URL https://opencores.org/ocsvn/or1k_soc_on_altera_embedded_dev_kit/or1k_soc_on_altera_embedded_dev_kit/trunk

Subversion Repositories or1k_soc_on_altera_embedded_dev_kit

[/] [or1k_soc_on_altera_embedded_dev_kit/] [tags/] [linux-2.6/] [linux-2.6.24_or32_unified_v2.3/] [net/] [ipv4/] [netfilter/] [nf_nat_sip.c] - Blame information for rev 8

Details | Compare with Previous | View Log


/* SIP extension for UDP NAT alteration.
 *
 * (C) 2005 by Christian Hentschel <chentschel@arnet.com.ar>
 * based on RR's ip_nat_ftp.c and other modules.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */
 
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/ip.h>
#include <net/ip.h>
#include <linux/udp.h>
 
#include <net/netfilter/nf_nat.h>
#include <net/netfilter/nf_nat_helper.h>
#include <net/netfilter/nf_nat_rule.h>
#include <net/netfilter/nf_conntrack_helper.h>
#include <net/netfilter/nf_conntrack_expect.h>
#include <linux/netfilter/nf_conntrack_sip.h>
 
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Christian Hentschel <chentschel@arnet.com.ar>");
MODULE_DESCRIPTION("SIP NAT helper");
MODULE_ALIAS("ip_nat_sip");
 
struct addr_map {
        struct {
                char            src[sizeof("nnn.nnn.nnn.nnn:nnnnn")];
                char            dst[sizeof("nnn.nnn.nnn.nnn:nnnnn")];
                unsigned int    srclen, srciplen;
                unsigned int    dstlen, dstiplen;
        } addr[IP_CT_DIR_MAX];
};
 
static void addr_map_init(struct nf_conn *ct, struct addr_map *map)
{
        struct nf_conntrack_tuple *t;
        enum ip_conntrack_dir dir;
        unsigned int n;
 
        for (dir = 0; dir < IP_CT_DIR_MAX; dir++) {
                t = &ct->tuplehash[dir].tuple;
 
                n = sprintf(map->addr[dir].src, "%u.%u.%u.%u",
                            NIPQUAD(t->src.u3.ip));
                map->addr[dir].srciplen = n;
                n += sprintf(map->addr[dir].src + n, ":%u",
                             ntohs(t->src.u.udp.port));
                map->addr[dir].srclen = n;
 
                n = sprintf(map->addr[dir].dst, "%u.%u.%u.%u",
                            NIPQUAD(t->dst.u3.ip));
                map->addr[dir].dstiplen = n;
                n += sprintf(map->addr[dir].dst + n, ":%u",
                             ntohs(t->dst.u.udp.port));
                map->addr[dir].dstlen = n;
        }
}
 
static int map_sip_addr(struct sk_buff *skb, enum ip_conntrack_info ctinfo,
                        struct nf_conn *ct, const char **dptr, size_t dlen,
                        enum sip_header_pos pos, struct addr_map *map)
{
        enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
        unsigned int matchlen, matchoff, addrlen;
        char *addr;
 
        if (ct_sip_get_info(ct, *dptr, dlen, &matchoff, &matchlen, pos) <= 0)
                return 1;
 
        if ((matchlen == map->addr[dir].srciplen ||
             matchlen == map->addr[dir].srclen) &&
            memcmp(*dptr + matchoff, map->addr[dir].src, matchlen) == 0) {
                addr    = map->addr[!dir].dst;
                addrlen = map->addr[!dir].dstlen;
        } else if ((matchlen == map->addr[dir].dstiplen ||
                    matchlen == map->addr[dir].dstlen) &&
                   memcmp(*dptr + matchoff, map->addr[dir].dst, matchlen) == 0) {
                addr    = map->addr[!dir].src;
                addrlen = map->addr[!dir].srclen;
        } else
                return 1;
 
        if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo,
                                      matchoff, matchlen, addr, addrlen))
                return 0;
        *dptr = skb->data + ip_hdrlen(skb) + sizeof(struct udphdr);
        return 1;
 
}
 
static unsigned int ip_nat_sip(struct sk_buff *skb,
                               enum ip_conntrack_info ctinfo,
                               struct nf_conn *ct,
                               const char **dptr)
{
        enum sip_header_pos pos;
        struct addr_map map;
        int dataoff, datalen;
 
        dataoff = ip_hdrlen(skb) + sizeof(struct udphdr);
        datalen = skb->len - dataoff;
        if (datalen < sizeof("SIP/2.0") - 1)
                return NF_ACCEPT;
 
        addr_map_init(ct, &map);
 
        /* Basic rules: requests and responses. */
        if (strncmp(*dptr, "SIP/2.0", sizeof("SIP/2.0") - 1) != 0) {
                /* 10.2: Constructing the REGISTER Request:
                 *
                 * The "userinfo" and "@" components of the SIP URI MUST NOT
                 * be present.
                 */
                if (datalen >= sizeof("REGISTER") - 1 &&
                    strncmp(*dptr, "REGISTER", sizeof("REGISTER") - 1) == 0)
                        pos = POS_REG_REQ_URI;
                else
                        pos = POS_REQ_URI;
 
                if (!map_sip_addr(skb, ctinfo, ct, dptr, datalen, pos, &map))
                        return NF_DROP;
        }
 
        if (!map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_FROM, &map) ||
            !map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_TO, &map) ||
            !map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_VIA, &map) ||
            !map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_CONTACT, &map))
                return NF_DROP;
        return NF_ACCEPT;
}
 
static unsigned int mangle_sip_packet(struct sk_buff *skb,
                                      enum ip_conntrack_info ctinfo,
                                      struct nf_conn *ct,
                                      const char **dptr, size_t dlen,
                                      char *buffer, int bufflen,
                                      enum sip_header_pos pos)
{
        unsigned int matchlen, matchoff;
 
        if (ct_sip_get_info(ct, *dptr, dlen, &matchoff, &matchlen, pos) <= 0)
                return 0;
 
        if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo,
                                      matchoff, matchlen, buffer, bufflen))
                return 0;
 
        /* We need to reload this. Thanks Patrick. */
        *dptr = skb->data + ip_hdrlen(skb) + sizeof(struct udphdr);
        return 1;
}
 
static int mangle_content_len(struct sk_buff *skb,
                              enum ip_conntrack_info ctinfo,
                              struct nf_conn *ct,
                              const char *dptr)
{
        unsigned int dataoff, matchoff, matchlen;
        char buffer[sizeof("65536")];
        int bufflen;
 
        dataoff = ip_hdrlen(skb) + sizeof(struct udphdr);
 
        /* Get actual SDP length */
        if (ct_sip_get_info(ct, dptr, skb->len - dataoff, &matchoff,
                            &matchlen, POS_SDP_HEADER) > 0) {
 
                /* since ct_sip_get_info() give us a pointer passing 'v='
                   we need to add 2 bytes in this count. */
                int c_len = skb->len - dataoff - matchoff + 2;
 
                /* Now, update SDP length */
                if (ct_sip_get_info(ct, dptr, skb->len - dataoff, &matchoff,
                                    &matchlen, POS_CONTENT) > 0) {
 
                        bufflen = sprintf(buffer, "%u", c_len);
                        return nf_nat_mangle_udp_packet(skb, ct, ctinfo,
                                                        matchoff, matchlen,
                                                        buffer, bufflen);
                }
        }
        return 0;
}
 
static unsigned int mangle_sdp(struct sk_buff *skb,
                               enum ip_conntrack_info ctinfo,
                               struct nf_conn *ct,
                               __be32 newip, u_int16_t port,
                               const char *dptr)
{
        char buffer[sizeof("nnn.nnn.nnn.nnn")];
        unsigned int dataoff, bufflen;
 
        dataoff = ip_hdrlen(skb) + sizeof(struct udphdr);
 
        /* Mangle owner and contact info. */
        bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip));
        if (!mangle_sip_packet(skb, ctinfo, ct, &dptr, skb->len - dataoff,
                               buffer, bufflen, POS_OWNER_IP4))
                return 0;
 
        if (!mangle_sip_packet(skb, ctinfo, ct, &dptr, skb->len - dataoff,
                               buffer, bufflen, POS_CONNECTION_IP4))
                return 0;
 
        /* Mangle media port. */
        bufflen = sprintf(buffer, "%u", port);
        if (!mangle_sip_packet(skb, ctinfo, ct, &dptr, skb->len - dataoff,
                               buffer, bufflen, POS_MEDIA))
                return 0;
 
        return mangle_content_len(skb, ctinfo, ct, dptr);
}
 
static void ip_nat_sdp_expect(struct nf_conn *ct,
                              struct nf_conntrack_expect *exp)
{
        struct nf_nat_range range;
 
        /* This must be a fresh one. */
        BUG_ON(ct->status & IPS_NAT_DONE_MASK);
 
        /* Change src to where master sends to */
        range.flags = IP_NAT_RANGE_MAP_IPS;
        range.min_ip = range.max_ip
                = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip;
        /* hook doesn't matter, but it has to do source manip */
        nf_nat_setup_info(ct, &range, NF_IP_POST_ROUTING);
 
        /* For DST manip, map port here to where it's expected. */
        range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
        range.min = range.max = exp->saved_proto;
        range.min_ip = range.max_ip = exp->saved_ip;
        /* hook doesn't matter, but it has to do destination manip */
        nf_nat_setup_info(ct, &range, NF_IP_PRE_ROUTING);
}
 
/* So, this packet has hit the connection tracking matching code.
   Mangle it, and change the expectation to match the new version. */
static unsigned int ip_nat_sdp(struct sk_buff *skb,
                               enum ip_conntrack_info ctinfo,
                               struct nf_conntrack_expect *exp,
                               const char *dptr)
{
        struct nf_conn *ct = exp->master;
        enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
        __be32 newip;
        u_int16_t port;
 
        /* Connection will come from reply */
        if (ct->tuplehash[dir].tuple.src.u3.ip ==
            ct->tuplehash[!dir].tuple.dst.u3.ip)
                newip = exp->tuple.dst.u3.ip;
        else
                newip = ct->tuplehash[!dir].tuple.dst.u3.ip;
 
        exp->saved_ip = exp->tuple.dst.u3.ip;
        exp->tuple.dst.u3.ip = newip;
        exp->saved_proto.udp.port = exp->tuple.dst.u.udp.port;
        exp->dir = !dir;
 
        /* When you see the packet, we need to NAT it the same as the
           this one. */
        exp->expectfn = ip_nat_sdp_expect;
 
        /* Try to get same port: if not, try to change it. */
        for (port = ntohs(exp->saved_proto.udp.port); port != 0; port++) {
                exp->tuple.dst.u.udp.port = htons(port);
                if (nf_ct_expect_related(exp) == 0)
                        break;
        }
 
        if (port == 0)
                return NF_DROP;
 
        if (!mangle_sdp(skb, ctinfo, ct, newip, port, dptr)) {
                nf_ct_unexpect_related(exp);
                return NF_DROP;
        }
        return NF_ACCEPT;
}
 
static void __exit nf_nat_sip_fini(void)
{
        rcu_assign_pointer(nf_nat_sip_hook, NULL);
        rcu_assign_pointer(nf_nat_sdp_hook, NULL);
        synchronize_rcu();
}
 
static int __init nf_nat_sip_init(void)
{
        BUG_ON(nf_nat_sip_hook != NULL);
        BUG_ON(nf_nat_sdp_hook != NULL);
        rcu_assign_pointer(nf_nat_sip_hook, ip_nat_sip);
        rcu_assign_pointer(nf_nat_sdp_hook, ip_nat_sdp);
        return 0;
}
 
module_init(nf_nat_sip_init);
module_exit(nf_nat_sip_fini);

Browse

Tools

Subversion Repositories or1k_soc_on_altera_embedded_dev_kit

[/] [or1k_soc_on_altera_embedded_dev_kit/] [tags/] [linux-2.6/] [linux-2.6.24_or32_unified_v2.3/] [net/] [ipv4/] [netfilter/] [nf_nat_sip.c] - Blame information for rev 8

Line No.	Rev	Author	Line
1	3	xianfeng	`/* SIP extension for UDP NAT alteration.`
2			`*`
3			`* (C) 2005 by Christian Hentschel <chentschel@arnet.com.ar>`
4			`* based on RR's ip_nat_ftp.c and other modules.`
5			`*`
6			`* This program is free software; you can redistribute it and/or modify`
7			`* it under the terms of the GNU General Public License version 2 as`
8			`* published by the Free Software Foundation.`
9			`*/`
10
11			`#include <linux/module.h>`
12			`#include <linux/skbuff.h>`
13			`#include <linux/ip.h>`
14			`#include <net/ip.h>`
15			`#include <linux/udp.h>`
16
17			`#include <net/netfilter/nf_nat.h>`
18			`#include <net/netfilter/nf_nat_helper.h>`
19			`#include <net/netfilter/nf_nat_rule.h>`
20			`#include <net/netfilter/nf_conntrack_helper.h>`
21			`#include <net/netfilter/nf_conntrack_expect.h>`
22			`#include <linux/netfilter/nf_conntrack_sip.h>`
23
24			`MODULE_LICENSE("GPL");`
25			`MODULE_AUTHOR("Christian Hentschel <chentschel@arnet.com.ar>");`
26			`MODULE_DESCRIPTION("SIP NAT helper");`
27			`MODULE_ALIAS("ip_nat_sip");`
28
29			`struct addr_map {`
30			`struct {`
31			`char src[sizeof("nnn.nnn.nnn.nnn:nnnnn")];`
32			`char dst[sizeof("nnn.nnn.nnn.nnn:nnnnn")];`
33			`unsigned int srclen, srciplen;`
34			`unsigned int dstlen, dstiplen;`
35			`} addr[IP_CT_DIR_MAX];`
36			`};`
37
38			`static void addr_map_init(struct nf_conn ct, struct addr_map map)`
39			`{`
40			`struct nf_conntrack_tuple *t;`
41			`enum ip_conntrack_dir dir;`
42			`unsigned int n;`
43
44			`for (dir = 0; dir < IP_CT_DIR_MAX; dir++) {`
45			`t = &ct->tuplehash[dir].tuple;`
46
47			`n = sprintf(map->addr[dir].src, "%u.%u.%u.%u",`
48			`NIPQUAD(t->src.u3.ip));`
49			`map->addr[dir].srciplen = n;`
50			`n += sprintf(map->addr[dir].src + n, ":%u",`
51			`ntohs(t->src.u.udp.port));`
52			`map->addr[dir].srclen = n;`
53
54			`n = sprintf(map->addr[dir].dst, "%u.%u.%u.%u",`
55			`NIPQUAD(t->dst.u3.ip));`
56			`map->addr[dir].dstiplen = n;`
57			`n += sprintf(map->addr[dir].dst + n, ":%u",`
58			`ntohs(t->dst.u.udp.port));`
59			`map->addr[dir].dstlen = n;`
60			`}`
61			`}`
62
63			`static int map_sip_addr(struct sk_buff *skb, enum ip_conntrack_info ctinfo,`
64			`struct nf_conn ct, const char *dptr, size_t dlen,`
65			`enum sip_header_pos pos, struct addr_map *map)`
66			`{`
67			`enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);`
68			`unsigned int matchlen, matchoff, addrlen;`
69			`char *addr;`
70
71			`if (ct_sip_get_info(ct, *dptr, dlen, &matchoff, &matchlen, pos) <= 0)`
72			`return 1;`
73
74			`if ((matchlen == map->addr[dir].srciplen \|\|`
75			`matchlen == map->addr[dir].srclen) &&`
76			`memcmp(*dptr + matchoff, map->addr[dir].src, matchlen) == 0) {`
77			`addr = map->addr[!dir].dst;`
78			`addrlen = map->addr[!dir].dstlen;`
79			`} else if ((matchlen == map->addr[dir].dstiplen \|\|`
80			`matchlen == map->addr[dir].dstlen) &&`
81			`memcmp(*dptr + matchoff, map->addr[dir].dst, matchlen) == 0) {`
82			`addr = map->addr[!dir].src;`
83			`addrlen = map->addr[!dir].srclen;`
84			`} else`
85			`return 1;`
86
87			`if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo,`
88			`matchoff, matchlen, addr, addrlen))`
89			`return 0;`
90			`*dptr = skb->data + ip_hdrlen(skb) + sizeof(struct udphdr);`
91			`return 1;`
92
93			`}`
94
95			`static unsigned int ip_nat_sip(struct sk_buff *skb,`
96			`enum ip_conntrack_info ctinfo,`
97			`struct nf_conn *ct,`
98			`const char **dptr)`
99			`{`
100			`enum sip_header_pos pos;`
101			`struct addr_map map;`
102			`int dataoff, datalen;`
103
104			`dataoff = ip_hdrlen(skb) + sizeof(struct udphdr);`
105			`datalen = skb->len - dataoff;`
106			`if (datalen < sizeof("SIP/2.0") - 1)`
107			`return NF_ACCEPT;`
108
109			`addr_map_init(ct, &map);`
110
111			`/* Basic rules: requests and responses. */`
112			`if (strncmp(*dptr, "SIP/2.0", sizeof("SIP/2.0") - 1) != 0) {`
113			`/* 10.2: Constructing the REGISTER Request:`
114			`*`
115			`* The "userinfo" and "@" components of the SIP URI MUST NOT`
116			`* be present.`
117			`*/`
118			`if (datalen >= sizeof("REGISTER") - 1 &&`
119			`strncmp(*dptr, "REGISTER", sizeof("REGISTER") - 1) == 0)`
120			`pos = POS_REG_REQ_URI;`
121			`else`
122			`pos = POS_REQ_URI;`
123
124			`if (!map_sip_addr(skb, ctinfo, ct, dptr, datalen, pos, &map))`
125			`return NF_DROP;`
126			`}`
127
128			`if (!map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_FROM, &map) \|\|`
129			`!map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_TO, &map) \|\|`
130			`!map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_VIA, &map) \|\|`
131			`!map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_CONTACT, &map))`
132			`return NF_DROP;`
133			`return NF_ACCEPT;`
134			`}`
135
136			`static unsigned int mangle_sip_packet(struct sk_buff *skb,`
137			`enum ip_conntrack_info ctinfo,`
138			`struct nf_conn *ct,`
139			`const char **dptr, size_t dlen,`
140			`char *buffer, int bufflen,`
141			`enum sip_header_pos pos)`
142			`{`
143			`unsigned int matchlen, matchoff;`
144
145			`if (ct_sip_get_info(ct, *dptr, dlen, &matchoff, &matchlen, pos) <= 0)`
146			`return 0;`
147
148			`if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo,`
149			`matchoff, matchlen, buffer, bufflen))`
150			`return 0;`
151
152			`/* We need to reload this. Thanks Patrick. */`
153			`*dptr = skb->data + ip_hdrlen(skb) + sizeof(struct udphdr);`
154			`return 1;`
155			`}`
156
157			`static int mangle_content_len(struct sk_buff *skb,`
158			`enum ip_conntrack_info ctinfo,`
159			`struct nf_conn *ct,`
160			`const char *dptr)`
161			`{`
162			`unsigned int dataoff, matchoff, matchlen;`
163			`char buffer[sizeof("65536")];`
164			`int bufflen;`
165
166			`dataoff = ip_hdrlen(skb) + sizeof(struct udphdr);`
167
168			`/* Get actual SDP length */`
169			`if (ct_sip_get_info(ct, dptr, skb->len - dataoff, &matchoff,`
170			`&matchlen, POS_SDP_HEADER) > 0) {`
171
172			`/* since ct_sip_get_info() give us a pointer passing 'v='`
173			`we need to add 2 bytes in this count. */`
174			`int c_len = skb->len - dataoff - matchoff + 2;`
175
176			`/* Now, update SDP length */`
177			`if (ct_sip_get_info(ct, dptr, skb->len - dataoff, &matchoff,`
178			`&matchlen, POS_CONTENT) > 0) {`
179
180			`bufflen = sprintf(buffer, "%u", c_len);`
181			`return nf_nat_mangle_udp_packet(skb, ct, ctinfo,`
182			`matchoff, matchlen,`
183			`buffer, bufflen);`
184			`}`
185			`}`
186			`return 0;`
187			`}`
188
189			`static unsigned int mangle_sdp(struct sk_buff *skb,`
190			`enum ip_conntrack_info ctinfo,`
191			`struct nf_conn *ct,`
192			`__be32 newip, u_int16_t port,`
193			`const char *dptr)`
194			`{`
195			`char buffer[sizeof("nnn.nnn.nnn.nnn")];`
196			`unsigned int dataoff, bufflen;`
197
198			`dataoff = ip_hdrlen(skb) + sizeof(struct udphdr);`
199
200			`/* Mangle owner and contact info. */`
201			`bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip));`
202			`if (!mangle_sip_packet(skb, ctinfo, ct, &dptr, skb->len - dataoff,`
203			`buffer, bufflen, POS_OWNER_IP4))`
204			`return 0;`
205
206			`if (!mangle_sip_packet(skb, ctinfo, ct, &dptr, skb->len - dataoff,`
207			`buffer, bufflen, POS_CONNECTION_IP4))`
208			`return 0;`
209
210			`/* Mangle media port. */`
211			`bufflen = sprintf(buffer, "%u", port);`
212			`if (!mangle_sip_packet(skb, ctinfo, ct, &dptr, skb->len - dataoff,`
213			`buffer, bufflen, POS_MEDIA))`
214			`return 0;`
215
216			`return mangle_content_len(skb, ctinfo, ct, dptr);`
217			`}`
218
219			`static void ip_nat_sdp_expect(struct nf_conn *ct,`
220			`struct nf_conntrack_expect *exp)`
221			`{`
222			`struct nf_nat_range range;`
223
224			`/* This must be a fresh one. */`
225			`BUG_ON(ct->status & IPS_NAT_DONE_MASK);`
226
227			`/* Change src to where master sends to */`
228			`range.flags = IP_NAT_RANGE_MAP_IPS;`
229			`range.min_ip = range.max_ip`
230			`= ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip;`
231			`/* hook doesn't matter, but it has to do source manip */`
232			`nf_nat_setup_info(ct, &range, NF_IP_POST_ROUTING);`
233
234			`/* For DST manip, map port here to where it's expected. */`
235			`range.flags = (IP_NAT_RANGE_MAP_IPS \| IP_NAT_RANGE_PROTO_SPECIFIED);`
236			`range.min = range.max = exp->saved_proto;`
237			`range.min_ip = range.max_ip = exp->saved_ip;`
238			`/* hook doesn't matter, but it has to do destination manip */`
239			`nf_nat_setup_info(ct, &range, NF_IP_PRE_ROUTING);`
240			`}`
241
242			`/* So, this packet has hit the connection tracking matching code.`
243			`Mangle it, and change the expectation to match the new version. */`
244			`static unsigned int ip_nat_sdp(struct sk_buff *skb,`
245			`enum ip_conntrack_info ctinfo,`
246			`struct nf_conntrack_expect *exp,`
247			`const char *dptr)`
248			`{`
249			`struct nf_conn *ct = exp->master;`
250			`enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);`
251			`__be32 newip;`
252			`u_int16_t port;`
253
254			`/* Connection will come from reply */`
255			`if (ct->tuplehash[dir].tuple.src.u3.ip ==`
256			`ct->tuplehash[!dir].tuple.dst.u3.ip)`
257			`newip = exp->tuple.dst.u3.ip;`
258			`else`
259			`newip = ct->tuplehash[!dir].tuple.dst.u3.ip;`
260
261			`exp->saved_ip = exp->tuple.dst.u3.ip;`
262			`exp->tuple.dst.u3.ip = newip;`
263			`exp->saved_proto.udp.port = exp->tuple.dst.u.udp.port;`
264			`exp->dir = !dir;`
265
266			`/* When you see the packet, we need to NAT it the same as the`
267			`this one. */`
268			`exp->expectfn = ip_nat_sdp_expect;`
269
270			`/* Try to get same port: if not, try to change it. */`
271			`for (port = ntohs(exp->saved_proto.udp.port); port != 0; port++) {`
272			`exp->tuple.dst.u.udp.port = htons(port);`
273			`if (nf_ct_expect_related(exp) == 0)`
274			`break;`
275			`}`
276
277			`if (port == 0)`
278			`return NF_DROP;`
279
280			`if (!mangle_sdp(skb, ctinfo, ct, newip, port, dptr)) {`
281			`nf_ct_unexpect_related(exp);`
282			`return NF_DROP;`
283			`}`
284			`return NF_ACCEPT;`
285			`}`
286
287			`static void __exit nf_nat_sip_fini(void)`
288			`{`
289			`rcu_assign_pointer(nf_nat_sip_hook, NULL);`
290			`rcu_assign_pointer(nf_nat_sdp_hook, NULL);`
291			`synchronize_rcu();`
292			`}`
293
294			`static int __init nf_nat_sip_init(void)`
295			`{`
296			`BUG_ON(nf_nat_sip_hook != NULL);`
297			`BUG_ON(nf_nat_sdp_hook != NULL);`
298			`rcu_assign_pointer(nf_nat_sip_hook, ip_nat_sip);`
299			`rcu_assign_pointer(nf_nat_sdp_hook, ip_nat_sdp);`
300			`return 0;`
301			`}`
302
303			`module_init(nf_nat_sip_init);`
304			`module_exit(nf_nat_sip_fini);`