[OpenSIPS-Users] Filtering out RFC6263 traffic on Mediaproxy

Saul Ibarra Corretge saul at ag-projects.com
Sat Nov 26 03:53:22 CET 2011


Hi Andreas,

On Nov 25, 2011, at 5:35 PM, Andreas Sikkema wrote:

> Guys,
> 
> I'm currently routing some calls from one VoIP platform to another
> OpenSIPS based platform using two ISDN to SIP gateways that are
> connected back to back. This setup is quite recource heavy, expensive
> and has a limited capacity. So I'm thinking of connecting both
> platforms using a (well protected) SIP interconnection. That part is
> easy, we've done that before.
> 
> The problem is in the RTP some phones, connected to the old platform,
> are sending out. Every 30 seconds or so they send out 0 length RTP
> messages that some SIP UAs really don't like. Some hardware will
> hangup a call when it receives 0 length UDP frames in an RTP stream,
> others will stop handling the incoming RTP traffic allthogether
> resulting in one way audio. The 0 length UDP messages appear to
> conform to RFC6263 (http://tools.ietf.org/html/rfc6263) which is
> really new...
> 
> I've tried talking to the manufacturer of the phones, talked to the
> supplier of the VoIP platform, talked to everyone and their neighbour
> and all say it's not their problem. I've identified two places where
> *I* can solve it.
> 
> - In our core routers
> - At every mediaproxy machine
> 
> The first option is sub-optimal, I don't want all our routers having a
> drop-this-packet "firewall" line for various reasons. The second
> option I've started to like more and more. There's two ways to resolve
> this:
> - I just make sure I add an iptables call somewhere in the startup script, or
> - I/We add an RFC6263 configuration option to Mediaproxy that does
> more or less the same
> 
> The iptables call would drop all 0 length UDP messages sent to the
> mediaproxy ports.
> 
> Am I wrong in my thinking?
> 

Once the call is up (a single RTP packet was received from each endpoint) MediaProxy will setup a conntrack rule, and the Linux kernel will do the relaying. This means that MediaProxy itself cannot inspect the RTP packets at that point, because they are not traversing user-space code anymore.


Regards,

-- 
Saúl Ibarra Corretgé
AG Projects








More information about the Users mailing list