Issue ID | Sev | Problem Description | Resolution |
---|
SBX-86193 | 2 | The D-SBC DFE module, which controls connections to the MSBC/TSBC, continues to read memory after being freed. This issue was found from ASAN testing in the lab. Root Cause: This issue was due to not stopping a timer correctly after a link to MSBC/TSBC went down whereby the timer later expired it causing the timer handler to read the freed memory. Although the memory was being read, it was first being used to check that the memory block was associated with the timer by looking at the timerID field in the memory block. If the block did not match then nothing more was read. If the block did match, then the code should have stopped doing any further processing as all the associated calls would have already been cleared up. This issue is only seen for an edge case scenario where the timerID part of memory is not updated, but other fields are updated. Impact: The D-SBC DFE module continues to read memory after being freed. Steps to Replicate: Run the NWDL SVT automation suite on ASAN images. Platform/Feature: SBC | The code is modified to stop the timer when the gateway control block in DFE is freed so the timer does not expire and try to access the freed memory. |
SBX-86684 | 1 | The SCM Process cores when making a REFER call where more than two SCMs are present in an I-SBC configuration. When the scenario occurs, the SBC does not recognize the N:1 Slot and will not pick the changes. Impact: SCM Process cores Root Cause: When N:1 changes came, Refer code is not modified to pick the changes of N:1 slot ID. Steps to Replicate: Execute a Refer call and ensure that call lands on SCM greater than 2 (because coredump will not occur if call lands on SCM0 or SCM1). Platform/Feature: SBC | The code is modified to pick N:1 changes for slot ID. |
SBX-86480 | 2 | The SCM may core due to memory corruption caused by processing Global PCDR Info received from the Policy Server. Impact: Repeated SCM cores. Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | The code is modified to free previously allocated Global PCDR Info structure before allocating to a new one. |
SBX-86180 | 2 | During the write process to create a new policy status reporting file, the correct read privileges were not present to allow the successful completion of the status reporting session. Impact: The status reporting process wrongly reports a sync in progress. Root Cause: /home/oraadmin/SSDB/PolicyDBSyncStatus is getting removed by logrotate. When the new file was created by write process, it did not have the correct privs to be read by status reporting session, so the status reporting process wrongly reported sync in progress. Steps to Replicate: N/A Platform/Feature: SBC: Application | The code is fixed to resolve this issue. |
SBX-86667 / SBX-86468 | 2 | Portfix SBX-86468: When the "Registration Expires in Expire Header" flag is enabled in the surrogate registration on Ingress TG IPSP, the de-registration is sent before the registration can refresh, which results in a call failure. (Originated in release 6.2.3F2) Impact: The SBC is not picking the correct expiration value resulting in a long refresh timer (more than expired value); de-registration is sent before the registration refresh. Root Cause: TheSBC is not picking the correct expiration value that results in along refresh timer (more than the expire value), and de-registration is sent before registration refresh. Steps to Replicate: N/A Platform/Feature: SBC | The code is modified to pick up the correct expiration value from response PDU if "Registration Expires in Expire Header" flag is enabled for surrogate registration. |
SBX-86999 | 1 | The SBC added a REFER method in the Allow header when the condIncMethInAllowHdr was enabled, though REFER is set to Reject in TG methods instead of Allow Only. Impact: N/A Root Cause: N/A Steps to Replicate: - Run a SIP->SIP call with default settings. REFER was included in the Allow header in the outbound INVITE.
- Set the refer to "reject" under the egress trunk group->signaling -> methods -> refer. Now in the Allow header of the outbound INVITE, REFER was not included. This works as expected.
- Set flag condIncMethInAllowHdr under the egress trunk group->signaling to "enabled". Now in the Allow header of the outbound INVITE, REFER was included. This shows that this flag changed the behavior.
Platform/Feature: SBC | REFER is set to Allow only if it is not rejected in the TG methods. |
SBX-85144 / SBX 72693 | 2 | PortFix SBX 72693: FPGA failures are observed on DSP cards. (Originated in release 8.0.0) Impact: Communication lost between the CPU on the SBC and FPGA on the DSP card. Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC: DSP | A server reboot is initiated to restore communication. |
SBX-86493 | 3 | SBC adds "Max-Forwards: 71" header into SIP responses in violation of RFC3261 section 20 Impact: After receiving the error message with Max-Forwards header, End User may report for Invalid message as it deviate from RFC3261 response message header inclusion. Root Cause: When the SBC does not find the route information when adding the Max-Forwards header for an incoming call, the SBC rejects the call. Steps to Replicate: N/A Platform/Feature: SBC | Avoid Max-Forwards header addition while forming the SIP response. |
SBX-86523 | 1 | When the PCRF is enabled, a SCM may core on switchover. Impact: N/A Root Cause: The function SipSgReconstructParentRcb() allocates a structure (pcrfInfo), but leaves it empty if sbyRdbPtr->diamRxHandle is 0. One of the fields in this structure is a list pcrfGCIDList, and this list is left uninitialized if sbyRdbPtr->diamRxHandle is 0. Later, SipSgIncomingCallNfy() attempts to insert something in this uninitialized list causing a core. Steps to Replicate: N/A Platform/Feature: SBC | The code is modified to prevent the PCRF related SCM core on a switchover. |
SBX-86246 | 2 | The SBC reads the end of a memory block while processing DTLS signaling.This issue was found while running ASAN regression in the SVT lab. Impact: This can result in invalid accessing of memory. This can potentially lead to coredumps if the memory block is at the end of the process memory as it will then try to access invalid memory. Root Cause: The code was processing the fingerPrint information associated with DTLS calls and was reading of the end of the memory block because it was not correctly null terminated. Steps to Replicate: Execute the SVT STIR/SHAKEN-related test suite to reproduce this issue. Platform/Feature: SBC | The code is modified to prevent the additional CR and LF (0x0d, 0x0a) characters at the end of an ISUP MIME body. |
SBX-68858 | 2 | The SBC CDR 'GMT' timestamps are skipping forward and backward in some call scenarios. Impact: This issues causes incorrect call start/stop/duration timestamps in the CDRs. Root Cause: N/A Steps to Replicate: - Execute command: set system ntp timeZone pjk zone gmtPlus02-Athens
- Execute: sbxstop
- Set time on the NTP server to before the daylight saving time: date -s "2018-03-25 UTC 00:40:00".
- Execute: sbxstart, and make sure the SBC gets in sync with the NTP server.
- Start some call load to monitor the timestamps in the CDRs.
- Wait until 7:00 local time to see both CDR timestamp jump.
Platform/Feature: SBC: CDR | The code is modified to calculate the correct timestamps when daylight savings time begins and ends. |
SBX-87456 | 1 | CRLF in 7K mime causes fGenband SST to send extra hex data at bottom of ACM A TDM customer places a call that is routed via CS2k/C20 Genband switch through a Sonus SBC. Impact: If the call hits an SBC 7000, the SIP-T ACM passed back to the CS2K/SST has a length indicator in the SDP that is not present when the call hits a SBC 9000. Root Cause: Extra CR, LF (0x0d, 0x0a) characters are added at the end of an ISUP MIME body immediately before the correct CR, LF is associated with the boundary line. Steps to Replicate: N/A Platform/Feature: SBC: SIP | The code is modified so that extra CR, LF (0x0d, 0x0a) characters are no longer added at the end of an ISUP MIME body.
|
SBX-63571 | 2 | "Call/Registration Data" stays in syncInProgress after the B node performs a LSWU. Impact: The Active SBC may fail to synchronize ("Call/Registration Data" remains in syncInProgress) after an LSWU upgrade of the Standby SBC when using an IpPeer pathCheck profile. Root Cause: N/A Steps to Replicate: Test setup:LSWU from v5.1.2R0 to v5.1.2R2 - Create a pathCheck profile
- Create 100+ ipPeers with IPv4 ipAddress and ipPort
- Make sure the ipAddress / ipPort does NOT respond to the OPTIONS ping
- Assign pathCheck profile to the 100+ ipPeers
- State enable the 100+ ipPeers pathCheck profile
- Verify that the 100+ ipPeers have been blacklisted.
- Assign the 100+ ipPeers pathCheck profile hostName and hostPort
- Start LSWU of the Standby CE to v5.1.2R2
- Wait for LSWU of Standby CE to complete.
- Verify that the Synchronization Status for 'Call/Registration Data' remains in 'SyncInProgress' forever.
- Verify the following error message exists in the SYS log:
"MAJOR .RTM: .RTM .PsObjectFactoryManager: Failed to find object's prototype while operating on object ID 154415 (0x25b2f)"
Platform/Feature: SBC: Application | The RTM process is updated to handle pathCheck messages that may occur during LSWU.
|
SBX-87340 | 2 | The DNS NAPTR transport is not used during surrogate Authentication REGISTRATION attempt. The Transport is not correctly set while the SBC is sending an Authorization request. Impact: The subsequent Registration attempt fails as the SBC is changing the TCP port from a normal TCP port 47xxx to 5060 after it got challenged. Root Cause: The SBC sends no NAPTR only SRV followed by A query and Surrogate registration successful. Steps to Replicate: - Set FQDN port to "0".
- Set Transport type in IPSP to "none"
- Enable noPortNumber5060 flag in IPSP.
Platform/Feature: SBC | The code is modified to set a correct transport type while sending an Authorization request. |
SBX-87641 | 3 | When copying a SIP Adaptor Profile in the EMA using the "Copy SIP Adaptor Profile" option, and the "advancedSMM" flag is enabled on the original SIP Adaptor Profile, the flag is not copied over once the new profile is saved (the flag stays disabled). Impact: Once the new profile is saved, the advancedSMM flag does not get saved and stays disabled. Root Cause: The value of the advance SMM for a 'copy SMM' operation is not fetched in backend. Steps to Replicate: - Create a sip adaptor profile with enabling the “advanced SMM flag”
- Save the profile
- Copy the same profile using “copy sip adaptor button”
- Save with different name.
Platform/Feature: SBC | The code is modified to copy the flag state to the new profile. |
SBX-87684 / SBX-73424 | 2 | Portfix: SBX-73424: The CDR field 8 in START and STOP records always shows zero, even if there is a delay in the PSX response (Originated in release 6.2.4). Impact: N/A Root Cause: The setup message time and the PSX response time are getting set to the same value, and thus the delta always results in zero. Steps to Replicate: - Make continuous LI calls before starting the upgrade in the base build (i.e 7.2.1R000).
- Spawn OAM nodes - the time taken by the OAM nodes to come up and get registered on EMS was less than 5 mins.
- Upgrade M-SBC standby 8.0.0A20_84 using stack delete and create procedure.
Result: The SmProcess dumped core in the upgraded build in M-SBC standby. - Once the SBC is up and in sync, upgrade the M-SBC active to 8.0.0A20_84 using stack delete and stack create method.
Result: The M-SBC standby takes over as new active and running successfully, but LI interception fails.No calls are getting intercepted. - Upgrade the primary SBC to 8.0.0A20 build.
Result: SmProcess core dump occurs.
The same is observed while upgrading S-SBCs. Platform/Feature: SBC: CDR | The code is modified to correctly calculate the delta for the setup message time and the PSX response time. |
SBX-87190 / SBX-86748 | 1 | Portfix SBX-86748: The fragment timeout logic is decrementing the wrong interface's current in-use count. This problem only impacts hardware SBCs. (Originated in release 7.2.1) Impact: If the PSX responses are large and the IP packets are fragmented, the SBC may retry multiple times due to reassembly failures resulting in packet drops. Root Cause: The SBC's ability to handle defragmented packets will deteriorate. The NO DEFRAG MATCH count in "show table system networkProcessorStatistics defragStatistics" increments rapidly. Steps to Replicate: N/A Platform/Feature: SBC 5xx0, 7000 | Fixed the fragment timeout logic that was decrementing the wrong interface's current in-use count. This problem only impacts the SBC hardware. |
SBX-86239 | 2 | The CDR connection timeouts greater than 127 seconds are not honored, as the TCP sessions times out after 127 seconds. Impact: N/A Root Cause: The TCP session times out in 127 seconds. Steps to Replicate: N/A Platform/Feature: SBC | Changed the range for the connection timeout to a range of 15 to 120 seconds. |
SBX-87708 / SBX-87448 | 1 | Portfix SBX-87448: In the AWS SBC, SSH keys stored in CONFD database are lost during the upgrade to 07.xx.xx. (Originated in release 7.2.0) Impact: Any SSH key stored in the CONFD database is lost during the upgrade. Root Cause:In AWS deployment where the volume replacement-based upgrades are used, the standby undergoing upgrade is not requesting CONFD.conf keys from older active SBCs. Steps to Replicate: - Perform LSWU from 7.0S407 to 7.2S400
- Call load of 700 sessions @7cps is running
- Trigger a switchover
Observation: - Calls are running fine.
- Switchover is successful but observing errors in DBG file.
Platform/Feature: SBC | The issue is resolved by ensuring that the standby being upgraded requests the confd.conf keys from the active before proceeding with the upgrade. |
SBX-87944 | 2 | SBC is not processing the 200 OK. Impact: N/A Root Cause: Blind transfer call fails due to DLRBT. The internal tone flag on leg B was not reset properly, as a result of leg C failing to the cancel tone. Steps to Replicate: N/A Platform/Feature: SBC | The code is modified to reset the tone flag when B is connected. |
SBX-88003 | 1 | When the End to End PRACK is enabled and if call fails after sending 18x to Ingress before receiving PRACK or if any PRACK drops happens; there may be a memory leak. Impact: N/A Root Cause: When End to End PRACK is enabled, just after receiving 18x; memory will be allocated for storing reliable data. And this will be cleared when PRACK is sent out. But If there is PRACK drop (It happened as Call is simulated with SIPP scripts and it is closed abruptly) there is chance of memory leak. Steps to Replicate: Run Call with reliable 18x messages and Enable End-To-End PRACK flag in IPSP. Close scripts just after sending 18x out or don't send PRACK from INGRESS. Platform/Feature: SBC: SIP | The code is modified to release the memory while clearing call details for a call failure. |
SBX-85894 | 2 | IPTABLES rules are incorrect on the SBC SWe after an upgrade where non-default addresses are configured for HA ports. Impact: This may prevent the HA peers from communicating when one of the configured HA IP addresses is the same as the default address, but the other peer is not. Root Cause: IPTABLES rules are incorrect on the SBC SWe after an upgrade in the case where non-default addresses were configured for HA ports. Steps to Replicate: N/A Platform/Feature: SBC SWe | The code is modified to flush the IPTABLES rules before adding the rules for the configured HA addresses. |
SBX-87911 / SBX-87768 | 1 | Portfix SBX-87768: Standby links are down after upgrading to 7.2. This issue occurred as routers respond to ARP probe request sent by the SBC with a GARP request and target MAC in that ARP request is set to a broadcast MAC. The SBC expects the target MAC in ARP response sent by router to contain the MAC address of the SBC port from which request was sent. (Originated in release 7.2.1 Impact: Standby links are down. Root Cause: The SBC is not treating the ARP probe request as a valid response which resulted in the SBC reporting standby links as DOWN. Steps to Replicate: N/A Platform/Feature: SBC | The issue is fixed by comparing the target IP address received in a ARP response to the destination IP configured in Link Monitor when target MAC comparison fails. In a GARP request/response, the target IP is be set to the IP of the router sending these packets. This change results in considering the GARP request sent by the router as valid response and reports link status correctly. |
SBX-88061 / SBX-87404 | 3 | Portfix SBX-87404: When the SBC compare SDP online only and the peer answers with a 200 OK with SDP (where sessId and sessVer are zero), the SBC incorrectly sends a reInvite out before sending the acknowledgement. (Originated in release 6.2.4) Impact: This issue may trigger an unnecessary reInvite. Root Cause: SIPS fails to save the peer SDP when online validation only and both online and offline validation sessId and verId are zero in 200 OK. Steps to Replicate: Platform/Feature: SBC | The code is modified to change the order of validating profile to ensure it returns correctly. |
SBX-88168 / SBX-87615 | 2 | Portfix SBX-87615: After the announcement script is completed, the CC validates this as a multiparty call and transfer script and notifies ingress to connect the call. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | After ann script is completed, the CC instructs the ingress to connect the call. |
SBX-87828 / SBX-86930 | 2 | Portfix SBX-86930: e2e prack is not working if require header is present and no 100rel. (Originated in release 6.2.4) Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | If 100rel not in require header, it is validated in supported. |
SBX-87826 / SBX-86099 | 2 | Portfix SBX-86099: Minimize the logic suppressing the Update. (Originated in release 6.2.4) Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | The code is modified to send for the Update regardless of if the Minimize flag is set to ON. |
SBX-86080 | 3 | When multiple DM Nat tables are configured, calls which should have been sent to Direct Media are being media anchored through the SBC. Impact: N/A Root Cause: DM Nat table entries are not getting properly created and entries are getting added to wrong tables - this is leading to Direct Media not working for entries configured in DM NAT table. Steps to Replicate: N/A Platform/Feature: SBC | The code is modified to create the entries correctly. |
SBX-87824 / SBX-86068 | 3 | Portfix SBX-86068: reInvite after an authentication call is missing logic to copy the SMM scope variable data into a new message. (Originated in release 6.2.4) Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC
| Copied the SMM scope variable to new message so the SMM can apply the new logic. |
SBX-88070 | 1 | In case a call to sonusPeerUpload.expect is made and if the peer goes down then, there may be a waittime for the SCP connection, resulting in the application healthcheck timing out after 10 seconds, which causes the application to crash. Impact: N/A Root Cause: The scp operation may get stalled if standby goes down while scp was in progress resulting in health check timeout in application in turn causing a crash suspecting deadlock. Steps to Replicate: N/A Platform/Feature: SBC
| The SCP used times out in sonusPeerUpload.expect script to ensure that the wait time for the SCP connection to establish is no longer than 2 seconds. |
SBX-88036 | 1 | Because of the Anonymize flag, the host name will get updated with Egress SIP Sig port in an outgoing PAI header. When the Source host name size (SIP Sig IP) is bigger than destination, the host name size (an existing host name in PAI received on INGRESS) issue will appear. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC
| The code is modified to reallocate memory before updating a host name value. |
SBX-86920 / SBX-86236 | 3 | Porfix SBX-86236: The SWe TPAD channel modify code had a bug that had a response sent to a different entity on the host (SWEA instead of DDH) and that resulted in DDH major log event. (Originated in release 8.0.0) Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC: DSP | The code is modified to correct the behavior. |
SBX-88625 | 2 | Shadow file copy is available to admin user after an upgrade. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC
| The code is modified to remove the pre-upgrade shadow file saved during an upgrade. |
SBX-88541 | 2 | The SBC ignored the ACK and failed to relay it to the INGRESS peer. As a result, after 10 seconds, the OA-FSM timer expired on the egress call leg and the call was torn down. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC
| The code is modified so that the ACK can be relayed to the other call leg and the call can stay up. |
SBX-87325 | 3 | The Scm Process may core dump while trying to double free the memory associated with the username of registration of the AOR. Impact: N/A Root Cause: The previous register AOR block was freed, however the username field was not set to NULL and subsequent re-registration or refresh comes in and reuses the heap memory that was freed for the previous registration. When we try to free our current registration block, double free is detected and hence we core. Steps to Replicate: The problem is not reproducible. Platform/Feature: SBC | Perform a Defensive check for stEndpointAOR.puchUserName and to set the value to NULL after its freed to avoid double free. |
SBX-88610 | 2 | Possible memory leak when the parameter rewriteIdentities is enabled on a SIP trunk group. Impact: N/A Root Cause: If a SIP trunk group has the feature "rewriteIdentities" enabled, there is an edge case in which memory which was allocated for temporary storage of a toHeader is never freed. Steps to Replicate: N/A Platform/Feature: SBC
| The code is modified so that in all scenarios, memory is freed, which is allocated for temporary storage of toHeader. |
SBX-87261 | 2 | When a E2E PRACK is disabled and PRACK is received from the caller with preconditions, the SBC does not relay the precondition changes to the callee. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | The SBC sends an UPDATE towards egress to relay the preconditions to the callee. |
SBX-88132 | 1 | NAPT learning is broken if the following events occur: RTP and RTCP NAPT learning are enabled when call comes up No packets are received within 1.5 seconds RTCP packet is received RTP packet is received
In this scenario, the source IP address and RTCP port learn from the received RTCP packet, but any subsequent RTP packets (from same source IP address) are not learned. So, the RTP port is never learned. Impact: N/A Root Cause: This problem occurs because we checked in some NP code changes that basically added NATL support to learn source IP address from RTCP packet (which we never supported before), but we didn’t check in the necessary XRM changes to support this feature. Our thinking at the time was that the NP changes were backward-compatible with the existing XRM code, and thus the new NP RTCP NATL learning functionality would not be executed; the NP would continue to operate as before (RTCP packets received before NATL learning from RTP packet had occurred would be discarded). In 8.0 we implemented the XRM/application changes that, coupled with the previously checked in NP changes, fully support RTCP NATL learning. Steps to Replicate: N/A Platform/Feature: SBC | The code is modified to add a NATL support to learn source IP address from an RTCP packet. |
SBX-88652 | 2 | When an Audio transcode is possible and below the line index is zero, all non-core streams are being removed even when multipleAudioStreamsSupport is enabled. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC: Media Resource Management | The code is modified by skipping the audio transcode for AUDIO/IMAGE streams under the multipleAudioStreamsSupport flag. |
SBX-88715 | 2 | The SBC was reading the end of a memory block while trying to play an announcement, due to pre-conditions interworking happening on the ingress call leg. Impact: N/A Root Cause: The code was passed in a memory block which contained the name of an announcement and was copying the name into a fixed size memory buffer. The code was always copying a fixed amount of memory. However the name of the announcement was less than the fixed amount being copied so the code was reading more than the allocated space. If the memory block passed in was right at the edge of process memory then its possible this might cause a memory exception and coredump. Steps to Replicate: This was found while running SVT pre-conditions test suite. Platform/Feature: SBC | The code is modified to not copy more memory than required to hold the name of the announcement, to avoid reading invalid memory. |
SBX-88596 / SBX-85335 | 2 | Portfix SBX-85335: The SBC replaces custom EMA SSL certificate with a self-signed certificate during an upgrade. (Originated in release 8.1.0). Impact: N/A Root Cause: User installed certificates were not being restored after upgrade and were getting replaced by default EMA certificates. Also, SSLVerifyClient was not being restored to its configured value after upgrade. Steps to Replicate: To verify restoration of SSLVerifyClient: 1. Setup and verify mutual authentication for EMA 2. Verify value of SSLVerifyClient ("required" when clientAuthMethod set to pkiCertOnly; "optional" when clientAuthMethod set to usernamePassworkOrPkiCert) 3. Perform upgrade and verify that the value of SSLVerifyClient remains the same as configured Platform/Feature: SBC: EMA | While restoring certificates (server certificate and client CA certificate for EMA TLS Profile) from the CDB to the cache, they now restore to /opt/sonus/ema/apache/. |
SBX-88386 | 1 | A second REFER comes in too fast when the previous referer has not completed the teardown. It sets the teardown in an invalid state. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | Sending of ACK is delayed until the previous referer tears down. The subsequent REFER is accepted by the SBC. |
SBX-88553 | 2 | The logical implementation for the flag CondIncMethInAllow is incorrect. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | New logic is added to rework the CondIncMethInAllow flag. |
SBX-88327 | 2 | Standby logs (/var/log/messages and syslog and user.log) are flooded with CpsShmAttach event log messages. Impact: N/A Root Cause: CpsShmAttach() is being incorrectly being call by the standby for every SIP Registration. The only negative consequence of this is that a log message with the following text is logged for every registration: "CpsShmAttach: Attached to shared memory" Steps to Replicate: N/A Platform/Feature: SBC | The standby code is modified to no longer call CpsShmAttach() unnecessarily. |
SBX-88755 / SBX-72165 | 3 | Portfix SBX-72165: The mandatory users (admin, guest, operator) in the SNMP users table are user removable. If removed, the SNMP commands may fail. (Originated in release 6.2.4). Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC: CLI, EMA | Validation is added to ensure the mandatory users admin, guest, and operator are not removable. |
SBX-88768 / SBX-88548 | 3 | Portfix SBX-88548: For a non-SIP to SIP call, the transparency/relay flags are still in effect. (Originated in release 6.2.4) Impact: N/A Root Cause: Resolved: Change the logic to disable/ignore all transparancy/relay flags if it is not end to end SIP call. Steps to Replicate: N/A Platform/Feature: SBC: SIP Applications | The code is modified to disable/ignore all transparency/relay flags for call flows that are not end-to-end SIP calls. |
SBX-88325 | 2 | If a user enables/disables the audit system (auditd + kernel's audit system), the existing CLI command "set oam eventLog platformAuditLogs state <enabled/disabled>" will be used. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | The code is modified to: - change the default state of the platformAuditLogs to enabled Stop audit system (auditd + Kernel audit system) for stopping auditd,
- disable the audit system when platformAuditLogs's state is disabled and persists on restart.
|
SBX-88925 | 2 | Software editions of the SBC use uninitialized values during the SmProcess startup. Impact: N/A Root Cause: Coding error. Steps to Replicate: Use valgrind on SmProcess at startup to find use of uninitialised values. Platform/Feature: SBC | The code is modified to initialize values on software editions. |
SBX-89048 | 1 | The SBC is not able to send 200OK to the Ingress due to tone playing and a "Send Update SDP in 200OK" flag. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | Fixed the logical error so the SBC can send 200OK out. |
SBX-89200 | 3 | e2e PRACK is not working if the required header is present and 100rel is not. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | Changed the logic to accommodate if 100rel is not in the required header, it is validated in supported header. |
SBX-89320 / SBX-88882 | 2 | Portfix SBX-88882: A 200 OK INVITE received immediately after a UPDATE/200 OK gets stuck and the call fails. (Originated in release 7.2.1) Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | The code is modified to avoid using a tone swap when a 200 OK INVITE is received immediately after a UPDATE/200 OK. |
SBX-89288 / SBX-88220 | 2 | Portfix SBX-88220: SBC system configuration: sysctl variables, hardening. (Originated in release 8.1.0) Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | Implemented security hardening measures to load the Yama security module at startup to block non-child tracing by ptrace. |
SBX-88665 | 1 | NAPT not learning due to a delay in media being received. NAPT is learning for 1sec for a re-INVITE and after the learning, the previously learned address is returned to NRMA (which does not work for end changes). Impact: N/A Root Cause: NAPT not being learnt due to delay in media being received. NAPT is learnt for 1sec only for a re-INVITE and after that the previously learned address is returned to NRMA ( which doesn't work in this case as far end changes it's IP:PORT ). Steps to Replicate: For re-INVITE send media after 1/2 seconds and see that napt learning is restarted after timer expiry. Platform/Feature: SBC | The code is modified to restart NAPT learning again after a timeout for re-INVITE. |
SBX-89284 / SBX-89202 | 1 | Portfix SBX-89202: When ISUP/QSIG message body is present in the OOD requests, the SCM coredump occurs since the hSipCallHandle will not be present. (Originated in release 8.1.0) Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | Added a Null check for hSipCallHandle. |
SBX-88974 | 2 | An OOD MESSAGE Request with the same CSeq and different from tag for a challenged request will be rejected with an 482 Loop Detected. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | OOD MESSAGE Request with same CSeq and different from tag for a challenged request is processed automatically. |
SBX-89336 / SBX-88221 | 2 | Portfix SBX-88221: High auditd activity is causing disk issues and registration failures on the SWe. (Originated in release 6.2.4) Impact: N/A Root Cause: High activity of auditd was mainly caused due to flooding of MAC_IPSEC_EVENT messages in /var/log/audit/audit.log Steps to Replicate: 1. run ipsec.sh script 2. Simultaneously, on another session, try "mpstat -P ALL 1", verify that high values of %iowait are not found 3. If high activity of auditd is still causing issues, auditing can be stopped using "set oam eventLog platformAuditLogs state disabled" 4. After disabling auditd, verify that auditd has been disabled, using "auditctl -s" and "systemctl status auditd" 5. Also verify that audit messages are not being logged in /var/log/audit/audit.log and /var/log/messages Platform/Feature: SBC
| Added an audit rule to exclude MAC_IPSEC_EVENT messages from being logged by the auditd. |
SBX-88989 | 1 | R-URI userpart is incorrect when the ToHeader Transparency is on and with registration. Impact: N/A Root Cause: Logical error. Steps to Replicate: N/A Platform/Feature: SBC
| The R-URI is based on contact received from an IAD registered end point. |
SBX-89302 | 2 | Application can fail to start if the name chosen for the SBC ends with "net". Impact: N/A Root Cause: In implicit registration case, SBC fails to unsubscribes with PCRF during De-Registration and that results in PCRF keep on sending notifications to SBC even after De-registration and that result in coredump(Because SBC tried to access Registration Control Block which is given by callback function which does not exist) Steps to Replicate: N/A Platform/Feature: SBC
| The code is modified to handle the SBC names ending with "net". |
SBX-88743 | 1 | The SCM Process cores when receiving notifications from the PCRF, which does not exist on the Registration Control Block. Impact: N/A Root Cause: In implicit registration case, SBC fails to unsubscribes with PCRF during De-Registration and that results in PCRF keep on sending notifications to SBC even after De-registration and that result in coredump(Because SBC tried to access Registration Control Block which is given by callback function which does not exist) Steps to Replicate: 1. Enable Rx feature and signallingPath flag on access TG 2. Run implicit Registration 3. Send De-Register request
Platform/Feature: SBC | The code is modified to terminate the RX session on receiving De-Registration, so that the PCRF does not send any notifications to the SBC. A fix is added to handle notifications received from the PCRF that the Registration Control Block does not exit. |
SBX-90034 / SBX-74470 | 2 | Portfix SBX-74470: SIP (LM) -> GW call (x-fer on this side) - call is torn down. (Originated in release 6.2.4) Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC: Gw-Gw, Media Resource Management
| The code is modified to define a new NRMA state, for conditional assignment of the state, and faking the answer when required, to avoid the timer expiry. |
SBX-89983 / SBX-89981 | 3 | Portfix SBX-89981: Contact Transparency issue(HTP) for a Late Media Invite is not working as expected when excluded methods are configured. (Originated in release 8.1.0) Impact: N/A Root Cause: When Excluded methods is configured and Late Media INVITE is received, we are checking the transparancy bits for Contact before actually calling the CopyTransparancyContent where transparancy bits are actually set. Steps to Replicate: Enable Contact transparency with HTP and exclude methods as below and execute call flow as mentioned in description. Platform/Feature: SBC
| Added a fix for calling the parameters SipSgCheckAndSetContactHeaderTrasparency after SipSgCopyTransparencyContent . |
SBX-90044 / SBX-75969 | 2 | Portfix SBX-87984: RCA: web server leaks a private IP address through its HTTP headers. The web server will expose internal IP addresses that are usually hidden or masked behind a Network Address Translation (NAT) Firewall or proxy server. (Originated in release 8.0.0). Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC: EMA, Security
| The header is edited before sending the response from Apache 2 server. |
SBX-86689 | 3 | A change in the return code for Platform REST API calls for passwords mismatch. Impact: N/A Root Cause: In case of password mismatch, Platform REST API was returning status code 200 with error message. Which is not correct for authentication. Steps to Replicate: Login into platform manager with wrong password, response should come with 401 status code and error message. Platform/Feature: SBC | To fix this issue, set the status code to 401 for authentication. |
SBX-86586 | 2 | SIPSG_GET_DMINFO_RPY_MSG is not sent when the DM Info is not sent. The SCM lookup times out after 1 second and the 200 OK is released after 1 second. Impact: N/A Root Cause: It is the day one behavior of Direct Media Anti-trombone feature. Steps to Replicate: N/A Platform/Feature: SBC | SIPSG_GET_DMINFO_RPY_MSG is sent irrespective of whether the DM Info is present or not. |
SBX-89377 | 2 | When the Enhanced Dynamic black list feature is configured for a Receipt of message event type, the ScmProcess leaks memory. Impact: N/A Root Cause: When Enhanced Dynamic black list feature is configured for Receipt of message, ScmProcess allocates memory for ICM message but do not free the memory. Steps to Replicate: Execute the DM Anti-trombone call flow so that two calls hits different SCM's. Platform/Feature: SBC | The code is modified to ensure the ScmProcess frees the memory allocated for the ICM Message carrying the Dynamic black list feature data. |
SBX-90088 | 2 | Subscription information is lost on an SBC switchover in a particular direction. The NOTIFY request is rejected with a 489 Bad Event message after a double switchover. Impact: N/A Root Cause: Ingress and Egress transparancy profile *present* bits was not set in Relay CB because of which they are not getting mirrored during second switchover. Steps to Replicate: 1. Register and Subscribe from Active Machine. 2. Do a switchover so that Standby machine becomes active. 3. Do a switchover again so that Active machine becomes active again. 4. Now send Notify from core. Platform/Feature: SBC
| The code is modified to allow a successful double switchover. |
SBX-90128 / SBX-88996 | 3 | Portfix SBX-88996: As, the single character search is an exhaustive search operation which would in turn consume more time and space , the browser witnesses Timeout Exception due to which the blank screen is rendered to the user. (Originated in release 6.2.4). Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC: EMA | The code is modified to avoid and disallow single character search by rendering an appropriate error message to the user if the input does not match the criteria entered. |
SBX-90204 / SBX-90195 | 3 | Portfix SBX-90195: A transport parameter is transparently sent when the Request-URI transparency is enabled for all messages. (Originated in release 8.1.0). Impact: N/A Root Cause: As prat of transparency support for Request URI, this parameter was transparently sent which shouldn't be sent. Steps to Replicate: 1. Enable transparency for Request URI. 2. Make a TLS-UDP or TCP-UDP call with transport parameter in Request URI. 3. Transport parameter will sent transparently though the call is UDP in egress leg. Platform/Feature: SBC | The code is modified to remove the transport parameter in a request URI when request URI transparency is enabled. |
SBX-90042 / SBX-76393 | 3 | Portfix SBX-76393: The CPX process was timing out when requests were made for specific rows in an interval statistics table, only used to populate the statistics tar file. (Originated in release 6.2.4). Impact: N/A Root Cause: Interval statistics tables that are used only to populate the statistics tar file do not support requests for individual rows, and those requests time out. Steps to Replicate: N/A Platform/Feature: SBC: confd | The code is modified to return a request immediately with no data. |
SBX-89877 | 1 | For registration, the 200OK has the service-route, and the flag Stored service route enabled. If the Server sends multiple notifications without a record-route before the Subscribe is stable, the SBC may core due to duplicated freed memory. Impact: N/A Root Cause: SBC may core due to duplicated memory free. Steps to Replicate: Test: ~stran/sipp/sippc_89788.xml and sipps_89788.xml Platform/Feature: SBC | The code is modified to correctly initiate a NULL pointer after the memory is freed. |
SBX-88048 / SBX-87321 | 1 | Portfix SBX-87321: Sip Parser has predefined method length restriction set to 128 and a negative test case in Codenomicon test suite with a method including more than 128 characters is resulting in a coredump. (Originated in release 8.0.0). Impact: N/A Root Cause: 1)When ever CSEQ method name comes beyond 127 character size and SMM profile is applied, SBC taking box down as it is missing boundary condition 2)When From Tag is missing in Dialog scope variable data, SBC taking box down as it is missing NULL check Steps to Replicate: N/A Platform/Feature: SBC | Added software checks to enforce upper limit as well as NULL termination |
SBX-92225 / SBX-75715 | 2 | Portfix SBX-75715: The SCM reports a deadlock when multiple set operations are committed. The feature previously worked in earlier releases and does not work in 7.x releases. (Originated in release 8.0.0). Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC: CLI | A check is added in the CPX to limit the maximum number of trunkGroups set per commit to 2 to avoid a SCM process core dump due to a healthcheck timeout. |
SBX-88129 | 2 | Registrations with a syntax error cause an incorrect REG counter. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | The code is modified to update the TRM and SIPFE correctly. |
SBX-89592 / SBX-89220 | 2 | Portfix SBX-89220: The 200 OK is not being sent for call HOLD when the sdpAttributeRelay is enabled on the Trunk Group. (Originated in release 8.1.0). Impact: N/A Root Cause: Setting this flag SIP_SDP_CTRL_IS_CHANGED_SDP and properly not resetting it is causing the issue Steps to Replicate: Run a Audio Video call and UAS sends the answer with Audio and Video(Stream disabled). Send the hold invite with change in datapath mode, 200 OK for this is not being sent. Platform/Feature: SBC | The code is modified to reset the flag SIP_SDP_CTRL_IS_CHANGED_SDP when there is change in the Session Attributes. |
SBX-88253 | 3 | The PSX Name field is not being populated in CDR's. Impact: N/A Root Cause: Code was missing to handle the PSX name and copy to CDR's Steps to Replicate: N/A Platform/Feature: SBC | The code is modified to include the PSX name in the CDRs. |
SBX-90250 | 1 | When "show status addressContext <addressContext_name> ipsec ipsecSaStatistics" and "show status addressContext <addressContext_name> ipsec ipsecSaStatus" commands are run and the IPSec is configured, the IKE Process will leak memory. Impact: N/A Root Cause: Memory leak occurs because of double allocation of key and value buffers which hold IKE statistics. Steps to Replicate: Configure IP SEC AKA on SBC. Run valgrind. show status addressContext <addressContext_name> ipsec ipsecSaStatistics. show status addressContext <addressContext_name> ipsec ipsecSaStatus Make sure AKA is configured and working correctly. Check valgrind output. Certain blocks of size 664 and 16 will be shown. Platform/Feature: SBC: IPSec, SIP | The code is modified to ensure buffers are allocated once when generating the IPSec IKE statistics. |
SBX-90364 | 1 | [SMM] The Scm process core dumped while modifying the URI scheme. Since the stHdrString is not MemZero and when we try to free the memory which is junk, coredump occurs. Impact: N/A Root Cause: The core dump was observed as memory of few structures were not memzero. Steps to Replicate: N/A Platform/Feature: SBC: Application | The code is modified to add a MemZero to the structures. |
SBX-90510 | 2 | The call setup time under the currentCallStatistics output was not calculated correctly. Impact: N/A Root Cause: The code was incorrectly managing the cumulative total for this field and dividing it by 100. Steps to Replicate: Make multiple calls with a delay between sending INVITE and receiving 18x message and check the call setup time is correct. Platform/Feature: SBC | The code is modified to simply keep a total of the number of ticks. For example, 100ths of a second for each call. |
SBX-89996 | 3 | In old scenario, using ':' for separation between attribute name and value. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | Code was added to read the file properly if instead of ':', the file uses double quotes (") as a separator. |
SBX-90393 | 1 | When the saveCallFlows is enabled, and only Out of Dialog Messages are received, a memory leak occurs. Impact: N/A Root Cause: Packets without a GCID associated with them are stored in a queue until a packet is sent or received with a GCID Steps to Replicate: N/A Platform/Feature: SBC | When the queue of packets exceeds the saveRecentCallFlowsInMemory maxMemoryUsage , the oldest entries are purged. |
SBX-90180 | 1 | When the SIPT library was returning a DISCARD_MSG event to SIPSG while trying to send out a message, it results in the call being released if the MIME disposition was required. Impact: N/A Root Cause: If the SIPT library returns DISCARD_MSG there is no need to release the call. Steps to Replicate: Make a SIPT to SIPT call where the ingress revision is spirou and the egress revision is itut92+ and send a CPG message with the event indicator of 5 in the backward direction. Platform/Feature: SBC | The code is updated to not release the call if the SIPT library returns DISCARD_MSG while sending out a message. |
SBX-87342 | 1 | During the long load run, a few 503 responses are seen from the SBC. Impact: N/A Root Cause: The issue is seen because of SBC wrongly identified INVITE PDU type as OTHER and not INVITE only in the case when first partial PDU received over TCP as fractional INVITE word. Steps to Replicate: In long load run over TCP on ingress side. Platform/Feature: SBC | The SBC corrected the pre-parsing logic in partial PDU cases, when the INVITE word received in first partial PDU is fractional and rest of the PDU in a second partial PDU. |
SBX-90526 / SBX-90379 | 1 | Portfix SBX-90379: Pathcheck process currently supports 32 DNS records, whereas the DNS client supports 100 so there was a mismatch and this pathcheck process crash was seen when there are more than 32 records. (Originated in release 8.1.0). Impact: N/A Root Cause: PathCheck process crash was seen due mishandling of the records when the number is more than 32. Steps to Replicate: 1. Configure patch check profile to IP peer to send OPTION sip message as ping. 2. Patch check host name peer as FQDN. 3. TCP fallback enabled for DNS server configuration. 4. TC flag set coming from DNS server, which basically indicates that DNS response is truncated. 5. DNS reply has more than 32 SRV records. Platform/Feature: SBC | The Maximum records supported in a pathcheck is increased to 100, so that it will be in sync with a DNS client. |
SBX-90425 | 3 | During registration failures, and peer tries to register again, the SIPFE and SIPSG may become out of sync. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | SIPS is no longer responsible to answer the re-transmissions and the application directly handles the answer to avoid an out of sync registration. |
SBX-90231 | 2 | The SCM may core while processing SIP INVITE headers. Impact: N/A Root Cause: The received INVITE message is not as per RFC 5626 that requires +sip.instance to be followed by a value. Steps to Replicate: N/A Platform/Feature: SBC | A NULL pointer check is added to avoid a core dump when far end SIP endpoints are not following the standard. |
SBX-85675 | 1 | When invoking an API with an input param, the input params were not getting validated because the validation code was not present for the rest of the API input params. Impact: N/A Root Cause: When we were invoking any rest API with some input param. Input params were not getting validate because validation code was not present for rest API input params. Steps to Replicate: Call rest API using curl command with invalid input params value. Platform/Feature: SBC | A new class is added to validate all the API input params to fix this issue. |
SBX-86425 | 2 | The mgmtRedundancyRole is displaying Unknown instead of active/standby. Impact: N/A Root Cause: SmaGetMgmtRedundancyRole() which returns the mgmtRedundancyRole is returning rgmRedundancyRole instead of redundancyRole Steps to Replicate: Run cli command: show table system serverStatus <system name> mgmtRedundancyRole admin@CEGVM3> show table system serverStatus CEGVM3 mgmtRedundancyRole mgmtRedundancyRole active; Platform/Feature: SBC | Make the SmaGetMgmtRedundancyRole() return to redundancyRole instead of rgmRedundancyRole. |
SBX-86589 | 2 | When there are multiple ipInterfaces in different subnets in an ipInterfaceGroup, the sipSigPort address can remain bound to an ipInterface with an unmatching subnet. The sipSigPort address does not move to an ipInterface with the matching subnet when the ipInterface with the matching subnet becomes enabled and in-service. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | The signaling port address is properly relocated to an ipInterface with the matching subnet if the address is currently bound to an ipInterface in a different subnet. |
SBX-86653 | 2 | When the packets are logged as part of the SBC Packet Collector for Core Dump Analysis functionality, if there are SMM rules applied to those packets, the packets are not stored after the SMM rules have been applied. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | The code is modified to save the packets after SMM rules have been applied. |
SBX-85676 | 1 | The user was able to read any file from the under-privilege REST user through a GET request. Impact: N/A Root Cause: In old scenario, input sanitization for rest call parameters not present. Steps to Replicate: N/A Platform/Feature: SBC | The input sanitation is added to verify the REST call before executing the API. |
SBX-76813 / SBX-70808 | 3 | Portfix SBX-70808: It is not possible to use the EMA "Test SIP Adaptor Profile" or a CLI command "request profiles signaling sipAdaptorProfile getDigits testProfile" to test an SMM rule that manipulates an ISUP MIME body, because these mechanisms only support ASCII characters and the MIME body is binary. (Originated in release 8.0.0). Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | The CLI command is extended to allow processing of files contained binary MIME bodies. Processing of the inputPduString option and the EMA text screen is changed to only support the ASCII. |
SBX-86277 | 2 | The packets are captured out of order. Though all packet data is present in memory, the packets are not stored in the proper order. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | The code is modified to capture the packets in the correct order. |
SBX-86852 | 2 | /home/log/session directory has a record of the terminal session logs for all the users and the directory is world-writable without being set. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | The code is modified to set sticky bit for /home/log/session directory. |
SBX-85997 | 2 | A user is not able to create a group starting with '.' Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | The code is modified to not take groups starting with '.' as input, and to delete the groups staring with '.' at the time of the LSWU. |
SBX-87447 | 3 | The OS user linuxadmin was not getting the shortened lockout time of 10 seconds, when the OSAccountAging goes from being disabled to enabled. Impact: N/A Root Cause: Misspeliing in command to update the PAM config files. Steps to Replicate: N/A Platform/Feature: SBC | The passwd.sh script is updated to correct the incorrect spelling. |
SBX-87101 | 2 | The Packet Loss Threshold is not set properly in the NP, so the NP will report a packet loss incorrectly. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | Extract the pktLossThreshold setting from a proper location in the enable media API in the SWeNP code. |
SBX-85988 | 3 | When the To header transparency and call route by TN is on, the R-URI is uncorrected. Impact: N/A Root Cause: Incorrect logic to treat RURI as transparency. Steps to Replicate: N/A Platform/Feature: SBC | The code is modified to not treat R-URI as transparent. |
SBX-87461 | 1 | When the DRM (Application) is not receiving the response from the UXPAD for the health check messages, the DRM sends SIGABRT signal to the unresponsive UXPAD (using the UXPAD process number) to generate a coredump. Impact: N/A Root Cause: While we get the PID of the Process using the UXPAD process number, we were not searching for the exact match. If the UXPAD number is 1, it matches all the UXPADs/TPADs that have 1 in their process number ex: 1, 10, 11, 12, 21 etc, and the SIGABRT signal was sent to all those processes. Steps to Replicate: This issue can be produced with instance having more than 10 UXPADs. We don't need to run calls to reproduce this. Kill UXPAD with process number 0 or 1. Get the PID of the desired UXPAD > ps -elf | grep UXPAD (/opt/sonus/bin/swe/SWe_UXPAD -c 0x8 -n 1 --proc-type=secondary --no-pci -- -c4 -t1) choose the PID with process number 0 to 1 (process number is the last field "-t<process number>" in the output when the above command is executed). Kill the UXPAD. > kill -9 <PID> Since the UXPAD was killed, the DRM does not get the response for the health check messages and it issues the SIGABRT Signal. Without this fix the coredump gets generated for the wrong UXPAD that matched the process number (not exact match) With this fix it does not generate the core as the desired UXPAD was not live. We can monitor these logs in "/var/log/syslog", search the relevant messages with the keyword "coredumpSweDsp" Also we can check cores dumps in "/var/log/sonus/sbx/coredump" Platform/Feature: SBC | Search for the exact match while the admin retrieves the PID of the Process. |
SBX-85807 | 2 | Privilege Escalation by www-data on the SBC (Runtime Diagnostics Test). Impact: N/A Root Cause: runDiagField.sh has sonusadmin ownership and can be modified by sonusadmin to escalate to root. Steps to Replicate: N/A Platform/Feature: SBC | Updated the permission and ownership of /opt/sonus/sbx/diags/runDiagField.sh from the (-rwxr--r-- 1 sonusadmin sonus) to (-r-xr----- 1 root sonus) through the updateOwnerAndPermissions.sh. |
SBX-87452 | 2 | When the configuration for the connected realm (Address Context > Realm > Connected Realm) is created and the realm name used already exists, the code was reading off the end of a memory buffer. Impact: N/A Root Cause: The code was using a memory copy routine which always copied a fixed amount of memory regardless of the string size that existed in the source memory location. This lead to reading off the end of the memory buffer. Steps to Replicate: This issue is only seen when using special ASAN images Platform/Feature: SBC | The code is updated to use a string copy instead of a memory copy functions to avoid reading off the end of the memory buffer. |
SBX-87140 | 1 | First, a DNS query was getting initiated through the mgmt even if the IP was configured. The Patchchk process core dumps when the truncated DNS response is received from DNS server. Impact: N/A Root Cause: As default static routes are configured and mgmt. get the preference, that's the reason DNS query was initiated via mgmt. interface. Ptachcheck process core dump was happening because of its inability to handle truncated DNS response. Steps to Replicate: 1. configure patch check profile to IP peer to send OPTION sip message as ping. 2. Patch check host name peer as FQDN. 3. TCP fallback enabled for DNS server configuration. 4. TC flag set coming from DNS server, which basically indicates that DNS response is truncated. Platform/Feature: SBC | The Static route for the IP interface to the DNS server is provided, which solves the problem of the DNS query not going through the IP interface. |
SBX-87862 | 2 | The SecureNAT does not learn the remote IP address. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | The prefix match result of the received srcIP against the programmed srcIP is in Big Endian format, so it needed to be byte-swapped to Little Endian format. |
SBX-88168 | 2 | SIPS/SIPSG: The 200 Ok (connect) is not sent to the ingress, and ACK is not sent to the egress, when a call is handled using a custom call script. After the announcement script run is completed, the CC confuses the script as a multiparty call transfer script and not telling the ingress to connect the call (send 200OK). Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | The code is modifed to allow the CC to inform the ingress to connect the call after the custom call script completes. |
SBX-87527 |
| The SBC allowed a user to use the same IP address for a route next hop that caused a loss of traffic to all off-net peers across the SBC interface. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | The code is modified to validate that static route's next top IP address is not same as IP interface's altMediaIpAddress. |
SBX-85132 | 2 | For sRTP call, the SBC does not reset the ROC while doing an sRTP encryption, even if the SSRC changes. This may cause the remote decryption operation to fail on some 3rd party equipment. Impact: N/A Root Cause: The fast path design wasn't paying attention to the SSRC changes while doing sRTP encryption operation. Steps to Replicate: This specific fix has been tested/verified in unit-test environment. The following is not required, but just for the sake of completeness:
Set up an sRTP call, run it for 25 minutes, make sure there is two-way audio. Without signaling it, force a change to the SSRC on one side check if there is one-way audio. Repeat the above step with 6.2.0R0 and 6.2.3A16. Platform/Feature: SBC | The code is modified to remember the SSRC from the last RTP packet, and comparing it with the SSRC of current RTP packet before sRTP encryption is applied. If a change is detected, the ROC is reset to 0 before sRTP encryption is applied. |
SBX-88197 | 2 | An internal module's passphrase generation method was not strong. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | The code is modified to use a stronger method. |
SBX-88835 | 2 | The SBC, while trying to create DM NAPT table (after retrieving the details from the Database), was trying to read the end of a memory block for some of the parameters in the table (such as table name, etc). Impact: N/A Root Cause: While copying the different parameters from the database to DM NAPT table, the code was copying fixed size table name string. This might result in reading off the end of a memory block and if the memory block is at the top of the heap then it can cause invalid memory access and result in crash. Steps to Replicate: N/A Platform/Feature: SBC | The code is modified to not copy more memory than required, to hold the table name of the DM NAPT table to then avoid reading invalid memory. |
SBX-86712 / SBX-75943 | 2 | Portfix SBX-75943: When an video+audio directmedia call with m=audio after m=video in the SDP is made (audio becomes the last stream), the LIF bandwidth is allocated though it is a DM call.(Originated in release 8.0.0). Impact: N/A Root Cause: In nrmaResAlloc.c, the code to set the session BW to 0 (xrmBwChangeCmd.sessionBwBps = 0) is never processed for audio since it is inside a block meant for non-audio streams. Steps to Replicate: N/A Platform/Feature: SBC | A loop is added to save the streamId of the last non-audio stream. The code is modified to check if the audio is the last stream to be a part of this. An additional check is added to reset the session BW to 0 for the last non-audio stream for a direct media call, if the audio is found to be the last stream. |
SBX-89773 / SBX-89089 | 2 | Portfix SBX-89089: If a name change operation is performed to swap any of the two system names (CE name or peer CE name), the SBC application may fail to start. (Originated in release 8.1.0). Impact: N/A Root Cause: There are some config files where there is no distinction between the key used for specifying the system name and CE names. A swap in such a file cannot be done correctly. Steps to Replicate: N/A Platform/Feature: SBC | The name change operation is enhanced to reject any name change operation that involves swapping any of the two system names (CE name or peer CE name). |
SBX-86486 | 1 | The I-SBC does not span across multiple vNUMA nodes, causing a SWe_NP failure to launch. Impact: N/A Root Cause: The failure happens due to improper allocation of hugepages for SWe_NP in case it is dual NUMA ,failing SWe_NP to come up. Steps to Replicate: Follow the guidance to restrict ISBC to be confined within same NUMA in which packet port is connected. Platform/Feature: SBC | The SWe SBC software is updated to enforce I-SBC instances to run only with single vNUMA node in order to achieve deterministic performance.
|
SBX-89996 / SBX-89586 | 3 | Portfix SBX-89586: Loading the TEAMS Template token from the EMA is not working. The Token load option does not load values into the template. No action is triggered even after clicking the Token load. (Originated in release 8.1.0). Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | Updated the code to successfully load the token and display the value corresponding to the attributes. |
SBX-90157 | 3 | The radiusSharedSecret may appear in plain text in the logs. Impact: N/A Root Cause: Debug print statements caused the passphrase to be written to the logs. Steps to Replicate: N/A Platform/Feature: SBC | The code printing the plain text passphrase is removed. |
SBX-90515 / SBX-90289 | 3 | Portfix SBX-90289: The SBC cored after swapping a name (CE and System) and performing a clearDb action. (Originated in release 8.1.0). Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | The code is modified to compare all system names against each other before accepting a name change, and then generate a warning, when applicable. |
SBX-90415 | 3 | Currently, all filters are not displayed for tables such as Call Detail Status, Call Media Status, and Call Resource Detail Status. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | The code is modified to display filters for all columns in the tables. |
SBX-90323 | 1 | In case of SUBSCRIBE Relay refresh, the the R-URI must be based on the last Contact received if the first route set has the lr parameter. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | The logic is changed based on the RFC3261. |
SBX-90789 / SBX-90085 | 4 | Portfix SBX-90085: When special character inputs are used for the call number filter in the CDR viewer table, the input validation fails and the page keeps showing the table as 'Loading...'. (Originated in release 6.2.4 ). Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | The code is modified so the user can filter the called number data in CDR Viewer table, with numbers and few special characters such as #, *, +, - |
SBX-88319 | 2 | When history info header is received and International Nature of Address (NOA) Plus flag is enabled, the NOA printed in CDR log is incorrect. The NOA for the original called and redirecting number must be set to International. Impact: N/A Root Cause: When history info header is processed , International Noa Plus flag is not considered. Steps to Replicate: Reproduce the issue by Enabling following 2 flags : History Info on Ingress SIP TG. International Noa Plus Send INVITE with History-Info: <sip:+nnnnnnnnnn@domain.xx;user=phone?privacy=history>;index=1 History-Info: <sip:+nnnnnnnnnnnn@domain.nn;user=phone;cause=302>;index=1.1 Actual Result in CDR ACT logs : REDI,20,442071899987,442071899987,3,3,1,1,1,2,,,,,,,,,,,0,2 Expected Result: REDI,20,442071899987,442071899987,3,3,1,1,1,3,,,,,,,,,,,0,3 --> two HI Difference is NOA parameter for redirecting original called number. It should be 3. Platform/Feature: SBC | The code is modified to check International NOA Plus flag before setting NOA for the original and redirecting number when the history info header is received. |
SBX-90308 | 2 | When LRBT is enabled for an ICE call and egress, the endpoint responds to initial INVITE with an 183 progress message with the SDP parameters followed by an 180 without the SDP and a 200 OK with the SDP. Following the local ring back tone, the SBC initiates re-INVITE to the egress endpoint that is missing ICE ufrag, password and RTCP candidate line in the SDP. Impact: N/A Root Cause: Error in the software that was causing the ICE information for the call to be incorrectly cleared in this particular scenario. Steps to Replicate: Create sbx configuration to allow ICE sip to sip call to be routed between ingress and egress TG's. Create a toneAndAnnouncementProfile for LRBT with dynamicLRBT disabled and associate the profile to the ingress and egress TG's. Enable rtcpMux on the PSP associated with the ingress and egress TG's Method ---------- 1. Send INVITE to SBX ingress with valid ICE SDP including rtp and rtcp candidates and a=rtcp-mux. 2. From egress endpoint, respond to INVITE with with following sequence 183 Session progress including valid SDP with ICE 180 Ringing without an SDP 200 OK including valid SDP with ICE 3. At ingress endpoint, Respond to 200 Ok with ACK At egress endpoint, Respond to re-INVITE with valid 200 OK Complete call signaling and stun exchange at ingress and egress Platform/Feature: SBC | The software is modified to not clear the ICE information in this scenario. |
SBX-85820 | 3 | CDR records are broken into multiple syslog messages. Impact: N/A Root Cause: There was a limit to the message size of ~1.8K and CDR messages beyond that would be split into multiple syslog messages. Steps to Replicate: N/A Platform/Feature: SBC | The code is modified to transfer a complete CDR as one syslog message. |
SBX-90762 | 2 | During SMM testing, the code for handling message scope variables could read off the end of a memory block while printing a debug statement. Impact: N/A Root Cause: There was a limit to the message size of ~1.8K and CDR messages beyond that would be split into multiple syslog messages. Steps to Replicate: N/A Platform/Feature: SBC | The specific debug log line is deleted because there was a second debug line that is already printing from null terminated string. |
SBX-90123 | 2 | If a domain license is installed on the head end node, but the license is pushed out to another node more than an hour later, the push of the license is not successful. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | The code is modified to allow the push of the domain licenses to other nodes, if it has been successfully installed on another node of the cluster before. |
SBX-90510 | 2 | The call setup time under the currentCallStatistics output was not calculated correctly. Impact: N/A Root Cause: The code was incorrectly managing the cumulative total for this field and dividing it by 100. Steps to Replicate: Make multiple calls with a delay between sending INVITE and receiving 18x message and check the call setup time is correct. Platform/Feature: SBC | The code is modified to keep a total of the number of ticks. (i.e. 100th's of a second for each call). |
SBX-85136 | 2 | Software Update fails if an snmp trapTarget with a name containing white-space characters is configured. Impact: N/A Root Cause: A change was added to remove prefixes on trapTarget names during software update. This change does not work with names containing spaces, which is possible when manually creating a trapTarget from CLI only. Steps to Replicate: On old software, manually create a trapTarget from CLI with a name containing at least one white-space character - to do this, the name must be quoted. Then perform LSWU - this fails. Platform/Feature: SBC | The LSWU code is modified to deal with trapTarget names containing whitespace. |
SBX-90061 | 3 | The function SipSgContinueCallProcessing() acquires pstCall using SipCallFromHandleAndLockCCBCmd() and after use, the function was not releasing pstCall, causing memory leaks. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | The code is modified to release pstCall using SipUnLockAndReleaseCCBCmd() after a use. |
SBX-91464 | 3 | When the HA peer is upgraded, the upgrade screen shows an error pop up with "Internal Operation error session_start" content. Impact: N/A Root Cause: It was happening because of cnxipm directory was deleted and not able to create again, meantime system was trying to session under cnxipm director. Steps to Replicate: To reproduce this issue, we have to upgrade the system in HA peer mode. Platform/Feature: SBC
| The code is modified to check to create cnxipm directory. |
SBX-73451 | 2 | SNMP v3 doesn't work after the upgrade/restore. Impact: N/A Root Cause: SNMP version is not applied after upgrade/restore Steps to Replicate: N/A Platform/Feature: SBC: confd, Install/Upgrade Platform
| The upgrade/restore version is applied after the SBX starts from the incoming configuration database. |
SBX-91404 | 1 | There is One way audio after call transfer is made on the SWe when Ring Back is enabled with SRTP towards the MS TEAM to relay it back to PSTN behind the SBC. Impact: N/A Root Cause: With this call transfer BRES is deactivated, activated again, while reusing BRES associated SRTP ENC context it should retain the old required values in contexts, which is missing in SBC SWe Steps to Replicate: N/A Platform/Feature: SBC
| With these session modification flows, the NP code is modified to retain the enc contexts required for re-enabling so the endpoint can start accepting media. |
SBX-91333 | 2 | An Application on active may crash when the HA connection is frequently bouncing. Impact: N/A Root Cause: If the HA connection bounces while an scp operation is in progress then the copying gets stalled resulting in health check timeout in application in turn causing a crash suspecting deadlock. Steps to Replicate: N/A Platform/Feature: SBC
| The SCP operation is completed in the background thread to ensure there is no timeout on the health check. |
SBX-91224 | 2 | The SBC is using the surrogate Registration hostPart as the target FQDN. Impact: N/A Root Cause: surrogate hostPart is over-write egress IpPeer fqdn (target route) Steps to Replicate: 1. configure surrogate registration with hostPart. 2. configure Egress route as fqdn (Egress IpPeer is fqdn). 3. enable surrogate registration.
Platform/Feature: SBC
| The code is modified to not over-write egress IpPeer fqdn(target route) with the surrogate hostPart. |
SBX-91322 / SBX-89491 | 3 | Portfix SBX-89491: If a split-brain occurs prior to the standby being up and being fully synced, selecting the former standby as the leader when coming out of a split-brain will result in a complete outage. (Originated in 8.1.0). Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | The enhanced GR-HA leadership algorithm is updated to take the standby's sync state into account when deciding if the former standby is to be the post split-brain leader. |
SBX-90897 | 2 | The template form on the Configuration Script and Template Import page is not getting displayed due to some failure. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC
| The code is modified to display the Configuration template form properly when a Configuration is chosen from the table. The Configurations list table is always displayed first when 'Create Configuration from Template' is clicked. |
SBX-91226 | 2 | Unable to upload configuration in the SBC in the Provision Management. Impact: N/A Root Cause: unable to create export directory to store configuration file. Steps to Replicate: - Logged in to ems gui as admin user
- Switch to Networks tab
- Go to provisioning
- Clicked on SBC Core under provisioning
- Clicked on upload configuration
- Provided the required configurations.
- Clicked on upload.
- Before fixing the issue --
- Configuration did not got uploaded.
- After fixing the issue ---
- Configuration uploaded successfully.
Platform/Feature: SBC | The code is modified to create export directory to store the configuration file. |
SBX-91145 | 3 | DSP card present status is not updated if the card is administratively disabled. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC
| The code is modified to monitor the DSP card presence status every 10 seconds, irrespective of the card being disabled or enabled. |
SBX-90581 | 2 | When using EMA and accessing the Call Trace/Logs/Monitors > Log Management > TShark, the screen does not list the files if there are more than 130 files in the directory. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | The code is modified to correctly cope when a large volumes of pcap files are present. |
SBX-91131 | 2 | Serialization errors are logged in the SYS log for type 137603, which points to CPC_OP_TYPE_AC_ZONE_INFO, that in-turn caused the coredump. Impact: N/A Root Cause: Serialization errors are because of CPC_OP_TYPE_AC_ZONE_INFO (137603) not getting registered and trying to send it to standby SBC. Steps to Replicate: Execute LSWU from any version above 7.2.1 R1 to any other above versions. Platform/Feature: SBC | The registration issue for CPC_OP_TYPE_AC_ZONE_INFO (137603) is fixed. |
SBX-90388 | 2 | The NRS task failed healthcheck when there was over 3000 status requests per minute. Impact: N/A Root Cause: NRS task was calling out to CONFD for each packet LIF status request. Steps to Replicate: N/A Platform/Feature: SBC: Application, confd | Updated the NRS packet LIF status request processing routine to retrieve address context ID from a local cache instead of calling out to the CONFD. |
SBX-90837 / SBX-89957 | 2 | Portfix SBX-89957: In TR87 service (CSTA) call flow, INVITE transaction in SIP stack on ingress is not killed, the timer G expires and continues re-sending 200 OK to ingress. (Originated in release 6.2.4) Impact: N/A Root Cause: SBC is not killing INVITE transaction in SIP stack on ingress once we receive ingress ACK (to complete INVITE-200). Steps to Replicate: N/A Platform/Feature: SBC | The code is modified to terminate the INVITE transaction on the receiving end of ACK. |
SBX-91048 / SBX-90846 | 3 | Portfix SBX-90846: Memory leak due to the use of the delete operator. (Originated in release 8.1.0). Impact: N/A Root Cause: Memory leak due to use of delete operator Steps to Replicate: N/A Platform/Feature: SBC | Delete operator is used to deallocate the memory allocated via strdup() and is replaced by the delete operator with the free(). |
SBX-91779 / SBX-91594 | 2 | Portfix SBX-91594: When SBC-7000 is under high call load with RTCP termination and unstable traffic (reaching 10Gb traffic instantaneously), the Network Processors cores stall. Media traffic stops and PRS coredump is generated. (Originated in release 6.2.4). Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC: Firmware | Configure the work scheduler module so that UPF, DPF, UPP, DPP cores are guaranteed to have work occupy the in-unit work entry. |
SBX-90875 | 2 | A bug in GW Signaling code can cause a core when the GW Signaling Links are bouncing. Impact: N/A Root Cause: A bug in GW Signaling code can cause a core when GW Signaling Links are bouncing. Steps to Replicate: N/A Platform/Feature: SBC | The GW Signaling code is modified to prevent a core . |
SBX-90979 | 1 | Apache server is not running. Impact: N/A Root Cause: Missing library. Steps to Replicate: Start apache server. Platform/Feature: SBC: Platform | Apache server app is rebuilt with the required library. |
SBX-74033 | 3 | When a logicalMgmtIpInterface is configured, and the useIpAddrAsSnmpSource is set to true. The source for snmp traps are the specified address in the logicalMgmtIpInterface ipAddress field. However, the source of the traps is not the correct address, and instead the address is of one of the management IP ports. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC: confd, Management, Platform | The flag snmpListenOnlyOnThisInterface is added to the logicalMgmtIpInterface configuration. The default value for this flag is set to false. When the flag is set to true, the confd daemon only listens on the address specified in the logicalMgmtIpInterface with useIpAddrAsSnmpSource set. |
SBX-90366 | 1 | AppContextId within NRMA_CALL_PTR is not being synced to standby after a switchover. As a result, Wile bridging calls NRMA identifies the Id as zero and crashes. Impact: N/A Root Cause: AppContextId within NRMA_CALL_PTR was not being synced to standby after switchover. Steps to Replicate: 1) Make a call between A and B 2) Switchover 3) REFER C 4) Swithover 5) REFER to wrong IP No crash should happen Platform/Feature: SBC | The code is modified to syncing AppContextId to standby. |
SBX-90876 | 2 | Gencom client sends a 481 for call park retrieval INVITE. When an incorrect tag in Replaces header, it is sent through the SBC. Impact: N/A Root Cause: Also, When we do egress lookup when replaces call isn't connected yet, we are not finding CCB because of incorrect tag setting during lookup. Steps to Replicate: Execute call park and retrieve case where parked call is not established yet. Platform/Feature: SBC | The code is modified to merge an issue and egress lookup using the correct tags. |
SBX-91738 | 3 | If the LinkDetection interfaces are configured to use addresses specified in the systemMetaVariable dynamic table, those addresses are not properly read and LinkDetection is not activated. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | The code is modified to properly read the addresses from the metaVariableDynamic table. |
SBX-87441 | 1 | The Broadsoft AS returns the 403 for a REFER Request due to From and To tags are swapped. Impact: N/A Root Cause: "To tag" and "from Tag" were being swapped twice, resulting to their original respective values in outgoing REFER's Replaces header section. Steps to Replicate: N/A Platform/Feature: SBC | The SBC application code is modified to correctly populate the From tag and To tag values in outgoing REFER's replaces header section. |
SBX-90442 | 2 | ARM calculates the amount of memory that needs to be freed from the NP (Y has a multiple of certain number of fixed sized PNPS_ANN buffers) to fit in a new announcement the size of a WavFile_X. Due to design size, Y is not equal to size of WavFile_X. Impact: N/A Root Cause: Customer hit this issue because they touched the max amount of announcements cached in the system. Probably no other customer did that and that’s why it never came out. Steps to Replicate: Run customer flow with customer's announcements all dumped into system. Platform/Feature: SBC | The code is modified (Y is modified to Y') so that new announcements are added properly. |
SBX-85858 | 1 | The ACL rules in a non-default address context were not getting added back to the NP after a sbxrestart/reboot. Without this fix, the ACL rules configured in non-default address context do not work. Impact: N/A Root Cause: Root cause for this issue was iteration of rules list wasn't proper resulting in non-default address context rules not being added back after sbxrestart/reboot. Steps to Replicate: This issue can be reproduced by adding some ACL rules in default address context and some in non-default address context, After a sbxrestart/reboot, only the rules in default address context work. Platform/Feature: SBC | The code is modified to iterate the rules list in a correct fashion. |
SBX-88338 | 1 | The Policy Data is showing a sync in progress. Impact: N/A Root Cause: /home/oraadmin/SSDB/PolicyDBSyncStatus was being removed by logrotate. When the new file was created by write process, it did not have the correct privs to be read by status reporting session, so the status reporting process wrongly reported sync in progress. Steps to Replicate: Modified logrotate script should not remove /home/oraadmin/SSDB/PolicyDBSyncStatus file. Platform/Feature: SBC | Stop the logrotate to remove this file. |
SBX-91054 / SBX-88766 | 1 | Portfix SBX-88766: The improper value for RFactor was displayed under the CLI command: trunkGroupQoeStatus. (Originated in release 7.2.1) Impact: N/A Root Cause: This became broken as part of N:1 feature done in release 6.1 Steps to Replicate: N/A Platform/Feature: SBC | The wrong context was fetched to calculate the RFactor value. The code is modified for the RFactor calculation. |
SBX-91186 | 1 | In the case of status commands executed from the CLI, a request is sent to both active and standby nodes. An LVM running on active and standby nodes compares the CE name configured in the LDG with a server name and returns stats only for LDGs that are configured on that CE. However, there is no similar check in the case of a PF stat. Without the check for a PF stat,the statistics displayed for LDGs configured on standby node was not correct. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | The code is modified to compare the CE name and return stats associated with the LDGs configured on the respective nodes. |
SBX-91405 | 2 | The cluster configuration for saveConfigStoreFile fails on the head end node due to a change of permission by keyKeeper.py. The sbcRegistration was not readable by the admin as a result of the configuration failure. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | The code is modified and the admin is able to read the sbcRegistration. |
SBX-91186 | 1 | Failure stats are not being printed in the SBC stats file while it is showing in "show table addressContext default linkDetectionGroupStatistics". The LDGs are configured on both active and standby nodes. An LVM running on active and standby nodes compares the CE name configured in the LDG with server name, and returns stats only for the LDGs that are configured on that CE. However, there is not a similar check in case of PF stat. In response, the statistics displayed for the LDGs configured on standby node are not correct. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | The code is modified to compare the CE name and return stats associated with the LDGs configured on the respective nodes. |
SBX-91114 | 1 | The SRTP enables calls in the SWe SBC and causes the NP_Work_2 to sporadically crash and core. Impact: Root Cause: In SWe SBC, NP API updates are asynchronous w.r.t packet processing, If packet processing is accessing the API cleared pointer it result in crash. Steps to Replicate: This is sporadic, running SRTP calls load can trigger this crash sometimes. Platform/Feature: SBC | The SRTP SSRC update checks the in packet processing to verify whether the API updates cleared the reference to avoid null access. |
SBX-90594 | 2 | The SBC was not sending the ACK to the 200OK for an INVITE after the 4th switchover. Impact: N/A Root Cause: Syncing of transferred calls to standby was not proper Steps to Replicate: 1) Make a call form A to B 2) Switcover 3) Transfer from B to C 4) Switchover 5) Refer from C to D 6) Switcover 7) Refer from D to E 8) Call should be connected between A and E Platform/Feature: SBC | The syncing is done in all states for transferred calls to remove the issue. |
SBX-89851 / SBX-87053 | 2 | Portfix SBX-87053: The SBC fails to apply an ARS procedure on collecting a 503, with or without a Retry-After header when the FQDN is configured on the IP Peer. (Originated in release 8.0.0). Impact: N/A Root Cause: When FQDN configured on IP Peer, on getting 503 SBC should look for DNS resolved IP address, instead SBC looking at FQDN configured in IP peer and hence it fails to apply ARS. Steps to Replicate: 1. Configure FQDN in IP peer 2. Enable uriPreference flag 3. Simulate UAS to reject INVITE with 503 4. SBC should apply ARS procedure on getting 503 Platform/Feature: SBC | The code is modified to have the DNS resolved IP address on collecting a 503 when the FQDN configured in the IP peer. |
SBX-89039 | 2 | The System Diagnostics throws an error in Custom-> View Custom Perspectives through the xpath, which is incorrect. Impact: N/A Root Cause: Xpath was old must have been changed. Old xpath was not part of model. Steps to Replicate: N/A Platform/Feature: SBC | The code is modified to point to the correct xpath. |
SBX-88994 | 4 | The status of the Routing Label Route in a table shows as out of service, even if it is In service when created. The out of service status shows when the code picks the wrong data for validating the status. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | The code is modified to adjust the Routing Label Route Status, which was shown as Out of Service. |
SBX-88860 / SBX-85902 | 2 | Portfix SBX-85902: Whenever there is any SMM rule for a SDP body, the SMM will remove all linear white space before and after the “=” character from each SDP line.The removal of the white space before and after the "=" character results in a SIP parse error when valid lines "s= " or "l= ". (Originated in release 8.1.0). Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | The code is modified not to remove any spaces for an S and I Line when using the SMM. |
SBX-88716 | 3 | Remove the plainText EMS Passwords from the userData/MetaData files in cloud. EMS plain text password cannot be present in the SBC, it must be replaced with hashes. Impact: N/A Root Cause: N/A Steps to Replicate: N/A Platform/Feature: SBC | The plain text password of EMS is replaced with encrypted passwords. |
SBX-87883 | 2 | A call is torn down if the SendOnlyPreferred enabled. Impact: N/A Root Cause: The receive and transmit payload type for ULAW and ALAW are not correctly set. Steps to Replicate: sipp -sf /sonus/support/SBX-87883/scenario_0x00408a30_UAC.xml -s 890 172.23.243.230 -m 1 -i 10.7.20.75 sipp -sf /sonus/support/SBX-87883/scenario_0x00408a30_UAS.xml -p 16284 -i 10.7.20.75 Enable SendOnlyPreferredCodec and HOP and HRP. Platform/Feature: SBC | The code is modified to correctly set the receive and transmit payload type for the ULAW and ALAW. The ULAW and ALAW does not use an asymmetric payload type and is used for adding the logic. |
SBX-88454 / SBX-87242 | 2 | Portfix SBX-87242: When the DNS packets are received over a TCP, during the failure case (primarily when the length is less than 0 after a reading from the socket), there is no validation of the DNS TCB (Transaction Control Block) pointer while processing. (Originated in release 8.1.0). Impact: N/A Root Cause: This issue was reported as part of ASAN testing in SBC lab. When SBC is receiving packets/PDUs from DNS server via TCP, it does the following 1. Process the PDU (valid data received from TCP socket). Once the PDU is processed, the Transaction Control Block (TCB) maintained is freed. 2. For the same transaction, if some data is received with the length < 0, we check if the TCB exist to process the connection failure. Here we are not checking whether the TCB pointer is already freed (i.e. NULL) or not. Steps to Replicate: N/A Platform/Feature: SBC | A defensive check (to validate if the TCB pointer is NULL or not) is added before processing a connection failure. |
SBX-75737 | 1 | The Nessus scan found multiple vulnerabilities (1 critical, 3 high, 2 medium). Impact: N/A Root Cause: Many packages are out of date. Steps to Replicate: Run Nessus scan. Platform/Feature: SBC: Application | The code is modified to upgrade the vulnerable packages. |
SBX-87367 / SBX-87182 | 2 | Portfix SBX-87182: There is an error while importing a perspective having " - " in the perspective name. (Originated in release 6.2.4). Impact: N/A Root Cause: Missing Validation for checking unwanted and illegal characters in the file names. Steps to Replicate: N/A Platform/Feature: SBC | The code is modified to implement the logic to verify and ensure that only valid characters are present in the file names. |
SBX-87171 / SBX-86593 | 3 | Portfix SBX-86593: An EMA Template fails to import the Config when Special Characters are present. (Originated in release 6.2.4). Impact: N/A Root Cause: Logic to escape the HTML Characters was used while reading the request parameters . (Java Escape HTML Logic was in place). Steps to Replicate: N/A Platform/Feature: SBC | The logic to escape HTML Characters is removed in the TemplateConfigServlet.java file. |