aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/linux/netfilter/nf_conntrack_sip.h1
-rw-r--r--net/netfilter/nf_conntrack_sip.c22
2 files changed, 14 insertions, 9 deletions
diff --git a/include/linux/netfilter/nf_conntrack_sip.h b/include/linux/netfilter/nf_conntrack_sip.h
index 5da04e586a3f..23aa2ec6b7b7 100644
--- a/include/linux/netfilter/nf_conntrack_sip.h
+++ b/include/linux/netfilter/nf_conntrack_sip.h
@@ -7,6 +7,7 @@
7 7
8struct nf_ct_sip_master { 8struct nf_ct_sip_master {
9 unsigned int register_cseq; 9 unsigned int register_cseq;
10 unsigned int invite_cseq;
10}; 11};
11 12
12enum sip_expectation_classes { 13enum sip_expectation_classes {
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c
index 9f4900069561..2f9bbc058b48 100644
--- a/net/netfilter/nf_conntrack_sip.c
+++ b/net/netfilter/nf_conntrack_sip.c
@@ -870,6 +870,7 @@ static int process_sdp(struct sk_buff *skb,
870{ 870{
871 enum ip_conntrack_info ctinfo; 871 enum ip_conntrack_info ctinfo;
872 struct nf_conn *ct = nf_ct_get(skb, &ctinfo); 872 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
873 struct nf_conn_help *help = nfct_help(ct);
873 unsigned int matchoff, matchlen; 874 unsigned int matchoff, matchlen;
874 unsigned int mediaoff, medialen; 875 unsigned int mediaoff, medialen;
875 unsigned int sdpoff; 876 unsigned int sdpoff;
@@ -959,6 +960,9 @@ static int process_sdp(struct sk_buff *skb,
959 if (nf_nat_sdp_session && ct->status & IPS_NAT_MASK) 960 if (nf_nat_sdp_session && ct->status & IPS_NAT_MASK)
960 ret = nf_nat_sdp_session(skb, dptr, sdpoff, datalen, &rtp_addr); 961 ret = nf_nat_sdp_session(skb, dptr, sdpoff, datalen, &rtp_addr);
961 962
963 if (ret == NF_ACCEPT && i > 0)
964 help->help.ct_sip_info.invite_cseq = cseq;
965
962 return ret; 966 return ret;
963} 967}
964static int process_invite_response(struct sk_buff *skb, 968static int process_invite_response(struct sk_buff *skb,
@@ -967,14 +971,14 @@ static int process_invite_response(struct sk_buff *skb,
967{ 971{
968 enum ip_conntrack_info ctinfo; 972 enum ip_conntrack_info ctinfo;
969 struct nf_conn *ct = nf_ct_get(skb, &ctinfo); 973 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
974 struct nf_conn_help *help = nfct_help(ct);
970 975
971 if ((code >= 100 && code <= 199) || 976 if ((code >= 100 && code <= 199) ||
972 (code >= 200 && code <= 299)) 977 (code >= 200 && code <= 299))
973 return process_sdp(skb, dptr, datalen, cseq); 978 return process_sdp(skb, dptr, datalen, cseq);
974 else { 979 else if (help->help.ct_sip_info.invite_cseq == cseq)
975 flush_expectations(ct, true); 980 flush_expectations(ct, true);
976 return NF_ACCEPT; 981 return NF_ACCEPT;
977 }
978} 982}
979 983
980static int process_update_response(struct sk_buff *skb, 984static int process_update_response(struct sk_buff *skb,
@@ -983,14 +987,14 @@ static int process_update_response(struct sk_buff *skb,
983{ 987{
984 enum ip_conntrack_info ctinfo; 988 enum ip_conntrack_info ctinfo;
985 struct nf_conn *ct = nf_ct_get(skb, &ctinfo); 989 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
990 struct nf_conn_help *help = nfct_help(ct);
986 991
987 if ((code >= 100 && code <= 199) || 992 if ((code >= 100 && code <= 199) ||
988 (code >= 200 && code <= 299)) 993 (code >= 200 && code <= 299))
989 return process_sdp(skb, dptr, datalen, cseq); 994 return process_sdp(skb, dptr, datalen, cseq);
990 else { 995 else if (help->help.ct_sip_info.invite_cseq == cseq)
991 flush_expectations(ct, true); 996 flush_expectations(ct, true);
992 return NF_ACCEPT; 997 return NF_ACCEPT;
993 }
994} 998}
995 999
996static int process_prack_response(struct sk_buff *skb, 1000static int process_prack_response(struct sk_buff *skb,
@@ -999,14 +1003,14 @@ static int process_prack_response(struct sk_buff *skb,
999{ 1003{
1000 enum ip_conntrack_info ctinfo; 1004 enum ip_conntrack_info ctinfo;
1001 struct nf_conn *ct = nf_ct_get(skb, &ctinfo); 1005 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1006 struct nf_conn_help *help = nfct_help(ct);
1002 1007
1003 if ((code >= 100 && code <= 199) || 1008 if ((code >= 100 && code <= 199) ||
1004 (code >= 200 && code <= 299)) 1009 (code >= 200 && code <= 299))
1005 return process_sdp(skb, dptr, datalen, cseq); 1010 return process_sdp(skb, dptr, datalen, cseq);
1006 else { 1011 else if (help->help.ct_sip_info.invite_cseq == cseq)
1007 flush_expectations(ct, true); 1012 flush_expectations(ct, true);
1008 return NF_ACCEPT; 1013 return NF_ACCEPT;
1009 }
1010} 1014}
1011 1015
1012static int process_bye_request(struct sk_buff *skb, 1016static int process_bye_request(struct sk_buff *skb,