6 Feb
2024
6 Feb
'24
2:20 p.m.
Hi Daniel / Henning,
I would like to propose a global config to restore the non-threaded default:
enable_tls = no|yes #(EXISTING) boolean
enable_tls_threads = 0 | 1 | 2 #(NEW) int
0: disable thread-wrappers (restores kamailio behaviour)
- default when enable_tls = no
1: thread-wrapper only for process_no = 0 (main process)
- default when enable_tls = yes
2: thread-wrapper on for all processes
Now the behaviour for the thread wrappers can be
/* pseudo-code
* fn is the wrapped function */
run_threadXXXX (fn, ...)
{
int flag = cfg_get_tls_threads();
if (likely(flag == 0 || (flag == 1 && process_no != 0))) {
return fn(...) ; // execute wrapped function directly - no thread
} else { /* flag == 2 ||( flag == 1 && process_no == 0) */
/*
** run fn in thread
*/
}
I am not familiar with the bison grammar or parsing of the global config
file — I would need your help (or another developer familiar with the core
parsing) to set this up. When this cfg flag is available I can change all
the thread-runners to check the global config.
With respect to 5.7 - stable branch - unfortunately due to the changes to
OpenSSL 3 it is broken - #3635 - with more load there will be double-free
errors; #3727 - cannot load tls and db module (even if the db module does
not use TLS it may initialize OpenSSL).
The changes while more intrusive than usual are the minimal viable set of
changes. With the commits on 5.7 you can have a TLS-enabled
/etc/kamailio.cfg using OpenSSL 3 and load a db module (with or without
TLS). To reiterate - even a pure in-memory TLS proxy without database is
subject to double free corruption.
To make the changes less intrusive: backport the global enable_tls_threads
config to 5.7.5+ or make the thread wrappers check for process_no = 0. The
latter (and more minimal) change would mean that all Kamailio workers will
have the existing behaviour and only process_no = 0 tries to run thread
wrappers.
Options:
A 5.8-pre:. add a global config enable_tls_threads to 5.8-pre (need help on
this part - the thread wrappers I would be able to fix)
B. 5.7.5+: backport A to 5.7 OR check for process_no = 0 in thread
wrappers(only change in parent process, no change to worker processes)
Let me know what you think - thanks for the comments.
Cheers
Richard