[NETFILTER]: nf_nat_sip: translate all Via headers

Update maddr=, received= and rport= Via-header parameters refering to
the signalling connection.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Patrick McHardy 2008-03-25 20:24:41 -07:00 committed by David S. Miller
parent 2bbb21168a
commit 720ac7085c

View File

@ -100,9 +100,11 @@ static unsigned int ip_nat_sip(struct sk_buff *skb,
{
enum ip_conntrack_info ctinfo;
struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
unsigned int matchoff, matchlen;
union nf_inet_addr addr;
__be16 port;
int request;
/* Basic rules: requests and responses. */
if (strnicmp(*dptr, "SIP/2.0", strlen("SIP/2.0")) != 0) {
@ -112,11 +114,81 @@ static unsigned int ip_nat_sip(struct sk_buff *skb,
!map_addr(skb, dptr, datalen, matchoff, matchlen,
&addr, port))
return NF_DROP;
request = 1;
} else
request = 0;
/* Translate topmost Via header and parameters */
if (ct_sip_parse_header_uri(ct, *dptr, NULL, *datalen,
SIP_HDR_VIA, NULL, &matchoff, &matchlen,
&addr, &port) > 0) {
unsigned int matchend, poff, plen, buflen, n;
char buffer[sizeof("nnn.nnn.nnn.nnn:nnnnn")];
/* We're only interested in headers related to this
* connection */
if (request) {
if (addr.ip != ct->tuplehash[dir].tuple.src.u3.ip ||
port != ct->tuplehash[dir].tuple.src.u.udp.port)
goto next;
} else {
if (addr.ip != ct->tuplehash[dir].tuple.dst.u3.ip ||
port != ct->tuplehash[dir].tuple.dst.u.udp.port)
goto next;
}
if (!map_addr(skb, dptr, datalen, matchoff, matchlen,
&addr, port))
return NF_DROP;
matchend = matchoff + matchlen;
/* The maddr= parameter (RFC 2361) specifies where to send
* the reply. */
if (ct_sip_parse_address_param(ct, *dptr, matchend, *datalen,
"maddr=", &poff, &plen,
&addr) > 0 &&
addr.ip == ct->tuplehash[dir].tuple.src.u3.ip &&
addr.ip != ct->tuplehash[!dir].tuple.dst.u3.ip) {
__be32 ip = ct->tuplehash[!dir].tuple.dst.u3.ip;
buflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(ip));
if (!mangle_packet(skb, dptr, datalen, poff, plen,
buffer, buflen))
return NF_DROP;
}
/* The received= parameter (RFC 2361) contains the address
* from which the server received the request. */
if (ct_sip_parse_address_param(ct, *dptr, matchend, *datalen,
"received=", &poff, &plen,
&addr) > 0 &&
addr.ip == ct->tuplehash[dir].tuple.dst.u3.ip &&
addr.ip != ct->tuplehash[!dir].tuple.src.u3.ip) {
__be32 ip = ct->tuplehash[!dir].tuple.src.u3.ip;
buflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(ip));
if (!mangle_packet(skb, dptr, datalen, poff, plen,
buffer, buflen))
return NF_DROP;
}
/* The rport= parameter (RFC 3581) contains the port number
* from which the server received the request. */
if (ct_sip_parse_numerical_param(ct, *dptr, matchend, *datalen,
"rport=", &poff, &plen,
&n) > 0 &&
htons(n) == ct->tuplehash[dir].tuple.dst.u.udp.port &&
htons(n) != ct->tuplehash[!dir].tuple.src.u.udp.port) {
__be16 p = ct->tuplehash[!dir].tuple.src.u.udp.port;
buflen = sprintf(buffer, "%u", ntohs(p));
if (!mangle_packet(skb, dptr, datalen, poff, plen,
buffer, buflen))
return NF_DROP;
}
}
next:
if (!map_sip_addr(skb, dptr, datalen, SIP_HDR_FROM) ||
!map_sip_addr(skb, dptr, datalen, SIP_HDR_TO) ||
!map_sip_addr(skb, dptr, datalen, SIP_HDR_VIA) ||
!map_sip_addr(skb, dptr, datalen, SIP_HDR_CONTACT))
return NF_DROP;
return NF_ACCEPT;