Control: reassign -1 src:linux 3.9.8-1
Control: tag -1 upstream fixed-upstream patch
On Wed, 2013-07-10 at 20:48 +0200, Uwe Schindler wrote:
> Package: linux-image-3.9-1-686-pae
> Severity: normal
>
> Dear Maintainer,
> Today I installed the 3.9-1 kernel package for my Debian Testing Router Box.
> This box does NAT in my private network, including NAT traversal of the SIP
> protocol.
>
> Since kernel 3.9, NAT for SIP protocol seems to be broken for some SIP providers, with these error messages:
>
> nf_ct_sip: dropping packet: cannot NAT SIP message IN= OUT= SRC=212.27.52.5 DST=192.168.128.30
> LEN=338 TOS=0x00 PREC=0x00 TTL=55 ID=0 DF PROTO=UDP SPT=5060 DPT=49027 LEN=318
>
> This bug was already also reported for the Fedora project, but applies to debian, too. I had to uninstall
> the kernel and downgrade to the 3.2 one.
>
> The problem is a missing { } around an if statement, where a log message was added. The original
> "return NF_DROP" was then affecting the main branch of the code. The if-branch only showed the new message.
> But every connection was dropped because of the return from function, whcih was no longer conditional.
>
> See the fedora bug report for the fix:
> https://bugzilla.redhat.com/show_bug.cgi?id=965307
>
> I hope this can be fixed asap, because the new kernel is unuseable for me.
Fixed went upstream in 3.10 as:
commit 5aed93875cd88502f04a0d4517b8a2d89a849773
Author: Balazs Peter Odor <balazs@obiserver.hu>
Date: Sat Jun 22 19:24:43 2013 +0200
netfilter: nf_nat_sip: fix mangling
A package based on 3.10 will be uploaded to unstable shortly.
Ben.
--
Ben Hutchings
Reality is just a crutch for people who can't handle science fiction.
Attachment:
signature.asc
Description: This is a digitally signed message part