1
2
3
4
5
6
7
8
9
10#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
11
12#include <linux/module.h>
13#include <linux/ctype.h>
14#include <linux/skbuff.h>
15#include <linux/inet.h>
16#include <linux/in.h>
17#include <linux/udp.h>
18#include <linux/tcp.h>
19#include <linux/netfilter.h>
20#include <linux/netfilter_ipv4.h>
21#include <linux/netfilter_ipv6.h>
22
23#include <net/netfilter/nf_conntrack.h>
24#include <net/netfilter/nf_conntrack_core.h>
25#include <net/netfilter/nf_conntrack_expect.h>
26#include <net/netfilter/nf_conntrack_helper.h>
27#include <net/netfilter/nf_conntrack_zones.h>
28#include <linux/netfilter/nf_conntrack_sip.h>
29
30#define HELPER_NAME "sip"
31
32MODULE_LICENSE("GPL");
33MODULE_AUTHOR("Christian Hentschel <chentschel@arnet.com.ar>");
34MODULE_DESCRIPTION("SIP connection tracking helper");
35MODULE_ALIAS("ip_conntrack_sip");
36MODULE_ALIAS_NFCT_HELPER(HELPER_NAME);
37
38#define MAX_PORTS 8
39static unsigned short ports[MAX_PORTS];
40static unsigned int ports_c;
41module_param_array(ports, ushort, &ports_c, 0400);
42MODULE_PARM_DESC(ports, "port numbers of SIP servers");
43
44static unsigned int sip_timeout __read_mostly = SIP_TIMEOUT;
45module_param(sip_timeout, uint, 0600);
46MODULE_PARM_DESC(sip_timeout, "timeout for the master SIP session");
47
48static int sip_direct_signalling __read_mostly = 1;
49module_param(sip_direct_signalling, int, 0600);
50MODULE_PARM_DESC(sip_direct_signalling, "expect incoming calls from registrar "
51 "only (default 1)");
52
53static int sip_direct_media __read_mostly = 1;
54module_param(sip_direct_media, int, 0600);
55MODULE_PARM_DESC(sip_direct_media, "Expect Media streams between signalling "
56 "endpoints only (default 1)");
57
58static int sip_external_media __read_mostly = 0;
59module_param(sip_external_media, int, 0600);
60MODULE_PARM_DESC(sip_external_media, "Expect Media streams between external "
61 "endpoints (default 0)");
62
63const struct nf_nat_sip_hooks *nf_nat_sip_hooks;
64EXPORT_SYMBOL_GPL(nf_nat_sip_hooks);
65
66static int string_len(const struct nf_conn *ct, const char *dptr,
67 const char *limit, int *shift)
68{
69 int len = 0;
70
71 while (dptr < limit && isalpha(*dptr)) {
72 dptr++;
73 len++;
74 }
75 return len;
76}
77
78static int digits_len(const struct nf_conn *ct, const char *dptr,
79 const char *limit, int *shift)
80{
81 int len = 0;
82 while (dptr < limit && isdigit(*dptr)) {
83 dptr++;
84 len++;
85 }
86 return len;
87}
88
89static int iswordc(const char c)
90{
91 if (isalnum(c) || c == '!' || c == '"' || c == '%' ||
92 (c >= '(' && c <= '+') || c == ':' || c == '<' || c == '>' ||
93 c == '?' || (c >= '[' && c <= ']') || c == '_' || c == '`' ||
94 c == '{' || c == '}' || c == '~' || (c >= '-' && c <= '/') ||
95 c == '\'')
96 return 1;
97 return 0;
98}
99
100static int word_len(const char *dptr, const char *limit)
101{
102 int len = 0;
103 while (dptr < limit && iswordc(*dptr)) {
104 dptr++;
105 len++;
106 }
107 return len;
108}
109
110static int callid_len(const struct nf_conn *ct, const char *dptr,
111 const char *limit, int *shift)
112{
113 int len, domain_len;
114
115 len = word_len(dptr, limit);
116 dptr += len;
117 if (!len || dptr == limit || *dptr != '@')
118 return len;
119 dptr++;
120 len++;
121
122 domain_len = word_len(dptr, limit);
123 if (!domain_len)
124 return 0;
125 return len + domain_len;
126}
127
128
129static int media_len(const struct nf_conn *ct, const char *dptr,
130 const char *limit, int *shift)
131{
132 int len = string_len(ct, dptr, limit, shift);
133
134 dptr += len;
135 if (dptr >= limit || *dptr != ' ')
136 return 0;
137 len++;
138 dptr++;
139
140 return len + digits_len(ct, dptr, limit, shift);
141}
142
143static int sip_parse_addr(const struct nf_conn *ct, const char *cp,
144 const char **endp, union nf_inet_addr *addr,
145 const char *limit, bool delim)
146{
147 const char *end;
148 int ret;
149
150 if (!ct)
151 return 0;
152
153 memset(addr, 0, sizeof(*addr));
154 switch (nf_ct_l3num(ct)) {
155 case AF_INET:
156 ret = in4_pton(cp, limit - cp, (u8 *)&addr->ip, -1, &end);
157 if (ret == 0)
158 return 0;
159 break;
160 case AF_INET6:
161 if (cp < limit && *cp == '[')
162 cp++;
163 else if (delim)
164 return 0;
165
166 ret = in6_pton(cp, limit - cp, (u8 *)&addr->ip6, -1, &end);
167 if (ret == 0)
168 return 0;
169
170 if (end < limit && *end == ']')
171 end++;
172 else if (delim)
173 return 0;
174 break;
175 default:
176 BUG();
177 }
178
179 if (endp)
180 *endp = end;
181 return 1;
182}
183
184
185static int epaddr_len(const struct nf_conn *ct, const char *dptr,
186 const char *limit, int *shift)
187{
188 union nf_inet_addr addr;
189 const char *aux = dptr;
190
191 if (!sip_parse_addr(ct, dptr, &dptr, &addr, limit, true)) {
192 pr_debug("ip: %s parse failed.!\n", dptr);
193 return 0;
194 }
195
196
197 if (*dptr == ':') {
198 dptr++;
199 dptr += digits_len(ct, dptr, limit, shift);
200 }
201 return dptr - aux;
202}
203
204
205static int skp_epaddr_len(const struct nf_conn *ct, const char *dptr,
206 const char *limit, int *shift)
207{
208 const char *start = dptr;
209 int s = *shift;
210
211
212
213
214 while (dptr < limit &&
215 *dptr != '@' && *dptr != '\r' && *dptr != '\n') {
216 (*shift)++;
217 dptr++;
218 }
219
220 if (dptr < limit && *dptr == '@') {
221 dptr++;
222 (*shift)++;
223 } else {
224 dptr = start;
225 *shift = s;
226 }
227
228 return epaddr_len(ct, dptr, limit, shift);
229}
230
231
232
233
234
235
236
237int ct_sip_parse_request(const struct nf_conn *ct,
238 const char *dptr, unsigned int datalen,
239 unsigned int *matchoff, unsigned int *matchlen,
240 union nf_inet_addr *addr, __be16 *port)
241{
242 const char *start = dptr, *limit = dptr + datalen, *end;
243 unsigned int mlen;
244 unsigned int p;
245 int shift = 0;
246
247
248 mlen = string_len(ct, dptr, limit, NULL);
249 if (!mlen)
250 return 0;
251 dptr += mlen;
252 if (++dptr >= limit)
253 return 0;
254
255
256 for (; dptr < limit - strlen("sip:"); dptr++) {
257 if (*dptr == '\r' || *dptr == '\n')
258 return -1;
259 if (strncasecmp(dptr, "sip:", strlen("sip:")) == 0) {
260 dptr += strlen("sip:");
261 break;
262 }
263 }
264 if (!skp_epaddr_len(ct, dptr, limit, &shift))
265 return 0;
266 dptr += shift;
267
268 if (!sip_parse_addr(ct, dptr, &end, addr, limit, true))
269 return -1;
270 if (end < limit && *end == ':') {
271 end++;
272 p = simple_strtoul(end, (char **)&end, 10);
273 if (p < 1024 || p > 65535)
274 return -1;
275 *port = htons(p);
276 } else
277 *port = htons(SIP_PORT);
278
279 if (end == dptr)
280 return 0;
281 *matchoff = dptr - start;
282 *matchlen = end - dptr;
283 return 1;
284}
285EXPORT_SYMBOL_GPL(ct_sip_parse_request);
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300static const struct sip_header ct_sip_hdrs[] = {
301 [SIP_HDR_CSEQ] = SIP_HDR("CSeq", NULL, NULL, digits_len),
302 [SIP_HDR_FROM] = SIP_HDR("From", "f", "sip:", skp_epaddr_len),
303 [SIP_HDR_TO] = SIP_HDR("To", "t", "sip:", skp_epaddr_len),
304 [SIP_HDR_CONTACT] = SIP_HDR("Contact", "m", "sip:", skp_epaddr_len),
305 [SIP_HDR_VIA_UDP] = SIP_HDR("Via", "v", "UDP ", epaddr_len),
306 [SIP_HDR_VIA_TCP] = SIP_HDR("Via", "v", "TCP ", epaddr_len),
307 [SIP_HDR_EXPIRES] = SIP_HDR("Expires", NULL, NULL, digits_len),
308 [SIP_HDR_CONTENT_LENGTH] = SIP_HDR("Content-Length", "l", NULL, digits_len),
309 [SIP_HDR_CALL_ID] = SIP_HDR("Call-Id", "i", NULL, callid_len),
310};
311
312static const char *sip_follow_continuation(const char *dptr, const char *limit)
313{
314
315 if (++dptr >= limit)
316 return NULL;
317
318
319 if (*(dptr - 1) == '\r' && *dptr == '\n') {
320 if (++dptr >= limit)
321 return NULL;
322 }
323
324
325 if (*dptr != ' ' && *dptr != '\t')
326 return NULL;
327
328
329 for (; dptr < limit; dptr++) {
330 if (*dptr != ' ' && *dptr != '\t')
331 break;
332 }
333 return dptr;
334}
335
336static const char *sip_skip_whitespace(const char *dptr, const char *limit)
337{
338 for (; dptr < limit; dptr++) {
339 if (*dptr == ' ' || *dptr == '\t')
340 continue;
341 if (*dptr != '\r' && *dptr != '\n')
342 break;
343 dptr = sip_follow_continuation(dptr, limit);
344 break;
345 }
346 return dptr;
347}
348
349
350static const char *ct_sip_header_search(const char *dptr, const char *limit,
351 const char *needle, unsigned int len)
352{
353 for (limit -= len; dptr < limit; dptr++) {
354 if (*dptr == '\r' || *dptr == '\n') {
355 dptr = sip_follow_continuation(dptr, limit);
356 if (dptr == NULL)
357 break;
358 continue;
359 }
360
361 if (strncasecmp(dptr, needle, len) == 0)
362 return dptr;
363 }
364 return NULL;
365}
366
367int ct_sip_get_header(const struct nf_conn *ct, const char *dptr,
368 unsigned int dataoff, unsigned int datalen,
369 enum sip_header_types type,
370 unsigned int *matchoff, unsigned int *matchlen)
371{
372 const struct sip_header *hdr = &ct_sip_hdrs[type];
373 const char *start = dptr, *limit = dptr + datalen;
374 int shift = 0;
375
376 for (dptr += dataoff; dptr < limit; dptr++) {
377
378 if (*dptr != '\r' && *dptr != '\n')
379 continue;
380 if (++dptr >= limit)
381 break;
382 if (*(dptr - 1) == '\r' && *dptr == '\n') {
383 if (++dptr >= limit)
384 break;
385 }
386
387
388 if (*dptr == ' ' || *dptr == '\t')
389 continue;
390
391
392
393 if (limit - dptr >= hdr->len &&
394 strncasecmp(dptr, hdr->name, hdr->len) == 0)
395 dptr += hdr->len;
396 else if (hdr->cname && limit - dptr >= hdr->clen + 1 &&
397 strncasecmp(dptr, hdr->cname, hdr->clen) == 0 &&
398 !isalpha(*(dptr + hdr->clen)))
399 dptr += hdr->clen;
400 else
401 continue;
402
403
404 dptr = sip_skip_whitespace(dptr, limit);
405 if (dptr == NULL)
406 break;
407 if (*dptr != ':' || ++dptr >= limit)
408 break;
409
410
411 dptr = sip_skip_whitespace(dptr, limit);
412 if (dptr == NULL)
413 break;
414
415 *matchoff = dptr - start;
416 if (hdr->search) {
417 dptr = ct_sip_header_search(dptr, limit, hdr->search,
418 hdr->slen);
419 if (!dptr)
420 return -1;
421 dptr += hdr->slen;
422 }
423
424 *matchlen = hdr->match_len(ct, dptr, limit, &shift);
425 if (!*matchlen)
426 return -1;
427 *matchoff = dptr - start + shift;
428 return 1;
429 }
430 return 0;
431}
432EXPORT_SYMBOL_GPL(ct_sip_get_header);
433
434
435static int ct_sip_next_header(const struct nf_conn *ct, const char *dptr,
436 unsigned int dataoff, unsigned int datalen,
437 enum sip_header_types type,
438 unsigned int *matchoff, unsigned int *matchlen)
439{
440 const struct sip_header *hdr = &ct_sip_hdrs[type];
441 const char *start = dptr, *limit = dptr + datalen;
442 int shift = 0;
443
444 dptr += dataoff;
445
446 dptr = ct_sip_header_search(dptr, limit, ",", strlen(","));
447 if (!dptr)
448 return 0;
449
450 dptr = ct_sip_header_search(dptr, limit, hdr->search, hdr->slen);
451 if (!dptr)
452 return 0;
453 dptr += hdr->slen;
454
455 *matchoff = dptr - start;
456 *matchlen = hdr->match_len(ct, dptr, limit, &shift);
457 if (!*matchlen)
458 return -1;
459 *matchoff += shift;
460 return 1;
461}
462
463
464
465static int ct_sip_walk_headers(const struct nf_conn *ct, const char *dptr,
466 unsigned int dataoff, unsigned int datalen,
467 enum sip_header_types type, int *in_header,
468 unsigned int *matchoff, unsigned int *matchlen)
469{
470 int ret;
471
472 if (in_header && *in_header) {
473 while (1) {
474 ret = ct_sip_next_header(ct, dptr, dataoff, datalen,
475 type, matchoff, matchlen);
476 if (ret > 0)
477 return ret;
478 if (ret == 0)
479 break;
480 dataoff += *matchoff;
481 }
482 *in_header = 0;
483 }
484
485 while (1) {
486 ret = ct_sip_get_header(ct, dptr, dataoff, datalen,
487 type, matchoff, matchlen);
488 if (ret > 0)
489 break;
490 if (ret == 0)
491 return ret;
492 dataoff += *matchoff;
493 }
494
495 if (in_header)
496 *in_header = 1;
497 return 1;
498}
499
500
501
502
503
504
505int ct_sip_parse_header_uri(const struct nf_conn *ct, const char *dptr,
506 unsigned int *dataoff, unsigned int datalen,
507 enum sip_header_types type, int *in_header,
508 unsigned int *matchoff, unsigned int *matchlen,
509 union nf_inet_addr *addr, __be16 *port)
510{
511 const char *c, *limit = dptr + datalen;
512 unsigned int p;
513 int ret;
514
515 ret = ct_sip_walk_headers(ct, dptr, dataoff ? *dataoff : 0, datalen,
516 type, in_header, matchoff, matchlen);
517 WARN_ON(ret < 0);
518 if (ret == 0)
519 return ret;
520
521 if (!sip_parse_addr(ct, dptr + *matchoff, &c, addr, limit, true))
522 return -1;
523 if (*c == ':') {
524 c++;
525 p = simple_strtoul(c, (char **)&c, 10);
526 if (p < 1024 || p > 65535)
527 return -1;
528 *port = htons(p);
529 } else
530 *port = htons(SIP_PORT);
531
532 if (dataoff)
533 *dataoff = c - dptr;
534 return 1;
535}
536EXPORT_SYMBOL_GPL(ct_sip_parse_header_uri);
537
538static int ct_sip_parse_param(const struct nf_conn *ct, const char *dptr,
539 unsigned int dataoff, unsigned int datalen,
540 const char *name,
541 unsigned int *matchoff, unsigned int *matchlen)
542{
543 const char *limit = dptr + datalen;
544 const char *start;
545 const char *end;
546
547 limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(","));
548 if (!limit)
549 limit = dptr + datalen;
550
551 start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name));
552 if (!start)
553 return 0;
554 start += strlen(name);
555
556 end = ct_sip_header_search(start, limit, ";", strlen(";"));
557 if (!end)
558 end = limit;
559
560 *matchoff = start - dptr;
561 *matchlen = end - start;
562 return 1;
563}
564
565
566int ct_sip_parse_address_param(const struct nf_conn *ct, const char *dptr,
567 unsigned int dataoff, unsigned int datalen,
568 const char *name,
569 unsigned int *matchoff, unsigned int *matchlen,
570 union nf_inet_addr *addr, bool delim)
571{
572 const char *limit = dptr + datalen;
573 const char *start, *end;
574
575 limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(","));
576 if (!limit)
577 limit = dptr + datalen;
578
579 start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name));
580 if (!start)
581 return 0;
582
583 start += strlen(name);
584 if (!sip_parse_addr(ct, start, &end, addr, limit, delim))
585 return 0;
586 *matchoff = start - dptr;
587 *matchlen = end - start;
588 return 1;
589}
590EXPORT_SYMBOL_GPL(ct_sip_parse_address_param);
591
592
593int ct_sip_parse_numerical_param(const struct nf_conn *ct, const char *dptr,
594 unsigned int dataoff, unsigned int datalen,
595 const char *name,
596 unsigned int *matchoff, unsigned int *matchlen,
597 unsigned int *val)
598{
599 const char *limit = dptr + datalen;
600 const char *start;
601 char *end;
602
603 limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(","));
604 if (!limit)
605 limit = dptr + datalen;
606
607 start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name));
608 if (!start)
609 return 0;
610
611 start += strlen(name);
612 *val = simple_strtoul(start, &end, 0);
613 if (start == end)
614 return 0;
615 if (matchoff && matchlen) {
616 *matchoff = start - dptr;
617 *matchlen = end - start;
618 }
619 return 1;
620}
621EXPORT_SYMBOL_GPL(ct_sip_parse_numerical_param);
622
623static int ct_sip_parse_transport(struct nf_conn *ct, const char *dptr,
624 unsigned int dataoff, unsigned int datalen,
625 u8 *proto)
626{
627 unsigned int matchoff, matchlen;
628
629 if (ct_sip_parse_param(ct, dptr, dataoff, datalen, "transport=",
630 &matchoff, &matchlen)) {
631 if (!strncasecmp(dptr + matchoff, "TCP", strlen("TCP")))
632 *proto = IPPROTO_TCP;
633 else if (!strncasecmp(dptr + matchoff, "UDP", strlen("UDP")))
634 *proto = IPPROTO_UDP;
635 else
636 return 0;
637
638 if (*proto != nf_ct_protonum(ct))
639 return 0;
640 } else
641 *proto = nf_ct_protonum(ct);
642
643 return 1;
644}
645
646static int sdp_parse_addr(const struct nf_conn *ct, const char *cp,
647 const char **endp, union nf_inet_addr *addr,
648 const char *limit)
649{
650 const char *end;
651 int ret;
652
653 memset(addr, 0, sizeof(*addr));
654 switch (nf_ct_l3num(ct)) {
655 case AF_INET:
656 ret = in4_pton(cp, limit - cp, (u8 *)&addr->ip, -1, &end);
657 break;
658 case AF_INET6:
659 ret = in6_pton(cp, limit - cp, (u8 *)&addr->ip6, -1, &end);
660 break;
661 default:
662 BUG();
663 }
664
665 if (ret == 0)
666 return 0;
667 if (endp)
668 *endp = end;
669 return 1;
670}
671
672
673static int sdp_addr_len(const struct nf_conn *ct, const char *dptr,
674 const char *limit, int *shift)
675{
676 union nf_inet_addr addr;
677 const char *aux = dptr;
678
679 if (!sdp_parse_addr(ct, dptr, &dptr, &addr, limit)) {
680 pr_debug("ip: %s parse failed.!\n", dptr);
681 return 0;
682 }
683
684 return dptr - aux;
685}
686
687
688
689
690
691
692
693
694
695
696static const struct sip_header ct_sdp_hdrs_v4[] = {
697 [SDP_HDR_VERSION] = SDP_HDR("v=", NULL, digits_len),
698 [SDP_HDR_OWNER] = SDP_HDR("o=", "IN IP4 ", sdp_addr_len),
699 [SDP_HDR_CONNECTION] = SDP_HDR("c=", "IN IP4 ", sdp_addr_len),
700 [SDP_HDR_MEDIA] = SDP_HDR("m=", NULL, media_len),
701};
702
703static const struct sip_header ct_sdp_hdrs_v6[] = {
704 [SDP_HDR_VERSION] = SDP_HDR("v=", NULL, digits_len),
705 [SDP_HDR_OWNER] = SDP_HDR("o=", "IN IP6 ", sdp_addr_len),
706 [SDP_HDR_CONNECTION] = SDP_HDR("c=", "IN IP6 ", sdp_addr_len),
707 [SDP_HDR_MEDIA] = SDP_HDR("m=", NULL, media_len),
708};
709
710
711static const char *ct_sdp_header_search(const char *dptr, const char *limit,
712 const char *needle, unsigned int len)
713{
714 for (limit -= len; dptr < limit; dptr++) {
715 if (*dptr == '\r' || *dptr == '\n')
716 break;
717 if (strncmp(dptr, needle, len) == 0)
718 return dptr;
719 }
720 return NULL;
721}
722
723
724
725
726
727int ct_sip_get_sdp_header(const struct nf_conn *ct, const char *dptr,
728 unsigned int dataoff, unsigned int datalen,
729 enum sdp_header_types type,
730 enum sdp_header_types term,
731 unsigned int *matchoff, unsigned int *matchlen)
732{
733 const struct sip_header *hdrs, *hdr, *thdr;
734 const char *start = dptr, *limit = dptr + datalen;
735 int shift = 0;
736
737 hdrs = nf_ct_l3num(ct) == NFPROTO_IPV4 ? ct_sdp_hdrs_v4 : ct_sdp_hdrs_v6;
738 hdr = &hdrs[type];
739 thdr = &hdrs[term];
740
741 for (dptr += dataoff; dptr < limit; dptr++) {
742
743 if (*dptr != '\r' && *dptr != '\n')
744 continue;
745 if (++dptr >= limit)
746 break;
747 if (*(dptr - 1) == '\r' && *dptr == '\n') {
748 if (++dptr >= limit)
749 break;
750 }
751
752 if (term != SDP_HDR_UNSPEC &&
753 limit - dptr >= thdr->len &&
754 strncasecmp(dptr, thdr->name, thdr->len) == 0)
755 break;
756 else if (limit - dptr >= hdr->len &&
757 strncasecmp(dptr, hdr->name, hdr->len) == 0)
758 dptr += hdr->len;
759 else
760 continue;
761
762 *matchoff = dptr - start;
763 if (hdr->search) {
764 dptr = ct_sdp_header_search(dptr, limit, hdr->search,
765 hdr->slen);
766 if (!dptr)
767 return -1;
768 dptr += hdr->slen;
769 }
770
771 *matchlen = hdr->match_len(ct, dptr, limit, &shift);
772 if (!*matchlen)
773 return -1;
774 *matchoff = dptr - start + shift;
775 return 1;
776 }
777 return 0;
778}
779EXPORT_SYMBOL_GPL(ct_sip_get_sdp_header);
780
781static int ct_sip_parse_sdp_addr(const struct nf_conn *ct, const char *dptr,
782 unsigned int dataoff, unsigned int datalen,
783 enum sdp_header_types type,
784 enum sdp_header_types term,
785 unsigned int *matchoff, unsigned int *matchlen,
786 union nf_inet_addr *addr)
787{
788 int ret;
789
790 ret = ct_sip_get_sdp_header(ct, dptr, dataoff, datalen, type, term,
791 matchoff, matchlen);
792 if (ret <= 0)
793 return ret;
794
795 if (!sdp_parse_addr(ct, dptr + *matchoff, NULL, addr,
796 dptr + *matchoff + *matchlen))
797 return -1;
798 return 1;
799}
800
801static int refresh_signalling_expectation(struct nf_conn *ct,
802 union nf_inet_addr *addr,
803 u8 proto, __be16 port,
804 unsigned int expires)
805{
806 struct nf_conn_help *help = nfct_help(ct);
807 struct nf_conntrack_expect *exp;
808 struct hlist_node *next;
809 int found = 0;
810
811 spin_lock_bh(&nf_conntrack_expect_lock);
812 hlist_for_each_entry_safe(exp, next, &help->expectations, lnode) {
813 if (exp->class != SIP_EXPECT_SIGNALLING ||
814 !nf_inet_addr_cmp(&exp->tuple.dst.u3, addr) ||
815 exp->tuple.dst.protonum != proto ||
816 exp->tuple.dst.u.udp.port != port)
817 continue;
818 if (mod_timer_pending(&exp->timeout, jiffies + expires * HZ)) {
819 exp->flags &= ~NF_CT_EXPECT_INACTIVE;
820 found = 1;
821 break;
822 }
823 }
824 spin_unlock_bh(&nf_conntrack_expect_lock);
825 return found;
826}
827
828static void flush_expectations(struct nf_conn *ct, bool media)
829{
830 struct nf_conn_help *help = nfct_help(ct);
831 struct nf_conntrack_expect *exp;
832 struct hlist_node *next;
833
834 spin_lock_bh(&nf_conntrack_expect_lock);
835 hlist_for_each_entry_safe(exp, next, &help->expectations, lnode) {
836 if ((exp->class != SIP_EXPECT_SIGNALLING) ^ media)
837 continue;
838 if (!nf_ct_remove_expect(exp))
839 continue;
840 if (!media)
841 break;
842 }
843 spin_unlock_bh(&nf_conntrack_expect_lock);
844}
845
846static int set_expected_rtp_rtcp(struct sk_buff *skb, unsigned int protoff,
847 unsigned int dataoff,
848 const char **dptr, unsigned int *datalen,
849 union nf_inet_addr *daddr, __be16 port,
850 enum sip_expectation_classes class,
851 unsigned int mediaoff, unsigned int medialen)
852{
853 struct nf_conntrack_expect *exp, *rtp_exp, *rtcp_exp;
854 enum ip_conntrack_info ctinfo;
855 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
856 struct net *net = nf_ct_net(ct);
857 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
858 union nf_inet_addr *saddr;
859 struct nf_conntrack_tuple tuple;
860 int direct_rtp = 0, skip_expect = 0, ret = NF_DROP;
861 u_int16_t base_port;
862 __be16 rtp_port, rtcp_port;
863 const struct nf_nat_sip_hooks *hooks;
864
865 saddr = NULL;
866 if (sip_direct_media) {
867 if (!nf_inet_addr_cmp(daddr, &ct->tuplehash[dir].tuple.src.u3))
868 return NF_ACCEPT;
869 saddr = &ct->tuplehash[!dir].tuple.src.u3;
870 } else if (sip_external_media) {
871 struct net_device *dev = skb_dst(skb)->dev;
872 struct net *net = dev_net(dev);
873 struct flowi fl;
874 struct dst_entry *dst = NULL;
875
876 memset(&fl, 0, sizeof(fl));
877
878 switch (nf_ct_l3num(ct)) {
879 case NFPROTO_IPV4:
880 fl.u.ip4.daddr = daddr->ip;
881 nf_ip_route(net, &dst, &fl, false);
882 break;
883
884 case NFPROTO_IPV6:
885 fl.u.ip6.daddr = daddr->in6;
886 nf_ip6_route(net, &dst, &fl, false);
887 break;
888 }
889
890
891
892
893 if (dst) {
894 bool external_media = (dst->dev == dev);
895
896 dst_release(dst);
897 if (external_media)
898 return NF_ACCEPT;
899 }
900 }
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915 memset(&tuple, 0, sizeof(tuple));
916 if (saddr)
917 tuple.src.u3 = *saddr;
918 tuple.src.l3num = nf_ct_l3num(ct);
919 tuple.dst.protonum = IPPROTO_UDP;
920 tuple.dst.u3 = *daddr;
921 tuple.dst.u.udp.port = port;
922
923 do {
924 exp = __nf_ct_expect_find(net, nf_ct_zone(ct), &tuple);
925
926 if (!exp || exp->master == ct ||
927 nfct_help(exp->master)->helper != nfct_help(ct)->helper ||
928 exp->class != class)
929 break;
930#if IS_ENABLED(CONFIG_NF_NAT)
931 if (!direct_rtp &&
932 (!nf_inet_addr_cmp(&exp->saved_addr, &exp->tuple.dst.u3) ||
933 exp->saved_proto.udp.port != exp->tuple.dst.u.udp.port) &&
934 ct->status & IPS_NAT_MASK) {
935 *daddr = exp->saved_addr;
936 tuple.dst.u3 = exp->saved_addr;
937 tuple.dst.u.udp.port = exp->saved_proto.udp.port;
938 direct_rtp = 1;
939 } else
940#endif
941 skip_expect = 1;
942 } while (!skip_expect);
943
944 base_port = ntohs(tuple.dst.u.udp.port) & ~1;
945 rtp_port = htons(base_port);
946 rtcp_port = htons(base_port + 1);
947
948 if (direct_rtp) {
949 hooks = rcu_dereference(nf_nat_sip_hooks);
950 if (hooks &&
951 !hooks->sdp_port(skb, protoff, dataoff, dptr, datalen,
952 mediaoff, medialen, ntohs(rtp_port)))
953 goto err1;
954 }
955
956 if (skip_expect)
957 return NF_ACCEPT;
958
959 rtp_exp = nf_ct_expect_alloc(ct);
960 if (rtp_exp == NULL)
961 goto err1;
962 nf_ct_expect_init(rtp_exp, class, nf_ct_l3num(ct), saddr, daddr,
963 IPPROTO_UDP, NULL, &rtp_port);
964
965 rtcp_exp = nf_ct_expect_alloc(ct);
966 if (rtcp_exp == NULL)
967 goto err2;
968 nf_ct_expect_init(rtcp_exp, class, nf_ct_l3num(ct), saddr, daddr,
969 IPPROTO_UDP, NULL, &rtcp_port);
970
971 hooks = rcu_dereference(nf_nat_sip_hooks);
972 if (hooks && ct->status & IPS_NAT_MASK && !direct_rtp)
973 ret = hooks->sdp_media(skb, protoff, dataoff, dptr,
974 datalen, rtp_exp, rtcp_exp,
975 mediaoff, medialen, daddr);
976 else {
977
978
979
980
981
982
983 int errp = nf_ct_expect_related(rtp_exp,
984 NF_CT_EXP_F_SKIP_MASTER);
985
986 if (errp == 0 || errp == -EALREADY) {
987 int errcp = nf_ct_expect_related(rtcp_exp,
988 NF_CT_EXP_F_SKIP_MASTER);
989
990 if (errcp == 0 || errcp == -EALREADY)
991 ret = NF_ACCEPT;
992 else if (errp == 0)
993 nf_ct_unexpect_related(rtp_exp);
994 }
995 }
996 nf_ct_expect_put(rtcp_exp);
997err2:
998 nf_ct_expect_put(rtp_exp);
999err1:
1000 return ret;
1001}
1002
1003static const struct sdp_media_type sdp_media_types[] = {
1004 SDP_MEDIA_TYPE("audio ", SIP_EXPECT_AUDIO),
1005 SDP_MEDIA_TYPE("video ", SIP_EXPECT_VIDEO),
1006 SDP_MEDIA_TYPE("image ", SIP_EXPECT_IMAGE),
1007};
1008
1009static const struct sdp_media_type *sdp_media_type(const char *dptr,
1010 unsigned int matchoff,
1011 unsigned int matchlen)
1012{
1013 const struct sdp_media_type *t;
1014 unsigned int i;
1015
1016 for (i = 0; i < ARRAY_SIZE(sdp_media_types); i++) {
1017 t = &sdp_media_types[i];
1018 if (matchlen < t->len ||
1019 strncmp(dptr + matchoff, t->name, t->len))
1020 continue;
1021 return t;
1022 }
1023 return NULL;
1024}
1025
1026static int process_sdp(struct sk_buff *skb, unsigned int protoff,
1027 unsigned int dataoff,
1028 const char **dptr, unsigned int *datalen,
1029 unsigned int cseq)
1030{
1031 enum ip_conntrack_info ctinfo;
1032 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1033 unsigned int matchoff, matchlen;
1034 unsigned int mediaoff, medialen;
1035 unsigned int sdpoff;
1036 unsigned int caddr_len, maddr_len;
1037 unsigned int i;
1038 union nf_inet_addr caddr, maddr, rtp_addr;
1039 const struct nf_nat_sip_hooks *hooks;
1040 unsigned int port;
1041 const struct sdp_media_type *t;
1042 int ret = NF_ACCEPT;
1043
1044 hooks = rcu_dereference(nf_nat_sip_hooks);
1045
1046
1047 if (ct_sip_get_sdp_header(ct, *dptr, 0, *datalen,
1048 SDP_HDR_VERSION, SDP_HDR_UNSPEC,
1049 &matchoff, &matchlen) <= 0)
1050 return NF_ACCEPT;
1051 sdpoff = matchoff;
1052
1053
1054
1055
1056 caddr_len = 0;
1057 if (ct_sip_parse_sdp_addr(ct, *dptr, sdpoff, *datalen,
1058 SDP_HDR_CONNECTION, SDP_HDR_MEDIA,
1059 &matchoff, &matchlen, &caddr) > 0)
1060 caddr_len = matchlen;
1061
1062 mediaoff = sdpoff;
1063 for (i = 0; i < ARRAY_SIZE(sdp_media_types); ) {
1064 if (ct_sip_get_sdp_header(ct, *dptr, mediaoff, *datalen,
1065 SDP_HDR_MEDIA, SDP_HDR_UNSPEC,
1066 &mediaoff, &medialen) <= 0)
1067 break;
1068
1069
1070
1071 t = sdp_media_type(*dptr, mediaoff, medialen);
1072 if (!t) {
1073 mediaoff += medialen;
1074 continue;
1075 }
1076 mediaoff += t->len;
1077 medialen -= t->len;
1078
1079 port = simple_strtoul(*dptr + mediaoff, NULL, 10);
1080 if (port == 0)
1081 continue;
1082 if (port < 1024 || port > 65535) {
1083 nf_ct_helper_log(skb, ct, "wrong port %u", port);
1084 return NF_DROP;
1085 }
1086
1087
1088 maddr_len = 0;
1089 if (ct_sip_parse_sdp_addr(ct, *dptr, mediaoff, *datalen,
1090 SDP_HDR_CONNECTION, SDP_HDR_MEDIA,
1091 &matchoff, &matchlen, &maddr) > 0) {
1092 maddr_len = matchlen;
1093 memcpy(&rtp_addr, &maddr, sizeof(rtp_addr));
1094 } else if (caddr_len)
1095 memcpy(&rtp_addr, &caddr, sizeof(rtp_addr));
1096 else {
1097 nf_ct_helper_log(skb, ct, "cannot parse SDP message");
1098 return NF_DROP;
1099 }
1100
1101 ret = set_expected_rtp_rtcp(skb, protoff, dataoff,
1102 dptr, datalen,
1103 &rtp_addr, htons(port), t->class,
1104 mediaoff, medialen);
1105 if (ret != NF_ACCEPT) {
1106 nf_ct_helper_log(skb, ct,
1107 "cannot add expectation for voice");
1108 return ret;
1109 }
1110
1111
1112 if (maddr_len && hooks && ct->status & IPS_NAT_MASK) {
1113 ret = hooks->sdp_addr(skb, protoff, dataoff,
1114 dptr, datalen, mediaoff,
1115 SDP_HDR_CONNECTION,
1116 SDP_HDR_MEDIA,
1117 &rtp_addr);
1118 if (ret != NF_ACCEPT) {
1119 nf_ct_helper_log(skb, ct, "cannot mangle SDP");
1120 return ret;
1121 }
1122 }
1123 i++;
1124 }
1125
1126
1127 hooks = rcu_dereference(nf_nat_sip_hooks);
1128 if (hooks && ct->status & IPS_NAT_MASK)
1129 ret = hooks->sdp_session(skb, protoff, dataoff,
1130 dptr, datalen, sdpoff,
1131 &rtp_addr);
1132
1133 return ret;
1134}
1135static int process_invite_response(struct sk_buff *skb, unsigned int protoff,
1136 unsigned int dataoff,
1137 const char **dptr, unsigned int *datalen,
1138 unsigned int cseq, unsigned int code)
1139{
1140 enum ip_conntrack_info ctinfo;
1141 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1142 struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1143
1144 if ((code >= 100 && code <= 199) ||
1145 (code >= 200 && code <= 299))
1146 return process_sdp(skb, protoff, dataoff, dptr, datalen, cseq);
1147 else if (ct_sip_info->invite_cseq == cseq)
1148 flush_expectations(ct, true);
1149 return NF_ACCEPT;
1150}
1151
1152static int process_update_response(struct sk_buff *skb, unsigned int protoff,
1153 unsigned int dataoff,
1154 const char **dptr, unsigned int *datalen,
1155 unsigned int cseq, unsigned int code)
1156{
1157 enum ip_conntrack_info ctinfo;
1158 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1159 struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1160
1161 if ((code >= 100 && code <= 199) ||
1162 (code >= 200 && code <= 299))
1163 return process_sdp(skb, protoff, dataoff, dptr, datalen, cseq);
1164 else if (ct_sip_info->invite_cseq == cseq)
1165 flush_expectations(ct, true);
1166 return NF_ACCEPT;
1167}
1168
1169static int process_prack_response(struct sk_buff *skb, unsigned int protoff,
1170 unsigned int dataoff,
1171 const char **dptr, unsigned int *datalen,
1172 unsigned int cseq, unsigned int code)
1173{
1174 enum ip_conntrack_info ctinfo;
1175 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1176 struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1177
1178 if ((code >= 100 && code <= 199) ||
1179 (code >= 200 && code <= 299))
1180 return process_sdp(skb, protoff, dataoff, dptr, datalen, cseq);
1181 else if (ct_sip_info->invite_cseq == cseq)
1182 flush_expectations(ct, true);
1183 return NF_ACCEPT;
1184}
1185
1186static int process_invite_request(struct sk_buff *skb, unsigned int protoff,
1187 unsigned int dataoff,
1188 const char **dptr, unsigned int *datalen,
1189 unsigned int cseq)
1190{
1191 enum ip_conntrack_info ctinfo;
1192 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1193 struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1194 unsigned int ret;
1195
1196 flush_expectations(ct, true);
1197 ret = process_sdp(skb, protoff, dataoff, dptr, datalen, cseq);
1198 if (ret == NF_ACCEPT)
1199 ct_sip_info->invite_cseq = cseq;
1200 return ret;
1201}
1202
1203static int process_bye_request(struct sk_buff *skb, unsigned int protoff,
1204 unsigned int dataoff,
1205 const char **dptr, unsigned int *datalen,
1206 unsigned int cseq)
1207{
1208 enum ip_conntrack_info ctinfo;
1209 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1210
1211 flush_expectations(ct, true);
1212 return NF_ACCEPT;
1213}
1214
1215
1216
1217
1218
1219static int process_register_request(struct sk_buff *skb, unsigned int protoff,
1220 unsigned int dataoff,
1221 const char **dptr, unsigned int *datalen,
1222 unsigned int cseq)
1223{
1224 enum ip_conntrack_info ctinfo;
1225 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1226 struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1227 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
1228 unsigned int matchoff, matchlen;
1229 struct nf_conntrack_expect *exp;
1230 union nf_inet_addr *saddr, daddr;
1231 const struct nf_nat_sip_hooks *hooks;
1232 __be16 port;
1233 u8 proto;
1234 unsigned int expires = 0;
1235 int ret;
1236
1237
1238 if (ct->status & IPS_EXPECTED)
1239 return NF_ACCEPT;
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_EXPIRES,
1250 &matchoff, &matchlen) > 0)
1251 expires = simple_strtoul(*dptr + matchoff, NULL, 10);
1252
1253 ret = ct_sip_parse_header_uri(ct, *dptr, NULL, *datalen,
1254 SIP_HDR_CONTACT, NULL,
1255 &matchoff, &matchlen, &daddr, &port);
1256 if (ret < 0) {
1257 nf_ct_helper_log(skb, ct, "cannot parse contact");
1258 return NF_DROP;
1259 } else if (ret == 0)
1260 return NF_ACCEPT;
1261
1262
1263 if (!nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.src.u3, &daddr))
1264 return NF_ACCEPT;
1265
1266 if (ct_sip_parse_transport(ct, *dptr, matchoff + matchlen, *datalen,
1267 &proto) == 0)
1268 return NF_ACCEPT;
1269
1270 if (ct_sip_parse_numerical_param(ct, *dptr,
1271 matchoff + matchlen, *datalen,
1272 "expires=", NULL, NULL, &expires) < 0) {
1273 nf_ct_helper_log(skb, ct, "cannot parse expires");
1274 return NF_DROP;
1275 }
1276
1277 if (expires == 0) {
1278 ret = NF_ACCEPT;
1279 goto store_cseq;
1280 }
1281
1282 exp = nf_ct_expect_alloc(ct);
1283 if (!exp) {
1284 nf_ct_helper_log(skb, ct, "cannot alloc expectation");
1285 return NF_DROP;
1286 }
1287
1288 saddr = NULL;
1289 if (sip_direct_signalling)
1290 saddr = &ct->tuplehash[!dir].tuple.src.u3;
1291
1292 nf_ct_expect_init(exp, SIP_EXPECT_SIGNALLING, nf_ct_l3num(ct),
1293 saddr, &daddr, proto, NULL, &port);
1294 exp->timeout.expires = sip_timeout * HZ;
1295 exp->helper = nfct_help(ct)->helper;
1296 exp->flags = NF_CT_EXPECT_PERMANENT | NF_CT_EXPECT_INACTIVE;
1297
1298 hooks = rcu_dereference(nf_nat_sip_hooks);
1299 if (hooks && ct->status & IPS_NAT_MASK)
1300 ret = hooks->expect(skb, protoff, dataoff, dptr, datalen,
1301 exp, matchoff, matchlen);
1302 else {
1303 if (nf_ct_expect_related(exp, 0) != 0) {
1304 nf_ct_helper_log(skb, ct, "cannot add expectation");
1305 ret = NF_DROP;
1306 } else
1307 ret = NF_ACCEPT;
1308 }
1309 nf_ct_expect_put(exp);
1310
1311store_cseq:
1312 if (ret == NF_ACCEPT)
1313 ct_sip_info->register_cseq = cseq;
1314 return ret;
1315}
1316
1317static int process_register_response(struct sk_buff *skb, unsigned int protoff,
1318 unsigned int dataoff,
1319 const char **dptr, unsigned int *datalen,
1320 unsigned int cseq, unsigned int code)
1321{
1322 enum ip_conntrack_info ctinfo;
1323 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1324 struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1325 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
1326 union nf_inet_addr addr;
1327 __be16 port;
1328 u8 proto;
1329 unsigned int matchoff, matchlen, coff = 0;
1330 unsigned int expires = 0;
1331 int in_contact = 0, ret;
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341 if (ct_sip_info->register_cseq != cseq)
1342 return NF_ACCEPT;
1343
1344 if (code >= 100 && code <= 199)
1345 return NF_ACCEPT;
1346 if (code < 200 || code > 299)
1347 goto flush;
1348
1349 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_EXPIRES,
1350 &matchoff, &matchlen) > 0)
1351 expires = simple_strtoul(*dptr + matchoff, NULL, 10);
1352
1353 while (1) {
1354 unsigned int c_expires = expires;
1355
1356 ret = ct_sip_parse_header_uri(ct, *dptr, &coff, *datalen,
1357 SIP_HDR_CONTACT, &in_contact,
1358 &matchoff, &matchlen,
1359 &addr, &port);
1360 if (ret < 0) {
1361 nf_ct_helper_log(skb, ct, "cannot parse contact");
1362 return NF_DROP;
1363 } else if (ret == 0)
1364 break;
1365
1366
1367 if (!nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.dst.u3, &addr))
1368 continue;
1369
1370 if (ct_sip_parse_transport(ct, *dptr, matchoff + matchlen,
1371 *datalen, &proto) == 0)
1372 continue;
1373
1374 ret = ct_sip_parse_numerical_param(ct, *dptr,
1375 matchoff + matchlen,
1376 *datalen, "expires=",
1377 NULL, NULL, &c_expires);
1378 if (ret < 0) {
1379 nf_ct_helper_log(skb, ct, "cannot parse expires");
1380 return NF_DROP;
1381 }
1382 if (c_expires == 0)
1383 break;
1384 if (refresh_signalling_expectation(ct, &addr, proto, port,
1385 c_expires))
1386 return NF_ACCEPT;
1387 }
1388
1389flush:
1390 flush_expectations(ct, false);
1391 return NF_ACCEPT;
1392}
1393
1394static const struct sip_handler sip_handlers[] = {
1395 SIP_HANDLER("INVITE", process_invite_request, process_invite_response),
1396 SIP_HANDLER("UPDATE", process_sdp, process_update_response),
1397 SIP_HANDLER("ACK", process_sdp, NULL),
1398 SIP_HANDLER("PRACK", process_sdp, process_prack_response),
1399 SIP_HANDLER("BYE", process_bye_request, NULL),
1400 SIP_HANDLER("REGISTER", process_register_request, process_register_response),
1401};
1402
1403static int process_sip_response(struct sk_buff *skb, unsigned int protoff,
1404 unsigned int dataoff,
1405 const char **dptr, unsigned int *datalen)
1406{
1407 enum ip_conntrack_info ctinfo;
1408 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1409 unsigned int matchoff, matchlen, matchend;
1410 unsigned int code, cseq, i;
1411
1412 if (*datalen < strlen("SIP/2.0 200"))
1413 return NF_ACCEPT;
1414 code = simple_strtoul(*dptr + strlen("SIP/2.0 "), NULL, 10);
1415 if (!code) {
1416 nf_ct_helper_log(skb, ct, "cannot get code");
1417 return NF_DROP;
1418 }
1419
1420 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_CSEQ,
1421 &matchoff, &matchlen) <= 0) {
1422 nf_ct_helper_log(skb, ct, "cannot parse cseq");
1423 return NF_DROP;
1424 }
1425 cseq = simple_strtoul(*dptr + matchoff, NULL, 10);
1426 if (!cseq && *(*dptr + matchoff) != '0') {
1427 nf_ct_helper_log(skb, ct, "cannot get cseq");
1428 return NF_DROP;
1429 }
1430 matchend = matchoff + matchlen + 1;
1431
1432 for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) {
1433 const struct sip_handler *handler;
1434
1435 handler = &sip_handlers[i];
1436 if (handler->response == NULL)
1437 continue;
1438 if (*datalen < matchend + handler->len ||
1439 strncasecmp(*dptr + matchend, handler->method, handler->len))
1440 continue;
1441 return handler->response(skb, protoff, dataoff, dptr, datalen,
1442 cseq, code);
1443 }
1444 return NF_ACCEPT;
1445}
1446
1447static int process_sip_request(struct sk_buff *skb, unsigned int protoff,
1448 unsigned int dataoff,
1449 const char **dptr, unsigned int *datalen)
1450{
1451 enum ip_conntrack_info ctinfo;
1452 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1453 struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1454 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
1455 unsigned int matchoff, matchlen;
1456 unsigned int cseq, i;
1457 union nf_inet_addr addr;
1458 __be16 port;
1459
1460
1461
1462
1463
1464
1465
1466 if (ct_sip_parse_header_uri(ct, *dptr, NULL, *datalen,
1467 SIP_HDR_VIA_UDP, NULL, &matchoff,
1468 &matchlen, &addr, &port) > 0 &&
1469 port != ct->tuplehash[dir].tuple.src.u.udp.port &&
1470 nf_inet_addr_cmp(&addr, &ct->tuplehash[dir].tuple.src.u3))
1471 ct_sip_info->forced_dport = port;
1472
1473 for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) {
1474 const struct sip_handler *handler;
1475
1476 handler = &sip_handlers[i];
1477 if (handler->request == NULL)
1478 continue;
1479 if (*datalen < handler->len + 2 ||
1480 strncasecmp(*dptr, handler->method, handler->len))
1481 continue;
1482 if ((*dptr)[handler->len] != ' ' ||
1483 !isalpha((*dptr)[handler->len+1]))
1484 continue;
1485
1486 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_CSEQ,
1487 &matchoff, &matchlen) <= 0) {
1488 nf_ct_helper_log(skb, ct, "cannot parse cseq");
1489 return NF_DROP;
1490 }
1491 cseq = simple_strtoul(*dptr + matchoff, NULL, 10);
1492 if (!cseq && *(*dptr + matchoff) != '0') {
1493 nf_ct_helper_log(skb, ct, "cannot get cseq");
1494 return NF_DROP;
1495 }
1496
1497 return handler->request(skb, protoff, dataoff, dptr, datalen,
1498 cseq);
1499 }
1500 return NF_ACCEPT;
1501}
1502
1503static int process_sip_msg(struct sk_buff *skb, struct nf_conn *ct,
1504 unsigned int protoff, unsigned int dataoff,
1505 const char **dptr, unsigned int *datalen)
1506{
1507 const struct nf_nat_sip_hooks *hooks;
1508 int ret;
1509
1510 if (strncasecmp(*dptr, "SIP/2.0 ", strlen("SIP/2.0 ")) != 0)
1511 ret = process_sip_request(skb, protoff, dataoff, dptr, datalen);
1512 else
1513 ret = process_sip_response(skb, protoff, dataoff, dptr, datalen);
1514
1515 if (ret == NF_ACCEPT && ct->status & IPS_NAT_MASK) {
1516 hooks = rcu_dereference(nf_nat_sip_hooks);
1517 if (hooks && !hooks->msg(skb, protoff, dataoff,
1518 dptr, datalen)) {
1519 nf_ct_helper_log(skb, ct, "cannot NAT SIP message");
1520 ret = NF_DROP;
1521 }
1522 }
1523
1524 return ret;
1525}
1526
1527static int sip_help_tcp(struct sk_buff *skb, unsigned int protoff,
1528 struct nf_conn *ct, enum ip_conntrack_info ctinfo)
1529{
1530 struct tcphdr *th, _tcph;
1531 unsigned int dataoff, datalen;
1532 unsigned int matchoff, matchlen, clen;
1533 unsigned int msglen, origlen;
1534 const char *dptr, *end;
1535 s16 diff, tdiff = 0;
1536 int ret = NF_ACCEPT;
1537 bool term;
1538
1539 if (ctinfo != IP_CT_ESTABLISHED &&
1540 ctinfo != IP_CT_ESTABLISHED_REPLY)
1541 return NF_ACCEPT;
1542
1543
1544 th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph);
1545 if (th == NULL)
1546 return NF_ACCEPT;
1547 dataoff = protoff + th->doff * 4;
1548 if (dataoff >= skb->len)
1549 return NF_ACCEPT;
1550
1551 nf_ct_refresh(ct, skb, sip_timeout * HZ);
1552
1553 if (unlikely(skb_linearize(skb)))
1554 return NF_DROP;
1555
1556 dptr = skb->data + dataoff;
1557 datalen = skb->len - dataoff;
1558 if (datalen < strlen("SIP/2.0 200"))
1559 return NF_ACCEPT;
1560
1561 while (1) {
1562 if (ct_sip_get_header(ct, dptr, 0, datalen,
1563 SIP_HDR_CONTENT_LENGTH,
1564 &matchoff, &matchlen) <= 0)
1565 break;
1566
1567 clen = simple_strtoul(dptr + matchoff, (char **)&end, 10);
1568 if (dptr + matchoff == end)
1569 break;
1570
1571 term = false;
1572 for (; end + strlen("\r\n\r\n") <= dptr + datalen; end++) {
1573 if (end[0] == '\r' && end[1] == '\n' &&
1574 end[2] == '\r' && end[3] == '\n') {
1575 term = true;
1576 break;
1577 }
1578 }
1579 if (!term)
1580 break;
1581 end += strlen("\r\n\r\n") + clen;
1582
1583 msglen = origlen = end - dptr;
1584 if (msglen > datalen)
1585 return NF_ACCEPT;
1586
1587 ret = process_sip_msg(skb, ct, protoff, dataoff,
1588 &dptr, &msglen);
1589
1590 if (ret != NF_ACCEPT)
1591 break;
1592 diff = msglen - origlen;
1593 tdiff += diff;
1594
1595 dataoff += msglen;
1596 dptr += msglen;
1597 datalen = datalen + diff - msglen;
1598 }
1599
1600 if (ret == NF_ACCEPT && ct->status & IPS_NAT_MASK) {
1601 const struct nf_nat_sip_hooks *hooks;
1602
1603 hooks = rcu_dereference(nf_nat_sip_hooks);
1604 if (hooks)
1605 hooks->seq_adjust(skb, protoff, tdiff);
1606 }
1607
1608 return ret;
1609}
1610
1611static int sip_help_udp(struct sk_buff *skb, unsigned int protoff,
1612 struct nf_conn *ct, enum ip_conntrack_info ctinfo)
1613{
1614 unsigned int dataoff, datalen;
1615 const char *dptr;
1616
1617
1618 dataoff = protoff + sizeof(struct udphdr);
1619 if (dataoff >= skb->len)
1620 return NF_ACCEPT;
1621
1622 nf_ct_refresh(ct, skb, sip_timeout * HZ);
1623
1624 if (unlikely(skb_linearize(skb)))
1625 return NF_DROP;
1626
1627 dptr = skb->data + dataoff;
1628 datalen = skb->len - dataoff;
1629 if (datalen < strlen("SIP/2.0 200"))
1630 return NF_ACCEPT;
1631
1632 return process_sip_msg(skb, ct, protoff, dataoff, &dptr, &datalen);
1633}
1634
1635static struct nf_conntrack_helper sip[MAX_PORTS * 4] __read_mostly;
1636
1637static const struct nf_conntrack_expect_policy sip_exp_policy[SIP_EXPECT_MAX + 1] = {
1638 [SIP_EXPECT_SIGNALLING] = {
1639 .name = "signalling",
1640 .max_expected = 1,
1641 .timeout = 3 * 60,
1642 },
1643 [SIP_EXPECT_AUDIO] = {
1644 .name = "audio",
1645 .max_expected = 2 * IP_CT_DIR_MAX,
1646 .timeout = 3 * 60,
1647 },
1648 [SIP_EXPECT_VIDEO] = {
1649 .name = "video",
1650 .max_expected = 2 * IP_CT_DIR_MAX,
1651 .timeout = 3 * 60,
1652 },
1653 [SIP_EXPECT_IMAGE] = {
1654 .name = "image",
1655 .max_expected = IP_CT_DIR_MAX,
1656 .timeout = 3 * 60,
1657 },
1658};
1659
1660static void __exit nf_conntrack_sip_fini(void)
1661{
1662 nf_conntrack_helpers_unregister(sip, ports_c * 4);
1663}
1664
1665static int __init nf_conntrack_sip_init(void)
1666{
1667 int i, ret;
1668
1669 NF_CT_HELPER_BUILD_BUG_ON(sizeof(struct nf_ct_sip_master));
1670
1671 if (ports_c == 0)
1672 ports[ports_c++] = SIP_PORT;
1673
1674 for (i = 0; i < ports_c; i++) {
1675 nf_ct_helper_init(&sip[4 * i], AF_INET, IPPROTO_UDP,
1676 HELPER_NAME, SIP_PORT, ports[i], i,
1677 sip_exp_policy, SIP_EXPECT_MAX, sip_help_udp,
1678 NULL, THIS_MODULE);
1679 nf_ct_helper_init(&sip[4 * i + 1], AF_INET, IPPROTO_TCP,
1680 HELPER_NAME, SIP_PORT, ports[i], i,
1681 sip_exp_policy, SIP_EXPECT_MAX, sip_help_tcp,
1682 NULL, THIS_MODULE);
1683 nf_ct_helper_init(&sip[4 * i + 2], AF_INET6, IPPROTO_UDP,
1684 HELPER_NAME, SIP_PORT, ports[i], i,
1685 sip_exp_policy, SIP_EXPECT_MAX, sip_help_udp,
1686 NULL, THIS_MODULE);
1687 nf_ct_helper_init(&sip[4 * i + 3], AF_INET6, IPPROTO_TCP,
1688 HELPER_NAME, SIP_PORT, ports[i], i,
1689 sip_exp_policy, SIP_EXPECT_MAX, sip_help_tcp,
1690 NULL, THIS_MODULE);
1691 }
1692
1693 ret = nf_conntrack_helpers_register(sip, ports_c * 4);
1694 if (ret < 0) {
1695 pr_err("failed to register helpers\n");
1696 return ret;
1697 }
1698 return 0;
1699}
1700
1701module_init(nf_conntrack_sip_init);
1702module_exit(nf_conntrack_sip_fini);
1703
