[NETFILTER 10/50]: nf_nat_sip: only perform RTP DNAT if SIP session was SNATed

Patrick McHardy kaber at trash.net
Sat Jul 7 14:23:15 CEST 2007


[NETFILTER]: nf_nat_sip: only perform RTP DNAT if SIP session was SNATed

DNAT of the the RTP session is only necessary if the SIP session has been SNATed.

Signed-off-by: Jerome Borsboom <j.borsboom at erasmusmc.nl>
Signed-off-by: Patrick McHardy <kaber at trash.net>

---
commit 162018a88b4545a9a8be5b4720ae913ecd519928
tree 9ba954d980c0073734b2144a9205c6295a8c7b4e
parent cb17d98047a9f0843ff4f04b2b563def0a154ea3
author Jerome Borsboom <j.borsboom at erasmusmc.nl> Sat, 07 Jul 2007 12:15:19 +0200
committer Patrick McHardy <kaber at trash.net> Sat, 07 Jul 2007 12:15:19 +0200

 net/ipv4/netfilter/nf_nat_sip.c |    6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/net/ipv4/netfilter/nf_nat_sip.c b/net/ipv4/netfilter/nf_nat_sip.c
index fac97cf..a32d746 100644
--- a/net/ipv4/netfilter/nf_nat_sip.c
+++ b/net/ipv4/netfilter/nf_nat_sip.c
@@ -260,7 +260,11 @@ static unsigned int ip_nat_sdp(struct sk_buff **pskb,
 	DEBUGP("ip_nat_sdp():\n");
 
 	/* Connection will come from reply */
-	newip = ct->tuplehash[!dir].tuple.dst.u3.ip;
+	if (ct->tuplehash[dir].tuple.src.u3.ip ==
+	    ct->tuplehash[!dir].tuple.dst.u3.ip)
+		newip = exp->tuple.dst.u3.ip;
+	else
+		newip = ct->tuplehash[!dir].tuple.dst.u3.ip;
 
 	exp->saved_ip = exp->tuple.dst.u3.ip;
 	exp->tuple.dst.u3.ip = newip;



More information about the netfilter-devel mailing list