diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-05-08 22:03:26 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-05-08 22:03:26 -0400 |
| commit | 28a4acb48586dc21d2d14a75a7aab7be78b7c83b (patch) | |
| tree | 1e95503037a68286ba732dbc0a844dbf0f826223 /net/netfilter | |
| parent | 89f92d6425b099538932e9b881588f87ef9f3184 (diff) | |
| parent | e46b66bc42b6b1430b04cc5c207ecb2b2f4553dc (diff) | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (32 commits)
net: Added ASSERT_RTNL() to dev_open() and dev_close().
can: Fix can_send() handling on dev_queue_xmit() failures
netns: Fix arbitrary net_device-s corruptions on net_ns stop.
netfilter: Kconfig: default DCCP/SCTP conntrack support to the protocol config values
netfilter: nf_conntrack_sip: restrict RTP expect flushing on error to last request
macvlan: Fix memleak on device removal/crash on module removal
net/ipv4: correct RFC 1122 section reference in comment
tcp FRTO: SACK variant is errorneously used with NewReno
e1000e: don't return half-read eeprom on error
ucc_geth: Don't use RX clock as TX clock.
cxgb3: Use CAP_SYS_RAWIO for firmware
pcnet32: delete non NAPI code from driver.
fs_enet: Fix a memory leak in fs_enet_mdio_probe
[netdrvr] eexpress: IPv6 fails - multicast problems
3c59x: use netstats in net_device structure
3c980-TX needs EXTRA_PREAMBLE
fix warning in drivers/net/appletalk/cops.c
e1000e: Add support for BM PHYs on ICH9
uli526x: fix endianness issues in the setup frame
uli526x: initialize the hardware prior to requesting interrupts
...
Diffstat (limited to 'net/netfilter')
| -rw-r--r-- | net/netfilter/Kconfig | 4 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_sip.c | 22 |
2 files changed, 17 insertions, 9 deletions
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index c1fc0f1a641c..aa8d80c35e28 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig | |||
| @@ -90,6 +90,7 @@ config NF_CT_PROTO_DCCP | |||
| 90 | tristate 'DCCP protocol connection tracking support (EXPERIMENTAL)' | 90 | tristate 'DCCP protocol connection tracking support (EXPERIMENTAL)' |
| 91 | depends on EXPERIMENTAL && NF_CONNTRACK | 91 | depends on EXPERIMENTAL && NF_CONNTRACK |
| 92 | depends on NETFILTER_ADVANCED | 92 | depends on NETFILTER_ADVANCED |
| 93 | default IP_DCCP | ||
| 93 | help | 94 | help |
| 94 | With this option enabled, the layer 3 independent connection | 95 | With this option enabled, the layer 3 independent connection |
| 95 | tracking code will be able to do state tracking on DCCP connections. | 96 | tracking code will be able to do state tracking on DCCP connections. |
| @@ -104,6 +105,7 @@ config NF_CT_PROTO_SCTP | |||
| 104 | tristate 'SCTP protocol connection tracking support (EXPERIMENTAL)' | 105 | tristate 'SCTP protocol connection tracking support (EXPERIMENTAL)' |
| 105 | depends on EXPERIMENTAL && NF_CONNTRACK | 106 | depends on EXPERIMENTAL && NF_CONNTRACK |
| 106 | depends on NETFILTER_ADVANCED | 107 | depends on NETFILTER_ADVANCED |
| 108 | default IP_SCTP | ||
| 107 | help | 109 | help |
| 108 | With this option enabled, the layer 3 independent connection | 110 | With this option enabled, the layer 3 independent connection |
| 109 | tracking code will be able to do state tracking on SCTP connections. | 111 | tracking code will be able to do state tracking on SCTP connections. |
| @@ -532,6 +534,7 @@ config NETFILTER_XT_MATCH_DCCP | |||
| 532 | tristate '"dccp" protocol match support' | 534 | tristate '"dccp" protocol match support' |
| 533 | depends on NETFILTER_XTABLES | 535 | depends on NETFILTER_XTABLES |
| 534 | depends on NETFILTER_ADVANCED | 536 | depends on NETFILTER_ADVANCED |
| 537 | default IP_DCCP | ||
| 535 | help | 538 | help |
| 536 | With this option enabled, you will be able to use the iptables | 539 | With this option enabled, you will be able to use the iptables |
| 537 | `dccp' match in order to match on DCCP source/destination ports | 540 | `dccp' match in order to match on DCCP source/destination ports |
| @@ -725,6 +728,7 @@ config NETFILTER_XT_MATCH_SCTP | |||
| 725 | tristate '"sctp" protocol match support (EXPERIMENTAL)' | 728 | tristate '"sctp" protocol match support (EXPERIMENTAL)' |
| 726 | depends on NETFILTER_XTABLES && EXPERIMENTAL | 729 | depends on NETFILTER_XTABLES && EXPERIMENTAL |
| 727 | depends on NETFILTER_ADVANCED | 730 | depends on NETFILTER_ADVANCED |
| 731 | default IP_SCTP | ||
| 728 | help | 732 | help |
| 729 | With this option enabled, you will be able to use the | 733 | With this option enabled, you will be able to use the |
| 730 | `sctp' match in order to match on SCTP source/destination ports | 734 | `sctp' match in order to match on SCTP source/destination ports |
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c index 9f4900069561..2f9bbc058b48 100644 --- a/net/netfilter/nf_conntrack_sip.c +++ b/net/netfilter/nf_conntrack_sip.c | |||
| @@ -870,6 +870,7 @@ static int process_sdp(struct sk_buff *skb, | |||
| 870 | { | 870 | { |
| 871 | enum ip_conntrack_info ctinfo; | 871 | enum ip_conntrack_info ctinfo; |
| 872 | struct nf_conn *ct = nf_ct_get(skb, &ctinfo); | 872 | struct nf_conn *ct = nf_ct_get(skb, &ctinfo); |
| 873 | struct nf_conn_help *help = nfct_help(ct); | ||
| 873 | unsigned int matchoff, matchlen; | 874 | unsigned int matchoff, matchlen; |
| 874 | unsigned int mediaoff, medialen; | 875 | unsigned int mediaoff, medialen; |
| 875 | unsigned int sdpoff; | 876 | unsigned int sdpoff; |
| @@ -959,6 +960,9 @@ static int process_sdp(struct sk_buff *skb, | |||
| 959 | if (nf_nat_sdp_session && ct->status & IPS_NAT_MASK) | 960 | if (nf_nat_sdp_session && ct->status & IPS_NAT_MASK) |
| 960 | ret = nf_nat_sdp_session(skb, dptr, sdpoff, datalen, &rtp_addr); | 961 | ret = nf_nat_sdp_session(skb, dptr, sdpoff, datalen, &rtp_addr); |
| 961 | 962 | ||
| 963 | if (ret == NF_ACCEPT && i > 0) | ||
| 964 | help->help.ct_sip_info.invite_cseq = cseq; | ||
| 965 | |||
| 962 | return ret; | 966 | return ret; |
| 963 | } | 967 | } |
| 964 | static int process_invite_response(struct sk_buff *skb, | 968 | static int process_invite_response(struct sk_buff *skb, |
| @@ -967,14 +971,14 @@ static int process_invite_response(struct sk_buff *skb, | |||
| 967 | { | 971 | { |
| 968 | enum ip_conntrack_info ctinfo; | 972 | enum ip_conntrack_info ctinfo; |
| 969 | struct nf_conn *ct = nf_ct_get(skb, &ctinfo); | 973 | struct nf_conn *ct = nf_ct_get(skb, &ctinfo); |
| 974 | struct nf_conn_help *help = nfct_help(ct); | ||
| 970 | 975 | ||
| 971 | if ((code >= 100 && code <= 199) || | 976 | if ((code >= 100 && code <= 199) || |
| 972 | (code >= 200 && code <= 299)) | 977 | (code >= 200 && code <= 299)) |
| 973 | return process_sdp(skb, dptr, datalen, cseq); | 978 | return process_sdp(skb, dptr, datalen, cseq); |
| 974 | else { | 979 | else if (help->help.ct_sip_info.invite_cseq == cseq) |
| 975 | flush_expectations(ct, true); | 980 | flush_expectations(ct, true); |
| 976 | return NF_ACCEPT; | 981 | return NF_ACCEPT; |
| 977 | } | ||
| 978 | } | 982 | } |
| 979 | 983 | ||
| 980 | static int process_update_response(struct sk_buff *skb, | 984 | static int process_update_response(struct sk_buff *skb, |
| @@ -983,14 +987,14 @@ static int process_update_response(struct sk_buff *skb, | |||
| 983 | { | 987 | { |
| 984 | enum ip_conntrack_info ctinfo; | 988 | enum ip_conntrack_info ctinfo; |
| 985 | struct nf_conn *ct = nf_ct_get(skb, &ctinfo); | 989 | struct nf_conn *ct = nf_ct_get(skb, &ctinfo); |
| 990 | struct nf_conn_help *help = nfct_help(ct); | ||
| 986 | 991 | ||
| 987 | if ((code >= 100 && code <= 199) || | 992 | if ((code >= 100 && code <= 199) || |
| 988 | (code >= 200 && code <= 299)) | 993 | (code >= 200 && code <= 299)) |
| 989 | return process_sdp(skb, dptr, datalen, cseq); | 994 | return process_sdp(skb, dptr, datalen, cseq); |
| 990 | else { | 995 | else if (help->help.ct_sip_info.invite_cseq == cseq) |
| 991 | flush_expectations(ct, true); | 996 | flush_expectations(ct, true); |
| 992 | return NF_ACCEPT; | 997 | return NF_ACCEPT; |
| 993 | } | ||
| 994 | } | 998 | } |
| 995 | 999 | ||
| 996 | static int process_prack_response(struct sk_buff *skb, | 1000 | static int process_prack_response(struct sk_buff *skb, |
| @@ -999,14 +1003,14 @@ static int process_prack_response(struct sk_buff *skb, | |||
| 999 | { | 1003 | { |
| 1000 | enum ip_conntrack_info ctinfo; | 1004 | enum ip_conntrack_info ctinfo; |
| 1001 | struct nf_conn *ct = nf_ct_get(skb, &ctinfo); | 1005 | struct nf_conn *ct = nf_ct_get(skb, &ctinfo); |
| 1006 | struct nf_conn_help *help = nfct_help(ct); | ||
| 1002 | 1007 | ||
| 1003 | if ((code >= 100 && code <= 199) || | 1008 | if ((code >= 100 && code <= 199) || |
| 1004 | (code >= 200 && code <= 299)) | 1009 | (code >= 200 && code <= 299)) |
| 1005 | return process_sdp(skb, dptr, datalen, cseq); | 1010 | return process_sdp(skb, dptr, datalen, cseq); |
| 1006 | else { | 1011 | else if (help->help.ct_sip_info.invite_cseq == cseq) |
| 1007 | flush_expectations(ct, true); | 1012 | flush_expectations(ct, true); |
| 1008 | return NF_ACCEPT; | 1013 | return NF_ACCEPT; |
| 1009 | } | ||
| 1010 | } | 1014 | } |
| 1011 | 1015 | ||
| 1012 | static int process_bye_request(struct sk_buff *skb, | 1016 | static int process_bye_request(struct sk_buff *skb, |