From: Jagdish Motwani <jagdish.motwani@elitecore.com>
To: 'Patrick McHardy' <kaber@trash.net>
Cc: netfilter-devel@vger.kernel.org
Subject: [PATCH] netfilter conntrack helper: nf_ct_h323: fix bug in rtcp natting
Date: Tue, 22 May 2012 11:30:27 +0530 [thread overview]
Message-ID: <4FBB2B7B.6060907@elitecore.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1471 bytes --]
The nat_rtp_rtcp hook takes two separate parameters port and rtp_port.
port is expected to be the real h245 address(found inside the packet).
rtp_port is the even number closest to port (RTP ports are even and
RTCP ports are odd)
However currently, both port and rtp_port are having same value(both are
rounded to nearest even numbers).
This works well in case of openlogicalchannel with media (RTP/even) port.
But in case of openlogicalchannel for media control (RTCP/odd) port,
h245 address in the packet is wrongly modified to have an even port.
I am attaching a pcap demonstrating the problem, for any further analysis.
This behavior was introduced around v2.6.19 while rewriting the helper.
Signed-off-by: Jagdish Motwani <jagdish.motwani@elitecore.com>
Signed-off-by: Sanket Shah <sanket.shah@elitecore.com>
--
diff --git a/net/netfilter/nf_conntrack_h323_main.c
b/net/netfilter/nf_conntrack_h323_main.c
index 46d69d7..7f0de36 100644
--- a/net/netfilter/nf_conntrack_h323_main.c
+++ b/net/netfilter/nf_conntrack_h323_main.c
@@ -270,9 +270,8 @@ static int expect_rtp_rtcp(struct sk_buff *skb,
struct nf_conn *ct,
return 0;
/* RTP port is even */
- port &= htons(~1);
- rtp_port = port;
- rtcp_port = htons(ntohs(port) + 1);
+ rtp_port = port & htons(~1);
+ rtcp_port = htons(ntohs(rtp_port) + 1);
/* Create expect for RTP */
if ((rtp_exp = nf_ct_expect_alloc(ct)) == NULL)
[-- Attachment #2: rtcp_nat_bug.pcap --]
[-- Type: application/x-pcap, Size: 632 bytes --]
next reply other threads:[~2012-05-22 6:02 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-22 6:00 Jagdish Motwani [this message]
2012-05-22 6:28 ` [PATCH] netfilter conntrack helper: nf_ct_h323: fix bug in rtcp natting Eric Dumazet
2012-05-22 8:44 ` Jagdish Motwani
2012-06-05 23:44 ` Pablo Neira Ayuso
2012-06-06 5:18 ` Jagdish Motwani
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FBB2B7B.6060907@elitecore.com \
--to=jagdish.motwani@elitecore.com \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.