| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 1 Sep 2009 13:32:40 +0100 From: Mark Brown <broonie@...nsource.wolfsonmicro.com> To: Andreas Jaggi <aj@...n.ch> Cc: Patrick McHardy <kaber@...sh.net>, Jing Min Zhao <zhaojingmin@...rs.sourceforge.net>, netdev@...r.kernel.org Subject: Re: H.245v10+ support in nf_conntrack_h323? On Tue, Sep 01, 2009 at 02:10:33PM +0200, Andreas Jaggi wrote: > For me it looks like nf_conntrack_h323 is not only doing connection > tracking, but also doing protocol enforcement (by dropping packets which > do not correspond exactly to H.245v7). > Perhaps there should be a config option to disable the protocol > enforcement? It's not going to be a deliberate attempt at enforcement that's the issue here - doing any substantial enforcement would require a full decode of the PER messages, involving having a full copy of the (rather large) ASN.1 in the kernel. It's much more likely that a shortcut taken in decoding the message is getting confused by something that the endpoint is choosing to send, a brief glance at the ASN.1 code certainly suggests that to me. Chances are it's not even a new v10 feature that's causing the issue. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists