* [PATCH] H.245 ALG dropping packets @ 2017-05-22 2:07 Blair Steven 2017-05-22 2:07 ` [PATCH] Accept packets that the H.245 ALG can't process Blair Steven 0 siblings, 1 reply; 3+ messages in thread From: Blair Steven @ 2017-05-22 2:07 UTC (permalink / raw) To: netdev; +Cc: Blair Steven We have a setup where two VoIP phones are communicating through a router on a trusted LAN where the H.245 ALG is dropping some of the traffic, so far as I can tell without good cause. These two devices are configured differently, one with Fast Connect and one without - this might be the reason, but from my (limited) understanding of ALGs this isn't a good enough reason. Does it ever make sense to drop packets in an ALG? Blair Steven (1): Accept packets that the H.245 ALG can't process net/netfilter/nf_conntrack_h323_main.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) -- 2.9.3 ^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH] Accept packets that the H.245 ALG can't process 2017-05-22 2:07 [PATCH] H.245 ALG dropping packets Blair Steven @ 2017-05-22 2:07 ` Blair Steven 2017-05-22 9:25 ` Sergei Shtylyov 0 siblings, 1 reply; 3+ messages in thread From: Blair Steven @ 2017-05-22 2:07 UTC (permalink / raw) To: netdev; +Cc: Blair Steven When two VoIP end points are configured differently (fast connect / not fast connect) the ALG was failing to find a matching expectation and dropping packets in one direction. Dropping packets not the job of an ALG, and as such the behaviour has been changed to allow the packet to be send to the forwarding engine. Signed-off-by: Blair Steven <blair.steven@alliedtelesis.co.nz> --- net/netfilter/nf_conntrack_h323_main.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/netfilter/nf_conntrack_h323_main.c b/net/netfilter/nf_conntrack_h323_main.c index 3bcdc71..6161375 100644 --- a/net/netfilter/nf_conntrack_h323_main.c +++ b/net/netfilter/nf_conntrack_h323_main.c @@ -625,7 +625,7 @@ static int h245_help(struct sk_buff *skb, unsigned int protoff, drop: spin_unlock_bh(&nf_h323_lock); nf_ct_helper_log(skb, ct, "cannot process H.245 message"); - return NF_DROP; + return NF_ACCEPT; } /****************************************************************************/ @@ -1200,7 +1200,7 @@ static int q931_help(struct sk_buff *skb, unsigned int protoff, drop: spin_unlock_bh(&nf_h323_lock); nf_ct_helper_log(skb, ct, "cannot process Q.931 message"); - return NF_DROP; + return NF_ACCEPT; } /****************************************************************************/ @@ -1785,7 +1785,7 @@ static int ras_help(struct sk_buff *skb, unsigned int protoff, drop: spin_unlock_bh(&nf_h323_lock); nf_ct_helper_log(skb, ct, "cannot process RAS message"); - return NF_DROP; + return NF_ACCEPT; } /****************************************************************************/ -- 2.9.3 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] Accept packets that the H.245 ALG can't process 2017-05-22 2:07 ` [PATCH] Accept packets that the H.245 ALG can't process Blair Steven @ 2017-05-22 9:25 ` Sergei Shtylyov 0 siblings, 0 replies; 3+ messages in thread From: Sergei Shtylyov @ 2017-05-22 9:25 UTC (permalink / raw) To: Blair Steven, netdev Hello! On 5/22/2017 5:07 AM, Blair Steven wrote: > When two VoIP end points are configured differently (fast connect / > not fast connect) the ALG was failing to find a matching expectation > and dropping packets in one direction. > > Dropping packets not the job of an ALG, and as such the behaviour s/not/is not/. Perhaps could be fixed while applying... > has been changed to allow the packet to be send to the forwarding > engine. > > Signed-off-by: Blair Steven <blair.steven@alliedtelesis.co.nz> [...] MBR, Sergei ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-05-22 9:25 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2017-05-22 2:07 [PATCH] H.245 ALG dropping packets Blair Steven 2017-05-22 2:07 ` [PATCH] Accept packets that the H.245 ALG can't process Blair Steven 2017-05-22 9:25 ` Sergei Shtylyov
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox