Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 3cf4c7e381d9a98a44fd86207b950bd8fef55d20 / . / net / ipv4 / netfilter / nf_nat_h323.c
blob: cad29c1213188fb083219789ca8aaf30cbe3fb39 [file] [log] [blame]
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]1/*
2 * H.323 extension for NAT alteration.
3 *
4 * Copyright (c) 2006 Jing Min Zhao <zhaojingmin@users.sourceforge.net>
5 *
6 * This source code is licensed under General Public License version 2.
7 *
8 * Based on the 'brute force' H.323 NAT module by
9 * Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
10 */
11
12#include <linux/module.h>
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]13#include <linux/tcp.h>
14#include <net/tcp.h>
15
16#include <net/netfilter/nf_nat.h>
17#include <net/netfilter/nf_nat_helper.h>
18#include <net/netfilter/nf_nat_rule.h>
19#include <net/netfilter/nf_conntrack_helper.h>
20#include <net/netfilter/nf_conntrack_expect.h>
21#include <linux/netfilter/nf_conntrack_h323.h>
22
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]23/****************************************************************************/
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]24static int set_addr(struct sk_buff *skb,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]25 unsigned char **data, int dataoff,
26 unsigned int addroff, __be32 ip, __be16 port)
27{
28 enum ip_conntrack_info ctinfo;
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]29 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]30 struct {
31 __be32 ip;
32 __be16 port;
33 } __attribute__ ((__packed__)) buf;
Jan Engelhardt905e3e82008-01-31 04:50:05 -0800[diff] [blame]34 const struct tcphdr *th;
35 struct tcphdr _tcph;
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]36
37 buf.ip = ip;
38 buf.port = port;
39 addroff += dataoff;
40
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]41 if (ip_hdr(skb)->protocol == IPPROTO_TCP) {
42 if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]43 addroff, sizeof(buf),
44 (char *) &buf, sizeof(buf))) {
Joe Perchese87cc472012-05-13 21:56:26 +0000[diff] [blame]45 net_notice_ratelimited("nf_nat_h323: nf_nat_mangle_tcp_packet error\n");
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]46 return -1;
47 }
48
49 /* Relocate data pointer */
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]50 th = skb_header_pointer(skb, ip_hdrlen(skb),
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]51 sizeof(_tcph), &_tcph);
52 if (th == NULL)
53 return -1;
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]54 *data = skb->data + ip_hdrlen(skb) + th->doff * 4 + dataoff;
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]55 } else {
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]56 if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]57 addroff, sizeof(buf),
58 (char *) &buf, sizeof(buf))) {
Joe Perchese87cc472012-05-13 21:56:26 +0000[diff] [blame]59 net_notice_ratelimited("nf_nat_h323: nf_nat_mangle_udp_packet error\n");
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]60 return -1;
61 }
62 /* nf_nat_mangle_udp_packet uses skb_make_writable() to copy
63 * or pull everything in a linear buffer, so we can safely
64 * use the skb pointers now */
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]65 *data = skb->data + ip_hdrlen(skb) + sizeof(struct udphdr);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]66 }
67
68 return 0;
69}
70
71/****************************************************************************/
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]72static int set_h225_addr(struct sk_buff *skb,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]73 unsigned char **data, int dataoff,
74 TransportAddress *taddr,
Jan Engelhardt643a2c12007-12-17 22:43:50 -0800[diff] [blame]75 union nf_inet_addr *addr, __be16 port)
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]76{
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]77 return set_addr(skb, data, dataoff, taddr->ipAddress.ip,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]78 addr->ip, port);
79}
80
81/****************************************************************************/
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]82static int set_h245_addr(struct sk_buff *skb,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]83 unsigned char **data, int dataoff,
84 H245_TransportAddress *taddr,
Jan Engelhardt643a2c12007-12-17 22:43:50 -0800[diff] [blame]85 union nf_inet_addr *addr, __be16 port)
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]86{
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]87 return set_addr(skb, data, dataoff,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]88 taddr->unicastAddress.iPAddress.network,
89 addr->ip, port);
90}
91
92/****************************************************************************/
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]93static int set_sig_addr(struct sk_buff *skb, struct nf_conn *ct,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]94 enum ip_conntrack_info ctinfo,
95 unsigned char **data,
96 TransportAddress *taddr, int count)
97{
Jan Engelhardt905e3e82008-01-31 04:50:05 -0800[diff] [blame]98 const struct nf_ct_h323_master *info = &nfct_help(ct)->help.ct_h323_info;
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]99 int dir = CTINFO2DIR(ctinfo);
100 int i;
101 __be16 port;
Jan Engelhardt643a2c12007-12-17 22:43:50 -0800[diff] [blame]102 union nf_inet_addr addr;
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]103
104 for (i = 0; i < count; i++) {
105 if (get_h225_addr(ct, *data, &taddr[i], &addr, &port)) {
106 if (addr.ip == ct->tuplehash[dir].tuple.src.u3.ip &&
107 port == info->sig_port[dir]) {
108 /* GW->GK */
109
110 /* Fix for Gnomemeeting */
111 if (i > 0 &&
112 get_h225_addr(ct, *data, &taddr[0],
113 &addr, &port) &&
114 (ntohl(addr.ip) & 0xff000000) == 0x7f000000)
115 i = 0;
116
Harvey Harrisoncffee382008-10-31 00:53:08 -0700[diff] [blame]117 pr_debug("nf_nat_ras: set signal address %pI4:%hu->%pI4:%hu\n",
118 &addr.ip, port,
119 &ct->tuplehash[!dir].tuple.dst.u3.ip,
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]120 info->sig_port[!dir]);
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]121 return set_h225_addr(skb, data, 0, &taddr[i],
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]122 &ct->tuplehash[!dir].
123 tuple.dst.u3,
124 info->sig_port[!dir]);
125 } else if (addr.ip == ct->tuplehash[dir].tuple.dst.u3.ip &&
126 port == info->sig_port[dir]) {
127 /* GK->GW */
Harvey Harrisoncffee382008-10-31 00:53:08 -0700[diff] [blame]128 pr_debug("nf_nat_ras: set signal address %pI4:%hu->%pI4:%hu\n",
129 &addr.ip, port,
130 &ct->tuplehash[!dir].tuple.src.u3.ip,
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]131 info->sig_port[!dir]);
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]132 return set_h225_addr(skb, data, 0, &taddr[i],
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]133 &ct->tuplehash[!dir].
134 tuple.src.u3,
135 info->sig_port[!dir]);
136 }
137 }
138 }
139
140 return 0;
141}
142
143/****************************************************************************/
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]144static int set_ras_addr(struct sk_buff *skb, struct nf_conn *ct,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]145 enum ip_conntrack_info ctinfo,
146 unsigned char **data,
147 TransportAddress *taddr, int count)
148{
149 int dir = CTINFO2DIR(ctinfo);
150 int i;
151 __be16 port;
Jan Engelhardt643a2c12007-12-17 22:43:50 -0800[diff] [blame]152 union nf_inet_addr addr;
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]153
154 for (i = 0; i < count; i++) {
155 if (get_h225_addr(ct, *data, &taddr[i], &addr, &port) &&
156 addr.ip == ct->tuplehash[dir].tuple.src.u3.ip &&
157 port == ct->tuplehash[dir].tuple.src.u.udp.port) {
Harvey Harrisoncffee382008-10-31 00:53:08 -0700[diff] [blame]158 pr_debug("nf_nat_ras: set rasAddress %pI4:%hu->%pI4:%hu\n",
159 &addr.ip, ntohs(port),
160 &ct->tuplehash[!dir].tuple.dst.u3.ip,
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]161 ntohs(ct->tuplehash[!dir].tuple.dst.u.udp.port));
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]162 return set_h225_addr(skb, data, 0, &taddr[i],
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]163 &ct->tuplehash[!dir].tuple.dst.u3,
164 ct->tuplehash[!dir].tuple.
165 dst.u.udp.port);
166 }
167 }
168
169 return 0;
170}
171
172/****************************************************************************/
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]173static int nat_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]174 enum ip_conntrack_info ctinfo,
175 unsigned char **data, int dataoff,
176 H245_TransportAddress *taddr,
177 __be16 port, __be16 rtp_port,
178 struct nf_conntrack_expect *rtp_exp,
179 struct nf_conntrack_expect *rtcp_exp)
180{
181 struct nf_ct_h323_master *info = &nfct_help(ct)->help.ct_h323_info;
182 int dir = CTINFO2DIR(ctinfo);
183 int i;
184 u_int16_t nated_port;
185
186 /* Set expectations for NAT */
187 rtp_exp->saved_proto.udp.port = rtp_exp->tuple.dst.u.udp.port;
188 rtp_exp->expectfn = nf_nat_follow_master;
189 rtp_exp->dir = !dir;
190 rtcp_exp->saved_proto.udp.port = rtcp_exp->tuple.dst.u.udp.port;
191 rtcp_exp->expectfn = nf_nat_follow_master;
192 rtcp_exp->dir = !dir;
193
194 /* Lookup existing expects */
195 for (i = 0; i < H323_RTP_CHANNEL_MAX; i++) {
196 if (info->rtp_port[i][dir] == rtp_port) {
197 /* Expected */
198
199 /* Use allocated ports first. This will refresh
200 * the expects */
201 rtp_exp->tuple.dst.u.udp.port = info->rtp_port[i][dir];
202 rtcp_exp->tuple.dst.u.udp.port =
203 htons(ntohs(info->rtp_port[i][dir]) + 1);
204 break;
205 } else if (info->rtp_port[i][dir] == 0) {
206 /* Not expected */
207 break;
208 }
209 }
210
211 /* Run out of expectations */
212 if (i >= H323_RTP_CHANNEL_MAX) {
Joe Perchese87cc472012-05-13 21:56:26 +0000[diff] [blame]213 net_notice_ratelimited("nf_nat_h323: out of expectations\n");
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]214 return 0;
215 }
216
217 /* Try to get a pair of ports. */
218 for (nated_port = ntohs(rtp_exp->tuple.dst.u.udp.port);
219 nated_port != 0; nated_port += 2) {
Pablo Neira Ayuso5b92b612010-09-22 08:34:12 +0200[diff] [blame]220 int ret;
221
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]222 rtp_exp->tuple.dst.u.udp.port = htons(nated_port);
Pablo Neira Ayuso5b92b612010-09-22 08:34:12 +0200[diff] [blame]223 ret = nf_ct_expect_related(rtp_exp);
224 if (ret == 0) {
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]225 rtcp_exp->tuple.dst.u.udp.port =
226 htons(nated_port + 1);
Pablo Neira Ayuso5b92b612010-09-22 08:34:12 +0200[diff] [blame]227 ret = nf_ct_expect_related(rtcp_exp);
228 if (ret == 0)
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]229 break;
Pablo Neira Ayuso5b92b612010-09-22 08:34:12 +0200[diff] [blame]230 else if (ret != -EBUSY) {
231 nf_ct_unexpect_related(rtp_exp);
232 nated_port = 0;
233 break;
234 }
235 } else if (ret != -EBUSY) {
236 nated_port = 0;
237 break;
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]238 }
239 }
240
241 if (nated_port == 0) { /* No port available */
Joe Perchese87cc472012-05-13 21:56:26 +0000[diff] [blame]242 net_notice_ratelimited("nf_nat_h323: out of RTP ports\n");
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]243 return 0;
244 }
245
246 /* Modify signal */
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]247 if (set_h245_addr(skb, data, dataoff, taddr,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]248 &ct->tuplehash[!dir].tuple.dst.u3,
249 htons((port & htons(1)) ? nated_port + 1 :
YOSHIFUJI Hideakie905a9e2007-02-09 23:24:47 +0900[diff] [blame]250 nated_port)) == 0) {
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]251 /* Save ports */
252 info->rtp_port[i][dir] = rtp_port;
253 info->rtp_port[i][!dir] = htons(nated_port);
254 } else {
Patrick McHardy68236452007-07-07 22:30:49 -0700[diff] [blame]255 nf_ct_unexpect_related(rtp_exp);
256 nf_ct_unexpect_related(rtcp_exp);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]257 return -1;
258 }
259
260 /* Success */
Harvey Harrisoncffee382008-10-31 00:53:08 -0700[diff] [blame]261 pr_debug("nf_nat_h323: expect RTP %pI4:%hu->%pI4:%hu\n",
262 &rtp_exp->tuple.src.u3.ip,
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]263 ntohs(rtp_exp->tuple.src.u.udp.port),
Harvey Harrisoncffee382008-10-31 00:53:08 -0700[diff] [blame]264 &rtp_exp->tuple.dst.u3.ip,
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]265 ntohs(rtp_exp->tuple.dst.u.udp.port));
Harvey Harrisoncffee382008-10-31 00:53:08 -0700[diff] [blame]266 pr_debug("nf_nat_h323: expect RTCP %pI4:%hu->%pI4:%hu\n",
267 &rtcp_exp->tuple.src.u3.ip,
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]268 ntohs(rtcp_exp->tuple.src.u.udp.port),
Harvey Harrisoncffee382008-10-31 00:53:08 -0700[diff] [blame]269 &rtcp_exp->tuple.dst.u3.ip,
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]270 ntohs(rtcp_exp->tuple.dst.u.udp.port));
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]271
272 return 0;
273}
274
275/****************************************************************************/
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]276static int nat_t120(struct sk_buff *skb, struct nf_conn *ct,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]277 enum ip_conntrack_info ctinfo,
278 unsigned char **data, int dataoff,
279 H245_TransportAddress *taddr, __be16 port,
280 struct nf_conntrack_expect *exp)
281{
282 int dir = CTINFO2DIR(ctinfo);
283 u_int16_t nated_port = ntohs(port);
284
285 /* Set expectations for NAT */
286 exp->saved_proto.tcp.port = exp->tuple.dst.u.tcp.port;
287 exp->expectfn = nf_nat_follow_master;
288 exp->dir = !dir;
289
290 /* Try to get same port: if not, try to change it. */
291 for (; nated_port != 0; nated_port++) {
Pablo Neira Ayuso5b92b612010-09-22 08:34:12 +0200[diff] [blame]292 int ret;
293
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]294 exp->tuple.dst.u.tcp.port = htons(nated_port);
Pablo Neira Ayuso5b92b612010-09-22 08:34:12 +0200[diff] [blame]295 ret = nf_ct_expect_related(exp);
296 if (ret == 0)
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]297 break;
Pablo Neira Ayuso5b92b612010-09-22 08:34:12 +0200[diff] [blame]298 else if (ret != -EBUSY) {
299 nated_port = 0;
300 break;
301 }
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]302 }
303
304 if (nated_port == 0) { /* No port available */
Joe Perchese87cc472012-05-13 21:56:26 +0000[diff] [blame]305 net_notice_ratelimited("nf_nat_h323: out of TCP ports\n");
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]306 return 0;
307 }
308
309 /* Modify signal */
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]310 if (set_h245_addr(skb, data, dataoff, taddr,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]311 &ct->tuplehash[!dir].tuple.dst.u3,
312 htons(nated_port)) < 0) {
Patrick McHardy68236452007-07-07 22:30:49 -0700[diff] [blame]313 nf_ct_unexpect_related(exp);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]314 return -1;
315 }
316
Harvey Harrisoncffee382008-10-31 00:53:08 -0700[diff] [blame]317 pr_debug("nf_nat_h323: expect T.120 %pI4:%hu->%pI4:%hu\n",
318 &exp->tuple.src.u3.ip,
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]319 ntohs(exp->tuple.src.u.tcp.port),
Harvey Harrisoncffee382008-10-31 00:53:08 -0700[diff] [blame]320 &exp->tuple.dst.u3.ip,
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]321 ntohs(exp->tuple.dst.u.tcp.port));
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]322
323 return 0;
324}
325
326/****************************************************************************/
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]327static int nat_h245(struct sk_buff *skb, struct nf_conn *ct,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]328 enum ip_conntrack_info ctinfo,
329 unsigned char **data, int dataoff,
330 TransportAddress *taddr, __be16 port,
331 struct nf_conntrack_expect *exp)
332{
333 struct nf_ct_h323_master *info = &nfct_help(ct)->help.ct_h323_info;
334 int dir = CTINFO2DIR(ctinfo);
335 u_int16_t nated_port = ntohs(port);
336
337 /* Set expectations for NAT */
338 exp->saved_proto.tcp.port = exp->tuple.dst.u.tcp.port;
339 exp->expectfn = nf_nat_follow_master;
340 exp->dir = !dir;
341
342 /* Check existing expects */
343 if (info->sig_port[dir] == port)
344 nated_port = ntohs(info->sig_port[!dir]);
345
346 /* Try to get same port: if not, try to change it. */
347 for (; nated_port != 0; nated_port++) {
Pablo Neira Ayuso5b92b612010-09-22 08:34:12 +0200[diff] [blame]348 int ret;
349
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]350 exp->tuple.dst.u.tcp.port = htons(nated_port);
Pablo Neira Ayuso5b92b612010-09-22 08:34:12 +0200[diff] [blame]351 ret = nf_ct_expect_related(exp);
352 if (ret == 0)
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]353 break;
Pablo Neira Ayuso5b92b612010-09-22 08:34:12 +0200[diff] [blame]354 else if (ret != -EBUSY) {
355 nated_port = 0;
356 break;
357 }
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]358 }
359
360 if (nated_port == 0) { /* No port available */
Joe Perchese87cc472012-05-13 21:56:26 +0000[diff] [blame]361 net_notice_ratelimited("nf_nat_q931: out of TCP ports\n");
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]362 return 0;
363 }
364
365 /* Modify signal */
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]366 if (set_h225_addr(skb, data, dataoff, taddr,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]367 &ct->tuplehash[!dir].tuple.dst.u3,
368 htons(nated_port)) == 0) {
369 /* Save ports */
370 info->sig_port[dir] = port;
371 info->sig_port[!dir] = htons(nated_port);
372 } else {
Patrick McHardy68236452007-07-07 22:30:49 -0700[diff] [blame]373 nf_ct_unexpect_related(exp);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]374 return -1;
375 }
376
Harvey Harrisoncffee382008-10-31 00:53:08 -0700[diff] [blame]377 pr_debug("nf_nat_q931: expect H.245 %pI4:%hu->%pI4:%hu\n",
378 &exp->tuple.src.u3.ip,
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]379 ntohs(exp->tuple.src.u.tcp.port),
Harvey Harrisoncffee382008-10-31 00:53:08 -0700[diff] [blame]380 &exp->tuple.dst.u3.ip,
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]381 ntohs(exp->tuple.dst.u.tcp.port));
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]382
383 return 0;
384}
385
386/****************************************************************************
387 * This conntrack expect function replaces nf_conntrack_q931_expect()
388 * which was set by nf_conntrack_h323.c.
389 ****************************************************************************/
390static void ip_nat_q931_expect(struct nf_conn *new,
391 struct nf_conntrack_expect *this)
392{
Patrick McHardycbc9f2f2011-12-23 13:59:49 +0100[diff] [blame]393 struct nf_nat_ipv4_range range;
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]394
395 if (this->tuple.src.u3.ip != 0) { /* Only accept calls from GK */
396 nf_nat_follow_master(new, this);
397 return;
398 }
399
400 /* This must be a fresh one. */
401 BUG_ON(new->status & IPS_NAT_DONE_MASK);
402
403 /* Change src to where master sends to */
Patrick McHardycbc9f2f2011-12-23 13:59:49 +0100[diff] [blame]404 range.flags = NF_NAT_RANGE_MAP_IPS;
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]405 range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip;
Patrick McHardycbc9f2f2011-12-23 13:59:49 +0100[diff] [blame]406 nf_nat_setup_info(new, &range, NF_NAT_MANIP_SRC);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]407
408 /* For DST manip, map port here to where it's expected. */
Patrick McHardycbc9f2f2011-12-23 13:59:49 +0100[diff] [blame]409 range.flags = (NF_NAT_RANGE_MAP_IPS | NF_NAT_RANGE_PROTO_SPECIFIED);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]410 range.min = range.max = this->saved_proto;
411 range.min_ip = range.max_ip =
412 new->master->tuplehash[!this->dir].tuple.src.u3.ip;
Patrick McHardycbc9f2f2011-12-23 13:59:49 +0100[diff] [blame]413 nf_nat_setup_info(new, &range, NF_NAT_MANIP_DST);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]414}
415
416/****************************************************************************/
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]417static int nat_q931(struct sk_buff *skb, struct nf_conn *ct,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]418 enum ip_conntrack_info ctinfo,
419 unsigned char **data, TransportAddress *taddr, int idx,
420 __be16 port, struct nf_conntrack_expect *exp)
421{
422 struct nf_ct_h323_master *info = &nfct_help(ct)->help.ct_h323_info;
423 int dir = CTINFO2DIR(ctinfo);
424 u_int16_t nated_port = ntohs(port);
Jan Engelhardt643a2c12007-12-17 22:43:50 -0800[diff] [blame]425 union nf_inet_addr addr;
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]426
427 /* Set expectations for NAT */
428 exp->saved_proto.tcp.port = exp->tuple.dst.u.tcp.port;
429 exp->expectfn = ip_nat_q931_expect;
430 exp->dir = !dir;
431
432 /* Check existing expects */
433 if (info->sig_port[dir] == port)
434 nated_port = ntohs(info->sig_port[!dir]);
435
436 /* Try to get same port: if not, try to change it. */
437 for (; nated_port != 0; nated_port++) {
Pablo Neira Ayuso5b92b612010-09-22 08:34:12 +0200[diff] [blame]438 int ret;
439
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]440 exp->tuple.dst.u.tcp.port = htons(nated_port);
Pablo Neira Ayuso5b92b612010-09-22 08:34:12 +0200[diff] [blame]441 ret = nf_ct_expect_related(exp);
442 if (ret == 0)
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]443 break;
Pablo Neira Ayuso5b92b612010-09-22 08:34:12 +0200[diff] [blame]444 else if (ret != -EBUSY) {
445 nated_port = 0;
446 break;
447 }
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]448 }
449
450 if (nated_port == 0) { /* No port available */
Joe Perchese87cc472012-05-13 21:56:26 +0000[diff] [blame]451 net_notice_ratelimited("nf_nat_ras: out of TCP ports\n");
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]452 return 0;
453 }
454
455 /* Modify signal */
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]456 if (set_h225_addr(skb, data, 0, &taddr[idx],
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]457 &ct->tuplehash[!dir].tuple.dst.u3,
458 htons(nated_port)) == 0) {
459 /* Save ports */
460 info->sig_port[dir] = port;
461 info->sig_port[!dir] = htons(nated_port);
462
463 /* Fix for Gnomemeeting */
464 if (idx > 0 &&
465 get_h225_addr(ct, *data, &taddr[0], &addr, &port) &&
466 (ntohl(addr.ip) & 0xff000000) == 0x7f000000) {
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]467 set_h225_addr(skb, data, 0, &taddr[0],
Jing Min Zhao1ff75ed2007-05-24 16:44:40 -0700[diff] [blame]468 &ct->tuplehash[!dir].tuple.dst.u3,
469 info->sig_port[!dir]);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]470 }
471 } else {
Patrick McHardy68236452007-07-07 22:30:49 -0700[diff] [blame]472 nf_ct_unexpect_related(exp);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]473 return -1;
474 }
475
476 /* Success */
Harvey Harrisoncffee382008-10-31 00:53:08 -0700[diff] [blame]477 pr_debug("nf_nat_ras: expect Q.931 %pI4:%hu->%pI4:%hu\n",
478 &exp->tuple.src.u3.ip,
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]479 ntohs(exp->tuple.src.u.tcp.port),
Harvey Harrisoncffee382008-10-31 00:53:08 -0700[diff] [blame]480 &exp->tuple.dst.u3.ip,
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]481 ntohs(exp->tuple.dst.u.tcp.port));
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]482
483 return 0;
484}
485
486/****************************************************************************/
487static void ip_nat_callforwarding_expect(struct nf_conn *new,
488 struct nf_conntrack_expect *this)
489{
Patrick McHardycbc9f2f2011-12-23 13:59:49 +0100[diff] [blame]490 struct nf_nat_ipv4_range range;
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]491
492 /* This must be a fresh one. */
493 BUG_ON(new->status & IPS_NAT_DONE_MASK);
494
495 /* Change src to where master sends to */
Patrick McHardycbc9f2f2011-12-23 13:59:49 +0100[diff] [blame]496 range.flags = NF_NAT_RANGE_MAP_IPS;
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]497 range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip;
Patrick McHardycbc9f2f2011-12-23 13:59:49 +0100[diff] [blame]498 nf_nat_setup_info(new, &range, NF_NAT_MANIP_SRC);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]499
500 /* For DST manip, map port here to where it's expected. */
Patrick McHardycbc9f2f2011-12-23 13:59:49 +0100[diff] [blame]501 range.flags = (NF_NAT_RANGE_MAP_IPS | NF_NAT_RANGE_PROTO_SPECIFIED);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]502 range.min = range.max = this->saved_proto;
503 range.min_ip = range.max_ip = this->saved_ip;
Patrick McHardycbc9f2f2011-12-23 13:59:49 +0100[diff] [blame]504 nf_nat_setup_info(new, &range, NF_NAT_MANIP_DST);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]505}
506
507/****************************************************************************/
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]508static int nat_callforwarding(struct sk_buff *skb, struct nf_conn *ct,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]509 enum ip_conntrack_info ctinfo,
510 unsigned char **data, int dataoff,
511 TransportAddress *taddr, __be16 port,
512 struct nf_conntrack_expect *exp)
513{
514 int dir = CTINFO2DIR(ctinfo);
515 u_int16_t nated_port;
516
517 /* Set expectations for NAT */
518 exp->saved_ip = exp->tuple.dst.u3.ip;
519 exp->tuple.dst.u3.ip = ct->tuplehash[!dir].tuple.dst.u3.ip;
520 exp->saved_proto.tcp.port = exp->tuple.dst.u.tcp.port;
521 exp->expectfn = ip_nat_callforwarding_expect;
522 exp->dir = !dir;
523
524 /* Try to get same port: if not, try to change it. */
525 for (nated_port = ntohs(port); nated_port != 0; nated_port++) {
Pablo Neira Ayuso5b92b612010-09-22 08:34:12 +0200[diff] [blame]526 int ret;
527
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]528 exp->tuple.dst.u.tcp.port = htons(nated_port);
Pablo Neira Ayuso5b92b612010-09-22 08:34:12 +0200[diff] [blame]529 ret = nf_ct_expect_related(exp);
530 if (ret == 0)
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]531 break;
Pablo Neira Ayuso5b92b612010-09-22 08:34:12 +0200[diff] [blame]532 else if (ret != -EBUSY) {
533 nated_port = 0;
534 break;
535 }
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]536 }
537
538 if (nated_port == 0) { /* No port available */
Joe Perchese87cc472012-05-13 21:56:26 +0000[diff] [blame]539 net_notice_ratelimited("nf_nat_q931: out of TCP ports\n");
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]540 return 0;
541 }
542
543 /* Modify signal */
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]544 if (!set_h225_addr(skb, data, dataoff, taddr,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]545 &ct->tuplehash[!dir].tuple.dst.u3,
546 htons(nated_port)) == 0) {
Patrick McHardy68236452007-07-07 22:30:49 -0700[diff] [blame]547 nf_ct_unexpect_related(exp);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]548 return -1;
549 }
550
551 /* Success */
Harvey Harrisoncffee382008-10-31 00:53:08 -0700[diff] [blame]552 pr_debug("nf_nat_q931: expect Call Forwarding %pI4:%hu->%pI4:%hu\n",
553 &exp->tuple.src.u3.ip,
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]554 ntohs(exp->tuple.src.u.tcp.port),
Harvey Harrisoncffee382008-10-31 00:53:08 -0700[diff] [blame]555 &exp->tuple.dst.u3.ip,
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]556 ntohs(exp->tuple.dst.u.tcp.port));
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]557
558 return 0;
559}
560
Pablo Neira Ayuso544d5c72012-02-05 03:44:51 +0100[diff] [blame]561static struct nf_ct_helper_expectfn q931_nat = {
562 .name = "Q.931",
563 .expectfn = ip_nat_q931_expect,
564};
565
566static struct nf_ct_helper_expectfn callforwarding_nat = {
567 .name = "callforwarding",
568 .expectfn = ip_nat_callforwarding_expect,
569};
570
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]571/****************************************************************************/
572static int __init init(void)
573{
Patrick McHardyd1332e02007-11-05 20:43:30 -0800[diff] [blame]574 BUG_ON(set_h245_addr_hook != NULL);
575 BUG_ON(set_h225_addr_hook != NULL);
576 BUG_ON(set_sig_addr_hook != NULL);
577 BUG_ON(set_ras_addr_hook != NULL);
578 BUG_ON(nat_rtp_rtcp_hook != NULL);
579 BUG_ON(nat_t120_hook != NULL);
580 BUG_ON(nat_h245_hook != NULL);
581 BUG_ON(nat_callforwarding_hook != NULL);
582 BUG_ON(nat_q931_hook != NULL);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]583
Stephen Hemmingera9b3cd72011-08-01 16:19:00 +0000[diff] [blame]584 RCU_INIT_POINTER(set_h245_addr_hook, set_h245_addr);
585 RCU_INIT_POINTER(set_h225_addr_hook, set_h225_addr);
586 RCU_INIT_POINTER(set_sig_addr_hook, set_sig_addr);
587 RCU_INIT_POINTER(set_ras_addr_hook, set_ras_addr);
588 RCU_INIT_POINTER(nat_rtp_rtcp_hook, nat_rtp_rtcp);
589 RCU_INIT_POINTER(nat_t120_hook, nat_t120);
590 RCU_INIT_POINTER(nat_h245_hook, nat_h245);
591 RCU_INIT_POINTER(nat_callforwarding_hook, nat_callforwarding);
592 RCU_INIT_POINTER(nat_q931_hook, nat_q931);
Pablo Neira Ayuso544d5c72012-02-05 03:44:51 +0100[diff] [blame]593 nf_ct_helper_expectfn_register(&q931_nat);
594 nf_ct_helper_expectfn_register(&callforwarding_nat);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]595 return 0;
596}
597
598/****************************************************************************/
599static void __exit fini(void)
600{
Stephen Hemmingera9b3cd72011-08-01 16:19:00 +0000[diff] [blame]601 RCU_INIT_POINTER(set_h245_addr_hook, NULL);
602 RCU_INIT_POINTER(set_h225_addr_hook, NULL);
603 RCU_INIT_POINTER(set_sig_addr_hook, NULL);
604 RCU_INIT_POINTER(set_ras_addr_hook, NULL);
605 RCU_INIT_POINTER(nat_rtp_rtcp_hook, NULL);
606 RCU_INIT_POINTER(nat_t120_hook, NULL);
607 RCU_INIT_POINTER(nat_h245_hook, NULL);
608 RCU_INIT_POINTER(nat_callforwarding_hook, NULL);
609 RCU_INIT_POINTER(nat_q931_hook, NULL);
Pablo Neira Ayuso544d5c72012-02-05 03:44:51 +0100[diff] [blame]610 nf_ct_helper_expectfn_unregister(&q931_nat);
611 nf_ct_helper_expectfn_unregister(&callforwarding_nat);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]612 synchronize_rcu();
613}
614
615/****************************************************************************/
616module_init(init);
617module_exit(fini);
618
619MODULE_AUTHOR("Jing Min Zhao <zhaojingmin@users.sourceforge.net>");
620MODULE_DESCRIPTION("H.323 NAT helper");
621MODULE_LICENSE("GPL");
622MODULE_ALIAS("ip_nat_h323");