[sr-dev] git:master:ce3bfaa8: nathelper: extend nat_uac_test() to test for mismatch between connection and source IP (GH #2045)

Tue Sep 3 23:24:38 CEST 2019

Module: kamailio
Branch: master
Commit: ce3bfaa843f0efabe49bd7087e89506f3f211669
URL: https://github.com/kamailio/kamailio/commit/ce3bfaa843f0efabe49bd7087e89506f3f211669

Author: Yasin Caner <caner_yaso at hotmail.com>
Committer: Henning Westerholt <hw at skalatan.de>
Date: 2019-09-03T23:14:16+02:00

nathelper: extend nat_uac_test() to test for mismatch between connection and source IP (GH #2045)

- extend nat_uac_test function to test for mismatch between connection and source IP
- add documentation for this new flag 256 to module docs as well
- based on pull request GH #2045 with smaller adaptions

---

Modified: src/modules/nathelper/doc/nathelper_admin.xml
Modified: src/modules/nathelper/nathelper.c

---

Diff:  https://github.com/kamailio/kamailio/commit/ce3bfaa843f0efabe49bd7087e89506f3f211669.diff
Patch: https://github.com/kamailio/kamailio/commit/ce3bfaa843f0efabe49bd7087e89506f3f211669.patch

---

diff --git a/src/modules/nathelper/doc/nathelper_admin.xml b/src/modules/nathelper/doc/nathelper_admin.xml
index e3c47e2d70..71b8e92479 100644
--- a/src/modules/nathelper/doc/nathelper_admin.xml
+++ b/src/modules/nathelper/doc/nathelper_admin.xml
@@ -666,6 +666,10 @@ fix_nated_register();
 			URI port differs from the source port of the request (Warning: this is
 			might be legal or even intended combination in non NATted scenarios)
 			</para></listitem>
+			<emphasis>256</emphasis> -  Test if the SDP connection address is different
+			from source IP address. It will work also with multiple connection address
+			lines.
+			</para></listitem>
 			</itemizedlist>
 		<para>
 		All flags can be bitwise combined, the test returns true if any of 
diff --git a/src/modules/nathelper/nathelper.c b/src/modules/nathelper/nathelper.c
index 27015b7bd8..6baaa64528 100644
--- a/src/modules/nathelper/nathelper.c
+++ b/src/modules/nathelper/nathelper.c
@@ -100,7 +100,7 @@ MODULE_VERSION
 #define NAT_UAC_TEST_O_1918 0x20
 #define NAT_UAC_TEST_WS 0x40
 #define NAT_UAC_TEST_C_PORT 0x80
-
+#define NAT_UAC_TEST_SDP_CLINE 0x100
 
 #define DEFAULT_NATPING_STATE 1
 
@@ -123,6 +123,7 @@ static int fixup_fix_sdp(void **param, int param_no);
 static int fixup_add_contact_alias(void **param, int param_no);
 static int add_rcv_param_f(struct sip_msg *, char *, char *);
 static int nh_sip_reply_received(sip_msg_t *msg);
+static int test_sdp_cline(struct sip_msg *msg);
 
 static void nh_timer(unsigned int, void *);
 static int mod_init(void);
@@ -1332,6 +1333,54 @@ static int contact_rport(struct sip_msg *msg)
 	}
 }
 
+/**
+* test SDP C line ip address and source IP address match
+* if all ip address matches, return 0
+* returns unmatched ip address count
+* on parse error, returns -1
+*/
+static int test_sdp_cline(struct sip_msg *msg){
+	sdp_session_cell_t* session;
+	struct ip_addr cline_addr;
+	int sdp_session_num = 0;
+	int result = 0;
+
+	if(parse_sdp(msg) < 0) {
+		LM_ERR("Unable to parse sdp body\n");
+		return -1;
+	}
+
+	for(;;){
+		session = get_sdp_session(msg, sdp_session_num);
+		if(!session)
+			break;
+
+		if(!(session->ip_addr.len > 0 && session->ip_addr.s))
+			break;
+
+		if(session->pf==AF_INET){
+			if(str2ipbuf(&session->ip_addr,&cline_addr)<0){
+				LM_ERR("Couldn't get sdp c line IP address\n");
+				return -1;
+			}
+		}else if(session->pf==AF_INET6){
+			if(str2ip6buf(&session->ip_addr, &cline_addr)<0){
+				LM_ERR("Couldn't get sdp c line IP address\n");
+				return -1;
+			}
+		}else{
+			LM_ERR("Couldn't get sdp address type\n");
+			return -1;
+		}
+
+		if(ip_addr_cmp(&msg->rcv.src_ip,&cline_addr)){
+			result++;
+		}
+		sdp_session_num++;
+	}
+
+	return sdp_session_num - result;
+}
 /*
  * test for occurrence of RFC1918 IP address in SDP
  */
@@ -1441,6 +1490,12 @@ static int nat_uac_test(struct sip_msg *msg, int tests)
 	if((tests & NAT_UAC_TEST_C_PORT) && (contact_rport(msg) > 0))
 		return 1;
 
+	/**
+	* test if sdp c line ip address matches with sip source address
+	*/
+	if((tests & NAT_UAC_TEST_SDP_CLINE) && (test_sdp_cline(msg) > 0))
+		return 1;
+
 	/* no test succeeded */
 	return -1;
 }


