[NETFILTER]: nf_conntrack_sip: create RTCP expectations

Create expectations for the RTCP connections in addition to RTP connections. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Patrick McHardy <kaber@trash.net> 2008-03-25 23:25:49 -0400
committer: David S. Miller <davem@davemloft.net> 2008-03-25 23:25:49 -0400
commit: a9c1d35917c0c95c8f95a8e497fb91e301419693 (patch)
tree: 5727524a97424f03882e4b37c49073ea4270d8a6 /net/ipv4
parent: d901a9369e6e7d07a7eb4ddb315c6fcbaf8b24d3 (diff)
1 files changed, 26 insertions, 16 deletions
diff --git a/net/ipv4/netfilter/nf_nat_sip.c b/net/ipv4/netfilter/nf_nat_sip.c
index 4b85e21a2a4a..f73ab4883b75 100644
--- a/net/ipv4/netfilter/nf_nat_sip.c
+++ b/net/ipv4/netfilter/nf_nat_sip.c
@@ -364,7 +364,8 @@ static unsigned int mangle_sdp(struct sk_buff *skb,
   Mangle it, and change the expectation to match the new version. */
 static unsigned int ip_nat_sdp(struct sk_buff *skb,
                               const char **dptr, unsigned int *datalen,
-                               struct nf_conntrack_expect *exp)
+                               struct nf_conntrack_expect *rtp_exp,
+                               struct nf_conntrack_expect *rtcp_exp)
 {
        enum ip_conntrack_info ctinfo;
        struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
@@ -375,31 +376,40 @@ static unsigned int ip_nat_sdp(struct sk_buff *skb,
        /* Connection will come from reply */
        if (ct->tuplehash[dir].tuple.src.u3.ip ==
            ct->tuplehash[!dir].tuple.dst.u3.ip)
-                newip = exp->tuple.dst.u3.ip;
+                newip = rtp_exp->tuple.dst.u3.ip;
        else
                newip = ct->tuplehash[!dir].tuple.dst.u3.ip;
-        exp->saved_ip = exp->tuple.dst.u3.ip;
+        rtp_exp->saved_ip = rtp_exp->tuple.dst.u3.ip;
-        exp->tuple.dst.u3.ip = newip;
+        rtp_exp->tuple.dst.u3.ip = newip;
-        exp->saved_proto.udp.port = exp->tuple.dst.u.udp.port;
+        rtp_exp->saved_proto.udp.port = rtp_exp->tuple.dst.u.udp.port;
-        exp->dir = !dir;
+        rtp_exp->dir = !dir;
+        rtp_exp->expectfn = ip_nat_sip_expected;
-        /* When you see the packet, we need to NAT it the same as the
-           this one. */
+        rtcp_exp->saved_ip = rtcp_exp->tuple.dst.u3.ip;
-        exp->expectfn = ip_nat_sip_expected;
+        rtcp_exp->tuple.dst.u3.ip = newip;
+        rtcp_exp->saved_proto.udp.port = rtcp_exp->tuple.dst.u.udp.port;
-        /* Try to get same port: if not, try to change it. */
+        rtcp_exp->dir = !dir;
-        for (port = ntohs(exp->saved_proto.udp.port); port != 0; port++) {
+        rtcp_exp->expectfn = ip_nat_sip_expected;
-                exp->tuple.dst.u.udp.port = htons(port);
-                if (nf_ct_expect_related(exp) == 0)
+        /* Try to get same pair of ports: if not, try to change them. */
+        for (port = ntohs(rtp_exp->tuple.dst.u.udp.port);
+             port != 0; port += 2) {
+                rtp_exp->tuple.dst.u.udp.port = htons(port);
+                if (nf_ct_expect_related(rtp_exp) != 0)
+                        continue;
+                rtcp_exp->tuple.dst.u.udp.port = htons(port + 1);
+                if (nf_ct_expect_related(rtcp_exp) == 0)
                        break;
+                nf_ct_unexpect_related(rtp_exp);
        }
        if (port == 0)
                return NF_DROP;
        if (!mangle_sdp(skb, ctinfo, ct, newip, port, dptr, datalen)) {
-                nf_ct_unexpect_related(exp);
+                nf_ct_unexpect_related(rtp_exp);
+                nf_ct_unexpect_related(rtcp_exp);
                return NF_DROP;
        }
        return NF_ACCEPT;
author	Patrick McHardy <kaber@trash.net>	2008-03-25 23:25:49 -0400
committer	David S. Miller <davem@davemloft.net>	2008-03-25 23:25:49 -0400
commit	a9c1d35917c0c95c8f95a8e497fb91e301419693 (patch)
tree	5727524a97424f03882e4b37c49073ea4270d8a6 /net/ipv4
parent	d901a9369e6e7d07a7eb4ddb315c6fcbaf8b24d3 (diff)

diff --git a/net/ipv4/netfilter/nf_nat_sip.c b/net/ipv4/netfilter/nf_nat_sip.c index 4b85e21a2a4a..f73ab4883b75 100644 --- a/net/ipv4/netfilter/nf_nat_sip.c +++ b/net/ipv4/netfilter/nf_nat_sip.c
@@ -364,7 +364,8 @@ static unsigned int mangle_sdp(struct sk_buff *skb,
364	Mangle it, and change the expectation to match the new version. */	364	Mangle it, and change the expectation to match the new version. */
365	static unsigned int ip_nat_sdp(struct sk_buff *skb,	365	static unsigned int ip_nat_sdp(struct sk_buff *skb,
366	const char *dptr, unsigned int datalen,	366	const char *dptr, unsigned int datalen,
367	struct nf_conntrack_expect *exp)	367	struct nf_conntrack_expect *rtp_exp,
		368	struct nf_conntrack_expect *rtcp_exp)
368	{	369	{
369	enum ip_conntrack_info ctinfo;	370	enum ip_conntrack_info ctinfo;
370	struct nf_conn *ct = nf_ct_get(skb, &ctinfo);	371	struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
@@ -375,31 +376,40 @@ static unsigned int ip_nat_sdp(struct sk_buff *skb,
375	/* Connection will come from reply */	376	/* Connection will come from reply */
376	if (ct->tuplehash[dir].tuple.src.u3.ip ==	377	if (ct->tuplehash[dir].tuple.src.u3.ip ==
377	ct->tuplehash[!dir].tuple.dst.u3.ip)	378	ct->tuplehash[!dir].tuple.dst.u3.ip)
378	newip = exp->tuple.dst.u3.ip;	379	newip = rtp_exp->tuple.dst.u3.ip;
379	else	380	else
380	newip = ct->tuplehash[!dir].tuple.dst.u3.ip;	381	newip = ct->tuplehash[!dir].tuple.dst.u3.ip;
381		382
382	exp->saved_ip = exp->tuple.dst.u3.ip;	383	rtp_exp->saved_ip = rtp_exp->tuple.dst.u3.ip;
383	exp->tuple.dst.u3.ip = newip;	384	rtp_exp->tuple.dst.u3.ip = newip;
384	exp->saved_proto.udp.port = exp->tuple.dst.u.udp.port;	385	rtp_exp->saved_proto.udp.port = rtp_exp->tuple.dst.u.udp.port;
385	exp->dir = !dir;	386	rtp_exp->dir = !dir;
386		387	rtp_exp->expectfn = ip_nat_sip_expected;
387	/* When you see the packet, we need to NAT it the same as the	388
388	this one. */	389	rtcp_exp->saved_ip = rtcp_exp->tuple.dst.u3.ip;
389	exp->expectfn = ip_nat_sip_expected;	390	rtcp_exp->tuple.dst.u3.ip = newip;
390		391	rtcp_exp->saved_proto.udp.port = rtcp_exp->tuple.dst.u.udp.port;
391	/* Try to get same port: if not, try to change it. */	392	rtcp_exp->dir = !dir;
392	for (port = ntohs(exp->saved_proto.udp.port); port != 0; port++) {	393	rtcp_exp->expectfn = ip_nat_sip_expected;
393	exp->tuple.dst.u.udp.port = htons(port);	394
394	if (nf_ct_expect_related(exp) == 0)	395	/* Try to get same pair of ports: if not, try to change them. */
		396	for (port = ntohs(rtp_exp->tuple.dst.u.udp.port);
		397	port != 0; port += 2) {
		398	rtp_exp->tuple.dst.u.udp.port = htons(port);
		399	if (nf_ct_expect_related(rtp_exp) != 0)
		400	continue;
		401	rtcp_exp->tuple.dst.u.udp.port = htons(port + 1);
		402	if (nf_ct_expect_related(rtcp_exp) == 0)
395	break;	403	break;
		404	nf_ct_unexpect_related(rtp_exp);
396	}	405	}
397		406
398	if (port == 0)	407	if (port == 0)
399	return NF_DROP;	408	return NF_DROP;
400		409
401	if (!mangle_sdp(skb, ctinfo, ct, newip, port, dptr, datalen)) {	410	if (!mangle_sdp(skb, ctinfo, ct, newip, port, dptr, datalen)) {
402	nf_ct_unexpect_related(exp);	411	nf_ct_unexpect_related(rtp_exp);
		412	nf_ct_unexpect_related(rtcp_exp);
403	return NF_DROP;	413	return NF_DROP;
404	}	414	}
405	return NF_ACCEPT;	415	return NF_ACCEPT;