1 /*
2 * H.323 connection tracking helper
3 *
4 * Copyright (c) 2006 Jing Min Zhao <zhaojingmin@users.sourceforge.net>
5 *
6 * This source code is licensed under General Public License version 2.
7 *
8 * Based on the 'brute force' H.323 connection tracking module by
9 * Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
10 *
11 * For more information, please see http://nath323.sourceforge.net/
12 */
13
14 #include <linux/module.h>
15 #include <linux/moduleparam.h>
16 #include <linux/ctype.h>
17 #include <linux/inet.h>
18 #include <linux/in.h>
19 #include <linux/ip.h>
20 #include <linux/udp.h>
21 #include <linux/tcp.h>
22 #include <linux/skbuff.h>
23 #include <net/route.h>
24 #include <net/ip6_route.h>
25
26 #include <net/netfilter/nf_conntrack.h>
27 #include <net/netfilter/nf_conntrack_core.h>
28 #include <net/netfilter/nf_conntrack_tuple.h>
29 #include <net/netfilter/nf_conntrack_expect.h>
30 #include <net/netfilter/nf_conntrack_ecache.h>
31 #include <net/netfilter/nf_conntrack_helper.h>
32 #include <linux/netfilter/nf_conntrack_h323.h>
33
34 /* Parameters */
35 static unsigned int default_rrq_ttl __read_mostly = 300;
36 module_param(default_rrq_ttl, uint, 0600);
37 MODULE_PARM_DESC(default_rrq_ttl, "use this TTL if it's missing in RRQ");
38
39 static int gkrouted_only __read_mostly = 1;
40 module_param(gkrouted_only, int, 0600);
41 MODULE_PARM_DESC(gkrouted_only, "only accept calls from gatekeeper");
42
43 static int callforward_filter __read_mostly = 1;
44 module_param(callforward_filter, bool, 0600);
45 MODULE_PARM_DESC(callforward_filter, "only create call forwarding expectations "
46 "if both endpoints are on different sides "
47 "(determined by routing information)");
48
49 /* Hooks for NAT */
50 int (*set_h245_addr_hook) (struct sk_buff *skb,
51 unsigned char **data, int dataoff,
52 H245_TransportAddress *taddr,
53 union nf_inet_addr *addr, __be16 port)
54 __read_mostly;
55 int (*set_h225_addr_hook) (struct sk_buff *skb,
56 unsigned char **data, int dataoff,
57 TransportAddress *taddr,
58 union nf_inet_addr *addr, __be16 port)
59 __read_mostly;
60 int (*set_sig_addr_hook) (struct sk_buff *skb,
61 struct nf_conn *ct,
62 enum ip_conntrack_info ctinfo,
63 unsigned char **data,
64 TransportAddress *taddr, int count) __read_mostly;
65 int (*set_ras_addr_hook) (struct sk_buff *skb,
66 struct nf_conn *ct,
67 enum ip_conntrack_info ctinfo,
68 unsigned char **data,
69 TransportAddress *taddr, int count) __read_mostly;
70 int (*nat_rtp_rtcp_hook) (struct sk_buff *skb,
71 struct nf_conn *ct,
72 enum ip_conntrack_info ctinfo,
73 unsigned char **data, int dataoff,
74 H245_TransportAddress *taddr,
75 __be16 port, __be16 rtp_port,
76 struct nf_conntrack_expect *rtp_exp,
77 struct nf_conntrack_expect *rtcp_exp) __read_mostly;
78 int (*nat_t120_hook) (struct sk_buff *skb,
79 struct nf_conn *ct,
80 enum ip_conntrack_info ctinfo,
81 unsigned char **data, int dataoff,
82 H245_TransportAddress *taddr, __be16 port,
83 struct nf_conntrack_expect *exp) __read_mostly;
84 int (*nat_h245_hook) (struct sk_buff *skb,
85 struct nf_conn *ct,
86 enum ip_conntrack_info ctinfo,
87 unsigned char **data, int dataoff,
88 TransportAddress *taddr, __be16 port,
89 struct nf_conntrack_expect *exp) __read_mostly;
90 int (*nat_callforwarding_hook) (struct sk_buff *skb,
91 struct nf_conn *ct,
92 enum ip_conntrack_info ctinfo,
93 unsigned char **data, int dataoff,
94 TransportAddress *taddr, __be16 port,
95 struct nf_conntrack_expect *exp) __read_mostly;
96 int (*nat_q931_hook) (struct sk_buff *skb,
97 struct nf_conn *ct,
98 enum ip_conntrack_info ctinfo,
99 unsigned char **data, TransportAddress *taddr, int idx,
100 __be16 port, struct nf_conntrack_expect *exp)
101 __read_mostly;
102
103 static DEFINE_SPINLOCK(nf_h323_lock);
104 static char *h323_buffer;
105
106 static struct nf_conntrack_helper nf_conntrack_helper_h245;
107 static struct nf_conntrack_helper nf_conntrack_helper_q931[];
108 static struct nf_conntrack_helper nf_conntrack_helper_ras[];
109
110 /****************************************************************************/
111 static int get_tpkt_data(struct sk_buff *skb, unsigned int protoff,
112 struct nf_conn *ct, enum ip_conntrack_info ctinfo,
113 unsigned char **data, int *datalen, int *dataoff)
114 {
115 struct nf_ct_h323_master *info = &nfct_help(ct)->help.ct_h323_info;
116 int dir = CTINFO2DIR(ctinfo);
117 const struct tcphdr *th;
118 struct tcphdr _tcph;
119 int tcpdatalen;
120 int tcpdataoff;
121 unsigned char *tpkt;
122 int tpktlen;
123 int tpktoff;
124
125 /* Get TCP header */
126 th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph);
127 if (th == NULL)
128 return 0;
129
130 /* Get TCP data offset */
131 tcpdataoff = protoff + th->doff * 4;
132
133 /* Get TCP data length */
134 tcpdatalen = skb->len - tcpdataoff;
135 if (tcpdatalen <= 0) /* No TCP data */
136 goto clear_out;
137
138 if (*data == NULL) { /* first TPKT */
139 /* Get first TPKT pointer */
140 tpkt = skb_header_pointer(skb, tcpdataoff, tcpdatalen,
141 h323_buffer);
142 BUG_ON(tpkt == NULL);
143
144 /* Validate TPKT identifier */
145 if (tcpdatalen < 4 || tpkt[0] != 0x03 || tpkt[1] != 0) {
146 /* Netmeeting sends TPKT header and data separately */
147 if (info->tpkt_len[dir] > 0) {
148 pr_debug("nf_ct_h323: previous packet "
149 "indicated separate TPKT data of %hu "
150 "bytes\n", info->tpkt_len[dir]);
151 if (info->tpkt_len[dir] <= tcpdatalen) {
152 /* Yes, there was a TPKT header
153 * received */
154 *data = tpkt;
155 *datalen = info->tpkt_len[dir];
156 *dataoff = 0;
157 goto out;
158 }
159
160 /* Fragmented TPKT */
161 pr_debug("nf_ct_h323: fragmented TPKT\n");
162 goto clear_out;
163 }
164
165 /* It is not even a TPKT */
166 return 0;
167 }
168 tpktoff = 0;
169 } else { /* Next TPKT */
170 tpktoff = *dataoff + *datalen;
171 tcpdatalen -= tpktoff;
172 if (tcpdatalen <= 4) /* No more TPKT */
173 goto clear_out;
174 tpkt = *data + *datalen;
175
176 /* Validate TPKT identifier */
177 if (tpkt[0] != 0x03 || tpkt[1] != 0)
178 goto clear_out;
179 }
180
181 /* Validate TPKT length */
182 tpktlen = tpkt[2] * 256 + tpkt[3];
183 if (tpktlen < 4)
184 goto clear_out;
185 if (tpktlen > tcpdatalen) {
186 if (tcpdatalen == 4) { /* Separate TPKT header */
187 /* Netmeeting sends TPKT header and data separately */
188 pr_debug("nf_ct_h323: separate TPKT header indicates "
189 "there will be TPKT data of %hu bytes\n",
190 tpktlen - 4);
191 info->tpkt_len[dir] = tpktlen - 4;
192 return 0;
193 }
194
195 if (net_ratelimit())
196 printk("nf_ct_h323: incomplete TPKT (fragmented?)\n");
197 goto clear_out;
198 }
199
200 /* This is the encapsulated data */
201 *data = tpkt + 4;
202 *datalen = tpktlen - 4;
203 *dataoff = tpktoff + 4;
204
205 out:
206 /* Clear TPKT length */
207 info->tpkt_len[dir] = 0;
208 return 1;
209
210 clear_out:
211 info->tpkt_len[dir] = 0;
212 return 0;
213 }
214
215 /****************************************************************************/
216 static int get_h245_addr(struct nf_conn *ct, const unsigned char *data,
217 H245_TransportAddress *taddr,
218 union nf_inet_addr *addr, __be16 *port)
219 {
220 const unsigned char *p;
221 int family = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num;
222 int len;
223
224 if (taddr->choice != eH245_TransportAddress_unicastAddress)
225 return 0;
226
227 switch (taddr->unicastAddress.choice) {
228 case eUnicastAddress_iPAddress:
229 if (family != AF_INET)
230 return 0;
231 p = data + taddr->unicastAddress.iPAddress.network;
232 len = 4;
233 break;
234 case eUnicastAddress_iP6Address:
235 if (family != AF_INET6)
236 return 0;
237 p = data + taddr->unicastAddress.iP6Address.network;
238 len = 16;
239 break;
240 default:
241 return 0;
242 }
243
244 memcpy(addr, p, len);
245 memset((void *)addr + len, 0, sizeof(*addr) - len);
246 memcpy(port, p + len, sizeof(__be16));
247
248 return 1;
249 }
250
251 /****************************************************************************/
252 static int expect_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
253 enum ip_conntrack_info ctinfo,
254 unsigned char **data, int dataoff,
255 H245_TransportAddress *taddr)
256 {
257 int dir = CTINFO2DIR(ctinfo);
258 int ret = 0;
259 __be16 port;
260 __be16 rtp_port, rtcp_port;
261 union nf_inet_addr addr;
262 struct nf_conntrack_expect *rtp_exp;
263 struct nf_conntrack_expect *rtcp_exp;
264 typeof(nat_rtp_rtcp_hook) nat_rtp_rtcp;
265
266 /* Read RTP or RTCP address */
267 if (!get_h245_addr(ct, *data, taddr, &addr, &port) ||
268 memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) ||
269 port == 0)
270 return 0;
271
272 /* RTP port is even */
273 port &= htons(~1);
274 rtp_port = port;
275 rtcp_port = htons(ntohs(port) + 1);
276
277 /* Create expect for RTP */
278 if ((rtp_exp = nf_ct_expect_alloc(ct)) == NULL)
279 return -1;
280 nf_ct_expect_init(rtp_exp, ct->tuplehash[!dir].tuple.src.l3num,
281 &ct->tuplehash[!dir].tuple.src.u3,
282 &ct->tuplehash[!dir].tuple.dst.u3,
283 IPPROTO_UDP, NULL, &rtp_port);
284
285 /* Create expect for RTCP */
286 if ((rtcp_exp = nf_ct_expect_alloc(ct)) == NULL) {
287 nf_ct_expect_put(rtp_exp);
288 return -1;
289 }
290 nf_ct_expect_init(rtcp_exp, ct->tuplehash[!dir].tuple.src.l3num,
291 &ct->tuplehash[!dir].tuple.src.u3,
292 &ct->tuplehash[!dir].tuple.dst.u3,
293 IPPROTO_UDP, NULL, &rtcp_port);
294
295 if (memcmp(&ct->tuplehash[dir].tuple.src.u3,
296 &ct->tuplehash[!dir].tuple.dst.u3,
297 sizeof(ct->tuplehash[dir].tuple.src.u3)) &&
298 (nat_rtp_rtcp = rcu_dereference(nat_rtp_rtcp_hook)) &&
299 ct->status & IPS_NAT_MASK) {
300 /* NAT needed */
301 ret = nat_rtp_rtcp(skb, ct, ctinfo, data, dataoff,
302 taddr, port, rtp_port, rtp_exp, rtcp_exp);
303 } else { /* Conntrack only */
304 if (nf_ct_expect_related(rtp_exp) == 0) {
305 if (nf_ct_expect_related(rtcp_exp) == 0) {
306 pr_debug("nf_ct_h323: expect RTP ");
307 NF_CT_DUMP_TUPLE(&rtp_exp->tuple);
308 pr_debug("nf_ct_h323: expect RTCP ");
309 NF_CT_DUMP_TUPLE(&rtcp_exp->tuple);
310 } else {
311 nf_ct_unexpect_related(rtp_exp);
312 ret = -1;
313 }
314 } else
315 ret = -1;
316 }
317
318 nf_ct_expect_put(rtp_exp);
319 nf_ct_expect_put(rtcp_exp);
320
321 return ret;
322 }
323
324 /****************************************************************************/
325 static int expect_t120(struct sk_buff *skb,
326 struct nf_conn *ct,
327 enum ip_conntrack_info ctinfo,
328 unsigned char **data, int dataoff,
329 H245_TransportAddress *taddr)
330 {
331 int dir = CTINFO2DIR(ctinfo);
332 int ret = 0;
333 __be16 port;
334 union nf_inet_addr addr;
335 struct nf_conntrack_expect *exp;
336 typeof(nat_t120_hook) nat_t120;
337
338 /* Read T.120 address */
339 if (!get_h245_addr(ct, *data, taddr, &addr, &port) ||
340 memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) ||
341 port == 0)
342 return 0;
343
344 /* Create expect for T.120 connections */
345 if ((exp = nf_ct_expect_alloc(ct)) == NULL)
346 return -1;
347 nf_ct_expect_init(exp, ct->tuplehash[!dir].tuple.src.l3num,
348 &ct->tuplehash[!dir].tuple.src.u3,
349 &ct->tuplehash[!dir].tuple.dst.u3,
350 IPPROTO_TCP, NULL, &port);
351 exp->flags = NF_CT_EXPECT_PERMANENT; /* Accept multiple channels */
352
353 if (memcmp(&ct->tuplehash[dir].tuple.src.u3,
354 &ct->tuplehash[!dir].tuple.dst.u3,
355 sizeof(ct->tuplehash[dir].tuple.src.u3)) &&
356 (nat_t120 = rcu_dereference(nat_t120_hook)) &&
357 ct->status & IPS_NAT_MASK) {
358 /* NAT needed */
359 ret = nat_t120(skb, ct, ctinfo, data, dataoff, taddr,
360 port, exp);
361 } else { /* Conntrack only */
362 if (nf_ct_expect_related(exp) == 0) {
363 pr_debug("nf_ct_h323: expect T.120 ");
364 NF_CT_DUMP_TUPLE(&exp->tuple);
365 } else
366 ret = -1;
367 }
368
369 nf_ct_expect_put(exp);
370
371 return ret;
372 }
373
374 /****************************************************************************/
375 static int process_h245_channel(struct sk_buff *skb,
376 struct nf_conn *ct,
377 enum ip_conntrack_info ctinfo,
378 unsigned char **data, int dataoff,
379 H2250LogicalChannelParameters *channel)
380 {
381 int ret;
382
383 if (channel->options & eH2250LogicalChannelParameters_mediaChannel) {
384 /* RTP */
385 ret = expect_rtp_rtcp(skb, ct, ctinfo, data, dataoff,
386 &channel->mediaChannel);
387 if (ret < 0)
388 return -1;
389 }
390
391 if (channel->
392 options & eH2250LogicalChannelParameters_mediaControlChannel) {
393 /* RTCP */
394 ret = expect_rtp_rtcp(skb, ct, ctinfo, data, dataoff,
395 &channel->mediaControlChannel);
396 if (ret < 0)
397 return -1;
398 }
399
400 return 0;
401 }
402
403 /****************************************************************************/
404 static int process_olc(struct sk_buff *skb, struct nf_conn *ct,
405 enum ip_conntrack_info ctinfo,
406 unsigned char **data, int dataoff,
407 OpenLogicalChannel *olc)
408 {
409 int ret;
410
411 pr_debug("nf_ct_h323: OpenLogicalChannel\n");
412
413 if (olc->forwardLogicalChannelParameters.multiplexParameters.choice ==
414 eOpenLogicalChannel_forwardLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)
415 {
416 ret = process_h245_channel(skb, ct, ctinfo, data, dataoff,
417 &olc->
418 forwardLogicalChannelParameters.
419 multiplexParameters.
420 h2250LogicalChannelParameters);
421 if (ret < 0)
422 return -1;
423 }
424
425 if ((olc->options &
426 eOpenLogicalChannel_reverseLogicalChannelParameters) &&
427 (olc->reverseLogicalChannelParameters.options &
428 eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters)
429 && (olc->reverseLogicalChannelParameters.multiplexParameters.
430 choice ==
431 eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters))
432 {
433 ret =
434 process_h245_channel(skb, ct, ctinfo, data, dataoff,
435 &olc->
436 reverseLogicalChannelParameters.
437 multiplexParameters.
438 h2250LogicalChannelParameters);
439 if (ret < 0)
440 return -1;
441 }
442
443 if ((olc->options & eOpenLogicalChannel_separateStack) &&
444 olc->forwardLogicalChannelParameters.dataType.choice ==
445 eDataType_data &&
446 olc->forwardLogicalChannelParameters.dataType.data.application.
447 choice == eDataApplicationCapability_application_t120 &&
448 olc->forwardLogicalChannelParameters.dataType.data.application.
449 t120.choice == eDataProtocolCapability_separateLANStack &&
450 olc->separateStack.networkAddress.choice ==
451 eNetworkAccessParameters_networkAddress_localAreaAddress) {
452 ret = expect_t120(skb, ct, ctinfo, data, dataoff,
453 &olc->separateStack.networkAddress.
454 localAreaAddress);
455 if (ret < 0)
456 return -1;
457 }
458
459 return 0;
460 }
461
462 /****************************************************************************/
463 static int process_olca(struct sk_buff *skb, struct nf_conn *ct,
464 enum ip_conntrack_info ctinfo,
465 unsigned char **data, int dataoff,
466 OpenLogicalChannelAck *olca)
467 {
468 H2250LogicalChannelAckParameters *ack;
469 int ret;
470
471 pr_debug("nf_ct_h323: OpenLogicalChannelAck\n");
472
473 if ((olca->options &
474 eOpenLogicalChannelAck_reverseLogicalChannelParameters) &&
475 (olca->reverseLogicalChannelParameters.options &
476 eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters)
477 && (olca->reverseLogicalChannelParameters.multiplexParameters.
478 choice ==
479 eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters))
480 {
481 ret = process_h245_channel(skb, ct, ctinfo, data, dataoff,
482 &olca->
483 reverseLogicalChannelParameters.
484 multiplexParameters.
485 h2250LogicalChannelParameters);
486 if (ret < 0)
487 return -1;
488 }
489
490 if ((olca->options &
491 eOpenLogicalChannelAck_forwardMultiplexAckParameters) &&
492 (olca->forwardMultiplexAckParameters.choice ==
493 eOpenLogicalChannelAck_forwardMultiplexAckParameters_h2250LogicalChannelAckParameters))
494 {
495 ack = &olca->forwardMultiplexAckParameters.
496 h2250LogicalChannelAckParameters;
497 if (ack->options &
498 eH2250LogicalChannelAckParameters_mediaChannel) {
499 /* RTP */
500 ret = expect_rtp_rtcp(skb, ct, ctinfo, data, dataoff,
501 &ack->mediaChannel);
502 if (ret < 0)
503 return -1;
504 }
505
506 if (ack->options &
507 eH2250LogicalChannelAckParameters_mediaControlChannel) {
508 /* RTCP */
509 ret = expect_rtp_rtcp(skb, ct, ctinfo, data, dataoff,
510 &ack->mediaControlChannel);
511 if (ret < 0)
512 return -1;
513 }
514 }
515
516 if ((olca->options & eOpenLogicalChannelAck_separateStack) &&
517 olca->separateStack.networkAddress.choice ==
518 eNetworkAccessParameters_networkAddress_localAreaAddress) {
519 ret = expect_t120(skb, ct, ctinfo, data, dataoff,
520 &olca->separateStack.networkAddress.
521 localAreaAddress);
522 if (ret < 0)
523 return -1;
524 }
525
526 return 0;
527 }
528
529 /****************************************************************************/
530 static int process_h245(struct sk_buff *skb, struct nf_conn *ct,
531 enum ip_conntrack_info ctinfo,
532 unsigned char **data, int dataoff,
533 MultimediaSystemControlMessage *mscm)
534 {
535 switch (mscm->choice) {
536 case eMultimediaSystemControlMessage_request:
537 if (mscm->request.choice ==
538 eRequestMessage_openLogicalChannel) {
539 return process_olc(skb, ct, ctinfo, data, dataoff,
540 &mscm->request.openLogicalChannel);
541 }
542 pr_debug("nf_ct_h323: H.245 Request %d\n",
543 mscm->request.choice);
544 break;
545 case eMultimediaSystemControlMessage_response:
546 if (mscm->response.choice ==
547 eResponseMessage_openLogicalChannelAck) {
548 return process_olca(skb, ct, ctinfo, data, dataoff,
549 &mscm->response.
550 openLogicalChannelAck);
551 }
552 pr_debug("nf_ct_h323: H.245 Response %d\n",
553 mscm->response.choice);
554 break;
555 default:
556 pr_debug("nf_ct_h323: H.245 signal %d\n", mscm->choice);
557 break;
558 }
559
560 return 0;
561 }
562
563 /****************************************************************************/
564 static int h245_help(struct sk_buff *skb, unsigned int protoff,
565 struct nf_conn *ct, enum ip_conntrack_info ctinfo)
566 {
567 static MultimediaSystemControlMessage mscm;
568 unsigned char *data = NULL;
569 int datalen;
570 int dataoff;
571 int ret;
572
573 /* Until there's been traffic both ways, don't look in packets. */
574 if (ctinfo != IP_CT_ESTABLISHED &&
575 ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) {
576 return NF_ACCEPT;
577 }
578 pr_debug("nf_ct_h245: skblen = %u\n", skb->len);
579
580 spin_lock_bh(&nf_h323_lock);
581
582 /* Process each TPKT */
583 while (get_tpkt_data(skb, protoff, ct, ctinfo,
584 &data, &datalen, &dataoff)) {
585 pr_debug("nf_ct_h245: TPKT len=%d ", datalen);
586 NF_CT_DUMP_TUPLE(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple);
587
588 /* Decode H.245 signal */
589 ret = DecodeMultimediaSystemControlMessage(data, datalen,
590 &mscm);
591 if (ret < 0) {
592 pr_debug("nf_ct_h245: decoding error: %s\n",
593 ret == H323_ERROR_BOUND ?
594 "out of bound" : "out of range");
595 /* We don't drop when decoding error */
596 break;
597 }
598
599 /* Process H.245 signal */
600 if (process_h245(skb, ct, ctinfo, &data, dataoff, &mscm) < 0)
601 goto drop;
602 }
603
604 spin_unlock_bh(&nf_h323_lock);
605 return NF_ACCEPT;
606
607 drop:
608 spin_unlock_bh(&nf_h323_lock);
609 if (net_ratelimit())
610 printk("nf_ct_h245: packet dropped\n");
611 return NF_DROP;
612 }
613
614 /****************************************************************************/
615 static struct nf_conntrack_helper nf_conntrack_helper_h245 __read_mostly = {
616 .name = "H.245",
617 .me = THIS_MODULE,
618 .max_expected = H323_RTP_CHANNEL_MAX * 4 + 2 /* T.120 */,
619 .timeout = 240,
620 .tuple.src.l3num = AF_UNSPEC,
621 .tuple.dst.protonum = IPPROTO_UDP,
622 .help = h245_help
623 };
624
625 /****************************************************************************/
626 int get_h225_addr(struct nf_conn *ct, unsigned char *data,
627 TransportAddress *taddr,
628 union nf_inet_addr *addr, __be16 *port)
629 {
630 const unsigned char *p;
631 int family = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num;
632 int len;
633
634 switch (taddr->choice) {
635 case eTransportAddress_ipAddress:
636 if (family != AF_INET)
637 return 0;
638 p = data + taddr->ipAddress.ip;
639 len = 4;
640 break;
641 case eTransportAddress_ip6Address:
642 if (family != AF_INET6)
643 return 0;
644 p = data + taddr->ip6Address.ip;
645 len = 16;
646 break;
647 default:
648 return 0;
649 }
650
651 memcpy(addr, p, len);
652 memset((void *)addr + len, 0, sizeof(*addr) - len);
653 memcpy(port, p + len, sizeof(__be16));
654
655 return 1;
656 }
657
658 /****************************************************************************/
659 static int expect_h245(struct sk_buff *skb, struct nf_conn *ct,
660 enum ip_conntrack_info ctinfo,
661 unsigned char **data, int dataoff,
662 TransportAddress *taddr)
663 {
664 int dir = CTINFO2DIR(ctinfo);
665 int ret = 0;
666 __be16 port;
667 union nf_inet_addr addr;
668 struct nf_conntrack_expect *exp;
669 typeof(nat_h245_hook) nat_h245;
670
671 /* Read h245Address */
672 if (!get_h225_addr(ct, *data, taddr, &addr, &port) ||
673 memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) ||
674 port == 0)
675 return 0;
676
677 /* Create expect for h245 connection */
678 if ((exp = nf_ct_expect_alloc(ct)) == NULL)
679 return -1;
680 nf_ct_expect_init(exp, ct->tuplehash[!dir].tuple.src.l3num,
681 &ct->tuplehash[!dir].tuple.src.u3,
682 &ct->tuplehash[!dir].tuple.dst.u3,
683 IPPROTO_TCP, NULL, &port);
684 exp->helper = &nf_conntrack_helper_h245;
685
686 if (memcmp(&ct->tuplehash[dir].tuple.src.u3,
687 &ct->tuplehash[!dir].tuple.dst.u3,
688 sizeof(ct->tuplehash[dir].tuple.src.u3)) &&
689 (nat_h245 = rcu_dereference(nat_h245_hook)) &&
690 ct->status & IPS_NAT_MASK) {
691 /* NAT needed */
692 ret = nat_h245(skb, ct, ctinfo, data, dataoff, taddr,
693 port, exp);
694 } else { /* Conntrack only */
695 if (nf_ct_expect_related(exp) == 0) {
696 pr_debug("nf_ct_q931: expect H.245 ");
697 NF_CT_DUMP_TUPLE(&exp->tuple);
698 } else
699 ret = -1;
700 }
701
702 nf_ct_expect_put(exp);
703
704 return ret;
705 }
706
707 /* If the calling party is on the same side of the forward-to party,
708 * we don't need to track the second call */
709 static int callforward_do_filter(const union nf_inet_addr *src,
710 const union nf_inet_addr *dst, int family)
711 {
712 const struct nf_afinfo *afinfo;
713 struct flowi fl1, fl2;
714 int ret = 0;
715
716 /* rcu_read_lock()ed by nf_hook_slow() */
717 afinfo = nf_get_afinfo(family);
718 if (!afinfo)
719 return 0;
720
721 memset(&fl1, 0, sizeof(fl1));
722 memset(&fl2, 0, sizeof(fl2));
723
724 switch (family) {
725 case AF_INET: {
726 struct rtable *rt1, *rt2;
727
728 fl1.fl4_dst = src->ip;
729 fl2.fl4_dst = dst->ip;
730 if (!afinfo->route((struct dst_entry **)&rt1, &fl1)) {
731 if (!afinfo->route((struct dst_entry **)&rt2, &fl2)) {
732 if (rt1->rt_gateway == rt2->rt_gateway &&
733 rt1->u.dst.dev == rt2->u.dst.dev)
734 ret = 1;
735 dst_release(&rt2->u.dst);
736 }
737 dst_release(&rt1->u.dst);
738 }
739 break;
740 }
741 #if defined(CONFIG_NF_CONNTRACK_IPV6) || \
742 defined(CONFIG_NF_CONNTRACK_IPV6_MODULE)
743 case AF_INET6: {
744 struct rt6_info *rt1, *rt2;
745
746 memcpy(&fl1.fl6_dst, src, sizeof(fl1.fl6_dst));
747 memcpy(&fl2.fl6_dst, dst, sizeof(fl2.fl6_dst));
748 if (!afinfo->route((struct dst_entry **)&rt1, &fl1)) {
749 if (!afinfo->route((struct dst_entry **)&rt2, &fl2)) {
750 if (!memcmp(&rt1->rt6i_gateway, &rt2->rt6i_gateway,
751 sizeof(rt1->rt6i_gateway)) &&
752 rt1->u.dst.dev == rt2->u.dst.dev)
753 ret = 1;
754 dst_release(&rt2->u.dst);
755 }
756 dst_release(&rt1->u.dst);
757 }
758 break;
759 }
760 #endif
761 }
762 return ret;
763
764 }
765
766 /****************************************************************************/
767 static int expect_callforwarding(struct sk_buff *skb,
768 struct nf_conn *ct,
769 enum ip_conntrack_info ctinfo,
770 unsigned char **data, int dataoff,
771 TransportAddress *taddr)
772 {
773 int dir = CTINFO2DIR(ctinfo);
774 int ret = 0;
775 __be16 port;
776 union nf_inet_addr addr;
777 struct nf_conntrack_expect *exp;
778 typeof(nat_callforwarding_hook) nat_callforwarding;
779
780 /* Read alternativeAddress */
781 if (!get_h225_addr(ct, *data, taddr, &addr, &port) || port == 0)
782 return 0;
783
784 /* If the calling party is on the same side of the forward-to party,
785 * we don't need to track the second call */
786 if (callforward_filter &&
787 callforward_do_filter(&addr, &ct->tuplehash[!dir].tuple.src.u3,
788 ct->tuplehash[!dir].tuple.src.l3num)) {
789 pr_debug("nf_ct_q931: Call Forwarding not tracked\n");
790 return 0;
791 }
792
793 /* Create expect for the second call leg */
794 if ((exp = nf_ct_expect_alloc(ct)) == NULL)
795 return -1;
796 nf_ct_expect_init(exp, ct->tuplehash[!dir].tuple.src.l3num,
797 &ct->tuplehash[!dir].tuple.src.u3, &addr,
798 IPPROTO_TCP, NULL, &port);
799 exp->helper = nf_conntrack_helper_q931;
800
801 if (memcmp(&ct->tuplehash[dir].tuple.src.u3,
802 &ct->tuplehash[!dir].tuple.dst.u3,
803 sizeof(ct->tuplehash[dir].tuple.src.u3)) &&
804 (nat_callforwarding = rcu_dereference(nat_callforwarding_hook)) &&
805 ct->status & IPS_NAT_MASK) {
806 /* Need NAT */
807 ret = nat_callforwarding(skb, ct, ctinfo, data, dataoff,
808 taddr, port, exp);
809 } else { /* Conntrack only */
810 if (nf_ct_expect_related(exp) == 0) {
811 pr_debug("nf_ct_q931: expect Call Forwarding ");
812 NF_CT_DUMP_TUPLE(&exp->tuple);
813 } else
814 ret = -1;
815 }
816
817 nf_ct_expect_put(exp);
818
819 return ret;
820 }
821
822 /****************************************************************************/
823 static int process_setup(struct sk_buff *skb, struct nf_conn *ct,
824 enum ip_conntrack_info ctinfo,
825 unsigned char **data, int dataoff,
826 Setup_UUIE *setup)
827 {
828 int dir = CTINFO2DIR(ctinfo);
829 int ret;
830 int i;
831 __be16 port;
832 union nf_inet_addr addr;
833 typeof(set_h225_addr_hook) set_h225_addr;
834
835 pr_debug("nf_ct_q931: Setup\n");
836
837 if (setup->options & eSetup_UUIE_h245Address) {
838 ret = expect_h245(skb, ct, ctinfo, data, dataoff,
839 &setup->h245Address);
840 if (ret < 0)
841 return -1;
842 }
843
844 set_h225_addr = rcu_dereference(set_h225_addr_hook);
845 if ((setup->options & eSetup_UUIE_destCallSignalAddress) &&
846 (set_h225_addr) && ct->status & IPS_NAT_MASK &&
847 get_h225_addr(ct, *data, &setup->destCallSignalAddress,
848 &addr, &port) &&
849 memcmp(&addr, &ct->tuplehash[!dir].tuple.src.u3, sizeof(addr))) {
850 pr_debug("nf_ct_q931: set destCallSignalAddress "
851 NIP6_FMT ":%hu->" NIP6_FMT ":%hu\n",
852 NIP6(*(struct in6_addr *)&addr), ntohs(port),
853 NIP6(*(struct in6_addr *)&ct->tuplehash[!dir].tuple.src.u3),
854 ntohs(ct->tuplehash[!dir].tuple.src.u.tcp.port));
855 ret = set_h225_addr(skb, data, dataoff,
856 &setup->destCallSignalAddress,
857 &ct->tuplehash[!dir].tuple.src.u3,
858 ct->tuplehash[!dir].tuple.src.u.tcp.port);
859 if (ret < 0)
860 return -1;
861 }
862
863 if ((setup->options & eSetup_UUIE_sourceCallSignalAddress) &&
864 (set_h225_addr) && ct->status & IPS_NAT_MASK &&
865 get_h225_addr(ct, *data, &setup->sourceCallSignalAddress,
866 &addr, &port) &&
867 memcmp(&addr, &ct->tuplehash[!dir].tuple.dst.u3, sizeof(addr))) {
868 pr_debug("nf_ct_q931: set sourceCallSignalAddress "
869 NIP6_FMT ":%hu->" NIP6_FMT ":%hu\n",
870 NIP6(*(struct in6_addr *)&addr), ntohs(port),
871 NIP6(*(struct in6_addr *)&ct->tuplehash[!dir].tuple.dst.u3),
872 ntohs(ct->tuplehash[!dir].tuple.dst.u.tcp.port));
873 ret = set_h225_addr(skb, data, dataoff,
874 &setup->sourceCallSignalAddress,
875 &ct->tuplehash[!dir].tuple.dst.u3,
876 ct->tuplehash[!dir].tuple.dst.u.tcp.port);
877 if (ret < 0)
878 return -1;
879 }
880
881 if (setup->options & eSetup_UUIE_fastStart) {
882 for (i = 0; i < setup->fastStart.count; i++) {
883 ret = process_olc(skb, ct, ctinfo, data, dataoff,
884 &setup->fastStart.item[i]);
885 if (ret < 0)
886 return -1;
887 }
888 }
889
890 return 0;
891 }
892
893 /****************************************************************************/
894 static int process_callproceeding(struct sk_buff *skb,
895 struct nf_conn *ct,
896 enum ip_conntrack_info ctinfo,
897 unsigned char **data, int dataoff,
898 CallProceeding_UUIE *callproc)
899 {
900 int ret;
901 int i;
902
903 pr_debug("nf_ct_q931: CallProceeding\n");
904
905 if (callproc->options & eCallProceeding_UUIE_h245Address) {
906 ret = expect_h245(skb, ct, ctinfo, data, dataoff,
907 &callproc->h245Address);
908 if (ret < 0)
909 return -1;
910 }
911
912 if (callproc->options & eCallProceeding_UUIE_fastStart) {
913 for (i = 0; i < callproc->fastStart.count; i++) {
914 ret = process_olc(skb, ct, ctinfo, data, dataoff,
915 &callproc->fastStart.item[i]);
916 if (ret < 0)
917 return -1;
918 }
919 }
920
921 return 0;
922 }
923
924 /****************************************************************************/
925 static int process_connect(struct sk_buff *skb, struct nf_conn *ct,
926 enum ip_conntrack_info ctinfo,
927 unsigned char **data, int dataoff,
928 Connect_UUIE *connect)
929 {
930 int ret;
931 int i;
932
933 pr_debug("nf_ct_q931: Connect\n");
934
935 if (connect->options & eConnect_UUIE_h245Address) {
936 ret = expect_h245(skb, ct, ctinfo, data, dataoff,
937 &connect->h245Address);
938 if (ret < 0)
939 return -1;
940 }
941
942 if (connect->options & eConnect_UUIE_fastStart) {
943 for (i = 0; i < connect->fastStart.count; i++) {
944 ret = process_olc(skb, ct, ctinfo, data, dataoff,
945 &connect->fastStart.item[i]);
946 if (ret < 0)
947 return -1;
948 }
949 }
950
951 return 0;
952 }
953
954 /****************************************************************************/
955 static int process_alerting(struct sk_buff *skb, struct nf_conn *ct,
956 enum ip_conntrack_info ctinfo,
957 unsigned char **data, int dataoff,
958 Alerting_UUIE *alert)
959 {
960 int ret;
961 int i;
962
963 pr_debug("nf_ct_q931: Alerting\n");
964
965 if (alert->options & eAlerting_UUIE_h245Address) {
966 ret = expect_h245(skb, ct, ctinfo, data, dataoff,
967 &alert->h245Address);
968 if (ret < 0)
969 return -1;
970 }
971
972 if (alert->options & eAlerting_UUIE_fastStart) {
973 for (i = 0; i < alert->fastStart.count; i++) {
974 ret = process_olc(skb, ct, ctinfo, data, dataoff,
975 &alert->fastStart.item[i]);
976 if (ret < 0)
977 return -1;
978 }
979 }
980
981 return 0;
982 }
983
984 /****************************************************************************/
985 static int process_facility(struct sk_buff *skb, struct nf_conn *ct,
986 enum ip_conntrack_info ctinfo,
987 unsigned char **data, int dataoff,
988 Facility_UUIE *facility)
989 {
990 int ret;
991 int i;
992
993 pr_debug("nf_ct_q931: Facility\n");
994
995 if (facility->reason.choice == eFacilityReason_callForwarded) {
996 if (facility->options & eFacility_UUIE_alternativeAddress)
997 return expect_callforwarding(skb, ct, ctinfo, data,
998 dataoff,
999 &facility->
1000 alternativeAddress);
1001 return 0;
1002 }
1003
1004 if (facility->options & eFacility_UUIE_h245Address) {
1005 ret = expect_h245(skb, ct, ctinfo, data, dataoff,
1006 &facility->h245Address);
1007 if (ret < 0)
1008 return -1;
1009 }
1010
1011 if (facility->options & eFacility_UUIE_fastStart) {
1012 for (i = 0; i < facility->fastStart.count; i++) {
1013 ret = process_olc(skb, ct, ctinfo, data, dataoff,
1014 &facility->fastStart.item[i]);
1015 if (ret < 0)
1016 return -1;
1017 }
1018 }
1019
1020 return 0;
1021 }
1022
1023 /****************************************************************************/
1024 static int process_progress(struct sk_buff *skb, struct nf_conn *ct,
1025 enum ip_conntrack_info ctinfo,
1026 unsigned char **data, int dataoff,
1027 Progress_UUIE *progress)
1028 {
1029 int ret;
1030 int i;
1031
1032 pr_debug("nf_ct_q931: Progress\n");
1033
1034 if (progress->options & eProgress_UUIE_h245Address) {
1035 ret = expect_h245(skb, ct, ctinfo, data, dataoff,
1036 &progress->h245Address);
1037 if (ret < 0)
1038 return -1;
1039 }
1040
1041 if (progress->options & eProgress_UUIE_fastStart) {
1042 for (i = 0; i < progress->fastStart.count; i++) {
1043 ret = process_olc(skb, ct, ctinfo, data, dataoff,
1044 &progress->fastStart.item[i]);
1045 if (ret < 0)
1046 return -1;
1047 }
1048 }
1049
1050 return 0;
1051 }
1052
1053 /****************************************************************************/
1054 static int process_q931(struct sk_buff *skb, struct nf_conn *ct,
1055 enum ip_conntrack_info ctinfo,
1056 unsigned char **data, int dataoff, Q931 *q931)
1057 {
1058 H323_UU_PDU *pdu = &q931->UUIE.h323_uu_pdu;
1059 int i;
1060 int ret = 0;
1061
1062 switch (pdu->h323_message_body.choice) {
1063 case eH323_UU_PDU_h323_message_body_setup:
1064 ret = process_setup(skb, ct, ctinfo, data, dataoff,
1065 &pdu->h323_message_body.setup);
1066 break;
1067 case eH323_UU_PDU_h323_message_body_callProceeding:
1068 ret = process_callproceeding(skb, ct, ctinfo, data, dataoff,
1069 &pdu->h323_message_body.
1070 callProceeding);
1071 break;
1072 case eH323_UU_PDU_h323_message_body_connect:
1073 ret = process_connect(skb, ct, ctinfo, data, dataoff,
1074 &pdu->h323_message_body.connect);
1075 break;
1076 case eH323_UU_PDU_h323_message_body_alerting:
1077 ret = process_alerting(skb, ct, ctinfo, data, dataoff,
1078 &pdu->h323_message_body.alerting);
1079 break;
1080 case eH323_UU_PDU_h323_message_body_facility:
1081 ret = process_facility(skb, ct, ctinfo, data, dataoff,
1082 &pdu->h323_message_body.facility);
1083 break;
1084 case eH323_UU_PDU_h323_message_body_progress:
1085 ret = process_progress(skb, ct, ctinfo, data, dataoff,
1086 &pdu->h323_message_body.progress);
1087 break;
1088 default:
1089 pr_debug("nf_ct_q931: Q.931 signal %d\n",
1090 pdu->h323_message_body.choice);
1091 break;
1092 }
1093
1094 if (ret < 0)
1095 return -1;
1096
1097 if (pdu->options & eH323_UU_PDU_h245Control) {
1098 for (i = 0; i < pdu->h245Control.count; i++) {
1099 ret = process_h245(skb, ct, ctinfo, data, dataoff,
1100 &pdu->h245Control.item[i]);
1101 if (ret < 0)
1102 return -1;
1103 }
1104 }
1105
1106 return 0;
1107 }
1108
1109 /****************************************************************************/
1110 static int q931_help(struct sk_buff *skb, unsigned int protoff,
1111 struct nf_conn *ct, enum ip_conntrack_info ctinfo)
1112 {
1113 static Q931 q931;
1114 unsigned char *data = NULL;
1115 int datalen;
1116 int dataoff;
1117 int ret;
1118
1119 /* Until there's been traffic both ways, don't look in packets. */
1120 if (ctinfo != IP_CT_ESTABLISHED &&
1121 ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) {
1122 return NF_ACCEPT;
1123 }
1124 pr_debug("nf_ct_q931: skblen = %u\n", skb->len);
1125
1126 spin_lock_bh(&nf_h323_lock);
1127
1128 /* Process each TPKT */
1129 while (get_tpkt_data(skb, protoff, ct, ctinfo,
1130 &data, &datalen, &dataoff)) {
1131 pr_debug("nf_ct_q931: TPKT len=%d ", datalen);
1132 NF_CT_DUMP_TUPLE(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple);
1133
1134 /* Decode Q.931 signal */
1135 ret = DecodeQ931(data, datalen, &q931);
1136 if (ret < 0) {
1137 pr_debug("nf_ct_q931: decoding error: %s\n",
1138 ret == H323_ERROR_BOUND ?
1139 "out of bound" : "out of range");
1140 /* We don't drop when decoding error */
1141 break;
1142 }
1143
1144 /* Process Q.931 signal */
1145 if (process_q931(skb, ct, ctinfo, &data, dataoff, &q931) < 0)
1146 goto drop;
1147 }
1148
1149 spin_unlock_bh(&nf_h323_lock);
1150 return NF_ACCEPT;
1151
1152 drop:
1153 spin_unlock_bh(&nf_h323_lock);
1154 if (net_ratelimit())
1155 printk("nf_ct_q931: packet dropped\n");
1156 return NF_DROP;
1157 }
1158
1159 /****************************************************************************/
1160 static struct nf_conntrack_helper nf_conntrack_helper_q931[] __read_mostly = {
1161 {
1162 .name = "Q.931",
1163 .me = THIS_MODULE,
1164 /* T.120 and H.245 */
1165 .max_expected = H323_RTP_CHANNEL_MAX * 4 + 4,
1166 .timeout = 240,
1167 .tuple.src.l3num = AF_INET,
1168 .tuple.src.u.tcp.port = __constant_htons(Q931_PORT),
1169 .tuple.dst.protonum = IPPROTO_TCP,
1170 .help = q931_help
1171 },
1172 {
1173 .name = "Q.931",
1174 .me = THIS_MODULE,
1175 /* T.120 and H.245 */
1176 .max_expected = H323_RTP_CHANNEL_MAX * 4 + 4,
1177 .timeout = 240,
1178 .tuple.src.l3num = AF_INET6,
1179 .tuple.src.u.tcp.port = __constant_htons(Q931_PORT),
1180 .tuple.dst.protonum = IPPROTO_TCP,
1181 .help = q931_help
1182 },
1183 };
1184
1185 /****************************************************************************/
1186 static unsigned char *get_udp_data(struct sk_buff *skb, unsigned int protoff,
1187 int *datalen)
1188 {
1189 const struct udphdr *uh;
1190 struct udphdr _uh;
1191 int dataoff;
1192
1193 uh = skb_header_pointer(skb, protoff, sizeof(_uh), &_uh);
1194 if (uh == NULL)
1195 return NULL;
1196 dataoff = protoff + sizeof(_uh);
1197 if (dataoff >= skb->len)
1198 return NULL;
1199 *datalen = skb->len - dataoff;
1200 return skb_header_pointer(skb, dataoff, *datalen, h323_buffer);
1201 }
1202
1203 /****************************************************************************/
1204 static struct nf_conntrack_expect *find_expect(struct nf_conn *ct,
1205 union nf_inet_addr *addr,
1206 __be16 port)
1207 {
1208 struct nf_conntrack_expect *exp;
1209 struct nf_conntrack_tuple tuple;
1210
1211 memset(&tuple.src.u3, 0, sizeof(tuple.src.u3));
1212 tuple.src.u.tcp.port = 0;
1213 memcpy(&tuple.dst.u3, addr, sizeof(tuple.dst.u3));
1214 tuple.dst.u.tcp.port = port;
1215 tuple.dst.protonum = IPPROTO_TCP;
1216
1217 exp = __nf_ct_expect_find(&tuple);
1218 if (exp && exp->master == ct)
1219 return exp;
1220 return NULL;
1221 }
1222
1223 /****************************************************************************/
1224 static int set_expect_timeout(struct nf_conntrack_expect *exp,
1225 unsigned timeout)
1226 {
1227 if (!exp || !del_timer(&exp->timeout))
1228 return 0;
1229
1230 exp->timeout.expires = jiffies + timeout * HZ;
1231 add_timer(&exp->timeout);
1232
1233 return 1;
1234 }
1235
1236 /****************************************************************************/
1237 static int expect_q931(struct sk_buff *skb, struct nf_conn *ct,
1238 enum ip_conntrack_info ctinfo,
1239 unsigned char **data,
1240 TransportAddress *taddr, int count)
1241 {
1242 struct nf_ct_h323_master *info = &nfct_help(ct)->help.ct_h323_info;
1243 int dir = CTINFO2DIR(ctinfo);
1244 int ret = 0;
1245 int i;
1246 __be16 port;
1247 union nf_inet_addr addr;
1248 struct nf_conntrack_expect *exp;
1249 typeof(nat_q931_hook) nat_q931;
1250
1251 /* Look for the first related address */
1252 for (i = 0; i < count; i++) {
1253 if (get_h225_addr(ct, *data, &taddr[i], &addr, &port) &&
1254 memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3,
1255 sizeof(addr)) == 0 && port != 0)
1256 break;
1257 }
1258
1259 if (i >= count) /* Not found */
1260 return 0;
1261
1262 /* Create expect for Q.931 */
1263 if ((exp = nf_ct_expect_alloc(ct)) == NULL)
1264 return -1;
1265 nf_ct_expect_init(exp, ct->tuplehash[!dir].tuple.src.l3num,
1266 gkrouted_only ? /* only accept calls from GK? */
1267 &ct->tuplehash[!dir].tuple.src.u3 : NULL,
1268 &ct->tuplehash[!dir].tuple.dst.u3,
1269 IPPROTO_TCP, NULL, &port);
1270 exp->helper = nf_conntrack_helper_q931;
1271 exp->flags = NF_CT_EXPECT_PERMANENT; /* Accept multiple calls */
1272
1273 nat_q931 = rcu_dereference(nat_q931_hook);
1274 if (nat_q931 && ct->status & IPS_NAT_MASK) { /* Need NAT */
1275 ret = nat_q931(skb, ct, ctinfo, data, taddr, i, port, exp);
1276 } else { /* Conntrack only */
1277 if (nf_ct_expect_related(exp) == 0) {
1278 pr_debug("nf_ct_ras: expect Q.931 ");
1279 NF_CT_DUMP_TUPLE(&exp->tuple);
1280
1281 /* Save port for looking up expect in processing RCF */
1282 info->sig_port[dir] = port;
1283 } else
1284 ret = -1;
1285 }
1286
1287 nf_ct_expect_put(exp);
1288
1289 return ret;
1290 }
1291
1292 /****************************************************************************/
1293 static int process_grq(struct sk_buff *skb, struct nf_conn *ct,
1294 enum ip_conntrack_info ctinfo,
1295 unsigned char **data, GatekeeperRequest *grq)
1296 {
1297 typeof(set_ras_addr_hook) set_ras_addr;
1298
1299 pr_debug("nf_ct_ras: GRQ\n");
1300
1301 set_ras_addr = rcu_dereference(set_ras_addr_hook);
1302 if (set_ras_addr && ct->status & IPS_NAT_MASK) /* NATed */
1303 return set_ras_addr(skb, ct, ctinfo, data,
1304 &grq->rasAddress, 1);
1305 return 0;
1306 }
1307
1308 /****************************************************************************/
1309 static int process_gcf(struct sk_buff *skb, struct nf_conn *ct,
1310 enum ip_conntrack_info ctinfo,
1311 unsigned char **data, GatekeeperConfirm *gcf)
1312 {
1313 int dir = CTINFO2DIR(ctinfo);
1314 int ret = 0;
1315 __be16 port;
1316 union nf_inet_addr addr;
1317 struct nf_conntrack_expect *exp;
1318
1319 pr_debug("nf_ct_ras: GCF\n");
1320
1321 if (!get_h225_addr(ct, *data, &gcf->rasAddress, &addr, &port))
1322 return 0;
1323
1324 /* Registration port is the same as discovery port */
1325 if (!memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) &&
1326 port == ct->tuplehash[dir].tuple.src.u.udp.port)
1327 return 0;
1328
1329 /* Avoid RAS expectation loops. A GCF is never expected. */
1330 if (test_bit(IPS_EXPECTED_BIT, &ct->status))
1331 return 0;
1332
1333 /* Need new expect */
1334 if ((exp = nf_ct_expect_alloc(ct)) == NULL)
1335 return -1;
1336 nf_ct_expect_init(exp, ct->tuplehash[!dir].tuple.src.l3num,
1337 &ct->tuplehash[!dir].tuple.src.u3, &addr,
1338 IPPROTO_UDP, NULL, &port);
1339 exp->helper = nf_conntrack_helper_ras;
1340
1341 if (nf_ct_expect_related(exp) == 0) {
1342 pr_debug("nf_ct_ras: expect RAS ");
1343 NF_CT_DUMP_TUPLE(&exp->tuple);
1344 } else
1345 ret = -1;
1346
1347 nf_ct_expect_put(exp);
1348
1349 return ret;
1350 }
1351
1352 /****************************************************************************/
1353 static int process_rrq(struct sk_buff *skb, struct nf_conn *ct,
1354 enum ip_conntrack_info ctinfo,
1355 unsigned char **data, RegistrationRequest *rrq)
1356 {
1357 struct nf_ct_h323_master *info = &nfct_help(ct)->help.ct_h323_info;
1358 int ret;
1359 typeof(set_ras_addr_hook) set_ras_addr;
1360
1361 pr_debug("nf_ct_ras: RRQ\n");
1362
1363 ret = expect_q931(skb, ct, ctinfo, data,
1364 rrq->callSignalAddress.item,
1365 rrq->callSignalAddress.count);
1366 if (ret < 0)
1367 return -1;
1368
1369 set_ras_addr = rcu_dereference(set_ras_addr_hook);
1370 if (set_ras_addr && ct->status & IPS_NAT_MASK) {
1371 ret = set_ras_addr(skb, ct, ctinfo, data,
1372 rrq->rasAddress.item,
1373 rrq->rasAddress.count);
1374 if (ret < 0)
1375 return -1;
1376 }
1377
1378 if (rrq->options & eRegistrationRequest_timeToLive) {
1379 pr_debug("nf_ct_ras: RRQ TTL = %u seconds\n", rrq->timeToLive);
1380 info->timeout = rrq->timeToLive;
1381 } else
1382 info->timeout = default_rrq_ttl;
1383
1384 return 0;
1385 }
1386
1387 /****************************************************************************/
1388 static int process_rcf(struct sk_buff *skb, struct nf_conn *ct,
1389 enum ip_conntrack_info ctinfo,
1390 unsigned char **data, RegistrationConfirm *rcf)
1391 {
1392 struct nf_ct_h323_master *info = &nfct_help(ct)->help.ct_h323_info;
1393 int dir = CTINFO2DIR(ctinfo);
1394 int ret;
1395 struct nf_conntrack_expect *exp;
1396 typeof(set_sig_addr_hook) set_sig_addr;
1397
1398 pr_debug("nf_ct_ras: RCF\n");
1399
1400 set_sig_addr = rcu_dereference(set_sig_addr_hook);
1401 if (set_sig_addr && ct->status & IPS_NAT_MASK) {
1402 ret = set_sig_addr(skb, ct, ctinfo, data,
1403 rcf->callSignalAddress.item,
1404 rcf->callSignalAddress.count);
1405 if (ret < 0)
1406 return -1;
1407 }
1408
1409 if (rcf->options & eRegistrationConfirm_timeToLive) {
1410 pr_debug("nf_ct_ras: RCF TTL = %u seconds\n", rcf->timeToLive);
1411 info->timeout = rcf->timeToLive;
1412 }
1413
1414 if (info->timeout > 0) {
1415 pr_debug("nf_ct_ras: set RAS connection timeout to "
1416 "%u seconds\n", info->timeout);
1417 nf_ct_refresh(ct, skb, info->timeout * HZ);
1418
1419 /* Set expect timeout */
1420 spin_lock_bh(&nf_conntrack_lock);
1421 exp = find_expect(ct, &ct->tuplehash[dir].tuple.dst.u3,
1422 info->sig_port[!dir]);
1423 if (exp) {
1424 pr_debug("nf_ct_ras: set Q.931 expect "
1425 "timeout to %u seconds for",
1426 info->timeout);
1427 NF_CT_DUMP_TUPLE(&exp->tuple);
1428 set_expect_timeout(exp, info->timeout);
1429 }
1430 spin_unlock_bh(&nf_conntrack_lock);
1431 }
1432
1433 return 0;
1434 }
1435
1436 /****************************************************************************/
1437 static int process_urq(struct sk_buff *skb, struct nf_conn *ct,
1438 enum ip_conntrack_info ctinfo,
1439 unsigned char **data, UnregistrationRequest *urq)
1440 {
1441 struct nf_ct_h323_master *info = &nfct_help(ct)->help.ct_h323_info;
1442 int dir = CTINFO2DIR(ctinfo);
1443 int ret;
1444 typeof(set_sig_addr_hook) set_sig_addr;
1445
1446 pr_debug("nf_ct_ras: URQ\n");
1447
1448 set_sig_addr = rcu_dereference(set_sig_addr_hook);
1449 if (set_sig_addr && ct->status & IPS_NAT_MASK) {
1450 ret = set_sig_addr(skb, ct, ctinfo, data,
1451 urq->callSignalAddress.item,
1452 urq->callSignalAddress.count);
1453 if (ret < 0)
1454 return -1;
1455 }
1456
1457 /* Clear old expect */
1458 nf_ct_remove_expectations(ct);
1459 info->sig_port[dir] = 0;
1460 info->sig_port[!dir] = 0;
1461
1462 /* Give it 30 seconds for UCF or URJ */
1463 nf_ct_refresh(ct, skb, 30 * HZ);
1464
1465 return 0;
1466 }
1467
1468 /****************************************************************************/
1469 static int process_arq(struct sk_buff *skb, struct nf_conn *ct,
1470 enum ip_conntrack_info ctinfo,
1471 unsigned char **data, AdmissionRequest *arq)
1472 {
1473 const struct nf_ct_h323_master *info = &nfct_help(ct)->help.ct_h323_info;
1474 int dir = CTINFO2DIR(ctinfo);
1475 __be16 port;
1476 union nf_inet_addr addr;
1477 typeof(set_h225_addr_hook) set_h225_addr;
1478
1479 pr_debug("nf_ct_ras: ARQ\n");
1480
1481 set_h225_addr = rcu_dereference(set_h225_addr_hook);
1482 if ((arq->options & eAdmissionRequest_destCallSignalAddress) &&
1483 get_h225_addr(ct, *data, &arq->destCallSignalAddress,
1484 &addr, &port) &&
1485 !memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) &&
1486 port == info->sig_port[dir] &&
1487 set_h225_addr && ct->status & IPS_NAT_MASK) {
1488 /* Answering ARQ */
1489 return set_h225_addr(skb, data, 0,
1490 &arq->destCallSignalAddress,
1491 &ct->tuplehash[!dir].tuple.dst.u3,
1492 info->sig_port[!dir]);
1493 }
1494
1495 if ((arq->options & eAdmissionRequest_srcCallSignalAddress) &&
1496 get_h225_addr(ct, *data, &arq->srcCallSignalAddress,
1497 &addr, &port) &&
1498 !memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) &&
1499 set_h225_addr && ct->status & IPS_NAT_MASK) {
1500 /* Calling ARQ */
1501 return set_h225_addr(skb, data, 0,
1502 &arq->srcCallSignalAddress,
1503 &ct->tuplehash[!dir].tuple.dst.u3,
1504 port);
1505 }
1506
1507 return 0;
1508 }
1509
1510 /****************************************************************************/
1511 static int process_acf(struct sk_buff *skb, struct nf_conn *ct,
1512 enum ip_conntrack_info ctinfo,
1513 unsigned char **data, AdmissionConfirm *acf)
1514 {
1515 int dir = CTINFO2DIR(ctinfo);
1516 int ret = 0;
1517 __be16 port;
1518 union nf_inet_addr addr;
1519 struct nf_conntrack_expect *exp;
1520 typeof(set_sig_addr_hook) set_sig_addr;
1521
1522 pr_debug("nf_ct_ras: ACF\n");
1523
1524 if (!get_h225_addr(ct, *data, &acf->destCallSignalAddress,
1525 &addr, &port))
1526 return 0;
1527
1528 if (!memcmp(&addr, &ct->tuplehash[dir].tuple.dst.u3, sizeof(addr))) {
1529 /* Answering ACF */
1530 set_sig_addr = rcu_dereference(set_sig_addr_hook);
1531 if (set_sig_addr && ct->status & IPS_NAT_MASK)
1532 return set_sig_addr(skb, ct, ctinfo, data,
1533 &acf->destCallSignalAddress, 1);
1534 return 0;
1535 }
1536
1537 /* Need new expect */
1538 if ((exp = nf_ct_expect_alloc(ct)) == NULL)
1539 return -1;
1540 nf_ct_expect_init(exp, ct->tuplehash[!dir].tuple.src.l3num,
1541 &ct->tuplehash[!dir].tuple.src.u3, &addr,
1542 IPPROTO_TCP, NULL, &port);
1543 exp->flags = NF_CT_EXPECT_PERMANENT;
1544 exp->helper = nf_conntrack_helper_q931;
1545
1546 if (nf_ct_expect_related(exp) == 0) {
1547 pr_debug("nf_ct_ras: expect Q.931 ");
1548 NF_CT_DUMP_TUPLE(&exp->tuple);
1549 } else
1550 ret = -1;
1551
1552 nf_ct_expect_put(exp);
1553
1554 return ret;
1555 }
1556
1557 /****************************************************************************/
1558 static int process_lrq(struct sk_buff *skb, struct nf_conn *ct,
1559 enum ip_conntrack_info ctinfo,
1560 unsigned char **data, LocationRequest *lrq)
1561 {
1562 typeof(set_ras_addr_hook) set_ras_addr;
1563
1564 pr_debug("nf_ct_ras: LRQ\n");
1565
1566 set_ras_addr = rcu_dereference(set_ras_addr_hook);
1567 if (set_ras_addr && ct->status & IPS_NAT_MASK)
1568 return set_ras_addr(skb, ct, ctinfo, data,
1569 &lrq->replyAddress, 1);
1570 return 0;
1571 }
1572
1573 /****************************************************************************/
1574 static int process_lcf(struct sk_buff *skb, struct nf_conn *ct,
1575 enum ip_conntrack_info ctinfo,
1576 unsigned char **data, LocationConfirm *lcf)
1577 {
1578 int dir = CTINFO2DIR(ctinfo);
1579 int ret = 0;
1580 __be16 port;
1581 union nf_inet_addr addr;
1582 struct nf_conntrack_expect *exp;
1583
1584 pr_debug("nf_ct_ras: LCF\n");
1585
1586 if (!get_h225_addr(ct, *data, &lcf->callSignalAddress,
1587 &addr, &port))
1588 return 0;
1589
1590 /* Need new expect for call signal */
1591 if ((exp = nf_ct_expect_alloc(ct)) == NULL)
1592 return -1;
1593 nf_ct_expect_init(exp, ct->tuplehash[!dir].tuple.src.l3num,
1594 &ct->tuplehash[!dir].tuple.src.u3, &addr,
1595 IPPROTO_TCP, NULL, &port);
1596 exp->flags = NF_CT_EXPECT_PERMANENT;
1597 exp->helper = nf_conntrack_helper_q931;
1598
1599 if (nf_ct_expect_related(exp) == 0) {
1600 pr_debug("nf_ct_ras: expect Q.931 ");
1601 NF_CT_DUMP_TUPLE(&exp->tuple);
1602 } else
1603 ret = -1;
1604
1605 nf_ct_expect_put(exp);
1606
1607 /* Ignore rasAddress */
1608
1609 return ret;
1610 }
1611
1612 /****************************************************************************/
1613 static int process_irr(struct sk_buff *skb, struct nf_conn *ct,
1614 enum ip_conntrack_info ctinfo,
1615 unsigned char **data, InfoRequestResponse *irr)
1616 {
1617 int ret;
1618 typeof(set_ras_addr_hook) set_ras_addr;
1619 typeof(set_sig_addr_hook) set_sig_addr;
1620
1621 pr_debug("nf_ct_ras: IRR\n");
1622
1623 set_ras_addr = rcu_dereference(set_ras_addr_hook);
1624 if (set_ras_addr && ct->status & IPS_NAT_MASK) {
1625 ret = set_ras_addr(skb, ct, ctinfo, data,
1626 &irr->rasAddress, 1);
1627 if (ret < 0)
1628 return -1;
1629 }
1630
1631 set_sig_addr = rcu_dereference(set_sig_addr_hook);
1632 if (set_sig_addr && ct->status & IPS_NAT_MASK) {
1633 ret = set_sig_addr(skb, ct, ctinfo, data,
1634 irr->callSignalAddress.item,
1635 irr->callSignalAddress.count);
1636 if (ret < 0)
1637 return -1;
1638 }
1639
1640 return 0;
1641 }
1642
1643 /****************************************************************************/
1644 static int process_ras(struct sk_buff *skb, struct nf_conn *ct,
1645 enum ip_conntrack_info ctinfo,
1646 unsigned char **data, RasMessage *ras)
1647 {
1648 switch (ras->choice) {
1649 case eRasMessage_gatekeeperRequest:
1650 return process_grq(skb, ct, ctinfo, data,
1651 &ras->gatekeeperRequest);
1652 case eRasMessage_gatekeeperConfirm:
1653 return process_gcf(skb, ct, ctinfo, data,
1654 &ras->gatekeeperConfirm);
1655 case eRasMessage_registrationRequest:
1656 return process_rrq(skb, ct, ctinfo, data,
1657 &ras->registrationRequest);
1658 case eRasMessage_registrationConfirm:
1659 return process_rcf(skb, ct, ctinfo, data,
1660 &ras->registrationConfirm);
1661 case eRasMessage_unregistrationRequest:
1662 return process_urq(skb, ct, ctinfo, data,
1663 &ras->unregistrationRequest);
1664 case eRasMessage_admissionRequest:
1665 return process_arq(skb, ct, ctinfo, data,
1666 &ras->admissionRequest);
1667 case eRasMessage_admissionConfirm:
1668 return process_acf(skb, ct, ctinfo, data,
1669 &ras->admissionConfirm);
1670 case eRasMessage_locationRequest:
1671 return process_lrq(skb, ct, ctinfo, data,
1672 &ras->locationRequest);
1673 case eRasMessage_locationConfirm:
1674 return process_lcf(skb, ct, ctinfo, data,
1675 &ras->locationConfirm);
1676 case eRasMessage_infoRequestResponse:
1677 return process_irr(skb, ct, ctinfo, data,
1678 &ras->infoRequestResponse);
1679 default:
1680 pr_debug("nf_ct_ras: RAS message %d\n", ras->choice);
1681 break;
1682 }
1683
1684 return 0;
1685 }
1686
1687 /****************************************************************************/
1688 static int ras_help(struct sk_buff *skb, unsigned int protoff,
1689 struct nf_conn *ct, enum ip_conntrack_info ctinfo)
1690 {
1691 static RasMessage ras;
1692 unsigned char *data;
1693 int datalen = 0;
1694 int ret;
1695
1696 pr_debug("nf_ct_ras: skblen = %u\n", skb->len);
1697
1698 spin_lock_bh(&nf_h323_lock);
1699
1700 /* Get UDP data */
1701 data = get_udp_data(skb, protoff, &datalen);
1702 if (data == NULL)
1703 goto accept;
1704 pr_debug("nf_ct_ras: RAS message len=%d ", datalen);
1705 NF_CT_DUMP_TUPLE(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple);
1706
1707 /* Decode RAS message */
1708 ret = DecodeRasMessage(data, datalen, &ras);
1709 if (ret < 0) {
1710 pr_debug("nf_ct_ras: decoding error: %s\n",
1711 ret == H323_ERROR_BOUND ?
1712 "out of bound" : "out of range");
1713 goto accept;
1714 }
1715
1716 /* Process RAS message */
1717 if (process_ras(skb, ct, ctinfo, &data, &ras) < 0)
1718 goto drop;
1719
1720 accept:
1721 spin_unlock_bh(&nf_h323_lock);
1722 return NF_ACCEPT;
1723
1724 drop:
1725 spin_unlock_bh(&nf_h323_lock);
1726 if (net_ratelimit())
1727 printk("nf_ct_ras: packet dropped\n");
1728 return NF_DROP;
1729 }
1730
1731 /****************************************************************************/
1732 static struct nf_conntrack_helper nf_conntrack_helper_ras[] __read_mostly = {
1733 {
1734 .name = "RAS",
1735 .me = THIS_MODULE,
1736 .max_expected = 32,
1737 .timeout = 240,
1738 .tuple.src.l3num = AF_INET,
1739 .tuple.src.u.udp.port = __constant_htons(RAS_PORT),
1740 .tuple.dst.protonum = IPPROTO_UDP,
1741 .help = ras_help,
1742 },
1743 {
1744 .name = "RAS",
1745 .me = THIS_MODULE,
1746 .max_expected = 32,
1747 .timeout = 240,
1748 .tuple.src.l3num = AF_INET6,
1749 .tuple.src.u.udp.port = __constant_htons(RAS_PORT),
1750 .tuple.dst.protonum = IPPROTO_UDP,
1751 .help = ras_help,
1752 },
1753 };
1754
1755 /****************************************************************************/
1756 static void __exit nf_conntrack_h323_fini(void)
1757 {
1758 nf_conntrack_helper_unregister(&nf_conntrack_helper_ras[1]);
1759 nf_conntrack_helper_unregister(&nf_conntrack_helper_ras[0]);
1760 nf_conntrack_helper_unregister(&nf_conntrack_helper_q931[1]);
1761 nf_conntrack_helper_unregister(&nf_conntrack_helper_q931[0]);
1762 nf_conntrack_helper_unregister(&nf_conntrack_helper_h245);
1763 kfree(h323_buffer);
1764 pr_debug("nf_ct_h323: fini\n");
1765 }
1766
1767 /****************************************************************************/
1768 static int __init nf_conntrack_h323_init(void)
1769 {
1770 int ret;
1771
1772 h323_buffer = kmalloc(65536, GFP_KERNEL);
1773 if (!h323_buffer)
1774 return -ENOMEM;
1775 ret = nf_conntrack_helper_register(&nf_conntrack_helper_h245);
1776 if (ret < 0)
1777 goto err1;
1778 ret = nf_conntrack_helper_register(&nf_conntrack_helper_q931[0]);
1779 if (ret < 0)
1780 goto err2;
1781 ret = nf_conntrack_helper_register(&nf_conntrack_helper_q931[1]);
1782 if (ret < 0)
1783 goto err3;
1784 ret = nf_conntrack_helper_register(&nf_conntrack_helper_ras[0]);
1785 if (ret < 0)
1786 goto err4;
1787 ret = nf_conntrack_helper_register(&nf_conntrack_helper_ras[1]);
1788 if (ret < 0)
1789 goto err5;
1790 pr_debug("nf_ct_h323: init success\n");
1791 return 0;
1792
1793 err5:
1794 nf_conntrack_helper_unregister(&nf_conntrack_helper_ras[0]);
1795 err4:
1796 nf_conntrack_helper_unregister(&nf_conntrack_helper_q931[1]);
1797 err3:
1798 nf_conntrack_helper_unregister(&nf_conntrack_helper_q931[0]);
1799 err2:
1800 nf_conntrack_helper_unregister(&nf_conntrack_helper_h245);
1801 err1:
1802 kfree(h323_buffer);
1803 return ret;
1804 }
1805
1806 /****************************************************************************/
1807 module_init(nf_conntrack_h323_init);
1808 module_exit(nf_conntrack_h323_fini);
1809
1810 EXPORT_SYMBOL_GPL(get_h225_addr);
1811 EXPORT_SYMBOL_GPL(set_h245_addr_hook);
1812 EXPORT_SYMBOL_GPL(set_h225_addr_hook);
1813 EXPORT_SYMBOL_GPL(set_sig_addr_hook);
1814 EXPORT_SYMBOL_GPL(set_ras_addr_hook);
1815 EXPORT_SYMBOL_GPL(nat_rtp_rtcp_hook);
1816 EXPORT_SYMBOL_GPL(nat_t120_hook);
1817 EXPORT_SYMBOL_GPL(nat_h245_hook);
1818 EXPORT_SYMBOL_GPL(nat_callforwarding_hook);
1819 EXPORT_SYMBOL_GPL(nat_q931_hook);
1820
1821 MODULE_AUTHOR("Jing Min Zhao <zhaojingmin@users.sourceforge.net>");
1822 MODULE_DESCRIPTION("H.323 connection tracking helper");
1823 MODULE_LICENSE("GPL");
1824 MODULE_ALIAS("ip_conntrack_h323");
1825
|
This page was automatically generated by the
LXR engine.
|