summaryrefslogtreecommitdiffstats
path: root/target/linux/generic
diff options
context:
space:
mode:
authornbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>2012-12-27 22:59:51 +0000
committernbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>2012-12-27 22:59:51 +0000
commit5e4cd8814198ac064a64aff924e26794b5047b85 (patch)
tree3210cc34c3ac79c89d2e180479d02b31caae1497 /target/linux/generic
parent73af5c02d51fdb5ff707650dcbd4ca2f61b119b8 (diff)
kernel: remove the cisco SIP NAT patch, at least on 3.6 it crashes
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34901 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'target/linux/generic')
-rw-r--r--target/linux/generic/patches-3.3/604-netfilter_cisco_794x_iphone.patch118
-rw-r--r--target/linux/generic/patches-3.6/604-netfilter_cisco_794x_iphone.patch118
2 files changed, 0 insertions, 236 deletions
diff --git a/target/linux/generic/patches-3.3/604-netfilter_cisco_794x_iphone.patch b/target/linux/generic/patches-3.3/604-netfilter_cisco_794x_iphone.patch
deleted file mode 100644
index 662a499d1..000000000
--- a/target/linux/generic/patches-3.3/604-netfilter_cisco_794x_iphone.patch
+++ /dev/null
@@ -1,118 +0,0 @@
---- a/include/linux/netfilter/nf_conntrack_sip.h
-+++ b/include/linux/netfilter/nf_conntrack_sip.h
-@@ -2,12 +2,15 @@
- #define __NF_CONNTRACK_SIP_H__
- #ifdef __KERNEL__
-
-+#include <linux/types.h>
-+
- #define SIP_PORT 5060
- #define SIP_TIMEOUT 3600
-
- struct nf_ct_sip_master {
- unsigned int register_cseq;
- unsigned int invite_cseq;
-+ __be16 forced_dport;
- };
-
- enum sip_expectation_classes {
---- a/net/ipv4/netfilter/nf_nat_sip.c
-+++ b/net/ipv4/netfilter/nf_nat_sip.c
-@@ -73,6 +73,7 @@ static int map_addr(struct sk_buff *skb,
- enum ip_conntrack_info ctinfo;
- struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
- enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
-+ struct nf_conn_help *help = nfct_help(ct);
- char buffer[sizeof("nnn.nnn.nnn.nnn:nnnnn")];
- unsigned int buflen;
- __be32 newaddr;
-@@ -85,7 +86,8 @@ static int map_addr(struct sk_buff *skb,
- } else if (ct->tuplehash[dir].tuple.dst.u3.ip == addr->ip &&
- ct->tuplehash[dir].tuple.dst.u.udp.port == port) {
- newaddr = ct->tuplehash[!dir].tuple.src.u3.ip;
-- newport = ct->tuplehash[!dir].tuple.src.u.udp.port;
-+ newport = help->help.ct_sip_info.forced_dport ? :
-+ ct->tuplehash[!dir].tuple.src.u.udp.port;
- } else
- return 1;
-
-@@ -121,6 +123,7 @@ static unsigned int ip_nat_sip(struct sk
- enum ip_conntrack_info ctinfo;
- struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
- enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
-+ struct nf_conn_help *help = nfct_help(ct);
- unsigned int coff, matchoff, matchlen;
- enum sip_header_types hdr;
- union nf_inet_addr addr;
-@@ -229,6 +232,20 @@ next:
- !map_sip_addr(skb, dataoff, dptr, datalen, SIP_HDR_TO))
- return NF_DROP;
-
-+ /* Mangle destination port for Cisco phones, then fix up checksums */
-+ if (dir == IP_CT_DIR_REPLY && help->help.ct_sip_info.forced_dport) {
-+ struct udphdr *uh;
-+
-+ if (!skb_make_writable(skb, skb->len))
-+ return NF_DROP;
-+
-+ uh = (struct udphdr *)(skb->data + ip_hdrlen(skb));
-+ uh->dest = help->help.ct_sip_info.forced_dport;
-+
-+ if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo, 0, 0, NULL, 0))
-+ return NF_DROP;
-+ }
-+
- return NF_ACCEPT;
- }
-
-@@ -280,8 +297,10 @@ static unsigned int ip_nat_sip_expect(st
- enum ip_conntrack_info ctinfo;
- struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
- enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
-+ struct nf_conn_help *help = nfct_help(ct);
- __be32 newip;
- u_int16_t port;
-+ __be16 srcport;
- char buffer[sizeof("nnn.nnn.nnn.nnn:nnnnn")];
- unsigned buflen;
-
-@@ -294,8 +313,9 @@ static unsigned int ip_nat_sip_expect(st
- /* If the signalling port matches the connection's source port in the
- * original direction, try to use the destination port in the opposite
- * direction. */
-- if (exp->tuple.dst.u.udp.port ==
-- ct->tuplehash[dir].tuple.src.u.udp.port)
-+ srcport = help->help.ct_sip_info.forced_dport ? :
-+ ct->tuplehash[dir].tuple.src.u.udp.port;
-+ if (exp->tuple.dst.u.udp.port == srcport)
- port = ntohs(ct->tuplehash[!dir].tuple.dst.u.udp.port);
- else
- port = ntohs(exp->tuple.dst.u.udp.port);
---- a/net/netfilter/nf_conntrack_sip.c
-+++ b/net/netfilter/nf_conntrack_sip.c
-@@ -1363,8 +1363,25 @@ static int process_sip_request(struct sk
- {
- enum ip_conntrack_info ctinfo;
- struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
-+ struct nf_conn_help *help = nfct_help(ct);
-+ enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
- unsigned int matchoff, matchlen;
- unsigned int cseq, i;
-+ union nf_inet_addr addr;
-+ __be16 port;
-+
-+ /* Many Cisco IP phones use a high source port for SIP requests, but
-+ * listen for the response on port 5060. If we are the local
-+ * router for one of these phones, save the port number from the
-+ * Via: header so that nf_nat_sip can redirect the responses to
-+ * the correct port.
-+ */
-+ if (ct_sip_parse_header_uri(ct, *dptr, NULL, *datalen,
-+ SIP_HDR_VIA_UDP, NULL, &matchoff,
-+ &matchlen, &addr, &port) > 0 &&
-+ port != ct->tuplehash[dir].tuple.src.u.udp.port &&
-+ nf_inet_addr_cmp(&addr, &ct->tuplehash[dir].tuple.src.u3))
-+ help->help.ct_sip_info.forced_dport = port;
-
- for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) {
- const struct sip_handler *handler;
diff --git a/target/linux/generic/patches-3.6/604-netfilter_cisco_794x_iphone.patch b/target/linux/generic/patches-3.6/604-netfilter_cisco_794x_iphone.patch
deleted file mode 100644
index ee8ba1a66..000000000
--- a/target/linux/generic/patches-3.6/604-netfilter_cisco_794x_iphone.patch
+++ /dev/null
@@ -1,118 +0,0 @@
---- a/include/linux/netfilter/nf_conntrack_sip.h
-+++ b/include/linux/netfilter/nf_conntrack_sip.h
-@@ -4,12 +4,15 @@
-
- #include <net/netfilter/nf_conntrack_expect.h>
-
-+#include <linux/types.h>
-+
- #define SIP_PORT 5060
- #define SIP_TIMEOUT 3600
-
- struct nf_ct_sip_master {
- unsigned int register_cseq;
- unsigned int invite_cseq;
-+ __be16 forced_dport;
- };
-
- enum sip_expectation_classes {
---- a/net/ipv4/netfilter/nf_nat_sip.c
-+++ b/net/ipv4/netfilter/nf_nat_sip.c
-@@ -73,6 +73,7 @@ static int map_addr(struct sk_buff *skb,
- enum ip_conntrack_info ctinfo;
- struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
- enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
-+ struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
- char buffer[sizeof("nnn.nnn.nnn.nnn:nnnnn")];
- unsigned int buflen;
- __be32 newaddr;
-@@ -85,7 +86,8 @@ static int map_addr(struct sk_buff *skb,
- } else if (ct->tuplehash[dir].tuple.dst.u3.ip == addr->ip &&
- ct->tuplehash[dir].tuple.dst.u.udp.port == port) {
- newaddr = ct->tuplehash[!dir].tuple.src.u3.ip;
-- newport = ct->tuplehash[!dir].tuple.src.u.udp.port;
-+ newport = ct_sip_info->forced_dport ? ct_sip_info->forced_dport :
-+ ct->tuplehash[!dir].tuple.src.u.udp.port;
- } else
- return 1;
-
-@@ -121,6 +123,7 @@ static unsigned int ip_nat_sip(struct sk
- enum ip_conntrack_info ctinfo;
- struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
- enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
-+ struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
- unsigned int coff, matchoff, matchlen;
- enum sip_header_types hdr;
- union nf_inet_addr addr;
-@@ -230,6 +233,20 @@ next:
- !map_sip_addr(skb, dataoff, dptr, datalen, SIP_HDR_TO))
- return NF_DROP;
-
-+ /* Mangle destination port for Cisco phones, then fix up checksums */
-+ if (dir == IP_CT_DIR_REPLY && ct_sip_info->forced_dport) {
-+ struct udphdr *uh;
-+
-+ if (!skb_make_writable(skb, skb->len))
-+ return NF_DROP;
-+
-+ uh = (struct udphdr *)(skb->data + ip_hdrlen(skb));
-+ uh->dest = ct_sip_info->forced_dport;
-+
-+ if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo, 0, 0, NULL, 0))
-+ return NF_DROP;
-+ }
-+
- return NF_ACCEPT;
- }
-
-@@ -281,8 +298,10 @@ static unsigned int ip_nat_sip_expect(st
- enum ip_conntrack_info ctinfo;
- struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
- enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
-+ struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
- __be32 newip;
- u_int16_t port;
-+ __be16 srcport;
- char buffer[sizeof("nnn.nnn.nnn.nnn:nnnnn")];
- unsigned int buflen;
-
-@@ -295,8 +314,9 @@ static unsigned int ip_nat_sip_expect(st
- /* If the signalling port matches the connection's source port in the
- * original direction, try to use the destination port in the opposite
- * direction. */
-- if (exp->tuple.dst.u.udp.port ==
-- ct->tuplehash[dir].tuple.src.u.udp.port)
-+ srcport = ct_sip_info->forced_dport ? ct_sip_info->forced_dport :
-+ ct->tuplehash[dir].tuple.src.u.udp.port;
-+ if (exp->tuple.dst.u.udp.port == srcport)
- port = ntohs(ct->tuplehash[!dir].tuple.dst.u.udp.port);
- else
- port = ntohs(exp->tuple.dst.u.udp.port);
---- a/net/netfilter/nf_conntrack_sip.c
-+++ b/net/netfilter/nf_conntrack_sip.c
-@@ -1416,8 +1416,25 @@ static int process_sip_request(struct sk
- {
- enum ip_conntrack_info ctinfo;
- struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
-+ struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
-+ enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
- unsigned int matchoff, matchlen;
- unsigned int cseq, i;
-+ union nf_inet_addr addr;
-+ __be16 port;
-+
-+ /* Many Cisco IP phones use a high source port for SIP requests, but
-+ * listen for the response on port 5060. If we are the local
-+ * router for one of these phones, save the port number from the
-+ * Via: header so that nf_nat_sip can redirect the responses to
-+ * the correct port.
-+ */
-+ if (ct_sip_parse_header_uri(ct, *dptr, NULL, *datalen,
-+ SIP_HDR_VIA_UDP, NULL, &matchoff,
-+ &matchlen, &addr, &port) > 0 &&
-+ port != ct->tuplehash[dir].tuple.src.u.udp.port &&
-+ nf_inet_addr_cmp(&addr, &ct->tuplehash[dir].tuple.src.u3))
-+ ct_sip_info->forced_dport = port;
-
- for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) {
- const struct sip_handler *handler;