agprojects / mediaproxy Goto Github PK
View Code? Open in Web Editor NEWMedia relay for RTP/RTCP and UDP streams
Home Page: http://projects.ag-projects.com/projects/mediaproxy
License: Other
Media relay for RTP/RTCP and UDP streams
Home Page: http://projects.ag-projects.com/projects/mediaproxy
License: Other
MediaProxy ---------- Authors: Ruud Klaver, Dan Pascu, Saul Ibarra Home page: http://mediaproxy.ag-projects.com License ------- This software is licensed according to the GNU General Public License version 2. See LICENSE file for more details. For other licensing options please contact [email protected] Description ----------- MediaProxy is a media relay for RTP/RTCP and UDP streams that works in tandem with OpenSIPS to provide NAT traversal capability for media streams from SIP user agents located behind NAT. When using MediaProxy, NAT traversal for RTP media will work without any settings in the SIP User Agents or the NAT router. Features -------- - Scalability of thousands of calls per server limited only by the Linux kernel networking layer and network interface bandwidth - Supports multiple chained relays as long as each has a public IP - TLS encryption between the relays and dispatcher - T.38 fax support - Graceful shutdown capability - Automatic load balancing and redundancy among all media relays - Real-time sessions statistics - Configurable IP and UDP port range - Support for any combination of audio and video streams - Ability to use OpenSIPS' MI interface to close a call that did timeout - Radius accounting of IP network traffic - Database accounting of complete media information including all streams, their type, codecs and duration. - Supports ICE negotiation by behaving like a TURN relay candiate Background ----------- MediaProxy 2.0 is the second generation media relay application which is based on a completely new design that allows for major improvements in areas such as scalability (an order of magnitude more scalable than previous version) and security (communication between relay and dispatcher is encrypted). New features have been added to support call flows related to user mobility and fax transmission. Architecture ------------ MediaProxy consists of a dispatcher and one or more media relays. The dispatcher component always runs on the same host as OpenSIPS and communicates with its mediaproxy module through a UNIX domain socket. The relay(s) connect to the dispatcher using TLS. This relay component may be on the same or on a different host as OpenSIPS. There may be several relays for the dispatcher to choose from and a relay may service more than one dispatcher. When OpenSIPS requests that a call be relayed, the dispatcher will forward this request to one of its connected relays, along with some data from the SDP. The relay will allocate a set of UDP ports for this session, depending on the number of proposed streams. It will inform the dispatcher which ports it has allocated so that it may in turn notify the mediaproxy module of OpenSIPS, which will replace the relevant parts of the SDP. The same is done for any SIP messages from the callee, thus all the media streams will be sent through the relay. When the session between caller and callee has finished, either through a SIP BYE or because the media is no longer flowing and has timed out, the relay will send session information to the dispatcher, which can store this information using one or more accounting modules. The session information may also be queried using a management interface on the dispatcher. All of this is illustrated in the following diagram: +---+ +---+ | | +---------------------+ | | | | | SIP Proxy | | | | | | +----------+ | SIP | | | |<--+->| OpenSIPS |<------+------------------->| | | | | +----------+ | | | | | | ^ | | | | | | | UNIX socket | | | | C | | v | | C | | A | | +------------+ | +------------+ | A | | L | | | Dispatcher |<-----+-->| Management | | L | | L | | +------------+ TCP | | client | | L | | E | | ^ /TLS | +------------+ | E | | R | | | | | E | | | +---------+-----------+ | | | | | | | | | | TLS | | | | v | | | | +-------------+ UDP | | | |<---->| Relay |<----------------------->| | | | +-------------+ RTP / RTCP | | +---+ +---+ Please note that the accounting modules are not shown. Compatibility and pre-requisites -------------------------------- Both OpenSIPS and MediaProxy must use a public IP address. To run the software, you will need a server running the Linux Operating System using a kernel version 2.6.18 or higher that has been compiled with connection tracking support (conntrack). IPtables 1.4.3 or higher is also required. Because of this dependency on Linux, other operating systems are not supported. This dependency only applies to the media relay component. The dispatcher component which runs on the same host as OpenSIPS, can run on any platform that has a python interpreter and supports the twisted framework. Communication between the dispatcher and the relays uses TLS encryption and requires a set of X509 certificates to work. For more information about this please read tls/README which contains information about the sample certificates that are included as well as information about how to generate your own. MediaProxy is meant to be used together with OpenSIPS' mediaproxy module. This version of MediaProxy (2.0 or higher) cannot be used in combination with any version of OpenSIPS older than 1.4 or any components of MediaProxy older than 2.0. You must completely upgrade any previous installation of OpenSER to OpenSIPS to use this version of MediaProxy. No STUN or TURN support are required in the clients. The SIP User Agents must work symmetrically (that is to send and receive data on the same port for each stream), which is documented in RFC 4961. To display the history of the media streams CDRTool 6.5 or higher is required. Some features that were present in the previous version have been removed: - Support for specifying media relays per domain has been discontinued - Support for DNS records has been discontinued - Support for asymmetric clients has been discontinued - Support for other operating systems than Linux has been discontinued (only for the media relay, as the dispatcher has no such limitation) For information of how to install MediaProxy, please consult the INSTALL file. Important note -------------- For Linux kernels >= 4.9 and < 5.1 you must add a rule to trigger the connection tracking: sudo iptables -I INPUT -m state --state NEW Starting with kernel 5.1 you can enable enable_hooks parameter: modprobe nf_conntrack enable_hooks=1 or use the iptables rule above. For more information about this requirement see: https://github.com/torvalds/linux/commit/ba3fbe663635ae7b33a2d972c5d2def036258e42 Operation --------- Before the relay is run, please make sure that /proc/sys/net/ipv4/ip_forward is set to "1". Also for newer kernels ACCT on connection tracking needs to be enabled. Therefore /proc/sys/net/netfilter/nf_conntrack_acct must be set to "1". Both the dispatcher and the relay should be executed with root privileges. With no arguments, both applications will automatically fork into the background and log to syslog. They can remain in the foreground and log to console when given the --no-fork argument. The relay can be shut down in two ways. When receiving either an INT or TERM signal, the relay will terminate all of its sessions immediately and inform the dispatcher that those sessions have expired. When given the HUP signal, it will not accept any new sessions from the dispatcher and wait for all of the running sessions to expire, thus terminating gracefully. At the very least a set of TLS credentials is required. Sample certificates for this are included in the tls/ subdirectory. DO NOT USE THESE IN A PRODUCTION ENVIRONMENT, but only for testing purposes. For more information about TLS certificates and how to generate your own, check the tls/README file. Accounting ---------- MediaProxy is capable to do additional per call accounting with information related to the media streams used by the call. MediaProxy has a modular interface to the accounting system, allowing for new modules to be easily implemented. Currently it supports database and radius backends. Multiple backends can be configured and used simultaneously. Radius accounting ----------------- The radius backend logs very basic information about the media streams. The limited nature of the logged information is mainly given by the limitations imposed by the radius protocol to the data size. The information sent in the radius packet is shown below: Acct-Status-Type = "Update" User-Name = "mediaproxy@default" Acct-Session-Id = call_id Sip-From-Tag = from_tag Sip-To-Tag = to_tag Acct-Session-Time = call duration Acct-Input-Octets = bytes received from caller Acct-Output-Octets = bytes received from callee NAS-IP-Address = media-relay address Sip-User-Agents = caller + callee user agents Sip-Applications = "Audio", "Video", ... Media-Codecs = codecs used by streams (comma separated) Media-Info = "timeout" or "" Acct-Delay-Time = post dial delay (seconds from INVITE to 1st media packet) Database accounting ------------------- The database backend logs all the information related to the media streams that were created/closed during the whole session. This information is stored as a JSON encoded string in a BLOB column in the database, along with the call_id, from_tag and to_tag columns that can be used to retrieve the media information for a given call. The database table and column names are fully configurable in the database section of the configuration file. The table used to store these records, is automatically created by the media dispatcher on startup, if it's not present. For this to happen, the user that is configured in the dburi option in the database section, must have the CREATE and ALTER rights on the database specified in the same dburi. If this is not possible, then the media dispatcher will log an error indicating why it could not create the table and also output the table definition that can be used by some human operator to manually create the table. However, the recommended way is to grant the CREATE and ALTER privileges to the user in the dburi over the database specified in the same dburi. The database module uses SQLObject to access the database, which means it can work with a lot of databases, by simply changing the scheme in the dburi. Currently the following databases are supported: mysql, postgres, sqlite, firebird, maxdb, mssql and sybase. Closing expired calls --------------------- Starting with version 2.1.0, MediaProxy supports closing calls for which all the media streams did timeout, but for which no BYE was received to close the call in the standard way. This feature will only work, when the OpenSIPS mediaproxy module uses the engage_media_proxy() command to start MediaProxy for a given call. In this case the mediaproxy module uses the dialog module to keep track of the call and can pass the dialog id to the media dispatcher. When a media session is expired because all streams did timeout, but no closing request was received from the proxy, the media dispatcher will use the dialog id that was received from the mediaproxy module, to issue a dlg_end_dlg request into the OpenSIPS' MI interface, instructing OpenSIPS to generate the BYEs for the call, closing it in a clean way and generating the accounting records. To use this, the mi_datagram module must be loaded and configured to use a UNIX filesystem socket which must also be configured into the OpenSIPS section of the MediaProxy configuration as socket_path. This feature is not available when using the use_media_proxy/end_media_session functions in the proxy configuration, because in that case there is no dialog that is tracked by the proxy which could be terminated using dlg_end_dlg. Gracefull shutdown ------------------ To tell media-relay component to gracefully shutdown when using systemd: sudo systemctl reload mediaproxy-relay The reload command will send the HUP signal to the PID of the relay component and the software will shutdown when the last relayed call has ended. Management interface -------------------- The management interface will accept commands terminated by \r\n. It will return the results of the command, one per line, terminated by an empty line (also \r\n terminated). Currently two commands are supported: sessions : This will have the dispatcher query all of its connected relays for active sessions. For every sessions it finds it will return one line with a JSON encoded dictionary containing session information. summary : This will have the dispatcher present a summary of each of its connected relays. The results are returned as a JSON encoded dictionary, one line per relay. Free support ------------ MediaProxy is developed and supported by AG Projects. AG Projects offers best-effort free support for MediaProxy. "best-effort" means that we try to solve the bugs you report or help fix your problems as soon as we can, subject to available resources. You may report bugs or feature request to: [email protected] A mailing list archive is available at: http://lists.opensips.org/cgi-bin/mailman/listinfo/users Commercial support ------------------ Visit http://ag-projects.com
Hello,
I have the issue with properly work nf_conntrack for handle ESTABLESHED connection allowing port when RTP streams bridged via mediaproxy. As I see, mediaproxy aggregate two "track" of conntrack to one and drop original two "tracks" via nfct_destroy. So, remote UA port not allowed, becasue iptables cannot detects right port for allow it. Please see attachements for more info.
I have touch this file :
cat << EOF >/etc/mediaproxy/config.ini
[Relay]
dispatchers = 192.168.88.10
passport = None
relay_ip = 192.168.88.10
port_range = 50000:60000
[Dispatcher]
socket_path = dispatcher.sock
listen = 192.168.88.10
listen_management = 192.168.88.10
passport = None
management_passport = None
[TLS]
[Database]
[Radius]
[OpenSIPS]
socket_path = /var/run/opensips/socket
max_connections = 10
EOF
[[email protected]]# media-dispatcher --no-fork
Traceback (most recent call last):
File "/usr/bin/media-dispatcher", line 18, in
default_pid = mediaproxy.runtime_directory + '/dispatcher.pid'
AttributeError: 'module' object has no attribute 'runtime_directory'
[root@ mediaproxy-release-2.6.6]#
Hello,
I'm running python2.7, and installed all required packages on a Centos 6.8 machine, however, I get the following errors when trying to start the server:
[root@localhost mediaproxy-master]# python2.7 /usr/bin/media-relay --no-fork
Starting MediaProxy Relay 2.6.3
fatal error: failed to create MediaProxy Relay: cannot find a supported version of libgnutls on this system
[root@localhost mediaproxy-master]# python2.7 /usr/bin/media-dispatcher --no-fork
Starting MediaProxy Dispatcher 2.6.3
Traceback (most recent call last):
File "/usr/bin/media-dispatcher", line 47, in <module>
from mediaproxy.dispatcher import Dispatcher
File "/usr/local/lib/python2.7/site-packages/mediaproxy/dispatcher.py", line 18, in <module>
from gnutls.interfaces.twisted import TLSContext
File "/usr/local/lib/python2.7/site-packages/gnutls/interfaces/twisted/__init__.py", line 13, in <module>
from gnutls.connection import ClientSession, ServerSession, ServerSessionFactory
File "/usr/local/lib/python2.7/site-packages/gnutls/connection.py", line 13, in <module>
from gnutls.constants import *
File "/usr/local/lib/python2.7/site-packages/gnutls/constants.py", line 21, in <module>
from gnutls.library import constants
File "/usr/local/lib/python2.7/site-packages/gnutls/library/__init__.py", line 58, in <module>
libgnutls = load_library(abi_versions=(28, 30)) # will use the highest of the available ABI versions
File "/usr/local/lib/python2.7/site-packages/gnutls/library/__init__.py", line 55, in load_library
raise RuntimeError('cannot find a supported version of libgnutls on this system')
RuntimeError: cannot find a supported version of libgnutls on this system
Any thoughts?
Thanks
//M
In my deployment scenario, Freeswitch ,Opensips and MediaProxy is on the same LAN .I want MediaProxy listening a public ip for Nat-ed Clients, and a private ip for Freeswitch(Because Freeswitch can not communicate with the public ip).
Hello,
With a 4.19 kernel the conntrack rules seem not to be used.
Mediaproxy relay packets during 60s and then the session is terminated.
I see the rules in /proc/net/nf_conntrack initialized with the 60s with the state [UNREPLIED], no packets are incremented.
This didn't occur with 4.9 kernel and before.
This is probably not a bug in mediaproxy, I'm not really sure how conntrack should be working and if it could be some intended change.
NB : in a test with a custom iptables DNAT rule matching Mediaproxy, the rule is updated and used (packet counter increase, state [ASSURED], no timeout).
Hello,
I see this feature in the TODO.
Do you have any idea regarding when it will be (if ever) implemented?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.