[deliverable/linux.git] / net / netfilter / ipvs / ip_vs_pe_sip.c

#define KMSG_COMPONENT "IPVS"
#define pr_fmt(fmt) KMSG_COMPONENT ": " fmt

#include <linux/module.h>
#include <linux/kernel.h>

#include <net/ip_vs.h>
#include <net/netfilter/nf_conntrack.h>
#include <linux/netfilter/nf_conntrack_sip.h>

#ifdef CONFIG_IP_VS_DEBUG
static const char *ip_vs_dbg_callid(char *buf, size_t buf_len,
				    const char *callid, size_t callid_len,
				    int *idx)
{
	size_t len = min(min(callid_len, (size_t)64), buf_len - *idx - 1);
	memcpy(buf + *idx, callid, len);
	buf[*idx+len] = '\0';
	*idx += len + 1;
	return buf + *idx - len;
}

#define IP_VS_DEBUG_CALLID(callid, len)					\
	ip_vs_dbg_callid(ip_vs_dbg_buf, sizeof(ip_vs_dbg_buf),		\
			 callid, len, &ip_vs_dbg_idx)
#endif

static int get_callid(const char *dptr, unsigned int dataoff,
		      unsigned int datalen,
		      unsigned int *matchoff, unsigned int *matchlen)
{
	/* Find callid */
	while (1) {
		int ret = ct_sip_get_header(NULL, dptr, dataoff, datalen,
					    SIP_HDR_CALL_ID, matchoff,
					    matchlen);
		if (ret > 0)
			break;
		if (!ret)
			return 0;
		dataoff += *matchoff;
	}

	/* Empty callid is useless */
	if (!*matchlen)
		return -EINVAL;

	/* Too large is useless */
	if (*matchlen > IP_VS_PEDATA_MAXLEN)
		return -EINVAL;

	/* SIP headers are always followed by a line terminator */
	if (*matchoff + *matchlen == datalen)
		return -EINVAL;

	/* RFC 2543 allows lines to be terminated with CR, LF or CRLF,
	 * RFC 3261 allows only CRLF, we support both. */
	if (*(dptr + *matchoff + *matchlen) != '\r' &&
	    *(dptr + *matchoff + *matchlen) != '\n')
		return -EINVAL;

	IP_VS_DBG_BUF(9, "SIP callid %s (%d bytes)\n",
		      IP_VS_DEBUG_CALLID(dptr + *matchoff, *matchlen),
		      *matchlen);
	return 0;
}

static int
ip_vs_sip_fill_param(struct ip_vs_conn_param *p, struct sk_buff *skb)
{
	struct ip_vs_iphdr iph;
	unsigned int dataoff, datalen, matchoff, matchlen;
	const char *dptr;
	int retc;

	ip_vs_fill_iphdr(p->af, skb_network_header(skb), &iph);

	/* Only useful with UDP */
	if (iph.protocol != IPPROTO_UDP)
		return -EINVAL;

	/* No Data ? */
	dataoff = iph.len + sizeof(struct udphdr);
	if (dataoff >= skb->len)
		return -EINVAL;

	if ((retc=skb_linearize(skb)) < 0)
		return retc;
	dptr = skb->data + dataoff;
	datalen = skb->len - dataoff;

	if (get_callid(dptr, dataoff, datalen, &matchoff, &matchlen))
		return -EINVAL;

	p->pe_data = kmalloc(matchlen, GFP_ATOMIC);
	if (!p->pe_data)
		return -ENOMEM;

	/* N.B: pe_data is only set on success,
	 * this allows fallback to the default persistence logic on failure
	 */
	memcpy(p->pe_data, dptr + matchoff, matchlen);
	p->pe_data_len = matchlen;

	return 0;
}

static bool ip_vs_sip_ct_match(const struct ip_vs_conn_param *p,
				  struct ip_vs_conn *ct)

{
	bool ret = 0;

	if (ct->af == p->af &&
	    ip_vs_addr_equal(p->af, p->caddr, &ct->caddr) &&
	    /* protocol should only be IPPROTO_IP if
	     * d_addr is a fwmark */
	    ip_vs_addr_equal(p->protocol == IPPROTO_IP ? AF_UNSPEC : p->af,
			     p->vaddr, &ct->vaddr) &&
	    ct->vport == p->vport &&
	    ct->flags & IP_VS_CONN_F_TEMPLATE &&
	    ct->protocol == p->protocol &&
	    ct->pe_data && ct->pe_data_len == p->pe_data_len &&
	    !memcmp(ct->pe_data, p->pe_data, p->pe_data_len))
		ret = 1;

	IP_VS_DBG_BUF(9, "SIP template match %s %s->%s:%d %s\n",
		      ip_vs_proto_name(p->protocol),
		      IP_VS_DEBUG_CALLID(p->pe_data, p->pe_data_len),
		      IP_VS_DBG_ADDR(p->af, p->vaddr), ntohs(p->vport),
		      ret ? "hit" : "not hit");

	return ret;
}

static u32 ip_vs_sip_hashkey_raw(const struct ip_vs_conn_param *p,
				 u32 initval, bool inverse)
{
	return jhash(p->pe_data, p->pe_data_len, initval);
}

static int ip_vs_sip_show_pe_data(const struct ip_vs_conn *cp, char *buf)
{
	memcpy(buf, cp->pe_data, cp->pe_data_len);
	return cp->pe_data_len;
}

static struct ip_vs_pe ip_vs_sip_pe =
{
	.name =			"sip",
	.refcnt =		ATOMIC_INIT(0),
	.module =		THIS_MODULE,
	.n_list =		LIST_HEAD_INIT(ip_vs_sip_pe.n_list),
	.fill_param =		ip_vs_sip_fill_param,
	.ct_match =		ip_vs_sip_ct_match,
	.hashkey_raw =		ip_vs_sip_hashkey_raw,
	.show_pe_data =		ip_vs_sip_show_pe_data,
};

static int __init ip_vs_sip_init(void)
{
	return register_ip_vs_pe(&ip_vs_sip_pe);
}

static void __exit ip_vs_sip_cleanup(void)
{
	unregister_ip_vs_pe(&ip_vs_sip_pe);
}

module_init(ip_vs_sip_init);
module_exit(ip_vs_sip_cleanup);
MODULE_LICENSE("GPL");
Commit	Line	Data
758ff033 SH	1	#define KMSG_COMPONENT "IPVS"
	2	#define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
	3
	4	#include <linux/module.h>
	5	#include <linux/kernel.h>
	6
	7	#include <net/ip_vs.h>
	8	#include <net/netfilter/nf_conntrack.h>
	9	#include <linux/netfilter/nf_conntrack_sip.h>
	10
a91fd267	11	#ifdef CONFIG_IP_VS_DEBUG
758ff033 SH	12	static const char ip_vs_dbg_callid(char buf, size_t buf_len,
	13	const char *callid, size_t callid_len,
	14	int *idx)
	15	{
	16	size_t len = min(min(callid_len, (size_t)64), buf_len - *idx - 1);
	17	memcpy(buf + *idx, callid, len);
	18	buf[*idx+len] = '\0';
	19	*idx += len + 1;
	20	return buf + *idx - len;
	21	}
	22
	23	#define IP_VS_DEBUG_CALLID(callid, len) \
	24	ip_vs_dbg_callid(ip_vs_dbg_buf, sizeof(ip_vs_dbg_buf), \
	25	callid, len, &ip_vs_dbg_idx)
a91fd267	26	#endif
758ff033 SH	27
	28	static int get_callid(const char *dptr, unsigned int dataoff,
	29	unsigned int datalen,
	30	unsigned int matchoff, unsigned int matchlen)
	31	{
	32	/* Find callid */
	33	while (1) {
	34	int ret = ct_sip_get_header(NULL, dptr, dataoff, datalen,
	35	SIP_HDR_CALL_ID, matchoff,
	36	matchlen);
	37	if (ret > 0)
	38	break;
	39	if (!ret)
	40	return 0;
	41	dataoff += *matchoff;
	42	}
	43
	44	/* Empty callid is useless */
	45	if (!*matchlen)
	46	return -EINVAL;
	47
	48	/* Too large is useless */
	49	if (*matchlen > IP_VS_PEDATA_MAXLEN)
	50	return -EINVAL;
	51
	52	/* SIP headers are always followed by a line terminator */
	53	if (matchoff + matchlen == datalen)
	54	return -EINVAL;
	55
	56	/* RFC 2543 allows lines to be terminated with CR, LF or CRLF,
	57	* RFC 3261 allows only CRLF, we support both. */
	58	if ((dptr + matchoff + *matchlen) != '\r' &&
	59	(dptr + matchoff + *matchlen) != '\n')
	60	return -EINVAL;
	61
	62	IP_VS_DBG_BUF(9, "SIP callid %s (%d bytes)\n",
	63	IP_VS_DEBUG_CALLID(dptr + matchoff, matchlen),
	64	*matchlen);
	65	return 0;
	66	}
	67
	68	static int
	69	ip_vs_sip_fill_param(struct ip_vs_conn_param p, struct sk_buff skb)
	70	{
	71	struct ip_vs_iphdr iph;
	72	unsigned int dataoff, datalen, matchoff, matchlen;
	73	const char *dptr;
37165226	74	int retc;
758ff033 SH	75
	76	ip_vs_fill_iphdr(p->af, skb_network_header(skb), &iph);
	77
	78	/* Only useful with UDP */
	79	if (iph.protocol != IPPROTO_UDP)
	80	return -EINVAL;
	81
	82	/* No Data ? */
	83	dataoff = iph.len + sizeof(struct udphdr);
	84	if (dataoff >= skb->len)
	85	return -EINVAL;
	86
37165226 HS	87	if ((retc=skb_linearize(skb)) < 0)
37165226 HS	88	return retc;
758ff033 SH	89	dptr = skb->data + dataoff;
	90	datalen = skb->len - dataoff;
	91
	92	if (get_callid(dptr, dataoff, datalen, &matchoff, &matchlen))
	93	return -EINVAL;
	94
	95	p->pe_data = kmalloc(matchlen, GFP_ATOMIC);
	96	if (!p->pe_data)
	97	return -ENOMEM;
	98
	99	/* N.B: pe_data is only set on success,
	100	* this allows fallback to the default persistence logic on failure
	101	*/
	102	memcpy(p->pe_data, dptr + matchoff, matchlen);
	103	p->pe_data_len = matchlen;
	104
	105	return 0;
	106	}
	107
	108	static bool ip_vs_sip_ct_match(const struct ip_vs_conn_param *p,
	109	struct ip_vs_conn *ct)
	110
	111	{
	112	bool ret = 0;
	113
	114	if (ct->af == p->af &&
	115	ip_vs_addr_equal(p->af, p->caddr, &ct->caddr) &&
	116	/* protocol should only be IPPROTO_IP if
	117	* d_addr is a fwmark */
	118	ip_vs_addr_equal(p->protocol == IPPROTO_IP ? AF_UNSPEC : p->af,
	119	p->vaddr, &ct->vaddr) &&
	120	ct->vport == p->vport &&
	121	ct->flags & IP_VS_CONN_F_TEMPLATE &&
	122	ct->protocol == p->protocol &&
	123	ct->pe_data && ct->pe_data_len == p->pe_data_len &&
	124	!memcmp(ct->pe_data, p->pe_data, p->pe_data_len))
	125	ret = 1;
	126
	127	IP_VS_DBG_BUF(9, "SIP template match %s %s->%s:%d %s\n",
	128	ip_vs_proto_name(p->protocol),
	129	IP_VS_DEBUG_CALLID(p->pe_data, p->pe_data_len),
	130	IP_VS_DBG_ADDR(p->af, p->vaddr), ntohs(p->vport),
	131	ret ? "hit" : "not hit");
	132
	133	return ret;
	134	}
	135
	136	static u32 ip_vs_sip_hashkey_raw(const struct ip_vs_conn_param *p,
	137	u32 initval, bool inverse)
	138	{
	139	return jhash(p->pe_data, p->pe_data_len, initval);
	140	}
	141
	142	static int ip_vs_sip_show_pe_data(const struct ip_vs_conn cp, char buf)
	143	{
	144	memcpy(buf, cp->pe_data, cp->pe_data_len);
	145	return cp->pe_data_len;
	146	}
	147
	148	static struct ip_vs_pe ip_vs_sip_pe =
	149	{
	150	.name = "sip",
	151	.refcnt = ATOMIC_INIT(0),
	152	.module = THIS_MODULE,
153	.n_list = LIST_HEAD_INIT(ip_vs_sip_pe.n_list),
154	.fill_param = ip_vs_sip_fill_param,
155	.ct_match = ip_vs_sip_ct_match,
156	.hashkey_raw = ip_vs_sip_hashkey_raw,
157	.show_pe_data = ip_vs_sip_show_pe_data,
158	};
159
160	static int __init ip_vs_sip_init(void)
161	{
162	return register_ip_vs_pe(&ip_vs_sip_pe);
163	}
164
165	static void __exit ip_vs_sip_cleanup(void)
166	{
167	unregister_ip_vs_pe(&ip_vs_sip_pe);
168	}
169
170	module_init(ip_vs_sip_init);
171	module_exit(ip_vs_sip_cleanup);
172	MODULE_LICENSE("GPL");