1
2
3
4
5
6
7
8
9
10
11
12
13#include <linux/module.h>
14#include <linux/ctype.h>
15#include <linux/skbuff.h>
16#include <linux/inet.h>
17#include <linux/in.h>
18#include <linux/udp.h>
19#include <linux/tcp.h>
20#include <linux/netfilter.h>
21
22#include <net/netfilter/nf_conntrack.h>
23#include <net/netfilter/nf_conntrack_core.h>
24#include <net/netfilter/nf_conntrack_expect.h>
25#include <net/netfilter/nf_conntrack_helper.h>
26#include <net/netfilter/nf_conntrack_zones.h>
27#include <linux/netfilter/nf_conntrack_sip.h>
28
29MODULE_LICENSE("GPL");
30MODULE_AUTHOR("Christian Hentschel <chentschel@arnet.com.ar>");
31MODULE_DESCRIPTION("SIP connection tracking helper");
32MODULE_ALIAS("ip_conntrack_sip");
33MODULE_ALIAS_NFCT_HELPER("sip");
34
35#define MAX_PORTS 8
36static unsigned short ports[MAX_PORTS];
37static unsigned int ports_c;
38module_param_array(ports, ushort, &ports_c, 0400);
39MODULE_PARM_DESC(ports, "port numbers of SIP servers");
40
41static unsigned int sip_timeout __read_mostly = SIP_TIMEOUT;
42module_param(sip_timeout, uint, 0600);
43MODULE_PARM_DESC(sip_timeout, "timeout for the master SIP session");
44
45static int sip_direct_signalling __read_mostly = 1;
46module_param(sip_direct_signalling, int, 0600);
47MODULE_PARM_DESC(sip_direct_signalling, "expect incoming calls from registrar "
48 "only (default 1)");
49
50static int sip_direct_media __read_mostly = 1;
51module_param(sip_direct_media, int, 0600);
52MODULE_PARM_DESC(sip_direct_media, "Expect Media streams between signalling "
53 "endpoints only (default 1)");
54
55unsigned int (*nf_nat_sip_hook)(struct sk_buff *skb, unsigned int dataoff,
56 const char **dptr,
57 unsigned int *datalen) __read_mostly;
58EXPORT_SYMBOL_GPL(nf_nat_sip_hook);
59
60void (*nf_nat_sip_seq_adjust_hook)(struct sk_buff *skb, s16 off) __read_mostly;
61EXPORT_SYMBOL_GPL(nf_nat_sip_seq_adjust_hook);
62
63unsigned int (*nf_nat_sip_expect_hook)(struct sk_buff *skb,
64 unsigned int dataoff,
65 const char **dptr,
66 unsigned int *datalen,
67 struct nf_conntrack_expect *exp,
68 unsigned int matchoff,
69 unsigned int matchlen) __read_mostly;
70EXPORT_SYMBOL_GPL(nf_nat_sip_expect_hook);
71
72unsigned int (*nf_nat_sdp_addr_hook)(struct sk_buff *skb, unsigned int dataoff,
73 const char **dptr,
74 unsigned int *datalen,
75 unsigned int sdpoff,
76 enum sdp_header_types type,
77 enum sdp_header_types term,
78 const union nf_inet_addr *addr)
79 __read_mostly;
80EXPORT_SYMBOL_GPL(nf_nat_sdp_addr_hook);
81
82unsigned int (*nf_nat_sdp_port_hook)(struct sk_buff *skb, unsigned int dataoff,
83 const char **dptr,
84 unsigned int *datalen,
85 unsigned int matchoff,
86 unsigned int matchlen,
87 u_int16_t port) __read_mostly;
88EXPORT_SYMBOL_GPL(nf_nat_sdp_port_hook);
89
90unsigned int (*nf_nat_sdp_session_hook)(struct sk_buff *skb,
91 unsigned int dataoff,
92 const char **dptr,
93 unsigned int *datalen,
94 unsigned int sdpoff,
95 const union nf_inet_addr *addr)
96 __read_mostly;
97EXPORT_SYMBOL_GPL(nf_nat_sdp_session_hook);
98
99unsigned int (*nf_nat_sdp_media_hook)(struct sk_buff *skb, unsigned int dataoff,
100 const char **dptr,
101 unsigned int *datalen,
102 struct nf_conntrack_expect *rtp_exp,
103 struct nf_conntrack_expect *rtcp_exp,
104 unsigned int mediaoff,
105 unsigned int medialen,
106 union nf_inet_addr *rtp_addr)
107 __read_mostly;
108EXPORT_SYMBOL_GPL(nf_nat_sdp_media_hook);
109
110static int string_len(const struct nf_conn *ct, const char *dptr,
111 const char *limit, int *shift)
112{
113 int len = 0;
114
115 while (dptr < limit && isalpha(*dptr)) {
116 dptr++;
117 len++;
118 }
119 return len;
120}
121
122static int digits_len(const struct nf_conn *ct, const char *dptr,
123 const char *limit, int *shift)
124{
125 int len = 0;
126 while (dptr < limit && isdigit(*dptr)) {
127 dptr++;
128 len++;
129 }
130 return len;
131}
132
133static int iswordc(const char c)
134{
135 if (isalnum(c) || c == '!' || c == '"' || c == '%' ||
136 (c >= '(' && c <= '/') || c == ':' || c == '<' || c == '>' ||
137 c == '?' || (c >= '[' && c <= ']') || c == '_' || c == '`' ||
138 c == '{' || c == '}' || c == '~')
139 return 1;
140 return 0;
141}
142
143static int word_len(const char *dptr, const char *limit)
144{
145 int len = 0;
146 while (dptr < limit && iswordc(*dptr)) {
147 dptr++;
148 len++;
149 }
150 return len;
151}
152
153static int callid_len(const struct nf_conn *ct, const char *dptr,
154 const char *limit, int *shift)
155{
156 int len, domain_len;
157
158 len = word_len(dptr, limit);
159 dptr += len;
160 if (!len || dptr == limit || *dptr != '@')
161 return len;
162 dptr++;
163 len++;
164
165 domain_len = word_len(dptr, limit);
166 if (!domain_len)
167 return 0;
168 return len + domain_len;
169}
170
171
172static int media_len(const struct nf_conn *ct, const char *dptr,
173 const char *limit, int *shift)
174{
175 int len = string_len(ct, dptr, limit, shift);
176
177 dptr += len;
178 if (dptr >= limit || *dptr != ' ')
179 return 0;
180 len++;
181 dptr++;
182
183 return len + digits_len(ct, dptr, limit, shift);
184}
185
186static int parse_addr(const struct nf_conn *ct, const char *cp,
187 const char **endp, union nf_inet_addr *addr,
188 const char *limit)
189{
190 const char *end;
191 int ret = 0;
192
193 if (!ct)
194 return 0;
195
196 memset(addr, 0, sizeof(*addr));
197 switch (nf_ct_l3num(ct)) {
198 case AF_INET:
199 ret = in4_pton(cp, limit - cp, (u8 *)&addr->ip, -1, &end);
200 break;
201 case AF_INET6:
202 ret = in6_pton(cp, limit - cp, (u8 *)&addr->ip6, -1, &end);
203 break;
204 default:
205 BUG();
206 }
207
208 if (ret == 0 || end == cp)
209 return 0;
210 if (endp)
211 *endp = end;
212 return 1;
213}
214
215
216static int epaddr_len(const struct nf_conn *ct, const char *dptr,
217 const char *limit, int *shift)
218{
219 union nf_inet_addr addr;
220 const char *aux = dptr;
221
222 if (!parse_addr(ct, dptr, &dptr, &addr, limit)) {
223 pr_debug("ip: %s parse failed.!\n", dptr);
224 return 0;
225 }
226
227
228 if (*dptr == ':') {
229 dptr++;
230 dptr += digits_len(ct, dptr, limit, shift);
231 }
232 return dptr - aux;
233}
234
235
236static int skp_epaddr_len(const struct nf_conn *ct, const char *dptr,
237 const char *limit, int *shift)
238{
239 const char *start = dptr;
240 int s = *shift;
241
242
243
244
245 while (dptr < limit &&
246 *dptr != '@' && *dptr != '\r' && *dptr != '\n') {
247 (*shift)++;
248 dptr++;
249 }
250
251 if (dptr < limit && *dptr == '@') {
252 dptr++;
253 (*shift)++;
254 } else {
255 dptr = start;
256 *shift = s;
257 }
258
259 return epaddr_len(ct, dptr, limit, shift);
260}
261
262
263
264
265
266
267
268int ct_sip_parse_request(const struct nf_conn *ct,
269 const char *dptr, unsigned int datalen,
270 unsigned int *matchoff, unsigned int *matchlen,
271 union nf_inet_addr *addr, __be16 *port)
272{
273 const char *start = dptr, *limit = dptr + datalen, *end;
274 unsigned int mlen;
275 unsigned int p;
276 int shift = 0;
277
278
279 mlen = string_len(ct, dptr, limit, NULL);
280 if (!mlen)
281 return 0;
282 dptr += mlen;
283 if (++dptr >= limit)
284 return 0;
285
286
287 for (; dptr < limit - strlen("sip:"); dptr++) {
288 if (*dptr == '\r' || *dptr == '\n')
289 return -1;
290 if (strnicmp(dptr, "sip:", strlen("sip:")) == 0) {
291 dptr += strlen("sip:");
292 break;
293 }
294 }
295 if (!skp_epaddr_len(ct, dptr, limit, &shift))
296 return 0;
297 dptr += shift;
298
299 if (!parse_addr(ct, dptr, &end, addr, limit))
300 return -1;
301 if (end < limit && *end == ':') {
302 end++;
303 p = simple_strtoul(end, (char **)&end, 10);
304 if (p < 1024 || p > 65535)
305 return -1;
306 *port = htons(p);
307 } else
308 *port = htons(SIP_PORT);
309
310 if (end == dptr)
311 return 0;
312 *matchoff = dptr - start;
313 *matchlen = end - dptr;
314 return 1;
315}
316EXPORT_SYMBOL_GPL(ct_sip_parse_request);
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331static const struct sip_header ct_sip_hdrs[] = {
332 [SIP_HDR_CSEQ] = SIP_HDR("CSeq", NULL, NULL, digits_len),
333 [SIP_HDR_FROM] = SIP_HDR("From", "f", "sip:", skp_epaddr_len),
334 [SIP_HDR_TO] = SIP_HDR("To", "t", "sip:", skp_epaddr_len),
335 [SIP_HDR_CONTACT] = SIP_HDR("Contact", "m", "sip:", skp_epaddr_len),
336 [SIP_HDR_VIA_UDP] = SIP_HDR("Via", "v", "UDP ", epaddr_len),
337 [SIP_HDR_VIA_TCP] = SIP_HDR("Via", "v", "TCP ", epaddr_len),
338 [SIP_HDR_EXPIRES] = SIP_HDR("Expires", NULL, NULL, digits_len),
339 [SIP_HDR_CONTENT_LENGTH] = SIP_HDR("Content-Length", "l", NULL, digits_len),
340 [SIP_HDR_CALL_ID] = SIP_HDR("Call-Id", "i", NULL, callid_len),
341};
342
343static const char *sip_follow_continuation(const char *dptr, const char *limit)
344{
345
346 if (++dptr >= limit)
347 return NULL;
348
349
350 if (*(dptr - 1) == '\r' && *dptr == '\n') {
351 if (++dptr >= limit)
352 return NULL;
353 }
354
355
356 if (*dptr != ' ' && *dptr != '\t')
357 return NULL;
358
359
360 for (; dptr < limit; dptr++) {
361 if (*dptr != ' ' && *dptr != '\t')
362 break;
363 }
364 return dptr;
365}
366
367static const char *sip_skip_whitespace(const char *dptr, const char *limit)
368{
369 for (; dptr < limit; dptr++) {
370 if (*dptr == ' ')
371 continue;
372 if (*dptr != '\r' && *dptr != '\n')
373 break;
374 dptr = sip_follow_continuation(dptr, limit);
375 if (dptr == NULL)
376 return NULL;
377 }
378 return dptr;
379}
380
381
382static const char *ct_sip_header_search(const char *dptr, const char *limit,
383 const char *needle, unsigned int len)
384{
385 for (limit -= len; dptr < limit; dptr++) {
386 if (*dptr == '\r' || *dptr == '\n') {
387 dptr = sip_follow_continuation(dptr, limit);
388 if (dptr == NULL)
389 break;
390 continue;
391 }
392
393 if (strnicmp(dptr, needle, len) == 0)
394 return dptr;
395 }
396 return NULL;
397}
398
399int ct_sip_get_header(const struct nf_conn *ct, const char *dptr,
400 unsigned int dataoff, unsigned int datalen,
401 enum sip_header_types type,
402 unsigned int *matchoff, unsigned int *matchlen)
403{
404 const struct sip_header *hdr = &ct_sip_hdrs[type];
405 const char *start = dptr, *limit = dptr + datalen;
406 int shift = 0;
407
408 for (dptr += dataoff; dptr < limit; dptr++) {
409
410 if (*dptr != '\r' && *dptr != '\n')
411 continue;
412 if (++dptr >= limit)
413 break;
414 if (*(dptr - 1) == '\r' && *dptr == '\n') {
415 if (++dptr >= limit)
416 break;
417 }
418
419
420 if (*dptr == ' ' || *dptr == '\t')
421 continue;
422
423
424
425 if (limit - dptr >= hdr->len &&
426 strnicmp(dptr, hdr->name, hdr->len) == 0)
427 dptr += hdr->len;
428 else if (hdr->cname && limit - dptr >= hdr->clen + 1 &&
429 strnicmp(dptr, hdr->cname, hdr->clen) == 0 &&
430 !isalpha(*(dptr + hdr->clen)))
431 dptr += hdr->clen;
432 else
433 continue;
434
435
436 dptr = sip_skip_whitespace(dptr, limit);
437 if (dptr == NULL)
438 break;
439 if (*dptr != ':' || ++dptr >= limit)
440 break;
441
442
443 dptr = sip_skip_whitespace(dptr, limit);
444 if (dptr == NULL)
445 break;
446
447 *matchoff = dptr - start;
448 if (hdr->search) {
449 dptr = ct_sip_header_search(dptr, limit, hdr->search,
450 hdr->slen);
451 if (!dptr)
452 return -1;
453 dptr += hdr->slen;
454 }
455
456 *matchlen = hdr->match_len(ct, dptr, limit, &shift);
457 if (!*matchlen)
458 return -1;
459 *matchoff = dptr - start + shift;
460 return 1;
461 }
462 return 0;
463}
464EXPORT_SYMBOL_GPL(ct_sip_get_header);
465
466
467static int ct_sip_next_header(const struct nf_conn *ct, const char *dptr,
468 unsigned int dataoff, unsigned int datalen,
469 enum sip_header_types type,
470 unsigned int *matchoff, unsigned int *matchlen)
471{
472 const struct sip_header *hdr = &ct_sip_hdrs[type];
473 const char *start = dptr, *limit = dptr + datalen;
474 int shift = 0;
475
476 dptr += dataoff;
477
478 dptr = ct_sip_header_search(dptr, limit, ",", strlen(","));
479 if (!dptr)
480 return 0;
481
482 dptr = ct_sip_header_search(dptr, limit, hdr->search, hdr->slen);
483 if (!dptr)
484 return 0;
485 dptr += hdr->slen;
486
487 *matchoff = dptr - start;
488 *matchlen = hdr->match_len(ct, dptr, limit, &shift);
489 if (!*matchlen)
490 return -1;
491 *matchoff += shift;
492 return 1;
493}
494
495
496
497static int ct_sip_walk_headers(const struct nf_conn *ct, const char *dptr,
498 unsigned int dataoff, unsigned int datalen,
499 enum sip_header_types type, int *in_header,
500 unsigned int *matchoff, unsigned int *matchlen)
501{
502 int ret;
503
504 if (in_header && *in_header) {
505 while (1) {
506 ret = ct_sip_next_header(ct, dptr, dataoff, datalen,
507 type, matchoff, matchlen);
508 if (ret > 0)
509 return ret;
510 if (ret == 0)
511 break;
512 dataoff += *matchoff;
513 }
514 *in_header = 0;
515 }
516
517 while (1) {
518 ret = ct_sip_get_header(ct, dptr, dataoff, datalen,
519 type, matchoff, matchlen);
520 if (ret > 0)
521 break;
522 if (ret == 0)
523 return ret;
524 dataoff += *matchoff;
525 }
526
527 if (in_header)
528 *in_header = 1;
529 return 1;
530}
531
532
533
534
535
536
537int ct_sip_parse_header_uri(const struct nf_conn *ct, const char *dptr,
538 unsigned int *dataoff, unsigned int datalen,
539 enum sip_header_types type, int *in_header,
540 unsigned int *matchoff, unsigned int *matchlen,
541 union nf_inet_addr *addr, __be16 *port)
542{
543 const char *c, *limit = dptr + datalen;
544 unsigned int p;
545 int ret;
546
547 ret = ct_sip_walk_headers(ct, dptr, dataoff ? *dataoff : 0, datalen,
548 type, in_header, matchoff, matchlen);
549 WARN_ON(ret < 0);
550 if (ret == 0)
551 return ret;
552
553 if (!parse_addr(ct, dptr + *matchoff, &c, addr, limit))
554 return -1;
555 if (*c == ':') {
556 c++;
557 p = simple_strtoul(c, (char **)&c, 10);
558 if (p < 1024 || p > 65535)
559 return -1;
560 *port = htons(p);
561 } else
562 *port = htons(SIP_PORT);
563
564 if (dataoff)
565 *dataoff = c - dptr;
566 return 1;
567}
568EXPORT_SYMBOL_GPL(ct_sip_parse_header_uri);
569
570static int ct_sip_parse_param(const struct nf_conn *ct, const char *dptr,
571 unsigned int dataoff, unsigned int datalen,
572 const char *name,
573 unsigned int *matchoff, unsigned int *matchlen)
574{
575 const char *limit = dptr + datalen;
576 const char *start;
577 const char *end;
578
579 limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(","));
580 if (!limit)
581 limit = dptr + datalen;
582
583 start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name));
584 if (!start)
585 return 0;
586 start += strlen(name);
587
588 end = ct_sip_header_search(start, limit, ";", strlen(";"));
589 if (!end)
590 end = limit;
591
592 *matchoff = start - dptr;
593 *matchlen = end - start;
594 return 1;
595}
596
597
598int ct_sip_parse_address_param(const struct nf_conn *ct, const char *dptr,
599 unsigned int dataoff, unsigned int datalen,
600 const char *name,
601 unsigned int *matchoff, unsigned int *matchlen,
602 union nf_inet_addr *addr)
603{
604 const char *limit = dptr + datalen;
605 const char *start, *end;
606
607 limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(","));
608 if (!limit)
609 limit = dptr + datalen;
610
611 start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name));
612 if (!start)
613 return 0;
614
615 start += strlen(name);
616 if (!parse_addr(ct, start, &end, addr, limit))
617 return 0;
618 *matchoff = start - dptr;
619 *matchlen = end - start;
620 return 1;
621}
622EXPORT_SYMBOL_GPL(ct_sip_parse_address_param);
623
624
625int ct_sip_parse_numerical_param(const struct nf_conn *ct, const char *dptr,
626 unsigned int dataoff, unsigned int datalen,
627 const char *name,
628 unsigned int *matchoff, unsigned int *matchlen,
629 unsigned int *val)
630{
631 const char *limit = dptr + datalen;
632 const char *start;
633 char *end;
634
635 limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(","));
636 if (!limit)
637 limit = dptr + datalen;
638
639 start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name));
640 if (!start)
641 return 0;
642
643 start += strlen(name);
644 *val = simple_strtoul(start, &end, 0);
645 if (start == end)
646 return 0;
647 if (matchoff && matchlen) {
648 *matchoff = start - dptr;
649 *matchlen = end - start;
650 }
651 return 1;
652}
653EXPORT_SYMBOL_GPL(ct_sip_parse_numerical_param);
654
655static int ct_sip_parse_transport(struct nf_conn *ct, const char *dptr,
656 unsigned int dataoff, unsigned int datalen,
657 u8 *proto)
658{
659 unsigned int matchoff, matchlen;
660
661 if (ct_sip_parse_param(ct, dptr, dataoff, datalen, "transport=",
662 &matchoff, &matchlen)) {
663 if (!strnicmp(dptr + matchoff, "TCP", strlen("TCP")))
664 *proto = IPPROTO_TCP;
665 else if (!strnicmp(dptr + matchoff, "UDP", strlen("UDP")))
666 *proto = IPPROTO_UDP;
667 else
668 return 0;
669
670 if (*proto != nf_ct_protonum(ct))
671 return 0;
672 } else
673 *proto = nf_ct_protonum(ct);
674
675 return 1;
676}
677
678
679
680
681
682
683
684
685
686
687static const struct sip_header ct_sdp_hdrs[] = {
688 [SDP_HDR_VERSION] = SDP_HDR("v=", NULL, digits_len),
689 [SDP_HDR_OWNER_IP4] = SDP_HDR("o=", "IN IP4 ", epaddr_len),
690 [SDP_HDR_CONNECTION_IP4] = SDP_HDR("c=", "IN IP4 ", epaddr_len),
691 [SDP_HDR_OWNER_IP6] = SDP_HDR("o=", "IN IP6 ", epaddr_len),
692 [SDP_HDR_CONNECTION_IP6] = SDP_HDR("c=", "IN IP6 ", epaddr_len),
693 [SDP_HDR_MEDIA] = SDP_HDR("m=", NULL, media_len),
694};
695
696
697static const char *ct_sdp_header_search(const char *dptr, const char *limit,
698 const char *needle, unsigned int len)
699{
700 for (limit -= len; dptr < limit; dptr++) {
701 if (*dptr == '\r' || *dptr == '\n')
702 break;
703 if (strncmp(dptr, needle, len) == 0)
704 return dptr;
705 }
706 return NULL;
707}
708
709
710
711
712
713int ct_sip_get_sdp_header(const struct nf_conn *ct, const char *dptr,
714 unsigned int dataoff, unsigned int datalen,
715 enum sdp_header_types type,
716 enum sdp_header_types term,
717 unsigned int *matchoff, unsigned int *matchlen)
718{
719 const struct sip_header *hdr = &ct_sdp_hdrs[type];
720 const struct sip_header *thdr = &ct_sdp_hdrs[term];
721 const char *start = dptr, *limit = dptr + datalen;
722 int shift = 0;
723
724 for (dptr += dataoff; dptr < limit; dptr++) {
725
726 if (*dptr != '\r' && *dptr != '\n')
727 continue;
728 if (++dptr >= limit)
729 break;
730 if (*(dptr - 1) == '\r' && *dptr == '\n') {
731 if (++dptr >= limit)
732 break;
733 }
734
735 if (term != SDP_HDR_UNSPEC &&
736 limit - dptr >= thdr->len &&
737 strnicmp(dptr, thdr->name, thdr->len) == 0)
738 break;
739 else if (limit - dptr >= hdr->len &&
740 strnicmp(dptr, hdr->name, hdr->len) == 0)
741 dptr += hdr->len;
742 else
743 continue;
744
745 *matchoff = dptr - start;
746 if (hdr->search) {
747 dptr = ct_sdp_header_search(dptr, limit, hdr->search,
748 hdr->slen);
749 if (!dptr)
750 return -1;
751 dptr += hdr->slen;
752 }
753
754 *matchlen = hdr->match_len(ct, dptr, limit, &shift);
755 if (!*matchlen)
756 return -1;
757 *matchoff = dptr - start + shift;
758 return 1;
759 }
760 return 0;
761}
762EXPORT_SYMBOL_GPL(ct_sip_get_sdp_header);
763
764static int ct_sip_parse_sdp_addr(const struct nf_conn *ct, const char *dptr,
765 unsigned int dataoff, unsigned int datalen,
766 enum sdp_header_types type,
767 enum sdp_header_types term,
768 unsigned int *matchoff, unsigned int *matchlen,
769 union nf_inet_addr *addr)
770{
771 int ret;
772
773 ret = ct_sip_get_sdp_header(ct, dptr, dataoff, datalen, type, term,
774 matchoff, matchlen);
775 if (ret <= 0)
776 return ret;
777
778 if (!parse_addr(ct, dptr + *matchoff, NULL, addr,
779 dptr + *matchoff + *matchlen))
780 return -1;
781 return 1;
782}
783
784static int refresh_signalling_expectation(struct nf_conn *ct,
785 union nf_inet_addr *addr,
786 u8 proto, __be16 port,
787 unsigned int expires)
788{
789 struct nf_conn_help *help = nfct_help(ct);
790 struct nf_conntrack_expect *exp;
791 struct hlist_node *n, *next;
792 int found = 0;
793
794 spin_lock_bh(&nf_conntrack_lock);
795 hlist_for_each_entry_safe(exp, n, next, &help->expectations, lnode) {
796 if (exp->class != SIP_EXPECT_SIGNALLING ||
797 !nf_inet_addr_cmp(&exp->tuple.dst.u3, addr) ||
798 exp->tuple.dst.protonum != proto ||
799 exp->tuple.dst.u.udp.port != port)
800 continue;
801 if (!del_timer(&exp->timeout))
802 continue;
803 exp->flags &= ~NF_CT_EXPECT_INACTIVE;
804 exp->timeout.expires = jiffies + expires * HZ;
805 add_timer(&exp->timeout);
806 found = 1;
807 break;
808 }
809 spin_unlock_bh(&nf_conntrack_lock);
810 return found;
811}
812
813static void flush_expectations(struct nf_conn *ct, bool media)
814{
815 struct nf_conn_help *help = nfct_help(ct);
816 struct nf_conntrack_expect *exp;
817 struct hlist_node *n, *next;
818
819 spin_lock_bh(&nf_conntrack_lock);
820 hlist_for_each_entry_safe(exp, n, next, &help->expectations, lnode) {
821 if ((exp->class != SIP_EXPECT_SIGNALLING) ^ media)
822 continue;
823 if (!del_timer(&exp->timeout))
824 continue;
825 nf_ct_unlink_expect(exp);
826 nf_ct_expect_put(exp);
827 if (!media)
828 break;
829 }
830 spin_unlock_bh(&nf_conntrack_lock);
831}
832
833static int set_expected_rtp_rtcp(struct sk_buff *skb, unsigned int dataoff,
834 const char **dptr, unsigned int *datalen,
835 union nf_inet_addr *daddr, __be16 port,
836 enum sip_expectation_classes class,
837 unsigned int mediaoff, unsigned int medialen)
838{
839 struct nf_conntrack_expect *exp, *rtp_exp, *rtcp_exp;
840 enum ip_conntrack_info ctinfo;
841 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
842 struct net *net = nf_ct_net(ct);
843 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
844 union nf_inet_addr *saddr;
845 struct nf_conntrack_tuple tuple;
846 int direct_rtp = 0, skip_expect = 0, ret = NF_DROP;
847 u_int16_t base_port;
848 __be16 rtp_port, rtcp_port;
849 typeof(nf_nat_sdp_port_hook) nf_nat_sdp_port;
850 typeof(nf_nat_sdp_media_hook) nf_nat_sdp_media;
851
852 saddr = NULL;
853 if (sip_direct_media) {
854 if (!nf_inet_addr_cmp(daddr, &ct->tuplehash[dir].tuple.src.u3))
855 return NF_ACCEPT;
856 saddr = &ct->tuplehash[!dir].tuple.src.u3;
857 }
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872 memset(&tuple, 0, sizeof(tuple));
873 if (saddr)
874 tuple.src.u3 = *saddr;
875 tuple.src.l3num = nf_ct_l3num(ct);
876 tuple.dst.protonum = IPPROTO_UDP;
877 tuple.dst.u3 = *daddr;
878 tuple.dst.u.udp.port = port;
879
880 rcu_read_lock();
881 do {
882 exp = __nf_ct_expect_find(net, nf_ct_zone(ct), &tuple);
883
884 if (!exp || exp->master == ct ||
885 nfct_help(exp->master)->helper != nfct_help(ct)->helper ||
886 exp->class != class)
887 break;
888#ifdef CONFIG_NF_NAT_NEEDED
889 if (exp->tuple.src.l3num == AF_INET && !direct_rtp &&
890 (exp->saved_ip != exp->tuple.dst.u3.ip ||
891 exp->saved_proto.udp.port != exp->tuple.dst.u.udp.port) &&
892 ct->status & IPS_NAT_MASK) {
893 daddr->ip = exp->saved_ip;
894 tuple.dst.u3.ip = exp->saved_ip;
895 tuple.dst.u.udp.port = exp->saved_proto.udp.port;
896 direct_rtp = 1;
897 } else
898#endif
899 skip_expect = 1;
900 } while (!skip_expect);
901 rcu_read_unlock();
902
903 base_port = ntohs(tuple.dst.u.udp.port) & ~1;
904 rtp_port = htons(base_port);
905 rtcp_port = htons(base_port + 1);
906
907 if (direct_rtp) {
908 nf_nat_sdp_port = rcu_dereference(nf_nat_sdp_port_hook);
909 if (nf_nat_sdp_port &&
910 !nf_nat_sdp_port(skb, dataoff, dptr, datalen,
911 mediaoff, medialen, ntohs(rtp_port)))
912 goto err1;
913 }
914
915 if (skip_expect)
916 return NF_ACCEPT;
917
918 rtp_exp = nf_ct_expect_alloc(ct);
919 if (rtp_exp == NULL)
920 goto err1;
921 nf_ct_expect_init(rtp_exp, class, nf_ct_l3num(ct), saddr, daddr,
922 IPPROTO_UDP, NULL, &rtp_port);
923
924 rtcp_exp = nf_ct_expect_alloc(ct);
925 if (rtcp_exp == NULL)
926 goto err2;
927 nf_ct_expect_init(rtcp_exp, class, nf_ct_l3num(ct), saddr, daddr,
928 IPPROTO_UDP, NULL, &rtcp_port);
929
930 nf_nat_sdp_media = rcu_dereference(nf_nat_sdp_media_hook);
931 if (nf_nat_sdp_media && ct->status & IPS_NAT_MASK && !direct_rtp)
932 ret = nf_nat_sdp_media(skb, dataoff, dptr, datalen,
933 rtp_exp, rtcp_exp,
934 mediaoff, medialen, daddr);
935 else {
936 if (nf_ct_expect_related(rtp_exp) == 0) {
937 if (nf_ct_expect_related(rtcp_exp) != 0)
938 nf_ct_unexpect_related(rtp_exp);
939 else
940 ret = NF_ACCEPT;
941 }
942 }
943 nf_ct_expect_put(rtcp_exp);
944err2:
945 nf_ct_expect_put(rtp_exp);
946err1:
947 return ret;
948}
949
950static const struct sdp_media_type sdp_media_types[] = {
951 SDP_MEDIA_TYPE("audio ", SIP_EXPECT_AUDIO),
952 SDP_MEDIA_TYPE("video ", SIP_EXPECT_VIDEO),
953 SDP_MEDIA_TYPE("image ", SIP_EXPECT_IMAGE),
954};
955
956static const struct sdp_media_type *sdp_media_type(const char *dptr,
957 unsigned int matchoff,
958 unsigned int matchlen)
959{
960 const struct sdp_media_type *t;
961 unsigned int i;
962
963 for (i = 0; i < ARRAY_SIZE(sdp_media_types); i++) {
964 t = &sdp_media_types[i];
965 if (matchlen < t->len ||
966 strncmp(dptr + matchoff, t->name, t->len))
967 continue;
968 return t;
969 }
970 return NULL;
971}
972
973static int process_sdp(struct sk_buff *skb, unsigned int dataoff,
974 const char **dptr, unsigned int *datalen,
975 unsigned int cseq)
976{
977 enum ip_conntrack_info ctinfo;
978 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
979 unsigned int matchoff, matchlen;
980 unsigned int mediaoff, medialen;
981 unsigned int sdpoff;
982 unsigned int caddr_len, maddr_len;
983 unsigned int i;
984 union nf_inet_addr caddr, maddr, rtp_addr;
985 unsigned int port;
986 enum sdp_header_types c_hdr;
987 const struct sdp_media_type *t;
988 int ret = NF_ACCEPT;
989 typeof(nf_nat_sdp_addr_hook) nf_nat_sdp_addr;
990 typeof(nf_nat_sdp_session_hook) nf_nat_sdp_session;
991
992 nf_nat_sdp_addr = rcu_dereference(nf_nat_sdp_addr_hook);
993 c_hdr = nf_ct_l3num(ct) == AF_INET ? SDP_HDR_CONNECTION_IP4 :
994 SDP_HDR_CONNECTION_IP6;
995
996
997 if (ct_sip_get_sdp_header(ct, *dptr, 0, *datalen,
998 SDP_HDR_VERSION, SDP_HDR_UNSPEC,
999 &matchoff, &matchlen) <= 0)
1000 return NF_ACCEPT;
1001 sdpoff = matchoff;
1002
1003
1004
1005
1006 caddr_len = 0;
1007 if (ct_sip_parse_sdp_addr(ct, *dptr, sdpoff, *datalen,
1008 c_hdr, SDP_HDR_MEDIA,
1009 &matchoff, &matchlen, &caddr) > 0)
1010 caddr_len = matchlen;
1011
1012 mediaoff = sdpoff;
1013 for (i = 0; i < ARRAY_SIZE(sdp_media_types); ) {
1014 if (ct_sip_get_sdp_header(ct, *dptr, mediaoff, *datalen,
1015 SDP_HDR_MEDIA, SDP_HDR_UNSPEC,
1016 &mediaoff, &medialen) <= 0)
1017 break;
1018
1019
1020
1021 t = sdp_media_type(*dptr, mediaoff, medialen);
1022 if (!t) {
1023 mediaoff += medialen;
1024 continue;
1025 }
1026 mediaoff += t->len;
1027 medialen -= t->len;
1028
1029 port = simple_strtoul(*dptr + mediaoff, NULL, 10);
1030 if (port == 0)
1031 continue;
1032 if (port < 1024 || port > 65535)
1033 return NF_DROP;
1034
1035
1036 maddr_len = 0;
1037 if (ct_sip_parse_sdp_addr(ct, *dptr, mediaoff, *datalen,
1038 c_hdr, SDP_HDR_MEDIA,
1039 &matchoff, &matchlen, &maddr) > 0) {
1040 maddr_len = matchlen;
1041 memcpy(&rtp_addr, &maddr, sizeof(rtp_addr));
1042 } else if (caddr_len)
1043 memcpy(&rtp_addr, &caddr, sizeof(rtp_addr));
1044 else
1045 return NF_DROP;
1046
1047 ret = set_expected_rtp_rtcp(skb, dataoff, dptr, datalen,
1048 &rtp_addr, htons(port), t->class,
1049 mediaoff, medialen);
1050 if (ret != NF_ACCEPT)
1051 return ret;
1052
1053
1054 if (maddr_len && nf_nat_sdp_addr && ct->status & IPS_NAT_MASK) {
1055 ret = nf_nat_sdp_addr(skb, dataoff, dptr, datalen,
1056 mediaoff, c_hdr, SDP_HDR_MEDIA,
1057 &rtp_addr);
1058 if (ret != NF_ACCEPT)
1059 return ret;
1060 }
1061 i++;
1062 }
1063
1064
1065 nf_nat_sdp_session = rcu_dereference(nf_nat_sdp_session_hook);
1066 if (nf_nat_sdp_session && ct->status & IPS_NAT_MASK)
1067 ret = nf_nat_sdp_session(skb, dataoff, dptr, datalen, sdpoff,
1068 &rtp_addr);
1069
1070 return ret;
1071}
1072static int process_invite_response(struct sk_buff *skb, unsigned int dataoff,
1073 const char **dptr, unsigned int *datalen,
1074 unsigned int cseq, unsigned int code)
1075{
1076 enum ip_conntrack_info ctinfo;
1077 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1078 struct nf_conn_help *help = nfct_help(ct);
1079
1080 if ((code >= 100 && code <= 199) ||
1081 (code >= 200 && code <= 299))
1082 return process_sdp(skb, dataoff, dptr, datalen, cseq);
1083 else if (help->help.ct_sip_info.invite_cseq == cseq)
1084 flush_expectations(ct, true);
1085 return NF_ACCEPT;
1086}
1087
1088static int process_update_response(struct sk_buff *skb, unsigned int dataoff,
1089 const char **dptr, unsigned int *datalen,
1090 unsigned int cseq, unsigned int code)
1091{
1092 enum ip_conntrack_info ctinfo;
1093 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1094 struct nf_conn_help *help = nfct_help(ct);
1095
1096 if ((code >= 100 && code <= 199) ||
1097 (code >= 200 && code <= 299))
1098 return process_sdp(skb, dataoff, dptr, datalen, cseq);
1099 else if (help->help.ct_sip_info.invite_cseq == cseq)
1100 flush_expectations(ct, true);
1101 return NF_ACCEPT;
1102}
1103
1104static int process_prack_response(struct sk_buff *skb, unsigned int dataoff,
1105 const char **dptr, unsigned int *datalen,
1106 unsigned int cseq, unsigned int code)
1107{
1108 enum ip_conntrack_info ctinfo;
1109 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1110 struct nf_conn_help *help = nfct_help(ct);
1111
1112 if ((code >= 100 && code <= 199) ||
1113 (code >= 200 && code <= 299))
1114 return process_sdp(skb, dataoff, dptr, datalen, cseq);
1115 else if (help->help.ct_sip_info.invite_cseq == cseq)
1116 flush_expectations(ct, true);
1117 return NF_ACCEPT;
1118}
1119
1120static int process_invite_request(struct sk_buff *skb, unsigned int dataoff,
1121 const char **dptr, unsigned int *datalen,
1122 unsigned int cseq)
1123{
1124 enum ip_conntrack_info ctinfo;
1125 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1126 struct nf_conn_help *help = nfct_help(ct);
1127 unsigned int ret;
1128
1129 flush_expectations(ct, true);
1130 ret = process_sdp(skb, dataoff, dptr, datalen, cseq);
1131 if (ret == NF_ACCEPT)
1132 help->help.ct_sip_info.invite_cseq = cseq;
1133 return ret;
1134}
1135
1136static int process_bye_request(struct sk_buff *skb, unsigned int dataoff,
1137 const char **dptr, unsigned int *datalen,
1138 unsigned int cseq)
1139{
1140 enum ip_conntrack_info ctinfo;
1141 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1142
1143 flush_expectations(ct, true);
1144 return NF_ACCEPT;
1145}
1146
1147
1148
1149
1150
1151static int process_register_request(struct sk_buff *skb, unsigned int dataoff,
1152 const char **dptr, unsigned int *datalen,
1153 unsigned int cseq)
1154{
1155 enum ip_conntrack_info ctinfo;
1156 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1157 struct nf_conn_help *help = nfct_help(ct);
1158 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
1159 unsigned int matchoff, matchlen;
1160 struct nf_conntrack_expect *exp;
1161 union nf_inet_addr *saddr, daddr;
1162 __be16 port;
1163 u8 proto;
1164 unsigned int expires = 0;
1165 int ret;
1166 typeof(nf_nat_sip_expect_hook) nf_nat_sip_expect;
1167
1168
1169 if (ct->status & IPS_EXPECTED)
1170 return NF_ACCEPT;
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_EXPIRES,
1181 &matchoff, &matchlen) > 0)
1182 expires = simple_strtoul(*dptr + matchoff, NULL, 10);
1183
1184 ret = ct_sip_parse_header_uri(ct, *dptr, NULL, *datalen,
1185 SIP_HDR_CONTACT, NULL,
1186 &matchoff, &matchlen, &daddr, &port);
1187 if (ret < 0)
1188 return NF_DROP;
1189 else if (ret == 0)
1190 return NF_ACCEPT;
1191
1192
1193 if (!nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.src.u3, &daddr))
1194 return NF_ACCEPT;
1195
1196 if (ct_sip_parse_transport(ct, *dptr, matchoff + matchlen, *datalen,
1197 &proto) == 0)
1198 return NF_ACCEPT;
1199
1200 if (ct_sip_parse_numerical_param(ct, *dptr,
1201 matchoff + matchlen, *datalen,
1202 "expires=", NULL, NULL, &expires) < 0)
1203 return NF_DROP;
1204
1205 if (expires == 0) {
1206 ret = NF_ACCEPT;
1207 goto store_cseq;
1208 }
1209
1210 exp = nf_ct_expect_alloc(ct);
1211 if (!exp)
1212 return NF_DROP;
1213
1214 saddr = NULL;
1215 if (sip_direct_signalling)
1216 saddr = &ct->tuplehash[!dir].tuple.src.u3;
1217
1218 nf_ct_expect_init(exp, SIP_EXPECT_SIGNALLING, nf_ct_l3num(ct),
1219 saddr, &daddr, proto, NULL, &port);
1220 exp->timeout.expires = sip_timeout * HZ;
1221 exp->helper = nfct_help(ct)->helper;
1222 exp->flags = NF_CT_EXPECT_PERMANENT | NF_CT_EXPECT_INACTIVE;
1223
1224 nf_nat_sip_expect = rcu_dereference(nf_nat_sip_expect_hook);
1225 if (nf_nat_sip_expect && ct->status & IPS_NAT_MASK)
1226 ret = nf_nat_sip_expect(skb, dataoff, dptr, datalen, exp,
1227 matchoff, matchlen);
1228 else {
1229 if (nf_ct_expect_related(exp) != 0)
1230 ret = NF_DROP;
1231 else
1232 ret = NF_ACCEPT;
1233 }
1234 nf_ct_expect_put(exp);
1235
1236store_cseq:
1237 if (ret == NF_ACCEPT)
1238 help->help.ct_sip_info.register_cseq = cseq;
1239 return ret;
1240}
1241
1242static int process_register_response(struct sk_buff *skb, unsigned int dataoff,
1243 const char **dptr, unsigned int *datalen,
1244 unsigned int cseq, unsigned int code)
1245{
1246 enum ip_conntrack_info ctinfo;
1247 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1248 struct nf_conn_help *help = nfct_help(ct);
1249 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
1250 union nf_inet_addr addr;
1251 __be16 port;
1252 u8 proto;
1253 unsigned int matchoff, matchlen, coff = 0;
1254 unsigned int expires = 0;
1255 int in_contact = 0, ret;
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265 if (help->help.ct_sip_info.register_cseq != cseq)
1266 return NF_ACCEPT;
1267
1268 if (code >= 100 && code <= 199)
1269 return NF_ACCEPT;
1270 if (code < 200 || code > 299)
1271 goto flush;
1272
1273 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_EXPIRES,
1274 &matchoff, &matchlen) > 0)
1275 expires = simple_strtoul(*dptr + matchoff, NULL, 10);
1276
1277 while (1) {
1278 unsigned int c_expires = expires;
1279
1280 ret = ct_sip_parse_header_uri(ct, *dptr, &coff, *datalen,
1281 SIP_HDR_CONTACT, &in_contact,
1282 &matchoff, &matchlen,
1283 &addr, &port);
1284 if (ret < 0)
1285 return NF_DROP;
1286 else if (ret == 0)
1287 break;
1288
1289
1290 if (!nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.dst.u3, &addr))
1291 continue;
1292
1293 if (ct_sip_parse_transport(ct, *dptr, matchoff + matchlen,
1294 *datalen, &proto) == 0)
1295 continue;
1296
1297 ret = ct_sip_parse_numerical_param(ct, *dptr,
1298 matchoff + matchlen,
1299 *datalen, "expires=",
1300 NULL, NULL, &c_expires);
1301 if (ret < 0)
1302 return NF_DROP;
1303 if (c_expires == 0)
1304 break;
1305 if (refresh_signalling_expectation(ct, &addr, proto, port,
1306 c_expires))
1307 return NF_ACCEPT;
1308 }
1309
1310flush:
1311 flush_expectations(ct, false);
1312 return NF_ACCEPT;
1313}
1314
1315static const struct sip_handler sip_handlers[] = {
1316 SIP_HANDLER("INVITE", process_invite_request, process_invite_response),
1317 SIP_HANDLER("UPDATE", process_sdp, process_update_response),
1318 SIP_HANDLER("ACK", process_sdp, NULL),
1319 SIP_HANDLER("PRACK", process_sdp, process_prack_response),
1320 SIP_HANDLER("BYE", process_bye_request, NULL),
1321 SIP_HANDLER("REGISTER", process_register_request, process_register_response),
1322};
1323
1324static int process_sip_response(struct sk_buff *skb, unsigned int dataoff,
1325 const char **dptr, unsigned int *datalen)
1326{
1327 enum ip_conntrack_info ctinfo;
1328 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1329 unsigned int matchoff, matchlen, matchend;
1330 unsigned int code, cseq, i;
1331
1332 if (*datalen < strlen("SIP/2.0 200"))
1333 return NF_ACCEPT;
1334 code = simple_strtoul(*dptr + strlen("SIP/2.0 "), NULL, 10);
1335 if (!code)
1336 return NF_DROP;
1337
1338 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_CSEQ,
1339 &matchoff, &matchlen) <= 0)
1340 return NF_DROP;
1341 cseq = simple_strtoul(*dptr + matchoff, NULL, 10);
1342 if (!cseq)
1343 return NF_DROP;
1344 matchend = matchoff + matchlen + 1;
1345
1346 for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) {
1347 const struct sip_handler *handler;
1348
1349 handler = &sip_handlers[i];
1350 if (handler->response == NULL)
1351 continue;
1352 if (*datalen < matchend + handler->len ||
1353 strnicmp(*dptr + matchend, handler->method, handler->len))
1354 continue;
1355 return handler->response(skb, dataoff, dptr, datalen,
1356 cseq, code);
1357 }
1358 return NF_ACCEPT;
1359}
1360
1361static int process_sip_request(struct sk_buff *skb, unsigned int dataoff,
1362 const char **dptr, unsigned int *datalen)
1363{
1364 enum ip_conntrack_info ctinfo;
1365 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1366 unsigned int matchoff, matchlen;
1367 unsigned int cseq, i;
1368
1369 for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) {
1370 const struct sip_handler *handler;
1371
1372 handler = &sip_handlers[i];
1373 if (handler->request == NULL)
1374 continue;
1375 if (*datalen < handler->len ||
1376 strnicmp(*dptr, handler->method, handler->len))
1377 continue;
1378
1379 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_CSEQ,
1380 &matchoff, &matchlen) <= 0)
1381 return NF_DROP;
1382 cseq = simple_strtoul(*dptr + matchoff, NULL, 10);
1383 if (!cseq)
1384 return NF_DROP;
1385
1386 return handler->request(skb, dataoff, dptr, datalen, cseq);
1387 }
1388 return NF_ACCEPT;
1389}
1390
1391static int process_sip_msg(struct sk_buff *skb, struct nf_conn *ct,
1392 unsigned int dataoff, const char **dptr,
1393 unsigned int *datalen)
1394{
1395 typeof(nf_nat_sip_hook) nf_nat_sip;
1396 int ret;
1397
1398 if (strnicmp(*dptr, "SIP/2.0 ", strlen("SIP/2.0 ")) != 0)
1399 ret = process_sip_request(skb, dataoff, dptr, datalen);
1400 else
1401 ret = process_sip_response(skb, dataoff, dptr, datalen);
1402
1403 if (ret == NF_ACCEPT && ct->status & IPS_NAT_MASK) {
1404 nf_nat_sip = rcu_dereference(nf_nat_sip_hook);
1405 if (nf_nat_sip && !nf_nat_sip(skb, dataoff, dptr, datalen))
1406 ret = NF_DROP;
1407 }
1408
1409 return ret;
1410}
1411
1412static int sip_help_tcp(struct sk_buff *skb, unsigned int protoff,
1413 struct nf_conn *ct, enum ip_conntrack_info ctinfo)
1414{
1415 struct tcphdr *th, _tcph;
1416 unsigned int dataoff, datalen;
1417 unsigned int matchoff, matchlen, clen;
1418 unsigned int msglen, origlen;
1419 const char *dptr, *end;
1420 s16 diff, tdiff = 0;
1421 int ret = NF_ACCEPT;
1422 typeof(nf_nat_sip_seq_adjust_hook) nf_nat_sip_seq_adjust;
1423
1424 if (ctinfo != IP_CT_ESTABLISHED &&
1425 ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY)
1426 return NF_ACCEPT;
1427
1428
1429 th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph);
1430 if (th == NULL)
1431 return NF_ACCEPT;
1432 dataoff = protoff + th->doff * 4;
1433 if (dataoff >= skb->len)
1434 return NF_ACCEPT;
1435
1436 nf_ct_refresh(ct, skb, sip_timeout * HZ);
1437
1438 if (unlikely(skb_linearize(skb)))
1439 return NF_DROP;
1440
1441 dptr = skb->data + dataoff;
1442 datalen = skb->len - dataoff;
1443 if (datalen < strlen("SIP/2.0 200"))
1444 return NF_ACCEPT;
1445
1446 while (1) {
1447 if (ct_sip_get_header(ct, dptr, 0, datalen,
1448 SIP_HDR_CONTENT_LENGTH,
1449 &matchoff, &matchlen) <= 0)
1450 break;
1451
1452 clen = simple_strtoul(dptr + matchoff, (char **)&end, 10);
1453 if (dptr + matchoff == end)
1454 break;
1455
1456 if (end + strlen("\r\n\r\n") > dptr + datalen)
1457 break;
1458 if (end[0] != '\r' || end[1] != '\n' ||
1459 end[2] != '\r' || end[3] != '\n')
1460 break;
1461 end += strlen("\r\n\r\n") + clen;
1462
1463 msglen = origlen = end - dptr;
1464
1465 ret = process_sip_msg(skb, ct, dataoff, &dptr, &msglen);
1466 if (ret != NF_ACCEPT)
1467 break;
1468 diff = msglen - origlen;
1469 tdiff += diff;
1470
1471 dataoff += msglen;
1472 dptr += msglen;
1473 datalen = datalen + diff - msglen;
1474 }
1475
1476 if (ret == NF_ACCEPT && ct->status & IPS_NAT_MASK) {
1477 nf_nat_sip_seq_adjust = rcu_dereference(nf_nat_sip_seq_adjust_hook);
1478 if (nf_nat_sip_seq_adjust)
1479 nf_nat_sip_seq_adjust(skb, tdiff);
1480 }
1481
1482 return ret;
1483}
1484
1485static int sip_help_udp(struct sk_buff *skb, unsigned int protoff,
1486 struct nf_conn *ct, enum ip_conntrack_info ctinfo)
1487{
1488 unsigned int dataoff, datalen;
1489 const char *dptr;
1490
1491
1492 dataoff = protoff + sizeof(struct udphdr);
1493 if (dataoff >= skb->len)
1494 return NF_ACCEPT;
1495
1496 nf_ct_refresh(ct, skb, sip_timeout * HZ);
1497
1498 if (unlikely(skb_linearize(skb)))
1499 return NF_DROP;
1500
1501 dptr = skb->data + dataoff;
1502 datalen = skb->len - dataoff;
1503 if (datalen < strlen("SIP/2.0 200"))
1504 return NF_ACCEPT;
1505
1506 return process_sip_msg(skb, ct, dataoff, &dptr, &datalen);
1507}
1508
1509static struct nf_conntrack_helper sip[MAX_PORTS][4] __read_mostly;
1510static char sip_names[MAX_PORTS][4][sizeof("sip-65535")] __read_mostly;
1511
1512static const struct nf_conntrack_expect_policy sip_exp_policy[SIP_EXPECT_MAX + 1] = {
1513 [SIP_EXPECT_SIGNALLING] = {
1514 .name = "signalling",
1515 .max_expected = 1,
1516 .timeout = 3 * 60,
1517 },
1518 [SIP_EXPECT_AUDIO] = {
1519 .name = "audio",
1520 .max_expected = 2 * IP_CT_DIR_MAX,
1521 .timeout = 3 * 60,
1522 },
1523 [SIP_EXPECT_VIDEO] = {
1524 .name = "video",
1525 .max_expected = 2 * IP_CT_DIR_MAX,
1526 .timeout = 3 * 60,
1527 },
1528 [SIP_EXPECT_IMAGE] = {
1529 .name = "image",
1530 .max_expected = IP_CT_DIR_MAX,
1531 .timeout = 3 * 60,
1532 },
1533};
1534
1535static void nf_conntrack_sip_fini(void)
1536{
1537 int i, j;
1538
1539 for (i = 0; i < ports_c; i++) {
1540 for (j = 0; j < ARRAY_SIZE(sip[i]); j++) {
1541 if (sip[i][j].me == NULL)
1542 continue;
1543 nf_conntrack_helper_unregister(&sip[i][j]);
1544 }
1545 }
1546}
1547
1548static int __init nf_conntrack_sip_init(void)
1549{
1550 int i, j, ret;
1551 char *tmpname;
1552
1553 if (ports_c == 0)
1554 ports[ports_c++] = SIP_PORT;
1555
1556 for (i = 0; i < ports_c; i++) {
1557 memset(&sip[i], 0, sizeof(sip[i]));
1558
1559 sip[i][0].tuple.src.l3num = AF_INET;
1560 sip[i][0].tuple.dst.protonum = IPPROTO_UDP;
1561 sip[i][0].help = sip_help_udp;
1562 sip[i][1].tuple.src.l3num = AF_INET;
1563 sip[i][1].tuple.dst.protonum = IPPROTO_TCP;
1564 sip[i][1].help = sip_help_tcp;
1565
1566 sip[i][2].tuple.src.l3num = AF_INET6;
1567 sip[i][2].tuple.dst.protonum = IPPROTO_UDP;
1568 sip[i][2].help = sip_help_udp;
1569 sip[i][3].tuple.src.l3num = AF_INET6;
1570 sip[i][3].tuple.dst.protonum = IPPROTO_TCP;
1571 sip[i][3].help = sip_help_tcp;
1572
1573 for (j = 0; j < ARRAY_SIZE(sip[i]); j++) {
1574 sip[i][j].tuple.src.u.udp.port = htons(ports[i]);
1575 sip[i][j].expect_policy = sip_exp_policy;
1576 sip[i][j].expect_class_max = SIP_EXPECT_MAX;
1577 sip[i][j].me = THIS_MODULE;
1578
1579 tmpname = &sip_names[i][j][0];
1580 if (ports[i] == SIP_PORT)
1581 sprintf(tmpname, "sip");
1582 else
1583 sprintf(tmpname, "sip-%u", i);
1584 sip[i][j].name = tmpname;
1585
1586 pr_debug("port #%u: %u\n", i, ports[i]);
1587
1588 ret = nf_conntrack_helper_register(&sip[i][j]);
1589 if (ret) {
1590 printk(KERN_ERR "nf_ct_sip: failed to register"
1591 " helper for pf: %u port: %u\n",
1592 sip[i][j].tuple.src.l3num, ports[i]);
1593 nf_conntrack_sip_fini();
1594 return ret;
1595 }
1596 }
1597 }
1598 return 0;
1599}
1600
1601module_init(nf_conntrack_sip_init);
1602module_exit(nf_conntrack_sip_fini);
1603
