Commit | Line | Data |
---|---|---|
758ff033 SH |
1 | #define KMSG_COMPONENT "IPVS" |
2 | #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt | |
3 | ||
4 | #include <linux/module.h> | |
5 | #include <linux/kernel.h> | |
6 | ||
7 | #include <net/ip_vs.h> | |
8 | #include <net/netfilter/nf_conntrack.h> | |
9 | #include <linux/netfilter/nf_conntrack_sip.h> | |
10 | ||
a91fd267 | 11 | #ifdef CONFIG_IP_VS_DEBUG |
758ff033 SH |
12 | static const char *ip_vs_dbg_callid(char *buf, size_t buf_len, |
13 | const char *callid, size_t callid_len, | |
14 | int *idx) | |
15 | { | |
16 | size_t len = min(min(callid_len, (size_t)64), buf_len - *idx - 1); | |
17 | memcpy(buf + *idx, callid, len); | |
18 | buf[*idx+len] = '\0'; | |
19 | *idx += len + 1; | |
20 | return buf + *idx - len; | |
21 | } | |
22 | ||
23 | #define IP_VS_DEBUG_CALLID(callid, len) \ | |
24 | ip_vs_dbg_callid(ip_vs_dbg_buf, sizeof(ip_vs_dbg_buf), \ | |
25 | callid, len, &ip_vs_dbg_idx) | |
a91fd267 | 26 | #endif |
758ff033 SH |
27 | |
28 | static int get_callid(const char *dptr, unsigned int dataoff, | |
29 | unsigned int datalen, | |
30 | unsigned int *matchoff, unsigned int *matchlen) | |
31 | { | |
32 | /* Find callid */ | |
33 | while (1) { | |
34 | int ret = ct_sip_get_header(NULL, dptr, dataoff, datalen, | |
35 | SIP_HDR_CALL_ID, matchoff, | |
36 | matchlen); | |
37 | if (ret > 0) | |
38 | break; | |
39 | if (!ret) | |
40 | return 0; | |
41 | dataoff += *matchoff; | |
42 | } | |
43 | ||
44 | /* Empty callid is useless */ | |
45 | if (!*matchlen) | |
46 | return -EINVAL; | |
47 | ||
48 | /* Too large is useless */ | |
49 | if (*matchlen > IP_VS_PEDATA_MAXLEN) | |
50 | return -EINVAL; | |
51 | ||
52 | /* SIP headers are always followed by a line terminator */ | |
53 | if (*matchoff + *matchlen == datalen) | |
54 | return -EINVAL; | |
55 | ||
56 | /* RFC 2543 allows lines to be terminated with CR, LF or CRLF, | |
57 | * RFC 3261 allows only CRLF, we support both. */ | |
58 | if (*(dptr + *matchoff + *matchlen) != '\r' && | |
59 | *(dptr + *matchoff + *matchlen) != '\n') | |
60 | return -EINVAL; | |
61 | ||
62 | IP_VS_DBG_BUF(9, "SIP callid %s (%d bytes)\n", | |
63 | IP_VS_DEBUG_CALLID(dptr + *matchoff, *matchlen), | |
64 | *matchlen); | |
65 | return 0; | |
66 | } | |
67 | ||
68 | static int | |
69 | ip_vs_sip_fill_param(struct ip_vs_conn_param *p, struct sk_buff *skb) | |
70 | { | |
71 | struct ip_vs_iphdr iph; | |
72 | unsigned int dataoff, datalen, matchoff, matchlen; | |
73 | const char *dptr; | |
37165226 | 74 | int retc; |
758ff033 SH |
75 | |
76 | ip_vs_fill_iphdr(p->af, skb_network_header(skb), &iph); | |
77 | ||
78 | /* Only useful with UDP */ | |
79 | if (iph.protocol != IPPROTO_UDP) | |
80 | return -EINVAL; | |
81 | ||
82 | /* No Data ? */ | |
83 | dataoff = iph.len + sizeof(struct udphdr); | |
84 | if (dataoff >= skb->len) | |
85 | return -EINVAL; | |
86 | ||
37165226 HS |
87 | if ((retc=skb_linearize(skb)) < 0) |
88 | return retc; | |
758ff033 SH |
89 | dptr = skb->data + dataoff; |
90 | datalen = skb->len - dataoff; | |
91 | ||
92 | if (get_callid(dptr, dataoff, datalen, &matchoff, &matchlen)) | |
93 | return -EINVAL; | |
94 | ||
95 | p->pe_data = kmalloc(matchlen, GFP_ATOMIC); | |
96 | if (!p->pe_data) | |
97 | return -ENOMEM; | |
98 | ||
99 | /* N.B: pe_data is only set on success, | |
100 | * this allows fallback to the default persistence logic on failure | |
101 | */ | |
102 | memcpy(p->pe_data, dptr + matchoff, matchlen); | |
103 | p->pe_data_len = matchlen; | |
104 | ||
105 | return 0; | |
106 | } | |
107 | ||
108 | static bool ip_vs_sip_ct_match(const struct ip_vs_conn_param *p, | |
109 | struct ip_vs_conn *ct) | |
110 | ||
111 | { | |
112 | bool ret = 0; | |
113 | ||
114 | if (ct->af == p->af && | |
115 | ip_vs_addr_equal(p->af, p->caddr, &ct->caddr) && | |
116 | /* protocol should only be IPPROTO_IP if | |
117 | * d_addr is a fwmark */ | |
118 | ip_vs_addr_equal(p->protocol == IPPROTO_IP ? AF_UNSPEC : p->af, | |
119 | p->vaddr, &ct->vaddr) && | |
120 | ct->vport == p->vport && | |
121 | ct->flags & IP_VS_CONN_F_TEMPLATE && | |
122 | ct->protocol == p->protocol && | |
123 | ct->pe_data && ct->pe_data_len == p->pe_data_len && | |
124 | !memcmp(ct->pe_data, p->pe_data, p->pe_data_len)) | |
125 | ret = 1; | |
126 | ||
127 | IP_VS_DBG_BUF(9, "SIP template match %s %s->%s:%d %s\n", | |
128 | ip_vs_proto_name(p->protocol), | |
129 | IP_VS_DEBUG_CALLID(p->pe_data, p->pe_data_len), | |
130 | IP_VS_DBG_ADDR(p->af, p->vaddr), ntohs(p->vport), | |
131 | ret ? "hit" : "not hit"); | |
132 | ||
133 | return ret; | |
134 | } | |
135 | ||
136 | static u32 ip_vs_sip_hashkey_raw(const struct ip_vs_conn_param *p, | |
137 | u32 initval, bool inverse) | |
138 | { | |
139 | return jhash(p->pe_data, p->pe_data_len, initval); | |
140 | } | |
141 | ||
142 | static int ip_vs_sip_show_pe_data(const struct ip_vs_conn *cp, char *buf) | |
143 | { | |
144 | memcpy(buf, cp->pe_data, cp->pe_data_len); | |
145 | return cp->pe_data_len; | |
146 | } | |
147 | ||
148 | static struct ip_vs_pe ip_vs_sip_pe = | |
149 | { | |
150 | .name = "sip", | |
151 | .refcnt = ATOMIC_INIT(0), | |
152 | .module = THIS_MODULE, | |
153 | .n_list = LIST_HEAD_INIT(ip_vs_sip_pe.n_list), | |
154 | .fill_param = ip_vs_sip_fill_param, | |
155 | .ct_match = ip_vs_sip_ct_match, | |
156 | .hashkey_raw = ip_vs_sip_hashkey_raw, | |
157 | .show_pe_data = ip_vs_sip_show_pe_data, | |
158 | }; | |
159 | ||
160 | static int __init ip_vs_sip_init(void) | |
161 | { | |
162 | return register_ip_vs_pe(&ip_vs_sip_pe); | |
163 | } | |
164 | ||
165 | static void __exit ip_vs_sip_cleanup(void) | |
166 | { | |
167 | unregister_ip_vs_pe(&ip_vs_sip_pe); | |
168 | } | |
169 | ||
170 | module_init(ip_vs_sip_init); | |
171 | module_exit(ip_vs_sip_cleanup); | |
172 | MODULE_LICENSE("GPL"); |