Hi,
I think I discovered a bug in t_pick_branch, lines
1194 if (get_prio(inc_code, rpl)<get_prio(best_s, rpl)) { ... 1210 get_prio(t->uac[b].last_received, rpl)<get_prio(best_s, rpl) )
the second argument of get_prio() does ALWAYS corresponds to the branch b, which is iterated within the loop: rpl = t->uac[b].reply;
The "best_s"-branch may have a different rpl - nevertheless, get_prio() is always called with the same "rpl"!
So e.g. it can happen, that in the first iteration (best_s is 0) if the branch "b" has a faked reply (=> rpl== FAKED_REPLY) and the module parameter "faked_reply_prio" is +1000, get_prio() does the following
1168 if (rpl == FAKED_REPLY) { 1169 /* Add faked_reply penalty */ 1170 return prio + faked_reply_prio;
=> 32000 + 1000 !!! overflow !!!
rpl == FAKED_REPLY because get_prio(best_s, rpl) is called with the currently-iterated rpl parameter!
In my opinion it needs to be stored for the best_s, whether it has a FAKED_REPLY or not, best_s_rpl or something....
Cheers Jasmin
-
Jasmin Schnatterbeck