From patchwork Fri Dec 22 19:53:37 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tiago Lam X-Patchwork-Id: 852555 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="pCndCqll"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3z3K4x02sVz9s71 for ; Sat, 23 Dec 2017 06:56:01 +1100 (AEDT) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id E9A70C9B; Fri, 22 Dec 2017 19:54:28 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 2CE4F910 for ; Fri, 22 Dec 2017 19:54:26 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-wr0-f194.google.com (mail-wr0-f194.google.com [209.85.128.194]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 4E64F527 for ; Fri, 22 Dec 2017 19:54:25 +0000 (UTC) Received: by mail-wr0-f194.google.com with SMTP id l19so16409987wrc.2 for ; Fri, 22 Dec 2017 11:54:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=gLgDp0Jzz/Y4B2Ly6ymEEd4s5F+k/vgX7gTUw8hYOCg=; b=pCndCqll1ZZfR+SS9LmYd/aWniGFKYV2rX1FTfoRTvtkH6hGE5IhXuv1SvXlNNmR3V 8cC5Oli76R20/R4V0bQkTe3A1B3M56pla2watdtJ7ywzcgHPLkx0rEF5xOzcWs2nhhMD 1bUKFN1nF46wi7Q51R3RgYXv/hEHHgVVl1cQ2ZhFAGujQcafdoiYUjvPooEnksk916Od YK+oLPuhqsgbU0PYBacXMmTBp8MzlBQo5YmnQ14pqa3kXQJJ7pWJp00XfSj4Vu3FUP/9 pupd+QZheysAAQhAMTL9ogGEcAnGiicrpE74CH5Aluynlc5nUu62WNW5093CNocmcDyn s4Tw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=gLgDp0Jzz/Y4B2Ly6ymEEd4s5F+k/vgX7gTUw8hYOCg=; b=g4mleL92U5GJ8KOKIlJwbt2EFnVD8TO6YGXB0uKeooCQZm4bWGKNemJYajZ8lwISi6 eXUI/DMCs0zREfSdd8Mt4L8jgnojcECkgh1VDi6/oCab6cASIeCa4fK8tgoGivdX1zXB fzKemvwElb4p28ofSAie6DMdHhG3e/w9FAleq0nlANqXZuASNw4o4rltTXQEiyn5aoI9 wZII8yGTruhbHynMOxuVYPY/XfObnTnAaEV2HR1AlcYxTLRmBf67uhKXQ33Eoj8exfv8 dzbfPdLaXdkvG1SvEbdP8J6NviF9EwG9weK3S9BE0cgSGYTtOiNaMs75g/1RbvJl9fSm vwyg== X-Gm-Message-State: AKGB3mIlkCPdRsU9folKG9iyYB7asQIkpUssws2ZX5bBqSa4WQZFFFCt GsLw4neAv0RmZUtiiyDUvCINmfoQIQ== X-Google-Smtp-Source: ACJfBoudd/TYB4Uc1kw3CQBh+X+XHoMDq1cHI657DPDpg6T/LonppB3uNVdRpcUMyd4rpuxJ0wJGmw== X-Received: by 10.223.129.133 with SMTP id 5mr15195416wra.55.1513972463554; Fri, 22 Dec 2017 11:54:23 -0800 (PST) Received: from elche.lan (bl5-204-96.dsl.telepac.pt. [82.154.204.96]) by smtp.googlemail.com with ESMTPSA id 47sm4858351wru.27.2017.12.22.11.54.21 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 22 Dec 2017 11:54:22 -0800 (PST) From: Tiago Lam To: ovs-dev@openvswitch.org Date: Fri, 22 Dec 2017 19:53:37 +0000 Message-Id: <20171222195337.28983-4-tiagolam@gmail.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20171222195337.28983-1-tiagolam@gmail.com> References: <20171222195337.28983-1-tiagolam@gmail.com> X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH 3/3] Conntrack: Support asymmetric RTP port for SIP. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Previously, when creating the expecations, SIP Alg would assume the RTP packets are sent from the same IP address + port which had been announced in the SDP offer + answer. As specified in rfc4961, this might not be the case, as the RTP packets might be sent from different IP addresses and / or port. This commit adds extra logic, by creating two expectations, one in each direction, to support the "port case", i.e., the RTP packets are sent from a different port than the one the host is listenning on. Signed-off-by: Tiago Lam --- lib/conntrack.c | 76 ++++++++++++++++++++++++++++++++++++++------------------- 1 file changed, 51 insertions(+), 25 deletions(-) diff --git a/lib/conntrack.c b/lib/conntrack.c index 65d10dd08..0db3447f2 100644 --- a/lib/conntrack.c +++ b/lib/conntrack.c @@ -2610,32 +2610,31 @@ expectation_lookup(struct hmap *alg_expectations, static void sip_expectation_create(struct conntrack *ct, - const ovs_be32 offer_addr, - const ovs_be32 answer_addr, - const ovs_be16 offer_port, + const ovs_be32 src_addr, + const ovs_be32 dst_addr, + const ovs_be16 dst_port, const long long now, const struct conn *master_conn) { - /* Set src address coming from answer SDP 'c' */ - struct ct_addr src_addr; - memset(&src_addr, 0, sizeof src_addr); - src_addr.ipv4_aligned = answer_addr; - /* Set dst address coming from offer SDP 'c' */ - struct ct_addr dst_addr; - memset(&dst_addr, 0, sizeof dst_addr); - dst_addr.ipv4_aligned = offer_addr; + /* Set src address (from SDP's 'c') */ + struct ct_addr ct_src_addr; + memset(&ct_src_addr, 0, sizeof ct_src_addr); + ct_src_addr.ipv4_aligned = src_addr; + /* Set dst address (from SDP's 'c') */ + struct ct_addr ct_dst_addr; + memset(&ct_dst_addr, 0, sizeof ct_dst_addr); + ct_dst_addr.ipv4_aligned = dst_addr; struct alg_exp_node *alg_exp_node = xzalloc(sizeof *alg_exp_node); alg_exp_node->key.dl_type = master_conn->key.dl_type; - /* nw_proto might won't be the same as SIP, since RTP is over UDP - hence - * set it to UDP explicitly */ + /* RTP is over UDP - hence set nw_proto to UDP explicitly */ alg_exp_node->key.nw_proto = IPPROTO_UDP; alg_exp_node->key.zone = master_conn->key.zone; - alg_exp_node->key.src.addr = src_addr; - alg_exp_node->key.dst.addr = dst_addr; + alg_exp_node->key.src.addr = ct_src_addr; + alg_exp_node->key.dst.addr = ct_dst_addr; alg_exp_node->key.src.port = ALG_WC_SRC_PORT; - alg_exp_node->key.dst.port = offer_port; + alg_exp_node->key.dst.port = dst_port; alg_exp_node->master_mark = master_conn->mark; alg_exp_node->master_label = master_conn->label; alg_exp_node->master_key = master_conn->key; @@ -2664,6 +2663,39 @@ sip_expectation_create(struct conntrack *ct, ct_rwlock_unlock(&ct->resources_lock); } +/* Setups two expectations for the RTP connections, one in each direction. + * Example: If an SDP answer announces it is listenning at IP address 10.0.1. + * 10:6000 and an the SDP offer at 10.0.2.10:6000, then: + * - Sets a UDP expectation going from 10.0.1.10:0 to 10.0.2.10:6000: + * - Sets another UDP expectation going from 10.0.2.10:0 to 10.0.1.10:6000; + * + * Thus, this allows traffic from a different port than the one the host is + * listenning to (the one it announced in the SDP). + * + * XXX According to rfc4961, hosts might send RTP packets from a different IP + * address and / or port (i.e. asymmetrically). Since this function supports + * the sending of packets from a different port, consider supporting the + * sending from a different IP address. + */ +static void +sip_expectations_setup(struct conntrack *ct, + const struct sip_sdp *offer_sdp, + const struct sip_sdp *answer_sdp, + const long long now, + const struct conn *conn) { + ovs_be32 offer_addr = htonl(offer_sdp->conn); + ovs_be16 offer_port = htons(offer_sdp->port); + ovs_be32 answer_addr = htonl(answer_sdp->conn); + ovs_be16 answer_port = htons(answer_sdp->port); + + /* Set expectation from SDP answer -> SDP offer */ + sip_expectation_create(ct, answer_addr, offer_addr, offer_port, now, + conn); + /* Set expectation from SDP offer -> SDP answer */ + sip_expectation_create(ct, offer_addr, answer_addr, answer_port, now, + conn); +} + static void expectation_create(struct conntrack *ct, ovs_be16 dst_port, @@ -3383,9 +3415,6 @@ handle_sip(struct conntrack *ct, /* Check if this SIP reply has an SDP. */ struct sip_sdp *sdp = sip_parse_sdp(msg_bdy, sip_len); - ovs_be32 offer_addr; - ovs_be32 offer_port; - ovs_be32 answer_addr; if (sdp == NULL) { if (conn->sip_state->peer[0].sdp != NULL && conn->sip_state->peer[1].sdp == NULL) { @@ -3400,12 +3429,9 @@ handle_sip(struct conntrack *ct, /* Received a SIP 200 OK from peer, we are now able to set up * the expectations for the data connections, based on the SDP * offer and answer */ - offer_addr = htonl(conn->sip_state->peer[0].sdp->conn); - offer_port = htons(conn->sip_state->peer[0].sdp->port); - answer_addr = htonl(conn->sip_state->peer[1].sdp->conn); - - sip_expectation_create(ct, offer_addr, answer_addr, offer_port, - now, conn); + sip_expectations_setup(ct, conn->sip_state->peer[0].sdp, + conn->sip_state->peer[1].sdp, now, + conn); } } }