tomas.mandys at 2p.cz
Wed Jun 27 20:32:20 CEST 2007
so I've finally "finished" work on RTPPROXY module, it seems it works
now for kernel 220.127.116.11.
Could änybody review code? What this module should support is described
in quoted text bellow and in relatively extensive
netfilter-rtpptoxy-howto.txt plus in manpages in tar. I'm not sure if
devel list accepts attachments so here is also the link
Does exist a reasonable CVS/SVN repository related to netfilter (pom)
where it could be placed? I don't preffer to establish for such
particular library extra sourceforge project.
Quoted from older email:
> It was developed primary for VoIP by SIP to our current
> application concerning RTP proxy. SIP call need at least 2 UDP streams
> (RTP&RTCP) for each session. But problem is when one client is hidden
> the NAT. In this case a RPT proxy is essential. All RTP traffic goes
> RTP proxy, in our case it was userspace application but because it
> redirect incomming packets to specified address or learn remote
> unnecessary copying rtp data between kernel and userspace. So I
> iptables module callled ipt_RTPPROXY+libipt_RTPPROXY that can do it in
> iptables, i.e. more efficiently. It's different case than connection
> and NAT. It's not trivial, there is learning and expiration logic.
> I also developed userspace utils that can alloc, update, delete, list
> sessions in iptables (using libipt_RTPPROXY). This is actually example
> encapsulate functionality in SIP router.
> The module is written as patch-o-matic-ng.
> Is it possible publish in netfilter.org CVS as (currently)
> module? What procedure must new modules pass to be accepted?
2p plus, s.r.o.
> -----Original Message-----
> From: Patrick McHardy [mailto:kaber at trash.net]
> Sent: Wednesday, October 11, 2006 12:07 PM
> To: Tomas Mandys
> Cc: netfilter-devel at lists.netfilter.org
> Subject: Re: RTP proxy module
> Tomas Mandys wrote:
> >>How is this different from the SIP conntrack/NAT helper,
> >>which can deal
> >>(well, not entirely yet) with clients behind NAT as well?
> > There is dedicated port range for RTP proxy, let's say 2000
> ports, so
> > 500 simultaneous calls may "processed" at one moment. One
> port for RTP,
> > second RTCP and both for each clients. Note data comming
> from opposite
> > direction are engaged in different conntrack (6666->3000,
> > and 2 related streams are related each other (RTP, RTCP)
> > Implementation via mangler, iptRTPPROXY changes in IP_PRE_ROUTING
> > callback destination (e.g.9000) address to route correctly,
> > IP_POST_CALLBACK rewrites source address (e.g.3002). There are more
> > features, like timeouts, statistics etc. RTP session allocation is
> > driven by SIP router via libipt_RTPPROXY. Because RTP stream are
> > specified apart from SIP RTP proxy does not know anything about
> > Call-id,fromtag,totag but only session-id. SIP router is responsible
> > from connecting them. SIP is mentioned here as example (I
> need it for
> > SIP).
> > Here is simplified scenario (no STUN)
> > [..]
> I'm not sure if iptables is really the best place to implement it,
> but I'll wait for your code. Please send it to the list once you
> think its ready.
> >>We currently only accept patches for patch-o-matic that we have an
> >>interest in maintaining ourselves (in case the author disappears,
> >>which happens regulary). The two other possibilities are external
> >>patch-o-matic repositories and/or an account on people.netfilter.org
> >>if you just need some webspace to publish it.
> > Maybe a link from netfilter.org to a separate
> sourceforge/berlios is OK
> > when you are not interested.
> We can add a link to an external pom repository.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 35421 bytes
Desc: not available
Url : /pipermail/netfilter-devel/attachments/20070627/52b5b076/netfilter-RTPPROXY-0001.bin
More information about the netfilter-devel