[Bug 873717] New: nf_conntrack_sip: doesn't track SIP connections initiated from ports != 5060

https://bugzilla.novell.com/show_bug.cgi?id=873717 https://bugzilla.novell.com/show_bug.cgi?id=873717#c0 Summary: nf_conntrack_sip: doesn't track SIP connections initiated from ports != 5060 Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: All OS/Version: openSUSE 12.3 Status: NEW Severity: Normal Priority: P5 - None Component: Kernel AssignedTo: jeffm@suse.com ReportedBy: jeffm@suse.com QAContact: qa-bugs@suse.de Found By: Development Blocker: --- After a recent SIP client update, I couldn't connect to my provider any longer. tcpdump would show the outgoing request but not the incoming one. It turns out that the client had stopped initiating SIP requests from port 5060 and the conntrack module wasn't establishing the mapping. There was a patch added to the 3.9 kernel to address this and it applies cleanly to the 3.7 kernel. commit 7266507d89991fa1e989283e4e032c6d9357fe26 Author: Kevin Cernekee Date: Mon Dec 17 18:33:58 2012 +0000 netfilter: nf_ct_sip: support Cisco 7941/7945 IP phones Most SIP devices use a source port of 5060/udp on SIP requests, so the response automatically comes back to port 5060: phone_ip:5060 -> proxy_ip:5060 REGISTER proxy_ip:5060 -> phone_ip:5060 100 Trying The newer Cisco IP phones, however, use a randomly chosen high source port for the SIP request but expect the response on port 5060: phone_ip:49173 -> proxy_ip:5060 REGISTER proxy_ip:5060 -> phone_ip:5060 100 Trying Standard Linux NAT, with or without nf_nat_sip, will send the reply back to port 49173, not 5060: phone_ip:49173 -> proxy_ip:5060 REGISTER proxy_ip:5060 -> phone_ip:49173 100 Trying But the phone is not listening on 49173, so it will never see the reply. This patch modifies nf_*_sip to work around this quirk by extracting the SIP response port from the Via: header, iff the source IP in the packet header matches the source IP in the SIP request. Signed-off-by: Kevin Cernekee Acked-by: Eric Dumazet Cc: Patrick McHardy Signed-off-by: Pablo Neira Ayuso -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.