Evening! I ditched firewalld and swapped to configuring iptables manually… I’ve also made some basic calls with media going in/out of the same interface and I’m still seeing the audio stop completely or become one-way once kernelized. On the two different interfaces, I get no-way audio once kernelized. Weird!
Could this be related to the kernel module being unsigned (running CentOS 8 Stream)? kernel: xt_RTPENGINE: loading out-of-tree module taints kernel. kernel: xt_RTPENGINE: module verification failed: signature and/or required key missing - tainting kernel kernel: Registering xt_RTPENGINE module - version git-HEAD-5bf2c50a systemd-modules-load[781]: Inserted module 'xt_RTPENGINE' Have been pulling my hair out! [root@blahblah zgadmin]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination rtpengine udp -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere //cut// Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain rtpengine (1 references) target prot opt source destination RTPENGINE udp -- anywhere anywhere RTPENGINE id:0 Cheers, Tim From: Richard Fuchs <[email protected]> Sent: Friday, March 3, 2023 9:10 PM To: [email protected] Subject: [SR-Users] Re: Rtpengine: no audio after kernelization. On 02/03/2023 22.13, [EXT] Tim Bowyer wrote: I’m having the same issue but believe it’s related to my network topology. I have multiple carrier-facing NIC’s and an internal NIC on each media proxy. Is this configuration supported? This should work fine as long as it's "just" normal IP routing and doesn't involve network namespaces or cgroups or things like that. (Source-based routing should work, but other policy routing options might not.) [[email protected]<mailto:[email protected]> blah]# cat /proc/rtpengine/0/list local inet4 203.x.x.x:40000 stats: 350880 bytes, 2040 packets, 0 errors RTP payload type 0: 0 bytes, 0 packets RTP payload type 8: 350880 bytes, 2040 packets SSRC in: 65aa31af output #0 src inet4 10.y.y.y:40000 dst inet4 203.x.x.x:39302 This looks like the kernel module is receiving packets just fine and is sending them out (or trying to). It should work as long as the kernel is able to route packets from the 10.x address to the 203.x address. I was also looking to find some config to make this working using firewalld rules, fishing through the Sipwise repos I stumbled across some firewalld rules as part of their automated builds but didn’t have any luck with them If somebody had some rules I could try would be much appreciated! There's two things here. One is the necessary "-j RTPENGINE" iptables rule, which is needed to pass the packets to the kernel module to process. The bundled systemd startup scripts are in charge of adding and removing that. However, if you have separate firewall scripts which may override or remove this rule in some way, then this needs to be taken into account, so you don't lose this rule. But from your /proc output it's obvious that this rule is in place. The other thing is that rtpengine is able to manage firewall rules for individual ports directly, opening and closing the firewall rules as individual ports are opened and closed. This is entirely optional, and needs to be enabled explicitly, and is in fact not recommended usage. Cheers
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
