Sergey Safarov,
Thanks for the response but we're not a CentOS house. Just Ubuntu.18.04.
One other question. Is Daniel's suggestion the only way to get around kernel forwarding with our current setup? Will there be support for it in the future without disabling module signature check?
On Mon, Sep 14, 2020 at 1:14 PM Andrew Chen achen@fuze.com wrote:
Btw Richard Fuchs, to follow up on your comment, we have a load generator running sipp which is non-SRTP traffic. As for the fallback, how does that work exactly? We tried the following today and it seems to have helped:
- Removed "--table" startup param in systems file
- Uncommented "no-fallback = false" in rtpengine.conf
- Set "table=-1" in rtpengine.conf
Is there anything else I'm missing that controls the fallback?
On Sat, Sep 12, 2020 at 1:32 AM Sergey Safarov s.safarov@gmail.com wrote:
I have testes build on 5.7 kernel on CentOS 8 (custom rpm package)
You will find commit here https://github.com/sipwise/rtpengine/issues/975
Sergey
On Fri, Sep 11, 2020 at 10:53 PM Daniel-Constantin Mierla < miconda@gmail.com> wrote:
Related to tainted kernel, I faced the same issue when I deployed rtpengine on a Suse Enterprise many months ago, so I do not really remember the exact steps, but there is a way to disable the check of signed kernel modules (iirc, these are only the ones coming from the kernel source tree, so if you need to load any external kernel module, you have to disable this option).
Quick check on the net, it may have to do with module.sig_enforce option for kernel loading.
Cheers, Daniel On 11.09.20 21:31, Andrew Chen wrote:
Sorry let me clarify this line here:
"...at the time, I was running an older version 8.0.x so I recompiled all the ngcp packages under this kernel and completed the installation without issues.."
8.0.x is the older ngcp version. I recompiled version 9.0.1.0 under that new kernel version 5.3.0-1035-aws #37-Ubuntu
On Fri, Sep 11, 2020 at 3:29 PM Andrew Chen achen@fuze.com wrote:
Thanks Alex.
So it turns out my rtpengine stopped working after our latest kernel upgrade to:
Linux sjomainrtpe30 5.3.0-1035-aws #37-Ubuntu SMP Sun Sep 6 01:17:09 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
at the time, I was running an older version 8.0.x so I recompiled all the ngcp packages under this kernel and completed the installation without issues.
As soon as we started making test calls, I received 0 audio from those test endpoints. Looking at the rtpengine logs, I see several messages that's quite concerning:
Sep 11 18:43:41 sjomainrtpe30 kernel: [ 13.434623] xt_RTPENGINE: loading out-of-tree module taints kernel. Sep 11 18:43:41 sjomainrtpe30 kernel: [ 13.434670] xt_RTPENGINE: module verification failed: signature and/or required key missing - tainting kernel Sep 11 18:43:41 sjomainrtpe30 kernel: [ 13.434938] Registering xt_RTPENGINE module - version 9.0.1.0+0~mr9.0.1.0
and
Sep 11 18:49:50 sjomainrtpe30 rtpengine[1030]: WARNING: [2-7859@2600:1f1c:4ff:3e01:f64d:2f67:c0fa:c931 port 50000]: No support for kernel packet forwarding available (decryption cipher or HMAC not supported by kernel module)
which I assume is due to the first error I pasted.
So I tried
- rebooting the system which maybe the module wasn't loaded properly.
- I reran modprobe to make sure the module is installed
- I ran some dkms command to see if any error pop up due to the kernel
version I'm running and I see no errors:
dkms status falco, 0.20.0+d77080a, 5.3.0-1032-aws, x86_64: installed falco, 0.20.0+d77080a, 5.3.0-1035-aws, x86_64: installed ngcp-rtpengine, 9.0.1.0+0~mr9.0.1.0, 5.3.0-1032-aws, x86_64: installed ngcp-rtpengine, 9.0.1.0+0~mr9.0.1.0, 5.3.0-1035-aws, x86_64: installed
So I'm running out of options.
Any advice?
On Fri, Sep 11, 2020 at 3:17 PM Alex Balashov < abalashov@evaristesys.com> wrote:
There is an RTPEngine mailing list, I believe, but RTPEngine questions are often posed here given its close association with Kamailio. What's going on?
On 9/11/20 2:57 PM, Andrew Chen wrote:
Hey guys,
Is this the right place to ask about rtpengine (ngcp) related issues with kernel packet forwarding?
Thanks.
-- Andy Chen Sr. Telephony Lead Engineer achen@ mailto:achen@thinkingphones.comfuze.com http://fuze.com
*Confidentiality Notice: The information contained in this e-mail
and any
attachments may be confidential. If you are not an intended
recipient, you
are hereby notified that any dissemination, distribution or copying
of this
e-mail is strictly prohibited. If you have received this e-mail in
error,
please notify the sender and permanently delete the e-mail and any attachments immediately. You should not retain, copy or use this
e-mail or
any attachment for any purpose, nor disclose all or any part of the contents to any other person. Thank you.*
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Alex Balashov | Principal | Evariste Systems LLC
Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free) Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Andy Chen Sr. Telephony Lead Engineer 415 516 5535 (M) achen@ achen@thinkingphones.comfuze.com
-- Andy Chen Sr. Telephony Lead Engineer 415 516 5535 (M) achen@ achen@thinkingphones.comfuze.com
*Confidentiality Notice: The information contained in this e-mail and any attachments may be confidential. If you are not an intended recipient, you are hereby notified that any dissemination, distribution or copying of this e-mail is strictly prohibited. If you have received this e-mail in error, please notify the sender and permanently delete the e-mail and any attachments immediately. You should not retain, copy or use this e-mail or any attachment for any purpose, nor disclose all or any part of the contents to any other person. Thank you.*
Kamailio (SER) - Users Mailing Listsr-users@lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda Funding: https://www.paypal.me/dcmierla
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Andy Chen Sr. Telephony Lead Engineer 415 516 5535 (M) achen@ achen@thinkingphones.comfuze.com