1/* 2 * H.323 connection tracking helper 3 * 4 * Copyright (c) 2006 Jing Min Zhao <zhaojingmin@users.sourceforge.net> 5 * 6 * This source code is licensed under General Public License version 2. 7 * 8 * Based on the 'brute force' H.323 connection tracking module by 9 * Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 10 * 11 * For more information, please see http://nath323.sourceforge.net/ 12 */ 13 14#include <linux/module.h> 15#include <linux/moduleparam.h> 16#include <linux/ctype.h> 17#include <linux/inet.h> 18#include <linux/in.h> 19#include <linux/ip.h> 20#include <linux/udp.h> 21#include <linux/tcp.h> 22#include <linux/skbuff.h> 23#include <net/route.h> 24#include <net/ip6_route.h> 25 26#include <net/netfilter/nf_conntrack.h> 27#include <net/netfilter/nf_conntrack_core.h> 28#include <net/netfilter/nf_conntrack_tuple.h> 29#include <net/netfilter/nf_conntrack_expect.h> 30#include <net/netfilter/nf_conntrack_ecache.h> 31#include <net/netfilter/nf_conntrack_helper.h> 32#include <linux/netfilter/nf_conntrack_h323.h> 33 34#define DEBUGP(format, args...) 35 36/* Parameters */ 37static unsigned int default_rrq_ttl __read_mostly = 300; 38module_param(default_rrq_ttl, uint, 0600); 39MODULE_PARM_DESC(default_rrq_ttl, "use this TTL if it's missing in RRQ"); 40 41static int gkrouted_only __read_mostly = 1; 42module_param(gkrouted_only, int, 0600); 43MODULE_PARM_DESC(gkrouted_only, "only accept calls from gatekeeper"); 44 45static int callforward_filter __read_mostly = 1; 46module_param(callforward_filter, bool, 0600); 47MODULE_PARM_DESC(callforward_filter, "only create call forwarding expectations " 48 "if both endpoints are on different sides " 49 "(determined by routing information)"); 50 51/* Hooks for NAT */ 52int (*set_h245_addr_hook) (struct sk_buff **pskb, 53 unsigned char **data, int dataoff, 54 H245_TransportAddress *taddr, 55 union nf_conntrack_address *addr, __be16 port) 56 __read_mostly; 57int (*set_h225_addr_hook) (struct sk_buff **pskb, 58 unsigned char **data, int dataoff, 59 TransportAddress *taddr, 60 union nf_conntrack_address *addr, __be16 port) 61 __read_mostly; 62int (*set_sig_addr_hook) (struct sk_buff **pskb, 63 struct nf_conn *ct, 64 enum ip_conntrack_info ctinfo, 65 unsigned char **data, 66 TransportAddress *taddr, int count) __read_mostly; 67int (*set_ras_addr_hook) (struct sk_buff **pskb, 68 struct nf_conn *ct, 69 enum ip_conntrack_info ctinfo, 70 unsigned char **data, 71 TransportAddress *taddr, int count) __read_mostly; 72int (*nat_rtp_rtcp_hook) (struct sk_buff **pskb, 73 struct nf_conn *ct, 74 enum ip_conntrack_info ctinfo, 75 unsigned char **data, int dataoff, 76 H245_TransportAddress *taddr, 77 __be16 port, __be16 rtp_port, 78 struct nf_conntrack_expect *rtp_exp, 79 struct nf_conntrack_expect *rtcp_exp) __read_mostly; 80int (*nat_t120_hook) (struct sk_buff **pskb, 81 struct nf_conn *ct, 82 enum ip_conntrack_info ctinfo, 83 unsigned char **data, int dataoff, 84 H245_TransportAddress *taddr, __be16 port, 85 struct nf_conntrack_expect *exp) __read_mostly; 86int (*nat_h245_hook) (struct sk_buff **pskb, 87 struct nf_conn *ct, 88 enum ip_conntrack_info ctinfo, 89 unsigned char **data, int dataoff, 90 TransportAddress *taddr, __be16 port, 91 struct nf_conntrack_expect *exp) __read_mostly; 92int (*nat_callforwarding_hook) (struct sk_buff **pskb, 93 struct nf_conn *ct, 94 enum ip_conntrack_info ctinfo, 95 unsigned char **data, int dataoff, 96 TransportAddress *taddr, __be16 port, 97 struct nf_conntrack_expect *exp) __read_mostly; 98int (*nat_q931_hook) (struct sk_buff **pskb, 99 struct nf_conn *ct, 100 enum ip_conntrack_info ctinfo, 101 unsigned char **data, TransportAddress *taddr, int idx, 102 __be16 port, struct nf_conntrack_expect *exp) 103 __read_mostly; 104 105static DEFINE_SPINLOCK(nf_h323_lock); 106static char *h323_buffer; 107 108static struct nf_conntrack_helper nf_conntrack_helper_h245; 109static struct nf_conntrack_helper nf_conntrack_helper_q931[]; 110static struct nf_conntrack_helper nf_conntrack_helper_ras[]; 111 112/****************************************************************************/ 113static int get_tpkt_data(struct sk_buff **pskb, unsigned int protoff, 114 struct nf_conn *ct, enum ip_conntrack_info ctinfo, 115 unsigned char **data, int *datalen, int *dataoff) 116{ 117 struct nf_ct_h323_master *info = &nfct_help(ct)->help.ct_h323_info; 118 int dir = CTINFO2DIR(ctinfo); 119 struct tcphdr _tcph, *th; 120 int tcpdatalen; 121 int tcpdataoff; 122 unsigned char *tpkt; 123 int tpktlen; 124 int tpktoff; 125 126 /* Get TCP header */ 127 th = skb_header_pointer(*pskb, protoff, sizeof(_tcph), &_tcph); 128 if (th == NULL) 129 return 0; 130 131 /* Get TCP data offset */ 132 tcpdataoff = protoff + th->doff * 4; 133 134 /* Get TCP data length */ 135 tcpdatalen = (*pskb)->len - tcpdataoff; 136 if (tcpdatalen <= 0) /* No TCP data */ 137 goto clear_out; 138 139 if (*data == NULL) { /* first TPKT */ 140 /* Get first TPKT pointer */ 141 tpkt = skb_header_pointer(*pskb, tcpdataoff, tcpdatalen, 142 h323_buffer); 143 BUG_ON(tpkt == NULL); 144 145 /* Validate TPKT identifier */ 146 if (tcpdatalen < 4 || tpkt[0] != 0x03 || tpkt[1] != 0) { 147 /* Netmeeting sends TPKT header and data separately */ 148 if (info->tpkt_len[dir] > 0) { 149 DEBUGP("nf_ct_h323: previous packet " 150 "indicated separate TPKT data of %hu " 151 "bytes\n", info->tpkt_len[dir]); 152 if (info->tpkt_len[dir] <= tcpdatalen) { 153 /* Yes, there was a TPKT header 154 * received */ 155 *data = tpkt; 156 *datalen = info->tpkt_len[dir]; 157 *dataoff = 0; 158 goto out; 159 } 160 161 /* Fragmented TPKT */ 162 if (net_ratelimit()) 163 printk("nf_ct_h323: " 164 "fragmented TPKT\n"); 165 goto clear_out; 166 } 167 168 /* It is not even a TPKT */ 169 return 0; 170 } 171 tpktoff = 0; 172 } else { /* Next TPKT */ 173 tpktoff = *dataoff + *datalen; 174 tcpdatalen -= tpktoff; 175 if (tcpdatalen <= 4) /* No more TPKT */ 176 goto clear_out; 177 tpkt = *data + *datalen; 178 179 /* Validate TPKT identifier */ 180 if (tpkt[0] != 0x03 || tpkt[1] != 0) 181 goto clear_out; 182 } 183 184 /* Validate TPKT length */ 185 tpktlen = tpkt[2] * 256 + tpkt[3]; 186 if (tpktlen < 4) 187 goto clear_out; 188 if (tpktlen > tcpdatalen) { 189 if (tcpdatalen == 4) { /* Separate TPKT header */ 190 /* Netmeeting sends TPKT header and data separately */ 191 DEBUGP("nf_ct_h323: separate TPKT header indicates " 192 "there will be TPKT data of %hu bytes\n", 193 tpktlen - 4); 194 info->tpkt_len[dir] = tpktlen - 4; 195 return 0; 196 } 197 198 if (net_ratelimit()) 199 printk("nf_ct_h323: incomplete TPKT (fragmented?)\n"); 200 goto clear_out; 201 } 202 203 /* This is the encapsulated data */ 204 *data = tpkt + 4; 205 *datalen = tpktlen - 4; 206 *dataoff = tpktoff + 4; 207 208 out: 209 /* Clear TPKT length */ 210 info->tpkt_len[dir] = 0; 211 return 1; 212 213 clear_out: 214 info->tpkt_len[dir] = 0; 215 return 0; 216} 217 218/****************************************************************************/ 219static int get_h245_addr(struct nf_conn *ct, unsigned char *data, 220 H245_TransportAddress *taddr, 221 union nf_conntrack_address *addr, __be16 *port) 222{ 223 unsigned char *p; 224 int family = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num; 225 int len; 226 227 if (taddr->choice != eH245_TransportAddress_unicastAddress) 228 return 0; 229 230 switch (taddr->unicastAddress.choice) { 231 case eUnicastAddress_iPAddress: 232 if (family != AF_INET) 233 return 0; 234 p = data + taddr->unicastAddress.iPAddress.network; 235 len = 4; 236 break; 237 case eUnicastAddress_iP6Address: 238 if (family != AF_INET6) 239 return 0; 240 p = data + taddr->unicastAddress.iP6Address.network; 241 len = 16; 242 break; 243 default: 244 return 0; 245 } 246 247 memcpy(addr, p, len); 248 memset((void *)addr + len, 0, sizeof(*addr) - len); 249 memcpy(port, p + len, sizeof(__be16)); 250 251 return 1; 252} 253 254/****************************************************************************/ 255static int expect_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct, 256 enum ip_conntrack_info ctinfo, 257 unsigned char **data, int dataoff, 258 H245_TransportAddress *taddr) 259{ 260 int dir = CTINFO2DIR(ctinfo); 261 int ret = 0; 262 __be16 port; 263 __be16 rtp_port, rtcp_port; 264 union nf_conntrack_address addr; 265 struct nf_conntrack_expect *rtp_exp; 266 struct nf_conntrack_expect *rtcp_exp; 267 typeof(nat_rtp_rtcp_hook) nat_rtp_rtcp; 268 269 /* Read RTP or RTCP address */ 270 if (!get_h245_addr(ct, *data, taddr, &addr, &port) || 271 memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) || 272 port == 0) 273 return 0; 274 275 /* RTP port is even */ 276 port &= htons(~1); 277 rtp_port = port; 278 rtcp_port = htons(ntohs(port) + 1); 279 280 /* Create expect for RTP */ 281 if ((rtp_exp = nf_conntrack_expect_alloc(ct)) == NULL) 282 return -1; 283 nf_conntrack_expect_init(rtp_exp, ct->tuplehash[!dir].tuple.src.l3num, 284 &ct->tuplehash[!dir].tuple.src.u3, 285 &ct->tuplehash[!dir].tuple.dst.u3, 286 IPPROTO_UDP, NULL, &rtp_port); 287 288 /* Create expect for RTCP */ 289 if ((rtcp_exp = nf_conntrack_expect_alloc(ct)) == NULL) { 290 nf_conntrack_expect_put(rtp_exp); 291 return -1; 292 } 293 nf_conntrack_expect_init(rtcp_exp, ct->tuplehash[!dir].tuple.src.l3num, 294 &ct->tuplehash[!dir].tuple.src.u3, 295 &ct->tuplehash[!dir].tuple.dst.u3, 296 IPPROTO_UDP, NULL, &rtcp_port); 297 298 if (memcmp(&ct->tuplehash[dir].tuple.src.u3, 299 &ct->tuplehash[!dir].tuple.dst.u3, 300 sizeof(ct->tuplehash[dir].tuple.src.u3)) && 301 (nat_rtp_rtcp = rcu_dereference(nat_rtp_rtcp_hook)) && 302 ct->status & IPS_NAT_MASK) { 303 /* NAT needed */ 304 ret = nat_rtp_rtcp(pskb, ct, ctinfo, data, dataoff, 305 taddr, port, rtp_port, rtp_exp, rtcp_exp); 306 } else { /* Conntrack only */ 307 if (nf_conntrack_expect_related(rtp_exp) == 0) { 308 if (nf_conntrack_expect_related(rtcp_exp) == 0) { 309 DEBUGP("nf_ct_h323: expect RTP "); 310 NF_CT_DUMP_TUPLE(&rtp_exp->tuple); 311 DEBUGP("nf_ct_h323: expect RTCP "); 312 NF_CT_DUMP_TUPLE(&rtcp_exp->tuple); 313 } else { 314 nf_conntrack_unexpect_related(rtp_exp); 315 ret = -1; 316 } 317 } else 318 ret = -1; 319 } 320 321 nf_conntrack_expect_put(rtp_exp); 322 nf_conntrack_expect_put(rtcp_exp); 323 324 return ret; 325} 326 327/****************************************************************************/ 328static int expect_t120(struct sk_buff **pskb, 329 struct nf_conn *ct, 330 enum ip_conntrack_info ctinfo, 331 unsigned char **data, int dataoff, 332 H245_TransportAddress *taddr) 333{ 334 int dir = CTINFO2DIR(ctinfo); 335 int ret = 0; 336 __be16 port; 337 union nf_conntrack_address addr; 338 struct nf_conntrack_expect *exp; 339 typeof(nat_t120_hook) nat_t120; 340 341 /* Read T.120 address */ 342 if (!get_h245_addr(ct, *data, taddr, &addr, &port) || 343 memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) || 344 port == 0) 345 return 0; 346 347 /* Create expect for T.120 connections */ 348 if ((exp = nf_conntrack_expect_alloc(ct)) == NULL) 349 return -1; 350 nf_conntrack_expect_init(exp, ct->tuplehash[!dir].tuple.src.l3num, 351 &ct->tuplehash[!dir].tuple.src.u3, 352 &ct->tuplehash[!dir].tuple.dst.u3, 353 IPPROTO_TCP, NULL, &port); 354 exp->flags = NF_CT_EXPECT_PERMANENT; /* Accept multiple channels */ 355 356 if (memcmp(&ct->tuplehash[dir].tuple.src.u3, 357 &ct->tuplehash[!dir].tuple.dst.u3, 358 sizeof(ct->tuplehash[dir].tuple.src.u3)) && 359 (nat_t120 = rcu_dereference(nat_t120_hook)) && 360 ct->status & IPS_NAT_MASK) { 361 /* NAT needed */ 362 ret = nat_t120(pskb, ct, ctinfo, data, dataoff, taddr, 363 port, exp); 364 } else { /* Conntrack only */ 365 if (nf_conntrack_expect_related(exp) == 0) { 366 DEBUGP("nf_ct_h323: expect T.120 "); 367 NF_CT_DUMP_TUPLE(&exp->tuple); 368 } else 369 ret = -1; 370 } 371 372 nf_conntrack_expect_put(exp); 373 374 return ret; 375} 376 377/****************************************************************************/ 378static int process_h245_channel(struct sk_buff **pskb, 379 struct nf_conn *ct, 380 enum ip_conntrack_info ctinfo, 381 unsigned char **data, int dataoff, 382 H2250LogicalChannelParameters *channel) 383{ 384 int ret; 385 386 if (channel->options & eH2250LogicalChannelParameters_mediaChannel) { 387 /* RTP */ 388 ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff, 389 &channel->mediaChannel); 390 if (ret < 0) 391 return -1; 392 } 393 394 if (channel-> 395 options & eH2250LogicalChannelParameters_mediaControlChannel) { 396 /* RTCP */ 397 ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff, 398 &channel->mediaControlChannel); 399 if (ret < 0) 400 return -1; 401 } 402 403 return 0; 404} 405 406/****************************************************************************/ 407static int process_olc(struct sk_buff **pskb, struct nf_conn *ct, 408 enum ip_conntrack_info ctinfo, 409 unsigned char **data, int dataoff, 410 OpenLogicalChannel *olc) 411{ 412 int ret; 413 414 DEBUGP("nf_ct_h323: OpenLogicalChannel\n"); 415 416 if (olc->forwardLogicalChannelParameters.multiplexParameters.choice == 417 eOpenLogicalChannel_forwardLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters) 418 { 419 ret = process_h245_channel(pskb, ct, ctinfo, data, dataoff, 420 &olc-> 421 forwardLogicalChannelParameters. 422 multiplexParameters. 423 h2250LogicalChannelParameters); 424 if (ret < 0) 425 return -1; 426 } 427 428 if ((olc->options & 429 eOpenLogicalChannel_reverseLogicalChannelParameters) && 430 (olc->reverseLogicalChannelParameters.options & 431 eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters) 432 && (olc->reverseLogicalChannelParameters.multiplexParameters. 433 choice == 434 eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)) 435 { 436 ret = 437 process_h245_channel(pskb, ct, ctinfo, data, dataoff, 438 &olc-> 439 reverseLogicalChannelParameters. 440 multiplexParameters. 441 h2250LogicalChannelParameters); 442 if (ret < 0) 443 return -1; 444 } 445 446 if ((olc->options & eOpenLogicalChannel_separateStack) && 447 olc->forwardLogicalChannelParameters.dataType.choice == 448 eDataType_data && 449 olc->forwardLogicalChannelParameters.dataType.data.application. 450 choice == eDataApplicationCapability_application_t120 && 451 olc->forwardLogicalChannelParameters.dataType.data.application. 452 t120.choice == eDataProtocolCapability_separateLANStack && 453 olc->separateStack.networkAddress.choice == 454 eNetworkAccessParameters_networkAddress_localAreaAddress) { 455 ret = expect_t120(pskb, ct, ctinfo, data, dataoff, 456 &olc->separateStack.networkAddress. 457 localAreaAddress); 458 if (ret < 0) 459 return -1; 460 } 461 462 return 0; 463} 464 465/****************************************************************************/ 466static int process_olca(struct sk_buff **pskb, struct nf_conn *ct, 467 enum ip_conntrack_info ctinfo, 468 unsigned char **data, int dataoff, 469 OpenLogicalChannelAck *olca) 470{ 471 H2250LogicalChannelAckParameters *ack; 472 int ret; 473 474 DEBUGP("nf_ct_h323: OpenLogicalChannelAck\n"); 475 476 if ((olca->options & 477 eOpenLogicalChannelAck_reverseLogicalChannelParameters) && 478 (olca->reverseLogicalChannelParameters.options & 479 eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters) 480 && (olca->reverseLogicalChannelParameters.multiplexParameters. 481 choice == 482 eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)) 483 { 484 ret = process_h245_channel(pskb, ct, ctinfo, data, dataoff, 485 &olca-> 486 reverseLogicalChannelParameters. 487 multiplexParameters. 488 h2250LogicalChannelParameters); 489 if (ret < 0) 490 return -1; 491 } 492 493 if ((olca->options & 494 eOpenLogicalChannelAck_forwardMultiplexAckParameters) && 495 (olca->forwardMultiplexAckParameters.choice == 496 eOpenLogicalChannelAck_forwardMultiplexAckParameters_h2250LogicalChannelAckParameters)) 497 { 498 ack = &olca->forwardMultiplexAckParameters. 499 h2250LogicalChannelAckParameters; 500 if (ack->options & 501 eH2250LogicalChannelAckParameters_mediaChannel) { 502 /* RTP */ 503 ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff, 504 &ack->mediaChannel); 505 if (ret < 0) 506 return -1; 507 } 508 509 if (ack->options & 510 eH2250LogicalChannelAckParameters_mediaControlChannel) { 511 /* RTCP */ 512 ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff, 513 &ack->mediaControlChannel); 514 if (ret < 0) 515 return -1; 516 } 517 } 518 519 if ((olca->options & eOpenLogicalChannelAck_separateStack) && 520 olca->separateStack.networkAddress.choice == 521 eNetworkAccessParameters_networkAddress_localAreaAddress) { 522 ret = expect_t120(pskb, ct, ctinfo, data, dataoff, 523 &olca->separateStack.networkAddress. 524 localAreaAddress); 525 if (ret < 0) 526 return -1; 527 } 528 529 return 0; 530} 531 532/****************************************************************************/ 533static int process_h245(struct sk_buff **pskb, struct nf_conn *ct, 534 enum ip_conntrack_info ctinfo, 535 unsigned char **data, int dataoff, 536 MultimediaSystemControlMessage *mscm) 537{ 538 switch (mscm->choice) { 539 case eMultimediaSystemControlMessage_request: 540 if (mscm->request.choice == 541 eRequestMessage_openLogicalChannel) { 542 return process_olc(pskb, ct, ctinfo, data, dataoff, 543 &mscm->request.openLogicalChannel); 544 } 545 DEBUGP("nf_ct_h323: H.245 Request %d\n", 546 mscm->request.choice); 547 break; 548 case eMultimediaSystemControlMessage_response: 549 if (mscm->response.choice == 550 eResponseMessage_openLogicalChannelAck) { 551 return process_olca(pskb, ct, ctinfo, data, dataoff, 552 &mscm->response. 553 openLogicalChannelAck); 554 } 555 DEBUGP("nf_ct_h323: H.245 Response %d\n", 556 mscm->response.choice); 557 break; 558 default: 559 DEBUGP("nf_ct_h323: H.245 signal %d\n", mscm->choice); 560 break; 561 } 562 563 return 0; 564} 565 566/****************************************************************************/ 567static int h245_help(struct sk_buff **pskb, unsigned int protoff, 568 struct nf_conn *ct, enum ip_conntrack_info ctinfo) 569{ 570 static MultimediaSystemControlMessage mscm; 571 unsigned char *data = NULL; 572 int datalen; 573 int dataoff; 574 int ret; 575 576 /* Until there's been traffic both ways, don't look in packets. */ 577 if (ctinfo != IP_CT_ESTABLISHED && 578 ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) { 579 return NF_ACCEPT; 580 } 581 DEBUGP("nf_ct_h245: skblen = %u\n", (*pskb)->len); 582 583 spin_lock_bh(&nf_h323_lock); 584 585 /* Process each TPKT */ 586 while (get_tpkt_data(pskb, protoff, ct, ctinfo, 587 &data, &datalen, &dataoff)) { 588 DEBUGP("nf_ct_h245: TPKT len=%d ", datalen); 589 NF_CT_DUMP_TUPLE(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple); 590 591 /* Decode H.245 signal */ 592 ret = DecodeMultimediaSystemControlMessage(data, datalen, 593 &mscm); 594 if (ret < 0) { 595 if (net_ratelimit()) 596 printk("nf_ct_h245: decoding error: %s\n", 597 ret == H323_ERROR_BOUND ? 598 "out of bound" : "out of range"); 599 /* We don't drop when decoding error */ 600 break; 601 } 602 603 /* Process H.245 signal */ 604 if (process_h245(pskb, ct, ctinfo, &data, dataoff, &mscm) < 0) 605 goto drop; 606 } 607 608 spin_unlock_bh(&nf_h323_lock); 609 return NF_ACCEPT; 610 611 drop: 612 spin_unlock_bh(&nf_h323_lock); 613 if (net_ratelimit()) 614 printk("nf_ct_h245: packet dropped\n"); 615 return NF_DROP; 616} 617 618/****************************************************************************/ 619static struct nf_conntrack_helper nf_conntrack_helper_h245 __read_mostly = { 620 .name = "H.245", 621 .me = THIS_MODULE, 622 .max_expected = H323_RTP_CHANNEL_MAX * 4 + 2 /* T.120 */, 623 .timeout = 240, 624 .tuple.dst.protonum = IPPROTO_UDP, 625 .mask.src.u.udp.port = __constant_htons(0xFFFF), 626 .mask.dst.protonum = 0xFF, 627 .help = h245_help 628}; 629 630/****************************************************************************/ 631int get_h225_addr(struct nf_conn *ct, unsigned char *data, 632 TransportAddress *taddr, 633 union nf_conntrack_address *addr, __be16 *port) 634{ 635 unsigned char *p; 636 int family = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num; 637 int len; 638 639 switch (taddr->choice) { 640 case eTransportAddress_ipAddress: 641 if (family != AF_INET) 642 return 0; 643 p = data + taddr->ipAddress.ip; 644 len = 4; 645 break; 646 case eTransportAddress_ip6Address: 647 if (family != AF_INET6) 648 return 0; 649 p = data + taddr->ip6Address.ip; 650 len = 16; 651 break; 652 default: 653 return 0; 654 } 655 656 memcpy(addr, p, len); 657 memset((void *)addr + len, 0, sizeof(*addr) - len); 658 memcpy(port, p + len, sizeof(__be16)); 659 660 return 1; 661} 662 663/****************************************************************************/ 664static int expect_h245(struct sk_buff **pskb, struct nf_conn *ct, 665 enum ip_conntrack_info ctinfo, 666 unsigned char **data, int dataoff, 667 TransportAddress *taddr) 668{ 669 int dir = CTINFO2DIR(ctinfo); 670 int ret = 0; 671 __be16 port; 672 union nf_conntrack_address addr; 673 struct nf_conntrack_expect *exp; 674 typeof(nat_h245_hook) nat_h245; 675 676 /* Read h245Address */ 677 if (!get_h225_addr(ct, *data, taddr, &addr, &port) || 678 memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) || 679 port == 0) 680 return 0; 681 682 /* Create expect for h245 connection */ 683 if ((exp = nf_conntrack_expect_alloc(ct)) == NULL) 684 return -1; 685 nf_conntrack_expect_init(exp, ct->tuplehash[!dir].tuple.src.l3num, 686 &ct->tuplehash[!dir].tuple.src.u3, 687 &ct->tuplehash[!dir].tuple.dst.u3, 688 IPPROTO_TCP, NULL, &port); 689 exp->helper = &nf_conntrack_helper_h245; 690 691 if (memcmp(&ct->tuplehash[dir].tuple.src.u3, 692 &ct->tuplehash[!dir].tuple.dst.u3, 693 sizeof(ct->tuplehash[dir].tuple.src.u3)) && 694 (nat_h245 = rcu_dereference(nat_h245_hook)) && 695 ct->status & IPS_NAT_MASK) { 696 /* NAT needed */ 697 ret = nat_h245(pskb, ct, ctinfo, data, dataoff, taddr, 698 port, exp); 699 } else { /* Conntrack only */ 700 if (nf_conntrack_expect_related(exp) == 0) { 701 DEBUGP("nf_ct_q931: expect H.245 "); 702 NF_CT_DUMP_TUPLE(&exp->tuple); 703 } else 704 ret = -1; 705 } 706 707 nf_conntrack_expect_put(exp); 708 709 return ret; 710} 711 712/* If the calling party is on the same side of the forward-to party, 713 * we don't need to track the second call */ 714static int callforward_do_filter(union nf_conntrack_address *src, 715 union nf_conntrack_address *dst, 716 int family) 717{ 718 struct flowi fl1, fl2; 719 int ret = 0; 720 721 memset(&fl1, 0, sizeof(fl1)); 722 memset(&fl2, 0, sizeof(fl2)); 723 724 switch (family) { 725 case AF_INET: { 726 struct rtable *rt1, *rt2; 727 728 fl1.fl4_dst = src->ip; 729 fl2.fl4_dst = dst->ip; 730 if (ip_route_output_key(&rt1, &fl1) == 0) { 731 if (ip_route_output_key(&rt2, &fl2) == 0) { 732 if (rt1->rt_gateway == rt2->rt_gateway && 733 rt1->u.dst.dev == rt2->u.dst.dev) 734 ret = 1; 735 dst_release(&rt2->u.dst); 736 } 737 dst_release(&rt1->u.dst); 738 } 739 break; 740 } 741#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 742 case AF_INET6: { 743 struct rt6_info *rt1, *rt2; 744 745 memcpy(&fl1.fl6_dst, src, sizeof(fl1.fl6_dst)); 746 memcpy(&fl2.fl6_dst, dst, sizeof(fl2.fl6_dst)); 747 rt1 = (struct rt6_info *)ip6_route_output(NULL, &fl1); 748 if (rt1) { 749 rt2 = (struct rt6_info *)ip6_route_output(NULL, &fl2); 750 if (rt2) { 751 if (!memcmp(&rt1->rt6i_gateway, &rt2->rt6i_gateway, 752 sizeof(rt1->rt6i_gateway)) && 753 rt1->u.dst.dev == rt2->u.dst.dev) 754 ret = 1; 755 dst_release(&rt2->u.dst); 756 } 757 dst_release(&rt1->u.dst); 758 } 759 break; 760 } 761#endif 762 } 763 return ret; 764 765} 766 767/****************************************************************************/ 768static int expect_callforwarding(struct sk_buff **pskb, 769 struct nf_conn *ct, 770 enum ip_conntrack_info ctinfo, 771 unsigned char **data, int dataoff, 772 TransportAddress *taddr) 773{ 774 int dir = CTINFO2DIR(ctinfo); 775 int ret = 0; 776 __be16 port; 777 union nf_conntrack_address addr; 778 struct nf_conntrack_expect *exp; 779 typeof(nat_callforwarding_hook) nat_callforwarding; 780 781 /* Read alternativeAddress */ 782 if (!get_h225_addr(ct, *data, taddr, &addr, &port) || port == 0) 783 return 0; 784 785 /* If the calling party is on the same side of the forward-to party, 786 * we don't need to track the second call */ 787 if (callforward_filter && 788 callforward_do_filter(&addr, &ct->tuplehash[!dir].tuple.src.u3, 789 ct->tuplehash[!dir].tuple.src.l3num)) { 790 DEBUGP("nf_ct_q931: Call Forwarding not tracked\n"); 791 return 0; 792 } 793 794 /* Create expect for the second call leg */ 795 if ((exp = nf_conntrack_expect_alloc(ct)) == NULL) 796 return -1; 797 nf_conntrack_expect_init(exp, ct->tuplehash[!dir].tuple.src.l3num, 798 &ct->tuplehash[!dir].tuple.src.u3, &addr, 799 IPPROTO_TCP, NULL, &port); 800 exp->helper = nf_conntrack_helper_q931; 801 802 if (memcmp(&ct->tuplehash[dir].tuple.src.u3, 803 &ct->tuplehash[!dir].tuple.dst.u3, 804 sizeof(ct->tuplehash[dir].tuple.src.u3)) && 805 (nat_callforwarding = rcu_dereference(nat_callforwarding_hook)) && 806 ct->status & IPS_NAT_MASK) { 807 /* Need NAT */ 808 ret = nat_callforwarding(pskb, ct, ctinfo, data, dataoff, 809 taddr, port, exp); 810 } else { /* Conntrack only */ 811 if (nf_conntrack_expect_related(exp) == 0) { 812 DEBUGP("nf_ct_q931: expect Call Forwarding "); 813 NF_CT_DUMP_TUPLE(&exp->tuple); 814 } else 815 ret = -1; 816 } 817 818 nf_conntrack_expect_put(exp); 819 820 return ret; 821} 822 823/****************************************************************************/ 824static int process_setup(struct sk_buff **pskb, struct nf_conn *ct, 825 enum ip_conntrack_info ctinfo, 826 unsigned char **data, int dataoff, 827 Setup_UUIE *setup) 828{ 829 int dir = CTINFO2DIR(ctinfo); 830 int ret; 831 int i; 832 __be16 port; 833 union nf_conntrack_address addr; 834 typeof(set_h225_addr_hook) set_h225_addr; 835 836 DEBUGP("nf_ct_q931: Setup\n"); 837 838 if (setup->options & eSetup_UUIE_h245Address) { 839 ret = expect_h245(pskb, ct, ctinfo, data, dataoff, 840 &setup->h245Address); 841 if (ret < 0) 842 return -1; 843 } 844 845 set_h225_addr = rcu_dereference(set_h225_addr_hook); 846 if ((setup->options & eSetup_UUIE_destCallSignalAddress) && 847 (set_h225_addr) && ct->status && IPS_NAT_MASK && 848 get_h225_addr(ct, *data, &setup->destCallSignalAddress, 849 &addr, &port) && 850 memcmp(&addr, &ct->tuplehash[!dir].tuple.src.u3, sizeof(addr))) { 851 DEBUGP("nf_ct_q931: set destCallSignalAddress " 852 NIP6_FMT ":%hu->" NIP6_FMT ":%hu\n", 853 NIP6(*(struct in6_addr *)&addr), ntohs(port), 854 NIP6(*(struct in6_addr *)&ct->tuplehash[!dir].tuple.src.u3), 855 ntohs(ct->tuplehash[!dir].tuple.src.u.tcp.port)); 856 ret = set_h225_addr(pskb, data, dataoff, 857 &setup->destCallSignalAddress, 858 &ct->tuplehash[!dir].tuple.src.u3, 859 ct->tuplehash[!dir].tuple.src.u.tcp.port); 860 if (ret < 0) 861 return -1; 862 } 863 864 if ((setup->options & eSetup_UUIE_sourceCallSignalAddress) && 865 (set_h225_addr) && ct->status & IPS_NAT_MASK && 866 get_h225_addr(ct, *data, &setup->sourceCallSignalAddress, 867 &addr, &port) && 868 memcmp(&addr, &ct->tuplehash[!dir].tuple.dst.u3, sizeof(addr))) { 869 DEBUGP("nf_ct_q931: set sourceCallSignalAddress " 870 NIP6_FMT ":%hu->" NIP6_FMT ":%hu\n", 871 NIP6(*(struct in6_addr *)&addr), ntohs(port), 872 NIP6(*(struct in6_addr *)&ct->tuplehash[!dir].tuple.dst.u3), 873 ntohs(ct->tuplehash[!dir].tuple.dst.u.tcp.port)); 874 ret = set_h225_addr(pskb, data, dataoff, 875 &setup->sourceCallSignalAddress, 876 &ct->tuplehash[!dir].tuple.dst.u3, 877 ct->tuplehash[!dir].tuple.dst.u.tcp.port); 878 if (ret < 0) 879 return -1; 880 } 881 882 if (setup->options & eSetup_UUIE_fastStart) { 883 for (i = 0; i < setup->fastStart.count; i++) { 884 ret = process_olc(pskb, ct, ctinfo, data, dataoff, 885 &setup->fastStart.item[i]); 886 if (ret < 0) 887 return -1; 888 } 889 } 890 891 return 0; 892} 893 894/****************************************************************************/ 895static int process_callproceeding(struct sk_buff **pskb, 896 struct nf_conn *ct, 897 enum ip_conntrack_info ctinfo, 898 unsigned char **data, int dataoff, 899 CallProceeding_UUIE *callproc) 900{ 901 int ret; 902 int i; 903 904 DEBUGP("nf_ct_q931: CallProceeding\n"); 905 906 if (callproc->options & eCallProceeding_UUIE_h245Address) { 907 ret = expect_h245(pskb, ct, ctinfo, data, dataoff, 908 &callproc->h245Address); 909 if (ret < 0) 910 return -1; 911 } 912 913 if (callproc->options & eCallProceeding_UUIE_fastStart) { 914 for (i = 0; i < callproc->fastStart.count; i++) { 915 ret = process_olc(pskb, ct, ctinfo, data, dataoff, 916 &callproc->fastStart.item[i]); 917 if (ret < 0) 918 return -1; 919 } 920 } 921 922 return 0; 923} 924 925/****************************************************************************/ 926static int process_connect(struct sk_buff **pskb, struct nf_conn *ct, 927 enum ip_conntrack_info ctinfo, 928 unsigned char **data, int dataoff, 929 Connect_UUIE *connect) 930{ 931 int ret; 932 int i; 933 934 DEBUGP("nf_ct_q931: Connect\n"); 935 936 if (connect->options & eConnect_UUIE_h245Address) { 937 ret = expect_h245(pskb, ct, ctinfo, data, dataoff, 938 &connect->h245Address); 939 if (ret < 0) 940 return -1; 941 } 942 943 if (connect->options & eConnect_UUIE_fastStart) { 944 for (i = 0; i < connect->fastStart.count; i++) { 945 ret = process_olc(pskb, ct, ctinfo, data, dataoff, 946 &connect->fastStart.item[i]); 947 if (ret < 0) 948 return -1; 949 } 950 } 951 952 return 0; 953} 954 955/****************************************************************************/ 956static int process_alerting(struct sk_buff **pskb, struct nf_conn *ct, 957 enum ip_conntrack_info ctinfo, 958 unsigned char **data, int dataoff, 959 Alerting_UUIE *alert) 960{ 961 int ret; 962 int i; 963 964 DEBUGP("nf_ct_q931: Alerting\n"); 965 966 if (alert->options & eAlerting_UUIE_h245Address) { 967 ret = expect_h245(pskb, ct, ctinfo, data, dataoff, 968 &alert->h245Address); 969 if (ret < 0) 970 return -1; 971 } 972 973 if (alert->options & eAlerting_UUIE_fastStart) { 974 for (i = 0; i < alert->fastStart.count; i++) { 975 ret = process_olc(pskb, ct, ctinfo, data, dataoff, 976 &alert->fastStart.item[i]); 977 if (ret < 0) 978 return -1; 979 } 980 } 981 982 return 0; 983} 984 985/****************************************************************************/ 986static int process_facility(struct sk_buff **pskb, struct nf_conn *ct, 987 enum ip_conntrack_info ctinfo, 988 unsigned char **data, int dataoff, 989 Facility_UUIE *facility) 990{ 991 int ret; 992 int i; 993 994 DEBUGP("nf_ct_q931: Facility\n"); 995 996 if (facility->reason.choice == eFacilityReason_callForwarded) { 997 if (facility->options & eFacility_UUIE_alternativeAddress) 998 return expect_callforwarding(pskb, ct, ctinfo, data, 999 dataoff, 1000 &facility-> 1001 alternativeAddress); 1002 return 0; 1003 } 1004 1005 if (facility->options & eFacility_UUIE_h245Address) { 1006 ret = expect_h245(pskb, ct, ctinfo, data, dataoff, 1007 &facility->h245Address); 1008 if (ret < 0) 1009 return -1; 1010 } 1011 1012 if (facility->options & eFacility_UUIE_fastStart) { 1013 for (i = 0; i < facility->fastStart.count; i++) { 1014 ret = process_olc(pskb, ct, ctinfo, data, dataoff, 1015 &facility->fastStart.item[i]); 1016 if (ret < 0) 1017 return -1; 1018 } 1019 } 1020 1021 return 0; 1022} 1023 1024/****************************************************************************/ 1025static int process_progress(struct sk_buff **pskb, struct nf_conn *ct, 1026 enum ip_conntrack_info ctinfo, 1027 unsigned char **data, int dataoff, 1028 Progress_UUIE *progress) 1029{ 1030 int ret; 1031 int i; 1032 1033 DEBUGP("nf_ct_q931: Progress\n"); 1034 1035 if (progress->options & eProgress_UUIE_h245Address) { 1036 ret = expect_h245(pskb, ct, ctinfo, data, dataoff, 1037 &progress->h245Address); 1038 if (ret < 0) 1039 return -1; 1040 } 1041 1042 if (progress->options & eProgress_UUIE_fastStart) { 1043 for (i = 0; i < progress->fastStart.count; i++) { 1044 ret = process_olc(pskb, ct, ctinfo, data, dataoff, 1045 &progress->fastStart.item[i]); 1046 if (ret < 0) 1047 return -1; 1048 } 1049 } 1050 1051 return 0; 1052} 1053 1054/****************************************************************************/ 1055static int process_q931(struct sk_buff **pskb, struct nf_conn *ct, 1056 enum ip_conntrack_info ctinfo, 1057 unsigned char **data, int dataoff, Q931 *q931) 1058{ 1059 H323_UU_PDU *pdu = &q931->UUIE.h323_uu_pdu; 1060 int i; 1061 int ret = 0; 1062 1063 switch (pdu->h323_message_body.choice) { 1064 case eH323_UU_PDU_h323_message_body_setup: 1065 ret = process_setup(pskb, ct, ctinfo, data, dataoff, 1066 &pdu->h323_message_body.setup); 1067 break; 1068 case eH323_UU_PDU_h323_message_body_callProceeding: 1069 ret = process_callproceeding(pskb, ct, ctinfo, data, dataoff, 1070 &pdu->h323_message_body. 1071 callProceeding); 1072 break; 1073 case eH323_UU_PDU_h323_message_body_connect: 1074 ret = process_connect(pskb, ct, ctinfo, data, dataoff, 1075 &pdu->h323_message_body.connect); 1076 break; 1077 case eH323_UU_PDU_h323_message_body_alerting: 1078 ret = process_alerting(pskb, ct, ctinfo, data, dataoff, 1079 &pdu->h323_message_body.alerting); 1080 break; 1081 case eH323_UU_PDU_h323_message_body_facility: 1082 ret = process_facility(pskb, ct, ctinfo, data, dataoff, 1083 &pdu->h323_message_body.facility); 1084 break; 1085 case eH323_UU_PDU_h323_message_body_progress: 1086 ret = process_progress(pskb, ct, ctinfo, data, dataoff, 1087 &pdu->h323_message_body.progress); 1088 break; 1089 default: 1090 DEBUGP("nf_ct_q931: Q.931 signal %d\n", 1091 pdu->h323_message_body.choice); 1092 break; 1093 } 1094 1095 if (ret < 0) 1096 return -1; 1097 1098 if (pdu->options & eH323_UU_PDU_h245Control) { 1099 for (i = 0; i < pdu->h245Control.count; i++) { 1100 ret = process_h245(pskb, ct, ctinfo, data, dataoff, 1101 &pdu->h245Control.item[i]); 1102 if (ret < 0) 1103 return -1; 1104 } 1105 } 1106 1107 return 0; 1108} 1109 1110/****************************************************************************/ 1111static int q931_help(struct sk_buff **pskb, unsigned int protoff, 1112 struct nf_conn *ct, enum ip_conntrack_info ctinfo) 1113{ 1114 static Q931 q931; 1115 unsigned char *data = NULL; 1116 int datalen; 1117 int dataoff; 1118 int ret; 1119 1120 /* Until there's been traffic both ways, don't look in packets. */ 1121 if (ctinfo != IP_CT_ESTABLISHED && 1122 ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) { 1123 return NF_ACCEPT; 1124 } 1125 DEBUGP("nf_ct_q931: skblen = %u\n", (*pskb)->len); 1126 1127 spin_lock_bh(&nf_h323_lock); 1128 1129 /* Process each TPKT */ 1130 while (get_tpkt_data(pskb, protoff, ct, ctinfo, 1131 &data, &datalen, &dataoff)) { 1132 DEBUGP("nf_ct_q931: TPKT len=%d ", datalen); 1133 NF_CT_DUMP_TUPLE(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple); 1134 1135 /* Decode Q.931 signal */ 1136 ret = DecodeQ931(data, datalen, &q931); 1137 if (ret < 0) { 1138 if (net_ratelimit()) 1139 printk("nf_ct_q931: decoding error: %s\n", 1140 ret == H323_ERROR_BOUND ? 1141 "out of bound" : "out of range"); 1142 /* We don't drop when decoding error */ 1143 break; 1144 } 1145 1146 /* Process Q.931 signal */ 1147 if (process_q931(pskb, ct, ctinfo, &data, dataoff, &q931) < 0) 1148 goto drop; 1149 } 1150 1151 spin_unlock_bh(&nf_h323_lock); 1152 return NF_ACCEPT; 1153 1154 drop: 1155 spin_unlock_bh(&nf_h323_lock); 1156 if (net_ratelimit()) 1157 printk("nf_ct_q931: packet dropped\n"); 1158 return NF_DROP; 1159} 1160 1161/****************************************************************************/ 1162static struct nf_conntrack_helper nf_conntrack_helper_q931[] __read_mostly = { 1163 { 1164 .name = "Q.931", 1165 .me = THIS_MODULE, 1166 /* T.120 and H.245 */ 1167 .max_expected = H323_RTP_CHANNEL_MAX * 4 + 4, 1168 .timeout = 240, 1169 .tuple.src.l3num = AF_INET, 1170 .tuple.src.u.tcp.port = __constant_htons(Q931_PORT), 1171 .tuple.dst.protonum = IPPROTO_TCP, 1172 .mask.src.l3num = 0xFFFF, 1173 .mask.src.u.tcp.port = __constant_htons(0xFFFF), 1174 .mask.dst.protonum = 0xFF, 1175 .help = q931_help 1176 }, 1177 { 1178 .name = "Q.931", 1179 .me = THIS_MODULE, 1180 /* T.120 and H.245 */ 1181 .max_expected = H323_RTP_CHANNEL_MAX * 4 + 4, 1182 .timeout = 240, 1183 .tuple.src.l3num = AF_INET6, 1184 .tuple.src.u.tcp.port = __constant_htons(Q931_PORT), 1185 .tuple.dst.protonum = IPPROTO_TCP, 1186 .mask.src.l3num = 0xFFFF, 1187 .mask.src.u.tcp.port = __constant_htons(0xFFFF), 1188 .mask.dst.protonum = 0xFF, 1189 .help = q931_help 1190 }, 1191}; 1192 1193/****************************************************************************/ 1194static unsigned char *get_udp_data(struct sk_buff **pskb, unsigned int protoff, 1195 int *datalen) 1196{ 1197 struct udphdr _uh, *uh; 1198 int dataoff; 1199 1200 uh = skb_header_pointer(*pskb, protoff, sizeof(_uh), &_uh); 1201 if (uh == NULL) 1202 return NULL; 1203 dataoff = protoff + sizeof(_uh); 1204 if (dataoff >= (*pskb)->len) 1205 return NULL; 1206 *datalen = (*pskb)->len - dataoff; 1207 return skb_header_pointer(*pskb, dataoff, *datalen, h323_buffer); 1208} 1209 1210/****************************************************************************/ 1211static struct nf_conntrack_expect *find_expect(struct nf_conn *ct, 1212 union nf_conntrack_address *addr, 1213 __be16 port) 1214{ 1215 struct nf_conntrack_expect *exp; 1216 struct nf_conntrack_tuple tuple; 1217 1218 memset(&tuple.src.u3, 0, sizeof(tuple.src.u3)); 1219 tuple.src.u.tcp.port = 0; 1220 memcpy(&tuple.dst.u3, addr, sizeof(tuple.dst.u3)); 1221 tuple.dst.u.tcp.port = port; 1222 tuple.dst.protonum = IPPROTO_TCP; 1223 1224 exp = __nf_conntrack_expect_find(&tuple); 1225 if (exp && exp->master == ct) 1226 return exp; 1227 return NULL; 1228} 1229 1230/****************************************************************************/ 1231static int set_expect_timeout(struct nf_conntrack_expect *exp, 1232 unsigned timeout) 1233{ 1234 if (!exp || !del_timer(&exp->timeout)) 1235 return 0; 1236 1237 exp->timeout.expires = jiffies + timeout * HZ; 1238 add_timer(&exp->timeout); 1239 1240 return 1; 1241} 1242 1243/****************************************************************************/ 1244static int expect_q931(struct sk_buff **pskb, struct nf_conn *ct, 1245 enum ip_conntrack_info ctinfo, 1246 unsigned char **data, 1247 TransportAddress *taddr, int count) 1248{ 1249 struct nf_ct_h323_master *info = &nfct_help(ct)->help.ct_h323_info; 1250 int dir = CTINFO2DIR(ctinfo); 1251 int ret = 0; 1252 int i; 1253 __be16 port; 1254 union nf_conntrack_address addr; 1255 struct nf_conntrack_expect *exp; 1256 typeof(nat_q931_hook) nat_q931; 1257 1258 /* Look for the first related address */ 1259 for (i = 0; i < count; i++) { 1260 if (get_h225_addr(ct, *data, &taddr[i], &addr, &port) && 1261 memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, 1262 sizeof(addr)) == 0 && port != 0) 1263 break; 1264 } 1265 1266 if (i >= count) /* Not found */ 1267 return 0; 1268 1269 /* Create expect for Q.931 */ 1270 if ((exp = nf_conntrack_expect_alloc(ct)) == NULL) 1271 return -1; 1272 nf_conntrack_expect_init(exp, ct->tuplehash[!dir].tuple.src.l3num, 1273 gkrouted_only ? /* only accept calls from GK? */ 1274 &ct->tuplehash[!dir].tuple.src.u3 : 1275 NULL, 1276 &ct->tuplehash[!dir].tuple.dst.u3, 1277 IPPROTO_TCP, NULL, &port); 1278 exp->helper = nf_conntrack_helper_q931; 1279 exp->flags = NF_CT_EXPECT_PERMANENT; /* Accept multiple calls */ 1280 1281 nat_q931 = rcu_dereference(nat_q931_hook); 1282 if (nat_q931 && ct->status & IPS_NAT_MASK) { /* Need NAT */ 1283 ret = nat_q931(pskb, ct, ctinfo, data, taddr, i, port, exp); 1284 } else { /* Conntrack only */ 1285 if (nf_conntrack_expect_related(exp) == 0) { 1286 DEBUGP("nf_ct_ras: expect Q.931 "); 1287 NF_CT_DUMP_TUPLE(&exp->tuple); 1288 1289 /* Save port for looking up expect in processing RCF */ 1290 info->sig_port[dir] = port; 1291 } else 1292 ret = -1; 1293 } 1294 1295 nf_conntrack_expect_put(exp); 1296 1297 return ret; 1298} 1299 1300/****************************************************************************/ 1301static int process_grq(struct sk_buff **pskb, struct nf_conn *ct, 1302 enum ip_conntrack_info ctinfo, 1303 unsigned char **data, GatekeeperRequest *grq) 1304{ 1305 typeof(set_ras_addr_hook) set_ras_addr; 1306 1307 DEBUGP("nf_ct_ras: GRQ\n"); 1308 1309 set_ras_addr = rcu_dereference(set_ras_addr_hook); 1310 if (set_ras_addr && ct->status & IPS_NAT_MASK) /* NATed */ 1311 return set_ras_addr(pskb, ct, ctinfo, data, 1312 &grq->rasAddress, 1); 1313 return 0; 1314} 1315 1316/****************************************************************************/ 1317static int process_gcf(struct sk_buff **pskb, struct nf_conn *ct, 1318 enum ip_conntrack_info ctinfo, 1319 unsigned char **data, GatekeeperConfirm *gcf) 1320{ 1321 int dir = CTINFO2DIR(ctinfo); 1322 int ret = 0; 1323 __be16 port; 1324 union nf_conntrack_address addr; 1325 struct nf_conntrack_expect *exp; 1326 1327 DEBUGP("nf_ct_ras: GCF\n"); 1328 1329 if (!get_h225_addr(ct, *data, &gcf->rasAddress, &addr, &port)) 1330 return 0; 1331 1332 /* Registration port is the same as discovery port */ 1333 if (!memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) && 1334 port == ct->tuplehash[dir].tuple.src.u.udp.port) 1335 return 0; 1336 1337 /* Avoid RAS expectation loops. A GCF is never expected. */ 1338 if (test_bit(IPS_EXPECTED_BIT, &ct->status)) 1339 return 0; 1340 1341 /* Need new expect */ 1342 if ((exp = nf_conntrack_expect_alloc(ct)) == NULL) 1343 return -1; 1344 nf_conntrack_expect_init(exp, ct->tuplehash[!dir].tuple.src.l3num, 1345 &ct->tuplehash[!dir].tuple.src.u3, &addr, 1346 IPPROTO_UDP, NULL, &port); 1347 exp->helper = nf_conntrack_helper_ras; 1348 1349 if (nf_conntrack_expect_related(exp) == 0) { 1350 DEBUGP("nf_ct_ras: expect RAS "); 1351 NF_CT_DUMP_TUPLE(&exp->tuple); 1352 } else 1353 ret = -1; 1354 1355 nf_conntrack_expect_put(exp); 1356 1357 return ret; 1358} 1359 1360/****************************************************************************/ 1361static int process_rrq(struct sk_buff **pskb, struct nf_conn *ct, 1362 enum ip_conntrack_info ctinfo, 1363 unsigned char **data, RegistrationRequest *rrq) 1364{ 1365 struct nf_ct_h323_master *info = &nfct_help(ct)->help.ct_h323_info; 1366 int ret; 1367 typeof(set_ras_addr_hook) set_ras_addr; 1368 1369 DEBUGP("nf_ct_ras: RRQ\n"); 1370 1371 ret = expect_q931(pskb, ct, ctinfo, data, 1372 rrq->callSignalAddress.item, 1373 rrq->callSignalAddress.count); 1374 if (ret < 0) 1375 return -1; 1376 1377 set_ras_addr = rcu_dereference(set_ras_addr_hook); 1378 if (set_ras_addr && ct->status & IPS_NAT_MASK) { 1379 ret = set_ras_addr(pskb, ct, ctinfo, data, 1380 rrq->rasAddress.item, 1381 rrq->rasAddress.count); 1382 if (ret < 0) 1383 return -1; 1384 } 1385 1386 if (rrq->options & eRegistrationRequest_timeToLive) { 1387 DEBUGP("nf_ct_ras: RRQ TTL = %u seconds\n", rrq->timeToLive); 1388 info->timeout = rrq->timeToLive; 1389 } else 1390 info->timeout = default_rrq_ttl; 1391 1392 return 0; 1393} 1394 1395/****************************************************************************/ 1396static int process_rcf(struct sk_buff **pskb, struct nf_conn *ct, 1397 enum ip_conntrack_info ctinfo, 1398 unsigned char **data, RegistrationConfirm *rcf) 1399{ 1400 struct nf_ct_h323_master *info = &nfct_help(ct)->help.ct_h323_info; 1401 int dir = CTINFO2DIR(ctinfo); 1402 int ret; 1403 struct nf_conntrack_expect *exp; 1404 typeof(set_sig_addr_hook) set_sig_addr; 1405 1406 DEBUGP("nf_ct_ras: RCF\n"); 1407 1408 set_sig_addr = rcu_dereference(set_sig_addr_hook); 1409 if (set_sig_addr && ct->status & IPS_NAT_MASK) { 1410 ret = set_sig_addr(pskb, ct, ctinfo, data, 1411 rcf->callSignalAddress.item, 1412 rcf->callSignalAddress.count); 1413 if (ret < 0) 1414 return -1; 1415 } 1416 1417 if (rcf->options & eRegistrationConfirm_timeToLive) { 1418 DEBUGP("nf_ct_ras: RCF TTL = %u seconds\n", rcf->timeToLive); 1419 info->timeout = rcf->timeToLive; 1420 } 1421 1422 if (info->timeout > 0) { 1423 DEBUGP 1424 ("nf_ct_ras: set RAS connection timeout to %u seconds\n", 1425 info->timeout); 1426 nf_ct_refresh(ct, *pskb, info->timeout * HZ); 1427 1428 /* Set expect timeout */ 1429 read_lock_bh(&nf_conntrack_lock); 1430 exp = find_expect(ct, &ct->tuplehash[dir].tuple.dst.u3, 1431 info->sig_port[!dir]); 1432 if (exp) { 1433 DEBUGP("nf_ct_ras: set Q.931 expect " 1434 "timeout to %u seconds for", 1435 info->timeout); 1436 NF_CT_DUMP_TUPLE(&exp->tuple); 1437 set_expect_timeout(exp, info->timeout); 1438 } 1439 read_unlock_bh(&nf_conntrack_lock); 1440 } 1441 1442 return 0; 1443} 1444 1445/****************************************************************************/ 1446static int process_urq(struct sk_buff **pskb, struct nf_conn *ct, 1447 enum ip_conntrack_info ctinfo, 1448 unsigned char **data, UnregistrationRequest *urq) 1449{ 1450 struct nf_ct_h323_master *info = &nfct_help(ct)->help.ct_h323_info; 1451 int dir = CTINFO2DIR(ctinfo); 1452 int ret; 1453 typeof(set_sig_addr_hook) set_sig_addr; 1454 1455 DEBUGP("nf_ct_ras: URQ\n"); 1456 1457 set_sig_addr = rcu_dereference(set_sig_addr_hook); 1458 if (set_sig_addr && ct->status & IPS_NAT_MASK) { 1459 ret = set_sig_addr(pskb, ct, ctinfo, data, 1460 urq->callSignalAddress.item, 1461 urq->callSignalAddress.count); 1462 if (ret < 0) 1463 return -1; 1464 } 1465 1466 /* Clear old expect */ 1467 nf_ct_remove_expectations(ct); 1468 info->sig_port[dir] = 0; 1469 info->sig_port[!dir] = 0; 1470 1471 /* Give it 30 seconds for UCF or URJ */ 1472 nf_ct_refresh(ct, *pskb, 30 * HZ); 1473 1474 return 0; 1475} 1476 1477/****************************************************************************/ 1478static int process_arq(struct sk_buff **pskb, struct nf_conn *ct, 1479 enum ip_conntrack_info ctinfo, 1480 unsigned char **data, AdmissionRequest *arq) 1481{ 1482 struct nf_ct_h323_master *info = &nfct_help(ct)->help.ct_h323_info; 1483 int dir = CTINFO2DIR(ctinfo); 1484 __be16 port; 1485 union nf_conntrack_address addr; 1486 typeof(set_h225_addr_hook) set_h225_addr; 1487 1488 DEBUGP("nf_ct_ras: ARQ\n"); 1489 1490 set_h225_addr = rcu_dereference(set_h225_addr_hook); 1491 if ((arq->options & eAdmissionRequest_destCallSignalAddress) && 1492 get_h225_addr(ct, *data, &arq->destCallSignalAddress, 1493 &addr, &port) && 1494 !memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) && 1495 port == info->sig_port[dir] && 1496 set_h225_addr && ct->status & IPS_NAT_MASK) { 1497 /* Answering ARQ */ 1498 return set_h225_addr(pskb, data, 0, 1499 &arq->destCallSignalAddress, 1500 &ct->tuplehash[!dir].tuple.dst.u3, 1501 info->sig_port[!dir]); 1502 } 1503 1504 if ((arq->options & eAdmissionRequest_srcCallSignalAddress) && 1505 get_h225_addr(ct, *data, &arq->srcCallSignalAddress, 1506 &addr, &port) && 1507 !memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) && 1508 set_h225_addr && ct->status & IPS_NAT_MASK) { 1509 /* Calling ARQ */ 1510 return set_h225_addr(pskb, data, 0, 1511 &arq->srcCallSignalAddress, 1512 &ct->tuplehash[!dir].tuple.dst.u3, 1513 port); 1514 } 1515 1516 return 0; 1517} 1518 1519/****************************************************************************/ 1520static int process_acf(struct sk_buff **pskb, struct nf_conn *ct, 1521 enum ip_conntrack_info ctinfo, 1522 unsigned char **data, AdmissionConfirm *acf) 1523{ 1524 int dir = CTINFO2DIR(ctinfo); 1525 int ret = 0; 1526 __be16 port; 1527 union nf_conntrack_address addr; 1528 struct nf_conntrack_expect *exp; 1529 typeof(set_sig_addr_hook) set_sig_addr; 1530 1531 DEBUGP("nf_ct_ras: ACF\n"); 1532 1533 if (!get_h225_addr(ct, *data, &acf->destCallSignalAddress, 1534 &addr, &port)) 1535 return 0; 1536 1537 if (!memcmp(&addr, &ct->tuplehash[dir].tuple.dst.u3, sizeof(addr))) { 1538 /* Answering ACF */ 1539 set_sig_addr = rcu_dereference(set_sig_addr_hook); 1540 if (set_sig_addr && ct->status & IPS_NAT_MASK) 1541 return set_sig_addr(pskb, ct, ctinfo, data, 1542 &acf->destCallSignalAddress, 1); 1543 return 0; 1544 } 1545 1546 /* Need new expect */ 1547 if ((exp = nf_conntrack_expect_alloc(ct)) == NULL) 1548 return -1; 1549 nf_conntrack_expect_init(exp, ct->tuplehash[!dir].tuple.src.l3num, 1550 &ct->tuplehash[!dir].tuple.src.u3, &addr, 1551 IPPROTO_TCP, NULL, &port); 1552 exp->flags = NF_CT_EXPECT_PERMANENT; 1553 exp->helper = nf_conntrack_helper_q931; 1554 1555 if (nf_conntrack_expect_related(exp) == 0) { 1556 DEBUGP("nf_ct_ras: expect Q.931 "); 1557 NF_CT_DUMP_TUPLE(&exp->tuple); 1558 } else 1559 ret = -1; 1560 1561 nf_conntrack_expect_put(exp); 1562 1563 return ret; 1564} 1565 1566/****************************************************************************/ 1567static int process_lrq(struct sk_buff **pskb, struct nf_conn *ct, 1568 enum ip_conntrack_info ctinfo, 1569 unsigned char **data, LocationRequest *lrq) 1570{ 1571 typeof(set_ras_addr_hook) set_ras_addr; 1572 1573 DEBUGP("nf_ct_ras: LRQ\n"); 1574 1575 set_ras_addr = rcu_dereference(set_ras_addr_hook); 1576 if (set_ras_addr && ct->status & IPS_NAT_MASK) 1577 return set_ras_addr(pskb, ct, ctinfo, data, 1578 &lrq->replyAddress, 1); 1579 return 0; 1580} 1581 1582/****************************************************************************/ 1583static int process_lcf(struct sk_buff **pskb, struct nf_conn *ct, 1584 enum ip_conntrack_info ctinfo, 1585 unsigned char **data, LocationConfirm *lcf) 1586{ 1587 int dir = CTINFO2DIR(ctinfo); 1588 int ret = 0; 1589 __be16 port; 1590 union nf_conntrack_address addr; 1591 struct nf_conntrack_expect *exp; 1592 1593 DEBUGP("nf_ct_ras: LCF\n"); 1594 1595 if (!get_h225_addr(ct, *data, &lcf->callSignalAddress, 1596 &addr, &port)) 1597 return 0; 1598 1599 /* Need new expect for call signal */ 1600 if ((exp = nf_conntrack_expect_alloc(ct)) == NULL) 1601 return -1; 1602 nf_conntrack_expect_init(exp, ct->tuplehash[!dir].tuple.src.l3num, 1603 &ct->tuplehash[!dir].tuple.src.u3, &addr, 1604 IPPROTO_TCP, NULL, &port); 1605 exp->flags = NF_CT_EXPECT_PERMANENT; 1606 exp->helper = nf_conntrack_helper_q931; 1607 1608 if (nf_conntrack_expect_related(exp) == 0) { 1609 DEBUGP("nf_ct_ras: expect Q.931 "); 1610 NF_CT_DUMP_TUPLE(&exp->tuple); 1611 } else 1612 ret = -1; 1613 1614 nf_conntrack_expect_put(exp); 1615 1616 /* Ignore rasAddress */ 1617 1618 return ret; 1619} 1620 1621/****************************************************************************/ 1622static int process_irr(struct sk_buff **pskb, struct nf_conn *ct, 1623 enum ip_conntrack_info ctinfo, 1624 unsigned char **data, InfoRequestResponse *irr) 1625{ 1626 int ret; 1627 typeof(set_ras_addr_hook) set_ras_addr; 1628 typeof(set_sig_addr_hook) set_sig_addr; 1629 1630 DEBUGP("nf_ct_ras: IRR\n"); 1631 1632 set_ras_addr = rcu_dereference(set_ras_addr_hook); 1633 if (set_ras_addr && ct->status & IPS_NAT_MASK) { 1634 ret = set_ras_addr(pskb, ct, ctinfo, data, 1635 &irr->rasAddress, 1); 1636 if (ret < 0) 1637 return -1; 1638 } 1639 1640 set_sig_addr = rcu_dereference(set_sig_addr_hook); 1641 if (set_sig_addr && ct->status & IPS_NAT_MASK) { 1642 ret = set_sig_addr(pskb, ct, ctinfo, data, 1643 irr->callSignalAddress.item, 1644 irr->callSignalAddress.count); 1645 if (ret < 0) 1646 return -1; 1647 } 1648 1649 return 0; 1650} 1651 1652/****************************************************************************/ 1653static int process_ras(struct sk_buff **pskb, struct nf_conn *ct, 1654 enum ip_conntrack_info ctinfo, 1655 unsigned char **data, RasMessage *ras) 1656{ 1657 switch (ras->choice) { 1658 case eRasMessage_gatekeeperRequest: 1659 return process_grq(pskb, ct, ctinfo, data, 1660 &ras->gatekeeperRequest); 1661 case eRasMessage_gatekeeperConfirm: 1662 return process_gcf(pskb, ct, ctinfo, data, 1663 &ras->gatekeeperConfirm); 1664 case eRasMessage_registrationRequest: 1665 return process_rrq(pskb, ct, ctinfo, data, 1666 &ras->registrationRequest); 1667 case eRasMessage_registrationConfirm: 1668 return process_rcf(pskb, ct, ctinfo, data, 1669 &ras->registrationConfirm); 1670 case eRasMessage_unregistrationRequest: 1671 return process_urq(pskb, ct, ctinfo, data, 1672 &ras->unregistrationRequest); 1673 case eRasMessage_admissionRequest: 1674 return process_arq(pskb, ct, ctinfo, data, 1675 &ras->admissionRequest); 1676 case eRasMessage_admissionConfirm: 1677 return process_acf(pskb, ct, ctinfo, data, 1678 &ras->admissionConfirm); 1679 case eRasMessage_locationRequest: 1680 return process_lrq(pskb, ct, ctinfo, data, 1681 &ras->locationRequest); 1682 case eRasMessage_locationConfirm: 1683 return process_lcf(pskb, ct, ctinfo, data, 1684 &ras->locationConfirm); 1685 case eRasMessage_infoRequestResponse: 1686 return process_irr(pskb, ct, ctinfo, data, 1687 &ras->infoRequestResponse); 1688 default: 1689 DEBUGP("nf_ct_ras: RAS message %d\n", ras->choice); 1690 break; 1691 } 1692 1693 return 0; 1694} 1695 1696/****************************************************************************/ 1697static int ras_help(struct sk_buff **pskb, unsigned int protoff, 1698 struct nf_conn *ct, enum ip_conntrack_info ctinfo) 1699{ 1700 static RasMessage ras; 1701 unsigned char *data; 1702 int datalen = 0; 1703 int ret; 1704 1705 DEBUGP("nf_ct_ras: skblen = %u\n", (*pskb)->len); 1706 1707 spin_lock_bh(&nf_h323_lock); 1708 1709 /* Get UDP data */ 1710 data = get_udp_data(pskb, protoff, &datalen); 1711 if (data == NULL) 1712 goto accept; 1713 DEBUGP("nf_ct_ras: RAS message len=%d ", datalen); 1714 NF_CT_DUMP_TUPLE(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple); 1715 1716 /* Decode RAS message */ 1717 ret = DecodeRasMessage(data, datalen, &ras); 1718 if (ret < 0) { 1719 if (net_ratelimit()) 1720 printk("nf_ct_ras: decoding error: %s\n", 1721 ret == H323_ERROR_BOUND ? 1722 "out of bound" : "out of range"); 1723 goto accept; 1724 } 1725 1726 /* Process RAS message */ 1727 if (process_ras(pskb, ct, ctinfo, &data, &ras) < 0) 1728 goto drop; 1729 1730 accept: 1731 spin_unlock_bh(&nf_h323_lock); 1732 return NF_ACCEPT; 1733 1734 drop: 1735 spin_unlock_bh(&nf_h323_lock); 1736 if (net_ratelimit()) 1737 printk("nf_ct_ras: packet dropped\n"); 1738 return NF_DROP; 1739} 1740 1741/****************************************************************************/ 1742static struct nf_conntrack_helper nf_conntrack_helper_ras[] __read_mostly = { 1743 { 1744 .name = "RAS", 1745 .me = THIS_MODULE, 1746 .max_expected = 32, 1747 .timeout = 240, 1748 .tuple.src.l3num = AF_INET, 1749 .tuple.src.u.udp.port = __constant_htons(RAS_PORT), 1750 .tuple.dst.protonum = IPPROTO_UDP, 1751 .mask.src.l3num = 0xFFFF, 1752 .mask.src.u.udp.port = __constant_htons(0xFFFF), 1753 .mask.dst.protonum = 0xFF, 1754 .help = ras_help, 1755 }, 1756 { 1757 .name = "RAS", 1758 .me = THIS_MODULE, 1759 .max_expected = 32, 1760 .timeout = 240, 1761 .tuple.src.l3num = AF_INET6, 1762 .tuple.src.u.udp.port = __constant_htons(RAS_PORT), 1763 .tuple.dst.protonum = IPPROTO_UDP, 1764 .mask.src.l3num = 0xFFFF, 1765 .mask.src.u.udp.port = __constant_htons(0xFFFF), 1766 .mask.dst.protonum = 0xFF, 1767 .help = ras_help, 1768 }, 1769}; 1770 1771/****************************************************************************/ 1772static void __exit nf_conntrack_h323_fini(void) 1773{ 1774 nf_conntrack_helper_unregister(&nf_conntrack_helper_ras[1]); 1775 nf_conntrack_helper_unregister(&nf_conntrack_helper_ras[0]); 1776 nf_conntrack_helper_unregister(&nf_conntrack_helper_q931[1]); 1777 nf_conntrack_helper_unregister(&nf_conntrack_helper_q931[0]); 1778 kfree(h323_buffer); 1779 DEBUGP("nf_ct_h323: fini\n"); 1780} 1781 1782/****************************************************************************/ 1783static int __init nf_conntrack_h323_init(void) 1784{ 1785 int ret; 1786 1787 h323_buffer = kmalloc(65536, GFP_KERNEL); 1788 if (!h323_buffer) 1789 return -ENOMEM; 1790 ret = nf_conntrack_helper_register(&nf_conntrack_helper_q931[0]); 1791 if (ret < 0) 1792 goto err1; 1793 ret = nf_conntrack_helper_register(&nf_conntrack_helper_q931[1]); 1794 if (ret < 0) 1795 goto err2; 1796 ret = nf_conntrack_helper_register(&nf_conntrack_helper_ras[0]); 1797 if (ret < 0) 1798 goto err3; 1799 ret = nf_conntrack_helper_register(&nf_conntrack_helper_ras[1]); 1800 if (ret < 0) 1801 goto err4; 1802 DEBUGP("nf_ct_h323: init success\n"); 1803 return 0; 1804 1805err4: 1806 nf_conntrack_helper_unregister(&nf_conntrack_helper_ras[0]); 1807err3: 1808 nf_conntrack_helper_unregister(&nf_conntrack_helper_q931[1]); 1809err2: 1810 nf_conntrack_helper_unregister(&nf_conntrack_helper_q931[0]); 1811err1: 1812 return ret; 1813} 1814 1815/****************************************************************************/ 1816module_init(nf_conntrack_h323_init); 1817module_exit(nf_conntrack_h323_fini); 1818 1819EXPORT_SYMBOL_GPL(get_h225_addr); 1820EXPORT_SYMBOL_GPL(set_h245_addr_hook); 1821EXPORT_SYMBOL_GPL(set_h225_addr_hook); 1822EXPORT_SYMBOL_GPL(set_sig_addr_hook); 1823EXPORT_SYMBOL_GPL(set_ras_addr_hook); 1824EXPORT_SYMBOL_GPL(nat_rtp_rtcp_hook); 1825EXPORT_SYMBOL_GPL(nat_t120_hook); 1826EXPORT_SYMBOL_GPL(nat_h245_hook); 1827EXPORT_SYMBOL_GPL(nat_callforwarding_hook); 1828EXPORT_SYMBOL_GPL(nat_q931_hook); 1829 1830MODULE_AUTHOR("Jing Min Zhao <zhaojingmin@users.sourceforge.net>"); 1831MODULE_DESCRIPTION("H.323 connection tracking helper"); 1832MODULE_LICENSE("GPL"); 1833MODULE_ALIAS("ip_conntrack_h323"); 1834