From: Victor Julien <victor@nk.nl>
To: Netfilter Developers List <netfilter-devel@lists.netfilter.org>
Subject: Re: Patch for H323 connection tracking for kernel 2.6.14 and Panic with SIP tracking
Date: Fri, 06 Jan 2006 10:34:42 +0100 [thread overview]
Message-ID: <43BE39B2.5020605@nk.nl> (raw)
In-Reply-To: <43BD7AF4.2040506@nk.nl>
Victor Julien wrote:
> Patrick McHardy wrote:
>
>> Moises Silva wrote:
>>
>>> still getting kernel panic, copy the whole thing is a time consuming
>>> task, for now doing nothing, but i have downgraded the kernel to
>>> 2.6.13 and at least it does not kernel panics. Some one has a patch
>>> for sip connection tracking for kernel-2.6.14??
>>
>>
>>
>> Most likely you need to change
>>
>> ip_ct_refresh_acct(ct, ctinfo, NULL, sip_timeout * HZ);
>>
>> to
>>
>> ip_ct_refresh(ct, *pskb, sip_timeout * HZ);
>>
>> in net/ipv4/netfilter/ip_conntrack_sip.c. If that doesn't help
>> please post the entire oops.
>>
>
> This fix works for me!
>
> Regards,
> Victor
>
>
Hmmm, while it still hasn't crashed on me, i can't get it to operate
either. I am using 2.6.15 + pom 20060101 + the above fix. I am trying to
get the following setup working:
softphone (lan) --- sip proxy on gateway --- sip server (@isp)
I have rules to allow port 5060/udp. I expected that by loading
ip_conntrack_sip this rule, together with accepting
all RELATED traffic, sip conversations would work.
If i call a number, i see the following entry appear in
/proc/net/ip_conntrack_expect:
176 proto=17 src=217.66.118.164 dst=80.126.xx.xx sport=0 dport=7071
176 proto=17 src=192.168.1.1 dst=192.168.1.2 sport=0 dport=8000
(lan client 192.168.1.2, firewall has 192.168.1.1 and 80.126.xx.xx, sip
server is 217.66.118.164).
But the connection does not work. I have added the following rule to all
chains in all tables (mangle, nat, filter):
iptables -t <table> -I <chain> 1 -m helper --helper sip
to see if the sip match ever gets reached, but all counters remain on 0
all the time.
If i do the same for ftp, i can see the counters increase.
Does anyone have an idea what is going wrong?
Regards,
Victor
next prev parent reply other threads:[~2006-01-06 9:34 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-12-31 22:47 Patch for H323 connection tracking for kernel 2.6.14 and Panic with SIP tracking Moises Silva
2006-01-02 18:28 ` Moises Silva
2006-01-03 11:30 ` Patrick McHardy
[not found] ` <c4d05cbe0601031235i45561171tc0ba691cf5fa417e@mail.gmail.com>
2006-01-03 20:37 ` Moises Silva
2006-01-05 20:00 ` Victor Julien
[not found] ` <c4d05cbe0601051220v54ab169cled8109df66cd12db@mail.gmail.com>
[not found] ` <43BD80C6.10603@nk.nl>
2006-01-05 21:32 ` Moises Silva
2006-01-06 9:34 ` Victor Julien [this message]
2006-01-06 11:57 ` Patrick McHardy
2006-01-06 12:18 ` Victor Julien
2006-01-07 1:50 ` Patrick McHardy
2006-01-07 9:34 ` Victor Julien
2006-01-07 16:33 ` sip connection tracking & expectations Victor Julien
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43BE39B2.5020605@nk.nl \
--to=victor@nk.nl \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.