Hello,
Upgraded the kamailio version from 5.7.5 to 5.7.6 and after restart the service got the follow WARNING,
WARNING: db_mysql [km_my_con.c:179]: db_mysql_new_connection(): opt_ssl_ca option not supported by mysql version (value (null)) - ignoring,
when downgrade to 5.7.5 dindt happend.
Thanks
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3908
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3908(a)github.com>
### Description
On systems with a high number of TCP sessions there can be a significant performance regression observed, probably related to the newly added TCP connection tracking feature.
### Troubleshooting
#### Reproduction
No special configuration is necessary, just install the latest 5.7.x release, e.g. 5.7.3 on a production system with a lot of clients connected over TCP or TLS. You need to have a large number of clients connected to be able to observe the regression. For a high number of connections (e.g. more then 20.000 up to 30.000 connections) the Kamailio servers uses about 30% to 50% more CPU as with the old version.
#### Debugging Data
Two graphs were attached to this issue. The first shows the CPU load before (less load) and after the upgrade (increased load). The second is a flamegraph that shows that over 80% of the CPU time is spent in the newly added function tcp_connection_limit_srcip().
<img width="372" alt="cpu-load-before-after" src="https://github.com/kamailio/kamailio/assets/6481937/ec92c41b-25e2-4847-a4bc…">
![flamegraph](https://github.com/kamailio/kamailio/assets/6481937/5c2e3982-2d5b-4acd-a774-bad8fa64bd0a)
Most of the CPU time is spend in the TCP main process, as expected.
#### Log Messages
No special log messages could be observed.
#### SIP Traffic
### Possible Solutions
The TCP limit feature should probably be optimized to not cause such a large performance regression. It should be also possible to deactivate it completly and therefore getting a comparable performance as before the feature addition.
### Additional Information
Kamailio 5.7.3 and probably also git master version.
* **Operating System**:
Debian 11, Debian 12
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3759
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3759(a)github.com>
After a period of use, this warning occurs continuously and affects the performance of the system. Is this the bug of the system?
Currently, I am using version 5.6 and MariaDB 10.5.25 + Galera Cluster.
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3906
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3906(a)github.com>
### Description
Currently secsipid has a method to sign arbitrary (json) data (`secsipid_sign`), however it has no converse method to check the signature. Currently, an attempt to check a `div` signature for example will yield a `-303` error (`SIPHdrInfo`). Rather than trying to have full parsing for every possible type of Identity header (which are likely to increase in variety), it would be good to simply check "is this signature valid by trusted key", possibly validating the `iat` timestamp as well, but without any other opinions on the header values.
### Expected behavior
A feature to check only the signature of an identity header.
#### Actual observed behavior
Currently the `secsipid_check_` family of functions fails for non- `shaken` passport types.
#### Debugging Data
The following DIV identity header was generated by secsipid's `secsipid_sign()` function, so it should be possible to reverse this to validate the signature:
```
Identity: eyJhbGciOiJFUzI1NiIsInBwdCI6ImRpdiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cHM6Ly9kLm10c2VjLm1lL2QzYTkvQmZUeGJVTlozS1FMLnBlbSJ9.eyJkZXN0Ijp7InRuIjpbIjE2MTI1NTU0MzIxIl19LCJpYXQiOiIxNzEwMTY5MzQ1Iiwib3JpZyI6eyJ0biI6IjE1NTU3MzU5MzA5In0sImRpdiI6eyJ0biI6IjE5NTI1NTU5ODc2In19.-0QF6-u6zgAQNoAhdiETuhAu7FuRDzxmFch_cTdhcbeWvUZ60NQXxdPM-JucpOtFaEdn9wnFreAZ_6vZoc_Phg;info=<https://d.mtsec.me/d3a9/BfTxbUNZ3KQL.pem>;alg=ES256;ppt=div
```
### Possible Solutions
Because it's fairly straight forward to investigate the JWT, it's not necessary to try to account for every possible passport type, etc. The act of validating the signature is the complicated part, so a function that does only that would be convenient.
### Additional Information
* **Kamailio Version** - output of `kamailio -v`
```
version: kamailio 5.7.4 (x86_64/linux)
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: unknown
compiled with gcc 12.2.0
```
* **Operating System**:
Currently alpine linux 3.19 in a docker container, but it should be pretty reproducible everywhere.
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3784
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3784(a)github.com>