Install
Unpack to patch-o-matic-ng directory and pom2patch utility.
xt_RTPPROXY.ko
kernel module, rtp sessions, sockopt interface for session manipulation,
statistics
1) compile kernel module
make
make modules_install install
2) load module
su -
modprobe -i xt_RTPPROXY
3) list if module loaded
lsmod
4) check kernel log in case or problem
dmesg
libipt_RTPPROXY.so
extensions for iptables, connecting to .ko using control socket, requires
root but rights may be limited by capabilities (CAP_NET_ADMIN,CAP_NET_RAW).
See iptrtpproxy.8 manpages
Library provides API fow RTP session manipulation.
1) compile
2) prepare iptables
# define IP
export RTP_IP=1.1.1.1
export RTP_PORT=50000
# in case of non standard iptables libraries location
export IPTABLES_LIB_DIR=pwd/extensions
# define switchboard as custom mangle chain
#define new _mangle_ chain called my_rtpproxy
iptables -t mangle -N my_rtpproxy
# identify switchboard, target is RTPPROXY
# we must define ip,port and max.number off sessions
# if RTPPROXY does not matches udp protocol and switchboard then chain
# continues
iptables -t mangle -A my_rtpproxy -j RTPPROXY --addr-a $RTP_IP --port-a $RTP_PORT --max-sess 250 -p udp
# specify conditions to call custom chain, -p udp, address, port
# we must call chain in PREROUTING, POSTROUTING and OUTPUT
# prerouting changes destination address for proxied ports (RTP)
iptables -t mangle -A PREROUTING -j my_rtpproxy
# change source address, replies goes back through it
iptables -t mangle -A POSTROUTING -j my_rtpproxy
# do it also for locally generated/targeted packetes
# non necessary when RTP client is not allowed proxy machine, it's probable
iptables -t mangle -A OUTPUT -j my_rtpproxy
iptables -t mangle -A INPUT -j my_rtpproxy
# list mangle chains
iptables -t mangle -L
# enable UDP forwarding
iptables -I FORWARD 1 -j ACCEPT -p udp
# if local RTP client allowed
iptables -I INPUT 1 -j ACCEPT -p udp
echo "1"> /proc/sys/net/ipv4/ip_forward
iptrtpproxy
utility for RTP session manipulation from command line, uses lib_RTPPROXY,
root required. Real SIP router should implement session manipulation
(alloc, update, delete) using libipt_RTPPROXY library.
Example related to Alice-Bob call.
# get confing info, uptime, num of switchboards, etc.
iptrtpproxy info
iptrtpproxy list --list-switchboard
# allocate session for Alice
iptrtpproxy alloc --addr-a $RTP_IP --port-a $RTP_PORT --rtp-learning-timeout-a 10000 --rtp-addr-a 192.168.1.1 --rtp-port-a 10000 --rtcp-addr-a 192.168.1.1 --rtcp-port-a 10001
# we'll get sess_id (=0 for first session) and allocated RTP proxy ports (50000&50500)
# update Bob's address
iptrtpproxy update --addr-a $RTP_IP --port-a $RTP_PORT --sess-id-lo 0 --rtp-addr-b 5.6.7.8 --rtp-port-b 20000 --rtcp-addr-b 5.6.7.8 --rtcp-port-b 20001
# update Alices's NATed address
iptrtpproxy update --addr-a $RTP_IP --port-a $RTP_PORT --sess-id-lo 0 --rtp-addr-a 1.2.3.4 --rtp-port-a 30000 --rtcp-addr-a 1.2.3.4 --rtcp-port-a 35000
# delete session
iptrtpproxy delete --addr-a $RTP_IP --port-a $RTP_PORT --sess-id-lo 0
# get statistics
iptrtpproxy list
RTP client
netcat for testing purposes
# enable INPUT udp packets
iptables -I INPUT 1 -j ACCEPT -p udp
# netcat RTP clients
# Alice
nc -u -s 192.168.1.1 -p 10000 1.1.1.1 50000
# Bob
nc -u -s 5.6.7.8 -p 20000 1.1.1.1 50500