kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #179809
[Bug 1583924] [NEW] nf_conntrack_h323 no expectations
Public bug reported:
We have a problem with module nf_conntrack_h323.
Module doesn't make expectations for RTP/RTCP traffic in conntrack expect table.
I think module does.n see H.245/Q931 informations in connection.
If We try to use SIP with module nf_conntrack_sip, SIP work fine.
Our architecture - Client <----SIP/H.323---->DNAT/SNAT <----IPIP
tunnel----> Router(ubuntu)<---->VoIP Soft Switch.
We have 3 Servers with DNAT/SNAT translation and 3 routing tables on
ubuntu router server for each other.
#ip r ls table TUN1
default dev tun1 scope link
# ip r ls table TUN2
default dev tun2 scope link
# ip r ls table TUN3
default dev tun3 scope link
We marked input traffic from tunnels and restore mark for backward with iptables.
-A PREROUTING -i tun1 -j CONNMARK --set-xmark 0x1/0xffffffff
-A PREROUTING -i tun2 -j CONNMARK --set-xmark 0x2/0xffffffff
-A PREROUTING -i tun3 -j CONNMARK --set-xmark 0x3/0xffffffff
-A PREROUTING -s 192.168.253.0/24 -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff
Send traffic to tunnels with ip rules
32762: from all fwmark 0x1 lookup TUN1
32763: from all fwmark 0x3 lookup TUN3
32764: from all fwmark 0x2 lookup TUN2
If We trying SIP all works fine. Packets marked and restored, also for
RTP/RTCP.
# conntrack -L | grep "91.210.105.210"
udp 17 3549 src=91.210.105.210 dst=192.168.253.223 sport=5060 dport=5060 src=192.168.253.223 dst=91.210.105.210 sport=5060 dport=5060 [ASSURED] mark=1 helper=sip use=1
# conntrack -L expect| grep "91.210.105.210"
32 proto=17 src=0.0.0.0 dst=91.210.105.210 sport=0 dport=19092 mask-src=0.0.0.0 mask-dst=255.255.255.255 sport=0 dport=65535 master-src=91.210.105.210 master-dst=192.168.253.223 sport=5060 dport=5060 class=1 helper=sip
If We change protocol to h.323 RTP/RTCP doesn't work. No Audio with call.
# conntrack -L | grep "91.210.105.210"
ESTABLISHED src=91.210.105.210 dst=192.168.253.223 sport=12030 dport=1720 src=192.168.253.223 dst=91.210.105.210 sport=1720 dport=12030 [ASSURED] mark=1 helper=Q.931 use=1
No record in expectation table
conntrack -L expect| grep "91.210.105.210"
loaded modules with commands:
/sbin/modprobe nf_conntrack_sip sip_direct_signalling=0 sip_direct_media=0
/sbin/modprobe nf_nat_sip
/sbin/modprobe nf_conntrack_h323 gkrouted_only=0 callforward_filter=0
/sbin/modprobe nf_nat_h323
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: linux-image-3.19.0-59-generic 3.19.0-59.65~14.04.1
ProcVersionSignature: Ubuntu 3.19.0-59.65~14.04.1-generic 3.19.8-ckt19
Uname: Linux 3.19.0-59-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.19
Architecture: amd64
Date: Fri May 20 08:29:56 2016
InstallationDate: Installed on 2016-05-09 (10 days ago)
InstallationMedia: Ubuntu-Server 14.04.3 LTS "Trusty Tahr" - Beta amd64 (20150805)
SourcePackage: linux-lts-vivid
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: linux-lts-vivid (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug trusty
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-lts-vivid in Ubuntu.
https://bugs.launchpad.net/bugs/1583924
Title:
nf_conntrack_h323 no expectations
Status in linux-lts-vivid package in Ubuntu:
New
Bug description:
We have a problem with module nf_conntrack_h323.
Module doesn't make expectations for RTP/RTCP traffic in conntrack expect table.
I think module does.n see H.245/Q931 informations in connection.
If We try to use SIP with module nf_conntrack_sip, SIP work fine.
Our architecture - Client <----SIP/H.323---->DNAT/SNAT <----IPIP
tunnel----> Router(ubuntu)<---->VoIP Soft Switch.
We have 3 Servers with DNAT/SNAT translation and 3 routing tables on
ubuntu router server for each other.
#ip r ls table TUN1
default dev tun1 scope link
# ip r ls table TUN2
default dev tun2 scope link
# ip r ls table TUN3
default dev tun3 scope link
We marked input traffic from tunnels and restore mark for backward with iptables.
-A PREROUTING -i tun1 -j CONNMARK --set-xmark 0x1/0xffffffff
-A PREROUTING -i tun2 -j CONNMARK --set-xmark 0x2/0xffffffff
-A PREROUTING -i tun3 -j CONNMARK --set-xmark 0x3/0xffffffff
-A PREROUTING -s 192.168.253.0/24 -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff
Send traffic to tunnels with ip rules
32762: from all fwmark 0x1 lookup TUN1
32763: from all fwmark 0x3 lookup TUN3
32764: from all fwmark 0x2 lookup TUN2
If We trying SIP all works fine. Packets marked and restored, also for
RTP/RTCP.
# conntrack -L | grep "91.210.105.210"
udp 17 3549 src=91.210.105.210 dst=192.168.253.223 sport=5060 dport=5060 src=192.168.253.223 dst=91.210.105.210 sport=5060 dport=5060 [ASSURED] mark=1 helper=sip use=1
# conntrack -L expect| grep "91.210.105.210"
32 proto=17 src=0.0.0.0 dst=91.210.105.210 sport=0 dport=19092 mask-src=0.0.0.0 mask-dst=255.255.255.255 sport=0 dport=65535 master-src=91.210.105.210 master-dst=192.168.253.223 sport=5060 dport=5060 class=1 helper=sip
If We change protocol to h.323 RTP/RTCP doesn't work. No Audio with call.
# conntrack -L | grep "91.210.105.210"
ESTABLISHED src=91.210.105.210 dst=192.168.253.223 sport=12030 dport=1720 src=192.168.253.223 dst=91.210.105.210 sport=1720 dport=12030 [ASSURED] mark=1 helper=Q.931 use=1
No record in expectation table
conntrack -L expect| grep "91.210.105.210"
loaded modules with commands:
/sbin/modprobe nf_conntrack_sip sip_direct_signalling=0 sip_direct_media=0
/sbin/modprobe nf_nat_sip
/sbin/modprobe nf_conntrack_h323 gkrouted_only=0 callforward_filter=0
/sbin/modprobe nf_nat_h323
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: linux-image-3.19.0-59-generic 3.19.0-59.65~14.04.1
ProcVersionSignature: Ubuntu 3.19.0-59.65~14.04.1-generic 3.19.8-ckt19
Uname: Linux 3.19.0-59-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.19
Architecture: amd64
Date: Fri May 20 08:29:56 2016
InstallationDate: Installed on 2016-05-09 (10 days ago)
InstallationMedia: Ubuntu-Server 14.04.3 LTS "Trusty Tahr" - Beta amd64 (20150805)
SourcePackage: linux-lts-vivid
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-lts-vivid/+bug/1583924/+subscriptions
