git.baikalelectronics.ru Git - kernel.git/commit

author	Florian Westphal <fw@strlen.de>
	Tue, 3 Apr 2018 10:10:09 +0000 (12:10 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 9 Apr 2018 15:05:27 +0000 (17:05 +0200)
commit	da72f90e33c3681ab348b746b0c2fceb28ec5842
tree	4f4a41d69e17ec2e31b66e089bdb108121fe3969	tree \| snapshot
parent	3b1af9f7e261788b006287b17cd7e30f93257f03	commit \| diff

netfilter: nf_conntrack_sip: allow duplicate SDP expectations

Callum Sinclair reported SIP IP Phone errors that he tracked down to
such phones sending session descriptions for different media types but
with same port numbers.

The expect core will only 'refresh' existing expectation if it is
from same master AND same expectation class (media type).
As expectation class is different, we get an error.

The SIP connection tracking code will then

1). drop the SDP packet
2). if an rtp expectation was already installed successfully,
error on rtcp expectation will cancel the rtp one.

Make the expect core report back to caller when the conflict is due
to different expectation class and have SIP tracker ignore soft-error.

Reported-by: Callum Sinclair <Callum.Sinclair@alliedtelesis.co.nz>
Tested-by: Callum Sinclair <Callum.Sinclair@alliedtelesis.co.nz>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

net/netfilter/nf_conntrack_expect.c		diff \| blob \| history
net/netfilter/nf_conntrack_sip.c		diff \| blob \| history