hi all

Has anybody of the developers thought about integrating the conntrack_rtsp patch for netfilter? It would be really nice to be able to conntracking RTP streams (used for video). Together with the l7-filter rtsp pattern one could have nice qos features. I am not experienced in patching so that's why I am asking...

bye, beat

It is on my todo list, with the conntrack_sip modules

patch here http://perso.ens-lyon.fr/benoit.boissinot/rtsp.diff

I have downloaded the source but how do you apply the patch ?
Aren't you supposed to put the file in the target/linux/linux-2.4/patches/generic directory?

Do you have to change an option in menuconfig ?

Any help would be appreciated

Connection tracking for RTSP has been added in #2794 and is now built by default and packaged in iptables-nat-extra package and kmod-ipt-nat-extra.

Thanks for your reply

But where do i find these new packages, I can't find them at http://downloads.openwrt.orgt or anywhere.
Sorry if it's a dumb question

You have to build you own packages using latest svn revision.

I patched the source of whiterussian with the diff file above. Then I installed the package ipt-kmod-nat-extra which contains the files /lib/modules/2.4.30/ip_conntrack_rtsp.o and /lib/modules/2.4.30/ip_nat_rtsp.o.

When I insmod ip_conntrack_rtsp, I have this:

root@babbage:~# insmod ip_conntrack_rtsp
Using /lib/modules/2.4.30/ip_conntrack_rtsp.o
insmod: unresolved symbol memchr
root@babbage:~#

I tried to install others newly compiled packages such as kmod-ipt-nat, iptables-mod-nat, kmod-ipt-extra and iptables-mod-extra but I still have the same error.
I don't know what package to install now, maybe I did something wrong.

(Last edited by Bourdieu on 2 Jan 2006, 11:31)

This is a strange error because the symbol is clearly exported in arch/mips/kernel/mips_ksyms.c

I will see.

I bypassed the problem by installing the firmware image I had compiled and It works now. I think the uclibc package was also modified and I had to install this one to, but I'm not sure.

Now rtsp conntrack works great, I can watch tv on my computer without redirecting all udp ports to one specific machine.

Thanks for your help, if someone needs help on this specific topic I can help.

I don't think this relates anymore to uClibc, but more to the openwrt kernel itself. If you see the patch, you will see that there is a memchr symbol export in arch/mips/kernel/mips_ksyms.c.

Sorry, I did not see that you had an older kernel version, that is why it can't work.

So if I understand well, the only way to get conntrack_rtsp working is to switch to the trunk instead of the stable branch...

For the moment, yes, at least for the kernel/iptables part.

No, you just need to download the source of white russian by svn, and then apply the patch given in this thread and finally compile it.

Don't forget to buil the modules needed by iptables when you configure the kernel.

It works like a charm for me.

(Last edited by Bourdieu on 10 Jan 2006, 12:41)

So there is just to install these packages without compiling the source of openwrt?

I have found kmod-ipt-nat-extra with ipkg list but not iptables-nat-extra :-(

And if I have to compile, I have to add something with make menuconfig for rtsp or it's not necessary?
and if it's not necessary, what I have to do with the defaut config of make menuconfig, when I will install my own image o make rtsp working?

PS: I have rc4 version.

Thanks :-)

Bye

As we mentioned earlier, you have to build a kamikaze kernel in order to benefit from the ip_conntrack_rtsp features. I don't plan to backport it to whiterussian for the moment.

using kmod-ipt-nat-extra and iptables-nat-extra will NOT work with whiterussian firmwares !

No, it works if you apply the patch to Whiterussian, and I will challenge anyone who says otherwise in a duel. I am, as I type, watching TV with the Freebox Multiposte, which seems to be what everyone here is using. As has been described above, you need to

* patch your repository manually with the patch at http://perso.ens-lyon.fr/benoit.boissinot/rtsp.diff
* Enable the nat-extra packages in make menuconfig
* then flash the router with the produced whiterussan image
* finally install the packages from your own repository. ipkg install kmod-ipt-nat-extra iptables-mod-extra will do.

For the Freebox, I added this to /etc/firewall.user. Adapt to your configuration.

### Allow RTSP from the Freebox
iptables -A forwarding_rule -i $WAN -s 212.27.38.253 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A forwarding_rule -i $LAN -d 212.27.38.253 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

For more information (in French), see the thread on debian-users-french at http://www.mail-archive.com/debian-user … 14032.html

Post success stories here, TIMTOWTDI, YMMV, etc.

(Last edited by Stereo on 5 Feb 2006, 19:30)

I did not meant to provoke you When I wrote, you have to use kamikaze, I meant, you can not use the kamikaze modules out of the box in whiterussian, because the whiterussian kernel does not support the needed infos, but of course, patch backporting will work. Thank you very much for it !

Hello,

I've compiled the firmware from source, and now I'va that insalled:

root@OpenWrt:~# ipkg list_installed|grep "iptables"
iptables - 1.3.3-1 - The netfilter firewalling software for IPv4
iptables-mod-extra - 1.3.3-1 - Other extra Iptables (IPv4) extensions
iptables-mod-nat - 1.3.3-1 - Iptables (IPv4) extensions for different NAT targets

root@OpenWrt:~# ipkg list_installed|grep "kmod"
kmod-brcm-wl - 2.4.30-brcm-3 -
kmod-diag - 2.4.30-brcm-3 -
kmod-ipt-extra - 2.4.30-brcm-2 - Other extra Netfilter (IPv4) kernel modules
kmod-ipt-nat - 2.4.30-brcm-2 - Netfilter (IPv4) kernel modules for different NAT targets
kmod-ipt-nat-extra - 2.4.30-brcm-2 - Extra Netfilter (IPv4) NAT kernel modules for special protocols
kmod-ppp - 2.4.30-brcm-3 -
kmod-pppoe - 2.4.30-brcm-3 -
kmod-switch - 2.4.30-brcm-1 -
kmod-wlcompat - 2.4.30-brcm-3 - Compatibility module for using the Wireless Extension with broadcom's wl

I have to load any modules to use conntrack_rtsp or install other packages?

I add also to add this rule?
iptables -A FORWARD -i $WAN -s 212.27.38.253 -m state --state ESTABLISHED,RELATED -j ACCEPT

Because I already have a rule like that:
iptables -A FORWARD -i $WAN -m state --state RELATED,ESTABLISHED -j ACCEPT

and I already accept all forward traffic from lan.

A lsmod give me that:

Module                  Size  Used by    Tainted: P
switch-robo             4444   0 (unused)
switch-core             4896   0 [switch-robo]
ip_conntrack_tftp       1728   0 (unused)
ip_nat_snmp_basic       8928   0 (unused)
ip_nat_pptp             2428   0 (unused)
ip_conntrack_pptp       2956   1
ip_nat_proto_gre        1536   0 (unused)
ip_conntrack_proto_gre    2440   0 [ip_nat_pptp ip_conntrack_pptp]
ip_conntrack_amanda     1232   0 (unused)
wlcompat               14896   0 (unused)
ipt_limit                880   1
ipt_LOG                 3888   0 (unused)
wl                    423640   0 (unused)
diag                    2720   0 (unused)

So I don't have any conntrack_rtsp module loaded :-(.

I didn't apply the rtsp patch because ritalman told me that it was included now in openwrt source.

the Freebox Multiposte didn't work :-(.

This is my debug error in vlc:

livedotcom debug: RTP subsession 'video/MP2T'
main debug: thread 4172 (stream out) created at priority 1 (src/input/demux.c:335)
main debug: using access_demux module "livedotcom"
main debug: creating demux: access='' demux='ts' path=''
main debug: `rtsp://mafreebox.freebox.fr/freeboxtv/205' successfully opened
livedotcom warning: no data received in 10s. Switching to TCP
livedotcom debug: RTP subsession 'video/MP2T'
livedotcom error: PLAY failed No RTSP session is currently in progress

livedotcom error: TCP rollover failed, aborting

Thanks :-)

Bye

(Last edited by thierry_b on 9 Feb 2006, 01:04)

Are you sure you patched the thing right? Try

insmod ip_nat_rtsp
insmod ip_conntrack_rtsp

but /etc/modules.d/40-ipt-nat-extra should already load them at boot, in theory.

What command did you run for the patch?

I don't run a command for the patch because Ritalman told me it was included in source, and there is that files, when I search:

thierry@debian:~/Install/openwrt/whiterussian$ find . -type f|grep "rtsp"
./openwrt/target/linux/linux-2.4/patches/generic/.svn/text-base/118-netfilter_nat_rtsp.patch.svn-base
./openwrt/target/linux/linux-2.4/patches/generic/.svn/prop-base/118-netfilter_nat_rtsp.patch.svn-base
./openwrt/target/linux/linux-2.4/patches/generic/.svn/props/118-netfilter_nat_rtsp.patch.svn-work
./openwrt/target/linux/linux-2.4/patches/generic/.svn/wcprops/118-netfilter_nat_rtsp.patch.svn-work
./openwrt/target/linux/linux-2.4/patches/generic/118-netfilter_nat_rtsp.patch

but in the files 40-ipt-nat-extra, Ihave nothing with rtsp.

root@OpenWrt:~# cat /etc/modules.d/40-ipt-nat-extra
ip_conntrack_amanda
ip_conntrack_proto_gre
ip_nat_proto_gre
ip_conntrack_pptp
ip_nat_pptp
ip_nat_snmp_basic
ip_conntrack_tftp

Thanks.
Bye

They tell me that there is some files to replace, and each time, I had to tpe "yes" or "not".... (I try to patch with source downloaded by svn).

Do you have an idea?

Thanks.

Bye

rtsp connection tracking has been added in the whiterussian svn, so there is not need to apply benoit's patch anymore.

Please either use svn snapshots of whiterussian, or better, wait a little bit more till rc5 is released !

So why I haven't any rtsp in the source that I've compiled from svn (svn co https://svn.openwrt.org/openwrt/branches/whiterussian/)

BusyBox v1.00 (2006.02.06-08:09+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

root@OpenWrt:~# find / -type f |grep -i "rtsp"

root@OpenWrt:~# lsmod
Module                  Size  Used by    Tainted: P
ipt_conntrack           1104   0 (unused)
switch-robo             4444   0 (unused)
switch-core             4896   0 [switch-robo]
ip_conntrack_tftp       1728   0 (unused)
ip_nat_snmp_basic       8928   0 (unused)
ip_nat_pptp             2428   0 (unused)
ip_conntrack_pptp       2956   1
ip_nat_proto_gre        1536   0 (unused)
ip_conntrack_proto_gre    2440   0 [ip_nat_pptp ip_conntrack_pptp]
ip_conntrack_amanda     1232   0 (unused)
wlcompat               14896   0 (unused)
ipt_limit                880   1
ipt_LOG                 3888   0 (unused)
wl                    423640   0 (unused)
diag                    2720   0 (unused)

root@OpenWrt:~# cat /etc/modules.d/40-ipt-nat-extra
ip_conntrack_amanda
ip_conntrack_proto_gre
ip_nat_proto_gre
ip_conntrack_pptp
ip_nat_pptp
ip_nat_snmp_basic
ip_conntrack_tftp

root@OpenWrt:~# ipkg list_installed|grep "iptables"
iptables - 1.3.3-1 - The netfilter firewalling software for IPv4
iptables-mod-extra - 1.3.3-1 - Other extra Iptables (IPv4) extensions
iptables-mod-nat - 1.3.3-1 - Iptables (IPv4) extensions for different NAT targets
kmod-iptables-extra - 2.4.30-brcm-2 - Extra kernel modules for iptables

root@OpenWrt:~# ipkg list_installed|grep "kmod"
kmod-brcm-wl - 2.4.30-brcm-3 -
kmod-diag - 2.4.30-brcm-3 -
kmod-ipt-conntrack - 2.4.30-brcm-2 - Extra Netfilter (IPv4) kernel modules for connection tracking
kmod-ipt-extra - 2.4.30-brcm-2 - Other extra Netfilter (IPv4) kernel modules
kmod-ipt-filter - 2.4.30-brcm-2 - Netfilter (IPv4) kernel modules for packet content inspection
kmod-ipt-ipopt - 2.4.30-brcm-2 - Netfilter (IPv4) kernel modules for matching/changing IP packet options
kmod-ipt-ipsec - 2.4.30-brcm-2 - Netfilter (IPv4) kernel modules for matching special IPsec packets
kmod-ipt-nat - 2.4.30-brcm-2 - Netfilter (IPv4) kernel modules for different NAT targets
kmod-ipt-nat-extra - 2.4.30-brcm-2 - Extra Netfilter (IPv4) NAT kernel modules for special protocols
kmod-ipt-queue - 2.4.30-brcm-2 - Netfilter (IPv4) kernel module for user-space packet queuing
kmod-ipt-ulog - 2.4.30-brcm-2 - Netfilter (IPv4) kernel module for user-space packet logging
kmod-iptables-extra - 2.4.30-brcm-2 - Extra kernel modules for iptables
kmod-ppp - 2.4.30-brcm-3 -
kmod-pppoe - 2.4.30-brcm-3 -
kmod-switch - 2.4.30-brcm-1 -
kmod-wlcompat - 2.4.30-brcm-3 - Compatibility module for using the Wireless Extension with broadcom's wl

I've forgotten something?

Thanks.

Bye.

Ok.

I finally understand what anybody told me or I didn't understand well.

I didn't find any rtsp modules because  when you told me to install iptables-mod-extra and kmod-ipt-nat-extra, I did, ipkg update and I install it from an ipkg source, and not with the ipk generated frim my compilation....lol.

it's loaded now.
oot@OpenWrt:~# lsmod
Module                  Size  Used by    Tainted: P
ip_nat_rtsp             5488   0 (unused)
ip_conntrack_rtsp       4872   1
wlcompat               14896   0 (unused)
ipt_limit                880   1
ipt_LOG                 3888   0 (unused)
wl                    423640   0 (unused)
et                     32064   0 (unused)
diag                    2560   0 (unused)

Thanks :-)