- 25 Mar, 2008 19 commits
-
-
Patrick McHardy authored
Optimize call routing between NATed endpoints: when an external registrar sends a media description that contains an existing RTP expectation from a different SNATed connection, the gatekeeper is trying to route the call directly between the two endpoints. We assume both endpoints can reach each other directly and "un-NAT" the addresses, which makes the media stream go between the two endpoints directly. Signed-off-by:
Patrick McHardy <kaber@trash.net> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Patrick McHardy authored
The SDP connection addresses may be contained in the payload multiple times (in the session description and/or once per media description), currently only the session description is properly updated. Split up SDP mangling so the function setting up expectations only updates the media port, update connection addresses from media descriptions while parsing them and at the end update the session description when the final addresses are known. Signed-off-by:
-
Patrick McHardy authored
Create expectations for the RTCP connections in addition to RTP connections. Signed-off-by:
-
Patrick McHardy authored
Create expectations for incoming signalling connections when seeing a REGISTER request. This is needed when the registrar uses a different source port number for signalling messages and for receiving incoming calls from other endpoints than the registrar. Signed-off-by:
-
Patrick McHardy authored
The SIP message may contain multiple Contact: addresses referring to the NATed endpoint, translate all of them. Signed-off-by:
-
Patrick McHardy authored
Update maddr=, received= and rport= Via-header parameters refering to the signalling connection. Signed-off-by:
-
Patrick McHardy authored
Perform NAT last after parsing the packet. This makes no difference currently, but is needed when dealing with registrations to make sure we seen the unNATed addresses. Signed-off-by:
-
Patrick McHardy authored
Use the URI parsing helper to get the numerical addresses and get rid of the text based header translation. Signed-off-by:
-
Patrick McHardy authored
Introduce new function for SIP header parsing that properly deals with continuation lines and whitespace in headers and use it. Signed-off-by:
-
Patrick McHardy authored
The request URI is not a header and needs to be treated differently than real SIP headers. Add a seperate function for parsing it and get rid of the POS_REQ_URI/POS_REG_REQ_URI definitions. Signed-off-by:
-
Patrick McHardy authored
SDP and SIP headers are quite different, SIP can have continuation lines, leading and trailing whitespace after the colon and is mostly case-insensitive while SDP headers always begin on a new line and are followed by an equal sign and the value, without any whitespace. Introduce new SDP header parsing function and convert all users that used the SIP header parsing function. This will allow to properly deal with the special SIP cases in the SIP header parsing function later. Signed-off-by:
-
Patrick McHardy authored
Replace sizeof/memcmp by strlen/strcmp. Use case-insensitive comparison for SIP methods and the SIP/2.0 string, as specified in RFC 3261. Signed-off-by:
-
Patrick McHardy authored
The conntrack reference and ctinfo can be derived from the packet. Signed-off-by:
-
Patrick McHardy authored
After mangling the packet, the pointer to the data and the length of the data portion may change and need to be adjusted. Use double data pointers and a pointer to the length everywhere and add a helper function to the NAT helper for performing the adjustments. Signed-off-by:
-
Patrick McHardy authored
We need to set up the destination NAT mapping before the source NAT mapping, so the NAT core gets to see the final tuple and can decide whether the source port needs to be remapped. Signed-off-by:
-
Patrick McHardy authored
Introduce expectation classes and policies. An expectation class is used to distinguish different types of expectations by the same helper (for example audio/video/t.120). The expectation policy is used to hold the maximum number of expectations and the initial timeout for each class. The individual classes are isolated from each other, which means that for example an audio expectation will only evict other audio expectations. Signed-off-by:
-
Patrick McHardy authored
With nf_conntrack DUMP_TUPLE got renamed to NF_CT_DUMP_TUPLE, fix CLUSTERIP to use the proper macro name. Signed-off-by:
-
YOSHIFUJI Hideaki authored
Introduce per-sock inlines: sock_net(), sock_net_set() and per-inet_timewait_sock inlines: twsk_net(), twsk_net_set(). Without CONFIG_NET_NS, no namespace other than &init_net exists. Let's explicitly define them to help compiler optimizations. Signed-off-by:YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
-
YOSHIFUJI Hideaki authored
Introduce per-net_device inlines: dev_net(), dev_net_set(). Without CONFIG_NET_NS, no namespace other than &init_net exists. Let's explicitly define them to help compiler optimizations. Signed-off-by:
-
- 20 Mar, 2008 1 commit
-
-
Daniel Hokka Zakrisson authored
If a rule using ipt_recent is created with a hit count greater than ip_pkt_list_tot, the rule will never match as it cannot keep track of enough timestamps. This patch makes ipt_recent refuse to create such rules. With ip_pkt_list_tot's default value of 20, the following can be used to reproduce the problem. nc -u -l 0.0.0.0 1234 & for i in `seq 1 100`; do echo $i | nc -w 1 -u 127.0.0.1 1234; done This limits it to 20 packets: iptables -A OUTPUT -p udp --dport 1234 -m recent --set --name test \ --rsource iptables -A OUTPUT -p udp --dport 1234 -m recent --update --seconds \ 60 --hitcount 20 --name test --rsource -j DROP While this is unlimited: iptables -A OUTPUT -p udp --dport 1234 -m recent --set --name test \ --rsource iptables -A OUTPUT -p udp --dport 1234 -m recent --update --seconds \ 60 --hitcount 21 --name test --rsource -j DROP With the patch the second rule-set will throw an EINVAL. Reported-by:Sean Kennedy <skennedy@vcn.com> Signed-off-by:
Daniel Hokka Zakrisson <daniel@hozac.com> Signed-off-by:
-
- 05 Mar, 2008 2 commits
-
-
Harvey Harrison authored
__FUNCTION__ is gcc-specific, use __func__ Signed-off-by:
Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by:
-
Eric Dumazet authored
(Anonymous) unions can help us to avoid ugly casts. A common cast it the (struct rtable *)skb->dst one. Defining an union like : union { struct dst_entry *dst; struct rtable *rtable; }; permits to use skb->rtable in place. Signed-off-by:Eric Dumazet <dada1@cosmosbay.com> Signed-off-by:
-
- 03 Mar, 2008 1 commit
-
-
Pavel Emelyanov authored
There are some place, that calculate the ARP header length. These calculations are correct, but a) some operate with "magic" constants, b) enlarge the code length (sometimes at the cost of coding style), c) are not informative from the first glance. The proposal is to introduce a helper, that includes all the good sides of these calculations. Signed-off-by:
Pavel Emelyanov <xemul@openvz.org> Signed-off-by:
-
- 29 Feb, 2008 1 commit
-
-
Pavel Emelyanov authored
Some netfilter code and rxrpc one use seq_open() to open a proc file, but seq_release_private to release one. This is harmless, but ambiguous. Signed-off-by:
-
- 28 Feb, 2008 1 commit
-
-
Denis V. Lunev authored
They do exactly the same job. Signed-off-by:
Denis V. Lunev <den@openvz.org> Acked-by:
-
- 19 Feb, 2008 2 commits
-
-
Joonwoo Park authored
http://bugzilla.kernel.org/show_bug.cgi?id=9920 The function skb_make_writable returns true or false. Signed-off-by:
Joonwoo Park <joonwpark81@gmail.com> Signed-off-by:
-
Patrick McHardy authored
As reported by Tomas Simonaitis <tomas.simonaitis@gmail.com>, inserting new data in skbs queued over {ip,ip6,nfnetlink}_queue triggers a SKB_LINEAR_ASSERT in skb_put(). Going back through the git history, it seems this bug is present since at least 2.6.12-rc2, probably even since the removal of skb_linearize() for netfilter. Linearize non-linear skbs through skb_copy_expand() when enlarging them. Tested by Thomas, fixes bugzilla #9933. Signed-off-by:
-
- 07 Feb, 2008 1 commit
-
-
Patrick McHardy authored
The ->move operation has two bugs: - It is called with the same extension as source and destination, so it doesn't update the new extension. - The address of the old extension is calculated incorrectly, instead of (void *)ct->ext + ct->ext->offset[i] it uses ct->ext + ct->ext->offset[i]. Fixes a crash on x86_64 reported by Chuck Ebbert <cebbert@redhat.com> and Thomas Woerner <twoerner@redhat.com>. Tested-by:
Thomas Woerner <twoerner@redhat.com> Signed-off-by:
-
- 31 Jan, 2008 12 commits
-
-
Patrick McHardy authored
Signed-off-by:
-
Patrick McHardy authored
Reported by Ingo Molnar: net/built-in.o: In function `ip_queue_init': ip_queue.c:(.init.text+0x322c): undefined reference to `net_ipv4_ctl_path' Fix the build error and also handle CONFIG_PROC_FS=n properly. Signed-off-by:
-
Jan Engelhardt authored
Signed-off-by:
Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by:
-
Jan Engelhardt authored
Constify a few data tables use const qualifiers on variables where possible in the nf_conntrack_icmp* sources. Signed-off-by:
-
Jan Engelhardt authored
Signed-off-by:
-
Jan Engelhardt authored
Signed-off-by:
-
Jan Engelhardt authored
Constify a few data tables use const qualifiers on variables where possible in the nf_*_proto_tcp sources. Signed-off-by:
-
Jan Engelhardt authored
Signed-off-by:
-
Jan Engelhardt authored
Signed-off-by:
-
Jan Engelhardt authored
Signed-off-by:
-
Jan Engelhardt authored
Constify data tables (predominantly in nf_conntrack_h323_types.c, but also a few in nf_conntrack_h323_asn1.c) and use const qualifiers on variables where possible in the h323 sources. Signed-off-by:
-
Alexey Dobriyan authored
Signed-off-by:
Alexey Dobriyan <adobriyan@sw.ru> Signed-off-by:
-
