]> err.no Git - linux-2.6/blobdiff - net/ipv4/netfilter/nf_nat_sip.c
projects / linux-2.6 / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'release' of git://lm-sensors.org/kernel/mhoffman/hwmon-2.6
[linux-2.6] / net / ipv4 / netfilter / nf_nat_sip.c
diff --git a/net/ipv4/netfilter/nf_nat_sip.c b/net/ipv4/netfilter/nf_nat_sip.c
index bfd88e4e06851396929b1ad7b9c63333a458dc76..a889ec3ec83abb7edb80a0c91241226b7e978dae 100644 (file)
--- a/net/ipv4/netfilter/nf_nat_sip.c
+++ b/net/ipv4/netfilter/nf_nat_sip.c
@@ -26,12 +26,6 @@ MODULE_AUTHOR("Christian Hentschel <chentschel@arnet.com.ar>");
 MODULE_DESCRIPTION("SIP NAT helper");
 MODULE_ALIAS("ip_nat_sip");
 
-#if 0
-#define DEBUGP printk
-#else
-#define DEBUGP(format, args...)
-#endif
-
 struct addr_map {
        struct {
                char            src[sizeof("nnn.nnn.nnn.nnn:nnnnn")];
@@ -222,6 +216,29 @@ static unsigned int mangle_sdp(struct sk_buff **pskb,
        return mangle_content_len(pskb, ctinfo, ct, dptr);
 }
 
+static void ip_nat_sdp_expect(struct nf_conn *ct,
+                             struct nf_conntrack_expect *exp)
+{
+       struct nf_nat_range range;
+
+       /* This must be a fresh one. */
+       BUG_ON(ct->status & IPS_NAT_DONE_MASK);
+
+       /* Change src to where master sends to */
+       range.flags = IP_NAT_RANGE_MAP_IPS;
+       range.min_ip = range.max_ip
+               = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip;
+       /* hook doesn't matter, but it has to do source manip */
+       nf_nat_setup_info(ct, &range, NF_IP_POST_ROUTING);
+
+       /* For DST manip, map port here to where it's expected. */
+       range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
+       range.min = range.max = exp->saved_proto;
+       range.min_ip = range.max_ip = exp->saved_ip;
+       /* hook doesn't matter, but it has to do destination manip */
+       nf_nat_setup_info(ct, &range, NF_IP_PRE_ROUTING);
+}
+
 /* So, this packet has hit the connection tracking matching code.
    Mangle it, and change the expectation to match the new version. */
 static unsigned int ip_nat_sdp(struct sk_buff **pskb,
@@ -234,23 +251,26 @@ static unsigned int ip_nat_sdp(struct sk_buff **pskb,
        __be32 newip;
        u_int16_t port;
 
-       DEBUGP("ip_nat_sdp():\n");
-
        /* Connection will come from reply */
-       newip = ct->tuplehash[!dir].tuple.dst.u3.ip;
+       if (ct->tuplehash[dir].tuple.src.u3.ip ==
+           ct->tuplehash[!dir].tuple.dst.u3.ip)
+               newip = exp->tuple.dst.u3.ip;
+       else
+               newip = ct->tuplehash[!dir].tuple.dst.u3.ip;
 
+       exp->saved_ip = exp->tuple.dst.u3.ip;
        exp->tuple.dst.u3.ip = newip;
        exp->saved_proto.udp.port = exp->tuple.dst.u.udp.port;
        exp->dir = !dir;
 
        /* When you see the packet, we need to NAT it the same as the
           this one. */
-       exp->expectfn = nf_nat_follow_master;
+       exp->expectfn = ip_nat_sdp_expect;
 
        /* Try to get same port: if not, try to change it. */
        for (port = ntohs(exp->saved_proto.udp.port); port != 0; port++) {
                exp->tuple.dst.u.udp.port = htons(port);
-               if (nf_conntrack_expect_related(exp) == 0)
+               if (nf_ct_expect_related(exp) == 0)
                        break;
        }
 
@@ -258,7 +278,7 @@ static unsigned int ip_nat_sdp(struct sk_buff **pskb,
                return NF_DROP;
 
        if (!mangle_sdp(pskb, ctinfo, ct, newip, port, dptr)) {
-               nf_conntrack_unexpect_related(exp);
+               nf_ct_unexpect_related(exp);
                return NF_DROP;
        }
        return NF_ACCEPT;
Linux 2.6 source tree