[net-next-2.6.git] / net / netfilter / nf_conntrack_sip.c

/* SIP extension for IP connection tracking.
 *
 * (C) 2005 by Christian Hentschel <chentschel@arnet.com.ar>
 * based on RR's ip_conntrack_ftp.c and other modules.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */

#include <linux/module.h>
#include <linux/ctype.h>
#include <linux/skbuff.h>
#include <linux/inet.h>
#include <linux/in.h>
#include <linux/udp.h>
#include <linux/netfilter.h>

#include <net/netfilter/nf_conntrack.h>
#include <net/netfilter/nf_conntrack_expect.h>
#include <net/netfilter/nf_conntrack_helper.h>
#include <linux/netfilter/nf_conntrack_sip.h>

MODULE_LICENSE("GPL");
MODULE_AUTHOR("Christian Hentschel <chentschel@arnet.com.ar>");
MODULE_DESCRIPTION("SIP connection tracking helper");
MODULE_ALIAS("ip_conntrack_sip");

#define MAX_PORTS	8
static unsigned short ports[MAX_PORTS];
static unsigned int ports_c;
module_param_array(ports, ushort, &ports_c, 0400);
MODULE_PARM_DESC(ports, "port numbers of SIP servers");

static unsigned int sip_timeout __read_mostly = SIP_TIMEOUT;
module_param(sip_timeout, uint, 0600);
MODULE_PARM_DESC(sip_timeout, "timeout for the master SIP session");

unsigned int (*nf_nat_sip_hook)(struct sk_buff *skb,
				const char **dptr,
				unsigned int *datalen) __read_mostly;
EXPORT_SYMBOL_GPL(nf_nat_sip_hook);

unsigned int (*nf_nat_sdp_hook)(struct sk_buff *skb,
				const char **dptr,
				unsigned int *datalen,
				struct nf_conntrack_expect *exp) __read_mostly;
EXPORT_SYMBOL_GPL(nf_nat_sdp_hook);

static int digits_len(const struct nf_conn *, const char *, const char *, int *);
static int epaddr_len(const struct nf_conn *, const char *, const char *, int *);
static int skp_digits_len(const struct nf_conn *, const char *, const char *, int *);
static int skp_epaddr_len(const struct nf_conn *, const char *, const char *, int *);

struct sip_header_nfo {
	const char	*lname;
	const char	*sname;
	const char	*ln_str;
	size_t		lnlen;
	size_t		snlen;
	size_t		ln_strlen;
	int		case_sensitive;
	int		(*match_len)(const struct nf_conn *, const char *,
				     const char *, int *);
};

static const struct sip_header_nfo ct_sip_hdrs[] = {
	[POS_FROM] = {		/* SIP From header */
		.lname		= "From:",
		.lnlen		= sizeof("From:") - 1,
		.sname		= "\r\nf:",
		.snlen		= sizeof("\r\nf:") - 1,
		.ln_str		= "sip:",
		.ln_strlen	= sizeof("sip:") - 1,
		.match_len	= skp_epaddr_len,
	},
	[POS_TO] = {		/* SIP To header */
		.lname		= "To:",
		.lnlen		= sizeof("To:") - 1,
		.sname		= "\r\nt:",
		.snlen		= sizeof("\r\nt:") - 1,
		.ln_str		= "sip:",
		.ln_strlen	= sizeof("sip:") - 1,
		.match_len	= skp_epaddr_len
	},
	[POS_VIA] = { 		/* SIP Via header */
		.lname		= "Via:",
		.lnlen		= sizeof("Via:") - 1,
		.sname		= "\r\nv:",
		.snlen		= sizeof("\r\nv:") - 1, /* rfc3261 "\r\n" */
		.ln_str		= "UDP ",
		.ln_strlen	= sizeof("UDP ") - 1,
		.match_len	= epaddr_len,
	},
	[POS_CONTACT] = { 	/* SIP Contact header */
		.lname		= "Contact:",
		.lnlen		= sizeof("Contact:") - 1,
		.sname		= "\r\nm:",
		.snlen		= sizeof("\r\nm:") - 1,
		.ln_str		= "sip:",
		.ln_strlen	= sizeof("sip:") - 1,
		.match_len	= skp_epaddr_len
	},
	[POS_CONTENT] = { 	/* SIP Content length header */
		.lname		= "Content-Length:",
		.lnlen		= sizeof("Content-Length:") - 1,
		.sname		= "\r\nl:",
		.snlen		= sizeof("\r\nl:") - 1,
		.ln_str		= ":",
		.ln_strlen	= sizeof(":") - 1,
		.match_len	= skp_digits_len
	},
};

/* get line length until first CR or LF seen. */
int ct_sip_lnlen(const char *line, const char *limit)
{
	const char *k = line;

	while ((line < limit) && (*line == '\r' || *line == '\n'))
		line++;

	while (line < limit) {
		if (*line == '\r' || *line == '\n')
			break;
		line++;
	}
	return line - k;
}
EXPORT_SYMBOL_GPL(ct_sip_lnlen);

/* Linear string search, case sensitive. */
const char *ct_sip_search(const char *needle, const char *haystack,
			  size_t needle_len, size_t haystack_len,
			  int case_sensitive)
{
	const char *limit = haystack + (haystack_len - needle_len);

	while (haystack < limit) {
		if (case_sensitive) {
			if (strncmp(haystack, needle, needle_len) == 0)
				return haystack;
		} else {
			if (strnicmp(haystack, needle, needle_len) == 0)
				return haystack;
		}
		haystack++;
	}
	return NULL;
}
EXPORT_SYMBOL_GPL(ct_sip_search);

static int string_len(const struct nf_conn *ct, const char *dptr,
		      const char *limit, int *shift)
{
	int len = 0;

	while (dptr < limit && isalpha(*dptr)) {
		dptr++;
		len++;
	}
	return len;
}

static int digits_len(const struct nf_conn *ct, const char *dptr,
		      const char *limit, int *shift)
{
	int len = 0;
	while (dptr < limit && isdigit(*dptr)) {
		dptr++;
		len++;
	}
	return len;
}

/* get digits length, skipping blank spaces. */
static int skp_digits_len(const struct nf_conn *ct, const char *dptr,
			  const char *limit, int *shift)
{
	for (; dptr < limit && *dptr == ' '; dptr++)
		(*shift)++;

	return digits_len(ct, dptr, limit, shift);
}

static int parse_addr(const struct nf_conn *ct, const char *cp,
                      const char **endp, union nf_inet_addr *addr,
                      const char *limit)
{
	const char *end;
	int family = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num;
	int ret = 0;

	switch (family) {
	case AF_INET:
		ret = in4_pton(cp, limit - cp, (u8 *)&addr->ip, -1, &end);
		break;
	case AF_INET6:
		ret = in6_pton(cp, limit - cp, (u8 *)&addr->ip6, -1, &end);
		break;
	default:
		BUG();
	}

	if (ret == 0 || end == cp)
		return 0;
	if (endp)
		*endp = end;
	return 1;
}

/* skip ip address. returns its length. */
static int epaddr_len(const struct nf_conn *ct, const char *dptr,
		      const char *limit, int *shift)
{
	union nf_inet_addr addr;
	const char *aux = dptr;

	if (!parse_addr(ct, dptr, &dptr, &addr, limit)) {
		pr_debug("ip: %s parse failed.!\n", dptr);
		return 0;
	}

	/* Port number */
	if (*dptr == ':') {
		dptr++;
		dptr += digits_len(ct, dptr, limit, shift);
	}
	return dptr - aux;
}

/* get address length, skiping user info. */
static int skp_epaddr_len(const struct nf_conn *ct, const char *dptr,
			  const char *limit, int *shift)
{
	const char *start = dptr;
	int s = *shift;

	/* Search for @, but stop at the end of the line.
	 * We are inside a sip: URI, so we don't need to worry about
	 * continuation lines. */
	while (dptr < limit &&
	       *dptr != '@' && *dptr != '\r' && *dptr != '\n') {
		(*shift)++;
		dptr++;
	}

	if (dptr < limit && *dptr == '@') {
		dptr++;
		(*shift)++;
	} else {
		dptr = start;
		*shift = s;
	}

	return epaddr_len(ct, dptr, limit, shift);
}

/* Parse a SIP request line of the form:
 *
 * Request-Line = Method SP Request-URI SP SIP-Version CRLF
 *
 * and return the offset and length of the address contained in the Request-URI.
 */
int ct_sip_parse_request(const struct nf_conn *ct,
			 const char *dptr, unsigned int datalen,
			 unsigned int *matchoff, unsigned int *matchlen)
{
	const char *start = dptr, *limit = dptr + datalen;
	unsigned int mlen;
	int shift = 0;

	/* Skip method and following whitespace */
	mlen = string_len(ct, dptr, limit, NULL);
	if (!mlen)
		return 0;
	dptr += mlen;
	if (++dptr >= limit)
		return 0;

	/* Find SIP URI */
	limit -= strlen("sip:");
	for (; dptr < limit; dptr++) {
		if (*dptr == '\r' || *dptr == '\n')
			return -1;
		if (strnicmp(dptr, "sip:", strlen("sip:")) == 0)
			break;
	}
	*matchlen = skp_epaddr_len(ct, dptr, limit, &shift);
	if (!*matchlen)
		return 0;
	*matchoff = dptr - start + shift;
	return 1;
}
EXPORT_SYMBOL_GPL(ct_sip_parse_request);

/* Returns 0 if not found, -1 error parsing. */
int ct_sip_get_info(const struct nf_conn *ct,
		    const char *dptr, size_t dlen,
		    unsigned int *matchoff,
		    unsigned int *matchlen,
		    enum sip_header_pos pos)
{
	const struct sip_header_nfo *hnfo = &ct_sip_hdrs[pos];
	const char *limit, *aux, *k = dptr;
	int shift = 0;

	limit = dptr + (dlen - hnfo->lnlen);

	while (dptr < limit) {
		if ((strncmp(dptr, hnfo->lname, hnfo->lnlen) != 0) &&
		    (hnfo->sname == NULL ||
		     strncmp(dptr, hnfo->sname, hnfo->snlen) != 0)) {
			dptr++;
			continue;
		}
		aux = ct_sip_search(hnfo->ln_str, dptr, hnfo->ln_strlen,
				    ct_sip_lnlen(dptr, limit),
				    hnfo->case_sensitive);
		if (!aux) {
			pr_debug("'%s' not found in '%s'.\n", hnfo->ln_str,
				 hnfo->lname);
			return -1;
		}
		aux += hnfo->ln_strlen;

		*matchlen = hnfo->match_len(ct, aux, limit, &shift);
		if (!*matchlen)
			return -1;

		*matchoff = (aux - k) + shift;

		pr_debug("%s match succeeded! - len: %u\n", hnfo->lname,
			 *matchlen);
		return 1;
	}
	pr_debug("%s header not found.\n", hnfo->lname);
	return 0;
}
EXPORT_SYMBOL_GPL(ct_sip_get_info);

/* SDP header parsing: a SDP session description contains an ordered set of
 * headers, starting with a section containing general session parameters,
 * optionally followed by multiple media descriptions.
 *
 * SDP headers always start at the beginning of a line. According to RFC 2327:
 * "The sequence CRLF (0x0d0a) is used to end a record, although parsers should
 * be tolerant and also accept records terminated with a single newline
 * character". We handle both cases.
 */
static const struct sip_header ct_sdp_hdrs[] = {
	[SDP_HDR_VERSION]		= SDP_HDR("v=", NULL, digits_len),
	[SDP_HDR_OWNER_IP4]		= SDP_HDR("o=", "IN IP4 ", epaddr_len),
	[SDP_HDR_CONNECTION_IP4]	= SDP_HDR("c=", "IN IP4 ", epaddr_len),
	[SDP_HDR_OWNER_IP6]		= SDP_HDR("o=", "IN IP6 ", epaddr_len),
	[SDP_HDR_CONNECTION_IP6]	= SDP_HDR("c=", "IN IP6 ", epaddr_len),
	[SDP_HDR_MEDIA]			= SDP_HDR("m=", "audio ", digits_len),
};

/* Linear string search within SDP header values */
static const char *ct_sdp_header_search(const char *dptr, const char *limit,
					const char *needle, unsigned int len)
{
	for (limit -= len; dptr < limit; dptr++) {
		if (*dptr == '\r' || *dptr == '\n')
			break;
		if (strncmp(dptr, needle, len) == 0)
			return dptr;
	}
	return NULL;
}

/* Locate a SDP header (optionally a substring within the header value),
 * optionally stopping at the first occurence of the term header, parse
 * it and return the offset and length of the data we're interested in.
 */
int ct_sip_get_sdp_header(const struct nf_conn *ct, const char *dptr,
			  unsigned int dataoff, unsigned int datalen,
			  enum sdp_header_types type,
			  enum sdp_header_types term,
			  unsigned int *matchoff, unsigned int *matchlen)
{
	const struct sip_header *hdr = &ct_sdp_hdrs[type];
	const struct sip_header *thdr = &ct_sdp_hdrs[term];
	const char *start = dptr, *limit = dptr + datalen;
	int shift = 0;

	for (dptr += dataoff; dptr < limit; dptr++) {
		/* Find beginning of line */
		if (*dptr != '\r' && *dptr != '\n')
			continue;
		if (++dptr >= limit)
			break;
		if (*(dptr - 1) == '\r' && *dptr == '\n') {
			if (++dptr >= limit)
				break;
		}

		if (term != SDP_HDR_UNSPEC &&
		    limit - dptr >= thdr->len &&
		    strnicmp(dptr, thdr->name, thdr->len) == 0)
			break;
		else if (limit - dptr >= hdr->len &&
			 strnicmp(dptr, hdr->name, hdr->len) == 0)
			dptr += hdr->len;
		else
			continue;

		*matchoff = dptr - start;
		if (hdr->search) {
			dptr = ct_sdp_header_search(dptr, limit, hdr->search,
						    hdr->slen);
			if (!dptr)
				return -1;
			dptr += hdr->slen;
		}

		*matchlen = hdr->match_len(ct, dptr, limit, &shift);
		if (!*matchlen)
			return -1;
		*matchoff = dptr - start + shift;
		return 1;
	}
	return 0;
}
EXPORT_SYMBOL_GPL(ct_sip_get_sdp_header);

static int set_expected_rtp(struct sk_buff *skb,
			    const char **dptr, unsigned int *datalen,
			    union nf_inet_addr *addr, __be16 port)
{
	struct nf_conntrack_expect *exp;
	enum ip_conntrack_info ctinfo;
	struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
	enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
	int family = ct->tuplehash[!dir].tuple.src.l3num;
	int ret;
	typeof(nf_nat_sdp_hook) nf_nat_sdp;

	exp = nf_ct_expect_alloc(ct);
	if (exp == NULL)
		return NF_DROP;
	nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, family,
			  &ct->tuplehash[!dir].tuple.src.u3, addr,
			  IPPROTO_UDP, NULL, &port);

	nf_nat_sdp = rcu_dereference(nf_nat_sdp_hook);
	if (nf_nat_sdp && ct->status & IPS_NAT_MASK)
		ret = nf_nat_sdp(skb, dptr, datalen, exp);
	else {
		if (nf_ct_expect_related(exp) != 0)
			ret = NF_DROP;
		else
			ret = NF_ACCEPT;
	}
	nf_ct_expect_put(exp);

	return ret;
}

static int sip_help(struct sk_buff *skb,
		    unsigned int protoff,
		    struct nf_conn *ct,
		    enum ip_conntrack_info ctinfo)
{
	int family = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num;
	union nf_inet_addr addr;
	unsigned int dataoff, datalen;
	const char *dptr;
	int ret = NF_ACCEPT;
	unsigned int matchoff, matchlen;
	u_int16_t port;
	enum sdp_header_types type;
	typeof(nf_nat_sip_hook) nf_nat_sip;

	/* No Data ? */
	dataoff = protoff + sizeof(struct udphdr);
	if (dataoff >= skb->len)
		return NF_ACCEPT;

	nf_ct_refresh(ct, skb, sip_timeout * HZ);

	if (!skb_is_nonlinear(skb))
		dptr = skb->data + dataoff;
	else {
		pr_debug("Copy of skbuff not supported yet.\n");
		goto out;
	}

	nf_nat_sip = rcu_dereference(nf_nat_sip_hook);
	if (nf_nat_sip && ct->status & IPS_NAT_MASK) {
		if (!nf_nat_sip(skb, &dptr, &datalen)) {
			ret = NF_DROP;
			goto out;
		}
	}

	datalen = skb->len - dataoff;
	if (datalen < strlen("SIP/2.0 200"))
		goto out;

	/* RTP info only in some SDP pkts */
	if (strnicmp(dptr, "INVITE", strlen("INVITE")) != 0 &&
	    strnicmp(dptr, "UPDATE", strlen("UPDATE")) != 0 &&
	    strnicmp(dptr, "SIP/2.0 180", strlen("SIP/2.0 180")) != 0 &&
	    strnicmp(dptr, "SIP/2.0 183", strlen("SIP/2.0 183")) != 0 &&
	    strnicmp(dptr, "SIP/2.0 200", strlen("SIP/2.0 200")) != 0) {
		goto out;
	}
	/* Get address and port from SDP packet. */
	type = family == AF_INET ? SDP_HDR_CONNECTION_IP4 :
				   SDP_HDR_CONNECTION_IP6;
	if (ct_sip_get_sdp_header(ct, dptr, 0, datalen, type, SDP_HDR_UNSPEC,
				  &matchoff, &matchlen) > 0) {

		/* We'll drop only if there are parse problems. */
		if (!parse_addr(ct, dptr + matchoff, NULL, &addr,
				dptr + datalen)) {
			ret = NF_DROP;
			goto out;
		}
		if (ct_sip_get_sdp_header(ct, dptr, 0, datalen,
					  SDP_HDR_MEDIA, SDP_HDR_UNSPEC,
					  &matchoff, &matchlen) > 0) {

			port = simple_strtoul(dptr + matchoff, NULL, 10);
			if (port < 1024) {
				ret = NF_DROP;
				goto out;
			}
			ret = set_expected_rtp(skb, &dptr, &datalen,
					       &addr, htons(port));
		}
	}
out:
	return ret;
}

static struct nf_conntrack_helper sip[MAX_PORTS][2] __read_mostly;
static char sip_names[MAX_PORTS][2][sizeof("sip-65535")] __read_mostly;

static const struct nf_conntrack_expect_policy sip_exp_policy = {
	.max_expected	= 2,
	.timeout	= 3 * 60,
};

static void nf_conntrack_sip_fini(void)
{
	int i, j;

	for (i = 0; i < ports_c; i++) {
		for (j = 0; j < 2; j++) {
			if (sip[i][j].me == NULL)
				continue;
			nf_conntrack_helper_unregister(&sip[i][j]);
		}
	}
}

static int __init nf_conntrack_sip_init(void)
{
	int i, j, ret;
	char *tmpname;

	if (ports_c == 0)
		ports[ports_c++] = SIP_PORT;

	for (i = 0; i < ports_c; i++) {
		memset(&sip[i], 0, sizeof(sip[i]));

		sip[i][0].tuple.src.l3num = AF_INET;
		sip[i][1].tuple.src.l3num = AF_INET6;
		for (j = 0; j < 2; j++) {
			sip[i][j].tuple.dst.protonum = IPPROTO_UDP;
			sip[i][j].tuple.src.u.udp.port = htons(ports[i]);
			sip[i][j].expect_policy = &sip_exp_policy;
			sip[i][j].me = THIS_MODULE;
			sip[i][j].help = sip_help;

			tmpname = &sip_names[i][j][0];
			if (ports[i] == SIP_PORT)
				sprintf(tmpname, "sip");
			else
				sprintf(tmpname, "sip-%u", i);
			sip[i][j].name = tmpname;

			pr_debug("port #%u: %u\n", i, ports[i]);

			ret = nf_conntrack_helper_register(&sip[i][j]);
			if (ret) {
				printk("nf_ct_sip: failed to register helper "
				       "for pf: %u port: %u\n",
				       sip[i][j].tuple.src.l3num, ports[i]);
				nf_conntrack_sip_fini();
				return ret;
			}
		}
	}
	return 0;
}

module_init(nf_conntrack_sip_init);
module_exit(nf_conntrack_sip_fini);
Commit	Line	Data
9fafcd7b PM	1	/* SIP extension for IP connection tracking.
	2	*
	3	* (C) 2005 by Christian Hentschel <chentschel@arnet.com.ar>
	4	* based on RR's ip_conntrack_ftp.c and other modules.
	5	*
	6	* This program is free software; you can redistribute it and/or modify
	7	* it under the terms of the GNU General Public License version 2 as
	8	* published by the Free Software Foundation.
	9	*/
	10
	11	#include <linux/module.h>
	12	#include <linux/ctype.h>
	13	#include <linux/skbuff.h>
	14	#include <linux/inet.h>
	15	#include <linux/in.h>
	16	#include <linux/udp.h>
1863f096	17	#include <linux/netfilter.h>
9fafcd7b PM	18
	19	#include <net/netfilter/nf_conntrack.h>
	20	#include <net/netfilter/nf_conntrack_expect.h>
	21	#include <net/netfilter/nf_conntrack_helper.h>
	22	#include <linux/netfilter/nf_conntrack_sip.h>
	23
9fafcd7b PM	24	MODULE_LICENSE("GPL");
	25	MODULE_AUTHOR("Christian Hentschel <chentschel@arnet.com.ar>");
	26	MODULE_DESCRIPTION("SIP connection tracking helper");
	27	MODULE_ALIAS("ip_conntrack_sip");
	28
	29	#define MAX_PORTS 8
	30	static unsigned short ports[MAX_PORTS];
2f0d2f10	31	static unsigned int ports_c;
9fafcd7b PM	32	module_param_array(ports, ushort, &ports_c, 0400);
	33	MODULE_PARM_DESC(ports, "port numbers of SIP servers");
	34
	35	static unsigned int sip_timeout __read_mostly = SIP_TIMEOUT;
	36	module_param(sip_timeout, uint, 0600);
	37	MODULE_PARM_DESC(sip_timeout, "timeout for the master SIP session");
	38
3db05fea	39	unsigned int (nf_nat_sip_hook)(struct sk_buff skb,
2a6cfb22 PM	40	const char **dptr,
2a6cfb22 PM	41	unsigned int *datalen) __read_mostly;
9fafcd7b PM	42	EXPORT_SYMBOL_GPL(nf_nat_sip_hook);
9fafcd7b PM	43
3db05fea	44	unsigned int (nf_nat_sdp_hook)(struct sk_buff skb,
2a6cfb22	45	const char **dptr,
212440a7 PM	46	unsigned int *datalen,
212440a7 PM	47	struct nf_conntrack_expect *exp) __read_mostly;
9fafcd7b PM	48	EXPORT_SYMBOL_GPL(nf_nat_sdp_hook);
9fafcd7b PM	49
13f7d63c JE	50	static int digits_len(const struct nf_conn , const char , const char , int );
	51	static int epaddr_len(const struct nf_conn , const char , const char , int );
	52	static int skp_digits_len(const struct nf_conn , const char , const char , int );
	53	static int skp_epaddr_len(const struct nf_conn , const char , const char , int );
9fafcd7b PM	54
	55	struct sip_header_nfo {
	56	const char *lname;
	57	const char *sname;
	58	const char *ln_str;
	59	size_t lnlen;
	60	size_t snlen;
	61	size_t ln_strlen;
	62	int case_sensitive;
13f7d63c	63	int (match_len)(const struct nf_conn , const char *,
9fafcd7b PM	64	const char , int );
	65	};
	66
	67	static const struct sip_header_nfo ct_sip_hdrs[] = {
9fafcd7b PM	68	[POS_FROM] = { /* SIP From header */
	69	.lname = "From:",
	70	.lnlen = sizeof("From:") - 1,
	71	.sname = "\r\nf:",
	72	.snlen = sizeof("\r\nf:") - 1,
	73	.ln_str = "sip:",
	74	.ln_strlen = sizeof("sip:") - 1,
	75	.match_len = skp_epaddr_len,
	76	},
	77	[POS_TO] = { /* SIP To header */
	78	.lname = "To:",
	79	.lnlen = sizeof("To:") - 1,
	80	.sname = "\r\nt:",
	81	.snlen = sizeof("\r\nt:") - 1,
	82	.ln_str = "sip:",
	83	.ln_strlen = sizeof("sip:") - 1,
	84	.match_len = skp_epaddr_len
	85	},
	86	[POS_VIA] = { /* SIP Via header */
	87	.lname = "Via:",
	88	.lnlen = sizeof("Via:") - 1,
	89	.sname = "\r\nv:",
	90	.snlen = sizeof("\r\nv:") - 1, /* rfc3261 "\r\n" */
	91	.ln_str = "UDP ",
	92	.ln_strlen = sizeof("UDP ") - 1,
	93	.match_len = epaddr_len,
	94	},
	95	[POS_CONTACT] = { /* SIP Contact header */
	96	.lname = "Contact:",
	97	.lnlen = sizeof("Contact:") - 1,
	98	.sname = "\r\nm:",
	99	.snlen = sizeof("\r\nm:") - 1,
	100	.ln_str = "sip:",
	101	.ln_strlen = sizeof("sip:") - 1,
	102	.match_len = skp_epaddr_len
	103	},
	104	[POS_CONTENT] = { /* SIP Content length header */
	105	.lname = "Content-Length:",
	106	.lnlen = sizeof("Content-Length:") - 1,
	107	.sname = "\r\nl:",
	108	.snlen = sizeof("\r\nl:") - 1,
	109	.ln_str = ":",
	110	.ln_strlen = sizeof(":") - 1,
	111	.match_len = skp_digits_len
	112	},
9fafcd7b PM	113	};
9fafcd7b PM	114
c8238177	115	/* get line length until first CR or LF seen. */
9fafcd7b PM	116	int ct_sip_lnlen(const char line, const char limit)
	117	{
	118	const char *k = line;
	119
b1ec488b	120	while ((line < limit) && (line == '\r' \|\| line == '\n'))
9fafcd7b PM	121	line++;
9fafcd7b PM	122
b1ec488b	123	while (line < limit) {
9fafcd7b PM	124	if (line == '\r' \|\| line == '\n')
	125	break;
	126	line++;
	127	}
	128	return line - k;
	129	}
	130	EXPORT_SYMBOL_GPL(ct_sip_lnlen);
	131
	132	/* Linear string search, case sensitive. */
	133	const char ct_sip_search(const char needle, const char *haystack,
	134	size_t needle_len, size_t haystack_len,
	135	int case_sensitive)
	136	{
	137	const char *limit = haystack + (haystack_len - needle_len);
	138
b1ec488b	139	while (haystack < limit) {
9fafcd7b PM	140	if (case_sensitive) {
	141	if (strncmp(haystack, needle, needle_len) == 0)
	142	return haystack;
	143	} else {
	144	if (strnicmp(haystack, needle, needle_len) == 0)
	145	return haystack;
	146	}
	147	haystack++;
	148	}
	149	return NULL;
	150	}
	151	EXPORT_SYMBOL_GPL(ct_sip_search);
	152
ac367740 PM	153	static int string_len(const struct nf_conn ct, const char dptr,
	154	const char limit, int shift)
	155	{
	156	int len = 0;
	157
	158	while (dptr < limit && isalpha(*dptr)) {
	159	dptr++;
	160	len++;
	161	}
	162	return len;
	163	}
	164
13f7d63c	165	static int digits_len(const struct nf_conn ct, const char dptr,
9fafcd7b PM	166	const char limit, int shift)
	167	{
	168	int len = 0;
b1ec488b	169	while (dptr < limit && isdigit(*dptr)) {
9fafcd7b PM	170	dptr++;
	171	len++;
	172	}
	173	return len;
	174	}
	175
c8238177	176	/* get digits length, skipping blank spaces. */
13f7d63c	177	static int skp_digits_len(const struct nf_conn ct, const char dptr,
9fafcd7b PM	178	const char limit, int shift)
9fafcd7b PM	179	{
b1ec488b	180	for (; dptr < limit && *dptr == ' '; dptr++)
9fafcd7b PM	181	(*shift)++;
	182
	183	return digits_len(ct, dptr, limit, shift);
	184	}
	185
13f7d63c JE	186	static int parse_addr(const struct nf_conn ct, const char cp,
	187	const char *endp, union nf_inet_addr addr,
	188	const char *limit)
9fafcd7b PM	189	{
	190	const char *end;
	191	int family = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num;
	192	int ret = 0;
	193
	194	switch (family) {
	195	case AF_INET:
	196	ret = in4_pton(cp, limit - cp, (u8 *)&addr->ip, -1, &end);
	197	break;
	198	case AF_INET6:
	199	ret = in6_pton(cp, limit - cp, (u8 *)&addr->ip6, -1, &end);
	200	break;
	201	default:
	202	BUG();
	203	}
	204
	205	if (ret == 0 \|\| end == cp)
	206	return 0;
	207	if (endp)
	208	*endp = end;
	209	return 1;
	210	}
	211
	212	/* skip ip address. returns its length. */
13f7d63c	213	static int epaddr_len(const struct nf_conn ct, const char dptr,
9fafcd7b PM	214	const char limit, int shift)
9fafcd7b PM	215	{
643a2c15	216	union nf_inet_addr addr;
9fafcd7b PM	217	const char *aux = dptr;
	218
	219	if (!parse_addr(ct, dptr, &dptr, &addr, limit)) {
0d53778e	220	pr_debug("ip: %s parse failed.!\n", dptr);
9fafcd7b PM	221	return 0;
	222	}
	223
	224	/* Port number */
	225	if (*dptr == ':') {
	226	dptr++;
	227	dptr += digits_len(ct, dptr, limit, shift);
	228	}
	229	return dptr - aux;
	230	}
	231
	232	/* get address length, skiping user info. */
13f7d63c	233	static int skp_epaddr_len(const struct nf_conn ct, const char dptr,
9fafcd7b PM	234	const char limit, int shift)
9fafcd7b PM	235	{
aa584eda	236	const char *start = dptr;
9fafcd7b PM	237	int s = *shift;
9fafcd7b PM	238
7da5bfbb LI	239	/* Search for @, but stop at the end of the line.
	240	* We are inside a sip: URI, so we don't need to worry about
	241	* continuation lines. */
b1ec488b	242	while (dptr < limit &&
7da5bfbb	243	dptr != '@' && dptr != '\r' && *dptr != '\n') {
9fafcd7b	244	(*shift)++;
7da5bfbb LI	245	dptr++;
7da5bfbb LI	246	}
9fafcd7b	247
b1ec488b	248	if (dptr < limit && *dptr == '@') {
9fafcd7b PM	249	dptr++;
9fafcd7b PM	250	(*shift)++;
aa584eda PM	251	} else {
aa584eda PM	252	dptr = start;
9fafcd7b	253	*shift = s;
aa584eda	254	}
9fafcd7b PM	255
	256	return epaddr_len(ct, dptr, limit, shift);
	257	}
	258
ac367740 PM	259	/* Parse a SIP request line of the form:
	260	*
	261	* Request-Line = Method SP Request-URI SP SIP-Version CRLF
	262	*
	263	* and return the offset and length of the address contained in the Request-URI.
	264	*/
	265	int ct_sip_parse_request(const struct nf_conn *ct,
	266	const char *dptr, unsigned int datalen,
	267	unsigned int matchoff, unsigned int matchlen)
	268	{
	269	const char start = dptr, limit = dptr + datalen;
	270	unsigned int mlen;
	271	int shift = 0;
	272
	273	/* Skip method and following whitespace */
	274	mlen = string_len(ct, dptr, limit, NULL);
	275	if (!mlen)
	276	return 0;
	277	dptr += mlen;
	278	if (++dptr >= limit)
	279	return 0;
	280
	281	/* Find SIP URI */
	282	limit -= strlen("sip:");
	283	for (; dptr < limit; dptr++) {
	284	if (dptr == '\r' \|\| dptr == '\n')
	285	return -1;
	286	if (strnicmp(dptr, "sip:", strlen("sip:")) == 0)
	287	break;
	288	}
	289	*matchlen = skp_epaddr_len(ct, dptr, limit, &shift);
	290	if (!*matchlen)
	291	return 0;
	292	*matchoff = dptr - start + shift;
	293	return 1;
	294	}
	295	EXPORT_SYMBOL_GPL(ct_sip_parse_request);
	296
9fafcd7b	297	/* Returns 0 if not found, -1 error parsing. */
13f7d63c	298	int ct_sip_get_info(const struct nf_conn *ct,
9fafcd7b PM	299	const char *dptr, size_t dlen,
	300	unsigned int *matchoff,
	301	unsigned int *matchlen,
	302	enum sip_header_pos pos)
	303	{
	304	const struct sip_header_nfo *hnfo = &ct_sip_hdrs[pos];
	305	const char limit, aux, *k = dptr;
	306	int shift = 0;
	307
	308	limit = dptr + (dlen - hnfo->lnlen);
	309
b1ec488b	310	while (dptr < limit) {
9fafcd7b	311	if ((strncmp(dptr, hnfo->lname, hnfo->lnlen) != 0) &&
465f90a4 PM	312	(hnfo->sname == NULL \|\|
465f90a4 PM	313	strncmp(dptr, hnfo->sname, hnfo->snlen) != 0)) {
9fafcd7b PM	314	dptr++;
	315	continue;
	316	}
	317	aux = ct_sip_search(hnfo->ln_str, dptr, hnfo->ln_strlen,
601e68e1	318	ct_sip_lnlen(dptr, limit),
9fafcd7b PM	319	hnfo->case_sensitive);
9fafcd7b PM	320	if (!aux) {
0d53778e PM	321	pr_debug("'%s' not found in '%s'.\n", hnfo->ln_str,
0d53778e PM	322	hnfo->lname);
9fafcd7b PM	323	return -1;
	324	}
	325	aux += hnfo->ln_strlen;
	326
	327	*matchlen = hnfo->match_len(ct, aux, limit, &shift);
	328	if (!*matchlen)
	329	return -1;
	330
	331	*matchoff = (aux - k) + shift;
	332
0d53778e PM	333	pr_debug("%s match succeeded! - len: %u\n", hnfo->lname,
0d53778e PM	334	*matchlen);
9fafcd7b PM	335	return 1;
9fafcd7b PM	336	}
0d53778e	337	pr_debug("%s header not found.\n", hnfo->lname);
9fafcd7b PM	338	return 0;
	339	}
	340	EXPORT_SYMBOL_GPL(ct_sip_get_info);
	341
3e9b4600 PM	342	/* SDP header parsing: a SDP session description contains an ordered set of
	343	* headers, starting with a section containing general session parameters,
	344	* optionally followed by multiple media descriptions.
	345	*
	346	* SDP headers always start at the beginning of a line. According to RFC 2327:
	347	* "The sequence CRLF (0x0d0a) is used to end a record, although parsers should
	348	* be tolerant and also accept records terminated with a single newline
	349	* character". We handle both cases.
	350	*/
	351	static const struct sip_header ct_sdp_hdrs[] = {
	352	[SDP_HDR_VERSION] = SDP_HDR("v=", NULL, digits_len),
	353	[SDP_HDR_OWNER_IP4] = SDP_HDR("o=", "IN IP4 ", epaddr_len),
	354	[SDP_HDR_CONNECTION_IP4] = SDP_HDR("c=", "IN IP4 ", epaddr_len),
	355	[SDP_HDR_OWNER_IP6] = SDP_HDR("o=", "IN IP6 ", epaddr_len),
	356	[SDP_HDR_CONNECTION_IP6] = SDP_HDR("c=", "IN IP6 ", epaddr_len),
	357	[SDP_HDR_MEDIA] = SDP_HDR("m=", "audio ", digits_len),
	358	};
	359
	360	/* Linear string search within SDP header values */
	361	static const char ct_sdp_header_search(const char dptr, const char *limit,
	362	const char *needle, unsigned int len)
	363	{
	364	for (limit -= len; dptr < limit; dptr++) {
	365	if (dptr == '\r' \|\| dptr == '\n')
	366	break;
	367	if (strncmp(dptr, needle, len) == 0)
	368	return dptr;
	369	}
	370	return NULL;
	371	}
	372
	373	/* Locate a SDP header (optionally a substring within the header value),
	374	* optionally stopping at the first occurence of the term header, parse
	375	* it and return the offset and length of the data we're interested in.
	376	*/
	377	int ct_sip_get_sdp_header(const struct nf_conn ct, const char dptr,
	378	unsigned int dataoff, unsigned int datalen,
	379	enum sdp_header_types type,
	380	enum sdp_header_types term,
	381	unsigned int matchoff, unsigned int matchlen)
	382	{
	383	const struct sip_header *hdr = &ct_sdp_hdrs[type];
	384	const struct sip_header *thdr = &ct_sdp_hdrs[term];
	385	const char start = dptr, limit = dptr + datalen;
	386	int shift = 0;
	387
	388	for (dptr += dataoff; dptr < limit; dptr++) {
	389	/* Find beginning of line */
	390	if (dptr != '\r' && dptr != '\n')
	391	continue;
	392	if (++dptr >= limit)
	393	break;
	394	if ((dptr - 1) == '\r' && dptr == '\n') {
	395	if (++dptr >= limit)
	396	break;
	397	}
	398
	399	if (term != SDP_HDR_UNSPEC &&
	400	limit - dptr >= thdr->len &&
	401	strnicmp(dptr, thdr->name, thdr->len) == 0)
	402	break;
	403	else if (limit - dptr >= hdr->len &&
	404	strnicmp(dptr, hdr->name, hdr->len) == 0)
	405	dptr += hdr->len;
406	else
407	continue;
408
409	*matchoff = dptr - start;
410	if (hdr->search) {
411	dptr = ct_sdp_header_search(dptr, limit, hdr->search,
412	hdr->slen);
413	if (!dptr)
414	return -1;
415	dptr += hdr->slen;
416	}
417
418	*matchlen = hdr->match_len(ct, dptr, limit, &shift);
419	if (!*matchlen)
420	return -1;
421	*matchoff = dptr - start + shift;
422	return 1;
423	}
424	return 0;
425	}
426	EXPORT_SYMBOL_GPL(ct_sip_get_sdp_header);
427
3db05fea	428	static int set_expected_rtp(struct sk_buff *skb,
212440a7 PM	429	const char *dptr, unsigned int datalen,
212440a7 PM	430	union nf_inet_addr *addr, __be16 port)
9fafcd7b PM	431	{
9fafcd7b PM	432	struct nf_conntrack_expect *exp;
212440a7 PM	433	enum ip_conntrack_info ctinfo;
212440a7 PM	434	struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
9fafcd7b PM	435	enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
	436	int family = ct->tuplehash[!dir].tuple.src.l3num;
	437	int ret;
	438	typeof(nf_nat_sdp_hook) nf_nat_sdp;
	439
6823645d	440	exp = nf_ct_expect_alloc(ct);
9fafcd7b PM	441	if (exp == NULL)
9fafcd7b PM	442	return NF_DROP;
6002f266	443	nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, family,
6823645d PM	444	&ct->tuplehash[!dir].tuple.src.u3, addr,
6823645d PM	445	IPPROTO_UDP, NULL, &port);
9fafcd7b PM	446
	447	nf_nat_sdp = rcu_dereference(nf_nat_sdp_hook);
	448	if (nf_nat_sdp && ct->status & IPS_NAT_MASK)
212440a7	449	ret = nf_nat_sdp(skb, dptr, datalen, exp);
9fafcd7b	450	else {
6823645d	451	if (nf_ct_expect_related(exp) != 0)
9fafcd7b PM	452	ret = NF_DROP;
	453	else
	454	ret = NF_ACCEPT;
	455	}
6823645d	456	nf_ct_expect_put(exp);
9fafcd7b PM	457
	458	return ret;
	459	}
	460
3db05fea	461	static int sip_help(struct sk_buff *skb,
9fafcd7b PM	462	unsigned int protoff,
	463	struct nf_conn *ct,
	464	enum ip_conntrack_info ctinfo)
	465	{
	466	int family = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num;
643a2c15	467	union nf_inet_addr addr;
9fafcd7b PM	468	unsigned int dataoff, datalen;
	469	const char *dptr;
	470	int ret = NF_ACCEPT;
2f0d2f10	471	unsigned int matchoff, matchlen;
9fafcd7b	472	u_int16_t port;
3e9b4600	473	enum sdp_header_types type;
9fafcd7b PM	474	typeof(nf_nat_sip_hook) nf_nat_sip;
	475
	476	/* No Data ? */
	477	dataoff = protoff + sizeof(struct udphdr);
3db05fea	478	if (dataoff >= skb->len)
9fafcd7b PM	479	return NF_ACCEPT;
9fafcd7b PM	480
3db05fea	481	nf_ct_refresh(ct, skb, sip_timeout * HZ);
9fafcd7b	482
3db05fea HX	483	if (!skb_is_nonlinear(skb))
3db05fea HX	484	dptr = skb->data + dataoff;
9fafcd7b	485	else {
0d53778e	486	pr_debug("Copy of skbuff not supported yet.\n");
9fafcd7b PM	487	goto out;
	488	}
	489
	490	nf_nat_sip = rcu_dereference(nf_nat_sip_hook);
	491	if (nf_nat_sip && ct->status & IPS_NAT_MASK) {
212440a7	492	if (!nf_nat_sip(skb, &dptr, &datalen)) {
9fafcd7b PM	493	ret = NF_DROP;
	494	goto out;
	495	}
	496	}
	497
3db05fea	498	datalen = skb->len - dataoff;
779382eb	499	if (datalen < strlen("SIP/2.0 200"))
9fafcd7b PM	500	goto out;
	501
	502	/* RTP info only in some SDP pkts */
779382eb PM	503	if (strnicmp(dptr, "INVITE", strlen("INVITE")) != 0 &&
	504	strnicmp(dptr, "UPDATE", strlen("UPDATE")) != 0 &&
	505	strnicmp(dptr, "SIP/2.0 180", strlen("SIP/2.0 180")) != 0 &&
	506	strnicmp(dptr, "SIP/2.0 183", strlen("SIP/2.0 183")) != 0 &&
	507	strnicmp(dptr, "SIP/2.0 200", strlen("SIP/2.0 200")) != 0) {
9fafcd7b PM	508	goto out;
	509	}
	510	/* Get address and port from SDP packet. */
3e9b4600 PM	511	type = family == AF_INET ? SDP_HDR_CONNECTION_IP4 :
	512	SDP_HDR_CONNECTION_IP6;
	513	if (ct_sip_get_sdp_header(ct, dptr, 0, datalen, type, SDP_HDR_UNSPEC,
	514	&matchoff, &matchlen) > 0) {
9fafcd7b PM	515
	516	/* We'll drop only if there are parse problems. */
	517	if (!parse_addr(ct, dptr + matchoff, NULL, &addr,
601e68e1	518	dptr + datalen)) {
9fafcd7b PM	519	ret = NF_DROP;
	520	goto out;
	521	}
3e9b4600 PM	522	if (ct_sip_get_sdp_header(ct, dptr, 0, datalen,
	523	SDP_HDR_MEDIA, SDP_HDR_UNSPEC,
	524	&matchoff, &matchlen) > 0) {
9fafcd7b PM	525
	526	port = simple_strtoul(dptr + matchoff, NULL, 10);
	527	if (port < 1024) {
	528	ret = NF_DROP;
	529	goto out;
	530	}
212440a7 PM	531	ret = set_expected_rtp(skb, &dptr, &datalen,
212440a7 PM	532	&addr, htons(port));
9fafcd7b PM	533	}
	534	}
	535	out:
	536	return ret;
	537	}
	538
	539	static struct nf_conntrack_helper sip[MAX_PORTS][2] __read_mostly;
	540	static char sip_names[MAX_PORTS][2][sizeof("sip-65535")] __read_mostly;
	541
6002f266 PM	542	static const struct nf_conntrack_expect_policy sip_exp_policy = {
	543	.max_expected = 2,
	544	.timeout = 3 * 60,
	545	};
	546
9fafcd7b PM	547	static void nf_conntrack_sip_fini(void)
	548	{
	549	int i, j;
	550
	551	for (i = 0; i < ports_c; i++) {
	552	for (j = 0; j < 2; j++) {
	553	if (sip[i][j].me == NULL)
	554	continue;
	555	nf_conntrack_helper_unregister(&sip[i][j]);
	556	}
	557	}
	558	}
	559
	560	static int __init nf_conntrack_sip_init(void)
	561	{
	562	int i, j, ret;
	563	char *tmpname;
	564
	565	if (ports_c == 0)
	566	ports[ports_c++] = SIP_PORT;
	567
	568	for (i = 0; i < ports_c; i++) {
	569	memset(&sip[i], 0, sizeof(sip[i]));
	570
	571	sip[i][0].tuple.src.l3num = AF_INET;
	572	sip[i][1].tuple.src.l3num = AF_INET6;
	573	for (j = 0; j < 2; j++) {
	574	sip[i][j].tuple.dst.protonum = IPPROTO_UDP;
	575	sip[i][j].tuple.src.u.udp.port = htons(ports[i]);
6002f266	576	sip[i][j].expect_policy = &sip_exp_policy;
9fafcd7b PM	577	sip[i][j].me = THIS_MODULE;
	578	sip[i][j].help = sip_help;
	579
	580	tmpname = &sip_names[i][j][0];
	581	if (ports[i] == SIP_PORT)
	582	sprintf(tmpname, "sip");
	583	else
	584	sprintf(tmpname, "sip-%u", i);
	585	sip[i][j].name = tmpname;
	586
0d53778e	587	pr_debug("port #%u: %u\n", i, ports[i]);
9fafcd7b PM	588
	589	ret = nf_conntrack_helper_register(&sip[i][j]);
	590	if (ret) {
	591	printk("nf_ct_sip: failed to register helper "
	592	"for pf: %u port: %u\n",
	593	sip[i][j].tuple.src.l3num, ports[i]);
	594	nf_conntrack_sip_fini();
	595	return ret;
	596	}
	597	}
	598	}
	599	return 0;
	600	}
	601
	602	module_init(nf_conntrack_sip_init);
	603	module_exit(nf_conntrack_sip_fini);