[OpenSIPS-Users] TLS connection problem

Yury Kirsanov y.kirsanov at gmail.com
Wed Apr 24 03:42:06 EDT 2019 

Hi everyone,
After digging into OpenSIPS code I've found the reason why I can't connect
to remote server. The server is in another country and after looking into
net/net_tcp.c source code I've found the function that tries to establish
connection, it's called 'tcp_connect_blocking_timeout'.

When connecting over TLS this function is called by proto_tls module that
uses 'tcp_connect_blocking' function with timeout parameter hardcoded to be
'tcp_connect_timeout'. After searching for that parameter I've found it's
definition, here it is:

int tcp_connect_timeout=DEFAULT_TCP_CONNECT_TIMEOUT;

and then in net/tcp_conn.h we have this definition:

/*!< If a connect doesn't complete in more than 100ms, timeout */



#define DEFAULT_TCP_CONNECT_TIMEOUT 100

In my opensips.cfg file I have these parameters set for module proto_tcp:

loadmodule "proto_tcp.so"
modparam("proto_tcp", "tcp_async", 1)

modparam("proto_tcp", "tcp_send_timeout", 3000)
modparam("proto_tcp", "tcp_async_local_connect_timeout", 3000)
modparam("proto_tcp", "tcp_async_local_write_timeout", 3000)
modparam("proto_tcp", "tcp_max_msg_chunks", 8)

For TLS module I have following:

loadmodule "tls_mgm.so"
modparam("tls_mgm", "tls_method", "TLSv1_2")
modparam("tls_mgm", "tls_handshake_timeout", 20000)
modparam("tls_mgm", "tls_send_timeout", 20000)

Looks like none of these values are actually changing variable
tcp_connect_timeout, so that's why my connection fails, as remote server
latency is higher than 100ms. If I change DEFAULT_TCP_CONNECT_TIMEOUT to
500 (or any value more than remote server latency) - connection immediately
establishes just fine.

Also, the misleading part of the error in OpenSIPS logs was that
'tcp_connect_blocking_timeout' returns timeout value in SECONDS, while it's
actually MILLISECONDS, so error is:

ERROR:core:tcp_connect_blocking_timeout: timeout 99258 ms elapsed from
100000 s

It should actually say '100000 ms' meaning that timeout occured as inside
of 'tcp_connect_blocking_timeout' the value of timeout is multiplied by
1000:

to = timeout*1000;

Anyway, after fixing this value and re-compiling OpenSIPS I can connect to
remote TLS servers just fine. Question is - is there any way to adjust the
'tcp_connect_timeout' value using configuration file? I did a 'grep -Ri
tcp_connect_timeout *' and didn't find any place where it's getting
updated. Thanks!

Best regards,
Yury Kirsanov.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20190424/97dc57d9/attachment.html>

More information about the Users mailing list