[net-next-2.6.git] / net / ipv4 / netfilter / ip_conntrack_sip.c

/* SIP extension for IP connection tracking.
 *
 * (C) 2005 by Christian Hentschel <chentschel@arnet.com.ar>
 * based on RR's ip_conntrack_ftp.c and other modules.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */

#include <linux/module.h>
#include <linux/ctype.h>
#include <linux/skbuff.h>
#include <linux/in.h>
#include <linux/ip.h>
#include <linux/udp.h>

#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
#include <linux/netfilter_ipv4/ip_conntrack_sip.h>

#if 0
#define DEBUGP printk
#else
#define DEBUGP(format, args...)
#endif

MODULE_LICENSE("GPL");
MODULE_AUTHOR("Christian Hentschel <chentschel@arnet.com.ar>");
MODULE_DESCRIPTION("SIP connection tracking helper");

#define MAX_PORTS	8
static unsigned short ports[MAX_PORTS];
static int ports_c;
module_param_array(ports, ushort, &ports_c, 0400);
MODULE_PARM_DESC(ports, "port numbers of sip servers");

static unsigned int sip_timeout = SIP_TIMEOUT;
module_param(sip_timeout, uint, 0600);
MODULE_PARM_DESC(sip_timeout, "timeout for the master SIP session");

unsigned int (*ip_nat_sip_hook)(struct sk_buff **pskb,
				enum ip_conntrack_info ctinfo,
				struct ip_conntrack *ct,
				const char **dptr);
EXPORT_SYMBOL_GPL(ip_nat_sip_hook);

unsigned int (*ip_nat_sdp_hook)(struct sk_buff **pskb,
				enum ip_conntrack_info ctinfo,
				struct ip_conntrack_expect *exp,
				const char *dptr);
EXPORT_SYMBOL_GPL(ip_nat_sdp_hook);

static int digits_len(const char *dptr, const char *limit, int *shift);
static int epaddr_len(const char *dptr, const char *limit, int *shift);
static int skp_digits_len(const char *dptr, const char *limit, int *shift);
static int skp_epaddr_len(const char *dptr, const char *limit, int *shift);

struct sip_header_nfo {
	const char	*lname;
	const char	*sname;
	const char	*ln_str;
	size_t		lnlen;
	size_t		snlen;
	size_t		ln_strlen;
	int		case_sensitive;
	int		(*match_len)(const char *, const char *, int *);
};

static struct sip_header_nfo ct_sip_hdrs[] = {
	[POS_REQ_HEADER] = { 	/* SIP Requests headers */
		.lname		= "sip:",
		.lnlen		= sizeof("sip:") - 1,
		.ln_str		= "@",
		.ln_strlen	= sizeof("@") - 1,
		.match_len	= epaddr_len
	},
	[POS_VIA] = { 		/* SIP Via header */
		.lname		= "Via:",
		.lnlen		= sizeof("Via:") - 1,
		.sname		= "\r\nv:",
		.snlen		= sizeof("\r\nv:") - 1, /* rfc3261 "\r\n" */
		.ln_str		= "UDP ",
		.ln_strlen	= sizeof("UDP ") - 1,
		.match_len	= epaddr_len,
	},
	[POS_CONTACT] = { 	/* SIP Contact header */
		.lname		= "Contact:",
		.lnlen		= sizeof("Contact:") - 1,
		.sname		= "\r\nm:",
		.snlen		= sizeof("\r\nm:") - 1,
		.ln_str		= "sip:",
		.ln_strlen	= sizeof("sip:") - 1,
		.match_len	= skp_epaddr_len
	},
	[POS_CONTENT] = { 	/* SIP Content length header */
		.lname		= "Content-Length:",
		.lnlen		= sizeof("Content-Length:") - 1,
		.sname		= "\r\nl:",
		.snlen		= sizeof("\r\nl:") - 1,
		.ln_str		= ":",
		.ln_strlen	= sizeof(":") - 1,
		.match_len	= skp_digits_len
	},
	[POS_MEDIA] = {		/* SDP media info */
		.case_sensitive	= 1,
		.lname		= "\nm=",
		.lnlen		= sizeof("\nm=") - 1,
		.sname		= "\rm=",
		.snlen		= sizeof("\rm=") - 1,
		.ln_str		= "audio ",
		.ln_strlen	= sizeof("audio ") - 1,
		.match_len	= digits_len
	},
	[POS_OWNER] = { 	/* SDP owner address*/
		.case_sensitive	= 1,
		.lname		= "\no=",
		.lnlen		= sizeof("\no=") - 1,
		.sname		= "\ro=",
		.snlen		= sizeof("\ro=") - 1,
		.ln_str		= "IN IP4 ",
		.ln_strlen	= sizeof("IN IP4 ") - 1,
		.match_len	= epaddr_len
	},
	[POS_CONNECTION] = { 	/* SDP connection info */
		.case_sensitive	= 1,
		.lname		= "\nc=",
		.lnlen		= sizeof("\nc=") - 1,
		.sname		= "\rc=",
		.snlen		= sizeof("\rc=") - 1,
		.ln_str		= "IN IP4 ",
		.ln_strlen	= sizeof("IN IP4 ") - 1,
		.match_len	= epaddr_len
	},
	[POS_SDP_HEADER] = { 	/* SDP version header */
		.case_sensitive	= 1,
		.lname		= "\nv=",
		.lnlen		= sizeof("\nv=") - 1,
		.sname		= "\rv=",
		.snlen		= sizeof("\rv=") - 1,
		.ln_str		= "=",
		.ln_strlen	= sizeof("=") - 1,
		.match_len	= digits_len
	}
};

/* get line lenght until first CR or LF seen. */
int ct_sip_lnlen(const char *line, const char *limit)
{
	const char *k = line;

	while ((line <= limit) && (*line == '\r' || *line == '\n'))
		line++;

	while (line <= limit) {
		if (*line == '\r' || *line == '\n')
			break;
		line++;
	}
	return line - k;
}
EXPORT_SYMBOL_GPL(ct_sip_lnlen);

/* Linear string search, case sensitive. */
const char *ct_sip_search(const char *needle, const char *haystack,
			  size_t needle_len, size_t haystack_len,
			  int case_sensitive)
{
	const char *limit = haystack + (haystack_len - needle_len);

	while (haystack <= limit) {
		if (case_sensitive) {
			if (strncmp(haystack, needle, needle_len) == 0)
				return haystack;
		} else {
			if (strnicmp(haystack, needle, needle_len) == 0)
				return haystack;
		}
		haystack++;
	}
	return NULL;
}
EXPORT_SYMBOL_GPL(ct_sip_search);

static int digits_len(const char *dptr, const char *limit, int *shift)
{
	int len = 0;
	while (dptr <= limit && isdigit(*dptr)) {
		dptr++;
		len++;
	}
	return len;
}

/* get digits lenght, skiping blank spaces. */
static int skp_digits_len(const char *dptr, const char *limit, int *shift)
{
	for (; dptr <= limit && *dptr == ' '; dptr++)
		(*shift)++;

	return digits_len(dptr, limit, shift);
}

/* Simple ipaddr parser.. */
static int parse_ipaddr(const char *cp,	const char **endp,
			__be32 *ipaddr, const char *limit)
{
	unsigned long int val;
	int i, digit = 0;

	for (i = 0, *ipaddr = 0; cp <= limit && i < 4; i++) {
		digit = 0;
		if (!isdigit(*cp))
			break;

		val = simple_strtoul(cp, (char **)&cp, 10);
		if (val > 0xFF)
			return -1;

		((u_int8_t *)ipaddr)[i] = val;
		digit = 1;

		if (*cp != '.')
			break;
		cp++;
	}
	if (!digit)
		return -1;

	if (endp)
		*endp = cp;

	return 0;
}

/* skip ip address. returns it lenght. */
static int epaddr_len(const char *dptr, const char *limit, int *shift)
{
	const char *aux = dptr;
	__be32 ip;

	if (parse_ipaddr(dptr, &dptr, &ip, limit) < 0) {
		DEBUGP("ip: %s parse failed.!\n", dptr);
		return 0;
	}

	/* Port number */
	if (*dptr == ':') {
		dptr++;
		dptr += digits_len(dptr, limit, shift);
	}
	return dptr - aux;
}

/* get address length, skiping user info. */
static int skp_epaddr_len(const char *dptr, const char *limit, int *shift)
{
	int s = *shift;

	for (; dptr <= limit && *dptr != '@'; dptr++)
		(*shift)++;

	if (*dptr == '@') {
		dptr++;
		(*shift)++;
	} else
		*shift = s;

	return epaddr_len(dptr, limit, shift);
}

/* Returns 0 if not found, -1 error parsing. */
int ct_sip_get_info(const char *dptr, size_t dlen,
		    unsigned int *matchoff,
		    unsigned int *matchlen,
		    enum sip_header_pos pos)
{
	struct sip_header_nfo *hnfo = &ct_sip_hdrs[pos];
	const char *limit, *aux, *k = dptr;
	int shift = 0;

	limit = dptr + (dlen - hnfo->lnlen);

	while (dptr <= limit) {
		if ((strncmp(dptr, hnfo->lname, hnfo->lnlen) != 0) &&
		    (hinfo->sname == NULL ||
		     strncmp(dptr, hnfo->sname, hnfo->snlen) != 0)) {
			dptr++;
			continue;
		}
		aux = ct_sip_search(hnfo->ln_str, dptr, hnfo->ln_strlen,
		                    ct_sip_lnlen(dptr, limit),
				    hnfo->case_sensitive);
		if (!aux) {
			DEBUGP("'%s' not found in '%s'.\n", hnfo->ln_str,
			       hnfo->lname);
			return -1;
		}
		aux += hnfo->ln_strlen;

		*matchlen = hnfo->match_len(aux, limit, &shift);
		if (!*matchlen)
			return -1;

		*matchoff = (aux - k) + shift;

		DEBUGP("%s match succeeded! - len: %u\n", hnfo->lname,
		       *matchlen);
		return 1;
	}
	DEBUGP("%s header not found.\n", hnfo->lname);
	return 0;
}
EXPORT_SYMBOL_GPL(ct_sip_get_info);

static int set_expected_rtp(struct sk_buff **pskb,
			    struct ip_conntrack *ct,
			    enum ip_conntrack_info ctinfo,
			    __be32 ipaddr, u_int16_t port,
			    const char *dptr)
{
	struct ip_conntrack_expect *exp;
	enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
	int ret;
	typeof(ip_nat_sdp_hook) ip_nat_sdp;

	exp = ip_conntrack_expect_alloc(ct);
	if (exp == NULL)
		return NF_DROP;

	exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
	exp->tuple.src.u.udp.port = 0;
	exp->tuple.dst.ip = ipaddr;
	exp->tuple.dst.u.udp.port = htons(port);
	exp->tuple.dst.protonum = IPPROTO_UDP;

	exp->mask.src.ip = htonl(0xFFFFFFFF);
	exp->mask.src.u.udp.port = 0;
	exp->mask.dst.ip = htonl(0xFFFFFFFF);
	exp->mask.dst.u.udp.port = htons(0xFFFF);
	exp->mask.dst.protonum = 0xFF;

	exp->expectfn = NULL;
	exp->flags = 0;

	ip_nat_sdp = rcu_dereference(ip_nat_sdp_hook);
	if (ip_nat_sdp)
		ret = ip_nat_sdp(pskb, ctinfo, exp, dptr);
	else {
		if (ip_conntrack_expect_related(exp) != 0)
			ret = NF_DROP;
		else
			ret = NF_ACCEPT;
	}
	ip_conntrack_expect_put(exp);

	return ret;
}

static int sip_help(struct sk_buff **pskb,
		    struct ip_conntrack *ct,
		    enum ip_conntrack_info ctinfo)
{
	unsigned int dataoff, datalen;
	const char *dptr;
	int ret = NF_ACCEPT;
	int matchoff, matchlen;
	__be32 ipaddr;
	u_int16_t port;
	typeof(ip_nat_sip_hook) ip_nat_sip;

	/* No Data ? */
	dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr);
	if (dataoff >= (*pskb)->len) {
		DEBUGP("skb->len = %u\n", (*pskb)->len);
		return NF_ACCEPT;
        }

	ip_ct_refresh(ct, *pskb, sip_timeout * HZ);

	if (!skb_is_nonlinear(*pskb))
		dptr = (*pskb)->data + dataoff;
	else {
		DEBUGP("Copy of skbuff not supported yet.\n");
		goto out;
	}

	ip_nat_sip = rcu_dereference(ip_nat_sip_hook);
	if (ip_nat_sip) {
		if (!ip_nat_sip(pskb, ctinfo, ct, &dptr)) {
			ret = NF_DROP;
			goto out;
		}
	}

	/* After this point NAT, could have mangled skb, so
	   we need to recalculate payload lenght. */
	datalen = (*pskb)->len - dataoff;

	if (datalen < (sizeof("SIP/2.0 200") - 1))
		goto out;

	/* RTP info only in some SDP pkts */
	if (memcmp(dptr, "INVITE", sizeof("INVITE") - 1) != 0 &&
	    memcmp(dptr, "SIP/2.0 200", sizeof("SIP/2.0 200") - 1) != 0) {
		goto out;
	}
	/* Get ip and port address from SDP packet. */
	if (ct_sip_get_info(dptr, datalen, &matchoff, &matchlen,
	                    POS_CONNECTION) > 0) {

		/* We'll drop only if there are parse problems. */
		if (parse_ipaddr(dptr + matchoff, NULL, &ipaddr,
		                 dptr + datalen) < 0) {
			ret = NF_DROP;
			goto out;
		}
		if (ct_sip_get_info(dptr, datalen, &matchoff, &matchlen,
		                    POS_MEDIA) > 0) {

			port = simple_strtoul(dptr + matchoff, NULL, 10);
			if (port < 1024) {
				ret = NF_DROP;
				goto out;
			}
			ret = set_expected_rtp(pskb, ct, ctinfo,
					       ipaddr, port, dptr);
		}
	}
out:
	return ret;
}

static struct ip_conntrack_helper sip[MAX_PORTS];
static char sip_names[MAX_PORTS][10];

static void fini(void)
{
	int i;
	for (i = 0; i < ports_c; i++) {
		DEBUGP("unregistering helper for port %d\n", ports[i]);
		ip_conntrack_helper_unregister(&sip[i]);
	}
}

static int __init init(void)
{
	int i, ret;
	char *tmpname;

	if (ports_c == 0)
		ports[ports_c++] = SIP_PORT;

	for (i = 0; i < ports_c; i++) {
		/* Create helper structure */
		memset(&sip[i], 0, sizeof(struct ip_conntrack_helper));

		sip[i].tuple.dst.protonum = IPPROTO_UDP;
		sip[i].tuple.src.u.udp.port = htons(ports[i]);
		sip[i].mask.src.u.udp.port = htons(0xFFFF);
		sip[i].mask.dst.protonum = 0xFF;
		sip[i].max_expected = 2;
		sip[i].timeout = 3 * 60; /* 3 minutes */
		sip[i].me = THIS_MODULE;
		sip[i].help = sip_help;

		tmpname = &sip_names[i][0];
		if (ports[i] == SIP_PORT)
			sprintf(tmpname, "sip");
		else
			sprintf(tmpname, "sip-%d", i);
		sip[i].name = tmpname;

		DEBUGP("port #%d: %d\n", i, ports[i]);

		ret = ip_conntrack_helper_register(&sip[i]);
		if (ret) {
			printk("ERROR registering helper for port %d\n",
				ports[i]);
			fini();
			return ret;
		}
	}
	return 0;
}

module_init(init);
module_exit(fini);
Commit	Line	Data
ae5b7d8b PM	1	/* SIP extension for IP connection tracking.
	2	*
	3	* (C) 2005 by Christian Hentschel <chentschel@arnet.com.ar>
	4	* based on RR's ip_conntrack_ftp.c and other modules.
	5	*
	6	* This program is free software; you can redistribute it and/or modify
	7	* it under the terms of the GNU General Public License version 2 as
	8	* published by the Free Software Foundation.
	9	*/
	10
ae5b7d8b PM	11	#include <linux/module.h>
	12	#include <linux/ctype.h>
	13	#include <linux/skbuff.h>
	14	#include <linux/in.h>
	15	#include <linux/ip.h>
	16	#include <linux/udp.h>
	17
	18	#include <linux/netfilter.h>
	19	#include <linux/netfilter_ipv4.h>
	20	#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
	21	#include <linux/netfilter_ipv4/ip_conntrack_sip.h>
	22
	23	#if 0
	24	#define DEBUGP printk
	25	#else
	26	#define DEBUGP(format, args...)
	27	#endif
	28
	29	MODULE_LICENSE("GPL");
	30	MODULE_AUTHOR("Christian Hentschel <chentschel@arnet.com.ar>");
	31	MODULE_DESCRIPTION("SIP connection tracking helper");
	32
	33	#define MAX_PORTS 8
	34	static unsigned short ports[MAX_PORTS];
	35	static int ports_c;
	36	module_param_array(ports, ushort, &ports_c, 0400);
	37	MODULE_PARM_DESC(ports, "port numbers of sip servers");
	38
	39	static unsigned int sip_timeout = SIP_TIMEOUT;
	40	module_param(sip_timeout, uint, 0600);
	41	MODULE_PARM_DESC(sip_timeout, "timeout for the master SIP session");
	42
	43	unsigned int (ip_nat_sip_hook)(struct sk_buff *pskb,
	44	enum ip_conntrack_info ctinfo,
	45	struct ip_conntrack *ct,
	46	const char **dptr);
	47	EXPORT_SYMBOL_GPL(ip_nat_sip_hook);
	48
	49	unsigned int (ip_nat_sdp_hook)(struct sk_buff *pskb,
	50	enum ip_conntrack_info ctinfo,
	51	struct ip_conntrack_expect *exp,
	52	const char *dptr);
	53	EXPORT_SYMBOL_GPL(ip_nat_sdp_hook);
	54
ae5b7d8b PM	55	static int digits_len(const char dptr, const char limit, int *shift);
	56	static int epaddr_len(const char dptr, const char limit, int *shift);
	57	static int skp_digits_len(const char dptr, const char limit, int *shift);
	58	static int skp_epaddr_len(const char dptr, const char limit, int *shift);
	59
9d5b8baa PM	60	struct sip_header_nfo {
	61	const char *lname;
	62	const char *sname;
	63	const char *ln_str;
	64	size_t lnlen;
	65	size_t snlen;
	66	size_t ln_strlen;
40883e81	67	int case_sensitive;
9d5b8baa PM	68	int (match_len)(const char , const char , int );
	69	};
	70
	71	static struct sip_header_nfo ct_sip_hdrs[] = {
	72	[POS_REQ_HEADER] = { /* SIP Requests headers */
	73	.lname = "sip:",
	74	.lnlen = sizeof("sip:") - 1,
9d5b8baa PM	75	.ln_str = "@",
	76	.ln_strlen = sizeof("@") - 1,
	77	.match_len = epaddr_len
	78	},
	79	[POS_VIA] = { /* SIP Via header */
ae5b7d8b PM	80	.lname = "Via:",
	81	.lnlen = sizeof("Via:") - 1,
	82	.sname = "\r\nv:",
	83	.snlen = sizeof("\r\nv:") - 1, /* rfc3261 "\r\n" */
	84	.ln_str = "UDP ",
	85	.ln_strlen = sizeof("UDP ") - 1,
	86	.match_len = epaddr_len,
	87	},
9d5b8baa	88	[POS_CONTACT] = { /* SIP Contact header */
ae5b7d8b PM	89	.lname = "Contact:",
	90	.lnlen = sizeof("Contact:") - 1,
	91	.sname = "\r\nm:",
	92	.snlen = sizeof("\r\nm:") - 1,
	93	.ln_str = "sip:",
	94	.ln_strlen = sizeof("sip:") - 1,
	95	.match_len = skp_epaddr_len
	96	},
9d5b8baa	97	[POS_CONTENT] = { /* SIP Content length header */
ae5b7d8b PM	98	.lname = "Content-Length:",
	99	.lnlen = sizeof("Content-Length:") - 1,
	100	.sname = "\r\nl:",
	101	.snlen = sizeof("\r\nl:") - 1,
	102	.ln_str = ":",
	103	.ln_strlen = sizeof(":") - 1,
	104	.match_len = skp_digits_len
	105	},
9d5b8baa	106	[POS_MEDIA] = { /* SDP media info */
40883e81	107	.case_sensitive = 1,
ae5b7d8b PM	108	.lname = "\nm=",
	109	.lnlen = sizeof("\nm=") - 1,
	110	.sname = "\rm=",
	111	.snlen = sizeof("\rm=") - 1,
	112	.ln_str = "audio ",
	113	.ln_strlen = sizeof("audio ") - 1,
	114	.match_len = digits_len
	115	},
9d5b8baa	116	[POS_OWNER] = { /* SDP owner address*/
40883e81	117	.case_sensitive = 1,
ae5b7d8b PM	118	.lname = "\no=",
	119	.lnlen = sizeof("\no=") - 1,
	120	.sname = "\ro=",
	121	.snlen = sizeof("\ro=") - 1,
	122	.ln_str = "IN IP4 ",
	123	.ln_strlen = sizeof("IN IP4 ") - 1,
	124	.match_len = epaddr_len
	125	},
9d5b8baa	126	[POS_CONNECTION] = { /* SDP connection info */
40883e81	127	.case_sensitive = 1,
ae5b7d8b PM	128	.lname = "\nc=",
	129	.lnlen = sizeof("\nc=") - 1,
	130	.sname = "\rc=",
	131	.snlen = sizeof("\rc=") - 1,
	132	.ln_str = "IN IP4 ",
	133	.ln_strlen = sizeof("IN IP4 ") - 1,
	134	.match_len = epaddr_len
	135	},
9d5b8baa	136	[POS_SDP_HEADER] = { /* SDP version header */
40883e81	137	.case_sensitive = 1,
ae5b7d8b PM	138	.lname = "\nv=",
	139	.lnlen = sizeof("\nv=") - 1,
	140	.sname = "\rv=",
	141	.snlen = sizeof("\rv=") - 1,
	142	.ln_str = "=",
	143	.ln_strlen = sizeof("=") - 1,
	144	.match_len = digits_len
	145	}
	146	};
ae5b7d8b PM	147
	148	/* get line lenght until first CR or LF seen. */
	149	int ct_sip_lnlen(const char line, const char limit)
	150	{
	151	const char *k = line;
	152
	153	while ((line <= limit) && (line == '\r' \|\| line == '\n'))
	154	line++;
	155
	156	while (line <= limit) {
	157	if (line == '\r' \|\| line == '\n')
	158	break;
	159	line++;
	160	}
	161	return line - k;
	162	}
	163	EXPORT_SYMBOL_GPL(ct_sip_lnlen);
	164
	165	/* Linear string search, case sensitive. */
	166	const char ct_sip_search(const char needle, const char *haystack,
40883e81 PM	167	size_t needle_len, size_t haystack_len,
40883e81 PM	168	int case_sensitive)
ae5b7d8b PM	169	{
	170	const char *limit = haystack + (haystack_len - needle_len);
	171
	172	while (haystack <= limit) {
40883e81 PM	173	if (case_sensitive) {
	174	if (strncmp(haystack, needle, needle_len) == 0)
	175	return haystack;
	176	} else {
	177	if (strnicmp(haystack, needle, needle_len) == 0)
	178	return haystack;
	179	}
ae5b7d8b PM	180	haystack++;
	181	}
	182	return NULL;
	183	}
	184	EXPORT_SYMBOL_GPL(ct_sip_search);
	185
	186	static int digits_len(const char dptr, const char limit, int *shift)
	187	{
	188	int len = 0;
	189	while (dptr <= limit && isdigit(*dptr)) {
	190	dptr++;
	191	len++;
	192	}
	193	return len;
	194	}
	195
	196	/* get digits lenght, skiping blank spaces. */
	197	static int skp_digits_len(const char dptr, const char limit, int *shift)
	198	{
	199	for (; dptr <= limit && *dptr == ' '; dptr++)
	200	(*shift)++;
	201
	202	return digits_len(dptr, limit, shift);
	203	}
	204
	205	/* Simple ipaddr parser.. */
	206	static int parse_ipaddr(const char cp, const char *endp,
cdcb71bf	207	__be32 ipaddr, const char limit)
ae5b7d8b PM	208	{
	209	unsigned long int val;
	210	int i, digit = 0;
	211
	212	for (i = 0, *ipaddr = 0; cp <= limit && i < 4; i++) {
	213	digit = 0;
	214	if (!isdigit(*cp))
	215	break;
	216
	217	val = simple_strtoul(cp, (char **)&cp, 10);
	218	if (val > 0xFF)
	219	return -1;
	220
	221	((u_int8_t *)ipaddr)[i] = val;
	222	digit = 1;
	223
	224	if (*cp != '.')
	225	break;
	226	cp++;
	227	}
	228	if (!digit)
	229	return -1;
	230
	231	if (endp)
	232	*endp = cp;
	233
	234	return 0;
	235	}
	236
	237	/* skip ip address. returns it lenght. */
	238	static int epaddr_len(const char dptr, const char limit, int *shift)
	239	{
	240	const char *aux = dptr;
cdcb71bf	241	__be32 ip;
ae5b7d8b PM	242
	243	if (parse_ipaddr(dptr, &dptr, &ip, limit) < 0) {
	244	DEBUGP("ip: %s parse failed.!\n", dptr);
	245	return 0;
	246	}
	247
	248	/* Port number */
	249	if (*dptr == ':') {
	250	dptr++;
	251	dptr += digits_len(dptr, limit, shift);
	252	}
	253	return dptr - aux;
	254	}
	255
	256	/* get address length, skiping user info. */
	257	static int skp_epaddr_len(const char dptr, const char limit, int *shift)
	258	{
	259	int s = *shift;
	260
	261	for (; dptr <= limit && *dptr != '@'; dptr++)
	262	(*shift)++;
	263
	264	if (*dptr == '@') {
	265	dptr++;
	266	(*shift)++;
	267	} else
	268	*shift = s;
	269
	270	return epaddr_len(dptr, limit, shift);
	271	}
	272
	273	/* Returns 0 if not found, -1 error parsing. */
	274	int ct_sip_get_info(const char *dptr, size_t dlen,
	275	unsigned int *matchoff,
	276	unsigned int *matchlen,
9d5b8baa	277	enum sip_header_pos pos)
ae5b7d8b	278	{
9d5b8baa	279	struct sip_header_nfo *hnfo = &ct_sip_hdrs[pos];
ae5b7d8b PM	280	const char limit, aux, *k = dptr;
	281	int shift = 0;
	282
	283	limit = dptr + (dlen - hnfo->lnlen);
	284
	285	while (dptr <= limit) {
	286	if ((strncmp(dptr, hnfo->lname, hnfo->lnlen) != 0) &&
77a78dec PM	287	(hinfo->sname == NULL \|\|
77a78dec PM	288	strncmp(dptr, hnfo->sname, hnfo->snlen) != 0)) {
ae5b7d8b PM	289	dptr++;
	290	continue;
	291	}
	292	aux = ct_sip_search(hnfo->ln_str, dptr, hnfo->ln_strlen,
40883e81 PM	293	ct_sip_lnlen(dptr, limit),
40883e81 PM	294	hnfo->case_sensitive);
ae5b7d8b PM	295	if (!aux) {
	296	DEBUGP("'%s' not found in '%s'.\n", hnfo->ln_str,
	297	hnfo->lname);
	298	return -1;
	299	}
	300	aux += hnfo->ln_strlen;
	301
	302	*matchlen = hnfo->match_len(aux, limit, &shift);
	303	if (!*matchlen)
	304	return -1;
	305
	306	*matchoff = (aux - k) + shift;
	307
	308	DEBUGP("%s match succeeded! - len: %u\n", hnfo->lname,
	309	*matchlen);
	310	return 1;
	311	}
	312	DEBUGP("%s header not found.\n", hnfo->lname);
	313	return 0;
	314	}
9d5b8baa	315	EXPORT_SYMBOL_GPL(ct_sip_get_info);
ae5b7d8b PM	316
	317	static int set_expected_rtp(struct sk_buff **pskb,
	318	struct ip_conntrack *ct,
	319	enum ip_conntrack_info ctinfo,
cdcb71bf	320	__be32 ipaddr, u_int16_t port,
ae5b7d8b PM	321	const char *dptr)
	322	{
	323	struct ip_conntrack_expect *exp;
	324	enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
	325	int ret;
337fbc41	326	typeof(ip_nat_sdp_hook) ip_nat_sdp;
ae5b7d8b PM	327
	328	exp = ip_conntrack_expect_alloc(ct);
	329	if (exp == NULL)
	330	return NF_DROP;
	331
	332	exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
	333	exp->tuple.src.u.udp.port = 0;
	334	exp->tuple.dst.ip = ipaddr;
	335	exp->tuple.dst.u.udp.port = htons(port);
	336	exp->tuple.dst.protonum = IPPROTO_UDP;
	337
cdcb71bf	338	exp->mask.src.ip = htonl(0xFFFFFFFF);
ae5b7d8b	339	exp->mask.src.u.udp.port = 0;
cdcb71bf AV	340	exp->mask.dst.ip = htonl(0xFFFFFFFF);
cdcb71bf AV	341	exp->mask.dst.u.udp.port = htons(0xFFFF);
ae5b7d8b PM	342	exp->mask.dst.protonum = 0xFF;
	343
	344	exp->expectfn = NULL;
	345	exp->flags = 0;
	346
337fbc41 PM	347	ip_nat_sdp = rcu_dereference(ip_nat_sdp_hook);
	348	if (ip_nat_sdp)
	349	ret = ip_nat_sdp(pskb, ctinfo, exp, dptr);
ae5b7d8b PM	350	else {
	351	if (ip_conntrack_expect_related(exp) != 0)
	352	ret = NF_DROP;
	353	else
	354	ret = NF_ACCEPT;
	355	}
	356	ip_conntrack_expect_put(exp);
	357
	358	return ret;
	359	}
	360
	361	static int sip_help(struct sk_buff **pskb,
	362	struct ip_conntrack *ct,
	363	enum ip_conntrack_info ctinfo)
	364	{
	365	unsigned int dataoff, datalen;
	366	const char *dptr;
	367	int ret = NF_ACCEPT;
	368	int matchoff, matchlen;
cdcb71bf	369	__be32 ipaddr;
ae5b7d8b	370	u_int16_t port;
337fbc41	371	typeof(ip_nat_sip_hook) ip_nat_sip;
ae5b7d8b PM	372
	373	/* No Data ? */
	374	dataoff = (pskb)->nh.iph->ihl4 + sizeof(struct udphdr);
	375	if (dataoff >= (*pskb)->len) {
	376	DEBUGP("skb->len = %u\n", (*pskb)->len);
	377	return NF_ACCEPT;
	378	}
	379
	380	ip_ct_refresh(ct, pskb, sip_timeout HZ);
	381
	382	if (!skb_is_nonlinear(*pskb))
	383	dptr = (*pskb)->data + dataoff;
	384	else {
	385	DEBUGP("Copy of skbuff not supported yet.\n");
	386	goto out;
	387	}
	388
337fbc41 PM	389	ip_nat_sip = rcu_dereference(ip_nat_sip_hook);
	390	if (ip_nat_sip) {
	391	if (!ip_nat_sip(pskb, ctinfo, ct, &dptr)) {
ae5b7d8b PM	392	ret = NF_DROP;
	393	goto out;
	394	}
	395	}
	396
	397	/* After this point NAT, could have mangled skb, so
	398	we need to recalculate payload lenght. */
	399	datalen = (*pskb)->len - dataoff;
	400
	401	if (datalen < (sizeof("SIP/2.0 200") - 1))
	402	goto out;
	403
	404	/* RTP info only in some SDP pkts */
	405	if (memcmp(dptr, "INVITE", sizeof("INVITE") - 1) != 0 &&
	406	memcmp(dptr, "SIP/2.0 200", sizeof("SIP/2.0 200") - 1) != 0) {
	407	goto out;
	408	}
	409	/* Get ip and port address from SDP packet. */
	410	if (ct_sip_get_info(dptr, datalen, &matchoff, &matchlen,
9d5b8baa	411	POS_CONNECTION) > 0) {
ae5b7d8b PM	412
	413	/* We'll drop only if there are parse problems. */
	414	if (parse_ipaddr(dptr + matchoff, NULL, &ipaddr,
	415	dptr + datalen) < 0) {
	416	ret = NF_DROP;
	417	goto out;
	418	}
	419	if (ct_sip_get_info(dptr, datalen, &matchoff, &matchlen,
9d5b8baa	420	POS_MEDIA) > 0) {
ae5b7d8b PM	421
	422	port = simple_strtoul(dptr + matchoff, NULL, 10);
	423	if (port < 1024) {
	424	ret = NF_DROP;
	425	goto out;
	426	}
	427	ret = set_expected_rtp(pskb, ct, ctinfo,
	428	ipaddr, port, dptr);
	429	}
	430	}
	431	out:
	432	return ret;
	433	}
	434
	435	static struct ip_conntrack_helper sip[MAX_PORTS];
	436	static char sip_names[MAX_PORTS][10];
	437
	438	static void fini(void)
	439	{
	440	int i;
	441	for (i = 0; i < ports_c; i++) {
	442	DEBUGP("unregistering helper for port %d\n", ports[i]);
	443	ip_conntrack_helper_unregister(&sip[i]);
	444	}
	445	}
	446
	447	static int __init init(void)
	448	{
	449	int i, ret;
	450	char *tmpname;
	451
	452	if (ports_c == 0)
	453	ports[ports_c++] = SIP_PORT;
	454
	455	for (i = 0; i < ports_c; i++) {
	456	/* Create helper structure */
	457	memset(&sip[i], 0, sizeof(struct ip_conntrack_helper));
	458
	459	sip[i].tuple.dst.protonum = IPPROTO_UDP;
	460	sip[i].tuple.src.u.udp.port = htons(ports[i]);
cdcb71bf	461	sip[i].mask.src.u.udp.port = htons(0xFFFF);
ae5b7d8b	462	sip[i].mask.dst.protonum = 0xFF;
b10866fd	463	sip[i].max_expected = 2;
ae5b7d8b PM	464	sip[i].timeout = 3 * 60; /* 3 minutes */
	465	sip[i].me = THIS_MODULE;
	466	sip[i].help = sip_help;
	467
	468	tmpname = &sip_names[i][0];
	469	if (ports[i] == SIP_PORT)
	470	sprintf(tmpname, "sip");
	471	else
	472	sprintf(tmpname, "sip-%d", i);
	473	sip[i].name = tmpname;
	474
	475	DEBUGP("port #%d: %d\n", i, ports[i]);
	476
	477	ret = ip_conntrack_helper_register(&sip[i]);
	478	if (ret) {
	479	printk("ERROR registering helper for port %d\n",
	480	ports[i]);
	481	fini();
	482	return ret;
	483	}
	484	}
	485	return 0;
	486	}
	487
	488	module_init(init);
	489	module_exit(fini);