Possible SYN flooding on port

245 views
Skip to first unread message

Ismael López Quintero

unread,
May 7, 2018, 5:40:42 AM5/7/18
to kurento
Hello friends: the last week my KMS crashed and I went to syslog to find this line: 

May  3 08:17:51 videoMCU1 kernel: TCP: request_sock_TCP: Possible SYN flooding on port 52081. Sending cookies.  Check SNMP counters.

It was excatly in the same momment in which KMS crashed. I have found this "solution" in github:


But the solution is to update to 6.7.2 in Xenial (I have Xenial KMS 6.7.0). It is a pre release (no still stable). 
My system is in production mode.


I thing I have two ways: 
1.: update to 6.7.2. (No stable). I don't like this idea because it is not stable.
2.: Compile source code. I installed a compiled Kurento via apt-get. I don't know if it is a good idea to download source 6.7.0 code and compile it to get bug fixing. (I don't know if it is easy or not).
What do you think I could do?

Thank you.

Micael Gallego

unread,
May 8, 2018, 6:33:53 PM5/8/18
to kur...@googlegroups.com
We will release 6.7.2 at the end of the week or beginning of the next week. 

Wait for a release or install dev (unstable) version, because it is very stable ;)

Best regards

Micael Gallego
Kurento / OpenVidu Project Lead

--
You received this message because you are subscribed to the Google Groups "kurento" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kurento+unsubscribe@googlegroups.com.
To post to this group, send email to kur...@googlegroups.com.
Visit this group at https://groups.google.com/group/kurento.
To view this discussion on the web visit https://groups.google.com/d/msgid/kurento/efb94a63-dd21-4bd7-88eb-d5bc30e931ca%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Paulo R. Lanzarin

unread,
May 9, 2018, 1:36:53 PM5/9/18
to kur...@googlegroups.com
Unrelated, but since Micael talked about the 6.7.2 release: was any work done regarding the libnice
crashes (https://github.com/Kurento/bugtracker/issues/247)?

I devised a workaround for the crashes by merging Kurento's libnice with the upstream version and
adding some assertions for null sockets, and it's working nicely for now. However, it's a workaround
nonetheless.

s,

Paulo.

To view this discussion on the web visit https://groups.google.com/d/msgid/kurento/CAFXW_Dvr_1numvcRDQEfznM3T1soePx48j6BDQwuHxadBwmQcg%40mail.gmail.com.

Ayaan

unread,
May 12, 2018, 4:12:27 PM5/12/18
to kurento
Hi Paulo,

Could you please share steps on this libnice workaround to help others? Thank you.
To unsubscribe from this group and stop receiving emails from it, send an email to kurento+u...@googlegroups.com.

To post to this group, send email to kur...@googlegroups.com.
Visit this group at https://groups.google.com/group/kurento.
To view this discussion on the web visit https://groups.google.com/d/msgid/kurento/efb94a63-dd21-4bd7-88eb-d5bc30e931ca%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "kurento" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kurento+u...@googlegroups.com.

To post to this group, send email to kur...@googlegroups.com.
Visit this group at https://groups.google.com/group/kurento.

Paulo R. Lanzarin

unread,
May 25, 2018, 3:41:17 PM5/25/18
to kur...@googlegroups.com
Hey Ayaan,

Sorry for the delay. If you aren't afraid of ignoring integration tests and such, and also ignore the ugliness of the workaround
(desperate times, desperate measures):
https://github.com/prlanzarin/libnice/tree/crash-fix-upstream.

This is merged with libnice upstream. I added checks for NULL gsocket occurrences and commented out an assertion regarding
ICE state transition that was aborting Kurento. I reckon the assert is there for a reason, and there's probably some underlying condition
making it fail; however, I lack the time to go deeper into that. Assertion abortions also shouldn't be used in production hehe.
If anyone digs what's the underlying condition for that btw, I'd appreciate news regarding the problem.

It's been working nice for me with heavy load sessions (~300 streams or more, sometimes). However, use at your  own risk :).

s, 

Paulo.

To unsubscribe from this group and stop receiving emails from it, send an email to kurento+unsubscribe@googlegroups.com.

To post to this group, send email to kur...@googlegroups.com.
Visit this group at https://groups.google.com/group/kurento.
To view this discussion on the web visit https://groups.google.com/d/msgid/kurento/1d58e28e-becb-4b8d-bf35-54c96d7c00b9%40googlegroups.com.

Ayaan

unread,
Jun 1, 2018, 11:57:42 PM6/1/18
to kurento
Thanks Paulo. Interesting solution. :) May I know your version of Kurento tested with this workaround?

Paulo R. Lanzarin

unread,
Jun 2, 2018, 2:59:55 AM6/2/18
to kur...@googlegroups.com

Upstream. We've been keeping all our components up to date with Kurento's master.

To unsubscribe from this group and stop receiving emails from it, send an email to kurento+unsubscribe@googlegroups.com.

To post to this group, send email to kur...@googlegroups.com.
Visit this group at https://groups.google.com/group/kurento.
To view this discussion on the web visit https://groups.google.com/d/msgid/kurento/63ed828c-726a-4b75-9d29-1939ebb0141c%40googlegroups.com.

Ayaan

unread,
Jun 2, 2018, 4:47:35 AM6/2/18
to kurento
Hi Paulo,

It talks about "Please refer to the INSTALL file for more details",  but there is no install file. So, after executing "./configure && make && sudo make install", is there any other steps required? Will it update libnice automatically?

Thanks much.

Paulo R. Lanzarin

unread,
Jun 4, 2018, 12:39:41 PM6/4/18
to kur...@googlegroups.com
Hey Ayaan,

I actually build the packages for testing and we're deploying our own .debs for libnice.
This branch can be built with the same approach as other KMS repos.

` mkdir build && cd build && sudo cmake .. && sudo make -j4 && sudo debuild -uc -us `

The aforementioned should generate the debs for libnice.


To unsubscribe from this group and stop receiving emails from it, send an email to kurento+unsubscribe@googlegroups.com.

To post to this group, send email to kur...@googlegroups.com.
Visit this group at https://groups.google.com/group/kurento.
To view this discussion on the web visit https://groups.google.com/d/msgid/kurento/bbb97c26-d35c-4910-8b94-18b490f15f12%40googlegroups.com.

Ayaan

unread,
Jun 4, 2018, 10:13:45 PM6/4/18
to kurento
Thanks Paulo. That worked. :)

Ayaan

unread,
Jun 22, 2018, 3:28:56 PM6/22/18
to kurento
Hi Paulo,

With the new libnice change with generated files "libgstnice15.so" and "libnice.so.10.7.0", we are seeing following errors now in peak load.

(kurento-media-server:15636): GLib-GIO-CRITICAL **: g_socket_send_message: assertion 'G_IS_SOCKET (socket)' failed

(kurento-media-server:15636): GLib-CRITICAL **: g_error_free: assertion 'error != NULL' failed
/usr/bin/kurento-media-server already running.

** (kurento-media-server:3885): WARNING **: (gstdtlsconnection.c:493):gst_dtls_connection_process: runtime check failed: (!priv->bio_buffer)

Ismael López Quintero

unread,
Aug 24, 2018, 1:08:33 PM8/24/18
to kurento
Hello!

I have come to the forum several times to check if KMS 6.7.2 was released to fix the bug in the post title (posssible syn flood on port) and nowadays my quaestion is: has it been released and I havent realized? I have read about libnice library (and compile source code) but I would like to install KMS via apt-get bug fixed. I added a semaphore to my Java signaling server to avoid concurrent connections but, as I mentioned, I'd like to have KMS bug fixed.

Please, help me.

Thank you.
Reply all
Reply to author
Forward
0 new messages