[OpenSIPS-Users] Opensips crashes on forward when destination port is unreachable
Hi All
I need to implement Stateless Proxy to translate transport from TLS to TCP.
I have simple routing script:
route{
if (!mf_process_maxfwd_header(10)) {
sl_send_reply(483,Too Many Hops);
exit;
}
if(dst_ip == 10.0.10.11) {
log(message received on external interface\n);
force_send_socket(tcp:10.0.20.11:5060);
forward(tcp:10.0.20.101:5060);
};
if(dst_ip == 10.0.20.11) {
log(message received on internal interface\n);
force_send_socket(tls:10.0.10.11:5061);
forward(tls:10.0.10.101:5061);
};
}
I'm generating traffic shown on picture below:
-- --
---
| UAC | - | SL Proxy | - | UAS |
--TLS --TCP ---
10.0.10.101 10.0.10.11 10.0.20.11 10.0.20.101
UAC (10.0.10.101) via TLS to external Proxy interface (10.0.10.11)
FORWARD via internal Proxy interface (10.0.20.11) TCP to UAS
(10.0.20.101)
Everything works fine until destination port is unreachable.
When I shutdown UAS (destination port becomes unreachable) Opensips crashes
and produces log:
Apr 28 08:26:47 hmsa /usr/sbin/opensips[2799]:
INFO:core:tls_accept:client did not present a certificate
Apr 28 08:26:47 hmsa /usr/sbin/opensips[2799]:
ERROR:core:tcp_blocking_connect: poll error: flags 18
Apr 28 08:26:47 hmsa /usr/sbin/opensips[2799]:
ERROR:core:tcp_blocking_connect: failed to retrieve SO_ERROR (111)
Connection refused
Apr 28 08:26:47 hmsa /usr/sbin/opensips[2799]:
ERROR:core:tcpconn_connect: tcp_blocking_connect failed
Apr 28 08:26:47 hmsa /usr/sbin/opensips[2799]: ERROR:core:tcp_send:
connect failed
Apr 28 08:26:47 hmsa /usr/sbin/opensips[2799]: ERROR:core:msg_send:
tcp_send failed
Apr 28 08:26:48 hmsa /usr/sbin/opensips[2803]:
CRITICAL:core:receive_fd: EOF on 11
Apr 28 08:26:48 hmsa /usr/sbin/opensips[2794]: INFO:core:handle_sigs:
child process 2799 exited by a signal 11
Apr 28 08:26:48 hmsa /usr/sbin/opensips[2794]: INFO:core:handle_sigs:
core was generated
Apr 28 08:26:48 hmsa /usr/sbin/opensips[2794]: INFO:core:handle_sigs:
terminating due to SIGCHLD
Apr 28 08:26:48 hmsa /usr/sbin/opensips[2803]: INFO:core:sig_usr:
signal 15 received
Apr 28 08:26:48 hmsa /usr/sbin/opensips[2796]: INFO:core:sig_usr:
signal 15 received
Apr 28 08:26:48 hmsa /usr/sbin/opensips[2802]: INFO:core:sig_usr:
signal 15 received
Apr 28 08:26:48 hmsa /usr/sbin/opensips[2801]: INFO:core:sig_usr:
signal 15 received
Apr 28 08:26:48 hmsa /usr/sbin/opensips[2800]: INFO:core:sig_usr:
signal 15 received
Apr 28 08:26:48 hmsa /usr/sbin/opensips[2798]: INFO:core:sig_usr:
signal 15 received
Apr 28 08:26:48 hmsa /usr/sbin/opensips[2797]: INFO:core:sig_usr:
signal 15 received
I'm using Opensips version 1.6.3 maintained in EPEL repository
[root@hmsa ~]# opensips -V
version: opensips 1.6.3-tls (i386/linux)
flags: STATS: Off, USE_IPV6, USE_TCP, USE_TLS, DISABLE_NAGLE,
USE_MCAST, SHM_MEM, SHM_MMAP, PKG_MALLOC, F_MALLOC,
FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
MAX_URI_SIZE 1024, BUF_SIZE 65535
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
svnrevision: unknown
@(#) $Id: main.c 6169 2009-09-22 12:48:37Z bogdan_iancu $
main.c compiled on 22:39:11 Dec 22 2010 with gcc 4.1.2
I compiled the latest 1.6.4 release and have the same problem.
Is it bug ?
Please help
Regards Adam
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] dlg_validate_dialog errors in loose_route
Hello, Trunk has just been enhanced with URI matching according to RFC 3261, so you shouldn't have any more problems with parameter reordering, etc. Please give it a try, if you have the time. Regards, -- Vlad Paiu OpenSIPS Developer On 04/13/2011 06:23 PM, Jeff Pyle wrote: Bogdan, Don't hold back…let's hear how you really feel.:) I understand your position. Unfortunately since there are UAs that do this, and they RFC compliant in their behavior, the validate_dialog() function is less useful in the real world. I've had to remove it from my configs. I'm fighting a similar situation regarding the behavior of the uac_replace_from function. It seems that Acme SBCs replace the value of the From header (old To header) on new requests within a dialog, and this breaks the uac_replace_from function. I've cited the second paragraph of section 12.2.1.1 of RFC 3261. The carrier I'm fighting with now reads this mandatory reflection behavior as part of the old RFC 2543, not 3261. They aren't willing to put any more time into configuring their Acme to maintain the headers. I work with another carrier partner who also uses Acme who was able to make the change. I'm trying to get the details from the second carrier so I can share them with the first. - Jeff From: Bogdan-Andrei Iancu bog...@opensips.org mailto:bog...@opensips.org Reply-To: OpenSIPS users mailling list users@lists.opensips.org mailto:users@lists.opensips.org Date: Wed, 13 Apr 2011 10:54:00 -0400 To: users@lists.opensips.org mailto:users@lists.opensips.org users@lists.opensips.org mailto:users@lists.opensips.org Subject: Re: [OpenSIPS-Users] dlg_validate_dialog errors in loose_route Hi Jeff, Well, life sucks.You see, the UA you use is re-ordering the URI params...This is perfectly allowed from RFC point of view, but is bullshit in real life. So your UA is compliant, but not fairplay :) The only solution to this is to extend the SIP URI matching from simple string comparison, to RFC-wise comp - parsing the URI, checking username, domain, params, etc.I tried to avoid this as much as possible as it BS to me Regards, Bogdan ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] dlg_validate_dialog errors in loose_route
Vlad, Great news! I do not right now, but I should within a month or so. - Jeff From: Vlad Paiu vladp...@opensips.orgmailto:vladp...@opensips.org Reply-To: OpenSIPS users mailling list users@lists.opensips.orgmailto:users@lists.opensips.org Date: Fri, 29 Apr 2011 04:59:45 -0400 To: users@lists.opensips.orgmailto:users@lists.opensips.org users@lists.opensips.orgmailto:users@lists.opensips.org Subject: Re: [OpenSIPS-Users] dlg_validate_dialog errors in loose_route Hello, Trunk has just been enhanced with URI matching according to RFC 3261, so you shouldn't have any more problems with parameter reordering, etc. Please give it a try, if you have the time. Regards, -- Vlad Paiu OpenSIPS Developer On 04/13/2011 06:23 PM, Jeff Pyle wrote: Bogdan, Don't hold back…let's hear how you really feel.:) I understand your position. Unfortunately since there are UAs that do this, and they RFC compliant in their behavior, the validate_dialog() function is less useful in the real world. I've hadto remove it from my configs. I'm fighting a similar situation regarding the behavior of the uac_replace_from function. It seems that Acme SBCs replace the value of the From header (old To header) on new requests within a dialog, and this breaks the uac_replace_from function. I've cited the second paragraph of section 12.2.1.1 of RFC 3261. The carrier I'm fighting with now reads this mandatory reflection behavior as part of the old RFC 2543, not 3261. They aren't willing to put any more time into configuring their Acme to maintain the headers. I work with another carrier partner who also uses Acme who was able to make the change. I'm trying to get the details from the second carrier so I can share them with the first. - Jeff From: Bogdan-Andrei Iancu bog...@opensips.orgmailto:bog...@opensips.org Reply-To: OpenSIPS users mailling list users@lists.opensips.orgmailto:users@lists.opensips.org Date: Wed, 13 Apr 2011 10:54:00 -0400 To: users@lists.opensips.orgmailto:users@lists.opensips.org users@lists.opensips.orgmailto:users@lists.opensips.org Subject: Re: [OpenSIPS-Users] dlg_validate_dialog errors in loose_route Hi Jeff, Well, life sucks.You see, the UA you use is re-ordering the URI params...This is perfectly allowed from RFC point of view, but is bullshit in real life. So your UA is compliant, but not fairplay :) The only solution to this is to extend the SIP URI matching from simple string comparison, to RFC-wise comp - parsing the URI, checking username, domain, params, etc.I tried to avoid this as much as possible as it BS to me Regards, Bogdan ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] memory errors, too many transactions
Hello, Everything is running along just fine for weeks on 1.6.4, and then bam, this shows up in the logs: /usr/sbin/opensips[12290]: WARNING:core:fm_malloc: Not enough free memory, will atempt defragmenation /usr/sbin/opensips[12290]: ERROR:tm:insert_tmcb: no more shared memory /usr/sbin/opensips[12290]: ERROR:uac:replace_uri: failed to install TM callback /usr/sbin/opensips[12284]: WARNING:core:fm_malloc: Not enough free memory, will atempt defragmenation /usr/sbin/opensips[12284]: ERROR:core:new_avp: no more shm mem /usr/sbin/opensips[12284]: ERROR:core:add_avp: Failed to create new avp structure /usr/sbin/opensips[12306]: WARNING:core:fm_malloc: Not enough free memory, will atempt defragmenation /usr/sbin/opensips[12306]: ERROR:tm:new_t: out of mem /usr/sbin/opensips[12302]: WARNING:core:fm_malloc: Not enough free memory, will atempt defragmenation /usr/sbin/opensips[12302]: ERROR:tm:relay_reply: no more share memory /usr/sbin/opensips[12284]: WARNING:core:fm_malloc: Not enough free memory, will atempt defragmenation /usr/sbin/opensips[12294]: WARNING:core:fm_malloc: Not enough free memory, will atempt defragmenation /usr/sbin/opensips[12284]: ERROR:core:new_avp: no more shm mem /usr/sbin/opensips[12284]: ERROR:core:add_avp: Failed to create new avp structure /usr/sbin/opensips[12306]: ERROR:tm:t_newtran: new_t failed /usr/sbin/opensips[12294]: ERROR:tm:relay_reply: no more share memory Hundreds of lines like it. This is just a sample. But, it did not crash. I have shared memory set to 32M. Normally I run less than 8M used. After this event the max_used_size was at 32M, but the real_used_size was around 24M. And it wasn't changing. Strange. My first thought was a DoS attack but a pcap I took right after looked normal. Normally this proxy runs anywhere from 70-150 transactions in progress at any given moment. After this event, it was stuck at right around 1300. Things seemed to be processing; no symptoms on outbound calls. Very strange. I restarted Opensips and everything seems normal. I'm not sure where to begin on this one. I'm not sure if the shared memory problem was a symptom or a cause. In the few years I've been working with Opensips I've never seen anything like this. Any direction from the list would be great. - Jeff ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] New acc module for cdr generation over Radius
Hi Vlad, Thanks for info. I am about to work on this. Thanks, Maciej 2011/4/21 Vlad Paiu vladp...@opensips.org: Hello, The new CDRs type of accounting in OpenSIPS 1.6.4 only produces one entry per call for every type of backend, whether it's a DB, Radius or Syslog. So it's natural to only have a single STOP entry per call, and not two, a start and stop entry as in the old type of accounting. The STOP packet should also contain the Sip-Call-Duration and Sip-Call-Duration attributes, defined in the 'etc/dictionary.opensips' dictionary that comes with the OpenSIPS sources. Are you using that provided dictionary ? Regards, Vlad On 04/17/2011 11:38 PM, Maciej Bylica wrote: Dear OS Fans, I've just managed to configure new acc with dialog cdr generation feature with Mysql.etc/dictionary.opensipset It looks fine and realy help to do accouting for some of us. In my scenario there is a need to use Radius. As stated in acc module description, there is a need to use cdr_flag and setflag in initial invite. Once it is set there i do receive only STOP radius acc packet. In case i do not have setflag set anywere in my script Opensips produce START and STOP packet properly. Does anyone knows where to look for the problem? Last question does standard STOP packet incorporate call duration attr anyhow or should i use aaa_extra in my config. My STOP packet is as follows: Sun Apr 17 21:08:38 2011 Acct-Status-Type = Stop Service-Type = IAPP-Register Sip-Response-Code = 200 Sip-Method = Bye Event-Timestamp = \266:\253M\374\212\256 Sip-From-Tag = eb759c18 Sip-To-Tag = 00-07350-027f5afd-492940963 Acct-Session-Id = b0790b4443102642ZTMzOWZlNGU0Njg4MDMwM2EzZjI1NTY5NTllNWFiYjk. User-Name = 11122233@66.66.66.66 Calling-Station-Id = sip:11122233@66.66.66.66 Called-Station-Id = sip:999887766@66.66.66.66 Sip-Translated-Request-URI = sip:77.77.77.77:5060 User-Agent = X-Lite release 1003l stamp 30942 Contact = sip:11122233@10.119.204.184:15950 NAS-Port-Id = 5060 Acct-Delay-Time = 0 NAS-IP-Address = 127.0.0.1 Client-IP-Address = 127.0.0.1 Acct-Unique-Session-Id = 7e6e2ace14ff4970 Timestamp = 1303067318 I do have the latest OS 1.6.4-2-notls revision 7872. Thx in advance for help, Maciej. ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] Opensips geographic redundancy
Hi to all, i have a problem and hope someone can give me a clue on it. We have an Opensips infrastructure with heartbeat HA and it is working fine. I'm implementing the geographic redundancy on our VoIP infrastructure with opensips 1.6.4. There are 2 different locations. 2 server in each location (one running the Opensips and the other running the mysql DB). The 2 structures are totally independent but share the same DB data (with mysql master-slave-master replication). So each location can handle customer requests independently, the registrations are duplicated from one server to the other to maintain all the CPE's reachable from both servers. Now I'd like to use the DNS SRV records to let the CPEs to use the 2 servers in a kind of load balance. I discovered that lot of CPE are not implementing the SRV records logic in a correct way. Patton CPE with 5.7 firmware make the first REGISTER (without authentication) on one server and after the server answer back with 401 Unauthorized the CPE retry the REGISTER (with authentication) on the other server that reject it because an invalid nonce is found (it was generated from the other server obviously). It should continue the session with the same server it started with the first REGISTER because it received an answer and the server is alive. Asterisk 1.6 is making the REGISTER properly (one for each server) but place all the calls through only one server even if it is down. I'm sure will find that lot of other CPE will have trouble with SRV records correct implementation. I'd like to find a way to do it in a CPE software independent way. So i'm starting to search another solution that let me implement the geographic redundancy without the SRV records but I'm short of ideas now without inserting any Single Point of Failure in the system. I thought to a front end proxy (in HA redundancy like the one of now) to be a load balancer to the other 2 proxies but in any way i don't' have a geographic redundancy. Have you any suggestions? Thank you all. Regards, Marcello ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Opensips geographic redundancy
Marcello, Might check into getting an IP with BGP (Border Gateway Protocol) or some other IP routing protocol. Not all ISPs offer these services and it is usually offered on a subnet of addresses not a single address. If your providers/contacts can't do this or don't have good answers you might check with www.spectrumnet.us. Dave On Fri, Apr 29, 2011 at 9:22 AM, Marcello Lupo ml...@itspecialist.itwrote: Hi to all, i have a problem and hope someone can give me a clue on it. We have an Opensips infrastructure with heartbeat HA and it is working fine. I'm implementing the geographic redundancy on our VoIP infrastructure with opensips 1.6.4. There are 2 different locations. 2 server in each location (one running the Opensips and the other running the mysql DB). The 2 structures are totally independent but share the same DB data (with mysql master-slave-master replication). So each location can handle customer requests independently, the registrations are duplicated from one server to the other to maintain all the CPE's reachable from both servers. Now I'd like to use the DNS SRV records to let the CPEs to use the 2 servers in a kind of load balance. I discovered that lot of CPE are not implementing the SRV records logic in a correct way. Patton CPE with 5.7 firmware make the first REGISTER (without authentication) on one server and after the server answer back with 401 Unauthorized the CPE retry the REGISTER (with authentication) on the other server that reject it because an invalid nonce is found (it was generated from the other server obviously). It should continue the session with the same server it started with the first REGISTER because it received an answer and the server is alive. Asterisk 1.6 is making the REGISTER properly (one for each server) but place all the calls through only one server even if it is down. I'm sure will find that lot of other CPE will have trouble with SRV records correct implementation. I'd like to find a way to do it in a CPE software independent way. So i'm starting to search another solution that let me implement the geographic redundancy without the SRV records but I'm short of ideas now without inserting any Single Point of Failure in the system. I thought to a front end proxy (in HA redundancy like the one of now) to be a load balancer to the other 2 proxies but in any way i don't' have a geographic redundancy. Have you any suggestions? Thank you all. Regards, Marcello ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users -- David Singer ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Opensips geographic redundancy
Hi Dave, thank you for your answer but this was a solution that i prefer to avoid if possible...We are AS and LIR on internet and we are already making BGP on 3 different links on our infrastructure so we can do it as last resort but it is a nightmare to let all that work with application level checks and routers around... Often there can be routing/connectivity problems that will cause the IP class to be routed but if the heartbeat is not aware of this there will be problems for sure. The goal is to use both the system in parallel. Thank you anyway. Regards, Marcello On Apr 29, 2011, at 7:07 PM, Dave Singer wrote: Marcello, Might check into getting an IP with BGP (Border Gateway Protocol) or some other IP routing protocol. Not all ISPs offer these services and it is usually offered on a subnet of addresses not a single address. If your providers/contacts can't do this or don't have good answers you might check with www.spectrumnet.us. Dave On Fri, Apr 29, 2011 at 9:22 AM, Marcello Lupo ml...@itspecialist.it wrote: Hi to all, i have a problem and hope someone can give me a clue on it. We have an Opensips infrastructure with heartbeat HA and it is working fine. I'm implementing the geographic redundancy on our VoIP infrastructure with opensips 1.6.4. There are 2 different locations. 2 server in each location (one running the Opensips and the other running the mysql DB). The 2 structures are totally independent but share the same DB data (with mysql master-slave-master replication). So each location can handle customer requests independently, the registrations are duplicated from one server to the other to maintain all the CPE's reachable from both servers. Now I'd like to use the DNS SRV records to let the CPEs to use the 2 servers in a kind of load balance. I discovered that lot of CPE are not implementing the SRV records logic in a correct way. Patton CPE with 5.7 firmware make the first REGISTER (without authentication) on one server and after the server answer back with 401 Unauthorized the CPE retry the REGISTER (with authentication) on the other server that reject it because an invalid nonce is found (it was generated from the other server obviously). It should continue the session with the same server it started with the first REGISTER because it received an answer and the server is alive. Asterisk 1.6 is making the REGISTER properly (one for each server) but place all the calls through only one server even if it is down. I'm sure will find that lot of other CPE will have trouble with SRV records correct implementation. I'd like to find a way to do it in a CPE software independent way. So i'm starting to search another solution that let me implement the geographic redundancy without the SRV records but I'm short of ideas now without inserting any Single Point of Failure in the system. I thought to a front end proxy (in HA redundancy like the one of now) to be a load balancer to the other 2 proxies but in any way i don't' have a geographic redundancy. Have you any suggestions? Thank you all. Regards, Marcello ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users -- David Singer ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] Opensips geographic redundancy
On 04/29/2011 12:22 PM, Marcello Lupo wrote: Asterisk 1.6 is making the REGISTER properly (one for each server) but place all the calls through only one server even if it is down Hi, If you turn on qualify in the asterisk trunk, and the trunk fails the qualify SIP options test, the second trunk will be used. If your using a FreePBX GUI, you setup two trunks on the bottom of the outbound route. Adrian ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
