Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
nf_conntrack_sip.c
Go to the documentation of this file.
1 /* SIP extension for IP connection tracking.
2  *
3  * (C) 2005 by Christian Hentschel <[email protected]>
4  * based on RR's ip_conntrack_ftp.c and other modules.
5  * (C) 2007 United Security Providers
6  * (C) 2007, 2008 Patrick McHardy <[email protected]>
7  *
8  * This program is free software; you can redistribute it and/or modify
9  * it under the terms of the GNU General Public License version 2 as
10  * published by the Free Software Foundation.
11  */
12 
13 #include <linux/module.h>
14 #include <linux/ctype.h>
15 #include <linux/skbuff.h>
16 #include <linux/inet.h>
17 #include <linux/in.h>
18 #include <linux/udp.h>
19 #include <linux/tcp.h>
20 #include <linux/netfilter.h>
21 
22 #include <net/netfilter/nf_conntrack.h>
23 #include <net/netfilter/nf_conntrack_core.h>
24 #include <net/netfilter/nf_conntrack_expect.h>
25 #include <net/netfilter/nf_conntrack_helper.h>
26 #include <net/netfilter/nf_conntrack_zones.h>
27 #include <linux/netfilter/nf_conntrack_sip.h>
28 
29 MODULE_LICENSE("GPL");
30 MODULE_AUTHOR("Christian Hentschel <[email protected]>");
31 MODULE_DESCRIPTION("SIP connection tracking helper");
32 MODULE_ALIAS("ip_conntrack_sip");
33 MODULE_ALIAS_NFCT_HELPER("sip");
34 
35 #define MAX_PORTS 8
36 static unsigned short ports[MAX_PORTS];
37 static unsigned int ports_c;
38 module_param_array(ports, ushort, &ports_c, 0400);
39 MODULE_PARM_DESC(ports, "port numbers of SIP servers");
40 
41 static unsigned int sip_timeout __read_mostly = SIP_TIMEOUT;
42 module_param(sip_timeout, uint, 0600);
43 MODULE_PARM_DESC(sip_timeout, "timeout for the master SIP session");
44 
45 static int sip_direct_signalling __read_mostly = 1;
46 module_param(sip_direct_signalling, int, 0600);
47 MODULE_PARM_DESC(sip_direct_signalling, "expect incoming calls from registrar "
48  "only (default 1)");
49 
50 static int sip_direct_media __read_mostly = 1;
51 module_param(sip_direct_media, int, 0600);
52 MODULE_PARM_DESC(sip_direct_media, "Expect Media streams between signalling "
53  "endpoints only (default 1)");
54 
55 unsigned int (*nf_nat_sip_hook)(struct sk_buff *skb, unsigned int protoff,
56  unsigned int dataoff, const char **dptr,
57  unsigned int *datalen) __read_mostly;
58 EXPORT_SYMBOL_GPL(nf_nat_sip_hook);
59 
60 void (*nf_nat_sip_seq_adjust_hook)(struct sk_buff *skb, unsigned int protoff,
61  s16 off) __read_mostly;
62 EXPORT_SYMBOL_GPL(nf_nat_sip_seq_adjust_hook);
63 
64 unsigned int (*nf_nat_sip_expect_hook)(struct sk_buff *skb,
65  unsigned int protoff,
66  unsigned int dataoff,
67  const char **dptr,
68  unsigned int *datalen,
69  struct nf_conntrack_expect *exp,
70  unsigned int matchoff,
71  unsigned int matchlen) __read_mostly;
72 EXPORT_SYMBOL_GPL(nf_nat_sip_expect_hook);
73 
74 unsigned int (*nf_nat_sdp_addr_hook)(struct sk_buff *skb, unsigned int protoff,
75  unsigned int dataoff,
76  const char **dptr,
77  unsigned int *datalen,
78  unsigned int sdpoff,
79  enum sdp_header_types type,
80  enum sdp_header_types term,
81  const union nf_inet_addr *addr)
82  __read_mostly;
83 EXPORT_SYMBOL_GPL(nf_nat_sdp_addr_hook);
84 
85 unsigned int (*nf_nat_sdp_port_hook)(struct sk_buff *skb, unsigned int protoff,
86  unsigned int dataoff,
87  const char **dptr,
88  unsigned int *datalen,
89  unsigned int matchoff,
90  unsigned int matchlen,
91  u_int16_t port) __read_mostly;
92 EXPORT_SYMBOL_GPL(nf_nat_sdp_port_hook);
93 
94 unsigned int (*nf_nat_sdp_session_hook)(struct sk_buff *skb,
95  unsigned int protoff,
96  unsigned int dataoff,
97  const char **dptr,
98  unsigned int *datalen,
99  unsigned int sdpoff,
100  const union nf_inet_addr *addr)
101  __read_mostly;
102 EXPORT_SYMBOL_GPL(nf_nat_sdp_session_hook);
103 
104 unsigned int (*nf_nat_sdp_media_hook)(struct sk_buff *skb, unsigned int protoff,
105  unsigned int dataoff,
106  const char **dptr,
107  unsigned int *datalen,
108  struct nf_conntrack_expect *rtp_exp,
109  struct nf_conntrack_expect *rtcp_exp,
110  unsigned int mediaoff,
111  unsigned int medialen,
112  union nf_inet_addr *rtp_addr)
113  __read_mostly;
114 EXPORT_SYMBOL_GPL(nf_nat_sdp_media_hook);
115 
116 static int string_len(const struct nf_conn *ct, const char *dptr,
117  const char *limit, int *shift)
118 {
119  int len = 0;
120 
121  while (dptr < limit && isalpha(*dptr)) {
122  dptr++;
123  len++;
124  }
125  return len;
126 }
127 
128 static int digits_len(const struct nf_conn *ct, const char *dptr,
129  const char *limit, int *shift)
130 {
131  int len = 0;
132  while (dptr < limit && isdigit(*dptr)) {
133  dptr++;
134  len++;
135  }
136  return len;
137 }
138 
139 static int iswordc(const char c)
140 {
141  if (isalnum(c) || c == '!' || c == '"' || c == '%' ||
142  (c >= '(' && c <= '/') || c == ':' || c == '<' || c == '>' ||
143  c == '?' || (c >= '[' && c <= ']') || c == '_' || c == '`' ||
144  c == '{' || c == '}' || c == '~')
145  return 1;
146  return 0;
147 }
148 
149 static int word_len(const char *dptr, const char *limit)
150 {
151  int len = 0;
152  while (dptr < limit && iswordc(*dptr)) {
153  dptr++;
154  len++;
155  }
156  return len;
157 }
158 
159 static int callid_len(const struct nf_conn *ct, const char *dptr,
160  const char *limit, int *shift)
161 {
162  int len, domain_len;
163 
164  len = word_len(dptr, limit);
165  dptr += len;
166  if (!len || dptr == limit || *dptr != '@')
167  return len;
168  dptr++;
169  len++;
170 
171  domain_len = word_len(dptr, limit);
172  if (!domain_len)
173  return 0;
174  return len + domain_len;
175 }
176 
177 /* get media type + port length */
178 static int media_len(const struct nf_conn *ct, const char *dptr,
179  const char *limit, int *shift)
180 {
181  int len = string_len(ct, dptr, limit, shift);
182 
183  dptr += len;
184  if (dptr >= limit || *dptr != ' ')
185  return 0;
186  len++;
187  dptr++;
188 
189  return len + digits_len(ct, dptr, limit, shift);
190 }
191 
192 static int sip_parse_addr(const struct nf_conn *ct, const char *cp,
193  const char **endp, union nf_inet_addr *addr,
194  const char *limit, bool delim)
195 {
196  const char *end;
197  int ret;
198 
199  if (!ct)
200  return 0;
201 
202  memset(addr, 0, sizeof(*addr));
203  switch (nf_ct_l3num(ct)) {
204  case AF_INET:
205  ret = in4_pton(cp, limit - cp, (u8 *)&addr->ip, -1, &end);
206  if (ret == 0)
207  return 0;
208  break;
209  case AF_INET6:
210  if (cp < limit && *cp == '[')
211  cp++;
212  else if (delim)
213  return 0;
214 
215  ret = in6_pton(cp, limit - cp, (u8 *)&addr->ip6, -1, &end);
216  if (ret == 0)
217  return 0;
218 
219  if (end < limit && *end == ']')
220  end++;
221  else if (delim)
222  return 0;
223  break;
224  default:
225  BUG();
226  }
227 
228  if (endp)
229  *endp = end;
230  return 1;
231 }
232 
233 /* skip ip address. returns its length. */
234 static int epaddr_len(const struct nf_conn *ct, const char *dptr,
235  const char *limit, int *shift)
236 {
237  union nf_inet_addr addr;
238  const char *aux = dptr;
239 
240  if (!sip_parse_addr(ct, dptr, &dptr, &addr, limit, true)) {
241  pr_debug("ip: %s parse failed.!\n", dptr);
242  return 0;
243  }
244 
245  /* Port number */
246  if (*dptr == ':') {
247  dptr++;
248  dptr += digits_len(ct, dptr, limit, shift);
249  }
250  return dptr - aux;
251 }
252 
253 /* get address length, skiping user info. */
254 static int skp_epaddr_len(const struct nf_conn *ct, const char *dptr,
255  const char *limit, int *shift)
256 {
257  const char *start = dptr;
258  int s = *shift;
259 
260  /* Search for @, but stop at the end of the line.
261  * We are inside a sip: URI, so we don't need to worry about
262  * continuation lines. */
263  while (dptr < limit &&
264  *dptr != '@' && *dptr != '\r' && *dptr != '\n') {
265  (*shift)++;
266  dptr++;
267  }
268 
269  if (dptr < limit && *dptr == '@') {
270  dptr++;
271  (*shift)++;
272  } else {
273  dptr = start;
274  *shift = s;
275  }
276 
277  return epaddr_len(ct, dptr, limit, shift);
278 }
279 
280 /* Parse a SIP request line of the form:
281  *
282  * Request-Line = Method SP Request-URI SP SIP-Version CRLF
283  *
284  * and return the offset and length of the address contained in the Request-URI.
285  */
286 int ct_sip_parse_request(const struct nf_conn *ct,
287  const char *dptr, unsigned int datalen,
288  unsigned int *matchoff, unsigned int *matchlen,
289  union nf_inet_addr *addr, __be16 *port)
290 {
291  const char *start = dptr, *limit = dptr + datalen, *end;
292  unsigned int mlen;
293  unsigned int p;
294  int shift = 0;
295 
296  /* Skip method and following whitespace */
297  mlen = string_len(ct, dptr, limit, NULL);
298  if (!mlen)
299  return 0;
300  dptr += mlen;
301  if (++dptr >= limit)
302  return 0;
303 
304  /* Find SIP URI */
305  for (; dptr < limit - strlen("sip:"); dptr++) {
306  if (*dptr == '\r' || *dptr == '\n')
307  return -1;
308  if (strnicmp(dptr, "sip:", strlen("sip:")) == 0) {
309  dptr += strlen("sip:");
310  break;
311  }
312  }
313  if (!skp_epaddr_len(ct, dptr, limit, &shift))
314  return 0;
315  dptr += shift;
316 
317  if (!sip_parse_addr(ct, dptr, &end, addr, limit, true))
318  return -1;
319  if (end < limit && *end == ':') {
320  end++;
321  p = simple_strtoul(end, (char **)&end, 10);
322  if (p < 1024 || p > 65535)
323  return -1;
324  *port = htons(p);
325  } else
326  *port = htons(SIP_PORT);
327 
328  if (end == dptr)
329  return 0;
330  *matchoff = dptr - start;
331  *matchlen = end - dptr;
332  return 1;
333 }
334 EXPORT_SYMBOL_GPL(ct_sip_parse_request);
335 
336 /* SIP header parsing: SIP headers are located at the beginning of a line, but
337  * may span several lines, in which case the continuation lines begin with a
338  * whitespace character. RFC 2543 allows lines to be terminated with CR, LF or
339  * CRLF, RFC 3261 allows only CRLF, we support both.
340  *
341  * Headers are followed by (optionally) whitespace, a colon, again (optionally)
342  * whitespace and the values. Whitespace in this context means any amount of
343  * tabs, spaces and continuation lines, which are treated as a single whitespace
344  * character.
345  *
346  * Some headers may appear multiple times. A comma separated list of values is
347  * equivalent to multiple headers.
348  */
349 static const struct sip_header ct_sip_hdrs[] = {
350  [SIP_HDR_CSEQ] = SIP_HDR("CSeq", NULL, NULL, digits_len),
351  [SIP_HDR_FROM] = SIP_HDR("From", "f", "sip:", skp_epaddr_len),
352  [SIP_HDR_TO] = SIP_HDR("To", "t", "sip:", skp_epaddr_len),
353  [SIP_HDR_CONTACT] = SIP_HDR("Contact", "m", "sip:", skp_epaddr_len),
354  [SIP_HDR_VIA_UDP] = SIP_HDR("Via", "v", "UDP ", epaddr_len),
355  [SIP_HDR_VIA_TCP] = SIP_HDR("Via", "v", "TCP ", epaddr_len),
356  [SIP_HDR_EXPIRES] = SIP_HDR("Expires", NULL, NULL, digits_len),
357  [SIP_HDR_CONTENT_LENGTH] = SIP_HDR("Content-Length", "l", NULL, digits_len),
358  [SIP_HDR_CALL_ID] = SIP_HDR("Call-Id", "i", NULL, callid_len),
359 };
360 
361 static const char *sip_follow_continuation(const char *dptr, const char *limit)
362 {
363  /* Walk past newline */
364  if (++dptr >= limit)
365  return NULL;
366 
367  /* Skip '\n' in CR LF */
368  if (*(dptr - 1) == '\r' && *dptr == '\n') {
369  if (++dptr >= limit)
370  return NULL;
371  }
372 
373  /* Continuation line? */
374  if (*dptr != ' ' && *dptr != '\t')
375  return NULL;
376 
377  /* skip leading whitespace */
378  for (; dptr < limit; dptr++) {
379  if (*dptr != ' ' && *dptr != '\t')
380  break;
381  }
382  return dptr;
383 }
384 
385 static const char *sip_skip_whitespace(const char *dptr, const char *limit)
386 {
387  for (; dptr < limit; dptr++) {
388  if (*dptr == ' ')
389  continue;
390  if (*dptr != '\r' && *dptr != '\n')
391  break;
392  dptr = sip_follow_continuation(dptr, limit);
393  if (dptr == NULL)
394  return NULL;
395  }
396  return dptr;
397 }
398 
399 /* Search within a SIP header value, dealing with continuation lines */
400 static const char *ct_sip_header_search(const char *dptr, const char *limit,
401  const char *needle, unsigned int len)
402 {
403  for (limit -= len; dptr < limit; dptr++) {
404  if (*dptr == '\r' || *dptr == '\n') {
405  dptr = sip_follow_continuation(dptr, limit);
406  if (dptr == NULL)
407  break;
408  continue;
409  }
410 
411  if (strnicmp(dptr, needle, len) == 0)
412  return dptr;
413  }
414  return NULL;
415 }
416 
417 int ct_sip_get_header(const struct nf_conn *ct, const char *dptr,
418  unsigned int dataoff, unsigned int datalen,
419  enum sip_header_types type,
420  unsigned int *matchoff, unsigned int *matchlen)
421 {
422  const struct sip_header *hdr = &ct_sip_hdrs[type];
423  const char *start = dptr, *limit = dptr + datalen;
424  int shift = 0;
425 
426  for (dptr += dataoff; dptr < limit; dptr++) {
427  /* Find beginning of line */
428  if (*dptr != '\r' && *dptr != '\n')
429  continue;
430  if (++dptr >= limit)
431  break;
432  if (*(dptr - 1) == '\r' && *dptr == '\n') {
433  if (++dptr >= limit)
434  break;
435  }
436 
437  /* Skip continuation lines */
438  if (*dptr == ' ' || *dptr == '\t')
439  continue;
440 
441  /* Find header. Compact headers must be followed by a
442  * non-alphabetic character to avoid mismatches. */
443  if (limit - dptr >= hdr->len &&
444  strnicmp(dptr, hdr->name, hdr->len) == 0)
445  dptr += hdr->len;
446  else if (hdr->cname && limit - dptr >= hdr->clen + 1 &&
447  strnicmp(dptr, hdr->cname, hdr->clen) == 0 &&
448  !isalpha(*(dptr + hdr->clen)))
449  dptr += hdr->clen;
450  else
451  continue;
452 
453  /* Find and skip colon */
454  dptr = sip_skip_whitespace(dptr, limit);
455  if (dptr == NULL)
456  break;
457  if (*dptr != ':' || ++dptr >= limit)
458  break;
459 
460  /* Skip whitespace after colon */
461  dptr = sip_skip_whitespace(dptr, limit);
462  if (dptr == NULL)
463  break;
464 
465  *matchoff = dptr - start;
466  if (hdr->search) {
467  dptr = ct_sip_header_search(dptr, limit, hdr->search,
468  hdr->slen);
469  if (!dptr)
470  return -1;
471  dptr += hdr->slen;
472  }
473 
474  *matchlen = hdr->match_len(ct, dptr, limit, &shift);
475  if (!*matchlen)
476  return -1;
477  *matchoff = dptr - start + shift;
478  return 1;
479  }
480  return 0;
481 }
482 EXPORT_SYMBOL_GPL(ct_sip_get_header);
483 
484 /* Get next header field in a list of comma separated values */
485 static int ct_sip_next_header(const struct nf_conn *ct, const char *dptr,
486  unsigned int dataoff, unsigned int datalen,
487  enum sip_header_types type,
488  unsigned int *matchoff, unsigned int *matchlen)
489 {
490  const struct sip_header *hdr = &ct_sip_hdrs[type];
491  const char *start = dptr, *limit = dptr + datalen;
492  int shift = 0;
493 
494  dptr += dataoff;
495 
496  dptr = ct_sip_header_search(dptr, limit, ",", strlen(","));
497  if (!dptr)
498  return 0;
499 
500  dptr = ct_sip_header_search(dptr, limit, hdr->search, hdr->slen);
501  if (!dptr)
502  return 0;
503  dptr += hdr->slen;
504 
505  *matchoff = dptr - start;
506  *matchlen = hdr->match_len(ct, dptr, limit, &shift);
507  if (!*matchlen)
508  return -1;
509  *matchoff += shift;
510  return 1;
511 }
512 
513 /* Walk through headers until a parsable one is found or no header of the
514  * given type is left. */
515 static int ct_sip_walk_headers(const struct nf_conn *ct, const char *dptr,
516  unsigned int dataoff, unsigned int datalen,
517  enum sip_header_types type, int *in_header,
518  unsigned int *matchoff, unsigned int *matchlen)
519 {
520  int ret;
521 
522  if (in_header && *in_header) {
523  while (1) {
524  ret = ct_sip_next_header(ct, dptr, dataoff, datalen,
525  type, matchoff, matchlen);
526  if (ret > 0)
527  return ret;
528  if (ret == 0)
529  break;
530  dataoff += *matchoff;
531  }
532  *in_header = 0;
533  }
534 
535  while (1) {
536  ret = ct_sip_get_header(ct, dptr, dataoff, datalen,
537  type, matchoff, matchlen);
538  if (ret > 0)
539  break;
540  if (ret == 0)
541  return ret;
542  dataoff += *matchoff;
543  }
544 
545  if (in_header)
546  *in_header = 1;
547  return 1;
548 }
549 
550 /* Locate a SIP header, parse the URI and return the offset and length of
551  * the address as well as the address and port themselves. A stream of
552  * headers can be parsed by handing in a non-NULL datalen and in_header
553  * pointer.
554  */
555 int ct_sip_parse_header_uri(const struct nf_conn *ct, const char *dptr,
556  unsigned int *dataoff, unsigned int datalen,
557  enum sip_header_types type, int *in_header,
558  unsigned int *matchoff, unsigned int *matchlen,
559  union nf_inet_addr *addr, __be16 *port)
560 {
561  const char *c, *limit = dptr + datalen;
562  unsigned int p;
563  int ret;
564 
565  ret = ct_sip_walk_headers(ct, dptr, dataoff ? *dataoff : 0, datalen,
566  type, in_header, matchoff, matchlen);
567  WARN_ON(ret < 0);
568  if (ret == 0)
569  return ret;
570 
571  if (!sip_parse_addr(ct, dptr + *matchoff, &c, addr, limit, true))
572  return -1;
573  if (*c == ':') {
574  c++;
575  p = simple_strtoul(c, (char **)&c, 10);
576  if (p < 1024 || p > 65535)
577  return -1;
578  *port = htons(p);
579  } else
580  *port = htons(SIP_PORT);
581 
582  if (dataoff)
583  *dataoff = c - dptr;
584  return 1;
585 }
586 EXPORT_SYMBOL_GPL(ct_sip_parse_header_uri);
587 
588 static int ct_sip_parse_param(const struct nf_conn *ct, const char *dptr,
589  unsigned int dataoff, unsigned int datalen,
590  const char *name,
591  unsigned int *matchoff, unsigned int *matchlen)
592 {
593  const char *limit = dptr + datalen;
594  const char *start;
595  const char *end;
596 
597  limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(","));
598  if (!limit)
599  limit = dptr + datalen;
600 
601  start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name));
602  if (!start)
603  return 0;
604  start += strlen(name);
605 
606  end = ct_sip_header_search(start, limit, ";", strlen(";"));
607  if (!end)
608  end = limit;
609 
610  *matchoff = start - dptr;
611  *matchlen = end - start;
612  return 1;
613 }
614 
615 /* Parse address from header parameter and return address, offset and length */
616 int ct_sip_parse_address_param(const struct nf_conn *ct, const char *dptr,
617  unsigned int dataoff, unsigned int datalen,
618  const char *name,
619  unsigned int *matchoff, unsigned int *matchlen,
620  union nf_inet_addr *addr, bool delim)
621 {
622  const char *limit = dptr + datalen;
623  const char *start, *end;
624 
625  limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(","));
626  if (!limit)
627  limit = dptr + datalen;
628 
629  start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name));
630  if (!start)
631  return 0;
632 
633  start += strlen(name);
634  if (!sip_parse_addr(ct, start, &end, addr, limit, delim))
635  return 0;
636  *matchoff = start - dptr;
637  *matchlen = end - start;
638  return 1;
639 }
640 EXPORT_SYMBOL_GPL(ct_sip_parse_address_param);
641 
642 /* Parse numerical header parameter and return value, offset and length */
643 int ct_sip_parse_numerical_param(const struct nf_conn *ct, const char *dptr,
644  unsigned int dataoff, unsigned int datalen,
645  const char *name,
646  unsigned int *matchoff, unsigned int *matchlen,
647  unsigned int *val)
648 {
649  const char *limit = dptr + datalen;
650  const char *start;
651  char *end;
652 
653  limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(","));
654  if (!limit)
655  limit = dptr + datalen;
656 
657  start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name));
658  if (!start)
659  return 0;
660 
661  start += strlen(name);
662  *val = simple_strtoul(start, &end, 0);
663  if (start == end)
664  return 0;
665  if (matchoff && matchlen) {
666  *matchoff = start - dptr;
667  *matchlen = end - start;
668  }
669  return 1;
670 }
671 EXPORT_SYMBOL_GPL(ct_sip_parse_numerical_param);
672 
673 static int ct_sip_parse_transport(struct nf_conn *ct, const char *dptr,
674  unsigned int dataoff, unsigned int datalen,
675  u8 *proto)
676 {
677  unsigned int matchoff, matchlen;
678 
679  if (ct_sip_parse_param(ct, dptr, dataoff, datalen, "transport=",
680  &matchoff, &matchlen)) {
681  if (!strnicmp(dptr + matchoff, "TCP", strlen("TCP")))
682  *proto = IPPROTO_TCP;
683  else if (!strnicmp(dptr + matchoff, "UDP", strlen("UDP")))
684  *proto = IPPROTO_UDP;
685  else
686  return 0;
687 
688  if (*proto != nf_ct_protonum(ct))
689  return 0;
690  } else
691  *proto = nf_ct_protonum(ct);
692 
693  return 1;
694 }
695 
696 static int sdp_parse_addr(const struct nf_conn *ct, const char *cp,
697  const char **endp, union nf_inet_addr *addr,
698  const char *limit)
699 {
700  const char *end;
701  int ret;
702 
703  memset(addr, 0, sizeof(*addr));
704  switch (nf_ct_l3num(ct)) {
705  case AF_INET:
706  ret = in4_pton(cp, limit - cp, (u8 *)&addr->ip, -1, &end);
707  break;
708  case AF_INET6:
709  ret = in6_pton(cp, limit - cp, (u8 *)&addr->ip6, -1, &end);
710  break;
711  default:
712  BUG();
713  }
714 
715  if (ret == 0)
716  return 0;
717  if (endp)
718  *endp = end;
719  return 1;
720 }
721 
722 /* skip ip address. returns its length. */
723 static int sdp_addr_len(const struct nf_conn *ct, const char *dptr,
724  const char *limit, int *shift)
725 {
726  union nf_inet_addr addr;
727  const char *aux = dptr;
728 
729  if (!sdp_parse_addr(ct, dptr, &dptr, &addr, limit)) {
730  pr_debug("ip: %s parse failed.!\n", dptr);
731  return 0;
732  }
733 
734  return dptr - aux;
735 }
736 
737 /* SDP header parsing: a SDP session description contains an ordered set of
738  * headers, starting with a section containing general session parameters,
739  * optionally followed by multiple media descriptions.
740  *
741  * SDP headers always start at the beginning of a line. According to RFC 2327:
742  * "The sequence CRLF (0x0d0a) is used to end a record, although parsers should
743  * be tolerant and also accept records terminated with a single newline
744  * character". We handle both cases.
745  */
746 static const struct sip_header ct_sdp_hdrs_v4[] = {
747  [SDP_HDR_VERSION] = SDP_HDR("v=", NULL, digits_len),
748  [SDP_HDR_OWNER] = SDP_HDR("o=", "IN IP4 ", sdp_addr_len),
749  [SDP_HDR_CONNECTION] = SDP_HDR("c=", "IN IP4 ", sdp_addr_len),
750  [SDP_HDR_MEDIA] = SDP_HDR("m=", NULL, media_len),
751 };
752 
753 static const struct sip_header ct_sdp_hdrs_v6[] = {
754  [SDP_HDR_VERSION] = SDP_HDR("v=", NULL, digits_len),
755  [SDP_HDR_OWNER] = SDP_HDR("o=", "IN IP6 ", sdp_addr_len),
756  [SDP_HDR_CONNECTION] = SDP_HDR("c=", "IN IP6 ", sdp_addr_len),
757  [SDP_HDR_MEDIA] = SDP_HDR("m=", NULL, media_len),
758 };
759 
760 /* Linear string search within SDP header values */
761 static const char *ct_sdp_header_search(const char *dptr, const char *limit,
762  const char *needle, unsigned int len)
763 {
764  for (limit -= len; dptr < limit; dptr++) {
765  if (*dptr == '\r' || *dptr == '\n')
766  break;
767  if (strncmp(dptr, needle, len) == 0)
768  return dptr;
769  }
770  return NULL;
771 }
772 
773 /* Locate a SDP header (optionally a substring within the header value),
774  * optionally stopping at the first occurrence of the term header, parse
775  * it and return the offset and length of the data we're interested in.
776  */
777 int ct_sip_get_sdp_header(const struct nf_conn *ct, const char *dptr,
778  unsigned int dataoff, unsigned int datalen,
779  enum sdp_header_types type,
780  enum sdp_header_types term,
781  unsigned int *matchoff, unsigned int *matchlen)
782 {
783  const struct sip_header *hdrs, *hdr, *thdr;
784  const char *start = dptr, *limit = dptr + datalen;
785  int shift = 0;
786 
787  hdrs = nf_ct_l3num(ct) == NFPROTO_IPV4 ? ct_sdp_hdrs_v4 : ct_sdp_hdrs_v6;
788  hdr = &hdrs[type];
789  thdr = &hdrs[term];
790 
791  for (dptr += dataoff; dptr < limit; dptr++) {
792  /* Find beginning of line */
793  if (*dptr != '\r' && *dptr != '\n')
794  continue;
795  if (++dptr >= limit)
796  break;
797  if (*(dptr - 1) == '\r' && *dptr == '\n') {
798  if (++dptr >= limit)
799  break;
800  }
801 
802  if (term != SDP_HDR_UNSPEC &&
803  limit - dptr >= thdr->len &&
804  strnicmp(dptr, thdr->name, thdr->len) == 0)
805  break;
806  else if (limit - dptr >= hdr->len &&
807  strnicmp(dptr, hdr->name, hdr->len) == 0)
808  dptr += hdr->len;
809  else
810  continue;
811 
812  *matchoff = dptr - start;
813  if (hdr->search) {
814  dptr = ct_sdp_header_search(dptr, limit, hdr->search,
815  hdr->slen);
816  if (!dptr)
817  return -1;
818  dptr += hdr->slen;
819  }
820 
821  *matchlen = hdr->match_len(ct, dptr, limit, &shift);
822  if (!*matchlen)
823  return -1;
824  *matchoff = dptr - start + shift;
825  return 1;
826  }
827  return 0;
828 }
829 EXPORT_SYMBOL_GPL(ct_sip_get_sdp_header);
830 
831 static int ct_sip_parse_sdp_addr(const struct nf_conn *ct, const char *dptr,
832  unsigned int dataoff, unsigned int datalen,
833  enum sdp_header_types type,
834  enum sdp_header_types term,
835  unsigned int *matchoff, unsigned int *matchlen,
836  union nf_inet_addr *addr)
837 {
838  int ret;
839 
840  ret = ct_sip_get_sdp_header(ct, dptr, dataoff, datalen, type, term,
841  matchoff, matchlen);
842  if (ret <= 0)
843  return ret;
844 
845  if (!sdp_parse_addr(ct, dptr + *matchoff, NULL, addr,
846  dptr + *matchoff + *matchlen))
847  return -1;
848  return 1;
849 }
850 
851 static int refresh_signalling_expectation(struct nf_conn *ct,
852  union nf_inet_addr *addr,
853  u8 proto, __be16 port,
854  unsigned int expires)
855 {
856  struct nf_conn_help *help = nfct_help(ct);
857  struct nf_conntrack_expect *exp;
858  struct hlist_node *n, *next;
859  int found = 0;
860 
861  spin_lock_bh(&nf_conntrack_lock);
862  hlist_for_each_entry_safe(exp, n, next, &help->expectations, lnode) {
863  if (exp->class != SIP_EXPECT_SIGNALLING ||
864  !nf_inet_addr_cmp(&exp->tuple.dst.u3, addr) ||
865  exp->tuple.dst.protonum != proto ||
866  exp->tuple.dst.u.udp.port != port)
867  continue;
868  if (!del_timer(&exp->timeout))
869  continue;
870  exp->flags &= ~NF_CT_EXPECT_INACTIVE;
871  exp->timeout.expires = jiffies + expires * HZ;
872  add_timer(&exp->timeout);
873  found = 1;
874  break;
875  }
876  spin_unlock_bh(&nf_conntrack_lock);
877  return found;
878 }
879 
880 static void flush_expectations(struct nf_conn *ct, bool media)
881 {
882  struct nf_conn_help *help = nfct_help(ct);
883  struct nf_conntrack_expect *exp;
884  struct hlist_node *n, *next;
885 
886  spin_lock_bh(&nf_conntrack_lock);
887  hlist_for_each_entry_safe(exp, n, next, &help->expectations, lnode) {
888  if ((exp->class != SIP_EXPECT_SIGNALLING) ^ media)
889  continue;
890  if (!del_timer(&exp->timeout))
891  continue;
892  nf_ct_unlink_expect(exp);
893  nf_ct_expect_put(exp);
894  if (!media)
895  break;
896  }
897  spin_unlock_bh(&nf_conntrack_lock);
898 }
899 
900 static int set_expected_rtp_rtcp(struct sk_buff *skb, unsigned int protoff,
901  unsigned int dataoff,
902  const char **dptr, unsigned int *datalen,
903  union nf_inet_addr *daddr, __be16 port,
904  enum sip_expectation_classes class,
905  unsigned int mediaoff, unsigned int medialen)
906 {
907  struct nf_conntrack_expect *exp, *rtp_exp, *rtcp_exp;
908  enum ip_conntrack_info ctinfo;
909  struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
910  struct net *net = nf_ct_net(ct);
911  enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
912  union nf_inet_addr *saddr;
913  struct nf_conntrack_tuple tuple;
914  int direct_rtp = 0, skip_expect = 0, ret = NF_DROP;
915  u_int16_t base_port;
916  __be16 rtp_port, rtcp_port;
917  typeof(nf_nat_sdp_port_hook) nf_nat_sdp_port;
918  typeof(nf_nat_sdp_media_hook) nf_nat_sdp_media;
919 
920  saddr = NULL;
921  if (sip_direct_media) {
922  if (!nf_inet_addr_cmp(daddr, &ct->tuplehash[dir].tuple.src.u3))
923  return NF_ACCEPT;
924  saddr = &ct->tuplehash[!dir].tuple.src.u3;
925  }
926 
927  /* We need to check whether the registration exists before attempting
928  * to register it since we can see the same media description multiple
929  * times on different connections in case multiple endpoints receive
930  * the same call.
931  *
932  * RTP optimization: if we find a matching media channel expectation
933  * and both the expectation and this connection are SNATed, we assume
934  * both sides can reach each other directly and use the final
935  * destination address from the expectation. We still need to keep
936  * the NATed expectations for media that might arrive from the
937  * outside, and additionally need to expect the direct RTP stream
938  * in case it passes through us even without NAT.
939  */
940  memset(&tuple, 0, sizeof(tuple));
941  if (saddr)
942  tuple.src.u3 = *saddr;
943  tuple.src.l3num = nf_ct_l3num(ct);
944  tuple.dst.protonum = IPPROTO_UDP;
945  tuple.dst.u3 = *daddr;
946  tuple.dst.u.udp.port = port;
947 
948  rcu_read_lock();
949  do {
950  exp = __nf_ct_expect_find(net, nf_ct_zone(ct), &tuple);
951 
952  if (!exp || exp->master == ct ||
953  nfct_help(exp->master)->helper != nfct_help(ct)->helper ||
954  exp->class != class)
955  break;
956 #ifdef CONFIG_NF_NAT_NEEDED
957  if (!direct_rtp &&
958  (!nf_inet_addr_cmp(&exp->saved_addr, &exp->tuple.dst.u3) ||
959  exp->saved_proto.udp.port != exp->tuple.dst.u.udp.port) &&
960  ct->status & IPS_NAT_MASK) {
961  *daddr = exp->saved_addr;
962  tuple.dst.u3 = exp->saved_addr;
963  tuple.dst.u.udp.port = exp->saved_proto.udp.port;
964  direct_rtp = 1;
965  } else
966 #endif
967  skip_expect = 1;
968  } while (!skip_expect);
969  rcu_read_unlock();
970 
971  base_port = ntohs(tuple.dst.u.udp.port) & ~1;
972  rtp_port = htons(base_port);
973  rtcp_port = htons(base_port + 1);
974 
975  if (direct_rtp) {
976  nf_nat_sdp_port = rcu_dereference(nf_nat_sdp_port_hook);
977  if (nf_nat_sdp_port &&
978  !nf_nat_sdp_port(skb, protoff, dataoff, dptr, datalen,
979  mediaoff, medialen, ntohs(rtp_port)))
980  goto err1;
981  }
982 
983  if (skip_expect)
984  return NF_ACCEPT;
985 
986  rtp_exp = nf_ct_expect_alloc(ct);
987  if (rtp_exp == NULL)
988  goto err1;
989  nf_ct_expect_init(rtp_exp, class, nf_ct_l3num(ct), saddr, daddr,
990  IPPROTO_UDP, NULL, &rtp_port);
991 
992  rtcp_exp = nf_ct_expect_alloc(ct);
993  if (rtcp_exp == NULL)
994  goto err2;
995  nf_ct_expect_init(rtcp_exp, class, nf_ct_l3num(ct), saddr, daddr,
996  IPPROTO_UDP, NULL, &rtcp_port);
997 
998  nf_nat_sdp_media = rcu_dereference(nf_nat_sdp_media_hook);
999  if (nf_nat_sdp_media && ct->status & IPS_NAT_MASK && !direct_rtp)
1000  ret = nf_nat_sdp_media(skb, protoff, dataoff, dptr, datalen,
1001  rtp_exp, rtcp_exp,
1002  mediaoff, medialen, daddr);
1003  else {
1004  if (nf_ct_expect_related(rtp_exp) == 0) {
1005  if (nf_ct_expect_related(rtcp_exp) != 0)
1006  nf_ct_unexpect_related(rtp_exp);
1007  else
1008  ret = NF_ACCEPT;
1009  }
1010  }
1011  nf_ct_expect_put(rtcp_exp);
1012 err2:
1013  nf_ct_expect_put(rtp_exp);
1014 err1:
1015  return ret;
1016 }
1017 
1018 static const struct sdp_media_type sdp_media_types[] = {
1019  SDP_MEDIA_TYPE("audio ", SIP_EXPECT_AUDIO),
1020  SDP_MEDIA_TYPE("video ", SIP_EXPECT_VIDEO),
1021  SDP_MEDIA_TYPE("image ", SIP_EXPECT_IMAGE),
1022 };
1023 
1024 static const struct sdp_media_type *sdp_media_type(const char *dptr,
1025  unsigned int matchoff,
1026  unsigned int matchlen)
1027 {
1028  const struct sdp_media_type *t;
1029  unsigned int i;
1030 
1031  for (i = 0; i < ARRAY_SIZE(sdp_media_types); i++) {
1032  t = &sdp_media_types[i];
1033  if (matchlen < t->len ||
1034  strncmp(dptr + matchoff, t->name, t->len))
1035  continue;
1036  return t;
1037  }
1038  return NULL;
1039 }
1040 
1041 static int process_sdp(struct sk_buff *skb, unsigned int protoff,
1042  unsigned int dataoff,
1043  const char **dptr, unsigned int *datalen,
1044  unsigned int cseq)
1045 {
1046  enum ip_conntrack_info ctinfo;
1047  struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1048  unsigned int matchoff, matchlen;
1049  unsigned int mediaoff, medialen;
1050  unsigned int sdpoff;
1051  unsigned int caddr_len, maddr_len;
1052  unsigned int i;
1053  union nf_inet_addr caddr, maddr, rtp_addr;
1054  unsigned int port;
1055  const struct sdp_media_type *t;
1056  int ret = NF_ACCEPT;
1057  typeof(nf_nat_sdp_addr_hook) nf_nat_sdp_addr;
1058  typeof(nf_nat_sdp_session_hook) nf_nat_sdp_session;
1059 
1060  nf_nat_sdp_addr = rcu_dereference(nf_nat_sdp_addr_hook);
1061 
1062  /* Find beginning of session description */
1063  if (ct_sip_get_sdp_header(ct, *dptr, 0, *datalen,
1064  SDP_HDR_VERSION, SDP_HDR_UNSPEC,
1065  &matchoff, &matchlen) <= 0)
1066  return NF_ACCEPT;
1067  sdpoff = matchoff;
1068 
1069  /* The connection information is contained in the session description
1070  * and/or once per media description. The first media description marks
1071  * the end of the session description. */
1072  caddr_len = 0;
1073  if (ct_sip_parse_sdp_addr(ct, *dptr, sdpoff, *datalen,
1074  SDP_HDR_CONNECTION, SDP_HDR_MEDIA,
1075  &matchoff, &matchlen, &caddr) > 0)
1076  caddr_len = matchlen;
1077 
1078  mediaoff = sdpoff;
1079  for (i = 0; i < ARRAY_SIZE(sdp_media_types); ) {
1080  if (ct_sip_get_sdp_header(ct, *dptr, mediaoff, *datalen,
1081  SDP_HDR_MEDIA, SDP_HDR_UNSPEC,
1082  &mediaoff, &medialen) <= 0)
1083  break;
1084 
1085  /* Get media type and port number. A media port value of zero
1086  * indicates an inactive stream. */
1087  t = sdp_media_type(*dptr, mediaoff, medialen);
1088  if (!t) {
1089  mediaoff += medialen;
1090  continue;
1091  }
1092  mediaoff += t->len;
1093  medialen -= t->len;
1094 
1095  port = simple_strtoul(*dptr + mediaoff, NULL, 10);
1096  if (port == 0)
1097  continue;
1098  if (port < 1024 || port > 65535)
1099  return NF_DROP;
1100 
1101  /* The media description overrides the session description. */
1102  maddr_len = 0;
1103  if (ct_sip_parse_sdp_addr(ct, *dptr, mediaoff, *datalen,
1104  SDP_HDR_CONNECTION, SDP_HDR_MEDIA,
1105  &matchoff, &matchlen, &maddr) > 0) {
1106  maddr_len = matchlen;
1107  memcpy(&rtp_addr, &maddr, sizeof(rtp_addr));
1108  } else if (caddr_len)
1109  memcpy(&rtp_addr, &caddr, sizeof(rtp_addr));
1110  else
1111  return NF_DROP;
1112 
1113  ret = set_expected_rtp_rtcp(skb, protoff, dataoff,
1114  dptr, datalen,
1115  &rtp_addr, htons(port), t->class,
1116  mediaoff, medialen);
1117  if (ret != NF_ACCEPT)
1118  return ret;
1119 
1120  /* Update media connection address if present */
1121  if (maddr_len && nf_nat_sdp_addr && ct->status & IPS_NAT_MASK) {
1122  ret = nf_nat_sdp_addr(skb, protoff, dataoff,
1123  dptr, datalen, mediaoff,
1124  SDP_HDR_CONNECTION, SDP_HDR_MEDIA,
1125  &rtp_addr);
1126  if (ret != NF_ACCEPT)
1127  return ret;
1128  }
1129  i++;
1130  }
1131 
1132  /* Update session connection and owner addresses */
1133  nf_nat_sdp_session = rcu_dereference(nf_nat_sdp_session_hook);
1134  if (nf_nat_sdp_session && ct->status & IPS_NAT_MASK)
1135  ret = nf_nat_sdp_session(skb, protoff, dataoff,
1136  dptr, datalen, sdpoff, &rtp_addr);
1137 
1138  return ret;
1139 }
1140 static int process_invite_response(struct sk_buff *skb, unsigned int protoff,
1141  unsigned int dataoff,
1142  const char **dptr, unsigned int *datalen,
1143  unsigned int cseq, unsigned int code)
1144 {
1145  enum ip_conntrack_info ctinfo;
1146  struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1147  struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1148 
1149  if ((code >= 100 && code <= 199) ||
1150  (code >= 200 && code <= 299))
1151  return process_sdp(skb, protoff, dataoff, dptr, datalen, cseq);
1152  else if (ct_sip_info->invite_cseq == cseq)
1153  flush_expectations(ct, true);
1154  return NF_ACCEPT;
1155 }
1156 
1157 static int process_update_response(struct sk_buff *skb, unsigned int protoff,
1158  unsigned int dataoff,
1159  const char **dptr, unsigned int *datalen,
1160  unsigned int cseq, unsigned int code)
1161 {
1162  enum ip_conntrack_info ctinfo;
1163  struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1164  struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1165 
1166  if ((code >= 100 && code <= 199) ||
1167  (code >= 200 && code <= 299))
1168  return process_sdp(skb, protoff, dataoff, dptr, datalen, cseq);
1169  else if (ct_sip_info->invite_cseq == cseq)
1170  flush_expectations(ct, true);
1171  return NF_ACCEPT;
1172 }
1173 
1174 static int process_prack_response(struct sk_buff *skb, unsigned int protoff,
1175  unsigned int dataoff,
1176  const char **dptr, unsigned int *datalen,
1177  unsigned int cseq, unsigned int code)
1178 {
1179  enum ip_conntrack_info ctinfo;
1180  struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1181  struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1182 
1183  if ((code >= 100 && code <= 199) ||
1184  (code >= 200 && code <= 299))
1185  return process_sdp(skb, protoff, dataoff, dptr, datalen, cseq);
1186  else if (ct_sip_info->invite_cseq == cseq)
1187  flush_expectations(ct, true);
1188  return NF_ACCEPT;
1189 }
1190 
1191 static int process_invite_request(struct sk_buff *skb, unsigned int protoff,
1192  unsigned int dataoff,
1193  const char **dptr, unsigned int *datalen,
1194  unsigned int cseq)
1195 {
1196  enum ip_conntrack_info ctinfo;
1197  struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1198  struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1199  unsigned int ret;
1200 
1201  flush_expectations(ct, true);
1202  ret = process_sdp(skb, protoff, dataoff, dptr, datalen, cseq);
1203  if (ret == NF_ACCEPT)
1204  ct_sip_info->invite_cseq = cseq;
1205  return ret;
1206 }
1207 
1208 static int process_bye_request(struct sk_buff *skb, unsigned int protoff,
1209  unsigned int dataoff,
1210  const char **dptr, unsigned int *datalen,
1211  unsigned int cseq)
1212 {
1213  enum ip_conntrack_info ctinfo;
1214  struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1215 
1216  flush_expectations(ct, true);
1217  return NF_ACCEPT;
1218 }
1219 
1220 /* Parse a REGISTER request and create a permanent expectation for incoming
1221  * signalling connections. The expectation is marked inactive and is activated
1222  * when receiving a response indicating success from the registrar.
1223  */
1224 static int process_register_request(struct sk_buff *skb, unsigned int protoff,
1225  unsigned int dataoff,
1226  const char **dptr, unsigned int *datalen,
1227  unsigned int cseq)
1228 {
1229  enum ip_conntrack_info ctinfo;
1230  struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1231  struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1232  enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
1233  unsigned int matchoff, matchlen;
1234  struct nf_conntrack_expect *exp;
1235  union nf_inet_addr *saddr, daddr;
1236  __be16 port;
1237  u8 proto;
1238  unsigned int expires = 0;
1239  int ret;
1240  typeof(nf_nat_sip_expect_hook) nf_nat_sip_expect;
1241 
1242  /* Expected connections can not register again. */
1243  if (ct->status & IPS_EXPECTED)
1244  return NF_ACCEPT;
1245 
1246  /* We must check the expiration time: a value of zero signals the
1247  * registrar to release the binding. We'll remove our expectation
1248  * when receiving the new bindings in the response, but we don't
1249  * want to create new ones.
1250  *
1251  * The expiration time may be contained in Expires: header, the
1252  * Contact: header parameters or the URI parameters.
1253  */
1254  if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_EXPIRES,
1255  &matchoff, &matchlen) > 0)
1256  expires = simple_strtoul(*dptr + matchoff, NULL, 10);
1257 
1258  ret = ct_sip_parse_header_uri(ct, *dptr, NULL, *datalen,
1259  SIP_HDR_CONTACT, NULL,
1260  &matchoff, &matchlen, &daddr, &port);
1261  if (ret < 0)
1262  return NF_DROP;
1263  else if (ret == 0)
1264  return NF_ACCEPT;
1265 
1266  /* We don't support third-party registrations */
1267  if (!nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.src.u3, &daddr))
1268  return NF_ACCEPT;
1269 
1270  if (ct_sip_parse_transport(ct, *dptr, matchoff + matchlen, *datalen,
1271  &proto) == 0)
1272  return NF_ACCEPT;
1273 
1274  if (ct_sip_parse_numerical_param(ct, *dptr,
1275  matchoff + matchlen, *datalen,
1276  "expires=", NULL, NULL, &expires) < 0)
1277  return NF_DROP;
1278 
1279  if (expires == 0) {
1280  ret = NF_ACCEPT;
1281  goto store_cseq;
1282  }
1283 
1284  exp = nf_ct_expect_alloc(ct);
1285  if (!exp)
1286  return NF_DROP;
1287 
1288  saddr = NULL;
1289  if (sip_direct_signalling)
1290  saddr = &ct->tuplehash[!dir].tuple.src.u3;
1291 
1292  nf_ct_expect_init(exp, SIP_EXPECT_SIGNALLING, nf_ct_l3num(ct),
1293  saddr, &daddr, proto, NULL, &port);
1294  exp->timeout.expires = sip_timeout * HZ;
1295  exp->helper = nfct_help(ct)->helper;
1296  exp->flags = NF_CT_EXPECT_PERMANENT | NF_CT_EXPECT_INACTIVE;
1297 
1298  nf_nat_sip_expect = rcu_dereference(nf_nat_sip_expect_hook);
1299  if (nf_nat_sip_expect && ct->status & IPS_NAT_MASK)
1300  ret = nf_nat_sip_expect(skb, protoff, dataoff, dptr, datalen,
1301  exp, matchoff, matchlen);
1302  else {
1303  if (nf_ct_expect_related(exp) != 0)
1304  ret = NF_DROP;
1305  else
1306  ret = NF_ACCEPT;
1307  }
1308  nf_ct_expect_put(exp);
1309 
1310 store_cseq:
1311  if (ret == NF_ACCEPT)
1312  ct_sip_info->register_cseq = cseq;
1313  return ret;
1314 }
1315 
1316 static int process_register_response(struct sk_buff *skb, unsigned int protoff,
1317  unsigned int dataoff,
1318  const char **dptr, unsigned int *datalen,
1319  unsigned int cseq, unsigned int code)
1320 {
1321  enum ip_conntrack_info ctinfo;
1322  struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1323  struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1324  enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
1325  union nf_inet_addr addr;
1326  __be16 port;
1327  u8 proto;
1328  unsigned int matchoff, matchlen, coff = 0;
1329  unsigned int expires = 0;
1330  int in_contact = 0, ret;
1331 
1332  /* According to RFC 3261, "UAs MUST NOT send a new registration until
1333  * they have received a final response from the registrar for the
1334  * previous one or the previous REGISTER request has timed out".
1335  *
1336  * However, some servers fail to detect retransmissions and send late
1337  * responses, so we store the sequence number of the last valid
1338  * request and compare it here.
1339  */
1340  if (ct_sip_info->register_cseq != cseq)
1341  return NF_ACCEPT;
1342 
1343  if (code >= 100 && code <= 199)
1344  return NF_ACCEPT;
1345  if (code < 200 || code > 299)
1346  goto flush;
1347 
1348  if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_EXPIRES,
1349  &matchoff, &matchlen) > 0)
1350  expires = simple_strtoul(*dptr + matchoff, NULL, 10);
1351 
1352  while (1) {
1353  unsigned int c_expires = expires;
1354 
1355  ret = ct_sip_parse_header_uri(ct, *dptr, &coff, *datalen,
1356  SIP_HDR_CONTACT, &in_contact,
1357  &matchoff, &matchlen,
1358  &addr, &port);
1359  if (ret < 0)
1360  return NF_DROP;
1361  else if (ret == 0)
1362  break;
1363 
1364  /* We don't support third-party registrations */
1365  if (!nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.dst.u3, &addr))
1366  continue;
1367 
1368  if (ct_sip_parse_transport(ct, *dptr, matchoff + matchlen,
1369  *datalen, &proto) == 0)
1370  continue;
1371 
1372  ret = ct_sip_parse_numerical_param(ct, *dptr,
1373  matchoff + matchlen,
1374  *datalen, "expires=",
1375  NULL, NULL, &c_expires);
1376  if (ret < 0)
1377  return NF_DROP;
1378  if (c_expires == 0)
1379  break;
1380  if (refresh_signalling_expectation(ct, &addr, proto, port,
1381  c_expires))
1382  return NF_ACCEPT;
1383  }
1384 
1385 flush:
1386  flush_expectations(ct, false);
1387  return NF_ACCEPT;
1388 }
1389 
1390 static const struct sip_handler sip_handlers[] = {
1391  SIP_HANDLER("INVITE", process_invite_request, process_invite_response),
1392  SIP_HANDLER("UPDATE", process_sdp, process_update_response),
1393  SIP_HANDLER("ACK", process_sdp, NULL),
1394  SIP_HANDLER("PRACK", process_sdp, process_prack_response),
1395  SIP_HANDLER("BYE", process_bye_request, NULL),
1396  SIP_HANDLER("REGISTER", process_register_request, process_register_response),
1397 };
1398 
1399 static int process_sip_response(struct sk_buff *skb, unsigned int protoff,
1400  unsigned int dataoff,
1401  const char **dptr, unsigned int *datalen)
1402 {
1403  enum ip_conntrack_info ctinfo;
1404  struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1405  unsigned int matchoff, matchlen, matchend;
1406  unsigned int code, cseq, i;
1407 
1408  if (*datalen < strlen("SIP/2.0 200"))
1409  return NF_ACCEPT;
1410  code = simple_strtoul(*dptr + strlen("SIP/2.0 "), NULL, 10);
1411  if (!code)
1412  return NF_DROP;
1413 
1414  if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_CSEQ,
1415  &matchoff, &matchlen) <= 0)
1416  return NF_DROP;
1417  cseq = simple_strtoul(*dptr + matchoff, NULL, 10);
1418  if (!cseq)
1419  return NF_DROP;
1420  matchend = matchoff + matchlen + 1;
1421 
1422  for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) {
1423  const struct sip_handler *handler;
1424 
1425  handler = &sip_handlers[i];
1426  if (handler->response == NULL)
1427  continue;
1428  if (*datalen < matchend + handler->len ||
1429  strnicmp(*dptr + matchend, handler->method, handler->len))
1430  continue;
1431  return handler->response(skb, protoff, dataoff, dptr, datalen,
1432  cseq, code);
1433  }
1434  return NF_ACCEPT;
1435 }
1436 
1437 static int process_sip_request(struct sk_buff *skb, unsigned int protoff,
1438  unsigned int dataoff,
1439  const char **dptr, unsigned int *datalen)
1440 {
1441  enum ip_conntrack_info ctinfo;
1442  struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1443  unsigned int matchoff, matchlen;
1444  unsigned int cseq, i;
1445 
1446  for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) {
1447  const struct sip_handler *handler;
1448 
1449  handler = &sip_handlers[i];
1450  if (handler->request == NULL)
1451  continue;
1452  if (*datalen < handler->len ||
1453  strnicmp(*dptr, handler->method, handler->len))
1454  continue;
1455 
1456  if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_CSEQ,
1457  &matchoff, &matchlen) <= 0)
1458  return NF_DROP;
1459  cseq = simple_strtoul(*dptr + matchoff, NULL, 10);
1460  if (!cseq)
1461  return NF_DROP;
1462 
1463  return handler->request(skb, protoff, dataoff, dptr, datalen,
1464  cseq);
1465  }
1466  return NF_ACCEPT;
1467 }
1468 
1469 static int process_sip_msg(struct sk_buff *skb, struct nf_conn *ct,
1470  unsigned int protoff, unsigned int dataoff,
1471  const char **dptr, unsigned int *datalen)
1472 {
1473  typeof(nf_nat_sip_hook) nf_nat_sip;
1474  int ret;
1475 
1476  if (strnicmp(*dptr, "SIP/2.0 ", strlen("SIP/2.0 ")) != 0)
1477  ret = process_sip_request(skb, protoff, dataoff, dptr, datalen);
1478  else
1479  ret = process_sip_response(skb, protoff, dataoff, dptr, datalen);
1480 
1481  if (ret == NF_ACCEPT && ct->status & IPS_NAT_MASK) {
1482  nf_nat_sip = rcu_dereference(nf_nat_sip_hook);
1483  if (nf_nat_sip && !nf_nat_sip(skb, protoff, dataoff,
1484  dptr, datalen))
1485  ret = NF_DROP;
1486  }
1487 
1488  return ret;
1489 }
1490 
1491 static int sip_help_tcp(struct sk_buff *skb, unsigned int protoff,
1492  struct nf_conn *ct, enum ip_conntrack_info ctinfo)
1493 {
1494  struct tcphdr *th, _tcph;
1495  unsigned int dataoff, datalen;
1496  unsigned int matchoff, matchlen, clen;
1497  unsigned int msglen, origlen;
1498  const char *dptr, *end;
1499  s16 diff, tdiff = 0;
1500  int ret = NF_ACCEPT;
1501  bool term;
1502  typeof(nf_nat_sip_seq_adjust_hook) nf_nat_sip_seq_adjust;
1503 
1504  if (ctinfo != IP_CT_ESTABLISHED &&
1505  ctinfo != IP_CT_ESTABLISHED_REPLY)
1506  return NF_ACCEPT;
1507 
1508  /* No Data ? */
1509  th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph);
1510  if (th == NULL)
1511  return NF_ACCEPT;
1512  dataoff = protoff + th->doff * 4;
1513  if (dataoff >= skb->len)
1514  return NF_ACCEPT;
1515 
1516  nf_ct_refresh(ct, skb, sip_timeout * HZ);
1517 
1518  if (unlikely(skb_linearize(skb)))
1519  return NF_DROP;
1520 
1521  dptr = skb->data + dataoff;
1522  datalen = skb->len - dataoff;
1523  if (datalen < strlen("SIP/2.0 200"))
1524  return NF_ACCEPT;
1525 
1526  while (1) {
1527  if (ct_sip_get_header(ct, dptr, 0, datalen,
1528  SIP_HDR_CONTENT_LENGTH,
1529  &matchoff, &matchlen) <= 0)
1530  break;
1531 
1532  clen = simple_strtoul(dptr + matchoff, (char **)&end, 10);
1533  if (dptr + matchoff == end)
1534  break;
1535 
1536  term = false;
1537  for (; end + strlen("\r\n\r\n") <= dptr + datalen; end++) {
1538  if (end[0] == '\r' && end[1] == '\n' &&
1539  end[2] == '\r' && end[3] == '\n') {
1540  term = true;
1541  break;
1542  }
1543  }
1544  if (!term)
1545  break;
1546  end += strlen("\r\n\r\n") + clen;
1547 
1548  msglen = origlen = end - dptr;
1549  if (msglen > datalen)
1550  return NF_DROP;
1551 
1552  ret = process_sip_msg(skb, ct, protoff, dataoff,
1553  &dptr, &msglen);
1554  if (ret != NF_ACCEPT)
1555  break;
1556  diff = msglen - origlen;
1557  tdiff += diff;
1558 
1559  dataoff += msglen;
1560  dptr += msglen;
1561  datalen = datalen + diff - msglen;
1562  }
1563 
1564  if (ret == NF_ACCEPT && ct->status & IPS_NAT_MASK) {
1565  nf_nat_sip_seq_adjust = rcu_dereference(nf_nat_sip_seq_adjust_hook);
1566  if (nf_nat_sip_seq_adjust)
1567  nf_nat_sip_seq_adjust(skb, protoff, tdiff);
1568  }
1569 
1570  return ret;
1571 }
1572 
1573 static int sip_help_udp(struct sk_buff *skb, unsigned int protoff,
1574  struct nf_conn *ct, enum ip_conntrack_info ctinfo)
1575 {
1576  unsigned int dataoff, datalen;
1577  const char *dptr;
1578 
1579  /* No Data ? */
1580  dataoff = protoff + sizeof(struct udphdr);
1581  if (dataoff >= skb->len)
1582  return NF_ACCEPT;
1583 
1584  nf_ct_refresh(ct, skb, sip_timeout * HZ);
1585 
1586  if (unlikely(skb_linearize(skb)))
1587  return NF_DROP;
1588 
1589  dptr = skb->data + dataoff;
1590  datalen = skb->len - dataoff;
1591  if (datalen < strlen("SIP/2.0 200"))
1592  return NF_ACCEPT;
1593 
1594  return process_sip_msg(skb, ct, protoff, dataoff, &dptr, &datalen);
1595 }
1596 
1597 static struct nf_conntrack_helper sip[MAX_PORTS][4] __read_mostly;
1598 
1599 static const struct nf_conntrack_expect_policy sip_exp_policy[SIP_EXPECT_MAX + 1] = {
1600  [SIP_EXPECT_SIGNALLING] = {
1601  .name = "signalling",
1602  .max_expected = 1,
1603  .timeout = 3 * 60,
1604  },
1605  [SIP_EXPECT_AUDIO] = {
1606  .name = "audio",
1607  .max_expected = 2 * IP_CT_DIR_MAX,
1608  .timeout = 3 * 60,
1609  },
1610  [SIP_EXPECT_VIDEO] = {
1611  .name = "video",
1612  .max_expected = 2 * IP_CT_DIR_MAX,
1613  .timeout = 3 * 60,
1614  },
1615  [SIP_EXPECT_IMAGE] = {
1616  .name = "image",
1617  .max_expected = IP_CT_DIR_MAX,
1618  .timeout = 3 * 60,
1619  },
1620 };
1621 
1622 static void nf_conntrack_sip_fini(void)
1623 {
1624  int i, j;
1625 
1626  for (i = 0; i < ports_c; i++) {
1627  for (j = 0; j < ARRAY_SIZE(sip[i]); j++) {
1628  if (sip[i][j].me == NULL)
1629  continue;
1630  nf_conntrack_helper_unregister(&sip[i][j]);
1631  }
1632  }
1633 }
1634 
1635 static int __init nf_conntrack_sip_init(void)
1636 {
1637  int i, j, ret;
1638 
1639  if (ports_c == 0)
1640  ports[ports_c++] = SIP_PORT;
1641 
1642  for (i = 0; i < ports_c; i++) {
1643  memset(&sip[i], 0, sizeof(sip[i]));
1644 
1645  sip[i][0].tuple.src.l3num = AF_INET;
1646  sip[i][0].tuple.dst.protonum = IPPROTO_UDP;
1647  sip[i][0].help = sip_help_udp;
1648  sip[i][1].tuple.src.l3num = AF_INET;
1649  sip[i][1].tuple.dst.protonum = IPPROTO_TCP;
1650  sip[i][1].help = sip_help_tcp;
1651 
1652  sip[i][2].tuple.src.l3num = AF_INET6;
1653  sip[i][2].tuple.dst.protonum = IPPROTO_UDP;
1654  sip[i][2].help = sip_help_udp;
1655  sip[i][3].tuple.src.l3num = AF_INET6;
1656  sip[i][3].tuple.dst.protonum = IPPROTO_TCP;
1657  sip[i][3].help = sip_help_tcp;
1658 
1659  for (j = 0; j < ARRAY_SIZE(sip[i]); j++) {
1660  sip[i][j].data_len = sizeof(struct nf_ct_sip_master);
1661  sip[i][j].tuple.src.u.udp.port = htons(ports[i]);
1662  sip[i][j].expect_policy = sip_exp_policy;
1663  sip[i][j].expect_class_max = SIP_EXPECT_MAX;
1664  sip[i][j].me = THIS_MODULE;
1665 
1666  if (ports[i] == SIP_PORT)
1667  sprintf(sip[i][j].name, "sip");
1668  else
1669  sprintf(sip[i][j].name, "sip-%u", i);
1670 
1671  pr_debug("port #%u: %u\n", i, ports[i]);
1672 
1673  ret = nf_conntrack_helper_register(&sip[i][j]);
1674  if (ret) {
1675  printk(KERN_ERR "nf_ct_sip: failed to register"
1676  " helper for pf: %u port: %u\n",
1677  sip[i][j].tuple.src.l3num, ports[i]);
1678  nf_conntrack_sip_fini();
1679  return ret;
1680  }
1681  }
1682  }
1683  return 0;
1684 }
1685 
1686 module_init(nf_conntrack_sip_init);
1687 module_exit(nf_conntrack_sip_fini);
Generated on Thu Jan 10 2013 15:00:36 for Linux Kernel by   doxygen 1.8.2