]>
git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blob - net/ipv4/netfilter/ip_nat_sip.c
1 /* SIP extension for UDP NAT alteration.
3 * (C) 2005 by Christian Hentschel <chentschel@arnet.com.ar>
4 * based on RR's ip_nat_ftp.c and other modules.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
11 #include <linux/module.h>
12 #include <linux/skbuff.h>
14 #include <linux/udp.h>
16 #include <linux/netfilter_ipv4.h>
17 #include <linux/netfilter_ipv4/ip_nat.h>
18 #include <linux/netfilter_ipv4/ip_nat_helper.h>
19 #include <linux/netfilter_ipv4/ip_conntrack_helper.h>
20 #include <linux/netfilter_ipv4/ip_conntrack_sip.h>
22 MODULE_LICENSE("GPL");
23 MODULE_AUTHOR("Christian Hentschel <chentschel@arnet.com.ar>");
24 MODULE_DESCRIPTION("SIP NAT helper");
29 #define DEBUGP(format, args...)
34 char src
[sizeof("nnn.nnn.nnn.nnn:nnnnn")];
35 char dst
[sizeof("nnn.nnn.nnn.nnn:nnnnn")];
36 unsigned int srclen
, srciplen
;
37 unsigned int dstlen
, dstiplen
;
38 } addr
[IP_CT_DIR_MAX
];
41 static void addr_map_init(struct ip_conntrack
*ct
, struct addr_map
*map
)
43 struct ip_conntrack_tuple
*t
;
44 enum ip_conntrack_dir dir
;
47 for (dir
= 0; dir
< IP_CT_DIR_MAX
; dir
++) {
48 t
= &ct
->tuplehash
[dir
].tuple
;
50 n
= sprintf(map
->addr
[dir
].src
, "%u.%u.%u.%u",
52 map
->addr
[dir
].srciplen
= n
;
53 n
+= sprintf(map
->addr
[dir
].src
+ n
, ":%u",
54 ntohs(t
->src
.u
.udp
.port
));
55 map
->addr
[dir
].srclen
= n
;
57 n
= sprintf(map
->addr
[dir
].dst
, "%u.%u.%u.%u",
59 map
->addr
[dir
].dstiplen
= n
;
60 n
+= sprintf(map
->addr
[dir
].dst
+ n
, ":%u",
61 ntohs(t
->dst
.u
.udp
.port
));
62 map
->addr
[dir
].dstlen
= n
;
66 static int map_sip_addr(struct sk_buff
**pskb
, enum ip_conntrack_info ctinfo
,
67 struct ip_conntrack
*ct
, const char **dptr
, size_t dlen
,
68 enum sip_header_pos pos
, struct addr_map
*map
)
70 enum ip_conntrack_dir dir
= CTINFO2DIR(ctinfo
);
71 unsigned int matchlen
, matchoff
, addrlen
;
74 if (ct_sip_get_info(*dptr
, dlen
, &matchoff
, &matchlen
, pos
) <= 0)
77 if ((matchlen
== map
->addr
[dir
].srciplen
||
78 matchlen
== map
->addr
[dir
].srclen
) &&
79 memcmp(*dptr
+ matchoff
, map
->addr
[dir
].src
, matchlen
) == 0) {
80 addr
= map
->addr
[!dir
].dst
;
81 addrlen
= map
->addr
[!dir
].dstlen
;
82 } else if ((matchlen
== map
->addr
[dir
].dstiplen
||
83 matchlen
== map
->addr
[dir
].dstlen
) &&
84 memcmp(*dptr
+ matchoff
, map
->addr
[dir
].dst
, matchlen
) == 0) {
85 addr
= map
->addr
[!dir
].src
;
86 addrlen
= map
->addr
[!dir
].srclen
;
90 if (!ip_nat_mangle_udp_packet(pskb
, ct
, ctinfo
,
91 matchoff
, matchlen
, addr
, addrlen
))
93 *dptr
= (*pskb
)->data
+ (*pskb
)->nh
.iph
->ihl
*4 + sizeof(struct udphdr
);
98 static unsigned int ip_nat_sip(struct sk_buff
**pskb
,
99 enum ip_conntrack_info ctinfo
,
100 struct ip_conntrack
*ct
,
103 enum sip_header_pos pos
;
105 int dataoff
, datalen
;
107 dataoff
= (*pskb
)->nh
.iph
->ihl
*4 + sizeof(struct udphdr
);
108 datalen
= (*pskb
)->len
- dataoff
;
109 if (datalen
< sizeof("SIP/2.0") - 1)
112 addr_map_init(ct
, &map
);
114 /* Basic rules: requests and responses. */
115 if (strncmp(*dptr
, "SIP/2.0", sizeof("SIP/2.0") - 1) != 0) {
116 /* 10.2: Constructing the REGISTER Request:
118 * The "userinfo" and "@" components of the SIP URI MUST NOT
121 if (datalen
>= sizeof("REGISTER") - 1 &&
122 strncmp(*dptr
, "REGISTER", sizeof("REGISTER") - 1) == 0)
123 pos
= POS_REG_REQ_URI
;
127 if (!map_sip_addr(pskb
, ctinfo
, ct
, dptr
, datalen
, pos
, &map
))
131 if (!map_sip_addr(pskb
, ctinfo
, ct
, dptr
, datalen
, POS_FROM
, &map
) ||
132 !map_sip_addr(pskb
, ctinfo
, ct
, dptr
, datalen
, POS_TO
, &map
) ||
133 !map_sip_addr(pskb
, ctinfo
, ct
, dptr
, datalen
, POS_VIA
, &map
) ||
134 !map_sip_addr(pskb
, ctinfo
, ct
, dptr
, datalen
, POS_CONTACT
, &map
))
139 static unsigned int mangle_sip_packet(struct sk_buff
**pskb
,
140 enum ip_conntrack_info ctinfo
,
141 struct ip_conntrack
*ct
,
142 const char **dptr
, size_t dlen
,
143 char *buffer
, int bufflen
,
144 enum sip_header_pos pos
)
146 unsigned int matchlen
, matchoff
;
148 if (ct_sip_get_info(*dptr
, dlen
, &matchoff
, &matchlen
, pos
) <= 0)
151 if (!ip_nat_mangle_udp_packet(pskb
, ct
, ctinfo
,
152 matchoff
, matchlen
, buffer
, bufflen
))
155 /* We need to reload this. Thanks Patrick. */
156 *dptr
= (*pskb
)->data
+ (*pskb
)->nh
.iph
->ihl
*4 + sizeof(struct udphdr
);
160 static int mangle_content_len(struct sk_buff
**pskb
,
161 enum ip_conntrack_info ctinfo
,
162 struct ip_conntrack
*ct
,
165 unsigned int dataoff
, matchoff
, matchlen
;
166 char buffer
[sizeof("65536")];
169 dataoff
= (*pskb
)->nh
.iph
->ihl
*4 + sizeof(struct udphdr
);
171 /* Get actual SDP lenght */
172 if (ct_sip_get_info(dptr
, (*pskb
)->len
- dataoff
, &matchoff
,
173 &matchlen
, POS_SDP_HEADER
) > 0) {
175 /* since ct_sip_get_info() give us a pointer passing 'v='
176 we need to add 2 bytes in this count. */
177 int c_len
= (*pskb
)->len
- dataoff
- matchoff
+ 2;
179 /* Now, update SDP lenght */
180 if (ct_sip_get_info(dptr
, (*pskb
)->len
- dataoff
, &matchoff
,
181 &matchlen
, POS_CONTENT
) > 0) {
183 bufflen
= sprintf(buffer
, "%u", c_len
);
185 return ip_nat_mangle_udp_packet(pskb
, ct
, ctinfo
,
193 static unsigned int mangle_sdp(struct sk_buff
**pskb
,
194 enum ip_conntrack_info ctinfo
,
195 struct ip_conntrack
*ct
,
196 __be32 newip
, u_int16_t port
,
199 char buffer
[sizeof("nnn.nnn.nnn.nnn")];
200 unsigned int dataoff
, bufflen
;
202 dataoff
= (*pskb
)->nh
.iph
->ihl
*4 + sizeof(struct udphdr
);
204 /* Mangle owner and contact info. */
205 bufflen
= sprintf(buffer
, "%u.%u.%u.%u", NIPQUAD(newip
));
206 if (!mangle_sip_packet(pskb
, ctinfo
, ct
, &dptr
, (*pskb
)->len
- dataoff
,
207 buffer
, bufflen
, POS_OWNER
))
210 if (!mangle_sip_packet(pskb
, ctinfo
, ct
, &dptr
, (*pskb
)->len
- dataoff
,
211 buffer
, bufflen
, POS_CONNECTION
))
214 /* Mangle media port. */
215 bufflen
= sprintf(buffer
, "%u", port
);
216 if (!mangle_sip_packet(pskb
, ctinfo
, ct
, &dptr
, (*pskb
)->len
- dataoff
,
217 buffer
, bufflen
, POS_MEDIA
))
220 return mangle_content_len(pskb
, ctinfo
, ct
, dptr
);
223 /* So, this packet has hit the connection tracking matching code.
224 Mangle it, and change the expectation to match the new version. */
225 static unsigned int ip_nat_sdp(struct sk_buff
**pskb
,
226 enum ip_conntrack_info ctinfo
,
227 struct ip_conntrack_expect
*exp
,
230 struct ip_conntrack
*ct
= exp
->master
;
231 enum ip_conntrack_dir dir
= CTINFO2DIR(ctinfo
);
235 DEBUGP("ip_nat_sdp():\n");
237 /* Connection will come from reply */
238 newip
= ct
->tuplehash
[!dir
].tuple
.dst
.ip
;
240 exp
->tuple
.dst
.ip
= newip
;
241 exp
->saved_proto
.udp
.port
= exp
->tuple
.dst
.u
.udp
.port
;
244 /* When you see the packet, we need to NAT it the same as the
246 exp
->expectfn
= ip_nat_follow_master
;
248 /* Try to get same port: if not, try to change it. */
249 for (port
= ntohs(exp
->saved_proto
.udp
.port
); port
!= 0; port
++) {
250 exp
->tuple
.dst
.u
.udp
.port
= htons(port
);
251 if (ip_conntrack_expect_related(exp
) == 0)
258 if (!mangle_sdp(pskb
, ctinfo
, ct
, newip
, port
, dptr
)) {
259 ip_conntrack_unexpect_related(exp
);
265 static void __exit
fini(void)
267 rcu_assign_pointer(ip_nat_sip_hook
, NULL
);
268 rcu_assign_pointer(ip_nat_sdp_hook
, NULL
);
272 static int __init
init(void)
274 BUG_ON(rcu_dereference(ip_nat_sip_hook
));
275 BUG_ON(rcu_dereference(ip_nat_sdp_hook
));
276 rcu_assign_pointer(ip_nat_sip_hook
, ip_nat_sip
);
277 rcu_assign_pointer(ip_nat_sdp_hook
, ip_nat_sdp
);