[sr-dev] RPM Build Toolchain
Sergey, Is the build toolchain for the RPM packages using an old version of openssl? I am seeing incompatibility errors when testing with 5.8.1 RPM and openssl-devel from system, or appstream repos. These are the version differences I see in the logs: |CRITICAL: tls [tls_init.c:870]: tls_h_mod_init_f(): installed openssl library version is too different from the library the kamailio tls module was compiled with: installed "OpenSSL 3.2.1 30 Jan 2024" (0x30200010), compiled "OpenSSL 3.0.7 1 Nov 2022" (0x3070).#012 Please make sure a compatible version is used (tls_force_run in kamailio.cfg will override this check) | Here is what I see in the system RPMs for openssl on centos9: |[root@cent9-v075 ~]# dnf info openssl-devel Last metadata expiration check: 0:03:11 ago on Tue 21 May 2024 08:31:12 PM UTC. Installed Packages Name : openssl-devel Epoch : 1 Version : 3.2.1 Release : 1.el9 Architecture : x86_64 Size : 4.9 M Source : openssl-3.2.1-1.el9.src.rpm Repository : @System From repo : appstream Summary : Files for development of applications which will use OpenSSL URL : http://www.openssl.org/ License : ASL 2.0 Description : OpenSSL is a toolkit for supporting cryptography. The openssl-devel : package contains include files needed to develop applications which : support various cryptographic algorithms and protocols. | Regards, Tyler Moore Full Stack Software Engineer dOpenSource Office: 888-907-2085, ext: 34 Cell: 248-909-2769 Email:tmo...@dopensource.com ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] CPU 100% with TLS
Hello,
I'm in a situation where i have 5 proxies (5.5.7) deployed on AWS on
6cni.xlarge instances (4 cpu/8gb), all they're doing is taking TLS
connections and forwarding everything to the proxy-dialogs (5.5.2).
We opened traffic on these 5 proxies for about 20k clients.
CPU just goes to 100% and stays there... (actually moving from core to core
100%). We were doing tls offloading on AWS but routing was a bit of a mess
(receiving tls traffic on a non-tls, etc) and we never saw a problem
CPU-wise there.
config looks like
#!define WORKERS 32
#!define MAX_TCP_TLS_CONNECTIONS 3
#!define OPEN_FILES 65535
#!define TCP_CHILDREN_PROCESS 16
tcp_accept_no_cl=no # Needed for HTTP (
https://www.kamailio.org/wiki/cookbooks/devel/core#tcp_accept_no_cl)
enable_tls=yes
tls_port_no=TLS_PORT
auto_aliases=no
tcp_children=32
#
socket_workers=WORKERS
listen=EXTERNAL_LISTEN_SOCKET
listen=EXTERNAL_LISTEN_SOCKET_TLS
#
socket_workers=WORKERS
listen=INTERNAL_UDP_SOCKET
I even attached gdb and all i see is:
(gdb) bt
#0 0x1499de9e9853 in __libc_pause () at
../sysdeps/unix/sysv/linux/pause.c:29
#1 0x55a58c1a8e6f in main_loop ()
#2 0x55a58c1b29a1 in main ()
(gdb)
#0 0x1499de9e9853 in __libc_pause () at
../sysdeps/unix/sysv/linux/pause.c:29
#1 0x55a58c1a8e6f in main_loop ()
#2 0x55a58c1b29a1 in main ()
(gdb)
#0 0x1499de9e9853 in __libc_pause () at
../sysdeps/unix/sysv/linux/pause.c:29
#1 0x55a58c1a8e6f in main_loop ()
#2 0x55a58c1b29a1 in main ()
(gdb)
#0 0x1499de9e9853 in __libc_pause () at
../sysdeps/unix/sysv/linux/pause.c:29
#1 0x55a58c1a8e6f in main_loop ()
#2 0x55a58c1b29a1 in main ()
which doesn't seem like it's doing much, and stats look ok:
kamcmd> stats.fetch all
{
core.bad_URIs_rcvd: 0
core.bad_msg_hdr: 0
core.drop_replies: 0
core.drop_requests: 0
core.err_replies: 0
core.err_requests: 0
core.fwd_replies: 0
core.fwd_requests: 72
core.rcv_replies: 4134
core.rcv_replies_18x: 159
core.rcv_replies_1xx: 279
core.rcv_replies_1xx_bye: 0
core.rcv_replies_1xx_cancel: 0
core.rcv_replies_1xx_invite: 279
core.rcv_replies_1xx_message: 0
core.rcv_replies_1xx_prack: 0
core.rcv_replies_1xx_refer: 0
core.rcv_replies_1xx_reg: 0
core.rcv_replies_1xx_update: 0
core.rcv_replies_2xx: 3068
core.rcv_replies_2xx_bye: 68
core.rcv_replies_2xx_cancel: 39
core.rcv_replies_2xx_invite: 72
core.rcv_replies_2xx_message: 0
core.rcv_replies_2xx_prack: 0
core.rcv_replies_2xx_refer: 0
core.rcv_replies_2xx_reg: 975
core.rcv_replies_2xx_update: 0
core.rcv_replies_3xx: 0
core.rcv_replies_3xx_bye: 0
core.rcv_replies_3xx_cancel: 0
core.rcv_replies_3xx_invite: 0
core.rcv_replies_3xx_message: 0
core.rcv_replies_3xx_prack: 0
core.rcv_replies_3xx_refer: 0
core.rcv_replies_3xx_reg: 0
core.rcv_replies_3xx_update: 0
core.rcv_replies_401: 658
core.rcv_replies_404: 0
core.rcv_replies_407: 72
core.rcv_replies_480: 4
core.rcv_replies_486: 0
core.rcv_replies_4xx: 776
core.rcv_replies_4xx_bye: 2
core.rcv_replies_4xx_cancel: 1
core.rcv_replies_4xx_invite: 115
core.rcv_replies_4xx_message: 0
core.rcv_replies_4xx_prack: 0
core.rcv_replies_4xx_refer: 0
core.rcv_replies_4xx_reg: 658
core.rcv_replies_4xx_update: 0
core.rcv_replies_5xx: 0
core.rcv_replies_5xx_bye: 0
core.rcv_replies_5xx_cancel: 0
core.rcv_replies_5xx_invite: 0
core.rcv_replies_5xx_message: 0
core.rcv_replies_5xx_prack: 0
core.rcv_replies_5xx_refer: 0
core.rcv_replies_5xx_reg: 0
core.rcv_replies_5xx_update: 0
core.rcv_replies_6xx: 11
core.rcv_replies_6xx_bye: 0
core.rcv_replies_6xx_cancel: 0
core.rcv_replies_6xx_invite: 11
core.rcv_replies_6xx_message: 0
core.rcv_replies_6xx_prack: 0
core.rcv_replies_6xx_refer: 0
core.rcv_replies_6xx_reg: 0
core.rcv_replies_6xx_update: 0
core.rcv_requests: 2170
core.rcv_requests_ack: 210
core.rcv_requests_bye: 83
core.rcv_requests_cancel: 45
core.rcv_requests_info: 0
core.rcv_requests_invite: 196
core.rcv_requests_message: 0
core.rcv_requests_notify: 0
core.rcv_requests_options: 0
core.rcv_requests_prack: 0
core.rcv_requests_publish: 0
core.rcv_requests_refer: 0
core.rcv_requests_register: 1636
core.rcv_requests_subscribe: 0
core.rcv_requests_update: 0
core.unsupported_methods: 0
dns.failed_dns_request: 0
dns.slow_dns_request: 0
shmem.fragments: 270
shmem.free_size: 4283453736
shmem.max_used_size: 13711272
shmem.real_used_size: 11513560
shmem.total_size: 4294967296
shmem.used_size: 8167352
sl.1xx_replies: 0
sl.200_replies: 0
sl.202_replies: 0
sl.2xx_replies: 0
sl.300_replies: 0
sl.301_replies: 0
sl.302_replies: 0
sl.3xx_replies: 0
sl.400_replies: 0
sl.401_replies: 0
sl.403_replies: 0
sl.404_replies: 0
sl.407_replies: 0
sl.408_replies: 0
sl.483_replies: 0
sl.4xx_replies: 0
sl.500_replies: 0
sl.5xx_replies: 0
sl.6xx_replies: 0
sl.failures: 0
sl.received_ACKs: 0
sl.sent_err_replies: 0
sl.sent_replies: 0
sl.xxx_replies: 0
tcp.con_reset: 5
tcp.con_timeout: 54
tcp.connect_failed: 3
tcp.connect_success: 0
tcp.current_opened_connections: 44
tcp.current_write_queue_size: 0
tcp.established: 295
tcp.local_reject: 0
[sr-dev] Re: [kamailio/kamailio] Crash in dns_cache.c with dns_cache_init=off (Issue #3350)
With Kamailio 5.8 it still crashes. I use in the meantime the bytecode of
luajit as KEMI.
kamailio.cfg
#.x!xKAMAILI2O
# *** To enable presence server execute:
# - define WITH_PRESENCE
# - if modified headers or body in config must be used by presence handling:
# - define WITH_MSGREBUILD
#
# *** To block 3XX redirect replies execute:
#!define WITH_BLOCK3XX
#
# *** To block 401 and 407 authentication replies execute:
# - define WITH_BLOCK401407
server_signature=off
# force_rport=on # made in routling_logic.lua
# local_rport=on
log_stderror=yes
corelog=-1
/* LOG Levels: 3=DBG, 2=INFO, 1=NOTICE, 0=WARN, -1=ERR, ... */
debug=1
dns_try_ipv6=off
dns_retr_time=2
use_dns_failover=on
dns_srv_lb=on
dns_try_naptr=on
dns_cache_flags=1
#next line crashes, unless =on
dns_cache_init=on
use_dns_cache=on
server_id=2
rundir="/conf"
children=8
enable_sctp = 1
sctp_children = 2
tcp_children = 4
enable_tls=yes
listen=tls:144.76.142.78:5061
listen=tcp:144.76.142.78:5060
listen=udp:144.76.142.78:5060
listen=sctp:144.76.142.78:5060
#onsend_route_reply=yes
user="kamailio"
group="kamailio"
real_time = 3
#tcp_defer_accept = 3
#!define DBURLRO "sqlite:///conf/kamailio-ro.db"
#!define DBURLRW "sqlite:///conf/kamailio.db"
### Defined Values #
# *** Value defines - IDs used later in config
# - flags
# FLT_ - per transaction (message) flags
#!define FLT_ACC 1
#!define FLT_ACCMISSED 2
#!define FLT_ACCFAILED 3
#!define FLT_NATS 5
# FLB_ - per branch flags
#!define FLB_NATB 6
#!define FLB_NATSIPPING 7
#!define FLT_DIALOG 10
#!define FLT_SST 11
### Global Parameters #
mlock_pages=yes
auto_aliases=no
#alias=sip.bapha.be:5060
#alias=sip.bapha.be:5061
#alias=sip.aegee.org:5060
#alias=sip.aegee.org:5061
#alias=mail.aegee.org:5060
#alias=mail.aegee.org:5061
/* life time of TCP connection when there is no traffic
* - a bit higher than registration expires to cope with UA behind NAT */
tcp_connection_lifetime=3605
tcp_accept_no_cl=yes
#tcp_keepalive=yes
tcp_keepcnt=6
tcp_keepidle=60
tcp_keepintvl=10
loadmodule "db_sqlite.so"
loadmodule "permissions.so"
loadmodule "sctp.so"
loadmodule "enum.so"
loadmodule "kex.so"
loadmodule "kemix.so"
loadmodule "corex.so"
loadmodule "tm.so"
loadmodule "tmx.so"
loadmodule "sl.so"
loadmodule "usrloc.so"
loadmodule "tls.so"
loadmodule "stun.so"
loadmodule "outbound.so"
loadmodule "rr.so"
loadmodule "pv.so"
loadmodule "sipdump"
loadmodule "dialog.so"
loadmodule "sst.so"
loadmodule "uac.so"
loadmodule "acc.so"
loadmodule "maxfwd.so"
loadmodule "registrar.so"
loadmodule "textops.so"
loadmodule "tcpops.so"
# loadmodule "textopsx.so" ## unused
loadmodule "siputils.so"
loadmodule "xlog.so"
loadmodule "sanity.so"
loadmodule "nathelper.so"
loadmodule "ctl.so"
loadmodule "cfg_rpc.so"
loadmodule "counters.so"
loadmodule "rtpengine.so"
loadmodule "auth.so"
loadmodule "auth_db.so"
loadmodule "alias_db.so"
loadmodule "domain.so"
#!ifdef WITH_PRESENCE
loadmodule "presence.so"
loadmodule "presence_xml.so"
#!endif
loadmodule "htable.so"
loadmodule "pike.so"
loadmodule "xhttp.so"
loadmodule "websocket.so"
loadmodule "app_lua.so"
loadmodule "statsc.so"
modparam("sipdump", "enable", 1)
modparam("sipdump", "mode", 2)
modparam("sipdump", "event_callback", "ksr_sipdump_event")
#modparam("sipdump", "folder", "/conf")
modparam("auth", "auth_checks_register", 11)
modparam("auth", "qop", "auth")
modparam("auth", "auth_checks_no_dlg", 9)
modparam("auth", "auth_checks_in_dlg", 15)
modparam("auth", "qop", "auth")
modparam("auth", "use_domain", yes);
# modparam("auth", "algorithm", "SHA-256") # gnome-calls does not support
algorithm=sha-256
modparam("auth", "add_authinfo_hdr", yes)
modparam("permissions", "load_backends", 1)
modparam("permissions", "db_url", DBURLRO)
# - auth_db params -
modparam("auth_db", "db_url", DBURLRO)
modparam("auth_db", "calculate_ha1", 1)
modparam("auth_db", "password_column", "password")
modparam("auth_db", "load_credentials", "$avp(credentials)=password")
modparam("auth_db", "use_domain", 1)
modparam("dialog", "timeout_avp", "$avp(dlgtimeout)")
modparam("dialog", "bridge_controller", "sip:control...@aegee.org")
modparam("dialog", "bridge_contact", "sip:controller@144.76.142.78:5060")
modparam("dialog", "send_bye", 1)
modparam("dialog", "dlg_flag", FLT_DIALOG)
modparam("sst", "timeout_avp", "$avp(dlgtimeout)")
modparam("sst", "sst_flag", FLT_SST)
modparam("xhttp", "event_callback", "ksr_xhttp_event")
modparam("rtpengine", "rtpengine_sock", "udp:127.0.0.1:1555")
modparam("ctl", "binrpc", "unix:/conf/kamailio_ctl")
modparam("sanity", "uri_checks", 15)
modparam("uac", "restore_passwd", "my_secret_EIA99iatruai")
# modparam("uac", "default_socket", "udp:144.76.142.78:5060")
modparam("uac", "reg_use_domain", 1)
modparam("uac", "reg_db_url", DBURLRO)
# - tm params -
# auto-discard branches from previous serial forking leg
modparam("tm", "failure_reply_mode", 3)
# default retransmission timeout: 30sec
modparam("tm", "fr_timer", 3)
[sr-dev] Re: [kamailio/kamailio] Segfault in pua_dialoginfo.c when starting up with a dialog in the database (Issue #3743)
Hey again, i managed to reproduce it on 5.7.4 (also on 5.7.5) but it seems to be fixed in 5.8.1 and master already. Can you maybe verify that this is the case? -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3743#issuecomment-2123058991 You are receiving this because you are subscribed to this thread. Message ID: ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: [kamailio/kamailio] Segfault in pua_dialoginfo.c when starting up with a dialog in the database (Issue #3743)
Hey @gianluca-nitti, Do you have any special config for the modules pua, dialog and pua_dialoginfo that you can provide? I am probably missing something when trying to replicate it with the provided dump and default configs. Thanks, -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3743#issuecomment-2122602174 You are receiving this because you are subscribed to this thread. Message ID: ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: [kamailio/kamailio] permissions: introduce func `allow_register_include_port()` (PR #3846)
@henningw maybe you could have a look? We've tested that on our systems, and actually use it already in our latest master. Regards, Donat -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/3846#issuecomment-2122061493 You are receiving this because you are subscribed to this thread. Message ID: ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: [kamailio/kamailio] Dialog DMQ sync: Timer needs fixing, firing on wrong node! (Issue #3656)
Ping to remove stale label -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3656#issuecomment-2122055212 You are receiving this because you are subscribed to this thread. Message ID: ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
