diff options
author | rbays <rbays@roatan.lenny32.lenny32> | 2009-08-27 09:25:00 -0700 |
---|---|---|
committer | Mohit Mehta <mohit.mehta@vyatta.com> | 2009-08-31 12:26:24 -0700 |
commit | dd1c1213093a621cc36ce2c03f32d6bfda7dbcbb (patch) | |
tree | be05c01918bc127b1a9be40fe2eaaa40408e4baf | |
parent | 498574a05e0ab6018e892c096f09f863c2158d82 (diff) | |
download | vyatta-cfg-firewall-dd1c1213093a621cc36ce2c03f32d6bfda7dbcbb.tar.gz vyatta-cfg-firewall-dd1c1213093a621cc36ce2c03f32d6bfda7dbcbb.zip |
fix for bug 4794 SIP Helper/ALG module does not translate RTP traffic...
added new configuration parameters:
firewall conntrack-options sip enable-indirect-media
firewall conntrack-options sip enable-indirect-signalling
(cherry picked from commit 8d73836b37bae1cb8e8211bc483bf55c51241542)
4 files changed, 41 insertions, 0 deletions
diff --git a/templates/firewall/conntrack-options/node.def b/templates/firewall/conntrack-options/node.def new file mode 100644 index 0000000..2a80cee --- /dev/null +++ b/templates/firewall/conntrack-options/node.def @@ -0,0 +1 @@ +help: Set conntrack options diff --git a/templates/firewall/conntrack-options/sip/enable-indirect-media/node.def b/templates/firewall/conntrack-options/sip/enable-indirect-media/node.def new file mode 100644 index 0000000..777e16d --- /dev/null +++ b/templates/firewall/conntrack-options/sip/enable-indirect-media/node.def @@ -0,0 +1 @@ +help: Enable support for indirect media streams diff --git a/templates/firewall/conntrack-options/sip/enable-indirect-signalling/node.def b/templates/firewall/conntrack-options/sip/enable-indirect-signalling/node.def new file mode 100644 index 0000000..d705bb3 --- /dev/null +++ b/templates/firewall/conntrack-options/sip/enable-indirect-signalling/node.def @@ -0,0 +1 @@ +help: Enable support for indirect signalling streams diff --git a/templates/firewall/conntrack-options/sip/node.def b/templates/firewall/conntrack-options/sip/node.def new file mode 100644 index 0000000..494d75c --- /dev/null +++ b/templates/firewall/conntrack-options/sip/node.def @@ -0,0 +1,38 @@ +help: Set SIP conntrack options +end: reload=0 + sdm=2 + if [ -f /sys/module/nf_conntrack_sip/parameters/sip_direct_media ]; then + sdm=$(sudo cat /sys/module/nf_conntrack_sip/parameters/sip_direct_media) + fi + if [ -n "$VAR(./enable-indirect-media)" ]; then + indirectmedia='sip_direct_media=0' + if [ $sdm -ge 1 ]; then reload=1; fi + else + if [ $sdm -eq 0 ]; then reload=1; fi + fi + + sds=2 + if [ -f /sys/module/nf_conntrack_sip/parameters/sip_direct_signalling ]; then + sds=$(sudo cat /sys/module/nf_conntrack_sip/parameters/sip_direct_signalling) + fi + if [ -n "$VAR(./enable-indirect-signalling)" ]; then + indirectsignalling='sip_direct_signalling=0' + if [ $sds -ge 1 ]; then reload=1; fi + else + if [ $sds -eq 0 ]; then reload=1; fi + fi + + options=$(grep -s "options nf_conntrack_sip $indirect-media $indirect-signalling" /etc/modprobe.d/options) + if [ -z "$options" ] && [ -f /etc/modprobe.d/options ]; then + sudo sed -i '/nf_conntrack_sip/d' /etc/modprobe.d/options + fi + + if [ -n "$indirectmedia" ] || [ -n "$indirectsignalling" ]; then + sudo sh -c "echo options nf_conntrack_sip $indirectmedia $indirectsignalling >> /etc/modprobe.d/options " + fi + + if [ $reload -eq 1 ]; then + sudo modprobe -r nf_nat_sip nf_conntrack_sip + sudo modprobe nf_conntrack_sip + sudo modprobe nf_nat_sip + fi |