nf_conntrack_h323 no expectations
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux-lts-vivid (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
We have a problem with module nf_conntrack_h323.
Module doesn't make expectations for RTP/RTCP traffic in conntrack expect table.
I think module does.n see H.245/Q931 informations in connection.
If We try to use SIP with module nf_conntrack_sip, SIP work fine.
Our architecture - Client <----SIP/
We have 3 Servers with DNAT/SNAT translation and 3 routing tables on ubuntu router server for each other.
#ip r ls table TUN1
default dev tun1 scope link
# ip r ls table TUN2
default dev tun2 scope link
# ip r ls table TUN3
default dev tun3 scope link
We marked input traffic from tunnels and restore mark for backward with iptables.
-A PREROUTING -i tun1 -j CONNMARK --set-xmark 0x1/0xffffffff
-A PREROUTING -i tun2 -j CONNMARK --set-xmark 0x2/0xffffffff
-A PREROUTING -i tun3 -j CONNMARK --set-xmark 0x3/0xffffffff
-A PREROUTING -s 192.168.253.0/24 -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff
Send traffic to tunnels with ip rules
32762: from all fwmark 0x1 lookup TUN1
32763: from all fwmark 0x3 lookup TUN3
32764: from all fwmark 0x2 lookup TUN2
If We trying SIP all works fine. Packets marked and restored, also for RTP/RTCP.
# conntrack -L | grep "91.210.105.210"
udp 17 3549 src=91.210.105.210 dst=192.168.253.223 sport=5060 dport=5060 src=192.168.253.223 dst=91.210.105.210 sport=5060 dport=5060 [ASSURED] mark=1 helper=sip use=1
# conntrack -L expect| grep "91.210.105.210"
32 proto=17 src=0.0.0.0 dst=91.210.105.210 sport=0 dport=19092 mask-src=0.0.0.0 mask-dst=
If We change protocol to h.323 RTP/RTCP doesn't work. No Audio with call.
# conntrack -L | grep "91.210.105.210"
ESTABLISHED src=91.210.105.210 dst=192.168.253.223 sport=12030 dport=1720 src=192.168.253.223 dst=91.210.105.210 sport=1720 dport=12030 [ASSURED] mark=1 helper=Q.931 use=1
No record in expectation table
conntrack -L expect| grep "91.210.105.210"
loaded modules with commands:
/sbin/modprobe nf_conntrack_sip sip_direct_
/sbin/modprobe nf_nat_sip
/sbin/modprobe nf_conntrack_h323 gkrouted_only=0 callforward_
/sbin/modprobe nf_nat_h323
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: linux-image-
ProcVersionSign
Uname: Linux 3.19.0-59-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.19
Architecture: amd64
Date: Fri May 20 08:29:56 2016
InstallationDate: Installed on 2016-05-09 (10 days ago)
InstallationMedia: Ubuntu-Server 14.04.3 LTS "Trusty Tahr" - Beta amd64 (20150805)
SourcePackage: linux-lts-vivid
UpgradeStatus: No upgrade log present (probably fresh install)