[OpenSIPS-Devel] [ opensips-Bugs-3312934 ] Crash on fix_nated_contact_f

SourceForge.net noreply at sourceforge.net
Sun Jun 12 11:38:50 CEST 2011


Bugs item #3312934, was opened at 2011-06-07 15:42
Message generated for change (Comment added) made by mayamatakeshi
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3312934&group_id=232389

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: 1.6.x
>Status: Closed
Resolution: None
Priority: 5
Private: Yes
Submitted By: takeshi (mayamatakeshi)
Assigned to: Nobody/Anonymous (nobody)
Summary:  Crash on fix_nated_contact_f

Initial Comment:
I am running r. 7781. I got crash two times when opensips is executing fix_nated_contact_f/del_lump on a "180 Ringing". I was not able to recreate this in my lab. I searched the tracker for bugs related to this but since I didn't find anything I believe the problem also exists with trunk, so I think updating to it will not solve this and it would be better to have someone to look at the backtrace.
The output of "bt full" is in the attached file


----------------------------------------------------------------------

>Comment By: takeshi (mayamatakeshi)
Date: 2011-06-12 18:38

Message:
I think I located the problem.
I have this route to handle in-dialog requests:

route[HANDLE_IN_DIALOG_REQUEST] {
	if ( is_method("INVITE") ) {	
		record_route();
	}

	if (loose_route()) {
		t_on_reply("ONREPLY");
		route(RELAY_REQUEST);
	} else {
		if ( is_method("ACK|BYE|CANCEL") ) {
			# we are checking CANCEL here because Planet ATA doesn't send header
Route CANCEL even if record-route is received in provisional responses. So
loose_route will return false.
			if ( t_check_trans() ) {
				t_on_reply("ONREPLY");
				route(RELAY_REQUEST);
			} else {
				# ACK|BYE without matching transaction ... ignore and discard.\n");
				exit;
			}
		} else {
			sl_send_reply("404","Not here");
			exit;
		}
	}
}

As you can see, I am calling t_onreply("ONREPLY") on it. This is being
done (by mistake) even for ACK requests. However, even if wrong this never
caused any problem. But recently I moved the code that sets the the
onreply_route for initial requests to a branch_route (the onreply_route in
this case is a different one). And after that I started to see this issue
of having 2 onreply_routes being called for the same reply.
Then correcting the t_onreply to be called only for INVITEs, i could not
reproduce this anymore. 
So it was a wrong configuration issue. Sorry for the false report and
noise. 
I am closing this ticket.

Thanks and regards,
Takeshi




----------------------------------------------------------------------

Comment By: takeshi (mayamatakeshi)
Date: 2011-06-11 16:08

Message:
I updated to latest r. 8002 (branch 1.6) and I see the issue exists with it
too.
Then I downgraded to r. 7055 and I verified that instead of aborting,
opensips logs an error::
ERROR:nathelper:fix_nated_contact_f: you can't call fix_nated_contact
twice, check your config! 
I can see the code that does the above check in fix_nated_contact_f was
removed in newer revisions so opensips crashes on them.
Now, about the fix_nated_contact being called twice in my cfg, I checked
it and I could not find where i could be doing this.
However, I added some xlogs calls in it and I verified this:before
crashing, opensips executes onreply_route two times for the same reply and
on each of these replies there is a call to fix_nated_contact. This doesn't
happen always (it takes some time to reproduce) but when it happens, it is
always because opensips executed onreply_route two times (and one of the
routes was never armed with t_on_reply).
So maybe something is corrupting opensips data.


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3312934&group_id=232389



More information about the Devel mailing list