[OpenSIPS-Users] Filtering out RFC6263 traffic on Mediaproxy

Bogdan-Andrei Iancu bogdan at opensips.org
Sat Nov 26 09:18:44 CET 2011


Hi Saul,

On 11/26/2011 04:53 AM, Saul Ibarra Corretge wrote:
> Hi Andreas,
>
> On Nov 25, 2011, at 5:35 PM, Andreas Sikkema wrote:
>
>> Guys,
>>
>> I'm currently routing some calls from one VoIP platform to another
>> OpenSIPS based platform using two ISDN to SIP gateways that are
>> connected back to back. This setup is quite recource heavy, expensive
>> and has a limited capacity. So I'm thinking of connecting both
>> platforms using a (well protected) SIP interconnection. That part is
>> easy, we've done that before.
>>
>> The problem is in the RTP some phones, connected to the old platform,
>> are sending out. Every 30 seconds or so they send out 0 length RTP
>> messages that some SIP UAs really don't like. Some hardware will
>> hangup a call when it receives 0 length UDP frames in an RTP stream,
>> others will stop handling the incoming RTP traffic allthogether
>> resulting in one way audio. The 0 length UDP messages appear to
>> conform to RFC6263 (http://tools.ietf.org/html/rfc6263) which is
>> really new...
>>
>> I've tried talking to the manufacturer of the phones, talked to the
>> supplier of the VoIP platform, talked to everyone and their neighbour
>> and all say it's not their problem. I've identified two places where
>> *I* can solve it.
>>
>> - In our core routers
>> - At every mediaproxy machine
>>
>> The first option is sub-optimal, I don't want all our routers having a
>> drop-this-packet "firewall" line for various reasons. The second
>> option I've started to like more and more. There's two ways to resolve
>> this:
>> - I just make sure I add an iptables call somewhere in the startup script, or
>> - I/We add an RFC6263 configuration option to Mediaproxy that does
>> more or less the same
>>
>> The iptables call would drop all 0 length UDP messages sent to the
>> mediaproxy ports.
>>
>> Am I wrong in my thinking?
>>
> Once the call is up (a single RTP packet was received from each endpoint) MediaProxy will setup a conntrack rule, and the Linux kernel will do the relaying. This means that MediaProxy itself cannot inspect the RTP packets at that point, because they are not traversing user-space code anymore.
As far as understood, what Andreas wants to do is to drop such packages 
from iptables rule, not necessarily from media relay software.

Regards,
Bogdan

-- 
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
OpenSIPS solutions and "know-how"




More information about the Users mailing list