Unpack to patch-o-matic-ng directory and pom2patch utility.
xt_RTPPROXY.ko
kernel module, rtp sessions, sockopt interface for session manipulation, statistics 1) compile kernel modulemake make modules_install install2) load module
su - modprobe -i xt_RTPPROXY3) list if module loaded
lsmod4) check kernel log in case or problem
dmesg
libipt_RTPPROXY.so
extensions for iptables, connecting to .ko using control socket, requires root but rights may be limited by capabilities (CAP_NET_ADMIN,CAP_NET_RAW). See iptrtpproxy.8 manpages Library provides API fow RTP session manipulation. 1) compile 2) prepare iptables# define IP export RTP_IP=1.1.1.1 export RTP_PORT=50000 # in case of non standard iptables libraries location export IPTABLES_LIB_DIR=pwd/extensions # define switchboard as custom mangle chain #define new _mangle_ chain called my_rtpproxy iptables -t mangle -N my_rtpproxy # identify switchboard, target is RTPPROXY # we must define ip,port and max.number off sessions # if RTPPROXY does not matches udp protocol and switchboard then chain # continues iptables -t mangle -A my_rtpproxy -j RTPPROXY --addr-a $RTP_IP --port-a $RTP_PORT --max-sess 250 -p udp # specify conditions to call custom chain, -p udp, address, port # we must call chain in PREROUTING, POSTROUTING and OUTPUT # prerouting changes destination address for proxied ports (RTP) iptables -t mangle -A PREROUTING -j my_rtpproxy # change source address, replies goes back through it iptables -t mangle -A POSTROUTING -j my_rtpproxy # do it also for locally generated/targeted packetes # non necessary when RTP client is not allowed proxy machine, it's probable iptables -t mangle -A OUTPUT -j my_rtpproxy iptables -t mangle -A INPUT -j my_rtpproxy # list mangle chains iptables -t mangle -L # enable UDP forwarding iptables -I FORWARD 1 -j ACCEPT -p udp # if local RTP client allowed iptables -I INPUT 1 -j ACCEPT -p udp echo "1"> /proc/sys/net/ipv4/ip_forward
iptrtpproxy
utility for RTP session manipulation from command line, uses lib_RTPPROXY, root required. Real SIP router should implement session manipulation (alloc, update, delete) using libipt_RTPPROXY library. Example related to Alice-Bob call.# get confing info, uptime, num of switchboards, etc. iptrtpproxy info iptrtpproxy list --list-switchboard # allocate session for Alice iptrtpproxy alloc --addr-a $RTP_IP --port-a $RTP_PORT --rtp-learning-timeout-a 10000 --rtp-addr-a 192.168.1.1 --rtp-port-a 10000 --rtcp-addr-a 192.168.1.1 --rtcp-port-a 10001 # we'll get sess_id (=0 for first session) and allocated RTP proxy ports (50000&50500) # update Bob's address iptrtpproxy update --addr-a $RTP_IP --port-a $RTP_PORT --sess-id-lo 0 --rtp-addr-b 5.6.7.8 --rtp-port-b 20000 --rtcp-addr-b 5.6.7.8 --rtcp-port-b 20001 # update Alices's NATed address iptrtpproxy update --addr-a $RTP_IP --port-a $RTP_PORT --sess-id-lo 0 --rtp-addr-a 1.2.3.4 --rtp-port-a 30000 --rtcp-addr-a 1.2.3.4 --rtcp-port-a 35000 # delete session iptrtpproxy delete --addr-a $RTP_IP --port-a $RTP_PORT --sess-id-lo 0 # get statistics iptrtpproxy list
RTP client
netcat for testing purposes# enable INPUT udp packets iptables -I INPUT 1 -j ACCEPT -p udp # netcat RTP clients # Alice nc -u -s 192.168.1.1 -p 10000 1.1.1.1 50000 # Bob nc -u -s 5.6.7.8 -p 20000 1.1.1.1 50500
- Log in to post comments
Navigate