Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 720ac708 authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller
Browse files

[NETFILTER]: nf_nat_sip: translate all Via headers 



Update maddr=, received= and rport= Via-header parameters refering to
the signalling connection.

Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 2bbb2116

net/ipv4/netfilter/nf_nat_sip.c

+73 −1
Original line number Diff line number Diff line
@@ -100,9 +100,11 @@ static unsigned int ip_nat_sip(struct sk_buff *skb, 
{

	enum ip_conntrack_info ctinfo;

	struct nf_conn *ct = nf_ct_get(skb, &ctinfo);

	enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);

	unsigned int matchoff, matchlen;

	union nf_inet_addr addr;

	__be16 port;

	int request;



	/* Basic rules: requests and responses. */

	if (strnicmp(*dptr, "SIP/2.0", strlen("SIP/2.0")) != 0) {
@@ -112,11 +114,81 @@ static unsigned int ip_nat_sip(struct sk_buff *skb, 
		    !map_addr(skb, dptr, datalen, matchoff, matchlen,

			      &addr, port))

			return NF_DROP;

		request = 1;

	} else

		request = 0;



	/* Translate topmost Via header and parameters */

	if (ct_sip_parse_header_uri(ct, *dptr, NULL, *datalen,

				    SIP_HDR_VIA, NULL, &matchoff, &matchlen,

				    &addr, &port) > 0) {

		unsigned int matchend, poff, plen, buflen, n;

		char buffer[sizeof("nnn.nnn.nnn.nnn:nnnnn")];



		/* We're only interested in headers related to this

		 * connection */

		if (request) {

			if (addr.ip != ct->tuplehash[dir].tuple.src.u3.ip ||

			    port != ct->tuplehash[dir].tuple.src.u.udp.port)

				goto next;

		} else {

			if (addr.ip != ct->tuplehash[dir].tuple.dst.u3.ip ||

			    port != ct->tuplehash[dir].tuple.dst.u.udp.port)

				goto next;

		}



		if (!map_addr(skb, dptr, datalen, matchoff, matchlen,

			      &addr, port))

			return NF_DROP;



		matchend = matchoff + matchlen;



		/* The maddr= parameter (RFC 2361) specifies where to send

		 * the reply. */

		if (ct_sip_parse_address_param(ct, *dptr, matchend, *datalen,

					       "maddr=", &poff, &plen,

					       &addr) > 0 &&

		    addr.ip == ct->tuplehash[dir].tuple.src.u3.ip &&

		    addr.ip != ct->tuplehash[!dir].tuple.dst.u3.ip) {

			__be32 ip = ct->tuplehash[!dir].tuple.dst.u3.ip;

			buflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(ip));

			if (!mangle_packet(skb, dptr, datalen, poff, plen,

					   buffer, buflen))

				return NF_DROP;

		}



		/* The received= parameter (RFC 2361) contains the address

		 * from which the server received the request. */

		if (ct_sip_parse_address_param(ct, *dptr, matchend, *datalen,

					       "received=", &poff, &plen,

					       &addr) > 0 &&

		    addr.ip == ct->tuplehash[dir].tuple.dst.u3.ip &&

		    addr.ip != ct->tuplehash[!dir].tuple.src.u3.ip) {

			__be32 ip = ct->tuplehash[!dir].tuple.src.u3.ip;

			buflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(ip));

			if (!mangle_packet(skb, dptr, datalen, poff, plen,

					   buffer, buflen))

				return NF_DROP;

		}



		/* The rport= parameter (RFC 3581) contains the port number

		 * from which the server received the request. */

		if (ct_sip_parse_numerical_param(ct, *dptr, matchend, *datalen,

						 "rport=", &poff, &plen,

						 &n) > 0 &&

		    htons(n) == ct->tuplehash[dir].tuple.dst.u.udp.port &&

		    htons(n) != ct->tuplehash[!dir].tuple.src.u.udp.port) {

			__be16 p = ct->tuplehash[!dir].tuple.src.u.udp.port;

			buflen = sprintf(buffer, "%u", ntohs(p));

			if (!mangle_packet(skb, dptr, datalen, poff, plen,

					   buffer, buflen))

				return NF_DROP;

		}

	}



next:

	if (!map_sip_addr(skb, dptr, datalen, SIP_HDR_FROM) ||

	    !map_sip_addr(skb, dptr, datalen, SIP_HDR_TO) ||

	    !map_sip_addr(skb, dptr, datalen, SIP_HDR_VIA) ||

	    !map_sip_addr(skb, dptr, datalen, SIP_HDR_CONTACT))

		return NF_DROP;

	return NF_ACCEPT;