<div>Dear Klaus</div>
<div>In tls_init.c file there is a function</div>
<div> </div>
<div>static void ser_free(void *ptr)<br>{<br> shm_free(ptr);<br>}</div>
<div> </div>
<div> </div>
<div>I modified it to</div>
<div> </div>
<div>static void ser_free(void *ptr)<br>{<br> if(ptr)<br> shm_free(ptr);<br>}</div>
<div> </div>
<div> </div>
<div>Just added a null check.</div>
<div> </div>
<div>During tls connection close it was close it was crashing.</div>
<div>Incase you need to complete stack trace, please let me know, will revert back code chage, reproduce the issue and can get the backtrace.</div>
<div> </div>
<div>Best Regards</div>
<div>kamal</div>
<div> </div>
<div> </div>
<div><br><br> </div>
<div class="gmail_quote">On Mon, Oct 29, 2012 at 3:26 PM, Klaus Darilion <span dir="ltr"><<a href="mailto:klaus.mailinglists@pernau.at" target="_blank">klaus.mailinglists@pernau.at</a>></span> wrote:<br>
<blockquote style="BORDER-LEFT:#ccc 1px solid;MARGIN:0px 0px 0px 0.8ex;PADDING-LEFT:1ex" class="gmail_quote">Hi Kamal!<br><br>If the fix in standard Kamailio code or in code you have written yourself (a proprietary module)?<br>
<br>If the problem is in the standard code please send us a diff so we can fix Kamailio.<br><br>regards<br>Klaus
<div class="im"><br><br>On 29.10.2012 10:53, Kamal Palei wrote:<br></div>
<blockquote style="BORDER-LEFT:#ccc 1px solid;MARGIN:0px 0px 0px 0.8ex;PADDING-LEFT:1ex" class="gmail_quote">
<div class="im">Dear Klaus<br>Forgot to write you back otherday. I was able to trace the code that was<br>crashing. It was trying to free a pointer that was null. I just added a<br>null check. With this change, I am able to keep Kamailio up for longer<br>
duration, did not see the crash.<br>Thanks Klaus for your support.<br>kamal<br><br><br>On Mon, Oct 29, 2012 at 3:14 PM, Klaus Darilion<br></div>
<div class="im"><<a href="mailto:klaus.mailinglists@pernau.at" target="_blank">klaus.mailinglists@pernau.at</a> <mailto:<a href="mailto:klaus.mailinglists@pernau.at" target="_blank">klaus.mailinglists@<u></u>pernau.at</a>>> wrote:<br>
<br> See also:<br></div> <a href="http://www.kamailio.org/__dokuwiki/doku.php/__troubleshooting:corefiles" target="_blank">http://www.kamailio.org/__<u></u>dokuwiki/doku.php/__<u></u>troubleshooting:corefiles</a>
<div>
<div class="h5"><br> <<a href="http://www.kamailio.org/dokuwiki/doku.php/troubleshooting:corefiles" target="_blank">http://www.kamailio.org/<u></u>dokuwiki/doku.php/<u></u>troubleshooting:corefiles</a>><br><br><br>
<br> On 26.10.2012 11:39, Kamal Palei wrote:<br><br> Dear Klaus<br><br> I am little bit new to linux debugging. Please let me know below<br> stuff.<br><br> 1. Whats the extension of core file.<br>
<br> The core file does not have an extension, it is usally just called<br> "core.XXXX" with XXX is the process id of the crashed Kamailio<br> process. It will reside in the current working directory.<br>
<br><br> 2. Will the core files be generated in /home/user path or some other<br> default path<br><br><br> In the /etc/init.d/kamailio startup file you can configure the core<br> pattern to be set before Kamailio is started. Then the core files<br>
will use the defined naming.<br><br> On Debian also activate core dumps by editing /etc/default/kamailio<br><br><br> 3. Do I need to recompile Kamailio source with -g option , or by<br> default<br> it is compiled with -g option<br>
<br><br> From your log file:<br><br> 0(9548) ALERT: <core> [main.c:745]: core was generated<br><br> You see, your binaries already generate core files. Thus, there is<br> no need to rebuild Kamailio.<br>
<br><br> 4. I hope we need to run "ulimit" before we start the program or<br> it is<br> not required.<br><br><br> Usually you run "ulimit -c unlimited" before starting the Kamailio<br>
process to be sure that the core will not be truncated.<br><br><br> My observation is if I run directly kamailio it is crashing, if<br> I run<br> with gdb it is not crashing, not sure why this happens.<br>
<br><br> Strange. But once you have a core file, you can analyze it and<br> generate the backtrace.<br><br> Also make sure to not mix openssl libraries - this is often a a problem.<br><br> regards<br> Klaus<br>
<br><br> Best Regards<br> kamal<br><br><br><br> On Thu, Oct 25, 2012 at 8:01 PM, Klaus Darilion<br> <<a href="mailto:klaus.mailinglists@pernau.at" target="_blank">klaus.mailinglists@pernau.at</a><br>
<mailto:<a href="mailto:klaus.mailinglists@pernau.at" target="_blank">klaus.mailinglists@<u></u>pernau.at</a>><br></div></div>
<div class="im"> <mailto:<a href="mailto:klaus.mailinglists@" target="_blank">klaus.mailinglists@</a>__<a href="http://pernau.at/" target="_blank">p<u></u>ernau.at</a><br> <mailto:<a href="mailto:klaus.mailinglists@pernau.at" target="_blank">klaus.mailinglists@<u></u>pernau.at</a>>>> wrote:<br>
<br></div>
<div class="im"> SIGABRT 6 Core Abort signal from abort(3)<br><br> This means that there was an error condition detected in the<br> Kamailio code and the abort(3) function was called. As you<br>
see in<br> the logs a core file was generated. Find the core file and<br> load it<br> into gdb and execute "backtrace". It will show you were the<br> problem<br> happened and post it here.<br>
<br> regards<br> Klaus<br><br><br> On 25.10.2012 16:23, Kamal Palei wrote:<br><br> Dear Klaus<br> The certificate verification I have disabled.<br><br> Facing a new problem.<br>
When there is a connection reset, that time Kamailio is<br> crashing.<br> During crash, I get below logs. Any idea why it is<br> crashing and<br> how can<br> I avoid it.<br>
<br></div> /oot@B2BUA:/usr/local/src/____<u></u>scripts# 9(9557) : <core>
<div>
<div class="h5"><br><br><br> [mem/q_malloc.c:431]: BUG: qm_free: bad pointer (nil)<br> (out of memory<br> block!) - aborting<br> 0(9548) ALERT: <core> [main.c:742]: child process<br>
9557 exited<br> by a<br> signal 6<br> 0(9548) ALERT: <core> [main.c:745]: core was generated<br> 0(9548) INFO: <core> [main.c:757]: INFO: terminating<br>
due to<br> SIGCHLD<br> 6(9554) INFO: <core> [main.c:808]: INFO: signal 15<br> received<br> 8(9556) INFO: <core> [main.c:808]: INFO: signal 15<br>
received<br> 4(9552) INFO: <core> [main.c:808]: INFO: signal 15<br> received<br> 5(9553) INFO: <core> [main.c:808]: INFO: signal 15<br> received<br> 3(9551) INFO: <core> [main.c:808]: INFO: signal 15<br>
received<br> 7(9555) INFO: <core> [main.c:808]: INFO: signal 15<br> received<br> 1(9549) INFO: <core> [main.c:808]: INFO: signal 15<br> received<br> 2(9550) INFO: <core> [main.c:808]: INFO: signal 15<br>
received<br> 0(9548) : <core> [mem/q_malloc.c:431]: BUG: qm_free: bad<br> pointer (nil)<br> (out of memory block!) - aborting<br><br><br> THANKS<br>
kamal<br> /<br> On Thu, Oct 25, 2012 at 7:43 PM, Klaus Darilion<br> <<a href="mailto:klaus.mailinglists@pernau.at" target="_blank">klaus.mailinglists@pernau.at</a><br>
<mailto:<a href="mailto:klaus.mailinglists@pernau.at" target="_blank">klaus.mailinglists@<u></u>pernau.at</a>><br> <mailto:<a href="mailto:klaus.mailinglists@" target="_blank">klaus.mailinglists@</a>__<a href="http://pernau.at/" target="_blank">p<u></u>ernau.at</a><br>
<mailto:<a href="mailto:klaus.mailinglists@pernau.at" target="_blank">klaus.mailinglists@<u></u>pernau.at</a>>><br></div></div> <mailto:<a href="mailto:klaus.mailinglists@" target="_blank">klaus.mailinglists@</a><br>
<mailto:<a href="mailto:klaus.mailinglists@" target="_blank">klaus.mailinglists@</a>>__<a href="http://p__ernau.at/" target="_blank"><u></u>p__ernau.at</a> <<a href="http://pernau.at/" target="_blank">http://pernau.at/</a>>
<div class="im"><br><br> <mailto:<a href="mailto:klaus.mailinglists@" target="_blank">klaus.mailinglists@</a>__<a href="http://pernau.at/" target="_blank">p<u></u>ernau.at</a><br> <mailto:<a href="mailto:klaus.mailinglists@pernau.at" target="_blank">klaus.mailinglists@<u></u>pernau.at</a>>>>> wrote:<br>
<br> Hi Kamal!<br><br> Are you familiar with SSL/TLS and certificates?<br> With TLS<br> the trust<br> between TLS server and TLS client is usually via a<br>
trusted<br> certification authority (CA). For example, if the<br> intermediate proxy<br> uses a certificate which is issued by CA<br> FOOBAR-XYZ, the<br>
you have to<br> configure Kamailio to accept certificates singed by<br> FOOBAR-XYZ. This<br> is done by copying the public root certificate of<br>
FOOBAR-XYZ to the<br> Kamailio server and configure Kamailio to use the<br> FOOBAR-XYZ<br> certificate as trusted CA. Of course then you<br> automatically<br>
also<br> trust all others certificates issued by FOOBAR-XYZ.<br><br> To configure the trusted CAs use:<br></div> <a href="http://kamailio.org/docs/______modules/3.3.x/modules/tls.______html#ca_list" target="_blank">http://kamailio.org/docs/_____<u></u>_modules/3.3.x/modules/tls.___<u></u>___html#ca_list</a><br>
<<a href="http://kamailio.org/docs/____modules/3.3.x/modules/tls.____html#ca_list" target="_blank">http://kamailio.org/docs/____<u></u>modules/3.3.x/modules/tls.____<u></u>html#ca_list</a>>
<div class="im"><br><br> <<a href="http://kamailio.org/docs/____modules/3.3.x/modules/tls.____html#ca_list" target="_blank">http://kamailio.org/docs/____<u></u>modules/3.3.x/modules/tls.____<u></u>html#ca_list</a><br>
<<a href="http://kamailio.org/docs/__modules/3.3.x/modules/tls.__html#ca_list" target="_blank">http://kamailio.org/docs/__<u></u>modules/3.3.x/modules/tls.__<u></u>html#ca_list</a>>><br><br><br><br><br><br>
<<a href="http://kamailio.org/docs/____modules/3.3.x/modules/tls.____html#ca_list" target="_blank">http://kamailio.org/docs/____<u></u>modules/3.3.x/modules/tls.____<u></u>html#ca_list</a><br> <<a href="http://kamailio.org/docs/__modules/3.3.x/modules/tls.__html#ca_list" target="_blank">http://kamailio.org/docs/__<u></u>modules/3.3.x/modules/tls.__<u></u>html#ca_list</a>><br>
<br> <<a href="http://kamailio.org/docs/__modules/3.3.x/modules/tls.__html#ca_list" target="_blank">http://kamailio.org/docs/__<u></u>modules/3.3.x/modules/tls.__<u></u>html#ca_list</a><br> <<a href="http://kamailio.org/docs/modules/3.3.x/modules/tls.html#ca_list" target="_blank">http://kamailio.org/docs/<u></u>modules/3.3.x/modules/tls.<u></u>html#ca_list</a>>>><br>
<br> You could also disable the certificate validation<br> with:<br></div> <a href="http://kamailio.org/docs/______modules/3.3.x/modules/tls.______html#verify_certificate" target="_blank">http://kamailio.org/docs/_____<u></u>_modules/3.3.x/modules/tls.___<u></u>___html#verify_certificate</a><br>
<<a href="http://kamailio.org/docs/____modules/3.3.x/modules/tls.____html#verify_certificate" target="_blank">http://kamailio.org/docs/____<u></u>modules/3.3.x/modules/tls.____<u></u>html#verify_certificate</a>>
<div>
<div class="h5"><br><br> <<a href="http://kamailio.org/docs/____modules/3.3.x/modules/tls.____html#verify_certificate" target="_blank">http://kamailio.org/docs/____<u></u>modules/3.3.x/modules/tls.____<u></u>html#verify_certificate</a><br>
<<a href="http://kamailio.org/docs/__modules/3.3.x/modules/tls.__html#verify_certificate" target="_blank">http://kamailio.org/docs/__<u></u>modules/3.3.x/modules/tls.__<u></u>html#verify_certificate</a>>><br>
<br><br><br><br><br> <<a href="http://kamailio.org/docs/____modules/3.3.x/modules/tls.____html#verify_certificate" target="_blank">http://kamailio.org/docs/____<u></u>modules/3.3.x/modules/tls.____<u></u>html#verify_certificate</a><br>
<<a href="http://kamailio.org/docs/__modules/3.3.x/modules/tls.__html#verify_certificate" target="_blank">http://kamailio.org/docs/__<u></u>modules/3.3.x/modules/tls.__<u></u>html#verify_certificate</a>><br>
<br> <<a href="http://kamailio.org/docs/__modules/3.3.x/modules/tls.__html#verify_certificate" target="_blank">http://kamailio.org/docs/__<u></u>modules/3.3.x/modules/tls.__<u></u>html#verify_certificate</a><br>
<<a href="http://kamailio.org/docs/modules/3.3.x/modules/tls.html#verify_certificate" target="_blank">http://kamailio.org/docs/<u></u>modules/3.3.x/modules/tls.<u></u>html#verify_certificate</a>>>><br>
<br> But of course this reduces TLS benefits to<br> encryption-only.<br><br> regards<br> Klaus<br><br><br> On 22.10.2012 13:53, Kamal Palei wrote:<br>
<br> Dear All<br> I have modified kamailio,cfg and compiled all the<br> modules with TLS<br> enabled, and able to bring up the kamailio<br>
proxy properly.<br><br> Kamailio proxy will receive the REGISTER<br> message from<br> endpoints<br> in UDP ,<br> and want to send this REGISTER message to another<br>
intermediate<br> proxy in<br> TLS. For this purpose, I have added few lines in<br> kamailio.cfg<br> file as below.<br>
<br> I have created the certificates, private keys as<br> explained by README<br> file in kamailio-3.1.5/modules/tls/ path.<br><br> if(is_method("REGISTER"))<br>
{<br> t_relay_to("tls:115.114.48.75<br></div></div> <<a href="http://115.114.48.75/" target="_blank">http://115.114.48.75</a> <<a href="http://115.114.48.75/" target="_blank">http://115.114.48.75/</a>>>:____<u></u>443<br>
<br> <<a href="http://115.114.48.75:443/" target="_blank">http://115.114.48.75:443</a><br> <<a href="http://115.114.48.75:443/" target="_blank">http://115.114.48.75:443/</a>>><br>
<br> <<a href="http://115.114.48.75:443/" target="_blank">http://115.114.48.75:443</a><br> <<a href="http://115.114.48.75:443/" target="_blank">http://115.114.48.75:443/</a>>>")<u></u>;
<div>
<div class="h5"><br><br> exit();<br> }<br><br> Looks like this is taking effect. When Kamailio<br> receives REGISTER<br>
message it is trying to do handshake with<br> intermediate<br> proxy.<br> I used wireshark to see the handshake messages.<br><br> 1. From Kamailio proxy, a TCP SYNC message is<br>
going to<br> intermediate proxy.<br> 2. intermediate proxy sends SYNC + ACK<br> 3. Kamailio sends CLIENT HELLO<br> 4. intermediate proxy sends SERVER HELLO,<br>
CERTIFICATE<br> and SERVER<br> HELLO DONE<br> 5. The Kamailio sends ALERT (Level: Fatal,<br> Description:<br> Unknown CA)<br>
---> IS something going wrong here..............<br> 6. Then Kamailio sends FIN + ACK<br><br> Can somebody please let me know why the<br> certificate<br>
verification<br> fails<br> (I get this log in console).<br> How can I put a work around to avoid certification<br> verification<br>
failure.<br><br> Best Regards<br> kamal<br><br><br><br><br><br></div></div> ______________________________<u></u>_______________________
<div class="im"><br><br><br> SIP Express Router (SER) and Kamailio<br> (OpenSER) - sr-users<br> mailing list<br> <a href="mailto:sr-users@lists.sip-router.org" target="_blank">sr-users@lists.sip-router.org</a> <mailto:<a href="mailto:sr-users@lists.sip-router.org" target="_blank">sr-users@lists.sip-<u></u>router.org</a>><br>
<mailto:<a href="mailto:sr-users@lists.sip-__router.org" target="_blank">sr-users@lists.sip-__<u></u>router.org</a><br> <mailto:<a href="mailto:sr-users@lists.sip-router.org" target="_blank">sr-users@lists.sip-<u></u>router.org</a>>><br>
</div> <mailto:<a href="mailto:sr-users@lists.sip-____router.org" target="_blank">sr-users@lists.sip-___<u></u>_router.org</a><br> <mailto:<a href="mailto:sr-users@lists.sip-__router.org" target="_blank">sr-users@lists.sip-__<u></u>router.org</a>><br>
<mailto:<a href="mailto:sr-users@lists.sip-__router.org" target="_blank">sr-users@lists.sip-__<u></u>router.org</a><br> <mailto:<a href="mailto:sr-users@lists.sip-router.org" target="_blank">sr-users@lists.sip-<u></u>router.org</a>>>><br>
<a href="http://lists.sip-router.org/______cgi-bin/mailman/listinfo/sr-______users" target="_blank">http://lists.sip-router.org/__<u></u>____cgi-bin/mailman/listinfo/<u></u>sr-______users</a><br> <<a href="http://lists.sip-router.org/____cgi-bin/mailman/listinfo/sr-____users" target="_blank">http://lists.sip-router.org/_<u></u>___cgi-bin/mailman/listinfo/<u></u>sr-____users</a>>
<div class="im"><br><br> <<a href="http://lists.sip-router.org/____cgi-bin/mailman/listinfo/sr-____users" target="_blank">http://lists.sip-router.org/_<u></u>___cgi-bin/mailman/listinfo/<u></u>sr-____users</a><br>
<<a href="http://lists.sip-router.org/__cgi-bin/mailman/listinfo/sr-__users" target="_blank">http://lists.sip-router.org/_<u></u>_cgi-bin/mailman/listinfo/sr-_<u></u>_users</a>>><br><br> <<a href="http://lists.sip-router.org/____cgi-bin/mailman/listinfo/sr-____users" target="_blank">http://lists.sip-router.org/_<u></u>___cgi-bin/mailman/listinfo/<u></u>sr-____users</a><br>
<<a href="http://lists.sip-router.org/__cgi-bin/mailman/listinfo/sr-__users" target="_blank">http://lists.sip-router.org/_<u></u>_cgi-bin/mailman/listinfo/sr-_<u></u>_users</a>><br><br> <<a href="http://lists.sip-router.org/__cgi-bin/mailman/listinfo/sr-__users" target="_blank">http://lists.sip-router.org/_<u></u>_cgi-bin/mailman/listinfo/sr-_<u></u>_users</a><br>
<<a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">http://lists.sip-router.org/<u></u>cgi-bin/mailman/listinfo/sr-<u></u>users</a>>>><br><br><br><br><br></div></blockquote>
</blockquote></div><br>