Hello,
I am planning to backport a series of patches from master to branch 5.4 to get kamailio working on newer linux distros (like Ubuntu 20.04) that include recent versions of libssl/libcrypto. I got access to an Ununtu 20.04 deployments and I hope I tackled all the variants that can appear, with forking, daemonizing in systemd-style or not-forking.
Apparently the libs uses the atexit callbacks for cleanup, but kamailio exits after destroying shared memory, resulting in access to invalid memory addresses. I could not sort out why is done at shutdown, because kamailio is also cleaning the libssl context, but looks like something in libcrypto is still not destroyed by libssl shutdown. On the other hand, same issue seems exposed when tls module is not used, but there are other modules linking to libssl directly or via intermediate library (like http_client -> libcurl ->libssl).
Overall, there should be no change on runtime code, only initialization exit cases (e.g., cfg error case or daemonizing with close of initial parent) and shutdown. However, there is a new cli parameter --atexit that is going to appear in 5.4, which is necessary because older linux distros (e.g., Debain 10) do not expose the problem. The default is the current behaviour, but in the future we may have to switch to the new mode.
Without the backporting, kamailio cannot be used (cannot be started) on newer linux distros.
Cheers, Daniel
On 10 Feb 2021, at 20:32, Daniel-Constantin Mierla miconda@gmail.com wrote:
Hello,
I am planning to backport a series of patches from master to branch 5.4 to get kamailio working on newer linux distros (like Ubuntu 20.04) that include recent versions of libssl/libcrypto. I got access to an Ununtu 20.04 deployments and I hope I tackled all the variants that can appear, with forking, daemonizing in systemd-style or not-forking.
Apparently the libs uses the atexit callbacks for cleanup, but kamailio exits after destroying shared memory, resulting in access to invalid memory addresses. I could not sort out why is done at shutdown, because kamailio is also cleaning the libssl context, but looks like something in libcrypto is still not destroyed by libssl shutdown. On the other hand, same issue seems exposed when tls module is not used, but there are other modules linking to libssl directly or via intermediate library (like http_client -> libcurl ->libssl).
Yes, this is one of the reasons I wrote an API in the curl module. When using multiple modules linking to curl linking to libssl I suspect bad things can happen.
Overall, there should be no change on runtime code, only initialization exit cases (e.g., cfg error case or daemonizing with close of initial parent) and shutdown. However, there is a new cli parameter --atexit that is going to appear in 5.4, which is necessary because older linux distros (e.g., Debain 10) do not expose the problem. The default is the current behaviour, but in the future we may have to switch to the new mode.
Without the backporting, kamailio cannot be used (cannot be started) on newer linux distros.
Seems like a good idea.
/O
-
Daniel-Constantin Mierla -
Olle E. Johansson