[SR-Users] segmentation fault when mongodb & tls enabled. ( kamailio 4.3.2)
Jijo
realjijo at gmail.com
Fri Nov 6 13:19:27 CET 2015
Hi,
I tried with mongo-c-driver 1.2.1 and crash occurring with that library as
well. So i took the kamailio basic script and able to reproduce it. So the
issue is slightly diffrent now. Core occurs when i enable pike(ANTIFLOOD).
Another thing which i noticed is, core doesn't occur If i disable TLS and
enable pike.
Please find the attached script files for more details about my
configuration.
Here is the backtrace when i enable TLS and ANTIFLOOD
done.
Loaded symbols for
/usr/local/kamailio_proxy/lib64/kamailio/modules/ndb_mongodb.so
Reading symbols from /lib64/libnss_dns.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib64/libnss_dns.so.2
Core was generated by `/usr/local/kamailio_proxy/sbin/kamailio -f
/usr/local/kamailio_proxy/etc/kamail'.
Program terminated with signal 11, Segmentation fault.
#0 0x00000000005fef6f in compat_old_handler (ti=2030104642,
tl=0x7f9b68f7e130, data=0x7f9bffffffff) at timer.c:996
996 t->timer_f(TICKS_TO_S(*ticks), t->t_param);
Missing separate debuginfos, use: debuginfo-install
cyrus-sasl-lib-2.1.23-15.el6_6.2.x86_64
cyrus-sasl-plain-2.1.23-15.el6_6.2.x86_64 db4-4.7.25-20.el6_7.x86_64
glibc-2.12-1.166.el6_7.3.x86_64 keyutils-libs-1.4-5.el6.x86_64
krb5-libs-1.10.3-42.el6.x86_64 libcom_err-1.41.12-22.el6.x86_64
libcurl-7.19.7-46.el6.x86_64 libidn-1.18-2.el6.x86_64
libselinux-2.0.94-5.8.el6.x86_64 libssh2-1.4.2-1.el6_6.1.x86_64
libunistring-0.9.3-5.el6.x86_64 libxml2-2.7.6-20.el6.x86_64
nspr-4.10.8-1.el6_6.x86_64 nss-3.18.0-5.3.el6_6.x86_64
nss-softokn-freebl-3.14.3-22.el6_6.x86_64 nss-util-3.18.0-1.el6_6.x86_64
openldap-2.4.40-5.el6.x86_64 openssl-1.0.1e-42.el6.x86_64
zlib-1.2.3-29.el6.x86_64
(gdb) bt
#0 0x00000000005fef6f in compat_old_handler (ti=2030104642,
tl=0x7f9b68f7e130, data=0x7f9bffffffff) at timer.c:996
#1 0x00000000005ff94c in slow_timer_main () at timer.c:1130
#2 0x00000000004a8676 in main_loop () at main.c:1628
#3 0x00000000004ae38e in main (argc=15, argv=0x7ffc9cc0ec78) at main.c:2533
(gdb) quit
On Tue, Nov 3, 2015 at 10:04 AM, Daniel-Constantin Mierla <miconda at gmail.com
> wrote:
> Hello,
>
> I tried to reproduce here and all seems fine -- I enabled tls and
> registered a user using mongodb as backend.
>
> Can you give the parameters you set for usrloc module?
>
> Cheers,
> Daniel
>
>
> On 06/10/15 19:03, Jijo wrote:
>
> Thanks, I have opened the issue on github tracker.
>
> regards
> jijo
>
> On Tue, Oct 6, 2015 at 9:53 AM, Daniel-Constantin Mierla <
> <miconda at gmail.com>miconda at gmail.com> wrote:
>
>> Hello,
>>
>> unfortunately not yet -- this requires compiling the libs and currently I
>> am traveling to USA to attend few VoIP conferences, not having a good devel
>> environment with me, access to internet is limited, so connecting to a
>> server is not easy option as well. Can you open an issue on github tracker
>> just not to forget about it?
>>
>> Cheers,
>> Daniel
>>
>>
>> On 06/10/15 15:49, realjijo at gmail.com wrote:
>>
>> Hi Daniel
>>
>> Thanks for your help .
>>
>> Did you get a chance to look at this problem.
>> Please let me know how did you build the mongo-c-driver ?
>>
>>
>> Regards,
>> Jijo
>>
>> On Oct 2, 2015, at 7:21 AM, Jijo < <realjijo at gmail.com>realjijo at gmail.com>
>> wrote:
>>
>> I have rebuild the official version(4.3.2) again with the default scripts
>> and now i'm getting diffrent core.
>>
>> This happens only when i enable TLS module in kamailio. So i believe
>> there is some corruption causing when TLS module in Kamailio and SSL in
>> Mongo Driver is enabled.
>>
>> I'm running with the offical kamailio script by just enabling mongo
>> modules. It happens for NDB as well.
>>
>> How did you build the mongo driver when you implemented it? May be i can
>> try the same.
>>
>> Please find the scripts used for testing.
>>
>> Core was generated by `/usr/sbin/kamailio -P /var/run/kamailio.pid -m 64
>> -M 8'.
>>
>> Program terminated with signal 11, Segmentation fault.
>>
>> #0 0x00007f85a21da075 in lock_udomain (_d=0x7f859c7b5f08,
>> _aor=0x7fff6de7ef70) at udomain.c:1017
>>
>> 1017 lock_get(_d->table[sl].lock);
>>
>> Missing separate debuginfos, use: debuginfo-install
>> cyrus-sasl-lib-2.1.23-15.el6_6.2.x86_64
>> cyrus-sasl-plain-2.1.23-15.el6_6.2.x86_64 db4-4.7.25-19.el6_6.x86_64
>> glibc-2.12-1.166.el6_7.1.x86_64 keyutils-libs-1.4-5.el6.x86_64
>> krb5-libs-1.10.3-42.el6.x86_64 libcom_err-1.41.12-22.el6.x86_64
>> libselinux-2.0.94-5.8.el6.x86_64 nss-softokn-freebl-3.14.3-22.el6_6.x86_64
>> openssl-1.0.1e-42.el6.x86_64 zlib-1.2.3-29.el6.x86_64
>>
>> (gdb) bt
>>
>> #0 0x00007f85a21da075 in lock_udomain (_d=0x7f859c7b5f08,
>> _aor=0x7fff6de7ef70) at udomain.c:1017
>>
>> #1 0x00007f85a1d7069b in add_contacts (_m=0x7f85a3f054b8,
>> _d=0x7f859c7b5f08, _a=0x7fff6de7ef70, _mode=0, _use_regid=1) at save.c:831
>>
>> #2 0x00007f85a1d72602 in save (_m=0x7f85a3f054b8, _d=0x7f859c7b5f08,
>> _cflags=0, _uri=0x0) at save.c:986
>>
>> #3 0x00007f85a1d5975a in w_save2 (_m=0x7f85a3f054b8, _d=0x7f859c7b5f08
>> "h^{\234\205\177", _cflags=0x0) at reg_mod.c:414
>>
>> #4 0x000000000041decb in do_action (h=0x7fff6de7f720, a=0x7f85a3edd830,
>> msg=0x7f85a3f054b8) at action.c:1059
>>
>> #5 0x000000000042a553 in run_actions (h=0x7fff6de7f720,
>> a=0x7f85a3edd830, msg=0x7f85a3f054b8) at action.c:1548
>>
>> #6 0x000000000042abb8 in run_actions_safe (h=0x7fff6de80a10,
>> a=0x7f85a3edd830, msg=0x7f85a3f054b8) at action.c:1613
>>
>> #7 0x0000000000543d50 in rval_get_int (h=0x7fff6de80a10,
>> msg=0x7f85a3f054b8, i=0x7fff6de7fbf8, rv=0x7f85a3edf478, cache=0x0) at
>> rvalue.c:912
>>
>> #8 0x0000000000547f88 in rval_expr_eval_int (h=0x7fff6de80a10,
>> msg=0x7f85a3f054b8, res=0x7fff6de7fbf8, rve=0x7f85a3edf470) at rvalue.c:1906
>>
>> #9 0x000000000054837e in rval_expr_eval_int (h=0x7fff6de80a10,
>> msg=0x7f85a3f054b8, res=0x7fff6de80080, rve=0x7f85a3edfb70) at rvalue.c:1914
>>
>> #10 0x000000000041d927 in do_action (h=0x7fff6de80a10, a=0x7f85a3ee0270,
>> msg=0x7f85a3f054b8) at action.c:1029
>>
>> #11 0x000000000042a553 in run_actions (h=0x7fff6de80a10,
>> a=0x7f85a3edc990, msg=0x7f85a3f054b8) at action.c:1548
>>
>> #12 0x000000000041a8c3 in do_action (h=0x7fff6de80a10, a=0x7f85a3ebdd98,
>> msg=0x7f85a3f054b8) at action.c:677
>>
>> #13 0x000000000042a553 in run_actions (h=0x7fff6de80a10,
>> a=0x7f85a3ebdb08, msg=0x7f85a3f054b8) at action.c:1548
>>
>> #14 0x000000000042ac80 in run_top_route (a=0x7f85a3ebdb08,
>> msg=0x7f85a3f054b8, c=0x0) at action.c:1634
>>
>> #15 0x000000000050a9f4 in receive_msg (
>>
>> buf=0xa70b00 "REGISTER sip:192.168.2.142 SIP/2.0\r\nVia: SIP/2.0/UDP
>> 192.168.2.119:60887;branch=z9hG4bK-524287-1---d670bd2004732b4a;rport\r\nMax-Forwards:
>> 70\r\nContact: <sip:usera at 192.168.2.119:60887;rinstance=d9f6274d7"...,
>> len=534, rcv_info=0x7fff6de80d00) at receive.c:196
>>
>> #16 0x000000000060a4a6 in udp_rcv_loop () at udp_server.c:495
>>
>> #17 0x00000000004a7fb3 in main_loop () at main.c:1573
>>
>> #18 0x00000000004ae38e in main (argc=7, argv=0x7fff6de81138) at
>> main.c:2533
>>
>> (gdb) quit
>>
>> [root at localhost /
>>
>>
>> On Thu, Oct 1, 2015 at 12:29 PM, Daniel-Constantin Mierla <
>> miconda at gmail.com> wrote:
>>
>>> If you recompiled with different souce code or different flags then the
>>> binary is no longer matching the corefile properly.
>>>
>>> Cheers,
>>> Daniel
>>>
>>>
>>> On 01/10/15 17:00, Jijo wrote:
>>>
>>> Why the backtrace doesn't show the timer function pointer? Am i missing
>>> something?
>>>
>>> Im building the mongo-c-driver as below
>>> get the tar file from
>>> <https://github.com/mongodb/mongo-c-driver/releases/download/1.1.11/mongo-c-driver-1.1.11.tar.gz>
>>> https://github.com/mongodb/mongo-c-driver/releases/download/1.1.11/mongo-c-driver-1.1.11.tar.gz
>>> run the rpm build using the spec file attached.
>>> To disable the ssl, i have modified '--enable-ssl=no' in the configure
>>> command in the spec file
>>> %configure --disable-static --disable-silent-rules
>>> --enable-debug-symbols --enable-man-pages --enable-ssl=yes --enable-sasl
>>> --with-libbson=bundled --enable-optimizations
>>>
>>> In kamailio im using db_mongodb. I'm getting same error for
>>> ndb_mongodb as well.
>>>
>>> Please find the kamailio config scripts.
>>>
>>> On Thu, Oct 1, 2015 at 10:43 AM, Daniel-Constantin Mierla <
>>> <miconda at gmail.com>miconda at gmail.com> wrote:
>>>
>>>> Hello,
>>>>
>>>> the bracktrace is not useful.
>>>>
>>>> How did you compile the mongo-c library before and were there any
>>>> special parameters you set to the modules in kamailio config? Are you using
>>>> db_mongodb or ndb_mongodb?
>>>>
>>>> Cheers,
>>>> Daniel
>>>>
>>>>
>>>>
>>>> On 01/10/15 16:25, Jijo wrote:
>>>>
>>>> Hi Daniel,
>>>>
>>>> Thanks.. As a sidenote, If i disable ssl from mongo-c-driver library
>>>> then i don't have any crash..
>>>>
>>>> Something changed in my environment. Im not able to get the full
>>>> backtrace. This is what i'm getting now.
>>>>
>>>>
>>>>
>>>> aded symbols for /lib64/liblber-2.4.so.2
>>>> Reading symbols from /lib64/libnss_dns-2.12.so...Reading symbols from
>>>> /usr/lib/debug/lib64/libnss_dns-2.12.so.debug...done.
>>>> done.
>>>> Loaded symbols for /lib64/libnss_dns-2.12.so
>>>> Core was generated by `/usr/local/kamailio_proxy/sbin/kamailio -f
>>>> /usr/local/kamailio_proxy/etc/kamail'.
>>>> Program terminated with signal 11, Segmentation fault.
>>>> #0 0x00007f69ffffffff in ?? ()
>>>> Missing separate debuginfos, use: debuginfo-install
>>>> cyrus-sasl-lib-2.1.23-15.el6_6.2.x86_64
>>>> cyrus-sasl-plain-2.1.23-15.el6_6.2.x86_64 db4-4.7.25-19.el6_6.x86_64
>>>> keyutils-libs-1.4-5.el6.x86_64 krb5-libs-1.10.3-42.el6.x86_64
>>>> libcom_err-1.41.12-22.el6.x86_64 libcurl-7.19.7-46.el6.x86_64
>>>> libidn-1.18-2.el6.x86_64 libselinux-2.0.94-5.8.el6.x86_64
>>>> libssh2-1.4.2-1.el6_6.1.x86_64 libunistring-0.9.3-5.el6.x86_64
>>>> libxml2-2.7.6-20.el6.x86_64 mysql-libs-5.1.73-5.el6_6.x86_64
>>>> nspr-4.10.8-1.el6_6.x86_64 nss-3.18.0-5.3.el6_6.x86_64
>>>> nss-util-3.18.0-1.el6_6.x86_64 openldap-2.4.40-5.el6.x86_64
>>>> openssl-1.0.1e-42.el6.x86_64 zlib-1.2.3-29.el6.x86_64
>>>> (gdb) bt
>>>> #0 0x00007f69ffffffff in ?? ()
>>>> #1 0x00000000005fef8e in compat_old_handler (ti=69660042,
>>>> tl=0x7f693e736d50, data=0x7f693e736d50) at timer.c:996
>>>> #2 0x00000000005ff94c in slow_timer_main () at timer.c:1130
>>>> #3 0x00000000004a8676 in main_loop () at main.c:1628
>>>> #4 0x00000000004ae38e in main (argc=15, argv=0x7ffdd0dc8848) at
>>>> main.c:2533
>>>> (gdb)
>>>>
>>>>
>>>>
>>>> On Thu, Oct 1, 2015 at 2:37 AM, Daniel-Constantin Mierla <
>>>> <miconda at gmail.com>miconda at gmail.com> wrote:
>>>>
>>>>> The first backtrace is related to pike. Can you get from gdb of fisrt
>>>>> trace:
>>>>>
>>>>> frame 2
>>>>> p root->entries[b]
>>>>>
>>>>> Cheers,
>>>>> Daniel
>>>>>
>>>>>
>>>>> On 30/09/15 16:19, Jijo wrote:
>>>>>
>>>>> I'm observing a segmentation fault when mongodb & tls enabled. It
>>>>> doesn't happen when one of the module is disabled.
>>>>> OS: centos 6.7 kamailio 4.3.2 mongo-c-driver version 1.1.10.
>>>>>
>>>>> It happens immediately after i register a subscriber. The location
>>>>> table is updated with the new data and in parallel core is generated as
>>>>> well.
>>>>>
>>>>>
>>>>>
>>>>> Loaded symbols for /lib64/libnss_dns-2.12.so
>>>>> Core was generated by `/usr/local/kamailio_proxy/sbin/kamailio -f
>>>>> /usr/local/kamailio_proxy/etc/kamail'.
>>>>> Program terminated with signal 11, Segmentation fault.
>>>>> #0 0x00007fd3adf65e69 in atomic_cmpxchg_int (var=0x56444e3055445030,
>>>>> old=0, new_v=1) at ../../atomic/atomic_x86.h:233
>>>>> 233 ATOMIC_FUNC_CMPXCHG(cmpxchg, "cmpxchgl %2, %1", int , int)
>>>>> Missing separate debuginfos, use: debuginfo-install
>>>>> cyrus-sasl-lib-2.1.23-15.el6_6.2.x86_64
>>>>> cyrus-sasl-plain-2.1.23-15.el6_6.2.x86_64 db4-4.7.25-19.el6_6.x86_64
>>>>> keyutils-libs-1.4-5.el6.x86_64 krb5-libs-1.10.3-42.el6.x86_64
>>>>> libcom_err-1.41.12-22.el6.x86_64 libcurl-7.19.7-46.el6.x86_64
>>>>> libidn-1.18-2.el6.x86_64 libselinux-2.0.94-5.8.el6.x86_64
>>>>> libssh2-1.4.2-1.el6_6.1.x86_64 libunistring-0.9.3-5.el6.x86_64
>>>>> libxml2-2.7.6-20.el6.x86_64 mysql-libs-5.1.73-5.el6_6.x86_64
>>>>> nspr-4.10.8-1.el6_6.x86_64 nss-3.18.0-5.3.el6_6.x86_64
>>>>> nss-util-3.18.0-1.el6_6.x86_64 openldap-2.4.40-5.el6.x86_64
>>>>> openssl-1.0.1e-42.el6.x86_64 zlib-1.2.3-29.el6.x86_64
>>>>> (gdb) bt
>>>>> #0 0x00007fd3adf65e69 in atomic_cmpxchg_int (var=0x56444e3055445030,
>>>>> old=0, new_v=1) at ../../atomic/atomic_x86.h:233
>>>>> #1 0x00007fd3adf65eb6 in futex_get (lock=0x56444e3055445030) at
>>>>> ../../futexlock.h:99
>>>>> #2 0x00007fd3adf66468 in prv_lock_tree_branch (b=192 '\300') at
>>>>> ip_tree.c:47
>>>>> #3 0x00007fd3adf664e5 in lock_tree_branch (b=192 '\300') at
>>>>> ip_tree.c:66
>>>>> #4 0x00007fd3adf6dda6 in swap_routine (ticks=123206032, param=0x0) at
>>>>> pike_funcs.c:293
>>>>> #5 0x00000000005fef8e in compat_old_handler (ti=1971296512,
>>>>> tl=0x7fd32ccea430, data=0x7fd32ccea430) at timer.c:996
>>>>> #6 0x00000000005ff94c in slow_timer_main () at timer.c:1130
>>>>> #7 0x00000000004a8676 in main_loop () at main.c:1628
>>>>> #8 0x00000000004ae38e in main (argc=11, argv=0x7fff1d97ec28) at
>>>>> main.c:2533
>>>>> (gdb)
>>>>>
>>>>>
>>>>> On Clean up after the core, mongo db does segmentation fault as well
>>>>>
>>>>> Loaded symbols for /lib64/libnss_files-2.12.so
>>>>> Reading symbols from /lib64/libnss_dns-2.12.so...Reading symbols from
>>>>> /usr/lib/debug/lib64/libnss_dns-2.12.so.debug...done.
>>>>> done.
>>>>> Loaded symbols for /lib64/libnss_dns-2.12.so
>>>>> Core was generated by `/usr/local/kamailio_proxy/sbin/kamailio -f
>>>>> /usr/local/kamailio_proxy/etc/kamail'.
>>>>> Program terminated with signal 11, Segmentation fault.
>>>>> #0 __pthread_mutex_destroy (mutex=0x7fd32cce7be8) at
>>>>> pthread_mutex_destroy.c:28
>>>>> 28 if ((mutex->__data.__kind & PTHREAD_MUTEX_ROBUST_NORMAL_NP) == 0
>>>>> Missing separate debuginfos, use: debuginfo-install
>>>>> cyrus-sasl-lib-2.1.23-15.el6_6.2.x86_64
>>>>> cyrus-sasl-plain-2.1.23-15.el6_6.2.x86_64 db4-4.7.25-19.el6_6.x86_64
>>>>> keyutils-libs-1.4-5.el6.x86_64 krb5-libs-1.10.3-42.el6.x86_64
>>>>> libcom_err-1.41.12-22.el6.x86_64 libcurl-7.19.7-46.el6.x86_64
>>>>> libidn-1.18-2.el6.x86_64 libselinux-2.0.94-5.8.el6.x86_64
>>>>> libssh2-1.4.2-1.el6_6.1.x86_64 libunistring-0.9.3-5.el6.x86_64
>>>>> libxml2-2.7.6-20.el6.x86_64 mysql-libs-5.1.73-5.el6_6.x86_64
>>>>> nspr-4.10.8-1.el6_6.x86_64 nss-3.18.0-5.3.el6_6.x86_64
>>>>> nss-util-3.18.0-1.el6_6.x86_64 openldap-2.4.40-5.el6.x86_64
>>>>> openssl-1.0.1e-42.el6.x86_64 zlib-1.2.3-29.el6.x86_64
>>>>> (gdb) bt
>>>>> #0 __pthread_mutex_destroy (mutex=0x7fd32cce7be8) at
>>>>> pthread_mutex_destroy.c:28
>>>>> #1 0x00007fd32c86f9e6 in _mongoc_ssl_thread_cleanup () at
>>>>> src/mongoc/mongoc-ssl.c:555
>>>>> #2 _mongoc_ssl_cleanup () at src/mongoc/mongoc-ssl.c:106
>>>>> #3 0x00007fd32c8606a9 in _mongoc_do_cleanup () at
>>>>> src/mongoc/mongoc-init.c:127
>>>>> #4 0x000000344480cdb3 in pthread_once () at
>>>>> ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_once.S:104
>>>>> #5 0x00007fd32c8523df in __do_global_dtors_aux () from
>>>>> /usr/lib64/libmongoc-1.0.so.0.0.0
>>>>> #6 0x0000000000000000 in ?? ()
>>>>> (gdb)
>>>>>
>>>>>
>>>>>
>>>>> mongo-c-driver version 1.1.10
>>>>>
>>>>> version: kamailio 4.3.2 (x86_64/linux) b5980b-dirty
>>>>> flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS,
>>>>> USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP,
>>>>> PKG_MALLOC, F_MALLOC, DBG_F_MALLOC, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT,
>>>>> USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST,
>>>>> HAVE_RESOLV_RES
>>>>> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
>>>>> MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
>>>>> poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
>>>>> id: b5980b -dirty
>>>>> compiled on 13:35:24 Sep 28 2015 with gcc 4.
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing listsr-users at lists.sip-router.orghttp://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>>>
>>>>>
>>>>> --
>>>>> Daniel-Constantin Mierlahttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
>>>>> Book: SIP Routing With Kamailio - http://www.asipto.com
>>>>> Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>>> <sr-users at lists.sip-router.org>sr-users at lists.sip-router.org
>>>>> <http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users>
>>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>>>
>>>>>
>>>>
>>>> --
>>>> Daniel-Constantin Mierlahttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
>>>> Book: SIP Routing With Kamailio - http://www.asipto.com
>>>> Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat
>>>>
>>>>
>>>
>>> --
>>> Daniel-Constantin Mierlahttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
>>> Book: SIP Routing With Kamailio - http://www.asipto.com
>>> Kamailio Advanced Training, Sep 28-30, 2015, in Berlin - http://asipto.com/u/kat
>>>
>>>
>> <kamailio-local.cfg>
>>
>> <kamailio.cfg>
>>
>>
>> --
>> Daniel-Constantin Mierlahttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
>> Book: SIP Routing With Kamailio - http://www.asipto.com
>>
>>
>
> --
> Daniel-Constantin Mierlahttp://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
> Book: SIP Routing With Kamailio - http://www.asipto.com
>
> Kamailio Advanced Training, Nov 30-Dec 2, Berlin - http://asipto.com/kat
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20151106/fb8e983a/attachment.html>
-------------- next part --------------
# WITH_MONGO DB is for replacement of Local DB with Mongo DB
#!define WITH_MONGODB
# WITH_NDB_MONGODB is interface for accessing mongodb directly.
#!define WITH_NDB_MONGODB
#!define WITH_ANTIFLOOD
# #!define WITH_MYSQL
#!define WITH_TLS
# - Local IP
#!substdef "!IP_ADDR!192.168.2.105!g"
# - SIP
#!substdef "!SIP_PORT!5060!g"
#!substdef "!SIP_TLS_PORT!5061!g"
# - WEBSOCKET
#!substdef "!WS_PORT!8080!g"
#!substdef "!WSS_PORT!443!g"
# - DB
#!ifdef WITH_MONGODB
# http://www.kamailio.org/wiki/tutorials/kamailio-and-mongodb
#!define DBURL "mongodb://localhost/kamailio"
# With User Name & Password
# #!define DBURL "mongodb://username:password@localhost/kamailio"
#!else
#!define DBURL 'mysql://kamailio:kamailiorw@localhost/kamailio'
#!endif
# - LOG
#!define DEBUG_LVL 2
# Yes to Log to a File, No for the Terminal
#!define LOG_STDERR no
-------------- next part --------------
#!KAMAILIO
#
# Kamailio (OpenSER) SIP Server v4.3 - default configuration script
# - web: http://www.kamailio.org
# - git: http://sip-router.org
#
# Direct your questions about this file to: <sr-users at lists.sip-router.org>
#
# Refer to the Core CookBook at http://www.kamailio.org/wiki/
# for an explanation of possible statements, functions and parameters.
#
# Several features can be enabled using '#!define WITH_FEATURE' directives:
#
# *** To run in debug mode:
# - define WITH_DEBUG
#
# *** To enable mysql:
# - define WITH_MYSQL
#
# *** To enable authentication execute:
# - enable mysql
# - define WITH_AUTH
# - add users using 'kamctl'
#
# *** To enable IP authentication execute:
# - enable mysql
# - enable authentication
# - define WITH_IPAUTH
# - add IP addresses with group id '1' to 'address' table
#
# *** To enable persistent user location execute:
# - enable mysql
# - define WITH_USRLOCDB
#
# *** To enable nat traversal execute:
# - define WITH_NAT
# - install RTPProxy: http://www.rtpproxy.org
# - start RTPProxy:
# rtpproxy -l _your_public_ip_ -s udp:localhost:7722
# - option for NAT SIP OPTIONS keepalives: WITH_NATSIPPING
#
# *** To enable TLS support execute:
# - adjust CFGDIR/tls.cfg as needed
# - define WITH_TLS
#
# *** To enhance accounting execute:
# - enable mysql
# - define WITH_ACCDB
# - add following columns to database
#!ifdef ACCDB_COMMENT
ALTER TABLE acc ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT '';
ALTER TABLE acc ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT '';
ALTER TABLE acc ADD COLUMN src_ip varchar(64) NOT NULL default '';
ALTER TABLE acc ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT '';
ALTER TABLE acc ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT '';
ALTER TABLE acc ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT '';
ALTER TABLE missed_calls ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT '';
ALTER TABLE missed_calls ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT '';
ALTER TABLE missed_calls ADD COLUMN src_ip varchar(64) NOT NULL default '';
ALTER TABLE missed_calls ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT '';
ALTER TABLE missed_calls ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT '';
ALTER TABLE missed_calls ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT '';
#!endif
####### Include Local Config If Exists #########
import_file "kamailio-local.cfg"
####### Defined Values #########
# *** Value defines - IDs used later in config
#!ifdef WITH_MYSQL
# - database URL - used to connect to database server by modules such
# as: auth_db, acc, usrloc, a.s.o.
#!ifndef DBURL
#!define DBURL "mysql://kamailio:kamailiorw@localhost/kamailio"
#!endif
#!endif
#!define MULTIDOMAIN 0
# - flags
# FLT_ - per transaction (message) flags
# FLB_ - per branch flags
#!define FLT_ACC 1
#!define FLT_ACCMISSED 2
#!define FLT_ACCFAILED 3
#!define FLT_NATS 5
#!define FLB_NATB 6
#!define FLB_NATSIPPING 7
####### Global Parameters #########
### LOG Levels: 3=DBG, 2=INFO, 1=NOTICE, 0=WARN, -1=ERR
#!ifdef WITH_DEBUG
debug=4
log_stderror=yes
#!else
debug=2
log_stderror=no
#!endif
memdbg=5
memlog=5
log_facility=LOG_LOCAL0
fork=yes
children=4
/* uncomment the next line to disable TCP (default on) */
#disable_tcp=yes
/* uncomment the next line to disable the auto discovery of local aliases
based on reverse DNS on IPs (default on) */
#auto_aliases=no
/* add local domain aliases */
#alias="sip.mydomain.com"
/* uncomment and configure the following line if you want Kamailio to
bind on a specific interface/port/proto (default bind on all available) */
listen=udp:192.168.2.105:5060
listen=tcp:192.168.2.105:5060
listen=tcp:192.168.2.105:8080
#!ifdef WITH_TLS
listen=tls:192.168.2.105:5061
#!endif
listen=tls:192.168.2.105:443
/* port to listen to
* - can be specified more than once if needed to listen on many ports */
#port=5060
#!ifdef WITH_TLS
enable_tls=yes
#!endif
# life time of TCP connection when there is no traffic
# - a bit higher than registration expires to cope with UA behind NAT
tcp_connection_lifetime=3605
####### Modules Section ########
# set paths to location of modules (to sources or installation folders)
#!ifdef WITH_SRCPATH
mpath="modules"
#!else
mpath="/usr/local/kamailio_proxy/lib64/kamailio/modules/"
#!endif
#!ifdef WITH_MYSQL
loadmodule "db_mysql.so"
#!endif
loadmodule "mi_fifo.so"
loadmodule "kex.so"
loadmodule "corex.so"
loadmodule "tm.so"
loadmodule "tmx.so"
loadmodule "sl.so"
loadmodule "rr.so"
loadmodule "pv.so"
loadmodule "maxfwd.so"
loadmodule "usrloc.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "siputils.so"
loadmodule "xlog.so"
loadmodule "sanity.so"
loadmodule "ctl.so"
loadmodule "cfg_rpc.so"
loadmodule "mi_rpc.so"
loadmodule "acc.so"
#!ifdef WITH_AUTH
loadmodule "auth.so"
loadmodule "auth_db.so"
#!ifdef WITH_IPAUTH
loadmodule "permissions.so"
#!endif
#!endif
#!ifdef WITH_NAT
loadmodule "nathelper.so"
loadmodule "rtpproxy.so"
#!endif
#!ifdef WITH_TLS
loadmodule "tls.so"
#!endif
#!ifdef WITH_DEBUG
loadmodule "debugger.so"
#!endif
loadmodule "xhttp.so"
loadmodule "websocket.so"
loadmodule "nathelper.so"
loadmodule "htable.so"
loadmodule "utils.so"
#!ifdef WITH_ANTIFLOOD
loadmodule "pike.so"
#!endif
#!ifdef WITH_MONGODB
loadmodule "db_mongodb.so"
#!endif
#!ifdef WITH_NDB_MONGODB
loadmodule "ndb_mongodb.so"
#!endif
# ----------------- setting module-specific parameters ---------------
# ----- htable ----
modparam("htable", "htable", "wsconn=>size=100;")
modparam("htable", "htable", "pushcnt=>size=100;")
#!ifdef WITH_ANTIFLOOD
# ----- pike params -----
modparam("pike", "sampling_time_unit", 2)
modparam("pike", "reqs_density_per_unit", 16)
modparam("pike", "remove_latency", 4)
# ----- htable params -----
# ip ban htable with autoexpire after 5 minutes
modparam("htable", "htable", "ipban=>size=8;autoexpire=300;")
#!endif
#!ifdef WITH_MONGODB
modparam("usrloc", "db_insert_null", 1)
#!endif
#!ifdef WITH_NDB_MONGODB
modparam("ndb_mongodb", "server", "name=mgs1;uri='mongodb://localhost/kamailio'")
#!endif
# ----------------- setting module-specific parameters ---------------
# ----- mi_fifo params -----
modparam("mi_fifo", "fifo_name", "/var/run/kamailio_proxy/kamailio_fifo")
# ----- ctl params -----
modparam("ctl", "binrpc", "unix:/var/run/kamailio_proxy/kamailio_ctl")
# ----- tm params -----
# auto-discard branches from previous serial forking leg
modparam("tm", "failure_reply_mode", 3)
# default retransmission timeout: 30sec
modparam("tm", "fr_timer", 30000)
# default invite retransmission timeout after 1xx: 120sec
modparam("tm", "fr_inv_timer", 120000)
# ----- rr params -----
# add value to ;lr param to cope with most of the UAs
modparam("rr", "enable_full_lr", 1)
# do not append from tag to the RR (no need for this script)
modparam("rr", "append_fromtag", 0)
# ----- registrar params -----
modparam("registrar", "method_filtering", 1)
/* uncomment the next line to disable parallel forking via location */
# modparam("registrar", "append_branches", 0)
/* uncomment the next line not to allow more than 10 contacts per AOR */
#modparam("registrar", "max_contacts", 10)
# max value for expires of registrations
modparam("registrar", "max_expires", 3600)
# set it to 1 to enable GRUU
modparam("registrar", "gruu_enabled", 0)
# ----- acc params -----
/* what special events should be accounted ? */
modparam("acc", "early_media", 0)
modparam("acc", "report_ack", 0)
modparam("acc", "report_cancels", 0)
/* by default ww do not adjust the direct of the sequential requests.
if you enable this parameter, be sure the enable "append_fromtag"
in "rr" module */
modparam("acc", "detect_direction", 0)
/* account triggers (flags) */
modparam("acc", "log_flag", FLT_ACC)
modparam("acc", "log_missed_flag", FLT_ACCMISSED)
modparam("acc", "log_extra",
"src_user=$fU;src_domain=$fd;src_ip=$si;"
"dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
modparam("acc", "failed_transaction_flag", FLT_ACCFAILED)
/* enhanced DB accounting */
#!ifdef WITH_ACCDB
modparam("acc", "db_flag", FLT_ACC)
modparam("acc", "db_missed_flag", FLT_ACCMISSED)
modparam("acc", "db_url", DBURL)
modparam("acc", "db_extra",
"src_user=$fU;src_domain=$fd;src_ip=$si;"
"dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
#!endif
# ----- usrloc params -----
/* enable DB persistency for location entries */
#!ifdef WITH_USRLOCDB
modparam("usrloc", "db_url", DBURL)
modparam("usrloc", "db_mode", 2)
modparam("usrloc", "use_domain", MULTIDOMAIN)
#!endif
# ----- auth_db params -----
#!ifdef WITH_AUTH
modparam("auth_db", "db_url", DBURL)
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")
modparam("auth_db", "load_credentials", "")
modparam("auth_db", "use_domain", MULTIDOMAIN)
# ----- permissions params -----
#!ifdef WITH_IPAUTH
modparam("permissions", "db_url", DBURL)
modparam("permissions", "db_mode", 1)
#!endif
#!endif
#!ifdef WITH_NAT
# ----- rtpproxy params -----
modparam("rtpproxy", "rtpproxy_sock", "udp:127.0.0.1:7722")
# ----- nathelper params -----
modparam("nathelper", "natping_interval", 30)
modparam("nathelper", "ping_nated_only", 1)
modparam("nathelper", "sipping_bflag", FLB_NATSIPPING)
modparam("nathelper", "sipping_from", "sip:pinger at kamailio.org")
# params needed for NAT traversal in other modules
modparam("nathelper|registrar", "received_avp", "$avp(RECEIVED)")
modparam("usrloc", "nat_bflag", FLB_NATB)
#!endif
#!ifdef WITH_TLS
# ----- tls params -----
modparam("tls", "config", "/usr/local/kamailio_proxy/etc/kamailio/tls.cfg")
#!endif
#!ifdef WITH_DEBUG
# ----- debugger params -----
modparam("debugger", "cfgtrace", 1)
#!endif
####### Routing Logic ########
# Main SIP request routing logic
# - processing of any incoming SIP request starts with this route
# - note: this is the same as route { ... }
request_route {
# per request initial checks
route(REQINIT);
# NAT detection
route(NATDETECT);
# CANCEL processing
if (is_method("CANCEL")) {
if (t_check_trans()) {
route(RELAY);
}
exit;
}
# handle requests within SIP dialogs
route(WITHINDLG);
### only initial requests (no To tag)
# handle retransmissions
if(t_precheck_trans()) {
t_check_trans();
exit;
}
t_check_trans();
# authentication
route(AUTH);
# record routing for dialog forming requests (in case they are routed)
# - remove preloaded route headers
remove_hf("Route");
if (is_method("INVITE|SUBSCRIBE"))
record_route();
# account only INVITEs
if (is_method("INVITE")) {
setflag(FLT_ACC); # do accounting
}
# dispatch requests to foreign domains
route(SIPOUT);
### requests for my local domains
# handle registrations
route(REGISTRAR);
if ($rU==$null) {
# request with no Username in RURI
sl_send_reply("484","Address Incomplete");
exit;
}
# user location service
route(LOCATION);
}
route[RELAY] {
# enable additional event routes for forwarded requests
# - serial forking, RTP relaying handling, a.s.o.
if (is_method("INVITE|BYE|SUBSCRIBE|UPDATE")) {
if(!t_is_set("branch_route")) t_on_branch("MANAGE_BRANCH");
}
if (is_method("INVITE|SUBSCRIBE|UPDATE")) {
if(!t_is_set("onreply_route")) t_on_reply("MANAGE_REPLY");
}
if (is_method("INVITE")) {
if(!t_is_set("failure_route")) t_on_failure("MANAGE_FAILURE");
}
if (!t_relay()) {
sl_reply_error();
}
exit;
}
# Per SIP request initial checks
route[REQINIT] {
#!ifdef WITH_ANTIFLOOD
# flood dection from same IP and traffic ban for a while
# be sure you exclude checking trusted peers, such as pstn gateways
# - local host excluded (e.g., loop to self)
if(src_ip!=myself) {
if($sht(ipban=>$si)!=$null) {
# ip is already blocked
xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)\n");
exit;
}
if (!pike_check_req()) {
xlog("L_ALERT","ALERT: pike blocking $rm from $fu (IP:$si:$sp)\n");
$sht(ipban=>$si) = 1;
exit;
}
}
if($ua =~ "friendly-scanner") {
sl_send_reply("200", "OK");
exit;
}
#!endif
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
}
if(is_method("OPTIONS") && uri==myself && $rU==$null) {
sl_send_reply("200","Keepalive");
exit;
}
if(!sanity_check("1511", "7")) {
xlog("Malformed SIP message from $si:$sp\n");
exit;
}
}
# Handle requests within SIP dialogs
route[WITHINDLG] {
if (!has_totag()) return;
# sequential request withing a dialog should
# take the path determined by record-routing
if (loose_route()) {
route(DLGURI);
if (is_method("BYE")) {
setflag(FLT_ACC); # do accounting ...
setflag(FLT_ACCFAILED); # ... even if the transaction fails
}
else if ( is_method("ACK") ) {
# ACK is forwarded statelessy
route(NATMANAGE);
}
else if ( is_method("NOTIFY") ) {
# Add Record-Route for in-dialog NOTIFY as per RFC 6665.
record_route();
}
route(RELAY);
exit;
}
if ( is_method("ACK") ) {
if ( t_check_trans() ) {
# no loose-route, but stateful ACK;
# must be an ACK after a 487
# or e.g. 404 from upstream server
route(RELAY);
exit;
} else {
# ACK without matching transaction ... ignore and discard
exit;
}
}
sl_send_reply("404", "Not here");
exit;
}
# Handle SIP registrations
route[REGISTRAR] {
if (!is_method("REGISTER")) return;
if(isflagset(FLT_NATS)) {
setbflag(FLB_NATB);
#!ifdef WITH_NATSIPPING
# do SIP NAT pinging
setbflag(FLB_NATSIPPING);
#!endif
}
if (!save("location"))
sl_reply_error();
exit;
}
# User location service
route[LOCATION] {
if (!lookup("location")) {
$var(rc) = $rc;
t_newtran();
switch ($var(rc)) {
case -1:
case -3:
send_reply("404", "Not Found");
exit;
case -2:
send_reply("405", "Method Not Allowed");
exit;
}
}
# when routing via usrloc, log the missed calls also
if (is_method("INVITE")) {
setflag(FLT_ACCMISSED);
}
route(RELAY);
exit;
}
# IP authorization and user uthentication
route[AUTH] {
#!ifdef WITH_AUTH
#!ifdef WITH_IPAUTH
if((!is_method("REGISTER")) && allow_source_address()) {
# source IP allowed
return;
}
#!endif
if (is_method("REGISTER") || from_uri==myself) {
# authenticate requests
if (!auth_check("$fd", "subscriber", "1")) {
auth_challenge("$fd", "0");
exit;
}
# user authenticated - remove auth header
if(!is_method("REGISTER|PUBLISH"))
consume_credentials();
}
# if caller is not local subscriber, then check if it calls
# a local destination, otherwise deny, not an open relay here
if (from_uri!=myself && uri!=myself) {
sl_send_reply("403","Not relaying");
exit;
}
#!endif
return;
}
# Caller NAT detection
route[NATDETECT] {
#!ifdef WITH_NAT
force_rport();
if (nat_uac_test("19")) {
if (is_method("REGISTER")) {
fix_nated_register();
} else {
if(is_first_hop())
set_contact_alias();
}
setflag(FLT_NATS);
}
#!endif
return;
}
# RTPProxy control
route[NATMANAGE] {
#!ifdef WITH_NAT
if (is_request()) {
if(has_totag()) {
if(check_route_param("nat=yes")) {
setbflag(FLB_NATB);
}
}
}
if (!(isflagset(FLT_NATS) || isbflagset(FLB_NATB)))
return;
rtpproxy_manage("co");
if (is_request()) {
if (!has_totag()) {
if(t_is_branch_route()) {
add_rr_param(";nat=yes");
}
}
}
if (is_reply()) {
if(isbflagset(FLB_NATB)) {
set_contact_alias();
}
}
#!endif
return;
}
# URI update for dialog requests
route[DLGURI] {
#!ifdef WITH_NAT
if(!isdsturiset()) {
handle_ruri_alias();
}
#!endif
return;
}
# Routing to foreign domains
route[SIPOUT] {
if (uri==myself) return;
append_hf("P-hint: outbound\r\n");
route(RELAY);
exit;
}
# Manage outgoing branches
branch_route[MANAGE_BRANCH] {
xdbg("new branch [$T_branch_idx] to $ru\n");
route(NATMANAGE);
}
# Manage incoming replies
onreply_route[MANAGE_REPLY] {
xdbg("incoming reply\n");
if(status=~"[12][0-9][0-9]")
route(NATMANAGE);
}
# Manage failure routing cases
failure_route[MANAGE_FAILURE] {
route(NATMANAGE);
if (t_is_canceled()) {
exit;
}
}
More information about the sr-users
mailing list