[OpenSIPS-Devel] [ opensips-Bugs-3552688 ] opensips crash with TLS
SourceForge.net
noreply at sourceforge.net
Tue Oct 30 12:38:09 CET 2012
Bugs item #3552688, was opened at 2012-07-31 09:28
Message generated for change (Comment added) made by bogdan_iancu
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3552688&group_id=232389
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: core
Group: 1.7.x
>Status: Closed
>Resolution: Fixed
Priority: 5
Private: No
Submitted By: Dragos Oancea (dragosoancea)
Assigned to: Bogdan-Andrei Iancu (bogdan_iancu)
Summary: opensips crash with TLS
Initial Comment:
Hi all,
opensips 1.7.2 crashes when using TLS with create_dialog("Pp") in the routing script - that would send OPTIONS (nat ping) both to caller and callee during a dialog .
The TLS-related relevant lines in the routing script are:
tls_verify_server = 1
tls_verify_client = 0
tls_require_client_certificate = 0
tls_method = TLSv1
tls_certificate = "/etc/pki/CA/certs/x.crt"
tls_private_key = "/etc/pki/CA/private/x.key"
tls_ca_list = "/etc/pki/CA/certs/ca.crt"
listen = tls:X.X.X.X:5061
listen = tcp:X.X.X.X:5060
syslog:
http://pastebin.com/Kkdns7Cr
backtrace:
http://pastebin.com/7P4ADL9y
Apparently it crashes just after trying to send an OPTIONS or BYE to a device that is not there anymore (it's not on the socket opensips expects it to be - opensips
usually generates a "477 SendFailed" reply in situations like this) .
and interesting enough, if I add an udp port to listen to with "listen=udp:X.X.X.X:5060" does not crash anymore.
Regards,
Dragos
----------------------------------------------------------------------
>Comment By: Bogdan-Andrei Iancu (bogdan_iancu)
Date: 2012-10-30 04:38
Message:
OK, let's consider this fixed for the moment, if it does not crash anymore
- if the problem pops up again, just open a new ticket.
Regards,
Bogdan
----------------------------------------------------------------------
Comment By: Dragos Oancea (dragosoancea)
Date: 2012-10-30 04:24
Message:
Hi Bogdan,
I am running 1.8.1 with the tls_init.c patch and the dlg_unref.patch (
bug-id 3570495 ) .
I had no crash anymore.
However, I cannot be 100% sure that the bug is not there anymore because I
had to make some changes in the routing script.
When it was crashing (and not patched) I had :
modparam("dialog", "ping_interval", 20)
modparam("tm", "fr_timer", 15)
Few days after I patched it had to change these values to (because opensips
was dropping calls - the reply to OPTIONS from the clients was not coming
due to network issues ):
modparam("dialog", "ping_interval", 40)
modparam("tm", "fr_timer", 30)
So I ran about 3 days with the old config and the patched version and then
I changed these params , and it is running like this since then (about a
month I think) .
#opensips -V
version: opensips 1.8.1-tls (x86_64/linux)
flags: STATS: Off, USE_IPV6, USE_TCP, USE_TLS, DISABLE_NAGLE, USE_MCAST,
SHM_MEM, SHM_MMAP, PKG_MALLOC, F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
MAX_URI_SIZE 1024, BUF_SIZE 65535
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
svnrevision: unknown
@(#) $Id: main.c 8772 2012-03-08 11:16:13Z bogdan_iancu $
main.c compiled on 11:49:51 Oct 15 2012 with gcc 4.4.6
Regards,
Dragos
----------------------------------------------------------------------
Comment By: Bogdan-Andrei Iancu (bogdan_iancu)
Date: 2012-10-30 01:54
Message:
Hi Dragos,
Is this still happening with the latest code from 1.8 SVN branch ?
Regards,
Bogdan
----------------------------------------------------------------------
Comment By: Dragos Oancea (dragosoancea)
Date: 2012-08-29 06:25
Message:
Hi
It happened again. This time I had only two phones registered via TLS and I
was just making a call between them.
gdb:
http://pastebin.com/1miGb7ct
log (stderr):
http://pastebin.com/bvDjLzPh
can someone confirm it is related to 3522861 ?
Cheers,
Dragos
----------------------------------------------------------------------
Comment By: Dragos Oancea (dragosoancea)
Date: 2012-08-16 04:00
Message:
Hi
I think there is only one problem.
so because the OPTIONS is sent to the wrong interface , no reply will come
back , and opensips will generate and send a BYE bothways. but in my case
everything is running fine..with OPTIONS being sent to the right places at
first , then something happends (memory corruption) , and maybe the
function that does the pinging is first to access some unallocated memory.
The crash could also happen when the callee or the caller sends BYE.
Some extra informations:
There are mobile devices under NAT running on TCP or TLS involved in this
whole scenario. So when the mobile device is not there anymore (it ran out
of battery durring a call for example) , the crash is most likely to
happen.
Also , I noticed that there is no problem if I only listen to tls (not
listening on tcp, not listening on udp).
But I need tcp , so I cannot disable it.
another gdb backtrace :
http://pastebin.com/aXgABJtE
I hope to replicate this in a controlled environment with memlog/memdump
soon and let you.
----------------------------------------------------------------------
Comment By: Bogdan-Andrei Iancu (bogdan_iancu)
Date: 2012-08-15 06:16
Message:
Probably related to 3522861
----------------------------------------------------------------------
Comment By: Bogdan-Andrei Iancu (bogdan_iancu)
Date: 2012-08-08 08:55
Message:
Hi,
I see here 2 issues - one is the crash itself (which seems to be a memory
corruption) ; second one is related to pinging, which seems not to choose
the right interface (selects a UDP one instead TLS).
I suggest first trying to identify the mem issue, and for this you need to
recompile with memory debugging support
(http://www.opensips.org/Resources/DocsTsMem , set memlog=6, memdump=1) .
most probably the interface issues triggers some bogus mem ops..
Regards,
Bogdan
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3552688&group_id=232389
More information about the Devel
mailing list