You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
a tls connection uses 52104 bytes. Among these memory, tcp_connection structure use 776 bytes and tcp_rd_buf use 6000 bytes, and the left part (45328 bytes) are all about SSL session with crypto.
Expected behavior
kamailio does some optimization for self defined BIO_TYPE_SOURCE_SINK bio type, to save more memory
Actual observed behavior
among this 45328 bytes, the biggest parts are BIO read buffer(16KB) and BIO write buffer(16KB). currently kamailio uses BIO_TYPE_SOURCE_SINK type bio, which needs kamailio manage the buffer by itself (there is no optimization). While nginx uses BIO_TYPE_MEM type bio, which is a openssl's internal bio type with memory optimization. As a result, nginx use less memory to accept more TLS connections than kamailio
Debugging Data
None
Log Messages
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core> [mem/tlsf_malloc.c:1219]: tlsf_sums(): pool (0x7f1a3eec1000) summarizing all alloc'ed. fragments:
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core> [mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 2 size= 336 bytes from tls: tls_init.c: crypto/evp/evp_enc.c(43)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core> [mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 80 bytes from tls: tls_init.c: crypto/bn/bn_blind.c(36)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core> [mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 3 size= 360 bytes from tls: tls_init.c: crypto/bn/bn_mont.c(232)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core> [mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 2 size= 1456 bytes from tls: tls_init.c: crypto/evp/evp_enc.c(129)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core> [mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 120 bytes from tls: tls_init.c: ssl/t1_lib.c(1784)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core> [mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 56 bytes from tls: tls_init.c: ssl/statem/extensions.c(959)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core> [mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 2 size= 112 bytes from tls: tls_init.c: ssl/t1_lib.c(1811)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core> [mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 56 bytes from tls: tls_init.c: ssl/statem/../packet_local.h(462)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core> [mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 56 bytes from tls: tls_init.c: ssl/statem/../packet_local.h(485)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core> [mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 640 bytes from tls: tls_init.c: ssl/ssl_sess.c(72)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core> [mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 144 bytes from tls: tls_init.c: ssl/packet_local.h(462)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core> [mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 224 bytes from tls: tls_init.c: crypto/evp/digest.c(139)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core> [mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 3 size= 168 bytes from tls: tls_init.c: crypto/evp/digest.c(62)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core> [mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 16496 bytes from tls: tls_init.c: ssl/record/ssl3_buffer.c(124)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core> [mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 16712 bytes from tls: tls_init.c: ssl/record/ssl3_buffer.c(63)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core> [mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 6280 bytes from tls: tls_init.c: ssl/ssl_lib.c(691)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core> [mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 6776 bytes from core: tcp_main.c: tcpconn_new(1148)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core> [mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 56 bytes from tls: tls_init.c: tls_bio.c(184)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core> [mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 120 bytes from tls: tls_init.c: crypto/bio/bio_lib.c(73)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core> [mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 536 bytes from tls: tls_init.c: ssl/ssl_cert.c(76)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core> [mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 56 bytes from tls: tls_init.c: ssl/ssl_lib.c(793)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core> [mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 72 bytes from tls: tls_init.c: crypto/bio/bio_meth.c(41)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core> [mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 96 bytes from tls: tls_init.c: crypto/bio/bio_meth.c(38)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core> [mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 1040 bytes from tls: tls_init.c: ssl/s3_lib.c(3296)
Mar 30 19:46:46 localhost.localdomain sipproxy[2273]: INFO: <core> [mem/tlsf_malloc.c:1235]: tlsf_sums(): count= 1 size= 56 bytes from tls: tls_server.c: tls_complete_init(229)
TLS is known to be greedy in memory, depending also on the encryption algorithm negotiated. Also, kamailio does many times speed optimisations at the expense of some memory (e.g., static buffers or allocated at startup to avoid often alloc/dealoc at runtime).
If you think there is room for improvement here, on this particular case, feel free to make a PR and if the results are good overall, then it will be merged.
Description
a tls connection uses 52104 bytes. Among these memory, tcp_connection structure use 776 bytes and tcp_rd_buf use 6000 bytes, and the left part (45328 bytes) are all about SSL session with crypto.
Expected behavior
kamailio does some optimization for self defined BIO_TYPE_SOURCE_SINK bio type, to save more memory
Actual observed behavior
among this 45328 bytes, the biggest parts are BIO read buffer(16KB) and BIO write buffer(16KB). currently kamailio uses BIO_TYPE_SOURCE_SINK type bio, which needs kamailio manage the buffer by itself (there is no optimization). While nginx uses BIO_TYPE_MEM type bio, which is a openssl's internal bio type with memory optimization. As a result, nginx use less memory to accept more TLS connections than kamailio
Debugging Data
None
Log Messages
SIP Traffic
None
Possible Solutions
None
Additional Information
The text was updated successfully, but these errors were encountered: