net/netfilter/nf_conntrack_sip.c

   1 /* SIP extension for IP connection tracking.
   2  *
   3  * (C) 2005 by Christian Hentschel <chentschel@arnet.com.ar>
   4  * based on RR's ip_conntrack_ftp.c and other modules.
   5  * (C) 2007 United Security Providers
   6  * (C) 2007, 2008 Patrick McHardy <kaber@trash.net>
   7  *
   8  * This program is free software; you can redistribute it and/or modify
   9  * it under the terms of the GNU General Public License version 2 as
  10  * published by the Free Software Foundation.
  11  */
  12
  13 #include <linux/module.h>
  14 #include <linux/ctype.h>
  15 #include <linux/skbuff.h>
  16 #include <linux/inet.h>
  17 #include <linux/in.h>
  18 #include <linux/udp.h>
  19 #include <linux/netfilter.h>
  20
  21 #include <net/netfilter/nf_conntrack.h>
  22 #include <net/netfilter/nf_conntrack_core.h>
  23 #include <net/netfilter/nf_conntrack_expect.h>
  24 #include <net/netfilter/nf_conntrack_helper.h>
  25 #include <linux/netfilter/nf_conntrack_sip.h>
  26
  27 MODULE_LICENSE("GPL");
  28 MODULE_AUTHOR("Christian Hentschel <chentschel@arnet.com.ar>");
  29 MODULE_DESCRIPTION("SIP connection tracking helper");
  30 MODULE_ALIAS("ip_conntrack_sip");
  31 MODULE_ALIAS_NFCT_HELPER("sip");
  32
  33 #define MAX_PORTS       8
  34 static unsigned short ports[MAX_PORTS];
  35 static unsigned int ports_c;
  36 module_param_array(ports, ushort, &ports_c, 0400);
  37 MODULE_PARM_DESC(ports, "port numbers of SIP servers");
  38
  39 static unsigned int sip_timeout __read_mostly = SIP_TIMEOUT;
  40 module_param(sip_timeout, uint, 0600);
  41 MODULE_PARM_DESC(sip_timeout, "timeout for the master SIP session");
  42
  43 static int sip_direct_signalling __read_mostly = 1;
  44 module_param(sip_direct_signalling, int, 0600);
  45 MODULE_PARM_DESC(sip_direct_signalling, "expect incoming calls from registrar "
  46                                         "only (default 1)");
  47
  48 static int sip_direct_media __read_mostly = 1;
  49 module_param(sip_direct_media, int, 0600);
  50 MODULE_PARM_DESC(sip_direct_media, "Expect Media streams between signalling "
  51                                    "endpoints only (default 1)");
  52
  53 unsigned int (*nf_nat_sip_hook)(struct sk_buff *skb,
  54                                 const char **dptr,
  55                                 unsigned int *datalen) __read_mostly;
  56 EXPORT_SYMBOL_GPL(nf_nat_sip_hook);
  57
  58 unsigned int (*nf_nat_sip_expect_hook)(struct sk_buff *skb,
  59                                        const char **dptr,
  60                                        unsigned int *datalen,
  61                                        struct nf_conntrack_expect *exp,
  62                                        unsigned int matchoff,
  63                                        unsigned int matchlen) __read_mostly;
  64 EXPORT_SYMBOL_GPL(nf_nat_sip_expect_hook);
  65
  66 unsigned int (*nf_nat_sdp_addr_hook)(struct sk_buff *skb,
  67                                      const char **dptr,
  68                                      unsigned int dataoff,
  69                                      unsigned int *datalen,
  70                                      enum sdp_header_types type,
  71                                      enum sdp_header_types term,
  72                                      const union nf_inet_addr *addr)
  73                                      __read_mostly;
  74 EXPORT_SYMBOL_GPL(nf_nat_sdp_addr_hook);
  75
  76 unsigned int (*nf_nat_sdp_port_hook)(struct sk_buff *skb,
  77                                      const char **dptr,
  78                                      unsigned int *datalen,
  79                                      unsigned int matchoff,
  80                                      unsigned int matchlen,
  81                                      u_int16_t port) __read_mostly;
  82 EXPORT_SYMBOL_GPL(nf_nat_sdp_port_hook);
  83
  84 unsigned int (*nf_nat_sdp_session_hook)(struct sk_buff *skb,
  85                                         const char **dptr,
  86                                         unsigned int dataoff,
  87                                         unsigned int *datalen,
  88                                         const union nf_inet_addr *addr)
  89                                         __read_mostly;
  90 EXPORT_SYMBOL_GPL(nf_nat_sdp_session_hook);
  91
  92 unsigned int (*nf_nat_sdp_media_hook)(struct sk_buff *skb,
  93                                       const char **dptr,
  94                                       unsigned int *datalen,
  95                                       struct nf_conntrack_expect *rtp_exp,
  96                                       struct nf_conntrack_expect *rtcp_exp,
  97                                       unsigned int mediaoff,
  98                                       unsigned int medialen,
  99                                       union nf_inet_addr *rtp_addr)
 100                                       __read_mostly;
 101 EXPORT_SYMBOL_GPL(nf_nat_sdp_media_hook);
 102
 103 static int string_len(const struct nf_conn *ct, const char *dptr,
 104                       const char *limit, int *shift)
 105 {
 106         int len = 0;
 107
 108         while (dptr < limit && isalpha(*dptr)) {
 109                 dptr++;
 110                 len++;
 111         }
 112         return len;
 113 }
 114
 115 static int digits_len(const struct nf_conn *ct, const char *dptr,
 116                       const char *limit, int *shift)
 117 {
 118         int len = 0;
 119         while (dptr < limit && isdigit(*dptr)) {
 120                 dptr++;
 121                 len++;
 122         }
 123         return len;
 124 }
 125
 126 /* get media type + port length */
 127 static int media_len(const struct nf_conn *ct, const char *dptr,
 128                      const char *limit, int *shift)
 129 {
 130         int len = string_len(ct, dptr, limit, shift);
 131
 132         dptr += len;
 133         if (dptr >= limit || *dptr != ' ')
 134                 return 0;
 135         len++;
 136         dptr++;
 137
 138         return len + digits_len(ct, dptr, limit, shift);
 139 }
 140
 141 static int parse_addr(const struct nf_conn *ct, const char *cp,
 142                       const char **endp, union nf_inet_addr *addr,
 143                       const char *limit)
 144 {
 145         const char *end;
 146         int ret = 0;
 147
 148         memset(addr, 0, sizeof(*addr));
 149         switch (nf_ct_l3num(ct)) {
 150         case AF_INET:
 151                 ret = in4_pton(cp, limit - cp, (u8 *)&addr->ip, -1, &end);
 152                 break;
 153         case AF_INET6:
 154                 ret = in6_pton(cp, limit - cp, (u8 *)&addr->ip6, -1, &end);
 155                 break;
 156         default:
 157                 BUG();
 158         }
 159
 160         if (ret == 0 || end == cp)
 161                 return 0;
 162         if (endp)
 163                 *endp = end;
 164         return 1;
 165 }
 166
 167 /* skip ip address. returns its length. */
 168 static int epaddr_len(const struct nf_conn *ct, const char *dptr,
 169                       const char *limit, int *shift)
 170 {
 171         union nf_inet_addr addr;
 172         const char *aux = dptr;
 173
 174         if (!parse_addr(ct, dptr, &dptr, &addr, limit)) {
 175                 pr_debug("ip: %s parse failed.!\n", dptr);
 176                 return 0;
 177         }
 178
 179         /* Port number */
 180         if (*dptr == ':') {
 181                 dptr++;
 182                 dptr += digits_len(ct, dptr, limit, shift);
 183         }
 184         return dptr - aux;
 185 }
 186
 187 /* get address length, skiping user info. */
 188 static int skp_epaddr_len(const struct nf_conn *ct, const char *dptr,
 189                           const char *limit, int *shift)
 190 {
 191         const char *start = dptr;
 192         int s = *shift;
 193
 194         /* Search for @, but stop at the end of the line.
 195          * We are inside a sip: URI, so we don't need to worry about
 196          * continuation lines. */
 197         while (dptr < limit &&
 198                *dptr != '@' && *dptr != '\r' && *dptr != '\n') {
 199                 (*shift)++;
 200                 dptr++;
 201         }
 202
 203         if (dptr < limit && *dptr == '@') {
 204                 dptr++;
 205                 (*shift)++;
 206         } else {
 207                 dptr = start;
 208                 *shift = s;
 209         }
 210
 211         return epaddr_len(ct, dptr, limit, shift);
 212 }
 213
 214 /* Parse a SIP request line of the form:
 215  *
 216  * Request-Line = Method SP Request-URI SP SIP-Version CRLF
 217  *
 218  * and return the offset and length of the address contained in the Request-URI.
 219  */
 220 int ct_sip_parse_request(const struct nf_conn *ct,
 221                          const char *dptr, unsigned int datalen,
 222                          unsigned int *matchoff, unsigned int *matchlen,
 223                          union nf_inet_addr *addr, __be16 *port)
 224 {
 225         const char *start = dptr, *limit = dptr + datalen, *end;
 226         unsigned int mlen;
 227         unsigned int p;
 228         int shift = 0;
 229
 230         /* Skip method and following whitespace */
 231         mlen = string_len(ct, dptr, limit, NULL);
 232         if (!mlen)
 233                 return 0;
 234         dptr += mlen;
 235         if (++dptr >= limit)
 236                 return 0;
 237
 238         /* Find SIP URI */
 239         for (; dptr < limit - strlen("sip:"); dptr++) {
 240                 if (*dptr == '\r' || *dptr == '\n')
 241                         return -1;
 242                 if (strnicmp(dptr, "sip:", strlen("sip:")) == 0) {
 243                         dptr += strlen("sip:");
 244                         break;
 245                 }
 246         }
 247         if (!skp_epaddr_len(ct, dptr, limit, &shift))
 248                 return 0;
 249         dptr += shift;
 250
 251         if (!parse_addr(ct, dptr, &end, addr, limit))
 252                 return -1;
 253         if (end < limit && *end == ':') {
 254                 end++;
 255                 p = simple_strtoul(end, (char **)&end, 10);
 256                 if (p < 1024 || p > 65535)
 257                         return -1;
 258                 *port = htons(p);
 259         } else
 260                 *port = htons(SIP_PORT);
 261
 262         if (end == dptr)
 263                 return 0;
 264         *matchoff = dptr - start;
 265         *matchlen = end - dptr;
 266         return 1;
 267 }
 268 EXPORT_SYMBOL_GPL(ct_sip_parse_request);
 269
 270 /* SIP header parsing: SIP headers are located at the beginning of a line, but
 271  * may span several lines, in which case the continuation lines begin with a
 272  * whitespace character. RFC 2543 allows lines to be terminated with CR, LF or
 273  * CRLF, RFC 3261 allows only CRLF, we support both.
 274  *
 275  * Headers are followed by (optionally) whitespace, a colon, again (optionally)
 276  * whitespace and the values. Whitespace in this context means any amount of
 277  * tabs, spaces and continuation lines, which are treated as a single whitespace
 278  * character.
 279  *
 280  * Some headers may appear multiple times. A comma seperated list of values is
 281  * equivalent to multiple headers.
 282  */
 283 static const struct sip_header ct_sip_hdrs[] = {
 284         [SIP_HDR_CSEQ]                  = SIP_HDR("CSeq", NULL, NULL, digits_len),
 285         [SIP_HDR_FROM]                  = SIP_HDR("From", "f", "sip:", skp_epaddr_len),
 286         [SIP_HDR_TO]                    = SIP_HDR("To", "t", "sip:", skp_epaddr_len),
 287         [SIP_HDR_CONTACT]               = SIP_HDR("Contact", "m", "sip:", skp_epaddr_len),
 288         [SIP_HDR_VIA]                   = SIP_HDR("Via", "v", "UDP ", epaddr_len),
 289         [SIP_HDR_EXPIRES]               = SIP_HDR("Expires", NULL, NULL, digits_len),
 290         [SIP_HDR_CONTENT_LENGTH]        = SIP_HDR("Content-Length", "l", NULL, digits_len),
 291 };
 292
 293 static const char *sip_follow_continuation(const char *dptr, const char *limit)
 294 {
 295         /* Walk past newline */
 296         if (++dptr >= limit)
 297                 return NULL;
 298
 299         /* Skip '\n' in CR LF */
 300         if (*(dptr - 1) == '\r' && *dptr == '\n') {
 301                 if (++dptr >= limit)
 302                         return NULL;
 303         }
 304
 305         /* Continuation line? */
 306         if (*dptr != ' ' && *dptr != '\t')
 307                 return NULL;
 308
 309         /* skip leading whitespace */
 310         for (; dptr < limit; dptr++) {
 311                 if (*dptr != ' ' && *dptr != '\t')
 312                         break;
 313         }
 314         return dptr;
 315 }
 316
 317 static const char *sip_skip_whitespace(const char *dptr, const char *limit)
 318 {
 319         for (; dptr < limit; dptr++) {
 320                 if (*dptr == ' ')
 321                         continue;
 322                 if (*dptr != '\r' && *dptr != '\n')
 323                         break;
 324                 dptr = sip_follow_continuation(dptr, limit);
 325                 if (dptr == NULL)
 326                         return NULL;
 327         }
 328         return dptr;
 329 }
 330
 331 /* Search within a SIP header value, dealing with continuation lines */
 332 static const char *ct_sip_header_search(const char *dptr, const char *limit,
 333                                         const char *needle, unsigned int len)
 334 {
 335         for (limit -= len; dptr < limit; dptr++) {
 336                 if (*dptr == '\r' || *dptr == '\n') {
 337                         dptr = sip_follow_continuation(dptr, limit);
 338                         if (dptr == NULL)
 339                                 break;
 340                         continue;
 341                 }
 342
 343                 if (strnicmp(dptr, needle, len) == 0)
 344                         return dptr;
 345         }
 346         return NULL;
 347 }
 348
 349 int ct_sip_get_header(const struct nf_conn *ct, const char *dptr,
 350                       unsigned int dataoff, unsigned int datalen,
 351                       enum sip_header_types type,
 352                       unsigned int *matchoff, unsigned int *matchlen)
 353 {
 354         const struct sip_header *hdr = &ct_sip_hdrs[type];
 355         const char *start = dptr, *limit = dptr + datalen;
 356         int shift = 0;
 357
 358         for (dptr += dataoff; dptr < limit; dptr++) {
 359                 /* Find beginning of line */
 360                 if (*dptr != '\r' && *dptr != '\n')
 361                         continue;
 362                 if (++dptr >= limit)
 363                         break;
 364                 if (*(dptr - 1) == '\r' && *dptr == '\n') {
 365                         if (++dptr >= limit)
 366                                 break;
 367                 }
 368
 369                 /* Skip continuation lines */
 370                 if (*dptr == ' ' || *dptr == '\t')
 371                         continue;
 372
 373                 /* Find header. Compact headers must be followed by a
 374                  * non-alphabetic character to avoid mismatches. */
 375                 if (limit - dptr >= hdr->len &&
 376                     strnicmp(dptr, hdr->name, hdr->len) == 0)
 377                         dptr += hdr->len;
 378                 else if (hdr->cname && limit - dptr >= hdr->clen + 1 &&
 379                          strnicmp(dptr, hdr->cname, hdr->clen) == 0 &&
 380                          !isalpha(*(dptr + hdr->clen)))
 381                         dptr += hdr->clen;
 382                 else
 383                         continue;
 384
 385                 /* Find and skip colon */
 386                 dptr = sip_skip_whitespace(dptr, limit);
 387                 if (dptr == NULL)
 388                         break;
 389                 if (*dptr != ':' || ++dptr >= limit)
 390                         break;
 391
 392                 /* Skip whitespace after colon */
 393                 dptr = sip_skip_whitespace(dptr, limit);
 394                 if (dptr == NULL)
 395                         break;
 396
 397                 *matchoff = dptr - start;
 398                 if (hdr->search) {
 399                         dptr = ct_sip_header_search(dptr, limit, hdr->search,
 400                                                     hdr->slen);
 401                         if (!dptr)
 402                                 return -1;
 403                         dptr += hdr->slen;
 404                 }
 405
 406                 *matchlen = hdr->match_len(ct, dptr, limit, &shift);
 407                 if (!*matchlen)
 408                         return -1;
 409                 *matchoff = dptr - start + shift;
 410                 return 1;
 411         }
 412         return 0;
 413 }
 414 EXPORT_SYMBOL_GPL(ct_sip_get_header);
 415
 416 /* Get next header field in a list of comma seperated values */
 417 static int ct_sip_next_header(const struct nf_conn *ct, const char *dptr,
 418                               unsigned int dataoff, unsigned int datalen,
 419                               enum sip_header_types type,
 420                               unsigned int *matchoff, unsigned int *matchlen)
 421 {
 422         const struct sip_header *hdr = &ct_sip_hdrs[type];
 423         const char *start = dptr, *limit = dptr + datalen;
 424         int shift = 0;
 425
 426         dptr += dataoff;
 427
 428         dptr = ct_sip_header_search(dptr, limit, ",", strlen(","));
 429         if (!dptr)
 430                 return 0;
 431
 432         dptr = ct_sip_header_search(dptr, limit, hdr->search, hdr->slen);
 433         if (!dptr)
 434                 return 0;
 435         dptr += hdr->slen;
 436
 437         *matchoff = dptr - start;
 438         *matchlen = hdr->match_len(ct, dptr, limit, &shift);
 439         if (!*matchlen)
 440                 return -1;
 441         *matchoff += shift;
 442         return 1;
 443 }
 444
 445 /* Walk through headers until a parsable one is found or no header of the
 446  * given type is left. */
 447 static int ct_sip_walk_headers(const struct nf_conn *ct, const char *dptr,
 448                                unsigned int dataoff, unsigned int datalen,
 449                                enum sip_header_types type, int *in_header,
 450                                unsigned int *matchoff, unsigned int *matchlen)
 451 {
 452         int ret;
 453
 454         if (in_header && *in_header) {
 455                 while (1) {
 456                         ret = ct_sip_next_header(ct, dptr, dataoff, datalen,
 457                                                  type, matchoff, matchlen);
 458                         if (ret > 0)
 459                                 return ret;
 460                         if (ret == 0)
 461                                 break;
 462                         dataoff += *matchoff;
 463                 }
 464                 *in_header = 0;
 465         }
 466
 467         while (1) {
 468                 ret = ct_sip_get_header(ct, dptr, dataoff, datalen,
 469                                         type, matchoff, matchlen);
 470                 if (ret > 0)
 471                         break;
 472                 if (ret == 0)
 473                         return ret;
 474                 dataoff += *matchoff;
 475         }
 476
 477         if (in_header)
 478                 *in_header = 1;
 479         return 1;
 480 }
 481
 482 /* Locate a SIP header, parse the URI and return the offset and length of
 483  * the address as well as the address and port themselves. A stream of
 484  * headers can be parsed by handing in a non-NULL datalen and in_header
 485  * pointer.
 486  */
 487 int ct_sip_parse_header_uri(const struct nf_conn *ct, const char *dptr,
 488                             unsigned int *dataoff, unsigned int datalen,
 489                             enum sip_header_types type, int *in_header,
 490                             unsigned int *matchoff, unsigned int *matchlen,
 491                             union nf_inet_addr *addr, __be16 *port)
 492 {
 493         const char *c, *limit = dptr + datalen;
 494         unsigned int p;
 495         int ret;
 496
 497         ret = ct_sip_walk_headers(ct, dptr, dataoff ? *dataoff : 0, datalen,
 498                                   type, in_header, matchoff, matchlen);
 499         WARN_ON(ret < 0);
 500         if (ret == 0)
 501                 return ret;
 502
 503         if (!parse_addr(ct, dptr + *matchoff, &c, addr, limit))
 504                 return -1;
 505         if (*c == ':') {
 506                 c++;
 507                 p = simple_strtoul(c, (char **)&c, 10);
 508                 if (p < 1024 || p > 65535)
 509                         return -1;
 510                 *port = htons(p);
 511         } else
 512                 *port = htons(SIP_PORT);
 513
 514         if (dataoff)
 515                 *dataoff = c - dptr;
 516         return 1;
 517 }
 518 EXPORT_SYMBOL_GPL(ct_sip_parse_header_uri);
 519
 520 /* Parse address from header parameter and return address, offset and length */
 521 int ct_sip_parse_address_param(const struct nf_conn *ct, const char *dptr,
 522                                unsigned int dataoff, unsigned int datalen,
 523                                const char *name,
 524                                unsigned int *matchoff, unsigned int *matchlen,
 525                                union nf_inet_addr *addr)
 526 {
 527         const char *limit = dptr + datalen;
 528         const char *start, *end;
 529
 530         limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(","));
 531         if (!limit)
 532                 limit = dptr + datalen;
 533
 534         start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name));
 535         if (!start)
 536                 return 0;
 537
 538         start += strlen(name);
 539         if (!parse_addr(ct, start, &end, addr, limit))
 540                 return 0;
 541         *matchoff = start - dptr;
 542         *matchlen = end - start;
 543         return 1;
 544 }
 545 EXPORT_SYMBOL_GPL(ct_sip_parse_address_param);
 546
 547 /* Parse numerical header parameter and return value, offset and length */
 548 int ct_sip_parse_numerical_param(const struct nf_conn *ct, const char *dptr,
 549                                  unsigned int dataoff, unsigned int datalen,
 550                                  const char *name,
 551                                  unsigned int *matchoff, unsigned int *matchlen,
 552                                  unsigned int *val)
 553 {
 554         const char *limit = dptr + datalen;
 555         const char *start;
 556         char *end;
 557
 558         limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(","));
 559         if (!limit)
 560                 limit = dptr + datalen;
 561
 562         start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name));
 563         if (!start)
 564                 return 0;
 565
 566         start += strlen(name);
 567         *val = simple_strtoul(start, &end, 0);
 568         if (start == end)
 569                 return 0;
 570         if (matchoff && matchlen) {
 571                 *matchoff = start - dptr;
 572                 *matchlen = end - start;
 573         }
 574         return 1;
 575 }
 576 EXPORT_SYMBOL_GPL(ct_sip_parse_numerical_param);
 577
 578 /* SDP header parsing: a SDP session description contains an ordered set of
 579  * headers, starting with a section containing general session parameters,
 580  * optionally followed by multiple media descriptions.
 581  *
 582  * SDP headers always start at the beginning of a line. According to RFC 2327:
 583  * "The sequence CRLF (0x0d0a) is used to end a record, although parsers should
 584  * be tolerant and also accept records terminated with a single newline
 585  * character". We handle both cases.
 586  */
 587 static const struct sip_header ct_sdp_hdrs[] = {
 588         [SDP_HDR_VERSION]               = SDP_HDR("v=", NULL, digits_len),
 589         [SDP_HDR_OWNER_IP4]             = SDP_HDR("o=", "IN IP4 ", epaddr_len),
 590         [SDP_HDR_CONNECTION_IP4]        = SDP_HDR("c=", "IN IP4 ", epaddr_len),
 591         [SDP_HDR_OWNER_IP6]             = SDP_HDR("o=", "IN IP6 ", epaddr_len),
 592         [SDP_HDR_CONNECTION_IP6]        = SDP_HDR("c=", "IN IP6 ", epaddr_len),
 593         [SDP_HDR_MEDIA]                 = SDP_HDR("m=", NULL, media_len),
 594 };
 595
 596 /* Linear string search within SDP header values */
 597 static const char *ct_sdp_header_search(const char *dptr, const char *limit,
 598                                         const char *needle, unsigned int len)
 599 {
 600         for (limit -= len; dptr < limit; dptr++) {
 601                 if (*dptr == '\r' || *dptr == '\n')
 602                         break;
 603                 if (strncmp(dptr, needle, len) == 0)
 604                         return dptr;
 605         }
 606         return NULL;
 607 }
 608
 609 /* Locate a SDP header (optionally a substring within the header value),
 610  * optionally stopping at the first occurence of the term header, parse
 611  * it and return the offset and length of the data we're interested in.
 612  */
 613 int ct_sip_get_sdp_header(const struct nf_conn *ct, const char *dptr,
 614                           unsigned int dataoff, unsigned int datalen,
 615                           enum sdp_header_types type,
 616                           enum sdp_header_types term,
 617                           unsigned int *matchoff, unsigned int *matchlen)
 618 {
 619         const struct sip_header *hdr = &ct_sdp_hdrs[type];
 620         const struct sip_header *thdr = &ct_sdp_hdrs[term];
 621         const char *start = dptr, *limit = dptr + datalen;
 622         int shift = 0;
 623
 624         for (dptr += dataoff; dptr < limit; dptr++) {
 625                 /* Find beginning of line */
 626                 if (*dptr != '\r' && *dptr != '\n')
 627                         continue;
 628                 if (++dptr >= limit)
 629                         break;
 630                 if (*(dptr - 1) == '\r' && *dptr == '\n') {
 631                         if (++dptr >= limit)
 632                                 break;
 633                 }
 634
 635                 if (term != SDP_HDR_UNSPEC &&
 636                     limit - dptr >= thdr->len &&
 637                     strnicmp(dptr, thdr->name, thdr->len) == 0)
 638                         break;
 639                 else if (limit - dptr >= hdr->len &&
 640                          strnicmp(dptr, hdr->name, hdr->len) == 0)
 641                         dptr += hdr->len;
 642                 else
 643                         continue;
 644
 645                 *matchoff = dptr - start;
 646                 if (hdr->search) {
 647                         dptr = ct_sdp_header_search(dptr, limit, hdr->search,
 648                                                     hdr->slen);
 649                         if (!dptr)
 650                                 return -1;
 651                         dptr += hdr->slen;
 652                 }
 653
 654                 *matchlen = hdr->match_len(ct, dptr, limit, &shift);
 655                 if (!*matchlen)
 656                         return -1;
 657                 *matchoff = dptr - start + shift;
 658                 return 1;
 659         }
 660         return 0;
 661 }
 662 EXPORT_SYMBOL_GPL(ct_sip_get_sdp_header);
 663
 664 static int ct_sip_parse_sdp_addr(const struct nf_conn *ct, const char *dptr,
 665                                  unsigned int dataoff, unsigned int datalen,
 666                                  enum sdp_header_types type,
 667                                  enum sdp_header_types term,
 668                                  unsigned int *matchoff, unsigned int *matchlen,
 669                                  union nf_inet_addr *addr)
 670 {
 671         int ret;
 672
 673         ret = ct_sip_get_sdp_header(ct, dptr, dataoff, datalen, type, term,
 674                                     matchoff, matchlen);
 675         if (ret <= 0)
 676                 return ret;
 677
 678         if (!parse_addr(ct, dptr + *matchoff, NULL, addr,
 679                         dptr + *matchoff + *matchlen))
 680                 return -1;
 681         return 1;
 682 }
 683
 684 static int refresh_signalling_expectation(struct nf_conn *ct,
 685                                           union nf_inet_addr *addr,
 686                                           __be16 port,
 687                                           unsigned int expires)
 688 {
 689         struct nf_conn_help *help = nfct_help(ct);
 690         struct nf_conntrack_expect *exp;
 691         struct hlist_node *n, *next;
 692         int found = 0;
 693
 694         spin_lock_bh(&nf_conntrack_lock);
 695         hlist_for_each_entry_safe(exp, n, next, &help->expectations, lnode) {
 696                 if (exp->class != SIP_EXPECT_SIGNALLING ||
 697                     !nf_inet_addr_cmp(&exp->tuple.dst.u3, addr) ||
 698                     exp->tuple.dst.u.udp.port != port)
 699                         continue;
 700                 if (!del_timer(&exp->timeout))
 701                         continue;
 702                 exp->flags &= ~NF_CT_EXPECT_INACTIVE;
 703                 exp->timeout.expires = jiffies + expires * HZ;
 704                 add_timer(&exp->timeout);
 705                 found = 1;
 706                 break;
 707         }
 708         spin_unlock_bh(&nf_conntrack_lock);
 709         return found;
 710 }
 711
 712 static void flush_expectations(struct nf_conn *ct, bool media)
 713 {
 714         struct nf_conn_help *help = nfct_help(ct);
 715         struct nf_conntrack_expect *exp;
 716         struct hlist_node *n, *next;
 717
 718         spin_lock_bh(&nf_conntrack_lock);
 719         hlist_for_each_entry_safe(exp, n, next, &help->expectations, lnode) {
 720                 if ((exp->class != SIP_EXPECT_SIGNALLING) ^ media)
 721                         continue;
 722                 if (!del_timer(&exp->timeout))
 723                         continue;
 724                 nf_ct_unlink_expect(exp);
 725                 nf_ct_expect_put(exp);
 726                 if (!media)
 727                         break;
 728         }
 729         spin_unlock_bh(&nf_conntrack_lock);
 730 }
 731
 732 static int set_expected_rtp_rtcp(struct sk_buff *skb,
 733                                  const char **dptr, unsigned int *datalen,
 734                                  union nf_inet_addr *daddr, __be16 port,
 735                                  enum sip_expectation_classes class,
 736                                  unsigned int mediaoff, unsigned int medialen)
 737 {
 738         struct nf_conntrack_expect *exp, *rtp_exp, *rtcp_exp;
 739         enum ip_conntrack_info ctinfo;
 740         struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
 741         struct net *net = nf_ct_net(ct);
 742         enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
 743         union nf_inet_addr *saddr;
 744         struct nf_conntrack_tuple tuple;
 745         int direct_rtp = 0, skip_expect = 0, ret = NF_DROP;
 746         u_int16_t base_port;
 747         __be16 rtp_port, rtcp_port;
 748         typeof(nf_nat_sdp_port_hook) nf_nat_sdp_port;
 749         typeof(nf_nat_sdp_media_hook) nf_nat_sdp_media;
 750
 751         saddr = NULL;
 752         if (sip_direct_media) {
 753                 if (!nf_inet_addr_cmp(daddr, &ct->tuplehash[dir].tuple.src.u3))
 754                         return NF_ACCEPT;
 755                 saddr = &ct->tuplehash[!dir].tuple.src.u3;
 756         }
 757
 758         /* We need to check whether the registration exists before attempting
 759          * to register it since we can see the same media description multiple
 760          * times on different connections in case multiple endpoints receive
 761          * the same call.
 762          *
 763          * RTP optimization: if we find a matching media channel expectation
 764          * and both the expectation and this connection are SNATed, we assume
 765          * both sides can reach each other directly and use the final
 766          * destination address from the expectation. We still need to keep
 767          * the NATed expectations for media that might arrive from the
 768          * outside, and additionally need to expect the direct RTP stream
 769          * in case it passes through us even without NAT.
 770          */
 771         memset(&tuple, 0, sizeof(tuple));
 772         if (saddr)
 773                 tuple.src.u3 = *saddr;
 774         tuple.src.l3num         = nf_ct_l3num(ct);
 775         tuple.dst.protonum      = IPPROTO_UDP;
 776         tuple.dst.u3            = *daddr;
 777         tuple.dst.u.udp.port    = port;
 778
 779         rcu_read_lock();
 780         do {
 781                 exp = __nf_ct_expect_find(net, &tuple);
 782
 783                 if (!exp || exp->master == ct ||
 784                     nfct_help(exp->master)->helper != nfct_help(ct)->helper ||
 785                     exp->class != class)
 786                         break;
 787 #ifdef CONFIG_NF_NAT_NEEDED
 788                 if (exp->tuple.src.l3num == AF_INET && !direct_rtp &&
 789                     (exp->saved_ip != exp->tuple.dst.u3.ip ||
 790                      exp->saved_proto.udp.port != exp->tuple.dst.u.udp.port) &&
 791                     ct->status & IPS_NAT_MASK) {
 792                         daddr->ip               = exp->saved_ip;
 793                         tuple.dst.u3.ip         = exp->saved_ip;
 794                         tuple.dst.u.udp.port    = exp->saved_proto.udp.port;
 795                         direct_rtp = 1;
 796                 } else
 797 #endif
 798                         skip_expect = 1;
 799         } while (!skip_expect);
 800         rcu_read_unlock();
 801
 802         base_port = ntohs(tuple.dst.u.udp.port) & ~1;
 803         rtp_port = htons(base_port);
 804         rtcp_port = htons(base_port + 1);
 805
 806         if (direct_rtp) {
 807                 nf_nat_sdp_port = rcu_dereference(nf_nat_sdp_port_hook);
 808                 if (nf_nat_sdp_port &&
 809                     !nf_nat_sdp_port(skb, dptr, datalen,
 810                                      mediaoff, medialen, ntohs(rtp_port)))
 811                         goto err1;
 812         }
 813
 814         if (skip_expect)
 815                 return NF_ACCEPT;
 816
 817         rtp_exp = nf_ct_expect_alloc(ct);
 818         if (rtp_exp == NULL)
 819                 goto err1;
 820         nf_ct_expect_init(rtp_exp, class, nf_ct_l3num(ct), saddr, daddr,
 821                           IPPROTO_UDP, NULL, &rtp_port);
 822
 823         rtcp_exp = nf_ct_expect_alloc(ct);
 824         if (rtcp_exp == NULL)
 825                 goto err2;
 826         nf_ct_expect_init(rtcp_exp, class, nf_ct_l3num(ct), saddr, daddr,
 827                           IPPROTO_UDP, NULL, &rtcp_port);
 828
 829         nf_nat_sdp_media = rcu_dereference(nf_nat_sdp_media_hook);
 830         if (nf_nat_sdp_media && ct->status & IPS_NAT_MASK && !direct_rtp)
 831                 ret = nf_nat_sdp_media(skb, dptr, datalen, rtp_exp, rtcp_exp,
 832                                        mediaoff, medialen, daddr);
 833         else {
 834                 if (nf_ct_expect_related(rtp_exp) == 0) {
 835                         if (nf_ct_expect_related(rtcp_exp) != 0)
 836                                 nf_ct_unexpect_related(rtp_exp);
 837                         else
 838                                 ret = NF_ACCEPT;
 839                 }
 840         }
 841         nf_ct_expect_put(rtcp_exp);
 842 err2:
 843         nf_ct_expect_put(rtp_exp);
 844 err1:
 845         return ret;
 846 }
 847
 848 static const struct sdp_media_type sdp_media_types[] = {
 849         SDP_MEDIA_TYPE("audio ", SIP_EXPECT_AUDIO),
 850         SDP_MEDIA_TYPE("video ", SIP_EXPECT_VIDEO),
 851 };
 852
 853 static const struct sdp_media_type *sdp_media_type(const char *dptr,
 854                                                    unsigned int matchoff,
 855                                                    unsigned int matchlen)
 856 {
 857         const struct sdp_media_type *t;
 858         unsigned int i;
 859
 860         for (i = 0; i < ARRAY_SIZE(sdp_media_types); i++) {
 861                 t = &sdp_media_types[i];
 862                 if (matchlen < t->len ||
 863                     strncmp(dptr + matchoff, t->name, t->len))
 864                         continue;
 865                 return t;
 866         }
 867         return NULL;
 868 }
 869
 870 static int process_sdp(struct sk_buff *skb,
 871                        const char **dptr, unsigned int *datalen,
 872                        unsigned int cseq)
 873 {
 874         enum ip_conntrack_info ctinfo;
 875         struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
 876         struct nf_conn_help *help = nfct_help(ct);
 877         unsigned int matchoff, matchlen;
 878         unsigned int mediaoff, medialen;
 879         unsigned int sdpoff;
 880         unsigned int caddr_len, maddr_len;
 881         unsigned int i;
 882         union nf_inet_addr caddr, maddr, rtp_addr;
 883         unsigned int port;
 884         enum sdp_header_types c_hdr;
 885         const struct sdp_media_type *t;
 886         int ret = NF_ACCEPT;
 887         typeof(nf_nat_sdp_addr_hook) nf_nat_sdp_addr;
 888         typeof(nf_nat_sdp_session_hook) nf_nat_sdp_session;
 889
 890         nf_nat_sdp_addr = rcu_dereference(nf_nat_sdp_addr_hook);
 891         c_hdr = nf_ct_l3num(ct) == AF_INET ? SDP_HDR_CONNECTION_IP4 :
 892                                              SDP_HDR_CONNECTION_IP6;
 893
 894         /* Find beginning of session description */
 895         if (ct_sip_get_sdp_header(ct, *dptr, 0, *datalen,
 896                                   SDP_HDR_VERSION, SDP_HDR_UNSPEC,
 897                                   &matchoff, &matchlen) <= 0)
 898                 return NF_ACCEPT;
 899         sdpoff = matchoff;
 900
 901         /* The connection information is contained in the session description
 902          * and/or once per media description. The first media description marks
 903          * the end of the session description. */
 904         caddr_len = 0;
 905         if (ct_sip_parse_sdp_addr(ct, *dptr, sdpoff, *datalen,
 906                                   c_hdr, SDP_HDR_MEDIA,
 907                                   &matchoff, &matchlen, &caddr) > 0)
 908                 caddr_len = matchlen;
 909
 910         mediaoff = sdpoff;
 911         for (i = 0; i < ARRAY_SIZE(sdp_media_types); ) {
 912                 if (ct_sip_get_sdp_header(ct, *dptr, mediaoff, *datalen,
 913                                           SDP_HDR_MEDIA, SDP_HDR_UNSPEC,
 914                                           &mediaoff, &medialen) <= 0)
 915                         break;
 916
 917                 /* Get media type and port number. A media port value of zero
 918                  * indicates an inactive stream. */
 919                 t = sdp_media_type(*dptr, mediaoff, medialen);
 920                 if (!t) {
 921                         mediaoff += medialen;
 922                         continue;
 923                 }
 924                 mediaoff += t->len;
 925                 medialen -= t->len;
 926
 927                 port = simple_strtoul(*dptr + mediaoff, NULL, 10);
 928                 if (port == 0)
 929                         continue;
 930                 if (port < 1024 || port > 65535)
 931                         return NF_DROP;
 932
 933                 /* The media description overrides the session description. */
 934                 maddr_len = 0;
 935                 if (ct_sip_parse_sdp_addr(ct, *dptr, mediaoff, *datalen,
 936                                           c_hdr, SDP_HDR_MEDIA,
 937                                           &matchoff, &matchlen, &maddr) > 0) {
 938                         maddr_len = matchlen;
 939                         memcpy(&rtp_addr, &maddr, sizeof(rtp_addr));
 940                 } else if (caddr_len)
 941                         memcpy(&rtp_addr, &caddr, sizeof(rtp_addr));
 942                 else
 943                         return NF_DROP;
 944
 945                 ret = set_expected_rtp_rtcp(skb, dptr, datalen,
 946                                             &rtp_addr, htons(port), t->class,
 947                                             mediaoff, medialen);
 948                 if (ret != NF_ACCEPT)
 949                         return ret;
 950
 951                 /* Update media connection address if present */
 952                 if (maddr_len && nf_nat_sdp_addr && ct->status & IPS_NAT_MASK) {
 953                         ret = nf_nat_sdp_addr(skb, dptr, mediaoff, datalen,
 954                                               c_hdr, SDP_HDR_MEDIA, &rtp_addr);
 955                         if (ret != NF_ACCEPT)
 956                                 return ret;
 957                 }
 958                 i++;
 959         }
 960
 961         /* Update session connection and owner addresses */
 962         nf_nat_sdp_session = rcu_dereference(nf_nat_sdp_session_hook);
 963         if (nf_nat_sdp_session && ct->status & IPS_NAT_MASK)
 964                 ret = nf_nat_sdp_session(skb, dptr, sdpoff, datalen, &rtp_addr);
 965
 966         if (ret == NF_ACCEPT && i > 0)
 967                 help->help.ct_sip_info.invite_cseq = cseq;
 968
 969         return ret;
 970 }
 971 static int process_invite_response(struct sk_buff *skb,
 972                                    const char **dptr, unsigned int *datalen,
 973                                    unsigned int cseq, unsigned int code)
 974 {
 975         enum ip_conntrack_info ctinfo;
 976         struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
 977         struct nf_conn_help *help = nfct_help(ct);
 978
 979         if ((code >= 100 && code <= 199) ||
 980             (code >= 200 && code <= 299))
 981                 return process_sdp(skb, dptr, datalen, cseq);
 982         else if (help->help.ct_sip_info.invite_cseq == cseq)
 983                 flush_expectations(ct, true);
 984         return NF_ACCEPT;
 985 }
 986
 987 static int process_update_response(struct sk_buff *skb,
 988                                    const char **dptr, unsigned int *datalen,
 989                                    unsigned int cseq, unsigned int code)
 990 {
 991         enum ip_conntrack_info ctinfo;
 992         struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
 993         struct nf_conn_help *help = nfct_help(ct);
 994
 995         if ((code >= 100 && code <= 199) ||
 996             (code >= 200 && code <= 299))
 997                 return process_sdp(skb, dptr, datalen, cseq);
 998         else if (help->help.ct_sip_info.invite_cseq == cseq)
 999                 flush_expectations(ct, true);
1000         return NF_ACCEPT;
1001 }
1002
1003 static int process_prack_response(struct sk_buff *skb,
1004                                   const char **dptr, unsigned int *datalen,
1005                                   unsigned int cseq, unsigned int code)
1006 {
1007         enum ip_conntrack_info ctinfo;
1008         struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1009         struct nf_conn_help *help = nfct_help(ct);
1010
1011         if ((code >= 100 && code <= 199) ||
1012             (code >= 200 && code <= 299))
1013                 return process_sdp(skb, dptr, datalen, cseq);
1014         else if (help->help.ct_sip_info.invite_cseq == cseq)
1015                 flush_expectations(ct, true);
1016         return NF_ACCEPT;
1017 }
1018
1019 static int process_bye_request(struct sk_buff *skb,
1020                                const char **dptr, unsigned int *datalen,
1021                                unsigned int cseq)
1022 {
1023         enum ip_conntrack_info ctinfo;
1024         struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1025
1026         flush_expectations(ct, true);
1027         return NF_ACCEPT;
1028 }
1029
1030 /* Parse a REGISTER request and create a permanent expectation for incoming
1031  * signalling connections. The expectation is marked inactive and is activated
1032  * when receiving a response indicating success from the registrar.
1033  */
1034 static int process_register_request(struct sk_buff *skb,
1035                                     const char **dptr, unsigned int *datalen,
1036                                     unsigned int cseq)
1037 {
1038         enum ip_conntrack_info ctinfo;
1039         struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1040         struct nf_conn_help *help = nfct_help(ct);
1041         enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
1042         unsigned int matchoff, matchlen;
1043         struct nf_conntrack_expect *exp;
1044         union nf_inet_addr *saddr, daddr;
1045         __be16 port;
1046         unsigned int expires = 0;
1047         int ret;
1048         typeof(nf_nat_sip_expect_hook) nf_nat_sip_expect;
1049
1050         /* Expected connections can not register again. */
1051         if (ct->status & IPS_EXPECTED)
1052                 return NF_ACCEPT;
1053
1054         /* We must check the expiration time: a value of zero signals the
1055          * registrar to release the binding. We'll remove our expectation
1056          * when receiving the new bindings in the response, but we don't
1057          * want to create new ones.
1058          *
1059          * The expiration time may be contained in Expires: header, the
1060          * Contact: header parameters or the URI parameters.
1061          */
1062         if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_EXPIRES,
1063                               &matchoff, &matchlen) > 0)
1064                 expires = simple_strtoul(*dptr + matchoff, NULL, 10);
1065
1066         ret = ct_sip_parse_header_uri(ct, *dptr, NULL, *datalen,
1067                                       SIP_HDR_CONTACT, NULL,
1068                                       &matchoff, &matchlen, &daddr, &port);
1069         if (ret < 0)
1070                 return NF_DROP;
1071         else if (ret == 0)
1072                 return NF_ACCEPT;
1073
1074         /* We don't support third-party registrations */
1075         if (!nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.src.u3, &daddr))
1076                 return NF_ACCEPT;
1077
1078         if (ct_sip_parse_numerical_param(ct, *dptr,
1079                                          matchoff + matchlen, *datalen,
1080                                          "expires=", NULL, NULL, &expires) < 0)
1081                 return NF_DROP;
1082
1083         if (expires == 0) {
1084                 ret = NF_ACCEPT;
1085                 goto store_cseq;
1086         }
1087
1088         exp = nf_ct_expect_alloc(ct);
1089         if (!exp)
1090                 return NF_DROP;
1091
1092         saddr = NULL;
1093         if (sip_direct_signalling)
1094                 saddr = &ct->tuplehash[!dir].tuple.src.u3;
1095
1096         nf_ct_expect_init(exp, SIP_EXPECT_SIGNALLING, nf_ct_l3num(ct),
1097                           saddr, &daddr, IPPROTO_UDP, NULL, &port);
1098         exp->timeout.expires = sip_timeout * HZ;
1099         exp->helper = nfct_help(ct)->helper;
1100         exp->flags = NF_CT_EXPECT_PERMANENT | NF_CT_EXPECT_INACTIVE;
1101
1102         nf_nat_sip_expect = rcu_dereference(nf_nat_sip_expect_hook);
1103         if (nf_nat_sip_expect && ct->status & IPS_NAT_MASK)
1104                 ret = nf_nat_sip_expect(skb, dptr, datalen, exp,
1105                                         matchoff, matchlen);
1106         else {
1107                 if (nf_ct_expect_related(exp) != 0)
1108                         ret = NF_DROP;
1109                 else
1110                         ret = NF_ACCEPT;
1111         }
1112         nf_ct_expect_put(exp);
1113
1114 store_cseq:
1115         if (ret == NF_ACCEPT)
1116                 help->help.ct_sip_info.register_cseq = cseq;
1117         return ret;
1118 }
1119
1120 static int process_register_response(struct sk_buff *skb,
1121                                      const char **dptr, unsigned int *datalen,
1122                                      unsigned int cseq, unsigned int code)
1123 {
1124         enum ip_conntrack_info ctinfo;
1125         struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1126         struct nf_conn_help *help = nfct_help(ct);
1127         enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
1128         union nf_inet_addr addr;
1129         __be16 port;
1130         unsigned int matchoff, matchlen, dataoff = 0;
1131         unsigned int expires = 0;
1132         int in_contact = 0, ret;
1133
1134         /* According to RFC 3261, "UAs MUST NOT send a new registration until
1135          * they have received a final response from the registrar for the
1136          * previous one or the previous REGISTER request has timed out".
1137          *
1138          * However, some servers fail to detect retransmissions and send late
1139          * responses, so we store the sequence number of the last valid
1140          * request and compare it here.
1141          */
1142         if (help->help.ct_sip_info.register_cseq != cseq)
1143                 return NF_ACCEPT;
1144
1145         if (code >= 100 && code <= 199)
1146                 return NF_ACCEPT;
1147         if (code < 200 || code > 299)
1148                 goto flush;
1149
1150         if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_EXPIRES,
1151                               &matchoff, &matchlen) > 0)
1152                 expires = simple_strtoul(*dptr + matchoff, NULL, 10);
1153
1154         while (1) {
1155                 unsigned int c_expires = expires;
1156
1157                 ret = ct_sip_parse_header_uri(ct, *dptr, &dataoff, *datalen,
1158                                               SIP_HDR_CONTACT, &in_contact,
1159                                               &matchoff, &matchlen,
1160                                               &addr, &port);
1161                 if (ret < 0)
1162                         return NF_DROP;
1163                 else if (ret == 0)
1164                         break;
1165
1166                 /* We don't support third-party registrations */
1167                 if (!nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.dst.u3, &addr))
1168                         continue;
1169
1170                 ret = ct_sip_parse_numerical_param(ct, *dptr,
1171                                                    matchoff + matchlen,
1172                                                    *datalen, "expires=",
1173                                                    NULL, NULL, &c_expires);
1174                 if (ret < 0)
1175                         return NF_DROP;
1176                 if (c_expires == 0)
1177                         break;
1178                 if (refresh_signalling_expectation(ct, &addr, port, c_expires))
1179                         return NF_ACCEPT;
1180         }
1181
1182 flush:
1183         flush_expectations(ct, false);
1184         return NF_ACCEPT;
1185 }
1186
1187 static const struct sip_handler sip_handlers[] = {
1188         SIP_HANDLER("INVITE", process_sdp, process_invite_response),
1189         SIP_HANDLER("UPDATE", process_sdp, process_update_response),
1190         SIP_HANDLER("ACK", process_sdp, NULL),
1191         SIP_HANDLER("PRACK", process_sdp, process_prack_response),
1192         SIP_HANDLER("BYE", process_bye_request, NULL),
1193         SIP_HANDLER("REGISTER", process_register_request, process_register_response),
1194 };
1195
1196 static int process_sip_response(struct sk_buff *skb,
1197                                 const char **dptr, unsigned int *datalen)
1198 {
1199         enum ip_conntrack_info ctinfo;
1200         struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1201         unsigned int matchoff, matchlen;
1202         unsigned int code, cseq, dataoff, i;
1203
1204         if (*datalen < strlen("SIP/2.0 200"))
1205                 return NF_ACCEPT;
1206         code = simple_strtoul(*dptr + strlen("SIP/2.0 "), NULL, 10);
1207         if (!code)
1208                 return NF_DROP;
1209
1210         if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_CSEQ,
1211                               &matchoff, &matchlen) <= 0)
1212                 return NF_DROP;
1213         cseq = simple_strtoul(*dptr + matchoff, NULL, 10);
1214         if (!cseq)
1215                 return NF_DROP;
1216         dataoff = matchoff + matchlen + 1;
1217
1218         for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) {
1219                 const struct sip_handler *handler;
1220
1221                 handler = &sip_handlers[i];
1222                 if (handler->response == NULL)
1223                         continue;
1224                 if (*datalen < dataoff + handler->len ||
1225                     strnicmp(*dptr + dataoff, handler->method, handler->len))
1226                         continue;
1227                 return handler->response(skb, dptr, datalen, cseq, code);
1228         }
1229         return NF_ACCEPT;
1230 }
1231
1232 static int process_sip_request(struct sk_buff *skb,
1233                                const char **dptr, unsigned int *datalen)
1234 {
1235         enum ip_conntrack_info ctinfo;
1236         struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1237         unsigned int matchoff, matchlen;
1238         unsigned int cseq, i;
1239
1240         for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) {
1241                 const struct sip_handler *handler;
1242
1243                 handler = &sip_handlers[i];
1244                 if (handler->request == NULL)
1245                         continue;
1246                 if (*datalen < handler->len ||
1247                     strnicmp(*dptr, handler->method, handler->len))
1248                         continue;
1249
1250                 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_CSEQ,
1251                                       &matchoff, &matchlen) <= 0)
1252                         return NF_DROP;
1253                 cseq = simple_strtoul(*dptr + matchoff, NULL, 10);
1254                 if (!cseq)
1255                         return NF_DROP;
1256
1257                 return handler->request(skb, dptr, datalen, cseq);
1258         }
1259         return NF_ACCEPT;
1260 }
1261
1262 static int sip_help(struct sk_buff *skb,
1263                     unsigned int protoff,
1264                     struct nf_conn *ct,
1265                     enum ip_conntrack_info ctinfo)
1266 {
1267         unsigned int dataoff, datalen;
1268         const char *dptr;
1269         int ret;
1270         typeof(nf_nat_sip_hook) nf_nat_sip;
1271
1272         /* No Data ? */
1273         dataoff = protoff + sizeof(struct udphdr);
1274         if (dataoff >= skb->len)
1275                 return NF_ACCEPT;
1276
1277         nf_ct_refresh(ct, skb, sip_timeout * HZ);
1278
1279         if (!skb_is_nonlinear(skb))
1280                 dptr = skb->data + dataoff;
1281         else {
1282                 pr_debug("Copy of skbuff not supported yet.\n");
1283                 return NF_ACCEPT;
1284         }
1285
1286         datalen = skb->len - dataoff;
1287         if (datalen < strlen("SIP/2.0 200"))
1288                 return NF_ACCEPT;
1289
1290         if (strnicmp(dptr, "SIP/2.0 ", strlen("SIP/2.0 ")) != 0)
1291                 ret = process_sip_request(skb, &dptr, &datalen);
1292         else
1293                 ret = process_sip_response(skb, &dptr, &datalen);
1294
1295         if (ret == NF_ACCEPT && ct->status & IPS_NAT_MASK) {
1296                 nf_nat_sip = rcu_dereference(nf_nat_sip_hook);
1297                 if (nf_nat_sip && !nf_nat_sip(skb, &dptr, &datalen))
1298                         ret = NF_DROP;
1299         }
1300
1301         return ret;
1302 }
1303
1304 static struct nf_conntrack_helper sip[MAX_PORTS][2] __read_mostly;
1305 static char sip_names[MAX_PORTS][2][sizeof("sip-65535")] __read_mostly;
1306
1307 static const struct nf_conntrack_expect_policy sip_exp_policy[SIP_EXPECT_MAX + 1] = {
1308         [SIP_EXPECT_SIGNALLING] = {
1309                 .name           = "signalling",
1310                 .max_expected   = 1,
1311                 .timeout        = 3 * 60,
1312         },
1313         [SIP_EXPECT_AUDIO] = {
1314                 .name           = "audio",
1315                 .max_expected   = 2 * IP_CT_DIR_MAX,
1316                 .timeout        = 3 * 60,
1317         },
1318         [SIP_EXPECT_VIDEO] = {
1319                 .name           = "video",
1320                 .max_expected   = 2 * IP_CT_DIR_MAX,
1321                 .timeout        = 3 * 60,
1322         },
1323 };
1324
1325 static void nf_conntrack_sip_fini(void)
1326 {
1327         int i, j;
1328
1329         for (i = 0; i < ports_c; i++) {
1330                 for (j = 0; j < 2; j++) {
1331                         if (sip[i][j].me == NULL)
1332                                 continue;
1333                         nf_conntrack_helper_unregister(&sip[i][j]);
1334                 }
1335         }
1336 }
1337
1338 static int __init nf_conntrack_sip_init(void)
1339 {
1340         int i, j, ret;
1341         char *tmpname;
1342
1343         if (ports_c == 0)
1344                 ports[ports_c++] = SIP_PORT;
1345
1346         for (i = 0; i < ports_c; i++) {
1347                 memset(&sip[i], 0, sizeof(sip[i]));
1348
1349                 sip[i][0].tuple.src.l3num = AF_INET;
1350                 sip[i][1].tuple.src.l3num = AF_INET6;
1351                 for (j = 0; j < 2; j++) {
1352                         sip[i][j].tuple.dst.protonum = IPPROTO_UDP;
1353                         sip[i][j].tuple.src.u.udp.port = htons(ports[i]);
1354                         sip[i][j].expect_policy = sip_exp_policy;
1355                         sip[i][j].expect_class_max = SIP_EXPECT_MAX;
1356                         sip[i][j].me = THIS_MODULE;
1357                         sip[i][j].help = sip_help;
1358
1359                         tmpname = &sip_names[i][j][0];
1360                         if (ports[i] == SIP_PORT)
1361                                 sprintf(tmpname, "sip");
1362                         else
1363                                 sprintf(tmpname, "sip-%u", i);
1364                         sip[i][j].name = tmpname;
1365
1366                         pr_debug("port #%u: %u\n", i, ports[i]);
1367
1368                         ret = nf_conntrack_helper_register(&sip[i][j]);
1369                         if (ret) {
1370                                 printk("nf_ct_sip: failed to register helper "
1371                                        "for pf: %u port: %u\n",
1372                                        sip[i][j].tuple.src.l3num, ports[i]);
1373                                 nf_conntrack_sip_fini();
1374                                 return ret;
1375                         }
1376                 }
1377         }
1378         return 0;
1379 }
1380
1381 module_init(nf_conntrack_sip_init);
1382 module_exit(nf_conntrack_sip_fini);