1#define KMSG_COMPONENT "IPVS"
2#define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
3
4#include <linux/module.h>
5#include <linux/kernel.h>
6
7#include <net/ip_vs.h>
8#include <net/netfilter/nf_conntrack.h>
9#include <linux/netfilter/nf_conntrack_sip.h>
10
11#ifdef CONFIG_IP_VS_DEBUG
12static const char *ip_vs_dbg_callid(char *buf, size_t buf_len,
13 const char *callid, size_t callid_len,
14 int *idx)
15{
16 size_t max_len = 64;
17 size_t len = min3(max_len, callid_len, buf_len - *idx - 1);
18 memcpy(buf + *idx, callid, len);
19 buf[*idx+len] = '\0';
20 *idx += len + 1;
21 return buf + *idx - len;
22}
23
24#define IP_VS_DEBUG_CALLID(callid, len) \
25 ip_vs_dbg_callid(ip_vs_dbg_buf, sizeof(ip_vs_dbg_buf), \
26 callid, len, &ip_vs_dbg_idx)
27#endif
28
29static int get_callid(const char *dptr, unsigned int dataoff,
30 unsigned int datalen,
31 unsigned int *matchoff, unsigned int *matchlen)
32{
33 /* Find callid */
34 while (1) {
35 int ret = ct_sip_get_header(NULL, dptr, dataoff, datalen,
36 SIP_HDR_CALL_ID, matchoff,
37 matchlen);
38 if (ret > 0)
39 break;
40 if (!ret)
41 return -EINVAL;
42 dataoff += *matchoff;
43 }
44
45 /* Too large is useless */
46 if (*matchlen > IP_VS_PEDATA_MAXLEN)
47 return -EINVAL;
48
49 /* SIP headers are always followed by a line terminator */
50 if (*matchoff + *matchlen == datalen)
51 return -EINVAL;
52
53 /* RFC 2543 allows lines to be terminated with CR, LF or CRLF,
54 * RFC 3261 allows only CRLF, we support both. */
55 if (*(dptr + *matchoff + *matchlen) != '\r' &&
56 *(dptr + *matchoff + *matchlen) != '\n')
57 return -EINVAL;
58
59 IP_VS_DBG_BUF(9, "SIP callid %s (%d bytes)\n",
60 IP_VS_DEBUG_CALLID(dptr + *matchoff, *matchlen),
61 *matchlen);
62 return 0;
63}
64
65static int
66ip_vs_sip_fill_param(struct ip_vs_conn_param *p, struct sk_buff *skb)
67{
68 struct ip_vs_iphdr iph;
69 unsigned int dataoff, datalen, matchoff, matchlen;
70 const char *dptr;
71 int retc;
72
73 retc = ip_vs_fill_iph_skb(p->af, skb, false, &iph);
74
75 /* Only useful with UDP */
76 if (!retc || iph.protocol != IPPROTO_UDP)
77 return -EINVAL;
78 /* todo: IPv6 fragments:
79 * I think this only should be done for the first fragment. /HS
80 */
81 dataoff = iph.len + sizeof(struct udphdr);
82
83 if (dataoff >= skb->len)
84 return -EINVAL;
85 retc = skb_linearize(skb);
86 if (retc < 0)
87 return retc;
88 dptr = skb->data + dataoff;
89 datalen = skb->len - dataoff;
90
91 if (get_callid(dptr, 0, datalen, &matchoff, &matchlen))
92 return -EINVAL;
93
94 /* N.B: pe_data is only set on success,
95 * this allows fallback to the default persistence logic on failure
96 */
97 p->pe_data = kmemdup(dptr + matchoff, matchlen, GFP_ATOMIC);
98 if (!p->pe_data)
99 return -ENOMEM;
100
101 p->pe_data_len = matchlen;
102
103 return 0;
104}
105
106static bool ip_vs_sip_ct_match(const struct ip_vs_conn_param *p,
107 struct ip_vs_conn *ct)
108
109{
110 bool ret = false;
111
112 if (ct->af == p->af &&
113 ip_vs_addr_equal(p->af, p->caddr, &ct->caddr) &&
114 /* protocol should only be IPPROTO_IP if
115 * d_addr is a fwmark */
116 ip_vs_addr_equal(p->protocol == IPPROTO_IP ? AF_UNSPEC : p->af,
117 p->vaddr, &ct->vaddr) &&
118 ct->vport == p->vport &&
119 ct->flags & IP_VS_CONN_F_TEMPLATE &&
120 ct->protocol == p->protocol &&
121 ct->pe_data && ct->pe_data_len == p->pe_data_len &&
122 !memcmp(ct->pe_data, p->pe_data, p->pe_data_len))
123 ret = true;
124
125 IP_VS_DBG_BUF(9, "SIP template match %s %s->%s:%d %s\n",
126 ip_vs_proto_name(p->protocol),
127 IP_VS_DEBUG_CALLID(p->pe_data, p->pe_data_len),
128 IP_VS_DBG_ADDR(p->af, p->vaddr), ntohs(p->vport),
129 ret ? "hit" : "not hit");
130
131 return ret;
132}
133
134static u32 ip_vs_sip_hashkey_raw(const struct ip_vs_conn_param *p,
135 u32 initval, bool inverse)
136{
137 return jhash(p->pe_data, p->pe_data_len, initval);
138}
139
140static int ip_vs_sip_show_pe_data(const struct ip_vs_conn *cp, char *buf)
141{
142 memcpy(buf, cp->pe_data, cp->pe_data_len);
143 return cp->pe_data_len;
144}
145
146static struct ip_vs_conn *
147ip_vs_sip_conn_out(struct ip_vs_service *svc,
148 struct ip_vs_dest *dest,
149 struct sk_buff *skb,
150 const struct ip_vs_iphdr *iph,
151 __be16 dport,
152 __be16 cport)
153{
154 if (likely(iph->protocol == IPPROTO_UDP))
155 return ip_vs_new_conn_out(svc, dest, skb, iph, dport, cport);
156 /* currently no need to handle other than UDP */
157 return NULL;
158}
159
160static struct ip_vs_pe ip_vs_sip_pe =
161{
162 .name = "sip",
163 .refcnt = ATOMIC_INIT(0),
164 .module = THIS_MODULE,
165 .n_list = LIST_HEAD_INIT(ip_vs_sip_pe.n_list),
166 .fill_param = ip_vs_sip_fill_param,
167 .ct_match = ip_vs_sip_ct_match,
168 .hashkey_raw = ip_vs_sip_hashkey_raw,
169 .show_pe_data = ip_vs_sip_show_pe_data,
170 .conn_out = ip_vs_sip_conn_out,
171};
172
173static int __init ip_vs_sip_init(void)
174{
175 return register_ip_vs_pe(&ip_vs_sip_pe);
176}
177
178static void __exit ip_vs_sip_cleanup(void)
179{
180 unregister_ip_vs_pe(&ip_vs_sip_pe);
181 synchronize_rcu();
182}
183
184module_init(ip_vs_sip_init);
185module_exit(ip_vs_sip_cleanup);
186MODULE_LICENSE("GPL");
187