[Users] TLS and dead tcp child
Bogdan-Andrei Iancu
bogdan at voice-system.ro
Mon Mar 5 23:03:08 CET 2007
Hi,
I found the bug - it is in the openssl, int kerberos part (using wrong
malloc functions in openssl and kerberos leads to inconsistent date in
multiprocess environment).
The problem showed up so rear as openssl in most of the distros is
compiled without kerberos support. On FC, it is included.
I will come back tomorrow with more info and a patch to fix this.
regards,
Bogdan
Bogdan-Andrei Iancu wrote:
> Hi Paulo,Hi Ohad,
>
> could you please send me the output of
>
> >\ openssl ciphers
>
> from your machines?
>
>
> regards,
> bogdan
>
> Paulo Angonese wrote:
>> My version of krb5-libs is krb5-libs-1.4.1-5. The newest for FC4...
>>
>>
>> Paulo Angonese escreveu:
>>> Bogdan, here is the bt:
>>>
>>> $ gdb /usr/local/sbin/openser core.9999
>>>
>>> ....
>>>
>>> #0 0x00c63b87 in strchr () from /lib/libc.so.6
>>> #1 0x0033dc53 in krb5_kt_resolve () from /usr/lib/libkrb5.so.3
>>> #2 0x003cf5a0 in kssl_keytab_is_available () from /lib/libssl.so.5
>>> #3 0x003bbc4c in ssl3_choose_cipher () from /lib/libssl.so.5
>>> #4 0x003b73c0 in ssl3_accept () from /lib/libssl.so.5
>>> #5 0x003c4eba in SSL_accept () from /lib/libssl.so.5
>>> #6 0x080e1dc9 in tls_accept (c=0xb616b490) at tls/tls_server.c:236
>>> #7 0x080e35cc in tls_fix_read_conn (c=0xb616b490) at
>>> tls/tls_server.c:872
>>> #8 0x0809c428 in tcp_read_req (con=0xb616b490,
>>> bytes_read=0xbfad8448) at tcp_read.c:411
>>> #9 0x0809c7a7 in handle_io (fm=0x814e1b0, idx=-1) at tcp_read.c:772
>>> #10 0x0809dbf3 in io_wait_loop_epoll (h=0x8113020, t=Variable "t" is
>>> not available.
>>> ) at io_wait.h:722
>>> #11 0x0809df67 in tcp_receive_loop (unix_sock=17) at tcp_read.c:893
>>> #12 0x08093969 in tcp_init_children (chd_rank=0x810dcd4) at
>>> tcp_main.c:1745
>>> #13 0x0806ce1e in main_loop () at main.c:1009
>>> #14 0x0806e8cb in main (argc=1, argv=0xbfad86f4) at main.c:1477
>>>
>>>
>>>
>>>
>>> Paulo Angonese escreveu:
>>>> Hi Bogdan,
>>>>
>>>> I´m sorry for my dumbness, but the backtrace log shows only this:
>>>>
>>>> [root at sx83 /]# gdb /usr/local/sbin/openser
>>>> GNU gdb Red Hat Linux (6.3.0.0-1.84rh)
>>>> Copyright 2004 Free Software Foundation, Inc.
>>>> GDB is free software, covered by the GNU General Public License,
>>>> and you are
>>>> welcome to change it and/or distribute copies of it under certain
>>>> conditions.
>>>> Type "show copying" to see the conditions.
>>>> There is absolutely no warranty for GDB. Type "show warranty" for
>>>> details.
>>>> This GDB was configured as "i386-redhat-linux-gnu"...Using host
>>>> libthread_db library "/lib/libthread_db.so.1".
>>>>
>>>> (gdb) run
>>>> Starting program: /usr/local/sbin/openser
>>>> Reading symbols from shared object read from target memory...done.
>>>> Loaded system supplied DSO at 0x6e9000
>>>> 0(2634) WARNING: fix_socket_list: could not rev. resolve
>>>> 10.128.63.183
>>>> 0(2634) WARNING: fix_socket_list: could not rev. resolve
>>>> 10.128.63.183
>>>> Listening on
>>>> udp: 10.128.63.183 [10.128.63.183]:5060
>>>> tls: 10.128.63.183 [10.128.63.183]:5061
>>>> Aliases:
>>>>
>>>> 0(2634) TLS: Client verification activated. Client certificates
>>>> are mandatory.
>>>> 0(2634) TLS: Server verification activated.
>>>> Detaching after fork from child process 2637.
>>>>
>>>> Program exited normally.
>>>> (gdb) 11(2669) ERROR: receive_fd: EOF on 14
>>>>
>>>>
>>>> The binaries are available in
>>>> ftp://ftp.procergs.com.br/pub/procergs/openser/openser-binaries.tgz
>>>>
>>>> SSH access is harder. This machine is in the intranet.
>>>>
>>>> Thanks
>>>>
>>>> Paulo
>>>>
>>>> Bogdan-Andrei Iancu escreveu:
>>>>> Hi Paulo,
>>>>>
>>>>> the core files without the binaries ( openser+modules (so) ) ar
>>>>> not usable. Let us first try the backtrace - could you send me the
>>>>> backtraces? Oterwise, please upload the binaries for download also.
>>>>>
>>>>> there is a simple way, if you could provide access to your machine
>>>>> (using ssh keys) and can directly inspect the core files.
>>>>>
>>>>> regards,
>>>>> bogdan
>>>>>
>>>>> Paulo Angonese wrote:
>>>>>> Ok.
>>>>>>
>>>>>> The core (two files was generated) and the full log (debug=9) are
>>>>>> in ftp://ftp.procergs.com.br/pub/procergs/openser
>>>>>>
>>>>>>
>>>>>>
>>>>>> Bogdan-Andrei Iancu escreveu:
>>>>>>> Hi Paulo,
>>>>>>>
>>>>>>> some suggestion :) - could you provide full log (debug) and
>>>>>>> core+binaries (for download) ? Or backtrace?
>>>>>>>
>>>>>>> regards,
>>>>>>> bogdan
>>>>>>>
>>>>>>> Paulo Angonese wrote:
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I have the same problem.
>>>>>>>> When the SNOM ( 360 SIP 6.5.2 ) sends the REGISTER using TLS
>>>>>>>> OpenSER crashes.
>>>>>>>> I´m using
>>>>>>>> OpenSer (1.1.1-tls (i386/linux)),
>>>>>>>> openssl-0.9.7f-7.10
>>>>>>>> openssl-devel-0.9.7f-7.10
>>>>>>>> Fedora 2.6.11-1.1369_FC4
>>>>>>>>
>>>>>>>> Any help?
>>>>>>>>
>>>>>>>> Thanks
>>>>>>>>
>>>>>>>> Paulo Angonese
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> [Users] CVS 31.03, TLS and dead tcp child
>>>>>>>> Bogdan-Andrei Iancu bogdan at voice-system.ro
>>>>>>>> Tue Oct 31 17:13:43 CET 2006
>>>>>>>>
>>>>>>>> * Previous message: [Users] CVS 31.03, TLS and dead tcp child
>>>>>>>> * Next message: [Users] Q:ABOUTE:SET UP MESSAGE FLOW
>>>>>>>> * Messages sorted by: [ date ] [ thread ] [ subject ] [
>>>>>>>> author ]
>>>>>>>>
>>>>>>>> Hi Frank,
>>>>>>>>
>>>>>>>> can you pack the cores + binaries (lib + exe) +
>>>>>>>> sources+logs(in debug
>>>>>>>> mode) and put it somewhere for download?
>>>>>>>> I will try to take a look.
>>>>>>>>
>>>>>>>> regards,
>>>>>>>> Bogdan
>>>>>>>>
>>>>>>>> Frank DInnocenzo wrote:
>>>>>>>>
>>>>>>>> > Bogdan,
>>>>>>>> >
>>>>>>>> > I am using openser-1.1.0-tls_src. I actually get two core
>>>>>>>> files after
>>>>>>>> > the crash. Can I post them somehow?
>>>>>>>> >
>>>>>>>> >
>>>>>>>> > # openser -V
>>>>>>>> > version: openser 1.1.0-tls (i386/linux)
>>>>>>>> > flags: STATS: Off, USE_IPV6, USE_TCP, USE_TLS, DISABLE_NAGLE,
>>>>>>>> > USE_MCAST, SHM_MEM, SHM_MMAP, PKG_MALLOC, F_MALLOC,
>>>>>>>> > FAST_LOCK-ADAPTIVE_WAIT
>>>>>>>> > ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144,
>>>>>>>> MAX_LISTEN 16,
>>>>>>>> > MAX_URI_SIZE 1024, BUF_SIZE 65535
>>>>>>>> > poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
>>>>>>>> > @(#) $Id: main.c,v 1.20 2006/07/04 17:25:54 bogdan_iancu Exp $
>>>>>>>> > main.c compiled on 14:27:50 Oct 24 2006 with gcc 4.0.0
>>>>>>>> >
>>>>>>>> > Thanks
>>>>>>>> > Frank
>>>>>>>> >
>>>>>>>> >
>>>>>>>> > */Bogdan-Andrei Iancu <bogdan at voice-system.ro>/* wrote:
>>>>>>>> >
>>>>>>>> > Hi Frank,
>>>>>>>> >
>>>>>>>> > I'm successfully using a SNOM 320 with TLS and no problem
>>>>>>>> so far.....
>>>>>>>> > What openser version are you using?...do you get any core
>>>>>>>> file
>>>>>>>> > after the
>>>>>>>> > crash??
>>>>>>>> >
>>>>>>>> > regards,
>>>>>>>> > bogdan
>>>>>>>> >
>>>>>>>> > Frank DInnocenzo wrote:
>>>>>>>> >
>>>>>>>> > > Hello,
>>>>>>>> > >
>>>>>>>> > > I'm new to openSer and wondered if there was any
>>>>>>>> resolution to this
>>>>>>>> > > post??? I'm hitting this same crash with openSer (with
>>>>>>>> TLS enabled)
>>>>>>>> > > using a Snom phone (300 with latest Beta firmware -
>>>>>>>> > > snom300-6.5-SIP-j.bin ). I've gone
>>>>>>>> > > through the archives looking for help getting this setup
>>>>>>>> > working. I've
>>>>>>>> > > also tried the Snom Softphone with the same result.
>>>>>>>> > >
>>>>>>>> > > Thanks
>>>>>>>> > > Frank
>>>>>>>> > >
>>>>>>>> > > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>> > >
>>>>>>>> > > Hi,
>>>>>>>> > >
>>>>>>>> > > I have tried to register to OpenSER CVS 31.03 with my
>>>>>>>> SNOM 360
>>>>>>>> > > (5.3.6sw), disabled pretty all modules from OpenSER
>>>>>>>> (radius,
>>>>>>>> > xlog, auth,
>>>>>>>> > > ...) and always the server crashes.
>>>>>>>> > >
>>>>>>>> > > Is there something I have missed in configuration ?
>>>>>>>> > >
>>>>>>>> > > Thanks a lot for help,
>>>>>>>> > > -Mika
>>>>>>>> > >
>>>>>>>> > > The error message and debug info seems like this:
>>>>>>>> > >
>>>>>>>> > > 11(24351) tcpconn_new: new tcp connection to:
>>>>>>>> XXX.XX.XX.XXX
>>>>>>>> > > 11(24351) tcpconn_new: on port 2171, type 3
>>>>>>>> > > 11(24351) tls_tcpconn_init: Entered: Creating a whole
>>>>>>>> new ssl
>>>>>>>> > connection
>>>>>>>> > > 11(24351) tls_tcpconn_init: Looking up tls domain
>>>>>>>> > [XXX.XX.XX.XXX:5061]
>>>>>>>> > > 11(24351) tls_tcpconn_init: Using default tls server
>>>>>>>> settings
>>>>>>>> > > 11(24351) tls_tcpconn_init: Setting in ACCEPT mode
>>>>>>>> (server)
>>>>>>>> > > 11(24351) tcpconn_add: hashes: 442, 1
>>>>>>>> > > 11(24351) handle_new_connect: new connection:
>>>>>>>> 0xb608f6a0 24
>>>>>>>> > flags: 0002
>>>>>>>> > > 11(24351) send2child: to tcp child 0 7(24347), 0xb608f6a0
>>>>>>>> > > 7(24347) received n=4 con=0xb608f6a0, fd=19
>>>>>>>> > > 7(24347) DBG: io_watch_add(0x810e580, 19, 2,
>>>>>>>> 0xb608f6a0), fd_no=1
>>>>>>>> > > 7(24347) tls_update_fd: New fd is 19
>>>>>>>> > > 11(24351) DBG: handle_tcp_child: dead tcp child 0 (pid
>>>>>>>> 24347, no 7)
>>>>>>>> > > (shutting down?)
>>>>>>>> > > 11(24351) DBG: io_watch_del (0x810e420, 17, -1, 0x0)
>>>>>>>> fd_no=16 called
>>>>>>>> > > 11(24351) ERROR: receive_fd: EOF on 15
>>>>>>>> > > 11(24351) DBG: handle_ser_child: dead child 7, pid 24347
>>>>>>>> > (shutting down?)
>>>>>>>> > > 11(24351) DBG: io_watch_del (0x810e420, 15, -1, 0x0)
>>>>>>>> fd_no=15 called
>>>>>>>> > > 0(24339) child process 24347 exited by a signal 11
>>>>>>>> > > 0(24339) core was generated
>>>>>>>> > > 0(24339) INFO: terminating due to SIGCHLD
>>>>>>>> > > 6(24346) INFO: signal 15 received
>>>>>>>> > > 6(24346) Memory status (pkg):
>>>>>>>>
>
More information about the sr-users
mailing list