|
|
|
|
@ -170,6 +170,15 @@ static uint stream_packets_list_limit = 10;
|
|
|
|
|
module_param(stream_packets_list_limit, uint, 0);
|
|
|
|
|
MODULE_PARM_DESC(stream_packets_list_limit, "maximum number of packets to retain for intercept streams");
|
|
|
|
|
|
|
|
|
|
static bool log_errors = 0;
|
|
|
|
|
module_param(log_errors, bool, 0);
|
|
|
|
|
MODULE_PARM_DESC(log_errors, "generate kernel log lines from forwarding errors");
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#define log_err(fmt, ...) do { if (log_errors) printk(KERN_NOTICE "rtpengine[%s:%i]: " fmt, \
|
|
|
|
|
__FUNCTION__, __LINE__, ##__VA_ARGS__); } while (0)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -3200,6 +3209,7 @@ static int send_proxy_packet4(struct sk_buff *skb, struct re_address *src, struc
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
drop:
|
|
|
|
|
log_err("IPv4 routing failed");
|
|
|
|
|
kfree_skb(skb);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
@ -3270,6 +3280,7 @@ static int send_proxy_packet6(struct sk_buff *skb, struct re_address *src, struc
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
drop:
|
|
|
|
|
log_err("IPv6 routing failed");
|
|
|
|
|
kfree_skb(skb);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
@ -3280,8 +3291,10 @@ drop:
|
|
|
|
|
static int send_proxy_packet(struct sk_buff *skb, struct re_address *src, struct re_address *dst,
|
|
|
|
|
unsigned char tos, const struct xt_action_param *par)
|
|
|
|
|
{
|
|
|
|
|
if (src->family != dst->family)
|
|
|
|
|
if (src->family != dst->family) {
|
|
|
|
|
log_err("address family mismatch");
|
|
|
|
|
goto drop;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
switch (src->family) {
|
|
|
|
|
case AF_INET:
|
|
|
|
|
@ -3293,6 +3306,7 @@ static int send_proxy_packet(struct sk_buff *skb, struct re_address *src, struct
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
log_err("unsupported address family");
|
|
|
|
|
goto drop;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@ -3651,8 +3665,10 @@ static inline int rtp_payload_type(const struct rtp_header *hdr, const struct rt
|
|
|
|
|
|
|
|
|
|
pt = hdr->m_pt & 0x7f;
|
|
|
|
|
match = bsearch(&pt, tg->payload_types, tg->num_payload_types, sizeof(pt), rtp_payload_match);
|
|
|
|
|
if (!match)
|
|
|
|
|
if (!match) {
|
|
|
|
|
log_err("RTP payload type %u not found", (unsigned int) pt);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
return match - tg->payload_types;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
@ -3718,6 +3734,7 @@ static unsigned int rtpengine46(struct sk_buff *skb, struct rtpengine_table *t,
|
|
|
|
|
u_int64_t pkt_idx;
|
|
|
|
|
struct re_stream *stream;
|
|
|
|
|
struct re_stream_packet *packet;
|
|
|
|
|
const char *errstr = NULL;
|
|
|
|
|
|
|
|
|
|
#if (RE_HAS_MEASUREDELAY)
|
|
|
|
|
u_int64_t starttime, endtime, delay;
|
|
|
|
|
@ -3772,6 +3789,7 @@ not_stun:
|
|
|
|
|
goto skip1;
|
|
|
|
|
/* MSM_DROP */
|
|
|
|
|
error_nf_action = NF_DROP;
|
|
|
|
|
errstr = "source address mismatch";
|
|
|
|
|
goto skip_error;
|
|
|
|
|
|
|
|
|
|
src_check_ok:
|
|
|
|
|
@ -3797,12 +3815,15 @@ src_check_ok:
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
// Pass to userspace if SSRC has changed.
|
|
|
|
|
errstr = "SSRC mismatch";
|
|
|
|
|
if (unlikely((g->target.ssrc) && (g->target.ssrc != rtp.header->ssrc)))
|
|
|
|
|
goto skip_error;
|
|
|
|
|
|
|
|
|
|
pkt_idx = packet_index(&g->decrypt, &g->target.decrypt, rtp.header);
|
|
|
|
|
errstr = "SRTP authentication tag mismatch";
|
|
|
|
|
if (srtp_auth_validate(&g->decrypt, &g->target.decrypt, &rtp, &pkt_idx))
|
|
|
|
|
goto skip_error;
|
|
|
|
|
errstr = "SRTP decryption failed";
|
|
|
|
|
if (srtp_decrypt(&g->decrypt, &g->target.decrypt, &rtp, pkt_idx))
|
|
|
|
|
goto skip_error;
|
|
|
|
|
|
|
|
|
|
@ -3907,6 +3928,7 @@ no_intercept:
|
|
|
|
|
return NF_DROP;
|
|
|
|
|
|
|
|
|
|
skip_error:
|
|
|
|
|
log_err("x_tables action failed: %s", errstr);
|
|
|
|
|
atomic64_inc(&g->stats.errors);
|
|
|
|
|
skip1:
|
|
|
|
|
target_put(g);
|
|
|
|
|
|
Richard Fuchs
9 years ago