From 084a77a72bfc1c5c655f51618bfe885a216ce88b Mon Sep 17 00:00:00 2001
From: Ulrich Weber <ulrich.weber@riverbed.com>
Date: Wed, 12 Oct 2016 09:27:23 +0200
Subject: [PATCH] nf_conntrack_sip: relax SIP validation for TCP

Due TCP fragmentation we cant assume full SIP messages all the time.
Therefore Accept all packets, even unparsable.

Signed-off-by: Ulrich Weber <ulrich.weber@gmail.com>
---
 net/netfilter/nf_conntrack_sip.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c
index 621b81c..7700556 100644
--- a/net/netfilter/nf_conntrack_sip.c
+++ b/net/netfilter/nf_conntrack_sip.c
@@ -1562,7 +1562,10 @@ static int sip_help_tcp(struct sk_buff *skb, unsigned int protoff,
 			hooks->seq_adjust(skb, protoff, tdiff);
 	}
 
-	return ret;
+	/* Due TCP fragmentation we cant assume full SIP messages all the time.
+	 * Therefore Accept all packets, even unparsable.
+	 */
+	return NF_ACCEPT;
 }
 
 static int sip_help_udp(struct sk_buff *skb, unsigned int protoff,
-- 
2.7.4