[NETFILTER]: nf_nat_sip: translate all Contact headers

The SIP message may contain multiple Contact: addresses referring to
the NATed endpoint, translate all of them.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 15 insertions, 4 deletions

diff --git a/net/ipv4/netfilter/nf_nat_sip.c b/net/ipv4/netfilter/nf_nat_sip.c
index 71a4adcfd576..b443618a857f 100644
--- a/net/ipv4/netfilter/nf_nat_sip.c
+++ b/net/ipv4/netfilter/nf_nat_sip.c
@@ -101,10 +101,10 @@ static unsigned int ip_nat_sip(struct sk_buff *skb,
         enum ip_conntrack_info ctinfo;
         struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
         enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
-        unsigned int matchoff, matchlen;
+        unsigned int dataoff, matchoff, matchlen;
         union nf_inet_addr addr;
         __be16 port;
-        int request;
+        int request, in_header;
 
         /* Basic rules: requests and responses. */
         if (strnicmp(*dptr, "SIP/2.0", strlen("SIP/2.0")) != 0) {
@@ -187,9 +187,20 @@ static unsigned int ip_nat_sip(struct sk_buff *skb,
         }
 
 next:
+        /* Translate Contact headers */
+        dataoff = 0;
+        in_header = 0;
+        while (ct_sip_parse_header_uri(ct, *dptr, &dataoff, *datalen,
+                                       SIP_HDR_CONTACT, &in_header,
+                                       &matchoff, &matchlen,
+                                       &addr, &port) > 0) {
+                if (!map_addr(skb, dptr, datalen, matchoff, matchlen,
+                              &addr, port))
+                        return NF_DROP;
+        }
+
         if (!map_sip_addr(skb, dptr, datalen, SIP_HDR_FROM) ||
-            !map_sip_addr(skb, dptr, datalen, SIP_HDR_TO) ||
-            !map_sip_addr(skb, dptr, datalen, SIP_HDR_CONTACT))
+            !map_sip_addr(skb, dptr, datalen, SIP_HDR_TO))
                 return NF_DROP;
         return NF_ACCEPT;
 }