Configuration issue with modparam syntax

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Configuration issue with modparam syntax

Dan Pascu

It seems that at least the ca_list modparam in tls_mgm doesn't accept a dash in filenames. If I have a modparam like:

modparam("tls_mgm", "ca_list", "[default]/etc/opensips/tls/ca-list.pem")

then checking the configuration fails with some obscure error that some source_ip element is not defined in acc_extra (way later in some route in the script).

However if I replace the same with a filename without a dash in it like:

modparam("tls_mgm", "ca_list", "[default]/etc/opensips/tls/calist.pem")

Then the error goes away and opensips is able to start. Not sure if this limitation affects other modparams that specify filenames.

--
Dan





_______________________________________________
Devel mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel
Reply | Threaded
Open this post in threaded view
|

Re: Configuration issue with modparam syntax

Bogdan-Andrei Iancu-2
HI Dan,

Thanks for the report, but could you please open a bug report on the
tracker - is is the easiest way for use to track and work with all the
reports in a centralized way.

Thanks,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
   https://www.opensips-solutions.com
OpenSIPS Summit 2019
   https://www.opensips.org/events/Summit-2019Amsterdam/

On 06/26/2019 06:24 PM, Dan Pascu wrote:

> It seems that at least the ca_list modparam in tls_mgm doesn't accept a dash in filenames. If I have a modparam like:
>
> modparam("tls_mgm", "ca_list", "[default]/etc/opensips/tls/ca-list.pem")
>
> then checking the configuration fails with some obscure error that some source_ip element is not defined in acc_extra (way later in some route in the script).
>
> However if I replace the same with a filename without a dash in it like:
>
> modparam("tls_mgm", "ca_list", "[default]/etc/opensips/tls/calist.pem")
>
> Then the error goes away and opensips is able to start. Not sure if this limitation affects other modparams that specify filenames.
>
> --
> Dan
>
>
>
>
>
> _______________________________________________
> Devel mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/devel


_______________________________________________
Devel mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel
Reply | Threaded
Open this post in threaded view
|

Re: Configuration issue with modparam syntax

Dan Pascu

On 8 Jul 2019, at 14:36, Bogdan-Andrei Iancu wrote:

> HI Dan,
>
> Thanks for the report, but could you please open a bug report on the tracker - is is the easiest way for use to track and work with all the reports in a centralized way.

It turns out the dash in the file name is not the problem. I noticed this after I changed the name of my certificates and the new ones had a dash in the name, so I thought that the cause was some problem with the configuration parser. When I removed the dash from the name the error went away so that strengthened the idea that it must be related to the dash.

What I noticed later made things much weirder, to the point that this bug now looks like something out of the twilight zone. To be honest I'm not even sure how to describe it properly.

In short I have the following facts:

1. I have a configuration file of length N that has the error. The error is something about some items in $acc_extra not being defined when used in route later in the script. With this is doesn't matter if the certificate has a dash or not in its name. All it matter is the size of the configuration file being N.
2. If I add or remove 1 character in such a way that it doesn't create a new line in the file, for example by adding one extra character in a comment line, the error disappears. This character added/removed must come before the acc_extra modparam definition for this to work.
3. Now to make things really weird, consider that the configuration file name is length M and in the error case filename length and file content length is N + M = T. If I keep this T constant, I have the problem. So if I add a character in a comment in the configuration as described above and the problem disappears, because now total length is T+1, the problem reappears if I shorten the configuration file name by 1 character so I have total length and equal with the original T : (N+1) + (M-1) = T.

>
> Thanks,
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
>  https://www.opensips-solutions.com
> OpenSIPS Summit 2019
>  https://www.opensips.org/events/Summit-2019Amsterdam/
>
> On 06/26/2019 06:24 PM, Dan Pascu wrote:
>> It seems that at least the ca_list modparam in tls_mgm doesn't accept a dash in filenames. If I have a modparam like:
>>
>> modparam("tls_mgm", "ca_list", "[default]/etc/opensips/tls/ca-list.pem")
>>
>> then checking the configuration fails with some obscure error that some source_ip element is not defined in acc_extra (way later in some route in the script).
>>
>> However if I replace the same with a filename without a dash in it like:
>>
>> modparam("tls_mgm", "ca_list", "[default]/etc/opensips/tls/calist.pem")
>>
>> Then the error goes away and opensips is able to start. Not sure if this limitation affects other modparams that specify filenames.
>>
>> --
>> Dan
>>
>>
>>
>>
>>
>> _______________________________________________
>> Devel mailing list
>> [hidden email]
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/devel
>


--
Dan





_______________________________________________
Devel mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel
Reply | Threaded
Open this post in threaded view
|

Re: Configuration issue with modparam syntax

Dan Pascu

On 8 Jul 2019, at 20:18, Dan Pascu wrote:

>
> On 8 Jul 2019, at 14:36, Bogdan-Andrei Iancu wrote:
>
>> HI Dan,
>>
>> Thanks for the report, but could you please open a bug report on the tracker - is is the easiest way for use to track and work with all the reports in a centralized way.
>
> It turns out the dash in the file name is not the problem. I noticed this after I changed the name of my certificates and the new ones had a dash in the name, so I thought that the cause was some problem with the configuration parser. When I removed the dash from the name the error went away so that strengthened the idea that it must be related to the dash.
>
> What I noticed later made things much weirder, to the point that this bug now looks like something out of the twilight zone. To be honest I'm not even sure how to describe it properly.
>
> In short I have the following facts:
>
> 1. I have a configuration file of length N that has the error. The error is something about some items in $acc_extra not being defined when used in route later in the script. With this is doesn't matter if the certificate has a dash or not in its name. All it matter is the size of the configuration file being N.
> 2. If I add or remove 1 character in such a way that it doesn't create a new line in the file, for example by adding one extra character in a comment line, the error disappears. This character added/removed must come before the acc_extra modparam definition for this to work.
> 3. Now to make things really weird, consider that the configuration file name is length M and in the error case filename length and file content length is N + M = T. If I keep this T constant, I have the problem. So if I add a character in a comment in the configuration as described above and the problem disappears, because now total length is T+1, the problem reappears if I shorten the configuration file name by 1 character so I have total length and equal with the original T : (N+1) + (M-1) = T.

Just a side note in case it's not clear from this description. The dash in the certificate names is not an issue. I have right now a configuration that has certificates defined with dashes in the name and it works just fine. It's only that now it has a different size than the original size that triggered the error.
Also the size that triggers the error is not just some fixed number.I tried to create the simplest configuration file possible to reproduce the issue, where I loaded and defined the minimal number of things and filled the rest of it with dummy comment lines to get to size N, but I couldn't trigger the issue. The size that gives the error seems to be correlated with the rest of the content of the file.

--
Dan





_______________________________________________
Devel mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel
Reply | Threaded
Open this post in threaded view
|

Re: Configuration issue with modparam syntax

Liviu Chircu
On 08.07.2019 20:27, Dan Pascu wrote:
What I noticed later made things much weirder, to the point that this bug now looks like something out of the twilight zone. To be honest I'm not even sure how to describe it properly.

In short I have the following facts:

1. I have a configuration file of length N that has the error. The error is something about some items in $acc_extra not being defined when used in route later in the script. With this is doesn't matter if the certificate has a dash or not in its name. All it matter is the size of the configuration file being N.

Hi Dan,

The twilight zone may be more real than we thought.  Please make sure you pull this fix [1]
before trying again, the symptoms you describe point exactly to a bug that's gone now.

Regards,

[1]:  https://github.com/OpenSIPS/opensips/commit/bf968d01679a48b9

-- 
Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com

_______________________________________________
Devel mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel