3 Apr
2024
3 Apr
'24
3:53 a.m.
### Description
a tls connection uses 52104 bytes. Among these memory, tcp_connection structure use 776
bytes and tcp_rd_buf use 6000 bytes, and the left part (45328 bytes) are all about SSL
session with crypto.
### Expected behavior
kamailio does some optimization for self defined BIO_TYPE_SOURCE_SINK bio type, to save
more memory
#### Actual observed behavior
among this 45328 bytes, the biggest parts are BIO read buffer(16KB) and BIO write
buffer(16KB). currently kamailio uses BIO_TYPE_SOURCE_SINK type bio, which needs kamailio
manage the buffer by itself (there is no optimization). While nginx uses
BIO_TYPE_MEM type bio, which is a openssl's internal bio type with memory
optimization. As a result, nginx use less memory to accept more TLS connections than
kamailio
#### Debugging Data
None
#### Log Messages
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core>
[mem/tlsf_malloc.c:1219]: tlsf_sums(): pool (0x7f1a3eec1000) summarizing all alloc'ed.
fragments:
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core>
[mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 2 size= 336 bytes from tls:
tls_init.c: crypto/evp/evp_enc.c(43)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core>
[mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 80 bytes from tls:
tls_init.c: crypto/bn/bn_blind.c(36)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core>
[mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 3 size= 360 bytes from tls:
tls_init.c: crypto/bn/bn_mont.c(232)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core>
[mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 2 size= 1456 bytes from tls:
tls_init.c: crypto/evp/evp_enc.c(129)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core>
[mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 120 bytes from tls:
tls_init.c: ssl/t1_lib.c(1784)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core>
[mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 56 bytes from tls:
tls_init.c: ssl/statem/extensions.c(959)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core>
[mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 2 size= 112 bytes from tls:
tls_init.c: ssl/t1_lib.c(1811)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core>
[mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 56 bytes from tls:
tls_init.c: ssl/statem/../packet_local.h(462)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core>
[mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 56 bytes from tls:
tls_init.c: ssl/statem/../packet_local.h(485)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core>
[mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 640 bytes from tls:
tls_init.c: ssl/ssl_sess.c(72)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core>
[mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 144 bytes from tls:
tls_init.c: ssl/packet_local.h(462)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core>
[mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 224 bytes from tls:
tls_init.c: crypto/evp/digest.c(139)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core>
[mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 3 size= 168 bytes from tls:
tls_init.c: crypto/evp/digest.c(62)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core>
[mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 16496 bytes from tls:
tls_init.c: ssl/record/ssl3_buffer.c(124)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core>
[mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 16712 bytes from tls:
tls_init.c: ssl/record/ssl3_buffer.c(63)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core>
[mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 6280 bytes from tls:
tls_init.c: ssl/ssl_lib.c(691)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core>
[mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 6776 bytes from core:
tcp_main.c: tcpconn_new(1148)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core>
[mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 56 bytes from tls:
tls_init.c: tls_bio.c(184)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core>
[mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 120 bytes from tls:
tls_init.c: crypto/bio/bio_lib.c(73)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core>
[mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 536 bytes from tls:
tls_init.c: ssl/ssl_cert.c(76)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core>
[mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 56 bytes from tls:
tls_init.c: ssl/ssl_lib.c(793)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core>
[mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 72 bytes from tls:
tls_init.c: crypto/bio/bio_meth.c(41)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core>
[mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 96 bytes from tls:
tls_init.c: crypto/bio/bio_meth.c(38)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core>
[mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 1040 bytes from tls:
tls_init.c: ssl/s3_lib.c(3296)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core>
[mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 56 bytes from tls:
tls_server.c: tls_complete_init(229)
#### SIP Traffic
None
### Possible Solutions
None
### Additional Information
[root@ip-10-23-0-191 ec2-user]# /opt/kamailio/sbin/kamailio -v
version: kamailio 4.4.7 (aarch64/linux)
flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, DISABLE_NAGLE, USE_MCAST,
DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC,
DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT-NOSMP, USE_DNS_CACHE, USE_DNS_FAILOVER,
USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024,
BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: unknown
compiled on 12:18:05 Mar 28 2024 with gcc 7.3.1
* **Operating System**:
Linux localhost.localdomain 4.18.0-425.3.1.el8.x86_64 #1 SMP Tue Nov 8 14:08:25 EST 2022
x86_64 x86_64 x86_64 GNU/Linux
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3803
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3803(a)github.com>
5 Apr
5 Apr
7:26 a.m.
TLS is known to be greedy in memory, depending also on the encryption algorithm
negotiated. Also, kamailio does many times speed optimisations at the expense of some
memory (e.g., static buffers or allocated at startup to avoid often alloc/dealoc at
runtime).
If you think there is room for improvement here, on this particular case, feel free to
make a PR and if the results are good overall, then it will be merged.
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3803#issuecomment-2039134251
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3803/2039134251(a)github.com>
18 May
18 May
2:40 a.m.
This issue is stale because it has been open 6 weeks with no activity. Remove stale label
or comment or this will be closed in 2 weeks.
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3803#issuecomment-2118607919
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3803/2118607919(a)github.com>
1 Jun
1 Jun
2:47 a.m.
Closed #3803 as not planned.
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3803#event-13007665762
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issue/3803/issue_event/13007665762(a)github.com>
45
days inactive
104
days old
3 comments
3 participants
participants (3)
-
Daniel-Constantin Mierla -
github-actions[bot]
-
JiangHai2011