1/* SIP extension for IP connection tracking. 2 * 3 * (C) 2005 by Christian Hentschel <chentschel@arnet.com.ar> 4 * based on RR's ip_conntrack_ftp.c and other modules. 5 * (C) 2007 United Security Providers 6 * (C) 2007, 2008 Patrick McHardy <kaber@trash.net> 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License version 2 as 10 * published by the Free Software Foundation. 11 */ 12 13#include <linux/module.h> 14#include <linux/ctype.h> 15#include <linux/skbuff.h> 16#include <linux/inet.h> 17#include <linux/in.h> 18#include <linux/udp.h> 19#include <linux/tcp.h> 20#include <linux/netfilter.h> 21 22#include <net/netfilter/nf_conntrack.h> 23#include <net/netfilter/nf_conntrack_core.h> 24#include <net/netfilter/nf_conntrack_expect.h> 25#include <net/netfilter/nf_conntrack_helper.h> 26#include <net/netfilter/nf_conntrack_zones.h> 27#include <linux/netfilter/nf_conntrack_sip.h> 28 29MODULE_LICENSE("GPL"); 30MODULE_AUTHOR("Christian Hentschel <chentschel@arnet.com.ar>"); 31MODULE_DESCRIPTION("SIP connection tracking helper"); 32MODULE_ALIAS("ip_conntrack_sip"); 33MODULE_ALIAS_NFCT_HELPER("sip"); 34 35#define MAX_PORTS 8 36static unsigned short ports[MAX_PORTS]; 37static unsigned int ports_c; 38module_param_array(ports, ushort, &ports_c, 0400); 39MODULE_PARM_DESC(ports, "port numbers of SIP servers"); 40 41static unsigned int sip_timeout __read_mostly = SIP_TIMEOUT; 42module_param(sip_timeout, uint, 0600); 43MODULE_PARM_DESC(sip_timeout, "timeout for the master SIP session"); 44 45static int sip_direct_signalling __read_mostly = 1; 46module_param(sip_direct_signalling, int, 0600); 47MODULE_PARM_DESC(sip_direct_signalling, "expect incoming calls from registrar " 48 "only (default 1)"); 49 50static int sip_direct_media __read_mostly = 1; 51module_param(sip_direct_media, int, 0600); 52MODULE_PARM_DESC(sip_direct_media, "Expect Media streams between signalling " 53 "endpoints only (default 1)"); 54 55const struct nf_nat_sip_hooks *nf_nat_sip_hooks; 56EXPORT_SYMBOL_GPL(nf_nat_sip_hooks); 57 58static int string_len(const struct nf_conn *ct, const char *dptr, 59 const char *limit, int *shift) 60{ 61 int len = 0; 62 63 while (dptr < limit && isalpha(*dptr)) { 64 dptr++; 65 len++; 66 } 67 return len; 68} 69 70static int digits_len(const struct nf_conn *ct, const char *dptr, 71 const char *limit, int *shift) 72{ 73 int len = 0; 74 while (dptr < limit && isdigit(*dptr)) { 75 dptr++; 76 len++; 77 } 78 return len; 79} 80 81static int iswordc(const char c) 82{ 83 if (isalnum(c) || c == '!' || c == '"' || c == '%' || 84 (c >= '(' && c <= '/') || c == ':' || c == '<' || c == '>' || 85 c == '?' || (c >= '[' && c <= ']') || c == '_' || c == '`' || 86 c == '{' || c == '}' || c == '~') 87 return 1; 88 return 0; 89} 90 91static int word_len(const char *dptr, const char *limit) 92{ 93 int len = 0; 94 while (dptr < limit && iswordc(*dptr)) { 95 dptr++; 96 len++; 97 } 98 return len; 99} 100 101static int callid_len(const struct nf_conn *ct, const char *dptr, 102 const char *limit, int *shift) 103{ 104 int len, domain_len; 105 106 len = word_len(dptr, limit); 107 dptr += len; 108 if (!len || dptr == limit || *dptr != '@') 109 return len; 110 dptr++; 111 len++; 112 113 domain_len = word_len(dptr, limit); 114 if (!domain_len) 115 return 0; 116 return len + domain_len; 117} 118 119/* get media type + port length */ 120static int media_len(const struct nf_conn *ct, const char *dptr, 121 const char *limit, int *shift) 122{ 123 int len = string_len(ct, dptr, limit, shift); 124 125 dptr += len; 126 if (dptr >= limit || *dptr != ' ') 127 return 0; 128 len++; 129 dptr++; 130 131 return len + digits_len(ct, dptr, limit, shift); 132} 133 134static int sip_parse_addr(const struct nf_conn *ct, const char *cp, 135 const char **endp, union nf_inet_addr *addr, 136 const char *limit, bool delim) 137{ 138 const char *end; 139 int ret; 140 141 if (!ct) 142 return 0; 143 144 memset(addr, 0, sizeof(*addr)); 145 switch (nf_ct_l3num(ct)) { 146 case AF_INET: 147 ret = in4_pton(cp, limit - cp, (u8 *)&addr->ip, -1, &end); 148 if (ret == 0) 149 return 0; 150 break; 151 case AF_INET6: 152 if (cp < limit && *cp == '[') 153 cp++; 154 else if (delim) 155 return 0; 156 157 ret = in6_pton(cp, limit - cp, (u8 *)&addr->ip6, -1, &end); 158 if (ret == 0) 159 return 0; 160 161 if (end < limit && *end == ']') 162 end++; 163 else if (delim) 164 return 0; 165 break; 166 default: 167 BUG(); 168 } 169 170 if (endp) 171 *endp = end; 172 return 1; 173} 174 175/* skip ip address. returns its length. */ 176static int epaddr_len(const struct nf_conn *ct, const char *dptr, 177 const char *limit, int *shift) 178{ 179 union nf_inet_addr addr; 180 const char *aux = dptr; 181 182 if (!sip_parse_addr(ct, dptr, &dptr, &addr, limit, true)) { 183 pr_debug("ip: %s parse failed.!\n", dptr); 184 return 0; 185 } 186 187 /* Port number */ 188 if (*dptr == ':') { 189 dptr++; 190 dptr += digits_len(ct, dptr, limit, shift); 191 } 192 return dptr - aux; 193} 194 195/* get address length, skiping user info. */ 196static int skp_epaddr_len(const struct nf_conn *ct, const char *dptr, 197 const char *limit, int *shift) 198{ 199 const char *start = dptr; 200 int s = *shift; 201 202 /* Search for @, but stop at the end of the line. 203 * We are inside a sip: URI, so we don't need to worry about 204 * continuation lines. */ 205 while (dptr < limit && 206 *dptr != '@' && *dptr != '\r' && *dptr != '\n') { 207 (*shift)++; 208 dptr++; 209 } 210 211 if (dptr < limit && *dptr == '@') { 212 dptr++; 213 (*shift)++; 214 } else { 215 dptr = start; 216 *shift = s; 217 } 218 219 return epaddr_len(ct, dptr, limit, shift); 220} 221 222/* Parse a SIP request line of the form: 223 * 224 * Request-Line = Method SP Request-URI SP SIP-Version CRLF 225 * 226 * and return the offset and length of the address contained in the Request-URI. 227 */ 228int ct_sip_parse_request(const struct nf_conn *ct, 229 const char *dptr, unsigned int datalen, 230 unsigned int *matchoff, unsigned int *matchlen, 231 union nf_inet_addr *addr, __be16 *port) 232{ 233 const char *start = dptr, *limit = dptr + datalen, *end; 234 unsigned int mlen; 235 unsigned int p; 236 int shift = 0; 237 238 /* Skip method and following whitespace */ 239 mlen = string_len(ct, dptr, limit, NULL); 240 if (!mlen) 241 return 0; 242 dptr += mlen; 243 if (++dptr >= limit) 244 return 0; 245 246 /* Find SIP URI */ 247 for (; dptr < limit - strlen("sip:"); dptr++) { 248 if (*dptr == '\r' || *dptr == '\n') 249 return -1; 250 if (strncasecmp(dptr, "sip:", strlen("sip:")) == 0) { 251 dptr += strlen("sip:"); 252 break; 253 } 254 } 255 if (!skp_epaddr_len(ct, dptr, limit, &shift)) 256 return 0; 257 dptr += shift; 258 259 if (!sip_parse_addr(ct, dptr, &end, addr, limit, true)) 260 return -1; 261 if (end < limit && *end == ':') { 262 end++; 263 p = simple_strtoul(end, (char **)&end, 10); 264 if (p < 1024 || p > 65535) 265 return -1; 266 *port = htons(p); 267 } else 268 *port = htons(SIP_PORT); 269 270 if (end == dptr) 271 return 0; 272 *matchoff = dptr - start; 273 *matchlen = end - dptr; 274 return 1; 275} 276EXPORT_SYMBOL_GPL(ct_sip_parse_request); 277 278/* SIP header parsing: SIP headers are located at the beginning of a line, but 279 * may span several lines, in which case the continuation lines begin with a 280 * whitespace character. RFC 2543 allows lines to be terminated with CR, LF or 281 * CRLF, RFC 3261 allows only CRLF, we support both. 282 * 283 * Headers are followed by (optionally) whitespace, a colon, again (optionally) 284 * whitespace and the values. Whitespace in this context means any amount of 285 * tabs, spaces and continuation lines, which are treated as a single whitespace 286 * character. 287 * 288 * Some headers may appear multiple times. A comma separated list of values is 289 * equivalent to multiple headers. 290 */ 291static const struct sip_header ct_sip_hdrs[] = { 292 [SIP_HDR_CSEQ] = SIP_HDR("CSeq", NULL, NULL, digits_len), 293 [SIP_HDR_FROM] = SIP_HDR("From", "f", "sip:", skp_epaddr_len), 294 [SIP_HDR_TO] = SIP_HDR("To", "t", "sip:", skp_epaddr_len), 295 [SIP_HDR_CONTACT] = SIP_HDR("Contact", "m", "sip:", skp_epaddr_len), 296 [SIP_HDR_VIA_UDP] = SIP_HDR("Via", "v", "UDP ", epaddr_len), 297 [SIP_HDR_VIA_TCP] = SIP_HDR("Via", "v", "TCP ", epaddr_len), 298 [SIP_HDR_EXPIRES] = SIP_HDR("Expires", NULL, NULL, digits_len), 299 [SIP_HDR_CONTENT_LENGTH] = SIP_HDR("Content-Length", "l", NULL, digits_len), 300 [SIP_HDR_CALL_ID] = SIP_HDR("Call-Id", "i", NULL, callid_len), 301}; 302 303static const char *sip_follow_continuation(const char *dptr, const char *limit) 304{ 305 /* Walk past newline */ 306 if (++dptr >= limit) 307 return NULL; 308 309 /* Skip '\n' in CR LF */ 310 if (*(dptr - 1) == '\r' && *dptr == '\n') { 311 if (++dptr >= limit) 312 return NULL; 313 } 314 315 /* Continuation line? */ 316 if (*dptr != ' ' && *dptr != '\t') 317 return NULL; 318 319 /* skip leading whitespace */ 320 for (; dptr < limit; dptr++) { 321 if (*dptr != ' ' && *dptr != '\t') 322 break; 323 } 324 return dptr; 325} 326 327static const char *sip_skip_whitespace(const char *dptr, const char *limit) 328{ 329 for (; dptr < limit; dptr++) { 330 if (*dptr == ' ') 331 continue; 332 if (*dptr != '\r' && *dptr != '\n') 333 break; 334 dptr = sip_follow_continuation(dptr, limit); 335 if (dptr == NULL) 336 return NULL; 337 } 338 return dptr; 339} 340 341/* Search within a SIP header value, dealing with continuation lines */ 342static const char *ct_sip_header_search(const char *dptr, const char *limit, 343 const char *needle, unsigned int len) 344{ 345 for (limit -= len; dptr < limit; dptr++) { 346 if (*dptr == '\r' || *dptr == '\n') { 347 dptr = sip_follow_continuation(dptr, limit); 348 if (dptr == NULL) 349 break; 350 continue; 351 } 352 353 if (strncasecmp(dptr, needle, len) == 0) 354 return dptr; 355 } 356 return NULL; 357} 358 359int ct_sip_get_header(const struct nf_conn *ct, const char *dptr, 360 unsigned int dataoff, unsigned int datalen, 361 enum sip_header_types type, 362 unsigned int *matchoff, unsigned int *matchlen) 363{ 364 const struct sip_header *hdr = &ct_sip_hdrs[type]; 365 const char *start = dptr, *limit = dptr + datalen; 366 int shift = 0; 367 368 for (dptr += dataoff; dptr < limit; dptr++) { 369 /* Find beginning of line */ 370 if (*dptr != '\r' && *dptr != '\n') 371 continue; 372 if (++dptr >= limit) 373 break; 374 if (*(dptr - 1) == '\r' && *dptr == '\n') { 375 if (++dptr >= limit) 376 break; 377 } 378 379 /* Skip continuation lines */ 380 if (*dptr == ' ' || *dptr == '\t') 381 continue; 382 383 /* Find header. Compact headers must be followed by a 384 * non-alphabetic character to avoid mismatches. */ 385 if (limit - dptr >= hdr->len && 386 strncasecmp(dptr, hdr->name, hdr->len) == 0) 387 dptr += hdr->len; 388 else if (hdr->cname && limit - dptr >= hdr->clen + 1 && 389 strncasecmp(dptr, hdr->cname, hdr->clen) == 0 && 390 !isalpha(*(dptr + hdr->clen))) 391 dptr += hdr->clen; 392 else 393 continue; 394 395 /* Find and skip colon */ 396 dptr = sip_skip_whitespace(dptr, limit); 397 if (dptr == NULL) 398 break; 399 if (*dptr != ':' || ++dptr >= limit) 400 break; 401 402 /* Skip whitespace after colon */ 403 dptr = sip_skip_whitespace(dptr, limit); 404 if (dptr == NULL) 405 break; 406 407 *matchoff = dptr - start; 408 if (hdr->search) { 409 dptr = ct_sip_header_search(dptr, limit, hdr->search, 410 hdr->slen); 411 if (!dptr) 412 return -1; 413 dptr += hdr->slen; 414 } 415 416 *matchlen = hdr->match_len(ct, dptr, limit, &shift); 417 if (!*matchlen) 418 return -1; 419 *matchoff = dptr - start + shift; 420 return 1; 421 } 422 return 0; 423} 424EXPORT_SYMBOL_GPL(ct_sip_get_header); 425 426/* Get next header field in a list of comma separated values */ 427static int ct_sip_next_header(const struct nf_conn *ct, const char *dptr, 428 unsigned int dataoff, unsigned int datalen, 429 enum sip_header_types type, 430 unsigned int *matchoff, unsigned int *matchlen) 431{ 432 const struct sip_header *hdr = &ct_sip_hdrs[type]; 433 const char *start = dptr, *limit = dptr + datalen; 434 int shift = 0; 435 436 dptr += dataoff; 437 438 dptr = ct_sip_header_search(dptr, limit, ",", strlen(",")); 439 if (!dptr) 440 return 0; 441 442 dptr = ct_sip_header_search(dptr, limit, hdr->search, hdr->slen); 443 if (!dptr) 444 return 0; 445 dptr += hdr->slen; 446 447 *matchoff = dptr - start; 448 *matchlen = hdr->match_len(ct, dptr, limit, &shift); 449 if (!*matchlen) 450 return -1; 451 *matchoff += shift; 452 return 1; 453} 454 455/* Walk through headers until a parsable one is found or no header of the 456 * given type is left. */ 457static int ct_sip_walk_headers(const struct nf_conn *ct, const char *dptr, 458 unsigned int dataoff, unsigned int datalen, 459 enum sip_header_types type, int *in_header, 460 unsigned int *matchoff, unsigned int *matchlen) 461{ 462 int ret; 463 464 if (in_header && *in_header) { 465 while (1) { 466 ret = ct_sip_next_header(ct, dptr, dataoff, datalen, 467 type, matchoff, matchlen); 468 if (ret > 0) 469 return ret; 470 if (ret == 0) 471 break; 472 dataoff += *matchoff; 473 } 474 *in_header = 0; 475 } 476 477 while (1) { 478 ret = ct_sip_get_header(ct, dptr, dataoff, datalen, 479 type, matchoff, matchlen); 480 if (ret > 0) 481 break; 482 if (ret == 0) 483 return ret; 484 dataoff += *matchoff; 485 } 486 487 if (in_header) 488 *in_header = 1; 489 return 1; 490} 491 492/* Locate a SIP header, parse the URI and return the offset and length of 493 * the address as well as the address and port themselves. A stream of 494 * headers can be parsed by handing in a non-NULL datalen and in_header 495 * pointer. 496 */ 497int ct_sip_parse_header_uri(const struct nf_conn *ct, const char *dptr, 498 unsigned int *dataoff, unsigned int datalen, 499 enum sip_header_types type, int *in_header, 500 unsigned int *matchoff, unsigned int *matchlen, 501 union nf_inet_addr *addr, __be16 *port) 502{ 503 const char *c, *limit = dptr + datalen; 504 unsigned int p; 505 int ret; 506 507 ret = ct_sip_walk_headers(ct, dptr, dataoff ? *dataoff : 0, datalen, 508 type, in_header, matchoff, matchlen); 509 WARN_ON(ret < 0); 510 if (ret == 0) 511 return ret; 512 513 if (!sip_parse_addr(ct, dptr + *matchoff, &c, addr, limit, true)) 514 return -1; 515 if (*c == ':') { 516 c++; 517 p = simple_strtoul(c, (char **)&c, 10); 518 if (p < 1024 || p > 65535) 519 return -1; 520 *port = htons(p); 521 } else 522 *port = htons(SIP_PORT); 523 524 if (dataoff) 525 *dataoff = c - dptr; 526 return 1; 527} 528EXPORT_SYMBOL_GPL(ct_sip_parse_header_uri); 529 530static int ct_sip_parse_param(const struct nf_conn *ct, const char *dptr, 531 unsigned int dataoff, unsigned int datalen, 532 const char *name, 533 unsigned int *matchoff, unsigned int *matchlen) 534{ 535 const char *limit = dptr + datalen; 536 const char *start; 537 const char *end; 538 539 limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(",")); 540 if (!limit) 541 limit = dptr + datalen; 542 543 start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name)); 544 if (!start) 545 return 0; 546 start += strlen(name); 547 548 end = ct_sip_header_search(start, limit, ";", strlen(";")); 549 if (!end) 550 end = limit; 551 552 *matchoff = start - dptr; 553 *matchlen = end - start; 554 return 1; 555} 556 557/* Parse address from header parameter and return address, offset and length */ 558int ct_sip_parse_address_param(const struct nf_conn *ct, const char *dptr, 559 unsigned int dataoff, unsigned int datalen, 560 const char *name, 561 unsigned int *matchoff, unsigned int *matchlen, 562 union nf_inet_addr *addr, bool delim) 563{ 564 const char *limit = dptr + datalen; 565 const char *start, *end; 566 567 limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(",")); 568 if (!limit) 569 limit = dptr + datalen; 570 571 start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name)); 572 if (!start) 573 return 0; 574 575 start += strlen(name); 576 if (!sip_parse_addr(ct, start, &end, addr, limit, delim)) 577 return 0; 578 *matchoff = start - dptr; 579 *matchlen = end - start; 580 return 1; 581} 582EXPORT_SYMBOL_GPL(ct_sip_parse_address_param); 583 584/* Parse numerical header parameter and return value, offset and length */ 585int ct_sip_parse_numerical_param(const struct nf_conn *ct, const char *dptr, 586 unsigned int dataoff, unsigned int datalen, 587 const char *name, 588 unsigned int *matchoff, unsigned int *matchlen, 589 unsigned int *val) 590{ 591 const char *limit = dptr + datalen; 592 const char *start; 593 char *end; 594 595 limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(",")); 596 if (!limit) 597 limit = dptr + datalen; 598 599 start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name)); 600 if (!start) 601 return 0; 602 603 start += strlen(name); 604 *val = simple_strtoul(start, &end, 0); 605 if (start == end) 606 return 0; 607 if (matchoff && matchlen) { 608 *matchoff = start - dptr; 609 *matchlen = end - start; 610 } 611 return 1; 612} 613EXPORT_SYMBOL_GPL(ct_sip_parse_numerical_param); 614 615static int ct_sip_parse_transport(struct nf_conn *ct, const char *dptr, 616 unsigned int dataoff, unsigned int datalen, 617 u8 *proto) 618{ 619 unsigned int matchoff, matchlen; 620 621 if (ct_sip_parse_param(ct, dptr, dataoff, datalen, "transport=", 622 &matchoff, &matchlen)) { 623 if (!strncasecmp(dptr + matchoff, "TCP", strlen("TCP"))) 624 *proto = IPPROTO_TCP; 625 else if (!strncasecmp(dptr + matchoff, "UDP", strlen("UDP"))) 626 *proto = IPPROTO_UDP; 627 else 628 return 0; 629 630 if (*proto != nf_ct_protonum(ct)) 631 return 0; 632 } else 633 *proto = nf_ct_protonum(ct); 634 635 return 1; 636} 637 638static int sdp_parse_addr(const struct nf_conn *ct, const char *cp, 639 const char **endp, union nf_inet_addr *addr, 640 const char *limit) 641{ 642 const char *end; 643 int ret; 644 645 memset(addr, 0, sizeof(*addr)); 646 switch (nf_ct_l3num(ct)) { 647 case AF_INET: 648 ret = in4_pton(cp, limit - cp, (u8 *)&addr->ip, -1, &end); 649 break; 650 case AF_INET6: 651 ret = in6_pton(cp, limit - cp, (u8 *)&addr->ip6, -1, &end); 652 break; 653 default: 654 BUG(); 655 } 656 657 if (ret == 0) 658 return 0; 659 if (endp) 660 *endp = end; 661 return 1; 662} 663 664/* skip ip address. returns its length. */ 665static int sdp_addr_len(const struct nf_conn *ct, const char *dptr, 666 const char *limit, int *shift) 667{ 668 union nf_inet_addr addr; 669 const char *aux = dptr; 670 671 if (!sdp_parse_addr(ct, dptr, &dptr, &addr, limit)) { 672 pr_debug("ip: %s parse failed.!\n", dptr); 673 return 0; 674 } 675 676 return dptr - aux; 677} 678 679/* SDP header parsing: a SDP session description contains an ordered set of 680 * headers, starting with a section containing general session parameters, 681 * optionally followed by multiple media descriptions. 682 * 683 * SDP headers always start at the beginning of a line. According to RFC 2327: 684 * "The sequence CRLF (0x0d0a) is used to end a record, although parsers should 685 * be tolerant and also accept records terminated with a single newline 686 * character". We handle both cases. 687 */ 688static const struct sip_header ct_sdp_hdrs_v4[] = { 689 [SDP_HDR_VERSION] = SDP_HDR("v=", NULL, digits_len), 690 [SDP_HDR_OWNER] = SDP_HDR("o=", "IN IP4 ", sdp_addr_len), 691 [SDP_HDR_CONNECTION] = SDP_HDR("c=", "IN IP4 ", sdp_addr_len), 692 [SDP_HDR_MEDIA] = SDP_HDR("m=", NULL, media_len), 693}; 694 695static const struct sip_header ct_sdp_hdrs_v6[] = { 696 [SDP_HDR_VERSION] = SDP_HDR("v=", NULL, digits_len), 697 [SDP_HDR_OWNER] = SDP_HDR("o=", "IN IP6 ", sdp_addr_len), 698 [SDP_HDR_CONNECTION] = SDP_HDR("c=", "IN IP6 ", sdp_addr_len), 699 [SDP_HDR_MEDIA] = SDP_HDR("m=", NULL, media_len), 700}; 701 702/* Linear string search within SDP header values */ 703static const char *ct_sdp_header_search(const char *dptr, const char *limit, 704 const char *needle, unsigned int len) 705{ 706 for (limit -= len; dptr < limit; dptr++) { 707 if (*dptr == '\r' || *dptr == '\n') 708 break; 709 if (strncmp(dptr, needle, len) == 0) 710 return dptr; 711 } 712 return NULL; 713} 714 715/* Locate a SDP header (optionally a substring within the header value), 716 * optionally stopping at the first occurrence of the term header, parse 717 * it and return the offset and length of the data we're interested in. 718 */ 719int ct_sip_get_sdp_header(const struct nf_conn *ct, const char *dptr, 720 unsigned int dataoff, unsigned int datalen, 721 enum sdp_header_types type, 722 enum sdp_header_types term, 723 unsigned int *matchoff, unsigned int *matchlen) 724{ 725 const struct sip_header *hdrs, *hdr, *thdr; 726 const char *start = dptr, *limit = dptr + datalen; 727 int shift = 0; 728 729 hdrs = nf_ct_l3num(ct) == NFPROTO_IPV4 ? ct_sdp_hdrs_v4 : ct_sdp_hdrs_v6; 730 hdr = &hdrs[type]; 731 thdr = &hdrs[term]; 732 733 for (dptr += dataoff; dptr < limit; dptr++) { 734 /* Find beginning of line */ 735 if (*dptr != '\r' && *dptr != '\n') 736 continue; 737 if (++dptr >= limit) 738 break; 739 if (*(dptr - 1) == '\r' && *dptr == '\n') { 740 if (++dptr >= limit) 741 break; 742 } 743 744 if (term != SDP_HDR_UNSPEC && 745 limit - dptr >= thdr->len && 746 strncasecmp(dptr, thdr->name, thdr->len) == 0) 747 break; 748 else if (limit - dptr >= hdr->len && 749 strncasecmp(dptr, hdr->name, hdr->len) == 0) 750 dptr += hdr->len; 751 else 752 continue; 753 754 *matchoff = dptr - start; 755 if (hdr->search) { 756 dptr = ct_sdp_header_search(dptr, limit, hdr->search, 757 hdr->slen); 758 if (!dptr) 759 return -1; 760 dptr += hdr->slen; 761 } 762 763 *matchlen = hdr->match_len(ct, dptr, limit, &shift); 764 if (!*matchlen) 765 return -1; 766 *matchoff = dptr - start + shift; 767 return 1; 768 } 769 return 0; 770} 771EXPORT_SYMBOL_GPL(ct_sip_get_sdp_header); 772 773static int ct_sip_parse_sdp_addr(const struct nf_conn *ct, const char *dptr, 774 unsigned int dataoff, unsigned int datalen, 775 enum sdp_header_types type, 776 enum sdp_header_types term, 777 unsigned int *matchoff, unsigned int *matchlen, 778 union nf_inet_addr *addr) 779{ 780 int ret; 781 782 ret = ct_sip_get_sdp_header(ct, dptr, dataoff, datalen, type, term, 783 matchoff, matchlen); 784 if (ret <= 0) 785 return ret; 786 787 if (!sdp_parse_addr(ct, dptr + *matchoff, NULL, addr, 788 dptr + *matchoff + *matchlen)) 789 return -1; 790 return 1; 791} 792 793static int refresh_signalling_expectation(struct nf_conn *ct, 794 union nf_inet_addr *addr, 795 u8 proto, __be16 port, 796 unsigned int expires) 797{ 798 struct nf_conn_help *help = nfct_help(ct); 799 struct nf_conntrack_expect *exp; 800 struct hlist_node *next; 801 int found = 0; 802 803 spin_lock_bh(&nf_conntrack_expect_lock); 804 hlist_for_each_entry_safe(exp, next, &help->expectations, lnode) { 805 if (exp->class != SIP_EXPECT_SIGNALLING || 806 !nf_inet_addr_cmp(&exp->tuple.dst.u3, addr) || 807 exp->tuple.dst.protonum != proto || 808 exp->tuple.dst.u.udp.port != port) 809 continue; 810 if (!del_timer(&exp->timeout)) 811 continue; 812 exp->flags &= ~NF_CT_EXPECT_INACTIVE; 813 exp->timeout.expires = jiffies + expires * HZ; 814 add_timer(&exp->timeout); 815 found = 1; 816 break; 817 } 818 spin_unlock_bh(&nf_conntrack_expect_lock); 819 return found; 820} 821 822static void flush_expectations(struct nf_conn *ct, bool media) 823{ 824 struct nf_conn_help *help = nfct_help(ct); 825 struct nf_conntrack_expect *exp; 826 struct hlist_node *next; 827 828 spin_lock_bh(&nf_conntrack_expect_lock); 829 hlist_for_each_entry_safe(exp, next, &help->expectations, lnode) { 830 if ((exp->class != SIP_EXPECT_SIGNALLING) ^ media) 831 continue; 832 if (!del_timer(&exp->timeout)) 833 continue; 834 nf_ct_unlink_expect(exp); 835 nf_ct_expect_put(exp); 836 if (!media) 837 break; 838 } 839 spin_unlock_bh(&nf_conntrack_expect_lock); 840} 841 842static int set_expected_rtp_rtcp(struct sk_buff *skb, unsigned int protoff, 843 unsigned int dataoff, 844 const char **dptr, unsigned int *datalen, 845 union nf_inet_addr *daddr, __be16 port, 846 enum sip_expectation_classes class, 847 unsigned int mediaoff, unsigned int medialen) 848{ 849 struct nf_conntrack_expect *exp, *rtp_exp, *rtcp_exp; 850 enum ip_conntrack_info ctinfo; 851 struct nf_conn *ct = nf_ct_get(skb, &ctinfo); 852 struct net *net = nf_ct_net(ct); 853 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); 854 union nf_inet_addr *saddr; 855 struct nf_conntrack_tuple tuple; 856 int direct_rtp = 0, skip_expect = 0, ret = NF_DROP; 857 u_int16_t base_port; 858 __be16 rtp_port, rtcp_port; 859 const struct nf_nat_sip_hooks *hooks; 860 861 saddr = NULL; 862 if (sip_direct_media) { 863 if (!nf_inet_addr_cmp(daddr, &ct->tuplehash[dir].tuple.src.u3)) 864 return NF_ACCEPT; 865 saddr = &ct->tuplehash[!dir].tuple.src.u3; 866 } 867 868 /* We need to check whether the registration exists before attempting 869 * to register it since we can see the same media description multiple 870 * times on different connections in case multiple endpoints receive 871 * the same call. 872 * 873 * RTP optimization: if we find a matching media channel expectation 874 * and both the expectation and this connection are SNATed, we assume 875 * both sides can reach each other directly and use the final 876 * destination address from the expectation. We still need to keep 877 * the NATed expectations for media that might arrive from the 878 * outside, and additionally need to expect the direct RTP stream 879 * in case it passes through us even without NAT. 880 */ 881 memset(&tuple, 0, sizeof(tuple)); 882 if (saddr) 883 tuple.src.u3 = *saddr; 884 tuple.src.l3num = nf_ct_l3num(ct); 885 tuple.dst.protonum = IPPROTO_UDP; 886 tuple.dst.u3 = *daddr; 887 tuple.dst.u.udp.port = port; 888 889 rcu_read_lock(); 890 do { 891 exp = __nf_ct_expect_find(net, nf_ct_zone(ct), &tuple); 892 893 if (!exp || exp->master == ct || 894 nfct_help(exp->master)->helper != nfct_help(ct)->helper || 895 exp->class != class) 896 break; 897#ifdef CONFIG_NF_NAT_NEEDED 898 if (!direct_rtp && 899 (!nf_inet_addr_cmp(&exp->saved_addr, &exp->tuple.dst.u3) || 900 exp->saved_proto.udp.port != exp->tuple.dst.u.udp.port) && 901 ct->status & IPS_NAT_MASK) { 902 *daddr = exp->saved_addr; 903 tuple.dst.u3 = exp->saved_addr; 904 tuple.dst.u.udp.port = exp->saved_proto.udp.port; 905 direct_rtp = 1; 906 } else 907#endif 908 skip_expect = 1; 909 } while (!skip_expect); 910 911 base_port = ntohs(tuple.dst.u.udp.port) & ~1; 912 rtp_port = htons(base_port); 913 rtcp_port = htons(base_port + 1); 914 915 if (direct_rtp) { 916 hooks = rcu_dereference(nf_nat_sip_hooks); 917 if (hooks && 918 !hooks->sdp_port(skb, protoff, dataoff, dptr, datalen, 919 mediaoff, medialen, ntohs(rtp_port))) 920 goto err1; 921 } 922 923 if (skip_expect) { 924 rcu_read_unlock(); 925 return NF_ACCEPT; 926 } 927 928 rtp_exp = nf_ct_expect_alloc(ct); 929 if (rtp_exp == NULL) 930 goto err1; 931 nf_ct_expect_init(rtp_exp, class, nf_ct_l3num(ct), saddr, daddr, 932 IPPROTO_UDP, NULL, &rtp_port); 933 934 rtcp_exp = nf_ct_expect_alloc(ct); 935 if (rtcp_exp == NULL) 936 goto err2; 937 nf_ct_expect_init(rtcp_exp, class, nf_ct_l3num(ct), saddr, daddr, 938 IPPROTO_UDP, NULL, &rtcp_port); 939 940 hooks = rcu_dereference(nf_nat_sip_hooks); 941 if (hooks && ct->status & IPS_NAT_MASK && !direct_rtp) 942 ret = hooks->sdp_media(skb, protoff, dataoff, dptr, 943 datalen, rtp_exp, rtcp_exp, 944 mediaoff, medialen, daddr); 945 else { 946 if (nf_ct_expect_related(rtp_exp) == 0) { 947 if (nf_ct_expect_related(rtcp_exp) != 0) 948 nf_ct_unexpect_related(rtp_exp); 949 else 950 ret = NF_ACCEPT; 951 } 952 } 953 nf_ct_expect_put(rtcp_exp); 954err2: 955 nf_ct_expect_put(rtp_exp); 956err1: 957 rcu_read_unlock(); 958 return ret; 959} 960 961static const struct sdp_media_type sdp_media_types[] = { 962 SDP_MEDIA_TYPE("audio ", SIP_EXPECT_AUDIO), 963 SDP_MEDIA_TYPE("video ", SIP_EXPECT_VIDEO), 964 SDP_MEDIA_TYPE("image ", SIP_EXPECT_IMAGE), 965}; 966 967static const struct sdp_media_type *sdp_media_type(const char *dptr, 968 unsigned int matchoff, 969 unsigned int matchlen) 970{ 971 const struct sdp_media_type *t; 972 unsigned int i; 973 974 for (i = 0; i < ARRAY_SIZE(sdp_media_types); i++) { 975 t = &sdp_media_types[i]; 976 if (matchlen < t->len || 977 strncmp(dptr + matchoff, t->name, t->len)) 978 continue; 979 return t; 980 } 981 return NULL; 982} 983 984static int process_sdp(struct sk_buff *skb, unsigned int protoff, 985 unsigned int dataoff, 986 const char **dptr, unsigned int *datalen, 987 unsigned int cseq) 988{ 989 enum ip_conntrack_info ctinfo; 990 struct nf_conn *ct = nf_ct_get(skb, &ctinfo); 991 unsigned int matchoff, matchlen; 992 unsigned int mediaoff, medialen; 993 unsigned int sdpoff; 994 unsigned int caddr_len, maddr_len; 995 unsigned int i; 996 union nf_inet_addr caddr, maddr, rtp_addr; 997 const struct nf_nat_sip_hooks *hooks; 998 unsigned int port; 999 const struct sdp_media_type *t; 1000 int ret = NF_ACCEPT; 1001 1002 hooks = rcu_dereference(nf_nat_sip_hooks); 1003 1004 /* Find beginning of session description */ 1005 if (ct_sip_get_sdp_header(ct, *dptr, 0, *datalen, 1006 SDP_HDR_VERSION, SDP_HDR_UNSPEC, 1007 &matchoff, &matchlen) <= 0) 1008 return NF_ACCEPT; 1009 sdpoff = matchoff; 1010 1011 /* The connection information is contained in the session description 1012 * and/or once per media description. The first media description marks 1013 * the end of the session description. */ 1014 caddr_len = 0; 1015 if (ct_sip_parse_sdp_addr(ct, *dptr, sdpoff, *datalen, 1016 SDP_HDR_CONNECTION, SDP_HDR_MEDIA, 1017 &matchoff, &matchlen, &caddr) > 0) 1018 caddr_len = matchlen; 1019 1020 mediaoff = sdpoff; 1021 for (i = 0; i < ARRAY_SIZE(sdp_media_types); ) { 1022 if (ct_sip_get_sdp_header(ct, *dptr, mediaoff, *datalen, 1023 SDP_HDR_MEDIA, SDP_HDR_UNSPEC, 1024 &mediaoff, &medialen) <= 0) 1025 break; 1026 1027 /* Get media type and port number. A media port value of zero 1028 * indicates an inactive stream. */ 1029 t = sdp_media_type(*dptr, mediaoff, medialen); 1030 if (!t) { 1031 mediaoff += medialen; 1032 continue; 1033 } 1034 mediaoff += t->len; 1035 medialen -= t->len; 1036 1037 port = simple_strtoul(*dptr + mediaoff, NULL, 10); 1038 if (port == 0) 1039 continue; 1040 if (port < 1024 || port > 65535) { 1041 nf_ct_helper_log(skb, ct, "wrong port %u", port); 1042 return NF_DROP; 1043 } 1044 1045 /* The media description overrides the session description. */ 1046 maddr_len = 0; 1047 if (ct_sip_parse_sdp_addr(ct, *dptr, mediaoff, *datalen, 1048 SDP_HDR_CONNECTION, SDP_HDR_MEDIA, 1049 &matchoff, &matchlen, &maddr) > 0) { 1050 maddr_len = matchlen; 1051 memcpy(&rtp_addr, &maddr, sizeof(rtp_addr)); 1052 } else if (caddr_len) 1053 memcpy(&rtp_addr, &caddr, sizeof(rtp_addr)); 1054 else { 1055 nf_ct_helper_log(skb, ct, "cannot parse SDP message"); 1056 return NF_DROP; 1057 } 1058 1059 ret = set_expected_rtp_rtcp(skb, protoff, dataoff, 1060 dptr, datalen, 1061 &rtp_addr, htons(port), t->class, 1062 mediaoff, medialen); 1063 if (ret != NF_ACCEPT) { 1064 nf_ct_helper_log(skb, ct, 1065 "cannot add expectation for voice"); 1066 return ret; 1067 } 1068 1069 /* Update media connection address if present */ 1070 if (maddr_len && hooks && ct->status & IPS_NAT_MASK) { 1071 ret = hooks->sdp_addr(skb, protoff, dataoff, 1072 dptr, datalen, mediaoff, 1073 SDP_HDR_CONNECTION, 1074 SDP_HDR_MEDIA, 1075 &rtp_addr); 1076 if (ret != NF_ACCEPT) { 1077 nf_ct_helper_log(skb, ct, "cannot mangle SDP"); 1078 return ret; 1079 } 1080 } 1081 i++; 1082 } 1083 1084 /* Update session connection and owner addresses */ 1085 hooks = rcu_dereference(nf_nat_sip_hooks); 1086 if (hooks && ct->status & IPS_NAT_MASK) 1087 ret = hooks->sdp_session(skb, protoff, dataoff, 1088 dptr, datalen, sdpoff, 1089 &rtp_addr); 1090 1091 return ret; 1092} 1093static int process_invite_response(struct sk_buff *skb, unsigned int protoff, 1094 unsigned int dataoff, 1095 const char **dptr, unsigned int *datalen, 1096 unsigned int cseq, unsigned int code) 1097{ 1098 enum ip_conntrack_info ctinfo; 1099 struct nf_conn *ct = nf_ct_get(skb, &ctinfo); 1100 struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct); 1101 1102 if ((code >= 100 && code <= 199) || 1103 (code >= 200 && code <= 299)) 1104 return process_sdp(skb, protoff, dataoff, dptr, datalen, cseq); 1105 else if (ct_sip_info->invite_cseq == cseq) 1106 flush_expectations(ct, true); 1107 return NF_ACCEPT; 1108} 1109 1110static int process_update_response(struct sk_buff *skb, unsigned int protoff, 1111 unsigned int dataoff, 1112 const char **dptr, unsigned int *datalen, 1113 unsigned int cseq, unsigned int code) 1114{ 1115 enum ip_conntrack_info ctinfo; 1116 struct nf_conn *ct = nf_ct_get(skb, &ctinfo); 1117 struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct); 1118 1119 if ((code >= 100 && code <= 199) || 1120 (code >= 200 && code <= 299)) 1121 return process_sdp(skb, protoff, dataoff, dptr, datalen, cseq); 1122 else if (ct_sip_info->invite_cseq == cseq) 1123 flush_expectations(ct, true); 1124 return NF_ACCEPT; 1125} 1126 1127static int process_prack_response(struct sk_buff *skb, unsigned int protoff, 1128 unsigned int dataoff, 1129 const char **dptr, unsigned int *datalen, 1130 unsigned int cseq, unsigned int code) 1131{ 1132 enum ip_conntrack_info ctinfo; 1133 struct nf_conn *ct = nf_ct_get(skb, &ctinfo); 1134 struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct); 1135 1136 if ((code >= 100 && code <= 199) || 1137 (code >= 200 && code <= 299)) 1138 return process_sdp(skb, protoff, dataoff, dptr, datalen, cseq); 1139 else if (ct_sip_info->invite_cseq == cseq) 1140 flush_expectations(ct, true); 1141 return NF_ACCEPT; 1142} 1143 1144static int process_invite_request(struct sk_buff *skb, unsigned int protoff, 1145 unsigned int dataoff, 1146 const char **dptr, unsigned int *datalen, 1147 unsigned int cseq) 1148{ 1149 enum ip_conntrack_info ctinfo; 1150 struct nf_conn *ct = nf_ct_get(skb, &ctinfo); 1151 struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct); 1152 unsigned int ret; 1153 1154 flush_expectations(ct, true); 1155 ret = process_sdp(skb, protoff, dataoff, dptr, datalen, cseq); 1156 if (ret == NF_ACCEPT) 1157 ct_sip_info->invite_cseq = cseq; 1158 return ret; 1159} 1160 1161static int process_bye_request(struct sk_buff *skb, unsigned int protoff, 1162 unsigned int dataoff, 1163 const char **dptr, unsigned int *datalen, 1164 unsigned int cseq) 1165{ 1166 enum ip_conntrack_info ctinfo; 1167 struct nf_conn *ct = nf_ct_get(skb, &ctinfo); 1168 1169 flush_expectations(ct, true); 1170 return NF_ACCEPT; 1171} 1172 1173/* Parse a REGISTER request and create a permanent expectation for incoming 1174 * signalling connections. The expectation is marked inactive and is activated 1175 * when receiving a response indicating success from the registrar. 1176 */ 1177static int process_register_request(struct sk_buff *skb, unsigned int protoff, 1178 unsigned int dataoff, 1179 const char **dptr, unsigned int *datalen, 1180 unsigned int cseq) 1181{ 1182 enum ip_conntrack_info ctinfo; 1183 struct nf_conn *ct = nf_ct_get(skb, &ctinfo); 1184 struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct); 1185 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); 1186 unsigned int matchoff, matchlen; 1187 struct nf_conntrack_expect *exp; 1188 union nf_inet_addr *saddr, daddr; 1189 const struct nf_nat_sip_hooks *hooks; 1190 __be16 port; 1191 u8 proto; 1192 unsigned int expires = 0; 1193 int ret; 1194 1195 /* Expected connections can not register again. */ 1196 if (ct->status & IPS_EXPECTED) 1197 return NF_ACCEPT; 1198 1199 /* We must check the expiration time: a value of zero signals the 1200 * registrar to release the binding. We'll remove our expectation 1201 * when receiving the new bindings in the response, but we don't 1202 * want to create new ones. 1203 * 1204 * The expiration time may be contained in Expires: header, the 1205 * Contact: header parameters or the URI parameters. 1206 */ 1207 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_EXPIRES, 1208 &matchoff, &matchlen) > 0) 1209 expires = simple_strtoul(*dptr + matchoff, NULL, 10); 1210 1211 ret = ct_sip_parse_header_uri(ct, *dptr, NULL, *datalen, 1212 SIP_HDR_CONTACT, NULL, 1213 &matchoff, &matchlen, &daddr, &port); 1214 if (ret < 0) { 1215 nf_ct_helper_log(skb, ct, "cannot parse contact"); 1216 return NF_DROP; 1217 } else if (ret == 0) 1218 return NF_ACCEPT; 1219 1220 /* We don't support third-party registrations */ 1221 if (!nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.src.u3, &daddr)) 1222 return NF_ACCEPT; 1223 1224 if (ct_sip_parse_transport(ct, *dptr, matchoff + matchlen, *datalen, 1225 &proto) == 0) 1226 return NF_ACCEPT; 1227 1228 if (ct_sip_parse_numerical_param(ct, *dptr, 1229 matchoff + matchlen, *datalen, 1230 "expires=", NULL, NULL, &expires) < 0) { 1231 nf_ct_helper_log(skb, ct, "cannot parse expires"); 1232 return NF_DROP; 1233 } 1234 1235 if (expires == 0) { 1236 ret = NF_ACCEPT; 1237 goto store_cseq; 1238 } 1239 1240 exp = nf_ct_expect_alloc(ct); 1241 if (!exp) { 1242 nf_ct_helper_log(skb, ct, "cannot alloc expectation"); 1243 return NF_DROP; 1244 } 1245 1246 saddr = NULL; 1247 if (sip_direct_signalling) 1248 saddr = &ct->tuplehash[!dir].tuple.src.u3; 1249 1250 nf_ct_expect_init(exp, SIP_EXPECT_SIGNALLING, nf_ct_l3num(ct), 1251 saddr, &daddr, proto, NULL, &port); 1252 exp->timeout.expires = sip_timeout * HZ; 1253 exp->helper = nfct_help(ct)->helper; 1254 exp->flags = NF_CT_EXPECT_PERMANENT | NF_CT_EXPECT_INACTIVE; 1255 1256 hooks = rcu_dereference(nf_nat_sip_hooks); 1257 if (hooks && ct->status & IPS_NAT_MASK) 1258 ret = hooks->expect(skb, protoff, dataoff, dptr, datalen, 1259 exp, matchoff, matchlen); 1260 else { 1261 if (nf_ct_expect_related(exp) != 0) { 1262 nf_ct_helper_log(skb, ct, "cannot add expectation"); 1263 ret = NF_DROP; 1264 } else 1265 ret = NF_ACCEPT; 1266 } 1267 nf_ct_expect_put(exp); 1268 1269store_cseq: 1270 if (ret == NF_ACCEPT) 1271 ct_sip_info->register_cseq = cseq; 1272 return ret; 1273} 1274 1275static int process_register_response(struct sk_buff *skb, unsigned int protoff, 1276 unsigned int dataoff, 1277 const char **dptr, unsigned int *datalen, 1278 unsigned int cseq, unsigned int code) 1279{ 1280 enum ip_conntrack_info ctinfo; 1281 struct nf_conn *ct = nf_ct_get(skb, &ctinfo); 1282 struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct); 1283 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); 1284 union nf_inet_addr addr; 1285 __be16 port; 1286 u8 proto; 1287 unsigned int matchoff, matchlen, coff = 0; 1288 unsigned int expires = 0; 1289 int in_contact = 0, ret; 1290 1291 /* According to RFC 3261, "UAs MUST NOT send a new registration until 1292 * they have received a final response from the registrar for the 1293 * previous one or the previous REGISTER request has timed out". 1294 * 1295 * However, some servers fail to detect retransmissions and send late 1296 * responses, so we store the sequence number of the last valid 1297 * request and compare it here. 1298 */ 1299 if (ct_sip_info->register_cseq != cseq) 1300 return NF_ACCEPT; 1301 1302 if (code >= 100 && code <= 199) 1303 return NF_ACCEPT; 1304 if (code < 200 || code > 299) 1305 goto flush; 1306 1307 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_EXPIRES, 1308 &matchoff, &matchlen) > 0) 1309 expires = simple_strtoul(*dptr + matchoff, NULL, 10); 1310 1311 while (1) { 1312 unsigned int c_expires = expires; 1313 1314 ret = ct_sip_parse_header_uri(ct, *dptr, &coff, *datalen, 1315 SIP_HDR_CONTACT, &in_contact, 1316 &matchoff, &matchlen, 1317 &addr, &port); 1318 if (ret < 0) { 1319 nf_ct_helper_log(skb, ct, "cannot parse contact"); 1320 return NF_DROP; 1321 } else if (ret == 0) 1322 break; 1323 1324 /* We don't support third-party registrations */ 1325 if (!nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.dst.u3, &addr)) 1326 continue; 1327 1328 if (ct_sip_parse_transport(ct, *dptr, matchoff + matchlen, 1329 *datalen, &proto) == 0) 1330 continue; 1331 1332 ret = ct_sip_parse_numerical_param(ct, *dptr, 1333 matchoff + matchlen, 1334 *datalen, "expires=", 1335 NULL, NULL, &c_expires); 1336 if (ret < 0) { 1337 nf_ct_helper_log(skb, ct, "cannot parse expires"); 1338 return NF_DROP; 1339 } 1340 if (c_expires == 0) 1341 break; 1342 if (refresh_signalling_expectation(ct, &addr, proto, port, 1343 c_expires)) 1344 return NF_ACCEPT; 1345 } 1346 1347flush: 1348 flush_expectations(ct, false); 1349 return NF_ACCEPT; 1350} 1351 1352static const struct sip_handler sip_handlers[] = { 1353 SIP_HANDLER("INVITE", process_invite_request, process_invite_response), 1354 SIP_HANDLER("UPDATE", process_sdp, process_update_response), 1355 SIP_HANDLER("ACK", process_sdp, NULL), 1356 SIP_HANDLER("PRACK", process_sdp, process_prack_response), 1357 SIP_HANDLER("BYE", process_bye_request, NULL), 1358 SIP_HANDLER("REGISTER", process_register_request, process_register_response), 1359}; 1360 1361static int process_sip_response(struct sk_buff *skb, unsigned int protoff, 1362 unsigned int dataoff, 1363 const char **dptr, unsigned int *datalen) 1364{ 1365 enum ip_conntrack_info ctinfo; 1366 struct nf_conn *ct = nf_ct_get(skb, &ctinfo); 1367 unsigned int matchoff, matchlen, matchend; 1368 unsigned int code, cseq, i; 1369 1370 if (*datalen < strlen("SIP/2.0 200")) 1371 return NF_ACCEPT; 1372 code = simple_strtoul(*dptr + strlen("SIP/2.0 "), NULL, 10); 1373 if (!code) { 1374 nf_ct_helper_log(skb, ct, "cannot get code"); 1375 return NF_DROP; 1376 } 1377 1378 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_CSEQ, 1379 &matchoff, &matchlen) <= 0) { 1380 nf_ct_helper_log(skb, ct, "cannot parse cseq"); 1381 return NF_DROP; 1382 } 1383 cseq = simple_strtoul(*dptr + matchoff, NULL, 10); 1384 if (!cseq) { 1385 nf_ct_helper_log(skb, ct, "cannot get cseq"); 1386 return NF_DROP; 1387 } 1388 matchend = matchoff + matchlen + 1; 1389 1390 for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) { 1391 const struct sip_handler *handler; 1392 1393 handler = &sip_handlers[i]; 1394 if (handler->response == NULL) 1395 continue; 1396 if (*datalen < matchend + handler->len || 1397 strncasecmp(*dptr + matchend, handler->method, handler->len)) 1398 continue; 1399 return handler->response(skb, protoff, dataoff, dptr, datalen, 1400 cseq, code); 1401 } 1402 return NF_ACCEPT; 1403} 1404 1405static int process_sip_request(struct sk_buff *skb, unsigned int protoff, 1406 unsigned int dataoff, 1407 const char **dptr, unsigned int *datalen) 1408{ 1409 enum ip_conntrack_info ctinfo; 1410 struct nf_conn *ct = nf_ct_get(skb, &ctinfo); 1411 struct nf_ct_sip_master *ct_sip_info = nfct_help_data(ct); 1412 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); 1413 unsigned int matchoff, matchlen; 1414 unsigned int cseq, i; 1415 union nf_inet_addr addr; 1416 __be16 port; 1417 1418 /* Many Cisco IP phones use a high source port for SIP requests, but 1419 * listen for the response on port 5060. If we are the local 1420 * router for one of these phones, save the port number from the 1421 * Via: header so that nf_nat_sip can redirect the responses to 1422 * the correct port. 1423 */ 1424 if (ct_sip_parse_header_uri(ct, *dptr, NULL, *datalen, 1425 SIP_HDR_VIA_UDP, NULL, &matchoff, 1426 &matchlen, &addr, &port) > 0 && 1427 port != ct->tuplehash[dir].tuple.src.u.udp.port && 1428 nf_inet_addr_cmp(&addr, &ct->tuplehash[dir].tuple.src.u3)) 1429 ct_sip_info->forced_dport = port; 1430 1431 for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) { 1432 const struct sip_handler *handler; 1433 1434 handler = &sip_handlers[i]; 1435 if (handler->request == NULL) 1436 continue; 1437 if (*datalen < handler->len || 1438 strncasecmp(*dptr, handler->method, handler->len)) 1439 continue; 1440 1441 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_CSEQ, 1442 &matchoff, &matchlen) <= 0) { 1443 nf_ct_helper_log(skb, ct, "cannot parse cseq"); 1444 return NF_DROP; 1445 } 1446 cseq = simple_strtoul(*dptr + matchoff, NULL, 10); 1447 if (!cseq) { 1448 nf_ct_helper_log(skb, ct, "cannot get cseq"); 1449 return NF_DROP; 1450 } 1451 1452 return handler->request(skb, protoff, dataoff, dptr, datalen, 1453 cseq); 1454 } 1455 return NF_ACCEPT; 1456} 1457 1458static int process_sip_msg(struct sk_buff *skb, struct nf_conn *ct, 1459 unsigned int protoff, unsigned int dataoff, 1460 const char **dptr, unsigned int *datalen) 1461{ 1462 const struct nf_nat_sip_hooks *hooks; 1463 int ret; 1464 1465 if (strncasecmp(*dptr, "SIP/2.0 ", strlen("SIP/2.0 ")) != 0) 1466 ret = process_sip_request(skb, protoff, dataoff, dptr, datalen); 1467 else 1468 ret = process_sip_response(skb, protoff, dataoff, dptr, datalen); 1469 1470 if (ret == NF_ACCEPT && ct->status & IPS_NAT_MASK) { 1471 hooks = rcu_dereference(nf_nat_sip_hooks); 1472 if (hooks && !hooks->msg(skb, protoff, dataoff, 1473 dptr, datalen)) { 1474 nf_ct_helper_log(skb, ct, "cannot NAT SIP message"); 1475 ret = NF_DROP; 1476 } 1477 } 1478 1479 return ret; 1480} 1481 1482static int sip_help_tcp(struct sk_buff *skb, unsigned int protoff, 1483 struct nf_conn *ct, enum ip_conntrack_info ctinfo) 1484{ 1485 struct tcphdr *th, _tcph; 1486 unsigned int dataoff, datalen; 1487 unsigned int matchoff, matchlen, clen; 1488 unsigned int msglen, origlen; 1489 const char *dptr, *end; 1490 s16 diff, tdiff = 0; 1491 int ret = NF_ACCEPT; 1492 bool term; 1493 1494 if (ctinfo != IP_CT_ESTABLISHED && 1495 ctinfo != IP_CT_ESTABLISHED_REPLY) 1496 return NF_ACCEPT; 1497 1498 /* No Data ? */ 1499 th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph); 1500 if (th == NULL) 1501 return NF_ACCEPT; 1502 dataoff = protoff + th->doff * 4; 1503 if (dataoff >= skb->len) 1504 return NF_ACCEPT; 1505 1506 nf_ct_refresh(ct, skb, sip_timeout * HZ); 1507 1508 if (unlikely(skb_linearize(skb))) 1509 return NF_DROP; 1510 1511 dptr = skb->data + dataoff; 1512 datalen = skb->len - dataoff; 1513 if (datalen < strlen("SIP/2.0 200")) 1514 return NF_ACCEPT; 1515 1516 while (1) { 1517 if (ct_sip_get_header(ct, dptr, 0, datalen, 1518 SIP_HDR_CONTENT_LENGTH, 1519 &matchoff, &matchlen) <= 0) 1520 break; 1521 1522 clen = simple_strtoul(dptr + matchoff, (char **)&end, 10); 1523 if (dptr + matchoff == end) 1524 break; 1525 1526 term = false; 1527 for (; end + strlen("\r\n\r\n") <= dptr + datalen; end++) { 1528 if (end[0] == '\r' && end[1] == '\n' && 1529 end[2] == '\r' && end[3] == '\n') { 1530 term = true; 1531 break; 1532 } 1533 } 1534 if (!term) 1535 break; 1536 end += strlen("\r\n\r\n") + clen; 1537 1538 msglen = origlen = end - dptr; 1539 if (msglen > datalen) 1540 return NF_ACCEPT; 1541 1542 ret = process_sip_msg(skb, ct, protoff, dataoff, 1543 &dptr, &msglen); 1544 /* process_sip_* functions report why this packet is dropped */ 1545 if (ret != NF_ACCEPT) 1546 break; 1547 diff = msglen - origlen; 1548 tdiff += diff; 1549 1550 dataoff += msglen; 1551 dptr += msglen; 1552 datalen = datalen + diff - msglen; 1553 } 1554 1555 if (ret == NF_ACCEPT && ct->status & IPS_NAT_MASK) { 1556 const struct nf_nat_sip_hooks *hooks; 1557 1558 hooks = rcu_dereference(nf_nat_sip_hooks); 1559 if (hooks) 1560 hooks->seq_adjust(skb, protoff, tdiff); 1561 } 1562 1563 return ret; 1564} 1565 1566static int sip_help_udp(struct sk_buff *skb, unsigned int protoff, 1567 struct nf_conn *ct, enum ip_conntrack_info ctinfo) 1568{ 1569 unsigned int dataoff, datalen; 1570 const char *dptr; 1571 1572 /* No Data ? */ 1573 dataoff = protoff + sizeof(struct udphdr); 1574 if (dataoff >= skb->len) 1575 return NF_ACCEPT; 1576 1577 nf_ct_refresh(ct, skb, sip_timeout * HZ); 1578 1579 if (unlikely(skb_linearize(skb))) 1580 return NF_DROP; 1581 1582 dptr = skb->data + dataoff; 1583 datalen = skb->len - dataoff; 1584 if (datalen < strlen("SIP/2.0 200")) 1585 return NF_ACCEPT; 1586 1587 return process_sip_msg(skb, ct, protoff, dataoff, &dptr, &datalen); 1588} 1589 1590static struct nf_conntrack_helper sip[MAX_PORTS][4] __read_mostly; 1591 1592static const struct nf_conntrack_expect_policy sip_exp_policy[SIP_EXPECT_MAX + 1] = { 1593 [SIP_EXPECT_SIGNALLING] = { 1594 .name = "signalling", 1595 .max_expected = 1, 1596 .timeout = 3 * 60, 1597 }, 1598 [SIP_EXPECT_AUDIO] = { 1599 .name = "audio", 1600 .max_expected = 2 * IP_CT_DIR_MAX, 1601 .timeout = 3 * 60, 1602 }, 1603 [SIP_EXPECT_VIDEO] = { 1604 .name = "video", 1605 .max_expected = 2 * IP_CT_DIR_MAX, 1606 .timeout = 3 * 60, 1607 }, 1608 [SIP_EXPECT_IMAGE] = { 1609 .name = "image", 1610 .max_expected = IP_CT_DIR_MAX, 1611 .timeout = 3 * 60, 1612 }, 1613}; 1614 1615static void nf_conntrack_sip_fini(void) 1616{ 1617 int i, j; 1618 1619 for (i = 0; i < ports_c; i++) { 1620 for (j = 0; j < ARRAY_SIZE(sip[i]); j++) { 1621 if (sip[i][j].me == NULL) 1622 continue; 1623 nf_conntrack_helper_unregister(&sip[i][j]); 1624 } 1625 } 1626} 1627 1628static int __init nf_conntrack_sip_init(void) 1629{ 1630 int i, j, ret; 1631 1632 if (ports_c == 0) 1633 ports[ports_c++] = SIP_PORT; 1634 1635 for (i = 0; i < ports_c; i++) { 1636 memset(&sip[i], 0, sizeof(sip[i])); 1637 1638 sip[i][0].tuple.src.l3num = AF_INET; 1639 sip[i][0].tuple.dst.protonum = IPPROTO_UDP; 1640 sip[i][0].help = sip_help_udp; 1641 sip[i][1].tuple.src.l3num = AF_INET; 1642 sip[i][1].tuple.dst.protonum = IPPROTO_TCP; 1643 sip[i][1].help = sip_help_tcp; 1644 1645 sip[i][2].tuple.src.l3num = AF_INET6; 1646 sip[i][2].tuple.dst.protonum = IPPROTO_UDP; 1647 sip[i][2].help = sip_help_udp; 1648 sip[i][3].tuple.src.l3num = AF_INET6; 1649 sip[i][3].tuple.dst.protonum = IPPROTO_TCP; 1650 sip[i][3].help = sip_help_tcp; 1651 1652 for (j = 0; j < ARRAY_SIZE(sip[i]); j++) { 1653 sip[i][j].data_len = sizeof(struct nf_ct_sip_master); 1654 sip[i][j].tuple.src.u.udp.port = htons(ports[i]); 1655 sip[i][j].expect_policy = sip_exp_policy; 1656 sip[i][j].expect_class_max = SIP_EXPECT_MAX; 1657 sip[i][j].me = THIS_MODULE; 1658 1659 if (ports[i] == SIP_PORT) 1660 sprintf(sip[i][j].name, "sip"); 1661 else 1662 sprintf(sip[i][j].name, "sip-%u", i); 1663 1664 pr_debug("port #%u: %u\n", i, ports[i]); 1665 1666 ret = nf_conntrack_helper_register(&sip[i][j]); 1667 if (ret) { 1668 printk(KERN_ERR "nf_ct_sip: failed to register" 1669 " helper for pf: %u port: %u\n", 1670 sip[i][j].tuple.src.l3num, ports[i]); 1671 nf_conntrack_sip_fini(); 1672 return ret; 1673 } 1674 } 1675 } 1676 return 0; 1677} 1678 1679module_init(nf_conntrack_sip_init); 1680module_exit(nf_conntrack_sip_fini); 1681