sr-dev January 2023

sr-dev@lists.kamailio.org

14 participants
276 discussions

git:master:331aa575: tls: update docs for init_mode with details about fork prepare option

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: 331aa5753beccd3ddb241219cf1988a506fa2de3 URL: https://github.com/kamailio/kamailio/commit/331aa5753beccd3ddb241219cf1988a… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2023-01-25T08:26:09+01:00 tls: update docs for init_mode with details about fork prepare option --- Modified: src/modules/tls/doc/params.xml --- Diff: https://github.com/kamailio/kamailio/commit/331aa5753beccd3ddb241219cf1988a… Patch: https://github.com/kamailio/kamailio/commit/331aa5753beccd3ddb241219cf1988a… --- diff --git a/src/modules/tls/doc/params.xml b/src/modules/tls/doc/params.xml index 49f1d1f85f..d90157ca24 100644 --- a/src/modules/tls/doc/params.xml +++ b/src/modules/tls/doc/params.xml @@ -1037,13 +1037,20 @@ modparam("tls", "renegotiation", 1) <para> Allow setting flags that control how the module is initialized and works at runtime. Many flags (bits) can be set at the same time (set the - parameter to the sum of corresponding values). + parameter to the sum of corresponding values). The flags are refered + with 0-indexing. </para> <para> - If flag (bit) 1 is set (value 1), the memory management operations registered for TLS are - wapped within a pthread mutex lock. It can be useful with newer versions - of libssl and libcrypto, which have a more pthread multi-threading oriented - design. + If flag (bit) at index 0 is set (value 1), the memory management operations + registered for TLS are wapped within a pthread mutex lock. It can be useful + with newer versions of libssl and libcrypto, which have a more pthread + multi-threading oriented design. + </para> + <para> + If flag (bit) at index 1 is set (value 2), the module executes openssl fork + prepare API functions (see + <ulink url="https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_fork_prepare.html">https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_fork_prepare.html</ulink>). It is done only for openssl version greater or equal + with 1.1.1. </para> <para> Default value is 0.

1 year, 3 months

git:master:cb424135: tls: new option for init_mode to use openssl api for fork prepare

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: cb424135c4164be10dd3c12086b548b8fec0d830 URL: https://github.com/kamailio/kamailio/commit/cb424135c4164be10dd3c12086b548b… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2023-01-25T08:19:52+01:00 tls: new option for init_mode to use openssl api for fork prepare - flag 2 (value 2) has to be set --- Modified: src/modules/tls/tls_init.h Modified: src/modules/tls/tls_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/cb424135c4164be10dd3c12086b548b… Patch: https://github.com/kamailio/kamailio/commit/cb424135c4164be10dd3c12086b548b… --- diff --git a/src/modules/tls/tls_init.h b/src/modules/tls/tls_init.h index c0fecc6b17..c3fe829f00 100644 --- a/src/modules/tls/tls_init.h +++ b/src/modules/tls/tls_init.h @@ -57,6 +57,7 @@ extern sr_tls_methods_t sr_tls_methods[]; #endif #define TLS_MODE_PTHREAD_LOCK_SHM (1) +#define TLS_MODE_FORK_PREPARE (1<<1) /* * just once, pre-initialize the tls subsystem diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c index e41c7d7d0f..466e2fcdbb 100644 --- a/src/modules/tls/tls_mod.c +++ b/src/modules/tls/tls_mod.c @@ -412,6 +412,15 @@ static int mod_init(void) if(sr_tls_event_callback.s==NULL || sr_tls_event_callback.len<=0) { tls_lookup_event_routes(); } +#if OPENSSL_VERSION_NUMBER >= 0x010101000L + /* + * register the need to be called post-fork of all children + * with the special rank PROC_POSTCHILDINIT + */ + if(ksr_tls_init_mode&TLS_MODE_FORK_PREPARE) { + ksr_module_set_flag(KSRMOD_FLAG_POSTCHILDINIT); + } +#endif return 0; error: tls_h_mod_destroy_f(); @@ -423,6 +432,7 @@ static int mod_init(void) static int tls_engine_init(); int tls_fix_engine_keys(tls_domains_cfg_t*, tls_domain_t*, tls_domain_t*); #endif + static int mod_child(int rank) { if (tls_disable || (tls_domains_cfg==0)) @@ -440,7 +450,29 @@ static int mod_child(int rank) &mod_params, &mod_params) < 0) return -1; } +#if OPENSSL_VERSION_NUMBER >= 0x010101000L + if(ksr_tls_init_mode&TLS_MODE_FORK_PREPARE) { + OPENSSL_fork_prepare(); + } +#endif + return 0; + } + +#if OPENSSL_VERSION_NUMBER >= 0x010101000L + if(ksr_tls_init_mode&TLS_MODE_FORK_PREPARE) { + if(rank==PROC_POSTCHILDINIT) { + /* + * this is called after forking of all child processes + */ + OPENSSL_fork_parent(); + return 0; + } + if (!_ksr_is_main) { + OPENSSL_fork_child(); + } } +#endif + #ifndef OPENSSL_NO_ENGINE /* * after the child is fork()ed we go through the TLS domains

1 year, 3 months

[kamailio/kamailio] "kamdbctl create" creates the same user twice which fails (Issue #3280)

by Tommy Falgout

### Description When running kamdbctl for the first time with `DBENGINE=MYSQL` , it will try to create the same user twice which causes a failure. Because the user is already there, the create fails and the install script fails As a new user this is very confusing as it leads you to believe that you're blocked. However, if you enable prompt and run it twice and then skip adding access the second time, you can continue. ``` root@924dfe238957:/# /usr/sbin/kamdbctl create Create the database 'kamailio'? (y/n): y -e \E[37;33mINFO: creating database kamailio ... Create database users with access privileges? (y/n): y -e \E[37;33mINFO: granting privileges to database kamailio ... ERROR 1396 (HY000) at line 1: Operation CREATE USER failed for 'kamailio'@'mariadb' ERROR 1396 (HY000) at line 1: Operation CREATE USER failed for 'kamailioro'@'mariadb' ``` ### Troubleshooting If you modify `./usr/lib/x86_64-linux-gnu/kamailio/kamctl/kamdbctl.mysql` to echo the command instead, then you get the following debugging info. ``` root@924dfe238957:/# /usr/sbin/kamdbctl create Create the database 'kamailio'? (y/n): y -e \E[37;33mINFO: creating database kamailio ... mysql -h mariadb -P 3306 -uroot -ppasswd -e CREATE DATABASE kamailio CHARACTER SET latin1; Create database users with access privileges? (y/n): y -e \E[37;33mINFO: granting privileges to database kamailio ... mysql -h mariadb -P 3306 -uroot -ppasswd -e CREATE USER 'kamailio'@'mariadb' IDENTIFIED BY 'kamailiorw'; GRANT ALL PRIVILEGES ON kamailio.* TO 'kamailio'@'mariadb'; mysql -h mariadb -P 3306 -uroot -ppasswd -e CREATE USER 'kamailioro'@'mariadb' IDENTIFIED BY 'kamailioro'; GRANT SELECT ON kamailio.* TO 'kamailioro'@'mariadb'; mysql -h mariadb -P 3306 -uroot -ppasswd -e CREATE USER 'kamailio'@'localhost' IDENTIFIED BY 'kamailiorw'; GRANT ALL PRIVILEGES ON kamailio.* TO 'kamailio'@'localhost'; mysql -h mariadb -P 3306 -uroot -ppasswd -e CREATE USER 'kamailioro'@'localhost' IDENTIFIED BY 'kamailioro'; GRANT SELECT ON kamailio.* TO 'kamailioro'@'localhost'; mysql -h mariadb -P 3306 -uroot -ppasswd -e CREATE USER 'kamailio'@'mariadb' IDENTIFIED BY 'kamailiorw'; GRANT ALL PRIVILEGES ON kamailio.* TO 'kamailio'@'mariadb'; mysql -h mariadb -P 3306 -uroot -ppasswd -e CREATE USER 'kamailioro'@'mariadb' IDENTIFIED BY 'kamailioro'; GRANT SELECT ON kamailio.* TO 'kamailioro'@'mariadb'; ``` As you can see ` 'kamailioro'@'mariadb'` and ` 'kamailioro'@'mariadb'` are added twice which creates a 1396 error. #### Reproduction ``` ``` -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3280 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/3280(a)github.com>

1 year, 3 months

[kamailio/kamailio] Confusing wss transport with ws transport while forwarding sip messages (Issue #3340)

by Nathan

### Description For secure websocket connections (wss), Kamailio seems to forget that the connection is secure, later trying to use a regular TCP `listen` option to send out messags. I'd be happy to propose a patch, but I'm not sure what the expected behavior of Kamailio would be here. Setup: - One Kamailio acting as websocket endpoint with TLS configured, forwarding all packets via udp to another kamailio - Another Kamailio handling all dialplan logic, including registers/invites We have traced the issue: - Client sends a `REGISTER` over secure websockets - Kamailio1 forwards this to Kamailio 2, with `Path: <sip:kamailio1:port1;lr;received=sip:1.1.1.1:11111%3Btransport%3Dws>` - Kamailio 2 stores the AOR in database using `registrar.store` - In the location table, we can see `received = sip:1.1.1.1:11111;transport=ws` - We try to send a SIP INVITE to the WebRTC client - Kamailio 2 creates invite, adds header `Route: ` with option `transport=ws` - INVITE arrives at Kamailio 1, which forwards it to the client using `t_relay` - Kamailio 1 ends up in `get_send_socket2`, with parameter `proto = ws` - Following the source code, we end up [here](https://github.com/kamailio/kamailio/blob/master/src/core/forward.c#L…, this will end up picking `sendipv4_tcp` as `send_sock` - This picks a *TCP* listener, while in fact we need a *TLS* listener - As a result, the outgoing message contains a wrong endpoint in the `Record-Route` header, causing issues in the SIP dialog later on ### Troubleshooting #### Reproduction Reproducing from scratch requires quite some setup, hopefully the above information will be enough to diagnose. #### Debugging Data See above. #### Log Messages See above. #### SIP Traffic See above, can provide exact SIP traces if required. ### Possible Solutions We have been able to work around the issue like this: ``` if (pcre_match("$(hdr(Route)[0]{nameaddr.uri}{uri.param,received})", "%3Btransport%3Dws")) { # Kamailio bug? # in the received parameter of the route header, there is ';transport=ws' # so kamailio starts looking for a *tcp* connection, while it should be looking for a *tls* # connection. xlog("L_NOTICE", "Websocket detected; forcing wss transport"); set_send_socket("tls:WEBSOCKET_IP:WEBSOCKET_PORT"); } ``` ### Additional Information * **Kamailio Version** - output of `kamailio -v` Tested with 5.4.4, but code doesn't seem to be changed in master. * **Operating System**: Ubuntu Focal. -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3340 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/3340(a)github.com>

1 year, 3 months

Is there any Function or parameter to check Initial Invite Response on Kamailio

by HimaBindu G

Hi All, Can you please suggest any function or parameter to check Initial Invite Response from the backend. Thanks & Regards, Hima Bindu.

1 year, 3 months

git:master:79eae59c: tls: renamed the module destroy function

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: 79eae59c4e104dab0b195bfbeb01b58f9d144092 URL: https://github.com/kamailio/kamailio/commit/79eae59c4e104dab0b195bfbeb01b58… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2023-01-24T11:36:53+01:00 tls: renamed the module destroy function --- Modified: src/modules/tls/tls_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/79eae59c4e104dab0b195bfbeb01b58… Patch: https://github.com/kamailio/kamailio/commit/79eae59c4e104dab0b195bfbeb01b58… --- diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c index bef803230c..e41c7d7d0f 100644 --- a/src/modules/tls/tls_mod.c +++ b/src/modules/tls/tls_mod.c @@ -78,7 +78,7 @@ */ static int mod_init(void); static int mod_child(int rank); -static void destroy(void); +static void mod_destroy(void); static int w_is_peer_verified(struct sip_msg* msg, char* p1, char* p2); static int w_tls_set_connect_server_id(sip_msg_t* msg, char* psrvid, char* p2); @@ -275,7 +275,7 @@ struct module_exports exports = { 0, /* response handling function */ mod_init, /* module init function */ mod_child, /* child initi function */ - destroy /* destroy function */ + mod_destroy /* destroy function */ }; @@ -460,7 +460,7 @@ static int mod_child(int rank) } -static void destroy(void) +static void mod_destroy(void) { /* tls is destroyed via the registered destroy_tls_h callback * => nothing to do here */

1 year, 3 months

Re: issues when freeing shared memory in custom module (Kamailio 5.5.2) - available shared memory (follow up), and crash with tlsf

by Luis Azedo

Hello Nicolas, i use tlsf and i have no issues. tlsf "nukes" the memory (sets the allocated size to NULL) on deallocation, i would check your module (or other like parts of kamailio) for possible reuse of memory after deallocation. i remember to have made some commits around this "memory use after deallocation" Cheers

1 year, 3 months

git:master:d0cd1905: modules: readme files regenerated - tls ... [skip ci]

by Kamailio Dev

Module: kamailio Branch: master Commit: d0cd1905652e1aeb0be92c5a723b5d42f4171a13 URL: https://github.com/kamailio/kamailio/commit/d0cd1905652e1aeb0be92c5a723b5d4… Author: Kamailio Dev <kamailio.dev(a)kamailio.org> Committer: Kamailio Dev <kamailio.dev(a)kamailio.org> Date: 2023-01-24T09:31:26+01:00 modules: readme files regenerated - tls ... [skip ci] --- Modified: src/modules/tls/README --- Diff: https://github.com/kamailio/kamailio/commit/d0cd1905652e1aeb0be92c5a723b5d4… Patch: https://github.com/kamailio/kamailio/commit/d0cd1905652e1aeb0be92c5a723b5d4… --- diff --git a/src/modules/tls/README b/src/modules/tls/README index 94c3a72d80..21740840b4 100644 --- a/src/modules/tls/README +++ b/src/modules/tls/README @@ -61,7 +61,7 @@ Olle E. Johansson 10.27. session_cache (boolean) 10.28. session_id (str) 10.29. renegotiation (boolean) - 10.30. lock_mode (int) + 10.30. init_mode (int) 10.31. config (string) 10.32. xavp_cfg (string) 10.33. event_callback (str) @@ -136,7 +136,7 @@ Olle E. Johansson 1.38. Set session_cache parameter 1.39. Set session_id parameter 1.40. Set renegotiation parameter - 1.41. Set lock_mode parameter + 1.41. Set init_mode parameter 1.42. Sample TLS Config File 1.43. Set config parameter 1.44. Change and reload the TLS configuration at runtime @@ -193,7 +193,7 @@ Chapter 1. Admin Guide 10.27. session_cache (boolean) 10.28. session_id (str) 10.29. renegotiation (boolean) - 10.30. lock_mode (int) + 10.30. init_mode (int) 10.31. config (string) 10.32. xavp_cfg (string) 10.33. event_callback (str) @@ -624,7 +624,7 @@ Place holder 10.27. session_cache (boolean) 10.28. session_id (str) 10.29. renegotiation (boolean) - 10.30. lock_mode (int) + 10.30. init_mode (int) 10.31. config (string) 10.32. xavp_cfg (string) 10.33. event_callback (str) @@ -1267,18 +1267,22 @@ modparam("tls", "session_id", "my-session-id-context") modparam("tls", "renegotiation", 1) ... -10.30. lock_mode (int) +10.30. init_mode (int) - If set to 1, the memory management operations registered for TLS are - wapped within a pthread mutex lock. It can be useful with newer - versions of libssl and libcrypto, which have a more pthread - multi-threading oriented design. + Allow setting flags that control how the module is initialized and + works at runtime. Many flags (bits) can be set at the same time (set + the parameter to the sum of corresponding values). + + If flag (bit) 1 is set (value 1), the memory management operations + registered for TLS are wapped within a pthread mutex lock. It can be + useful with newer versions of libssl and libcrypto, which have a more + pthread multi-threading oriented design. Default value is 0. - Example 1.41. Set lock_mode parameter + Example 1.41. Set init_mode parameter ... -modparam("tls", "lock_mode", 1) +modparam("tls", "init_mode", 1) ... 10.31. config (string)

1 year, 3 months

git:master:220cc963: tls: docs updated to rename lock_mode to init_mode

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: 220cc9633092f166611432c704796353da46668c URL: https://github.com/kamailio/kamailio/commit/220cc9633092f166611432c70479635… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2023-01-24T09:29:32+01:00 tls: docs updated to rename lock_mode to init_mode --- Modified: src/modules/tls/doc/params.xml --- Diff: https://github.com/kamailio/kamailio/commit/220cc9633092f166611432c70479635… Patch: https://github.com/kamailio/kamailio/commit/220cc9633092f166611432c70479635… --- diff --git a/src/modules/tls/doc/params.xml b/src/modules/tls/doc/params.xml index d491a67cca..49f1d1f85f 100644 --- a/src/modules/tls/doc/params.xml +++ b/src/modules/tls/doc/params.xml @@ -1032,10 +1032,15 @@ modparam("tls", "renegotiation", 1) </example> </section> - <section id="tls.p.lock_mode"> - <title><varname>lock_mode</varname> (int)</title> + <section id="tls.p.init_mode"> + <title><varname>init_mode</varname> (int)</title> <para> - If set to 1, the memory management operations registered for TLS are + Allow setting flags that control how the module is initialized and works + at runtime. Many flags (bits) can be set at the same time (set the + parameter to the sum of corresponding values). + </para> + <para> + If flag (bit) 1 is set (value 1), the memory management operations registered for TLS are wapped within a pthread mutex lock. It can be useful with newer versions of libssl and libcrypto, which have a more pthread multi-threading oriented design. @@ -1044,10 +1049,10 @@ modparam("tls", "renegotiation", 1) Default value is 0. </para> <example> - <title>Set <varname>lock_mode</varname> parameter</title> + <title>Set <varname>init_mode</varname> parameter</title> <programlisting> ... -modparam("tls", "lock_mode", 1) +modparam("tls", "init_mode", 1) ... </programlisting> </example>

1 year, 3 months

git:master:2056194d: tls: renamed lock_mode to init_mode in order to reuse for other purposes

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: 2056194d086c773469af4855e371776615793e44 URL: https://github.com/kamailio/kamailio/commit/2056194d086c773469af4855e371776… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2023-01-24T09:25:04+01:00 tls: renamed lock_mode to init_mode in order to reuse for other purposes - init the pthread lock - conditions on init mode for locking/unlocking --- Modified: src/modules/tls/tls_init.c Modified: src/modules/tls/tls_init.h Modified: src/modules/tls/tls_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/2056194d086c773469af4855e371776… Patch: https://github.com/kamailio/kamailio/commit/2056194d086c773469af4855e371776…

1 year, 3 months

← Newer
1
...
13
14
15
16
17
18
19
...
28
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev January 2023