projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
[NETFILTER]: ip_conntrack: fix NAT helper unload races
[deliverable/linux.git] / net / ipv4 / netfilter / ip_conntrack_helper_h323.c
1 /*
2 * H.323 connection tracking helper
3 *
4 * Copyright (c) 2006 Jing Min Zhao <zhaojingmin@users.sourceforge.net>
5 *
6 * This source code is licensed under General Public License version 2.
7 *
8 * Based on the 'brute force' H.323 connection tracking module by
9 * Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
10 *
11 * For more information, please see http://nath323.sourceforge.net/
12 */
13
14 #include <linux/module.h>
15 #include <linux/netfilter.h>
16 #include <linux/ip.h>
17 #include <net/tcp.h>
18 #include <linux/netfilter_ipv4/ip_conntrack.h>
19 #include <linux/netfilter_ipv4/ip_conntrack_core.h>
20 #include <linux/netfilter_ipv4/ip_conntrack_helper.h>
21 #include <linux/netfilter_ipv4/ip_conntrack_tuple.h>
22 #include <linux/netfilter_ipv4/ip_conntrack_h323.h>
23 #include <linux/moduleparam.h>
24 #include <linux/ctype.h>
25 #include <linux/inet.h>
26
27 #if 0
28 #define DEBUGP printk
29 #else
30 #define DEBUGP(format, args...)
31 #endif
32
33 /* Parameters */
34 static unsigned int default_rrq_ttl = 300;
35 module_param(default_rrq_ttl, uint, 0600);
36 MODULE_PARM_DESC(default_rrq_ttl, "use this TTL if it's missing in RRQ");
37
38 static int gkrouted_only = 1;
39 module_param(gkrouted_only, int, 0600);
40 MODULE_PARM_DESC(gkrouted_only, "only accept calls from gatekeeper");
41
42 static int callforward_filter = 1;
43 module_param(callforward_filter, bool, 0600);
44 MODULE_PARM_DESC(callforward_filter, "only create call forwarding expectations "
45 "if both endpoints are on different sides "
46 "(determined by routing information)");
47
48 /* Hooks for NAT */
49 int (*set_h245_addr_hook) (struct sk_buff ** pskb,
50 unsigned char **data, int dataoff,
51 H245_TransportAddress * addr,
52 __be32 ip, u_int16_t port);
53 int (*set_h225_addr_hook) (struct sk_buff ** pskb,
54 unsigned char **data, int dataoff,
55 TransportAddress * addr,
56 __be32 ip, u_int16_t port);
57 int (*set_sig_addr_hook) (struct sk_buff ** pskb,
58 struct ip_conntrack * ct,
59 enum ip_conntrack_info ctinfo,
60 unsigned char **data,
61 TransportAddress * addr, int count);
62 int (*set_ras_addr_hook) (struct sk_buff ** pskb,
63 struct ip_conntrack * ct,
64 enum ip_conntrack_info ctinfo,
65 unsigned char **data,
66 TransportAddress * addr, int count);
67 int (*nat_rtp_rtcp_hook) (struct sk_buff ** pskb,
68 struct ip_conntrack * ct,
69 enum ip_conntrack_info ctinfo,
70 unsigned char **data, int dataoff,
71 H245_TransportAddress * addr,
72 u_int16_t port, u_int16_t rtp_port,
73 struct ip_conntrack_expect * rtp_exp,
74 struct ip_conntrack_expect * rtcp_exp);
75 int (*nat_t120_hook) (struct sk_buff ** pskb,
76 struct ip_conntrack * ct,
77 enum ip_conntrack_info ctinfo,
78 unsigned char **data, int dataoff,
79 H245_TransportAddress * addr, u_int16_t port,
80 struct ip_conntrack_expect * exp);
81 int (*nat_h245_hook) (struct sk_buff ** pskb,
82 struct ip_conntrack * ct,
83 enum ip_conntrack_info ctinfo,
84 unsigned char **data, int dataoff,
85 TransportAddress * addr, u_int16_t port,
86 struct ip_conntrack_expect * exp);
87 int (*nat_callforwarding_hook) (struct sk_buff ** pskb,
88 struct ip_conntrack * ct,
89 enum ip_conntrack_info ctinfo,
90 unsigned char **data, int dataoff,
91 TransportAddress * addr, u_int16_t port,
92 struct ip_conntrack_expect * exp);
93 int (*nat_q931_hook) (struct sk_buff ** pskb,
94 struct ip_conntrack * ct,
95 enum ip_conntrack_info ctinfo,
96 unsigned char **data, TransportAddress * addr, int idx,
97 u_int16_t port, struct ip_conntrack_expect * exp);
98
99
100 static DEFINE_SPINLOCK(ip_h323_lock);
101 static char *h323_buffer;
102
103 /****************************************************************************/
104 static int get_tpkt_data(struct sk_buff **pskb, struct ip_conntrack *ct,
105 enum ip_conntrack_info ctinfo,
106 unsigned char **data, int *datalen, int *dataoff)
107 {
108 struct ip_ct_h323_master *info = &ct->help.ct_h323_info;
109 int dir = CTINFO2DIR(ctinfo);
110 struct tcphdr _tcph, *th;
111 int tcpdatalen;
112 int tcpdataoff;
113 unsigned char *tpkt;
114 int tpktlen;
115 int tpktoff;
116
117 /* Get TCP header */
118 th = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl * 4,
119 sizeof(_tcph), &_tcph);
120 if (th == NULL)
121 return 0;
122
123 /* Get TCP data offset */
124 tcpdataoff = (*pskb)->nh.iph->ihl * 4 + th->doff * 4;
125
126 /* Get TCP data length */
127 tcpdatalen = (*pskb)->len - tcpdataoff;
128 if (tcpdatalen <= 0) /* No TCP data */
129 goto clear_out;
130
131 if (*data == NULL) { /* first TPKT */
132 /* Get first TPKT pointer */
133 tpkt = skb_header_pointer(*pskb, tcpdataoff, tcpdatalen,
134 h323_buffer);
135 BUG_ON(tpkt == NULL);
136
137 /* Validate TPKT identifier */
138 if (tcpdatalen < 4 || tpkt[0] != 0x03 || tpkt[1] != 0) {
139 /* Netmeeting sends TPKT header and data separately */
140 if (info->tpkt_len[dir] > 0) {
141 DEBUGP("ip_ct_h323: previous packet "
142 "indicated separate TPKT data of %hu "
143 "bytes\n", info->tpkt_len[dir]);
144 if (info->tpkt_len[dir] <= tcpdatalen) {
145 /* Yes, there was a TPKT header
146 * received */
147 *data = tpkt;
148 *datalen = info->tpkt_len[dir];
149 *dataoff = 0;
150 goto out;
151 }
152
153 /* Fragmented TPKT */
154 if (net_ratelimit())
155 printk("ip_ct_h323: "
156 "fragmented TPKT\n");
157 goto clear_out;
158 }
159
160 /* It is not even a TPKT */
161 return 0;
162 }
163 tpktoff = 0;
164 } else { /* Next TPKT */
165 tpktoff = *dataoff + *datalen;
166 tcpdatalen -= tpktoff;
167 if (tcpdatalen <= 4) /* No more TPKT */
168 goto clear_out;
169 tpkt = *data + *datalen;
170
171 /* Validate TPKT identifier */
172 if (tpkt[0] != 0x03 || tpkt[1] != 0)
173 goto clear_out;
174 }
175
176 /* Validate TPKT length */
177 tpktlen = tpkt[2] * 256 + tpkt[3];
178 if (tpktlen < 4)
179 goto clear_out;
180 if (tpktlen > tcpdatalen) {
181 if (tcpdatalen == 4) { /* Separate TPKT header */
182 /* Netmeeting sends TPKT header and data separately */
183 DEBUGP("ip_ct_h323: separate TPKT header indicates "
184 "there will be TPKT data of %hu bytes\n",
185 tpktlen - 4);
186 info->tpkt_len[dir] = tpktlen - 4;
187 return 0;
188 }
189
190 if (net_ratelimit())
191 printk("ip_ct_h323: incomplete TPKT (fragmented?)\n");
192 goto clear_out;
193 }
194
195 /* This is the encapsulated data */
196 *data = tpkt + 4;
197 *datalen = tpktlen - 4;
198 *dataoff = tpktoff + 4;
199
200 out:
201 /* Clear TPKT length */
202 info->tpkt_len[dir] = 0;
203 return 1;
204
205 clear_out:
206 info->tpkt_len[dir] = 0;
207 return 0;
208 }
209
210 /****************************************************************************/
211 static int get_h245_addr(unsigned char *data, H245_TransportAddress * addr,
212 __be32 * ip, u_int16_t * port)
213 {
214 unsigned char *p;
215
216 if (addr->choice != eH245_TransportAddress_unicastAddress ||
217 addr->unicastAddress.choice != eUnicastAddress_iPAddress)
218 return 0;
219
220 p = data + addr->unicastAddress.iPAddress.network;
221 *ip = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | (p[3]));
222 *port = (p[4] << 8) | (p[5]);
223
224 return 1;
225 }
226
227 /****************************************************************************/
228 static int expect_rtp_rtcp(struct sk_buff **pskb, struct ip_conntrack *ct,
229 enum ip_conntrack_info ctinfo,
230 unsigned char **data, int dataoff,
231 H245_TransportAddress * addr)
232 {
233 int dir = CTINFO2DIR(ctinfo);
234 int ret = 0;
235 __be32 ip;
236 u_int16_t port;
237 u_int16_t rtp_port;
238 struct ip_conntrack_expect *rtp_exp;
239 struct ip_conntrack_expect *rtcp_exp;
240 typeof(nat_rtp_rtcp_hook) nat_rtp_rtcp;
241
242 /* Read RTP or RTCP address */
243 if (!get_h245_addr(*data, addr, &ip, &port) ||
244 ip != ct->tuplehash[dir].tuple.src.ip || port == 0)
245 return 0;
246
247 /* RTP port is even */
248 rtp_port = port & (~1);
249
250 /* Create expect for RTP */
251 if ((rtp_exp = ip_conntrack_expect_alloc(ct)) == NULL)
252 return -1;
253 rtp_exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
254 rtp_exp->tuple.src.u.udp.port = 0;
255 rtp_exp->tuple.dst.ip = ct->tuplehash[!dir].tuple.dst.ip;
256 rtp_exp->tuple.dst.u.udp.port = htons(rtp_port);
257 rtp_exp->tuple.dst.protonum = IPPROTO_UDP;
258 rtp_exp->mask.src.ip = htonl(0xFFFFFFFF);
259 rtp_exp->mask.src.u.udp.port = 0;
260 rtp_exp->mask.dst.ip = htonl(0xFFFFFFFF);
261 rtp_exp->mask.dst.u.udp.port = htons(0xFFFF);
262 rtp_exp->mask.dst.protonum = 0xFF;
263 rtp_exp->flags = 0;
264
265 /* Create expect for RTCP */
266 if ((rtcp_exp = ip_conntrack_expect_alloc(ct)) == NULL) {
267 ip_conntrack_expect_put(rtp_exp);
268 return -1;
269 }
270 rtcp_exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
271 rtcp_exp->tuple.src.u.udp.port = 0;
272 rtcp_exp->tuple.dst.ip = ct->tuplehash[!dir].tuple.dst.ip;
273 rtcp_exp->tuple.dst.u.udp.port = htons(rtp_port + 1);
274 rtcp_exp->tuple.dst.protonum = IPPROTO_UDP;
275 rtcp_exp->mask.src.ip = htonl(0xFFFFFFFF);
276 rtcp_exp->mask.src.u.udp.port = 0;
277 rtcp_exp->mask.dst.ip = htonl(0xFFFFFFFF);
278 rtcp_exp->mask.dst.u.udp.port = htons(0xFFFF);
279 rtcp_exp->mask.dst.protonum = 0xFF;
280 rtcp_exp->flags = 0;
281
282 if (ct->tuplehash[dir].tuple.src.ip !=
283 ct->tuplehash[!dir].tuple.dst.ip &&
284 (nat_rtp_rtcp = rcu_dereference(nat_rtp_rtcp_hook))) {
285 /* NAT needed */
286 ret = nat_rtp_rtcp(pskb, ct, ctinfo, data, dataoff,
287 addr, port, rtp_port, rtp_exp, rtcp_exp);
288 } else { /* Conntrack only */
289 rtp_exp->expectfn = NULL;
290 rtcp_exp->expectfn = NULL;
291
292 if (ip_conntrack_expect_related(rtp_exp) == 0) {
293 if (ip_conntrack_expect_related(rtcp_exp) == 0) {
294 DEBUGP("ip_ct_h323: expect RTP "
295 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
296 NIPQUAD(rtp_exp->tuple.src.ip),
297 ntohs(rtp_exp->tuple.src.u.udp.port),
298 NIPQUAD(rtp_exp->tuple.dst.ip),
299 ntohs(rtp_exp->tuple.dst.u.udp.port));
300 DEBUGP("ip_ct_h323: expect RTCP "
301 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
302 NIPQUAD(rtcp_exp->tuple.src.ip),
303 ntohs(rtcp_exp->tuple.src.u.udp.port),
304 NIPQUAD(rtcp_exp->tuple.dst.ip),
305 ntohs(rtcp_exp->tuple.dst.u.udp.port));
306 } else {
307 ip_conntrack_unexpect_related(rtp_exp);
308 ret = -1;
309 }
310 } else
311 ret = -1;
312 }
313
314 ip_conntrack_expect_put(rtp_exp);
315 ip_conntrack_expect_put(rtcp_exp);
316
317 return ret;
318 }
319
320 /****************************************************************************/
321 static int expect_t120(struct sk_buff **pskb,
322 struct ip_conntrack *ct,
323 enum ip_conntrack_info ctinfo,
324 unsigned char **data, int dataoff,
325 H245_TransportAddress * addr)
326 {
327 int dir = CTINFO2DIR(ctinfo);
328 int ret = 0;
329 __be32 ip;
330 u_int16_t port;
331 struct ip_conntrack_expect *exp = NULL;
332 typeof(nat_t120_hook) nat_t120;
333
334 /* Read T.120 address */
335 if (!get_h245_addr(*data, addr, &ip, &port) ||
336 ip != ct->tuplehash[dir].tuple.src.ip || port == 0)
337 return 0;
338
339 /* Create expect for T.120 connections */
340 if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
341 return -1;
342 exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
343 exp->tuple.src.u.tcp.port = 0;
344 exp->tuple.dst.ip = ct->tuplehash[!dir].tuple.dst.ip;
345 exp->tuple.dst.u.tcp.port = htons(port);
346 exp->tuple.dst.protonum = IPPROTO_TCP;
347 exp->mask.src.ip = htonl(0xFFFFFFFF);
348 exp->mask.src.u.tcp.port = 0;
349 exp->mask.dst.ip = htonl(0xFFFFFFFF);
350 exp->mask.dst.u.tcp.port = htons(0xFFFF);
351 exp->mask.dst.protonum = 0xFF;
352 exp->flags = IP_CT_EXPECT_PERMANENT; /* Accept multiple channels */
353
354 if (ct->tuplehash[dir].tuple.src.ip !=
355 ct->tuplehash[!dir].tuple.dst.ip &&
356 (nat_t120 = rcu_dereference(nat_t120_hook))) {
357 /* NAT needed */
358 ret = nat_t120(pskb, ct, ctinfo, data, dataoff, addr,
359 port, exp);
360 } else { /* Conntrack only */
361 exp->expectfn = NULL;
362 if (ip_conntrack_expect_related(exp) == 0) {
363 DEBUGP("ip_ct_h323: expect T.120 "
364 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
365 NIPQUAD(exp->tuple.src.ip),
366 ntohs(exp->tuple.src.u.tcp.port),
367 NIPQUAD(exp->tuple.dst.ip),
368 ntohs(exp->tuple.dst.u.tcp.port));
369 } else
370 ret = -1;
371 }
372
373 ip_conntrack_expect_put(exp);
374
375 return ret;
376 }
377
378 /****************************************************************************/
379 static int process_h245_channel(struct sk_buff **pskb,
380 struct ip_conntrack *ct,
381 enum ip_conntrack_info ctinfo,
382 unsigned char **data, int dataoff,
383 H2250LogicalChannelParameters * channel)
384 {
385 int ret;
386
387 if (channel->options & eH2250LogicalChannelParameters_mediaChannel) {
388 /* RTP */
389 ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff,
390 &channel->mediaChannel);
391 if (ret < 0)
392 return -1;
393 }
394
395 if (channel->
396 options & eH2250LogicalChannelParameters_mediaControlChannel) {
397 /* RTCP */
398 ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff,
399 &channel->mediaControlChannel);
400 if (ret < 0)
401 return -1;
402 }
403
404 return 0;
405 }
406
407 /****************************************************************************/
408 static int process_olc(struct sk_buff **pskb, struct ip_conntrack *ct,
409 enum ip_conntrack_info ctinfo,
410 unsigned char **data, int dataoff,
411 OpenLogicalChannel * olc)
412 {
413 int ret;
414
415 DEBUGP("ip_ct_h323: OpenLogicalChannel\n");
416
417 if (olc->forwardLogicalChannelParameters.multiplexParameters.choice ==
418 eOpenLogicalChannel_forwardLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)
419 {
420 ret = process_h245_channel(pskb, ct, ctinfo, data, dataoff,
421 &olc->
422 forwardLogicalChannelParameters.
423 multiplexParameters.
424 h2250LogicalChannelParameters);
425 if (ret < 0)
426 return -1;
427 }
428
429 if ((olc->options &
430 eOpenLogicalChannel_reverseLogicalChannelParameters) &&
431 (olc->reverseLogicalChannelParameters.options &
432 eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters)
433 && (olc->reverseLogicalChannelParameters.multiplexParameters.
434 choice ==
435 eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters))
436 {
437 ret =
438 process_h245_channel(pskb, ct, ctinfo, data, dataoff,
439 &olc->
440 reverseLogicalChannelParameters.
441 multiplexParameters.
442 h2250LogicalChannelParameters);
443 if (ret < 0)
444 return -1;
445 }
446
447 if ((olc->options & eOpenLogicalChannel_separateStack) &&
448 olc->forwardLogicalChannelParameters.dataType.choice ==
449 eDataType_data &&
450 olc->forwardLogicalChannelParameters.dataType.data.application.
451 choice == eDataApplicationCapability_application_t120 &&
452 olc->forwardLogicalChannelParameters.dataType.data.application.
453 t120.choice == eDataProtocolCapability_separateLANStack &&
454 olc->separateStack.networkAddress.choice ==
455 eNetworkAccessParameters_networkAddress_localAreaAddress) {
456 ret = expect_t120(pskb, ct, ctinfo, data, dataoff,
457 &olc->separateStack.networkAddress.
458 localAreaAddress);
459 if (ret < 0)
460 return -1;
461 }
462
463 return 0;
464 }
465
466 /****************************************************************************/
467 static int process_olca(struct sk_buff **pskb, struct ip_conntrack *ct,
468 enum ip_conntrack_info ctinfo,
469 unsigned char **data, int dataoff,
470 OpenLogicalChannelAck * olca)
471 {
472 H2250LogicalChannelAckParameters *ack;
473 int ret;
474
475 DEBUGP("ip_ct_h323: OpenLogicalChannelAck\n");
476
477 if ((olca->options &
478 eOpenLogicalChannelAck_reverseLogicalChannelParameters) &&
479 (olca->reverseLogicalChannelParameters.options &
480 eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters)
481 && (olca->reverseLogicalChannelParameters.multiplexParameters.
482 choice ==
483 eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters))
484 {
485 ret = process_h245_channel(pskb, ct, ctinfo, data, dataoff,
486 &olca->
487 reverseLogicalChannelParameters.
488 multiplexParameters.
489 h2250LogicalChannelParameters);
490 if (ret < 0)
491 return -1;
492 }
493
494 if ((olca->options &
495 eOpenLogicalChannelAck_forwardMultiplexAckParameters) &&
496 (olca->forwardMultiplexAckParameters.choice ==
497 eOpenLogicalChannelAck_forwardMultiplexAckParameters_h2250LogicalChannelAckParameters))
498 {
499 ack = &olca->forwardMultiplexAckParameters.
500 h2250LogicalChannelAckParameters;
501 if (ack->options &
502 eH2250LogicalChannelAckParameters_mediaChannel) {
503 /* RTP */
504 ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff,
505 &ack->mediaChannel);
506 if (ret < 0)
507 return -1;
508 }
509
510 if (ack->options &
511 eH2250LogicalChannelAckParameters_mediaControlChannel) {
512 /* RTCP */
513 ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff,
514 &ack->mediaControlChannel);
515 if (ret < 0)
516 return -1;
517 }
518 }
519
520 return 0;
521 }
522
523 /****************************************************************************/
524 static int process_h245(struct sk_buff **pskb, struct ip_conntrack *ct,
525 enum ip_conntrack_info ctinfo,
526 unsigned char **data, int dataoff,
527 MultimediaSystemControlMessage * mscm)
528 {
529 switch (mscm->choice) {
530 case eMultimediaSystemControlMessage_request:
531 if (mscm->request.choice ==
532 eRequestMessage_openLogicalChannel) {
533 return process_olc(pskb, ct, ctinfo, data, dataoff,
534 &mscm->request.openLogicalChannel);
535 }
536 DEBUGP("ip_ct_h323: H.245 Request %d\n",
537 mscm->request.choice);
538 break;
539 case eMultimediaSystemControlMessage_response:
540 if (mscm->response.choice ==
541 eResponseMessage_openLogicalChannelAck) {
542 return process_olca(pskb, ct, ctinfo, data, dataoff,
543 &mscm->response.
544 openLogicalChannelAck);
545 }
546 DEBUGP("ip_ct_h323: H.245 Response %d\n",
547 mscm->response.choice);
548 break;
549 default:
550 DEBUGP("ip_ct_h323: H.245 signal %d\n", mscm->choice);
551 break;
552 }
553
554 return 0;
555 }
556
557 /****************************************************************************/
558 static int h245_help(struct sk_buff **pskb, struct ip_conntrack *ct,
559 enum ip_conntrack_info ctinfo)
560 {
561 static MultimediaSystemControlMessage mscm;
562 unsigned char *data = NULL;
563 int datalen;
564 int dataoff;
565 int ret;
566
567 /* Until there's been traffic both ways, don't look in packets. */
568 if (ctinfo != IP_CT_ESTABLISHED
569 && ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) {
570 return NF_ACCEPT;
571 }
572 DEBUGP("ip_ct_h245: skblen = %u\n", (*pskb)->len);
573
574 spin_lock_bh(&ip_h323_lock);
575
576 /* Process each TPKT */
577 while (get_tpkt_data(pskb, ct, ctinfo, &data, &datalen, &dataoff)) {
578 DEBUGP("ip_ct_h245: TPKT %u.%u.%u.%u->%u.%u.%u.%u, len=%d\n",
579 NIPQUAD((*pskb)->nh.iph->saddr),
580 NIPQUAD((*pskb)->nh.iph->daddr), datalen);
581
582 /* Decode H.245 signal */
583 ret = DecodeMultimediaSystemControlMessage(data, datalen,
584 &mscm);
585 if (ret < 0) {
586 if (net_ratelimit())
587 printk("ip_ct_h245: decoding error: %s\n",
588 ret == H323_ERROR_BOUND ?
589 "out of bound" : "out of range");
590 /* We don't drop when decoding error */
591 break;
592 }
593
594 /* Process H.245 signal */
595 if (process_h245(pskb, ct, ctinfo, &data, dataoff, &mscm) < 0)
596 goto drop;
597 }
598
599 spin_unlock_bh(&ip_h323_lock);
600 return NF_ACCEPT;
601
602 drop:
603 spin_unlock_bh(&ip_h323_lock);
604 if (net_ratelimit())
605 printk("ip_ct_h245: packet dropped\n");
606 return NF_DROP;
607 }
608
609 /****************************************************************************/
610 static struct ip_conntrack_helper ip_conntrack_helper_h245 = {
611 .name = "H.245",
612 .me = THIS_MODULE,
613 .max_expected = H323_RTP_CHANNEL_MAX * 4 + 2 /* T.120 */ ,
614 .timeout = 240,
615 .tuple = {.dst = {.protonum = IPPROTO_TCP}},
616 .mask = {.src = {.u = {0xFFFF}},
617 .dst = {.protonum = 0xFF}},
618 .help = h245_help
619 };
620
621 /****************************************************************************/
622 void ip_conntrack_h245_expect(struct ip_conntrack *new,
623 struct ip_conntrack_expect *this)
624 {
625 write_lock_bh(&ip_conntrack_lock);
626 new->helper = &ip_conntrack_helper_h245;
627 write_unlock_bh(&ip_conntrack_lock);
628 }
629
630 /****************************************************************************/
631 int get_h225_addr(unsigned char *data, TransportAddress * addr,
632 __be32 * ip, u_int16_t * port)
633 {
634 unsigned char *p;
635
636 if (addr->choice != eTransportAddress_ipAddress)
637 return 0;
638
639 p = data + addr->ipAddress.ip;
640 *ip = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | (p[3]));
641 *port = (p[4] << 8) | (p[5]);
642
643 return 1;
644 }
645
646 /****************************************************************************/
647 static int expect_h245(struct sk_buff **pskb, struct ip_conntrack *ct,
648 enum ip_conntrack_info ctinfo,
649 unsigned char **data, int dataoff,
650 TransportAddress * addr)
651 {
652 int dir = CTINFO2DIR(ctinfo);
653 int ret = 0;
654 __be32 ip;
655 u_int16_t port;
656 struct ip_conntrack_expect *exp = NULL;
657 typeof(nat_h245_hook) nat_h245;
658
659 /* Read h245Address */
660 if (!get_h225_addr(*data, addr, &ip, &port) ||
661 ip != ct->tuplehash[dir].tuple.src.ip || port == 0)
662 return 0;
663
664 /* Create expect for h245 connection */
665 if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
666 return -1;
667 exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
668 exp->tuple.src.u.tcp.port = 0;
669 exp->tuple.dst.ip = ct->tuplehash[!dir].tuple.dst.ip;
670 exp->tuple.dst.u.tcp.port = htons(port);
671 exp->tuple.dst.protonum = IPPROTO_TCP;
672 exp->mask.src.ip = htonl(0xFFFFFFFF);
673 exp->mask.src.u.tcp.port = 0;
674 exp->mask.dst.ip = htonl(0xFFFFFFFF);
675 exp->mask.dst.u.tcp.port = htons(0xFFFF);
676 exp->mask.dst.protonum = 0xFF;
677 exp->flags = 0;
678
679 if (ct->tuplehash[dir].tuple.src.ip !=
680 ct->tuplehash[!dir].tuple.dst.ip &&
681 (nat_h245 = rcu_dereference(nat_h245_hook))) {
682 /* NAT needed */
683 ret = nat_h245(pskb, ct, ctinfo, data, dataoff, addr,
684 port, exp);
685 } else { /* Conntrack only */
686 exp->expectfn = ip_conntrack_h245_expect;
687
688 if (ip_conntrack_expect_related(exp) == 0) {
689 DEBUGP("ip_ct_q931: expect H.245 "
690 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
691 NIPQUAD(exp->tuple.src.ip),
692 ntohs(exp->tuple.src.u.tcp.port),
693 NIPQUAD(exp->tuple.dst.ip),
694 ntohs(exp->tuple.dst.u.tcp.port));
695 } else
696 ret = -1;
697 }
698
699 ip_conntrack_expect_put(exp);
700
701 return ret;
702 }
703
704 /* Forwarding declaration */
705 void ip_conntrack_q931_expect(struct ip_conntrack *new,
706 struct ip_conntrack_expect *this);
707
708 /****************************************************************************/
709 static int expect_callforwarding(struct sk_buff **pskb,
710 struct ip_conntrack *ct,
711 enum ip_conntrack_info ctinfo,
712 unsigned char **data, int dataoff,
713 TransportAddress * addr)
714 {
715 int dir = CTINFO2DIR(ctinfo);
716 int ret = 0;
717 __be32 ip;
718 u_int16_t port;
719 struct ip_conntrack_expect *exp = NULL;
720 typeof(nat_callforwarding_hook) nat_callforwarding;
721
722 /* Read alternativeAddress */
723 if (!get_h225_addr(*data, addr, &ip, &port) || port == 0)
724 return 0;
725
726 /* If the calling party is on the same side of the forward-to party,
727 * we don't need to track the second call */
728 if (callforward_filter) {
729 struct rtable *rt1, *rt2;
730 struct flowi fl1 = {
731 .fl4_dst = ip,
732 };
733 struct flowi fl2 = {
734 .fl4_dst = ct->tuplehash[!dir].tuple.src.ip,
735 };
736
737 if (ip_route_output_key(&rt1, &fl1) == 0) {
738 if (ip_route_output_key(&rt2, &fl2) == 0) {
739 if (rt1->rt_gateway == rt2->rt_gateway &&
740 rt1->u.dst.dev == rt2->u.dst.dev)
741 ret = 1;
742 dst_release(&rt2->u.dst);
743 }
744 dst_release(&rt1->u.dst);
745 }
746 if (ret) {
747 DEBUGP("ip_ct_q931: Call Forwarding not tracked\n");
748 return 0;
749 }
750 }
751
752 /* Create expect for the second call leg */
753 if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
754 return -1;
755 exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
756 exp->tuple.src.u.tcp.port = 0;
757 exp->tuple.dst.ip = ip;
758 exp->tuple.dst.u.tcp.port = htons(port);
759 exp->tuple.dst.protonum = IPPROTO_TCP;
760 exp->mask.src.ip = htonl(0xFFFFFFFF);
761 exp->mask.src.u.tcp.port = 0;
762 exp->mask.dst.ip = htonl(0xFFFFFFFF);
763 exp->mask.dst.u.tcp.port = htons(0xFFFF);
764 exp->mask.dst.protonum = 0xFF;
765 exp->flags = 0;
766
767 if (ct->tuplehash[dir].tuple.src.ip !=
768 ct->tuplehash[!dir].tuple.dst.ip &&
769 (nat_callforwarding = rcu_dereference(nat_callforwarding_hook))) {
770 /* Need NAT */
771 ret = nat_callforwarding(pskb, ct, ctinfo, data, dataoff,
772 addr, port, exp);
773 } else { /* Conntrack only */
774 exp->expectfn = ip_conntrack_q931_expect;
775
776 if (ip_conntrack_expect_related(exp) == 0) {
777 DEBUGP("ip_ct_q931: expect Call Forwarding "
778 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
779 NIPQUAD(exp->tuple.src.ip),
780 ntohs(exp->tuple.src.u.tcp.port),
781 NIPQUAD(exp->tuple.dst.ip),
782 ntohs(exp->tuple.dst.u.tcp.port));
783 } else
784 ret = -1;
785 }
786
787 ip_conntrack_expect_put(exp);
788
789 return ret;
790 }
791
792 /****************************************************************************/
793 static int process_setup(struct sk_buff **pskb, struct ip_conntrack *ct,
794 enum ip_conntrack_info ctinfo,
795 unsigned char **data, int dataoff,
796 Setup_UUIE * setup)
797 {
798 int dir = CTINFO2DIR(ctinfo);
799 int ret;
800 int i;
801 __be32 ip;
802 u_int16_t port;
803 typeof(set_h225_addr_hook) set_h225_addr;
804
805 DEBUGP("ip_ct_q931: Setup\n");
806
807 if (setup->options & eSetup_UUIE_h245Address) {
808 ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
809 &setup->h245Address);
810 if (ret < 0)
811 return -1;
812 }
813
814 set_h225_addr = rcu_dereference(set_h225_addr_hook);
815
816 if ((setup->options & eSetup_UUIE_destCallSignalAddress) &&
817 (set_h225_addr) &&
818 get_h225_addr(*data, &setup->destCallSignalAddress, &ip, &port) &&
819 ip != ct->tuplehash[!dir].tuple.src.ip) {
820 DEBUGP("ip_ct_q931: set destCallSignalAddress "
821 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
822 NIPQUAD(ip), port,
823 NIPQUAD(ct->tuplehash[!dir].tuple.src.ip),
824 ntohs(ct->tuplehash[!dir].tuple.src.u.tcp.port));
825 ret = set_h225_addr(pskb, data, dataoff,
826 &setup->destCallSignalAddress,
827 ct->tuplehash[!dir].tuple.src.ip,
828 ntohs(ct->tuplehash[!dir].tuple.src.
829 u.tcp.port));
830 if (ret < 0)
831 return -1;
832 }
833
834 if ((setup->options & eSetup_UUIE_sourceCallSignalAddress) &&
835 (set_h225_addr) &&
836 get_h225_addr(*data, &setup->sourceCallSignalAddress, &ip, &port)
837 && ip != ct->tuplehash[!dir].tuple.dst.ip) {
838 DEBUGP("ip_ct_q931: set sourceCallSignalAddress "
839 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
840 NIPQUAD(ip), port,
841 NIPQUAD(ct->tuplehash[!dir].tuple.dst.ip),
842 ntohs(ct->tuplehash[!dir].tuple.dst.u.tcp.port));
843 ret = set_h225_addr(pskb, data, dataoff,
844 &setup->sourceCallSignalAddress,
845 ct->tuplehash[!dir].tuple.dst.ip,
846 ntohs(ct->tuplehash[!dir].tuple.dst.
847 u.tcp.port));
848 if (ret < 0)
849 return -1;
850 }
851
852 if (setup->options & eSetup_UUIE_fastStart) {
853 for (i = 0; i < setup->fastStart.count; i++) {
854 ret = process_olc(pskb, ct, ctinfo, data, dataoff,
855 &setup->fastStart.item[i]);
856 if (ret < 0)
857 return -1;
858 }
859 }
860
861 return 0;
862 }
863
864 /****************************************************************************/
865 static int process_callproceeding(struct sk_buff **pskb,
866 struct ip_conntrack *ct,
867 enum ip_conntrack_info ctinfo,
868 unsigned char **data, int dataoff,
869 CallProceeding_UUIE * callproc)
870 {
871 int ret;
872 int i;
873
874 DEBUGP("ip_ct_q931: CallProceeding\n");
875
876 if (callproc->options & eCallProceeding_UUIE_h245Address) {
877 ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
878 &callproc->h245Address);
879 if (ret < 0)
880 return -1;
881 }
882
883 if (callproc->options & eCallProceeding_UUIE_fastStart) {
884 for (i = 0; i < callproc->fastStart.count; i++) {
885 ret = process_olc(pskb, ct, ctinfo, data, dataoff,
886 &callproc->fastStart.item[i]);
887 if (ret < 0)
888 return -1;
889 }
890 }
891
892 return 0;
893 }
894
895 /****************************************************************************/
896 static int process_connect(struct sk_buff **pskb, struct ip_conntrack *ct,
897 enum ip_conntrack_info ctinfo,
898 unsigned char **data, int dataoff,
899 Connect_UUIE * connect)
900 {
901 int ret;
902 int i;
903
904 DEBUGP("ip_ct_q931: Connect\n");
905
906 if (connect->options & eConnect_UUIE_h245Address) {
907 ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
908 &connect->h245Address);
909 if (ret < 0)
910 return -1;
911 }
912
913 if (connect->options & eConnect_UUIE_fastStart) {
914 for (i = 0; i < connect->fastStart.count; i++) {
915 ret = process_olc(pskb, ct, ctinfo, data, dataoff,
916 &connect->fastStart.item[i]);
917 if (ret < 0)
918 return -1;
919 }
920 }
921
922 return 0;
923 }
924
925 /****************************************************************************/
926 static int process_alerting(struct sk_buff **pskb, struct ip_conntrack *ct,
927 enum ip_conntrack_info ctinfo,
928 unsigned char **data, int dataoff,
929 Alerting_UUIE * alert)
930 {
931 int ret;
932 int i;
933
934 DEBUGP("ip_ct_q931: Alerting\n");
935
936 if (alert->options & eAlerting_UUIE_h245Address) {
937 ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
938 &alert->h245Address);
939 if (ret < 0)
940 return -1;
941 }
942
943 if (alert->options & eAlerting_UUIE_fastStart) {
944 for (i = 0; i < alert->fastStart.count; i++) {
945 ret = process_olc(pskb, ct, ctinfo, data, dataoff,
946 &alert->fastStart.item[i]);
947 if (ret < 0)
948 return -1;
949 }
950 }
951
952 return 0;
953 }
954
955 /****************************************************************************/
956 static int process_information(struct sk_buff **pskb,
957 struct ip_conntrack *ct,
958 enum ip_conntrack_info ctinfo,
959 unsigned char **data, int dataoff,
960 Information_UUIE * info)
961 {
962 int ret;
963 int i;
964
965 DEBUGP("ip_ct_q931: Information\n");
966
967 if (info->options & eInformation_UUIE_fastStart) {
968 for (i = 0; i < info->fastStart.count; i++) {
969 ret = process_olc(pskb, ct, ctinfo, data, dataoff,
970 &info->fastStart.item[i]);
971 if (ret < 0)
972 return -1;
973 }
974 }
975
976 return 0;
977 }
978
979 /****************************************************************************/
980 static int process_facility(struct sk_buff **pskb, struct ip_conntrack *ct,
981 enum ip_conntrack_info ctinfo,
982 unsigned char **data, int dataoff,
983 Facility_UUIE * facility)
984 {
985 int ret;
986 int i;
987
988 DEBUGP("ip_ct_q931: Facility\n");
989
990 if (facility->reason.choice == eFacilityReason_callForwarded) {
991 if (facility->options & eFacility_UUIE_alternativeAddress)
992 return expect_callforwarding(pskb, ct, ctinfo, data,
993 dataoff,
994 &facility->
995 alternativeAddress);
996 return 0;
997 }
998
999 if (facility->options & eFacility_UUIE_h245Address) {
1000 ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
1001 &facility->h245Address);
1002 if (ret < 0)
1003 return -1;
1004 }
1005
1006 if (facility->options & eFacility_UUIE_fastStart) {
1007 for (i = 0; i < facility->fastStart.count; i++) {
1008 ret = process_olc(pskb, ct, ctinfo, data, dataoff,
1009 &facility->fastStart.item[i]);
1010 if (ret < 0)
1011 return -1;
1012 }
1013 }
1014
1015 return 0;
1016 }
1017
1018 /****************************************************************************/
1019 static int process_progress(struct sk_buff **pskb, struct ip_conntrack *ct,
1020 enum ip_conntrack_info ctinfo,
1021 unsigned char **data, int dataoff,
1022 Progress_UUIE * progress)
1023 {
1024 int ret;
1025 int i;
1026
1027 DEBUGP("ip_ct_q931: Progress\n");
1028
1029 if (progress->options & eProgress_UUIE_h245Address) {
1030 ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
1031 &progress->h245Address);
1032 if (ret < 0)
1033 return -1;
1034 }
1035
1036 if (progress->options & eProgress_UUIE_fastStart) {
1037 for (i = 0; i < progress->fastStart.count; i++) {
1038 ret = process_olc(pskb, ct, ctinfo, data, dataoff,
1039 &progress->fastStart.item[i]);
1040 if (ret < 0)
1041 return -1;
1042 }
1043 }
1044
1045 return 0;
1046 }
1047
1048 /****************************************************************************/
1049 static int process_q931(struct sk_buff **pskb, struct ip_conntrack *ct,
1050 enum ip_conntrack_info ctinfo,
1051 unsigned char **data, int dataoff, Q931 * q931)
1052 {
1053 H323_UU_PDU *pdu = &q931->UUIE.h323_uu_pdu;
1054 int i;
1055 int ret = 0;
1056
1057 switch (pdu->h323_message_body.choice) {
1058 case eH323_UU_PDU_h323_message_body_setup:
1059 ret = process_setup(pskb, ct, ctinfo, data, dataoff,
1060 &pdu->h323_message_body.setup);
1061 break;
1062 case eH323_UU_PDU_h323_message_body_callProceeding:
1063 ret = process_callproceeding(pskb, ct, ctinfo, data, dataoff,
1064 &pdu->h323_message_body.
1065 callProceeding);
1066 break;
1067 case eH323_UU_PDU_h323_message_body_connect:
1068 ret = process_connect(pskb, ct, ctinfo, data, dataoff,
1069 &pdu->h323_message_body.connect);
1070 break;
1071 case eH323_UU_PDU_h323_message_body_alerting:
1072 ret = process_alerting(pskb, ct, ctinfo, data, dataoff,
1073 &pdu->h323_message_body.alerting);
1074 break;
1075 case eH323_UU_PDU_h323_message_body_information:
1076 ret = process_information(pskb, ct, ctinfo, data, dataoff,
1077 &pdu->h323_message_body.
1078 information);
1079 break;
1080 case eH323_UU_PDU_h323_message_body_facility:
1081 ret = process_facility(pskb, ct, ctinfo, data, dataoff,
1082 &pdu->h323_message_body.facility);
1083 break;
1084 case eH323_UU_PDU_h323_message_body_progress:
1085 ret = process_progress(pskb, ct, ctinfo, data, dataoff,
1086 &pdu->h323_message_body.progress);
1087 break;
1088 default:
1089 DEBUGP("ip_ct_q931: Q.931 signal %d\n",
1090 pdu->h323_message_body.choice);
1091 break;
1092 }
1093
1094 if (ret < 0)
1095 return -1;
1096
1097 if (pdu->options & eH323_UU_PDU_h245Control) {
1098 for (i = 0; i < pdu->h245Control.count; i++) {
1099 ret = process_h245(pskb, ct, ctinfo, data, dataoff,
1100 &pdu->h245Control.item[i]);
1101 if (ret < 0)
1102 return -1;
1103 }
1104 }
1105
1106 return 0;
1107 }
1108
1109 /****************************************************************************/
1110 static int q931_help(struct sk_buff **pskb, struct ip_conntrack *ct,
1111 enum ip_conntrack_info ctinfo)
1112 {
1113 static Q931 q931;
1114 unsigned char *data = NULL;
1115 int datalen;
1116 int dataoff;
1117 int ret;
1118
1119 /* Until there's been traffic both ways, don't look in packets. */
1120 if (ctinfo != IP_CT_ESTABLISHED
1121 && ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) {
1122 return NF_ACCEPT;
1123 }
1124 DEBUGP("ip_ct_q931: skblen = %u\n", (*pskb)->len);
1125
1126 spin_lock_bh(&ip_h323_lock);
1127
1128 /* Process each TPKT */
1129 while (get_tpkt_data(pskb, ct, ctinfo, &data, &datalen, &dataoff)) {
1130 DEBUGP("ip_ct_q931: TPKT %u.%u.%u.%u->%u.%u.%u.%u, len=%d\n",
1131 NIPQUAD((*pskb)->nh.iph->saddr),
1132 NIPQUAD((*pskb)->nh.iph->daddr), datalen);
1133
1134 /* Decode Q.931 signal */
1135 ret = DecodeQ931(data, datalen, &q931);
1136 if (ret < 0) {
1137 if (net_ratelimit())
1138 printk("ip_ct_q931: decoding error: %s\n",
1139 ret == H323_ERROR_BOUND ?
1140 "out of bound" : "out of range");
1141 /* We don't drop when decoding error */
1142 break;
1143 }
1144
1145 /* Process Q.931 signal */
1146 if (process_q931(pskb, ct, ctinfo, &data, dataoff, &q931) < 0)
1147 goto drop;
1148 }
1149
1150 spin_unlock_bh(&ip_h323_lock);
1151 return NF_ACCEPT;
1152
1153 drop:
1154 spin_unlock_bh(&ip_h323_lock);
1155 if (net_ratelimit())
1156 printk("ip_ct_q931: packet dropped\n");
1157 return NF_DROP;
1158 }
1159
1160 /****************************************************************************/
1161 static struct ip_conntrack_helper ip_conntrack_helper_q931 = {
1162 .name = "Q.931",
1163 .me = THIS_MODULE,
1164 .max_expected = H323_RTP_CHANNEL_MAX * 4 + 4 /* T.120 and H.245 */ ,
1165 .timeout = 240,
1166 .tuple = {.src = {.u = {.tcp = {.port = __constant_htons(Q931_PORT)}}},
1167 .dst = {.protonum = IPPROTO_TCP}},
1168 .mask = {.src = {.u = {0xFFFF}},
1169 .dst = {.protonum = 0xFF}},
1170 .help = q931_help
1171 };
1172
1173 /****************************************************************************/
1174 void ip_conntrack_q931_expect(struct ip_conntrack *new,
1175 struct ip_conntrack_expect *this)
1176 {
1177 write_lock_bh(&ip_conntrack_lock);
1178 new->helper = &ip_conntrack_helper_q931;
1179 write_unlock_bh(&ip_conntrack_lock);
1180 }
1181
1182 /****************************************************************************/
1183 static unsigned char *get_udp_data(struct sk_buff **pskb, int *datalen)
1184 {
1185 struct udphdr _uh, *uh;
1186 int dataoff;
1187
1188 uh = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl * 4, sizeof(_uh),
1189 &_uh);
1190 if (uh == NULL)
1191 return NULL;
1192 dataoff = (*pskb)->nh.iph->ihl * 4 + sizeof(_uh);
1193 if (dataoff >= (*pskb)->len)
1194 return NULL;
1195 *datalen = (*pskb)->len - dataoff;
1196 return skb_header_pointer(*pskb, dataoff, *datalen, h323_buffer);
1197 }
1198
1199 /****************************************************************************/
1200 static struct ip_conntrack_expect *find_expect(struct ip_conntrack *ct,
1201 __be32 ip, u_int16_t port)
1202 {
1203 struct ip_conntrack_expect *exp;
1204 struct ip_conntrack_tuple tuple;
1205
1206 tuple.src.ip = 0;
1207 tuple.src.u.tcp.port = 0;
1208 tuple.dst.ip = ip;
1209 tuple.dst.u.tcp.port = htons(port);
1210 tuple.dst.protonum = IPPROTO_TCP;
1211
1212 exp = __ip_conntrack_expect_find(&tuple);
1213 if (exp && exp->master == ct)
1214 return exp;
1215 return NULL;
1216 }
1217
1218 /****************************************************************************/
1219 static int set_expect_timeout(struct ip_conntrack_expect *exp,
1220 unsigned timeout)
1221 {
1222 if (!exp || !del_timer(&exp->timeout))
1223 return 0;
1224
1225 exp->timeout.expires = jiffies + timeout * HZ;
1226 add_timer(&exp->timeout);
1227
1228 return 1;
1229 }
1230
1231 /****************************************************************************/
1232 static int expect_q931(struct sk_buff **pskb, struct ip_conntrack *ct,
1233 enum ip_conntrack_info ctinfo,
1234 unsigned char **data,
1235 TransportAddress * addr, int count)
1236 {
1237 struct ip_ct_h323_master *info = &ct->help.ct_h323_info;
1238 int dir = CTINFO2DIR(ctinfo);
1239 int ret = 0;
1240 int i;
1241 __be32 ip;
1242 u_int16_t port;
1243 struct ip_conntrack_expect *exp;
1244 typeof(nat_q931_hook) nat_q931;
1245
1246 /* Look for the first related address */
1247 for (i = 0; i < count; i++) {
1248 if (get_h225_addr(*data, &addr[i], &ip, &port) &&
1249 ip == ct->tuplehash[dir].tuple.src.ip && port != 0)
1250 break;
1251 }
1252
1253 if (i >= count) /* Not found */
1254 return 0;
1255
1256 /* Create expect for Q.931 */
1257 if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
1258 return -1;
1259 exp->tuple.src.ip = gkrouted_only ? /* only accept calls from GK? */
1260 ct->tuplehash[!dir].tuple.src.ip : 0;
1261 exp->tuple.src.u.tcp.port = 0;
1262 exp->tuple.dst.ip = ct->tuplehash[!dir].tuple.dst.ip;
1263 exp->tuple.dst.u.tcp.port = htons(port);
1264 exp->tuple.dst.protonum = IPPROTO_TCP;
1265 exp->mask.src.ip = gkrouted_only ? htonl(0xFFFFFFFF) : 0;
1266 exp->mask.src.u.tcp.port = 0;
1267 exp->mask.dst.ip = htonl(0xFFFFFFFF);
1268 exp->mask.dst.u.tcp.port = htons(0xFFFF);
1269 exp->mask.dst.protonum = 0xFF;
1270 exp->flags = IP_CT_EXPECT_PERMANENT; /* Accept multiple calls */
1271
1272 nat_q931 = rcu_dereference(nat_q931_hook);
1273 if (nat_q931) { /* Need NAT */
1274 ret = nat_q931(pskb, ct, ctinfo, data, addr, i, port, exp);
1275 } else { /* Conntrack only */
1276 exp->expectfn = ip_conntrack_q931_expect;
1277
1278 if (ip_conntrack_expect_related(exp) == 0) {
1279 DEBUGP("ip_ct_ras: expect Q.931 "
1280 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
1281 NIPQUAD(exp->tuple.src.ip),
1282 ntohs(exp->tuple.src.u.tcp.port),
1283 NIPQUAD(exp->tuple.dst.ip),
1284 ntohs(exp->tuple.dst.u.tcp.port));
1285
1286 /* Save port for looking up expect in processing RCF */
1287 info->sig_port[dir] = port;
1288 } else
1289 ret = -1;
1290 }
1291
1292 ip_conntrack_expect_put(exp);
1293
1294 return ret;
1295 }
1296
1297 /****************************************************************************/
1298 static int process_grq(struct sk_buff **pskb, struct ip_conntrack *ct,
1299 enum ip_conntrack_info ctinfo,
1300 unsigned char **data, GatekeeperRequest * grq)
1301 {
1302 typeof(set_ras_addr_hook) set_ras_addr;
1303
1304 DEBUGP("ip_ct_ras: GRQ\n");
1305
1306 set_ras_addr = rcu_dereference(set_ras_addr_hook);
1307 if (set_ras_addr) /* NATed */
1308 return set_ras_addr(pskb, ct, ctinfo, data,
1309 &grq->rasAddress, 1);
1310 return 0;
1311 }
1312
1313 /* Declare before using */
1314 static void ip_conntrack_ras_expect(struct ip_conntrack *new,
1315 struct ip_conntrack_expect *this);
1316
1317 /****************************************************************************/
1318 static int process_gcf(struct sk_buff **pskb, struct ip_conntrack *ct,
1319 enum ip_conntrack_info ctinfo,
1320 unsigned char **data, GatekeeperConfirm * gcf)
1321 {
1322 int dir = CTINFO2DIR(ctinfo);
1323 int ret = 0;
1324 __be32 ip;
1325 u_int16_t port;
1326 struct ip_conntrack_expect *exp;
1327
1328 DEBUGP("ip_ct_ras: GCF\n");
1329
1330 if (!get_h225_addr(*data, &gcf->rasAddress, &ip, &port))
1331 return 0;
1332
1333 /* Registration port is the same as discovery port */
1334 if (ip == ct->tuplehash[dir].tuple.src.ip &&
1335 port == ntohs(ct->tuplehash[dir].tuple.src.u.udp.port))
1336 return 0;
1337
1338 /* Avoid RAS expectation loops. A GCF is never expected. */
1339 if (test_bit(IPS_EXPECTED_BIT, &ct->status))
1340 return 0;
1341
1342 /* Need new expect */
1343 if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
1344 return -1;
1345 exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
1346 exp->tuple.src.u.tcp.port = 0;
1347 exp->tuple.dst.ip = ip;
1348 exp->tuple.dst.u.tcp.port = htons(port);
1349 exp->tuple.dst.protonum = IPPROTO_UDP;
1350 exp->mask.src.ip = htonl(0xFFFFFFFF);
1351 exp->mask.src.u.tcp.port = 0;
1352 exp->mask.dst.ip = htonl(0xFFFFFFFF);
1353 exp->mask.dst.u.tcp.port = htons(0xFFFF);
1354 exp->mask.dst.protonum = 0xFF;
1355 exp->flags = 0;
1356 exp->expectfn = ip_conntrack_ras_expect;
1357 if (ip_conntrack_expect_related(exp) == 0) {
1358 DEBUGP("ip_ct_ras: expect RAS "
1359 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
1360 NIPQUAD(exp->tuple.src.ip),
1361 ntohs(exp->tuple.src.u.tcp.port),
1362 NIPQUAD(exp->tuple.dst.ip),
1363 ntohs(exp->tuple.dst.u.tcp.port));
1364 } else
1365 ret = -1;
1366
1367 ip_conntrack_expect_put(exp);
1368
1369 return ret;
1370 }
1371
1372 /****************************************************************************/
1373 static int process_rrq(struct sk_buff **pskb, struct ip_conntrack *ct,
1374 enum ip_conntrack_info ctinfo,
1375 unsigned char **data, RegistrationRequest * rrq)
1376 {
1377 struct ip_ct_h323_master *info = &ct->help.ct_h323_info;
1378 int ret;
1379 typeof(set_ras_addr_hook) set_ras_addr;
1380
1381 DEBUGP("ip_ct_ras: RRQ\n");
1382
1383 ret = expect_q931(pskb, ct, ctinfo, data,
1384 rrq->callSignalAddress.item,
1385 rrq->callSignalAddress.count);
1386 if (ret < 0)
1387 return -1;
1388
1389 set_ras_addr = rcu_dereference(set_ras_addr_hook);
1390 if (set_ras_addr) {
1391 ret = set_ras_addr(pskb, ct, ctinfo, data,
1392 rrq->rasAddress.item,
1393 rrq->rasAddress.count);
1394 if (ret < 0)
1395 return -1;
1396 }
1397
1398 if (rrq->options & eRegistrationRequest_timeToLive) {
1399 DEBUGP("ip_ct_ras: RRQ TTL = %u seconds\n", rrq->timeToLive);
1400 info->timeout = rrq->timeToLive;
1401 } else
1402 info->timeout = default_rrq_ttl;
1403
1404 return 0;
1405 }
1406
1407 /****************************************************************************/
1408 static int process_rcf(struct sk_buff **pskb, struct ip_conntrack *ct,
1409 enum ip_conntrack_info ctinfo,
1410 unsigned char **data, RegistrationConfirm * rcf)
1411 {
1412 struct ip_ct_h323_master *info = &ct->help.ct_h323_info;
1413 int dir = CTINFO2DIR(ctinfo);
1414 int ret;
1415 struct ip_conntrack_expect *exp;
1416 typeof(set_sig_addr_hook) set_sig_addr;
1417
1418 DEBUGP("ip_ct_ras: RCF\n");
1419
1420 set_sig_addr = rcu_dereference(set_sig_addr_hook);
1421 if (set_sig_addr) {
1422 ret = set_sig_addr(pskb, ct, ctinfo, data,
1423 rcf->callSignalAddress.item,
1424 rcf->callSignalAddress.count);
1425 if (ret < 0)
1426 return -1;
1427 }
1428
1429 if (rcf->options & eRegistrationConfirm_timeToLive) {
1430 DEBUGP("ip_ct_ras: RCF TTL = %u seconds\n", rcf->timeToLive);
1431 info->timeout = rcf->timeToLive;
1432 }
1433
1434 if (info->timeout > 0) {
1435 DEBUGP
1436 ("ip_ct_ras: set RAS connection timeout to %u seconds\n",
1437 info->timeout);
1438 ip_ct_refresh(ct, *pskb, info->timeout * HZ);
1439
1440 /* Set expect timeout */
1441 read_lock_bh(&ip_conntrack_lock);
1442 exp = find_expect(ct, ct->tuplehash[dir].tuple.dst.ip,
1443 info->sig_port[!dir]);
1444 if (exp) {
1445 DEBUGP("ip_ct_ras: set Q.931 expect "
1446 "(%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu) "
1447 "timeout to %u seconds\n",
1448 NIPQUAD(exp->tuple.src.ip),
1449 ntohs(exp->tuple.src.u.tcp.port),
1450 NIPQUAD(exp->tuple.dst.ip),
1451 ntohs(exp->tuple.dst.u.tcp.port),
1452 info->timeout);
1453 set_expect_timeout(exp, info->timeout);
1454 }
1455 read_unlock_bh(&ip_conntrack_lock);
1456 }
1457
1458 return 0;
1459 }
1460
1461 /****************************************************************************/
1462 static int process_urq(struct sk_buff **pskb, struct ip_conntrack *ct,
1463 enum ip_conntrack_info ctinfo,
1464 unsigned char **data, UnregistrationRequest * urq)
1465 {
1466 struct ip_ct_h323_master *info = &ct->help.ct_h323_info;
1467 int dir = CTINFO2DIR(ctinfo);
1468 int ret;
1469 typeof(set_sig_addr_hook) set_sig_addr;
1470
1471 DEBUGP("ip_ct_ras: URQ\n");
1472
1473 set_sig_addr = rcu_dereference(set_sig_addr_hook);
1474 if (set_sig_addr) {
1475 ret = set_sig_addr(pskb, ct, ctinfo, data,
1476 urq->callSignalAddress.item,
1477 urq->callSignalAddress.count);
1478 if (ret < 0)
1479 return -1;
1480 }
1481
1482 /* Clear old expect */
1483 ip_ct_remove_expectations(ct);
1484 info->sig_port[dir] = 0;
1485 info->sig_port[!dir] = 0;
1486
1487 /* Give it 30 seconds for UCF or URJ */
1488 ip_ct_refresh(ct, *pskb, 30 * HZ);
1489
1490 return 0;
1491 }
1492
1493 /****************************************************************************/
1494 static int process_arq(struct sk_buff **pskb, struct ip_conntrack *ct,
1495 enum ip_conntrack_info ctinfo,
1496 unsigned char **data, AdmissionRequest * arq)
1497 {
1498 struct ip_ct_h323_master *info = &ct->help.ct_h323_info;
1499 int dir = CTINFO2DIR(ctinfo);
1500 __be32 ip;
1501 u_int16_t port;
1502 typeof(set_h225_addr_hook) set_h225_addr;
1503
1504 DEBUGP("ip_ct_ras: ARQ\n");
1505
1506 set_h225_addr = rcu_dereference(set_h225_addr_hook);
1507 if ((arq->options & eAdmissionRequest_destCallSignalAddress) &&
1508 get_h225_addr(*data, &arq->destCallSignalAddress, &ip, &port) &&
1509 ip == ct->tuplehash[dir].tuple.src.ip &&
1510 port == info->sig_port[dir] && set_h225_addr) {
1511 /* Answering ARQ */
1512 return set_h225_addr(pskb, data, 0,
1513 &arq->destCallSignalAddress,
1514 ct->tuplehash[!dir].tuple.dst.ip,
1515 info->sig_port[!dir]);
1516 }
1517
1518 if ((arq->options & eAdmissionRequest_srcCallSignalAddress) &&
1519 get_h225_addr(*data, &arq->srcCallSignalAddress, &ip, &port) &&
1520 ip == ct->tuplehash[dir].tuple.src.ip && set_h225_addr) {
1521 /* Calling ARQ */
1522 return set_h225_addr(pskb, data, 0,
1523 &arq->srcCallSignalAddress,
1524 ct->tuplehash[!dir].tuple.dst.ip,
1525 port);
1526 }
1527
1528 return 0;
1529 }
1530
1531 /****************************************************************************/
1532 static int process_acf(struct sk_buff **pskb, struct ip_conntrack *ct,
1533 enum ip_conntrack_info ctinfo,
1534 unsigned char **data, AdmissionConfirm * acf)
1535 {
1536 int dir = CTINFO2DIR(ctinfo);
1537 int ret = 0;
1538 __be32 ip;
1539 u_int16_t port;
1540 struct ip_conntrack_expect *exp;
1541 typeof(set_sig_addr_hook) set_sig_addr;
1542
1543 DEBUGP("ip_ct_ras: ACF\n");
1544
1545 if (!get_h225_addr(*data, &acf->destCallSignalAddress, &ip, &port))
1546 return 0;
1547
1548 if (ip == ct->tuplehash[dir].tuple.dst.ip) { /* Answering ACF */
1549 set_sig_addr = rcu_dereference(set_sig_addr_hook);
1550 if (set_sig_addr)
1551 return set_sig_addr(pskb, ct, ctinfo, data,
1552 &acf->destCallSignalAddress, 1);
1553 return 0;
1554 }
1555
1556 /* Need new expect */
1557 if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
1558 return -1;
1559 exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
1560 exp->tuple.src.u.tcp.port = 0;
1561 exp->tuple.dst.ip = ip;
1562 exp->tuple.dst.u.tcp.port = htons(port);
1563 exp->tuple.dst.protonum = IPPROTO_TCP;
1564 exp->mask.src.ip = htonl(0xFFFFFFFF);
1565 exp->mask.src.u.tcp.port = 0;
1566 exp->mask.dst.ip = htonl(0xFFFFFFFF);
1567 exp->mask.dst.u.tcp.port = htons(0xFFFF);
1568 exp->mask.dst.protonum = 0xFF;
1569 exp->flags = IP_CT_EXPECT_PERMANENT;
1570 exp->expectfn = ip_conntrack_q931_expect;
1571
1572 if (ip_conntrack_expect_related(exp) == 0) {
1573 DEBUGP("ip_ct_ras: expect Q.931 "
1574 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
1575 NIPQUAD(exp->tuple.src.ip),
1576 ntohs(exp->tuple.src.u.tcp.port),
1577 NIPQUAD(exp->tuple.dst.ip),
1578 ntohs(exp->tuple.dst.u.tcp.port));
1579 } else
1580 ret = -1;
1581
1582 ip_conntrack_expect_put(exp);
1583
1584 return ret;
1585 }
1586
1587 /****************************************************************************/
1588 static int process_lrq(struct sk_buff **pskb, struct ip_conntrack *ct,
1589 enum ip_conntrack_info ctinfo,
1590 unsigned char **data, LocationRequest * lrq)
1591 {
1592 typeof(set_ras_addr_hook) set_ras_addr;
1593
1594 DEBUGP("ip_ct_ras: LRQ\n");
1595
1596 set_ras_addr = rcu_dereference(set_ras_addr_hook);
1597 if (set_ras_addr)
1598 return set_ras_addr(pskb, ct, ctinfo, data,
1599 &lrq->replyAddress, 1);
1600 return 0;
1601 }
1602
1603 /****************************************************************************/
1604 static int process_lcf(struct sk_buff **pskb, struct ip_conntrack *ct,
1605 enum ip_conntrack_info ctinfo,
1606 unsigned char **data, LocationConfirm * lcf)
1607 {
1608 int dir = CTINFO2DIR(ctinfo);
1609 int ret = 0;
1610 __be32 ip;
1611 u_int16_t port;
1612 struct ip_conntrack_expect *exp = NULL;
1613
1614 DEBUGP("ip_ct_ras: LCF\n");
1615
1616 if (!get_h225_addr(*data, &lcf->callSignalAddress, &ip, &port))
1617 return 0;
1618
1619 /* Need new expect for call signal */
1620 if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
1621 return -1;
1622 exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
1623 exp->tuple.src.u.tcp.port = 0;
1624 exp->tuple.dst.ip = ip;
1625 exp->tuple.dst.u.tcp.port = htons(port);
1626 exp->tuple.dst.protonum = IPPROTO_TCP;
1627 exp->mask.src.ip = htonl(0xFFFFFFFF);
1628 exp->mask.src.u.tcp.port = 0;
1629 exp->mask.dst.ip = htonl(0xFFFFFFFF);
1630 exp->mask.dst.u.tcp.port = htons(0xFFFF);
1631 exp->mask.dst.protonum = 0xFF;
1632 exp->flags = IP_CT_EXPECT_PERMANENT;
1633 exp->expectfn = ip_conntrack_q931_expect;
1634
1635 if (ip_conntrack_expect_related(exp) == 0) {
1636 DEBUGP("ip_ct_ras: expect Q.931 "
1637 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
1638 NIPQUAD(exp->tuple.src.ip),
1639 ntohs(exp->tuple.src.u.tcp.port),
1640 NIPQUAD(exp->tuple.dst.ip),
1641 ntohs(exp->tuple.dst.u.tcp.port));
1642 } else
1643 ret = -1;
1644
1645 ip_conntrack_expect_put(exp);
1646
1647 /* Ignore rasAddress */
1648
1649 return ret;
1650 }
1651
1652 /****************************************************************************/
1653 static int process_irr(struct sk_buff **pskb, struct ip_conntrack *ct,
1654 enum ip_conntrack_info ctinfo,
1655 unsigned char **data, InfoRequestResponse * irr)
1656 {
1657 int ret;
1658 typeof(set_ras_addr_hook) set_ras_addr;
1659 typeof(set_sig_addr_hook) set_sig_addr;
1660
1661 DEBUGP("ip_ct_ras: IRR\n");
1662
1663 set_ras_addr = rcu_dereference(set_ras_addr_hook);
1664 if (set_ras_addr) {
1665 ret = set_ras_addr(pskb, ct, ctinfo, data,
1666 &irr->rasAddress, 1);
1667 if (ret < 0)
1668 return -1;
1669 }
1670
1671 set_sig_addr = rcu_dereference(set_sig_addr_hook);
1672 if (set_sig_addr) {
1673 ret = set_sig_addr(pskb, ct, ctinfo, data,
1674 irr->callSignalAddress.item,
1675 irr->callSignalAddress.count);
1676 if (ret < 0)
1677 return -1;
1678 }
1679
1680 return 0;
1681 }
1682
1683 /****************************************************************************/
1684 static int process_ras(struct sk_buff **pskb, struct ip_conntrack *ct,
1685 enum ip_conntrack_info ctinfo,
1686 unsigned char **data, RasMessage * ras)
1687 {
1688 switch (ras->choice) {
1689 case eRasMessage_gatekeeperRequest:
1690 return process_grq(pskb, ct, ctinfo, data,
1691 &ras->gatekeeperRequest);
1692 case eRasMessage_gatekeeperConfirm:
1693 return process_gcf(pskb, ct, ctinfo, data,
1694 &ras->gatekeeperConfirm);
1695 case eRasMessage_registrationRequest:
1696 return process_rrq(pskb, ct, ctinfo, data,
1697 &ras->registrationRequest);
1698 case eRasMessage_registrationConfirm:
1699 return process_rcf(pskb, ct, ctinfo, data,
1700 &ras->registrationConfirm);
1701 case eRasMessage_unregistrationRequest:
1702 return process_urq(pskb, ct, ctinfo, data,
1703 &ras->unregistrationRequest);
1704 case eRasMessage_admissionRequest:
1705 return process_arq(pskb, ct, ctinfo, data,
1706 &ras->admissionRequest);
1707 case eRasMessage_admissionConfirm:
1708 return process_acf(pskb, ct, ctinfo, data,
1709 &ras->admissionConfirm);
1710 case eRasMessage_locationRequest:
1711 return process_lrq(pskb, ct, ctinfo, data,
1712 &ras->locationRequest);
1713 case eRasMessage_locationConfirm:
1714 return process_lcf(pskb, ct, ctinfo, data,
1715 &ras->locationConfirm);
1716 case eRasMessage_infoRequestResponse:
1717 return process_irr(pskb, ct, ctinfo, data,
1718 &ras->infoRequestResponse);
1719 default:
1720 DEBUGP("ip_ct_ras: RAS message %d\n", ras->choice);
1721 break;
1722 }
1723
1724 return 0;
1725 }
1726
1727 /****************************************************************************/
1728 static int ras_help(struct sk_buff **pskb, struct ip_conntrack *ct,
1729 enum ip_conntrack_info ctinfo)
1730 {
1731 static RasMessage ras;
1732 unsigned char *data;
1733 int datalen = 0;
1734 int ret;
1735
1736 DEBUGP("ip_ct_ras: skblen = %u\n", (*pskb)->len);
1737
1738 spin_lock_bh(&ip_h323_lock);
1739
1740 /* Get UDP data */
1741 data = get_udp_data(pskb, &datalen);
1742 if (data == NULL)
1743 goto accept;
1744 DEBUGP("ip_ct_ras: RAS message %u.%u.%u.%u->%u.%u.%u.%u, len=%d\n",
1745 NIPQUAD((*pskb)->nh.iph->saddr),
1746 NIPQUAD((*pskb)->nh.iph->daddr), datalen);
1747
1748 /* Decode RAS message */
1749 ret = DecodeRasMessage(data, datalen, &ras);
1750 if (ret < 0) {
1751 if (net_ratelimit())
1752 printk("ip_ct_ras: decoding error: %s\n",
1753 ret == H323_ERROR_BOUND ?
1754 "out of bound" : "out of range");
1755 goto accept;
1756 }
1757
1758 /* Process RAS message */
1759 if (process_ras(pskb, ct, ctinfo, &data, &ras) < 0)
1760 goto drop;
1761
1762 accept:
1763 spin_unlock_bh(&ip_h323_lock);
1764 return NF_ACCEPT;
1765
1766 drop:
1767 spin_unlock_bh(&ip_h323_lock);
1768 if (net_ratelimit())
1769 printk("ip_ct_ras: packet dropped\n");
1770 return NF_DROP;
1771 }
1772
1773 /****************************************************************************/
1774 static struct ip_conntrack_helper ip_conntrack_helper_ras = {
1775 .name = "RAS",
1776 .me = THIS_MODULE,
1777 .max_expected = 32,
1778 .timeout = 240,
1779 .tuple = {.src = {.u = {.tcp = {.port = __constant_htons(RAS_PORT)}}},
1780 .dst = {.protonum = IPPROTO_UDP}},
1781 .mask = {.src = {.u = {0xFFFE}},
1782 .dst = {.protonum = 0xFF}},
1783 .help = ras_help,
1784 };
1785
1786 /****************************************************************************/
1787 static void ip_conntrack_ras_expect(struct ip_conntrack *new,
1788 struct ip_conntrack_expect *this)
1789 {
1790 write_lock_bh(&ip_conntrack_lock);
1791 new->helper = &ip_conntrack_helper_ras;
1792 write_unlock_bh(&ip_conntrack_lock);
1793 }
1794
1795 /****************************************************************************/
1796 /* Not __exit - called from init() */
1797 static void fini(void)
1798 {
1799 ip_conntrack_helper_unregister(&ip_conntrack_helper_ras);
1800 ip_conntrack_helper_unregister(&ip_conntrack_helper_q931);
1801 kfree(h323_buffer);
1802 DEBUGP("ip_ct_h323: fini\n");
1803 }
1804
1805 /****************************************************************************/
1806 static int __init init(void)
1807 {
1808 int ret;
1809
1810 h323_buffer = kmalloc(65536, GFP_KERNEL);
1811 if (!h323_buffer)
1812 return -ENOMEM;
1813 if ((ret = ip_conntrack_helper_register(&ip_conntrack_helper_q931)) ||
1814 (ret = ip_conntrack_helper_register(&ip_conntrack_helper_ras))) {
1815 fini();
1816 return ret;
1817 }
1818 DEBUGP("ip_ct_h323: init success\n");
1819 return 0;
1820 }
1821
1822 /****************************************************************************/
1823 module_init(init);
1824 module_exit(fini);
1825
1826 EXPORT_SYMBOL_GPL(get_h225_addr);
1827 EXPORT_SYMBOL_GPL(ip_conntrack_h245_expect);
1828 EXPORT_SYMBOL_GPL(ip_conntrack_q931_expect);
1829 EXPORT_SYMBOL_GPL(set_h245_addr_hook);
1830 EXPORT_SYMBOL_GPL(set_h225_addr_hook);
1831 EXPORT_SYMBOL_GPL(set_sig_addr_hook);
1832 EXPORT_SYMBOL_GPL(set_ras_addr_hook);
1833 EXPORT_SYMBOL_GPL(nat_rtp_rtcp_hook);
1834 EXPORT_SYMBOL_GPL(nat_t120_hook);
1835 EXPORT_SYMBOL_GPL(nat_h245_hook);
1836 EXPORT_SYMBOL_GPL(nat_callforwarding_hook);
1837 EXPORT_SYMBOL_GPL(nat_q931_hook);
1838
1839 MODULE_AUTHOR("Jing Min Zhao <zhaojingmin@users.sourceforge.net>");
1840 MODULE_DESCRIPTION("H.323 connection tracking helper");
1841 MODULE_LICENSE("GPL");
Linux kernel - Deliverables
This page took 0.095625 seconds and 5 git commands to generate.