0001
0002
0003
0004
0005
0006
0007
0008
0009
0010 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
0011
0012 #include <linux/module.h>
0013 #include <linux/ctype.h>
0014 #include <linux/skbuff.h>
0015 #include <linux/inet.h>
0016 #include <linux/in.h>
0017 #include <linux/udp.h>
0018 #include <linux/tcp.h>
0019 #include <linux/netfilter.h>
0020 #include <linux/netfilter_ipv4.h>
0021 #include <linux/netfilter_ipv6.h>
0022
0023 #include <net/netfilter/nf_conntrack.h>
0024 #include <net/netfilter/nf_conntrack_core.h>
0025 #include <net/netfilter/nf_conntrack_expect.h>
0026 #include <net/netfilter/nf_conntrack_helper.h>
0027 #include <net/netfilter/nf_conntrack_zones.h>
0028 #include <linux/netfilter/nf_conntrack_sip.h>
0029
0030 #define HELPER_NAME "sip"
0031
0032 MODULE_LICENSE("GPL");
0033 MODULE_AUTHOR("Christian Hentschel <chentschel@arnet.com.ar>");
0034 MODULE_DESCRIPTION("SIP connection tracking helper");
0035 MODULE_ALIAS("ip_conntrack_sip");
0036 MODULE_ALIAS_NFCT_HELPER(HELPER_NAME);
0037
0038 #define MAX_PORTS 8
0039 static unsigned short ports[MAX_PORTS];
0040 static unsigned int ports_c;
0041 module_param_array(ports, ushort, &ports_c, 0400);
0042 MODULE_PARM_DESC(ports, "port numbers of SIP servers");
0043
0044 static unsigned int sip_timeout __read_mostly = SIP_TIMEOUT;
0045 module_param(sip_timeout, uint, 0600);
0046 MODULE_PARM_DESC(sip_timeout, "timeout for the master SIP session");
0047
0048 static int sip_direct_signalling __read_mostly = 1;
0049 module_param(sip_direct_signalling, int, 0600);
0050 MODULE_PARM_DESC(sip_direct_signalling, "expect incoming calls from registrar "
0051 "only (default 1)");
0052
0053 static int sip_direct_media __read_mostly = 1;
0054 module_param(sip_direct_media, int, 0600);
0055 MODULE_PARM_DESC(sip_direct_media, "Expect Media streams between signalling "
0056 "endpoints only (default 1)");
0057
0058 static int sip_external_media __read_mostly = 0;
0059 module_param(sip_external_media, int, 0600);
0060 MODULE_PARM_DESC(sip_external_media, "Expect Media streams between external "
0061 "endpoints (default 0)");
0062
0063 const struct nf_nat_sip_hooks __rcu *nf_nat_sip_hooks;
0064 EXPORT_SYMBOL_GPL(nf_nat_sip_hooks);
0065
0066 static int string_len(const struct nf_conn *ct, const char *dptr,
0067 const char *limit, int *shift)
0068 {
0069 int len = 0;
0070
0071 while (dptr < limit && isalpha(*dptr)) {
0072 dptr++;
0073 len++;
0074 }
0075 return len;
0076 }
0077
0078 static int digits_len(const struct nf_conn *ct, const char *dptr,
0079 const char *limit, int *shift)
0080 {
0081 int len = 0;
0082 while (dptr < limit && isdigit(*dptr)) {
0083 dptr++;
0084 len++;
0085 }
0086 return len;
0087 }
0088
0089 static int iswordc(const char c)
0090 {
0091 if (isalnum(c) || c == '!' || c == '"' || c == '%' ||
0092 (c >= '(' && c <= '+') || c == ':' || c == '<' || c == '>' ||
0093 c == '?' || (c >= '[' && c <= ']') || c == '_' || c == '`' ||
0094 c == '{' || c == '}' || c == '~' || (c >= '-' && c <= '/') ||
0095 c == '\'')
0096 return 1;
0097 return 0;
0098 }
0099
0100 static int word_len(const char *dptr, const char *limit)
0101 {
0102 int len = 0;
0103 while (dptr < limit && iswordc(*dptr)) {
0104 dptr++;
0105 len++;
0106 }
0107 return len;
0108 }
0109
0110 static int callid_len(const struct nf_conn *ct, const char *dptr,
0111 const char *limit, int *shift)
0112 {
0113 int len, domain_len;
0114
0115 len = word_len(dptr, limit);
0116 dptr += len;
0117 if (!len || dptr == limit || *dptr != '@')
0118 return len;
0119 dptr++;
0120 len++;
0121
0122 domain_len = word_len(dptr, limit);
0123 if (!domain_len)
0124 return 0;
0125 return len + domain_len;
0126 }
0127
0128
0129 static int media_len(const struct nf_conn *ct, const char *dptr,
0130 const char *limit, int *shift)
0131 {
0132 int len = string_len(ct, dptr, limit, shift);
0133
0134 dptr += len;
0135 if (dptr >= limit || *dptr != ' ')
0136 return 0;
0137 len++;
0138 dptr++;
0139
0140 return len + digits_len(ct, dptr, limit, shift);
0141 }
0142
0143 static int sip_parse_addr(const struct nf_conn *ct, const char *cp,
0144 const char **endp, union nf_inet_addr *addr,
0145 const char *limit, bool delim)
0146 {
0147 const char *end;
0148 int ret;
0149
0150 if (!ct)
0151 return 0;
0152
0153 memset(addr, 0, sizeof(*addr));
0154 switch (nf_ct_l3num(ct)) {
0155 case AF_INET:
0156 ret = in4_pton(cp, limit - cp, (u8 *)&addr->ip, -1, &end);
0157 if (ret == 0)
0158 return 0;
0159 break;
0160 case AF_INET6:
0161 if (cp < limit && *cp == '[')
0162 cp++;
0163 else if (delim)
0164 return 0;
0165
0166 ret = in6_pton(cp, limit - cp, (u8 *)&addr->ip6, -1, &end);
0167 if (ret == 0)
0168 return 0;
0169
0170 if (end < limit && *end == ']')
0171 end++;
0172 else if (delim)
0173 return 0;
0174 break;
0175 default:
0176 BUG();
0177 }
0178
0179 if (endp)
0180 *endp = end;
0181 return 1;
0182 }
0183
0184
0185 static int epaddr_len(const struct nf_conn *ct, const char *dptr,
0186 const char *limit, int *shift)
0187 {
0188 union nf_inet_addr addr;
0189 const char *aux = dptr;
0190
0191 if (!sip_parse_addr(ct, dptr, &dptr, &addr, limit, true)) {
0192 pr_debug("ip: %s parse failed.!\n", dptr);
0193 return 0;
0194 }
0195
0196
0197 if (*dptr == ':') {
0198 dptr++;
0199 dptr += digits_len(ct, dptr, limit, shift);
0200 }
0201 return dptr - aux;
0202 }
0203
0204
0205 static int skp_epaddr_len(const struct nf_conn *ct, const char *dptr,
0206 const char *limit, int *shift)
0207 {
0208 const char *start = dptr;
0209 int s = *shift;
0210
0211
0212
0213
0214 while (dptr < limit &&
0215 *dptr != '@' && *dptr != '\r' && *dptr != '\n') {
0216 (*shift)++;
0217 dptr++;
0218 }
0219
0220 if (dptr < limit && *dptr == '@') {
0221 dptr++;
0222 (*shift)++;
0223 } else {
0224 dptr = start;
0225 *shift = s;
0226 }
0227
0228 return epaddr_len(ct, dptr, limit, shift);
0229 }
0230
0231
0232
0233
0234
0235
0236
0237 int ct_sip_parse_request(const struct nf_conn *ct,
0238 const char *dptr, unsigned int datalen,
0239 unsigned int *matchoff, unsigned int *matchlen,
0240 union nf_inet_addr *addr, __be16 *port)
0241 {
0242 const char *start = dptr, *limit = dptr + datalen, *end;
0243 unsigned int mlen;
0244 unsigned int p;
0245 int shift = 0;
0246
0247
0248 mlen = string_len(ct, dptr, limit, NULL);
0249 if (!mlen)
0250 return 0;
0251 dptr += mlen;
0252 if (++dptr >= limit)
0253 return 0;
0254
0255
0256 for (; dptr < limit - strlen("sip:"); dptr++) {
0257 if (*dptr == '\r' || *dptr == '\n')
0258 return -1;
0259 if (strncasecmp(dptr, "sip:", strlen("sip:")) == 0) {
0260 dptr += strlen("sip:");
0261 break;
0262 }
0263 }
0264 if (!skp_epaddr_len(ct, dptr, limit, &shift))
0265 return 0;
0266 dptr += shift;
0267
0268 if (!sip_parse_addr(ct, dptr, &end, addr, limit, true))
0269 return -1;
0270 if (end < limit && *end == ':') {
0271 end++;
0272 p = simple_strtoul(end, (char **)&end, 10);
0273 if (p < 1024 || p > 65535)
0274 return -1;
0275 *port = htons(p);
0276 } else
0277 *port = htons(SIP_PORT);
0278
0279 if (end == dptr)
0280 return 0;
0281 *matchoff = dptr - start;
0282 *matchlen = end - dptr;
0283 return 1;
0284 }
0285 EXPORT_SYMBOL_GPL(ct_sip_parse_request);
0286
0287
0288
0289
0290
0291
0292
0293
0294
0295
0296
0297
0298
0299
0300 static const struct sip_header ct_sip_hdrs[] = {
0301 [SIP_HDR_CSEQ] = SIP_HDR("CSeq", NULL, NULL, digits_len),
0302 [SIP_HDR_FROM] = SIP_HDR("From", "f", "sip:", skp_epaddr_len),
0303 [SIP_HDR_TO] = SIP_HDR("To", "t", "sip:", skp_epaddr_len),
0304 [SIP_HDR_CONTACT] = SIP_HDR("Contact", "m", "sip:", skp_epaddr_len),
0305 [SIP_HDR_VIA_UDP] = SIP_HDR("Via", "v", "UDP ", epaddr_len),
0306 [SIP_HDR_VIA_TCP] = SIP_HDR("Via", "v", "TCP ", epaddr_len),
0307 [SIP_HDR_EXPIRES] = SIP_HDR("Expires", NULL, NULL, digits_len),
0308 [SIP_HDR_CONTENT_LENGTH] = SIP_HDR("Content-Length", "l", NULL, digits_len),
0309 [SIP_HDR_CALL_ID] = SIP_HDR("Call-Id", "i", NULL, callid_len),
0310 };
0311
0312 static const char *sip_follow_continuation(const char *dptr, const char *limit)
0313 {
0314
0315 if (++dptr >= limit)
0316 return NULL;
0317
0318
0319 if (*(dptr - 1) == '\r' && *dptr == '\n') {
0320 if (++dptr >= limit)
0321 return NULL;
0322 }
0323
0324
0325 if (*dptr != ' ' && *dptr != '\t')
0326 return NULL;
0327
0328
0329 for (; dptr < limit; dptr++) {
0330 if (*dptr != ' ' && *dptr != '\t')
0331 break;
0332 }
0333 return dptr;
0334 }
0335
0336 static const char *sip_skip_whitespace(const char *dptr, const char *limit)
0337 {
0338 for (; dptr < limit; dptr++) {
0339 if (*dptr == ' ' || *dptr == '\t')
0340 continue;
0341 if (*dptr != '\r' && *dptr != '\n')
0342 break;
0343 dptr = sip_follow_continuation(dptr, limit);
0344 break;
0345 }
0346 return dptr;
0347 }
0348
0349
0350 static const char *ct_sip_header_search(const char *dptr, const char *limit,
0351 const char *needle, unsigned int len)
0352 {
0353 for (limit -= len; dptr < limit; dptr++) {
0354 if (*dptr == '\r' || *dptr == '\n') {
0355 dptr = sip_follow_continuation(dptr, limit);
0356 if (dptr == NULL)
0357 break;
0358 continue;
0359 }
0360
0361 if (strncasecmp(dptr, needle, len) == 0)
0362 return dptr;
0363 }
0364 return NULL;
0365 }
0366
0367 int ct_sip_get_header(const struct nf_conn *ct, const char *dptr,
0368 unsigned int dataoff, unsigned int datalen,
0369 enum sip_header_types type,
0370 unsigned int *matchoff, unsigned int *matchlen)
0371 {
0372 const struct sip_header *hdr = &ct_sip_hdrs[type];
0373 const char *start = dptr, *limit = dptr + datalen;
0374 int shift = 0;
0375
0376 for (dptr += dataoff; dptr < limit; dptr++) {
0377
0378 if (*dptr != '\r' && *dptr != '\n')
0379 continue;
0380 if (++dptr >= limit)
0381 break;
0382 if (*(dptr - 1) == '\r' && *dptr == '\n') {
0383 if (++dptr >= limit)
0384 break;
0385 }
0386
0387
0388 if (*dptr == ' ' || *dptr == '\t')
0389 continue;
0390
0391
0392
0393 if (limit - dptr >= hdr->len &&
0394 strncasecmp(dptr, hdr->name, hdr->len) == 0)
0395 dptr += hdr->len;
0396 else if (hdr->cname && limit - dptr >= hdr->clen + 1 &&
0397 strncasecmp(dptr, hdr->cname, hdr->clen) == 0 &&
0398 !isalpha(*(dptr + hdr->clen)))
0399 dptr += hdr->clen;
0400 else
0401 continue;
0402
0403
0404 dptr = sip_skip_whitespace(dptr, limit);
0405 if (dptr == NULL)
0406 break;
0407 if (*dptr != ':' || ++dptr >= limit)
0408 break;
0409
0410
0411 dptr = sip_skip_whitespace(dptr, limit);
0412 if (dptr == NULL)
0413 break;
0414
0415 *matchoff = dptr - start;
0416 if (hdr->search) {
0417 dptr = ct_sip_header_search(dptr, limit, hdr->search,
0418 hdr->slen);
0419 if (!dptr)
0420 return -1;
0421 dptr += hdr->slen;
0422 }
0423
0424 *matchlen = hdr->match_len(ct, dptr, limit, &shift);
0425 if (!*matchlen)
0426 return -1;
0427 *matchoff = dptr - start + shift;
0428 return 1;
0429 }
0430 return 0;
0431 }
0432 EXPORT_SYMBOL_GPL(ct_sip_get_header);
0433
0434
0435 static int ct_sip_next_header(const struct nf_conn *ct, const char *dptr,
0436 unsigned int dataoff, unsigned int datalen,
0437 enum sip_header_types type,
0438 unsigned int *matchoff, unsigned int *matchlen)
0439 {
0440 const struct sip_header *hdr = &ct_sip_hdrs[type];
0441 const char *start = dptr, *limit = dptr + datalen;
0442 int shift = 0;
0443
0444 dptr += dataoff;
0445
0446 dptr = ct_sip_header_search(dptr, limit, ",", strlen(","));
0447 if (!dptr)
0448 return 0;
0449
0450 dptr = ct_sip_header_search(dptr, limit, hdr->search, hdr->slen);
0451 if (!dptr)
0452 return 0;
0453 dptr += hdr->slen;
0454
0455 *matchoff = dptr - start;
0456 *matchlen = hdr->match_len(ct, dptr, limit, &shift);
0457 if (!*matchlen)
0458 return -1;
0459 *matchoff += shift;
0460 return 1;
0461 }
0462
0463
0464
0465 static int ct_sip_walk_headers(const struct nf_conn *ct, const char *dptr,
0466 unsigned int dataoff, unsigned int datalen,
0467 enum sip_header_types type, int *in_header,
0468 unsigned int *matchoff, unsigned int *matchlen)
0469 {
0470 int ret;
0471
0472 if (in_header && *in_header) {
0473 while (1) {
0474 ret = ct_sip_next_header(ct, dptr, dataoff, datalen,
0475 type, matchoff, matchlen);
0476 if (ret > 0)
0477 return ret;
0478 if (ret == 0)
0479 break;
0480 dataoff = *matchoff;
0481 }
0482 *in_header = 0;
0483 }
0484
0485 while (1) {
0486 ret = ct_sip_get_header(ct, dptr, dataoff, datalen,
0487 type, matchoff, matchlen);
0488 if (ret > 0)
0489 break;
0490 if (ret == 0)
0491 return ret;
0492 dataoff = *matchoff;
0493 }
0494
0495 if (in_header)
0496 *in_header = 1;
0497 return 1;
0498 }
0499
0500
0501
0502
0503
0504
0505 int ct_sip_parse_header_uri(const struct nf_conn *ct, const char *dptr,
0506 unsigned int *dataoff, unsigned int datalen,
0507 enum sip_header_types type, int *in_header,
0508 unsigned int *matchoff, unsigned int *matchlen,
0509 union nf_inet_addr *addr, __be16 *port)
0510 {
0511 const char *c, *limit = dptr + datalen;
0512 unsigned int p;
0513 int ret;
0514
0515 ret = ct_sip_walk_headers(ct, dptr, dataoff ? *dataoff : 0, datalen,
0516 type, in_header, matchoff, matchlen);
0517 WARN_ON(ret < 0);
0518 if (ret == 0)
0519 return ret;
0520
0521 if (!sip_parse_addr(ct, dptr + *matchoff, &c, addr, limit, true))
0522 return -1;
0523 if (*c == ':') {
0524 c++;
0525 p = simple_strtoul(c, (char **)&c, 10);
0526 if (p < 1024 || p > 65535)
0527 return -1;
0528 *port = htons(p);
0529 } else
0530 *port = htons(SIP_PORT);
0531
0532 if (dataoff)
0533 *dataoff = c - dptr;
0534 return 1;
0535 }
0536 EXPORT_SYMBOL_GPL(ct_sip_parse_header_uri);
0537
0538 static int ct_sip_parse_param(const struct nf_conn *ct, const char *dptr,
0539 unsigned int dataoff, unsigned int datalen,
0540 const char *name,
0541 unsigned int *matchoff, unsigned int *matchlen)
0542 {
0543 const char *limit = dptr + datalen;
0544 const char *start;
0545 const char *end;
0546
0547 limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(","));
0548 if (!limit)
0549 limit = dptr + datalen;
0550
0551 start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name));
0552 if (!start)
0553 return 0;
0554 start += strlen(name);
0555
0556 end = ct_sip_header_search(start, limit, ";", strlen(";"));
0557 if (!end)
0558 end = limit;
0559
0560 *matchoff = start - dptr;
0561 *matchlen = end - start;
0562 return 1;
0563 }
0564
0565
0566 int ct_sip_parse_address_param(const struct nf_conn *ct, const char *dptr,
0567 unsigned int dataoff, unsigned int datalen,
0568 const char *name,
0569 unsigned int *matchoff, unsigned int *matchlen,
0570 union nf_inet_addr *addr, bool delim)
0571 {
0572 const char *limit = dptr + datalen;
0573 const char *start, *end;
0574
0575 limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(","));
0576 if (!limit)
0577 limit = dptr + datalen;
0578
0579 start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name));
0580 if (!start)
0581 return 0;
0582
0583 start += strlen(name);
0584 if (!sip_parse_addr(ct, start, &end, addr, limit, delim))
0585 return 0;
0586 *matchoff = start - dptr;
0587 *matchlen = end - start;
0588 return 1;
0589 }
0590 EXPORT_SYMBOL_GPL(ct_sip_parse_address_param);
0591
0592
0593 int ct_sip_parse_numerical_param(const struct nf_conn *ct, const char *dptr,
0594 unsigned int dataoff, unsigned int datalen,
0595 const char *name,
0596 unsigned int *matchoff, unsigned int *matchlen,
0597 unsigned int *val)
0598 {
0599 const char *limit = dptr + datalen;
0600 const char *start;
0601 char *end;
0602
0603 limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(","));
0604 if (!limit)
0605 limit = dptr + datalen;
0606
0607 start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name));
0608 if (!start)
0609 return 0;
0610
0611 start += strlen(name);
0612 *val = simple_strtoul(start, &end, 0);
0613 if (start == end)
0614 return 0;
0615 if (matchoff && matchlen) {
0616 *matchoff = start - dptr;
0617 *matchlen = end - start;
0618 }
0619 return 1;
0620 }
0621 EXPORT_SYMBOL_GPL(ct_sip_parse_numerical_param);
0622
0623 static int ct_sip_parse_transport(struct nf_conn *ct, const char *dptr,
0624 unsigned int dataoff, unsigned int datalen,
0625 u8 *proto)
0626 {
0627 unsigned int matchoff, matchlen;
0628
0629 if (ct_sip_parse_param(ct, dptr, dataoff, datalen, "transport=",
0630 &matchoff, &matchlen)) {
0631 if (!strncasecmp(dptr + matchoff, "TCP", strlen("TCP")))
0632 *proto = IPPROTO_TCP;
0633 else if (!strncasecmp(dptr + matchoff, "UDP", strlen("UDP")))
0634 *proto = IPPROTO_UDP;
0635 else
0636 return 0;
0637
0638 if (*proto != nf_ct_protonum(ct))
0639 return 0;
0640 } else
0641 *proto = nf_ct_protonum(ct);
0642
0643 return 1;
0644 }
0645
0646 static int sdp_parse_addr(const struct nf_conn *ct, const char *cp,
0647 const char **endp, union nf_inet_addr *addr,
0648 const char *limit)
0649 {
0650 const char *end;
0651 int ret;
0652
0653 memset(addr, 0, sizeof(*addr));
0654 switch (nf_ct_l3num(ct)) {
0655 case AF_INET:
0656 ret = in4_pton(cp, limit - cp, (u8 *)&addr->ip, -1, &end);
0657 break;
0658 case AF_INET6:
0659 ret = in6_pton(cp, limit - cp, (u8 *)&addr->ip6, -1, &end);
0660 break;
0661 default:
0662 BUG();
0663 }
0664
0665 if (ret == 0)
0666 return 0;
0667 if (endp)
0668 *endp = end;
0669 return 1;
0670 }
0671
0672
0673 static int sdp_addr_len(const struct nf_conn *ct, const char *dptr,
0674 const char *limit, int *shift)
0675 {
0676 union nf_inet_addr addr;
0677 const char *aux = dptr;
0678
0679 if (!sdp_parse_addr(ct, dptr, &dptr, &addr, limit)) {
0680 pr_debug("ip: %s parse failed.!\n", dptr);
0681 return 0;
0682 }
0683
0684 return dptr - aux;
0685 }
0686
0687
0688
0689
0690
0691
0692
0693
0694
0695
0696 static const struct sip_header ct_sdp_hdrs_v4[] = {
0697 [SDP_HDR_VERSION] = SDP_HDR("v=", NULL, digits_len),
0698 [SDP_HDR_OWNER] = SDP_HDR("o=", "IN IP4 ", sdp_addr_len),
0699 [SDP_HDR_CONNECTION] = SDP_HDR("c=", "IN IP4 ", sdp_addr_len),
0700 [SDP_HDR_MEDIA] = SDP_HDR("m=", NULL, media_len),
0701 };
0702
0703 static const struct sip_header ct_sdp_hdrs_v6[] = {
0704 [SDP_HDR_VERSION] = SDP_HDR("v=", NULL, digits_len),
0705 [SDP_HDR_OWNER] = SDP_HDR("o=", "IN IP6 ", sdp_addr_len),
0706 [SDP_HDR_CONNECTION] = SDP_HDR("c=", "IN IP6 ", sdp_addr_len),
0707 [SDP_HDR_MEDIA] = SDP_HDR("m=", NULL, media_len),
0708 };
0709
0710
0711 static const char *ct_sdp_header_search(const char *dptr, const char *limit,
0712 const char *needle, unsigned int len)
0713 {
0714 for (limit -= len; dptr < limit; dptr++) {
0715 if (*dptr == '\r' || *dptr == '\n')
0716 break;
0717 if (strncmp(dptr, needle, len) == 0)
0718 return dptr;
0719 }
0720 return NULL;
0721 }
0722
0723
0724
0725
0726
0727 int ct_sip_get_sdp_header(const struct nf_conn *ct, const char *dptr,
0728 unsigned int dataoff, unsigned int datalen,
0729 enum sdp_header_types type,
0730 enum sdp_header_types term,
0731 unsigned int *matchoff, unsigned int *matchlen)
0732 {
0733 const struct sip_header *hdrs, *hdr, *thdr;
0734 const char *start = dptr, *limit = dptr + datalen;
0735 int shift = 0;
0736
0737 hdrs = nf_ct_l3num(ct) == NFPROTO_IPV4 ? ct_sdp_hdrs_v4 : ct_sdp_hdrs_v6;
0738 hdr = &hdrs[type];
0739 thdr = &hdrs[term];
0740
0741 for (dptr += dataoff; dptr < limit; dptr++) {
0742
0743 if (*dptr != '\r' && *dptr != '\n')
0744 continue;
0745 if (++dptr >= limit)
0746 break;
0747 if (*(dptr - 1) == '\r' && *dptr == '\n') {
0748 if (++dptr >= limit)
0749 break;
0750 }
0751
0752 if (term != SDP_HDR_UNSPEC &&
0753 limit - dptr >= thdr->len &&
0754 strncasecmp(dptr, thdr->name, thdr->len) == 0)
0755 break;
0756 else if (limit - dptr >= hdr->len &&
0757 strncasecmp(dptr, hdr->name, hdr->len) == 0)
0758 dptr += hdr->len;
0759 else
0760 continue;
0761
0762 *matchoff = dptr - start;
0763 if (hdr->search) {
0764 dptr = ct_sdp_header_search(dptr, limit, hdr->search,
0765 hdr->slen);
0766 if (!dptr)
0767 return -1;
0768 dptr += hdr->slen;
0769 }
0770
0771 *matchlen = hdr->match_len(ct, dptr, limit, &shift);
0772 if (!*matchlen)
0773 return -1;
0774 *matchoff = dptr - start + shift;
0775 return 1;
0776 }
0777 return 0;
0778 }
0779 EXPORT_SYMBOL_GPL(ct_sip_get_sdp_header);
0780
0781 static int ct_sip_parse_sdp_addr(const struct nf_conn *ct, const char *dptr,
0782 unsigned int dataoff, unsigned int datalen,
0783 enum sdp_header_types type,
0784 enum sdp_header_types term,
0785 unsigned int *matchoff, unsigned int *matchlen,
0786 union nf_inet_addr *addr)
0787 {
0788 int ret;
0789
0790 ret = ct_sip_get_sdp_header(ct, dptr, dataoff, datalen, type, term,
0791 matchoff, matchlen);
0792 if (ret <= 0)
0793 return ret;
0794
0795 if (!sdp_parse_addr(ct, dptr + *matchoff, NULL, addr,
0796 dptr + *matchoff + *matchlen))
0797 return -1;
0798 return 1;
0799 }
0800
0801 static int refresh_signalling_expectation(struct nf_conn *ct,
0802 union nf_inet_addr *addr,
0803 u8 proto, __be16 port,
0804 unsigned int expires)
0805 {
0806 struct nf_conn_help *help = nfct_help(ct);
0807 struct nf_conntrack_expect *exp;
0808 struct hlist_node *next;
0809 int found = 0;
0810
0811 spin_lock_bh(&nf_conntrack_expect_lock);
0812 hlist_for_each_entry_safe(exp, next, &help->expectations, lnode) {
0813 if (exp->class != SIP_EXPECT_SIGNALLING ||
0814 !nf_inet_addr_cmp(&exp->tuple.dst.u3, addr) ||
0815 exp->tuple.dst.protonum != proto ||
0816 exp->tuple.dst.u.udp.port != port)
0817 continue;
0818 if (mod_timer_pending(&exp->timeout, jiffies + expires * HZ)) {
0819 exp->flags &= ~NF_CT_EXPECT_INACTIVE;
0820 found = 1;
0821 break;
0822 }
0823 }
0824 spin_unlock_bh(&nf_conntrack_expect_lock);
0825 return found;
0826 }
0827
0828 static void flush_expectations(struct nf_conn *ct, bool media)
0829 {
0830 struct nf_conn_help *help = nfct_help(ct);
0831 struct nf_conntrack_expect *exp;
0832 struct hlist_node *next;
0833
0834 spin_lock_bh(&nf_conntrack_expect_lock);
0835 hlist_for_each_entry_safe(exp, next, &help->expectations, lnode) {
0836 if ((exp->class != SIP_EXPECT_SIGNALLING) ^ media)
0837 continue;
0838 if (!nf_ct_remove_expect(exp))
0839 continue;
0840 if (!media)
0841 break;
0842 }
0843 spin_unlock_bh(&nf_conntrack_expect_lock);
0844 }
0845
0846 static int set_expected_rtp_rtcp(struct sk_buff *skb, unsigned int protoff,
0847 unsigned int dataoff,
0848 const char **dptr, unsigned int *datalen,
0849 union nf_inet_addr *daddr, __be16 port,
0850 enum sip_expectation_classes class,
0851 unsigned int mediaoff, unsigned int medialen)
0852 {
0853 struct nf_conntrack_expect *exp, *rtp_exp, *rtcp_exp;
0854 enum ip_conntrack_info ctinfo;
0855 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
0856 struct net *net = nf_ct_net(ct);
0857 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
0858 union nf_inet_addr *saddr;
0859 struct nf_conntrack_tuple tuple;
0860 int direct_rtp = 0, skip_expect = 0, ret = NF_DROP;
0861 u_int16_t base_port;
0862 __be16 rtp_port, rtcp_port;
0863 const struct nf_nat_sip_hooks *hooks;
0864
0865 saddr = NULL;
0866 if (sip_direct_media) {
0867 if (!nf_inet_addr_cmp(daddr, &ct->tuplehash[dir].tuple.src.u3))
0868 return NF_ACCEPT;
0869 saddr = &ct->tuplehash[!dir].tuple.src.u3;
0870 } else if (sip_external_media) {
0871 struct net_device *dev = skb_dst(skb)->dev;
0872 struct net *net = dev_net(dev);
0873 struct flowi fl;
0874 struct dst_entry *dst = NULL;
0875
0876 memset(&fl, 0, sizeof(fl));
0877
0878 switch (nf_ct_l3num(ct)) {
0879 case NFPROTO_IPV4:
0880 fl.u.ip4.daddr = daddr->ip;
0881 nf_ip_route(net, &dst, &fl, false);
0882 break;
0883
0884 case NFPROTO_IPV6:
0885 fl.u.ip6.daddr = daddr->in6;
0886 nf_ip6_route(net, &dst, &fl, false);
0887 break;
0888 }
0889
0890
0891
0892
0893 if (dst) {
0894 bool external_media = (dst->dev == dev);
0895
0896 dst_release(dst);
0897 if (external_media)
0898 return NF_ACCEPT;
0899 }
0900 }
0901
0902
0903
0904
0905
0906
0907
0908
0909
0910
0911
0912
0913
0914
0915 memset(&tuple, 0, sizeof(tuple));
0916 if (saddr)
0917 tuple.src.u3 = *saddr;
0918 tuple.src.l3num = nf_ct_l3num(ct);
0919 tuple.dst.protonum = IPPROTO_UDP;
0920 tuple.dst.u3 = *daddr;
0921 tuple.dst.u.udp.port = port;
0922
0923 do {
0924 exp = __nf_ct_expect_find(net, nf_ct_zone(ct), &tuple);
0925
0926 if (!exp || exp->master == ct ||
0927 nfct_help(exp->master)->helper != nfct_help(ct)->helper ||
0928 exp->class != class)
0929 break;
0930 #if IS_ENABLED(CONFIG_NF_NAT)
0931 if (!direct_rtp &&
0932 (!nf_inet_addr_cmp(&exp->saved_addr, &exp->tuple.dst.u3) ||
0933 exp->saved_proto.udp.port != exp->tuple.dst.u.udp.port) &&
0934 ct->status & IPS_NAT_MASK) {
0935 *daddr = exp->saved_addr;
0936 tuple.dst.u3 = exp->saved_addr;
0937 tuple.dst.u.udp.port = exp->saved_proto.udp.port;
0938 direct_rtp = 1;
0939 } else
0940 #endif
0941 skip_expect = 1;
0942 } while (!skip_expect);
0943
0944 base_port = ntohs(tuple.dst.u.udp.port) & ~1;
0945 rtp_port = htons(base_port);
0946 rtcp_port = htons(base_port + 1);
0947
0948 if (direct_rtp) {
0949 hooks = rcu_dereference(nf_nat_sip_hooks);
0950 if (hooks &&
0951 !hooks->sdp_port(skb, protoff, dataoff, dptr, datalen,
0952 mediaoff, medialen, ntohs(rtp_port)))
0953 goto err1;
0954 }
0955
0956 if (skip_expect)
0957 return NF_ACCEPT;
0958
0959 rtp_exp = nf_ct_expect_alloc(ct);
0960 if (rtp_exp == NULL)
0961 goto err1;
0962 nf_ct_expect_init(rtp_exp, class, nf_ct_l3num(ct), saddr, daddr,
0963 IPPROTO_UDP, NULL, &rtp_port);
0964
0965 rtcp_exp = nf_ct_expect_alloc(ct);
0966 if (rtcp_exp == NULL)
0967 goto err2;
0968 nf_ct_expect_init(rtcp_exp, class, nf_ct_l3num(ct), saddr, daddr,
0969 IPPROTO_UDP, NULL, &rtcp_port);
0970
0971 hooks = rcu_dereference(nf_nat_sip_hooks);
0972 if (hooks && ct->status & IPS_NAT_MASK && !direct_rtp)
0973 ret = hooks->sdp_media(skb, protoff, dataoff, dptr,
0974 datalen, rtp_exp, rtcp_exp,
0975 mediaoff, medialen, daddr);
0976 else {
0977
0978
0979
0980
0981
0982
0983 int errp = nf_ct_expect_related(rtp_exp,
0984 NF_CT_EXP_F_SKIP_MASTER);
0985
0986 if (errp == 0 || errp == -EALREADY) {
0987 int errcp = nf_ct_expect_related(rtcp_exp,
0988 NF_CT_EXP_F_SKIP_MASTER);
0989
0990 if (errcp == 0 || errcp == -EALREADY)
0991 ret = NF_ACCEPT;
0992 else if (errp == 0)
0993 nf_ct_unexpect_related(rtp_exp);
0994 }
0995 }
0996 nf_ct_expect_put(rtcp_exp);
0997 err2:
0998 nf_ct_expect_put(rtp_exp);
0999 err1:
1000 return ret;
1001 }
1002
1003 static const struct sdp_media_type sdp_media_types[] = {
1004 SDP_MEDIA_TYPE("audio ", SIP_EXPECT_AUDIO),
1005 SDP_MEDIA_TYPE("video ", SIP_EXPECT_VIDEO),
1006 SDP_MEDIA_TYPE("image ", SIP_EXPECT_IMAGE),
1007 };
1008
1009 static const struct sdp_media_type *sdp_media_type(const char *dptr,
1010 unsigned int matchoff,
1011 unsigned int matchlen)
1012 {
1013 const struct sdp_media_type *t;
1014 unsigned int i;
1015
1016 for (i = 0; i < ARRAY_SIZE(sdp_media_types); i++) {
1017 t = &sdp_media_types[i];
1018 if (matchlen < t->len ||
1019 strncmp(dptr + matchoff, t->name, t->len))
1020 continue;
1021 return t;
1022 }
1023 return NULL;
1024 }
1025
1026 static int process_sdp(struct sk_buff *skb, unsigned int protoff,
1027 unsigned int dataoff,
1028 const char **dptr, unsigned int *datalen,
1029 unsigned int cseq)
1030 {
1031 enum ip_conntrack_info ctinfo;
1032 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1033 unsigned int matchoff, matchlen;
1034 unsigned int mediaoff, medialen;
1035 unsigned int sdpoff;
1036 unsigned int caddr_len, maddr_len;
1037 unsigned int i;
1038 union nf_inet_addr caddr, maddr, rtp_addr;
1039 const struct nf_nat_sip_hooks *hooks;
1040 unsigned int port;
1041 const struct sdp_media_type *t;
1042 int ret = NF_ACCEPT;
1043
1044 hooks = rcu_dereference(nf_nat_sip_hooks);
1045
1046
1047 if (ct_sip_get_sdp_header(ct, *dptr, 0, *datalen,
1048 SDP_HDR_VERSION, SDP_HDR_UNSPEC,
1049 &matchoff, &matchlen) <= 0)
1050 return NF_ACCEPT;
1051 sdpoff = matchoff;
1052
1053
1054
1055
1056 caddr_len = 0;
1057 if (ct_sip_parse_sdp_addr(ct, *dptr, sdpoff, *datalen,
1058 SDP_HDR_CONNECTION, SDP_HDR_MEDIA,
1059 &matchoff, &matchlen, &caddr) > 0)
1060 caddr_len = matchlen;
1061
1062 mediaoff = sdpoff;
1063 for (i = 0; i < ARRAY_SIZE(sdp_media_types); ) {
1064 if (ct_sip_get_sdp_header(ct, *dptr, mediaoff, *datalen,
1065 SDP_HDR_MEDIA, SDP_HDR_UNSPEC,
1066 &mediaoff, &medialen) <= 0)
1067 break;
1068
1069
1070
1071 t = sdp_media_type(*dptr, mediaoff, medialen);
1072 if (!t) {
1073 mediaoff += medialen;
1074 continue;
1075 }
1076 mediaoff += t->len;
1077 medialen -= t->len;
1078
1079 port = simple_strtoul(*dptr + mediaoff, NULL, 10);
1080 if (port == 0)
1081 continue;
1082 if (port < 1024 || port > 65535) {
1083 nf_ct_helper_log(skb, ct, "wrong port %u", port);
1084 return NF_DROP;
1085 }
1086
1087
1088 maddr_len = 0;
1089 if (ct_sip_parse_sdp_addr(ct, *dptr, mediaoff, *datalen,
1090 SDP_HDR_CONNECTION, SDP_HDR_MEDIA,
1091 &matchoff, &matchlen, &maddr) > 0) {
1092 maddr_len = matchlen;
1093 memcpy(&rtp_addr, &maddr, sizeof(rtp_addr));
1094 } else if (caddr_len)
1095 memcpy(&rtp_addr, &caddr, sizeof(rtp_addr));
1096 else {
1097 nf_ct_helper_log(skb, ct, "cannot parse SDP message");
1098 return NF_DROP;
1099 }
1100
1101 ret = set_expected_rtp_rtcp(skb, protoff, dataoff,
1102 dptr, datalen,
1103 &rtp_addr, htons(port), t->class,
1104 mediaoff, medialen);
1105 if (ret != NF_ACCEPT) {
1106 nf_ct_helper_log(skb, ct,
1107 "cannot add expectation for voice");
1108 return ret;
1109 }
1110
1111
1112 if (maddr_len && hooks && ct->status & IPS_NAT_MASK) {
1113 ret = hooks->sdp_addr(skb, protoff, dataoff,
1114 dptr, datalen, mediaoff,
1115 SDP_HDR_CONNECTION,
1116 SDP_HDR_MEDIA,
1117 &rtp_addr);
1118 if (ret != NF_ACCEPT) {
1119 nf_ct_helper_log(skb, ct, "cannot mangle SDP");
1120 return ret;
1121 }
1122 }
1123 i++;
1124 }
1125
1126
1127 hooks = rcu_dereference(nf_nat_sip_hooks);
1128 if (hooks && ct->status & IPS_NAT_MASK)
1129 ret = hooks->sdp_session(skb, protoff, dataoff,
1130 dptr, datalen, sdpoff,
1131 &rtp_addr);
1132
1133 return ret;
1134 }
1135 static int process_invite_response(struct sk_buff *skb, unsigned int protoff,
1136 unsigned int dataoff,
1137 const char **dptr, unsigned int *datalen,
1138 unsigned int cseq, unsigned int code)
1139 {
1140 enum ip_conntrack_info ctinfo;
1141 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1142 struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1143
1144 if ((code >= 100 && code <= 199) ||
1145 (code >= 200 && code <= 299))
1146 return process_sdp(skb, protoff, dataoff, dptr, datalen, cseq);
1147 else if (ct_sip_info->invite_cseq == cseq)
1148 flush_expectations(ct, true);
1149 return NF_ACCEPT;
1150 }
1151
1152 static int process_update_response(struct sk_buff *skb, unsigned int protoff,
1153 unsigned int dataoff,
1154 const char **dptr, unsigned int *datalen,
1155 unsigned int cseq, unsigned int code)
1156 {
1157 enum ip_conntrack_info ctinfo;
1158 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1159 struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1160
1161 if ((code >= 100 && code <= 199) ||
1162 (code >= 200 && code <= 299))
1163 return process_sdp(skb, protoff, dataoff, dptr, datalen, cseq);
1164 else if (ct_sip_info->invite_cseq == cseq)
1165 flush_expectations(ct, true);
1166 return NF_ACCEPT;
1167 }
1168
1169 static int process_prack_response(struct sk_buff *skb, unsigned int protoff,
1170 unsigned int dataoff,
1171 const char **dptr, unsigned int *datalen,
1172 unsigned int cseq, unsigned int code)
1173 {
1174 enum ip_conntrack_info ctinfo;
1175 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1176 struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1177
1178 if ((code >= 100 && code <= 199) ||
1179 (code >= 200 && code <= 299))
1180 return process_sdp(skb, protoff, dataoff, dptr, datalen, cseq);
1181 else if (ct_sip_info->invite_cseq == cseq)
1182 flush_expectations(ct, true);
1183 return NF_ACCEPT;
1184 }
1185
1186 static int process_invite_request(struct sk_buff *skb, unsigned int protoff,
1187 unsigned int dataoff,
1188 const char **dptr, unsigned int *datalen,
1189 unsigned int cseq)
1190 {
1191 enum ip_conntrack_info ctinfo;
1192 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1193 struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1194 unsigned int ret;
1195
1196 flush_expectations(ct, true);
1197 ret = process_sdp(skb, protoff, dataoff, dptr, datalen, cseq);
1198 if (ret == NF_ACCEPT)
1199 ct_sip_info->invite_cseq = cseq;
1200 return ret;
1201 }
1202
1203 static int process_bye_request(struct sk_buff *skb, unsigned int protoff,
1204 unsigned int dataoff,
1205 const char **dptr, unsigned int *datalen,
1206 unsigned int cseq)
1207 {
1208 enum ip_conntrack_info ctinfo;
1209 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1210
1211 flush_expectations(ct, true);
1212 return NF_ACCEPT;
1213 }
1214
1215
1216
1217
1218
1219 static int process_register_request(struct sk_buff *skb, unsigned int protoff,
1220 unsigned int dataoff,
1221 const char **dptr, unsigned int *datalen,
1222 unsigned int cseq)
1223 {
1224 enum ip_conntrack_info ctinfo;
1225 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1226 struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1227 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
1228 unsigned int matchoff, matchlen;
1229 struct nf_conntrack_expect *exp;
1230 union nf_inet_addr *saddr, daddr;
1231 const struct nf_nat_sip_hooks *hooks;
1232 struct nf_conntrack_helper *helper;
1233 __be16 port;
1234 u8 proto;
1235 unsigned int expires = 0;
1236 int ret;
1237
1238
1239 if (ct->status & IPS_EXPECTED)
1240 return NF_ACCEPT;
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_EXPIRES,
1251 &matchoff, &matchlen) > 0)
1252 expires = simple_strtoul(*dptr + matchoff, NULL, 10);
1253
1254 ret = ct_sip_parse_header_uri(ct, *dptr, NULL, *datalen,
1255 SIP_HDR_CONTACT, NULL,
1256 &matchoff, &matchlen, &daddr, &port);
1257 if (ret < 0) {
1258 nf_ct_helper_log(skb, ct, "cannot parse contact");
1259 return NF_DROP;
1260 } else if (ret == 0)
1261 return NF_ACCEPT;
1262
1263
1264 if (!nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.src.u3, &daddr))
1265 return NF_ACCEPT;
1266
1267 if (ct_sip_parse_transport(ct, *dptr, matchoff + matchlen, *datalen,
1268 &proto) == 0)
1269 return NF_ACCEPT;
1270
1271 if (ct_sip_parse_numerical_param(ct, *dptr,
1272 matchoff + matchlen, *datalen,
1273 "expires=", NULL, NULL, &expires) < 0) {
1274 nf_ct_helper_log(skb, ct, "cannot parse expires");
1275 return NF_DROP;
1276 }
1277
1278 if (expires == 0) {
1279 ret = NF_ACCEPT;
1280 goto store_cseq;
1281 }
1282
1283 exp = nf_ct_expect_alloc(ct);
1284 if (!exp) {
1285 nf_ct_helper_log(skb, ct, "cannot alloc expectation");
1286 return NF_DROP;
1287 }
1288
1289 saddr = NULL;
1290 if (sip_direct_signalling)
1291 saddr = &ct->tuplehash[!dir].tuple.src.u3;
1292
1293 helper = rcu_dereference(nfct_help(ct)->helper);
1294 if (!helper)
1295 return NF_DROP;
1296
1297 nf_ct_expect_init(exp, SIP_EXPECT_SIGNALLING, nf_ct_l3num(ct),
1298 saddr, &daddr, proto, NULL, &port);
1299 exp->timeout.expires = sip_timeout * HZ;
1300 exp->helper = helper;
1301 exp->flags = NF_CT_EXPECT_PERMANENT | NF_CT_EXPECT_INACTIVE;
1302
1303 hooks = rcu_dereference(nf_nat_sip_hooks);
1304 if (hooks && ct->status & IPS_NAT_MASK)
1305 ret = hooks->expect(skb, protoff, dataoff, dptr, datalen,
1306 exp, matchoff, matchlen);
1307 else {
1308 if (nf_ct_expect_related(exp, 0) != 0) {
1309 nf_ct_helper_log(skb, ct, "cannot add expectation");
1310 ret = NF_DROP;
1311 } else
1312 ret = NF_ACCEPT;
1313 }
1314 nf_ct_expect_put(exp);
1315
1316 store_cseq:
1317 if (ret == NF_ACCEPT)
1318 ct_sip_info->register_cseq = cseq;
1319 return ret;
1320 }
1321
1322 static int process_register_response(struct sk_buff *skb, unsigned int protoff,
1323 unsigned int dataoff,
1324 const char **dptr, unsigned int *datalen,
1325 unsigned int cseq, unsigned int code)
1326 {
1327 enum ip_conntrack_info ctinfo;
1328 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1329 struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1330 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
1331 union nf_inet_addr addr;
1332 __be16 port;
1333 u8 proto;
1334 unsigned int matchoff, matchlen, coff = 0;
1335 unsigned int expires = 0;
1336 int in_contact = 0, ret;
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346 if (ct_sip_info->register_cseq != cseq)
1347 return NF_ACCEPT;
1348
1349 if (code >= 100 && code <= 199)
1350 return NF_ACCEPT;
1351 if (code < 200 || code > 299)
1352 goto flush;
1353
1354 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_EXPIRES,
1355 &matchoff, &matchlen) > 0)
1356 expires = simple_strtoul(*dptr + matchoff, NULL, 10);
1357
1358 while (1) {
1359 unsigned int c_expires = expires;
1360
1361 ret = ct_sip_parse_header_uri(ct, *dptr, &coff, *datalen,
1362 SIP_HDR_CONTACT, &in_contact,
1363 &matchoff, &matchlen,
1364 &addr, &port);
1365 if (ret < 0) {
1366 nf_ct_helper_log(skb, ct, "cannot parse contact");
1367 return NF_DROP;
1368 } else if (ret == 0)
1369 break;
1370
1371
1372 if (!nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.dst.u3, &addr))
1373 continue;
1374
1375 if (ct_sip_parse_transport(ct, *dptr, matchoff + matchlen,
1376 *datalen, &proto) == 0)
1377 continue;
1378
1379 ret = ct_sip_parse_numerical_param(ct, *dptr,
1380 matchoff + matchlen,
1381 *datalen, "expires=",
1382 NULL, NULL, &c_expires);
1383 if (ret < 0) {
1384 nf_ct_helper_log(skb, ct, "cannot parse expires");
1385 return NF_DROP;
1386 }
1387 if (c_expires == 0)
1388 break;
1389 if (refresh_signalling_expectation(ct, &addr, proto, port,
1390 c_expires))
1391 return NF_ACCEPT;
1392 }
1393
1394 flush:
1395 flush_expectations(ct, false);
1396 return NF_ACCEPT;
1397 }
1398
1399 static const struct sip_handler sip_handlers[] = {
1400 SIP_HANDLER("INVITE", process_invite_request, process_invite_response),
1401 SIP_HANDLER("UPDATE", process_sdp, process_update_response),
1402 SIP_HANDLER("ACK", process_sdp, NULL),
1403 SIP_HANDLER("PRACK", process_sdp, process_prack_response),
1404 SIP_HANDLER("BYE", process_bye_request, NULL),
1405 SIP_HANDLER("REGISTER", process_register_request, process_register_response),
1406 };
1407
1408 static int process_sip_response(struct sk_buff *skb, unsigned int protoff,
1409 unsigned int dataoff,
1410 const char **dptr, unsigned int *datalen)
1411 {
1412 enum ip_conntrack_info ctinfo;
1413 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1414 unsigned int matchoff, matchlen, matchend;
1415 unsigned int code, cseq, i;
1416
1417 if (*datalen < strlen("SIP/2.0 200"))
1418 return NF_ACCEPT;
1419 code = simple_strtoul(*dptr + strlen("SIP/2.0 "), NULL, 10);
1420 if (!code) {
1421 nf_ct_helper_log(skb, ct, "cannot get code");
1422 return NF_DROP;
1423 }
1424
1425 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_CSEQ,
1426 &matchoff, &matchlen) <= 0) {
1427 nf_ct_helper_log(skb, ct, "cannot parse cseq");
1428 return NF_DROP;
1429 }
1430 cseq = simple_strtoul(*dptr + matchoff, NULL, 10);
1431 if (!cseq && *(*dptr + matchoff) != '0') {
1432 nf_ct_helper_log(skb, ct, "cannot get cseq");
1433 return NF_DROP;
1434 }
1435 matchend = matchoff + matchlen + 1;
1436
1437 for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) {
1438 const struct sip_handler *handler;
1439
1440 handler = &sip_handlers[i];
1441 if (handler->response == NULL)
1442 continue;
1443 if (*datalen < matchend + handler->len ||
1444 strncasecmp(*dptr + matchend, handler->method, handler->len))
1445 continue;
1446 return handler->response(skb, protoff, dataoff, dptr, datalen,
1447 cseq, code);
1448 }
1449 return NF_ACCEPT;
1450 }
1451
1452 static int process_sip_request(struct sk_buff *skb, unsigned int protoff,
1453 unsigned int dataoff,
1454 const char **dptr, unsigned int *datalen)
1455 {
1456 enum ip_conntrack_info ctinfo;
1457 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1458 struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct);
1459 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
1460 unsigned int matchoff, matchlen;
1461 unsigned int cseq, i;
1462 union nf_inet_addr addr;
1463 __be16 port;
1464
1465
1466
1467
1468
1469
1470
1471 if (ct_sip_parse_header_uri(ct, *dptr, NULL, *datalen,
1472 SIP_HDR_VIA_UDP, NULL, &matchoff,
1473 &matchlen, &addr, &port) > 0 &&
1474 port != ct->tuplehash[dir].tuple.src.u.udp.port &&
1475 nf_inet_addr_cmp(&addr, &ct->tuplehash[dir].tuple.src.u3))
1476 ct_sip_info->forced_dport = port;
1477
1478 for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) {
1479 const struct sip_handler *handler;
1480
1481 handler = &sip_handlers[i];
1482 if (handler->request == NULL)
1483 continue;
1484 if (*datalen < handler->len + 2 ||
1485 strncasecmp(*dptr, handler->method, handler->len))
1486 continue;
1487 if ((*dptr)[handler->len] != ' ' ||
1488 !isalpha((*dptr)[handler->len+1]))
1489 continue;
1490
1491 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_CSEQ,
1492 &matchoff, &matchlen) <= 0) {
1493 nf_ct_helper_log(skb, ct, "cannot parse cseq");
1494 return NF_DROP;
1495 }
1496 cseq = simple_strtoul(*dptr + matchoff, NULL, 10);
1497 if (!cseq && *(*dptr + matchoff) != '0') {
1498 nf_ct_helper_log(skb, ct, "cannot get cseq");
1499 return NF_DROP;
1500 }
1501
1502 return handler->request(skb, protoff, dataoff, dptr, datalen,
1503 cseq);
1504 }
1505 return NF_ACCEPT;
1506 }
1507
1508 static int process_sip_msg(struct sk_buff *skb, struct nf_conn *ct,
1509 unsigned int protoff, unsigned int dataoff,
1510 const char **dptr, unsigned int *datalen)
1511 {
1512 const struct nf_nat_sip_hooks *hooks;
1513 int ret;
1514
1515 if (strncasecmp(*dptr, "SIP/2.0 ", strlen("SIP/2.0 ")) != 0)
1516 ret = process_sip_request(skb, protoff, dataoff, dptr, datalen);
1517 else
1518 ret = process_sip_response(skb, protoff, dataoff, dptr, datalen);
1519
1520 if (ret == NF_ACCEPT && ct->status & IPS_NAT_MASK) {
1521 hooks = rcu_dereference(nf_nat_sip_hooks);
1522 if (hooks && !hooks->msg(skb, protoff, dataoff,
1523 dptr, datalen)) {
1524 nf_ct_helper_log(skb, ct, "cannot NAT SIP message");
1525 ret = NF_DROP;
1526 }
1527 }
1528
1529 return ret;
1530 }
1531
1532 static int sip_help_tcp(struct sk_buff *skb, unsigned int protoff,
1533 struct nf_conn *ct, enum ip_conntrack_info ctinfo)
1534 {
1535 struct tcphdr *th, _tcph;
1536 unsigned int dataoff, datalen;
1537 unsigned int matchoff, matchlen, clen;
1538 unsigned int msglen, origlen;
1539 const char *dptr, *end;
1540 s16 diff, tdiff = 0;
1541 int ret = NF_ACCEPT;
1542 bool term;
1543
1544 if (ctinfo != IP_CT_ESTABLISHED &&
1545 ctinfo != IP_CT_ESTABLISHED_REPLY)
1546 return NF_ACCEPT;
1547
1548
1549 th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph);
1550 if (th == NULL)
1551 return NF_ACCEPT;
1552 dataoff = protoff + th->doff * 4;
1553 if (dataoff >= skb->len)
1554 return NF_ACCEPT;
1555
1556 nf_ct_refresh(ct, skb, sip_timeout * HZ);
1557
1558 if (unlikely(skb_linearize(skb)))
1559 return NF_DROP;
1560
1561 dptr = skb->data + dataoff;
1562 datalen = skb->len - dataoff;
1563 if (datalen < strlen("SIP/2.0 200"))
1564 return NF_ACCEPT;
1565
1566 while (1) {
1567 if (ct_sip_get_header(ct, dptr, 0, datalen,
1568 SIP_HDR_CONTENT_LENGTH,
1569 &matchoff, &matchlen) <= 0)
1570 break;
1571
1572 clen = simple_strtoul(dptr + matchoff, (char **)&end, 10);
1573 if (dptr + matchoff == end)
1574 break;
1575
1576 term = false;
1577 for (; end + strlen("\r\n\r\n") <= dptr + datalen; end++) {
1578 if (end[0] == '\r' && end[1] == '\n' &&
1579 end[2] == '\r' && end[3] == '\n') {
1580 term = true;
1581 break;
1582 }
1583 }
1584 if (!term)
1585 break;
1586 end += strlen("\r\n\r\n") + clen;
1587
1588 msglen = origlen = end - dptr;
1589 if (msglen > datalen)
1590 return NF_ACCEPT;
1591
1592 ret = process_sip_msg(skb, ct, protoff, dataoff,
1593 &dptr, &msglen);
1594
1595 if (ret != NF_ACCEPT)
1596 break;
1597 diff = msglen - origlen;
1598 tdiff += diff;
1599
1600 dataoff += msglen;
1601 dptr += msglen;
1602 datalen = datalen + diff - msglen;
1603 }
1604
1605 if (ret == NF_ACCEPT && ct->status & IPS_NAT_MASK) {
1606 const struct nf_nat_sip_hooks *hooks;
1607
1608 hooks = rcu_dereference(nf_nat_sip_hooks);
1609 if (hooks)
1610 hooks->seq_adjust(skb, protoff, tdiff);
1611 }
1612
1613 return ret;
1614 }
1615
1616 static int sip_help_udp(struct sk_buff *skb, unsigned int protoff,
1617 struct nf_conn *ct, enum ip_conntrack_info ctinfo)
1618 {
1619 unsigned int dataoff, datalen;
1620 const char *dptr;
1621
1622
1623 dataoff = protoff + sizeof(struct udphdr);
1624 if (dataoff >= skb->len)
1625 return NF_ACCEPT;
1626
1627 nf_ct_refresh(ct, skb, sip_timeout * HZ);
1628
1629 if (unlikely(skb_linearize(skb)))
1630 return NF_DROP;
1631
1632 dptr = skb->data + dataoff;
1633 datalen = skb->len - dataoff;
1634 if (datalen < strlen("SIP/2.0 200"))
1635 return NF_ACCEPT;
1636
1637 return process_sip_msg(skb, ct, protoff, dataoff, &dptr, &datalen);
1638 }
1639
1640 static struct nf_conntrack_helper sip[MAX_PORTS * 4] __read_mostly;
1641
1642 static const struct nf_conntrack_expect_policy sip_exp_policy[SIP_EXPECT_MAX + 1] = {
1643 [SIP_EXPECT_SIGNALLING] = {
1644 .name = "signalling",
1645 .max_expected = 1,
1646 .timeout = 3 * 60,
1647 },
1648 [SIP_EXPECT_AUDIO] = {
1649 .name = "audio",
1650 .max_expected = 2 * IP_CT_DIR_MAX,
1651 .timeout = 3 * 60,
1652 },
1653 [SIP_EXPECT_VIDEO] = {
1654 .name = "video",
1655 .max_expected = 2 * IP_CT_DIR_MAX,
1656 .timeout = 3 * 60,
1657 },
1658 [SIP_EXPECT_IMAGE] = {
1659 .name = "image",
1660 .max_expected = IP_CT_DIR_MAX,
1661 .timeout = 3 * 60,
1662 },
1663 };
1664
1665 static void __exit nf_conntrack_sip_fini(void)
1666 {
1667 nf_conntrack_helpers_unregister(sip, ports_c * 4);
1668 }
1669
1670 static int __init nf_conntrack_sip_init(void)
1671 {
1672 int i, ret;
1673
1674 NF_CT_HELPER_BUILD_BUG_ON(sizeof(struct nf_ct_sip_master));
1675
1676 if (ports_c == 0)
1677 ports[ports_c++] = SIP_PORT;
1678
1679 for (i = 0; i < ports_c; i++) {
1680 nf_ct_helper_init(&sip[4 * i], AF_INET, IPPROTO_UDP,
1681 HELPER_NAME, SIP_PORT, ports[i], i,
1682 sip_exp_policy, SIP_EXPECT_MAX, sip_help_udp,
1683 NULL, THIS_MODULE);
1684 nf_ct_helper_init(&sip[4 * i + 1], AF_INET, IPPROTO_TCP,
1685 HELPER_NAME, SIP_PORT, ports[i], i,
1686 sip_exp_policy, SIP_EXPECT_MAX, sip_help_tcp,
1687 NULL, THIS_MODULE);
1688 nf_ct_helper_init(&sip[4 * i + 2], AF_INET6, IPPROTO_UDP,
1689 HELPER_NAME, SIP_PORT, ports[i], i,
1690 sip_exp_policy, SIP_EXPECT_MAX, sip_help_udp,
1691 NULL, THIS_MODULE);
1692 nf_ct_helper_init(&sip[4 * i + 3], AF_INET6, IPPROTO_TCP,
1693 HELPER_NAME, SIP_PORT, ports[i], i,
1694 sip_exp_policy, SIP_EXPECT_MAX, sip_help_tcp,
1695 NULL, THIS_MODULE);
1696 }
1697
1698 ret = nf_conntrack_helpers_register(sip, ports_c * 4);
1699 if (ret < 0) {
1700 pr_err("failed to register helpers\n");
1701 return ret;
1702 }
1703 return 0;
1704 }
1705
1706 module_init(nf_conntrack_sip_init);
1707 module_exit(nf_conntrack_sip_fini);
