Skip to content

Commit c71529e

Browse files
herbertxdavem330
herbertx
authored and
davem330
committed
netfilter: nf_nat_sip: c= is optional for session
According to RFC2327, the connection information is optional in the session description since it can be specified in the media description instead. My provider does exactly that and does not provide any connection information in the session description. As a result the new kernel drops all invite responses. This patch makes it optional as documented. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent db1a75b commit c71529e

File tree

1 file changed

+25
-13
lines changed

1 file changed

+25
-13
lines changed

net/ipv4/netfilter/nf_nat_sip.c

Lines changed: 25 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -318,21 +318,21 @@ static int mangle_content_len(struct sk_buff *skb,
318318
buffer, buflen);
319319
}
320320

321-
static unsigned mangle_sdp_packet(struct sk_buff *skb, const char **dptr,
322-
unsigned int dataoff, unsigned int *datalen,
323-
enum sdp_header_types type,
324-
enum sdp_header_types term,
325-
char *buffer, int buflen)
321+
static int mangle_sdp_packet(struct sk_buff *skb, const char **dptr,
322+
unsigned int dataoff, unsigned int *datalen,
323+
enum sdp_header_types type,
324+
enum sdp_header_types term,
325+
char *buffer, int buflen)
326326
{
327327
enum ip_conntrack_info ctinfo;
328328
struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
329329
unsigned int matchlen, matchoff;
330330

331331
if (ct_sip_get_sdp_header(ct, *dptr, dataoff, *datalen, type, term,
332332
&matchoff, &matchlen) <= 0)
333-
return 0;
333+
return -ENOENT;
334334
return mangle_packet(skb, dptr, datalen, matchoff, matchlen,
335-
buffer, buflen);
335+
buffer, buflen) ? 0 : -EINVAL;
336336
}
337337

338338
static unsigned int ip_nat_sdp_addr(struct sk_buff *skb, const char **dptr,
@@ -346,8 +346,8 @@ static unsigned int ip_nat_sdp_addr(struct sk_buff *skb, const char **dptr,
346346
unsigned int buflen;
347347

348348
buflen = sprintf(buffer, NIPQUAD_FMT, NIPQUAD(addr->ip));
349-
if (!mangle_sdp_packet(skb, dptr, dataoff, datalen, type, term,
350-
buffer, buflen))
349+
if (mangle_sdp_packet(skb, dptr, dataoff, datalen, type, term,
350+
buffer, buflen))
351351
return 0;
352352

353353
return mangle_content_len(skb, dptr, datalen);
@@ -381,15 +381,27 @@ static unsigned int ip_nat_sdp_session(struct sk_buff *skb, const char **dptr,
381381

382382
/* Mangle session description owner and contact addresses */
383383
buflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(addr->ip));
384-
if (!mangle_sdp_packet(skb, dptr, dataoff, datalen,
384+
if (mangle_sdp_packet(skb, dptr, dataoff, datalen,
385385
SDP_HDR_OWNER_IP4, SDP_HDR_MEDIA,
386386
buffer, buflen))
387387
return 0;
388388

389-
if (!mangle_sdp_packet(skb, dptr, dataoff, datalen,
390-
SDP_HDR_CONNECTION_IP4, SDP_HDR_MEDIA,
391-
buffer, buflen))
389+
switch (mangle_sdp_packet(skb, dptr, dataoff, datalen,
390+
SDP_HDR_CONNECTION_IP4, SDP_HDR_MEDIA,
391+
buffer, buflen)) {
392+
case 0:
393+
/*
394+
* RFC 2327:
395+
*
396+
* Session description
397+
*
398+
* c=* (connection information - not required if included in all media)
399+
*/
400+
case -ENOENT:
401+
break;
402+
default:
392403
return 0;
404+
}
393405

394406
return mangle_content_len(skb, dptr, datalen);
395407
}

0 commit comments

Comments
 (0)