General information
Development
NF_SRTP is a software intended to process RTP/SRTP traffic.
Unprotected RTP traffic to and from any source can be protected using NF_SRTP, as long as it goes through the computer that runs NF_SRTP. On the other hand, protected RTP traffic (eg. SRTP), can be processed using NF_SRTP.
NF_SRTP relies on David A. McGrew's libsrtp to secure RTP and netfilter/iptables for traffic selection.
Traffic Selection
Traffic selection is achieved through the netfilter/iptables queue target. It is therefore necessary to explicitly queue the traffic we want to protect/unprotect.
As an example, the following iptables rule queues all UDP packets which destination port is set to 9999 to userspace, for further processing by NF_SRTP :
iptables -A INPUT --protocol udp --destination-port 9999 -j QUEUE
Once processed (eg. protected or unprotected), packets are reinjected to the kernel.
Performance considerations
The fact that packets are queued to userspace, processed and then reinjected to the kernel might lead to performance issues we are not currently able to measure.
Any help in providing such measures will be appreciated.