Hi, I am using kamailio-3.3.2 on Ubuntu 11.04 x64 and when trying to connect via TLS from my Yealink phone kamailio crashes with the following backtrace:
Loaded symbols for /lib/x86_64-linux-gnu/libnss_files.so.2 Core was generated by `/opt/kamailio/sbin/kamailio'. Program terminated with signal 11, Segmentation fault. #0 handle_ser_child (p=0x7fcbaea2eba0, fd_i=-1) at tcp_main.c:3575 3575 if (unlikely(p->unix_sock<=0)){ (gdb) bt #0 handle_ser_child (p=0x7fcbaea2eba0, fd_i=-1) at tcp_main.c:3575 #1 0x000000000051e5bc in send2child (tcpconn=0x7f8c001597d8, ev=<value optimized out>, fd_i=-1) at tcp_main.c:3975 #2 handle_tcpconn_ev (tcpconn=0x7f8c001597d8, ev=<value optimized out>, fd_i=-1) at tcp_main.c:4310 #3 0x0000000000527dbc in io_wait_loop_epoll () at io_wait.h:1092 #4 tcp_main_loop () at tcp_main.c:4656 #5 0x00000000004726f5 in main_loop () at main.c:1727 #6 0x000000000047402e in main (argc=<value optimized out>, argv=<value optimized out>) at main.c:2546 (gdb)
The manual I am following is http://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates
Thanks, Den
Hello,
few questions: - what is the ssl lib version? - it is happening all the time you try? - what are the log messages printed in syslog before the crash? - can you enable core dumping per process, just to be sure this core is not caused by a kill or children processes?
Can you try with the default configuration file? Kamailio comes with tls support you just have to enable it -- in kamailio.cfg just add after the first line:
#!define WITH_TLS
It will use self signed certificates generated by kamailio at install time.
I am trying to isolate the situation and the cause of the issue. Few hours ago I used tls on ubuntu 12.04 and all went fine.
Cheers, Daniel
On 11/14/12 3:00 PM, Denis wrote:
Hi, I am using kamailio-3.3.2 on Ubuntu 11.04 x64 and when trying to connect via TLS from my Yealink phone kamailio crashes with the following backtrace:
Loaded symbols for /lib/x86_64-linux-gnu/libnss_files.so.2 Core was generated by `/opt/kamailio/sbin/kamailio'. Program terminated with signal 11, Segmentation fault. #0 handle_ser_child (p=0x7fcbaea2eba0, fd_i=-1) at tcp_main.c:3575 3575 if (unlikely(p->unix_sock<=0)){ (gdb) bt #0 handle_ser_child (p=0x7fcbaea2eba0, fd_i=-1) at tcp_main.c:3575 #1 0x000000000051e5bc in send2child (tcpconn=0x7f8c001597d8, ev=<value optimized out>, fd_i=-1) at tcp_main.c:3975 #2 handle_tcpconn_ev (tcpconn=0x7f8c001597d8, ev=<value optimized out>, fd_i=-1) at tcp_main.c:4310 #3 0x0000000000527dbc in io_wait_loop_epoll () at io_wait.h:1092 #4 tcp_main_loop () at tcp_main.c:4656 #5 0x00000000004726f5 in main_loop () at main.c:1727 #6 0x000000000047402e in main (argc=<value optimized out>, argv=<value optimized out>) at main.c:2546 (gdb)
The manual I am following is http://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates
Thanks, Den
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Hi Daniel,
Thanks for your reply.
- what is the ssl lib version?
OpenSSL 0.9.8o
- it is happening all the time you try?
as soon as the phone send package on port 5061 the server crashes.
openssl s_client -debug -connect HOSTNAME:5061 -tls1 crashes Kamailio as well.
- what are the log messages printed in syslog before the crash?
/opt/kamailio/sbin/kamailio[30278]: ALERT: <core> [main.c:785]: child process 30293 exited by a signal 11 /opt/kamailio/sbin/kamailio[30278]: ALERT: <core> [main.c:788]: core was not generated /opt/kamailio/sbin/kamailio[30278]: INFO: <core> [main.c:800]: INFO: terminating due to SIGCHLD /opt/kamailio/sbin/kamailio[30289]: INFO: <core> [main.c:851]: INFO: signal 15 received ... kernel: [4198986.968458] kamailio[30293]: segfault at 7fdca1334ba4 ip 0000000000519856 sp 00007fffe7b6fbf0 error 4 in kamailio[400000+236000]
- can you enable core dumping per process, just to be sure this core
is not caused by a kill or children processes?
Can you please advise how I can do that?
Can you try with the default configuration file? Kamailio comes with tls support you just have to enable it -- in kamailio.cfg just add after the first line:
#!define WITH_TLS
I tried and the result is the same.
I just added: listen=tls:IP.ADDRESS:5061
I am trying to isolate the situation and the cause of the issue. Few hours ago I used tls on ubuntu 12.04 and all went fine.
I think of trying on the newer OS in the evening.
Thanks, Den
Cheers, Daniel
On 11/14/12 3:00 PM, Denis wrote:
Hi, I am using kamailio-3.3.2 on Ubuntu 11.04 x64 and when trying to connect via TLS from my Yealink phone kamailio crashes with the following backtrace:
Loaded symbols for /lib/x86_64-linux-gnu/libnss_files.so.2 Core was generated by `/opt/kamailio/sbin/kamailio'. Program terminated with signal 11, Segmentation fault. #0 handle_ser_child (p=0x7fcbaea2eba0, fd_i=-1) at tcp_main.c:3575 3575 if (unlikely(p->unix_sock<=0)){ (gdb) bt #0 handle_ser_child (p=0x7fcbaea2eba0, fd_i=-1) at tcp_main.c:3575 #1 0x000000000051e5bc in send2child (tcpconn=0x7f8c001597d8, ev=<value optimized out>, fd_i=-1) at tcp_main.c:3975 #2 handle_tcpconn_ev (tcpconn=0x7f8c001597d8, ev=<value optimized out>, fd_i=-1) at tcp_main.c:4310 #3 0x0000000000527dbc in io_wait_loop_epoll () at io_wait.h:1092 #4 tcp_main_loop () at tcp_main.c:4656 #5 0x00000000004726f5 in main_loop () at main.c:1727 #6 0x000000000047402e in main (argc=<value optimized out>, argv=<value optimized out>) at main.c:2546 (gdb)
The manual I am following is http://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates
Thanks, Den
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla -http://www.asipto.com http://twitter.com/#!/miconda -http://www.linkedin.com/in/miconda
Hello,
On 11/15/12 4:52 AM, Denis wrote:
[...] /opt/kamailio/sbin/kamailio[30278]: ALERT: <core> [main.c:785]: child process 30293 exited by a signal 11
Before this line, do you have any other error messages printed by pid 30278?
Cheers, Daniel
Only during kamailio start:
... /opt/kamailio/sbin/kamailio[752]: INFO: rtpproxy [rtpproxy.c:1413]: rtp proxy udp:127.0.0.1:7722 found, support for it enabled /opt/kamailio/sbin/kamailio[759]: INFO: ctl [io_listener.c:225]: io_listen_loop: using epoll_lt io watch method (config)
as soon as I send a request on port 5061 it crashes.. user@server:~$ telnet HOSTNAME 5061 Trying HOSTNAME... Connected to HOSTNAME. Escape character is '^]'. fsf Connection closed by foreign host.
and it crashes.
On 15/11/12 12:22, Daniel-Constantin Mierla wrote:
Hello,
On 11/15/12 4:52 AM, Denis wrote:
[...] /opt/kamailio/sbin/kamailio[30278]: ALERT: <core> [main.c:785]: child process 30293 exited by a signal 11
Before this line, do you have any other error messages printed by pid 30278?
Cheers, Daniel -- Daniel-Constantin Mierla -http://www.asipto.com http://twitter.com/#!/miconda -http://www.linkedin.com/in/miconda
Reviewing the previous email, I probably spotted the issues. You said you added:
listen=tls:IP.ADDRESS:5061
that forces Kamailio to listen only on tls. But tls is on top of tcp, so add:
listen=tcp:127.0.0.1:5061
It was reported couple of days ago, I had no time to look at it yet, traveling for the moment. Should not crash in any condition, if tcp is required and no other way for tls only, the startup process should fail -- I will take care of it soon.
Cheers, Daniel
On 11/15/12 7:39 AM, Denis wrote:
Only during kamailio start:
... /opt/kamailio/sbin/kamailio[752]: INFO: rtpproxy [rtpproxy.c:1413]: rtp proxy udp:127.0.0.1:7722 found, support for it enabled /opt/kamailio/sbin/kamailio[759]: INFO: ctl [io_listener.c:225]: io_listen_loop: using epoll_lt io watch method (config)
as soon as I send a request on port 5061 it crashes.. user@server:~$ telnet HOSTNAME 5061 Trying HOSTNAME... Connected to HOSTNAME. Escape character is '^]'. fsf Connection closed by foreign host.
and it crashes.
On 15/11/12 12:22, Daniel-Constantin Mierla wrote:
Hello,
On 11/15/12 4:52 AM, Denis wrote:
[...] /opt/kamailio/sbin/kamailio[30278]: ALERT: <core> [main.c:785]: child process 30293 exited by a signal 11
Before this line, do you have any other error messages printed by pid 30278?
Cheers, Daniel -- Daniel-Constantin Mierla -http://www.asipto.com http://twitter.com/#!/miconda -http://www.linkedin.com/in/miconda
Thanks for looking at that, Daniel.
If I start all together with tls: and tcp: (both lines order) then I see this:
/opt/kamailio/sbin/kamailio[1008]: ERROR: <core> [tcp_main.c:2918]: ERROR: tcp_init: bind(9, 0x7f3fa8eb7d64, 16) on IP_ADDRESS:5061 : Address already in use /opt/kamailio/sbin/kamailio[1008]: ERROR: tls [tls_init.c:314]: Error while initializing TCP part of TLS socket IP_ADDRESS:5061
If I start only tcp: I am getting: /opt/kamailio/sbin/kamailio[1035]: ERROR: tls [tls_init.c:660]: TLSs<IP_ADDRESS:5061>: No listening socket found /opt/kamailio/sbin/kamailio[1035]: ERROR: <core> [sr_module.c:939]: init_mod(): Error while initializing module tls (/opt/kamailio/lib64/kamailio/modules/tls.so)
Thanks, Den
On 15/11/12 12:48, Daniel-Constantin Mierla wrote:
Reviewing the previous email, I probably spotted the issues. You said you added:
listen=tls:IP.ADDRESS:5061
that forces Kamailio to listen only on tls. But tls is on top of tcp, so add:
listen=tcp:127.0.0.1:5061
It was reported couple of days ago, I had no time to look at it yet, traveling for the moment. Should not crash in any condition, if tcp is required and no other way for tls only, the startup process should fail -- I will take care of it soon.
Cheers, Daniel
On 11/15/12 7:39 AM, Denis wrote:
Only during kamailio start:
... /opt/kamailio/sbin/kamailio[752]: INFO: rtpproxy [rtpproxy.c:1413]: rtp proxy udp:127.0.0.1:7722 found, support for it enabled /opt/kamailio/sbin/kamailio[759]: INFO: ctl [io_listener.c:225]: io_listen_loop: using epoll_lt io watch method (config)
as soon as I send a request on port 5061 it crashes.. user@server:~$ telnet HOSTNAME 5061 Trying HOSTNAME... Connected to HOSTNAME. Escape character is '^]'. fsf Connection closed by foreign host.
and it crashes.
On 15/11/12 12:22, Daniel-Constantin Mierla wrote:
Hello,
On 11/15/12 4:52 AM, Denis wrote:
[...] /opt/kamailio/sbin/kamailio[30278]: ALERT: <core> [main.c:785]: child process 30293 exited by a signal 11
Before this line, do you have any other error messages printed by pid 30278?
Cheers, Daniel -- Daniel-Constantin Mierla -http://www.asipto.com http://twitter.com/#!/miconda -http://www.linkedin.com/in/miconda
-- Daniel-Constantin Mierla -http://www.asipto.com http://twitter.com/#!/miconda -http://www.linkedin.com/in/miconda
Copy and paste typo, overlapping port use:
listen=tcp:127.0.0.1:5060
Cheers, Daniel
On 11/15/12 7:54 AM, Denis wrote:
Thanks for looking at that, Daniel.
If I start all together with tls: and tcp: (both lines order) then I see this:
/opt/kamailio/sbin/kamailio[1008]: ERROR: <core> [tcp_main.c:2918]: ERROR: tcp_init: bind(9, 0x7f3fa8eb7d64, 16) on IP_ADDRESS:5061 : Address already in use /opt/kamailio/sbin/kamailio[1008]: ERROR: tls [tls_init.c:314]: Error while initializing TCP part of TLS socket IP_ADDRESS:5061
If I start only tcp: I am getting: /opt/kamailio/sbin/kamailio[1035]: ERROR: tls [tls_init.c:660]: TLSs<IP_ADDRESS:5061>: No listening socket found /opt/kamailio/sbin/kamailio[1035]: ERROR: <core> [sr_module.c:939]: init_mod(): Error while initializing module tls (/opt/kamailio/lib64/kamailio/modules/tls.so)
Thanks, Den
On 15/11/12 12:48, Daniel-Constantin Mierla wrote:
Reviewing the previous email, I probably spotted the issues. You said you added:
listen=tls:IP.ADDRESS:5061
that forces Kamailio to listen only on tls. But tls is on top of tcp, so add:
listen=tcp:127.0.0.1:5061
It was reported couple of days ago, I had no time to look at it yet, traveling for the moment. Should not crash in any condition, if tcp is required and no other way for tls only, the startup process should fail -- I will take care of it soon.
Cheers, Daniel
On 11/15/12 7:39 AM, Denis wrote:
Only during kamailio start:
... /opt/kamailio/sbin/kamailio[752]: INFO: rtpproxy [rtpproxy.c:1413]: rtp proxy udp:127.0.0.1:7722 found, support for it enabled /opt/kamailio/sbin/kamailio[759]: INFO: ctl [io_listener.c:225]: io_listen_loop: using epoll_lt io watch method (config)
as soon as I send a request on port 5061 it crashes.. user@server:~$ telnet HOSTNAME 5061 Trying HOSTNAME... Connected to HOSTNAME. Escape character is '^]'. fsf Connection closed by foreign host.
and it crashes.
On 15/11/12 12:22, Daniel-Constantin Mierla wrote:
Hello,
On 11/15/12 4:52 AM, Denis wrote:
[...] /opt/kamailio/sbin/kamailio[30278]: ALERT: <core> [main.c:785]: child process 30293 exited by a signal 11
Before this line, do you have any other error messages printed by pid 30278?
Cheers, Daniel -- Daniel-Constantin Mierla -http://www.asipto.com http://twitter.com/#!/miconda -http://www.linkedin.com/in/miconda
-- Daniel-Constantin Mierla -http://www.asipto.com http://twitter.com/#!/miconda -http://www.linkedin.com/in/miconda
Thank you, it worked! I just added listen=tcp:IP:5060 so it probably needs to initialize tcp separately from tls )
Thanks a lot!
P.S. now I am having another errors though while connecting to tls port but I believe it is certificates problems: $ openssl s_client -connect IP:5061 -tls1 -CAfile certs/demoCA/cert.pem ... 1727:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1102:SSL alert number 40 1727:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:539: syslog: /opt/kamailio/sbin/kamailio[1708]: ERROR: tls [tls_server.c:1190]: TLS accept:error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate /opt/kamailio/sbin/kamailio[1708]: ERROR: <core> [tcp_read.c:1127]: ERROR: tcp_read_req: error reading
Thanks, Den
On 15/11/12 13:33, Daniel-Constantin Mierla wrote:
Copy and paste typo, overlapping port use:
listen=tcp:127.0.0.1:5060
Cheers, Daniel
On 11/15/12 7:54 AM, Denis wrote:
Thanks for looking at that, Daniel.
If I start all together with tls: and tcp: (both lines order) then I see this:
/opt/kamailio/sbin/kamailio[1008]: ERROR: <core> [tcp_main.c:2918]: ERROR: tcp_init: bind(9, 0x7f3fa8eb7d64, 16) on IP_ADDRESS:5061 : Address already in use /opt/kamailio/sbin/kamailio[1008]: ERROR: tls [tls_init.c:314]: Error while initializing TCP part of TLS socket IP_ADDRESS:5061
If I start only tcp: I am getting: /opt/kamailio/sbin/kamailio[1035]: ERROR: tls [tls_init.c:660]: TLSs<IP_ADDRESS:5061>: No listening socket found /opt/kamailio/sbin/kamailio[1035]: ERROR: <core> [sr_module.c:939]: init_mod(): Error while initializing module tls (/opt/kamailio/lib64/kamailio/modules/tls.so)
Thanks, Den
On 15/11/12 12:48, Daniel-Constantin Mierla wrote:
Reviewing the previous email, I probably spotted the issues. You said you added:
listen=tls:IP.ADDRESS:5061
that forces Kamailio to listen only on tls. But tls is on top of tcp, so add:
listen=tcp:127.0.0.1:5061
It was reported couple of days ago, I had no time to look at it yet, traveling for the moment. Should not crash in any condition, if tcp is required and no other way for tls only, the startup process should fail -- I will take care of it soon.
Cheers, Daniel
On 11/15/12 7:39 AM, Denis wrote:
Only during kamailio start:
... /opt/kamailio/sbin/kamailio[752]: INFO: rtpproxy [rtpproxy.c:1413]: rtp proxy udp:127.0.0.1:7722 found, support for it enabled /opt/kamailio/sbin/kamailio[759]: INFO: ctl [io_listener.c:225]: io_listen_loop: using epoll_lt io watch method (config)
as soon as I send a request on port 5061 it crashes.. user@server:~$ telnet HOSTNAME 5061 Trying HOSTNAME... Connected to HOSTNAME. Escape character is '^]'. fsf Connection closed by foreign host.
and it crashes.
On 15/11/12 12:22, Daniel-Constantin Mierla wrote:
Hello,
On 11/15/12 4:52 AM, Denis wrote:
[...] /opt/kamailio/sbin/kamailio[30278]: ALERT: <core> [main.c:785]: child process 30293 exited by a signal 11
Before this line, do you have any other error messages printed by pid 30278?
Cheers, Daniel -- Daniel-Constantin Mierla -http://www.asipto.com http://twitter.com/#!/miconda -http://www.linkedin.com/in/miconda
-- Daniel-Constantin Mierla -http://www.asipto.com http://twitter.com/#!/miconda -http://www.linkedin.com/in/miconda
-- Daniel-Constantin Mierla -http://www.asipto.com http://twitter.com/#!/miconda -http://www.linkedin.com/in/miconda
Seems like Kamailio is configured to require a client certificate, but the client doesn't have one.
klaus
Am 15.11.2012 15:04, schrieb Denis:
Thank you, it worked! I just added listen=tcp:IP:5060 so it probably needs to initialize tcp separately from tls )
Thanks a lot!
P.S. now I am having another errors though while connecting to tls port but I believe it is certificates problems: $ openssl s_client -connect IP:5061 -tls1 -CAfile certs/demoCA/cert.pem ... 1727:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1102:SSL alert number 40 1727:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:539: syslog: /opt/kamailio/sbin/kamailio[1708]: ERROR: tls [tls_server.c:1190]: TLS accept:error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate /opt/kamailio/sbin/kamailio[1708]: ERROR: <core> [tcp_read.c:1127]: ERROR: tcp_read_req: error reading
Thanks, Den
On 15/11/12 13:33, Daniel-Constantin Mierla wrote:
Copy and paste typo, overlapping port use:
listen=tcp:127.0.0.1:5060
Cheers, Daniel
On 11/15/12 7:54 AM, Denis wrote:
Thanks for looking at that, Daniel.
If I start all together with tls: and tcp: (both lines order) then I see this:
/opt/kamailio/sbin/kamailio[1008]: ERROR: <core> [tcp_main.c:2918]: ERROR: tcp_init: bind(9, 0x7f3fa8eb7d64, 16) on IP_ADDRESS:5061 : Address already in use /opt/kamailio/sbin/kamailio[1008]: ERROR: tls [tls_init.c:314]: Error while initializing TCP part of TLS socket IP_ADDRESS:5061
If I start only tcp: I am getting: /opt/kamailio/sbin/kamailio[1035]: ERROR: tls [tls_init.c:660]: TLSs<IP_ADDRESS:5061>: No listening socket found /opt/kamailio/sbin/kamailio[1035]: ERROR: <core> [sr_module.c:939]: init_mod(): Error while initializing module tls (/opt/kamailio/lib64/kamailio/modules/tls.so)
Thanks, Den
On 15/11/12 12:48, Daniel-Constantin Mierla wrote:
Reviewing the previous email, I probably spotted the issues. You said you added:
listen=tls:IP.ADDRESS:5061
that forces Kamailio to listen only on tls. But tls is on top of tcp, so add:
listen=tcp:127.0.0.1:5061
It was reported couple of days ago, I had no time to look at it yet, traveling for the moment. Should not crash in any condition, if tcp is required and no other way for tls only, the startup process should fail -- I will take care of it soon.
Cheers, Daniel
On 11/15/12 7:39 AM, Denis wrote:
Only during kamailio start:
... /opt/kamailio/sbin/kamailio[752]: INFO: rtpproxy [rtpproxy.c:1413]: rtp proxy udp:127.0.0.1:7722 found, support for it enabled /opt/kamailio/sbin/kamailio[759]: INFO: ctl [io_listener.c:225]: io_listen_loop: using epoll_lt io watch method (config)
as soon as I send a request on port 5061 it crashes.. user@server:~$ telnet HOSTNAME 5061 Trying HOSTNAME... Connected to HOSTNAME. Escape character is '^]'. fsf Connection closed by foreign host.
and it crashes.
On 15/11/12 12:22, Daniel-Constantin Mierla wrote:
Hello,
On 11/15/12 4:52 AM, Denis wrote: > [...] > /opt/kamailio/sbin/kamailio[30278]: ALERT: <core> [main.c:785]: > child process 30293 exited by a signal 11 Before this line, do you have any other error messages printed by pid 30278?
Cheers, Daniel -- Daniel-Constantin Mierla -http://www.asipto.com http://twitter.com/#!/miconda -http://www.linkedin.com/in/miconda
-- Daniel-Constantin Mierla -http://www.asipto.com http://twitter.com/#!/miconda -http://www.linkedin.com/in/miconda
-- Daniel-Constantin Mierla -http://www.asipto.com http://twitter.com/#!/miconda -http://www.linkedin.com/in/miconda
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-
Daniel-Constantin Mierla -
Denis -
Klaus Darilion