[NETFILTER]: nf_conntrack_sip: parse SIP headers properly

Introduce new function for SIP header parsing that properly deals with
continuation lines and whitespace in headers and use it.

Signed-off-by: Patrick McHardy <[email protected]>
Signed-off-by: David S. Miller <[email protected]>

Author: kaber

include/linux/netfilter/nf_conntrack_sip.h

@@ -5,14 +5,6 @@
 #define SIP_PORT	5060
 #define SIP_TIMEOUT	3600
 
-enum sip_header_pos {
-	POS_FROM,
-	POS_TO,
-	POS_VIA,
-	POS_CONTACT,
-	POS_CONTENT,
-};
-
 struct sip_header {
 	const char	*name;
 	const char	*cname;
@@ -36,9 +28,20 @@ struct sip_header {
 	.match_len	= (__match),					\
 }
 
+#define SIP_HDR(__name, __cname, __search, __match) \
+	__SIP_HDR(__name, __cname, __search, __match)
+
 #define SDP_HDR(__name, __search, __match) \
 	__SIP_HDR(__name, NULL, __search, __match)
 
+enum sip_header_types {
+	SIP_HDR_FROM,
+	SIP_HDR_TO,
+	SIP_HDR_CONTACT,
+	SIP_HDR_VIA,
+	SIP_HDR_CONTENT_LENGTH,
+};
+
 enum sdp_header_types {
 	SDP_HDR_UNSPEC,
 	SDP_HDR_VERSION,
@@ -60,13 +63,10 @@ extern unsigned int (*nf_nat_sdp_hook)(struct sk_buff *skb,
 extern int ct_sip_parse_request(const struct nf_conn *ct,
 				const char *dptr, unsigned int datalen,
 				unsigned int *matchoff, unsigned int *matchlen);
-extern int ct_sip_get_info(const struct nf_conn *ct, const char *dptr,
-                           size_t dlen, unsigned int *matchoff,
-                           unsigned int *matchlen, enum sip_header_pos pos);
-extern int ct_sip_lnlen(const char *line, const char *limit);
-extern const char *ct_sip_search(const char *needle, const char *haystack,
-				 size_t needle_len, size_t haystack_len,
-				 int case_sensitive);
+extern int ct_sip_get_header(const struct nf_conn *ct, const char *dptr,
+			     unsigned int dataoff, unsigned int datalen,
+			     enum sip_header_types type,
+			     unsigned int *matchoff, unsigned int *matchlen);
 
 extern int ct_sip_get_sdp_header(const struct nf_conn *ct, const char *dptr,
 				 unsigned int dataoff, unsigned int datalen,

net/ipv4/netfilter/nf_nat_sip.c

@@ -108,14 +108,14 @@ static int map_addr(struct sk_buff *skb,
 
 static int map_sip_addr(struct sk_buff *skb,
 			const char **dptr, unsigned int *datalen,
-			enum sip_header_pos pos, struct addr_map *map)
+			enum sip_header_types type, struct addr_map *map)
 {
 	enum ip_conntrack_info ctinfo;
 	struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
 	unsigned int matchlen, matchoff;
 
-	if (ct_sip_get_info(ct, *dptr, *datalen, &matchoff, &matchlen,
-			    pos) <= 0)
+	if (ct_sip_get_header(ct, *dptr, 0, *datalen, type,
+			      &matchoff, &matchlen) <= 0)
 		return 1;
 	return map_addr(skb, dptr, datalen, matchoff, matchlen, map);
 }
@@ -141,10 +141,10 @@ static unsigned int ip_nat_sip(struct sk_buff *skb,
 			return NF_DROP;
 	}
 
-	if (!map_sip_addr(skb, dptr, datalen, POS_FROM, &map) ||
-	    !map_sip_addr(skb, dptr, datalen, POS_TO, &map) ||
-	    !map_sip_addr(skb, dptr, datalen, POS_VIA, &map) ||
-	    !map_sip_addr(skb, dptr, datalen, POS_CONTACT, &map))
+	if (!map_sip_addr(skb, dptr, datalen, SIP_HDR_FROM, &map) ||
+	    !map_sip_addr(skb, dptr, datalen, SIP_HDR_TO, &map) ||
+	    !map_sip_addr(skb, dptr, datalen, SIP_HDR_VIA, &map) ||
+	    !map_sip_addr(skb, dptr, datalen, SIP_HDR_CONTACT, &map))
 		return NF_DROP;
 	return NF_ACCEPT;
 }
@@ -166,8 +166,8 @@ static int mangle_content_len(struct sk_buff *skb,
 	c_len = *datalen - matchoff + strlen("v=");
 
 	/* Now, update SDP length */
-	if (ct_sip_get_info(ct, *dptr, *datalen, &matchoff, &matchlen,
-			    POS_CONTENT) <= 0)
+	if (ct_sip_get_header(ct, *dptr, 0, *datalen, SIP_HDR_CONTENT_LENGTH,
+			      &matchoff, &matchlen) <= 0)
 		return 0;
 
 	buflen = sprintf(buffer, "%u", c_len);