1 /* SIP extension for IP connection tracking.
3 * (C) 2005 by Christian Hentschel <chentschel@arnet.com.ar>
4 * based on RR's ip_conntrack_ftp.c and other modules.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
11 #include <linux/module.h>
12 #include <linux/ctype.h>
13 #include <linux/skbuff.h>
14 #include <linux/inet.h>
16 #include <linux/udp.h>
17 #include <linux/netfilter.h>
19 #include <net/netfilter/nf_conntrack.h>
20 #include <net/netfilter/nf_conntrack_core.h>
21 #include <net/netfilter/nf_conntrack_expect.h>
22 #include <net/netfilter/nf_conntrack_helper.h>
23 #include <linux/netfilter/nf_conntrack_sip.h>
25 MODULE_LICENSE("GPL");
26 MODULE_AUTHOR("Christian Hentschel <chentschel@arnet.com.ar>");
27 MODULE_DESCRIPTION("SIP connection tracking helper");
28 MODULE_ALIAS("ip_conntrack_sip");
31 static unsigned short ports[MAX_PORTS];
32 static unsigned int ports_c;
33 module_param_array(ports, ushort, &ports_c, 0400);
34 MODULE_PARM_DESC(ports, "port numbers of SIP servers");
36 static unsigned int sip_timeout __read_mostly = SIP_TIMEOUT;
37 module_param(sip_timeout, uint, 0600);
38 MODULE_PARM_DESC(sip_timeout, "timeout for the master SIP session");
40 static int sip_direct_signalling __read_mostly = 1;
41 module_param(sip_direct_signalling, int, 0600);
42 MODULE_PARM_DESC(sip_direct_signalling, "expect incoming calls from registrar "
45 static int sip_direct_media __read_mostly = 1;
46 module_param(sip_direct_media, int, 0600);
47 MODULE_PARM_DESC(sip_direct_media, "Expect Media streams between signalling "
48 "endpoints only (default 1)");
50 unsigned int (*nf_nat_sip_hook)(struct sk_buff *skb,
52 unsigned int *datalen) __read_mostly;
53 EXPORT_SYMBOL_GPL(nf_nat_sip_hook);
55 unsigned int (*nf_nat_sip_expect_hook)(struct sk_buff *skb,
57 unsigned int *datalen,
58 struct nf_conntrack_expect *exp,
59 unsigned int matchoff,
60 unsigned int matchlen) __read_mostly;
61 EXPORT_SYMBOL_GPL(nf_nat_sip_expect_hook);
63 unsigned int (*nf_nat_sdp_addr_hook)(struct sk_buff *skb,
66 unsigned int *datalen,
67 enum sdp_header_types type,
68 enum sdp_header_types term,
69 const union nf_inet_addr *addr)
71 EXPORT_SYMBOL_GPL(nf_nat_sdp_addr_hook);
73 unsigned int (*nf_nat_sdp_session_hook)(struct sk_buff *skb,
76 unsigned int *datalen,
77 const union nf_inet_addr *addr)
79 EXPORT_SYMBOL_GPL(nf_nat_sdp_session_hook);
81 unsigned int (*nf_nat_sdp_media_hook)(struct sk_buff *skb,
83 unsigned int *datalen,
84 struct nf_conntrack_expect *rtp_exp,
85 struct nf_conntrack_expect *rtcp_exp,
86 unsigned int mediaoff,
87 unsigned int medialen,
88 union nf_inet_addr *rtp_addr)
90 EXPORT_SYMBOL_GPL(nf_nat_sdp_media_hook);
92 static int string_len(const struct nf_conn *ct, const char *dptr,
93 const char *limit, int *shift)
97 while (dptr < limit && isalpha(*dptr)) {
104 static int digits_len(const struct nf_conn *ct, const char *dptr,
105 const char *limit, int *shift)
108 while (dptr < limit && isdigit(*dptr)) {
115 /* get media type + port length */
116 static int media_len(const struct nf_conn *ct, const char *dptr,
117 const char *limit, int *shift)
119 int len = string_len(ct, dptr, limit, shift);
122 if (dptr >= limit || *dptr != ' ')
127 return len + digits_len(ct, dptr, limit, shift);
130 static int parse_addr(const struct nf_conn *ct, const char *cp,
131 const char **endp, union nf_inet_addr *addr,
135 int family = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num;
140 ret = in4_pton(cp, limit - cp, (u8 *)&addr->ip, -1, &end);
143 ret = in6_pton(cp, limit - cp, (u8 *)&addr->ip6, -1, &end);
149 if (ret == 0 || end == cp)
156 /* skip ip address. returns its length. */
157 static int epaddr_len(const struct nf_conn *ct, const char *dptr,
158 const char *limit, int *shift)
160 union nf_inet_addr addr;
161 const char *aux = dptr;
163 if (!parse_addr(ct, dptr, &dptr, &addr, limit)) {
164 pr_debug("ip: %s parse failed.!\n", dptr);
171 dptr += digits_len(ct, dptr, limit, shift);
176 /* get address length, skiping user info. */
177 static int skp_epaddr_len(const struct nf_conn *ct, const char *dptr,
178 const char *limit, int *shift)
180 const char *start = dptr;
183 /* Search for @, but stop at the end of the line.
184 * We are inside a sip: URI, so we don't need to worry about
185 * continuation lines. */
186 while (dptr < limit &&
187 *dptr != '@' && *dptr != '\r' && *dptr != '\n') {
192 if (dptr < limit && *dptr == '@') {
200 return epaddr_len(ct, dptr, limit, shift);
203 /* Parse a SIP request line of the form:
205 * Request-Line = Method SP Request-URI SP SIP-Version CRLF
207 * and return the offset and length of the address contained in the Request-URI.
209 int ct_sip_parse_request(const struct nf_conn *ct,
210 const char *dptr, unsigned int datalen,
211 unsigned int *matchoff, unsigned int *matchlen,
212 union nf_inet_addr *addr, __be16 *port)
214 const char *start = dptr, *limit = dptr + datalen, *end;
219 /* Skip method and following whitespace */
220 mlen = string_len(ct, dptr, limit, NULL);
228 limit -= strlen("sip:");
229 for (; dptr < limit; dptr++) {
230 if (*dptr == '\r' || *dptr == '\n')
232 if (strnicmp(dptr, "sip:", strlen("sip:")) == 0)
235 if (!skp_epaddr_len(ct, dptr, limit, &shift))
239 if (!parse_addr(ct, dptr, &end, addr, limit))
241 if (end < limit && *end == ':') {
243 p = simple_strtoul(end, (char **)&end, 10);
244 if (p < 1024 || p > 65535)
248 *port = htons(SIP_PORT);
252 *matchoff = dptr - start;
253 *matchlen = end - dptr;
256 EXPORT_SYMBOL_GPL(ct_sip_parse_request);
258 /* SIP header parsing: SIP headers are located at the beginning of a line, but
259 * may span several lines, in which case the continuation lines begin with a
260 * whitespace character. RFC 2543 allows lines to be terminated with CR, LF or
261 * CRLF, RFC 3261 allows only CRLF, we support both.
263 * Headers are followed by (optionally) whitespace, a colon, again (optionally)
264 * whitespace and the values. Whitespace in this context means any amount of
265 * tabs, spaces and continuation lines, which are treated as a single whitespace
268 * Some headers may appear multiple times. A comma seperated list of values is
269 * equivalent to multiple headers.
271 static const struct sip_header ct_sip_hdrs[] = {
272 [SIP_HDR_CSEQ] = SIP_HDR("CSeq", NULL, NULL, digits_len),
273 [SIP_HDR_FROM] = SIP_HDR("From", "f", "sip:", skp_epaddr_len),
274 [SIP_HDR_TO] = SIP_HDR("To", "t", "sip:", skp_epaddr_len),
275 [SIP_HDR_CONTACT] = SIP_HDR("Contact", "m", "sip:", skp_epaddr_len),
276 [SIP_HDR_VIA] = SIP_HDR("Via", "v", "UDP ", epaddr_len),
277 [SIP_HDR_EXPIRES] = SIP_HDR("Expires", NULL, NULL, digits_len),
278 [SIP_HDR_CONTENT_LENGTH] = SIP_HDR("Content-Length", "l", NULL, digits_len),
281 static const char *sip_follow_continuation(const char *dptr, const char *limit)
283 /* Walk past newline */
287 /* Skip '\n' in CR LF */
288 if (*(dptr - 1) == '\r' && *dptr == '\n') {
293 /* Continuation line? */
294 if (*dptr != ' ' && *dptr != '\t')
297 /* skip leading whitespace */
298 for (; dptr < limit; dptr++) {
299 if (*dptr != ' ' && *dptr != '\t')
305 static const char *sip_skip_whitespace(const char *dptr, const char *limit)
307 for (; dptr < limit; dptr++) {
310 if (*dptr != '\r' && *dptr != '\n')
312 dptr = sip_follow_continuation(dptr, limit);
319 /* Search within a SIP header value, dealing with continuation lines */
320 static const char *ct_sip_header_search(const char *dptr, const char *limit,
321 const char *needle, unsigned int len)
323 for (limit -= len; dptr < limit; dptr++) {
324 if (*dptr == '\r' || *dptr == '\n') {
325 dptr = sip_follow_continuation(dptr, limit);
331 if (strnicmp(dptr, needle, len) == 0)
337 int ct_sip_get_header(const struct nf_conn *ct, const char *dptr,
338 unsigned int dataoff, unsigned int datalen,
339 enum sip_header_types type,
340 unsigned int *matchoff, unsigned int *matchlen)
342 const struct sip_header *hdr = &ct_sip_hdrs[type];
343 const char *start = dptr, *limit = dptr + datalen;
346 for (dptr += dataoff; dptr < limit; dptr++) {
347 /* Find beginning of line */
348 if (*dptr != '\r' && *dptr != '\n')
352 if (*(dptr - 1) == '\r' && *dptr == '\n') {
357 /* Skip continuation lines */
358 if (*dptr == ' ' || *dptr == '\t')
361 /* Find header. Compact headers must be followed by a
362 * non-alphabetic character to avoid mismatches. */
363 if (limit - dptr >= hdr->len &&
364 strnicmp(dptr, hdr->name, hdr->len) == 0)
366 else if (hdr->cname && limit - dptr >= hdr->clen + 1 &&
367 strnicmp(dptr, hdr->cname, hdr->clen) == 0 &&
368 !isalpha(*(dptr + hdr->clen + 1)))
373 /* Find and skip colon */
374 dptr = sip_skip_whitespace(dptr, limit);
377 if (*dptr != ':' || ++dptr >= limit)
380 /* Skip whitespace after colon */
381 dptr = sip_skip_whitespace(dptr, limit);
385 *matchoff = dptr - start;
387 dptr = ct_sip_header_search(dptr, limit, hdr->search,
394 *matchlen = hdr->match_len(ct, dptr, limit, &shift);
397 *matchoff = dptr - start + shift;
402 EXPORT_SYMBOL_GPL(ct_sip_get_header);
404 /* Get next header field in a list of comma seperated values */
405 static int ct_sip_next_header(const struct nf_conn *ct, const char *dptr,
406 unsigned int dataoff, unsigned int datalen,
407 enum sip_header_types type,
408 unsigned int *matchoff, unsigned int *matchlen)
410 const struct sip_header *hdr = &ct_sip_hdrs[type];
411 const char *start = dptr, *limit = dptr + datalen;
416 dptr = ct_sip_header_search(dptr, limit, ",", strlen(","));
420 dptr = ct_sip_header_search(dptr, limit, hdr->search, hdr->slen);
425 *matchoff = dptr - start;
426 *matchlen = hdr->match_len(ct, dptr, limit, &shift);
433 /* Walk through headers until a parsable one is found or no header of the
434 * given type is left. */
435 static int ct_sip_walk_headers(const struct nf_conn *ct, const char *dptr,
436 unsigned int dataoff, unsigned int datalen,
437 enum sip_header_types type, int *in_header,
438 unsigned int *matchoff, unsigned int *matchlen)
442 if (in_header && *in_header) {
444 ret = ct_sip_next_header(ct, dptr, dataoff, datalen,
445 type, matchoff, matchlen);
450 dataoff += *matchoff;
456 ret = ct_sip_get_header(ct, dptr, dataoff, datalen,
457 type, matchoff, matchlen);
462 dataoff += *matchoff;
470 /* Locate a SIP header, parse the URI and return the offset and length of
471 * the address as well as the address and port themselves. A stream of
472 * headers can be parsed by handing in a non-NULL datalen and in_header
475 int ct_sip_parse_header_uri(const struct nf_conn *ct, const char *dptr,
476 unsigned int *dataoff, unsigned int datalen,
477 enum sip_header_types type, int *in_header,
478 unsigned int *matchoff, unsigned int *matchlen,
479 union nf_inet_addr *addr, __be16 *port)
481 const char *c, *limit = dptr + datalen;
485 ret = ct_sip_walk_headers(ct, dptr, dataoff ? *dataoff : 0, datalen,
486 type, in_header, matchoff, matchlen);
491 if (!parse_addr(ct, dptr + *matchoff, &c, addr, limit))
495 p = simple_strtoul(c, (char **)&c, 10);
496 if (p < 1024 || p > 65535)
500 *port = htons(SIP_PORT);
506 EXPORT_SYMBOL_GPL(ct_sip_parse_header_uri);
508 /* Parse address from header parameter and return address, offset and length */
509 int ct_sip_parse_address_param(const struct nf_conn *ct, const char *dptr,
510 unsigned int dataoff, unsigned int datalen,
512 unsigned int *matchoff, unsigned int *matchlen,
513 union nf_inet_addr *addr)
515 const char *limit = dptr + datalen;
516 const char *start, *end;
518 limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(","));
520 limit = dptr + datalen;
522 start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name));
526 start += strlen(name);
527 if (!parse_addr(ct, start, &end, addr, limit))
529 *matchoff = start - dptr;
530 *matchlen = end - start;
533 EXPORT_SYMBOL_GPL(ct_sip_parse_address_param);
535 /* Parse numerical header parameter and return value, offset and length */
536 int ct_sip_parse_numerical_param(const struct nf_conn *ct, const char *dptr,
537 unsigned int dataoff, unsigned int datalen,
539 unsigned int *matchoff, unsigned int *matchlen,
542 const char *limit = dptr + datalen;
546 limit = ct_sip_header_search(dptr + dataoff, limit, ",", strlen(","));
548 limit = dptr + datalen;
550 start = ct_sip_header_search(dptr + dataoff, limit, name, strlen(name));
554 start += strlen(name);
555 *val = simple_strtoul(start, &end, 0);
558 if (matchoff && matchlen) {
559 *matchoff = start - dptr;
560 *matchlen = end - start;
564 EXPORT_SYMBOL_GPL(ct_sip_parse_numerical_param);
566 /* SDP header parsing: a SDP session description contains an ordered set of
567 * headers, starting with a section containing general session parameters,
568 * optionally followed by multiple media descriptions.
570 * SDP headers always start at the beginning of a line. According to RFC 2327:
571 * "The sequence CRLF (0x0d0a) is used to end a record, although parsers should
572 * be tolerant and also accept records terminated with a single newline
573 * character". We handle both cases.
575 static const struct sip_header ct_sdp_hdrs[] = {
576 [SDP_HDR_VERSION] = SDP_HDR("v=", NULL, digits_len),
577 [SDP_HDR_OWNER_IP4] = SDP_HDR("o=", "IN IP4 ", epaddr_len),
578 [SDP_HDR_CONNECTION_IP4] = SDP_HDR("c=", "IN IP4 ", epaddr_len),
579 [SDP_HDR_OWNER_IP6] = SDP_HDR("o=", "IN IP6 ", epaddr_len),
580 [SDP_HDR_CONNECTION_IP6] = SDP_HDR("c=", "IN IP6 ", epaddr_len),
581 [SDP_HDR_MEDIA] = SDP_HDR("m=", NULL, media_len),
584 /* Linear string search within SDP header values */
585 static const char *ct_sdp_header_search(const char *dptr, const char *limit,
586 const char *needle, unsigned int len)
588 for (limit -= len; dptr < limit; dptr++) {
589 if (*dptr == '\r' || *dptr == '\n')
591 if (strncmp(dptr, needle, len) == 0)
597 /* Locate a SDP header (optionally a substring within the header value),
598 * optionally stopping at the first occurence of the term header, parse
599 * it and return the offset and length of the data we're interested in.
601 int ct_sip_get_sdp_header(const struct nf_conn *ct, const char *dptr,
602 unsigned int dataoff, unsigned int datalen,
603 enum sdp_header_types type,
604 enum sdp_header_types term,
605 unsigned int *matchoff, unsigned int *matchlen)
607 const struct sip_header *hdr = &ct_sdp_hdrs[type];
608 const struct sip_header *thdr = &ct_sdp_hdrs[term];
609 const char *start = dptr, *limit = dptr + datalen;
612 for (dptr += dataoff; dptr < limit; dptr++) {
613 /* Find beginning of line */
614 if (*dptr != '\r' && *dptr != '\n')
618 if (*(dptr - 1) == '\r' && *dptr == '\n') {
623 if (term != SDP_HDR_UNSPEC &&
624 limit - dptr >= thdr->len &&
625 strnicmp(dptr, thdr->name, thdr->len) == 0)
627 else if (limit - dptr >= hdr->len &&
628 strnicmp(dptr, hdr->name, hdr->len) == 0)
633 *matchoff = dptr - start;
635 dptr = ct_sdp_header_search(dptr, limit, hdr->search,
642 *matchlen = hdr->match_len(ct, dptr, limit, &shift);
645 *matchoff = dptr - start + shift;
650 EXPORT_SYMBOL_GPL(ct_sip_get_sdp_header);
652 static int ct_sip_parse_sdp_addr(const struct nf_conn *ct, const char *dptr,
653 unsigned int dataoff, unsigned int datalen,
654 enum sdp_header_types type,
655 enum sdp_header_types term,
656 unsigned int *matchoff, unsigned int *matchlen,
657 union nf_inet_addr *addr)
661 ret = ct_sip_get_sdp_header(ct, dptr, dataoff, datalen, type, term,
666 if (!parse_addr(ct, dptr + *matchoff, NULL, addr,
667 dptr + *matchoff + *matchlen))
672 static int refresh_signalling_expectation(struct nf_conn *ct,
673 union nf_inet_addr *addr,
675 unsigned int expires)
677 struct nf_conn_help *help = nfct_help(ct);
678 struct nf_conntrack_expect *exp;
679 struct hlist_node *n, *next;
682 spin_lock_bh(&nf_conntrack_lock);
683 hlist_for_each_entry_safe(exp, n, next, &help->expectations, lnode) {
684 if (exp->class != SIP_EXPECT_SIGNALLING ||
685 !nf_inet_addr_cmp(&exp->tuple.dst.u3, addr) ||
686 exp->tuple.dst.u.udp.port != port)
688 if (!del_timer(&exp->timeout))
690 exp->flags &= ~NF_CT_EXPECT_INACTIVE;
691 exp->timeout.expires = jiffies + expires * HZ;
692 add_timer(&exp->timeout);
696 spin_unlock_bh(&nf_conntrack_lock);
700 static void flush_expectations(struct nf_conn *ct, bool media)
702 struct nf_conn_help *help = nfct_help(ct);
703 struct nf_conntrack_expect *exp;
704 struct hlist_node *n, *next;
706 spin_lock_bh(&nf_conntrack_lock);
707 hlist_for_each_entry_safe(exp, n, next, &help->expectations, lnode) {
708 if ((exp->class != SIP_EXPECT_SIGNALLING) ^ media)
710 if (!del_timer(&exp->timeout))
712 nf_ct_unlink_expect(exp);
713 nf_ct_expect_put(exp);
717 spin_unlock_bh(&nf_conntrack_lock);
720 static int set_expected_rtp_rtcp(struct sk_buff *skb,
721 const char **dptr, unsigned int *datalen,
722 union nf_inet_addr *daddr, __be16 port,
723 enum sip_expectation_classes class,
724 unsigned int mediaoff, unsigned int medialen)
726 struct nf_conntrack_expect *exp, *rtp_exp, *rtcp_exp;
727 enum ip_conntrack_info ctinfo;
728 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
729 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
730 union nf_inet_addr *saddr;
731 struct nf_conntrack_tuple tuple;
732 int family = ct->tuplehash[!dir].tuple.src.l3num;
733 int skip_expect = 0, ret = NF_DROP;
735 __be16 rtp_port, rtcp_port;
736 typeof(nf_nat_sdp_media_hook) nf_nat_sdp_media;
739 if (sip_direct_media) {
740 if (!nf_inet_addr_cmp(daddr, &ct->tuplehash[dir].tuple.src.u3))
742 saddr = &ct->tuplehash[!dir].tuple.src.u3;
745 /* We need to check whether the registration exists before attempting
746 * to register it since we can see the same media description multiple
747 * times on different connections in case multiple endpoints receive
750 memset(&tuple, 0, sizeof(tuple));
752 tuple.src.u3 = *saddr;
753 tuple.src.l3num = family;
754 tuple.dst.protonum = IPPROTO_UDP;
755 tuple.dst.u3 = *daddr;
756 tuple.dst.u.udp.port = port;
759 exp = __nf_ct_expect_find(&tuple);
760 if (exp && exp->master != ct &&
761 nfct_help(exp->master)->helper == nfct_help(ct)->helper &&
769 base_port = ntohs(tuple.dst.u.udp.port) & ~1;
770 rtp_port = htons(base_port);
771 rtcp_port = htons(base_port + 1);
773 rtp_exp = nf_ct_expect_alloc(ct);
776 nf_ct_expect_init(rtp_exp, class, family, saddr, daddr,
777 IPPROTO_UDP, NULL, &rtp_port);
779 rtcp_exp = nf_ct_expect_alloc(ct);
780 if (rtcp_exp == NULL)
782 nf_ct_expect_init(rtcp_exp, class, family, saddr, daddr,
783 IPPROTO_UDP, NULL, &rtcp_port);
785 nf_nat_sdp_media = rcu_dereference(nf_nat_sdp_media_hook);
786 if (nf_nat_sdp_media && ct->status & IPS_NAT_MASK)
787 ret = nf_nat_sdp_media(skb, dptr, datalen, rtp_exp, rtcp_exp,
788 mediaoff, medialen, daddr);
790 if (nf_ct_expect_related(rtp_exp) == 0) {
791 if (nf_ct_expect_related(rtcp_exp) != 0)
792 nf_ct_unexpect_related(rtp_exp);
797 nf_ct_expect_put(rtcp_exp);
799 nf_ct_expect_put(rtp_exp);
804 static const struct sdp_media_type sdp_media_types[] = {
805 SDP_MEDIA_TYPE("audio ", SIP_EXPECT_AUDIO),
806 SDP_MEDIA_TYPE("video ", SIP_EXPECT_VIDEO),
809 static const struct sdp_media_type *sdp_media_type(const char *dptr,
810 unsigned int matchoff,
811 unsigned int matchlen)
813 const struct sdp_media_type *t;
816 for (i = 0; i < ARRAY_SIZE(sdp_media_types); i++) {
817 t = &sdp_media_types[i];
818 if (matchlen < t->len ||
819 strncmp(dptr + matchoff, t->name, t->len))
826 static int process_sdp(struct sk_buff *skb,
827 const char **dptr, unsigned int *datalen,
830 enum ip_conntrack_info ctinfo;
831 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
832 int family = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num;
833 unsigned int matchoff, matchlen;
834 unsigned int mediaoff, medialen;
836 unsigned int caddr_len, maddr_len;
838 union nf_inet_addr caddr, maddr, rtp_addr;
840 enum sdp_header_types c_hdr;
841 const struct sdp_media_type *t;
843 typeof(nf_nat_sdp_addr_hook) nf_nat_sdp_addr;
844 typeof(nf_nat_sdp_session_hook) nf_nat_sdp_session;
846 nf_nat_sdp_addr = rcu_dereference(nf_nat_sdp_addr_hook);
847 c_hdr = family == AF_INET ? SDP_HDR_CONNECTION_IP4 :
848 SDP_HDR_CONNECTION_IP6;
850 /* Find beginning of session description */
851 if (ct_sip_get_sdp_header(ct, *dptr, 0, *datalen,
852 SDP_HDR_VERSION, SDP_HDR_UNSPEC,
853 &matchoff, &matchlen) <= 0)
857 /* The connection information is contained in the session description
858 * and/or once per media description. The first media description marks
859 * the end of the session description. */
861 if (ct_sip_parse_sdp_addr(ct, *dptr, sdpoff, *datalen,
862 c_hdr, SDP_HDR_MEDIA,
863 &matchoff, &matchlen, &caddr) > 0)
864 caddr_len = matchlen;
867 for (i = 0; i < ARRAY_SIZE(sdp_media_types); ) {
868 if (ct_sip_get_sdp_header(ct, *dptr, mediaoff, *datalen,
869 SDP_HDR_MEDIA, SDP_HDR_UNSPEC,
870 &mediaoff, &medialen) <= 0)
873 /* Get media type and port number. A media port value of zero
874 * indicates an inactive stream. */
875 t = sdp_media_type(*dptr, mediaoff, medialen);
877 mediaoff += medialen;
883 port = simple_strtoul(*dptr + mediaoff, NULL, 10);
886 if (port < 1024 || port > 65535)
889 /* The media description overrides the session description. */
891 if (ct_sip_parse_sdp_addr(ct, *dptr, mediaoff, *datalen,
892 c_hdr, SDP_HDR_MEDIA,
893 &matchoff, &matchlen, &maddr) > 0) {
894 maddr_len = matchlen;
895 memcpy(&rtp_addr, &maddr, sizeof(rtp_addr));
896 } else if (caddr_len)
897 memcpy(&rtp_addr, &caddr, sizeof(rtp_addr));
901 ret = set_expected_rtp_rtcp(skb, dptr, datalen,
902 &rtp_addr, htons(port), t->class,
904 if (ret != NF_ACCEPT)
907 /* Update media connection address if present */
908 if (maddr_len && nf_nat_sdp_addr && ct->status & IPS_NAT_MASK) {
909 ret = nf_nat_sdp_addr(skb, dptr, mediaoff, datalen,
910 c_hdr, SDP_HDR_MEDIA, &rtp_addr);
911 if (ret != NF_ACCEPT)
917 /* Update session connection and owner addresses */
918 nf_nat_sdp_session = rcu_dereference(nf_nat_sdp_session_hook);
919 if (nf_nat_sdp_session && ct->status & IPS_NAT_MASK)
920 ret = nf_nat_sdp_session(skb, dptr, sdpoff, datalen, &rtp_addr);
924 static int process_invite_response(struct sk_buff *skb,
925 const char **dptr, unsigned int *datalen,
926 unsigned int cseq, unsigned int code)
928 enum ip_conntrack_info ctinfo;
929 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
931 if ((code >= 100 && code <= 199) ||
932 (code >= 200 && code <= 299))
933 return process_sdp(skb, dptr, datalen, cseq);
935 flush_expectations(ct, true);
940 static int process_update_response(struct sk_buff *skb,
941 const char **dptr, unsigned int *datalen,
942 unsigned int cseq, unsigned int code)
944 enum ip_conntrack_info ctinfo;
945 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
947 if ((code >= 100 && code <= 199) ||
948 (code >= 200 && code <= 299))
949 return process_sdp(skb, dptr, datalen, cseq);
951 flush_expectations(ct, true);
956 static int process_prack_response(struct sk_buff *skb,
957 const char **dptr, unsigned int *datalen,
958 unsigned int cseq, unsigned int code)
960 enum ip_conntrack_info ctinfo;
961 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
963 if ((code >= 100 && code <= 199) ||
964 (code >= 200 && code <= 299))
965 return process_sdp(skb, dptr, datalen, cseq);
967 flush_expectations(ct, true);
972 static int process_bye_request(struct sk_buff *skb,
973 const char **dptr, unsigned int *datalen,
976 enum ip_conntrack_info ctinfo;
977 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
979 flush_expectations(ct, true);
983 /* Parse a REGISTER request and create a permanent expectation for incoming
984 * signalling connections. The expectation is marked inactive and is activated
985 * when receiving a response indicating success from the registrar.
987 static int process_register_request(struct sk_buff *skb,
988 const char **dptr, unsigned int *datalen,
991 enum ip_conntrack_info ctinfo;
992 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
993 struct nf_conn_help *help = nfct_help(ct);
994 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
995 int family = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num;
996 unsigned int matchoff, matchlen;
997 struct nf_conntrack_expect *exp;
998 union nf_inet_addr *saddr, daddr;
1000 unsigned int expires = 0;
1002 typeof(nf_nat_sip_expect_hook) nf_nat_sip_expect;
1004 /* Expected connections can not register again. */
1005 if (ct->status & IPS_EXPECTED)
1008 /* We must check the expiration time: a value of zero signals the
1009 * registrar to release the binding. We'll remove our expectation
1010 * when receiving the new bindings in the response, but we don't
1011 * want to create new ones.
1013 * The expiration time may be contained in Expires: header, the
1014 * Contact: header parameters or the URI parameters.
1016 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_EXPIRES,
1017 &matchoff, &matchlen) > 0)
1018 expires = simple_strtoul(*dptr + matchoff, NULL, 10);
1020 ret = ct_sip_parse_header_uri(ct, *dptr, NULL, *datalen,
1021 SIP_HDR_CONTACT, NULL,
1022 &matchoff, &matchlen, &daddr, &port);
1028 /* We don't support third-party registrations */
1029 if (!nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.src.u3, &daddr))
1032 if (ct_sip_parse_numerical_param(ct, *dptr,
1033 matchoff + matchlen, *datalen,
1034 "expires=", NULL, NULL, &expires) < 0)
1042 exp = nf_ct_expect_alloc(ct);
1047 if (sip_direct_signalling)
1048 saddr = &ct->tuplehash[!dir].tuple.src.u3;
1050 nf_ct_expect_init(exp, SIP_EXPECT_SIGNALLING, family, saddr, &daddr,
1051 IPPROTO_UDP, NULL, &port);
1052 exp->timeout.expires = sip_timeout * HZ;
1053 exp->helper = nfct_help(ct)->helper;
1054 exp->flags = NF_CT_EXPECT_PERMANENT | NF_CT_EXPECT_INACTIVE;
1056 nf_nat_sip_expect = rcu_dereference(nf_nat_sip_expect_hook);
1057 if (nf_nat_sip_expect && ct->status & IPS_NAT_MASK)
1058 ret = nf_nat_sip_expect(skb, dptr, datalen, exp,
1059 matchoff, matchlen);
1061 if (nf_ct_expect_related(exp) != 0)
1066 nf_ct_expect_put(exp);
1069 if (ret == NF_ACCEPT)
1070 help->help.ct_sip_info.register_cseq = cseq;
1074 static int process_register_response(struct sk_buff *skb,
1075 const char **dptr, unsigned int *datalen,
1076 unsigned int cseq, unsigned int code)
1078 enum ip_conntrack_info ctinfo;
1079 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1080 struct nf_conn_help *help = nfct_help(ct);
1081 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
1082 union nf_inet_addr addr;
1084 unsigned int matchoff, matchlen, dataoff = 0;
1085 unsigned int expires = 0;
1086 int in_contact = 0, ret;
1088 /* According to RFC 3261, "UAs MUST NOT send a new registration until
1089 * they have received a final response from the registrar for the
1090 * previous one or the previous REGISTER request has timed out".
1092 * However, some servers fail to detect retransmissions and send late
1093 * responses, so we store the sequence number of the last valid
1094 * request and compare it here.
1096 if (help->help.ct_sip_info.register_cseq != cseq)
1099 if (code >= 100 && code <= 199)
1101 if (code < 200 || code > 299)
1104 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_EXPIRES,
1105 &matchoff, &matchlen) > 0)
1106 expires = simple_strtoul(*dptr + matchoff, NULL, 10);
1109 unsigned int c_expires = expires;
1111 ret = ct_sip_parse_header_uri(ct, *dptr, &dataoff, *datalen,
1112 SIP_HDR_CONTACT, &in_contact,
1113 &matchoff, &matchlen,
1120 /* We don't support third-party registrations */
1121 if (!nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.dst.u3, &addr))
1124 ret = ct_sip_parse_numerical_param(ct, *dptr,
1125 matchoff + matchlen,
1126 *datalen, "expires=",
1127 NULL, NULL, &c_expires);
1132 if (refresh_signalling_expectation(ct, &addr, port, c_expires))
1137 flush_expectations(ct, false);
1141 static const struct sip_handler sip_handlers[] = {
1142 SIP_HANDLER("INVITE", process_sdp, process_invite_response),
1143 SIP_HANDLER("UPDATE", process_sdp, process_update_response),
1144 SIP_HANDLER("ACK", process_sdp, NULL),
1145 SIP_HANDLER("PRACK", process_sdp, process_prack_response),
1146 SIP_HANDLER("BYE", process_bye_request, NULL),
1147 SIP_HANDLER("REGISTER", process_register_request, process_register_response),
1150 static int process_sip_response(struct sk_buff *skb,
1151 const char **dptr, unsigned int *datalen)
1153 static const struct sip_handler *handler;
1154 enum ip_conntrack_info ctinfo;
1155 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1156 unsigned int matchoff, matchlen;
1157 unsigned int code, cseq, dataoff, i;
1159 if (*datalen < strlen("SIP/2.0 200"))
1161 code = simple_strtoul(*dptr + strlen("SIP/2.0 "), NULL, 10);
1165 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_CSEQ,
1166 &matchoff, &matchlen) <= 0)
1168 cseq = simple_strtoul(*dptr + matchoff, NULL, 10);
1171 dataoff = matchoff + matchlen + 1;
1173 for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) {
1174 handler = &sip_handlers[i];
1175 if (handler->response == NULL)
1177 if (*datalen < dataoff + handler->len ||
1178 strnicmp(*dptr + dataoff, handler->method, handler->len))
1180 return handler->response(skb, dptr, datalen, cseq, code);
1185 static int process_sip_request(struct sk_buff *skb,
1186 const char **dptr, unsigned int *datalen)
1188 static const struct sip_handler *handler;
1189 enum ip_conntrack_info ctinfo;
1190 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1191 unsigned int matchoff, matchlen;
1192 unsigned int cseq, i;
1194 for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) {
1195 handler = &sip_handlers[i];
1196 if (handler->request == NULL)
1198 if (*datalen < handler->len ||
1199 strnicmp(*dptr, handler->method, handler->len))
1202 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_CSEQ,
1203 &matchoff, &matchlen) <= 0)
1205 cseq = simple_strtoul(*dptr + matchoff, NULL, 10);
1209 return handler->request(skb, dptr, datalen, cseq);
1214 static int sip_help(struct sk_buff *skb,
1215 unsigned int protoff,
1217 enum ip_conntrack_info ctinfo)
1219 unsigned int dataoff, datalen;
1222 typeof(nf_nat_sip_hook) nf_nat_sip;
1225 dataoff = protoff + sizeof(struct udphdr);
1226 if (dataoff >= skb->len)
1229 nf_ct_refresh(ct, skb, sip_timeout * HZ);
1231 if (!skb_is_nonlinear(skb))
1232 dptr = skb->data + dataoff;
1234 pr_debug("Copy of skbuff not supported yet.\n");
1238 datalen = skb->len - dataoff;
1239 if (datalen < strlen("SIP/2.0 200"))
1242 if (strnicmp(dptr, "SIP/2.0 ", strlen("SIP/2.0 ")) != 0)
1243 ret = process_sip_request(skb, &dptr, &datalen);
1245 ret = process_sip_response(skb, &dptr, &datalen);
1247 if (ret == NF_ACCEPT && ct->status & IPS_NAT_MASK) {
1248 nf_nat_sip = rcu_dereference(nf_nat_sip_hook);
1249 if (nf_nat_sip && !nf_nat_sip(skb, &dptr, &datalen))
1256 static struct nf_conntrack_helper sip[MAX_PORTS][2] __read_mostly;
1257 static char sip_names[MAX_PORTS][2][sizeof("sip-65535")] __read_mostly;
1259 static const struct nf_conntrack_expect_policy sip_exp_policy[SIP_EXPECT_MAX + 1] = {
1260 [SIP_EXPECT_SIGNALLING] = {
1264 [SIP_EXPECT_AUDIO] = {
1265 .max_expected = 2 * IP_CT_DIR_MAX,
1268 [SIP_EXPECT_VIDEO] = {
1269 .max_expected = 2 * IP_CT_DIR_MAX,
1274 static void nf_conntrack_sip_fini(void)
1278 for (i = 0; i < ports_c; i++) {
1279 for (j = 0; j < 2; j++) {
1280 if (sip[i][j].me == NULL)
1282 nf_conntrack_helper_unregister(&sip[i][j]);
1287 static int __init nf_conntrack_sip_init(void)
1293 ports[ports_c++] = SIP_PORT;
1295 for (i = 0; i < ports_c; i++) {
1296 memset(&sip[i], 0, sizeof(sip[i]));
1298 sip[i][0].tuple.src.l3num = AF_INET;
1299 sip[i][1].tuple.src.l3num = AF_INET6;
1300 for (j = 0; j < 2; j++) {
1301 sip[i][j].tuple.dst.protonum = IPPROTO_UDP;
1302 sip[i][j].tuple.src.u.udp.port = htons(ports[i]);
1303 sip[i][j].expect_policy = sip_exp_policy;
1304 sip[i][j].expect_class_max = SIP_EXPECT_MAX;
1305 sip[i][j].me = THIS_MODULE;
1306 sip[i][j].help = sip_help;
1308 tmpname = &sip_names[i][j][0];
1309 if (ports[i] == SIP_PORT)
1310 sprintf(tmpname, "sip");
1312 sprintf(tmpname, "sip-%u", i);
1313 sip[i][j].name = tmpname;
1315 pr_debug("port #%u: %u\n", i, ports[i]);
1317 ret = nf_conntrack_helper_register(&sip[i][j]);
1319 printk("nf_ct_sip: failed to register helper "
1320 "for pf: %u port: %u\n",
1321 sip[i][j].tuple.src.l3num, ports[i]);
1322 nf_conntrack_sip_fini();
1330 module_init(nf_conntrack_sip_init);
1331 module_exit(nf_conntrack_sip_fini);