3 Apr
2023
3 Apr
'23
12:31 p.m.
Hello,
It's kamailio 5.6.4.
I can say that there is no segfault in case Identity is OK but bad attempts
sometimes are the reason for segfault. Not sure I can duplicate but it
happens several times per day.
Please look at logs.
in messages:
Apr 3 09:40:02 kam1 kernel: [6381565.762987] kamailio[9141]: segfault at
746c75616665 ip 00007f20c4cab6df sp 00007ffe7ec51470 error 4 in
libcrypto.so.1.1[7f20c4c3b000+19e000]
kamailio.log:
Apr 3 09:40:02 kam1 kamailio[9141]: NOTICE: <script>: it is INVITE with
Identity. Lets check Identity
Apr 3 09:40:02 kam1 kamailio[9141]: CRITICAL: <core>
[core/mem/q_malloc.c:501]: qm_free(): BUG: bad pointer 0x645f6d6574737973
(out of memory block!) called from tls: tls_init.c: ser_free(323) - ignoring
Apr 3 09:40:02 kam1 kamailio[9182]: CRITICAL: <core> [core/pass_fd.c:277]:
receive_fd(): EOF on 53
Apr 3 09:40:02 kam1 kamailio[9100]: ALERT: <core> [main.c:774]:
handle_sigs(): child process 9141 exited by a signal 11
Apr 3 09:40:02 kam1 kamailio[9100]: ALERT: <core> [main.c:777]:
handle_sigs(): core was not generated
Apr 3 09:40:02 kam1 kamailio[9100]: CRITICAL: <core>
[core/mem/q_malloc.c:501]: qm_free(): BUG: bad pointer 0x645f6d6574737973
(out of memory block!) called from tls: tls_init.c: ser_free(323) - ignoring
loadmodule "stirshaken.so"
####### STIRSHAKEN ######
modparam("stirshaken", "vs_verify_x509_cert_path", 1)
modparam("stirshaken", "vs_ca_dir",
"/etc/kamailio/stir_CA")
#modparam("stirshaken", "vs_crl_dir", "/etc/kamailio/CRL")
modparam("stirshaken", "as_default_key",
"/etc/kamailio/key/private_key.pem")
modparam("stirshaken", "vs_cache_certificates", 1)
modparam("stirshaken", "vs_cache_dir", "/tmp/cert_cache")
modparam("stirshaken", "vs_cache_expire_s", 100)
if (is_method("INVITE") && is_present_hf("Identity"))
{
xlog("L_NOTICE", "it is INVITE with Identity. Lets check
Identity\n");
if (1 == stirshaken_check_identity()) {
xlog("L_NOTICE", "Shaken Identity is OK\n");
} else {
xlog("L_NOTICE", "Shaken Identity is
invalid\n");
}
}
Please give me some advice.
4 Apr
4 Apr
1:48 a.m.
Hello,
I cannot help with stirshaken module, not being involved in its
development, but I could suggest to try the secsipid module, which I
wrote and I can fix bugs if any is reported. secsipid offers stir/shaken
functionality as well.
Cheers,
Daniel
On 03.04.23 18:31, Yuriy Nasida wrote:
Hello,
It's kamailio 5.6.4.
I can say that there is no segfault in case Identity is OK but bad
attempts sometimes are the reason for segfault. Not sure I can
duplicate but it happens several times per day.
Please look at logs.
in messages:
Apr 3 09:40:02 kam1 kernel: [6381565.762987] kamailio[9141]: segfault
at 746c75616665 ip 00007f20c4cab6df sp 00007ffe7ec51470 error 4 in
libcrypto.so.1.1[7f20c4c3b000+19e000]
kamailio.log:
Apr 3 09:40:02 kam1 kamailio[9141]: NOTICE: <script>: it is INVITE
with Identity. Lets check Identity
Apr 3 09:40:02 kam1 kamailio[9141]: CRITICAL: <core>
[core/mem/q_malloc.c:501]: qm_free(): BUG: bad pointer
0x645f6d6574737973 (out of memory block!) called from tls: tls_init.c:
ser_free(323) - ignoring
Apr 3 09:40:02 kam1 kamailio[9182]: CRITICAL: <core>
[core/pass_fd.c:277]: receive_fd(): EOF on 53
Apr 3 09:40:02 kam1 kamailio[9100]: ALERT: <core> [main.c:774]:
handle_sigs(): child process 9141 exited by a signal 11
Apr 3 09:40:02 kam1 kamailio[9100]: ALERT: <core> [main.c:777]:
handle_sigs(): core was not generated
Apr 3 09:40:02 kam1 kamailio[9100]: CRITICAL: <core>
[core/mem/q_malloc.c:501]: qm_free(): BUG: bad pointer
0x645f6d6574737973 (out of memory block!) called from tls: tls_init.c:
ser_free(323) - ignoring
loadmodule "stirshaken.so"
####### STIRSHAKEN ######
modparam("stirshaken", "vs_verify_x509_cert_path", 1)
modparam("stirshaken", "vs_ca_dir",
"/etc/kamailio/stir_CA")
#modparam("stirshaken", "vs_crl_dir",
"/etc/kamailio/CRL")
modparam("stirshaken", "as_default_key",
"/etc/kamailio/key/private_key.pem")
modparam("stirshaken", "vs_cache_certificates", 1)
modparam("stirshaken", "vs_cache_dir", "/tmp/cert_cache")
modparam("stirshaken", "vs_cache_expire_s", 100)
if (is_method("INVITE") && is_present_hf("Identity"))
{
xlog("L_NOTICE", "it is INVITE with Identity. Lets
check Identity\n");
if (1 == stirshaken_check_identity()) {
xlog("L_NOTICE", "Shaken Identity is OK\n");
} else {
xlog("L_NOTICE", "Shaken Identity is
invalid\n");
}
}
Please give me some advice.
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio World Conference - June 5-7, 2023 - www.kamailioworld.com
9:10 a.m.
Thanks a lot for advice Daniel.
I tried secsipid and it's working fine. But I didn't find some
functionality that the stirshaken module has:
modparam("stirshaken", "vs_verify_x509_cert_path", 1)
modparam("stirshaken", "vs_ca_dir",
"/etc/kamailio/stir_CA")
modparam("stirshaken", "vs_crl_dir", "/etc/kamailio/CRL")
Does secsipid have verifying of x509 cert path using CA ? Also does it
have the possibility to check cert in CRL ?
Thank you
On Tue, 4 Apr 2023 at 08:48, Daniel-Constantin Mierla <miconda(a)gmail.com>
wrote:
Hello,
I cannot help with stirshaken module, not being involved in its
development, but I could suggest to try the secsipid module, which I
wrote and I can fix bugs if any is reported. secsipid offers stir/shaken
functionality as well.
Cheers,
Daniel
On 03.04.23 18:31, Yuriy Nasida wrote:
Hello,
It's kamailio 5.6.4.
I can say that there is no segfault in case Identity is OK but bad
attempts sometimes are the reason for segfault. Not sure I can
duplicate but it happens several times per day.
Please look at logs.
in messages:
Apr 3 09:40:02 kam1 kernel: [6381565.762987] kamailio[9141]: segfault
at 746c75616665 ip 00007f20c4cab6df sp 00007ffe7ec51470 error 4 in
libcrypto.so.1.1[7f20c4c3b000+19e000]
kamailio.log:
Apr 3 09:40:02 kam1 kamailio[9141]: NOTICE: <script>: it is INVITE
with Identity. Lets check Identity
Apr 3 09:40:02 kam1 kamailio[9141]: CRITICAL: <core>
[core/mem/q_malloc.c:501]: qm_free(): BUG: bad pointer
0x645f6d6574737973 (out of memory block!) called from tls: tls_init.c:
ser_free(323) - ignoring
Apr 3 09:40:02 kam1 kamailio[9182]: CRITICAL: <core>
[core/pass_fd.c:277]: receive_fd(): EOF on 53
Apr 3 09:40:02 kam1 kamailio[9100]: ALERT: <core> [main.c:774]:
handle_sigs(): child process 9141 exited by a signal 11
Apr 3 09:40:02 kam1 kamailio[9100]: ALERT: <core> [main.c:777]:
handle_sigs(): core was not generated
Apr 3 09:40:02 kam1 kamailio[9100]: CRITICAL: <core>
[core/mem/q_malloc.c:501]: qm_free(): BUG: bad pointer
0x645f6d6574737973 (out of memory block!) called from tls: tls_init.c:
ser_free(323) - ignoring
loadmodule "stirshaken.so"
####### STIRSHAKEN ######
modparam("stirshaken", "vs_verify_x509_cert_path", 1)
modparam("stirshaken", "vs_ca_dir",
"/etc/kamailio/stir_CA")
#modparam("stirshaken", "vs_crl_dir", "/etc/kamailio/CRL")
modparam("stirshaken", "as_default_key",
"/etc/kamailio/key/private_key.pem")
modparam("stirshaken", "vs_cache_certificates", 1)
modparam("stirshaken", "vs_cache_dir", "/tmp/cert_cache")
modparam("stirshaken", "vs_cache_expire_s", 100)
if (is_method("INVITE") && is_present_hf("Identity"))
{
xlog("L_NOTICE", "it is INVITE with Identity. Lets
check Identity\n");
if (1 == stirshaken_check_identity()) {
xlog("L_NOTICE", "Shaken Identity is OK\n");
} else {
xlog("L_NOTICE", "Shaken Identity is
invalid\n");
}
}
Please give me some advice.
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the
sender!
Edit mailing list options or unsubscribe:
--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio World Conference - June 5-7, 2023 - www.kamailioworld.com
642
days inactive
643
days old
2 comments
2 participants
participants (2)
-
Daniel-Constantin Mierla -
Yuriy Nasida