Hi Daniel

===============================

For the upgrading notes, some ideas —

"tls.so: fixing GH#3635 new global config tls_threads_mode = 0 | 1

0: is the default and is the existing Kamailio behaviour

1: run some initialization functions(libcurl, database) in a thread to avoid creating thread-locals in thread#1 before fork

On platforms with OpenSSL 3 "tls_threads_mode = 1" is needed to avoid shared memory contention, especially if other modules (eg. db_mysql, http_async_client, dispatcher with SIPS URIs) that might use TLS are loaded.

On platforms with OpenSSL 1.1.1 — shared memory contention is much harder to trigger — but this setting is recommended when other modules that use TLS are loaded"

===============================

Deployment note (for the wiki?)

Here is an SRE/deployment note — not sure of a good place to put this (maybe the wiki)

"To validate the config for OpenSSL 3/1.1.1 memory contention potential run the main kamailio process

under gdb (don't follow child forks: "set follow-fork-mode parent" — the default setting anyway)

# ** EITHER **

# deb-based: install dbgsym for libssl3 / libssl1.1

# RPM-based: install debuginfo for openssl, openssl-libs

# ** OR **

# configure gdb to use debuginfod for debug symbols

# STEP 1

# stop at main(), this step is required because the next breakpoint requires knowledge

# of thread#1

gdb> break main

gdb> run

# STEP 2

# this breakpoint detects if OpenSSL 3 initializes the thread-local err_thread_local

# in process#0.thread#1 — this causes shared memory contention

gdb> breakpoint CRYPTO_THREAD_set_local thread 1 if $_caller_is("ossl_err_get_state_int", 32)

gdb> commands

backtrace 32

continue

end

##For OpenSSL 1.1.1

gdb> breakpoint CRYPTO_THREAD_set_local thread 1 if $_caller_is("ERR_get_state", 32)

gdb> commands

backtrace 32

continue

end

# continue execution of Kamailio

gdb> continue

If this breakpoint is triggered then the configuration has potential for shared memory contention.

Do file an issue at GH with your configuration and the gdb output.

Dev note: I have completed an "audit" of all in-tree modules that load libssl — libcurl, libmariadb, libcrypto, libpq etc. The only one not touched is DIAMETER cdp.so with TLS. If anyone uses this and can provide me with temporary access that would be great.

Regards

Richard

On Tue, 27 Feb 2024 at 23:55, Daniel-Constantin Mierla via sr-dev <sr-dev@lists.kamailio.org> wrote:

Hello,

I propose to aim to get out 5.8.0 next week on Wednesday or Thursday
(March 6 or 7, 2024). I haven't seen much activity around issues in the
new features/modules. If time allows to build the pages for what-is-new
and how-to-upgrade (which I think it should be rather minimal), then I
think it should be no other major task. Overall it will be almost two
weeks since the 5.8 branch was created.

Cheers,
Daniel

On 23.02.24 12:11, Daniel-Constantin Mierla wrote:
> Hello,
>
> quick note that later today I will create the branch 5.8, notification
> emails will be sent once done.
>
> Cheers,
> Daniel
>
> On 16.02.24 08:01, Daniel-Constantin Mierla wrote:
>> Hello,
>>
>> hopefully the devel version is now more stabilized after the freezing,
>> the new components being adjusted enough not to need many more changes.
>> Therefore I consider to branch 5.8 out of devel version next week on
>> Friday, February 23, 2024, sometime around noon UTC.
>>
>> After that the master branch becomes open for new features, and branch
>> 5.8 has to be hammered further to build the 5.8.x series.
>>
>> Cheers,
>> Daniel
>>
>> On 10.01.24 10:11, Daniel-Constantin Mierla wrote:
>>> Hello,
>>>
>>> discussed a bit during the online Kamailio devel meeting, it is time to
>>> set the milestones towards the next major Kamailio release series v5.8.x.
>>>
>>> If no other suggestions that suit more developers, I would propose to
>>> freeze by end of this month or early February, then test for about 4
>>> weeks as usual and release by end of February or during March.
>>>
>>> If anyone wants to add new features/modules, they have to be published
>>> till freezing date, either pushed in the git repository or proposed as
>>> pull request.
>>>
>>> Cheers,
>>> Daniel
>> --
>> Daniel-Constantin Mierla (@ asipto.com)
>> twitter.com/miconda -- linkedin.com/in/miconda
>> Kamailio Consultancy, Training and Development Services -- asipto.com
>> Kamailio Advanced Training, February 20-22, 2024 -- asipto.com
>> Kamailio World Conference, April 18-19, 2024, Berlin -- kamailioworld.com
>>
> --
> Daniel-Constantin Mierla (@ asipto.com)
> twitter.com/miconda -- linkedin.com/in/miconda
> Kamailio Consultancy, Training and Development Services -- asipto.com
> Kamailio Advanced Training, February 20-22, 2024 -- asipto.com
> Kamailio World Conference, April 18-19, 2024, Berlin -- kamailioworld.com
>
--
Daniel-Constantin Mierla (@ asipto.com)
twitter.com/miconda -- linkedin.com/in/miconda
Kamailio Consultancy, Training and Development Services -- asipto.com
Kamailio World Conference, April 18-19, 2024, Berlin -- kamailioworld.com

_______________________________________________
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-leave@lists.kamailio.org