Issue | Sev | Problem Description | Resolution |
---|
| 2 | Portfix SBX-104962: The HFE setInterfaceMap() can be incorrect. Impact: The HFE_AZ.sh script can configure the HFE node incorrectly if the IP of an interface is a contained with in another. Root Cause: The logic used to determine which interface associates while the NIC can find the incorrect interface. Steps to Replicate: Create a HFE where the eth0 address contains either eth1 or eth2 IP address. | The code is modified to verify it the only the correct IP address is used. Workaround: Request an updated HFE_AZ.sh script from Ribbon. Replace the HFE_AZ.sh in the storage account and reboot the HFE node(s). |
| 2 | Portfix SBX-104156: The RTT-TTY support verifies the call flow in the SBC. Impact: Lower case characters from t140 packet were not getting converted correctly to Baudot (tty). Also, some other characters were not getting converted as per V.18 A2 table. Root Cause: The translation table from T140 to Baudot(TTY) only accounted for the subset of characters that were present in the Baudot (TTY) character set. Steps to Replicate: - Setup a T140=>Baudot (AMRNB=>G711) call.
- Create t140 pcap file with all UTF8 characters (128) and validate the baudot generation.
- Create a t140 pcap file with multi-byte sequence and validate the baudot.
| The code is modified to: - The t140=>Baudot translation table as per V.18 Annx2.
- Validate multi-byte (2,3 and 4 bytes).
- Handle the Byte Order Mark (BOM).
- Ignore an invalid byte sequence and substitute the valid but unknown multi-byte seq with an apostrophe.
Workaround: None. Instead of lower case letters use upper case letters. |
| 2 | PortFix SBX-96783: Some counts in the callCurrentStatistics keep incrementing. Impact: The "activeRegs" counter provided by the CLI zone callCurrentStatistics/ callIntervalStatistics command may continuously increase. Root Cause: Badly formed SIP REGISTER messages received by the SBC (i.e., a REGISTER message that the SIP parser determines is bad) will increment the "activeRegs" counter and never decrement it. Steps to Replicate: Send bad SIP REGISTER message(s) to the SBC, and see that the "activeRegs" counter provided by the CLI zone callCurrentStatistics / callIntervalStatistics command increases (and does not decrease). | Decrement the "activeRegs" counter when the SIP REGISTER message fails the SIP parser to address the issue. Workaround: None. |
SBX-102364 | SBX-104657 | 2 | Portfix SBX-102364: The SBC behavior is inconsistent with the isfocus parameter handling. Impact: Issue 1: The SBC is not transparently passing the complete Contact header in 200 OK of SUBSCRIBE when there is a isfocus parameter. Issue 2: The SBC is not adding the Record-Route in any message when doing a full Contact header transparency Root Cause: Issue 1: The SBC passes contact header transparently only when the isfocus is present in request as well as response and would not send the contact header transparently only when the contact header in response has isfocus parameter. Issue 2: The code to add a record route for notify and its response is not present. Steps to Replicate: - Configure the SBC for A to B call.
- Enable the flag contactTransparencyForIsFocusMediaTag on both TGs.
- Make a SUBSCRIBE-NOTIFY call flow.
| Issue 1: The code is modified to check if the service bit is not set (for the response) and check if the contact header has the isfocus parameter, if the parameter is present, set: SIP_SERVICE_TYPE_CONTACT_TRANSPARENCY_ FOR_ISFOCUS_PARAM for a single contact scenario. Issue 2: The code is modified to add the record route for notify and its response if isfocus parameter is present. Workaround: None |
SBX-103988 | SBX-104547 | 2 | Portfix SBX-103988: The ICE not working after upgrade to V08.02.03A950. Impact: When a call with ICE changes from direct media to passthrough, ICE learning does not get enabled on the call. Root Cause: The code was not re-enabling the ICE FSM to start ICE learning when changing from direct media to passthrough. Steps to Replicate: Test 1 -------- - Establish a call with ICE on ingress and xdmi on egress.
- Send re-invite from egress without xdmi and complete the re-invite related signaling.
- Send stuns to ingress media to complete ICE learning and verify call state changes to established and media can be exchanged between ingress and egress.
| The code is modified to re-enable the ICE FSM when changing from direct media to passthrough to allow the receipt and processing of stun messages to complete ICE learning. Workaround: None. |
SBX-103496 | SBX-103806 | 2 | The MGT0 cannot reach the GW. Impact: The mgt0 interface appears to be inactive. The user cannot ping the gateway from the SBC 5400. The ethtool -S mgt0 shows the tx_pause count rising rapidly. Root Cause: This problem is specific to the SBX 5400 fix. The SBC 5400 has a backpressure mechanism for management ports so that when the receive buffer exceeds a certain level, Design sends pause packets out to the interface to ask the switch/router to pause transmission momentarily. The receive buffer count is incremented by a hardware module and decremented by software. The notification was sent from Network Processor to application about sRTP Rollover Counter (ROC) reset is specifying the wrong interface so software decrements the wrong receive buffer count. This causes the receive buffer count to wrap around, resulting in a high value. This triggers the back-pressure mechanism and Design continuously send out pause packets. Steps to Replicate: - Set up a pass-thru SRTP call.
- The call should be a long duration call so that the Rollover Counter (ROC) in the sRTP packet becomes non-zero.
- Modify the call so that the sRTP packet's the SSRC changes.
Update: - Do a long duration sRTP call (about 30 minutes.)
- Hold the call.
- Unhold the call.
- As a result, this causes an SSRC change and triggers the problem.
| Set the correct interface information in the notification to address the issue. Workaround: Please contact Ribbon support for a script that will restore contact to the management interface. |
SBX-103922 | SBX-104649 | 2 | Portfix SBX-103922: There was a PRS Process coredump on an active/A node in the middle of an upgrade. Impact: The PRS Process cored during the LSWU while syncing ICE call data.
Root Cause: The ICE redundancy code is taking a long time to sync the call data with the standby during LSWU, causing a Healthcheck timeout and a core dump.
Steps to Replicate: The issue cannot be reproduced easily.
| The code is modified so the ICE syncs the call data to standby and addresses the issue. Workaround: None. |
| 2 | PortFix SBX-104704: Duplicate the audio entries in the route PSP. Impact: The duplicate codec entry is being sent in the policy response. Root Cause: The function popPSPCodecEntryHlp that populates the codec entry was called twice, and as a result the codec entry was getting populated twice in the TLV. Steps to Replicate: Add more then 4 codec entries in the ingress PSP and egress PSP. This will cause the issue to be reproduced. | The code is modified so that the duplicate codec entry is not passed on the d+ response. Workaround: None. |
| 2 | PortFix SBX-101575: There was an offline upgrade failure from 8.2.1 to 8.2.2 Impact: An offline upgrade on a HA setup failed for the upgrade from 8.2.1 to 8.2.2. Root Cause: An offline upgrade failed due to presence of a model update marker files that should not get created in case of offline upgrades. Steps to Replicate: Perform an offline upgrade on a HA setup to the fix build and ensure upgrade is successful. | The code is modified to ensure nodeB is powered-off/shutdown (instead of the sbxstop) while upgrading a nodeA. This ensures that the model update related markers files do not get created. Workaround: None. |
| 2 | PortFix SBX-104668: The SNMP PM collection is not working for newly added KPIs. Impact: SNMP stats collection at EMS for G711_WITHOUT_XCODE_RES_PEAK_COUNT and G711_WITHOUT_XCODE_RES_AVG_COUNT of DspResDspUsageIntervalStats failed. Root Cause: Some of the KPI stats fields are made obsolete as they are no longer supported. Due to this change EMS is not able to collect the stats through SNMP. Steps to Replicate: Verify EMS SNMP walk should not fail when queried to the SBC. - Bring up SBC.
- Register SBC to EMS.
- Enable the sonusDspResDspUsageIntervalStatistics.
Expected Result: The EMS fetches stats from the SBC.
| The code is modified so the EMS is able to collect stats using SNMP. Workaround: None. |
| 2 | PortFix SBX-103175: The large microflow profile was not getting enabled in the Custom Traffic Profile. Impact: There are multiple issues: - For a default profile, max subs was always set to 256K.
- For the custom and standard traffic profiles, the micro flow count in the NP resource was not proper.
- Limited support of the 2M micro flows for standard profiles.
Root Cause: - The large micro flow support was not there for the custom traffic profiles.
- For standard and default traffic profiles, there was restricted/incomplete support of large micro flow that is made generic as part of this issue.
Steps to Replicate: - Create an instance with 10GB memory and 16vpcu with the default traffic profile.Check microflow limits using "/opt/sonus/bin/cpsi -d summary" command.
- Increase the memory to 50GB memory and check the microflow limits using "/opt/sonus/bin/cpsi -d summary" command.
- Create a instance with 20GB memory and 16vpcu. Create and activate a custom traffic profile with access enabled in call mix. Check microflow limits using "/opt/sonus/bin/cpsi -d summary" command.
| The code is modified to: - Introduce a new estimation parameter maxSubs based on the micro flow count is decided and the NP hugepages are reserved.
- Enable the large micro flow support for all the standard/default profiles where mem > 48GB and vcpu_count >10.
Workaround: No workaround available. Need to use the build after the fix. |
| 2 | PortFix SBX-104347: The resource mem congestion level 3 is approaching threshold 90 sample 82. Impact: The SIPCM is leaking a structure that is associated with the SIPMM functionality. Root Cause: The code to free this memory under certain error/edge scenarios is missing. Steps to Replicate: Since the exact call flow is not know that caused the customer to hit the error condition, no test steps can be used. | The code is modified to free the SIPMM related structure in error scenarios. Workaround: Since the exact call flow is not know that caused the customer to hit the error condition, we cannot suggest a workaround. |
SBX-102707 | SBX-104911
| 2 | PortFix SBX-102707: The network interfaces are not renamed as expected after an upgrade from 820R2 to 821R0. Impact: Network interfaces are not properly mapped when the system is abruptly brought down after the first boot and rebooted. Root Cause: Cloud-init service runs in parallel to sonusudev service and can cause issues with the network interface mapping as it tries to rename the interfaces. Steps to Replicate: Reboot the system after sonusudev is run on first bootup. | The code is modified to start only after the sonusudev has run and mapped the interfaces properly. Workaround: Reboot the instance again to recover from the issue. |
SBX-99208 | SBX-102666 | 2 | PortFix SBX-99208: The SBC has the same issue as SBX-86420, this time for an outgoing REGISTER messages. Impact: When the TLS port is not sent from the PSX, the SBC is not sending the DNS SRV query to the DNS server. Root Cause: The root cause was the SBC just increments the port number by 1 sent by the PSX even if peer port was Zero. Steps to Replicate: - Configure the SBC and PSX to send a register and subscribe SIP request to relay.
- Configure the serve FQDN and zero for the FQDN port.
- Send a register/subscribe request.
- The SBC should send SRV query to the DNS server.
| If port number sent by PSX is zero then do not increment it by +1 by default for selecting TLS port to address the issue. Workaround: None. |
SBX-103561 | SBX-103793
| 2 | PortFix SBX-103561: The "tgrp" parameter are not passing transparently when the SIP in the core is enabled. Impact: The SipCore calls is passing the wrong TGRP parameter value. Root Cause: There was missing logic to support the SipCore. Steps to Replicate: Configure the SipCore feature. Both the IPSP core and egress leg have "originating Trunk Group Options" set to "Include Tgrp with IP address" Make a SipCore call. | The code is modified to support the SipCore feature. Workaround: None. |
SBX-103852 | SBX-103978
| 2 | PortFix SBX-103852: The SBC sent an unnecessary 481 for PRACK when the CANCEL is received. Impact: The SBC sends unnecessary 481 for PRACK when received CANCEL. Root Cause: The issue was introduced by intercept feature (SIP_EVENT_PRACK_INTERCEPT_RCVD). When the SBC received PRACK, it save the message into the server list. Later the CANCEL arrives, UasCancelRequestCmd, the UAS found the message in server list, and thought PRACK is not completed therefore it try to send 481. Steps to Replicate: A calls B, B response 180 and send 180 to A with PRACK required. After 32 seconds A sends a CANCEL, the SBC sends an unnecessary 481 PRACK. | Once the 200OK for PRACK has send out, the SIPS deletes the PRACK message in the server list to address the issue. Workaround: Enable the e2e PRACK if the egress also supports PRACK. |
SBX-96788 | SBX-103979
| 2 | PortFix SBX-96788: The DTMF 2833 PT change (in offer) has incorrect OA SBX handling (wrong answer PT). Impact: When the peer offer with new PT, the SBC is unable to process and respond to the previous one. Root Cause: There was a logical error that checking the wrong field to detect PT change. Steps to Replicate: A call B and connect with "0 100". An INVITE with an offer new PT "0 101". The SBC responds with "0 100". | The code is modified to check the correct field for PT change. Workaround: None. |
SBX-105428 | SBX-105440
| 2 | PortFix SBX-105428: Error when attempting to delete negative cache record upon a probe response. Impact: The DNS query was not out sent from the SBC if a call is made immediately after the DNS server is recovered from a blacklist. Root Cause: Due to record is in the negative cache entry from earlier DNS dummy query, the SBC was not sending a query. Steps to Replicate: - Configure the SBC with a basic call and also configure the DNS group.
- Ensure that DNS server does not respond to the DNS query or stop DNS server.
- Now make call and SBC query for DNS server for resolving FQDN, but DNS server is down and there no response from DNS server.
- After retransmission's timeout value. DNS server will be blacklisted.
- Now the SBC keep probing DNS server.
- Bring the DNS server up.
- The SBC receives probe response, DNS server is removed from Blacklist.
- Immediately make SIP call.
Expected Result: - The SBC selects a DNS query.
| As soon as the DNS server is removed from blacklist entry, those records involved with the DNS Dummy query is removed from the negative cache and resolves the issue. Workaround: None. |
SBX-105010 | SBX-105155
| 2 | PortFix SBX-105010: Observed a congestion for the G711 to G711 transcode calls even before the CPU resource limit is exhausted. Impact: The G711-G711 transcoded capacity test shows a lower capacity. (Test is Pump make and break g711 to g711 transcode calls on one of the active instances with 50cps, 90 CHT and 4500 calls). Root Cause: The root cause is an incorrectly built libfmtd.a that was built with a debug option and makes the FMTD module take more cycles. This bug was addressed originally in SBX-104122. Steps to Replicate: Perform a test indicated in SBX-105010. | The code is modified to remove the -g flag and using -O3 flag for compilation (Port of SBX-104122). Workaround: None. |
SBX-105072 | SBX-105150
| 2 | PortFix SBX-105072: Password padding with random characters by the SBC causes the RADIUS server to reject the password. Impact: The radius password sent to the server has no zero characters at the end following the password and a NULL. Root Cause: The radius passwords are padded to 16 characters. The existing implementation did not set those padded characters to 0. Steps to Replicate: - Configure a radius authentication server.
- Use a password that is less than 15 characters long for the external radius user.
- Set the externalAuthententication to true.
- Run a tshark session.
- Login to the CLI.
- Stop the tshark.
- View the radius password element in wireshark after configuring the shared secret in wireshark under protocol preferences.
| The padded characters are now set to 0 to address the issue. Workaround: Use 15 or 16 character passwords. |
SBX-66831 | SBX-103723
| 2 | PortFix SBX-66831: Need to update/add proper warning message when deleting the ipInterface. Impact: The warning message does not display in the cloud SBC when deleting the IP interface, but there is no problem with functionality. Root Cause: This is working fine in the hardware SBC. We have the problem in the cloud SBC because when displaying the warning message, we checked few values if that values are matching. Then, show the warning popup but in case the cloud SBC values index are different and check is failing because of that, we are unable to show the warning popup when we delete IP Interface. Steps to Replicate: - Login to EMA.
- Go to All -> Address Context ->IP Interface Group -> IP Interface.
- Click on New IP Interface button.
- Fill the correct info in text field, select state as enable, Mode as In Service and click on save button.
- The creation should be successful.
- Select the same entry from IP interface list section and click on delete button.
- We should be able to see warning popup like "'addressContext PPP_AC ipInterfaceGroup PPP_IG ipInterface': Deleting ipInterface while in dryUp action can
cause problems with calls on the ipInterface. Use force action to clear existing calls on the ipInterface before deleting. Do you wish to continue?"
| The code is modified to handle the Cloud SBC scenario. Workaround: None. |
SBX-100286 | SBX-103102
| 2 | PortFix SBX-100286 to 9.2: The trace file containing SIP Rec PDU was not imported in Ribbon Protect properly. Impact: When a level 4 call trace is active, if a SIP PDU is too large to fit on a single trace line, it is split over multiple lines. However, the Ribbon Protect only reads the first line - there is no way for it to know subsequent lines are continuation lines. Root Cause: Design issue. Steps to Replicate: - Enable level 4 call trace.
- Send a SIP PDU to be traced towards the SBC of total size 2000 bytes.
| The code is modified to put the same header onto each level 4 trace line. Include in the header two new fields, the MSG ID and PART to allow Ribbon Protect to recombine multiple trace lines to recover the original message. The equivalent Jira VIGIL-17137 is required for Ribbon Protect compatibility. Workaround: None. |
SBX-100590 | SBX-104867
| 2 | PortFix SBX-100590: The wrong "Egress Zone Name" in ATTEMPT CDR for a GW-GW call. Impact: For a call with multiple routes that include one or more local routes followed by routes on another gateway (for GW-GW) scenario, if the local routes fail and then other gateway route is selected, the resulting ingress gateway CDR for the call has incorrect egress zone name and ID. Root Cause: When there are multiple routes, when a route fails the call cranks back to use the next route. When selecting the next route the code is not clearing the internal CDR information for the egress zone. So if the next route selected is on another gateway, the CDR information retains the egress zone information from the previous attempt rather than being blank. Steps to Replicate: - With the SBC GW-GW setup create two routes for a call such that:
- route 1 is routed through local egress trunk group on SBC1. - route 2 is routed through egress trunk group on SBC2. - Set crankback profile to enable attemptRecordGeneration and add reason 41 (503 is mapped to 41 in default SIP to CPC mapping profile). - Send a valid INVITE to the SBC1 ingress that will first select route1 and route out through the egress trunk group on the SBC1. From the egress endpoint reject that call attempt with a 503 Service Unavailable.
- The call will crank back and re-route using route2 through the SBC2 egress trunk group. From the egress endpoint reject that call attempt with a 503 Service Unavailable.
- Check there are two Attempt CDR records for the call on SBC1.
- ATTEMPT1 - should have the "Egress Zone Name" and "Egress Zone ID" fields populated correctly with zone information for zone of SBC1 egress.
- ATTEMPT2 - should have the "Egress Zone Name" empty and "Egress Zone ID" as 0 because this is an attempt for GW-GW route.
| The code is modified to clear the internal CDR information for the egress zone when one route fails and the next route is selected. Workaround: None. |
SBX-74991 | SBX-104980
| 2 | PortFix SBX-74991: Saving changes to a SMM profile after doing an edit/update operation is taking long time[8 to 16 minutes]. Impact: The SIP Adaptor Profile with 250+ rules takes lot of time to create a profile including the update as well. Root Cause: When the SIP Adapter Profile with more than one rule is created, each rule is committed individually. However, after each commit EMA internally retrieves all the SIP Adapter Profiles along with their rules, though this is not required it is causing slowness of both create and update operation. Steps to Replicate: - Login to EMA.
- Navigate to Sip Adapter Profile Screen.
- Create a profile with 200+ Rules.
- Click on Save button.
| The code is modified to prevent retrieval of sip adapter profiles after each commit Workaround: The only workaround is to create the profile from the CLI. |
SBX-101769 | SBX-104912
| 2 | PortFix SBX-101769: The SBC sends the wrong SDP in 200 OK for UPDATE received from the Ingress during tone play(LRBT). Impact: The SBC responds with wrong codec in the answer to UPDATE received on ingress/calling side while local ring back tone is playing. As a result, the UPDATE is being used to change the codec on ingress. In this case, the SBC continues to play the RBT using the previously agreed codec. Root Cause: There was a logical error in the code that was picking the currently active packet service profile to answer instead of honoring the modify.
Steps to Replicate: Configuration: - Configure SBC to make a Basic A-B call.
- Configure PSX with G711 and G729 in codecEntry and this Leg/other Leg configuration.
- Configure LRBT, and attach to Ingress TG.
Procedure:
- Send an INVITE from UAC with G711.
- Send an 180 from UAS, with no SDP.
- Send an UPDATE from UAC, with G729.
- Receive the 200 OK from INVITE from UAS.
| The code is modified to address this issue. Workaround: None. |
| 2 | PortFix SBX-103771: There are special characterss in DN hinders EMA display. Impact: The EMA does not display route with destination national containing special characters. Root Cause: The support for special characters was not available in EMA. Steps to Replicate: - In the SBC 7.2.4 R0, create a Route with Destination National containing special characters.
- Upgrade to 8.2.4 R0.
- After the upgrade, the EMA should display the route.
| The code is modified to support special characters in the EMA. Workaround: The CLI can be used to view route details. |
SBX-104247 | SBX-104644
| 2 | PortFix SBX-104247: The resource memory congestion level 3 is approaching the threshold 90 sample 81. Impact: There was a SAM Process is leaking memory when AKA is being used. Root Cause: There was a SAM Process is leaking an AKA related structure when the code is handling an error case scenario. Steps to Replicate: The issue cannot be reproduced. | The code is modified to correctly free the AKA structure in all scenario. Workaround: There is no known workaround. |
SBX-93898 | SBX-104516
| 2 | PortFix SBX-93898: The "request sbx xrm debug command sec -stat gcid <gcid>" was not showing ENC and DEC details on the SBC SWe. Impact: This debug command in unhide section is not showing all the required fields populated in the SWe SBC. Root Cause: NP response is not framed in expected order to application layer. Steps to Replicate: Run the SRTP call and issue this debug command for internal use. | The code is modified so the NP Response is correctly framed in expected order to application layer. Workaround: This debug command is to see SSN field value with the RoC, all other details can be seen from show call mediastatus. |
SBX-103599 | SBX-103893
| 2 | PortFix SBX-103599; The SBC is sending multiple re-INVITEs to the ingress and egress leg during a 200OK of INVITE answered with Dialog-1. Impact: The SBC is sending multiple re-INVITEs to the ingress and egress side if the first forked leg is answering with a 200 OK. Root Cause: When the 200 OK is coming without SDP, we were taking last received SDP and that precondition attributes to further processing. Steps to Replicate: Precondition Transparency is set on both the Ingress and Egress Steps: UAC sends INVITE with Supported: precondition and SDP with precondition attributes. First forked UAS sends 183 with SDP with preconditions. Second forked UAS sends 183 with SDP with preconditions.
First forked leg send 200 OK without SDP.
Expected Behaviour: - The SBC transparently passes precondition attributes in SDP.
- The SBC gets first forked 183 with SDP with preconditions.
- The SBC forwards the 183 to ingress with preconditions.
- The SBC sends an UPDATE to ingress and egress to complete precondition state.
- The SBC forward second the 183 to ingress with preconditions.
- The SBC sends an UPDATE to ingress and egress to complete precondition state.
- The SBC forwards 200 OK and get ACK.
- The SBC completes reINVITE-200-ACK towards egress.
| The code is modified to address the issue. Workaround: None. |
CHOR-6320 | SBX-105286 | 2 | PortFix CHOR-6320: The UxPAD coredump observed on the media container while pumping 2X overload of G711U to G711U DSP (media transcoding disabled) call load. Impact: The SWe_UXPAD crash was seen during an overload transcode test in a 2 vcpu SWe deployment in the public cloud. Root Cause: Potential corruption in the packet buffers due to issues related to concurrency specifically in the 2 vcpu transcode overload scenarios. Steps to Replicate: - Configure a 2 vcpu instance.
- Run 700 G711-G711 transcode sessions for overnight/long duration.
- Check if there is any UXPAD/NP crash seen.
| The code is modified to fix concurrency issues in transcode call scenarios in the 2 vcpu SWe deployments. Workaround: No workaround apart from avoiding overload scenarios for transcoded calls. |
SBX-105182 | SBX-105414
| 2 | PortFix SBX-105182: After the SBC receives RCODE = 2 from the DNS server, the SBC makes a strange query request to the DNS and subsequent new calls are rejected. Impact: When RCODE error received for the DNS query and no other servers were available, the record was never being deleted from cache and this remained as a RECORD in "RESOLVING STATE" that impacted further queries with this domain and resulted in call failures. Root Cause: This particular test scenario's was not covered during the testing feature. Steps to Replicate: - Setup with EDNS supported and DNS fall back disabled.
- The single DNS server configured for the DNS Group.
- The DNS Server configured to return RCODE Error 2 for SRV Query.
- Setup a call that trigger NAPTR, SRV and A Query and the DNS Server responds with RCODE 2 for SVR.
- Modify the DNS Server to return successful RCODE for SRV.
- Make another call for the same domain. The call fails because the SRV record is in "RESOLVING STATE" in the cache.
| The code is modified to delete cache entry (which is in "RESOLVING STATE") when the RCODE error is received. Workaround: NA |
SBX-103255
| 2 | Enhance the sbxPerf on the SBC for lesser resource consumption. Impact: The SBC performance monitoring tools like top and top2 at times take 20% of a CPU core there by reducing total available CPU resources for management activities on the SBC. Root Cause: The sbxPerf that contains list of tools such as top, mpstat, and iostat currently runs periodically without any linux value configured. This can cause these processes to get prioritized and scheduled ahead of other management processes such as ConfD and SSH. Steps to Replicate: Install fix build and ensure processes such as top, top2, mpstat sbxPerf are running with corrects value of 15 using the top command. | The code is modified so that priority of these processes are less compared to other management processes on the SBC. Workaround: None. |
SBX-74155
| 2 | The ACL rule is missing on the SBC in LD triggered switch-overs and link recovered after. Impact: When an IPACL rule is created that references an IP interface, but that IP interface has been down since the system started up, the rule is not successfully created. Root Cause: When an IP interface is failed on system startup, the system does not add that interface to the kernel. When an IPACL rule is added that references that IP interface, it fails to be added to the NP. Steps to Replicate: Start an SBC with an IP interface failed, that also has one or more IPACL rules that have been configured that reference that IP interface. Bring up the IP interface and logs will show the IPACL rules have been successfully added. | The code is modified to detect this situation and maintain a retry list. Once the IP interface comes up, it will retry the associated IPACL rules that were previously failed. Workaround: This issue can be worked around by having IPACL rules that do not reference the IP interface. |
SBX-90854
| 2 | There was a customer call forwarding MRF interaction failure on the receipt of an UPDATE. Impact: The SBC sends INVITE towards MRF upon receiving UPDATE from Egress End Point Root Cause: In some situations when there is delay in incoming PRACK request (In this situation PRACK from Ingress Endpoint), some internal logic of the SBC queues the SDP on ingress leg and let's SBC answer to egress, thereby unblocking the egress peer which can send a new offer using SIP UPDATE.
This causes the SBC to send INVITE towards MRF, even before sending an UPDATE out towards the Ingress. Steps to Replicate: Configure the PSPs accordingly: - UAC sends Invite with AMR-WB, AMR, telephone-event.
- UAS sends 183 with SDP with AMR-WB with 100rel.
- UAC sends PRACK/200 OK.
- UAS sends 180 without SDP without 100 rel.
- PRACK for 180 is pending on Ingress.
- UAS sends UPDATE with PCMU, telephone-event.
Expected Results: ==============
- Upon receiving an UPDATE with PCMU, the SBC will not auto answer towards UAS.
- The SBC will wait for PRACK to be received from UAC, then will relay UPDATE towards UAC.
- Based on answer in 200 OK (Update) from UAC, the SBC will send INVITE towards MRF for reserving transcoding resources.
| The code is modified to ensure that SBC does not auto answer to egress. Workaround: None. |
SBX-91111
| 2 | The No Way Video after A/V calls is resumed after hold. Impact: No way video after audio video call is resumed using late media re-INVITE. Root Cause: The SBC does not send "sendrecv" in 200 OK to late media re-INVITE, instead sends the same datapath mode that was negotiated last - that is - inactive. Steps to Replicate: Setup an audio and video call. Put the call on hold by sending a=inactive in audio and video SDP. Then, send a late media re-INVITE to take the call off-hold. The idea is that the SBC will send SendRecv for audio and video in 200 OK and let the remote end choose if it wants to remain in hold or come out. | The code is modified to send sendrecv in other streams too when call is being "may be" resumed after hold. Workaround: Do not use late media re-INVITE to come out of hold. |
SBX-92066
| 2 | Observed a PRS process core dump "systemerror healthcheck timeout" Impact: A PRS coredump was found due to healthcheck timeout upon executing a CLI debug command Root Cause: The CLI debug command was taking a long time due to too many ACL entries resulting in a health check timeout. Steps to Replicate: - Add more than 1000 ACL entries
- Execute below debug command:
Run CLI debug command "request sbx xrm debug command acl\ -stat"
NOTE: The debug commands are not available on customer sites.
| The code is modified to process only 200 ACL entries to allow CLI to recover sooner. Workaround: As we do not run debug commands on customer sites, this error should not occur. |
SBX-98843
| 2 | There was a problem with management of the maxptime and ptime in the Direct Media mode. Impact: There was a problem with management of maxptime and ptime in the Direct Media mode. Root Cause: Generally, the SBC ignores the ptime value if only maxptime attribute is present in incoming SDP, If "sendPtimeInSdp" IPSP flag is enabled and peer is sending both ptime and maxptime, SBC is preferring maxptime value while sending ptime, The existing IPSP flag "sendPtimeInSdp" makes the SBC to send out a=ptime irrespective of what we receive from the peer. Steps to Replicate: - Do a basic call from A to B.
- A sends ptime=20 and maxptime=40 towards the SBC.
- An INVITE going out from the SBC should contain ptime=20 as we enabled both "sendPtimeInSdp" IPSP flag and "preferPtimeInSdp" TG flag.
| A new flag "preferPtimeInSdp" is introduced under SBC CLI Trunk Group signaling. If this new flag "preferPtimeInSdp" is enabled, the SBC prefers ptime value received in a=ptime over a=maxptime in incoming SDP. This new flag "preferPtimeInSdp" needs be enabled in conjunction with existing flag "sendPtimeInSdp". If the SBC is configured to send a=ptime, then preferPtimeInSdp should be enabled on the incoming trunk and vice versa. Workaround: None. |
SBX-103704
| 2 | The RTP sourceAddressFiltering is not working (call leg dependency). Impact: The source address validation is not done if call flow does not involve NAPT learning. For calls that want source address validation but does not have NAPT enabled, the SBC would not validate the source address and end up forwarding the RTP packet to the other endpoint. Root Cause: There is no way for application to inform Network Processor to validate source if NAPT learning is not enabled. Steps to Replicate: Involves a CISCO MOH server but probably something else can be used. | The code is modified to validate source even when NAPT learning is not enabled to address the issue. Workaround: Enable NAPT learning for the call. |
SBX-102827
| 2 | The SBC5210 upgrade failure during Starting DB_RESTORE stage. Impact: An upgrade failure during Starting DB_RESTORE stage. Root Cause: Creation of foreign key fails on table packet_service_profile column CODEC_ENTRY_FK9, as it had "0" in one of its rows and dbimpl.codec_entry table did not have this value. Steps to Replicate: Upgrade a dump that has "0" in packet_service_profile.CODEC_ENTRY_FK9, it should be successful. | Before add the referential keys, the data is checked and ant value that is not there in parent table is nullified to address the issue. Workaround: None. |
SBX-103669
| 2 | Empty "Egress Local Signaling IP Addr" field in the CDR Impact: When an incoming call is routed out of the SBC but is then rejected by the SBC with cause 132 Module failure before a backwards response message has been received, the resulting attempt CDR has an empty "Egress Local Signaling IP Addr" field. Root Cause: The SBC currently populates the "Egress Local Signaling IP Addr" CDR field when it processes a backwards response message for the call, and as a result the field remains empty until a backwards response message is received and processed. Steps to Replicate: - Initiate a call by sending a valid INVITE to the SBC ingress TG to route towards the egress TG.
- Once the INVITE is sent to egress by SBC, put the signaling port to egress out of service.
- The SBC will clear the call by sending a 503 message towards egress. The resulting attemptCDR should have valid address in "Egress Local Signaling IP Addr" field.
| The code is modified to populate the "Egress Local Signaling IP Addr" CDR field on sending out the egress INVITE message. Workaround: None. |
SBX-104705
| 2 | There was a memory leak on the glusterfsd. Impact: The OAM application cores. Root Cause: Memory leak is observed for the glusterfsd process, that is the brick process. The use of the "gluster volume heal info" function causes the process memory usage to increase and not go down afterward. Steps to Replicate: Ensure both Active and Standby OAM are running. Monitor glusterfsd memory usage on both nodes. | Use the "gluster volume heal statistics heal-count" command to determine the gluster bricks heal state to address the issue. Workaround: Reboot the OAM node. |
SBX-103593
| 2 | The SBC is ignoring Use Max Bitrate Only flag. Impact: The SBC is ignoring Use Max Bitrate Only flag. Root Cause: During Re-Invite answer processing, NrmaAdjustPeerT38MaxBitRate() routine is doing T38MaxBitRate adjustment based on packet size that is changing T38MaxBitRate value from 14400 to 4800. Steps to Replicate: Call Flow: - Do a basic call between UAC and UAS.
- The UAS sends fax re-invite to UAC with T38MaxBitrate set to 14400.
- The SBC sends Invite out with T38MaxBitrate set to 14400.
- The UAC answers with T38MaxBitrate set to 14400 in 200OK.
- The SBC sends out 200ok with T38MaxBitrate set to 4800.
Actual Result:
------UAS(Re-Invite) ---------------------------> SBC --------------------------> UAC T38MaxBitRate:14400 T38MaxBitRate:14400 -----UAC(200ok for Re-Invite) --------------> SBC ---------------------------> UAS T38MaxBitRate:14400 T38MaxBitRate:4800
Expected Result:
------UAS(Re-Invite) ---------------------------> SBC --------------------------> UAC T38MaxBitRate:14400 T38MaxBitRate:14400 -----UAC(200ok for Re-Invite) --------------> SBC ---------------------------> UAS T38MaxBitRate:14400 T38MaxBitRate:14400
| The code is modified to relay the T38MaxBitRate in SDP, which is received from peer for Direct Media calls. Workaround: None. |
SBX-104560
| 2 | The redirection NOA set wrong in the CDR. Impact: The "Redirecting Orig Cd Num - NOA" subfield of "Redirection Feature Spec Data" is not set correctly in CDR record if the the Redirecting Original Called Number - NOA value has been modified by PSX. Root Cause: The existing code was not updating the value for the CDR record based on route specific information returned from the PSX. Steps to Replicate: Test Setup ======== - Test requires call routing through the PSX.
Routing on PSX, setup to route incoming call through routing label with two routes: - route 1, through local egress trunk group 1 on SBC to UE2. - route 2, through local egress trunk group 2 on SBC to UE3. - On egress trunk group 1 only, associate a DM/PM rule to change the "Number Type" to International for "redirecting Original Called Number".
- Set the crankback profile to enable attemptRecordGeneration and add reason 41 (503 is mapped to 41 in default SIP to CPC mapping profile)
set profiles callRouting crankbackProfile default attemptRecordGeneration enabled reason 41
Test Procedure ============ - Send INVITE to the SBC ingress, INVITE should include a diversion header e.g.
Diversion: <sip:+4969667740185@xxx.xxx.xxx.xxx>;privacy=off;screen=no;reason=unknown;counter=1 - Call is routed using route 1, respond from first egress with 503 Service Unavailable
- Call is re-routed using route 2, respond from second egress with 503 Service Unavailable
- Check the CDR records for call on the SBC that should have two attempt records -
- ATTEMPT1 - should have "Redirection Feature Spec Data" that has subfield 22 "Redirecting Orig Cd Num - NOA" as 3 (Unique International Number), because the number was updated by PSX to international.
- ATTEMPT2 - should have "Redirection Feature Spec Data" that has subfield 22 "Redirecting Orig Cd Num - NOA" as 2 (Unique National Number), because the number was not updated by PSX
| The code is modified to populate the CDR value from the route specific data returned from PSX. Workaround: None. |
SBX-103986
| 2 | There was an incorrect RTP time stamp in the SBC packet capture. Impact: After an SBC upgrade to V09.01.00R001, RTP/RTCP time stamp in the SBC packet capture shows the year 2036. Root Cause: Present logic was not considering the edge cases while checking the last modification time of the NTP log. Steps to Replicate: - Configure a remote syslog server:
set oam eventLog platformRsyslog linuxLogs ntpLog enabled set oam eventLog platformRsyslog servers server1 port 10514 protocolType udp remoteHost <remote host ip> com set oam eventLog platformRsyslog syslogState enabled com - Create a second dummy NTP server (just to trigger some logs to be written to ntp.log):
set system ntp serverAdmin 1.2.3.4 com - Delete the dummy NTP server:
del system ntp serverAdmin 1.2.3.4 com - Wait at least several seconds.
- Repeat steps 2 and 3.
| The code is modified for the edge case of NTP log last modification time. Workaround: None. |
SBX-94798
| 3 | The MS Teams with FLRBT enabled hangs the call. Impact: When the Force Local Ringback Tone is applied on a call that has been through SIP replace followed by SIP refer procedure, and the final trunk group has downstream forking enabled. The final 200 OK response may be queued indefinitely, meaning the call does not get completed. Root Cause: Interactions between Force Local Ringback Tone, multi-party and downstream forking. Steps to Replicate: - Make a SIP to SIP call.
- A calls B.
- B' replaces B.
- B' refers to C.
- The trunk for A has Force Local Ringback Tone applied.
- The trunk for C has downstream forking enabled.
- C responds with 180 with no SDP, 183 with SDP, then 200 OK.
| The code is modified to prevent the queuing. Workaround: None. |
SBX-99306
| 3 | The SIPCM (SAM) deadlock reported on SNMP request. Impact: The SAM Process cores when getTlsStatus command is executed. Root Cause: The issue is because when fetching the TLS Status, we were trying to access sessData that was no longer valid. Steps to Replicate: Execute getTlsStatus command when running TLS load. SAM process cores randomly. | The code is modified to fetch the status from socketPtr instead of sessData. Workaround: None. |
SBX-100086
| 3 | The sbxAutoBackup.sh changes for AWS SWE. Impact: The Cloud SBC uses default system name 'vsbcSystem' when creating system backups, making it difficult to distinguish between setups. Root Cause: The Cloud SBC configuration file backup logic uses the system name to create the back up file instead of the specific name. Steps to Replicate: Run /opt/sonus/sbx/scripts/sbxAutoBackup.sh on the SBC running in a cloud (e.g. AWS) that has SystemName configured too something specific in user-data. | Use the actual system name (configured in user-data) in the configuration backup filename to address the issue. Workaround: None. |
SBX-91016 | 3 | Unable to see the signaling messages on the PKT log file. Impact: The Packet capture does not work properly for pkt ports. Root Cause: The version of libpcap0.8 library in Debian9 had a defect that resulted in the capture not working. Steps to Replicate: - Login to the SBC and run a basic call configuration.
- Create a signaling packet capture filter: set global callTrace signalingPacketCapture state enable devices pkt0 0.
- Run the SIPP calls.
Expected Results: - The SBC should capture all the signaling messages on the pkt0 port in a PKT file under the gsxlog directory.
| Update the libpcap0.8 to a newer version to address the issue. Workaround: None. |
SBX-74709
| 3 | The SBC REST API. pam phase authorization failed to login through a PAM: timeout Impact: Too many requests on the REST API interface causes 401 error. Root Cause: Issue with third party tool ConfD that is used for configuration management. Steps to Replicate: - Send REST API requests for long duration.
- Open some CLI session for some time to cause max session limit.
- REST APIs start failing with 401 error due to session limit, as expected.
- Close the CLI sessions.
- REST APIs keep failing, even after keeping CLI sessions under max limit.
| The code is modified to fix the issue. Workaround: None. |
SBX-101408
| 3 | The SIPREC was not working. No request sent to recorder. Impact: Without this fix, SBC is generating INVITE towards the SIPREC SRS with bad format on SDP header line 'label'. The 'label' header is missing the CR in the CRLF line break. Root Cause: The code that formed the SDP header line "label" does not add CR character for CRLF line break. Steps to Replicate: Make a call that would match the configured SIPRec criteria and thus triggering a SIPRec session for the corresponding Communication Session. | The code is modified to add CR character for CRLF line break, for SDP header line "label" . Workaround: None. |
SBX-104324
| 3 | The reenableOsAccount silently sets an account expiration to 30 days. Impact: Using the reeanbleOsAccount will add account aging to any OS account. Root Cause: The logic does not take into account the state of OS account aging or if OS account aging should be applied (e.g. root). Steps to Replicate: Run with an OS account aging enabled: - Test root:
- ReeanbleOsAccount for user root.
- Check no aging has been applied at OS level: chage -l root.
- Test the Confd user:
- Create user through CLI.
- ReeanbleOsAccount for this CLI user.
- Check no aging has been applied at OS level: chage -l <CLIUser>.
- Test OS user with a password:
- Create OS user with a password.
- Disable and then Enable OS account aging state.
- ReeanbleOsAccount for this OS user.
- Check correct aging has been applied at OS level: chage -l <OSUser>.
| The code is modified in the OS account aging is enabled and is applied to the account. Workaround: None. |
SBX-97555
| 2 | The active OAM node for the Signaling SBC generates header-only ACT files and pushing it to the billing server, where the OAM node should be responsible for the configuration only. Impact: The active OAM node generates header-only ACT files and pushing it to billing server. Root Cause: The SBC does not check whether it is OAM node or Managed VM while generating ACT files. Steps to Replicate: Spawned a Nto1 OAM node, check whether .ACT files exist or not. Restart active Node, Check if any .ACT file gets created. Restart the current Active again (assigned role Standby) and check whether any .ACT file is present on OAM node or not. | Check whether VM is OAM before creating the ACT files to address the issue. Workaround: None. |
SBX-102501
| 2 | The SBC fails to relay embedded header in Contact of 3xx with statusCode3xx relay enabled Impact: The SBC fails to relay embedded header in Contact of 3xx with statusCode3xx relay enabled Root Cause: The code required to send the embedded part in contact of 3xx was not present Steps to Replicate: - Configure the SBC for A to B call.
- Enable the flag statusCode3xx on egress TG IPSP.
- Send an INVITE from UAC.
- Send 300 Multiple Choice from UAS with below Contact header that has embedded headers.
| The code is modified so the contact header transparency is set in the relay 3xx scenario that is now being changed to full contact header transparency and set the SIP_HEADER_URI_HEADERS so that the embedded contact header is transparently passed in the 3xx. A new header type is introduced that is set only in the relay 3xx case to send the entire contact header transparently. Workaround: None. |
SBX-102234
| 2 | The SubsystemAdmin filter affects calltrace (TRC) logging showed useless logs. Impact: After creating then deleting an entry in the oam eventLog subsystemAdmin, the original behaviour is not restored. INFO level events for that subsystem are no longer logged, even if the oam eventLog typeAdmin filterLevel is info. Root Cause: Deleting an entry in oam eventLog subsystemAdmin does not restore settings back to default. Steps to Replicate: - Create an entry for a subsystem in the oam eventLog subsystemAdmin table.
- Delete the entry.
| The code is modified to process to deleted the oam eventLog subsystemAdmin entry so that settings are put back to default values. Workaround: None. |
SBX-86090
| 2 | Our SIPREC implementation is prone to failure to record a stream and to tear down the SRS call leg when SRS (SIP Recording Server) sends a re-INVITE to SBC Impact: SIPREC handling had race conditions issues in the scenario where a RE-INVITE was received on the main call and also RE-INVITE was received from SRS server at the same time. This resulted in recording failure and the SBC sent out BYE towards SRS. Root Cause: This race condition of RE-INIVITE from the main call end point and SRS server simultaneously was not handled on the SBC. Steps to Replicate: - Make a SIPREC call.
- Send RE-INVITE with codec change/hold on main call (either from UAC or UAS) this triggers a RE-INVITE towards SRS.
- SRS also sends RE-INVITE at the same time when SBC receives 200 OK for main call RE-INVITE.
| The RE-INVITE triggered/sent towards SRS due to the main call RE-INVITE is queued in the situation where the SIPREC leg is in middle of processing the RE-INVITE that was received from the SRS. The queued RE-INVITE would be sent once the RE-INVITE transaction received from the SRS was completed. Workaround: The SRS can avoid sending immediate hold RE-INVITE if no media is observed on SIPRec leg. |
SBX-104093
| 2 | The EMA codec entry screen was not usable. Impact: The EMA codec entry screen was not usable. Root Cause: The method call place mismatched. Steps to Replicate: 1. Log into EMA. 2. Navigate to Profiles > Media > Codec Entry 3. See that the screen is working correctly. | The code is modified so the EMA codec entry screen is placed at the appropriate position. Workaround: None. |
SBX-74907
| 2 | A SIPREC Codec issue. Impact: Without this fix, the wrong codecs are negotiated with SRS when communication sessions is renegotiated. Root Cause: Because of wrong conditions in code, the codec information that is to be sent towards SRS is fetched from peer packet service profile rather than active service profile from the communication call leg. Steps to Replicate: 1. The SBC receives INVITE with G711A, G711U 2. Egress leg responds with A law and RTP stream is A law. 3. The SBC sends an INVITE to SIPRec server with G711A law and SIPRec servers responds with A law. 4. Egress leg sends re-INVITE and changes the order of codecs, G711U and G711A respectively. 5. The SBC relays the re-INVITE to ingress peer with G711U, G711A respectively and ingress peer responds with G711A. 6. The SBC was sending re-INVITE with G711U codec to SIPRec Server. With this fix, SBC now sends re-INVITE with G711A codec to SIPRec server. | The code is modified to fetch correct codec information from the communication session and the same is sent in recording session. Workaround: None |
SBX-102993
| 2 | The "numMatch notmatch" gets auto converted to "numMatch match" when SMM profile is modified/saved from GUI Impact: The "numMatch notmatch" gets auto converted to "numMatch match" when SMM profile is modified/saved from GUI Root Cause: The numMatch field was not there in the EMA. Steps to Replicate: - Navigate SipAdaptorProfile screen. (Profiles→Signalling→SipAdaptorProfile).
- Create profile with the selection numMatch field.
- Create profiles with all possible values.
- Here the numMatch field was newly added.
- Verify whether all field values are coming properly or not.
| The code is modified to address the issue. Workaround: None. |
SBX-103692
| 2 | The SWe application will not start: The memory mismatch after a AWS instance restart. Impact: The standby SBC shuts down if the memory product capability mismatches with the active SBC. Root Cause: The SBC checks for a minimum required memory with the memory allocated to peer and it should be either equal or greater than the peer SBC. Steps to Replicate: Launch the SBC HA pair on AWS to see if the memory allocated to the standby SBC is lower than an active SBC. | The code is modified to change the memory from 'Minimum required' to 'Informational' to not shut down the app in case of a mismatch and only raises a trap. Workaround: Try rebooting in case memory allocated to standby the SBC is lower than the active SBC. |
SBX-104552
| 2 | After a switchover, the MRFP does not send a Goodbye packet for the Text stream. Impact: When a call is using T140/TTY interworking, after a switchover RTCP bye is not sent toward the T140 stream endpoint. Root Cause: In a T140/TTY interworking, the resource for T140 stream is not mirrored properly to standby causing deactivating does not work after a switchover. Steps to Replicate: - Make call with T140/TTY interworking (for example, AMR-WB+T140 - PCMU).
- Once call is established, switchover.
- After a switchover was successful, end the call and see that RTCP bye is sent properly to T140 stream.
| The code is modified to mirror resource correctly for T140 stream in T140/TTY interworking. Workaround: None. |
SBX-104563
| 2 | The SBC is not updating the DNS servers order in DnsServerStatistics on deleting and creating a fresh DNS Group. Impact: The SBC was showing the incorrect DNS Servers Index in DnsServerStatistics command "show table addressContext default dnsGroup <dnsGroupName> dnsServerStatistics " when the DNS Servers were deleted and re-created in a different order with the same server IPs.
After creating 128 DNS Servers with different unique IPs are and then deleting some of them such that the total number of DNS Servers is less than 128, no new DNS servers created post the delete operations shall have the corresponding statistics information, even though the total number of servers is less than 128 on the system.
As an example, if on the SBC we create a DNS Server with IP1 and then delete it and then proceed on to repeat the create and delete operations with different IPs say IP2 to IP128, then from the IP128 onwards, no statistics shall be displayed, even though there is only one DNS Server on the system. Root Cause: The DNS Server Statistic blocks are not deleted when the DNS Servers are deleted and continues to remain hashed with the IP with that it was created. Steps to Replicate: - Configure the DNSGROUP.
- Add the 1st DNS server with IP1 to DNSGROUP.
- Add the 2nd DNS server with IP2 to DNSGROUP.
- Check the DnsServerStatistics.
show table addressContext default dnsGroup <dnsGroupName> dnsServerStatistics - Delete the DNSGROUP.
- Configure the DNSGROUP.
- Add the 1st DNS server with IP2 to DNSGROUP.
- Add the 2nd DNS server with IP1 to DNSGROUP with weight1.
- Check the DnsServerStatistics.
- The IP2 should have 3 as Index and IP1 should have 4 as index in dnsServerStatistics.
| The code is modified to delete the DNS Server Statistics block and remove it from the IP hash when the DNS Server is deleted. Workaround: None. |
SBX-103732
| 2 | The AddressSanitizer: heap-buffer-overflow on address 0x61d001429c18 at pc 0x556c876cf74c bp 0x7fb14f64fab0 sp 0x7fb14f64f260 READ of size 3488 at 0x61d001429c18 thread T21 in the SAM Process. Impact: In a D-SBC environment while processing the remote media data command message, the SAM process could read off the end of the received message. Reading off the end of the allocated message block could, in the worst case, result in a coredump. Root Cause: The SAM process was assuming that the size of the received message was larger than it actually was and this resulted in reading off the end of the received message buffer. In most cases, this does not cause a problem but in could potentially result in a coredump if the associated buffer is at the end of the addressable memory space. Steps to Replicate: Run the RFC4117 test case for audio transcoding and video relay. | The code is modified to not read off the end of the received memory block. Workaround: None. |
SBX-102175
| 2 | The HA SBC Admin Connection failure issue within sometime for the ASAN build. Impact: In an HA setup, the standby SCM process can read off the end of a memory block. Reading off the end of allocated memory blocks can cause unexpected behaviour and in the worst case, it could result in coredumps. This problem only impacts the standby server so will not be service impacting. Root Cause: While making P-Asserted-Id header information redundant between active and standby, the standby was reading off the end of the allocated memory buffer because the active instance had passed over a bad data length value for P-Asserted-Id header. Steps to Replicate: Run a call load where the INVITE messages contain P-Asserted-Id header in an HA setup. | The code is modified to correctly format the P-Asserted-Id header information with valid length when sending it to the standby to avoid the standby accessing invalid memory. Workaround: None. |
SBX-105280
| 2 | The CPX Process had a memory leak for single call on the OAM node. Impact: The CPX process can leak small amounts of memory when creating/modifying the SNMP configuration. Root Cause: While processing the SNMP configuration commands, the SBC was creating the temporary internal memory blocks to read and write information from/to the CDB. But it was not freeing up this memory at the end of the configuration action. Steps to Replicate: Modify the SNMP configuration. | The code is modified to correctly free the temporary memory allocated during the configuration process. Workaround: None. |
SBX-105542
| 2 | Fix the Customer Telecom coverity issues. Impact: While processing the SUBSCRIBE messages, the coverity tool has highlighted that the code could dereference a pointer that is potentially null. Although no bad behaviour has been observed during testing, there is a small chance that it could result in coredumps if the pointer really was null. Root Cause: Based on other validation in the code, the coverity highlighted that some legs of code could result in accessing a pointer that might be null. Derefencing null pointers can cause unexpected behaviour and in the worst case coredumps. Steps to Replicate: Run various SUBSCRIBE related test cases. | The code is modified to validate that the pointer is not null before using it to avoid any potential issues/coredumps. Workaround: None. |
SBX-91127
| 2 | The leaksanitizer had an CpxAaaGetNextEntry. Impact: While processing the requests to display the user information/status, the Cpx process was leaking memory. Root Cause: While processing the requests to display user information/status, the Cpx process had to allocate the internal memory blocks to collect information from CDB and was not freeing up this memory at the end of the request. Steps to Replicate: From the CLI, run commands to request user information. | The code is modified to free up the memory at the end of the processing request. Workaround: None. |
SBX-105389
| 2 | De-reference after a NULL check and de-reference the NULL return value. Impact: The coverity scanning tool identified a potential edge case scenario, where the lawful intercept code could potentially access a NULL pointer leading to unexpected behaviour and potentially a coredump. Root Cause: While the code was performing X2 peer status updates, it retrieved the peer information from a hash table but did not verify that the pointers inside the record it retrieved were valid. It would be an extreme error case for this to result in reading of a null pointer and would likely need to be due to another problem. But coverity highlights it as an edge case issue to fix up. Steps to Replicate: Run test cases for lawful intercept using packet cable V2.0 configuration. | The code is modified to validate the pointer is not null before using it and avoid any error scenarios. Workaround: None. |
SBX-100225
| 2 | The AddressSanitizer: detected heap-use-after-free in UasProcessMsgCmd on address 0x623000187198 at pc 0x5623cc7b3b42. Impact: The SCM process is accessing memory after it has been freed during the timer expiry handling when there is no response to an OPTIONS message that was triggered due to debug optionsPing using an FQDN. Accessing memory after it has been freed can cause unexpected behavior and in the worst case, this potentially causes coredumps.
Ex:"request addressContext default cmds optionsPing peerFQDN bats3.gsxlab.com peerPort 14090 sigPort 2 transport udp" Root Cause: The SIP dialog memory block was being removed in two places while handling the timeout for the debug optionsPing command, which could result in unexpected behaviour and potentially result in coredumps. Steps to Replicate: - Run debug optionsPing command
"request addressContext default cmds optionsPing peerFQDN bats3.gsxlab.com peerPort 14090 sigPort 2 transport udp" - The OPTIONS message will be sent out.
- Let the options timeout. (do not send any response).
| The code is modified to address the issue. Workaround: Do not use this debug command, or use it with an IP instead of an FQDN. |
SBX-105591
| 2 | Observed that PRS process heap buffer overflow issue on 9.2 ASAN build 63 Impact: The BRM process was accessing memory after it had been freed. As the memory is being read immediately after being freed, then it is unlikely this would cause a problem. Root Cause: If the BRM process received an unexpected message, then it was trying to print a debug message to indicate the message type. However, the message had already been freed up because it was unexpected. This was observed on the standby server and generated at the point of switchover. Steps to Replicate: Run a normal call load and perform switchovers. | The code is modified to collect the message type information before the message is freed so that the debug log content can be safely generated without accessing freed memory. Workaround: None. |
SBX-103650
| 2 | The SCM Process cores when the targets set for OPTIONS/MESSAGE. Impact: Without this fix, the SBC will core dump when the Out Of Dialogue messages like OPTIONS/MESSAGE are intercepted. Root Cause: Double free of a data structure is causing the code dump. Steps to Replicate: - Provision packet cable 2.0 Targets corresponding to the out of dialogue OPTIONS that will be sent to the SBC.
- Send the OPTIONS to the SBC.
| The code is modified to avoid double freeing of the corresponding data structure. Also, addressed couple of memory leaks concerned with the same data structure in error cases such as ARS blacklisting. Workaround: None. |
SBX-103788
| 2 | The LeakSanitizer: detected memory leaks in CpxAppProcess. Impact: Small memory leak when making configuration changes to the GW signaling port. Root Cause: The configuration logic was reading the interface group name from CDB into a temporary local variable in order to perform validation logic but never freed up this memory at the end of the validation. Steps to Replicate: This issue is highlighted in the engineering lab when performing GW sig port configuration changes on an ASAN enabled build. | The code is modified to correctly free the temporary memory to avoid the leak. Workaround: None. |
SBX-105412
| 2 | The MRFP: CE_2N_Comp_CpxAppProc leak for port SWO (BFD). Impact: There was a small memory leak during the configuration of packet port with BFD configuration associated. Root Cause: The configuration code was reading information from the CDB and storing information in an internal memory block but not freeing it up. Steps to Replicate: With a BFD configuration on the SBC, disable and enable the pkt port by setting mode OOS and state disabled and then enable the pkt port again. | The code is modified to correctly release the internal memory block at the end of the configuration action. Workaround: None. |
SBX-105496
| 2 | Fixing the NRMA coverity issue CID:11149. Impact: The coverity scanning tool identified a potential code leg where a null pointer could be dereferenced and could potentially result in a coredump, although not observed in internal testing. Root Cause: While trying to allocate resources for PCMU to PCMA call where the ingress leg is being tapped, there is a possibility the code could access and invalid pointer resulting in unexpected behaviour and in potential coredumps. Steps to Replicate: This part of the code could be triggered for PCMU to PCMA call where the ingress leg is being tapped. | The code is modified to verify the pointer is not NULL before trying to use it to avoid potential coredumps. Workaround: None. |
SBX-105200
| 2 | The AddressSanitizer: detected heap-use-after-free on address 0x6080002177a0 at pc 0x55a942cce5b1 bp 0x7fb90b2df190 sp 0x7fb90b2df188. Impact: There were two types of issues identified in this Jira: - There was a memory leak when putting a virtual media gateway in service.
- The MRFP is accessing memory after it is freed while cleaning up a call following an internal resource allocation failure. Accessing memory after it has been freed can have unexpected behavior and in the worst case result in coredumps.
Root Cause: - The MRFP was allocating internal memory while performing validation of the request to put a virtual media gateway inservice, but the memory was not being freed up at the end of the configuration action leading to a small memory leak.
- In case of internal call failure, the call data was being deleted but the memory was being access later on in the clean up procedure.
Steps to Replicate: - Configure a virtual media gateway in service.
- Configure the MRFP without licenses and then try to make some calls.
| - The code is modified to free the memory at the end of the configuration action.
- The code is modified to no longer access the call data after is free.
Workaround: None. |
SBX-104118
| 2 | The LeakSanitizer detected memory leaks in the SCM Process. Impact: While relaying REGISTER messages, the SBC may leak memory blocks allocated to hold the record-route header information. Root Cause: The SBC allocates memory blocks to hold the contents of the record-route headers in the REGISTER message. But if the record-route header information is associated with the SBC IP address, then the SBC does not correctly free up the memory blocks causing a leak. Steps to Replicate: Run test cases for stateless REGISTER relay call scenarios where the IP information in the record-route header is the SBC's IP. | The code is modified to correctly freed up memory allocated to store the record route header information. Workaround: None. |
SBX-105850 | 2 | The MRFP failed to come up after an sbxstart. Impact: At startup of the SBC, there is a possible race condition where the SBC processes may go for an additional restart before they come up and restore the configuration. data. Root Cause: The race condition in the code between threads. Steps to Replicate: Installation and startup on the various platforms. | The race condition in setting some common variables is avoided by using static path of binaries to address the issue. Workaround: None. |
SBX-103626
| 2 | Due to the Adaptive Codec Change, the MRFP does not disable the text stream although there is conflict between the payload types that the non audio and text streams use. Impact: In a audio and T140 call setup, with Adaptive Codec Change enabled and the MRFP does not disable the text stream when there is conflict between the payload types that the audio and text streams use. Root Cause: In the Adaptive Codec Change handling, the code does not validate if the payload type used in the T140 stream are in conflict with payload types being used in the audio stream codecs. As a result, the T140 stream is created in the media plan that should be disabled in this scenario. Steps to Replicate: - Enable Adaptive Codec Change in the VMG configuration.
- Setup a call audio and T140 media streams from both call terminations: A- side AMRWB and text 140 to B side, AMR, text T140, and Telephone event.
- At the mid call, send a Re-Invite to change B's side to AMRWB, T140 and Telephone Event with its payload type is the same as the T140's payload type.
- Verify that MRFP should disable the T140 stream by setting the t140 stream port number to zero in the reply to MGC(C3).
| The code is modified to check the conflict for T140 payload types against the payload types being used in an audio stream, and reject T140 stream when a conflict is found. Workaround: None. |
SBX-105039
| 2 | The SBC fails to perform Alert-Info to PEM interworking when the relayPemState is disabled on the ingress. Impact: The SBC fails to perform Alert-Info to PEM interworking when the relayPemState flag is disabled on the ingress TG. Root Cause: The relayPemState flag implementation was not considered for Alert-Info to PEM Interworking scenarios. Steps to Replicate: Configuration: - The relayPemState flag is disabled on the Ingress TG.
- The iToPemInterworking flag is enabled on the Egress IPSP.
- The acceptAlertInfo flag is enabled on the Egress IPSP.
- The UAC sends an Invite with the SDP with PEM: supported to the SBC.
- The UAS sends 180 without the SDP with an alert-info as rt to the SBC.
- The SBC should interwork the alert-Info to PEM and insert PEM:inactive while sending 180 responses towards UAC.
| The code is modified to consider the Alert-Info to PEM Interworking scenarios when the relayPemState flag is disabled. Workaround: None. |
SBX-65509
| 2 | The preferred payload number was not used for either dtmf or amrwb when the "different2833PayloadType" transcode option is enabled. Impact: The preferred payload number was not used for either dtmf or amrwb when the "different2833PayloadType" transcode option is enabled. Root Cause: Both the AMR-WB and dtmf do not use 101, as 101 was being neglected and thinking the other one was using it. So at the end, it was not being considered and was not being populated. Steps to Replicate: Make a SIPP call using AMR-WB codec with dmtf enable different2833palyloadtype flag. enable honorSdpClockRate flag. set preferredRtpPayloadType as 101 set preferredRtpPayloadTypeForDtmfRelay 101 Check for the Preferred payload number. | The code is modified to scan even the workingDynamicPtSet and verify that 101 is not being used and is considered. Workaround: The workingDynamicPTSet represents a more accurate information w.r.t the PTs used. As a result, that condition is being added to scan workingDynamicPtSet along with peer PSP and Route PSP. |
SBX-104471
| 2 | There was a CE_node error "glusterSetup.sh Abort: Mount is in bad state!!" Impact: A glusterSetup.sh script error log showing in CE_Node log file. Root Cause: A glusterSetup.sh script error text is printed to the terminal. Steps to Replicate: - Shut down the Standby OAM.
- Ensure there is no glusterSetup.sh log appear in CE_Node log file on managed node.
| The error text already captured in two separate log files, so remove the output to terminal to address the issue. Workaround: None. |
SBX-101406
| 2 | Implement SAN validation for cert authentication in VNFR REST Server Impact: The VNFM request did not have SAN validation in addition to a cert chain verification. Now, the SAN validation checks against IPv4 and IPv6 both if present in userData. Root Cause: The SAN validation was not implemented. The SAN validation used to work only in mode(either IPv4 or IPv6) depending upon the SBC instantiation mode. Steps to Replicate: - Bring VNFR(running HTTPS) from VNFM GR.
- Perform a successful reassignment.
- Do a sbxrestart.
- Again perform a successful reassignment.
- Bring up a dual stack VNFM, and spawn IPv4 and IPv6 SBC.
- Register VNFR successfully in a simplex VNFM.
| Implemented SAN validation using GnuTLS that is also used for cert chain verification. Loading both IPv4 and IPv6 from userdata addresses the issue. Workaround: No workaround. |
SBX-94760
| 2 | The cinder volume detach/attach required a reboot from Openstack to bring up all the functioning related to the SBC. Impact: In the case of Openstack, if cinder volume is detached from the running the SBC instance, it does not cause the SBC system to shutdown properly. Root Cause: The shutdown triggered on the volume detach from a running instance was not going through successfully due to failure to run abnormal reboot command. Steps to Replicate: Test cinder volume detach from a running instance and ensure the node goes for a reboot and if running on active, should switchover to standby successfully. | The code is modified to update the command to forcefully reboot the node on volume detach from a running instance. Workaround: None. |
SBX-93790
| 2 | A TEAMS user was unable to resume the call when transfer is failed, when the call is initiated in beginning by PSTN user. Impact: During a Refer, if the transfer target sends early answer in 18x but then rejects the call, the SBC fails to resume the previously active call. Root Cause: During call transfer, after tone play, while processing early answer in 183, the SBC wrongly freed the previous cut-thru context and instead retains the previously activated tone context (for A-B call). As a result, after transfer target rejects the call, the SBC attempts to resumes the previously active call (A-B) which fails due to unavailability of correct context. Steps to Replicate: 1. PSTN1 to TEAMS call TEAMS transfer call to PSTN2 PSTN2 rejects the call TEAMS resume the call 2.PSTN1 To TEAMS call TEAMS transfer call to PSTN2 PSTN2 does not answer the call TEAMS resume the call | The code is modified to retain the previously activated cut-thru context and free the previously activated tone context if current tone context is more recent. Workaround: No |
SBX-104331
| 2 | Observed the "NrmUpdateLicensesForXferFeatureType cant get origGCID" MAJOR Logs on the 5400 Platform while running a call with Multiple INVITE Replace. Impact: The Call Pickup logs were incorrectly printing a major error event. Root Cause: The Call Pickup logs were incorrectly printing a major error event. Steps to Replicate: None. | The code is modified to address the issue. Workaround: None. |
SBX-104738
| 2 | The outputAdaptor profile rule gets applied after the clearDB. Impact: The SMM rule was not applied after the upgrade from 8.2 or 9.0 or 9.1 to 9.2, even the same issue is observed during restart or switchover. Root Cause: The SMM rule was not applied due to wrong path in the switchover scenario. Steps to Replicate: Configure the SMM profile in the SBC. Perform any of the of the below steps. - Restart the SBC.
- The SBC performs a switchover.
- Upgrade from 8.2/9.0/9.1 to 9.2.
| The code is modified to address the issue. Workaround: ClearDB and load the configuration. |
SBX-95677
| 2 | The SBC is not feeding the delayed RBT on monitoring a failure in a late media passthrough scenario in the CLOUD ISBC and SWE ISBC. Impact: The SBC is not feeding delayed RBT on monitoring the failure in a late media passthrough call. Root Cause: The fix for the SBC was not feeding delayed RBT on the monitoring failure in a late media passthrough scenario was applicable only when bToneAsAnnc flag is enabled. Steps to Replicate: Procedure: - An INVITE is received without SDP and no "PEM: supported" from the UAC.
- The UAS sends the 183 with SDP and no PEM having PCMU, AMR.
- The UAC send PRACK with SDP PCMU,G729 and UAS sends 200 OK for PRACK.
- The UAS sends an authorized RTP.
- The UAS sends 180 without SDP and no PEM.
- The UAC send PRACK and UAS sends 200 OK for PRACK.
After a RTP Monitoring failure, the SBC should play the tone. | The code is modified to address the issue. Workaround: None. |
SBX-104136
| 2 | Unable to login to the CLI session. Impact: The SWe Active profile configuration may cause a password change commit to hang. Root Cause: The Internal Configuration change related to sweActiveProfile leaves the changes in the candidate database. This causes another commit from the SM Process deadlock, as sweActiveProfile change subscription needs the SM Subscribers acknowledged. Steps to Replicate: This cannot be recreated through User Interfaces. This was an internal error condition. | The code is modified to revert the changes from the candidate database, if the sweActiveProfile commit fails. Workaround: None. |
SBX-102958
| 2 | The Audit Compliance issues are found in the MRFP Setup. Impact: The Nessus Scan with the CIS Plugin shows compliance failures on the SBC. Root Cause: The failures were due to a missing a user directory and bad file permissions. Steps to Replicate: Run the Nessus scan with the same policy and verify that the failed compliances do not exist. | Below changes are made to meet the CIS requirements. - Set nologin shell for cwagent
- Change remoteExecution.log file permission.
Workaround: None. |
SBX-103273 | 2 | Dual NUMA support in the SWe. Impact: The SWe does not come up in the VMs having multiple NUMA nodes except for the signaling traffic profile (SLB, S-SBC, SO-SBC). Root Cause: Due to a deliberate software restriction to not allow multiple NUMAs, the issue was shown. Steps to Replicate: - Configure a KVM instance with the dual NUMA and install in Non-Gold/Non-GPU setup.
- Let it come in default traffic profile.
- Verify that the SBC would come up fine without any HostCheck errors.
| The code is modified to allow multiple NUMA irrespective of the personality and profile. Workaround: None. |
SBX-103627
| 2 | The BFD status is not up for the MGMT port (the BFD packets are seen though the LDG state is disabled). Impact: Even after disabling Link Monitor on the MGMT port, the BFD packets are still seen on the MGMT port. Root Cause: The issue was that when state is disabled and the BFD session was deleted. A timer is started so the expiry initiates a BFD session. Steps to Replicate: - Create BFD session for MGT port.
- Check the status of BFD session.
- Disable the BFD session.
- Observed the BFD packets even when the BFD session is disabled.
| The code is modified to check for the Link Monitor state before initiating the BFD session. Workaround: None. |
SBX-103489
| 2 | The LeakSanitizer: detected memory leaks at the confd_malloc. Impact: The small memory leak during the configuration of lawful intercept server. Root Cause: The configuration code was reading information from the CDB and storing information in an internal memory block but not freeing it up. Steps to Replicate: Create a lawful intercept server and make configuration changes. | The code is modified to correctly release the internal memory block at the end of the configuration action. Workaround: None. |
SBX-103387
| 2 | The Video NAT learning is failing on the D-SBC cloud. Impact: The Video NAT learning failed in the D-SBC. Root Cause: On the D-SBC, NAT learning for video stream was not processed successfully and as a result caused the video packets to be dropped by the SBC. Steps to Replicate: - Configure the SBC for an Audio and Video call.
- Enable the Signaling NAT and Media NAT in the Ingress and Egress Trunk Groups.
- Make an Audio and Video call between the NATed EndPoints EP1 and EP2.
- After a call gets established, the EP1 and EP2 sends Audio and Video packets.
- NAT learning happens for Audio and Video and then the packets are sent and received from EP1 and EP2.
| The code is modified to process the NAT learning for the video stream in the D-SBC. Workaround: None. |
SBX-103353
| 2 | The AddressSanitizer: detected heap-use-after-free /localstore/ws/jenkinsbuild/sbxmainasan/marlin/SIPSG/sipsgCallNotification.c:1123 in SipSgSendCallNotificationApi(SIPSG_CCB_STR*, SIPSG_CALL_NOTIFY_TYPE_ENUM, sip_nameaddr_str*). Impact: While freeing up a SIP call, the code is accessing the SIP call control memory block immediately after it has been freed up in the same processing loop. Root Cause: This issue was detected using ASAN images, it has not been proven to cause bad behaviour using regular production images, but accessing memory after it has been freed can cause unexpected processing to happen which might potentially result in coredumps. Steps to Replicate: Run regular call scenarios with ASAN images. | The code is modified to avoid using the memory block after it is free. Workaround: None. |
SBX-104016
| 2 | Anomalies were observed after decoding a ACT File by sbxCamDecoder.pl. Impact: Issue 1: The camDecoder script "sbxCamDecoder.pl" does not decode a reboot, the switchover records. Issue 2: It does not display the field names under the "Ingress Signaling Information" and "Egress Signaling Information" for an EVENT records as shown below.
26. Ingress Signaling Information : 26.1 : "sip:7587339665@10.xx.xxx.xxx 26.2 : 1-23946@10.xx.xx.xxx 26.3 : <sip:sipp@10.xx.xx.xxx:xxxx>;tag=23946SIPpTag011 26.4 : <sip:7587339665@10.xx.xxx.xxx> 26.5 : 26.6 : sip:sipp@10.xx.xx.xxx:xxxx 26.7 : 26.8 : 26.9 : 26.10 : 0 26.11 : 26.12 : 26.13 : 26.14 : 1 26.15 : 26.16 : 26.17 : 26.18 : 26.19 : 26.20 : 26.21 : 26.22 : 26.23 : 26.24 : 26.25 : "
Root Cause: The sbxCamDecoder script was not updated to support the reboot, on switchover records. Also, the script was not updated to decode "Ingress Signaling Information" and "Egress Signaling Information" for EVENT records. Steps to Replicate: Issue 1: The switchover record issue. Setup: The SBC HA Procedure: - Perform a switchover the SBC.
- Decode the latest ACT log that contains "SWITCHOVER" record by using the sbcCamDecoder.pl.
Issue 2: REBOOT Record issue. - Reboot the SBC.
- Decode the latest ACT log that contains the "REBOOT" record, by using sbcCamDecoder.pl.
Issue 3: - Send an OOD message (OPTIONS).
- Decode the latest ACT log that has the event RECORD by using the sbxCamDecoder.pl.
| sbxCamDecoder was updated to support decoding REBOOT,SWITCHOVER records and the "Ingress Signaling Information" and "Egress Signaling Information" in the EVENT Records. Workaround: Decode the record manually. |
SBX-103894
| 2 | The AddressSanitizer: detected heap-use-after-free on address 0x61b000018f84 at pc 0x556c7afd4213 bp 0x7fcbf0905680 sp 0x7fcbf0905678. Impact: An invalid memory access of a termination object after it's been deleted. Accessing the memory after it has been freed can result in unexpected behaviour and in the worst case coredumps.
Root Cause: In the call teardown processing, after the last termination is deleted, the calltracing function was accessing the already deleted call termination object to retrieve the context ID. Steps to Replicate: - Setup a call in MRFP.
- Teardown the call.
- The previously mentioned invalid memory access occurs in handling the deletion of the last termination of the call.
| In the same function, retrieve the context ID from the context object instead to address the issue. Workaround: None. |
SBX-103814
| 2 | The RECORDING CDR does not have correct value for the SRTP field during switchover scenario. Impact: For the SIPREC sessions with SRTP, after a switchover the "RECORDING" CDR generated had values as 0 in the SRTP statistics fields as shown below:
24.7 ingress SRTP info1 : 0:0:0:0 24.12 egress SRTP info1 : 0:0:0:0 Root Cause: The standby processing code did not support copying the SRTP information into the SIPREC Standby data blocks and as a result was lost during a switch over. Steps to Replicate: - Execute a SIPREC call, with a SIPREC Session over the SRTP.
- Perform a switchover.
- Verify the RECORDING CDR for SRTP Statistics in the following fields:
24.7 ingress SRTP info1 : 0:0:0:0 24.12 egress SRTP info1 : 0:0:0:0
| The code is modified to process the SIPREC SRTP information is added. Workaround: None. |
SBX-103807
| 2 | The SBC disables the SRTP for an audio when the EP disables and re-enables the audio. Impact: The SBC disables the SRTP for audio when EP disables and re-enables the audio. Root Cause: During the modify offer processing, the SRTP value is taken from previous Active security PSP without checking if the SRTP is valid or not. Steps to Replicate: Test Procedure: Setup Audio+Video RTP to SRTP pass-Thru call between UAC-UAS: - UAC sends invite with Audio and video.
- UAS responds with Audio and Video cryptoline.
- UAC sends re-invite to disable Audio stream port=0 and inactive and Video with valid media port and sendrecv.
- UAS responds 200OK with port=0, a=inactive and no crypto line for audio and video with valid port and crypto line.
- UAC sends re-invite to add Audio stream back with valid media port and sendrecv and video with valid media port and sendrecv.
- UAS responds 200OK with valid Audio and Video crypto lines.
Expected Result:
- RTP-SRTP A+V call gets established.
- The SBC disables audio stream and sets up RTP-SRTP call with video stream.
- The SBC re-establishes Audio+Video RTP-SRTP call.
Actual Result: - RTP-SRTP A+V call gets established.
- The SBC disables audio stream and sets up RTP-SRTP call with video stream.
- The SBC re-establishes re-Invite without SRTP for audio stream.
| The code is modified to copy the Active security PSP only if the SRTP admin state is enabled. Workaround: None. |
SBX-105310 | 2 | There was a SM Process leak for the MRFP call on the MRFP active. Impact: The redundancy group manager (RGM) that is used in conjunction with N:1 deployments has a memory leak. Root Cause: The RGM handles the switchover and fault messages in N:1 deployments and it was not freeing up the ICM message after processing that results in a memory leak. Steps to Replicate: This issue was observed in an MRFP configuration especially when restarted instances. | The code is modified to correctly free the ICM messages. Workaround: None |
SBX-103603 | 2 | The LeakSanitizer: detected memory leaks in the MrfRmProcessTrmAllocRpyMsg. Impact: While testing call scenarios for RTCP for T.140 Pass-through functionality, it was observed that the SCM process could leak memory for calls associated with an MRF (external media transcoder). Root Cause: The SBC was allocated memory while processing the SDP associated with this call but was not always freeing up the memory at the end of the call. Steps to Replicate: Run various call scenarios with MRF where the SBC is using the SIP to allocated media resources on an external media transcoder (MRF) or T-SBC. | The code is modified to correctly free all the memory allocated for the call. Workaround: None. |
SBX-103731 | 2 | The AddressSanitizer: detected heap-buffer-overflow on address 0x61a0000cb9d9 observed in the SAM Process while running OCSP feature. Impact: When the OCSP stapling feature is enabled on the SBC and the code was processing the response it writes to unallocated memory and in the worst case this could result in process coredumps. Root Cause: While processing OCSP response the code was allocating a memory buffer large enough to hold the response, but then incorrectly writing one byte off the end of the memory buffer while attempt to try and null terminate the string. Steps to Replicate: Setup - UAC > Dut<>Adapter -> UAS - Create an OCSP profile by configuring the defaultResponder and stapling enabled.
- Attach the OCSP profile to the TLS profile configured.
- From Endpoint A, Intiate the TLS call with Client Hello from the SIPP UAC having OCSP parameter in it.
- The SBC should send server hello certifciate to the user client.
| The code is modified to correctly terminate the OCSP response string without writing off the end of the memory buffer allocated to hold the response. Workaround: None. |
SBX-103801 | 2 | Observed the run time error in M-SBC "runtime error: load of value 42, which is not a valid value for type 'bool'" Impact: The M-SBC could potentially configure the wrong data path mode for a call. Root Cause: No issues were observed while running this functionality on a regular deployment image. But while testing with ASAN, it highlighted that some of the fields used in a call resource allocation message were not always initialized correctly, which could potentially lead to unexpected behaviour e.g. SYS_ERRs, wrong datapath mode setup. Steps to Replicate: This issue was highlighted while while running test suite related to RFC-4117 MRF Mid-Call modification Enhancement | The code is modified to correctly initialize the resource allocation request fields to avoid issues. Workaround: None. |
SBX-98024
| 2 | The contact header is not transparently passed when the Ingress and Egress had different transport types. Impact: Contact header is not passed transparently from Ingress, when egress side has different transport type, even when the IPSP flag 'passCompleteContactHeader' is enabled on both ingress/egress Trunk Groups. Root Cause: In API SipSgCheckAndSetContactHeaderTrasparency(), irrespective of transparency control is enabled/disabled, if the egress Sig Zone is MS Teams, then contact header was not transparently passed to egress. Steps to Replicate: - Configure, IPSP flag 'passCompleteContactHeader to enable.
- Attach the IPSP to both ingress/egress TG's.
- Set Ingress transport to TCP / Egress to TL.
- Create pathCheck profile with hostName 'sip.pstnhub.microsoft.com' and attach to the Teams side.
- Make a successful call.
| The code is modified so regardless of MS Teams zone, if the transparency control flag is enabled then pass the contact header transparently to the egress. Workaround: None. |
SBX-101937
| 2 | The one medium vulnerability found after the Qualys Scan. Impact: A medium vulnerability found after the Qualys Scan in Jquery 3.4.1 version. Root Cause: The jquery 3.4.1 version has security issue. Steps to Replicate: Run a Qualys Scan and vulnerability was not shown. | The code is modified to address the issue. Workaround: No workaround. |
SBX-102718 | 2 | The Confd updateAdmin user's configuration was failing. Impact: In cloud deployments, when a new user is created, it throws the error: "Cannot change accountAgingState to disabled while accountRemovalState is enabled" even though accountAgingState is set from disabled and accountRemovalState to disabled. Root Cause: The validation logic for user creation was done along with transformation callbacks. This makes the validation logic to be order dependent. Steps to Replicate: - Launch a cloud standalone instance.
- Create a new user with accountAgingState to disabled and accountRemovalState to disabled:
commit fails with error "Cannot change accountAgingState to disabled while accountRemovalState is enabled"
| The code is modified to make an order independent. Workaround: None. |
SBX-103634
| 2 | The LeakSanitizer: detected memory leaks in DCmRestoreAllMetaVarsToStandbyContext. Impact: A small memory leak was observed in the SAM process while performing a switchover from standby to active box. Root Cause: The standby instance stores information about the metavars associated with signaling ports configured on the active instance. During the conversion from standby to active, the standby data is moved into active structures but the original standby memory blocks are not freed up correctly resulting in a memory leak. Steps to Replicate: Perform a switchover from standby to active while running a basic call, no memory leak will be observed in the SAM process. | The code is modified to correctly free the memory associated with the standby data when it gets transitioned to active to avoid the memory leak. Workaround: None. |
SBX-104360
| 2 | The SWITCHOVER ACT Records are not generated in the SBC with HA mode set as Nto1. Impact: On an N to 1 system, the SWITCHOVER record is not written to the accounting file on the new active node after a switchover. Root Cause: The SWITCHOVER record is sent to the ENM process before it has opened the accounting file, so the record is not written. Steps to Replicate: - Perform a switchover a system.
- Check that the switchover record is written to the accounting file.
| The SWITCHOVER record is stored and then written out when the accounting file is opened to address the issue. Workaround: None. |
SBX-104826
| 2 | The SBC fails to relay to 3xx and picks the next route when Ethe nhancedLocalRedirection and StatusCode3xx flags are enabled. Impact: The SBC fails to relay the received 3xx to the ingress side and picks the next route when the EnhancedLocalRedirection and StatusCode3xx flags are enabled with 2 routes. Root Cause: When both the StatusCode3xx and EnhancedLocalRedirection are enabled for the 2 routes scenario, the performCrankback is set to true which leads to this issue. Steps to Replicate: Procedure: - Configure the SBC for A to B call over ERE.
- Configure the ERE to return two routes for Initial call R1, R2.
- Enable the flag statusCode3xx, EnhancedLocalRedirection on TG IPSP.
- Send the INVITE from UAC.
- Send the 300 Multiple Choice from UAS with Contact header and embedded headers.
| The code is modified to ensure that performCrankback is not set to true when both the EnhancedLocalRedirection and StatusCode3xx are enabled. Workaround: None. |
SBX-91592
| 2 | The DRBD tuning is not optimal. Impact: On the non-cloud 1:1 SBCs, due to non-optimal tuning of the DRBD, the DRBD connection between active was getting disconnected leading to full sync and high i/o on the DRBD partition. Root Cause: Due to the peer not responding within a certain time (ko-count * timeout), ko-count feature of DRBD was disconnecting the peer leading to full sync. Steps to Replicate: The following are the steps to test the changes: - Decrease the timeout value in the DRBD conf file.
- Restart the DRBD service.
- Resume the DRBD sync if not already enabled.
- Check syslog, the DRBD must not get disconnection logs.
| The DRBD ko-count feature is disabled on the SBC to address the issue. Workaround: None. |
SBX-101743
| 2 | The SBC start is showing some errors related to a serf file and config-version file. Impact: Missing the file error printed to terminal. Root Cause: The gluster setup script does not redirect output of 'cat' command. Steps to Replicate: Run the sbxstop; sbxstart | The 'cat' command error output is redirected to NULL to fix the issue. Workaround: None. |
SBX-91799
| 2 | The segfault in pamValidator during PM login with incorrect credentials. Impact: The segfault in pamValidator on a failed login for locked user. Root Cause: The pamValidator defines a conversation function that is called by pam modules to exchange values. The pam module was freeing a struct member in the first call and accessing the same freed value in another call to the conversation function that was causing segmentation fault. Steps to Replicate: Perform following steps on any of the SBC deployment and verify that segmentation fault does not happen: ## TEST 1: Ensure success for correct username and password: - Encode username and password to base 64 and set as environment variables USER and PSWD example: export USER="YWRtaW4=" ; export PSWD="U29udXNAMTIz"
- Run pamValidator and verify it returns success.
##TEST 2: Authentication Failure for username and incorrect password:
- Encode the correct username and incorrect password to base64 and export as env variables USER and PSWD.
- Run pamValidator and verify it returns "Authentication Failure".
- Run pamValidator again multiple times (atleast 3 more) and verify the authentication failure and no segmentation fault.
- Wait for 30 seconds and try TEST#1 with the correct password and verify it succeeds.
| The code is modified so the pam_response struct properly in between calls to the conversation function. Workaround: None. |
SBX-105152
| 2 | While expecting a 200 OK to ingress endpoint, the SBC was sending BYE to the Egress endpoint. Impact: If the Media inactivity/activity monitoring is enabled on media leg, and if media is not received at all on that leg in initial 10 seconds, then the NP sends a media inactive notification to up layer. But later even if media starts coming to the SBC on that leg, the NP is not sending media is active now in notification to Application layer. As a result, the application layers were closing the call based on the action configured for media inactivity (peerAbsenceTrapAndDisconnect). Root Cause: In the call, if the media is preceded by no media for few seconds. The call can be terminated if the peerAbsenceAction is peerAbsenceTrapAndDisconnect. Steps to Replicate: - Configure the peerAbsenceAction as peerAbsenceTrapAndDisconnect in the PSP.
- After the call is established, do not stream the media for initial few seconds (this duration should be less than inactivityTimeout), start it only after few seconds.
> set system media mediaPeerInactivity inactivityTimeout 20 > set profiles media packetServiceProfile DEFAULT peerAbsenceAction peerAbsenceTrapAndDisconnect - In this case, the pause should be less than 20 seconds.
- With the fix, the calls will not be terminated.
| The code is modified to fix the Inactive to Active detection functionality and address the issue. Workaround: If media is expected to come late, they should not configure the peerAbsenceAction action in PSP to peerAbsenceTrapAndDisconnect. The action can be selected as the peerAbsenceTrap or none. |
SBX-105679 | 2 | The ASAN leaksanitizer detected errors in the CPX and SCM. Impact: The SCM and CPX processes have a small memory leak while changing the IPsec and IP interface group configuration. Root Cause: While processing configuration related commands, the SBC was reading information from CDB into temporary memory blocks but failed to release the memory at the end of the configuration action, resulting in a small memory leak. Steps to Replicate: Make the configuration changes to IPsec and IP interface group. | The code is modified to ensure the memory is correctly freed up to avoid the leak. Workaround: None. |
SBX-105637 | 2 | The AddressSanitizer: detected heap-buffer-overflow on address 0x61b000013128 at pc 0x55e3eea0419e bp 0x7ff7a52768a0 sp 0x7ff7a5276898 in ScmProcess_0. Impact: There was invalid memory access when the SBC receives the 500 Internal Error to REGISTER. Root Cause: The root cause of this issue is accessing invalid memory while accessing callData, trying to read off the data from the end of memory block. It can potentially cause the coredumps if the memory block is at the edge of the accessible memory region. Steps to Replicate: Testcase: Description: - Clean up SAs if unexpected response received
Procedure: - Monitor the exchange.
- Send an initial reg message.
- Receive the 401 challenge.
- S-CSCF responses with 500.
Expected Results: - Verify IPsec SA's deleted (ip xfrm state).
| The code is modified to access the respective application data (It can be call data, registration data or subscription data) based on type of SIP message. Workaround: None. |
SBX-104990
| 2 | In a secure call, the SBC does not increment the port number in R-URI after processing Refer. Impact: In a secure call with TLS configured, if the call is REFERed with a REFER-TO header containing a FQDN and port number, the SBC sends out a new INVITE to specified FQDN and port number. If that INVITE fails and the SBC then sends a subsequent INVITE on the next route, it does not correctly increment the RURI port number for the TLS. Root Cause: The SBC code does not take into account that a re-route after a REFER-TO with FQDN and port number target needs to increment the port number for TLS, if the target after the re-route is different to the original target specified in the REFER-TO. Steps to Replicate: - With the recommended SBC configuration for MS Teams with TLS enabled between the SBC and MS Teams, establish a call from the PSTN to MS Teams
- Send a REFER from MS Teams that includes following header:
REFER-TO: <sip:sip2.pstnhub.microsoft.com:xxxx;transport=tls> - Based on the REFER, the SBC should route the call and send an INVITE to sip2.pstnhub.microsoft.com using port xxxx
- Reject this INVITE from MS Teams with a 503.
- The SBC should then send an INVITE out using the second route to sip3.pstnhub.microsoft.com using port xxxx.
- Complete the call signaling and verify referred call is established correctly.
| The code is modified to increment the RURI port number for TLS if performing a re-route to a target FQDN and port number that is different to the original target specified in the REFER-TO. Workaround: None. |
SBX-104671
| 2 | The CpxAppProc leak for the MRFP call. Impact: During the SBC startup, the CPX process has a small memory leak. Root Cause: During the SBC startup processing, the CPX process reads various CDB configuration and performs DB schema upgrade validation logic. As part of this processing, it was creating temporary internal memory blocks but not releasing them at the end of initialization. Steps to Replicate: Restart the SBC after it has been configured. | The code is modified to correctly release the temporary memory blocks used for initialization processing. Workaround: None. |
SBX-105339
| 2 | The LeakSanitizer: detected memory leaks on the active OAM. Impact: The CPX process was leaking small amounts of memory while processing BFD configuration changes. Root Cause: The CPX process was allocating memory in order to interact with the CDB while process BFD configuration changes. But it was not freeing up the memory at the end of the configuration action, resulting in a memory leak. Steps to Replicate: Make configuration changes to the BFD profile. | The code is modified to correctly free the memory required to process the BFD configuration changes and avoid the memory leak. Workaround: None. |
SBX-105262
| 2 | The SBC is sending an unexpected re-INVITE to the Egress side in the SRTP early media scenario. Impact: The SBC is sending an unexpected re-INVITE to the Egress side in the SRTP early media scenario. Root Cause: This issue is caused as a side-effect of SBX-103807. Steps to Replicate: Run the following call flow: - The UAC sends an INVITE with 100 rel required.
- The UAS sends 18x with SDP and SRTP( SHA-1-32).
- Ingress sends PRACK with SDP and SRTP( SHA-1-32).
| Copy an active security PSP only if audio stream is present to address the issue. Workaround: None. |
SBX-104537
| 2 | Observed SIPFE MAJOR logs on the n1-standard-4 SBC_HA_HFE_SPLIT instance. Impact: The log was printed as major, when stale calls are present and whenever we start cleaning the stale calls, then the log is seen. Root Cause: This log is expected when clearing any stale calls. Steps to Replicate: Run call load and if any stale calls are seen, then this log issue is seen (only when the Minor logging is enabled). | The code is modified to address the issue. Workaround: None. |
SBX-103851
| 2 | Observed an error "runtime error: index -20 out of bounds for type 'uint8_t [16]' " on UXPAD when running T140 call with out-of-order of T.140 packets. Impact: If the T140 packet contains any T140block that has more than 16 characters, then a debug buffer to display the ASCII characters of T140 packet may write beyond its size. Root Cause: The debug buffer to display ASCII characters of T140 packet is 16 bytes in size. It saves the 16 bytes of last T140block. However, the T140 packet SBC accepts allows a maximum T140block size of 36 characters. The code did not properly limit the size of buffer to copy to 16 characters. Steps to Replicate: - Make a SIPP call (AMRNB=>G711) with t140=>baudot enabled.
- Send PCAP with the T140 from AMRNB termination having T140block in packet exceeding 16 bytes.
- There may not be any observable effect, but the debug buffer that displays ASCII characters writes beyond its bounds and corrupts some other fields in the structure.
| The code is modified to limit the size of ASCII buffer to copy to 16 characters. Workaround: None. |
SBX-105270
| 2 | There was a CpxAppProc leak for MRFP calls. Impact: The small memory leak occurs on the SBC/MRFP nodes when action/status/stats under the node branch is accessed through the OAM node CLI or EMS. Root Cause: Resource references are cleared mistakenly after serving the request from the OAM node. Steps to Replicate: Execute a node branch command repeatedly and monitor the CPX process size on the target node. | The resource references are cleared only when the system is shutting down. The resources are now getting reused by subsequent requests to address the issue. Workaround: Avoid using the node branch commands in automated/periodic operations. Manual use should work as the leak is small. |
SBX-105114 | 2 | The usage of a kill command output in the active and standby CE_node logs. Impact: The kill command usage gets printed in the CE_Node log file of the managed nodes. Root Cause: No glusterfs process is present when the kill command is executed by the glusterSetup.sh script called by sbxConfigUpdater.sh. Steps to Replicate: - Reboot the Standby OAM.
- Ensure that kill usage does not appear in the CE_Node log file of the managed nodes.
| Redirect the kill command error output to /dev/null to address the issue. Workaround: None. |
SBX-105395
| 2 | There are coverity issues in the OAMNODE. Impact: When processing a show list command under the node branch from the OAM node, if the target node fails to read the command path in the request, the code will access memory immediately after freeing it. While in most cases this should not cause issues, accessing memory after it is freed is not good behaviour and could result in unexpected behaviour, potentially causing coredumps. Root Cause: The error handling flow in the code is incorrect. The handling code hits some code for the success flow. Steps to Replicate: Enter the CLI commands like "show table/status node SSBC-1 <path to some list> <partial key>" and hit "tab" for auto completion on a system with an unreliable HA network. Repeat until the target node showing this error in its DBG log:
CPX ConfdProxy::worker: could not deserialize parameter for PROXY_FIND_NEXT_REQ | The code is modified to address the issue. Workaround: None. |
SBX-103103
| 2 | The BFD packet forwarded by the router is not received by the MRFP. Impact: Once the BFD session is established on a port (either primary or secondary), an immediate port switch over is followed due to the BFD packets dropped at NP for a brief amount of time (~1 second). This eventually triggers a node switchover. Root Cause: A race condition in ACL lookup is the cause of this issue. Steps to Replicate: - Ensure the BFD session is up on a port (either primary or secondary).
- Initiate a port switchover.
- Monitor if the BFD session comes back on the switched-over port and an immediate port switch over is not followed.
| The code is modified to address the issue. Workaround: A user ACL can be added as a workaround. |
SBX-103984 | 2 | For an existing call trace, when the call trace feature is disabled on the MRFP, the MRFP should reject the trace request (in MODIFY with CALLTRACE/TRACEACTIVITYREQUEST=ON) from the C3 by sending a NOTIFY to the C3 with RES=FAILURE. Impact: When the call trace feature is disabled in the MRFP (using CLI command: set global callTrace state disabled), and the C3 tries to enable call trace using the MODIFY command with CALLTRACE/TRACEACTIVITYREQUEST=ON, then the MRFP should reject the trace request from C3 by sending NOTIFY to C3 with {CALLTRACE/TRACACT{Stream=1,RES=FAILURE}}. However, the MRFP (9.1 R0) is not sending any NOTIFY message for the Call Trace request received in the MODIFY command. Root Cause: The issue was seen only when the MODIFY command does not have any SDP. Steps to Replicate: - Disable the call trace feature, using the CLI command: set global callTrace state disabled.
- Establish a MRFP call for the SBC from C3 by sending two ADD termination commands.
- Send MOD termination command from C3 with: CALLTRACE/TRACEACTIVITYREQUEST=ON.termId ip/1/intf/3523215361{ Media { Stream = 1 { LocalControl { Mode=SendReceive,CALLTRACE/TRACEACTIVITYREQUEST=ON } } } ,Events = 1 { NT/NETFAIL , ADID/IPSTOP { DT=50 } , HANGTERM/THB { TIMERX=1800 } } ,Signals { } }
- Since call trace is disabled at the SBC, verify that the SBC sends a NOTIFY with res=Failure after sending a MODIFY reply.
| The code is modified to send a NOTIFY for TRACEACTIVITYREQUEST when the MODIFY command does not result into any change in media parameters. The MRFP now sends a NOTIFY with RES=SUCCESS/FAILURE (based on call trace configuration) after sending reply for the MODIFY command. Workaround: None. |
SBX-104325
| 2 | A SCM core dump was observed when multiple gateway TGs are created in a GW-GW call on a HA setup. Impact: On a HA setup, the Standby box SCM Process dumps core when the Standby starts to sync from Active post a switch over and as a result, the switchover occurs after a scenario where Gateway TG's are created and then a GW TG with a lower index (created earlier) is deleted. Example: - Create GWTG1, GWTG2 and GWTG3.
- Delete GWTG2
- Switch over.
Root Cause: The coredump is caused due to difference in indexing the gateway TG's in active and standby boxes. The GW TG indexes were out of sync between the Active and Standby. Active SBC had holes in the indices of the GW TGs after deletion. The Standby SBC does not have holes for the GW TGs that are present post deletion and occupy a different index when compared to active. Steps to Replicate: - The HA setup with GW-GW configurations.
- Create 3 Gateway Trunkgroups: GWTG1, GWTG2 and GWTG3.
- Delete the GWTG2.
- Perform a switchover.
| The code is modified to ensure that the GWTG indexes on the Active and Standby are in sync. Workaround: None, |
SBX-104693 | 2 | When multiple codecs are received in descriptor, the call is getting rejected if license of the first preferred codec is not present in the license bundle. Impact: When the MRFP receives an ADD termination command with a list of codecs in the audio stream from the MGC, it rejects call if the license of first preferred codec is not present in the license bundle, even though MRFP could have succeeded the call with other codecs on the list. Root Cause: The MRFP's codec filtering function chooses the first allowed codec from the list and send it to media plane without check the codec license, so that the media plane returns error in case of codec license validation failure. The call failed as a result. Steps to Replicate: - Ensure the MRFP is up and running
- Generate a license xml with ONE unit of MRFP-RTU, MRFP-DSP-RTU MRFP-DSP-AMR and ZERO units MRFP-DSP-AMRWB. Install the license bundle b1 in MRFP.
- Place a call from endpoint with AMRWB and AMRNB in SDP in same m line
- Validate the call should be succeeded with AMRNB codec being used.
| The code is modified so it always chooses a codec with a valid license to the media plane. Workaround: None. |
SBX-103281
| 2 | The route data was lost after offline PM upgrade from 625R0 to 823A13. Impact: The special character data (e.g. ?,*,#,$) is not getting migrated from the Oracle version to postgres version. Root Cause: Special characters were causing issues with Postgres data loading. Steps to Replicate: - Create 100+ routes that have special characters in the DN field (Domain Name) in the SBC 6.2.5.R0.
- Upgrade to the SBC through the PM offline upgrade to 8.0 or above.
- After upgrade all route data was lost while other data are unaltered.
| The code is modified to address the issue. Workaround: No workaround. |
SBX-102445 | 2 | The media port range threshold alarm is not triggered after a switchover. Impact: The sonusMrfpRealmMediaPortRangeThresholdExceededNotfication alarm does not get raised on a newly active box following a switchover, even if the conditions for the alarm are met. Root Cause: The realm status is not getting properly mirrored to the standby box. Steps to Replicate: - Run calls such that 90% of the ports are used and alarm is triggered.
- Trigger a switchover from the active MRFP.
- Alarm should be triggered in new active MRFP.
| - The code is modified to check the UDP port usage, and to raise the alarm if appropriate.
- The code is modified to mirror realm status so that, it can be used to raise alarm when transitioning to active or when new call on SBY arrives.
Workaround: None. |
SBX-104963
| 2 | The createConfigDrive.py --file option throws an error when executing. Impact: In the case of KVM/VMware deployments with qcow2/OVA/vmdk, the createCOnfigDrive.py script that creates the config-drive is not working with the '--file' option. Root Cause: There was an error in handling the '--file' option Steps to Replicate: Generate a configuration drive with the '--file' option. | The code is modified to address the issue. Workaround: Use the '--cli' option to generate a configuration drive. |
SBX-103761
| 2 | The createConfigDrive.py --cli throws an IndentationError. Impact: When deploying on the KVM/VMware using qcow2/OVA/VMDK and generating config-drive using createConfigDrive.py with '--cli' option, the script returns with an error. Root Cause: There was an indentation issue in the Python code. Steps to Replicate: Generate a config-drive with the '--cli' option and verified the generated config-drive. | The code is modified to address the issue. Workaround: None. |
SBX-103682 | 2 | The LeakSanitizer: detected memory leaks at confd_malloc Impact: The ASAN detected memory leaks while processing the E164 profile configuration changes. Root Cause: The code was allocating memory while processing E164Profile configuration changes but not releasing the memory at the end of the configuration action, resulting in a small memory leak. Steps to Replicate: Create and modify the E164Profile configuration. | The code is modified to release the internal memory block at the end of the configuration action. Workaround: None. |
SBX-103821 | 2 | The AddressSanitizer: detected heap-use-after-free on address 0x6180000ed180 at pc 0x5619a742719d bp 0x7f3b04960310 sp 0x7f3b04960308. Impact: While the MRFP node is shutting down, it can access memory after it has been freed, this could result in unexpected behaviour and in the worst case a coredump. But would have limited impact as it only occurs when shutting down. Root Cause: During the sbxstop/sbxrestart or switchover because of race-condition, when the SBC is in deactivation the oamNodeRegisterRetry can access already deallocated resource leading to a core dump. Steps to Replicate: - Setup a build with HA MRFP using OAM.
- Do the sbxrestart/switchover of an active instance.
| The code is modified to handle this race condition. Workaround: None. |
SBX-105312
| 2 | The trunkgroups are not displayed while assigning the SMM profile to TG on the EMA. Impact: The trunkgroups are not displayed while assigning the SMM profile to TG on the EMA. Root Cause: The dropdown height is limited, and as the result the last entry is not visible. Steps to Replicate: - Create more than one TG.
- Create a SMM profile on EMA.
- Click on Assign SIP Adaptor Profile.
- Under 'Assign Message Manipulation Profile to TGs', check for Input Adaptor and Output Adaptor.
All the options should be available after performing the test steps. | The code is modified to show all the options to select. Workaround: None. |
SBX-98283
| 2 | The SBC is unable to find the TG for in-dialog NOTIFY message when received from different IPs and the dialogTransparency flag. Impact: When the indialog NOTIFY comes from different source IP, then the SBC is dropping the NOTIFY. Root Cause: The existing design for OOD does not support the indialog NOTIFYs when it comes from a different source. Steps to Replicate: - Initiate a SUBSCRIBE dialog.
- Send an indialog NOTIFY from a different source.
| The code is modified to accept the indialog requests when the source is different. Workaround: None. |