sr-dev January 2025

sr-dev@lists.kamailio.org

21 participants
301 discussions

[kamailio/kamailio] tls_wolfssl: crash qm_free / qm_debug_check_frag (Issue #4074)
by Fred Posner 12 Jun '25

12 Jun '25

### Introduction First, I apologize for the lack of detail here. I am unable to get a core dump and as a production box, I was unable to run in debug mode. ### Description Using Kamailio 5.8.4 on Debian 12, every 60-80 minutes, the software would crash, blaming tls_wolfssl, such as: ``` 2024-12-16T14:58:27.554497+00:00 ip-172-16-0-52 /usr/local/sbin/kamailio[9084]: CRITICAL: <core> [core/mem/q_malloc.c:535]: qm_free(): BUG: bad pointer 0x1 (out of memory block!) called from tls_wolfssl: tls_init.c: ser_free(240) - ignoring 2024-12-16T14:58:27.554555+00:00 ip-172-16-0-52 /usr/local/sbin/kamailio[9084]: CRITICAL: <core> [core/mem/q_malloc.c:126]: qm_debug_check_frag(): BUG: qm: fragm. 0x7f3440ba7560 (address 0x7f3440ba75a0) beginning overwritten (23)! Memory allocator was called from tls_wolfssl: tls_init.c:240. Fragment marked by :29. Exec from core/mem/q_malloc.c:546. 2024-12-16T14:58:27.616558+00:00 ip-172-16-0-52 /usr/local/sbin/kamailio[9089]: CRITICAL: <core> [core/pass_fd.c:281]: receive_fd(): EOF on 103 2024-12-16T14:58:27.617684+00:00 ip-172-16-0-52 /usr/local/sbin/kamailio[8992]: ALERT: <core> [main.c:805]: handle_sigs(): child process 9084 exited by a signal 6 2024-12-16T14:58:27.618339+00:00 ip-172-16-0-52 /usr/local/sbin/kamailio[8992]: ALERT: <core> [main.c:809]: handle_sigs(): core was not generated 2024-12-16T14:58:27.618477+00:00 ip-172-16-0-52 /usr/local/sbin/kamailio[8992]: INFO: <core> [main.c:832]: handle_sigs(): terminating due to SIGCHLD 2024-12-16T14:58:27.618589+00:00 ip-172-16-0-52 /usr/local/sbin/kamailio[9088]: INFO: <core> [main.c:888]: sig_usr(): signal 15 received ``` ``` 2024-12-16T14:57:52.029277+00:00 ip-172-16-0-73 /usr/local/sbin/kamailio[21605]: CRITICAL: <core> [core/mem/q_malloc.c:535]: qm_free(): BUG: bad pointer 0x1 (out of memory block!) called from tls_wolfssl: tls_init.c: ser_free(240) - ignoring 2024-12-16T14:57:52.029347+00:00 ip-172-16-0-73 /usr/local/sbin/kamailio[21605]: CRITICAL: <core> [core/mem/q_malloc.c:126]: qm_debug_check_frag(): BUG: qm: fragm. 0x7f085996b500 (address 0x7f085996b540) beginning overwritten (0)! Memory allocator was called from tls_wolfssl: tls_init.c:240. Fragment marked by (null):0. Exec from core/mem/q_malloc.c:546. 2024-12-16T14:57:52.048597+00:00 ip-172-16-0-73 /usr/local/sbin/kamailio[21611]: CRITICAL: <core> [core/pass_fd.c:281]: receive_fd(): EOF on 101 2024-12-16T14:57:52.048921+00:00 ip-172-16-0-73 /usr/local/sbin/kamailio[21512]: ALERT: <core> [main.c:805]: handle_sigs(): child process 21605 exited by a signal 6 2024-12-16T14:57:52.048953+00:00 ip-172-16-0-73 /usr/local/sbin/kamailio[21512]: ALERT: <core> [main.c:809]: handle_sigs(): core was not generated 2024-12-16T14:57:52.048975+00:00 ip-172-16-0-73 /usr/local/sbin/kamailio[21512]: INFO: <core> [main.c:832]: handle_sigs(): terminating due to SIGCHLD 2024-12-16T14:57:52.048997+00:00 ip-172-16-0-73 /usr/local/sbin/kamailio[21609]: INFO: <core> [main.c:888]: sig_usr(): signal 15 received ``` ``` 2024-12-16T16:21:35.967576+00:00 ip-172-16-0-52 /usr/local/sbin/kamailio[10591]: CRITICAL: <core> [core/mem/q_malloc.c:126]: qm_debug_check_frag(): BUG: qm: fragm. 0x7f442778d110 (address 0x7f442778d150) beginning overwritten (0)! Memory allocator was called from tls_wolfssl: tls_init.c:240. Fragment marked by (null):0. Exec from core/mem/q_malloc.c:546. ``` ``` 2024-12-16T13:31:55.995222+00:00 ip-172-16-0-52 /usr/local/sbin/kamailio[7602]: CRITICAL: <core> [core/mem/q_malloc.c:555]: qm_free(): BUG: freeing already freed pointer (0x7f8e55830a70), called from tls_wolfssl: tls_init.c: ser_free(240), first free tls_wolfssl: tls_init.c: ser_malloc(228) - ignoring 2024-12-16T13:32:40.093954+00:00 ip-172-16-0-52 /usr/local/sbin/kamailio[7603]: CRITICAL: <core> [core/mem/q_malloc.c:535]: qm_free(): BUG: bad pointer 0x7a100000000 (out of memory block!) called from tls_wolfssl: tls_init.c: ser_free(240) - ignoring 2024-12-16T13:32:40.094047+00:00 ip-172-16-0-52 /usr/local/sbin/kamailio[7603]: CRITICAL: <core> [core/mem/q_malloc.c:126]: qm_debug_check_frag(): BUG: qm: fragm. 0x7f8e55762720 (address 0x7f8e55762760) beginning overwritten (0)! Memory allocator was called from tls_wolfssl: tls_init.c:240. Fragment marked by (null):0. Exec from core/mem/q_malloc.c:546. 2024-12-16T13:32:40.260913+00:00 ip-172-16-0-52 /usr/local/sbin/kamailio[7504]: CRITICAL: <core> [core/mem/q_malloc.c:555]: qm_free(): BUG: freeing already freed pointer (0x7f8e55761a70), called from core: core/tcp_main.c: _tcpconn_free(1666), first free tls_wolfssl: tls_init.c: ser_free(240) - ignoring 2024-12-16T13:32:40.263520+00:00 ip-172-16-0-52 /usr/local/sbin/kamailio[7504]: CRITICAL: <core> [core/mem/q_malloc.c:126]: qm_debug_check_frag(): BUG: qm: fragm. 0x7f8e55762720 (address 0x7f8e55762760) beginning overwritten (0)! Memory allocator was called from tls_wolfssl: tls_init.c:240. Fragment marked by (null):0. Exec from core/mem/q_malloc.c:546. ``` The system was handling ~900 TLS registrations with ~2700 presence SUBSCRIBE events. **Running the same config with `tls.so` does not result in crash.** ### Additional Information * **Kamailio Version** - 5.8.4 ``` version: kamailio 5.8.4 (x86_64/linux) 598105-dirty flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_SEND_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. id: 598105 -dirty compiled on 04:31:34 Dec 16 2024 with gcc 12.2.0 ``` * **Operating System**: ``` Distributor ID: Debian Description: Debian GNU/Linux 12 (bookworm) Release: 12 Codename: bookworm Linux ip-172-16-0-52 6.1.0-28-cloud-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.119-1 (2024-11-22) x86_64 GNU/Linux ``` * TCP Settings ``` children=16 disable_tcp=no tcp_connection_lifetime=3605 tcp_accept_no_cl=yes tcp_max_connections=8192 tcp_defer_accept=yes tcp_accept_unique=0 tcp_connection_lifetime=3605 tcp_connection_match=1 tcp_connect_timeout=10 tcp_crlf_ping=yes tcp_linger2=1 tcp_keepalive=yes tcp_reuse_port=yes tcp_keepidle=20 tcp_keepintvl=15 tcp_rd_buf_size=65536 tcp_msg_data_timeout=40 tcp_msg_read_timeout=40 tcp_check_timer=20 tls_threads_mode=2 tls_max_connections=8192 ``` -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/4074 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/4074(a)github.com>

3 6

[kamailio/kamailio] Possibly adjusting the SDP parser to be more lenient towards scenarios where a stream is being removed/rejected and connection-information "c=" is only available per media (no session-wide "c=") and the removed/rejected stream omits all fields (Issue #3982)
by thomas414 31 May '25

31 May '25

### Description I encountered an issue with a specific device that is receiving a T.38 fax. The call gets established towards the device normally with inband media, then the device requests T.38 media and tries to remove the audio media via sending port 0 in the ReInvite SDP. Also it sends connection-information only on the media level and there is no "c=" on the session level. Reading through the related RFCs and the kamailio code and discussing this on the mailing list, we came to the conclusion that kamailio is doing everything correct as per RFC. Though we were wondering if it would be possible to adjust the parser to be not as strict as it is right now, and allow a missing "c=" line on the media-level if the stream is removed/rejected via port 0, since i see no sense in requiring connection information. Of course we are also in contact with the vendor to hopefully adjust on their side. Here are the related RFCs: 1. RFC8866 5.7 `A session description MUST contain either at least one "c=" line in each media description or a single "c=" line at the session level. It MAY contain a single session-level "c=" line and additional media-level "c=" line(s) per-media-description, in which case the media-level values override the session-level settings for the respective media.` 2. RFC3264 8.2 `Existing media streams are removed by creating a new SDP with the port number for that stream set to zero. The stream description MAY omit all attributes present previously, and MAY list just a single media format.` At first i was especially confused by the RFC3264 8.2 part, since it seemed correct what the device is sending, but if you read carefully and keep the wording for SDP in mind only attributes ("a=") MAY be omitted. So a "c=" line should still be in the SDP for the removed media if it's not included on the session-level. Or do you see this differently? ### Expected behavior Kamailio allows and parses the SDP when there is no session-wide "c=", a media stream is being removed via port zero and there is no "c=" for this media stream and only the remaining media streams include a "c=" line. #### Actual observed behavior Kamailio throws an error when trying to parse the SDP. #### Log Messages ``` <core> [core/parser/sdp/sdp.c:523]: parse_sdp_session(): can't find media IP in the message ``` #### SIP Traffic ``` v=0 o=xmserver 1726638425 1726638427 IN IP4 169.254.1.1 s=xmserver t=0 0 m=audio 0 RTP/AVP 8 m=image 56002 udptl t38 c=IN IP4 169.254.1.1 a=sendrecv a=T38FaxVersion:0 a=T38MaxBitRate:14400 a=T38FaxFillBitRemoval:0 a=T38FaxTranscodingMMR:0 a=T38FaxTranscodingJBIG:0 a=T38FaxRateManagement:transferredTCF a=T38FaxMaxBuffer:200 a=T38FaxMaxDatagram:72 a=T38FaxUdpEC:t38UDPRedundancy ``` ### Possible Solutions ### Additional Information * **Kamailio Version** - output of `kamailio -v` ``` version: kamailio 5.8.3 (x86_64/linux) flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_SEND_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. id: unknown compiled with gcc 12.2.0 ``` * **Operating System**: ``` Debian 12 Linux hostname 6.1.0-20-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.85-1 (2024-04-11) x86_64 GNU/Linux ``` -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3982 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/3982(a)github.com>

3 5

[kamailio/kamailio] Inactive video stream: can't find media IP in the message (Issue #3406)
by schoberw 31 May '25

31 May '25

### Description In some situations the other side UA must reply with an inactive media stream. E.g. if video was added but not supported by the other side. The UAS then must answer with an m=video 0 RTP/.. line. It seams that the video section must contain a c= line with an IP address for rtpengine to function. If there is no c line (no IP address) the SDP body cannot be parsed and thus no RTP proxy is invoked. ### Troubleshooting Not easy to reproduce since the answer must bei "wrong". Is it correct to reply an SDP body (media = video) like this? ``` m=video 0 RTP/AVPF 96 a=label:1 a=inactive a=mid:1 ``` Maybe not (but Audiocodes SBC lates LTS version does it) - so we are dependent on other side now that this service works. #### Reproduction reInvite with Video to a UA that has no video Support (e.g. Bria -> Snom). Drop the c line in the video part with some textops in 200 OK (just to reproduce of course). A -> B, connect the call A -> + video, B has no video support A presses hold #### Log Messages Incoming 200 OK after doing hold with an inactive video: ``` v=0 o=root 436040161 309284577 IN IP4 1.2.3.5 s=call t=0 0 m=audio 14200 RTP/AVPF 9 8 126 c=IN IP4 1.2.3.5 a=ptime:20 a=recvonly a=mid:0 a=rtpmap:9 G722/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:126 telephone-event/8000 a=fmtp:126 0-15 m=video 0 RTP/AVPF 96 a=label:1 a=inactive a=mid:1 Mar 27 17:52:22 c5p05es2-1 /usr/sbin/kamailio[2938205]: ERROR: <core> [core/parser/sdp/sdp.c:490]: parse_sdp_session(): can't find media IP in the message Mar 27 17:52:22 c5p05es2-1 /usr/sbin/kamailio[2938205]: INFO: <script>: >>> Sending Reply: 200 OK (1.2.3.4:443 -> 100.108.48.38:65251) ``` Compare to working SDP parsing: ``` a=rtpmap:9 G722/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:126 telephone-event/8000 a=fmtp:126 0-15 m=video 0 RTP/AVP 96 c=IN IP4 1.2.3.5 a=inactive a=mid:1 Mar 27 18:00:17 c5p05es2-1 /usr/sbin/kamailio[2942881]: INFO: <script>: ONREPLY_ROUTE[FORWARD] Mar 27 18:00:17 c5p05es2-1 /usr/sbin/kamailio[2942881]: INFO: <script>: ROUTE[RTPP_REPLY] Mar 27 18:00:17 c5p05es2-1 /usr/sbin/kamailio[2942881]: INFO: <script>: > 200 with video Mar 27 18:00:17 c5p05es2-1 /usr/sbin/kamailio[2942881]: INFO: <script>: > 200 with inactive video Mar 27 18:00:17 c5p05es2-1 /usr/sbin/kamailio[2942881]: INFO: <script>: > Remove inactive video Mar 27 18:00:17 c5p05es2-1 /usr/sbin/kamailio[2942881]: INFO: <script>: > Answer to WebRTC client: 200 - qijpuibkv6ufhnd282ks Mar 27 18:00:17 c5p05es2-1 /usr/sbin/kamailio[2942881]: INFO: <script>: >>> Sending Reply: 200 OK (91.237.65.14:443 -> 80.108.48.38:65388) ``` ### Possible Solutions Tried to fix in script: ``` if(sdp_with_media("video")) xlog("L_INFO", "> $rs with video"); if(sdp_with_active_media("video")) xlog("L_INFO", "> $rs with active video"); if(!sdp_with_active_media("video")) xlog("L_INFO", "> $rs with inactive video"); if(sdp_with_media("video") && !sdp_with_active_media("video")) { # try fix for RMT#60189 xlog("L_INFO", "> Remove inactive video"); sdp_remove_media("video"); msg_apply_changes(); # needed? } ``` But since sdpops cannot parse it cannot remove the buggy media, too. See the log: non of the xlog is logging. If there is inactive media the c line is not mandatory. The parser should accept this by adding a default IP of 0.0.0.0, if needed Doing tricks with textops is not a easy nor performant solution to accept this wrong SDP from other parties. ### Additional Information ``` version: kamailio 5.6.4 (x86_64/linux) flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. id: unknown compiled with gcc 10.2.1 ``` * **Operating System**: Debian Bullseye -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3406 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/3406(a)github.com>

3 5

[kamailio/kamailio] tls: Create one shared context and reuse it. (PR #3972)
by Xenofon Karamanos 28 May '25

28 May '25

#### Pre-Submission Checklist    - [x] Commit message has the format required by CONTRIBUTING guide - [x] Commits are split per component (core, individual modules, libs, utils, ...) - [x] Each component has a single commit (if not, squash them into one commit) - [x] No commits to README files for modules (changes must be done to docbook files in `doc/` subfolder, the README file is autogenerated) #### Type Of Change - [ ] Small bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds new functionality) - [ ] Breaking change (fix or feature that would change existing functionality) #### Checklist:  - [ ] PR should be backported to stable branches - [x] Tested changes locally - [x] Related to issue #3823 #### Description  This PR aims to implement what was discussed in [mailing list](https://lists.kamailio.org/mailman3/hyperkitty/list/sr-dev@lists.kama… regarding some `tls.reload` and increasing memory usage. It adds a new parameter `enable_shared_ctx` in `tls` module that if set to 0, preserves the old behavior and if set to 1 (other than 0 tbh), it creates a single SSL context that is being shared. This have the effect of using way less memory when initialized as well, but also minimizes (can't say it fixes the problem) the `tls.reload` memory increase. I have also added a small markdown (comparison.md) file, where some comparisons where made between enabled/disabled shared context and with/without CA file (where the initial problem was occurring by the reporter). Feedback would be necessary to verify whether this patch, acts as expected and kamailio works as intented. You can view, comment on, or merge this pull request online at: https://github.com/kamailio/kamailio/pull/3972 -- Commit Summary -- * tls: Add parameter for shared contexts * tls: Comparison for enable_shared_ctx -- File Changes -- A comparison.md (15) M src/modules/tls/tls_domain.c (172) M src/modules/tls/tls_mod.c (11) M src/modules/tls/tls_mod.h (1) -- Patch Links -- https://github.com/kamailio/kamailio/pull/3972.patch https://github.com/kamailio/kamailio/pull/3972.diff -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/3972 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/pull/3972(a)github.com>

4 12

[kamailio/kamailio] core: local TCP socket is bound on listening address (PR #3925)
by sergey-safarov 28 May '25

28 May '25

#### Pre-Submission Checklist - [x] Commit message has the format required by CONTRIBUTING guide - [x] Commits are split per component (core, individual modules, libs, utils, ...) - [x] Each component has a single commit (if not, squash them into one commit) - [x] No commits to README files for modules (changes must be done to docbook files in `doc/` subfolder, the README file is autogenerated) #### Type Of Change - [x] Small bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds new functionality) - [ ] Breaking change (fix or feature that would change existing functionality) #### Checklist: - [x] PR should be backported to stable branches - [x] Tested changes locally - [ ] Related to issue #XXXX (replace XXXX with an open issue number) #### Description As a local IP address for TCP sending operation the Kamailio service is taking the same network_interface/IP_address, which is used by the service for TCP listening. You can view, comment on, or merge this pull request online at: https://github.com/kamailio/kamailio/pull/3925 -- Commit Summary -- * core: local TCP socket is bound on listening address -- File Changes -- M src/core/tcp_main.c (24) -- Patch Links -- https://github.com/kamailio/kamailio/pull/3925.patch https://github.com/kamailio/kamailio/pull/3925.diff -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/3925 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/pull/3925(a)github.com>

5 16

[kamailio/kamailio] ims_dialog: missing srdb1 schema definition (Issue #4100)
by Victor Seva 20 May '25

20 May '25

there's no ``kamailio-ims_dialog.xml`` at ``src/lib/srdb1/schema`` but there's a manual file created at ``utils/kamctl/mysql/ims_dialog-create.sql`` Same thing for: - ``utils/kamctl/mysql/ims_charging-create.sql`` - ``utils/kamctl/mysql/ims_usrloc_pcscf-create.sql`` - ``utils/kamctl/mysql/ims_usrloc_scscf-create.sql`` -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/4100 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/4100(a)github.com>

3 10

[kamailio/kamailio] secfilter‌: support remove rule in Whitelist and Blacklist (PR #4089)
by AsedMorteza 30 Apr '25

30 Apr '25

#### Pre-Submission Checklist    - [x] Commit message has the format required by CONTRIBUTING guide - [x] Commits are split per component (core, individual modules, libs, utils, ...) - [x] Each component has a single commit (if not, squash them into one commit) - [x] No commits to README files for modules (changes must be done to docbook files in `doc/` subfolder, the README file is autogenerated) #### Type Of Change - [ ] Small bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds new functionality) - [ ] Breaking change (fix or feature that would change existing functionality) #### Checklist:  - [ ] PR should be backported to stable branches - [x] Tested changes locally - [ ] Related to issue #XXXX (replace XXXX with an open issue number) #### Description ##### **Summary** This update introduces new functionality to the `secfilter` module, enabling the removal of entries from both the Blacklist and Whitelist. It also includes automatic detection and removal of duplicate values from these lists. ##### **Details** * Users can now remove specific entries from the Blacklist or Whitelist based on type (e.g., IP, domain, user) and a given value. * Supports removal of single or multiple matching entries in one operation. ##### **Benefits** - Improves the usability and flexibility of the `secfilter` module by allowing fine-grained control over list management. - Ensures that the Blacklist and Whitelist are kept clean and free from redundant entries. - Enhances performance by reducing unnecessary duplication in the lists. ##### Testing This feature was tested using `kmcmd` commands in various scenarios: - Removing the **first element** in the list. - Removing an element from the **middle** of the list. - Removing the **last element** in the list. - Removing **all matching elements** in the list. In all cases, the commands worked correctly, and the lists were updated and cleaned as expected. You can view, comment on, or merge this pull request online at: https://github.com/kamailio/kamailio/pull/4089 -- Commit Summary -- * secfilter‌: support remove rule in Whitelist and Blacklist -- File Changes -- M src/modules/secfilter/secfilter.c (8) M src/modules/secfilter/secfilter.h (3) M src/modules/secfilter/secfilter_db.c (106) M src/modules/secfilter/secfilter_rpc.c (95) -- Patch Links -- https://github.com/kamailio/kamailio/pull/4089.patch https://github.com/kamailio/kamailio/pull/4089.diff -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/4089 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/pull/4089(a)github.com>

6 11

[kamailio/kamailio] Allow single quotes in From name (Issue #3984)
by ThomasSevestre 28 Apr '25

28 Apr '25

### Description `secf_check_sqli_all();` block requests when a single quote is present in From name : ``` From: "O'Reilly" <sip:100@example.net>;tag=abcd ``` Since single quotes are frequent in names. It makes it difficult to use this function. ### Possible Solutions A solution would be to skip single quote check in From name. I'll write the PR if you are OK with this solution -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3984 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/3984(a)github.com>

5 10

[kamailio/kamailio] Error when sending NOTIFYs in the presence of disconnected websocket watchers (Issue #4118)
by Flavio Grossi 20 Apr '25

20 Apr '25

### Description if multiple sip websocket clients are subscribed to some UA and one of the watchers suddenly disappears (e.g. the web page is reloaded), then no NOTIFY is ever sent after issuing a `pres_refresh_watchers()`. The following error is logged: ``` WARNING: <core> [core/msg_translator.c:3007]: via_builder(): TCP/TLS connection (id: 0) for WebSocket could not be found ERROR: tm [t_msgbuilder.c:1423]: assemble_via(): via building failed ERROR: tm [t_msgbuilder.c:1614]: build_uac_req(): error while assembling Via ERROR: tm [uac.c:552]: t_uac_prepare(): Error while building message ERROR: presence [notify.c:1734]: send_notify_request(): in function tm t_request_within() ERROR: presence [notify.c:1829]: notify(): sending Notify not successful ERROR: presence [notify.c:1585]: query_db_notify(): Could not send notify for [event]=dialog ERROR: presence [presence.c:739]: pres_refresh_watchers(): sending Notify requests ``` ### Troubleshooting when the client disconnects, the old watcher is not removed from the active_watchers table, instead it coexists with the new one, but the stale connection causes the error above when sending the notify, and then all of the following watchers (even the valid ones) are skipped too. Looking at the logs, the valid watchers are not notified because the while loop [here](https://github.com/kamailio/kamailio/blob/b96bc11a54f11ec688429c057bf… is skipped because of the `goto done` line in case of errors, which happens because it fails to build the via header for the message relevant to the stale websocket connection. By breaking out of the while loop, the remaining subs in the `subs_array` are skipped. #### Reproduction Just subscribe to a sip client using a websocket-based phone, then abruptly disconnect it (e.g. by reloading the web page) and then issue a `pres_refresh_watchers()` to make it generate a notify. #### Debugging Data #### Log Messages #### SIP Traffic ### Possible Solutions I tried to use the "websocket:closed" route to purge stale connections, but to my knowledge there are no APIs to clean invalid watchers. A possible solution could be to automatically remove the watchers on disconnection and maybe skip the invalid ones without exiting from the refresh loop ### Additional Information kamailio 5.8.2 * **Operating System**: Rocky Linux 9 -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/4118 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/4118(a)github.com>

4 5

[kamailio/kamailio] fr_timer documentation mistake (Issue #3939)
by Dmitry Sinina 20 Apr '25

20 Apr '25

Documentation https://www.kamailio.org/docs/modules/devel/modules/tm.html#tm.p.fr_timer says: >Timer which hits if no **final reply** for a request or ACK for a negative INVITE reply arrives (in milliseconds). Looks like it is not correct description - fr_timer value works until 1xx(not **final**) response received and then timer restarted with fr_inv_timer value there: https://github.com/kamailio/kamailio/blob/master/src/modules/tm/t_reply.c#L… Looks like old doc from sip router https://sip-router.org/wiki/ref_manual/timers explains it correctly: > fr_timer This timer is used for all SIP requests. It hits if no reply for an INVITE request or other request has been received (F in milliseconds). If a provisional reply is received for an INVITE (any 1xx), then the fr_inv_timer will be used instead. And if no replies (at all) for an INVITE are received before `fr_timer` hits, the transaction is terminated with a 408 in failure route. -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3939 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/3939(a)github.com>

3 10

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev January 2025