[Freeswitch-dev] SO_REUSEPORT for RTP
Michael Jerris
mike at jerris.com
Mon Jan 23 21:01:03 MSK 2017
This adds zero value to security and adds lots of possibilities of failed calls. Seems like a complete waste of time to me. Education on what is and is not secure and why blocking more ports that are not listening adds zero to security seems a much more useful way to use time
> On Jan 23, 2017, at 10:02 AM, Tamas Jalsovszky <jalsot at gmail.com> wrote:
>
> Hello,
>
> I have a few places where using a SIP (or webrtc) endpoint demands opening up the very restrictive local network firewall. Setting rtp port range would be the way to go, however usually the simple math (e.g. setting the range for 2x the number of endpoints) is still not welcomed by local network admins - paranoid ones :)
>
> My idea here is whether we could use SO_REUSEPORT in the RTP stack (I've found in sofia lib the conditional use of this option) and possibly setting a very short range for RTP or even setting only one port (I'm not sure about RTCP) as from the other side packets come from the same IP but from different port, e.g.
> IPclient:PortA -> IPFSserver:PortX
> IPclient:PortB -> IPFSserver:PortX
> IPclient:PortC -> IPFSserver:PortX
> etc.
>
> What do you think, would it be doable? If not, any other way to rapidly lower the port range to be set at the endpoint side?
>
> Regards,
> Jalsot
>
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-dev
mailing list