Linux Masquerading Module for SIP

Provided on this page is the source code for a Linux masquerading module for the Session Initiation Protocol (SIP). Note that this module only watches for UDP SIP traffic, and will not yet masquerade for TCP SIP connections.

The module watches for outgoing UDP packets destined to port 5060. On outgoing packets, it will modify:

The Topmost Via header
The Contact header
The SDP body (if there is one)
The Content-Length header

It will also setup a port mapping for outgoing media streams. On incomming SIP packets, it will check the SDP for a masqueraded connection, and if they are both from behind the firewall, it will reverse-NAT to ensure that media does not flow through the masquerading host.

A detailed description of how the module actually works can be found in draft-biggs-sip-nat-00.txt. We hope that by providing this document, and this sample implementation, that this can help promote the addition of simple SIP session support to other NAT and Firewall products.

31 Mar 2000 ip_masq_sip-0.3.tar.gz Fixed some problems with my previous fix.
23 Mar 2000 ip_masq_sip-0.2.tar.gz Added the 'ipaddr' module option to supply an explicit masquerade address to use.
23 Mar 2000 ip_masq_sip.o New binary for Kernel 2.2.14
2 Mar 2000 ip_masq_sip-0.1.tar.gz Initial Release
2 Mar 2000 ip_masq_sip.o Convenience Binary for Kernel 2.2.14

Installation Instructions

The module binary provided above is currently built for Linux kernel 2.2.14. If you wish to use this module with other kernels, you should recompile the module from source first. Your kernel must be compiled with IP forwarding, IP firewalling, and masquerading enabled.

In order to use the binary, nothing else need to be done besides running:


	insmod /path/to/module/ip_masq_sip.o

Note that the insmod needs to be run as root. This should be sufficient to load the module. To confirm that the module was successfully loaded, use the command lsmod to list all currently loaded modules, of which ip_masq_sip should be present.

If you do not have IP masquerading setup on your Linux box, a good reference for how to do this is to read the IP Masquerading HOWTO.

Comments

If you have any comments about this code, or have any bug reports, please send them to masquerade@sip-happens.com.

31 Mar 2000	ip_masq_sip-0.3.tar.gz	Fixed some problems with my previous fix.
23 Mar 2000	ip_masq_sip-0.2.tar.gz	Added the 'ipaddr' module option to supply an explicit masquerade address to use.
23 Mar 2000	ip_masq_sip.o	New binary for Kernel 2.2.14
2 Mar 2000	ip_masq_sip-0.1.tar.gz	Initial Release
2 Mar 2000	ip_masq_sip.o	Convenience Binary for Kernel 2.2.14

Linux Masquerading Module for SIP

Installation Instructions

Comments

This web page is up to date.