search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[IP]: Introduce ip_hdrlen()
[pohmelfs.git] / net / ipv4 / netfilter / ip_conntrack_helper_h323.c
blob5d638149b0e05c4cbd3f05d0c29a57a65e5d84ae
1 /*
2 * H.323 connection tracking helper
3 *
4 * Copyright (c) 2006 Jing Min Zhao <zhaojingmin@users.sourceforge.net>
5 *
6 * This source code is licensed under General Public License version 2.
7 *
8 * Based on the 'brute force' H.323 connection tracking module by
9 * Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
10 *
11 * For more information, please see http://nath323.sourceforge.net/
12 */
13
14 #include <linux/module.h>
15 #include <linux/netfilter.h>
16 #include <linux/ip.h>
17 #include <net/tcp.h>
18 #include <linux/netfilter_ipv4/ip_conntrack.h>
19 #include <linux/netfilter_ipv4/ip_conntrack_core.h>
20 #include <linux/netfilter_ipv4/ip_conntrack_helper.h>
21 #include <linux/netfilter_ipv4/ip_conntrack_tuple.h>
22 #include <linux/netfilter_ipv4/ip_conntrack_h323.h>
23 #include <linux/moduleparam.h>
24 #include <linux/ctype.h>
25 #include <linux/inet.h>
26
27 #if 0
28 #define DEBUGP printk
29 #else
30 #define DEBUGP(format, args...)
31 #endif
32
33 /* Parameters */
34 static unsigned int default_rrq_ttl = 300;
35 module_param(default_rrq_ttl, uint, 0600);
36 MODULE_PARM_DESC(default_rrq_ttl, "use this TTL if it's missing in RRQ");
37
38 static int gkrouted_only = 1;
39 module_param(gkrouted_only, int, 0600);
40 MODULE_PARM_DESC(gkrouted_only, "only accept calls from gatekeeper");
41
42 static int callforward_filter = 1;
43 module_param(callforward_filter, bool, 0600);
44 MODULE_PARM_DESC(callforward_filter, "only create call forwarding expectations "
45 "if both endpoints are on different sides "
46 "(determined by routing information)");
47
48 /* Hooks for NAT */
49 int (*set_h245_addr_hook) (struct sk_buff ** pskb,
50 unsigned char **data, int dataoff,
51 H245_TransportAddress * addr,
52 __be32 ip, u_int16_t port);
53 int (*set_h225_addr_hook) (struct sk_buff ** pskb,
54 unsigned char **data, int dataoff,
55 TransportAddress * addr,
56 __be32 ip, u_int16_t port);
57 int (*set_sig_addr_hook) (struct sk_buff ** pskb,
58 struct ip_conntrack * ct,
59 enum ip_conntrack_info ctinfo,
60 unsigned char **data,
61 TransportAddress * addr, int count);
62 int (*set_ras_addr_hook) (struct sk_buff ** pskb,
63 struct ip_conntrack * ct,
64 enum ip_conntrack_info ctinfo,
65 unsigned char **data,
66 TransportAddress * addr, int count);
67 int (*nat_rtp_rtcp_hook) (struct sk_buff ** pskb,
68 struct ip_conntrack * ct,
69 enum ip_conntrack_info ctinfo,
70 unsigned char **data, int dataoff,
71 H245_TransportAddress * addr,
72 u_int16_t port, u_int16_t rtp_port,
73 struct ip_conntrack_expect * rtp_exp,
74 struct ip_conntrack_expect * rtcp_exp);
75 int (*nat_t120_hook) (struct sk_buff ** pskb,
76 struct ip_conntrack * ct,
77 enum ip_conntrack_info ctinfo,
78 unsigned char **data, int dataoff,
79 H245_TransportAddress * addr, u_int16_t port,
80 struct ip_conntrack_expect * exp);
81 int (*nat_h245_hook) (struct sk_buff ** pskb,
82 struct ip_conntrack * ct,
83 enum ip_conntrack_info ctinfo,
84 unsigned char **data, int dataoff,
85 TransportAddress * addr, u_int16_t port,
86 struct ip_conntrack_expect * exp);
87 int (*nat_callforwarding_hook) (struct sk_buff ** pskb,
88 struct ip_conntrack * ct,
89 enum ip_conntrack_info ctinfo,
90 unsigned char **data, int dataoff,
91 TransportAddress * addr, u_int16_t port,
92 struct ip_conntrack_expect * exp);
93 int (*nat_q931_hook) (struct sk_buff ** pskb,
94 struct ip_conntrack * ct,
95 enum ip_conntrack_info ctinfo,
96 unsigned char **data, TransportAddress * addr, int idx,
97 u_int16_t port, struct ip_conntrack_expect * exp);
98
99
100 static DEFINE_SPINLOCK(ip_h323_lock);
101 static char *h323_buffer;
102
103 /****************************************************************************/
104 static int get_tpkt_data(struct sk_buff **pskb, struct ip_conntrack *ct,
105 enum ip_conntrack_info ctinfo,
106 unsigned char **data, int *datalen, int *dataoff)
107 {
108 struct ip_ct_h323_master *info = &ct->help.ct_h323_info;
109 int dir = CTINFO2DIR(ctinfo);
110 struct tcphdr _tcph, *th;
111 int tcpdatalen;
112 int tcpdataoff;
113 unsigned char *tpkt;
114 int tpktlen;
115 int tpktoff;
116
117 /* Get TCP header */
118 th = skb_header_pointer(*pskb, ip_hdrlen(*pskb),
119 sizeof(_tcph), &_tcph);
120 if (th == NULL)
121 return 0;
122
123 /* Get TCP data offset */
124 tcpdataoff = ip_hdrlen(*pskb) + th->doff * 4;
125
126 /* Get TCP data length */
127 tcpdatalen = (*pskb)->len - tcpdataoff;
128 if (tcpdatalen <= 0) /* No TCP data */
129 goto clear_out;
130
131 if (*data == NULL) { /* first TPKT */
132 /* Get first TPKT pointer */
133 tpkt = skb_header_pointer(*pskb, tcpdataoff, tcpdatalen,
134 h323_buffer);
135 BUG_ON(tpkt == NULL);
136
137 /* Validate TPKT identifier */
138 if (tcpdatalen < 4 || tpkt[0] != 0x03 || tpkt[1] != 0) {
139 /* Netmeeting sends TPKT header and data separately */
140 if (info->tpkt_len[dir] > 0) {
141 DEBUGP("ip_ct_h323: previous packet "
142 "indicated separate TPKT data of %hu "
143 "bytes\n", info->tpkt_len[dir]);
144 if (info->tpkt_len[dir] <= tcpdatalen) {
145 /* Yes, there was a TPKT header
146 * received */
147 *data = tpkt;
148 *datalen = info->tpkt_len[dir];
149 *dataoff = 0;
150 goto out;
151 }
152
153 /* Fragmented TPKT */
154 if (net_ratelimit())
155 printk("ip_ct_h323: "
156 "fragmented TPKT\n");
157 goto clear_out;
158 }
159
160 /* It is not even a TPKT */
161 return 0;
162 }
163 tpktoff = 0;
164 } else { /* Next TPKT */
165 tpktoff = *dataoff + *datalen;
166 tcpdatalen -= tpktoff;
167 if (tcpdatalen <= 4) /* No more TPKT */
168 goto clear_out;
169 tpkt = *data + *datalen;
170
171 /* Validate TPKT identifier */
172 if (tpkt[0] != 0x03 || tpkt[1] != 0)
173 goto clear_out;
174 }
175
176 /* Validate TPKT length */
177 tpktlen = tpkt[2] * 256 + tpkt[3];
178 if (tpktlen < 4)
179 goto clear_out;
180 if (tpktlen > tcpdatalen) {
181 if (tcpdatalen == 4) { /* Separate TPKT header */
182 /* Netmeeting sends TPKT header and data separately */
183 DEBUGP("ip_ct_h323: separate TPKT header indicates "
184 "there will be TPKT data of %hu bytes\n",
185 tpktlen - 4);
186 info->tpkt_len[dir] = tpktlen - 4;
187 return 0;
188 }
189
190 if (net_ratelimit())
191 printk("ip_ct_h323: incomplete TPKT (fragmented?)\n");
192 goto clear_out;
193 }
194
195 /* This is the encapsulated data */
196 *data = tpkt + 4;
197 *datalen = tpktlen - 4;
198 *dataoff = tpktoff + 4;
199
200 out:
201 /* Clear TPKT length */
202 info->tpkt_len[dir] = 0;
203 return 1;
204
205 clear_out:
206 info->tpkt_len[dir] = 0;
207 return 0;
208 }
209
210 /****************************************************************************/
211 static int get_h245_addr(unsigned char *data, H245_TransportAddress * addr,
212 __be32 * ip, u_int16_t * port)
213 {
214 unsigned char *p;
215
216 if (addr->choice != eH245_TransportAddress_unicastAddress ||
217 addr->unicastAddress.choice != eUnicastAddress_iPAddress)
218 return 0;
219
220 p = data + addr->unicastAddress.iPAddress.network;
221 *ip = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | (p[3]));
222 *port = (p[4] << 8) | (p[5]);
223
224 return 1;
225 }
226
227 /****************************************************************************/
228 static int expect_rtp_rtcp(struct sk_buff **pskb, struct ip_conntrack *ct,
229 enum ip_conntrack_info ctinfo,
230 unsigned char **data, int dataoff,
231 H245_TransportAddress * addr)
232 {
233 int dir = CTINFO2DIR(ctinfo);
234 int ret = 0;
235 __be32 ip;
236 u_int16_t port;
237 u_int16_t rtp_port;
238 struct ip_conntrack_expect *rtp_exp;
239 struct ip_conntrack_expect *rtcp_exp;
240 typeof(nat_rtp_rtcp_hook) nat_rtp_rtcp;
241
242 /* Read RTP or RTCP address */
243 if (!get_h245_addr(*data, addr, &ip, &port) ||
244 ip != ct->tuplehash[dir].tuple.src.ip || port == 0)
245 return 0;
246
247 /* RTP port is even */
248 rtp_port = port & (~1);
249
250 /* Create expect for RTP */
251 if ((rtp_exp = ip_conntrack_expect_alloc(ct)) == NULL)
252 return -1;
253 rtp_exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
254 rtp_exp->tuple.src.u.udp.port = 0;
255 rtp_exp->tuple.dst.ip = ct->tuplehash[!dir].tuple.dst.ip;
256 rtp_exp->tuple.dst.u.udp.port = htons(rtp_port);
257 rtp_exp->tuple.dst.protonum = IPPROTO_UDP;
258 rtp_exp->mask.src.ip = htonl(0xFFFFFFFF);
259 rtp_exp->mask.src.u.udp.port = 0;
260 rtp_exp->mask.dst.ip = htonl(0xFFFFFFFF);
261 rtp_exp->mask.dst.u.udp.port = htons(0xFFFF);
262 rtp_exp->mask.dst.protonum = 0xFF;
263 rtp_exp->flags = 0;
264
265 /* Create expect for RTCP */
266 if ((rtcp_exp = ip_conntrack_expect_alloc(ct)) == NULL) {
267 ip_conntrack_expect_put(rtp_exp);
268 return -1;
269 }
270 rtcp_exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
271 rtcp_exp->tuple.src.u.udp.port = 0;
272 rtcp_exp->tuple.dst.ip = ct->tuplehash[!dir].tuple.dst.ip;
273 rtcp_exp->tuple.dst.u.udp.port = htons(rtp_port + 1);
274 rtcp_exp->tuple.dst.protonum = IPPROTO_UDP;
275 rtcp_exp->mask.src.ip = htonl(0xFFFFFFFF);
276 rtcp_exp->mask.src.u.udp.port = 0;
277 rtcp_exp->mask.dst.ip = htonl(0xFFFFFFFF);
278 rtcp_exp->mask.dst.u.udp.port = htons(0xFFFF);
279 rtcp_exp->mask.dst.protonum = 0xFF;
280 rtcp_exp->flags = 0;
281
282 if (ct->tuplehash[dir].tuple.src.ip !=
283 ct->tuplehash[!dir].tuple.dst.ip &&
284 (nat_rtp_rtcp = rcu_dereference(nat_rtp_rtcp_hook))) {
285 /* NAT needed */
286 ret = nat_rtp_rtcp(pskb, ct, ctinfo, data, dataoff,
287 addr, port, rtp_port, rtp_exp, rtcp_exp);
288 } else { /* Conntrack only */
289 rtp_exp->expectfn = NULL;
290 rtcp_exp->expectfn = NULL;
291
292 if (ip_conntrack_expect_related(rtp_exp) == 0) {
293 if (ip_conntrack_expect_related(rtcp_exp) == 0) {
294 DEBUGP("ip_ct_h323: expect RTP "
295 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
296 NIPQUAD(rtp_exp->tuple.src.ip),
297 ntohs(rtp_exp->tuple.src.u.udp.port),
298 NIPQUAD(rtp_exp->tuple.dst.ip),
299 ntohs(rtp_exp->tuple.dst.u.udp.port));
300 DEBUGP("ip_ct_h323: expect RTCP "
301 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
302 NIPQUAD(rtcp_exp->tuple.src.ip),
303 ntohs(rtcp_exp->tuple.src.u.udp.port),
304 NIPQUAD(rtcp_exp->tuple.dst.ip),
305 ntohs(rtcp_exp->tuple.dst.u.udp.port));
306 } else {
307 ip_conntrack_unexpect_related(rtp_exp);
308 ret = -1;
309 }
310 } else
311 ret = -1;
312 }
313
314 ip_conntrack_expect_put(rtp_exp);
315 ip_conntrack_expect_put(rtcp_exp);
316
317 return ret;
318 }
319
320 /****************************************************************************/
321 static int expect_t120(struct sk_buff **pskb,
322 struct ip_conntrack *ct,
323 enum ip_conntrack_info ctinfo,
324 unsigned char **data, int dataoff,
325 H245_TransportAddress * addr)
326 {
327 int dir = CTINFO2DIR(ctinfo);
328 int ret = 0;
329 __be32 ip;
330 u_int16_t port;
331 struct ip_conntrack_expect *exp = NULL;
332 typeof(nat_t120_hook) nat_t120;
333
334 /* Read T.120 address */
335 if (!get_h245_addr(*data, addr, &ip, &port) ||
336 ip != ct->tuplehash[dir].tuple.src.ip || port == 0)
337 return 0;
338
339 /* Create expect for T.120 connections */
340 if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
341 return -1;
342 exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
343 exp->tuple.src.u.tcp.port = 0;
344 exp->tuple.dst.ip = ct->tuplehash[!dir].tuple.dst.ip;
345 exp->tuple.dst.u.tcp.port = htons(port);
346 exp->tuple.dst.protonum = IPPROTO_TCP;
347 exp->mask.src.ip = htonl(0xFFFFFFFF);
348 exp->mask.src.u.tcp.port = 0;
349 exp->mask.dst.ip = htonl(0xFFFFFFFF);
350 exp->mask.dst.u.tcp.port = htons(0xFFFF);
351 exp->mask.dst.protonum = 0xFF;
352 exp->flags = IP_CT_EXPECT_PERMANENT; /* Accept multiple channels */
353
354 if (ct->tuplehash[dir].tuple.src.ip !=
355 ct->tuplehash[!dir].tuple.dst.ip &&
356 (nat_t120 = rcu_dereference(nat_t120_hook))) {
357 /* NAT needed */
358 ret = nat_t120(pskb, ct, ctinfo, data, dataoff, addr,
359 port, exp);
360 } else { /* Conntrack only */
361 exp->expectfn = NULL;
362 if (ip_conntrack_expect_related(exp) == 0) {
363 DEBUGP("ip_ct_h323: expect T.120 "
364 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
365 NIPQUAD(exp->tuple.src.ip),
366 ntohs(exp->tuple.src.u.tcp.port),
367 NIPQUAD(exp->tuple.dst.ip),
368 ntohs(exp->tuple.dst.u.tcp.port));
369 } else
370 ret = -1;
371 }
372
373 ip_conntrack_expect_put(exp);
374
375 return ret;
376 }
377
378 /****************************************************************************/
379 static int process_h245_channel(struct sk_buff **pskb,
380 struct ip_conntrack *ct,
381 enum ip_conntrack_info ctinfo,
382 unsigned char **data, int dataoff,
383 H2250LogicalChannelParameters * channel)
384 {
385 int ret;
386
387 if (channel->options & eH2250LogicalChannelParameters_mediaChannel) {
388 /* RTP */
389 ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff,
390 &channel->mediaChannel);
391 if (ret < 0)
392 return -1;
393 }
394
395 if (channel->
396 options & eH2250LogicalChannelParameters_mediaControlChannel) {
397 /* RTCP */
398 ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff,
399 &channel->mediaControlChannel);
400 if (ret < 0)
401 return -1;
402 }
403
404 return 0;
405 }
406
407 /****************************************************************************/
408 static int process_olc(struct sk_buff **pskb, struct ip_conntrack *ct,
409 enum ip_conntrack_info ctinfo,
410 unsigned char **data, int dataoff,
411 OpenLogicalChannel * olc)
412 {
413 int ret;
414
415 DEBUGP("ip_ct_h323: OpenLogicalChannel\n");
416
417 if (olc->forwardLogicalChannelParameters.multiplexParameters.choice ==
418 eOpenLogicalChannel_forwardLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)
419 {
420 ret = process_h245_channel(pskb, ct, ctinfo, data, dataoff,
421 &olc->
422 forwardLogicalChannelParameters.
423 multiplexParameters.
424 h2250LogicalChannelParameters);
425 if (ret < 0)
426 return -1;
427 }
428
429 if ((olc->options &
430 eOpenLogicalChannel_reverseLogicalChannelParameters) &&
431 (olc->reverseLogicalChannelParameters.options &
432 eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters)
433 && (olc->reverseLogicalChannelParameters.multiplexParameters.
434 choice ==
435 eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters))
436 {
437 ret =
438 process_h245_channel(pskb, ct, ctinfo, data, dataoff,
439 &olc->
440 reverseLogicalChannelParameters.
441 multiplexParameters.
442 h2250LogicalChannelParameters);
443 if (ret < 0)
444 return -1;
445 }
446
447 if ((olc->options & eOpenLogicalChannel_separateStack) &&
448 olc->forwardLogicalChannelParameters.dataType.choice ==
449 eDataType_data &&
450 olc->forwardLogicalChannelParameters.dataType.data.application.
451 choice == eDataApplicationCapability_application_t120 &&
452 olc->forwardLogicalChannelParameters.dataType.data.application.
453 t120.choice == eDataProtocolCapability_separateLANStack &&
454 olc->separateStack.networkAddress.choice ==
455 eNetworkAccessParameters_networkAddress_localAreaAddress) {
456 ret = expect_t120(pskb, ct, ctinfo, data, dataoff,
457 &olc->separateStack.networkAddress.
458 localAreaAddress);
459 if (ret < 0)
460 return -1;
461 }
462
463 return 0;
464 }
465
466 /****************************************************************************/
467 static int process_olca(struct sk_buff **pskb, struct ip_conntrack *ct,
468 enum ip_conntrack_info ctinfo,
469 unsigned char **data, int dataoff,
470 OpenLogicalChannelAck * olca)
471 {
472 H2250LogicalChannelAckParameters *ack;
473 int ret;
474
475 DEBUGP("ip_ct_h323: OpenLogicalChannelAck\n");
476
477 if ((olca->options &
478 eOpenLogicalChannelAck_reverseLogicalChannelParameters) &&
479 (olca->reverseLogicalChannelParameters.options &
480 eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters)
481 && (olca->reverseLogicalChannelParameters.multiplexParameters.
482 choice ==
483 eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters))
484 {
485 ret = process_h245_channel(pskb, ct, ctinfo, data, dataoff,
486 &olca->
487 reverseLogicalChannelParameters.
488 multiplexParameters.
489 h2250LogicalChannelParameters);
490 if (ret < 0)
491 return -1;
492 }
493
494 if ((olca->options &
495 eOpenLogicalChannelAck_forwardMultiplexAckParameters) &&
496 (olca->forwardMultiplexAckParameters.choice ==
497 eOpenLogicalChannelAck_forwardMultiplexAckParameters_h2250LogicalChannelAckParameters))
498 {
499 ack = &olca->forwardMultiplexAckParameters.
500 h2250LogicalChannelAckParameters;
501 if (ack->options &
502 eH2250LogicalChannelAckParameters_mediaChannel) {
503 /* RTP */
504 ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff,
505 &ack->mediaChannel);
506 if (ret < 0)
507 return -1;
508 }
509
510 if (ack->options &
511 eH2250LogicalChannelAckParameters_mediaControlChannel) {
512 /* RTCP */
513 ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff,
514 &ack->mediaControlChannel);
515 if (ret < 0)
516 return -1;
517 }
518 }
519
520 return 0;
521 }
522
523 /****************************************************************************/
524 static int process_h245(struct sk_buff **pskb, struct ip_conntrack *ct,
525 enum ip_conntrack_info ctinfo,
526 unsigned char **data, int dataoff,
527 MultimediaSystemControlMessage * mscm)
528 {
529 switch (mscm->choice) {
530 case eMultimediaSystemControlMessage_request:
531 if (mscm->request.choice ==
532 eRequestMessage_openLogicalChannel) {
533 return process_olc(pskb, ct, ctinfo, data, dataoff,
534 &mscm->request.openLogicalChannel);
535 }
536 DEBUGP("ip_ct_h323: H.245 Request %d\n",
537 mscm->request.choice);
538 break;
539 case eMultimediaSystemControlMessage_response:
540 if (mscm->response.choice ==
541 eResponseMessage_openLogicalChannelAck) {
542 return process_olca(pskb, ct, ctinfo, data, dataoff,
543 &mscm->response.
544 openLogicalChannelAck);
545 }
546 DEBUGP("ip_ct_h323: H.245 Response %d\n",
547 mscm->response.choice);
548 break;
549 default:
550 DEBUGP("ip_ct_h323: H.245 signal %d\n", mscm->choice);
551 break;
552 }
553
554 return 0;
555 }
556
557 /****************************************************************************/
558 static int h245_help(struct sk_buff **pskb, struct ip_conntrack *ct,
559 enum ip_conntrack_info ctinfo)
560 {
561 static MultimediaSystemControlMessage mscm;
562 unsigned char *data = NULL;
563 int datalen;
564 int dataoff;
565 int ret;
566
567 /* Until there's been traffic both ways, don't look in packets. */
568 if (ctinfo != IP_CT_ESTABLISHED
569 && ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) {
570 return NF_ACCEPT;
571 }
572 DEBUGP("ip_ct_h245: skblen = %u\n", (*pskb)->len);
573
574 spin_lock_bh(&ip_h323_lock);
575
576 /* Process each TPKT */
577 while (get_tpkt_data(pskb, ct, ctinfo, &data, &datalen, &dataoff)) {
578 DEBUGP("ip_ct_h245: TPKT %u.%u.%u.%u->%u.%u.%u.%u, len=%d\n",
579 NIPQUAD((*pskb)->nh.iph->saddr),
580 NIPQUAD((*pskb)->nh.iph->daddr), datalen);
581
582 /* Decode H.245 signal */
583 ret = DecodeMultimediaSystemControlMessage(data, datalen,
584 &mscm);
585 if (ret < 0) {
586 if (net_ratelimit())
587 printk("ip_ct_h245: decoding error: %s\n",
588 ret == H323_ERROR_BOUND ?
589 "out of bound" : "out of range");
590 /* We don't drop when decoding error */
591 break;
592 }
593
594 /* Process H.245 signal */
595 if (process_h245(pskb, ct, ctinfo, &data, dataoff, &mscm) < 0)
596 goto drop;
597 }
598
599 spin_unlock_bh(&ip_h323_lock);
600 return NF_ACCEPT;
601
602 drop:
603 spin_unlock_bh(&ip_h323_lock);
604 if (net_ratelimit())
605 printk("ip_ct_h245: packet dropped\n");
606 return NF_DROP;
607 }
608
609 /****************************************************************************/
610 static struct ip_conntrack_helper ip_conntrack_helper_h245 = {
611 .name = "H.245",
612 .me = THIS_MODULE,
613 .max_expected = H323_RTP_CHANNEL_MAX * 4 + 2 /* T.120 */ ,
614 .timeout = 240,
615 .tuple = {.dst = {.protonum = IPPROTO_TCP}},
616 .mask = {.src = {.u = {0xFFFF}},
617 .dst = {.protonum = 0xFF}},
618 .help = h245_help
619 };
620
621 /****************************************************************************/
622 void ip_conntrack_h245_expect(struct ip_conntrack *new,
623 struct ip_conntrack_expect *this)
624 {
625 write_lock_bh(&ip_conntrack_lock);
626 new->helper = &ip_conntrack_helper_h245;
627 write_unlock_bh(&ip_conntrack_lock);
628 }
629
630 /****************************************************************************/
631 int get_h225_addr(unsigned char *data, TransportAddress * addr,
632 __be32 * ip, u_int16_t * port)
633 {
634 unsigned char *p;
635
636 if (addr->choice != eTransportAddress_ipAddress)
637 return 0;
638
639 p = data + addr->ipAddress.ip;
640 *ip = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | (p[3]));
641 *port = (p[4] << 8) | (p[5]);
642
643 return 1;
644 }
645
646 /****************************************************************************/
647 static int expect_h245(struct sk_buff **pskb, struct ip_conntrack *ct,
648 enum ip_conntrack_info ctinfo,
649 unsigned char **data, int dataoff,
650 TransportAddress * addr)
651 {
652 int dir = CTINFO2DIR(ctinfo);
653 int ret = 0;
654 __be32 ip;
655 u_int16_t port;
656 struct ip_conntrack_expect *exp = NULL;
657 typeof(nat_h245_hook) nat_h245;
658
659 /* Read h245Address */
660 if (!get_h225_addr(*data, addr, &ip, &port) ||
661 ip != ct->tuplehash[dir].tuple.src.ip || port == 0)
662 return 0;
663
664 /* Create expect for h245 connection */
665 if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
666 return -1;
667 exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
668 exp->tuple.src.u.tcp.port = 0;
669 exp->tuple.dst.ip = ct->tuplehash[!dir].tuple.dst.ip;
670 exp->tuple.dst.u.tcp.port = htons(port);
671 exp->tuple.dst.protonum = IPPROTO_TCP;
672 exp->mask.src.ip = htonl(0xFFFFFFFF);
673 exp->mask.src.u.tcp.port = 0;
674 exp->mask.dst.ip = htonl(0xFFFFFFFF);
675 exp->mask.dst.u.tcp.port = htons(0xFFFF);
676 exp->mask.dst.protonum = 0xFF;
677 exp->flags = 0;
678
679 if (ct->tuplehash[dir].tuple.src.ip !=
680 ct->tuplehash[!dir].tuple.dst.ip &&
681 (nat_h245 = rcu_dereference(nat_h245_hook))) {
682 /* NAT needed */
683 ret = nat_h245(pskb, ct, ctinfo, data, dataoff, addr,
684 port, exp);
685 } else { /* Conntrack only */
686 exp->expectfn = ip_conntrack_h245_expect;
687
688 if (ip_conntrack_expect_related(exp) == 0) {
689 DEBUGP("ip_ct_q931: expect H.245 "
690 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
691 NIPQUAD(exp->tuple.src.ip),
692 ntohs(exp->tuple.src.u.tcp.port),
693 NIPQUAD(exp->tuple.dst.ip),
694 ntohs(exp->tuple.dst.u.tcp.port));
695 } else
696 ret = -1;
697 }
698
699 ip_conntrack_expect_put(exp);
700
701 return ret;
702 }
703
704 /* Forwarding declaration */
705 void ip_conntrack_q931_expect(struct ip_conntrack *new,
706 struct ip_conntrack_expect *this);
707
708 /****************************************************************************/
709 static int expect_callforwarding(struct sk_buff **pskb,
710 struct ip_conntrack *ct,
711 enum ip_conntrack_info ctinfo,
712 unsigned char **data, int dataoff,
713 TransportAddress * addr)
714 {
715 int dir = CTINFO2DIR(ctinfo);
716 int ret = 0;
717 __be32 ip;
718 u_int16_t port;
719 struct ip_conntrack_expect *exp = NULL;
720 typeof(nat_callforwarding_hook) nat_callforwarding;
721
722 /* Read alternativeAddress */
723 if (!get_h225_addr(*data, addr, &ip, &port) || port == 0)
724 return 0;
725
726 /* If the calling party is on the same side of the forward-to party,
727 * we don't need to track the second call */
728 if (callforward_filter) {
729 struct rtable *rt1, *rt2;
730 struct flowi fl1 = {
731 .fl4_dst = ip,
732 };
733 struct flowi fl2 = {
734 .fl4_dst = ct->tuplehash[!dir].tuple.src.ip,
735 };
736
737 if (ip_route_output_key(&rt1, &fl1) == 0) {
738 if (ip_route_output_key(&rt2, &fl2) == 0) {
739 if (rt1->rt_gateway == rt2->rt_gateway &&
740 rt1->u.dst.dev == rt2->u.dst.dev)
741 ret = 1;
742 dst_release(&rt2->u.dst);
743 }
744 dst_release(&rt1->u.dst);
745 }
746 if (ret) {
747 DEBUGP("ip_ct_q931: Call Forwarding not tracked\n");
748 return 0;
749 }
750 }
751
752 /* Create expect for the second call leg */
753 if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
754 return -1;
755 exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
756 exp->tuple.src.u.tcp.port = 0;
757 exp->tuple.dst.ip = ip;
758 exp->tuple.dst.u.tcp.port = htons(port);
759 exp->tuple.dst.protonum = IPPROTO_TCP;
760 exp->mask.src.ip = htonl(0xFFFFFFFF);
761 exp->mask.src.u.tcp.port = 0;
762 exp->mask.dst.ip = htonl(0xFFFFFFFF);
763 exp->mask.dst.u.tcp.port = htons(0xFFFF);
764 exp->mask.dst.protonum = 0xFF;
765 exp->flags = 0;
766
767 if (ct->tuplehash[dir].tuple.src.ip !=
768 ct->tuplehash[!dir].tuple.dst.ip &&
769 (nat_callforwarding = rcu_dereference(nat_callforwarding_hook))) {
770 /* Need NAT */
771 ret = nat_callforwarding(pskb, ct, ctinfo, data, dataoff,
772 addr, port, exp);
773 } else { /* Conntrack only */
774 exp->expectfn = ip_conntrack_q931_expect;
775
776 if (ip_conntrack_expect_related(exp) == 0) {
777 DEBUGP("ip_ct_q931: expect Call Forwarding "
778 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
779 NIPQUAD(exp->tuple.src.ip),
780 ntohs(exp->tuple.src.u.tcp.port),
781 NIPQUAD(exp->tuple.dst.ip),
782 ntohs(exp->tuple.dst.u.tcp.port));
783 } else
784 ret = -1;
785 }
786
787 ip_conntrack_expect_put(exp);
788
789 return ret;
790 }
791
792 /****************************************************************************/
793 static int process_setup(struct sk_buff **pskb, struct ip_conntrack *ct,
794 enum ip_conntrack_info ctinfo,
795 unsigned char **data, int dataoff,
796 Setup_UUIE * setup)
797 {
798 int dir = CTINFO2DIR(ctinfo);
799 int ret;
800 int i;
801 __be32 ip;
802 u_int16_t port;
803 typeof(set_h225_addr_hook) set_h225_addr;
804
805 DEBUGP("ip_ct_q931: Setup\n");
806
807 if (setup->options & eSetup_UUIE_h245Address) {
808 ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
809 &setup->h245Address);
810 if (ret < 0)
811 return -1;
812 }
813
814 set_h225_addr = rcu_dereference(set_h225_addr_hook);
815
816 if ((setup->options & eSetup_UUIE_destCallSignalAddress) &&
817 (set_h225_addr) &&
818 get_h225_addr(*data, &setup->destCallSignalAddress, &ip, &port) &&
819 ip != ct->tuplehash[!dir].tuple.src.ip) {
820 DEBUGP("ip_ct_q931: set destCallSignalAddress "
821 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
822 NIPQUAD(ip), port,
823 NIPQUAD(ct->tuplehash[!dir].tuple.src.ip),
824 ntohs(ct->tuplehash[!dir].tuple.src.u.tcp.port));
825 ret = set_h225_addr(pskb, data, dataoff,
826 &setup->destCallSignalAddress,
827 ct->tuplehash[!dir].tuple.src.ip,
828 ntohs(ct->tuplehash[!dir].tuple.src.
829 u.tcp.port));
830 if (ret < 0)
831 return -1;
832 }
833
834 if ((setup->options & eSetup_UUIE_sourceCallSignalAddress) &&
835 (set_h225_addr) &&
836 get_h225_addr(*data, &setup->sourceCallSignalAddress, &ip, &port)
837 && ip != ct->tuplehash[!dir].tuple.dst.ip) {
838 DEBUGP("ip_ct_q931: set sourceCallSignalAddress "
839 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
840 NIPQUAD(ip), port,
841 NIPQUAD(ct->tuplehash[!dir].tuple.dst.ip),
842 ntohs(ct->tuplehash[!dir].tuple.dst.u.tcp.port));
843 ret = set_h225_addr(pskb, data, dataoff,
844 &setup->sourceCallSignalAddress,
845 ct->tuplehash[!dir].tuple.dst.ip,
846 ntohs(ct->tuplehash[!dir].tuple.dst.
847 u.tcp.port));
848 if (ret < 0)
849 return -1;
850 }
851
852 if (setup->options & eSetup_UUIE_fastStart) {
853 for (i = 0; i < setup->fastStart.count; i++) {
854 ret = process_olc(pskb, ct, ctinfo, data, dataoff,
855 &setup->fastStart.item[i]);
856 if (ret < 0)
857 return -1;
858 }
859 }
860
861 return 0;
862 }
863
864 /****************************************************************************/
865 static int process_callproceeding(struct sk_buff **pskb,
866 struct ip_conntrack *ct,
867 enum ip_conntrack_info ctinfo,
868 unsigned char **data, int dataoff,
869 CallProceeding_UUIE * callproc)
870 {
871 int ret;
872 int i;
873
874 DEBUGP("ip_ct_q931: CallProceeding\n");
875
876 if (callproc->options & eCallProceeding_UUIE_h245Address) {
877 ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
878 &callproc->h245Address);
879 if (ret < 0)
880 return -1;
881 }
882
883 if (callproc->options & eCallProceeding_UUIE_fastStart) {
884 for (i = 0; i < callproc->fastStart.count; i++) {
885 ret = process_olc(pskb, ct, ctinfo, data, dataoff,
886 &callproc->fastStart.item[i]);
887 if (ret < 0)
888 return -1;
889 }
890 }
891
892 return 0;
893 }
894
895 /****************************************************************************/
896 static int process_connect(struct sk_buff **pskb, struct ip_conntrack *ct,
897 enum ip_conntrack_info ctinfo,
898 unsigned char **data, int dataoff,
899 Connect_UUIE * connect)
900 {
901 int ret;
902 int i;
903
904 DEBUGP("ip_ct_q931: Connect\n");
905
906 if (connect->options & eConnect_UUIE_h245Address) {
907 ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
908 &connect->h245Address);
909 if (ret < 0)
910 return -1;
911 }
912
913 if (connect->options & eConnect_UUIE_fastStart) {
914 for (i = 0; i < connect->fastStart.count; i++) {
915 ret = process_olc(pskb, ct, ctinfo, data, dataoff,
916 &connect->fastStart.item[i]);
917 if (ret < 0)
918 return -1;
919 }
920 }
921
922 return 0;
923 }
924
925 /****************************************************************************/
926 static int process_alerting(struct sk_buff **pskb, struct ip_conntrack *ct,
927 enum ip_conntrack_info ctinfo,
928 unsigned char **data, int dataoff,
929 Alerting_UUIE * alert)
930 {
931 int ret;
932 int i;
933
934 DEBUGP("ip_ct_q931: Alerting\n");
935
936 if (alert->options & eAlerting_UUIE_h245Address) {
937 ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
938 &alert->h245Address);
939 if (ret < 0)
940 return -1;
941 }
942
943 if (alert->options & eAlerting_UUIE_fastStart) {
944 for (i = 0; i < alert->fastStart.count; i++) {
945 ret = process_olc(pskb, ct, ctinfo, data, dataoff,
946 &alert->fastStart.item[i]);
947 if (ret < 0)
948 return -1;
949 }
950 }
951
952 return 0;
953 }
954
955 /****************************************************************************/
956 static int process_information(struct sk_buff **pskb,
957 struct ip_conntrack *ct,
958 enum ip_conntrack_info ctinfo,
959 unsigned char **data, int dataoff,
960 Information_UUIE * info)
961 {
962 int ret;
963 int i;
964
965 DEBUGP("ip_ct_q931: Information\n");
966
967 if (info->options & eInformation_UUIE_fastStart) {
968 for (i = 0; i < info->fastStart.count; i++) {
969 ret = process_olc(pskb, ct, ctinfo, data, dataoff,
970 &info->fastStart.item[i]);
971 if (ret < 0)
972 return -1;
973 }
974 }
975
976 return 0;
977 }
978
979 /****************************************************************************/
980 static int process_facility(struct sk_buff **pskb, struct ip_conntrack *ct,
981 enum ip_conntrack_info ctinfo,
982 unsigned char **data, int dataoff,
983 Facility_UUIE * facility)
984 {
985 int ret;
986 int i;
987
988 DEBUGP("ip_ct_q931: Facility\n");
989
990 if (facility->reason.choice == eFacilityReason_callForwarded) {
991 if (facility->options & eFacility_UUIE_alternativeAddress)
992 return expect_callforwarding(pskb, ct, ctinfo, data,
993 dataoff,
994 &facility->
995 alternativeAddress);
996 return 0;
997 }
998
999 if (facility->options & eFacility_UUIE_h245Address) {
1000 ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
1001 &facility->h245Address);
1002 if (ret < 0)
1003 return -1;
1004 }
1005
1006 if (facility->options & eFacility_UUIE_fastStart) {
1007 for (i = 0; i < facility->fastStart.count; i++) {
1008 ret = process_olc(pskb, ct, ctinfo, data, dataoff,
1009 &facility->fastStart.item[i]);
1010 if (ret < 0)
1011 return -1;
1012 }
1013 }
1014
1015 return 0;
1016 }
1017
1018 /****************************************************************************/
1019 static int process_progress(struct sk_buff **pskb, struct ip_conntrack *ct,
1020 enum ip_conntrack_info ctinfo,
1021 unsigned char **data, int dataoff,
1022 Progress_UUIE * progress)
1023 {
1024 int ret;
1025 int i;
1026
1027 DEBUGP("ip_ct_q931: Progress\n");
1028
1029 if (progress->options & eProgress_UUIE_h245Address) {
1030 ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
1031 &progress->h245Address);
1032 if (ret < 0)
1033 return -1;
1034 }
1035
1036 if (progress->options & eProgress_UUIE_fastStart) {
1037 for (i = 0; i < progress->fastStart.count; i++) {
1038 ret = process_olc(pskb, ct, ctinfo, data, dataoff,
1039 &progress->fastStart.item[i]);
1040 if (ret < 0)
1041 return -1;
1042 }
1043 }
1044
1045 return 0;
1046 }
1047
1048 /****************************************************************************/
1049 static int process_q931(struct sk_buff **pskb, struct ip_conntrack *ct,
1050 enum ip_conntrack_info ctinfo,
1051 unsigned char **data, int dataoff, Q931 * q931)
1052 {
1053 H323_UU_PDU *pdu = &q931->UUIE.h323_uu_pdu;
1054 int i;
1055 int ret = 0;
1056
1057 switch (pdu->h323_message_body.choice) {
1058 case eH323_UU_PDU_h323_message_body_setup:
1059 ret = process_setup(pskb, ct, ctinfo, data, dataoff,
1060 &pdu->h323_message_body.setup);
1061 break;
1062 case eH323_UU_PDU_h323_message_body_callProceeding:
1063 ret = process_callproceeding(pskb, ct, ctinfo, data, dataoff,
1064 &pdu->h323_message_body.
1065 callProceeding);
1066 break;
1067 case eH323_UU_PDU_h323_message_body_connect:
1068 ret = process_connect(pskb, ct, ctinfo, data, dataoff,
1069 &pdu->h323_message_body.connect);
1070 break;
1071 case eH323_UU_PDU_h323_message_body_alerting:
1072 ret = process_alerting(pskb, ct, ctinfo, data, dataoff,
1073 &pdu->h323_message_body.alerting);
1074 break;
1075 case eH323_UU_PDU_h323_message_body_information:
1076 ret = process_information(pskb, ct, ctinfo, data, dataoff,
1077 &pdu->h323_message_body.
1078 information);
1079 break;
1080 case eH323_UU_PDU_h323_message_body_facility:
1081 ret = process_facility(pskb, ct, ctinfo, data, dataoff,
1082 &pdu->h323_message_body.facility);
1083 break;
1084 case eH323_UU_PDU_h323_message_body_progress:
1085 ret = process_progress(pskb, ct, ctinfo, data, dataoff,
1086 &pdu->h323_message_body.progress);
1087 break;
1088 default:
1089 DEBUGP("ip_ct_q931: Q.931 signal %d\n",
1090 pdu->h323_message_body.choice);
1091 break;
1092 }
1093
1094 if (ret < 0)
1095 return -1;
1096
1097 if (pdu->options & eH323_UU_PDU_h245Control) {
1098 for (i = 0; i < pdu->h245Control.count; i++) {
1099 ret = process_h245(pskb, ct, ctinfo, data, dataoff,
1100 &pdu->h245Control.item[i]);
1101 if (ret < 0)
1102 return -1;
1103 }
1104 }
1105
1106 return 0;
1107 }
1108
1109 /****************************************************************************/
1110 static int q931_help(struct sk_buff **pskb, struct ip_conntrack *ct,
1111 enum ip_conntrack_info ctinfo)
1112 {
1113 static Q931 q931;
1114 unsigned char *data = NULL;
1115 int datalen;
1116 int dataoff;
1117 int ret;
1118
1119 /* Until there's been traffic both ways, don't look in packets. */
1120 if (ctinfo != IP_CT_ESTABLISHED
1121 && ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) {
1122 return NF_ACCEPT;
1123 }
1124 DEBUGP("ip_ct_q931: skblen = %u\n", (*pskb)->len);
1125
1126 spin_lock_bh(&ip_h323_lock);
1127
1128 /* Process each TPKT */
1129 while (get_tpkt_data(pskb, ct, ctinfo, &data, &datalen, &dataoff)) {
1130 DEBUGP("ip_ct_q931: TPKT %u.%u.%u.%u->%u.%u.%u.%u, len=%d\n",
1131 NIPQUAD((*pskb)->nh.iph->saddr),
1132 NIPQUAD((*pskb)->nh.iph->daddr), datalen);
1133
1134 /* Decode Q.931 signal */
1135 ret = DecodeQ931(data, datalen, &q931);
1136 if (ret < 0) {
1137 if (net_ratelimit())
1138 printk("ip_ct_q931: decoding error: %s\n",
1139 ret == H323_ERROR_BOUND ?
1140 "out of bound" : "out of range");
1141 /* We don't drop when decoding error */
1142 break;
1143 }
1144
1145 /* Process Q.931 signal */
1146 if (process_q931(pskb, ct, ctinfo, &data, dataoff, &q931) < 0)
1147 goto drop;
1148 }
1149
1150 spin_unlock_bh(&ip_h323_lock);
1151 return NF_ACCEPT;
1152
1153 drop:
1154 spin_unlock_bh(&ip_h323_lock);
1155 if (net_ratelimit())
1156 printk("ip_ct_q931: packet dropped\n");
1157 return NF_DROP;
1158 }
1159
1160 /****************************************************************************/
1161 static struct ip_conntrack_helper ip_conntrack_helper_q931 = {
1162 .name = "Q.931",
1163 .me = THIS_MODULE,
1164 .max_expected = H323_RTP_CHANNEL_MAX * 4 + 4 /* T.120 and H.245 */ ,
1165 .timeout = 240,
1166 .tuple = {.src = {.u = {.tcp = {.port = __constant_htons(Q931_PORT)}}},
1167 .dst = {.protonum = IPPROTO_TCP}},
1168 .mask = {.src = {.u = {0xFFFF}},
1169 .dst = {.protonum = 0xFF}},
1170 .help = q931_help
1171 };
1172
1173 /****************************************************************************/
1174 void ip_conntrack_q931_expect(struct ip_conntrack *new,
1175 struct ip_conntrack_expect *this)
1176 {
1177 write_lock_bh(&ip_conntrack_lock);
1178 new->helper = &ip_conntrack_helper_q931;
1179 write_unlock_bh(&ip_conntrack_lock);
1180 }
1181
1182 /****************************************************************************/
1183 static unsigned char *get_udp_data(struct sk_buff **pskb, int *datalen)
1184 {
1185 struct udphdr _uh, *uh;
1186 int dataoff;
1187
1188 uh = skb_header_pointer(*pskb, ip_hdrlen(*pskb), sizeof(_uh), &_uh);
1189 if (uh == NULL)
1190 return NULL;
1191 dataoff = ip_hdrlen(*pskb) + sizeof(_uh);
1192 if (dataoff >= (*pskb)->len)
1193 return NULL;
1194 *datalen = (*pskb)->len - dataoff;
1195 return skb_header_pointer(*pskb, dataoff, *datalen, h323_buffer);
1196 }
1197
1198 /****************************************************************************/
1199 static struct ip_conntrack_expect *find_expect(struct ip_conntrack *ct,
1200 __be32 ip, u_int16_t port)
1201 {
1202 struct ip_conntrack_expect *exp;
1203 struct ip_conntrack_tuple tuple;
1204
1205 tuple.src.ip = 0;
1206 tuple.src.u.tcp.port = 0;
1207 tuple.dst.ip = ip;
1208 tuple.dst.u.tcp.port = htons(port);
1209 tuple.dst.protonum = IPPROTO_TCP;
1210
1211 exp = __ip_conntrack_expect_find(&tuple);
1212 if (exp && exp->master == ct)
1213 return exp;
1214 return NULL;
1215 }
1216
1217 /****************************************************************************/
1218 static int set_expect_timeout(struct ip_conntrack_expect *exp,
1219 unsigned timeout)
1220 {
1221 if (!exp || !del_timer(&exp->timeout))
1222 return 0;
1223
1224 exp->timeout.expires = jiffies + timeout * HZ;
1225 add_timer(&exp->timeout);
1226
1227 return 1;
1228 }
1229
1230 /****************************************************************************/
1231 static int expect_q931(struct sk_buff **pskb, struct ip_conntrack *ct,
1232 enum ip_conntrack_info ctinfo,
1233 unsigned char **data,
1234 TransportAddress * addr, int count)
1235 {
1236 struct ip_ct_h323_master *info = &ct->help.ct_h323_info;
1237 int dir = CTINFO2DIR(ctinfo);
1238 int ret = 0;
1239 int i;
1240 __be32 ip;
1241 u_int16_t port;
1242 struct ip_conntrack_expect *exp;
1243 typeof(nat_q931_hook) nat_q931;
1244
1245 /* Look for the first related address */
1246 for (i = 0; i < count; i++) {
1247 if (get_h225_addr(*data, &addr[i], &ip, &port) &&
1248 ip == ct->tuplehash[dir].tuple.src.ip && port != 0)
1249 break;
1250 }
1251
1252 if (i >= count) /* Not found */
1253 return 0;
1254
1255 /* Create expect for Q.931 */
1256 if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
1257 return -1;
1258 exp->tuple.src.ip = gkrouted_only ? /* only accept calls from GK? */
1259 ct->tuplehash[!dir].tuple.src.ip : 0;
1260 exp->tuple.src.u.tcp.port = 0;
1261 exp->tuple.dst.ip = ct->tuplehash[!dir].tuple.dst.ip;
1262 exp->tuple.dst.u.tcp.port = htons(port);
1263 exp->tuple.dst.protonum = IPPROTO_TCP;
1264 exp->mask.src.ip = gkrouted_only ? htonl(0xFFFFFFFF) : 0;
1265 exp->mask.src.u.tcp.port = 0;
1266 exp->mask.dst.ip = htonl(0xFFFFFFFF);
1267 exp->mask.dst.u.tcp.port = htons(0xFFFF);
1268 exp->mask.dst.protonum = 0xFF;
1269 exp->flags = IP_CT_EXPECT_PERMANENT; /* Accept multiple calls */
1270
1271 nat_q931 = rcu_dereference(nat_q931_hook);
1272 if (nat_q931) { /* Need NAT */
1273 ret = nat_q931(pskb, ct, ctinfo, data, addr, i, port, exp);
1274 } else { /* Conntrack only */
1275 exp->expectfn = ip_conntrack_q931_expect;
1276
1277 if (ip_conntrack_expect_related(exp) == 0) {
1278 DEBUGP("ip_ct_ras: expect Q.931 "
1279 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
1280 NIPQUAD(exp->tuple.src.ip),
1281 ntohs(exp->tuple.src.u.tcp.port),
1282 NIPQUAD(exp->tuple.dst.ip),
1283 ntohs(exp->tuple.dst.u.tcp.port));
1284
1285 /* Save port for looking up expect in processing RCF */
1286 info->sig_port[dir] = port;
1287 } else
1288 ret = -1;
1289 }
1290
1291 ip_conntrack_expect_put(exp);
1292
1293 return ret;
1294 }
1295
1296 /****************************************************************************/
1297 static int process_grq(struct sk_buff **pskb, struct ip_conntrack *ct,
1298 enum ip_conntrack_info ctinfo,
1299 unsigned char **data, GatekeeperRequest * grq)
1300 {
1301 typeof(set_ras_addr_hook) set_ras_addr;
1302
1303 DEBUGP("ip_ct_ras: GRQ\n");
1304
1305 set_ras_addr = rcu_dereference(set_ras_addr_hook);
1306 if (set_ras_addr) /* NATed */
1307 return set_ras_addr(pskb, ct, ctinfo, data,
1308 &grq->rasAddress, 1);
1309 return 0;
1310 }
1311
1312 /* Declare before using */
1313 static void ip_conntrack_ras_expect(struct ip_conntrack *new,
1314 struct ip_conntrack_expect *this);
1315
1316 /****************************************************************************/
1317 static int process_gcf(struct sk_buff **pskb, struct ip_conntrack *ct,
1318 enum ip_conntrack_info ctinfo,
1319 unsigned char **data, GatekeeperConfirm * gcf)
1320 {
1321 int dir = CTINFO2DIR(ctinfo);
1322 int ret = 0;
1323 __be32 ip;
1324 u_int16_t port;
1325 struct ip_conntrack_expect *exp;
1326
1327 DEBUGP("ip_ct_ras: GCF\n");
1328
1329 if (!get_h225_addr(*data, &gcf->rasAddress, &ip, &port))
1330 return 0;
1331
1332 /* Registration port is the same as discovery port */
1333 if (ip == ct->tuplehash[dir].tuple.src.ip &&
1334 port == ntohs(ct->tuplehash[dir].tuple.src.u.udp.port))
1335 return 0;
1336
1337 /* Avoid RAS expectation loops. A GCF is never expected. */
1338 if (test_bit(IPS_EXPECTED_BIT, &ct->status))
1339 return 0;
1340
1341 /* Need new expect */
1342 if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
1343 return -1;
1344 exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
1345 exp->tuple.src.u.tcp.port = 0;
1346 exp->tuple.dst.ip = ip;
1347 exp->tuple.dst.u.tcp.port = htons(port);
1348 exp->tuple.dst.protonum = IPPROTO_UDP;
1349 exp->mask.src.ip = htonl(0xFFFFFFFF);
1350 exp->mask.src.u.tcp.port = 0;
1351 exp->mask.dst.ip = htonl(0xFFFFFFFF);
1352 exp->mask.dst.u.tcp.port = htons(0xFFFF);
1353 exp->mask.dst.protonum = 0xFF;
1354 exp->flags = 0;
1355 exp->expectfn = ip_conntrack_ras_expect;
1356 if (ip_conntrack_expect_related(exp) == 0) {
1357 DEBUGP("ip_ct_ras: expect RAS "
1358 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
1359 NIPQUAD(exp->tuple.src.ip),
1360 ntohs(exp->tuple.src.u.tcp.port),
1361 NIPQUAD(exp->tuple.dst.ip),
1362 ntohs(exp->tuple.dst.u.tcp.port));
1363 } else
1364 ret = -1;
1365
1366 ip_conntrack_expect_put(exp);
1367
1368 return ret;
1369 }
1370
1371 /****************************************************************************/
1372 static int process_rrq(struct sk_buff **pskb, struct ip_conntrack *ct,
1373 enum ip_conntrack_info ctinfo,
1374 unsigned char **data, RegistrationRequest * rrq)
1375 {
1376 struct ip_ct_h323_master *info = &ct->help.ct_h323_info;
1377 int ret;
1378 typeof(set_ras_addr_hook) set_ras_addr;
1379
1380 DEBUGP("ip_ct_ras: RRQ\n");
1381
1382 ret = expect_q931(pskb, ct, ctinfo, data,
1383 rrq->callSignalAddress.item,
1384 rrq->callSignalAddress.count);
1385 if (ret < 0)
1386 return -1;
1387
1388 set_ras_addr = rcu_dereference(set_ras_addr_hook);
1389 if (set_ras_addr) {
1390 ret = set_ras_addr(pskb, ct, ctinfo, data,
1391 rrq->rasAddress.item,
1392 rrq->rasAddress.count);
1393 if (ret < 0)
1394 return -1;
1395 }
1396
1397 if (rrq->options & eRegistrationRequest_timeToLive) {
1398 DEBUGP("ip_ct_ras: RRQ TTL = %u seconds\n", rrq->timeToLive);
1399 info->timeout = rrq->timeToLive;
1400 } else
1401 info->timeout = default_rrq_ttl;
1402
1403 return 0;
1404 }
1405
1406 /****************************************************************************/
1407 static int process_rcf(struct sk_buff **pskb, struct ip_conntrack *ct,
1408 enum ip_conntrack_info ctinfo,
1409 unsigned char **data, RegistrationConfirm * rcf)
1410 {
1411 struct ip_ct_h323_master *info = &ct->help.ct_h323_info;
1412 int dir = CTINFO2DIR(ctinfo);
1413 int ret;
1414 struct ip_conntrack_expect *exp;
1415 typeof(set_sig_addr_hook) set_sig_addr;
1416
1417 DEBUGP("ip_ct_ras: RCF\n");
1418
1419 set_sig_addr = rcu_dereference(set_sig_addr_hook);
1420 if (set_sig_addr) {
1421 ret = set_sig_addr(pskb, ct, ctinfo, data,
1422 rcf->callSignalAddress.item,
1423 rcf->callSignalAddress.count);
1424 if (ret < 0)
1425 return -1;
1426 }
1427
1428 if (rcf->options & eRegistrationConfirm_timeToLive) {
1429 DEBUGP("ip_ct_ras: RCF TTL = %u seconds\n", rcf->timeToLive);
1430 info->timeout = rcf->timeToLive;
1431 }
1432
1433 if (info->timeout > 0) {
1434 DEBUGP
1435 ("ip_ct_ras: set RAS connection timeout to %u seconds\n",
1436 info->timeout);
1437 ip_ct_refresh(ct, *pskb, info->timeout * HZ);
1438
1439 /* Set expect timeout */
1440 read_lock_bh(&ip_conntrack_lock);
1441 exp = find_expect(ct, ct->tuplehash[dir].tuple.dst.ip,
1442 info->sig_port[!dir]);
1443 if (exp) {
1444 DEBUGP("ip_ct_ras: set Q.931 expect "
1445 "(%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu) "
1446 "timeout to %u seconds\n",
1447 NIPQUAD(exp->tuple.src.ip),
1448 ntohs(exp->tuple.src.u.tcp.port),
1449 NIPQUAD(exp->tuple.dst.ip),
1450 ntohs(exp->tuple.dst.u.tcp.port),
1451 info->timeout);
1452 set_expect_timeout(exp, info->timeout);
1453 }
1454 read_unlock_bh(&ip_conntrack_lock);
1455 }
1456
1457 return 0;
1458 }
1459
1460 /****************************************************************************/
1461 static int process_urq(struct sk_buff **pskb, struct ip_conntrack *ct,
1462 enum ip_conntrack_info ctinfo,
1463 unsigned char **data, UnregistrationRequest * urq)
1464 {
1465 struct ip_ct_h323_master *info = &ct->help.ct_h323_info;
1466 int dir = CTINFO2DIR(ctinfo);
1467 int ret;
1468 typeof(set_sig_addr_hook) set_sig_addr;
1469
1470 DEBUGP("ip_ct_ras: URQ\n");
1471
1472 set_sig_addr = rcu_dereference(set_sig_addr_hook);
1473 if (set_sig_addr) {
1474 ret = set_sig_addr(pskb, ct, ctinfo, data,
1475 urq->callSignalAddress.item,
1476 urq->callSignalAddress.count);
1477 if (ret < 0)
1478 return -1;
1479 }
1480
1481 /* Clear old expect */
1482 ip_ct_remove_expectations(ct);
1483 info->sig_port[dir] = 0;
1484 info->sig_port[!dir] = 0;
1485
1486 /* Give it 30 seconds for UCF or URJ */
1487 ip_ct_refresh(ct, *pskb, 30 * HZ);
1488
1489 return 0;
1490 }
1491
1492 /****************************************************************************/
1493 static int process_arq(struct sk_buff **pskb, struct ip_conntrack *ct,
1494 enum ip_conntrack_info ctinfo,
1495 unsigned char **data, AdmissionRequest * arq)
1496 {
1497 struct ip_ct_h323_master *info = &ct->help.ct_h323_info;
1498 int dir = CTINFO2DIR(ctinfo);
1499 __be32 ip;
1500 u_int16_t port;
1501 typeof(set_h225_addr_hook) set_h225_addr;
1502
1503 DEBUGP("ip_ct_ras: ARQ\n");
1504
1505 set_h225_addr = rcu_dereference(set_h225_addr_hook);
1506 if ((arq->options & eAdmissionRequest_destCallSignalAddress) &&
1507 get_h225_addr(*data, &arq->destCallSignalAddress, &ip, &port) &&
1508 ip == ct->tuplehash[dir].tuple.src.ip &&
1509 port == info->sig_port[dir] && set_h225_addr) {
1510 /* Answering ARQ */
1511 return set_h225_addr(pskb, data, 0,
1512 &arq->destCallSignalAddress,
1513 ct->tuplehash[!dir].tuple.dst.ip,
1514 info->sig_port[!dir]);
1515 }
1516
1517 if ((arq->options & eAdmissionRequest_srcCallSignalAddress) &&
1518 get_h225_addr(*data, &arq->srcCallSignalAddress, &ip, &port) &&
1519 ip == ct->tuplehash[dir].tuple.src.ip && set_h225_addr) {
1520 /* Calling ARQ */
1521 return set_h225_addr(pskb, data, 0,
1522 &arq->srcCallSignalAddress,
1523 ct->tuplehash[!dir].tuple.dst.ip,
1524 port);
1525 }
1526
1527 return 0;
1528 }
1529
1530 /****************************************************************************/
1531 static int process_acf(struct sk_buff **pskb, struct ip_conntrack *ct,
1532 enum ip_conntrack_info ctinfo,
1533 unsigned char **data, AdmissionConfirm * acf)
1534 {
1535 int dir = CTINFO2DIR(ctinfo);
1536 int ret = 0;
1537 __be32 ip;
1538 u_int16_t port;
1539 struct ip_conntrack_expect *exp;
1540 typeof(set_sig_addr_hook) set_sig_addr;
1541
1542 DEBUGP("ip_ct_ras: ACF\n");
1543
1544 if (!get_h225_addr(*data, &acf->destCallSignalAddress, &ip, &port))
1545 return 0;
1546
1547 if (ip == ct->tuplehash[dir].tuple.dst.ip) { /* Answering ACF */
1548 set_sig_addr = rcu_dereference(set_sig_addr_hook);
1549 if (set_sig_addr)
1550 return set_sig_addr(pskb, ct, ctinfo, data,
1551 &acf->destCallSignalAddress, 1);
1552 return 0;
1553 }
1554
1555 /* Need new expect */
1556 if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
1557 return -1;
1558 exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
1559 exp->tuple.src.u.tcp.port = 0;
1560 exp->tuple.dst.ip = ip;
1561 exp->tuple.dst.u.tcp.port = htons(port);
1562 exp->tuple.dst.protonum = IPPROTO_TCP;
1563 exp->mask.src.ip = htonl(0xFFFFFFFF);
1564 exp->mask.src.u.tcp.port = 0;
1565 exp->mask.dst.ip = htonl(0xFFFFFFFF);
1566 exp->mask.dst.u.tcp.port = htons(0xFFFF);
1567 exp->mask.dst.protonum = 0xFF;
1568 exp->flags = IP_CT_EXPECT_PERMANENT;
1569 exp->expectfn = ip_conntrack_q931_expect;
1570
1571 if (ip_conntrack_expect_related(exp) == 0) {
1572 DEBUGP("ip_ct_ras: expect Q.931 "
1573 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
1574 NIPQUAD(exp->tuple.src.ip),
1575 ntohs(exp->tuple.src.u.tcp.port),
1576 NIPQUAD(exp->tuple.dst.ip),
1577 ntohs(exp->tuple.dst.u.tcp.port));
1578 } else
1579 ret = -1;
1580
1581 ip_conntrack_expect_put(exp);
1582
1583 return ret;
1584 }
1585
1586 /****************************************************************************/
1587 static int process_lrq(struct sk_buff **pskb, struct ip_conntrack *ct,
1588 enum ip_conntrack_info ctinfo,
1589 unsigned char **data, LocationRequest * lrq)
1590 {
1591 typeof(set_ras_addr_hook) set_ras_addr;
1592
1593 DEBUGP("ip_ct_ras: LRQ\n");
1594
1595 set_ras_addr = rcu_dereference(set_ras_addr_hook);
1596 if (set_ras_addr)
1597 return set_ras_addr(pskb, ct, ctinfo, data,
1598 &lrq->replyAddress, 1);
1599 return 0;
1600 }
1601
1602 /****************************************************************************/
1603 static int process_lcf(struct sk_buff **pskb, struct ip_conntrack *ct,
1604 enum ip_conntrack_info ctinfo,
1605 unsigned char **data, LocationConfirm * lcf)
1606 {
1607 int dir = CTINFO2DIR(ctinfo);
1608 int ret = 0;
1609 __be32 ip;
1610 u_int16_t port;
1611 struct ip_conntrack_expect *exp = NULL;
1612
1613 DEBUGP("ip_ct_ras: LCF\n");
1614
1615 if (!get_h225_addr(*data, &lcf->callSignalAddress, &ip, &port))
1616 return 0;
1617
1618 /* Need new expect for call signal */
1619 if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
1620 return -1;
1621 exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
1622 exp->tuple.src.u.tcp.port = 0;
1623 exp->tuple.dst.ip = ip;
1624 exp->tuple.dst.u.tcp.port = htons(port);
1625 exp->tuple.dst.protonum = IPPROTO_TCP;
1626 exp->mask.src.ip = htonl(0xFFFFFFFF);
1627 exp->mask.src.u.tcp.port = 0;
1628 exp->mask.dst.ip = htonl(0xFFFFFFFF);
1629 exp->mask.dst.u.tcp.port = htons(0xFFFF);
1630 exp->mask.dst.protonum = 0xFF;
1631 exp->flags = IP_CT_EXPECT_PERMANENT;
1632 exp->expectfn = ip_conntrack_q931_expect;
1633
1634 if (ip_conntrack_expect_related(exp) == 0) {
1635 DEBUGP("ip_ct_ras: expect Q.931 "
1636 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
1637 NIPQUAD(exp->tuple.src.ip),
1638 ntohs(exp->tuple.src.u.tcp.port),
1639 NIPQUAD(exp->tuple.dst.ip),
1640 ntohs(exp->tuple.dst.u.tcp.port));
1641 } else
1642 ret = -1;
1643
1644 ip_conntrack_expect_put(exp);
1645
1646 /* Ignore rasAddress */
1647
1648 return ret;
1649 }
1650
1651 /****************************************************************************/
1652 static int process_irr(struct sk_buff **pskb, struct ip_conntrack *ct,
1653 enum ip_conntrack_info ctinfo,
1654 unsigned char **data, InfoRequestResponse * irr)
1655 {
1656 int ret;
1657 typeof(set_ras_addr_hook) set_ras_addr;
1658 typeof(set_sig_addr_hook) set_sig_addr;
1659
1660 DEBUGP("ip_ct_ras: IRR\n");
1661
1662 set_ras_addr = rcu_dereference(set_ras_addr_hook);
1663 if (set_ras_addr) {
1664 ret = set_ras_addr(pskb, ct, ctinfo, data,
1665 &irr->rasAddress, 1);
1666 if (ret < 0)
1667 return -1;
1668 }
1669
1670 set_sig_addr = rcu_dereference(set_sig_addr_hook);
1671 if (set_sig_addr) {
1672 ret = set_sig_addr(pskb, ct, ctinfo, data,
1673 irr->callSignalAddress.item,
1674 irr->callSignalAddress.count);
1675 if (ret < 0)
1676 return -1;
1677 }
1678
1679 return 0;
1680 }
1681
1682 /****************************************************************************/
1683 static int process_ras(struct sk_buff **pskb, struct ip_conntrack *ct,
1684 enum ip_conntrack_info ctinfo,
1685 unsigned char **data, RasMessage * ras)
1686 {
1687 switch (ras->choice) {
1688 case eRasMessage_gatekeeperRequest:
1689 return process_grq(pskb, ct, ctinfo, data,
1690 &ras->gatekeeperRequest);
1691 case eRasMessage_gatekeeperConfirm:
1692 return process_gcf(pskb, ct, ctinfo, data,
1693 &ras->gatekeeperConfirm);
1694 case eRasMessage_registrationRequest:
1695 return process_rrq(pskb, ct, ctinfo, data,
1696 &ras->registrationRequest);
1697 case eRasMessage_registrationConfirm:
1698 return process_rcf(pskb, ct, ctinfo, data,
1699 &ras->registrationConfirm);
1700 case eRasMessage_unregistrationRequest:
1701 return process_urq(pskb, ct, ctinfo, data,
1702 &ras->unregistrationRequest);
1703 case eRasMessage_admissionRequest:
1704 return process_arq(pskb, ct, ctinfo, data,
1705 &ras->admissionRequest);
1706 case eRasMessage_admissionConfirm:
1707 return process_acf(pskb, ct, ctinfo, data,
1708 &ras->admissionConfirm);
1709 case eRasMessage_locationRequest:
1710 return process_lrq(pskb, ct, ctinfo, data,
1711 &ras->locationRequest);
1712 case eRasMessage_locationConfirm:
1713 return process_lcf(pskb, ct, ctinfo, data,
1714 &ras->locationConfirm);
1715 case eRasMessage_infoRequestResponse:
1716 return process_irr(pskb, ct, ctinfo, data,
1717 &ras->infoRequestResponse);
1718 default:
1719 DEBUGP("ip_ct_ras: RAS message %d\n", ras->choice);
1720 break;
1721 }
1722
1723 return 0;
1724 }
1725
1726 /****************************************************************************/
1727 static int ras_help(struct sk_buff **pskb, struct ip_conntrack *ct,
1728 enum ip_conntrack_info ctinfo)
1729 {
1730 static RasMessage ras;
1731 unsigned char *data;
1732 int datalen = 0;
1733 int ret;
1734
1735 DEBUGP("ip_ct_ras: skblen = %u\n", (*pskb)->len);
1736
1737 spin_lock_bh(&ip_h323_lock);
1738
1739 /* Get UDP data */
1740 data = get_udp_data(pskb, &datalen);
1741 if (data == NULL)
1742 goto accept;
1743 DEBUGP("ip_ct_ras: RAS message %u.%u.%u.%u->%u.%u.%u.%u, len=%d\n",
1744 NIPQUAD((*pskb)->nh.iph->saddr),
1745 NIPQUAD((*pskb)->nh.iph->daddr), datalen);
1746
1747 /* Decode RAS message */
1748 ret = DecodeRasMessage(data, datalen, &ras);
1749 if (ret < 0) {
1750 if (net_ratelimit())
1751 printk("ip_ct_ras: decoding error: %s\n",
1752 ret == H323_ERROR_BOUND ?
1753 "out of bound" : "out of range");
1754 goto accept;
1755 }
1756
1757 /* Process RAS message */
1758 if (process_ras(pskb, ct, ctinfo, &data, &ras) < 0)
1759 goto drop;
1760
1761 accept:
1762 spin_unlock_bh(&ip_h323_lock);
1763 return NF_ACCEPT;
1764
1765 drop:
1766 spin_unlock_bh(&ip_h323_lock);
1767 if (net_ratelimit())
1768 printk("ip_ct_ras: packet dropped\n");
1769 return NF_DROP;
1770 }
1771
1772 /****************************************************************************/
1773 static struct ip_conntrack_helper ip_conntrack_helper_ras = {
1774 .name = "RAS",
1775 .me = THIS_MODULE,
1776 .max_expected = 32,
1777 .timeout = 240,
1778 .tuple = {.src = {.u = {.tcp = {.port = __constant_htons(RAS_PORT)}}},
1779 .dst = {.protonum = IPPROTO_UDP}},
1780 .mask = {.src = {.u = {0xFFFE}},
1781 .dst = {.protonum = 0xFF}},
1782 .help = ras_help,
1783 };
1784
1785 /****************************************************************************/
1786 static void ip_conntrack_ras_expect(struct ip_conntrack *new,
1787 struct ip_conntrack_expect *this)
1788 {
1789 write_lock_bh(&ip_conntrack_lock);
1790 new->helper = &ip_conntrack_helper_ras;
1791 write_unlock_bh(&ip_conntrack_lock);
1792 }
1793
1794 /****************************************************************************/
1795 /* Not __exit - called from init() */
1796 static void fini(void)
1797 {
1798 ip_conntrack_helper_unregister(&ip_conntrack_helper_ras);
1799 ip_conntrack_helper_unregister(&ip_conntrack_helper_q931);
1800 kfree(h323_buffer);
1801 DEBUGP("ip_ct_h323: fini\n");
1802 }
1803
1804 /****************************************************************************/
1805 static int __init init(void)
1806 {
1807 int ret;
1808
1809 h323_buffer = kmalloc(65536, GFP_KERNEL);
1810 if (!h323_buffer)
1811 return -ENOMEM;
1812 if ((ret = ip_conntrack_helper_register(&ip_conntrack_helper_q931)) ||
1813 (ret = ip_conntrack_helper_register(&ip_conntrack_helper_ras))) {
1814 fini();
1815 return ret;
1816 }
1817 DEBUGP("ip_ct_h323: init success\n");
1818 return 0;
1819 }
1820
1821 /****************************************************************************/
1822 module_init(init);
1823 module_exit(fini);
1824
1825 EXPORT_SYMBOL_GPL(get_h225_addr);
1826 EXPORT_SYMBOL_GPL(ip_conntrack_h245_expect);
1827 EXPORT_SYMBOL_GPL(ip_conntrack_q931_expect);
1828 EXPORT_SYMBOL_GPL(set_h245_addr_hook);
1829 EXPORT_SYMBOL_GPL(set_h225_addr_hook);
1830 EXPORT_SYMBOL_GPL(set_sig_addr_hook);
1831 EXPORT_SYMBOL_GPL(set_ras_addr_hook);
1832 EXPORT_SYMBOL_GPL(nat_rtp_rtcp_hook);
1833 EXPORT_SYMBOL_GPL(nat_t120_hook);
1834 EXPORT_SYMBOL_GPL(nat_h245_hook);
1835 EXPORT_SYMBOL_GPL(nat_callforwarding_hook);
1836 EXPORT_SYMBOL_GPL(nat_q931_hook);
1837
1838 MODULE_AUTHOR("Jing Min Zhao <zhaojingmin@users.sourceforge.net>");
1839 MODULE_DESCRIPTION("H.323 connection tracking helper");
1840 MODULE_LICENSE("GPL");