Thanks I will attach the logs soon..meanwhile here is the kamailio and openssl version<br><br>OB151:~ # /usr/sbin/kamailio -V<br>version: kamailio 3.1.0 (i386/linux) 21a375<br>flags: STATS: Off, USE_IPV6, USE_TCP, USE_TLS, TLS_HOOKS, USE_RAW_SOCKS, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, DBG_QM_MALLOC, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES<br>
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535, PKG_SIZE 15MB<br>poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.<br>id: 21a375<br>compiled on 09:22:51 Nov 4 2011 with gcc 4.5.0<br>
<br><br>OB151:~ # openssl version -a<br>OpenSSL 1.0.0 29 Mar 2010<br>built on: 2011-05-31 07:52:17.000000000 +0000<br>platform: linux-elf<br>options: bn(64,32) rc4(4x,int) des(ptr,risc1,16,long) blowfish(idx)<br>compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H <br>
-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -fomit-frame-pointer -fmessage-length=0 -O2 -Wall <br>-D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -g -Wa,--noexecstack -fomit-frame-pointer -fno-strict-aliasing <br>
-DTERMIO -Wall -fstack-protector -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 <br>-DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DWHIRLPOOL_ASM<br>OPENSSLDIR: "/etc/ssl"<br>
<br><br><div class="gmail_quote">On Wed, Nov 23, 2011 at 4:44 AM, Daniel-Constantin Mierla <span dir="ltr"><<a href="mailto:miconda@gmail.com">miconda@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div bgcolor="#FFFFFF" text="#000000">
Hello,<br>
<br>
(discussion kept only on sr-dev as it is very likely going to
require mostly devel interaction).<br>
<br>
What is the version of kamailio (-V command line option). Also, send
the verision of openssl library -- there were many bugs in various
lib versions that had to be workarounded in the module, maybe this
is a new one that has to be fixed.<br>
<br>
Do you get any error message in the syslog at the moment of the
crash?<br>
<br>
What would be useful is to get the memory operations log, you can
get it by setting:<br>
<br>
memdbg=1<br>
memlog=1<br>
<br>
in config file.<br>
<br>
Then repeat the test and make the log available for download somehow
(if it is too big), from start to the moment of the crash.<br>
<br>
Cheers,<br>
Daniel<div><div></div><div class="h5"><br>
<br>
On 11/22/11 11:30 PM, Jijo wrote:
</div></div><blockquote type="cite"><div><div></div><div class="h5">Hi All,<br>
<br>
Kamailio is resetting when we do TLS renegotiation dos attack
using the tool available at <a href="http://www.thc.org/thc-ssl-dos/" target="_blank">http://www.thc.org/thc-ssl-dos/</a>.
<br>
<br>
Anybody looked at this issue? How we could resolve it. Any idea?<br>
<br>
The core generated for 3 pid's as below<br>
<br>
Pid 1:<br>
<br>
Core was generated by `/usr/sbin/kamailio -u swrun -g sw -m 120 -f
/etc/kamailio/kamailio.cfg'.<br>
Program terminated with signal 11, Segmentation fault.<br>
#0 atomic_inc_int () at atomic/atomic_x86.h:225<br>
(gdb) bt<br>
#0 atomic_inc_int () at atomic/atomic_x86.h:225<br>
#1 cfg_update_local () at cfg/cfg_struct.h:228<br>
#2 timer_main () at timer.c:994<br>
#3 0x080b0579 in main_loop () at main.c:1632<br>
#4 0x080b1be4 in main (argc=9, argv=0xbfd61e54) at main.c:2446<br>
<br>
<br>
Pid 2:<br>
<br>
Core was generated by `/usr/sbin/kamailio -u swrun -g sw -m 120 -f
/etc/kamailio/kamailio.cfg'.<br>
Program terminated with signal 11, Segmentation fault.<br>
#0 0x0819bfe8 in qm_insert_free (qm=0xaf6c5000, p=0xb05eec30,
file=0xb6fb4140 "tls: tls_init.c", func=0xb6fb4ce0 "ser_free",
line=296)<br>
at mem/q_malloc.c:184<br>
184 if (frag->size <= f->size) break;<br>
(gdb) bt<br>
#0 0x0819bfe8 in qm_insert_free (qm=0xaf6c5000, p=0xb05eec30,
file=0xb6fb4140 "tls: tls_init.c", func=0xb6fb4ce0 "ser_free",
line=296)<br>
at mem/q_malloc.c:184<br>
#1 qm_free (qm=0xaf6c5000, p=0xb05eec30, file=0xb6fb4140 "tls:
tls_init.c", func=0xb6fb4ce0 "ser_free", line=296) at
mem/q_malloc.c:518<br>
#2 0xb6f95404 in ser_free (ptr=0xb05eec30) at tls_init.c:296<br>
#3 0xb732e9ba in CRYPTO_free (str=0xb05eec30) at mem.c:391<br>
#4 0xb7330bee in int_new_ex_data (class_index=5, obj=0xbfd414f4,
ad=0xbfd41574) at ex_data.c:440<br>
#5 0xb7330443 in CRYPTO_new_ex_data (class_index=5,
obj=0xbfd414f4, ad=0xbfd41574) at ex_data.c:575<br>
#6 0xb73dfde3 in X509_STORE_CTX_init (ctx=0xbfd414f4,
store=0xafd8b3d0, x509=0xafe08ff0, chain=0x0) at x509_vfy.c:2114<br>
#7 0xb74b0f31 in ssl3_output_cert_chain (s=0xb0553a10,
x=0xafe08ff0) at s3_both.c:349<br>
#8 0xb74a4728 in ssl3_send_server_certificate (s=0xb0553a10) at
s3_srvr.c:3034<br>
#9 0xb74a5879 in ssl3_accept (s=0xb0553a10) at s3_srvr.c:353<br>
#10 0xb74afa8f in ssl3_read_bytes (s=0xb0553a10, type=23,
buf=0xb0ad44ec "", len=4095, peek=0) at s3_pkt.c:1266<br>
#11 0xb74ac9c9 in ssl3_read_internal (s=0xb0553a10,
buf=0xb0ad44ec, len=4095, peek=0) at s3_lib.c:3265<br>
#12 0xb74c24a9 in SSL_read (s=0xb0553a10, buf=0xb0ad44ec,
num=4095) at ssl_lib.c:954<br>
#13 0xb6fad1c3 in tls_read_f (c=0xb0ad431c, flags=0xbfd619c4) at
tls_server.c:1058<br>
#14 0x08171c0e in tcp_read_headers (c=0xb0ad431c,
read_flags=0xbfd619c4) at tcp_read.c:406<br>
#15 0x08171db8 in tcp_read_req (con=0xb0ad431c,
bytes_read=0xbfd619cc, read_flags=0xbfd619c4) at tcp_read.c:885<br>
#16 0x08172f67 in handle_io (fm=<value optimized out>,
events=1, idx=<value optimized out>) at tcp_read.c:1234<br>
#17 0x0817583b in io_wait_loop_epoll (unix_sock=89) at
io_wait.h:1092<br>
#18 tcp_receive_loop (unix_sock=89) at tcp_read.c:1345<br>
#19 0x0816e2e9 in tcp_init_children () at tcp_main.c:4867<br>
#20 0x080affb1 in main_loop () at main.c:1646<br>
#21 0x080b1be4 in main (argc=9, argv=0xbfd61e54) at main.c:2446<br>
<br>
Pid 3:<br>
<br>
Core was generated by `/usr/sbin/kamailio -u swrun -g sw -m 120 -f
/etc/kamailio/kamailio.cfg'.<br>
Program terminated with signal 11, Segmentation fault.<br>
#0 0xb76c9e7c in memmove () from /lib/libc.so.6<br>
(gdb) bt<br>
#0 0xb76c9e7c in memmove () from /lib/libc.so.6<br>
#1 0x081724e7 in tcp_read_req (con=0xb022c8f0,
bytes_read=0xbfd619cc, read_flags=0xbfd619c4) at tcp_read.c:1026<br>
#2 0x08172f67 in handle_io (fm=<value optimized out>,
events=1, idx=<value optimized out>) at tcp_read.c:1234<br>
#3 0x0817583b in io_wait_loop_epoll (unix_sock=93) at
io_wait.h:1092<br>
#4 tcp_receive_loop (unix_sock=93) at tcp_read.c:1345<br>
#5 0x0816e2e9 in tcp_init_children () at tcp_main.c:4867<br>
#6 0x080affb1 in main_loop () at main.c:1646<br>
#7 0x080b1be4 in main (argc=9, argv=0xbfd61e54) at main.c:2446<br>
<br>
<br>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>_______________________________________________
sr-dev mailing list
<a href="mailto:sr-dev@lists.sip-router.org" target="_blank">sr-dev@lists.sip-router.org</a>
<a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev" target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev</a>
</pre>
</blockquote><font color="#888888">
<br>
<pre cols="72">--
Daniel-Constantin Mierla -- <a href="http://www.asipto.com" target="_blank">http://www.asipto.com</a>
Kamailio Advanced Training, Dec 5-8, Berlin: <a href="http://asipto.com/u/kat" target="_blank">http://asipto.com/u/kat</a>
<a href="http://linkedin.com/in/miconda" target="_blank">http://linkedin.com/in/miconda</a> -- <a href="http://twitter.com/miconda" target="_blank">http://twitter.com/miconda</a></pre>
</font></div>
</blockquote></div><br>