Hello,
It's kamailio 5.6.4.
I can say that there is no segfault in case Identity is OK but bad attempts sometimes are the reason for segfault. Not sure I can duplicate but it happens several times per day.
Please look at logs.
in messages: Apr 3 09:40:02 kam1 kernel: [6381565.762987] kamailio[9141]: segfault at 746c75616665 ip 00007f20c4cab6df sp 00007ffe7ec51470 error 4 in libcrypto.so.1.1[7f20c4c3b000+19e000]
kamailio.log: Apr 3 09:40:02 kam1 kamailio[9141]: NOTICE: <script>: it is INVITE with Identity. Lets check Identity Apr 3 09:40:02 kam1 kamailio[9141]: CRITICAL: <core> [core/mem/q_malloc.c:501]: qm_free(): BUG: bad pointer 0x645f6d6574737973 (out of memory block!) called from tls: tls_init.c: ser_free(323) - ignoring Apr 3 09:40:02 kam1 kamailio[9182]: CRITICAL: <core> [core/pass_fd.c:277]: receive_fd(): EOF on 53 Apr 3 09:40:02 kam1 kamailio[9100]: ALERT: <core> [main.c:774]: handle_sigs(): child process 9141 exited by a signal 11 Apr 3 09:40:02 kam1 kamailio[9100]: ALERT: <core> [main.c:777]: handle_sigs(): core was not generated Apr 3 09:40:02 kam1 kamailio[9100]: CRITICAL: <core> [core/mem/q_malloc.c:501]: qm_free(): BUG: bad pointer 0x645f6d6574737973 (out of memory block!) called from tls: tls_init.c: ser_free(323) - ignoring
loadmodule "stirshaken.so"
####### STIRSHAKEN ###### modparam("stirshaken", "vs_verify_x509_cert_path", 1) modparam("stirshaken", "vs_ca_dir", "/etc/kamailio/stir_CA") #modparam("stirshaken", "vs_crl_dir", "/etc/kamailio/CRL") modparam("stirshaken", "as_default_key", "/etc/kamailio/key/private_key.pem") modparam("stirshaken", "vs_cache_certificates", 1) modparam("stirshaken", "vs_cache_dir", "/tmp/cert_cache") modparam("stirshaken", "vs_cache_expire_s", 100)
if (is_method("INVITE") && is_present_hf("Identity")) { xlog("L_NOTICE", "it is INVITE with Identity. Lets check Identity\n"); if (1 == stirshaken_check_identity()) { xlog("L_NOTICE", "Shaken Identity is OK\n"); } else { xlog("L_NOTICE", "Shaken Identity is invalid\n"); } }
Please give me some advice.
Hello,
I cannot help with stirshaken module, not being involved in its development, but I could suggest to try the secsipid module, which I wrote and I can fix bugs if any is reported. secsipid offers stir/shaken functionality as well.
Cheers, Daniel
On 03.04.23 18:31, Yuriy Nasida wrote:
Hello,
It's kamailio 5.6.4.
I can say that there is no segfault in case Identity is OK but bad attempts sometimes are the reason for segfault. Not sure I can duplicate but it happens several times per day.
Please look at logs.
in messages: Apr 3 09:40:02 kam1 kernel: [6381565.762987] kamailio[9141]: segfault at 746c75616665 ip 00007f20c4cab6df sp 00007ffe7ec51470 error 4 in libcrypto.so.1.1[7f20c4c3b000+19e000]
kamailio.log: Apr 3 09:40:02 kam1 kamailio[9141]: NOTICE: <script>: it is INVITE with Identity. Lets check Identity Apr 3 09:40:02 kam1 kamailio[9141]: CRITICAL: <core> [core/mem/q_malloc.c:501]: qm_free(): BUG: bad pointer 0x645f6d6574737973 (out of memory block!) called from tls: tls_init.c: ser_free(323) - ignoring Apr 3 09:40:02 kam1 kamailio[9182]: CRITICAL: <core> [core/pass_fd.c:277]: receive_fd(): EOF on 53 Apr 3 09:40:02 kam1 kamailio[9100]: ALERT: <core> [main.c:774]: handle_sigs(): child process 9141 exited by a signal 11 Apr 3 09:40:02 kam1 kamailio[9100]: ALERT: <core> [main.c:777]: handle_sigs(): core was not generated Apr 3 09:40:02 kam1 kamailio[9100]: CRITICAL: <core> [core/mem/q_malloc.c:501]: qm_free(): BUG: bad pointer 0x645f6d6574737973 (out of memory block!) called from tls: tls_init.c: ser_free(323) - ignoring
loadmodule "stirshaken.so"
####### STIRSHAKEN ###### modparam("stirshaken", "vs_verify_x509_cert_path", 1) modparam("stirshaken", "vs_ca_dir", "/etc/kamailio/stir_CA") #modparam("stirshaken", "vs_crl_dir", "/etc/kamailio/CRL") modparam("stirshaken", "as_default_key", "/etc/kamailio/key/private_key.pem") modparam("stirshaken", "vs_cache_certificates", 1) modparam("stirshaken", "vs_cache_dir", "/tmp/cert_cache") modparam("stirshaken", "vs_cache_expire_s", 100)
if (is_method("INVITE") && is_present_hf("Identity")) { xlog("L_NOTICE", "it is INVITE with Identity. Lets check Identity\n"); if (1 == stirshaken_check_identity()) { xlog("L_NOTICE", "Shaken Identity is OK\n"); } else { xlog("L_NOTICE", "Shaken Identity is invalid\n"); } }
Please give me some advice.
Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
Thanks a lot for advice Daniel.
I tried secsipid and it's working fine. But I didn't find some functionality that the stirshaken module has:
modparam("stirshaken", "vs_verify_x509_cert_path", 1) modparam("stirshaken", "vs_ca_dir", "/etc/kamailio/stir_CA") modparam("stirshaken", "vs_crl_dir", "/etc/kamailio/CRL")
Does secsipid have verifying of x509 cert path using CA ? Also does it have the possibility to check cert in CRL ?
Thank you
On Tue, 4 Apr 2023 at 08:48, Daniel-Constantin Mierla miconda@gmail.com wrote:
Hello,
I cannot help with stirshaken module, not being involved in its development, but I could suggest to try the secsipid module, which I wrote and I can fix bugs if any is reported. secsipid offers stir/shaken functionality as well.
Cheers, Daniel
On 03.04.23 18:31, Yuriy Nasida wrote:
Hello,
It's kamailio 5.6.4.
I can say that there is no segfault in case Identity is OK but bad attempts sometimes are the reason for segfault. Not sure I can duplicate but it happens several times per day.
Please look at logs.
in messages: Apr 3 09:40:02 kam1 kernel: [6381565.762987] kamailio[9141]: segfault at 746c75616665 ip 00007f20c4cab6df sp 00007ffe7ec51470 error 4 in libcrypto.so.1.1[7f20c4c3b000+19e000]
kamailio.log: Apr 3 09:40:02 kam1 kamailio[9141]: NOTICE: <script>: it is INVITE with Identity. Lets check Identity Apr 3 09:40:02 kam1 kamailio[9141]: CRITICAL: <core> [core/mem/q_malloc.c:501]: qm_free(): BUG: bad pointer 0x645f6d6574737973 (out of memory block!) called from tls: tls_init.c: ser_free(323) - ignoring Apr 3 09:40:02 kam1 kamailio[9182]: CRITICAL: <core> [core/pass_fd.c:277]: receive_fd(): EOF on 53 Apr 3 09:40:02 kam1 kamailio[9100]: ALERT: <core> [main.c:774]: handle_sigs(): child process 9141 exited by a signal 11 Apr 3 09:40:02 kam1 kamailio[9100]: ALERT: <core> [main.c:777]: handle_sigs(): core was not generated Apr 3 09:40:02 kam1 kamailio[9100]: CRITICAL: <core> [core/mem/q_malloc.c:501]: qm_free(): BUG: bad pointer 0x645f6d6574737973 (out of memory block!) called from tls: tls_init.c: ser_free(323) - ignoring
loadmodule "stirshaken.so"
####### STIRSHAKEN ###### modparam("stirshaken", "vs_verify_x509_cert_path", 1) modparam("stirshaken", "vs_ca_dir", "/etc/kamailio/stir_CA") #modparam("stirshaken", "vs_crl_dir", "/etc/kamailio/CRL") modparam("stirshaken", "as_default_key", "/etc/kamailio/key/private_key.pem") modparam("stirshaken", "vs_cache_certificates", 1) modparam("stirshaken", "vs_cache_dir", "/tmp/cert_cache") modparam("stirshaken", "vs_cache_expire_s", 100)
if (is_method("INVITE") && is_present_hf("Identity")) { xlog("L_NOTICE", "it is INVITE with Identity. Letscheck Identity\n"); if (1 == stirshaken_check_identity()) { xlog("L_NOTICE", "Shaken Identity is OK\n"); } else { xlog("L_NOTICE", "Shaken Identity is invalid\n"); } }
Please give me some advice.
Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe:
-- Daniel-Constantin Mierla -- www.asipto.com www.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio World Conference - June 5-7, 2023 - www.kamailioworld.com
-
Daniel-Constantin Mierla -
Yuriy Nasida