Install

md5-hash:4687c7b3dc9018599360eb992adc5657 weight:0 depth:2 Install

xt_RTPPROXY.ko

kernel module, rtp sessions, sockopt interface for session manipulation, statistics

1) compile kernel module

  make
  make modules_install install

2) load module

  su -
  modprobe -i xt_RTPPROXY

3) list if module loaded

  lsmod

4) check kernel log in case or problem

  dmesg

libipt_RTPPROXY.so

extensions for iptables, connecting to .ko using control socket, requires root but rights may be limited by capabilities (CAP_NET_ADMIN,CAP_NET_RAW). See iptrtpproxy.8 manpages

Library provides API fow RTP session manipulation.

1) compile

2) prepare iptables

# define IP export RTP_IP=1.1.1.1 export RTP_PORT=50000

# in case of non standard iptables libraries location export IPTABLES_LIB_DIR=pwd/extensions

# define switchboard as custom mangle chain #define new _mangle_ chain called my_rtpproxy iptables -t mangle -N my_rtpproxy

# identify switchboard, target is RTPPROXY # we must define ip,port and max.number off sessions # if RTPPROXY does not matches udp protocol and switchboard then chain # continues iptables -t mangle -A my_rtpproxy -j RTPPROXY --addr-a $RTP_IP --port-a $RTP_PORT --max-sess 250 -p udp

# specify conditions to call custom chain, -p udp, address, port # we must call chain in PREROUTING, POSTROUTING and OUTPUT # prerouting changes destination address for proxied ports (RTP) iptables -t mangle -A PREROUTING -j my_rtpproxy # change source address, replies goes back through it iptables -t mangle -A POSTROUTING -j my_rtpproxy # do it also for locally generated/targeted packetes # non necessary when RTP client is not allowed proxy machine, it's probable iptables -t mangle -A OUTPUT -j my_rtpproxy iptables -t mangle -A INPUT -j my_rtpproxy

# list mangle chains iptables -t mangle -L

# enable UDP forwarding iptables -I FORWARD 1 -j ACCEPT -p udp # if local RTP client allowed iptables -I INPUT 1 -j ACCEPT -p udp echo "1"> /proc/sys/net/ipv4/ip_forward

iptrtpproxy

utility for RTP session manipulation from command line, uses lib_RTPPROXY, root required. Real SIP router should implement session manipulation (alloc, update, delete) using libipt_RTPPROXY library.

Example related to Alice-Bob call.

# get confing info, uptime, num of switchboards, etc. iptrtpproxy info

iptrtpproxy list --list-switchboard

# allocate session for Alice iptrtpproxy alloc --addr-a $RTP_IP --port-a $RTP_PORT --rtp-learning-timeout-a 10000 --rtp-addr-a 192.168.1.1 --rtp-port-a 10000 --rtcp-addr-a 192.168.1.1 --rtcp-port-a 10001 # we'll get sess_id (=0 for first session) and allocated RTP proxy ports (50000&50500)

# update Bob's address iptrtpproxy update --addr-a $RTP_IP --port-a $RTP_PORT --sess-id-lo 0 --rtp-addr-b 5.6.7.8 --rtp-port-b 20000 --rtcp-addr-b 5.6.7.8 --rtcp-port-b 20001

# update Alices's NATed address iptrtpproxy update --addr-a $RTP_IP --port-a $RTP_PORT --sess-id-lo 0 --rtp-addr-a 1.2.3.4 --rtp-port-a 30000 --rtcp-addr-a 1.2.3.4 --rtcp-port-a 35000

# delete session iptrtpproxy delete --addr-a $RTP_IP --port-a $RTP_PORT --sess-id-lo 0

# get statistics iptrtpproxy list

RTP client

netcat for testing purposes

# enable INPUT udp packets iptables -I INPUT 1 -j ACCEPT -p udp

# netcat RTP clients # Alice nc -u -s 192.168.1.1 -p 10000 1.1.1.1 50000 # Bob nc -u -s 5.6.7.8 -p 20000 1.1.1.1 50500

]]>