Hello Richard, I added the global parameter tls_threads_mode, I consider to reflect better the purpose than the proposed enable_tls_threads. In the code it is the global variable ksr_tls_threads_mode which is exposed via core/globals.h -- you can see commit:
- https://github.com/kamailio/kamailio/commit/4d6e37fa048a1aaa2d2fc6655985b4bcb9754258 Cheers, Daniel On 06.02.24 12:20, Richard Chan wrote: > Hi Daniel / Henning, > > I would like to propose a global config to restore the non-threaded > default: > > enable_tls = no|yes #(EXISTING) boolean > enable_tls_threads = 0 | 1 | 2 #(NEW) int > > 0: disable thread-wrappers (restores kamailio behaviour) > - default when enable_tls = no > > 1: thread-wrapper only for process_no = 0 (main process) > - default when enable_tls = yes > > 2: thread-wrapper on for all processes > > Now the behaviour for the thread wrappers can be > > /* pseudo-code > * fn is the wrapped function */ > run_threadXXXX (fn, ...) > { > int flag = cfg_get_tls_threads(); > if (likely(flag == 0 || (flag == 1 && process_no != 0))) { > return fn(...) ; // execute wrapped function directly - no thread > } else { /* flag == 2 ||( flag == 1 && process_no == 0) */ > /* > ** run fn in thread > */ > } > > I am not familiar with the bison grammar or parsing of the global > config file — I would need your help (or another developer familiar > with the core parsing) to set this up. When this cfg flag is available > I can change all the thread-runners to check the global config. > > With respect to 5.7 - stable branch - unfortunately due to the changes > to OpenSSL 3 it is broken - #3635 - with more load there will be > double-free errors; #3727 - cannot load tls and db module (even if the > db module does not use TLS it may initialize OpenSSL). > > The changes while more intrusive than usual are the minimal viable set > of changes. With the commits on 5.7 you can have a TLS-enabled > /etc/kamailio.cfg using OpenSSL 3 and load a db module (with or > without TLS). To reiterate - even a pure in-memory TLS proxy without > database is subject to double free corruption. > > To make the changes less intrusive: backport the global > enable_tls_threads config to 5.7.5+ or make the thread wrappers check > for process_no = 0. The latter (and more minimal) change would mean > that all Kamailio workers will have the existing behaviour and only > process_no = 0 tries to run thread wrappers. > > Options: > A 5.8-pre:. add a global config enable_tls_threads to 5.8-pre (need > help on this part - the thread wrappers I would be able to fix) > B. 5.7.5+: backport A to 5.7 OR check for process_no = 0 in thread > wrappers(only change in parent process, no change to worker processes) > > Let me know what you think - thanks for the comments. > > Cheers > Richard > > > > > > > > > > > > -- Daniel-Constantin Mierla (@ asipto.com) twitter.com/miconda -- linkedin.com/in/miconda Kamailio Consultancy, Training and Development Services -- asipto.com Kamailio Advanced Training, February 20-22, 2024 -- asipto.com Kamailio World Conference, April 18-19, 2024, Berlin -- kamailioworld.com _______________________________________________ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
