| Issue ID | Sev | Problem Description | Resolution |
---|
1 | SBX-97947 | 2 | The pathCheck issue occurs when the TLS is in use, the SRV DNS lookup returns the port 5061 and the SBC increments it by 1 when initiating the TLS connection. Impact: When the pathCheck is enabled on a FQDN based ipPeer, and the TLS transport is specified, the port number returned by the DNS SRV query for the TLS (_sips._tcp) is incremented by 1 causing the wrong port number to be used. This problem only effects the transmission of the PATHCHECK OPTIONS pings when the TLS transport is specified, and the port number is obtained by DNS SRV query for TLS. There is no direct effect on SIP calls. Root Cause: The SCM process incremented the port number passed to it by the PATHCHECK when it should not have, in the case where the port number was obtained by a DNS SRV query for "_sips._tcp" (TLS). Steps to Replicate: Define a pathCheck profile with the TLS as the transport preference: Platform/Feature: SBC | The code is modified so that the port numbers obtained by a DNS SRV query for "_sips._tcp" (TLS) are not incremented. Workaround: Configure the FQDN based ipPeer's pathCheck hostPort to the appropriate port number. |
2 | SBX-98004 | 2 | The M-SBC crashed due to memory congestion with no memdump/core. Impact: Observed the resource memory congestion level 3 is approaching the threshold 90 sample 80 at the M-SBC. Root Cause: When the Link detection is configured, the raw sockets are created to exchange the ICMP pings on an active port and ARP probe messages on the standby port. Whenever a port switchover is initiated, these sockets are closed and re-opened as the role of the port changes. Due to a bug in the code, these sockets were not getting closed and new sockets were opened. This leads to a memory leak due to stale sockets under the constant port toggling condition and eventually lead to a memory congestion. Steps to Replicate: Create a link detection group with the link monitors configured on both ports in redundancy group. Add the ACL to drop ICMP packets from the destination configured in Link Monitor. This results in constant port switchovers. Platform/Feature: SBC: Call Control | The code is modified to make a standard system close () instead of the ACE close() to close the socket upon a port switchover. Workaround: N/A |
3 | SBX-100331 | 2 | After adding the second mgmt port in the 23vcpu ISBC (in RHEV platform 8.2.1 build), pkt and mgmt port messes up. Impact: On adding the extra management port in the large instance without redundant PKT ports, SWe_NP process crashes. Root Cause: A bug in the code polled a non-existent port id on adding the extra management port resulting in a crash. Steps to Replicate: Make a large instance >15vCPU(default profile) without the redundant packet ports. Add the extra management port and reboot. Platform/Feature: SBC: Platform | The code is modified to fix the polling of extra management interface for large instances case in SWe_NP code. Workaround: N/A |
4 | SBX-98580 | 2 | A response for the OPTION message received from TEAMS does not have a domain name in contact. Impact: The contact header sent in the 200 OK response to out-of-dialog OPTIONS message in MS Teams Zone contains an IP address. It should contain a FQDN. Root Cause: The Out-of-dialog OPTIONS message received in the MS Teams Zone. Steps to Replicate: Send an Out-of-dialog OPTIONS message in the MS Teams Zone. Platform/Feature: SBC: MS Teams | The code is modified to populate the zone domain into the contact header of a 200 OK. Workaround: Use the example SMM at the link below to work around the issue. |
5 | SBX-95455 | 2 | Unable to change the username of a configured AD Domain Controller through the EMA. Impact: When creating a domain controller from the EMA, the username validation was failing for the special characters because of being unable to create a domain controller. The CLI was accepting the special character for the username and was able to create a domain controller. Root Cause: The username validation was failing because the username param was not part of the netconf request and the netconf was throwing error. Steps to Replicate: TBD Platform/Feature: SBC | The code is modified so the EMA validates the username param based on default regex that is in the yang file. Workaround: N/A |
6 | SBX-99650 / SBX-95679 | 2 | Portfix SBX-95679: There are no trunks data on the live monitor. Impact: The Zone and Trunk Group based live monitor charts does not show any data if the trunk group name contains a hyphen. Root Cause: The Elastic Search interprets a 'hyphen' as a delimiter and as a result the string is broken down into tokens for indexing. When querying the ElasticSearch for data with trunkgroup name containing 'hyphen', no data is retrieved as the Elastic Search has stored the data not with the actual trunkgroup name but with tokens. Steps to Replicate: - Create a trunkgroup with the name containing hyphen.
- Enable the Live Monitor.
- Run calls and wait for sometime.
- Verify data is shown in the Zone and Trunk Group based charts
Platform/Feature: SBC | Before querying the ElasticSearch for data, check if the trunkgroup name contains a hyphen, if it does then it is broken into tokens and the token is used to query for data. Workaround: N/A |
7 | SBX-99498 / SBX-96953 | 2 | Portfix SBX-96953: Investigate the PATHCHK process coredump. Impact: The Pathcheck process may coredump (due to healthcheck timeout) when the zone tracerouteSigPort is enabled, and the traceroute takes longer than 45 seconds to complete (after the endpoint becomes BLACKLISTED). Root Cause: The Pathcheck process coredumps due to a healthcheck timeout when the traceroute to the BLACKLISTED endpoint takes longer than 45 seconds to complete. Steps to Replicate: Enable the zone tracerouteSigPort, and configure an ipPeer in that zone that will the become BLACKLISTED, and the traceroute to that ipPeer takes minutes to complete. Platform/Feature: SBC | The code is modified to handle slower/longer traceroute completions. Workaround: N/A |
8 | SBX-99712 / SBX-96255 | 2 | Portfix SBX-96255: The leakSanitizer detected memory leaks in the SipDialogResizeRouteSetCmd. Impact: Detected a memory leak in SipDialogResizeRouteSetCmd when running a Subscribe Notify call flow. Root Cause: The SipDialogResizeRouteSetCmd will cause a memory leak in the case of an error scenario. Steps to Replicate: This issue is only reproducible when using ASAN images in engineering lab. Platform/Feature: SBC | The code is modified to fix the memory leak in this function. Workaround: N/A |
9 | SBX-99682 / SBX-98319 | 2 | Portfix SBX-98319: The AddressSanitizer detected heap-use-after-free in the MrfRmCallControlBlock. Impact: Heap after free memory use is deleted when running the MRF Regression. Root Cause: Free the mrfrmCcb in the OANULL::ntwkDiscHndl, as we access the mrfrmccb in mrfRmCallFsm. Steps to Replicate: This issue is only reproducible when using ASAN images in engineering lab. Platform/Feature: SBC | The code is modified not to free the MrfRmCcb in OANULL::ntwkDiscHndl, but setting a Destoy_ccb bit. Workaround: N/A |
10 | SBX-100041 / SBX-97576 | 2 | Portfix SBX-97576: ERROR: The LeakSanitizer detected memory leaks at the SipDialogEnablePDUTrace. Impact: There is a leak detected when running a Video Regression. Root Cause: The memory is being allocated without checking whether it has been allocated before or not. Steps to Replicate: This issue is only observed when running call flows with ASAN images in the engineering lab. Platform/Feature: SBC | The code is modified to free memory before allocating the new memory. Workaround: N/A |
11 | SBX-99741 / SBX-99158 | 2 | Portfix SBX-99158: The CDR records for 230 and 231 subfields are not getting populated in the Video in bundle with rtcp-mux and ICE scenario. Impact: In certain call scenarios with bundled media streams, when the additional streams are added to the existing bundle this results in the SBC media not being configured correctly, resulting in the call CDR STOP record not showing correct data for fields. 230. Media Stream Data - All the media streams data. 231. Media Stream Statistics - All the media streams statistics. Root Cause: The policer mode for a bundle slave stream was not coded with the correct default value. In the SBC release 8.1.0, additional validation checks were added to reject media configuration if the policer mode did not have the expected value, this resulted in media configuration failing when bundle slave stream is added. Steps to Replicate: Testcase Procedure: set iceSupport iceWebrtc
set sdpAttributeSelectiveRelay enabled
- Initiate a call with Video in a bundle with rtcp-mux and ICE.
- Response from farside accepts the offer with Video as part of the bundle.
- Send STUNs for the master Video stream for RTP only.
- Send a re-INVITE adding a audio stream to the bundle.
- Response from farside accepts the stream.
- Send a re-INVITE adding a slides stream to the bundle.
- Response from farside accepts the stream.
- Clear the call and check CDR stop record.
Expected Results: Validate Bundling happens: - INVITE contains bundle with Video.
- 200 OK from SBX contains Video in a bundle with rtcp-mux and ICE.
- ICE Completes for all streams on both sides.
- INVITE sent out with Audio and Video in a bundle with unique port and ICE information.
- Response sent with Audio and Video with matching bundle information.
- INVITE sent out with video+audio with matching bundle information and slides with unique port and ICE information.
- Response sent with Video+Audio+Slides with matching information
- CDR stop record should have sub-fields for fields 230 and 231 correctly populated.
Platform/Feature: SBC | The code is modified to set the correct default policer mode for bundled streams. Workaround: N/A |
12 | SBX-99714 / SBX-57200 | 2 | Portfix SBX-57200: Implement the EMA Solution for the SBX-56878 issue: the CDR Viewer and Live Monitoring cannot be enabled/disabled. Impact: Due to Red-Indices, the CDR Viewer and Live Monitoring cannot be enabled/disabled. Root Cause: Due to Red-Indices, the CDR Viewer and Live Monitoring cannot be enabled/disabled. Steps to Replicate: - Have a Red-Indices file.
- Try to enable/disable(Change state) of Live Monitor and CDR Viewer.
- Wait for scheduler to execute check if red-indices file deleted.
- Try to change the state.
Platform/Feature: SBC | The code is modified to check and delete if any Red-Indices present. Handle the class instead throwing exception, it catches. Workaround: N/A |
13 | SBX-100245 / SBX-99951 | 2 | Portfix SBX-99951: When sending a message to the egress side, the SBC is sending a MIME-Version twice. Impact: When the Mime Header is received along with the multipart method, the MIME header is going twice in the outgoing Message Method when the transparency is enabled. Root Cause: The Two Headers are going to 1 because of Transparency and another one added by the SBC. Steps to Replicate: Run a Subscribe call flow with the Multipart body and transparency enabled for Mime-Version header. Platform/Feature: SBC | When the Multipart body is present, do not add header by transparency. Workaround: The SMM can be used to remove duplicate header. |
14 | SBX-100271 / SBX-98678 | 2 | Portfix SBX-98678: The RE-INVITE for a 200 OK from the SBC is having two different m-lines with the sendonly for audio and sendrecv for video during a DM call. Impact: The Re-INVITE for 200 OK from the SBC is having two different m-lines with the sendonly for audio and sendrecv for video during a DM call. Root Cause: Due to some code in the SIPSG that blindly overwrites the video dpm to SEND RECV. Steps to Replicate: Call flow: - The initial call flow is pass thru A↔B.
- A transfers to C (Direct Media call from here)
- B sends hold to C by sending a=inactive and c=0
- B sends late media re-invite w/o SDP to C
-> While responding locally to a late media re-INVITE, the SBC blindly copies DPM=SEND_RECV for video, which creates this inconsistency as audio is sent out by the SBC as per last SDP negotiated on that leg (that is inactive) but video=sendRecv always.
TEST CASES: Enabled the latemedia passthru / e2e re-invite &e2e ACK flags(Tested both pass thru and DM calls by sending audio&video DPM as inactive/sendrecv) case1:- SVT scenario - SBC responds with inactive for both audio/video in response to late media re-Invite.
case2:- SVT scenario with following changes: - After xfer, during HOLD, instead of inactive, B uses sendOnly with valid c-line IP to put call on HOLD.
- Party C responds with recvOnly to this HOLD INVITE.
- The SBC sends 2xx with recvOnly for both audio/video to Party B.
- Party B sends late media re-Invite.
- The SBC responds with recvOnly for both audio/video.
case3:- SVT scenario with following changes: - a. After xfer, not sending any HOLD INVITE. Basically call continues as SEND_RECV DM call.
- Party B sends late media re-Invite.
- The SBC responds with SEND_RECV for both audio/video.
Platform/Feature: SBC | The code is modified so that if the condition only if the coreaudio Dpm also SEND_RECV. It changes video DPM to SEND RECV only if the core audio DPM also SEND RECV. Workaround: N/A |
15 | SBX-100466 / SBX-100414 | 2 | Portfix SBX-100414: The Q.850 reason was cause a mapping issue. Impact: When a invalid cause=parameter is received in Reason: Q.850 header, the SBC accepts an invalid cause value and converts into a valid value. This results in incorrect cpc to the SIP causes a mapping and impact SIP messaging on other leg. Root Cause: The SBC incorrectly validates the cause= parameter in the Q.850 reason header. Steps to Replicate: - Send 600 Busy Everywhere from egress endpoint with cause = 600:
Reason: Q.850;cause=600;text="Busy Everywhere" Due to a bug, the SBC maps invalid cause value 600 to 88 ( 0x58 ) and when mapping CPC to SIP, the SBC sends 503 to the Ingress side.
Verify the issue by using the same scenario.
The SBC sends 486 Busy Here to ingress as invalid Q.850 cause code is ignored. Platform/Feature: SBC | The code is modified to ensure the SBC correctly validates cause= parameter in Reason header. Workaround: Use the SMM to filter our Reason header with an invalid Q.850 cause parameter. |
16 | SBX-100244 / SBX-100075 | 2 | Portfix SBX-100075: The AddressSanitizer detected a heap-use-after-free on address 0x6230000e31dc at pc 0x560c37742937 bp 0x7f62795d68d0 sp 0x7f62795d68c8. Impact: In case of a scenario where the INVITE is rejected because it received more than 10 Route Headers, then the pstCall will be freed as a result, but application will still be using that pointer. Root Cause: The pstCall is getting freed, but the pointer is not setting to null. Steps to Replicate: This can be reproduced in house with ASAN Build. Platform/Feature: SBC: SIP | Set the pstcall to NULL after freeing the call. Workaround: N/A |
17 | SBX-100260 / SBX-96567 | 2 | Portfix SBX-96567: The AddressSanitizer detected a stack-buffer-overflow on address 0x7ff4a63c0da0 at pc 0x562fdc55b9f7 bp 0x7ff4a63c0c30 sp 0x7ff4a63c0c28. Impact: An invalid read of 1 Byte is occurring when the SBC is trying for SRTP license. Root Cause: The freed memory is being accessed after sending memory to the stack. Steps to Replicate: This issue is only reproducible when using ASAN images in engineering lab. Platform/Feature: SBC | The code is modified so that freed memory is not being accessed. Workaround: N/A |
18 | SBX-99718 / SBX-96147 | 2 | Portfix SBX-96147: The AddressSanitizer detected a heap-use-after-free on the address 0x60400047f020 at pc 0x561f45771c9f bp 0x7f4227923c60 sp 0x7f4227923c58. Impact: The heap-After Free memory is getting used in a scenario where the INVITE is getting rejected in UasReceiveCallCmd(). Root Cause: In case of the failure in the uacReceiveCallCmd, there may be error response sent. When an error response is sent, a To Tag needs to be sent that is allocated in pstCall, so the pstCall must not be freed before sending that response. Steps to Replicate: This issue is only reproducible when using ASAN images in engineering lab. Platform/Feature: SBC | The code is modified not to free a pstCall in this case until an error response is sent. Workaround: N/A |
19 | SBX-99363 / SBX-99021 | 2 | Portfix SBX-99021: The "Tag_From" is not added in the first 2xx response for Subscribe in the Ingress side of the SBC. Impact: The Dialog Scope Variables are not working in case of a Subscribe Crank back scenario because of the From Tag Changes. Root Cause: The From Tag is not being Updated in the dialog scope variable. Steps to Replicate: - Create the SMM Profile 'Dialog_Variable'.
- Attach the SMM Profile as an Input and Output Adaptor Profile to the Ingress side of the SBC.
- SUBSCRIBE message is sent from UAC to the SBC.
- The SBC forwards to egress UAS (first route).
- The UAS1 sends 408 (first route).
- The SUBSCRIBE message is crankback to 2nd route which is in another Trunk group.
- The UAS2 will send 2xx to complete the subscription.
Platform/Feature: SBC | The code is modified to update the From Tag in the dialog scope variables. Workaround: N/A |
20 | SBX-100101 / SBX-99761 | 2 | Portfix SBX-99761: The SBC stops running after this OBS call flow. Impact: Run a DLRBT and Downstream forking scenario where the Update is received from the Egress after the cuttru done. Root Cause: De-allocating the memory but not setting a pointer to NULL. Steps to Replicate: The DLRBT is enabled, the PRACK on both legs, the Forking was enabled for a non-forked call, UPDATE with the codec change received from Egress after 180, firstRtp - SR. EXPECTED RESULT: The call should run successfully. ACTUAL RESULT: The SBC stops running after receiving update (the SBC automatically restarts). Platform/Feature: SBC | The code is modified to set the TempResponse to NULL. Workaround: N/A |
21 | SBX-99692 / SBX-98554 | 2 | Portfix SBX-98554: The AddressSanitizer detected the heap-use-after-free on address: 0x630000850478 at pc 0x5566fba3b8ef bp 0x7f920ade3b50 sp 0x7f920ade3b48 READ of size 1 at the 0x630000850478 thread T9. Impact: The Heap Use after freeing memory is getting used in a scenario when the Initial INVITE is getting rejected because of the validation of route headers. Root Cause: The SBC is accessing the To Tag from the freed pstCall Memory. Steps to Replicate: This issue is only reproducible when using ASAN images in engineering lab. Platform/Feature: SBC | The code is modified to not free that memory until the error response is sent. Workaround: N/A |
22 | SBX-100247 / SBX-99748 | 2 | Portfix SBX-99748: The AddressSanitizer detected a heap-buffer-overflow on address 0x6060007e96d0 at pc 0x55c8b4f2b47b bp 0x7efe153ce020 sp 0x7efe153cd7d0 READ of size 1 at 0x6060007e96d0 thread T9. Impact: This issue is only reproducible when using ASAN images in engineering lab. The issue occurs on the SIP-I call where we access 18x msgHandle after freeing the memory. Root Cause: The MsgHandle being used is already free. Steps to Replicate: Run a SIP-I call in an ASAN Build. Platform/Feature: SBC | The code is modified so moves above the problem causing code. Workaround: N/A |
23 | SBX-97804 / SBX-99196 | 2 | Portfix SBX-99196: There was an incorrect FQDN routing. Impact: There was an incorrect FQDN routing occurring that caused calls to route to the wrong destination. Root Cause: This is occurring in some cases where the retransmitted DNS transaction id of earlier transaction matches with the existing transaction. This causes records to save for the incorrect FQDN. Steps to Replicate: This problem could only be reproduced in the engineering lab by changing the code to force the issue. Platform/Feature: SBC | The code is modified so whenever the DNS reply is processed, the FQDN matches what is received in the DNS reply and stored in a transaction. Workaround: N/A |
24 | SBX-100266 / SBX-99927 | 2 | Portfix SBX-99927: The SBC is adding extra characters in a display name when the ingress INV contains the display name of length more than 55 characters in a GW-GW scenario. Impact: When an INVITE has the PAI header with display name more than 55 characters is passed transparently on the GW-GW, the SBC appends the username to the PAI displayname on the egress. Root Cause: While reading the PAI header out of the message, the SBC allocates size of 48 characters for displayname on a flat buffers, but copies more than 48 characters. The username is allocates from the same memory buffers starting from offset + displayname size and overwriting the display name NULL terminator with username. Steps to Replicate: Send an ingress INVITE with PAI header containing displayname length more than 55 characters transparently on GW-GW. Platform/Feature: SBC | The code is modified to only copy maximum of 48 characters into the PAI displayname buffer and strip down the rest. Workaround: N/A |
25 | SBX-100315 / SBX-100307 | 2 | Portfix SBX-100307: The ASAN detected a heap-buffer-overflow in SipFeDumpPdu (SipFeProcessSlbIncomingPdu). Impact: The SIPFE was reading invalid memory while printing sent PDUs. Root Cause: When the SIPFE module was printing SIP PDU content to the DBG log it was reading past the end of the PDU memory buffer. Steps to Replicate: This problem can only be observed when using ASAN images in the development lab. Platform/Feature: SBC | The code is modified to avoid reading past the end of the SIP PDU to avoid accessing invalid memory. Workaround: Disable the info level logging. |
26 | SBX-99728 / SBX-65393 | 2 | Portfix SBX-65393: Calls fail after deleting an unrelated ingress IP prefix within a zone. Impact: If the SBC is provisioned as follows, TGs within a zone are provisioned with duplicate ingressIpPrefix and one of the ingressIpPrefix has an invalid format. When the duplicate ingressIpPrefix is deleted, calls to TGs that should have matched the ingressIPPefix fail. Root Cause: The CLI was not rejecting an invalid ingressIpPrefix from being provisioned by the user.
Steps to Replicate: - Create a TG with ingressIpPrefix 0.0.0.0/0 (Named EXT).
- Verify ingress calls are selecting the correct ingress TG (EXT).
- Create second TG with ingressIpPrefix 10.1.1.1/0 (Named TEST_TG).
- Calls will still find the correct TG i.e. EXT, SBX will not use TEST_TG.
- Delete second TG’s ingressIpPrefix of 10.1.1.1/0 (i.e. TEST_TG ingressIpPrefix).
- Calls fail to find correct TG (EXT) now, the only TG with 0.0.0.0/0 ingressIpPrefix because the backend code does not have the 0.0.0.0/0 prefix to EXT mapping.
Platform/Feature: SBC: Call Control | The code is modified to reject invalid ingressIPPefix formats and to protect the SBC from users entering an invalid ingressIpPrefix. Workaround: Do not add or delete invalid ingressIpPrefixs. Industry acceptable format of ingressIpPrefix needs to be entered in the CLI. |
27 | SBX-99970 / SBX-99964 | 2 | Portfix SBX-99964: The AddressSanitizer detected a heap-use-after-free on nrmaMsgProc.c when running DSBC REFER. Impact: While the SBC was processing resource allocation messages associated with DTMF relay handling it was allocating memory after the memory has been freed up. Root Cause: This is a day 1 issue and not known to cause any problems in the field. While generating a DBG log message, the code was trying to print the contents of a message block immediately after the block had been freed. Steps to Replicate: This issue can only been reproduced in the lab while running with ASAN images. Platform/Feature: SBC | The code is modified to no longer access the message content after processing the message to avoid accessing the memory after it has been freed up. Workaround: N/A |
28 | SBX-99934 / SBX-99647 | 2 | Portfix SBX-99647: There are XRM SBX_GoalwoPolicy coverity issues. Impact: While processing the signaling port configuration the, the lifGroupId value was being read as a 32 bit value into a 16 bit storage location causing memory to be overwritten. Root Cause: The code was using the wrong API to read the configuration resulting in potential memory corruption. Steps to Replicate: This issue can only be reproduced using ASAN images in the engineering lab. Platform/Feature: SBC | The code is modified to only read the lifGroupId as a 16 bit value. Workaround: N/A |
29 | SBX-99973 / SBX-99814 | 2 | Portfix SBX-99814: The AddressSanitizer detected heap-buffer-overflow on the address: 0x60b0007c994a at pc 0x55758a639756 bp 0x7f1b8e3cd9a0 sp 0x7f1b8e3cd998 Impact: When the SBC is running as the T-SBC, it was reading invalid memory. Root Cause: When the SBC is running as the T-SBC it was incorrectly reading off the end of the resource allocation message because it was reading information which is only present for the M-SBC. Steps to Replicate: This issue is only observed when running with ASAN issues in the engineering lab. Platform/Feature: SBC | The code is modified to verify whether the resource response message is for the M-SBC before trying to access the specific M-SBC information. Workaround: N/A |
30 | SBX-99314 / SBX-99226 | 2 | Portfix SBX-99226: The AddressSanitizer detected an global-buffer-overflow error observed on: SipSgRedirectedInviteHandleEmbeddedRepeatableUriHdrs when sending embedded header in 3xx. Impact: For a STIR/SHAKEN as a service call flow where PSX returns 3xx with embedded identity and PAI headers, the SBC was reading off the end of an internal buffer while trying to confirm of the embedded headers where "known" headers. The issue would exist for other 3xx scenarios with embedded URI headers. Root Cause: The name of a header was missed in one array, although the count of headers was correctly updated and this caused the code to read off the end of the names buffer. Steps to Replicate: This issue is only highlighted in engineering lab while testing with ASAN enabled images. - Made a signing call using PSX as Redirector (STIRaaS).
- The PSX sends 300 Multiple Choice.
- 300 Multiple header has embedded parameters.
- The SBC does a full dip to construct redirect INVITE.
Platform/Feature: SBC | The code is modified to ensure the internal buffer contains all the correct header names. Workaround: N/A |
31 | SBX-99694 / SBX-98796 | 2 | Portfix SBX-98796: The AddressSanitizer detected a heap-buffer-overflow on the address: 0x6150043d0258 at pc 0x55c7b4ebab3c bp 0x7f6f282a51a0 sp 0x7f6f282a4950 READ of size 432 at 0x6150043d0258 thread T8. Impact: The HPC/GETS related call flows are resulting the code reading off the end of an internal memory block. Root Cause: While processing HPC/GETS related calls the code was allocating an ICM message based on the size of 3 structures and then trying to copy it based on the size of 4 structures resulting in reading off the end of the memory block. Steps to Replicate: The problem is only highlighted when running the HPC / GETS related call flows in the engineering lab with ASAN images. Platform/Feature: SBC | The code is modified to allocate the correct amount of memory to avoid the issue. Workaround: N/A |
32 | SBX-99317 / SBX-98464 | 2 | Portfix SBX-98464: The AddressSanitizer detected a heap-buffer-overflow on the address: 0x61100004c2a8 at pc 0x563b72b7b8cc bp 0x7f93b1edeff0 sp 0x7f93b1ede7a0 READ of size 692 at 0x61100004c2a8 thread T9. Impact: The SBC is reading of the end of the internal buffer when trying to pass STIR/SHAKEN information back to the ingress side of the call as part of the feature SBX-98464. Root Cause: The code was storing the STI information that the PSX returned and did not take into an account, the scenario where the PSX returned an identity header that meant the parameter when signing was bigger then verification. When it later tried to add the parameter into the backward messages, it was reading off the end of the memory buffer. Steps to Replicate: This issue is only observed when using ASAN images in the engineering lab and running STIR/SHAKEN test with signing enabled and the PSX returns an identity header to include in the outgoing INVITE. Platform/Feature: SBC | The code is modified to allocate the correct amount of memory to avoid reading off the end of the buffer. Workaround: N/A |
33 | SBX-100084 / SBX-100068 | 2 | Portfix SBX-100068: The SLB was going down after triggering a DBL entry for the event epCacAggrReject. Impact: The SLB was reading invalid memory. Root Cause: When the SLB was printing SIP PDU content to the DBG log, it was reading past the end of the PDU memory buffer. Steps to Replicate: This problem can only be observed when using ASAN images in the development lab. Platform/Feature: SBC | The code is modified to avoid reading past the end of the SIP PDU to avoid accessing invalid memory. Workaround: N/A |
34 | SBX-99425 / SBX-95584 | 2 | Portfix SBX-95584: The LeakSanitizer detected memory leaks at at packet handler. Impact: While reading the configuration data, the SBC was overwriting stack memory and also leaking small amounts of memory. Root Cause: A number of fields in the SBC configuration where defined as boolean, however confd had implemented these as integers. When reading the contents from CDB, the local variable store defined as boolean was not large enough to hold the configuration value and resulted in memory being overwritten. While the SBC was processing configuration data for users and groups it was not freeing up all the memory that was allocated, resulting in a leak. Steps to Replicate: These problems can only be reproduced in the development lab while testing with ASAN image. Platform/Feature: SBC | The code is modified to use the correct size of local variable to avoid memory being overwritten. The code is also modified to correctly free memory to avoid leaks. Workaround: N/A |
35 | SBX-99224 / SBX-98357 | 2 | Portfix SBX-98357: The LeakSanitizer detected memory leaks at PathchkPingSessionAddEntry. Impact: When making configuration changes to an existing path check object, it was causing a small memory leak. Root Cause: As part of the modify logic, the code was reallocating a memory block and it was not freeing up the memory block that was allocated when the configuration was originally created. Steps to Replicate: This problem was highlighted in engineering lab while running with ASAN images to highlight memory leaks and then making path check configuration changes. Platform/Feature: SBC | The code is modified to correctly free the memory block as part of the update logic. Workaround: Delete and recreate the path check configuration rather and modifying it. |
36 | SBX-100252 / SBX-100017 | 2 | Portfix SBX-100017: While expecting an UPDATE, the SBC sending 503 to ingress side. Impact: If the toneAsAnn is enabled, do not go for the DSP allocation for playing tones. But the SBC trying to allocate the DSP resource and fails. Root Cause: A new flag introduced as part of other feature "end2endtonemodify" that overrides "toneAsAnn" flag. Steps to Replicate: - The SBC configured to play tone. The toneAsAnn is enabled.
- Egress has sent 18x with the SDP, the SBC plays tone towards ingress.
- Ingress modify update is received. Then the SBC will handle the update and send to egress.
Platform/Feature: SBC | The "toneAsAnn" flag is given higher priority than "end2endtonemodify" flag. Workaround: SBC |
37 | SBX-99725 / SBX-96500 | 2 | Portfix SBX-96500: The SMM Testing tool does not work. Impact: The SMM test tool is not parsing through the selected profile. Root Cause: The profile index value was incorrect, so it was picking the wrong profile index and the message was unaltered by SMM. Steps to Replicate: When testing the same SMM in 7.1 code for example (with the same INPUT message), the test is successful. (Go to Test SMM for SBX-96500 for SMM details) Platform/Feature: SBC | The code is modified to contain the correct profile index. Workaround: N/A |
38 | SBX-100095 / SBX-100016 | 2 | Portfix SBX-100016: The SBC does not forward 18x towards ingress leg after the egress precondition interworking is met. Impact: In case of egress pre-condition, the UPDATE is generated even before response for PRACK is received. In such a case, where the UPDATE is triggered once response for PRACK is received, the 18x that is received from egress after preconditions is met, is not sent towards ingress. Root Cause: The root cause is because of timing issue. Steps to Replicate: - Make a call with SDP attribute "a=sendonly" or "a=recvonly" in the INVITE from UAC.
Platform/Feature: SBC | The code is modified to handle such timing issues and send the 18x towards ingress after preconditions is met. Workaround: N/A |
39 | SBX-99007 / SBX-94506 | 2 | Portfix SBX-94506: The Data Path mode is always 'a = sendonly'. Impact: Whenever the SRS put SIPREC call on hold with a=inactive, the SBC always acknowledged SIP 200 OK with a=sendonly. Root Cause: A SIPREC call hold done by the SRS was not identified in terms of Signalling properly at the SBC. Steps to Replicate: - The main call is stable.
- The SRS put the call on hold by generating SIPREC REINVITE with a=inactive.
Expected and Observed Behavior:- The SBC to respond 200 OK towards SRS with a=inactive.
Platform/Feature: SBC | Identified the CALL HOLD scenario that triggered by an SRS due to generation of RE-INVITE with a=inactive through appropriate CALL Hold Flag value for SIPREC. Workaround: |
40 | SBX-99727 / SBX-85852 | 2 | Portfix SBX-85852: "Timeout detected – Forcing the read/write access during the switchovers. Impact: The message "Timeout detected -- Forcing read/write access" is observed during switchovers. Root Cause: This message is logged on NBI timer expiry (after 2mins) and config changes were allowed before DBs are in sync. This would happen when standby initialization takes longer. Steps to Replicate: Install the SBC with the fix build and perform switchover. Ensure there is no timeout message and config changes are allowed only after configuration and Policy DBs are in sync. Platform/Feature: SBC: Platform | The code is modified to allow configuration changes only when both the CDB and oracle DB are available for READ_WRITE and sync is completed. Workaround: N/A |
41 | SBX-99489 / SBX-94375 | 2 | Portfix SBX-94375: The IpPeer authPeer fails to delete. Impact: When the IPPeer modified either the zone/port/ip, the old authPeer data structure is not deleted. Root Cause: There was a memory leak. Steps to Replicate: - Create an IPPeer with port aaaa.
- Change the IPPeer with different port bbbb.
- Change the IPPeer back to port aaaa.
- Call may fail.
Platform/Feature: SBC: Provisioning | The code is modified to delete the old data structure. Workaround: Delete the ipPeer and create a new one (not modify). |
42 | SBX-99695 / SBX-94588 | 2 | Portfix SBX-94588: The LSWU will fail/stall due to upgrade out permissions. Impact: The LSWU would fail if the upgrade out file permissions are incorrect. Root Cause: Permission of staging files were not being properly updated during the pre-upgrade checks, and failing to execute upgrade script if the permissions are incorrect. Steps to Replicate: Perform the LSWU to the fix build and verify that upgrade is successful. Platform/Feature: SBC: LSWU | The code is modified to properly update permissions of staging files during pre-upgrade checks so that the upgrade script executes successfully even if initial permissions are incorrect. Workaround: N/A |
43 | SBX-99823 / SBX-99361 | 2 | Portfix SBX-99361: The customer SBC has a memory leak. Impact: There is a bug in the “clearTcpConnectionsforRegistration" functionality that causes a memory leak. Root Cause: This code that handles the clearTcpConnectionsforRegistration flag is allocating memory to store Hostname and Username, but it never freeing this memory. Steps to Replicate: Set up the customer configuration with the “clearTcpConnectionsforRegistration” flag set. Able to reproduce the leak by running load with Registrations and de-Registrations. Platform/Feature: SBC | The code is modified to free the memory that is allocated to store Hostname and Username. Workaround: N/A |
44 | SBX-99820 / SBX-98200 | 2 | Portfix SBX-98200: There was a SCM process memory leak (SIPSG), not freeing pSbyRcb→pcrfInfo. Impact: Leaking PCRF related structures on the standby when processing the Registrations, if PCRF is configured on Trunk Group. Root Cause: Memory that was allocated for the PCRF related structures is not being freed as part of de-registration processing. Steps to Replicate: - Configure the pcrfCommitment to something other than none.
- Set the pcrf_signallingPath to enabled.
- Set the pcrf_provSignalingFlow to enabled.
Platform/Feature: SBC: SIP | The code is modified to free the memory that is allocated for PCRF related structures as part of de-registration processing. Workaround: The workaround is to set pcrfCommitment to none. |
45 | SBX-99746 / SBX-97433 | 2 | Portfix SBX-97433: The bondingDevice0 port status was showing as noSignal. Impact: The CLI highAvailabilityPort status command shows the OOS reason as “noSignal” for port bondingDevice0 even though it is up. Root Cause: There was a code to check bond0 device status and parse the output required a fix. Steps to Replicate: Install the fix build and run the CLI command "show table system highAvailabilityPort status" to ensure the OOS reason is displayed correctly. Platform/Feature: SBC | The code is modified to ensure the proper display of an OOS reason in highAvailabilityPort status command. Workaround: N/A |
46 | SBX-100064 / SBX-75563 | 2 | Portfix SBX-75563: The port number was in the DBG log. Impact: For non-UDP calls, the peer IPs of all status messages sent from the SBC to the UAC in TRACE log will be displayed through the header's IP. The messages themselves are sent to the right IP, that sent the request message to the SBC. Root Cause: The original code overwrites the SipMsg's peerIp with through header. The PeerIp will be used to print in the trace log. Steps to Replicate: - Set up TCP calls, and TLS calls.
- Make VIA header's IP different from UAC IP.
- Make the call, collect the TRC log. DBG log could be also collected as debug tool.
- Ensure that all out going msg are sent to right IP:Port in displayed in TRC log.
Platform/Feature: SBC: Platform/Media Services, SIP | The code is modified so for the non-UDP calls (TCP and TLS calls, SipMsg's peerIp) set to the source IP. Workaround: N/A |
47 | SBX-99583 / SBX-99515 | 2 | Portfix SBX-99515: The X2 messages do not have the timestamp set correctly. Impact: In Default LI, the X2 message does not have milliseconds in the time stamp captured as part BCID avp. Without a fix, milliseconds in the time stamp field will be 000 and time stamp field will look like "Event Time: 20200429190440.000" Root Cause: Milliseconds data was never captured in time stamp field for Default LI. Steps to Replicate: Run a default LI call. Platform/Feature: SBC | The code is modified to incorporate milliseconds. With the fix , the time stamp field looks like "Event Time: 20200429190440.541". Workaround: N/A |
48 | SBX-99938 / SBX-98996 | 2 | Portfix SBX-98996: No audio on the SRTP calls. Impact: Certain call scenarios (SRTP with ICE) intermittently start with one-way audio on encrypted leg(s) due to SRTP authentication failures. Root Cause: Race condition in setup of encryption and decryption resource results in uninitialized ROC value being used to encrypt outgoing media packets. Steps to Replicate: SVT ran the SRTP with ICE call load overnight and verified no authentication failures. Platform/Feature: SBC | Eliminated race condition between encryption and decryption resource setup to ensure the encryption ROC begins at zero. Workaround: N/A |
49 | SBX-98388 / SBX-98356 | 2 | Portfix SBX-98356: The AddressSanitizer detected SEGV on an unknown address 0x0000000000e5 (pc 0x5653a715fdde bp 0x7f84a52bfea0 sp 0x7f84a52bfe70 T9). Impact: After a successful surrogate registration, if any configuration related to the IP Peers/TGs/Surrogate registration is deleted, the SCM process will coredump. Root Cause: The code was dereferencing a NULL pointer as the trunk group configuration data was no longer present when the surrogate registration response came back. Steps to Replicate: Trigger the SBC to send out surrogate registration request and delete all the associated trunk group configuration before sending back a response from the remote server. Platform/Feature: SBC | The code is modified to check that the trunk group configuration exists before trying to read the configuration. Workaround: Do not delete any Trunk Group's to avoid SCM cores. |
50 | SBX-100005 / SBX-100002 | 2 | Portfix SBX-100002: The JIP parameter is not being sent in PAI header. Impact: The JIP parameter received in the 3xx was not sent in PAI header. Root Cause: This is because of the Enhanced Local Redirection changes done in 7.2.3 R1 Steps to Replicate: - Make a SIP-SIP call with JIP in jip parameter in PAI header.
- The egress send 302 Moved Temporarily message with a different JIP value.
Platform/Feature: SBC | The code is modified to fix the issue. Workaround: N/A |
51 | SBX-99902 / SBX-95083 | 2 | Portfix SBX-95083: The SBC was terminating all the (Transfer Target and Transferee) call legs after call transfer on the Ppenstack / AWS. Impact: The SBC was terminating all the (Transfer Target and Transferee) call legs after call transfer on the Ppenstack / AWS. Root Cause: The SBC signaling plane was quickly reusing the same RTCP gen media resource with this call transfer modification scenarios, and the media plane rejecting the reuse of this resource resulting in call failures. The media plane disables the original resource only after sending last RTCP packet from media plane, then only it allows the reuse. Steps to Replicate: Enable the NoBye RTCP Gen options, test the call transfer, and modify scenarios as shown below: - Make call from PSTN endpoint to Teams endpoint (simulated in SIPp).
- Answer the call as Teams client.
- Initiate blind transfer from Teams client to another Teams client.
- disconnect the call at PSTN endpoint.
Platform/Feature: SBC | The code is modified to allow this reuse with NoBye RTCP Gen option. Allowing the signaling plane to reuse the same media resource for these call transfer, modifications to work. Workaround: Disabling the RTCP Gen/term from the SBC, and using RTCP relay will not have such issues. |
52 | SBX-99594 | 2 | The OAM SBC had a failover/switchover. Impact: There as a recurring random OAM switchovers have been noticed at the customer site. Root Cause: The VNFR REST message key and/or value may be NULL. This causes the std::string type instantiation to fail and bring down the SBC application. Steps to Replicate: The problem cannot be reproduced, the issue was fixed based on coredump and core review. Platform/Feature: SBC | The code is modified to handle the cases where the std::string is instantiated with a NULL value. Workaround: N/A |
53 | SBX-100397 | 2 | An mgt1 IP address appears on the mgt0 interface after a reboot of the SWe SBC. Impact: After adding the second management, the interface was adding the second management IP in first management IP. Root Cause: Not updating the /etc/network/interfaces file with second interface entry. Steps to Replicate: Add the second management interface and ifconfig command must give proper output with separate IP for all management interfaces. Platform/Feature: SBC | The code is modified to update the second management IP. Workaround: N/A |
54 | SBX-100634 | 2 | The CDR file transfer fails with the 12.00.00R version of the DSI server. Impact: The CDR file transfer fails with the 12.00.00R version of the DSI server. Root Cause: The newer 12.00.00R000P1 version of the DSI server no longer supports the hmac-sha1 as a mac algorithm during the ssh key exchange. The hmac-sha1 is no longer considered secure so the most recent releases of many Linux operating systems have removed support for hmac-sha1. Steps to Replicate: - Configure the CDR file transfer to a DSI server running the version 12.00.00R000P1 or later.
- Observed that the file transfer fails.
- In the /var/log/secure log on the DSI, note an error saying the authentication failed because hmac-sha1 is not available
Platform/Feature: SBC | The code is modified to offer the hmac-sha2-256 as the first choice for the mac algorithm. However, the hmac1-sha1 is also offered as a choice to support transfer of files to older systems that do not have hmac-sha2-256 available. Workaround: Edit the /etc/ssh/sshd_config file on the DSI and add hmac-sha1 on the line starting with MACs |
55 | SBX-95639 | 2 | The RTP Inactivity Timer fires early upon performing a port switch-over on the M-SBC and duplicates a STOP Record as a result. Impact: During the high call load if the SBC detects media inactivity, it generates a duplicate STOP record with the disconnect reason as Module Failure for a subset of calls. Root Cause: When the RTP inactivity is detected for a call, the GCID of that call is added to a unsolicited call cleanup list. When the call cleanup is invoked, if it finds that a previous call cleanup is going on then it generates STOP record for all the pending calls cleanups for which it has not received a cleanup reply. Thus causing duplicated STOP record generation for a few calls. Steps to Replicate: - Set the RTP inactivity timeout value.
- Enable or disable the preventDuplicateEmptyStopRecOnInactivityDetection.
- Run a call load such that RTP inactivity timeout occurs.
- Notice that when preventDuplicateEmptyStopRecOnInactivityDetection is enabled there should be no duplicate STOP records for STOP records with disconnect reason as RTP inactivity.
Platform/Feature: SBC | The code is modified to configure whether the SBC generates duplicate stop record on inactivity detection or not. Command: set oam accounting admin preventDuplicateEmptyStopRecOnInactivityDetection <enabled/disabled> Disabled: Default: continue with existing behavior (to generate empty STOP record in case of RTP inactivity detection). Enabled: To stop generation of empty STOP record in case of RTP inactivity detection. Workaround: N/A |
56 | SBX-99659 | 2 | The SBC will increment the port number in the Request-URI of the outgoing INVITE, if the first non-SBC Route header of the incoming INVITE did not contain "transport" parameter and the SBC/PSX configuration determined the egress call leg transport type as TLS. Impact: The call route in the received route and egress is the TLS, the RURI port is not increment by 1. Root Cause: Missing the logic to increment port by 1. Steps to Replicate: The configuration call received a route, the incoming call has route IP but no transport parameter. The SBC sends out an INVITE without increment port in the RURI. Platform/Feature: SBC | The code is modified to increment port by 1. Workaround: Have the SMM to increment port. |
57 | SBX-100485 | 2 | There was an issue on link failures counts on the Port Monitor Status. Impact: There was alinkFailure count in portMonitorStatus command was not getting incremented upon the link failures. Root Cause: The counter was not getting incremented whenever a link monitor failure notification is reported. Steps to Replicate: Simulate link failures and check for a linkFailure counter in portMonitorStatus command output. Platform/Feature: SBC | The code is modified to increment the counter upon getting the link monitor failure notification. Workaround: N/A |
58 | SBX-100869 | 2 | The Egress SBC is not tearing the call down, even though the ingress SBC releases the call. Impact: When making the GW-GW call flows between the SBC and either the SBC or GSX call flows and bulk call failures occur on one GW. Root Cause: There was a code change in the 8.2.1R0 release that mistakenly removed processing of the GW multiple call clear message. This message is used to send a list of multiple GCIDs that have failed on one GW, over to the other GW to clean up as a bulk. As the message is dropped, the calls will not be cleaned up until timers expire or the user hangs up the call. Steps to Replicate: Run an SBX-GW-GW-SBX call flows with packet loss action set to trap and disconnect and do not provide any media so multiple calls are cleaned up in a single action. Check the calls are cleaned up correctly on both GWs. Platform/Feature: SBC | The code is modified so multiple call failures are processed immediately. Workaround: N/A |
59 | SBX-100453 | 2 | The MS Teams zone detection needs to account for GCC and DOD deployments. Impact: MS Teams uses special FQDNs for GCC and DOD network deployments and the SBC was not using these to recognise that it was a MS Teams zone. This meant that some of the native functionality such as generating UserAgent headers did not happen. Root Cause: The code was not checking for the special FQDNs of sip.pstnhub.dod.teams.microsoft.us and sip.pstnhub.gov.teams.microsoft.us. Steps to Replicate: Configure the SBC in one of these networks and check that it is automatically sending UserAgent and other headers. Platform/Feature: SBC: MS Teams | The code is modified to check for these deployments. Workaround: Add a pathcheck to a regular MS Teams FQDN to get native support or implement the SMM to cover the functionality that is available natively, similar to the 7.2 configuration guide. |
60 | SBX-98680 | 2 | The response for the OPTION message received from TEAMS does not have domain name in contact. Impact: The contact header sent in the 200 OK response to the out-of-dialog OPTIONS message in the MS Teams zone contains IP address. Root Cause: The out-of-dialog OPTIONS message received in the MS Teams Zone. Steps to Replicate: Send an out-of-dialog OPTIONS message in the MS Teams Zone. Platform/Feature: SBC | The code is modified to populate the zone domain into the Contact header of 200 OK. Workaround: N/A |
61 | SBX-100786 | 2 | The EMA /tmp has been filling the "/var/log/sonus/ema/tmp". Impact: The EMA /tmp has been filling the "/var/log/sonus/ema/tmp" Root Cause: Every time the SBC started up, it is not created a new tmp directory. Steps to Replicate: - Restart the EMA.
- After connect to corresponding the SBC box.
- Navigate to /var/log/sonus/ema.
- Observe the newly created tmp directory.
Platform/Feature: SBC | The code is modified to fix the issue. Workaround: N/A |
62 | SBX-100497 | 2 | The Call/Registration Data is showing the syncInProgress after upgrading the Standby MSBC in 2:1 DSBC Setup. Impact: The Call/Registration Data sync does not complete when the Active is running in the 8.20R001 and standby is running in 9.0R000 and the call load has PCSILI stable calls during sync. Root Cause: For PCSILI, one of the redund messages is not registered to the ObjectFactory. As a result, the ObjectFactory is unable to provide serialization/de-serilazation Steps to Replicate: Performing the LSWU from 8.2.0R001 to 9.0R000 with PCSILI calls will cause this issue. Platform/Feature: SBC | All required redund messages for PCSILI are registered to the ObjectFactory to provide the serialization/de-serilazation. Workaround: This is affected only for PCSILI calls' sync. Since the customer is not going to do the regular LSWU procedure as part of their upgrade, this issue will not be seen in the customer deployment. Also, the upgrade is successful, if there is no PCSILI stable calls during the upgrade(sync time specifically). |
63 | SBX-100363 / SBX-96472 | 2 | Portfix SBX-96472: The SLB restarted on Jan29 / SSBC3, on Feb25 / TSBC1, on Feb 26 / TSBC4 on Mar 19. Impact: The watchdog incorrectly kicks in and kills the service resulting in a restart of the service. Root Cause: The pidof and ps commands are sporadically returning a false negative, indicating to the watchdog that the safplus_amf process is not running when in fact it is. Some type of race condition with processes starting/exiting is causing the getdents call to skip processing some of the /proc file system. Steps to Replicate: - Kill safplus_amf and ensure the watchdog properly detects it, kills all the components, and restarts the service.
- There is no way to validate that we do not restart due to a false negative without an unexpected failover happening and being analyzed back to the watchdog kicking in for no apparent reason.
Platform/Feature: SBC | When the watchdog detects that safplus_amf is not running, a second call is made to pidof to confirm that the process is completely gone. Workaround: N/A |
64 | SBX-100403 / SBX-100400 | 2 | Portfix SBX-100400: The OOM (Out Of Memory) threshold default value is not set correctly on a HA system. Impact: In the 8.2 release, the default value of outOfMemory configuration was increased from 85% to 91% but the logic is not taking effect on freshly installed HA systems. Root Cause: There was a bug in the code which meant the standby server was not reading the hardware details correctly and assigned the value of 85% instead of the value of 91% set on the standby server. When the standby server then synced with the active server for the first time it resulted in the system value getting reset to 85%. Steps to Replicate: Install a HA server and confirm that the default outOfMemory value is set to 91%. Platform/Feature: SBC | The code is modified to correctly read the hardware details and set the outOfMemory configuration to 91% on the standby server to match with the active so that the overall system value is initialized to 91%. Workaround: The user can manually set the outOfMemory configuration to 91%. |
65 | SBX-99529 | 2 | The call upgrade scenario failing in the DSBC (MSRP upgraded to MSRP and audio call). Impact: The problem is that MrmModifyRpy on the MSBC is picking the SSBC GCID when it was supposed to pick the MSBC GCID and reply to the local NRMA on MSBC that leads to a call failure. Root Cause: The root cause is that the SSBC GCID was being picked instead of the MSBC GCID to send the MrmModifyRpy. Steps to Replicate: Run a basic MSRP call with re-invite and ensure the re-invite processing is successful, the media flows and tear down is successful. Platform/Feature: SBC | Based on the MSBC check, pick the MSBC GCID in order to send the reply to the local NRMA on the MSBC that allows us to process the call modification/tear down smoothly. Workaround: N/A |
66 | SBX-100247 / SBX-99748 | 2 | Portfix SBX-99748: The AddressSanitizer detected the heap-buffer-overflow on address: 0x6060007e96d0 at pc 0x55c8b4f2b47b bp 0x7efe153ce020 sp 0x7efe153cd7d0 READ of size 1 at 0x6060007e96d0 thread T9. Impact: This issue is only reproducible when using ASAN images in engineering lab.Issue happens on SIP-I call where accessing 18x msgHandle after freeing the memory. Root Cause: The MsgHandle that was being used is already free. Steps to Replicate: Run a SIP-I call in an ASAN Build. Platform/Feature: SBC | The code is modified problem was causing code. Workaround: N/A |
67 | SBX-100263 / SBX-100059 | 2 | Portfix SBX-100059: After observing an overnight call load run, the ping with a size more than 1453 is not reaching to the SSBC. Impact: The SBC SWe can get into a state where it cannot receive and reassemble fragmented packets. Root Cause: For the fragmented packets that take close to 1 second to send the complete context, network processor could decrement the incorrect interface "current number of fragments context in use" counter. The network processor has a maximum fragment context in use limit and once it hits that limit, it will not accept new fragmented packets. Steps to Replicate: Send the fragmented packets that take 1 second to complete to pkt0, pkt1 or mgt1 port. This may take some time but eventually the interface stops accepting fragmented packets without the fix. Platform/Feature: SBC | Fix race condition and decrement the correct interfaces "current number of fragment context" counter. Workaround: Try not to send a very large fragmented packet to the SBC. |
68 | SBX-99716 / SBX-94838 | 2 | Portfix SBX-94838: The securelink access was not working for the Standby server. Impact: From an EMA PM, once the GateKeeper Access is enabled, it is getting updated as the 'disabled' instead of 'enabled'. Root Cause: This issue was due to missing ACLs on third and fourth management ports. Steps to Replicate: - Login to securelink.sonusnet.com
- Generate the registration codes for the Active SBC and the standby 5400 SBC.
- Login to the respective SBC EMA PM.
- Navigate to Secure Link ( Administration -> System Administration -> Secure Link).
- Provide the DNS IP address and Registration code(generated in step 2).
- Click on 'Enable GateKeeper Access'.
Note: Enabling Gatekeeper access is done with different registration codes in Active and standby setup. From EMA PM, once the GateKeeper Access is enabled, the status should show as 'enabled'.
Platform/Feature: SBC | Support for setting ACLs for third and fourth management ports is added. Workaround: N/A |
69 | SBX-99486 / SBX-99098 | 2 | Portfix SBX-99098: The SBC does not relay 200 OK for UPDATE in a late media passthrough and reverse offer scenario. Impact: The latemedia relay call, the SBC may not able to respond to UPDATE if the previous 18x received is not prack. Root Cause: There was a logical error due to previous 18x did not have prack support causing the SBC to be unable to send out 200OK for an UPDATE. Steps to Replicate: During a latemedia relay, the Egress offers an SDP in 18x with prack, egress received subsequent 18x without prack, the egress received UPDATE with SDP. The SBC is unable to answer the UPDATE. Platform/Feature: SBC | For a latemedia call, and if the SDP offer/answer completed, the SBC is able to answer the UPDATE. Workaround: Use the SMM to drop 18x without prack if not SDP. |
70 | SBX-99544 / SBX-98818 | 2 | Portfix SBX-98818: There was an Upgrade failure from 8.2.0R0 to 8.2.0R2. Impact: Impact on the SWe Live Software Upgrade for the upgrades from version 8.x to 8.x. Root Cause: There may be a Live Software Upgrade failure while upgrading from versions 8.x to 8.x if a model marker(dynamicHANewComps) is present from the previous upgrade. Steps to Replicate: Perform a Live Software Upgrade from 6.x to 8.x and further upgrade to 9.0 and verify the upgrade to 9.0 is successful. Platform/Feature: SBC | The code is modified to ensure the removal of the model marker dynamicHANewComps after completion of upgrade on both nodes. Also, upgrading to 9.0 or later ensures removal of marker if a leftover from previous upgrade. Workaround: While performing the Live Software Upgrade from 8.x to 8.x, remove the following marker file on both nodes if present. "rm -f /opt/sonus/installUpgrade/log/dynamicHANewComps" |
71 | SBX-99473 / SBX-96711 | 2 | Portfix SBX-96711: Sometimes, a call on hold is followed by REFER fails. Impact: A call onhold before blind transfer may cause a call teardown. Root Cause: There is a race conditions in state machine during call transfer between transfer legs might cause offer answer timeout that tear down the call. Steps to Replicate: - A calls B, B put on hold, B refer to C.
- C answers a fast connection. The B received the Notify connect, B send bye immediately.
- Small load may have caused call tear down due of offer answer timeout.
Platform/Feature: SBC | The code is modified so waiting for internal resources bridging is done before the notify peer transfer completed. Workaround: If B can delay (200ms) before send bye. |
72 | SBX-99924 / SBX-99918 | 2 | Portfix SBX-99918: The contact header parameters are not passed transparently in the redirected Invite. Impact: With the Enhanced Local Redirection flag enabled, the contact Header parameters received in 3xx are not sent as parameters in Request URI if they are not processed by the SBC. Root Cause: When implementing the changes for this new flag in 723 R1, this flag check was missed. Steps to Replicate: - The UAC sends INVITE towards the SBC over TG1.
- The SBC performs the D+ query and the Local Tagging is performed at PSX for the TG1 and returns the Redirector IP as part of the reply.
- The SBC sends the Egress Invite towards the SBC towards the Redirector.
- Redirector sends 3xx with the contact containing UAS IP and DTG info as mentioned below:
Contact: <sip:9894192190@10.34.166.40:5060;dtg=SBC2_INGRESS_TG> Platform/Feature: SBC | The code is modified to fix the issue. Workaround: Enable the honorEmbeddedHeadersIn3xx or includeEmbeddedPAIheaderInRedirectedInvite to fix this issue. |
73 | SBX-100106 / SBX-98147 | 2 | Portfix SBX-98147: The SSBC is not forwarding a 200 OK response of the OOD INFO to INGRESS SLB. Impact: The INFO message response was not being sent to correct SCM and as a result, the SCM was not getting the related TCB and dropping the message there. Root Cause: The INFO message in the "From" header Tag was not including SCM information and as a result, the SIPFE was unable to get the correct SCM to process this response. Steps to Replicate: - Enable the non-invite relay configuration in TG.
- The UE Client Send INFO message to the SBC.
- The SBC will add the "From" header tag and forward it to UE server.
- The UE server will send 200 OK towards the SBC.
Platform/Feature: SBC | Added SCM information in the "From" header tag. Workaround: This issue will not be seen in the SBC with single SCM process. |
74 | SBX-100046 / SBX-90675 | 2 | Portfix SBX-90675: The SBC inserts the port number 5060 in the Record-Route headers. Impact: The SBC adds a default port as 5060 for transport TLS in Record Route header of 18x. Root Cause: When the flag noPortNumber5060 in IPSP is disabled, the SBC adds the default port in the Record Route header of 18x if the INVITE does not contain a port in RR. Steps to Replicate: Include Record Route header in INVITE as mentioned below: Record-Route:<sip:10.54.81.110:4589;transport=tcp;lr>,<sip:10.54.81.112;transport=tcp;lr>, <sip:HHSIP@10.54.81.110;av-asset-uid=rw-75a842d6;lr;transport=tls> Make the call and answer the call. The SBC sends 18x towards ingress side. Verify the Record Route in 18x. Record-Route: <sip:10.54.81.110:4589;transport=tcp;lr> Record-Route: <sip:10.54.81.112:5060;transport=tcp;lr> Record-Route: <sip:HHSIP@10.54.81.110:5061;av-asset-uid=rw-75a842d6;lr;transport=tls> Platform/Feature: SBC | When the flag noPortNumber5060 in IPSP is disabled, the SBC adds the default port 5061 for TLS transport and 5060 for other transports in the record route headers if the corresponding request/response does not contain port in record route header. Workaround: The flag noPortNumber5060 in IPSP will be enabled. Then the SBC will not add default port. |
75 | SBX-99478 / SBX-97461 | 2 | Portfix SBX-97461: Both the SBC CLI and EMA allows to configure an invalid regex under the sipAdaptorProfile (SMM) that causes an SCM Process coredump once the SBC performs the regex operation (regstore). Impact: The SBC may core when config SMM with invalid regex action. Root Cause: The invalid action did not delete from rule when detect invalid. Steps to Replicate: Configure the regex for invalid action, incoming call with valid criteria and action taken might caused core. Platform/Feature: SBC | Delete the invalid action from the rule. Workaround: Avoid configuration regex with invalid action. |
76 | SBX-100001 / SBX-99882 | 2 | Portfix SBX-99882: The SBC coredumped due to a Path Check. Impact: The Pathcheck process may coredump when the pathCheck is state disabled on a FQDN based ipPeer. Root Cause: The Pathcheck process hit a race condition that can occur when the DNS query completes AFTER pathCheck (on the FQDN based ipPeer) was state disabled that can cause a NULL pointer access coredump. Steps to Replicate: This is timing dependent issue, that is very difficult to reproduce. Attempt to reproduce by defining FQDN based ipPeer(s) with pathCheck profiles state enabled. Randomly state disable and state enable the ipPeer(s) pathCheck profiles. Platform/Feature: SBC | The code is modified to protect against the NULL pointer access. Workaround: N/A |
77 | SBX-99248 / SBX-98949 | 2 | Portfix SBX-98949: Observing the error prints of 504 and increase in a retransmission while running the IPSEC load with multiple IPSEC-Tunnels. Impact: In a large SWe SBC distributed NP Model, when multiple IPSec SA tunnels are established from different peers, IPSec packets getting dropped with anti-replay errors. Root Cause: In a large SWe SBC distributed NP Model, scope of an anti-replay local compute was not correct, caused corruption and resulted in false anti-replay drops. Steps to Replicate: Establish multiple IPSec SA tunnels from different endpoints and send the IPSec traffic to a large SWe SBC with Rx distributed NP Model and observe SA stats. Platform/Feature: SBC | The code is modified so the scope of per worker ipsec dec anti-replay local compute is fixed. Workaround: N/A |
78 | SBX-99880 / SBX-99783 | 2 | Portfix SBX-99783: The SBC is sending the generic number with the Presentation restricted instead of allowed. Impact: The generic Number parameter sent to PSX does not have a presentation set when the X-Headers are supported, the Generic Number digits are derived from P-Asserted-ID and no X-CALLING-NUM header is received. If the call egresses on SIP-I, this results in the ISUP Generic Number having presentation restricted, rather than a presentation allowed. Root Cause: The presentation for a Generic Number not defaulted to allowed. Steps to Replicate: X-Headers are supported. Send INVITE with Privacy: none header, no X-CALLING-NUM header, no X-GENERIC-NUM header and P-Asserted-ID with SIP and TEL URIs. Platform/Feature: SBC | The code is modified to default presentation if not already set. Workaround: N/A |
79 | SBX-99278 / SBX-99137 | 2 | Portfix SBX-99137: The GSX is not complete address in IAM, which resulted in the GSX rejecting with 484. Impact: The Generic Number was sent to the PSX is does not have presentation restricted when the Privacy: id header is received, if X-CALLING-NUM header is received with presentation allowed and Generic Number is derived from P-Asserted-ID. Root Cause: The presentation for a Generic Number not derived from Privacy. Steps to Replicate: X-Headers are supported. Send INVITE with Privacy: id header, X-CALLING-NUM header with presentation allowed, and P-Asserted-ID with SIP and TEL URIs. Platform/Feature: SBC | The code is modified to derive Generic Number presentation correctly. Workaround: N/A |
80 | SBX-95455 | 2 | Unable to change the username of a configured AD Domain Controller through the EMA. Impact: When creating a domain controller from the EMA, the username validation was failing for special characters because of that unable to create domain controller but CLI was accepting special character to username and able to create the domain controller. Root Cause: The username validation was failing because the username param was not part of netconf request and netconf was throwing an error. Steps to Replicate: - Login into EMA.
- Go to All -> global->servers->domain controller.
- Click on New Domain controller button.
- Fill the value in all field but for username need to put special characters.
- Click on the submit button.
Platform/Feature: SBC | The code is modified so the EMA validates the username param based on default regex that is in the yang file. Workaround: The backened code was modified so the workaround is not possible. |
81 | SBX-99954 / SBX-99923 | 3 | Portfix SBX-99923: The HW SBC GCM SRTCP encrypted packets dropped by the SWe SBC. Impact: The HW SBC GCM SRTCP encrypted packets dropped by the SWe SBC. Root Cause: The HW SBC is not including an E bit along with SRTCP index in GCM SRTCP encryption, that results in the SWe SBC decryption error drops. Steps to Replicate: Test calls between the HW SBC and SWe SBC with GCM crypto suites, and verify SRTP/SRTCP packets are decrypted, relayed fine. Platform/Feature: SBC | The code is modified to include an E bit along with SRTCP index in the GCM SRTCP encryption. Workaround: N/A |
82 | SBX-100226 / SBX-100160 | 3 | Portfix SBX-100160: the Serf log file is missing from the Logrotate. Impact: One of the serf log files, serfOutputMembership.log, is missing from the Logrotate. Root Cause: The file was missed from LogRoate configuration. Since this is not a rapidly growing logfile, risk of this log file was filling up disk is very minimal. Steps to Replicate: Install the build on cloud/swe and check if the serfOutputMembership.log is listed in /etc/logrotate.d/serfLogRotate Platform/Feature: SBC | The code is modified to the LogRotate configuration. Workaround: Manually add the serfOutputMembership.log to serfLogRotate. |
83 | SBX-100980 | 2 | Unable to create SIP SIG port on SBC5400 after upgrade to 8.2.1R0. Impact: After an upgrade, additional the sipSigPort cannot be created on SBC5400 in certain ipInterfaceGroup configuration. These SBC5400 configuration has an ipInterfaceGroup with ipInterfaces on packet ports on: {pkt0,pkt2}, {pkt0,pkt3}, {pkt0,pkt2,pkt3}, {pkt1,pkt2}, {pkt1,pkt3}, or {pkt1,pkt2,pkt3} sets. Root Cause: During an upgrade, the SBC5400 did not consider the fact that packet ports pkt0,pkt1,pkt2,pkt3 were all handled by the same Network Processor (NP). Instead SBC5400 behaved like SBC5200 - pkt0,pkt1 were handled by NP#0 while pkt2,pkt3 were handled by NP#1. Steps to Replicate: - Configure an ipInterfaceGroup, LIG1, with ipInterfaces on pkt0 and pkt2 on SBC5400. Configure the sipSigPort 1 with ipInterfaceGroup LIG1.
- Configure another ipInterfaceGroup, LIG2, with ipInterfaces on pkt1 and pkt3 on SBC5400. Configure the sipSigPort 2 with ipInterfaceGroup LIG2.
- After an Upgrade to 8.2.2, add a new sipSigPort with ipInterfaceGroup LIG1.
- (Optional) After an Upgrade to 8.2.2, add a new sipSigPort with ipInterfaceGroup LIG2.
Platform/Feature: SBC | The code is modified so the SBC5400 correctly sets the packet port to NP mapping table entries. Workaround: N/A |
84 | SBX-100731 | 2 | There are extra stop records getting generated when calls are cleared due to the dryup timer expiry. Impact: There are extra stop records getting generated when calls are cleared due to the dryup timer expiry. Root Cause: The call cleanup was not working correctly, and the original call cleanup is done by using NRM unsolicited list, which was causing the issue. Steps to Replicate: 1. Make three calls. 2. Put the TG in Out of Service. 3. The dryup timer will expire and the calls will get cleared by the SBC. After step 3, check for the stop records. Platform/Feature: SBC | Cleanup the calls by using the takeDownCalls method instead of keeping in NRM unsolicited list to fix the issue. Workaround: N/A |
85 | SBX-100666 / SBX-99946 | 2 | Portfix SBX-99946: The SBC is not sending the RR/RS:0 in a 200 OK during RE-INVITE answer. Impact: The SBC is not sending the RR/RS :0/0 in a 200 OK for RE-INVITE towards the ingress. Root Cause: The issue is due to SBX-96087 JIRA changes, which was to modify GWFE code to set RTCP send and receive bandwidth as CPC_RTCP_BW_UNKNOWN if CPC parameter is not received from the Ingress SBC or GSX. Steps to Replicate: Test Setup: The SBC and GSX is configured to make SBX-GSX SIP-SIP call. Procedure: - Configuration:
Egress PSP: AMR (WB) Bandwidth efficient. Ingress PSP: AMR (WB) Bandwidth efficient. Transcode conditional flag enabled on both PSP - The RTCP is enabled in both the Ingress and Egress PSP and the RR/RS bandwidth is configured as 100 in Ingress PSP and as 200 in Egress PSP.
- Flag the 'Send RR/RS in SDP' is enabled in IP signaling profile for both the Ingress and Egress.
- Initiate a SIP-SIP Audio call with Audio codec as the AMR WB with RTCP bandwidth parameters in SDP as:
b=RR:400 b=RS:400 - The Egress Answers with RTCP bandwidth parameters in SDP as:
b=RR:300 b=RS:300 - Ingress end point sends Re-Invite with RTCP bandwidth parameters in SDP as:
b=RR: 0 b=RS: 0
Platform/Feature: SBC | Revert changes made for the JIRA SBX-96087 to fix the issue. Workaround: N/A |
86 | SBX-100662 | 3 | The RTP Inactivity Timer fires early upon performing a port switch-over on the M-SBC and generates a duplicate STOP Record as a result. Impact: During a high call load if thenSBC detects media inactivity, it generates a duplicate STOP record with the disconnect reason as Module Failure for a subset of calls. Root Cause: When the RTP inactivity is detected for a call, the GCID of that call is added to a unsolicited call cleanup list. When the call cleanup is invoked, if it finds that a previous call cleanup is going on then it generates STOP record for all the pending calls cleanups that it has not received a cleanup reply for. As a result, this causes the duplicated STOP record generation for a few calls. Steps to Replicate: - Set the RTP inactivity timeout value.
- Enable or disable the preventDuplicateEmptyStopRecOnInactivityDetection.
- Run call load such that RTP inactivity timeout occurs.
- Notice that when preventDuplicateEmptyStopRecOnInactivityDetection is enabled, there should be no duplicate STOP records for STOP records with disconnect reason as RTP inactivity.
Platform/Feature: SBC | The code is modified to configure whether the SBC should generate duplicate stop record on an inactivity detection or not. Command - set oam accounting admin preventDuplicateEmptyStopRecOnInactivityDetection <enabled/disabled> disabled (default): Continue with existing behavior (generate an empty STOP record in case of an RTP inactivity detection). enabled: Stop the generation of empty STOP record in case of an RTP inactivity detection. Workaround: N/A |
87 | SBX-100406 | 2 | Modify the codec from the Ingress update is not sent in the RE-INVITE to egress. Impact: The E2eupdate flag is enabled but peer does not support an update. On the ingress side, support the update. The call is put in connected state. When the ingress modify update is received on the ingress leg, the egress side SBC has to send a RE-INVITE for media change. But the SBC fails to send. Root Cause: When the E2eupdate is enabled, the SBC tries to send update instead of a reInvite but it failed in stack layer since allowing the update is not supported on the egress leg. Steps to Replicate: The E2eupdate flag is enabled but peer does not support the update (2xx for an invite does not have allow: update) but on the ingress side, support the update. Call is in the connected state. Send the ingress modify update on the ingress leg. Platform/Feature: SBC | The code is modified to check the peer supports update and then sends the update or else it is needed to send a reInvite. Workaround: N/A |
88 | SBX-100543 | 2 | After a restart, the D2SSBC21 fails to register with the EMS. Impact: The SBC is not registering with the EMS after a reboot. Root Cause: The cloud-init is failing while processing a obj.pkl file and not fetching the user data. The LCA fails to find 'EmsPassword' entry in the existing user data file as it was removed by the keyKeeper on every boot up. Steps to Replicate: Reboot the SBC and test that the SBC is getting registered with the EMS after a boot up. Platform/Feature: SBC | Avoid the cloud-init failure by removing the obj.pkl file in the LCA. Workaround: Remove the /var/lib/cloud/instance/obj.pkl file manually and reboot the system. |
89 | SBX-97775 | 2 | The VLAN tagged interfaces on the Guest instance are not reachable. Impact: The VLANs on the guest does not work with the X-710 NIC SR-IOV mode in VMWare Setup. Root Cause: There was issues with the i40en driver from VmWare that was fixed in 1.8.6 version. The SBC was not configuring the VLAN from the VF to the F properly, which was fixed. Steps to Replicate: Configure the VLAN on the guest with X710 SR-IOV on VmWare Setup and the interface should be reachable and test that the SBC is getting registered with the EMS after a boot up. Platform/Feature: SBC | Avoid the cloud-init failure by removing the obj.pkl file in the LCAThe code is modified so the SBC configures the VLAN from the VF to the F correctly. Workaround: Remove the /var/lib/cloud/instance/obj.pkl file manually and reboot the system.N/A |