Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 3db05fea51cdb162cfa8f69e9cfb9e228919d2a9 / . / net / ipv4 / netfilter / nf_nat_sip.c
blob: ce9edbcc01e387dc8ca320f28adc40520718dbae [file] [log] [blame]
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]1/* SIP extension for UDP NAT alteration.
2 *
3 * (C) 2005 by Christian Hentschel <chentschel@arnet.com.ar>
4 * based on RR's ip_nat_ftp.c and other modules.
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
9 */
10
11#include <linux/module.h>
12#include <linux/skbuff.h>
13#include <linux/ip.h>
Arnaldo Carvalho de Meloc9bdd4b2007-03-12 20:09:15 -0300[diff] [blame]14#include <net/ip.h>
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]15#include <linux/udp.h>
16
17#include <net/netfilter/nf_nat.h>
18#include <net/netfilter/nf_nat_helper.h>
19#include <net/netfilter/nf_nat_rule.h>
20#include <net/netfilter/nf_conntrack_helper.h>
21#include <net/netfilter/nf_conntrack_expect.h>
22#include <linux/netfilter/nf_conntrack_sip.h>
23
24MODULE_LICENSE("GPL");
25MODULE_AUTHOR("Christian Hentschel <chentschel@arnet.com.ar>");
26MODULE_DESCRIPTION("SIP NAT helper");
27MODULE_ALIAS("ip_nat_sip");
28
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]29struct addr_map {
30 struct {
31 char src[sizeof("nnn.nnn.nnn.nnn:nnnnn")];
32 char dst[sizeof("nnn.nnn.nnn.nnn:nnnnn")];
33 unsigned int srclen, srciplen;
34 unsigned int dstlen, dstiplen;
35 } addr[IP_CT_DIR_MAX];
36};
37
38static void addr_map_init(struct nf_conn *ct, struct addr_map *map)
39{
40 struct nf_conntrack_tuple *t;
41 enum ip_conntrack_dir dir;
42 unsigned int n;
43
44 for (dir = 0; dir < IP_CT_DIR_MAX; dir++) {
45 t = &ct->tuplehash[dir].tuple;
46
47 n = sprintf(map->addr[dir].src, "%u.%u.%u.%u",
48 NIPQUAD(t->src.u3.ip));
49 map->addr[dir].srciplen = n;
50 n += sprintf(map->addr[dir].src + n, ":%u",
51 ntohs(t->src.u.udp.port));
52 map->addr[dir].srclen = n;
53
54 n = sprintf(map->addr[dir].dst, "%u.%u.%u.%u",
55 NIPQUAD(t->dst.u3.ip));
56 map->addr[dir].dstiplen = n;
57 n += sprintf(map->addr[dir].dst + n, ":%u",
58 ntohs(t->dst.u.udp.port));
59 map->addr[dir].dstlen = n;
60 }
61}
62
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame^]63static int map_sip_addr(struct sk_buff *skb, enum ip_conntrack_info ctinfo,
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]64 struct nf_conn *ct, const char **dptr, size_t dlen,
65 enum sip_header_pos pos, struct addr_map *map)
66{
67 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
68 unsigned int matchlen, matchoff, addrlen;
69 char *addr;
70
71 if (ct_sip_get_info(ct, *dptr, dlen, &matchoff, &matchlen, pos) <= 0)
72 return 1;
73
74 if ((matchlen == map->addr[dir].srciplen ||
75 matchlen == map->addr[dir].srclen) &&
76 memcmp(*dptr + matchoff, map->addr[dir].src, matchlen) == 0) {
77 addr = map->addr[!dir].dst;
78 addrlen = map->addr[!dir].dstlen;
79 } else if ((matchlen == map->addr[dir].dstiplen ||
80 matchlen == map->addr[dir].dstlen) &&
81 memcmp(*dptr + matchoff, map->addr[dir].dst, matchlen) == 0) {
82 addr = map->addr[!dir].src;
83 addrlen = map->addr[!dir].srclen;
84 } else
85 return 1;
86
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame^]87 if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo,
YOSHIFUJI Hideakie905a9e2007-02-09 23:24:47 +0900[diff] [blame]88 matchoff, matchlen, addr, addrlen))
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]89 return 0;
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame^]90 *dptr = skb->data + ip_hdrlen(skb) + sizeof(struct udphdr);
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]91 return 1;
92
93}
94
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame^]95static unsigned int ip_nat_sip(struct sk_buff *skb,
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]96 enum ip_conntrack_info ctinfo,
97 struct nf_conn *ct,
98 const char **dptr)
99{
100 enum sip_header_pos pos;
101 struct addr_map map;
102 int dataoff, datalen;
103
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame^]104 dataoff = ip_hdrlen(skb) + sizeof(struct udphdr);
105 datalen = skb->len - dataoff;
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]106 if (datalen < sizeof("SIP/2.0") - 1)
Patrick McHardy45241a72007-08-14 13:14:58 -0700[diff] [blame]107 return NF_ACCEPT;
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]108
109 addr_map_init(ct, &map);
110
111 /* Basic rules: requests and responses. */
112 if (strncmp(*dptr, "SIP/2.0", sizeof("SIP/2.0") - 1) != 0) {
113 /* 10.2: Constructing the REGISTER Request:
114 *
115 * The "userinfo" and "@" components of the SIP URI MUST NOT
116 * be present.
117 */
118 if (datalen >= sizeof("REGISTER") - 1 &&
119 strncmp(*dptr, "REGISTER", sizeof("REGISTER") - 1) == 0)
120 pos = POS_REG_REQ_URI;
121 else
122 pos = POS_REQ_URI;
123
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame^]124 if (!map_sip_addr(skb, ctinfo, ct, dptr, datalen, pos, &map))
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]125 return NF_DROP;
126 }
127
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame^]128 if (!map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_FROM, &map) ||
129 !map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_TO, &map) ||
130 !map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_VIA, &map) ||
131 !map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_CONTACT, &map))
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]132 return NF_DROP;
133 return NF_ACCEPT;
134}
135
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame^]136static unsigned int mangle_sip_packet(struct sk_buff *skb,
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]137 enum ip_conntrack_info ctinfo,
138 struct nf_conn *ct,
139 const char **dptr, size_t dlen,
140 char *buffer, int bufflen,
141 enum sip_header_pos pos)
142{
143 unsigned int matchlen, matchoff;
144
145 if (ct_sip_get_info(ct, *dptr, dlen, &matchoff, &matchlen, pos) <= 0)
146 return 0;
147
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame^]148 if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo,
YOSHIFUJI Hideakie905a9e2007-02-09 23:24:47 +0900[diff] [blame]149 matchoff, matchlen, buffer, bufflen))
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]150 return 0;
151
152 /* We need to reload this. Thanks Patrick. */
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame^]153 *dptr = skb->data + ip_hdrlen(skb) + sizeof(struct udphdr);
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]154 return 1;
155}
156
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame^]157static int mangle_content_len(struct sk_buff *skb,
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]158 enum ip_conntrack_info ctinfo,
159 struct nf_conn *ct,
160 const char *dptr)
161{
162 unsigned int dataoff, matchoff, matchlen;
163 char buffer[sizeof("65536")];
164 int bufflen;
165
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame^]166 dataoff = ip_hdrlen(skb) + sizeof(struct udphdr);
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]167
168 /* Get actual SDP lenght */
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame^]169 if (ct_sip_get_info(ct, dptr, skb->len - dataoff, &matchoff,
YOSHIFUJI Hideakie905a9e2007-02-09 23:24:47 +0900[diff] [blame]170 &matchlen, POS_SDP_HEADER) > 0) {
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]171
172 /* since ct_sip_get_info() give us a pointer passing 'v='
173 we need to add 2 bytes in this count. */
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame^]174 int c_len = skb->len - dataoff - matchoff + 2;
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]175
176 /* Now, update SDP length */
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame^]177 if (ct_sip_get_info(ct, dptr, skb->len - dataoff, &matchoff,
YOSHIFUJI Hideakie905a9e2007-02-09 23:24:47 +0900[diff] [blame]178 &matchlen, POS_CONTENT) > 0) {
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]179
180 bufflen = sprintf(buffer, "%u", c_len);
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame^]181 return nf_nat_mangle_udp_packet(skb, ct, ctinfo,
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]182 matchoff, matchlen,
183 buffer, bufflen);
184 }
185 }
186 return 0;
187}
188
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame^]189static unsigned int mangle_sdp(struct sk_buff *skb,
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]190 enum ip_conntrack_info ctinfo,
191 struct nf_conn *ct,
192 __be32 newip, u_int16_t port,
193 const char *dptr)
194{
195 char buffer[sizeof("nnn.nnn.nnn.nnn")];
196 unsigned int dataoff, bufflen;
197
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame^]198 dataoff = ip_hdrlen(skb) + sizeof(struct udphdr);
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]199
200 /* Mangle owner and contact info. */
201 bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip));
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame^]202 if (!mangle_sip_packet(skb, ctinfo, ct, &dptr, skb->len - dataoff,
YOSHIFUJI Hideakie905a9e2007-02-09 23:24:47 +0900[diff] [blame]203 buffer, bufflen, POS_OWNER_IP4))
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]204 return 0;
205
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame^]206 if (!mangle_sip_packet(skb, ctinfo, ct, &dptr, skb->len - dataoff,
YOSHIFUJI Hideakie905a9e2007-02-09 23:24:47 +0900[diff] [blame]207 buffer, bufflen, POS_CONNECTION_IP4))
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]208 return 0;
209
210 /* Mangle media port. */
211 bufflen = sprintf(buffer, "%u", port);
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame^]212 if (!mangle_sip_packet(skb, ctinfo, ct, &dptr, skb->len - dataoff,
YOSHIFUJI Hideakie905a9e2007-02-09 23:24:47 +0900[diff] [blame]213 buffer, bufflen, POS_MEDIA))
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]214 return 0;
215
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame^]216 return mangle_content_len(skb, ctinfo, ct, dptr);
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]217}
218
Herbert Xucfd6c382007-05-03 03:35:31 -0700[diff] [blame]219static void ip_nat_sdp_expect(struct nf_conn *ct,
220 struct nf_conntrack_expect *exp)
221{
222 struct nf_nat_range range;
223
224 /* This must be a fresh one. */
225 BUG_ON(ct->status & IPS_NAT_DONE_MASK);
226
227 /* Change src to where master sends to */
228 range.flags = IP_NAT_RANGE_MAP_IPS;
229 range.min_ip = range.max_ip
230 = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip;
231 /* hook doesn't matter, but it has to do source manip */
232 nf_nat_setup_info(ct, &range, NF_IP_POST_ROUTING);
233
234 /* For DST manip, map port here to where it's expected. */
235 range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
236 range.min = range.max = exp->saved_proto;
237 range.min_ip = range.max_ip = exp->saved_ip;
238 /* hook doesn't matter, but it has to do destination manip */
239 nf_nat_setup_info(ct, &range, NF_IP_PRE_ROUTING);
240}
241
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]242/* So, this packet has hit the connection tracking matching code.
243 Mangle it, and change the expectation to match the new version. */
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame^]244static unsigned int ip_nat_sdp(struct sk_buff *skb,
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]245 enum ip_conntrack_info ctinfo,
246 struct nf_conntrack_expect *exp,
247 const char *dptr)
248{
249 struct nf_conn *ct = exp->master;
250 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
251 __be32 newip;
252 u_int16_t port;
253
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]254 /* Connection will come from reply */
Jerome Borsboomf4a607b2007-07-07 22:19:48 -0700[diff] [blame]255 if (ct->tuplehash[dir].tuple.src.u3.ip ==
256 ct->tuplehash[!dir].tuple.dst.u3.ip)
257 newip = exp->tuple.dst.u3.ip;
258 else
259 newip = ct->tuplehash[!dir].tuple.dst.u3.ip;
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]260
Herbert Xucfd6c382007-05-03 03:35:31 -0700[diff] [blame]261 exp->saved_ip = exp->tuple.dst.u3.ip;
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]262 exp->tuple.dst.u3.ip = newip;
263 exp->saved_proto.udp.port = exp->tuple.dst.u.udp.port;
264 exp->dir = !dir;
265
266 /* When you see the packet, we need to NAT it the same as the
267 this one. */
Herbert Xucfd6c382007-05-03 03:35:31 -0700[diff] [blame]268 exp->expectfn = ip_nat_sdp_expect;
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]269
270 /* Try to get same port: if not, try to change it. */
271 for (port = ntohs(exp->saved_proto.udp.port); port != 0; port++) {
272 exp->tuple.dst.u.udp.port = htons(port);
Patrick McHardy68236452007-07-07 22:30:49 -0700[diff] [blame]273 if (nf_ct_expect_related(exp) == 0)
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]274 break;
275 }
276
277 if (port == 0)
278 return NF_DROP;
279
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame^]280 if (!mangle_sdp(skb, ctinfo, ct, newip, port, dptr)) {
Patrick McHardy68236452007-07-07 22:30:49 -0700[diff] [blame]281 nf_ct_unexpect_related(exp);
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]282 return NF_DROP;
283 }
284 return NF_ACCEPT;
285}
286
287static void __exit nf_nat_sip_fini(void)
288{
289 rcu_assign_pointer(nf_nat_sip_hook, NULL);
290 rcu_assign_pointer(nf_nat_sdp_hook, NULL);
291 synchronize_rcu();
292}
293
294static int __init nf_nat_sip_init(void)
295{
296 BUG_ON(rcu_dereference(nf_nat_sip_hook));
297 BUG_ON(rcu_dereference(nf_nat_sdp_hook));
298 rcu_assign_pointer(nf_nat_sip_hook, ip_nat_sip);
299 rcu_assign_pointer(nf_nat_sdp_hook, ip_nat_sdp);
300 return 0;
301}
302
303module_init(nf_nat_sip_init);
304module_exit(nf_nat_sip_fini);