[sr-dev] [SR-Users] Kamailio stop to process incoming SIP traffic via TCP.
Richard Fuchs
rfuchs at sipwise.com
Thu Apr 11 17:14:41 CEST 2019
Hi,
(X-posted to sr-dev as this is getting into the nitty gritty)
As a short-term workaround for this, I've been playing with the
preloaded library approach to hijack the pthread mutex calls and force
them to provide process-shared mutexes. AFAICT this seems to be working
and only has the minuscule performance impact of using slower
process-shared mutexes in all instances, even when they aren't required.
The code for the preloaded library itself is very short and simple:
https://gist.github.com/rfuchs/1bb7348b6acbe37e557d94c2f69a1498
As a more complete patch that integrates it into the build system
(probably badly):
https://gist.github.com/rfuchs/b240ffe87938a45e6f2a4cf53fe29f17
Finally it requires adding it to the startup script, for example in a
systemd service file as:
Environment='LD_PRELOAD=/usr/lib/x86_64-linux-gnu/kamailio/openssl_mutex_shared/openssl_mutex_shared.so'
(that's with a hard coded path which isn't optimal of course).
I don't consider this a proper fix, but only a hacky workaround, but it
might be a solution for the very near future. Throwing it out there in
case other people have been working on similar approaches, and/or maybe
have some comments about this.
Cheers
On 01/04/2019 04.52, Daniel-Constantin Mierla wrote:
> Hello,
>
> an update on this issue -- I spent a bit of time looking at
> libssl/libcrypto library and the problem can be the type of mutexes they
> use now internally starting with v1.1, respectively the pthread mutex.
> They are not process shared and kamailio is a multi-process application,
> working with the same tls connection from multiple processes.
>
> Today I wrote to openssl mailing list, waiting now to see if I get any
> hints from there.
>
> Cheers,
> Daniel
>
> On 01.04.19 10:33, Kristijan Vrban wrote:
>> Hi Andrew,
>>
>> yes, with openssl 1.0.2 Kamailio is now up and running since five
>> days. Looks good so far.
>>
>> Kristijan
>>
>> Am Do., 28. März 2019 um 11:09 Uhr schrieb Andrew Pogrebennyk
>> <apogrebennyk at sipwise.com>:
>>> On 3/26/19 3:52 PM, Kristijan Vrban wrote:
>>>>> Just curious, did you get to compile with OpenSSL 1.0 and test?
>>>> Just compiled with OpenSSL 1.0 . Gone test now.
>>> Kristijan,
>>> any new occurrences since you have recompiled kamailio with openssl 1.0?
>>>
>>> Regards,
>>> Andrew
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
More information about the sr-dev
mailing list