1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * H.323 connection tracking helper 4 * 5 * Copyright (c) 2006 Jing Min Zhao <zhaojingmin@users.sourceforge.net> 6 * Copyright (c) 2006-2012 Patrick McHardy <kaber@trash.net> 7 * 8 * Based on the 'brute force' H.323 connection tracking module by 9 * Jozsef Kadlecsik <kadlec@netfilter.org> 10 * 11 * For more information, please see http://nath323.sourceforge.net/ 12 */ 13 14#include <linux/module.h> 15#include <linux/moduleparam.h> 16#include <linux/ctype.h> 17#include <linux/inet.h> 18#include <linux/in.h> 19#include <linux/ip.h> 20#include <linux/slab.h> 21#include <linux/udp.h> 22#include <linux/tcp.h> 23#include <linux/skbuff.h> 24#include <net/route.h> 25#include <net/ip6_route.h> 26#include <linux/netfilter_ipv6.h> 27 28#include <net/netfilter/nf_conntrack.h> 29#include <net/netfilter/nf_conntrack_core.h> 30#include <net/netfilter/nf_conntrack_tuple.h> 31#include <net/netfilter/nf_conntrack_expect.h> 32#include <net/netfilter/nf_conntrack_ecache.h> 33#include <net/netfilter/nf_conntrack_helper.h> 34#include <net/netfilter/nf_conntrack_zones.h> 35#include <linux/netfilter/nf_conntrack_h323.h> 36 37#define H323_MAX_SIZE 65535 38 39/* Parameters */ 40static unsigned int default_rrq_ttl __read_mostly = 300; 41module_param(default_rrq_ttl, uint, 0600); 42MODULE_PARM_DESC(default_rrq_ttl, "use this TTL if it's missing in RRQ"); 43 44static int gkrouted_only __read_mostly = 1; 45module_param(gkrouted_only, int, 0600); 46MODULE_PARM_DESC(gkrouted_only, "only accept calls from gatekeeper"); 47 48static bool callforward_filter __read_mostly = true; 49module_param(callforward_filter, bool, 0600); 50MODULE_PARM_DESC(callforward_filter, "only create call forwarding expectations " 51 "if both endpoints are on different sides " 52 "(determined by routing information)"); 53 54const struct nfct_h323_nat_hooks __rcu *nfct_h323_nat_hook __read_mostly; 55EXPORT_SYMBOL_GPL(nfct_h323_nat_hook); 56 57static DEFINE_SPINLOCK(nf_h323_lock); 58static char *h323_buffer; 59 60static struct nf_conntrack_helper nf_conntrack_helper_h245; 61static struct nf_conntrack_helper nf_conntrack_helper_q931[]; 62static struct nf_conntrack_helper nf_conntrack_helper_ras[]; 63 64static int get_tpkt_data(struct sk_buff *skb, unsigned int protoff, 65 struct nf_conn *ct, enum ip_conntrack_info ctinfo, 66 unsigned char **data, int *datalen, int *dataoff) 67{ 68 struct nf_ct_h323_master *info = nfct_help_data(ct); 69 int dir = CTINFO2DIR(ctinfo); 70 const struct tcphdr *th; 71 struct tcphdr _tcph; 72 int tcpdatalen; 73 int tcpdataoff; 74 unsigned char *tpkt; 75 int tpktlen; 76 int tpktoff; 77 78 /* Get TCP header */ 79 th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph); 80 if (th == NULL) 81 return 0; 82 83 /* Get TCP data offset */ 84 tcpdataoff = protoff + th->doff * 4; 85 86 /* Get TCP data length */ 87 tcpdatalen = skb->len - tcpdataoff; 88 if (tcpdatalen <= 0) /* No TCP data */ 89 goto clear_out; 90 91 if (tcpdatalen > H323_MAX_SIZE) 92 tcpdatalen = H323_MAX_SIZE; 93 94 if (*data == NULL) { /* first TPKT */ 95 /* Get first TPKT pointer */ 96 tpkt = skb_header_pointer(skb, tcpdataoff, tcpdatalen, 97 h323_buffer); 98 if (!tpkt) 99 goto clear_out; 100 101 /* Validate TPKT identifier */ 102 if (tcpdatalen < 4 || tpkt[0] != 0x03 || tpkt[1] != 0) { 103 /* Netmeeting sends TPKT header and data separately */ 104 if (info->tpkt_len[dir] > 0) { 105 pr_debug("nf_ct_h323: previous packet " 106 "indicated separate TPKT data of %hu " 107 "bytes\n", info->tpkt_len[dir]); 108 if (info->tpkt_len[dir] <= tcpdatalen) { 109 /* Yes, there was a TPKT header 110 * received */ 111 *data = tpkt; 112 *datalen = info->tpkt_len[dir]; 113 *dataoff = 0; 114 goto out; 115 } 116 117 /* Fragmented TPKT */ 118 pr_debug("nf_ct_h323: fragmented TPKT\n"); 119 goto clear_out; 120 } 121 122 /* It is not even a TPKT */ 123 return 0; 124 } 125 tpktoff = 0; 126 } else { /* Next TPKT */ 127 tpktoff = *dataoff + *datalen; 128 tcpdatalen -= tpktoff; 129 if (tcpdatalen <= 4) /* No more TPKT */ 130 goto clear_out; 131 tpkt = *data + *datalen; 132 133 /* Validate TPKT identifier */ 134 if (tpkt[0] != 0x03 || tpkt[1] != 0) 135 goto clear_out; 136 } 137 138 /* Validate TPKT length */ 139 tpktlen = tpkt[2] * 256 + tpkt[3]; 140 if (tpktlen < 4) 141 goto clear_out; 142 if (tpktlen > tcpdatalen) { 143 if (tcpdatalen == 4) { /* Separate TPKT header */ 144 /* Netmeeting sends TPKT header and data separately */ 145 pr_debug("nf_ct_h323: separate TPKT header indicates " 146 "there will be TPKT data of %d bytes\n", 147 tpktlen - 4); 148 info->tpkt_len[dir] = tpktlen - 4; 149 return 0; 150 } 151 152 pr_debug("nf_ct_h323: incomplete TPKT (fragmented?)\n"); 153 goto clear_out; 154 } 155 156 /* This is the encapsulated data */ 157 *data = tpkt + 4; 158 *datalen = tpktlen - 4; 159 *dataoff = tpktoff + 4; 160 161 out: 162 /* Clear TPKT length */ 163 info->tpkt_len[dir] = 0; 164 return 1; 165 166 clear_out: 167 info->tpkt_len[dir] = 0; 168 return 0; 169} 170 171static int get_h245_addr(struct nf_conn *ct, const unsigned char *data, 172 H245_TransportAddress *taddr, 173 union nf_inet_addr *addr, __be16 *port) 174{ 175 const unsigned char *p; 176 int len; 177 178 if (taddr->choice != eH245_TransportAddress_unicastAddress) 179 return 0; 180 181 switch (taddr->unicastAddress.choice) { 182 case eUnicastAddress_iPAddress: 183 if (nf_ct_l3num(ct) != AF_INET) 184 return 0; 185 p = data + taddr->unicastAddress.iPAddress.network; 186 len = 4; 187 break; 188 case eUnicastAddress_iP6Address: 189 if (nf_ct_l3num(ct) != AF_INET6) 190 return 0; 191 p = data + taddr->unicastAddress.iP6Address.network; 192 len = 16; 193 break; 194 default: 195 return 0; 196 } 197 198 memcpy(addr, p, len); 199 memset((void *)addr + len, 0, sizeof(*addr) - len); 200 memcpy(port, p + len, sizeof(__be16)); 201 202 return 1; 203} 204 205static int expect_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct, 206 enum ip_conntrack_info ctinfo, 207 unsigned int protoff, 208 unsigned char **data, int dataoff, 209 H245_TransportAddress *taddr) 210{ 211 const struct nfct_h323_nat_hooks *nathook; 212 int dir = CTINFO2DIR(ctinfo); 213 int ret = 0; 214 __be16 port; 215 __be16 rtp_port, rtcp_port; 216 union nf_inet_addr addr; 217 struct nf_conntrack_expect *rtp_exp; 218 struct nf_conntrack_expect *rtcp_exp; 219 220 /* Read RTP or RTCP address */ 221 if (!get_h245_addr(ct, *data, taddr, &addr, &port) || 222 memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) || 223 port == 0) 224 return 0; 225 226 /* RTP port is even */ 227 rtp_port = port & ~htons(1); 228 rtcp_port = port | htons(1); 229 230 /* Create expect for RTP */ 231 if ((rtp_exp = nf_ct_expect_alloc(ct)) == NULL) 232 return -1; 233 nf_ct_expect_init(rtp_exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct), 234 &ct->tuplehash[!dir].tuple.src.u3, 235 &ct->tuplehash[!dir].tuple.dst.u3, 236 IPPROTO_UDP, NULL, &rtp_port); 237 238 /* Create expect for RTCP */ 239 if ((rtcp_exp = nf_ct_expect_alloc(ct)) == NULL) { 240 nf_ct_expect_put(rtp_exp); 241 return -1; 242 } 243 nf_ct_expect_init(rtcp_exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct), 244 &ct->tuplehash[!dir].tuple.src.u3, 245 &ct->tuplehash[!dir].tuple.dst.u3, 246 IPPROTO_UDP, NULL, &rtcp_port); 247 248 nathook = rcu_dereference(nfct_h323_nat_hook); 249 if (memcmp(&ct->tuplehash[dir].tuple.src.u3, 250 &ct->tuplehash[!dir].tuple.dst.u3, 251 sizeof(ct->tuplehash[dir].tuple.src.u3)) && 252 nathook && 253 nf_ct_l3num(ct) == NFPROTO_IPV4 && 254 ct->status & IPS_NAT_MASK) { 255 /* NAT needed */ 256 ret = nathook->nat_rtp_rtcp(skb, ct, ctinfo, protoff, data, dataoff, 257 taddr, port, rtp_port, rtp_exp, rtcp_exp); 258 } else { /* Conntrack only */ 259 if (nf_ct_expect_related(rtp_exp, 0) == 0) { 260 if (nf_ct_expect_related(rtcp_exp, 0) == 0) { 261 pr_debug("nf_ct_h323: expect RTP "); 262 nf_ct_dump_tuple(&rtp_exp->tuple); 263 pr_debug("nf_ct_h323: expect RTCP "); 264 nf_ct_dump_tuple(&rtcp_exp->tuple); 265 } else { 266 nf_ct_unexpect_related(rtp_exp); 267 ret = -1; 268 } 269 } else 270 ret = -1; 271 } 272 273 nf_ct_expect_put(rtp_exp); 274 nf_ct_expect_put(rtcp_exp); 275 276 return ret; 277} 278 279static int expect_t120(struct sk_buff *skb, 280 struct nf_conn *ct, 281 enum ip_conntrack_info ctinfo, 282 unsigned int protoff, 283 unsigned char **data, int dataoff, 284 H245_TransportAddress *taddr) 285{ 286 const struct nfct_h323_nat_hooks *nathook; 287 int dir = CTINFO2DIR(ctinfo); 288 int ret = 0; 289 __be16 port; 290 union nf_inet_addr addr; 291 struct nf_conntrack_expect *exp; 292 293 /* Read T.120 address */ 294 if (!get_h245_addr(ct, *data, taddr, &addr, &port) || 295 memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) || 296 port == 0) 297 return 0; 298 299 /* Create expect for T.120 connections */ 300 if ((exp = nf_ct_expect_alloc(ct)) == NULL) 301 return -1; 302 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct), 303 &ct->tuplehash[!dir].tuple.src.u3, 304 &ct->tuplehash[!dir].tuple.dst.u3, 305 IPPROTO_TCP, NULL, &port); 306 exp->flags = NF_CT_EXPECT_PERMANENT; /* Accept multiple channels */ 307 308 nathook = rcu_dereference(nfct_h323_nat_hook); 309 if (memcmp(&ct->tuplehash[dir].tuple.src.u3, 310 &ct->tuplehash[!dir].tuple.dst.u3, 311 sizeof(ct->tuplehash[dir].tuple.src.u3)) && 312 nathook && 313 nf_ct_l3num(ct) == NFPROTO_IPV4 && 314 ct->status & IPS_NAT_MASK) { 315 /* NAT needed */ 316 ret = nathook->nat_t120(skb, ct, ctinfo, protoff, data, 317 dataoff, taddr, port, exp); 318 } else { /* Conntrack only */ 319 if (nf_ct_expect_related(exp, 0) == 0) { 320 pr_debug("nf_ct_h323: expect T.120 "); 321 nf_ct_dump_tuple(&exp->tuple); 322 } else 323 ret = -1; 324 } 325 326 nf_ct_expect_put(exp); 327 328 return ret; 329} 330 331static int process_h245_channel(struct sk_buff *skb, 332 struct nf_conn *ct, 333 enum ip_conntrack_info ctinfo, 334 unsigned int protoff, 335 unsigned char **data, int dataoff, 336 H2250LogicalChannelParameters *channel) 337{ 338 int ret; 339 340 if (channel->options & eH2250LogicalChannelParameters_mediaChannel) { 341 /* RTP */ 342 ret = expect_rtp_rtcp(skb, ct, ctinfo, protoff, data, dataoff, 343 &channel->mediaChannel); 344 if (ret < 0) 345 return -1; 346 } 347 348 if (channel-> 349 options & eH2250LogicalChannelParameters_mediaControlChannel) { 350 /* RTCP */ 351 ret = expect_rtp_rtcp(skb, ct, ctinfo, protoff, data, dataoff, 352 &channel->mediaControlChannel); 353 if (ret < 0) 354 return -1; 355 } 356 357 return 0; 358} 359 360static int process_olc(struct sk_buff *skb, struct nf_conn *ct, 361 enum ip_conntrack_info ctinfo, 362 unsigned int protoff, 363 unsigned char **data, int dataoff, 364 OpenLogicalChannel *olc) 365{ 366 int ret; 367 368 pr_debug("nf_ct_h323: OpenLogicalChannel\n"); 369 370 if (olc->forwardLogicalChannelParameters.multiplexParameters.choice == 371 eOpenLogicalChannel_forwardLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters) 372 { 373 ret = process_h245_channel(skb, ct, ctinfo, 374 protoff, data, dataoff, 375 &olc-> 376 forwardLogicalChannelParameters. 377 multiplexParameters. 378 h2250LogicalChannelParameters); 379 if (ret < 0) 380 return -1; 381 } 382 383 if ((olc->options & 384 eOpenLogicalChannel_reverseLogicalChannelParameters) && 385 (olc->reverseLogicalChannelParameters.options & 386 eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters) 387 && (olc->reverseLogicalChannelParameters.multiplexParameters. 388 choice == 389 eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)) 390 { 391 ret = 392 process_h245_channel(skb, ct, ctinfo, 393 protoff, data, dataoff, 394 &olc-> 395 reverseLogicalChannelParameters. 396 multiplexParameters. 397 h2250LogicalChannelParameters); 398 if (ret < 0) 399 return -1; 400 } 401 402 if ((olc->options & eOpenLogicalChannel_separateStack) && 403 olc->forwardLogicalChannelParameters.dataType.choice == 404 eDataType_data && 405 olc->forwardLogicalChannelParameters.dataType.data.application. 406 choice == eDataApplicationCapability_application_t120 && 407 olc->forwardLogicalChannelParameters.dataType.data.application. 408 t120.choice == eDataProtocolCapability_separateLANStack && 409 olc->separateStack.networkAddress.choice == 410 eNetworkAccessParameters_networkAddress_localAreaAddress) { 411 ret = expect_t120(skb, ct, ctinfo, protoff, data, dataoff, 412 &olc->separateStack.networkAddress. 413 localAreaAddress); 414 if (ret < 0) 415 return -1; 416 } 417 418 return 0; 419} 420 421static int process_olca(struct sk_buff *skb, struct nf_conn *ct, 422 enum ip_conntrack_info ctinfo, 423 unsigned int protoff, unsigned char **data, int dataoff, 424 OpenLogicalChannelAck *olca) 425{ 426 H2250LogicalChannelAckParameters *ack; 427 int ret; 428 429 pr_debug("nf_ct_h323: OpenLogicalChannelAck\n"); 430 431 if ((olca->options & 432 eOpenLogicalChannelAck_reverseLogicalChannelParameters) && 433 (olca->reverseLogicalChannelParameters.options & 434 eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters) 435 && (olca->reverseLogicalChannelParameters.multiplexParameters. 436 choice == 437 eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)) 438 { 439 ret = process_h245_channel(skb, ct, ctinfo, 440 protoff, data, dataoff, 441 &olca-> 442 reverseLogicalChannelParameters. 443 multiplexParameters. 444 h2250LogicalChannelParameters); 445 if (ret < 0) 446 return -1; 447 } 448 449 if ((olca->options & 450 eOpenLogicalChannelAck_forwardMultiplexAckParameters) && 451 (olca->forwardMultiplexAckParameters.choice == 452 eOpenLogicalChannelAck_forwardMultiplexAckParameters_h2250LogicalChannelAckParameters)) 453 { 454 ack = &olca->forwardMultiplexAckParameters. 455 h2250LogicalChannelAckParameters; 456 if (ack->options & 457 eH2250LogicalChannelAckParameters_mediaChannel) { 458 /* RTP */ 459 ret = expect_rtp_rtcp(skb, ct, ctinfo, 460 protoff, data, dataoff, 461 &ack->mediaChannel); 462 if (ret < 0) 463 return -1; 464 } 465 466 if (ack->options & 467 eH2250LogicalChannelAckParameters_mediaControlChannel) { 468 /* RTCP */ 469 ret = expect_rtp_rtcp(skb, ct, ctinfo, 470 protoff, data, dataoff, 471 &ack->mediaControlChannel); 472 if (ret < 0) 473 return -1; 474 } 475 } 476 477 if ((olca->options & eOpenLogicalChannelAck_separateStack) && 478 olca->separateStack.networkAddress.choice == 479 eNetworkAccessParameters_networkAddress_localAreaAddress) { 480 ret = expect_t120(skb, ct, ctinfo, protoff, data, dataoff, 481 &olca->separateStack.networkAddress. 482 localAreaAddress); 483 if (ret < 0) 484 return -1; 485 } 486 487 return 0; 488} 489 490static int process_h245(struct sk_buff *skb, struct nf_conn *ct, 491 enum ip_conntrack_info ctinfo, 492 unsigned int protoff, unsigned char **data, int dataoff, 493 MultimediaSystemControlMessage *mscm) 494{ 495 switch (mscm->choice) { 496 case eMultimediaSystemControlMessage_request: 497 if (mscm->request.choice == 498 eRequestMessage_openLogicalChannel) { 499 return process_olc(skb, ct, ctinfo, 500 protoff, data, dataoff, 501 &mscm->request.openLogicalChannel); 502 } 503 pr_debug("nf_ct_h323: H.245 Request %d\n", 504 mscm->request.choice); 505 break; 506 case eMultimediaSystemControlMessage_response: 507 if (mscm->response.choice == 508 eResponseMessage_openLogicalChannelAck) { 509 return process_olca(skb, ct, ctinfo, 510 protoff, data, dataoff, 511 &mscm->response. 512 openLogicalChannelAck); 513 } 514 pr_debug("nf_ct_h323: H.245 Response %d\n", 515 mscm->response.choice); 516 break; 517 default: 518 pr_debug("nf_ct_h323: H.245 signal %d\n", mscm->choice); 519 break; 520 } 521 522 return 0; 523} 524 525static int h245_help(struct sk_buff *skb, unsigned int protoff, 526 struct nf_conn *ct, enum ip_conntrack_info ctinfo) 527{ 528 static MultimediaSystemControlMessage mscm; 529 unsigned char *data = NULL; 530 int datalen; 531 int dataoff; 532 int ret; 533 534 /* Until there's been traffic both ways, don't look in packets. */ 535 if (ctinfo != IP_CT_ESTABLISHED && ctinfo != IP_CT_ESTABLISHED_REPLY) 536 return NF_ACCEPT; 537 538 pr_debug("nf_ct_h245: skblen = %u\n", skb->len); 539 540 spin_lock_bh(&nf_h323_lock); 541 542 /* Process each TPKT */ 543 while (get_tpkt_data(skb, protoff, ct, ctinfo, 544 &data, &datalen, &dataoff)) { 545 pr_debug("nf_ct_h245: TPKT len=%d ", datalen); 546 nf_ct_dump_tuple(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple); 547 548 /* Decode H.245 signal */ 549 ret = DecodeMultimediaSystemControlMessage(data, datalen, 550 &mscm); 551 if (ret < 0) { 552 pr_debug("nf_ct_h245: decoding error: %s\n", 553 ret == H323_ERROR_BOUND ? 554 "out of bound" : "out of range"); 555 /* We don't drop when decoding error */ 556 break; 557 } 558 559 /* Process H.245 signal */ 560 if (process_h245(skb, ct, ctinfo, protoff, 561 &data, dataoff, &mscm) < 0) 562 goto drop; 563 } 564 565 spin_unlock_bh(&nf_h323_lock); 566 return NF_ACCEPT; 567 568 drop: 569 spin_unlock_bh(&nf_h323_lock); 570 nf_ct_helper_log(skb, ct, "cannot process H.245 message"); 571 return NF_DROP; 572} 573 574static const struct nf_conntrack_expect_policy h245_exp_policy = { 575 .max_expected = H323_RTP_CHANNEL_MAX * 4 + 2 /* T.120 */, 576 .timeout = 240, 577}; 578 579static struct nf_conntrack_helper nf_conntrack_helper_h245 __read_mostly = { 580 .name = "H.245", 581 .me = THIS_MODULE, 582 .tuple.src.l3num = AF_UNSPEC, 583 .tuple.dst.protonum = IPPROTO_UDP, 584 .help = h245_help, 585 .expect_policy = &h245_exp_policy, 586}; 587 588int get_h225_addr(struct nf_conn *ct, unsigned char *data, 589 TransportAddress *taddr, 590 union nf_inet_addr *addr, __be16 *port) 591{ 592 const unsigned char *p; 593 int len; 594 595 switch (taddr->choice) { 596 case eTransportAddress_ipAddress: 597 if (nf_ct_l3num(ct) != AF_INET) 598 return 0; 599 p = data + taddr->ipAddress.ip; 600 len = 4; 601 break; 602 case eTransportAddress_ip6Address: 603 if (nf_ct_l3num(ct) != AF_INET6) 604 return 0; 605 p = data + taddr->ip6Address.ip; 606 len = 16; 607 break; 608 default: 609 return 0; 610 } 611 612 memcpy(addr, p, len); 613 memset((void *)addr + len, 0, sizeof(*addr) - len); 614 memcpy(port, p + len, sizeof(__be16)); 615 616 return 1; 617} 618EXPORT_SYMBOL_GPL(get_h225_addr); 619 620static int expect_h245(struct sk_buff *skb, struct nf_conn *ct, 621 enum ip_conntrack_info ctinfo, 622 unsigned int protoff, unsigned char **data, int dataoff, 623 TransportAddress *taddr) 624{ 625 const struct nfct_h323_nat_hooks *nathook; 626 int dir = CTINFO2DIR(ctinfo); 627 int ret = 0; 628 __be16 port; 629 union nf_inet_addr addr; 630 struct nf_conntrack_expect *exp; 631 632 /* Read h245Address */ 633 if (!get_h225_addr(ct, *data, taddr, &addr, &port) || 634 memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) || 635 port == 0) 636 return 0; 637 638 /* Create expect for h245 connection */ 639 if ((exp = nf_ct_expect_alloc(ct)) == NULL) 640 return -1; 641 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct), 642 &ct->tuplehash[!dir].tuple.src.u3, 643 &ct->tuplehash[!dir].tuple.dst.u3, 644 IPPROTO_TCP, NULL, &port); 645 exp->helper = &nf_conntrack_helper_h245; 646 647 nathook = rcu_dereference(nfct_h323_nat_hook); 648 if (memcmp(&ct->tuplehash[dir].tuple.src.u3, 649 &ct->tuplehash[!dir].tuple.dst.u3, 650 sizeof(ct->tuplehash[dir].tuple.src.u3)) && 651 nathook && 652 nf_ct_l3num(ct) == NFPROTO_IPV4 && 653 ct->status & IPS_NAT_MASK) { 654 /* NAT needed */ 655 ret = nathook->nat_h245(skb, ct, ctinfo, protoff, data, 656 dataoff, taddr, port, exp); 657 } else { /* Conntrack only */ 658 if (nf_ct_expect_related(exp, 0) == 0) { 659 pr_debug("nf_ct_q931: expect H.245 "); 660 nf_ct_dump_tuple(&exp->tuple); 661 } else 662 ret = -1; 663 } 664 665 nf_ct_expect_put(exp); 666 667 return ret; 668} 669 670/* If the calling party is on the same side of the forward-to party, 671 * we don't need to track the second call 672 */ 673static int callforward_do_filter(struct net *net, 674 const union nf_inet_addr *src, 675 const union nf_inet_addr *dst, 676 u_int8_t family) 677{ 678 int ret = 0; 679 680 switch (family) { 681 case AF_INET: { 682 struct flowi4 fl1, fl2; 683 struct rtable *rt1, *rt2; 684 685 memset(&fl1, 0, sizeof(fl1)); 686 fl1.daddr = src->ip; 687 688 memset(&fl2, 0, sizeof(fl2)); 689 fl2.daddr = dst->ip; 690 if (!nf_ip_route(net, (struct dst_entry **)&rt1, 691 flowi4_to_flowi(&fl1), false)) { 692 if (!nf_ip_route(net, (struct dst_entry **)&rt2, 693 flowi4_to_flowi(&fl2), false)) { 694 if (rt_nexthop(rt1, fl1.daddr) == 695 rt_nexthop(rt2, fl2.daddr) && 696 rt1->dst.dev == rt2->dst.dev) 697 ret = 1; 698 dst_release(&rt2->dst); 699 } 700 dst_release(&rt1->dst); 701 } 702 break; 703 } 704#if IS_ENABLED(CONFIG_IPV6) 705 case AF_INET6: { 706 struct rt6_info *rt1, *rt2; 707 struct flowi6 fl1, fl2; 708 709 memset(&fl1, 0, sizeof(fl1)); 710 fl1.daddr = src->in6; 711 712 memset(&fl2, 0, sizeof(fl2)); 713 fl2.daddr = dst->in6; 714 if (!nf_ip6_route(net, (struct dst_entry **)&rt1, 715 flowi6_to_flowi(&fl1), false)) { 716 if (!nf_ip6_route(net, (struct dst_entry **)&rt2, 717 flowi6_to_flowi(&fl2), false)) { 718 if (ipv6_addr_equal(rt6_nexthop(rt1, &fl1.daddr), 719 rt6_nexthop(rt2, &fl2.daddr)) && 720 rt1->dst.dev == rt2->dst.dev) 721 ret = 1; 722 dst_release(&rt2->dst); 723 } 724 dst_release(&rt1->dst); 725 } 726 break; 727 } 728#endif 729 } 730 return ret; 731 732} 733 734static int expect_callforwarding(struct sk_buff *skb, 735 struct nf_conn *ct, 736 enum ip_conntrack_info ctinfo, 737 unsigned int protoff, 738 unsigned char **data, int dataoff, 739 TransportAddress *taddr) 740{ 741 const struct nfct_h323_nat_hooks *nathook; 742 int dir = CTINFO2DIR(ctinfo); 743 int ret = 0; 744 __be16 port; 745 union nf_inet_addr addr; 746 struct nf_conntrack_expect *exp; 747 struct net *net = nf_ct_net(ct); 748 749 /* Read alternativeAddress */ 750 if (!get_h225_addr(ct, *data, taddr, &addr, &port) || port == 0) 751 return 0; 752 753 /* If the calling party is on the same side of the forward-to party, 754 * we don't need to track the second call 755 */ 756 if (callforward_filter && 757 callforward_do_filter(net, &addr, &ct->tuplehash[!dir].tuple.src.u3, 758 nf_ct_l3num(ct))) { 759 pr_debug("nf_ct_q931: Call Forwarding not tracked\n"); 760 return 0; 761 } 762 763 /* Create expect for the second call leg */ 764 if ((exp = nf_ct_expect_alloc(ct)) == NULL) 765 return -1; 766 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct), 767 &ct->tuplehash[!dir].tuple.src.u3, &addr, 768 IPPROTO_TCP, NULL, &port); 769 exp->helper = nf_conntrack_helper_q931; 770 771 nathook = rcu_dereference(nfct_h323_nat_hook); 772 if (memcmp(&ct->tuplehash[dir].tuple.src.u3, 773 &ct->tuplehash[!dir].tuple.dst.u3, 774 sizeof(ct->tuplehash[dir].tuple.src.u3)) && 775 nathook && 776 nf_ct_l3num(ct) == NFPROTO_IPV4 && 777 ct->status & IPS_NAT_MASK) { 778 /* Need NAT */ 779 ret = nathook->nat_callforwarding(skb, ct, ctinfo, 780 protoff, data, dataoff, 781 taddr, port, exp); 782 } else { /* Conntrack only */ 783 if (nf_ct_expect_related(exp, 0) == 0) { 784 pr_debug("nf_ct_q931: expect Call Forwarding "); 785 nf_ct_dump_tuple(&exp->tuple); 786 } else 787 ret = -1; 788 } 789 790 nf_ct_expect_put(exp); 791 792 return ret; 793} 794 795static int process_setup(struct sk_buff *skb, struct nf_conn *ct, 796 enum ip_conntrack_info ctinfo, 797 unsigned int protoff, 798 unsigned char **data, int dataoff, 799 Setup_UUIE *setup) 800{ 801 const struct nfct_h323_nat_hooks *nathook; 802 int dir = CTINFO2DIR(ctinfo); 803 int ret; 804 int i; 805 __be16 port; 806 union nf_inet_addr addr; 807 808 pr_debug("nf_ct_q931: Setup\n"); 809 810 if (setup->options & eSetup_UUIE_h245Address) { 811 ret = expect_h245(skb, ct, ctinfo, protoff, data, dataoff, 812 &setup->h245Address); 813 if (ret < 0) 814 return -1; 815 } 816 817 nathook = rcu_dereference(nfct_h323_nat_hook); 818 if ((setup->options & eSetup_UUIE_destCallSignalAddress) && 819 nathook && nf_ct_l3num(ct) == NFPROTO_IPV4 && 820 ct->status & IPS_NAT_MASK && 821 get_h225_addr(ct, *data, &setup->destCallSignalAddress, 822 &addr, &port) && 823 memcmp(&addr, &ct->tuplehash[!dir].tuple.src.u3, sizeof(addr))) { 824 pr_debug("nf_ct_q931: set destCallSignalAddress %pI6:%hu->%pI6:%hu\n", 825 &addr, ntohs(port), &ct->tuplehash[!dir].tuple.src.u3, 826 ntohs(ct->tuplehash[!dir].tuple.src.u.tcp.port)); 827 ret = nathook->set_h225_addr(skb, protoff, data, dataoff, 828 &setup->destCallSignalAddress, 829 &ct->tuplehash[!dir].tuple.src.u3, 830 ct->tuplehash[!dir].tuple.src.u.tcp.port); 831 if (ret < 0) 832 return -1; 833 } 834 835 if ((setup->options & eSetup_UUIE_sourceCallSignalAddress) && 836 nathook && nf_ct_l3num(ct) == NFPROTO_IPV4 && 837 ct->status & IPS_NAT_MASK && 838 get_h225_addr(ct, *data, &setup->sourceCallSignalAddress, 839 &addr, &port) && 840 memcmp(&addr, &ct->tuplehash[!dir].tuple.dst.u3, sizeof(addr))) { 841 pr_debug("nf_ct_q931: set sourceCallSignalAddress %pI6:%hu->%pI6:%hu\n", 842 &addr, ntohs(port), &ct->tuplehash[!dir].tuple.dst.u3, 843 ntohs(ct->tuplehash[!dir].tuple.dst.u.tcp.port)); 844 ret = nathook->set_h225_addr(skb, protoff, data, dataoff, 845 &setup->sourceCallSignalAddress, 846 &ct->tuplehash[!dir].tuple.dst.u3, 847 ct->tuplehash[!dir].tuple.dst.u.tcp.port); 848 if (ret < 0) 849 return -1; 850 } 851 852 if (setup->options & eSetup_UUIE_fastStart) { 853 for (i = 0; i < setup->fastStart.count; i++) { 854 ret = process_olc(skb, ct, ctinfo, 855 protoff, data, dataoff, 856 &setup->fastStart.item[i]); 857 if (ret < 0) 858 return -1; 859 } 860 } 861 862 return 0; 863} 864 865static int process_callproceeding(struct sk_buff *skb, 866 struct nf_conn *ct, 867 enum ip_conntrack_info ctinfo, 868 unsigned int protoff, 869 unsigned char **data, int dataoff, 870 CallProceeding_UUIE *callproc) 871{ 872 int ret; 873 int i; 874 875 pr_debug("nf_ct_q931: CallProceeding\n"); 876 877 if (callproc->options & eCallProceeding_UUIE_h245Address) { 878 ret = expect_h245(skb, ct, ctinfo, protoff, data, dataoff, 879 &callproc->h245Address); 880 if (ret < 0) 881 return -1; 882 } 883 884 if (callproc->options & eCallProceeding_UUIE_fastStart) { 885 for (i = 0; i < callproc->fastStart.count; i++) { 886 ret = process_olc(skb, ct, ctinfo, 887 protoff, data, dataoff, 888 &callproc->fastStart.item[i]); 889 if (ret < 0) 890 return -1; 891 } 892 } 893 894 return 0; 895} 896 897static int process_connect(struct sk_buff *skb, struct nf_conn *ct, 898 enum ip_conntrack_info ctinfo, 899 unsigned int protoff, 900 unsigned char **data, int dataoff, 901 Connect_UUIE *connect) 902{ 903 int ret; 904 int i; 905 906 pr_debug("nf_ct_q931: Connect\n"); 907 908 if (connect->options & eConnect_UUIE_h245Address) { 909 ret = expect_h245(skb, ct, ctinfo, protoff, data, dataoff, 910 &connect->h245Address); 911 if (ret < 0) 912 return -1; 913 } 914 915 if (connect->options & eConnect_UUIE_fastStart) { 916 for (i = 0; i < connect->fastStart.count; i++) { 917 ret = process_olc(skb, ct, ctinfo, 918 protoff, data, dataoff, 919 &connect->fastStart.item[i]); 920 if (ret < 0) 921 return -1; 922 } 923 } 924 925 return 0; 926} 927 928static int process_alerting(struct sk_buff *skb, struct nf_conn *ct, 929 enum ip_conntrack_info ctinfo, 930 unsigned int protoff, 931 unsigned char **data, int dataoff, 932 Alerting_UUIE *alert) 933{ 934 int ret; 935 int i; 936 937 pr_debug("nf_ct_q931: Alerting\n"); 938 939 if (alert->options & eAlerting_UUIE_h245Address) { 940 ret = expect_h245(skb, ct, ctinfo, protoff, data, dataoff, 941 &alert->h245Address); 942 if (ret < 0) 943 return -1; 944 } 945 946 if (alert->options & eAlerting_UUIE_fastStart) { 947 for (i = 0; i < alert->fastStart.count; i++) { 948 ret = process_olc(skb, ct, ctinfo, 949 protoff, data, dataoff, 950 &alert->fastStart.item[i]); 951 if (ret < 0) 952 return -1; 953 } 954 } 955 956 return 0; 957} 958 959static int process_facility(struct sk_buff *skb, struct nf_conn *ct, 960 enum ip_conntrack_info ctinfo, 961 unsigned int protoff, 962 unsigned char **data, int dataoff, 963 Facility_UUIE *facility) 964{ 965 int ret; 966 int i; 967 968 pr_debug("nf_ct_q931: Facility\n"); 969 970 if (facility->reason.choice == eFacilityReason_callForwarded) { 971 if (facility->options & eFacility_UUIE_alternativeAddress) 972 return expect_callforwarding(skb, ct, ctinfo, 973 protoff, data, dataoff, 974 &facility-> 975 alternativeAddress); 976 return 0; 977 } 978 979 if (facility->options & eFacility_UUIE_h245Address) { 980 ret = expect_h245(skb, ct, ctinfo, protoff, data, dataoff, 981 &facility->h245Address); 982 if (ret < 0) 983 return -1; 984 } 985 986 if (facility->options & eFacility_UUIE_fastStart) { 987 for (i = 0; i < facility->fastStart.count; i++) { 988 ret = process_olc(skb, ct, ctinfo, 989 protoff, data, dataoff, 990 &facility->fastStart.item[i]); 991 if (ret < 0) 992 return -1; 993 } 994 } 995 996 return 0; 997} 998 999static int process_progress(struct sk_buff *skb, struct nf_conn *ct, 1000 enum ip_conntrack_info ctinfo, 1001 unsigned int protoff, 1002 unsigned char **data, int dataoff, 1003 Progress_UUIE *progress) 1004{ 1005 int ret; 1006 int i; 1007 1008 pr_debug("nf_ct_q931: Progress\n"); 1009 1010 if (progress->options & eProgress_UUIE_h245Address) { 1011 ret = expect_h245(skb, ct, ctinfo, protoff, data, dataoff, 1012 &progress->h245Address); 1013 if (ret < 0) 1014 return -1; 1015 } 1016 1017 if (progress->options & eProgress_UUIE_fastStart) { 1018 for (i = 0; i < progress->fastStart.count; i++) { 1019 ret = process_olc(skb, ct, ctinfo, 1020 protoff, data, dataoff, 1021 &progress->fastStart.item[i]); 1022 if (ret < 0) 1023 return -1; 1024 } 1025 } 1026 1027 return 0; 1028} 1029 1030static int process_q931(struct sk_buff *skb, struct nf_conn *ct, 1031 enum ip_conntrack_info ctinfo, 1032 unsigned int protoff, unsigned char **data, int dataoff, 1033 Q931 *q931) 1034{ 1035 H323_UU_PDU *pdu = &q931->UUIE.h323_uu_pdu; 1036 int i; 1037 int ret = 0; 1038 1039 switch (pdu->h323_message_body.choice) { 1040 case eH323_UU_PDU_h323_message_body_setup: 1041 ret = process_setup(skb, ct, ctinfo, protoff, data, dataoff, 1042 &pdu->h323_message_body.setup); 1043 break; 1044 case eH323_UU_PDU_h323_message_body_callProceeding: 1045 ret = process_callproceeding(skb, ct, ctinfo, 1046 protoff, data, dataoff, 1047 &pdu->h323_message_body. 1048 callProceeding); 1049 break; 1050 case eH323_UU_PDU_h323_message_body_connect: 1051 ret = process_connect(skb, ct, ctinfo, protoff, data, dataoff, 1052 &pdu->h323_message_body.connect); 1053 break; 1054 case eH323_UU_PDU_h323_message_body_alerting: 1055 ret = process_alerting(skb, ct, ctinfo, protoff, data, dataoff, 1056 &pdu->h323_message_body.alerting); 1057 break; 1058 case eH323_UU_PDU_h323_message_body_facility: 1059 ret = process_facility(skb, ct, ctinfo, protoff, data, dataoff, 1060 &pdu->h323_message_body.facility); 1061 break; 1062 case eH323_UU_PDU_h323_message_body_progress: 1063 ret = process_progress(skb, ct, ctinfo, protoff, data, dataoff, 1064 &pdu->h323_message_body.progress); 1065 break; 1066 default: 1067 pr_debug("nf_ct_q931: Q.931 signal %d\n", 1068 pdu->h323_message_body.choice); 1069 break; 1070 } 1071 1072 if (ret < 0) 1073 return -1; 1074 1075 if (pdu->options & eH323_UU_PDU_h245Control) { 1076 for (i = 0; i < pdu->h245Control.count; i++) { 1077 ret = process_h245(skb, ct, ctinfo, 1078 protoff, data, dataoff, 1079 &pdu->h245Control.item[i]); 1080 if (ret < 0) 1081 return -1; 1082 } 1083 } 1084 1085 return 0; 1086} 1087 1088static int q931_help(struct sk_buff *skb, unsigned int protoff, 1089 struct nf_conn *ct, enum ip_conntrack_info ctinfo) 1090{ 1091 static Q931 q931; 1092 unsigned char *data = NULL; 1093 int datalen; 1094 int dataoff; 1095 int ret; 1096 1097 /* Until there's been traffic both ways, don't look in packets. */ 1098 if (ctinfo != IP_CT_ESTABLISHED && ctinfo != IP_CT_ESTABLISHED_REPLY) 1099 return NF_ACCEPT; 1100 1101 pr_debug("nf_ct_q931: skblen = %u\n", skb->len); 1102 1103 spin_lock_bh(&nf_h323_lock); 1104 1105 /* Process each TPKT */ 1106 while (get_tpkt_data(skb, protoff, ct, ctinfo, 1107 &data, &datalen, &dataoff)) { 1108 pr_debug("nf_ct_q931: TPKT len=%d ", datalen); 1109 nf_ct_dump_tuple(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple); 1110 1111 /* Decode Q.931 signal */ 1112 ret = DecodeQ931(data, datalen, &q931); 1113 if (ret < 0) { 1114 pr_debug("nf_ct_q931: decoding error: %s\n", 1115 ret == H323_ERROR_BOUND ? 1116 "out of bound" : "out of range"); 1117 /* We don't drop when decoding error */ 1118 break; 1119 } 1120 1121 /* Process Q.931 signal */ 1122 if (process_q931(skb, ct, ctinfo, protoff, 1123 &data, dataoff, &q931) < 0) 1124 goto drop; 1125 } 1126 1127 spin_unlock_bh(&nf_h323_lock); 1128 return NF_ACCEPT; 1129 1130 drop: 1131 spin_unlock_bh(&nf_h323_lock); 1132 nf_ct_helper_log(skb, ct, "cannot process Q.931 message"); 1133 return NF_DROP; 1134} 1135 1136static const struct nf_conntrack_expect_policy q931_exp_policy = { 1137 /* T.120 and H.245 */ 1138 .max_expected = H323_RTP_CHANNEL_MAX * 4 + 4, 1139 .timeout = 240, 1140}; 1141 1142static struct nf_conntrack_helper nf_conntrack_helper_q931[] __read_mostly = { 1143 { 1144 .name = "Q.931", 1145 .me = THIS_MODULE, 1146 .tuple.src.l3num = AF_INET, 1147 .tuple.src.u.tcp.port = cpu_to_be16(Q931_PORT), 1148 .tuple.dst.protonum = IPPROTO_TCP, 1149 .help = q931_help, 1150 .expect_policy = &q931_exp_policy, 1151 }, 1152 { 1153 .name = "Q.931", 1154 .me = THIS_MODULE, 1155 .tuple.src.l3num = AF_INET6, 1156 .tuple.src.u.tcp.port = cpu_to_be16(Q931_PORT), 1157 .tuple.dst.protonum = IPPROTO_TCP, 1158 .help = q931_help, 1159 .expect_policy = &q931_exp_policy, 1160 }, 1161}; 1162 1163static unsigned char *get_udp_data(struct sk_buff *skb, unsigned int protoff, 1164 int *datalen) 1165{ 1166 const struct udphdr *uh; 1167 struct udphdr _uh; 1168 int dataoff; 1169 1170 uh = skb_header_pointer(skb, protoff, sizeof(_uh), &_uh); 1171 if (uh == NULL) 1172 return NULL; 1173 dataoff = protoff + sizeof(_uh); 1174 if (dataoff >= skb->len) 1175 return NULL; 1176 *datalen = skb->len - dataoff; 1177 if (*datalen > H323_MAX_SIZE) 1178 *datalen = H323_MAX_SIZE; 1179 1180 return skb_header_pointer(skb, dataoff, *datalen, h323_buffer); 1181} 1182 1183static struct nf_conntrack_expect *find_expect(struct nf_conn *ct, 1184 union nf_inet_addr *addr, 1185 __be16 port) 1186{ 1187 struct net *net = nf_ct_net(ct); 1188 struct nf_conntrack_expect *exp; 1189 struct nf_conntrack_tuple tuple; 1190 1191 memset(&tuple.src.u3, 0, sizeof(tuple.src.u3)); 1192 tuple.src.u.tcp.port = 0; 1193 memcpy(&tuple.dst.u3, addr, sizeof(tuple.dst.u3)); 1194 tuple.dst.u.tcp.port = port; 1195 tuple.dst.protonum = IPPROTO_TCP; 1196 1197 exp = __nf_ct_expect_find(net, nf_ct_zone(ct), &tuple); 1198 if (exp && exp->master == ct) 1199 return exp; 1200 return NULL; 1201} 1202 1203static int expect_q931(struct sk_buff *skb, struct nf_conn *ct, 1204 enum ip_conntrack_info ctinfo, 1205 unsigned int protoff, unsigned char **data, 1206 TransportAddress *taddr, int count) 1207{ 1208 struct nf_ct_h323_master *info = nfct_help_data(ct); 1209 const struct nfct_h323_nat_hooks *nathook; 1210 int dir = CTINFO2DIR(ctinfo); 1211 int ret = 0; 1212 int i; 1213 __be16 port; 1214 union nf_inet_addr addr; 1215 struct nf_conntrack_expect *exp; 1216 1217 /* Look for the first related address */ 1218 for (i = 0; i < count; i++) { 1219 if (get_h225_addr(ct, *data, &taddr[i], &addr, &port) && 1220 memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, 1221 sizeof(addr)) == 0 && port != 0) 1222 break; 1223 } 1224 1225 if (i >= count) /* Not found */ 1226 return 0; 1227 1228 /* Create expect for Q.931 */ 1229 if ((exp = nf_ct_expect_alloc(ct)) == NULL) 1230 return -1; 1231 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct), 1232 gkrouted_only ? /* only accept calls from GK? */ 1233 &ct->tuplehash[!dir].tuple.src.u3 : NULL, 1234 &ct->tuplehash[!dir].tuple.dst.u3, 1235 IPPROTO_TCP, NULL, &port); 1236 exp->helper = nf_conntrack_helper_q931; 1237 exp->flags = NF_CT_EXPECT_PERMANENT; /* Accept multiple calls */ 1238 1239 nathook = rcu_dereference(nfct_h323_nat_hook); 1240 if (nathook && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1241 ct->status & IPS_NAT_MASK) { /* Need NAT */ 1242 ret = nathook->nat_q931(skb, ct, ctinfo, protoff, data, 1243 taddr, i, port, exp); 1244 } else { /* Conntrack only */ 1245 if (nf_ct_expect_related(exp, 0) == 0) { 1246 pr_debug("nf_ct_ras: expect Q.931 "); 1247 nf_ct_dump_tuple(&exp->tuple); 1248 1249 /* Save port for looking up expect in processing RCF */ 1250 info->sig_port[dir] = port; 1251 } else 1252 ret = -1; 1253 } 1254 1255 nf_ct_expect_put(exp); 1256 1257 return ret; 1258} 1259 1260static int process_grq(struct sk_buff *skb, struct nf_conn *ct, 1261 enum ip_conntrack_info ctinfo, 1262 unsigned int protoff, 1263 unsigned char **data, GatekeeperRequest *grq) 1264{ 1265 const struct nfct_h323_nat_hooks *nathook; 1266 1267 pr_debug("nf_ct_ras: GRQ\n"); 1268 1269 nathook = rcu_dereference(nfct_h323_nat_hook); 1270 if (nathook && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1271 ct->status & IPS_NAT_MASK) /* NATed */ 1272 return nathook->set_ras_addr(skb, ct, ctinfo, protoff, data, 1273 &grq->rasAddress, 1); 1274 return 0; 1275} 1276 1277static int process_gcf(struct sk_buff *skb, struct nf_conn *ct, 1278 enum ip_conntrack_info ctinfo, 1279 unsigned int protoff, 1280 unsigned char **data, GatekeeperConfirm *gcf) 1281{ 1282 int dir = CTINFO2DIR(ctinfo); 1283 int ret = 0; 1284 __be16 port; 1285 union nf_inet_addr addr; 1286 struct nf_conntrack_expect *exp; 1287 1288 pr_debug("nf_ct_ras: GCF\n"); 1289 1290 if (!get_h225_addr(ct, *data, &gcf->rasAddress, &addr, &port)) 1291 return 0; 1292 1293 /* Registration port is the same as discovery port */ 1294 if (!memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) && 1295 port == ct->tuplehash[dir].tuple.src.u.udp.port) 1296 return 0; 1297 1298 /* Avoid RAS expectation loops. A GCF is never expected. */ 1299 if (test_bit(IPS_EXPECTED_BIT, &ct->status)) 1300 return 0; 1301 1302 /* Need new expect */ 1303 if ((exp = nf_ct_expect_alloc(ct)) == NULL) 1304 return -1; 1305 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct), 1306 &ct->tuplehash[!dir].tuple.src.u3, &addr, 1307 IPPROTO_UDP, NULL, &port); 1308 exp->helper = nf_conntrack_helper_ras; 1309 1310 if (nf_ct_expect_related(exp, 0) == 0) { 1311 pr_debug("nf_ct_ras: expect RAS "); 1312 nf_ct_dump_tuple(&exp->tuple); 1313 } else 1314 ret = -1; 1315 1316 nf_ct_expect_put(exp); 1317 1318 return ret; 1319} 1320 1321static int process_rrq(struct sk_buff *skb, struct nf_conn *ct, 1322 enum ip_conntrack_info ctinfo, 1323 unsigned int protoff, 1324 unsigned char **data, RegistrationRequest *rrq) 1325{ 1326 struct nf_ct_h323_master *info = nfct_help_data(ct); 1327 const struct nfct_h323_nat_hooks *nathook; 1328 int ret; 1329 1330 pr_debug("nf_ct_ras: RRQ\n"); 1331 1332 ret = expect_q931(skb, ct, ctinfo, protoff, data, 1333 rrq->callSignalAddress.item, 1334 rrq->callSignalAddress.count); 1335 if (ret < 0) 1336 return -1; 1337 1338 nathook = rcu_dereference(nfct_h323_nat_hook); 1339 if (nathook && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1340 ct->status & IPS_NAT_MASK) { 1341 ret = nathook->set_ras_addr(skb, ct, ctinfo, protoff, data, 1342 rrq->rasAddress.item, 1343 rrq->rasAddress.count); 1344 if (ret < 0) 1345 return -1; 1346 } 1347 1348 if (rrq->options & eRegistrationRequest_timeToLive) { 1349 pr_debug("nf_ct_ras: RRQ TTL = %u seconds\n", rrq->timeToLive); 1350 info->timeout = rrq->timeToLive; 1351 } else 1352 info->timeout = default_rrq_ttl; 1353 1354 return 0; 1355} 1356 1357static int process_rcf(struct sk_buff *skb, struct nf_conn *ct, 1358 enum ip_conntrack_info ctinfo, 1359 unsigned int protoff, 1360 unsigned char **data, RegistrationConfirm *rcf) 1361{ 1362 struct nf_ct_h323_master *info = nfct_help_data(ct); 1363 const struct nfct_h323_nat_hooks *nathook; 1364 int dir = CTINFO2DIR(ctinfo); 1365 int ret; 1366 struct nf_conntrack_expect *exp; 1367 1368 pr_debug("nf_ct_ras: RCF\n"); 1369 1370 nathook = rcu_dereference(nfct_h323_nat_hook); 1371 if (nathook && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1372 ct->status & IPS_NAT_MASK) { 1373 ret = nathook->set_sig_addr(skb, ct, ctinfo, protoff, data, 1374 rcf->callSignalAddress.item, 1375 rcf->callSignalAddress.count); 1376 if (ret < 0) 1377 return -1; 1378 } 1379 1380 if (rcf->options & eRegistrationConfirm_timeToLive) { 1381 pr_debug("nf_ct_ras: RCF TTL = %u seconds\n", rcf->timeToLive); 1382 info->timeout = rcf->timeToLive; 1383 } 1384 1385 if (info->timeout > 0) { 1386 pr_debug("nf_ct_ras: set RAS connection timeout to " 1387 "%u seconds\n", info->timeout); 1388 nf_ct_refresh(ct, skb, info->timeout * HZ); 1389 1390 /* Set expect timeout */ 1391 spin_lock_bh(&nf_conntrack_expect_lock); 1392 exp = find_expect(ct, &ct->tuplehash[dir].tuple.dst.u3, 1393 info->sig_port[!dir]); 1394 if (exp) { 1395 pr_debug("nf_ct_ras: set Q.931 expect " 1396 "timeout to %u seconds for", 1397 info->timeout); 1398 nf_ct_dump_tuple(&exp->tuple); 1399 mod_timer_pending(&exp->timeout, 1400 jiffies + info->timeout * HZ); 1401 } 1402 spin_unlock_bh(&nf_conntrack_expect_lock); 1403 } 1404 1405 return 0; 1406} 1407 1408static int process_urq(struct sk_buff *skb, struct nf_conn *ct, 1409 enum ip_conntrack_info ctinfo, 1410 unsigned int protoff, 1411 unsigned char **data, UnregistrationRequest *urq) 1412{ 1413 struct nf_ct_h323_master *info = nfct_help_data(ct); 1414 const struct nfct_h323_nat_hooks *nathook; 1415 int dir = CTINFO2DIR(ctinfo); 1416 int ret; 1417 1418 pr_debug("nf_ct_ras: URQ\n"); 1419 1420 nathook = rcu_dereference(nfct_h323_nat_hook); 1421 if (nathook && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1422 ct->status & IPS_NAT_MASK) { 1423 ret = nathook->set_sig_addr(skb, ct, ctinfo, protoff, data, 1424 urq->callSignalAddress.item, 1425 urq->callSignalAddress.count); 1426 if (ret < 0) 1427 return -1; 1428 } 1429 1430 /* Clear old expect */ 1431 nf_ct_remove_expectations(ct); 1432 info->sig_port[dir] = 0; 1433 info->sig_port[!dir] = 0; 1434 1435 /* Give it 30 seconds for UCF or URJ */ 1436 nf_ct_refresh(ct, skb, 30 * HZ); 1437 1438 return 0; 1439} 1440 1441static int process_arq(struct sk_buff *skb, struct nf_conn *ct, 1442 enum ip_conntrack_info ctinfo, 1443 unsigned int protoff, 1444 unsigned char **data, AdmissionRequest *arq) 1445{ 1446 const struct nf_ct_h323_master *info = nfct_help_data(ct); 1447 const struct nfct_h323_nat_hooks *nathook; 1448 int dir = CTINFO2DIR(ctinfo); 1449 __be16 port; 1450 union nf_inet_addr addr; 1451 1452 pr_debug("nf_ct_ras: ARQ\n"); 1453 1454 nathook = rcu_dereference(nfct_h323_nat_hook); 1455 if (!nathook) 1456 return 0; 1457 1458 if ((arq->options & eAdmissionRequest_destCallSignalAddress) && 1459 get_h225_addr(ct, *data, &arq->destCallSignalAddress, 1460 &addr, &port) && 1461 !memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) && 1462 port == info->sig_port[dir] && 1463 nf_ct_l3num(ct) == NFPROTO_IPV4 && 1464 ct->status & IPS_NAT_MASK) { 1465 /* Answering ARQ */ 1466 return nathook->set_h225_addr(skb, protoff, data, 0, 1467 &arq->destCallSignalAddress, 1468 &ct->tuplehash[!dir].tuple.dst.u3, 1469 info->sig_port[!dir]); 1470 } 1471 1472 if ((arq->options & eAdmissionRequest_srcCallSignalAddress) && 1473 get_h225_addr(ct, *data, &arq->srcCallSignalAddress, 1474 &addr, &port) && 1475 !memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) && 1476 nf_ct_l3num(ct) == NFPROTO_IPV4 && 1477 ct->status & IPS_NAT_MASK) { 1478 /* Calling ARQ */ 1479 return nathook->set_h225_addr(skb, protoff, data, 0, 1480 &arq->srcCallSignalAddress, 1481 &ct->tuplehash[!dir].tuple.dst.u3, 1482 port); 1483 } 1484 1485 return 0; 1486} 1487 1488static int process_acf(struct sk_buff *skb, struct nf_conn *ct, 1489 enum ip_conntrack_info ctinfo, 1490 unsigned int protoff, 1491 unsigned char **data, AdmissionConfirm *acf) 1492{ 1493 int dir = CTINFO2DIR(ctinfo); 1494 int ret = 0; 1495 __be16 port; 1496 union nf_inet_addr addr; 1497 struct nf_conntrack_expect *exp; 1498 1499 pr_debug("nf_ct_ras: ACF\n"); 1500 1501 if (!get_h225_addr(ct, *data, &acf->destCallSignalAddress, 1502 &addr, &port)) 1503 return 0; 1504 1505 if (!memcmp(&addr, &ct->tuplehash[dir].tuple.dst.u3, sizeof(addr))) { 1506 const struct nfct_h323_nat_hooks *nathook; 1507 1508 /* Answering ACF */ 1509 nathook = rcu_dereference(nfct_h323_nat_hook); 1510 if (nathook && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1511 ct->status & IPS_NAT_MASK) 1512 return nathook->set_sig_addr(skb, ct, ctinfo, protoff, 1513 data, 1514 &acf->destCallSignalAddress, 1); 1515 return 0; 1516 } 1517 1518 /* Need new expect */ 1519 if ((exp = nf_ct_expect_alloc(ct)) == NULL) 1520 return -1; 1521 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct), 1522 &ct->tuplehash[!dir].tuple.src.u3, &addr, 1523 IPPROTO_TCP, NULL, &port); 1524 exp->flags = NF_CT_EXPECT_PERMANENT; 1525 exp->helper = nf_conntrack_helper_q931; 1526 1527 if (nf_ct_expect_related(exp, 0) == 0) { 1528 pr_debug("nf_ct_ras: expect Q.931 "); 1529 nf_ct_dump_tuple(&exp->tuple); 1530 } else 1531 ret = -1; 1532 1533 nf_ct_expect_put(exp); 1534 1535 return ret; 1536} 1537 1538static int process_lrq(struct sk_buff *skb, struct nf_conn *ct, 1539 enum ip_conntrack_info ctinfo, 1540 unsigned int protoff, 1541 unsigned char **data, LocationRequest *lrq) 1542{ 1543 const struct nfct_h323_nat_hooks *nathook; 1544 1545 pr_debug("nf_ct_ras: LRQ\n"); 1546 1547 nathook = rcu_dereference(nfct_h323_nat_hook); 1548 if (nathook && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1549 ct->status & IPS_NAT_MASK) 1550 return nathook->set_ras_addr(skb, ct, ctinfo, protoff, data, 1551 &lrq->replyAddress, 1); 1552 return 0; 1553} 1554 1555static int process_lcf(struct sk_buff *skb, struct nf_conn *ct, 1556 enum ip_conntrack_info ctinfo, 1557 unsigned int protoff, 1558 unsigned char **data, LocationConfirm *lcf) 1559{ 1560 int dir = CTINFO2DIR(ctinfo); 1561 int ret = 0; 1562 __be16 port; 1563 union nf_inet_addr addr; 1564 struct nf_conntrack_expect *exp; 1565 1566 pr_debug("nf_ct_ras: LCF\n"); 1567 1568 if (!get_h225_addr(ct, *data, &lcf->callSignalAddress, 1569 &addr, &port)) 1570 return 0; 1571 1572 /* Need new expect for call signal */ 1573 if ((exp = nf_ct_expect_alloc(ct)) == NULL) 1574 return -1; 1575 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct), 1576 &ct->tuplehash[!dir].tuple.src.u3, &addr, 1577 IPPROTO_TCP, NULL, &port); 1578 exp->flags = NF_CT_EXPECT_PERMANENT; 1579 exp->helper = nf_conntrack_helper_q931; 1580 1581 if (nf_ct_expect_related(exp, 0) == 0) { 1582 pr_debug("nf_ct_ras: expect Q.931 "); 1583 nf_ct_dump_tuple(&exp->tuple); 1584 } else 1585 ret = -1; 1586 1587 nf_ct_expect_put(exp); 1588 1589 /* Ignore rasAddress */ 1590 1591 return ret; 1592} 1593 1594static int process_irr(struct sk_buff *skb, struct nf_conn *ct, 1595 enum ip_conntrack_info ctinfo, 1596 unsigned int protoff, 1597 unsigned char **data, InfoRequestResponse *irr) 1598{ 1599 const struct nfct_h323_nat_hooks *nathook; 1600 int ret; 1601 1602 pr_debug("nf_ct_ras: IRR\n"); 1603 1604 nathook = rcu_dereference(nfct_h323_nat_hook); 1605 if (nathook && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1606 ct->status & IPS_NAT_MASK) { 1607 ret = nathook->set_ras_addr(skb, ct, ctinfo, protoff, data, 1608 &irr->rasAddress, 1); 1609 if (ret < 0) 1610 return -1; 1611 1612 ret = nathook->set_sig_addr(skb, ct, ctinfo, protoff, data, 1613 irr->callSignalAddress.item, 1614 irr->callSignalAddress.count); 1615 if (ret < 0) 1616 return -1; 1617 } 1618 1619 return 0; 1620} 1621 1622static int process_ras(struct sk_buff *skb, struct nf_conn *ct, 1623 enum ip_conntrack_info ctinfo, 1624 unsigned int protoff, 1625 unsigned char **data, RasMessage *ras) 1626{ 1627 switch (ras->choice) { 1628 case eRasMessage_gatekeeperRequest: 1629 return process_grq(skb, ct, ctinfo, protoff, data, 1630 &ras->gatekeeperRequest); 1631 case eRasMessage_gatekeeperConfirm: 1632 return process_gcf(skb, ct, ctinfo, protoff, data, 1633 &ras->gatekeeperConfirm); 1634 case eRasMessage_registrationRequest: 1635 return process_rrq(skb, ct, ctinfo, protoff, data, 1636 &ras->registrationRequest); 1637 case eRasMessage_registrationConfirm: 1638 return process_rcf(skb, ct, ctinfo, protoff, data, 1639 &ras->registrationConfirm); 1640 case eRasMessage_unregistrationRequest: 1641 return process_urq(skb, ct, ctinfo, protoff, data, 1642 &ras->unregistrationRequest); 1643 case eRasMessage_admissionRequest: 1644 return process_arq(skb, ct, ctinfo, protoff, data, 1645 &ras->admissionRequest); 1646 case eRasMessage_admissionConfirm: 1647 return process_acf(skb, ct, ctinfo, protoff, data, 1648 &ras->admissionConfirm); 1649 case eRasMessage_locationRequest: 1650 return process_lrq(skb, ct, ctinfo, protoff, data, 1651 &ras->locationRequest); 1652 case eRasMessage_locationConfirm: 1653 return process_lcf(skb, ct, ctinfo, protoff, data, 1654 &ras->locationConfirm); 1655 case eRasMessage_infoRequestResponse: 1656 return process_irr(skb, ct, ctinfo, protoff, data, 1657 &ras->infoRequestResponse); 1658 default: 1659 pr_debug("nf_ct_ras: RAS message %d\n", ras->choice); 1660 break; 1661 } 1662 1663 return 0; 1664} 1665 1666static int ras_help(struct sk_buff *skb, unsigned int protoff, 1667 struct nf_conn *ct, enum ip_conntrack_info ctinfo) 1668{ 1669 static RasMessage ras; 1670 unsigned char *data; 1671 int datalen = 0; 1672 int ret; 1673 1674 pr_debug("nf_ct_ras: skblen = %u\n", skb->len); 1675 1676 spin_lock_bh(&nf_h323_lock); 1677 1678 /* Get UDP data */ 1679 data = get_udp_data(skb, protoff, &datalen); 1680 if (data == NULL) 1681 goto accept; 1682 pr_debug("nf_ct_ras: RAS message len=%d ", datalen); 1683 nf_ct_dump_tuple(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple); 1684 1685 /* Decode RAS message */ 1686 ret = DecodeRasMessage(data, datalen, &ras); 1687 if (ret < 0) { 1688 pr_debug("nf_ct_ras: decoding error: %s\n", 1689 ret == H323_ERROR_BOUND ? 1690 "out of bound" : "out of range"); 1691 goto accept; 1692 } 1693 1694 /* Process RAS message */ 1695 if (process_ras(skb, ct, ctinfo, protoff, &data, &ras) < 0) 1696 goto drop; 1697 1698 accept: 1699 spin_unlock_bh(&nf_h323_lock); 1700 return NF_ACCEPT; 1701 1702 drop: 1703 spin_unlock_bh(&nf_h323_lock); 1704 nf_ct_helper_log(skb, ct, "cannot process RAS message"); 1705 return NF_DROP; 1706} 1707 1708static const struct nf_conntrack_expect_policy ras_exp_policy = { 1709 .max_expected = 32, 1710 .timeout = 240, 1711}; 1712 1713static struct nf_conntrack_helper nf_conntrack_helper_ras[] __read_mostly = { 1714 { 1715 .name = "RAS", 1716 .me = THIS_MODULE, 1717 .tuple.src.l3num = AF_INET, 1718 .tuple.src.u.udp.port = cpu_to_be16(RAS_PORT), 1719 .tuple.dst.protonum = IPPROTO_UDP, 1720 .help = ras_help, 1721 .expect_policy = &ras_exp_policy, 1722 }, 1723 { 1724 .name = "RAS", 1725 .me = THIS_MODULE, 1726 .tuple.src.l3num = AF_INET6, 1727 .tuple.src.u.udp.port = cpu_to_be16(RAS_PORT), 1728 .tuple.dst.protonum = IPPROTO_UDP, 1729 .help = ras_help, 1730 .expect_policy = &ras_exp_policy, 1731 }, 1732}; 1733 1734static int __init h323_helper_init(void) 1735{ 1736 int ret; 1737 1738 ret = nf_conntrack_helper_register(&nf_conntrack_helper_h245); 1739 if (ret < 0) 1740 return ret; 1741 ret = nf_conntrack_helpers_register(nf_conntrack_helper_q931, 1742 ARRAY_SIZE(nf_conntrack_helper_q931)); 1743 if (ret < 0) 1744 goto err1; 1745 ret = nf_conntrack_helpers_register(nf_conntrack_helper_ras, 1746 ARRAY_SIZE(nf_conntrack_helper_ras)); 1747 if (ret < 0) 1748 goto err2; 1749 1750 return 0; 1751err2: 1752 nf_conntrack_helpers_unregister(nf_conntrack_helper_q931, 1753 ARRAY_SIZE(nf_conntrack_helper_q931)); 1754err1: 1755 nf_conntrack_helper_unregister(&nf_conntrack_helper_h245); 1756 return ret; 1757} 1758 1759static void __exit h323_helper_exit(void) 1760{ 1761 nf_conntrack_helpers_unregister(nf_conntrack_helper_ras, 1762 ARRAY_SIZE(nf_conntrack_helper_ras)); 1763 nf_conntrack_helpers_unregister(nf_conntrack_helper_q931, 1764 ARRAY_SIZE(nf_conntrack_helper_q931)); 1765 nf_conntrack_helper_unregister(&nf_conntrack_helper_h245); 1766} 1767 1768static void __exit nf_conntrack_h323_fini(void) 1769{ 1770 h323_helper_exit(); 1771 kfree(h323_buffer); 1772 pr_debug("nf_ct_h323: fini\n"); 1773} 1774 1775static int __init nf_conntrack_h323_init(void) 1776{ 1777 int ret; 1778 1779 NF_CT_HELPER_BUILD_BUG_ON(sizeof(struct nf_ct_h323_master)); 1780 1781 h323_buffer = kmalloc(H323_MAX_SIZE + 1, GFP_KERNEL); 1782 if (!h323_buffer) 1783 return -ENOMEM; 1784 ret = h323_helper_init(); 1785 if (ret < 0) 1786 goto err1; 1787 pr_debug("nf_ct_h323: init success\n"); 1788 return 0; 1789err1: 1790 kfree(h323_buffer); 1791 return ret; 1792} 1793 1794module_init(nf_conntrack_h323_init); 1795module_exit(nf_conntrack_h323_fini); 1796 1797MODULE_AUTHOR("Jing Min Zhao <zhaojingmin@users.sourceforge.net>"); 1798MODULE_DESCRIPTION("H.323 connection tracking helper"); 1799MODULE_LICENSE("GPL"); 1800MODULE_ALIAS("ip_conntrack_h323"); 1801MODULE_ALIAS_NFCT_HELPER("RAS"); 1802MODULE_ALIAS_NFCT_HELPER("Q.931"); 1803MODULE_ALIAS_NFCT_HELPER("H.245"); 1804