[sr-dev] git:5.7:5d7d7ea5: tls: add logging

[S-P Chan via sr-dev]

Module: kamailio
Branch: 5.7
Commit: 5d7d7ea54c908cae333ed3cafd4a2cc93cacd4db
URL: 
https://github.com/kamailio/kamailio/commit/5d7d7ea54c908cae333ed3cafd4a2cc93cacd4db

Author: S-P Chan 
Committer: S-P Chan 
Date: 2024-02-13T17:23:31+08:00

tls: add logging

---

Modified: src/modules/tls/tls_mod.c

---

Diff:  
https://github.com/kamailio/kamailio/commit/5d7d7ea54c908cae333ed3cafd4a2cc93cacd4db.diff
Patch: 
https://github.com/kamailio/kamailio/commit/5d7d7ea54c908cae333ed3cafd4a2cc93cacd4db.patch

---

diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index 5d3982b64d9..905ca6f2411 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -458,6 +458,9 @@ static int mod_child(int rank)
 #else
if(rank == PROC_INIT) {
 #endif
+   LM_DBG("Loading SSL_CTX in process_no=%d rank=%d "
+  "ksr_tls_threads_mode=%d\n",
+   process_no, rank, ksr_tls_threads_mode);
if(cfg_get(tls, tls_cfg, config_file).s) {
if(tls_fix_domains_cfg(
   *tls_domains_cfg, &srv_defaults, 
&cli_defaults)

___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: Fwd: Reject TCP SYN

[Henning Westerholt via sr-dev]

Hello David,

so far nobody responded to this e-mail. Maybe you can make a pull request from 
it, just to not loose it. Then developers could review and comment on it.

Cheers,

Henning

From: David Villasmil via sr-dev 
Sent: Sonntag, 11. Februar 2024 12:55
To: Kamailio (SER) - Development Mailing List 
Cc: David Villasmil 
Subject: [sr-dev] Fwd: Reject TCP SYN

Hello all,

Following up on this, I made a patch (attached), could you please review and 
apply if it looks ok?
The patch creates a new core cfg variable which, if set, will reject any 
incoming NEW tcp connection attempt, so we can use this to gracefully drain 
kamailio.

Thanks & Regards,

David Villasmil
email: david.villasmil.w...@gmail.com
phone: +34669448337

Forwarded Conversation
Subject: Reject TCP SYN


From: David Villasmil 
mailto:david.villasmil.w...@gmail.com>>
Date: Thu, Feb 8, 2024 at 2:27 PM
To: Kamailio (SER) - Users Mailing List 
mailto:sr-us...@lists.kamailio.org>>

Hello all,

Is there any way of actually rejecting (RST) NEW tcp connection attempts, while 
allowing the ongoing ones to finish naturally?

I’m thinking maybe we can add this feature?

Regards,

David Villasmil
email: david.villasmil.w...@gmail.com
phone: +34669448337

--
From: Henning Westerholt mailto:h...@gilawa.com>>
Date: Fri, Feb 9, 2024 at 2:08 PM
To: Kamailio (SER) - Users Mailing List 
mailto:sr-us...@lists.kamailio.org>>
Cc: David Villasmil 
mailto:david.villasmil.w...@gmail.com>>

Hello,

what about e.g. just using something like iptables, nftables etc..?

iptables -A INPUT -p tcp --syn --destination-port  -j REJECT 
--reject-with icmp-host-prohibited

Cheers,

Henning

--
From: David Villasmil 
mailto:david.villasmil.w...@gmail.com>>
Date: Fri, Feb 9, 2024 at 2:42 PM
To: Henning Westerholt mailto:h...@gilawa.com>>
Cc: Kamailio (SER) - Users Mailing List 
mailto:sr-us...@lists.kamailio.org>>


Hey, Henning, yeah I thought about that, but thought that maybe there was a 
better way to do it via Kamailio

Thanks!

Regards,

David Villasmil
email: david.villasmil.w...@gmail.com
phone: +34669448337

___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: [kamailio/kamailio] Kamailio 5.6 (and 5.7) core dumps with uac_req_send() from uac module (Issue #3725)

[Daniel-Constantin Mierla via sr-dev]

Can you install debugging symbols for Kamailio and retake the backtrace with 
gdb? The one above does not show the details of the code during the execution.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3725#issuecomment-1941230202
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] git:5.7:a0dfb8cb: tls: raise logging level of early messages in mod_register

[S-P Chan via sr-dev]

Module: kamailio
Branch: 5.7
Commit: a0dfb8cbdf4282040351e9dc014d9ef13e0e77fd
URL: 
https://github.com/kamailio/kamailio/commit/a0dfb8cbdf4282040351e9dc014d9ef13e0e77fd

Author: S-P Chan 
Committer: S-P Chan 
Date: 2024-02-13T19:11:20+08:00

tls: raise logging level of early messages in mod_register

---

Modified: src/modules/tls/tls_mod.c

---

Diff:  
https://github.com/kamailio/kamailio/commit/a0dfb8cbdf4282040351e9dc014d9ef13e0e77fd.diff
Patch: 
https://github.com/kamailio/kamailio/commit/a0dfb8cbdf4282040351e9dc014d9ef13e0e77fd.patch

---

diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index 905ca6f2411..0d8ea3df4c5 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -689,7 +689,7 @@ int mod_register(char *path, int *dlflags, void *p1, void 
*p2)
 #if OPENSSL_VERSION_NUMBER >= 0x1010L \
&& OPENSSL_VERSION_NUMBER < 0x03000L
if(ksr_tls_threads_mode == 0) {
-   LM_DBG("setting cryptorand random engine\n");
+   LM_WARN("OpenSSL 1.1.1 setting cryptorand random engine\n");
RAND_set_rand_method(RAND_ksr_cryptorand_method());
}
 #endif

___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: [kamailio/kamailio] Consider adding socket options SO_BINDTODEVICE when the interface name is given for listen in the config file (Issue #3716)

[Daniel-Constantin Mierla via sr-dev]

Kamailio needs to know the IP address of the socket in order to set in the SIP 
routing headers. When interface name is provided, Kamailio discovers its IP 
address to listen on it. If SO_BINDTODEVICE can be done with preserving proper 
working for SIP routing, then anyone is welcome to make a PR with such addition.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3716#issuecomment-1941311368
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] Re: [kamailio/kamailio] pua_json module not compatible with library libjson-c-dev 0.15.2 (Issue #3376)

[github-actions[bot] via sr-dev]

This issue is stale because it has been open 6 weeks with no activity. Remove 
stale label or comment or this will be closed in 2 weeks.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3376#issuecomment-1942997315
You are receiving this because you are subscribed to this thread.

Message ID: ___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] git:master:eafd93f0: db_mysql: update docs for opt_ssl_ca

[S-P Chan via sr-dev]

Module: kamailio
Branch: master
Commit: eafd93f0576504ea03fe6b5e3898506072218cef
URL: 
https://github.com/kamailio/kamailio/commit/eafd93f0576504ea03fe6b5e3898506072218cef

Author: S-P Chan 
Committer: S-P Chan 
Date: 2024-02-14T15:09:24+08:00

db_mysql: update docs for opt_ssl_ca

---

Modified: src/modules/db_mysql/doc/db_mysql_admin.xml

---

Diff:  
https://github.com/kamailio/kamailio/commit/eafd93f0576504ea03fe6b5e3898506072218cef.diff
Patch: 
https://github.com/kamailio/kamailio/commit/eafd93f0576504ea03fe6b5e3898506072218cef.patch

---

diff --git a/src/modules/db_mysql/doc/db_mysql_admin.xml 
b/src/modules/db_mysql/doc/db_mysql_admin.xml
index f1ff53df0ed..7297f2d1b15 100644
--- a/src/modules/db_mysql/doc/db_mysql_admin.xml
+++ b/src/modules/db_mysql/doc/db_mysql_admin.xml
@@ -215,6 +215,30 @@ modparam("db_mysql", "update_affected_found", 1)
 ...
 modparam("db_mysql", "opt_ssl_mode", 1)
 ...
+
+   
+   
+   
+   opt_ssl_ca (integer)
+   
+   Configures the CA certs used to verify the MySQL server cert 
when
+   SSL is enabled.
+   
+   
+   Required when opt_ssl_mode = 4 or 5 and db_mysql is built
+   with libmysqlclient.
+   
+   
+   
+   Default value is NULL (NULL - not configured).
+   
+   
+   
+   Set opt_ssl_ca parameter
+   
+...
+modparam("db_mysql", "opt_ssl_ca", "/etc/ssl/certs/mysql-ca.pem")
+...
 



___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] git:master:ea81e6cb: db_mysql: new module param opt_ssl_ca to configure CA certs

[S-P Chan via sr-dev]

Module: kamailio
Branch: master
Commit: ea81e6cb8b2b2d896de7a07ce191876f9f182673
URL: 
https://github.com/kamailio/kamailio/commit/ea81e6cb8b2b2d896de7a07ce191876f9f182673

Author: S-P Chan 
Committer: S-P Chan 
Date: 2024-02-14T15:08:56+08:00

db_mysql: new module param opt_ssl_ca to configure CA certs

ERROR: db_mysql [km_my_con.c:200]: db_mysql_new_connection():
driver error: SSL connection error: CA certificate is required
if ssl-mode is VERIFY_CA or VERIFY_IDENTITY

When opt_ssl_mode = 4 | 5 libmysqclient
requires that the trusted CAs be configured.
Fixed with:
mysql_options(ptr->con, MYSQL_OPT_SSL_CA, (void *)db_mysql_opt_ssl_mode)

Note: libmariadb3  doesn't require this setting
and uses the system trust store.

---

Modified: src/modules/db_mysql/db_mysql.c
Modified: src/modules/db_mysql/km_my_con.c

---

Diff:  
https://github.com/kamailio/kamailio/commit/ea81e6cb8b2b2d896de7a07ce191876f9f182673.diff
Patch: 
https://github.com/kamailio/kamailio/commit/ea81e6cb8b2b2d896de7a07ce191876f9f182673.patch

---

diff --git a/src/modules/db_mysql/db_mysql.c b/src/modules/db_mysql/db_mysql.c
index 1a698329bac..9a7aa8673b5 100644
--- a/src/modules/db_mysql/db_mysql.c
+++ b/src/modules/db_mysql/db_mysql.c
@@ -47,6 +47,7 @@ unsigned int my_server_timezone =
 unsigned long my_client_ver = 0;
 int db_mysql_unsigned_type = 0;
 int db_mysql_opt_ssl_mode = 0;
+char *db_mysql_opt_ssl_ca = NULL;
 
 struct mysql_counters_h mysql_cnts_h;
 counter_def_t mysql_cnt_defs[] = {
@@ -100,6 +101,7 @@ static param_export_t params[] = {
{"insert_delayed", INT_PARAM, &db_mysql_insert_all_delayed},
{"update_affected_found", INT_PARAM, 
&db_mysql_update_affected_found},
{"unsigned_type", PARAM_INT, &db_mysql_unsigned_type},
+   {"opt_ssl_ca", PARAM_STRING, &db_mysql_opt_ssl_ca},
{"opt_ssl_mode", PARAM_INT, &db_mysql_opt_ssl_mode}, {0, 0, 0}};
 
 
diff --git a/src/modules/db_mysql/km_my_con.c b/src/modules/db_mysql/km_my_con.c
index b4c4dca33b0..226d724f1ae 100644
--- a/src/modules/db_mysql/km_my_con.c
+++ b/src/modules/db_mysql/km_my_con.c
@@ -41,6 +41,7 @@
 #include "db_mysql.h"
 
 extern int db_mysql_opt_ssl_mode;
+extern char *db_mysql_opt_ssl_ca;
 
 /*! \brief
  * Create a new connection structure,
@@ -167,6 +168,9 @@ struct my_con *db_mysql_new_connection(const struct db_id 
*id)
}
 #endif /* MYSQL_VERSION_ID */
 #endif /* MARIADB_BASE_VERSION */
+   if(db_mysql_opt_ssl_ca)
+   mysql_options(
+   ptr->con, MYSQL_OPT_SSL_CA, (const void 
*)db_mysql_opt_ssl_ca);
 
 #if MYSQL_VERSION_ID > 50012
/* set reconnect flag if enabled */

___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] git:master:a61bfe9f: modules: readme files regenerated - db_mysql ... [skip ci]

[Kamailio Dev via sr-dev]

Module: kamailio
Branch: master
Commit: a61bfe9fb8357cedf5cb22e2698ec5d817fcfe5a
URL: 
https://github.com/kamailio/kamailio/commit/a61bfe9fb8357cedf5cb22e2698ec5d817fcfe5a

Author: Kamailio Dev 
Committer: Kamailio Dev 
Date: 2024-02-14T08:16:19+01:00

modules: readme files regenerated - db_mysql ... [skip ci]

---

Modified: src/modules/db_mysql/README

---

Diff:  
https://github.com/kamailio/kamailio/commit/a61bfe9fb8357cedf5cb22e2698ec5d817fcfe5a.diff
Patch: 
https://github.com/kamailio/kamailio/commit/a61bfe9fb8357cedf5cb22e2698ec5d817fcfe5a.patch

---

diff --git a/src/modules/db_mysql/README b/src/modules/db_mysql/README
index 8e135cdcbf2..17f8795581a 100644
--- a/src/modules/db_mysql/README
+++ b/src/modules/db_mysql/README
@@ -32,6 +32,7 @@ Daniel-Constantin Mierla
   3.5. insert_delayed (integer)
   3.6. update_affected_found (integer)
   3.7. opt_ssl_mode (integer)
+  3.8. opt_ssl_ca (integer)
 
 4. Functions
 5. Installation
@@ -46,9 +47,10 @@ Daniel-Constantin Mierla
1.5. Set insert_delayed parameter
1.6. Set update_affected_found parameter
1.7. Set opt_ssl_mode parameter
-   1.8. Set a my.cnf group in db_url parameter
-   1.9. Adding a kamailio group to my.cnf
-   1.10. Using [client] and specific group
+   1.8. Set opt_ssl_ca parameter
+   1.9. Set a my.cnf group in db_url parameter
+   1.10. Adding a kamailio group to my.cnf
+   1.11. Using [client] and specific group
 
 Chapter 1. Admin Guide
 
@@ -69,6 +71,7 @@ Chapter 1. Admin Guide
 3.5. insert_delayed (integer)
 3.6. update_affected_found (integer)
 3.7. opt_ssl_mode (integer)
+3.8. opt_ssl_ca (integer)
 
4. Functions
5. Installation
@@ -107,6 +110,7 @@ Chapter 1. Admin Guide
3.5. insert_delayed (integer)
3.6. update_affected_found (integer)
3.7. opt_ssl_mode (integer)
+   3.8. opt_ssl_ca (integer)
 
 3.1. ping_interval (integer)
 
@@ -212,6 +216,21 @@ modparam("db_mysql", "update_affected_found", 1)
 modparam("db_mysql", "opt_ssl_mode", 1)
 ...
 
+3.8. opt_ssl_ca (integer)
+
+   Configures the CA certs used to verify the MySQL server cert when SSL
+   is enabled.
+
+   Required when opt_ssl_mode = 4 or 5 and db_mysql is built with
+   libmysqlclient.
+
+   Default value is NULL (NULL - not configured).
+
+   Example 1.8. Set opt_ssl_ca parameter
+...
+modparam("db_mysql", "opt_ssl_ca", "/etc/ssl/certs/mysql-ca.pem")
+...
+
 4. Functions
 
No function exported to be used from configuration file.
@@ -238,12 +257,12 @@ modparam("db_mysql", "opt_ssl_mode", 1)
  * mysql://user:pass@[group]/db
  * mysql://[group]/db
 
-   Example 1.8. Set a my.cnf group in db_url parameter
+   Example 1.9. Set a my.cnf group in db_url parameter
 ...
 modparam("usrloc", "db_url", "mysql://[kamailio]/kamailio)
 ...
 
-   Example 1.9. Adding a kamailio group to my.cnf
+   Example 1.10. Adding a kamailio group to my.cnf
 ...
 [kamailio]
 socket = /path/to/mysql.sock
@@ -257,7 +276,7 @@ default-character-set = utf8
both your specific group and the client group, then the value is taken
from the last one.
 
-   Example 1.10. Using [client] and specific group
+   Example 1.11. Using [client] and specific group
 ...
 [client]
 socket = /run/mysql/mysqld.sock

___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] git:master:c89fe41b: db_mysql: fix typos

[S-P Chan via sr-dev]

Module: kamailio
Branch: master
Commit: c89fe41b1583af74cdf7e20d2357d7c90990839f
URL: 
https://github.com/kamailio/kamailio/commit/c89fe41b1583af74cdf7e20d2357d7c90990839f

Author: S-P Chan 
Committer: S-P Chan 
Date: 2024-02-14T15:20:35+08:00

db_mysql: fix typos

The option opt_ssl_ca is a string not integer.

The comment for ea81e6cb should show the code fix as
mysql_options(ptr->con, MYSQL_OPT_SSL_CA, (void *)db_mysql_opt_ssl_ca)

---

Modified: src/modules/db_mysql/doc/db_mysql_admin.xml

---

Diff:  
https://github.com/kamailio/kamailio/commit/c89fe41b1583af74cdf7e20d2357d7c90990839f.diff
Patch: 
https://github.com/kamailio/kamailio/commit/c89fe41b1583af74cdf7e20d2357d7c90990839f.patch

---

diff --git a/src/modules/db_mysql/doc/db_mysql_admin.xml 
b/src/modules/db_mysql/doc/db_mysql_admin.xml
index 7297f2d1b15..18c703838ce 100644
--- a/src/modules/db_mysql/doc/db_mysql_admin.xml
+++ b/src/modules/db_mysql/doc/db_mysql_admin.xml
@@ -219,7 +219,7 @@ modparam("db_mysql", "opt_ssl_mode", 1)



-   opt_ssl_ca (integer)
+   opt_ssl_ca (string)

Configures the CA certs used to verify the MySQL server cert 
when
SSL is enabled.

___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

[sr-dev] git:master:87ef83d2: modules: readme files regenerated - db_mysql ... [skip ci]

[Kamailio Dev via sr-dev]

Module: kamailio
Branch: master
Commit: 87ef83d23f68a43fc5265a81330cbeed6205f922
URL: 
https://github.com/kamailio/kamailio/commit/87ef83d23f68a43fc5265a81330cbeed6205f922

Author: Kamailio Dev 
Committer: Kamailio Dev 
Date: 2024-02-14T08:31:13+01:00

modules: readme files regenerated - db_mysql ... [skip ci]

---

Modified: src/modules/db_mysql/README

---

Diff:  
https://github.com/kamailio/kamailio/commit/87ef83d23f68a43fc5265a81330cbeed6205f922.diff
Patch: 
https://github.com/kamailio/kamailio/commit/87ef83d23f68a43fc5265a81330cbeed6205f922.patch

---

diff --git a/src/modules/db_mysql/README b/src/modules/db_mysql/README
index 17f8795581a..4264fa1c969 100644
--- a/src/modules/db_mysql/README
+++ b/src/modules/db_mysql/README
@@ -32,7 +32,7 @@ Daniel-Constantin Mierla
   3.5. insert_delayed (integer)
   3.6. update_affected_found (integer)
   3.7. opt_ssl_mode (integer)
-  3.8. opt_ssl_ca (integer)
+  3.8. opt_ssl_ca (string)
 
 4. Functions
 5. Installation
@@ -71,7 +71,7 @@ Chapter 1. Admin Guide
 3.5. insert_delayed (integer)
 3.6. update_affected_found (integer)
 3.7. opt_ssl_mode (integer)
-3.8. opt_ssl_ca (integer)
+3.8. opt_ssl_ca (string)
 
4. Functions
5. Installation
@@ -110,7 +110,7 @@ Chapter 1. Admin Guide
3.5. insert_delayed (integer)
3.6. update_affected_found (integer)
3.7. opt_ssl_mode (integer)
-   3.8. opt_ssl_ca (integer)
+   3.8. opt_ssl_ca (string)
 
 3.1. ping_interval (integer)
 
@@ -216,7 +216,7 @@ modparam("db_mysql", "update_affected_found", 1)
 modparam("db_mysql", "opt_ssl_mode", 1)
 ...
 
-3.8. opt_ssl_ca (integer)
+3.8. opt_ssl_ca (string)
 
Configures the CA certs used to verify the MySQL server cert when SSL
is enabled.

___
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org