sr-dev

sr-dev@lists.kamailio.org

44307 discussions

git:andrei/tcp_tls_changes: tls: don't report SSL protocol errors as bugs

by Andrei Pelinescu-Onciul

Module: sip-router Branch: andrei/tcp_tls_changes Commit: e536c71c072c3c74b1b89a58e996b347a583255a URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=e536c71… Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Committer: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Date: Fri Jul 9 20:01:41 2010 +0200 tls: don't report SSL protocol errors as bugs Report SSL protocol level error at a L_ERR level and not as bugs. --- modules/tls/tls_server.c | 9 +++++++++ 1 files changed, 9 insertions(+), 0 deletions(-) diff --git a/modules/tls/tls_server.c b/modules/tls/tls_server.c index cc065c5..8d45b53 100644 --- a/modules/tls/tls_server.c +++ b/modules/tls/tls_server.c @@ -514,6 +514,7 @@ static int tls_shutdown(struct tcp_connection *c) } goto err; + case SSL_ERROR_SSL: default: TLS_ERR("SSL error:"); goto err; @@ -786,6 +787,10 @@ redo_wr: send_flags->f &= ~SND_F_CON_CLOSE; } break; /* or goto end */ + case SSL_ERROR_SSL: + /* protocol level error */ + TLS_ERR(err_src); + goto error; #if OPENSSL_VERSION_NUMBER >= 0x00907000L /*0.9.7*/ case SSL_ERROR_WANT_CONNECT: /* only if the underlying BIO is not yet connected @@ -1150,6 +1155,10 @@ ssl_read_skipped: BUG("write buffer too small (%d/%d bytes)\n", wr.used, wr.size); goto bug; + case SSL_ERROR_SSL: + /* protocol level error */ + TLS_ERR(err_src); + goto error; #if OPENSSL_VERSION_NUMBER >= 0x00907000L /*0.9.7*/ case SSL_ERROR_WANT_CONNECT: /* only if the underlying BIO is not yet connected

14 years, 7 months

git:master: modules/dialplan: added check that database string value is not null

by Juha Heinanen

Module: sip-router Branch: master Commit: cada1734897f1d108fb80ea1ce306432397b0846 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=cada173… Author: Juha Heinanen <jh(a)tutpro.com> Committer: Juha Heinanen <jh(a)tutpro.com> Date: Fri Jul 9 12:54:01 2010 +0300 modules/dialplan: added check that database string value is not null - Added NULL check to GET_STR_VALUE macro. - Credits to Bogdan-Andrei Iancu. --- modules/dialplan/dp_db.c | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/modules/dialplan/dp_db.c b/modules/dialplan/dp_db.c index 3f50e78..62a64e4 100644 --- a/modules/dialplan/dp_db.c +++ b/modules/dialplan/dp_db.c @@ -61,6 +61,11 @@ static db_func_t dp_dbf; #define GET_STR_VALUE(_res, _values, _index)\ do{\ + if ( VAL_NULL((_values)+ (_index)) ) { \ + LM_ERR(" values %d is NULL - not allowed\n",_index);\ + (_res).s = 0; (_res).len = 0;\ + goto err;\ + } \ (_res).s = VAL_STR((_values)+ (_index)).s;\ (_res).len = strlen(VAL_STR((_values)+ (_index)).s);\ }while(0);

14 years, 7 months

[tracker] Task closed: Registrar module don't save data to location mysql table.

by sip-router

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. The following task is now closed: FS#79 - Registrar module don't save data to location mysql table. User who did this - Andrei Pelinescu-Onciul (andrei) Reason for closing: Not a bug More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=79 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

14 years, 7 months

[Fwd: Re: [SR-Users] Kamailio 1.5 stops processing messages]

by marius zbihlei

Forwarded the message from sr-users to sr-dev list Cheers Marius

14 years, 7 months

[tracker] Comment added: Registrar module don't save data to location mysql table.

by sip-router

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. The following task has a new comment added: FS#79 - Registrar module don't save data to location mysql table. User who did this - Klaus Darilion (klaus3000) ---------- set: debug=4 memdbg=5 memlog=5 Then restart Kamailio and watch the logfile (tail -f /var/log/syslog) There should be error reports when Kamailio can not connect to the database. Further configure Kamailio to connect to the DB using TCP - then you can just sniff the SQL commands with ngrep. ---------- More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=79#comment93 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

14 years, 7 months

[tracker] Task opened: Registrar module don't save data to location mysql table. (Attachment added)

by sip-router

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. A new Flyspray task has been opened. Details are below. User who did this - Mészáros Mihály (bakfitty) Attached to Project - sip-router Summary - Registrar module don't save data to location mysql table. Task Type - Bug Report Category - registrar (k) Status - Assigned Assigned To - Daniel-Constantin Mierla Operating System - Linux Severity - High Priority - Normal Reported Version - Development Due in Version - Undecided Due Date - Undecided Details - OS Debian: lenny The problem is occurs even if i Installed from deb packages from repository or from source Repository i used: deb http://deb.kamailio.org/kamailio30 lenny main deb-src http://deb.kamailio.org/kamailio30 lenny main or compiled from git repository source with dpkg-buildpackage pkg/kamailio/. modparam("usrloc", "db_mode", 3) I probed both way with db_mode,1 and db_mode 3, but without success. Currently i attached my kamailio.cfg <code> hal:/usr/src/kamailio-3.0.2+lenny2/modules_k/registrar# kamctl ul show database engine 'MYSQL' loaded Control engine 'FIFO' loaded entering fifo_cmd ul_dump Domain:: location table=512 records=1 max_slot=1 AOR:: misi Contact:: sip:misi@193.6.222.63:6522;rinstance=4b5da8841248277d Q= Expires:: 2276 Callid:: NDA1NGM5MWY1NzhkNTI1NzM2Y2QyZTc4NzkxMWIzNzQ. Cseq:: 2 User-agent:: PortGo v6.0, Build 06122010 State:: CS_NEW Flags:: 0 Cflag:: 0 Socket:: udp:195.111.192.7:5060 Methods:: 5119 FIFO command was: :ul_dump:openser_receiver_16358 </code> hal:/usr/src/kamailio-3.0.2+lenny2/modules_k/registrar# mysql openser Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 3995 Server version: 5.0.51a-24+lenny4 (Debian) Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> select * from location; Empty set (0.00 sec) Any help appreciated. One or more files have been attached. More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=79 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

14 years, 7 months

[tracker] Assignee added: Registrar module don't save data to location mysql table.

by sip-router

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. A user has added themself to the list of users assigned to this task. FS#79 - Registrar module don't save data to location mysql table. User who did this - Mészáros Mihály (bakfitty) http://sip-router.org/tracker/index.php?do=details&task_id=79 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

14 years, 7 months

CRITICAL:dialog:log_next_state_dlg: bogus event 7 in state 2 for dlg

by Iñaki Baz Castillo

Hi, what that this error mean? which is event 7 in a dialog? CRITICAL:dialog:log_next_state_dlg: bogus event 7 in state 2 for dlg 0x7f1105c7e598 [2729:1042665525] with clid '3734640b7ab3a9e733456af9053c4c13(a)XXX.XXX.XXX.XXX' and tags 'as61eee052' '' I use Kamailio 1.5.4 in which AFAIK the race condition between the ACK and 200 is solved with a callback (now included in 3.X). -- Iñaki Baz Castillo <ibc(a)aliax.net>

14 years, 7 months

LCR (1.5.4) dissables gws without logging it ¿?

by Iñaki Baz Castillo

Hi, at the same time the other problem has occured in my server ("bogus event 7 in state 2 for dlg") something very annoying has also happened related to LCR module: I have two gws configured with monitor=1 in the gw table. No problems at all until now when the traffic of the server has been increased from ~700 to ~1200 concurrent calls. At some moment load_gw() started returning -1 (no gateways available) which just can mean that both gateways had been detected has offline (no good reply to OPTIONS or not reply at all). But this is annoying as in my logs I don't see the expected lcr NOTICE message, something like: NOTICE:lcr:gw_set_state: trunk "X.X.X.X:5060" from group: <1> is OFFLINE! NOTICE:lcr:gw_set_state: trunk "X.X.X.X:5060" from group: <2> is OFFLINE! This is, there are no such messages in my logs! However, after 1-2 minutes I see these messages: NOTICE:lcr:gw_set_state: trunk "X.X.X.X:5060" from group: <1> is ONLINE! NOTICE:lcr:gw_set_state: trunk "X.X.X.X:5060" from group: <2> is ONLINE! How is it possible? there must be something wrong here as it's not possible LCR not to log the OFFLINE status of the gateways but just the ONLINE status. However, all of these problems have arise 3 minutes after my Monit has sent my a alert due to the CPU usage in the server (40.5% when usually it's 5-8%). Thanks for any help. -- Iñaki Baz Castillo <ibc(a)aliax.net>

14 years, 7 months

git:andrei/tcp_tls_changes: tls: more consistent low memory checking

by Andrei Pelinescu-Onciul

Module: sip-router Branch: andrei/tcp_tls_changes Commit: f2fa987281afd66f772646530e4e58f08ffb5954 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=f2fa987… Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Committer: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Date: Thu Jul 8 17:38:09 2010 +0200 tls: more consistent low memory checking When checking for low memory, check for low_mem_threshold1 only when a new connection is opened and not also during the initial setup/key exchange. This would avoid closing partially opened ssl connections on low memory (at least unless low_mem_threshold2 is also exceeded). --- modules/tls/tls_server.c | 109 ++++++++++++++++++++++++++-------------------- 1 files changed, 61 insertions(+), 48 deletions(-) diff --git a/modules/tls/tls_server.c b/modules/tls/tls_server.c index f6d822c..cc065c5 100644 --- a/modules/tls/tls_server.c +++ b/modules/tls/tls_server.c @@ -129,9 +129,10 @@ /** finish the ssl init. - * Creates the SSL and set extra_data to it. + * Creates the SSL context + internal tls_extra_data and sets + * extra_data to it. * Separated from tls_tcpconn_init to allow delayed ssl context - * init. (from the "child" process and not from the main one + * init (from the "child" process and not from the main one). * WARNING: the connection should be already locked. * @return 0 on success, -1 on errror. */ @@ -217,16 +218,16 @@ static int tls_complete_init(struct tcp_connection* c) -/** completes tls init if needed and checks if tls can be used. +/** completes tls init if needed and checks if tls can be used (unsafe). * It will check for low memory. + * If it returns success, c->extra_data is guaranteed to be !=0. * WARNING: must be called with c->write_lock held. * @return 0 on success, < 0 on error (complete init failed or out of memory). */ -static int tls_fix_connection(struct tcp_connection* c) +static int tls_fix_connection_unsafe(struct tcp_connection* c) { if (unlikely(!c->extra_data)) { if (unlikely(tls_complete_init(c) < 0)) { - ERR("Delayed init failed\n"); return -1; } }else if (unlikely(LOW_MEM_CONNECTED_TEST())){ @@ -239,6 +240,36 @@ static int tls_fix_connection(struct tcp_connection* c) +/** completes tls init if needed and checks if tls can be used, (safe). + * It will check for low memory. + * If it returns success, c->extra_data is guaranteed to be !=0. + * WARNING: must _not_ be called with c->write_lock held (it will + * lock/unlock internally), see also tls_fix_connection_unsafe(). + * @return 0 on success, < 0 on error (complete init failed or out of memory). + */ +static int tls_fix_connection(struct tcp_connection* c) +{ + int ret; + + if (unlikely(c->extra_data == 0)) { + lock_get(&c->write_lock); + if (unlikely(c->extra_data == 0)) { + ret = tls_complete_init(c); + lock_release(&c->write_lock); + return ret; + } + lock_release(&c->write_lock); + } + if (unlikely(LOW_MEM_CONNECTED_TEST())){ + ERR("tls: ssl bug #1491 workaround: not enough memory for safe" + " operation: %lu\n", shm_available()); + return -1; + } + return 0; +} + + + /** sets an mbuf pair for the bio used by the tls connection. * WARNING: must be called with c->write_lock held. * @return 0 on success, -1 on error. @@ -303,12 +334,6 @@ int tls_accept(struct tcp_connection *c, int* error) int tls_log; *error = SSL_ERROR_NONE; - if (unlikely(LOW_MEM_NEW_CONNECTION_TEST())){ - ERR("tls: ssl bug #1491 workaround: not enough memory for safe" - " operation: %lu\n", shm_available()); - goto err; - } - tls_c=(struct tls_extra_data*)c->extra_data; ssl=tls_c->ssl; @@ -374,12 +399,6 @@ int tls_connect(struct tcp_connection *c, int* error) int tls_log; *error = SSL_ERROR_NONE; - if (unlikely(LOW_MEM_NEW_CONNECTION_TEST())){ - ERR("tls: ssl bug #1491 workaround: not enough memory for safe" - " operation: %lu\n", shm_available()); - goto err; - } - tls_c=(struct tls_extra_data*)c->extra_data; ssl=tls_c->ssl; @@ -425,7 +444,7 @@ err: /* - * wrapper around SSL_shutdown, returns -1 on error, 0 on success + * wrapper around SSL_shutdown, returns -1 on error, 0 on success. */ static int tls_shutdown(struct tcp_connection *c) { @@ -508,11 +527,17 @@ static int tls_shutdown(struct tcp_connection *c) -/* - * Called when new tcp connection is accepted or connected. It creates the ssl - * data structures. There is no need to acquire any lock, because when the - * connection is being created no other process has access to it yet - * (this is called before adding the tcp_connection structure into the hash) +/** init tls specific data in a tcp connection. + * Called when a new tcp connection is accepted or connected. + * It completes the tcp connection initialisation by setting the tls + * specific parts. + * Note that ssl context creation and other expensive operation are left + * out (they are delayed until the first read/write). + * No locking is needed (when the connection is created no other process + * can access it). + * @param c - tcp connection. + * @param sock - socket (unused for now). + * @return 0 on success, < 0 on error. */ int tls_h_tcpconn_init(struct tcp_connection *c, int sock) { @@ -524,14 +549,13 @@ int tls_h_tcpconn_init(struct tcp_connection *c, int sock) } -/* - * clean the extra data upon connection shut down +/** clean the extra data upon connection shut down. */ void tls_h_tcpconn_clean(struct tcp_connection *c) { struct tls_extra_data* extra; /* - * runs within global tcp lock + * runs within global tcp lock */ if (c->type != PROTO_TLS) { BUG("Bad connection structure\n"); @@ -553,8 +577,7 @@ void tls_h_tcpconn_clean(struct tcp_connection *c) } -/* - * perform one-way shutdown, do not wait for notify from the remote peer +/** perform one-way shutdown, do not wait for notify from the remote peer. */ void tls_h_close(struct tcp_connection *c, int fd) { @@ -562,7 +585,7 @@ void tls_h_close(struct tcp_connection *c, int fd) struct tls_mbuf rd, wr; /* - * runs either within global tcp lock or after the connection has + * runs either within global tcp lock or after the connection has * been "detached" and is unreachable from any other process. * Unfortunately when called via * tcpconn_put_destroy()+tcpconn_close_main_fd() the connection might @@ -618,7 +641,7 @@ typedef int (*tcp_low_level_send_t)(int fd, struct tcp_connection *c, * replaced with a static buffer). * @param plen - pointer to buffer size (value/result, on success it will be * replaced with the size of the replacement buffer. - * @param rest_buf - (result) should be filled with a pointer to the + * @param rest_buf - (result) should be filled with a pointer to the * remaining unencoded part of the original buffer if any, * 0 otherwise. * @param rest_len - (result) should be filled with the length of the @@ -656,9 +679,10 @@ int tls_encode_f(struct tcp_connection *c, offs = 0; ssl_error = SSL_ERROR_NONE; err_src = "TLS write:"; - if (unlikely(tls_fix_connection(c) < 0)) { + if (unlikely(tls_fix_connection_unsafe(c) < 0)) { /* c->extra_data might be null => exit immediately */ - ERR("tls_fix_connection failed\n"); + TLS_WR_TRACE("(%p) end: tls_fix_connection_unsafe failed =>" + " immediate error exit\n", c); return -1; } tls_c = (struct tls_extra_data*)c->extra_data; @@ -836,7 +860,7 @@ ssl_eof: /** tls read. * Each modification of ssl data structures has to be protected, another process * might ask for the same connection and attempt write to it which would - * result in updating the ssl structures + * result in updating the ssl structures. * WARNING: must be called whic c->write_lock _unlocked_. * @param c - tcp connection pointer. The following flags might be set: * @param flags - value/result: @@ -882,20 +906,9 @@ int tls_read_f(struct tcp_connection* c, int* flags) r = &c->req; enc_rd_buf = 0; *flags &= ~RD_CONN_REPEAT_READ; - if (unlikely(c->extra_data == 0)) { - TLS_RD_TRACE("(%p, %p) 0 extra_data => intialize\n", c, flags); - /* not yet fully init => lock & intialize */ - lock_get(&c->write_lock); - if (tls_fix_connection(c) < 0) { - lock_release(&c->write_lock); - TLS_RD_TRACE("(%p, %p) end: tls_fix_connection failed =>" - " immediate error exit\n", c, flags); - return -1; - } - lock_release(&c->write_lock); - } else if (unlikely(LOW_MEM_CONNECTED_TEST())){ - ERR("tls: ssl bug #1491 workaround: not enough memory for safe" - " operation: %lu\n", shm_available()); + if (unlikely(tls_fix_connection(c) < 0)) { + TLS_RD_TRACE("(%p, %p) end: tls_fix_connection failed =>" + " immediate error exit\n", c, flags); return -1; } /* here it's safe to use c->extra_data in read-only mode. @@ -1187,7 +1200,7 @@ ssl_read_skipped: else { if (unlikely(bytes_free != 0)) { /* 2i or 2ip: unconsumed input and output buffer not filled => - retry ssl read (SSL_read() will read will stop at + retry ssl read (SSL_read() will read will stop at record boundaries, unless readahead==1). No tcp_read() is attempted, since that would reset the current no-yet-consumed input data.

14 years, 7 months

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev