[Users] tls. soket queues not flushed
serega
seregas at freemail.ru
Fri Sep 29 15:06:34 CEST 2006
Hi Klaus and all other who read this.
It's not a problem of tcp socket - yesterday i rewrite gateway config for fowarding directed to extgateway requests to gateway itself.
In tcp this problems not occured, but after i switched on tls, i see overfilled queues again. In that case i haven't extgateway, communications with
remote sockets and etc. Did anybody test openser whith big payload? I think this problem occurs because in my case i have big traffic and several process that simultaniously use tls. Did anybody have the same problem?
>Hi Serega!
>
>I'm not sure - just a guess. openser uses "worker threads". This worker
>threads get a SIP message from the listener thread, process them, and
>then they send them.
>
>If for some reason the sending fails - e.g. the gateway sends via
>TCP/TLS to extgateway and extgateway's receiving queue is full. Then
>gateway's sending buffer gets full and the threads wait until they can
>send. Thus, as the threads are all busy, also the receiving queue of
>gateway gets full. I guess after some time the threads give up sending
>and will read again.
>
>The question is: why does the sending buffer gets full? Where is gateway
>sending the messages to?
>
>The sending queue must not get flushed. The queue is in the OS, not in
>openser. As TCP guarantees that there is no loss/reordering the TCP
>stack must not flush the queue.
>
>regards
>klaus
>
>serega wrote:
>> Hi all.
>>
>> I have next problem while using openser with tls. System consists of
>> sip statefull server (in next time, simply, server) and stateless sip
>> gateway (gateway). Server used for connect to jabber server. Server
>> contains rewrote jabber module logic and also use presence module.
>> Gateway used to connect to other sip gateway (extgateway) via tls
>> protocol. Gateway use 1.1 openser version and doesn’t contain changed
>> code. When server together with gateway restarts and server in its
>> database contains above 260 subscriptions (in watcherinfo table) i
>> have error. Socket used by gateway to connect with extgateway
>> contains in receive and sent queues a lot of data (above 50kByte on
>> each sides). This data never flushed out. This happens because after
>> restart sip server through gateway send notifications to extgateway.
>> When I attached using gdb to process that send data, I saw that it
>> was in infinity loop because tls library returns SSL_ERROR_WANT_WRITE
>> and I think it’s correct because we have overfilled send queue. In
>> this case I don’t interest why receive queue not empty (I think it
>> happens because sending process have got block on socket). But I
>> don’t understand why sent queue not flushed. I test this behavior
>> using tcp – all was correct. Socket not closed by other side because
>> this status can be unchanged above one day. Anybody can help me? Why
>> this happens?
>>
>> I use openssl-0.9.8c and redhat os (Linux xdevel1 2.4.21-4.ELsmp #1
>> SMP Fri Oct 3 17:52:56 EDT 2003 i686 i686 i386 GNU/Linux). Computer
>> have too Pentium 4 processors).
>>
>>
>> Gateway.cfg (sip.qa.hbex.com – gateway address):
>>
>> # # $Id: router_qa.cfg,v 1.1 2006/08/02 18:14:34 ilya Exp $ # #
>> simple quick-start config script #
>>
>> # ----------- global configuration parameters
>> ------------------------
>>
>> debug=9 # debug level (cmd line: -dddddddddd)
>> log_facility=LOG_LOCAL0 fork=yes log_stderror=yes # (cmd line: -E)
>>
>>
>> check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r)
>> rev_dns=no # (cmd. line: -R) children=20
>> fifo="/tmp/openser_fifo" server_signature=no
>>
>> fifo_db_url="mysql://root:@localhost/openser"
>>
>> listen = udp:sip.qa.hbex.com:5060 #incoming sip server address listen
>> = tcp:sip.qa.hbex.com:5060
>>
>> #tls address disable_tls = 0 listen = tls:sip.qa.hbex.com:5061 listen
>> = udp:sip.qa.hbex.com:5061
>>
>> tls_certificate = "/ home/inop/ex.com-cert.pem" tls_private_key =
>> "/home/inop/ex.com-privkey.pem" tls_ca_list =
>> "/home/inop/ex.com-calist.pem" tls_require_client_certificate=0
>> tls_verify_client=0 tls_verify_server=0
>>
>> # ------------------ module loading
>> ---------------------------------- loadmodule
>> "/home/interop/openser/lib/openser/modules/rr.so" loadmodule
>> "/home/interop/openser/lib/openser/modules/xlog.so" loadmodule
>> "/home/interop/openser/lib/openser/modules/textops.so" loadmodule
>> "/home/interop/openser/lib/openser/modules/maxfwd.so" loadmodule
>> "/home/interop/openser/lib/openser/modules/sl.so" loadmodule
>> "/home/interop/openser/lib/openser/modules/mysql.so" loadmodule
>> "/home/interop/openser/lib/openser/modules/tm_unchanged.so"
>> loadmodule "/home/interop/openser/lib/openser/modules/usrloc.so"
>> loadmodule "/home/interop/openser/lib/openser/modules/registrar.so"
>>
>> # ----------------- setting module-specific parameters
>> --------------- modparam("registrar", "default_expires", 120)
>> modparam("registrar", "use_domain", 1)
>>
>> modparam("usrloc", "use_domain", 1) modparam("usrloc", "db_mode",
>> 0) # Uncomment this if you want to use SQL database # for persistent
>> storage and comment the previous line #modparam("usrloc", "db_mode",
>> 2)
>>
>> # add value to ;lr param to make some broken UAs happy modparam("rr",
>> "enable_full_lr", 1) modparam("maxfwd", "max_limit", 10) #
>> ------------------------- request routing logic -------------------
>> # main routing logic route{ if (!mf_process_maxfwd_header("10")) {
>> sl_send_reply("483","To Many Hops"); drop(); }; if (dst_port==5061) {
>> if (search("^To:.*@.*cmnicator.com") || search("^To:.*@.*cihb.com"))
>> { # rewrite destination and forward to jabber (sip server) route(1);
>> return; }; sl_reply_error(); return; } if (method=="REGISTER") {
>> xlog("XXX: saving location msg=$mb\n"); if(!save_noreply("location"))
>> { log("XXX: Error saving location!\n"); sl_reply_error(); }
>> sl_send_reply("200","OK"); return; } if
>> (search("^To:.*@.*cmnicator.com") || search("^To:.*@.*cihb.com")) {
>> #forward to self route(3); return; } ##forward to ext gateway
>> route(2); }
>>
>> route[1]{ if (method!="MESSAGE" && method!="SUBSCRIBE" &&
>> method!="NOTIFY") { log("XXX: Request not forwarded to sip
>> server!\n"); sl_send_reply("202","Accepted"); return; }
>> t_on_reply("1"); record_route();
>>
>> if(!lookup("location")) { if (method!="SUBSCRIBE") { log("XXX: only
>> subscribes are processed for user that are not registered\n");
>> sl_reply_error(); return; }
>> subst_uri('/(.*)@(.*)/\1#\2*jabber.qa.im.hb.com at jabber01.qa.im.hb.com/ig');
>> if(!t_relay()) { log("XXX: error forwarding jabber01...\n");
>> sl_reply_error(); return; } else { sl_send_reply("200","OK"); return;
>> } } else { log("XXX: forwarding to the address of record...\n");
>> if(!t_relay()) { log("XXX: error forwarding to address of record
>> \n"); sl_reply_error(); return; } else { sl_send_reply("200", "OK");
>> return; } }
>>
>> }
>>
>> # forwarding to external gateway route[2]{ log("XXX: rewriting
>> headers\n");
>> subst('/^(From:[^@#]*)#([^@]*)\*jabber.qa.im.hb.com at jabber...qa.im.hb.com(.*)/\1@\2\3/ig');
>>
>> subst('/^(Contact:[^@#]*)#([^@]*)\*jabber.qa.im.hb.com at jabber...qa.im.hb.com(.*)/\1@\2\3/ig');
>>
>>
>> if(!forward("tls:43.123.141.166:3000")) { log("XXX: Error forwarding
>> to external gateway!\n"); sl_reply_error(); } else {
>> sl_send_reply("200", "Accepted"); }; }
>>
>> # forwarding to SELF route[3]{ log("XXX: rewriting headers\n");
>> subst('/^(From:[^@#]*)#([^@]*)\*jabber.qa.im.hb.com at jabber...qa.im.hb.com(.*)/\1@\2\3/ig');
>>
>> subst('/^(Contact:[^@#]*)#([^@]*)\*jabber.qa.im.hb.com at jabber...qa.im.hb.com(.*)/\1@\2\3/ig');
>>
>>
>> log("XXX: about to forward to self\n");
>> if(!forward("tcp:sip.qa.hbex.com:5061")) { log("XXX: Error forwarding
>> to self!\n"); sl_reply_error(); } else { sl_send_reply("200",
>> "Accepted"); }; }
>>
>> # this is executed for replies onreply_route[1]{
>> subst('/^(To:[^@#]*)#([^@]*)\*jabber.qa.im.hb.com at jabber...qa.im.hb.com(.*)/\1@\2\3/ig');
>>
>> subst('/^(Contact:[^@#]*)#([^@]*)\*jabber.qa.im.hb.com at jabber...qa.im.hb.com(.*)/\1@\2\3/ig');
>> route(2); }
>>
>>
>>
>> _______________________________________________ Users mailing list
>> Users at openser.org http://openser.org/cgi-bin/mailman/listinfo/users
>
>
More information about the Users
mailing list