sr-dev December 2024

sr-dev@lists.kamailio.org

17 participants
347 discussions

[kamailio/kamailio] Memory usage increases everytime tls.reload is executed (Issue #3823)
by Sebastian Denz 06 May '25

06 May '25

### Description We are using Kamailio 5.7.4 on Debian 12 (from http://deb.kamailio.org/kamailio57) with rtpengine as an Edgeproxy for our clients. The instance terminates SIP/TLS (with Cliencertificates) and forwards the SIP Traffic to internal systems. After some days we are getting errors like this `tls_complete_init(): tls: ssl bug #1491 workaround: not enough memory for safe operation: shm=7318616 threshold1=8912896` First we thought Kamailio just doesnt have enough memory, so we doubled it.. But after some days the Logmessage (and Userissues) occured again. So we monitored the shmmem statistics and found that used and max_used are constantly growing til it reaches the limit. As i mentioned we are using client-certificates and so we are also using the CRL feature. We do have a systemd-timer which fetches the CRL every hour and runs 'kamcmd tls.reload' when finished. Our tls.cfg looks like this: ``` [server:default] method = TLSv1.2+ private_key = /etc/letsencrypt/live/hostname.de/privkey.pem certificate = /etc/letsencrypt/live/hostname.de/fullchain.pem ca_list = /etc/kamailio/ca_list.pem ca_path = /etc/kamailio/ca_list.pem crl = /etc/kamailio/combined.crl.pem verify_certificate = yes require_certificate = yes [client:default] verify_certificate = yes require_certificate = yes ``` After testing a bit we found that every time tls.reload is executed Kamailio consumes a bit more memory which eventually leads to all the memory being consumed which leads to issues for our users. See following example: ``` [0][root@edgar-dev:~]# while true ; do /usr/sbin/kamcmd tls.reload ; /usr/sbin/kamcmd core.shmmem ; sleep 1 ; done Ok. TLS configuration reloaded. { total: 268435456 free: 223001520 used: 41352552 real_used: 45433936 max_used: 45445968 fragments: 73 } Ok. TLS configuration reloaded. { total: 268435456 free: 222377960 used: 41975592 real_used: 46057496 max_used: 46069232 fragments: 78 } Ok. TLS configuration reloaded. { total: 268435456 free: 221748664 used: 42604992 real_used: 46686792 max_used: 46698080 fragments: 77 } Ok. TLS configuration reloaded. { total: 268435456 free: 221110832 used: 43242408 real_used: 47324624 max_used: 47335608 fragments: 81 } ^C [130][root@edgar-dev:~]# ``` ### Troubleshooting #### Reproduction Everytime tls.reload is called the memory consumptions grows.. #### Debugging Data  ``` If you let me know what would be interesting for tracking this down, i am happy to provide logs/debugging data! ``` #### Log Messages  ``` If you let me know what would be interesting for tracking this down, i am happy to provide logs/debugging data! ``` #### SIP Traffic SIP doesnt seem to be relevant here ### Possible Solutions Calling tls.reload less often or restart kamailio before memory is consumed ;) ### Additional Information ``` version: kamailio 5.7.4 (x86_64/linux) flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. id: unknown compiled with gcc 12.2.0 ``` * **Operating System**: ``` * Debian GNU/Linux 12 (bookworm) * Linux edgar-dev 6.1.0-20-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.85-1 (2024-04-11) x86_64 GNU/Linux ``` -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3823 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/3823(a)github.com>

9 31

[kamailio/kamailio] cmake format options and naming styles (Issue #4075)
by Daniel-Constantin Mierla 06 May '25

06 May '25

Discussion to define cmake format options and coding/naming styles. It is better to define most of them now to have coherency in the future. Started from the discussion on #4066. Comment with what you would like to have, describing when useful why your proposal is a good/better option. -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/4075 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/4075(a)github.com>

5 9

[kamailio/kamailio] secfilter‌: support remove rule in Whitelist and Blacklist (PR #4089)
by AsedMorteza 30 Apr '25

30 Apr '25

#### Pre-Submission Checklist    - [x] Commit message has the format required by CONTRIBUTING guide - [x] Commits are split per component (core, individual modules, libs, utils, ...) - [x] Each component has a single commit (if not, squash them into one commit) - [x] No commits to README files for modules (changes must be done to docbook files in `doc/` subfolder, the README file is autogenerated) #### Type Of Change - [ ] Small bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds new functionality) - [ ] Breaking change (fix or feature that would change existing functionality) #### Checklist:  - [ ] PR should be backported to stable branches - [x] Tested changes locally - [ ] Related to issue #XXXX (replace XXXX with an open issue number) #### Description ##### **Summary** This update introduces new functionality to the `secfilter` module, enabling the removal of entries from both the Blacklist and Whitelist. It also includes automatic detection and removal of duplicate values from these lists. ##### **Details** * Users can now remove specific entries from the Blacklist or Whitelist based on type (e.g., IP, domain, user) and a given value. * Supports removal of single or multiple matching entries in one operation. ##### **Benefits** - Improves the usability and flexibility of the `secfilter` module by allowing fine-grained control over list management. - Ensures that the Blacklist and Whitelist are kept clean and free from redundant entries. - Enhances performance by reducing unnecessary duplication in the lists. ##### Testing This feature was tested using `kmcmd` commands in various scenarios: - Removing the **first element** in the list. - Removing an element from the **middle** of the list. - Removing the **last element** in the list. - Removing **all matching elements** in the list. In all cases, the commands worked correctly, and the lists were updated and cleaned as expected. You can view, comment on, or merge this pull request online at: https://github.com/kamailio/kamailio/pull/4089 -- Commit Summary -- * secfilter‌: support remove rule in Whitelist and Blacklist -- File Changes -- M src/modules/secfilter/secfilter.c (8) M src/modules/secfilter/secfilter.h (3) M src/modules/secfilter/secfilter_db.c (106) M src/modules/secfilter/secfilter_rpc.c (95) -- Patch Links -- https://github.com/kamailio/kamailio/pull/4089.patch https://github.com/kamailio/kamailio/pull/4089.diff -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/4089 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/pull/4089(a)github.com>

6 11

[kamailio/kamailio] Allow single quotes in From name (Issue #3984)
by ThomasSevestre 28 Apr '25

28 Apr '25

### Description `secf_check_sqli_all();` block requests when a single quote is present in From name : ``` From: "O'Reilly" <sip:100@example.net>;tag=abcd ``` Since single quotes are frequent in names. It makes it difficult to use this function. ### Possible Solutions A solution would be to skip single quote check in From name. I'll write the PR if you are OK with this solution -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3984 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/3984(a)github.com>

5 10

[kamailio/kamailio] Handling Duplicate Values in secfilter Module's kamcmd Commands (Issue #4091)
by AsedMorteza 26 Apr '25

26 Apr '25

**Description** The `secfilter` module in `kamcmd` currently allows duplicate entries when adding values to certain lists (e.g., blacklists, whitelists). This can lead to unexpected behavior and potential inconsistencies. Could you clarify the reason behind accepting duplicate values? Recently, I submitted a pull request to add delete commands to the `secfilter` module #4089. When a user, for example, executes: `kamcmd secfilter.del_bl user 1005` I iterate through the entire list to ensure all occurrences of `1005` are removed, as I realized duplicates might exist. This is inefficient and could be avoided by preventing duplicates in the first place. **Proposed Solutions** 1. **Prevent Duplicates in Existing `add` Commands:** * I can modify existing `add` commands to directly prevent the addition of duplicate values. This would simplify future operations and improve performance. 2. **Introduce New `add_unique` Commands:** * I can maintain the current `add` commands for backward compatibility. * I can introduce new `add_unique` commands (e.g., `secfilter.add_bl_unique`) that explicitly reject duplicate entries. **Recommendation** I recommend implementing the first solution (preventing duplicates in existing `add` commands) as it provides the most straightforward and efficient approach. **Further Considerations** * Consider adding a check for duplicates during the `add` operation and returning an appropriate error message if a duplicate is encountered. * Document the behavior of duplicate values in the `secfilter` module's documentation. **I would appreciate your feedback and guidance on the best course of action.** -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/4091 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/4091(a)github.com>

6 9

[kamailio/kamailio] cmake: switching deb rules (Issue #4053)
by Victor Seva 26 Apr '25

26 Apr '25

Opening this generic issue to track issues when trying to switch deb package generation to cmake: -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/4053 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/4053(a)github.com>

5 54

[kamailio/kamailio] tcp_timer_check_connections() logs on CRITICAL and is not caught by event_route[tcp:timeout] (Issue #3995)
by Fritjof Höst 20 Apr '25

20 Apr '25

### Description Hi! We are in the progress of upgrading from Kamailio 5.5 to 5.8. During our testing we have noticed a new error being reported from Kamailio. We don’t see any other errors following it. ```jsx /usr/sbin/kamailio[201]: CRITICAL: <core> [core/tcp_main.c:5544]: tcp_timer_check_connections(): message processing timeout on connection id: 67896 (state: 3) - closing ``` It does seem to be [new code](https://github.com/kamailio/kamailio/blob/master/src/core/tcp_main.c#… in Kamailio reporting this issue. Given that this is a fairly expected thing, cleaning up a connection which receives no traffic within the given time, is there a need for it to be reported on CRITICAL? I’d also expect it to be caught by ``` event_route[tcp:timeout] { xlog("L_INFO","connection $conid timeouts (unanswered keepalives)"); } ``` given that [the description](https://www.kamailio.org/docs/modules/stable/modules/tcpops.ht… of this one is `Called for connection timeouts (unanswered keepalives).`. ### Troubleshooting We don't have any way to reproduce it, we are still investigating it to figure out the cause. It happens around every 2 hours, so we think there might some some scheduled test or job running in our test system causing this. ### Additional Information * **Kamailio Version** - 5.8.3 * **Operating System**: Debian 12 AMI from the AWS Marketplace. -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3995 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/3995(a)github.com>

6 9

[kamailio/kamailio] fr_timer documentation mistake (Issue #3939)
by Dmitry Sinina 20 Apr '25

20 Apr '25

Documentation https://www.kamailio.org/docs/modules/devel/modules/tm.html#tm.p.fr_timer says: >Timer which hits if no **final reply** for a request or ACK for a negative INVITE reply arrives (in milliseconds). Looks like it is not correct description - fr_timer value works until 1xx(not **final**) response received and then timer restarted with fr_inv_timer value there: https://github.com/kamailio/kamailio/blob/master/src/modules/tm/t_reply.c#L… Looks like old doc from sip router https://sip-router.org/wiki/ref_manual/timers explains it correctly: > fr_timer This timer is used for all SIP requests. It hits if no reply for an INVITE request or other request has been received (F in milliseconds). If a provisional reply is received for an INVITE (any 1xx), then the fr_inv_timer will be used instead. And if no replies (at all) for an INVITE are received before `fr_timer` hits, the transaction is terminated with a 408 in failure route. -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3939 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/3939(a)github.com>

3 10

[kamailio/kamailio] clean_sa(): Error sending delete SAs command via netlink socket: Invalid argument (#2707)
by openspring 16 Apr '25

16 Apr '25

### Description  #### Log Messages  ``` 0(117561) DEBUG: <core> [core/route_struct.c:128]: mk_action(): ACTION type5, i/count 0/1: type 1(1)/ data 0x7f8583620ef0 0(117561) DEBUG: <core> [core/route_struct.c:128]: mk_action(): ACTION type16, i/count 0/3: type 22(16)/ data 0x7f8583621ad8 0(117561) DEBUG: <core> [core/route_struct.c:128]: mk_action(): ACTION type16, i/count 1/3: type 8(8)/ data 0x7f8583620fd8 0(117561) DEBUG: <core> [core/route_struct.c:128]: mk_action(): ACTION type16, i/count 2/3: type 0(0)/ data 0x7f8500000000 0(117561) DEBUG: <core> [core/route.c:129]: route_add(): mapping routing block (0xb914c0)[MT_indialog_reply] to 6 ERROR: bad config file (1 errors) 0(117561) DEBUG: <core> [core/sr_module.c:765]: destroy_modules(): starting modules destroy phase 0(117561) DEBUG: debugger [debugger_api.c:1267]: dbg_destroy_mod_levels(): Destroyed _dbg_mod_table, size 32 0(117561) ERROR: ims_ipsec_pcscf [ipsec.c:567]: clean_sa(): Error sending delete SAs command via netlink socket: Invalid argument 0(117561) WARNING: ims_ipsec_pcscf [cmd.c:998]: ipsec_cleanall(): Error cleaning IPSec Security associations during startup. 0(117561) ERROR: ims_ipsec_pcscf [ipsec.c:609]: clean_policy(): Error sending delete policies command via netlink socket: Invalid argument 0(117561) WARNING: ims_ipsec_pcscf [cmd.c:1002]: ipsec_cleanall(): Error cleaning IPSec Policies during startup. 0(117561) ERROR: ims_ipsec_pcscf [ims_ipsec_pcscf_mod.c:309]: mod_destroy(): Error destroying spi generator 0(117561) ERROR: ims_ipsec_pcscf [ims_ipsec_pcscf_mod.c:313]: mod_destroy(): Error destroying port generator 0(117561) DEBUG: tm [t_funcs.c:84]: tm_shutdown(): start 0(117561) DEBUG: tm [t_funcs.c:87]: tm_shutdown(): emptying hash table 0(117561) DEBUG: tm [t_funcs.c:89]: tm_shutdown(): removing semaphores 0(117561) DEBUG: tm [t_funcs.c:91]: tm_shutdown(): destroying tmcb lists 0(117561) DEBUG: tm [t_funcs.c:94]: tm_shutdown(): done 0(117561) INFO: <core> [core/sctp_core.c:53]: sctp_core_destroy(): SCTP API not initialized 0(117561) DEBUG: <core> [core/mem/shm.c:289]: shm_destroy_manager(): destroying memory manager: q_malloc 0(117561) DEBUG: <core> [core/mem/q_malloc.c:1185]: qm_shm_lock_destroy(): destroying the shared memory lock 0(117561) DEBUG: <core> [core/mem/pkg.c:98]: pkg_destroy_manager(): destroying memory manager: q_malloc ``` ### Additional Information * **Kamailio Version** - output of `kamailio -v` ``` version: kamailio 5.4.4 (x86_64/linux) 8d6c2b flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. id: 8d6c2b compiled on 22:26:30 Apr 11 2021 with gcc 4.8.5 ``` * **Operating System**:  ``` NAME="CentOS Linux" VERSION="7 (Core)" ID="centos" ID_LIKE="rhel fedora" VERSION_ID="7" PRETTY_NAME="CentOS Linux 7 (Core)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:centos:centos:7" HOME_URL="https://www.centos.org/" BUG_REPORT_URL="https://bugs.centos.org/" CENTOS_MANTISBT_PROJECT="CentOS-7" CENTOS_MANTISBT_PROJECT_VERSION="7" REDHAT_SUPPORT_PRODUCT="centos" REDHAT_SUPPORT_PRODUCT_VERSION="7" ``` -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/2707

5 5

[kamailio/kamailio] tls: Create one shared context and reuse it. (PR #3972)
by Xenofon Karamanos 01 Apr '25

01 Apr '25

#### Pre-Submission Checklist    - [x] Commit message has the format required by CONTRIBUTING guide - [x] Commits are split per component (core, individual modules, libs, utils, ...) - [x] Each component has a single commit (if not, squash them into one commit) - [x] No commits to README files for modules (changes must be done to docbook files in `doc/` subfolder, the README file is autogenerated) #### Type Of Change - [ ] Small bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds new functionality) - [ ] Breaking change (fix or feature that would change existing functionality) #### Checklist:  - [ ] PR should be backported to stable branches - [x] Tested changes locally - [x] Related to issue #3823 #### Description  This PR aims to implement what was discussed in [mailing list](https://lists.kamailio.org/mailman3/hyperkitty/list/sr-dev@lists.kama… regarding some `tls.reload` and increasing memory usage. It adds a new parameter `enable_shared_ctx` in `tls` module that if set to 0, preserves the old behavior and if set to 1 (other than 0 tbh), it creates a single SSL context that is being shared. This have the effect of using way less memory when initialized as well, but also minimizes (can't say it fixes the problem) the `tls.reload` memory increase. I have also added a small markdown (comparison.md) file, where some comparisons where made between enabled/disabled shared context and with/without CA file (where the initial problem was occurring by the reporter). Feedback would be necessary to verify whether this patch, acts as expected and kamailio works as intented. You can view, comment on, or merge this pull request online at: https://github.com/kamailio/kamailio/pull/3972 -- Commit Summary -- * tls: Add parameter for shared contexts * tls: Comparison for enable_shared_ctx -- File Changes -- A comparison.md (15) M src/modules/tls/tls_domain.c (172) M src/modules/tls/tls_mod.c (11) M src/modules/tls/tls_mod.h (1) -- Patch Links -- https://github.com/kamailio/kamailio/pull/3972.patch https://github.com/kamailio/kamailio/pull/3972.diff -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/3972 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/pull/3972(a)github.com>

4 9

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev December 2024