From: Max Kellermann <max@duempel.org>
To: netfilter-devel@lists.netfilter.org, kadlec@blackhole.kfki.hu
Cc: jcoco@meccorp.mec.edu, ichimg@mail.dntis.ro, totya@ajkanet.hu,
GregScott@InfraSupportEtc.com
Subject: [PATCH pom, re-post] h323-conntrack-nat: port to Linux 2.6.13+
Date: Tue, 10 Jan 2006 20:47:54 +0100 [thread overview]
Message-ID: <20060110194754.GA29354@roonstrasse.net> (raw)
[-- Attachment #1: Type: text/plain, Size: 609 bytes --]
Hi,
I already posted these two patches more than 3 months ago (September
23rd), but they were ignored. I received several requests from people
who wanted to use this module in 2.6.15... the following patch works
for 2.6.15.
h323-port_to_linux_2.6.13.patch
- port to the new API in Linux 2.6.13 and 2.6.14
- prerequisite:
svn copy patchlets/h323-conntrack-nat/linux-2.6.12 \
patchlets/h323-conntrack-nat/linux-2.6.13
h323-update_descriptions.patch
- update descriptions, mention "Voice over IP" and "gnomemeeting"
rather than only "netmeeting"
Please commit these to patch-o-matic-ng svn.
Max
[-- Attachment #2: h323-port_to_linux_2.6.13.patch --]
[-- Type: text/plain, Size: 5990 bytes --]
Wed Sep 21 21:16:53 CEST 2005 max@duempel.org
* port to linux 2.6.13
diff -rN -u old-h323-0/patchlets/h323-conntrack-nat/linux-2.6.13/net/ipv4/netfilter/ip_conntrack_h323_h225.c new-h323-0/patchlets/h323-conntrack-nat/linux-2.6.13/net/ipv4/netfilter/ip_conntrack_h323_h225.c
--- old-h323-0/patchlets/h323-conntrack-nat/linux-2.6.13/net/ipv4/netfilter/ip_conntrack_h323_h225.c 2005-09-23 09:42:05.000000000 +0200
+++ new-h323-0/patchlets/h323-conntrack-nat/linux-2.6.13/net/ipv4/netfilter/ip_conntrack_h323_h225.c 2005-09-23 09:02:16.000000000 +0200
@@ -108,7 +108,7 @@
}
if (ret && ip == ct->tuplehash[dir].tuple.src.ip) {
/* match found: create an expectation */
- exp = ip_conntrack_expect_alloc();
+ exp = ip_conntrack_expect_alloc(ct);
if (exp == NULL)
return NF_ACCEPT;
@@ -127,17 +127,20 @@
/* call NAT hook and register expectation */
if (ip_nat_h225_hook != NULL) {
- return ip_nat_h225_hook(pskb, ctinfo, i,
- exp);
+ ret = ip_nat_h225_hook(pskb, ctinfo, i,
+ exp);
} else {
/* Can't expect this? Best to drop packet now. */
if (ip_conntrack_expect_related(exp) != 0) {
- ip_conntrack_expect_free(exp);
- return NF_DROP;
+ ret = NF_DROP;
} else {
- return NF_ACCEPT;
+ ret = NF_ACCEPT;
}
}
+
+ ip_conntrack_expect_put(exp);
+
+ return ret;
}
}
diff -rN -u old-h323-0/patchlets/h323-conntrack-nat/linux-2.6.13/net/ipv4/netfilter/ip_conntrack_h323_h245.c new-h323-0/patchlets/h323-conntrack-nat/linux-2.6.13/net/ipv4/netfilter/ip_conntrack_h323_h245.c
--- old-h323-0/patchlets/h323-conntrack-nat/linux-2.6.13/net/ipv4/netfilter/ip_conntrack_h323_h245.c 2005-09-23 09:42:05.000000000 +0200
+++ new-h323-0/patchlets/h323-conntrack-nat/linux-2.6.13/net/ipv4/netfilter/ip_conntrack_h323_h245.c 2005-09-23 09:02:16.000000000 +0200
@@ -296,7 +296,7 @@
NIPQUAD(ip), ntohs(port));
if (ret && ip == ct->tuplehash[dir].tuple.src.ip) {
/* match found: create an expectation */
- exp = ip_conntrack_expect_alloc();
+ exp = ip_conntrack_expect_alloc(ct);
if (exp == NULL)
return NF_ACCEPT;
@@ -314,17 +314,20 @@
/* call NAT hook and register expectation */
if (ip_nat_h245_hook != NULL) {
- return ip_nat_h245_hook(pskb, ctinfo, i,
- exp);
+ ret = ip_nat_h245_hook(pskb, ctinfo, i, exp);
} else {
/* Can't expect this? Best to drop packet now. */
if (ip_conntrack_expect_related(exp) != 0) {
- ip_conntrack_expect_free(exp);
- return NF_DROP;
+ ret = NF_DROP;
} else {
- return NF_ACCEPT;
+ ret = NF_ACCEPT;
}
}
+
+ ip_conntrack_expect_put(exp);
+
+ if (ret != NF_ACCEPT)
+ return ret;
}
}
@@ -348,7 +351,7 @@
NIPQUAD(ip), ntohs(port));
if (ret && ip == ct->tuplehash[dir].tuple.src.ip) {
/* match found: create an expectation */
- exp = ip_conntrack_expect_alloc();
+ exp = ip_conntrack_expect_alloc(ct);
if (exp == NULL)
return NF_ACCEPT;
@@ -366,17 +369,20 @@
/* call NAT hook and register expectation */
if (ip_nat_h245_hook != NULL) {
- return ip_nat_h245_hook(pskb, ctinfo, i,
- exp);
+ ret = ip_nat_h245_hook(pskb, ctinfo, i, exp);
} else {
/* Can't expect this? Best to drop packet now. */
if (ip_conntrack_expect_related(exp) != 0) {
- ip_conntrack_expect_free(exp);
- return NF_DROP;
+ ret = NF_DROP;
} else {
- return NF_ACCEPT;
+ ret = NF_ACCEPT;
}
}
+
+ ip_conntrack_expect_put(exp);
+
+ if (ret != NF_ACCEPT)
+ return ret;
}
}
@@ -616,7 +622,7 @@
ret, i, ip, port);
if (ret && ip == ct->tuplehash[dir].tuple.src.ip) {
/* match found: create an expectation */
- exp = ip_conntrack_expect_alloc();
+ exp = ip_conntrack_expect_alloc(ct);
if (exp == NULL)
return NF_ACCEPT;
@@ -635,17 +641,19 @@
/* call NAT hook and register expectation */
if (ip_nat_h245_hook != NULL) {
ret = ip_nat_h245_hook(pskb, ctinfo, i, exp);
- if (ret != NF_ACCEPT)
- return ret;
} else {
/* Can't expect this? Best to drop packet now. */
if (ip_conntrack_expect_related(exp) != 0) {
- ip_conntrack_expect_free(exp);
- return NF_DROP;
+ ret = NF_DROP;
} else {
- return NF_ACCEPT;
+ ret = NF_ACCEPT;
}
}
+
+ ip_conntrack_expect_put(exp);
+
+ if (ret != NF_ACCEPT)
+ return ret;
}
}
@@ -663,7 +671,7 @@
ret, i, ip, port);
if (ret && ip == ct->tuplehash[dir].tuple.src.ip) {
/* match found: create an expectation */
- exp = ip_conntrack_expect_alloc();
+ exp = ip_conntrack_expect_alloc(ct);
if (exp == NULL)
return NF_ACCEPT;
@@ -682,17 +690,19 @@
/* call NAT hook and register expectation */
if (ip_nat_h245_hook != NULL) {
ret = ip_nat_h245_hook(pskb, ctinfo, i, exp);
- if (ret != NF_ACCEPT)
- return ret;
} else {
/* Can't expect this? Best to drop packet now. */
if (ip_conntrack_expect_related(exp) != 0) {
- ip_conntrack_expect_free(exp);
- return NF_DROP;
+ ret = NF_DROP;
} else {
- return NF_ACCEPT;
+ ret = NF_ACCEPT;
}
}
+
+ ip_conntrack_expect_put(exp);
+
+ if (ret != NF_ACCEPT)
+ return ret;
}
}
diff -rN -u old-h323-0/patchlets/h323-conntrack-nat/linux-2.6.13/net/ipv4/netfilter/ip_nat_h323.c new-h323-0/patchlets/h323-conntrack-nat/linux-2.6.13/net/ipv4/netfilter/ip_nat_h323.c
--- old-h323-0/patchlets/h323-conntrack-nat/linux-2.6.13/net/ipv4/netfilter/ip_nat_h323.c 2005-09-23 09:42:05.000000000 +0200
+++ new-h323-0/patchlets/h323-conntrack-nat/linux-2.6.13/net/ipv4/netfilter/ip_nat_h323.c 2005-09-23 09:02:16.000000000 +0200
@@ -108,7 +108,7 @@
}
if (port == 0) {
- ip_conntrack_expect_free(exp);
+ ip_conntrack_expect_put(exp);
return NF_DROP;
}
@@ -156,7 +156,7 @@
}
if (port == 0) {
- ip_conntrack_expect_free(exp);
+ ip_conntrack_expect_put(exp);
return NF_DROP;
}
[-- Attachment #3: h323-update_descriptions.patch --]
[-- Type: text/plain, Size: 2166 bytes --]
Wed Sep 21 22:19:04 CEST 2005 max@duempel.org
* mention gnomemeeting; replace "netmeeting" with "voice over IP"
diff -rN -u old-h323-0/patchlets/h323-conntrack-nat/help new-h323-0/patchlets/h323-conntrack-nat/help
--- old-h323-0/patchlets/h323-conntrack-nat/help 2005-09-23 09:42:16.000000000 +0200
+++ new-h323-0/patchlets/h323-conntrack-nat/help 2005-09-23 09:02:16.000000000 +0200
@@ -1,6 +1,7 @@
-This adds CONFIG_IP_NF_H323: H.323/netmeeting support module for netfilter
-connection tracking and NAT. H.323 uses/relies on the following data streams:
+This adds CONFIG_IP_NF_H323: H.323 (voice over IP) support module for
+netfilter connection tracking and NAT. H.323 uses/relies on the
+following data streams:
Port Description
389 Internet Locator Server (TCP)
@@ -16,9 +17,11 @@
search/replace hack from the ip_masq_h323.c module for the 2.2 kernel
series.
-At the very minimum, H.323/netmeeting (video/audio) is functional by letting
+At the very minimum, H.323 (video/audio) is functional by letting
trough the 1720 port and loading these H.323 module(s).
+This has been tested with Microsoft NetMeeting, gnomemeeting, ohphone.
+
The H.323 conntrack/NAT modules do not support
- H.245 tunnelling
diff -rN -u old-h323-0/patchlets/h323-conntrack-nat/linux-2.6.13/net/ipv4/netfilter/Kconfig.ladd new-h323-0/patchlets/h323-conntrack-nat/linux-2.6.13/net/ipv4/netfilter/Kconfig.ladd
--- old-h323-0/patchlets/h323-conntrack-nat/linux-2.6.13/net/ipv4/netfilter/Kconfig.ladd 2005-09-23 09:42:16.000000000 +0200
+++ new-h323-0/patchlets/h323-conntrack-nat/linux-2.6.13/net/ipv4/netfilter/Kconfig.ladd 2005-09-23 09:02:16.000000000 +0200
@@ -5,11 +5,11 @@
default m if IP_NF_H323=m
config IP_NF_H323
- tristate 'H.323 (netmeeting) support'
+ tristate 'H.323 (voice over IP) support'
depends on IP_NF_CONNTRACK
help
H.323 is a standard signalling protocol used by teleconferencing
- softwares like netmeeting. With the ip_conntrack_h323 and
+ software like netmeeting or gnomemeeting. With the ip_conntrack_h323 and
the ip_nat_h323 modules you can support the protocol on a connection
tracking/NATing firewall.
next reply other threads:[~2006-01-10 19:47 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-01-10 19:47 Max Kellermann [this message]
2006-01-12 6:27 ` [PATCH pom, re-post] h323-conntrack-nat: port to Linux 2.6.13+ Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060110194754.GA29354@roonstrasse.net \
--to=max@duempel.org \
--cc=GregScott@InfraSupportEtc.com \
--cc=ichimg@mail.dntis.ro \
--cc=jcoco@meccorp.mec.edu \
--cc=kadlec@blackhole.kfki.hu \
--cc=netfilter-devel@lists.netfilter.org \
--cc=totya@ajkanet.hu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.