sr-dev January 2023

sr-dev@lists.kamailio.org

14 participants
279 discussions

git:5.6:3cc09ff6: core: fix memory leak related to Require header parsing, this header also need to be freed

by Henning Westerholt

Module: kamailio Branch: 5.6 Commit: 3cc09ff6045c35feef5902e3cea6b313c49e8a77 URL: https://github.com/kamailio/kamailio/commit/3cc09ff6045c35feef5902e3cea6b31… Author: Henning Westerholt <hw(a)gilawa.com> Committer: Henning Westerholt <hw(a)gilawa.com> Date: 2023-01-25T08:01:33Z core: fix memory leak related to Require header parsing, this header also need to be freed (cherry picked from commit 6c372bf644e1c9afa867433e5992e347c8fc4ff6) --- Modified: src/core/parser/hf.h --- Diff: https://github.com/kamailio/kamailio/commit/3cc09ff6045c35feef5902e3cea6b31… Patch: https://github.com/kamailio/kamailio/commit/3cc09ff6045c35feef5902e3cea6b31… --- diff --git a/src/core/parser/hf.h b/src/core/parser/hf.h index 8b5dfc9791..6a2d9fdae8 100644 --- a/src/core/parser/hf.h +++ b/src/core/parser/hf.h @@ -231,6 +231,7 @@ static inline int hdr_allocs_parse(struct hdr_field* hdr) case HDR_PROXYAUTH_T: case HDR_RECORDROUTE_T: case HDR_REFER_TO_T: + case HDR_REQUIRE_T: case HDR_ROUTE_T: case HDR_RPID_T: case HDR_SESSIONEXPIRES_T:

1 year, 10 months

git:master:6c372bf6: core: fix memory leak related to Require header parsing, this header also need to be freed

by Henning Westerholt

Module: kamailio Branch: master Commit: 6c372bf644e1c9afa867433e5992e347c8fc4ff6 URL: https://github.com/kamailio/kamailio/commit/6c372bf644e1c9afa867433e5992e34… Author: Henning Westerholt <hw(a)gilawa.com> Committer: Henning Westerholt <hw(a)gilawa.com> Date: 2023-01-25T08:00:34Z core: fix memory leak related to Require header parsing, this header also need to be freed --- Modified: src/core/parser/hf.h --- Diff: https://github.com/kamailio/kamailio/commit/6c372bf644e1c9afa867433e5992e34… Patch: https://github.com/kamailio/kamailio/commit/6c372bf644e1c9afa867433e5992e34… --- diff --git a/src/core/parser/hf.h b/src/core/parser/hf.h index 8b5dfc9791..6a2d9fdae8 100644 --- a/src/core/parser/hf.h +++ b/src/core/parser/hf.h @@ -231,6 +231,7 @@ static inline int hdr_allocs_parse(struct hdr_field* hdr) case HDR_PROXYAUTH_T: case HDR_RECORDROUTE_T: case HDR_REFER_TO_T: + case HDR_REQUIRE_T: case HDR_ROUTE_T: case HDR_RPID_T: case HDR_SESSIONEXPIRES_T:

1 year, 10 months

git:master:5dabd1e7: modules: readme files regenerated - tls ... [skip ci]

by Kamailio Dev

Module: kamailio Branch: master Commit: 5dabd1e7aa3574a41fc30ead60f9e3f68de0f471 URL: https://github.com/kamailio/kamailio/commit/5dabd1e7aa3574a41fc30ead60f9e3f… Author: Kamailio Dev <kamailio.dev(a)kamailio.org> Committer: Kamailio Dev <kamailio.dev(a)kamailio.org> Date: 2023-01-25T08:31:17+01:00 modules: readme files regenerated - tls ... [skip ci] --- Modified: src/modules/tls/README --- Diff: https://github.com/kamailio/kamailio/commit/5dabd1e7aa3574a41fc30ead60f9e3f… Patch: https://github.com/kamailio/kamailio/commit/5dabd1e7aa3574a41fc30ead60f9e3f… --- diff --git a/src/modules/tls/README b/src/modules/tls/README index 21740840b4..a8b83eda17 100644 --- a/src/modules/tls/README +++ b/src/modules/tls/README @@ -1271,12 +1271,18 @@ modparam("tls", "renegotiation", 1) Allow setting flags that control how the module is initialized and works at runtime. Many flags (bits) can be set at the same time (set - the parameter to the sum of corresponding values). - - If flag (bit) 1 is set (value 1), the memory management operations - registered for TLS are wapped within a pthread mutex lock. It can be - useful with newer versions of libssl and libcrypto, which have a more - pthread multi-threading oriented design. + the parameter to the sum of corresponding values). The flags are + refered with 0-indexing. + + If flag (bit) at index 0 is set (value 1), the memory management + operations registered for TLS are wapped within a pthread mutex lock. + It can be useful with newer versions of libssl and libcrypto, which + have a more pthread multi-threading oriented design. + + If flag (bit) at index 1 is set (value 2), the module executes openssl + fork prepare API functions (see + https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_fork_prepare.html). + It is done only for openssl version greater or equal with 1.1.1. Default value is 0.

1 year, 10 months

git:master:331aa575: tls: update docs for init_mode with details about fork prepare option

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: 331aa5753beccd3ddb241219cf1988a506fa2de3 URL: https://github.com/kamailio/kamailio/commit/331aa5753beccd3ddb241219cf1988a… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2023-01-25T08:26:09+01:00 tls: update docs for init_mode with details about fork prepare option --- Modified: src/modules/tls/doc/params.xml --- Diff: https://github.com/kamailio/kamailio/commit/331aa5753beccd3ddb241219cf1988a… Patch: https://github.com/kamailio/kamailio/commit/331aa5753beccd3ddb241219cf1988a… --- diff --git a/src/modules/tls/doc/params.xml b/src/modules/tls/doc/params.xml index 49f1d1f85f..d90157ca24 100644 --- a/src/modules/tls/doc/params.xml +++ b/src/modules/tls/doc/params.xml @@ -1037,13 +1037,20 @@ modparam("tls", "renegotiation", 1) <para> Allow setting flags that control how the module is initialized and works at runtime. Many flags (bits) can be set at the same time (set the - parameter to the sum of corresponding values). + parameter to the sum of corresponding values). The flags are refered + with 0-indexing. </para> <para> - If flag (bit) 1 is set (value 1), the memory management operations registered for TLS are - wapped within a pthread mutex lock. It can be useful with newer versions - of libssl and libcrypto, which have a more pthread multi-threading oriented - design. + If flag (bit) at index 0 is set (value 1), the memory management operations + registered for TLS are wapped within a pthread mutex lock. It can be useful + with newer versions of libssl and libcrypto, which have a more pthread + multi-threading oriented design. + </para> + <para> + If flag (bit) at index 1 is set (value 2), the module executes openssl fork + prepare API functions (see + <ulink url="https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_fork_prepare.html">https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_fork_prepare.html</ulink>). It is done only for openssl version greater or equal + with 1.1.1. </para> <para> Default value is 0.

1 year, 10 months

git:master:cb424135: tls: new option for init_mode to use openssl api for fork prepare

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: cb424135c4164be10dd3c12086b548b8fec0d830 URL: https://github.com/kamailio/kamailio/commit/cb424135c4164be10dd3c12086b548b… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2023-01-25T08:19:52+01:00 tls: new option for init_mode to use openssl api for fork prepare - flag 2 (value 2) has to be set --- Modified: src/modules/tls/tls_init.h Modified: src/modules/tls/tls_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/cb424135c4164be10dd3c12086b548b… Patch: https://github.com/kamailio/kamailio/commit/cb424135c4164be10dd3c12086b548b… --- diff --git a/src/modules/tls/tls_init.h b/src/modules/tls/tls_init.h index c0fecc6b17..c3fe829f00 100644 --- a/src/modules/tls/tls_init.h +++ b/src/modules/tls/tls_init.h @@ -57,6 +57,7 @@ extern sr_tls_methods_t sr_tls_methods[]; #endif #define TLS_MODE_PTHREAD_LOCK_SHM (1) +#define TLS_MODE_FORK_PREPARE (1<<1) /* * just once, pre-initialize the tls subsystem diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c index e41c7d7d0f..466e2fcdbb 100644 --- a/src/modules/tls/tls_mod.c +++ b/src/modules/tls/tls_mod.c @@ -412,6 +412,15 @@ static int mod_init(void) if(sr_tls_event_callback.s==NULL || sr_tls_event_callback.len<=0) { tls_lookup_event_routes(); } +#if OPENSSL_VERSION_NUMBER >= 0x010101000L + /* + * register the need to be called post-fork of all children + * with the special rank PROC_POSTCHILDINIT + */ + if(ksr_tls_init_mode&TLS_MODE_FORK_PREPARE) { + ksr_module_set_flag(KSRMOD_FLAG_POSTCHILDINIT); + } +#endif return 0; error: tls_h_mod_destroy_f(); @@ -423,6 +432,7 @@ static int mod_init(void) static int tls_engine_init(); int tls_fix_engine_keys(tls_domains_cfg_t*, tls_domain_t*, tls_domain_t*); #endif + static int mod_child(int rank) { if (tls_disable || (tls_domains_cfg==0)) @@ -440,7 +450,29 @@ static int mod_child(int rank) &mod_params, &mod_params) < 0) return -1; } +#if OPENSSL_VERSION_NUMBER >= 0x010101000L + if(ksr_tls_init_mode&TLS_MODE_FORK_PREPARE) { + OPENSSL_fork_prepare(); + } +#endif + return 0; + } + +#if OPENSSL_VERSION_NUMBER >= 0x010101000L + if(ksr_tls_init_mode&TLS_MODE_FORK_PREPARE) { + if(rank==PROC_POSTCHILDINIT) { + /* + * this is called after forking of all child processes + */ + OPENSSL_fork_parent(); + return 0; + } + if (!_ksr_is_main) { + OPENSSL_fork_child(); + } } +#endif + #ifndef OPENSSL_NO_ENGINE /* * after the child is fork()ed we go through the TLS domains

1 year, 10 months

[kamailio/kamailio] "kamdbctl create" creates the same user twice which fails (Issue #3280)

by Tommy Falgout

### Description When running kamdbctl for the first time with `DBENGINE=MYSQL` , it will try to create the same user twice which causes a failure. Because the user is already there, the create fails and the install script fails As a new user this is very confusing as it leads you to believe that you're blocked. However, if you enable prompt and run it twice and then skip adding access the second time, you can continue. ``` root@924dfe238957:/# /usr/sbin/kamdbctl create Create the database 'kamailio'? (y/n): y -e \E[37;33mINFO: creating database kamailio ... Create database users with access privileges? (y/n): y -e \E[37;33mINFO: granting privileges to database kamailio ... ERROR 1396 (HY000) at line 1: Operation CREATE USER failed for 'kamailio'@'mariadb' ERROR 1396 (HY000) at line 1: Operation CREATE USER failed for 'kamailioro'@'mariadb' ``` ### Troubleshooting If you modify `./usr/lib/x86_64-linux-gnu/kamailio/kamctl/kamdbctl.mysql` to echo the command instead, then you get the following debugging info. ``` root@924dfe238957:/# /usr/sbin/kamdbctl create Create the database 'kamailio'? (y/n): y -e \E[37;33mINFO: creating database kamailio ... mysql -h mariadb -P 3306 -uroot -ppasswd -e CREATE DATABASE kamailio CHARACTER SET latin1; Create database users with access privileges? (y/n): y -e \E[37;33mINFO: granting privileges to database kamailio ... mysql -h mariadb -P 3306 -uroot -ppasswd -e CREATE USER 'kamailio'@'mariadb' IDENTIFIED BY 'kamailiorw'; GRANT ALL PRIVILEGES ON kamailio.* TO 'kamailio'@'mariadb'; mysql -h mariadb -P 3306 -uroot -ppasswd -e CREATE USER 'kamailioro'@'mariadb' IDENTIFIED BY 'kamailioro'; GRANT SELECT ON kamailio.* TO 'kamailioro'@'mariadb'; mysql -h mariadb -P 3306 -uroot -ppasswd -e CREATE USER 'kamailio'@'localhost' IDENTIFIED BY 'kamailiorw'; GRANT ALL PRIVILEGES ON kamailio.* TO 'kamailio'@'localhost'; mysql -h mariadb -P 3306 -uroot -ppasswd -e CREATE USER 'kamailioro'@'localhost' IDENTIFIED BY 'kamailioro'; GRANT SELECT ON kamailio.* TO 'kamailioro'@'localhost'; mysql -h mariadb -P 3306 -uroot -ppasswd -e CREATE USER 'kamailio'@'mariadb' IDENTIFIED BY 'kamailiorw'; GRANT ALL PRIVILEGES ON kamailio.* TO 'kamailio'@'mariadb'; mysql -h mariadb -P 3306 -uroot -ppasswd -e CREATE USER 'kamailioro'@'mariadb' IDENTIFIED BY 'kamailioro'; GRANT SELECT ON kamailio.* TO 'kamailioro'@'mariadb'; ``` As you can see ` 'kamailioro'@'mariadb'` and ` 'kamailioro'@'mariadb'` are added twice which creates a 1396 error. #### Reproduction ``` ``` -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3280 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/3280(a)github.com>

1 year, 10 months

[kamailio/kamailio] Confusing wss transport with ws transport while forwarding sip messages (Issue #3340)

by Nathan

### Description For secure websocket connections (wss), Kamailio seems to forget that the connection is secure, later trying to use a regular TCP `listen` option to send out messags. I'd be happy to propose a patch, but I'm not sure what the expected behavior of Kamailio would be here. Setup: - One Kamailio acting as websocket endpoint with TLS configured, forwarding all packets via udp to another kamailio - Another Kamailio handling all dialplan logic, including registers/invites We have traced the issue: - Client sends a `REGISTER` over secure websockets - Kamailio1 forwards this to Kamailio 2, with `Path: <sip:kamailio1:port1;lr;received=sip:1.1.1.1:11111%3Btransport%3Dws>` - Kamailio 2 stores the AOR in database using `registrar.store` - In the location table, we can see `received = sip:1.1.1.1:11111;transport=ws` - We try to send a SIP INVITE to the WebRTC client - Kamailio 2 creates invite, adds header `Route: ` with option `transport=ws` - INVITE arrives at Kamailio 1, which forwards it to the client using `t_relay` - Kamailio 1 ends up in `get_send_socket2`, with parameter `proto = ws` - Following the source code, we end up [here](https://github.com/kamailio/kamailio/blob/master/src/core/forward.c#L…, this will end up picking `sendipv4_tcp` as `send_sock` - This picks a *TCP* listener, while in fact we need a *TLS* listener - As a result, the outgoing message contains a wrong endpoint in the `Record-Route` header, causing issues in the SIP dialog later on ### Troubleshooting #### Reproduction Reproducing from scratch requires quite some setup, hopefully the above information will be enough to diagnose. #### Debugging Data See above. #### Log Messages See above. #### SIP Traffic See above, can provide exact SIP traces if required. ### Possible Solutions We have been able to work around the issue like this: ``` if (pcre_match("$(hdr(Route)[0]{nameaddr.uri}{uri.param,received})", "%3Btransport%3Dws")) { # Kamailio bug? # in the received parameter of the route header, there is ';transport=ws' # so kamailio starts looking for a *tcp* connection, while it should be looking for a *tls* # connection. xlog("L_NOTICE", "Websocket detected; forcing wss transport"); set_send_socket("tls:WEBSOCKET_IP:WEBSOCKET_PORT"); } ``` ### Additional Information * **Kamailio Version** - output of `kamailio -v` Tested with 5.4.4, but code doesn't seem to be changed in master. * **Operating System**: Ubuntu Focal. -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3340 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/3340(a)github.com>

1 year, 10 months

Is there any Function or parameter to check Initial Invite Response on Kamailio

by HimaBindu G

Hi All, Can you please suggest any function or parameter to check Initial Invite Response from the backend. Thanks & Regards, Hima Bindu.

1 year, 10 months

git:master:79eae59c: tls: renamed the module destroy function

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: 79eae59c4e104dab0b195bfbeb01b58f9d144092 URL: https://github.com/kamailio/kamailio/commit/79eae59c4e104dab0b195bfbeb01b58… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2023-01-24T11:36:53+01:00 tls: renamed the module destroy function --- Modified: src/modules/tls/tls_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/79eae59c4e104dab0b195bfbeb01b58… Patch: https://github.com/kamailio/kamailio/commit/79eae59c4e104dab0b195bfbeb01b58… --- diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c index bef803230c..e41c7d7d0f 100644 --- a/src/modules/tls/tls_mod.c +++ b/src/modules/tls/tls_mod.c @@ -78,7 +78,7 @@ */ static int mod_init(void); static int mod_child(int rank); -static void destroy(void); +static void mod_destroy(void); static int w_is_peer_verified(struct sip_msg* msg, char* p1, char* p2); static int w_tls_set_connect_server_id(sip_msg_t* msg, char* psrvid, char* p2); @@ -275,7 +275,7 @@ struct module_exports exports = { 0, /* response handling function */ mod_init, /* module init function */ mod_child, /* child initi function */ - destroy /* destroy function */ + mod_destroy /* destroy function */ }; @@ -460,7 +460,7 @@ static int mod_child(int rank) } -static void destroy(void) +static void mod_destroy(void) { /* tls is destroyed via the registered destroy_tls_h callback * => nothing to do here */

1 year, 10 months

Re: issues when freeing shared memory in custom module (Kamailio 5.5.2) - available shared memory (follow up), and crash with tlsf

by Luis Azedo

Hello Nicolas, i use tlsf and i have no issues. tlsf "nukes" the memory (sets the allocated size to NULL) on deallocation, i would check your module (or other like parts of kamailio) for possible reuse of memory after deallocation. i remember to have made some commits around this "memory use after deallocation" Cheers

1 year, 10 months

← Newer
1
...
13
14
15
16
17
18
19
...
28
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev January 2023