Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / ea45f12a2766dae54e5426a23e8f4bafdbe2782e / . / net / ipv4 / netfilter / nf_nat_sip.c
blob: c13e43862361116be922822b0333f9790de106fc [file] [log] [blame]
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]1/* SIP extension for UDP NAT alteration.
2 *
3 * (C) 2005 by Christian Hentschel <chentschel@arnet.com.ar>
4 * based on RR's ip_nat_ftp.c and other modules.
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
9 */
10
11#include <linux/module.h>
12#include <linux/skbuff.h>
13#include <linux/ip.h>
Arnaldo Carvalho de Meloc9bdd4b2007-03-12 20:09:15 -0300[diff] [blame]14#include <net/ip.h>
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]15#include <linux/udp.h>
16
17#include <net/netfilter/nf_nat.h>
18#include <net/netfilter/nf_nat_helper.h>
19#include <net/netfilter/nf_nat_rule.h>
20#include <net/netfilter/nf_conntrack_helper.h>
21#include <net/netfilter/nf_conntrack_expect.h>
22#include <linux/netfilter/nf_conntrack_sip.h>
23
24MODULE_LICENSE("GPL");
25MODULE_AUTHOR("Christian Hentschel <chentschel@arnet.com.ar>");
26MODULE_DESCRIPTION("SIP NAT helper");
27MODULE_ALIAS("ip_nat_sip");
28
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]29struct addr_map {
30 struct {
31 char src[sizeof("nnn.nnn.nnn.nnn:nnnnn")];
32 char dst[sizeof("nnn.nnn.nnn.nnn:nnnnn")];
33 unsigned int srclen, srciplen;
34 unsigned int dstlen, dstiplen;
35 } addr[IP_CT_DIR_MAX];
36};
37
Jan Engelhardt13f7d632008-01-31 04:50:25 -0800[diff] [blame]38static void addr_map_init(const struct nf_conn *ct, struct addr_map *map)
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]39{
Jan Engelhardt13f7d632008-01-31 04:50:25 -0800[diff] [blame]40 const struct nf_conntrack_tuple *t;
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]41 enum ip_conntrack_dir dir;
42 unsigned int n;
43
44 for (dir = 0; dir < IP_CT_DIR_MAX; dir++) {
45 t = &ct->tuplehash[dir].tuple;
46
47 n = sprintf(map->addr[dir].src, "%u.%u.%u.%u",
48 NIPQUAD(t->src.u3.ip));
49 map->addr[dir].srciplen = n;
50 n += sprintf(map->addr[dir].src + n, ":%u",
51 ntohs(t->src.u.udp.port));
52 map->addr[dir].srclen = n;
53
54 n = sprintf(map->addr[dir].dst, "%u.%u.%u.%u",
55 NIPQUAD(t->dst.u3.ip));
56 map->addr[dir].dstiplen = n;
57 n += sprintf(map->addr[dir].dst + n, ":%u",
58 ntohs(t->dst.u.udp.port));
59 map->addr[dir].dstlen = n;
60 }
61}
62
Patrick McHardy2a6cfb22008-03-25 20:16:54 -0700[diff] [blame]63static unsigned int mangle_packet(struct sk_buff *skb,
64 const char **dptr, unsigned int *datalen,
65 unsigned int matchoff, unsigned int matchlen,
66 const char *buffer, unsigned int buflen)
67{
68 enum ip_conntrack_info ctinfo;
69 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
70
71 if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo, matchoff, matchlen,
72 buffer, buflen))
73 return 0;
74
75 /* Reload data pointer and adjust datalen value */
76 *dptr = skb->data + ip_hdrlen(skb) + sizeof(struct udphdr);
77 *datalen += buflen - matchlen;
78 return 1;
79}
80
Patrick McHardyac367742008-03-25 20:18:40 -0700[diff] [blame]81static int map_addr(struct sk_buff *skb,
82 const char **dptr, unsigned int *datalen,
83 unsigned int matchoff, unsigned int matchlen,
84 struct addr_map *map)
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]85{
Patrick McHardy212440a2008-03-25 20:17:13 -0700[diff] [blame]86 enum ip_conntrack_info ctinfo;
Patrick McHardyac367742008-03-25 20:18:40 -0700[diff] [blame]87 struct nf_conn *ct __maybe_unused = nf_ct_get(skb, &ctinfo);
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]88 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
Patrick McHardyac367742008-03-25 20:18:40 -0700[diff] [blame]89 unsigned int addrlen;
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]90 char *addr;
91
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]92 if ((matchlen == map->addr[dir].srciplen ||
93 matchlen == map->addr[dir].srclen) &&
Patrick McHardy779382e2008-03-25 20:17:36 -0700[diff] [blame]94 strncmp(*dptr + matchoff, map->addr[dir].src, matchlen) == 0) {
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]95 addr = map->addr[!dir].dst;
96 addrlen = map->addr[!dir].dstlen;
97 } else if ((matchlen == map->addr[dir].dstiplen ||
98 matchlen == map->addr[dir].dstlen) &&
Patrick McHardy779382e2008-03-25 20:17:36 -0700[diff] [blame]99 strncmp(*dptr + matchoff, map->addr[dir].dst, matchlen) == 0) {
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]100 addr = map->addr[!dir].src;
101 addrlen = map->addr[!dir].srclen;
102 } else
103 return 1;
104
Patrick McHardy2a6cfb22008-03-25 20:16:54 -0700[diff] [blame]105 return mangle_packet(skb, dptr, datalen, matchoff, matchlen,
106 addr, addrlen);
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]107}
108
Patrick McHardyac367742008-03-25 20:18:40 -0700[diff] [blame]109static int map_sip_addr(struct sk_buff *skb,
110 const char **dptr, unsigned int *datalen,
Patrick McHardyea45f122008-03-25 20:18:57 -0700[diff] [blame^]111 enum sip_header_types type, struct addr_map *map)
Patrick McHardyac367742008-03-25 20:18:40 -0700[diff] [blame]112{
113 enum ip_conntrack_info ctinfo;
114 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
115 unsigned int matchlen, matchoff;
116
Patrick McHardyea45f122008-03-25 20:18:57 -0700[diff] [blame^]117 if (ct_sip_get_header(ct, *dptr, 0, *datalen, type,
118 &matchoff, &matchlen) <= 0)
Patrick McHardyac367742008-03-25 20:18:40 -0700[diff] [blame]119 return 1;
120 return map_addr(skb, dptr, datalen, matchoff, matchlen, map);
121}
122
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]123static unsigned int ip_nat_sip(struct sk_buff *skb,
Patrick McHardy2a6cfb22008-03-25 20:16:54 -0700[diff] [blame]124 const char **dptr, unsigned int *datalen)
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]125{
Patrick McHardy212440a2008-03-25 20:17:13 -0700[diff] [blame]126 enum ip_conntrack_info ctinfo;
127 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]128 struct addr_map map;
Patrick McHardyac367742008-03-25 20:18:40 -0700[diff] [blame]129 unsigned int matchoff, matchlen;
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]130
Patrick McHardy779382e2008-03-25 20:17:36 -0700[diff] [blame]131 if (*datalen < strlen("SIP/2.0"))
Patrick McHardy45241a72007-08-14 13:14:58 -0700[diff] [blame]132 return NF_ACCEPT;
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]133
134 addr_map_init(ct, &map);
135
136 /* Basic rules: requests and responses. */
Patrick McHardy779382e2008-03-25 20:17:36 -0700[diff] [blame]137 if (strnicmp(*dptr, "SIP/2.0", strlen("SIP/2.0")) != 0) {
Patrick McHardyac367742008-03-25 20:18:40 -0700[diff] [blame]138 if (ct_sip_parse_request(ct, *dptr, *datalen,
139 &matchoff, &matchlen) > 0 &&
140 !map_addr(skb, dptr, datalen, matchoff, matchlen, &map))
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]141 return NF_DROP;
142 }
143
Patrick McHardyea45f122008-03-25 20:18:57 -0700[diff] [blame^]144 if (!map_sip_addr(skb, dptr, datalen, SIP_HDR_FROM, &map) ||
145 !map_sip_addr(skb, dptr, datalen, SIP_HDR_TO, &map) ||
146 !map_sip_addr(skb, dptr, datalen, SIP_HDR_VIA, &map) ||
147 !map_sip_addr(skb, dptr, datalen, SIP_HDR_CONTACT, &map))
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]148 return NF_DROP;
149 return NF_ACCEPT;
150}
151
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]152static int mangle_content_len(struct sk_buff *skb,
Patrick McHardy2a6cfb22008-03-25 20:16:54 -0700[diff] [blame]153 const char **dptr, unsigned int *datalen)
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]154{
Patrick McHardy212440a2008-03-25 20:17:13 -0700[diff] [blame]155 enum ip_conntrack_info ctinfo;
156 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
Patrick McHardy2a6cfb22008-03-25 20:16:54 -0700[diff] [blame]157 unsigned int matchoff, matchlen;
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]158 char buffer[sizeof("65536")];
Patrick McHardy3e9b4600b2008-03-25 20:17:55 -0700[diff] [blame]159 int buflen, c_len;
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]160
Joe Perchese00ccd42007-12-20 14:05:03 -0800[diff] [blame]161 /* Get actual SDP length */
Patrick McHardy3e9b4600b2008-03-25 20:17:55 -0700[diff] [blame]162 if (ct_sip_get_sdp_header(ct, *dptr, 0, *datalen,
163 SDP_HDR_VERSION, SDP_HDR_UNSPEC,
164 &matchoff, &matchlen) <= 0)
165 return 0;
166 c_len = *datalen - matchoff + strlen("v=");
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]167
Patrick McHardy3e9b4600b2008-03-25 20:17:55 -0700[diff] [blame]168 /* Now, update SDP length */
Patrick McHardyea45f122008-03-25 20:18:57 -0700[diff] [blame^]169 if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_CONTENT_LENGTH,
170 &matchoff, &matchlen) <= 0)
Patrick McHardy3e9b4600b2008-03-25 20:17:55 -0700[diff] [blame]171 return 0;
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]172
Patrick McHardy3e9b4600b2008-03-25 20:17:55 -0700[diff] [blame]173 buflen = sprintf(buffer, "%u", c_len);
174 return mangle_packet(skb, dptr, datalen, matchoff, matchlen,
175 buffer, buflen);
176}
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]177
Patrick McHardy3e9b4600b2008-03-25 20:17:55 -0700[diff] [blame]178static unsigned mangle_sdp_packet(struct sk_buff *skb,
179 const char **dptr, unsigned int *datalen,
180 enum sdp_header_types type,
181 char *buffer, int buflen)
182{
183 enum ip_conntrack_info ctinfo;
184 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
185 unsigned int matchlen, matchoff;
186
187 if (ct_sip_get_sdp_header(ct, *dptr, 0, *datalen, type, SDP_HDR_UNSPEC,
188 &matchoff, &matchlen) <= 0)
189 return 0;
190 return mangle_packet(skb, dptr, datalen, matchoff, matchlen,
191 buffer, buflen);
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]192}
193
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]194static unsigned int mangle_sdp(struct sk_buff *skb,
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]195 enum ip_conntrack_info ctinfo,
196 struct nf_conn *ct,
197 __be32 newip, u_int16_t port,
Patrick McHardy2a6cfb22008-03-25 20:16:54 -0700[diff] [blame]198 const char **dptr, unsigned int *datalen)
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]199{
200 char buffer[sizeof("nnn.nnn.nnn.nnn")];
Patrick McHardy2a6cfb22008-03-25 20:16:54 -0700[diff] [blame]201 unsigned int bufflen;
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]202
203 /* Mangle owner and contact info. */
204 bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip));
Patrick McHardy3e9b4600b2008-03-25 20:17:55 -0700[diff] [blame]205 if (!mangle_sdp_packet(skb, dptr, datalen, SDP_HDR_OWNER_IP4,
206 buffer, bufflen))
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]207 return 0;
208
Patrick McHardy3e9b4600b2008-03-25 20:17:55 -0700[diff] [blame]209 if (!mangle_sdp_packet(skb, dptr, datalen, SDP_HDR_CONNECTION_IP4,
210 buffer, bufflen))
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]211 return 0;
212
213 /* Mangle media port. */
214 bufflen = sprintf(buffer, "%u", port);
Patrick McHardy3e9b4600b2008-03-25 20:17:55 -0700[diff] [blame]215 if (!mangle_sdp_packet(skb, dptr, datalen, SDP_HDR_MEDIA,
216 buffer, bufflen))
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]217 return 0;
218
Patrick McHardy212440a2008-03-25 20:17:13 -0700[diff] [blame]219 return mangle_content_len(skb, dptr, datalen);
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]220}
221
Herbert Xucfd6c382007-05-03 03:35:31 -0700[diff] [blame]222static void ip_nat_sdp_expect(struct nf_conn *ct,
223 struct nf_conntrack_expect *exp)
224{
225 struct nf_nat_range range;
226
227 /* This must be a fresh one. */
228 BUG_ON(ct->status & IPS_NAT_DONE_MASK);
229
Herbert Xucfd6c382007-05-03 03:35:31 -0700[diff] [blame]230 /* For DST manip, map port here to where it's expected. */
231 range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
232 range.min = range.max = exp->saved_proto;
233 range.min_ip = range.max_ip = exp->saved_ip;
Patrick McHardycc01dcb2007-12-17 22:38:20 -0800[diff] [blame]234 nf_nat_setup_info(ct, &range, IP_NAT_MANIP_DST);
Patrick McHardy3d244122008-03-25 20:09:51 -0700[diff] [blame]235
236 /* Change src to where master sends to */
237 range.flags = IP_NAT_RANGE_MAP_IPS;
238 range.min_ip = range.max_ip
239 = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip;
240 nf_nat_setup_info(ct, &range, IP_NAT_MANIP_SRC);
Herbert Xucfd6c382007-05-03 03:35:31 -0700[diff] [blame]241}
242
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]243/* So, this packet has hit the connection tracking matching code.
244 Mangle it, and change the expectation to match the new version. */
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]245static unsigned int ip_nat_sdp(struct sk_buff *skb,
Patrick McHardy212440a2008-03-25 20:17:13 -0700[diff] [blame]246 const char **dptr, unsigned int *datalen,
247 struct nf_conntrack_expect *exp)
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]248{
Patrick McHardy212440a2008-03-25 20:17:13 -0700[diff] [blame]249 enum ip_conntrack_info ctinfo;
250 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]251 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
252 __be32 newip;
253 u_int16_t port;
254
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]255 /* Connection will come from reply */
Jerome Borsboomf4a607b2007-07-07 22:19:48 -0700[diff] [blame]256 if (ct->tuplehash[dir].tuple.src.u3.ip ==
257 ct->tuplehash[!dir].tuple.dst.u3.ip)
258 newip = exp->tuple.dst.u3.ip;
259 else
260 newip = ct->tuplehash[!dir].tuple.dst.u3.ip;
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]261
Herbert Xucfd6c382007-05-03 03:35:31 -0700[diff] [blame]262 exp->saved_ip = exp->tuple.dst.u3.ip;
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]263 exp->tuple.dst.u3.ip = newip;
264 exp->saved_proto.udp.port = exp->tuple.dst.u.udp.port;
265 exp->dir = !dir;
266
267 /* When you see the packet, we need to NAT it the same as the
268 this one. */
Herbert Xucfd6c382007-05-03 03:35:31 -0700[diff] [blame]269 exp->expectfn = ip_nat_sdp_expect;
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]270
271 /* Try to get same port: if not, try to change it. */
272 for (port = ntohs(exp->saved_proto.udp.port); port != 0; port++) {
273 exp->tuple.dst.u.udp.port = htons(port);
Patrick McHardy68236452007-07-07 22:30:49 -0700[diff] [blame]274 if (nf_ct_expect_related(exp) == 0)
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]275 break;
276 }
277
278 if (port == 0)
279 return NF_DROP;
280
Patrick McHardy2a6cfb22008-03-25 20:16:54 -0700[diff] [blame]281 if (!mangle_sdp(skb, ctinfo, ct, newip, port, dptr, datalen)) {
Patrick McHardy68236452007-07-07 22:30:49 -0700[diff] [blame]282 nf_ct_unexpect_related(exp);
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]283 return NF_DROP;
284 }
285 return NF_ACCEPT;
286}
287
288static void __exit nf_nat_sip_fini(void)
289{
290 rcu_assign_pointer(nf_nat_sip_hook, NULL);
291 rcu_assign_pointer(nf_nat_sdp_hook, NULL);
292 synchronize_rcu();
293}
294
295static int __init nf_nat_sip_init(void)
296{
Patrick McHardyd1332e02007-11-05 20:43:30 -0800[diff] [blame]297 BUG_ON(nf_nat_sip_hook != NULL);
298 BUG_ON(nf_nat_sdp_hook != NULL);
Patrick McHardy9fafcd72006-12-02 22:09:57 -0800[diff] [blame]299 rcu_assign_pointer(nf_nat_sip_hook, ip_nat_sip);
300 rcu_assign_pointer(nf_nat_sdp_hook, ip_nat_sdp);
301 return 0;
302}
303
304module_init(nf_nat_sip_init);
305module_exit(nf_nat_sip_fini);