From d01b62924e13dd609ce177faad89b61170f6155c Mon Sep 17 00:00:00 2001
From: Hans Dedecker <dedeckeh@gmail.com>
Date: Fri, 3 Aug 2018 17:51:23 +0200
Subject: [PATCH 1/2] xtables-addons: rtsp: fix compile warning/issue

Fix compile issue with Werror:

nf_conntrack_rtsp.c:667:39: error: implicit declaration of function 'nf_ct_zone' [-Werror=implicit-function-declaration]
   exp_ct = nf_ct_expect_find_get(net, nf_ct_zone(ct), &t);

Fix compile warning:

nf_conntrack_rtsp.c:474:2: warning: enumeration value 'IP_CT_DIR_MAX' not handled in switch [-Wswitch]
  switch (CTINFO2DIR(ctinfo)) {
  ^~~~~~

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
---
 net/xtables-addons/patches/100-add-rtsp-conntrack.patch | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/net/xtables-addons/patches/100-add-rtsp-conntrack.patch b/net/xtables-addons/patches/100-add-rtsp-conntrack.patch
index 7ac2cc563..e280ec447 100644
--- a/net/xtables-addons/patches/100-add-rtsp-conntrack.patch
+++ b/net/xtables-addons/patches/100-add-rtsp-conntrack.patch
@@ -235,7 +235,7 @@
 +#endif /* _NETFILTER_MIME_H */
 --- /dev/null
 +++ b/extensions/rtsp/nf_conntrack_rtsp.c
-@@ -0,0 +1,732 @@
+@@ -0,0 +1,735 @@
 +/*
 + * RTSP extension for IP connection tracking
 + * (C) 2003 by Tom Marshall <tmarshall at real.com>
@@ -287,6 +287,7 @@
 +#include <net/netfilter/nf_conntrack.h>
 +#include <net/netfilter/nf_conntrack_expect.h>
 +#include <net/netfilter/nf_conntrack_helper.h>
++#include <net/netfilter/nf_conntrack_zones.h>
 +#include "nf_conntrack_rtsp.h"
 +
 +#define NF_NEED_STRNCASECMP
@@ -878,6 +879,8 @@
 +		ret = help_in(skb, rb_ptr, datalen, ct, ctinfo);
 +#endif
 +		break;
++	default:
++		break;
 +	}
 +
 +	spin_unlock_bh(&rtsp_buffer_lock);

From ab48f4df18371982be6635f8d9e3140dd16e5e7b Mon Sep 17 00:00:00 2001
From: Hans Dedecker <dedeckeh@gmail.com>
Date: Fri, 3 Aug 2018 19:12:55 +0200
Subject: [PATCH 2/2] xtables-addons: rtsp: support destination format
 address:port

RFC2326 specifies the attribute client_port as the RTP/RTCP port pair on
which the client has chosen to receive media data and control info;
however some clients (mostly STBs) embed the client_port value in the
destination attribute in the form of destination=<address:port> without
specifying the client_port attribute in the SETUP message.
To support such clients check if the destination attribute contains a
port value and use it as port value for the expected RTP connection.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
---
 net/xtables-addons/Makefile                   |  2 +-
 .../patches/100-add-rtsp-conntrack.patch      | 64 ++++++++++++++++---
 2 files changed, 55 insertions(+), 11 deletions(-)

diff --git a/net/xtables-addons/Makefile b/net/xtables-addons/Makefile
index 5c78ff891..17da4103f 100644
--- a/net/xtables-addons/Makefile
+++ b/net/xtables-addons/Makefile
@@ -10,7 +10,7 @@ include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=xtables-addons
 PKG_VERSION:=2.14
-PKG_RELEASE:=4
+PKG_RELEASE:=5
 PKG_HASH:=d215a9a8b8e66aae04b982fa2e1228e8a71e7dfe42320df99e34e5000cbdf152
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
diff --git a/net/xtables-addons/patches/100-add-rtsp-conntrack.patch b/net/xtables-addons/patches/100-add-rtsp-conntrack.patch
index e280ec447..08ed4e845 100644
--- a/net/xtables-addons/patches/100-add-rtsp-conntrack.patch
+++ b/net/xtables-addons/patches/100-add-rtsp-conntrack.patch
@@ -235,7 +235,7 @@
 +#endif /* _NETFILTER_MIME_H */
 --- /dev/null
 +++ b/extensions/rtsp/nf_conntrack_rtsp.c
-@@ -0,0 +1,735 @@
+@@ -0,0 +1,761 @@
 +/*
 + * RTSP extension for IP connection tracking
 + * (C) 2003 by Tom Marshall <tmarshall at real.com>
@@ -257,6 +257,9 @@
 + * 2018-04-18: Hans Dedecker <dedeckeh at gmail.com>
 + *       - update RTP expected connection source IP based on SOURCE
 + *         in the SETUP reply message
++ * 2018-08-03: Alin Nastac <alin.nastac at gmail.com>
++ *             Hans Dedecker <dedeckeh at gmail.com>
++ *       - parse non-standard destination=address:port format
 + *
 + * based on ip_conntrack_irc.c
 + *
@@ -501,6 +504,29 @@
 +					     -1, NULL))
 +					pr_debug("source found : %pI4\n",
 +						 &prtspexp->srvaddr.ip);
++			} else if (nextfieldoff - off > 12 && strncmp(ptran+off, "destination=", 12) == 0) {
++				const char *psep;
++				u_int16_t   port;
++
++				off += 12;
++
++				if (in4_pton(ptran+off, nextfieldoff - off - 1, (u8 *)&prtspexp->cltaddr.in, -1, NULL)) {
++					pr_debug("destination found : %pI4\n", &prtspexp->cltaddr.ip);
++
++					/*
++					 * Some RTSP clients(mostly STBs) use non-standard destination parameters:
++					 * destination=address:port
++					 */
++					psep = memchr(ptran+off, ':', nextfieldoff-off);
++					if (psep != NULL && nf_strtou16(psep + 1, &port)) {
++						if (prtspexp->loport != 0 && prtspexp->loport != port)
++							pr_debug("multiple ports found, port %hu ignored\n", port);
++						else {
++							pr_debug("lo port found : %hu\n", port);
++							prtspexp->loport = prtspexp->hiport = port;
++						}
++					}
++				}
 +			}
 +			
 +			/*
@@ -973,7 +999,7 @@
 +module_exit(fini);
 --- /dev/null
 +++ b/extensions/rtsp/nf_conntrack_rtsp.h
-@@ -0,0 +1,73 @@
+@@ -0,0 +1,74 @@
 +/*
 + * RTSP extension for IP connection tracking.
 + * (C) 2003 by Tom Marshall <tmarshall at real.com>
@@ -1025,6 +1051,7 @@
 +    u_int16_t          loport;     /* Port that was requested, low or first */
 +    u_int16_t          hiport;     /* Port that was requested, high or second */
 +    union nf_inet_addr srvaddr;    /* src address in SETUP reply */
++    union nf_inet_addr cltaddr;    /* destination address */
 +#if 0
 +    uint               method;     /* RTSP method */
 +    uint               cseq;       /* CSeq from request */
@@ -1049,7 +1076,7 @@
 +#endif /* _IP_CONNTRACK_RTSP_H */
 --- /dev/null
 +++ b/extensions/rtsp/nf_nat_rtsp.c
-@@ -0,0 +1,617 @@
+@@ -0,0 +1,634 @@
 +/*
 + * RTSP extension for TCP NAT alteration
 + * (C) 2003 by Tom Marshall <tmarshall at real.com>
@@ -1209,9 +1236,9 @@
 +	struct nf_conntrack_tuple *rtp_t;
 +
 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,7,0)
-+	char szextaddr[INET6_ADDRSTRLEN];
++	char szextaddr[INET6_ADDRSTRLEN + 16];
 +#else
-+	char szextaddr[INET_ADDRSTRLEN];
++	char szextaddr[INET_ADDRSTRLEN + 16];
 +#endif
 +	uint extaddrlen;
 +	int  is_stun;
@@ -1344,8 +1371,9 @@
 +
 +			pfieldend = memchr(ptran+off, ';', nextparamoff-off);
 +			nextfieldoff = (pfieldend == NULL) ? nextparamoff : pfieldend-ptran+1;
++			SKIP_WSPACE(ptran, nextfieldoff, off);
 +
-+			if (dstact != DSTACT_NONE && strncmp(ptran+off, "destination=", 12) == 0) {
++			if (dstact != DSTACT_NONE && nextfieldoff - off > 12 && strncmp(ptran+off, "destination=", 12) == 0) {
 +				if (strncmp(ptran+off+12, szextaddr, extaddrlen) == 0)
 +					is_stun = 1;
 +
@@ -1356,12 +1384,28 @@
 +					uint dstreplen = 0;
 +					diff = dstlen;
 +					if (dstact == DSTACT_AUTO && !is_stun) {
-+						pr_debug("RTSP: replace dst addr\n");
++						const char* psep = memchr(ptran+off, ':', dstlen);
++						u_int16_t port;
++
 +						dstoff += 12;
 +						dstlen -= 13;
 +						pdstrep = szextaddr;
-+						dstreplen = extaddrlen;
-+						diff = nextfieldoff-off-13-extaddrlen;
++
++						if (psep != NULL && nf_strtou16(psep + 1, &port)) {
++							pr_debug("RTSP: replace dst addr&port\n");
++
++							if (port != prtspexp->loport) {
++								pr_debug("multiple ports found, port %hu ignored\n", port);
++								dstreplen = extaddrlen;
++							} else {
++								sprintf(szextaddr+extaddrlen, ":%s", rbuf1);
++								dstreplen = extaddrlen+1+rbuf1len;
++							}
++						} else {
++							pr_debug("RTSP: replace dst addr\n");
++							dstreplen = extaddrlen;
++						}
++						diff = nextfieldoff-off-13-dstreplen;
 +					}
 +
 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,7,0)
@@ -1399,7 +1443,7 @@
 +			pfieldend = memchr(ptran+off, ';', nextparamoff-off);
 +			nextfieldoff = (pfieldend == NULL) ? nextparamoff : pfieldend-ptran+1;
 +
-+			if (strncmp(ptran+off, "client_port=", 12) == 0) {
++			if (nextfieldoff - off > 12 && strncmp(ptran+off, "client_port=", 12) == 0) {
 +				u_int16_t port;
 +				uint	  numlen;
 +				uint      origoff;