Fwd: [Fwd: Re: trying to revive rtsp]

Punky punkytse at gmail.com
Mon Feb 27 10:44:19 CET 2006


Hi all,

I am helping Mickael to resend his rtsp patch as he found his mail
can't get to the list promptly.  As far, I am able to use his patch on
my own 2.6.15 kernel.  He already has another cleaner version of the
patch and will post to the list later.

- Punky

---------- Forwarded message ----------
From: Mickael Marchand <marchand at kde.org>
Date: Feb 21, 2006 2:56 PM
Subject: [Fwd: Re: trying to revive rtsp]
To: punkytse at gmail.com


resent to you as my mail to netfilter-devel seems to take ages to get in ...

Cheers,
Mik

-------- Original Message --------
Subject: Re: trying to revive rtsp
Date: Mon, 20 Feb 2006 21:16:49 +0100
From: Mickael Marchand <marchand at kde.org>
To: Patrick McHardy <kaber at trash.net>
CC: netfilter-devel at lists.netfilter.org
References: <43F87D21.7090305 at kde.org> <43F9FE37.9020109 at trash.net>

Hi,

thanks for the tip Patrick, there were 2 bugs in my expectation paquet
as you thought, and I was missing the expectfn function mainly.

after fighting some hours with the code, importing old code back,
merging code from ip_conntrack_irc, I have been able to watch 3 RTSP
streams simultaneously behind my iptables firewall :)

it's probably bad code that definitely needs review and help from
others, my knowledge of netfilter being so low.

full patch against 2.6.15 attached

I will try to improve it if experienced netfilter people can give me the
good directions.

all comments are welcome :)

and well, of course, testers are welcome too.

Cheers,
Mik

Patrick McHardy wrote:
> Mickael Marchand wrote:
>
>>Hi,
>>
>>I am really a newbie to the netfilter coding world, so please forgive
>>any stupid questions :)
>>
>>I have mostly ported the old rtsp conntrack+nat code to recent 2.6
>>kernels, compiles and loads fine into the kernel,
>>but I have some problems to make it work now :)
>>
>>the initial TCP connexion to the RTSP server:554 is correctly detected
>>and the expectation packet seems to be properly setup :
>>cat /proc/net/ip_conntrack_expect
>>255 proto=17 src=212.27.38.253 dst=10.0.0.2 sport=0 dport=33302
>>
>>212.27.38.253 is the RTSP server, 10.0.0.2 is the client, 10.0.0.1 is
>>the netfilter box.
>>
>>so once the TCP connexion has been established, we expect a UDP stream
>>from the server going to the client port 33302.
>>
>>my problem is that the expected packet does not get through the
>>netfilter box, I can see the UDP stream coming from the RTSP server and
>>going to my netfilter box,
>>the expectation packet seems to get removed of
>>/proc/net/ip_conntrack_expect as well (so basically it looks all good)
>>but the netfilter box does not forward packets to 10.0.0.2.
>>so it looks like a NAT problem to me, maybe the UDP packets are not
>>getting NAT-ed back to the client.
>>
>>my first question would be :
>>is it expected to see 10.0.0.2 in the expected paquet ?
>>should not it be my external IP instead ?
>>
>>any tips in what direction I could look ? :)
>
>
> Probably something related to the expect API changes and/or missing
> initializations. Compare your helper with other helpers and make sure
> you initialize all fields of struct ip_conntrack_expect properly.






--
--
Regards,
Punky
P U N K N ! X  . c o m
Technology + Lifestyle
(http://www.punknix.com)

Voyage Linux
(http://www.voyage.hk/software/voyage.html)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2.6.15-rtsp.patch
Type: text/x-patch
Size: 41377 bytes
Desc: not available
Url : /pipermail/netfilter-devel/attachments/20060227/c2a47737/2.6.15-rtsp-0001.bin


More information about the netfilter-devel mailing list