[sr-dev] RPM Build Toolchain
Sergey, Is the build toolchain for the RPM packages using an old version of openssl? I am seeing incompatibility errors when testing with 5.8.1 RPM and openssl-devel from system, or appstream repos. These are the version differences I see in the logs: |CRITICAL: tls [tls_init.c:870]: tls_h_mod_init_f(): installed openssl library version is too different from the library the kamailio tls module was compiled with: installed "OpenSSL 3.2.1 30 Jan 2024" (0x30200010), compiled "OpenSSL 3.0.7 1 Nov 2022" (0x3070).#012 Please make sure a compatible version is used (tls_force_run in kamailio.cfg will override this check) | Here is what I see in the system RPMs for openssl on centos9: |[root@cent9-v075 ~]# dnf info openssl-devel Last metadata expiration check: 0:03:11 ago on Tue 21 May 2024 08:31:12 PM UTC. Installed Packages Name : openssl-devel Epoch : 1 Version : 3.2.1 Release : 1.el9 Architecture : x86_64 Size : 4.9 M Source : openssl-3.2.1-1.el9.src.rpm Repository : @System From repo : appstream Summary : Files for development of applications which will use OpenSSL URL : http://www.openssl.org/ License : ASL 2.0 Description : OpenSSL is a toolkit for supporting cryptography. The openssl-devel : package contains include files needed to develop applications which : support various cryptographic algorithms and protocols. | Regards, Tyler Moore Full Stack Software Engineer dOpenSource Office: 888-907-2085, ext: 34 Cell: 248-909-2769 Email:tmo...@dopensource.com ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] CPU 100% with TLS
Hello, I'm in a situation where i have 5 proxies (5.5.7) deployed on AWS on 6cni.xlarge instances (4 cpu/8gb), all they're doing is taking TLS connections and forwarding everything to the proxy-dialogs (5.5.2). We opened traffic on these 5 proxies for about 20k clients. CPU just goes to 100% and stays there... (actually moving from core to core 100%). We were doing tls offloading on AWS but routing was a bit of a mess (receiving tls traffic on a non-tls, etc) and we never saw a problem CPU-wise there. config looks like #!define WORKERS 32 #!define MAX_TCP_TLS_CONNECTIONS 3 #!define OPEN_FILES 65535 #!define TCP_CHILDREN_PROCESS 16 tcp_accept_no_cl=no # Needed for HTTP ( https://www.kamailio.org/wiki/cookbooks/devel/core#tcp_accept_no_cl) enable_tls=yes tls_port_no=TLS_PORT auto_aliases=no tcp_children=32 # socket_workers=WORKERS listen=EXTERNAL_LISTEN_SOCKET listen=EXTERNAL_LISTEN_SOCKET_TLS # socket_workers=WORKERS listen=INTERNAL_UDP_SOCKET I even attached gdb and all i see is: (gdb) bt #0 0x1499de9e9853 in __libc_pause () at ../sysdeps/unix/sysv/linux/pause.c:29 #1 0x55a58c1a8e6f in main_loop () #2 0x55a58c1b29a1 in main () (gdb) #0 0x1499de9e9853 in __libc_pause () at ../sysdeps/unix/sysv/linux/pause.c:29 #1 0x55a58c1a8e6f in main_loop () #2 0x55a58c1b29a1 in main () (gdb) #0 0x1499de9e9853 in __libc_pause () at ../sysdeps/unix/sysv/linux/pause.c:29 #1 0x55a58c1a8e6f in main_loop () #2 0x55a58c1b29a1 in main () (gdb) #0 0x1499de9e9853 in __libc_pause () at ../sysdeps/unix/sysv/linux/pause.c:29 #1 0x55a58c1a8e6f in main_loop () #2 0x55a58c1b29a1 in main () which doesn't seem like it's doing much, and stats look ok: kamcmd> stats.fetch all { core.bad_URIs_rcvd: 0 core.bad_msg_hdr: 0 core.drop_replies: 0 core.drop_requests: 0 core.err_replies: 0 core.err_requests: 0 core.fwd_replies: 0 core.fwd_requests: 72 core.rcv_replies: 4134 core.rcv_replies_18x: 159 core.rcv_replies_1xx: 279 core.rcv_replies_1xx_bye: 0 core.rcv_replies_1xx_cancel: 0 core.rcv_replies_1xx_invite: 279 core.rcv_replies_1xx_message: 0 core.rcv_replies_1xx_prack: 0 core.rcv_replies_1xx_refer: 0 core.rcv_replies_1xx_reg: 0 core.rcv_replies_1xx_update: 0 core.rcv_replies_2xx: 3068 core.rcv_replies_2xx_bye: 68 core.rcv_replies_2xx_cancel: 39 core.rcv_replies_2xx_invite: 72 core.rcv_replies_2xx_message: 0 core.rcv_replies_2xx_prack: 0 core.rcv_replies_2xx_refer: 0 core.rcv_replies_2xx_reg: 975 core.rcv_replies_2xx_update: 0 core.rcv_replies_3xx: 0 core.rcv_replies_3xx_bye: 0 core.rcv_replies_3xx_cancel: 0 core.rcv_replies_3xx_invite: 0 core.rcv_replies_3xx_message: 0 core.rcv_replies_3xx_prack: 0 core.rcv_replies_3xx_refer: 0 core.rcv_replies_3xx_reg: 0 core.rcv_replies_3xx_update: 0 core.rcv_replies_401: 658 core.rcv_replies_404: 0 core.rcv_replies_407: 72 core.rcv_replies_480: 4 core.rcv_replies_486: 0 core.rcv_replies_4xx: 776 core.rcv_replies_4xx_bye: 2 core.rcv_replies_4xx_cancel: 1 core.rcv_replies_4xx_invite: 115 core.rcv_replies_4xx_message: 0 core.rcv_replies_4xx_prack: 0 core.rcv_replies_4xx_refer: 0 core.rcv_replies_4xx_reg: 658 core.rcv_replies_4xx_update: 0 core.rcv_replies_5xx: 0 core.rcv_replies_5xx_bye: 0 core.rcv_replies_5xx_cancel: 0 core.rcv_replies_5xx_invite: 0 core.rcv_replies_5xx_message: 0 core.rcv_replies_5xx_prack: 0 core.rcv_replies_5xx_refer: 0 core.rcv_replies_5xx_reg: 0 core.rcv_replies_5xx_update: 0 core.rcv_replies_6xx: 11 core.rcv_replies_6xx_bye: 0 core.rcv_replies_6xx_cancel: 0 core.rcv_replies_6xx_invite: 11 core.rcv_replies_6xx_message: 0 core.rcv_replies_6xx_prack: 0 core.rcv_replies_6xx_refer: 0 core.rcv_replies_6xx_reg: 0 core.rcv_replies_6xx_update: 0 core.rcv_requests: 2170 core.rcv_requests_ack: 210 core.rcv_requests_bye: 83 core.rcv_requests_cancel: 45 core.rcv_requests_info: 0 core.rcv_requests_invite: 196 core.rcv_requests_message: 0 core.rcv_requests_notify: 0 core.rcv_requests_options: 0 core.rcv_requests_prack: 0 core.rcv_requests_publish: 0 core.rcv_requests_refer: 0 core.rcv_requests_register: 1636 core.rcv_requests_subscribe: 0 core.rcv_requests_update: 0 core.unsupported_methods: 0 dns.failed_dns_request: 0 dns.slow_dns_request: 0 shmem.fragments: 270 shmem.free_size: 4283453736 shmem.max_used_size: 13711272 shmem.real_used_size: 11513560 shmem.total_size: 4294967296 shmem.used_size: 8167352 sl.1xx_replies: 0 sl.200_replies: 0 sl.202_replies: 0 sl.2xx_replies: 0 sl.300_replies: 0 sl.301_replies: 0 sl.302_replies: 0 sl.3xx_replies: 0 sl.400_replies: 0 sl.401_replies: 0 sl.403_replies: 0 sl.404_replies: 0 sl.407_replies: 0 sl.408_replies: 0 sl.483_replies: 0 sl.4xx_replies: 0 sl.500_replies: 0 sl.5xx_replies: 0 sl.6xx_replies: 0 sl.failures: 0 sl.received_ACKs: 0 sl.sent_err_replies: 0 sl.sent_replies: 0 sl.xxx_replies: 0 tcp.con_reset: 5 tcp.con_timeout: 54 tcp.connect_failed: 3 tcp.connect_success: 0 tcp.current_opened_connections: 44 tcp.current_write_queue_size: 0 tcp.established: 295 tcp.local_reject: 0
[sr-dev] Re: [kamailio/kamailio] Crash in dns_cache.c with dns_cache_init=off (Issue #3350)
With Kamailio 5.8 it still crashes. I use in the meantime the bytecode of luajit as KEMI. kamailio.cfg #.x!xKAMAILI2O # *** To enable presence server execute: # - define WITH_PRESENCE # - if modified headers or body in config must be used by presence handling: # - define WITH_MSGREBUILD # # *** To block 3XX redirect replies execute: #!define WITH_BLOCK3XX # # *** To block 401 and 407 authentication replies execute: # - define WITH_BLOCK401407 server_signature=off # force_rport=on # made in routling_logic.lua # local_rport=on log_stderror=yes corelog=-1 /* LOG Levels: 3=DBG, 2=INFO, 1=NOTICE, 0=WARN, -1=ERR, ... */ debug=1 dns_try_ipv6=off dns_retr_time=2 use_dns_failover=on dns_srv_lb=on dns_try_naptr=on dns_cache_flags=1 #next line crashes, unless =on dns_cache_init=on use_dns_cache=on server_id=2 rundir="/conf" children=8 enable_sctp = 1 sctp_children = 2 tcp_children = 4 enable_tls=yes listen=tls:144.76.142.78:5061 listen=tcp:144.76.142.78:5060 listen=udp:144.76.142.78:5060 listen=sctp:144.76.142.78:5060 #onsend_route_reply=yes user="kamailio" group="kamailio" real_time = 3 #tcp_defer_accept = 3 #!define DBURLRO "sqlite:///conf/kamailio-ro.db" #!define DBURLRW "sqlite:///conf/kamailio.db" ### Defined Values # # *** Value defines - IDs used later in config # - flags # FLT_ - per transaction (message) flags #!define FLT_ACC 1 #!define FLT_ACCMISSED 2 #!define FLT_ACCFAILED 3 #!define FLT_NATS 5 # FLB_ - per branch flags #!define FLB_NATB 6 #!define FLB_NATSIPPING 7 #!define FLT_DIALOG 10 #!define FLT_SST 11 ### Global Parameters # mlock_pages=yes auto_aliases=no #alias=sip.bapha.be:5060 #alias=sip.bapha.be:5061 #alias=sip.aegee.org:5060 #alias=sip.aegee.org:5061 #alias=mail.aegee.org:5060 #alias=mail.aegee.org:5061 /* life time of TCP connection when there is no traffic * - a bit higher than registration expires to cope with UA behind NAT */ tcp_connection_lifetime=3605 tcp_accept_no_cl=yes #tcp_keepalive=yes tcp_keepcnt=6 tcp_keepidle=60 tcp_keepintvl=10 loadmodule "db_sqlite.so" loadmodule "permissions.so" loadmodule "sctp.so" loadmodule "enum.so" loadmodule "kex.so" loadmodule "kemix.so" loadmodule "corex.so" loadmodule "tm.so" loadmodule "tmx.so" loadmodule "sl.so" loadmodule "usrloc.so" loadmodule "tls.so" loadmodule "stun.so" loadmodule "outbound.so" loadmodule "rr.so" loadmodule "pv.so" loadmodule "sipdump" loadmodule "dialog.so" loadmodule "sst.so" loadmodule "uac.so" loadmodule "acc.so" loadmodule "maxfwd.so" loadmodule "registrar.so" loadmodule "textops.so" loadmodule "tcpops.so" # loadmodule "textopsx.so" ## unused loadmodule "siputils.so" loadmodule "xlog.so" loadmodule "sanity.so" loadmodule "nathelper.so" loadmodule "ctl.so" loadmodule "cfg_rpc.so" loadmodule "counters.so" loadmodule "rtpengine.so" loadmodule "auth.so" loadmodule "auth_db.so" loadmodule "alias_db.so" loadmodule "domain.so" #!ifdef WITH_PRESENCE loadmodule "presence.so" loadmodule "presence_xml.so" #!endif loadmodule "htable.so" loadmodule "pike.so" loadmodule "xhttp.so" loadmodule "websocket.so" loadmodule "app_lua.so" loadmodule "statsc.so" modparam("sipdump", "enable", 1) modparam("sipdump", "mode", 2) modparam("sipdump", "event_callback", "ksr_sipdump_event") #modparam("sipdump", "folder", "/conf") modparam("auth", "auth_checks_register", 11) modparam("auth", "qop", "auth") modparam("auth", "auth_checks_no_dlg", 9) modparam("auth", "auth_checks_in_dlg", 15) modparam("auth", "qop", "auth") modparam("auth", "use_domain", yes); # modparam("auth", "algorithm", "SHA-256") # gnome-calls does not support algorithm=sha-256 modparam("auth", "add_authinfo_hdr", yes) modparam("permissions", "load_backends", 1) modparam("permissions", "db_url", DBURLRO) # - auth_db params - modparam("auth_db", "db_url", DBURLRO) modparam("auth_db", "calculate_ha1", 1) modparam("auth_db", "password_column", "password") modparam("auth_db", "load_credentials", "$avp(credentials)=password") modparam("auth_db", "use_domain", 1) modparam("dialog", "timeout_avp", "$avp(dlgtimeout)") modparam("dialog", "bridge_controller", "sip:control...@aegee.org") modparam("dialog", "bridge_contact", "sip:controller@144.76.142.78:5060") modparam("dialog", "send_bye", 1) modparam("dialog", "dlg_flag", FLT_DIALOG) modparam("sst", "timeout_avp", "$avp(dlgtimeout)") modparam("sst", "sst_flag", FLT_SST) modparam("xhttp", "event_callback", "ksr_xhttp_event") modparam("rtpengine", "rtpengine_sock", "udp:127.0.0.1:1555") modparam("ctl", "binrpc", "unix:/conf/kamailio_ctl") modparam("sanity", "uri_checks", 15) modparam("uac", "restore_passwd", "my_secret_EIA99iatruai") # modparam("uac", "default_socket", "udp:144.76.142.78:5060") modparam("uac", "reg_use_domain", 1) modparam("uac", "reg_db_url", DBURLRO) # - tm params - # auto-discard branches from previous serial forking leg modparam("tm", "failure_reply_mode", 3) # default retransmission timeout: 30sec modparam("tm", "fr_timer", 3)
[sr-dev] Re: [kamailio/kamailio] Segfault in pua_dialoginfo.c when starting up with a dialog in the database (Issue #3743)
Hey again, i managed to reproduce it on 5.7.4 (also on 5.7.5) but it seems to be fixed in 5.8.1 and master already. Can you maybe verify that this is the case? -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3743#issuecomment-2123058991 You are receiving this because you are subscribed to this thread. Message ID: ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: [kamailio/kamailio] Segfault in pua_dialoginfo.c when starting up with a dialog in the database (Issue #3743)
Hey @gianluca-nitti, Do you have any special config for the modules pua, dialog and pua_dialoginfo that you can provide? I am probably missing something when trying to replicate it with the provided dump and default configs. Thanks, -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3743#issuecomment-2122602174 You are receiving this because you are subscribed to this thread. Message ID: ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: [kamailio/kamailio] permissions: introduce func `allow_register_include_port()` (PR #3846)
@henningw maybe you could have a look? We've tested that on our systems, and actually use it already in our latest master. Regards, Donat -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/3846#issuecomment-2122061493 You are receiving this because you are subscribed to this thread. Message ID: ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
[sr-dev] Re: [kamailio/kamailio] Dialog DMQ sync: Timer needs fixing, firing on wrong node! (Issue #3656)
Ping to remove stale label -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3656#issuecomment-2122055212 You are receiving this because you are subscribed to this thread. Message ID: ___ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org