* Want to test a patch: H323-masquerading in Linux 2.4 (SuSE 8.0) @ 2002-08-26 15:57 Reinhard Moosauer 2002-08-26 16:17 ` Thunder from the hill 2002-08-30 9:59 ` Reinhard Moosauer 0 siblings, 2 replies; 4+ messages in thread From: Reinhard Moosauer @ 2002-08-26 15:57 UTC (permalink / raw) To: linux-kernel Hallo, Unter http://m1b.de/content/know/linux/nat_h323_suse80.html habe ich einen Patch, den ich auf der Seite von David Hildenhagen (http://www.hildenhagen.de/netmeeting.htm) gefunden habe auf den Kernel 2.4.18 von SuSE80 portiert. (Ich habe dazu einfach alle Rejects des Original-Patches manuell aufgelöst.) Es funktioniert für mich. Vielleicht hat jemand Interesse daran, die Sache bei sich zu testen. Ich bin für Hinweise sehr dankbar. Schöne Grüße, Reinhard ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Want to test a patch: H323-masquerading in Linux 2.4 (SuSE 8.0) 2002-08-26 15:57 Want to test a patch: H323-masquerading in Linux 2.4 (SuSE 8.0) Reinhard Moosauer @ 2002-08-26 16:17 ` Thunder from the hill 2002-08-26 19:55 ` Russell King 2002-08-30 9:59 ` Reinhard Moosauer 1 sibling, 1 reply; 4+ messages in thread From: Thunder from the hill @ 2002-08-26 16:17 UTC (permalink / raw) To: Reinhard Moosauer; +Cc: linux-kernel Hi, tr << MESSAGE On Mon, 26 Aug 2002, Reinhard Moosauer wrote: > Hallo, > > Unter > > http://m1b.de/content/know/linux/nat_h323_suse80.html > > habe ich einen Patch, den ich auf der Seite von > David Hildenhagen (http://www.hildenhagen.de/netmeeting.htm) gefunden habe auf > den Kernel 2.4.18 von SuSE80 portiert. > (Ich habe dazu einfach alle Rejects des Original-Patches manuell aufgelöst.) > > Es funktioniert für mich. Vielleicht hat jemand Interesse daran, die Sache bei > sich zu testen. Ich bin für Hinweise sehr dankbar. > Schöne Grüße, > > Reinhard Hello, I've put a patch by David Hildeshagen (url...) at <URL:http://m1b.de/content/know/linux/nat_h323_suse80.html> which was ported to Linux Kernel 2.4.18, as from SuSE 8.0. (I've manually resolved all the rejects.) Works for me. Maybe somebody is interested in testing the whole thing. I'm looking forward to comments. Kind regards, Reinhard. That's the translation, for the interested... Thunder -- --./../...-/. -.--/---/..-/.-./..././.-../..-. .---/..-/.../- .- --/../-./..-/-/./--..-- ../.----./.-../.-.. --./../...-/. -.--/---/..- .- -/---/--/---/.-./.-./---/.--/.-.-.- --./.-/-.../.-./.././.-../.-.-.- ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Want to test a patch: H323-masquerading in Linux 2.4 (SuSE 8.0) 2002-08-26 16:17 ` Thunder from the hill @ 2002-08-26 19:55 ` Russell King 0 siblings, 0 replies; 4+ messages in thread From: Russell King @ 2002-08-26 19:55 UTC (permalink / raw) To: Thunder from the hill; +Cc: Reinhard Moosauer, linux-kernel On Mon, Aug 26, 2002 at 10:17:20AM -0600, Thunder from the hill wrote: > I've put a patch by David Hildeshagen (url...) at > <URL:http://m1b.de/content/know/linux/nat_h323_suse80.html> which was > ported to Linux Kernel 2.4.18, as from SuSE 8.0. (I've manually resolved > all the rejects.) > > Works for me. Maybe somebody is interested in testing the whole thing. I'm > looking forward to comments. > > Kind regards, Reinhard. > > That's the translation, for the interested... thanks for the translation. 8) I'd like to point out that there are some problems with the H.323 NAT modules: + for (i = 0; data < (data_limit - 5); data++, i++) { + data_ip = *((u_int32_t *)data); + if (data_ip == iph->saddr) { + data_port = *((u_int16_t *)(data + 4)); These modules scan byte by byte the packets for source IPs in order to perform NAT, and will modify the contained data based on what they find. Consider the chances of your IP address coming up in some essentially random data. For example, if I had the ip address (iirc) 3.0.0.163 then the effect if the nat modules would be to rewrite the RFC1006 header which is part of these packets, thereby destroying the packet completely. (iirc the 4 byte RFC1006 header on packets leaving me contained the values 0x03 0x00 0x00 0xa3; since they'll always start with 0x03 0x00 <16-bit len>, anyone using a 3.0.x.x IP address with these modules are likely to rewrite the RFC1006 header.) My main point here is that given the right IP address and this method of "NAT"ing the contained data, any data contained within the packet will be altered in some manner causing unexpected failures. Unfortunately H.323 is a rather opaque protocol which appears to require lots of knowledge about the data contained within the packet to decode it properly. (Oh, and guess who renumbered their network to eliminate the NAT rather than run the H.323 netfilter modules. Umm, and the IETF appear to have lost RFC1006 from their web site; either that or Mozilla is getting stressed again. However, RFC1006 has been updated by RFC2126 and the TPKT header can be found within that document.) -- Russell King (rmk@arm.linux.org.uk) The developer of ARM Linux http://www.arm.linux.org.uk/personal/aboutme.html ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Want to test a patch: H323-masquerading in Linux 2.4 (SuSE 8.0) 2002-08-26 15:57 Want to test a patch: H323-masquerading in Linux 2.4 (SuSE 8.0) Reinhard Moosauer 2002-08-26 16:17 ` Thunder from the hill @ 2002-08-30 9:59 ` Reinhard Moosauer 1 sibling, 0 replies; 4+ messages in thread From: Reinhard Moosauer @ 2002-08-30 9:59 UTC (permalink / raw) To: linux-kernel Hello, the description on this page is now also available in english: http://www.m1b.de/content/know/linux/nat_h323_suse80.html I also added some comments for common problems. regards, Reinhard ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2002-08-30 9:54 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2002-08-26 15:57 Want to test a patch: H323-masquerading in Linux 2.4 (SuSE 8.0) Reinhard Moosauer 2002-08-26 16:17 ` Thunder from the hill 2002-08-26 19:55 ` Russell King 2002-08-30 9:59 ` Reinhard Moosauer
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox