lib_RTPPROXY module

Wed Jun 27 20:32:20 CEST 2007

Hi,
so I've finally "finished" work on RTPPROXY module, it seems it works
now for kernel 2.6.17.8. 
Could änybody review code? What this module should support is described
in quoted text bellow and in relatively extensive
netfilter-rtpptoxy-howto.txt plus in manpages in tar. I'm not sure if
devel list accepts attachments so here is also the link
http://www.2p.cz/tmp/netfilter-rtpproxy.tgz.

Does exist a reasonable CVS/SVN repository related to netfilter (pom)
where it could be placed? I don't preffer to establish for such
particular library extra sourceforge project. 

Quoted from older email:
> It was developed primary for VoIP by SIP to our current 
> application concerning RTP proxy. SIP call need at least 2 UDP streams

> (RTP&RTCP) for each session. But problem is when one client is hidden
behind 
> the NAT. In this case a RPT proxy is essential. All RTP traffic goes
through 
> RTP proxy, in our case it was userspace application but because it
need only 
> redirect incomming packets to specified address or learn remote
ip/port it's 
> unnecessary copying rtp data between kernel and userspace. So I
developed 
> iptables module callled ipt_RTPPROXY+libipt_RTPPROXY that can do it in

> iptables, i.e. more efficiently. It's different case than connection
tracking 
> and NAT. It's not trivial, there is learning and expiration logic.

> I also developed userspace utils that can alloc, update, delete, list
RTP 
> sessions in iptables (using libipt_RTPPROXY). This is actually example
how to 
> encapsulate functionality in SIP router. 

> The module is written as patch-o-matic-ng.
> Is it possible publish in netfilter.org CVS as (currently)
experimental 
> module? What procedure must new modules pass to be accepted?

Thanks

Tomáš Mandys
2p plus, s.r.o.
http://www.2p.cz  

> -----Original Message-----
> From: Patrick McHardy [mailto:kaber at trash.net] 
> Sent: Wednesday, October 11, 2006 12:07 PM
> To: Tomas Mandys
> Cc: netfilter-devel at lists.netfilter.org
> Subject: Re: RTP proxy module
> 
> 
> Tomas Mandys wrote:
> >>How is this different from the SIP conntrack/NAT helper, 
> >>which can deal
> >>(well, not entirely yet) with clients behind NAT as well?
> > 
> > 
> > There is dedicated port range for RTP proxy, let's say 2000 
> ports, so
> > 500 simultaneous calls may "processed" at one moment. One 
> port for RTP,
> > second RTCP and both for each clients. Note data comming 
> from opposite
> > direction are engaged in different conntrack (6666->3000, 
> 9000->3002)
> > and 2 related streams are related each other (RTP, RTCP)
> > 
> > Implementation via mangler, iptRTPPROXY changes in IP_PRE_ROUTING
> > callback destination (e.g.9000) address to route correctly,
> > IP_POST_CALLBACK rewrites source address (e.g.3002). There are more
> > features, like timeouts, statistics etc. RTP session allocation is
> > driven by SIP router via libipt_RTPPROXY. Because RTP stream are
> > specified apart from SIP RTP proxy does not know anything about
> > Call-id,fromtag,totag but only session-id. SIP router is responsible
> > from connecting them. SIP is mentioned here as example (I 
> need it for
> > SIP).
> > 
> > 
> > Here is simplified scenario (no STUN)
> > 
> > [..]
> 
> I'm not sure if iptables is really the best place to implement it,
> but I'll wait for your code. Please send it to the list once you
> think its ready.
> 
> >>We currently only accept patches for patch-o-matic that we have an
> >>interest in maintaining ourselves (in case the author disappears,
> >>which happens regulary). The two other possibilities are external
> >>patch-o-matic repositories and/or an account on people.netfilter.org
> >>if you just need some webspace to publish it.
> > 
> > 
> > Maybe a link from netfilter.org to a separate 
> sourceforge/berlios is OK
> > when you are not interested.
> 
> We can add a link to an external pom repository.
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: netfilter-RTPPROXY.tgz
Type: application/x-compressed
Size: 35421 bytes
Desc: not available
Url : /pipermail/netfilter-devel/attachments/20070627/52b5b076/netfilter-RTPPROXY-0001.bin