nf_conntrack_h323 no expectations

Bug #1583924 reported by overty
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux-lts-vivid (Ubuntu)
New
Undecided
Unassigned

Bug Description

We have a problem with module nf_conntrack_h323.
Module doesn't make expectations for RTP/RTCP traffic in conntrack expect table.
I think module does.n see H.245/Q931 informations in connection.
If We try to use SIP with module nf_conntrack_sip, SIP work fine.

Our architecture - Client <----SIP/H.323---->DNAT/SNAT <----IPIP tunnel----> Router(ubuntu)<---->VoIP Soft Switch.

We have 3 Servers with DNAT/SNAT translation and 3 routing tables on ubuntu router server for each other.

#ip r ls table TUN1
default dev tun1 scope link
# ip r ls table TUN2
default dev tun2 scope link
# ip r ls table TUN3
default dev tun3 scope link

We marked input traffic from tunnels and restore mark for backward with iptables.
-A PREROUTING -i tun1 -j CONNMARK --set-xmark 0x1/0xffffffff
-A PREROUTING -i tun2 -j CONNMARK --set-xmark 0x2/0xffffffff
-A PREROUTING -i tun3 -j CONNMARK --set-xmark 0x3/0xffffffff
-A PREROUTING -s 192.168.253.0/24 -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff

Send traffic to tunnels with ip rules
32762: from all fwmark 0x1 lookup TUN1
32763: from all fwmark 0x3 lookup TUN3
32764: from all fwmark 0x2 lookup TUN2

If We trying SIP all works fine. Packets marked and restored, also for RTP/RTCP.

# conntrack -L | grep "91.210.105.210"
udp 17 3549 src=91.210.105.210 dst=192.168.253.223 sport=5060 dport=5060 src=192.168.253.223 dst=91.210.105.210 sport=5060 dport=5060 [ASSURED] mark=1 helper=sip use=1

# conntrack -L expect| grep "91.210.105.210"
32 proto=17 src=0.0.0.0 dst=91.210.105.210 sport=0 dport=19092 mask-src=0.0.0.0 mask-dst=255.255.255.255 sport=0 dport=65535 master-src=91.210.105.210 master-dst=192.168.253.223 sport=5060 dport=5060 class=1 helper=sip

If We change protocol to h.323 RTP/RTCP doesn't work. No Audio with call.

# conntrack -L | grep "91.210.105.210"
ESTABLISHED src=91.210.105.210 dst=192.168.253.223 sport=12030 dport=1720 src=192.168.253.223 dst=91.210.105.210 sport=1720 dport=12030 [ASSURED] mark=1 helper=Q.931 use=1

No record in expectation table
conntrack -L expect| grep "91.210.105.210"

loaded modules with commands:

/sbin/modprobe nf_conntrack_sip sip_direct_signalling=0 sip_direct_media=0
/sbin/modprobe nf_nat_sip
/sbin/modprobe nf_conntrack_h323 gkrouted_only=0 callforward_filter=0
/sbin/modprobe nf_nat_h323

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: linux-image-3.19.0-59-generic 3.19.0-59.65~14.04.1
ProcVersionSignature: Ubuntu 3.19.0-59.65~14.04.1-generic 3.19.8-ckt19
Uname: Linux 3.19.0-59-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.19
Architecture: amd64
Date: Fri May 20 08:29:56 2016
InstallationDate: Installed on 2016-05-09 (10 days ago)
InstallationMedia: Ubuntu-Server 14.04.3 LTS "Trusty Tahr" - Beta amd64 (20150805)
SourcePackage: linux-lts-vivid
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
overty (nik-overty) wrote :
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.