// SPDX-License-Identifier: GPL-2.0-only /* SIP extension for IP connection tracking. * * (C) 2005 by Christian Hentschel <[email protected]> * based on RR's ip_conntrack_ftp.c and other modules. * (C) 2007 United Security Providers * (C) 2007, 2008 Patrick McHardy <[email protected]> */ #define pr_fmt(fmt) … #include <linux/module.h> #include <linux/ctype.h> #include <linux/skbuff.h> #include <linux/inet.h> #include <linux/in.h> #include <linux/udp.h> #include <linux/tcp.h> #include <linux/netfilter.h> #include <linux/netfilter_ipv4.h> #include <linux/netfilter_ipv6.h> #include <net/netfilter/nf_conntrack.h> #include <net/netfilter/nf_conntrack_core.h> #include <net/netfilter/nf_conntrack_expect.h> #include <net/netfilter/nf_conntrack_helper.h> #include <net/netfilter/nf_conntrack_zones.h> #include <linux/netfilter/nf_conntrack_sip.h> #define HELPER_NAME … MODULE_LICENSE(…) …; MODULE_AUTHOR(…) …; MODULE_DESCRIPTION(…) …; MODULE_ALIAS(…) …; MODULE_ALIAS_NFCT_HELPER(…); #define MAX_PORTS … static unsigned short ports[MAX_PORTS]; static unsigned int ports_c; module_param_array(…); MODULE_PARM_DESC(…) …; static unsigned int sip_timeout __read_mostly = …; module_param(sip_timeout, uint, 0600); MODULE_PARM_DESC(…) …; static int sip_direct_signalling __read_mostly = …; module_param(sip_direct_signalling, int, 0600); MODULE_PARM_DESC(…) …; static int sip_direct_media __read_mostly = …; module_param(sip_direct_media, int, 0600); MODULE_PARM_DESC(…) …; static int sip_external_media __read_mostly = …; module_param(sip_external_media, int, 0600); MODULE_PARM_DESC(…) …; const struct nf_nat_sip_hooks __rcu *nf_nat_sip_hooks; EXPORT_SYMBOL_GPL(…); static int string_len(const struct nf_conn *ct, const char *dptr, const char *limit, int *shift) { … } static int digits_len(const struct nf_conn *ct, const char *dptr, const char *limit, int *shift) { … } static int iswordc(const char c) { … } static int word_len(const char *dptr, const char *limit) { … } static int callid_len(const struct nf_conn *ct, const char *dptr, const char *limit, int *shift) { … } /* get media type + port length */ static int media_len(const struct nf_conn *ct, const char *dptr, const char *limit, int *shift) { … } static int sip_parse_addr(const struct nf_conn *ct, const char *cp, const char **endp, union nf_inet_addr *addr, const char *limit, bool delim) { … } /* skip ip address. returns its length. */ static int epaddr_len(const struct nf_conn *ct, const char *dptr, const char *limit, int *shift) { … } /* get address length, skiping user info. */ static int skp_epaddr_len(const struct nf_conn *ct, const char *dptr, const char *limit, int *shift) { … } /* Parse a SIP request line of the form: * * Request-Line = Method SP Request-URI SP SIP-Version CRLF * * and return the offset and length of the address contained in the Request-URI. */ int ct_sip_parse_request(const struct nf_conn *ct, const char *dptr, unsigned int datalen, unsigned int *matchoff, unsigned int *matchlen, union nf_inet_addr *addr, __be16 *port) { … } EXPORT_SYMBOL_GPL(…); /* SIP header parsing: SIP headers are located at the beginning of a line, but * may span several lines, in which case the continuation lines begin with a * whitespace character. RFC 2543 allows lines to be terminated with CR, LF or * CRLF, RFC 3261 allows only CRLF, we support both. * * Headers are followed by (optionally) whitespace, a colon, again (optionally) * whitespace and the values. Whitespace in this context means any amount of * tabs, spaces and continuation lines, which are treated as a single whitespace * character. * * Some headers may appear multiple times. A comma separated list of values is * equivalent to multiple headers. */ static const struct sip_header ct_sip_hdrs[] = …; static const char *sip_follow_continuation(const char *dptr, const char *limit) { … } static const char *sip_skip_whitespace(const char *dptr, const char *limit) { … } /* Search within a SIP header value, dealing with continuation lines */ static const char *ct_sip_header_search(const char *dptr, const char *limit, const char *needle, unsigned int len) { … } int ct_sip_get_header(const struct nf_conn *ct, const char *dptr, unsigned int dataoff, unsigned int datalen, enum sip_header_types type, unsigned int *matchoff, unsigned int *matchlen) { … } EXPORT_SYMBOL_GPL(…); /* Get next header field in a list of comma separated values */ static int ct_sip_next_header(const struct nf_conn *ct, const char *dptr, unsigned int dataoff, unsigned int datalen, enum sip_header_types type, unsigned int *matchoff, unsigned int *matchlen) { … } /* Walk through headers until a parsable one is found or no header of the * given type is left. */ static int ct_sip_walk_headers(const struct nf_conn *ct, const char *dptr, unsigned int dataoff, unsigned int datalen, enum sip_header_types type, int *in_header, unsigned int *matchoff, unsigned int *matchlen) { … } /* Locate a SIP header, parse the URI and return the offset and length of * the address as well as the address and port themselves. A stream of * headers can be parsed by handing in a non-NULL datalen and in_header * pointer. */ int ct_sip_parse_header_uri(const struct nf_conn *ct, const char *dptr, unsigned int *dataoff, unsigned int datalen, enum sip_header_types type, int *in_header, unsigned int *matchoff, unsigned int *matchlen, union nf_inet_addr *addr, __be16 *port) { … } EXPORT_SYMBOL_GPL(…); static int ct_sip_parse_param(const struct nf_conn *ct, const char *dptr, unsigned int dataoff, unsigned int datalen, const char *name, unsigned int *matchoff, unsigned int *matchlen) { … } /* Parse address from header parameter and return address, offset and length */ int ct_sip_parse_address_param(const struct nf_conn *ct, const char *dptr, unsigned int dataoff, unsigned int datalen, const char *name, unsigned int *matchoff, unsigned int *matchlen, union nf_inet_addr *addr, bool delim) { … } EXPORT_SYMBOL_GPL(…); /* Parse numerical header parameter and return value, offset and length */ int ct_sip_parse_numerical_param(const struct nf_conn *ct, const char *dptr, unsigned int dataoff, unsigned int datalen, const char *name, unsigned int *matchoff, unsigned int *matchlen, unsigned int *val) { … } EXPORT_SYMBOL_GPL(…); static int ct_sip_parse_transport(struct nf_conn *ct, const char *dptr, unsigned int dataoff, unsigned int datalen, u8 *proto) { … } static int sdp_parse_addr(const struct nf_conn *ct, const char *cp, const char **endp, union nf_inet_addr *addr, const char *limit) { … } /* skip ip address. returns its length. */ static int sdp_addr_len(const struct nf_conn *ct, const char *dptr, const char *limit, int *shift) { … } /* SDP header parsing: a SDP session description contains an ordered set of * headers, starting with a section containing general session parameters, * optionally followed by multiple media descriptions. * * SDP headers always start at the beginning of a line. According to RFC 2327: * "The sequence CRLF (0x0d0a) is used to end a record, although parsers should * be tolerant and also accept records terminated with a single newline * character". We handle both cases. */ static const struct sip_header ct_sdp_hdrs_v4[] = …; static const struct sip_header ct_sdp_hdrs_v6[] = …; /* Linear string search within SDP header values */ static const char *ct_sdp_header_search(const char *dptr, const char *limit, const char *needle, unsigned int len) { … } /* Locate a SDP header (optionally a substring within the header value), * optionally stopping at the first occurrence of the term header, parse * it and return the offset and length of the data we're interested in. */ int ct_sip_get_sdp_header(const struct nf_conn *ct, const char *dptr, unsigned int dataoff, unsigned int datalen, enum sdp_header_types type, enum sdp_header_types term, unsigned int *matchoff, unsigned int *matchlen) { … } EXPORT_SYMBOL_GPL(…); static int ct_sip_parse_sdp_addr(const struct nf_conn *ct, const char *dptr, unsigned int dataoff, unsigned int datalen, enum sdp_header_types type, enum sdp_header_types term, unsigned int *matchoff, unsigned int *matchlen, union nf_inet_addr *addr) { … } static int refresh_signalling_expectation(struct nf_conn *ct, union nf_inet_addr *addr, u8 proto, __be16 port, unsigned int expires) { … } static void flush_expectations(struct nf_conn *ct, bool media) { … } static int set_expected_rtp_rtcp(struct sk_buff *skb, unsigned int protoff, unsigned int dataoff, const char **dptr, unsigned int *datalen, union nf_inet_addr *daddr, __be16 port, enum sip_expectation_classes class, unsigned int mediaoff, unsigned int medialen) { … } static const struct sdp_media_type sdp_media_types[] = …; static const struct sdp_media_type *sdp_media_type(const char *dptr, unsigned int matchoff, unsigned int matchlen) { … } static int process_sdp(struct sk_buff *skb, unsigned int protoff, unsigned int dataoff, const char **dptr, unsigned int *datalen, unsigned int cseq) { … } static int process_invite_response(struct sk_buff *skb, unsigned int protoff, unsigned int dataoff, const char **dptr, unsigned int *datalen, unsigned int cseq, unsigned int code) { … } static int process_update_response(struct sk_buff *skb, unsigned int protoff, unsigned int dataoff, const char **dptr, unsigned int *datalen, unsigned int cseq, unsigned int code) { … } static int process_prack_response(struct sk_buff *skb, unsigned int protoff, unsigned int dataoff, const char **dptr, unsigned int *datalen, unsigned int cseq, unsigned int code) { … } static int process_invite_request(struct sk_buff *skb, unsigned int protoff, unsigned int dataoff, const char **dptr, unsigned int *datalen, unsigned int cseq) { … } static int process_bye_request(struct sk_buff *skb, unsigned int protoff, unsigned int dataoff, const char **dptr, unsigned int *datalen, unsigned int cseq) { … } /* Parse a REGISTER request and create a permanent expectation for incoming * signalling connections. The expectation is marked inactive and is activated * when receiving a response indicating success from the registrar. */ static int process_register_request(struct sk_buff *skb, unsigned int protoff, unsigned int dataoff, const char **dptr, unsigned int *datalen, unsigned int cseq) { … } static int process_register_response(struct sk_buff *skb, unsigned int protoff, unsigned int dataoff, const char **dptr, unsigned int *datalen, unsigned int cseq, unsigned int code) { … } static const struct sip_handler sip_handlers[] = …; static int process_sip_response(struct sk_buff *skb, unsigned int protoff, unsigned int dataoff, const char **dptr, unsigned int *datalen) { … } static int process_sip_request(struct sk_buff *skb, unsigned int protoff, unsigned int dataoff, const char **dptr, unsigned int *datalen) { … } static int process_sip_msg(struct sk_buff *skb, struct nf_conn *ct, unsigned int protoff, unsigned int dataoff, const char **dptr, unsigned int *datalen) { … } static int sip_help_tcp(struct sk_buff *skb, unsigned int protoff, struct nf_conn *ct, enum ip_conntrack_info ctinfo) { … } static int sip_help_udp(struct sk_buff *skb, unsigned int protoff, struct nf_conn *ct, enum ip_conntrack_info ctinfo) { … } static struct nf_conntrack_helper sip[MAX_PORTS * 4] __read_mostly; static const struct nf_conntrack_expect_policy sip_exp_policy[SIP_EXPECT_MAX + 1] = …; static void __exit nf_conntrack_sip_fini(void) { … } static int __init nf_conntrack_sip_init(void) { … } module_init(…) …; module_exit(nf_conntrack_sip_fini);
Codebase Browser
linux