[IP]: Introduce ip_hdrlen()
[linux-3.10.git] / net / ipv4 / netfilter / nf_nat_sip.c
1 /* SIP extension for UDP NAT alteration.
2  *
3  * (C) 2005 by Christian Hentschel <chentschel@arnet.com.ar>
4  * based on RR's ip_nat_ftp.c and other modules.
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License version 2 as
8  * published by the Free Software Foundation.
9  */
10
11 #include <linux/module.h>
12 #include <linux/skbuff.h>
13 #include <linux/ip.h>
14 #include <net/ip.h>
15 #include <linux/udp.h>
16
17 #include <net/netfilter/nf_nat.h>
18 #include <net/netfilter/nf_nat_helper.h>
19 #include <net/netfilter/nf_nat_rule.h>
20 #include <net/netfilter/nf_conntrack_helper.h>
21 #include <net/netfilter/nf_conntrack_expect.h>
22 #include <linux/netfilter/nf_conntrack_sip.h>
23
24 MODULE_LICENSE("GPL");
25 MODULE_AUTHOR("Christian Hentschel <chentschel@arnet.com.ar>");
26 MODULE_DESCRIPTION("SIP NAT helper");
27 MODULE_ALIAS("ip_nat_sip");
28
29 #if 0
30 #define DEBUGP printk
31 #else
32 #define DEBUGP(format, args...)
33 #endif
34
35 struct addr_map {
36         struct {
37                 char            src[sizeof("nnn.nnn.nnn.nnn:nnnnn")];
38                 char            dst[sizeof("nnn.nnn.nnn.nnn:nnnnn")];
39                 unsigned int    srclen, srciplen;
40                 unsigned int    dstlen, dstiplen;
41         } addr[IP_CT_DIR_MAX];
42 };
43
44 static void addr_map_init(struct nf_conn *ct, struct addr_map *map)
45 {
46         struct nf_conntrack_tuple *t;
47         enum ip_conntrack_dir dir;
48         unsigned int n;
49
50         for (dir = 0; dir < IP_CT_DIR_MAX; dir++) {
51                 t = &ct->tuplehash[dir].tuple;
52
53                 n = sprintf(map->addr[dir].src, "%u.%u.%u.%u",
54                             NIPQUAD(t->src.u3.ip));
55                 map->addr[dir].srciplen = n;
56                 n += sprintf(map->addr[dir].src + n, ":%u",
57                              ntohs(t->src.u.udp.port));
58                 map->addr[dir].srclen = n;
59
60                 n = sprintf(map->addr[dir].dst, "%u.%u.%u.%u",
61                             NIPQUAD(t->dst.u3.ip));
62                 map->addr[dir].dstiplen = n;
63                 n += sprintf(map->addr[dir].dst + n, ":%u",
64                              ntohs(t->dst.u.udp.port));
65                 map->addr[dir].dstlen = n;
66         }
67 }
68
69 static int map_sip_addr(struct sk_buff **pskb, enum ip_conntrack_info ctinfo,
70                         struct nf_conn *ct, const char **dptr, size_t dlen,
71                         enum sip_header_pos pos, struct addr_map *map)
72 {
73         enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
74         unsigned int matchlen, matchoff, addrlen;
75         char *addr;
76
77         if (ct_sip_get_info(ct, *dptr, dlen, &matchoff, &matchlen, pos) <= 0)
78                 return 1;
79
80         if ((matchlen == map->addr[dir].srciplen ||
81              matchlen == map->addr[dir].srclen) &&
82             memcmp(*dptr + matchoff, map->addr[dir].src, matchlen) == 0) {
83                 addr    = map->addr[!dir].dst;
84                 addrlen = map->addr[!dir].dstlen;
85         } else if ((matchlen == map->addr[dir].dstiplen ||
86                     matchlen == map->addr[dir].dstlen) &&
87                    memcmp(*dptr + matchoff, map->addr[dir].dst, matchlen) == 0) {
88                 addr    = map->addr[!dir].src;
89                 addrlen = map->addr[!dir].srclen;
90         } else
91                 return 1;
92
93         if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo,
94                                       matchoff, matchlen, addr, addrlen))
95                 return 0;
96         *dptr = (*pskb)->data + ip_hdrlen(*pskb) + sizeof(struct udphdr);
97         return 1;
98
99 }
100
101 static unsigned int ip_nat_sip(struct sk_buff **pskb,
102                                enum ip_conntrack_info ctinfo,
103                                struct nf_conn *ct,
104                                const char **dptr)
105 {
106         enum sip_header_pos pos;
107         struct addr_map map;
108         int dataoff, datalen;
109
110         dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr);
111         datalen = (*pskb)->len - dataoff;
112         if (datalen < sizeof("SIP/2.0") - 1)
113                 return NF_DROP;
114
115         addr_map_init(ct, &map);
116
117         /* Basic rules: requests and responses. */
118         if (strncmp(*dptr, "SIP/2.0", sizeof("SIP/2.0") - 1) != 0) {
119                 /* 10.2: Constructing the REGISTER Request:
120                  *
121                  * The "userinfo" and "@" components of the SIP URI MUST NOT
122                  * be present.
123                  */
124                 if (datalen >= sizeof("REGISTER") - 1 &&
125                     strncmp(*dptr, "REGISTER", sizeof("REGISTER") - 1) == 0)
126                         pos = POS_REG_REQ_URI;
127                 else
128                         pos = POS_REQ_URI;
129
130                 if (!map_sip_addr(pskb, ctinfo, ct, dptr, datalen, pos, &map))
131                         return NF_DROP;
132         }
133
134         if (!map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_FROM, &map) ||
135             !map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_TO, &map) ||
136             !map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_VIA, &map) ||
137             !map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_CONTACT, &map))
138                 return NF_DROP;
139         return NF_ACCEPT;
140 }
141
142 static unsigned int mangle_sip_packet(struct sk_buff **pskb,
143                                       enum ip_conntrack_info ctinfo,
144                                       struct nf_conn *ct,
145                                       const char **dptr, size_t dlen,
146                                       char *buffer, int bufflen,
147                                       enum sip_header_pos pos)
148 {
149         unsigned int matchlen, matchoff;
150
151         if (ct_sip_get_info(ct, *dptr, dlen, &matchoff, &matchlen, pos) <= 0)
152                 return 0;
153
154         if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo,
155                                       matchoff, matchlen, buffer, bufflen))
156                 return 0;
157
158         /* We need to reload this. Thanks Patrick. */
159         *dptr = (*pskb)->data + ip_hdrlen(*pskb) + sizeof(struct udphdr);
160         return 1;
161 }
162
163 static int mangle_content_len(struct sk_buff **pskb,
164                               enum ip_conntrack_info ctinfo,
165                               struct nf_conn *ct,
166                               const char *dptr)
167 {
168         unsigned int dataoff, matchoff, matchlen;
169         char buffer[sizeof("65536")];
170         int bufflen;
171
172         dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr);
173
174         /* Get actual SDP lenght */
175         if (ct_sip_get_info(ct, dptr, (*pskb)->len - dataoff, &matchoff,
176                             &matchlen, POS_SDP_HEADER) > 0) {
177
178                 /* since ct_sip_get_info() give us a pointer passing 'v='
179                    we need to add 2 bytes in this count. */
180                 int c_len = (*pskb)->len - dataoff - matchoff + 2;
181
182                 /* Now, update SDP length */
183                 if (ct_sip_get_info(ct, dptr, (*pskb)->len - dataoff, &matchoff,
184                                     &matchlen, POS_CONTENT) > 0) {
185
186                         bufflen = sprintf(buffer, "%u", c_len);
187                         return nf_nat_mangle_udp_packet(pskb, ct, ctinfo,
188                                                         matchoff, matchlen,
189                                                         buffer, bufflen);
190                 }
191         }
192         return 0;
193 }
194
195 static unsigned int mangle_sdp(struct sk_buff **pskb,
196                                enum ip_conntrack_info ctinfo,
197                                struct nf_conn *ct,
198                                __be32 newip, u_int16_t port,
199                                const char *dptr)
200 {
201         char buffer[sizeof("nnn.nnn.nnn.nnn")];
202         unsigned int dataoff, bufflen;
203
204         dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr);
205
206         /* Mangle owner and contact info. */
207         bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip));
208         if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff,
209                                buffer, bufflen, POS_OWNER_IP4))
210                 return 0;
211
212         if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff,
213                                buffer, bufflen, POS_CONNECTION_IP4))
214                 return 0;
215
216         /* Mangle media port. */
217         bufflen = sprintf(buffer, "%u", port);
218         if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff,
219                                buffer, bufflen, POS_MEDIA))
220                 return 0;
221
222         return mangle_content_len(pskb, ctinfo, ct, dptr);
223 }
224
225 /* So, this packet has hit the connection tracking matching code.
226    Mangle it, and change the expectation to match the new version. */
227 static unsigned int ip_nat_sdp(struct sk_buff **pskb,
228                                enum ip_conntrack_info ctinfo,
229                                struct nf_conntrack_expect *exp,
230                                const char *dptr)
231 {
232         struct nf_conn *ct = exp->master;
233         enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
234         __be32 newip;
235         u_int16_t port;
236
237         DEBUGP("ip_nat_sdp():\n");
238
239         /* Connection will come from reply */
240         newip = ct->tuplehash[!dir].tuple.dst.u3.ip;
241
242         exp->tuple.dst.u3.ip = newip;
243         exp->saved_proto.udp.port = exp->tuple.dst.u.udp.port;
244         exp->dir = !dir;
245
246         /* When you see the packet, we need to NAT it the same as the
247            this one. */
248         exp->expectfn = nf_nat_follow_master;
249
250         /* Try to get same port: if not, try to change it. */
251         for (port = ntohs(exp->saved_proto.udp.port); port != 0; port++) {
252                 exp->tuple.dst.u.udp.port = htons(port);
253                 if (nf_conntrack_expect_related(exp) == 0)
254                         break;
255         }
256
257         if (port == 0)
258                 return NF_DROP;
259
260         if (!mangle_sdp(pskb, ctinfo, ct, newip, port, dptr)) {
261                 nf_conntrack_unexpect_related(exp);
262                 return NF_DROP;
263         }
264         return NF_ACCEPT;
265 }
266
267 static void __exit nf_nat_sip_fini(void)
268 {
269         rcu_assign_pointer(nf_nat_sip_hook, NULL);
270         rcu_assign_pointer(nf_nat_sdp_hook, NULL);
271         synchronize_rcu();
272 }
273
274 static int __init nf_nat_sip_init(void)
275 {
276         BUG_ON(rcu_dereference(nf_nat_sip_hook));
277         BUG_ON(rcu_dereference(nf_nat_sdp_hook));
278         rcu_assign_pointer(nf_nat_sip_hook, ip_nat_sip);
279         rcu_assign_pointer(nf_nat_sdp_hook, ip_nat_sdp);
280         return 0;
281 }
282
283 module_init(nf_nat_sip_init);
284 module_exit(nf_nat_sip_fini);