All of lore.kernel.org
 help / color / mirror / Atom feed
From: Patrick McHardy <kaber@trash.net>
To: netfilter-devel@vger.kernel.org
Cc: Patrick McHardy <kaber@trash.net>
Subject: [NETFILTER 20/32]: nf_conntrack_sip: support method specific request/response handling
Date: Thu, 28 Feb 2008 13:00:24 +0100 (MET)	[thread overview]
Message-ID: <20080228120015.29267.90348.sendpatchset@localhost.localdomain> (raw)
In-Reply-To: <20080228115948.29267.34361.sendpatchset@localhost.localdomain>

[NETFILTER]: nf_conntrack_sip: support method specific request/response handling

Add support for per-method request/response handlers and perform SDP
parsing for INVITE/UPDATE requests and for all informational and
successful responses.

Signed-off-by: Patrick McHardy <kaber@trash.net>

---
commit 76ff8089d5abc23d9cc6b31f7d1a7dcdd9579567
tree 16f31f2ca11985a5ecec3d0e6704647a10b546c4
parent 9a0620a58527f73990638597813e6c759cfbb10c
author Patrick McHardy <kaber@trash.net> Thu, 28 Feb 2008 12:08:26 +0100
committer Patrick McHardy <kaber@trash.net> Thu, 28 Feb 2008 12:08:26 +0100

 include/linux/netfilter/nf_conntrack_sip.h |   20 +++++
 net/netfilter/nf_conntrack_sip.c           |  107 +++++++++++++++++++++++++---
 2 files changed, 117 insertions(+), 10 deletions(-)

diff --git a/include/linux/netfilter/nf_conntrack_sip.h b/include/linux/netfilter/nf_conntrack_sip.h
index 1f518d3..518fdf1 100644
--- a/include/linux/netfilter/nf_conntrack_sip.h
+++ b/include/linux/netfilter/nf_conntrack_sip.h
@@ -11,6 +11,25 @@ enum sip_expectation_classes {
 };
 #define SIP_EXPECT_MAX	(__SIP_EXPECT_MAX - 1)
 
+struct sip_handler {
+	const char	*method;
+	unsigned int	len;
+	int		(*request)(struct sk_buff *skb,
+				   const char **dptr, unsigned int *datalen,
+				   unsigned int cseq);
+	int		(*response)(struct sk_buff *skb,
+				    const char **dptr, unsigned int *datalen,
+				    unsigned int cseq, unsigned int code);
+};
+
+#define SIP_HANDLER(__method, __request, __response)			\
+{									\
+	.method		= (__method),					\
+	.len		= sizeof(__method) - 1,				\
+	.request	= (__request),					\
+	.response	= (__response),					\
+}
+
 struct sip_header {
 	const char	*name;
 	const char	*cname;
@@ -41,6 +60,7 @@ struct sip_header {
 	__SIP_HDR(__name, NULL, __search, __match)
 
 enum sip_header_types {
+	SIP_HDR_CSEQ,
 	SIP_HDR_FROM,
 	SIP_HDR_TO,
 	SIP_HDR_CONTACT,
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c
index 556f7f6..93e8565 100644
--- a/net/netfilter/nf_conntrack_sip.c
+++ b/net/netfilter/nf_conntrack_sip.c
@@ -221,6 +221,7 @@ EXPORT_SYMBOL_GPL(ct_sip_parse_request);
  * equivalent to multiple headers.
  */
 static const struct sip_header ct_sip_hdrs[] = {
+	[SIP_HDR_CSEQ]			= SIP_HDR("CSeq", NULL, NULL, digits_len),
 	[SIP_HDR_FROM]			= SIP_HDR("From", "f", "sip:", skp_epaddr_len),
 	[SIP_HDR_TO]			= SIP_HDR("To", "t", "sip:", skp_epaddr_len),
 	[SIP_HDR_CONTACT]		= SIP_HDR("Contact", "m", "sip:", skp_epaddr_len),
@@ -575,7 +576,8 @@ static int set_expected_rtp(struct sk_buff *skb,
 }
 
 static int process_sdp(struct sk_buff *skb,
-		       const char **dptr, unsigned int *datalen)
+		       const char **dptr, unsigned int *datalen,
+		       unsigned int cseq)
 {
 	enum ip_conntrack_info ctinfo;
 	struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
@@ -609,6 +611,96 @@ static int process_sdp(struct sk_buff *skb,
 
 	return set_expected_rtp(skb, dptr, datalen, &addr, htons(port));
 }
+static int process_invite_response(struct sk_buff *skb,
+				   const char **dptr, unsigned int *datalen,
+				   unsigned int cseq, unsigned int code)
+{
+	if ((code >= 100 && code <= 199) ||
+	    (code >= 200 && code <= 299))
+		return process_sdp(skb, dptr, datalen, cseq);
+
+	return NF_ACCEPT;
+}
+
+static int process_update_response(struct sk_buff *skb,
+				   const char **dptr, unsigned int *datalen,
+				   unsigned int cseq, unsigned int code)
+{
+	if ((code >= 100 && code <= 199) ||
+	    (code >= 200 && code <= 299))
+		return process_sdp(skb, dptr, datalen, cseq);
+
+	return NF_ACCEPT;
+}
+
+static const struct sip_handler sip_handlers[] = {
+	SIP_HANDLER("INVITE", process_sdp, process_invite_response),
+	SIP_HANDLER("UPDATE", process_sdp, process_update_response),
+};
+
+static int process_sip_response(struct sk_buff *skb,
+				const char **dptr, unsigned int *datalen)
+{
+	static const struct sip_handler *handler;
+	enum ip_conntrack_info ctinfo;
+	struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
+	unsigned int matchoff, matchlen;
+	unsigned int code, cseq, dataoff, i;
+
+	if (*datalen < strlen("SIP/2.0 200"))
+		return NF_ACCEPT;
+	code = simple_strtoul(*dptr + strlen("SIP/2.0 "), NULL, 10);
+	if (!code)
+		return NF_DROP;
+
+	if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_CSEQ,
+			      &matchoff, &matchlen) <= 0)
+		return NF_DROP;
+	cseq = simple_strtoul(*dptr + matchoff, NULL, 10);
+	if (!cseq)
+		return NF_DROP;
+	dataoff = matchoff + matchlen + 1;
+
+	for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) {
+		handler = &sip_handlers[i];
+		if (handler->response == NULL)
+			continue;
+		if (*datalen < dataoff + handler->len ||
+		    strnicmp(*dptr + dataoff, handler->method, handler->len))
+			continue;
+		return handler->response(skb, dptr, datalen, cseq, code);
+	}
+	return NF_ACCEPT;
+}
+
+static int process_sip_request(struct sk_buff *skb,
+			       const char **dptr, unsigned int *datalen)
+{
+	static const struct sip_handler *handler;
+	enum ip_conntrack_info ctinfo;
+	struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
+	unsigned int matchoff, matchlen;
+	unsigned int cseq, i;
+
+	for (i = 0; i < ARRAY_SIZE(sip_handlers); i++) {
+		handler = &sip_handlers[i];
+		if (handler->request == NULL)
+			continue;
+		if (*datalen < handler->len ||
+		    strnicmp(*dptr, handler->method, handler->len))
+			continue;
+
+		if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_CSEQ,
+				      &matchoff, &matchlen) <= 0)
+			return NF_DROP;
+		cseq = simple_strtoul(*dptr + matchoff, NULL, 10);
+		if (!cseq)
+			return NF_DROP;
+
+		return handler->request(skb, dptr, datalen, cseq);
+	}
+	return NF_ACCEPT;
+}
 
 static int sip_help(struct sk_buff *skb,
 		    unsigned int protoff,
@@ -643,15 +735,10 @@ static int sip_help(struct sk_buff *skb,
 	if (datalen < strlen("SIP/2.0 200"))
 		return NF_ACCEPT;
 
-	/* RTP info only in some SDP pkts */
-	if (strnicmp(dptr, "INVITE", strlen("INVITE")) != 0 &&
-	    strnicmp(dptr, "UPDATE", strlen("UPDATE")) != 0 &&
-	    strnicmp(dptr, "SIP/2.0 180", strlen("SIP/2.0 180")) != 0 &&
-	    strnicmp(dptr, "SIP/2.0 183", strlen("SIP/2.0 183")) != 0 &&
-	    strnicmp(dptr, "SIP/2.0 200", strlen("SIP/2.0 200")) != 0)
-		return NF_ACCEPT;
-
-	return process_sdp(skb, &dptr, &datalen);
+	if (strnicmp(dptr, "SIP/2.0 ", strlen("SIP/2.0 ")) != 0)
+		return process_sip_request(skb, &dptr, &datalen);
+	else
+		return process_sip_response(skb, &dptr, &datalen);
 }
 
 static struct nf_conntrack_helper sip[MAX_PORTS][2] __read_mostly;

  parent reply	other threads:[~2008-02-28 12:00 UTC|newest]

Thread overview: 35+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-02-28 11:59 [NETFILTER 00/32]: SIP conntrack/NAT enhancements Patrick McHardy
2008-02-28 11:59 ` [NETFILTER 01/32]: ipt_CLUSTERIP: fix non-existant macro-name Patrick McHardy
2008-02-28 11:59 ` [NETFILTER 02/32]: nf_conntrack: fix NF_CT_TUPLE_DUMP for IPv4 Patrick McHardy
2008-02-28 12:00 ` [NETFILTER 03/32]: nf_conntrack_expect: constify nf_ct_expect_init arguments Patrick McHardy
2008-02-28 12:00 ` [NETFILTER 04/32]: nf_conntrack_expect: show NF_CT_EXPECT_PERMANENT flag in /proc Patrick McHardy
2008-02-28 12:00 ` [NETFILTER 05/32]: nf_conntrack_expect: support inactive expectations Patrick McHardy
2008-02-28 12:00 ` [NETFILTER 06/32]: nf_conntrack: introduce expectation classes and policies Patrick McHardy
2008-02-28 12:00 ` [NETFILTER 07/32]: Add nf_inet_addr_cmp() Patrick McHardy
2008-02-28 12:19   ` Jan Engelhardt
2008-02-28 12:23     ` Patrick McHardy
2008-02-28 12:00 ` [NETFILTER 08/32]: nf_conntrack_sip: fix IPv6 address parsing Patrick McHardy
2008-02-28 12:00 ` [NETFILTER 09/32]: nf_nat_sip: fix NAT setup order Patrick McHardy
2008-02-28 12:00 ` [NETFILTER 10/32]: nf_conntrack_sip: fix some off-by-ones Patrick McHardy
2008-02-28 12:00 ` [NETFILTER 11/32]: nf_conntrack_sip: adjust dptr and datalen after packet mangling Patrick McHardy
2008-02-28 12:00 ` [NETFILTER 12/32]: nf_conntrack_sip: remove redundant function arguments Patrick McHardy
2008-02-28 12:00 ` [NETFILTER 13/32]: nf_conntrack_sip: use strlen/strcmp Patrick McHardy
2008-02-28 12:00 ` [NETFILTER 14/32]: nf_conntrack_sip: add seperate SDP header parsing function Patrick McHardy
2008-02-28 12:00 ` [NETFILTER 15/32]: nf_conntrack_sip: kill request URI "header" definitions Patrick McHardy
2008-02-28 12:00 ` [NETFILTER 16/32]: nf_conntrack_sip: parse SIP headers properly Patrick McHardy
2008-02-28 12:00 ` [NETFILTER 17/32]: nf_conntrack_sip: introduce SIP-URI parsing helper Patrick McHardy
2008-02-28 12:00 ` [NETFILTER 18/32]: nf_nat_sip: get rid of text based header translation Patrick McHardy
2008-02-28 12:00 ` [NETFILTER 19/32]: nf_conntrack_sip: move SDP parsing to seperate function Patrick McHardy
2008-02-28 12:00 ` Patrick McHardy [this message]
2008-02-28 12:00 ` [NETFILTER 21/32]: nf_conntrack_sip: perform NAT after parsing Patrick McHardy
2008-02-28 12:00 ` [NETFILTER 22/32]: nf_conntrack_sip: process ACK and PRACK methods Patrick McHardy
2008-02-28 12:00 ` [NETFILTER 23/32]: nf_conntrack_sip: flush expectations on call termination Patrick McHardy
2008-02-28 12:00 ` [NETFILTER 24/32]: nf_conntrack_sip: introduce URI and header parameter parsing helpers Patrick McHardy
2008-02-28 12:00 ` [NETFILTER 25/32]: nf_nat_sip: translate all Via headers Patrick McHardy
2008-02-28 12:00 ` [NETFILTER 26/32]: nf_nat_sip: translate all Contact headers Patrick McHardy
2008-02-28 12:00 ` [NETFILTER 27/32]: nf_conntrack_sip: create signalling expectations Patrick McHardy
2008-02-28 12:00 ` [NETFILTER 28/32]: nf_conntrack_sip: allow media expectations with wildcard source address Patrick McHardy
2008-02-28 12:00 ` [NETFILTER 29/32]: nf_conntrack_sip: create RTCP expectations Patrick McHardy
2008-02-28 12:00 ` [NETFILTER 30/32]: nf_nat_sip: split up SDP mangling Patrick McHardy
2008-02-28 12:00 ` [NETFILTER 31/32]: nf_conntrack_sip: support multiple media channels Patrick McHardy
2008-02-28 12:00 ` [NETFILTER 32/32]: nf_conntrack_sip: RTP routing optimization Patrick McHardy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20080228120015.29267.90348.sendpatchset@localhost.localdomain \
    --to=kaber@trash.net \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.