2 * H.323 connection tracking helper
4 * Copyright (c) 2006 Jing Min Zhao <zhaojingmin@users.sourceforge.net>
6 * This source code is licensed under General Public License version 2.
8 * Based on the 'brute force' H.323 connection tracking module by
9 * Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
11 * For more information, please see http://nath323.sourceforge.net/
14 #include <linux/module.h>
15 #include <linux/netfilter.h>
18 #include <linux/netfilter_ipv4/ip_conntrack.h>
19 #include <linux/netfilter_ipv4/ip_conntrack_core.h>
20 #include <linux/netfilter_ipv4/ip_conntrack_helper.h>
21 #include <linux/netfilter_ipv4/ip_conntrack_tuple.h>
22 #include <linux/netfilter_ipv4/ip_conntrack_h323.h>
23 #include <linux/moduleparam.h>
24 #include <linux/ctype.h>
25 #include <linux/inet.h>
30 #define DEBUGP(format, args...)
34 static unsigned int default_rrq_ttl
= 300;
35 module_param(default_rrq_ttl
, uint
, 0600);
36 MODULE_PARM_DESC(default_rrq_ttl
, "use this TTL if it's missing in RRQ");
38 static int gkrouted_only
= 1;
39 module_param(gkrouted_only
, int, 0600);
40 MODULE_PARM_DESC(gkrouted_only
, "only accept calls from gatekeeper");
42 static int callforward_filter
= 1;
43 module_param(callforward_filter
, bool, 0600);
44 MODULE_PARM_DESC(callforward_filter
, "only create call forwarding expectations "
45 "if both endpoints are on different sides "
46 "(determined by routing information)");
49 int (*set_h245_addr_hook
) (struct sk_buff
** pskb
,
50 unsigned char **data
, int dataoff
,
51 H245_TransportAddress
* addr
,
52 u_int32_t ip
, u_int16_t port
);
53 int (*set_h225_addr_hook
) (struct sk_buff
** pskb
,
54 unsigned char **data
, int dataoff
,
55 TransportAddress
* addr
,
56 u_int32_t ip
, u_int16_t port
);
57 int (*set_sig_addr_hook
) (struct sk_buff
** pskb
,
58 struct ip_conntrack
* ct
,
59 enum ip_conntrack_info ctinfo
,
61 TransportAddress
* addr
, int count
);
62 int (*set_ras_addr_hook
) (struct sk_buff
** pskb
,
63 struct ip_conntrack
* ct
,
64 enum ip_conntrack_info ctinfo
,
66 TransportAddress
* addr
, int count
);
67 int (*nat_rtp_rtcp_hook
) (struct sk_buff
** pskb
,
68 struct ip_conntrack
* ct
,
69 enum ip_conntrack_info ctinfo
,
70 unsigned char **data
, int dataoff
,
71 H245_TransportAddress
* addr
,
72 u_int16_t port
, u_int16_t rtp_port
,
73 struct ip_conntrack_expect
* rtp_exp
,
74 struct ip_conntrack_expect
* rtcp_exp
);
75 int (*nat_t120_hook
) (struct sk_buff
** pskb
,
76 struct ip_conntrack
* ct
,
77 enum ip_conntrack_info ctinfo
,
78 unsigned char **data
, int dataoff
,
79 H245_TransportAddress
* addr
, u_int16_t port
,
80 struct ip_conntrack_expect
* exp
);
81 int (*nat_h245_hook
) (struct sk_buff
** pskb
,
82 struct ip_conntrack
* ct
,
83 enum ip_conntrack_info ctinfo
,
84 unsigned char **data
, int dataoff
,
85 TransportAddress
* addr
, u_int16_t port
,
86 struct ip_conntrack_expect
* exp
);
87 int (*nat_callforwarding_hook
) (struct sk_buff
** pskb
,
88 struct ip_conntrack
* ct
,
89 enum ip_conntrack_info ctinfo
,
90 unsigned char **data
, int dataoff
,
91 TransportAddress
* addr
, u_int16_t port
,
92 struct ip_conntrack_expect
* exp
);
93 int (*nat_q931_hook
) (struct sk_buff
** pskb
,
94 struct ip_conntrack
* ct
,
95 enum ip_conntrack_info ctinfo
,
96 unsigned char **data
, TransportAddress
* addr
, int idx
,
97 u_int16_t port
, struct ip_conntrack_expect
* exp
);
100 static DEFINE_SPINLOCK(ip_h323_lock
);
101 static char *h323_buffer
;
103 /****************************************************************************/
104 static int get_tpkt_data(struct sk_buff
**pskb
, struct ip_conntrack
*ct
,
105 enum ip_conntrack_info ctinfo
,
106 unsigned char **data
, int *datalen
, int *dataoff
)
108 struct ip_ct_h323_master
*info
= &ct
->help
.ct_h323_info
;
109 int dir
= CTINFO2DIR(ctinfo
);
110 struct tcphdr _tcph
, *th
;
118 th
= skb_header_pointer(*pskb
, (*pskb
)->nh
.iph
->ihl
* 4,
119 sizeof(_tcph
), &_tcph
);
123 /* Get TCP data offset */
124 tcpdataoff
= (*pskb
)->nh
.iph
->ihl
* 4 + th
->doff
* 4;
126 /* Get TCP data length */
127 tcpdatalen
= (*pskb
)->len
- tcpdataoff
;
128 if (tcpdatalen
<= 0) /* No TCP data */
131 if (*data
== NULL
) { /* first TPKT */
132 /* Get first TPKT pointer */
133 tpkt
= skb_header_pointer(*pskb
, tcpdataoff
, tcpdatalen
,
135 BUG_ON(tpkt
== NULL
);
137 /* Validate TPKT identifier */
138 if (tcpdatalen
< 4 || tpkt
[0] != 0x03 || tpkt
[1] != 0) {
139 /* Netmeeting sends TPKT header and data separately */
140 if (info
->tpkt_len
[dir
] > 0) {
141 DEBUGP("ip_ct_h323: previous packet "
142 "indicated separate TPKT data of %hu "
143 "bytes\n", info
->tpkt_len
[dir
]);
144 if (info
->tpkt_len
[dir
] <= tcpdatalen
) {
145 /* Yes, there was a TPKT header
148 *datalen
= info
->tpkt_len
[dir
];
153 /* Fragmented TPKT */
155 printk("ip_ct_h323: "
156 "fragmented TPKT\n");
160 /* It is not even a TPKT */
164 } else { /* Next TPKT */
165 tpktoff
= *dataoff
+ *datalen
;
166 tcpdatalen
-= tpktoff
;
167 if (tcpdatalen
<= 4) /* No more TPKT */
169 tpkt
= *data
+ *datalen
;
171 /* Validate TPKT identifier */
172 if (tpkt
[0] != 0x03 || tpkt
[1] != 0)
176 /* Validate TPKT length */
177 tpktlen
= tpkt
[2] * 256 + tpkt
[3];
180 if (tpktlen
> tcpdatalen
) {
181 if (tcpdatalen
== 4) { /* Separate TPKT header */
182 /* Netmeeting sends TPKT header and data separately */
183 DEBUGP("ip_ct_h323: separate TPKT header indicates "
184 "there will be TPKT data of %hu bytes\n",
186 info
->tpkt_len
[dir
] = tpktlen
- 4;
191 printk("ip_ct_h323: incomplete TPKT (fragmented?)\n");
195 /* This is the encapsulated data */
197 *datalen
= tpktlen
- 4;
198 *dataoff
= tpktoff
+ 4;
201 /* Clear TPKT length */
202 info
->tpkt_len
[dir
] = 0;
206 info
->tpkt_len
[dir
] = 0;
210 /****************************************************************************/
211 static int get_h245_addr(unsigned char *data
, H245_TransportAddress
* addr
,
212 u_int32_t
* ip
, u_int16_t
* port
)
216 if (addr
->choice
!= eH245_TransportAddress_unicastAddress
||
217 addr
->unicastAddress
.choice
!= eUnicastAddress_iPAddress
)
220 p
= data
+ addr
->unicastAddress
.iPAddress
.network
;
221 *ip
= htonl((p
[0] << 24) | (p
[1] << 16) | (p
[2] << 8) | (p
[3]));
222 *port
= (p
[4] << 8) | (p
[5]);
227 /****************************************************************************/
228 static int expect_rtp_rtcp(struct sk_buff
**pskb
, struct ip_conntrack
*ct
,
229 enum ip_conntrack_info ctinfo
,
230 unsigned char **data
, int dataoff
,
231 H245_TransportAddress
* addr
)
233 int dir
= CTINFO2DIR(ctinfo
);
238 struct ip_conntrack_expect
*rtp_exp
;
239 struct ip_conntrack_expect
*rtcp_exp
;
241 /* Read RTP or RTCP address */
242 if (!get_h245_addr(*data
, addr
, &ip
, &port
) ||
243 ip
!= ct
->tuplehash
[dir
].tuple
.src
.ip
|| port
== 0)
246 /* RTP port is even */
247 rtp_port
= port
& (~1);
249 /* Create expect for RTP */
250 if ((rtp_exp
= ip_conntrack_expect_alloc(ct
)) == NULL
)
252 rtp_exp
->tuple
.src
.ip
= ct
->tuplehash
[!dir
].tuple
.src
.ip
;
253 rtp_exp
->tuple
.src
.u
.udp
.port
= 0;
254 rtp_exp
->tuple
.dst
.ip
= ct
->tuplehash
[!dir
].tuple
.dst
.ip
;
255 rtp_exp
->tuple
.dst
.u
.udp
.port
= htons(rtp_port
);
256 rtp_exp
->tuple
.dst
.protonum
= IPPROTO_UDP
;
257 rtp_exp
->mask
.src
.ip
= 0xFFFFFFFF;
258 rtp_exp
->mask
.src
.u
.udp
.port
= 0;
259 rtp_exp
->mask
.dst
.ip
= 0xFFFFFFFF;
260 rtp_exp
->mask
.dst
.u
.udp
.port
= 0xFFFF;
261 rtp_exp
->mask
.dst
.protonum
= 0xFF;
264 /* Create expect for RTCP */
265 if ((rtcp_exp
= ip_conntrack_expect_alloc(ct
)) == NULL
) {
266 ip_conntrack_expect_put(rtp_exp
);
269 rtcp_exp
->tuple
.src
.ip
= ct
->tuplehash
[!dir
].tuple
.src
.ip
;
270 rtcp_exp
->tuple
.src
.u
.udp
.port
= 0;
271 rtcp_exp
->tuple
.dst
.ip
= ct
->tuplehash
[!dir
].tuple
.dst
.ip
;
272 rtcp_exp
->tuple
.dst
.u
.udp
.port
= htons(rtp_port
+ 1);
273 rtcp_exp
->tuple
.dst
.protonum
= IPPROTO_UDP
;
274 rtcp_exp
->mask
.src
.ip
= 0xFFFFFFFF;
275 rtcp_exp
->mask
.src
.u
.udp
.port
= 0;
276 rtcp_exp
->mask
.dst
.ip
= 0xFFFFFFFF;
277 rtcp_exp
->mask
.dst
.u
.udp
.port
= 0xFFFF;
278 rtcp_exp
->mask
.dst
.protonum
= 0xFF;
281 if (ct
->tuplehash
[dir
].tuple
.src
.ip
!=
282 ct
->tuplehash
[!dir
].tuple
.dst
.ip
&& nat_rtp_rtcp_hook
) {
284 ret
= nat_rtp_rtcp_hook(pskb
, ct
, ctinfo
, data
, dataoff
,
285 addr
, port
, rtp_port
, rtp_exp
,
287 } else { /* Conntrack only */
288 rtp_exp
->expectfn
= NULL
;
289 rtcp_exp
->expectfn
= NULL
;
291 if (ip_conntrack_expect_related(rtp_exp
) == 0) {
292 if (ip_conntrack_expect_related(rtcp_exp
) == 0) {
293 DEBUGP("ip_ct_h323: expect RTP "
294 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
295 NIPQUAD(rtp_exp
->tuple
.src
.ip
),
296 ntohs(rtp_exp
->tuple
.src
.u
.udp
.port
),
297 NIPQUAD(rtp_exp
->tuple
.dst
.ip
),
298 ntohs(rtp_exp
->tuple
.dst
.u
.udp
.port
));
299 DEBUGP("ip_ct_h323: expect RTCP "
300 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
301 NIPQUAD(rtcp_exp
->tuple
.src
.ip
),
302 ntohs(rtcp_exp
->tuple
.src
.u
.udp
.port
),
303 NIPQUAD(rtcp_exp
->tuple
.dst
.ip
),
304 ntohs(rtcp_exp
->tuple
.dst
.u
.udp
.port
));
306 ip_conntrack_unexpect_related(rtp_exp
);
313 ip_conntrack_expect_put(rtp_exp
);
314 ip_conntrack_expect_put(rtcp_exp
);
319 /****************************************************************************/
320 static int expect_t120(struct sk_buff
**pskb
,
321 struct ip_conntrack
*ct
,
322 enum ip_conntrack_info ctinfo
,
323 unsigned char **data
, int dataoff
,
324 H245_TransportAddress
* addr
)
326 int dir
= CTINFO2DIR(ctinfo
);
330 struct ip_conntrack_expect
*exp
= NULL
;
332 /* Read T.120 address */
333 if (!get_h245_addr(*data
, addr
, &ip
, &port
) ||
334 ip
!= ct
->tuplehash
[dir
].tuple
.src
.ip
|| port
== 0)
337 /* Create expect for T.120 connections */
338 if ((exp
= ip_conntrack_expect_alloc(ct
)) == NULL
)
340 exp
->tuple
.src
.ip
= ct
->tuplehash
[!dir
].tuple
.src
.ip
;
341 exp
->tuple
.src
.u
.tcp
.port
= 0;
342 exp
->tuple
.dst
.ip
= ct
->tuplehash
[!dir
].tuple
.dst
.ip
;
343 exp
->tuple
.dst
.u
.tcp
.port
= htons(port
);
344 exp
->tuple
.dst
.protonum
= IPPROTO_TCP
;
345 exp
->mask
.src
.ip
= 0xFFFFFFFF;
346 exp
->mask
.src
.u
.tcp
.port
= 0;
347 exp
->mask
.dst
.ip
= 0xFFFFFFFF;
348 exp
->mask
.dst
.u
.tcp
.port
= 0xFFFF;
349 exp
->mask
.dst
.protonum
= 0xFF;
350 exp
->flags
= IP_CT_EXPECT_PERMANENT
; /* Accept multiple channels */
352 if (ct
->tuplehash
[dir
].tuple
.src
.ip
!=
353 ct
->tuplehash
[!dir
].tuple
.dst
.ip
&& nat_t120_hook
) {
355 ret
= nat_t120_hook(pskb
, ct
, ctinfo
, data
, dataoff
, addr
,
357 } else { /* Conntrack only */
358 exp
->expectfn
= NULL
;
359 if (ip_conntrack_expect_related(exp
) == 0) {
360 DEBUGP("ip_ct_h323: expect T.120 "
361 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
362 NIPQUAD(exp
->tuple
.src
.ip
),
363 ntohs(exp
->tuple
.src
.u
.tcp
.port
),
364 NIPQUAD(exp
->tuple
.dst
.ip
),
365 ntohs(exp
->tuple
.dst
.u
.tcp
.port
));
370 ip_conntrack_expect_put(exp
);
375 /****************************************************************************/
376 static int process_h245_channel(struct sk_buff
**pskb
,
377 struct ip_conntrack
*ct
,
378 enum ip_conntrack_info ctinfo
,
379 unsigned char **data
, int dataoff
,
380 H2250LogicalChannelParameters
* channel
)
384 if (channel
->options
& eH2250LogicalChannelParameters_mediaChannel
) {
386 ret
= expect_rtp_rtcp(pskb
, ct
, ctinfo
, data
, dataoff
,
387 &channel
->mediaChannel
);
393 options
& eH2250LogicalChannelParameters_mediaControlChannel
) {
395 ret
= expect_rtp_rtcp(pskb
, ct
, ctinfo
, data
, dataoff
,
396 &channel
->mediaControlChannel
);
404 /****************************************************************************/
405 static int process_olc(struct sk_buff
**pskb
, struct ip_conntrack
*ct
,
406 enum ip_conntrack_info ctinfo
,
407 unsigned char **data
, int dataoff
,
408 OpenLogicalChannel
* olc
)
412 DEBUGP("ip_ct_h323: OpenLogicalChannel\n");
414 if (olc
->forwardLogicalChannelParameters
.multiplexParameters
.choice
==
415 eOpenLogicalChannel_forwardLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters
)
417 ret
= process_h245_channel(pskb
, ct
, ctinfo
, data
, dataoff
,
419 forwardLogicalChannelParameters
.
421 h2250LogicalChannelParameters
);
427 eOpenLogicalChannel_reverseLogicalChannelParameters
) &&
428 (olc
->reverseLogicalChannelParameters
.options
&
429 eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters
)
430 && (olc
->reverseLogicalChannelParameters
.multiplexParameters
.
432 eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters
))
435 process_h245_channel(pskb
, ct
, ctinfo
, data
, dataoff
,
437 reverseLogicalChannelParameters
.
439 h2250LogicalChannelParameters
);
444 if ((olc
->options
& eOpenLogicalChannel_separateStack
) &&
445 olc
->forwardLogicalChannelParameters
.dataType
.choice
==
447 olc
->forwardLogicalChannelParameters
.dataType
.data
.application
.
448 choice
== eDataApplicationCapability_application_t120
&&
449 olc
->forwardLogicalChannelParameters
.dataType
.data
.application
.
450 t120
.choice
== eDataProtocolCapability_separateLANStack
&&
451 olc
->separateStack
.networkAddress
.choice
==
452 eNetworkAccessParameters_networkAddress_localAreaAddress
) {
453 ret
= expect_t120(pskb
, ct
, ctinfo
, data
, dataoff
,
454 &olc
->separateStack
.networkAddress
.
463 /****************************************************************************/
464 static int process_olca(struct sk_buff
**pskb
, struct ip_conntrack
*ct
,
465 enum ip_conntrack_info ctinfo
,
466 unsigned char **data
, int dataoff
,
467 OpenLogicalChannelAck
* olca
)
469 H2250LogicalChannelAckParameters
*ack
;
472 DEBUGP("ip_ct_h323: OpenLogicalChannelAck\n");
475 eOpenLogicalChannelAck_reverseLogicalChannelParameters
) &&
476 (olca
->reverseLogicalChannelParameters
.options
&
477 eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters
)
478 && (olca
->reverseLogicalChannelParameters
.multiplexParameters
.
480 eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters
))
482 ret
= process_h245_channel(pskb
, ct
, ctinfo
, data
, dataoff
,
484 reverseLogicalChannelParameters
.
486 h2250LogicalChannelParameters
);
492 eOpenLogicalChannelAck_forwardMultiplexAckParameters
) &&
493 (olca
->forwardMultiplexAckParameters
.choice
==
494 eOpenLogicalChannelAck_forwardMultiplexAckParameters_h2250LogicalChannelAckParameters
))
496 ack
= &olca
->forwardMultiplexAckParameters
.
497 h2250LogicalChannelAckParameters
;
499 eH2250LogicalChannelAckParameters_mediaChannel
) {
501 ret
= expect_rtp_rtcp(pskb
, ct
, ctinfo
, data
, dataoff
,
508 eH2250LogicalChannelAckParameters_mediaControlChannel
) {
510 ret
= expect_rtp_rtcp(pskb
, ct
, ctinfo
, data
, dataoff
,
511 &ack
->mediaControlChannel
);
520 /****************************************************************************/
521 static int process_h245(struct sk_buff
**pskb
, struct ip_conntrack
*ct
,
522 enum ip_conntrack_info ctinfo
,
523 unsigned char **data
, int dataoff
,
524 MultimediaSystemControlMessage
* mscm
)
526 switch (mscm
->choice
) {
527 case eMultimediaSystemControlMessage_request
:
528 if (mscm
->request
.choice
==
529 eRequestMessage_openLogicalChannel
) {
530 return process_olc(pskb
, ct
, ctinfo
, data
, dataoff
,
531 &mscm
->request
.openLogicalChannel
);
533 DEBUGP("ip_ct_h323: H.245 Request %d\n",
534 mscm
->request
.choice
);
536 case eMultimediaSystemControlMessage_response
:
537 if (mscm
->response
.choice
==
538 eResponseMessage_openLogicalChannelAck
) {
539 return process_olca(pskb
, ct
, ctinfo
, data
, dataoff
,
541 openLogicalChannelAck
);
543 DEBUGP("ip_ct_h323: H.245 Response %d\n",
544 mscm
->response
.choice
);
547 DEBUGP("ip_ct_h323: H.245 signal %d\n", mscm
->choice
);
554 /****************************************************************************/
555 static int h245_help(struct sk_buff
**pskb
, struct ip_conntrack
*ct
,
556 enum ip_conntrack_info ctinfo
)
558 static MultimediaSystemControlMessage mscm
;
559 unsigned char *data
= NULL
;
564 /* Until there's been traffic both ways, don't look in packets. */
565 if (ctinfo
!= IP_CT_ESTABLISHED
566 && ctinfo
!= IP_CT_ESTABLISHED
+ IP_CT_IS_REPLY
) {
569 DEBUGP("ip_ct_h245: skblen = %u\n", (*pskb
)->len
);
571 spin_lock_bh(&ip_h323_lock
);
573 /* Process each TPKT */
574 while (get_tpkt_data(pskb
, ct
, ctinfo
, &data
, &datalen
, &dataoff
)) {
575 DEBUGP("ip_ct_h245: TPKT %u.%u.%u.%u->%u.%u.%u.%u, len=%d\n",
576 NIPQUAD((*pskb
)->nh
.iph
->saddr
),
577 NIPQUAD((*pskb
)->nh
.iph
->daddr
), datalen
);
579 /* Decode H.245 signal */
580 ret
= DecodeMultimediaSystemControlMessage(data
, datalen
,
584 printk("ip_ct_h245: decoding error: %s\n",
585 ret
== H323_ERROR_BOUND
?
586 "out of bound" : "out of range");
587 /* We don't drop when decoding error */
591 /* Process H.245 signal */
592 if (process_h245(pskb
, ct
, ctinfo
, &data
, dataoff
, &mscm
) < 0)
596 spin_unlock_bh(&ip_h323_lock
);
600 spin_unlock_bh(&ip_h323_lock
);
602 printk("ip_ct_h245: packet dropped\n");
606 /****************************************************************************/
607 static struct ip_conntrack_helper ip_conntrack_helper_h245
= {
610 .max_expected
= H323_RTP_CHANNEL_MAX
* 4 + 2 /* T.120 */ ,
612 .tuple
= {.dst
= {.protonum
= IPPROTO_TCP
}},
613 .mask
= {.src
= {.u
= {0xFFFF}},
614 .dst
= {.protonum
= 0xFF}},
618 /****************************************************************************/
619 void ip_conntrack_h245_expect(struct ip_conntrack
*new,
620 struct ip_conntrack_expect
*this)
622 write_lock_bh(&ip_conntrack_lock
);
623 new->helper
= &ip_conntrack_helper_h245
;
624 write_unlock_bh(&ip_conntrack_lock
);
627 /****************************************************************************/
628 int get_h225_addr(unsigned char *data
, TransportAddress
* addr
,
629 u_int32_t
* ip
, u_int16_t
* port
)
633 if (addr
->choice
!= eTransportAddress_ipAddress
)
636 p
= data
+ addr
->ipAddress
.ip
;
637 *ip
= htonl((p
[0] << 24) | (p
[1] << 16) | (p
[2] << 8) | (p
[3]));
638 *port
= (p
[4] << 8) | (p
[5]);
643 /****************************************************************************/
644 static int expect_h245(struct sk_buff
**pskb
, struct ip_conntrack
*ct
,
645 enum ip_conntrack_info ctinfo
,
646 unsigned char **data
, int dataoff
,
647 TransportAddress
* addr
)
649 int dir
= CTINFO2DIR(ctinfo
);
653 struct ip_conntrack_expect
*exp
= NULL
;
655 /* Read h245Address */
656 if (!get_h225_addr(*data
, addr
, &ip
, &port
) ||
657 ip
!= ct
->tuplehash
[dir
].tuple
.src
.ip
|| port
== 0)
660 /* Create expect for h245 connection */
661 if ((exp
= ip_conntrack_expect_alloc(ct
)) == NULL
)
663 exp
->tuple
.src
.ip
= ct
->tuplehash
[!dir
].tuple
.src
.ip
;
664 exp
->tuple
.src
.u
.tcp
.port
= 0;
665 exp
->tuple
.dst
.ip
= ct
->tuplehash
[!dir
].tuple
.dst
.ip
;
666 exp
->tuple
.dst
.u
.tcp
.port
= htons(port
);
667 exp
->tuple
.dst
.protonum
= IPPROTO_TCP
;
668 exp
->mask
.src
.ip
= 0xFFFFFFFF;
669 exp
->mask
.src
.u
.tcp
.port
= 0;
670 exp
->mask
.dst
.ip
= 0xFFFFFFFF;
671 exp
->mask
.dst
.u
.tcp
.port
= 0xFFFF;
672 exp
->mask
.dst
.protonum
= 0xFF;
675 if (ct
->tuplehash
[dir
].tuple
.src
.ip
!=
676 ct
->tuplehash
[!dir
].tuple
.dst
.ip
&& nat_h245_hook
) {
678 ret
= nat_h245_hook(pskb
, ct
, ctinfo
, data
, dataoff
, addr
,
680 } else { /* Conntrack only */
681 exp
->expectfn
= ip_conntrack_h245_expect
;
683 if (ip_conntrack_expect_related(exp
) == 0) {
684 DEBUGP("ip_ct_q931: expect H.245 "
685 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
686 NIPQUAD(exp
->tuple
.src
.ip
),
687 ntohs(exp
->tuple
.src
.u
.tcp
.port
),
688 NIPQUAD(exp
->tuple
.dst
.ip
),
689 ntohs(exp
->tuple
.dst
.u
.tcp
.port
));
694 ip_conntrack_expect_put(exp
);
699 /* Forwarding declaration */
700 void ip_conntrack_q931_expect(struct ip_conntrack
*new,
701 struct ip_conntrack_expect
*this);
703 /****************************************************************************/
704 static int expect_callforwarding(struct sk_buff
**pskb
,
705 struct ip_conntrack
*ct
,
706 enum ip_conntrack_info ctinfo
,
707 unsigned char **data
, int dataoff
,
708 TransportAddress
* addr
)
710 int dir
= CTINFO2DIR(ctinfo
);
714 struct ip_conntrack_expect
*exp
= NULL
;
716 /* Read alternativeAddress */
717 if (!get_h225_addr(*data
, addr
, &ip
, &port
) || port
== 0)
720 /* If the calling party is on the same side of the forward-to party,
721 * we don't need to track the second call */
722 if (callforward_filter
) {
723 struct rtable
*rt1
, *rt2
;
728 .fl4_dst
= ct
->tuplehash
[!dir
].tuple
.src
.ip
,
731 if (ip_route_output_key(&rt1
, &fl1
) == 0) {
732 if (ip_route_output_key(&rt2
, &fl2
) == 0) {
733 if (rt1
->rt_gateway
== rt2
->rt_gateway
&&
734 rt1
->u
.dst
.dev
== rt2
->u
.dst
.dev
)
736 dst_release(&rt2
->u
.dst
);
738 dst_release(&rt1
->u
.dst
);
741 DEBUGP("ip_ct_q931: Call Forwarding not tracked\n");
746 /* Create expect for the second call leg */
747 if ((exp
= ip_conntrack_expect_alloc(ct
)) == NULL
)
749 exp
->tuple
.src
.ip
= ct
->tuplehash
[!dir
].tuple
.src
.ip
;
750 exp
->tuple
.src
.u
.tcp
.port
= 0;
751 exp
->tuple
.dst
.ip
= ip
;
752 exp
->tuple
.dst
.u
.tcp
.port
= htons(port
);
753 exp
->tuple
.dst
.protonum
= IPPROTO_TCP
;
754 exp
->mask
.src
.ip
= 0xFFFFFFFF;
755 exp
->mask
.src
.u
.tcp
.port
= 0;
756 exp
->mask
.dst
.ip
= 0xFFFFFFFF;
757 exp
->mask
.dst
.u
.tcp
.port
= 0xFFFF;
758 exp
->mask
.dst
.protonum
= 0xFF;
761 if (ct
->tuplehash
[dir
].tuple
.src
.ip
!=
762 ct
->tuplehash
[!dir
].tuple
.dst
.ip
&& nat_callforwarding_hook
) {
764 ret
= nat_callforwarding_hook(pskb
, ct
, ctinfo
, data
, dataoff
,
766 } else { /* Conntrack only */
767 exp
->expectfn
= ip_conntrack_q931_expect
;
769 if (ip_conntrack_expect_related(exp
) == 0) {
770 DEBUGP("ip_ct_q931: expect Call Forwarding "
771 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
772 NIPQUAD(exp
->tuple
.src
.ip
),
773 ntohs(exp
->tuple
.src
.u
.tcp
.port
),
774 NIPQUAD(exp
->tuple
.dst
.ip
),
775 ntohs(exp
->tuple
.dst
.u
.tcp
.port
));
780 ip_conntrack_expect_put(exp
);
785 /****************************************************************************/
786 static int process_setup(struct sk_buff
**pskb
, struct ip_conntrack
*ct
,
787 enum ip_conntrack_info ctinfo
,
788 unsigned char **data
, int dataoff
,
791 int dir
= CTINFO2DIR(ctinfo
);
797 DEBUGP("ip_ct_q931: Setup\n");
799 if (setup
->options
& eSetup_UUIE_h245Address
) {
800 ret
= expect_h245(pskb
, ct
, ctinfo
, data
, dataoff
,
801 &setup
->h245Address
);
806 if ((setup
->options
& eSetup_UUIE_destCallSignalAddress
) &&
807 (set_h225_addr_hook
) &&
808 get_h225_addr(*data
, &setup
->destCallSignalAddress
, &ip
, &port
) &&
809 ip
!= ct
->tuplehash
[!dir
].tuple
.src
.ip
) {
810 DEBUGP("ip_ct_q931: set destCallSignalAddress "
811 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
813 NIPQUAD(ct
->tuplehash
[!dir
].tuple
.src
.ip
),
814 ntohs(ct
->tuplehash
[!dir
].tuple
.src
.u
.tcp
.port
));
815 ret
= set_h225_addr_hook(pskb
, data
, dataoff
,
816 &setup
->destCallSignalAddress
,
817 ct
->tuplehash
[!dir
].tuple
.src
.ip
,
818 ntohs(ct
->tuplehash
[!dir
].tuple
.src
.
824 if ((setup
->options
& eSetup_UUIE_sourceCallSignalAddress
) &&
825 (set_h225_addr_hook
) &&
826 get_h225_addr(*data
, &setup
->sourceCallSignalAddress
, &ip
, &port
)
827 && ip
!= ct
->tuplehash
[!dir
].tuple
.dst
.ip
) {
828 DEBUGP("ip_ct_q931: set sourceCallSignalAddress "
829 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
831 NIPQUAD(ct
->tuplehash
[!dir
].tuple
.dst
.ip
),
832 ntohs(ct
->tuplehash
[!dir
].tuple
.dst
.u
.tcp
.port
));
833 ret
= set_h225_addr_hook(pskb
, data
, dataoff
,
834 &setup
->sourceCallSignalAddress
,
835 ct
->tuplehash
[!dir
].tuple
.dst
.ip
,
836 ntohs(ct
->tuplehash
[!dir
].tuple
.dst
.
842 if (setup
->options
& eSetup_UUIE_fastStart
) {
843 for (i
= 0; i
< setup
->fastStart
.count
; i
++) {
844 ret
= process_olc(pskb
, ct
, ctinfo
, data
, dataoff
,
845 &setup
->fastStart
.item
[i
]);
854 /****************************************************************************/
855 static int process_callproceeding(struct sk_buff
**pskb
,
856 struct ip_conntrack
*ct
,
857 enum ip_conntrack_info ctinfo
,
858 unsigned char **data
, int dataoff
,
859 CallProceeding_UUIE
* callproc
)
864 DEBUGP("ip_ct_q931: CallProceeding\n");
866 if (callproc
->options
& eCallProceeding_UUIE_h245Address
) {
867 ret
= expect_h245(pskb
, ct
, ctinfo
, data
, dataoff
,
868 &callproc
->h245Address
);
873 if (callproc
->options
& eCallProceeding_UUIE_fastStart
) {
874 for (i
= 0; i
< callproc
->fastStart
.count
; i
++) {
875 ret
= process_olc(pskb
, ct
, ctinfo
, data
, dataoff
,
876 &callproc
->fastStart
.item
[i
]);
885 /****************************************************************************/
886 static int process_connect(struct sk_buff
**pskb
, struct ip_conntrack
*ct
,
887 enum ip_conntrack_info ctinfo
,
888 unsigned char **data
, int dataoff
,
889 Connect_UUIE
* connect
)
894 DEBUGP("ip_ct_q931: Connect\n");
896 if (connect
->options
& eConnect_UUIE_h245Address
) {
897 ret
= expect_h245(pskb
, ct
, ctinfo
, data
, dataoff
,
898 &connect
->h245Address
);
903 if (connect
->options
& eConnect_UUIE_fastStart
) {
904 for (i
= 0; i
< connect
->fastStart
.count
; i
++) {
905 ret
= process_olc(pskb
, ct
, ctinfo
, data
, dataoff
,
906 &connect
->fastStart
.item
[i
]);
915 /****************************************************************************/
916 static int process_alerting(struct sk_buff
**pskb
, struct ip_conntrack
*ct
,
917 enum ip_conntrack_info ctinfo
,
918 unsigned char **data
, int dataoff
,
919 Alerting_UUIE
* alert
)
924 DEBUGP("ip_ct_q931: Alerting\n");
926 if (alert
->options
& eAlerting_UUIE_h245Address
) {
927 ret
= expect_h245(pskb
, ct
, ctinfo
, data
, dataoff
,
928 &alert
->h245Address
);
933 if (alert
->options
& eAlerting_UUIE_fastStart
) {
934 for (i
= 0; i
< alert
->fastStart
.count
; i
++) {
935 ret
= process_olc(pskb
, ct
, ctinfo
, data
, dataoff
,
936 &alert
->fastStart
.item
[i
]);
945 /****************************************************************************/
946 static int process_information(struct sk_buff
**pskb
,
947 struct ip_conntrack
*ct
,
948 enum ip_conntrack_info ctinfo
,
949 unsigned char **data
, int dataoff
,
950 Information_UUIE
* info
)
955 DEBUGP("ip_ct_q931: Information\n");
957 if (info
->options
& eInformation_UUIE_fastStart
) {
958 for (i
= 0; i
< info
->fastStart
.count
; i
++) {
959 ret
= process_olc(pskb
, ct
, ctinfo
, data
, dataoff
,
960 &info
->fastStart
.item
[i
]);
969 /****************************************************************************/
970 static int process_facility(struct sk_buff
**pskb
, struct ip_conntrack
*ct
,
971 enum ip_conntrack_info ctinfo
,
972 unsigned char **data
, int dataoff
,
973 Facility_UUIE
* facility
)
978 DEBUGP("ip_ct_q931: Facility\n");
980 if (facility
->reason
.choice
== eFacilityReason_callForwarded
) {
981 if (facility
->options
& eFacility_UUIE_alternativeAddress
)
982 return expect_callforwarding(pskb
, ct
, ctinfo
, data
,
989 if (facility
->options
& eFacility_UUIE_h245Address
) {
990 ret
= expect_h245(pskb
, ct
, ctinfo
, data
, dataoff
,
991 &facility
->h245Address
);
996 if (facility
->options
& eFacility_UUIE_fastStart
) {
997 for (i
= 0; i
< facility
->fastStart
.count
; i
++) {
998 ret
= process_olc(pskb
, ct
, ctinfo
, data
, dataoff
,
999 &facility
->fastStart
.item
[i
]);
1008 /****************************************************************************/
1009 static int process_progress(struct sk_buff
**pskb
, struct ip_conntrack
*ct
,
1010 enum ip_conntrack_info ctinfo
,
1011 unsigned char **data
, int dataoff
,
1012 Progress_UUIE
* progress
)
1017 DEBUGP("ip_ct_q931: Progress\n");
1019 if (progress
->options
& eProgress_UUIE_h245Address
) {
1020 ret
= expect_h245(pskb
, ct
, ctinfo
, data
, dataoff
,
1021 &progress
->h245Address
);
1026 if (progress
->options
& eProgress_UUIE_fastStart
) {
1027 for (i
= 0; i
< progress
->fastStart
.count
; i
++) {
1028 ret
= process_olc(pskb
, ct
, ctinfo
, data
, dataoff
,
1029 &progress
->fastStart
.item
[i
]);
1038 /****************************************************************************/
1039 static int process_q931(struct sk_buff
**pskb
, struct ip_conntrack
*ct
,
1040 enum ip_conntrack_info ctinfo
,
1041 unsigned char **data
, int dataoff
, Q931
* q931
)
1043 H323_UU_PDU
*pdu
= &q931
->UUIE
.h323_uu_pdu
;
1047 switch (pdu
->h323_message_body
.choice
) {
1048 case eH323_UU_PDU_h323_message_body_setup
:
1049 ret
= process_setup(pskb
, ct
, ctinfo
, data
, dataoff
,
1050 &pdu
->h323_message_body
.setup
);
1052 case eH323_UU_PDU_h323_message_body_callProceeding
:
1053 ret
= process_callproceeding(pskb
, ct
, ctinfo
, data
, dataoff
,
1054 &pdu
->h323_message_body
.
1057 case eH323_UU_PDU_h323_message_body_connect
:
1058 ret
= process_connect(pskb
, ct
, ctinfo
, data
, dataoff
,
1059 &pdu
->h323_message_body
.connect
);
1061 case eH323_UU_PDU_h323_message_body_alerting
:
1062 ret
= process_alerting(pskb
, ct
, ctinfo
, data
, dataoff
,
1063 &pdu
->h323_message_body
.alerting
);
1065 case eH323_UU_PDU_h323_message_body_information
:
1066 ret
= process_information(pskb
, ct
, ctinfo
, data
, dataoff
,
1067 &pdu
->h323_message_body
.
1070 case eH323_UU_PDU_h323_message_body_facility
:
1071 ret
= process_facility(pskb
, ct
, ctinfo
, data
, dataoff
,
1072 &pdu
->h323_message_body
.facility
);
1074 case eH323_UU_PDU_h323_message_body_progress
:
1075 ret
= process_progress(pskb
, ct
, ctinfo
, data
, dataoff
,
1076 &pdu
->h323_message_body
.progress
);
1079 DEBUGP("ip_ct_q931: Q.931 signal %d\n",
1080 pdu
->h323_message_body
.choice
);
1087 if (pdu
->options
& eH323_UU_PDU_h245Control
) {
1088 for (i
= 0; i
< pdu
->h245Control
.count
; i
++) {
1089 ret
= process_h245(pskb
, ct
, ctinfo
, data
, dataoff
,
1090 &pdu
->h245Control
.item
[i
]);
1099 /****************************************************************************/
1100 static int q931_help(struct sk_buff
**pskb
, struct ip_conntrack
*ct
,
1101 enum ip_conntrack_info ctinfo
)
1104 unsigned char *data
= NULL
;
1109 /* Until there's been traffic both ways, don't look in packets. */
1110 if (ctinfo
!= IP_CT_ESTABLISHED
1111 && ctinfo
!= IP_CT_ESTABLISHED
+ IP_CT_IS_REPLY
) {
1114 DEBUGP("ip_ct_q931: skblen = %u\n", (*pskb
)->len
);
1116 spin_lock_bh(&ip_h323_lock
);
1118 /* Process each TPKT */
1119 while (get_tpkt_data(pskb
, ct
, ctinfo
, &data
, &datalen
, &dataoff
)) {
1120 DEBUGP("ip_ct_q931: TPKT %u.%u.%u.%u->%u.%u.%u.%u, len=%d\n",
1121 NIPQUAD((*pskb
)->nh
.iph
->saddr
),
1122 NIPQUAD((*pskb
)->nh
.iph
->daddr
), datalen
);
1124 /* Decode Q.931 signal */
1125 ret
= DecodeQ931(data
, datalen
, &q931
);
1127 if (net_ratelimit())
1128 printk("ip_ct_q931: decoding error: %s\n",
1129 ret
== H323_ERROR_BOUND
?
1130 "out of bound" : "out of range");
1131 /* We don't drop when decoding error */
1135 /* Process Q.931 signal */
1136 if (process_q931(pskb
, ct
, ctinfo
, &data
, dataoff
, &q931
) < 0)
1140 spin_unlock_bh(&ip_h323_lock
);
1144 spin_unlock_bh(&ip_h323_lock
);
1145 if (net_ratelimit())
1146 printk("ip_ct_q931: packet dropped\n");
1150 /****************************************************************************/
1151 static struct ip_conntrack_helper ip_conntrack_helper_q931
= {
1154 .max_expected
= H323_RTP_CHANNEL_MAX
* 4 + 4 /* T.120 and H.245 */ ,
1156 .tuple
= {.src
= {.u
= {__constant_htons(Q931_PORT
)}},
1157 .dst
= {.protonum
= IPPROTO_TCP
}},
1158 .mask
= {.src
= {.u
= {0xFFFF}},
1159 .dst
= {.protonum
= 0xFF}},
1163 /****************************************************************************/
1164 void ip_conntrack_q931_expect(struct ip_conntrack
*new,
1165 struct ip_conntrack_expect
*this)
1167 write_lock_bh(&ip_conntrack_lock
);
1168 new->helper
= &ip_conntrack_helper_q931
;
1169 write_unlock_bh(&ip_conntrack_lock
);
1172 /****************************************************************************/
1173 static unsigned char *get_udp_data(struct sk_buff
**pskb
, int *datalen
)
1175 struct udphdr _uh
, *uh
;
1178 uh
= skb_header_pointer(*pskb
, (*pskb
)->nh
.iph
->ihl
* 4, sizeof(_uh
),
1182 dataoff
= (*pskb
)->nh
.iph
->ihl
* 4 + sizeof(_uh
);
1183 if (dataoff
>= (*pskb
)->len
)
1185 *datalen
= (*pskb
)->len
- dataoff
;
1186 return skb_header_pointer(*pskb
, dataoff
, *datalen
, h323_buffer
);
1189 /****************************************************************************/
1190 static struct ip_conntrack_expect
*find_expect(struct ip_conntrack
*ct
,
1191 u_int32_t ip
, u_int16_t port
)
1193 struct ip_conntrack_expect
*exp
;
1194 struct ip_conntrack_tuple tuple
;
1197 tuple
.src
.u
.tcp
.port
= 0;
1199 tuple
.dst
.u
.tcp
.port
= htons(port
);
1200 tuple
.dst
.protonum
= IPPROTO_TCP
;
1202 exp
= __ip_conntrack_expect_find(&tuple
);
1203 if (exp
&& exp
->master
== ct
)
1208 /****************************************************************************/
1209 static int set_expect_timeout(struct ip_conntrack_expect
*exp
,
1212 if (!exp
|| !del_timer(&exp
->timeout
))
1215 exp
->timeout
.expires
= jiffies
+ timeout
* HZ
;
1216 add_timer(&exp
->timeout
);
1221 /****************************************************************************/
1222 static int expect_q931(struct sk_buff
**pskb
, struct ip_conntrack
*ct
,
1223 enum ip_conntrack_info ctinfo
,
1224 unsigned char **data
,
1225 TransportAddress
* addr
, int count
)
1227 struct ip_ct_h323_master
*info
= &ct
->help
.ct_h323_info
;
1228 int dir
= CTINFO2DIR(ctinfo
);
1233 struct ip_conntrack_expect
*exp
;
1235 /* Look for the first related address */
1236 for (i
= 0; i
< count
; i
++) {
1237 if (get_h225_addr(*data
, &addr
[i
], &ip
, &port
) &&
1238 ip
== ct
->tuplehash
[dir
].tuple
.src
.ip
&& port
!= 0)
1242 if (i
>= count
) /* Not found */
1245 /* Create expect for Q.931 */
1246 if ((exp
= ip_conntrack_expect_alloc(ct
)) == NULL
)
1248 exp
->tuple
.src
.ip
= gkrouted_only
? /* only accept calls from GK? */
1249 ct
->tuplehash
[!dir
].tuple
.src
.ip
: 0;
1250 exp
->tuple
.src
.u
.tcp
.port
= 0;
1251 exp
->tuple
.dst
.ip
= ct
->tuplehash
[!dir
].tuple
.dst
.ip
;
1252 exp
->tuple
.dst
.u
.tcp
.port
= htons(port
);
1253 exp
->tuple
.dst
.protonum
= IPPROTO_TCP
;
1254 exp
->mask
.src
.ip
= gkrouted_only
? 0xFFFFFFFF : 0;
1255 exp
->mask
.src
.u
.tcp
.port
= 0;
1256 exp
->mask
.dst
.ip
= 0xFFFFFFFF;
1257 exp
->mask
.dst
.u
.tcp
.port
= 0xFFFF;
1258 exp
->mask
.dst
.protonum
= 0xFF;
1259 exp
->flags
= IP_CT_EXPECT_PERMANENT
; /* Accept multiple calls */
1261 if (nat_q931_hook
) { /* Need NAT */
1262 ret
= nat_q931_hook(pskb
, ct
, ctinfo
, data
, addr
, i
,
1264 } else { /* Conntrack only */
1265 exp
->expectfn
= ip_conntrack_q931_expect
;
1267 if (ip_conntrack_expect_related(exp
) == 0) {
1268 DEBUGP("ip_ct_ras: expect Q.931 "
1269 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
1270 NIPQUAD(exp
->tuple
.src
.ip
),
1271 ntohs(exp
->tuple
.src
.u
.tcp
.port
),
1272 NIPQUAD(exp
->tuple
.dst
.ip
),
1273 ntohs(exp
->tuple
.dst
.u
.tcp
.port
));
1275 /* Save port for looking up expect in processing RCF */
1276 info
->sig_port
[dir
] = port
;
1281 ip_conntrack_expect_put(exp
);
1286 /****************************************************************************/
1287 static int process_grq(struct sk_buff
**pskb
, struct ip_conntrack
*ct
,
1288 enum ip_conntrack_info ctinfo
,
1289 unsigned char **data
, GatekeeperRequest
* grq
)
1291 DEBUGP("ip_ct_ras: GRQ\n");
1293 if (set_ras_addr_hook
) /* NATed */
1294 return set_ras_addr_hook(pskb
, ct
, ctinfo
, data
,
1295 &grq
->rasAddress
, 1);
1299 /* Declare before using */
1300 static void ip_conntrack_ras_expect(struct ip_conntrack
*new,
1301 struct ip_conntrack_expect
*this);
1303 /****************************************************************************/
1304 static int process_gcf(struct sk_buff
**pskb
, struct ip_conntrack
*ct
,
1305 enum ip_conntrack_info ctinfo
,
1306 unsigned char **data
, GatekeeperConfirm
* gcf
)
1308 int dir
= CTINFO2DIR(ctinfo
);
1312 struct ip_conntrack_expect
*exp
;
1314 DEBUGP("ip_ct_ras: GCF\n");
1316 if (!get_h225_addr(*data
, &gcf
->rasAddress
, &ip
, &port
))
1319 /* Registration port is the same as discovery port */
1320 if (ip
== ct
->tuplehash
[dir
].tuple
.src
.ip
&&
1321 port
== ntohs(ct
->tuplehash
[dir
].tuple
.src
.u
.udp
.port
))
1324 /* Avoid RAS expectation loops. A GCF is never expected. */
1325 if (test_bit(IPS_EXPECTED_BIT
, &ct
->status
))
1328 /* Need new expect */
1329 if ((exp
= ip_conntrack_expect_alloc(ct
)) == NULL
)
1331 exp
->tuple
.src
.ip
= ct
->tuplehash
[!dir
].tuple
.src
.ip
;
1332 exp
->tuple
.src
.u
.tcp
.port
= 0;
1333 exp
->tuple
.dst
.ip
= ip
;
1334 exp
->tuple
.dst
.u
.tcp
.port
= htons(port
);
1335 exp
->tuple
.dst
.protonum
= IPPROTO_UDP
;
1336 exp
->mask
.src
.ip
= 0xFFFFFFFF;
1337 exp
->mask
.src
.u
.tcp
.port
= 0;
1338 exp
->mask
.dst
.ip
= 0xFFFFFFFF;
1339 exp
->mask
.dst
.u
.tcp
.port
= 0xFFFF;
1340 exp
->mask
.dst
.protonum
= 0xFF;
1342 exp
->expectfn
= ip_conntrack_ras_expect
;
1343 if (ip_conntrack_expect_related(exp
) == 0) {
1344 DEBUGP("ip_ct_ras: expect RAS "
1345 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
1346 NIPQUAD(exp
->tuple
.src
.ip
),
1347 ntohs(exp
->tuple
.src
.u
.tcp
.port
),
1348 NIPQUAD(exp
->tuple
.dst
.ip
),
1349 ntohs(exp
->tuple
.dst
.u
.tcp
.port
));
1353 ip_conntrack_expect_put(exp
);
1358 /****************************************************************************/
1359 static int process_rrq(struct sk_buff
**pskb
, struct ip_conntrack
*ct
,
1360 enum ip_conntrack_info ctinfo
,
1361 unsigned char **data
, RegistrationRequest
* rrq
)
1363 struct ip_ct_h323_master
*info
= &ct
->help
.ct_h323_info
;
1366 DEBUGP("ip_ct_ras: RRQ\n");
1368 ret
= expect_q931(pskb
, ct
, ctinfo
, data
,
1369 rrq
->callSignalAddress
.item
,
1370 rrq
->callSignalAddress
.count
);
1374 if (set_ras_addr_hook
) {
1375 ret
= set_ras_addr_hook(pskb
, ct
, ctinfo
, data
,
1376 rrq
->rasAddress
.item
,
1377 rrq
->rasAddress
.count
);
1382 if (rrq
->options
& eRegistrationRequest_timeToLive
) {
1383 DEBUGP("ip_ct_ras: RRQ TTL = %u seconds\n", rrq
->timeToLive
);
1384 info
->timeout
= rrq
->timeToLive
;
1386 info
->timeout
= default_rrq_ttl
;
1391 /****************************************************************************/
1392 static int process_rcf(struct sk_buff
**pskb
, struct ip_conntrack
*ct
,
1393 enum ip_conntrack_info ctinfo
,
1394 unsigned char **data
, RegistrationConfirm
* rcf
)
1396 struct ip_ct_h323_master
*info
= &ct
->help
.ct_h323_info
;
1397 int dir
= CTINFO2DIR(ctinfo
);
1399 struct ip_conntrack_expect
*exp
;
1401 DEBUGP("ip_ct_ras: RCF\n");
1403 if (set_sig_addr_hook
) {
1404 ret
= set_sig_addr_hook(pskb
, ct
, ctinfo
, data
,
1405 rcf
->callSignalAddress
.item
,
1406 rcf
->callSignalAddress
.count
);
1411 if (rcf
->options
& eRegistrationConfirm_timeToLive
) {
1412 DEBUGP("ip_ct_ras: RCF TTL = %u seconds\n", rcf
->timeToLive
);
1413 info
->timeout
= rcf
->timeToLive
;
1416 if (info
->timeout
> 0) {
1418 ("ip_ct_ras: set RAS connection timeout to %u seconds\n",
1420 ip_ct_refresh_acct(ct
, ctinfo
, NULL
, info
->timeout
* HZ
);
1422 /* Set expect timeout */
1423 read_lock_bh(&ip_conntrack_lock
);
1424 exp
= find_expect(ct
, ct
->tuplehash
[dir
].tuple
.dst
.ip
,
1425 info
->sig_port
[!dir
]);
1427 DEBUGP("ip_ct_ras: set Q.931 expect "
1428 "(%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu) "
1429 "timeout to %u seconds\n",
1430 NIPQUAD(exp
->tuple
.src
.ip
),
1431 ntohs(exp
->tuple
.src
.u
.tcp
.port
),
1432 NIPQUAD(exp
->tuple
.dst
.ip
),
1433 ntohs(exp
->tuple
.dst
.u
.tcp
.port
),
1435 set_expect_timeout(exp
, info
->timeout
);
1437 read_unlock_bh(&ip_conntrack_lock
);
1443 /****************************************************************************/
1444 static int process_urq(struct sk_buff
**pskb
, struct ip_conntrack
*ct
,
1445 enum ip_conntrack_info ctinfo
,
1446 unsigned char **data
, UnregistrationRequest
* urq
)
1448 struct ip_ct_h323_master
*info
= &ct
->help
.ct_h323_info
;
1449 int dir
= CTINFO2DIR(ctinfo
);
1452 DEBUGP("ip_ct_ras: URQ\n");
1454 if (set_sig_addr_hook
) {
1455 ret
= set_sig_addr_hook(pskb
, ct
, ctinfo
, data
,
1456 urq
->callSignalAddress
.item
,
1457 urq
->callSignalAddress
.count
);
1462 /* Clear old expect */
1463 ip_ct_remove_expectations(ct
);
1464 info
->sig_port
[dir
] = 0;
1465 info
->sig_port
[!dir
] = 0;
1467 /* Give it 30 seconds for UCF or URJ */
1468 ip_ct_refresh_acct(ct
, ctinfo
, NULL
, 30 * HZ
);
1473 /****************************************************************************/
1474 static int process_arq(struct sk_buff
**pskb
, struct ip_conntrack
*ct
,
1475 enum ip_conntrack_info ctinfo
,
1476 unsigned char **data
, AdmissionRequest
* arq
)
1478 struct ip_ct_h323_master
*info
= &ct
->help
.ct_h323_info
;
1479 int dir
= CTINFO2DIR(ctinfo
);
1483 DEBUGP("ip_ct_ras: ARQ\n");
1485 if ((arq
->options
& eAdmissionRequest_destCallSignalAddress
) &&
1486 get_h225_addr(*data
, &arq
->destCallSignalAddress
, &ip
, &port
) &&
1487 ip
== ct
->tuplehash
[dir
].tuple
.src
.ip
&&
1488 port
== info
->sig_port
[dir
] && set_h225_addr_hook
) {
1490 return set_h225_addr_hook(pskb
, data
, 0,
1491 &arq
->destCallSignalAddress
,
1492 ct
->tuplehash
[!dir
].tuple
.dst
.ip
,
1493 info
->sig_port
[!dir
]);
1496 if ((arq
->options
& eAdmissionRequest_srcCallSignalAddress
) &&
1497 get_h225_addr(*data
, &arq
->srcCallSignalAddress
, &ip
, &port
) &&
1498 ip
== ct
->tuplehash
[dir
].tuple
.src
.ip
&& set_h225_addr_hook
) {
1500 return set_h225_addr_hook(pskb
, data
, 0,
1501 &arq
->srcCallSignalAddress
,
1502 ct
->tuplehash
[!dir
].tuple
.dst
.ip
,
1509 /****************************************************************************/
1510 static int process_acf(struct sk_buff
**pskb
, struct ip_conntrack
*ct
,
1511 enum ip_conntrack_info ctinfo
,
1512 unsigned char **data
, AdmissionConfirm
* acf
)
1514 int dir
= CTINFO2DIR(ctinfo
);
1518 struct ip_conntrack_expect
*exp
;
1520 DEBUGP("ip_ct_ras: ACF\n");
1522 if (!get_h225_addr(*data
, &acf
->destCallSignalAddress
, &ip
, &port
))
1525 if (ip
== ct
->tuplehash
[dir
].tuple
.dst
.ip
) { /* Answering ACF */
1526 if (set_sig_addr_hook
)
1527 return set_sig_addr_hook(pskb
, ct
, ctinfo
, data
,
1528 &acf
->destCallSignalAddress
,
1533 /* Need new expect */
1534 if ((exp
= ip_conntrack_expect_alloc(ct
)) == NULL
)
1536 exp
->tuple
.src
.ip
= ct
->tuplehash
[!dir
].tuple
.src
.ip
;
1537 exp
->tuple
.src
.u
.tcp
.port
= 0;
1538 exp
->tuple
.dst
.ip
= ip
;
1539 exp
->tuple
.dst
.u
.tcp
.port
= htons(port
);
1540 exp
->tuple
.dst
.protonum
= IPPROTO_TCP
;
1541 exp
->mask
.src
.ip
= 0xFFFFFFFF;
1542 exp
->mask
.src
.u
.tcp
.port
= 0;
1543 exp
->mask
.dst
.ip
= 0xFFFFFFFF;
1544 exp
->mask
.dst
.u
.tcp
.port
= 0xFFFF;
1545 exp
->mask
.dst
.protonum
= 0xFF;
1546 exp
->flags
= IP_CT_EXPECT_PERMANENT
;
1547 exp
->expectfn
= ip_conntrack_q931_expect
;
1549 if (ip_conntrack_expect_related(exp
) == 0) {
1550 DEBUGP("ip_ct_ras: expect Q.931 "
1551 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
1552 NIPQUAD(exp
->tuple
.src
.ip
),
1553 ntohs(exp
->tuple
.src
.u
.tcp
.port
),
1554 NIPQUAD(exp
->tuple
.dst
.ip
),
1555 ntohs(exp
->tuple
.dst
.u
.tcp
.port
));
1559 ip_conntrack_expect_put(exp
);
1564 /****************************************************************************/
1565 static int process_lrq(struct sk_buff
**pskb
, struct ip_conntrack
*ct
,
1566 enum ip_conntrack_info ctinfo
,
1567 unsigned char **data
, LocationRequest
* lrq
)
1569 DEBUGP("ip_ct_ras: LRQ\n");
1571 if (set_ras_addr_hook
)
1572 return set_ras_addr_hook(pskb
, ct
, ctinfo
, data
,
1573 &lrq
->replyAddress
, 1);
1577 /****************************************************************************/
1578 static int process_lcf(struct sk_buff
**pskb
, struct ip_conntrack
*ct
,
1579 enum ip_conntrack_info ctinfo
,
1580 unsigned char **data
, LocationConfirm
* lcf
)
1582 int dir
= CTINFO2DIR(ctinfo
);
1586 struct ip_conntrack_expect
*exp
= NULL
;
1588 DEBUGP("ip_ct_ras: LCF\n");
1590 if (!get_h225_addr(*data
, &lcf
->callSignalAddress
, &ip
, &port
))
1593 /* Need new expect for call signal */
1594 if ((exp
= ip_conntrack_expect_alloc(ct
)) == NULL
)
1596 exp
->tuple
.src
.ip
= ct
->tuplehash
[!dir
].tuple
.src
.ip
;
1597 exp
->tuple
.src
.u
.tcp
.port
= 0;
1598 exp
->tuple
.dst
.ip
= ip
;
1599 exp
->tuple
.dst
.u
.tcp
.port
= htons(port
);
1600 exp
->tuple
.dst
.protonum
= IPPROTO_TCP
;
1601 exp
->mask
.src
.ip
= 0xFFFFFFFF;
1602 exp
->mask
.src
.u
.tcp
.port
= 0;
1603 exp
->mask
.dst
.ip
= 0xFFFFFFFF;
1604 exp
->mask
.dst
.u
.tcp
.port
= 0xFFFF;
1605 exp
->mask
.dst
.protonum
= 0xFF;
1606 exp
->flags
= IP_CT_EXPECT_PERMANENT
;
1607 exp
->expectfn
= ip_conntrack_q931_expect
;
1609 if (ip_conntrack_expect_related(exp
) == 0) {
1610 DEBUGP("ip_ct_ras: expect Q.931 "
1611 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
1612 NIPQUAD(exp
->tuple
.src
.ip
),
1613 ntohs(exp
->tuple
.src
.u
.tcp
.port
),
1614 NIPQUAD(exp
->tuple
.dst
.ip
),
1615 ntohs(exp
->tuple
.dst
.u
.tcp
.port
));
1619 ip_conntrack_expect_put(exp
);
1621 /* Ignore rasAddress */
1626 /****************************************************************************/
1627 static int process_irr(struct sk_buff
**pskb
, struct ip_conntrack
*ct
,
1628 enum ip_conntrack_info ctinfo
,
1629 unsigned char **data
, InfoRequestResponse
* irr
)
1633 DEBUGP("ip_ct_ras: IRR\n");
1635 if (set_ras_addr_hook
) {
1636 ret
= set_ras_addr_hook(pskb
, ct
, ctinfo
, data
,
1637 &irr
->rasAddress
, 1);
1642 if (set_sig_addr_hook
) {
1643 ret
= set_sig_addr_hook(pskb
, ct
, ctinfo
, data
,
1644 irr
->callSignalAddress
.item
,
1645 irr
->callSignalAddress
.count
);
1653 /****************************************************************************/
1654 static int process_ras(struct sk_buff
**pskb
, struct ip_conntrack
*ct
,
1655 enum ip_conntrack_info ctinfo
,
1656 unsigned char **data
, RasMessage
* ras
)
1658 switch (ras
->choice
) {
1659 case eRasMessage_gatekeeperRequest
:
1660 return process_grq(pskb
, ct
, ctinfo
, data
,
1661 &ras
->gatekeeperRequest
);
1662 case eRasMessage_gatekeeperConfirm
:
1663 return process_gcf(pskb
, ct
, ctinfo
, data
,
1664 &ras
->gatekeeperConfirm
);
1665 case eRasMessage_registrationRequest
:
1666 return process_rrq(pskb
, ct
, ctinfo
, data
,
1667 &ras
->registrationRequest
);
1668 case eRasMessage_registrationConfirm
:
1669 return process_rcf(pskb
, ct
, ctinfo
, data
,
1670 &ras
->registrationConfirm
);
1671 case eRasMessage_unregistrationRequest
:
1672 return process_urq(pskb
, ct
, ctinfo
, data
,
1673 &ras
->unregistrationRequest
);
1674 case eRasMessage_admissionRequest
:
1675 return process_arq(pskb
, ct
, ctinfo
, data
,
1676 &ras
->admissionRequest
);
1677 case eRasMessage_admissionConfirm
:
1678 return process_acf(pskb
, ct
, ctinfo
, data
,
1679 &ras
->admissionConfirm
);
1680 case eRasMessage_locationRequest
:
1681 return process_lrq(pskb
, ct
, ctinfo
, data
,
1682 &ras
->locationRequest
);
1683 case eRasMessage_locationConfirm
:
1684 return process_lcf(pskb
, ct
, ctinfo
, data
,
1685 &ras
->locationConfirm
);
1686 case eRasMessage_infoRequestResponse
:
1687 return process_irr(pskb
, ct
, ctinfo
, data
,
1688 &ras
->infoRequestResponse
);
1690 DEBUGP("ip_ct_ras: RAS message %d\n", ras
->choice
);
1697 /****************************************************************************/
1698 static int ras_help(struct sk_buff
**pskb
, struct ip_conntrack
*ct
,
1699 enum ip_conntrack_info ctinfo
)
1701 static RasMessage ras
;
1702 unsigned char *data
;
1706 DEBUGP("ip_ct_ras: skblen = %u\n", (*pskb
)->len
);
1708 spin_lock_bh(&ip_h323_lock
);
1711 data
= get_udp_data(pskb
, &datalen
);
1714 DEBUGP("ip_ct_ras: RAS message %u.%u.%u.%u->%u.%u.%u.%u, len=%d\n",
1715 NIPQUAD((*pskb
)->nh
.iph
->saddr
),
1716 NIPQUAD((*pskb
)->nh
.iph
->daddr
), datalen
);
1718 /* Decode RAS message */
1719 ret
= DecodeRasMessage(data
, datalen
, &ras
);
1721 if (net_ratelimit())
1722 printk("ip_ct_ras: decoding error: %s\n",
1723 ret
== H323_ERROR_BOUND
?
1724 "out of bound" : "out of range");
1728 /* Process RAS message */
1729 if (process_ras(pskb
, ct
, ctinfo
, &data
, &ras
) < 0)
1733 spin_unlock_bh(&ip_h323_lock
);
1737 spin_unlock_bh(&ip_h323_lock
);
1738 if (net_ratelimit())
1739 printk("ip_ct_ras: packet dropped\n");
1743 /****************************************************************************/
1744 static struct ip_conntrack_helper ip_conntrack_helper_ras
= {
1749 .tuple
= {.src
= {.u
= {__constant_htons(RAS_PORT
)}},
1750 .dst
= {.protonum
= IPPROTO_UDP
}},
1751 .mask
= {.src
= {.u
= {0xFFFE}},
1752 .dst
= {.protonum
= 0xFF}},
1756 /****************************************************************************/
1757 static void ip_conntrack_ras_expect(struct ip_conntrack
*new,
1758 struct ip_conntrack_expect
*this)
1760 write_lock_bh(&ip_conntrack_lock
);
1761 new->helper
= &ip_conntrack_helper_ras
;
1762 write_unlock_bh(&ip_conntrack_lock
);
1765 /****************************************************************************/
1766 /* Not __exit - called from init() */
1767 static void fini(void)
1769 ip_conntrack_helper_unregister(&ip_conntrack_helper_ras
);
1770 ip_conntrack_helper_unregister(&ip_conntrack_helper_q931
);
1772 DEBUGP("ip_ct_h323: fini\n");
1775 /****************************************************************************/
1776 static int __init
init(void)
1780 h323_buffer
= kmalloc(65536, GFP_KERNEL
);
1783 if ((ret
= ip_conntrack_helper_register(&ip_conntrack_helper_q931
)) ||
1784 (ret
= ip_conntrack_helper_register(&ip_conntrack_helper_ras
))) {
1788 DEBUGP("ip_ct_h323: init success\n");
1792 /****************************************************************************/
1796 EXPORT_SYMBOL_GPL(get_h225_addr
);
1797 EXPORT_SYMBOL_GPL(ip_conntrack_h245_expect
);
1798 EXPORT_SYMBOL_GPL(ip_conntrack_q931_expect
);
1799 EXPORT_SYMBOL_GPL(set_h245_addr_hook
);
1800 EXPORT_SYMBOL_GPL(set_h225_addr_hook
);
1801 EXPORT_SYMBOL_GPL(set_sig_addr_hook
);
1802 EXPORT_SYMBOL_GPL(set_ras_addr_hook
);
1803 EXPORT_SYMBOL_GPL(nat_rtp_rtcp_hook
);
1804 EXPORT_SYMBOL_GPL(nat_t120_hook
);
1805 EXPORT_SYMBOL_GPL(nat_h245_hook
);
1806 EXPORT_SYMBOL_GPL(nat_callforwarding_hook
);
1807 EXPORT_SYMBOL_GPL(nat_q931_hook
);
1809 MODULE_AUTHOR("Jing Min Zhao <zhaojingmin@users.sourceforge.net>");
1810 MODULE_DESCRIPTION("H.323 connection tracking helper");
1811 MODULE_LICENSE("GPL");