thr3ads.net - netfilter buglog - [Bug 522] New: SIP helper(?) mangles packets even when inactive [Oct 2006]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon@bugzilla.netfilter.org

2006-Oct-06 18:46 UTC

[Bug 522] New: SIP helper(?) mangles packets even when inactive

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=522

           Summary: SIP helper(?) mangles packets even when inactive
           Product: netfilter/iptables
           Version: linux-2.6.x
          Platform: x86_64
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: unknown
        AssignedTo: laforge@netfilter.org
        ReportedBy: kas@fi.muni.cz


I use a netfilter-based firewall (currently Fedora Core 5/x86_64 with three
gigabit NICs). The firewall does not use NAT, does not use conntrack-based rules
(-m state), and does not use the mangle rules. However, I have the conntrack
support compiled in, as I plan to move the firewall setup to the conntrack-based
configuration in the future. I have various helpers compiled in, including a SIP
helper.

Recently I had problems via SIP (ekiga client) to and from the outside world.
Using tcpdump I have discovered that when calling sip:user@ekiga.net, my
workstation sent all RTP traffic to the ekiga.net host, instead of the host
where the remote user has been logged in.

I ran cpdump on both my local workstation and on the external interface of my
firewall, while calling from the outside host to the internal network.
It seems that the firewall mangles the SIP Invite packet: when received from the
outside interface the request line reads "INVITE:
sip:yenya@<ip.address.of.my.workstation>:5064;transport=udp", while
when
received by my workstation, it reads "INVITE:
sip:yenya@213.186.62.145:5060;transport=udp" (the IP address here is the
address
of the SIP server, ekiga.net).

After running "iptables -t raw -A PREROUTING -j NOTRACK" SIP calls
work as
expected. But I think any helper (be it NAT or conntrack) shouldn't mangle
packets, unless the NAT is actually set up.

Details, including tcpdumps, available when requested. The kernel in question is
2.6.18.

-- 
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Seemingly Similar Threads

Search for more maybe matching threads

netfilter buglog - Oct 2006 - [Bug 522] New: SIP helper(?) mangles packets even when inactive

[Bug 522] New: SIP helper(?) mangles packets even when inactive

Seemingly Similar Threads

Wisdom of the Ancients