[SR-Users] RTPENGINE question

Daniel-Constantin Mierla miconda at gmail.com
Fri Sep 11 21:52:32 CEST 2020 

Related to tainted kernel, I faced the same issue when I deployed
rtpengine on a Suse Enterprise many months ago, so I do not really
remember the exact steps, but there is a way to disable the check of
signed kernel modules (iirc, these are only the ones coming from the
kernel source tree, so if you need to load any external kernel module,
you have to disable this option).

Quick check on the net, it may have to do with module.sig_enforce option
for kernel loading.

Cheers,
Daniel

On 11.09.20 21:31, Andrew Chen wrote:
> Sorry let me clarify this line here:
>
> "...at the time, I was running an older version 8.0.x so I recompiled
> all the ngcp packages under this kernel and completed the installation
> without issues.."
>
> 8.0.x is the older ngcp version. I recompiled version 9.0.1.0 under
> that new kernel version 5.3.0-1035-aws #37-Ubuntu
>
>
> On Fri, Sep 11, 2020 at 3:29 PM Andrew Chen <achen at fuze.com
> <mailto:achen at fuze.com>> wrote:
>
>     Thanks Alex.
>
>     So it turns out my rtpengine stopped working after our latest
>     kernel upgrade to:
>
>     Linux sjomainrtpe30 5.3.0-1035-aws #37-Ubuntu SMP Sun Sep 6
>     01:17:09 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
>
>     at the time, I was running an older version 8.0.x so I recompiled
>     all the ngcp packages under this kernel and completed the
>     installation without issues.
>
>     As soon as we started making test calls, I received 0 audio from
>     those test endpoints.  Looking at the rtpengine logs, I see
>     several messages that's quite concerning:
>
>     Sep 11 18:43:41 sjomainrtpe30 kernel: [   13.434623] xt_RTPENGINE:
>     loading out-of-tree module taints kernel.
>     Sep 11 18:43:41 sjomainrtpe30 kernel: [   13.434670] xt_RTPENGINE:
>     module verification failed: signature and/or required key missing
>     - tainting kernel
>     Sep 11 18:43:41 sjomainrtpe30 kernel: [   13.434938] Registering
>     xt_RTPENGINE module - version 9.0.1.0+0~mr9.0.1.0
>
>     and
>
>     Sep 11 18:49:50 sjomainrtpe30 rtpengine[1030]: WARNING:
>     [2-7859 at 2600:1f1c:4ff:3e01:f64d:2f67:c0fa:c931 port 50000]: No
>     support for kernel packet forwarding available (decryption cipher
>     or HMAC not supported by kernel module)
>
>     which I assume is due to the first error I pasted.
>
>     So I tried
>
>     - rebooting the system which maybe the module wasn't loaded properly.
>     - I reran modprobe to make sure the module is installed
>     - I ran some dkms command to see if any error pop up due to the
>     kernel version I'm running and I see no errors:
>
>     dkms status
>     falco, 0.20.0+d77080a, 5.3.0-1032-aws, x86_64: installed
>     falco, 0.20.0+d77080a, 5.3.0-1035-aws, x86_64: installed
>     ngcp-rtpengine, 9.0.1.0+0~mr9.0.1.0, 5.3.0-1032-aws, x86_64: installed
>     ngcp-rtpengine, 9.0.1.0+0~mr9.0.1.0, 5.3.0-1035-aws, x86_64: installed
>
>     So I'm running out of options.
>
>     Any advice?
>
>
>     On Fri, Sep 11, 2020 at 3:17 PM Alex Balashov
>     <abalashov at evaristesys.com <mailto:abalashov at evaristesys.com>> wrote:
>
>         There is an RTPEngine mailing list, I believe, but RTPEngine
>         questions
>         are often posed here given its close association with
>         Kamailio. What's
>         going on?
>
>         On 9/11/20 2:57 PM, Andrew Chen wrote:
>         > Hey guys,
>         >
>         > Is this the right place to ask about rtpengine (ngcp)
>         related issues
>         > with kernel packet forwarding?
>         >
>         > Thanks.
>         >
>         > --
>         > Andy Chen
>         > Sr. Telephony Lead Engineer
>         > achen@ <mailto:achen at thinkingphones.com
>         <mailto:achen at thinkingphones.com>>fuze.com <http://fuze.com>
>         <http://fuze.com>
>         >
>         >
>         >
>         > *Confidentiality Notice: The information contained in this
>         e-mail and any
>         > attachments may be confidential. If you are not an intended
>         recipient, you
>         > are hereby notified that any dissemination, distribution or
>         copying of this
>         > e-mail is strictly prohibited. If you have received this
>         e-mail in error,
>         > please notify the sender and permanently delete the e-mail
>         and any
>         > attachments immediately. You should not retain, copy or use
>         this e-mail or
>         > any attachment for any purpose, nor disclose all or any part
>         of the
>         > contents to any other person. Thank you.*
>         >
>         > _______________________________________________
>         > Kamailio (SER) - Users Mailing List
>         > sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
>         > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>         >
>
>         -- 
>         Alex Balashov | Principal | Evariste Systems LLC
>
>         Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free)
>         Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
>
>         _______________________________________________
>         Kamailio (SER) - Users Mailing List
>         sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
>         https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
>
>
>     -- 
>     Andy Chen
>     Sr. Telephony Lead Engineer
>     415 516 5535 (M)
>     achen@ <mailto:achen at thinkingphones.com>fuze.com <http://fuze.com>
>
>
>
> -- 
> Andy Chen
> Sr. Telephony Lead Engineer
> 415 516 5535 (M)
> achen@ <mailto:achen at thinkingphones.com>fuze.com <http://fuze.com>
>
>
> *Confidentiality Notice: The information contained in this e-mail and any
> attachments may be confidential. If you are not an intended recipient, you
> are hereby notified that any dissemination, distribution or copying of
> this
> e-mail is strictly prohibited. If you have received this e-mail in error,
> please notify the sender and permanently delete the e-mail and any
> attachments immediately. You should not retain, copy or use this e-mail or
> any attachment for any purpose, nor disclose all or any part of the
> contents to any other person. Thank you.*
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Funding: https://www.paypal.me/dcmierla

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200911/2e77a495/attachment.htm>

More information about the sr-users mailing list