53eb365ccc7e507f7ecac494265418e65b54b6f2
[linux-3.10.git] / net / ipv4 / netfilter / ip_conntrack_helper_h323.c
1 /*
2  * H.323 connection tracking helper
3  *
4  * Copyright (c) 2006 Jing Min Zhao <zhaojingmin@users.sourceforge.net>
5  *
6  * This source code is licensed under General Public License version 2.
7  *
8  * Based on the 'brute force' H.323 connection tracking module by
9  * Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
10  *
11  * For more information, please see http://nath323.sourceforge.net/
12  */
13
14 #include <linux/module.h>
15 #include <linux/netfilter.h>
16 #include <linux/ip.h>
17 #include <net/tcp.h>
18 #include <linux/netfilter_ipv4/ip_conntrack.h>
19 #include <linux/netfilter_ipv4/ip_conntrack_core.h>
20 #include <linux/netfilter_ipv4/ip_conntrack_helper.h>
21 #include <linux/netfilter_ipv4/ip_conntrack_tuple.h>
22 #include <linux/netfilter_ipv4/ip_conntrack_h323.h>
23 #include <linux/moduleparam.h>
24 #include <linux/ctype.h>
25 #include <linux/inet.h>
26
27 #if 0
28 #define DEBUGP printk
29 #else
30 #define DEBUGP(format, args...)
31 #endif
32
33 /* Parameters */
34 static unsigned int default_rrq_ttl = 300;
35 module_param(default_rrq_ttl, uint, 0600);
36 MODULE_PARM_DESC(default_rrq_ttl, "use this TTL if it's missing in RRQ");
37
38 static int gkrouted_only = 1;
39 module_param(gkrouted_only, int, 0600);
40 MODULE_PARM_DESC(gkrouted_only, "only accept calls from gatekeeper");
41
42 static int callforward_filter = 1;
43 module_param(callforward_filter, bool, 0600);
44 MODULE_PARM_DESC(callforward_filter, "only create call forwarding expectations "
45                                      "if both endpoints are on different sides "
46                                      "(determined by routing information)");
47
48 /* Hooks for NAT */
49 int (*set_h245_addr_hook) (struct sk_buff ** pskb,
50                            unsigned char **data, int dataoff,
51                            H245_TransportAddress * addr,
52                            __be32 ip, u_int16_t port);
53 int (*set_h225_addr_hook) (struct sk_buff ** pskb,
54                            unsigned char **data, int dataoff,
55                            TransportAddress * addr,
56                            __be32 ip, u_int16_t port);
57 int (*set_sig_addr_hook) (struct sk_buff ** pskb,
58                           struct ip_conntrack * ct,
59                           enum ip_conntrack_info ctinfo,
60                           unsigned char **data,
61                           TransportAddress * addr, int count);
62 int (*set_ras_addr_hook) (struct sk_buff ** pskb,
63                           struct ip_conntrack * ct,
64                           enum ip_conntrack_info ctinfo,
65                           unsigned char **data,
66                           TransportAddress * addr, int count);
67 int (*nat_rtp_rtcp_hook) (struct sk_buff ** pskb,
68                           struct ip_conntrack * ct,
69                           enum ip_conntrack_info ctinfo,
70                           unsigned char **data, int dataoff,
71                           H245_TransportAddress * addr,
72                           u_int16_t port, u_int16_t rtp_port,
73                           struct ip_conntrack_expect * rtp_exp,
74                           struct ip_conntrack_expect * rtcp_exp);
75 int (*nat_t120_hook) (struct sk_buff ** pskb,
76                       struct ip_conntrack * ct,
77                       enum ip_conntrack_info ctinfo,
78                       unsigned char **data, int dataoff,
79                       H245_TransportAddress * addr, u_int16_t port,
80                       struct ip_conntrack_expect * exp);
81 int (*nat_h245_hook) (struct sk_buff ** pskb,
82                       struct ip_conntrack * ct,
83                       enum ip_conntrack_info ctinfo,
84                       unsigned char **data, int dataoff,
85                       TransportAddress * addr, u_int16_t port,
86                       struct ip_conntrack_expect * exp);
87 int (*nat_callforwarding_hook) (struct sk_buff ** pskb,
88                                 struct ip_conntrack * ct,
89                                 enum ip_conntrack_info ctinfo,
90                                 unsigned char **data, int dataoff,
91                                 TransportAddress * addr, u_int16_t port,
92                                 struct ip_conntrack_expect * exp);
93 int (*nat_q931_hook) (struct sk_buff ** pskb,
94                       struct ip_conntrack * ct,
95                       enum ip_conntrack_info ctinfo,
96                       unsigned char **data, TransportAddress * addr, int idx,
97                       u_int16_t port, struct ip_conntrack_expect * exp);
98
99
100 static DEFINE_SPINLOCK(ip_h323_lock);
101 static char *h323_buffer;
102
103 /****************************************************************************/
104 static int get_tpkt_data(struct sk_buff **pskb, struct ip_conntrack *ct,
105                          enum ip_conntrack_info ctinfo,
106                          unsigned char **data, int *datalen, int *dataoff)
107 {
108         struct ip_ct_h323_master *info = &ct->help.ct_h323_info;
109         int dir = CTINFO2DIR(ctinfo);
110         struct tcphdr _tcph, *th;
111         int tcpdatalen;
112         int tcpdataoff;
113         unsigned char *tpkt;
114         int tpktlen;
115         int tpktoff;
116
117         /* Get TCP header */
118         th = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl * 4,
119                                 sizeof(_tcph), &_tcph);
120         if (th == NULL)
121                 return 0;
122
123         /* Get TCP data offset */
124         tcpdataoff = (*pskb)->nh.iph->ihl * 4 + th->doff * 4;
125
126         /* Get TCP data length */
127         tcpdatalen = (*pskb)->len - tcpdataoff;
128         if (tcpdatalen <= 0)    /* No TCP data */
129                 goto clear_out;
130
131         if (*data == NULL) {    /* first TPKT */
132                 /* Get first TPKT pointer */
133                 tpkt = skb_header_pointer(*pskb, tcpdataoff, tcpdatalen,
134                                           h323_buffer);
135                 BUG_ON(tpkt == NULL);
136
137                 /* Validate TPKT identifier */
138                 if (tcpdatalen < 4 || tpkt[0] != 0x03 || tpkt[1] != 0) {
139                         /* Netmeeting sends TPKT header and data separately */
140                         if (info->tpkt_len[dir] > 0) {
141                                 DEBUGP("ip_ct_h323: previous packet "
142                                        "indicated separate TPKT data of %hu "
143                                        "bytes\n", info->tpkt_len[dir]);
144                                 if (info->tpkt_len[dir] <= tcpdatalen) {
145                                         /* Yes, there was a TPKT header
146                                          * received */
147                                         *data = tpkt;
148                                         *datalen = info->tpkt_len[dir];
149                                         *dataoff = 0;
150                                         goto out;
151                                 }
152
153                                 /* Fragmented TPKT */
154                                 if (net_ratelimit())
155                                         printk("ip_ct_h323: "
156                                                "fragmented TPKT\n");
157                                 goto clear_out;
158                         }
159
160                         /* It is not even a TPKT */
161                         return 0;
162                 }
163                 tpktoff = 0;
164         } else {                /* Next TPKT */
165                 tpktoff = *dataoff + *datalen;
166                 tcpdatalen -= tpktoff;
167                 if (tcpdatalen <= 4)    /* No more TPKT */
168                         goto clear_out;
169                 tpkt = *data + *datalen;
170
171                 /* Validate TPKT identifier */
172                 if (tpkt[0] != 0x03 || tpkt[1] != 0)
173                         goto clear_out;
174         }
175
176         /* Validate TPKT length */
177         tpktlen = tpkt[2] * 256 + tpkt[3];
178         if (tpktlen < 4)
179                 goto clear_out;
180         if (tpktlen > tcpdatalen) {
181                 if (tcpdatalen == 4) {  /* Separate TPKT header */
182                         /* Netmeeting sends TPKT header and data separately */
183                         DEBUGP("ip_ct_h323: separate TPKT header indicates "
184                                "there will be TPKT data of %hu bytes\n",
185                                tpktlen - 4);
186                         info->tpkt_len[dir] = tpktlen - 4;
187                         return 0;
188                 }
189
190                 if (net_ratelimit())
191                         printk("ip_ct_h323: incomplete TPKT (fragmented?)\n");
192                 goto clear_out;
193         }
194
195         /* This is the encapsulated data */
196         *data = tpkt + 4;
197         *datalen = tpktlen - 4;
198         *dataoff = tpktoff + 4;
199
200       out:
201         /* Clear TPKT length */
202         info->tpkt_len[dir] = 0;
203         return 1;
204
205       clear_out:
206         info->tpkt_len[dir] = 0;
207         return 0;
208 }
209
210 /****************************************************************************/
211 static int get_h245_addr(unsigned char *data, H245_TransportAddress * addr,
212                          __be32 * ip, u_int16_t * port)
213 {
214         unsigned char *p;
215
216         if (addr->choice != eH245_TransportAddress_unicastAddress ||
217             addr->unicastAddress.choice != eUnicastAddress_iPAddress)
218                 return 0;
219
220         p = data + addr->unicastAddress.iPAddress.network;
221         *ip = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | (p[3]));
222         *port = (p[4] << 8) | (p[5]);
223
224         return 1;
225 }
226
227 /****************************************************************************/
228 static int expect_rtp_rtcp(struct sk_buff **pskb, struct ip_conntrack *ct,
229                            enum ip_conntrack_info ctinfo,
230                            unsigned char **data, int dataoff,
231                            H245_TransportAddress * addr)
232 {
233         int dir = CTINFO2DIR(ctinfo);
234         int ret = 0;
235         __be32 ip;
236         u_int16_t port;
237         u_int16_t rtp_port;
238         struct ip_conntrack_expect *rtp_exp;
239         struct ip_conntrack_expect *rtcp_exp;
240         typeof(nat_rtp_rtcp_hook) nat_rtp_rtcp;
241
242         /* Read RTP or RTCP address */
243         if (!get_h245_addr(*data, addr, &ip, &port) ||
244             ip != ct->tuplehash[dir].tuple.src.ip || port == 0)
245                 return 0;
246
247         /* RTP port is even */
248         rtp_port = port & (~1);
249
250         /* Create expect for RTP */
251         if ((rtp_exp = ip_conntrack_expect_alloc(ct)) == NULL)
252                 return -1;
253         rtp_exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
254         rtp_exp->tuple.src.u.udp.port = 0;
255         rtp_exp->tuple.dst.ip = ct->tuplehash[!dir].tuple.dst.ip;
256         rtp_exp->tuple.dst.u.udp.port = htons(rtp_port);
257         rtp_exp->tuple.dst.protonum = IPPROTO_UDP;
258         rtp_exp->mask.src.ip = htonl(0xFFFFFFFF);
259         rtp_exp->mask.src.u.udp.port = 0;
260         rtp_exp->mask.dst.ip = htonl(0xFFFFFFFF);
261         rtp_exp->mask.dst.u.udp.port = htons(0xFFFF);
262         rtp_exp->mask.dst.protonum = 0xFF;
263         rtp_exp->flags = 0;
264
265         /* Create expect for RTCP */
266         if ((rtcp_exp = ip_conntrack_expect_alloc(ct)) == NULL) {
267                 ip_conntrack_expect_put(rtp_exp);
268                 return -1;
269         }
270         rtcp_exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
271         rtcp_exp->tuple.src.u.udp.port = 0;
272         rtcp_exp->tuple.dst.ip = ct->tuplehash[!dir].tuple.dst.ip;
273         rtcp_exp->tuple.dst.u.udp.port = htons(rtp_port + 1);
274         rtcp_exp->tuple.dst.protonum = IPPROTO_UDP;
275         rtcp_exp->mask.src.ip = htonl(0xFFFFFFFF);
276         rtcp_exp->mask.src.u.udp.port = 0;
277         rtcp_exp->mask.dst.ip = htonl(0xFFFFFFFF);
278         rtcp_exp->mask.dst.u.udp.port = htons(0xFFFF);
279         rtcp_exp->mask.dst.protonum = 0xFF;
280         rtcp_exp->flags = 0;
281
282         if (ct->tuplehash[dir].tuple.src.ip !=
283             ct->tuplehash[!dir].tuple.dst.ip &&
284             (nat_rtp_rtcp = rcu_dereference(nat_rtp_rtcp_hook))) {
285                 /* NAT needed */
286                 ret = nat_rtp_rtcp(pskb, ct, ctinfo, data, dataoff,
287                                    addr, port, rtp_port, rtp_exp, rtcp_exp);
288         } else {                /* Conntrack only */
289                 rtp_exp->expectfn = NULL;
290                 rtcp_exp->expectfn = NULL;
291
292                 if (ip_conntrack_expect_related(rtp_exp) == 0) {
293                         if (ip_conntrack_expect_related(rtcp_exp) == 0) {
294                                 DEBUGP("ip_ct_h323: expect RTP "
295                                        "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
296                                        NIPQUAD(rtp_exp->tuple.src.ip),
297                                        ntohs(rtp_exp->tuple.src.u.udp.port),
298                                        NIPQUAD(rtp_exp->tuple.dst.ip),
299                                        ntohs(rtp_exp->tuple.dst.u.udp.port));
300                                 DEBUGP("ip_ct_h323: expect RTCP "
301                                        "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
302                                        NIPQUAD(rtcp_exp->tuple.src.ip),
303                                        ntohs(rtcp_exp->tuple.src.u.udp.port),
304                                        NIPQUAD(rtcp_exp->tuple.dst.ip),
305                                        ntohs(rtcp_exp->tuple.dst.u.udp.port));
306                         } else {
307                                 ip_conntrack_unexpect_related(rtp_exp);
308                                 ret = -1;
309                         }
310                 } else
311                         ret = -1;
312         }
313
314         ip_conntrack_expect_put(rtp_exp);
315         ip_conntrack_expect_put(rtcp_exp);
316
317         return ret;
318 }
319
320 /****************************************************************************/
321 static int expect_t120(struct sk_buff **pskb,
322                        struct ip_conntrack *ct,
323                        enum ip_conntrack_info ctinfo,
324                        unsigned char **data, int dataoff,
325                        H245_TransportAddress * addr)
326 {
327         int dir = CTINFO2DIR(ctinfo);
328         int ret = 0;
329         __be32 ip;
330         u_int16_t port;
331         struct ip_conntrack_expect *exp = NULL;
332         typeof(nat_t120_hook) nat_t120;
333
334         /* Read T.120 address */
335         if (!get_h245_addr(*data, addr, &ip, &port) ||
336             ip != ct->tuplehash[dir].tuple.src.ip || port == 0)
337                 return 0;
338
339         /* Create expect for T.120 connections */
340         if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
341                 return -1;
342         exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
343         exp->tuple.src.u.tcp.port = 0;
344         exp->tuple.dst.ip = ct->tuplehash[!dir].tuple.dst.ip;
345         exp->tuple.dst.u.tcp.port = htons(port);
346         exp->tuple.dst.protonum = IPPROTO_TCP;
347         exp->mask.src.ip = htonl(0xFFFFFFFF);
348         exp->mask.src.u.tcp.port = 0;
349         exp->mask.dst.ip = htonl(0xFFFFFFFF);
350         exp->mask.dst.u.tcp.port = htons(0xFFFF);
351         exp->mask.dst.protonum = 0xFF;
352         exp->flags = IP_CT_EXPECT_PERMANENT;    /* Accept multiple channels */
353
354         if (ct->tuplehash[dir].tuple.src.ip !=
355             ct->tuplehash[!dir].tuple.dst.ip &&
356             (nat_t120 = rcu_dereference(nat_t120_hook))) {
357                 /* NAT needed */
358                 ret = nat_t120(pskb, ct, ctinfo, data, dataoff, addr,
359                                port, exp);
360         } else {                /* Conntrack only */
361                 exp->expectfn = NULL;
362                 if (ip_conntrack_expect_related(exp) == 0) {
363                         DEBUGP("ip_ct_h323: expect T.120 "
364                                "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
365                                NIPQUAD(exp->tuple.src.ip),
366                                ntohs(exp->tuple.src.u.tcp.port),
367                                NIPQUAD(exp->tuple.dst.ip),
368                                ntohs(exp->tuple.dst.u.tcp.port));
369                 } else
370                         ret = -1;
371         }
372
373         ip_conntrack_expect_put(exp);
374
375         return ret;
376 }
377
378 /****************************************************************************/
379 static int process_h245_channel(struct sk_buff **pskb,
380                                 struct ip_conntrack *ct,
381                                 enum ip_conntrack_info ctinfo,
382                                 unsigned char **data, int dataoff,
383                                 H2250LogicalChannelParameters * channel)
384 {
385         int ret;
386
387         if (channel->options & eH2250LogicalChannelParameters_mediaChannel) {
388                 /* RTP */
389                 ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff,
390                                       &channel->mediaChannel);
391                 if (ret < 0)
392                         return -1;
393         }
394
395         if (channel->
396             options & eH2250LogicalChannelParameters_mediaControlChannel) {
397                 /* RTCP */
398                 ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff,
399                                       &channel->mediaControlChannel);
400                 if (ret < 0)
401                         return -1;
402         }
403
404         return 0;
405 }
406
407 /****************************************************************************/
408 static int process_olc(struct sk_buff **pskb, struct ip_conntrack *ct,
409                        enum ip_conntrack_info ctinfo,
410                        unsigned char **data, int dataoff,
411                        OpenLogicalChannel * olc)
412 {
413         int ret;
414
415         DEBUGP("ip_ct_h323: OpenLogicalChannel\n");
416
417         if (olc->forwardLogicalChannelParameters.multiplexParameters.choice ==
418             eOpenLogicalChannel_forwardLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)
419         {
420                 ret = process_h245_channel(pskb, ct, ctinfo, data, dataoff,
421                                            &olc->
422                                            forwardLogicalChannelParameters.
423                                            multiplexParameters.
424                                            h2250LogicalChannelParameters);
425                 if (ret < 0)
426                         return -1;
427         }
428
429         if ((olc->options &
430              eOpenLogicalChannel_reverseLogicalChannelParameters) &&
431             (olc->reverseLogicalChannelParameters.options &
432              eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters)
433             && (olc->reverseLogicalChannelParameters.multiplexParameters.
434                 choice ==
435                 eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters))
436         {
437                 ret =
438                     process_h245_channel(pskb, ct, ctinfo, data, dataoff,
439                                          &olc->
440                                          reverseLogicalChannelParameters.
441                                          multiplexParameters.
442                                          h2250LogicalChannelParameters);
443                 if (ret < 0)
444                         return -1;
445         }
446
447         if ((olc->options & eOpenLogicalChannel_separateStack) &&
448             olc->forwardLogicalChannelParameters.dataType.choice ==
449             eDataType_data &&
450             olc->forwardLogicalChannelParameters.dataType.data.application.
451             choice == eDataApplicationCapability_application_t120 &&
452             olc->forwardLogicalChannelParameters.dataType.data.application.
453             t120.choice == eDataProtocolCapability_separateLANStack &&
454             olc->separateStack.networkAddress.choice ==
455             eNetworkAccessParameters_networkAddress_localAreaAddress) {
456                 ret = expect_t120(pskb, ct, ctinfo, data, dataoff,
457                                   &olc->separateStack.networkAddress.
458                                   localAreaAddress);
459                 if (ret < 0)
460                         return -1;
461         }
462
463         return 0;
464 }
465
466 /****************************************************************************/
467 static int process_olca(struct sk_buff **pskb, struct ip_conntrack *ct,
468                         enum ip_conntrack_info ctinfo,
469                         unsigned char **data, int dataoff,
470                         OpenLogicalChannelAck * olca)
471 {
472         H2250LogicalChannelAckParameters *ack;
473         int ret;
474
475         DEBUGP("ip_ct_h323: OpenLogicalChannelAck\n");
476
477         if ((olca->options &
478              eOpenLogicalChannelAck_reverseLogicalChannelParameters) &&
479             (olca->reverseLogicalChannelParameters.options &
480              eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters)
481             && (olca->reverseLogicalChannelParameters.multiplexParameters.
482                 choice ==
483                 eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters))
484         {
485                 ret = process_h245_channel(pskb, ct, ctinfo, data, dataoff,
486                                            &olca->
487                                            reverseLogicalChannelParameters.
488                                            multiplexParameters.
489                                            h2250LogicalChannelParameters);
490                 if (ret < 0)
491                         return -1;
492         }
493
494         if ((olca->options &
495              eOpenLogicalChannelAck_forwardMultiplexAckParameters) &&
496             (olca->forwardMultiplexAckParameters.choice ==
497              eOpenLogicalChannelAck_forwardMultiplexAckParameters_h2250LogicalChannelAckParameters))
498         {
499                 ack = &olca->forwardMultiplexAckParameters.
500                     h2250LogicalChannelAckParameters;
501                 if (ack->options &
502                     eH2250LogicalChannelAckParameters_mediaChannel) {
503                         /* RTP */
504                         ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff,
505                                               &ack->mediaChannel);
506                         if (ret < 0)
507                                 return -1;
508                 }
509
510                 if (ack->options &
511                     eH2250LogicalChannelAckParameters_mediaControlChannel) {
512                         /* RTCP */
513                         ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff,
514                                               &ack->mediaControlChannel);
515                         if (ret < 0)
516                                 return -1;
517                 }
518         }
519
520         return 0;
521 }
522
523 /****************************************************************************/
524 static int process_h245(struct sk_buff **pskb, struct ip_conntrack *ct,
525                         enum ip_conntrack_info ctinfo,
526                         unsigned char **data, int dataoff,
527                         MultimediaSystemControlMessage * mscm)
528 {
529         switch (mscm->choice) {
530         case eMultimediaSystemControlMessage_request:
531                 if (mscm->request.choice ==
532                     eRequestMessage_openLogicalChannel) {
533                         return process_olc(pskb, ct, ctinfo, data, dataoff,
534                                            &mscm->request.openLogicalChannel);
535                 }
536                 DEBUGP("ip_ct_h323: H.245 Request %d\n",
537                        mscm->request.choice);
538                 break;
539         case eMultimediaSystemControlMessage_response:
540                 if (mscm->response.choice ==
541                     eResponseMessage_openLogicalChannelAck) {
542                         return process_olca(pskb, ct, ctinfo, data, dataoff,
543                                             &mscm->response.
544                                             openLogicalChannelAck);
545                 }
546                 DEBUGP("ip_ct_h323: H.245 Response %d\n",
547                        mscm->response.choice);
548                 break;
549         default:
550                 DEBUGP("ip_ct_h323: H.245 signal %d\n", mscm->choice);
551                 break;
552         }
553
554         return 0;
555 }
556
557 /****************************************************************************/
558 static int h245_help(struct sk_buff **pskb, struct ip_conntrack *ct,
559                      enum ip_conntrack_info ctinfo)
560 {
561         static MultimediaSystemControlMessage mscm;
562         unsigned char *data = NULL;
563         int datalen;
564         int dataoff;
565         int ret;
566
567         /* Until there's been traffic both ways, don't look in packets. */
568         if (ctinfo != IP_CT_ESTABLISHED
569             && ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) {
570                 return NF_ACCEPT;
571         }
572         DEBUGP("ip_ct_h245: skblen = %u\n", (*pskb)->len);
573
574         spin_lock_bh(&ip_h323_lock);
575
576         /* Process each TPKT */
577         while (get_tpkt_data(pskb, ct, ctinfo, &data, &datalen, &dataoff)) {
578                 DEBUGP("ip_ct_h245: TPKT %u.%u.%u.%u->%u.%u.%u.%u, len=%d\n",
579                        NIPQUAD((*pskb)->nh.iph->saddr),
580                        NIPQUAD((*pskb)->nh.iph->daddr), datalen);
581
582                 /* Decode H.245 signal */
583                 ret = DecodeMultimediaSystemControlMessage(data, datalen,
584                                                            &mscm);
585                 if (ret < 0) {
586                         if (net_ratelimit())
587                                 printk("ip_ct_h245: decoding error: %s\n",
588                                        ret == H323_ERROR_BOUND ?
589                                        "out of bound" : "out of range");
590                         /* We don't drop when decoding error */
591                         break;
592                 }
593
594                 /* Process H.245 signal */
595                 if (process_h245(pskb, ct, ctinfo, &data, dataoff, &mscm) < 0)
596                         goto drop;
597         }
598
599         spin_unlock_bh(&ip_h323_lock);
600         return NF_ACCEPT;
601
602       drop:
603         spin_unlock_bh(&ip_h323_lock);
604         if (net_ratelimit())
605                 printk("ip_ct_h245: packet dropped\n");
606         return NF_DROP;
607 }
608
609 /****************************************************************************/
610 static struct ip_conntrack_helper ip_conntrack_helper_h245 = {
611         .name = "H.245",
612         .me = THIS_MODULE,
613         .max_expected = H323_RTP_CHANNEL_MAX * 4 + 2 /* T.120 */ ,
614         .timeout = 240,
615         .tuple = {.dst = {.protonum = IPPROTO_TCP}},
616         .mask = {.src = {.u = {0xFFFF}},
617                  .dst = {.protonum = 0xFF}},
618         .help = h245_help
619 };
620
621 /****************************************************************************/
622 void ip_conntrack_h245_expect(struct ip_conntrack *new,
623                               struct ip_conntrack_expect *this)
624 {
625         write_lock_bh(&ip_conntrack_lock);
626         new->helper = &ip_conntrack_helper_h245;
627         write_unlock_bh(&ip_conntrack_lock);
628 }
629
630 /****************************************************************************/
631 int get_h225_addr(unsigned char *data, TransportAddress * addr,
632                   __be32 * ip, u_int16_t * port)
633 {
634         unsigned char *p;
635
636         if (addr->choice != eTransportAddress_ipAddress)
637                 return 0;
638
639         p = data + addr->ipAddress.ip;
640         *ip = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | (p[3]));
641         *port = (p[4] << 8) | (p[5]);
642
643         return 1;
644 }
645
646 /****************************************************************************/
647 static int expect_h245(struct sk_buff **pskb, struct ip_conntrack *ct,
648                        enum ip_conntrack_info ctinfo,
649                        unsigned char **data, int dataoff,
650                        TransportAddress * addr)
651 {
652         int dir = CTINFO2DIR(ctinfo);
653         int ret = 0;
654         __be32 ip;
655         u_int16_t port;
656         struct ip_conntrack_expect *exp = NULL;
657         typeof(nat_h245_hook) nat_h245;
658
659         /* Read h245Address */
660         if (!get_h225_addr(*data, addr, &ip, &port) ||
661             ip != ct->tuplehash[dir].tuple.src.ip || port == 0)
662                 return 0;
663
664         /* Create expect for h245 connection */
665         if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
666                 return -1;
667         exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
668         exp->tuple.src.u.tcp.port = 0;
669         exp->tuple.dst.ip = ct->tuplehash[!dir].tuple.dst.ip;
670         exp->tuple.dst.u.tcp.port = htons(port);
671         exp->tuple.dst.protonum = IPPROTO_TCP;
672         exp->mask.src.ip = htonl(0xFFFFFFFF);
673         exp->mask.src.u.tcp.port = 0;
674         exp->mask.dst.ip = htonl(0xFFFFFFFF);
675         exp->mask.dst.u.tcp.port = htons(0xFFFF);
676         exp->mask.dst.protonum = 0xFF;
677         exp->flags = 0;
678
679         if (ct->tuplehash[dir].tuple.src.ip !=
680             ct->tuplehash[!dir].tuple.dst.ip &&
681             (nat_h245 = rcu_dereference(nat_h245_hook))) {
682                 /* NAT needed */
683                 ret = nat_h245(pskb, ct, ctinfo, data, dataoff, addr,
684                                port, exp);
685         } else {                /* Conntrack only */
686                 exp->expectfn = ip_conntrack_h245_expect;
687
688                 if (ip_conntrack_expect_related(exp) == 0) {
689                         DEBUGP("ip_ct_q931: expect H.245 "
690                                "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
691                                NIPQUAD(exp->tuple.src.ip),
692                                ntohs(exp->tuple.src.u.tcp.port),
693                                NIPQUAD(exp->tuple.dst.ip),
694                                ntohs(exp->tuple.dst.u.tcp.port));
695                 } else
696                         ret = -1;
697         }
698
699         ip_conntrack_expect_put(exp);
700
701         return ret;
702 }
703
704 /* Forwarding declaration */
705 void ip_conntrack_q931_expect(struct ip_conntrack *new,
706                               struct ip_conntrack_expect *this);
707
708 /****************************************************************************/
709 static int expect_callforwarding(struct sk_buff **pskb,
710                                  struct ip_conntrack *ct,
711                                  enum ip_conntrack_info ctinfo,
712                                  unsigned char **data, int dataoff,
713                                  TransportAddress * addr)
714 {
715         int dir = CTINFO2DIR(ctinfo);
716         int ret = 0;
717         __be32 ip;
718         u_int16_t port;
719         struct ip_conntrack_expect *exp = NULL;
720         typeof(nat_callforwarding_hook) nat_callforwarding;
721
722         /* Read alternativeAddress */
723         if (!get_h225_addr(*data, addr, &ip, &port) || port == 0)
724                 return 0;
725
726         /* If the calling party is on the same side of the forward-to party,
727          * we don't need to track the second call */
728         if (callforward_filter) {
729                 struct rtable *rt1, *rt2;
730                 struct flowi fl1 = {
731                         .fl4_dst = ip,
732                 };
733                 struct flowi fl2 = {
734                         .fl4_dst = ct->tuplehash[!dir].tuple.src.ip,
735                 };
736
737                 if (ip_route_output_key(&rt1, &fl1) == 0) {
738                         if (ip_route_output_key(&rt2, &fl2) == 0) {
739                                 if (rt1->rt_gateway == rt2->rt_gateway &&
740                                     rt1->u.dst.dev  == rt2->u.dst.dev)
741                                         ret = 1;
742                                 dst_release(&rt2->u.dst);
743                         }
744                         dst_release(&rt1->u.dst);
745                 }
746                 if (ret) {
747                         DEBUGP("ip_ct_q931: Call Forwarding not tracked\n");
748                         return 0;
749                 }
750         }
751
752         /* Create expect for the second call leg */
753         if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
754                 return -1;
755         exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
756         exp->tuple.src.u.tcp.port = 0;
757         exp->tuple.dst.ip = ip;
758         exp->tuple.dst.u.tcp.port = htons(port);
759         exp->tuple.dst.protonum = IPPROTO_TCP;
760         exp->mask.src.ip = htonl(0xFFFFFFFF);
761         exp->mask.src.u.tcp.port = 0;
762         exp->mask.dst.ip = htonl(0xFFFFFFFF);
763         exp->mask.dst.u.tcp.port = htons(0xFFFF);
764         exp->mask.dst.protonum = 0xFF;
765         exp->flags = 0;
766
767         if (ct->tuplehash[dir].tuple.src.ip !=
768             ct->tuplehash[!dir].tuple.dst.ip &&
769             (nat_callforwarding = rcu_dereference(nat_callforwarding_hook))) {
770                 /* Need NAT */
771                 ret = nat_callforwarding(pskb, ct, ctinfo, data, dataoff,
772                                          addr, port, exp);
773         } else {                /* Conntrack only */
774                 exp->expectfn = ip_conntrack_q931_expect;
775
776                 if (ip_conntrack_expect_related(exp) == 0) {
777                         DEBUGP("ip_ct_q931: expect Call Forwarding "
778                                "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
779                                NIPQUAD(exp->tuple.src.ip),
780                                ntohs(exp->tuple.src.u.tcp.port),
781                                NIPQUAD(exp->tuple.dst.ip),
782                                ntohs(exp->tuple.dst.u.tcp.port));
783                 } else
784                         ret = -1;
785         }
786
787         ip_conntrack_expect_put(exp);
788
789         return ret;
790 }
791
792 /****************************************************************************/
793 static int process_setup(struct sk_buff **pskb, struct ip_conntrack *ct,
794                          enum ip_conntrack_info ctinfo,
795                          unsigned char **data, int dataoff,
796                          Setup_UUIE * setup)
797 {
798         int dir = CTINFO2DIR(ctinfo);
799         int ret;
800         int i;
801         __be32 ip;
802         u_int16_t port;
803         typeof(set_h225_addr_hook) set_h225_addr;
804
805         DEBUGP("ip_ct_q931: Setup\n");
806
807         if (setup->options & eSetup_UUIE_h245Address) {
808                 ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
809                                   &setup->h245Address);
810                 if (ret < 0)
811                         return -1;
812         }
813
814         set_h225_addr = rcu_dereference(set_h225_addr_hook);
815
816         if ((setup->options & eSetup_UUIE_destCallSignalAddress) &&
817             (set_h225_addr) &&
818             get_h225_addr(*data, &setup->destCallSignalAddress, &ip, &port) &&
819             ip != ct->tuplehash[!dir].tuple.src.ip) {
820                 DEBUGP("ip_ct_q931: set destCallSignalAddress "
821                        "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
822                        NIPQUAD(ip), port,
823                        NIPQUAD(ct->tuplehash[!dir].tuple.src.ip),
824                        ntohs(ct->tuplehash[!dir].tuple.src.u.tcp.port));
825                 ret = set_h225_addr(pskb, data, dataoff,
826                                     &setup->destCallSignalAddress,
827                                     ct->tuplehash[!dir].tuple.src.ip,
828                                     ntohs(ct->tuplehash[!dir].tuple.src.
829                                           u.tcp.port));
830                 if (ret < 0)
831                         return -1;
832         }
833
834         if ((setup->options & eSetup_UUIE_sourceCallSignalAddress) &&
835             (set_h225_addr) &&
836             get_h225_addr(*data, &setup->sourceCallSignalAddress, &ip, &port)
837             && ip != ct->tuplehash[!dir].tuple.dst.ip) {
838                 DEBUGP("ip_ct_q931: set sourceCallSignalAddress "
839                        "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
840                        NIPQUAD(ip), port,
841                        NIPQUAD(ct->tuplehash[!dir].tuple.dst.ip),
842                        ntohs(ct->tuplehash[!dir].tuple.dst.u.tcp.port));
843                 ret = set_h225_addr(pskb, data, dataoff,
844                                     &setup->sourceCallSignalAddress,
845                                     ct->tuplehash[!dir].tuple.dst.ip,
846                                     ntohs(ct->tuplehash[!dir].tuple.dst.
847                                           u.tcp.port));
848                 if (ret < 0)
849                         return -1;
850         }
851
852         if (setup->options & eSetup_UUIE_fastStart) {
853                 for (i = 0; i < setup->fastStart.count; i++) {
854                         ret = process_olc(pskb, ct, ctinfo, data, dataoff,
855                                           &setup->fastStart.item[i]);
856                         if (ret < 0)
857                                 return -1;
858                 }
859         }
860
861         return 0;
862 }
863
864 /****************************************************************************/
865 static int process_callproceeding(struct sk_buff **pskb,
866                                   struct ip_conntrack *ct,
867                                   enum ip_conntrack_info ctinfo,
868                                   unsigned char **data, int dataoff,
869                                   CallProceeding_UUIE * callproc)
870 {
871         int ret;
872         int i;
873
874         DEBUGP("ip_ct_q931: CallProceeding\n");
875
876         if (callproc->options & eCallProceeding_UUIE_h245Address) {
877                 ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
878                                   &callproc->h245Address);
879                 if (ret < 0)
880                         return -1;
881         }
882
883         if (callproc->options & eCallProceeding_UUIE_fastStart) {
884                 for (i = 0; i < callproc->fastStart.count; i++) {
885                         ret = process_olc(pskb, ct, ctinfo, data, dataoff,
886                                           &callproc->fastStart.item[i]);
887                         if (ret < 0)
888                                 return -1;
889                 }
890         }
891
892         return 0;
893 }
894
895 /****************************************************************************/
896 static int process_connect(struct sk_buff **pskb, struct ip_conntrack *ct,
897                            enum ip_conntrack_info ctinfo,
898                            unsigned char **data, int dataoff,
899                            Connect_UUIE * connect)
900 {
901         int ret;
902         int i;
903
904         DEBUGP("ip_ct_q931: Connect\n");
905
906         if (connect->options & eConnect_UUIE_h245Address) {
907                 ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
908                                   &connect->h245Address);
909                 if (ret < 0)
910                         return -1;
911         }
912
913         if (connect->options & eConnect_UUIE_fastStart) {
914                 for (i = 0; i < connect->fastStart.count; i++) {
915                         ret = process_olc(pskb, ct, ctinfo, data, dataoff,
916                                           &connect->fastStart.item[i]);
917                         if (ret < 0)
918                                 return -1;
919                 }
920         }
921
922         return 0;
923 }
924
925 /****************************************************************************/
926 static int process_alerting(struct sk_buff **pskb, struct ip_conntrack *ct,
927                             enum ip_conntrack_info ctinfo,
928                             unsigned char **data, int dataoff,
929                             Alerting_UUIE * alert)
930 {
931         int ret;
932         int i;
933
934         DEBUGP("ip_ct_q931: Alerting\n");
935
936         if (alert->options & eAlerting_UUIE_h245Address) {
937                 ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
938                                   &alert->h245Address);
939                 if (ret < 0)
940                         return -1;
941         }
942
943         if (alert->options & eAlerting_UUIE_fastStart) {
944                 for (i = 0; i < alert->fastStart.count; i++) {
945                         ret = process_olc(pskb, ct, ctinfo, data, dataoff,
946                                           &alert->fastStart.item[i]);
947                         if (ret < 0)
948                                 return -1;
949                 }
950         }
951
952         return 0;
953 }
954
955 /****************************************************************************/
956 static int process_information(struct sk_buff **pskb,
957                                struct ip_conntrack *ct,
958                                enum ip_conntrack_info ctinfo,
959                                unsigned char **data, int dataoff,
960                                Information_UUIE * info)
961 {
962         int ret;
963         int i;
964
965         DEBUGP("ip_ct_q931: Information\n");
966
967         if (info->options & eInformation_UUIE_fastStart) {
968                 for (i = 0; i < info->fastStart.count; i++) {
969                         ret = process_olc(pskb, ct, ctinfo, data, dataoff,
970                                           &info->fastStart.item[i]);
971                         if (ret < 0)
972                                 return -1;
973                 }
974         }
975
976         return 0;
977 }
978
979 /****************************************************************************/
980 static int process_facility(struct sk_buff **pskb, struct ip_conntrack *ct,
981                             enum ip_conntrack_info ctinfo,
982                             unsigned char **data, int dataoff,
983                             Facility_UUIE * facility)
984 {
985         int ret;
986         int i;
987
988         DEBUGP("ip_ct_q931: Facility\n");
989
990         if (facility->reason.choice == eFacilityReason_callForwarded) {
991                 if (facility->options & eFacility_UUIE_alternativeAddress)
992                         return expect_callforwarding(pskb, ct, ctinfo, data,
993                                                      dataoff,
994                                                      &facility->
995                                                      alternativeAddress);
996                 return 0;
997         }
998
999         if (facility->options & eFacility_UUIE_h245Address) {
1000                 ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
1001                                   &facility->h245Address);
1002                 if (ret < 0)
1003                         return -1;
1004         }
1005
1006         if (facility->options & eFacility_UUIE_fastStart) {
1007                 for (i = 0; i < facility->fastStart.count; i++) {
1008                         ret = process_olc(pskb, ct, ctinfo, data, dataoff,
1009                                           &facility->fastStart.item[i]);
1010                         if (ret < 0)
1011                                 return -1;
1012                 }
1013         }
1014
1015         return 0;
1016 }
1017
1018 /****************************************************************************/
1019 static int process_progress(struct sk_buff **pskb, struct ip_conntrack *ct,
1020                             enum ip_conntrack_info ctinfo,
1021                             unsigned char **data, int dataoff,
1022                             Progress_UUIE * progress)
1023 {
1024         int ret;
1025         int i;
1026
1027         DEBUGP("ip_ct_q931: Progress\n");
1028
1029         if (progress->options & eProgress_UUIE_h245Address) {
1030                 ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
1031                                   &progress->h245Address);
1032                 if (ret < 0)
1033                         return -1;
1034         }
1035
1036         if (progress->options & eProgress_UUIE_fastStart) {
1037                 for (i = 0; i < progress->fastStart.count; i++) {
1038                         ret = process_olc(pskb, ct, ctinfo, data, dataoff,
1039                                           &progress->fastStart.item[i]);
1040                         if (ret < 0)
1041                                 return -1;
1042                 }
1043         }
1044
1045         return 0;
1046 }
1047
1048 /****************************************************************************/
1049 static int process_q931(struct sk_buff **pskb, struct ip_conntrack *ct,
1050                         enum ip_conntrack_info ctinfo,
1051                         unsigned char **data, int dataoff, Q931 * q931)
1052 {
1053         H323_UU_PDU *pdu = &q931->UUIE.h323_uu_pdu;
1054         int i;
1055         int ret = 0;
1056
1057         switch (pdu->h323_message_body.choice) {
1058         case eH323_UU_PDU_h323_message_body_setup:
1059                 ret = process_setup(pskb, ct, ctinfo, data, dataoff,
1060                                     &pdu->h323_message_body.setup);
1061                 break;
1062         case eH323_UU_PDU_h323_message_body_callProceeding:
1063                 ret = process_callproceeding(pskb, ct, ctinfo, data, dataoff,
1064                                              &pdu->h323_message_body.
1065                                              callProceeding);
1066                 break;
1067         case eH323_UU_PDU_h323_message_body_connect:
1068                 ret = process_connect(pskb, ct, ctinfo, data, dataoff,
1069                                       &pdu->h323_message_body.connect);
1070                 break;
1071         case eH323_UU_PDU_h323_message_body_alerting:
1072                 ret = process_alerting(pskb, ct, ctinfo, data, dataoff,
1073                                        &pdu->h323_message_body.alerting);
1074                 break;
1075         case eH323_UU_PDU_h323_message_body_information:
1076                 ret = process_information(pskb, ct, ctinfo, data, dataoff,
1077                                           &pdu->h323_message_body.
1078                                           information);
1079                 break;
1080         case eH323_UU_PDU_h323_message_body_facility:
1081                 ret = process_facility(pskb, ct, ctinfo, data, dataoff,
1082                                        &pdu->h323_message_body.facility);
1083                 break;
1084         case eH323_UU_PDU_h323_message_body_progress:
1085                 ret = process_progress(pskb, ct, ctinfo, data, dataoff,
1086                                        &pdu->h323_message_body.progress);
1087                 break;
1088         default:
1089                 DEBUGP("ip_ct_q931: Q.931 signal %d\n",
1090                        pdu->h323_message_body.choice);
1091                 break;
1092         }
1093
1094         if (ret < 0)
1095                 return -1;
1096
1097         if (pdu->options & eH323_UU_PDU_h245Control) {
1098                 for (i = 0; i < pdu->h245Control.count; i++) {
1099                         ret = process_h245(pskb, ct, ctinfo, data, dataoff,
1100                                            &pdu->h245Control.item[i]);
1101                         if (ret < 0)
1102                                 return -1;
1103                 }
1104         }
1105
1106         return 0;
1107 }
1108
1109 /****************************************************************************/
1110 static int q931_help(struct sk_buff **pskb, struct ip_conntrack *ct,
1111                      enum ip_conntrack_info ctinfo)
1112 {
1113         static Q931 q931;
1114         unsigned char *data = NULL;
1115         int datalen;
1116         int dataoff;
1117         int ret;
1118
1119         /* Until there's been traffic both ways, don't look in packets. */
1120         if (ctinfo != IP_CT_ESTABLISHED
1121             && ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) {
1122                 return NF_ACCEPT;
1123         }
1124         DEBUGP("ip_ct_q931: skblen = %u\n", (*pskb)->len);
1125
1126         spin_lock_bh(&ip_h323_lock);
1127
1128         /* Process each TPKT */
1129         while (get_tpkt_data(pskb, ct, ctinfo, &data, &datalen, &dataoff)) {
1130                 DEBUGP("ip_ct_q931: TPKT %u.%u.%u.%u->%u.%u.%u.%u, len=%d\n",
1131                        NIPQUAD((*pskb)->nh.iph->saddr),
1132                        NIPQUAD((*pskb)->nh.iph->daddr), datalen);
1133
1134                 /* Decode Q.931 signal */
1135                 ret = DecodeQ931(data, datalen, &q931);
1136                 if (ret < 0) {
1137                         if (net_ratelimit())
1138                                 printk("ip_ct_q931: decoding error: %s\n",
1139                                        ret == H323_ERROR_BOUND ?
1140                                        "out of bound" : "out of range");
1141                         /* We don't drop when decoding error */
1142                         break;
1143                 }
1144
1145                 /* Process Q.931 signal */
1146                 if (process_q931(pskb, ct, ctinfo, &data, dataoff, &q931) < 0)
1147                         goto drop;
1148         }
1149
1150         spin_unlock_bh(&ip_h323_lock);
1151         return NF_ACCEPT;
1152
1153       drop:
1154         spin_unlock_bh(&ip_h323_lock);
1155         if (net_ratelimit())
1156                 printk("ip_ct_q931: packet dropped\n");
1157         return NF_DROP;
1158 }
1159
1160 /****************************************************************************/
1161 static struct ip_conntrack_helper ip_conntrack_helper_q931 = {
1162         .name = "Q.931",
1163         .me = THIS_MODULE,
1164         .max_expected = H323_RTP_CHANNEL_MAX * 4 + 4 /* T.120 and H.245 */ ,
1165         .timeout = 240,
1166         .tuple = {.src = {.u = {.tcp = {.port = __constant_htons(Q931_PORT)}}},
1167                   .dst = {.protonum = IPPROTO_TCP}},
1168         .mask = {.src = {.u = {0xFFFF}},
1169                  .dst = {.protonum = 0xFF}},
1170         .help = q931_help
1171 };
1172
1173 /****************************************************************************/
1174 void ip_conntrack_q931_expect(struct ip_conntrack *new,
1175                               struct ip_conntrack_expect *this)
1176 {
1177         write_lock_bh(&ip_conntrack_lock);
1178         new->helper = &ip_conntrack_helper_q931;
1179         write_unlock_bh(&ip_conntrack_lock);
1180 }
1181
1182 /****************************************************************************/
1183 static unsigned char *get_udp_data(struct sk_buff **pskb, int *datalen)
1184 {
1185         struct udphdr _uh, *uh;
1186         int dataoff;
1187
1188         uh = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl * 4, sizeof(_uh),
1189                                 &_uh);
1190         if (uh == NULL)
1191                 return NULL;
1192         dataoff = (*pskb)->nh.iph->ihl * 4 + sizeof(_uh);
1193         if (dataoff >= (*pskb)->len)
1194                 return NULL;
1195         *datalen = (*pskb)->len - dataoff;
1196         return skb_header_pointer(*pskb, dataoff, *datalen, h323_buffer);
1197 }
1198
1199 /****************************************************************************/
1200 static struct ip_conntrack_expect *find_expect(struct ip_conntrack *ct,
1201                                                __be32 ip, u_int16_t port)
1202 {
1203         struct ip_conntrack_expect *exp;
1204         struct ip_conntrack_tuple tuple;
1205
1206         tuple.src.ip = 0;
1207         tuple.src.u.tcp.port = 0;
1208         tuple.dst.ip = ip;
1209         tuple.dst.u.tcp.port = htons(port);
1210         tuple.dst.protonum = IPPROTO_TCP;
1211
1212         exp = __ip_conntrack_expect_find(&tuple);
1213         if (exp && exp->master == ct)
1214                 return exp;
1215         return NULL;
1216 }
1217
1218 /****************************************************************************/
1219 static int set_expect_timeout(struct ip_conntrack_expect *exp,
1220                               unsigned timeout)
1221 {
1222         if (!exp || !del_timer(&exp->timeout))
1223                 return 0;
1224
1225         exp->timeout.expires = jiffies + timeout * HZ;
1226         add_timer(&exp->timeout);
1227
1228         return 1;
1229 }
1230
1231 /****************************************************************************/
1232 static int expect_q931(struct sk_buff **pskb, struct ip_conntrack *ct,
1233                        enum ip_conntrack_info ctinfo,
1234                        unsigned char **data,
1235                        TransportAddress * addr, int count)
1236 {
1237         struct ip_ct_h323_master *info = &ct->help.ct_h323_info;
1238         int dir = CTINFO2DIR(ctinfo);
1239         int ret = 0;
1240         int i;
1241         __be32 ip;
1242         u_int16_t port;
1243         struct ip_conntrack_expect *exp;
1244         typeof(nat_q931_hook) nat_q931;
1245
1246         /* Look for the first related address */
1247         for (i = 0; i < count; i++) {
1248                 if (get_h225_addr(*data, &addr[i], &ip, &port) &&
1249                     ip == ct->tuplehash[dir].tuple.src.ip && port != 0)
1250                         break;
1251         }
1252
1253         if (i >= count)         /* Not found */
1254                 return 0;
1255
1256         /* Create expect for Q.931 */
1257         if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
1258                 return -1;
1259         exp->tuple.src.ip = gkrouted_only ?     /* only accept calls from GK? */
1260             ct->tuplehash[!dir].tuple.src.ip : 0;
1261         exp->tuple.src.u.tcp.port = 0;
1262         exp->tuple.dst.ip = ct->tuplehash[!dir].tuple.dst.ip;
1263         exp->tuple.dst.u.tcp.port = htons(port);
1264         exp->tuple.dst.protonum = IPPROTO_TCP;
1265         exp->mask.src.ip = gkrouted_only ? htonl(0xFFFFFFFF) : 0;
1266         exp->mask.src.u.tcp.port = 0;
1267         exp->mask.dst.ip = htonl(0xFFFFFFFF);
1268         exp->mask.dst.u.tcp.port = htons(0xFFFF);
1269         exp->mask.dst.protonum = 0xFF;
1270         exp->flags = IP_CT_EXPECT_PERMANENT;    /* Accept multiple calls */
1271
1272         nat_q931 = rcu_dereference(nat_q931_hook);
1273         if (nat_q931) { /* Need NAT */
1274                 ret = nat_q931(pskb, ct, ctinfo, data, addr, i, port, exp);
1275         } else {                /* Conntrack only */
1276                 exp->expectfn = ip_conntrack_q931_expect;
1277
1278                 if (ip_conntrack_expect_related(exp) == 0) {
1279                         DEBUGP("ip_ct_ras: expect Q.931 "
1280                                "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
1281                                NIPQUAD(exp->tuple.src.ip),
1282                                ntohs(exp->tuple.src.u.tcp.port),
1283                                NIPQUAD(exp->tuple.dst.ip),
1284                                ntohs(exp->tuple.dst.u.tcp.port));
1285
1286                         /* Save port for looking up expect in processing RCF */
1287                         info->sig_port[dir] = port;
1288                 } else
1289                         ret = -1;
1290         }
1291
1292         ip_conntrack_expect_put(exp);
1293
1294         return ret;
1295 }
1296
1297 /****************************************************************************/
1298 static int process_grq(struct sk_buff **pskb, struct ip_conntrack *ct,
1299                        enum ip_conntrack_info ctinfo,
1300                        unsigned char **data, GatekeeperRequest * grq)
1301 {
1302         typeof(set_ras_addr_hook) set_ras_addr;
1303
1304         DEBUGP("ip_ct_ras: GRQ\n");
1305
1306         set_ras_addr = rcu_dereference(set_ras_addr_hook);
1307         if (set_ras_addr)       /* NATed */
1308                 return set_ras_addr(pskb, ct, ctinfo, data,
1309                                     &grq->rasAddress, 1);
1310         return 0;
1311 }
1312
1313 /* Declare before using */
1314 static void ip_conntrack_ras_expect(struct ip_conntrack *new,
1315                                     struct ip_conntrack_expect *this);
1316
1317 /****************************************************************************/
1318 static int process_gcf(struct sk_buff **pskb, struct ip_conntrack *ct,
1319                        enum ip_conntrack_info ctinfo,
1320                        unsigned char **data, GatekeeperConfirm * gcf)
1321 {
1322         int dir = CTINFO2DIR(ctinfo);
1323         int ret = 0;
1324         __be32 ip;
1325         u_int16_t port;
1326         struct ip_conntrack_expect *exp;
1327
1328         DEBUGP("ip_ct_ras: GCF\n");
1329
1330         if (!get_h225_addr(*data, &gcf->rasAddress, &ip, &port))
1331                 return 0;
1332
1333         /* Registration port is the same as discovery port */
1334         if (ip == ct->tuplehash[dir].tuple.src.ip &&
1335             port == ntohs(ct->tuplehash[dir].tuple.src.u.udp.port))
1336                 return 0;
1337
1338         /* Avoid RAS expectation loops. A GCF is never expected. */
1339         if (test_bit(IPS_EXPECTED_BIT, &ct->status))
1340                 return 0;
1341
1342         /* Need new expect */
1343         if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
1344                 return -1;
1345         exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
1346         exp->tuple.src.u.tcp.port = 0;
1347         exp->tuple.dst.ip = ip;
1348         exp->tuple.dst.u.tcp.port = htons(port);
1349         exp->tuple.dst.protonum = IPPROTO_UDP;
1350         exp->mask.src.ip = htonl(0xFFFFFFFF);
1351         exp->mask.src.u.tcp.port = 0;
1352         exp->mask.dst.ip = htonl(0xFFFFFFFF);
1353         exp->mask.dst.u.tcp.port = htons(0xFFFF);
1354         exp->mask.dst.protonum = 0xFF;
1355         exp->flags = 0;
1356         exp->expectfn = ip_conntrack_ras_expect;
1357         if (ip_conntrack_expect_related(exp) == 0) {
1358                 DEBUGP("ip_ct_ras: expect RAS "
1359                        "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
1360                        NIPQUAD(exp->tuple.src.ip),
1361                        ntohs(exp->tuple.src.u.tcp.port),
1362                        NIPQUAD(exp->tuple.dst.ip),
1363                        ntohs(exp->tuple.dst.u.tcp.port));
1364         } else
1365                 ret = -1;
1366
1367         ip_conntrack_expect_put(exp);
1368
1369         return ret;
1370 }
1371
1372 /****************************************************************************/
1373 static int process_rrq(struct sk_buff **pskb, struct ip_conntrack *ct,
1374                        enum ip_conntrack_info ctinfo,
1375                        unsigned char **data, RegistrationRequest * rrq)
1376 {
1377         struct ip_ct_h323_master *info = &ct->help.ct_h323_info;
1378         int ret;
1379         typeof(set_ras_addr_hook) set_ras_addr;
1380
1381         DEBUGP("ip_ct_ras: RRQ\n");
1382
1383         ret = expect_q931(pskb, ct, ctinfo, data,
1384                           rrq->callSignalAddress.item,
1385                           rrq->callSignalAddress.count);
1386         if (ret < 0)
1387                 return -1;
1388
1389         set_ras_addr = rcu_dereference(set_ras_addr_hook);
1390         if (set_ras_addr) {
1391                 ret = set_ras_addr(pskb, ct, ctinfo, data,
1392                                    rrq->rasAddress.item,
1393                                    rrq->rasAddress.count);
1394                 if (ret < 0)
1395                         return -1;
1396         }
1397
1398         if (rrq->options & eRegistrationRequest_timeToLive) {
1399                 DEBUGP("ip_ct_ras: RRQ TTL = %u seconds\n", rrq->timeToLive);
1400                 info->timeout = rrq->timeToLive;
1401         } else
1402                 info->timeout = default_rrq_ttl;
1403
1404         return 0;
1405 }
1406
1407 /****************************************************************************/
1408 static int process_rcf(struct sk_buff **pskb, struct ip_conntrack *ct,
1409                        enum ip_conntrack_info ctinfo,
1410                        unsigned char **data, RegistrationConfirm * rcf)
1411 {
1412         struct ip_ct_h323_master *info = &ct->help.ct_h323_info;
1413         int dir = CTINFO2DIR(ctinfo);
1414         int ret;
1415         struct ip_conntrack_expect *exp;
1416         typeof(set_sig_addr_hook) set_sig_addr;
1417
1418         DEBUGP("ip_ct_ras: RCF\n");
1419
1420         set_sig_addr = rcu_dereference(set_sig_addr_hook);
1421         if (set_sig_addr) {
1422                 ret = set_sig_addr(pskb, ct, ctinfo, data,
1423                                    rcf->callSignalAddress.item,
1424                                    rcf->callSignalAddress.count);
1425                 if (ret < 0)
1426                         return -1;
1427         }
1428
1429         if (rcf->options & eRegistrationConfirm_timeToLive) {
1430                 DEBUGP("ip_ct_ras: RCF TTL = %u seconds\n", rcf->timeToLive);
1431                 info->timeout = rcf->timeToLive;
1432         }
1433
1434         if (info->timeout > 0) {
1435                 DEBUGP
1436                     ("ip_ct_ras: set RAS connection timeout to %u seconds\n",
1437                      info->timeout);
1438                 ip_ct_refresh(ct, *pskb, info->timeout * HZ);
1439
1440                 /* Set expect timeout */
1441                 read_lock_bh(&ip_conntrack_lock);
1442                 exp = find_expect(ct, ct->tuplehash[dir].tuple.dst.ip,
1443                                   info->sig_port[!dir]);
1444                 if (exp) {
1445                         DEBUGP("ip_ct_ras: set Q.931 expect "
1446                                "(%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu) "
1447                                "timeout to %u seconds\n",
1448                                NIPQUAD(exp->tuple.src.ip),
1449                                ntohs(exp->tuple.src.u.tcp.port),
1450                                NIPQUAD(exp->tuple.dst.ip),
1451                                ntohs(exp->tuple.dst.u.tcp.port),
1452                                info->timeout);
1453                         set_expect_timeout(exp, info->timeout);
1454                 }
1455                 read_unlock_bh(&ip_conntrack_lock);
1456         }
1457
1458         return 0;
1459 }
1460
1461 /****************************************************************************/
1462 static int process_urq(struct sk_buff **pskb, struct ip_conntrack *ct,
1463                        enum ip_conntrack_info ctinfo,
1464                        unsigned char **data, UnregistrationRequest * urq)
1465 {
1466         struct ip_ct_h323_master *info = &ct->help.ct_h323_info;
1467         int dir = CTINFO2DIR(ctinfo);
1468         int ret;
1469         typeof(set_sig_addr_hook) set_sig_addr;
1470
1471         DEBUGP("ip_ct_ras: URQ\n");
1472
1473         set_sig_addr = rcu_dereference(set_sig_addr_hook);
1474         if (set_sig_addr) {
1475                 ret = set_sig_addr(pskb, ct, ctinfo, data,
1476                                    urq->callSignalAddress.item,
1477                                    urq->callSignalAddress.count);
1478                 if (ret < 0)
1479                         return -1;
1480         }
1481
1482         /* Clear old expect */
1483         ip_ct_remove_expectations(ct);
1484         info->sig_port[dir] = 0;
1485         info->sig_port[!dir] = 0;
1486
1487         /* Give it 30 seconds for UCF or URJ */
1488         ip_ct_refresh(ct, *pskb, 30 * HZ);
1489
1490         return 0;
1491 }
1492
1493 /****************************************************************************/
1494 static int process_arq(struct sk_buff **pskb, struct ip_conntrack *ct,
1495                        enum ip_conntrack_info ctinfo,
1496                        unsigned char **data, AdmissionRequest * arq)
1497 {
1498         struct ip_ct_h323_master *info = &ct->help.ct_h323_info;
1499         int dir = CTINFO2DIR(ctinfo);
1500         __be32 ip;
1501         u_int16_t port;
1502         typeof(set_h225_addr_hook) set_h225_addr;
1503
1504         DEBUGP("ip_ct_ras: ARQ\n");
1505
1506         set_h225_addr = rcu_dereference(set_h225_addr_hook);
1507         if ((arq->options & eAdmissionRequest_destCallSignalAddress) &&
1508             get_h225_addr(*data, &arq->destCallSignalAddress, &ip, &port) &&
1509             ip == ct->tuplehash[dir].tuple.src.ip &&
1510             port == info->sig_port[dir] && set_h225_addr) {
1511                 /* Answering ARQ */
1512                 return set_h225_addr(pskb, data, 0,
1513                                      &arq->destCallSignalAddress,
1514                                      ct->tuplehash[!dir].tuple.dst.ip,
1515                                      info->sig_port[!dir]);
1516         }
1517
1518         if ((arq->options & eAdmissionRequest_srcCallSignalAddress) &&
1519             get_h225_addr(*data, &arq->srcCallSignalAddress, &ip, &port) &&
1520             ip == ct->tuplehash[dir].tuple.src.ip && set_h225_addr) {
1521                 /* Calling ARQ */
1522                 return set_h225_addr(pskb, data, 0,
1523                                      &arq->srcCallSignalAddress,
1524                                      ct->tuplehash[!dir].tuple.dst.ip,
1525                                      port);
1526         }
1527
1528         return 0;
1529 }
1530
1531 /****************************************************************************/
1532 static int process_acf(struct sk_buff **pskb, struct ip_conntrack *ct,
1533                        enum ip_conntrack_info ctinfo,
1534                        unsigned char **data, AdmissionConfirm * acf)
1535 {
1536         int dir = CTINFO2DIR(ctinfo);
1537         int ret = 0;
1538         __be32 ip;
1539         u_int16_t port;
1540         struct ip_conntrack_expect *exp;
1541         typeof(set_sig_addr_hook) set_sig_addr;
1542
1543         DEBUGP("ip_ct_ras: ACF\n");
1544
1545         if (!get_h225_addr(*data, &acf->destCallSignalAddress, &ip, &port))
1546                 return 0;
1547
1548         if (ip == ct->tuplehash[dir].tuple.dst.ip) {    /* Answering ACF */
1549                 set_sig_addr = rcu_dereference(set_sig_addr_hook);
1550                 if (set_sig_addr)
1551                         return set_sig_addr(pskb, ct, ctinfo, data,
1552                                             &acf->destCallSignalAddress, 1);
1553                 return 0;
1554         }
1555
1556         /* Need new expect */
1557         if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
1558                 return -1;
1559         exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
1560         exp->tuple.src.u.tcp.port = 0;
1561         exp->tuple.dst.ip = ip;
1562         exp->tuple.dst.u.tcp.port = htons(port);
1563         exp->tuple.dst.protonum = IPPROTO_TCP;
1564         exp->mask.src.ip = htonl(0xFFFFFFFF);
1565         exp->mask.src.u.tcp.port = 0;
1566         exp->mask.dst.ip = htonl(0xFFFFFFFF);
1567         exp->mask.dst.u.tcp.port = htons(0xFFFF);
1568         exp->mask.dst.protonum = 0xFF;
1569         exp->flags = IP_CT_EXPECT_PERMANENT;
1570         exp->expectfn = ip_conntrack_q931_expect;
1571
1572         if (ip_conntrack_expect_related(exp) == 0) {
1573                 DEBUGP("ip_ct_ras: expect Q.931 "
1574                        "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
1575                        NIPQUAD(exp->tuple.src.ip),
1576                        ntohs(exp->tuple.src.u.tcp.port),
1577                        NIPQUAD(exp->tuple.dst.ip),
1578                        ntohs(exp->tuple.dst.u.tcp.port));
1579         } else
1580                 ret = -1;
1581
1582         ip_conntrack_expect_put(exp);
1583
1584         return ret;
1585 }
1586
1587 /****************************************************************************/
1588 static int process_lrq(struct sk_buff **pskb, struct ip_conntrack *ct,
1589                        enum ip_conntrack_info ctinfo,
1590                        unsigned char **data, LocationRequest * lrq)
1591 {
1592         typeof(set_ras_addr_hook) set_ras_addr;
1593
1594         DEBUGP("ip_ct_ras: LRQ\n");
1595
1596         set_ras_addr = rcu_dereference(set_ras_addr_hook);
1597         if (set_ras_addr)
1598                 return set_ras_addr(pskb, ct, ctinfo, data,
1599                                     &lrq->replyAddress, 1);
1600         return 0;
1601 }
1602
1603 /****************************************************************************/
1604 static int process_lcf(struct sk_buff **pskb, struct ip_conntrack *ct,
1605                        enum ip_conntrack_info ctinfo,
1606                        unsigned char **data, LocationConfirm * lcf)
1607 {
1608         int dir = CTINFO2DIR(ctinfo);
1609         int ret = 0;
1610         __be32 ip;
1611         u_int16_t port;
1612         struct ip_conntrack_expect *exp = NULL;
1613
1614         DEBUGP("ip_ct_ras: LCF\n");
1615
1616         if (!get_h225_addr(*data, &lcf->callSignalAddress, &ip, &port))
1617                 return 0;
1618
1619         /* Need new expect for call signal */
1620         if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
1621                 return -1;
1622         exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
1623         exp->tuple.src.u.tcp.port = 0;
1624         exp->tuple.dst.ip = ip;
1625         exp->tuple.dst.u.tcp.port = htons(port);
1626         exp->tuple.dst.protonum = IPPROTO_TCP;
1627         exp->mask.src.ip = htonl(0xFFFFFFFF);
1628         exp->mask.src.u.tcp.port = 0;
1629         exp->mask.dst.ip = htonl(0xFFFFFFFF);
1630         exp->mask.dst.u.tcp.port = htons(0xFFFF);
1631         exp->mask.dst.protonum = 0xFF;
1632         exp->flags = IP_CT_EXPECT_PERMANENT;
1633         exp->expectfn = ip_conntrack_q931_expect;
1634
1635         if (ip_conntrack_expect_related(exp) == 0) {
1636                 DEBUGP("ip_ct_ras: expect Q.931 "
1637                        "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
1638                        NIPQUAD(exp->tuple.src.ip),
1639                        ntohs(exp->tuple.src.u.tcp.port),
1640                        NIPQUAD(exp->tuple.dst.ip),
1641                        ntohs(exp->tuple.dst.u.tcp.port));
1642         } else
1643                 ret = -1;
1644
1645         ip_conntrack_expect_put(exp);
1646
1647         /* Ignore rasAddress */
1648
1649         return ret;
1650 }
1651
1652 /****************************************************************************/
1653 static int process_irr(struct sk_buff **pskb, struct ip_conntrack *ct,
1654                        enum ip_conntrack_info ctinfo,
1655                        unsigned char **data, InfoRequestResponse * irr)
1656 {
1657         int ret;
1658         typeof(set_ras_addr_hook) set_ras_addr;
1659         typeof(set_sig_addr_hook) set_sig_addr;
1660
1661         DEBUGP("ip_ct_ras: IRR\n");
1662
1663         set_ras_addr = rcu_dereference(set_ras_addr_hook);
1664         if (set_ras_addr) {
1665                 ret = set_ras_addr(pskb, ct, ctinfo, data,
1666                                    &irr->rasAddress, 1);
1667                 if (ret < 0)
1668                         return -1;
1669         }
1670
1671         set_sig_addr = rcu_dereference(set_sig_addr_hook);
1672         if (set_sig_addr) {
1673                 ret = set_sig_addr(pskb, ct, ctinfo, data,
1674                                    irr->callSignalAddress.item,
1675                                    irr->callSignalAddress.count);
1676                 if (ret < 0)
1677                         return -1;
1678         }
1679
1680         return 0;
1681 }
1682
1683 /****************************************************************************/
1684 static int process_ras(struct sk_buff **pskb, struct ip_conntrack *ct,
1685                        enum ip_conntrack_info ctinfo,
1686                        unsigned char **data, RasMessage * ras)
1687 {
1688         switch (ras->choice) {
1689         case eRasMessage_gatekeeperRequest:
1690                 return process_grq(pskb, ct, ctinfo, data,
1691                                    &ras->gatekeeperRequest);
1692         case eRasMessage_gatekeeperConfirm:
1693                 return process_gcf(pskb, ct, ctinfo, data,
1694                                    &ras->gatekeeperConfirm);
1695         case eRasMessage_registrationRequest:
1696                 return process_rrq(pskb, ct, ctinfo, data,
1697                                    &ras->registrationRequest);
1698         case eRasMessage_registrationConfirm:
1699                 return process_rcf(pskb, ct, ctinfo, data,
1700                                    &ras->registrationConfirm);
1701         case eRasMessage_unregistrationRequest:
1702                 return process_urq(pskb, ct, ctinfo, data,
1703                                    &ras->unregistrationRequest);
1704         case eRasMessage_admissionRequest:
1705                 return process_arq(pskb, ct, ctinfo, data,
1706                                    &ras->admissionRequest);
1707         case eRasMessage_admissionConfirm:
1708                 return process_acf(pskb, ct, ctinfo, data,
1709                                    &ras->admissionConfirm);
1710         case eRasMessage_locationRequest:
1711                 return process_lrq(pskb, ct, ctinfo, data,
1712                                    &ras->locationRequest);
1713         case eRasMessage_locationConfirm:
1714                 return process_lcf(pskb, ct, ctinfo, data,
1715                                    &ras->locationConfirm);
1716         case eRasMessage_infoRequestResponse:
1717                 return process_irr(pskb, ct, ctinfo, data,
1718                                    &ras->infoRequestResponse);
1719         default:
1720                 DEBUGP("ip_ct_ras: RAS message %d\n", ras->choice);
1721                 break;
1722         }
1723
1724         return 0;
1725 }
1726
1727 /****************************************************************************/
1728 static int ras_help(struct sk_buff **pskb, struct ip_conntrack *ct,
1729                     enum ip_conntrack_info ctinfo)
1730 {
1731         static RasMessage ras;
1732         unsigned char *data;
1733         int datalen = 0;
1734         int ret;
1735
1736         DEBUGP("ip_ct_ras: skblen = %u\n", (*pskb)->len);
1737
1738         spin_lock_bh(&ip_h323_lock);
1739
1740         /* Get UDP data */
1741         data = get_udp_data(pskb, &datalen);
1742         if (data == NULL)
1743                 goto accept;
1744         DEBUGP("ip_ct_ras: RAS message %u.%u.%u.%u->%u.%u.%u.%u, len=%d\n",
1745                NIPQUAD((*pskb)->nh.iph->saddr),
1746                NIPQUAD((*pskb)->nh.iph->daddr), datalen);
1747
1748         /* Decode RAS message */
1749         ret = DecodeRasMessage(data, datalen, &ras);
1750         if (ret < 0) {
1751                 if (net_ratelimit())
1752                         printk("ip_ct_ras: decoding error: %s\n",
1753                                ret == H323_ERROR_BOUND ?
1754                                "out of bound" : "out of range");
1755                 goto accept;
1756         }
1757
1758         /* Process RAS message */
1759         if (process_ras(pskb, ct, ctinfo, &data, &ras) < 0)
1760                 goto drop;
1761
1762       accept:
1763         spin_unlock_bh(&ip_h323_lock);
1764         return NF_ACCEPT;
1765
1766       drop:
1767         spin_unlock_bh(&ip_h323_lock);
1768         if (net_ratelimit())
1769                 printk("ip_ct_ras: packet dropped\n");
1770         return NF_DROP;
1771 }
1772
1773 /****************************************************************************/
1774 static struct ip_conntrack_helper ip_conntrack_helper_ras = {
1775         .name = "RAS",
1776         .me = THIS_MODULE,
1777         .max_expected = 32,
1778         .timeout = 240,
1779         .tuple = {.src = {.u = {.tcp = {.port = __constant_htons(RAS_PORT)}}},
1780                   .dst = {.protonum = IPPROTO_UDP}},
1781         .mask = {.src = {.u = {0xFFFE}},
1782                  .dst = {.protonum = 0xFF}},
1783         .help = ras_help,
1784 };
1785
1786 /****************************************************************************/
1787 static void ip_conntrack_ras_expect(struct ip_conntrack *new,
1788                                     struct ip_conntrack_expect *this)
1789 {
1790         write_lock_bh(&ip_conntrack_lock);
1791         new->helper = &ip_conntrack_helper_ras;
1792         write_unlock_bh(&ip_conntrack_lock);
1793 }
1794
1795 /****************************************************************************/
1796 /* Not __exit - called from init() */
1797 static void fini(void)
1798 {
1799         ip_conntrack_helper_unregister(&ip_conntrack_helper_ras);
1800         ip_conntrack_helper_unregister(&ip_conntrack_helper_q931);
1801         kfree(h323_buffer);
1802         DEBUGP("ip_ct_h323: fini\n");
1803 }
1804
1805 /****************************************************************************/
1806 static int __init init(void)
1807 {
1808         int ret;
1809
1810         h323_buffer = kmalloc(65536, GFP_KERNEL);
1811         if (!h323_buffer)
1812                 return -ENOMEM;
1813         if ((ret = ip_conntrack_helper_register(&ip_conntrack_helper_q931)) ||
1814             (ret = ip_conntrack_helper_register(&ip_conntrack_helper_ras))) {
1815                 fini();
1816                 return ret;
1817         }
1818         DEBUGP("ip_ct_h323: init success\n");
1819         return 0;
1820 }
1821
1822 /****************************************************************************/
1823 module_init(init);
1824 module_exit(fini);
1825
1826 EXPORT_SYMBOL_GPL(get_h225_addr);
1827 EXPORT_SYMBOL_GPL(ip_conntrack_h245_expect);
1828 EXPORT_SYMBOL_GPL(ip_conntrack_q931_expect);
1829 EXPORT_SYMBOL_GPL(set_h245_addr_hook);
1830 EXPORT_SYMBOL_GPL(set_h225_addr_hook);
1831 EXPORT_SYMBOL_GPL(set_sig_addr_hook);
1832 EXPORT_SYMBOL_GPL(set_ras_addr_hook);
1833 EXPORT_SYMBOL_GPL(nat_rtp_rtcp_hook);
1834 EXPORT_SYMBOL_GPL(nat_t120_hook);
1835 EXPORT_SYMBOL_GPL(nat_h245_hook);
1836 EXPORT_SYMBOL_GPL(nat_callforwarding_hook);
1837 EXPORT_SYMBOL_GPL(nat_q931_hook);
1838
1839 MODULE_AUTHOR("Jing Min Zhao <zhaojingmin@users.sourceforge.net>");
1840 MODULE_DESCRIPTION("H.323 connection tracking helper");
1841 MODULE_LICENSE("GPL");