Closed ciscospirit closed 1 year ago
Hey @ciscospirit do you have the coredump file available?
Can you tell me, how i can create that? i enabled it here /etc/default/captagent but it doesn't generate coredump for it.
btw: beside this problem, if i need it just for SIP, would it not easier to use heplify instead of captagent?
@ciscospirit sure for simple SIP-only jobs heplify is always a great option with no requirements
so should be cancel the debugging for this right now and switching to heplify? can you maybe give me instruction, how to use it just for SIP?
is this enough? ./heplify -hs homer.xxx.xxx:9060 -nt tls -m SIP -hn sp1
or do i need something more?
I'm not sure you should use the tls profile, unless the homer side is configured to receive it. Start simple:
./heplify -hs homer.xxx.xxx:9060 -m SIP -hn sp1 -hi 1001
@ciscospirit
I tested right now the configuration you hav, with ONLY SIP enabled in in socket_pcap.xml
and I don't see any problem.
Can you install coredumpctl and check for the core dump created.
Second, It's always a good practice to put the networking device name in dev
<param name="dev" value="eth0"/>
and not let any
Also, remove this <load module="protocol_tls" register="local"/>
from rtpagent.xml
hey, as we have several neth adapters inside for subsribers and peerings, i thought "any" would be better for that?
what about the rest of the modules? are the all needed for sip only?
<load module="transport_hep" register="local"/>
<load module="protocol_sip" register="local"/>
<load module="database_hash" register="local"/>
<load module="protocol_rtcp" register="local"/>
<load module="socket_pcap" register="local"/>
i think database_hash and protocol_rtcp is useless or?
any
is only a good option if you don't have actual traffic on localhost as well as real interfaces.
If you only want SIP, none of the modules matter. You can switch without special settings.
root@sp2:/# coredumpctl list
No journal files were found.
No coredumps found.
@ciscospirit
These are the modules that MUST be present in rtpagent.xml
to have a minimum working config
<load module="transport_hep" register="local"/>
<load module="protocol_sip" register="local"/>
<load module="database_hash" register="local"/>
<load module="protocol_rtcp" register="local"/>
<load module="socket_pcap" register="local"/>
but if you only want SIP you just need to have this setup in socket_pcap.xml
<profile name="socketspcap_sip" description="HEP Socket" enable="true" serial="2014010402">
<profile name="socketspcap_rtcp" description="HEP Socket" enable="false" serial="2014010402">
Then any
could not be a good fit for some VLAN traffic, it depends on various factors
Btw the coredump could be generated on the next stop of captagent.
My 5c here is that some SIP traffic is causing this because it has some VLAN tags and has an issue with any
.
I just tested with normal SIP on 5060 and no issue occurred.
yes we have a lot of vlans and bond configured... so in your opinion, which interface i should take? can i list there several interfaces like neth0,neth1,neth2?
@ciscospirit i suggest moving this issue to helplify if that's the subject, and reading the docs and examples there
we are still trying to solve it with captagent and the bond,vlan,neth configuration, as kYro things, it is a problem with the vlan.
we have neth8,neth9 which generates bonding0 and neth0, neth2 for bond2, so i am not sure how i configure socket_pcap.xml for several devices.
can i just duplicate the "
@ciscospirit no, you cannot list neth0,neth1,...,netN in dev
.
You need to define multiple profiles for SIP, one each taking its interface, but this has some limitations, as socket_pcap is using libpcap library and the application is not multithreading.
So it could be that the application cannot hold too much traffic, but it's good to try.
Plus, if you have VLAN you must set it in the BPF filter.
This said, you can try something like this is socket_pcap.xml
<profile name="socketspcap_sip0" description="HEP Socket" enable="true" serial="2014010402">
<settings>
<param name="dev" value="neth0"/>
<param name="promisc" value="true"/>
<param name="reasm" value="false"/>
<param name="websocket-detection" value="false"/>
<param name="tcpdefrag" value="false"/>
<param name="erspan" value="false"/>
<!-- <param name="capture-filter" value="ip_to_ip"/> -->
<param name="capture-plan" value="sip_capture_plan.cfg"/>
<param name="filter">
<value>vlan and port 5060 and length >= 64</value>
</param>
</settings>
</profile>
<profile name="socketspcap_sip1" description="HEP Socket" enable="true" serial="2014010402">
<settings>
<param name="dev" value="neth1"/>
<param name="promisc" value="true"/>
<param name="reasm" value="false"/>
<param name="websocket-detection" value="false"/>
<param name="tcpdefrag" value="false"/>
<param name="erspan" value="false"/>
<!-- <param name="capture-filter" value="ip_to_ip"/> -->
<param name="capture-plan" value="sip_capture_plan.cfg"/>
<param name="filter">
<value>vlan and port 5060 and length >= 64</value>
</param>
</settings>
</profile>
NOTE: socketspcap_sip0 and socketspcap_sip1
NOTE1: it should be recommended to put the minimum length to filter out bad or corrupted files (the minimum size of an ISO-OSI packet with a payload is usually 64 bytes).
NOTE2: That VLAN BPF filter is intended to catch SIP traffic ONLY with VLAN.
If you want to catch both VLAN and not VLAN this should be the correct filter
(ip and port 5060 and len >= 64) or (vlan and port 5060 and len >= 64)
Let me know if this helps, anyway do some tst from your side, I'm sure there's a configuration setup that do the trick for you :)
Regards
Hello,
it looks like that my captagent has some problems. but i can't figure it out, where the problem belongs to.
it just happens on the productive server, so where SIP data is generated and not on the standby node. i use captagent only for the SIP capturing. RTCP i am doing via RTPengine and Callogs with Hepipe.js
any idea?
My Config Files. Every other config file or capture plan I left untouched from version 6.4.1
socket_pcap.xml
transport_hep.xml
protocol_sip.xml