[BUGFIX] "srtp unprotect failed code 9" tentative fix - feedback needed
659 views
Skip to first unread message
Juan Navarro
Jun 2, 2019, 5:53:14 AM6/2/19
to kur...@googlegroups.com
Hi,
we might have a good fix for the "srtp unprotect failed code 9" error that has been causing issues to Kurento users since a long time already. This problem was the cause of audio/video synchronization issues, video freezes, and overall broken streams; if you have seen it in your application or your Kurento installation, then you'll want to try this fix and provide feedback about whether it helps or not.
Packages can be upgraded with 'apt-get', by using this repository during the installation:
For Ubuntu 16.04 Xenial:
deb [arch=amd64] http://ubuntu.openvidu.io/fix-srtp-unprotect xenial kms6
For Ubuntu 18.04 Bionic:
deb [arch=amd64] http://ubuntu.openvidu.io/fix-srtp-unprotect bionic kms6
Or alternatively with the Docker image 'kurento-media-server-exp:fix-srtp-unprotect', as available here: https://hub.docker.com/r/kurento/kurento-media-server-exp/tags
This issue had been reported several times over time, in both out bug tracker and Community group / mailing list:
- srtpdec unprotect failed code 9
- Audio and Video out of sync in Kurento 6.7.1
- Unable to unprotect buffer (unprotect failed code 9)
- Video freezes and Failed to unprotect SRTP packet, err=9
As you can deduce right away from the titles of these reports, the warning preceded some severe issues that would end up causing broken streams, either with losing audio/video synchronization, or directly causing a frozen stream.
This warning was being emitted from the 3rd-party libSRTP library that provides Kurento with support for the SRTP protocol, a key part of the secure communications required by WebRTC. The actual problem that was hiding behind this warning is one of packet loss: packets that got lost due to bad network conditions were not able to be re-sent. This is obviously a bad thing! basically, any network condition that caused packet loss would render your streams broken, as the retransmission mechanism wasn't working correctly. The stream receiver never got those missing packets, which explains the symptoms reported by users.
The tentative fix contained in the 'fix-srtp-unprotect' branch will probably fix the issues, but there is nothing better than real-world feedback from all the sorts of use cases that are serviced by Kurento. So please, let us know in here if this experimental branch is working better for you. I'll be also writing in the issues and topics linked above.
Regards,
we might have a good fix for the "srtp unprotect failed code 9" error that has been causing issues to Kurento users since a long time already. This problem was the cause of audio/video synchronization issues, video freezes, and overall broken streams; if you have seen it in your application or your Kurento installation, then you'll want to try this fix and provide feedback about whether it helps or not.
Packages can be upgraded with 'apt-get', by using this repository during the installation:
For Ubuntu 16.04 Xenial:
deb [arch=amd64] http://ubuntu.openvidu.io/fix-srtp-unprotect xenial kms6
For Ubuntu 18.04 Bionic:
deb [arch=amd64] http://ubuntu.openvidu.io/fix-srtp-unprotect bionic kms6
Or alternatively with the Docker image 'kurento-media-server-exp:fix-srtp-unprotect', as available here: https://hub.docker.com/r/kurento/kurento-media-server-exp/tags
This issue had been reported several times over time, in both out bug tracker and Community group / mailing list:
- srtpdec unprotect failed code 9
- Audio and Video out of sync in Kurento 6.7.1
- Unable to unprotect buffer (unprotect failed code 9)
- Video freezes and Failed to unprotect SRTP packet, err=9
As you can deduce right away from the titles of these reports, the warning preceded some severe issues that would end up causing broken streams, either with losing audio/video synchronization, or directly causing a frozen stream.
This warning was being emitted from the 3rd-party libSRTP library that provides Kurento with support for the SRTP protocol, a key part of the secure communications required by WebRTC. The actual problem that was hiding behind this warning is one of packet loss: packets that got lost due to bad network conditions were not able to be re-sent. This is obviously a bad thing! basically, any network condition that caused packet loss would render your streams broken, as the retransmission mechanism wasn't working correctly. The stream receiver never got those missing packets, which explains the symptoms reported by users.
The tentative fix contained in the 'fix-srtp-unprotect' branch will probably fix the issues, but there is nothing better than real-world feedback from all the sorts of use cases that are serviced by Kurento. So please, let us know in here if this experimental branch is working better for you. I'll be also writing in the issues and topics linked above.
Regards,
Truring Team
Jun 3, 2019, 1:33:41 AM6/3/19
to kur...@googlegroups.com
Hi Juan,
I want to compile and install this branch , can you please share git link to compile and install this package.
Regards
Puneet Singh
--
You received this message because you are subscribed to the Google Groups "kurento" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kurento+u...@googlegroups.com.
To post to this group, send email to kur...@googlegroups.com.
Visit this group at https://groups.google.com/group/kurento.
To view this discussion on the web visit https://groups.google.com/d/msgid/kurento/59933c4e-d09f-2b64-ca2c-5d794b420fb6%40gmx.es.
For more options, visit https://groups.google.com/d/optout.
Juan Navarro
Jun 3, 2019, 6:24:34 AM6/3/19
to kurento
The fix is in the 'fix-srtp-unprotect' branch of libsrtp and the unit tests that will detect if libsrtp is doing the correct thing are in the same named branch in kms-elements, in the test 'test_srtp' (srtp.c)
You can build the fixed libsrtp fork in Ubuntu 16.04 or 18.04 with these commands:
git clone https://github.com/Kurento/adm-scripts.git
git clone https://github.com/Kurento/libsrtp.git
cd libsrtp
git checkout fix-srtp-unprotect
../adm-scripts/kurento-buildpackage.sh
Priyanka Gopalghare
Jun 12, 2019, 9:33:38 AM6/12/19
to kurento
I have installed Kurento media server on Ubuntu 18.04 (Bionic) and coturn server as well. I am trying to run simple "Hello World Example" or "one2one-Call" examples from Kurento tutorials on that server.
But, I am not able to view the Remote stream, there is no error in the console of both of the user.
We are migrating to the Ubuntu 18.04 as Ubuntu 14 Trusty is deprecated and Audio video sync problem was there, you have mentioned about the fix of that problem in the following discussion : https://groups.google.com/forum/#!topic/kurento/cKzgDVrAch4/discussion
Please, help to resolve the issue.
Juan Navarro
Jun 13, 2019, 5:55:18 AM6/13/19
to kur...@googlegroups.com
Hi, are you using Kurento 6.10, the nightly versions, or any of the
experimental branches?
Also what language are you using for your application server? (Java, Javascript)
Also what language are you using for your application server? (Java, Javascript)
--
You received this message because you are subscribed to a topic in the Google Groups "kurento" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/kurento/cKzgDVrAch4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to kurento+u...@googlegroups.com.
To post to this group, send email to kur...@googlegroups.com.
Visit this group at https://groups.google.com/group/kurento.
To view this discussion on the web visit https://groups.google.com/d/msgid/kurento/24d951dc-095f-4c6c-9736-7539b632e0ed%40googlegroups.com.
Priyanka Gopalghare
Jun 13, 2019, 6:29:29 AM6/13/19
to kur...@googlegroups.com
I am using Kurento 6.10, the nightly versions and I am following Java tutorials.
I have tried to install on Physical machine having IP address which belong to same Subnet of the user on which I am running the JVM. This works fine for me even audio and video synch problem also solved.
But, the instance that created on AWS, still facing the issue of remote stream, please suggest what changes we have to do in COTURN server or KMS 6.10?
Best Regards,
Priyanka Goplghare
You received this message because you are subscribed to the Google Groups "kurento" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kurento+u...@googlegroups.com.
To post to this group, send email to kur...@googlegroups.com.
Visit this group at https://groups.google.com/group/kurento.
To view this discussion on the web visit https://groups.google.com/d/msgid/kurento/a4b852f4-843c-baa7-1e8c-474fa60633df%40gmx.es.
Juan Navarro
Jun 13, 2019, 7:01:05 AM6/13/19
to kur...@googlegroups.com
Check the installation tips for Coturn, making sure that everything
is correctly configured, also keep an eye on the specific details
needed for Amazon AWS and the Security Groups.
I'd say, start by opening up all ports (100% open) in your Security Group configuration, as an initial first step to make sure the Coturn ports are not being blocked. Then if it works, you can work from there to close unneeded ports.
I'd say, start by opening up all ports (100% open) in your Security Group configuration, as an initial first step to make sure the Coturn ports are not being blocked. Then if it works, you can work from there to close unneeded ports.
To view this discussion on the web visit https://groups.google.com/d/msgid/kurento/CADBtpVxW4XA2isCFFe7yZMMzDwDmjgCOyJmNiGgU%2BNdxSO0qJw%40mail.gmail.com.
Erik Petersen
Oct 10, 2019, 11:54:50 PM10/10/19
to kurento
Has this fix made it into any of the releases? I am running KMS 6.9 and looking to upgrade to 6.11
On Thursday, June 13, 2019 at 4:01:05 AM UTC-7, Juan Navarro wrote:
Check the installation tips for Coturn, making sure that everything is correctly configured, also keep an eye on the specific details needed for Amazon AWS and the Security Groups.
I'd say, start by opening up all ports (100% open) in your Security Group configuration, as an initial first step to make sure the Coturn ports are not being blocked. Then if it works, you can work from there to close unneeded ports.
On 13/6/19 12:29, Priyanka Gopalghare wrote:
I am using Kurento 6.10, the nightly versions and I am following Java tutorials.I have tried to install on Physical machine having IP address which belong to same Subnet of the user on which I am running the JVM. This works fine for me even audio and video synch problem also solved.
But, the instance that created on AWS, still facing the issue of remote stream, please suggest what changes we have to do in COTURN server or KMS 6.10?
Best Regards,Priyanka Goplghare
On Thu, Jun 13, 2019 at 3:25 PM Juan Navarro <juan....@gmx.es> wrote:
Hi, are you using Kurento 6.10, the nightly versions, or any of the experimental branches?
Also what language are you using for your application server? (Java, Javascript)
On 12/6/19 15:33, Priyanka Gopalghare wrote:
I have installed Kurento media server on Ubuntu 18.04 (Bionic) and coturn server as well. I am trying to run simple "Hello World Example" or "one2one-Call" examples from Kurento tutorials on that server.--But, I am not able to view the Remote stream, there is no error in the console of both of the user.
We are migrating to the Ubuntu 18.04 as Ubuntu 14 Trusty is deprecated and Audio video sync problem was there, you have mentioned about the fix of that problem in the following discussion : https://groups.google.com/forum/#!topic/kurento/cKzgDVrAch4/discussion
Please, help to resolve the issue.
On Monday, June 3, 2019 at 3:54:34 PM UTC+5:30, Juan Navarro wrote:The fix is in the 'fix-srtp-unprotect' branch of libsrtp and the unit tests that will detect if libsrtp is doing the correct thing are in the same named branch in kms-elements, in the test 'test_srtp' (srtp.c)
You can build the fixed libsrtp fork in Ubuntu 16.04 or 18.04 with these commands:
git clone https://github.com/Kurento/libsrtp.git
cd libsrtp
git checkout fix-srtp-unprotect
../adm-scripts/kurento-buildpackage.sh
On Monday, June 3, 2019 at 7:33:41 AM UTC+2, Truring Team wrote:
I want to compile and install this branch , can you please share git link to compile and install this package.
You received this message because you are subscribed to a topic in the Google Groups "kurento" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/kurento/cKzgDVrAch4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to kur...@googlegroups.com.
To post to this group, send email to kur...@googlegroups.com.
Visit this group at https://groups.google.com/group/kurento.
To view this discussion on the web visit https://groups.google.com/d/msgid/kurento/24d951dc-095f-4c6c-9736-7539b632e0ed%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "kurento" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kur...@googlegroups.com.
To post to this group, send email to kur...@googlegroups.com.
Visit this group at https://groups.google.com/group/kurento.
To view this discussion on the web visit https://groups.google.com/d/msgid/kurento/a4b852f4-843c-baa7-1e8c-474fa60633df%40gmx.es.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to a topic in the Google Groups "kurento" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/kurento/cKzgDVrAch4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to kur...@googlegroups.com.
Micael Gallego
Oct 11, 2019, 4:22:10 AM10/11/19
to kur...@googlegroups.com
I recommend to you to always try new versions as many bugs are fixed in every release.
Best regards
Micael Gallego
Kurento / OpenVidu Project Lead
To unsubscribe from this group and stop receiving emails from it, send an email to kurento+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/kurento/e9a59b72-4949-4e89-aa9b-8ef9d4f57efd%40googlegroups.com.
Erik Petersen
Oct 11, 2019, 10:18:10 AM10/11/19
to kur...@googlegroups.com
I agree, 6.9 just made it through our dev + QA pipeline and is getting ready for release.
We are unable to reproduce in our testing environments, I would like to know whether I should be targeting 6.11 or the branch mentioned in this discussion
To view this discussion on the web visit https://groups.google.com/d/msgid/kurento/CAFXW_DsXFS7ooiGxMc-QxA3KAORJ57z1hbe1z3Z_Yc_zN-zP5Q%40mail.gmail.com.
Micael Gallego
Oct 11, 2019, 11:06:15 AM10/11/19
to kur...@googlegroups.com
6.12 will be released in a few days... You should use it
To view this discussion on the web visit https://groups.google.com/d/msgid/kurento/CAFqPhrLH_WjGTbF3KRWmsFz4rvDmrpML9%2BNDzQ7m4aS0cUG5Jw%40mail.gmail.com.
Erik Petersen
Oct 11, 2019, 12:47:55 PM10/11/19
to kurento
Will do, but can you confirm that the "fix-srtp-unprotect" is included in that version?
I checked the KMS changelog and didn't see any mentioned of it, but also the https://github.com/Kurento/libsrtp repo doesn't have that branch anymore. So I'm assuming the answer is yes but could you please confirm?
On Friday, October 11, 2019 at 8:06:15 AM UTC-7, Micael Gallego Carrillo wrote:
6.12 will be released in a few days... You should use it
To unsubscribe from this group and stop receiving emails from it, send an email to kur...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/kurento/e9a59b72-4949-4e89-aa9b-8ef9d4f57efd%40googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "kurento" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kur...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/kurento/CAFXW_DsXFS7ooiGxMc-QxA3KAORJ57z1hbe1z3Z_Yc_zN-zP5Q%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "kurento" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kur...@googlegroups.com.
Juan Navarro
Oct 11, 2019, 2:28:13 PM10/11/19
to kurento
On Friday, October 11, 2019 at 6:47:55 PM UTC+2, Erik Petersen wrote:
Will do, but can you confirm that the "fix-srtp-unprotect" is included in that version?I checked the KMS changelog and didn't see any mentioned of it, but also the https://github.com/Kurento/libsrtp repo doesn't have that branch anymore. So I'm assuming the answer is yes but could you please confirm?
Hi,
the branch "fix-srtp-unprotect" has been recently rebased into master in the repo libsrtp, so nightly builds already come with a patched build of libsrtp 1.6.0; this should provide the behavior on which Kurento depends, and lost packets shouldn't cause so many "unprotect failed code 9" warnings.
master is having a lot of movement these days because we're fixing lots of small issues in generation of JS clients and documentation, so I'd wait a couple days. Release 6.12 will include the libsrtp fix, and also a critical stability fix (https://github.com/Kurento/bugtracker/issues/393) plus some memory leaks have been resolved in GStreamer (https://github.com/Kurento/gst-plugins-bad/commit/f60f923233ebf9ecf3b9a2a694de867f790acb74,
The changelogs are being written for the release; they don't get much updates in between releases during the development.
Regards,
Juan
Erik Petersen
Oct 11, 2019, 4:32:25 PM10/11/19
to kurento
Thanks you so much for the info Juan!
Reply all
Reply to author
Forward
0 new messages