Maru's world : |09-02-07|RTSP Status and site info|

RTSP Status and site info

Sat, 07 Feb 2009

11 comments

Wow, I should blog more often. I just was told that you can no longer post comments on my site which steems from the fact that I am using the no_old_comments plugin which makes sure, that there are no posts to old comments. Since I am not writing new entries that often nowadays, you cannot post at all. Well I fixed this for now, so if you were not able to post, well try again.

As for the RTSP patch, the latest one still works with a recent kernel, I have it running with 2.6.28.2 that's why there is no release of a new tarball.

Sat Feb 7 18:09:13 2009

Alexandre Ahmim-Richard says:

Hi,

Thanks for re-enabling comments ! :-)

I had a bit of problems for compiling the two external modules. The Makefile seems misunderstood. Well, I did a simple patch to your Makefile in order to do it working properly, at least for my case...

diff -Naur rtsp.orig/Makefile rtsp/Makefile
--- rtsp.orig/Makefile 2008-11-01 00:40:31.000000000 +0100
+++ rtsp/Makefile 2009-02-07 19:00:33.000000000 +0100
@@ -1,11 +1,4 @@
-ifneq ($(KERNELRELEASE),)
-# kbuild part of makefile
-ifndef CONFIG_NF_CONNTRACK
-$(error ** You need to enable NF_CONNTRACK in your kernel **)
-endif
-
-obj-$(CONFIG_NF_CONNTRACK) := nf_conntrack_rtsp.o nf_nat_rtsp.o
-else
+obj-m += nf_conntrack_rtsp.o nf_nat_rtsp.o

# Normal Makefile

@@ -21,5 +14,3 @@

clean:
rm -rf *.o *.ko *.mod.c .*.cmd Module.symvers modules.order .tmp_versions
-
-endif
diff -Naur rtsp.orig/README rtsp/README
--- rtsp.orig/README 2008-11-03 15:44:39.000000000 +0100
+++ rtsp/README 2009-02-07 19:00:58.000000000 +0100
@@ -32,7 +32,7 @@
After that a:

* make
- * make install (as root)
+ * make modules_install (as root)

should be enough.
Then do a "modprobe nf_nat_rtsp" as root and try to connect to a RTSP

Sun Feb 8 07:12:08 2009

Mike says:

Thanks for the patch,

What problem did you have exactly, the part you deleted normally checks that NF_CONNTRACK is enabled in the kernel and does not compile if not, since you would get errors. So maybe you can send me the error log you got.

Sun Feb 8 13:23:48 2009

Alexandre Ahmim-Richard says:

Here is the error i get with the original Makefile:

make -C /lib/modules/`uname -r`/build M=`pwd` modules
make[1]: Entering directory `/usr/src/linux-2.6.28.3'
Building modules, stage 2.
MODPOST 0 modules
make[1]: Leaving directory `/usr/src/linux-2.6.28.3'

Nothing is compiled, no objects are done.

I have:
GNU Make 3.81
gcc version 4.3.2 (Debian 4.3.2-1.1)

Wed May 20 08:09:08 2009

Thava says:

I've built and loaded the nf_conntrack_rtsp module as a module while all other netfilter modules are compiled into the kernel. I'm using a quick-time player behind a firewall (Linux pc router) to rtsp-tream and using MASQUERADE for NATing.

Still, the incoming RTP(UDP) traffic in the streaming session, does not get the the public address translated into the LAN-private address, hence couldn't get routed to the rtsp-client.

From the WAN interface, I could see the incoming RTP/UDP packets but not forwarded to LAN because of NAT failure.

what can be the problem?
I tried even with accepting all incoming connections at the firewall.

kernel: 2.6.21.1, all netfilter modules combiled into the kernel but nf_conntrack_rtsp as a module.
FTP connection tracking works fine.

rtsp_connection_tracking patch used: rtsp-2.6.20.patch

kernel rtsp_debug:

nf_conntrack_rtsp v0.6.21 loading
net/netfilter/nf_conntrack_rtsp.c: init: port #0: 554
net/netfilter/nf_conntrack_rtsp.c: help: conntrackinfo = 2
net/netfilter/nf_conntrack_rtsp.c: help: IP_CT_DIR_REPLY
net/netfilter/nf_conntrack_rtsp.c: help_out: found a setup message
net/netfilter/nf_conntrack_rtsp.c: rtsp_parse_transport: tran='Transport: RTP/AVP;unicast;client_port=6970-6971
'
net/netfilter/nf_conntrack_rtsp.c: rtsp_parse_transport: lo port found : 6970
net/netfilter/nf_conntrack_rtsp.c: help_out: udp transport found, ports=(1,6970,6971)
net/netfilter/nf_conntrack_rtsp.c: help_out: Changing expectation mask to handle multiple ports
net/netfilter/nf_conntrack_rtsp.c: help_out: expect_related 80.154.117.56:0-203.143.170.239:6970
net/netfilter/nf_conntrack_rtsp.c: help: IP_CT_DIR_REPLY
net/netfilter/nf_conntrack_rtsp.c: help: IP_CT_DIR_REPLY
net/netfilter/nf_conntrack_rtsp.c: help: IP_CT_DIR_REPLY
net/netfilter/nf_conntrack_rtsp.c: help_out: found a setup message
net/netfilter/nf_conntrack_rtsp.c: rtsp_parse_transport: tran='Transport: RTP/AVP;unicast;client_port=6972-6973
'
net/netfilter/nf_conntrack_rtsp.c: rtsp_parse_transport: lo port found : 6972
net/netfilter/nf_conntrack_rtsp.c: help_out: udp transport found, ports=(1,6972,6973)
net/netfilter/nf_conntrack_rtsp.c: help_out: Changing expectation mask to handle multiple ports
net/netfilter/nf_conntrack_rtsp.c: help_out: expect_related 80.154.117.56:0-203.143.170.239:6972
net/netfilter/nf_conntrack_rtsp.c: help: IP_CT_DIR_REPLY
net/netfilter/nf_conntrack_rtsp.c: help: IP_CT_DIR_REPLY
net/netfilter/nf_conntrack_rtsp.c: help: IP_CT_DIR_REPLY
net/netfilter/nf_conntrack_rtsp.c: help: IP_CT_DIR_REPLY
net/netfilter/nf_conntrack_rtsp.c: help: conntrackinfo = 2
net/netfilter/nf_conntrack_rtsp.c: help: IP_CT_DIR_REPLY
net/netfilter/nf_conntrack_rtsp.c: help_out: found a setup message
net/netfilter/nf_conntrack_rtsp.c: rtsp_parse_transport: tran='Transport: RTP/AVP;unicast;client_port=6970-6971
'
net/netfilter/nf_conntrack_rtsp.c: rtsp_parse_transport: lo port found : 6970
net/netfilter/nf_conntrack_rtsp.c: help_out: udp transport found, ports=(1,6970,6971)
net/netfilter/nf_conntrack_rtsp.c: help_out: Changing expectation mask to handle multiple ports
net/netfilter/nf_conntrack_rtsp.c: help_out: expect_related 80.154.117.67:0-203.143.170.239:6970
net/netfilter/nf_conntrack_rtsp.c: help: IP_CT_DIR_REPLY
net/netfilter/nf_conntrack_rtsp.c: help: IP_CT_DIR_REPLY
net/netfilter/nf_conntrack_rtsp.c: help: IP_CT_DIR_REPLY
net/netfilter/nf_conntrack_rtsp.c: help_out: found a setup message
net/netfilter/nf_conntrack_rtsp.c: rtsp_parse_transport: tran='Transport: RTP/AVP;unicast;client_port=6972-6973
'
net/netfilter/nf_conntrack_rtsp.c: rtsp_parse_transport: lo port found : 6972
net/netfilter/nf_conntrack_rtsp.c: help_out: udp transport found, ports=(1,6972,6973)
net/netfilter/nf_conntrack_rtsp.c: help_out: Changing expectation mask to handle multiple ports
net/netfilter/nf_conntrack_rtsp.c: help_out: expect_related 80.154.117.67:0-203.143.170.239:6972
net/netfilter/nf_conntrack_rtsp.c: help: IP_CT_DIR_REPLY
net/netfilter/nf_conntrack_rtsp.c: help: IP_CT_DIR_REPLY
net/netfilter/nf_conntrack_rtsp.c: help: IP_CT_DIR_REPLY
net/netfilter/nf_conntrack_rtsp.c: help: IP_CT_DIR_REPLY

Wed May 20 08:34:09 2009

Mike says:

Just to make sure, did you also load the nf_nat_rtsp module?

Thu May 21 03:23:51 2009

Thava says:

From Thava,

First, I only loaded the nf_conntrack_rtsp module.
because of some posts and texts like :

- There is no nf_nat_rtsp module available from the
2006-09-14: Steven Van Acker <deepstar at singularity.be>
26 * - removed calls to NAT code from conntrack helper: NAT no longer needed to use rtsp-conntrack

Thanks Mike, now I loaded the nf_nat_rtsp module and now the streaming works, but with the poor quality, sometimes breaks and timeout. what can be the problem?

Another question is , how can I mark the RTSP udp traffic coming from the rtsp-client, ( I need to mark and route the streaming traffic via a different interface at the router)

the rule:
iptables -t mangle -A PREROUTING -i br0 -m udp -m helper --helper rtsp -j MARK --set-mark 0x8
does not work.
(I mark the tcp traffic using tcp port 554)

- Thava

Thu May 21 12:48:35 2009

Mike says:

As for the dropouts, it is most likely server or bandwidth related. I was able to stream Hi-def content without any hickups a few hours later it had breaks as well.

Regarding the marking of the packages, apparently the code is only tracking inbound packages and not outbound ones. As a result you have to allow outbound traffic AND you apparently cannot mark outbound packages. I do not really know why this is happening though. Patches are welcome

Fri May 22 04:04:35 2009

Thava says:

Mike,
This is the NW configuration:
VideoServer----Internet----Router----------RTSPClient

The Router has 2 WAN and 1 LAN interfaces. The RTSP Client is connected to the LAN interface.

Q1: The rtsp conntrack module tracks all RTSP connections (Incoming + Outgoing) of all the interfaces of the Router ? or Only Outgoing connections on all the interfaces are tracked?

Q2: If incoming connections are tracked, why not the RTSP connection traffi cincoming via the lAN interface not tracked ? ( stupid Q?)

ps: with nf_conntrack_ftp , this was possible, All the incoming TCP traffic on the LAN interface of the router belongs to the FTP session are correctly marked. ( Note: These FTP traffic really goes out of the WAN inetercae, similar to RTSP traffic).

These are just comments, if useful ..

Rgds
Thava

Fri May 22 09:50:08 2009

Mike says:

Currently with --helper rtsp you will see only incoming traffic on the WAN interface marked as handled by conntrack_rtsp. You are right it should mark all traffic, but as I said before I do not understand why the module is not already doing this. I am sure that there is something wrong/missing for it to work correctly but my netfilter knowledge is not good enough to fix this.

Sat Nov 14 08:27:47 2009

yu says:

Hello,Maru

I try to use my mobile phone connected to a router with Wi-fi to visit youtube, but I fail to do so.My friend told me that the software in my phone use RTSP to interact with youtube, so I must add RTSP ALG into my router.
But I use Window Media Play, which also use RTSP protocol, to see video, and it is successful.
Now, I don't understand the difference between Window Media Player and the software of my phone.
Could you tell me why,please.

Sat Nov 14 09:22:16 2009

Maru says:

Hi Yu,

If you watch youtube you normally use the standard HTTP protocol no RTSP involved. That said I do not know what your phone does exactly. Are normal sites working on your phone?

Discussion