[Kamailio-Users] Can openser.cfg lead to pkg memory problem?

mayamatakeshi mayamatakeshi at gmail.com
Tue Sep 23 17:03:56 CEST 2008


Hi,
Yes, we are using PRTG to get call and registration stats using SNMP.
Thanks for the tip anyway as we haven't set SNMP monitoring yet in all of
our servers.

On Tue, Sep 23, 2008 at 11:44 PM, Jeffrey Magder
<jmagder at somanetworks.com>wrote:

> I noticed that you have loaded the snmpstats module in your
> configuration file.  Are you polling SNMPStats with SNMP at all?  If
> not, it is possible that its interprocess buffer is filling up.  The
> solution in this case would be to either periodically poll the module,
> or disable the module if you aren't using it.
>
> On Tue, 2008-09-23 at 16:31 +0900, mayamatakeshi wrote:
> > Hello,
> > we have openser 1.3.3 running in production (current rev.: 4943).
> > For 3 times in 50 days we had to restart openser to correct pkg memory
> > problem.
> > After some time logging messages like this:
> > /openser.log:Aug 19 10:39:18 ipx022 /usr/local/sbin/openser[16991]:
> > ERROR:core:new_credentials: no pkg memory left,
> > openser will eventually run out of pkg memory and refuse all
> > subsequent requests.
> >
> > We are trying to recreate this in our lab so that we can follow memory
> > troubleshooting instructions at
> > http://kamailio.net/dokuwiki/doku.php/troubleshooting:memory, but so
> > far we were unable to do it even when generating millions of calls and
> > registration transactions (we are using SIPp to generate normal call
> > flows and even abnormal call flows detected when reading openser.log,
> > like 'invalid cseq for aor', malformed SIP messages etc).
> > And this is much more than in our production environment, with just
> > 600 subscribers and about 2000 calls a day.
> >
> > The frequency the problem happens is increasing with the number of
> > subscribers, so we are performing periodic restart of openser
> > (actually, what we do is to switch over to the standby server). We
> > already recompiled openser with pkg memory  pool size set to 4MB so
> > that this will not have to be done frequently.
> >
> > Since we cannot recreate this in our lab, we suspect there is a
> > situation happening in production that might not be having been
> > properly handled by openser.cfg. So my question is: would it be
> > possible to an overlooked detail in openser.cfg to cause pkg memory
> > problem?
> >
> >
> > In case someone could take a look at it, here's our cfg file:
> >
> > ####### Global Parameters #########
> >
> > debug=0
> > log_stderror=no
> > log_facility=LOG_LOCAL0
> >
> > fork=yes
> > children=4
> >
> > /* uncomment the following lines to enable debugging */
> > #debug=6
> > #fork=no
> > #log_stderror=yes
> >
> > /* uncomment the next line to disable TCP (default on) */
> > disable_tcp=yes
> >
> > /* uncomment the next line to enable the auto temporary blacklisting
> > of
> >    not available destinations (default disabled) */
> > #disable_dns_blacklist=no
> >
> > /* uncomment the next line to enable IPv6 lookup after IPv4 dns
> >    lookup failures (default disabled) */
> > #dns_try_ipv6=yes
> >
> > /* uncomment the next line to disable the auto discovery of local
> > aliases
> >    based on revers DNS on IPs (default on) */
> > #auto_aliases=no
> >
> > /* uncomment the following lines to enable TLS support  (default off)
> > */
> > #disable_tls = no
> > #listen = tls:your_IP:5061
> > #tls_verify_server = 1
> > #tls_verify_client = 1
> > #tls_require_client_certificate = 0
> > #tls_method = TLSv1
> > #tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem"
> > #tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem"
> > #tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem"
> >
> >
> > port=5060
> >
> > /* uncomment and configure the following line if you want openser to
> >    bind on a specific interface/port/proto (default bind on all
> > available) */
> > #listen=udp:202.173.5.181:5060
> >
> >
> > ####### Modules Section ########
> >
> > #set module path
> > mpath="/usr/local/lib/openser/modules/"
> >
> > /* uncomment next line for MySQL DB support */
> > loadmodule "mysql.so"
> > loadmodule "sl.so"
> > loadmodule "tm.so"
> > loadmodule "rr.so"
> > loadmodule "maxfwd.so"
> > loadmodule "usrloc.so"
> > loadmodule "registrar.so"
> > loadmodule "textops.so"
> > loadmodule "mi_fifo.so"
> > loadmodule "uri_db.so"
> > loadmodule "uri.so"
> > loadmodule "xlog.so"
> > loadmodule "acc.so"
> > loadmodule "carrierroute.so"
> > loadmodule "nathelper.so"
> > loadmodule "dialog.so"
> > loadmodule "snmpstats.so"
> > /* uncomment next lines for MySQL based authentication support
> >    NOTE: a DB (like mysql) module must be also loaded */
> > loadmodule "auth.so"
> > loadmodule "auth_db.so"
> > loadmodule "lcr.so"
> > /* uncomment next line for aliases support
> >    NOTE: a DB (like mysql) module must be also loaded */
> > loadmodule "alias_db.so"
> > /* uncomment next line for multi-domain support
> >    NOTE: a DB (like mysql) module must be also loaded
> >    NOTE: be sure and enable multi-domain support in all used modules
> >          (see "multi-module params" section ) */
> > loadmodule "domain.so"
> > /* uncomment the next two lines for presence server support
> >    NOTE: a DB (like mysql) module must be also loaded */
> > #loadmodule "presence.so"
> > #loadmodule "presence_xml.so"
> > loadmodule "uac.so"
> > loadmodule "avpops.so"
> > # ----------------- setting module-specific parameters ---------------
> >
> >
> > # ----- mi_fifo params -----
> > modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")
> >
> >
> > # ----- rr params -----
> > # add value to ;lr param to cope with most of the UAs
> > modparam("rr", "enable_full_lr", 1)
> > # do not append from tag to the RR (no need for this script)
> > modparam("rr", "append_fromtag", 1)
> >
> >
> > # ----- rr params -----
> > modparam("registrar", "method_filtering", 1)
> > /* uncomment the next line to disable parallel forking via location */
> > # modparam("registrar", "append_branches", 0)
> > /* uncomment the next line not to allow more than 10 contacts per AOR
> > */
> > modparam("registrar", "max_contacts", 10)
> > modparam("registrar", "min_expires", 30)
> > modparam("registrar", "max_expires", 40)
> > modparam("registrar", "default_expires", 35)
> > # ----- uri_db params -----
> > /* by default we disable the DB support in the module as we do not
> > need it
> >    in this configuration */
> > modparam("uri_db", "use_uri_table", 0)
> > modparam("uri_db", "db_url",
> > "mysql://openser:openserrw@localhost/openser")
> > modparam("uri_db", "use_domain", 1)
> >
> > # ----- acc params -----
> > /* what sepcial events should be accounted ? */
> > modparam("acc", "early_media", 1)
> > modparam("acc", "report_ack", 1)
> > modparam("acc", "report_cancels", 1)
> > /* by default ww do not adjust the direct of the sequential requests.
> >    if you enable this parameter, be sure the enable "append_fromtag"
> >    in "rr" module */
> > modparam("acc", "detect_direction", 0)
> > /* account triggers (flags) */
> > modparam("acc", "failed_transaction_flag", 3)
> > modparam("acc", "log_flag", 1)
> > modparam("acc", "log_missed_flag", 2)
> > /* uncomment the following lines to enable DB accounting also */
> > modparam("acc", "db_flag", 1)
> > modparam("acc", "db_missed_flag", 2)
> >
> >
> > # ----- usrloc params -----
> > #modparam("usrloc", "db_mode",   0)
> > /* uncomment the following lines if you want to enable DB persistency
> >    for location entries */
> > modparam("usrloc", "db_mode",   2)
> > modparam("usrloc", "db_url",
> > "mysql://openser:openserrw@localhost/openser")
> > modparam("usrloc", "use_domain", 1)
> >
> > # ----- auth_db params -----
> > /* uncomment the following lines if you want to enable the DB based
> >    authentication */
> > modparam("auth_db", "calculate_ha1", yes)
> > modparam("auth_db", "password_column", "password")
> > modparam("auth_db", "db_url",
> > "mysql://openser:openserrw@localhost/openser")
> > modparam("auth_db", "load_credentials", "$avp(s:rpid)=rpid;
> > $avp(s:blocked)=subscriber_status")
> >
> >
> > # ----- alias_db params -----
> > /* uncomment the following lines if you want to enable the DB based
> >    aliases */
> > modparam("alias_db", "db_url",
> >     "mysql://openser:openserrw@localhost/openser")
> > modparam("alias_db", "use_domain", 0)
> >
> > # ----- domain params -----
> > /* uncomment the following lines to enable multi-domain detection
> >    support */
> > modparam("domain", "db_url",
> > "mysql://openser:openserrw@localhost/openser")
> > modparam("domain", "db_mode", 1)   # Use caching
> >
> >
> > # ----- multi-module params -----
> > /* uncomment the following line if you want to enable multi-domain
> > support
> >    in the modules (dafault off) */
> > #modparam("alias_db|auth_db|usrloc|uri_db", "use_domain", 1)
> >
> >
> > # ----- presence params -----
> > /* uncomment the following lines if you want to enable presence */
> > #modparam("presence|presence_xml", "db_url",
> > #    "mysql://openser:openserrw@localhost/openser")
> > #modparam("presence_xml", "force_active", 1)
> > #modparam("presence", "server_address", "sip:192.168.1.2:5060")
> >
> > # ----- carrieroute params -----
> > modparam("carrierroute", "db_url",
> > "mysql://openser:openserrw@localhost/openser")
> > modparam("carrierroute", "config_source", "db")
> > modparam("carrierroute", "use_domain", 1)
> > # ----- NatHelper -----
> > #para versao a partir da versao 1.2 eh necessario esse paramtro para
> > nao dar erro qdo usa a funcao "fix_nated_register();"
> > modparam("nathelper|registrar", "received_avp", "$avp(i:42)")
> > modparam("nathelper", "rtpproxy_sock", "udp:127.0.0.1:22222")
> >
> >
> > # ----- LCR -----
> > modparam("lcr", "db_url",
> > "mysql://openser:openserrw@localhost/openser")
> > modparam("lcr|tm", "fr_inv_timer_avp", "$avp(i:704)")
> > modparam("lcr", "gw_uri_avp", "$avp(i:709)")
> > modparam("^auth$|lcr", "rpid_avp", "$avp(i:302)")
> > modparam("lcr", "contact_avp", "$avp(i:711)")
> > modparam("lcr", "ruri_user_avp", "$avp(i:500)")
> > modparam("lcr", "dm_flag", 25)
> >
> > # ----- Dialog ----
> > modparam("dialog", "dlg_flag", 4)
> >
> > # ----- SnmpStat -----
> > modparam("snmpstats", "sipEntityType", "registrarServer")
> > modparam("snmpstats", "sipEntityType", "proxyServer")
> > modparam("snmpstats", "MsgQueueMinorThreshold", 2000)
> > modparam("snmpstats", "MsgQueueMajorThreshold", 5000)
> > modparam("snmpstats", "dlg_minor_threshold", 500)
> > modparam("snmpstats", "dlg_major_threshold", 750)
> > modparam("snmpstats", "snmpgetPath","/usr/bin/")
> > modparam("snmpstats", "snmpCommunity","public")
> >
> >
> >
> > ####### Routing Logic ########
> >
> >
> > # main request routing logic
> >
> > route{
> >
> >     if (!mf_process_maxfwd_header("10")) {
> >         sl_send_reply("483","Too Many Hops");
> >         exit;
> >     }
> >
> >     ##nat
> >     route(2);
> >
> >     if (has_totag()) {
> >         # sequential request withing a dialog should
> >         # take the path determined by record-routing
> >         if (loose_route()) {
> >             if (is_method("BYE")) {
> >                 setflag(1); # do accouting ...
> >                 setflag(3); # ... even if the transaction fails
> >             }
> >             route(1);
> >         } else {
> >             /* uncomment the following lines if you want to enable
> > presence */
> >             ##if (is_method("SUBSCRIBE") && $rd ==
> > "your.server.ip.address") {
> >             ##    # in-dialog subscribe requests
> >             ##    route(2);
> >             ##    exit;
> >             ##}
> >             if ( is_method("ACK") ) {
> >                 if ( t_check_trans() ) {
> >                     # non loose-route, but stateful ACK; must be an
> > ACK after a 487 or e.g. 404 from upstream server
> >                     #t_relay();
> >                     #exit;
> >                     route(1);
> >                 } else {
> >                     # ACK without matching transaction ... ignore and
> > discard.\n");
> >                     exit;
> >                 }
> >             }
> >             sl_send_reply("404","Not here");
> >         }
> >         exit;
> >     }
> >
> >     #initial requests
> >     setflag(4); #for  dialog statistics
> >
> >
> >     # CANCEL processing
> >     if (is_method("CANCEL"))
> >     {
> >         if (t_check_trans()) route(1);
> >     #        t_relay();
> >     #    exit;
> >     }
> >
> >     #t_check_trans();
> >
> >     if (is_method("PUBLISH|SUBSCRIBE|REFER|OPTIONS|MESSAGE"))
> >         {
> >                 sl_send_reply("405", "Method not allowed");
> >                 exit;
> >         }
> >
> >     # authenticate if from local subscriber (uncomment to enable auth)
> >     if (!(method=="REGISTER") && (!from_gw()))
> >     {
> >         if (!proxy_authorize("", "subscriber")) {
> >             proxy_challenge("", "0");
> >             exit;
> >         }
> >         if (!check_from()) {
> >             sl_send_reply("403","Forbidden auth ID");
> >             exit;
> >         }else if (avp_check("$avp(s:blocked)", "eq/0")) {
> >                         sl_send_reply("603","Subscriber disabled");
> >             exit;
> >         }else if (avp_check("$avp(s:blocked)", "eq/1")) {
> >                         sl_send_reply("603","Subscriber with outgoing
> > blocked");
> >                         exit;
> >         }
> >
> >         consume_credentials();
> >         # caller authenticated
> >     }
> >
> >     # record routing
> >     if (!is_method("REGISTER|MESSAGE"))
> >         record_route();
> >
> >     # account only INVITEs
> >     if (is_method("INVITE")) {
> >         setflag(1); # do accouting
> >     }
> >
> >     if (is_method("REGISTER"))
> >     {
> >         # authenticate the REGISTER requests (uncomment to enable
> > auth)
> >         if (!proxy_authorize("", "subscriber"))
> >         {
> >             proxy_challenge("", "0");
> >             exit;
> >         }
> >
> >         if (!check_to())
> >         {
> >             sl_send_reply("403","Forbidden auth ID");
> >             exit;
> >         }else if (avp_check("$avp(s:blocked)", "eq/0")) {
> >                         sl_send_reply("403","Subscriber disabled");
> >                         exit;
> >                 }
> >
> >         if (!save("location"))
> >             sl_reply_error();
> >
> >         exit;
> >     }
> >
> >     if ($rU==NULL) {
> >         # request with no Username in RURI
> >         sl_send_reply("484","Address Incomplete");
> >         exit;
> >     }
> >
> >     # apply DB based aliases (uncomment to enable)
> >     ##alias_db_lookup("dbaliases");
> >     #if the call came from a known gateway it is not authenticated and
> > we cannot use the function check_from()
> >     if (from_gw()) {
> >         route(4);
> >     }else if (!check_from()) {#if the check_from() returns false the
> > call is not from a subscriber
> >             route(4);
> >     } else {#it is a subscriber, route using flip domain
> >         xlog("L_INFO", "routing using carrierroute $rm to $ru\n");
> >         if (!cr_user_rewrite_uri("$fu", "flip"))
> >         {
> >              t_newtran();
> >                          t_reply("404", "No Route");
> >                          exit;
> >         }
> >         #replaces from by it's default DID
> >             uac_replace_from("sip:$avp(s:rpid)@$fd");
> >     }
> >
> >     # when routing via usrloc, log the missed calls also
> >     setflag(2);
> >
> >     route(1);
> > }
> >
> > route[1] {
> >         xlog("L_INFO", "ROUTE_1 $rm to $ru\n");
> >        if (subst_uri('/(sip:.*);nat=yes/\1/'))
> >         {
> >                 setflag(6);
> >         };
> >
> >         if (isflagset(5)||isflagset(6)) {
> >                 route(3);
> >         }
> >
> >     if (!t_relay()) {
> >                sl_reply_error();
> >            };
> >            exit;
> > }
> >
> > route[2] {
> >         xlog("L_INFO", "ROUTE_2 $rm to $ru\n");
> >         if (method=="REGISTER") {
> >                 fix_nated_register();
> >         } else if (!from_gw()){
> >                 fix_nated_contact();
> >         };
> >         setflag(5);
> > }
> > route[3] {
> >         xlog("L_INFO", "ROUTE_3 $rm to $ru\n");
> >         if (is_method("BYE|CANCEL")) {
> >                 unforce_rtp_proxy();
> >         } else if (is_method("INVITE")) {
> >                 xlog("L_INFO", "FORCE RTP w/ parameter.\n");
> >                 force_rtp_proxy("r");
> >                 t_on_failure("1");
> >         };
> >         if (isflagset(5))
> >                 search_append('Contact:.*sip:[^>[:cntrl:]]*',
> > ';nat=yes');
> >         t_on_reply("1");
> > }
> >
> > route[4] {
> >
> >     xlog("L_INFO", "uri does exist $rm to $ru \n");
> >     if (alias_db_lookup("dbaliases")){
> >
> >             if (!lookup("location")) {
> >                 switch ($retcode) {
> >                         case -1:
> >                                     t_newtran();
> >                                     t_reply("404", "Subscriber not
> > online");
> >                                     exit;
> >                             case -2:
> >                                     sl_send_reply("405", "Method Not
> > Allowed");
> >                                     exit;
> >                     }
> >             }
> >     }else{#check if did is blocked
> >         $rU = "(BLK)" + $rU;
> >         if (alias_db_lookup("dbaliases")){
> >             sl_send_reply("403", "DID blocked");
> >                         exit;
> >
> >         }else{# if it is not a valid DID nor a blocked DID tries to
> > route it using peering domain
> >              if (!cr_rewrite_uri("peering", "call_id"))
> >                          {
> >                              t_newtran();
> >                                 t_reply("404", "Peering Not Found");
> >                                 exit;
> >                          }
> >
> >         }
> >     }
> > }
> >
> > failure_route[1] {
> >         xlog("L_INFO", "FAILURE $rm to $ru\n");
> >         if (isflagset(6)||isflagset(5)) {
> >                 unforce_rtp_proxy();
> >         }
> > }
> >
> > onreply_route[1] {
> >         xlog("L_INFO", "ONREPLY_1 - Status $rs from $si $rm .\n");
> >         if (is_method("INVITE")) {
> >                 if ((isflagset(5)||isflagset(6)) &&
> > status=~"(183)|(2[0-9][0-9])") {
> >                         force_rtp_proxy();
> >                 }
> >                 search_append('Contact:.*sip:[^>[:cntrl:]]*',
> > ';nat=yes');
> >
> >                 if (!from_gw()){ #if (isflagset(6)) {
> >             xlog("L_INFO", "ONREPLY_1 - ! from gw.\n");
> >                         fix_nated_contact();
> >                 }
> >         exit;
> >         }
> > }
> >
> > Regards,
> > takeshi
> >
> >
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.kamailio.org
> > http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kamailio.org/pipermail/users/attachments/20080924/f243a420/attachment.htm 


More information about the Users mailing list