TT#59501 add optional RTCP sink

If `strict source` is set, we can now also kernelise RTCP ports. This will engage the kernel module's source address checking. If the check fails, the packet is discarded. Otherwise it's passed to user space as usual. Change-Id: Ieedf39fba2263045b0f1faafa7f5826a27b5a115
7 years ago · f6f484fff6
--- a/daemon/media_socket.c
+++ b/daemon/media_socket.c
@ -1023,6 +1023,7 @@ void kernelize(struct packet_stream *stream) {
 	struct call *call = stream->call;
 	struct packet_stream *sink = NULL;
 	const char *nk_warn_msg;
 	int non_forwarding = 0;

 	if (PS_ISSET(stream, KERNELIZED))
 		return;
@ -1033,8 +1034,12 @@ void kernelize(struct packet_stream *stream) {
 	nk_warn_msg = "interface to kernel module not open";
 	if (!kernel.is_open)
 		goto no_kernel_warn;
 	if (!PS_ISSET(stream, RTP))
 		goto no_kernel;
 	if (!PS_ISSET(stream, RTP)) {
 		if (PS_ISSET(stream, RTCP) && PS_ISSET(stream, STRICT_SOURCE))
 			non_forwarding = 1; // use the kernel's source checking capability
 		else
 			goto no_kernel;
 	}
 	if (!stream->selected_sfd)
 		goto no_kernel;
 	if (stream->media->monologue->block_media || call->block_media)
@ -1078,6 +1083,7 @@ void kernelize(struct packet_stream *stream) {
 	reti.rtcp_mux = MEDIA_ISSET(stream->media, RTCP_MUX);
 	reti.dtls = MEDIA_ISSET(stream->media, DTLS);
 	reti.stun = stream->media->ice_agent ? 1 : 0;
 	reti.non_forwarding = non_forwarding;

 	__re_address_translate_ep(&reti.dst_addr, &sink->endpoint);
 	__re_address_translate_ep(&reti.src_addr, &sink->selected_sfd->socket.local);
--- a/kernel-module/xt_RTPENGINE.c
+++ b/kernel-module/xt_RTPENGINE.c
@ -1513,6 +1513,8 @@ static int proc_list_show(struct seq_file *f, void *v) {
 		seq_printf(f, "    option: stun\n");
 	if (g->target.transcoding)
 		seq_printf(f, "    option: transcoding\n");
 	if (g->target.non_forwarding)
 		seq_printf(f, "    option: non forwarding\n");

 	target_put(g);

@ -2036,12 +2038,14 @@ static int table_new_target(struct rtpengine_table *t, struct rtpengine_target_i

 	if (!is_valid_address(&i->local))
 		return -EINVAL;
 	if (!is_valid_address(&i->src_addr))
 		return -EINVAL;
 	if (!is_valid_address(&i->dst_addr))
 		return -EINVAL;
 	if (i->src_addr.family != i->dst_addr.family)
 		return -EINVAL;
 	if (!i->non_forwarding) {
 		if (!is_valid_address(&i->src_addr))
 			return -EINVAL;
 		if (!is_valid_address(&i->dst_addr))
 			return -EINVAL;
 		if (i->src_addr.family != i->dst_addr.family)
 			return -EINVAL;
 	}
 	if (i->mirror_addr.family) {
 		if (!is_valid_address(&i->mirror_addr))
 			return -EINVAL;
@ -3927,6 +3931,8 @@ not_stun:
 	goto skip_error;

 src_check_ok:
 	if (g->target.non_forwarding)
 		goto skip1;
 	if (g->target.dtls && is_dtls(skb))
 		goto skip1;

--- a/kernel-module/xt_RTPENGINE.h
+++ b/kernel-module/xt_RTPENGINE.h
@ -104,7 +104,8 @@ struct rtpengine_target_info {
 					rtp:1,
 					rtp_only:1,
 					do_intercept:1,
 					transcoding:1; // SSRC subst and RTP PT filtering
 					transcoding:1, // SSRC subst and RTP PT filtering
 					non_forwarding:1; // empty src/dst addr
 };

 struct rtpengine_call_info {