Expectations

Expectations

[Stéphane Veyret]

Hi,

I think I finished the work regarding expectations. I sent 4 patches
(yesterday evening CEST) for 3 different projects : kernel, library
and nft (now waiting for your feedback).
I would like now to add a new helper module in the kernel to manage
RTSP. Do you think it could be a good idea/useful thing?

Regards,

Stéphane Veyret

Re: Expectations

[Florian Westphal]

Stéphane Veyret <sveyret@gmail.com> wrote:
> I think I finished the work regarding expectations. I sent 4 patches
> (yesterday evening CEST) for 3 different projects : kernel, library
> and nft (now waiting for your feedback).
> I would like now to add a new helper module in the kernel to manage
> RTSP. Do you think it could be a good idea/useful thing?

RTSP looks rather complex, wouldn't it be better/simpler to use
a proxy?

We have TPROXY so we can intercept udp and tcp connections; we have
ctnetlink so the proxy could even inject expectations to keep the real
data in the kernel forwarding plane.

Re: Expectations

[Stéphane Veyret]

Le dim. 19 mai 2019 à 22:14, Florian Westphal <fw@strlen.de> a écrit :
> RTSP looks rather complex, wouldn't it be better/simpler to use
> a proxy?

RTSP does not seem that complex to me. It is a bit like FTP: the
client sends a first connection in order to define the ports to use,
then the server initiates the connection on those ports.
I saw some examples of RTSP helper libraries written for old versions
of the kernel (focused on iptables), so I think it would not be very
complicated to port to newest versions.

> We have TPROXY so we can intercept udp and tcp connections; we have
> ctnetlink so the proxy could even inject expectations to keep the real
> data in the kernel forwarding plane.

It would mean we would need to open/expect a very wide range of ports,
if we don't look into the first message to grab the real used port…

By the way, as I had no feedback for the moment regarding expectation
patch I sent (yes, I know it needs time to code review), I just
wondered if I sent them correctly and if they arrived to the mailing
list. They are 4 mails sent on May 17th at about 18:40 CEST. If
someone could just confirm reception, that would be good.

Thank you

Stéphane

Re: Expectations

[Florian Westphal]

Stéphane Veyret <sveyret@gmail.com> wrote:
> Le dim. 19 mai 2019 à 22:14, Florian Westphal <fw@strlen.de> a écrit :
> > RTSP looks rather complex, wouldn't it be better/simpler to use
> > a proxy?
> 
> RTSP does not seem that complex to me.

Oh?  It looked complex to me:
https://www.rfc-editor.org/rfc/rfc7826.txt

but perhaps you only need a subset of this..?

> It is a bit like FTP: the
> client sends a first connection in order to define the ports to use,
> then the server initiates the connection on those ports.
> I saw some examples of RTSP helper libraries written for old versions
> of the kernel (focused on iptables), so I think it would not be very
> complicated to port to newest versions.

> > We have TPROXY so we can intercept udp and tcp connections; we have
> > ctnetlink so the proxy could even inject expectations to keep the real
> > data in the kernel forwarding plane.
> 
> It would mean we would need to open/expect a very wide range of ports,
> if we don't look into the first message to grab the real used port…

No, the idea is to parse the RTSP data in the proxy, then inject the
expectations based on the exchanged/requested information.

No functional change wrt. a kernel based helper, except that the RTSP
data is parsed in userspace.

> By the way, as I had no feedback for the moment regarding expectation
> patch I sent (yes, I know it needs time to code review), I just

see
https://patchwork.ozlabs.org/patch/1101154/

nf-next is closed at this time, I expect that it will open in the next
few days and that your patch will be accepted or given feedback by then.

Re: Expectations

[Stéphane Veyret]

Le mer. 22 mai 2019 à 08:42, Florian Westphal <fw@strlen.de> a écrit :
> Oh?  It looked complex to me:
> https://www.rfc-editor.org/rfc/rfc7826.txt
>
> but perhaps you only need a subset of this..?

Well, as far as I saw, most of the RFC is not significant for the
traffic filtering. But if you think this is not a useful addition, no
problem, I'll give up. :-)

> No, the idea is to parse the RTSP data in the proxy, then inject the
> expectations based on the exchanged/requested information.

Would this mean writing some code for the proxy? If so, do you know a
functional example I can look at?

> nf-next is closed at this time, I expect that it will open in the next
> few days and that your patch will be accepted or given feedback by then.

Great, thank you!

Stéphane.