[Spce-user] No support for kernel packet forwarding available after upgrade to 10-5-5
Richard Fuchs
rfuchs at sipwise.com
Tue Oct 24 09:56:09 EDT 2023
On 24/10/2023 08.25, [EXT] Jiri Ptacnik wrote:
> thanks Richard,
>
> - we know for sure, there was not this problem on 9.5.8 and thinking
> about rollback or may be before it we try to upgrade to 11 LTS
> - another observation is, it is not persistent problem, it occurs sometimes
>
> Ownership looks good:
>
> root at sp:~# psaxu | grep rtpengine
> -bash: psaxu: command not found
> root at sp:~# ps axu | grep rtpengine
> rtpengi+ 771 0.2 0.3 2147604 38372 ? SLsl Oct23 2:50
> /usr/bin/rtpengine -f -E --no-log-
> timestamps --pidfile
> /run/rtpengine/ngcp-rtpengine-daemon.pid --config-file
> /etc/rtpengine/rtpengine.
> conf
> root 142591 0.0 0.0 3240 648 pts/1 S+ 14:21 0:00
> grep rtpengine
> root at sp:~# ls -la /proc/rtpengine/
> total 0
> dr-xr-xr-x 4 root root 0 Oct 24 14:21 .
> dr-xr-xr-x 279 root root 0 Oct 23 14:59 ..
> --w--w---- 1 root root 0 Oct 24 14:21 control
> -r--r--r-- 1 root root 0 Oct 24 14:21 list
No that doesn't look good. Rtpengine running as non-root cannot use the
root-owned files in /proc
You should have a file /etc/default/ngcp-rtpengine-daemon that contains
the required ownership and permission information, and that is used by
/usr/sbin/ngcp-rtpengine-iptables-setup when it loads the module.
You're probably either overriding the defaults file with a customtt, or
loading the kernel module separately or manually (perhaps via
/etc/modules-load.d/ or perhaps auto-loaded via a firewall script)
instead of being loaded by /usr/sbin/ngcp-rtpengine-iptables-setup
For the latter case, you can fix ownership via an entry in
/etc/modprobe.d/ – or alternatively you can set
rtpengine.run_as_root=yes in config.yml
(In mr11.5 we do provide the modprobe.d fragment – I'll see if that can
be backported to 10.5 as it's probably a good idea to have it there as
well.)
Cheers
More information about the Spce-user
mailing list