[PATCH v3] netfilter: nf_conntrack_sip: add sip_external_media logic

From: Alin Nastac Allow media streams that are not passing through this router. When enabled, the sip_external_media logic will leave SDP payload untouched when it detects that interface towards INVITEd party is the same with the one towards media endpoint. Signed-off-by: Alin Nastac --- net

[PATCH v2] netfilter: nf_conntrack_sip: add sip_external_media logic

From: Alin Nastac Allow media streams that are not passing through this router. When enabled, the sip_external_media logic will leave SDP payload untouched when it detects that interface towards INVITEd party is the same with the one towards media endpoint. Signed-off-by: Alin Nastac --- net

[PATCH] netfilter: nf_conntrack_sip: add sip_external_media logic

Allow media streams that are not passing through this router. When enabled, the sip_external_media logic will leave SDP payload untouched when it detects that interface towards INVITEd party is the same with the one towards media endpoint. Signed-off-by: Alin Nastac --- net/netfilter

[PATCH] netfilter: nf_nat_sip: fix RTP/RTCP source port translations

-by: Alin Nastac --- net/netfilter/nf_nat_sip.c | 35 +++ 1 file changed, 31 insertions(+), 4 deletions(-) diff --git a/net/netfilter/nf_nat_sip.c b/net/netfilter/nf_nat_sip.c index 1f30860..a1e23cc 100644 --- a/net/netfilter/nf_nat_sip.c +++ b/net/netfilter

[PATCH v2] ipv6: Preserve link scope traffic original oif

and multicast packets must keep their original oif after ip6_route_me_harder is called. Signed-off-by: Alin Nastac --- net/ipv6/netfilter.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c index 5ae8e1c..8b075f0 100644 --- a/net/ipv6

[PATCH v2] ipv6: Preserve link scope traffic original oif

When ip6_route_me_harder is invoked, it resets outgoing interface of: - link-local scoped packets sent by neighbor discovery - multicast packets sent by MLD host - multicast packets send by MLD proxy daemon that sets outgoing interface through IPV6_PKTINFO ipi6_ifindex Link-local and

[PATCH] netfilter: nf_nat_sip: fix RTP/RTCP source port translations

Perform the same SNAT translation on RTP/RTCP conntracks regardless of who sends the first datagram. Prior to this change, RTP packets send by the peer who required source port translation were forwarded with unmodified source port when this peer started its voice/video stream first. ---

[PATCH] netfilter: add grev6 conntrack support

From: Alin Nastac nf_conntrack_proto_generic refuse to handle grev6 packets when NF_CT_PROTO_GRE is enabled, resulting in grev6 packets being categorized as INVALID. --- net/netfilter/nf_conntrack_proto_gre.c | 49 +- 1 file changed, 48 insertions(+), 1 deletion

[PATCH] ebtables: fix compat entry padding

that is not found in 32-bit ebtables application. Signed-off-by: Alin Nastac --- net/bridge/netfilter/ebtables.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 28a4c34..91cf3df 100644 --- a/net/bridge

[PATCH] ebtables: fix limit and mark modules incompatibilities between 32-bit user space and 64-bit kernel space

Signed-off-by: Alin Nastac <alin.nas...@gmail.com> --- include/linux/netfilter_bridge/ebt_limit.h | 4 include/linux/netfilter_bridge/ebt_mark_m.h | 5 + include/linux/netfilter_bridge/ebt_mark_t.h | 4 3 files changed, 13 insertions(+) diff --git a/include/linux/netfilter_

[PATCH v3] extensions: libxt_hashlimit: fix uint64_t printf formats

From: Alin Nastac <alin.nas...@gmail.com> The remaining %llu formats are used for unsigned long long values. Signed-off-by: Alin Nastac <alin.nas...@gmail.com> --- extensions/libxt_hashlimit.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/extensions/libxt

[PATCH v2] extensions: libxt_hashlimit: fix 64-bit printf formats

Furthermore, this extension use a mix of PRIu64 and %llu formats for uint64_t values. IMO it should use only one, for the sake of consistency. Signed-off-by: Alin Nastac <alin.nas...@gmail.com> --- extensions/libxt_hashlimit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff

[PATCH v2] netfilter: Parse ICMPv6 redirects

Extract IPv6 packet that triggered the sending of redirect message from ICMPv6 Redirected Header option and check if conntrack table contain such connection. Mark redirect packet as RELATED if a matching connection is found. Signed-off-by: Alin Nastac <alin.nas...@gmail.com> --- ne

[PATCH] netfilter: Parse ICMPv6 redirects

Extract IPv6 packet that triggered the sending of redirect message from ICMPv6 Redirected Header option and check if conntrack table contain such connection. Mark redirect packet as RELATED if a matching connection is found. Signed-off-by: Alin Nastac <alin.nas...@gmail.com> --- ne

[PATCH] ipv6: Preserve link scope traffic original oif

Link-local and multicast packets must keep their original oif after ip6_route_me_harder is called. Signed-off-by: Alin Nastac <alin.nas...@gmail.com> --- net/ipv6/netfilter.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c

[PATCH] ipv6: Preserve link scope traffic original oif

Link-local and multicast packets must keep their original oif after ip6_route_me_harder is called. Signed-off-by: Alin Nastac <alin.nas...@gmail.com> --- net/ipv6/netfilter.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c