1 /* SIP extension for NAT alteration.
3 * (C) 2005 by Christian Hentschel <chentschel@arnet.com.ar>
4 * based on RR's ip_nat_ftp.c and other modules.
5 * (C) 2007 United Security Providers
6 * (C) 2007, 2008, 2011, 2012 Patrick McHardy <kaber@trash.net>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2 as
10 * published by the Free Software Foundation.
13 #include <linux/module.h>
14 #include <linux/skbuff.h>
15 #include <linux/inet.h>
16 #include <linux/udp.h>
17 #include <linux/tcp.h>
19 #include <net/netfilter/nf_nat.h>
20 #include <net/netfilter/nf_nat_helper.h>
21 #include <net/netfilter/nf_conntrack_helper.h>
22 #include <net/netfilter/nf_conntrack_expect.h>
23 #include <net/netfilter/nf_conntrack_seqadj.h>
24 #include <linux/netfilter/nf_conntrack_sip.h>
26 MODULE_LICENSE("GPL");
27 MODULE_AUTHOR("Christian Hentschel <chentschel@arnet.com.ar>");
28 MODULE_DESCRIPTION("SIP NAT helper");
29 MODULE_ALIAS("ip_nat_sip");
32 static unsigned int mangle_packet(struct sk_buff
*skb
, unsigned int protoff
,
34 const char **dptr
, unsigned int *datalen
,
35 unsigned int matchoff
, unsigned int matchlen
,
36 const char *buffer
, unsigned int buflen
)
38 enum ip_conntrack_info ctinfo
;
39 struct nf_conn
*ct
= nf_ct_get(skb
, &ctinfo
);
43 if (nf_ct_protonum(ct
) == IPPROTO_TCP
) {
44 th
= (struct tcphdr
*)(skb
->data
+ protoff
);
45 baseoff
= protoff
+ th
->doff
* 4;
46 matchoff
+= dataoff
- baseoff
;
48 if (!__nf_nat_mangle_tcp_packet(skb
, ct
, ctinfo
,
49 protoff
, matchoff
, matchlen
,
50 buffer
, buflen
, false))
53 baseoff
= protoff
+ sizeof(struct udphdr
);
54 matchoff
+= dataoff
- baseoff
;
56 if (!nf_nat_mangle_udp_packet(skb
, ct
, ctinfo
,
57 protoff
, matchoff
, matchlen
,
62 /* Reload data pointer and adjust datalen value */
63 *dptr
= skb
->data
+ dataoff
;
64 *datalen
+= buflen
- matchlen
;
68 static int sip_sprintf_addr(const struct nf_conn
*ct
, char *buffer
,
69 const union nf_inet_addr
*addr
, bool delim
)
71 if (nf_ct_l3num(ct
) == NFPROTO_IPV4
)
72 return sprintf(buffer
, "%pI4", &addr
->ip
);
75 return sprintf(buffer
, "[%pI6c]", &addr
->ip6
);
77 return sprintf(buffer
, "%pI6c", &addr
->ip6
);
81 static int sip_sprintf_addr_port(const struct nf_conn
*ct
, char *buffer
,
82 const union nf_inet_addr
*addr
, u16 port
)
84 if (nf_ct_l3num(ct
) == NFPROTO_IPV4
)
85 return sprintf(buffer
, "%pI4:%u", &addr
->ip
, port
);
87 return sprintf(buffer
, "[%pI6c]:%u", &addr
->ip6
, port
);
90 static int map_addr(struct sk_buff
*skb
, unsigned int protoff
,
92 const char **dptr
, unsigned int *datalen
,
93 unsigned int matchoff
, unsigned int matchlen
,
94 union nf_inet_addr
*addr
, __be16 port
)
96 enum ip_conntrack_info ctinfo
;
97 struct nf_conn
*ct
= nf_ct_get(skb
, &ctinfo
);
98 enum ip_conntrack_dir dir
= CTINFO2DIR(ctinfo
);
99 struct nf_ct_sip_master
*ct_sip_info
= nfct_help_data(ct
);
100 char buffer
[INET6_ADDRSTRLEN
+ sizeof("[]:nnnnn")];
102 union nf_inet_addr newaddr
;
105 if (nf_inet_addr_cmp(&ct
->tuplehash
[dir
].tuple
.src
.u3
, addr
) &&
106 ct
->tuplehash
[dir
].tuple
.src
.u
.udp
.port
== port
) {
107 newaddr
= ct
->tuplehash
[!dir
].tuple
.dst
.u3
;
108 newport
= ct
->tuplehash
[!dir
].tuple
.dst
.u
.udp
.port
;
109 } else if (nf_inet_addr_cmp(&ct
->tuplehash
[dir
].tuple
.dst
.u3
, addr
) &&
110 ct
->tuplehash
[dir
].tuple
.dst
.u
.udp
.port
== port
) {
111 newaddr
= ct
->tuplehash
[!dir
].tuple
.src
.u3
;
112 newport
= ct_sip_info
->forced_dport
? :
113 ct
->tuplehash
[!dir
].tuple
.src
.u
.udp
.port
;
117 if (nf_inet_addr_cmp(&newaddr
, addr
) && newport
== port
)
120 buflen
= sip_sprintf_addr_port(ct
, buffer
, &newaddr
, ntohs(newport
));
121 return mangle_packet(skb
, protoff
, dataoff
, dptr
, datalen
,
122 matchoff
, matchlen
, buffer
, buflen
);
125 static int map_sip_addr(struct sk_buff
*skb
, unsigned int protoff
,
126 unsigned int dataoff
,
127 const char **dptr
, unsigned int *datalen
,
128 enum sip_header_types type
)
130 enum ip_conntrack_info ctinfo
;
131 struct nf_conn
*ct
= nf_ct_get(skb
, &ctinfo
);
132 unsigned int matchlen
, matchoff
;
133 union nf_inet_addr addr
;
136 if (ct_sip_parse_header_uri(ct
, *dptr
, NULL
, *datalen
, type
, NULL
,
137 &matchoff
, &matchlen
, &addr
, &port
) <= 0)
139 return map_addr(skb
, protoff
, dataoff
, dptr
, datalen
,
140 matchoff
, matchlen
, &addr
, port
);
143 static unsigned int nf_nat_sip(struct sk_buff
*skb
, unsigned int protoff
,
144 unsigned int dataoff
,
145 const char **dptr
, unsigned int *datalen
)
147 enum ip_conntrack_info ctinfo
;
148 struct nf_conn
*ct
= nf_ct_get(skb
, &ctinfo
);
149 enum ip_conntrack_dir dir
= CTINFO2DIR(ctinfo
);
150 struct nf_ct_sip_master
*ct_sip_info
= nfct_help_data(ct
);
151 unsigned int coff
, matchoff
, matchlen
;
152 enum sip_header_types hdr
;
153 union nf_inet_addr addr
;
155 int request
, in_header
;
157 /* Basic rules: requests and responses. */
158 if (strncasecmp(*dptr
, "SIP/2.0", strlen("SIP/2.0")) != 0) {
159 if (ct_sip_parse_request(ct
, *dptr
, *datalen
,
160 &matchoff
, &matchlen
,
162 !map_addr(skb
, protoff
, dataoff
, dptr
, datalen
,
163 matchoff
, matchlen
, &addr
, port
)) {
164 nf_ct_helper_log(skb
, ct
, "cannot mangle SIP message");
171 if (nf_ct_protonum(ct
) == IPPROTO_TCP
)
172 hdr
= SIP_HDR_VIA_TCP
;
174 hdr
= SIP_HDR_VIA_UDP
;
176 /* Translate topmost Via header and parameters */
177 if (ct_sip_parse_header_uri(ct
, *dptr
, NULL
, *datalen
,
178 hdr
, NULL
, &matchoff
, &matchlen
,
180 unsigned int olen
, matchend
, poff
, plen
, buflen
, n
;
181 char buffer
[INET6_ADDRSTRLEN
+ sizeof("[]:nnnnn")];
183 /* We're only interested in headers related to this
186 if (!nf_inet_addr_cmp(&addr
,
187 &ct
->tuplehash
[dir
].tuple
.src
.u3
) ||
188 port
!= ct
->tuplehash
[dir
].tuple
.src
.u
.udp
.port
)
191 if (!nf_inet_addr_cmp(&addr
,
192 &ct
->tuplehash
[dir
].tuple
.dst
.u3
) ||
193 port
!= ct
->tuplehash
[dir
].tuple
.dst
.u
.udp
.port
)
198 if (!map_addr(skb
, protoff
, dataoff
, dptr
, datalen
,
199 matchoff
, matchlen
, &addr
, port
)) {
200 nf_ct_helper_log(skb
, ct
, "cannot mangle Via header");
204 matchend
= matchoff
+ matchlen
+ *datalen
- olen
;
206 /* The maddr= parameter (RFC 2361) specifies where to send
208 if (ct_sip_parse_address_param(ct
, *dptr
, matchend
, *datalen
,
209 "maddr=", &poff
, &plen
,
211 nf_inet_addr_cmp(&addr
, &ct
->tuplehash
[dir
].tuple
.src
.u3
) &&
212 !nf_inet_addr_cmp(&addr
, &ct
->tuplehash
[!dir
].tuple
.dst
.u3
)) {
213 buflen
= sip_sprintf_addr(ct
, buffer
,
214 &ct
->tuplehash
[!dir
].tuple
.dst
.u3
,
216 if (!mangle_packet(skb
, protoff
, dataoff
, dptr
, datalen
,
217 poff
, plen
, buffer
, buflen
)) {
218 nf_ct_helper_log(skb
, ct
, "cannot mangle maddr");
223 /* The received= parameter (RFC 2361) contains the address
224 * from which the server received the request. */
225 if (ct_sip_parse_address_param(ct
, *dptr
, matchend
, *datalen
,
226 "received=", &poff
, &plen
,
228 nf_inet_addr_cmp(&addr
, &ct
->tuplehash
[dir
].tuple
.dst
.u3
) &&
229 !nf_inet_addr_cmp(&addr
, &ct
->tuplehash
[!dir
].tuple
.src
.u3
)) {
230 buflen
= sip_sprintf_addr(ct
, buffer
,
231 &ct
->tuplehash
[!dir
].tuple
.src
.u3
,
233 if (!mangle_packet(skb
, protoff
, dataoff
, dptr
, datalen
,
234 poff
, plen
, buffer
, buflen
)) {
235 nf_ct_helper_log(skb
, ct
, "cannot mangle received");
240 /* The rport= parameter (RFC 3581) contains the port number
241 * from which the server received the request. */
242 if (ct_sip_parse_numerical_param(ct
, *dptr
, matchend
, *datalen
,
243 "rport=", &poff
, &plen
,
245 htons(n
) == ct
->tuplehash
[dir
].tuple
.dst
.u
.udp
.port
&&
246 htons(n
) != ct
->tuplehash
[!dir
].tuple
.src
.u
.udp
.port
) {
247 __be16 p
= ct
->tuplehash
[!dir
].tuple
.src
.u
.udp
.port
;
248 buflen
= sprintf(buffer
, "%u", ntohs(p
));
249 if (!mangle_packet(skb
, protoff
, dataoff
, dptr
, datalen
,
250 poff
, plen
, buffer
, buflen
)) {
251 nf_ct_helper_log(skb
, ct
, "cannot mangle rport");
258 /* Translate Contact headers */
261 while (ct_sip_parse_header_uri(ct
, *dptr
, &coff
, *datalen
,
262 SIP_HDR_CONTACT
, &in_header
,
263 &matchoff
, &matchlen
,
265 if (!map_addr(skb
, protoff
, dataoff
, dptr
, datalen
,
268 nf_ct_helper_log(skb
, ct
, "cannot mangle contact");
273 if (!map_sip_addr(skb
, protoff
, dataoff
, dptr
, datalen
, SIP_HDR_FROM
) ||
274 !map_sip_addr(skb
, protoff
, dataoff
, dptr
, datalen
, SIP_HDR_TO
)) {
275 nf_ct_helper_log(skb
, ct
, "cannot mangle SIP from/to");
279 /* Mangle destination port for Cisco phones, then fix up checksums */
280 if (dir
== IP_CT_DIR_REPLY
&& ct_sip_info
->forced_dport
) {
283 if (!skb_make_writable(skb
, skb
->len
)) {
284 nf_ct_helper_log(skb
, ct
, "cannot mangle packet");
288 uh
= (void *)skb
->data
+ protoff
;
289 uh
->dest
= ct_sip_info
->forced_dport
;
291 if (!nf_nat_mangle_udp_packet(skb
, ct
, ctinfo
, protoff
,
293 nf_ct_helper_log(skb
, ct
, "cannot mangle packet");
301 static void nf_nat_sip_seq_adjust(struct sk_buff
*skb
, unsigned int protoff
,
304 enum ip_conntrack_info ctinfo
;
305 struct nf_conn
*ct
= nf_ct_get(skb
, &ctinfo
);
306 const struct tcphdr
*th
;
308 if (nf_ct_protonum(ct
) != IPPROTO_TCP
|| off
== 0)
311 th
= (struct tcphdr
*)(skb
->data
+ protoff
);
312 nf_ct_seqadj_set(ct
, ctinfo
, th
->seq
, off
);
315 /* Handles expected signalling connections and media streams */
316 static void nf_nat_sip_expected(struct nf_conn
*ct
,
317 struct nf_conntrack_expect
*exp
)
319 struct nf_nat_range range
;
321 /* This must be a fresh one. */
322 BUG_ON(ct
->status
& IPS_NAT_DONE_MASK
);
324 /* For DST manip, map port here to where it's expected. */
325 range
.flags
= (NF_NAT_RANGE_MAP_IPS
| NF_NAT_RANGE_PROTO_SPECIFIED
);
326 range
.min_proto
= range
.max_proto
= exp
->saved_proto
;
327 range
.min_addr
= range
.max_addr
= exp
->saved_addr
;
328 nf_nat_setup_info(ct
, &range
, NF_NAT_MANIP_DST
);
330 /* Change src to where master sends to, but only if the connection
331 * actually came from the same source. */
332 if (nf_inet_addr_cmp(&ct
->tuplehash
[IP_CT_DIR_ORIGINAL
].tuple
.src
.u3
,
333 &ct
->master
->tuplehash
[exp
->dir
].tuple
.src
.u3
)) {
334 range
.flags
= NF_NAT_RANGE_MAP_IPS
;
335 range
.min_addr
= range
.max_addr
336 = ct
->master
->tuplehash
[!exp
->dir
].tuple
.dst
.u3
;
337 nf_nat_setup_info(ct
, &range
, NF_NAT_MANIP_SRC
);
341 static unsigned int nf_nat_sip_expect(struct sk_buff
*skb
, unsigned int protoff
,
342 unsigned int dataoff
,
343 const char **dptr
, unsigned int *datalen
,
344 struct nf_conntrack_expect
*exp
,
345 unsigned int matchoff
,
346 unsigned int matchlen
)
348 enum ip_conntrack_info ctinfo
;
349 struct nf_conn
*ct
= nf_ct_get(skb
, &ctinfo
);
350 enum ip_conntrack_dir dir
= CTINFO2DIR(ctinfo
);
351 struct nf_ct_sip_master
*ct_sip_info
= nfct_help_data(ct
);
352 union nf_inet_addr newaddr
;
355 char buffer
[INET6_ADDRSTRLEN
+ sizeof("[]:nnnnn")];
358 /* Connection will come from reply */
359 if (nf_inet_addr_cmp(&ct
->tuplehash
[dir
].tuple
.src
.u3
,
360 &ct
->tuplehash
[!dir
].tuple
.dst
.u3
))
361 newaddr
= exp
->tuple
.dst
.u3
;
363 newaddr
= ct
->tuplehash
[!dir
].tuple
.dst
.u3
;
365 /* If the signalling port matches the connection's source port in the
366 * original direction, try to use the destination port in the opposite
368 srcport
= ct_sip_info
->forced_dport
? :
369 ct
->tuplehash
[dir
].tuple
.src
.u
.udp
.port
;
370 if (exp
->tuple
.dst
.u
.udp
.port
== srcport
)
371 port
= ntohs(ct
->tuplehash
[!dir
].tuple
.dst
.u
.udp
.port
);
373 port
= ntohs(exp
->tuple
.dst
.u
.udp
.port
);
375 exp
->saved_addr
= exp
->tuple
.dst
.u3
;
376 exp
->tuple
.dst
.u3
= newaddr
;
377 exp
->saved_proto
.udp
.port
= exp
->tuple
.dst
.u
.udp
.port
;
379 exp
->expectfn
= nf_nat_sip_expected
;
381 for (; port
!= 0; port
++) {
384 exp
->tuple
.dst
.u
.udp
.port
= htons(port
);
385 ret
= nf_ct_expect_related(exp
);
388 else if (ret
!= -EBUSY
) {
395 nf_ct_helper_log(skb
, ct
, "all ports in use for SIP");
399 if (!nf_inet_addr_cmp(&exp
->tuple
.dst
.u3
, &exp
->saved_addr
) ||
400 exp
->tuple
.dst
.u
.udp
.port
!= exp
->saved_proto
.udp
.port
) {
401 buflen
= sip_sprintf_addr_port(ct
, buffer
, &newaddr
, port
);
402 if (!mangle_packet(skb
, protoff
, dataoff
, dptr
, datalen
,
403 matchoff
, matchlen
, buffer
, buflen
)) {
404 nf_ct_helper_log(skb
, ct
, "cannot mangle packet");
411 nf_ct_unexpect_related(exp
);
415 static int mangle_content_len(struct sk_buff
*skb
, unsigned int protoff
,
416 unsigned int dataoff
,
417 const char **dptr
, unsigned int *datalen
)
419 enum ip_conntrack_info ctinfo
;
420 struct nf_conn
*ct
= nf_ct_get(skb
, &ctinfo
);
421 unsigned int matchoff
, matchlen
;
422 char buffer
[sizeof("65536")];
425 /* Get actual SDP length */
426 if (ct_sip_get_sdp_header(ct
, *dptr
, 0, *datalen
,
427 SDP_HDR_VERSION
, SDP_HDR_UNSPEC
,
428 &matchoff
, &matchlen
) <= 0)
430 c_len
= *datalen
- matchoff
+ strlen("v=");
432 /* Now, update SDP length */
433 if (ct_sip_get_header(ct
, *dptr
, 0, *datalen
, SIP_HDR_CONTENT_LENGTH
,
434 &matchoff
, &matchlen
) <= 0)
437 buflen
= sprintf(buffer
, "%u", c_len
);
438 return mangle_packet(skb
, protoff
, dataoff
, dptr
, datalen
,
439 matchoff
, matchlen
, buffer
, buflen
);
442 static int mangle_sdp_packet(struct sk_buff
*skb
, unsigned int protoff
,
443 unsigned int dataoff
,
444 const char **dptr
, unsigned int *datalen
,
446 enum sdp_header_types type
,
447 enum sdp_header_types term
,
448 char *buffer
, int buflen
)
450 enum ip_conntrack_info ctinfo
;
451 struct nf_conn
*ct
= nf_ct_get(skb
, &ctinfo
);
452 unsigned int matchlen
, matchoff
;
454 if (ct_sip_get_sdp_header(ct
, *dptr
, sdpoff
, *datalen
, type
, term
,
455 &matchoff
, &matchlen
) <= 0)
457 return mangle_packet(skb
, protoff
, dataoff
, dptr
, datalen
,
458 matchoff
, matchlen
, buffer
, buflen
) ? 0 : -EINVAL
;
461 static unsigned int nf_nat_sdp_addr(struct sk_buff
*skb
, unsigned int protoff
,
462 unsigned int dataoff
,
463 const char **dptr
, unsigned int *datalen
,
465 enum sdp_header_types type
,
466 enum sdp_header_types term
,
467 const union nf_inet_addr
*addr
)
469 enum ip_conntrack_info ctinfo
;
470 struct nf_conn
*ct
= nf_ct_get(skb
, &ctinfo
);
471 char buffer
[INET6_ADDRSTRLEN
];
474 buflen
= sip_sprintf_addr(ct
, buffer
, addr
, false);
475 if (mangle_sdp_packet(skb
, protoff
, dataoff
, dptr
, datalen
,
476 sdpoff
, type
, term
, buffer
, buflen
))
479 return mangle_content_len(skb
, protoff
, dataoff
, dptr
, datalen
);
482 static unsigned int nf_nat_sdp_port(struct sk_buff
*skb
, unsigned int protoff
,
483 unsigned int dataoff
,
484 const char **dptr
, unsigned int *datalen
,
485 unsigned int matchoff
,
486 unsigned int matchlen
,
489 char buffer
[sizeof("nnnnn")];
492 buflen
= sprintf(buffer
, "%u", port
);
493 if (!mangle_packet(skb
, protoff
, dataoff
, dptr
, datalen
,
494 matchoff
, matchlen
, buffer
, buflen
))
497 return mangle_content_len(skb
, protoff
, dataoff
, dptr
, datalen
);
500 static unsigned int nf_nat_sdp_session(struct sk_buff
*skb
, unsigned int protoff
,
501 unsigned int dataoff
,
502 const char **dptr
, unsigned int *datalen
,
504 const union nf_inet_addr
*addr
)
506 enum ip_conntrack_info ctinfo
;
507 struct nf_conn
*ct
= nf_ct_get(skb
, &ctinfo
);
508 char buffer
[INET6_ADDRSTRLEN
];
511 /* Mangle session description owner and contact addresses */
512 buflen
= sip_sprintf_addr(ct
, buffer
, addr
, false);
513 if (mangle_sdp_packet(skb
, protoff
, dataoff
, dptr
, datalen
, sdpoff
,
514 SDP_HDR_OWNER
, SDP_HDR_MEDIA
, buffer
, buflen
))
517 switch (mangle_sdp_packet(skb
, protoff
, dataoff
, dptr
, datalen
, sdpoff
,
518 SDP_HDR_CONNECTION
, SDP_HDR_MEDIA
,
524 * Session description
526 * c=* (connection information - not required if included in all media)
534 return mangle_content_len(skb
, protoff
, dataoff
, dptr
, datalen
);
537 /* So, this packet has hit the connection tracking matching code.
538 Mangle it, and change the expectation to match the new version. */
539 static unsigned int nf_nat_sdp_media(struct sk_buff
*skb
, unsigned int protoff
,
540 unsigned int dataoff
,
541 const char **dptr
, unsigned int *datalen
,
542 struct nf_conntrack_expect
*rtp_exp
,
543 struct nf_conntrack_expect
*rtcp_exp
,
544 unsigned int mediaoff
,
545 unsigned int medialen
,
546 union nf_inet_addr
*rtp_addr
)
548 enum ip_conntrack_info ctinfo
;
549 struct nf_conn
*ct
= nf_ct_get(skb
, &ctinfo
);
550 enum ip_conntrack_dir dir
= CTINFO2DIR(ctinfo
);
553 /* Connection will come from reply */
554 if (nf_inet_addr_cmp(&ct
->tuplehash
[dir
].tuple
.src
.u3
,
555 &ct
->tuplehash
[!dir
].tuple
.dst
.u3
))
556 *rtp_addr
= rtp_exp
->tuple
.dst
.u3
;
558 *rtp_addr
= ct
->tuplehash
[!dir
].tuple
.dst
.u3
;
560 rtp_exp
->saved_addr
= rtp_exp
->tuple
.dst
.u3
;
561 rtp_exp
->tuple
.dst
.u3
= *rtp_addr
;
562 rtp_exp
->saved_proto
.udp
.port
= rtp_exp
->tuple
.dst
.u
.udp
.port
;
564 rtp_exp
->expectfn
= nf_nat_sip_expected
;
566 rtcp_exp
->saved_addr
= rtcp_exp
->tuple
.dst
.u3
;
567 rtcp_exp
->tuple
.dst
.u3
= *rtp_addr
;
568 rtcp_exp
->saved_proto
.udp
.port
= rtcp_exp
->tuple
.dst
.u
.udp
.port
;
569 rtcp_exp
->dir
= !dir
;
570 rtcp_exp
->expectfn
= nf_nat_sip_expected
;
572 /* Try to get same pair of ports: if not, try to change them. */
573 for (port
= ntohs(rtp_exp
->tuple
.dst
.u
.udp
.port
);
574 port
!= 0; port
+= 2) {
577 rtp_exp
->tuple
.dst
.u
.udp
.port
= htons(port
);
578 ret
= nf_ct_expect_related(rtp_exp
);
585 rtcp_exp
->tuple
.dst
.u
.udp
.port
= htons(port
+ 1);
586 ret
= nf_ct_expect_related(rtcp_exp
);
589 else if (ret
== -EBUSY
) {
590 nf_ct_unexpect_related(rtp_exp
);
592 } else if (ret
< 0) {
593 nf_ct_unexpect_related(rtp_exp
);
600 nf_ct_helper_log(skb
, ct
, "all ports in use for SDP media");
604 /* Update media port. */
605 if (rtp_exp
->tuple
.dst
.u
.udp
.port
!= rtp_exp
->saved_proto
.udp
.port
&&
606 !nf_nat_sdp_port(skb
, protoff
, dataoff
, dptr
, datalen
,
607 mediaoff
, medialen
, port
)) {
608 nf_ct_helper_log(skb
, ct
, "cannot mangle SDP message");
615 nf_ct_unexpect_related(rtp_exp
);
616 nf_ct_unexpect_related(rtcp_exp
);
621 static struct nf_ct_helper_expectfn sip_nat
= {
623 .expectfn
= nf_nat_sip_expected
,
626 static void __exit
nf_nat_sip_fini(void)
628 RCU_INIT_POINTER(nf_nat_sip_hooks
, NULL
);
630 nf_ct_helper_expectfn_unregister(&sip_nat
);
634 static const struct nf_nat_sip_hooks sip_hooks
= {
636 .seq_adjust
= nf_nat_sip_seq_adjust
,
637 .expect
= nf_nat_sip_expect
,
638 .sdp_addr
= nf_nat_sdp_addr
,
639 .sdp_port
= nf_nat_sdp_port
,
640 .sdp_session
= nf_nat_sdp_session
,
641 .sdp_media
= nf_nat_sdp_media
,
644 static int __init
nf_nat_sip_init(void)
646 BUG_ON(nf_nat_sip_hooks
!= NULL
);
647 RCU_INIT_POINTER(nf_nat_sip_hooks
, &sip_hooks
);
648 nf_ct_helper_expectfn_register(&sip_nat
);
652 module_init(nf_nat_sip_init
);
653 module_exit(nf_nat_sip_fini
);