Please sign in to comment.
netfilter: nf_ct_sip: don't drop packets with offsets pointing outsid…
…e the packet Some Cisco phones create huge messages that are spread over multiple packets. After calculating the offset of the SIP body, it is validated to be within the packet and the packet is dropped otherwise. This breaks operation of these phones. Since connection tracking is supposed to be passive, just let those packets pass unmodified and untracked. Signed-off-by: Patrick McHardy <firstname.lastname@example.org> Signed-off-by: Pablo Neira Ayuso <email@example.com> Conflicts: net/netfilter/nf_conntrack_sip.c This commit appears in the 3.8 and 3.9 branches of the Linux kernel and according to feanor3 on xda-developers: The "Cisco Jabber" app lets you use your cell phone as a SIP endpoint with your work number on a Cisco phone system. The registration packets that Cisco uses are apparently larger than normal. With your kernel, the registration does not complete. With your kernel and line 1421 changed to NF_ACCEPT, the registration complete Change-Id: If0c4eff68fa10af43767ad49808394910cae4309
- Loading branch information...