From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: Patrick McHardy <kaber@trash.net>, netfilter-devel@vger.kernel.org
Subject: [NETFILTER 13/32]: nf_conntrack_sip: add seperate SDP header parsing function
Date: Tue, 25 Mar 2008 15:15:09 +0100 (MET) [thread overview]
Message-ID: <20080325141508.10539.9723.sendpatchset@localhost.localdomain> (raw)
In-Reply-To: <20080325141450.10539.58908.sendpatchset@localhost.localdomain>
[NETFILTER]: nf_conntrack_sip: add seperate SDP header parsing function
SDP and SIP headers are quite different, SIP can have continuation lines,
leading and trailing whitespace after the colon and is mostly case-insensitive
while SDP headers always begin on a new line and are followed by an equal
sign and the value, without any whitespace.
Introduce new SDP header parsing function and convert all users that used
the SIP header parsing function. This will allow to properly deal with the
special SIP cases in the SIP header parsing function later.
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit 3a7cda6054cd6374b0b18b72e71404b5ca7b2155
tree ff4c8e34c71a5151b9122f91b8bb5dc1334cc4f4
parent 7fc3c23d9817c4086c5bff587d614136ba5dfc80
author Patrick McHardy <kaber@trash.net> Tue, 25 Mar 2008 12:44:57 +0100
committer Patrick McHardy <kaber@trash.net> Tue, 25 Mar 2008 14:09:54 +0100
include/linux/netfilter/nf_conntrack_sip.h | 49 ++++++++-
net/ipv4/netfilter/nf_nat_sip.c | 69 ++++++------
net/netfilter/nf_conntrack_sip.c | 159 +++++++++++++++++-----------
3 files changed, 169 insertions(+), 108 deletions(-)
diff --git a/include/linux/netfilter/nf_conntrack_sip.h b/include/linux/netfilter/nf_conntrack_sip.h
index b94de3d..9131cbc 100644
--- a/include/linux/netfilter/nf_conntrack_sip.h
+++ b/include/linux/netfilter/nf_conntrack_sip.h
@@ -13,12 +13,42 @@ enum sip_header_pos {
POS_VIA,
POS_CONTACT,
POS_CONTENT,
- POS_MEDIA,
- POS_OWNER_IP4,
- POS_CONNECTION_IP4,
- POS_OWNER_IP6,
- POS_CONNECTION_IP6,
- POS_SDP_HEADER,
+};
+
+struct sip_header {
+ const char *name;
+ const char *cname;
+ const char *search;
+ unsigned int len;
+ unsigned int clen;
+ unsigned int slen;
+ int (*match_len)(const struct nf_conn *ct,
+ const char *dptr, const char *limit,
+ int *shift);
+};
+
+#define __SIP_HDR(__name, __cname, __search, __match) \
+{ \
+ .name = (__name), \
+ .len = sizeof(__name) - 1, \
+ .cname = (__cname), \
+ .clen = (__cname) ? sizeof(__cname) - 1 : 0, \
+ .search = (__search), \
+ .slen = (__search) ? sizeof(__search) - 1 : 0, \
+ .match_len = (__match), \
+}
+
+#define SDP_HDR(__name, __search, __match) \
+ __SIP_HDR(__name, NULL, __search, __match)
+
+enum sdp_header_types {
+ SDP_HDR_UNSPEC,
+ SDP_HDR_VERSION,
+ SDP_HDR_OWNER_IP4,
+ SDP_HDR_CONNECTION_IP4,
+ SDP_HDR_OWNER_IP6,
+ SDP_HDR_CONNECTION_IP6,
+ SDP_HDR_MEDIA,
};
extern unsigned int (*nf_nat_sip_hook)(struct sk_buff *skb,
@@ -36,5 +66,12 @@ extern int ct_sip_lnlen(const char *line, const char *limit);
extern const char *ct_sip_search(const char *needle, const char *haystack,
size_t needle_len, size_t haystack_len,
int case_sensitive);
+
+extern int ct_sip_get_sdp_header(const struct nf_conn *ct, const char *dptr,
+ unsigned int dataoff, unsigned int datalen,
+ enum sdp_header_types type,
+ enum sdp_header_types term,
+ unsigned int *matchoff, unsigned int *matchlen);
+
#endif /* __KERNEL__ */
#endif /* __NF_CONNTRACK_SIP_H__ */
diff --git a/net/ipv4/netfilter/nf_nat_sip.c b/net/ipv4/netfilter/nf_nat_sip.c
index dd1b2d8..aa8a4f4 100644
--- a/net/ipv4/netfilter/nf_nat_sip.c
+++ b/net/ipv4/netfilter/nf_nat_sip.c
@@ -147,51 +147,46 @@ static unsigned int ip_nat_sip(struct sk_buff *skb,
return NF_ACCEPT;
}
-static unsigned int mangle_sip_packet(struct sk_buff *skb,
- const char **dptr, unsigned int *datalen,
- char *buffer, int bufflen,
- enum sip_header_pos pos)
+static int mangle_content_len(struct sk_buff *skb,
+ const char **dptr, unsigned int *datalen)
{
enum ip_conntrack_info ctinfo;
struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
- unsigned int matchlen, matchoff;
+ unsigned int matchoff, matchlen;
+ char buffer[sizeof("65536")];
+ int buflen, c_len;
+ /* Get actual SDP length */
+ if (ct_sip_get_sdp_header(ct, *dptr, 0, *datalen,
+ SDP_HDR_VERSION, SDP_HDR_UNSPEC,
+ &matchoff, &matchlen) <= 0)
+ return 0;
+ c_len = *datalen - matchoff + strlen("v=");
+
+ /* Now, update SDP length */
if (ct_sip_get_info(ct, *dptr, *datalen, &matchoff, &matchlen,
- pos) <= 0)
+ POS_CONTENT) <= 0)
return 0;
+ buflen = sprintf(buffer, "%u", c_len);
return mangle_packet(skb, dptr, datalen, matchoff, matchlen,
- buffer, bufflen);
+ buffer, buflen);
}
-static int mangle_content_len(struct sk_buff *skb,
- const char **dptr, unsigned int *datalen)
+static unsigned mangle_sdp_packet(struct sk_buff *skb,
+ const char **dptr, unsigned int *datalen,
+ enum sdp_header_types type,
+ char *buffer, int buflen)
{
enum ip_conntrack_info ctinfo;
struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
- unsigned int matchoff, matchlen;
- char buffer[sizeof("65536")];
- int bufflen;
+ unsigned int matchlen, matchoff;
- /* Get actual SDP length */
- if (ct_sip_get_info(ct, *dptr, *datalen, &matchoff,
- &matchlen, POS_SDP_HEADER) > 0) {
-
- /* since ct_sip_get_info() give us a pointer passing 'v='
- we need to add 2 bytes in this count. */
- int c_len = *datalen - matchoff + 2;
-
- /* Now, update SDP length */
- if (ct_sip_get_info(ct, *dptr, *datalen, &matchoff,
- &matchlen, POS_CONTENT) > 0) {
-
- bufflen = sprintf(buffer, "%u", c_len);
- return mangle_packet(skb, dptr, datalen,
- matchoff, matchlen,
- buffer, bufflen);
- }
- }
- return 0;
+ if (ct_sip_get_sdp_header(ct, *dptr, 0, *datalen, type, SDP_HDR_UNSPEC,
+ &matchoff, &matchlen) <= 0)
+ return 0;
+ return mangle_packet(skb, dptr, datalen, matchoff, matchlen,
+ buffer, buflen);
}
static unsigned int mangle_sdp(struct sk_buff *skb,
@@ -205,18 +200,18 @@ static unsigned int mangle_sdp(struct sk_buff *skb,
/* Mangle owner and contact info. */
bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip));
- if (!mangle_sip_packet(skb, dptr, datalen, buffer, bufflen,
- POS_OWNER_IP4))
+ if (!mangle_sdp_packet(skb, dptr, datalen, SDP_HDR_OWNER_IP4,
+ buffer, bufflen))
return 0;
- if (!mangle_sip_packet(skb, dptr, datalen, buffer, bufflen,
- POS_CONNECTION_IP4))
+ if (!mangle_sdp_packet(skb, dptr, datalen, SDP_HDR_CONNECTION_IP4,
+ buffer, bufflen))
return 0;
/* Mangle media port. */
bufflen = sprintf(buffer, "%u", port);
- if (!mangle_sip_packet(skb, dptr, datalen, buffer, bufflen,
- POS_MEDIA))
+ if (!mangle_sdp_packet(skb, dptr, datalen, SDP_HDR_MEDIA,
+ buffer, bufflen))
return 0;
return mangle_content_len(skb, dptr, datalen);
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c
index cf19a70..801fcb3 100644
--- a/net/netfilter/nf_conntrack_sip.c
+++ b/net/netfilter/nf_conntrack_sip.c
@@ -124,66 +124,6 @@ static const struct sip_header_nfo ct_sip_hdrs[] = {
.ln_strlen = sizeof(":") - 1,
.match_len = skp_digits_len
},
- [POS_MEDIA] = { /* SDP media info */
- .case_sensitive = 1,
- .lname = "\nm=",
- .lnlen = sizeof("\nm=") - 1,
- .sname = "\rm=",
- .snlen = sizeof("\rm=") - 1,
- .ln_str = "audio ",
- .ln_strlen = sizeof("audio ") - 1,
- .match_len = digits_len
- },
- [POS_OWNER_IP4] = { /* SDP owner address*/
- .case_sensitive = 1,
- .lname = "\no=",
- .lnlen = sizeof("\no=") - 1,
- .sname = "\ro=",
- .snlen = sizeof("\ro=") - 1,
- .ln_str = "IN IP4 ",
- .ln_strlen = sizeof("IN IP4 ") - 1,
- .match_len = epaddr_len
- },
- [POS_CONNECTION_IP4] = {/* SDP connection info */
- .case_sensitive = 1,
- .lname = "\nc=",
- .lnlen = sizeof("\nc=") - 1,
- .sname = "\rc=",
- .snlen = sizeof("\rc=") - 1,
- .ln_str = "IN IP4 ",
- .ln_strlen = sizeof("IN IP4 ") - 1,
- .match_len = epaddr_len
- },
- [POS_OWNER_IP6] = { /* SDP owner address*/
- .case_sensitive = 1,
- .lname = "\no=",
- .lnlen = sizeof("\no=") - 1,
- .sname = "\ro=",
- .snlen = sizeof("\ro=") - 1,
- .ln_str = "IN IP6 ",
- .ln_strlen = sizeof("IN IP6 ") - 1,
- .match_len = epaddr_len
- },
- [POS_CONNECTION_IP6] = {/* SDP connection info */
- .case_sensitive = 1,
- .lname = "\nc=",
- .lnlen = sizeof("\nc=") - 1,
- .sname = "\rc=",
- .snlen = sizeof("\rc=") - 1,
- .ln_str = "IN IP6 ",
- .ln_strlen = sizeof("IN IP6 ") - 1,
- .match_len = epaddr_len
- },
- [POS_SDP_HEADER] = { /* SDP version header */
- .case_sensitive = 1,
- .lname = "\nv=",
- .lnlen = sizeof("\nv=") - 1,
- .sname = "\rv=",
- .snlen = sizeof("\rv=") - 1,
- .ln_str = "=",
- .ln_strlen = sizeof("=") - 1,
- .match_len = digits_len
- }
};
/* get line length until first CR or LF seen. */
@@ -363,6 +303,92 @@ int ct_sip_get_info(const struct nf_conn *ct,
}
EXPORT_SYMBOL_GPL(ct_sip_get_info);
+/* SDP header parsing: a SDP session description contains an ordered set of
+ * headers, starting with a section containing general session parameters,
+ * optionally followed by multiple media descriptions.
+ *
+ * SDP headers always start at the beginning of a line. According to RFC 2327:
+ * "The sequence CRLF (0x0d0a) is used to end a record, although parsers should
+ * be tolerant and also accept records terminated with a single newline
+ * character". We handle both cases.
+ */
+static const struct sip_header ct_sdp_hdrs[] = {
+ [SDP_HDR_VERSION] = SDP_HDR("v=", NULL, digits_len),
+ [SDP_HDR_OWNER_IP4] = SDP_HDR("o=", "IN IP4 ", epaddr_len),
+ [SDP_HDR_CONNECTION_IP4] = SDP_HDR("c=", "IN IP4 ", epaddr_len),
+ [SDP_HDR_OWNER_IP6] = SDP_HDR("o=", "IN IP6 ", epaddr_len),
+ [SDP_HDR_CONNECTION_IP6] = SDP_HDR("c=", "IN IP6 ", epaddr_len),
+ [SDP_HDR_MEDIA] = SDP_HDR("m=", "audio ", digits_len),
+};
+
+/* Linear string search within SDP header values */
+static const char *ct_sdp_header_search(const char *dptr, const char *limit,
+ const char *needle, unsigned int len)
+{
+ for (limit -= len; dptr < limit; dptr++) {
+ if (*dptr == '\r' || *dptr == '\n')
+ break;
+ if (strncmp(dptr, needle, len) == 0)
+ return dptr;
+ }
+ return NULL;
+}
+
+/* Locate a SDP header (optionally a substring within the header value),
+ * optionally stopping at the first occurence of the term header, parse
+ * it and return the offset and length of the data we're interested in.
+ */
+int ct_sip_get_sdp_header(const struct nf_conn *ct, const char *dptr,
+ unsigned int dataoff, unsigned int datalen,
+ enum sdp_header_types type,
+ enum sdp_header_types term,
+ unsigned int *matchoff, unsigned int *matchlen)
+{
+ const struct sip_header *hdr = &ct_sdp_hdrs[type];
+ const struct sip_header *thdr = &ct_sdp_hdrs[term];
+ const char *start = dptr, *limit = dptr + datalen;
+ int shift = 0;
+
+ for (dptr += dataoff; dptr < limit; dptr++) {
+ /* Find beginning of line */
+ if (*dptr != '\r' && *dptr != '\n')
+ continue;
+ if (++dptr >= limit)
+ break;
+ if (*(dptr - 1) == '\r' && *dptr == '\n') {
+ if (++dptr >= limit)
+ break;
+ }
+
+ if (term != SDP_HDR_UNSPEC &&
+ limit - dptr >= thdr->len &&
+ strnicmp(dptr, thdr->name, thdr->len) == 0)
+ break;
+ else if (limit - dptr >= hdr->len &&
+ strnicmp(dptr, hdr->name, hdr->len) == 0)
+ dptr += hdr->len;
+ else
+ continue;
+
+ *matchoff = dptr - start;
+ if (hdr->search) {
+ dptr = ct_sdp_header_search(dptr, limit, hdr->search,
+ hdr->slen);
+ if (!dptr)
+ return -1;
+ dptr += hdr->slen;
+ }
+
+ *matchlen = hdr->match_len(ct, dptr, limit, &shift);
+ if (!*matchlen)
+ return -1;
+ *matchoff = dptr - start + shift;
+ return 1;
+ }
+ return 0;
+}
+EXPORT_SYMBOL_GPL(ct_sip_get_sdp_header);
+
static int set_expected_rtp(struct sk_buff *skb,
const char **dptr, unsigned int *datalen,
union nf_inet_addr *addr, __be16 port)
@@ -408,7 +434,7 @@ static int sip_help(struct sk_buff *skb,
int ret = NF_ACCEPT;
unsigned int matchoff, matchlen;
u_int16_t port;
- enum sip_header_pos pos;
+ enum sdp_header_types type;
typeof(nf_nat_sip_hook) nf_nat_sip;
/* No Data ? */
@@ -446,8 +472,10 @@ static int sip_help(struct sk_buff *skb,
goto out;
}
/* Get address and port from SDP packet. */
- pos = family == AF_INET ? POS_CONNECTION_IP4 : POS_CONNECTION_IP6;
- if (ct_sip_get_info(ct, dptr, datalen, &matchoff, &matchlen, pos) > 0) {
+ type = family == AF_INET ? SDP_HDR_CONNECTION_IP4 :
+ SDP_HDR_CONNECTION_IP6;
+ if (ct_sip_get_sdp_header(ct, dptr, 0, datalen, type, SDP_HDR_UNSPEC,
+ &matchoff, &matchlen) > 0) {
/* We'll drop only if there are parse problems. */
if (!parse_addr(ct, dptr + matchoff, NULL, &addr,
@@ -455,8 +483,9 @@ static int sip_help(struct sk_buff *skb,
ret = NF_DROP;
goto out;
}
- if (ct_sip_get_info(ct, dptr, datalen, &matchoff, &matchlen,
- POS_MEDIA) > 0) {
+ if (ct_sip_get_sdp_header(ct, dptr, 0, datalen,
+ SDP_HDR_MEDIA, SDP_HDR_UNSPEC,
+ &matchoff, &matchlen) > 0) {
port = simple_strtoul(dptr + matchoff, NULL, 10);
if (port < 1024) {
next prev parent reply other threads:[~2008-03-25 14:15 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-03-25 14:14 [METFILTER 00/32]: SIP helper update Patrick McHardy
2008-03-25 14:14 ` [NETFILTER 01/32]: ipt_CLUSTERIP: fix non-existant macro-name Patrick McHardy
2008-03-25 14:14 ` [NETFILTER 02/32]: nf_conntrack: fix NF_CT_TUPLE_DUMP for IPv4 Patrick McHardy
2008-03-25 15:26 ` Jan Engelhardt
2008-03-25 15:31 ` Patrick McHardy
2008-03-25 14:14 ` [NETFILTER 03/32]: nf_conntrack_expect: constify nf_ct_expect_init arguments Patrick McHardy
2008-03-25 14:14 ` [NETFILTER 04/32]: nf_conntrack_expect: show NF_CT_EXPECT_PERMANENT flag in /proc Patrick McHardy
2008-03-25 14:14 ` [NETFILTER 05/32]: nf_conntrack_expect: support inactive expectations Patrick McHardy
2008-03-25 14:14 ` [NETFILTER 06/32]: nf_conntrack: introduce expectation classes and policies Patrick McHardy
2008-03-25 15:46 ` Jan Engelhardt
2008-03-25 15:51 ` Patrick McHardy
2008-03-25 14:15 ` [NETFILTER 07/32]: Add nf_inet_addr_cmp() Patrick McHardy
2008-03-25 14:15 ` [NETFILTER 08/32]: nf_nat_sip: fix NAT setup order Patrick McHardy
2008-03-25 14:15 ` [NETFILTER 09/32]: nf_conntrack_sip: fix some off-by-ones Patrick McHardy
2008-03-25 14:15 ` [NETFILTER 10/32]: nf_conntrack_sip: adjust dptr and datalen after packet mangling Patrick McHardy
2008-03-25 14:15 ` [NETFILTER 11/32]: nf_conntrack_sip: remove redundant function arguments Patrick McHardy
2008-03-25 14:15 ` [NETFILTER 12/32]: nf_conntrack_sip: use strlen/strcmp Patrick McHardy
2008-03-25 14:15 ` Patrick McHardy [this message]
2008-03-25 14:15 ` [NETFILTER 14/32]: nf_conntrack_sip: kill request URI "header" definitions Patrick McHardy
2008-03-25 14:15 ` [NETFILTER 15/32]: nf_conntrack_sip: parse SIP headers properly Patrick McHardy
2008-03-25 14:15 ` [NETFILTER 16/32]: nf_conntrack_sip: introduce SIP-URI parsing helper Patrick McHardy
2008-03-25 14:15 ` [NETFILTER 17/32]: nf_nat_sip: get rid of text based header translation Patrick McHardy
2008-03-25 14:15 ` [NETFILTER 18/32]: nf_conntrack_sip: move SDP parsing to seperate function Patrick McHardy
2008-03-25 14:15 ` [NETFILTER 19/32]: nf_conntrack_sip: support method specific request/response handling Patrick McHardy
2008-03-25 14:15 ` [NETFILTER 20/32]: nf_conntrack_sip: perform NAT after parsing Patrick McHardy
2008-03-25 14:15 ` [NETFILTER 21/32]: nf_conntrack_sip: process ACK and PRACK methods Patrick McHardy
2008-03-25 14:15 ` [NETFILTER 22/32]: nf_conntrack_sip: flush expectations on call termination Patrick McHardy
2008-03-25 14:15 ` [NETFILTER 23/32]: nf_conntrack_sip: introduce URI and header parameter parsing helpers Patrick McHardy
2008-03-25 14:15 ` [NETFILTER 24/32]: nf_nat_sip: translate all Via headers Patrick McHardy
2008-03-25 14:15 ` [NETFILTER 25/32]: nf_nat_sip: translate all Contact headers Patrick McHardy
2008-03-25 14:15 ` [NETFILTER 26/32]: nf_conntrack_sip: create signalling expectations Patrick McHardy
2008-03-25 14:15 ` [NETFILTER 27/32]: nf_conntrack_sip: allow media expectations with wildcard source address Patrick McHardy
2008-03-25 14:15 ` [NETFILTER 28/32]: nf_conntrack_sip: create RTCP expectations Patrick McHardy
2008-03-25 14:15 ` [NETFILTER 29/32]: nf_nat_sip: split up SDP mangling Patrick McHardy
2008-03-25 14:15 ` [NETFILTER 30/32]: nf_conntrack_sip: support multiple media channels Patrick McHardy
2008-03-25 14:15 ` [NETFILTER 31/32]: nf_conntrack_sip: RTP routing optimization Patrick McHardy
2008-03-25 14:15 ` [NETFILTER 32/32]: nf_conntrack_sip: update copyright Patrick McHardy
2008-03-26 3:29 ` [METFILTER 00/32]: SIP helper update David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080325141508.10539.9723.sendpatchset@localhost.localdomain \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.