[Devel] Crash with openser 1.1.0 and TLS clients
Klaus Darilion
klaus.mailinglists at pernau.at
Thu Nov 23 18:06:19 CET 2006
I have tested send RST to openser on established TLS connections (with
openser CVS):
openser[16678]: handle_tcpconn_ev: data available on 0x405059c0 25
openser[16678]: DBG: io_watch_del (0x80eb800, 25, -1, 0x0) fd_no=18 called
openser[16678]: send2child: to tcp child 0 7(16674), 0x405059c0
openser[16674]: received n=4 con=0x405059c0, fd=20
openser[16674]: DBG: io_watch_add(0x80ebb40, 20, 2, 0x405059c0), fd_no=1
openser[16674]: tls_update_fd: New fd is 20
openser[16674]: _tls_read: Error in SSL:
openser[16674]: ERROR: tcp_read_req: error reading
openser[16674]: DBG: io_watch_del (0x80ebb40, 20, -1, 0x10) fd_no=2 called
openser[16674]: releasing con 0x405059c0, state -2, fd=20, id=6
openser[16674]: extra_data 0x4052fe58
openser[16678]: handle_tcp_child: reader response= 405059c0, -2 from 0
openser[16678]: tcpconn_destroy: destroying connection 0x405059c0, flags
0002
openser[16678]: tls_close: Closing SSL connection
openser[16678]: tls_update_fd: New fd is 25
openser[16678]: INFO: signal 13 received
openser[16678]: tls_shutdown: First phase of 2-way handshake completed
succesfuly
openser[16678]: tls_tcpconn_clean: Entered
Looks similar to your debugs, but my openser did not crashed. Can you
please test if this crash is really RST related? E.g. you can kill the
client 2 during the call. This should also generate RST (at least under
Windows).
regards
klaus
Klaus Darilion wrote:
> Hi Christophe!
>
> First observation (TCP dump): User Agent 1 is buggy. The R-URI of the
> ACK does not conatin the transport=tcp paramter (from the Contact line
> in the 200 OK), thus the ACK from proxy to client 2 is sent via UDP. the
> same happens for the BYE transaction.
>
>
> Now TLS - some analysis:
> There is the same problem as with TCP. The ACK and BYE are sent with UDP
> as the request URI misses the transport parameter. This time the SIP
> clients do not respond to the UDP packets. Hence, the BYE is sent from
> both clients with retransmissions.
>
> There are 3 TLS connections.
> 1. from client 1 to proxy which is used for REGISTER and outgoing
> INVITE/ACK/BYE
> 2. from client 2 to proxy which is used for REGISTER
> 3. from proxy to client 2 which is used for INVITE
>
> Packet 101: The 2nd clients starts to unregister.
>
> Packet 110 and 111: client 2 sends RST to proxy. Why does the client not
> terminate the TCP session with FIN?
>
> Packet 112: openser sends FIN to client 1 (is this due to the crash
> happend somewhere between #110 and #112?)
>
> Packet 116: client 1 re-establish the TLS session and openser accepts -
> is openser still listening on the TLS port or has it restarted and is
> working again?
>
> From the capture file it looks like there was no openser crash at all.
> Thus, if there happend to be a crash somewhere around #110 maybe openser
> can't handle receipt of RST properly?
>
> regards
> Klaus
>
>
>
> Christophe Irles wrote:
>>
>> Ok I create again dump files with exactly the same scenario. I test them
>> with wireshark successfully. Pb seems to come from the "txt" extension.
>>
>> The first dump file is based on SIP over TLS and the second is based
>> on SIP
>> over TCP.
>>
>> As I said previously when using TLS, openser crash but not in TCP (same
>> openser config, just a restart between each test)
>>
>> I notice in these two dump files something strange: some packets send by
>> openser are in UDP ! When they are send, the header "Record Route" is
>> composed of two lines: the last with the correct transport set (TCP or
>> TLS)
>> but the first one wihtout this information ...
>>
>> Hope this helps,
>> Christophe
>>
>> -----Message d'origine-----
>> De : Klaus Darilion [mailto:klaus.mailinglists at pernau.at] Envoyé :
>> mardi 21 novembre 2006 17:35
>> À : Christophe Irles
>> Cc : 'OpenSER_DEV'
>> Objet : Re: [Devel] Crash with openser 1.1.0 and TLS clients
>>
>> Hi!
>>
>> I can't open the dump in ethereal. Maybe it was broken because it was
>> named
>> .txt. Can you please resend it as .cap? (or zip)
>>
>> regards
>> klaus
>>
>> Christophe Irles wrote:
>>> Hi Klauss,
>>>
>>> Since ssldump is working not so well I used this option in my config
>>> file:
>>> tls_ciphers_list="NULL"
>>> I used tcpdump to have SIP messages as follow: tcpdump -vv -s 2000
>>> -i eth0 port 5061 -w dump.txt (cf. attached file)
>>>
>>> In this file, you will find this scenario:
>>> - Device A (known as uri 800 at sbcsipsophia.dyndns.rog) registered first
>>> - Device B (known as uri 810 at sbcsipsophia.dyndns.rog) registered in
>>> second
>>> - A calls B => communications is good (media is working)
>>> - B hangup
>>> - B unregistered => openser crash !
>>>
>>> This scenario is the same as the test 3 describe in my previous mail
>>> (cf.
>>> below)
>>>
>>> If you need more explanations or more debug output, please tell me.
>>>
>>> I'm using openser-1.1.0-tls
>>>
>>> Hope this helps,
>>> Christophe
>>>
>>>
>>> -----Message d'origine-----
>>> De : devel-bounces at openser.org [mailto:devel-bounces at openser.org] De
>>> la part de Christophe Irles Envoyé : vendredi 17 novembre 2006 17:24
>>> À : 'Klaus Darilion'
>>> Cc : 'OpenSER_DEV'
>>> Objet : RE: [Devel] Crash with openser 1.1.0 and TLS clients
>>>
>>> Hi Klaus,
>>>
>>> The context is: a minisip called A (uri:800 at test.test) with TLS calls
>>> another minisip called B (uri:810 at test.test) with TLS.
>>> Always A registered first and B in second (the order is important)
>>>
>>> Test 1:
>>> A and B unregistered => no crash
>>> I restart openser and minisip A and B devices (to be sure to have the
>>> same configuration in each test)
>>>
>>> Test 2:
>>> A calls B. Communication is good. A or B hang up (I test the both) A
>>> unregistered => openser is still working B unregistered => openser
>>> crash !
>>> I restart openser and minisip A and B devices
>>>
>>> Test 3:
>>> A calls B. Communication is good. A or B hang up (I test the both) B
>>> unregistered => openser crash !
>>> I restart openser and minisip A and B devices
>>>
>>> Test 4:
>>> A calls B. Communication is good. A or B hang up (I test the both) B
>>> calls A. Communication is good. A or B hang up (I test the both)
>>> Calls made several times => Communications are always good A
>>> unregistered => openser is still working B unregistered => openser
>>> crash !
>>> I restart openser and minisip A and B devices
>>>
>>> Test 5:
>>> A calls B. Communication is good. A or B hang up (I test the both) B
>>> calls A. Communication is good. A or B hang up (I test the both)
>>> Calls made several times => Communications are good B unregistered =>
>> openser crash !
>>> About ssldump, I need to compile it including the lib pcap. As soon
>>> as possible I will send you the entire dump.
>>>
>>> Please find below some comments about some of your previous remarks.
>>>
>>> Thanks,
>>> Regards,
>>> Christophe
>>>
>>> -----Message d'origine-----
>>> De : Klaus Darilion [mailto:klaus.mailinglists at pernau.at]
>>> Envoyé : mardi 14 novembre 2006 18:51
>>> À : Christophe Irles
>>> Cc : OpenSER_DEV
>>> Objet : Re: [Devel] Crash with openser 1.1.0 and TLS clients
>>>
>>> Christophe Irles wrote:
>>>> Hello,
>>> Hi Christoph!
>>>
>>> Who is closing the SSL connection - openser or minisip?
>>> [Chris] minisip is closing the connection.
>>>
>>> There are several things which look very strange:
>>>
>>>> Extract of the log file:
>>>> 19(26390) tls_close: Closing SSL connection
>>>> 19(26390) tls_update_fd: New fd is 42
>>>> 19(26390) INFO: signal 13 received
>>> Why is there a signal 13 (SIGPIPE) ?
>>> [Chris] I don't know ... But this occurs, each time the second
>>> minisip unregistered from openser
>>>
>>>> 19(26390) tls_shutdown: First phase of 2-way handshake completed
>>>> succesfuly
>>> Looks like openser shuts down the SSL connection [Chris] Actually
>>> it's minisip
>>>
>>>> 19(26390) tls_tcpconn_clean: Entered
>>>> 19(26390) handle_tcp_child: reader response= b61c3f28, -2 from 2
>>> Is openser reading from the closed SSL connection [Chris] I don't
>>> know ...
>>> I'm compiling ssldump in order to have a dump with all packets
>>>
>>>> 19(26390) tcpconn_destroy: destroying connection 0xb61c3f28, flags
>>>> 0002
>>>> 19(26390) tls_close: Closing SSL connection
>>> Is this the same TLS connection which will bel closed again?
>>> [Chris] It's the second one created by the other minisip device
>>>
>>>> 19(26390) tls_update_fd: New fd is 44
>>>> 19(26390) INFO: signal 13 received
>>>> 19(26390) tls_shutdown: First phase of 2-way handshake completed
>>>> succesfuly
>>> If it would be the same SSL connection which will be closed here,
>>> there should not bee this message. Thus, I suspect there is another
>>> SSL connection open which will be closed here?
>>> [Chris] It's the second one created by the other minisip device
>>>
>>>> 19(26390) tls_tcpconn_clean: Entered
>>>> *** glibc detected *** openser: free(): invalid pointer: 0x08788a38
>>>
>>> Christophe - can you please provide a tcpdump (capture file) and
>>> ssldump too? If its big, send it to me privately.
>>> [Chris] I'm working on it
>>>
>>> regards
>>> klaus
>>>
>>>
>>>> ***
>>>> ======= Backtrace: =========
>>>> /lib/libc.so.6[0x1741e0]
>>>> /lib/libc.so.6(__libc_free+0x77)[0x17472b]
>>>> /lib/libssl.so.5(kssl_ctx_free+0x82)[0x9c8317]
>>>> /lib/libssl.so.5(SSL_free+0x165)[0x9be03e]
>>>> openser(tls_tcpconn_clean+0x46)[0x80e2cd6]
>>>> openser(_tcpconn_rm+0x2f0)[0x8093bd0]
>>>> openser[0x80943dc]
>>>> openser[0x8098e63]
>>>> openser[0x8097461]
>>>> openser[0x8099a63]
>>>> openser(tcp_main_loop+0x55b)[0x809a1db]
>>>> openser(main_loop+0x8e0)[0x806cd20]
>>>> openser(main+0x16bb)[0x806e77b]
>>>> /lib/libc.so.6(__libc_start_main+0xdf)[0x125d7f]
>>>> openser[0x8051111]
>>>> ======= Memory map: ========
>>>> 00111000-00234000 r-xp 00000000 fd:02 289199 /lib/libc-2.3.6.so
>>>> 00234000-00236000 r-xp 00122000 fd:02 289199 /lib/libc-2.3.6.so
>>>>
>>>>
>>>> Is this problem already corrected in the HEAD version of openSER ?
>>>> Is anyone has the same problem with TLS clients and openSER 1.1.0 ?
>>>>
>>>> Thanks,
>>>> Christophe
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> -
>>>> --
>>>>
>>>> _______________________________________________
>>>> Devel mailing list
>>>> Devel at openser.org
>>>> http://openser.org/cgi-bin/mailman/listinfo/devel
>>>
>>> --
>>> Klaus Darilion
>>> nic.at
>>>
>>>
>>> _______________________________________________
>>> Devel mailing list
>>> Devel at openser.org
>>> http://openser.org/cgi-bin/mailman/listinfo/devel
>>
>>
>> --
>> Klaus Darilion
>> nic.at
>
>
--
Klaus Darilion
nic.at
More information about the Devel
mailing list