Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
nf_conntrack_h323_main.c
Go to the documentation of this file.
1 /*
2  * H.323 connection tracking helper
3  *
4  * Copyright (c) 2006 Jing Min Zhao <[email protected]>
5  *
6  * This source code is licensed under General Public License version 2.
7  *
8  * Based on the 'brute force' H.323 connection tracking module by
9  * Jozsef Kadlecsik <[email protected]>
10  *
11  * For more information, please see http://nath323.sourceforge.net/
12  */
13 
14 #include <linux/module.h>
15 #include <linux/moduleparam.h>
16 #include <linux/ctype.h>
17 #include <linux/inet.h>
18 #include <linux/in.h>
19 #include <linux/ip.h>
20 #include <linux/slab.h>
21 #include <linux/udp.h>
22 #include <linux/tcp.h>
23 #include <linux/skbuff.h>
24 #include <net/route.h>
25 #include <net/ip6_route.h>
26 
27 #include <net/netfilter/nf_conntrack.h>
28 #include <net/netfilter/nf_conntrack_core.h>
29 #include <net/netfilter/nf_conntrack_tuple.h>
30 #include <net/netfilter/nf_conntrack_expect.h>
31 #include <net/netfilter/nf_conntrack_ecache.h>
32 #include <net/netfilter/nf_conntrack_helper.h>
33 #include <net/netfilter/nf_conntrack_zones.h>
34 #include <linux/netfilter/nf_conntrack_h323.h>
35 
36 /* Parameters */
37 static unsigned int default_rrq_ttl __read_mostly = 300;
38 module_param(default_rrq_ttl, uint, 0600);
39 MODULE_PARM_DESC(default_rrq_ttl, "use this TTL if it's missing in RRQ");
40 
41 static int gkrouted_only __read_mostly = 1;
42 module_param(gkrouted_only, int, 0600);
43 MODULE_PARM_DESC(gkrouted_only, "only accept calls from gatekeeper");
44 
45 static bool callforward_filter __read_mostly = true;
46 module_param(callforward_filter, bool, 0600);
47 MODULE_PARM_DESC(callforward_filter, "only create call forwarding expectations "
48  "if both endpoints are on different sides "
49  "(determined by routing information)");
50 
51 /* Hooks for NAT */
52 int (*set_h245_addr_hook) (struct sk_buff *skb, unsigned int protoff,
53  unsigned char **data, int dataoff,
54  H245_TransportAddress *taddr,
55  union nf_inet_addr *addr, __be16 port)
56  __read_mostly;
57 int (*set_h225_addr_hook) (struct sk_buff *skb, unsigned int protoff,
58  unsigned char **data, int dataoff,
59  TransportAddress *taddr,
60  union nf_inet_addr *addr, __be16 port)
61  __read_mostly;
62 int (*set_sig_addr_hook) (struct sk_buff *skb,
63  struct nf_conn *ct,
64  enum ip_conntrack_info ctinfo,
65  unsigned int protoff, unsigned char **data,
66  TransportAddress *taddr, int count) __read_mostly;
67 int (*set_ras_addr_hook) (struct sk_buff *skb,
68  struct nf_conn *ct,
69  enum ip_conntrack_info ctinfo,
70  unsigned int protoff, unsigned char **data,
71  TransportAddress *taddr, int count) __read_mostly;
72 int (*nat_rtp_rtcp_hook) (struct sk_buff *skb,
73  struct nf_conn *ct,
74  enum ip_conntrack_info ctinfo,
75  unsigned int protoff,
76  unsigned char **data, int dataoff,
77  H245_TransportAddress *taddr,
78  __be16 port, __be16 rtp_port,
79  struct nf_conntrack_expect *rtp_exp,
80  struct nf_conntrack_expect *rtcp_exp) __read_mostly;
81 int (*nat_t120_hook) (struct sk_buff *skb,
82  struct nf_conn *ct,
83  enum ip_conntrack_info ctinfo,
84  unsigned int protoff,
85  unsigned char **data, int dataoff,
86  H245_TransportAddress *taddr, __be16 port,
87  struct nf_conntrack_expect *exp) __read_mostly;
88 int (*nat_h245_hook) (struct sk_buff *skb,
89  struct nf_conn *ct,
90  enum ip_conntrack_info ctinfo,
91  unsigned int protoff,
92  unsigned char **data, int dataoff,
93  TransportAddress *taddr, __be16 port,
94  struct nf_conntrack_expect *exp) __read_mostly;
95 int (*nat_callforwarding_hook) (struct sk_buff *skb,
96  struct nf_conn *ct,
97  enum ip_conntrack_info ctinfo,
98  unsigned int protoff,
99  unsigned char **data, int dataoff,
100  TransportAddress *taddr, __be16 port,
101  struct nf_conntrack_expect *exp) __read_mostly;
102 int (*nat_q931_hook) (struct sk_buff *skb,
103  struct nf_conn *ct,
104  enum ip_conntrack_info ctinfo,
105  unsigned int protoff,
106  unsigned char **data, TransportAddress *taddr, int idx,
107  __be16 port, struct nf_conntrack_expect *exp)
108  __read_mostly;
109 
110 static DEFINE_SPINLOCK(nf_h323_lock);
111 static char *h323_buffer;
112 
113 static struct nf_conntrack_helper nf_conntrack_helper_h245;
114 static struct nf_conntrack_helper nf_conntrack_helper_q931[];
115 static struct nf_conntrack_helper nf_conntrack_helper_ras[];
116 
117 /****************************************************************************/
118 static int get_tpkt_data(struct sk_buff *skb, unsigned int protoff,
119  struct nf_conn *ct, enum ip_conntrack_info ctinfo,
120  unsigned char **data, int *datalen, int *dataoff)
121 {
122  struct nf_ct_h323_master *info = nfct_help_data(ct);
123  int dir = CTINFO2DIR(ctinfo);
124  const struct tcphdr *th;
125  struct tcphdr _tcph;
126  int tcpdatalen;
127  int tcpdataoff;
128  unsigned char *tpkt;
129  int tpktlen;
130  int tpktoff;
131 
132  /* Get TCP header */
133  th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph);
134  if (th == NULL)
135  return 0;
136 
137  /* Get TCP data offset */
138  tcpdataoff = protoff + th->doff * 4;
139 
140  /* Get TCP data length */
141  tcpdatalen = skb->len - tcpdataoff;
142  if (tcpdatalen <= 0) /* No TCP data */
143  goto clear_out;
144 
145  if (*data == NULL) { /* first TPKT */
146  /* Get first TPKT pointer */
147  tpkt = skb_header_pointer(skb, tcpdataoff, tcpdatalen,
148  h323_buffer);
149  BUG_ON(tpkt == NULL);
150 
151  /* Validate TPKT identifier */
152  if (tcpdatalen < 4 || tpkt[0] != 0x03 || tpkt[1] != 0) {
153  /* Netmeeting sends TPKT header and data separately */
154  if (info->tpkt_len[dir] > 0) {
155  pr_debug("nf_ct_h323: previous packet "
156  "indicated separate TPKT data of %hu "
157  "bytes\n", info->tpkt_len[dir]);
158  if (info->tpkt_len[dir] <= tcpdatalen) {
159  /* Yes, there was a TPKT header
160  * received */
161  *data = tpkt;
162  *datalen = info->tpkt_len[dir];
163  *dataoff = 0;
164  goto out;
165  }
166 
167  /* Fragmented TPKT */
168  pr_debug("nf_ct_h323: fragmented TPKT\n");
169  goto clear_out;
170  }
171 
172  /* It is not even a TPKT */
173  return 0;
174  }
175  tpktoff = 0;
176  } else { /* Next TPKT */
177  tpktoff = *dataoff + *datalen;
178  tcpdatalen -= tpktoff;
179  if (tcpdatalen <= 4) /* No more TPKT */
180  goto clear_out;
181  tpkt = *data + *datalen;
182 
183  /* Validate TPKT identifier */
184  if (tpkt[0] != 0x03 || tpkt[1] != 0)
185  goto clear_out;
186  }
187 
188  /* Validate TPKT length */
189  tpktlen = tpkt[2] * 256 + tpkt[3];
190  if (tpktlen < 4)
191  goto clear_out;
192  if (tpktlen > tcpdatalen) {
193  if (tcpdatalen == 4) { /* Separate TPKT header */
194  /* Netmeeting sends TPKT header and data separately */
195  pr_debug("nf_ct_h323: separate TPKT header indicates "
196  "there will be TPKT data of %hu bytes\n",
197  tpktlen - 4);
198  info->tpkt_len[dir] = tpktlen - 4;
199  return 0;
200  }
201 
202  pr_debug("nf_ct_h323: incomplete TPKT (fragmented?)\n");
203  goto clear_out;
204  }
205 
206  /* This is the encapsulated data */
207  *data = tpkt + 4;
208  *datalen = tpktlen - 4;
209  *dataoff = tpktoff + 4;
210 
211  out:
212  /* Clear TPKT length */
213  info->tpkt_len[dir] = 0;
214  return 1;
215 
216  clear_out:
217  info->tpkt_len[dir] = 0;
218  return 0;
219 }
220 
221 /****************************************************************************/
222 static int get_h245_addr(struct nf_conn *ct, const unsigned char *data,
223  H245_TransportAddress *taddr,
224  union nf_inet_addr *addr, __be16 *port)
225 {
226  const unsigned char *p;
227  int len;
228 
229  if (taddr->choice != eH245_TransportAddress_unicastAddress)
230  return 0;
231 
232  switch (taddr->unicastAddress.choice) {
233  case eUnicastAddress_iPAddress:
234  if (nf_ct_l3num(ct) != AF_INET)
235  return 0;
236  p = data + taddr->unicastAddress.iPAddress.network;
237  len = 4;
238  break;
239  case eUnicastAddress_iP6Address:
240  if (nf_ct_l3num(ct) != AF_INET6)
241  return 0;
242  p = data + taddr->unicastAddress.iP6Address.network;
243  len = 16;
244  break;
245  default:
246  return 0;
247  }
248 
249  memcpy(addr, p, len);
250  memset((void *)addr + len, 0, sizeof(*addr) - len);
251  memcpy(port, p + len, sizeof(__be16));
252 
253  return 1;
254 }
255 
256 /****************************************************************************/
257 static int expect_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
258  enum ip_conntrack_info ctinfo,
259  unsigned int protoff,
260  unsigned char **data, int dataoff,
261  H245_TransportAddress *taddr)
262 {
263  int dir = CTINFO2DIR(ctinfo);
264  int ret = 0;
265  __be16 port;
266  __be16 rtp_port, rtcp_port;
267  union nf_inet_addr addr;
268  struct nf_conntrack_expect *rtp_exp;
269  struct nf_conntrack_expect *rtcp_exp;
270  typeof(nat_rtp_rtcp_hook) nat_rtp_rtcp;
271 
272  /* Read RTP or RTCP address */
273  if (!get_h245_addr(ct, *data, taddr, &addr, &port) ||
274  memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) ||
275  port == 0)
276  return 0;
277 
278  /* RTP port is even */
279  rtp_port = port & ~htons(1);
280  rtcp_port = port | htons(1);
281 
282  /* Create expect for RTP */
283  if ((rtp_exp = nf_ct_expect_alloc(ct)) == NULL)
284  return -1;
285  nf_ct_expect_init(rtp_exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct),
286  &ct->tuplehash[!dir].tuple.src.u3,
287  &ct->tuplehash[!dir].tuple.dst.u3,
288  IPPROTO_UDP, NULL, &rtp_port);
289 
290  /* Create expect for RTCP */
291  if ((rtcp_exp = nf_ct_expect_alloc(ct)) == NULL) {
292  nf_ct_expect_put(rtp_exp);
293  return -1;
294  }
295  nf_ct_expect_init(rtcp_exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct),
296  &ct->tuplehash[!dir].tuple.src.u3,
297  &ct->tuplehash[!dir].tuple.dst.u3,
298  IPPROTO_UDP, NULL, &rtcp_port);
299 
300  if (memcmp(&ct->tuplehash[dir].tuple.src.u3,
301  &ct->tuplehash[!dir].tuple.dst.u3,
302  sizeof(ct->tuplehash[dir].tuple.src.u3)) &&
303  (nat_rtp_rtcp = rcu_dereference(nat_rtp_rtcp_hook)) &&
304  nf_ct_l3num(ct) == NFPROTO_IPV4 &&
305  ct->status & IPS_NAT_MASK) {
306  /* NAT needed */
307  ret = nat_rtp_rtcp(skb, ct, ctinfo, protoff, data, dataoff,
308  taddr, port, rtp_port, rtp_exp, rtcp_exp);
309  } else { /* Conntrack only */
310  if (nf_ct_expect_related(rtp_exp) == 0) {
311  if (nf_ct_expect_related(rtcp_exp) == 0) {
312  pr_debug("nf_ct_h323: expect RTP ");
313  nf_ct_dump_tuple(&rtp_exp->tuple);
314  pr_debug("nf_ct_h323: expect RTCP ");
315  nf_ct_dump_tuple(&rtcp_exp->tuple);
316  } else {
317  nf_ct_unexpect_related(rtp_exp);
318  ret = -1;
319  }
320  } else
321  ret = -1;
322  }
323 
324  nf_ct_expect_put(rtp_exp);
325  nf_ct_expect_put(rtcp_exp);
326 
327  return ret;
328 }
329 
330 /****************************************************************************/
331 static int expect_t120(struct sk_buff *skb,
332  struct nf_conn *ct,
333  enum ip_conntrack_info ctinfo,
334  unsigned int protoff,
335  unsigned char **data, int dataoff,
336  H245_TransportAddress *taddr)
337 {
338  int dir = CTINFO2DIR(ctinfo);
339  int ret = 0;
340  __be16 port;
341  union nf_inet_addr addr;
342  struct nf_conntrack_expect *exp;
343  typeof(nat_t120_hook) nat_t120;
344 
345  /* Read T.120 address */
346  if (!get_h245_addr(ct, *data, taddr, &addr, &port) ||
347  memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) ||
348  port == 0)
349  return 0;
350 
351  /* Create expect for T.120 connections */
352  if ((exp = nf_ct_expect_alloc(ct)) == NULL)
353  return -1;
354  nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct),
355  &ct->tuplehash[!dir].tuple.src.u3,
356  &ct->tuplehash[!dir].tuple.dst.u3,
357  IPPROTO_TCP, NULL, &port);
358  exp->flags = NF_CT_EXPECT_PERMANENT; /* Accept multiple channels */
359 
360  if (memcmp(&ct->tuplehash[dir].tuple.src.u3,
361  &ct->tuplehash[!dir].tuple.dst.u3,
362  sizeof(ct->tuplehash[dir].tuple.src.u3)) &&
363  (nat_t120 = rcu_dereference(nat_t120_hook)) &&
364  nf_ct_l3num(ct) == NFPROTO_IPV4 &&
365  ct->status & IPS_NAT_MASK) {
366  /* NAT needed */
367  ret = nat_t120(skb, ct, ctinfo, protoff, data, dataoff, taddr,
368  port, exp);
369  } else { /* Conntrack only */
370  if (nf_ct_expect_related(exp) == 0) {
371  pr_debug("nf_ct_h323: expect T.120 ");
372  nf_ct_dump_tuple(&exp->tuple);
373  } else
374  ret = -1;
375  }
376 
377  nf_ct_expect_put(exp);
378 
379  return ret;
380 }
381 
382 /****************************************************************************/
383 static int process_h245_channel(struct sk_buff *skb,
384  struct nf_conn *ct,
385  enum ip_conntrack_info ctinfo,
386  unsigned int protoff,
387  unsigned char **data, int dataoff,
388  H2250LogicalChannelParameters *channel)
389 {
390  int ret;
391 
392  if (channel->options & eH2250LogicalChannelParameters_mediaChannel) {
393  /* RTP */
394  ret = expect_rtp_rtcp(skb, ct, ctinfo, protoff, data, dataoff,
395  &channel->mediaChannel);
396  if (ret < 0)
397  return -1;
398  }
399 
400  if (channel->
401  options & eH2250LogicalChannelParameters_mediaControlChannel) {
402  /* RTCP */
403  ret = expect_rtp_rtcp(skb, ct, ctinfo, protoff, data, dataoff,
404  &channel->mediaControlChannel);
405  if (ret < 0)
406  return -1;
407  }
408 
409  return 0;
410 }
411 
412 /****************************************************************************/
413 static int process_olc(struct sk_buff *skb, struct nf_conn *ct,
414  enum ip_conntrack_info ctinfo,
415  unsigned int protoff,
416  unsigned char **data, int dataoff,
417  OpenLogicalChannel *olc)
418 {
419  int ret;
420 
421  pr_debug("nf_ct_h323: OpenLogicalChannel\n");
422 
423  if (olc->forwardLogicalChannelParameters.multiplexParameters.choice ==
424  eOpenLogicalChannel_forwardLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)
425  {
426  ret = process_h245_channel(skb, ct, ctinfo,
427  protoff, data, dataoff,
428  &olc->
429  forwardLogicalChannelParameters.
430  multiplexParameters.
431  h2250LogicalChannelParameters);
432  if (ret < 0)
433  return -1;
434  }
435 
436  if ((olc->options &
437  eOpenLogicalChannel_reverseLogicalChannelParameters) &&
438  (olc->reverseLogicalChannelParameters.options &
439  eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters)
440  && (olc->reverseLogicalChannelParameters.multiplexParameters.
441  choice ==
442  eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters))
443  {
444  ret =
445  process_h245_channel(skb, ct, ctinfo,
446  protoff, data, dataoff,
447  &olc->
448  reverseLogicalChannelParameters.
449  multiplexParameters.
450  h2250LogicalChannelParameters);
451  if (ret < 0)
452  return -1;
453  }
454 
455  if ((olc->options & eOpenLogicalChannel_separateStack) &&
456  olc->forwardLogicalChannelParameters.dataType.choice ==
457  eDataType_data &&
458  olc->forwardLogicalChannelParameters.dataType.data.application.
459  choice == eDataApplicationCapability_application_t120 &&
460  olc->forwardLogicalChannelParameters.dataType.data.application.
461  t120.choice == eDataProtocolCapability_separateLANStack &&
462  olc->separateStack.networkAddress.choice ==
463  eNetworkAccessParameters_networkAddress_localAreaAddress) {
464  ret = expect_t120(skb, ct, ctinfo, protoff, data, dataoff,
465  &olc->separateStack.networkAddress.
466  localAreaAddress);
467  if (ret < 0)
468  return -1;
469  }
470 
471  return 0;
472 }
473 
474 /****************************************************************************/
475 static int process_olca(struct sk_buff *skb, struct nf_conn *ct,
476  enum ip_conntrack_info ctinfo,
477  unsigned int protoff, unsigned char **data, int dataoff,
478  OpenLogicalChannelAck *olca)
479 {
480  H2250LogicalChannelAckParameters *ack;
481  int ret;
482 
483  pr_debug("nf_ct_h323: OpenLogicalChannelAck\n");
484 
485  if ((olca->options &
486  eOpenLogicalChannelAck_reverseLogicalChannelParameters) &&
487  (olca->reverseLogicalChannelParameters.options &
488  eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters)
489  && (olca->reverseLogicalChannelParameters.multiplexParameters.
490  choice ==
491  eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters))
492  {
493  ret = process_h245_channel(skb, ct, ctinfo,
494  protoff, data, dataoff,
495  &olca->
496  reverseLogicalChannelParameters.
497  multiplexParameters.
498  h2250LogicalChannelParameters);
499  if (ret < 0)
500  return -1;
501  }
502 
503  if ((olca->options &
504  eOpenLogicalChannelAck_forwardMultiplexAckParameters) &&
505  (olca->forwardMultiplexAckParameters.choice ==
506  eOpenLogicalChannelAck_forwardMultiplexAckParameters_h2250LogicalChannelAckParameters))
507  {
508  ack = &olca->forwardMultiplexAckParameters.
509  h2250LogicalChannelAckParameters;
510  if (ack->options &
511  eH2250LogicalChannelAckParameters_mediaChannel) {
512  /* RTP */
513  ret = expect_rtp_rtcp(skb, ct, ctinfo,
514  protoff, data, dataoff,
515  &ack->mediaChannel);
516  if (ret < 0)
517  return -1;
518  }
519 
520  if (ack->options &
521  eH2250LogicalChannelAckParameters_mediaControlChannel) {
522  /* RTCP */
523  ret = expect_rtp_rtcp(skb, ct, ctinfo,
524  protoff, data, dataoff,
525  &ack->mediaControlChannel);
526  if (ret < 0)
527  return -1;
528  }
529  }
530 
531  if ((olca->options & eOpenLogicalChannelAck_separateStack) &&
532  olca->separateStack.networkAddress.choice ==
533  eNetworkAccessParameters_networkAddress_localAreaAddress) {
534  ret = expect_t120(skb, ct, ctinfo, protoff, data, dataoff,
535  &olca->separateStack.networkAddress.
536  localAreaAddress);
537  if (ret < 0)
538  return -1;
539  }
540 
541  return 0;
542 }
543 
544 /****************************************************************************/
545 static int process_h245(struct sk_buff *skb, struct nf_conn *ct,
546  enum ip_conntrack_info ctinfo,
547  unsigned int protoff, unsigned char **data, int dataoff,
548  MultimediaSystemControlMessage *mscm)
549 {
550  switch (mscm->choice) {
551  case eMultimediaSystemControlMessage_request:
552  if (mscm->request.choice ==
553  eRequestMessage_openLogicalChannel) {
554  return process_olc(skb, ct, ctinfo,
555  protoff, data, dataoff,
556  &mscm->request.openLogicalChannel);
557  }
558  pr_debug("nf_ct_h323: H.245 Request %d\n",
559  mscm->request.choice);
560  break;
561  case eMultimediaSystemControlMessage_response:
562  if (mscm->response.choice ==
563  eResponseMessage_openLogicalChannelAck) {
564  return process_olca(skb, ct, ctinfo,
565  protoff, data, dataoff,
566  &mscm->response.
567  openLogicalChannelAck);
568  }
569  pr_debug("nf_ct_h323: H.245 Response %d\n",
570  mscm->response.choice);
571  break;
572  default:
573  pr_debug("nf_ct_h323: H.245 signal %d\n", mscm->choice);
574  break;
575  }
576 
577  return 0;
578 }
579 
580 /****************************************************************************/
581 static int h245_help(struct sk_buff *skb, unsigned int protoff,
582  struct nf_conn *ct, enum ip_conntrack_info ctinfo)
583 {
584  static MultimediaSystemControlMessage mscm;
585  unsigned char *data = NULL;
586  int datalen;
587  int dataoff;
588  int ret;
589 
590  /* Until there's been traffic both ways, don't look in packets. */
591  if (ctinfo != IP_CT_ESTABLISHED && ctinfo != IP_CT_ESTABLISHED_REPLY)
592  return NF_ACCEPT;
593 
594  pr_debug("nf_ct_h245: skblen = %u\n", skb->len);
595 
596  spin_lock_bh(&nf_h323_lock);
597 
598  /* Process each TPKT */
599  while (get_tpkt_data(skb, protoff, ct, ctinfo,
600  &data, &datalen, &dataoff)) {
601  pr_debug("nf_ct_h245: TPKT len=%d ", datalen);
602  nf_ct_dump_tuple(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple);
603 
604  /* Decode H.245 signal */
605  ret = DecodeMultimediaSystemControlMessage(data, datalen,
606  &mscm);
607  if (ret < 0) {
608  pr_debug("nf_ct_h245: decoding error: %s\n",
609  ret == H323_ERROR_BOUND ?
610  "out of bound" : "out of range");
611  /* We don't drop when decoding error */
612  break;
613  }
614 
615  /* Process H.245 signal */
616  if (process_h245(skb, ct, ctinfo, protoff,
617  &data, dataoff, &mscm) < 0)
618  goto drop;
619  }
620 
621  spin_unlock_bh(&nf_h323_lock);
622  return NF_ACCEPT;
623 
624  drop:
625  spin_unlock_bh(&nf_h323_lock);
626  net_info_ratelimited("nf_ct_h245: packet dropped\n");
627  return NF_DROP;
628 }
629 
630 /****************************************************************************/
631 static const struct nf_conntrack_expect_policy h245_exp_policy = {
632  .max_expected = H323_RTP_CHANNEL_MAX * 4 + 2 /* T.120 */,
633  .timeout = 240,
634 };
635 
636 static struct nf_conntrack_helper nf_conntrack_helper_h245 __read_mostly = {
637  .name = "H.245",
638  .me = THIS_MODULE,
639  .data_len = sizeof(struct nf_ct_h323_master),
640  .tuple.src.l3num = AF_UNSPEC,
641  .tuple.dst.protonum = IPPROTO_UDP,
642  .help = h245_help,
643  .expect_policy = &h245_exp_policy,
644 };
645 
646 /****************************************************************************/
647 int get_h225_addr(struct nf_conn *ct, unsigned char *data,
648  TransportAddress *taddr,
649  union nf_inet_addr *addr, __be16 *port)
650 {
651  const unsigned char *p;
652  int len;
653 
654  switch (taddr->choice) {
655  case eTransportAddress_ipAddress:
656  if (nf_ct_l3num(ct) != AF_INET)
657  return 0;
658  p = data + taddr->ipAddress.ip;
659  len = 4;
660  break;
661  case eTransportAddress_ip6Address:
662  if (nf_ct_l3num(ct) != AF_INET6)
663  return 0;
664  p = data + taddr->ip6Address.ip;
665  len = 16;
666  break;
667  default:
668  return 0;
669  }
670 
671  memcpy(addr, p, len);
672  memset((void *)addr + len, 0, sizeof(*addr) - len);
673  memcpy(port, p + len, sizeof(__be16));
674 
675  return 1;
676 }
677 
678 /****************************************************************************/
679 static int expect_h245(struct sk_buff *skb, struct nf_conn *ct,
680  enum ip_conntrack_info ctinfo,
681  unsigned int protoff, unsigned char **data, int dataoff,
682  TransportAddress *taddr)
683 {
684  int dir = CTINFO2DIR(ctinfo);
685  int ret = 0;
686  __be16 port;
687  union nf_inet_addr addr;
688  struct nf_conntrack_expect *exp;
689  typeof(nat_h245_hook) nat_h245;
690 
691  /* Read h245Address */
692  if (!get_h225_addr(ct, *data, taddr, &addr, &port) ||
693  memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) ||
694  port == 0)
695  return 0;
696 
697  /* Create expect for h245 connection */
698  if ((exp = nf_ct_expect_alloc(ct)) == NULL)
699  return -1;
700  nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct),
701  &ct->tuplehash[!dir].tuple.src.u3,
702  &ct->tuplehash[!dir].tuple.dst.u3,
703  IPPROTO_TCP, NULL, &port);
704  exp->helper = &nf_conntrack_helper_h245;
705 
706  if (memcmp(&ct->tuplehash[dir].tuple.src.u3,
707  &ct->tuplehash[!dir].tuple.dst.u3,
708  sizeof(ct->tuplehash[dir].tuple.src.u3)) &&
709  (nat_h245 = rcu_dereference(nat_h245_hook)) &&
710  nf_ct_l3num(ct) == NFPROTO_IPV4 &&
711  ct->status & IPS_NAT_MASK) {
712  /* NAT needed */
713  ret = nat_h245(skb, ct, ctinfo, protoff, data, dataoff, taddr,
714  port, exp);
715  } else { /* Conntrack only */
716  if (nf_ct_expect_related(exp) == 0) {
717  pr_debug("nf_ct_q931: expect H.245 ");
718  nf_ct_dump_tuple(&exp->tuple);
719  } else
720  ret = -1;
721  }
722 
723  nf_ct_expect_put(exp);
724 
725  return ret;
726 }
727 
728 /* If the calling party is on the same side of the forward-to party,
729  * we don't need to track the second call */
730 static int callforward_do_filter(const union nf_inet_addr *src,
731  const union nf_inet_addr *dst,
732  u_int8_t family)
733 {
734  const struct nf_afinfo *afinfo;
735  int ret = 0;
736 
737  /* rcu_read_lock()ed by nf_hook_slow() */
738  afinfo = nf_get_afinfo(family);
739  if (!afinfo)
740  return 0;
741 
742  switch (family) {
743  case AF_INET: {
744  struct flowi4 fl1, fl2;
745  struct rtable *rt1, *rt2;
746 
747  memset(&fl1, 0, sizeof(fl1));
748  fl1.daddr = src->ip;
749 
750  memset(&fl2, 0, sizeof(fl2));
751  fl2.daddr = dst->ip;
752  if (!afinfo->route(&init_net, (struct dst_entry **)&rt1,
753  flowi4_to_flowi(&fl1), false)) {
754  if (!afinfo->route(&init_net, (struct dst_entry **)&rt2,
755  flowi4_to_flowi(&fl2), false)) {
756  if (rt_nexthop(rt1, fl1.daddr) ==
757  rt_nexthop(rt2, fl2.daddr) &&
758  rt1->dst.dev == rt2->dst.dev)
759  ret = 1;
760  dst_release(&rt2->dst);
761  }
762  dst_release(&rt1->dst);
763  }
764  break;
765  }
766 #if IS_ENABLED(CONFIG_NF_CONNTRACK_IPV6)
767  case AF_INET6: {
768  struct flowi6 fl1, fl2;
769  struct rt6_info *rt1, *rt2;
770 
771  memset(&fl1, 0, sizeof(fl1));
772  fl1.daddr = src->in6;
773 
774  memset(&fl2, 0, sizeof(fl2));
775  fl2.daddr = dst->in6;
776  if (!afinfo->route(&init_net, (struct dst_entry **)&rt1,
777  flowi6_to_flowi(&fl1), false)) {
778  if (!afinfo->route(&init_net, (struct dst_entry **)&rt2,
779  flowi6_to_flowi(&fl2), false)) {
780  if (!memcmp(&rt1->rt6i_gateway, &rt2->rt6i_gateway,
781  sizeof(rt1->rt6i_gateway)) &&
782  rt1->dst.dev == rt2->dst.dev)
783  ret = 1;
784  dst_release(&rt2->dst);
785  }
786  dst_release(&rt1->dst);
787  }
788  break;
789  }
790 #endif
791  }
792  return ret;
793 
794 }
795 
796 /****************************************************************************/
797 static int expect_callforwarding(struct sk_buff *skb,
798  struct nf_conn *ct,
799  enum ip_conntrack_info ctinfo,
800  unsigned int protoff,
801  unsigned char **data, int dataoff,
802  TransportAddress *taddr)
803 {
804  int dir = CTINFO2DIR(ctinfo);
805  int ret = 0;
806  __be16 port;
807  union nf_inet_addr addr;
808  struct nf_conntrack_expect *exp;
809  typeof(nat_callforwarding_hook) nat_callforwarding;
810 
811  /* Read alternativeAddress */
812  if (!get_h225_addr(ct, *data, taddr, &addr, &port) || port == 0)
813  return 0;
814 
815  /* If the calling party is on the same side of the forward-to party,
816  * we don't need to track the second call */
817  if (callforward_filter &&
818  callforward_do_filter(&addr, &ct->tuplehash[!dir].tuple.src.u3,
819  nf_ct_l3num(ct))) {
820  pr_debug("nf_ct_q931: Call Forwarding not tracked\n");
821  return 0;
822  }
823 
824  /* Create expect for the second call leg */
825  if ((exp = nf_ct_expect_alloc(ct)) == NULL)
826  return -1;
827  nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct),
828  &ct->tuplehash[!dir].tuple.src.u3, &addr,
829  IPPROTO_TCP, NULL, &port);
830  exp->helper = nf_conntrack_helper_q931;
831 
832  if (memcmp(&ct->tuplehash[dir].tuple.src.u3,
833  &ct->tuplehash[!dir].tuple.dst.u3,
834  sizeof(ct->tuplehash[dir].tuple.src.u3)) &&
835  (nat_callforwarding = rcu_dereference(nat_callforwarding_hook)) &&
836  nf_ct_l3num(ct) == NFPROTO_IPV4 &&
837  ct->status & IPS_NAT_MASK) {
838  /* Need NAT */
839  ret = nat_callforwarding(skb, ct, ctinfo,
840  protoff, data, dataoff,
841  taddr, port, exp);
842  } else { /* Conntrack only */
843  if (nf_ct_expect_related(exp) == 0) {
844  pr_debug("nf_ct_q931: expect Call Forwarding ");
845  nf_ct_dump_tuple(&exp->tuple);
846  } else
847  ret = -1;
848  }
849 
850  nf_ct_expect_put(exp);
851 
852  return ret;
853 }
854 
855 /****************************************************************************/
856 static int process_setup(struct sk_buff *skb, struct nf_conn *ct,
857  enum ip_conntrack_info ctinfo,
858  unsigned int protoff,
859  unsigned char **data, int dataoff,
860  Setup_UUIE *setup)
861 {
862  int dir = CTINFO2DIR(ctinfo);
863  int ret;
864  int i;
865  __be16 port;
866  union nf_inet_addr addr;
867  typeof(set_h225_addr_hook) set_h225_addr;
868 
869  pr_debug("nf_ct_q931: Setup\n");
870 
871  if (setup->options & eSetup_UUIE_h245Address) {
872  ret = expect_h245(skb, ct, ctinfo, protoff, data, dataoff,
873  &setup->h245Address);
874  if (ret < 0)
875  return -1;
876  }
877 
878  set_h225_addr = rcu_dereference(set_h225_addr_hook);
879  if ((setup->options & eSetup_UUIE_destCallSignalAddress) &&
880  (set_h225_addr) && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
881  ct->status & IPS_NAT_MASK &&
882  get_h225_addr(ct, *data, &setup->destCallSignalAddress,
883  &addr, &port) &&
884  memcmp(&addr, &ct->tuplehash[!dir].tuple.src.u3, sizeof(addr))) {
885  pr_debug("nf_ct_q931: set destCallSignalAddress %pI6:%hu->%pI6:%hu\n",
886  &addr, ntohs(port), &ct->tuplehash[!dir].tuple.src.u3,
887  ntohs(ct->tuplehash[!dir].tuple.src.u.tcp.port));
888  ret = set_h225_addr(skb, protoff, data, dataoff,
889  &setup->destCallSignalAddress,
890  &ct->tuplehash[!dir].tuple.src.u3,
891  ct->tuplehash[!dir].tuple.src.u.tcp.port);
892  if (ret < 0)
893  return -1;
894  }
895 
896  if ((setup->options & eSetup_UUIE_sourceCallSignalAddress) &&
897  (set_h225_addr) && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
898  ct->status & IPS_NAT_MASK &&
899  get_h225_addr(ct, *data, &setup->sourceCallSignalAddress,
900  &addr, &port) &&
901  memcmp(&addr, &ct->tuplehash[!dir].tuple.dst.u3, sizeof(addr))) {
902  pr_debug("nf_ct_q931: set sourceCallSignalAddress %pI6:%hu->%pI6:%hu\n",
903  &addr, ntohs(port), &ct->tuplehash[!dir].tuple.dst.u3,
904  ntohs(ct->tuplehash[!dir].tuple.dst.u.tcp.port));
905  ret = set_h225_addr(skb, protoff, data, dataoff,
906  &setup->sourceCallSignalAddress,
907  &ct->tuplehash[!dir].tuple.dst.u3,
908  ct->tuplehash[!dir].tuple.dst.u.tcp.port);
909  if (ret < 0)
910  return -1;
911  }
912 
913  if (setup->options & eSetup_UUIE_fastStart) {
914  for (i = 0; i < setup->fastStart.count; i++) {
915  ret = process_olc(skb, ct, ctinfo,
916  protoff, data, dataoff,
917  &setup->fastStart.item[i]);
918  if (ret < 0)
919  return -1;
920  }
921  }
922 
923  return 0;
924 }
925 
926 /****************************************************************************/
927 static int process_callproceeding(struct sk_buff *skb,
928  struct nf_conn *ct,
929  enum ip_conntrack_info ctinfo,
930  unsigned int protoff,
931  unsigned char **data, int dataoff,
932  CallProceeding_UUIE *callproc)
933 {
934  int ret;
935  int i;
936 
937  pr_debug("nf_ct_q931: CallProceeding\n");
938 
939  if (callproc->options & eCallProceeding_UUIE_h245Address) {
940  ret = expect_h245(skb, ct, ctinfo, protoff, data, dataoff,
941  &callproc->h245Address);
942  if (ret < 0)
943  return -1;
944  }
945 
946  if (callproc->options & eCallProceeding_UUIE_fastStart) {
947  for (i = 0; i < callproc->fastStart.count; i++) {
948  ret = process_olc(skb, ct, ctinfo,
949  protoff, data, dataoff,
950  &callproc->fastStart.item[i]);
951  if (ret < 0)
952  return -1;
953  }
954  }
955 
956  return 0;
957 }
958 
959 /****************************************************************************/
960 static int process_connect(struct sk_buff *skb, struct nf_conn *ct,
961  enum ip_conntrack_info ctinfo,
962  unsigned int protoff,
963  unsigned char **data, int dataoff,
964  Connect_UUIE *connect)
965 {
966  int ret;
967  int i;
968 
969  pr_debug("nf_ct_q931: Connect\n");
970 
971  if (connect->options & eConnect_UUIE_h245Address) {
972  ret = expect_h245(skb, ct, ctinfo, protoff, data, dataoff,
973  &connect->h245Address);
974  if (ret < 0)
975  return -1;
976  }
977 
978  if (connect->options & eConnect_UUIE_fastStart) {
979  for (i = 0; i < connect->fastStart.count; i++) {
980  ret = process_olc(skb, ct, ctinfo,
981  protoff, data, dataoff,
982  &connect->fastStart.item[i]);
983  if (ret < 0)
984  return -1;
985  }
986  }
987 
988  return 0;
989 }
990 
991 /****************************************************************************/
992 static int process_alerting(struct sk_buff *skb, struct nf_conn *ct,
993  enum ip_conntrack_info ctinfo,
994  unsigned int protoff,
995  unsigned char **data, int dataoff,
996  Alerting_UUIE *alert)
997 {
998  int ret;
999  int i;
1000 
1001  pr_debug("nf_ct_q931: Alerting\n");
1002 
1003  if (alert->options & eAlerting_UUIE_h245Address) {
1004  ret = expect_h245(skb, ct, ctinfo, protoff, data, dataoff,
1005  &alert->h245Address);
1006  if (ret < 0)
1007  return -1;
1008  }
1009 
1010  if (alert->options & eAlerting_UUIE_fastStart) {
1011  for (i = 0; i < alert->fastStart.count; i++) {
1012  ret = process_olc(skb, ct, ctinfo,
1013  protoff, data, dataoff,
1014  &alert->fastStart.item[i]);
1015  if (ret < 0)
1016  return -1;
1017  }
1018  }
1019 
1020  return 0;
1021 }
1022 
1023 /****************************************************************************/
1024 static int process_facility(struct sk_buff *skb, struct nf_conn *ct,
1025  enum ip_conntrack_info ctinfo,
1026  unsigned int protoff,
1027  unsigned char **data, int dataoff,
1028  Facility_UUIE *facility)
1029 {
1030  int ret;
1031  int i;
1032 
1033  pr_debug("nf_ct_q931: Facility\n");
1034 
1035  if (facility->reason.choice == eFacilityReason_callForwarded) {
1036  if (facility->options & eFacility_UUIE_alternativeAddress)
1037  return expect_callforwarding(skb, ct, ctinfo,
1038  protoff, data, dataoff,
1039  &facility->
1040  alternativeAddress);
1041  return 0;
1042  }
1043 
1044  if (facility->options & eFacility_UUIE_h245Address) {
1045  ret = expect_h245(skb, ct, ctinfo, protoff, data, dataoff,
1046  &facility->h245Address);
1047  if (ret < 0)
1048  return -1;
1049  }
1050 
1051  if (facility->options & eFacility_UUIE_fastStart) {
1052  for (i = 0; i < facility->fastStart.count; i++) {
1053  ret = process_olc(skb, ct, ctinfo,
1054  protoff, data, dataoff,
1055  &facility->fastStart.item[i]);
1056  if (ret < 0)
1057  return -1;
1058  }
1059  }
1060 
1061  return 0;
1062 }
1063 
1064 /****************************************************************************/
1065 static int process_progress(struct sk_buff *skb, struct nf_conn *ct,
1066  enum ip_conntrack_info ctinfo,
1067  unsigned int protoff,
1068  unsigned char **data, int dataoff,
1069  Progress_UUIE *progress)
1070 {
1071  int ret;
1072  int i;
1073 
1074  pr_debug("nf_ct_q931: Progress\n");
1075 
1076  if (progress->options & eProgress_UUIE_h245Address) {
1077  ret = expect_h245(skb, ct, ctinfo, protoff, data, dataoff,
1078  &progress->h245Address);
1079  if (ret < 0)
1080  return -1;
1081  }
1082 
1083  if (progress->options & eProgress_UUIE_fastStart) {
1084  for (i = 0; i < progress->fastStart.count; i++) {
1085  ret = process_olc(skb, ct, ctinfo,
1086  protoff, data, dataoff,
1087  &progress->fastStart.item[i]);
1088  if (ret < 0)
1089  return -1;
1090  }
1091  }
1092 
1093  return 0;
1094 }
1095 
1096 /****************************************************************************/
1097 static int process_q931(struct sk_buff *skb, struct nf_conn *ct,
1098  enum ip_conntrack_info ctinfo,
1099  unsigned int protoff, unsigned char **data, int dataoff,
1100  Q931 *q931)
1101 {
1102  H323_UU_PDU *pdu = &q931->UUIE.h323_uu_pdu;
1103  int i;
1104  int ret = 0;
1105 
1106  switch (pdu->h323_message_body.choice) {
1107  case eH323_UU_PDU_h323_message_body_setup:
1108  ret = process_setup(skb, ct, ctinfo, protoff, data, dataoff,
1109  &pdu->h323_message_body.setup);
1110  break;
1111  case eH323_UU_PDU_h323_message_body_callProceeding:
1112  ret = process_callproceeding(skb, ct, ctinfo,
1113  protoff, data, dataoff,
1114  &pdu->h323_message_body.
1115  callProceeding);
1116  break;
1117  case eH323_UU_PDU_h323_message_body_connect:
1118  ret = process_connect(skb, ct, ctinfo, protoff, data, dataoff,
1119  &pdu->h323_message_body.connect);
1120  break;
1121  case eH323_UU_PDU_h323_message_body_alerting:
1122  ret = process_alerting(skb, ct, ctinfo, protoff, data, dataoff,
1123  &pdu->h323_message_body.alerting);
1124  break;
1125  case eH323_UU_PDU_h323_message_body_facility:
1126  ret = process_facility(skb, ct, ctinfo, protoff, data, dataoff,
1127  &pdu->h323_message_body.facility);
1128  break;
1129  case eH323_UU_PDU_h323_message_body_progress:
1130  ret = process_progress(skb, ct, ctinfo, protoff, data, dataoff,
1131  &pdu->h323_message_body.progress);
1132  break;
1133  default:
1134  pr_debug("nf_ct_q931: Q.931 signal %d\n",
1135  pdu->h323_message_body.choice);
1136  break;
1137  }
1138 
1139  if (ret < 0)
1140  return -1;
1141 
1142  if (pdu->options & eH323_UU_PDU_h245Control) {
1143  for (i = 0; i < pdu->h245Control.count; i++) {
1144  ret = process_h245(skb, ct, ctinfo,
1145  protoff, data, dataoff,
1146  &pdu->h245Control.item[i]);
1147  if (ret < 0)
1148  return -1;
1149  }
1150  }
1151 
1152  return 0;
1153 }
1154 
1155 /****************************************************************************/
1156 static int q931_help(struct sk_buff *skb, unsigned int protoff,
1157  struct nf_conn *ct, enum ip_conntrack_info ctinfo)
1158 {
1159  static Q931 q931;
1160  unsigned char *data = NULL;
1161  int datalen;
1162  int dataoff;
1163  int ret;
1164 
1165  /* Until there's been traffic both ways, don't look in packets. */
1166  if (ctinfo != IP_CT_ESTABLISHED && ctinfo != IP_CT_ESTABLISHED_REPLY)
1167  return NF_ACCEPT;
1168 
1169  pr_debug("nf_ct_q931: skblen = %u\n", skb->len);
1170 
1171  spin_lock_bh(&nf_h323_lock);
1172 
1173  /* Process each TPKT */
1174  while (get_tpkt_data(skb, protoff, ct, ctinfo,
1175  &data, &datalen, &dataoff)) {
1176  pr_debug("nf_ct_q931: TPKT len=%d ", datalen);
1177  nf_ct_dump_tuple(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple);
1178 
1179  /* Decode Q.931 signal */
1180  ret = DecodeQ931(data, datalen, &q931);
1181  if (ret < 0) {
1182  pr_debug("nf_ct_q931: decoding error: %s\n",
1183  ret == H323_ERROR_BOUND ?
1184  "out of bound" : "out of range");
1185  /* We don't drop when decoding error */
1186  break;
1187  }
1188 
1189  /* Process Q.931 signal */
1190  if (process_q931(skb, ct, ctinfo, protoff,
1191  &data, dataoff, &q931) < 0)
1192  goto drop;
1193  }
1194 
1195  spin_unlock_bh(&nf_h323_lock);
1196  return NF_ACCEPT;
1197 
1198  drop:
1199  spin_unlock_bh(&nf_h323_lock);
1200  net_info_ratelimited("nf_ct_q931: packet dropped\n");
1201  return NF_DROP;
1202 }
1203 
1204 /****************************************************************************/
1205 static const struct nf_conntrack_expect_policy q931_exp_policy = {
1206  /* T.120 and H.245 */
1207  .max_expected = H323_RTP_CHANNEL_MAX * 4 + 4,
1208  .timeout = 240,
1209 };
1210 
1211 static struct nf_conntrack_helper nf_conntrack_helper_q931[] __read_mostly = {
1212  {
1213  .name = "Q.931",
1214  .me = THIS_MODULE,
1215  .data_len = sizeof(struct nf_ct_h323_master),
1216  .tuple.src.l3num = AF_INET,
1217  .tuple.src.u.tcp.port = cpu_to_be16(Q931_PORT),
1218  .tuple.dst.protonum = IPPROTO_TCP,
1219  .help = q931_help,
1220  .expect_policy = &q931_exp_policy,
1221  },
1222  {
1223  .name = "Q.931",
1224  .me = THIS_MODULE,
1225  .tuple.src.l3num = AF_INET6,
1226  .tuple.src.u.tcp.port = cpu_to_be16(Q931_PORT),
1227  .tuple.dst.protonum = IPPROTO_TCP,
1228  .help = q931_help,
1229  .expect_policy = &q931_exp_policy,
1230  },
1231 };
1232 
1233 /****************************************************************************/
1234 static unsigned char *get_udp_data(struct sk_buff *skb, unsigned int protoff,
1235  int *datalen)
1236 {
1237  const struct udphdr *uh;
1238  struct udphdr _uh;
1239  int dataoff;
1240 
1241  uh = skb_header_pointer(skb, protoff, sizeof(_uh), &_uh);
1242  if (uh == NULL)
1243  return NULL;
1244  dataoff = protoff + sizeof(_uh);
1245  if (dataoff >= skb->len)
1246  return NULL;
1247  *datalen = skb->len - dataoff;
1248  return skb_header_pointer(skb, dataoff, *datalen, h323_buffer);
1249 }
1250 
1251 /****************************************************************************/
1252 static struct nf_conntrack_expect *find_expect(struct nf_conn *ct,
1253  union nf_inet_addr *addr,
1254  __be16 port)
1255 {
1256  struct net *net = nf_ct_net(ct);
1257  struct nf_conntrack_expect *exp;
1258  struct nf_conntrack_tuple tuple;
1259 
1260  memset(&tuple.src.u3, 0, sizeof(tuple.src.u3));
1261  tuple.src.u.tcp.port = 0;
1262  memcpy(&tuple.dst.u3, addr, sizeof(tuple.dst.u3));
1263  tuple.dst.u.tcp.port = port;
1264  tuple.dst.protonum = IPPROTO_TCP;
1265 
1266  exp = __nf_ct_expect_find(net, nf_ct_zone(ct), &tuple);
1267  if (exp && exp->master == ct)
1268  return exp;
1269  return NULL;
1270 }
1271 
1272 /****************************************************************************/
1273 static int set_expect_timeout(struct nf_conntrack_expect *exp,
1274  unsigned int timeout)
1275 {
1276  if (!exp || !del_timer(&exp->timeout))
1277  return 0;
1278 
1279  exp->timeout.expires = jiffies + timeout * HZ;
1280  add_timer(&exp->timeout);
1281 
1282  return 1;
1283 }
1284 
1285 /****************************************************************************/
1286 static int expect_q931(struct sk_buff *skb, struct nf_conn *ct,
1287  enum ip_conntrack_info ctinfo,
1288  unsigned int protoff, unsigned char **data,
1289  TransportAddress *taddr, int count)
1290 {
1291  struct nf_ct_h323_master *info = nfct_help_data(ct);
1292  int dir = CTINFO2DIR(ctinfo);
1293  int ret = 0;
1294  int i;
1295  __be16 port;
1296  union nf_inet_addr addr;
1297  struct nf_conntrack_expect *exp;
1298  typeof(nat_q931_hook) nat_q931;
1299 
1300  /* Look for the first related address */
1301  for (i = 0; i < count; i++) {
1302  if (get_h225_addr(ct, *data, &taddr[i], &addr, &port) &&
1303  memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3,
1304  sizeof(addr)) == 0 && port != 0)
1305  break;
1306  }
1307 
1308  if (i >= count) /* Not found */
1309  return 0;
1310 
1311  /* Create expect for Q.931 */
1312  if ((exp = nf_ct_expect_alloc(ct)) == NULL)
1313  return -1;
1314  nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct),
1315  gkrouted_only ? /* only accept calls from GK? */
1316  &ct->tuplehash[!dir].tuple.src.u3 : NULL,
1317  &ct->tuplehash[!dir].tuple.dst.u3,
1318  IPPROTO_TCP, NULL, &port);
1319  exp->helper = nf_conntrack_helper_q931;
1320  exp->flags = NF_CT_EXPECT_PERMANENT; /* Accept multiple calls */
1321 
1322  nat_q931 = rcu_dereference(nat_q931_hook);
1323  if (nat_q931 && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
1324  ct->status & IPS_NAT_MASK) { /* Need NAT */
1325  ret = nat_q931(skb, ct, ctinfo, protoff, data,
1326  taddr, i, port, exp);
1327  } else { /* Conntrack only */
1328  if (nf_ct_expect_related(exp) == 0) {
1329  pr_debug("nf_ct_ras: expect Q.931 ");
1330  nf_ct_dump_tuple(&exp->tuple);
1331 
1332  /* Save port for looking up expect in processing RCF */
1333  info->sig_port[dir] = port;
1334  } else
1335  ret = -1;
1336  }
1337 
1338  nf_ct_expect_put(exp);
1339 
1340  return ret;
1341 }
1342 
1343 /****************************************************************************/
1344 static int process_grq(struct sk_buff *skb, struct nf_conn *ct,
1345  enum ip_conntrack_info ctinfo,
1346  unsigned int protoff,
1347  unsigned char **data, GatekeeperRequest *grq)
1348 {
1349  typeof(set_ras_addr_hook) set_ras_addr;
1350 
1351  pr_debug("nf_ct_ras: GRQ\n");
1352 
1353  set_ras_addr = rcu_dereference(set_ras_addr_hook);
1354  if (set_ras_addr && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
1355  ct->status & IPS_NAT_MASK) /* NATed */
1356  return set_ras_addr(skb, ct, ctinfo, protoff, data,
1357  &grq->rasAddress, 1);
1358  return 0;
1359 }
1360 
1361 /****************************************************************************/
1362 static int process_gcf(struct sk_buff *skb, struct nf_conn *ct,
1363  enum ip_conntrack_info ctinfo,
1364  unsigned int protoff,
1365  unsigned char **data, GatekeeperConfirm *gcf)
1366 {
1367  int dir = CTINFO2DIR(ctinfo);
1368  int ret = 0;
1369  __be16 port;
1370  union nf_inet_addr addr;
1371  struct nf_conntrack_expect *exp;
1372 
1373  pr_debug("nf_ct_ras: GCF\n");
1374 
1375  if (!get_h225_addr(ct, *data, &gcf->rasAddress, &addr, &port))
1376  return 0;
1377 
1378  /* Registration port is the same as discovery port */
1379  if (!memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) &&
1380  port == ct->tuplehash[dir].tuple.src.u.udp.port)
1381  return 0;
1382 
1383  /* Avoid RAS expectation loops. A GCF is never expected. */
1384  if (test_bit(IPS_EXPECTED_BIT, &ct->status))
1385  return 0;
1386 
1387  /* Need new expect */
1388  if ((exp = nf_ct_expect_alloc(ct)) == NULL)
1389  return -1;
1390  nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct),
1391  &ct->tuplehash[!dir].tuple.src.u3, &addr,
1392  IPPROTO_UDP, NULL, &port);
1393  exp->helper = nf_conntrack_helper_ras;
1394 
1395  if (nf_ct_expect_related(exp) == 0) {
1396  pr_debug("nf_ct_ras: expect RAS ");
1397  nf_ct_dump_tuple(&exp->tuple);
1398  } else
1399  ret = -1;
1400 
1401  nf_ct_expect_put(exp);
1402 
1403  return ret;
1404 }
1405 
1406 /****************************************************************************/
1407 static int process_rrq(struct sk_buff *skb, struct nf_conn *ct,
1408  enum ip_conntrack_info ctinfo,
1409  unsigned int protoff,
1410  unsigned char **data, RegistrationRequest *rrq)
1411 {
1412  struct nf_ct_h323_master *info = nfct_help_data(ct);
1413  int ret;
1414  typeof(set_ras_addr_hook) set_ras_addr;
1415 
1416  pr_debug("nf_ct_ras: RRQ\n");
1417 
1418  ret = expect_q931(skb, ct, ctinfo, protoff, data,
1419  rrq->callSignalAddress.item,
1420  rrq->callSignalAddress.count);
1421  if (ret < 0)
1422  return -1;
1423 
1424  set_ras_addr = rcu_dereference(set_ras_addr_hook);
1425  if (set_ras_addr && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
1426  ct->status & IPS_NAT_MASK) {
1427  ret = set_ras_addr(skb, ct, ctinfo, protoff, data,
1428  rrq->rasAddress.item,
1429  rrq->rasAddress.count);
1430  if (ret < 0)
1431  return -1;
1432  }
1433 
1434  if (rrq->options & eRegistrationRequest_timeToLive) {
1435  pr_debug("nf_ct_ras: RRQ TTL = %u seconds\n", rrq->timeToLive);
1436  info->timeout = rrq->timeToLive;
1437  } else
1438  info->timeout = default_rrq_ttl;
1439 
1440  return 0;
1441 }
1442 
1443 /****************************************************************************/
1444 static int process_rcf(struct sk_buff *skb, struct nf_conn *ct,
1445  enum ip_conntrack_info ctinfo,
1446  unsigned int protoff,
1447  unsigned char **data, RegistrationConfirm *rcf)
1448 {
1449  struct nf_ct_h323_master *info = nfct_help_data(ct);
1450  int dir = CTINFO2DIR(ctinfo);
1451  int ret;
1452  struct nf_conntrack_expect *exp;
1453  typeof(set_sig_addr_hook) set_sig_addr;
1454 
1455  pr_debug("nf_ct_ras: RCF\n");
1456 
1457  set_sig_addr = rcu_dereference(set_sig_addr_hook);
1458  if (set_sig_addr && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
1459  ct->status & IPS_NAT_MASK) {
1460  ret = set_sig_addr(skb, ct, ctinfo, protoff, data,
1461  rcf->callSignalAddress.item,
1462  rcf->callSignalAddress.count);
1463  if (ret < 0)
1464  return -1;
1465  }
1466 
1467  if (rcf->options & eRegistrationConfirm_timeToLive) {
1468  pr_debug("nf_ct_ras: RCF TTL = %u seconds\n", rcf->timeToLive);
1469  info->timeout = rcf->timeToLive;
1470  }
1471 
1472  if (info->timeout > 0) {
1473  pr_debug("nf_ct_ras: set RAS connection timeout to "
1474  "%u seconds\n", info->timeout);
1475  nf_ct_refresh(ct, skb, info->timeout * HZ);
1476 
1477  /* Set expect timeout */
1478  spin_lock_bh(&nf_conntrack_lock);
1479  exp = find_expect(ct, &ct->tuplehash[dir].tuple.dst.u3,
1480  info->sig_port[!dir]);
1481  if (exp) {
1482  pr_debug("nf_ct_ras: set Q.931 expect "
1483  "timeout to %u seconds for",
1484  info->timeout);
1485  nf_ct_dump_tuple(&exp->tuple);
1486  set_expect_timeout(exp, info->timeout);
1487  }
1488  spin_unlock_bh(&nf_conntrack_lock);
1489  }
1490 
1491  return 0;
1492 }
1493 
1494 /****************************************************************************/
1495 static int process_urq(struct sk_buff *skb, struct nf_conn *ct,
1496  enum ip_conntrack_info ctinfo,
1497  unsigned int protoff,
1498  unsigned char **data, UnregistrationRequest *urq)
1499 {
1500  struct nf_ct_h323_master *info = nfct_help_data(ct);
1501  int dir = CTINFO2DIR(ctinfo);
1502  int ret;
1503  typeof(set_sig_addr_hook) set_sig_addr;
1504 
1505  pr_debug("nf_ct_ras: URQ\n");
1506 
1507  set_sig_addr = rcu_dereference(set_sig_addr_hook);
1508  if (set_sig_addr && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
1509  ct->status & IPS_NAT_MASK) {
1510  ret = set_sig_addr(skb, ct, ctinfo, protoff, data,
1511  urq->callSignalAddress.item,
1512  urq->callSignalAddress.count);
1513  if (ret < 0)
1514  return -1;
1515  }
1516 
1517  /* Clear old expect */
1518  nf_ct_remove_expectations(ct);
1519  info->sig_port[dir] = 0;
1520  info->sig_port[!dir] = 0;
1521 
1522  /* Give it 30 seconds for UCF or URJ */
1523  nf_ct_refresh(ct, skb, 30 * HZ);
1524 
1525  return 0;
1526 }
1527 
1528 /****************************************************************************/
1529 static int process_arq(struct sk_buff *skb, struct nf_conn *ct,
1530  enum ip_conntrack_info ctinfo,
1531  unsigned int protoff,
1532  unsigned char **data, AdmissionRequest *arq)
1533 {
1534  const struct nf_ct_h323_master *info = nfct_help_data(ct);
1535  int dir = CTINFO2DIR(ctinfo);
1536  __be16 port;
1537  union nf_inet_addr addr;
1538  typeof(set_h225_addr_hook) set_h225_addr;
1539 
1540  pr_debug("nf_ct_ras: ARQ\n");
1541 
1542  set_h225_addr = rcu_dereference(set_h225_addr_hook);
1543  if ((arq->options & eAdmissionRequest_destCallSignalAddress) &&
1544  get_h225_addr(ct, *data, &arq->destCallSignalAddress,
1545  &addr, &port) &&
1546  !memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) &&
1547  port == info->sig_port[dir] &&
1548  nf_ct_l3num(ct) == NFPROTO_IPV4 &&
1549  set_h225_addr && ct->status & IPS_NAT_MASK) {
1550  /* Answering ARQ */
1551  return set_h225_addr(skb, protoff, data, 0,
1552  &arq->destCallSignalAddress,
1553  &ct->tuplehash[!dir].tuple.dst.u3,
1554  info->sig_port[!dir]);
1555  }
1556 
1557  if ((arq->options & eAdmissionRequest_srcCallSignalAddress) &&
1558  get_h225_addr(ct, *data, &arq->srcCallSignalAddress,
1559  &addr, &port) &&
1560  !memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) &&
1561  set_h225_addr && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
1562  ct->status & IPS_NAT_MASK) {
1563  /* Calling ARQ */
1564  return set_h225_addr(skb, protoff, data, 0,
1565  &arq->srcCallSignalAddress,
1566  &ct->tuplehash[!dir].tuple.dst.u3,
1567  port);
1568  }
1569 
1570  return 0;
1571 }
1572 
1573 /****************************************************************************/
1574 static int process_acf(struct sk_buff *skb, struct nf_conn *ct,
1575  enum ip_conntrack_info ctinfo,
1576  unsigned int protoff,
1577  unsigned char **data, AdmissionConfirm *acf)
1578 {
1579  int dir = CTINFO2DIR(ctinfo);
1580  int ret = 0;
1581  __be16 port;
1582  union nf_inet_addr addr;
1583  struct nf_conntrack_expect *exp;
1584  typeof(set_sig_addr_hook) set_sig_addr;
1585 
1586  pr_debug("nf_ct_ras: ACF\n");
1587 
1588  if (!get_h225_addr(ct, *data, &acf->destCallSignalAddress,
1589  &addr, &port))
1590  return 0;
1591 
1592  if (!memcmp(&addr, &ct->tuplehash[dir].tuple.dst.u3, sizeof(addr))) {
1593  /* Answering ACF */
1594  set_sig_addr = rcu_dereference(set_sig_addr_hook);
1595  if (set_sig_addr && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
1596  ct->status & IPS_NAT_MASK)
1597  return set_sig_addr(skb, ct, ctinfo, protoff, data,
1598  &acf->destCallSignalAddress, 1);
1599  return 0;
1600  }
1601 
1602  /* Need new expect */
1603  if ((exp = nf_ct_expect_alloc(ct)) == NULL)
1604  return -1;
1605  nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct),
1606  &ct->tuplehash[!dir].tuple.src.u3, &addr,
1607  IPPROTO_TCP, NULL, &port);
1608  exp->flags = NF_CT_EXPECT_PERMANENT;
1609  exp->helper = nf_conntrack_helper_q931;
1610 
1611  if (nf_ct_expect_related(exp) == 0) {
1612  pr_debug("nf_ct_ras: expect Q.931 ");
1613  nf_ct_dump_tuple(&exp->tuple);
1614  } else
1615  ret = -1;
1616 
1617  nf_ct_expect_put(exp);
1618 
1619  return ret;
1620 }
1621 
1622 /****************************************************************************/
1623 static int process_lrq(struct sk_buff *skb, struct nf_conn *ct,
1624  enum ip_conntrack_info ctinfo,
1625  unsigned int protoff,
1626  unsigned char **data, LocationRequest *lrq)
1627 {
1628  typeof(set_ras_addr_hook) set_ras_addr;
1629 
1630  pr_debug("nf_ct_ras: LRQ\n");
1631 
1632  set_ras_addr = rcu_dereference(set_ras_addr_hook);
1633  if (set_ras_addr && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
1634  ct->status & IPS_NAT_MASK)
1635  return set_ras_addr(skb, ct, ctinfo, protoff, data,
1636  &lrq->replyAddress, 1);
1637  return 0;
1638 }
1639 
1640 /****************************************************************************/
1641 static int process_lcf(struct sk_buff *skb, struct nf_conn *ct,
1642  enum ip_conntrack_info ctinfo,
1643  unsigned int protoff,
1644  unsigned char **data, LocationConfirm *lcf)
1645 {
1646  int dir = CTINFO2DIR(ctinfo);
1647  int ret = 0;
1648  __be16 port;
1649  union nf_inet_addr addr;
1650  struct nf_conntrack_expect *exp;
1651 
1652  pr_debug("nf_ct_ras: LCF\n");
1653 
1654  if (!get_h225_addr(ct, *data, &lcf->callSignalAddress,
1655  &addr, &port))
1656  return 0;
1657 
1658  /* Need new expect for call signal */
1659  if ((exp = nf_ct_expect_alloc(ct)) == NULL)
1660  return -1;
1661  nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct),
1662  &ct->tuplehash[!dir].tuple.src.u3, &addr,
1663  IPPROTO_TCP, NULL, &port);
1664  exp->flags = NF_CT_EXPECT_PERMANENT;
1665  exp->helper = nf_conntrack_helper_q931;
1666 
1667  if (nf_ct_expect_related(exp) == 0) {
1668  pr_debug("nf_ct_ras: expect Q.931 ");
1669  nf_ct_dump_tuple(&exp->tuple);
1670  } else
1671  ret = -1;
1672 
1673  nf_ct_expect_put(exp);
1674 
1675  /* Ignore rasAddress */
1676 
1677  return ret;
1678 }
1679 
1680 /****************************************************************************/
1681 static int process_irr(struct sk_buff *skb, struct nf_conn *ct,
1682  enum ip_conntrack_info ctinfo,
1683  unsigned int protoff,
1684  unsigned char **data, InfoRequestResponse *irr)
1685 {
1686  int ret;
1687  typeof(set_ras_addr_hook) set_ras_addr;
1688  typeof(set_sig_addr_hook) set_sig_addr;
1689 
1690  pr_debug("nf_ct_ras: IRR\n");
1691 
1692  set_ras_addr = rcu_dereference(set_ras_addr_hook);
1693  if (set_ras_addr && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
1694  ct->status & IPS_NAT_MASK) {
1695  ret = set_ras_addr(skb, ct, ctinfo, protoff, data,
1696  &irr->rasAddress, 1);
1697  if (ret < 0)
1698  return -1;
1699  }
1700 
1701  set_sig_addr = rcu_dereference(set_sig_addr_hook);
1702  if (set_sig_addr && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
1703  ct->status & IPS_NAT_MASK) {
1704  ret = set_sig_addr(skb, ct, ctinfo, protoff, data,
1705  irr->callSignalAddress.item,
1706  irr->callSignalAddress.count);
1707  if (ret < 0)
1708  return -1;
1709  }
1710 
1711  return 0;
1712 }
1713 
1714 /****************************************************************************/
1715 static int process_ras(struct sk_buff *skb, struct nf_conn *ct,
1716  enum ip_conntrack_info ctinfo,
1717  unsigned int protoff,
1718  unsigned char **data, RasMessage *ras)
1719 {
1720  switch (ras->choice) {
1721  case eRasMessage_gatekeeperRequest:
1722  return process_grq(skb, ct, ctinfo, protoff, data,
1723  &ras->gatekeeperRequest);
1724  case eRasMessage_gatekeeperConfirm:
1725  return process_gcf(skb, ct, ctinfo, protoff, data,
1726  &ras->gatekeeperConfirm);
1727  case eRasMessage_registrationRequest:
1728  return process_rrq(skb, ct, ctinfo, protoff, data,
1729  &ras->registrationRequest);
1730  case eRasMessage_registrationConfirm:
1731  return process_rcf(skb, ct, ctinfo, protoff, data,
1732  &ras->registrationConfirm);
1733  case eRasMessage_unregistrationRequest:
1734  return process_urq(skb, ct, ctinfo, protoff, data,
1735  &ras->unregistrationRequest);
1736  case eRasMessage_admissionRequest:
1737  return process_arq(skb, ct, ctinfo, protoff, data,
1738  &ras->admissionRequest);
1739  case eRasMessage_admissionConfirm:
1740  return process_acf(skb, ct, ctinfo, protoff, data,
1741  &ras->admissionConfirm);
1742  case eRasMessage_locationRequest:
1743  return process_lrq(skb, ct, ctinfo, protoff, data,
1744  &ras->locationRequest);
1745  case eRasMessage_locationConfirm:
1746  return process_lcf(skb, ct, ctinfo, protoff, data,
1747  &ras->locationConfirm);
1748  case eRasMessage_infoRequestResponse:
1749  return process_irr(skb, ct, ctinfo, protoff, data,
1750  &ras->infoRequestResponse);
1751  default:
1752  pr_debug("nf_ct_ras: RAS message %d\n", ras->choice);
1753  break;
1754  }
1755 
1756  return 0;
1757 }
1758 
1759 /****************************************************************************/
1760 static int ras_help(struct sk_buff *skb, unsigned int protoff,
1761  struct nf_conn *ct, enum ip_conntrack_info ctinfo)
1762 {
1763  static RasMessage ras;
1764  unsigned char *data;
1765  int datalen = 0;
1766  int ret;
1767 
1768  pr_debug("nf_ct_ras: skblen = %u\n", skb->len);
1769 
1770  spin_lock_bh(&nf_h323_lock);
1771 
1772  /* Get UDP data */
1773  data = get_udp_data(skb, protoff, &datalen);
1774  if (data == NULL)
1775  goto accept;
1776  pr_debug("nf_ct_ras: RAS message len=%d ", datalen);
1777  nf_ct_dump_tuple(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple);
1778 
1779  /* Decode RAS message */
1780  ret = DecodeRasMessage(data, datalen, &ras);
1781  if (ret < 0) {
1782  pr_debug("nf_ct_ras: decoding error: %s\n",
1783  ret == H323_ERROR_BOUND ?
1784  "out of bound" : "out of range");
1785  goto accept;
1786  }
1787 
1788  /* Process RAS message */
1789  if (process_ras(skb, ct, ctinfo, protoff, &data, &ras) < 0)
1790  goto drop;
1791 
1792  accept:
1793  spin_unlock_bh(&nf_h323_lock);
1794  return NF_ACCEPT;
1795 
1796  drop:
1797  spin_unlock_bh(&nf_h323_lock);
1798  net_info_ratelimited("nf_ct_ras: packet dropped\n");
1799  return NF_DROP;
1800 }
1801 
1802 /****************************************************************************/
1803 static const struct nf_conntrack_expect_policy ras_exp_policy = {
1804  .max_expected = 32,
1805  .timeout = 240,
1806 };
1807 
1808 static struct nf_conntrack_helper nf_conntrack_helper_ras[] __read_mostly = {
1809  {
1810  .name = "RAS",
1811  .me = THIS_MODULE,
1812  .data_len = sizeof(struct nf_ct_h323_master),
1813  .tuple.src.l3num = AF_INET,
1814  .tuple.src.u.udp.port = cpu_to_be16(RAS_PORT),
1815  .tuple.dst.protonum = IPPROTO_UDP,
1816  .help = ras_help,
1817  .expect_policy = &ras_exp_policy,
1818  },
1819  {
1820  .name = "RAS",
1821  .me = THIS_MODULE,
1822  .data_len = sizeof(struct nf_ct_h323_master),
1823  .tuple.src.l3num = AF_INET6,
1824  .tuple.src.u.udp.port = cpu_to_be16(RAS_PORT),
1825  .tuple.dst.protonum = IPPROTO_UDP,
1826  .help = ras_help,
1827  .expect_policy = &ras_exp_policy,
1828  },
1829 };
1830 
1831 /****************************************************************************/
1832 static void __exit nf_conntrack_h323_fini(void)
1833 {
1834  nf_conntrack_helper_unregister(&nf_conntrack_helper_ras[1]);
1835  nf_conntrack_helper_unregister(&nf_conntrack_helper_ras[0]);
1836  nf_conntrack_helper_unregister(&nf_conntrack_helper_q931[1]);
1837  nf_conntrack_helper_unregister(&nf_conntrack_helper_q931[0]);
1838  nf_conntrack_helper_unregister(&nf_conntrack_helper_h245);
1839  kfree(h323_buffer);
1840  pr_debug("nf_ct_h323: fini\n");
1841 }
1842 
1843 /****************************************************************************/
1844 static int __init nf_conntrack_h323_init(void)
1845 {
1846  int ret;
1847 
1848  h323_buffer = kmalloc(65536, GFP_KERNEL);
1849  if (!h323_buffer)
1850  return -ENOMEM;
1851  ret = nf_conntrack_helper_register(&nf_conntrack_helper_h245);
1852  if (ret < 0)
1853  goto err1;
1854  ret = nf_conntrack_helper_register(&nf_conntrack_helper_q931[0]);
1855  if (ret < 0)
1856  goto err2;
1857  ret = nf_conntrack_helper_register(&nf_conntrack_helper_q931[1]);
1858  if (ret < 0)
1859  goto err3;
1860  ret = nf_conntrack_helper_register(&nf_conntrack_helper_ras[0]);
1861  if (ret < 0)
1862  goto err4;
1863  ret = nf_conntrack_helper_register(&nf_conntrack_helper_ras[1]);
1864  if (ret < 0)
1865  goto err5;
1866  pr_debug("nf_ct_h323: init success\n");
1867  return 0;
1868 
1869 err5:
1870  nf_conntrack_helper_unregister(&nf_conntrack_helper_ras[0]);
1871 err4:
1872  nf_conntrack_helper_unregister(&nf_conntrack_helper_q931[1]);
1873 err3:
1874  nf_conntrack_helper_unregister(&nf_conntrack_helper_q931[0]);
1875 err2:
1876  nf_conntrack_helper_unregister(&nf_conntrack_helper_h245);
1877 err1:
1878  kfree(h323_buffer);
1879  return ret;
1880 }
1881 
1882 /****************************************************************************/
1883 module_init(nf_conntrack_h323_init);
1884 module_exit(nf_conntrack_h323_fini);
1885 
1886 EXPORT_SYMBOL_GPL(get_h225_addr);
1887 EXPORT_SYMBOL_GPL(set_h245_addr_hook);
1888 EXPORT_SYMBOL_GPL(set_h225_addr_hook);
1889 EXPORT_SYMBOL_GPL(set_sig_addr_hook);
1890 EXPORT_SYMBOL_GPL(set_ras_addr_hook);
1891 EXPORT_SYMBOL_GPL(nat_rtp_rtcp_hook);
1892 EXPORT_SYMBOL_GPL(nat_t120_hook);
1893 EXPORT_SYMBOL_GPL(nat_h245_hook);
1894 EXPORT_SYMBOL_GPL(nat_callforwarding_hook);
1895 EXPORT_SYMBOL_GPL(nat_q931_hook);
1896 
1897 MODULE_AUTHOR("Jing Min Zhao <[email protected]>");
1898 MODULE_DESCRIPTION("H.323 connection tracking helper");
1899 MODULE_LICENSE("GPL");
1900 MODULE_ALIAS("ip_conntrack_h323");
1901 MODULE_ALIAS_NFCT_HELPER("RAS");
1902 MODULE_ALIAS_NFCT_HELPER("Q.931");
1903 MODULE_ALIAS_NFCT_HELPER("H.245");
Generated on Thu Jan 10 2013 15:00:27 for Linux Kernel by   doxygen 1.8.2