Disclaimer: This repository is a git-svn mirror of the project found at http://java.net/projects/jsip whose original repository is developed collaboratively by the Advanced Networking Technologies Division at the National Institute of Standards and Technology (NIST) - an agency of the United States Department of Commerce and by a community of individual and enterprise contributors. TeleStax, Inc. will perform some productization work, new features experimentation branches, etc for its TelScale jSIP product that doesn't concern the community from the main repository hence this git repository.
We have a scenario where a load balancer (Linux Virtual Server - LVS) sends SIP OPTIONS every 5 seconds via TCP.
When receiving this OPTIONS, our application (using this SIP stack) sends 200 OK and the LVS immediately closes the TCP connection after having received it.
Im some cases the socket close is very fast and comes into the TCPMessageChannel while sending the 200 OK in method sendMessage is still in progress.
Unfortunately the socket close will set the mySock member to null while the sendMessage method is still accessing it.
This can happen, because the socket handling is not thread safe.
sendMessage will then run into the situation that it overwrites the mySock with the current send socket sock (line 297).
In our LVS case sock and mySock are the same because LVS puts it's own TCP port into the Via header and no additional TCP connection needs to be established for sending the response.
As a result accessing the overwritten mySock causes a SocketException.
My suggested fix will avoid accessing the live mySock member by making a copy of it in the beginning of sendMessage and checks afterwards, if the copy is still identical to mySock.
This avoids the problem we have but the socket handling is still not thread safe and needs further refactoring in the future.
We have a scenario where a load balancer (Linux Virtual Server - LVS) sends SIP OPTIONS every 5 seconds via TCP. When receiving this OPTIONS, our application (using this SIP stack) sends 200 OK and the LVS immediately closes the TCP connection after having received it. Im some cases the socket close is very fast and comes into the TCPMessageChannel while sending the 200 OK in method sendMessage is still in progress. Unfortunately the socket close will set the mySock member to null while the sendMessage method is still accessing it. This can happen, because the socket handling is not thread safe. sendMessage will then run into the situation that it overwrites the mySock with the current send socket sock (line 297). In our LVS case sock and mySock are the same because LVS puts it's own TCP port into the Via header and no additional TCP connection needs to be established for sending the response. As a result accessing the overwritten mySock causes a SocketException.
My suggested fix will avoid accessing the live mySock member by making a copy of it in the beginning of sendMessage and checks afterwards, if the copy is still identical to mySock. This avoids the problem we have but the socket handling is still not thread safe and needs further refactoring in the future.
sip-race-condition.log