1b683b5512
The NAT handling of the SIP helper has a few problems: - Request headers are only mangled in the reply direction, From/To headers not at all, which can lead to authentication failures with DNAT in case the authentication domain is the IP address - Contact headers in responses are only mangled for REGISTER responses - Headers may be mangled even though they contain addresses not participating in the connection, like alternative addresses - Packets are droppen when domain names are used where the helper expects IP addresses This patch takes a different approach, instead of fixed rules what field to mangle to what content, it adds symetric mapping of From/To/Via/Contact headers, which allows to deal properly with echoed addresses in responses and foreign addresses not belonging to the connection. Signed-off-by: Patrick McHardy <kaber@trash.net>
41 lines
1 KiB
C
41 lines
1 KiB
C
#ifndef __IP_CONNTRACK_SIP_H__
|
|
#define __IP_CONNTRACK_SIP_H__
|
|
#ifdef __KERNEL__
|
|
|
|
#define SIP_PORT 5060
|
|
#define SIP_TIMEOUT 3600
|
|
|
|
enum sip_header_pos {
|
|
POS_REG_REQ_URI,
|
|
POS_REQ_URI,
|
|
POS_FROM,
|
|
POS_TO,
|
|
POS_VIA,
|
|
POS_CONTACT,
|
|
POS_CONTENT,
|
|
POS_MEDIA,
|
|
POS_OWNER,
|
|
POS_CONNECTION,
|
|
POS_SDP_HEADER,
|
|
};
|
|
|
|
extern unsigned int (*ip_nat_sip_hook)(struct sk_buff **pskb,
|
|
enum ip_conntrack_info ctinfo,
|
|
struct ip_conntrack *ct,
|
|
const char **dptr);
|
|
extern unsigned int (*ip_nat_sdp_hook)(struct sk_buff **pskb,
|
|
enum ip_conntrack_info ctinfo,
|
|
struct ip_conntrack_expect *exp,
|
|
const char *dptr);
|
|
|
|
extern int ct_sip_get_info(const char *dptr, size_t dlen,
|
|
unsigned int *matchoff,
|
|
unsigned int *matchlen,
|
|
enum sip_header_pos pos);
|
|
extern int ct_sip_lnlen(const char *line, const char *limit);
|
|
extern const char *ct_sip_search(const char *needle, const char *haystack,
|
|
size_t needle_len, size_t haystack_len,
|
|
int case_sensitive);
|
|
#endif /* __KERNEL__ */
|
|
#endif /* __IP_CONNTRACK_SIP_H__ */
|