From f4a607bfae30d15aad46e75d2ed7a39f7ce7708b Mon Sep 17 00:00:00 2001 From: Jerome Borsboom Date: Sat, 7 Jul 2007 22:19:48 -0700 Subject: [PATCH] [NETFILTER]: nf_nat_sip: only perform RTP DNAT if SIP session was SNATed DNAT of the the RTP session is only necessary if the SIP session has been SNATed. Signed-off-by: Jerome Borsboom Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- net/ipv4/netfilter/nf_nat_sip.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/net/ipv4/netfilter/nf_nat_sip.c b/net/ipv4/netfilter/nf_nat_sip.c index fac97cf51ae5..a32d746c4592 100644 --- a/net/ipv4/netfilter/nf_nat_sip.c +++ b/net/ipv4/netfilter/nf_nat_sip.c @@ -260,7 +260,11 @@ static unsigned int ip_nat_sdp(struct sk_buff **pskb, DEBUGP("ip_nat_sdp():\n"); /* Connection will come from reply */ - newip = ct->tuplehash[!dir].tuple.dst.u3.ip; + if (ct->tuplehash[dir].tuple.src.u3.ip == + ct->tuplehash[!dir].tuple.dst.u3.ip) + newip = exp->tuple.dst.u3.ip; + else + newip = ct->tuplehash[!dir].tuple.dst.u3.ip; exp->saved_ip = exp->tuple.dst.u3.ip; exp->tuple.dst.u3.ip = newip; -- 2.20.1