[SR-Users] SIPS Errors on Kamailio

Sergey Safarov s.safarov at gmail.com
Sat Mar 19 08:38:29 CET 2022


In your config "tls" module after "sl" module.

loadmodule "sl.so"
loadmodule "tls.so"

you need load tls module before "jsonrpcs" module.

On Fri, Mar 18, 2022 at 9:59 PM Karsten Horsmann <khorsmann at gmail.com>
wrote:

> Hi,
>
>
> are you sure the Kamailio tls module is on your system? Check the module
> path for tls.so like this or if you have build it from source?
>
> rpm -ql kamailio-tls
>
> /usr/lib64/kamailio/modules/auth_identity.so
> /usr/lib64/kamailio/modules/tls.so
> /usr/lib64/kamailio/openssl_mutex_shared
> /usr/lib64/kamailio/openssl_mutex_shared/openssl_mutex_shared.so
> /usr/share/doc/kamailio/modules/README.auth_identity
> /usr/share/doc/kamailio/modules/README.tls
>
> Christopher Vincent <CDV at redwoodtech.com> schrieb am Fr., 18. März 2022,
> 12:37:
>
>> Hi,
>>
>>
>>
>> Kamailio / RTPEngine was set up on CentOS 8 running SIP to SIPS and RTP
>> to SDES SRTP conversion. This worked as expected
>>
>>
>>
>> Attempted to duplicate the setup on RHEL but errors were seen. These
>> errors were present on both RHEL 7 / RHEL 8.
>>
>>
>>
>> The errors seen were as below
>>
>>
>>
>> kamailio -c
>>
>> loading modules under config path: /usr/lib64/kamailio/modules/
>>
>> 0(9165) ERROR: tls [tls_init.c:611]: tls_pre_init(): Unable to set the
>> memory allocation functions
>>
>> 0(9165) ERROR: tls [tls_init.c:613]: tls_pre_init(): libssl current mem
>> functions - m: 0x7f7a77c367a0 r: 0x7f7a77c367f0 f: 0x7f7a77c36770
>>
>> 0(9165) ERROR: tls [tls_init.c:615]: tls_pre_init(): module mem functions
>> - m: 0x7f7a72db7653 r: 0x7f7a72db769f f: 0x7f7a72db76fc
>>
>> 0(9165) ERROR: tls [tls_init.c:617]: tls_pre_init(): Be sure tls module
>> is loaded before any other module using libssl (can be loaded first to be
>> safe)
>>
>> 0(9165) ERROR: <core> [core/sr_module.c:590]: load_module():
>> /usr/lib64/kamailio/modules/tls.so: mod_register failed
>>
>> 0(9165) CRITICAL: <core> [core/cfg.y:3683]: yyerror_at(): parse error in
>> config file /etc/kamailio/kamailio.cfg, line 137, column 12-19: failed to
>> load module
>>
>> 0(9165) INFO: pv [pv_shv.c:60]: shvar_init_locks(): locks array size 16
>>
>> 0(9165) ERROR: <core> [core/modparam.c:181]: set_mod_param_regex(): No
>> module matching <tls> found
>>
>> 0(9165) CRITICAL: <core> [core/cfg.y:3686]: yyerror_at(): parse error in
>> config file /etc/kamailio/kamailio.cfg, line 249, column 72: Can't set
>> module parameter
>>
>> 0(9165) ERROR: <core> [core/modparam.c:181]: set_mod_param_regex(): No
>> module matching <tls> found
>>
>> 0(9165) CRITICAL: <core> [core/cfg.y:3686]: yyerror_at(): parse error in
>> config file /etc/kamailio/kamailio.cfg, line 250, column 72: Can't set
>> module parameter
>>
>> 0(9165) ERROR: <core> [core/modparam.c:181]: set_mod_param_regex(): No
>> module matching <tls> found
>>
>> 0(9165) CRITICAL: <core> [core/cfg.y:3686]: yyerror_at(): parse error in
>> config file /etc/kamailio/kamailio.cfg, line 251, column 68: Can't set
>> module parameter
>>
>> 0(9165) ERROR: <core> [core/modparam.c:181]: set_mod_param_regex(): No
>> module matching <tls> found
>>
>> 0(9165) CRITICAL: <core> [core/cfg.y:3686]: yyerror_at(): parse error in
>> config file /etc/kamailio/kamailio.cfg, line 256, column 39: Can't set
>> module parameter
>>
>> ERROR: bad config file (5 errors) (parsing code: 0)
>>
>> 0(9165) INFO: <core> [core/sctp_core.c:53]: sctp_core_destroy(): SCTP API
>> not initialized
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> The kamailio config was exactly the same as on the CentOS systems and
>> started as below
>>
>>
>>
>> /* Server ports: */
>>
>> #!substdef "!SIP_PORT!5060!g"
>>
>> #!substdef "!SIPS_PORT!5061!g"
>>
>>
>>
>> /* Listen addresses */
>>
>> #!substdef "!UDP_LOCAL_ADDR!udp:SERVER_IP_ADDR:SIP_PORT!g"
>>
>> #!substdef "!TCP_LOCAL_ADDR!tcp:SERVER_IP_ADDR:SIPS_PORT!g"
>>
>>
>>
>> /* Server connections: */
>>
>> #!ifndef MAX_CONNECTIONS
>>
>> #!define MAX_CONNECTIONS 8192
>>
>> #!endif
>>
>>
>>
>>
>>
>> ##!define WITH_DEBUG
>>
>>
>>
>> /* Transaction and branch flags:
>>
>>       FLT_ - per transaction (message) flags
>>
>>       FLB_ - per branch flags
>>
>> */
>>
>> #!define FLT_ACC 1
>>
>> #!define FLT_ACCMISSED 2
>>
>> #!define FLT_ACCFAILED 3
>>
>> #!define FLT_NATS 5
>>
>> #!define FLT_OUT 8
>>
>> #!define FLB_NATB 6
>>
>> #!define FLB_NATSIPPING 7
>>
>>
>>
>> #!define KAMAILIODBURL1 "mysql://kamailio:kamailiorw@localhost/kamailio"
>>
>>
>>
>> #!define WITH_TLS
>>
>> enable_tls=1
>>
>> listen=tls:<ipaddr>:5062
>>
>>
>>
>> ####### Global Parameters #########
>>
>> ### LOG Levels: ALERT=-5, BUG=-4, CRIT=-3, ERR=-1, WARN=0, NOTICE=1,
>> INFO=2, DBG=3
>>
>> #!ifdef WITH_DEBUG
>>
>> debug=4
>>
>> log_stderror=no
>>
>> #!else
>>
>> debug=2
>>
>> log_stderror=no
>>
>> #!endif
>>
>>
>>
>> memdbg=5
>>
>> memlog=5
>>
>>
>>
>> log_facility=LOG_LOCAL0
>>
>>
>>
>> /* display memory usage on exit */
>>
>> mem_summary=15
>>
>>
>>
>> /* join free memory fragments */
>>
>> mem_join=1
>>
>>
>>
>> /* proxy will fork and run in daemon mode */
>>
>> /* one process will be created for each network interface the proxy
>> listens to and for each protocol (TCP/UDP), multiplied with the value of
>> 'children' parameter */
>>
>> fork=yes
>>
>> children=8
>>
>>
>>
>> listen=TCP_LOCAL_ADDR
>>
>> listen=UDP_LOCAL_ADDR
>>
>>
>>
>> /* life time of TCP connection when there is no traffic
>>
>>    - a bit higher than registration expires to cope with UA behind NAT */
>>
>> tcp_connection_lifetime=3605
>>
>>
>>
>> /* sip over websockets may not specify a content length header */
>>
>> tcp_accept_no_cl=yes
>>
>>
>>
>> /* buffer size used for tcp reads, limits the maximum message size (SIP,
>> HTTP) that can be received over tcp */
>>
>> tcp_rd_buf_size=65536
>>
>>
>>
>> /* max number of tcp connections */
>>
>> tcp_max_connections=MAX_CONNECTIONS
>>
>>
>>
>>
>>
>> ####### Modules Section ########
>>
>>
>>
>> # set paths to location of modules
>>
>> mpath="/usr/lib64/kamailio/modules/"
>>
>>
>>
>> loadmodule "jsonrpcs.so"
>>
>> loadmodule "db_mysql.so"
>>
>> loadmodule "kex.so"
>>
>> loadmodule "corex.so"
>>
>> loadmodule "tm.so"
>>
>> loadmodule "tmx.so"
>>
>> loadmodule "rr.so"
>>
>> loadmodule "pv.so"
>>
>> loadmodule "maxfwd.so"
>>
>> loadmodule "usrloc.so"
>>
>> loadmodule "registrar.so"
>>
>> loadmodule "textops.so"
>>
>> loadmodule "siputils.so"
>>
>> loadmodule "xlog.so"
>>
>> loadmodule "sanity.so"
>>
>> loadmodule "ctl.so"
>>
>> loadmodule "cfg_rpc.so"
>>
>> loadmodule "acc.so"
>>
>> loadmodule "dispatcher.so"
>>
>> loadmodule "cfgutils.so"
>>
>> loadmodule "textopsx.so"
>>
>> loadmodule "nathelper.so"
>>
>>
>>
>> loadmodule "uac.so"
>>
>> loadmodule "ipops.so"
>>
>> loadmodule "debugger.so"
>>
>> loadmodule "exec.so"
>>
>> loadmodule "avpops.so"
>>
>> loadmodule "sqlops.so"
>>
>> loadmodule "rtpengine.so"
>>
>>
>>
>> loadmodule "sl.so"
>>
>> loadmodule "tls.so"
>>
>>
>>
>>
>>
>>
>>
>> # ----------------- setting module-specific parameters ---------------
>>
>>
>>
>> # ----- usrloc params -----
>>
>> # store contacts in memory only
>>
>> modparam("usrloc", "db_mode", 0)
>>
>> # hash size of 16,384
>>
>> modparam("usrloc", "hash_size", 14)
>>
>> # removes contact if ws disconnects
>>
>> modparam("usrloc", "handle_lost_tcp", 1)
>>
>> modparam("tm|usrloc", "xavp_contact", "ulattrs")
>>
>>
>>
>>
>>
>> # ----- jsonrpcs params -----
>>
>> modparam("jsonrpcs", "fifo_name", "/tmp/kamailio_jsonrpc.fifo")
>>
>> modparam("jsonrpcs", "dgram_socket", "/tmp/kamailio_rpc.sock")
>>
>>
>>
>>
>>
>> # ----- tm params -----
>>
>> # auto-discard branches from previous serial forking leg
>>
>> modparam("tm", "failure_reply_mode", 3)
>>
>> # default retransmission timeout: 30sec
>>
>> modparam("tm", "fr_timer", 30000)
>>
>> #default invite retransmission timeout after 1xx: 120sec
>>
>> modparam("tm", "fr_inv_timer", 120000)
>>
>>
>>
>>
>>
>> # ----- rr params -----
>>
>> # set next param to 1 to add value to ;lr param (helps with some UAs)
>>
>> modparam("rr", "enable_full_lr", 0)
>>
>> # do not append from tag to the RR (no need for this script)
>>
>> modparam("rr", "append_fromtag", 0)
>>
>>
>>
>>
>>
>> # ----- uac params -----
>>
>> modparam("uac", "restore_mode", "none")
>>
>>
>>
>>
>>
>> # ----- registrar params -----
>>
>> modparam("registrar", "method_filtering", 1)
>>
>> modparam("registrar", "max_contacts", 1)
>>
>> # max value for expires of registrations
>>
>> modparam("registrar", "max_expires", 3600)
>>
>> # disable GRUU
>>
>> modparam("registrar", "gruu_enabled", 0)
>>
>>
>>
>>
>>
>> # ----- acc params -----
>>
>> /* what special events should be accounted? */
>>
>> modparam("acc", "early_media", 0)
>>
>> modparam("acc", "report_ack", 0)
>>
>> modparam("acc", "report_cancels", 0)
>>
>> /* by default ww do not adjust the direction of the sequential requests.
>>
>>    if you enable this parameter, be sure the enable "append_fromtag"
>>
>>    in "rr" module */
>>
>> modparam("acc", "detect_direction", 0)
>>
>> /* account triggers (flags) */
>>
>> modparam("acc", "log_flag", FLT_ACC)
>>
>> modparam("acc", "log_missed_flag", FLT_ACCMISSED)
>>
>> modparam("acc", "log_extra",
>> "src_user=$fU;src_domain=$fd;src_ip=$si;dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
>>
>> modparam("acc", "failed_transaction_flag", FLT_ACCFAILED)
>>
>>
>>
>>
>>
>> # ----- dispatcher params -----
>>
>> modparam("dispatcher", "db_url", KAMAILIODBURL1)
>>
>> modparam("dispatcher", "flags", 2)
>>
>> modparam("dispatcher", "ds_ping_method", "OPTIONS")
>>
>> modparam("dispatcher", "ds_ping_from", "sip:<address>.com")
>>
>>
>>
>> modparam("dispatcher", "ds_ping_interval", 5)
>>
>> modparam("dispatcher", "ds_probing_threshold", 1)
>>
>> modparam("dispatcher", "ds_inactive_threshold", 1)
>>
>> modparam("dispatcher", "ds_probing_mode", 3)
>>
>>
>>
>>
>>
>> # ----- pv params -----
>>
>> modparam("pv", "shvset", "maintenance=i:0")
>>
>> modparam("pv", "shvset", "virtualIP1=i:0")
>>
>> modparam("pv", "shvset", "virtualIP2=i:0")
>>
>>
>>
>>
>>
>> # ----- nathelper params -----
>>
>> modparam("nathelper|registrar", "received_avp", "$avp(RECEIVED)")
>>
>> # Note: leaving NAT pings turned off here as nathelper is only being used
>> for
>>
>> #       WebSocket connections. NAT pings are not needed as WebSockets have
>>
>> #       their own keep-alives.
>>
>>
>>
>>
>>
>> # ----- rtpengine params -----
>>
>> modparam("rtpengine", "rtpengine_sock", "udp:localhost:2223")
>>
>>
>>
>> modparam("rtpengine", "rtpengine_sock", "udp:localhost:2223")
>>
>> #modparam("rtpengine", "write_sdp_pv", "$avp(sdp)")
>>
>>
>>
>>
>>
>> #modparam("rtpengine", "force_send_interface", SERVER_IP_ADDR)
>>
>> #modparam("rtpengine", "setid_default", -1)
>>
>> #modparam("rtpengine", "rtp_inst_pvar", "$avp(RTPENGINE)")
>>
>> #modparam("rtpengine", "rtpengine_retr", 5)
>>
>> #modparam("rtpengine", "queried_nodes_limit", 5)
>>
>> #modparam("rtpengine", "rtpengine_allow_op", 1)
>>
>> #modparam("rtpengine", "hash_table_size", MAX_CONNECTIONS)
>>
>> #modparam("rtpengine", "hash_table_tout", 7200)
>>
>>
>>
>>
>>
>> modparam("tls", "private_key", "<cert path>")
>>
>> modparam("tls", "certificate", "<cert path>")
>>
>> modparam("tls", "ca_list", "<cert path>")
>>
>>
>>
>> # modparam("tls", "ca_list", "<cert path>")
>>
>>
>>
>> modparam("tls", "tls_method", "TLSv1+")
>>
>>
>>
>>
>>
>> ####### Routing Logic ########
>>
>>
>>
>>
>>
>>
>>
>> If load module lines for TLS are move to near the top of the config file,
>> config will parse and non-SIPS calls will work
>>
>> loadmodule "sl.so"
>>
>> loadmodule "tls.so"
>>
>>
>>
>> But logs will show
>>
>> WARNING: <core> [main.c:2985]: main(): tls support enabled, but no tls
>> engine  available (forgot to load the tls module?)
>>
>> WARNING: <core> [main.c:2987]: main(): disabling tls...
>>
>>
>>
>> Presumably loading the module before configuring it just gives it default
>> values so the latter config is ignored
>>
>>
>>
>>
>>
>>
>>
>> Any advice on the matter would be appreciated
>>
>>
>>
>>
>>
>> Thanks in advance,
>>
>> Chris
>> __________________________________________________________
>> Kamailio - Users Mailing List - Non Commercial Discussions
>>   * sr-users at lists.kamailio.org
>> Important: keep the mailing list in the recipients, do not reply only to
>> the sender!
>> Edit mailing list options or unsubscribe:
>>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
>   * sr-users at lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> Edit mailing list options or unsubscribe:
>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20220319/9eec2910/attachment.htm>


More information about the sr-users mailing list