1
2
3
4
5
6
7
8
9
10
11
12
13#include <linux/module.h>
14#include <linux/ctype.h>
15#include <linux/skbuff.h>
16#include <linux/inet.h>
17#include <linux/in.h>
18#include <linux/udp.h>
19#include <linux/tcp.h>
20#include <linux/netfilter.h>
21
22#include <net/netfilter/nf_conntrack.h>
23#include <net/netfilter/nf_conntrack_core.h>
24#include <net/netfilter/nf_conntrack_expect.h>
25#include <net/netfilter/nf_conntrack_helper.h>
26#include <net/netfilter/nf_conntrack_zones.h>
27#include <linux/netfilter/nf_conntrack_sip.h>
28
29MODULE_LICENSE("GPL");
30MODULE_AUTHOR("Christian Hentschel <chentschel@arnet.com.ar>");
31MODULE_DESCRIPTION("SIP connection tracking helper");
32MODULE_ALIAS("ip_conntrack_sip");
33MODULE_ALIAS_NFCT_HELPER("sip");
34
35#define MAX_PORTS 8
36static unsigned short ports[MAX_PORTS];
37static unsigned int ports_c;
38module_param_array(ports, ushort, &ports_c, 0400);
39MODULE_PARM_DESC(ports, "port numbers of SIP servers");
40
41static unsigned int sip_timeout __read_mostly = SIP_TIMEOUT;
42module_param(sip_timeout, uint, 0600);
43MODULE_PARM_DESC(sip_timeout, "timeout for the master SIP session");
44
45static int sip_direct_signalling __read_mostly = 1;
46module_param(sip_direct_signalling, int, 0600);
47MODULE_PARM_DESC(sip_direct_signalling, "expect incoming calls from registrar "
48 "only (default 1)");
49
50static int sip_direct_media __read_mostly = 1;
51module_param(sip_direct_media, int, 0600);
52MODULE_PARM_DESC(sip_direct_media, "Expect Media streams between signalling "
53 "endpoints only (default 1)");
54
55unsigned int (*nf_nat_sip_hook)(struct sk_buff *skb, unsigned int protoff,
56 unsigned int dataoff, const char **dptr,
57 unsigned int *datalen) __read_mostly;
58EXPORT_SYMBOL_GPL(nf_nat_sip_hook);
59
60void (*nf_nat_sip_seq_adjust_hook)(struct sk_buff *skb, unsigned int protoff,
61 s16 off) __read_mostly;
62EXPORT_SYMBOL_GPL(nf_nat_sip_seq_adjust_hook);
63
64unsigned int (*nf_nat_sip_expect_hook)(struct sk_buff *skb,
65 unsigned int protoff,
66 unsigned int dataoff,
67 const char **dptr,
68 unsigned int *datalen,
69 struct nf_conntrack_expect *exp,
70 unsigned int matchoff,
71 unsigned int matchlen) __read_mostly;
72EXPORT_SYMBOL_GPL(nf_nat_sip_expect_hook);
73
74unsigned int (*nf_nat_sdp_addr_hook)(struct sk_buff *skb, unsigned int protoff,
75 unsigned int dataoff,
76 const char **dptr,
77 unsigned int *datalen,
78 unsigned int sdpoff,
79 enum sdp_header_types type,
80 enum sdp_header_types term,
81 const union nf_inet_addr *addr)
82 __read_mostly;
83EXPORT_SYMBOL_GPL(nf_nat_sdp_addr_hook);
84
85unsigned int (*nf_nat_sdp_port_hook)(struct sk_buff *skb, unsigned int protoff,
86 unsigned int dataoff,
87 const char **dptr,
88 unsigned int *datalen,
89 unsigned int matchoff,
90 unsigned int matchlen,
91 u_int16_t port) __read_mostly;
92EXPORT_SYMBOL_GPL(nf_nat_sdp_port_hook);
93
94unsigned int (*nf_nat_sdp_session_hook)(struct sk_buff *skb,
95 unsigned int protoff,
96 unsigned int dataoff,
97 const char **dptr,
98 unsigned int *datalen,
99 unsigned int sdpoff,
100 const union nf_inet_addr *addr)
101 __read_mostly;
102EXPORT_SYMBOL_GPL(nf_nat_sdp_session_hook);
103
104unsigned int (*nf_nat_sdp_media_hook)(struct sk_buff *skb, unsigned int protoff,
105 unsigned int dataoff,
106 const char **dptr,
107 unsigned int *datalen,
108 struct nf_conntrack_expect *rtp_exp,
109 struct nf_conntrack_expect *rtcp_exp,
110 unsigned int mediaoff,
111 unsigned int medialen,
112 union nf_inet_addr *rtp_addr)
113 __read_mostly;
114EXPORT_SYMBOL_GPL(nf_nat_sdp_media_hook);
115
116static int string_len(const struct nf_conn *ct, const char *dptr,
117 const char *limit, int *shift)
118{
119 int len = 0;
120
121 while (dptr < limit && isalpha(*dptr)) {
122 dptr++;
123 len++;
124 }
125 return len;
126}
127
128static int digits_len(const struct nf_conn *ct, const char *dptr,
129 const char *limit, int *shift)
130{
131 int len = 0;
132 while (dptr < limit && isdigit(*dptr)) {
133 dptr++;
134 len++;
135 }
136 return len;
137}
138
139static int iswordc(const char c)
140{
141 if (isalnum(c) || c == '!' || c == '"' || c == '%' ||
142 (c >= '(' && c <= '/') || c == ':' || c == '<' || c == '>' ||
143 c == '?' || (c >= '[' && c <= ']') || c == '_' || c == '`' ||
144 c == '{' || c == '}' || c == '~')
145 return 1;
146 return 0;
147}
148
149static int word_len(const char *dptr, const char *limit)
150{
151 int len = 0;
152 while (dptr < limit && iswordc(*dptr)) {
153 dptr++;
154 len++;
155 }
156 return len;
157}
158
159static int callid_len(const struct nf_conn *ct, const char *dptr,
160 const char *limit, int *shift)
161{
162 int len, domain_len;
163
164 len = word_len(dptr, limit);
165 dptr += len;
166 if (!len || dptr == limit || *dptr != '@')
167 return len;
168 dptr++;
169 len++;
170
171 domain_len = word_len(dptr, limit);
172 if (!domain_len)
173 return 0;
174 return len + domain_len;
175}
176
177
178static int media_len(const struct nf_conn *ct, const char *dptr,
179 const char *limit, int *shift)
180{
181 int len = string_len(ct, dptr, limit, shift);
182
183 dptr += len;
184 if (dptr >= limit || *dptr != ' ')
185 return 0;
186 len++;
187 dptr++;
188
189 return len + digits_len(ct, dptr, limit, shift);
190}
191
192static int sip_parse_addr(const struct nf_conn *ct, const char *cp,
193 const char **endp, union nf_inet_addr *addr,
194 const char *limit, bool delim)
195{
196 const char *end;
197 int ret;
198
199 if (!ct)
200 return 0;
201
202 memset(addr, 0, sizeof(*addr));
203 switch (nf_ct_l3num(ct)) {
204 case AF_INET:
205 ret = in4_pton(cp, limit - cp, (u8 *)&addr->ip, -1, &end);
206 if (ret == 0)
207 return 0;
208 break;
209 case AF_INET6:
210 if (cp < limit && *cp == '[')
211 cp++;
212 else if (delim)
213 return 0;
214
215 ret = in6_pton(cp, limit - cp, (u8 *)&addr->ip6, -1, &end);
216 if (ret == 0)
217 return 0;
218
219 if (end < limit && *end == ']')
220 end++;
221 else if (delim)
222 return 0;
223 break;
224 default:
225 BUG();
226 }
227
228 if (endp)
229 *endp = end;
230 return 1;
231}
232
233
234static int epaddr_len(const struct nf_conn *ct, const char *dptr,
235 const char *limit, int *shift)
236{
237 union nf_inet_addr addr;
238 const char *aux = dptr;
239
240 if (!sip_parse_addr(ct, dptr, &dptr, &addr, limit, true)) {
241 pr_debug("ip: %s parse failed.!\n", dptr);
242 return 0;
243 }
244
245
246 if (*dptr == ':') {
247 dptr++;
248 dptr += digits_len(ct, dptr, limit, shift);
249 }
250 return dptr - aux;
251}
252
253
254static int skp_epaddr_len(const struct nf_conn *ct, const char *dptr,
255 const char *limit, int *shift)
256{
257 const char *start = dptr;
258 int s = *shift;
259
260
261
262
263 while (dptr < limit &&
264 *dptr != '@' && *dptr != '\r' && *dptr != '\n') {
265 (*shift)++;
266 dptr++;
267 }
268
269 if (dptr < limit && *dptr == '@') {
270 dptr++;
271 (*shift)++;
272 } else {
273 dptr = start;
274 *shift = s;
275 }
276
277 return epaddr_len(ct, dptr, limit, shift);
278}
279
280
281
282
283
284
285
286int ct_sip_parse_request(const struct nf_conn *ct,
287 const char *dptr, unsigned int datalen,
288 unsigned int *matchoff, unsigned int *matchlen,
289 union nf_inet_addr *addr, __be16 *port)
290{
291 const char *start = dptr, *limit = dptr + datalen, *end;
292 unsigned int mlen;
293 unsigned int p;
294 int shift = 0;
295
296
297 mlen = string_len(ct, dptr, limit, NULL);
298 if (!mlen)
299 return 0;
300 dptr += mlen;
301 if (++dptr >= limit)
302 return 0;
303
304
305 for (; dptr < limit - strlen("sip:"); dptr++) {
306 if (*dptr == '\r' || *dptr == '\n')
307 return -1;
308 if (strnicmp(dptr, "sip:", strlen("sip:")) == 0) {
309 dptr += strlen("sip:");
310 break;
311 }
312 }
313 if (!skp_epaddr_len(ct, dptr, limit, &shift))
314 return 0;
315 dptr += shift;
316
317 if (!sip_parse_addr(ct, dptr, &end, addr, limit, true))
318 return -1;
319 if (end < limit && *end == ':') {
320 end++;
321 p = simple_strtoul(end, (char **)&end, 10);
322 if (p < 1024 || p > 65535)
323 return -1;
324 *port = htons(p);
325 } else
326 *port = htons(SIP_PORT);
327
328 if (end == dptr)
329 return 0;
330 *matchoff = dptr - start;
331 *matchlen = end - dptr;
332 return 1;
333}
334EXPORT_SYMBOL_GPL(ct_sip_parse_request);
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349static const struct sip_header ct_sip_hdrs[] = {
350 [SIP_HDR_CSEQ] = SIP_HDR("CSeq", NULL, NULL, digits_len),
351 [SIP_HDR_FROM] = SIP_HDR("From", "f", "sip:", skp_epaddr_len),
352 [SIP_HDR_TO] = SIP_HDR("To", "t", "sip:", skp_epaddr_len),
353 [SIP_HDR_CONTACT] = SIP_HDR("Contact", "m", "sip:", skp_epaddr_len),
354 [SIP_HDR_VIA_UDP] = SIP_HDR("Via", "v", "UDP ", epaddr_len),
355 [SIP_HDR_VIA_TCP] = SIP_HDR("Via", "v", "TCP ", epaddr_len),
356 [SIP_HDR_EXPIRES] = SIP_HDR("Expires", NULL, NULL, digits_len),
357 [SIP_HDR_CONTENT_LENGTH] = SIP_HDR("Content-Length", "l", NULL, digits_len),
358 [SIP_HDR_CALL_ID] = SIP_HDR("Call-Id", "i", NULL, callid_len),
359};
360
361static const char *sip_follow_continuation(const char *dptr, const char *limit)
362{
363
364 if (++dptr >= limit)
365 return NULL;
366
367
368 if (*(dptr - 1) == '\r' && *dptr == '\n') {
369 if (++dptr >= limit)
370 return NULL;
371 }
372
373
374 if (*dptr != ' ' && *dptr != '\t')
375 return NULL;
376
377
378 for (; dptr < limit; dptr++) {
379 if (*dptr != ' ' && *dptr != '\t')
380 break;
381 }
382 return dptr;
383}
384
385static const char *sip_skip_whitespace(const char *dptr, const char *limit)
386{
387 for (; dptr < limit; dptr++) {
388 if (*dptr == ' ')
389 continue;
390 if (*dptr != '\r' && *dptr != '\n')
391 break;
392 dptr = sip_follow_continuation(dptr, limit);
393 if (dptr == NULL)
394 return NULL;
395 }
396 return dptr;
397}
398
399
400static const char *ct_sip_header_search(const char *dptr, const char *limit,
401 const char *needle, unsigned int len)
402{
403 for (limit -= len; dptr < limit; dptr++) {
404 if (*dptr == '\r' || *dptr == '\n') {
405 dptr = sip_follow_continuation(dptr, limit);
406 if (dptr == NULL)
407 break;
408 continue;
409 }
410
411 if (strnicmp(dptr, needle, len) == 0)
412 return dptr;
413 }
414 return NULL;
415}
416
417int ct_sip_get_header(const struct nf_conn *ct, const char *dptr,
418 unsigned int dataoff, unsigned int datalen,
419 enum sip_header_types type,
420 unsigned int *matchoff, unsigned int *matchlen)
421{
422 const struct sip_header *hdr = &ct_sip_hdrs[type];
423 const char *start = dptr, *limit = dptr + datalen;
424 int shift = 0;
425
426 for (dptr += dataoff; dptr < limit; dptr++) {
427
428 if (*dptr != '\r' && *dptr != '\n')
429 continue;
430 if (++dptr >= limit)
431 break;
432 if (*(dptr - 1) == '\r' && *dptr == '\n') {
433 if (++dptr >= limit)
434 break;
435 }
436
437
438 if (*dptr == ' ' || *dptr == '\t')
439 continue;
440
441
442
443 if (limit - dptr >= hdr->len &&
444 strnicmp(dptr, hdr->name, hdr->len) == 0)
445 dptr += hdr->len;
446 else if (hdr->cname && limit - dptr >= hdr->clen + 1 &&
447 strnicmp(dptr, hdr->cname, hdr->clen) == 0 &&
448 !isalpha(*(dptr + hdr->clen)))
449 dptr += hdr->clen;
450 else
451 continue;
452
453
454 dptr = sip_skip_whitespace(dptr, limit);
455 if (dptr == NULL)
456 break;
457 if (*dptr != ':' || ++dptr >= limit)
458 break;
459
460
461 dptr = sip_skip_whitespace(dptr, limit);
462 if (dptr == NULL)
463 break;
464
465 *matchoff = dptr - start;
466 if (hdr->search) {
467 dptr = ct_sip_header_search(dptr, limit, hdr->search,
468 hdr->slen);
469 if (!dptr)
470 return -1;
471 dptr += hdr->slen;
472 }
473
474 *matchlen = hdr->match_len(ct, dptr, limit, &shift);
475 if (!*matchlen)
476 return -1;
477 *matchoff = dptr - start + shift;
478 return 1;
479 }
480 return 0;
481}
482EXPORT_SYMBOL_GPL(ct_sip_get_header);
483
484
485static int ct_sip_next_header(const struct nf_conn *ct, const char *dptr,
486 unsigned int dataoff, unsigned int datalen,
487 enum sip_header_types type,
488 unsigned int *matchoff, unsigned int *matchlen)
489{
490 const struct sip_header *hdr = &ct_sip_hdrs[type];
491 const char *start = dptr, *limit = dptr + datalen;
492 int shift = 0;
493
494 dptr += dataoff;
495
496 dptr = ct_sip_header_search(dptr, limit, ",", strlen(","));
497 if (!dptr)
498 return 0;
499
500 dptr = ct_sip_header_search(dptr, limit, hdr->search, hdr->slen);
501 if (!dptr)
502 return 0;
503 dptr += hdr->slen;
504
505 *matchoff = dptr - start;
506 *matchlen = hdr->match_len(ct, dptr, limit, &shift);
507 if (!*matchlen)
508 return -1;
509 *matchoff += shift;
510 return 1;
511}
512
513
514
515static int ct_sip_walk_headers(const struct nf_conn *ct, const char *dptr,
516 unsigned int dataoff, unsigned int datalen,
517 enum sip_header_types type, int *in_header,
518 unsigned int *matchoff, unsigned int *matchlen)
519{
520 int ret;
521
522 if (in_header && *in_header) {
523 while (1) {
524 ret = ct_sip_next_header(ct, dptr, dataoff, datalen,
525 type, matchoff, matchlen);
526 if (ret > 0)
527 return ret;
528 if (ret == 0)
529 break;
530 dataoff += *matchoff;
531 }
532 *in_header = 0;
533 }
534
535 while (1) {
536 ret = ct_sip_get_header(ct, dptr, dataoff, datalen,
537 type, matchoff, matchlen);
538 if (ret > 0)
539 break;
540 if (ret == 0)
541 return ret;
542 dataoff += *matchoff;
543 }
544
545 if (in_header)
546 *in_header = 1;
547 return 1;
548}
549
550
551
552
553
554
555int ct_sip_parse_header_uri(const struct nf_conn *ct, const char *dptr,
556 unsigned int *dataoff, unsigned int datalen,
557 enum sip_header_types type, int *in_header,
558 unsigned int *matchoff, unsigned int *matchlen,
559 union nf_inet_addr *addr, __be16 *port)
560{
561 const char *c, *limit = dptr + datalen;
562 unsigned int p;
563 int ret;
564
565 ret = ct_sip_walk_headers(ct, dptr, dataoff ? *dataoff : 0, datalen,
566 type, in_header, matchoff, matchlen);
567 WARN_ON(ret < 0);
568 if (ret == 0)
569 return ret;
570
571 if (!sip_parse_addr(ct, dptr + *matchoff, &c, addr, limit, true))
572 return -1;
573 if (*c == ':') {
574 c++;
575 p = simple_strtoul(c, (char **)&c, 10);
576 if (p < 1024 || p > 65535)
577 return -1;
578 *port = htons(p);
579 } else
580 *port = htons(SIP_PORT);
581
582 if (dataoff)
583 *dataoff = c - dptr;
584 return 1;
585}
586EXPORT_SYMBOL_GPL(ct_sip_parse_header_uri);
587
588static int ct_sip_parse_param(const struct nf_conn *ct, const char *dptr,
589 unsigned int dataoff, unsigned int datalen,
590 const char *name,
591 unsigned int *matchoff, unsigned int *matchlen)
592{
593 const char *limit = dptr + datalen;
594 const char *start;
595 const char *end;
596
597 limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(","));
598 if (!limit)
599 limit = dptr + datalen;
600
601 start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name));
602 if (!start)
603 return 0;
604 start += strlen(name);
605
606 end = ct_sip_header_search(start, limit, ";", strlen(";"));
607 if (!end)
608 end = limit;
609
610 *matchoff = start - dptr;
611 *matchlen = end - start;
612 return 1;
613}
614
615
616int ct_sip_parse_address_param(const struct nf_conn *ct, const char *dptr,
617 unsigned int dataoff, unsigned int datalen,
618 const char *name,
619 unsigned int *matchoff, unsigned int *matchlen,
620 union nf_inet_addr *addr, bool delim)
621{
622 const char *limit = dptr + datalen;
623 const char *start, *end;
624
625 limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(","));
626 if (!limit)
627 limit = dptr + datalen;
628
629 start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name));
630 if (!start)
631 return 0;
632
633 start += strlen(name);
634 if (!sip_parse_addr(ct, start, &end, addr, limit, delim))
635 return 0;
636 *matchoff = start - dptr;
637 *matchlen = end - start;
638 return 1;
639}
640EXPORT_SYMBOL_GPL(ct_sip_parse_address_param);
641
642
643int ct_sip_parse_numerical_param(const struct nf_conn *ct, const char *dptr,
644 unsigned int dataoff, unsigned int datalen,
645 const char *name,
646 unsigned int *matchoff, unsigned int *matchlen,
647 unsigned int *val)
648{
649 const char *limit = dptr + datalen;
650 const char *start;
651 char *end;
652
653 limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(","));
654 if (!limit)
655 limit = dptr + datalen;
656
657 start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name));
658 if (!start)
659 return 0;
660
661 start += strlen(name);
662 *val = simple_strtoul(start, &end, 0);
663 if (start == end)
664 return 0;
665 if (matchoff && matchlen) {
666 *matchoff = start - dptr;
667 *matchlen = end - start;
668 }
669 return 1;
670}
671EXPORT_SYMBOL_GPL(ct_sip_parse_numerical_param);
672
673static int ct_sip_parse_transport(struct nf_conn *ct, const char *dptr,
674 unsigned int dataoff, unsigned int datalen,
675 u8 *proto)
676{
677 unsigned int matchoff, matchlen;
678
679 if (ct_sip_parse_param(ct, dptr, dataoff, datalen, "transport=",
680 &matchoff, &matchlen)) {
681 if (!strnicmp(dptr + matchoff, "TCP", strlen("TCP")))
682 *proto = IPPROTO_TCP;
683 else if (!strnicmp(dptr + matchoff, "UDP", strlen("UDP")))
684 *proto = IPPROTO_UDP;
685 else
686 return 0;
687
688 if (*proto != nf_ct_protonum(ct))
689 return 0;
690 } else
691 *proto = nf_ct_protonum(ct);
692
693 return 1;
694}
695
696static int sdp_parse_addr(const struct nf_conn *ct, const char *cp,
697 const char **endp, union nf_inet_addr *addr,
698 const char *limit)
699{
700 const char *end;
701 int ret;
702
703 memset(addr, 0, sizeof(*addr));
704 switch (nf_ct_l3num(ct)) {
705 case AF_INET:
706 ret = in4_pton(cp, limit - cp, (u8 *)&addr->ip, -1, &end);
707 break;
708 case AF_INET6:
709 ret = in6_pton(cp, limit - cp, (u8 *)&addr->ip6, -1, &end);
710 break;
711 default:
712 BUG();
713 }
714
715 if (ret == 0)
716 return 0;
717 if (endp)
718 *endp = end;
719 return 1;
720}
721
722
723static int sdp_addr_len(const struct nf_conn *ct, const char *dptr,
724 const char *limit, int *shift)
725{
726 union nf_inet_addr addr;
727 const char *aux = dptr;
728
729 if (!sdp_parse_addr(ct, dptr, &dptr, &addr, limit)) {
730 pr_debug("ip: %s parse failed.!\n", dptr);
731 return 0;
732 }
733
734 return dptr - aux;
735}
736
737
738
739
740
741
742
743
744
745
746static const struct sip_header ct_sdp_hdrs_v4[] = {
747 [SDP_HDR_VERSION] = SDP_HDR("v=", NULL, digits_len),
748 [SDP_HDR_OWNER] = SDP_HDR("o=", "IN IP4 ", sdp_addr_len),
749 [SDP_HDR_CONNECTION] = SDP_HDR("c=", "IN IP4 ", sdp_addr_len),
750 [SDP_HDR_MEDIA] = SDP_HDR("m=", NULL, media_len),
751};
752
753static const struct sip_header ct_sdp_hdrs_v6[] = {
754 [SDP_HDR_VERSION] = SDP_HDR("v=", NULL, digits_len),
755 [SDP_HDR_OWNER] = SDP_HDR("o=", "IN IP6 ", sdp_addr_len),
756 [SDP_HDR_CONNECTION] = SDP_HDR("c=", "IN IP6 ", sdp_addr_len),
757 [SDP_HDR_MEDIA] = SDP_HDR("m=", NULL, media_len),
758};
759
760
761static const char *ct_sdp_header_search(const char *dptr, const char *limit,
762 const char *needle, unsigned int len)
763{
764 for (limit -= len; dptr < limit; dptr++) {
765 if (*dptr == '\r' || *dptr == '\n')
766 break;
767 if (strncmp(dptr, needle, len) == 0)
768 return dptr;
769 }
770 return NULL;
771}
772
773
774
775
776
777int ct_sip_get_sdp_header(const struct nf_conn *ct, const char *dptr,
778 unsigned int dataoff, unsigned int datalen,
779 enum sdp_header_types type,
780 enum sdp_header_types term,
781 unsigned int *matchoff, unsigned int *matchlen)
782{
783 const struct sip_header *hdrs, *hdr, *thdr;
784 const char *start = dptr, *limit = dptr + datalen;
785 int shift = 0;
786
787 hdrs = nf_ct_l3num(ct) == NFPROTO_IPV4 ? ct_sdp_hdrs_v4 : ct_sdp_hdrs_v6;
788 hdr = &hdrs[type];
789 thdr = &hdrs[term];
790
791 for (dptr += dataoff; dptr < limit; dptr++) {
792
793 if (*dptr != '\r' && *dptr != '\n')
794 continue;
795 if (++dptr >= limit)
796 break;
797 if (*(dptr - 1) == '\r' && *dptr == '\n') {
798 if (++dptr >= limit)
799 break;
800 }
801
802 if (term != SDP_HDR_UNSPEC &&
803 limit - dptr >= thdr->len &&
804 strnicmp(dptr, thdr->name, thdr->len) == 0)
805 break;
806 else if (limit - dptr >= hdr->len &&
807 strnicmp(dptr, hdr->name, hdr->len) == 0)
808 dptr += hdr->len;
809 else
810 continue;
811
812 *matchoff = dptr - start;
813 if (hdr->search) {
814 dptr = ct_sdp_header_search(dptr, limit, hdr->search,
815 hdr->slen);
816 if (!dptr)
817 return -1;
818 dptr += hdr->slen;
819 }
820
821 *matchlen = hdr->match_len(ct, dptr, limit, &shift);
822 if (!*matchlen)
823 return -1;
824 *matchoff = dptr - start + shift;
825 return 1;
826 }
827 return 0;
828}
829EXPORT_SYMBOL_GPL(ct_sip_get_sdp_header);
830
831static int ct_sip_parse_sdp_addr(const struct nf_conn *ct, const char *dptr,
832 unsigned int dataoff, unsigned int datalen,
833 enum sdp_header_types type,
834 enum sdp_header_types term,
835 unsigned int *matchoff, unsigned int *matchlen,
836 union nf_inet_addr *addr)
837{
838 int ret;
839
840 ret = ct_sip_get_sdp_header(ct, dptr, dataoff, datalen, type, term,
841 matchoff, matchlen);
842 if (ret <= 0)
843 return ret;
844
845 if (!sdp_parse_addr(ct, dptr + *matchoff, NULL, addr,
846 dptr + *matchoff + *matchlen))
847 return -1;
848 return 1;
849}
850
851static int refresh_signalling_expectation(struct nf_conn *ct,
852 union nf_inet_addr *addr,
853 u8 proto, __be16 port,
854 unsigned int expires)
855{
856 struct nf_conn_help *help = nfct_help(ct);
857 struct nf_conntrack_expect *exp;
858 struct hlist_node *n, *next;
859 int found = 0;
860
861 spin_lock_bh(&nf_conntrack_lock);
862 hlist_for_each_entry_safe(exp, n, next, &help->expectations, lnode) {
863 if (exp->class != SIP_EXPECT_SIGNALLING ||
864 !nf_inet_addr_cmp(&exp->tuple.dst.u3, addr) ||
865 exp->tuple.dst.protonum != proto ||
866 exp->tuple.dst.u.udp.port != port)
867 continue;
868 if (!del_timer(&exp->timeout))
869 continue;
870 exp->flags &= ~NF_CT_EXPECT_INACTIVE;
871 exp->timeout.expires = jiffies + expires * HZ;
872 add_timer(&exp->timeout);
873 found = 1;
874 break;
875 }
876 spin_unlock_bh(&nf_conntrack_lock);
877 return found;
878}
879
880static void flush_expectations(struct nf_conn *ct, bool media)
881{
882 struct nf_conn_help *help = nfct_help(ct);
883 struct nf_conntrack_expect *exp;
884 struct hlist_node *n, *next;
885
886 spin_lock_bh(&nf_conntrack_lock);
887 hlist_for_each_entry_safe(exp, n, next, &help->expectations, lnode) {
888 if ((exp->class != SIP_EXPECT_SIGNALLING) ^ media)
889 continue;
890 if (!del_timer(&exp->timeout))
891 continue;
892 nf_ct_unlink_expect(exp);
893 nf_ct_expect_put(exp);
894 if (!media)
895 break;
896 }
897 spin_unlock_bh(&nf_conntrack_lock);
898}
899
900static int set_expected_rtp_rtcp(struct sk_buff *skb, unsigned int protoff,
901 unsigned int dataoff,
902 const char **dptr, unsigned int *datalen,
903 union nf_inet_addr *daddr, __be16 port,
904 enum sip_expectation_classes class,
905 unsigned int mediaoff, unsigned int medialen)
906{
907 struct nf_conntrack_expect *exp, *rtp_exp, *rtcp_exp;
908 enum ip_conntrack_info ctinfo;
909 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
910 struct net *net = nf_ct_net(ct);
911 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
912 union nf_inet_addr *saddr;
913 struct nf_conntrack_tuple tuple;
914 int direct_rtp = 0, skip_expect = 0, ret = NF_DROP;
915 u_int16_t base_port;
916 __be16 rtp_port, rtcp_port;
917 typeof(nf_nat_sdp_port_hook) nf_nat_sdp_port;
918 typeof(nf_nat_sdp_media_hook) nf_nat_sdp_media;
919
920 saddr = NULL;
921 if (sip_direct_media) {
922 if (!nf_inet_addr_cmp(daddr, &ct->tuplehash[dir].tuple.src.u3))
923 return NF_ACCEPT;
924 saddr = &ct->tuplehash[!dir].tuple.src.u3;
925 }
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940 memset(&tuple, 0, sizeof(tuple));
941 if (saddr)
942 tuple.src.u3 = *saddr;
943 tuple.src.l3num = nf_ct_l3num(ct);
944 tuple.dst.protonum = IPPROTO_UDP;
945 tuple.dst.u3 = *daddr;
946 tuple.dst.u.udp.port = port;
947
948 rcu_read_lock();
949 do {
950 exp = __nf_ct_expect_find(net, nf_ct_zone(ct), &tuple);
951
952 if (!exp || exp->master == ct ||
953 nfct_help(exp->master)->helper != nfct_help(ct)->helper ||
954 exp->class != class)
955 break;
956#ifdef CONFIG_NF_NAT_NEEDED
957 if (!direct_rtp &&
958 (!nf_inet_addr_cmp(&exp->saved_addr, &exp->tuple.dst.u3) ||
959 exp->saved_proto.udp.port != exp->tuple.dst.u.udp.port) &&
960 ct->status & IPS_NAT_MASK) {
961 *daddr = exp->saved_addr;
962 tuple.dst.u3 = exp->saved_addr;
963 tuple.dst.u.udp.port = exp->saved_proto.udp.port;
964 direct_rtp = 1;
965 } else
966#endif
967 skip_expect = 1;
968 } while (!skip_expect);
969 rcu_read_unlock();
970
971 base_port = ntohs(tuple.dst.u.udp.port) & ~1;
972 rtp_port = htons(base_port);
973 rtcp_port = htons(base_port + 1);
974
975 if (direct_rtp) {
976 nf_nat_sdp_port = rcu_dereference(nf_nat_sdp_port_hook);
977 if (nf_nat_sdp_port &&
978 !nf_nat_sdp_port(skb, protoff, dataoff, dptr, datalen,
979 mediaoff, medialen, ntohs(rtp_port)))
980 goto err1;
981 }
982
983 if (skip_expect)
984 return NF_ACCEPT;
985
986 rtp_exp = nf_ct_expect_alloc(ct);
987 if (rtp_exp == NULL)
988 goto err1;
989 nf_ct_expect_init(rtp_exp, class, nf_ct_l3num(ct), saddr, daddr,
990 IPPROTO_UDP, NULL, &rtp_port);
991
992 rtcp_exp = nf_ct_expect_alloc(ct);
993 if (rtcp_exp == NULL)
994 goto err2;
995 nf_ct_expect_init(rtcp_exp, class, nf_ct_l3num(ct), saddr, daddr,
996 IPPROTO_UDP, NULL, &rtcp_port);
997
998 nf_nat_sdp_media = rcu_dereference(nf_nat_sdp_media_hook);
999 if (nf_nat_sdp_media && ct->status & IPS_NAT_MASK && !direct_rtp)
1000 ret = nf_nat_sdp_media(skb, protoff, dataoff, dptr, datalen,
1001 rtp_exp, rtcp_exp,
1002 mediaoff, medialen, daddr);
1003 else {
1004 if (nf_ct_expect_related(rtp_exp) == 0) {
1005 if (nf_ct_expect_related(rtcp_exp) != 0)
1006 nf_ct_unexpect_related(rtp_exp);
1007 else
1008 ret = NF_ACCEPT;
1009 }
1010 }
1011 nf_ct_expect_put(rtcp_exp);
1012err2:
1013 nf_ct_expect_put(rtp_exp);
1014err1:
1015 return ret;
1016}
1017
1018static const struct sdp_media_type sdp_media_types[] = {
1019 SDP_MEDIA_TYPE("audio ", SIP_EXPECT_AUDIO),
1020 SDP_MEDIA_TYPE("video ", SIP_EXPECT_VIDEO),
1021 SDP_MEDIA_TYPE("image ", SIP_EXPECT_IMAGE),
1022};
1023
1024static const struct sdp_media_type *sdp_media_type(const char *dptr,
1025 unsigned int matchoff,
1026 unsigned int matchlen)
1027{
1028 const struct sdp_media_type *t;
1029 unsigned int i;
1030
1031 for (i = 0; i < ARRAY_SIZE(sdp_media_types); i++) {
1032 t = &sdp_media_types[i];
1033 if (matchlen < t->len ||
1034 strncmp(dptr + matchoff, t->name, t->len))
1035 continue;
1036 return t;
1037 }
1038 return NULL;
1039}
1040
1041static int process_sdp(struct sk_buff *skb, unsigned int protoff,
1042 unsigned int dataoff,
1043 const char **dptr, unsigned int *datalen,
1044 unsigned int cseq)
1045{
1046 enum ip_conntrack_info ctinfo;
1047 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1048 unsigned int matchoff, matchlen;
1049 unsigned int mediaoff, medialen;
1050 unsigned int sdpoff;
1051 unsigned int caddr_len, maddr_len;
1052 unsigned int i;
1053 union nf_inet_addr caddr, maddr, rtp_addr;
1054 unsigned int port;
1055 const struct sdp_media_type *t;
1056 int ret = NF_ACCEPT;
1057 typeof(nf_nat_sdp_addr_hook) nf_nat_sdp_addr;
1058 typeof(nf_nat_sdp_session_hook) nf_nat_sdp_session;
1059
1060 nf_nat_sdp_addr = rcu_dereference(nf_nat_sdp_addr_hook);
1061
1062
1063 if (ct_sip_get_sdp_header(ct, *dptr, 0, *datalen,
1064 SDP_HDR_VERSION, SDP_HDR_UNSPEC,
1065 &matchoff, &matchlen) <= 0)
1066 return NF_ACCEPT;
1067 sdpoff = matchoff;
1068
1069
1070
1071
1072 caddr_len = 0;
1073 if (ct_sip_parse_sdp_addr(ct, *dptr, sdpoff, *datalen,
1074 SDP_HDR_CONNECTION, SDP_HDR_MEDIA,
1075 &matchoff, &matchlen, &caddr) > 0)
1076 caddr_len = matchlen;
1077
1078 mediaoff = sdpoff;
1079 for (i = 0; i < ARRAY_SIZE(sdp_media_types); ) {
1080 if (ct_sip_get_sdp_header(ct, *dptr, mediaoff, *datalen,
1081 SDP_HDR_MEDIA, SDP_HDR_UNSPEC,
1082 &mediaoff, &medialen) <= 0)
1083 break;
1084
1085
1086
1087 t = sdp_media_type(*dptr, mediaoff, medialen);
1088 if (!t) {
1089 mediaoff += medialen;
1090 continue;
1091 }
1092 mediaoff += t->len;
1093 medialen -= t->len;
1094
1095 port = simple_strtoul(*dptr + mediaoff, NULL, 10);
1096 if (port == 0)
1097 continue;
1098 if (port < 1024 || port > 65535)
1099 return NF_DROP;
1100
1101
1102 maddr_len = 0;
1103 if (ct_sip_parse_sdp_addr(ct, *dptr, mediaoff, *datalen,
1104 SDP_HDR_CONNECTION, SDP_HDR_MEDIA,
1105 &matchoff, &matchlen, &maddr) > 0) {
1106 maddr_len = matchlen;
1107 memcpy(&rtp_addr, &maddr, sizeof(rtp_addr));
1108 } else if (caddr_len)
1109 memcpy(&rtp_addr, &caddr, sizeof(rtp_addr));
1110 else
1111 return NF_DROP;
1112
1113 ret = set_expected_rtp_rtcp(skb, protoff, dataoff,
1114 dptr, datalen,
1115 &rtp_addr, htons(port), t->class,
1116 mediaoff, medialen);
1117 if (ret != NF_ACCEPT)
1118 return ret;
1119
1120
1121 if (maddr_len && nf_nat_sdp_addr && ct->status & IPS_NAT_MASK) {
1122 ret = nf_nat_sdp_addr(skb, protoff, dataoff,
1123 dptr, datalen, mediaoff,
1124 SDP_HDR_CONNECTION, SDP_HDR_MEDIA,
1125 &rtp_addr);
1126 if (ret != NF_ACCEPT)
1127 return ret;
1128 }
1129 i++;
1130 }
1131
1132
1133 nf_nat_sdp_session = rcu_dereference(nf_nat_sdp_session_hook);
1134 if (nf_nat_sdp_session && ct->status & IPS_NAT_MASK)
1135 ret = nf_nat_sdp_session(skb, protoff, dataoff,
1136 dptr, datalen, sdpoff, &rtp_addr);
1137
1138 return ret;
1139}
1140static int process_invite_response(struct sk_buff *skb, unsigned int protoff,
1141 unsigned int dataoff,
1142 const char **dptr, unsigned int *datalen,
1143 unsigned int cseq, unsigned int code)
1144{
1145 enum ip_conntrack_info ctinfo;
1146 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1147 struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1148
1149 if ((code >= 100 && code <= 199) ||
1150 (code >= 200 && code <= 299))
1151 return process_sdp(skb, protoff, dataoff, dptr, datalen, cseq);
1152 else if (ct_sip_info->invite_cseq == cseq)
1153 flush_expectations(ct, true);
1154 return NF_ACCEPT;
1155}
1156
1157static int process_update_response(struct sk_buff *skb, unsigned int protoff,
1158 unsigned int dataoff,
1159 const char **dptr, unsigned int *datalen,
1160 unsigned int cseq, unsigned int code)
1161{
1162 enum ip_conntrack_info ctinfo;
1163 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1164 struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1165
1166 if ((code >= 100 && code <= 199) ||
1167 (code >= 200 && code <= 299))
1168 return process_sdp(skb, protoff, dataoff, dptr, datalen, cseq);
1169 else if (ct_sip_info->invite_cseq == cseq)
1170 flush_expectations(ct, true);
1171 return NF_ACCEPT;
1172}
1173
1174static int process_prack_response(struct sk_buff *skb, unsigned int protoff,
1175 unsigned int dataoff,
1176 const char **dptr, unsigned int *datalen,
1177 unsigned int cseq, unsigned int code)
1178{
1179 enum ip_conntrack_info ctinfo;
1180 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1181 struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1182
1183 if ((code >= 100 && code <= 199) ||
1184 (code >= 200 && code <= 299))
1185 return process_sdp(skb, protoff, dataoff, dptr, datalen, cseq);
1186 else if (ct_sip_info->invite_cseq == cseq)
1187 flush_expectations(ct, true);
1188 return NF_ACCEPT;
1189}
1190
1191static int process_invite_request(struct sk_buff *skb, unsigned int protoff,
1192 unsigned int dataoff,
1193 const char **dptr, unsigned int *datalen,
1194 unsigned int cseq)
1195{
1196 enum ip_conntrack_info ctinfo;
1197 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1198 struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1199 unsigned int ret;
1200
1201 flush_expectations(ct, true);
1202 ret = process_sdp(skb, protoff, dataoff, dptr, datalen, cseq);
1203 if (ret == NF_ACCEPT)
1204 ct_sip_info->invite_cseq = cseq;
1205 return ret;
1206}
1207
1208static int process_bye_request(struct sk_buff *skb, unsigned int protoff,
1209 unsigned int dataoff,
1210 const char **dptr, unsigned int *datalen,
1211 unsigned int cseq)
1212{
1213 enum ip_conntrack_info ctinfo;
1214 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1215
1216 flush_expectations(ct, true);
1217 return NF_ACCEPT;
1218}
1219
1220
1221
1222
1223
1224static int process_register_request(struct sk_buff *skb, unsigned int protoff,
1225 unsigned int dataoff,
1226 const char **dptr, unsigned int *datalen,
1227 unsigned int cseq)
1228{
1229 enum ip_conntrack_info ctinfo;
1230 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1231 struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1232 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
1233 unsigned int matchoff, matchlen;
1234 struct nf_conntrack_expect *exp;
1235 union nf_inet_addr *saddr, daddr;
1236 __be16 port;
1237 u8 proto;
1238 unsigned int expires = 0;
1239 int ret;
1240 typeof(nf_nat_sip_expect_hook) nf_nat_sip_expect;
1241
1242
1243 if (ct->status & IPS_EXPECTED)
1244 return NF_ACCEPT;
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_EXPIRES,
1255 &matchoff, &matchlen) > 0)
1256 expires = simple_strtoul(*dptr + matchoff, NULL, 10);
1257
1258 ret = ct_sip_parse_header_uri(ct, *dptr, NULL, *datalen,
1259 SIP_HDR_CONTACT, NULL,
1260 &matchoff, &matchlen, &daddr, &port);
1261 if (ret < 0)
1262 return NF_DROP;
1263 else if (ret == 0)
1264 return NF_ACCEPT;
1265
1266
1267 if (!nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.src.u3, &daddr))
1268 return NF_ACCEPT;
1269
1270 if (ct_sip_parse_transport(ct, *dptr, matchoff + matchlen, *datalen,
1271 &proto) == 0)
1272 return NF_ACCEPT;
1273
1274 if (ct_sip_parse_numerical_param(ct, *dptr,
1275 matchoff + matchlen, *datalen,
1276 "expires=", NULL, NULL, &expires) < 0)
1277 return NF_DROP;
1278
1279 if (expires == 0) {
1280 ret = NF_ACCEPT;
1281 goto store_cseq;
1282 }
1283
1284 exp = nf_ct_expect_alloc(ct);
1285 if (!exp)
1286 return NF_DROP;
1287
1288 saddr = NULL;
1289 if (sip_direct_signalling)
1290 saddr = &ct->tuplehash[!dir].tuple.src.u3;
1291
1292 nf_ct_expect_init(exp, SIP_EXPECT_SIGNALLING, nf_ct_l3num(ct),
1293 saddr, &daddr, proto, NULL, &port);
1294 exp->timeout.expires = sip_timeout * HZ;
1295 exp->helper = nfct_help(ct)->helper;
1296 exp->flags = NF_CT_EXPECT_PERMANENT | NF_CT_EXPECT_INACTIVE;
1297
1298 nf_nat_sip_expect = rcu_dereference(nf_nat_sip_expect_hook);
1299 if (nf_nat_sip_expect && ct->status & IPS_NAT_MASK)
1300 ret = nf_nat_sip_expect(skb, protoff, dataoff, dptr, datalen,
1301 exp, matchoff, matchlen);
1302 else {
1303 if (nf_ct_expect_related(exp) != 0)
1304 ret = NF_DROP;
1305 else
1306 ret = NF_ACCEPT;
1307 }
1308 nf_ct_expect_put(exp);
1309
1310store_cseq:
1311 if (ret == NF_ACCEPT)
1312 ct_sip_info->register_cseq = cseq;
1313 return ret;
1314}
1315
1316static int process_register_response(struct sk_buff *skb, unsigned int protoff,
1317 unsigned int dataoff,
1318 const char **dptr, unsigned int *datalen,
1319 unsigned int cseq, unsigned int code)
1320{
1321 enum ip_conntrack_info ctinfo;
1322 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1323 struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1324 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
1325 union nf_inet_addr addr;
1326 __be16 port;
1327 u8 proto;
1328 unsigned int matchoff, matchlen, coff = 0;
1329 unsigned int expires = 0;
1330 int in_contact = 0, ret;
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340 if (ct_sip_info->register_cseq != cseq)
1341 return NF_ACCEPT;
1342
1343 if (code >= 100 && code <= 199)
1344 return NF_ACCEPT;
1345 if (code < 200 || code > 299)
1346 goto flush;
1347
1348 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_EXPIRES,
1349 &matchoff, &matchlen) > 0)
1350 expires = simple_strtoul(*dptr + matchoff, NULL, 10);
1351
1352 while (1) {
1353 unsigned int c_expires = expires;
1354
1355 ret = ct_sip_parse_header_uri(ct, *dptr, &coff, *datalen,
1356 SIP_HDR_CONTACT, &in_contact,
1357 &matchoff, &matchlen,
1358 &addr, &port);
1359 if (ret < 0)
1360 return NF_DROP;
1361 else if (ret == 0)
1362 break;
1363
1364
1365 if (!nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.dst.u3, &addr))
1366 continue;
1367
1368 if (ct_sip_parse_transport(ct, *dptr, matchoff + matchlen,
1369 *datalen, &proto) == 0)
1370 continue;
1371
1372 ret = ct_sip_parse_numerical_param(ct, *dptr,
1373 matchoff + matchlen,
1374 *datalen, "expires=",
1375 NULL, NULL, &c_expires);
1376 if (ret < 0)
1377 return NF_DROP;
1378 if (c_expires == 0)
1379 break;
1380 if (refresh_signalling_expectation(ct, &addr, proto, port,
1381 c_expires))
1382 return NF_ACCEPT;
1383 }
1384
1385flush:
1386 flush_expectations(ct, false);
1387 return NF_ACCEPT;
1388}
1389
1390static const struct sip_handler sip_handlers[] = {
1391 SIP_HANDLER("INVITE", process_invite_request, process_invite_response),
1392 SIP_HANDLER("UPDATE", process_sdp, process_update_response),
1393 SIP_HANDLER("ACK", process_sdp, NULL),
1394 SIP_HANDLER("PRACK", process_sdp, process_prack_response),
1395 SIP_HANDLER("BYE", process_bye_request, NULL),
1396 SIP_HANDLER("REGISTER", process_register_request, process_register_response),
1397};
1398
1399static int process_sip_response(struct sk_buff *skb, unsigned int protoff,
1400 unsigned int dataoff,
1401 const char **dptr, unsigned int *datalen)
1402{
1403 enum ip_conntrack_info ctinfo;
1404 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1405 unsigned int matchoff, matchlen, matchend;
1406 unsigned int code, cseq, i;
1407
1408 if (*datalen < strlen("SIP/2.0 200"))
1409 return NF_ACCEPT;
1410 code = simple_strtoul(*dptr + strlen("SIP/2.0 "), NULL, 10);
1411 if (!code)
1412 return NF_DROP;
1413
1414 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_CSEQ,
1415 &matchoff, &matchlen) <= 0)
1416 return NF_DROP;
1417 cseq = simple_strtoul(*dptr + matchoff, NULL, 10);
1418 if (!cseq)
1419 return NF_DROP;
1420 matchend = matchoff + matchlen + 1;
1421
1422 for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) {
1423 const struct sip_handler *handler;
1424
1425 handler = &sip_handlers[i];
1426 if (handler->response == NULL)
1427 continue;
1428 if (*datalen < matchend + handler->len ||
1429 strnicmp(*dptr + matchend, handler->method, handler->len))
1430 continue;
1431 return handler->response(skb, protoff, dataoff, dptr, datalen,
1432 cseq, code);
1433 }
1434 return NF_ACCEPT;
1435}
1436
1437static int process_sip_request(struct sk_buff *skb, unsigned int protoff,
1438 unsigned int dataoff,
1439 const char **dptr, unsigned int *datalen)
1440{
1441 enum ip_conntrack_info ctinfo;
1442 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1443 unsigned int matchoff, matchlen;
1444 unsigned int cseq, i;
1445
1446 for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) {
1447 const struct sip_handler *handler;
1448
1449 handler = &sip_handlers[i];
1450 if (handler->request == NULL)
1451 continue;
1452 if (*datalen < handler->len ||
1453 strnicmp(*dptr, handler->method, handler->len))
1454 continue;
1455
1456 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_CSEQ,
1457 &matchoff, &matchlen) <= 0)
1458 return NF_DROP;
1459 cseq = simple_strtoul(*dptr + matchoff, NULL, 10);
1460 if (!cseq)
1461 return NF_DROP;
1462
1463 return handler->request(skb, protoff, dataoff, dptr, datalen,
1464 cseq);
1465 }
1466 return NF_ACCEPT;
1467}
1468
1469static int process_sip_msg(struct sk_buff *skb, struct nf_conn *ct,
1470 unsigned int protoff, unsigned int dataoff,
1471 const char **dptr, unsigned int *datalen)
1472{
1473 typeof(nf_nat_sip_hook) nf_nat_sip;
1474 int ret;
1475
1476 if (strnicmp(*dptr, "SIP/2.0 ", strlen("SIP/2.0 ")) != 0)
1477 ret = process_sip_request(skb, protoff, dataoff, dptr, datalen);
1478 else
1479 ret = process_sip_response(skb, protoff, dataoff, dptr, datalen);
1480
1481 if (ret == NF_ACCEPT && ct->status & IPS_NAT_MASK) {
1482 nf_nat_sip = rcu_dereference(nf_nat_sip_hook);
1483 if (nf_nat_sip && !nf_nat_sip(skb, protoff, dataoff,
1484 dptr, datalen))
1485 ret = NF_DROP;
1486 }
1487
1488 return ret;
1489}
1490
1491static int sip_help_tcp(struct sk_buff *skb, unsigned int protoff,
1492 struct nf_conn *ct, enum ip_conntrack_info ctinfo)
1493{
1494 struct tcphdr *th, _tcph;
1495 unsigned int dataoff, datalen;
1496 unsigned int matchoff, matchlen, clen;
1497 unsigned int msglen, origlen;
1498 const char *dptr, *end;
1499 s16 diff, tdiff = 0;
1500 int ret = NF_ACCEPT;
1501 bool term;
1502 typeof(nf_nat_sip_seq_adjust_hook) nf_nat_sip_seq_adjust;
1503
1504 if (ctinfo != IP_CT_ESTABLISHED &&
1505 ctinfo != IP_CT_ESTABLISHED_REPLY)
1506 return NF_ACCEPT;
1507
1508
1509 th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph);
1510 if (th == NULL)
1511 return NF_ACCEPT;
1512 dataoff = protoff + th->doff * 4;
1513 if (dataoff >= skb->len)
1514 return NF_ACCEPT;
1515
1516 nf_ct_refresh(ct, skb, sip_timeout * HZ);
1517
1518 if (unlikely(skb_linearize(skb)))
1519 return NF_DROP;
1520
1521 dptr = skb->data + dataoff;
1522 datalen = skb->len - dataoff;
1523 if (datalen < strlen("SIP/2.0 200"))
1524 return NF_ACCEPT;
1525
1526 while (1) {
1527 if (ct_sip_get_header(ct, dptr, 0, datalen,
1528 SIP_HDR_CONTENT_LENGTH,
1529 &matchoff, &matchlen) <= 0)
1530 break;
1531
1532 clen = simple_strtoul(dptr + matchoff, (char **)&end, 10);
1533 if (dptr + matchoff == end)
1534 break;
1535
1536 term = false;
1537 for (; end + strlen("\r\n\r\n") <= dptr + datalen; end++) {
1538 if (end[0] == '\r' && end[1] == '\n' &&
1539 end[2] == '\r' && end[3] == '\n') {
1540 term = true;
1541 break;
1542 }
1543 }
1544 if (!term)
1545 break;
1546 end += strlen("\r\n\r\n") + clen;
1547
1548 msglen = origlen = end - dptr;
1549 if (msglen > datalen)
1550 return NF_DROP;
1551
1552 ret = process_sip_msg(skb, ct, protoff, dataoff,
1553 &dptr, &msglen);
1554 if (ret != NF_ACCEPT)
1555 break;
1556 diff = msglen - origlen;
1557 tdiff += diff;
1558
1559 dataoff += msglen;
1560 dptr += msglen;
1561 datalen = datalen + diff - msglen;
1562 }
1563
1564 if (ret == NF_ACCEPT && ct->status & IPS_NAT_MASK) {
1565 nf_nat_sip_seq_adjust = rcu_dereference(nf_nat_sip_seq_adjust_hook);
1566 if (nf_nat_sip_seq_adjust)
1567 nf_nat_sip_seq_adjust(skb, protoff, tdiff);
1568 }
1569
1570 return ret;
1571}
1572
1573static int sip_help_udp(struct sk_buff *skb, unsigned int protoff,
1574 struct nf_conn *ct, enum ip_conntrack_info ctinfo)
1575{
1576 unsigned int dataoff, datalen;
1577 const char *dptr;
1578
1579
1580 dataoff = protoff + sizeof(struct udphdr);
1581 if (dataoff >= skb->len)
1582 return NF_ACCEPT;
1583
1584 nf_ct_refresh(ct, skb, sip_timeout * HZ);
1585
1586 if (unlikely(skb_linearize(skb)))
1587 return NF_DROP;
1588
1589 dptr = skb->data + dataoff;
1590 datalen = skb->len - dataoff;
1591 if (datalen < strlen("SIP/2.0 200"))
1592 return NF_ACCEPT;
1593
1594 return process_sip_msg(skb, ct, protoff, dataoff, &dptr, &datalen);
1595}
1596
1597static struct nf_conntrack_helper sip[MAX_PORTS][4] __read_mostly;
1598
1599static const struct nf_conntrack_expect_policy sip_exp_policy[SIP_EXPECT_MAX + 1] = {
1600 [SIP_EXPECT_SIGNALLING] = {
1601 .name = "signalling",
1602 .max_expected = 1,
1603 .timeout = 3 * 60,
1604 },
1605 [SIP_EXPECT_AUDIO] = {
1606 .name = "audio",
1607 .max_expected = 2 * IP_CT_DIR_MAX,
1608 .timeout = 3 * 60,
1609 },
1610 [SIP_EXPECT_VIDEO] = {
1611 .name = "video",
1612 .max_expected = 2 * IP_CT_DIR_MAX,
1613 .timeout = 3 * 60,
1614 },
1615 [SIP_EXPECT_IMAGE] = {
1616 .name = "image",
1617 .max_expected = IP_CT_DIR_MAX,
1618 .timeout = 3 * 60,
1619 },
1620};
1621
1622static void nf_conntrack_sip_fini(void)
1623{
1624 int i, j;
1625
1626 for (i = 0; i < ports_c; i++) {
1627 for (j = 0; j < ARRAY_SIZE(sip[i]); j++) {
1628 if (sip[i][j].me == NULL)
1629 continue;
1630 nf_conntrack_helper_unregister(&sip[i][j]);
1631 }
1632 }
1633}
1634
1635static int __init nf_conntrack_sip_init(void)
1636{
1637 int i, j, ret;
1638
1639 if (ports_c == 0)
1640 ports[ports_c++] = SIP_PORT;
1641
1642 for (i = 0; i < ports_c; i++) {
1643 memset(&sip[i], 0, sizeof(sip[i]));
1644
1645 sip[i][0].tuple.src.l3num = AF_INET;
1646 sip[i][0].tuple.dst.protonum = IPPROTO_UDP;
1647 sip[i][0].help = sip_help_udp;
1648 sip[i][1].tuple.src.l3num = AF_INET;
1649 sip[i][1].tuple.dst.protonum = IPPROTO_TCP;
1650 sip[i][1].help = sip_help_tcp;
1651
1652 sip[i][2].tuple.src.l3num = AF_INET6;
1653 sip[i][2].tuple.dst.protonum = IPPROTO_UDP;
1654 sip[i][2].help = sip_help_udp;
1655 sip[i][3].tuple.src.l3num = AF_INET6;
1656 sip[i][3].tuple.dst.protonum = IPPROTO_TCP;
1657 sip[i][3].help = sip_help_tcp;
1658
1659 for (j = 0; j < ARRAY_SIZE(sip[i]); j++) {
1660 sip[i][j].data_len = sizeof(struct nf_ct_sip_master);
1661 sip[i][j].tuple.src.u.udp.port = htons(ports[i]);
1662 sip[i][j].expect_policy = sip_exp_policy;
1663 sip[i][j].expect_class_max = SIP_EXPECT_MAX;
1664 sip[i][j].me = THIS_MODULE;
1665
1666 if (ports[i] == SIP_PORT)
1667 sprintf(sip[i][j].name, "sip");
1668 else
1669 sprintf(sip[i][j].name, "sip-%u", i);
1670
1671 pr_debug("port #%u: %u\n", i, ports[i]);
1672
1673 ret = nf_conntrack_helper_register(&sip[i][j]);
1674 if (ret) {
1675 printk(KERN_ERR "nf_ct_sip: failed to register"
1676 " helper for pf: %u port: %u\n",
1677 sip[i][j].tuple.src.l3num, ports[i]);
1678 nf_conntrack_sip_fini();
1679 return ret;
1680 }
1681 }
1682 }
1683 return 0;
1684}
1685
1686module_init(nf_conntrack_sip_init);
1687module_exit(nf_conntrack_sip_fini);
1688
