git.rot13.org Git - powerpc.git/commit

author	Patrick McHardy <kaber@trash.net>
	Wed, 29 Nov 2006 01:35:30 +0000 (02:35 +0100)
committer	David S. Miller <davem@sunset.davemloft.net>
	Sun, 3 Dec 2006 05:31:26 +0000 (21:31 -0800)
commit	1b683b551209ca46ae59b29572018001db5af078
tree	8d88690faf3d819e42719165cae62e9953555140	tree \| snapshot
parent	77a78dec48386ce958196bf69f192ee76537c07d	commit \| diff

[NETFILTER]: sip conntrack: better NAT handling

The NAT handling of the SIP helper has a few problems:

- Request headers are only mangled in the reply direction, From/To headers
  not at all, which can lead to authentication failures with DNAT in case
  the authentication domain is the IP address

- Contact headers in responses are only mangled for REGISTER responses

- Headers may be mangled even though they contain addresses not
  participating in the connection, like alternative addresses

- Packets are droppen when domain names are used where the helper expects
  IP addresses

This patch takes a different approach, instead of fixed rules what field
to mangle to what content, it adds symetric mapping of From/To/Via/Contact
headers, which allows to deal properly with echoed addresses in responses
and foreign addresses not belonging to the connection.

Signed-off-by: Patrick McHardy <kaber@trash.net>

include/linux/netfilter_ipv4/ip_conntrack_sip.h		diff \| blob \| history
net/ipv4/netfilter/ip_conntrack_sip.c		diff \| blob \| history
net/ipv4/netfilter/ip_nat_sip.c		diff \| blob \| history