[asterisk-dev] Asterisk 1.8.0-beta1 is Now Available! - crashes for me

Mark Michelson mmichelson at digium.com
Mon Jul 26 09:26:08 CDT 2010 

On 07/24/2010 02:56 PM, Dennis DeDonatis wrote:
>    
>> The Asterisk Development Team has announced the release of Asterisk
>> 1.8.0-beta1. This release marks the beginning of the testing process
>> for the eventual release of Asterisk 1.8.0.
>> [...]
>>      
> I downloaded 1.8.0-beta1 and skimmed the changes file and didn't notice anything that should be
> a big problem for me, so I just ran with it with my existing configs (running fine on 1.6.2.11-rc1).
>
> I got some expected error messages about new modules not configures (I'm autoloading in
> modules.conf).  That's normal.
>
> These errors were unexpected:
>
> [2010-07-24 14:09:05.511] ERROR[27104] chan_sip.c: Bad ACL entry in configuration line 1098 : callcentric.com
> [2010-07-24 14:09:05.776] VERBOSE[27104] dnsmgr.c:     -- adding dns manager for 'callcentric.com'
> [2010-07-24 14:09:05.776] ERROR[27104] netsock2.c: getaddrinfo("(null)", "(null)", ...): Name or service not known
> [2010-07-24 14:09:05.776] WARNING[27104] acl.c: Invalid IP address: (null)
> [2010-07-24 14:09:05.776] ERROR[27104] chan_sip.c: Bad ACL entry in configuration line 1123 : callcentric.com
> [2010-07-24 14:09:05.777] VERBOSE[27104] dnsmgr.c:     -- adding dns manager for 'callcentric.com'
> [2010-07-24 14:09:05.777] ERROR[27104] netsock2.c: getaddrinfo("(null)", "(null)", ...): Name or service not known
> [2010-07-24 14:09:05.777] WARNING[27104] acl.c: Invalid IP address: (null)
> [2010-07-24 14:09:05.777] ERROR[27104] chan_sip.c: Bad ACL entry in configuration line 1169 : outgoing.future-nine.com
> [2010-07-24 14:09:05.778] VERBOSE[27104] dnsmgr.c:     -- adding dns manager for 'outgoing.future-nine.com'
> [2010-07-24 14:09:05.778] ERROR[27104] netsock2.c: getaddrinfo("(null)", "(null)", ...): Name or service not known
> [2010-07-24 14:09:05.778] WARNING[27104] acl.c: Invalid IP address: (null)
> [2010-07-24 14:09:05.778] ERROR[27104] chan_sip.c: Bad ACL entry in configuration line 1188 : incoming.future-nine.com
> [2010-07-24 14:09:05.778] VERBOSE[27104] dnsmgr.c:     -- adding dns manager for 'incoming.future-nine.com'
> [2010-07-24 14:09:05.778] ERROR[27104] netsock2.c: getaddrinfo("(null)", "(null)", ...): Name or service not known
> [2010-07-24 14:09:05.778] WARNING[27104] acl.c: Invalid IP address: (null)
> [2010-07-24 14:09:05.778] ERROR[27104] chan_sip.c: Bad ACL entry in configuration line 1230 : chicago.voip.ms
> [2010-07-24 14:09:05.779] VERBOSE[27104] dnsmgr.c:     -- adding dns manager for 'chicago.voip.ms'
>
> Line 1098 is:
>
> host=callcentric.com
>
> The other corresponding "Bad ACL entry" configuration lines are similar.
>
> I looked in the sample sip.conf and don't see anything obvious.
>
> I *DO* have IPv6 (tun6to4) up and running on this Fedora 12 machine, but I didn't touch any of my
> config files, so nothing is configured in Asterisk.
>
> In sip.conf, I do not have any permit or deny entries in the [provider] sections, nor do I have any
> permit or deny entries in [general].
>
> I do have 3 core dumps (safe_asterisk restarted it 3 times before I killed it).  :)
>
>
> Should I open a bug report on this or did I just do something obviously dumb?
>
> Dennis
>
>
>    
I definitely think you should open bug reports with the crash 
backtraces. I'm not sure why those would be happening. I also recommend 
opening a bug report about those error messages. I can explain that a 
bit myself.

The error messages are a result of having the "dynamic_exclude_static" 
option enabled in sip.conf. The idea behind the option is to create a 
"contactdeny" ACL for the current peer's IP address so that if another 
endpoint tries to send a REGISTER to Asterisk with that same IP address 
in its contact header, Asterisk will deny the registration attempt.

I took a look at the code in 1.6.2, and I'm convinced this option is not 
working as intended, at  least not in most cases. The problem is that on 
an initial load of chan_sip, the current peer's IP address has not been 
set (it's all 0s) when the host is parsed. The result is that a 
contactdeny of 0.0.0.0/32 is likely getting created most of the time. On 
reloads, the problem may be worse because if you are changing the host 
line for a peer, then the code may end up creating an ACL based on the 
peer's old IP address instead of its new one.

In 1.8.0-beta1, The section is different since we are using the new 
netsock2 API that allows for IPv6 addresses to be used. We attempt to 
get a string representation of the peer's IP address, which like in 
1.6.2 is all 0s at the time the host line is parsed. The result is the 
literal string "(null)." We then try to pass this off to the ACL code, 
which of course says that it is a badly-formatted IP address. The result 
is the trio of messages starting with the getaddrinfo error, leading to 
the "Invalid IP address" warning, and leading then to the "Bad ACL 
entry" error. So it seems like the increased number of error messages in 
1.8.0-beta1 has actually exposed a bug that exists in earlier Asterisks 
as well.

The proper fix in both 1.6.2 and 1.8 is to wait and add the contactdeny 
ACL after the peer's IP address is known to be set to a valid value. 
This may be as easy as moving a block of code lower down in the 
build_peer() function than it currently is.

Thanks for bringing this to our attention and testing early in the beta 
period!
Mark Michelson

More information about the asterisk-dev mailing list