diff options
| author | Alin Nastac | 2018-12-13 11:10:37 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso | 2018-12-17 23:43:58 +0100 |
| commit | 8294059931448aa1ca112615bdffa3eab552c382 (patch) | |
| tree | aa59a692a324f98ae8e159200962ee586c735324 /net/netfilter/nf_tables_api.c | |
| parent | netfilter: nat: remove nf_nat_l4proto struct (diff) | |
| download | kernel-qcow2-linux-8294059931448aa1ca112615bdffa3eab552c382.tar.gz kernel-qcow2-linux-8294059931448aa1ca112615bdffa3eab552c382.tar.xz kernel-qcow2-linux-8294059931448aa1ca112615bdffa3eab552c382.zip | |
netfilter: nf_nat_sip: fix RTP/RTCP source port translations
Each media stream negotiation between 2 SIP peers will trigger creation
of 4 different expectations (2 RTP and 2 RTCP):
- INVITE will create expectations for the media packets sent by the
called peer
- reply to the INVITE will create expectations for media packets sent
by the caller
The dport used by these expectations usually match the ones selected
by the SIP peers, but they might get translated due to conflicts with
another expectation. When such event occur, it is important to do
this translation in both directions, dport translation on the receiving
path and sport translation on the sending path.
This commit fixes the sport translation when the peer requiring it is
also the one that starts the media stream. In this scenario, first media
stream packet is forwarded from LAN to WAN and will rely on
nf_nat_sip_expected() to do the necessary sport translation. However, the
expectation matched by this packet does not contain the necessary information
for doing SNAT, this data being stored in the paired expectation created by
the sender's SIP message (INVITE or reply to it).
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nf_tables_api.c')
0 files changed, 0 insertions, 0 deletions