lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTi==8nwn3g5t1uw=CP1K0vegUE2hAdDxOq-fkVRW@mail.gmail.com>
Date:	Sun, 14 Nov 2010 19:01:17 -0800
From:	Kevin Cernekee <cernekee@...il.com>
To:	Eric Dumazet <eric.dumazet@...il.com>
Cc:	Patrick McHardy <kaber@...sh.net>,
	"David S. Miller" <davem@...emloft.net>,
	Alexey Kuznetsov <kuznet@....inr.ac.ru>,
	"Pekka Savola (ipv6)" <pekkas@...core.fi>,
	James Morris <jmorris@...ei.org>,
	Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
	netfilter-devel@...r.kernel.org, netfilter@...r.kernel.org,
	coreteam@...filter.org, linux-kernel@...r.kernel.org,
	netdev@...r.kernel.org
Subject: Re: [PATCH/RFC] netfilter: nf_conntrack_sip: Handle quirky Cisco phones

On Sun, Nov 14, 2010 at 11:57 AM, Eric Dumazet <eric.dumazet@...il.com> wrote:
> Via: SIP/2.0/UDP 192.168.2.28:5060;branch=xxxxxxxx
>
>
> Maybe a fix would be to use this "5060" port, instead of hardcoding it
> like you did ?

Just posted v2... appreciate the advice so far.

My new code in process_sip_request() looks for an address match + port
mismatch between the IP source and the Via: header.  This is how it
tries to detect whether we are talking directly to an afflicted Cisco
phone.  If the address doesn't match, I assume the request is passing
through a non-SIP-aware NAT router so there is no special handling.

Assuming we can reliably detect the "quirky phone" condition, is there
any way to just trick Netfilter into thinking the source port was 5060
instead of 49xxx?  3/4ths of the patch could probably be eliminated if
we could overwrite the port number inside tuplehash.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ