[OpenSER-Devel] [ openser-Bugs-1838923 ] dialog: crash on server restart if dialog db is dbtext

SourceForge.net noreply at sourceforge.net
Thu Dec 6 07:48:24 UTC 2007


Bugs item #1838923, was opened at 2007-11-26 21:31
Message generated for change (Comment added) made by miconda
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1838923&group_id=139143

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Ovidiu Sas (osas)
Assigned to: Daniel-Constantin Mierla (miconda)
Summary: dialog: crash on server restart if dialog db is dbtext

Initial Comment:
If dialog module is using the dbtext database as a backend storage, on restart it will crash the server.

It seems that the issue is related to the callee_cseq(string) field.

# openserctl fifo dlg_list
database engine 'DBTEXT' loaded
Control engine 'FIFO' loaded
entering fifo_cmd dlg_list
dialog::  hash=777:1199660830
	state:: 4
	timestart:: 10
	timeout:: 130
	callid:: 5d4bfc7e7b789251d130deb0d5cd2fd6
	from_uri:: sip:4165863567 at 10.11.10.63
	from_tag:: e761d53
	caller_contact:: sip:4165863567 at 10.11.128.129
	caller_cseq:: 100
	caller_route_set:: 
	caller_bind_addr:: udp:10.11.10.63:5060
	to_uri:: sip:4169771414 at 10.11.10.63
	to_tag:: AFF02000-797
	callee_contact:: sip:4169771414 at 10.111.3.241:5060
	callee_cseq:: 100
	callee_route_set:: 
	callee_bind_addr:: udp:10.11.10.63:5060
FIFO command was:
:dlg_list:openser_receiver_21824


and on the db we have:
id(int,auto) hash_entry(int) hash_id(int) callid(string) from_uri(string) from_tag(string) to_uri(string) to_tag(string) caller_cseq(string) callee_cseq(string) caller_route_set(string,null) callee_route_set(string,null) caller_contact(string) callee_contact(string) caller_sock(string) callee_sock(string) state(int) start_time(int) timeout(int)
1:777:1199660830:5d4bfc7e7b789251d130deb0d5cd2fd6:sip\:4165863567 at 10.11.10.63:e761d53:sip\:4169771414 at 10.11.10.63:AFF02000-797:100:1005060\r:::sip\:4165863567 at 10.11.128.129:sip\:4169771414 at 10.111.3.241\:5060:udp\:10.11.10.63\:5060:udp\:10.11.10.63\:5060:4:10:1196107993


The value of callee_cseq(string) seems to be wrong:
callee_cseq(string) -> 1005060\r


Here's the backtrace:
(gdb) bt
#0  0x40235541 in load_dialog_info_from_db () from /usr/local/lib/openser/modules/dialog.so
#1  0x40234362 in init_dlg_db () from /usr/local/lib/openser/modules/dialog.so
#2  0x4023343f in mod_init () from /usr/local/lib/openser/modules/dialog.so
#3  0x0809940f in init_mod ()
#4  0x08099356 in init_mod ()
#5  0x08099356 in init_mod ()
#6  0x08099717 in init_modules ()
#7  0x08064e18 in main ()


Regards,
Ovidiu Sas

----------------------------------------------------------------------

>Comment By: Daniel-Constantin Mierla (miconda)
Date: 2007-12-06 09:48

Message:
Logged In: YES 
user_id=1246013
Originator: NO

Thanks. Good catch. Patch applied on SVN. Ovidiu please test and see if
the issue is fixed.

----------------------------------------------------------------------

Comment By: Salahuddin Ahmed (rubel001)
Date: 2007-12-06 07:46

Message:
Logged In: YES 
user_id=1953307
Originator: NO

I think following patch will solve the problem of cseq(string) is
malformed when saved into the db.
Cseq value which is coming from the dialog module is not a null terminated
string, but in the 
file dbt_tb.c, strlen() function is used to get the lenght of cseq value.
Thus the cseq string is 
malformed. 

File:   openser-1.2.2-notls/modules/dbtext/dbt_tb.c

patch:
======================================================
--- dbt_tb.c    2007-12-02 12:27:31.000000000 +0600
+++ dbt_tb.c    2007-12-05 21:34:14.000000000 +0600
@@ -382,7 +382,10 @@
                                       
shm_free(_drp->fields[_idx].val.str_val.s);

                                _drp->fields[_idx].type = _t;
-                              
_drp->fields[_idx].val.str_val.len=strlen(_vp->val.string_val);
+                               if(_vp->type==DB_STR)
+                                
_drp->fields[_idx].val.str_val.len=_vp->val.str_val.len;
+                               else
+                                
_drp->fields[_idx].val.str_val.len=strlen(_vp->val.string_val);

                                _drp->fields[_idx].val.str_val.s =
                                       
(char*)shm_malloc(_drp->fields[_idx].val.str_val.len
=====================================================================================================

Regards,

Salah Uddin Ahmed
e-mail: bd.ruble [at] gmail [dot] com




----------------------------------------------------------------------

Comment By: Daniel-Constantin Mierla (miconda)
Date: 2007-12-05 14:35

Message:
Logged In: YES 
user_id=1246013
Originator: NO

Hello Ovidiu,

I followed your steps and couldn't reporduce the case. The content of the
dialog table is ok regarding the CSeq numbers. See below. I would need a
full log output with debug 9. If I cannot spot it there, I will add some
extra debug messages, that hopefully will give some hints.

id(int,auto) hash_entry(int) hash_id(int) callid(string) from_uri(string)
from_tag(string) to_uri(string) to_tag(string) caller_cseq(string)
callee_cseq(string) caller_route_set(string,null)
callee_route_set(string,null) caller_contact(string) callee_contact(string)
caller_sock(string) callee_sock(string) state(int) start_time(int)
timeout(int)
1:3344:547247909:231f53-51c70046 at 192.168.2.5:sip\:345 at 192.168.2.23:1555dbef2e640c5ao0:sip\:123 at 192.168.2.23:485C9B8:101:101:::sip\:345 at 192.168.2.5\:5042:sip\:123 at 192.168.2.23\:5062;transport=udp:udp\:192.168.2.23\:5060:udp\:192.168.2.23\:5060:4:82:1196857348

----------------------------------------------------------------------

Comment By: Ovidiu Sas (osas)
Date: 2007-12-03 18:18

Message:
Logged In: YES 
user_id=1395524
Originator: YES

Data in the dbtext file is such after shutdown.

Steps to reproduce the problem:
Install the dbtext database:

Content of /usr/local/etc/openser/openserctlrc
==============================================
#SIP_DOMAIN=

## database type: MYSQL, PGSQL or DBTEXT, by default none is loaded
DBENGINE=DBTEXT

## database host
DBHOST=localhost

## database name
DBNAME=openser

# database path used by dbtext or db_berkeley
DB_PATH="/usr/local/etc/openser/dbtext"

## database read/write user
DBRWUSER=openser

## password for database read/write user
# DBRWPW="openserrw"

## database read only user
DBROUSER=openserro

## password for database read only user
DBROPW=openserro

## database super user
DBROOTUSER="root"

<EOF>


Create db: `openserdbctl create'
================================


Content of /usr/local/etc/openser/openser.cfg
=============================================
# cat /usr/local/etc/openser/openser.cfg
# ----------- global configuration parameters ------------------------
debug=9            # debug level (cmd line: -dddddddddd)
fork=yes
log_stderror=no    # (cmd line: -E)
children=1

disable_tcp=yes
log_name="oser"

# ------------------ module loading ----------------------------------
mpath="/usr/local/lib/openser/modules/"
loadmodule "dbtext.so"
modparam("dbtext", "db_mode", 1)

loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "rr.so"
loadmodule "maxfwd.so"
loadmodule "textops.so"


loadmodule "mi_fifo.so"
modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")

loadmodule "usrloc.so"
modparam("usrloc", "db_url", "dbtext:///usr/local/etc/openser/dbtext")
modparam("usrloc", "db_mode", 2)

loadmodule "registrar.so"

loadmodule "dialog.so"
modparam("dialog", "dlg_flag", 4)
modparam("dialog", "timeout_avp", "$avp(i:10)")
modparam("dialog", "default_timeout", 100)
modparam("dialog", "db_url", "dbtext:///usr/local/etc/openser/dbtext")
modparam("dialog", "db_mode", 1)
# -------------------------  request routing logic -------------------

# main routing logic

route{
	if (!mf_process_maxfwd_header("10")) {
		sl_send_reply("483","Too Many Hops");
		exit;
	};

	if (msg:len >=  2048 ) {
		sl_send_reply("513", "Message too big");
		exit;
	};

	if (!method=="REGISTER")
		record_route();

	if (loose_route()) {
		# mark routing logic in request
		append_hf("P-hint: rr-enforced\r\n"); 
		route(1);
	};

	if (!uri==myself) {
		# mark routing logic in request
		append_hf("P-hint: outbound\r\n"); 
		route(1);
	};

	if (uri==myself) {

		if (method=="REGISTER") {
			save("location");
			exit;
		};

		# Here we set the dialog/qos flag
		setflag(4);

		# native SIP destinations are handled using our USRLOC DB
		if (!lookup("location")) {
			sl_send_reply("404", "Not Found");
			exit;
		};
		append_hf("P-hint: usrloc applied\r\n"); 
	};

	route(1);
}


route[1] {
	# send it out now; use stateful forwarding as it works reliably
	# even for UDP2TCP
	if (!t_relay()) {
		sl_reply_error();
	};
	exit;
}

<EOF>

The dialog timeout was set to 100s.
Make a call between two register user.
As soon as you are in conversation, check the state of the dialog:
`openserctl fifo dlg_list'
Stop openser: `openserctl stop'
Hang up and wait for the BYE to timeout for both phones ....
Check the content of the dialog dbtext table: `less
/usr/local/etc/openser/dbtext/dialog'
The callee_cseq(string) should be mallformed.

Restart openser: `openserctl start'
The dialog should be expired, but it is still present in memory (see the
other dialog bug).
Even if we terminate the dialog via the openserct fifo dlg_end_dlg, the
dialog is not removed from the memory.


Regards,
Ovidiu Sas

----------------------------------------------------------------------

Comment By: Daniel-Constantin Mierla (miconda)
Date: 2007-12-03 13:30

Message:
Logged In: YES 
user_id=1246013
Originator: NO

Trying to identify eliminate some cases ... have you restarted the
openser? Or the data in the dbtext file is such just after shutdown, with
now prior restart with this dialog being active.

----------------------------------------------------------------------

Comment By: Ovidiu Sas (osas)
Date: 2007-11-30 16:53

Message:
Logged In: YES 
user_id=1395524
Originator: YES

Hi Daniel,

I tested the patch ok.  openser is no longer crashing on restart.
I will need to investigate more why the callee_cseq(string) is malformed
when saved into the db.

Regards,
Ovidiu Sas

----------------------------------------------------------------------

Comment By: Daniel-Constantin Mierla (miconda)
Date: 2007-11-30 12:22

Message:
Logged In: YES 
user_id=1246013
Originator: NO

Could you try the attached patch? Let's see if there are other side
effects before committing.
File Added: dialog-getstrvar.diff

----------------------------------------------------------------------

Comment By: Ovidiu Sas (osas)
Date: 2007-11-29 18:17

Message:
Logged In: YES 
user_id=1395524
Originator: YES

small update:

as soon as I inserted some bigus values into the db for route_set it is no
longer crashing:
caller_route_set(string,null) callee_route_set(string,null)
:1:2:

So this crash is related to the null value of
caller_route_set(string,null) callee_route_set(string,null) inside the
dbtext.

----------------------------------------------------------------------

Comment By: Ovidiu Sas (osas)
Date: 2007-11-29 18:07

Message:
Logged In: YES 
user_id=1395524
Originator: YES

Hi Daniel,

It is crashing on load_dialog_info_from_db:
GET_STR_VALUE(rroute1, values, 12);
while it is trying to get an empty value from the db:
caller_route_set(string,null) callee_route_set(string,null)
:::

The db_mode param doesn't seem to affect the beahaviour (we have a crash
with both modes).

It is strange, I don't do any stripping and my modules are stripped (this
is a debian box and I do `make install').  I will investigate more on this
issue.

----------------------------------------------------------------------

Comment By: Daniel-Constantin Mierla (miconda)
Date: 2007-11-29 13:33

Message:
Logged In: YES 
user_id=1246013
Originator: NO

Might be related to dbtext storage engine, can you get the core with
debugging info, so we see exactly the line in files where it crashes and
investigate more of the core file?

How dbtext was configured? cached or non-cached mode?

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1838923&group_id=139143



More information about the Devel mailing list