sr-dev March 2010

sr-dev@lists.kamailio.org

24 participants
359 discussions

git:master: tls: doc: update default value for compression

by Andrei Pelinescu-Onciul

Module: sip-router Branch: master Commit: a120c193e57415db8f188a26bdc85ad160d0e069 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=a120c19… Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Committer: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Date: Fri Mar 19 22:52:09 2010 +0100 tls: doc: update default value for compression --- NEWS | 4 ++++ modules/tls/README | 9 +++++---- modules/tls/doc/params.xml | 9 +++++---- 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/NEWS b/NEWS index a9b1b57..1e5d4b5 100644 --- a/NEWS +++ b/NEWS @@ -42,6 +42,10 @@ modules: versions: ssl_release_buffers, ssl_freelist_max_len, ssl_max_send_fragment, ssl_read_ahead. For more info see modules/doc/tls/README. + compression is now disabled by default. To enable it set + tls_disable_compression to 0, but note that memory usage will + increase dramatically especially for large number of + connections (>1000). tm: - t_reply() can be used both from the main/core onreply_route{} and tm onreply_route[...]{}s. diff --git a/modules/tls/README b/modules/tls/README index 2ef42bf..e2b0866 100644 --- a/modules/tls/README +++ b/modules/tls/README @@ -440,14 +440,15 @@ modparam("tls", "connection_timeout", 60) 1.8.12. tls_disable_compression (boolean) If set compression over SSL/TLS will be disabled. Note that compression - uses a lot of memory, so if you want to minimize memory usage is a good - ideea to disable it. + uses a lot of memory (about 10x more then with the compression + disabled), so if you want to minimize memory usage is a good idea to + disable it. - By default compression is enabled. + By default compression is disabled. Example 13. Set tls_disable_compression parameter ... -modparam("tls", "tls_disable_compression", 1) +modparam("tls", "tls_disable_compression", 0) # enable ... 1.8.13. ssl_release_buffers (integer) diff --git a/modules/tls/doc/params.xml b/modules/tls/doc/params.xml index 9d3d80e..b898dc5 100644 --- a/modules/tls/doc/params.xml +++ b/modules/tls/doc/params.xml @@ -259,17 +259,18 @@ modparam("tls", "connection_timeout", 60) <title><varname>tls_disable_compression</varname> (boolean)</title> <para> If set compression over SSL/TLS will be disabled. - Note that compression uses a lot of memory, so if you want to minimize - memory usage is a good ideea to disable it. + Note that compression uses a lot of memory (about 10x more then with + the compression disabled), so if you want to minimize + memory usage is a good idea to disable it. </para> <para> - By default compression is enabled. + By default compression is disabled. </para> <example> <title>Set <varname>tls_disable_compression</varname> parameter</title> <programlisting> ... -modparam("tls", "tls_disable_compression", 1) +modparam("tls", "tls_disable_compression", 0) # enable ... </programlisting> </example>

14 years, 2 months

git:master: tls: disable compression by default

by Andrei Pelinescu-Onciul

Module: sip-router Branch: master Commit: 817b6fd3177bab507a8609b257fb8a79f89dd0a3 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=817b6fd… Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Committer: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Date: Fri Mar 19 22:41:43 2010 +0100 tls: disable compression by default Jan proposed to disable compression by default, since his tests showed that with compression enabled openssl uses ~10x more memory. For less then 100 connections it doesn't matter so much, but for larger numbers (e.g. >1000) it really makes a huge difference. To enable it, use modparam("tls", "tls_disable_compression", 0). Reported-and-tested-by: Jan Janak <jan(a)iptel.org> --- modules/tls/tls_init.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/modules/tls/tls_init.c b/modules/tls/tls_init.c index aac73a6..004702d 100644 --- a/modules/tls/tls_init.c +++ b/modules/tls/tls_init.c @@ -126,7 +126,8 @@ int openssl_kssl_malloc_bug=0; /* is openssl bug #1467 present ? */ #endif int openssl_mem_threshold1=-1; /* low memory threshold for connect/accept */ int openssl_mem_threshold2=-1; /* like above but for other tsl operations */ -int tls_disable_compression = 0; /* by default enabled */ +int tls_disable_compression = 1; /* by default disabled due to high memory + use (~10x then without compression) */ int tls_force_run = 0; /* ignore some start-up sanity checks, use it at your own risk */

14 years, 2 months

3 Comments on the New Dialog Module Design

by Edson - Lists

After read the new proposal, i liked it and seems almost ok. Indeed i have 3 comments: 1) in the *dialog_in *table, is stated that /sflags/ is a row/field in doubt. I'm also in doubt, since, from my POV, all necessary flags for caller communication is already known by other module parms/flags. Could somebody elaborate a little the necessity of this row/field? 2) the relations between /dialog_in /and /dialog_out/ are 1:n or am i wrong? So, why, in the *dialog_out *table, is it necessary to keep the /caller_route_set/ (even optionally)??? Aren't all this info kept on the /dialog_in/ structure, since is equal to all /dialog_out/??? As 1 INVITE could result in many /dailog_out/ (legs), and caller info is shared with all generated /dialog_out/ legs, isn't this info more suitable on the /dialog_in/ structure??? 3) in section "Dialog state for dialog_in and dialog_out", statement (2) is not clear. To me if at least one *dialog_out* is in /early /state, *dialog_in* is steal 'alive' and could not be changed to /terminated /state. Am I wrong??? Edson.

14 years, 2 months

git:master: modules_s/domain: fixed a few documentation typos

by Juha Heinanen

Module: sip-router Branch: master Commit: b1a3582f744615a51175b20864fa224a583970db URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=b1a3582… Author: Juha Heinanen <jh(a)tutpro.com> Committer: Juha Heinanen <jh(a)tutpro.com> Date: Fri Mar 19 16:32:10 2010 +0200 modules_s/domain: fixed a few documentation typos --- modules_s/domain/README | 98 ++++++++++++++++++++++++++++++------ modules_s/domain/doc/domain.xml | 5 +- modules_s/domain/doc/functions.xml | 10 ++-- modules_s/domain/doc/params.xml | 12 +++-- 4 files changed, 97 insertions(+), 28 deletions(-) diff --git a/modules_s/domain/README b/modules_s/domain/README index b35dfdf..2d29741 100644 --- a/modules_s/domain/README +++ b/modules_s/domain/README @@ -2,13 +2,49 @@ Juha Heinanen - <jh(a)song.fi> + <jh(a)tutpro.com> - Copyright � 2002, 2003 Juha Heinanen + Copyright © 2002-2010 Juha Heinanen Revision History Revision $Revision$ $Date$ __________________________________________________________________ + 1.1. Overview + + 1.1.1. Virtual Domains + 1.1.2. Domain-level Configuration Attributes + 1.1.3. Caching + + 1.2. Dependencies + 1.3. Known Limitations + 1.4. Parameters + + 1.4.1. db_url (string) + 1.4.2. db_mode (integer) + 1.4.3. domain_table (string) + 1.4.4. did_col (string) + 1.4.5. domain_col (string) + 1.4.6. flags_col (string) + 1.4.7. domattr_table (string) + 1.4.8. domattr_did (string) + 1.4.9. domattr_name (string) + 1.4.10. domattr_type (string) + 1.4.11. domattr_value (string) + 1.4.12. domattr_flags (string) + 1.4.13. load_domain_attrs (integer) + + 1.5. Functions + + 1.5.1. is_local(domain) + 1.5.2. lookup_domain(attr_group, domain) + + 1.6. FIFO Interface + + 1.6.1. domain.reload + 1.6.2. domain.dump + + 1.7. Internal API + 1.1. Overview Domain modules, as the name suggests, implements support for multiple @@ -199,14 +235,14 @@ modparam("domain", "db_url", "mysql://ser:pass@db_host/ser") 1.4.2. db_mode (integer) - Database mode. 0 means non-caching, 1 means caching is enabled. It is - highly recommended to enable caching if you want to use domain-level - attributes. + Database mode. Value 0 means non-caching, 1 means caching is enabled. + It is highly recommended to enable caching if you want to use + domain-level attributes. - Default value is 1 (non-caching). + Default value is 1 (caching). - Example 5. nonce_expire example - modparam("domain", "db_mode", 1) # Use caching + Example 5. Setting db_mode parameter +modparam("domain", "db_mode", 0) # Do not use caching 1.4.3. domain_table (string) @@ -416,31 +452,31 @@ if (is_local("@ruri.host")) { Request-URI as parameter. The type of the situation can be then determined from the value of - corresponding attributes ($t.did and $f.did). A non-existing attribute - value indicates that the domain name is not local (it does not belong - to any virtual domain configured in the domain table). + corresponding attributes ($td.did and $fd.did). A non-existing + attribute value indicates that the domain name is not local (it does + not belong to any virtual domain configured in the domain table). Example 18. lookup_domain usage lookup_domain("$fd", "@from.uri.host"); lookup_domain("$td", "@ruri.host"); -if (strempty($f.did) && strempty($t.did)) { +if (strempty($fd.did) && strempty($td.did)) { # Neither the calling nor the called domain is local # This is a relaying attempt which should be forbidden sl_reply("403", "Relaying Forbidden"); drop; } -if (strempty($f.did) && $t.did) { +if (strempty($fd.did) && $td.did) { # The calling domain is not local and the called domain # is local, this is an inbound call from a 3rd party # user to one of local users } -if ($f.did && strempty($t.did)) { +if ($fd.did && strempty($td.did)) { # The calling domain is local and the called domain # is not local, this is an outbound call from one of # our users to a 3rd party user } -if ($f.did && $t.did) { +if ($fd.did && $td.did) { # Both the calling and the called domains are local, # one of our local users calls another local user, # either in the same virtual domain or in another @@ -462,3 +498,35 @@ if ($f.did && $t.did) { Causes domain module to dump hash indexes and domain names in its cache memory. + +1.7. Internal API + + The domain module has an internal API which can be used to access + additional functions of the module (i.e. functions that are normally + not available from the routing script). Currently the API exports only + the function is_domain_local. That function can be used to determine + whether a given domain name is on the list of locally configured domain + names. + + If you want to use the internal API of domain module from your module + then you need to include the header file domain_api.h and call + load_domain_api first. + + Example 19. Calling load_domain_api +#include "../domain/domain_api.h" + +domain_api_t dom_api; + +if (load_domain_api(&dom_api) != 0) { + /* error */ +} + + After that you can call function is_domain_local whose pointer is + stored in the initialized data structure: +str tmp = STR_STATIC_INIT("mydomain.com"); + +if (dom_api.is_domain_local(&tmp) == 1) { + /* Domain is local */ +} else { + /* Domain is not local or an error was encountered */ +} diff --git a/modules_s/domain/doc/domain.xml b/modules_s/domain/doc/domain.xml index 9c8aa57..5e7e29a 100644 --- a/modules_s/domain/doc/domain.xml +++ b/modules_s/domain/doc/domain.xml @@ -8,12 +8,11 @@ <author> <firstname>Juha</firstname> <surname>Heinanen</surname> - <email>jh(a)song.fi</email> + <email>jh(a)tutpro.com</email> </author> </authorgroup> <copyright> - <year>2002</year> - <year>2003</year> + <year>2002-2010</year> <holder>Juha Heinanen</holder> </copyright> <revhistory> diff --git a/modules_s/domain/doc/functions.xml b/modules_s/domain/doc/functions.xml index b050da5..783e800 100644 --- a/modules_s/domain/doc/functions.xml +++ b/modules_s/domain/doc/functions.xml @@ -97,7 +97,7 @@ if (is_local("@ruri.host")) { </para> <para> The type of the situation can be then determined from the value of - corresponding attributes ($t.did and $f.did). A non-existing + corresponding attributes ($td.did and $fd.did). A non-existing attribute value indicates that the domain name is not local (it does not belong to any virtual domain configured in the domain table). @@ -108,23 +108,23 @@ if (is_local("@ruri.host")) { lookup_domain("$fd", "@from.uri.host"); lookup_domain("$td", "@ruri.host"); -if (strempty($f.did) && strempty($t.did)) { +if (strempty($fd.did) && strempty($td.did)) { # Neither the calling nor the called domain is local # This is a relaying attempt which should be forbidden sl_reply("403", "Relaying Forbidden"); drop; } -if (strempty($f.did) && $t.did) { +if (strempty($fd.did) && $td.did) { # The calling domain is not local and the called domain # is local, this is an inbound call from a 3rd party # user to one of local users } -if ($f.did && strempty($t.did)) { +if ($fd.did && strempty($td.did)) { # The calling domain is local and the called domain # is not local, this is an outbound call from one of # our users to a 3rd party user } -if ($f.did && $t.did) { +if ($fd.did && $td.did) { # Both the calling and the called domains are local, # one of our local users calls another local user, # either in the same virtual domain or in another diff --git a/modules_s/domain/doc/params.xml b/modules_s/domain/doc/params.xml index 3ac843b..b91cae9 100644 --- a/modules_s/domain/doc/params.xml +++ b/modules_s/domain/doc/params.xml @@ -33,17 +33,19 @@ modparam("domain", "db_url", "mysql://ser:pass@db_host/ser") <section id="db_mode"> <title><varname>db_mode</varname> (integer)</title> <para> - Database mode. 0 means non-caching, 1 means caching is enabled. It - is highly recommended to enable caching if you want to use + Database mode. Value 0 means non-caching, 1 + means caching is enabled. It + is highly recommended to enable caching if you + want to use domain-level attributes. </para> <para> - Default value is 1 (non-caching). + Default value is 1 (caching). </para> <example> - <title>nonce_expire example</title> + <title>Setting db_mode parameter</title> <programlisting> - modparam("domain", "db_mode", 1) # Use caching +modparam("domain", "db_mode", 0) # Do not use caching </programlisting> </example> </section>

14 years, 2 months

git:master: tls: remove warning about compression for openssl > 0.9. 8e-beta1

by Andrei Pelinescu-Onciul

Module: sip-router Branch: master Commit: 5decf8ecdd68a11f36e0e868242dbfed484eda55 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=5decf8e… Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Committer: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Date: Fri Mar 19 15:28:37 2010 +0100 tls: remove warning about compression for openssl > 0.9.8e-beta1 Remove compile-time warning about compression workarounds for openssl versions newer then 0.9.8e-beta1. --- modules/tls/tls_init.c | 6 +++++- 1 files changed, 5 insertions(+), 1 deletions(-) diff --git a/modules/tls/tls_init.c b/modules/tls/tls_init.c index a685c83..aac73a6 100644 --- a/modules/tls/tls_init.c +++ b/modules/tls/tls_init.c @@ -79,7 +79,11 @@ # warning "" #endif -#if OPENSSL_VERSION_NUMBER >= 0x00908000L /* 0.9.8*/ +/* replace openssl zlib compression with our version if necessary + * (the openssl zlib compression uses the wrong malloc, see + * openssl #1468): 0.9.8-dev < version <0.9.8e-beta1 */ +#if OPENSSL_VERSION_NUMBER >= 0x00908000L /* 0.9.8-dev */ && \ + OPENSSL_VERSION_NUMBER < 0x00908051L /* 0.9.8.e-beta1 */ # ifndef OPENSSL_NO_COMP # warning "openssl zlib compression bug workaround enabled" # endif

14 years, 2 months

git:master: tls: doc update w/ the new options

by Andrei Pelinescu-Onciul

Module: sip-router Branch: master Commit: 56054f1ddc4053529d52ad1dd31d90f591b63b08 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=56054f1… Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Committer: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Date: Fri Mar 19 15:26:45 2010 +0100 tls: doc update w/ the new options - docs updated with the new parameters description (ssl_release_buffers, ssl_read_ahead, ssl_freelist_max_len, ssl_max_send_fragment). - README regenerated - NEWS updated --- NEWS | 5 ++ modules/tls/README | 138 +++++++++++++++++++++++++++++++++++----- modules/tls/doc/params.xml | 151 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 276 insertions(+), 18 deletions(-) Diff: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commitdiff;h=560…

14 years, 2 months

git:master: tls: new parameters for advanced openssl options

by Andrei Pelinescu-Onciul

Module: sip-router Branch: master Commit: 0c5b835259ab27216a9f34ddf445a49604a6c70c URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=0c5b835… Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Committer: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Date: Fri Mar 19 15:11:49 2010 +0100 tls: new parameters for advanced openssl options - ssl_release_buffers: release internal openssl read or write buffers when they are no longer used (complete read or write that does not have to buffer anything). Should be used together with tls_free_list_max_len. Might have some performance impact (and extra *malloc pressure), but has also the potential of saving a lot of memory (at least 32k/idle connection in the default config, or ~16k+tls_max_send_fragment)). Works only with openssl >= 1.0.0. - ssl_freelist_max_len: maximum length of free/unused memory buffers/chunks per connection. Setting it to 0 would cause any unused buffers to be immediately freed and hence a lower memory footprint (at the cost of a possible performance hit and more *malloc pressure). Too large value would result in extra memory consumption. The default is 32 in openssl. For lowest memory usage set it to 0 and tls_mode_release_buffers to 1. Works / makes sense only for openssl >= 1.0.0. - ssl_max_send_fragment: maximum number of bytes (clear text) sent into one record. The default and maximum value are ~16k. Lower values would lead to a lower memory footprint. Values lower then the typical app. write size might decrease performance, so it should be kept ~2k+ for normal SIP traffic. Too low values (e.g. <1024) might cause the initial handshake to fail, so use with care. Works only for openssl >= 0.9.9. - ssl_read_ahead: enable read ahead. Should increase performance (1 less syscall when enabled, else openssl makes 1 read() for each record header and another or the content), but might interact with SSL_pending() (not used right now). Default: 1 (enabled). --- modules/tls/tls_domain.c | 244 ++++++++++++++++++++++++++++++++++++++++++++- modules/tls/tls_mod.c | 49 ++++++++-- modules/tls/tls_mod.h | 13 ++- 3 files changed, 288 insertions(+), 18 deletions(-) Diff: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commitdiff;h=0c5…

14 years, 2 months

git:master: core: cfg parser: allow negative numbers in modparams

by Andrei Pelinescu-Onciul

Module: sip-router Branch: master Commit: d4b2eee2e4f0e5a1fe4b5ea17d78d51a6fab70c7 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=d4b2eee… Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Committer: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Date: Fri Mar 19 14:47:46 2010 +0100 core: cfg parser: allow negative numbers in modparams --- cfg.y | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/cfg.y b/cfg.y index 8bda2fc..a9350ec 100644 --- a/cfg.y +++ b/cfg.y @@ -1631,7 +1631,7 @@ module_stm: yyerror("Can't set module parameter"); } } - | MODPARAM LPAREN STRING COMMA STRING COMMA NUMBER RPAREN { + | MODPARAM LPAREN STRING COMMA STRING COMMA intno RPAREN { #ifdef SHM_MEM if (!shm_initialized() && init_shm()<0) { yyerror("Can't initialize shared memory");

14 years, 2 months

git:master: tls: minor DBG() fix for the servername extension

by Andrei Pelinescu-Onciul

Module: sip-router Branch: master Commit: 28b53c804b4853c31c8cb14227f207c9f085fb53 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=28b53c8… Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Committer: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Date: Fri Mar 19 13:21:32 2010 +0100 tls: minor DBG() fix for the servername extension --- modules/tls/tls_select.c | 11 +++++------ 1 files changed, 5 insertions(+), 6 deletions(-) diff --git a/modules/tls/tls_select.c b/modules/tls/tls_select.c index ac14cdb..dba9a6e 100644 --- a/modules/tls/tls_select.c +++ b/modules/tls/tls_select.c @@ -24,11 +24,10 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -/*! - * \file - * \brief SIP-router TLS support :: Select interface - * \ingroup tls - * Module: \ref tls +/** SIP-router TLS support :: Select interface. + * @file + * @ingroup tls + * Module: @ref tls */ @@ -962,9 +961,9 @@ static int get_tlsext_sn(str* res, sip_msg_t* msg) server_name.s = (char*)SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); if (server_name.s) { + server_name.len = strlen(server_name.s); DBG("received server_name (TLS extension): '%.*s'\n", STR_FMT(&server_name)); - server_name.len = strlen(server_name.s); } else { DBG("SSL_get_servername returned NULL\n"); goto error;

14 years, 2 months

Core dump not generated

by Min Wang

Hi: Running ser with root under debian lenny, And tried: kill -SIGABRT <pid_of_ser> core was not generated Any reason for that? Mar 18 14:16:39 im1 /usr/sbin/ser[5315]: ALERT: <core> [main.c:730]: child process 5319 exited by a signal 6 Mar 18 14:16:39 im1 /usr/sbin/ser[5336]: : <core> [pass_fd.c:293]: ERROR: receive_fd: EOF on 13 Mar 18 14:16:39 im1 /usr/sbin/ser[5315]: ALERT: <core> [main.c:733]: core was not generated Mar 18 14:16:39 im1 /usr/sbin/ser[5336]: DEBUG: <core> [tcp_main.c:3034]: DBG: handle_ser_child: dead child 4, pid 5319 (shutting down?) Mar 18 14:16:39 im1 /usr/sbin/ser[5315]: INFO: <core> [main.c:745]: INFO: terminating due to SIGCHLD Mar 18 14:16:39 im1 /usr/sbin/ser[5336]: DEBUG: <core> [io_wait.h:588]: DBG: io_watch_del (0x821a0a0, 13, -1, 0x0) fd_no=24 called Mar 18 14:16:39 im1 /usr/sbin/ser[5332]: INFO: <core> [main.c:796]: INFO: signal 15 received Mar 18 14:16:39 im1 /usr/sbin/ser[5333]: INFO: <core> [main.c:796]: INFO: signal 15 received Mar 18 14:16:39 im1 /usr/sbin/ser[5324]: INFO: <core> [main.c:796]: INFO: signal 15 received Mar 18 14:16:39 im1 /usr/sbin/ser[5317]: INFO: <core> [main.c:796]: INFO: signal 15 received Thanks. Kind Regards Min Wang

14 years, 2 months

← Newer
1
...
12
13
14
15
16
17
18
...
36
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev March 2010