H323 connection tracking in Linux 2.6.20.1

All of lore.kernel.org
 help / color / mirror / Atom feed

* H323 connection tracking in Linux 2.6.20.1
@ 2007-02-25 20:56 Chris Rankin
  2007-02-26 16:54 ` Patrick McHardy
  0 siblings, 1 reply; 4+ messages in thread
From: Chris Rankin @ 2007-02-25 20:56 UTC (permalink / raw)
  To: coreteam; +Cc: netfilter-devel

Hi,

I am trying the H323 connection tracking in Linux 2.6.20.1, but am getting the following errors:

Feb 25 20:42:59 wellhouse kernel: nf_ct_h245: packet dropped
Feb 25 20:43:04 wellhouse last message repeated 10 times
Feb 25 20:43:17 wellhouse kernel: printk: 1 messages suppressed.
Feb 25 20:43:17 wellhouse kernel: nf_ct_h245: packet dropped
Feb 25 20:43:23 wellhouse last message repeated 2 times
Feb 25 20:43:24 wellhouse kernel: printk: 5 messages suppressed.
Feb 25 20:43:24 wellhouse kernel: nf_ct_h245: packet dropped
Feb 25 20:43:44 wellhouse kernel: printk: 9 messages suppressed.
Feb 25 20:43:44 wellhouse kernel: nf_ct_q931: decoding error: out of bound
Feb 25 20:43:44 wellhouse kernel: nf_ct_q931: decoding error: out of bound

I suspect that this is related to my GNU Gatekeeper 2.0.8, which I have running on my firewall
machine. At the moment, the only way that I have managed to make a H323 connection has been to
disable H245 in Ekiga. However, I don't need the firewall rule to allow the UDP traffic explicitly
any more.

Cheers,
Chris

P.S. Removing the nf_conntrack_h323 module quickly kills my machine.

___________________________________________________________ 
Yahoo! Messenger - with free PC-PC calling and photo sharing. http://uk.messenger.yahoo.com

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: H323 connection tracking in Linux 2.6.20.1
  2007-02-25 20:56 H323 connection tracking in Linux 2.6.20.1 Chris Rankin
@ 2007-02-26 16:54 ` Patrick McHardy
  2007-02-26 17:00   ` Jing Min Zhao
  2007-02-26 21:02   ` Chris Rankin
  0 siblings, 2 replies; 4+ messages in thread
From: Patrick McHardy @ 2007-02-26 16:54 UTC (permalink / raw)
  To: Chris Rankin; +Cc: netfilter-devel

Chris Rankin wrote:
> I am trying the H323 connection tracking in Linux 2.6.20.1, but am getting the following errors:
> 
> Feb 25 20:42:59 wellhouse kernel: nf_ct_h245: packet dropped
> Feb 25 20:43:04 wellhouse last message repeated 10 times
> Feb 25 20:43:17 wellhouse kernel: printk: 1 messages suppressed.
> Feb 25 20:43:17 wellhouse kernel: nf_ct_h245: packet dropped
> Feb 25 20:43:23 wellhouse last message repeated 2 times
> Feb 25 20:43:24 wellhouse kernel: printk: 5 messages suppressed.
> Feb 25 20:43:24 wellhouse kernel: nf_ct_h245: packet dropped
> Feb 25 20:43:44 wellhouse kernel: printk: 9 messages suppressed.
> Feb 25 20:43:44 wellhouse kernel: nf_ct_q931: decoding error: out of bound
> Feb 25 20:43:44 wellhouse kernel: nf_ct_q931: decoding error: out of bound

Please enable debugging in net/netfilter/nf_conntrack_h323_main.c
(change "#if 0" at about line 40 to "#if 1") and
net/netfilter/nf_conntrack_h323_asn1.c (change #define H323_TRACE
0 => 1) and post the output.

> I suspect that this is related to my GNU Gatekeeper 2.0.8, which I have running on my firewall
> machine. At the moment, the only way that I have managed to make a H323 connection has been to
> disable H245 in Ekiga. However, I don't need the firewall rule to allow the UDP traffic explicitly
> any more.
> 
> Cheers,
> Chris
> 
> P.S. Removing the nf_conntrack_h323 module quickly kills my machine.

Please try to capure the oops and post it.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: H323 connection tracking in Linux 2.6.20.1
  2007-02-26 16:54 ` Patrick McHardy
@ 2007-02-26 17:00   ` Jing Min Zhao
  2007-02-26 21:02   ` Chris Rankin
  1 sibling, 0 replies; 4+ messages in thread
From: Jing Min Zhao @ 2007-02-26 17:00 UTC (permalink / raw)
  To: Patrick McHardy, Chris Rankin; +Cc: netfilter-devel

The H.323 module has limitation: it can't decode segmented signals. I guess your Setup signals are too big. You can try to disable fastStart and earlyH245. Anyway, it'll be better to post the capture.

rgds,

Jing Min Zhao

----- Original Message ----- 
From: "Patrick McHardy" <kaber@trash.net>
To: "Chris Rankin" <rankincj@yahoo.com>
Cc: <netfilter-devel@lists.netfilter.org>
Sent: Monday, February 26, 2007 11:54 AM
Subject: Re: H323 connection tracking in Linux 2.6.20.1


> Chris Rankin wrote:
>> I am trying the H323 connection tracking in Linux 2.6.20.1, but am getting the following errors:
>> 
>> Feb 25 20:42:59 wellhouse kernel: nf_ct_h245: packet dropped
>> Feb 25 20:43:04 wellhouse last message repeated 10 times
>> Feb 25 20:43:17 wellhouse kernel: printk: 1 messages suppressed.
>> Feb 25 20:43:17 wellhouse kernel: nf_ct_h245: packet dropped
>> Feb 25 20:43:23 wellhouse last message repeated 2 times
>> Feb 25 20:43:24 wellhouse kernel: printk: 5 messages suppressed.
>> Feb 25 20:43:24 wellhouse kernel: nf_ct_h245: packet dropped
>> Feb 25 20:43:44 wellhouse kernel: printk: 9 messages suppressed.
>> Feb 25 20:43:44 wellhouse kernel: nf_ct_q931: decoding error: out of bound
>> Feb 25 20:43:44 wellhouse kernel: nf_ct_q931: decoding error: out of bound
> 
> Please enable debugging in net/netfilter/nf_conntrack_h323_main.c
> (change "#if 0" at about line 40 to "#if 1") and
> net/netfilter/nf_conntrack_h323_asn1.c (change #define H323_TRACE
> 0 => 1) and post the output.
> 
>> I suspect that this is related to my GNU Gatekeeper 2.0.8, which I have running on my firewall
>> machine. At the moment, the only way that I have managed to make a H323 connection has been to
>> disable H245 in Ekiga. However, I don't need the firewall rule to allow the UDP traffic explicitly
>> any more.
>> 
>> Cheers,
>> Chris
>> 
>> P.S. Removing the nf_conntrack_h323 module quickly kills my machine.
> 
> Please try to capure the oops and post it.
> 
>

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: H323 connection tracking in Linux 2.6.20.1
  2007-02-26 16:54 ` Patrick McHardy
  2007-02-26 17:00   ` Jing Min Zhao
@ 2007-02-26 21:02   ` Chris Rankin
  1 sibling, 0 replies; 4+ messages in thread
From: Chris Rankin @ 2007-02-26 21:02 UTC (permalink / raw)
  To: Patrick McHardy; +Cc: netfilter-devel

--- Patrick McHardy <kaber@trash.net> wrote:
> > P.S. Removing the nf_conntrack_h323 module quickly kills my machine.
> 
> Please try to capure the oops and post it.

Actually there was nothing as clean as an "oops". Instead, the network interface went dead and the
console filled up with "too many keypresses" messages. At that point, I rebooted the machine.

Cheers,
Chris

___________________________________________________________ 
What kind of emailer are you? Find out today - get a free analysis of your email personality. Take the quiz at the Yahoo! Mail Championship. 
http://uk.rd.yahoo.com/evt=44106/*http://mail.yahoo.net/uk 

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2007-02-26 21:02 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-02-25 20:56 H323 connection tracking in Linux 2.6.20.1 Chris Rankin
2007-02-26 16:54 ` Patrick McHardy
2007-02-26 17:00   ` Jing Min Zhao
2007-02-26 21:02   ` Chris Rankin

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.