[NETFILTER]: nf_nat_sip: only perform RTP DNAT if SIP session was SNATed
DNAT of the the RTP session is only necessary if the SIP session has been SNATed. Signed-off-by: Jerome Borsboom <j.borsboom@erasmusmc.nl> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
7c4e36bc17
commit
f4a607bfae
1 changed files with 5 additions and 1 deletions
|
@ -260,7 +260,11 @@ static unsigned int ip_nat_sdp(struct sk_buff **pskb,
|
|||
DEBUGP("ip_nat_sdp():\n");
|
||||
|
||||
/* Connection will come from reply */
|
||||
newip = ct->tuplehash[!dir].tuple.dst.u3.ip;
|
||||
if (ct->tuplehash[dir].tuple.src.u3.ip ==
|
||||
ct->tuplehash[!dir].tuple.dst.u3.ip)
|
||||
newip = exp->tuple.dst.u3.ip;
|
||||
else
|
||||
newip = ct->tuplehash[!dir].tuple.dst.u3.ip;
|
||||
|
||||
exp->saved_ip = exp->tuple.dst.u3.ip;
|
||||
exp->tuple.dst.u3.ip = newip;
|
||||
|
|
Loading…
Reference in a new issue