[NETFILTER]: nf_nat_sip: only perform RTP DNAT if SIP session was SNATed
authorJerome Borsboom <j.borsboom@erasmusmc.nl>
Sun, 8 Jul 2007 05:19:48 +0000 (22:19 -0700)
committerDavid S. Miller <davem@sunset.davemloft.net>
Wed, 11 Jul 2007 05:17:12 +0000 (22:17 -0700)
DNAT of the the RTP session is only necessary if the SIP session has
been SNATed.

Signed-off-by: Jerome Borsboom <j.borsboom@erasmusmc.nl>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/netfilter/nf_nat_sip.c

index fac97cf..a32d746 100644 (file)
@@ -260,7 +260,11 @@ static unsigned int ip_nat_sdp(struct sk_buff **pskb,
        DEBUGP("ip_nat_sdp():\n");
 
        /* Connection will come from reply */
-       newip = ct->tuplehash[!dir].tuple.dst.u3.ip;
+       if (ct->tuplehash[dir].tuple.src.u3.ip ==
+           ct->tuplehash[!dir].tuple.dst.u3.ip)
+               newip = exp->tuple.dst.u3.ip;
+       else
+               newip = ct->tuplehash[!dir].tuple.dst.u3.ip;
 
        exp->saved_ip = exp->tuple.dst.u3.ip;
        exp->tuple.dst.u3.ip = newip;