[OpenSER-Devel] [ openser-Bugs-1755943 ] openser 1.2.1 with TLS crashing

SourceForge.net noreply at sourceforge.net
Wed Jul 18 10:31:13 CEST 2007 

Bugs item #1755943, was opened at 2007-07-18 10:18
Message generated for change (Comment added) made by lefant
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1755943&group_id=139143

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: ver 1.2.x
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Nobody/Anonymous (nobody)
Summary: openser 1.2.1 with TLS crashing

Initial Comment:

my openser 1.2.1 from the debian package (recompiled with TLS support)
crashes from time to time. i have not yet been able to reproduce it
systematically.

see log.txt for the last log entries (nothing special before, some
regular debug messages about successful registration requests).

openser.cfg is my config.


if you have any suggestions to help me work around this (disable tcp /
TLS for production for now?) and or pinpoint it so it can get fixed,
please let me know.


thanks,

  fabian linzberger

<e AT lefant DOT net>


----------------------------------------------------------------------

Comment By: Fabian Linzberger (lefant)
Date: 2007-07-18 10:31

Message:
Logged In: YES 
user_id=1345822
Originator: NO

(after managing to recover my sf credentials and logging in) this is
actually my bug report ;)

----------------------------------------------------------------------

Comment By: Nobody/Anonymous (nobody)
Date: 2007-07-18 10:24

Message:
Logged In: NO 

still getting used to the sf bug tracker, find my openser.cfg below...
(ips XXXXXXed out)


### general daemon specific stuff
########################################

debug=3
log_facility=LOG_LOCAL0

children=4

alias=mm-karton.com


# tls config
disable_tls = 0
listen = tls:voice-vie-registrar01.vie.mm-karton.com:5061
tls_verify_server = 1
tls_verify_client = 0
tls_require_client_certificate = 0
tls_method = TLSv1
tls_certificate =
"/etc/openser/voice-vie-registrar01.vie.mm-karton.com_crt.pem"
tls_private_key =
"/etc/openser/voice-vie-registrar01.vie.mm-karton.com_key.pem"
tls_ca_list = "/etc/ssl/certs/mmagca_crt.pem"



### module config
########################################

mpath="/usr/lib/openser/modules/"

loadmodule "postgres.so"
loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "maxfwd.so"
loadmodule "textops.so"
loadmodule "tlsops.so"

loadmodule "xlog.so"

loadmodule "mi_fifo.so"
modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")

loadmodule "rr.so"
modparam("rr", "enable_full_lr", 1)

loadmodule "usrloc.so"
modparam("usrloc", "db_url", "postgres://openser:@localhost/openserloc")
modparam("usrloc", "timer_interval", 120)
modparam("usrloc", "db_mode",   3)

loadmodule "registrar.so"
modparam("registrar", "path_mode", 0)
modparam("registrar", "use_path", 1)
modparam("registrar", "append_branches", 1)

loadmodule "auth.so"
modparam("auth", "realm_prefix", "sip.")

loadmodule "auth_db.so"
modparam("auth_db", "db_url", "postgres://openserro:@localhost/openser")
modparam("auth_db", "use_domain", 1)
# currently passwords stored in plain text in database...
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")

loadmodule "alias_db.so"
modparam("alias_db", "db_url", "postgres://openserro:@localhost/openser")
modparam("alias_db", "use_domain", 1)
#modparam("alias_db", "domain_prefix", "sip.")

loadmodule "lcr.so"
modparam("lcr", "db_url", "postgres://openserro:@localhost/openser")
modparam("lcr", "gw_uri_avp", "1400")
modparam("lcr", "ruri_user_avp", "1402")
modparam("lcr", "contact_avp", "1401")
modparam("lcr", "fr_inv_timer_avp", "s:fr_inv_timer_avp")
modparam("lcr", "fr_inv_timer", 90)
modparam("lcr", "fr_inv_timer_next", 30)
modparam("lcr", "rpid_avp", "s:rpid")


#loadmodule "textops.so"



### routing logic
########################################

route{

	# initial sanity checks -- messages with
	# max_forwards==0, or excessively long requests
	if (!mf_process_maxfwd_header("10")) {
		sl_send_reply("483","Too Many Hops");
		exit;
	};

	# if (msg:len >=  4096 ) {
	#	sl_send_reply("513", "Message too big");
	#	exit;
	#};

   if (is_method("REGISTER") || is_method("SUBSCRIBE")) {
   } else {
      xlog("L_INFO", "BEFORE routing: [$rm] for [$ru] from [$fu] to
[$tu]");
   };

   # we record-route all messages -- to make sure that
	# subsequent messages will go through our proxy; that's
	# particularly good if upstream and downstream entities
	# use different transport protocol
	if (!method=="REGISTER")
	   record_route();

	# subsequent messages withing a dialog should take the
	# path determined by record-routing
	if (loose_route()) {
		# mark routing logic in request
		append_hf("P-hint: rr-enforced\r\n"); 
		route(1);
	};


   # FIXME relaying to peer master
   # FIXME no ip addresses allowed!
   #if (is_peer_verified()) {
   if (((src_ip=="XXXXXXXXXXX") || (src_ip=="XXXXXXXXXXXX")) ||
(src_ip=="XXXXXXXXXXX")) {
      if (is_method("REGISTER")) {
         route(2);
#      } else if (is_method("SUBSCRIBE")) {
#         route(1);
      } else if ((is_method("INVITE")) || (is_method("SUBSCRIBE"))) {
         xlog("L_INFO", "from leaf INVITE [$ru] from [$fu] to [$tu]:
looking up location");
         if (lookup("location")) {
            route(3);
   		} else if(uri =~ "^sip:[0-9]+@") {
		    	# only route numeric users to PSTN
			   if(!load_gws())
			   {
					xlog("L_ERR", "Error loading PSTN gateways - M=$rm RURI=$ru F=$fu
T=$tu IP=$si ID=$ci\n");
				   sl_send_reply("503", "PSTN Termination Currently Unavailable");
				   exit;
   			}
	   		if(!next_gw())
		   	{
			   	xlog("L_ERR", "No PSTN gateways available - M=$rm RURI=$ru F=$fu
T=$tu IP=$si ID=$ci\n");
				   sl_send_reply("503", "PSTN Termination Currently Unavailable");
				   exit;
			   }
   			t_on_failure("1");
	   		route(1);
		   } else {
            route(1);
         };
      } else {
         route(1);
      };
   } else {
      xlog("L_INFO", "UNAUTHORIZED COMMUNICATION DETECTED!!! [$rm] for
[$ru] dest [$du] from [$fu] to [$tu] cseq [$cs] network src [$si] [$sp]
proto [$oP]");
   }

   exit;
}


route[1] {
	# send it out now; use stateful forwarding as it works reliably
	# even for UDP2TCP
	if (!t_relay()) {
		sl_reply_error();
	};
	exit;
}


route[2] {
   #if (!www_authorize("mm-karton.com", "subscriber")) {
   #   www_challenge("mm-karton.com", "0");
   #   exit;
   #};
   xlog("L_INFO", "from leaf REGISTER [$ru] from [$fu] to [$tu] saving");
   save("location");

   # FIXME: send to second local master server (doesn't exist yet)
   #if (!src_ip=="10.1.128.167") {
   #  
t_replicate("sip:voice-vie-ast03.vie.mm-karton.com:5061;transport=tls");
   #   t_release();
   #};
   exit;
}


# relay invite to branch office
route[3] {
   t_on_failure("3");
   route(1);
}
failure_route[3] {
   # fallback routing
   xlog("L_INFO", "from snoms INVITE [$ru] from [$fu] to [$tu]: relay to
master failed, fallback!");

   # fallback alias lookup
   alias_db_lookup("fbaliases");
   xlog("L_INFO", "from snoms INVITE [$ru] from [$fu] to [$tu]: relay to
master fallback, after alias lookup");

   route(1);
}


# Request route 'base-filter-failover'
route[4]
{
	if(!t_check_status("408|500|503"))
	{
		xlog("L_INFO", "No failover routing needed for this response code -
M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n");
		exit;
	}
}

failure_route[1]
{
	xlog("L_INFO", "Failure route for PSTN entered - M=$rm RURI=$ru F=$fu
T=$tu IP=$si ID=$ci\n");
	route(18);
	if(!next_gw())
	{
		xlog("L_ERR", "Failed to select next PSTN gateway - M=$rm RURI=$ru F=$fu
T=$tu IP=$si ID=$ci\n");
		exit;
	}
	t_on_failure("1");
	route(1);
}


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1755943&group_id=139143

More information about the Devel mailing list