2 * H.323 connection tracking helper
4 * Copyright (c) 2006 Jing Min Zhao <zhaojingmin@users.sourceforge.net>
6 * This source code is licensed under General Public License version 2.
8 * Based on the 'brute force' H.323 connection tracking module by
9 * Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
11 * For more information, please see http://nath323.sourceforge.net/
14 #include <linux/module.h>
15 #include <linux/netfilter.h>
18 #include <linux/netfilter_ipv4/ip_conntrack.h>
19 #include <linux/netfilter_ipv4/ip_conntrack_core.h>
20 #include <linux/netfilter_ipv4/ip_conntrack_helper.h>
21 #include <linux/netfilter_ipv4/ip_conntrack_tuple.h>
22 #include <linux/netfilter_ipv4/ip_conntrack_h323.h>
23 #include <linux/moduleparam.h>
24 #include <linux/ctype.h>
25 #include <linux/inet.h>
30 #define DEBUGP(format, args...)
34 static unsigned int default_rrq_ttl = 300;
35 module_param(default_rrq_ttl, uint, 0600);
36 MODULE_PARM_DESC(default_rrq_ttl, "use this TTL if it's missing in RRQ");
38 static int gkrouted_only = 1;
39 module_param(gkrouted_only, int, 0600);
40 MODULE_PARM_DESC(gkrouted_only, "only accept calls from gatekeeper");
42 static int callforward_filter = 1;
43 module_param(callforward_filter, bool, 0600);
44 MODULE_PARM_DESC(callforward_filter, "only create call forwarding expectations "
45 "if both endpoints are on different sides "
46 "(determined by routing information)");
49 int (*set_h245_addr_hook) (struct sk_buff ** pskb,
50 unsigned char **data, int dataoff,
51 H245_TransportAddress * addr,
52 __be32 ip, u_int16_t port);
53 int (*set_h225_addr_hook) (struct sk_buff ** pskb,
54 unsigned char **data, int dataoff,
55 TransportAddress * addr,
56 __be32 ip, u_int16_t port);
57 int (*set_sig_addr_hook) (struct sk_buff ** pskb,
58 struct ip_conntrack * ct,
59 enum ip_conntrack_info ctinfo,
61 TransportAddress * addr, int count);
62 int (*set_ras_addr_hook) (struct sk_buff ** pskb,
63 struct ip_conntrack * ct,
64 enum ip_conntrack_info ctinfo,
66 TransportAddress * addr, int count);
67 int (*nat_rtp_rtcp_hook) (struct sk_buff ** pskb,
68 struct ip_conntrack * ct,
69 enum ip_conntrack_info ctinfo,
70 unsigned char **data, int dataoff,
71 H245_TransportAddress * addr,
72 u_int16_t port, u_int16_t rtp_port,
73 struct ip_conntrack_expect * rtp_exp,
74 struct ip_conntrack_expect * rtcp_exp);
75 int (*nat_t120_hook) (struct sk_buff ** pskb,
76 struct ip_conntrack * ct,
77 enum ip_conntrack_info ctinfo,
78 unsigned char **data, int dataoff,
79 H245_TransportAddress * addr, u_int16_t port,
80 struct ip_conntrack_expect * exp);
81 int (*nat_h245_hook) (struct sk_buff ** pskb,
82 struct ip_conntrack * ct,
83 enum ip_conntrack_info ctinfo,
84 unsigned char **data, int dataoff,
85 TransportAddress * addr, u_int16_t port,
86 struct ip_conntrack_expect * exp);
87 int (*nat_callforwarding_hook) (struct sk_buff ** pskb,
88 struct ip_conntrack * ct,
89 enum ip_conntrack_info ctinfo,
90 unsigned char **data, int dataoff,
91 TransportAddress * addr, u_int16_t port,
92 struct ip_conntrack_expect * exp);
93 int (*nat_q931_hook) (struct sk_buff ** pskb,
94 struct ip_conntrack * ct,
95 enum ip_conntrack_info ctinfo,
96 unsigned char **data, TransportAddress * addr, int idx,
97 u_int16_t port, struct ip_conntrack_expect * exp);
100 static DEFINE_SPINLOCK(ip_h323_lock);
101 static char *h323_buffer;
103 /****************************************************************************/
104 static int get_tpkt_data(struct sk_buff **pskb, struct ip_conntrack *ct,
105 enum ip_conntrack_info ctinfo,
106 unsigned char **data, int *datalen, int *dataoff)
108 struct ip_ct_h323_master *info = &ct->help.ct_h323_info;
109 int dir = CTINFO2DIR(ctinfo);
110 struct tcphdr _tcph, *th;
118 th = skb_header_pointer(*pskb, ip_hdrlen(*pskb),
119 sizeof(_tcph), &_tcph);
123 /* Get TCP data offset */
124 tcpdataoff = ip_hdrlen(*pskb) + th->doff * 4;
126 /* Get TCP data length */
127 tcpdatalen = (*pskb)->len - tcpdataoff;
128 if (tcpdatalen <= 0) /* No TCP data */
131 if (*data == NULL) { /* first TPKT */
132 /* Get first TPKT pointer */
133 tpkt = skb_header_pointer(*pskb, tcpdataoff, tcpdatalen,
135 BUG_ON(tpkt == NULL);
137 /* Validate TPKT identifier */
138 if (tcpdatalen < 4 || tpkt[0] != 0x03 || tpkt[1] != 0) {
139 /* Netmeeting sends TPKT header and data separately */
140 if (info->tpkt_len[dir] > 0) {
141 DEBUGP("ip_ct_h323: previous packet "
142 "indicated separate TPKT data of %hu "
143 "bytes\n", info->tpkt_len[dir]);
144 if (info->tpkt_len[dir] <= tcpdatalen) {
145 /* Yes, there was a TPKT header
148 *datalen = info->tpkt_len[dir];
153 /* Fragmented TPKT */
155 printk("ip_ct_h323: "
156 "fragmented TPKT\n");
160 /* It is not even a TPKT */
164 } else { /* Next TPKT */
165 tpktoff = *dataoff + *datalen;
166 tcpdatalen -= tpktoff;
167 if (tcpdatalen <= 4) /* No more TPKT */
169 tpkt = *data + *datalen;
171 /* Validate TPKT identifier */
172 if (tpkt[0] != 0x03 || tpkt[1] != 0)
176 /* Validate TPKT length */
177 tpktlen = tpkt[2] * 256 + tpkt[3];
180 if (tpktlen > tcpdatalen) {
181 if (tcpdatalen == 4) { /* Separate TPKT header */
182 /* Netmeeting sends TPKT header and data separately */
183 DEBUGP("ip_ct_h323: separate TPKT header indicates "
184 "there will be TPKT data of %hu bytes\n",
186 info->tpkt_len[dir] = tpktlen - 4;
191 printk("ip_ct_h323: incomplete TPKT (fragmented?)\n");
195 /* This is the encapsulated data */
197 *datalen = tpktlen - 4;
198 *dataoff = tpktoff + 4;
201 /* Clear TPKT length */
202 info->tpkt_len[dir] = 0;
206 info->tpkt_len[dir] = 0;
210 /****************************************************************************/
211 static int get_h245_addr(unsigned char *data, H245_TransportAddress * addr,
212 __be32 * ip, u_int16_t * port)
216 if (addr->choice != eH245_TransportAddress_unicastAddress ||
217 addr->unicastAddress.choice != eUnicastAddress_iPAddress)
220 p = data + addr->unicastAddress.iPAddress.network;
221 *ip = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | (p[3]));
222 *port = (p[4] << 8) | (p[5]);
227 /****************************************************************************/
228 static int expect_rtp_rtcp(struct sk_buff **pskb, struct ip_conntrack *ct,
229 enum ip_conntrack_info ctinfo,
230 unsigned char **data, int dataoff,
231 H245_TransportAddress * addr)
233 int dir = CTINFO2DIR(ctinfo);
238 struct ip_conntrack_expect *rtp_exp;
239 struct ip_conntrack_expect *rtcp_exp;
240 typeof(nat_rtp_rtcp_hook) nat_rtp_rtcp;
242 /* Read RTP or RTCP address */
243 if (!get_h245_addr(*data, addr, &ip, &port) ||
244 ip != ct->tuplehash[dir].tuple.src.ip || port == 0)
247 /* RTP port is even */
248 rtp_port = port & (~1);
250 /* Create expect for RTP */
251 if ((rtp_exp = ip_conntrack_expect_alloc(ct)) == NULL)
253 rtp_exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
254 rtp_exp->tuple.src.u.udp.port = 0;
255 rtp_exp->tuple.dst.ip = ct->tuplehash[!dir].tuple.dst.ip;
256 rtp_exp->tuple.dst.u.udp.port = htons(rtp_port);
257 rtp_exp->tuple.dst.protonum = IPPROTO_UDP;
258 rtp_exp->mask.src.ip = htonl(0xFFFFFFFF);
259 rtp_exp->mask.src.u.udp.port = 0;
260 rtp_exp->mask.dst.ip = htonl(0xFFFFFFFF);
261 rtp_exp->mask.dst.u.udp.port = htons(0xFFFF);
262 rtp_exp->mask.dst.protonum = 0xFF;
265 /* Create expect for RTCP */
266 if ((rtcp_exp = ip_conntrack_expect_alloc(ct)) == NULL) {
267 ip_conntrack_expect_put(rtp_exp);
270 rtcp_exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
271 rtcp_exp->tuple.src.u.udp.port = 0;
272 rtcp_exp->tuple.dst.ip = ct->tuplehash[!dir].tuple.dst.ip;
273 rtcp_exp->tuple.dst.u.udp.port = htons(rtp_port + 1);
274 rtcp_exp->tuple.dst.protonum = IPPROTO_UDP;
275 rtcp_exp->mask.src.ip = htonl(0xFFFFFFFF);
276 rtcp_exp->mask.src.u.udp.port = 0;
277 rtcp_exp->mask.dst.ip = htonl(0xFFFFFFFF);
278 rtcp_exp->mask.dst.u.udp.port = htons(0xFFFF);
279 rtcp_exp->mask.dst.protonum = 0xFF;
282 if (ct->tuplehash[dir].tuple.src.ip !=
283 ct->tuplehash[!dir].tuple.dst.ip &&
284 (nat_rtp_rtcp = rcu_dereference(nat_rtp_rtcp_hook))) {
286 ret = nat_rtp_rtcp(pskb, ct, ctinfo, data, dataoff,
287 addr, port, rtp_port, rtp_exp, rtcp_exp);
288 } else { /* Conntrack only */
289 rtp_exp->expectfn = NULL;
290 rtcp_exp->expectfn = NULL;
292 if (ip_conntrack_expect_related(rtp_exp) == 0) {
293 if (ip_conntrack_expect_related(rtcp_exp) == 0) {
294 DEBUGP("ip_ct_h323: expect RTP "
295 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
296 NIPQUAD(rtp_exp->tuple.src.ip),
297 ntohs(rtp_exp->tuple.src.u.udp.port),
298 NIPQUAD(rtp_exp->tuple.dst.ip),
299 ntohs(rtp_exp->tuple.dst.u.udp.port));
300 DEBUGP("ip_ct_h323: expect RTCP "
301 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
302 NIPQUAD(rtcp_exp->tuple.src.ip),
303 ntohs(rtcp_exp->tuple.src.u.udp.port),
304 NIPQUAD(rtcp_exp->tuple.dst.ip),
305 ntohs(rtcp_exp->tuple.dst.u.udp.port));
307 ip_conntrack_unexpect_related(rtp_exp);
314 ip_conntrack_expect_put(rtp_exp);
315 ip_conntrack_expect_put(rtcp_exp);
320 /****************************************************************************/
321 static int expect_t120(struct sk_buff **pskb,
322 struct ip_conntrack *ct,
323 enum ip_conntrack_info ctinfo,
324 unsigned char **data, int dataoff,
325 H245_TransportAddress * addr)
327 int dir = CTINFO2DIR(ctinfo);
331 struct ip_conntrack_expect *exp = NULL;
332 typeof(nat_t120_hook) nat_t120;
334 /* Read T.120 address */
335 if (!get_h245_addr(*data, addr, &ip, &port) ||
336 ip != ct->tuplehash[dir].tuple.src.ip || port == 0)
339 /* Create expect for T.120 connections */
340 if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
342 exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
343 exp->tuple.src.u.tcp.port = 0;
344 exp->tuple.dst.ip = ct->tuplehash[!dir].tuple.dst.ip;
345 exp->tuple.dst.u.tcp.port = htons(port);
346 exp->tuple.dst.protonum = IPPROTO_TCP;
347 exp->mask.src.ip = htonl(0xFFFFFFFF);
348 exp->mask.src.u.tcp.port = 0;
349 exp->mask.dst.ip = htonl(0xFFFFFFFF);
350 exp->mask.dst.u.tcp.port = htons(0xFFFF);
351 exp->mask.dst.protonum = 0xFF;
352 exp->flags = IP_CT_EXPECT_PERMANENT; /* Accept multiple channels */
354 if (ct->tuplehash[dir].tuple.src.ip !=
355 ct->tuplehash[!dir].tuple.dst.ip &&
356 (nat_t120 = rcu_dereference(nat_t120_hook))) {
358 ret = nat_t120(pskb, ct, ctinfo, data, dataoff, addr,
360 } else { /* Conntrack only */
361 exp->expectfn = NULL;
362 if (ip_conntrack_expect_related(exp) == 0) {
363 DEBUGP("ip_ct_h323: expect T.120 "
364 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
365 NIPQUAD(exp->tuple.src.ip),
366 ntohs(exp->tuple.src.u.tcp.port),
367 NIPQUAD(exp->tuple.dst.ip),
368 ntohs(exp->tuple.dst.u.tcp.port));
373 ip_conntrack_expect_put(exp);
378 /****************************************************************************/
379 static int process_h245_channel(struct sk_buff **pskb,
380 struct ip_conntrack *ct,
381 enum ip_conntrack_info ctinfo,
382 unsigned char **data, int dataoff,
383 H2250LogicalChannelParameters * channel)
387 if (channel->options & eH2250LogicalChannelParameters_mediaChannel) {
389 ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff,
390 &channel->mediaChannel);
396 options & eH2250LogicalChannelParameters_mediaControlChannel) {
398 ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff,
399 &channel->mediaControlChannel);
407 /****************************************************************************/
408 static int process_olc(struct sk_buff **pskb, struct ip_conntrack *ct,
409 enum ip_conntrack_info ctinfo,
410 unsigned char **data, int dataoff,
411 OpenLogicalChannel * olc)
415 DEBUGP("ip_ct_h323: OpenLogicalChannel\n");
417 if (olc->forwardLogicalChannelParameters.multiplexParameters.choice ==
418 eOpenLogicalChannel_forwardLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)
420 ret = process_h245_channel(pskb, ct, ctinfo, data, dataoff,
422 forwardLogicalChannelParameters.
424 h2250LogicalChannelParameters);
430 eOpenLogicalChannel_reverseLogicalChannelParameters) &&
431 (olc->reverseLogicalChannelParameters.options &
432 eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters)
433 && (olc->reverseLogicalChannelParameters.multiplexParameters.
435 eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters))
438 process_h245_channel(pskb, ct, ctinfo, data, dataoff,
440 reverseLogicalChannelParameters.
442 h2250LogicalChannelParameters);
447 if ((olc->options & eOpenLogicalChannel_separateStack) &&
448 olc->forwardLogicalChannelParameters.dataType.choice ==
450 olc->forwardLogicalChannelParameters.dataType.data.application.
451 choice == eDataApplicationCapability_application_t120 &&
452 olc->forwardLogicalChannelParameters.dataType.data.application.
453 t120.choice == eDataProtocolCapability_separateLANStack &&
454 olc->separateStack.networkAddress.choice ==
455 eNetworkAccessParameters_networkAddress_localAreaAddress) {
456 ret = expect_t120(pskb, ct, ctinfo, data, dataoff,
457 &olc->separateStack.networkAddress.
466 /****************************************************************************/
467 static int process_olca(struct sk_buff **pskb, struct ip_conntrack *ct,
468 enum ip_conntrack_info ctinfo,
469 unsigned char **data, int dataoff,
470 OpenLogicalChannelAck * olca)
472 H2250LogicalChannelAckParameters *ack;
475 DEBUGP("ip_ct_h323: OpenLogicalChannelAck\n");
478 eOpenLogicalChannelAck_reverseLogicalChannelParameters) &&
479 (olca->reverseLogicalChannelParameters.options &
480 eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters)
481 && (olca->reverseLogicalChannelParameters.multiplexParameters.
483 eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters))
485 ret = process_h245_channel(pskb, ct, ctinfo, data, dataoff,
487 reverseLogicalChannelParameters.
489 h2250LogicalChannelParameters);
495 eOpenLogicalChannelAck_forwardMultiplexAckParameters) &&
496 (olca->forwardMultiplexAckParameters.choice ==
497 eOpenLogicalChannelAck_forwardMultiplexAckParameters_h2250LogicalChannelAckParameters))
499 ack = &olca->forwardMultiplexAckParameters.
500 h2250LogicalChannelAckParameters;
502 eH2250LogicalChannelAckParameters_mediaChannel) {
504 ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff,
511 eH2250LogicalChannelAckParameters_mediaControlChannel) {
513 ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff,
514 &ack->mediaControlChannel);
523 /****************************************************************************/
524 static int process_h245(struct sk_buff **pskb, struct ip_conntrack *ct,
525 enum ip_conntrack_info ctinfo,
526 unsigned char **data, int dataoff,
527 MultimediaSystemControlMessage * mscm)
529 switch (mscm->choice) {
530 case eMultimediaSystemControlMessage_request:
531 if (mscm->request.choice ==
532 eRequestMessage_openLogicalChannel) {
533 return process_olc(pskb, ct, ctinfo, data, dataoff,
534 &mscm->request.openLogicalChannel);
536 DEBUGP("ip_ct_h323: H.245 Request %d\n",
537 mscm->request.choice);
539 case eMultimediaSystemControlMessage_response:
540 if (mscm->response.choice ==
541 eResponseMessage_openLogicalChannelAck) {
542 return process_olca(pskb, ct, ctinfo, data, dataoff,
544 openLogicalChannelAck);
546 DEBUGP("ip_ct_h323: H.245 Response %d\n",
547 mscm->response.choice);
550 DEBUGP("ip_ct_h323: H.245 signal %d\n", mscm->choice);
557 /****************************************************************************/
558 static int h245_help(struct sk_buff **pskb, struct ip_conntrack *ct,
559 enum ip_conntrack_info ctinfo)
561 static MultimediaSystemControlMessage mscm;
562 unsigned char *data = NULL;
567 /* Until there's been traffic both ways, don't look in packets. */
568 if (ctinfo != IP_CT_ESTABLISHED
569 && ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) {
572 DEBUGP("ip_ct_h245: skblen = %u\n", (*pskb)->len);
574 spin_lock_bh(&ip_h323_lock);
576 /* Process each TPKT */
577 while (get_tpkt_data(pskb, ct, ctinfo, &data, &datalen, &dataoff)) {
578 DEBUGP("ip_ct_h245: TPKT %u.%u.%u.%u->%u.%u.%u.%u, len=%d\n",
579 NIPQUAD(ip_hdr(*pskb)->saddr),
580 NIPQUAD(ip_hdr(*pskb)->daddr), datalen);
582 /* Decode H.245 signal */
583 ret = DecodeMultimediaSystemControlMessage(data, datalen,
587 printk("ip_ct_h245: decoding error: %s\n",
588 ret == H323_ERROR_BOUND ?
589 "out of bound" : "out of range");
590 /* We don't drop when decoding error */
594 /* Process H.245 signal */
595 if (process_h245(pskb, ct, ctinfo, &data, dataoff, &mscm) < 0)
599 spin_unlock_bh(&ip_h323_lock);
603 spin_unlock_bh(&ip_h323_lock);
605 printk("ip_ct_h245: packet dropped\n");
609 /****************************************************************************/
610 static struct ip_conntrack_helper ip_conntrack_helper_h245 = {
613 .max_expected = H323_RTP_CHANNEL_MAX * 4 + 2 /* T.120 */ ,
615 .tuple = {.dst = {.protonum = IPPROTO_TCP}},
616 .mask = {.src = {.u = {0xFFFF}},
617 .dst = {.protonum = 0xFF}},
621 /****************************************************************************/
622 void ip_conntrack_h245_expect(struct ip_conntrack *new,
623 struct ip_conntrack_expect *this)
625 write_lock_bh(&ip_conntrack_lock);
626 new->helper = &ip_conntrack_helper_h245;
627 write_unlock_bh(&ip_conntrack_lock);
630 /****************************************************************************/
631 int get_h225_addr(unsigned char *data, TransportAddress * addr,
632 __be32 * ip, u_int16_t * port)
636 if (addr->choice != eTransportAddress_ipAddress)
639 p = data + addr->ipAddress.ip;
640 *ip = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | (p[3]));
641 *port = (p[4] << 8) | (p[5]);
646 /****************************************************************************/
647 static int expect_h245(struct sk_buff **pskb, struct ip_conntrack *ct,
648 enum ip_conntrack_info ctinfo,
649 unsigned char **data, int dataoff,
650 TransportAddress * addr)
652 int dir = CTINFO2DIR(ctinfo);
656 struct ip_conntrack_expect *exp = NULL;
657 typeof(nat_h245_hook) nat_h245;
659 /* Read h245Address */
660 if (!get_h225_addr(*data, addr, &ip, &port) ||
661 ip != ct->tuplehash[dir].tuple.src.ip || port == 0)
664 /* Create expect for h245 connection */
665 if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
667 exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
668 exp->tuple.src.u.tcp.port = 0;
669 exp->tuple.dst.ip = ct->tuplehash[!dir].tuple.dst.ip;
670 exp->tuple.dst.u.tcp.port = htons(port);
671 exp->tuple.dst.protonum = IPPROTO_TCP;
672 exp->mask.src.ip = htonl(0xFFFFFFFF);
673 exp->mask.src.u.tcp.port = 0;
674 exp->mask.dst.ip = htonl(0xFFFFFFFF);
675 exp->mask.dst.u.tcp.port = htons(0xFFFF);
676 exp->mask.dst.protonum = 0xFF;
679 if (ct->tuplehash[dir].tuple.src.ip !=
680 ct->tuplehash[!dir].tuple.dst.ip &&
681 (nat_h245 = rcu_dereference(nat_h245_hook))) {
683 ret = nat_h245(pskb, ct, ctinfo, data, dataoff, addr,
685 } else { /* Conntrack only */
686 exp->expectfn = ip_conntrack_h245_expect;
688 if (ip_conntrack_expect_related(exp) == 0) {
689 DEBUGP("ip_ct_q931: expect H.245 "
690 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
691 NIPQUAD(exp->tuple.src.ip),
692 ntohs(exp->tuple.src.u.tcp.port),
693 NIPQUAD(exp->tuple.dst.ip),
694 ntohs(exp->tuple.dst.u.tcp.port));
699 ip_conntrack_expect_put(exp);
704 /* Forwarding declaration */
705 void ip_conntrack_q931_expect(struct ip_conntrack *new,
706 struct ip_conntrack_expect *this);
708 /****************************************************************************/
709 static int expect_callforwarding(struct sk_buff **pskb,
710 struct ip_conntrack *ct,
711 enum ip_conntrack_info ctinfo,
712 unsigned char **data, int dataoff,
713 TransportAddress * addr)
715 int dir = CTINFO2DIR(ctinfo);
719 struct ip_conntrack_expect *exp = NULL;
720 typeof(nat_callforwarding_hook) nat_callforwarding;
722 /* Read alternativeAddress */
723 if (!get_h225_addr(*data, addr, &ip, &port) || port == 0)
726 /* If the calling party is on the same side of the forward-to party,
727 * we don't need to track the second call */
728 if (callforward_filter) {
729 struct rtable *rt1, *rt2;
734 .fl4_dst = ct->tuplehash[!dir].tuple.src.ip,
737 if (ip_route_output_key(&rt1, &fl1) == 0) {
738 if (ip_route_output_key(&rt2, &fl2) == 0) {
739 if (rt1->rt_gateway == rt2->rt_gateway &&
740 rt1->u.dst.dev == rt2->u.dst.dev)
742 dst_release(&rt2->u.dst);
744 dst_release(&rt1->u.dst);
747 DEBUGP("ip_ct_q931: Call Forwarding not tracked\n");
752 /* Create expect for the second call leg */
753 if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
755 exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
756 exp->tuple.src.u.tcp.port = 0;
757 exp->tuple.dst.ip = ip;
758 exp->tuple.dst.u.tcp.port = htons(port);
759 exp->tuple.dst.protonum = IPPROTO_TCP;
760 exp->mask.src.ip = htonl(0xFFFFFFFF);
761 exp->mask.src.u.tcp.port = 0;
762 exp->mask.dst.ip = htonl(0xFFFFFFFF);
763 exp->mask.dst.u.tcp.port = htons(0xFFFF);
764 exp->mask.dst.protonum = 0xFF;
767 if (ct->tuplehash[dir].tuple.src.ip !=
768 ct->tuplehash[!dir].tuple.dst.ip &&
769 (nat_callforwarding = rcu_dereference(nat_callforwarding_hook))) {
771 ret = nat_callforwarding(pskb, ct, ctinfo, data, dataoff,
773 } else { /* Conntrack only */
774 exp->expectfn = ip_conntrack_q931_expect;
776 if (ip_conntrack_expect_related(exp) == 0) {
777 DEBUGP("ip_ct_q931: expect Call Forwarding "
778 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
779 NIPQUAD(exp->tuple.src.ip),
780 ntohs(exp->tuple.src.u.tcp.port),
781 NIPQUAD(exp->tuple.dst.ip),
782 ntohs(exp->tuple.dst.u.tcp.port));
787 ip_conntrack_expect_put(exp);
792 /****************************************************************************/
793 static int process_setup(struct sk_buff **pskb, struct ip_conntrack *ct,
794 enum ip_conntrack_info ctinfo,
795 unsigned char **data, int dataoff,
798 int dir = CTINFO2DIR(ctinfo);
803 typeof(set_h225_addr_hook) set_h225_addr;
805 DEBUGP("ip_ct_q931: Setup\n");
807 if (setup->options & eSetup_UUIE_h245Address) {
808 ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
809 &setup->h245Address);
814 set_h225_addr = rcu_dereference(set_h225_addr_hook);
816 if ((setup->options & eSetup_UUIE_destCallSignalAddress) &&
818 get_h225_addr(*data, &setup->destCallSignalAddress, &ip, &port) &&
819 ip != ct->tuplehash[!dir].tuple.src.ip) {
820 DEBUGP("ip_ct_q931: set destCallSignalAddress "
821 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
823 NIPQUAD(ct->tuplehash[!dir].tuple.src.ip),
824 ntohs(ct->tuplehash[!dir].tuple.src.u.tcp.port));
825 ret = set_h225_addr(pskb, data, dataoff,
826 &setup->destCallSignalAddress,
827 ct->tuplehash[!dir].tuple.src.ip,
828 ntohs(ct->tuplehash[!dir].tuple.src.
834 if ((setup->options & eSetup_UUIE_sourceCallSignalAddress) &&
836 get_h225_addr(*data, &setup->sourceCallSignalAddress, &ip, &port)
837 && ip != ct->tuplehash[!dir].tuple.dst.ip) {
838 DEBUGP("ip_ct_q931: set sourceCallSignalAddress "
839 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
841 NIPQUAD(ct->tuplehash[!dir].tuple.dst.ip),
842 ntohs(ct->tuplehash[!dir].tuple.dst.u.tcp.port));
843 ret = set_h225_addr(pskb, data, dataoff,
844 &setup->sourceCallSignalAddress,
845 ct->tuplehash[!dir].tuple.dst.ip,
846 ntohs(ct->tuplehash[!dir].tuple.dst.
852 if (setup->options & eSetup_UUIE_fastStart) {
853 for (i = 0; i < setup->fastStart.count; i++) {
854 ret = process_olc(pskb, ct, ctinfo, data, dataoff,
855 &setup->fastStart.item[i]);
864 /****************************************************************************/
865 static int process_callproceeding(struct sk_buff **pskb,
866 struct ip_conntrack *ct,
867 enum ip_conntrack_info ctinfo,
868 unsigned char **data, int dataoff,
869 CallProceeding_UUIE * callproc)
874 DEBUGP("ip_ct_q931: CallProceeding\n");
876 if (callproc->options & eCallProceeding_UUIE_h245Address) {
877 ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
878 &callproc->h245Address);
883 if (callproc->options & eCallProceeding_UUIE_fastStart) {
884 for (i = 0; i < callproc->fastStart.count; i++) {
885 ret = process_olc(pskb, ct, ctinfo, data, dataoff,
886 &callproc->fastStart.item[i]);
895 /****************************************************************************/
896 static int process_connect(struct sk_buff **pskb, struct ip_conntrack *ct,
897 enum ip_conntrack_info ctinfo,
898 unsigned char **data, int dataoff,
899 Connect_UUIE * connect)
904 DEBUGP("ip_ct_q931: Connect\n");
906 if (connect->options & eConnect_UUIE_h245Address) {
907 ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
908 &connect->h245Address);
913 if (connect->options & eConnect_UUIE_fastStart) {
914 for (i = 0; i < connect->fastStart.count; i++) {
915 ret = process_olc(pskb, ct, ctinfo, data, dataoff,
916 &connect->fastStart.item[i]);
925 /****************************************************************************/
926 static int process_alerting(struct sk_buff **pskb, struct ip_conntrack *ct,
927 enum ip_conntrack_info ctinfo,
928 unsigned char **data, int dataoff,
929 Alerting_UUIE * alert)
934 DEBUGP("ip_ct_q931: Alerting\n");
936 if (alert->options & eAlerting_UUIE_h245Address) {
937 ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
938 &alert->h245Address);
943 if (alert->options & eAlerting_UUIE_fastStart) {
944 for (i = 0; i < alert->fastStart.count; i++) {
945 ret = process_olc(pskb, ct, ctinfo, data, dataoff,
946 &alert->fastStart.item[i]);
955 /****************************************************************************/
956 static int process_information(struct sk_buff **pskb,
957 struct ip_conntrack *ct,
958 enum ip_conntrack_info ctinfo,
959 unsigned char **data, int dataoff,
960 Information_UUIE * info)
965 DEBUGP("ip_ct_q931: Information\n");
967 if (info->options & eInformation_UUIE_fastStart) {
968 for (i = 0; i < info->fastStart.count; i++) {
969 ret = process_olc(pskb, ct, ctinfo, data, dataoff,
970 &info->fastStart.item[i]);
979 /****************************************************************************/
980 static int process_facility(struct sk_buff **pskb, struct ip_conntrack *ct,
981 enum ip_conntrack_info ctinfo,
982 unsigned char **data, int dataoff,
983 Facility_UUIE * facility)
988 DEBUGP("ip_ct_q931: Facility\n");
990 if (facility->reason.choice == eFacilityReason_callForwarded) {
991 if (facility->options & eFacility_UUIE_alternativeAddress)
992 return expect_callforwarding(pskb, ct, ctinfo, data,
999 if (facility->options & eFacility_UUIE_h245Address) {
1000 ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
1001 &facility->h245Address);
1006 if (facility->options & eFacility_UUIE_fastStart) {
1007 for (i = 0; i < facility->fastStart.count; i++) {
1008 ret = process_olc(pskb, ct, ctinfo, data, dataoff,
1009 &facility->fastStart.item[i]);
1018 /****************************************************************************/
1019 static int process_progress(struct sk_buff **pskb, struct ip_conntrack *ct,
1020 enum ip_conntrack_info ctinfo,
1021 unsigned char **data, int dataoff,
1022 Progress_UUIE * progress)
1027 DEBUGP("ip_ct_q931: Progress\n");
1029 if (progress->options & eProgress_UUIE_h245Address) {
1030 ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
1031 &progress->h245Address);
1036 if (progress->options & eProgress_UUIE_fastStart) {
1037 for (i = 0; i < progress->fastStart.count; i++) {
1038 ret = process_olc(pskb, ct, ctinfo, data, dataoff,
1039 &progress->fastStart.item[i]);
1048 /****************************************************************************/
1049 static int process_q931(struct sk_buff **pskb, struct ip_conntrack *ct,
1050 enum ip_conntrack_info ctinfo,
1051 unsigned char **data, int dataoff, Q931 * q931)
1053 H323_UU_PDU *pdu = &q931->UUIE.h323_uu_pdu;
1057 switch (pdu->h323_message_body.choice) {
1058 case eH323_UU_PDU_h323_message_body_setup:
1059 ret = process_setup(pskb, ct, ctinfo, data, dataoff,
1060 &pdu->h323_message_body.setup);
1062 case eH323_UU_PDU_h323_message_body_callProceeding:
1063 ret = process_callproceeding(pskb, ct, ctinfo, data, dataoff,
1064 &pdu->h323_message_body.
1067 case eH323_UU_PDU_h323_message_body_connect:
1068 ret = process_connect(pskb, ct, ctinfo, data, dataoff,
1069 &pdu->h323_message_body.connect);
1071 case eH323_UU_PDU_h323_message_body_alerting:
1072 ret = process_alerting(pskb, ct, ctinfo, data, dataoff,
1073 &pdu->h323_message_body.alerting);
1075 case eH323_UU_PDU_h323_message_body_information:
1076 ret = process_information(pskb, ct, ctinfo, data, dataoff,
1077 &pdu->h323_message_body.
1080 case eH323_UU_PDU_h323_message_body_facility:
1081 ret = process_facility(pskb, ct, ctinfo, data, dataoff,
1082 &pdu->h323_message_body.facility);
1084 case eH323_UU_PDU_h323_message_body_progress:
1085 ret = process_progress(pskb, ct, ctinfo, data, dataoff,
1086 &pdu->h323_message_body.progress);
1089 DEBUGP("ip_ct_q931: Q.931 signal %d\n",
1090 pdu->h323_message_body.choice);
1097 if (pdu->options & eH323_UU_PDU_h245Control) {
1098 for (i = 0; i < pdu->h245Control.count; i++) {
1099 ret = process_h245(pskb, ct, ctinfo, data, dataoff,
1100 &pdu->h245Control.item[i]);
1109 /****************************************************************************/
1110 static int q931_help(struct sk_buff **pskb, struct ip_conntrack *ct,
1111 enum ip_conntrack_info ctinfo)
1114 unsigned char *data = NULL;
1119 /* Until there's been traffic both ways, don't look in packets. */
1120 if (ctinfo != IP_CT_ESTABLISHED
1121 && ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) {
1124 DEBUGP("ip_ct_q931: skblen = %u\n", (*pskb)->len);
1126 spin_lock_bh(&ip_h323_lock);
1128 /* Process each TPKT */
1129 while (get_tpkt_data(pskb, ct, ctinfo, &data, &datalen, &dataoff)) {
1130 DEBUGP("ip_ct_q931: TPKT %u.%u.%u.%u->%u.%u.%u.%u, len=%d\n",
1131 NIPQUAD(ip_hdr(*pskb)->saddr),
1132 NIPQUAD(ip_hdr(*pskb)->daddr), datalen);
1134 /* Decode Q.931 signal */
1135 ret = DecodeQ931(data, datalen, &q931);
1137 if (net_ratelimit())
1138 printk("ip_ct_q931: decoding error: %s\n",
1139 ret == H323_ERROR_BOUND ?
1140 "out of bound" : "out of range");
1141 /* We don't drop when decoding error */
1145 /* Process Q.931 signal */
1146 if (process_q931(pskb, ct, ctinfo, &data, dataoff, &q931) < 0)
1150 spin_unlock_bh(&ip_h323_lock);
1154 spin_unlock_bh(&ip_h323_lock);
1155 if (net_ratelimit())
1156 printk("ip_ct_q931: packet dropped\n");
1160 /****************************************************************************/
1161 static struct ip_conntrack_helper ip_conntrack_helper_q931 = {
1164 .max_expected = H323_RTP_CHANNEL_MAX * 4 + 4 /* T.120 and H.245 */ ,
1166 .tuple = {.src = {.u = {.tcp = {.port = __constant_htons(Q931_PORT)}}},
1167 .dst = {.protonum = IPPROTO_TCP}},
1168 .mask = {.src = {.u = {0xFFFF}},
1169 .dst = {.protonum = 0xFF}},
1173 /****************************************************************************/
1174 void ip_conntrack_q931_expect(struct ip_conntrack *new,
1175 struct ip_conntrack_expect *this)
1177 write_lock_bh(&ip_conntrack_lock);
1178 new->helper = &ip_conntrack_helper_q931;
1179 write_unlock_bh(&ip_conntrack_lock);
1182 /****************************************************************************/
1183 static unsigned char *get_udp_data(struct sk_buff **pskb, int *datalen)
1185 struct udphdr _uh, *uh;
1188 uh = skb_header_pointer(*pskb, ip_hdrlen(*pskb), sizeof(_uh), &_uh);
1191 dataoff = ip_hdrlen(*pskb) + sizeof(_uh);
1192 if (dataoff >= (*pskb)->len)
1194 *datalen = (*pskb)->len - dataoff;
1195 return skb_header_pointer(*pskb, dataoff, *datalen, h323_buffer);
1198 /****************************************************************************/
1199 static struct ip_conntrack_expect *find_expect(struct ip_conntrack *ct,
1200 __be32 ip, u_int16_t port)
1202 struct ip_conntrack_expect *exp;
1203 struct ip_conntrack_tuple tuple;
1206 tuple.src.u.tcp.port = 0;
1208 tuple.dst.u.tcp.port = htons(port);
1209 tuple.dst.protonum = IPPROTO_TCP;
1211 exp = __ip_conntrack_expect_find(&tuple);
1212 if (exp && exp->master == ct)
1217 /****************************************************************************/
1218 static int set_expect_timeout(struct ip_conntrack_expect *exp,
1221 if (!exp || !del_timer(&exp->timeout))
1224 exp->timeout.expires = jiffies + timeout * HZ;
1225 add_timer(&exp->timeout);
1230 /****************************************************************************/
1231 static int expect_q931(struct sk_buff **pskb, struct ip_conntrack *ct,
1232 enum ip_conntrack_info ctinfo,
1233 unsigned char **data,
1234 TransportAddress * addr, int count)
1236 struct ip_ct_h323_master *info = &ct->help.ct_h323_info;
1237 int dir = CTINFO2DIR(ctinfo);
1242 struct ip_conntrack_expect *exp;
1243 typeof(nat_q931_hook) nat_q931;
1245 /* Look for the first related address */
1246 for (i = 0; i < count; i++) {
1247 if (get_h225_addr(*data, &addr[i], &ip, &port) &&
1248 ip == ct->tuplehash[dir].tuple.src.ip && port != 0)
1252 if (i >= count) /* Not found */
1255 /* Create expect for Q.931 */
1256 if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
1258 exp->tuple.src.ip = gkrouted_only ? /* only accept calls from GK? */
1259 ct->tuplehash[!dir].tuple.src.ip : 0;
1260 exp->tuple.src.u.tcp.port = 0;
1261 exp->tuple.dst.ip = ct->tuplehash[!dir].tuple.dst.ip;
1262 exp->tuple.dst.u.tcp.port = htons(port);
1263 exp->tuple.dst.protonum = IPPROTO_TCP;
1264 exp->mask.src.ip = gkrouted_only ? htonl(0xFFFFFFFF) : 0;
1265 exp->mask.src.u.tcp.port = 0;
1266 exp->mask.dst.ip = htonl(0xFFFFFFFF);
1267 exp->mask.dst.u.tcp.port = htons(0xFFFF);
1268 exp->mask.dst.protonum = 0xFF;
1269 exp->flags = IP_CT_EXPECT_PERMANENT; /* Accept multiple calls */
1271 nat_q931 = rcu_dereference(nat_q931_hook);
1272 if (nat_q931) { /* Need NAT */
1273 ret = nat_q931(pskb, ct, ctinfo, data, addr, i, port, exp);
1274 } else { /* Conntrack only */
1275 exp->expectfn = ip_conntrack_q931_expect;
1277 if (ip_conntrack_expect_related(exp) == 0) {
1278 DEBUGP("ip_ct_ras: expect Q.931 "
1279 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
1280 NIPQUAD(exp->tuple.src.ip),
1281 ntohs(exp->tuple.src.u.tcp.port),
1282 NIPQUAD(exp->tuple.dst.ip),
1283 ntohs(exp->tuple.dst.u.tcp.port));
1285 /* Save port for looking up expect in processing RCF */
1286 info->sig_port[dir] = port;
1291 ip_conntrack_expect_put(exp);
1296 /****************************************************************************/
1297 static int process_grq(struct sk_buff **pskb, struct ip_conntrack *ct,
1298 enum ip_conntrack_info ctinfo,
1299 unsigned char **data, GatekeeperRequest * grq)
1301 typeof(set_ras_addr_hook) set_ras_addr;
1303 DEBUGP("ip_ct_ras: GRQ\n");
1305 set_ras_addr = rcu_dereference(set_ras_addr_hook);
1306 if (set_ras_addr) /* NATed */
1307 return set_ras_addr(pskb, ct, ctinfo, data,
1308 &grq->rasAddress, 1);
1312 /* Declare before using */
1313 static void ip_conntrack_ras_expect(struct ip_conntrack *new,
1314 struct ip_conntrack_expect *this);
1316 /****************************************************************************/
1317 static int process_gcf(struct sk_buff **pskb, struct ip_conntrack *ct,
1318 enum ip_conntrack_info ctinfo,
1319 unsigned char **data, GatekeeperConfirm * gcf)
1321 int dir = CTINFO2DIR(ctinfo);
1325 struct ip_conntrack_expect *exp;
1327 DEBUGP("ip_ct_ras: GCF\n");
1329 if (!get_h225_addr(*data, &gcf->rasAddress, &ip, &port))
1332 /* Registration port is the same as discovery port */
1333 if (ip == ct->tuplehash[dir].tuple.src.ip &&
1334 port == ntohs(ct->tuplehash[dir].tuple.src.u.udp.port))
1337 /* Avoid RAS expectation loops. A GCF is never expected. */
1338 if (test_bit(IPS_EXPECTED_BIT, &ct->status))
1341 /* Need new expect */
1342 if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
1344 exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
1345 exp->tuple.src.u.tcp.port = 0;
1346 exp->tuple.dst.ip = ip;
1347 exp->tuple.dst.u.tcp.port = htons(port);
1348 exp->tuple.dst.protonum = IPPROTO_UDP;
1349 exp->mask.src.ip = htonl(0xFFFFFFFF);
1350 exp->mask.src.u.tcp.port = 0;
1351 exp->mask.dst.ip = htonl(0xFFFFFFFF);
1352 exp->mask.dst.u.tcp.port = htons(0xFFFF);
1353 exp->mask.dst.protonum = 0xFF;
1355 exp->expectfn = ip_conntrack_ras_expect;
1356 if (ip_conntrack_expect_related(exp) == 0) {
1357 DEBUGP("ip_ct_ras: expect RAS "
1358 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
1359 NIPQUAD(exp->tuple.src.ip),
1360 ntohs(exp->tuple.src.u.tcp.port),
1361 NIPQUAD(exp->tuple.dst.ip),
1362 ntohs(exp->tuple.dst.u.tcp.port));
1366 ip_conntrack_expect_put(exp);
1371 /****************************************************************************/
1372 static int process_rrq(struct sk_buff **pskb, struct ip_conntrack *ct,
1373 enum ip_conntrack_info ctinfo,
1374 unsigned char **data, RegistrationRequest * rrq)
1376 struct ip_ct_h323_master *info = &ct->help.ct_h323_info;
1378 typeof(set_ras_addr_hook) set_ras_addr;
1380 DEBUGP("ip_ct_ras: RRQ\n");
1382 ret = expect_q931(pskb, ct, ctinfo, data,
1383 rrq->callSignalAddress.item,
1384 rrq->callSignalAddress.count);
1388 set_ras_addr = rcu_dereference(set_ras_addr_hook);
1390 ret = set_ras_addr(pskb, ct, ctinfo, data,
1391 rrq->rasAddress.item,
1392 rrq->rasAddress.count);
1397 if (rrq->options & eRegistrationRequest_timeToLive) {
1398 DEBUGP("ip_ct_ras: RRQ TTL = %u seconds\n", rrq->timeToLive);
1399 info->timeout = rrq->timeToLive;
1401 info->timeout = default_rrq_ttl;
1406 /****************************************************************************/
1407 static int process_rcf(struct sk_buff **pskb, struct ip_conntrack *ct,
1408 enum ip_conntrack_info ctinfo,
1409 unsigned char **data, RegistrationConfirm * rcf)
1411 struct ip_ct_h323_master *info = &ct->help.ct_h323_info;
1412 int dir = CTINFO2DIR(ctinfo);
1414 struct ip_conntrack_expect *exp;
1415 typeof(set_sig_addr_hook) set_sig_addr;
1417 DEBUGP("ip_ct_ras: RCF\n");
1419 set_sig_addr = rcu_dereference(set_sig_addr_hook);
1421 ret = set_sig_addr(pskb, ct, ctinfo, data,
1422 rcf->callSignalAddress.item,
1423 rcf->callSignalAddress.count);
1428 if (rcf->options & eRegistrationConfirm_timeToLive) {
1429 DEBUGP("ip_ct_ras: RCF TTL = %u seconds\n", rcf->timeToLive);
1430 info->timeout = rcf->timeToLive;
1433 if (info->timeout > 0) {
1435 ("ip_ct_ras: set RAS connection timeout to %u seconds\n",
1437 ip_ct_refresh(ct, *pskb, info->timeout * HZ);
1439 /* Set expect timeout */
1440 read_lock_bh(&ip_conntrack_lock);
1441 exp = find_expect(ct, ct->tuplehash[dir].tuple.dst.ip,
1442 info->sig_port[!dir]);
1444 DEBUGP("ip_ct_ras: set Q.931 expect "
1445 "(%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu) "
1446 "timeout to %u seconds\n",
1447 NIPQUAD(exp->tuple.src.ip),
1448 ntohs(exp->tuple.src.u.tcp.port),
1449 NIPQUAD(exp->tuple.dst.ip),
1450 ntohs(exp->tuple.dst.u.tcp.port),
1452 set_expect_timeout(exp, info->timeout);
1454 read_unlock_bh(&ip_conntrack_lock);
1460 /****************************************************************************/
1461 static int process_urq(struct sk_buff **pskb, struct ip_conntrack *ct,
1462 enum ip_conntrack_info ctinfo,
1463 unsigned char **data, UnregistrationRequest * urq)
1465 struct ip_ct_h323_master *info = &ct->help.ct_h323_info;
1466 int dir = CTINFO2DIR(ctinfo);
1468 typeof(set_sig_addr_hook) set_sig_addr;
1470 DEBUGP("ip_ct_ras: URQ\n");
1472 set_sig_addr = rcu_dereference(set_sig_addr_hook);
1474 ret = set_sig_addr(pskb, ct, ctinfo, data,
1475 urq->callSignalAddress.item,
1476 urq->callSignalAddress.count);
1481 /* Clear old expect */
1482 ip_ct_remove_expectations(ct);
1483 info->sig_port[dir] = 0;
1484 info->sig_port[!dir] = 0;
1486 /* Give it 30 seconds for UCF or URJ */
1487 ip_ct_refresh(ct, *pskb, 30 * HZ);
1492 /****************************************************************************/
1493 static int process_arq(struct sk_buff **pskb, struct ip_conntrack *ct,
1494 enum ip_conntrack_info ctinfo,
1495 unsigned char **data, AdmissionRequest * arq)
1497 struct ip_ct_h323_master *info = &ct->help.ct_h323_info;
1498 int dir = CTINFO2DIR(ctinfo);
1501 typeof(set_h225_addr_hook) set_h225_addr;
1503 DEBUGP("ip_ct_ras: ARQ\n");
1505 set_h225_addr = rcu_dereference(set_h225_addr_hook);
1506 if ((arq->options & eAdmissionRequest_destCallSignalAddress) &&
1507 get_h225_addr(*data, &arq->destCallSignalAddress, &ip, &port) &&
1508 ip == ct->tuplehash[dir].tuple.src.ip &&
1509 port == info->sig_port[dir] && set_h225_addr) {
1511 return set_h225_addr(pskb, data, 0,
1512 &arq->destCallSignalAddress,
1513 ct->tuplehash[!dir].tuple.dst.ip,
1514 info->sig_port[!dir]);
1517 if ((arq->options & eAdmissionRequest_srcCallSignalAddress) &&
1518 get_h225_addr(*data, &arq->srcCallSignalAddress, &ip, &port) &&
1519 ip == ct->tuplehash[dir].tuple.src.ip && set_h225_addr) {
1521 return set_h225_addr(pskb, data, 0,
1522 &arq->srcCallSignalAddress,
1523 ct->tuplehash[!dir].tuple.dst.ip,
1530 /****************************************************************************/
1531 static int process_acf(struct sk_buff **pskb, struct ip_conntrack *ct,
1532 enum ip_conntrack_info ctinfo,
1533 unsigned char **data, AdmissionConfirm * acf)
1535 int dir = CTINFO2DIR(ctinfo);
1539 struct ip_conntrack_expect *exp;
1540 typeof(set_sig_addr_hook) set_sig_addr;
1542 DEBUGP("ip_ct_ras: ACF\n");
1544 if (!get_h225_addr(*data, &acf->destCallSignalAddress, &ip, &port))
1547 if (ip == ct->tuplehash[dir].tuple.dst.ip) { /* Answering ACF */
1548 set_sig_addr = rcu_dereference(set_sig_addr_hook);
1550 return set_sig_addr(pskb, ct, ctinfo, data,
1551 &acf->destCallSignalAddress, 1);
1555 /* Need new expect */
1556 if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
1558 exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
1559 exp->tuple.src.u.tcp.port = 0;
1560 exp->tuple.dst.ip = ip;
1561 exp->tuple.dst.u.tcp.port = htons(port);
1562 exp->tuple.dst.protonum = IPPROTO_TCP;
1563 exp->mask.src.ip = htonl(0xFFFFFFFF);
1564 exp->mask.src.u.tcp.port = 0;
1565 exp->mask.dst.ip = htonl(0xFFFFFFFF);
1566 exp->mask.dst.u.tcp.port = htons(0xFFFF);
1567 exp->mask.dst.protonum = 0xFF;
1568 exp->flags = IP_CT_EXPECT_PERMANENT;
1569 exp->expectfn = ip_conntrack_q931_expect;
1571 if (ip_conntrack_expect_related(exp) == 0) {
1572 DEBUGP("ip_ct_ras: expect Q.931 "
1573 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
1574 NIPQUAD(exp->tuple.src.ip),
1575 ntohs(exp->tuple.src.u.tcp.port),
1576 NIPQUAD(exp->tuple.dst.ip),
1577 ntohs(exp->tuple.dst.u.tcp.port));
1581 ip_conntrack_expect_put(exp);
1586 /****************************************************************************/
1587 static int process_lrq(struct sk_buff **pskb, struct ip_conntrack *ct,
1588 enum ip_conntrack_info ctinfo,
1589 unsigned char **data, LocationRequest * lrq)
1591 typeof(set_ras_addr_hook) set_ras_addr;
1593 DEBUGP("ip_ct_ras: LRQ\n");
1595 set_ras_addr = rcu_dereference(set_ras_addr_hook);
1597 return set_ras_addr(pskb, ct, ctinfo, data,
1598 &lrq->replyAddress, 1);
1602 /****************************************************************************/
1603 static int process_lcf(struct sk_buff **pskb, struct ip_conntrack *ct,
1604 enum ip_conntrack_info ctinfo,
1605 unsigned char **data, LocationConfirm * lcf)
1607 int dir = CTINFO2DIR(ctinfo);
1611 struct ip_conntrack_expect *exp = NULL;
1613 DEBUGP("ip_ct_ras: LCF\n");
1615 if (!get_h225_addr(*data, &lcf->callSignalAddress, &ip, &port))
1618 /* Need new expect for call signal */
1619 if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
1621 exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
1622 exp->tuple.src.u.tcp.port = 0;
1623 exp->tuple.dst.ip = ip;
1624 exp->tuple.dst.u.tcp.port = htons(port);
1625 exp->tuple.dst.protonum = IPPROTO_TCP;
1626 exp->mask.src.ip = htonl(0xFFFFFFFF);
1627 exp->mask.src.u.tcp.port = 0;
1628 exp->mask.dst.ip = htonl(0xFFFFFFFF);
1629 exp->mask.dst.u.tcp.port = htons(0xFFFF);
1630 exp->mask.dst.protonum = 0xFF;
1631 exp->flags = IP_CT_EXPECT_PERMANENT;
1632 exp->expectfn = ip_conntrack_q931_expect;
1634 if (ip_conntrack_expect_related(exp) == 0) {
1635 DEBUGP("ip_ct_ras: expect Q.931 "
1636 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
1637 NIPQUAD(exp->tuple.src.ip),
1638 ntohs(exp->tuple.src.u.tcp.port),
1639 NIPQUAD(exp->tuple.dst.ip),
1640 ntohs(exp->tuple.dst.u.tcp.port));
1644 ip_conntrack_expect_put(exp);
1646 /* Ignore rasAddress */
1651 /****************************************************************************/
1652 static int process_irr(struct sk_buff **pskb, struct ip_conntrack *ct,
1653 enum ip_conntrack_info ctinfo,
1654 unsigned char **data, InfoRequestResponse * irr)
1657 typeof(set_ras_addr_hook) set_ras_addr;
1658 typeof(set_sig_addr_hook) set_sig_addr;
1660 DEBUGP("ip_ct_ras: IRR\n");
1662 set_ras_addr = rcu_dereference(set_ras_addr_hook);
1664 ret = set_ras_addr(pskb, ct, ctinfo, data,
1665 &irr->rasAddress, 1);
1670 set_sig_addr = rcu_dereference(set_sig_addr_hook);
1672 ret = set_sig_addr(pskb, ct, ctinfo, data,
1673 irr->callSignalAddress.item,
1674 irr->callSignalAddress.count);
1682 /****************************************************************************/
1683 static int process_ras(struct sk_buff **pskb, struct ip_conntrack *ct,
1684 enum ip_conntrack_info ctinfo,
1685 unsigned char **data, RasMessage * ras)
1687 switch (ras->choice) {
1688 case eRasMessage_gatekeeperRequest:
1689 return process_grq(pskb, ct, ctinfo, data,
1690 &ras->gatekeeperRequest);
1691 case eRasMessage_gatekeeperConfirm:
1692 return process_gcf(pskb, ct, ctinfo, data,
1693 &ras->gatekeeperConfirm);
1694 case eRasMessage_registrationRequest:
1695 return process_rrq(pskb, ct, ctinfo, data,
1696 &ras->registrationRequest);
1697 case eRasMessage_registrationConfirm:
1698 return process_rcf(pskb, ct, ctinfo, data,
1699 &ras->registrationConfirm);
1700 case eRasMessage_unregistrationRequest:
1701 return process_urq(pskb, ct, ctinfo, data,
1702 &ras->unregistrationRequest);
1703 case eRasMessage_admissionRequest:
1704 return process_arq(pskb, ct, ctinfo, data,
1705 &ras->admissionRequest);
1706 case eRasMessage_admissionConfirm:
1707 return process_acf(pskb, ct, ctinfo, data,
1708 &ras->admissionConfirm);
1709 case eRasMessage_locationRequest:
1710 return process_lrq(pskb, ct, ctinfo, data,
1711 &ras->locationRequest);
1712 case eRasMessage_locationConfirm:
1713 return process_lcf(pskb, ct, ctinfo, data,
1714 &ras->locationConfirm);
1715 case eRasMessage_infoRequestResponse:
1716 return process_irr(pskb, ct, ctinfo, data,
1717 &ras->infoRequestResponse);
1719 DEBUGP("ip_ct_ras: RAS message %d\n", ras->choice);
1726 /****************************************************************************/
1727 static int ras_help(struct sk_buff **pskb, struct ip_conntrack *ct,
1728 enum ip_conntrack_info ctinfo)
1730 static RasMessage ras;
1731 unsigned char *data;
1735 DEBUGP("ip_ct_ras: skblen = %u\n", (*pskb)->len);
1737 spin_lock_bh(&ip_h323_lock);
1740 data = get_udp_data(pskb, &datalen);
1743 DEBUGP("ip_ct_ras: RAS message %u.%u.%u.%u->%u.%u.%u.%u, len=%d\n",
1744 NIPQUAD(ip_hdr(*pskb)->saddr),
1745 NIPQUAD(ip_hdr(*pskb)->daddr), datalen);
1747 /* Decode RAS message */
1748 ret = DecodeRasMessage(data, datalen, &ras);
1750 if (net_ratelimit())
1751 printk("ip_ct_ras: decoding error: %s\n",
1752 ret == H323_ERROR_BOUND ?
1753 "out of bound" : "out of range");
1757 /* Process RAS message */
1758 if (process_ras(pskb, ct, ctinfo, &data, &ras) < 0)
1762 spin_unlock_bh(&ip_h323_lock);
1766 spin_unlock_bh(&ip_h323_lock);
1767 if (net_ratelimit())
1768 printk("ip_ct_ras: packet dropped\n");
1772 /****************************************************************************/
1773 static struct ip_conntrack_helper ip_conntrack_helper_ras = {
1778 .tuple = {.src = {.u = {.tcp = {.port = __constant_htons(RAS_PORT)}}},
1779 .dst = {.protonum = IPPROTO_UDP}},
1780 .mask = {.src = {.u = {0xFFFE}},
1781 .dst = {.protonum = 0xFF}},
1785 /****************************************************************************/
1786 static void ip_conntrack_ras_expect(struct ip_conntrack *new,
1787 struct ip_conntrack_expect *this)
1789 write_lock_bh(&ip_conntrack_lock);
1790 new->helper = &ip_conntrack_helper_ras;
1791 write_unlock_bh(&ip_conntrack_lock);
1794 /****************************************************************************/
1795 /* Not __exit - called from init() */
1796 static void fini(void)
1798 ip_conntrack_helper_unregister(&ip_conntrack_helper_ras);
1799 ip_conntrack_helper_unregister(&ip_conntrack_helper_q931);
1801 DEBUGP("ip_ct_h323: fini\n");
1804 /****************************************************************************/
1805 static int __init init(void)
1809 h323_buffer = kmalloc(65536, GFP_KERNEL);
1812 if ((ret = ip_conntrack_helper_register(&ip_conntrack_helper_q931)) ||
1813 (ret = ip_conntrack_helper_register(&ip_conntrack_helper_ras))) {
1817 DEBUGP("ip_ct_h323: init success\n");
1821 /****************************************************************************/
1825 EXPORT_SYMBOL_GPL(get_h225_addr);
1826 EXPORT_SYMBOL_GPL(ip_conntrack_h245_expect);
1827 EXPORT_SYMBOL_GPL(ip_conntrack_q931_expect);
1828 EXPORT_SYMBOL_GPL(set_h245_addr_hook);
1829 EXPORT_SYMBOL_GPL(set_h225_addr_hook);
1830 EXPORT_SYMBOL_GPL(set_sig_addr_hook);
1831 EXPORT_SYMBOL_GPL(set_ras_addr_hook);
1832 EXPORT_SYMBOL_GPL(nat_rtp_rtcp_hook);
1833 EXPORT_SYMBOL_GPL(nat_t120_hook);
1834 EXPORT_SYMBOL_GPL(nat_h245_hook);
1835 EXPORT_SYMBOL_GPL(nat_callforwarding_hook);
1836 EXPORT_SYMBOL_GPL(nat_q931_hook);
1838 MODULE_AUTHOR("Jing Min Zhao <zhaojingmin@users.sourceforge.net>");
1839 MODULE_DESCRIPTION("H.323 connection tracking helper");
1840 MODULE_LICENSE("GPL");
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob