sr-dev March 2023

sr-dev@lists.kamailio.org

14 participants
250 discussions

[kamailio/kamailio] Adding SSL support to db_redis and ndb_redis (PR #3345)

by joelbax

#### Pre-Submission Checklist    - [x] Commit message has the format required by CONTRIBUTING guide - [x] Commits are split per component (core, individual modules, libs, utils, ...) - [ ] Each component has a single commit (if not, squash them into one commit) - [ ] No commits to README files for modules (changes must be done to docbook files in `doc/` subfolder, the README file is autogenerated) #### Type Of Change - [ ] Small bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds new functionality) - [ ] Breaking change (fix or feature that would change existing functionality) #### Checklist:  - [ ] PR should be backported to stable branches - [ ] Tested changes locally - [ ] Related to issue #XXXX (replace XXXX with an open issue number) #### Description A couple of commit (1 per each module) adding SSL support to db_redis and ndb_redis. This mainly includes checking if proper parameter is provided (for ndb_redis it is `ssl` option in the DB URL and, for db_redis, a new `opt_ssl` parameter) and create a temporary SSL context that is used to initialise the redis context. db_redis is also updated with another parameter to provide a DB access password. You can view, comment on, or merge this pull request online at: https://github.com/kamailio/kamailio/pull/3345 -- Commit Summary -- * db_redis: Adding SSL support * ndb_redis: Adding SSL support -- File Changes -- M src/modules/db_redis/Makefile (8) M src/modules/db_redis/db_redis_mod.c (5) M src/modules/db_redis/redis_connection.c (43) M src/modules/db_redis/redis_connection.h (2) M src/modules/ndb_redis/Makefile (6) M src/modules/ndb_redis/redis_client.c (47) M src/modules/ndb_redis/redis_client.h (3) -- Patch Links -- https://github.com/kamailio/kamailio/pull/3345.patch https://github.com/kamailio/kamailio/pull/3345.diff -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/3345 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/pull/3345(a)github.com>

1 year, 5 months

[kamailio/kamailio] tm:t_lookup_callid use only trans Call-ID header value to match with … (PR #3393)

by descartin

…callid param   #### Pre-Submission Checklist    - [ ] Commit message has the format required by CONTRIBUTING guide - [ ] Commits are split per component (core, individual modules, libs, utils, ...) - [ ] Each component has a single commit (if not, squash them into one commit) - [ ] No commits to README files for modules (changes must be done to docbook files in `doc/` subfolder, the README file is autogenerated) #### Type Of Change - [ x] Small bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds new functionality) - [ ] Breaking change (fix or feature that would change existing functionality) #### Checklist:  - [x ] PR should be backported to stable branches - [x ] Tested changes locally - [ ] Related to issue #XXXX (replace XXXX with an open issue number) #### Description  Using kamailio 5.4 version, we have had an issue with a carrier that sent a CANCEL with to-tag. To be able to process that request, we used the function t_cancel_callid, to convert that abnormal CANCEL to a regular one cancelling the current transaction for that call. But we saw that it was not working since they sent the callid header named as CALL-ID. Seems the matching between the stored callid header in memory and the param passed for the callid lookup matching, is being done in case sensitive way with a generated Call-ID: XXXXXXXX based on the called param of the function. we have tested a wasy to do the comparision only with the callid header value, so we strip from the callid header stored at memory the Call-ID: (or CALL-ID:) part. maybe there is another way to do that in other part of the code, but seems at least this worked for the tests thanks a lot and regards david You can view, comment on, or merge this pull request online at: https://github.com/kamailio/kamailio/pull/3393 -- Commit Summary -- * tm:t_lookup_callid use only trans Call-ID header value to match with callid param -- File Changes -- M src/modules/tm/t_lookup.c (10) M src/modules/tm/t_msgbuilder.c (9) M src/modules/tm/t_msgbuilder.h (1) -- Patch Links -- https://github.com/kamailio/kamailio/pull/3393.patch https://github.com/kamailio/kamailio/pull/3393.diff -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/3393 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/pull/3393(a)github.com>

1 year, 6 months

[kamailio/kamailio] tls: build does not apply TLS_PTHREAD_MUTEX_SHARED on systems with libssl 1.1+ and without pkg-config (Issue #3384)

by shaneqld

### Description On systems running libssl 1.1+, the compile flag `TLS_PTHREAD_MUTEX_SHARED` is set to avoid an issue with deadlocks. However, if the system does not have `pkg-config` installed, the build completes successfully without setting this compile flag. As such, users with this particular configuration are at risk of TLS-related deadlocks. ### Troubleshooting This scenario arose for me when I experienced suspected TLS-related deadlocks in Kamailio 5.4.1. Particularly, in a simple configuration, multiple UDP workers were using t_relay to near-simultaneously connect to the same TLS host. After some time, the UDP workers stopped responding while executing this simple route block. I cannot definitively conclude this issue was the same deadlock bug. The compile flag `TLS_PTHREAD_MUTEX_SHARED` was not set and `pkg-config` was not installed. I found [this mailing list thread](https://lists.kamailio.org/pipermail/sr-users/2019-December/107759.… discussing TLS deadlocks and the build process and the user was running Kamailio 5.3.1, libssl 1.1 but did not have `TLS_PTHREAD_MUTEX_SHARED` set. This issue may explain how this user ended up in that situation. #### Reproduction Tested against Kamailio 5.4.1 and latest master. On a system with libssl 1.1+, build (including the `tls` module) with `pkg-config` installed and run `kamailio -I`. `TLS_PTHREAD_MUTEX_SHARED` flag is set. ``` Version: kamailio 5.7.0-dev3 (x86_64/linux) b75b6e Default config: /usr/local/etc/kamailio/kamailio.cfg Default paths to modules: /usr/local/lib64/kamailio/modules Compile flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED ``` Uninstall `pkg-config` and rebuild. `TLS_PTHREAD_MUTEX_SHARED` flag is not set. ``` Version: kamailio 5.7.0-dev3 (x86_64/linux) b75b6e Default config: /usr/local/etc/kamailio/kamailio.cfg Default paths to modules: /usr/local/lib64/kamailio/modules Compile flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES ``` When `pkg-config` is not installed, the build also outputs the following log lines, however the build does not fail. ``` /bin/sh: 1: pkg-config: not found /bin/sh: 1: pkg-config: not found /bin/sh: 1: pkg-config: not found /bin/sh: 1: pkg-config: not found /bin/sh: 1: pkg-config: not found /bin/sh: 1: pkg-config: not found /bin/sh: 1: pkg-config: not found /bin/sh: 1: pkg-config: not found ``` ### Possible Solutions Some thoughts about options: 1. It looks like effort has been applied in other areas to support the absence of `pkg-config`, so potentially support libssl 1.1+ detection without `pkg-config`. 2. Require `pkg-config` on build and fail without it. 3. Enable `TLS_PTHREAD_MUTEX_SHARED` by default as I assume most people are running libssl 1.1+ these days, and disable it if libssl < 1.1 detected. Personally I have installed `pkg-config` and rebuilt, however I think for the safety of others building from source that the compile flag should be correctly set or the build should fail. ### Operating System ``` Distributor ID: Debian Description: Debian GNU/Linux 10 (buster) Release: 10 Codename: buster Linux debian-kamailio 4.19.0-20-amd64 #1 SMP Debian 4.19.235-1 (2022-03-17) x86_64 GNU/Linux ``` -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3384 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/3384(a)github.com>

1 year, 6 months

[kamailio/kamailio] Topos: Added Call-ID mask support for Topos (PR #3347)

by Harish S

Added Call-ID mask Support for Topos with API call from Topoh to mask the callID Call-ID mask happens before the request is sent downstream and unmasked when received from downstream.   #### Pre-Submission Checklist    - [x] Commit message has the format required by CONTRIBUTING guide - [x] Commits are split per component (core, individual modules, libs, utils, ...) - [ ] Each component has a single commit (if not, squash them into one commit) - [ ] No commits to README files for modules (changes must be done to docbook files in `doc/` subfolder, the README file is autogenerated) #### Type Of Change - [ ] Small bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds new functionality) - [ ] Breaking change (fix or feature that would change existing functionality) #### Checklist:  - [ ] PR should be backported to stable branches - [ ] Tested changes locally - [ ] Related to issue #XXXX (replace XXXX with an open issue number) #### Description  You can view, comment on, or merge this pull request online at: https://github.com/kamailio/kamailio/pull/3347 -- Commit Summary -- * Topos: Added Call ID mask when sending to Downstream * Topos: Added CallID Mask Document for Topos -- File Changes -- M src/modules/topos/doc/topos_admin.xml (20) M src/modules/topos/topos_mod.c (119) M src/modules/topos/tps_msg.c (37) M src/modules/topos/tps_msg.h (2) -- Patch Links -- https://github.com/kamailio/kamailio/pull/3347.patch https://github.com/kamailio/kamailio/pull/3347.diff -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/3347 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/pull/3347(a)github.com>

1 year, 6 months

[kamailio/kamailio] rtpengine: google sanitizer aligment warning (Issue #3058)

by sergey-safarov

``` bencode.c:149:14: runtime error: member access within misaligned address 0xffff9f18937f for type 'struct bencode_item_t', which requires 8 byte alignment 0xffff9f18937f: note: pointer points here 9f ff ff 00 00 14 00 00 00 00 00 00 00 98 1b 21 9f ff ff 00 00 f0 8b 9a fe ff ff 00 00 18 26 9c ^ bencode.c:50:64: runtime error: member access within misaligned address 0xffff9f18937f for type 'struct bencode_item_t', which requires 8 byte alignment 0xffff9f18937f: note: pointer points here 9f ff ff 00 00 14 00 00 00 00 00 00 00 98 1b 21 9f ff ff 00 00 f0 8b 9a fe ff ff 00 00 18 26 9c ^ bencode.c:50:54: runtime error: member access within misaligned address 0xffff9f18937f for type 'struct bencode_item_t', which requires 8 byte alignment 0xffff9f18937f: note: pointer points here 9f ff ff 00 00 14 00 00 00 00 00 00 00 98 1b 21 9f ff ff 00 00 f0 8b 9a fe ff ff 00 00 00 00 00 ^ bencode.c:50:48: runtime error: member access within misaligned address 0xffff9f18937f for type 'struct bencode_item_t', which requires 8 byte alignment 0xffff9f18937f: note: pointer points here 9f ff ff 00 00 14 00 00 00 00 00 00 00 98 1b 21 9f ff ff 00 00 f0 8b 9a fe ff ff 00 00 00 00 00 ``` -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3058 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/3058(a)github.com>

1 year, 6 months

[kamailio/kamailio] TLS Module does not expose all entries in the subject alternative name (Issue #3400)

by Marcus Orchard

### Description Have a certificate with the following Subject Alternative Name value: DNS:www.company.net, DNS:company.com, DNS: company.net Calling `$tls_peer_san_hostname` (and the other pv's/select that reference SAN) only returns `www.company.net` (first entry) This does not support the spec which allows multiple entries (rfc2459 I believe). ### Troubleshooting Logged values of different SAN back select and pseudovariables and only appears to return the first entries. #### Reproduction Create a self signed certificate with multiple alt names (I used this as a guide: https://support.citrix.com/article/CTX135602/how-to-create-a-selfsigned-san…) Updated my Kamailio config to log different tls pv and selects (eg tls_peer_san_hostname, @tls.peer.dns select, but others as well) Confirm only one value is provided. #### Debugging Data ``` [www.company.net] is the only value present in the corresponding variables ``` ### Possible Solutions Update variables to provide access to SAN entries to return all the values Create new variable to provide access to all SAN entries ### Additional Information https://www.kamailio.org/wiki/cookbooks/5.1.x/pseudovariables#tls_peer_san_… http://www.kamailio.org/wiki/cookbooks/5.2.x/selects#tlspeerdns -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3400 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/3400(a)github.com>

1 year, 7 months

[kamailio/kamailio] tls: get san entries by index (PR #3408)

by Marcus Orchard

- adds count pv and sel for DNS, EMAIL, IP, URI - adds ability to access SAN entries by index fix #3400  #### Pre-Submission Checklist    - [x] Commit message has the format required by CONTRIBUTING guide - [x] Commits are split per component (core, individual modules, libs, utils, ...) - [x] Each component has a single commit (if not, squash them into one commit) - [x] No commits to README files for modules (changes must be done to docbook files in `doc/` subfolder, the README file is autogenerated) #### Type Of Change - [x] Small bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds new functionality) - [ ] Breaking change (fix or feature that would change existing functionality) #### Checklist:  - [x] PR should be backported to stable branches - [x] Tested changes locally - [x] Related to issue #3400 #### Description Fix issue #3400 that describes that tls module cannot properly handle certificates with multiple SAN entries. Add ability to access SAN entries by index. Add ability to get count of supported SAN entries by type of entry. If index is not provided will return first entry (current behavior to remain backwards compatible. Tested by creating a self signed SAN cert with 3 DNS entries and confirmed expected results for: $(tls_peer_san_hostname[2]) $(tls_peer_san_hostname); $tls_peer_san_count(DNS) $tls_peer_san_count(URI) $tls_peer_san_count(EMAIL) $tls_peer_san_count(IP) $sel(tls.peer.dns[1]) $sel(tls.peer.dns) $sel(tls.peer.count[\"DNS\"]) $(tls_peer_san_ip[0]) $(tls_peer_san_uri) $sel(tls.peer.ip[0]) $sel(tls.peer.count[\"EMAIL\"]) $(tls_my_san_hostname[2]) $(tls_my_san_hostname) $tls_my_san_count(DNS) $tls_my_san_count(URI) $tls_my_san_count(EMAIL) $tls_my_san_count(IP) $sel(tls.my.dns[1]) $sel(tls.my.dns) $sel(tls.my.count[\"DNS\"] $(tls_my_san_ip[0])] $(tls_my_san_uri) $sel(tls.my.ip[0]) $sel(tls.my.count[\"EMAIL\"]) Also repeated the test with a self signed cert with 3 DNS entries, 1 IP entry, 1 EMAIL entry and 1 URI entry You can view, comment on, or merge this pull request online at: https://github.com/kamailio/kamailio/pull/3408 -- Commit Summary -- * tls: get san entries by index -- File Changes -- M src/modules/tls/tls_select.c (314) -- Patch Links -- https://github.com/kamailio/kamailio/pull/3408.patch https://github.com/kamailio/kamailio/pull/3408.diff -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/3408 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/pull/3408(a)github.com>

1 year, 7 months

Debian SBOM for kamailio

by Olle E. Johansson

Hi! Using the “syft” tool from Anchore I created an SBOM for a server with Kamailio installed from Debian. The result is quite interesting. Some notes: - For each component (debian package) a list of licenses are made. - The CPEs - filters for matching with NVD - are based on the debian package names, which is incorrect I will try with a newer system, like Debian Bullseye. My question is if we can fix this somehow by modifying meta data in our packages. Will have to check what syft is using, but this SBOM is not very useful…. Cheers, /O Examples: "cpe": "cpe:2.3:a:kamailio-extra-modules:kamailio-extra-modules:5.3.9\\+bpo10:*:*:*:*:*:*:*", "licenses": [ { "license": { "id": "Apache-1.0" } }, { "license": { "id": "BSD-2-Clause" } }, { "license": { "id": "BSD-3-Clause" } }, { "license": { "name": "Expat" } }, { "license": { "id": "GPL-2.0-only" } }, { "license": { "id": "GPL-2.0-or-later" } }, { "license": { "id": "GPL-2.0-or-later" } }, { "license": { "id": "ISC" } }, { "license": { "id": "MIT" } },

1 year, 7 months

Roadmap to next major release series v5.7.x

by Daniel-Constantin Mierla

Hello, it is time to make the roadmap to the next major release series v5.7.x. In my opinion, I would try to freeze the development during the first part of April 2023, tentatively proposing April 14 as freezing date, being like 4 weeks from now. Then testing phase and first release (v5.7.0) sometime during May 2023. Alternative timelines can be proposed, of course. If anyone wants to add new features/modules, they have to be published till freezing date, either pushed in the git repository or proposed as pull request. Cheers, Daniel -- Daniel-Constantin Mierla -- www.asipto.com www.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio World Conference - June 5-7, 2023 - www.kamailioworld.com Kamailio Advanced Training - Online - March 27-30, 2023 - www.asipto.com

1 year, 7 months

[kamailio/kamailio] nats: add a reply param to nats_publish and expose as nats_publish_request in KEMI (PR #3397)

by Seven Du

#### Pre-Submission Checklist    - [x] Commit message has the format required by CONTRIBUTING guide - [x] Commits are split per component (core, individual modules, libs, utils, ...) - [x] Each component has a single commit (if not, squash them into one commit) - [x] No commits to README files for modules (changes must be done to docbook files in `doc/` subfolder, the README file is autogenerated) #### Type Of Change - [ ] Small bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds new functionality) - [ ] Breaking change (fix or feature that would change existing functionality) #### Checklist:  - [ ] PR should be backported to stable branches - [x] Tested changes locally - [ ] Related to issue #XXXX (replace XXXX with an open issue number) #### Description  I added `nats_publish_request` which calls the `natsConnection_PublishRequestString` to send a request to the NATS server with a `reply` string so the response can be easily replied back. I tested in Lua and the native route, not sure if it's the right way to implement. I can update docs if it sounds good. Thanks. You can view, comment on, or merge this pull request online at: https://github.com/kamailio/kamailio/pull/3397 -- Commit Summary -- * nats: add a reply param to nats_publish and expose as nats_publish_request in KEMI -- File Changes -- M src/modules/nats/nats_mod.c (18) M src/modules/nats/nats_mod.h (2) M src/modules/nats/nats_pub.c (52) M src/modules/nats/nats_pub.h (7) -- Patch Links -- https://github.com/kamailio/kamailio/pull/3397.patch https://github.com/kamailio/kamailio/pull/3397.diff -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/3397 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/pull/3397(a)github.com>

1 year, 7 months

← Newer
1
...
9
10
11
12
13
14
15
...
25
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev March 2023