14 Sep
2020
14 Sep
'20
1:17 p.m.
Sergey Safarov,
Thanks for the response but we're not a CentOS house. Just Ubuntu.18.04.
One other question. Is Daniel's suggestion the only way to get around
kernel forwarding with our current setup? Will there be support for it in
the future without disabling module signature check?
On Mon, Sep 14, 2020 at 1:14 PM Andrew Chen <achen(a)fuze.com> wrote:
Btw Richard Fuchs, to follow up on your comment, we
have a load
generator running sipp which is non-SRTP traffic.
As for the fallback, how does that work exactly? We tried the following
today and it seems to have helped:
- Removed "--table" startup param in systems file
- Uncommented "no-fallback = false" in rtpengine.conf
- Set "table=-1" in rtpengine.conf
Is there anything else I'm missing that controls the fallback?
On Sat, Sep 12, 2020 at 1:32 AM Sergey Safarov <s.safarov(a)gmail.com>
wrote:
--
Andy Chen
Sr. Telephony Lead Engineer
415 516 5535 (M)
achen@ <achen(a)thinkingphones.com>fuze.com
--
*Confidentiality Notice: The information contained in this e-mail and any
attachments may be confidential. If you are not an intended recipient, you
are hereby notified that any dissemination, distribution or copying of this
e-mail is strictly prohibited. If you have received this e-mail in error,
please notify the sender and permanently delete the e-mail and any
attachments immediately. You should not retain, copy or use this e-mail or
any attachment for any purpose, nor disclose all or any part of the
contents to any other person. Thank you.*
I have testes build on 5.7 kernel on CentOS 8
(custom rpm package)
You will find commit here
https://github.com/sipwise/rtpengine/issues/975
Sergey
On Fri, Sep 11, 2020 at 10:53 PM Daniel-Constantin Mierla <
miconda(a)gmail.com> wrote:
--
Andy Chen
Sr. Telephony Lead Engineer
415 516 5535 (M)
achen@ <achen(a)thinkingphones.com>fuze.com
Related to tainted kernel, I faced the same issue
when I deployed
rtpengine on a Suse Enterprise many months ago, so I do not really remember
the exact steps, but there is a way to disable the check of signed kernel
modules (iirc, these are only the ones coming from the kernel source tree,
so if you need to load any external kernel module, you have to disable this
option).
Quick check on the net, it may have to do with module.sig_enforce option
for kernel loading.
Cheers,
Daniel
On 11.09.20 21:31, Andrew Chen wrote:
Sorry let me clarify this line here:
"...at the time, I was running an older version 8.0.x so I recompiled
all the ngcp packages under this kernel and completed the installation
without issues.."
8.0.x is the older ngcp version. I recompiled version 9.0.1.0 under that
new kernel version 5.3.0-1035-aws #37-Ubuntu
On Fri, Sep 11, 2020 at 3:29 PM Andrew Chen <achen(a)fuze.com> wrote:
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Thanks Alex.
So it turns out my rtpengine stopped working after our latest kernel
upgrade to:
Linux sjomainrtpe30 5.3.0-1035-aws #37-Ubuntu SMP Sun Sep 6 01:17:09
UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
at the time, I was running an older version 8.0.x so I recompiled all
the ngcp packages under this kernel and completed the installation without
issues.
As soon as we started making test calls, I received 0 audio from those
test endpoints. Looking at the rtpengine logs, I see several messages
that's quite concerning:
Sep 11 18:43:41 sjomainrtpe30 kernel: [ 13.434623] xt_RTPENGINE:
loading out-of-tree module taints kernel.
Sep 11 18:43:41 sjomainrtpe30 kernel: [ 13.434670] xt_RTPENGINE:
module verification failed: signature and/or required key missing -
tainting kernel
Sep 11 18:43:41 sjomainrtpe30 kernel: [ 13.434938] Registering
xt_RTPENGINE module - version 9.0.1.0+0~mr9.0.1.0
and
Sep 11 18:49:50 sjomainrtpe30 rtpengine[1030]: WARNING:
[2-7859@2600:1f1c:4ff:3e01:f64d:2f67:c0fa:c931
port 50000]: No support for kernel packet forwarding available (decryption
cipher or HMAC not supported by kernel module)
which I assume is due to the first error I pasted.
So I tried
- rebooting the system which maybe the module wasn't loaded properly.
- I reran modprobe to make sure the module is installed
- I ran some dkms command to see if any error pop up due to the kernel
version I'm running and I see no errors:
dkms status
falco, 0.20.0+d77080a, 5.3.0-1032-aws, x86_64: installed
falco, 0.20.0+d77080a, 5.3.0-1035-aws, x86_64: installed
ngcp-rtpengine, 9.0.1.0+0~mr9.0.1.0, 5.3.0-1032-aws, x86_64: installed
ngcp-rtpengine, 9.0.1.0+0~mr9.0.1.0, 5.3.0-1035-aws, x86_64: installed
So I'm running out of options.
Any advice?
On Fri, Sep 11, 2020 at 3:17 PM Alex Balashov <
abalashov(a)evaristesys.com> wrote:
> There is an RTPEngine mailing list, I believe, but RTPEngine questions
> are often posed here given its close association with Kamailio. What's
> going on?
>
> On 9/11/20 2:57 PM, Andrew Chen wrote:
> > Hey guys,
> >
> > Is this the right place to ask about rtpengine (ngcp) related issues
> > with kernel packet forwarding?
> >
> > Thanks.
> >
> > --
> > Andy Chen
> > Sr. Telephony Lead Engineer
> > achen@ <mailto:achen@thinkingphones.com>fuze.com <http://fuze.com>
> >
> >
> >
> > *Confidentiality Notice: The information contained in this e-mail
> and any
> > attachments may be confidential. If you are not an intended
> recipient, you
> > are hereby notified that any dissemination, distribution or copying
> of this
> > e-mail is strictly prohibited. If you have received this e-mail in
> error,
> > please notify the sender and permanently delete the e-mail and any
> > attachments immediately. You should not retain, copy or use this
> e-mail or
> > any attachment for any purpose, nor disclose all or any part of the
> > contents to any other person. Thank you.*
> >
> > _______________________________________________
> > Kamailio (SER) - Users Mailing List
> > sr-users(a)lists.kamailio.org
> > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> >
>
> --
> Alex Balashov | Principal | Evariste Systems LLC
>
> Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free)
> Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users(a)lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
--
Andy Chen
Sr. Telephony Lead Engineer
415 516 5535 (M)
achen@ <achen(a)thinkingphones.com>fuze.com
--
Andy Chen
Sr. Telephony Lead Engineer
415 516 5535 (M)
achen@ <achen(a)thinkingphones.com>fuze.com
*Confidentiality Notice: The information contained in this e-mail and any
attachments may be confidential. If you are not an intended recipient,
you
are hereby notified that any dissemination, distribution or copying of
this
e-mail is strictly prohibited. If you have received this e-mail in error,
please notify the sender and permanently delete the e-mail and any
attachments immediately. You should not retain, copy or use this e-mail
or
any attachment for any purpose, nor disclose all or any part of the
contents to any other person. Thank you.*
_______________________________________________
Kamailio (SER) - Users Mailing
Listsr-users@lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda --
www.linkedin.com/in/miconda
Funding: https://www.paypal.me/dcmierla
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users