sip connection tracking & expectations

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Victor Julien <victor@nk.nl>
To: Netfilter Developers List <netfilter-devel@lists.netfilter.org>
Subject: sip connection tracking & expectations
Date: Sat, 07 Jan 2006 17:33:00 +0100	[thread overview]
Message-ID: <43BFED3C.9040907@nk.nl> (raw)
In-Reply-To: <43BF1E65.60805@trash.net>

Hello people,

I have retried getting sip working. I have tried to create manual 
expectations, to see which one works, since the default onces created by 
the sip conntrack module in pom don't work for me.

For simplicity (only one expectation) i have tried a nat setup:

lan client ---- nat gateway ---- sip server

lan client has: 192.168.1.2
nat gateway: 192.168.1.1 and 80.126.43.45
sip server: 217.66.118.164

Kernel 2.6.15, pom 20060101 with ip_ct_refresh fix.

ip_conntrack_sip and ip_nat_sip loaded, all RELATED is accepted.


The client (192.168.1.2) registers at the sip server sip.xs4all.nl 
(217.66.118.164).

When i call my voicemail 1233@sip.xs4all.nl i see the following 
expectations getting generated automaticly:
180 proto=17 src=217.66.118.164 dst=80.126.43.45 sport=0 dport=7078
180 proto=17 src=217.66.118.164 dst=80.126.43.45 sport=0 dport=10500

After the call was initiated, i started to see REJECTs on the lan side 
of my firewall like this:
192.168.1.2:7078 -> 217.66.118.146:34106
(note the different ipaddress, this is not a typo)

Then i manually added this expectation using the conntrack tool:
180 proto=17 src=192.168.1.2 dst=217.66.118.146 sport=7078 dport=34106

And the REJECT messages stopped, and i suddenly heard the audio!

Next to the REJECTs above, i saw in a low frequency (about 1 for 30 of 
above) the following REJECTs:
192.168.1.2:7079 -> 217.66.118.146:34107

So i added that expectation as well:
180 proto=17 src=192.168.1.2 dst=217.66.118.146 sport=7079 dport=34107

Now no REJECTs were showing at the firewall anymore.

When all is working i see the following connections in 
/proc/net/ip_conntrack

udp      17 3562 src=192.168.1.2 dst=217.66.118.164 sport=5060 
dport=5060 packets=8 bytes=4714 src=217.66.118.164 dst=80.126.43.45 
sport=5060 dport=5060 packets=12 bytes=4003 [ASSURED] mark=0 use=3

udp      17 29 src=192.168.1.2 dst=217.66.118.146 sport=7079 dport=34107 
packets=7 bytes=1036 [UNREPLIED] src=217.66.118.146 dst=80.126.43.45 
sport=34107 dport=7079 packets=0 bytes=0 mark=0 use=1

udp      17 179 src=192.168.1.2 dst=217.66.118.146 sport=7078 
dport=334106 packets=2283 bytes=455820 src=217.66.118.146 
dst=80.126.43.45 sport=34106 dport=7078 packets=2278 bytes=455600 
[ASSURED] mark=0 use=1


If you need more info, let me know.

Regards,
Victor

     prev parent reply	other threads:[~2006-01-07 16:33 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-12-31 22:47 Patch for H323 connection tracking for kernel 2.6.14 and Panic with SIP tracking Moises Silva
2006-01-02 18:28 ` Moises Silva
2006-01-03 11:30   ` Patrick McHardy
     [not found]     ` <c4d05cbe0601031235i45561171tc0ba691cf5fa417e@mail.gmail.com>
2006-01-03 20:37       ` Moises Silva
2006-01-05 20:00     ` Victor Julien
     [not found]       ` <c4d05cbe0601051220v54ab169cled8109df66cd12db@mail.gmail.com>
     [not found]         ` <43BD80C6.10603@nk.nl>
2006-01-05 21:32           ` Moises Silva
2006-01-06  9:34       ` Victor Julien
2006-01-06 11:57         ` Patrick McHardy
2006-01-06 12:18           ` Victor Julien
2006-01-07  1:50             ` Patrick McHardy
2006-01-07  9:34               ` Victor Julien
2006-01-07 16:33               ` Victor Julien [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=43BFED3C.9040907@nk.nl \
    --to=victor@nk.nl \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.