* [PATCH] netfilter conntrack helper: nf_ct_h323: fix bug in rtcp natting
@ 2012-05-22 6:00 Jagdish Motwani
2012-05-22 6:28 ` Eric Dumazet
0 siblings, 1 reply; 5+ messages in thread
From: Jagdish Motwani @ 2012-05-22 6:00 UTC (permalink / raw)
To: 'Patrick McHardy'; +Cc: netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 1471 bytes --]
The nat_rtp_rtcp hook takes two separate parameters port and rtp_port.
port is expected to be the real h245 address(found inside the packet).
rtp_port is the even number closest to port (RTP ports are even and
RTCP ports are odd)
However currently, both port and rtp_port are having same value(both are
rounded to nearest even numbers).
This works well in case of openlogicalchannel with media (RTP/even) port.
But in case of openlogicalchannel for media control (RTCP/odd) port,
h245 address in the packet is wrongly modified to have an even port.
I am attaching a pcap demonstrating the problem, for any further analysis.
This behavior was introduced around v2.6.19 while rewriting the helper.
Signed-off-by: Jagdish Motwani <jagdish.motwani@elitecore.com>
Signed-off-by: Sanket Shah <sanket.shah@elitecore.com>
--
diff --git a/net/netfilter/nf_conntrack_h323_main.c
b/net/netfilter/nf_conntrack_h323_main.c
index 46d69d7..7f0de36 100644
--- a/net/netfilter/nf_conntrack_h323_main.c
+++ b/net/netfilter/nf_conntrack_h323_main.c
@@ -270,9 +270,8 @@ static int expect_rtp_rtcp(struct sk_buff *skb,
struct nf_conn *ct,
return 0;
/* RTP port is even */
- port &= htons(~1);
- rtp_port = port;
- rtcp_port = htons(ntohs(port) + 1);
+ rtp_port = port & htons(~1);
+ rtcp_port = htons(ntohs(rtp_port) + 1);
/* Create expect for RTP */
if ((rtp_exp = nf_ct_expect_alloc(ct)) == NULL)
[-- Attachment #2: rtcp_nat_bug.pcap --]
[-- Type: application/x-pcap, Size: 632 bytes --]
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] netfilter conntrack helper: nf_ct_h323: fix bug in rtcp natting
2012-05-22 6:00 [PATCH] netfilter conntrack helper: nf_ct_h323: fix bug in rtcp natting Jagdish Motwani
@ 2012-05-22 6:28 ` Eric Dumazet
2012-05-22 8:44 ` Jagdish Motwani
0 siblings, 1 reply; 5+ messages in thread
From: Eric Dumazet @ 2012-05-22 6:28 UTC (permalink / raw)
To: Jagdish Motwani; +Cc: 'Patrick McHardy', netfilter-devel
On Tue, 2012-05-22 at 11:30 +0530, Jagdish Motwani wrote:
> The nat_rtp_rtcp hook takes two separate parameters port and rtp_port.
>
> port is expected to be the real h245 address(found inside the packet).
> rtp_port is the even number closest to port (RTP ports are even and
> RTCP ports are odd)
>
> However currently, both port and rtp_port are having same value(both are
> rounded to nearest even numbers).
>
> This works well in case of openlogicalchannel with media (RTP/even) port.
>
> But in case of openlogicalchannel for media control (RTCP/odd) port,
> h245 address in the packet is wrongly modified to have an even port.
>
> I am attaching a pcap demonstrating the problem, for any further analysis.
>
> This behavior was introduced around v2.6.19 while rewriting the helper.
>
>
>
> Signed-off-by: Jagdish Motwani <jagdish.motwani@elitecore.com>
> Signed-off-by: Sanket Shah <sanket.shah@elitecore.com>
>
> --
> diff --git a/net/netfilter/nf_conntrack_h323_main.c
> b/net/netfilter/nf_conntrack_h323_main.c
> index 46d69d7..7f0de36 100644
> --- a/net/netfilter/nf_conntrack_h323_main.c
> +++ b/net/netfilter/nf_conntrack_h323_main.c
> @@ -270,9 +270,8 @@ static int expect_rtp_rtcp(struct sk_buff *skb,
> struct nf_conn *ct,
> return 0;
>
> /* RTP port is even */
> - port &= htons(~1);
> - rtp_port = port;
> - rtcp_port = htons(ntohs(port) + 1);
> + rtp_port = port & htons(~1);
> + rtcp_port = htons(ntohs(rtp_port) + 1);
seems better to use :
rtp_port = port & ~htons(1);
rtcp_port = port | htons(1);
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] netfilter conntrack helper: nf_ct_h323: fix bug in rtcp natting
2012-05-22 6:28 ` Eric Dumazet
@ 2012-05-22 8:44 ` Jagdish Motwani
2012-06-05 23:44 ` Pablo Neira Ayuso
0 siblings, 1 reply; 5+ messages in thread
From: Jagdish Motwani @ 2012-05-22 8:44 UTC (permalink / raw)
To: Eric Dumazet; +Cc: 'Patrick McHardy', netfilter-devel
On 05/22/2012 11:58 AM, Eric Dumazet wrote:
> On Tue, 2012-05-22 at 11:30 +0530, Jagdish Motwani wrote:
>> The nat_rtp_rtcp hook takes two separate parameters port and rtp_port.
>>
>> port is expected to be the real h245 address(found inside the packet).
>> rtp_port is the even number closest to port (RTP ports are even and
>> RTCP ports are odd)
>>
>> However currently, both port and rtp_port are having same value(both are
>> rounded to nearest even numbers).
>>
>> This works well in case of openlogicalchannel with media (RTP/even) port.
>>
>> But in case of openlogicalchannel for media control (RTCP/odd) port,
>> h245 address in the packet is wrongly modified to have an even port.
>>
>> I am attaching a pcap demonstrating the problem, for any further analysis.
>>
>> This behavior was introduced around v2.6.19 while rewriting the helper.
>>
>>
>>
>> Signed-off-by: Jagdish Motwani<jagdish.motwani@elitecore.com>
>> Signed-off-by: Sanket Shah<sanket.shah@elitecore.com>
>>
>> --
>> diff --git a/net/netfilter/nf_conntrack_h323_main.c
>> b/net/netfilter/nf_conntrack_h323_main.c
>> index 46d69d7..7f0de36 100644
>> --- a/net/netfilter/nf_conntrack_h323_main.c
>> +++ b/net/netfilter/nf_conntrack_h323_main.c
>> @@ -270,9 +270,8 @@ static int expect_rtp_rtcp(struct sk_buff *skb,
>> struct nf_conn *ct,
>> return 0;
>>
>> /* RTP port is even */
>> - port&= htons(~1);
>> - rtp_port = port;
>> - rtcp_port = htons(ntohs(port) + 1);
>> + rtp_port = port& htons(~1);
>> + rtcp_port = htons(ntohs(rtp_port) + 1);
> seems better to use :
>
> rtp_port = port& ~htons(1);
> rtcp_port = port | htons(1);
>
>
>
Thanks. Updating the patch
--
diff --git a/net/netfilter/nf_conntrack_h323_main.c
b/net/netfilter/nf_conntrack_h323_main.c
index 46d69d7..31f50bc 100644
--- a/net/netfilter/nf_conntrack_h323_main.c
+++ b/net/netfilter/nf_conntrack_h323_main.c
@@ -270,9 +270,8 @@ static int expect_rtp_rtcp(struct sk_buff *skb,
struct nf_conn *ct,
return 0;
/* RTP port is even */
- port &= htons(~1);
- rtp_port = port;
- rtcp_port = htons(ntohs(port) + 1);
+ rtp_port = port & ~htons(1);
+ rtcp_port = port | htons(1);
/* Create expect for RTP */
if ((rtp_exp = nf_ct_expect_alloc(ct)) == NULL)
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] netfilter conntrack helper: nf_ct_h323: fix bug in rtcp natting
2012-05-22 8:44 ` Jagdish Motwani
@ 2012-06-05 23:44 ` Pablo Neira Ayuso
2012-06-06 5:18 ` Jagdish Motwani
0 siblings, 1 reply; 5+ messages in thread
From: Pablo Neira Ayuso @ 2012-06-05 23:44 UTC (permalink / raw)
To: Jagdish Motwani; +Cc: Eric Dumazet, 'Patrick McHardy', netfilter-devel
On Tue, May 22, 2012 at 02:14:09PM +0530, Jagdish Motwani wrote:
[...]
> Thanks. Updating the patch
Applied, thanks.
Please, next time don't forget to include the patch description (even
if you already in the previous version of your patch).
I cannot apply this with `git am' and that's annoying.
> --
>
> diff --git a/net/netfilter/nf_conntrack_h323_main.c
> b/net/netfilter/nf_conntrack_h323_main.c
> index 46d69d7..31f50bc 100644
> --- a/net/netfilter/nf_conntrack_h323_main.c
> +++ b/net/netfilter/nf_conntrack_h323_main.c
> @@ -270,9 +270,8 @@ static int expect_rtp_rtcp(struct sk_buff *skb,
> struct nf_conn *ct,
> return 0;
>
> /* RTP port is even */
> - port &= htons(~1);
> - rtp_port = port;
> - rtcp_port = htons(ntohs(port) + 1);
> + rtp_port = port & ~htons(1);
> + rtcp_port = port | htons(1);
>
> /* Create expect for RTP */
> if ((rtp_exp = nf_ct_expect_alloc(ct)) == NULL)
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] netfilter conntrack helper: nf_ct_h323: fix bug in rtcp natting
2012-06-05 23:44 ` Pablo Neira Ayuso
@ 2012-06-06 5:18 ` Jagdish Motwani
0 siblings, 0 replies; 5+ messages in thread
From: Jagdish Motwani @ 2012-06-06 5:18 UTC (permalink / raw)
To: Pablo Neira Ayuso
Cc: Eric Dumazet, 'Patrick McHardy', netfilter-devel
On 06/06/2012 05:14 AM, Pablo Neira Ayuso wrote:
> On Tue, May 22, 2012 at 02:14:09PM +0530, Jagdish Motwani wrote:
> [...]
>> Thanks. Updating the patch
> Applied, thanks.
>
> Please, next time don't forget to include the patch description (even
> if you already in the previous version of your patch).
>
> I cannot apply this with `git am' and that's annoying.
Thanks, will keep this in mind next time.
>> --
>>
>> diff --git a/net/netfilter/nf_conntrack_h323_main.c
>> b/net/netfilter/nf_conntrack_h323_main.c
>> index 46d69d7..31f50bc 100644
>> --- a/net/netfilter/nf_conntrack_h323_main.c
>> +++ b/net/netfilter/nf_conntrack_h323_main.c
>> @@ -270,9 +270,8 @@ static int expect_rtp_rtcp(struct sk_buff *skb,
>> struct nf_conn *ct,
>> return 0;
>>
>> /* RTP port is even */
>> - port&= htons(~1);
>> - rtp_port = port;
>> - rtcp_port = htons(ntohs(port) + 1);
>> + rtp_port = port& ~htons(1);
>> + rtcp_port = port | htons(1);
>>
>> /* Create expect for RTP */
>> if ((rtp_exp = nf_ct_expect_alloc(ct)) == NULL)
>>
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2012-06-06 5:13 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-05-22 6:00 [PATCH] netfilter conntrack helper: nf_ct_h323: fix bug in rtcp natting Jagdish Motwani
2012-05-22 6:28 ` Eric Dumazet
2012-05-22 8:44 ` Jagdish Motwani
2012-06-05 23:44 ` Pablo Neira Ayuso
2012-06-06 5:18 ` Jagdish Motwani
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).