
CVE-2022-22822 | Critical | addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
CVE-2021-4181 | High | CVE-2021-4181 Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file |
CVE-2021-3872 | High | vim is vulnerable to Heap-based Buffer Overflow |
CVE-2021-4069 | High | vim is vulnerable to Use After Free |
CVE-2021-22600 | High | A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 |
CVE-2021-39923 | High | Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file |
CVE-2022-0408 | High | Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
CVE-2021-4185 | High | Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file |
CVE-2018-25032 | High | zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. |
CVE-2022-22827 | High | storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
CVE-2021-4202 | High | A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem. |
CVE-2021-3760 | High | A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability. |
CVE-2021-39698 | High | In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-185125206References: Upstream kernel |
CVE-2021-20322 | High | A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. |
CVE-2022-0581 | High | Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file |
CVE-2021-46143 | High | In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. |
CVE-2021-3612 | High | An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. |
CVE-2022-0368 | High | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. |
CVE-2022-0586 | High | Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file |
CVE-2021-39921 | High | NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file |
CVE-2021-3778 | High | vim is vulnerable to Heap-based Buffer Overflow |
CVE-2021-4184 | High | Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file |
CVE-2021-38160 | High | ** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior. |
CVE-2019-17498 | High | In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. |
CVE-2021-3748 | High | A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process. |
CVE-2021-33033 | High | The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. |
CVE-2021-3984 | High | vim is vulnerable to Heap-based Buffer Overflow |
CVE-2021-3928 | High | vim is vulnerable to Use of Uninitialized Variable |
CVE-2021-22191 | High | Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file. |
CVE-2021-3752 | High | A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. |
CVE-2022-0435 | High | A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. |
CVE-2021-41864 | High | prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. |
CVE-2021-39685 | High | In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210292376References: Upstream kernel |
CVE-2021-4019 | High | vim is vulnerable to Heap-based Buffer Overflow |
CVE-2021-3640 | High | A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system. |
CVE-2022-22826 | High | nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
CVE-2021-39922 | High | Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file |
CVE-2022-22719 | High | A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. |
CVE-2021-4200 | High | The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access. |
CVE-2021-42008 | High | The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access. |
CVE-2020-16119 | High | Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196. |
CVE-2021-44733 | High | A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. |
CVE-2021-45960 | High | In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). |
CVE-2021-45417 | High | AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow. |
CVE-2021-3796 | High | vim is vulnerable to Use After Free |
CVE-2022-0492 | High | A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. |
CVE-2022-0778 | High | The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). |
CVE-2022-0554 | High | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2. |
CVE-2022-0729 | High | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. |
CVE-2021-45485 | High | In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. |
CVE-2021-22543 | High | An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation. |
CVE-2022-0685 | High | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. |
CVE-2021-4083 | High | A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4. |
CVE-2019-13115 | High | In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855. |
CVE-2022-0359 | High | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
CVE-2017-12613 | High | When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input. |
CVE-2021-39686 | High | In several functions of binder.c, there is a possible way to represent the wrong domain to SELinux due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-200688826References: Upstream kernel |
CVE-2022-22825 | High | lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
CVE-2021-40490 | High | A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. |
CVE-2021-39924 | High | Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file |
CVE-2021-43618 | High | GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms. |
CVE-2022-0583 | High | Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file |
CVE-2022-0330 | High | A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. |
CVE-2021-44224 | High | A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). |
CVE-2021-3974 | High | vim is vulnerable to Use After Free |
CVE-2021-25220 | High | BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients. |
CVE-2021-22235 | High | Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file |
CVE-2021-39928 | High | NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file |
CVE-2021-39925 | High | Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file |
CVE-2022-24407 | High | In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. |
CVE-2021-4192 | High | vim is vulnerable to Use After Free |
CVE-2021-3653 | High | A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7. |
CVE-2021-39929 | High | Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file |
CVE-2021-39714 | High | In ion_buffer_kmap_get of ion.c, there is a possible use-after-free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205573273References: Upstream kernel |
CVE-2021-3973 | High | vim is vulnerable to Heap-based Buffer Overflow |
CVE-2022-0361 | High | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
CVE-2021-3927 | High | vim is vulnerable to Heap-based Buffer Overflow |
To view security vulnerabilities in previous releases, refer to the following release notes:
The following Severity 1 issues are resolved in this release:
Issue ID | Sev | Problem Description | Resolution | |
---|---|---|---|---|
1 | SBX-116568 | 1 | The SBC is sending 183 with precondition mandating without SDP. Impact: Observed call failures when the SBC sends a precondition option tag in 183 Session Progress message when there is no SDP. Root Cause: During precondition interworking, the SBC attempts to add precondition option tag in Require/Supported header even if there is no SDP in the outgoing 18x response. Steps to Replicate:
| The code is modified to clear the precondition option tag (if any) in Required/Supported header when there is no SDP in 18x. Workaround: Remove the precondition option tag using SMM in the outgoing 18x message if there is no SDP. |
2 | SBX-114048 | SBX-114279 | 1 | PORTFIX SBX-114048: The SBC Reports a service discovery error message. Impact: The SBC reports a service discovery error when the service discovery is not being used. Root Cause: The LCA sends an empty ConfigureBackends request to the SDR, causing an error. Steps to Replicate:
| Skip the configuration process if there is nothing to configure. Workaround: None |
3 | SBX-114771 | SBX-115767 | 1 | Portfix SBX-114771: An SCM process core dump occurs on the server. Impact: An SCM process core dump occurs as a result of a Segmentation Fault. Root Cause: The SIPSG code creates a segmentation fault when sending a 200OK in response to a REGISTER. The code is attempting to dereference an invalid pointer. Steps to Replicate: Regression testing is all that is necessary. | The code that causes the Segmentation Fault is removed. Workaround: None |
4 | SBX-112149 | SBX-115035 | 1 | Portfix SBX-112149: The Comp_Emap Processes cored on the SBC. Impact: In sensitive mode, an SCM Process core dumps when an Un-Hold UPDATE is received from the UAC during Tone Play. Root Cause: When an Un-HOLD UPDATE code is received from the UAC, the SBC tries to activate end to end resources. There is no answer received from the UAS, causing a core dump. Steps to Replicate:
| The code is modified to check whether an answer is received from the UAS before activating the end to end resources. Workaround: This issue occurs when the SBC is running in sensitive mode. Configure the SBC in normal mode. |
5 | SBX-112091 | SBX-115168 | 1 | Portfix SBX-112091: The SBC is not passing an UPDATE to the Egress. Impact: If the SBC receives two 180 responses with the same SDP (one unreliable and one reliable), then the SBC doesn't send an UPDATE to the Egress. Root Cause: The SBC has received two 180 responses with the same SDP. The first is unreliable and the second is reliable. If the SBC sends out an SDP using the unreliable 180, then the offer/answer state will not get updated upon receipt of the second 180. Steps to Replicate:
| The code is modified to address the issue. Workaround: None |
6 | SBX-114012 | SBX-114298 | 1 | Portfix SBX-114012: The SMM is not working when the From section contains an escape character. Impact: The SMM may fail to parse a display name in a double quote string where the inside may have more than one escape character next to each other in a header. Root Cause: A logical error in parsing that causes a parsing fail. Steps to Replicate:
| The code is modified to address the issue. Workaround: There is no workaround. |
7 | SBX-109056 | SBX-114339 | 1 | Portfix SBX-109056: The SBC 5400 TEAMS CQ is having transfer issues. Impact: When a call with DLRBT enabled undergoes more than one transfer with REFER signaling and the final transferee doesn't accept the call, the SBC does not correctly reconnect the call back to the transferor. Root Cause:
Steps to Replicate:
| The code is modified to address the issue. Workaround: Not available |
8 | SBX-114842 | SBX-115012 | 1 | Portfix SBX-114842: There is a Microsoft Teams Shared Line/Hold issue. Impact: The SBC fails to send an ACK after mix of replace and refer Invites (Microsoft Teams Shared line/hold feature). Root Cause: The SBC fails to release a tone announcement after receiving a 200OK from the refer Invite. Steps to Replicate: The steps can not be reproduced. | Properly release the tone resource. Workaround: Disable the tone as an announcement. |
9 | SBX-114426 | SBX-115189 | 1 | Portfix SBX-114426: There is a standby SBC coredump CE_2N_Comp_SamP Impact: Memory Corruption may occur in the SAM process if an IP Peer is deleted and then added back into a different zone. Root Cause: The code responsible for adding a new configured IP Peer may write into freed memory. Steps to Replicate: The root cause of this bug was found by code inspection. The problem could not be reproduced. | The code is modified to address the issue. Workaround: None. |
10 | SBX-113876 | SBX-115061 | 1 | Portfix SBX-115061: Fraud Mitigation on the SBC requires a specific cause code response. Impact: The functionality works and a call is released with 480 Temporarily Unavailable. There is a regulatory requirement that a specific Cause Code should be released when a Fraud Call is blocked. Root Cause: The ERE needs to have a new SEEDED script for call termination with results in the 607/608 status code being sent to the network. Steps to Replicate:
| Two new scripts are seeded:
Workaround: None |
11 | SBX-111620 | SBX-115025 | 1 | Portfix SBX-111620: During a T140 call there is one-way stream with a zero media port (NAPT media). Impact: A one-way stream is observed with a zero media port when the RTCP NAPT learning is complete before the RTP NAPT learning. Root Cause: Steps to Replicate:
| In a multiple stream scenario, when the RTP Port is 0, set it to loop back port 5004. Workaround:
|
12 | SBX-115316 | SBX-115429 | 1 | PortFix SBX-115316: The upgrade is related to marker files that are not being removed even after a successful upgrade on the public cloud. Impact: On a public cloud like Azure and AWS, a couple of marker files are created to indicate that a model update is needed after an upgrade. These marker files should be removed once the upgrade is completed, but are not. Root Cause: . If a system is being upgraded to 9.x or later releases while on public cloud platforms, these marker files will still exist and can cause the system to go through a model update on every SBC application restart. Steps to Replicate:
| The marker files are deleted correctly after an upgrade. Workaround: Contact TAC through a SFDC ticket to ask for the procedure. It is not a normal activity and will require Linux shell access. |
13 | SBX-97435 | SBX-115056 | 1 | Portfix SBX-97435: During an LRBT scenario, the SBC is not processing a sendrecv in a SIP re-Invite message causing a one-way audio. Impact: A Gateway to Gateway call scenario with a local ring back, causes a one way audio issue. Root Cause: As part of enabling the media end to end, the SBC initiates a Re-INV with an SDP attribute as sendonly for which the UAC responds with receonly. This causes the SBC to start a new modify offer-answer cycle towards the Egress GW. Steps to Replicate:
| The code is modified to address the issue. Workaround: None |
14 | SBX-115939 | SBX-116048 | 1 | Portfix SBX-115939: The SBC uses an incorrect branch parameter from the last transaction. Impact: The SBC retransmits an ACK for 200OK with a different branch parameter from the previous ACK. Root Cause: Transactions occur before the retransmit ACK and overwrite the previous branch parameter transaction. Steps to Replicate:
| Save the ACK branch parameter in a separate transaction to avoid being overwritten Workaround: If a reInvite is due to a media lock down, then disable the media lock down, or use a reliable transport. |
15 | SBX-114393 | SBX-114801 | SBX-114802 | 1 | Portfix SBX-114393: The TLS Session ID has all zeros on the new 9.2.2R3 code. Impact: The TLS Session IDs are not printed in the TLS Session Status command output. Root Cause: The code is removed in the latest releases. Steps to Replicate:
| The code is added to print Session IDs in TLS Session Status command output. Workaround: None |
16 | SBX-113065 | SBX-115040 | 1 | Portfix SBX-113065: A Critical alarm is showing as Urgent under the "EMA > Monitoring > Alarm > Current Alarm." Impact: A Critical alarm is showing as Urgent under the "EMA > Monitoring > Alarm > Current Alarm." Root Cause: The screen text of a critical alarm appears as Urgent instead of Critical. Steps to Replicate:
| The code is modified to address the issue. Workaround: None |
17 | SBX-116166 | SBX-116580 | 1 | Portfix SBX-116166: The SBC intermittently fails to handle a "Packet Too Big" event and sends an unfragmented packet to the gateway. Impact: The IPv6 Path MTU Discovery does not work.
Root Cause: When performing an IPv6 route/fib lookup while updating the Path MTU from the "ICMPv6 Packet Too Big" message, it doesn't consider the ipInterfaceGroup and the addressContext. This results in not updating the Path MTU with the proper route entry to the peer. Steps to Replicate:
| The code is modified for handling "ICMPv6 Packet Too Big" messages by adding:
Workaround: Add subnet routes on packet interfaces to the peer. |
18 | SBX-114981 | SBX-115572 | 1 | Portfix SBX-114981: The Block Direction does not work when selecting a secondary trunk group with a SIP Parameter Based Action Profile. Impact: The TG Block Direction feature is not applied on a newly selected Ingress TG. The new Ingress TG is selected by the SMM's storeIpTg or by using a sipParamBasedAction Profile. Root Cause: The TG Block Direction feature is not applied on a newly selected Ingress TG due to a design issue. Steps to Replicate:
| The code is modified to address the issue. Workaround: None. |
19 | SBX-115317 | SBX-115683 | 1 | PortFix SBX-115317: Error 0x6 Line 2932 File /sonus/p4/ws/release/sbx5000_V08.02.05R004/marlin/SIPSG/sipsgLibUtils.c Impact: The following command does not work correctly after a switchover: Root Cause: The accounting functionality for Out of Dialog messages uses a specific hash table that does not exist on the new active after a switchover. This hash table is not created on a Standby because it is not needed. But, it should be created when the standby becomes active. Steps to Replicate:
| The code is modified to create the necessary hash table after a switchover. Workaround: Disable accounting for PUBLISH, MESSAGE, OPTIONS or NOTIFY using the command syntax below: |
20 | SBX-113280 | SBX-114630 | 1 | Portfix SBX-113280: An alarm is issued on the M-SBC. The M-SBC resets the VF after the user stops the Tshark. Impact: The Tshark start/stop operations sporadically cause link failure events in theSWe. Root Cause: A Link status of "link down" for DPDK API occurs if it finds the VF<>PF mailbox busy due to another activity In this case it is due to a multicast mac address programming that is triggered by the Tshark. Steps to Replicate:
| The code is modified to address the issue. Workaround: None. |
21 | SBX-111908 | SBX-115254 | 1 | PortFix SBX-111908: The Standby SBC has the same pkt0/pkt1 IPs as an Active SBC and is sending a response to the HFE. Impact: In the Azure HFE, if a connection is created before implementing the routes for CUSTOM_ROUTE natvar, the HFE does not input the source IP correctly. Root Cause: The connection tracking table in Linux caches the connection to go via the eth0 instead of what is set in the CUSTOM_ROUTE, which breaks the source NAT matching rules. Steps to Replicate:
| The code is modified to address the issue. Workaround: After starting up the HFE, run 'sudo conntrack -F conntrack', to refresh the connection tracking rules. This will need to be done after every reboot. |
22 | SBX-110574 | 1 | The RURI is populated with an INTL CC of a calling number to the egress carrier. Impact: The country code in the RURI username is populated incorrectly. The first route fails and a second route is selected after a number translation. The second route has the Undo LNP flag checked in its IP signaling profile. Root Cause: When a second or subsequent route is used, some of the number translation information from the first route is applied. Steps to Replicate:
| The code is modified to address the issue. Workaround: None. |
23 | SBX-113238 | 1 | The location of PAI CPC is not positioned consistently. Impact: When a presentation is allowed, the SBC sends an egress INVITE with a PAI header. The PAI CPC is put between the username and hostname of a SIP URI. When a presentation is restricted, it is present after the hostname in the SIP URI. Root Cause: When a presentation is restricted, the code is checking that the "Disable 2806 compliance" configuration is enabled. It populates a CPC parameter in the PAI after the SIP hostname. Steps to Replicate:
| The code is modified to address the issue. Workaround:
|
24 | SBX-114410 | 1 | The SBC-SOSBC-RTU license is displayed as 0 on the EMA. Impact: The SBC-SOSBC-RTU license is applied to the SBC, but it's not displayed in the EMA/EMS License Manager. Root Cause: A license with the feature name SBC-SOSBC-RTU is not considered. Steps to Replicate: Not applicable | The code is modified to recognize the SBC-SOSBC-RTU license. Workaround: None |
25 | SBX-114393 | 1 | A TLS Session ID has all zeros on the new 9.2.2R3 code. Impact: The TLS Session IDs are not printed in the TLS Session Status command output. Root Cause: The code is removed in the latest releases. Steps to Replicate:
| The code is modified to address the issue. Workaround: None |
26 | SBX-113702 | 1 | Accounting Logs are not escaping the special characters in the calling name fields. Impact: Accounting Logs are not escaping the special characters in the calling name fields. Root Cause: If a non-alpha numeric character is included in the calling name, the SBC is not escaping the character in the Accounting Record. This leads to an incorrect "called asserted identity" field. Steps to Replicate:
| The code is modified to address the issue. Workaround: None |
27 | SBX-113170 | 1 | A Call fails with the NRM error "could not find a card for IP call." Impact: Some calls start failing after a switchover and continue to fail until a manual switchover is performed. Root Cause: No root cause found. The following log message is an indicator of this issue: Steps to Replicate: The steps cannot be reproduced. | The code is modified to gather more information to find a root cause and address the issue. Workaround: This issue can be resolved by a manual switchover. |
28 | SBX-113448 | 1 | A Back to back SAM Process coredump occurs on the system. Impact: A SAM Process coredumps while doing the OCSP queries when the SBC is under Denial-of-Service (DoS) attacks. Root Cause: A Linux file descriptor value in an OCSP query is out of range for select() call, used by OpenSSL API, causing memory corruption. Steps to Replicate:
| Do not perform the OCSP query when the file descriptor value used in the OCSP is out of range for a select() call to prevent memory corruption. Workaround: Disable the OCSP. |
29 | SBX-113986 | 1 | A User-to-User parameter is duplicated in a Refer-To header. Impact: When a REFER message is relayed while transparency for all headers is active, the URI parameters appear twice in the Refer-To header. Root Cause: An interaction between the transparency of all the headers and a relay of the Refer-To header. Steps to Replicate:
| The code is modified so that the URI parameters appear only once. Workaround: An SMM rule workaround is possible, if the Refer-To is relayed transparently. |
30 | SBX-112031 | 1 | A SAM Process coredump occurs on the server. Impact: A SAM Process coredump occurs when an AOR entry is deleted. Root Cause: When an AOR entry is deleted, the SBC starts a registration cache timer after saving an AOR in the cache. If the registration timer fails to start, an AOR cache entry is freed but the hash entry is not removed from the hash table. This results in a corrupted list in the hash table.
Steps to Replicate:
| The code is modified to remove the cache entry from the hash table before freeing up the complete cache RCB block. Workaround: None |
31 | SBX-113883 | 1 | On the SBC SWe, there is a CPU Usage display error in the web page. Impact: On the SBC SWe, the CPU Usage page on the EMA throws out an error indicating an invalid value for the row containing unused vCPUs. Root Cause: When the number of vCPUs allocated to the SBC SWe VM are over-provisioned, some of the cores remain unused.
Steps to Replicate:
| In an SBC SWe with over-provisioned vCPUs, the unused vCPUs are explicitly defined as "unused" even on the EMA page's CPU usage tables. Workaround: None. |
32 | SBX-115484 | 1 | An SCM Process coredumps when accessing a null pointer. Impact: An SCM coredump occurs when there is an attempt to dereference a NULL pointer. Root Cause: This coredump occurs when there is an attempt to dereference a NULL pointer in code that is added. The race condition and coredump results from changes to the MOH for MS Teams after a call legPtr is accessed and the call leg is released. Steps to Replicate: The steps cannot be reproduced. The bug is found by code inspection. | The code is modified to address the issue. Workaround: None |
33 | SBX-114315 | 1 | A failover occurs on the SBC because of a SCM Process coredump. Impact: An SCM coredump occurs if the hostName in the From header is longer than 64 bytes. Root Cause: The code is copying the host name into an array that is not long enough to hold it, resulting in memory corruption. Steps to Replicate:
| The code is modified to address the issue. Workaround: None |
34 | SBX-115082 | 1 | A bug is found in the CDR Viewer Sip Ladder Diagram message contents. Impact: A Ladder diagram is not showing the full message. Different parts of a SIP message that should be shown as a single message instead multiple messages, are displayed in the ladder diagram Root Cause: The implementation assumes that the different parts of a single message are logged in the TRC file in sequence one after the other. In some cases different parts of the SIP message are logged randomly, causing the implementation to break. Steps to Replicate:
| The code is modified to address the issue. Workaround: None |
35 | SBX-113436 | 1 | The Alarm History is not cleared in the EMA after clearing in the CLI. Impact: The Alarm History is not cleared in the EMA after clearing in the CLI. Root Cause: A cleared alarm list is deleted in the CDB and the postgres entries are not ignored, causing the UI to display the entries. Steps to Replicate:
| The code is modified to address the issue. Workaround: None |
36 | SBX-112945 | 1 | The SRTP and the ENCRYPT "IN USE" counters leak for call flows with two transfers that use the INVITE with Replaces. Impact:
Root Cause: The logic for auditing the consultative refer calls does not work properly for a call pick-up. This logic creates one extra virtual leg for a second pick-up call, making a three virtual leg creation for two pick-up calls. This also results in a license adjustment. The licenseCall becomes 0 and the SBC-RTU "IN USE" decrements. Steps to Replicate:
| A new internal flag is introduced to identify a pick-up call. This flag is set for every pick-up call after a virtual call leg creation and license adjustment. A check for the same flag is added in the audit logic to avoid the audit logic for pick-up calls. Workaround: None. |
37 | SBX-112374 | 1 | The SBC is intermittently stripping the last 'm=' line from the Egress Invite. Impact: The SBC strips off the lines after the m =application line when present in the SDP of the incoming Invite, and at Egress the SBC does a DNS lookup. Root Cause: There is a NULL termination after the m=application line, causing the SDP to truncate SDP after the m=application line. Steps to Replicate:
| The code is modified to address the issue. Workaround: Use the actual IP address in the IP peer, instead of the FQDN. |
38 | SBX-116476 | 1 | After an SBC switchover, the standby SBC is not recognized. Impact: There is a PRS core dump in the XrmIPsecSACmdAdd() process. Root Cause: There is a PRS core dump in the XrmIPsecSACmdAdd() process because the process is attempting to de-reference a NULL pointer. This is because the code is not handling an error condition correctly. Steps to Replicate: The steps cannot be replicated. This is found by code inspection. | This code is modified to address the issue. Workaround: None |
39 | SBX-113853 | 1 | There is an SBC Intermittent crash. Impact: When multiple duplicate Diversion headers are received and the stiProfile is enabled and configured on the ingress trunk group, the SBC coredumps core. Root Cause: Removing duplicate Diversion headers from information sent to the PSX causes a crash. Steps to Replicate:
| The code is modified to address the issue. Workaround: None. |
40 | SBX-115115 | 1 | The SBC disconnects the call when offering a LRBT using the first codec in 180 and the received Egress 200 contains a different codec set. Impact: The SBC internally tears down the call if the Egress peer answers with a different first codec than in the 180. Root Cause: The SBC auto answers using the first codec back to Ingress. The SBC cannot reInvite when changed by the Egress because the SBC is not ready to receive the reInvite/Update. Steps to Replicate:
| The code is modified to address the issue. Workaround: None |
41 | SBX-115749 | 1 | Video calls are being disconnected. A call transfer is failing when using both audio and video. Impact: Audio and Video calls are disconnected after a REFER. Root Cause: This issue happens when:
Steps to Replicate:
| The code is modified so that the SBC can now map to the correct video leg post REFER. Workaround: None |
42 | SBX-110716 | 1 | The SBC sends the wrong payload type. Impact: The Egress GW sends the wrong payload in a 200OK response for an incoming Re-INVITE from the Egress peer in a GW-GW scenario. Root Cause: The issue is observed when the "Lockdown Preferred Codec" is enabled at the Ingress IPSP (at ingress GW). When this flag is enabled, the PSP is updated with selected codec containing an incorrect payload type (rx/tx as 0x00/00). This results in the Ingress SG sending a modified answer to the NRMA with an incorrect payload type Steps to Replicate:
| The code is modified to address the issue. Workaround: None |
43 | SBX-115329 | 1 | The SWe has unexpected switchovers. Impact: A SCM core dump occurs while the SIPSG is processing a "401 Unauthorized". Root Cause: The code is attempting to dereference a NULL pointer and send an UNSUBSCRIBE while processing the "401 Unauthorized" message. Steps to Replicate: The steps cannot be reproduced. | The code is modified to prevent an attempt to dereference a NULL pointer. Workaround: None |
44 | SBX-115074 | 1 | A SCM core dump may occur when using the SIPREC. Impact: A SCM core dump may occur when using the SIPREC. Root Cause: Memory corruption is caused by a double MemFree() in the SIPREC code. Steps to Replicate: The steps cannot be reproduced. This bug is found by code inspection. | The code is modified to address the issue. Workaround: None. |
45 | SBX-114398 | 1 | A core dump occurs on the SBC. Impact: During a P2P call scenario, a codec change from the PCMA to the PCMU is requested via a reInvite for Leg B. The application sends an audio modify request for both Leg A and Leg B. The DSP crashes for codecs like SILK and OPUS. Root Cause: The merging of an audio modify request for Leg A and Leg B on the application end and the lack of a check in the DSP code for a modify request on Leg A to the same codec causes a core dump. Steps to Replicate:
| The code is modified to address the issue. Workaround: None |
46 | SBX-114323 | 1 | No routes are displayed for the EMA configuration > System Provisioning > Routing > Routes screen function. Impact: The function does not work in the EMA configuration > System Provisioning > Routing > Routes. Root Cause: An old browser version does not apply the replaceAll function. and the "replaceAll is not a function" exception is activated. Steps to Replicate: The steps cannot be replicated. | The code is modified to ensure that the replaceAll functionality is working. Workaround: None |
47 | SBX-115952 | 1 | The SBC memory utilization goes up under the load with all the IP Redirect calls and the SMM variableScope rule. Impact: An IP Redirect call and a SMM variableScope may result in a memory leak. Root Cause: When the SBC redirects a call to Leg C, the SBC does not release an SMM variableScope resource that is created/stored for Leg B. Steps to Replicate:
| The code is modified to address the issue. Workaround: Remove the SMM rule |
48 | SBX-113305 | 1 | The DNS recovery packet count of a DSCP with a value of "0." Impact: The DNS probe packet's are sent from the SBC with a DSCP value of 0. Root Cause: The configured DSCP value's are not set for the DNS probe keepalive packets . Steps to Replicate:
| The code is modified to set a configured DSCP value for the packets, including the DNS probe packets. Workaround: None |
49 | SBX-117122 | 1 | Syncing CallData for gcid 0x1E0E4D36 failed: Available buffer (size 27204) exhausted. Impact: A LSWU fails when Direct Media is enabled and the SBC is processing calls that have more than four media streams. Root Cause: A LSWU fails because an error occurred when syncing an SIP call block. SYNC of SIPSG Call Blocks is failing because an individual Call Block does not fit in the 64K buffer that is allocated for mirroring a Call Block. When the mirrored data for a single call does not fit into the buffer, the code currently stops syncing the call blocks. Steps to Replicate: Enable Direct Media and send a call with more than four Media Streams. | The code is modified so that the entire SYNC does not fail if we cannot mirror a single Call Block. Instead, the original Call Block moves onto the next available Call Block and continues the SYNC. Workaround: Disable Direct Media. |
50 | SBX-114458 | 1 | Node A failed to take over after node B had issues with hard disk. Impact: The trap was not generated for HardDisk fault on the SBC. Root Cause: Although the trap was getting generated for some harddisk/FS errors, a new error with 'failed command: FLUSH CACHE EXT' was being considered when generating a trap. Steps to Replicate: The steps cannot be reproduced. | The code is modified to address the issue. Workaround: None. |
51 | SBX-116156 | 1 | A LSWU through the EMA GUI is stuck at post upgrade check and did not continue upgrading to the active EMA. Impact: If the upgrade is in progress when the daily cronjobs run, it may cause the upgrade to stop. Root Cause: As part of the log rotation, Apache/Platform Manager logs gets rotated and apache gets signal HUP and restarts. This causes the upgrade script to terminate because the parent(apache) is restarted. Steps to Replicate: Install and upgrade from a pre 9.2.4 to 9.2.4 | The code is modified to skip apache log rotation if the upgrade is in progress and to use nohup with an upgrade and revert scripts. Workaround: Restart the upgrade or revert and retry upgrade. |
52 | SBX-117099 | 1 | A SCM Process core dump occurred on the SBC server. Impact: The SCM Process cored. Root Cause: The SCM Process has cored because of an attempt to de-reference a NULL pointer. Steps to Replicate: The steps cannot be reproduced. | The code is modified to check the value of the pointer before accessing it. Workaround: There is no known workaround. |
53 | SBX-117187 | 1 | The config Export is failing because of the DM/PM Rule. Impact: The config export is failing due to a confd error occurring while reading a DM/PM Rule. Root Cause: The subRule being exported had a subRule type of uri. However, the export reads all of data for all subRule types, and the data in the digitStringManipulation->replacement->type was 2, which is an invalid value. This value is retrieved from the postgres database table pm_rule, which stores the replace->type value from the uri subrule as the invalid value 2. Steps to Replicate:
| The code is modified when the digitStringManipulation container is being read, if the replacement->type value is 2, it is set to 0. Workaround: Before exporting, change all dmPmRules with a subRule type of uri to set the uriParameterManipulation->userInfoManipulation->replacement->type field to constant and then do the export. Change the value back after the export. |
54 | SBX-116468 | 1 | An SIP.Instance parameter is missing from Contact Header for De-Registration Message generated by the SBC locally. Impact: When the SBC generate the unregister message to registrar, the +sip.instance and reg-id parameters are missing in Contact header. Root Cause: The root cause was missing functionality. Steps to Replicate:
| The code is modified to address the issue. Workaround: None. |
55 | SBX-116299 | 1 | A restart with a Comp_SAM Process Coredump. Impact: Memory corruption causes a SAM Process coredump when processing a GW-GW message. Root Cause: Memory corruption causes a SAM Process coredump when processing a GW-GW message. Code doesn't allocate enough memory for an outgoing message. When the data is copied into the message, the code writes past the end of the allocated buffer because there isn't enough space in the buffer. Steps to Replicate: The steps cannot be replicated. The root cause is found by code inspection. | The code is modified to allocate enough space for the outgoing message. Workaround: None |
56 | SBX-114045 | 1 | The SBC is failing to come up with a "cps is not initialized:failed" message after a shut down. Impact: The Virtual SBC fails to startup due to a missing file link for an OS binary. Root Cause: There is a missing OS level soft link that is required for the SBC startup code. The OS level soft link may have been lost as a result of multiple reboots while the SBC is trying to startup in a virtual deployment. Steps to Replicate: The steps cannot be replicated. | The code is modified to address the issue. Workaround:
|
57 | SBX-114367 | 1 | An Announcement Package Element cannot be deleted. Impact: An element within an announcement package cannot be deleted. Root Cause: The code for handling the announcement package element Delete command is incorrect. Steps to Replicate: Perform following configuration changes through the CLI:
| The code is modified to address the issue. Workaround: The announcement package can be deleted and then re-created without the required element. |
58 | SBX-114301 | 1 | In the EMA GUI, a Destination National is not showing "+" when it is configured in a Route through the EMA. Impact: In the EMA GUI, a Destination National is not showing the plus symbol when it is configured in a Route through the EMA. Root Cause: In the frontend, symbols like the "+"are replaced with a space before sending to the backend. Steps to Replicate: None | The code is modified to address the issue. Workaround: Replace the "+" with "%2B" using the replace function. The plus symbol will appear in the EMA GUI. |
59 | SBX-114980 | 1 | An SBC 7000 memory leak in CE_2N_Comp_ScmProcess_x processes occured. Impact: An SCM memory leak can occur when processing the Contact Headers if the honorEmbeddedHeadersin3xx flag is enabled in the ipSignaling Profile. "set profiles signaling ipSignalingProfile <SIP profile name> egressIpAttributes redirect flags honorEmbeddedHeadersin3xx" This leak will not always happen when this flag is enabled. There are several other conditions that must be met in order to expose this leak. This leak may also exposed by enabling the flag "includeEmbeddedPAIheaderInRedirectedInvite" in the ipSignalingProfile. Root Cause: The leak is caused by a missing call to the MemFree(). Steps to Replicate: The steps cannot be replicated. The root cause is found by code inspection. | The code is modified to ensure that the internal structure is always freed. Workaround: Disable the following flags in the IPSP:
|
60 | SBX-116060 | 1 | Unable to login to the HFE_PKT1 in Azure. Impact: The HFE_AZ.sh script fails on the HFE PKT1 in Azure when a public IP address is attached on the mgmt (eth1) interface. Root Cause: The repository fails to install the required utilities for Linux and fails to create a temporary default route through the eth1. Steps to Replicate:
| The code is modified to add the default route through eth1. Workaround:
|
The following Severity 2-4 issues are resolved in this release:
Issue ID | Sev | Problem Description | Resolution | |
---|---|---|---|---|
1 | SBX-116735 | 2 | Editing a route with DN using '@ 'and '&' characters is duplicating the same route. Impact: Using '@' and '&' characters in the DN field is duplicating the same route. Root Cause: A few special characters were not decoded while editing and as a result, a route has been duplicated. Steps to Replicate:
| The code is modified to address the issue. Workaround: No workaround. |
2 | SBX-114429 | 2 | The data_type properties fields should not have a "dot" in the identifier. Impact: The data_type properties fields should not have a "dot" in the identifier. Root Cause: MongoDb uses "dot" notation to locate fields within structures. When the NVFO posts the VNFD through the VNFM API, MongoDb incorrctly uses the identifier as a field name, which causes MongoDb to throw an exception. Steps to Replicate: Run VNFM, NFVO and HPE Orchestration, and check communication with the EMS. | The code is modified so the "dot" in the "SBC:EMSPRIVNODEPARMS.cluster_id" is replaced with "hyphen" . The new parameter is listed as "SBC:EMSPRIVNODEPARMS-cluster_id". Workaround: None. |
3 | SBX-117091 | 2 | Discrepancy between ‘View CLI’ from GUI and the SBC CLI output. Impact: If you are viewing the CLI version of the content, the GUI stops displaying the CLI when it hits the ‘type sdpContent’ operation. Root Cause: The CLIRules.xml file were not updated with latest changes in in the CLI. Steps to Replicate: Check CLI commands in CLI is same as commands in UI after selecting the view CLI. | The code is modified to address the issue. Workaround: None. |
4 | SBX-117051 | 2 | There is no planned cluster switchover. Impact: The SCM process coredumps while comparing codec information. Root Cause: In a race condition while comparing codec information, the SCM process is dereferencing a null pointer that resulted in a coredump. Steps to Replicate: The steps cannot be reproduced. | The code is modified to verify that the pointer is not null before dereferencing it to avoid the coredump. Workaround: None. |
5 | SBX-115897 | SBX-116288 | 3 | PortFix SBX-115897: The SBC sends one of the SIP NOTIFY messages with Event: Dialog body back to the registrar instead of relaying it to the subscriber. Impact: Back-to-Back NOTIFY messagesfrom the registrar with dialog event (DialogInfo data) that requires an internal query across distributed ScmProcesses may cause the SBC to send the NOTIFY relay back to the registrar. Root Cause: While doing an off board query (distributed lookup in the SBC), the SBC received a message from IAD and relays to Registrar. After an off board query, the SBC is using the same direction from IAD to registrar for relaying the next Notify Steps to Replicate: A subscribe to registrar, registrar sends multiple back-to-back Notify (around 50ms delay) with dialog event to A. | The code is modified to save the direction of relay before off board query, and restore after off board query reply and using that direction for relaying subsequent messages. Workaround: There is no workaround. |
6 | SBX-111461 | SBX-117346 | 2 | PortFix SBX-111461: The SBC plays LRBT using PCMU when negotiations occurred with AMRWB in a LM call. Impact: The tone played is with old negotiated codec instead of the codec selected by ingress endpoint in Prack. The issue is seen only when multiple codecs are sent in late media offer in 180 with sendSbcSupportedCodecsForLateMediaReinvite flag enabled. Root Cause: The initial DSP resource allocated only has capability to play tone with G711. After AMRWB is selected as the new codec for tone play in Prack, the old DSP resource is found unusable and new DSP resource is allocated with capability to play tone with the new selected codec. However, though a new compatible DSP is allocated, the old DSP resource/XPAD is incorrectly retained in the resource chain and as a result, the tone is with the old codec. Steps to Replicate:
| The code is modified so that when Prack is received with SDP in LM scenarios, SWEA events are issued from PC-FSM to play tone. The ASG has a sequence of events like NRMA allocate reply/activate reply/deactivate reply/dealloc reply that drives these SWEA events to DSP. Workaround: No workaround. |
7 | SBX-116164 | SBX-117373 | 3 | PortFix SBX-116164: Autonomous fail over of the SBC 5210. Impact: There was an SCM core while processing Register request during an IMS intercept. Root Cause: The register looks like a retransmission and the SBC has found an existing TCB for the register. While accessing the Apphandle of TCB (which points to RCB data) the SBC cored. This is due to the RCB is not being present and address is reused for something else. Steps to Replicate:
Without this fix, the SCM cores when the SBC tries to access the deleted RCB. As an additional test, alter the fourth step to, instead of De-reg, try sending the old register that received an 200 OK [branch, call-id, cseq should be exactly the same]. | The code is modified so once a response is sent to a register, IMS intercepts the message. After an interception, reset the correlationTag (i.e, AppHandle) to NULL. Workaround: None. |
8 | SBX-114151 | SBX-116946 | 2 | PortFix SBX-114151: Pre-upgrade BMC version check issues Impact: During pre-upgrade checks, an invalid BMC version error message is displayed and reports pre-upgrade checks as failure. Root Cause: The BMC version check is run during pre-upgrade checks, and reports a failure for an invalid BMC version. Steps to Replicate: Run pre-upgrade checks and ensure BMC version check error is displayed as a warning and not a failure. | The code is modified to make it a warning rather than a failure for pre-upgrade checks. Workaround: None. |
9 | SBX-113966 | SBX-116994 | 2 | PortFix SBX-113966: RCBs are not synced to the STANDBY. Impact: Some Registrations were not being mirrored to the STANDBY SBC due to buffer not large enough for amount of info obtained from the messaging. Root Cause: If/Then/Else statement was modified to check if certain info (Child AOR) present, which allocates a LARGE buffer all the time now. Steps to Replicate:
Expected Results: Actual Results: | The code is modified to address the issue. Workaround: None. |
10 | SBX-113840 | SBX-114372 | 2 | PortFix SBX-113840: Reset the fields in the nrmacalleg. Impact: Certain fields in a data structure are not reset to default values during a call tear down. Root Cause: Due to performance reasons, one of the sub-system re-uses this memory block again for new calls. Since, the fields from previous call were not reset during tear down, these fields continue to be set even for the new call and could result in undesired behavior. Steps to Replicate: The steps cannot be reproduced. | The code is modified to correctly reset missing fields during call tear down. Workaround: None. |
11 | SBX-109315 | SBX-116588 | 2 | PortFix SBX-109315: There are SBC sync issues. Impact: There is no event/alarm to indicate a Postgres transition failure during a switchover. Root Cause: The Postgres Transition failed within the timeout period, but the switchover continued. Subsequently, the SSDB became active, but failed within the timeout duration (20 seconds). As a result, the SSDB became unrecognizable due to a missing replication slot. Steps to Replicate: Return a non-zero value from WaitActive function in startPGDB.sh to simulate Postgres transition failure. Attempt a switchover. Check event logs and startPGDB.log. | The code is modified to indicate a Postgres transition failure during switchover. Workaround: None. |
12 | SBX-115243 | SBX-115847 | 3 | PortFix SBX-115243L The Automatic AD Sync is not completing. Impact: The Automatic AD Sync is not completing. Root Cause: During the change from Daylight Savings Time in the Fall, the addMinsToTime routine returns a time that is greater than the passed-in time. Consequentially, the code loops calling addMinsToTime expecting the time returned by addMinsToTime to be greater than the current time. Steps to Replicate:
| The code is modified to return a time greater than the passed-in time when switching from Daylight Saving Time. Workaround: None. |
13 | SBX-110756 | SBX-113982 | 3 | PortFix SBX-110756: Wrong behavior with sipAdaptiveTransparencyProfile enabled. Impact: When the SipAdaptiveTransparencyProfile was enabled and the SBC received 200 OK with SDP, it was sending ACK without SDP in late media scenario cases. Root Cause: The SDP was not being added in ACK in late media cases. Steps to Replicate: The following are the test cases used in the call flow:
| The code is modified to add SDP in ACK for late media cases. Workaround: None. |
14 | SBX-108609 | SBX-110025 | 2 | PortFix SBX-108609: The SBC failed to send telephone-event when payload type number overlaps with configured in PSP for any codec. Impact: The SBC fails to send 16,000 2833 payload type in outgoing INVITE when the 16,000 PT value received from ingress conflicts with the configured PT value for one of the codecs in egress route PSP. Root Cause: The SBC failed to detect and resolve the conflict between 16,000 DTMF PT and egress route codec PT which resulted in the SBC dropping the 16,000 PT in outgoing INVITE. Steps to Replicate: Configuration:
To re-create the issue:
m=audio 5096 RTP/AVP 102 97 0 110 101 107 103 98 96 105 Test Result without a fix: The SBC chooses to follow egress PSP configuration, which means it drops the telephone-event/16000 payload type. | The code is modified to prefer the pass-through DTMF PT value over the route configured codec PT by extending the PT conflict resolution to all the dynamic codecs. Workaround: As a workaround, the conflicted PT value can be modified at egress Route PSP. |
15 | SBX-114691 | SBX-115064 | 2 | Portfix SBX-11469: "Challenge-SMM" is not added in the NOTIFY to the Ingress side of the SBC. Impact: Challenge SUBSCRIBE is not processed when it does not contain a to-tag. Root Cause: When a challenge SUBSCRIBE comes without a to-tag, we are unable to find RelayCb, creating new RelayCb and processing as a new request. Steps to Replicate:
In DBG logs, we can see there will be two relayCbs will be creating for the same SUBSCRIBE flow. | The code is modified to address the issue. Workaround: Send a challenge SUBSCRIBE with the received to-tag. |
16 | SBX-114019 | SBX-114071 | 2 | PortFix SBX-114019: The DBG logs are rolling rapidly with UacSendUpdate messages. Impact: The SBC DBG logs were filling up quickly with the following log message: Root Cause: The code was mistakenly printing logs at the MAJOR level. Steps to Replicate: The log is generated during a call where the SBC attempts to send UPDATE out to ingress leg while the PRACK is pending for previous 18x sent. | The code is modified to only print the logs at INFO level. Workaround: None. |
17 | SBX-113524 | SBX-113910 | 2 | PortFix SBX-113524: The SBC is not forwarding the received 200 OK and fails the call. Impact: When using a GW-GW for direct media calls between signaling-only SBCs, the 200 OK is not being passed through and the call fails. Root Cause: The code is unable to process the outgoing 200 OK because it cannot find any local IP information. Steps to Replicate: Make a direct media call between two signaling-only SBCs with the following control enabled. | If the sigOnlyMode flag is set to global, copy the local IP information. Workaround: Disable the following control: set global signaling sigOnlyMode sigOnlyModeValue off |
18 | SBX-111357 | SBX-113041 | 2 | PortFix SBX-111357: Cleared Alarms functionality is not working properly in the EMA. Impact: Cleared alarms are not listed in "Cleared Alarms" screen under Monitoring > Alarms in the EMA. Root Cause: Cleared Alarms screen combines alarms from both the CDB and Postgres. However, there was a fix made for a customer issue related to an alarm in 9.2.2, resulting in ignored alarms in the CDB. Steps to Replicate:
| The code is modified to retrieve the alarms from CDB and return them to UI for display purpose. Workaround: No workaround. |
19 | SBX-114303 | SBX-114385 | 2 | PortFix SBX-114303: Customer PSTN is incorrectly listed as Busy. Impact: The SBC attempts to map non-E164 display Name of a p-asserted-Identity TEL to generic address for called user. Root Cause: When the SBCs received both pai (tel)and pai(sip) headers, it tries to treat the headers as a customer TTC even though the display name in pai(tel) is not in E164 format. Steps to Replicate:
| The code is modified to address the issue. Workaround: Use the SMM to delete incoming display name in pai(tel) header. For an out going INVITE, add it back if pai is config transparency. |
20 | SBX-111984 | SBX-115026 | 2 | Portfix SBX-111984: The SBC box is not coming up with the latest ASAN build. Impact: The SBC box is not starting up in ASAN build. The SBC code that is used to generate traps was accessing memory after it is freed while processing traps that contained an IP address parameter. Root Cause: The IP parameter passed to confd as part of the trap information was stored in a location that was freed before the confd processed the trap API call. Steps to Replicate:
| Store the IP parameter in a location that is not freed before the call was made to send the trap. Workaround: None. |
21 | SBX-111773 | SBX-115044 | 2 | Portfix SBX-111773: Coverity Issues in SIPSG - Cause Map CPC - SIP Impact: In the SipSgDiscReasonMapCpcToSip, the API pointer is checked against a NULL pointer but then is dereferenced again. Root Cause: The Pointer validation was missing for a particular flow, which led to invalid memory access. Steps to Replicate:
| The code is modified to avoid unwanted flow to get executed. Workaround: None. |
22 | SBX-114110 | SBX-115808 | 2 | PortFix SBX-114110: A call from the child AOR fails after a switchover. Impact: A user is registered on the UDP and INVITE comes in (different port) on the TCP fails with a 403 message. Original bug was fixed in the 8.2.6 release, but the same problem is seen after a switchover. This additional fix is related to the RCB (registration control block) mirrored to the standby. Root Cause: Once the maskportforRcb flag is enabled, a parent RCB is found but the child RCB is not. Mask port and mask IP were not considered during child creation. This additional fix mirrors the child info correctly. Steps to Replicate:
| Update the child information correctly based on the masking flags, then mirror to standby. Workaround: Not available. |
23 | SBX-115151 | SBX-116768 | 2 | PortFix SBX-115151: Addressing log4j vulnerability - CVE-2019-17571 in 10.x. Impact: Addressing the Log4j vulnerability reported in CVE-2019-17571, CVE-2021-45105 and CVE-2021-44832. Root Cause: CVE-2019-17571 is reported in log4j 1.2 up to 1.2.17 Steps to Replicate: The steps cannot be replicated. | The code is modified so the Log4j is 2.17.1 to resolve all the listed CVE vulnerabilities. Workaround: None. |
24 | SBX-111077 | SBX-114786 | 2 | PortFix SBX-111077: The Power LED is OFF instead of AMBER when the BMC is ON. Impact: The SBC 51xx/52xx front panel power LED is off, when it should be AMBER. Root Cause: The power LED is set to off when the host is powered off. Steps to Replicate: Power off the host and check the power LED status. | Setting power led to amber after power off host. Workaround: None. |
25 | SBX-115320 | SBX-115570 | 2 | PortFix SBX-115320: Compressed CDR filename should use a readable timestamp. Impact: The filename for compressed CDR filenames does not contain a human readable timestamp. Root Cause: The timestamp contained in the filename is the number of seconds since the unix epoch time. Steps to Replicate: Configure the SBC to write out compressed CDRs: | The code is modified so the file name form is now yyyymmddhhmmss Workaround: The timestamp in the logs can be converted to a human reading form with the linux command |
26 | SBX-112867 | SBX-113456 | 2 | PortFix SBX-112867: The SBC is monitoring for RTP inactivity when a call is on hold. Impact: The SBC is reporting media inactivity immediately after a call un-hold. The configured timeout value is not being reported after an un-hold when media is not present. Root Cause: With a call un-hold, the SBC NP API handling inactivity detection restart timestamp is not being updated, and it used old timestamp, reporting the inactivity notification earlier than expected. Steps to Replicate: With inactivity detections enabled, make a call, put the call on hold for the configured threshold, and observe the results after call un-hold without sending media. | The code is modified to report the inactivity after a configured interval as expected. Workaround: Inactivity detections can be disabled, or action can be changed from disconnecting the calls in this scenarios. |
27 | SBX-115576 | SBX-115680 | 3 | PortFix SBX-115576: Hitting restart limit during software upgrade leaves the model locked. Impact: AMF model remains locked after an update. Root Cause: System startup failure results in soft restart limit being hit, stopping the AMF model update process. Steps to Replicate: Model update marker needs to be in place, and then repeatedly kill the service after startup but prior to five minutes passing. On the 6th attempt to restart, the soft restart limit will be hit and the service will not attempt restart and the model will remain unlocked. | The code is modified to prevent killing the AMF model update process. Workaround: Fix the instability issue causing the system to repeatedly crash and restart. |
28 | SBX-112162 | SBX-115070 | 2 | PortFix SBX-112162: [ASAN]: AddressSanitizer: unknown-crash on address 0x7f0f40a9d280 at pc 0x5640ea4b71de bp 0x7f0f40a78700 sp 0x7f0f40a786f8 in SipsGetSmmProfileForDlgScopehashUpdate. Impact: The ASAN reported "runtime error" error for an enum. Root Cause: The load value was exceeding the defined enum value. Steps to Replicate: Run the ANSI-88 ISUP INVITE-CANCEL SIP-I codenomicon suite. | The code is modified to add checks to ensure that we do not exceed the defined value. Workaround: None. |
29 | SBX-115908 | SBX-116248 | 2 | PortFix SBX-115908: Dialer SBC - media forking/call recording and high memory usage Impact: There are call failures due to a memory leak in NICE Recording scenarios. Root Cause: The memory leak is caused by a bug in the code that handles mirrored Recorder Call Blocks on the Standby. The Recorder Call Block isn't cleaned up on the Standby until the call goes down. If a second recorder session is started while a call is still up, some of the information about the first Recorder session will be overwritten. This prevents the first Recorder Call Block from ever being freed. When the standby transitions to active as the result of a switchover, these leaked Recorder Call Blocks are carried over to the active because the information needed to initiate the cleanup is still missing. Calls are rejected after surpassing the 55,000 call block per SCM process limit. This limits the number of calls that SCM can process to 55,000 minus the number of leaked call blocks. Steps to Replicate:
| The code is modified to handle mirrored Recorder Call Blocks on the Standby. When a second Recorder Call Block is received on the Standby, the first Recorder Call Block is freed. Workaround: Prevent the NICE server from starting multiple recording sessions for the same call. |
30 | SBX-114833 | SBX-116057 | 2 | PortFix SBX-114833: Extreme congestion causes blocked end points. Impact: Extreme congestion causes end points to become blocked due to a mishap in ARS (address reachability service) handling and does not recover automatically. Root Cause: The ARS state machine does not process some unexpected internal events which leads to it not broadcasting the correct block containing the clear status to all the SCM processes. This results in some end points being stuck in a blocked state. Steps to Replicate: This issue is only reproducible under extreme congestion scenarios. | The code is modified to address the issue. Workaround: Manually recover end points blocked by ARS logic using one of the following commands: request addressContext <context name> zone <zone name> sipArsEndpointRecoveryAll |
31 | SBX-114276 | SBX-115055 | 2 | PortFix SBX-114276: The 'show status oam radiusAuthentication radiusServerStatus availableAt' command disploys the wrong value during Daylight Saving Time (DST) Impact: The show status oam radiusAuthentication radiusServerStatus availableAt command shows the wrong value during DST. Root Cause: Converting the unAvailableFrom time read from from confd to local time in seconds, adding the out of service duration, and converting to back to a local time struct tm did not result in a correct time. Steps to Replicate:
| The code is modified to the current seconds in GMT time and converted back to a time structure using a the localtime_r call. This results in the correct time being displayed. Workaround: None |
32 | SBX-113893 | SBX-114406 | 2 | PortFix SBX-113893: The SBC returned an 500 Internal Server Error and many calls failed. Impact: Observed a memory leak when the ACK sending failed towards the SIP recording server due to a DNS resolution failure. Root Cause: Once the 200 OK received from SIP Rec server for initial INVITE/Re-INVITE, current design assumes that INVITE/re-INVITE transaction is success and it is designed to free call control block only on completing BYE transactions. Steps to Replicate: Basic call with SIP Rec feature enabled. | The code is modified to clear call control bock when a cleanup timer expires. Workaround: Not applicable. |
33 | SBX-112830 | SBX-115068 | 2 | PortFix SBX-112830: The pattern mismatch search pattern 'Media\ Attribute\ \(a\)\:\ maxptime\:20' was not found 1 -> INVITE Impact: The max Ptime value was being sent in the egress INVITE's Ptime header though the preferPtime flag was enabled. Root Cause: The datatype of the previous field doNotAnswer was incorrect and the Ptime value was overwritten as proper size was not used. Steps to Replicate:
| The code is modified so the doNotAnswer field is the right value. Workaround: None. |
34 | SBX-112597 | SBX-115069 | 2 | PortFix SBX-112597: I-SBC: "runtime error: shift exponent 48 is too large for 32-bit type 'int' " in np.log. Impact: The ASAN builds reported an integer overflow error in calculation of standard deviation for jitter for RTP packets. Root Cause: Integer overflow during standard deviation calculation. Steps to Replicate: The problem can be reproduced by streaming RTP stream with high jitter. | The code is modified to prevent integer overflow during standard deviation calculation. Workaround: No workaround is available. This metric however, is not written into CDRs. It is currently available using Ribbon Protect. |
35 | SBX-110665 | SBX-114798 | 2 | PortFix SBX-110665: Internal IP peers blacklisted after switchover despite that OPTIONS ping worked fine. Impact: When the system experiences a Split Brain condition, the ipPeer(s) using a pathCheck may become BLACKLISTED and may not be RECOVERED. This can result in some ipPeer(s) becoming BLACKLISTED permanently. Root Cause: During a Split Brain, both CEs are running in ACTIVE state. In the error case, the PATHCHK sends BLACKLIST event(s) to the ARS on both systems (CEs). This can result in a PATHCHK and ARS being out-of-sync with respect to the ipPeer(s) BLACKLISTED/RECOVERED state. Steps to Replicate: This issue is very difficult to reproduce. We have only been able to reproduce the issue by performing “kill-stop 2” on a KVM based system, that has a number of ipPeer(s) with pathCheck profile state enabled. | The code is modified so that the PATHCHK sends events to the ARS only on the system (CE) that is being executed. The PATHCHK is prevented from sending events to ARS on the other system (CE). Workaround: If this issue occurs, the ipPeer(s) that are stuck on BLACKLISTED may be RECOVERED through the CLI by disabling the ipPeer(s) pathCheck state. |
36 | SBX-114395 | SBX-114826 | 2 | PortFix SBX-114395: OA FSM timeout - call transfer with e2eAck enabled (ACK not sent by the SBC). Impact: After a call transfer from legB to legC, the e2e re-INVITE and ACK are not working. Root Cause: LegC incorrectly disables the e2e ACK, while legA still enables the e2e ACK. Steps to Replicate: This is specific to customer configurations.
The SBC is unable to sends ACK to legA. | The code is modified to address the issue. Workaround: Disable the e2eAck. |
37 | SBX-113242 | SBX-113350 | 2 | Portfix SBX-113242: The SLB/SBC is not fetching the correct branch param from merged VIA header. Impact: Due to merge VIA headers, the SLB/SBC was not getting the correct instance id and response messages were not being routed to backend SBCs. Root Cause: If the SLB/SBC receives a VIA header as merge of two VIA headers, it was overwriting the first via branch param from the second VIA branch param, and due to this SLB was not getting the correct instance id. Steps to Replicate:
| The code is modified to set the SLB/SBC read only in the first branch param, that is what we need from top VIA and ignore the rest branch param. Workaround: None. |
38 | SBX-91194 | SBX-115048 | 2 | PortFix SBX-91194: Difference in Energy/power level is observed across the SWe and HW platform. Impact: The power of the tone generated by SWe is 3dBm0 higher than the configured value. Root Cause: The root cause of the issue is the configuration of tonePower/amplitude at the DSP interface. Steps to Replicate:
| The code is modified to properly configure the tone Power at DSP. Workaround: Not applicable. |
39 | SBX-105751 | SBX-115045 | 2 | PortFix SBX-105751: There are errors in the CE_node logs. Impact: The"ioctl: No such device" errors seen in CE_Node logs when creating VLAN interfaces on Cloud SBC or N-to-1 SBC with VLAN packet interfaces. Root Cause: The error messages are benign, since a check is made for the VLAN existence before creating a VLAN packet interface. Steps to Replicate: A. Show the issue through logs: With VLAN the interfaces configured, look for ioctl message in CE_Node logs: B. Show the fix through logs: | The code is modified to log the benign error messages in DBG logs instead of CE_Node log. Workaround: None. |
40 | SBX-111034 | SBX-115050 | 2 | PortFix SBX-111034: Unable to login as an admin user using keys after cleanDB. Impact: User is unable to login into Confd CLI using 'admin' user private SSH key after running clearDBs.sh script. Root Cause: Cloud-init fails to run as part of clearDBs.sh script and fails to restore SSH public key for 'admin' user. Steps to Replicate: Run a clearDBs.sh script after launching the instance and then try to log into Confd CLI using 'admin' user private key. | The code is modified to skip the redundant port for mac address validation in the case of packet port redundancy. Workaround: Do not run the clearDBs.sh script |
41 | SBX-110046 | SBX-115046 | 2 | PortFix SBX-110046: Passing a key size for unencrypted, authenticated SRTP/SRTCP to the NP. Impact: The RTP packets drop were occurring between the DUT and SBC. Root Cause: In the SRTP, for unencrypted, authenticated combinations, cipher key size was unable to pass to the NP and due to this session, the authentication key was incorrectly calculated. Steps to Replicate: Test all the SRTP call flows with UNENCRYPTED_SRTP flag enabled in the SBC and UNENCRYPTED_SRTP received from UEs as part of crypto attributes. | The code is modified for the NP to calculate session authentication key. Workaround: No workaround. |
42 | SBX-115261 | SBX-115440 | 2 | PortFix SBX-115261: The SBC is modifying the Warning header even when transparency is enabled. Impact: When the SBC sends a SIP Warning header with IPv6 addresses, it does not including the square brackets around the IPv6 addresses. Root Cause: The code for adding square brackets around an IPv6 address in a Warning header was missing. Steps to Replicate:
Procedure
| The code is modified to include square brackets around IPv6 addresses in a Warning header. Workaround: None. |
43 | SBX-110918 | SBX-113939 | 2 | PortFix SBX-110918: The SBC 7000 is showing DSP insertion with the reason DTMF, but the DTMF should not be displayed. Impact: The status of the following fields are not desired and contains the Junk value when running a correct amount of calls (20,000 calls):
Root Cause: The following fields are not Reset when the call is terminated and as a result, the junk values are preserved in these deallocated spaces. Steps to Replicate:
| The code is modified so that the junk value is not populated to the fields. Workaround: None. |
44 | SBX-115712 | SBX-115926 | 2 | PortFix SBX-115712: There are SIP message relay issues in an INVITE with a replaces call flow, where an early dialog is replaced. Impact: EarlyDialog replaces on ingress causes the SBC to fail and to send ACK out on the Egress when the e2eAck is enabled. Root Cause: The e2eAck flag did not turn on on Ingress yet, therefore once the ingress connected, it did not notify the Egress side to send out ACK. Steps to Replicate: Run the following configuration to reproduce the issue
The SBC fails to send Ack to B | Update the e2eAck flag on the ingress when the query requests a reply, so that the ingress and the egress are in sync. Workaround: Disable the e2eAck. |
45 | SBX-113573 | SBX-115057 | 2 | PortFix SBX-113573: The Call Media Status/ACT Log was showing media count as 0 for Ingress/Egress Packet Sent. Impact: For the egress intercepted (IMS LI/ PC2LI) call, when the RTP monitoring and delayed RBT is configured in the PSX. The Call Media Status is showing a media count as 0 for Ingress/Egress Packet Sent. Root Cause: For the egress intercepted (IMS LI/ PC2LI) call, when the RTP monitoring and delayed RBT is configured in the PSX. The main media along with RBT is impacted, so respective statistics are shown as zero. Steps to Replicate:
When a 183 is received, the SBC plays the Delayed Ring Back Tone towards the UAC. | The code is modified to not stop the main media along with intercepted media for the this call. Workaround: Not applicable. |
46 | SBX-114831 | SBX-115801 | 2 | PortFix SBX-114831: No fallback to G711 for a fax call flow upon receipt of a 488 response. Impact: The SBC is not sending fax fallback re-INVITE upon receiving 488 error response (for T38 re-INVITE) from UAS. Root Cause: New code had been introduced in 8.02 of the SBC to address a few customer requirements related to the flag - bIsOlineSame flag. None of those customer scenarios had any use cases involving Gw-Gw scenarios. There is a miss in the test coverage as a result. This new code has a missing initialization of one field that was being used for Gw-Gw scenarios, which is causing this issue. Steps to Replicate:
The SBC2 is failing to send a fax fall back re-INVITE to UAS. | Initialization code is added for the new field. Workaround: None. |
47 | SBX-115742 | SBX-115829 | 2 | PortFix SBX-115742: Follow-up fix for SBX-114771 that was a SCM core related to refreshAfter. Impact: There is a segmentation fault in SBX-114771 due to code added to avoid hack during fast refresh in SBX-111209. As the code is reverted, the SBC is open to registration hacks during fast refresh. Root Cause: The SIPSG code hit a Segmentation fault while sending a 200 OK response to a REGISTER because it is attempting to dereference an invalid pointer. Steps to Replicate: Test steps are same as SBX-111209. | The fast refresh is handled in the SIPCM for any register. So the fix for the fast refresh hack is moved to the SIPCM Module. Workaround: No workaround. |
48 | SBX-114557 | SBX-115063 | 2 | PortFix SBX-114557: While running a suite for a previous issue on the ASAN, the Build Number: 1252 found this issue in the SCM Process. Impact: The "AddressSanitizer:stck-use-after-scope" while accessing the structure SIPSG_CONTACT_HDR_MEMORY_STR. Root Cause: The SBC was trying to access the structure SIPSG_CONTACT_HDR_MEMORY_STR outside the scope that is defined. Steps to Replicate: Run ASAN call flows. | The code is modified such that SIP_ERROR_INFO_STR structure is defined at the starting of function. Workaround: None. |
49 | SBX-114081 | SBX-114353 | 2 | PortFix SBX-114081: The SecGetTlsProfileDataByName() selects a TLS profile other than the configured one. Impact: The SBC uses the wrong TLS profile. Root Cause: The 'lookup by name' function returned with the wrong profile. Steps to Replicate:
| The code is modified for both TLS and DTLS profile lookup by name routines to return the requested profile. Workaround: None. |
50 | SBX-113592 | SBX-115071 | 2 | PortFix SBX-113592: The [ASAN]: AddressSanitizer: stack-buffer-overflow on address 0x7fb9742c6270 at pc 0x555db61239fb bp 0x7fb9742c5fa0 sp 0x7fb9742c5f98 in. Impact: There was a Stack Buffer overflow. Root Cause: The boundary check was missing before running a StrNCpyZ. Steps to Replicate: Run the ANSI-00 ISUP INVITE-BYE SIP-I codenomicon suite. | The code is modified to prevent the overflow. Workaround: Not applicable. |
51 | SBX-111460 | SBX-115067 | 2 | PortFix SBX-111460: The SBC does not offer 16K dtmf in a LM call when SDP is present in 2xx. Impact: The SBC is not sending 16k 2833 Payload type in initial offer towards ingress when SDP is present in 2xx during a Late media "convert" call. Root Cause: The answer received from the egress contained both 8000 and 16000 2833 Payload type and that resulted in the SBC wrongly assigning the 8000 PT value to 16000 as well while generating offer towards ingress. As a result, the 16000 PT get dropped by SIP stack. Steps to Replicate:
Test Result without Fix: The SBC drops the telephone-event/16000 payload type when generating offer towards ingress in 180. | The code is modified to prevent the same PT value getting assigned to both 8000 and 16000 DTMF in this call flow. Workaround: None. |
52 | SBX-112092 | SBX-115036 | 2 | PortFix SBX-112092: The CallMediaStatus does not display the codec information of t38 image stream. Impact: The SBC does not display codec as "T.38" in callMediaStatus, when the Fax/Image stream is received as a non-core stream. Root Cause: The issue is caused because, by default, the SBC does not populate the codec information for Image streams, if an image is received as non-core stream. Steps to Replicate:
For Fax/Image stream, the codec should be updated as "T.38". | The code is modified so the codec as "T.38" for Image stream received as non-core stream for a call. Workaround: No workaround. |
53 | SBX-90156 | SBX-115030 | 2 | PortFix SBX-90156: Observed the Major logs "MAJOR .CHM: *send_notification: unknown variable name sonusAlarmNodeID". Impact: Major logs "MAJOR .CHM: *send_notification: unknown variable name" are seen on the sbxrestart. Root Cause: These type of logs are seen when the queued traps are flushed out but the corresponding MIBS are not loaded yet, as a result unknown variable names/faulty varbind logs are seen. Steps to Replicate:
| The code is modified from ConfdSnmpStartupDelay from 5 seconds to 15 seconds to introduce a buffer for the loading of the MIBS, after the Northbound interface is enabled. Workaround: Not applicable. |
54 | SBX-109692 | SBX-115037 | 2 | PortFix SBX-109692: The EMS fails to send authentication token while pushing licenses to the SBC. Impact: The EMS fails to send authentication token while pushing licenses to the SBC. Root Cause: To validate the license bundles, the CDB API's are used and in race condition, one of the CDB API is returning unexpected value and as a result, this issue is seen. Steps to Replicate:
Expected result: The license should get associated. Observed result: Receiving an error pop up saying "SBCRestManager - Received error code 400". | The code is modified to validate the license bundles instead of CDB API’s. Workaround: Not applicable. |
55 | SBX-114273 | SBX-114330 | 2 | Portfix SBX-114273: The SBC is sending unexpected UPDATE towards UAS in Support Preconditions Interworking on SIP CORE scenario. (tms927936). Impact: An additional UPDATE is seen towards the egress endpoint during egress precondition interworking scenario. Root Cause: An internal bug fix used to mitigate the egress SIP UPDATE is not being delivered to the endpoint during precondition transparency. This created a side effect of sending additional UPDATE towards egress during egress precondition interworking scenario. Steps to Replicate:
| While releasing the UPDATE, additional conditions have been added to correctly identify the scenario which needs UPDATE to be sent to the egress endpoint Workaround: Not applicable. |
56 | SBX-109059 | SBX-115039 | 2 | PortFix SBX-109059: The SIPSG FAX multiple streams initiated fax call fails (muted T.38 and audio) Impact: The multi-stream fax call is failing with muted T38 and audio. Root Cause: There is a mismatch in the media streams of the SBC offer and the peer answer. Due to this, the images media stream received from UAS is mapped incorrectly to the audio stream in the SBC offer. This is happening when advertise audio only flag is enabled. Steps to Replicate:
| The code is modified so the SBC maps the media streams in offer and answer correctly when advertise audio only flag is enabled. Workaround: None. |
57 | SBX-113096 | SBX-115042 | 2 | PortFix SBX-113096: The RTP inactivity timer kicks in during tone play. Impact: With a short RTP inactivity timeout configuration (five seconds in the test), the SBC generated RTP peer loss trap when the ringback tone was being played during the call setup procedure (after the SBC receiving 180 and before the final 200 OK for the INVITE completed the call setup). Root Cause: The RTP peer loss detection was enabled on the media flow in media plane while ringback tone was being played. Steps to Replicate: Procedure: Configure "media peer inactivity timeout" value in the "Packet Service Profile" entry in PSX to five seconds.
Observed at Step 4, when tone was being played RTP inactivity was detected and the call was torn down. | Disable the media flow RTP peer loss detection when the ringback tone is played. Workaround: No workaround. |
58 | SBX-112547 | SBX-112954 | 2 | PortFix SBX-112547: The SBC routes call to 2nd DNS record if 503 is received after 18x. Impact: The SBC routes an INVITE to next DNS record if 503 is received after 18x. Also, even when the dnsCrankback flag is disabled, on getting 503/INVITE timeout case, the SBC reroutes an INVITE to next DNS record. Root Cause: Due to a design defect, the SBC tries the next DNS record even if an error response is received after an 18x. Also, retrying the next DNS record during a 503/timeout when dnsCrankback flag is disabled is legacy behavior. This behaviour is changed to retry the next DNS record only when the dnsCrankback flag is enabled. Steps to Replicate:
| The code is modified to not apply the DNS crankback procedure if an error response is received after a 18x. Additionally, the default behavior of handling timeout/503 when the dnsCrankback is disabled is updated as part of this fix. With this fix, the SBC retries for the next DNS record only when dnsCrankback is enabled to ensure the error responses match the reasons configured in the crankback profile. Workaround: None. |
59 | SBX-115370 | SBX-115517 | 2 | PortFix SBX-115370: The SBC is unable to generate UPDATE message towards the UAS for the 183 dialog-3, during the call forwarding scenario. Impact: The SBC is unable to generate the Update towards the ingress side during a Prack 200 OK delay scenario. Root Cause: The Update is queued in a 200 OK delay Prack scenario. The queue Update is never released. Steps to Replicate:
| The code is modified to release the queued Update in the 200 OK Prack Delay Scenario. Workaround: None |
60 | SBX-111176 | SBX-115051 | 2 | PortFix SBX-111176: No media was seen during tone play with the LRBT when the DPM for tone is changed from inactive to sendrecv from an ingress peer with an UPDATE. Impact: An initial INVITE is received with the c=0.0.0.0 connection media IP and datapathmode a=inactive in the SDP. With an LRBT enabled, when the client/ingress endpoint sends an Update with non-zero c=<valid IP> and datapathmode a=sendrecv, the remote media IP maintained in the ingress call leg was being overwritten with zero IP though a valid non-zero IP was received in Update. Without a valid remote IP, tone packets will not be generated by the SBC. Root Cause: After the UPDATE is received, the new non-zero remote IP is updated to the circuit information maintained on the ingress call leg as part of a modify request in tone context. However, an additional allocation request was also triggered to start the tone play with the old zero remoteIp 0.0.0.0 that was overwriting the valid remoteIp and tone play was disabled.As a result, the datapathmode has changed to sendrecv and valid remoteIP is received with the latest UPDATE from a remote endpoint. Steps to Replicate:Run the following call flow to replicate the issue: | The code is modified to prevent an existing non-zero valid remoteIp saved in call leg circuit info from being overwritten by zero remote IP during a tone play. Workaround: None. |
61 | SBX-114728 | SBX-115065 | 2 | PortFix SBX-114728: The SBC did not send Terminating IOI value in P-Charging-Vector header for 183, 180, BYE, and 200 OK. Impact: The SBC was not sending the Terminating IOI value in P-Charging-Vector header for 183, 180, 200 OK, and BYE toward the ingress. Root Cause: The SBC should add term-ioi in PCV header when the term-ioi is configured, irrespective of whether the operator Id is configured or not. However, due to recent code changes, this functionality was broken and when the operator Id is not configured the SBC was not copying term-ioi value in PCV properly. Steps to Replicate: Run the SBC configuration:
The customer script should be configured with DefaultDialTone and DefaultRingBackTone profiles. Run the following call:
| The code is modified to send term-ioi when it is configured without having dependency on the operator Id. Workaround: None. |
62 | SBX-111609 | SBX-115028 | 2 | PortFix SBX-111609: The GCID value of '100 Trying" sent is logged with value '0xffffffff' in POST-SMM SMM L4 Trace. Impact: The POST-SMM Level 4 trace log for 100 Trying has GCID incorrectly set to 0xffffffff. Root Cause: Level 4 call trace is active with a configuration to match 100 Trying and a SMM rule is applied that modifies 100 Trying. Steps to Replicate:
| The code is modified so that the correct GCID value is printed in both PRE and POST-SMM traces. Workaround: None. |
63 | SBX-112363 | SBX-115033 | 2 | PortFix SBX-112363: [ASAN]: runtime error: member access within null pointer of type 'struct CC_SG_PROGRESS_UIND_MSG_STR' in CcSgProgressHndl. Impact: Run a basic Update CallModification scenario. After the call was completed, the ASAN runtime error is observed in the system logs indicating that the code is taking the address of a field within a NULL pointer. Root Cause: When a Call Progress message is received from the network, the code was taking the address of a field within the NULL pointer. Steps to Replicate: Run an update CallModification scenario. | The code is modified to validate that the pointer is not null taking the address of a field within the pointer. Workaround: No workaround. |
64 | SBX-113839 | SBX-114138 | 2 | PortFix SBX-113839: The customer setup is going for continuous reboot after upgrading (Stack Delete and Create) from 8.2.2R7 and 8.2.2R8 to 10.1. Impact: The SWe_NP process exits during DPDK ACL tries to build operation causing the SBC to go for reboots. Root Cause: postgres process is eating up significant number of huge pages from the quota allocated for SWe_NP. As a result, SWe_NP runs short of huge pages for DPDK ACL trie build operations and exits. Steps to Replicate: 1. Bring up a SBC instance with 10.1 release. | The code is modified to restrict the postgres process from consuming huge pages. Workaround: Increasing number of huge pages could be a possible work around. |
65 | SBX-112163 | SBX-115054 | 2 | PortFix SBX-112163: [ASAN]: AddressSanitizer: stack-use-after-scope on address 0x7f7e3d1a4510 at pc 0x55cec34efba0 bp 0x7f7e3d1948a0 sp 0x7f7e3d194898 in SipsPSFormatErrorInfoHeaderCmd. Impact: ASAN detected "AddressSanitizer:stck-use-after-scope" while accessing the structure SIP_ERROR_INFO_STR. Root Cause: The SBC was trying to access the structure SIP_ERROR_INFO_STR outside the scope that is defined. Steps to Replicate: Run a call with initial INVITE having no contact header. | The code is modified such that SIP_ERROR_INFO_STR structure is defined at the starting of the SipsTSParseMsgCmd function. Workaround: None. |
66 | SBX-114373 | SBX-115062 | 2 | PortFix SBX-114373: The S-SBC is generating an extra UPDATE towards UAC for 3rd 183 dialog during downstream forking scenario Impact: An additional UPDATE was seen towards ingress endpoint during downstream forking with multiple dialog scenario. Root Cause: When simultaneous 183 messages from different dialog is received, the SBC queues the second 183 message. This is released after the completion of precondition or offer-answer negotiation for current dialog. Due to a previous fix, there were changes introduced in this framework that causes the early release of 183 message, thereby inducing issues in the OA FSM. Steps to Replicate:
The call should be established. | The code is modified so the 183 message is released correctly before releasing the second 183 message. Workaround: None. |
67 | SBX-110891 | SBX-115027 | 2 | PortFix SBX-110891: The 'gzip' should run with a nice value of >15 for lesser resource consumption. Impact: The SBC performance monitoring tools like top2 at times take a large percentage of CPU core, there by reducing the total available CPU resources for management activities on the SBC. Root Cause: The gzip, that compress files, currently runs periodically without any Linux value configured. Steps to Replicate: Install the fix build and ensure top2 gzip processes are running with a correct value of 15 using top2 command. | The code is modified to reduce the priority of processes compared to other management processes on the SBC. Workaround: None. |
68 | SBX-110324 | SBX-115049 | 2 | PortFix SBX-110324: The SBC fails to set up a DTLS-SRTP call if dtlsProfile --> CertName is configured with a local-internal certificate. The call works correctly if a "local" certificate is used. Impact: When local-internal type certificate is configured from the EMA, the certificate is updated in the SAM process correctly but not updated in the PRS process. As a result, the DTLS SRTP calls are unable to get certificate and the call fails. Root Cause: When local-internal type certificate is configured from the EMA, the certificate is updated in the SAM process correctly but not updated in the PRS process. As a result, the DTLS SRTP calls are unable to get certificate and the call fails. Steps to Replicate: Configure the local-Internal type certificate from EMA and make DTLS_SRTP call. DTLS_SRTP connection will fail because of certificate not being available. | The code is modified to read the certData from DB and update x509 when pki certificate state is enabled. Workaround: After configuring a certificate from the EMA, perform an SBC restart. This restores the certificate from DB and the DTLS_SRTP call is successful. |
69 | SBX-108416 | SBX-115059 | 2 | PortFix SBX-108416: Importing of local and remote certificates on the Cloud SBC platforms requires .der and .p12 to be placed on both the active and standby nodes. This is not the case for HW and VMware SBC platforms. Impact: On cloud 1:1 HA, importing of TLS certificate failed on the STANDBY. Root Cause: Importing of local and remote certificates on the Cloud SBC platforms requires .der and .p12 to be placed on both active and standby nodes. This is not the case for HW and VMWare SBC platforms. Steps to Replicate:
Expected Result:
| The code is modified to update the HW and VMware SBC platforms similar to H/W for cloud 1:1 HA and N:1. Workaround: Configure the certificate on both instances. |
70 | SBX-114618 | SBX-114960 | 2 | PortFix SBX-114618: The SBC did not send Terminating IOI value in P-Charging-Vector header for BYE message and STOP CDR record (69.30 field). Impact: The SBC did not send Terminating IOI value in P-Charging-Vector header for BYE message Root Cause: Upon receiving a 200 OK, the SBC is not saving term-ioi, there by causing this issue. Steps to Replicate:
| The code is modified to save the term ioi in a 200 OK Response. Workaround: we can try adding missing term-ioi by SMM. |
71 | SBX-110245 | SBX-115060 | 2 | PortFix SBX-110245: The AddressSanitizer: heap-use-after-free /sonus/p4/ws/jenkinsbuild/sbxAsan100/marlin/SIPSG/sipsgMsgProc.c:7097 in SipSgProcessNrmaUpdateNfy(SIPSG_CONTEXT_STR*, nrma_update_nfy_msg_str*) Impact: The ASAN detected "AddressSanitizer: heap-use-after-free" while accessing SG_CCB_STR pointer. Root Cause: The SBC was trying to access the SG_CCB_STR pointer that is already been freed. Steps to Replicate: Run a basic call where ICID value of P-Chargingector header in INVITE message is NULL or absent. | The code is modified to check the pointer is null or not before accessing it. Workaround: None. |
72 | SBX-109808 | SBX-115073 | 2 | PortFix SBX-109808: [ASAN] SBC: Scm process gave ERROR: AddressSanitizer: heap-use-after-free on address 0x6150000d6488 at pc 0x5585e065bdec bp 0x7f3900ad0e10 sp 0x7f3900ad0e08 on the SBC standby. Impact: The ASAN error is coming on the standby SBC when the standby is going down anyway. Root Cause: Packet collector is checking requests queue when system is shutting down. Steps to Replicate: Run the same scenario again and check that ASAN error is not seen now on standby MRFP | The code is modified to not check the requests queue when system is going down. Workaround: None. |
73 | SBX-114184 | SBX-114519 | 3 | PortFix SBX-114184: The SMM store/regstore/regsub SMM operations add an extra CRLF if the operation is executed against a header that contains a SIP URI. Impact: The SMM inserted double EOL after using regex for header value operations. Root Cause: After modifying the header value, the SMM logics did not strip off EOL. As resulted when it try to format back, additional EOL was inserted. Steps to Replicate: An incoming message has invalid from header syntax | The code is modified to address the issue. Workaround: No workaround. |
74 | SBX-112706 | SBX-113554 | 3 | PortFix SBX-112706: The SBC populates the NOTIFY XML body using pre-SMM INVITE PDU for outgoing messages. Impact: The SBC was using pre-SMM outbound INVITE PDU for populating the XML body of NOTIFY for the Call Notification feature in the XML Metadata body of the SIPREC INVITE. Root Cause: The SBC considers pre-SMM outbound INVITE PDU instead of the post-SMM PDU for SIPREC and call Notification features. Steps to Replicate:
Observation: The SBC should use post-SMM outbound INVITE PDU for populating XML body of NOTIFY for Call Notification feature (and for SIPREC INVITE). | The code is modified to consider the post-SMM outbound INVITE PDU for populating the XML body of NOTIFY for the Call Notification feature and SIPREC. Workaround: Not applicable. |
75 | SBX-108326 | SBX-115047 | 2 | PortFix SBX-108326: The SBC sends ACK with "a=inactive" when PRACK is enabled only on ingress leg and an outgoing INVITE towards the egress leg that does not have offer, and 18x towards ingress that has offer based on the configuration flag "Sdp100relIwkForPrack" scenario. Impact: The SBC is not triggering a re-INVITE after sending ACK with "a=inactive" on the egress side for an asymmetric PRACK interworking scenario. Root Cause: Since the SBC creates the offer SDP internally, 18x is sent with "a=inactive" on the ingress side. The SBC sets the datapathmode as inactive on the egress side. So even after receiving a 200 OK with "a=sendrecv". it sends ACK with "a=inactive". Steps to Replicate:
| The code is modified so the SBC creates offer and sends in 18x on the ingress side. On the egress side, after receiving 200 OK with "a=sendrecv", So a fix is given to send a re-invite on egress side with "a=sendrecv". Workaround: Not applicable. |
76 | SBX-115476 | 2 | The SBC fails to send ACK in the Re-invite call flow when E2E ACK and E2E re-Invite flags are enabled. Impact: E2eAck not working after Invite with a replace. Root Cause: Currently, the E2eAck configuration is applicable only on egress leg. After receiving an Invite with replace (ingress legC), legC does not support e2eAck. Steps to Replicate:
| The code is modified to address the issue. Workaround: Disable the e2eAck. |
77 | SBX-116421 | 2 | flexiblePolicyAdapterProfile breaks transparency in GW-GW scenarios. Impact: A SMM with action flexiblePolicy assigned at the ingress trunk group may break SIP header transparency for SIP-GW-GW-SIP calls. SIP headers are not sent transparently to the egress SIP peer. Root Cause: The SBC is unable to pack and send flexible routing headers to the GW-GW call leg. As a result, all SIP headers where the transparency is enabled, are not relayed. Steps to Replicate: Enable the flexiblePolicyAdapterProfile and enable either "Unknown Header transparency" in the egress IP signaling profile or configure the egress transparencyProfile with transparency for all headers. Make a SIP-GW-GW-SIP call and observe that the headers are not relayed. | The code is modified to ignore when packing the transparency content. Workaround: Disable the SMM flexible routing. |
78 | SBX-116551 | 2 | Memory leak in the PES process. Impact: The PES Process has leaking memory. Root Cause: In Postgres searching result object was not properly cleared for TRUNK. Steps to Replicate: To reproduce the issue, attempt to make call loads that Trunkgroup has ZZPROFILE assigned. To test the fix, do the same. | The code iis modified to clear the search result object. Workaround: Use a Trunkgroup without ZZPROFILE should help. |
79 | SBX-113053 | 2 | There was a race condition when the 183 and 200 OK (INVITE) are received simultaneously. The 200OK is not relayed to the other side. Impact: After a 200 OK (UPDATE) received followed immediately by receipt of 183 Session progress, the subsequent 200 OK (INVITE) containing P-Early-Media header is queued indefinitely at egress when downstreamForking is enabled and earlyMedia forkingBehaviour is pemPriority. Root Cause: There was a race condition between internal processing of the 200 OK for an UPDATE and a received 183 Session Progress. Steps to Replicate: Set up the Egress SIP trunk group has downstreamForking is enabled and earlyMedia forkingBehaviour is pemPriority. Make a call so that egress signaling is as follows: | The code is modified to eliminate the race condition. Workaround: None. |
80 | SBX-112483 | 2 | After call transfer 7000 fails to send media stream to new term resulting in dead air to term end - ingress in fax mode. Impact: If the call is in fax mode and if a Re-INV is received with new media address then the SBC is not sending RTP to the new media address. Instead, it is sending RTP to the old media address. Root Cause: When the call is in fax mode and if the SBC receives a Re-INV from the peer, then it responds locally with 200 OK SDP to the peer. The current logic was not checking for any change in the media address received in the re-INVITE. Hence, the SBC was sending RTP to the old media address. Steps to Replicate:
| The code is modified so that when the call is in FAX mode and if any re-INVITE is received from the peer, then the SBC compares the media addresses. If there is any change in it, then it starts a modify offer-answer cycle to get this new media address updated. Workaround: None. |
81 | SBX-114948 | 2 | Post 9.2.3 upgrade, the T.38 has faxing issues. Impact: Customer experienced some fax failures after moving to 9.2 from 7.2 release. Root Cause: Inspection of Traces from field supplied by customer shows this file has 3 DCS and TCF packet captures, and the packets are large with a payload of 176 bytes of V.29-9600. The root cause is that T.38 stack gets stuck in generating a very long TCF instead of 1.5 seconds long, resulting in a fax failure. Steps to Replicate: For test steps refer to unit test for this JIRA and test files loaded in the JIRA. | The code is modified to address the issue. Workaround: Increase the Maxdatagram size to 72 instead of 176. This was tried by customer and found to work. However, this setting is on the peer T.38 device and not always available. |
82 | SBX-114352 | 2 | One way audio when a call starts as a=recvonly and RTP NAT learning completes before the call is switched to a=sendrecv. This happens with RTP coming from port number 5004 or 5006 only. Impact: The RTP NAT learning completes while the call is in a=recvonly mode (SBC is in receive-only mode). Once the called party switches the call to a=sendrecv mode, the XRM stays in rcv-only instead of switching to duplex. This is why the SBC does not send any RTP packets towards the endpoint that is behind NAPT and the endpoint doesn't receive any audio. Root Cause: Port 5004 is defined as LOOPBACK_IP_PORT in the SBC and being used for NAPT. When RTP is coming on port 5004, NAPT re-learning will not be completed. If NRMA is waiting for NAPT re-learning to complete before changing rtpMode to duplex, then one way audio occurs. Steps to Replicate: Configure the SBC as:
| The code is modified so that when RTP is coming on port 5004, the NAPT re-learning is completed and the rtpMode updates as expected. Workaround:Change the endpoint configuration and/or the NAT device configuration so that the SBC receives RTP packets from the UDP port numbers other than 5004 and 5006. |
83 | SBX-112119 | 2 | The SBC is timing out when creating a route through the EMA. Impact: The SBC is timing out when creating a route through the EMA Root Cause: While creating route current system is fetching all the created routes. Due to this issue, the timeout issue is caused as a result. Steps to Replicate: Getting an "Error Saving From Details, TimeoutError: timeout has occurred" while creating a route through the EMA. | The code is modified to address the issue. Workaround: No workaround. |
84 | SBX-114722 | 2 | There was a SCM Process core in SipSgIsEgressPrecondUpdateEnabled. Impact: There was a SCM Process core in SipSgIsEgressPrecondUpdateEnabled. The core occurs when the SBC receives a NULL to function SipSgIsEgressPrecondUpdateEnabled(). Root Cause: The core occurs when the SBC receives a NULL to SipSgIsEgressPrecondUpdateEnabled(pvApplHandle=0x0) and inside that function, the SBC dereferences the NULL pointer. Steps to Replicate: The steps cannot be reproduced. | The code is modified to address the issue. Workaround: None. |
85 | SBX-114725 | 2 | The MIME part headers do not pass over a GW-GW with body transparency. Impact: In the GW-GW call when the PIDF MIME body parts are passed over a GW-GW with the SBC body transparency enabled, the MIME part headers other than Content-Type are not passed. Root Cause: The code for packing unknown headers in first gateway and code for unpacking it at second gateway was absent. Steps to Replicate:
| The code is modified to address the issue. Workaround: No workaround. |
86 | SBX-114020 | 2 | A core dump occurred on a Standby SBC 5210 after a healthcheck failure - ENM Deadlock - while attempting register with the EMS. Impact: Running multiple registers and deregisters of a high availability SBC pair, in a rare case can cause the standby SBC to core dump and restart. Root Cause: The code on the standby SBC for processing the delete of an SNMP trap target can potentially cause a core dump. Steps to Replicate: Internal code debugging mechanisms were used to verify that create and delete of SNMP trap target processing code is bypassed on the standby SBC. | The code is modified to bypass the processing on a standby SBC. Workaround: None. |
87 | SBX-116431 | 2 | The events in the NRMA logging are not printed to the TRC. Impact: Some NRMA call trace log entries are missing. Root Cause: The complete set of NRMA call trace log entries are only generated if the oam eventLog typeAdmin debug filterLevel is set to info or the NRMA subsystem has infoLogState enabled. Steps to Replicate:
| The code is modified to decouple the generation of NRMA call trace logs from the filtering of debug logs. Workaround: None. |
88 | SBX-115002 | 2 | There is a SIPSG sync failure after both nodes update to 9.2. Impact: There is a SIPSG sync failure with this message: Root Cause: The SIPSG is failing to sync Registration data. The failure is due to the fact that the buffer that is allocated for mirroring the Registration data is not large enough. This is because the structures have grown over time and no longer fit in the allocated memory. Steps to Replicate: Enable this configuration: | Increase the amount of memory for the message that is used for mirroring the Registration data to address the issue. Workaround: It may be possible to avoid this issue by disabling the following configuration parameter: |
89 | SBX-116728 | 2 | Failed to create LIF when applications are starting up. Impact: Failed to create a LIF when an application starting up. Root Cause: The LIF name, IPIF_pkt1b, was used in 2 different address contexts which is not allowed. Steps to Replicate: 1. Configure two LIFs with the same name in two different address context. | The code is modified to validate LIF's name against assigned address context and log a detailed major DBG message when finding the bad configuration. Workaround: No workaround. |
90 | SBX-116747 | 2 | No audio in STUN/ICE/DTLS calls and the SBC ignoring DTLS Client Hello requests Impact: There is no audio in STUN/ICE/DTLS calls. Root Cause: During the process of BIND response message, ICE FSM did not verify the remote IP address against stored nominated candidate's IP address. So when the SBC received the response message from a different remote entity other than the nominated candidate, ICE FSM overwrites RTP candidate and notified NRMA with the different remote IP and caused the issue. Steps to Replicate:
| The code is modified to check the remote IP address in the response message. If the remote IP address is different from stored nominated candidate's IP address, log a debug message and drop the response. Workaround: N/A |
91 | SBX-113807 | 3 | The CIN-5400-PJ Application is restarting every 30 minutes. Impact: The CIN-5400-PJ Application is restarting every 30 minutes. Root Cause: The CPX process does not respond within 180 seconds to the confd process because the CPX process received a malformed response from the TRM process on a show addressContext zone trunkGroupStatus request. Steps to Replicate: Perform an snmpwalk on addressContext zone trunkGroupStatus | If the TRM response has a cpxIndex of 0, respond to confd immediately with an error to address the issue. Workaround: Do not run an SNMP getnextrequest on addressContext zone trunkGroupStatus |
92 | SBX-112808 | 3 | Serial Number display issue in the EMA, Azure Impact: In a virtual cloud HA setup, the Serial Number displayed in EMA is incorrect. Root Cause: In a virtual cloud HA setup, the EMA was using the serial number of the standby node instead of active node and the same was displayed in the UI. Steps to Replicate: In a virtual cloud HA setup, log in to the EMA. The serial number should be displayed. | The code is modified to retrieve the serial number of the active instead of standby node. Workaround: None. |
93 | SBX-112252 | 3 | The Verstat parameter is coming before the CPC in PAI header that is not in lexicographical order. Impact: In the SIP P-Asserted-Identity header, in the TEL URI, the verstat parameter appears prior to the CPC parameter. Root Cause: Order of parameters in P-Asserted-Identity header was not in lexicographical order. Steps to Replicate: Make a SIP-SIP call. Egress SIP trunk is configured with JJ9030 interworking profile flavor jj9030. IP Signaling profile for egress trunk has "Include CPC Information" checked. IP Signaling profile for egress trunk has "Include Privacy" checked. | The code is modified so the CPC appears first. Workaround: None. |
94 | SBX-113355 | 3 | The SBC does not change the status of the certificate from "SUCCESS" to "FAILED" when the certificate expires. Impact: The SBC CLI and EMA display the status of the certificate as "SUCCESS" for certificates that expired and are no longer valid. Root Cause: The SBC did not update the certificate status to "FAILED" although the SBC detected the certificate expiry. Steps to Replicate:
| The code is modified so that the status of expired certificates is updated from "SUCCESS" to "FAILED" upon a certificate expiry. In addition to the code changes, the "expired" status is added to the pki > certificate > status statistic in the Security table on the page Show Table System. Workaround: No workaround. |
95 | SBX-114944 | 3 | The SBC does not add "term-ioi" to the PCV of the SIP 503 response when the SIP 503 response is caused by the TG being blocked. Impact: The SBC does not add the "term-ioi" parameter to the PCV header of the SIP 503 response when the SIP 503 response is caused by the ingress TG being configured with "blockDirection: incoming". Root Cause: The code that would update the term-ioi parameter in case the TG is blocked was missing. Steps to Replicate:
| The code is modified to update the term-ioi in a call control block from locally configured sipJJ9030InterworkingProfile. Workaround: No workaround. |
96 | SBX-115603 | 3 | There was a SCM process coredump in SipSgRecFormSipRecSDP. Impact: The SCM process core in SIPREC code after a switchover. Root Cause: The SIPREC code is attempting to dereference a NULL pointer. Steps to Replicate: The steps cannot be reproduced. | The code is modified to prevent the attempt to dereference a NULL pointer. Workaround: There is currently no workaround. |
97 | SBX-113733 | 3 | The SBC SWe with larger disks get stuck at boot after reset or powercycle. Impact: When an SBC on SWe is powered off, without soft shutdown, on reboot system goes into emergency mode and waits for user input on console. On the VMWare, it hangs forever. Root Cause: On reboot after unclean shutdown, the systemd-root-fsck service runs to chec root file system. When the root file system is large (>200GB), it takes more than 90 seconds (default service start time) to start file system check and subsequent devices' file system checks mentioned in /etc/fstab fail pushing the system into emergency mode. Steps to Replicate:
| The code is modified to remove the console=ttyS0 from kernel command line. Workaround: On VMware on reboot, enter into the grub menu and remove console==ttyS0 option from the command line. |
98 | SBX-114540 | 3 | The checkDrbdMountStatus.sh was still in the crontab. Impact: On the SBC startup or switchover, crontab is erroneously updated to contain a call to checkDrbdMountStatus.sh. Root Cause: The legacy call to checkDrbdMountStatus.sh is no longer needed in cron. Steps to Replicate: Start the SBC. At the linux prompt, run command crontab -l to check crontab contents. | The code is modified to no longer add checkDrbdMountStatus.sh. Workaround: None. |
99 | SBX-113564 | 3 | Incomplete data is shown in the "DNS Entry Data Status List" in the EMA. Impact: Incomplete data is shown in the "DNS Entry Data Status List" in the EMA. Root Cause: The data type of key 2 needed to retrieve DNS data entry status from hash is incorrect. Steps to Replicate:
| The code is modified to 1 byte. Workaround: No workaround. |
100 | SBX-114376 | 3 | The SBC does not follow the Q.1912.5 spec for privacy of the display name. Impact: When trunk group variantType is q1912, the SBC includes display name in SIP From: header, even though privacy is enforced. The display name should be set to "Anonymous" in this scenario. Root Cause: The display name in the From: header is mapped from the P-Asserted-Identity: header, rather than being set to "Anonymous". Steps to Replicate:
| The code is modified to set the display name in From: to "Anonymous" when privacy is enforced for variantType q1912. When the variantType is uk and privacy is enforced, the display name in From: is not included. Workaround: A SMM rule may be configured to anonymize the From: header. |
101 | SBX-111650 | 3 | The SBC fails to write SMM values into the CDR when STI profile is attached. Impact: When STI is enabled and attached, we are not writing SMM details to the CDR. Root Cause: SMM fields are impacted when STI profile is enabled as part of SipSgFillStiCdrData -> SipSgSendAcctUpdateToCc -> SipSgFillInProtSpecificString -> SipSgFillSmmCdrString, in sipsgIncomingCallNfy. The SBC fails to write SMM values as ccbPtr→commonFsmCb.ccHndl, and after the fetching values of SMM, free up the SMM-CDR memory and thus we fail to update the SMM data when the normal update happens through the NrmaAllocRpy. Steps to Replicate: Run a normal STI call with SMM rules applied. | The code is modified to control SipSgSendAcctUpdateToCc. Workaround: None. |
102 | SBX-115340 | 3 | FAILURES and LINK FAILURES counts increase by two from portMonitorStatus command in V09. Impact: After a switchover, the failure counts reported in by portMonitorStatus command are doubled. Root Cause: The portMonitorStatus was being registered twice with the CPX process. Steps to Replicate:
| The code is modified to detect and reject duplicate registrations. Workaround: None. |
103 | SBX-108952 | 3 | Making IP interface OOS/disabled stops sending traffic over interface in other AC. Impact: For the SBC SWe running on VMware platform with X710 SRIO NICs, create two IP interface groups in two different address contexts with different VLANs but with the same packet port. As a result, this makes two different VLAN interfaces from the same packet port. When we make an IP interface OOS/disabled in one address context, the SBC packet port was unreachable in another address context. Root Cause: When we make an IP interface OOS/disabled in one address context, the SBC packet port was unreachable in another address context because the packet port started getting untagged (stripped VLAN) packets. The problem is unique to VMware host X710 NIC (i40en) driver version 1.8.6 and this problem is not found in driver versions 1.10.9.0 or above. Steps to Replicate: Set up: Upgrade X710 NIC driver 'i40en' version to 1.10.9.0 and firmware 7.20 on VMware host server.
| The code is modified in the SBC NP code for compatibility with the newer host drivers, since the newer host drivers do not allow the dissimilar number of Rx and Tx queues. Workaround: Make IP interfaces OOS/disabled in all address context of the packet port and then enable the required IP interface. |
104 | SBX-114300 | 2 | No trap is generated when the Max System Call Limit is set. Impact: No trap is generated when the Max System Call Limit is set. Root Cause: The "Max System Call Limit Set/Clear" notifications referred to incorrect trap definitions. Steps to Replicate: Verify the traps are generated for the following CLI commands once the max system call limit is reached. | The code is modified to generate traps for Max System Call Limit Set/Clear. Workaround: None. |
105 | SBX-111177 | 2 | The SBC wrongly interprets RTCP packets as RTP when using the DLRBT. Impact: The RBT (ring back tone) can be terminated early when the DLRBT (dynamic local ring back tone) is enabled and RTCP packets or comfort noise packets arrive with the B-party. Root Cause: When the DLRBT functionality was initiated, it was not informed that RTCP could be received. This resulted in RTCP packets being treated as RTP and caused the SBC to think RTP was learned. Unexpected, the RTP comfort noise packets can also cause the SBC to think RTP was learned.As soon as SDP was received in 183, the SBC triggered cut through and the RBT was stopped even though the call was not answered. This left the A-party with silence until the call was answered. Steps to Replicate: Make a PSTN to MS Teams call with the DLRBT enabled. Leave the call in ringing state with MS Teams for a long time and check that the ring tone is continually generated. | The code is modified to correctly identify RTCP packets and not use this as an indication to media being learned so that the ring tone continues to be played until real RTP packets arrive. The learning mechanism has also been updated to look for five or more RTP packets within a five second period to establish that RTP is learned - this is to assure that occasional unexpected comfort noise packets are not used for learning. Workaround: If RTCP is not required on the egress leg then disable it. If RTCP is required there is no work around. |
106 | SBX-113704 | 2 | There was a PRS core dump. Impact: The standby PRS cored in the XRM. Root Cause: There were some XRESs stuck in LIF's deferred active list that caused standby XRM to access NUL pointer when processing redundant modify request. Steps to Replicate: Run regular regression tests. | The code is modified to validate XRES's state and remove it from LIF's deferred list if LIF is already in-service, then continue to process redundant modify request. Workaround: None. |
107 | SBX-115496 | 2 | An NP error occurs during a 9.2.3R2 test: .IPM: *NP 1 error counter badRidCb incremented: cnt 1624898 last error 0x1a15 Impact: NP badRidCb error counts continue to increase. Root Cause: In this call flow, NAPT learning is enabled on ingress leg. But the RTP flow mode on egress leg was already set to DUPLEX before ingress leg has finished NAPT learning to enable RID. So egress started to send packets to ingress RID while NAPT learning and caused badRidCb error. Steps to Replicate:
| The code is modified to address the issue. Workaround: None. |
108 | SBX-116532 | 2 | The DSP activation/deactivation errors in the SBC 7000. Impact: Under certain conditions of transcode overload testing on SBC 7000 intermittent DSP activation/deactivation failures were observed. Root Cause: The size of netlink socket buffer that is used for communication between DSP H/W subsystem and the DSP resource manager process was found to be insufficient for handling intermittent bursts messages. Steps to Replicate: The steps cannot be reproduced. | The code is modified to handle increased burst of messages from the H/W subsystem during intermittent spikes in incoming calls. Workaround: None. |
109 | SBX-112597 | 2 | I-SBC: "runtime error: shift exponent 48 is too large for 32-bit type 'int' " in the np.log. Impact: The ASAN builds reported integer overflow error in calculation of standard deviation for jitter for RTP packets. Root Cause: Integer overflow during standard deviation calculation. Steps to Replicate: The problem can be reproduced by streaming RTP stream with high jitter. | The code is modified to prevent an integer overflow during standard deviation calculation. Workaround: No workaround is available. This metric, however is not written into CDRs. It is currently only being used by Ribbon Protect. |
110 | SBX-114446 | 2 | The SBC is not performing more routes request for Ip signaling peer group 2 in a 3xx scenario. Impact: When configuring multiple routes for the 3xx dip, the SBC does not process any routes after the first set of routes Root Cause: When configuring multiple routes, the SBC has a counter to determine if all routes are fetched. Steps to Replicate:
The SBC should fetch all routes for the 3xx dip. | The code is modified to reset the counter once all routes are fetched from the PSX to address the issue. Workaround: None. |
111 | SBX-116685 | 2 | No space left on the instance, /var/log 100%. Impact: When VMware/KVM deployed the SBC is provisioned with an additional log partition, this extra partition is not being monitored for space correctly and can fill up leading to ssh failing. In all platforms, a misbehaving process could write to the /var/log files leading to unexpected large content in /var/log partition. Root Cause: As bug in the code meant the size of the log partition was only check for cloud deployments and not for virtualized deployments in VMware/KVM, this was now been corrected. Steps to Replicate: Start a process to continually write to syslog very quickly and leave it running. This will eventually fill up the disk space. The SBC should generate traps for disk filling up and should automatically stop the application. | The code is modified to correctly monitor log partition in VMware/KVM deployments and the SBC application is shutdown if the log or root partition reaches 95% usage. The code is also modified to rotate the /var/log files based on a 50M file size and the size is checked every hour. Workaround: The log rotation configuration could be updated to rotate based on a 50M size rather than the previous daily or weekly time based rotation that was being used. |
112 | SBX-117020 | 2 | CDR mismatch is happening with respect to Ingress codecParams1 and Egress codecParams1 Impact: The CDR record of EVS codec is incorrectly set for AMR-WB io mode-set. Root Cause: The EVS codec AMRWB-IO mode-set initialization was incorrectly done due to recent changes done by SBX-105793. Steps to Replicate: Test Case Specific Configuration: | The AMRWB-IO mode-set initialization is set correctly Workaround: Not applicable |
113 | SBX-115322 | 2 | DFW3-CUSBC-28 - Sip Sig Ports Down Impact: Multiple sip sigports are configured with same IP address but different UDP ports. SIP sigPorts went down after one of them was deleted. Root Cause: In NRS, we use a refCount to manage multiple signaling ports with the same IP address. The logical binding and CpsLAddrCreate() is invoked when refCount equals 0, i.e. the time when first logical signaling address is added. If user deletes the first logical signaling address, NRS removes it from related hash table. But it's ID is still being referenced in binding structure. Then if user adds another signaling address in the group, a zero CPS laddr handle will be assigned to the new logical address which will pass wrong ACL handle when adding or deleting ACL rules and in turn caused logical address failure. Steps to Replicate: | Two fixes added Workaround: no workaround |
The following Severity 1 issues are resolved in this release:
The following Severity 2-4 issues are resolved in this release:
The following Severity 1 issues are resolved in this release:
The following Severity 2 issue is resolved in this release:
The following Severity 1 issues are resolved in this release:
The following Severity 2 issue is resolved in this release:
The following Severity 1 issues are resolved in this release:
The following Severity 2-4 issues are resolved in this release:
The following issue is resolved in these releases:
The following Severity 1 issue is resolved in this release:
The following Severity 2-4 issues are resolved in this release:
The following issue is resolved in this release:
The following Severity 1 issues are resolved in this release:
The following Severity 2-3 issues are resolved in this release:
The following Severity 1 issues are resolved in this release:
The following Severity 2-3 issues are resolved in this release:
The following Severity 1 issues are resolved in this release:
The following Severity 2-3 issues are resolved in this release:
The following Severity 1 issues are resolved in this release:
The following Severity 2-3 issues are resolved in this release:
The following Severity 1 issues are resolved in this release:
The following Severity 2-3 issues are resolved in this release:
The following Severity 1 issues are resolved in this release:
The following Severity 1 issue is resolved in this release:
The following Severity 2-3 issues are resolved in this release:
The following Severity 1 issue is resolved in this release:
The following Severity 1 issue is resolved in this release:
The following Severity 1 issues are resolved in this release:
The following Severity 2 and 3 issues are resolved in this release:
The following known issues exist in this release.
The following limitations exist in this release:
Description | |
---|---|
1 | The Access Control List (ACL) is not installed to configure SNMP traps for accepting traffic. A dynamic ACL is added to configure SNMP traps. An ACL must be installed for SNMP traps for accepting traffic. |
2 | The physical NIC connectivity must be in active state at the hypervisor level before starting the SWe instance on the SBC SWe platforms. In case of SWe instance with SR-IOV interfaces, manual restart of the SWe instance is required if physical NIC connectivity goes down while the instance is in progress. |
3 | The Antitrombone feature is not supported on the D-SBC. |
4 | The EMS identifies the nodes based on the VNFC-ID. While instantiating SBC/PSX cloud nodes, ensure that you use a unique VNFC-ID only. If you reuse an existing VNFC-ID, EMS treats this as a re-registration request and overwrites the existing data on the cloud node. |
5 | While configuring the SBC SWe Cloud instances, the CLIs commits successfully even if any metaVariable provided is incorrect. The SBC SWe Cloud instance cannot validate the CLIs, as the CDB configuration file is stored in the OAM Node and is shared among all the other SBC SWe Cloud instances in the cluster. |
6 | Editing the IP Interface is not reflected in the if configuration (ifConfig). This behavior is observed only on the S-SBC when action is set to "dryup" mode on the IP Interface. The IP address changes are not updated in the kernel and will not be displayed when ifconfig linux command is executed. In case of S-SBC, if the ipInterface configuration needs to be modified and if the action is set to "dryup" in ipInterface configuration, it must be set to "force" before disabling the ipInterface and making any changes. |
7 | A LSWU on an SBC 7000 should only be performed when the total number of active calls on the system is below 18,000. If the criteria is not met, a double failure during the upgrade may occur thereby losing all active calls. If such a failure occurs, both active and standby SBC services will go down. Contact Ribbon Support immediately. |
The VLAN tagged SRIOV packet interfaces are unable to ping endpoint Gateway IPs in the VMware platform because of an issue with VMware.
When upgrading SBC SWe cloud instances to release 9.2.x, you must update your Heat template userdata section to include mandatory SSH key information. An issue in OpenStack requires that you use the stack-update process rather than re-launch after updating the template, which leads to a new UUID for the instance. As a result, you must regenerate and apply new license bundles to the upgraded instances during the upgrade.
Refer to Upgrading SBC SWe N:1 HA Nodes on OpenStack using Heat Templates for the relevant procedure.