Module: sip-router Branch: master Commit: 92ff234d8b39c422aca683d4fbb0cfacc24a77b4 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=92ff234d...
Author: Daniel-Constantin Mierla miconda@gmail.com Committer: Daniel-Constantin Mierla miconda@gmail.com Date: Tue Aug 19 11:10:14 2014 +0200
tmx: be sure From header is parsed before accessing the tag
- reported by Juha Heinanen
---
modules/tmx/tmx_pretran.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/modules/tmx/tmx_pretran.c b/modules/tmx/tmx_pretran.c index 3483c32..653f64c 100644 --- a/modules/tmx/tmx_pretran.c +++ b/modules/tmx/tmx_pretran.c @@ -213,6 +213,10 @@ int tmx_check_pretran(sip_msg_t *msg) LM_ERR("failed to get Via header\n"); return -1; } + if (parse_from_header(msg)<0 || get_from(msg)->tag_value.len==0) { + LM_ERR("failed to get From header\n"); + return -1; + }
vbr = msg->via1->branch;
there is still something wrong with t_precheck_trans(). when i use it, sip proxy process handling a requests gets stuck in some kind of loop. top show that it uses lots of cpu.
gdb where attached to the process is shown below.
-- juha
(gdb) where #0 0x00007f446c3a0e08 in tmx_check_pretran (msg=0x7f447a2bad88) at tmx_pretran.c:308 #1 0x00007f446c39edeb in w_t_precheck_trans (msg=0x7f447a2bad88, p1=0x0, p2=0x0) at tmx_mod.c:709 #2 0x000000000041c6b3 in do_action (h=0x7fff80ddb7c0, a=0x7f44799e62c8, msg=0x7f447a2bad88) at action.c:1107 #3 0x0000000000425233 in run_actions (h=0x7fff80ddb7c0, a=0x7f44799e62c8, msg=0x7f447a2bad88) at action.c:1607 #4 0x000000000042591f in run_actions_safe (h=0x7fff80ddc070, a=0x7f44799e62c8, msg=0x7f447a2bad88) at action.c:1672 #5 0x00000000004cb56f in rval_get_int (h=0x7fff80ddc070, msg=0x7f447a2bad88, i=0x7fff80ddbee0, rv=0x7f44799e6558, cache=0x0) at rvalue.c:924 #6 0x00000000004ce227 in rval_expr_eval_int (h=0x7fff80ddc070, msg=0x7f447a2bad88, res=0x7fff80ddbee0, rve=0x7f44799e6550) at rvalue.c:1918 #7 0x000000000041c3d6 in do_action (h=0x7fff80ddc070, a=0x7f44799e6ed0, msg=0x7f447a2bad88) at action.c:1083 #8 0x0000000000425233 in run_actions (h=0x7fff80ddc070, a=0x7f44799da228, msg=0x7f447a2bad88) at action.c:1607 #9 0x00000000004259e7 in run_top_route (a=0x7f44799da228, msg=0x7f447a2bad88, c=0x0) at action.c:1693 #10 0x00000000004ab495 in receive_msg ( buf=0x1808390 "SUBSCRIBE sip:192.98.102.30:5080;transport=tcp SIP/2.0\r\nVia: SIP/2.0/TCP 192.98.102.30:5054;rport;branch=z9hG4bKxcqiqhbw\r\nRoute: sip:192.98.102.30;transport=tcp;r2=on;lr,<sip:127.0.0.1:5070;transpor"..., len=579, rcv_info=0x7f44708ec3d8) at receive.c:213 #11 0x0000000000533b6e in receive_tcp_msg ( tcpbuf=0x7f44708ec6a8 "SUBSCRIBE sip:192.98.102.30:5080;transport=tcp SIP/2.0\r\nVia: SIP/2.0/TCP 192.98.102.30:5054;rport;branch=z9hG4bKxcqiqhbw\r\nRoute: sip:192.98.102.30;transport=tcp;r2=on;lr,<sip:127.0.0.1:5070;transpor"..., len=579, rcv_info=0x7f44708ec3d8, con=0x7f44708ec3c0) at tcp_read.c:1232 #12 0x0000000000534a20 in tcp_read_req (con=0x7f44708ec3c0, bytes_read=0x7fff80ddc4cc, read_flags=0x7fff80ddc4c8) at tcp_read.c:1387 #13 0x0000000000535e0c in handle_io (fm=0x7f447a39a5b0, events=1, idx=-1) at tcp_read.c:1559 #14 0x000000000052edd9 in io_wait_loop_epoll (h=0x8e4200, t=2, repeat=0) at io_wait.h:1092 #15 0x0000000000536ce2 in tcp_receive_loop (unix_sock=57) at tcp_read.c:1728 #16 0x000000000052929f in tcp_init_children () at tcp_main.c:4970 #17 0x0000000000470d9d in main_loop () at main.c:1704 #18 0x00000000004739ae in main (argc=17, argv=0x7fff80ddc998) at main.c:2554
I could spot the reason of looping in this case, because there is a FOR with CONTINUE...
Can you get the output for:
p _tmx_proc_ptran p it p *_tmx_proc_ptran p *it p slotid p _tmx_ptran_table[slotid].plist
Thanks, Daniel
On 19/08/14 13:12, Juha Heinanen wrote:
there is still something wrong with t_precheck_trans(). when i use it, sip proxy process handling a requests gets stuck in some kind of loop. top show that it uses lots of cpu.
gdb where attached to the process is shown below.
-- juha
(gdb) where #0 0x00007f446c3a0e08 in tmx_check_pretran (msg=0x7f447a2bad88) at tmx_pretran.c:308 #1 0x00007f446c39edeb in w_t_precheck_trans (msg=0x7f447a2bad88, p1=0x0, p2=0x0) at tmx_mod.c:709 #2 0x000000000041c6b3 in do_action (h=0x7fff80ddb7c0, a=0x7f44799e62c8, msg=0x7f447a2bad88) at action.c:1107 #3 0x0000000000425233 in run_actions (h=0x7fff80ddb7c0, a=0x7f44799e62c8, msg=0x7f447a2bad88) at action.c:1607 #4 0x000000000042591f in run_actions_safe (h=0x7fff80ddc070, a=0x7f44799e62c8, msg=0x7f447a2bad88) at action.c:1672 #5 0x00000000004cb56f in rval_get_int (h=0x7fff80ddc070, msg=0x7f447a2bad88, i=0x7fff80ddbee0, rv=0x7f44799e6558, cache=0x0) at rvalue.c:924 #6 0x00000000004ce227 in rval_expr_eval_int (h=0x7fff80ddc070, msg=0x7f447a2bad88, res=0x7fff80ddbee0, rve=0x7f44799e6550) at rvalue.c:1918 #7 0x000000000041c3d6 in do_action (h=0x7fff80ddc070, a=0x7f44799e6ed0, msg=0x7f447a2bad88) at action.c:1083 #8 0x0000000000425233 in run_actions (h=0x7fff80ddc070, a=0x7f44799da228, msg=0x7f447a2bad88) at action.c:1607 #9 0x00000000004259e7 in run_top_route (a=0x7f44799da228, msg=0x7f447a2bad88, c=0x0) at action.c:1693 #10 0x00000000004ab495 in receive_msg ( buf=0x1808390 "SUBSCRIBE sip:192.98.102.30:5080;transport=tcp SIP/2.0\r\nVia: SIP/2.0/TCP 192.98.102.30:5054;rport;branch=z9hG4bKxcqiqhbw\r\nRoute: sip:192.98.102.30;transport=tcp;r2=on;lr,<sip:127.0.0.1:5070;transpor"..., len=579, rcv_info=0x7f44708ec3d8) at receive.c:213 #11 0x0000000000533b6e in receive_tcp_msg ( tcpbuf=0x7f44708ec6a8 "SUBSCRIBE sip:192.98.102.30:5080;transport=tcp SIP/2.0\r\nVia: SIP/2.0/TCP 192.98.102.30:5054;rport;branch=z9hG4bKxcqiqhbw\r\nRoute: sip:192.98.102.30;transport=tcp;r2=on;lr,<sip:127.0.0.1:5070;transpor"..., len=579, rcv_info=0x7f44708ec3d8, con=0x7f44708ec3c0) at tcp_read.c:1232 #12 0x0000000000534a20 in tcp_read_req (con=0x7f44708ec3c0, bytes_read=0x7fff80ddc4cc, read_flags=0x7fff80ddc4c8) at tcp_read.c:1387 #13 0x0000000000535e0c in handle_io (fm=0x7f447a39a5b0, events=1, idx=-1) at tcp_read.c:1559 #14 0x000000000052edd9 in io_wait_loop_epoll (h=0x8e4200, t=2, repeat=0) at io_wait.h:1092 #15 0x0000000000536ce2 in tcp_receive_loop (unix_sock=57) at tcp_read.c:1728 #16 0x000000000052929f in tcp_init_children () at tcp_main.c:4970 #17 0x0000000000470d9d in main_loop () at main.c:1704 #18 0x00000000004739ae in main (argc=17, argv=0x7fff80ddc998) at main.c:2554
sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
Daniel-Constantin Mierla writes:
Can you get the output for:
p _tmx_proc_ptran p it p *_tmx_proc_ptran p *it p slotid p _tmx_ptran_table[slotid].plist
here you go,
-- juha
(gdb) where #0 0x00007f446c3a11db in tmx_check_pretran (msg=0x7f447a2bad88) at tmx_pretran.c:306 #1 0x00007f446c39edeb in w_t_precheck_trans (msg=0x7f447a2bad88, p1=0x0, p2=0x0) at tmx_mod.c:709 #2 0x000000000041c6b3 in do_action (h=0x7fff80ddb7c0, a=0x7f44799e62c8, msg=0x7f447a2bad88) at action.c:1107 #3 0x0000000000425233 in run_actions (h=0x7fff80ddb7c0, a=0x7f44799e62c8, msg=0x7f447a2bad88) at action.c:1607 #4 0x000000000042591f in run_actions_safe (h=0x7fff80ddc070, a=0x7f44799e62c8, msg=0x7f447a2bad88) at action.c:1672 #5 0x00000000004cb56f in rval_get_int (h=0x7fff80ddc070, msg=0x7f447a2bad88, i=0x7fff80ddbee0, rv=0x7f44799e6558, cache=0x0) at rvalue.c:924 #6 0x00000000004ce227 in rval_expr_eval_int (h=0x7fff80ddc070, msg=0x7f447a2bad88, res=0x7fff80ddbee0, rve=0x7f44799e6550) at rvalue.c:1918 #7 0x000000000041c3d6 in do_action (h=0x7fff80ddc070, a=0x7f44799e6ed0, msg=0x7f447a2bad88) at action.c:1083 #8 0x0000000000425233 in run_actions (h=0x7fff80ddc070, a=0x7f44799da228, msg=0x7f447a2bad88) at action.c:1607 #9 0x00000000004259e7 in run_top_route (a=0x7f44799da228, msg=0x7f447a2bad88, c=0x0) at action.c:1693 #10 0x00000000004ab495 in receive_msg ( buf=0x1808390 "SUBSCRIBE sip:jh@test.tutpro.com SIP/2.0\r\nVia: SIP/2.0/TCP 192.98.102.30:5054;rport;branch=z9hG4bKiaufrvmr\r\nMax-Forwards: 69\r\nTo: sip:jh@test.tutpro.com\r\nFrom: "Test" sip:test@test.tutpro.com;tag="..., len=423, rcv_info=0x7f44708ec3d8) at receive.c:213 #11 0x0000000000533b6e in receive_tcp_msg ( tcpbuf=0x7f44708ec6a8 "SUBSCRIBE sip:jh@test.tutpro.com SIP/2.0\r\nVia: SIP/2.0/TCP 192.98.102.30:5054;rport;branch=z9hG4bKiaufrvmr\r\nMax-Forwards: 70\r\nTo: sip:jh@test.tutpro.com\r\nFrom: "Test" sip:test@test.tutpro.com;tag="..., len=423, rcv_info=0x7f44708ec3d8, con=0x7f44708ec3c0) at tcp_read.c:1232 #12 0x0000000000534a20 in tcp_read_req (con=0x7f44708ec3c0, bytes_read=0x7fff80ddc4d0, read_flags=0x7fff80ddc4c8) at tcp_read.c:1387 #13 0x00000000005363cf in handle_io (fm=0x7f447a39a1a8, events=8193, idx=-1) at tcp_read.c:1617 #14 0x000000000052edd9 in io_wait_loop_epoll (h=0x8e4200, t=2, repeat=0) at io_wait.h:1092 #15 0x0000000000536ce2 in tcp_receive_loop (unix_sock=57) at tcp_read.c:1728 #16 0x000000000052929f in tcp_init_children () at tcp_main.c:4970 #17 0x0000000000470d9d in main_loop () at main.c:1704 #18 0x00000000004739ae in main (argc=17, argv=0x7fff80ddc998) at main.c:2554 (gdb) p _tmx_proc_ptran $1 = (pretran_t *) 0x7f4470902b40 (gdb) p it $2 = (pretran_t *) 0x7f447090b348 (gdb) p *_tmx_proc_ptran $3 = {hid = 297596497, linked = 0, callid = { s = 0x7f447090e8d0 "oustdxpwjhuelsz@siika", len = 21}, ftag = { s = 0x7f447090e8e6 "gxvqz", len = 5}, cseqnum = {s = 0x7f447090e8ec "924", len = 3}, cseqmet = {s = 0x7f447090e8f0 "SUBSCRIBE", len = 9}, cseqmetid = 64, vbranch = {s = 0x7f447090e8fa "z9hG4bKiaufrvmr", len = 15}, dbuf = {s = 0x7f447090e8d0 "oustdxpwjhuelsz@siika", len = 256}, pid = 2972, next = 0x7f447090b348, prev = 0x0} (gdb) p *it $4 = {hid = 895696017, linked = 0, callid = { s = 0x7f447090b408 "twmddnijfvofemw@siika", len = 21}, ftag = { s = 0x7f447090b41e "kxsyz", len = 5}, cseqnum = {s = 0x7f447090b424 "238", len = 3}, cseqmet = {s = 0x7f447090b428 "REGISTER", len = 8}, cseqmetid = 32, vbranch = {s = 0x7f447090b431 "z9hG4bKbxicxuqa", len = 15}, dbuf = {s = 0x7f447090b408 "twmddnijfvofemw@siika", len = 256}, pid = 2933, next = 0x7f447090b348, prev = 0x7f4470902b40} (gdb) p slotid $5 = 1 (gdb) p _tmx_ptran_table[slotid].plist $6 = (pretran_t *) 0x7f4470902b40 (gdb)
Thanks, it helped to figure out the issue. I pushed a patch for it.
Cheers, Daniel
On 19/08/14 17:53, Juha Heinanen wrote:
Daniel-Constantin Mierla writes:
Can you get the output for:
p _tmx_proc_ptran p it p *_tmx_proc_ptran p *it p slotid p _tmx_ptran_table[slotid].plist
here you go,
-- juha
(gdb) where #0 0x00007f446c3a11db in tmx_check_pretran (msg=0x7f447a2bad88) at tmx_pretran.c:306 #1 0x00007f446c39edeb in w_t_precheck_trans (msg=0x7f447a2bad88, p1=0x0, p2=0x0) at tmx_mod.c:709 #2 0x000000000041c6b3 in do_action (h=0x7fff80ddb7c0, a=0x7f44799e62c8, msg=0x7f447a2bad88) at action.c:1107 #3 0x0000000000425233 in run_actions (h=0x7fff80ddb7c0, a=0x7f44799e62c8, msg=0x7f447a2bad88) at action.c:1607 #4 0x000000000042591f in run_actions_safe (h=0x7fff80ddc070, a=0x7f44799e62c8, msg=0x7f447a2bad88) at action.c:1672 #5 0x00000000004cb56f in rval_get_int (h=0x7fff80ddc070, msg=0x7f447a2bad88, i=0x7fff80ddbee0, rv=0x7f44799e6558, cache=0x0) at rvalue.c:924 #6 0x00000000004ce227 in rval_expr_eval_int (h=0x7fff80ddc070, msg=0x7f447a2bad88, res=0x7fff80ddbee0, rve=0x7f44799e6550) at rvalue.c:1918 #7 0x000000000041c3d6 in do_action (h=0x7fff80ddc070, a=0x7f44799e6ed0, msg=0x7f447a2bad88) at action.c:1083 #8 0x0000000000425233 in run_actions (h=0x7fff80ddc070, a=0x7f44799da228, msg=0x7f447a2bad88) at action.c:1607 #9 0x00000000004259e7 in run_top_route (a=0x7f44799da228, msg=0x7f447a2bad88, c=0x0) at action.c:1693 #10 0x00000000004ab495 in receive_msg ( buf=0x1808390 "SUBSCRIBE sip:jh@test.tutpro.com SIP/2.0\r\nVia: SIP/2.0/TCP 192.98.102.30:5054;rport;branch=z9hG4bKiaufrvmr\r\nMax-Forwards: 69\r\nTo: sip:jh@test.tutpro.com\r\nFrom: "Test" sip:test@test.tutpro.com;tag="..., len=423, rcv_info=0x7f44708ec3d8) at receive.c:213 #11 0x0000000000533b6e in receive_tcp_msg ( tcpbuf=0x7f44708ec6a8 "SUBSCRIBE sip:jh@test.tutpro.com SIP/2.0\r\nVia: SIP/2.0/TCP 192.98.102.30:5054;rport;branch=z9hG4bKiaufrvmr\r\nMax-Forwards: 70\r\nTo: sip:jh@test.tutpro.com\r\nFrom: "Test" sip:test@test.tutpro.com;tag="..., len=423, rcv_info=0x7f44708ec3d8, con=0x7f44708ec3c0) at tcp_read.c:1232 #12 0x0000000000534a20 in tcp_read_req (con=0x7f44708ec3c0, bytes_read=0x7fff80ddc4d0, read_flags=0x7fff80ddc4c8) at tcp_read.c:1387 #13 0x00000000005363cf in handle_io (fm=0x7f447a39a1a8, events=8193, idx=-1) at tcp_read.c:1617 #14 0x000000000052edd9 in io_wait_loop_epoll (h=0x8e4200, t=2, repeat=0) at io_wait.h:1092 #15 0x0000000000536ce2 in tcp_receive_loop (unix_sock=57) at tcp_read.c:1728 #16 0x000000000052929f in tcp_init_children () at tcp_main.c:4970 #17 0x0000000000470d9d in main_loop () at main.c:1704 #18 0x00000000004739ae in main (argc=17, argv=0x7fff80ddc998) at main.c:2554 (gdb) p _tmx_proc_ptran $1 = (pretran_t *) 0x7f4470902b40 (gdb) p it $2 = (pretran_t *) 0x7f447090b348 (gdb) p *_tmx_proc_ptran $3 = {hid = 297596497, linked = 0, callid = { s = 0x7f447090e8d0 "oustdxpwjhuelsz@siika", len = 21}, ftag = { s = 0x7f447090e8e6 "gxvqz", len = 5}, cseqnum = {s = 0x7f447090e8ec "924", len = 3}, cseqmet = {s = 0x7f447090e8f0 "SUBSCRIBE", len = 9}, cseqmetid = 64, vbranch = {s = 0x7f447090e8fa "z9hG4bKiaufrvmr", len = 15}, dbuf = {s = 0x7f447090e8d0 "oustdxpwjhuelsz@siika", len = 256}, pid = 2972, next = 0x7f447090b348, prev = 0x0} (gdb) p *it $4 = {hid = 895696017, linked = 0, callid = { s = 0x7f447090b408 "twmddnijfvofemw@siika", len = 21}, ftag = { s = 0x7f447090b41e "kxsyz", len = 5}, cseqnum = {s = 0x7f447090b424 "238", len = 3}, cseqmet = {s = 0x7f447090b428 "REGISTER", len = 8}, cseqmetid = 32, vbranch = {s = 0x7f447090b431 "z9hG4bKbxicxuqa", len = 15}, dbuf = {s = 0x7f447090b408 "twmddnijfvofemw@siika", len = 256}, pid = 2933, next = 0x7f447090b348, prev = 0x7f4470902b40} (gdb) p slotid $5 = 1 (gdb) p _tmx_ptran_table[slotid].plist $6 = (pretran_t *) 0x7f4470902b40 (gdb)
-
Daniel-Constantin Mierla -
Juha Heinanen