[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / ipv4 / netfilter / ip_nat_sip.c

/* SIP extension for UDP NAT alteration.
 *
 * (C) 2005 by Christian Hentschel <chentschel@arnet.com.ar>
 * based on RR's ip_nat_ftp.c and other modules.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */

#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/ip.h>
#include <linux/udp.h>

#include <linux/netfilter_ipv4.h>
#include <linux/netfilter_ipv4/ip_nat.h>
#include <linux/netfilter_ipv4/ip_nat_helper.h>
#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
#include <linux/netfilter_ipv4/ip_conntrack_sip.h>

MODULE_LICENSE("GPL");
MODULE_AUTHOR("Christian Hentschel <chentschel@arnet.com.ar>");
MODULE_DESCRIPTION("SIP NAT helper");

#if 0
#define DEBUGP printk
#else
#define DEBUGP(format, args...)
#endif

struct addr_map {
	struct {
		char		src[sizeof("nnn.nnn.nnn.nnn:nnnnn")];
		char		dst[sizeof("nnn.nnn.nnn.nnn:nnnnn")];
		unsigned int	srclen, srciplen;
		unsigned int	dstlen, dstiplen;
	} addr[IP_CT_DIR_MAX];
};

static void addr_map_init(struct ip_conntrack *ct, struct addr_map *map)
{
	struct ip_conntrack_tuple *t;
	enum ip_conntrack_dir dir;
	unsigned int n;

	for (dir = 0; dir < IP_CT_DIR_MAX; dir++) {
		t = &ct->tuplehash[dir].tuple;

		n = sprintf(map->addr[dir].src, "%u.%u.%u.%u",
			    NIPQUAD(t->src.ip));
		map->addr[dir].srciplen = n;
		n += sprintf(map->addr[dir].src + n, ":%u",
			     ntohs(t->src.u.udp.port));
		map->addr[dir].srclen = n;

		n = sprintf(map->addr[dir].dst, "%u.%u.%u.%u",
			    NIPQUAD(t->dst.ip));
		map->addr[dir].dstiplen = n;
		n += sprintf(map->addr[dir].dst + n, ":%u",
			     ntohs(t->dst.u.udp.port));
		map->addr[dir].dstlen = n;
	}
}

static int map_sip_addr(struct sk_buff **pskb, enum ip_conntrack_info ctinfo,
			struct ip_conntrack *ct, const char **dptr, size_t dlen,
			enum sip_header_pos pos, struct addr_map *map)
{
	enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
	unsigned int matchlen, matchoff, addrlen;
	char *addr;

	if (ct_sip_get_info(*dptr, dlen, &matchoff, &matchlen, pos) <= 0)
		return 1;

	if ((matchlen == map->addr[dir].srciplen ||
	     matchlen == map->addr[dir].srclen) &&
	    memcmp(*dptr + matchoff, map->addr[dir].src, matchlen) == 0) {
		addr    = map->addr[!dir].dst;
		addrlen = map->addr[!dir].dstlen;
	} else if ((matchlen == map->addr[dir].dstiplen ||
		    matchlen == map->addr[dir].dstlen) &&
		   memcmp(*dptr + matchoff, map->addr[dir].dst, matchlen) == 0) {
		addr    = map->addr[!dir].src;
		addrlen = map->addr[!dir].srclen;
	} else
		return 1;

	if (!ip_nat_mangle_udp_packet(pskb, ct, ctinfo,
				      matchoff, matchlen, addr, addrlen))
		return 0;
	*dptr = (*pskb)->data + (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr);
	return 1;

}

static unsigned int ip_nat_sip(struct sk_buff **pskb,
			       enum ip_conntrack_info ctinfo,
			       struct ip_conntrack *ct,
			       const char **dptr)
{
	enum sip_header_pos pos;
	struct addr_map map;
	int dataoff, datalen;

	dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr);
	datalen = (*pskb)->len - dataoff;
	if (datalen < sizeof("SIP/2.0") - 1)
		return NF_DROP;

	addr_map_init(ct, &map);

	/* Basic rules: requests and responses. */
	if (strncmp(*dptr, "SIP/2.0", sizeof("SIP/2.0") - 1) != 0) {
		/* 10.2: Constructing the REGISTER Request:
		 *
		 * The "userinfo" and "@" components of the SIP URI MUST NOT
		 * be present.
		 */
		if (datalen >= sizeof("REGISTER") - 1 &&
		    strncmp(*dptr, "REGISTER", sizeof("REGISTER") - 1) == 0)
			pos = POS_REG_REQ_URI;
		else
			pos = POS_REQ_URI;

		if (!map_sip_addr(pskb, ctinfo, ct, dptr, datalen, pos, &map))
			return NF_DROP;
	}

	if (!map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_FROM, &map) ||
	    !map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_TO, &map) ||
	    !map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_VIA, &map) ||
	    !map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_CONTACT, &map))
		return NF_DROP;
	return NF_ACCEPT;
}

static unsigned int mangle_sip_packet(struct sk_buff **pskb,
				      enum ip_conntrack_info ctinfo,
				      struct ip_conntrack *ct,
				      const char **dptr, size_t dlen,
				      char *buffer, int bufflen,
				      enum sip_header_pos pos)
{
	unsigned int matchlen, matchoff;

	if (ct_sip_get_info(*dptr, dlen, &matchoff, &matchlen, pos) <= 0)
		return 0;

	if (!ip_nat_mangle_udp_packet(pskb, ct, ctinfo,
				      matchoff, matchlen, buffer, bufflen))
		return 0;

	/* We need to reload this. Thanks Patrick. */
	*dptr = (*pskb)->data + (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr);
	return 1;
}

static int mangle_content_len(struct sk_buff **pskb,
			      enum ip_conntrack_info ctinfo,
			      struct ip_conntrack *ct,
			      const char *dptr)
{
	unsigned int dataoff, matchoff, matchlen;
	char buffer[sizeof("65536")];
	int bufflen;

	dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr);

	/* Get actual SDP lenght */
	if (ct_sip_get_info(dptr, (*pskb)->len - dataoff, &matchoff,
			    &matchlen, POS_SDP_HEADER) > 0) {

		/* since ct_sip_get_info() give us a pointer passing 'v='
		   we need to add 2 bytes in this count. */
		int c_len = (*pskb)->len - dataoff - matchoff + 2;

		/* Now, update SDP lenght */
		if (ct_sip_get_info(dptr, (*pskb)->len - dataoff, &matchoff,
				    &matchlen, POS_CONTENT) > 0) {

			bufflen = sprintf(buffer, "%u", c_len);

			return ip_nat_mangle_udp_packet(pskb, ct, ctinfo,
							matchoff, matchlen,
							buffer, bufflen);
		}
	}
	return 0;
}

static unsigned int mangle_sdp(struct sk_buff **pskb,
			       enum ip_conntrack_info ctinfo,
			       struct ip_conntrack *ct,
			       __be32 newip, u_int16_t port,
			       const char *dptr)
{
	char buffer[sizeof("nnn.nnn.nnn.nnn")];
	unsigned int dataoff, bufflen;

	dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr);

	/* Mangle owner and contact info. */
	bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip));
	if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff,
			       buffer, bufflen, POS_OWNER))
		return 0;

	if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff,
			       buffer, bufflen, POS_CONNECTION))
		return 0;

	/* Mangle media port. */
	bufflen = sprintf(buffer, "%u", port);
	if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff,
			       buffer, bufflen, POS_MEDIA))
		return 0;

	return mangle_content_len(pskb, ctinfo, ct, dptr);
}

/* So, this packet has hit the connection tracking matching code.
   Mangle it, and change the expectation to match the new version. */
static unsigned int ip_nat_sdp(struct sk_buff **pskb,
			       enum ip_conntrack_info ctinfo,
			       struct ip_conntrack_expect *exp,
			       const char *dptr)
{
	struct ip_conntrack *ct = exp->master;
	enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
	__be32 newip;
	u_int16_t port;

	DEBUGP("ip_nat_sdp():\n");

	/* Connection will come from reply */
	newip = ct->tuplehash[!dir].tuple.dst.ip;

	exp->tuple.dst.ip = newip;
	exp->saved_proto.udp.port = exp->tuple.dst.u.udp.port;
	exp->dir = !dir;

	/* When you see the packet, we need to NAT it the same as the
	   this one. */
	exp->expectfn = ip_nat_follow_master;

	/* Try to get same port: if not, try to change it. */
	for (port = ntohs(exp->saved_proto.udp.port); port != 0; port++) {
		exp->tuple.dst.u.udp.port = htons(port);
		if (ip_conntrack_expect_related(exp) == 0)
			break;
	}

	if (port == 0)
		return NF_DROP;

	if (!mangle_sdp(pskb, ctinfo, ct, newip, port, dptr)) {
		ip_conntrack_unexpect_related(exp);
		return NF_DROP;
	}
	return NF_ACCEPT;
}

static void __exit fini(void)
{
	rcu_assign_pointer(ip_nat_sip_hook, NULL);
	rcu_assign_pointer(ip_nat_sdp_hook, NULL);
	synchronize_rcu();
}

static int __init init(void)
{
	BUG_ON(rcu_dereference(ip_nat_sip_hook));
	BUG_ON(rcu_dereference(ip_nat_sdp_hook));
	rcu_assign_pointer(ip_nat_sip_hook, ip_nat_sip);
	rcu_assign_pointer(ip_nat_sdp_hook, ip_nat_sdp);
	return 0;
}

module_init(init);
module_exit(fini);
Commit	Line	Data
ae5b7d8b PM	1	/* SIP extension for UDP NAT alteration.
	2	*
	3	* (C) 2005 by Christian Hentschel <chentschel@arnet.com.ar>
	4	* based on RR's ip_nat_ftp.c and other modules.
	5	*
	6	* This program is free software; you can redistribute it and/or modify
	7	* it under the terms of the GNU General Public License version 2 as
	8	* published by the Free Software Foundation.
	9	*/
	10
	11	#include <linux/module.h>
	12	#include <linux/skbuff.h>
	13	#include <linux/ip.h>
	14	#include <linux/udp.h>
	15
	16	#include <linux/netfilter_ipv4.h>
	17	#include <linux/netfilter_ipv4/ip_nat.h>
	18	#include <linux/netfilter_ipv4/ip_nat_helper.h>
	19	#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
	20	#include <linux/netfilter_ipv4/ip_conntrack_sip.h>
	21
	22	MODULE_LICENSE("GPL");
	23	MODULE_AUTHOR("Christian Hentschel <chentschel@arnet.com.ar>");
	24	MODULE_DESCRIPTION("SIP NAT helper");
	25
	26	#if 0
	27	#define DEBUGP printk
	28	#else
	29	#define DEBUGP(format, args...)
	30	#endif
	31
1b683b55 PM	32	struct addr_map {
	33	struct {
	34	char src[sizeof("nnn.nnn.nnn.nnn:nnnnn")];
	35	char dst[sizeof("nnn.nnn.nnn.nnn:nnnnn")];
	36	unsigned int srclen, srciplen;
	37	unsigned int dstlen, dstiplen;
	38	} addr[IP_CT_DIR_MAX];
	39	};
	40
	41	static void addr_map_init(struct ip_conntrack ct, struct addr_map map)
ae5b7d8b	42	{
1b683b55 PM	43	struct ip_conntrack_tuple *t;
	44	enum ip_conntrack_dir dir;
	45	unsigned int n;
	46
	47	for (dir = 0; dir < IP_CT_DIR_MAX; dir++) {
	48	t = &ct->tuplehash[dir].tuple;
	49
	50	n = sprintf(map->addr[dir].src, "%u.%u.%u.%u",
	51	NIPQUAD(t->src.ip));
	52	map->addr[dir].srciplen = n;
	53	n += sprintf(map->addr[dir].src + n, ":%u",
	54	ntohs(t->src.u.udp.port));
	55	map->addr[dir].srclen = n;
	56
	57	n = sprintf(map->addr[dir].dst, "%u.%u.%u.%u",
	58	NIPQUAD(t->dst.ip));
	59	map->addr[dir].dstiplen = n;
	60	n += sprintf(map->addr[dir].dst + n, ":%u",
	61	ntohs(t->dst.u.udp.port));
	62	map->addr[dir].dstlen = n;
	63	}
	64	}
	65
	66	static int map_sip_addr(struct sk_buff **pskb, enum ip_conntrack_info ctinfo,
	67	struct ip_conntrack ct, const char *dptr, size_t dlen,
	68	enum sip_header_pos pos, struct addr_map *map)
	69	{
	70	enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
	71	unsigned int matchlen, matchoff, addrlen;
	72	char *addr;
ae5b7d8b	73
9d5b8baa	74	if (ct_sip_get_info(*dptr, dlen, &matchoff, &matchlen, pos) <= 0)
1b683b55 PM	75	return 1;
	76
	77	if ((matchlen == map->addr[dir].srciplen \|\|
	78	matchlen == map->addr[dir].srclen) &&
	79	memcmp(*dptr + matchoff, map->addr[dir].src, matchlen) == 0) {
	80	addr = map->addr[!dir].dst;
	81	addrlen = map->addr[!dir].dstlen;
	82	} else if ((matchlen == map->addr[dir].dstiplen \|\|
	83	matchlen == map->addr[dir].dstlen) &&
	84	memcmp(*dptr + matchoff, map->addr[dir].dst, matchlen) == 0) {
	85	addr = map->addr[!dir].src;
	86	addrlen = map->addr[!dir].srclen;
	87	} else
	88	return 1;
ae5b7d8b PM	89
ae5b7d8b PM	90	if (!ip_nat_mangle_udp_packet(pskb, ct, ctinfo,
e905a9ed	91	matchoff, matchlen, addr, addrlen))
ae5b7d8b	92	return 0;
ae5b7d8b PM	93	dptr = (pskb)->data + (pskb)->nh.iph->ihl4 + sizeof(struct udphdr);
ae5b7d8b PM	94	return 1;
1b683b55	95
ae5b7d8b PM	96	}
	97
	98	static unsigned int ip_nat_sip(struct sk_buff **pskb,
	99	enum ip_conntrack_info ctinfo,
	100	struct ip_conntrack *ct,
	101	const char **dptr)
	102	{
1b683b55 PM	103	enum sip_header_pos pos;
	104	struct addr_map map;
	105	int dataoff, datalen;
ae5b7d8b PM	106
ae5b7d8b PM	107	dataoff = (pskb)->nh.iph->ihl4 + sizeof(struct udphdr);
1b683b55 PM	108	datalen = (*pskb)->len - dataoff;
	109	if (datalen < sizeof("SIP/2.0") - 1)
	110	return NF_DROP;
ae5b7d8b	111
1b683b55	112	addr_map_init(ct, &map);
ae5b7d8b PM	113
ae5b7d8b PM	114	/* Basic rules: requests and responses. */
1b683b55 PM	115	if (strncmp(*dptr, "SIP/2.0", sizeof("SIP/2.0") - 1) != 0) {
	116	/* 10.2: Constructing the REGISTER Request:
	117	*
	118	* The "userinfo" and "@" components of the SIP URI MUST NOT
	119	* be present.
	120	*/
	121	if (datalen >= sizeof("REGISTER") - 1 &&
	122	strncmp(*dptr, "REGISTER", sizeof("REGISTER") - 1) == 0)
	123	pos = POS_REG_REQ_URI;
	124	else
	125	pos = POS_REQ_URI;
	126
	127	if (!map_sip_addr(pskb, ctinfo, ct, dptr, datalen, pos, &map))
	128	return NF_DROP;
ae5b7d8b	129	}
1b683b55 PM	130
	131	if (!map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_FROM, &map) \|\|
	132	!map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_TO, &map) \|\|
	133	!map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_VIA, &map) \|\|
	134	!map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_CONTACT, &map))
	135	return NF_DROP;
	136	return NF_ACCEPT;
	137	}
	138
	139	static unsigned int mangle_sip_packet(struct sk_buff **pskb,
	140	enum ip_conntrack_info ctinfo,
	141	struct ip_conntrack *ct,
	142	const char **dptr, size_t dlen,
	143	char *buffer, int bufflen,
	144	enum sip_header_pos pos)
	145	{
	146	unsigned int matchlen, matchoff;
	147
	148	if (ct_sip_get_info(*dptr, dlen, &matchoff, &matchlen, pos) <= 0)
	149	return 0;
	150
	151	if (!ip_nat_mangle_udp_packet(pskb, ct, ctinfo,
e905a9ed	152	matchoff, matchlen, buffer, bufflen))
1b683b55 PM	153	return 0;
	154
	155	/* We need to reload this. Thanks Patrick. */
	156	dptr = (pskb)->data + (pskb)->nh.iph->ihl4 + sizeof(struct udphdr);
	157	return 1;
ae5b7d8b PM	158	}
	159
	160	static int mangle_content_len(struct sk_buff **pskb,
	161	enum ip_conntrack_info ctinfo,
	162	struct ip_conntrack *ct,
	163	const char *dptr)
	164	{
	165	unsigned int dataoff, matchoff, matchlen;
	166	char buffer[sizeof("65536")];
	167	int bufflen;
	168
	169	dataoff = (pskb)->nh.iph->ihl4 + sizeof(struct udphdr);
	170
	171	/* Get actual SDP lenght */
	172	if (ct_sip_get_info(dptr, (*pskb)->len - dataoff, &matchoff,
e905a9ed	173	&matchlen, POS_SDP_HEADER) > 0) {
ae5b7d8b PM	174
	175	/* since ct_sip_get_info() give us a pointer passing 'v='
	176	we need to add 2 bytes in this count. */
	177	int c_len = (*pskb)->len - dataoff - matchoff + 2;
	178
	179	/* Now, update SDP lenght */
	180	if (ct_sip_get_info(dptr, (*pskb)->len - dataoff, &matchoff,
e905a9ed	181	&matchlen, POS_CONTENT) > 0) {
ae5b7d8b PM	182
	183	bufflen = sprintf(buffer, "%u", c_len);
	184
	185	return ip_nat_mangle_udp_packet(pskb, ct, ctinfo,
	186	matchoff, matchlen,
	187	buffer, bufflen);
	188	}
	189	}
	190	return 0;
	191	}
	192
	193	static unsigned int mangle_sdp(struct sk_buff **pskb,
	194	enum ip_conntrack_info ctinfo,
	195	struct ip_conntrack *ct,
a76b11dd	196	__be32 newip, u_int16_t port,
ae5b7d8b PM	197	const char *dptr)
	198	{
	199	char buffer[sizeof("nnn.nnn.nnn.nnn")];
	200	unsigned int dataoff, bufflen;
	201
	202	dataoff = (pskb)->nh.iph->ihl4 + sizeof(struct udphdr);
	203
	204	/* Mangle owner and contact info. */
	205	bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip));
	206	if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff,
e905a9ed	207	buffer, bufflen, POS_OWNER))
ae5b7d8b PM	208	return 0;
	209
	210	if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff,
e905a9ed	211	buffer, bufflen, POS_CONNECTION))
ae5b7d8b PM	212	return 0;
	213
	214	/* Mangle media port. */
	215	bufflen = sprintf(buffer, "%u", port);
	216	if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff,
e905a9ed	217	buffer, bufflen, POS_MEDIA))
ae5b7d8b PM	218	return 0;
	219
	220	return mangle_content_len(pskb, ctinfo, ct, dptr);
	221	}
	222
	223	/* So, this packet has hit the connection tracking matching code.
	224	Mangle it, and change the expectation to match the new version. */
	225	static unsigned int ip_nat_sdp(struct sk_buff **pskb,
	226	enum ip_conntrack_info ctinfo,
	227	struct ip_conntrack_expect *exp,
	228	const char *dptr)
	229	{
	230	struct ip_conntrack *ct = exp->master;
	231	enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
a76b11dd	232	__be32 newip;
ae5b7d8b PM	233	u_int16_t port;
	234
	235	DEBUGP("ip_nat_sdp():\n");
	236
	237	/* Connection will come from reply */
	238	newip = ct->tuplehash[!dir].tuple.dst.ip;
	239
	240	exp->tuple.dst.ip = newip;
	241	exp->saved_proto.udp.port = exp->tuple.dst.u.udp.port;
	242	exp->dir = !dir;
	243
	244	/* When you see the packet, we need to NAT it the same as the
	245	this one. */
	246	exp->expectfn = ip_nat_follow_master;
	247
	248	/* Try to get same port: if not, try to change it. */
	249	for (port = ntohs(exp->saved_proto.udp.port); port != 0; port++) {
	250	exp->tuple.dst.u.udp.port = htons(port);
	251	if (ip_conntrack_expect_related(exp) == 0)
	252	break;
	253	}
	254
	255	if (port == 0)
	256	return NF_DROP;
	257
	258	if (!mangle_sdp(pskb, ctinfo, ct, newip, port, dptr)) {
	259	ip_conntrack_unexpect_related(exp);
	260	return NF_DROP;
	261	}
	262	return NF_ACCEPT;
	263	}
	264
	265	static void __exit fini(void)
	266	{
337fbc41 PM	267	rcu_assign_pointer(ip_nat_sip_hook, NULL);
	268	rcu_assign_pointer(ip_nat_sdp_hook, NULL);
	269	synchronize_rcu();
ae5b7d8b PM	270	}
	271
	272	static int __init init(void)
	273	{
337fbc41 PM	274	BUG_ON(rcu_dereference(ip_nat_sip_hook));
	275	BUG_ON(rcu_dereference(ip_nat_sdp_hook));
	276	rcu_assign_pointer(ip_nat_sip_hook, ip_nat_sip);
	277	rcu_assign_pointer(ip_nat_sdp_hook, ip_nat_sdp);
ae5b7d8b PM	278	return 0;
	279	}
	280
	281	module_init(init);
	282	module_exit(fini);