[sr-dev] [kamailio/kamailio] TLS: same TLSc is used for different outbound connection when it is switched with tls_set_connect_server_id() (#2760)
arkadiam
notifications at github.com
Thu Jun 3 18:56:15 CEST 2021
### Description
Thank you for implementing #2413, I'm looking forward to use it.
I was trying it on a dev system. It works fine when the same TLS client needs to be selected for ALL connections.
Having issue with it when connection expected to alternate between multiple configured TLS clients.
When configured as bellow and event_route alternates between connections (like in logs bellow) connection is always using TLSc with one of the server-ids, e.g. "domain-02".
It looks like it's a race between setting server id in event_route and a "thread" that starts TLS client. In my observations only one TLS client is used.
Expecting: each outbound connection use TLSc as it was set by tls_set_connect_server_id().
```
event_route[tm:local-request] {
if (is_method("OPTIONS")) {
$var(contact) = "Contact: <sip:" + $fd + ":5061;transport=tls>\r\n";
append_hf("$var(contact)");
if ($fd == "domain-01") {
tls_set_connect_server_id("domain-01");
xlog("L_INFO", "ID=$ci|tls_set_connect_server_id(domain-01)\n");
} else if ($fd == "domain-02") {
tls_set_connect_server_id("domain-02");
xlog("L_INFO", "ID=$ci|tls_set_connect_server_id(domain-02)\n");
}
}
}
```
Dispatcher configured as:
```
loadmodule "dispatcher.so"
modparam("dispatcher", "list_file", "/etc/kamailio/dispatcher.list")
modparam("dispatcher", "ds_probing_mode", 1)
modparam("dispatcher", "ds_ping_interval", 60)
```
With records like:
```
1 sip:sip1.host.com;transport=tls 0 1 socket=tls:111.222.233.11:5061;ping_from=sip:my-domain-01.com
1 sip:sip2.host.com;transport=tls 0 2 socket=tls:111.222.233.12:5061;ping_from=sip:my-domain-01.com
1 sip:sip3.host.com;transport=tls 0 3 socket=tls:111.222.233.13:5061;ping_from=sip:my-domain-01.com
2 sip:sip1.host.com;transport=tls 0 1 socket=tls:111.222.233.21:5061;ping_from=sip:my-domain-02.com
2 sip:sip2.host.com;transport=tls 0 2 socket=tls:111.222.233.22:5061;ping_from=sip:my-domain-02.com
2 sip:sip3.host.com;transport=tls 0 3 socket=tls:111.222.233.23:5061;ping_from=sip:my-domain-02.com
```
#### Log Messages
```
Jun 3 11:57:44 INFO: <script>: ID=4eadda397f10fcb1-948 at 1.2.3.4|tls_set_connect_server_id(domain-02)
Jun 3 11:57:44 INFO: <script>: ID=4eadda397f10fcb2-948 at 1.2.3.4|tls_set_connect_server_id(domain-01)
Jun 3 11:57:44 INFO: <script>: ID=4eadda397f10fcb3-948 at 1.2.3.4|tls_set_connect_server_id(domain-02)
Jun 3 11:57:44 INFO: <script>: ID=4eadda397f10fcb4-948 at 1.2.3.4|tls_set_connect_server_id(domain-01)
Jun 3 11:57:44 INFO: <script>: ID=4eadda397f10fcb5-948 at 1.2.3.4|tls_set_connect_server_id(domain-02)
Jun 3 11:57:44 INFO: <script>: ID=4eadda397f10fcb6-948 at 1.2.3.4|tls_set_connect_server_id(domain-01)
```
### Additional Information
* **Kamailio Version** - output of `kamailio -v`
```
version: kamailio 5.5.0 (x86_64/linux)
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: unknown
compiled with gcc 7.5.0
```
* **Operating System**:
```
Linux dev03 4.15.0-143-generic #147-Ubuntu SMP Wed Apr 14 16:10:11 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Ubuntu 18.04.5 LTS
```
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2760
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20210603/905f9854/attachment.htm>
More information about the sr-dev
mailing list