linux/net/netfilter/nf_conntrack_sip.c
<<
>>
Prefs
   1/* SIP extension for IP connection tracking.
   2 *
   3 * (C) 2005 by Christian Hentschel <chentschel@arnet.com.ar>
   4 * based on RR's ip_conntrack_ftp.c and other modules.
   5 * (C) 2007 United Security Providers
   6 * (C) 2007, 2008 Patrick McHardy <kaber@trash.net>
   7 *
   8 * This program is free software; you can redistribute it and/or modify
   9 * it under the terms of the GNU General Public License version 2 as
  10 * published by the Free Software Foundation.
  11 */
  12
  13#include <linux/module.h>
  14#include <linux/ctype.h>
  15#include <linux/skbuff.h>
  16#include <linux/inet.h>
  17#include <linux/in.h>
  18#include <linux/udp.h>
  19#include <linux/tcp.h>
  20#include <linux/netfilter.h>
  21
  22#include <net/netfilter/nf_conntrack.h>
  23#include <net/netfilter/nf_conntrack_core.h>
  24#include <net/netfilter/nf_conntrack_expect.h>
  25#include <net/netfilter/nf_conntrack_helper.h>
  26#include <net/netfilter/nf_conntrack_zones.h>
  27#include <linux/netfilter/nf_conntrack_sip.h>
  28
  29MODULE_LICENSE("GPL");
  30MODULE_AUTHOR("Christian Hentschel <chentschel@arnet.com.ar>");
  31MODULE_DESCRIPTION("SIP connection tracking helper");
  32MODULE_ALIAS("ip_conntrack_sip");
  33MODULE_ALIAS_NFCT_HELPER("sip");
  34
  35#define MAX_PORTS       8
  36static unsigned short ports[MAX_PORTS];
  37static unsigned int ports_c;
  38module_param_array(ports, ushort, &ports_c, 0400);
  39MODULE_PARM_DESC(ports, "port numbers of SIP servers");
  40
  41static unsigned int sip_timeout __read_mostly = SIP_TIMEOUT;
  42module_param(sip_timeout, uint, 0600);
  43MODULE_PARM_DESC(sip_timeout, "timeout for the master SIP session");
  44
  45static int sip_direct_signalling __read_mostly = 1;
  46module_param(sip_direct_signalling, int, 0600);
  47MODULE_PARM_DESC(sip_direct_signalling, "expect incoming calls from registrar "
  48                                        "only (default 1)");
  49
  50static int sip_direct_media __read_mostly = 1;
  51module_param(sip_direct_media, int, 0600);
  52MODULE_PARM_DESC(sip_direct_media, "Expect Media streams between signalling "
  53                                   "endpoints only (default 1)");
  54
  55unsigned int (*nf_nat_sip_hook)(struct sk_buff *skb, unsigned int protoff,
  56                                unsigned int dataoff, const char **dptr,
  57                                unsigned int *datalen) __read_mostly;
  58EXPORT_SYMBOL_GPL(nf_nat_sip_hook);
  59
  60void (*nf_nat_sip_seq_adjust_hook)(struct sk_buff *skb, unsigned int protoff,
  61                                   s16 off) __read_mostly;
  62EXPORT_SYMBOL_GPL(nf_nat_sip_seq_adjust_hook);
  63
  64unsigned int (*nf_nat_sip_expect_hook)(struct sk_buff *skb,
  65                                       unsigned int protoff,
  66                                       unsigned int dataoff,
  67                                       const char **dptr,
  68                                       unsigned int *datalen,
  69                                       struct nf_conntrack_expect *exp,
  70                                       unsigned int matchoff,
  71                                       unsigned int matchlen) __read_mostly;
  72EXPORT_SYMBOL_GPL(nf_nat_sip_expect_hook);
  73
  74unsigned int (*nf_nat_sdp_addr_hook)(struct sk_buff *skb, unsigned int protoff,
  75                                     unsigned int dataoff,
  76                                     const char **dptr,
  77                                     unsigned int *datalen,
  78                                     unsigned int sdpoff,
  79                                     enum sdp_header_types type,
  80                                     enum sdp_header_types term,
  81                                     const union nf_inet_addr *addr)
  82                                     __read_mostly;
  83EXPORT_SYMBOL_GPL(nf_nat_sdp_addr_hook);
  84
  85unsigned int (*nf_nat_sdp_port_hook)(struct sk_buff *skb, unsigned int protoff,
  86                                     unsigned int dataoff,
  87                                     const char **dptr,
  88                                     unsigned int *datalen,
  89                                     unsigned int matchoff,
  90                                     unsigned int matchlen,
  91                                     u_int16_t port) __read_mostly;
  92EXPORT_SYMBOL_GPL(nf_nat_sdp_port_hook);
  93
  94unsigned int (*nf_nat_sdp_session_hook)(struct sk_buff *skb,
  95                                        unsigned int protoff,
  96                                        unsigned int dataoff,
  97                                        const char **dptr,
  98                                        unsigned int *datalen,
  99                                        unsigned int sdpoff,
 100                                        const union nf_inet_addr *addr)
 101                                        __read_mostly;
 102EXPORT_SYMBOL_GPL(nf_nat_sdp_session_hook);
 103
 104unsigned int (*nf_nat_sdp_media_hook)(struct sk_buff *skb, unsigned int protoff,
 105                                      unsigned int dataoff,
 106                                      const char **dptr,
 107                                      unsigned int *datalen,
 108                                      struct nf_conntrack_expect *rtp_exp,
 109                                      struct nf_conntrack_expect *rtcp_exp,
 110                                      unsigned int mediaoff,
 111                                      unsigned int medialen,
 112                                      union nf_inet_addr *rtp_addr)
 113                                      __read_mostly;
 114EXPORT_SYMBOL_GPL(nf_nat_sdp_media_hook);
 115
 116static int string_len(const struct nf_conn *ct, const char *dptr,
 117                      const char *limit, int *shift)
 118{
 119        int len = 0;
 120
 121        while (dptr < limit && isalpha(*dptr)) {
 122                dptr++;
 123                len++;
 124        }
 125        return len;
 126}
 127
 128static int digits_len(const struct nf_conn *ct, const char *dptr,
 129                      const char *limit, int *shift)
 130{
 131        int len = 0;
 132        while (dptr < limit && isdigit(*dptr)) {
 133                dptr++;
 134                len++;
 135        }
 136        return len;
 137}
 138
 139static int iswordc(const char c)
 140{
 141        if (isalnum(c) || c == '!' || c == '"' || c == '%' ||
 142            (c >= '(' && c <= '/') || c == ':' || c == '<' || c == '>' ||
 143            c == '?' || (c >= '[' && c <= ']') || c == '_' || c == '`' ||
 144            c == '{' || c == '}' || c == '~')
 145                return 1;
 146        return 0;
 147}
 148
 149static int word_len(const char *dptr, const char *limit)
 150{
 151        int len = 0;
 152        while (dptr < limit && iswordc(*dptr)) {
 153                dptr++;
 154                len++;
 155        }
 156        return len;
 157}
 158
 159static int callid_len(const struct nf_conn *ct, const char *dptr,
 160                      const char *limit, int *shift)
 161{
 162        int len, domain_len;
 163
 164        len = word_len(dptr, limit);
 165        dptr += len;
 166        if (!len || dptr == limit || *dptr != '@')
 167                return len;
 168        dptr++;
 169        len++;
 170
 171        domain_len = word_len(dptr, limit);
 172        if (!domain_len)
 173                return 0;
 174        return len + domain_len;
 175}
 176
 177/* get media type + port length */
 178static int media_len(const struct nf_conn *ct, const char *dptr,
 179                     const char *limit, int *shift)
 180{
 181        int len = string_len(ct, dptr, limit, shift);
 182
 183        dptr += len;
 184        if (dptr >= limit || *dptr != ' ')
 185                return 0;
 186        len++;
 187        dptr++;
 188
 189        return len + digits_len(ct, dptr, limit, shift);
 190}
 191
 192static int sip_parse_addr(const struct nf_conn *ct, const char *cp,
 193                          const char **endp, union nf_inet_addr *addr,
 194                          const char *limit, bool delim)
 195{
 196        const char *end;
 197        int ret;
 198
 199        if (!ct)
 200                return 0;
 201
 202        memset(addr, 0, sizeof(*addr));
 203        switch (nf_ct_l3num(ct)) {
 204        case AF_INET:
 205                ret = in4_pton(cp, limit - cp, (u8 *)&addr->ip, -1, &end);
 206                if (ret == 0)
 207                        return 0;
 208                break;
 209        case AF_INET6:
 210                if (cp < limit && *cp == '[')
 211                        cp++;
 212                else if (delim)
 213                        return 0;
 214
 215                ret = in6_pton(cp, limit - cp, (u8 *)&addr->ip6, -1, &end);
 216                if (ret == 0)
 217                        return 0;
 218
 219                if (end < limit && *end == ']')
 220                        end++;
 221                else if (delim)
 222                        return 0;
 223                break;
 224        default:
 225                BUG();
 226        }
 227
 228        if (endp)
 229                *endp = end;
 230        return 1;
 231}
 232
 233/* skip ip address. returns its length. */
 234static int epaddr_len(const struct nf_conn *ct, const char *dptr,
 235                      const char *limit, int *shift)
 236{
 237        union nf_inet_addr addr;
 238        const char *aux = dptr;
 239
 240        if (!sip_parse_addr(ct, dptr, &dptr, &addr, limit, true)) {
 241                pr_debug("ip: %s parse failed.!\n", dptr);
 242                return 0;
 243        }
 244
 245        /* Port number */
 246        if (*dptr == ':') {
 247                dptr++;
 248                dptr += digits_len(ct, dptr, limit, shift);
 249        }
 250        return dptr - aux;
 251}
 252
 253/* get address length, skiping user info. */
 254static int skp_epaddr_len(const struct nf_conn *ct, const char *dptr,
 255                          const char *limit, int *shift)
 256{
 257        const char *start = dptr;
 258        int s = *shift;
 259
 260        /* Search for @, but stop at the end of the line.
 261         * We are inside a sip: URI, so we don't need to worry about
 262         * continuation lines. */
 263        while (dptr < limit &&
 264               *dptr != '@' && *dptr != '\r' && *dptr != '\n') {
 265                (*shift)++;
 266                dptr++;
 267        }
 268
 269        if (dptr < limit && *dptr == '@') {
 270                dptr++;
 271                (*shift)++;
 272        } else {
 273                dptr = start;
 274                *shift = s;
 275        }
 276
 277        return epaddr_len(ct, dptr, limit, shift);
 278}
 279
 280/* Parse a SIP request line of the form:
 281 *
 282 * Request-Line = Method SP Request-URI SP SIP-Version CRLF
 283 *
 284 * and return the offset and length of the address contained in the Request-URI.
 285 */
 286int ct_sip_parse_request(const struct nf_conn *ct,
 287                         const char *dptr, unsigned int datalen,
 288                         unsigned int *matchoff, unsigned int *matchlen,
 289                         union nf_inet_addr *addr, __be16 *port)
 290{
 291        const char *start = dptr, *limit = dptr + datalen, *end;
 292        unsigned int mlen;
 293        unsigned int p;
 294        int shift = 0;
 295
 296        /* Skip method and following whitespace */
 297        mlen = string_len(ct, dptr, limit, NULL);
 298        if (!mlen)
 299                return 0;
 300        dptr += mlen;
 301        if (++dptr >= limit)
 302                return 0;
 303
 304        /* Find SIP URI */
 305        for (; dptr < limit - strlen("sip:"); dptr++) {
 306                if (*dptr == '\r' || *dptr == '\n')
 307                        return -1;
 308                if (strnicmp(dptr, "sip:", strlen("sip:")) == 0) {
 309                        dptr += strlen("sip:");
 310                        break;
 311                }
 312        }
 313        if (!skp_epaddr_len(ct, dptr, limit, &shift))
 314                return 0;
 315        dptr += shift;
 316
 317        if (!sip_parse_addr(ct, dptr, &end, addr, limit, true))
 318                return -1;
 319        if (end < limit && *end == ':') {
 320                end++;
 321                p = simple_strtoul(end, (char **)&end, 10);
 322                if (p < 1024 || p > 65535)
 323                        return -1;
 324                *port = htons(p);
 325        } else
 326                *port = htons(SIP_PORT);
 327
 328        if (end == dptr)
 329                return 0;
 330        *matchoff = dptr - start;
 331        *matchlen = end - dptr;
 332        return 1;
 333}
 334EXPORT_SYMBOL_GPL(ct_sip_parse_request);
 335
 336/* SIP header parsing: SIP headers are located at the beginning of a line, but
 337 * may span several lines, in which case the continuation lines begin with a
 338 * whitespace character. RFC 2543 allows lines to be terminated with CR, LF or
 339 * CRLF, RFC 3261 allows only CRLF, we support both.
 340 *
 341 * Headers are followed by (optionally) whitespace, a colon, again (optionally)
 342 * whitespace and the values. Whitespace in this context means any amount of
 343 * tabs, spaces and continuation lines, which are treated as a single whitespace
 344 * character.
 345 *
 346 * Some headers may appear multiple times. A comma separated list of values is
 347 * equivalent to multiple headers.
 348 */
 349static const struct sip_header ct_sip_hdrs[] = {
 350        [SIP_HDR_CSEQ]                  = SIP_HDR("CSeq", NULL, NULL, digits_len),
 351        [SIP_HDR_FROM]                  = SIP_HDR("From", "f", "sip:", skp_epaddr_len),
 352        [SIP_HDR_TO]                    = SIP_HDR("To", "t", "sip:", skp_epaddr_len),
 353        [SIP_HDR_CONTACT]               = SIP_HDR("Contact", "m", "sip:", skp_epaddr_len),
 354        [SIP_HDR_VIA_UDP]               = SIP_HDR("Via", "v", "UDP ", epaddr_len),
 355        [SIP_HDR_VIA_TCP]               = SIP_HDR("Via", "v", "TCP ", epaddr_len),
 356        [SIP_HDR_EXPIRES]               = SIP_HDR("Expires", NULL, NULL, digits_len),
 357        [SIP_HDR_CONTENT_LENGTH]        = SIP_HDR("Content-Length", "l", NULL, digits_len),
 358        [SIP_HDR_CALL_ID]               = SIP_HDR("Call-Id", "i", NULL, callid_len),
 359};
 360
 361static const char *sip_follow_continuation(const char *dptr, const char *limit)
 362{
 363        /* Walk past newline */
 364        if (++dptr >= limit)
 365                return NULL;
 366
 367        /* Skip '\n' in CR LF */
 368        if (*(dptr - 1) == '\r' && *dptr == '\n') {
 369                if (++dptr >= limit)
 370                        return NULL;
 371        }
 372
 373        /* Continuation line? */
 374        if (*dptr != ' ' && *dptr != '\t')
 375                return NULL;
 376
 377        /* skip leading whitespace */
 378        for (; dptr < limit; dptr++) {
 379                if (*dptr != ' ' && *dptr != '\t')
 380                        break;
 381        }
 382        return dptr;
 383}
 384
 385static const char *sip_skip_whitespace(const char *dptr, const char *limit)
 386{
 387        for (; dptr < limit; dptr++) {
 388                if (*dptr == ' ')
 389                        continue;
 390                if (*dptr != '\r' && *dptr != '\n')
 391                        break;
 392                dptr = sip_follow_continuation(dptr, limit);
 393                if (dptr == NULL)
 394                        return NULL;
 395        }
 396        return dptr;
 397}
 398
 399/* Search within a SIP header value, dealing with continuation lines */
 400static const char *ct_sip_header_search(const char *dptr, const char *limit,
 401                                        const char *needle, unsigned int len)
 402{
 403        for (limit -= len; dptr < limit; dptr++) {
 404                if (*dptr == '\r' || *dptr == '\n') {
 405                        dptr = sip_follow_continuation(dptr, limit);
 406                        if (dptr == NULL)
 407                                break;
 408                        continue;
 409                }
 410
 411                if (strnicmp(dptr, needle, len) == 0)
 412                        return dptr;
 413        }
 414        return NULL;
 415}
 416
 417int ct_sip_get_header(const struct nf_conn *ct, const char *dptr,
 418                      unsigned int dataoff, unsigned int datalen,
 419                      enum sip_header_types type,
 420                      unsigned int *matchoff, unsigned int *matchlen)
 421{
 422        const struct sip_header *hdr = &ct_sip_hdrs[type];
 423        const char *start = dptr, *limit = dptr + datalen;
 424        int shift = 0;
 425
 426        for (dptr += dataoff; dptr < limit; dptr++) {
 427                /* Find beginning of line */
 428                if (*dptr != '\r' && *dptr != '\n')
 429                        continue;
 430                if (++dptr >= limit)
 431                        break;
 432                if (*(dptr - 1) == '\r' && *dptr == '\n') {
 433                        if (++dptr >= limit)
 434                                break;
 435                }
 436
 437                /* Skip continuation lines */
 438                if (*dptr == ' ' || *dptr == '\t')
 439                        continue;
 440
 441                /* Find header. Compact headers must be followed by a
 442                 * non-alphabetic character to avoid mismatches. */
 443                if (limit - dptr >= hdr->len &&
 444                    strnicmp(dptr, hdr->name, hdr->len) == 0)
 445                        dptr += hdr->len;
 446                else if (hdr->cname && limit - dptr >= hdr->clen + 1 &&
 447                         strnicmp(dptr, hdr->cname, hdr->clen) == 0 &&
 448                         !isalpha(*(dptr + hdr->clen)))
 449                        dptr += hdr->clen;
 450                else
 451                        continue;
 452
 453                /* Find and skip colon */
 454                dptr = sip_skip_whitespace(dptr, limit);
 455                if (dptr == NULL)
 456                        break;
 457                if (*dptr != ':' || ++dptr >= limit)
 458                        break;
 459
 460                /* Skip whitespace after colon */
 461                dptr = sip_skip_whitespace(dptr, limit);
 462                if (dptr == NULL)
 463                        break;
 464
 465                *matchoff = dptr - start;
 466                if (hdr->search) {
 467                        dptr = ct_sip_header_search(dptr, limit, hdr->search,
 468                                                    hdr->slen);
 469                        if (!dptr)
 470                                return -1;
 471                        dptr += hdr->slen;
 472                }
 473
 474                *matchlen = hdr->match_len(ct, dptr, limit, &shift);
 475                if (!*matchlen)
 476                        return -1;
 477                *matchoff = dptr - start + shift;
 478                return 1;
 479        }
 480        return 0;
 481}
 482EXPORT_SYMBOL_GPL(ct_sip_get_header);
 483
 484/* Get next header field in a list of comma separated values */
 485static int ct_sip_next_header(const struct nf_conn *ct, const char *dptr,
 486                              unsigned int dataoff, unsigned int datalen,
 487                              enum sip_header_types type,
 488                              unsigned int *matchoff, unsigned int *matchlen)
 489{
 490        const struct sip_header *hdr = &ct_sip_hdrs[type];
 491        const char *start = dptr, *limit = dptr + datalen;
 492        int shift = 0;
 493
 494        dptr += dataoff;
 495
 496        dptr = ct_sip_header_search(dptr, limit, ",", strlen(","));
 497        if (!dptr)
 498                return 0;
 499
 500        dptr = ct_sip_header_search(dptr, limit, hdr->search, hdr->slen);
 501        if (!dptr)
 502                return 0;
 503        dptr += hdr->slen;
 504
 505        *matchoff = dptr - start;
 506        *matchlen = hdr->match_len(ct, dptr, limit, &shift);
 507        if (!*matchlen)
 508                return -1;
 509        *matchoff += shift;
 510        return 1;
 511}
 512
 513/* Walk through headers until a parsable one is found or no header of the
 514 * given type is left. */
 515static int ct_sip_walk_headers(const struct nf_conn *ct, const char *dptr,
 516                               unsigned int dataoff, unsigned int datalen,
 517                               enum sip_header_types type, int *in_header,
 518                               unsigned int *matchoff, unsigned int *matchlen)
 519{
 520        int ret;
 521
 522        if (in_header && *in_header) {
 523                while (1) {
 524                        ret = ct_sip_next_header(ct, dptr, dataoff, datalen,
 525                                                 type, matchoff, matchlen);
 526                        if (ret > 0)
 527                                return ret;
 528                        if (ret == 0)
 529                                break;
 530                        dataoff += *matchoff;
 531                }
 532                *in_header = 0;
 533        }
 534
 535        while (1) {
 536                ret = ct_sip_get_header(ct, dptr, dataoff, datalen,
 537                                        type, matchoff, matchlen);
 538                if (ret > 0)
 539                        break;
 540                if (ret == 0)
 541                        return ret;
 542                dataoff += *matchoff;
 543        }
 544
 545        if (in_header)
 546                *in_header = 1;
 547        return 1;
 548}
 549
 550/* Locate a SIP header, parse the URI and return the offset and length of
 551 * the address as well as the address and port themselves. A stream of
 552 * headers can be parsed by handing in a non-NULL datalen and in_header
 553 * pointer.
 554 */
 555int ct_sip_parse_header_uri(const struct nf_conn *ct, const char *dptr,
 556                            unsigned int *dataoff, unsigned int datalen,
 557                            enum sip_header_types type, int *in_header,
 558                            unsigned int *matchoff, unsigned int *matchlen,
 559                            union nf_inet_addr *addr, __be16 *port)
 560{
 561        const char *c, *limit = dptr + datalen;
 562        unsigned int p;
 563        int ret;
 564
 565        ret = ct_sip_walk_headers(ct, dptr, dataoff ? *dataoff : 0, datalen,
 566                                  type, in_header, matchoff, matchlen);
 567        WARN_ON(ret < 0);
 568        if (ret == 0)
 569                return ret;
 570
 571        if (!sip_parse_addr(ct, dptr + *matchoff, &c, addr, limit, true))
 572                return -1;
 573        if (*c == ':') {
 574                c++;
 575                p = simple_strtoul(c, (char **)&c, 10);
 576                if (p < 1024 || p > 65535)
 577                        return -1;
 578                *port = htons(p);
 579        } else
 580                *port = htons(SIP_PORT);
 581
 582        if (dataoff)
 583                *dataoff = c - dptr;
 584        return 1;
 585}
 586EXPORT_SYMBOL_GPL(ct_sip_parse_header_uri);
 587
 588static int ct_sip_parse_param(const struct nf_conn *ct, const char *dptr,
 589                              unsigned int dataoff, unsigned int datalen,
 590                              const char *name,
 591                              unsigned int *matchoff, unsigned int *matchlen)
 592{
 593        const char *limit = dptr + datalen;
 594        const char *start;
 595        const char *end;
 596
 597        limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(","));
 598        if (!limit)
 599                limit = dptr + datalen;
 600
 601        start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name));
 602        if (!start)
 603                return 0;
 604        start += strlen(name);
 605
 606        end = ct_sip_header_search(start, limit, ";", strlen(";"));
 607        if (!end)
 608                end = limit;
 609
 610        *matchoff = start - dptr;
 611        *matchlen = end - start;
 612        return 1;
 613}
 614
 615/* Parse address from header parameter and return address, offset and length */
 616int ct_sip_parse_address_param(const struct nf_conn *ct, const char *dptr,
 617                               unsigned int dataoff, unsigned int datalen,
 618                               const char *name,
 619                               unsigned int *matchoff, unsigned int *matchlen,
 620                               union nf_inet_addr *addr, bool delim)
 621{
 622        const char *limit = dptr + datalen;
 623        const char *start, *end;
 624
 625        limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(","));
 626        if (!limit)
 627                limit = dptr + datalen;
 628
 629        start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name));
 630        if (!start)
 631                return 0;
 632
 633        start += strlen(name);
 634        if (!sip_parse_addr(ct, start, &end, addr, limit, delim))
 635                return 0;
 636        *matchoff = start - dptr;
 637        *matchlen = end - start;
 638        return 1;
 639}
 640EXPORT_SYMBOL_GPL(ct_sip_parse_address_param);
 641
 642/* Parse numerical header parameter and return value, offset and length */
 643int ct_sip_parse_numerical_param(const struct nf_conn *ct, const char *dptr,
 644                                 unsigned int dataoff, unsigned int datalen,
 645                                 const char *name,
 646                                 unsigned int *matchoff, unsigned int *matchlen,
 647                                 unsigned int *val)
 648{
 649        const char *limit = dptr + datalen;
 650        const char *start;
 651        char *end;
 652
 653        limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(","));
 654        if (!limit)
 655                limit = dptr + datalen;
 656
 657        start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name));
 658        if (!start)
 659                return 0;
 660
 661        start += strlen(name);
 662        *val = simple_strtoul(start, &end, 0);
 663        if (start == end)
 664                return 0;
 665        if (matchoff && matchlen) {
 666                *matchoff = start - dptr;
 667                *matchlen = end - start;
 668        }
 669        return 1;
 670}
 671EXPORT_SYMBOL_GPL(ct_sip_parse_numerical_param);
 672
 673static int ct_sip_parse_transport(struct nf_conn *ct, const char *dptr,
 674                                  unsigned int dataoff, unsigned int datalen,
 675                                  u8 *proto)
 676{
 677        unsigned int matchoff, matchlen;
 678
 679        if (ct_sip_parse_param(ct, dptr, dataoff, datalen, "transport=",
 680                               &matchoff, &matchlen)) {
 681                if (!strnicmp(dptr + matchoff, "TCP", strlen("TCP")))
 682                        *proto = IPPROTO_TCP;
 683                else if (!strnicmp(dptr + matchoff, "UDP", strlen("UDP")))
 684                        *proto = IPPROTO_UDP;
 685                else
 686                        return 0;
 687
 688                if (*proto != nf_ct_protonum(ct))
 689                        return 0;
 690        } else
 691                *proto = nf_ct_protonum(ct);
 692
 693        return 1;
 694}
 695
 696static int sdp_parse_addr(const struct nf_conn *ct, const char *cp,
 697                          const char **endp, union nf_inet_addr *addr,
 698                          const char *limit)
 699{
 700        const char *end;
 701        int ret;
 702
 703        memset(addr, 0, sizeof(*addr));
 704        switch (nf_ct_l3num(ct)) {
 705        case AF_INET:
 706                ret = in4_pton(cp, limit - cp, (u8 *)&addr->ip, -1, &end);
 707                break;
 708        case AF_INET6:
 709                ret = in6_pton(cp, limit - cp, (u8 *)&addr->ip6, -1, &end);
 710                break;
 711        default:
 712                BUG();
 713        }
 714
 715        if (ret == 0)
 716                return 0;
 717        if (endp)
 718                *endp = end;
 719        return 1;
 720}
 721
 722/* skip ip address. returns its length. */
 723static int sdp_addr_len(const struct nf_conn *ct, const char *dptr,
 724                        const char *limit, int *shift)
 725{
 726        union nf_inet_addr addr;
 727        const char *aux = dptr;
 728
 729        if (!sdp_parse_addr(ct, dptr, &dptr, &addr, limit)) {
 730                pr_debug("ip: %s parse failed.!\n", dptr);
 731                return 0;
 732        }
 733
 734        return dptr - aux;
 735}
 736
 737/* SDP header parsing: a SDP session description contains an ordered set of
 738 * headers, starting with a section containing general session parameters,
 739 * optionally followed by multiple media descriptions.
 740 *
 741 * SDP headers always start at the beginning of a line. According to RFC 2327:
 742 * "The sequence CRLF (0x0d0a) is used to end a record, although parsers should
 743 * be tolerant and also accept records terminated with a single newline
 744 * character". We handle both cases.
 745 */
 746static const struct sip_header ct_sdp_hdrs_v4[] = {
 747        [SDP_HDR_VERSION]       = SDP_HDR("v=", NULL, digits_len),
 748        [SDP_HDR_OWNER]         = SDP_HDR("o=", "IN IP4 ", sdp_addr_len),
 749        [SDP_HDR_CONNECTION]    = SDP_HDR("c=", "IN IP4 ", sdp_addr_len),
 750        [SDP_HDR_MEDIA]         = SDP_HDR("m=", NULL, media_len),
 751};
 752
 753static const struct sip_header ct_sdp_hdrs_v6[] = {
 754        [SDP_HDR_VERSION]       = SDP_HDR("v=", NULL, digits_len),
 755        [SDP_HDR_OWNER]         = SDP_HDR("o=", "IN IP6 ", sdp_addr_len),
 756        [SDP_HDR_CONNECTION]    = SDP_HDR("c=", "IN IP6 ", sdp_addr_len),
 757        [SDP_HDR_MEDIA]         = SDP_HDR("m=", NULL, media_len),
 758};
 759
 760/* Linear string search within SDP header values */
 761static const char *ct_sdp_header_search(const char *dptr, const char *limit,
 762                                        const char *needle, unsigned int len)
 763{
 764        for (limit -= len; dptr < limit; dptr++) {
 765                if (*dptr == '\r' || *dptr == '\n')
 766                        break;
 767                if (strncmp(dptr, needle, len) == 0)
 768                        return dptr;
 769        }
 770        return NULL;
 771}
 772
 773/* Locate a SDP header (optionally a substring within the header value),
 774 * optionally stopping at the first occurrence of the term header, parse
 775 * it and return the offset and length of the data we're interested in.
 776 */
 777int ct_sip_get_sdp_header(const struct nf_conn *ct, const char *dptr,
 778                          unsigned int dataoff, unsigned int datalen,
 779                          enum sdp_header_types type,
 780                          enum sdp_header_types term,
 781                          unsigned int *matchoff, unsigned int *matchlen)
 782{
 783        const struct sip_header *hdrs, *hdr, *thdr;
 784        const char *start = dptr, *limit = dptr + datalen;
 785        int shift = 0;
 786
 787        hdrs = nf_ct_l3num(ct) == NFPROTO_IPV4 ? ct_sdp_hdrs_v4 : ct_sdp_hdrs_v6;
 788        hdr = &hdrs[type];
 789        thdr = &hdrs[term];
 790
 791        for (dptr += dataoff; dptr < limit; dptr++) {
 792                /* Find beginning of line */
 793                if (*dptr != '\r' && *dptr != '\n')
 794                        continue;
 795                if (++dptr >= limit)
 796                        break;
 797                if (*(dptr - 1) == '\r' && *dptr == '\n') {
 798                        if (++dptr >= limit)
 799                                break;
 800                }
 801
 802                if (term != SDP_HDR_UNSPEC &&
 803                    limit - dptr >= thdr->len &&
 804                    strnicmp(dptr, thdr->name, thdr->len) == 0)
 805                        break;
 806                else if (limit - dptr >= hdr->len &&
 807                         strnicmp(dptr, hdr->name, hdr->len) == 0)
 808                        dptr += hdr->len;
 809                else
 810                        continue;
 811
 812                *matchoff = dptr - start;
 813                if (hdr->search) {
 814                        dptr = ct_sdp_header_search(dptr, limit, hdr->search,
 815                                                    hdr->slen);
 816                        if (!dptr)
 817                                return -1;
 818                        dptr += hdr->slen;
 819                }
 820
 821                *matchlen = hdr->match_len(ct, dptr, limit, &shift);
 822                if (!*matchlen)
 823                        return -1;
 824                *matchoff = dptr - start + shift;
 825                return 1;
 826        }
 827        return 0;
 828}
 829EXPORT_SYMBOL_GPL(ct_sip_get_sdp_header);
 830
 831static int ct_sip_parse_sdp_addr(const struct nf_conn *ct, const char *dptr,
 832                                 unsigned int dataoff, unsigned int datalen,
 833                                 enum sdp_header_types type,
 834                                 enum sdp_header_types term,
 835                                 unsigned int *matchoff, unsigned int *matchlen,
 836                                 union nf_inet_addr *addr)
 837{
 838        int ret;
 839
 840        ret = ct_sip_get_sdp_header(ct, dptr, dataoff, datalen, type, term,
 841                                    matchoff, matchlen);
 842        if (ret <= 0)
 843                return ret;
 844
 845        if (!sdp_parse_addr(ct, dptr + *matchoff, NULL, addr,
 846                            dptr + *matchoff + *matchlen))
 847                return -1;
 848        return 1;
 849}
 850
 851static int refresh_signalling_expectation(struct nf_conn *ct,
 852                                          union nf_inet_addr *addr,
 853                                          u8 proto, __be16 port,
 854                                          unsigned int expires)
 855{
 856        struct nf_conn_help *help = nfct_help(ct);
 857        struct nf_conntrack_expect *exp;
 858        struct hlist_node *n, *next;
 859        int found = 0;
 860
 861        spin_lock_bh(&nf_conntrack_lock);
 862        hlist_for_each_entry_safe(exp, n, next, &help->expectations, lnode) {
 863                if (exp->class != SIP_EXPECT_SIGNALLING ||
 864                    !nf_inet_addr_cmp(&exp->tuple.dst.u3, addr) ||
 865                    exp->tuple.dst.protonum != proto ||
 866                    exp->tuple.dst.u.udp.port != port)
 867                        continue;
 868                if (!del_timer(&exp->timeout))
 869                        continue;
 870                exp->flags &= ~NF_CT_EXPECT_INACTIVE;
 871                exp->timeout.expires = jiffies + expires * HZ;
 872                add_timer(&exp->timeout);
 873                found = 1;
 874                break;
 875        }
 876        spin_unlock_bh(&nf_conntrack_lock);
 877        return found;
 878}
 879
 880static void flush_expectations(struct nf_conn *ct, bool media)
 881{
 882        struct nf_conn_help *help = nfct_help(ct);
 883        struct nf_conntrack_expect *exp;
 884        struct hlist_node *n, *next;
 885
 886        spin_lock_bh(&nf_conntrack_lock);
 887        hlist_for_each_entry_safe(exp, n, next, &help->expectations, lnode) {
 888                if ((exp->class != SIP_EXPECT_SIGNALLING) ^ media)
 889                        continue;
 890                if (!del_timer(&exp->timeout))
 891                        continue;
 892                nf_ct_unlink_expect(exp);
 893                nf_ct_expect_put(exp);
 894                if (!media)
 895                        break;
 896        }
 897        spin_unlock_bh(&nf_conntrack_lock);
 898}
 899
 900static int set_expected_rtp_rtcp(struct sk_buff *skb, unsigned int protoff,
 901                                 unsigned int dataoff,
 902                                 const char **dptr, unsigned int *datalen,
 903                                 union nf_inet_addr *daddr, __be16 port,
 904                                 enum sip_expectation_classes class,
 905                                 unsigned int mediaoff, unsigned int medialen)
 906{
 907        struct nf_conntrack_expect *exp, *rtp_exp, *rtcp_exp;
 908        enum ip_conntrack_info ctinfo;
 909        struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
 910        struct net *net = nf_ct_net(ct);
 911        enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
 912        union nf_inet_addr *saddr;
 913        struct nf_conntrack_tuple tuple;
 914        int direct_rtp = 0, skip_expect = 0, ret = NF_DROP;
 915        u_int16_t base_port;
 916        __be16 rtp_port, rtcp_port;
 917        typeof(nf_nat_sdp_port_hook) nf_nat_sdp_port;
 918        typeof(nf_nat_sdp_media_hook) nf_nat_sdp_media;
 919
 920        saddr = NULL;
 921        if (sip_direct_media) {
 922                if (!nf_inet_addr_cmp(daddr, &ct->tuplehash[dir].tuple.src.u3))
 923                        return NF_ACCEPT;
 924                saddr = &ct->tuplehash[!dir].tuple.src.u3;
 925        }
 926
 927        /* We need to check whether the registration exists before attempting
 928         * to register it since we can see the same media description multiple
 929         * times on different connections in case multiple endpoints receive
 930         * the same call.
 931         *
 932         * RTP optimization: if we find a matching media channel expectation
 933         * and both the expectation and this connection are SNATed, we assume
 934         * both sides can reach each other directly and use the final
 935         * destination address from the expectation. We still need to keep
 936         * the NATed expectations for media that might arrive from the
 937         * outside, and additionally need to expect the direct RTP stream
 938         * in case it passes through us even without NAT.
 939         */
 940        memset(&tuple, 0, sizeof(tuple));
 941        if (saddr)
 942                tuple.src.u3 = *saddr;
 943        tuple.src.l3num         = nf_ct_l3num(ct);
 944        tuple.dst.protonum      = IPPROTO_UDP;
 945        tuple.dst.u3            = *daddr;
 946        tuple.dst.u.udp.port    = port;
 947
 948        rcu_read_lock();
 949        do {
 950                exp = __nf_ct_expect_find(net, nf_ct_zone(ct), &tuple);
 951
 952                if (!exp || exp->master == ct ||
 953                    nfct_help(exp->master)->helper != nfct_help(ct)->helper ||
 954                    exp->class != class)
 955                        break;
 956#ifdef CONFIG_NF_NAT_NEEDED
 957                if (!direct_rtp &&
 958                    (!nf_inet_addr_cmp(&exp->saved_addr, &exp->tuple.dst.u3) ||
 959                     exp->saved_proto.udp.port != exp->tuple.dst.u.udp.port) &&
 960                    ct->status & IPS_NAT_MASK) {
 961                        *daddr                  = exp->saved_addr;
 962                        tuple.dst.u3            = exp->saved_addr;
 963                        tuple.dst.u.udp.port    = exp->saved_proto.udp.port;
 964                        direct_rtp = 1;
 965                } else
 966#endif
 967                        skip_expect = 1;
 968        } while (!skip_expect);
 969        rcu_read_unlock();
 970
 971        base_port = ntohs(tuple.dst.u.udp.port) & ~1;
 972        rtp_port = htons(base_port);
 973        rtcp_port = htons(base_port + 1);
 974
 975        if (direct_rtp) {
 976                nf_nat_sdp_port = rcu_dereference(nf_nat_sdp_port_hook);
 977                if (nf_nat_sdp_port &&
 978                    !nf_nat_sdp_port(skb, protoff, dataoff, dptr, datalen,
 979                                     mediaoff, medialen, ntohs(rtp_port)))
 980                        goto err1;
 981        }
 982
 983        if (skip_expect)
 984                return NF_ACCEPT;
 985
 986        rtp_exp = nf_ct_expect_alloc(ct);
 987        if (rtp_exp == NULL)
 988                goto err1;
 989        nf_ct_expect_init(rtp_exp, class, nf_ct_l3num(ct), saddr, daddr,
 990                          IPPROTO_UDP, NULL, &rtp_port);
 991
 992        rtcp_exp = nf_ct_expect_alloc(ct);
 993        if (rtcp_exp == NULL)
 994                goto err2;
 995        nf_ct_expect_init(rtcp_exp, class, nf_ct_l3num(ct), saddr, daddr,
 996                          IPPROTO_UDP, NULL, &rtcp_port);
 997
 998        nf_nat_sdp_media = rcu_dereference(nf_nat_sdp_media_hook);
 999        if (nf_nat_sdp_media && ct->status & IPS_NAT_MASK && !direct_rtp)
1000                ret = nf_nat_sdp_media(skb, protoff, dataoff, dptr, datalen,
1001                                       rtp_exp, rtcp_exp,
1002                                       mediaoff, medialen, daddr);
1003        else {
1004                if (nf_ct_expect_related(rtp_exp) == 0) {
1005                        if (nf_ct_expect_related(rtcp_exp) != 0)
1006                                nf_ct_unexpect_related(rtp_exp);
1007                        else
1008                                ret = NF_ACCEPT;
1009                }
1010        }
1011        nf_ct_expect_put(rtcp_exp);
1012err2:
1013        nf_ct_expect_put(rtp_exp);
1014err1:
1015        return ret;
1016}
1017
1018static const struct sdp_media_type sdp_media_types[] = {
1019        SDP_MEDIA_TYPE("audio ", SIP_EXPECT_AUDIO),
1020        SDP_MEDIA_TYPE("video ", SIP_EXPECT_VIDEO),
1021        SDP_MEDIA_TYPE("image ", SIP_EXPECT_IMAGE),
1022};
1023
1024static const struct sdp_media_type *sdp_media_type(const char *dptr,
1025                                                   unsigned int matchoff,
1026                                                   unsigned int matchlen)
1027{
1028        const struct sdp_media_type *t;
1029        unsigned int i;
1030
1031        for (i = 0; i < ARRAY_SIZE(sdp_media_types); i++) {
1032                t = &sdp_media_types[i];
1033                if (matchlen < t->len ||
1034                    strncmp(dptr + matchoff, t->name, t->len))
1035                        continue;
1036                return t;
1037        }
1038        return NULL;
1039}
1040
1041static int process_sdp(struct sk_buff *skb, unsigned int protoff,
1042                       unsigned int dataoff,
1043                       const char **dptr, unsigned int *datalen,
1044                       unsigned int cseq)
1045{
1046        enum ip_conntrack_info ctinfo;
1047        struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1048        unsigned int matchoff, matchlen;
1049        unsigned int mediaoff, medialen;
1050        unsigned int sdpoff;
1051        unsigned int caddr_len, maddr_len;
1052        unsigned int i;
1053        union nf_inet_addr caddr, maddr, rtp_addr;
1054        unsigned int port;
1055        const struct sdp_media_type *t;
1056        int ret = NF_ACCEPT;
1057        typeof(nf_nat_sdp_addr_hook) nf_nat_sdp_addr;
1058        typeof(nf_nat_sdp_session_hook) nf_nat_sdp_session;
1059
1060        nf_nat_sdp_addr = rcu_dereference(nf_nat_sdp_addr_hook);
1061
1062        /* Find beginning of session description */
1063        if (ct_sip_get_sdp_header(ct, *dptr, 0, *datalen,
1064                                  SDP_HDR_VERSION, SDP_HDR_UNSPEC,
1065                                  &matchoff, &matchlen) <= 0)
1066                return NF_ACCEPT;
1067        sdpoff = matchoff;
1068
1069        /* The connection information is contained in the session description
1070         * and/or once per media description. The first media description marks
1071         * the end of the session description. */
1072        caddr_len = 0;
1073        if (ct_sip_parse_sdp_addr(ct, *dptr, sdpoff, *datalen,
1074                                  SDP_HDR_CONNECTION, SDP_HDR_MEDIA,
1075                                  &matchoff, &matchlen, &caddr) > 0)
1076                caddr_len = matchlen;
1077
1078        mediaoff = sdpoff;
1079        for (i = 0; i < ARRAY_SIZE(sdp_media_types); ) {
1080                if (ct_sip_get_sdp_header(ct, *dptr, mediaoff, *datalen,
1081                                          SDP_HDR_MEDIA, SDP_HDR_UNSPEC,
1082                                          &mediaoff, &medialen) <= 0)
1083                        break;
1084
1085                /* Get media type and port number. A media port value of zero
1086                 * indicates an inactive stream. */
1087                t = sdp_media_type(*dptr, mediaoff, medialen);
1088                if (!t) {
1089                        mediaoff += medialen;
1090                        continue;
1091                }
1092                mediaoff += t->len;
1093                medialen -= t->len;
1094
1095                port = simple_strtoul(*dptr + mediaoff, NULL, 10);
1096                if (port == 0)
1097                        continue;
1098                if (port < 1024 || port > 65535)
1099                        return NF_DROP;
1100
1101                /* The media description overrides the session description. */
1102                maddr_len = 0;
1103                if (ct_sip_parse_sdp_addr(ct, *dptr, mediaoff, *datalen,
1104                                          SDP_HDR_CONNECTION, SDP_HDR_MEDIA,
1105                                          &matchoff, &matchlen, &maddr) > 0) {
1106                        maddr_len = matchlen;
1107                        memcpy(&rtp_addr, &maddr, sizeof(rtp_addr));
1108                } else if (caddr_len)
1109                        memcpy(&rtp_addr, &caddr, sizeof(rtp_addr));
1110                else
1111                        return NF_DROP;
1112
1113                ret = set_expected_rtp_rtcp(skb, protoff, dataoff,
1114                                            dptr, datalen,
1115                                            &rtp_addr, htons(port), t->class,
1116                                            mediaoff, medialen);
1117                if (ret != NF_ACCEPT)
1118                        return ret;
1119
1120                /* Update media connection address if present */
1121                if (maddr_len && nf_nat_sdp_addr && ct->status & IPS_NAT_MASK) {
1122                        ret = nf_nat_sdp_addr(skb, protoff, dataoff,
1123                                              dptr, datalen, mediaoff,
1124                                              SDP_HDR_CONNECTION, SDP_HDR_MEDIA,
1125                                              &rtp_addr);
1126                        if (ret != NF_ACCEPT)
1127                                return ret;
1128                }
1129                i++;
1130        }
1131
1132        /* Update session connection and owner addresses */
1133        nf_nat_sdp_session = rcu_dereference(nf_nat_sdp_session_hook);
1134        if (nf_nat_sdp_session && ct->status & IPS_NAT_MASK)
1135                ret = nf_nat_sdp_session(skb, protoff, dataoff,
1136                                         dptr, datalen, sdpoff, &rtp_addr);
1137
1138        return ret;
1139}
1140static int process_invite_response(struct sk_buff *skb, unsigned int protoff,
1141                                   unsigned int dataoff,
1142                                   const char **dptr, unsigned int *datalen,
1143                                   unsigned int cseq, unsigned int code)
1144{
1145        enum ip_conntrack_info ctinfo;
1146        struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1147        struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1148
1149        if ((code >= 100 && code <= 199) ||
1150            (code >= 200 && code <= 299))
1151                return process_sdp(skb, protoff, dataoff, dptr, datalen, cseq);
1152        else if (ct_sip_info->invite_cseq == cseq)
1153                flush_expectations(ct, true);
1154        return NF_ACCEPT;
1155}
1156
1157static int process_update_response(struct sk_buff *skb, unsigned int protoff,
1158                                   unsigned int dataoff,
1159                                   const char **dptr, unsigned int *datalen,
1160                                   unsigned int cseq, unsigned int code)
1161{
1162        enum ip_conntrack_info ctinfo;
1163        struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1164        struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1165
1166        if ((code >= 100 && code <= 199) ||
1167            (code >= 200 && code <= 299))
1168                return process_sdp(skb, protoff, dataoff, dptr, datalen, cseq);
1169        else if (ct_sip_info->invite_cseq == cseq)
1170                flush_expectations(ct, true);
1171        return NF_ACCEPT;
1172}
1173
1174static int process_prack_response(struct sk_buff *skb, unsigned int protoff,
1175                                  unsigned int dataoff,
1176                                  const char **dptr, unsigned int *datalen,
1177                                  unsigned int cseq, unsigned int code)
1178{
1179        enum ip_conntrack_info ctinfo;
1180        struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1181        struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1182
1183        if ((code >= 100 && code <= 199) ||
1184            (code >= 200 && code <= 299))
1185                return process_sdp(skb, protoff, dataoff, dptr, datalen, cseq);
1186        else if (ct_sip_info->invite_cseq == cseq)
1187                flush_expectations(ct, true);
1188        return NF_ACCEPT;
1189}
1190
1191static int process_invite_request(struct sk_buff *skb, unsigned int protoff,
1192                                  unsigned int dataoff,
1193                                  const char **dptr, unsigned int *datalen,
1194                                  unsigned int cseq)
1195{
1196        enum ip_conntrack_info ctinfo;
1197        struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1198        struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1199        unsigned int ret;
1200
1201        flush_expectations(ct, true);
1202        ret = process_sdp(skb, protoff, dataoff, dptr, datalen, cseq);
1203        if (ret == NF_ACCEPT)
1204                ct_sip_info->invite_cseq = cseq;
1205        return ret;
1206}
1207
1208static int process_bye_request(struct sk_buff *skb, unsigned int protoff,
1209                               unsigned int dataoff,
1210                               const char **dptr, unsigned int *datalen,
1211                               unsigned int cseq)
1212{
1213        enum ip_conntrack_info ctinfo;
1214        struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1215
1216        flush_expectations(ct, true);
1217        return NF_ACCEPT;
1218}
1219
1220/* Parse a REGISTER request and create a permanent expectation for incoming
1221 * signalling connections. The expectation is marked inactive and is activated
1222 * when receiving a response indicating success from the registrar.
1223 */
1224static int process_register_request(struct sk_buff *skb, unsigned int protoff,
1225                                    unsigned int dataoff,
1226                                    const char **dptr, unsigned int *datalen,
1227                                    unsigned int cseq)
1228{
1229        enum ip_conntrack_info ctinfo;
1230        struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1231        struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1232        enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
1233        unsigned int matchoff, matchlen;
1234        struct nf_conntrack_expect *exp;
1235        union nf_inet_addr *saddr, daddr;
1236        __be16 port;
1237        u8 proto;
1238        unsigned int expires = 0;
1239        int ret;
1240        typeof(nf_nat_sip_expect_hook) nf_nat_sip_expect;
1241
1242        /* Expected connections can not register again. */
1243        if (ct->status & IPS_EXPECTED)
1244                return NF_ACCEPT;
1245
1246        /* We must check the expiration time: a value of zero signals the
1247         * registrar to release the binding. We'll remove our expectation
1248         * when receiving the new bindings in the response, but we don't
1249         * want to create new ones.
1250         *
1251         * The expiration time may be contained in Expires: header, the
1252         * Contact: header parameters or the URI parameters.
1253         */
1254        if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_EXPIRES,
1255                              &matchoff, &matchlen) > 0)
1256                expires = simple_strtoul(*dptr + matchoff, NULL, 10);
1257
1258        ret = ct_sip_parse_header_uri(ct, *dptr, NULL, *datalen,
1259                                      SIP_HDR_CONTACT, NULL,
1260                                      &matchoff, &matchlen, &daddr, &port);
1261        if (ret < 0)
1262                return NF_DROP;
1263        else if (ret == 0)
1264                return NF_ACCEPT;
1265
1266        /* We don't support third-party registrations */
1267        if (!nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.src.u3, &daddr))
1268                return NF_ACCEPT;
1269
1270        if (ct_sip_parse_transport(ct, *dptr, matchoff + matchlen, *datalen,
1271                                   &proto) == 0)
1272                return NF_ACCEPT;
1273
1274        if (ct_sip_parse_numerical_param(ct, *dptr,
1275                                         matchoff + matchlen, *datalen,
1276                                         "expires=", NULL, NULL, &expires) < 0)
1277                return NF_DROP;
1278
1279        if (expires == 0) {
1280                ret = NF_ACCEPT;
1281                goto store_cseq;
1282        }
1283
1284        exp = nf_ct_expect_alloc(ct);
1285        if (!exp)
1286                return NF_DROP;
1287
1288        saddr = NULL;
1289        if (sip_direct_signalling)
1290                saddr = &ct->tuplehash[!dir].tuple.src.u3;
1291
1292        nf_ct_expect_init(exp, SIP_EXPECT_SIGNALLING, nf_ct_l3num(ct),
1293                          saddr, &daddr, proto, NULL, &port);
1294        exp->timeout.expires = sip_timeout * HZ;
1295        exp->helper = nfct_help(ct)->helper;
1296        exp->flags = NF_CT_EXPECT_PERMANENT | NF_CT_EXPECT_INACTIVE;
1297
1298        nf_nat_sip_expect = rcu_dereference(nf_nat_sip_expect_hook);
1299        if (nf_nat_sip_expect && ct->status & IPS_NAT_MASK)
1300                ret = nf_nat_sip_expect(skb, protoff, dataoff, dptr, datalen,
1301                                        exp, matchoff, matchlen);
1302        else {
1303                if (nf_ct_expect_related(exp) != 0)
1304                        ret = NF_DROP;
1305                else
1306                        ret = NF_ACCEPT;
1307        }
1308        nf_ct_expect_put(exp);
1309
1310store_cseq:
1311        if (ret == NF_ACCEPT)
1312                ct_sip_info->register_cseq = cseq;
1313        return ret;
1314}
1315
1316static int process_register_response(struct sk_buff *skb, unsigned int protoff,
1317                                     unsigned int dataoff,
1318                                     const char **dptr, unsigned int *datalen,
1319                                     unsigned int cseq, unsigned int code)
1320{
1321        enum ip_conntrack_info ctinfo;
1322        struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1323        struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1324        enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
1325        union nf_inet_addr addr;
1326        __be16 port;
1327        u8 proto;
1328        unsigned int matchoff, matchlen, coff = 0;
1329        unsigned int expires = 0;
1330        int in_contact = 0, ret;
1331
1332        /* According to RFC 3261, "UAs MUST NOT send a new registration until
1333         * they have received a final response from the registrar for the
1334         * previous one or the previous REGISTER request has timed out".
1335         *
1336         * However, some servers fail to detect retransmissions and send late
1337         * responses, so we store the sequence number of the last valid
1338         * request and compare it here.
1339         */
1340        if (ct_sip_info->register_cseq != cseq)
1341                return NF_ACCEPT;
1342
1343        if (code >= 100 && code <= 199)
1344                return NF_ACCEPT;
1345        if (code < 200 || code > 299)
1346                goto flush;
1347
1348        if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_EXPIRES,
1349                              &matchoff, &matchlen) > 0)
1350                expires = simple_strtoul(*dptr + matchoff, NULL, 10);
1351
1352        while (1) {
1353                unsigned int c_expires = expires;
1354
1355                ret = ct_sip_parse_header_uri(ct, *dptr, &coff, *datalen,
1356                                              SIP_HDR_CONTACT, &in_contact,
1357                                              &matchoff, &matchlen,
1358                                              &addr, &port);
1359                if (ret < 0)
1360                        return NF_DROP;
1361                else if (ret == 0)
1362                        break;
1363
1364                /* We don't support third-party registrations */
1365                if (!nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.dst.u3, &addr))
1366                        continue;
1367
1368                if (ct_sip_parse_transport(ct, *dptr, matchoff + matchlen,
1369                                           *datalen, &proto) == 0)
1370                        continue;
1371
1372                ret = ct_sip_parse_numerical_param(ct, *dptr,
1373                                                   matchoff + matchlen,
1374                                                   *datalen, "expires=",
1375                                                   NULL, NULL, &c_expires);
1376                if (ret < 0)
1377                        return NF_DROP;
1378                if (c_expires == 0)
1379                        break;
1380                if (refresh_signalling_expectation(ct, &addr, proto, port,
1381                                                   c_expires))
1382                        return NF_ACCEPT;
1383        }
1384
1385flush:
1386        flush_expectations(ct, false);
1387        return NF_ACCEPT;
1388}
1389
1390static const struct sip_handler sip_handlers[] = {
1391        SIP_HANDLER("INVITE", process_invite_request, process_invite_response),
1392        SIP_HANDLER("UPDATE", process_sdp, process_update_response),
1393        SIP_HANDLER("ACK", process_sdp, NULL),
1394        SIP_HANDLER("PRACK", process_sdp, process_prack_response),
1395        SIP_HANDLER("BYE", process_bye_request, NULL),
1396        SIP_HANDLER("REGISTER", process_register_request, process_register_response),
1397};
1398
1399static int process_sip_response(struct sk_buff *skb, unsigned int protoff,
1400                                unsigned int dataoff,
1401                                const char **dptr, unsigned int *datalen)
1402{
1403        enum ip_conntrack_info ctinfo;
1404        struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1405        unsigned int matchoff, matchlen, matchend;
1406        unsigned int code, cseq, i;
1407
1408        if (*datalen < strlen("SIP/2.0 200"))
1409                return NF_ACCEPT;
1410        code = simple_strtoul(*dptr + strlen("SIP/2.0 "), NULL, 10);
1411        if (!code)
1412                return NF_DROP;
1413
1414        if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_CSEQ,
1415                              &matchoff, &matchlen) <= 0)
1416                return NF_DROP;
1417        cseq = simple_strtoul(*dptr + matchoff, NULL, 10);
1418        if (!cseq)
1419                return NF_DROP;
1420        matchend = matchoff + matchlen + 1;
1421
1422        for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) {
1423                const struct sip_handler *handler;
1424
1425                handler = &sip_handlers[i];
1426                if (handler->response == NULL)
1427                        continue;
1428                if (*datalen < matchend + handler->len ||
1429                    strnicmp(*dptr + matchend, handler->method, handler->len))
1430                        continue;
1431                return handler->response(skb, protoff, dataoff, dptr, datalen,
1432                                         cseq, code);
1433        }
1434        return NF_ACCEPT;
1435}
1436
1437static int process_sip_request(struct sk_buff *skb, unsigned int protoff,
1438                               unsigned int dataoff,
1439                               const char **dptr, unsigned int *datalen)
1440{
1441        enum ip_conntrack_info ctinfo;
1442        struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1443        unsigned int matchoff, matchlen;
1444        unsigned int cseq, i;
1445
1446        for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) {
1447                const struct sip_handler *handler;
1448
1449                handler = &sip_handlers[i];
1450                if (handler->request == NULL)
1451                        continue;
1452                if (*datalen < handler->len ||
1453                    strnicmp(*dptr, handler->method, handler->len))
1454                        continue;
1455
1456                if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_CSEQ,
1457                                      &matchoff, &matchlen) <= 0)
1458                        return NF_DROP;
1459                cseq = simple_strtoul(*dptr + matchoff, NULL, 10);
1460                if (!cseq)
1461                        return NF_DROP;
1462
1463                return handler->request(skb, protoff, dataoff, dptr, datalen,
1464                                        cseq);
1465        }
1466        return NF_ACCEPT;
1467}
1468
1469static int process_sip_msg(struct sk_buff *skb, struct nf_conn *ct,
1470                           unsigned int protoff, unsigned int dataoff,
1471                           const char **dptr, unsigned int *datalen)
1472{
1473        typeof(nf_nat_sip_hook) nf_nat_sip;
1474        int ret;
1475
1476        if (strnicmp(*dptr, "SIP/2.0 ", strlen("SIP/2.0 ")) != 0)
1477                ret = process_sip_request(skb, protoff, dataoff, dptr, datalen);
1478        else
1479                ret = process_sip_response(skb, protoff, dataoff, dptr, datalen);
1480
1481        if (ret == NF_ACCEPT && ct->status & IPS_NAT_MASK) {
1482                nf_nat_sip = rcu_dereference(nf_nat_sip_hook);
1483                if (nf_nat_sip && !nf_nat_sip(skb, protoff, dataoff,
1484                                              dptr, datalen))
1485                        ret = NF_DROP;
1486        }
1487
1488        return ret;
1489}
1490
1491static int sip_help_tcp(struct sk_buff *skb, unsigned int protoff,
1492                        struct nf_conn *ct, enum ip_conntrack_info ctinfo)
1493{
1494        struct tcphdr *th, _tcph;
1495        unsigned int dataoff, datalen;
1496        unsigned int matchoff, matchlen, clen;
1497        unsigned int msglen, origlen;
1498        const char *dptr, *end;
1499        s16 diff, tdiff = 0;
1500        int ret = NF_ACCEPT;
1501        bool term;
1502        typeof(nf_nat_sip_seq_adjust_hook) nf_nat_sip_seq_adjust;
1503
1504        if (ctinfo != IP_CT_ESTABLISHED &&
1505            ctinfo != IP_CT_ESTABLISHED_REPLY)
1506                return NF_ACCEPT;
1507
1508        /* No Data ? */
1509        th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph);
1510        if (th == NULL)
1511                return NF_ACCEPT;
1512        dataoff = protoff + th->doff * 4;
1513        if (dataoff >= skb->len)
1514                return NF_ACCEPT;
1515
1516        nf_ct_refresh(ct, skb, sip_timeout * HZ);
1517
1518        if (unlikely(skb_linearize(skb)))
1519                return NF_DROP;
1520
1521        dptr = skb->data + dataoff;
1522        datalen = skb->len - dataoff;
1523        if (datalen < strlen("SIP/2.0 200"))
1524                return NF_ACCEPT;
1525
1526        while (1) {
1527                if (ct_sip_get_header(ct, dptr, 0, datalen,
1528                                      SIP_HDR_CONTENT_LENGTH,
1529                                      &matchoff, &matchlen) <= 0)
1530                        break;
1531
1532                clen = simple_strtoul(dptr + matchoff, (char **)&end, 10);
1533                if (dptr + matchoff == end)
1534                        break;
1535
1536                term = false;
1537                for (; end + strlen("\r\n\r\n") <= dptr + datalen; end++) {
1538                        if (end[0] == '\r' && end[1] == '\n' &&
1539                            end[2] == '\r' && end[3] == '\n') {
1540                                term = true;
1541                                break;
1542                        }
1543                }
1544                if (!term)
1545                        break;
1546                end += strlen("\r\n\r\n") + clen;
1547
1548                msglen = origlen = end - dptr;
1549                if (msglen > datalen)
1550                        return NF_DROP;
1551
1552                ret = process_sip_msg(skb, ct, protoff, dataoff,
1553                                      &dptr, &msglen);
1554                if (ret != NF_ACCEPT)
1555                        break;
1556                diff     = msglen - origlen;
1557                tdiff   += diff;
1558
1559                dataoff += msglen;
1560                dptr    += msglen;
1561                datalen  = datalen + diff - msglen;
1562        }
1563
1564        if (ret == NF_ACCEPT && ct->status & IPS_NAT_MASK) {
1565                nf_nat_sip_seq_adjust = rcu_dereference(nf_nat_sip_seq_adjust_hook);
1566                if (nf_nat_sip_seq_adjust)
1567                        nf_nat_sip_seq_adjust(skb, protoff, tdiff);
1568        }
1569
1570        return ret;
1571}
1572
1573static int sip_help_udp(struct sk_buff *skb, unsigned int protoff,
1574                        struct nf_conn *ct, enum ip_conntrack_info ctinfo)
1575{
1576        unsigned int dataoff, datalen;
1577        const char *dptr;
1578
1579        /* No Data ? */
1580        dataoff = protoff + sizeof(struct udphdr);
1581        if (dataoff >= skb->len)
1582                return NF_ACCEPT;
1583
1584        nf_ct_refresh(ct, skb, sip_timeout * HZ);
1585
1586        if (unlikely(skb_linearize(skb)))
1587                return NF_DROP;
1588
1589        dptr = skb->data + dataoff;
1590        datalen = skb->len - dataoff;
1591        if (datalen < strlen("SIP/2.0 200"))
1592                return NF_ACCEPT;
1593
1594        return process_sip_msg(skb, ct, protoff, dataoff, &dptr, &datalen);
1595}
1596
1597static struct nf_conntrack_helper sip[MAX_PORTS][4] __read_mostly;
1598
1599static const struct nf_conntrack_expect_policy sip_exp_policy[SIP_EXPECT_MAX + 1] = {
1600        [SIP_EXPECT_SIGNALLING] = {
1601                .name           = "signalling",
1602                .max_expected   = 1,
1603                .timeout        = 3 * 60,
1604        },
1605        [SIP_EXPECT_AUDIO] = {
1606                .name           = "audio",
1607                .max_expected   = 2 * IP_CT_DIR_MAX,
1608                .timeout        = 3 * 60,
1609        },
1610        [SIP_EXPECT_VIDEO] = {
1611                .name           = "video",
1612                .max_expected   = 2 * IP_CT_DIR_MAX,
1613                .timeout        = 3 * 60,
1614        },
1615        [SIP_EXPECT_IMAGE] = {
1616                .name           = "image",
1617                .max_expected   = IP_CT_DIR_MAX,
1618                .timeout        = 3 * 60,
1619        },
1620};
1621
1622static void nf_conntrack_sip_fini(void)
1623{
1624        int i, j;
1625
1626        for (i = 0; i < ports_c; i++) {
1627                for (j = 0; j < ARRAY_SIZE(sip[i]); j++) {
1628                        if (sip[i][j].me == NULL)
1629                                continue;
1630                        nf_conntrack_helper_unregister(&sip[i][j]);
1631                }
1632        }
1633}
1634
1635static int __init nf_conntrack_sip_init(void)
1636{
1637        int i, j, ret;
1638
1639        if (ports_c == 0)
1640                ports[ports_c++] = SIP_PORT;
1641
1642        for (i = 0; i < ports_c; i++) {
1643                memset(&sip[i], 0, sizeof(sip[i]));
1644
1645                sip[i][0].tuple.src.l3num = AF_INET;
1646                sip[i][0].tuple.dst.protonum = IPPROTO_UDP;
1647                sip[i][0].help = sip_help_udp;
1648                sip[i][1].tuple.src.l3num = AF_INET;
1649                sip[i][1].tuple.dst.protonum = IPPROTO_TCP;
1650                sip[i][1].help = sip_help_tcp;
1651
1652                sip[i][2].tuple.src.l3num = AF_INET6;
1653                sip[i][2].tuple.dst.protonum = IPPROTO_UDP;
1654                sip[i][2].help = sip_help_udp;
1655                sip[i][3].tuple.src.l3num = AF_INET6;
1656                sip[i][3].tuple.dst.protonum = IPPROTO_TCP;
1657                sip[i][3].help = sip_help_tcp;
1658
1659                for (j = 0; j < ARRAY_SIZE(sip[i]); j++) {
1660                        sip[i][j].data_len = sizeof(struct nf_ct_sip_master);
1661                        sip[i][j].tuple.src.u.udp.port = htons(ports[i]);
1662                        sip[i][j].expect_policy = sip_exp_policy;
1663                        sip[i][j].expect_class_max = SIP_EXPECT_MAX;
1664                        sip[i][j].me = THIS_MODULE;
1665
1666                        if (ports[i] == SIP_PORT)
1667                                sprintf(sip[i][j].name, "sip");
1668                        else
1669                                sprintf(sip[i][j].name, "sip-%u", i);
1670
1671                        pr_debug("port #%u: %u\n", i, ports[i]);
1672
1673                        ret = nf_conntrack_helper_register(&sip[i][j]);
1674                        if (ret) {
1675                                printk(KERN_ERR "nf_ct_sip: failed to register"
1676                                       " helper for pf: %u port: %u\n",
1677                                       sip[i][j].tuple.src.l3num, ports[i]);
1678                                nf_conntrack_sip_fini();
1679                                return ret;
1680                        }
1681                }
1682        }
1683        return 0;
1684}
1685
1686module_init(nf_conntrack_sip_init);
1687module_exit(nf_conntrack_sip_fini);
1688
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.