linux/net/netfilter
Pablo Neira Ayuso d109e9af61 netfilter: nf_ct_h323: fix bug in rtcp natting
The nat_rtp_rtcp hook takes two separate parameters port and rtp_port.

port is expected to be the real h245 address (found inside the packet).
rtp_port is the even number closest to port (RTP ports are even and
RTCP ports are odd).

However currently, both port and rtp_port are having same value (both are
rounded to nearest even numbers).

This works well in case of openlogicalchannel with media (RTP/even) port.

But in case of openlogicalchannel for media control (RTCP/odd) port,
h245 address in the packet is wrongly modified to have an even port.

I am attaching a pcap demonstrating the problem, for any further analysis.

This behavior was introduced around v2.6.19 while rewriting the helper.

Signed-off-by: Jagdish Motwani <jagdish.motwani@elitecore.com>
Signed-off-by: Sanket Shah <sanket.shah@elitecore.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-06-07 14:53:17 +02:00
..
ipset Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-05-16 22:17:37 -04:00
ipvs ipvs: ip_vs_proto: local functions should not be exposed globally 2012-05-08 19:40:54 +02:00
core.c net: Delete all remaining instances of ctl_path 2012-04-20 21:22:30 -04:00
Kconfig netfilter: add xt_hmark target for hash-based skb marking 2012-05-09 12:54:05 +02:00
Makefile netfilter: add xt_hmark target for hash-based skb marking 2012-05-09 12:54:05 +02:00
nf_conntrack_acct.c net: Convert all sysctl registrations to register_net_sysctl 2012-04-20 21:22:30 -04:00
nf_conntrack_amanda.c net: Convert net_ratelimit uses to net_<level>_ratelimited 2012-05-15 13:45:03 -04:00
nf_conntrack_broadcast.c netfilter: nf_conntrack: nf_conntrack snmp helper 2011-01-18 18:12:24 +01:00
nf_conntrack_core.c net: Convert net_ratelimit uses to net_<level>_ratelimited 2012-05-15 13:45:03 -04:00
nf_conntrack_ecache.c netfilter: nf_ct_ecache: refactor notifier registration 2012-05-08 19:17:23 +02:00
nf_conntrack_expect.c net: Convert net_ratelimit uses to net_<level>_ratelimited 2012-05-15 13:45:03 -04:00
nf_conntrack_extend.c net: reintroduce missing rcu_assign_pointer() calls 2012-01-12 12:26:56 -08:00
nf_conntrack_ftp.c module_param: make bool parameters really bool (net & drivers/net) 2011-12-19 22:27:29 -05:00
nf_conntrack_h323_asn1.c netfilter: h323: bug in parsing of ASN1 SEQOF field 2011-04-04 15:21:02 +02:00
nf_conntrack_h323_main.c netfilter: nf_ct_h323: fix bug in rtcp natting 2012-06-07 14:53:17 +02:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: nf_conntrack: fix explicit helper attachment and NAT 2012-05-08 19:44:42 +02:00
nf_conntrack_irc.c net: Convert net_ratelimit uses to net_<level>_ratelimited 2012-05-15 13:45:03 -04:00
nf_conntrack_l3proto_generic.c
nf_conntrack_netbios_ns.c netfilter: nf_conntrack: nf_conntrack snmp helper 2011-01-18 18:12:24 +01:00
nf_conntrack_netlink.c netfilter: nf_ct_expect: partially implement ctnetlink_change_expect 2012-05-08 19:40:59 +02:00
nf_conntrack_pptp.c netfilter: nf_ct_pptp: fix DNATed PPTP connection address translation 2011-08-30 15:23:03 +02:00
nf_conntrack_proto_dccp.c net: Convert all sysctl registrations to register_net_sysctl 2012-04-20 21:22:30 -04:00
nf_conntrack_proto_generic.c nf_conntrack_proto_generic: Stop using NLA_PUT*(). 2012-04-01 18:52:31 -04:00
nf_conntrack_proto_gre.c nf_conntrack_proto_gre: Stop using NLA_PUT*(). 2012-04-01 18:52:03 -04:00
nf_conntrack_proto_sctp.c nf_conntrack_proto_sctp: Stop using NLA_PUT*(). 2012-04-01 18:51:39 -04:00
nf_conntrack_proto_tcp.c netfilter: nf_ct_tcp: extend log message for invalid ignored packets 2012-05-17 00:56:38 +02:00
nf_conntrack_proto_udp.c nf_conntrack_proto_udp{,lite}: Stop using NLA_PUT*(). 2012-04-01 18:48:06 -04:00
nf_conntrack_proto_udplite.c nf_conntrack_proto_udp{,lite}: Stop using NLA_PUT*(). 2012-04-01 18:48:06 -04:00
nf_conntrack_proto.c net: Convert nf_conntrack_proto to use register_net_sysctl 2012-04-20 21:22:30 -04:00
nf_conntrack_sane.c netfilter: add more values to enum ip_conntrack_info 2011-06-06 01:35:10 +02:00
nf_conntrack_sip.c netfilter: add more values to enum ip_conntrack_info 2011-06-06 01:35:10 +02:00
nf_conntrack_snmp.c netfilter: nf_conntrack: nf_conntrack snmp helper 2011-01-18 18:12:24 +01:00
nf_conntrack_standalone.c net: Convert all sysctl registrations to register_net_sysctl 2012-04-20 21:22:30 -04:00
nf_conntrack_tftp.c netfilter: cleanup printk messages 2010-05-13 15:02:08 +02:00
nf_conntrack_timeout.c netfilter: nf_ct_ext: add timeout extension 2012-03-07 17:41:25 +01:00
nf_conntrack_timestamp.c net: Convert all sysctl registrations to register_net_sysctl 2012-04-20 21:22:30 -04:00
nf_internals.h netfilter: cleanup printk messages 2010-05-13 15:02:08 +02:00
nf_log.c net: Convert all sysctl registrations to register_net_sysctl 2012-04-20 21:22:30 -04:00
nf_queue.c netfilter: nf_queue: fix queueing of bridged gro skbs 2012-02-09 20:47:53 +01:00
nf_sockopt.c
nf_tproxy_core.c netfilter: tproxy: do not assign timewait sockets to skb->sk 2011-02-17 11:32:38 +01:00
nfnetlink_acct.c nfnetlink_acct: Stop using NLA_PUT*(). 2012-04-01 18:46:29 -04:00
nfnetlink_cttimeout.c nfnetlink_cttimeout: Stop using NLA_PUT*(). 2012-04-01 18:46:00 -04:00
nfnetlink_log.c nfnetlink_log: Stop using NLA_PUT*(). 2012-04-01 18:43:44 -04:00
nfnetlink_queue.c net: Convert net_ratelimit uses to net_<level>_ratelimited 2012-05-15 13:45:03 -04:00
nfnetlink.c net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
x_tables.c net: Fix files explicitly needing to include module.h 2011-10-31 19:30:28 -04:00
xt_addrtype.c net:netfilter: use IS_ENABLED 2011-12-16 15:49:52 -05:00
xt_AUDIT.c ipv6: Add fragment reporting to ipv6_skip_exthdr(). 2011-12-03 09:35:10 -08:00
xt_CHECKSUM.c netfilter: add CHECKSUM target 2010-07-15 17:20:46 +02:00
xt_CLASSIFY.c netfilter: xt_CLASSIFY: add ARP support, allow CLASSIFY target on any table 2010-11-15 13:57:56 +01:00
xt_cluster.c netfilter: nf_conntrack: IPS_UNTRACKED bit 2010-06-08 16:09:52 +02:00
xt_comment.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
xt_connbytes.c Merge branch 'nf-next' of git://1984.lsi.us.es/net-next 2011-12-25 02:21:45 -05:00
xt_connlimit.c netfilter: xt_connlimit: remove connlimit_rnd_inited 2011-03-15 13:26:32 +01:00
xt_connmark.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
xt_CONNSECMARK.c netfilter: xtables: substitute temporary defines by final name 2010-05-11 18:31:17 +02:00
xt_conntrack.c netfilter: revert a2361c8735 2011-05-10 12:13:36 +02:00
xt_cpu.c netfilter: xtables: add missing aliases for autoloading via iptables 2011-01-18 06:33:54 +01:00
xt_CT.c netfilter: xt_CT: remove redundant header include 2012-05-17 01:00:02 +02:00
xt_dccp.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
xt_devgroup.c netfilter: xtables: add device group match 2011-02-03 00:05:43 +01:00
xt_dscp.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
xt_DSCP.c netfilter: IPv6: fix DSCP mangle code 2011-05-10 10:00:21 +02:00
xt_ecn.c netfilter: xtables: collapse conditions in xt_ecn 2011-12-27 20:45:25 +01:00
xt_esp.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
xt_hashlimit.c netfilter: xt_hashlimit: use _ALL macro to reject unknown flag bits 2012-05-17 00:56:31 +02:00
xt_helper.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
xt_hl.c netfilter: Reduce switch/case indent 2011-07-01 16:11:15 -07:00
xt_HL.c netfilter: Reduce switch/case indent 2011-07-01 16:11:15 -07:00
xt_HMARK.c netfilter: xt_HMARK: fix endianness and provide consistent hashing 2012-06-07 14:53:01 +02:00
xt_IDLETIMER.c netfilter: Remove unnecessary OOM logging messages 2011-11-01 09:19:49 +01:00
xt_iprange.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-02-04 14:28:58 -08:00
xt_ipvs.c IPVS: netns, use ip_vs_proto_data as param. 2011-01-13 10:30:27 +09:00
xt_LED.c netfilter: xtables: add missing aliases for autoloading via iptables 2011-01-18 06:33:54 +01:00
xt_length.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
xt_limit.c netfilter: limit, hashlimit: avoid duplicated inline 2012-05-09 12:54:06 +02:00
xt_LOG.c netfilter: xt_LOG: use CONFIG_IP6_NF_IPTABLES instead of CONFIG_IPV6 2012-03-22 11:50:56 +01:00
xt_mac.c netfilter: Convert compare_ether_addr to ether_addr_equal 2012-05-09 20:49:18 -04:00
xt_mark.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
xt_multiport.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
xt_nfacct.c netfilter: xtables: add nfacct match to support extended accounting 2011-12-25 02:43:17 +01:00
xt_NFLOG.c netfilter: xtables: substitute temporary defines by final name 2010-05-11 18:31:17 +02:00
xt_NFQUEUE.c net:netfilter: use IS_ENABLED 2011-12-16 15:49:52 -05:00
xt_NOTRACK.c netfilter: nf_conntrack: IPS_UNTRACKED bit 2010-06-08 16:09:52 +02:00
xt_osf.c net,rcu: convert call_rcu(xt_osf_finger_free_rcu) to kfree_rcu() 2011-05-07 22:51:12 -07:00
xt_owner.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
xt_physdev.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
xt_pkttype.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
xt_policy.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
xt_quota.c net: Fix files explicitly needing to include module.h 2011-10-31 19:30:28 -04:00
xt_rateest.c netfilter: xt_rateest: fix xt_rateest_mt_checkentry() 2011-07-29 16:24:46 +02:00
xt_RATEEST.c net,rcu: Convert call_rcu(xt_rateest_free_rcu) to kfree_rcu() 2011-07-20 14:10:19 -07:00
xt_realm.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
xt_recent.c net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
xt_repldata.h netfilter: xtables: generate initial table on-demand 2010-02-10 17:50:47 +01:00
xt_sctp.c netfilter: xt_sctp: use WORD_ROUND macro to calculate length of multiple of 4 bytes 2010-06-09 14:47:40 +02:00
xt_SECMARK.c secmark: make secmark object handling generic 2010-10-21 10:12:48 +11:00
xt_set.c netfilter: ipset: fix timeout value overflow bug 2012-05-17 00:56:41 +02:00
xt_socket.c netfilter: ip6_tables: add flags parameter to ipv6_find_hdr() 2012-05-09 12:53:47 +02:00
xt_state.c netfilter: nf_conntrack: IPS_UNTRACKED bit 2010-06-08 16:09:52 +02:00
xt_statistic.c net: Fix files explicitly needing to include module.h 2011-10-31 19:30:28 -04:00
xt_string.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
xt_tcpmss.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
xt_TCPMSS.c net: Convert net_ratelimit uses to net_<level>_ratelimited 2012-05-15 13:45:03 -04:00
xt_TCPOPTSTRIP.c net:netfilter: use IS_ENABLED 2011-12-16 15:49:52 -05:00
xt_tcpudp.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
xt_TEE.c net: replace percpu_xxx funcs with this_cpu_xxx or __this_cpu_xxx 2012-05-14 14:15:31 -07:00
xt_time.c netfilter: remove unnecessary returns from void function()s 2010-05-13 15:16:27 +02:00
xt_TPROXY.c netfilter: ip6_tables: add flags parameter to ipv6_find_hdr() 2012-05-09 12:53:47 +02:00
xt_TRACE.c netfilter: xtables: substitute temporary defines by final name 2010-05-11 18:31:17 +02:00
xt_u32.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00