@space88man do we need to build wolfssl because we can't use wolfssl coming from distributions?
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/commit/14b1f79c29f317c74bbcbba75853ce4…
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/commit/14b1f79c29f317c74bbcbba75853ce45c353a865/113383355(a)github.com>
Hello,
While troubleshooting a memory leak, I noticed that we are mixing SHM
memory with PKG memory during hep tracing.
When the dispatcher timer is scheduled for OPTION pings, the
ds_ping_set() is called and the tm module is engaged to handle the
ping.
dispatcher: dispatcher.c
ds_ping_set()
tmb.t_request
Inside the tm module, a new cell is created and the SIP message is
cloned for further processing via sip_msg_cloner() and later on the
onsend_route is engaged:
tm: uac.c:
request()
t_uac()
t_uac_with_ids()
t_uac_prepare()
new_cell->uas.request = sip_msg_cloner(&lreq, &sip_msg_len);
core: sip_msg_shm_clone() (we are cloning the msg in SHM)
send_prepared_request_impl(SHM pointer)
run_onsend(SHM pointer)
Inside the onsend_route we call siptrace() and we go like this:
siptrace: siptrace_send.c
sip_trace_prepare(SHM pointer)
parser:
parse_from_header(SHM pointer)
we allocate PKG mem that is leaked
parse_to()
parse_addr_spec()
we allocate PKG mem that is leaked
Later on, the SHM memory block is released by the free_cell_helper():
sip_msg_free_unsafe(dead_cell->uas.request);
This was a misconfiguration, because the siptrace was configured to
automatically mirror all SIP traffic and the call for siptrace() in
the onsend_route was not necessary.
Perhaps siptrace() should be a noop when trace_mode is not 0.
Here are the siptrace params:
loadmodule "siptrace.so"
modparam("siptrace", "db_url", DBMYSQL)
modparam("siptrace", "duplicate_uri", SIPTRACE_SVR_IP)
modparam("siptrace", "send_sock_addr", SIPTRACE_OUT_IP)
modparam("siptrace", "hep_mode_on", 1)
modparam("siptrace", "hep_version", 3)
modparam("siptrace", "trace_to_database", 0)
modparam("siptrace", "trace_flag", 22)
modparam("siptrace", "trace_on", 1)
modparam("siptrace", "evcb_msg", "ksr_siptrace_msg")
modparam("siptrace", "trace_mode", 1)
This is happening on the latest version of kamailio 5.6.
-ovidiu
Module: kamailio
Branch: master
Commit: 8f7c0893f0c53b9f399cfa0989fecd9bd15b344d
URL: https://github.com/kamailio/kamailio/commit/8f7c0893f0c53b9f399cfa0989fecd9…
Author: Kamailio Dev <kamailio.dev(a)kamailio.org>
Committer: Kamailio Dev <kamailio.dev(a)kamailio.org>
Date: 2023-05-12T17:31:24+02:00
modules: readme files regenerated - tls ... [skip ci]
---
Modified: src/modules/tls/README
---
Diff: https://github.com/kamailio/kamailio/commit/8f7c0893f0c53b9f399cfa0989fecd9…
Patch: https://github.com/kamailio/kamailio/commit/8f7c0893f0c53b9f399cfa0989fecd9…
---
diff --git a/src/modules/tls/README b/src/modules/tls/README
index 7198c455293..f721ba81d61 100644
--- a/src/modules/tls/README
+++ b/src/modules/tls/README
@@ -676,11 +676,12 @@ Place holder
If RFC 3261 conformance is desired, at least TLSv1 must be used. For
compatibility with older clients SSLv23 is the option, but again, be
- aware of security concerns, SSLv2/3 being considered very insecure by
- 2014. For current information about what's considered secure, please
- consult, IETF BCP 195, currently RFC 7525 - "Recommendations for Secure
- Use of Transport Layer Security (TLS) and Datagram Transport Layer
- Security (DTLS)"
+ aware of security concerns, SSLv2/3 as well as TLS v1.0 and v1.1 are
+ being considered very insecure and are therefore deprecated since March
+ 2021 (RFC 8996). For current information about what's considered
+ secure, please consult, IETF BCP 195, currently RFC 9325 -
+ "Recommendations for Secure Use of Transport Layer Security (TLS) and
+ Datagram Transport Layer Security (DTLS)"
Example 1.3. Set tls_method parameter
...