1 /* SIP extension for IP connection tracking.
3 * (C) 2005 by Christian Hentschel <chentschel@arnet.com.ar>
4 * based on RR's ip_conntrack_ftp.c and other modules.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
11 #include <linux/config.h>
12 #include <linux/module.h>
13 #include <linux/ctype.h>
14 #include <linux/skbuff.h>
17 #include <linux/udp.h>
19 #include <linux/netfilter.h>
20 #include <linux/netfilter_ipv4.h>
21 #include <linux/netfilter_ipv4/ip_conntrack_helper.h>
22 #include <linux/netfilter_ipv4/ip_conntrack_sip.h>
27 #define DEBUGP(format, args...)
30 MODULE_LICENSE("GPL");
31 MODULE_AUTHOR("Christian Hentschel <chentschel@arnet.com.ar>");
32 MODULE_DESCRIPTION("SIP connection tracking helper");
35 static unsigned short ports[MAX_PORTS];
37 module_param_array(ports, ushort, &ports_c, 0400);
38 MODULE_PARM_DESC(ports, "port numbers of sip servers");
40 static unsigned int sip_timeout = SIP_TIMEOUT;
41 module_param(sip_timeout, uint, 0600);
42 MODULE_PARM_DESC(sip_timeout, "timeout for the master SIP session");
44 unsigned int (*ip_nat_sip_hook)(struct sk_buff **pskb,
45 enum ip_conntrack_info ctinfo,
46 struct ip_conntrack *ct,
48 EXPORT_SYMBOL_GPL(ip_nat_sip_hook);
50 unsigned int (*ip_nat_sdp_hook)(struct sk_buff **pskb,
51 enum ip_conntrack_info ctinfo,
52 struct ip_conntrack_expect *exp,
54 EXPORT_SYMBOL_GPL(ip_nat_sdp_hook);
56 int ct_sip_get_info(const char *dptr, size_t dlen,
57 unsigned int *matchoff,
58 unsigned int *matchlen,
59 struct sip_header_nfo *hnfo);
60 EXPORT_SYMBOL_GPL(ct_sip_get_info);
63 static int digits_len(const char *dptr, const char *limit, int *shift);
64 static int epaddr_len(const char *dptr, const char *limit, int *shift);
65 static int skp_digits_len(const char *dptr, const char *limit, int *shift);
66 static int skp_epaddr_len(const char *dptr, const char *limit, int *shift);
68 struct sip_header_nfo ct_sip_hdrs[] = {
71 .lnlen = sizeof("Via:") - 1,
73 .snlen = sizeof("\r\nv:") - 1, /* rfc3261 "\r\n" */
75 .ln_strlen = sizeof("UDP ") - 1,
76 .match_len = epaddr_len,
78 { /* Contact header */
80 .lnlen = sizeof("Contact:") - 1,
82 .snlen = sizeof("\r\nm:") - 1,
84 .ln_strlen = sizeof("sip:") - 1,
85 .match_len = skp_epaddr_len
87 { /* Content length header */
88 .lname = "Content-Length:",
89 .lnlen = sizeof("Content-Length:") - 1,
91 .snlen = sizeof("\r\nl:") - 1,
93 .ln_strlen = sizeof(":") - 1,
94 .match_len = skp_digits_len
96 { /* SDP media info */
98 .lnlen = sizeof("\nm=") - 1,
100 .snlen = sizeof("\rm=") - 1,
102 .ln_strlen = sizeof("audio ") - 1,
103 .match_len = digits_len
105 { /* SDP owner address*/
107 .lnlen = sizeof("\no=") - 1,
109 .snlen = sizeof("\ro=") - 1,
111 .ln_strlen = sizeof("IN IP4 ") - 1,
112 .match_len = epaddr_len
114 { /* SDP connection info */
116 .lnlen = sizeof("\nc=") - 1,
118 .snlen = sizeof("\rc=") - 1,
120 .ln_strlen = sizeof("IN IP4 ") - 1,
121 .match_len = epaddr_len
123 { /* Requests headers */
125 .lnlen = sizeof("sip:") - 1,
127 .snlen = sizeof("sip:") - 1, /* yes, i know.. ;) */
129 .ln_strlen = sizeof("@") - 1,
130 .match_len = epaddr_len
132 { /* SDP version header */
134 .lnlen = sizeof("\nv=") - 1,
136 .snlen = sizeof("\rv=") - 1,
138 .ln_strlen = sizeof("=") - 1,
139 .match_len = digits_len
142 EXPORT_SYMBOL_GPL(ct_sip_hdrs);
144 /* get line lenght until first CR or LF seen. */
145 int ct_sip_lnlen(const char *line, const char *limit)
147 const char *k = line;
149 while ((line <= limit) && (*line == '\r' || *line == '\n'))
152 while (line <= limit) {
153 if (*line == '\r' || *line == '\n')
159 EXPORT_SYMBOL_GPL(ct_sip_lnlen);
161 /* Linear string search, case sensitive. */
162 const char *ct_sip_search(const char *needle, const char *haystack,
163 size_t needle_len, size_t haystack_len)
165 const char *limit = haystack + (haystack_len - needle_len);
167 while (haystack <= limit) {
168 if (memcmp(haystack, needle, needle_len) == 0)
174 EXPORT_SYMBOL_GPL(ct_sip_search);
176 static int digits_len(const char *dptr, const char *limit, int *shift)
179 while (dptr <= limit && isdigit(*dptr)) {
186 /* get digits lenght, skiping blank spaces. */
187 static int skp_digits_len(const char *dptr, const char *limit, int *shift)
189 for (; dptr <= limit && *dptr == ' '; dptr++)
192 return digits_len(dptr, limit, shift);
195 /* Simple ipaddr parser.. */
196 static int parse_ipaddr(const char *cp, const char **endp,
197 u_int32_t *ipaddr, const char *limit)
199 unsigned long int val;
202 for (i = 0, *ipaddr = 0; cp <= limit && i < 4; i++) {
207 val = simple_strtoul(cp, (char **)&cp, 10);
211 ((u_int8_t *)ipaddr)[i] = val;
227 /* skip ip address. returns it lenght. */
228 static int epaddr_len(const char *dptr, const char *limit, int *shift)
230 const char *aux = dptr;
233 if (parse_ipaddr(dptr, &dptr, &ip, limit) < 0) {
234 DEBUGP("ip: %s parse failed.!\n", dptr);
241 dptr += digits_len(dptr, limit, shift);
246 /* get address length, skiping user info. */
247 static int skp_epaddr_len(const char *dptr, const char *limit, int *shift)
251 for (; dptr <= limit && *dptr != '@'; dptr++)
260 return epaddr_len(dptr, limit, shift);
263 /* Returns 0 if not found, -1 error parsing. */
264 int ct_sip_get_info(const char *dptr, size_t dlen,
265 unsigned int *matchoff,
266 unsigned int *matchlen,
267 struct sip_header_nfo *hnfo)
269 const char *limit, *aux, *k = dptr;
272 limit = dptr + (dlen - hnfo->lnlen);
274 while (dptr <= limit) {
275 if ((strncmp(dptr, hnfo->lname, hnfo->lnlen) != 0) &&
276 (strncmp(dptr, hnfo->sname, hnfo->snlen) != 0)) {
280 aux = ct_sip_search(hnfo->ln_str, dptr, hnfo->ln_strlen,
281 ct_sip_lnlen(dptr, limit));
283 DEBUGP("'%s' not found in '%s'.\n", hnfo->ln_str,
287 aux += hnfo->ln_strlen;
289 *matchlen = hnfo->match_len(aux, limit, &shift);
293 *matchoff = (aux - k) + shift;
295 DEBUGP("%s match succeeded! - len: %u\n", hnfo->lname,
299 DEBUGP("%s header not found.\n", hnfo->lname);
303 static int set_expected_rtp(struct sk_buff **pskb,
304 struct ip_conntrack *ct,
305 enum ip_conntrack_info ctinfo,
306 u_int32_t ipaddr, u_int16_t port,
309 struct ip_conntrack_expect *exp;
310 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
313 exp = ip_conntrack_expect_alloc(ct);
317 exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
318 exp->tuple.src.u.udp.port = 0;
319 exp->tuple.dst.ip = ipaddr;
320 exp->tuple.dst.u.udp.port = htons(port);
321 exp->tuple.dst.protonum = IPPROTO_UDP;
323 exp->mask.src.ip = 0xFFFFFFFF;
324 exp->mask.src.u.udp.port = 0;
325 exp->mask.dst.ip = 0xFFFFFFFF;
326 exp->mask.dst.u.udp.port = 0xFFFF;
327 exp->mask.dst.protonum = 0xFF;
329 exp->expectfn = NULL;
333 ret = ip_nat_sdp_hook(pskb, ctinfo, exp, dptr);
335 if (ip_conntrack_expect_related(exp) != 0)
340 ip_conntrack_expect_put(exp);
345 static int sip_help(struct sk_buff **pskb,
346 struct ip_conntrack *ct,
347 enum ip_conntrack_info ctinfo)
349 unsigned int dataoff, datalen;
352 int matchoff, matchlen;
357 dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr);
358 if (dataoff >= (*pskb)->len) {
359 DEBUGP("skb->len = %u\n", (*pskb)->len);
363 ip_ct_refresh(ct, *pskb, sip_timeout * HZ);
365 if (!skb_is_nonlinear(*pskb))
366 dptr = (*pskb)->data + dataoff;
368 DEBUGP("Copy of skbuff not supported yet.\n");
372 if (ip_nat_sip_hook) {
373 if (!ip_nat_sip_hook(pskb, ctinfo, ct, &dptr)) {
379 /* After this point NAT, could have mangled skb, so
380 we need to recalculate payload lenght. */
381 datalen = (*pskb)->len - dataoff;
383 if (datalen < (sizeof("SIP/2.0 200") - 1))
386 /* RTP info only in some SDP pkts */
387 if (memcmp(dptr, "INVITE", sizeof("INVITE") - 1) != 0 &&
388 memcmp(dptr, "SIP/2.0 200", sizeof("SIP/2.0 200") - 1) != 0) {
391 /* Get ip and port address from SDP packet. */
392 if (ct_sip_get_info(dptr, datalen, &matchoff, &matchlen,
393 &ct_sip_hdrs[POS_CONNECTION]) > 0) {
395 /* We'll drop only if there are parse problems. */
396 if (parse_ipaddr(dptr + matchoff, NULL, &ipaddr,
397 dptr + datalen) < 0) {
401 if (ct_sip_get_info(dptr, datalen, &matchoff, &matchlen,
402 &ct_sip_hdrs[POS_MEDIA]) > 0) {
404 port = simple_strtoul(dptr + matchoff, NULL, 10);
409 ret = set_expected_rtp(pskb, ct, ctinfo,
417 static struct ip_conntrack_helper sip[MAX_PORTS];
418 static char sip_names[MAX_PORTS][10];
420 static void fini(void)
423 for (i = 0; i < ports_c; i++) {
424 DEBUGP("unregistering helper for port %d\n", ports[i]);
425 ip_conntrack_helper_unregister(&sip[i]);
429 static int __init init(void)
435 ports[ports_c++] = SIP_PORT;
437 for (i = 0; i < ports_c; i++) {
438 /* Create helper structure */
439 memset(&sip[i], 0, sizeof(struct ip_conntrack_helper));
441 sip[i].tuple.dst.protonum = IPPROTO_UDP;
442 sip[i].tuple.src.u.udp.port = htons(ports[i]);
443 sip[i].mask.src.u.udp.port = 0xFFFF;
444 sip[i].mask.dst.protonum = 0xFF;
445 sip[i].max_expected = 2;
446 sip[i].timeout = 3 * 60; /* 3 minutes */
447 sip[i].me = THIS_MODULE;
448 sip[i].help = sip_help;
450 tmpname = &sip_names[i][0];
451 if (ports[i] == SIP_PORT)
452 sprintf(tmpname, "sip");
454 sprintf(tmpname, "sip-%d", i);
455 sip[i].name = tmpname;
457 DEBUGP("port #%d: %d\n", i, ports[i]);
459 ret = ip_conntrack_helper_register(&sip[i]);
461 printk("ERROR registering helper for port %d\n",
git.openpandora.org / pandora-kernel.git / blob