As you are using the master branch (development), do you run latest version?

Can you look at available shared memory?

kamctl stats shmem

Check it over time and see if the free memory is decreasing.

Cheers,
Daniel

On 17/11/15 00:44, Anthony Messina wrote:
I have noticed the following issue which began with builds somewhere between 
git master commits bff0a08 and 6173ef7. I did not see this issue with my 
previous builds and haven't been able to pin down the problem, which is why I 
haven't formally filed a bug.

Any help or guidance is appreciated, because this has crippled my use of 
Kamailio.  Only a restart enables it to work again until the issue recurs.

ERROR: tls [tls_server.c:189]: tls_complete_init(): tls: ssl bug #1491 
workaround: not enough memory for safe operation: 8870536
ERROR: <core> [tcp_read.c:1303]: tcp_read_req(): ERROR: tcp_read_req: error 
reading

I currently build against and run openssl-1.0.1k-12.fc22.x86_64.

I have a very small operation and the only change on the operational side is 
that all 5 of my mobile UACs (yes, that's all) have switched from 
CSipSimple/Android to Zoiper/Android, which doesn't yet have support for 
client-side certificates so verify_certificate and require_certificate are off 
for both the server and client config.

The server is started with:
/usr/sbin/kamailio -P /run/kamailio/kamailio.pid -m 64 -M 8

I have tried modifying the shared mem to 128 but the issue still occurs.

Even right now, I am seeing the error when only one UAC has established a TLS 
connection:

# kamcmd tls.list
{
        id: 572
        timeout: 3475
        src_ip: 10.77.79.156
        src_port: 58688
        dst_ip: 10.77.79.3
        dst_port: 5061
        cipher: ECDHE-RSA-RC4-SHA  SSLv3 Kx=ECDH Au=RSA  Enc=RC4(128) Mac=SHA1
        ct_wq_size: 0
        enc_rd_buf: 0
        flags: 2
        state: established
}

# kamailio.cfg
enable_tls=yes
loadmodule "tls.so"
modparam("tls", "connection_timeout", 60)
#modparam("tls", "tls_log", 1)
#modparam("tls", "tls_debug", 1)
#modparam("tls", "low_mem_threshold1", -1)
#modparam("tls", "low_mem_threshold2", 0)
modparam("tls", "session_cache", 1)

# tls.cfg
[server:default]
method = TLSv1+
verify_certificate = no
require_certificate = no
private_key = /etc/kamailio/example.org.key.pem
certificate = /etc/kamailio/example.org.crt.pem
server_name = example.org
cipher_list = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-
AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-
SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-
SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-
SHA:AES256-GCM-SHA384:AES256-SHA256:CAMELLIA256-SHA:ECDHE-RSA-AES128-
SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-
SHA:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK

[client:default]
method = TLSv1+
verify_certificate = no
require_certificate = no
private_key = /etc/kamailio/example.org.key.pem
certificate = /etc/kamailio/example.org.crt.pem
cipher_list = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-
AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-
SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-
SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-
SHA:AES256-GCM-SHA384:AES256-SHA256:CAMELLIA256-SHA:ECDHE-RSA-AES128-
SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-
SHA:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK


Thanks.  -Anthony




_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users


-- 
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
Kamailio Advanced Training, Nov 30-Dec 2, Berlin - http://asipto.com/kat