[SR-Users] Re: Segfault on startup when using TLS in kamailio 5.7.4

[Henning Westerholt via sr-users]

Hello,

In the releases after 5.7.2 there have been a lot of TLS related changes. There 
were necessary due to several critical memory corruption bugs due to 
implementation decisions from the OpenSSL team in version 3.x. These changes 
were somewhat larger as usually expected in minor releases, but ultimately 
necessary due to the mentioned problems. Due to the complexity of the problems, 
several iterations were necessary to solve it completely.

So, without looking too much into the details of your issue - I suspect that 
the problems you are observing might be caused from these changes. It might 
that you did a security package update that changes some memory layout, for 
example, that triggered it.

I think that these TLS changes are now done in the releases 5.7.5 and 5.8.1, 
and these releases should be stable again. This has been confirmed on multiples 
reports on our issue tracker and also in some of our customer environments.

So, I would suggest you give the 5.7.5 a try. If there are still crashes on 
startup, please let provide an update on the list or on the issue tracker.

Cheers,

Henning

-- 
Henning Westerholt - https://skalatan.de/blog/
Kamailio services - https://gilawa.com

> -Original Message-
> From: stefanr--- via sr-users 
> Sent: Freitag, 17. Mai 2024 19:00
> To: sr-users@lists.kamailio.org
> Cc: stef...@wave.com
> Subject: [SR-Users] Re: Segfault on startup when using TLS in kamailio 5.7.4
> 
> For additional context:
> 
> - Our Kamailio setup receives SIP messages from one endpoint over UDP and
> forwards them to another endpoint over TLS, with rtpengine for RTP proxying.
> - The issue only occurs on startup. E.g., after a VM reboot hosting our 
> Kamailio
> container, after deploying an updated Docker container onto the VM, or just 
> after
> restarting the docker container.
> - Out of business hours, when the instance doesn't handle any traffic, we 
> can't
> reproduce the issue.
> - We've been running 5.7.4 for about two months. We did the upgrade out of
> hours so the initial upgrade didn't trigger the issue. The issue occurred 
> during
> redeployments yesterday and today, while the instance was handling traffic. We
> saw a few dozen segfaults as we troubleshooted the issue during the incidents
> yesterday and today. After business hours, we couldn't reproduce the issue.
> - We've been doing regular kamailio upgrades to the latest 5.4.x-5.7.x 
> versions
> and this instance has been around for years without any similar issues or
> significant configuration changes.
> __
> Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send
> an email to sr-users-le...@lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to the 
> sender!
> Edit mailing list options or unsubscribe:
__
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:

[SR-Users] Assistance Needed to Resolve Duplicate Contact Headers in 200 OK Response

[Juha Heinanen via sr-users]

satyaprakash ch via sr-users writes:

> We are receiving 2 to 3 contact headers in the 200 OK response of the
> registration request. It appears that the `user_location` is updating
> multiple contact headers for the same extension due to network
> disconnections. Please suggest a solution to avoid duplicates in the
> `user_location` module, or how to ensure that only the latest single
> contact header is included in the 200 OK response.
> 
> Your suggestion would be appreciated.

Use proper SIP UAs that support instance id.  See
https://www.rfc-editor.org/rfc/rfc5626.

-- Juha
__
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:

[SR-Users] Re: Segfault on startup when using TLS in kamailio 5.7.4

[stefanr--- via sr-users]

For additional context:

- Our Kamailio setup receives SIP messages from one endpoint over UDP and 
forwards them to another endpoint over TLS, with rtpengine for RTP proxying.
- The issue only occurs on startup. E.g., after a VM reboot hosting our 
Kamailio container, after deploying an updated Docker container onto the VM, or 
just after restarting the docker container.
- Out of business hours, when the instance doesn't handle any traffic, we can't 
reproduce the issue.
- We've been running 5.7.4 for about two months. We did the upgrade out of 
hours so the initial upgrade didn't trigger the issue. The issue occurred 
during redeployments yesterday and today, while the instance was handling 
traffic. We saw a few dozen segfaults as we troubleshooted the issue during the 
incidents yesterday and today. After business hours, we couldn't reproduce the 
issue.
- We've been doing regular kamailio upgrades to the latest 5.4.x-5.7.x versions 
and this instance has been around for years without any similar issues or 
significant configuration changes.
__
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:

[SR-Users] Re: $dlg_var() not implemented in ims_dialog module

[Denys Pozniak via sr-users]

Hello!

>I leverage a lot htable, even when dialog is used. The call-id ($ci) is
the same for all messages within the dialog and it can be used as a prefix:
$sht(dlg=>$ci::xyz)

The question may not be entirely within the scope of the topic, but how do
you usually delete the htable after completing the dialog?
Through catching BYE? And by some kind of life timers?

пт, 17 мая 2024 г. в 10:51, Daniel-Constantin Mierla via sr-users <
sr-users@lists.kamailio.org>:

> Hello,
> On 17.05.24 08:39, Valentin Christoph via sr-users wrote:
>
> Dear all,
>
>
>
> I would probably need to store some dialog scoped information in an IMS
> environment, but the ims_dialog module does not implement the $dlg_var()
> pseudo variable.
>
>
>
> Do you know other, maybe better, possibilities to store dialog scoped
> information in an IMS (CSCF) environment?
>
> I leverage a lot htable, even when dialog is used. The call-id ($ci) is
> the same for all messages within the dialog and it can be used as a prefix:
>
> $sht(dlg=>$ci::xyz)
>
> Cheers,
> Daniel
>
> --
> Daniel-Constantin Mierla (@ asipto.com)twitter.com/miconda -- 
> linkedin.com/in/miconda
> Kamailio Consultancy, Training and Development Services -- asipto.com
>
> __
> Kamailio - Users Mailing List - Non Commercial Discussions
> To unsubscribe send an email to sr-users-le...@lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> Edit mailing list options or unsubscribe:
>


-- 

BR,
Denys Pozniak
__
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:

[SR-Users] Segfault on startup when using TLS in kamailio 5.7.4

[stefanr--- via sr-users]

Hi there,

We are encountering consistent segfaults after rebooting our Kamailio instance 
with incoming traffic, specifically when using Kamailio 5.7.4. We think this 
issue did not occur with version 5.7.2, so it seems to have been introduced in 
either 5.7.3 or 5.7.4.

Due to team bandwidth constraints and the potential impact on production 
traffic, we don't want to spend time on trying to reproduce the issue. So we 
have decided to downgrade to 5.6.4, which we confirmed to be stable. (Probably 
5.7.2 would be too - but we didn't try).

Unfortunately, our logging was only set to WARNING level, and we did not 
capture a core dump, so we cannot provide additional details beyond the 
following logs:

This was with tcp_reuse_ports=yes:

2024-05-17T15:42:55.582475541Z Listening on
2024-05-17T15:42:55.582512370Z  [redacted]
2024-05-17T15:42:55.582538161Z  tls: 10.X.X.X:5061 advertise 
Y.Y.Y:5061
2024-05-17T15:42:55.582543750Z Aliases:
2024-05-17T15:42:55.582549081Z  tls: [redacted]:5061
2024-05-17T15:42:55.582574890Z
2024-05-17T15:42:55.587876630Z  0(1) WARNING: tls [tls_init.c:978]: 
tls_h_mod_init_f(): openssl bug #1491 (crash/mem leaks on low memory) 
workaround enabled (on low memory tls operations will fail preemptively) with 
free memory thresholds 18874368 and 9437184 bytes
2024-05-17T15:42:55.703927049Z 35(41) CRITICAL:  [core/pass_fd.c:281]: 
receive_fd(): EOF on 23
2024-05-17T15:42:55.703972029Z  0(1) ALERT:  [main.c:791]: handle_sigs(): 
child process 15 exited by a signal 11
2024-05-17T15:42:55.703978409Z  0(1) ALERT:  [main.c:795]: handle_sigs(): 
core was generated
2024-05-17T15:42:55.705049839Z 35(41) CRITICAL:  [core/pass_fd.c:281]: 
receive_fd(): EOF on 17
2024-05-17T15:42:55.705074209Z 35(41) CRITICAL:  [core/pass_fd.c:281]: 
receive_fd(): EOF on 21
2024-05-17T15:42:55.705081209Z 35(41) CRITICAL:  [core/pass_fd.c:281]: 
receive_fd(): EOF on 22
2024-05-17T15:42:55.705085879Z 35(41) CRITICAL:  [core/pass_fd.c:281]: 
receive_fd(): EOF on 20
2024-05-17T15:42:55.705090319Z 35(41) CRITICAL:  [core/pass_fd.c:281]: 
receive_fd(): EOF on 18
2024-05-17T15:42:55.705094649Z 35(41) CRITICAL:  [core/pass_fd.c:281]: 
receive_fd(): EOF on 19
2024-05-17T15:42:55.705098879Z 35(41) CRITICAL:  [core/pass_fd.c:281]: 
receive_fd(): EOF on 16
2024-05-17T15:42:55.705207399Z 35(41) CRITICAL:  [core/pass_fd.c:281]: 
receive_fd(): EOF on 15
2024-05-17T15:42:55.705459439Z 35(41) CRITICAL:  [core/pass_fd.c:281]: 
receive_fd(): EOF on 27

Without tcp_reuse_ports=yes, the segfault was always preceded by the following 
line if any existing TLS connections were stuck in TIME_WAIT:

2024-05-16T19:18:51.654447639Z  9(14) WARNING: {1 1 INVITE XXX@0.0.0.0}  
[core/tcp_main.c:1301]: find_listening_sock_info(): binding to source address 
10.X.X>X:5061 failed: Address already in use [98]
2024-05-16T19:18:51.746994728Z  0(1) ALERT:  [main.c:791]: handle_sigs(): 
child process 14 exited by a signal 11

When the server wasn't handling any traffic, the issue didn't occur even in 
5.7.4.

Does anyone have any insights or suggestions on how to address this issue?

Kind regards
Stefan
__
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:

[SR-Users] Assistance Needed to Resolve Duplicate Contact Headers in 200 OK Response

[satyaprakash ch via sr-users]

Hi

We are receiving 2 to 3 contact headers in the 200 OK response of the
registration request. It appears that the `user_location` is updating
multiple contact headers for the same extension due to network
disconnections. Please suggest a solution to avoid duplicates in the
`user_location` module, or how to ensure that only the latest single
contact header is included in the 200 OK response.

Your suggestion would be appreciated.

Thanks and regards,
Satyaprakash.
__
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:

[SR-Users] making HTTP Async request in stateless configuration

[Sergio Charrua via sr-users]

Hi all!

Just wondering what would be you opinion on the following.

We are integrating Kamailio as a stateless redirect server, using SIP 300
Multiple Choices response. The script requires that prior to the
redirection, a HTTP request must be made.

We thought about using HTTP Async Client to make the requests (POST of JSON
content), which is our prefered way of sending HTTP requests,  and
depending on the response from the REST API, reply back to UAC a SIP 300
Multiple Choices message and terminate the call flow on Kamailio.

>From what I know, HTTP Async Client requires that the TM module be used,
which (it is my understanding) will imply that the whole Kamailio script to
be stateful, which I think is useless as the SIP flow will be really simple:

INVITE ->
<--- 100 Trying
<--- 300 Multiple Choices
ACK -->

There is a catch, though, the CPS is very high, above 1000 CPS

Could anyone share their thoughts on this?
Should we go stateful and use the HTTP Async module?
Should we go stateless and use the HTTP client module?
What would be the best approach to implementing this?

Thanks guys!

*Sérgio Charrua*
__
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:

[SR-Users] Re: Failover with dialog dmq while dialog state 2

[Björn Klasen via sr-users]

Hello Henning,

unfortunately I'm not experienced in C-Programming. But an enhancement to DMQ 
would be cool anyway as I really like the concept behind this although I've 
testet it only in our Lab, so have no clue how good it works (DMQ for usrloc, 
htable and dialog) together in a high load enviroment with approx 1 
parallel Calls and 100 CPS on a signalling only system with some SQL.

BR
Björn

Am 15.05.24 um 17:54 schrieb Henning Westerholt:
Hello Björn,

Thanks for the update. This sounds indeed a like a somewhat ugly hack. 
It should be probably fixed in the code instead of manually creating KDMQ 
messages to update the dialog module state in the cfg.

Cheers,

Henning

From: Björn Klasen via sr-users 

Sent: Freitag, 10. Mai 2024 13:27
To: sr-users@lists.kamailio.org
Cc: Björn Klasen 
Subject: [SR-Users] Re: Failover with dialog dmq while dialog state 2

Hi Henning,

thank you for your reply. I did a lot testings during the past days and I think 
I found a solution that is working, although it's very dirty...

I found out it is possible to send a manual KDMQ-Message to all Proxy-Nodes 
including the one that it sending die KDMQ-Message. So I create a dialog state 
4 message on ACK and indeed the Dialog on all Peers are Updated correctly to 
state 4. I also tried this for state 3 on 200 OK, but this does not work. I 
haven't had a look into the code yet but my experiments shows, that there is 
never is state 3 update via DMQ, so I think it's not implemented.

Interestingly the TM-Timer still times out after 300 seconds but in normal 
circumstances this doesn't bother, because either the failed Kamailio will not 
trigger this, because the Software or the Server crashed, or it tries to send a 
CANCEL that is denied because we are in dialog state 4.

The only thing is your really have to be careful about your hash tables. You 
have to delete them at the correct point.

I really need to test a lot at this point, but till now, billing seems to be OK 
even on failover scenarios.

This is why I really like Kamailio :)

BR, Björn
Am 09.05.24 um 20:57 schrieb Henning Westerholt:

Hello,



thanks for the detailed e-mail. As also indicated in the module documentation, 
the dialog module DMQ replication will not replicate everything, its main 
use-case is for profile data sharing. 
https://kamailio.org/docs/modules/5.8.x/modules/dialog.html#dialog.p.enable_dmq



In the past months there have been some other discussions on the users lists 
about similar scenarios (I think related to billing/accounting) and dialog with 
DMQ, which might be interesting for you in this regard.



If you find issues where the DMQ synchronisation is lacking some functionality 
in the dialog module, you can create a feature request in our issue tracker. 
There is of course no guarantee that this limitation is also timely addressed.



Regarding the INVITE and CANCEL scenario, this is usually not related to dialog 
but to the tm module. As you also mentioned, there is no replication of 
transaction state in tm.



Cheers,



Henning


--
Björn Klasen, Senior Specialist (VoIP)
TNG Stadtnetz GmbH, TNG-Technik
Gerhard-Fröhler-Straße 12
24106 Kiel・Deutschland

T +49 431 7097-10
F +49 431 7097-555
bkla...@tng.de
https://www.tng.de

Executive board (Geschäftsführer):
Dr. Sven Willert (CEO/Vorsitz),
Gunnar Peter, Sven Schade,
Carsten Tolkmit, Bernd Sontheimer

Amtsgericht Kiel HRB 6002 KI
USt-ID: DE225201428
Die Information über die Verarbeitung Ihrer Daten
gemäß Artikel 12 DSGVO können Sie unter https://www.tng.de/datenschutz/ abrufen.
__

--
Björn Klasen, Teamleitung NGN VoIP-Backbone
TNG Stadtnetz GmbH, TNG-Technik
Gerhard-Fröhler-Straße 12
24106 Kiel・Deutschland

T +49 431 7097-10
F +49 431 7097-555
bkla...@tng.de
https://www.tng.de

Executive board (Geschäftsführer):
Dr. Sven Willert (CEO/Vorsitz),
Gunnar Peter, Sven Schade,
Carsten Tolkmit, Bernd Sontheimer

Amtsgericht Kiel HRB 6002 KI
USt-ID: DE225201428
Die Information über die Verarbeitung Ihrer Daten
gemäß Artikel 12 DSGVO können Sie unter https://www.tng.de/datenschutz/ abrufen.
__
__
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:

[SR-Users] Re: $dlg_var() not implemented in ims_dialog module

[Daniel-Constantin Mierla via sr-users]

Hello,

On 17.05.24 08:39, Valentin Christoph via sr-users wrote:
>
> Dear all,
>
>  
>
> I would probably need to store some dialog scoped information in an
> IMS environment, but the ims_dialog module does not implement the
> $dlg_var() pseudo variable.
>
>  
>
> Do you know other, maybe better, possibilities to store dialog scoped
> information in an IMS (CSCF) environment?
>
I leverage a lot htable, even when dialog is used. The call-id ($ci) is
the same for all messages within the dialog and it can be used as a prefix:

$sht(dlg=>$ci::xyz)

Cheers,
Daniel

-- 
Daniel-Constantin Mierla (@ asipto.com)
twitter.com/miconda -- linkedin.com/in/miconda
Kamailio Consultancy, Training and Development Services -- asipto.com
__
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:

[SR-Users] $dlg_var() not implemented in ims_dialog module

[Valentin Christoph via sr-users]

Dear all,

I would probably need to store some dialog scoped information in an IMS 
environment, but the ims_dialog module does not implement the $dlg_var() pseudo 
variable.

Do you know other, maybe better, possibilities to store dialog scoped 
information in an IMS (CSCF) environment?

Thank,
Christoph
__
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe: