From 3e1e2a3e7b6f5d969819bffda2858a91132d595e Mon Sep 17 00:00:00 2001
From: Indrek Ardel <indrek@ardel.eu>
Date: Sun, 10 Mar 2024 04:00:32 +0200
Subject: conntrack: T4022: add RTSP conntrack helper

---
 data/templates/conntrack/nftables-helpers.j2                  | 6 ++++++
 debian/control                                                | 3 +++
 interface-definitions/include/firewall/conntrack-helper.xml.i | 6 +++++-
 interface-definitions/system_conntrack.xml.in                 | 6 ++++++
 smoketest/scripts/cli/test_system_conntrack.py                | 8 ++++++--
 src/conf_mode/system_conntrack.py                             | 7 ++++++-
 6 files changed, 32 insertions(+), 4 deletions(-)

diff --git a/data/templates/conntrack/nftables-helpers.j2 b/data/templates/conntrack/nftables-helpers.j2
index 433931162..63a0cc855 100644
--- a/data/templates/conntrack/nftables-helpers.j2
+++ b/data/templates/conntrack/nftables-helpers.j2
@@ -31,6 +31,12 @@
     }
 {% endif %}
 
+{% if modules.rtsp is vyos_defined and ipv4 %}
+    ct helper rtsp_tcp {
+        type "rtsp" protocol tcp;
+    }
+{% endif %}
+
 {% if modules.sip is vyos_defined %}
     ct helper sip_tcp {
         type "sip" protocol tcp;
diff --git a/debian/control b/debian/control
index dddc4e14c..c5a60f660 100644
--- a/debian/control
+++ b/debian/control
@@ -256,6 +256,9 @@ Depends:
 # For "nat64"
   jool,
 # End "nat64"
+# For "system conntrack modules rtsp"
+  nat-rtsp,
+# End "system conntrack modules rtsp"
 # For "system ntp"
   chrony,
 # End "system ntp"
diff --git a/interface-definitions/include/firewall/conntrack-helper.xml.i b/interface-definitions/include/firewall/conntrack-helper.xml.i
index ee17f2c61..3ca1a0353 100644
--- a/interface-definitions/include/firewall/conntrack-helper.xml.i
+++ b/interface-definitions/include/firewall/conntrack-helper.xml.i
@@ -21,6 +21,10 @@
       <format>nfs</format>
       <description>Related traffic from NFS helper</description>
     </valueHelp>
+    <valueHelp>
+      <format>rtsp</format>
+      <description>Related traffic from RTSP helper</description>
+    </valueHelp>
     <valueHelp>
       <format>sip</format>
       <description>Related traffic from SIP helper</description>
@@ -34,7 +38,7 @@
       <description>Related traffic from SQLNet helper</description>
     </valueHelp>
     <constraint>
-      <regex>(ftp|h323|pptp|nfs|sip|tftp|sqlnet)</regex>
+      <regex>(ftp|h323|pptp|nfs|rtsp|sip|tftp|sqlnet)</regex>
     </constraint>
     <multi/>
   </properties>
diff --git a/interface-definitions/system_conntrack.xml.in b/interface-definitions/system_conntrack.xml.in
index a348097cc..219c6e28e 100644
--- a/interface-definitions/system_conntrack.xml.in
+++ b/interface-definitions/system_conntrack.xml.in
@@ -289,6 +289,12 @@
                   <valueless/>
                 </properties>
               </leafNode>
+              <leafNode name="rtsp">
+                <properties>
+                  <help>RTSP connection tracking</help>
+                  <valueless/>
+                </properties>
+              </leafNode>
               <leafNode name="sip">
                 <properties>
                   <help>SIP connection tracking</help>
diff --git a/smoketest/scripts/cli/test_system_conntrack.py b/smoketest/scripts/cli/test_system_conntrack.py
index f00626b3d..2d76da145 100755
--- a/smoketest/scripts/cli/test_system_conntrack.py
+++ b/smoketest/scripts/cli/test_system_conntrack.py
@@ -174,12 +174,16 @@ class TestSystemConntrack(VyOSUnitTestSHIM.TestCase):
             'pptp': {
                 'driver': ['nf_nat_pptp', 'nf_conntrack_pptp'],
                 'nftables': ['ct helper set "pptp_tcp"']
-             },
+            },
+            'rtsp': {
+                'driver': ['nf_nat_rtsp', 'nf_conntrack_rtsp'],
+                'nftables': ['ct helper set "rtsp_tcp"']
+            },
             'sip': {
                 'driver': ['nf_nat_sip', 'nf_conntrack_sip'],
                 'nftables': ['ct helper set "sip_tcp"',
                              'ct helper set "sip_udp"']
-             },
+            },
             'sqlnet': {
                 'nftables': ['ct helper set "tns_tcp"']
             },
diff --git a/src/conf_mode/system_conntrack.py b/src/conf_mode/system_conntrack.py
index 2a55daed4..a1472aaaa 100755
--- a/src/conf_mode/system_conntrack.py
+++ b/src/conf_mode/system_conntrack.py
@@ -58,6 +58,11 @@ module_map = {
         'nftables': ['tcp dport {1723} ct helper set "pptp_tcp" return'],
         'ipv4': True
      },
+    'rtsp': {
+        'ko': ['nf_nat_rtsp', 'nf_conntrack_rtsp'],
+        'nftables': ['tcp dport {554} ct helper set "rtsp_tcp" return'],
+        'ipv4': True
+    },
     'sip': {
         'ko': ['nf_nat_sip', 'nf_conntrack_sip'],
         'nftables': ['tcp dport {5060,5061} ct helper set "sip_tcp" return',
@@ -195,7 +200,7 @@ def generate(conntrack):
 def apply(conntrack):
     # Depending on the enable/disable state of the ALG (Application Layer Gateway)
     # modules we need to either insmod or rmmod the helpers.
-    
+
     add_modules = []
     rm_modules = []
 
-- 
cgit v1.2.3