[Devel] Crash with openser 1.1.0 and TLS clients

Klaus Darilion klaus.mailinglists at pernau.at
Thu Nov 23 17:22:57 CET 2006 

Hi Christophe!

First observation (TCP dump): User Agent 1 is buggy. The R-URI of the 
ACK does not conatin the transport=tcp paramter (from the Contact line 
in the 200 OK), thus the ACK from proxy to client 2 is sent via UDP. the 
same happens for the BYE transaction.


Now TLS - some analysis:
There is the same problem as with TCP. The ACK and BYE are sent with UDP 
as the request URI misses the transport parameter. This time the SIP 
clients do not respond to the UDP packets. Hence, the BYE is sent from 
both clients with retransmissions.

There are 3 TLS connections.
1. from client 1 to proxy which is used for REGISTER and outgoing 
INVITE/ACK/BYE
2. from client 2 to proxy which is used for REGISTER
3. from proxy to client 2 which is used for INVITE

Packet 101: The 2nd clients starts to unregister.

Packet 110 and 111: client 2 sends RST to proxy. Why does the client not 
terminate the TCP session with FIN?

Packet 112: openser sends FIN to client 1 (is this due to the crash 
happend somewhere between #110 and #112?)

Packet 116: client 1 re-establish the TLS session and openser accepts - 
is openser still listening on the TLS port or has it restarted and is 
working again?

 From the capture file it looks like there was no openser crash at all. 
Thus, if there happend to be a crash somewhere around #110 maybe openser 
can't handle receipt of RST properly?

regards
Klaus



Christophe Irles wrote:
> 
> Ok I create again dump files with exactly the same scenario. I test them
> with wireshark successfully. Pb seems to come from the "txt" extension.
> 
> The first dump file is based on SIP over TLS and the second is based on SIP
> over TCP.
> 
> As I said previously when using TLS, openser crash but not in TCP (same
> openser config, just a restart between each test)
> 
> I notice in these two dump files something strange: some packets send by
> openser are in UDP ! When they are send, the header "Record Route" is
> composed of two lines: the last with the correct transport set (TCP or TLS)
> but the first one wihtout this information ...
> 
> Hope this helps,
> Christophe
> 
> -----Message d'origine-----
> De : Klaus Darilion [mailto:klaus.mailinglists at pernau.at] 
> Envoyé : mardi 21 novembre 2006 17:35
> À : Christophe Irles
> Cc : 'OpenSER_DEV'
> Objet : Re: [Devel] Crash with openser 1.1.0 and TLS clients
> 
> Hi!
> 
> I can't open the dump in ethereal. Maybe it was broken because it was named
> .txt. Can you please resend it as .cap? (or zip)
> 
> regards
> klaus
> 
> Christophe Irles wrote:
>> Hi Klauss,
>>
>> Since ssldump is working not so well I used this option in my config file:
>> tls_ciphers_list="NULL"
>> I used tcpdump to have SIP messages as follow:  tcpdump -vv -s 2000 -i 
>> eth0 port 5061 -w dump.txt (cf. attached file)
>>
>> In this file, you will find this scenario:
>> - Device A (known as uri 800 at sbcsipsophia.dyndns.rog) registered first
>> - Device B (known as uri 810 at sbcsipsophia.dyndns.rog) registered in 
>> second
>> - A calls B => communications is good (media is working)
>> - B hangup
>> - B unregistered => openser crash !
>>
>> This scenario is the same as the test 3 describe in my previous mail (cf.
>> below)
>>
>> If you need more explanations or more debug output, please tell me.
>>
>> I'm using openser-1.1.0-tls
>>
>> Hope this helps,
>> Christophe
>>  
>>
>> -----Message d'origine-----
>> De : devel-bounces at openser.org [mailto:devel-bounces at openser.org] De 
>> la part de Christophe Irles Envoyé : vendredi 17 novembre 2006 17:24 À 
>> : 'Klaus Darilion'
>> Cc : 'OpenSER_DEV'
>> Objet : RE: [Devel] Crash with openser 1.1.0 and TLS clients
>>
>> Hi Klaus,
>>
>> The context is: a minisip called A (uri:800 at test.test) with TLS calls 
>> another minisip called B (uri:810 at test.test) with TLS.
>> Always A registered first and B in second (the order is important)
>>
>> Test 1:
>> A and B unregistered => no crash
>> I restart openser and minisip A and B devices (to be sure to have the 
>> same configuration in each test)
>>
>> Test 2:
>> A calls B. Communication is good. A or B hang up (I test the both) A 
>> unregistered => openser is still working B unregistered => openser crash !
>> I restart openser and minisip A and B devices
>>
>> Test 3:
>> A calls B. Communication is good. A or B hang up (I test the both) B 
>> unregistered => openser crash !
>> I restart openser and minisip A and B devices
>>
>> Test 4:
>> A calls B. Communication is good. A or B hang up  (I test the both) B 
>> calls A. Communication is good. A or B hang up  (I test the both) 
>> Calls made several times => Communications are always good A 
>> unregistered => openser is still working B unregistered => openser crash !
>> I restart openser and minisip A and B devices
>>
>> Test 5:
>> A calls B. Communication is good. A or B hang up  (I test the both) B 
>> calls A. Communication is good. A or B hang up  (I test the both) 
>> Calls made several times => Communications are good B unregistered =>
> openser crash !
>> About ssldump, I need to compile it including the lib pcap. As soon as 
>> possible I will send you the entire dump.
>>
>> Please find below some comments about some of your previous remarks.
>>
>> Thanks,
>> Regards,
>> Christophe
>>
>> -----Message d'origine-----
>> De : Klaus Darilion [mailto:klaus.mailinglists at pernau.at]
>> Envoyé : mardi 14 novembre 2006 18:51
>> À : Christophe Irles
>> Cc : OpenSER_DEV
>> Objet : Re: [Devel] Crash with openser 1.1.0 and TLS clients
>>
>> Christophe Irles wrote:
>>> Hello,
>> Hi Christoph!
>>
>> Who is closing the SSL connection - openser or minisip?
>> [Chris] minisip is closing the connection.
>>
>> There are several things which look very strange:
>>
>>> Extract of the log file:
>>> 	19(26390) tls_close: Closing SSL connection
>>> 	19(26390) tls_update_fd: New fd is 42
>>> 	19(26390) INFO: signal 13 received
>> Why is there a signal 13 (SIGPIPE) ?
>> [Chris] I don't know ... But this occurs, each time the second minisip 
>> unregistered from openser
>>
>>> 	19(26390) tls_shutdown: First phase of 2-way handshake completed 
>>> succesfuly
>> Looks like openser shuts down the SSL connection [Chris] Actually it's 
>> minisip
>>
>>> 	19(26390) tls_tcpconn_clean: Entered
>>> 	19(26390) handle_tcp_child: reader response= b61c3f28, -2 from 2
>> Is openser reading from the closed SSL connection [Chris] I don't know ...
>> I'm compiling ssldump in order to have a dump with all packets
>>
>>> 	19(26390) tcpconn_destroy: destroying connection 0xb61c3f28, flags
>>> 0002
>>> 	19(26390) tls_close: Closing SSL connection
>> Is this the same TLS connection which will bel closed again?
>> [Chris] It's the second one created by the other minisip device
>>
>>> 	19(26390) tls_update_fd: New fd is 44
>>> 	19(26390) INFO: signal 13 received
>>> 	19(26390) tls_shutdown: First phase of 2-way handshake completed 
>>> succesfuly
>> If it would be the same SSL connection which will be closed here, 
>> there should not bee this message. Thus, I suspect there is another 
>> SSL connection open which will be closed here?
>> [Chris] It's the second one created by the other minisip device
>>
>>> 	19(26390) tls_tcpconn_clean: Entered
>>> 	*** glibc detected *** openser: free(): invalid pointer: 0x08788a38
>>
>> Christophe - can you please provide a tcpdump (capture file) and 
>> ssldump too? If its big, send it to me privately.
>> [Chris] I'm working on it
>>
>> regards
>> klaus
>>
>>
>>> ***
>>> 	======= Backtrace: =========
>>> 	/lib/libc.so.6[0x1741e0]
>>> 	/lib/libc.so.6(__libc_free+0x77)[0x17472b]
>>> 	/lib/libssl.so.5(kssl_ctx_free+0x82)[0x9c8317]
>>> 	/lib/libssl.so.5(SSL_free+0x165)[0x9be03e]
>>> 	openser(tls_tcpconn_clean+0x46)[0x80e2cd6]
>>> 	openser(_tcpconn_rm+0x2f0)[0x8093bd0]
>>> 	openser[0x80943dc]
>>> 	openser[0x8098e63]
>>> 	openser[0x8097461]
>>> 	openser[0x8099a63]
>>> 	openser(tcp_main_loop+0x55b)[0x809a1db]
>>> 	openser(main_loop+0x8e0)[0x806cd20]
>>> 	openser(main+0x16bb)[0x806e77b]
>>> 	/lib/libc.so.6(__libc_start_main+0xdf)[0x125d7f]
>>> 	openser[0x8051111]
>>> 	======= Memory map: ========
>>> 	00111000-00234000 r-xp 00000000 fd:02 289199     /lib/libc-2.3.6.so
>>> 	00234000-00236000 r-xp 00122000 fd:02 289199     /lib/libc-2.3.6.so
>>>
>>>
>>> 	Is this problem already corrected in the HEAD version of openSER ?
>>> Is anyone has the same problem with TLS clients and openSER 1.1.0 ?
>>>
>>> Thanks,
>>> Christophe
>>>
>>>
>>>       
>>>
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> -
>>> --
>>>
>>> _______________________________________________
>>> Devel mailing list
>>> Devel at openser.org
>>> http://openser.org/cgi-bin/mailman/listinfo/devel
>>
>> --
>> Klaus Darilion
>> nic.at
>>
>>
>> _______________________________________________
>> Devel mailing list
>> Devel at openser.org
>> http://openser.org/cgi-bin/mailman/listinfo/devel
> 
> 
> --
> Klaus Darilion
> nic.at


-- 
Klaus Darilion
nic.at

More information about the Devel mailing list