sr-dev February 2024

sr-dev@lists.kamailio.org

19 participants
246 discussions

git:master:87ef83d2: modules: readme files regenerated - db_mysql ... [skip ci]
by Kamailio Dev 14 Feb '24

14 Feb '24

Module: kamailio Branch: master Commit: 87ef83d23f68a43fc5265a81330cbeed6205f922 URL: https://github.com/kamailio/kamailio/commit/87ef83d23f68a43fc5265a81330cbee… Author: Kamailio Dev <kamailio.dev(a)kamailio.org> Committer: Kamailio Dev <kamailio.dev(a)kamailio.org> Date: 2024-02-14T08:31:13+01:00 modules: readme files regenerated - db_mysql ... [skip ci] --- Modified: src/modules/db_mysql/README --- Diff: https://github.com/kamailio/kamailio/commit/87ef83d23f68a43fc5265a81330cbee… Patch: https://github.com/kamailio/kamailio/commit/87ef83d23f68a43fc5265a81330cbee… --- diff --git a/src/modules/db_mysql/README b/src/modules/db_mysql/README index 17f8795581a..4264fa1c969 100644 --- a/src/modules/db_mysql/README +++ b/src/modules/db_mysql/README @@ -32,7 +32,7 @@ Daniel-Constantin Mierla 3.5. insert_delayed (integer) 3.6. update_affected_found (integer) 3.7. opt_ssl_mode (integer) - 3.8. opt_ssl_ca (integer) + 3.8. opt_ssl_ca (string) 4. Functions 5. Installation @@ -71,7 +71,7 @@ Chapter 1. Admin Guide 3.5. insert_delayed (integer) 3.6. update_affected_found (integer) 3.7. opt_ssl_mode (integer) - 3.8. opt_ssl_ca (integer) + 3.8. opt_ssl_ca (string) 4. Functions 5. Installation @@ -110,7 +110,7 @@ Chapter 1. Admin Guide 3.5. insert_delayed (integer) 3.6. update_affected_found (integer) 3.7. opt_ssl_mode (integer) - 3.8. opt_ssl_ca (integer) + 3.8. opt_ssl_ca (string) 3.1. ping_interval (integer) @@ -216,7 +216,7 @@ modparam("db_mysql", "update_affected_found", 1) modparam("db_mysql", "opt_ssl_mode", 1) ... -3.8. opt_ssl_ca (integer) +3.8. opt_ssl_ca (string) Configures the CA certs used to verify the MySQL server cert when SSL is enabled.

1 0

git:master:c89fe41b: db_mysql: fix typos
by S-P Chan 14 Feb '24

14 Feb '24

Module: kamailio Branch: master Commit: c89fe41b1583af74cdf7e20d2357d7c90990839f URL: https://github.com/kamailio/kamailio/commit/c89fe41b1583af74cdf7e20d2357d7c… Author: S-P Chan <shihping.chan(a)gmail.com> Committer: S-P Chan <shihping.chan(a)gmail.com> Date: 2024-02-14T15:20:35+08:00 db_mysql: fix typos The option opt_ssl_ca is a string not integer. The comment for ea81e6cb should show the code fix as mysql_options(ptr->con, MYSQL_OPT_SSL_CA, (void *)db_mysql_opt_ssl_ca) --- Modified: src/modules/db_mysql/doc/db_mysql_admin.xml --- Diff: https://github.com/kamailio/kamailio/commit/c89fe41b1583af74cdf7e20d2357d7c… Patch: https://github.com/kamailio/kamailio/commit/c89fe41b1583af74cdf7e20d2357d7c… --- diff --git a/src/modules/db_mysql/doc/db_mysql_admin.xml b/src/modules/db_mysql/doc/db_mysql_admin.xml index 7297f2d1b15..18c703838ce 100644 --- a/src/modules/db_mysql/doc/db_mysql_admin.xml +++ b/src/modules/db_mysql/doc/db_mysql_admin.xml @@ -219,7 +219,7 @@ modparam("db_mysql", "opt_ssl_mode", 1) </example> </section> <section id="db_mysql.p.opt_ssl_ca"> - <title><varname>opt_ssl_ca</varname> (integer)</title> + <title><varname>opt_ssl_ca</varname> (string)</title> <para> Configures the CA certs used to verify the MySQL server cert when SSL is enabled.

1 0

git:master:a61bfe9f: modules: readme files regenerated - db_mysql ... [skip ci]
by Kamailio Dev 14 Feb '24

14 Feb '24

Module: kamailio Branch: master Commit: a61bfe9fb8357cedf5cb22e2698ec5d817fcfe5a URL: https://github.com/kamailio/kamailio/commit/a61bfe9fb8357cedf5cb22e2698ec5d… Author: Kamailio Dev <kamailio.dev(a)kamailio.org> Committer: Kamailio Dev <kamailio.dev(a)kamailio.org> Date: 2024-02-14T08:16:19+01:00 modules: readme files regenerated - db_mysql ... [skip ci] --- Modified: src/modules/db_mysql/README --- Diff: https://github.com/kamailio/kamailio/commit/a61bfe9fb8357cedf5cb22e2698ec5d… Patch: https://github.com/kamailio/kamailio/commit/a61bfe9fb8357cedf5cb22e2698ec5d… --- diff --git a/src/modules/db_mysql/README b/src/modules/db_mysql/README index 8e135cdcbf2..17f8795581a 100644 --- a/src/modules/db_mysql/README +++ b/src/modules/db_mysql/README @@ -32,6 +32,7 @@ Daniel-Constantin Mierla 3.5. insert_delayed (integer) 3.6. update_affected_found (integer) 3.7. opt_ssl_mode (integer) + 3.8. opt_ssl_ca (integer) 4. Functions 5. Installation @@ -46,9 +47,10 @@ Daniel-Constantin Mierla 1.5. Set insert_delayed parameter 1.6. Set update_affected_found parameter 1.7. Set opt_ssl_mode parameter - 1.8. Set a my.cnf group in db_url parameter - 1.9. Adding a kamailio group to my.cnf - 1.10. Using [client] and specific group + 1.8. Set opt_ssl_ca parameter + 1.9. Set a my.cnf group in db_url parameter + 1.10. Adding a kamailio group to my.cnf + 1.11. Using [client] and specific group Chapter 1. Admin Guide @@ -69,6 +71,7 @@ Chapter 1. Admin Guide 3.5. insert_delayed (integer) 3.6. update_affected_found (integer) 3.7. opt_ssl_mode (integer) + 3.8. opt_ssl_ca (integer) 4. Functions 5. Installation @@ -107,6 +110,7 @@ Chapter 1. Admin Guide 3.5. insert_delayed (integer) 3.6. update_affected_found (integer) 3.7. opt_ssl_mode (integer) + 3.8. opt_ssl_ca (integer) 3.1. ping_interval (integer) @@ -212,6 +216,21 @@ modparam("db_mysql", "update_affected_found", 1) modparam("db_mysql", "opt_ssl_mode", 1) ... +3.8. opt_ssl_ca (integer) + + Configures the CA certs used to verify the MySQL server cert when SSL + is enabled. + + Required when opt_ssl_mode = 4 or 5 and db_mysql is built with + libmysqlclient. + + Default value is NULL (NULL - not configured). + + Example 1.8. Set opt_ssl_ca parameter +... +modparam("db_mysql", "opt_ssl_ca", "/etc/ssl/certs/mysql-ca.pem") +... + 4. Functions No function exported to be used from configuration file. @@ -238,12 +257,12 @@ modparam("db_mysql", "opt_ssl_mode", 1) * mysql://user:pass@[group]/db * mysql://[group]/db - Example 1.8. Set a my.cnf group in db_url parameter + Example 1.9. Set a my.cnf group in db_url parameter ... modparam("usrloc", "db_url", "mysql://[kamailio]/kamailio) ... - Example 1.9. Adding a kamailio group to my.cnf + Example 1.10. Adding a kamailio group to my.cnf ... [kamailio] socket = /path/to/mysql.sock @@ -257,7 +276,7 @@ default-character-set = utf8 both your specific group and the client group, then the value is taken from the last one. - Example 1.10. Using [client] and specific group + Example 1.11. Using [client] and specific group ... [client] socket = /run/mysql/mysqld.sock

1 0

git:master:eafd93f0: db_mysql: update docs for opt_ssl_ca
by S-P Chan 14 Feb '24

14 Feb '24

Module: kamailio Branch: master Commit: eafd93f0576504ea03fe6b5e3898506072218cef URL: https://github.com/kamailio/kamailio/commit/eafd93f0576504ea03fe6b5e3898506… Author: S-P Chan <shihping.chan(a)gmail.com> Committer: S-P Chan <shihping.chan(a)gmail.com> Date: 2024-02-14T15:09:24+08:00 db_mysql: update docs for opt_ssl_ca --- Modified: src/modules/db_mysql/doc/db_mysql_admin.xml --- Diff: https://github.com/kamailio/kamailio/commit/eafd93f0576504ea03fe6b5e3898506… Patch: https://github.com/kamailio/kamailio/commit/eafd93f0576504ea03fe6b5e3898506… --- diff --git a/src/modules/db_mysql/doc/db_mysql_admin.xml b/src/modules/db_mysql/doc/db_mysql_admin.xml index f1ff53df0ed..7297f2d1b15 100644 --- a/src/modules/db_mysql/doc/db_mysql_admin.xml +++ b/src/modules/db_mysql/doc/db_mysql_admin.xml @@ -215,6 +215,30 @@ modparam("db_mysql", "update_affected_found", 1) ... modparam("db_mysql", "opt_ssl_mode", 1) ... +</programlisting> + </example> + </section> + <section id="db_mysql.p.opt_ssl_ca"> + <title><varname>opt_ssl_ca</varname> (integer)</title> + <para> + Configures the CA certs used to verify the MySQL server cert when + SSL is enabled. + </para> + <para> + Required when opt_ssl_mode = 4 or 5 and db_mysql is built + with libmysqlclient. + </para> + <para> + <emphasis> + Default value is NULL (NULL - not configured). + </emphasis> + </para> + <example> + <title>Set <varname>opt_ssl_ca</varname> parameter</title> + <programlisting format="linespecific"> +... +modparam("db_mysql", "opt_ssl_ca", "/etc/ssl/certs/mysql-ca.pem") +... </programlisting> </example> </section>

1 0

git:master:ea81e6cb: db_mysql: new module param opt_ssl_ca to configure CA certs
by S-P Chan 14 Feb '24

14 Feb '24

Module: kamailio Branch: master Commit: ea81e6cb8b2b2d896de7a07ce191876f9f182673 URL: https://github.com/kamailio/kamailio/commit/ea81e6cb8b2b2d896de7a07ce191876… Author: S-P Chan <shihping.chan(a)gmail.com> Committer: S-P Chan <shihping.chan(a)gmail.com> Date: 2024-02-14T15:08:56+08:00 db_mysql: new module param opt_ssl_ca to configure CA certs ERROR: db_mysql [km_my_con.c:200]: db_mysql_new_connection(): driver error: SSL connection error: CA certificate is required if ssl-mode is VERIFY_CA or VERIFY_IDENTITY When opt_ssl_mode = 4 | 5 libmysqclient requires that the trusted CAs be configured. Fixed with: mysql_options(ptr->con, MYSQL_OPT_SSL_CA, (void *)db_mysql_opt_ssl_mode) Note: libmariadb3 doesn't require this setting and uses the system trust store. --- Modified: src/modules/db_mysql/db_mysql.c Modified: src/modules/db_mysql/km_my_con.c --- Diff: https://github.com/kamailio/kamailio/commit/ea81e6cb8b2b2d896de7a07ce191876… Patch: https://github.com/kamailio/kamailio/commit/ea81e6cb8b2b2d896de7a07ce191876… --- diff --git a/src/modules/db_mysql/db_mysql.c b/src/modules/db_mysql/db_mysql.c index 1a698329bac..9a7aa8673b5 100644 --- a/src/modules/db_mysql/db_mysql.c +++ b/src/modules/db_mysql/db_mysql.c @@ -47,6 +47,7 @@ unsigned int my_server_timezone = unsigned long my_client_ver = 0; int db_mysql_unsigned_type = 0; int db_mysql_opt_ssl_mode = 0; +char *db_mysql_opt_ssl_ca = NULL; struct mysql_counters_h mysql_cnts_h; counter_def_t mysql_cnt_defs[] = { @@ -100,6 +101,7 @@ static param_export_t params[] = { {"insert_delayed", INT_PARAM, &db_mysql_insert_all_delayed}, {"update_affected_found", INT_PARAM, &db_mysql_update_affected_found}, {"unsigned_type", PARAM_INT, &db_mysql_unsigned_type}, + {"opt_ssl_ca", PARAM_STRING, &db_mysql_opt_ssl_ca}, {"opt_ssl_mode", PARAM_INT, &db_mysql_opt_ssl_mode}, {0, 0, 0}}; diff --git a/src/modules/db_mysql/km_my_con.c b/src/modules/db_mysql/km_my_con.c index b4c4dca33b0..226d724f1ae 100644 --- a/src/modules/db_mysql/km_my_con.c +++ b/src/modules/db_mysql/km_my_con.c @@ -41,6 +41,7 @@ #include "db_mysql.h" extern int db_mysql_opt_ssl_mode; +extern char *db_mysql_opt_ssl_ca; /*! \brief * Create a new connection structure, @@ -167,6 +168,9 @@ struct my_con *db_mysql_new_connection(const struct db_id *id) } #endif /* MYSQL_VERSION_ID */ #endif /* MARIADB_BASE_VERSION */ + if(db_mysql_opt_ssl_ca) + mysql_options( + ptr->con, MYSQL_OPT_SSL_CA, (const void *)db_mysql_opt_ssl_ca); #if MYSQL_VERSION_ID > 50012 /* set reconnect flag if enabled */

1 0

git:5.7:a0dfb8cb: tls: raise logging level of early messages in mod_register
by S-P Chan 13 Feb '24

13 Feb '24

Module: kamailio Branch: 5.7 Commit: a0dfb8cbdf4282040351e9dc014d9ef13e0e77fd URL: https://github.com/kamailio/kamailio/commit/a0dfb8cbdf4282040351e9dc014d9ef… Author: S-P Chan <shihping.chan(a)gmail.com> Committer: S-P Chan <shihping.chan(a)gmail.com> Date: 2024-02-13T19:11:20+08:00 tls: raise logging level of early messages in mod_register --- Modified: src/modules/tls/tls_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/a0dfb8cbdf4282040351e9dc014d9ef… Patch: https://github.com/kamailio/kamailio/commit/a0dfb8cbdf4282040351e9dc014d9ef… --- diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c index 905ca6f2411..0d8ea3df4c5 100644 --- a/src/modules/tls/tls_mod.c +++ b/src/modules/tls/tls_mod.c @@ -689,7 +689,7 @@ int mod_register(char *path, int *dlflags, void *p1, void *p2) #if OPENSSL_VERSION_NUMBER >= 0x10100000L \ && OPENSSL_VERSION_NUMBER < 0x030000000L if(ksr_tls_threads_mode == 0) { - LM_DBG("setting cryptorand random engine\n"); + LM_WARN("OpenSSL 1.1.1 setting cryptorand random engine\n"); RAND_set_rand_method(RAND_ksr_cryptorand_method()); } #endif

1 0

Fwd: Reject TCP SYN
by David Villasmil 13 Feb '24

13 Feb '24

Hello all, Following up on this, I made a patch (attached), could you please review and apply if it looks ok? The patch creates a new core cfg variable which, if set, will reject any incoming NEW tcp connection attempt, so we can use this to gracefully drain kamailio. Thanks & Regards, David Villasmil email: david.villasmil.work(a)gmail.com phone: +34669448337 Forwarded Conversation Subject: Reject TCP SYN ------------------------ From: David Villasmil <david.villasmil.work(a)gmail.com> Date: Thu, Feb 8, 2024 at 2:27 PM To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org> Hello all, Is there any way of actually rejecting (RST) NEW tcp connection attempts, while allowing the ongoing ones to finish naturally? I’m thinking maybe we can add this feature? Regards, David Villasmil email: david.villasmil.work(a)gmail.com phone: +34669448337 ---------- From: Henning Westerholt <hw(a)gilawa.com> Date: Fri, Feb 9, 2024 at 2:08 PM To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org> Cc: David Villasmil <david.villasmil.work(a)gmail.com> Hello, what about e.g. just using something like iptables, nftables etc..? iptables -A INPUT -p tcp --syn --destination-port <port> -j REJECT --reject-with icmp-host-prohibited Cheers, Henning ---------- From: David Villasmil <david.villasmil.work(a)gmail.com> Date: Fri, Feb 9, 2024 at 2:42 PM To: Henning Westerholt <hw(a)gilawa.com> Cc: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org> Hey, Henning, yeah I thought about that, but thought that maybe there was a better way to do it via Kamailio Thanks! Regards, David Villasmil email: david.villasmil.work(a)gmail.com phone: +34669448337

2 1

git:5.7:5d7d7ea5: tls: add logging
by S-P Chan 13 Feb '24

13 Feb '24

Module: kamailio Branch: 5.7 Commit: 5d7d7ea54c908cae333ed3cafd4a2cc93cacd4db URL: https://github.com/kamailio/kamailio/commit/5d7d7ea54c908cae333ed3cafd4a2cc… Author: S-P Chan <shihping.chan(a)gmail.com> Committer: S-P Chan <shihping.chan(a)gmail.com> Date: 2024-02-13T17:23:31+08:00 tls: add logging --- Modified: src/modules/tls/tls_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/5d7d7ea54c908cae333ed3cafd4a2cc… Patch: https://github.com/kamailio/kamailio/commit/5d7d7ea54c908cae333ed3cafd4a2cc… --- diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c index 5d3982b64d9..905ca6f2411 100644 --- a/src/modules/tls/tls_mod.c +++ b/src/modules/tls/tls_mod.c @@ -458,6 +458,9 @@ static int mod_child(int rank) #else if(rank == PROC_INIT) { #endif + LM_DBG("Loading SSL_CTX in process_no=%d rank=%d " + "ksr_tls_threads_mode=%d\n", + process_no, rank, ksr_tls_threads_mode); if(cfg_get(tls, tls_cfg, config_file).s) { if(tls_fix_domains_cfg( *tls_domains_cfg, &srv_defaults, &cli_defaults)

1 0

git:5.7:eb7aa576: tls: restore some function calls in non-threaded mode
by S-P Chan 13 Feb '24

13 Feb '24

Module: kamailio Branch: 5.7 Commit: eb7aa57676f48f16cc66a16c511ed45ac9c8f62e URL: https://github.com/kamailio/kamailio/commit/eb7aa57676f48f16cc66a16c511ed45… Author: S-P Chan <shihping.chan(a)gmail.com> Committer: S-P Chan <shihping.chan(a)gmail.com> Date: 2024-02-13T11:08:29+08:00 tls: restore some function calls in non-threaded mode In the case that tls_threads_mode = 0 we restore the earlier behaviour of 5.7.3. - OpenSSL 1.1.1: restore early call to RAND_set_rand_method - OpenSSL 3.x: restore enable locking on EVP_RAND_CTX --- Modified: src/modules/tls/tls_init.c Modified: src/modules/tls/tls_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/eb7aa57676f48f16cc66a16c511ed45… Patch: https://github.com/kamailio/kamailio/commit/eb7aa57676f48f16cc66a16c511ed45…

1 0

[kamailio/kamailio] registrar: Consider changing default setting for case matching of username (Issue #3719)
by Morten Tryfoss 12 Feb '24

12 Feb '24

### Description I've recently spent some time debugging a case with JsSIP and usernames in form of a generated string which can be both upper and lower case letters plus digits. On BYE from callee to JsSIP, it responded with a "404" and "Request-URI does not point to us" in the console while debugging. JsSIP is using the Contact returned in the 200 OK to REGISTER (which is transformed to all lower case) for new outgoing INVITE. It does not match this against the one used in BYE correctly, and return "404". I see there is a setting in the registrar about this: ``` 3.11. case_sensitive (integer) If set to 1 then AOR comparison and also storing will be case sensitive, if set to 0 then AOR comparison and storing will be case insensitive. This is recommended. This parameter can be modified via Kamailio config framework. Default value is 0. ``` Since the RFC states that username should be handle case-sensitive, maybe it would be smart to change this default? ``` Comparison of the userinfo of SIP and SIPS URIs is case- sensitive. This includes userinfo containing passwords or formatted as telephone-subscribers. ... The URIs within each of the following sets are not equivalent: SIP:ALICE@AtLanTa.CoM;Transport=udp (different usernames) sip:alice@AtLanTa.CoM;Transport=UDP ``` #### Reproduction Make a registration with a username containing both upper and lower case characters. It will be stored in all lower case. ### Possible Solutions Change default value. Regardless of the outcome on this case - at least now there is a note about it here too. -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3719 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/3719(a)github.com>

2 4

← Newer
1
...
11
12
13
14
15
16
17
...
25
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev February 2024