[Freeswitch-dev] SO_REUSEPORT for RTP
Michael Jerris
mike at jerris.com
Mon Jan 23 21:24:22 MSK 2017
on second thought….
src/switch_rtp.c:2594: if (switch_socket_opt_set(rtcp_new_sock, SWITCH_SO_REUSEADDR, 1) != SWITCH_STATUS_SUCCESS) {
src/switch_rtp.c:2690: if (switch_socket_opt_set(new_sock, SWITCH_SO_REUSEADDR, 1) != SWITCH_STATUS_SUCCESS) {
it’s already there.
> On Jan 23, 2017, at 1:22 PM, Michael Jerris <mike at jerris.com> wrote:
>
> we’d look at it at least.
>
>> On Jan 23, 2017, at 1:16 PM, Tamas Jalsovszky <jalsot at gmail.com <mailto:jalsot at gmail.com>> wrote:
>>
>> I can just agree with your statement. Unfortunately this is not my/our brain-dead policy or rule but a few corporate firewall "specialists'", and having no influence on it.
>>
>> If somebody provides a patch, would you merge it or you would bar any such a complication?
>>
>> On 23 January 2017 at 19:01, Michael Jerris <mike at jerris.com <mailto:mike at jerris.com>> wrote:
>> This adds zero value to security and adds lots of possibilities of failed calls. Seems like a complete waste of time to me. Education on what is and is not secure and why blocking more ports that are not listening adds zero to security seems a much more useful way to use time
>>
>> > On Jan 23, 2017, at 10:02 AM, Tamas Jalsovszky <jalsot at gmail.com <mailto:jalsot at gmail.com>> wrote:
>> >
>> > Hello,
>> >
>> > I have a few places where using a SIP (or webrtc) endpoint demands opening up the very restrictive local network firewall. Setting rtp port range would be the way to go, however usually the simple math (e.g. setting the range for 2x the number of endpoints) is still not welcomed by local network admins - paranoid ones :)
>> >
>> > My idea here is whether we could use SO_REUSEPORT in the RTP stack (I've found in sofia lib the conditional use of this option) and possibly setting a very short range for RTP or even setting only one port (I'm not sure about RTCP) as from the other side packets come from the same IP but from different port, e.g.
>> > IPclient:PortA -> IPFSserver:PortX
>> > IPclient:PortB -> IPFSserver:PortX
>> > IPclient:PortC -> IPFSserver:PortX
>> > etc.
>> >
>> > What do you think, would it be doable? If not, any other way to rapidly lower the port range to be set at the endpoint side?
>> >
>> > Regards,
>> > Jalsot
>> >
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org <http://www.freeswitch.org/>
>> http://wiki.freeswitch.org <http://wiki.freeswitch.org/>
>> http://www.cluecon.com <http://www.cluecon.com/>
>>
>> FreeSWITCH-dev mailing list
>> FreeSWITCH-dev at lists.freeswitch.org <mailto:FreeSWITCH-dev at lists.freeswitch.org>
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev <http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev>
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev <http://lists.freeswitch.org/mailman/options/freeswitch-dev>
>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-dev mailing list
>> FreeSWITCH-dev at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
>> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-dev/attachments/20170123/7fd45a57/attachment.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-dev
mailing list