From 91c88342ff81f4eb020992b034fb81db0f0c5147 Mon Sep 17 00:00:00 2001
From: Hans Dedecker <dedeckeh@gmail.com>
Date: Tue, 17 Apr 2018 17:27:42 +0200
Subject: [PATCH] xtables-addons: rstp: use specific source in expected RTP
 connection

Instead of passing a wildcard source to the expected RTP data connection;
use the server IP address of the RTSP SETUP packet or the RTP media source
from the SETUP URI contained in the SETUP packet.
This guarantees RTP data is only accepted from the expected source.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
---
 .../patches/100-add-rtsp-conntrack.patch      | 40 ++++++++++++++++---
 1 file changed, 34 insertions(+), 6 deletions(-)

diff --git a/net/xtables-addons/patches/100-add-rtsp-conntrack.patch b/net/xtables-addons/patches/100-add-rtsp-conntrack.patch
index bd49d92de6..917baf41a7 100644
--- a/net/xtables-addons/patches/100-add-rtsp-conntrack.patch
+++ b/net/xtables-addons/patches/100-add-rtsp-conntrack.patch
@@ -235,7 +235,7 @@
 +#endif /* _NETFILTER_MIME_H */
 --- /dev/null
 +++ b/extensions/rtsp/nf_conntrack_rtsp.c
-@@ -0,0 +1,576 @@
+@@ -0,0 +1,604 @@
 +/*
 + * RTSP extension for IP connection tracking
 + * (C) 2003 by Tom Marshall <tmarshall at real.com>
@@ -250,7 +250,10 @@
 + * 2013-03-04: Il'inykh Sergey <sergeyi at inango-sw.com>. Inango Systems Ltd
 + *	- fixed rtcp nat mapping and other port mapping fixes
 + *	- simple TEARDOWN request handling
-+ *	- codestyle fixes and other less significant bug fixes 
++ *	- codestyle fixes and other less significant bug fixes
++ * 2018-04-17: Alin Nastac <alin.nastac at gmail.com>
++ *             Hans Dedecker <dedeckeh at gmail.com>
++ *       - use IP address read from SETUP URI in expected connections
 + *
 + * based on ip_conntrack_irc.c
 + *
@@ -543,6 +546,7 @@
 +		uint transoff = 0;
 +		uint translen = 0;
 +		uint off;
++		union nf_inet_addr srvaddr;
 +		
 +		if (!rtsp_parse_message(pdata, datalen, &dataoff,
 +					&hdrsoff, &hdrslen,
@@ -559,6 +563,32 @@
 +		if (strncmp(pdata+cmdoff, "SETUP ", 6) != 0)
 +			continue;   /* not a SETUP message */
 +
++		srvaddr = ct->tuplehash[!dir].tuple.src.u3;
++
++		/* try to get RTP media source from SETUP URI */
++		off = cmdoff + 6;
++		while (off < datalen) {
++			if (strncmp(pdata+off, "://", 3) == 0) {
++				off += 3;
++				cmdoff = off;
++
++				while (off < datalen) {
++					if (pdata[off] == ':' ||
++					    pdata[off] == '/' ||
++					    pdata[off] == ' ') {
++						in4_pton(pdata + cmdoff,
++							 off - cmdoff,
++							 (u8 *)&srvaddr.in,
++							 -1, NULL);
++						break;
++					}
++					off++;
++				}
++				break;
++			}
++			off++;
++		}
++
 +		pr_debug("found a setup message\n");
 +
 +		off = 0;
@@ -583,8 +613,7 @@
 +		}
 +
 +		nf_ct_expect_init(rtp_exp, NF_CT_EXPECT_CLASS_DEFAULT,
-+				  nf_ct_l3num(ct),
-+				  NULL, /* &ct->tuplehash[!dir].tuple.src.u3, */
++				  nf_ct_l3num(ct), &srvaddr,
 +				  &ct->tuplehash[!dir].tuple.dst.u3,
 +				  IPPROTO_UDP, NULL, &be_loport);
 +
@@ -601,8 +630,7 @@
 +			}
 +
 +			nf_ct_expect_init(rtcp_exp, NF_CT_EXPECT_CLASS_DEFAULT,
-+					  nf_ct_l3num(ct),
-+					  NULL, /* &ct->tuplehash[!dir].tuple.src.u3, */
++					  nf_ct_l3num(ct), &srvaddr,
 +					  &ct->tuplehash[!dir].tuple.dst.u3,
 +					  IPPROTO_UDP, NULL, &be_hiport);
 +