1 /* SIP extension for IP connection tracking.
3 * (C) 2005 by Christian Hentschel <chentschel@arnet.com.ar>
4 * based on RR's ip_conntrack_ftp.c and other modules.
5 * (C) 2007 United Security Providers
6 * (C) 2007, 2008 Patrick McHardy <kaber@trash.net>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2 as
10 * published by the Free Software Foundation.
13 #include <linux/module.h>
14 #include <linux/ctype.h>
15 #include <linux/skbuff.h>
16 #include <linux/inet.h>
18 #include <linux/udp.h>
19 #include <linux/tcp.h>
20 #include <linux/netfilter.h>
22 #include <net/netfilter/nf_conntrack.h>
23 #include <net/netfilter/nf_conntrack_core.h>
24 #include <net/netfilter/nf_conntrack_expect.h>
25 #include <net/netfilter/nf_conntrack_helper.h>
26 #include <linux/netfilter/nf_conntrack_sip.h>
28 MODULE_LICENSE("GPL");
29 MODULE_AUTHOR("Christian Hentschel <chentschel@arnet.com.ar>");
30 MODULE_DESCRIPTION("SIP connection tracking helper");
31 MODULE_ALIAS("ip_conntrack_sip");
32 MODULE_ALIAS_NFCT_HELPER("sip");
35 static unsigned short ports[MAX_PORTS];
36 static unsigned int ports_c;
37 module_param_array(ports, ushort, &ports_c, 0400);
38 MODULE_PARM_DESC(ports, "port numbers of SIP servers");
40 static unsigned int sip_timeout __read_mostly = SIP_TIMEOUT;
41 module_param(sip_timeout, uint, 0600);
42 MODULE_PARM_DESC(sip_timeout, "timeout for the master SIP session");
44 static int sip_direct_signalling __read_mostly = 1;
45 module_param(sip_direct_signalling, int, 0600);
46 MODULE_PARM_DESC(sip_direct_signalling, "expect incoming calls from registrar "
49 static int sip_direct_media __read_mostly = 1;
50 module_param(sip_direct_media, int, 0600);
51 MODULE_PARM_DESC(sip_direct_media, "Expect Media streams between signalling "
52 "endpoints only (default 1)");
54 unsigned int (*nf_nat_sip_hook)(struct sk_buff *skb, unsigned int dataoff,
56 unsigned int *datalen) __read_mostly;
57 EXPORT_SYMBOL_GPL(nf_nat_sip_hook);
59 void (*nf_nat_sip_seq_adjust_hook)(struct sk_buff *skb, s16 off) __read_mostly;
60 EXPORT_SYMBOL_GPL(nf_nat_sip_seq_adjust_hook);
62 unsigned int (*nf_nat_sip_expect_hook)(struct sk_buff *skb,
65 unsigned int *datalen,
66 struct nf_conntrack_expect *exp,
67 unsigned int matchoff,
68 unsigned int matchlen) __read_mostly;
69 EXPORT_SYMBOL_GPL(nf_nat_sip_expect_hook);
71 unsigned int (*nf_nat_sdp_addr_hook)(struct sk_buff *skb, unsigned int dataoff,
73 unsigned int *datalen,
75 enum sdp_header_types type,
76 enum sdp_header_types term,
77 const union nf_inet_addr *addr)
79 EXPORT_SYMBOL_GPL(nf_nat_sdp_addr_hook);
81 unsigned int (*nf_nat_sdp_port_hook)(struct sk_buff *skb, unsigned int dataoff,
83 unsigned int *datalen,
84 unsigned int matchoff,
85 unsigned int matchlen,
86 u_int16_t port) __read_mostly;
87 EXPORT_SYMBOL_GPL(nf_nat_sdp_port_hook);
89 unsigned int (*nf_nat_sdp_session_hook)(struct sk_buff *skb,
92 unsigned int *datalen,
94 const union nf_inet_addr *addr)
96 EXPORT_SYMBOL_GPL(nf_nat_sdp_session_hook);
98 unsigned int (*nf_nat_sdp_media_hook)(struct sk_buff *skb, unsigned int dataoff,
100 unsigned int *datalen,
101 struct nf_conntrack_expect *rtp_exp,
102 struct nf_conntrack_expect *rtcp_exp,
103 unsigned int mediaoff,
104 unsigned int medialen,
105 union nf_inet_addr *rtp_addr)
107 EXPORT_SYMBOL_GPL(nf_nat_sdp_media_hook);
109 static int string_len(const struct nf_conn *ct, const char *dptr,
110 const char *limit, int *shift)
114 while (dptr < limit && isalpha(*dptr)) {
121 static int digits_len(const struct nf_conn *ct, const char *dptr,
122 const char *limit, int *shift)
125 while (dptr < limit && isdigit(*dptr)) {
132 /* get media type + port length */
133 static int media_len(const struct nf_conn *ct, const char *dptr,
134 const char *limit, int *shift)
136 int len = string_len(ct, dptr, limit, shift);
139 if (dptr >= limit || *dptr != ' ')
144 return len + digits_len(ct, dptr, limit, shift);
147 static int parse_addr(const struct nf_conn *ct, const char *cp,
148 const char **endp, union nf_inet_addr *addr,
154 memset(addr, 0, sizeof(*addr));
155 switch (nf_ct_l3num(ct)) {
157 ret = in4_pton(cp, limit - cp, (u8 *)&addr->ip, -1, &end);
160 ret = in6_pton(cp, limit - cp, (u8 *)&addr->ip6, -1, &end);
166 if (ret == 0 || end == cp)
173 /* skip ip address. returns its length. */
174 static int epaddr_len(const struct nf_conn *ct, const char *dptr,
175 const char *limit, int *shift)
177 union nf_inet_addr addr;
178 const char *aux = dptr;
180 if (!parse_addr(ct, dptr, &dptr, &addr, limit)) {
181 pr_debug("ip: %s parse failed.!\n", dptr);
188 dptr += digits_len(ct, dptr, limit, shift);
193 /* get address length, skiping user info. */
194 static int skp_epaddr_len(const struct nf_conn *ct, const char *dptr,
195 const char *limit, int *shift)
197 const char *start = dptr;
200 /* Search for @, but stop at the end of the line.
201 * We are inside a sip: URI, so we don't need to worry about
202 * continuation lines. */
203 while (dptr < limit &&
204 *dptr != '@' && *dptr != '\r' && *dptr != '\n') {
209 if (dptr < limit && *dptr == '@') {
217 return epaddr_len(ct, dptr, limit, shift);
220 /* Parse a SIP request line of the form:
222 * Request-Line = Method SP Request-URI SP SIP-Version CRLF
224 * and return the offset and length of the address contained in the Request-URI.
226 int ct_sip_parse_request(const struct nf_conn *ct,
227 const char *dptr, unsigned int datalen,
228 unsigned int *matchoff, unsigned int *matchlen,
229 union nf_inet_addr *addr, __be16 *port)
231 const char *start = dptr, *limit = dptr + datalen, *end;
236 /* Skip method and following whitespace */
237 mlen = string_len(ct, dptr, limit, NULL);
245 for (; dptr < limit - strlen("sip:"); dptr++) {
246 if (*dptr == '\r' || *dptr == '\n')
248 if (strnicmp(dptr, "sip:", strlen("sip:")) == 0) {
249 dptr += strlen("sip:");
253 if (!skp_epaddr_len(ct, dptr, limit, &shift))
257 if (!parse_addr(ct, dptr, &end, addr, limit))
259 if (end < limit && *end == ':') {
261 p = simple_strtoul(end, (char **)&end, 10);
262 if (p < 1024 || p > 65535)
266 *port = htons(SIP_PORT);
270 *matchoff = dptr - start;
271 *matchlen = end - dptr;
274 EXPORT_SYMBOL_GPL(ct_sip_parse_request);
276 /* SIP header parsing: SIP headers are located at the beginning of a line, but
277 * may span several lines, in which case the continuation lines begin with a
278 * whitespace character. RFC 2543 allows lines to be terminated with CR, LF or
279 * CRLF, RFC 3261 allows only CRLF, we support both.
281 * Headers are followed by (optionally) whitespace, a colon, again (optionally)
282 * whitespace and the values. Whitespace in this context means any amount of
283 * tabs, spaces and continuation lines, which are treated as a single whitespace
286 * Some headers may appear multiple times. A comma seperated list of values is
287 * equivalent to multiple headers.
289 static const struct sip_header ct_sip_hdrs[] = {
290 [SIP_HDR_CSEQ] = SIP_HDR("CSeq", NULL, NULL, digits_len),
291 [SIP_HDR_FROM] = SIP_HDR("From", "f", "sip:", skp_epaddr_len),
292 [SIP_HDR_TO] = SIP_HDR("To", "t", "sip:", skp_epaddr_len),
293 [SIP_HDR_CONTACT] = SIP_HDR("Contact", "m", "sip:", skp_epaddr_len),
294 [SIP_HDR_VIA_UDP] = SIP_HDR("Via", "v", "UDP ", epaddr_len),
295 [SIP_HDR_VIA_TCP] = SIP_HDR("Via", "v", "TCP ", epaddr_len),
296 [SIP_HDR_EXPIRES] = SIP_HDR("Expires", NULL, NULL, digits_len),
297 [SIP_HDR_CONTENT_LENGTH] = SIP_HDR("Content-Length", "l", NULL, digits_len),
300 static const char *sip_follow_continuation(const char *dptr, const char *limit)
302 /* Walk past newline */
306 /* Skip '\n' in CR LF */
307 if (*(dptr - 1) == '\r' && *dptr == '\n') {
312 /* Continuation line? */
313 if (*dptr != ' ' && *dptr != '\t')
316 /* skip leading whitespace */
317 for (; dptr < limit; dptr++) {
318 if (*dptr != ' ' && *dptr != '\t')
324 static const char *sip_skip_whitespace(const char *dptr, const char *limit)
326 for (; dptr < limit; dptr++) {
329 if (*dptr != '\r' && *dptr != '\n')
331 dptr = sip_follow_continuation(dptr, limit);
338 /* Search within a SIP header value, dealing with continuation lines */
339 static const char *ct_sip_header_search(const char *dptr, const char *limit,
340 const char *needle, unsigned int len)
342 for (limit -= len; dptr < limit; dptr++) {
343 if (*dptr == '\r' || *dptr == '\n') {
344 dptr = sip_follow_continuation(dptr, limit);
350 if (strnicmp(dptr, needle, len) == 0)
356 int ct_sip_get_header(const struct nf_conn *ct, const char *dptr,
357 unsigned int dataoff, unsigned int datalen,
358 enum sip_header_types type,
359 unsigned int *matchoff, unsigned int *matchlen)
361 const struct sip_header *hdr = &ct_sip_hdrs[type];
362 const char *start = dptr, *limit = dptr + datalen;
365 for (dptr += dataoff; dptr < limit; dptr++) {
366 /* Find beginning of line */
367 if (*dptr != '\r' && *dptr != '\n')
371 if (*(dptr - 1) == '\r' && *dptr == '\n') {
376 /* Skip continuation lines */
377 if (*dptr == ' ' || *dptr == '\t')
380 /* Find header. Compact headers must be followed by a
381 * non-alphabetic character to avoid mismatches. */
382 if (limit - dptr >= hdr->len &&
383 strnicmp(dptr, hdr->name, hdr->len) == 0)
385 else if (hdr->cname && limit - dptr >= hdr->clen + 1 &&
386 strnicmp(dptr, hdr->cname, hdr->clen) == 0 &&
387 !isalpha(*(dptr + hdr->clen)))
392 /* Find and skip colon */
393 dptr = sip_skip_whitespace(dptr, limit);
396 if (*dptr != ':' || ++dptr >= limit)
399 /* Skip whitespace after colon */
400 dptr = sip_skip_whitespace(dptr, limit);
404 *matchoff = dptr - start;
406 dptr = ct_sip_header_search(dptr, limit, hdr->search,
413 *matchlen = hdr->match_len(ct, dptr, limit, &shift);
416 *matchoff = dptr - start + shift;
421 EXPORT_SYMBOL_GPL(ct_sip_get_header);
423 /* Get next header field in a list of comma seperated values */
424 static int ct_sip_next_header(const struct nf_conn *ct, const char *dptr,
425 unsigned int dataoff, unsigned int datalen,
426 enum sip_header_types type,
427 unsigned int *matchoff, unsigned int *matchlen)
429 const struct sip_header *hdr = &ct_sip_hdrs[type];
430 const char *start = dptr, *limit = dptr + datalen;
435 dptr = ct_sip_header_search(dptr, limit, ",", strlen(","));
439 dptr = ct_sip_header_search(dptr, limit, hdr->search, hdr->slen);
444 *matchoff = dptr - start;
445 *matchlen = hdr->match_len(ct, dptr, limit, &shift);
452 /* Walk through headers until a parsable one is found or no header of the
453 * given type is left. */
454 static int ct_sip_walk_headers(const struct nf_conn *ct, const char *dptr,
455 unsigned int dataoff, unsigned int datalen,
456 enum sip_header_types type, int *in_header,
457 unsigned int *matchoff, unsigned int *matchlen)
461 if (in_header && *in_header) {
463 ret = ct_sip_next_header(ct, dptr, dataoff, datalen,
464 type, matchoff, matchlen);
469 dataoff += *matchoff;
475 ret = ct_sip_get_header(ct, dptr, dataoff, datalen,
476 type, matchoff, matchlen);
481 dataoff += *matchoff;
489 /* Locate a SIP header, parse the URI and return the offset and length of
490 * the address as well as the address and port themselves. A stream of
491 * headers can be parsed by handing in a non-NULL datalen and in_header
494 int ct_sip_parse_header_uri(const struct nf_conn *ct, const char *dptr,
495 unsigned int *dataoff, unsigned int datalen,
496 enum sip_header_types type, int *in_header,
497 unsigned int *matchoff, unsigned int *matchlen,
498 union nf_inet_addr *addr, __be16 *port)
500 const char *c, *limit = dptr + datalen;
504 ret = ct_sip_walk_headers(ct, dptr, dataoff ? *dataoff : 0, datalen,
505 type, in_header, matchoff, matchlen);
510 if (!parse_addr(ct, dptr + *matchoff, &c, addr, limit))
514 p = simple_strtoul(c, (char **)&c, 10);
515 if (p < 1024 || p > 65535)
519 *port = htons(SIP_PORT);
525 EXPORT_SYMBOL_GPL(ct_sip_parse_header_uri);
527 static int ct_sip_parse_param(const struct nf_conn *ct, const char *dptr,
528 unsigned int dataoff, unsigned int datalen,
530 unsigned int *matchoff, unsigned int *matchlen)
532 const char *limit = dptr + datalen;
536 limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(","));
538 limit = dptr + datalen;
540 start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name));
543 start += strlen(name);
545 end = ct_sip_header_search(start, limit, ";", strlen(";"));
549 *matchoff = start - dptr;
550 *matchlen = end - start;
554 /* Parse address from header parameter and return address, offset and length */
555 int ct_sip_parse_address_param(const struct nf_conn *ct, const char *dptr,
556 unsigned int dataoff, unsigned int datalen,
558 unsigned int *matchoff, unsigned int *matchlen,
559 union nf_inet_addr *addr)
561 const char *limit = dptr + datalen;
562 const char *start, *end;
564 limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(","));
566 limit = dptr + datalen;
568 start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name));
572 start += strlen(name);
573 if (!parse_addr(ct, start, &end, addr, limit))
575 *matchoff = start - dptr;
576 *matchlen = end - start;
579 EXPORT_SYMBOL_GPL(ct_sip_parse_address_param);
581 /* Parse numerical header parameter and return value, offset and length */
582 int ct_sip_parse_numerical_param(const struct nf_conn *ct, const char *dptr,
583 unsigned int dataoff, unsigned int datalen,
585 unsigned int *matchoff, unsigned int *matchlen,
588 const char *limit = dptr + datalen;
592 limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(","));
594 limit = dptr + datalen;
596 start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name));
600 start += strlen(name);
601 *val = simple_strtoul(start, &end, 0);
604 if (matchoff && matchlen) {
605 *matchoff = start - dptr;
606 *matchlen = end - start;
610 EXPORT_SYMBOL_GPL(ct_sip_parse_numerical_param);
612 static int ct_sip_parse_transport(struct nf_conn *ct, const char *dptr,
613 unsigned int dataoff, unsigned int datalen,
616 unsigned int matchoff, matchlen;
618 if (ct_sip_parse_param(ct, dptr, dataoff, datalen, "transport=",
619 &matchoff, &matchlen)) {
620 if (!strnicmp(dptr + matchoff, "TCP", strlen("TCP")))
621 *proto = IPPROTO_TCP;
622 else if (!strnicmp(dptr + matchoff, "UDP", strlen("UDP")))
623 *proto = IPPROTO_UDP;
627 if (*proto != nf_ct_protonum(ct))
630 *proto = nf_ct_protonum(ct);
635 /* SDP header parsing: a SDP session description contains an ordered set of
636 * headers, starting with a section containing general session parameters,
637 * optionally followed by multiple media descriptions.
639 * SDP headers always start at the beginning of a line. According to RFC 2327:
640 * "The sequence CRLF (0x0d0a) is used to end a record, although parsers should
641 * be tolerant and also accept records terminated with a single newline
642 * character". We handle both cases.
644 static const struct sip_header ct_sdp_hdrs[] = {
645 [SDP_HDR_VERSION] = SDP_HDR("v=", NULL, digits_len),
646 [SDP_HDR_OWNER_IP4] = SDP_HDR("o=", "IN IP4 ", epaddr_len),
647 [SDP_HDR_CONNECTION_IP4] = SDP_HDR("c=", "IN IP4 ", epaddr_len),
648 [SDP_HDR_OWNER_IP6] = SDP_HDR("o=", "IN IP6 ", epaddr_len),
649 [SDP_HDR_CONNECTION_IP6] = SDP_HDR("c=", "IN IP6 ", epaddr_len),
650 [SDP_HDR_MEDIA] = SDP_HDR("m=", NULL, media_len),
653 /* Linear string search within SDP header values */
654 static const char *ct_sdp_header_search(const char *dptr, const char *limit,
655 const char *needle, unsigned int len)
657 for (limit -= len; dptr < limit; dptr++) {
658 if (*dptr == '\r' || *dptr == '\n')
660 if (strncmp(dptr, needle, len) == 0)
666 /* Locate a SDP header (optionally a substring within the header value),
667 * optionally stopping at the first occurence of the term header, parse
668 * it and return the offset and length of the data we're interested in.
670 int ct_sip_get_sdp_header(const struct nf_conn *ct, const char *dptr,
671 unsigned int dataoff, unsigned int datalen,
672 enum sdp_header_types type,
673 enum sdp_header_types term,
674 unsigned int *matchoff, unsigned int *matchlen)
676 const struct sip_header *hdr = &ct_sdp_hdrs[type];
677 const struct sip_header *thdr = &ct_sdp_hdrs[term];
678 const char *start = dptr, *limit = dptr + datalen;
681 for (dptr += dataoff; dptr < limit; dptr++) {
682 /* Find beginning of line */
683 if (*dptr != '\r' && *dptr != '\n')
687 if (*(dptr - 1) == '\r' && *dptr == '\n') {
692 if (term != SDP_HDR_UNSPEC &&
693 limit - dptr >= thdr->len &&
694 strnicmp(dptr, thdr->name, thdr->len) == 0)
696 else if (limit - dptr >= hdr->len &&
697 strnicmp(dptr, hdr->name, hdr->len) == 0)
702 *matchoff = dptr - start;
704 dptr = ct_sdp_header_search(dptr, limit, hdr->search,
711 *matchlen = hdr->match_len(ct, dptr, limit, &shift);
714 *matchoff = dptr - start + shift;
719 EXPORT_SYMBOL_GPL(ct_sip_get_sdp_header);
721 static int ct_sip_parse_sdp_addr(const struct nf_conn *ct, const char *dptr,
722 unsigned int dataoff, unsigned int datalen,
723 enum sdp_header_types type,
724 enum sdp_header_types term,
725 unsigned int *matchoff, unsigned int *matchlen,
726 union nf_inet_addr *addr)
730 ret = ct_sip_get_sdp_header(ct, dptr, dataoff, datalen, type, term,
735 if (!parse_addr(ct, dptr + *matchoff, NULL, addr,
736 dptr + *matchoff + *matchlen))
741 static int refresh_signalling_expectation(struct nf_conn *ct,
742 union nf_inet_addr *addr,
743 u8 proto, __be16 port,
744 unsigned int expires)
746 struct nf_conn_help *help = nfct_help(ct);
747 struct nf_conntrack_expect *exp;
748 struct hlist_node *n, *next;
751 spin_lock_bh(&nf_conntrack_lock);
752 hlist_for_each_entry_safe(exp, n, next, &help->expectations, lnode) {
753 if (exp->class != SIP_EXPECT_SIGNALLING ||
754 !nf_inet_addr_cmp(&exp->tuple.dst.u3, addr) ||
755 exp->tuple.dst.protonum != proto ||
756 exp->tuple.dst.u.udp.port != port)
758 if (!del_timer(&exp->timeout))
760 exp->flags &= ~NF_CT_EXPECT_INACTIVE;
761 exp->timeout.expires = jiffies + expires * HZ;
762 add_timer(&exp->timeout);
766 spin_unlock_bh(&nf_conntrack_lock);
770 static void flush_expectations(struct nf_conn *ct, bool media)
772 struct nf_conn_help *help = nfct_help(ct);
773 struct nf_conntrack_expect *exp;
774 struct hlist_node *n, *next;
776 spin_lock_bh(&nf_conntrack_lock);
777 hlist_for_each_entry_safe(exp, n, next, &help->expectations, lnode) {
778 if ((exp->class != SIP_EXPECT_SIGNALLING) ^ media)
780 if (!del_timer(&exp->timeout))
782 nf_ct_unlink_expect(exp);
783 nf_ct_expect_put(exp);
787 spin_unlock_bh(&nf_conntrack_lock);
790 static int set_expected_rtp_rtcp(struct sk_buff *skb, unsigned int dataoff,
791 const char **dptr, unsigned int *datalen,
792 union nf_inet_addr *daddr, __be16 port,
793 enum sip_expectation_classes class,
794 unsigned int mediaoff, unsigned int medialen)
796 struct nf_conntrack_expect *exp, *rtp_exp, *rtcp_exp;
797 enum ip_conntrack_info ctinfo;
798 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
799 struct net *net = nf_ct_net(ct);
800 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
801 union nf_inet_addr *saddr;
802 struct nf_conntrack_tuple tuple;
803 int direct_rtp = 0, skip_expect = 0, ret = NF_DROP;
805 __be16 rtp_port, rtcp_port;
806 typeof(nf_nat_sdp_port_hook) nf_nat_sdp_port;
807 typeof(nf_nat_sdp_media_hook) nf_nat_sdp_media;
810 if (sip_direct_media) {
811 if (!nf_inet_addr_cmp(daddr, &ct->tuplehash[dir].tuple.src.u3))
813 saddr = &ct->tuplehash[!dir].tuple.src.u3;
816 /* We need to check whether the registration exists before attempting
817 * to register it since we can see the same media description multiple
818 * times on different connections in case multiple endpoints receive
821 * RTP optimization: if we find a matching media channel expectation
822 * and both the expectation and this connection are SNATed, we assume
823 * both sides can reach each other directly and use the final
824 * destination address from the expectation. We still need to keep
825 * the NATed expectations for media that might arrive from the
826 * outside, and additionally need to expect the direct RTP stream
827 * in case it passes through us even without NAT.
829 memset(&tuple, 0, sizeof(tuple));
831 tuple.src.u3 = *saddr;
832 tuple.src.l3num = nf_ct_l3num(ct);
833 tuple.dst.protonum = IPPROTO_UDP;
834 tuple.dst.u3 = *daddr;
835 tuple.dst.u.udp.port = port;
839 exp = __nf_ct_expect_find(net, &tuple);
841 if (!exp || exp->master == ct ||
842 nfct_help(exp->master)->helper != nfct_help(ct)->helper ||
845 #ifdef CONFIG_NF_NAT_NEEDED
846 if (exp->tuple.src.l3num == AF_INET && !direct_rtp &&
847 (exp->saved_ip != exp->tuple.dst.u3.ip ||
848 exp->saved_proto.udp.port != exp->tuple.dst.u.udp.port) &&
849 ct->status & IPS_NAT_MASK) {
850 daddr->ip = exp->saved_ip;
851 tuple.dst.u3.ip = exp->saved_ip;
852 tuple.dst.u.udp.port = exp->saved_proto.udp.port;
857 } while (!skip_expect);
860 base_port = ntohs(tuple.dst.u.udp.port) & ~1;
861 rtp_port = htons(base_port);
862 rtcp_port = htons(base_port + 1);
865 nf_nat_sdp_port = rcu_dereference(nf_nat_sdp_port_hook);
866 if (nf_nat_sdp_port &&
867 !nf_nat_sdp_port(skb, dataoff, dptr, datalen,
868 mediaoff, medialen, ntohs(rtp_port)))
875 rtp_exp = nf_ct_expect_alloc(ct);
878 nf_ct_expect_init(rtp_exp, class, nf_ct_l3num(ct), saddr, daddr,
879 IPPROTO_UDP, NULL, &rtp_port);
881 rtcp_exp = nf_ct_expect_alloc(ct);
882 if (rtcp_exp == NULL)
884 nf_ct_expect_init(rtcp_exp, class, nf_ct_l3num(ct), saddr, daddr,
885 IPPROTO_UDP, NULL, &rtcp_port);
887 nf_nat_sdp_media = rcu_dereference(nf_nat_sdp_media_hook);
888 if (nf_nat_sdp_media && ct->status & IPS_NAT_MASK && !direct_rtp)
889 ret = nf_nat_sdp_media(skb, dataoff, dptr, datalen,
891 mediaoff, medialen, daddr);
893 if (nf_ct_expect_related(rtp_exp) == 0) {
894 if (nf_ct_expect_related(rtcp_exp) != 0)
895 nf_ct_unexpect_related(rtp_exp);
900 nf_ct_expect_put(rtcp_exp);
902 nf_ct_expect_put(rtp_exp);
907 static const struct sdp_media_type sdp_media_types[] = {
908 SDP_MEDIA_TYPE("audio ", SIP_EXPECT_AUDIO),
909 SDP_MEDIA_TYPE("video ", SIP_EXPECT_VIDEO),
912 static const struct sdp_media_type *sdp_media_type(const char *dptr,
913 unsigned int matchoff,
914 unsigned int matchlen)
916 const struct sdp_media_type *t;
919 for (i = 0; i < ARRAY_SIZE(sdp_media_types); i++) {
920 t = &sdp_media_types[i];
921 if (matchlen < t->len ||
922 strncmp(dptr + matchoff, t->name, t->len))
929 static int process_sdp(struct sk_buff *skb, unsigned int dataoff,
930 const char **dptr, unsigned int *datalen,
933 enum ip_conntrack_info ctinfo;
934 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
935 struct nf_conn_help *help = nfct_help(ct);
936 unsigned int matchoff, matchlen;
937 unsigned int mediaoff, medialen;
939 unsigned int caddr_len, maddr_len;
941 union nf_inet_addr caddr, maddr, rtp_addr;
943 enum sdp_header_types c_hdr;
944 const struct sdp_media_type *t;
946 typeof(nf_nat_sdp_addr_hook) nf_nat_sdp_addr;
947 typeof(nf_nat_sdp_session_hook) nf_nat_sdp_session;
949 nf_nat_sdp_addr = rcu_dereference(nf_nat_sdp_addr_hook);
950 c_hdr = nf_ct_l3num(ct) == AF_INET ? SDP_HDR_CONNECTION_IP4 :
951 SDP_HDR_CONNECTION_IP6;
953 /* Find beginning of session description */
954 if (ct_sip_get_sdp_header(ct, *dptr, 0, *datalen,
955 SDP_HDR_VERSION, SDP_HDR_UNSPEC,
956 &matchoff, &matchlen) <= 0)
960 /* The connection information is contained in the session description
961 * and/or once per media description. The first media description marks
962 * the end of the session description. */
964 if (ct_sip_parse_sdp_addr(ct, *dptr, sdpoff, *datalen,
965 c_hdr, SDP_HDR_MEDIA,
966 &matchoff, &matchlen, &caddr) > 0)
967 caddr_len = matchlen;
970 for (i = 0; i < ARRAY_SIZE(sdp_media_types); ) {
971 if (ct_sip_get_sdp_header(ct, *dptr, mediaoff, *datalen,
972 SDP_HDR_MEDIA, SDP_HDR_UNSPEC,
973 &mediaoff, &medialen) <= 0)
976 /* Get media type and port number. A media port value of zero
977 * indicates an inactive stream. */
978 t = sdp_media_type(*dptr, mediaoff, medialen);
980 mediaoff += medialen;
986 port = simple_strtoul(*dptr + mediaoff, NULL, 10);
989 if (port < 1024 || port > 65535)
992 /* The media description overrides the session description. */
994 if (ct_sip_parse_sdp_addr(ct, *dptr, mediaoff, *datalen,
995 c_hdr, SDP_HDR_MEDIA,
996 &matchoff, &matchlen, &maddr) > 0) {
997 maddr_len = matchlen;
998 memcpy(&rtp_addr, &maddr, sizeof(rtp_addr));
999 } else if (caddr_len)
1000 memcpy(&rtp_addr, &caddr, sizeof(rtp_addr));
1004 ret = set_expected_rtp_rtcp(skb, dataoff, dptr, datalen,
1005 &rtp_addr, htons(port), t->class,
1006 mediaoff, medialen);
1007 if (ret != NF_ACCEPT)
1010 /* Update media connection address if present */
1011 if (maddr_len && nf_nat_sdp_addr && ct->status & IPS_NAT_MASK) {
1012 ret = nf_nat_sdp_addr(skb, dataoff, dptr, datalen,
1013 mediaoff, c_hdr, SDP_HDR_MEDIA,
1015 if (ret != NF_ACCEPT)
1021 /* Update session connection and owner addresses */
1022 nf_nat_sdp_session = rcu_dereference(nf_nat_sdp_session_hook);
1023 if (nf_nat_sdp_session && ct->status & IPS_NAT_MASK)
1024 ret = nf_nat_sdp_session(skb, dataoff, dptr, datalen, sdpoff,
1027 if (ret == NF_ACCEPT && i > 0)
1028 help->help.ct_sip_info.invite_cseq = cseq;
1032 static int process_invite_response(struct sk_buff *skb, unsigned int dataoff,
1033 const char **dptr, unsigned int *datalen,
1034 unsigned int cseq, unsigned int code)
1036 enum ip_conntrack_info ctinfo;
1037 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1038 struct nf_conn_help *help = nfct_help(ct);
1040 if ((code >= 100 && code <= 199) ||
1041 (code >= 200 && code <= 299))
1042 return process_sdp(skb, dataoff, dptr, datalen, cseq);
1043 else if (help->help.ct_sip_info.invite_cseq == cseq)
1044 flush_expectations(ct, true);
1048 static int process_update_response(struct sk_buff *skb, unsigned int dataoff,
1049 const char **dptr, unsigned int *datalen,
1050 unsigned int cseq, unsigned int code)
1052 enum ip_conntrack_info ctinfo;
1053 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1054 struct nf_conn_help *help = nfct_help(ct);
1056 if ((code >= 100 && code <= 199) ||
1057 (code >= 200 && code <= 299))
1058 return process_sdp(skb, dataoff, dptr, datalen, cseq);
1059 else if (help->help.ct_sip_info.invite_cseq == cseq)
1060 flush_expectations(ct, true);
1064 static int process_prack_response(struct sk_buff *skb, unsigned int dataoff,
1065 const char **dptr, unsigned int *datalen,
1066 unsigned int cseq, unsigned int code)
1068 enum ip_conntrack_info ctinfo;
1069 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1070 struct nf_conn_help *help = nfct_help(ct);
1072 if ((code >= 100 && code <= 199) ||
1073 (code >= 200 && code <= 299))
1074 return process_sdp(skb, dataoff, dptr, datalen, cseq);
1075 else if (help->help.ct_sip_info.invite_cseq == cseq)
1076 flush_expectations(ct, true);
1080 static int process_bye_request(struct sk_buff *skb, unsigned int dataoff,
1081 const char **dptr, unsigned int *datalen,
1084 enum ip_conntrack_info ctinfo;
1085 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1087 flush_expectations(ct, true);
1091 /* Parse a REGISTER request and create a permanent expectation for incoming
1092 * signalling connections. The expectation is marked inactive and is activated
1093 * when receiving a response indicating success from the registrar.
1095 static int process_register_request(struct sk_buff *skb, unsigned int dataoff,
1096 const char **dptr, unsigned int *datalen,
1099 enum ip_conntrack_info ctinfo;
1100 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1101 struct nf_conn_help *help = nfct_help(ct);
1102 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
1103 unsigned int matchoff, matchlen;
1104 struct nf_conntrack_expect *exp;
1105 union nf_inet_addr *saddr, daddr;
1108 unsigned int expires = 0;
1110 typeof(nf_nat_sip_expect_hook) nf_nat_sip_expect;
1112 /* Expected connections can not register again. */
1113 if (ct->status & IPS_EXPECTED)
1116 /* We must check the expiration time: a value of zero signals the
1117 * registrar to release the binding. We'll remove our expectation
1118 * when receiving the new bindings in the response, but we don't
1119 * want to create new ones.
1121 * The expiration time may be contained in Expires: header, the
1122 * Contact: header parameters or the URI parameters.
1124 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_EXPIRES,
1125 &matchoff, &matchlen) > 0)
1126 expires = simple_strtoul(*dptr + matchoff, NULL, 10);
1128 ret = ct_sip_parse_header_uri(ct, *dptr, NULL, *datalen,
1129 SIP_HDR_CONTACT, NULL,
1130 &matchoff, &matchlen, &daddr, &port);
1136 /* We don't support third-party registrations */
1137 if (!nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.src.u3, &daddr))
1140 if (ct_sip_parse_transport(ct, *dptr, matchoff + matchlen, *datalen,
1144 if (ct_sip_parse_numerical_param(ct, *dptr,
1145 matchoff + matchlen, *datalen,
1146 "expires=", NULL, NULL, &expires) < 0)
1154 exp = nf_ct_expect_alloc(ct);
1159 if (sip_direct_signalling)
1160 saddr = &ct->tuplehash[!dir].tuple.src.u3;
1162 nf_ct_expect_init(exp, SIP_EXPECT_SIGNALLING, nf_ct_l3num(ct),
1163 saddr, &daddr, proto, NULL, &port);
1164 exp->timeout.expires = sip_timeout * HZ;
1165 exp->helper = nfct_help(ct)->helper;
1166 exp->flags = NF_CT_EXPECT_PERMANENT | NF_CT_EXPECT_INACTIVE;
1168 nf_nat_sip_expect = rcu_dereference(nf_nat_sip_expect_hook);
1169 if (nf_nat_sip_expect && ct->status & IPS_NAT_MASK)
1170 ret = nf_nat_sip_expect(skb, dataoff, dptr, datalen, exp,
1171 matchoff, matchlen);
1173 if (nf_ct_expect_related(exp) != 0)
1178 nf_ct_expect_put(exp);
1181 if (ret == NF_ACCEPT)
1182 help->help.ct_sip_info.register_cseq = cseq;
1186 static int process_register_response(struct sk_buff *skb, unsigned int dataoff,
1187 const char **dptr, unsigned int *datalen,
1188 unsigned int cseq, unsigned int code)
1190 enum ip_conntrack_info ctinfo;
1191 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1192 struct nf_conn_help *help = nfct_help(ct);
1193 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
1194 union nf_inet_addr addr;
1197 unsigned int matchoff, matchlen, coff = 0;
1198 unsigned int expires = 0;
1199 int in_contact = 0, ret;
1201 /* According to RFC 3261, "UAs MUST NOT send a new registration until
1202 * they have received a final response from the registrar for the
1203 * previous one or the previous REGISTER request has timed out".
1205 * However, some servers fail to detect retransmissions and send late
1206 * responses, so we store the sequence number of the last valid
1207 * request and compare it here.
1209 if (help->help.ct_sip_info.register_cseq != cseq)
1212 if (code >= 100 && code <= 199)
1214 if (code < 200 || code > 299)
1217 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_EXPIRES,
1218 &matchoff, &matchlen) > 0)
1219 expires = simple_strtoul(*dptr + matchoff, NULL, 10);
1222 unsigned int c_expires = expires;
1224 ret = ct_sip_parse_header_uri(ct, *dptr, &coff, *datalen,
1225 SIP_HDR_CONTACT, &in_contact,
1226 &matchoff, &matchlen,
1233 /* We don't support third-party registrations */
1234 if (!nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.dst.u3, &addr))
1237 if (ct_sip_parse_transport(ct, *dptr, matchoff + matchlen,
1238 *datalen, &proto) == 0)
1241 ret = ct_sip_parse_numerical_param(ct, *dptr,
1242 matchoff + matchlen,
1243 *datalen, "expires=",
1244 NULL, NULL, &c_expires);
1249 if (refresh_signalling_expectation(ct, &addr, proto, port,
1255 flush_expectations(ct, false);
1259 static const struct sip_handler sip_handlers[] = {
1260 SIP_HANDLER("INVITE", process_sdp, process_invite_response),
1261 SIP_HANDLER("UPDATE", process_sdp, process_update_response),
1262 SIP_HANDLER("ACK", process_sdp, NULL),
1263 SIP_HANDLER("PRACK", process_sdp, process_prack_response),
1264 SIP_HANDLER("BYE", process_bye_request, NULL),
1265 SIP_HANDLER("REGISTER", process_register_request, process_register_response),
1268 static int process_sip_response(struct sk_buff *skb, unsigned int dataoff,
1269 const char **dptr, unsigned int *datalen)
1271 enum ip_conntrack_info ctinfo;
1272 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1273 unsigned int matchoff, matchlen, matchend;
1274 unsigned int code, cseq, i;
1276 if (*datalen < strlen("SIP/2.0 200"))
1278 code = simple_strtoul(*dptr + strlen("SIP/2.0 "), NULL, 10);
1282 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_CSEQ,
1283 &matchoff, &matchlen) <= 0)
1285 cseq = simple_strtoul(*dptr + matchoff, NULL, 10);
1288 matchend = matchoff + matchlen + 1;
1290 for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) {
1291 const struct sip_handler *handler;
1293 handler = &sip_handlers[i];
1294 if (handler->response == NULL)
1296 if (*datalen < matchend + handler->len ||
1297 strnicmp(*dptr + matchend, handler->method, handler->len))
1299 return handler->response(skb, dataoff, dptr, datalen,
1305 static int process_sip_request(struct sk_buff *skb, unsigned int dataoff,
1306 const char **dptr, unsigned int *datalen)
1308 enum ip_conntrack_info ctinfo;
1309 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1310 unsigned int matchoff, matchlen;
1311 unsigned int cseq, i;
1313 for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) {
1314 const struct sip_handler *handler;
1316 handler = &sip_handlers[i];
1317 if (handler->request == NULL)
1319 if (*datalen < handler->len ||
1320 strnicmp(*dptr, handler->method, handler->len))
1323 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_CSEQ,
1324 &matchoff, &matchlen) <= 0)
1326 cseq = simple_strtoul(*dptr + matchoff, NULL, 10);
1330 return handler->request(skb, dataoff, dptr, datalen, cseq);
1335 static int process_sip_msg(struct sk_buff *skb, struct nf_conn *ct,
1336 unsigned int dataoff, const char **dptr,
1337 unsigned int *datalen)
1339 typeof(nf_nat_sip_hook) nf_nat_sip;
1342 if (strnicmp(*dptr, "SIP/2.0 ", strlen("SIP/2.0 ")) != 0)
1343 ret = process_sip_request(skb, dataoff, dptr, datalen);
1345 ret = process_sip_response(skb, dataoff, dptr, datalen);
1347 if (ret == NF_ACCEPT && ct->status & IPS_NAT_MASK) {
1348 nf_nat_sip = rcu_dereference(nf_nat_sip_hook);
1349 if (nf_nat_sip && !nf_nat_sip(skb, dataoff, dptr, datalen))
1356 static int sip_help_tcp(struct sk_buff *skb, unsigned int protoff,
1357 struct nf_conn *ct, enum ip_conntrack_info ctinfo)
1359 struct tcphdr *th, _tcph;
1360 unsigned int dataoff, datalen;
1361 unsigned int matchoff, matchlen, clen;
1362 unsigned int msglen, origlen;
1363 const char *dptr, *end;
1364 s16 diff, tdiff = 0;
1366 typeof(nf_nat_sip_seq_adjust_hook) nf_nat_sip_seq_adjust;
1368 if (ctinfo != IP_CT_ESTABLISHED &&
1369 ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY)
1373 th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph);
1376 dataoff = protoff + th->doff * 4;
1377 if (dataoff >= skb->len)
1380 nf_ct_refresh(ct, skb, sip_timeout * HZ);
1382 if (skb_is_nonlinear(skb)) {
1383 pr_debug("Copy of skbuff not supported yet.\n");
1387 dptr = skb->data + dataoff;
1388 datalen = skb->len - dataoff;
1389 if (datalen < strlen("SIP/2.0 200"))
1393 if (ct_sip_get_header(ct, dptr, 0, datalen,
1394 SIP_HDR_CONTENT_LENGTH,
1395 &matchoff, &matchlen) <= 0)
1398 clen = simple_strtoul(dptr + matchoff, (char **)&end, 10);
1399 if (dptr + matchoff == end)
1402 if (end + strlen("\r\n\r\n") > dptr + datalen)
1404 if (end[0] != '\r' || end[1] != '\n' ||
1405 end[2] != '\r' || end[3] != '\n')
1407 end += strlen("\r\n\r\n") + clen;
1409 msglen = origlen = end - dptr;
1411 ret = process_sip_msg(skb, ct, dataoff, &dptr, &msglen);
1412 if (ret != NF_ACCEPT)
1414 diff = msglen - origlen;
1419 datalen = datalen + diff - msglen;
1422 if (ret == NF_ACCEPT && ct->status & IPS_NAT_MASK) {
1423 nf_nat_sip_seq_adjust = rcu_dereference(nf_nat_sip_seq_adjust_hook);
1424 if (nf_nat_sip_seq_adjust)
1425 nf_nat_sip_seq_adjust(skb, tdiff);
1431 static int sip_help_udp(struct sk_buff *skb, unsigned int protoff,
1432 struct nf_conn *ct, enum ip_conntrack_info ctinfo)
1434 unsigned int dataoff, datalen;
1438 dataoff = protoff + sizeof(struct udphdr);
1439 if (dataoff >= skb->len)
1442 nf_ct_refresh(ct, skb, sip_timeout * HZ);
1444 if (skb_is_nonlinear(skb)) {
1445 pr_debug("Copy of skbuff not supported yet.\n");
1449 dptr = skb->data + dataoff;
1450 datalen = skb->len - dataoff;
1451 if (datalen < strlen("SIP/2.0 200"))
1454 return process_sip_msg(skb, ct, dataoff, &dptr, &datalen);
1457 static struct nf_conntrack_helper sip[MAX_PORTS][4] __read_mostly;
1458 static char sip_names[MAX_PORTS][4][sizeof("sip-65535")] __read_mostly;
1460 static const struct nf_conntrack_expect_policy sip_exp_policy[SIP_EXPECT_MAX + 1] = {
1461 [SIP_EXPECT_SIGNALLING] = {
1462 .name = "signalling",
1466 [SIP_EXPECT_AUDIO] = {
1468 .max_expected = 2 * IP_CT_DIR_MAX,
1471 [SIP_EXPECT_VIDEO] = {
1473 .max_expected = 2 * IP_CT_DIR_MAX,
1478 static void nf_conntrack_sip_fini(void)
1482 for (i = 0; i < ports_c; i++) {
1483 for (j = 0; j < ARRAY_SIZE(sip[i]); j++) {
1484 if (sip[i][j].me == NULL)
1486 nf_conntrack_helper_unregister(&sip[i][j]);
1491 static int __init nf_conntrack_sip_init(void)
1497 ports[ports_c++] = SIP_PORT;
1499 for (i = 0; i < ports_c; i++) {
1500 memset(&sip[i], 0, sizeof(sip[i]));
1502 sip[i][0].tuple.src.l3num = AF_INET;
1503 sip[i][0].tuple.dst.protonum = IPPROTO_UDP;
1504 sip[i][0].help = sip_help_udp;
1505 sip[i][1].tuple.src.l3num = AF_INET;
1506 sip[i][1].tuple.dst.protonum = IPPROTO_TCP;
1507 sip[i][1].help = sip_help_tcp;
1509 sip[i][2].tuple.src.l3num = AF_INET6;
1510 sip[i][2].tuple.dst.protonum = IPPROTO_UDP;
1511 sip[i][2].help = sip_help_udp;
1512 sip[i][3].tuple.src.l3num = AF_INET6;
1513 sip[i][3].tuple.dst.protonum = IPPROTO_TCP;
1514 sip[i][3].help = sip_help_tcp;
1516 for (j = 0; j < ARRAY_SIZE(sip[i]); j++) {
1517 sip[i][j].tuple.src.u.udp.port = htons(ports[i]);
1518 sip[i][j].expect_policy = sip_exp_policy;
1519 sip[i][j].expect_class_max = SIP_EXPECT_MAX;
1520 sip[i][j].me = THIS_MODULE;
1522 tmpname = &sip_names[i][j][0];
1523 if (ports[i] == SIP_PORT)
1524 sprintf(tmpname, "sip");
1526 sprintf(tmpname, "sip-%u", i);
1527 sip[i][j].name = tmpname;
1529 pr_debug("port #%u: %u\n", i, ports[i]);
1531 ret = nf_conntrack_helper_register(&sip[i][j]);
1533 printk("nf_ct_sip: failed to register helper "
1534 "for pf: %u port: %u\n",
1535 sip[i][j].tuple.src.l3num, ports[i]);
1536 nf_conntrack_sip_fini();
1544 module_init(nf_conntrack_sip_init);
1545 module_exit(nf_conntrack_sip_fini);