Build RTPEngine HEAD without Kernel Support

[Joshua Elson]

Doing a fairly standard multi-stage Docker build like this:

FROM debian:bookworm-slim AS build

RUN apt-get update && apt-get install -y --no-install-recommends \

build-essential \

ca-certificates \

curl \

default-libmysqlclient-dev \

g++ \

gcc \

git \

gperf \

iproute2 \

iptables \

libavcodec-extra \

libavfilter-dev \

libcurl4-openssl-dev \

libevent-dev \

libhiredis-dev \

libiptc-dev \

libjson-glib-dev \

libopus-dev \

libpcap-dev \

libpcre3-dev \

libspandsp-dev \

libssl-dev \

libwebsockets-dev \

libxmlrpc-core-c3-dev \

make \

markdown \

pandoc \

libnftnl-dev \

libmnl-dev \

&& rm -rf /var/lib/apt/lists/*

WORKDIR /usr/src

RUN git clone https://github.com/sipwise/rtpengine

WORKDIR /usr/src/rtpengine/daemon

RUN make with_iptables_option=no with_transcoding=yes -j$(nproc) install

FROM debian:bookworm-slim

VOLUME ["/tmp"]

ENTRYPOINT ["/entrypoint.sh"]

CMD ["rtpengine"]

EXPOSE 23000-32768/udp 22222/udp

RUN --mount=type=cache,target=/var/cache/apt \

apt-get update && apt-get install -y --no-install-recommends \

libglib2.0-0 \

libavcodec-extra \

libavfilter8 \

libcurl4 \

libevent-2.1-7 \

libevent-pthreads-2.1-7 \

libhiredis0.14 \

libip6tc2 \

libiptc0 \

libjson-glib-1.0-0 \

libmariadb3 \

libopus0 \

libpcap0.8 \

libpcre3 \

libspandsp2 \

libssl3 \

libwebsockets17 \

libxmlrpc-core-c3 \

libnftnl11 \

iproute2 \

dnsutils \

&& rm -rf /var/lib/apt/lists/*

COPY --from=build /usr/src/rtpengine/daemon/rtpengine /usr/local/bin/rtpengine

COPY ./entrypoint.sh /entrypoint.sh

COPY ./rtpengine.conf /etc

Issue is that on running, end up with this error:

[1698954242.541404] INFO: [crypto] Generating new DTLS certificate
Fatal error: Failed to create nftables chains or rules: error returned from netlink for delete rule (Address family not supported by protocol)
[1698954242.572711] CRIT: [core] Fatal error: Failed to create nftables chains or rules: error returned from netlink for delete rule (Address family not supported by protocol)

I know things are somewhat in flux with the removal of the iptables stuff, but if I am not wanting to use kernel support right now, is there a way to disable?

[Richard Fuchs]

On 02/11/2023 15.58, [EXT] Joshua Elson wrote:
> Issue is that on running, end up with this error:
>
> [1698954242.541404] INFO: [crypto] Generating new DTLS certificate
> Fatal error: Failed to create nftables chains or rules: error returned
> from netlink for delete rule (Address family not supported by protocol)
> [1698954242.572711] CRIT: [core] Fatal error: Failed to create
> nftables chains or rules: error returned from netlink for delete rule
> (Address family not supported by protocol)
>
> I know things are somewhat in flux with the removal of the iptables
> stuff, but if I am not wanting to use kernel support right now, is
> there a way to disable?

Simply disabling the kernel mode should do the trick, by setting the
table= option (or -t switch) to -1.

Cheers