[SR-Users] RTPENGINE question

Andrew Chen achen at fuze.com
Mon Sep 14 19:14:33 CEST 2020 

Btw Richard Fuchs, to follow up on your comment, we have a load
generator running sipp which is non-SRTP traffic.
As for the fallback, how does that work exactly?  We tried the following
today and it seems to have helped:

- Removed "--table" startup param in systems file
- Uncommented "no-fallback = false" in rtpengine.conf
- Set "table=-1" in rtpengine.conf

Is there anything else I'm missing that controls the fallback?

On Sat, Sep 12, 2020 at 1:32 AM Sergey Safarov <s.safarov at gmail.com> wrote:

> I have testes build on 5.7 kernel on CentOS 8 (custom rpm package)
>
> You will find commit here
> https://github.com/sipwise/rtpengine/issues/975
>
> Sergey
>
> On Fri, Sep 11, 2020 at 10:53 PM Daniel-Constantin Mierla <
> miconda at gmail.com> wrote:
>
>> Related to tainted kernel, I faced the same issue when I deployed
>> rtpengine on a Suse Enterprise many months ago, so I do not really remember
>> the exact steps, but there is a way to disable the check of signed kernel
>> modules (iirc, these are only the ones coming from the kernel source tree,
>> so if you need to load any external kernel module, you have to disable this
>> option).
>>
>> Quick check on the net, it may have to do with module.sig_enforce option
>> for kernel loading.
>>
>> Cheers,
>> Daniel
>> On 11.09.20 21:31, Andrew Chen wrote:
>>
>> Sorry let me clarify this line here:
>>
>> "...at the time, I was running an older version 8.0.x so I recompiled all
>> the ngcp packages under this kernel and completed the installation without
>> issues.."
>>
>> 8.0.x is the older ngcp version. I recompiled version 9.0.1.0 under that
>> new kernel version 5.3.0-1035-aws #37-Ubuntu
>>
>>
>> On Fri, Sep 11, 2020 at 3:29 PM Andrew Chen <achen at fuze.com> wrote:
>>
>>> Thanks Alex.
>>>
>>> So it turns out my rtpengine stopped working after our latest kernel
>>> upgrade to:
>>>
>>> Linux sjomainrtpe30 5.3.0-1035-aws #37-Ubuntu SMP Sun Sep 6 01:17:09 UTC
>>> 2020 x86_64 x86_64 x86_64 GNU/Linux
>>>
>>> at the time, I was running an older version 8.0.x so I recompiled all
>>> the ngcp packages under this kernel and completed the installation without
>>> issues.
>>>
>>> As soon as we started making test calls, I received 0 audio from those
>>> test endpoints.  Looking at the rtpengine logs, I see several messages
>>> that's quite concerning:
>>>
>>> Sep 11 18:43:41 sjomainrtpe30 kernel: [   13.434623] xt_RTPENGINE:
>>> loading out-of-tree module taints kernel.
>>> Sep 11 18:43:41 sjomainrtpe30 kernel: [   13.434670] xt_RTPENGINE:
>>> module verification failed: signature and/or required key missing -
>>> tainting kernel
>>> Sep 11 18:43:41 sjomainrtpe30 kernel: [   13.434938] Registering
>>> xt_RTPENGINE module - version 9.0.1.0+0~mr9.0.1.0
>>>
>>> and
>>>
>>> Sep 11 18:49:50 sjomainrtpe30 rtpengine[1030]: WARNING: [2-7859 at 2600:1f1c:4ff:3e01:f64d:2f67:c0fa:c931
>>> port 50000]: No support for kernel packet forwarding available (decryption
>>> cipher or HMAC not supported by kernel module)
>>>
>>> which I assume is due to the first error I pasted.
>>>
>>> So I tried
>>>
>>> - rebooting the system which maybe the module wasn't loaded properly.
>>> - I reran modprobe to make sure the module is installed
>>> - I ran some dkms command to see if any error pop up due to the kernel
>>> version I'm running and I see no errors:
>>>
>>> dkms status
>>> falco, 0.20.0+d77080a, 5.3.0-1032-aws, x86_64: installed
>>> falco, 0.20.0+d77080a, 5.3.0-1035-aws, x86_64: installed
>>> ngcp-rtpengine, 9.0.1.0+0~mr9.0.1.0, 5.3.0-1032-aws, x86_64: installed
>>> ngcp-rtpengine, 9.0.1.0+0~mr9.0.1.0, 5.3.0-1035-aws, x86_64: installed
>>>
>>> So I'm running out of options.
>>>
>>> Any advice?
>>>
>>>
>>> On Fri, Sep 11, 2020 at 3:17 PM Alex Balashov <abalashov at evaristesys.com>
>>> wrote:
>>>
>>>> There is an RTPEngine mailing list, I believe, but RTPEngine questions
>>>> are often posed here given its close association with Kamailio. What's
>>>> going on?
>>>>
>>>> On 9/11/20 2:57 PM, Andrew Chen wrote:
>>>> > Hey guys,
>>>> >
>>>> > Is this the right place to ask about rtpengine (ngcp) related issues
>>>> > with kernel packet forwarding?
>>>> >
>>>> > Thanks.
>>>> >
>>>> > --
>>>> > Andy Chen
>>>> > Sr. Telephony Lead Engineer
>>>> > achen@ <mailto:achen at thinkingphones.com>fuze.com <http://fuze.com>
>>>> >
>>>> >
>>>> >
>>>> > *Confidentiality Notice: The information contained in this e-mail and
>>>> any
>>>> > attachments may be confidential. If you are not an intended
>>>> recipient, you
>>>> > are hereby notified that any dissemination, distribution or copying
>>>> of this
>>>> > e-mail is strictly prohibited. If you have received this e-mail in
>>>> error,
>>>> > please notify the sender and permanently delete the e-mail and any
>>>> > attachments immediately. You should not retain, copy or use this
>>>> e-mail or
>>>> > any attachment for any purpose, nor disclose all or any part of the
>>>> > contents to any other person. Thank you.*
>>>> >
>>>> > _______________________________________________
>>>> > Kamailio (SER) - Users Mailing List
>>>> > sr-users at lists.kamailio.org
>>>> > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>> >
>>>>
>>>> --
>>>> Alex Balashov | Principal | Evariste Systems LLC
>>>>
>>>> Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free)
>>>> Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
>>>>
>>>> _______________________________________________
>>>> Kamailio (SER) - Users Mailing List
>>>> sr-users at lists.kamailio.org
>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>>
>>>
>>> --
>>> Andy Chen
>>> Sr. Telephony Lead Engineer
>>> 415 516 5535 (M)
>>> achen@ <achen at thinkingphones.com>fuze.com
>>>
>>>
>>
>> --
>> Andy Chen
>> Sr. Telephony Lead Engineer
>> 415 516 5535 (M)
>> achen@ <achen at thinkingphones.com>fuze.com
>>
>>
>> *Confidentiality Notice: The information contained in this e-mail and any
>> attachments may be confidential. If you are not an intended recipient, you
>> are hereby notified that any dissemination, distribution or copying of
>> this
>> e-mail is strictly prohibited. If you have received this e-mail in error,
>> please notify the sender and permanently delete the e-mail and any
>> attachments immediately. You should not retain, copy or use this e-mail or
>> any attachment for any purpose, nor disclose all or any part of the
>> contents to any other person. Thank you.*
>>
>> _______________________________________________
>> Kamailio (SER) - Users Mailing Listsr-users at lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
>> --
>> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda
>> Funding: https://www.paypal.me/dcmierla
>>
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>


-- 
Andy Chen
Sr. Telephony Lead Engineer
415 516 5535 (M)
achen@ <achen at thinkingphones.com>fuze.com

-- 
*Confidentiality Notice: The information contained in this e-mail and any

attachments may be confidential. If you are not an intended recipient, you

are hereby notified that any dissemination, distribution or copying of this

e-mail is strictly prohibited. If you have received this e-mail in error,

please notify the sender and permanently delete the e-mail and any

attachments immediately. You should not retain, copy or use this e-mail or

any attachment for any purpose, nor disclose all or any part of the

contents to any other person. Thank you.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200914/23517262/attachment.htm>

More information about the sr-users mailing list