[SR-Users] RTPENGINE question

Andrew Chen achen at fuze.com
Mon Sep 14 19:17:59 CEST 2020 

Sergey Safarov,

Thanks for the response but we're not a CentOS house.  Just Ubuntu.18.04.

One other question.  Is Daniel's suggestion the only way to get around
kernel forwarding with our current setup?  Will there be support for it in
the future without disabling module signature check?

On Mon, Sep 14, 2020 at 1:14 PM Andrew Chen <achen at fuze.com> wrote:

> Btw Richard Fuchs, to follow up on your comment, we have a load
> generator running sipp which is non-SRTP traffic.
> As for the fallback, how does that work exactly?  We tried the following
> today and it seems to have helped:
>
> - Removed "--table" startup param in systems file
> - Uncommented "no-fallback = false" in rtpengine.conf
> - Set "table=-1" in rtpengine.conf
>
> Is there anything else I'm missing that controls the fallback?
>
> On Sat, Sep 12, 2020 at 1:32 AM Sergey Safarov <s.safarov at gmail.com>
> wrote:
>
>> I have testes build on 5.7 kernel on CentOS 8 (custom rpm package)
>>
>> You will find commit here
>> https://github.com/sipwise/rtpengine/issues/975
>>
>> Sergey
>>
>> On Fri, Sep 11, 2020 at 10:53 PM Daniel-Constantin Mierla <
>> miconda at gmail.com> wrote:
>>
>>> Related to tainted kernel, I faced the same issue when I deployed
>>> rtpengine on a Suse Enterprise many months ago, so I do not really remember
>>> the exact steps, but there is a way to disable the check of signed kernel
>>> modules (iirc, these are only the ones coming from the kernel source tree,
>>> so if you need to load any external kernel module, you have to disable this
>>> option).
>>>
>>> Quick check on the net, it may have to do with module.sig_enforce option
>>> for kernel loading.
>>>
>>> Cheers,
>>> Daniel
>>> On 11.09.20 21:31, Andrew Chen wrote:
>>>
>>> Sorry let me clarify this line here:
>>>
>>> "...at the time, I was running an older version 8.0.x so I recompiled
>>> all the ngcp packages under this kernel and completed the installation
>>> without issues.."
>>>
>>> 8.0.x is the older ngcp version. I recompiled version 9.0.1.0 under that
>>> new kernel version 5.3.0-1035-aws #37-Ubuntu
>>>
>>>
>>> On Fri, Sep 11, 2020 at 3:29 PM Andrew Chen <achen at fuze.com> wrote:
>>>
>>>> Thanks Alex.
>>>>
>>>> So it turns out my rtpengine stopped working after our latest kernel
>>>> upgrade to:
>>>>
>>>> Linux sjomainrtpe30 5.3.0-1035-aws #37-Ubuntu SMP Sun Sep 6 01:17:09
>>>> UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
>>>>
>>>> at the time, I was running an older version 8.0.x so I recompiled all
>>>> the ngcp packages under this kernel and completed the installation without
>>>> issues.
>>>>
>>>> As soon as we started making test calls, I received 0 audio from those
>>>> test endpoints.  Looking at the rtpengine logs, I see several messages
>>>> that's quite concerning:
>>>>
>>>> Sep 11 18:43:41 sjomainrtpe30 kernel: [   13.434623] xt_RTPENGINE:
>>>> loading out-of-tree module taints kernel.
>>>> Sep 11 18:43:41 sjomainrtpe30 kernel: [   13.434670] xt_RTPENGINE:
>>>> module verification failed: signature and/or required key missing -
>>>> tainting kernel
>>>> Sep 11 18:43:41 sjomainrtpe30 kernel: [   13.434938] Registering
>>>> xt_RTPENGINE module - version 9.0.1.0+0~mr9.0.1.0
>>>>
>>>> and
>>>>
>>>> Sep 11 18:49:50 sjomainrtpe30 rtpengine[1030]: WARNING: [2-7859 at 2600:1f1c:4ff:3e01:f64d:2f67:c0fa:c931
>>>> port 50000]: No support for kernel packet forwarding available (decryption
>>>> cipher or HMAC not supported by kernel module)
>>>>
>>>> which I assume is due to the first error I pasted.
>>>>
>>>> So I tried
>>>>
>>>> - rebooting the system which maybe the module wasn't loaded properly.
>>>> - I reran modprobe to make sure the module is installed
>>>> - I ran some dkms command to see if any error pop up due to the kernel
>>>> version I'm running and I see no errors:
>>>>
>>>> dkms status
>>>> falco, 0.20.0+d77080a, 5.3.0-1032-aws, x86_64: installed
>>>> falco, 0.20.0+d77080a, 5.3.0-1035-aws, x86_64: installed
>>>> ngcp-rtpengine, 9.0.1.0+0~mr9.0.1.0, 5.3.0-1032-aws, x86_64: installed
>>>> ngcp-rtpengine, 9.0.1.0+0~mr9.0.1.0, 5.3.0-1035-aws, x86_64: installed
>>>>
>>>> So I'm running out of options.
>>>>
>>>> Any advice?
>>>>
>>>>
>>>> On Fri, Sep 11, 2020 at 3:17 PM Alex Balashov <
>>>> abalashov at evaristesys.com> wrote:
>>>>
>>>>> There is an RTPEngine mailing list, I believe, but RTPEngine questions
>>>>> are often posed here given its close association with Kamailio. What's
>>>>> going on?
>>>>>
>>>>> On 9/11/20 2:57 PM, Andrew Chen wrote:
>>>>> > Hey guys,
>>>>> >
>>>>> > Is this the right place to ask about rtpengine (ngcp) related issues
>>>>> > with kernel packet forwarding?
>>>>> >
>>>>> > Thanks.
>>>>> >
>>>>> > --
>>>>> > Andy Chen
>>>>> > Sr. Telephony Lead Engineer
>>>>> > achen@ <mailto:achen at thinkingphones.com>fuze.com <http://fuze.com>
>>>>> >
>>>>> >
>>>>> >
>>>>> > *Confidentiality Notice: The information contained in this e-mail
>>>>> and any
>>>>> > attachments may be confidential. If you are not an intended
>>>>> recipient, you
>>>>> > are hereby notified that any dissemination, distribution or copying
>>>>> of this
>>>>> > e-mail is strictly prohibited. If you have received this e-mail in
>>>>> error,
>>>>> > please notify the sender and permanently delete the e-mail and any
>>>>> > attachments immediately. You should not retain, copy or use this
>>>>> e-mail or
>>>>> > any attachment for any purpose, nor disclose all or any part of the
>>>>> > contents to any other person. Thank you.*
>>>>> >
>>>>> > _______________________________________________
>>>>> > Kamailio (SER) - Users Mailing List
>>>>> > sr-users at lists.kamailio.org
>>>>> > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>> >
>>>>>
>>>>> --
>>>>> Alex Balashov | Principal | Evariste Systems LLC
>>>>>
>>>>> Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free)
>>>>> Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
>>>>>
>>>>> _______________________________________________
>>>>> Kamailio (SER) - Users Mailing List
>>>>> sr-users at lists.kamailio.org
>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>
>>>>
>>>>
>>>> --
>>>> Andy Chen
>>>> Sr. Telephony Lead Engineer
>>>> 415 516 5535 (M)
>>>> achen@ <achen at thinkingphones.com>fuze.com
>>>>
>>>>
>>>
>>> --
>>> Andy Chen
>>> Sr. Telephony Lead Engineer
>>> 415 516 5535 (M)
>>> achen@ <achen at thinkingphones.com>fuze.com
>>>
>>>
>>> *Confidentiality Notice: The information contained in this e-mail and any
>>> attachments may be confidential. If you are not an intended recipient,
>>> you
>>> are hereby notified that any dissemination, distribution or copying of
>>> this
>>> e-mail is strictly prohibited. If you have received this e-mail in error,
>>> please notify the sender and permanently delete the e-mail and any
>>> attachments immediately. You should not retain, copy or use this e-mail
>>> or
>>> any attachment for any purpose, nor disclose all or any part of the
>>> contents to any other person. Thank you.*
>>>
>>> _______________________________________________
>>> Kamailio (SER) - Users Mailing Listsr-users at lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>
>>> --
>>> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda
>>> Funding: https://www.paypal.me/dcmierla
>>>
>>> _______________________________________________
>>> Kamailio (SER) - Users Mailing List
>>> sr-users at lists.kamailio.org
>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
>
>
> --
> Andy Chen
> Sr. Telephony Lead Engineer
> 415 516 5535 (M)
> achen@ <achen at thinkingphones.com>fuze.com
>
>

-- 
Andy Chen
Sr. Telephony Lead Engineer
415 516 5535 (M)
achen@ <achen at thinkingphones.com>fuze.com

-- 
*Confidentiality Notice: The information contained in this e-mail and any

attachments may be confidential. If you are not an intended recipient, you

are hereby notified that any dissemination, distribution or copying of this

e-mail is strictly prohibited. If you have received this e-mail in error,

please notify the sender and permanently delete the e-mail and any

attachments immediately. You should not retain, copy or use this e-mail or

any attachment for any purpose, nor disclose all or any part of the

contents to any other person. Thank you.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200914/092fefdb/attachment.htm>

More information about the sr-users mailing list