Bugs item #1755943, was opened at 2007-07-18 01:18
Message generated for change (Comment added) made by nobody
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1755943&group_id=139143
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: ver 1.2.x
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Nobody/Anonymous (nobody)
Summary: openser 1.2.1 with TLS crashing
Initial Comment:
my openser 1.2.1 from the debian package (recompiled with TLS support)
crashes from time to time. i have not yet been able to reproduce it
systematically.
see log.txt for the last log entries (nothing special before, some
regular debug messages about successful registration requests).
openser.cfg is my config.
if you have any suggestions to help me work around this (disable tcp /
TLS for production for now?) and or pinpoint it so it can get fixed,
please let me know.
thanks,
fabian linzberger
<e AT lefant DOT net>
----------------------------------------------------------------------
Comment By: Nobody/Anonymous (nobody)
Date: 2007-07-18 01:24
Message:
Logged In: NO
still getting used to the sf bug tracker, find my openser.cfg below...
(ips XXXXXXed out)
### general daemon specific stuff
########################################
debug=3
log_facility=LOG_LOCAL0
children=4
alias=mm-karton.com
# tls config
disable_tls = 0
listen = tls:voice-vie-registrar01.vie.mm-karton.com:5061
tls_verify_server = 1
tls_verify_client = 0
tls_require_client_certificate = 0
tls_method = TLSv1
tls_certificate =
"/etc/openser/voice-vie-registrar01.vie.mm-karton.com_crt.pem"
tls_private_key =
"/etc/openser/voice-vie-registrar01.vie.mm-karton.com_key.pem"
tls_ca_list = "/etc/ssl/certs/mmagca_crt.pem"
### module config
########################################
mpath="/usr/lib/openser/modules/"
loadmodule "postgres.so"
loadmodule "sl.so"
loadmodule "tm.so"
loadmodule "maxfwd.so"
loadmodule "textops.so"
loadmodule "tlsops.so"
loadmodule "xlog.so"
loadmodule "mi_fifo.so"
modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")
loadmodule "rr.so"
modparam("rr", "enable_full_lr", 1)
loadmodule "usrloc.so"
modparam("usrloc", "db_url", "postgres://openser:@localhost/openserloc")
modparam("usrloc", "timer_interval", 120)
modparam("usrloc", "db_mode", 3)
loadmodule "registrar.so"
modparam("registrar", "path_mode", 0)
modparam("registrar", "use_path", 1)
modparam("registrar", "append_branches", 1)
loadmodule "auth.so"
modparam("auth", "realm_prefix", "sip.")
loadmodule "auth_db.so"
modparam("auth_db", "db_url", "postgres://openserro:@localhost/openser")
modparam("auth_db", "use_domain", 1)
# currently passwords stored in plain text in database...
modparam("auth_db", "calculate_ha1", yes)
modparam("auth_db", "password_column", "password")
loadmodule "alias_db.so"
modparam("alias_db", "db_url", "postgres://openserro:@localhost/openser")
modparam("alias_db", "use_domain", 1)
#modparam("alias_db", "domain_prefix", "sip.")
loadmodule "lcr.so"
modparam("lcr", "db_url", "postgres://openserro:@localhost/openser")
modparam("lcr", "gw_uri_avp", "1400")
modparam("lcr", "ruri_user_avp", "1402")
modparam("lcr", "contact_avp", "1401")
modparam("lcr", "fr_inv_timer_avp", "s:fr_inv_timer_avp")
modparam("lcr", "fr_inv_timer", 90)
modparam("lcr", "fr_inv_timer_next", 30)
modparam("lcr", "rpid_avp", "s:rpid")
#loadmodule "textops.so"
### routing logic
########################################
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
exit;
};
# if (msg:len >= 4096 ) {
# sl_send_reply("513", "Message too big");
# exit;
#};
if (is_method("REGISTER") || is_method("SUBSCRIBE")) {
} else {
xlog("L_INFO", "BEFORE routing: [$rm] for [$ru] from [$fu] to
[$tu]");
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
if (!method=="REGISTER")
record_route();
# subsequent messages withing a dialog should take the
# path determined by record-routing
if (loose_route()) {
# mark routing logic in request
append_hf("P-hint: rr-enforced\r\n");
route(1);
};
# FIXME relaying to peer master
# FIXME no ip addresses allowed!
#if (is_peer_verified()) {
if (((src_ip=="XXXXXXXXXXX") || (src_ip=="XXXXXXXXXXXX")) ||
(src_ip=="XXXXXXXXXXX")) {
if (is_method("REGISTER")) {
route(2);
# } else if (is_method("SUBSCRIBE")) {
# route(1);
} else if ((is_method("INVITE")) || (is_method("SUBSCRIBE"))) {
xlog("L_INFO", "from leaf INVITE [$ru] from [$fu] to [$tu]:
looking up location");
if (lookup("location")) {
route(3);
} else if(uri =~ "^sip:[0-9]+@") {
# only route numeric users to PSTN
if(!load_gws())
{
xlog("L_ERR", "Error loading PSTN
gateways - M=$rm RURI=$ru F=$fu
T=$tu IP=$si ID=$ci\n");
sl_send_reply("503", "PSTN Termination
Currently Unavailable");
exit;
}
if(!next_gw())
{
xlog("L_ERR", "No PSTN gateways available -
M=$rm RURI=$ru F=$fu
T=$tu IP=$si ID=$ci\n");
sl_send_reply("503", "PSTN Termination
Currently Unavailable");
exit;
}
t_on_failure("1");
route(1);
} else {
route(1);
};
} else {
route(1);
};
} else {
xlog("L_INFO", "UNAUTHORIZED COMMUNICATION DETECTED!!! [$rm] for
[$ru] dest [$du] from [$fu] to [$tu] cseq [$cs] network src [$si] [$sp]
proto [$oP]");
}
exit;
}
route[1] {
# send it out now; use stateful forwarding as it works reliably
# even for UDP2TCP
if (!t_relay()) {
sl_reply_error();
};
exit;
}
route[2] {
#if (!www_authorize("mm-karton.com", "subscriber")) {
# www_challenge("mm-karton.com", "0");
# exit;
#};
xlog("L_INFO", "from leaf REGISTER [$ru] from [$fu] to [$tu] saving");
save("location");
# FIXME: send to second local master server (doesn't exist yet)
#if (!src_ip=="10.1.128.167") {
#
t_replicate("sip:voice-vie-ast03.vie.mm-karton.com:5061;transport=tls");
# t_release();
#};
exit;
}
# relay invite to branch office
route[3] {
t_on_failure("3");
route(1);
}
failure_route[3] {
# fallback routing
xlog("L_INFO", "from snoms INVITE [$ru] from [$fu] to [$tu]: relay to
master failed, fallback!");
# fallback alias lookup
alias_db_lookup("fbaliases");
xlog("L_INFO", "from snoms INVITE [$ru] from [$fu] to [$tu]: relay to
master fallback, after alias lookup");
route(1);
}
# Request route 'base-filter-failover'
route[4]
{
if(!t_check_status("408|500|503"))
{
xlog("L_INFO", "No failover routing needed for this response
code -
M=$rm RURI=$ru F=$fu T=$tu IP=$si ID=$ci\n");
exit;
}
}
failure_route[1]
{
xlog("L_INFO", "Failure route for PSTN entered - M=$rm RURI=$ru F=$fu
T=$tu IP=$si ID=$ci\n");
route(18);
if(!next_gw())
{
xlog("L_ERR", "Failed to select next PSTN gateway - M=$rm
RURI=$ru F=$fu
T=$tu IP=$si ID=$ci\n");
exit;
}
t_on_failure("1");
route(1);
}
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1755943&group_id=139143
_______________________________________________
Devel mailing list
Devel@openser.org
http://openser.org/cgi-bin/mailman/listinfo/devel
