### Introduction
First, I apologize for the lack of detail here. I am unable to get a core dump and as a production box, I was unable to run in debug mode.
### Description
Using Kamailio 5.8.4 on Debian 12, every 60-80 minutes, the software would crash, blaming tls_wolfssl, such as:
```
2024-12-16T14:58:27.554497+00:00 ip-172-16-0-52 /usr/local/sbin/kamailio[9084]: CRITICAL: <core> [core/mem/q_malloc.c:535]: qm_free(): BUG: bad pointer 0x1 (out of memory block!) called from tls_wolfssl: tls_init.c: ser_free(240) - ignoring
2024-12-16T14:58:27.554555+00:00 ip-172-16-0-52 /usr/local/sbin/kamailio[9084]: CRITICAL: <core> [core/mem/q_malloc.c:126]: qm_debug_check_frag(): BUG: qm: fragm. 0x7f3440ba7560 (address 0x7f3440ba75a0) beginning overwritten (23)! Memory allocator was called from tls_wolfssl: tls_init.c:240. Fragment marked by :29. Exec from core/mem/q_malloc.c:546.
2024-12-16T14:58:27.616558+00:00 ip-172-16-0-52 /usr/local/sbin/kamailio[9089]: CRITICAL: <core> [core/pass_fd.c:281]: receive_fd(): EOF on 103
2024-12-16T14:58:27.617684+00:00 ip-172-16-0-52 /usr/local/sbin/kamailio[8992]: ALERT: <core> [main.c:805]: handle_sigs(): child process 9084 exited by a signal 6
2024-12-16T14:58:27.618339+00:00 ip-172-16-0-52 /usr/local/sbin/kamailio[8992]: ALERT: <core> [main.c:809]: handle_sigs(): core was not generated
2024-12-16T14:58:27.618477+00:00 ip-172-16-0-52 /usr/local/sbin/kamailio[8992]: INFO: <core> [main.c:832]: handle_sigs(): terminating due to SIGCHLD
2024-12-16T14:58:27.618589+00:00 ip-172-16-0-52 /usr/local/sbin/kamailio[9088]: INFO: <core> [main.c:888]: sig_usr(): signal 15 received
```
```
2024-12-16T14:57:52.029277+00:00 ip-172-16-0-73 /usr/local/sbin/kamailio[21605]: CRITICAL: <core> [core/mem/q_malloc.c:535]: qm_free(): BUG: bad pointer 0x1 (out of memory block!) called from tls_wolfssl: tls_init.c: ser_free(240) - ignoring
2024-12-16T14:57:52.029347+00:00 ip-172-16-0-73 /usr/local/sbin/kamailio[21605]: CRITICAL: <core> [core/mem/q_malloc.c:126]: qm_debug_check_frag(): BUG: qm: fragm. 0x7f085996b500 (address 0x7f085996b540) beginning overwritten (0)! Memory allocator was called from tls_wolfssl: tls_init.c:240. Fragment marked by (null):0. Exec from core/mem/q_malloc.c:546.
2024-12-16T14:57:52.048597+00:00 ip-172-16-0-73 /usr/local/sbin/kamailio[21611]: CRITICAL: <core> [core/pass_fd.c:281]: receive_fd(): EOF on 101
2024-12-16T14:57:52.048921+00:00 ip-172-16-0-73 /usr/local/sbin/kamailio[21512]: ALERT: <core> [main.c:805]: handle_sigs(): child process 21605 exited by a signal 6
2024-12-16T14:57:52.048953+00:00 ip-172-16-0-73 /usr/local/sbin/kamailio[21512]: ALERT: <core> [main.c:809]: handle_sigs(): core was not generated
2024-12-16T14:57:52.048975+00:00 ip-172-16-0-73 /usr/local/sbin/kamailio[21512]: INFO: <core> [main.c:832]: handle_sigs(): terminating due to SIGCHLD
2024-12-16T14:57:52.048997+00:00 ip-172-16-0-73 /usr/local/sbin/kamailio[21609]: INFO: <core> [main.c:888]: sig_usr(): signal 15 received
```
```
2024-12-16T16:21:35.967576+00:00 ip-172-16-0-52 /usr/local/sbin/kamailio[10591]: CRITICAL: <core> [core/mem/q_malloc.c:126]: qm_debug_check_frag(): BUG: qm: fragm. 0x7f442778d110 (address 0x7f442778d150) beginning overwritten (0)! Memory allocator was called from tls_wolfssl: tls_init.c:240. Fragment marked by (null):0. Exec from core/mem/q_malloc.c:546.
```
```
2024-12-16T13:31:55.995222+00:00 ip-172-16-0-52 /usr/local/sbin/kamailio[7602]: CRITICAL: <core> [core/mem/q_malloc.c:555]: qm_free(): BUG: freeing already freed pointer (0x7f8e55830a70), called from tls_wolfssl: tls_init.c: ser_free(240), first free tls_wolfssl: tls_init.c: ser_malloc(228) - ignoring
2024-12-16T13:32:40.093954+00:00 ip-172-16-0-52 /usr/local/sbin/kamailio[7603]: CRITICAL: <core> [core/mem/q_malloc.c:535]: qm_free(): BUG: bad pointer 0x7a100000000 (out of memory block!) called from tls_wolfssl: tls_init.c: ser_free(240) - ignoring
2024-12-16T13:32:40.094047+00:00 ip-172-16-0-52 /usr/local/sbin/kamailio[7603]: CRITICAL: <core> [core/mem/q_malloc.c:126]: qm_debug_check_frag(): BUG: qm: fragm. 0x7f8e55762720 (address 0x7f8e55762760) beginning overwritten (0)! Memory allocator was called from tls_wolfssl: tls_init.c:240. Fragment marked by (null):0. Exec from core/mem/q_malloc.c:546.
2024-12-16T13:32:40.260913+00:00 ip-172-16-0-52 /usr/local/sbin/kamailio[7504]: CRITICAL: <core> [core/mem/q_malloc.c:555]: qm_free(): BUG: freeing already freed pointer (0x7f8e55761a70), called from core: core/tcp_main.c: _tcpconn_free(1666), first free tls_wolfssl: tls_init.c: ser_free(240) - ignoring
2024-12-16T13:32:40.263520+00:00 ip-172-16-0-52 /usr/local/sbin/kamailio[7504]: CRITICAL: <core> [core/mem/q_malloc.c:126]: qm_debug_check_frag(): BUG: qm: fragm. 0x7f8e55762720 (address 0x7f8e55762760) beginning overwritten (0)! Memory allocator was called from tls_wolfssl: tls_init.c:240. Fragment marked by (null):0. Exec from core/mem/q_malloc.c:546.
```
The system was handling ~900 TLS registrations with ~2700 presence SUBSCRIBE events.
**Running the same config with `tls.so` does not result in crash.**
### Additional Information
* **Kamailio Version** - 5.8.4
```
version: kamailio 5.8.4 (x86_64/linux) 598105-dirty
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_SEND_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: 598105 -dirty
compiled on 04:31:34 Dec 16 2024 with gcc 12.2.0
```
* **Operating System**:
```
Distributor ID: Debian
Description: Debian GNU/Linux 12 (bookworm)
Release: 12
Codename: bookworm
Linux ip-172-16-0-52 6.1.0-28-cloud-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.119-1 (2024-11-22) x86_64 GNU/Linux
```
* TCP Settings
```
children=16
disable_tcp=no
tcp_connection_lifetime=3605
tcp_accept_no_cl=yes
tcp_max_connections=8192
tcp_defer_accept=yes
tcp_accept_unique=0
tcp_connection_lifetime=3605
tcp_connection_match=1
tcp_connect_timeout=10
tcp_crlf_ping=yes
tcp_linger2=1
tcp_keepalive=yes
tcp_reuse_port=yes
tcp_keepidle=20
tcp_keepintvl=15
tcp_rd_buf_size=65536
tcp_msg_data_timeout=40
tcp_msg_read_timeout=40
tcp_check_timer=20
tls_threads_mode=2
tls_max_connections=8192
```
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/4074
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/4074(a)github.com>
### Description
I encountered an issue with a specific device that is receiving a T.38 fax. The call gets established towards the device normally with inband media, then the device requests T.38 media and tries to remove the audio media via sending port 0 in the ReInvite SDP. Also it sends connection-information only on the media level and there is no "c=" on the session level.
Reading through the related RFCs and the kamailio code and discussing this on the mailing list, we came to the conclusion that kamailio is doing everything correct as per RFC. Though we were wondering if it would be possible to adjust the parser to be not as strict as it is right now, and allow a missing "c=" line on the media-level if the stream is removed/rejected via port 0, since i see no sense in requiring connection information. Of course we are also in contact with the vendor to hopefully adjust on their side.
Here are the related RFCs:
1. RFC8866 5.7
`A session description MUST contain either at least one "c=" line in each media description or a single "c=" line at the session level. It MAY contain a single session-level "c=" line and additional media-level "c=" line(s) per-media-description, in which case the media-level values override the session-level settings for the respective media.`
2. RFC3264 8.2
`Existing media streams are removed by creating a new SDP with the port number for that stream set to zero. The stream description MAY omit all attributes present previously, and MAY list just a single media format.`
At first i was especially confused by the RFC3264 8.2 part, since it seemed correct what the device is sending, but if you read carefully and keep the wording for SDP in mind only attributes ("a=") MAY be omitted. So a "c=" line should still be in the SDP for the removed media if it's not included on the session-level. Or do you see this differently?
### Expected behavior
Kamailio allows and parses the SDP when there is no session-wide "c=", a media stream is being removed via port zero and there is no "c=" for this media stream and only the remaining media streams include a "c=" line.
#### Actual observed behavior
Kamailio throws an error when trying to parse the SDP.
#### Log Messages
```
<core> [core/parser/sdp/sdp.c:523]: parse_sdp_session(): can't find media IP in the message
```
#### SIP Traffic
```
v=0
o=xmserver 1726638425 1726638427 IN IP4 169.254.1.1
s=xmserver
t=0 0
m=audio 0 RTP/AVP 8
m=image 56002 udptl t38
c=IN IP4 169.254.1.1
a=sendrecv
a=T38FaxVersion:0
a=T38MaxBitRate:14400
a=T38FaxFillBitRemoval:0
a=T38FaxTranscodingMMR:0
a=T38FaxTranscodingJBIG:0
a=T38FaxRateManagement:transferredTCF
a=T38FaxMaxBuffer:200
a=T38FaxMaxDatagram:72
a=T38FaxUdpEC:t38UDPRedundancy
```
### Possible Solutions
### Additional Information
* **Kamailio Version** - output of `kamailio -v`
```
version: kamailio 5.8.3 (x86_64/linux)
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_SEND_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: unknown
compiled with gcc 12.2.0
```
* **Operating System**:
```
Debian 12
Linux hostname 6.1.0-20-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.85-1 (2024-04-11) x86_64 GNU/Linux
```
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3982
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3982(a)github.com>
### Description
In some situations the other side UA must reply with an inactive media stream. E.g. if video was added but not supported by the other side. The UAS then must answer with an m=video 0 RTP/.. line.
It seams that the video section must contain a c= line with an IP address for rtpengine to function. If there is no c line (no IP address) the SDP body cannot be parsed and thus no RTP proxy is invoked.
### Troubleshooting
Not easy to reproduce since the answer must bei "wrong". Is it correct to reply an SDP body (media = video) like this?
```
m=video 0 RTP/AVPF 96
a=label:1
a=inactive
a=mid:1
```
Maybe not (but Audiocodes SBC lates LTS version does it) - so we are dependent on other side now that this service works.
#### Reproduction
reInvite with Video to a UA that has no video Support (e.g. Bria -> Snom). Drop the c line in the video part with some textops in 200 OK (just to reproduce of course).
A -> B, connect the call
A -> + video, B has no video support
A presses hold
#### Log Messages
Incoming 200 OK after doing hold with an inactive video:
```
v=0
o=root 436040161 309284577 IN IP4 1.2.3.5
s=call
t=0 0
m=audio 14200 RTP/AVPF 9 8 126
c=IN IP4 1.2.3.5
a=ptime:20
a=recvonly
a=mid:0
a=rtpmap:9 G722/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:126 telephone-event/8000
a=fmtp:126 0-15
m=video 0 RTP/AVPF 96
a=label:1
a=inactive
a=mid:1
Mar 27 17:52:22 c5p05es2-1 /usr/sbin/kamailio[2938205]: ERROR: <core> [core/parser/sdp/sdp.c:490]: parse_sdp_session(): can't find media IP in the message
Mar 27 17:52:22 c5p05es2-1 /usr/sbin/kamailio[2938205]: INFO: <script>: >>> Sending Reply: 200 OK (1.2.3.4:443 -> 100.108.48.38:65251)
```
Compare to working SDP parsing:
```
a=rtpmap:9 G722/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:126 telephone-event/8000
a=fmtp:126 0-15
m=video 0 RTP/AVP 96
c=IN IP4 1.2.3.5
a=inactive
a=mid:1
Mar 27 18:00:17 c5p05es2-1 /usr/sbin/kamailio[2942881]: INFO: <script>: ONREPLY_ROUTE[FORWARD]
Mar 27 18:00:17 c5p05es2-1 /usr/sbin/kamailio[2942881]: INFO: <script>: ROUTE[RTPP_REPLY]
Mar 27 18:00:17 c5p05es2-1 /usr/sbin/kamailio[2942881]: INFO: <script>: > 200 with video
Mar 27 18:00:17 c5p05es2-1 /usr/sbin/kamailio[2942881]: INFO: <script>: > 200 with inactive video
Mar 27 18:00:17 c5p05es2-1 /usr/sbin/kamailio[2942881]: INFO: <script>: > Remove inactive video
Mar 27 18:00:17 c5p05es2-1 /usr/sbin/kamailio[2942881]: INFO: <script>: > Answer to WebRTC client: 200 - qijpuibkv6ufhnd282ks
Mar 27 18:00:17 c5p05es2-1 /usr/sbin/kamailio[2942881]: INFO: <script>: >>> Sending Reply: 200 OK (91.237.65.14:443 -> 80.108.48.38:65388)
```
### Possible Solutions
Tried to fix in script:
```
if(sdp_with_media("video")) xlog("L_INFO", "> $rs with video");
if(sdp_with_active_media("video")) xlog("L_INFO", "> $rs with active video");
if(!sdp_with_active_media("video")) xlog("L_INFO", "> $rs with inactive video");
if(sdp_with_media("video") && !sdp_with_active_media("video")) {
# try fix for RMT#60189
xlog("L_INFO", "> Remove inactive video");
sdp_remove_media("video");
msg_apply_changes(); # needed?
}
```
But since sdpops cannot parse it cannot remove the buggy media, too. See the log: non of the xlog is logging.
If there is inactive media the c line is not mandatory. The parser should accept this by adding a default IP of 0.0.0.0, if needed
Doing tricks with textops is not a easy nor performant solution to accept this wrong SDP from other parties.
### Additional Information
```
version: kamailio 5.6.4 (x86_64/linux)
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: unknown
compiled with gcc 10.2.1
```
* **Operating System**:
Debian Bullseye
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3406
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3406(a)github.com>
<!-- Kamailio Pull Request Template -->
<!--
IMPORTANT:
- for detailed contributing guidelines, read:
https://github.com/kamailio/kamailio/blob/master/.github/CONTRIBUTING.md
- pull requests must be done to master branch, unless they are backports
of fixes from master branch to a stable branch
- backports to stable branches must be done with 'git cherry-pick -x ...'
- code is contributed under BSD for core and main components (tm, sl, auth, tls)
- code is contributed GPLv2 or a compatible license for the other components
- GPL code is contributed with OpenSSL licensing exception
-->
#### Pre-Submission Checklist
<!-- Go over all points below, and after creating the PR, tick all the checkboxes that apply -->
<!-- All points should be verified, otherwise, read the CONTRIBUTING guidelines from above-->
<!-- If you're unsure about any of these, don't hesitate to ask on sr-dev mailing list -->
- [x] Commit message has the format required by CONTRIBUTING guide
- [x] Commits are split per component (core, individual modules, libs, utils, ...)
- [x] Each component has a single commit (if not, squash them into one commit)
- [x] No commits to README files for modules (changes must be done to docbook files
in `doc/` subfolder, the README file is autogenerated)
#### Type Of Change
- [ ] Small bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds new functionality)
- [ ] Breaking change (fix or feature that would change existing functionality)
#### Checklist:
<!-- Go over all points below, and after creating the PR, tick the checkboxes that apply -->
- [ ] PR should be backported to stable branches
- [x] Tested changes locally
- [x] Related to issue #3823
#### Description
<!-- Describe your changes in detail -->
This PR aims to implement what was discussed in [mailing list](https://lists.kamailio.org/mailman3/hyperkitty/list/sr-dev@lists.kama… regarding some `tls.reload` and increasing memory usage.
It adds a new parameter `enable_shared_ctx` in `tls` module that if set to 0, preserves the old behavior and if set to 1 (other than 0 tbh), it creates a single SSL context that is being shared. This have the effect of using way less memory when initialized as well, but also minimizes (can't say it fixes the problem) the `tls.reload` memory increase.
I have also added a small markdown (comparison.md) file, where some comparisons where made between enabled/disabled shared context and with/without CA file (where the initial problem was occurring by the reporter).
Feedback would be necessary to verify whether this patch, acts as expected and kamailio works as intented.
You can view, comment on, or merge this pull request online at:
https://github.com/kamailio/kamailio/pull/3972
-- Commit Summary --
* tls: Add parameter for shared contexts
* tls: Comparison for enable_shared_ctx
-- File Changes --
A comparison.md (15)
M src/modules/tls/tls_domain.c (172)
M src/modules/tls/tls_mod.c (11)
M src/modules/tls/tls_mod.h (1)
-- Patch Links --
https://github.com/kamailio/kamailio/pull/3972.patchhttps://github.com/kamailio/kamailio/pull/3972.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/3972
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/pull/3972(a)github.com>
#### Pre-Submission Checklist
- [x] Commit message has the format required by CONTRIBUTING guide
- [x] Commits are split per component (core, individual modules, libs, utils, ...)
- [x] Each component has a single commit (if not, squash them into one commit)
- [x] No commits to README files for modules (changes must be done to docbook files
in `doc/` subfolder, the README file is autogenerated)
#### Type Of Change
- [x] Small bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds new functionality)
- [ ] Breaking change (fix or feature that would change existing functionality)
#### Checklist:
- [x] PR should be backported to stable branches
- [x] Tested changes locally
- [ ] Related to issue #XXXX (replace XXXX with an open issue number)
#### Description
As a local IP address for TCP sending operation the Kamailio service is taking the same network_interface/IP_address, which is used by the service for TCP listening.
You can view, comment on, or merge this pull request online at:
https://github.com/kamailio/kamailio/pull/3925
-- Commit Summary --
* core: local TCP socket is bound on listening address
-- File Changes --
M src/core/tcp_main.c (24)
-- Patch Links --
https://github.com/kamailio/kamailio/pull/3925.patchhttps://github.com/kamailio/kamailio/pull/3925.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/3925
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/pull/3925(a)github.com>
there's no ``kamailio-ims_dialog.xml`` at ``src/lib/srdb1/schema`` but there's a manual file created at ``utils/kamctl/mysql/ims_dialog-create.sql``
Same thing for:
- ``utils/kamctl/mysql/ims_charging-create.sql``
- ``utils/kamctl/mysql/ims_usrloc_pcscf-create.sql``
- ``utils/kamctl/mysql/ims_usrloc_scscf-create.sql``
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/4100
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/4100(a)github.com>
<!-- Kamailio Pull Request Template -->
<!--
IMPORTANT:
- for detailed contributing guidelines, read:
https://github.com/kamailio/kamailio/blob/master/.github/CONTRIBUTING.md
- pull requests must be done to master branch, unless they are backports
of fixes from master branch to a stable branch
- backports to stable branches must be done with 'git cherry-pick -x ...'
- code is contributed under BSD for core and main components (tm, sl, auth, tls)
- code is contributed GPLv2 or a compatible license for the other components
- GPL code is contributed with OpenSSL licensing exception
-->
#### Pre-Submission Checklist
<!-- Go over all points below, and after creating the PR, tick all the checkboxes that apply -->
<!-- All points should be verified, otherwise, read the CONTRIBUTING guidelines from above-->
<!-- If you're unsure about any of these, don't hesitate to ask on sr-dev mailing list -->
- [x] Commit message has the format required by CONTRIBUTING guide
- [x] Commits are split per component (core, individual modules, libs, utils, ...)
- [x] Each component has a single commit (if not, squash them into one commit)
- [x] No commits to README files for modules (changes must be done to docbook files
in `doc/` subfolder, the README file is autogenerated)
#### Type Of Change
- [ ] Small bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds new functionality)
- [ ] Breaking change (fix or feature that would change existing functionality)
#### Checklist:
<!-- Go over all points below, and after creating the PR, tick the checkboxes that apply -->
- [ ] PR should be backported to stable branches
- [x] Tested changes locally
- [ ] Related to issue #XXXX (replace XXXX with an open issue number)
#### Description
##### **Summary**
This update introduces new functionality to the `secfilter` module, enabling the removal of entries from both the Blacklist and Whitelist. It also includes automatic detection and removal of duplicate values from these lists.
##### **Details**
* Users can now remove specific entries from the Blacklist or Whitelist based on type (e.g., IP, domain, user) and a given value.
* Supports removal of single or multiple matching entries in one operation.
##### **Benefits**
- Improves the usability and flexibility of the `secfilter` module by allowing fine-grained control over list management.
- Ensures that the Blacklist and Whitelist are kept clean and free from redundant entries.
- Enhances performance by reducing unnecessary duplication in the lists.
##### Testing
This feature was tested using `kmcmd` commands in various scenarios:
- Removing the **first element** in the list.
- Removing an element from the **middle** of the list.
- Removing the **last element** in the list.
- Removing **all matching elements** in the list.
In all cases, the commands worked correctly, and the lists were updated and cleaned as expected.
You can view, comment on, or merge this pull request online at:
https://github.com/kamailio/kamailio/pull/4089
-- Commit Summary --
* secfilter: support remove rule in Whitelist and Blacklist
-- File Changes --
M src/modules/secfilter/secfilter.c (8)
M src/modules/secfilter/secfilter.h (3)
M src/modules/secfilter/secfilter_db.c (106)
M src/modules/secfilter/secfilter_rpc.c (95)
-- Patch Links --
https://github.com/kamailio/kamailio/pull/4089.patchhttps://github.com/kamailio/kamailio/pull/4089.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/4089
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/pull/4089(a)github.com>
### Description
`secf_check_sqli_all();` block requests when a single quote is present in From name :
```
From: "O'Reilly" <sip:100@example.net>;tag=abcd
```
Since single quotes are frequent in names.
It makes it difficult to use this function.
### Possible Solutions
A solution would be to skip single quote check in From name.
I'll write the PR if you are OK with this solution
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3984
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3984(a)github.com>
### Description
if multiple sip websocket clients are subscribed to some UA and one of the watchers suddenly disappears (e.g. the web page is reloaded), then no NOTIFY is ever sent after issuing a `pres_refresh_watchers()`.
The following error is logged:
```
WARNING: <core> [core/msg_translator.c:3007]: via_builder(): TCP/TLS connection (id: 0) for WebSocket could not be found
ERROR: tm [t_msgbuilder.c:1423]: assemble_via(): via building failed
ERROR: tm [t_msgbuilder.c:1614]: build_uac_req(): error while assembling Via
ERROR: tm [uac.c:552]: t_uac_prepare(): Error while building message
ERROR: presence [notify.c:1734]: send_notify_request(): in function tm t_request_within()
ERROR: presence [notify.c:1829]: notify(): sending Notify not successful
ERROR: presence [notify.c:1585]: query_db_notify(): Could not send notify for [event]=dialog
ERROR: presence [presence.c:739]: pres_refresh_watchers(): sending Notify requests
```
### Troubleshooting
when the client disconnects, the old watcher is not removed from the active_watchers table, instead it coexists with the new one, but the stale connection causes the error above when sending the notify, and then all of the following watchers (even the valid ones) are skipped too.
Looking at the logs, the valid watchers are not notified because the while loop [here](https://github.com/kamailio/kamailio/blob/b96bc11a54f11ec688429c057bf… is skipped because of the `goto done` line in case of errors, which happens because it fails to build the via header for the message relevant to the stale websocket connection.
By breaking out of the while loop, the remaining subs in the `subs_array` are skipped.
#### Reproduction
Just subscribe to a sip client using a websocket-based phone, then abruptly disconnect it (e.g. by reloading the web page) and then issue a `pres_refresh_watchers()` to make it generate a notify.
#### Debugging Data
#### Log Messages
#### SIP Traffic
### Possible Solutions
I tried to use the "websocket:closed" route to purge stale connections, but to my knowledge there are no APIs to clean invalid watchers.
A possible solution could be to automatically remove the watchers on disconnection and maybe skip the invalid ones without exiting from the refresh loop
### Additional Information
kamailio 5.8.2
* **Operating System**:
Rocky Linux 9
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/4118
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/4118(a)github.com>
Documentation https://www.kamailio.org/docs/modules/devel/modules/tm.html#tm.p.fr_timer says:
>Timer which hits if no **final reply** for a request or ACK for a negative INVITE reply arrives (in milliseconds).
Looks like it is not correct description - fr_timer value works until 1xx(not **final**) response received and then timer restarted with fr_inv_timer value there:
https://github.com/kamailio/kamailio/blob/master/src/modules/tm/t_reply.c#L…
Looks like old doc from sip router https://sip-router.org/wiki/ref_manual/timers explains it correctly:
> fr_timer
This timer is used for all SIP requests. It hits if no reply for an INVITE request or other request has been received (F in milliseconds). If a provisional reply is received for an INVITE (any 1xx), then the fr_inv_timer will be used instead. And if no replies (at all) for an INVITE are received before `fr_timer` hits, the transaction is terminated with a 408 in failure route.
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3939
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3939(a)github.com>