* [PATCH] Conntrack SIP Problem
@ 2007-06-16 13:33 Jerome Borsboom
2007-06-18 12:34 ` Patrick McHardy
0 siblings, 1 reply; 4+ messages in thread
From: Jerome Borsboom @ 2007-06-16 13:33 UTC (permalink / raw)
To: netfilter-devel
This is a CC of a patch from my discussion on linux-net mailinglist which
may be also appropriate here.
Below is a patch that I had to include on top of Herbert Xu's recent
nat-sip patch to get my SIP setup working:
[NETFILTER]: sip: Fix RTP address NAT
My setup is a Fritzbox SIP-client behind a NAT-firewall that talks to a
server on the internet. The first chunk of the patch was not necessary to
get the setup working, but I think it is more correct to include it. The
idea behind it is that DNAT of the the RTP session is only necessary if
the SIP session has been SNATed. The second chunk adds some SIP messages
that must be processed as they contain SDP information in my case.
Regards,
Jerome
--- linux-2.6.21/net/ipv4/netfilter/nf_nat_sip.c 2007-06-16 12:14:42.000000000 +0200
+++ linux-2.6.21.new/net/ipv4/netfilter/nf_nat_sip.c 2007-06-16 12:04:07.000000000 +0200
@@ -259,7 +259,11 @@
DEBUGP("ip_nat_sdp():\n");
/* Connection will come from reply */
- newip = ct->tuplehash[!dir].tuple.dst.u3.ip;
+ if (ct->tuplehash[dir].tuple.src.u3.ip ==
+ ct->tuplehash[!dir].tuple.dst.u3.ip)
+ newip = exp->tuple.dst.u3.ip;
+ else
+ newip = ct->tuplehash[!dir].tuple.dst.u3.ip;
exp->saved_ip = exp->tuple.dst.u3.ip;
exp->tuple.dst.u3.ip = newip;
--- linux-2.6.21/net/netfilter/nf_conntrack_sip.c 2007-04-26 05:08:32.000000000 +0200
+++ linux-2.6.21.new/net/netfilter/nf_conntrack_sip.c 2007-06-16 11:16:02.000000000 +0200
@@ -442,6 +442,9 @@
/* RTP info only in some SDP pkts */
if (memcmp(dptr, "INVITE", sizeof("INVITE") - 1) != 0 &&
+ memcmp(dptr, "UPDATE", sizeof("UPDATE") - 1) != 0 &&
+ memcmp(dptr, "SIP/2.0 180", sizeof("SIP/2.0 180") - 1) != 0 &&
+ memcmp(dptr, "SIP/2.0 183", sizeof("SIP/2.0 183") - 1) != 0 &&
memcmp(dptr, "SIP/2.0 200", sizeof("SIP/2.0 200") - 1) != 0) {
goto out;
}
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [PATCH] Conntrack SIP Problem
2007-06-16 13:33 [PATCH] Conntrack SIP Problem Jerome Borsboom
@ 2007-06-18 12:34 ` Patrick McHardy
2007-06-18 12:47 ` Jerome Borsboom
0 siblings, 1 reply; 4+ messages in thread
From: Patrick McHardy @ 2007-06-18 12:34 UTC (permalink / raw)
To: Jerome Borsboom; +Cc: netfilter-devel, linux-net
Jerome Borsboom wrote:
> This is a CC of a patch from my discussion on linux-net mailinglist
> which may be also appropriate here.
It wasn't CCed so I've added linux-net since you've also posted
the patch there.
> Below is a patch that I had to include on top of Herbert Xu's recent
> nat-sip patch to get my SIP setup working:
>
> [NETFILTER]: sip: Fix RTP address NAT
>
> My setup is a Fritzbox SIP-client behind a NAT-firewall that talks to a
> server on the internet. The first chunk of the patch was not necessary
> to get the setup working, but I think it is more correct to include it.
> The idea behind it is that DNAT of the the RTP session is only necessary
> if the SIP session has been SNATed. The second chunk adds some SIP
> messages that must be processed as they contain SDP information in my case.
Thanks. They both look OK, but for 2.6.22 I'm only going to add
the new message types. I'll queue the first chunk for 2.6.23.
Can you please send me a Signed-off-by: line for your patch?
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] Conntrack SIP Problem
2007-06-18 12:34 ` Patrick McHardy
@ 2007-06-18 12:47 ` Jerome Borsboom
2007-06-18 12:59 ` Patrick McHardy
0 siblings, 1 reply; 4+ messages in thread
From: Jerome Borsboom @ 2007-06-18 12:47 UTC (permalink / raw)
To: Patrick McHardy; +Cc: linux-net, netfilter-devel
Signed-off-by: Jerome Borsboom <j.borsboom@erasmusmc.nl>
--- linux-2.6.21/net/ipv4/netfilter/nf_nat_sip.c 2007-06-16 12:14:42.000000000 +0200
+++ linux-2.6.21.new/net/ipv4/netfilter/nf_nat_sip.c 2007-06-16 12:04:07.000000000 +0200
@@ -259,7 +259,11 @@
DEBUGP("ip_nat_sdp():\n");
/* Connection will come from reply */
- newip = ct->tuplehash[!dir].tuple.dst.u3.ip;
+ if (ct->tuplehash[dir].tuple.src.u3.ip ==
+ ct->tuplehash[!dir].tuple.dst.u3.ip)
+ newip = exp->tuple.dst.u3.ip;
+ else
+ newip = ct->tuplehash[!dir].tuple.dst.u3.ip;
exp->saved_ip = exp->tuple.dst.u3.ip;
exp->tuple.dst.u3.ip = newip;
--- linux-2.6.21/net/netfilter/nf_conntrack_sip.c 2007-04-26 05:08:32.000000000 +0200
+++ linux-2.6.21.new/net/netfilter/nf_conntrack_sip.c 2007-06-16 11:16:02.000000000 +0200
@@ -442,6 +442,9 @@
/* RTP info only in some SDP pkts */
if (memcmp(dptr, "INVITE", sizeof("INVITE") - 1) != 0 &&
+ memcmp(dptr, "UPDATE", sizeof("UPDATE") - 1) != 0 &&
+ memcmp(dptr, "SIP/2.0 180", sizeof("SIP/2.0 180") - 1) != 0 &&
+ memcmp(dptr, "SIP/2.0 183", sizeof("SIP/2.0 183") - 1) != 0 &&
memcmp(dptr, "SIP/2.0 200", sizeof("SIP/2.0 200") - 1) != 0) {
goto out;
}
On Mon, 18 Jun 2007, Patrick McHardy wrote:
> Thanks. They both look OK, but for 2.6.22 I'm only going to add
> the new message types. I'll queue the first chunk for 2.6.23.
> Can you please send me a Signed-off-by: line for your patch?
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-06-18 12:59 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-06-16 13:33 [PATCH] Conntrack SIP Problem Jerome Borsboom
2007-06-18 12:34 ` Patrick McHardy
2007-06-18 12:47 ` Jerome Borsboom
2007-06-18 12:59 ` Patrick McHardy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.