1 /* SIP extension for IP connection tracking.
3 * (C) 2005 by Christian Hentschel <chentschel@arnet.com.ar>
4 * based on RR's ip_conntrack_ftp.c and other modules.
5 * (C) 2007 United Security Providers
6 * (C) 2007, 2008 Patrick McHardy <kaber@trash.net>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2 as
10 * published by the Free Software Foundation.
13 #include <linux/module.h>
14 #include <linux/ctype.h>
15 #include <linux/skbuff.h>
16 #include <linux/inet.h>
18 #include <linux/udp.h>
19 #include <linux/netfilter.h>
21 #include <net/netfilter/nf_conntrack.h>
22 #include <net/netfilter/nf_conntrack_core.h>
23 #include <net/netfilter/nf_conntrack_expect.h>
24 #include <net/netfilter/nf_conntrack_helper.h>
25 #include <linux/netfilter/nf_conntrack_sip.h>
27 MODULE_LICENSE("GPL");
28 MODULE_AUTHOR("Christian Hentschel <chentschel@arnet.com.ar>");
29 MODULE_DESCRIPTION("SIP connection tracking helper");
30 MODULE_ALIAS("ip_conntrack_sip");
31 MODULE_ALIAS_NFCT_HELPER("sip");
34 static unsigned short ports[MAX_PORTS];
35 static unsigned int ports_c;
36 module_param_array(ports, ushort, &ports_c, 0400);
37 MODULE_PARM_DESC(ports, "port numbers of SIP servers");
39 static unsigned int sip_timeout __read_mostly = SIP_TIMEOUT;
40 module_param(sip_timeout, uint, 0600);
41 MODULE_PARM_DESC(sip_timeout, "timeout for the master SIP session");
43 static int sip_direct_signalling __read_mostly = 1;
44 module_param(sip_direct_signalling, int, 0600);
45 MODULE_PARM_DESC(sip_direct_signalling, "expect incoming calls from registrar "
48 static int sip_direct_media __read_mostly = 1;
49 module_param(sip_direct_media, int, 0600);
50 MODULE_PARM_DESC(sip_direct_media, "Expect Media streams between signalling "
51 "endpoints only (default 1)");
53 unsigned int (*nf_nat_sip_hook)(struct sk_buff *skb,
55 unsigned int *datalen) __read_mostly;
56 EXPORT_SYMBOL_GPL(nf_nat_sip_hook);
58 unsigned int (*nf_nat_sip_expect_hook)(struct sk_buff *skb,
60 unsigned int *datalen,
61 struct nf_conntrack_expect *exp,
62 unsigned int matchoff,
63 unsigned int matchlen) __read_mostly;
64 EXPORT_SYMBOL_GPL(nf_nat_sip_expect_hook);
66 unsigned int (*nf_nat_sdp_addr_hook)(struct sk_buff *skb,
69 unsigned int *datalen,
70 enum sdp_header_types type,
71 enum sdp_header_types term,
72 const union nf_inet_addr *addr)
74 EXPORT_SYMBOL_GPL(nf_nat_sdp_addr_hook);
76 unsigned int (*nf_nat_sdp_port_hook)(struct sk_buff *skb,
78 unsigned int *datalen,
79 unsigned int matchoff,
80 unsigned int matchlen,
81 u_int16_t port) __read_mostly;
82 EXPORT_SYMBOL_GPL(nf_nat_sdp_port_hook);
84 unsigned int (*nf_nat_sdp_session_hook)(struct sk_buff *skb,
87 unsigned int *datalen,
88 const union nf_inet_addr *addr)
90 EXPORT_SYMBOL_GPL(nf_nat_sdp_session_hook);
92 unsigned int (*nf_nat_sdp_media_hook)(struct sk_buff *skb,
94 unsigned int *datalen,
95 struct nf_conntrack_expect *rtp_exp,
96 struct nf_conntrack_expect *rtcp_exp,
97 unsigned int mediaoff,
98 unsigned int medialen,
99 union nf_inet_addr *rtp_addr)
101 EXPORT_SYMBOL_GPL(nf_nat_sdp_media_hook);
103 static int string_len(const struct nf_conn *ct, const char *dptr,
104 const char *limit, int *shift)
108 while (dptr < limit && isalpha(*dptr)) {
115 static int digits_len(const struct nf_conn *ct, const char *dptr,
116 const char *limit, int *shift)
119 while (dptr < limit && isdigit(*dptr)) {
126 /* get media type + port length */
127 static int media_len(const struct nf_conn *ct, const char *dptr,
128 const char *limit, int *shift)
130 int len = string_len(ct, dptr, limit, shift);
133 if (dptr >= limit || *dptr != ' ')
138 return len + digits_len(ct, dptr, limit, shift);
141 static int parse_addr(const struct nf_conn *ct, const char *cp,
142 const char **endp, union nf_inet_addr *addr,
148 memset(addr, 0, sizeof(*addr));
149 switch (nf_ct_l3num(ct)) {
151 ret = in4_pton(cp, limit - cp, (u8 *)&addr->ip, -1, &end);
154 ret = in6_pton(cp, limit - cp, (u8 *)&addr->ip6, -1, &end);
160 if (ret == 0 || end == cp)
167 /* skip ip address. returns its length. */
168 static int epaddr_len(const struct nf_conn *ct, const char *dptr,
169 const char *limit, int *shift)
171 union nf_inet_addr addr;
172 const char *aux = dptr;
174 if (!parse_addr(ct, dptr, &dptr, &addr, limit)) {
175 pr_debug("ip: %s parse failed.!\n", dptr);
182 dptr += digits_len(ct, dptr, limit, shift);
187 /* get address length, skiping user info. */
188 static int skp_epaddr_len(const struct nf_conn *ct, const char *dptr,
189 const char *limit, int *shift)
191 const char *start = dptr;
194 /* Search for @, but stop at the end of the line.
195 * We are inside a sip: URI, so we don't need to worry about
196 * continuation lines. */
197 while (dptr < limit &&
198 *dptr != '@' && *dptr != '\r' && *dptr != '\n') {
203 if (dptr < limit && *dptr == '@') {
211 return epaddr_len(ct, dptr, limit, shift);
214 /* Parse a SIP request line of the form:
216 * Request-Line = Method SP Request-URI SP SIP-Version CRLF
218 * and return the offset and length of the address contained in the Request-URI.
220 int ct_sip_parse_request(const struct nf_conn *ct,
221 const char *dptr, unsigned int datalen,
222 unsigned int *matchoff, unsigned int *matchlen,
223 union nf_inet_addr *addr, __be16 *port)
225 const char *start = dptr, *limit = dptr + datalen, *end;
230 /* Skip method and following whitespace */
231 mlen = string_len(ct, dptr, limit, NULL);
239 for (; dptr < limit - strlen("sip:"); dptr++) {
240 if (*dptr == '\r' || *dptr == '\n')
242 if (strnicmp(dptr, "sip:", strlen("sip:")) == 0) {
243 dptr += strlen("sip:");
247 if (!skp_epaddr_len(ct, dptr, limit, &shift))
251 if (!parse_addr(ct, dptr, &end, addr, limit))
253 if (end < limit && *end == ':') {
255 p = simple_strtoul(end, (char **)&end, 10);
256 if (p < 1024 || p > 65535)
260 *port = htons(SIP_PORT);
264 *matchoff = dptr - start;
265 *matchlen = end - dptr;
268 EXPORT_SYMBOL_GPL(ct_sip_parse_request);
270 /* SIP header parsing: SIP headers are located at the beginning of a line, but
271 * may span several lines, in which case the continuation lines begin with a
272 * whitespace character. RFC 2543 allows lines to be terminated with CR, LF or
273 * CRLF, RFC 3261 allows only CRLF, we support both.
275 * Headers are followed by (optionally) whitespace, a colon, again (optionally)
276 * whitespace and the values. Whitespace in this context means any amount of
277 * tabs, spaces and continuation lines, which are treated as a single whitespace
280 * Some headers may appear multiple times. A comma seperated list of values is
281 * equivalent to multiple headers.
283 static const struct sip_header ct_sip_hdrs[] = {
284 [SIP_HDR_CSEQ] = SIP_HDR("CSeq", NULL, NULL, digits_len),
285 [SIP_HDR_FROM] = SIP_HDR("From", "f", "sip:", skp_epaddr_len),
286 [SIP_HDR_TO] = SIP_HDR("To", "t", "sip:", skp_epaddr_len),
287 [SIP_HDR_CONTACT] = SIP_HDR("Contact", "m", "sip:", skp_epaddr_len),
288 [SIP_HDR_VIA] = SIP_HDR("Via", "v", "UDP ", epaddr_len),
289 [SIP_HDR_EXPIRES] = SIP_HDR("Expires", NULL, NULL, digits_len),
290 [SIP_HDR_CONTENT_LENGTH] = SIP_HDR("Content-Length", "l", NULL, digits_len),
293 static const char *sip_follow_continuation(const char *dptr, const char *limit)
295 /* Walk past newline */
299 /* Skip '\n' in CR LF */
300 if (*(dptr - 1) == '\r' && *dptr == '\n') {
305 /* Continuation line? */
306 if (*dptr != ' ' && *dptr != '\t')
309 /* skip leading whitespace */
310 for (; dptr < limit; dptr++) {
311 if (*dptr != ' ' && *dptr != '\t')
317 static const char *sip_skip_whitespace(const char *dptr, const char *limit)
319 for (; dptr < limit; dptr++) {
322 if (*dptr != '\r' && *dptr != '\n')
324 dptr = sip_follow_continuation(dptr, limit);
331 /* Search within a SIP header value, dealing with continuation lines */
332 static const char *ct_sip_header_search(const char *dptr, const char *limit,
333 const char *needle, unsigned int len)
335 for (limit -= len; dptr < limit; dptr++) {
336 if (*dptr == '\r' || *dptr == '\n') {
337 dptr = sip_follow_continuation(dptr, limit);
343 if (strnicmp(dptr, needle, len) == 0)
349 int ct_sip_get_header(const struct nf_conn *ct, const char *dptr,
350 unsigned int dataoff, unsigned int datalen,
351 enum sip_header_types type,
352 unsigned int *matchoff, unsigned int *matchlen)
354 const struct sip_header *hdr = &ct_sip_hdrs[type];
355 const char *start = dptr, *limit = dptr + datalen;
358 for (dptr += dataoff; dptr < limit; dptr++) {
359 /* Find beginning of line */
360 if (*dptr != '\r' && *dptr != '\n')
364 if (*(dptr - 1) == '\r' && *dptr == '\n') {
369 /* Skip continuation lines */
370 if (*dptr == ' ' || *dptr == '\t')
373 /* Find header. Compact headers must be followed by a
374 * non-alphabetic character to avoid mismatches. */
375 if (limit - dptr >= hdr->len &&
376 strnicmp(dptr, hdr->name, hdr->len) == 0)
378 else if (hdr->cname && limit - dptr >= hdr->clen + 1 &&
379 strnicmp(dptr, hdr->cname, hdr->clen) == 0 &&
380 !isalpha(*(dptr + hdr->clen)))
385 /* Find and skip colon */
386 dptr = sip_skip_whitespace(dptr, limit);
389 if (*dptr != ':' || ++dptr >= limit)
392 /* Skip whitespace after colon */
393 dptr = sip_skip_whitespace(dptr, limit);
397 *matchoff = dptr - start;
399 dptr = ct_sip_header_search(dptr, limit, hdr->search,
406 *matchlen = hdr->match_len(ct, dptr, limit, &shift);
409 *matchoff = dptr - start + shift;
414 EXPORT_SYMBOL_GPL(ct_sip_get_header);
416 /* Get next header field in a list of comma seperated values */
417 static int ct_sip_next_header(const struct nf_conn *ct, const char *dptr,
418 unsigned int dataoff, unsigned int datalen,
419 enum sip_header_types type,
420 unsigned int *matchoff, unsigned int *matchlen)
422 const struct sip_header *hdr = &ct_sip_hdrs[type];
423 const char *start = dptr, *limit = dptr + datalen;
428 dptr = ct_sip_header_search(dptr, limit, ",", strlen(","));
432 dptr = ct_sip_header_search(dptr, limit, hdr->search, hdr->slen);
437 *matchoff = dptr - start;
438 *matchlen = hdr->match_len(ct, dptr, limit, &shift);
445 /* Walk through headers until a parsable one is found or no header of the
446 * given type is left. */
447 static int ct_sip_walk_headers(const struct nf_conn *ct, const char *dptr,
448 unsigned int dataoff, unsigned int datalen,
449 enum sip_header_types type, int *in_header,
450 unsigned int *matchoff, unsigned int *matchlen)
454 if (in_header && *in_header) {
456 ret = ct_sip_next_header(ct, dptr, dataoff, datalen,
457 type, matchoff, matchlen);
462 dataoff += *matchoff;
468 ret = ct_sip_get_header(ct, dptr, dataoff, datalen,
469 type, matchoff, matchlen);
474 dataoff += *matchoff;
482 /* Locate a SIP header, parse the URI and return the offset and length of
483 * the address as well as the address and port themselves. A stream of
484 * headers can be parsed by handing in a non-NULL datalen and in_header
487 int ct_sip_parse_header_uri(const struct nf_conn *ct, const char *dptr,
488 unsigned int *dataoff, unsigned int datalen,
489 enum sip_header_types type, int *in_header,
490 unsigned int *matchoff, unsigned int *matchlen,
491 union nf_inet_addr *addr, __be16 *port)
493 const char *c, *limit = dptr + datalen;
497 ret = ct_sip_walk_headers(ct, dptr, dataoff ? *dataoff : 0, datalen,
498 type, in_header, matchoff, matchlen);
503 if (!parse_addr(ct, dptr + *matchoff, &c, addr, limit))
507 p = simple_strtoul(c, (char **)&c, 10);
508 if (p < 1024 || p > 65535)
512 *port = htons(SIP_PORT);
518 EXPORT_SYMBOL_GPL(ct_sip_parse_header_uri);
520 /* Parse address from header parameter and return address, offset and length */
521 int ct_sip_parse_address_param(const struct nf_conn *ct, const char *dptr,
522 unsigned int dataoff, unsigned int datalen,
524 unsigned int *matchoff, unsigned int *matchlen,
525 union nf_inet_addr *addr)
527 const char *limit = dptr + datalen;
528 const char *start, *end;
530 limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(","));
532 limit = dptr + datalen;
534 start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name));
538 start += strlen(name);
539 if (!parse_addr(ct, start, &end, addr, limit))
541 *matchoff = start - dptr;
542 *matchlen = end - start;
545 EXPORT_SYMBOL_GPL(ct_sip_parse_address_param);
547 /* Parse numerical header parameter and return value, offset and length */
548 int ct_sip_parse_numerical_param(const struct nf_conn *ct, const char *dptr,
549 unsigned int dataoff, unsigned int datalen,
551 unsigned int *matchoff, unsigned int *matchlen,
554 const char *limit = dptr + datalen;
558 limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(","));
560 limit = dptr + datalen;
562 start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name));
566 start += strlen(name);
567 *val = simple_strtoul(start, &end, 0);
570 if (matchoff && matchlen) {
571 *matchoff = start - dptr;
572 *matchlen = end - start;
576 EXPORT_SYMBOL_GPL(ct_sip_parse_numerical_param);
578 /* SDP header parsing: a SDP session description contains an ordered set of
579 * headers, starting with a section containing general session parameters,
580 * optionally followed by multiple media descriptions.
582 * SDP headers always start at the beginning of a line. According to RFC 2327:
583 * "The sequence CRLF (0x0d0a) is used to end a record, although parsers should
584 * be tolerant and also accept records terminated with a single newline
585 * character". We handle both cases.
587 static const struct sip_header ct_sdp_hdrs[] = {
588 [SDP_HDR_VERSION] = SDP_HDR("v=", NULL, digits_len),
589 [SDP_HDR_OWNER_IP4] = SDP_HDR("o=", "IN IP4 ", epaddr_len),
590 [SDP_HDR_CONNECTION_IP4] = SDP_HDR("c=", "IN IP4 ", epaddr_len),
591 [SDP_HDR_OWNER_IP6] = SDP_HDR("o=", "IN IP6 ", epaddr_len),
592 [SDP_HDR_CONNECTION_IP6] = SDP_HDR("c=", "IN IP6 ", epaddr_len),
593 [SDP_HDR_MEDIA] = SDP_HDR("m=", NULL, media_len),
596 /* Linear string search within SDP header values */
597 static const char *ct_sdp_header_search(const char *dptr, const char *limit,
598 const char *needle, unsigned int len)
600 for (limit -= len; dptr < limit; dptr++) {
601 if (*dptr == '\r' || *dptr == '\n')
603 if (strncmp(dptr, needle, len) == 0)
609 /* Locate a SDP header (optionally a substring within the header value),
610 * optionally stopping at the first occurence of the term header, parse
611 * it and return the offset and length of the data we're interested in.
613 int ct_sip_get_sdp_header(const struct nf_conn *ct, const char *dptr,
614 unsigned int dataoff, unsigned int datalen,
615 enum sdp_header_types type,
616 enum sdp_header_types term,
617 unsigned int *matchoff, unsigned int *matchlen)
619 const struct sip_header *hdr = &ct_sdp_hdrs[type];
620 const struct sip_header *thdr = &ct_sdp_hdrs[term];
621 const char *start = dptr, *limit = dptr + datalen;
624 for (dptr += dataoff; dptr < limit; dptr++) {
625 /* Find beginning of line */
626 if (*dptr != '\r' && *dptr != '\n')
630 if (*(dptr - 1) == '\r' && *dptr == '\n') {
635 if (term != SDP_HDR_UNSPEC &&
636 limit - dptr >= thdr->len &&
637 strnicmp(dptr, thdr->name, thdr->len) == 0)
639 else if (limit - dptr >= hdr->len &&
640 strnicmp(dptr, hdr->name, hdr->len) == 0)
645 *matchoff = dptr - start;
647 dptr = ct_sdp_header_search(dptr, limit, hdr->search,
654 *matchlen = hdr->match_len(ct, dptr, limit, &shift);
657 *matchoff = dptr - start + shift;
662 EXPORT_SYMBOL_GPL(ct_sip_get_sdp_header);
664 static int ct_sip_parse_sdp_addr(const struct nf_conn *ct, const char *dptr,
665 unsigned int dataoff, unsigned int datalen,
666 enum sdp_header_types type,
667 enum sdp_header_types term,
668 unsigned int *matchoff, unsigned int *matchlen,
669 union nf_inet_addr *addr)
673 ret = ct_sip_get_sdp_header(ct, dptr, dataoff, datalen, type, term,
678 if (!parse_addr(ct, dptr + *matchoff, NULL, addr,
679 dptr + *matchoff + *matchlen))
684 static int refresh_signalling_expectation(struct nf_conn *ct,
685 union nf_inet_addr *addr,
687 unsigned int expires)
689 struct nf_conn_help *help = nfct_help(ct);
690 struct nf_conntrack_expect *exp;
691 struct hlist_node *n, *next;
694 spin_lock_bh(&nf_conntrack_lock);
695 hlist_for_each_entry_safe(exp, n, next, &help->expectations, lnode) {
696 if (exp->class != SIP_EXPECT_SIGNALLING ||
697 !nf_inet_addr_cmp(&exp->tuple.dst.u3, addr) ||
698 exp->tuple.dst.u.udp.port != port)
700 if (!del_timer(&exp->timeout))
702 exp->flags &= ~NF_CT_EXPECT_INACTIVE;
703 exp->timeout.expires = jiffies + expires * HZ;
704 add_timer(&exp->timeout);
708 spin_unlock_bh(&nf_conntrack_lock);
712 static void flush_expectations(struct nf_conn *ct, bool media)
714 struct nf_conn_help *help = nfct_help(ct);
715 struct nf_conntrack_expect *exp;
716 struct hlist_node *n, *next;
718 spin_lock_bh(&nf_conntrack_lock);
719 hlist_for_each_entry_safe(exp, n, next, &help->expectations, lnode) {
720 if ((exp->class != SIP_EXPECT_SIGNALLING) ^ media)
722 if (!del_timer(&exp->timeout))
724 nf_ct_unlink_expect(exp);
725 nf_ct_expect_put(exp);
729 spin_unlock_bh(&nf_conntrack_lock);
732 static int set_expected_rtp_rtcp(struct sk_buff *skb,
733 const char **dptr, unsigned int *datalen,
734 union nf_inet_addr *daddr, __be16 port,
735 enum sip_expectation_classes class,
736 unsigned int mediaoff, unsigned int medialen)
738 struct nf_conntrack_expect *exp, *rtp_exp, *rtcp_exp;
739 enum ip_conntrack_info ctinfo;
740 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
741 struct net *net = nf_ct_net(ct);
742 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
743 union nf_inet_addr *saddr;
744 struct nf_conntrack_tuple tuple;
745 int direct_rtp = 0, skip_expect = 0, ret = NF_DROP;
747 __be16 rtp_port, rtcp_port;
748 typeof(nf_nat_sdp_port_hook) nf_nat_sdp_port;
749 typeof(nf_nat_sdp_media_hook) nf_nat_sdp_media;
752 if (sip_direct_media) {
753 if (!nf_inet_addr_cmp(daddr, &ct->tuplehash[dir].tuple.src.u3))
755 saddr = &ct->tuplehash[!dir].tuple.src.u3;
758 /* We need to check whether the registration exists before attempting
759 * to register it since we can see the same media description multiple
760 * times on different connections in case multiple endpoints receive
763 * RTP optimization: if we find a matching media channel expectation
764 * and both the expectation and this connection are SNATed, we assume
765 * both sides can reach each other directly and use the final
766 * destination address from the expectation. We still need to keep
767 * the NATed expectations for media that might arrive from the
768 * outside, and additionally need to expect the direct RTP stream
769 * in case it passes through us even without NAT.
771 memset(&tuple, 0, sizeof(tuple));
773 tuple.src.u3 = *saddr;
774 tuple.src.l3num = nf_ct_l3num(ct);
775 tuple.dst.protonum = IPPROTO_UDP;
776 tuple.dst.u3 = *daddr;
777 tuple.dst.u.udp.port = port;
781 exp = __nf_ct_expect_find(net, &tuple);
783 if (!exp || exp->master == ct ||
784 nfct_help(exp->master)->helper != nfct_help(ct)->helper ||
787 #ifdef CONFIG_NF_NAT_NEEDED
788 if (exp->tuple.src.l3num == AF_INET && !direct_rtp &&
789 (exp->saved_ip != exp->tuple.dst.u3.ip ||
790 exp->saved_proto.udp.port != exp->tuple.dst.u.udp.port) &&
791 ct->status & IPS_NAT_MASK) {
792 daddr->ip = exp->saved_ip;
793 tuple.dst.u3.ip = exp->saved_ip;
794 tuple.dst.u.udp.port = exp->saved_proto.udp.port;
799 } while (!skip_expect);
802 base_port = ntohs(tuple.dst.u.udp.port) & ~1;
803 rtp_port = htons(base_port);
804 rtcp_port = htons(base_port + 1);
807 nf_nat_sdp_port = rcu_dereference(nf_nat_sdp_port_hook);
808 if (nf_nat_sdp_port &&
809 !nf_nat_sdp_port(skb, dptr, datalen,
810 mediaoff, medialen, ntohs(rtp_port)))
817 rtp_exp = nf_ct_expect_alloc(ct);
820 nf_ct_expect_init(rtp_exp, class, nf_ct_l3num(ct), saddr, daddr,
821 IPPROTO_UDP, NULL, &rtp_port);
823 rtcp_exp = nf_ct_expect_alloc(ct);
824 if (rtcp_exp == NULL)
826 nf_ct_expect_init(rtcp_exp, class, nf_ct_l3num(ct), saddr, daddr,
827 IPPROTO_UDP, NULL, &rtcp_port);
829 nf_nat_sdp_media = rcu_dereference(nf_nat_sdp_media_hook);
830 if (nf_nat_sdp_media && ct->status & IPS_NAT_MASK && !direct_rtp)
831 ret = nf_nat_sdp_media(skb, dptr, datalen, rtp_exp, rtcp_exp,
832 mediaoff, medialen, daddr);
834 if (nf_ct_expect_related(rtp_exp) == 0) {
835 if (nf_ct_expect_related(rtcp_exp) != 0)
836 nf_ct_unexpect_related(rtp_exp);
841 nf_ct_expect_put(rtcp_exp);
843 nf_ct_expect_put(rtp_exp);
848 static const struct sdp_media_type sdp_media_types[] = {
849 SDP_MEDIA_TYPE("audio ", SIP_EXPECT_AUDIO),
850 SDP_MEDIA_TYPE("video ", SIP_EXPECT_VIDEO),
853 static const struct sdp_media_type *sdp_media_type(const char *dptr,
854 unsigned int matchoff,
855 unsigned int matchlen)
857 const struct sdp_media_type *t;
860 for (i = 0; i < ARRAY_SIZE(sdp_media_types); i++) {
861 t = &sdp_media_types[i];
862 if (matchlen < t->len ||
863 strncmp(dptr + matchoff, t->name, t->len))
870 static int process_sdp(struct sk_buff *skb,
871 const char **dptr, unsigned int *datalen,
874 enum ip_conntrack_info ctinfo;
875 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
876 struct nf_conn_help *help = nfct_help(ct);
877 unsigned int matchoff, matchlen;
878 unsigned int mediaoff, medialen;
880 unsigned int caddr_len, maddr_len;
882 union nf_inet_addr caddr, maddr, rtp_addr;
884 enum sdp_header_types c_hdr;
885 const struct sdp_media_type *t;
887 typeof(nf_nat_sdp_addr_hook) nf_nat_sdp_addr;
888 typeof(nf_nat_sdp_session_hook) nf_nat_sdp_session;
890 nf_nat_sdp_addr = rcu_dereference(nf_nat_sdp_addr_hook);
891 c_hdr = nf_ct_l3num(ct) == AF_INET ? SDP_HDR_CONNECTION_IP4 :
892 SDP_HDR_CONNECTION_IP6;
894 /* Find beginning of session description */
895 if (ct_sip_get_sdp_header(ct, *dptr, 0, *datalen,
896 SDP_HDR_VERSION, SDP_HDR_UNSPEC,
897 &matchoff, &matchlen) <= 0)
901 /* The connection information is contained in the session description
902 * and/or once per media description. The first media description marks
903 * the end of the session description. */
905 if (ct_sip_parse_sdp_addr(ct, *dptr, sdpoff, *datalen,
906 c_hdr, SDP_HDR_MEDIA,
907 &matchoff, &matchlen, &caddr) > 0)
908 caddr_len = matchlen;
911 for (i = 0; i < ARRAY_SIZE(sdp_media_types); ) {
912 if (ct_sip_get_sdp_header(ct, *dptr, mediaoff, *datalen,
913 SDP_HDR_MEDIA, SDP_HDR_UNSPEC,
914 &mediaoff, &medialen) <= 0)
917 /* Get media type and port number. A media port value of zero
918 * indicates an inactive stream. */
919 t = sdp_media_type(*dptr, mediaoff, medialen);
921 mediaoff += medialen;
927 port = simple_strtoul(*dptr + mediaoff, NULL, 10);
930 if (port < 1024 || port > 65535)
933 /* The media description overrides the session description. */
935 if (ct_sip_parse_sdp_addr(ct, *dptr, mediaoff, *datalen,
936 c_hdr, SDP_HDR_MEDIA,
937 &matchoff, &matchlen, &maddr) > 0) {
938 maddr_len = matchlen;
939 memcpy(&rtp_addr, &maddr, sizeof(rtp_addr));
940 } else if (caddr_len)
941 memcpy(&rtp_addr, &caddr, sizeof(rtp_addr));
945 ret = set_expected_rtp_rtcp(skb, dptr, datalen,
946 &rtp_addr, htons(port), t->class,
948 if (ret != NF_ACCEPT)
951 /* Update media connection address if present */
952 if (maddr_len && nf_nat_sdp_addr && ct->status & IPS_NAT_MASK) {
953 ret = nf_nat_sdp_addr(skb, dptr, mediaoff, datalen,
954 c_hdr, SDP_HDR_MEDIA, &rtp_addr);
955 if (ret != NF_ACCEPT)
961 /* Update session connection and owner addresses */
962 nf_nat_sdp_session = rcu_dereference(nf_nat_sdp_session_hook);
963 if (nf_nat_sdp_session && ct->status & IPS_NAT_MASK)
964 ret = nf_nat_sdp_session(skb, dptr, sdpoff, datalen, &rtp_addr);
966 if (ret == NF_ACCEPT && i > 0)
967 help->help.ct_sip_info.invite_cseq = cseq;
971 static int process_invite_response(struct sk_buff *skb,
972 const char **dptr, unsigned int *datalen,
973 unsigned int cseq, unsigned int code)
975 enum ip_conntrack_info ctinfo;
976 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
977 struct nf_conn_help *help = nfct_help(ct);
979 if ((code >= 100 && code <= 199) ||
980 (code >= 200 && code <= 299))
981 return process_sdp(skb, dptr, datalen, cseq);
982 else if (help->help.ct_sip_info.invite_cseq == cseq)
983 flush_expectations(ct, true);
987 static int process_update_response(struct sk_buff *skb,
988 const char **dptr, unsigned int *datalen,
989 unsigned int cseq, unsigned int code)
991 enum ip_conntrack_info ctinfo;
992 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
993 struct nf_conn_help *help = nfct_help(ct);
995 if ((code >= 100 && code <= 199) ||
996 (code >= 200 && code <= 299))
997 return process_sdp(skb, dptr, datalen, cseq);
998 else if (help->help.ct_sip_info.invite_cseq == cseq)
999 flush_expectations(ct, true);
1003 static int process_prack_response(struct sk_buff *skb,
1004 const char **dptr, unsigned int *datalen,
1005 unsigned int cseq, unsigned int code)
1007 enum ip_conntrack_info ctinfo;
1008 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1009 struct nf_conn_help *help = nfct_help(ct);
1011 if ((code >= 100 && code <= 199) ||
1012 (code >= 200 && code <= 299))
1013 return process_sdp(skb, dptr, datalen, cseq);
1014 else if (help->help.ct_sip_info.invite_cseq == cseq)
1015 flush_expectations(ct, true);
1019 static int process_bye_request(struct sk_buff *skb,
1020 const char **dptr, unsigned int *datalen,
1023 enum ip_conntrack_info ctinfo;
1024 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1026 flush_expectations(ct, true);
1030 /* Parse a REGISTER request and create a permanent expectation for incoming
1031 * signalling connections. The expectation is marked inactive and is activated
1032 * when receiving a response indicating success from the registrar.
1034 static int process_register_request(struct sk_buff *skb,
1035 const char **dptr, unsigned int *datalen,
1038 enum ip_conntrack_info ctinfo;
1039 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1040 struct nf_conn_help *help = nfct_help(ct);
1041 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
1042 unsigned int matchoff, matchlen;
1043 struct nf_conntrack_expect *exp;
1044 union nf_inet_addr *saddr, daddr;
1046 unsigned int expires = 0;
1048 typeof(nf_nat_sip_expect_hook) nf_nat_sip_expect;
1050 /* Expected connections can not register again. */
1051 if (ct->status & IPS_EXPECTED)
1054 /* We must check the expiration time: a value of zero signals the
1055 * registrar to release the binding. We'll remove our expectation
1056 * when receiving the new bindings in the response, but we don't
1057 * want to create new ones.
1059 * The expiration time may be contained in Expires: header, the
1060 * Contact: header parameters or the URI parameters.
1062 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_EXPIRES,
1063 &matchoff, &matchlen) > 0)
1064 expires = simple_strtoul(*dptr + matchoff, NULL, 10);
1066 ret = ct_sip_parse_header_uri(ct, *dptr, NULL, *datalen,
1067 SIP_HDR_CONTACT, NULL,
1068 &matchoff, &matchlen, &daddr, &port);
1074 /* We don't support third-party registrations */
1075 if (!nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.src.u3, &daddr))
1078 if (ct_sip_parse_numerical_param(ct, *dptr,
1079 matchoff + matchlen, *datalen,
1080 "expires=", NULL, NULL, &expires) < 0)
1088 exp = nf_ct_expect_alloc(ct);
1093 if (sip_direct_signalling)
1094 saddr = &ct->tuplehash[!dir].tuple.src.u3;
1096 nf_ct_expect_init(exp, SIP_EXPECT_SIGNALLING, nf_ct_l3num(ct),
1097 saddr, &daddr, IPPROTO_UDP, NULL, &port);
1098 exp->timeout.expires = sip_timeout * HZ;
1099 exp->helper = nfct_help(ct)->helper;
1100 exp->flags = NF_CT_EXPECT_PERMANENT | NF_CT_EXPECT_INACTIVE;
1102 nf_nat_sip_expect = rcu_dereference(nf_nat_sip_expect_hook);
1103 if (nf_nat_sip_expect && ct->status & IPS_NAT_MASK)
1104 ret = nf_nat_sip_expect(skb, dptr, datalen, exp,
1105 matchoff, matchlen);
1107 if (nf_ct_expect_related(exp) != 0)
1112 nf_ct_expect_put(exp);
1115 if (ret == NF_ACCEPT)
1116 help->help.ct_sip_info.register_cseq = cseq;
1120 static int process_register_response(struct sk_buff *skb,
1121 const char **dptr, unsigned int *datalen,
1122 unsigned int cseq, unsigned int code)
1124 enum ip_conntrack_info ctinfo;
1125 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1126 struct nf_conn_help *help = nfct_help(ct);
1127 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
1128 union nf_inet_addr addr;
1130 unsigned int matchoff, matchlen, dataoff = 0;
1131 unsigned int expires = 0;
1132 int in_contact = 0, ret;
1134 /* According to RFC 3261, "UAs MUST NOT send a new registration until
1135 * they have received a final response from the registrar for the
1136 * previous one or the previous REGISTER request has timed out".
1138 * However, some servers fail to detect retransmissions and send late
1139 * responses, so we store the sequence number of the last valid
1140 * request and compare it here.
1142 if (help->help.ct_sip_info.register_cseq != cseq)
1145 if (code >= 100 && code <= 199)
1147 if (code < 200 || code > 299)
1150 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_EXPIRES,
1151 &matchoff, &matchlen) > 0)
1152 expires = simple_strtoul(*dptr + matchoff, NULL, 10);
1155 unsigned int c_expires = expires;
1157 ret = ct_sip_parse_header_uri(ct, *dptr, &dataoff, *datalen,
1158 SIP_HDR_CONTACT, &in_contact,
1159 &matchoff, &matchlen,
1166 /* We don't support third-party registrations */
1167 if (!nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.dst.u3, &addr))
1170 ret = ct_sip_parse_numerical_param(ct, *dptr,
1171 matchoff + matchlen,
1172 *datalen, "expires=",
1173 NULL, NULL, &c_expires);
1178 if (refresh_signalling_expectation(ct, &addr, port, c_expires))
1183 flush_expectations(ct, false);
1187 static const struct sip_handler sip_handlers[] = {
1188 SIP_HANDLER("INVITE", process_sdp, process_invite_response),
1189 SIP_HANDLER("UPDATE", process_sdp, process_update_response),
1190 SIP_HANDLER("ACK", process_sdp, NULL),
1191 SIP_HANDLER("PRACK", process_sdp, process_prack_response),
1192 SIP_HANDLER("BYE", process_bye_request, NULL),
1193 SIP_HANDLER("REGISTER", process_register_request, process_register_response),
1196 static int process_sip_response(struct sk_buff *skb,
1197 const char **dptr, unsigned int *datalen)
1199 enum ip_conntrack_info ctinfo;
1200 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1201 unsigned int matchoff, matchlen;
1202 unsigned int code, cseq, dataoff, i;
1204 if (*datalen < strlen("SIP/2.0 200"))
1206 code = simple_strtoul(*dptr + strlen("SIP/2.0 "), NULL, 10);
1210 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_CSEQ,
1211 &matchoff, &matchlen) <= 0)
1213 cseq = simple_strtoul(*dptr + matchoff, NULL, 10);
1216 dataoff = matchoff + matchlen + 1;
1218 for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) {
1219 const struct sip_handler *handler;
1221 handler = &sip_handlers[i];
1222 if (handler->response == NULL)
1224 if (*datalen < dataoff + handler->len ||
1225 strnicmp(*dptr + dataoff, handler->method, handler->len))
1227 return handler->response(skb, dptr, datalen, cseq, code);
1232 static int process_sip_request(struct sk_buff *skb,
1233 const char **dptr, unsigned int *datalen)
1235 enum ip_conntrack_info ctinfo;
1236 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1237 unsigned int matchoff, matchlen;
1238 unsigned int cseq, i;
1240 for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) {
1241 const struct sip_handler *handler;
1243 handler = &sip_handlers[i];
1244 if (handler->request == NULL)
1246 if (*datalen < handler->len ||
1247 strnicmp(*dptr, handler->method, handler->len))
1250 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_CSEQ,
1251 &matchoff, &matchlen) <= 0)
1253 cseq = simple_strtoul(*dptr + matchoff, NULL, 10);
1257 return handler->request(skb, dptr, datalen, cseq);
1262 static int sip_help(struct sk_buff *skb,
1263 unsigned int protoff,
1265 enum ip_conntrack_info ctinfo)
1267 unsigned int dataoff, datalen;
1270 typeof(nf_nat_sip_hook) nf_nat_sip;
1273 dataoff = protoff + sizeof(struct udphdr);
1274 if (dataoff >= skb->len)
1277 nf_ct_refresh(ct, skb, sip_timeout * HZ);
1279 if (!skb_is_nonlinear(skb))
1280 dptr = skb->data + dataoff;
1282 pr_debug("Copy of skbuff not supported yet.\n");
1286 datalen = skb->len - dataoff;
1287 if (datalen < strlen("SIP/2.0 200"))
1290 if (strnicmp(dptr, "SIP/2.0 ", strlen("SIP/2.0 ")) != 0)
1291 ret = process_sip_request(skb, &dptr, &datalen);
1293 ret = process_sip_response(skb, &dptr, &datalen);
1295 if (ret == NF_ACCEPT && ct->status & IPS_NAT_MASK) {
1296 nf_nat_sip = rcu_dereference(nf_nat_sip_hook);
1297 if (nf_nat_sip && !nf_nat_sip(skb, &dptr, &datalen))
1304 static struct nf_conntrack_helper sip[MAX_PORTS][2] __read_mostly;
1305 static char sip_names[MAX_PORTS][2][sizeof("sip-65535")] __read_mostly;
1307 static const struct nf_conntrack_expect_policy sip_exp_policy[SIP_EXPECT_MAX + 1] = {
1308 [SIP_EXPECT_SIGNALLING] = {
1309 .name = "signalling",
1313 [SIP_EXPECT_AUDIO] = {
1315 .max_expected = 2 * IP_CT_DIR_MAX,
1318 [SIP_EXPECT_VIDEO] = {
1320 .max_expected = 2 * IP_CT_DIR_MAX,
1325 static void nf_conntrack_sip_fini(void)
1329 for (i = 0; i < ports_c; i++) {
1330 for (j = 0; j < 2; j++) {
1331 if (sip[i][j].me == NULL)
1333 nf_conntrack_helper_unregister(&sip[i][j]);
1338 static int __init nf_conntrack_sip_init(void)
1344 ports[ports_c++] = SIP_PORT;
1346 for (i = 0; i < ports_c; i++) {
1347 memset(&sip[i], 0, sizeof(sip[i]));
1349 sip[i][0].tuple.src.l3num = AF_INET;
1350 sip[i][1].tuple.src.l3num = AF_INET6;
1351 for (j = 0; j < 2; j++) {
1352 sip[i][j].tuple.dst.protonum = IPPROTO_UDP;
1353 sip[i][j].tuple.src.u.udp.port = htons(ports[i]);
1354 sip[i][j].expect_policy = sip_exp_policy;
1355 sip[i][j].expect_class_max = SIP_EXPECT_MAX;
1356 sip[i][j].me = THIS_MODULE;
1357 sip[i][j].help = sip_help;
1359 tmpname = &sip_names[i][j][0];
1360 if (ports[i] == SIP_PORT)
1361 sprintf(tmpname, "sip");
1363 sprintf(tmpname, "sip-%u", i);
1364 sip[i][j].name = tmpname;
1366 pr_debug("port #%u: %u\n", i, ports[i]);
1368 ret = nf_conntrack_helper_register(&sip[i][j]);
1370 printk("nf_ct_sip: failed to register helper "
1371 "for pf: %u port: %u\n",
1372 sip[i][j].tuple.src.l3num, ports[i]);
1373 nf_conntrack_sip_fini();
1381 module_init(nf_conntrack_sip_init);
1382 module_exit(nf_conntrack_sip_fini);