As you are using the master branch (development), do you run latest version?
Can you look at available shared memory?
kamctl stats shmem
Check it over time and see if the free memory is decreasing.
Cheers, Daniel
On 17/11/15 00:44, Anthony Messina wrote:
I have noticed the following issue which began with builds somewhere between git master commits bff0a08 and 6173ef7. I did not see this issue with my previous builds and haven't been able to pin down the problem, which is why I haven't formally filed a bug.
Any help or guidance is appreciated, because this has crippled my use of Kamailio. Only a restart enables it to work again until the issue recurs.
ERROR: tls [tls_server.c:189]: tls_complete_init(): tls: ssl bug #1491 workaround: not enough memory for safe operation: 8870536 ERROR: <core> [tcp_read.c:1303]: tcp_read_req(): ERROR: tcp_read_req: error reading
I currently build against and run openssl-1.0.1k-12.fc22.x86_64.
I have a very small operation and the only change on the operational side is that all 5 of my mobile UACs (yes, that's all) have switched from CSipSimple/Android to Zoiper/Android, which doesn't yet have support for client-side certificates so verify_certificate and require_certificate are off for both the server and client config.
The server is started with: /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -m 64 -M 8
I have tried modifying the shared mem to 128 but the issue still occurs.
Even right now, I am seeing the error when only one UAC has established a TLS connection:
# kamcmd tls.list { id: 572 timeout: 3475 src_ip: 10.77.79.156 src_port: 58688 dst_ip: 10.77.79.3 dst_port: 5061 cipher: ECDHE-RSA-RC4-SHA SSLv3 Kx=ECDH Au=RSA Enc=RC4(128) Mac=SHA1 ct_wq_size: 0 enc_rd_buf: 0 flags: 2 state: established }
# kamailio.cfg enable_tls=yes loadmodule "tls.so" modparam("tls", "connection_timeout", 60) #modparam("tls", "tls_log", 1) #modparam("tls", "tls_debug", 1) #modparam("tls", "low_mem_threshold1", -1) #modparam("tls", "low_mem_threshold2", 0) modparam("tls", "session_cache", 1)
# tls.cfg [server:default] method = TLSv1+ verify_certificate = no require_certificate = no private_key = /etc/kamailio/example.org.key.pem certificate = /etc/kamailio/example.org.crt.pem server_name = example.org cipher_list = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA- AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256- SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM- SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4- SHA:AES256-GCM-SHA384:AES256-SHA256:CAMELLIA256-SHA:ECDHE-RSA-AES128- SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128- SHA:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK
[client:default] method = TLSv1+ verify_certificate = no require_certificate = no private_key = /etc/kamailio/example.org.key.pem certificate = /etc/kamailio/example.org.crt.pem cipher_list = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA- AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256- SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM- SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4- SHA:AES256-GCM-SHA384:AES256-SHA256:CAMELLIA256-SHA:ECDHE-RSA-AES128- SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128- SHA:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK
Thanks. -Anthony
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users