7 Nov
2012
7 Nov
'12
10:07 a.m.
Fixed in head and 3.3 branch.
regards
Klaus
On 29.10.2012 11:18, Kamal Palei wrote:
Dear Klaus
In tls_init.c file there is a function
static void ser_free(void *ptr)
{
shm_free(ptr);
}
I modified it to
static void ser_free(void *ptr)
{
if(ptr)
shm_free(ptr);
}
Just added a null check.
During tls connection close it was close it was crashing.
Incase you need to complete stack trace, please let me know, will revert
back code chage, reproduce the issue and can get the backtrace.
Best Regards
kamal
On Mon, Oct 29, 2012 at 3:26 PM, Klaus Darilion
<klaus.mailinglists(a)pernau.at <mailto:klaus.mailinglists@pernau.at>> wrote:
Hi Kamal!
If the fix in standard Kamailio code or in code you have written
yourself (a proprietary module)?
If the problem is in the standard code please send us a diff so we
can fix Kamailio.
regards
Klaus
On 29.10.2012 10:53, Kamal Palei wrote:
Dear Klaus
Forgot to write you back otherday. I was able to trace the code
that was
crashing. It was trying to free a pointer that was null. I just
added a
null check. With this change, I am able to keep Kamailio up for
longer
duration, did not see the crash.
Thanks Klaus for your support.
kamal
On Mon, Oct 29, 2012 at 3:14 PM, Klaus Darilion
<klaus.mailinglists(a)pernau.at
<mailto:klaus.mailinglists@pernau.at>
<mailto:klaus.mailinglists@__pernau.at
<mailto:klaus.mailinglists@pernau.at>>> wrote:
See also:
http://www.kamailio.org/____dokuwiki/doku.php/____troubleshooting:corefiles
<http://www.kamailio.org/__dokuwiki/doku.php/__troubleshooting:corefiles>
<http://www.kamailio.org/__dokuwiki/doku.php/__troubleshooting:corefiles
<http://www.kamailio.org/dokuwiki/doku.php/troubleshooting:corefiles>>
On 26.10.2012 11:39, Kamal Palei wrote:
Dear Klaus
I am little bit new to linux debugging. Please let me
know below
stuff.
1. Whats the extension of core file.
The core file does not have an extension, it is usally just
called
"core.XXXX" with XXX is the process id of the crashed Kamailio
process. It will reside in the current working directory.
2. Will the core files be generated in /home/user path
or some other
default path
In the /etc/init.d/kamailio startup file you can configure
the core
pattern to be set before Kamailio is started. Then the core
files
will use the defined naming.
On Debian also activate core dumps by editing
/etc/default/kamailio
3. Do I need to recompile Kamailio source with -g
option , or by
default
it is compiled with -g option
From your log file:
0(9548) ALERT: <core> [main.c:745]: core was
generated
You see, your binaries already generate core files. Thus,
there is
no need to rebuild Kamailio.
4. I hope we need to run "ulimit" before we start the
program or
it is
not required.
Usually you run "ulimit -c unlimited" before starting the
Kamailio
process to be sure that the core will not be truncated.
My observation is if I run directly kamailio it is
crashing, if
I run
with gdb it is not crashing, not sure why this happens.
Strange. But once you have a core file, you can analyze it and
generate the backtrace.
Also make sure to not mix openssl libraries - this is often
a a problem.
regards
Klaus
Best Regards
kamal
On Thu, Oct 25, 2012 at 8:01 PM, Klaus Darilion
<klaus.mailinglists(a)pernau.at
<mailto:klaus.mailinglists@pernau.at>
<mailto:klaus.mailinglists@__pernau.at
<mailto:klaus.mailinglists@pernau.at>>
<mailto:klaus.mailinglists@
<mailto:klaus.mailinglists@>__p__ernau.at <http://pernau.at/>
<mailto:klaus.mailinglists@__pernau.at
<mailto:klaus.mailinglists@pernau.at>>>> wrote:
SIGABRT 6 Core Abort signal from
abort(3)
This means that there was an error condition
detected in the
Kamailio code and the abort(3) function was
called. As you
see in
the logs a core file was generated. Find the core
file and
load it
into gdb and execute "backtrace". It will show you
were the
problem
happened and post it here.
regards
Klaus
On 25.10.2012 16:23, Kamal Palei wrote:
Dear Klaus
The certificate verification I have disabled.
Facing a new problem.
When there is a connection reset, that time
Kamailio is
crashing.
During crash, I get below logs. Any idea why it is
crashing and
how can
I avoid it.
/oot@B2BUA:/usr/local/src/______scripts#
9(9557) : <core>
[mem/q_malloc.c:431]: BUG: qm_free: bad
pointer (nil)
(out of memory
block!) - aborting
0(9548) ALERT: <core> [main.c:742]: child
process
9557 exited
by a
signal 6
0(9548) ALERT: <core> [main.c:745]: core
was generated
0(9548) INFO: <core> [main.c:757]: INFO:
terminating
due to
SIGCHLD
6(9554) INFO: <core> [main.c:808]: INFO:
signal 15
received
8(9556) INFO: <core> [main.c:808]: INFO:
signal 15
received
4(9552) INFO: <core> [main.c:808]: INFO:
signal 15
received
5(9553) INFO: <core> [main.c:808]: INFO:
signal 15
received
3(9551) INFO: <core> [main.c:808]: INFO:
signal 15
received
7(9555) INFO: <core> [main.c:808]: INFO:
signal 15
received
1(9549) INFO: <core> [main.c:808]: INFO:
signal 15
received
2(9550) INFO: <core> [main.c:808]: INFO:
signal 15
received
0(9548) : <core> [mem/q_malloc.c:431]: BUG:
qm_free: bad
pointer (nil)
(out of memory block!) - aborting
THANKS
kamal
/
On Thu, Oct 25, 2012 at 7:43 PM, Klaus Darilion
<klaus.mailinglists(a)pernau.at
<mailto:klaus.mailinglists@pernau.at>
<mailto:klaus.mailinglists@__pernau.at
<mailto:klaus.mailinglists@pernau.at>>
<mailto:klaus.mailinglists@
<mailto:klaus.mailinglists@>__p__ernau.at <http://pernau.at/>
<mailto:klaus.mailinglists@__pernau.at
<mailto:klaus.mailinglists@pernau.at>>>
<mailto:klaus.mailinglists@
<mailto:klaus.mailinglists@>
<mailto:klaus.mailinglists@
<mailto:klaus.mailinglists@>>____p__ernau.at
<http://p__ernau.at/> <http://pernau.at/>
<mailto:klaus.mailinglists@
<mailto:klaus.mailinglists@>__p__ernau.at <http://pernau.at/>
<mailto:klaus.mailinglists@__pernau.at
<mailto:klaus.mailinglists@pernau.at>>>>> wrote:
Hi Kamal!
Are you familiar with SSL/TLS and
certificates?
With TLS
the trust
between TLS server and TLS client is
usually via a
trusted
certification authority (CA). For
example, if the
intermediate proxy
uses a certificate which is issued by CA
FOOBAR-XYZ, the
you have to
configure Kamailio to accept certificates
singed by
FOOBAR-XYZ. This
is done by copying the public root
certificate of
FOOBAR-XYZ to the
Kamailio server and configure Kamailio to
use the
FOOBAR-XYZ
certificate as trusted CA. Of course then you
automatically
also
trust all others certificates issued by
FOOBAR-XYZ.
To configure the trusted CAs use:
http://kamailio.org/docs/________modules/3.3.x/modules/tls.________html#ca_…
<http://kamailio.org/docs/______modules/3.3.x/modules/tls.______html#ca_list>
<http://kamailio.org/docs/______modules/3.3.x/modules/tls.______html#ca_list
<http://kamailio.org/docs/____modules/3.3.x/modules/tls.____html#ca_list>>
<http://kamailio.org/docs/______modules/3.3.x/modules/tls.______html#ca_list
<http://kamailio.org/docs/____modules/3.3.x/modules/tls.____html#ca_list>
<http://kamailio.org/docs/____modules/3.3.x/modules/tls.____html#ca_list
<http://kamailio.org/docs/__modules/3.3.x/modules/tls.__html#ca_list>>>
<http://kamailio.org/docs/______modules/3.3.x/modules/tls.______html#ca_list
<http://kamailio.org/docs/____modules/3.3.x/modules/tls.____html#ca_list>
<http://kamailio.org/docs/____modules/3.3.x/modules/tls.____html#ca_list
<http://kamailio.org/docs/__modules/3.3.x/modules/tls.__html#ca_list>>
<http://kamailio.org/docs/____modules/3.3.x/modules/tls.____html#ca_list
<http://kamailio.org/docs/__modules/3.3.x/modules/tls.__html#ca_list>
<http://kamailio.org/docs/__modules/3.3.x/modules/tls.__html#ca_list
<http://kamailio.org/docs/modules/3.3.x/modules/tls.html#ca_list>>>>
You could also disable the certificate
validation
with:
http://kamailio.org/docs/________modules/3.3.x/modules/tls.________html#ver…
<http://kamailio.org/docs/______modules/3.3.x/modules/tls.______html#verify_certificate>
<http://kamailio.org/docs/______modules/3.3.x/modules/tls.______html#verify_certificate
<http://kamailio.org/docs/____modules/3.3.x/modules/tls.____html#verify_certificate>>
<http://kamailio.org/docs/______modules/3.3.x/modules/tls.______html#verify_certificate
<http://kamailio.org/docs/____modules/3.3.x/modules/tls.____html#verify_certificate>
<http://kamailio.org/docs/____modules/3.3.x/modules/tls.____html#verify_certificate
<http://kamailio.org/docs/__modules/3.3.x/modules/tls.__html#verify_certificate>>>
<http://kamailio.org/docs/______modules/3.3.x/modules/tls.______html#verify_certificate
<http://kamailio.org/docs/____modules/3.3.x/modules/tls.____html#verify_certificate>
<http://kamailio.org/docs/____modules/3.3.x/modules/tls.____html#verify_certificate
<http://kamailio.org/docs/__modules/3.3.x/modules/tls.__html#verify_certificate>>
<http://kamailio.org/docs/____modules/3.3.x/modules/tls.____html#verify_certificate
<http://kamailio.org/docs/__modules/3.3.x/modules/tls.__html#verify_certificate>
<http://kamailio.org/docs/__modules/3.3.x/modules/tls.__html#verify_certificate
<http://kamailio.org/docs/modules/3.3.x/modules/tls.html#verify_certificate>>>>
But of course this reduces TLS benefits to
encryption-only.
regards
Klaus
On 22.10.2012 13:53, Kamal Palei wrote:
Dear All
I have modified kamailio,cfg and
compiled all the
modules with TLS
enabled, and able to bring up the
kamailio
proxy properly.
Kamailio proxy will receive the REGISTER
message from
endpoints
in UDP ,
and want to send this REGISTER
message to another
intermediate
proxy in
TLS. For this purpose, I have added
few lines in
kamailio.cfg
file as below.
I have created the certificates,
private keys as
explained by README
file in kamailio-3.1.5/modules/tls/ path.
if(is_method("REGISTER"))
{
t_relay_to("tls:115.114.48.75
<http://115.114.48.75 <http://115.114.48.75/>
<http://115.114.48.75/>>:______443
<http://115.114.48.75:443
<http://115.114.48.75:443/>
<http://115.114.48.75:443/>>
<http://115.114.48.75:443
<http://115.114.48.75:443/>
<http://115.114.48.75:443/>>")__;
exit();
}
Looks like this is taking effect.
When Kamailio
receives REGISTER
message it is trying to do handshake with
intermediate
proxy.
I used wireshark to see the handshake
messages.
1. From Kamailio proxy, a TCP SYNC
message is
going to
intermediate proxy.
2. intermediate proxy sends SYNC + ACK
3. Kamailio sends CLIENT HELLO
4. intermediate proxy sends SERVER HELLO,
CERTIFICATE
and SERVER
HELLO DONE
5. The Kamailio sends ALERT (Level:
Fatal,
Description:
Unknown CA)
---> IS something going wrong
here..............
6. Then Kamailio sends FIN + ACK
Can somebody please let me know why the
certificate
verification
fails
(I get this log in console).
How can I put a work around to avoid
certification
verification
failure.
Best Regards
kamal
_______________________________________________________
SIP Express Router (SER) and Kamailio
(OpenSER) - sr-users
mailing list
sr-users(a)lists.sip-router.org
<mailto:sr-users@lists.sip-router.org>
<mailto:sr-users@lists.sip-__router.org
<mailto:sr-users@lists.sip-router.org>>
<mailto:sr-users@lists.sip-____router.org
<mailto:sr-users@lists.sip-__router.org>
<mailto:sr-users@lists.sip-__router.org
<mailto:sr-users@lists.sip-router.org>>>
<mailto:sr-users@lists.sip-______router.org
<mailto:sr-users@lists.sip-____router.org>
<mailto:sr-users@lists.sip-____router.org
<mailto:sr-users@lists.sip-__router.org>>
<mailto:sr-users@lists.sip-____router.org
<mailto:sr-users@lists.sip-__router.org>
<mailto:sr-users@lists.sip-__router.org
<mailto:sr-users@lists.sip-router.org>>>>
http://lists.sip-router.org/________cgi-bin/mailman/listinfo/__sr-______use…
<http://lists.sip-router.org/______cgi-bin/mailman/listinfo/sr-______users>
<http://lists.sip-router.org/______cgi-bin/mailman/listinfo/__sr-____users
<http://lists.sip-router.org/____cgi-bin/mailman/listinfo/sr-____users>>
<http://lists.sip-router.org/______cgi-bin/mailman/listinfo/__sr-____users
<http://lists.sip-router.org/____cgi-bin/mailman/listinfo/sr-____users>
<http://lists.sip-router.org/____cgi-bin/mailman/listinfo/sr-____users
<http://lists.sip-router.org/__cgi-bin/mailman/listinfo/sr-__users>>>
<http://lists.sip-router.org/______cgi-bin/mailman/listinfo/__sr-____users
<http://lists.sip-router.org/____cgi-bin/mailman/listinfo/sr-____users>
<http://lists.sip-router.org/____cgi-bin/mailman/listinfo/sr-____users
<http://lists.sip-router.org/__cgi-bin/mailman/listinfo/sr-__users>>
<http://lists.sip-router.org/____cgi-bin/mailman/listinfo/sr-____users
<http://lists.sip-router.org/__cgi-bin/mailman/listinfo/sr-__users>
<http://lists.sip-router.org/__cgi-bin/mailman/listinfo/sr-__users
<http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users>>>>