diff options
Diffstat (limited to 'target/linux/generic')
-rw-r--r-- | target/linux/generic/patches-3.7/604-netfilter_cisco_794x_iphone.patch | 118 | ||||
-rw-r--r-- | target/linux/generic/patches-3.8/604-netfilter_cisco_794x_iphone.patch | 118 |
2 files changed, 0 insertions, 236 deletions
diff --git a/target/linux/generic/patches-3.7/604-netfilter_cisco_794x_iphone.patch b/target/linux/generic/patches-3.7/604-netfilter_cisco_794x_iphone.patch deleted file mode 100644 index 210f7fb6b..000000000 --- a/target/linux/generic/patches-3.7/604-netfilter_cisco_794x_iphone.patch +++ /dev/null @@ -1,118 +0,0 @@ ---- a/include/linux/netfilter/nf_conntrack_sip.h -+++ b/include/linux/netfilter/nf_conntrack_sip.h -@@ -4,12 +4,15 @@ - - #include <net/netfilter/nf_conntrack_expect.h> - -+#include <linux/types.h> -+ - #define SIP_PORT 5060 - #define SIP_TIMEOUT 3600 - - struct nf_ct_sip_master { - unsigned int register_cseq; - unsigned int invite_cseq; -+ __be16 forced_dport; - }; - - enum sip_expectation_classes { ---- a/net/netfilter/nf_nat_sip.c -+++ b/net/netfilter/nf_nat_sip.c -@@ -95,6 +95,7 @@ static int map_addr(struct sk_buff *skb, - enum ip_conntrack_info ctinfo; - struct nf_conn *ct = nf_ct_get(skb, &ctinfo); - enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); -+ struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct); - char buffer[INET6_ADDRSTRLEN + sizeof("[]:nnnnn")]; - unsigned int buflen; - union nf_inet_addr newaddr; -@@ -107,7 +108,8 @@ static int map_addr(struct sk_buff *skb, - } else if (nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.dst.u3, addr) && - ct->tuplehash[dir].tuple.dst.u.udp.port == port) { - newaddr = ct->tuplehash[!dir].tuple.src.u3; -- newport = ct->tuplehash[!dir].tuple.src.u.udp.port; -+ newport = ct_sip_info->forced_dport ? ct_sip_info->forced_dport : -+ ct->tuplehash[!dir].tuple.src.u.udp.port; - } else - return 1; - -@@ -144,6 +146,7 @@ static unsigned int nf_nat_sip(struct sk - enum ip_conntrack_info ctinfo; - struct nf_conn *ct = nf_ct_get(skb, &ctinfo); - enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); -+ struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct); - unsigned int coff, matchoff, matchlen; - enum sip_header_types hdr; - union nf_inet_addr addr; -@@ -258,6 +261,20 @@ next: - !map_sip_addr(skb, protoff, dataoff, dptr, datalen, SIP_HDR_TO)) - return NF_DROP; - -+ /* Mangle destination port for Cisco phones, then fix up checksums */ -+ if (dir == IP_CT_DIR_REPLY && ct_sip_info->forced_dport) { -+ struct udphdr *uh; -+ -+ if (!skb_make_writable(skb, skb->len)) -+ return NF_DROP; -+ -+ uh = (void *)skb->data + protoff; -+ uh->dest = ct_sip_info->forced_dport; -+ -+ if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo, protoff, 0, 0, NULL, 0)) -+ return NF_DROP; -+ } -+ - return NF_ACCEPT; - } - -@@ -311,8 +328,10 @@ static unsigned int nf_nat_sip_expect(st - enum ip_conntrack_info ctinfo; - struct nf_conn *ct = nf_ct_get(skb, &ctinfo); - enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); -+ struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct); - union nf_inet_addr newaddr; - u_int16_t port; -+ __be16 srcport; - char buffer[INET6_ADDRSTRLEN + sizeof("[]:nnnnn")]; - unsigned int buflen; - -@@ -326,8 +345,9 @@ static unsigned int nf_nat_sip_expect(st - /* If the signalling port matches the connection's source port in the - * original direction, try to use the destination port in the opposite - * direction. */ -- if (exp->tuple.dst.u.udp.port == -- ct->tuplehash[dir].tuple.src.u.udp.port) -+ srcport = ct_sip_info->forced_dport ? ct_sip_info->forced_dport : -+ ct->tuplehash[dir].tuple.src.u.udp.port; -+ if (exp->tuple.dst.u.udp.port == srcport) - port = ntohs(ct->tuplehash[!dir].tuple.dst.u.udp.port); - else - port = ntohs(exp->tuple.dst.u.udp.port); ---- a/net/netfilter/nf_conntrack_sip.c -+++ b/net/netfilter/nf_conntrack_sip.c -@@ -1440,8 +1440,25 @@ static int process_sip_request(struct sk - { - enum ip_conntrack_info ctinfo; - struct nf_conn *ct = nf_ct_get(skb, &ctinfo); -+ struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct); -+ enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); - unsigned int matchoff, matchlen; - unsigned int cseq, i; -+ union nf_inet_addr addr; -+ __be16 port; -+ -+ /* Many Cisco IP phones use a high source port for SIP requests, but -+ * listen for the response on port 5060. If we are the local -+ * router for one of these phones, save the port number from the -+ * Via: header so that nf_nat_sip can redirect the responses to -+ * the correct port. -+ */ -+ if (ct_sip_parse_header_uri(ct, *dptr, NULL, *datalen, -+ SIP_HDR_VIA_UDP, NULL, &matchoff, -+ &matchlen, &addr, &port) > 0 && -+ port != ct->tuplehash[dir].tuple.src.u.udp.port && -+ nf_inet_addr_cmp(&addr, &ct->tuplehash[dir].tuple.src.u3)) -+ ct_sip_info->forced_dport = port; - - for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) { - const struct sip_handler *handler; diff --git a/target/linux/generic/patches-3.8/604-netfilter_cisco_794x_iphone.patch b/target/linux/generic/patches-3.8/604-netfilter_cisco_794x_iphone.patch deleted file mode 100644 index 210f7fb6b..000000000 --- a/target/linux/generic/patches-3.8/604-netfilter_cisco_794x_iphone.patch +++ /dev/null @@ -1,118 +0,0 @@ ---- a/include/linux/netfilter/nf_conntrack_sip.h -+++ b/include/linux/netfilter/nf_conntrack_sip.h -@@ -4,12 +4,15 @@ - - #include <net/netfilter/nf_conntrack_expect.h> - -+#include <linux/types.h> -+ - #define SIP_PORT 5060 - #define SIP_TIMEOUT 3600 - - struct nf_ct_sip_master { - unsigned int register_cseq; - unsigned int invite_cseq; -+ __be16 forced_dport; - }; - - enum sip_expectation_classes { ---- a/net/netfilter/nf_nat_sip.c -+++ b/net/netfilter/nf_nat_sip.c -@@ -95,6 +95,7 @@ static int map_addr(struct sk_buff *skb, - enum ip_conntrack_info ctinfo; - struct nf_conn *ct = nf_ct_get(skb, &ctinfo); - enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); -+ struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct); - char buffer[INET6_ADDRSTRLEN + sizeof("[]:nnnnn")]; - unsigned int buflen; - union nf_inet_addr newaddr; -@@ -107,7 +108,8 @@ static int map_addr(struct sk_buff *skb, - } else if (nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.dst.u3, addr) && - ct->tuplehash[dir].tuple.dst.u.udp.port == port) { - newaddr = ct->tuplehash[!dir].tuple.src.u3; -- newport = ct->tuplehash[!dir].tuple.src.u.udp.port; -+ newport = ct_sip_info->forced_dport ? ct_sip_info->forced_dport : -+ ct->tuplehash[!dir].tuple.src.u.udp.port; - } else - return 1; - -@@ -144,6 +146,7 @@ static unsigned int nf_nat_sip(struct sk - enum ip_conntrack_info ctinfo; - struct nf_conn *ct = nf_ct_get(skb, &ctinfo); - enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); -+ struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct); - unsigned int coff, matchoff, matchlen; - enum sip_header_types hdr; - union nf_inet_addr addr; -@@ -258,6 +261,20 @@ next: - !map_sip_addr(skb, protoff, dataoff, dptr, datalen, SIP_HDR_TO)) - return NF_DROP; - -+ /* Mangle destination port for Cisco phones, then fix up checksums */ -+ if (dir == IP_CT_DIR_REPLY && ct_sip_info->forced_dport) { -+ struct udphdr *uh; -+ -+ if (!skb_make_writable(skb, skb->len)) -+ return NF_DROP; -+ -+ uh = (void *)skb->data + protoff; -+ uh->dest = ct_sip_info->forced_dport; -+ -+ if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo, protoff, 0, 0, NULL, 0)) -+ return NF_DROP; -+ } -+ - return NF_ACCEPT; - } - -@@ -311,8 +328,10 @@ static unsigned int nf_nat_sip_expect(st - enum ip_conntrack_info ctinfo; - struct nf_conn *ct = nf_ct_get(skb, &ctinfo); - enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); -+ struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct); - union nf_inet_addr newaddr; - u_int16_t port; -+ __be16 srcport; - char buffer[INET6_ADDRSTRLEN + sizeof("[]:nnnnn")]; - unsigned int buflen; - -@@ -326,8 +345,9 @@ static unsigned int nf_nat_sip_expect(st - /* If the signalling port matches the connection's source port in the - * original direction, try to use the destination port in the opposite - * direction. */ -- if (exp->tuple.dst.u.udp.port == -- ct->tuplehash[dir].tuple.src.u.udp.port) -+ srcport = ct_sip_info->forced_dport ? ct_sip_info->forced_dport : -+ ct->tuplehash[dir].tuple.src.u.udp.port; -+ if (exp->tuple.dst.u.udp.port == srcport) - port = ntohs(ct->tuplehash[!dir].tuple.dst.u.udp.port); - else - port = ntohs(exp->tuple.dst.u.udp.port); ---- a/net/netfilter/nf_conntrack_sip.c -+++ b/net/netfilter/nf_conntrack_sip.c -@@ -1440,8 +1440,25 @@ static int process_sip_request(struct sk - { - enum ip_conntrack_info ctinfo; - struct nf_conn *ct = nf_ct_get(skb, &ctinfo); -+ struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct); -+ enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); - unsigned int matchoff, matchlen; - unsigned int cseq, i; -+ union nf_inet_addr addr; -+ __be16 port; -+ -+ /* Many Cisco IP phones use a high source port for SIP requests, but -+ * listen for the response on port 5060. If we are the local -+ * router for one of these phones, save the port number from the -+ * Via: header so that nf_nat_sip can redirect the responses to -+ * the correct port. -+ */ -+ if (ct_sip_parse_header_uri(ct, *dptr, NULL, *datalen, -+ SIP_HDR_VIA_UDP, NULL, &matchoff, -+ &matchlen, &addr, &port) > 0 && -+ port != ct->tuplehash[dir].tuple.src.u.udp.port && -+ nf_inet_addr_cmp(&addr, &ct->tuplehash[dir].tuple.src.u3)) -+ ct_sip_info->forced_dport = port; - - for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) { - const struct sip_handler *handler; |