- sr-dev - kamailio.org

git:master:8b2573c1: OpenSSL integration: manage curl_global_init(...) used by modules
by S-P Chan 26 Feb '24

26 Feb '24

Module: kamailio Branch: master Commit: 8b2573c1f7c5e4bed24f8c5ca09817f613641a03 URL: https://github.com/kamailio/kamailio/commit/8b2573c1f7c5e4bed24f8c5ca09817f… Author: S-P Chan <shihping.chan(a)gmail.com> Committer: S-P Chan <shihping.chan(a)gmail.com> Date: 2024-02-26T10:40:19+08:00 OpenSSL integration: manage curl_global_init(...) used by modules - http_client, http_async_client, xcap_client use libcurl - call curl_global_init in a thread executor as it invokes OpenSSL functions on Debian 12 - clang-format --- Modified: src/core/rthreads.h Modified: src/modules/http_async_client/http_multi.c Modified: src/modules/http_client/http_client.c Modified: src/modules/xcap_client/xcap_client.c --- Diff: https://github.com/kamailio/kamailio/commit/8b2573c1f7c5e4bed24f8c5ca09817f… Patch: https://github.com/kamailio/kamailio/commit/8b2573c1f7c5e4bed24f8c5ca09817f…

2 1

git:5.7:ed9d7bc5: OpenSSL integration: manage curl_global_init(...) used by modules
by S-P Chan 26 Feb '24

26 Feb '24

Module: kamailio Branch: 5.7 Commit: ed9d7bc58b1896652f2526daa524531a0945b7b3 URL: https://github.com/kamailio/kamailio/commit/ed9d7bc58b1896652f2526daa524531… Author: S-P Chan <shihping.chan(a)gmail.com> Committer: S-P Chan <shihping.chan(a)gmail.com> Date: 2024-02-26T10:45:02+08:00 OpenSSL integration: manage curl_global_init(...) used by modules - http_client, http_async_client, xcap_client use libcurl - call curl_global_init in a thread executor as it invokes OpenSSL functions on Debian 12 - clang-format Cherry-pick from ac4f1be039 --- Modified: src/core/rthreads.h Modified: src/modules/http_async_client/http_multi.c Modified: src/modules/http_client/http_client.c Modified: src/modules/xcap_client/xcap_client.c --- Diff: https://github.com/kamailio/kamailio/commit/ed9d7bc58b1896652f2526daa524531… Patch: https://github.com/kamailio/kamailio/commit/ed9d7bc58b1896652f2526daa524531… --- diff --git a/src/core/rthreads.h b/src/core/rthreads.h index e96f45c9395..0f4f0cf8b8a 100644 --- a/src/core/rthreads.h +++ b/src/core/rthreads.h @@ -254,3 +254,41 @@ static int run_thread4P5I2P2(_thread_proto4P5I2P2 fn, void *arg1, void *arg2, #endif } #endif + +/* + * prototype: CURLcode curl_global_init(long flags) { ... } + */ +#ifdef KSR_RTHREAD_NEED_4L +typedef int (*_thread_proto4L)(long); +struct _thread_args4L +{ + _thread_proto4L fn; + long arg1; + int *ret; +}; +static void *run_thread_wrap4L(struct _thread_args4L *args) +{ + *args->ret = (*args->fn)(args->arg1); + return NULL; +} + +static int run_thread4L(_thread_proto4L fn, long arg1) +{ +#ifdef USE_TLS + pthread_t tid; + int ret; + + if(likely(ksr_tls_threads_mode == 0 + || (ksr_tls_threads_mode == 1 && process_no > 0))) { + return fn(arg1); + } + pthread_create(&tid, NULL, (_thread_proto)run_thread_wrap4L, + &(struct _thread_args4L){fn, arg1, &ret}); + pthread_join(tid, NULL); + + return ret; +#else + return fn(arg1) +#endif +} +#endif diff --git a/src/modules/http_async_client/http_multi.c b/src/modules/http_async_client/http_multi.c index a57aba9c951..a0ee1c877cf 100644 --- a/src/modules/http_async_client/http_multi.c +++ b/src/modules/http_async_client/http_multi.c @@ -32,6 +32,9 @@ #include "../../core/mem/mem.h" #include "../../core/ut.h" #include "../../core/hashes.h" +#define KSR_RTHREAD_NEED_4L +#define KSR_RTHREAD_SKIP_P +#include "../../core/rthreads.h" #include "http_multi.h" extern int hash_size; @@ -389,7 +392,8 @@ void set_curl_mem_callbacks(void) break; case 1: LM_DBG("Initilizing cURL with sys malloc\n"); - rc = curl_global_init(CURL_GLOBAL_ALL); + rc = run_thread4L( + (_thread_proto4L)curl_global_init, CURL_GLOBAL_ALL); if(rc != 0) { LM_ERR("Cannot initialize cURL: %d\n", rc); } diff --git a/src/modules/http_client/http_client.c b/src/modules/http_client/http_client.c index 430933e23d2..3cf662820f5 100644 --- a/src/modules/http_client/http_client.c +++ b/src/modules/http_client/http_client.c @@ -64,6 +64,9 @@ #include "../../core/lvalue.h" #include "../../core/pt.h" /* Process table */ #include "../../core/kemi.h" +#define KSR_RTHREAD_NEED_4L +#define KSR_RTHREAD_SKIP_P +#include "../../core/rthreads.h" #include "functions.h" #include "curlcon.h" @@ -278,7 +281,7 @@ static int mod_init(void) LM_DBG("init curl module\n"); /* Initialize curl */ - if(curl_global_init(CURL_GLOBAL_ALL)) { + if(run_thread4L((_thread_proto4L)&curl_global_init, CURL_GLOBAL_ALL)) { LM_ERR("curl_global_init failed\n"); return -1; } diff --git a/src/modules/xcap_client/xcap_client.c b/src/modules/xcap_client/xcap_client.c index ac77228bfde..4de2d367b63 100644 --- a/src/modules/xcap_client/xcap_client.c +++ b/src/modules/xcap_client/xcap_client.c @@ -41,6 +41,9 @@ #include "../../core/mem/shm_mem.h" #include "../../core/rpc.h" #include "../../core/rpc_lookup.h" +#define KSR_RTHREAD_NEED_4L +#define KSR_RTHREAD_SKIP_P +#include "../../core/rthreads.h" #include "../presence/utils_func.h" #include "xcap_functions.h" #include "xcap_client.h" @@ -140,7 +143,7 @@ static int mod_init(void) xcap_dbf.close(xcap_db); xcap_db = NULL; - curl_global_init(CURL_GLOBAL_ALL); + run_thread4L((_thread_proto4L)curl_global_init, CURL_GLOBAL_ALL); if(periodical_query) { register_timer(query_xcap_update, 0, query_period);

1 0

git:5.8:ac4f1be0: OpenSSL integration: manage curl_global_init(...) used by modules
by S-P Chan 26 Feb '24

26 Feb '24

Module: kamailio Branch: 5.8 Commit: ac4f1be039809d68483fe39e94b0803da1661a48 URL: https://github.com/kamailio/kamailio/commit/ac4f1be039809d68483fe39e94b0803… Author: S-P Chan <shihping.chan(a)gmail.com> Committer: S-P Chan <shihping.chan(a)gmail.com> Date: 2024-02-26T10:36:36+08:00 OpenSSL integration: manage curl_global_init(...) used by modules - http_client, http_async_client, xcap_client use libcurl - call curl_global_init in a thread executor as it invokes OpenSSL functions on Debian 12 - clang-format --- Modified: src/core/rthreads.h Modified: src/modules/http_async_client/http_multi.c Modified: src/modules/http_client/http_client.c Modified: src/modules/xcap_client/xcap_client.c --- Diff: https://github.com/kamailio/kamailio/commit/ac4f1be039809d68483fe39e94b0803… Patch: https://github.com/kamailio/kamailio/commit/ac4f1be039809d68483fe39e94b0803…

1 0

git:master:191efd64: tls: fix OpenSSL 1.1.1 compatibility
by S-P Chan 25 Feb '24

25 Feb '24

Module: kamailio Branch: master Commit: 191efd6485989de64713d0644368c2f58d984f5e URL: https://github.com/kamailio/kamailio/commit/191efd6485989de64713d0644368c2f… Author: S-P Chan <shihping.chan(a)gmail.com> Committer: S-P Chan <shihping.chan(a)gmail.com> Date: 2024-02-25T20:43:55+08:00 tls: fix OpenSSL 1.1.1 compatibility --- Modified: src/modules/tls/tls_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/191efd6485989de64713d0644368c2f… Patch: https://github.com/kamailio/kamailio/commit/191efd6485989de64713d0644368c2f… --- diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c index 136f0e2deb2..550a1bcc2b5 100644 --- a/src/modules/tls/tls_mod.c +++ b/src/modules/tls/tls_mod.c @@ -688,6 +688,14 @@ int mod_register(char *path, int *dlflags, void *p1, void *p2) * GH #3695: OpenSSL 1.1.1 historical note: it is no longer * needed to replace RAND with cryptorand */ +#if OPENSSL_VERSION_NUMBER >= 0x10100000L \ + && OPENSSL_VERSION_NUMBER < 0x030000000L + if(ksr_tls_threads_mode == 0) { + LM_WARN("OpenSSL 1.1.1 setting cryptorand random engine\n"); + RAND_set_rand_method(RAND_ksr_cryptorand_method()); + } +#endif + sr_kemi_modules_add(sr_kemi_tls_exports); return 0;

1 0

git:5.8:b98718c2: tls: fix OpenSSL 1.1.1 compatibility
by S-P Chan 25 Feb '24

25 Feb '24

Module: kamailio Branch: 5.8 Commit: b98718c28f72b1372a62b17174b43c403fa6b729 URL: https://github.com/kamailio/kamailio/commit/b98718c28f72b1372a62b17174b43c4… Author: S-P Chan <shihping.chan(a)gmail.com> Committer: S-P Chan <shihping.chan(a)gmail.com> Date: 2024-02-25T20:42:14+08:00 tls: fix OpenSSL 1.1.1 compatibility --- Modified: src/modules/tls/tls_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/b98718c28f72b1372a62b17174b43c4… Patch: https://github.com/kamailio/kamailio/commit/b98718c28f72b1372a62b17174b43c4… --- diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c index 136f0e2deb2..550a1bcc2b5 100644 --- a/src/modules/tls/tls_mod.c +++ b/src/modules/tls/tls_mod.c @@ -688,6 +688,14 @@ int mod_register(char *path, int *dlflags, void *p1, void *p2) * GH #3695: OpenSSL 1.1.1 historical note: it is no longer * needed to replace RAND with cryptorand */ +#if OPENSSL_VERSION_NUMBER >= 0x10100000L \ + && OPENSSL_VERSION_NUMBER < 0x030000000L + if(ksr_tls_threads_mode == 0) { + LM_WARN("OpenSSL 1.1.1 setting cryptorand random engine\n"); + RAND_set_rand_method(RAND_ksr_cryptorand_method()); + } +#endif + sr_kemi_modules_add(sr_kemi_tls_exports); return 0;

1 0

[kamailio/kamailio] broken TLS ciphersuite lookup (Issue #3765)
by Michael Furmur 25 Feb '24

25 Feb '24

### Description after some nearest changes, there are problems with the TLS handshake (for at least ECDHE-RSA-AES256-GCM-SHA384) because of the missed `OPENSSL_init_ssl()` call for TCP workers #### Reproduction try to send any SIP message over TLS to the server which accepts ECDHE-RSA-AES256-GCM-SHA384 in Server Hello during handshake the simplest way to reproduce is to add microsoft teams server to the dispatcher and enable probing to send OPTIONS kamailio.cfg: ``` loadmodule "tls.so" modparam("tls", "config", "/etc/kamailio/tls.cfg") loadmodule "dispatcher.so" modparam("dispatcher","flags",2) modparam("dispatcher", "list_file", "/etc/kamailio/dispatcher.list") modparam("dispatcher", "ds_ping_method","OPTIONS") modparam("dispatcher", "ds_ping_interval",5) modparam("dispatcher", "ds_probing_mode",1) ``` tls.cfg: ``` [server:default] certificate = /etc/kamailio/ssl/ssl-cert-snakeoil.pem private_key = /etc/kamailio/ssl/ssl-cert-snakeoil.key [client:default] certificate = /etc/kamailio/ssl/ssl-cert-snakeoil.pem private_key = /etc/kamailio/ssl/ssl-cert-snakeoil.key ``` dispatcher.list: ``` 1 sip:sip.pstnhub.microsoft.com;transport=tls 0 0 ``` #### Debugging Data backtrace for the cipher suite lookup: ``` (gdb) bt #0 ssl_cipher_id_cmp_BSEARCH_CMP_FN (a_=0x7ffd2a0aade0, b_=0x7fa110ceeec0 <ssl3_ciphers+11680>) at ../ssl/ssl_lib.c:4985 #1 0x00007fa110832a95 in ossl_bsearch (key=key@entry=0x7ffd2a0aade0, base=base@entry=0x7fa110cec120 <ssl3_ciphers>, num=num@entry=167, size=size@entry=80, cmp=cmp@entry=0x7fa110c7cac0 <ssl_cipher_id_cmp_BSEARCH_CMP_FN>, flags=flags@entry=0) at ../crypto/bsearch.c:28 #2 0x00007fa1108fc229 in OBJ_bsearch_ex_ (key=key@entry=0x7ffd2a0aade0, base=base@entry=0x7fa110cec120 <ssl3_ciphers>, num=num@entry=167, size=size@entry=80, cmp=cmp@entry=0x7fa110c7cac0 <ssl_cipher_id_cmp_BSEARCH_CMP_FN>, flags=flags@entry=0) at ../crypto/objects/obj_dat.c:699 #3 0x00007fa1108fc23c in OBJ_bsearch_ (key=key@entry=0x7ffd2a0aade0, base=base@entry=0x7fa110cec120 <ssl3_ciphers>, num=num@entry=167, size=size@entry=80, cmp=cmp@entry=0x7fa110c7cac0 <ssl_cipher_id_cmp_BSEARCH_CMP_FN>) at ../crypto/objects/obj_dat.c:691 #4 0x00007fa110c7fb95 in OBJ_bsearch_ssl_cipher_id (key=key@entry=0x7ffd2a0aade0, base=base@entry=0x7fa110cec120 <ssl3_ciphers>, num=num@entry=167) at ../ssl/ssl_lib.c:4985 #5 0x00007fa110c6ed4c in ssl3_get_cipher_by_id (id=<optimized out>) at ../ssl/s3_lib.c:4075 #6 0x00007fa110c76077 in ssl_get_cipher_by_char (ssl=ssl@entry=0x7fa10cfca900, ptr=ptr@entry=0x7fa10cfcc767 "\3000", all=all@entry=0) at ../ssl/ssl_ciph.c:2102 #7 0x00007fa110cae0ee in set_client_ciphersuite (s=s@entry=0x7fa10cfca900, cipherchars=cipherchars@entry=0x7fa10cfcc767 "\3000") at ../ssl/statem/statem_clnt.c:1310 #8 0x00007fa110cb03b3 in tls_process_server_hello (s=0x7fa10cfca900, pkt=<optimized out>) at ../ssl/statem/statem_clnt.c:1614 #9 0x00007fa110cace72 in read_state_machine (s=0x7fa10cfca900) at ../ssl/statem/statem.c:647 #10 state_machine (s=0x7fa10cfca900, server=0) at ../ssl/statem/statem.c:442 #11 0x00007fa110d33aaa in tls_connect (c=c@entry=0x7fa10cfc64e0, error=error@entry=0x7ffd2a0ab0e4) at ./src/modules/tls/tls_server.c:542 #12 0x00007fa110d01edd in ssl_flush (size=413, buf=0x7fa10cfdafdc, error=<synthetic pointer>, tcp_c=0x7fa10cfc64e0) at ./src/modules/tls/tls_ct_wrq.c:101 #13 sbufq_flush (flush_f=<optimized out>, flush_p2=<synthetic pointer>, flush_p1=0x7fa10cfc64e0, flags=0x7ffd2a0ab1ac, q=0x7fa10cfb43a0) at ./src/modules/tls/sbufq.h:247 #14 tls_ct_q_flush (flush_p2=<synthetic pointer>, flush_p1=0x7fa10cfc64e0, flush_f=<optimized out>, flags=0x7ffd2a0ab1ac, tc_q=0x18) at ./src/modules/tls/tls_ct_q.h:122 #15 tls_ct_wq_flush (c=c@entry=0x7fa10cfc64e0, ct_q=ct_q@entry=0x7fa10cfb34c0, flags=flags@entry=0x7ffd2a0ab1ac, ssl_err=ssl_err@entry=0x7ffd2a0ab1a8) at ./src/modules/tls/tls_ct_wrq.c:147 #16 0x00007fa110d386f4 in tls_h_read_f (c=0x7fa10cfc64e0, flags=0x7ffd2a0cb5d0) at ./src/modules/tls/tls_server.c:1140 #17 0x0000562ad6b0c46e in tcp_read_headers (c=c@entry=0x7fa10cfc64e0, read_flags=read_flags@entry=0x7ffd2a0cb5d0) at core/tcp_read.c:445 #18 0x0000562ad6b0f543 in tcp_read_req (con=0x7fa10cfc64e0, bytes_read=bytes_read@entry=0x7ffd2a0cb5cc, read_flags=read_flags@entry=0x7ffd2a0cb5d0) at core/tcp_read.c:1508 #19 0x0000562ad6b14879 in handle_io (fm=fm@entry=0x7fa110ed31c8, events=events@entry=1, idx=idx@entry=-1) at core/tcp_read.c:1832 #20 0x0000562ad6b1a7fd in io_wait_loop_epoll (repeat=repeat@entry=0, t=2, h=0x562ad6de8c20 <io_w>) at core/io_wait.h:1073 #21 0x0000562ad6b1b017 in tcp_receive_loop (unix_sock=<optimized out>) at core/tcp_read.c:2032 #22 0x0000562ad6b02df5 in tcp_init_children (woneinit=woneinit@entry=0x7ffd2a0cbb0c) at core/tcp_main.c:5364 #23 0x0000562ad6928b60 in main_loop () at ./src/main.c:1936 #24 0x0000562ad691a463 in main (argc=<optimized out>, argv=<optimized out>) at ./src/main.c:3212 ``` part of the `ssl3_ciphers` array that should be sorted by id ascending: ``` }, { valid = 1, name = 0x7fa110cc3720 "ECDHE-RSA-AES256-GCM-SHA384", stdname = 0x7fa110cc89f8 "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", id = 50380848, ... }, { valid = 1, name = 0x7fa110cc3770 "PSK-NULL-SHA", stdname = 0x7fa110cc373c "TLS_PSK_WITH_NULL_SHA", id = 50331692, ... ``` * `ossl_bsearch` assumes that it works with sorted `ssl3_ciphers` * `ssl3_ciphers` sorting performed by `OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings)` -> `ossl_init_ssl_base()` -> `ssl_sort_cipher_list()` -> `qsort(ssl3_ciphers...` #### Log Messages ``` ERROR: tls [tls_util.h:49]: tls_err_ret(): TLS write:error:0A0000F8:SSL routines::unknown cipher returned (sni: unknown) ``` ### Possible Solutions * ensure `OPENSSL_init_ssl()` to be called (directly or using OPENSSL_INIT_ATFORK) for TCP workers * fixed by `OPENSSL_init_ssl(0, NULL);` call in `tls_init.c:int tls_h_mod_init_f(void)` but it's hardly the fully correct solution ### Additional Information * **Kamailio Version** - output of `kamailio -v` ``` # kamailio -v version: kamailio 5.7.4 (x86_64/linux) flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. id: unknown compiled with gcc 13.2.0 ``` ``` # apt list kamailio --installed Listing... Done kamailio/testing,now 5.7.4-1 amd64 [installed] ``` * **Operating System**: Debian GNU/Linux trixie/sid (reproduced on Debian bookworm either) -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3765 You are receiving this because you are subscribed to this thread. Message ID: <kamailio/kamailio/issues/3765(a)github.com>

3 4

git:5.7:88e1dce9: tls: fix restore early init
by S-P Chan 25 Feb '24

25 Feb '24

Module: kamailio Branch: 5.7 Commit: 88e1dce91b2db99bf24a01e910dc5f2d78e62e1a URL: https://github.com/kamailio/kamailio/commit/88e1dce91b2db99bf24a01e910dc5f2… Author: S-P Chan <shihping.chan(a)gmail.com> Committer: S-P Chan <shihping.chan(a)gmail.com> Date: 2024-02-25T12:59:22+08:00 tls: fix restore early init Cherry-pick from a02ca644e8 --- Modified: src/modules/tls/tls_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/88e1dce91b2db99bf24a01e910dc5f2… Patch: https://github.com/kamailio/kamailio/commit/88e1dce91b2db99bf24a01e910dc5f2… --- diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c index 6058592aa01..664e35f7c33 100644 --- a/src/modules/tls/tls_mod.c +++ b/src/modules/tls/tls_mod.c @@ -468,19 +468,13 @@ static int mod_child(int rank) if(tls_disable || (tls_domains_cfg == 0)) return 0; -#if OPENSSL_VERSION_NUMBER >= 0x010101000L /* * OpenSSL 3.x/1.1.1: create shared SSL_CTX* in thread executor - * to avoid init of libssl in thread#1 + * to avoid init of libssl in thread#1: ksr_tls_threads_mode = 1 */ - if(rank == PROC_INIT && ksr_tls_threads_mode != 0) { - return run_thread4PP((_thread_proto4PP)mod_child_hook, &rank, NULL); - } -#else if(rank == PROC_INIT) { - return mod_child_hook(&rank, NULL); + return run_thread4PP((_thread_proto4PP)mod_child_hook, &rank, NULL); } -#endif /* OPENSSL_VERSION_NUMBER */ #ifndef OPENSSL_NO_ENGINE /*

1 0

git:5.8:aa8fcf9e: tls: fix restore early init
by S-P Chan 25 Feb '24

25 Feb '24

Module: kamailio Branch: 5.8 Commit: aa8fcf9ec76e7c4543db22de6de5ef62374c80be URL: https://github.com/kamailio/kamailio/commit/aa8fcf9ec76e7c4543db22de6de5ef6… Author: S-P Chan <shihping.chan(a)gmail.com> Committer: S-P Chan <shihping.chan(a)gmail.com> Date: 2024-02-25T12:57:19+08:00 tls: fix restore early init --- Modified: src/modules/tls/tls_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/aa8fcf9ec76e7c4543db22de6de5ef6… Patch: https://github.com/kamailio/kamailio/commit/aa8fcf9ec76e7c4543db22de6de5ef6… --- diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c index 463814720b8..136f0e2deb2 100644 --- a/src/modules/tls/tls_mod.c +++ b/src/modules/tls/tls_mod.c @@ -468,19 +468,13 @@ static int mod_child(int rank) if(tls_disable || (tls_domains_cfg == 0)) return 0; -#if OPENSSL_VERSION_NUMBER >= 0x010101000L /* * OpenSSL 3.x/1.1.1: create shared SSL_CTX* in thread executor - * to avoid init of libssl in thread#1 + * to avoid init of libssl in thread#1: ksr_tls_threads_mode = 1 */ - if(rank == PROC_INIT && ksr_tls_threads_mode != 0) { - return run_thread4PP((_thread_proto4PP)mod_child_hook, &rank, NULL); - } -#else if(rank == PROC_INIT) { - return mod_child_hook(&rank, NULL); + return run_thread4PP((_thread_proto4PP)mod_child_hook, &rank, NULL); } -#endif /* OPENSSL_VERSION_NUMBER */ #ifndef OPENSSL_NO_ENGINE /*

1 0

git:master:a02ca644: tls: fix restore early init
by S-P Chan 25 Feb '24

25 Feb '24

Module: kamailio Branch: master Commit: a02ca644e889d011dd63acbabfc5550904ff7d4d URL: https://github.com/kamailio/kamailio/commit/a02ca644e889d011dd63acbabfc5550… Author: S-P Chan <shihping.chan(a)gmail.com> Committer: S-P Chan <shihping.chan(a)gmail.com> Date: 2024-02-25T12:56:19+08:00 tls: fix restore early init --- Modified: src/modules/tls/tls_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/a02ca644e889d011dd63acbabfc5550… Patch: https://github.com/kamailio/kamailio/commit/a02ca644e889d011dd63acbabfc5550… --- diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c index 463814720b8..136f0e2deb2 100644 --- a/src/modules/tls/tls_mod.c +++ b/src/modules/tls/tls_mod.c @@ -468,19 +468,13 @@ static int mod_child(int rank) if(tls_disable || (tls_domains_cfg == 0)) return 0; -#if OPENSSL_VERSION_NUMBER >= 0x010101000L /* * OpenSSL 3.x/1.1.1: create shared SSL_CTX* in thread executor - * to avoid init of libssl in thread#1 + * to avoid init of libssl in thread#1: ksr_tls_threads_mode = 1 */ - if(rank == PROC_INIT && ksr_tls_threads_mode != 0) { - return run_thread4PP((_thread_proto4PP)mod_child_hook, &rank, NULL); - } -#else if(rank == PROC_INIT) { - return mod_child_hook(&rank, NULL); + return run_thread4PP((_thread_proto4PP)mod_child_hook, &rank, NULL); } -#endif /* OPENSSL_VERSION_NUMBER */ #ifndef OPENSSL_NO_ENGINE /*

1 0

git:5.7:73b19da1: tls: restore early init for other modules that use TLS
by S-P Chan 25 Feb '24

25 Feb '24

Module: kamailio Branch: 5.7 Commit: 73b19da1e0dd512f9eb77ca0606092c545e8fb99 URL: https://github.com/kamailio/kamailio/commit/73b19da1e0dd512f9eb77ca0606092c… Author: S-P Chan <shihping.chan(a)gmail.com> Committer: S-P Chan <shihping.chan(a)gmail.com> Date: 2024-02-25T11:04:27+08:00 tls: restore early init for other modules that use TLS Client modules (e.g. dispatcher) that require outbound TLS may race if tls init is too late. Restore tls init to PROC_INIT with a thread executor. Addresses GH #3765 Cherry-pick from 706d7b7ff3 --- Modified: src/modules/tls/tls_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/73b19da1e0dd512f9eb77ca0606092c… Patch: https://github.com/kamailio/kamailio/commit/73b19da1e0dd512f9eb77ca0606092c… --- diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c index 0d8ea3df4c5..6058592aa01 100644 --- a/src/modules/tls/tls_mod.c +++ b/src/modules/tls/tls_mod.c @@ -42,6 +42,10 @@ #include "../../core/dprint.h" #include "../../core/mod_fix.h" #include "../../core/kemi.h" + +#define KSR_RTHREAD_SKIP_P +#define KSR_RTHREAD_NEED_4PP +#include "../../core/rthreads.h" #include "tls_init.h" #include "tls_server.h" #include "tls_domain.h" @@ -443,6 +447,22 @@ int tls_fix_engine_keys(tls_domains_cfg_t *, tls_domain_t *, tls_domain_t *); * * EC operations do not use pthread_self(), so could use shared SSL_CTX */ +static int mod_child_hook(int *rank, void *dummy) +{ + LM_DBG("Loading SSL_CTX in process_no=%d rank=%d " + "ksr_tls_threads_mode=%d\n", + process_no, *rank, ksr_tls_threads_mode); + if(cfg_get(tls, tls_cfg, config_file).s) { + if(tls_fix_domains_cfg(*tls_domains_cfg, &srv_defaults, &cli_defaults) + < 0) + return -1; + } else { + if(tls_fix_domains_cfg(*tls_domains_cfg, &mod_params, &mod_params) < 0) + return -1; + } + return 0; +} + static int mod_child(int rank) { if(tls_disable || (tls_domains_cfg == 0)) @@ -450,29 +470,17 @@ static int mod_child(int rank) #if OPENSSL_VERSION_NUMBER >= 0x010101000L /* - * OpenSSL 3.x/1.1.1: create shared SSL_CTX* in worker to avoid init of - * libssl in rank 0(thread#1). Requires tls_threads_mode = 1 config. - */ - if((rank == PROC_SIPINIT && ksr_tls_threads_mode) - || (rank == PROC_INIT && !ksr_tls_threads_mode)) { + * OpenSSL 3.x/1.1.1: create shared SSL_CTX* in thread executor + * to avoid init of libssl in thread#1 + */ + if(rank == PROC_INIT && ksr_tls_threads_mode != 0) { + return run_thread4PP((_thread_proto4PP)mod_child_hook, &rank, NULL); + } #else if(rank == PROC_INIT) { -#endif - LM_DBG("Loading SSL_CTX in process_no=%d rank=%d " - "ksr_tls_threads_mode=%d\n", - process_no, rank, ksr_tls_threads_mode); - if(cfg_get(tls, tls_cfg, config_file).s) { - if(tls_fix_domains_cfg( - *tls_domains_cfg, &srv_defaults, &cli_defaults) - < 0) - return -1; - } else { - if(tls_fix_domains_cfg(*tls_domains_cfg, &mod_params, &mod_params) - < 0) - return -1; - } - return 0; + return mod_child_hook(&rank, NULL); } +#endif /* OPENSSL_VERSION_NUMBER */ #ifndef OPENSSL_NO_ENGINE /*

1 0

git:5.8:49a9d8a4: tls: restore early init for other modules that use TLS
by S-P Chan 25 Feb '24

25 Feb '24

Module: kamailio Branch: 5.8 Commit: 49a9d8a4fb2f8a03d478aed2a405f812d2c2c5e8 URL: https://github.com/kamailio/kamailio/commit/49a9d8a4fb2f8a03d478aed2a405f81… Author: S-P Chan <shihping.chan(a)gmail.com> Committer: S-P Chan <shihping.chan(a)gmail.com> Date: 2024-02-25T10:58:33+08:00 tls: restore early init for other modules that use TLS Client modules (e.g. dispatcher) that require outbound TLS may race if tls init is too late. Restore tls init to PROC_INIT with a thread executor. Addresses GH #3765 Cherry-pick from 706d7b7ff3 --- Modified: src/modules/tls/tls_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/49a9d8a4fb2f8a03d478aed2a405f81… Patch: https://github.com/kamailio/kamailio/commit/49a9d8a4fb2f8a03d478aed2a405f81… --- diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c index beaf1b7b70b..463814720b8 100644 --- a/src/modules/tls/tls_mod.c +++ b/src/modules/tls/tls_mod.c @@ -42,6 +42,10 @@ #include "../../core/dprint.h" #include "../../core/mod_fix.h" #include "../../core/kemi.h" + +#define KSR_RTHREAD_SKIP_P +#define KSR_RTHREAD_NEED_4PP +#include "../../core/rthreads.h" #include "tls_init.h" #include "tls_server.h" #include "tls_domain.h" @@ -443,32 +447,40 @@ int tls_fix_engine_keys(tls_domains_cfg_t *, tls_domain_t *, tls_domain_t *); * * EC operations do not use pthread_self(), so could use shared SSL_CTX */ +static int mod_child_hook(int *rank, void *dummy) +{ + LM_DBG("Loading SSL_CTX in process_no=%d rank=%d " + "ksr_tls_threads_mode=%d\n", + process_no, *rank, ksr_tls_threads_mode); + if(cfg_get(tls, tls_cfg, config_file).s) { + if(tls_fix_domains_cfg(*tls_domains_cfg, &srv_defaults, &cli_defaults) + < 0) + return -1; + } else { + if(tls_fix_domains_cfg(*tls_domains_cfg, &mod_params, &mod_params) < 0) + return -1; + } + return 0; +} + static int mod_child(int rank) { if(tls_disable || (tls_domains_cfg == 0)) return 0; #if OPENSSL_VERSION_NUMBER >= 0x010101000L - /* - * OpenSSL 3.x/1.1.1: create shared SSL_CTX* in worker to avoid init of - * libssl in rank 0(thread#1) + /* + * OpenSSL 3.x/1.1.1: create shared SSL_CTX* in thread executor + * to avoid init of libssl in thread#1 */ - if(rank == PROC_SIPINIT) { + if(rank == PROC_INIT && ksr_tls_threads_mode != 0) { + return run_thread4PP((_thread_proto4PP)mod_child_hook, &rank, NULL); + } #else - if(rank == PROC_INIT) { -#endif - if(cfg_get(tls, tls_cfg, config_file).s) { - if(tls_fix_domains_cfg( - *tls_domains_cfg, &srv_defaults, &cli_defaults) - < 0) - return -1; - } else { - if(tls_fix_domains_cfg(*tls_domains_cfg, &mod_params, &mod_params) - < 0) - return -1; - } - return 0; + if(rank == PROC_INIT) { + return mod_child_hook(&rank, NULL); } +#endif /* OPENSSL_VERSION_NUMBER */ #ifndef OPENSSL_NO_ENGINE /* @@ -678,7 +690,7 @@ int mod_register(char *path, int *dlflags, void *p1, void *p2) register_tls_hooks(&tls_h); - /* + /* * GH #3695: OpenSSL 1.1.1 historical note: it is no longer * needed to replace RAND with cryptorand */

1 0

git:master:706d7b7f: tls: restore early init for other modules that use TLS
by S-P Chan 25 Feb '24

25 Feb '24

Module: kamailio Branch: master Commit: 706d7b7ff3bc2723614de328611c2100d19bf742 URL: https://github.com/kamailio/kamailio/commit/706d7b7ff3bc2723614de328611c210… Author: S-P Chan <shihping.chan(a)gmail.com> Committer: S-P Chan <shihping.chan(a)gmail.com> Date: 2024-02-25T10:41:18+08:00 tls: restore early init for other modules that use TLS Client modules (e.g. dispatcher) that require outbound TLS may race if tls init is too late. Restore tls init to PROC_INIT with a thread executor. Addresses GH #3765 --- Modified: src/modules/tls/tls_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/706d7b7ff3bc2723614de328611c210… Patch: https://github.com/kamailio/kamailio/commit/706d7b7ff3bc2723614de328611c210… --- diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c index beaf1b7b70b..463814720b8 100644 --- a/src/modules/tls/tls_mod.c +++ b/src/modules/tls/tls_mod.c @@ -42,6 +42,10 @@ #include "../../core/dprint.h" #include "../../core/mod_fix.h" #include "../../core/kemi.h" + +#define KSR_RTHREAD_SKIP_P +#define KSR_RTHREAD_NEED_4PP +#include "../../core/rthreads.h" #include "tls_init.h" #include "tls_server.h" #include "tls_domain.h" @@ -443,32 +447,40 @@ int tls_fix_engine_keys(tls_domains_cfg_t *, tls_domain_t *, tls_domain_t *); * * EC operations do not use pthread_self(), so could use shared SSL_CTX */ +static int mod_child_hook(int *rank, void *dummy) +{ + LM_DBG("Loading SSL_CTX in process_no=%d rank=%d " + "ksr_tls_threads_mode=%d\n", + process_no, *rank, ksr_tls_threads_mode); + if(cfg_get(tls, tls_cfg, config_file).s) { + if(tls_fix_domains_cfg(*tls_domains_cfg, &srv_defaults, &cli_defaults) + < 0) + return -1; + } else { + if(tls_fix_domains_cfg(*tls_domains_cfg, &mod_params, &mod_params) < 0) + return -1; + } + return 0; +} + static int mod_child(int rank) { if(tls_disable || (tls_domains_cfg == 0)) return 0; #if OPENSSL_VERSION_NUMBER >= 0x010101000L - /* - * OpenSSL 3.x/1.1.1: create shared SSL_CTX* in worker to avoid init of - * libssl in rank 0(thread#1) + /* + * OpenSSL 3.x/1.1.1: create shared SSL_CTX* in thread executor + * to avoid init of libssl in thread#1 */ - if(rank == PROC_SIPINIT) { + if(rank == PROC_INIT && ksr_tls_threads_mode != 0) { + return run_thread4PP((_thread_proto4PP)mod_child_hook, &rank, NULL); + } #else - if(rank == PROC_INIT) { -#endif - if(cfg_get(tls, tls_cfg, config_file).s) { - if(tls_fix_domains_cfg( - *tls_domains_cfg, &srv_defaults, &cli_defaults) - < 0) - return -1; - } else { - if(tls_fix_domains_cfg(*tls_domains_cfg, &mod_params, &mod_params) - < 0) - return -1; - } - return 0; + if(rank == PROC_INIT) { + return mod_child_hook(&rank, NULL); } +#endif /* OPENSSL_VERSION_NUMBER */ #ifndef OPENSSL_NO_ENGINE /* @@ -678,7 +690,7 @@ int mod_register(char *path, int *dlflags, void *p1, void *p2) register_tls_hooks(&tls_h); - /* + /* * GH #3695: OpenSSL 1.1.1 historical note: it is no longer * needed to replace RAND with cryptorand */

1 0

git:5.7:46c0db15: db_mysql: libssl thread guard for db_mysql_query (and libmysqlclient)
by S-P Chan 24 Feb '24

24 Feb '24

Module: kamailio Branch: 5.7 Commit: 46c0db156ab12a94419324947b806176b6cc14a8 URL: https://github.com/kamailio/kamailio/commit/46c0db156ab12a94419324947b80617… Author: S-P Chan <shihping.chan(a)gmail.com> Committer: S-P Chan <shihping.chan(a)gmail.com> Date: 2024-02-24T23:19:04+08:00 db_mysql: libssl thread guard for db_mysql_query (and libmysqlclient) This function is observed to call SSL_read() when compiled with libmysqlclient.so.21 (but not libmariadb.so.3). Apply a thread executor just in case. Cherry-pick from 1e42364451 --- Modified: src/modules/db_mysql/km_dbase.c --- Diff: https://github.com/kamailio/kamailio/commit/46c0db156ab12a94419324947b80617… Patch: https://github.com/kamailio/kamailio/commit/46c0db156ab12a94419324947b80617… --- diff --git a/src/modules/db_mysql/km_dbase.c b/src/modules/db_mysql/km_dbase.c index 7b65c0a012c..91ace58df5b 100644 --- a/src/modules/db_mysql/km_dbase.c +++ b/src/modules/db_mysql/km_dbase.c @@ -41,6 +41,7 @@ #define KSR_RTHREAD_NEED_4PP #define KSR_RTHREAD_NEED_0P +#define KSR_RTHREAD_NEED_4P5I2P2 #include "../../core/rthreads.h" #include "../../lib/srdb1/db_query.h" #include "../../lib/srdb1/db_ut.h" @@ -348,12 +349,26 @@ int db_mysql_free_result(const db1_con_t *_h, db1_res_t *_r) * \param _r pointer to a structure representing the result * \return zero on success, negative value on failure */ + +/* + * this function observed to invoke SSL_read() under libmysqlclient.so.21 + * but not libmariadb.so.3; apply libssl guard + */ +static int db_mysql_query_impl(const db1_con_t *_h, const db_key_t *_k, + const db_op_t *_op, const db_val_t *_v, const db_key_t *_c, + const int _n, const int _nc, const db_key_t _o, db1_res_t **_r) +{ + return db_do_query(_h, _k, _op, _v, _c, _n, _nc, _o, _r, db_mysql_val2str, + db_mysql_submit_query, db_mysql_store_result); +} + int db_mysql_query(const db1_con_t *_h, const db_key_t *_k, const db_op_t *_op, const db_val_t *_v, const db_key_t *_c, const int _n, const int _nc, const db_key_t _o, db1_res_t **_r) { - return db_do_query(_h, _k, _op, _v, _c, _n, _nc, _o, _r, db_mysql_val2str, - db_mysql_submit_query, db_mysql_store_result); + return run_thread4P5I2P2((_thread_proto4P5I2P2)&db_mysql_query_impl, + (void *)_h, (void *)_k, (void *)_op, (void *)_v, (void *)_c, _n, + _nc, (void *)_o, (void *)_r); } /**

1 0

git:5.7:2c082bd1: db_mysql: update docs for opt_ssl_ca
by S-P Chan 24 Feb '24

24 Feb '24

Module: kamailio Branch: 5.7 Commit: 2c082bd135203382855b297de736b22fbedee672 URL: https://github.com/kamailio/kamailio/commit/2c082bd135203382855b297de736b22… Author: S-P Chan <shihping.chan(a)gmail.com> Committer: S-P Chan <shihping.chan(a)gmail.com> Date: 2024-02-24T23:18:56+08:00 db_mysql: update docs for opt_ssl_ca Cherry-pick from eafd93f057 --- Modified: src/modules/db_mysql/doc/db_mysql_admin.xml --- Diff: https://github.com/kamailio/kamailio/commit/2c082bd135203382855b297de736b22… Patch: https://github.com/kamailio/kamailio/commit/2c082bd135203382855b297de736b22… --- diff --git a/src/modules/db_mysql/doc/db_mysql_admin.xml b/src/modules/db_mysql/doc/db_mysql_admin.xml index 51c9b5b728d..dceb8253eb7 100644 --- a/src/modules/db_mysql/doc/db_mysql_admin.xml +++ b/src/modules/db_mysql/doc/db_mysql_admin.xml @@ -211,6 +211,30 @@ modparam("db_mysql", "update_affected_found", 1) ... modparam("db_mysql", "opt_ssl_mode", 1) ... +</programlisting> + </example> + </section> + <section id="db_mysql.p.opt_ssl_ca"> + <title><varname>opt_ssl_ca</varname> (string)</title> + <para> + Configures the CA certs used to verify the MySQL server cert when + SSL is enabled. + </para> + <para> + Required when opt_ssl_mode = 4 or 5 and db_mysql is built + with libmysqlclient. + </para> + <para> + <emphasis> + Default value is NULL (NULL - not configured). + </emphasis> + </para> + <example> + <title>Set <varname>opt_ssl_ca</varname> parameter</title> + <programlisting format="linespecific"> +... +modparam("db_mysql", "opt_ssl_ca", "/etc/ssl/certs/mysql-ca.pem") +... </programlisting> </example> </section>

1 0

git:5.7:29f848c9: db_mysql: new module param opt_ssl_ca to configure CA certs
by S-P Chan 24 Feb '24

24 Feb '24

Module: kamailio Branch: 5.7 Commit: 29f848c9a658af33b6a9693d709edf3a340c95d0 URL: https://github.com/kamailio/kamailio/commit/29f848c9a658af33b6a9693d709edf3… Author: S-P Chan <shihping.chan(a)gmail.com> Committer: S-P Chan <shihping.chan(a)gmail.com> Date: 2024-02-24T23:18:31+08:00 db_mysql: new module param opt_ssl_ca to configure CA certs ERROR: db_mysql [km_my_con.c:200]: db_mysql_new_connection(): driver error: SSL connection error: CA certificate is required if ssl-mode is VERIFY_CA or VERIFY_IDENTITY When opt_ssl_mode = 4 | 5 libmysqlclient.so.21 requires that the trusted CAs be configured. Fixed with: mysql_options(ptr->con, MYSQL_OPT_SSL_CA, (void *)db_mysql_opt_ssl_ca) Note: libmariadb.so.3 doesn't require this setting and uses the system trust store. Cherry-pick from ea81e6cb8b --- Modified: src/modules/db_mysql/db_mysql.c Modified: src/modules/db_mysql/km_my_con.c --- Diff: https://github.com/kamailio/kamailio/commit/29f848c9a658af33b6a9693d709edf3… Patch: https://github.com/kamailio/kamailio/commit/29f848c9a658af33b6a9693d709edf3… --- diff --git a/src/modules/db_mysql/db_mysql.c b/src/modules/db_mysql/db_mysql.c index 1a698329bac..9a7aa8673b5 100644 --- a/src/modules/db_mysql/db_mysql.c +++ b/src/modules/db_mysql/db_mysql.c @@ -47,6 +47,7 @@ unsigned int my_server_timezone = unsigned long my_client_ver = 0; int db_mysql_unsigned_type = 0; int db_mysql_opt_ssl_mode = 0; +char *db_mysql_opt_ssl_ca = NULL; struct mysql_counters_h mysql_cnts_h; counter_def_t mysql_cnt_defs[] = { @@ -100,6 +101,7 @@ static param_export_t params[] = { {"insert_delayed", INT_PARAM, &db_mysql_insert_all_delayed}, {"update_affected_found", INT_PARAM, &db_mysql_update_affected_found}, {"unsigned_type", PARAM_INT, &db_mysql_unsigned_type}, + {"opt_ssl_ca", PARAM_STRING, &db_mysql_opt_ssl_ca}, {"opt_ssl_mode", PARAM_INT, &db_mysql_opt_ssl_mode}, {0, 0, 0}}; diff --git a/src/modules/db_mysql/km_my_con.c b/src/modules/db_mysql/km_my_con.c index b4c4dca33b0..226d724f1ae 100644 --- a/src/modules/db_mysql/km_my_con.c +++ b/src/modules/db_mysql/km_my_con.c @@ -41,6 +41,7 @@ #include "db_mysql.h" extern int db_mysql_opt_ssl_mode; +extern char *db_mysql_opt_ssl_ca; /*! \brief * Create a new connection structure, @@ -167,6 +168,9 @@ struct my_con *db_mysql_new_connection(const struct db_id *id) } #endif /* MYSQL_VERSION_ID */ #endif /* MARIADB_BASE_VERSION */ + if(db_mysql_opt_ssl_ca) + mysql_options( + ptr->con, MYSQL_OPT_SSL_CA, (const void *)db_mysql_opt_ssl_ca); #if MYSQL_VERSION_ID > 50012 /* set reconnect flag if enabled */

1 0

Development is open for future release of v5.9.x series
by Daniel-Constantin Mierla 23 Feb '24

23 Feb '24

Hello, the branch 5.8 was created, therefore the master branch is open for adding new features, to be part of future release series v5.9.x (or whatever version is decided for next series). Any bug fix committed to master that applies to 5.8.x or older stable branches should be backported as usual with "git cherry-pick -x ..." to appropriate branches like 5.8 or 5.7. Expect that v5.8.0 will be released in a few weeks from now. Based on the workflow used during the past years, the next future release v5.9.0 should be out after another 8-10 months of development, plus 1-2 months of testing, so sometime during the last part of 2024 or the beginning of 2025. Cheers, Daniel -- Daniel-Constantin Mierla (@ asipto.com) twitter.com/miconda -- linkedin.com/in/miconda Kamailio Consultancy, Training and Development Services -- asipto.com Kamailio World Conference, April 18-19, 2024, Berlin -- kamailioworld.com

1 0

Branch 5.8 has been created
by Daniel-Constantin Mierla 23 Feb '24

23 Feb '24

Hello, the branch 5.8 has been created, to be used for releasing v5.8.x series. To check out this branch, the following commands can be used: git clone https://github.com/kamailio/kamailio kamailio-5.8 cd kamailio-5.8 git checkout -b 5.8 origin/5.8 Pushing commits in this branch: git push origin 5.8:5.8 Note that 5.8 is an official stable branch, so only bug fixes, missing kemi exports (discuss on sr-dev if not sure) or improvements to documentation or helper tools can be pushed to this branch. As usual, if there is a bug fixed, commit and push first to master branch and then cherry pick to 5.8 branch: git cherry-pick -x COMMITID In few weeks, the first release from branch 5.8 will be out, respectively Kamailio v5.8.0. Cheers, Daniel -- Daniel-Constantin Mierla (@ asipto.com) twitter.com/miconda -- linkedin.com/in/miconda Kamailio Consultancy, Training and Development Services -- asipto.com Kamailio World Conference, April 18-19, 2024, Berlin -- kamailioworld.com

1 0

git:5.8:5af33b2e: pkg/docker: set branch 5.8 and refresh [skip ci]
by Victor Seva 23 Feb '24

23 Feb '24

Module: kamailio Branch: 5.8 Commit: 5af33b2e0ddc1098919008d44ab91959bc7dfb80 URL: https://github.com/kamailio/kamailio/commit/5af33b2e0ddc1098919008d44ab9195… Author: Victor Seva <linuxmaniac(a)torreviejawireless.org> Committer: Victor Seva <linuxmaniac(a)torreviejawireless.org> Date: 2024-02-23T21:24:19+01:00 pkg/docker: set branch 5.8 and refresh [skip ci] --- Modified: .gitmodules Modified: pkg/docker --- Diff: https://github.com/kamailio/kamailio/commit/5af33b2e0ddc1098919008d44ab9195… Patch: https://github.com/kamailio/kamailio/commit/5af33b2e0ddc1098919008d44ab9195… --- diff --git a/.gitmodules b/.gitmodules index 1d8f99966ed..9ea3c41fd05 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,6 +1,7 @@ [submodule "pkg/docker"] path = pkg/docker url = https://github.com/kamailio/kamailio-ci.git + branch = 5.8 [submodule "src/modules/tls_wolfssl/lib/wolfssl"] path = misc/external/wolfssl/wolfssl url = https://github.com/wolfSSL/wolfssl.git diff --git a/pkg/docker b/pkg/docker index cf48a82c5f9..969a5dd0d65 160000 --- a/pkg/docker +++ b/pkg/docker @@ -1 +1 @@ -Subproject commit cf48a82c5f9df67813d14e6619cc9a41ec9a683b +Subproject commit 969a5dd0d65dadce47049dc5e0dd145e9aff47b8

1 0

git:5.8:fbdca3da: github: set branch to 5.8 [skip ci]
by Victor Seva 23 Feb '24

23 Feb '24

Module: kamailio Branch: 5.8 Commit: fbdca3da6293aba548989e3ab9d600be338199b2 URL: https://github.com/kamailio/kamailio/commit/fbdca3da6293aba548989e3ab9d600b… Author: Victor Seva <linuxmaniac(a)torreviejawireless.org> Committer: Victor Seva <linuxmaniac(a)torreviejawireless.org> Date: 2024-02-23T20:43:33+01:00 github: set branch to 5.8 [skip ci] --- Modified: .devcontainer/devcontainer.json Modified: .github/workflows/devcontainer.yaml Modified: .github/workflows/main.yml --- Diff: https://github.com/kamailio/kamailio/commit/fbdca3da6293aba548989e3ab9d600b… Patch: https://github.com/kamailio/kamailio/commit/fbdca3da6293aba548989e3ab9d600b… --- diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 2a0413eae4d..9a3e3a47449 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -4,7 +4,7 @@ */ "name": "Debian", "build": { - "cacheFrom": "ghcr.io/kamailio/kamailio-master-devcontainer", + "cacheFrom": "ghcr.io/kamailio/kamailio-5.8-devcontainer", "context": "../pkg/kamailio/deb", "dockerfile": "Dockerfile" }, diff --git a/.github/workflows/devcontainer.yaml b/.github/workflows/devcontainer.yaml index 2da1e56c742..f1549a9bca8 100644 --- a/.github/workflows/devcontainer.yaml +++ b/.github/workflows/devcontainer.yaml @@ -4,7 +4,7 @@ name: build devcontainer image 'on': push: branches: - - master + - 5.8 # Allows you to run this workflow manually from the Actions tab workflow_dispatch: inputs: diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 8b7ae03a271..145e9f8548f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -3,7 +3,7 @@ name: build 'on': push: branches: - - master + - 5.8 # Allows you to run this workflow manually from the Actions tab workflow_dispatch: jobs:

1 0

git:5.8:3566edd0: pkg/kamailio/deb: version set 5.8.0~rc0
by Victor Seva 23 Feb '24

23 Feb '24

Module: kamailio Branch: 5.8 Commit: 3566edd00ea729bb187b160a80b54fe92e2bbe4d URL: https://github.com/kamailio/kamailio/commit/3566edd00ea729bb187b160a80b54fe… Author: Victor Seva <linuxmaniac(a)torreviejawireless.org> Committer: Victor Seva <linuxmaniac(a)torreviejawireless.org> Date: 2024-02-23T20:05:34+01:00 pkg/kamailio/deb: version set 5.8.0~rc0 --- Modified: pkg/kamailio/deb/bionic/changelog Modified: pkg/kamailio/deb/bookworm/changelog Modified: pkg/kamailio/deb/bullseye/changelog Modified: pkg/kamailio/deb/buster/changelog Modified: pkg/kamailio/deb/debian/changelog Modified: pkg/kamailio/deb/focal/changelog Modified: pkg/kamailio/deb/jammy/changelog Modified: pkg/kamailio/deb/jessie/changelog Modified: pkg/kamailio/deb/precise/changelog Modified: pkg/kamailio/deb/sid/changelog Modified: pkg/kamailio/deb/stretch/changelog Modified: pkg/kamailio/deb/trusty/changelog Modified: pkg/kamailio/deb/wheezy/changelog Modified: pkg/kamailio/deb/xenial/changelog --- Diff: https://github.com/kamailio/kamailio/commit/3566edd00ea729bb187b160a80b54fe… Patch: https://github.com/kamailio/kamailio/commit/3566edd00ea729bb187b160a80b54fe…

1 0

git:5.8:faddcecb: Makefile.defs: version set to 5.8.0-rc0
by Daniel-Constantin Mierla 23 Feb '24

23 Feb '24

Module: kamailio Branch: 5.8 Commit: faddcecbf04a0221aa4a2531141571246d043060 URL: https://github.com/kamailio/kamailio/commit/faddcecbf04a0221aa4a25311415712… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2024-02-23T19:35:27+01:00 Makefile.defs: version set to 5.8.0-rc0 - entering the phase to prepare releasing next major version series 5.8.x --- Modified: src/Makefile.defs --- Diff: https://github.com/kamailio/kamailio/commit/faddcecbf04a0221aa4a25311415712… Patch: https://github.com/kamailio/kamailio/commit/faddcecbf04a0221aa4a25311415712… --- diff --git a/src/Makefile.defs b/src/Makefile.defs index b195c7fe59d..62f1dd78273 100644 --- a/src/Makefile.defs +++ b/src/Makefile.defs @@ -107,7 +107,7 @@ INSTALL_FLAVOUR=$(FLAVOUR) VERSION = 5 PATCHLEVEL = 8 SUBLEVEL = 0 -EXTRAVERSION = -pre1 +EXTRAVERSION = -rc0 # memory manager switcher # 0 - f_malloc (fast malloc)

1 0

git:master:48f4da34: Makefile.defs: version set to 5.9.0-dev0
by Daniel-Constantin Mierla 23 Feb '24

23 Feb '24

Module: kamailio Branch: master Commit: 48f4da344bd96e9a19b7c99c37d9dfe29de78933 URL: https://github.com/kamailio/kamailio/commit/48f4da344bd96e9a19b7c99c37d9dfe… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2024-02-23T19:28:52+01:00 Makefile.defs: version set to 5.9.0-dev0 - master branch is open for new features to be part of the future major series, to be versioned 5.9.x or maybe 6.0.x --- Modified: src/Makefile.defs --- Diff: https://github.com/kamailio/kamailio/commit/48f4da344bd96e9a19b7c99c37d9dfe… Patch: https://github.com/kamailio/kamailio/commit/48f4da344bd96e9a19b7c99c37d9dfe… --- diff --git a/src/Makefile.defs b/src/Makefile.defs index b195c7fe59d..4165ca084fb 100644 --- a/src/Makefile.defs +++ b/src/Makefile.defs @@ -105,9 +105,9 @@ INSTALL_FLAVOUR=$(FLAVOUR) # version number VERSION = 5 -PATCHLEVEL = 8 +PATCHLEVEL = 9 SUBLEVEL = 0 -EXTRAVERSION = -pre1 +EXTRAVERSION = -dev0 # memory manager switcher # 0 - f_malloc (fast malloc)

1 0

git:master:71631908: Makefile.defs: version set to 5.8.0-pre1
by Daniel-Constantin Mierla 23 Feb '24

23 Feb '24

Module: kamailio Branch: master Commit: 716319089c3e7bbc4caf9a2454235d77c3a9f88b URL: https://github.com/kamailio/kamailio/commit/716319089c3e7bbc4caf9a2454235d7… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2024-02-23T19:24:55+01:00 Makefile.defs: version set to 5.8.0-pre1 - marking end of first phase of testing --- Modified: src/Makefile.defs --- Diff: https://github.com/kamailio/kamailio/commit/716319089c3e7bbc4caf9a2454235d7… Patch: https://github.com/kamailio/kamailio/commit/716319089c3e7bbc4caf9a2454235d7… --- diff --git a/src/Makefile.defs b/src/Makefile.defs index 0b6086d0a3d..b195c7fe59d 100644 --- a/src/Makefile.defs +++ b/src/Makefile.defs @@ -107,7 +107,7 @@ INSTALL_FLAVOUR=$(FLAVOUR) VERSION = 5 PATCHLEVEL = 8 SUBLEVEL = 0 -EXTRAVERSION = -pre0 +EXTRAVERSION = -pre1 # memory manager switcher # 0 - f_malloc (fast malloc)

1 0

git:master:7e22636b: dispatcher: rename interal define to reflect better is a mix of matching
by Daniel-Constantin Mierla 23 Feb '24

23 Feb '24

Module: kamailio Branch: master Commit: 7e22636bb2797f6ed9cac677678a7a1bfc4f2537 URL: https://github.com/kamailio/kamailio/commit/7e22636bb2797f6ed9cac677678a7a1… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2024-02-23T12:53:39+01:00 dispatcher: rename interal define to reflect better is a mix of matching - rather than a full address matching --- Modified: src/modules/dispatcher/dispatch.c Modified: src/modules/dispatcher/dispatch.h --- Diff: https://github.com/kamailio/kamailio/commit/7e22636bb2797f6ed9cac677678a7a1… Patch: https://github.com/kamailio/kamailio/commit/7e22636bb2797f6ed9cac677678a7a1… --- diff --git a/src/modules/dispatcher/dispatch.c b/src/modules/dispatcher/dispatch.c index 0a609075a5e..9e27f998c25 100644 --- a/src/modules/dispatcher/dispatch.c +++ b/src/modules/dispatcher/dispatch.c @@ -3605,9 +3605,9 @@ int ds_is_addr_from_set(sip_msg_t *_m, struct ip_addr *pipaddr, if(ip_addr_cmp(pipaddr, ipa) && ((mode & DS_MATCH_NOPORT) || node->dlist[j].port == 0 || tport == node->dlist[j].port - || (mode & DS_MATCH_TRY_FULLADDRSOCK)) + || (mode & DS_MATCH_MIXSOCKPRPORT)) && ((mode & DS_MATCH_NOPROTO) || tproto == node->dlist[j].proto - || (mode & DS_MATCH_TRY_FULLADDRSOCK)) + || (mode & DS_MATCH_MIXSOCKPRPORT)) && (((mode & DS_MATCH_ACTIVE) && !ds_skip_dst(node->dlist[j].flags)) || !(mode & DS_MATCH_ACTIVE)) @@ -3615,7 +3615,7 @@ int ds_is_addr_from_set(sip_msg_t *_m, struct ip_addr *pipaddr, && node->dlist[j].sock == _m->rcv.bind_address) || !node->dlist[j].sock || !(mode & DS_MATCH_SOCKET))) { - if(mode & DS_MATCH_TRY_FULLADDRSOCK) { + if(mode & DS_MATCH_MIXSOCKPRPORT) { node_strictness = DS_MATCHED_ADDR; if(node->dlist[j].port) { if(tport != node->dlist[j].port) @@ -3738,7 +3738,7 @@ int ds_is_addr_from_list(sip_msg_t *_m, int group, str *uri, int mode) } - if(mode & DS_MATCH_TRY_FULLADDRSOCK) { + if(mode & DS_MATCH_MIXSOCKPRPORT) { ds_strictness = 0; ds_strictest_node = NULL; } @@ -3753,7 +3753,7 @@ int ds_is_addr_from_list(sip_msg_t *_m, int group, str *uri, int mode) } } - if(rc == -1 && mode & DS_MATCH_TRY_FULLADDRSOCK && ds_strictest_node) { + if(rc == -1 && (mode & DS_MATCH_MIXSOCKPRPORT) && ds_strictest_node) { rc = ds_set_vars( _m, ds_strictest_node, ds_strictest_idx, group == -1 ? 1 : 0); } diff --git a/src/modules/dispatcher/dispatch.h b/src/modules/dispatcher/dispatch.h index a628a426a61..a887c555932 100644 --- a/src/modules/dispatcher/dispatch.h +++ b/src/modules/dispatcher/dispatch.h @@ -60,7 +60,7 @@ #define DS_MATCH_NOPROTO 2 #define DS_MATCH_ACTIVE 4 #define DS_MATCH_SOCKET 8 -#define DS_MATCH_TRY_FULLADDRSOCK 16 +#define DS_MATCH_MIXSOCKPRPORT 16 #define DS_SETOP_DSTURI 0 #define DS_SETOP_RURI 1

1 0

git:master:17536b10: dispatcher: added two new flags to mode parameter of ds_is_from_list function for more strictly matching
by Daniel-Constantin Mierla 23 Feb '24

23 Feb '24

Module: kamailio Branch: master Commit: 17536b1064b40c305f28c4c19392504afc0b9701 URL: https://github.com/kamailio/kamailio/commit/17536b1064b40c305f28c4c19392504… Author: Dennis Yurasov <dennis-y(a)yandex-team.ru> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2024-02-23T12:36:20+01:00 dispatcher: added two new flags to mode parameter of ds_is_from_list function for more strictly matching - Two new flgs added: DS_MATCH_SOCKET (8) to take in account socket/sockname attribute of gw DS_MATCH_TRY_FULLADDRSOCK (16) try to find the most complete "address/protocol/port/local socket" combination for all dispatcher targets --- Modified: src/modules/dispatcher/dispatch.c Modified: src/modules/dispatcher/dispatch.h Modified: src/modules/dispatcher/doc/dispatcher_admin.xml --- Diff: https://github.com/kamailio/kamailio/commit/17536b1064b40c305f28c4c19392504… Patch: https://github.com/kamailio/kamailio/commit/17536b1064b40c305f28c4c19392504…

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev