[asterisk-bugs] [JIRA] (ASTERISK-28674) Asterisk becomes unstable after SS7 signalling link restarts
Gregory Massel (JIRA)
noreply at issues.asterisk.org
Tue Jan 7 18:17:25 CST 2020
[ https://issues.asterisk.org/jira/browse/ASTERISK-28674?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=249285#comment-249285 ]
Gregory Massel commented on ASTERISK-28674:
-------------------------------------------
So the change that I made to remove filtering will impact how link changeover is handled.
In the original code, mtp3_receive is filtering messages where link->slc != rl.sls. However, a SIG_NET_MNG with COO/COA message will always have link->slc != rl.sls because the very nature of that message is that it's signalling a changeover to avoid using the failed link. To expect the COO/COA message via the failed link is to expect the impossible. This is why lines 1869-1872 in mtp3.c are just illogical.
With that original code, it seems impossible that net_mng_receive will ever deal with "case NET_MNG_COA:". So, prior to me commenting lines 1869-1872 in mtp3.c out, what would happen is that COO message would be sent, however, COA (acknowledgement of COO) would be received but immediately dropped. Processing would then proceed in terms of a timer expiration within mtp3_t2_expired. After I removed the offending filter lines, the COA message would be dealt with within net_mng_receive, as it really should be (i.e. properly dealt with rather than treated as timed out).
The difference in behavior relates to the two different functions called:
static void mtp3_t2_expired(void * data)
{
struct mtp2 *link = data;
struct ss7_msg *tmp = NULL;
link->mtp3_timer[MTP3_TIMER_T2] = -1;
link->got_sent_netmsg &= ~(SENT_COO | SENT_ECO);
mtp3_move_buffer(link->master, link, &link->co_tx_q, &tmp, -1, -1);
mtp3_move_buffer(link->master, link, &link->co_buf, &tmp, -1, -1);
mtp3_transmit_buffer(link->master, &tmp);
link->changeover = CHANGEOVER_COMPLETED;
mtp3_free_co(link);
mtp3_check(link->adj_sp);
ss7_message(link->master, "MTP3 T2 timer expired on link SLC: %i ADJPC: %i changeover completed\n",
link->slc, link->dpc);
}
static void mtp3_changeover(struct mtp2 *link, unsigned char fsn)
{
struct ss7_msg *tmp = NULL;
if (link->changeover == CHANGEBACK || link->changeover == CHANGEBACK_INITIATED) {
mtp3_cancel_changeback(link);
}
if (link->changeover == NO_CHANGEOVER ||
link->changeover == CHANGEOVER_INITIATED) {
mtp3_move_buffer(link->master, link, &link->co_tx_buf, &tmp, -1, fsn);
mtp3_move_buffer(link->master, link, &link->co_tx_q, &tmp, -1, -1);
mtp3_move_buffer(link->master, link, &link->co_buf, &tmp, -1, -1);
mtp3_transmit_buffer(link->master, &tmp);
link->changeover = CHANGEOVER_COMPLETED;
ss7_message (link->master, "Changeover completed on link SLC: %i PC: %i FSN: %i\n", link->slc, link->dpc, fsn);
mtp3_free_co(link);
mtp3_check(link->adj_sp);
}
}
>From what I am reading, the key difference between the two is an additional:
mtp3_move_buffer(link->master, link, &link->co_tx_buf, &tmp, -1, fsn);
in mtp3_changeover.
Even still, neither of these two functions seems to adequately handle changeover and, in both cases, it seems that some sort of corruption arises.
> Asterisk becomes unstable after SS7 signalling link restarts
> ------------------------------------------------------------
>
> Key: ASTERISK-28674
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-28674
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_dahdi/SS7
> Affects Versions: 13.29.2, 16.7.0
> Environment: Asterisk 16.7.0, LibSS7 2.0.0, DAHDI 3.1.0, Digium TE820 + TE420 (5th gen), Ubuntu 18.04.3 LTS, Kernel 5.0.0-37-generic.
> Same issue also ocurrs using Asterisk 13.29.2.
> Reporter: Gregory Massel
> Assignee: Unassigned
> Severity: Minor
> Attachments: chan_dahdi.conf.txt, core-asterisk-running-2020-01-02T23-14-27+0200-brief.txt, core-asterisk-running-2020-01-02T23-14-27+0200-full.txt, core-asterisk-running-2020-01-02T23-14-27+0200-locks.txt, core-asterisk-running-2020-01-02T23-14-27+0200-thread1.txt, core-asterisk-running-2020-01-03T21-43-37+0200-brief.txt, core-asterisk-running-2020-01-03T21-43-37+0200-full.txt, core-asterisk-running-2020-01-03T21-43-37+0200-locks.txt, core-asterisk-running-2020-01-03T21-43-37+0200-thread1.txt, core-asterisk-running-2020-01-03T21-44-45+0200-brief.txt, core-asterisk-running-2020-01-03T21-44-45+0200-full.txt, core-asterisk-running-2020-01-03T21-44-45+0200-locks.txt, core-asterisk-running-2020-01-03T21-44-45+0200-thread1.txt, core-brief.txt, core-full.txt, core-locks.txt, core-thread1.txt, ss7-debug.txt, ss7.timers.txt
>
>
> When one of the SS7 signalling links goes down briefly and then restores, the SS7 subsystem goes into a corrupt state. This manifests in a numbers of ways:
> 1. The system starts using consistently 100% CPU on exactly one core, resulting in a load average of just over 1.0. This will continue indefinitely.
> 2. All outbound DAHDI calls thereafter hang during initiation reflecting a "Ring" state; a "core show channels" after a few hours shows thousands of hung channels. The corresponding PJSIP channels close and log "res_pjsip_sdp_rtp.c: Disconnecting channel 'PJSIP/xxx' for lack of RTP activity in 60 seconds" but the call and DAHDI channel remain hung.
> 3. No inbound calls are accepted via the DAHDI spans.
> 4. A "ss7 show linkset 1" seems to be missing signalling links that were there before, as if they were never configured.
> The log entries before everything goes pear-shaped look like this:
> {noformat}
> [Jan 1 03:14:08] WARNING[24375] sig_ss7.c: MTP2 link down (SLC 33)
> [Jan 1 03:14:08] ERROR[24375] chan_dahdi.c: [1] Received message for slc 0x3, but we are 0x0. Dropping
> [Jan 1 03:14:08] ERROR[24375] chan_dahdi.c: [1] Received message for slc 0x3, but we are 0x0. Dropping
> [Jan 1 03:14:08] ERROR[24375] chan_dahdi.c: [1] Received message for slc 0x3, but we are 0x0. Dropping
> [Jan 1 03:14:08] ERROR[24375] chan_dahdi.c: [1] Received message for slc 0x3, but we are 0x0. Dropping
> [Jan 1 03:14:09] VERBOSE[24375] sig_ss7.c: MTP2 link up (SLC 34)
> [Jan 1 03:14:09] VERBOSE[24375] chan_dahdi.c: [1] MTP3 T2 timer expired on link SLC: 3 ADJPC: 2200 changeover completed
> [Jan 1 03:14:09] ERROR[24375] chan_dahdi.c: [1] Received message for slc 0x3, but we are 0x1. Dropping
> [Jan 1 03:14:09] ERROR[24375] chan_dahdi.c: [1] Received message for slc 0x3, but we are 0x0. Dropping
> [Jan 1 03:14:09] ERROR[24375] chan_dahdi.c: [1] Received message for slc 0x3, but we are 0x2. Dropping
> [Jan 1 03:14:09] ERROR[24375] chan_dahdi.c: [1] Received message for slc 0x3, but we are 0x1. Dropping
> [Jan 1 03:14:09] ERROR[24375] chan_dahdi.c: [1] T7 expired on link SLC: 0 ADJPC: 2200
> [Jan 1 03:14:09] WARNING[24375] sig_ss7.c: MTP2 link down (SLC 34)
> [Jan 1 03:14:09] ERROR[24375] chan_dahdi.c: [1] T7 expired on link SLC: 1 ADJPC: 2200
> [Jan 1 03:14:09] WARNING[24375] sig_ss7.c: MTP2 link down (SLC 34)
> {noformat}
> This highlights a related issue: I have SLC numbers 0 to 3 only. The system is actually logging an incorrect SLC number (34) as having failed and/or restored. It appears that this goes beyond just the log entry. The entire system seems to get horribly confused because it thinks that an event has ocurred relating to an invalid SLC number.
> Note that the "Received message for slc 0x3, but we are 0x2. Dropping" messages are NOT the source of the issue; I get these when Asterisk starts up cleanly as well, because chan_dahdi/libss7 wrongly filters out STD Test responses received via a different SLC from the one they're sent on. This is fine because the applicable timer expires and it stops waiting for the STD Test response, however, it highlights another unrelated bug (i.e. that Asterisk shouldn't be filtering STD_TEST replies received on a different signalling link within a single linkset and should treat the received message as proper acknowledgement).
> When Asterisk starts up for the first time, it always shows SLC 0 as up for all signalling links:
> {noformat}
> [Jan 1 18:51:03] VERBOSE[24690] sig_ss7.c: MTP2 link up (SLC 0)
> [Jan 1 18:51:03] VERBOSE[24690] sig_ss7.c: MTP2 link up (SLC 0)
> [Jan 1 18:51:03] VERBOSE[24690] sig_ss7.c: MTP2 link up (SLC 0)
> {noformat}
> This is despite these being SLC 0, 1 and 2 (all part of one linkset).
> The SLC numbers only reflect 33 or 34 (invalid) once one of the signalling links fails and immediately restores.
> The configuration appears to be 100% because the system can run for days - even weeks - perfectly, processing tens of thousands of calls. Things only go awry when the SLC fails and immediately restores and they go awry every single time this happens.
> My suspicion is that the issues here is that Asterisk is mishandling the situation where the signalling link fails by misindentifying which SLC number has failed. Thereafter, it seems to corrupt its own structures relating to the signalling links. Even when the signalling link restores, things are already corrupted beyond any hope of functioning.
> This has happened countless times over many months, however, is becoming more frequent and difficult to manage. What has aggravated it has been enabling 4 signalling links (previously I had 2) within the linkset, as there is a higher probability of failure.
> All drops have been for a second or less; I'm not sure if this has any bearing on the situation (e.g. if two timers are running concurrently, one relating to link failure and the other to link restoration).
> Killing Asterisk completely and restarting immediately fixes the issue. It's not necessary to restart DAHDI.
> The 100% CPU on a single core does seem to indicate a deadlocked thread, however, I cannot readily identify which thread.
> The config is ITU SS7, 4x E1 circuits are connected to the TE820 card. The TE420 card in the system is unused at this stage (the intention was to provide for 12x E1 in the future). I've experienced similar issues on a system with 2x TE820 and, similarly, 4x E1 on one of the TE820's.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list