LXR linux/net/netfilter/nf_conntrack

   1/* SIP extension for IP connection tracking.
   2 *
   3 * (C) 2005 by Christian Hentschel <chentschel@arnet.com.ar>
   4 * based on RR's ip_conntrack_ftp.c and other modules.
   5 * (C) 2007 United Security Providers
   6 * (C) 2007, 2008 Patrick McHardy <kaber@trash.net>
   7 *
   8 * This program is free software; you can redistribute it and/or modify
   9 * it under the terms of the GNU General Public License version 2 as
  10 * published by the Free Software Foundation.
  11 */
  12
  13#include <linux/module.h>
  14#include <linux/ctype.h>
  15#include <linux/skbuff.h>
  16#include <linux/inet.h>
  17#include <linux/in.h>
  18#include <linux/udp.h>
  19#include <linux/tcp.h>
  20#include <linux/netfilter.h>
  21
  22#include <net/netfilter/nf_conntrack.h>
  23#include <net/netfilter/nf_conntrack_core.h>
  24#include <net/netfilter/nf_conntrack_expect.h>
  25#include <net/netfilter/nf_conntrack_helper.h>
  26#include <net/netfilter/nf_conntrack_zones.h>
  27#include <linux/netfilter/nf_conntrack_sip.h>
  28
  29MODULE_LICENSE("GPL");
  30MODULE_AUTHOR("Christian Hentschel <chentschel@arnet.com.ar>");
  31MODULE_DESCRIPTION("SIP connection tracking helper");
  32MODULE_ALIAS("ip_conntrack_sip");
  33MODULE_ALIAS_NFCT_HELPER("sip");
  34
  35#define MAX_PORTS       8
  36static unsigned short ports[MAX_PORTS];
  37static unsigned int ports_c;
  38module_param_array(ports, ushort, &ports_c, 0400);
  39MODULE_PARM_DESC(ports, "port numbers of SIP servers");
  40
  41static unsigned int sip_timeout __read_mostly = SIP_TIMEOUT;
  42module_param(sip_timeout, uint, 0600);
  43MODULE_PARM_DESC(sip_timeout, "timeout for the master SIP session");
  44
  45static int sip_direct_signalling __read_mostly = 1;
  46module_param(sip_direct_signalling, int, 0600);
  47MODULE_PARM_DESC(sip_direct_signalling, "expect incoming calls from registrar "
  48                                        "only (default 1)");
  49
  50static int sip_direct_media __read_mostly = 1;
  51module_param(sip_direct_media, int, 0600);
  52MODULE_PARM_DESC(sip_direct_media, "Expect Media streams between signalling "
  53                                   "endpoints only (default 1)");
  54
  55unsigned int (*nf_nat_sip_hook)(struct sk_buff *skb, unsigned int protoff,
  56                                unsigned int dataoff, const char **dptr,
  57                                unsigned int *datalen) __read_mostly;
  58EXPORT_SYMBOL_GPL(nf_nat_sip_hook);
  59
  60void (*nf_nat_sip_seq_adjust_hook)(struct sk_buff *skb, unsigned int protoff,
  61                                   s16 off) __read_mostly;
  62EXPORT_SYMBOL_GPL(nf_nat_sip_seq_adjust_hook);
  63
  64unsigned int (*nf_nat_sip_expect_hook)(struct sk_buff *skb,
  65                                       unsigned int protoff,
  66                                       unsigned int dataoff,
  67                                       const char **dptr,
  68                                       unsigned int *datalen,
  69                                       struct nf_conntrack_expect *exp,
  70                                       unsigned int matchoff,
  71                                       unsigned int matchlen) __read_mostly;
  72EXPORT_SYMBOL_GPL(nf_nat_sip_expect_hook);
  73
  74unsigned int (*nf_nat_sdp_addr_hook)(struct sk_buff *skb, unsigned int protoff,
  75                                     unsigned int dataoff,
  76                                     const char **dptr,
  77                                     unsigned int *datalen,
  78                                     unsigned int sdpoff,
  79                                     enum sdp_header_types type,
  80                                     enum sdp_header_types term,
  81                                     const union nf_inet_addr *addr)
  82                                     __read_mostly;
  83EXPORT_SYMBOL_GPL(nf_nat_sdp_addr_hook);
  84
  85unsigned int (*nf_nat_sdp_port_hook)(struct sk_buff *skb, unsigned int protoff,
  86                                     unsigned int dataoff,
  87                                     const char **dptr,
  88                                     unsigned int *datalen,
  89                                     unsigned int matchoff,
  90                                     unsigned int matchlen,
  91                                     u_int16_t port) __read_mostly;
  92EXPORT_SYMBOL_GPL(nf_nat_sdp_port_hook);
  93
  94unsigned int (*nf_nat_sdp_session_hook)(struct sk_buff *skb,
  95                                        unsigned int protoff,
  96                                        unsigned int dataoff,
  97                                        const char **dptr,
  98                                        unsigned int *datalen,
  99                                        unsigned int sdpoff,
 100                                        const union nf_inet_addr *addr)
 101                                        __read_mostly;
 102EXPORT_SYMBOL_GPL(nf_nat_sdp_session_hook);
 103
 104unsigned int (*nf_nat_sdp_media_hook)(struct sk_buff *skb, unsigned int protoff,
 105                                      unsigned int dataoff,
 106                                      const char **dptr,
 107                                      unsigned int *datalen,
 108                                      struct nf_conntrack_expect *rtp_exp,
 109                                      struct nf_conntrack_expect *rtcp_exp,
 110                                      unsigned int mediaoff,
 111                                      unsigned int medialen,
 112                                      union nf_inet_addr *rtp_addr)
 113                                      __read_mostly;
 114EXPORT_SYMBOL_GPL(nf_nat_sdp_media_hook);
 115
 116static int string_len(const struct nf_conn *ct, const char *dptr,
 117                      const char *limit, int *shift)
 118{
 119        int len = 0;
 120
 121        while (dptr < limit && isalpha(*dptr)) {
 122                dptr++;
 123                len++;
 124        }
 125        return len;
 126}
 127
 128static int digits_len(const struct nf_conn *ct, const char *dptr,
 129                      const char *limit, int *shift)
 130{
 131        int len = 0;
 132        while (dptr < limit && isdigit(*dptr)) {
 133                dptr++;
 134                len++;
 135        }
 136        return len;
 137}
 138
 139static int iswordc(const char c)
 140{
 141        if (isalnum(c) || c == '!' || c == '"' || c == '%' ||
 142            (c >= '(' && c <= '/') || c == ':' || c == '<' || c == '>' ||
 143            c == '?' || (c >= '[' && c <= ']') || c == '_' || c == '`' ||
 144            c == '{' || c == '}' || c == '~')
 145                return 1;
 146        return 0;
 147}
 148
 149static int word_len(const char *dptr, const char *limit)
 150{
 151        int len = 0;
 152        while (dptr < limit && iswordc(*dptr)) {
 153                dptr++;
 154                len++;
 155        }
 156        return len;
 157}
 158
 159static int callid_len(const struct nf_conn *ct, const char *dptr,
 160                      const char *limit, int *shift)
 161{
 162        int len, domain_len;
 163
 164        len = word_len(dptr, limit);
 165        dptr += len;
 166        if (!len || dptr == limit || *dptr != '@')
 167                return len;
 168        dptr++;
 169        len++;
 170
 171        domain_len = word_len(dptr, limit);
 172        if (!domain_len)
 173                return 0;
 174        return len + domain_len;
 175}
 176
 177/* get media type + port length */
 178static int media_len(const struct nf_conn *ct, const char *dptr,
 179                     const char *limit, int *shift)
 180{
 181        int len = string_len(ct, dptr, limit, shift);
 182
 183        dptr += len;
 184        if (dptr >= limit || *dptr != ' ')
 185                return 0;
 186        len++;
 187        dptr++;
 188
 189        return len + digits_len(ct, dptr, limit, shift);
 190}
 191
 192static int sip_parse_addr(const struct nf_conn *ct, const char *cp,
 193                          const char **endp, union nf_inet_addr *addr,
 194                          const char *limit, bool delim)
 195{
 196        const char *end;
 197        int ret;
 198
 199        if (!ct)
 200                return 0;
 201
 202        memset(addr, 0, sizeof(*addr));
 203        switch (nf_ct_l3num(ct)) {
 204        case AF_INET:
 205                ret = in4_pton(cp, limit - cp, (u8 *)&addr->ip, -1, &end);
 206                if (ret == 0)
 207                        return 0;
 208                break;
 209        case AF_INET6:
 210                if (cp < limit && *cp == '[')
 211                        cp++;
 212                else if (delim)
 213                        return 0;
 214
 215                ret = in6_pton(cp, limit - cp, (u8 *)&addr->ip6, -1, &end);
 216                if (ret == 0)
 217                        return 0;
 218
 219                if (end < limit && *end == ']')
 220                        end++;
 221                else if (delim)
 222                        return 0;
 223                break;
 224        default:
 225                BUG();
 226        }
 227
 228        if (endp)
 229                *endp = end;
 230        return 1;
 231}
 232
 233/* skip ip address. returns its length. */
 234static int epaddr_len(const struct nf_conn *ct, const char *dptr,
 235                      const char *limit, int *shift)
 236{
 237        union nf_inet_addr addr;
 238        const char *aux = dptr;
 239
 240        if (!sip_parse_addr(ct, dptr, &dptr, &addr, limit, true)) {
 241                pr_debug("ip: %s parse failed.!\n", dptr);
 242                return 0;
 243        }
 244
 245        /* Port number */
 246        if (*dptr == ':') {
 247                dptr++;
 248                dptr += digits_len(ct, dptr, limit, shift);
 249        }
 250        return dptr - aux;
 251}
 252
 253/* get address length, skiping user info. */
 254static int skp_epaddr_len(const struct nf_conn *ct, const char *dptr,
 255                          const char *limit, int *shift)
 256{
 257        const char *start = dptr;
 258        int s = *shift;
 259
 260        /* Search for @, but stop at the end of the line.
 261         * We are inside a sip: URI, so we don't need to worry about
 262         * continuation lines. */
 263        while (dptr < limit &&
 264               *dptr != '@' && *dptr != '\r' && *dptr != '\n') {
 265                (*shift)++;
 266                dptr++;
 267        }
 268
 269        if (dptr < limit && *dptr == '@') {
 270                dptr++;
 271                (*shift)++;
 272        } else {
 273                dptr = start;
 274                *shift = s;
 275        }
 276
 277        return epaddr_len(ct, dptr, limit, shift);
 278}
 279
 280/* Parse a SIP request line of the form:
 281 *
 282 * Request-Line = Method SP Request-URI SP SIP-Version CRLF
 283 *
 284 * and return the offset and length of the address contained in the Request-URI.
 285 */
 286int ct_sip_parse_request(const struct nf_conn *ct,
 287                         const char *dptr, unsigned int datalen,
 288                         unsigned int *matchoff, unsigned int *matchlen,
 289                         union nf_inet_addr *addr, __be16 *port)
 290{
 291        const char *start = dptr, *limit = dptr + datalen, *end;
 292        unsigned int mlen;
 293        unsigned int p;
 294        int shift = 0;
 295
 296        /* Skip method and following whitespace */
 297        mlen = string_len(ct, dptr, limit, NULL);
 298        if (!mlen)
 299                return 0;
 300        dptr += mlen;
 301        if (++dptr >= limit)
 302                return 0;
 303
 304        /* Find SIP URI */
 305        for (; dptr < limit - strlen("sip:"); dptr++) {
 306                if (*dptr == '\r' || *dptr == '\n')
 307                        return -1;
 308                if (strnicmp(dptr, "sip:", strlen("sip:")) == 0) {
 309                        dptr += strlen("sip:");
 310                        break;
 311                }
 312        }
 313        if (!skp_epaddr_len(ct, dptr, limit, &shift))
 314                return 0;
 315        dptr += shift;
 316
 317        if (!sip_parse_addr(ct, dptr, &end, addr, limit, true))
 318                return -1;
 319        if (end < limit && *end == ':') {
 320                end++;
 321                p = simple_strtoul(end, (char **)&end, 10);
 322                if (p < 1024 || p > 65535)
 323                        return -1;
 324                *port = htons(p);
 325        } else
 326                *port = htons(SIP_PORT);
 327
 328        if (end == dptr)
 329                return 0;
 330        *matchoff = dptr - start;
 331        *matchlen = end - dptr;
 332        return 1;
 333}
 334EXPORT_SYMBOL_GPL(ct_sip_parse_request);
 335
 336/* SIP header parsing: SIP headers are located at the beginning of a line, but
 337 * may span several lines, in which case the continuation lines begin with a
 338 * whitespace character. RFC 2543 allows lines to be terminated with CR, LF or
 339 * CRLF, RFC 3261 allows only CRLF, we support both.
 340 *
 341 * Headers are followed by (optionally) whitespace, a colon, again (optionally)
 342 * whitespace and the values. Whitespace in this context means any amount of
 343 * tabs, spaces and continuation lines, which are treated as a single whitespace
 344 * character.
 345 *
 346 * Some headers may appear multiple times. A comma separated list of values is
 347 * equivalent to multiple headers.
 348 */
 349static const struct sip_header ct_sip_hdrs[] = {
 350        [SIP_HDR_CSEQ]                  = SIP_HDR("CSeq", NULL, NULL, digits_len),
 351        [SIP_HDR_FROM]                  = SIP_HDR("From", "f", "sip:", skp_epaddr_len),
 352        [SIP_HDR_TO]                    = SIP_HDR("To", "t", "sip:", skp_epaddr_len),
 353        [SIP_HDR_CONTACT]               = SIP_HDR("Contact", "m", "sip:", skp_epaddr_len),
 354        [SIP_HDR_VIA_UDP]               = SIP_HDR("Via", "v", "UDP ", epaddr_len),
 355        [SIP_HDR_VIA_TCP]               = SIP_HDR("Via", "v", "TCP ", epaddr_len),
 356        [SIP_HDR_EXPIRES]               = SIP_HDR("Expires", NULL, NULL, digits_len),
 357        [SIP_HDR_CONTENT_LENGTH]        = SIP_HDR("Content-Length", "l", NULL, digits_len),
 358        [SIP_HDR_CALL_ID]               = SIP_HDR("Call-Id", "i", NULL, callid_len),
 359};
 360
 361static const char *sip_follow_continuation(const char *dptr, const char *limit)
 362{
 363        /* Walk past newline */
 364        if (++dptr >= limit)
 365                return NULL;
 366
 367        /* Skip '\n' in CR LF */
 368        if (*(dptr - 1) == '\r' && *dptr == '\n') {
 369                if (++dptr >= limit)
 370                        return NULL;
 371        }
 372
 373        /* Continuation line? */
 374        if (*dptr != ' ' && *dptr != '\t')
 375                return NULL;
 376
 377        /* skip leading whitespace */
 378        for (; dptr < limit; dptr++) {
 379                if (*dptr != ' ' && *dptr != '\t')
 380                        break;
 381        }
 382        return dptr;
 383}
 384
 385static const char *sip_skip_whitespace(const char *dptr, const char *limit)
 386{
 387        for (; dptr < limit; dptr++) {
 388                if (*dptr == ' ')
 389                        continue;
 390                if (*dptr != '\r' && *dptr != '\n')
 391                        break;
 392                dptr = sip_follow_continuation(dptr, limit);
 393                if (dptr == NULL)
 394                        return NULL;
 395        }
 396        return dptr;
 397}
 398
 399/* Search within a SIP header value, dealing with continuation lines */
 400static const char *ct_sip_header_search(const char *dptr, const char *limit,
 401                                        const char *needle, unsigned int len)
 402{
 403        for (limit -= len; dptr < limit; dptr++) {
 404                if (*dptr == '\r' || *dptr == '\n') {
 405                        dptr = sip_follow_continuation(dptr, limit);
 406                        if (dptr == NULL)
 407                                break;
 408                        continue;
 409                }
 410
 411                if (strnicmp(dptr, needle, len) == 0)
 412                        return dptr;
 413        }
 414        return NULL;
 415}
 416
 417int ct_sip_get_header(const struct nf_conn *ct, const char *dptr,
 418                      unsigned int dataoff, unsigned int datalen,
 419                      enum sip_header_types type,
 420                      unsigned int *matchoff, unsigned int *matchlen)
 421{
 422        const struct sip_header *hdr = &ct_sip_hdrs[type];
 423        const char *start = dptr, *limit = dptr + datalen;
 424        int shift = 0;
 425
 426        for (dptr += dataoff; dptr < limit; dptr++) {
 427                /* Find beginning of line */
 428                if (*dptr != '\r' && *dptr != '\n')
 429                        continue;
 430                if (++dptr >= limit)
 431                        break;
 432                if (*(dptr - 1) == '\r' && *dptr == '\n') {
 433                        if (++dptr >= limit)
 434                                break;
 435                }
 436
 437                /* Skip continuation lines */
 438                if (*dptr == ' ' || *dptr == '\t')
 439                        continue;
 440
 441                /* Find header. Compact headers must be followed by a
 442                 * non-alphabetic character to avoid mismatches. */
 443                if (limit - dptr >= hdr->len &&
 444                    strnicmp(dptr, hdr->name, hdr->len) == 0)
 445                        dptr += hdr->len;
 446                else if (hdr->cname && limit - dptr >= hdr->clen + 1 &&
 447                         strnicmp(dptr, hdr->cname, hdr->clen) == 0 &&
 448                         !isalpha(*(dptr + hdr->clen)))
 449                        dptr += hdr->clen;
 450                else
 451                        continue;
 452
 453                /* Find and skip colon */
 454                dptr = sip_skip_whitespace(dptr, limit);
 455                if (dptr == NULL)
 456                        break;
 457                if (*dptr != ':' || ++dptr >= limit)
 458                        break;
 459
 460                /* Skip whitespace after colon */
 461                dptr = sip_skip_whitespace(dptr, limit);
 462                if (dptr == NULL)
 463                        break;
 464
 465                *matchoff = dptr - start;
 466                if (hdr->search) {
 467                        dptr = ct_sip_header_search(dptr, limit, hdr->search,
 468                                                    hdr->slen);
 469                        if (!dptr)
 470                                return -1;
 471                        dptr += hdr->slen;
 472                }
 473
 474                *matchlen = hdr->match_len(ct, dptr, limit, &shift);
 475                if (!*matchlen)
 476                        return -1;
 477                *matchoff = dptr - start + shift;
 478                return 1;
 479        }
 480        return 0;
 481}
 482EXPORT_SYMBOL_GPL(ct_sip_get_header);
 483
 484/* Get next header field in a list of comma separated values */
 485static int ct_sip_next_header(const struct nf_conn *ct, const char *dptr,
 486                              unsigned int dataoff, unsigned int datalen,
 487                              enum sip_header_types type,
 488                              unsigned int *matchoff, unsigned int *matchlen)
 489{
 490        const struct sip_header *hdr = &ct_sip_hdrs[type];
 491        const char *start = dptr, *limit = dptr + datalen;
 492        int shift = 0;
 493
 494        dptr += dataoff;
 495
 496        dptr = ct_sip_header_search(dptr, limit, ",", strlen(","));
 497        if (!dptr)
 498                return 0;
 499
 500        dptr = ct_sip_header_search(dptr, limit, hdr->search, hdr->slen);
 501        if (!dptr)
 502                return 0;
 503        dptr += hdr->slen;
 504
 505        *matchoff = dptr - start;
 506        *matchlen = hdr->match_len(ct, dptr, limit, &shift);
 507        if (!*matchlen)
 508                return -1;
 509        *matchoff += shift;
 510        return 1;
 511}
 512
 513/* Walk through headers until a parsable one is found or no header of the
 514 * given type is left. */
 515static int ct_sip_walk_headers(const struct nf_conn *ct, const char *dptr,
 516                               unsigned int dataoff, unsigned int datalen,
 517                               enum sip_header_types type, int *in_header,
 518                               unsigned int *matchoff, unsigned int *matchlen)
 519{
 520        int ret;
 521
 522        if (in_header && *in_header) {
 523                while (1) {
 524                        ret = ct_sip_next_header(ct, dptr, dataoff, datalen,
 525                                                 type, matchoff, matchlen);
 526                        if (ret > 0)
 527                                return ret;
 528                        if (ret == 0)
 529                                break;
 530                        dataoff += *matchoff;
 531                }
 532                *in_header = 0;
 533        }
 534
 535        while (1) {
 536                ret = ct_sip_get_header(ct, dptr, dataoff, datalen,
 537                                        type, matchoff, matchlen);
 538                if (ret > 0)
 539                        break;
 540                if (ret == 0)
 541                        return ret;
 542                dataoff += *matchoff;
 543        }
 544
 545        if (in_header)
 546                *in_header = 1;
 547        return 1;
 548}
 549
 550/* Locate a SIP header, parse the URI and return the offset and length of
 551 * the address as well as the address and port themselves. A stream of
 552 * headers can be parsed by handing in a non-NULL datalen and in_header
 553 * pointer.
 554 */
 555int ct_sip_parse_header_uri(const struct nf_conn *ct, const char *dptr,
 556                            unsigned int *dataoff, unsigned int datalen,
 557                            enum sip_header_types type, int *in_header,
 558                            unsigned int *matchoff, unsigned int *matchlen,
 559                            union nf_inet_addr *addr, __be16 *port)
 560{
 561        const char *c, *limit = dptr + datalen;
 562        unsigned int p;
 563        int ret;
 564
 565        ret = ct_sip_walk_headers(ct, dptr, dataoff ? *dataoff : 0, datalen,
 566                                  type, in_header, matchoff, matchlen);
 567        WARN_ON(ret < 0);
 568        if (ret == 0)
 569                return ret;
 570
 571        if (!sip_parse_addr(ct, dptr + *matchoff, &c, addr, limit, true))
 572                return -1;
 573        if (*c == ':') {
 574                c++;
 575                p = simple_strtoul(c, (char **)&c, 10);
 576                if (p < 1024 || p > 65535)
 577                        return -1;
 578                *port = htons(p);
 579        } else
 580                *port = htons(SIP_PORT);
 581
 582        if (dataoff)
 583                *dataoff = c - dptr;
 584        return 1;
 585}
 586EXPORT_SYMBOL_GPL(ct_sip_parse_header_uri);
 587
 588static int ct_sip_parse_param(const struct nf_conn *ct, const char *dptr,
 589                              unsigned int dataoff, unsigned int datalen,
 590                              const char *name,
 591                              unsigned int *matchoff, unsigned int *matchlen)
 592{
 593        const char *limit = dptr + datalen;
 594        const char *start;
 595        const char *end;
 596
 597        limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(","));
 598        if (!limit)
 599                limit = dptr + datalen;
 600
 601        start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name));
 602        if (!start)
 603                return 0;
 604        start += strlen(name);
 605
 606        end = ct_sip_header_search(start, limit, ";", strlen(";"));
 607        if (!end)
 608                end = limit;
 609
 610        *matchoff = start - dptr;
 611        *matchlen = end - start;
 612        return 1;
 613}
 614
 615/* Parse address from header parameter and return address, offset and length */
 616int ct_sip_parse_address_param(const struct nf_conn *ct, const char *dptr,
 617                               unsigned int dataoff, unsigned int datalen,
 618                               const char *name,
 619                               unsigned int *matchoff, unsigned int *matchlen,
 620                               union nf_inet_addr *addr, bool delim)
 621{
 622        const char *limit = dptr + datalen;
 623        const char *start, *end;
 624
 625        limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(","));
 626        if (!limit)
 627                limit = dptr + datalen;
 628
 629        start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name));
 630        if (!start)
 631                return 0;
 632
 633        start += strlen(name);
 634        if (!sip_parse_addr(ct, start, &end, addr, limit, delim))
 635                return 0;
 636        *matchoff = start - dptr;
 637        *matchlen = end - start;
 638        return 1;
 639}
 640EXPORT_SYMBOL_GPL(ct_sip_parse_address_param);
 641
 642/* Parse numerical header parameter and return value, offset and length */
 643int ct_sip_parse_numerical_param(const struct nf_conn *ct, const char *dptr,
 644                                 unsigned int dataoff, unsigned int datalen,
 645                                 const char *name,
 646                                 unsigned int *matchoff, unsigned int *matchlen,
 647                                 unsigned int *val)
 648{
 649        const char *limit = dptr + datalen;
 650        const char *start;
 651        char *end;
 652
 653        limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(","));
 654        if (!limit)
 655                limit = dptr + datalen;
 656
 657        start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name));
 658        if (!start)
 659                return 0;
 660
 661        start += strlen(name);
 662        *val = simple_strtoul(start, &end, 0);
 663        if (start == end)
 664                return 0;
 665        if (matchoff && matchlen) {
 666                *matchoff = start - dptr;
 667                *matchlen = end - start;
 668        }
 669        return 1;
 670}
 671EXPORT_SYMBOL_GPL(ct_sip_parse_numerical_param);
 672
 673static int ct_sip_parse_transport(struct nf_conn *ct, const char *dptr,
 674                                  unsigned int dataoff, unsigned int datalen,
 675                                  u8 *proto)
 676{
 677        unsigned int matchoff, matchlen;
 678
 679        if (ct_sip_parse_param(ct, dptr, dataoff, datalen, "transport=",
 680                               &matchoff, &matchlen)) {
 681                if (!strnicmp(dptr + matchoff, "TCP", strlen("TCP")))
 682                        *proto = IPPROTO_TCP;
 683                else if (!strnicmp(dptr + matchoff, "UDP", strlen("UDP")))
 684                        *proto = IPPROTO_UDP;
 685                else
 686                        return 0;
 687
 688                if (*proto != nf_ct_protonum(ct))
 689                        return 0;
 690        } else
 691                *proto = nf_ct_protonum(ct);
 692
 693        return 1;
 694}
 695
 696static int sdp_parse_addr(const struct nf_conn *ct, const char *cp,
 697                          const char **endp, union nf_inet_addr *addr,
 698                          const char *limit)
 699{
 700        const char *end;
 701        int ret;
 702
 703        memset(addr, 0, sizeof(*addr));
 704        switch (nf_ct_l3num(ct)) {
 705        case AF_INET:
 706                ret = in4_pton(cp, limit - cp, (u8 *)&addr->ip, -1, &end);
 707                break;
 708        case AF_INET6:
 709                ret = in6_pton(cp, limit - cp, (u8 *)&addr->ip6, -1, &end);
 710                break;
 711        default:
 712                BUG();
 713        }
 714
 715        if (ret == 0)
 716                return 0;
 717        if (endp)
 718                *endp = end;
 719        return 1;
 720}
 721
 722/* skip ip address. returns its length. */
 723static int sdp_addr_len(const struct nf_conn *ct, const char *dptr,
 724                        const char *limit, int *shift)
 725{
 726        union nf_inet_addr addr;
 727        const char *aux = dptr;
 728
 729        if (!sdp_parse_addr(ct, dptr, &dptr, &addr, limit)) {
 730                pr_debug("ip: %s parse failed.!\n", dptr);
 731                return 0;
 732        }
 733
 734        return dptr - aux;
 735}
 736
 737/* SDP header parsing: a SDP session description contains an ordered set of
 738 * headers, starting with a section containing general session parameters,
 739 * optionally followed by multiple media descriptions.
 740 *
 741 * SDP headers always start at the beginning of a line. According to RFC 2327:
 742 * "The sequence CRLF (0x0d0a) is used to end a record, although parsers should
 743 * be tolerant and also accept records terminated with a single newline
 744 * character". We handle both cases.
 745 */
 746static const struct sip_header ct_sdp_hdrs_v4[] = {
 747        [SDP_HDR_VERSION]       = SDP_HDR("v=", NULL, digits_len),
 748        [SDP_HDR_OWNER]         = SDP_HDR("o=", "IN IP4 ", sdp_addr_len),
 749        [SDP_HDR_CONNECTION]    = SDP_HDR("c=", "IN IP4 ", sdp_addr_len),
 750        [SDP_HDR_MEDIA]         = SDP_HDR("m=", NULL, media_len),
 751};
 752
 753static const struct sip_header ct_sdp_hdrs_v6[] = {
 754        [SDP_HDR_VERSION]       = SDP_HDR("v=", NULL, digits_len),
 755        [SDP_HDR_OWNER]         = SDP_HDR("o=", "IN IP6 ", sdp_addr_len),
 756        [SDP_HDR_CONNECTION]    = SDP_HDR("c=", "IN IP6 ", sdp_addr_len),
 757        [SDP_HDR_MEDIA]         = SDP_HDR("m=", NULL, media_len),
 758};
 759
 760/* Linear string search within SDP header values */
 761static const char *ct_sdp_header_search(const char *dptr, const char *limit,
 762                                        const char *needle, unsigned int len)
 763{
 764        for (limit -= len; dptr < limit; dptr++) {
 765                if (*dptr == '\r' || *dptr == '\n')
 766                        break;
 767                if (strncmp(dptr, needle, len) == 0)
 768                        return dptr;
 769        }
 770        return NULL;
 771}
 772
 773/* Locate a SDP header (optionally a substring within the header value),
 774 * optionally stopping at the first occurrence of the term header, parse
 775 * it and return the offset and length of the data we're interested in.
 776 */
 777int ct_sip_get_sdp_header(const struct nf_conn *ct, const char *dptr,
 778                          unsigned int dataoff, unsigned int datalen,
 779                          enum sdp_header_types type,
 780                          enum sdp_header_types term,
 781                          unsigned int *matchoff, unsigned int *matchlen)
 782{
 783        const struct sip_header *hdrs, *hdr, *thdr;
 784        const char *start = dptr, *limit = dptr + datalen;
 785        int shift = 0;
 786
 787        hdrs = nf_ct_l3num(ct) == NFPROTO_IPV4 ? ct_sdp_hdrs_v4 : ct_sdp_hdrs_v6;
 788        hdr = &hdrs[type];
 789        thdr = &hdrs[term];
 790
 791        for (dptr += dataoff; dptr < limit; dptr++) {
 792                /* Find beginning of line */
 793                if (*dptr != '\r' && *dptr != '\n')
 794                        continue;
 795                if (++dptr >= limit)
 796                        break;
 797                if (*(dptr - 1) == '\r' && *dptr == '\n') {
 798                        if (++dptr >= limit)
 799                                break;
 800                }
 801
 802                if (term != SDP_HDR_UNSPEC &&
 803                    limit - dptr >= thdr->len &&
 804                    strnicmp(dptr, thdr->name, thdr->len) == 0)
 805                        break;
 806                else if (limit - dptr >= hdr->len &&
 807                         strnicmp(dptr, hdr->name, hdr->len) == 0)
 808                        dptr += hdr->len;
 809                else
 810                        continue;
 811
 812                *matchoff = dptr - start;
 813                if (hdr->search) {
 814                        dptr = ct_sdp_header_search(dptr, limit, hdr->search,
 815                                                    hdr->slen);
 816                        if (!dptr)
 817                                return -1;
 818                        dptr += hdr->slen;
 819                }
 820
 821                *matchlen = hdr->match_len(ct, dptr, limit, &shift);
 822                if (!*matchlen)
 823                        return -1;
 824                *matchoff = dptr - start + shift;
 825                return 1;
 826        }
 827        return 0;
 828}
 829EXPORT_SYMBOL_GPL(ct_sip_get_sdp_header);
 830
 831static int ct_sip_parse_sdp_addr(const struct nf_conn *ct, const char *dptr,
 832                                 unsigned int dataoff, unsigned int datalen,
 833                                 enum sdp_header_types type,
 834                                 enum sdp_header_types term,
 835                                 unsigned int *matchoff, unsigned int *matchlen,
 836                                 union nf_inet_addr *addr)
 837{
 838        int ret;
 839
 840        ret = ct_sip_get_sdp_header(ct, dptr, dataoff, datalen, type, term,
 841                                    matchoff, matchlen);
 842        if (ret <= 0)
 843                return ret;
 844
 845        if (!sdp_parse_addr(ct, dptr + *matchoff, NULL, addr,
 846                            dptr + *matchoff + *matchlen))
 847                return -1;
 848        return 1;
 849}
 850
 851static int refresh_signalling_expectation(struct nf_conn *ct,
 852                                          union nf_inet_addr *addr,
 853                                          u8 proto, __be16 port,
 854                                          unsigned int expires)
 855{
 856        struct nf_conn_help *help = nfct_help(ct);
 857        struct nf_conntrack_expect *exp;
 858        struct hlist_node *next;
 859        int found = 0;
 860
 861        spin_lock_bh(&nf_conntrack_lock);
 862        hlist_for_each_entry_safe(exp, next, &help->expectations, lnode) {
 863                if (exp->class != SIP_EXPECT_SIGNALLING ||
 864                    !nf_inet_addr_cmp(&exp->tuple.dst.u3, addr) ||
 865                    exp->tuple.dst.protonum != proto ||
 866                    exp->tuple.dst.u.udp.port != port)
 867                        continue;
 868                if (!del_timer(&exp->timeout))
 869                        continue;
 870                exp->flags &= ~NF_CT_EXPECT_INACTIVE;
 871                exp->timeout.expires = jiffies + expires * HZ;
 872                add_timer(&exp->timeout);
 873                found = 1;
 874                break;
 875        }
 876        spin_unlock_bh(&nf_conntrack_lock);
 877        return found;
 878}
 879
 880static void flush_expectations(struct nf_conn *ct, bool media)
 881{
 882        struct nf_conn_help *help = nfct_help(ct);
 883        struct nf_conntrack_expect *exp;
 884        struct hlist_node *next;
 885
 886        spin_lock_bh(&nf_conntrack_lock);
 887        hlist_for_each_entry_safe(exp, next, &help->expectations, lnode) {
 888                if ((exp->class != SIP_EXPECT_SIGNALLING) ^ media)
 889                        continue;
 890                if (!del_timer(&exp->timeout))
 891                        continue;
 892                nf_ct_unlink_expect(exp);
 893                nf_ct_expect_put(exp);
 894                if (!media)
 895                        break;
 896        }
 897        spin_unlock_bh(&nf_conntrack_lock);
 898}
 899
 900static int set_expected_rtp_rtcp(struct sk_buff *skb, unsigned int protoff,
 901                                 unsigned int dataoff,
 902                                 const char **dptr, unsigned int *datalen,
 903                                 union nf_inet_addr *daddr, __be16 port,
 904                                 enum sip_expectation_classes class,
 905                                 unsigned int mediaoff, unsigned int medialen)
 906{
 907        struct nf_conntrack_expect *exp, *rtp_exp, *rtcp_exp;
 908        enum ip_conntrack_info ctinfo;
 909        struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
 910        struct net *net = nf_ct_net(ct);
 911        enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
 912        union nf_inet_addr *saddr;
 913        struct nf_conntrack_tuple tuple;
 914        int direct_rtp = 0, skip_expect = 0, ret = NF_DROP;
 915        u_int16_t base_port;
 916        __be16 rtp_port, rtcp_port;
 917        typeof(nf_nat_sdp_port_hook) nf_nat_sdp_port;
 918        typeof(nf_nat_sdp_media_hook) nf_nat_sdp_media;
 919
 920        saddr = NULL;
 921        if (sip_direct_media) {
 922                if (!nf_inet_addr_cmp(daddr, &ct->tuplehash[dir].tuple.src.u3))
 923                        return NF_ACCEPT;
 924                saddr = &ct->tuplehash[!dir].tuple.src.u3;
 925        }
 926
 927        /* We need to check whether the registration exists before attempting
 928         * to register it since we can see the same media description multiple
 929         * times on different connections in case multiple endpoints receive
 930         * the same call.
 931         *
 932         * RTP optimization: if we find a matching media channel expectation
 933         * and both the expectation and this connection are SNATed, we assume
 934         * both sides can reach each other directly and use the final
 935         * destination address from the expectation. We still need to keep
 936         * the NATed expectations for media that might arrive from the
 937         * outside, and additionally need to expect the direct RTP stream
 938         * in case it passes through us even without NAT.
 939         */
 940        memset(&tuple, 0, sizeof(tuple));
 941        if (saddr)
 942                tuple.src.u3 = *saddr;
 943        tuple.src.l3num         = nf_ct_l3num(ct);
 944        tuple.dst.protonum      = IPPROTO_UDP;
 945        tuple.dst.u3            = *daddr;
 946        tuple.dst.u.udp.port    = port;
 947
 948        rcu_read_lock();
 949        do {
 950                exp = __nf_ct_expect_find(net, nf_ct_zone(ct), &tuple);
 951
 952                if (!exp || exp->master == ct ||
 953                    nfct_help(exp->master)->helper != nfct_help(ct)->helper ||
 954                    exp->class != class)
 955                        break;
 956#ifdef CONFIG_NF_NAT_NEEDED
 957                if (!direct_rtp &&
 958                    (!nf_inet_addr_cmp(&exp->saved_addr, &exp->tuple.dst.u3) ||
 959                     exp->saved_proto.udp.port != exp->tuple.dst.u.udp.port) &&
 960                    ct->status & IPS_NAT_MASK) {
 961                        *daddr                  = exp->saved_addr;
 962                        tuple.dst.u3            = exp->saved_addr;
 963                        tuple.dst.u.udp.port    = exp->saved_proto.udp.port;
 964                        direct_rtp = 1;
 965                } else
 966#endif
 967                        skip_expect = 1;
 968        } while (!skip_expect);
 969        rcu_read_unlock();
 970
 971        base_port = ntohs(tuple.dst.u.udp.port) & ~1;
 972        rtp_port = htons(base_port);
 973        rtcp_port = htons(base_port + 1);
 974
 975        if (direct_rtp) {
 976                nf_nat_sdp_port = rcu_dereference(nf_nat_sdp_port_hook);
 977                if (nf_nat_sdp_port &&
 978                    !nf_nat_sdp_port(skb, protoff, dataoff, dptr, datalen,
 979                                     mediaoff, medialen, ntohs(rtp_port)))
 980                        goto err1;
 981        }
 982
 983        if (skip_expect)
 984                return NF_ACCEPT;
 985
 986        rtp_exp = nf_ct_expect_alloc(ct);
 987        if (rtp_exp == NULL)
 988                goto err1;
 989        nf_ct_expect_init(rtp_exp, class, nf_ct_l3num(ct), saddr, daddr,
 990                          IPPROTO_UDP, NULL, &rtp_port);
 991
 992        rtcp_exp = nf_ct_expect_alloc(ct);
 993        if (rtcp_exp == NULL)
 994                goto err2;
 995        nf_ct_expect_init(rtcp_exp, class, nf_ct_l3num(ct), saddr, daddr,
 996                          IPPROTO_UDP, NULL, &rtcp_port);
 997
 998        nf_nat_sdp_media = rcu_dereference(nf_nat_sdp_media_hook);
 999        if (nf_nat_sdp_media && ct->status & IPS_NAT_MASK && !direct_rtp)
1000                ret = nf_nat_sdp_media(skb, protoff, dataoff, dptr, datalen,

1001                                       rtp_exp, rtcp_exp,
1002                                       mediaoff, medialen, daddr);
1003        else {
1004                if (nf_ct_expect_related(rtp_exp) == 0) {
1005                        if (nf_ct_expect_related(rtcp_exp) != 0)
1006                                nf_ct_unexpect_related(rtp_exp);
1007                        else
1008                                ret = NF_ACCEPT;
1009                }
1010        }
1011        nf_ct_expect_put(rtcp_exp);
1012err2:
1013        nf_ct_expect_put(rtp_exp);
1014err1:
1015        return ret;
1016}
1017
1018static const struct sdp_media_type sdp_media_types[] = {
1019        SDP_MEDIA_TYPE("audio ", SIP_EXPECT_AUDIO),
1020        SDP_MEDIA_TYPE("video ", SIP_EXPECT_VIDEO),
1021        SDP_MEDIA_TYPE("image ", SIP_EXPECT_IMAGE),
1022};
1023
1024static const struct sdp_media_type *sdp_media_type(const char *dptr,
1025                                                   unsigned int matchoff,
1026                                                   unsigned int matchlen)
1027{
1028        const struct sdp_media_type *t;
1029        unsigned int i;
1030
1031        for (i = 0; i < ARRAY_SIZE(sdp_media_types); i++) {
1032                t = &sdp_media_types[i];
1033                if (matchlen < t->len ||
1034                    strncmp(dptr + matchoff, t->name, t->len))
1035                        continue;
1036                return t;
1037        }
1038        return NULL;
1039}
1040
1041static int process_sdp(struct sk_buff *skb, unsigned int protoff,
1042                       unsigned int dataoff,
1043                       const char **dptr, unsigned int *datalen,
1044                       unsigned int cseq)
1045{
1046        enum ip_conntrack_info ctinfo;
1047        struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1048        unsigned int matchoff, matchlen;
1049        unsigned int mediaoff, medialen;
1050        unsigned int sdpoff;
1051        unsigned int caddr_len, maddr_len;
1052        unsigned int i;
1053        union nf_inet_addr caddr, maddr, rtp_addr;
1054        unsigned int port;
1055        const struct sdp_media_type *t;
1056        int ret = NF_ACCEPT;
1057        typeof(nf_nat_sdp_addr_hook) nf_nat_sdp_addr;
1058        typeof(nf_nat_sdp_session_hook) nf_nat_sdp_session;
1059
1060        nf_nat_sdp_addr = rcu_dereference(nf_nat_sdp_addr_hook);
1061
1062        /* Find beginning of session description */
1063        if (ct_sip_get_sdp_header(ct, *dptr, 0, *datalen,
1064                                  SDP_HDR_VERSION, SDP_HDR_UNSPEC,
1065                                  &matchoff, &matchlen) <= 0)
1066                return NF_ACCEPT;
1067        sdpoff = matchoff;
1068
1069        /* The connection information is contained in the session description
1070         * and/or once per media description. The first media description marks
1071         * the end of the session description. */
1072        caddr_len = 0;
1073        if (ct_sip_parse_sdp_addr(ct, *dptr, sdpoff, *datalen,
1074                                  SDP_HDR_CONNECTION, SDP_HDR_MEDIA,
1075                                  &matchoff, &matchlen, &caddr) > 0)
1076                caddr_len = matchlen;
1077
1078        mediaoff = sdpoff;
1079        for (i = 0; i < ARRAY_SIZE(sdp_media_types); ) {
1080                if (ct_sip_get_sdp_header(ct, *dptr, mediaoff, *datalen,
1081                                          SDP_HDR_MEDIA, SDP_HDR_UNSPEC,
1082                                          &mediaoff, &medialen) <= 0)
1083                        break;
1084
1085                /* Get media type and port number. A media port value of zero
1086                 * indicates an inactive stream. */
1087                t = sdp_media_type(*dptr, mediaoff, medialen);
1088                if (!t) {
1089                        mediaoff += medialen;
1090                        continue;
1091                }
1092                mediaoff += t->len;
1093                medialen -= t->len;
1094
1095                port = simple_strtoul(*dptr + mediaoff, NULL, 10);
1096                if (port == 0)
1097                        continue;
1098                if (port < 1024 || port > 65535) {
1099                        nf_ct_helper_log(skb, ct, "wrong port %u", port);
1100                        return NF_DROP;
1101                }
1102
1103                /* The media description overrides the session description. */
1104                maddr_len = 0;
1105                if (ct_sip_parse_sdp_addr(ct, *dptr, mediaoff, *datalen,
1106                                          SDP_HDR_CONNECTION, SDP_HDR_MEDIA,
1107                                          &matchoff, &matchlen, &maddr) > 0) {
1108                        maddr_len = matchlen;
1109                        memcpy(&rtp_addr, &maddr, sizeof(rtp_addr));
1110                } else if (caddr_len)
1111                        memcpy(&rtp_addr, &caddr, sizeof(rtp_addr));
1112                else {
1113                        nf_ct_helper_log(skb, ct, "cannot parse SDP message");
1114                        return NF_DROP;
1115                }
1116
1117                ret = set_expected_rtp_rtcp(skb, protoff, dataoff,
1118                                            dptr, datalen,
1119                                            &rtp_addr, htons(port), t->class,
1120                                            mediaoff, medialen);
1121                if (ret != NF_ACCEPT) {
1122                        nf_ct_helper_log(skb, ct,
1123                                         "cannot add expectation for voice");
1124                        return ret;
1125                }
1126
1127                /* Update media connection address if present */
1128                if (maddr_len && nf_nat_sdp_addr && ct->status & IPS_NAT_MASK) {
1129                        ret = nf_nat_sdp_addr(skb, protoff, dataoff,
1130                                              dptr, datalen, mediaoff,
1131                                              SDP_HDR_CONNECTION, SDP_HDR_MEDIA,
1132                                              &rtp_addr);
1133                        if (ret != NF_ACCEPT) {
1134                                nf_ct_helper_log(skb, ct, "cannot mangle SDP");
1135                                return ret;
1136                        }
1137                }
1138                i++;
1139        }
1140
1141        /* Update session connection and owner addresses */
1142        nf_nat_sdp_session = rcu_dereference(nf_nat_sdp_session_hook);
1143        if (nf_nat_sdp_session && ct->status & IPS_NAT_MASK)
1144                ret = nf_nat_sdp_session(skb, protoff, dataoff,
1145                                         dptr, datalen, sdpoff, &rtp_addr);
1146
1147        return ret;
1148}
1149static int process_invite_response(struct sk_buff *skb, unsigned int protoff,
1150                                   unsigned int dataoff,
1151                                   const char **dptr, unsigned int *datalen,
1152                                   unsigned int cseq, unsigned int code)
1153{
1154        enum ip_conntrack_info ctinfo;
1155        struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1156        struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1157
1158        if ((code >= 100 && code <= 199) ||
1159            (code >= 200 && code <= 299))
1160                return process_sdp(skb, protoff, dataoff, dptr, datalen, cseq);
1161        else if (ct_sip_info->invite_cseq == cseq)
1162                flush_expectations(ct, true);
1163        return NF_ACCEPT;
1164}
1165
1166static int process_update_response(struct sk_buff *skb, unsigned int protoff,
1167                                   unsigned int dataoff,
1168                                   const char **dptr, unsigned int *datalen,
1169                                   unsigned int cseq, unsigned int code)
1170{
1171        enum ip_conntrack_info ctinfo;
1172        struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1173        struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1174
1175        if ((code >= 100 && code <= 199) ||
1176            (code >= 200 && code <= 299))
1177                return process_sdp(skb, protoff, dataoff, dptr, datalen, cseq);
1178        else if (ct_sip_info->invite_cseq == cseq)
1179                flush_expectations(ct, true);
1180        return NF_ACCEPT;
1181}
1182
1183static int process_prack_response(struct sk_buff *skb, unsigned int protoff,
1184                                  unsigned int dataoff,
1185                                  const char **dptr, unsigned int *datalen,
1186                                  unsigned int cseq, unsigned int code)
1187{
1188        enum ip_conntrack_info ctinfo;
1189        struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1190        struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1191
1192        if ((code >= 100 && code <= 199) ||
1193            (code >= 200 && code <= 299))
1194                return process_sdp(skb, protoff, dataoff, dptr, datalen, cseq);
1195        else if (ct_sip_info->invite_cseq == cseq)
1196                flush_expectations(ct, true);
1197        return NF_ACCEPT;
1198}
1199
1200static int process_invite_request(struct sk_buff *skb, unsigned int protoff,
1201                                  unsigned int dataoff,
1202                                  const char **dptr, unsigned int *datalen,
1203                                  unsigned int cseq)
1204{
1205        enum ip_conntrack_info ctinfo;
1206        struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1207        struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1208        unsigned int ret;
1209
1210        flush_expectations(ct, true);
1211        ret = process_sdp(skb, protoff, dataoff, dptr, datalen, cseq);
1212        if (ret == NF_ACCEPT)
1213                ct_sip_info->invite_cseq = cseq;
1214        return ret;
1215}
1216
1217static int process_bye_request(struct sk_buff *skb, unsigned int protoff,
1218                               unsigned int dataoff,
1219                               const char **dptr, unsigned int *datalen,
1220                               unsigned int cseq)
1221{
1222        enum ip_conntrack_info ctinfo;
1223        struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1224
1225        flush_expectations(ct, true);
1226        return NF_ACCEPT;
1227}
1228
1229/* Parse a REGISTER request and create a permanent expectation for incoming
1230 * signalling connections. The expectation is marked inactive and is activated
1231 * when receiving a response indicating success from the registrar.
1232 */
1233static int process_register_request(struct sk_buff *skb, unsigned int protoff,
1234                                    unsigned int dataoff,
1235                                    const char **dptr, unsigned int *datalen,
1236                                    unsigned int cseq)
1237{
1238        enum ip_conntrack_info ctinfo;
1239        struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1240        struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1241        enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
1242        unsigned int matchoff, matchlen;
1243        struct nf_conntrack_expect *exp;
1244        union nf_inet_addr *saddr, daddr;
1245        __be16 port;
1246        u8 proto;
1247        unsigned int expires = 0;
1248        int ret;
1249        typeof(nf_nat_sip_expect_hook) nf_nat_sip_expect;
1250
1251        /* Expected connections can not register again. */
1252        if (ct->status & IPS_EXPECTED)
1253                return NF_ACCEPT;
1254
1255        /* We must check the expiration time: a value of zero signals the
1256         * registrar to release the binding. We'll remove our expectation
1257         * when receiving the new bindings in the response, but we don't
1258         * want to create new ones.
1259         *
1260         * The expiration time may be contained in Expires: header, the
1261         * Contact: header parameters or the URI parameters.
1262         */
1263        if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_EXPIRES,
1264                              &matchoff, &matchlen) > 0)
1265                expires = simple_strtoul(*dptr + matchoff, NULL, 10);
1266
1267        ret = ct_sip_parse_header_uri(ct, *dptr, NULL, *datalen,
1268                                      SIP_HDR_CONTACT, NULL,
1269                                      &matchoff, &matchlen, &daddr, &port);
1270        if (ret < 0) {
1271                nf_ct_helper_log(skb, ct, "cannot parse contact");
1272                return NF_DROP;
1273        } else if (ret == 0)
1274                return NF_ACCEPT;
1275
1276        /* We don't support third-party registrations */
1277        if (!nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.src.u3, &daddr))
1278                return NF_ACCEPT;
1279
1280        if (ct_sip_parse_transport(ct, *dptr, matchoff + matchlen, *datalen,
1281                                   &proto) == 0)
1282                return NF_ACCEPT;
1283
1284        if (ct_sip_parse_numerical_param(ct, *dptr,
1285                                         matchoff + matchlen, *datalen,
1286                                         "expires=", NULL, NULL, &expires) < 0) {
1287                nf_ct_helper_log(skb, ct, "cannot parse expires");
1288                return NF_DROP;
1289        }
1290
1291        if (expires == 0) {
1292                ret = NF_ACCEPT;
1293                goto store_cseq;
1294        }
1295
1296        exp = nf_ct_expect_alloc(ct);
1297        if (!exp) {
1298                nf_ct_helper_log(skb, ct, "cannot alloc expectation");
1299                return NF_DROP;
1300        }
1301
1302        saddr = NULL;
1303        if (sip_direct_signalling)
1304                saddr = &ct->tuplehash[!dir].tuple.src.u3;
1305
1306        nf_ct_expect_init(exp, SIP_EXPECT_SIGNALLING, nf_ct_l3num(ct),
1307                          saddr, &daddr, proto, NULL, &port);
1308        exp->timeout.expires = sip_timeout * HZ;
1309        exp->helper = nfct_help(ct)->helper;
1310        exp->flags = NF_CT_EXPECT_PERMANENT | NF_CT_EXPECT_INACTIVE;
1311
1312        nf_nat_sip_expect = rcu_dereference(nf_nat_sip_expect_hook);
1313        if (nf_nat_sip_expect && ct->status & IPS_NAT_MASK)
1314                ret = nf_nat_sip_expect(skb, protoff, dataoff, dptr, datalen,
1315                                        exp, matchoff, matchlen);
1316        else {
1317                if (nf_ct_expect_related(exp) != 0) {
1318                        nf_ct_helper_log(skb, ct, "cannot add expectation");
1319                        ret = NF_DROP;
1320                } else
1321                        ret = NF_ACCEPT;
1322        }
1323        nf_ct_expect_put(exp);
1324
1325store_cseq:
1326        if (ret == NF_ACCEPT)
1327                ct_sip_info->register_cseq = cseq;
1328        return ret;
1329}
1330
1331static int process_register_response(struct sk_buff *skb, unsigned int protoff,
1332                                     unsigned int dataoff,
1333                                     const char **dptr, unsigned int *datalen,
1334                                     unsigned int cseq, unsigned int code)
1335{
1336        enum ip_conntrack_info ctinfo;
1337        struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1338        struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1339        enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
1340        union nf_inet_addr addr;
1341        __be16 port;
1342        u8 proto;
1343        unsigned int matchoff, matchlen, coff = 0;
1344        unsigned int expires = 0;
1345        int in_contact = 0, ret;
1346
1347        /* According to RFC 3261, "UAs MUST NOT send a new registration until
1348         * they have received a final response from the registrar for the
1349         * previous one or the previous REGISTER request has timed out".
1350         *
1351         * However, some servers fail to detect retransmissions and send late
1352         * responses, so we store the sequence number of the last valid
1353         * request and compare it here.
1354         */
1355        if (ct_sip_info->register_cseq != cseq)
1356                return NF_ACCEPT;
1357
1358        if (code >= 100 && code <= 199)
1359                return NF_ACCEPT;
1360        if (code < 200 || code > 299)
1361                goto flush;
1362
1363        if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_EXPIRES,
1364                              &matchoff, &matchlen) > 0)
1365                expires = simple_strtoul(*dptr + matchoff, NULL, 10);
1366
1367        while (1) {
1368                unsigned int c_expires = expires;
1369
1370                ret = ct_sip_parse_header_uri(ct, *dptr, &coff, *datalen,
1371                                              SIP_HDR_CONTACT, &in_contact,
1372                                              &matchoff, &matchlen,
1373                                              &addr, &port);
1374                if (ret < 0) {
1375                        nf_ct_helper_log(skb, ct, "cannot parse contact");
1376                        return NF_DROP;
1377                } else if (ret == 0)
1378                        break;
1379
1380                /* We don't support third-party registrations */
1381                if (!nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.dst.u3, &addr))
1382                        continue;
1383
1384                if (ct_sip_parse_transport(ct, *dptr, matchoff + matchlen,
1385                                           *datalen, &proto) == 0)
1386                        continue;
1387
1388                ret = ct_sip_parse_numerical_param(ct, *dptr,
1389                                                   matchoff + matchlen,
1390                                                   *datalen, "expires=",
1391                                                   NULL, NULL, &c_expires);
1392                if (ret < 0) {
1393                        nf_ct_helper_log(skb, ct, "cannot parse expires");
1394                        return NF_DROP;
1395                }
1396                if (c_expires == 0)
1397                        break;
1398                if (refresh_signalling_expectation(ct, &addr, proto, port,
1399                                                   c_expires))
1400                        return NF_ACCEPT;
1401        }
1402
1403flush:
1404        flush_expectations(ct, false);
1405        return NF_ACCEPT;
1406}
1407
1408static const struct sip_handler sip_handlers[] = {
1409        SIP_HANDLER("INVITE", process_invite_request, process_invite_response),
1410        SIP_HANDLER("UPDATE", process_sdp, process_update_response),
1411        SIP_HANDLER("ACK", process_sdp, NULL),
1412        SIP_HANDLER("PRACK", process_sdp, process_prack_response),
1413        SIP_HANDLER("BYE", process_bye_request, NULL),
1414        SIP_HANDLER("REGISTER", process_register_request, process_register_response),
1415};
1416
1417static int process_sip_response(struct sk_buff *skb, unsigned int protoff,
1418                                unsigned int dataoff,
1419                                const char **dptr, unsigned int *datalen)
1420{
1421        enum ip_conntrack_info ctinfo;
1422        struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1423        unsigned int matchoff, matchlen, matchend;
1424        unsigned int code, cseq, i;
1425
1426        if (*datalen < strlen("SIP/2.0 200"))
1427                return NF_ACCEPT;
1428        code = simple_strtoul(*dptr + strlen("SIP/2.0 "), NULL, 10);
1429        if (!code) {
1430                nf_ct_helper_log(skb, ct, "cannot get code");
1431                return NF_DROP;
1432        }
1433
1434        if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_CSEQ,
1435                              &matchoff, &matchlen) <= 0) {
1436                nf_ct_helper_log(skb, ct, "cannot parse cseq");
1437                return NF_DROP;
1438        }
1439        cseq = simple_strtoul(*dptr + matchoff, NULL, 10);
1440        if (!cseq) {
1441                nf_ct_helper_log(skb, ct, "cannot get cseq");
1442                return NF_DROP;
1443        }
1444        matchend = matchoff + matchlen + 1;
1445
1446        for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) {
1447                const struct sip_handler *handler;
1448
1449                handler = &sip_handlers[i];
1450                if (handler->response == NULL)
1451                        continue;
1452                if (*datalen < matchend + handler->len ||
1453                    strnicmp(*dptr + matchend, handler->method, handler->len))
1454                        continue;
1455                return handler->response(skb, protoff, dataoff, dptr, datalen,
1456                                         cseq, code);
1457        }
1458        return NF_ACCEPT;
1459}
1460
1461static int process_sip_request(struct sk_buff *skb, unsigned int protoff,
1462                               unsigned int dataoff,
1463                               const char **dptr, unsigned int *datalen)
1464{
1465        enum ip_conntrack_info ctinfo;
1466        struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1467        struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1468        enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
1469        unsigned int matchoff, matchlen;
1470        unsigned int cseq, i;
1471        union nf_inet_addr addr;
1472        __be16 port;
1473
1474        /* Many Cisco IP phones use a high source port for SIP requests, but
1475         * listen for the response on port 5060.  If we are the local
1476         * router for one of these phones, save the port number from the
1477         * Via: header so that nf_nat_sip can redirect the responses to
1478         * the correct port.
1479         */
1480        if (ct_sip_parse_header_uri(ct, *dptr, NULL, *datalen,
1481                                    SIP_HDR_VIA_UDP, NULL, &matchoff,
1482                                    &matchlen, &addr, &port) > 0 &&
1483            port != ct->tuplehash[dir].tuple.src.u.udp.port &&
1484            nf_inet_addr_cmp(&addr, &ct->tuplehash[dir].tuple.src.u3))
1485                ct_sip_info->forced_dport = port;
1486
1487        for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) {
1488                const struct sip_handler *handler;
1489
1490                handler = &sip_handlers[i];
1491                if (handler->request == NULL)
1492                        continue;
1493                if (*datalen < handler->len ||
1494                    strnicmp(*dptr, handler->method, handler->len))
1495                        continue;
1496
1497                if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_CSEQ,
1498                                      &matchoff, &matchlen) <= 0) {
1499                        nf_ct_helper_log(skb, ct, "cannot parse cseq");
1500                        return NF_DROP;
1501                }
1502                cseq = simple_strtoul(*dptr + matchoff, NULL, 10);
1503                if (!cseq) {
1504                        nf_ct_helper_log(skb, ct, "cannot get cseq");
1505                        return NF_DROP;
1506                }
1507
1508                return handler->request(skb, protoff, dataoff, dptr, datalen,
1509                                        cseq);
1510        }
1511        return NF_ACCEPT;
1512}
1513
1514static int process_sip_msg(struct sk_buff *skb, struct nf_conn *ct,
1515                           unsigned int protoff, unsigned int dataoff,
1516                           const char **dptr, unsigned int *datalen)
1517{
1518        typeof(nf_nat_sip_hook) nf_nat_sip;
1519        int ret;
1520
1521        if (strnicmp(*dptr, "SIP/2.0 ", strlen("SIP/2.0 ")) != 0)
1522                ret = process_sip_request(skb, protoff, dataoff, dptr, datalen);
1523        else
1524                ret = process_sip_response(skb, protoff, dataoff, dptr, datalen);
1525
1526        if (ret == NF_ACCEPT && ct->status & IPS_NAT_MASK) {
1527                nf_nat_sip = rcu_dereference(nf_nat_sip_hook);
1528                if (nf_nat_sip && !nf_nat_sip(skb, protoff, dataoff,
1529                                              dptr, datalen)) {
1530                        nf_ct_helper_log(skb, ct, "cannot NAT SIP message");
1531                        ret = NF_DROP;
1532                }
1533        }
1534
1535        return ret;
1536}
1537
1538static int sip_help_tcp(struct sk_buff *skb, unsigned int protoff,
1539                        struct nf_conn *ct, enum ip_conntrack_info ctinfo)
1540{
1541        struct tcphdr *th, _tcph;
1542        unsigned int dataoff, datalen;
1543        unsigned int matchoff, matchlen, clen;
1544        unsigned int msglen, origlen;
1545        const char *dptr, *end;
1546        s16 diff, tdiff = 0;
1547        int ret = NF_ACCEPT;
1548        bool term;
1549        typeof(nf_nat_sip_seq_adjust_hook) nf_nat_sip_seq_adjust;
1550
1551        if (ctinfo != IP_CT_ESTABLISHED &&
1552            ctinfo != IP_CT_ESTABLISHED_REPLY)
1553                return NF_ACCEPT;
1554
1555        /* No Data ? */
1556        th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph);
1557        if (th == NULL)
1558                return NF_ACCEPT;
1559        dataoff = protoff + th->doff * 4;
1560        if (dataoff >= skb->len)
1561                return NF_ACCEPT;
1562
1563        nf_ct_refresh(ct, skb, sip_timeout * HZ);
1564
1565        if (unlikely(skb_linearize(skb)))
1566                return NF_DROP;
1567
1568        dptr = skb->data + dataoff;
1569        datalen = skb->len - dataoff;
1570        if (datalen < strlen("SIP/2.0 200"))
1571                return NF_ACCEPT;
1572
1573        while (1) {
1574                if (ct_sip_get_header(ct, dptr, 0, datalen,
1575                                      SIP_HDR_CONTENT_LENGTH,
1576                                      &matchoff, &matchlen) <= 0)
1577                        break;
1578
1579                clen = simple_strtoul(dptr + matchoff, (char **)&end, 10);
1580                if (dptr + matchoff == end)
1581                        break;
1582
1583                term = false;
1584                for (; end + strlen("\r\n\r\n") <= dptr + datalen; end++) {
1585                        if (end[0] == '\r' && end[1] == '\n' &&
1586                            end[2] == '\r' && end[3] == '\n') {
1587                                term = true;
1588                                break;
1589                        }
1590                }
1591                if (!term)
1592                        break;
1593                end += strlen("\r\n\r\n") + clen;
1594
1595                msglen = origlen = end - dptr;
1596                if (msglen > datalen)
1597                        return NF_ACCEPT;
1598
1599                ret = process_sip_msg(skb, ct, protoff, dataoff,
1600                                      &dptr, &msglen);
1601                /* process_sip_* functions report why this packet is dropped */
1602                if (ret != NF_ACCEPT)
1603                        break;
1604                diff     = msglen - origlen;
1605                tdiff   += diff;
1606
1607                dataoff += msglen;
1608                dptr    += msglen;
1609                datalen  = datalen + diff - msglen;
1610        }
1611
1612        if (ret == NF_ACCEPT && ct->status & IPS_NAT_MASK) {
1613                nf_nat_sip_seq_adjust = rcu_dereference(nf_nat_sip_seq_adjust_hook);
1614                if (nf_nat_sip_seq_adjust)
1615                        nf_nat_sip_seq_adjust(skb, protoff, tdiff);
1616        }
1617
1618        return ret;
1619}
1620
1621static int sip_help_udp(struct sk_buff *skb, unsigned int protoff,
1622                        struct nf_conn *ct, enum ip_conntrack_info ctinfo)
1623{
1624        unsigned int dataoff, datalen;
1625        const char *dptr;
1626
1627        /* No Data ? */
1628        dataoff = protoff + sizeof(struct udphdr);
1629        if (dataoff >= skb->len)
1630                return NF_ACCEPT;
1631
1632        nf_ct_refresh(ct, skb, sip_timeout * HZ);
1633
1634        if (unlikely(skb_linearize(skb)))
1635                return NF_DROP;
1636
1637        dptr = skb->data + dataoff;
1638        datalen = skb->len - dataoff;
1639        if (datalen < strlen("SIP/2.0 200"))
1640                return NF_ACCEPT;
1641
1642        return process_sip_msg(skb, ct, protoff, dataoff, &dptr, &datalen);
1643}
1644
1645static struct nf_conntrack_helper sip[MAX_PORTS][4] __read_mostly;
1646
1647static const struct nf_conntrack_expect_policy sip_exp_policy[SIP_EXPECT_MAX + 1] = {
1648        [SIP_EXPECT_SIGNALLING] = {
1649                .name           = "signalling",
1650                .max_expected   = 1,
1651                .timeout        = 3 * 60,
1652        },
1653        [SIP_EXPECT_AUDIO] = {
1654                .name           = "audio",
1655                .max_expected   = 2 * IP_CT_DIR_MAX,
1656                .timeout        = 3 * 60,
1657        },
1658        [SIP_EXPECT_VIDEO] = {
1659                .name           = "video",
1660                .max_expected   = 2 * IP_CT_DIR_MAX,
1661                .timeout        = 3 * 60,
1662        },
1663        [SIP_EXPECT_IMAGE] = {
1664                .name           = "image",
1665                .max_expected   = IP_CT_DIR_MAX,
1666                .timeout        = 3 * 60,
1667        },
1668};
1669
1670static void nf_conntrack_sip_fini(void)
1671{
1672        int i, j;
1673
1674        for (i = 0; i < ports_c; i++) {
1675                for (j = 0; j < ARRAY_SIZE(sip[i]); j++) {
1676                        if (sip[i][j].me == NULL)
1677                                continue;
1678                        nf_conntrack_helper_unregister(&sip[i][j]);
1679                }
1680        }
1681}
1682
1683static int __init nf_conntrack_sip_init(void)
1684{
1685        int i, j, ret;
1686
1687        if (ports_c == 0)
1688                ports[ports_c++] = SIP_PORT;
1689
1690        for (i = 0; i < ports_c; i++) {
1691                memset(&sip[i], 0, sizeof(sip[i]));
1692
1693                sip[i][0].tuple.src.l3num = AF_INET;
1694                sip[i][0].tuple.dst.protonum = IPPROTO_UDP;
1695                sip[i][0].help = sip_help_udp;
1696                sip[i][1].tuple.src.l3num = AF_INET;
1697                sip[i][1].tuple.dst.protonum = IPPROTO_TCP;
1698                sip[i][1].help = sip_help_tcp;
1699
1700                sip[i][2].tuple.src.l3num = AF_INET6;
1701                sip[i][2].tuple.dst.protonum = IPPROTO_UDP;
1702                sip[i][2].help = sip_help_udp;
1703                sip[i][3].tuple.src.l3num = AF_INET6;
1704                sip[i][3].tuple.dst.protonum = IPPROTO_TCP;
1705                sip[i][3].help = sip_help_tcp;
1706
1707                for (j = 0; j < ARRAY_SIZE(sip[i]); j++) {
1708                        sip[i][j].data_len = sizeof(struct nf_ct_sip_master);
1709                        sip[i][j].tuple.src.u.udp.port = htons(ports[i]);
1710                        sip[i][j].expect_policy = sip_exp_policy;
1711                        sip[i][j].expect_class_max = SIP_EXPECT_MAX;
1712                        sip[i][j].me = THIS_MODULE;
1713
1714                        if (ports[i] == SIP_PORT)
1715                                sprintf(sip[i][j].name, "sip");
1716                        else
1717                                sprintf(sip[i][j].name, "sip-%u", i);
1718
1719                        pr_debug("port #%u: %u\n", i, ports[i]);
1720
1721                        ret = nf_conntrack_helper_register(&sip[i][j]);
1722                        if (ret) {
1723                                printk(KERN_ERR "nf_ct_sip: failed to register"
1724                                       " helper for pf: %u port: %u\n",
1725                                       sip[i][j].tuple.src.l3num, ports[i]);
1726                                nf_conntrack_sip_fini();
1727                                return ret;
1728                        }
1729                }
1730        }
1731        return 0;
1732}
1733
1734module_init(nf_conntrack_sip_init);
1735module_exit(nf_conntrack_sip_fini);
1736