From: Patrick McHardy <kaber@trash.net>
Date: Wed, 29 Nov 2006 01:35:30 +0000 (+0100)
Subject: [NETFILTER]: sip conntrack: better NAT handling
X-Git-Tag: v2.6.20-rc1~34^2~40^2~98
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1b683b551209ca46ae59b29572018001db5af078;p=pandora-kernel.git

[NETFILTER]: sip conntrack: better NAT handling

The NAT handling of the SIP helper has a few problems:

- Request headers are only mangled in the reply direction, From/To headers
  not at all, which can lead to authentication failures with DNAT in case
  the authentication domain is the IP address

- Contact headers in responses are only mangled for REGISTER responses

- Headers may be mangled even though they contain addresses not
  participating in the connection, like alternative addresses

- Packets are droppen when domain names are used where the helper expects
  IP addresses

This patch takes a different approach, instead of fixed rules what field
to mangle to what content, it adds symetric mapping of From/To/Via/Contact
headers, which allows to deal properly with echoed addresses in responses
and foreign addresses not belonging to the connection.

Signed-off-by: Patrick McHardy <kaber@trash.net>
---

Reading git-diff-tree failed