Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 55b465b66809368b459674b9d205010730953c2e / . / net / ipv4 / netfilter / nf_nat_h323.c
blob: 574f7ebba0b6238d8e61ffd08dead06a07a619c5 [file] [log] [blame]
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]1/*
2 * H.323 extension for NAT alteration.
3 *
4 * Copyright (c) 2006 Jing Min Zhao <zhaojingmin@users.sourceforge.net>
Patrick McHardyf229f6c2013-04-06 15:24:29 +0200[diff] [blame]5 * Copyright (c) 2006-2012 Patrick McHardy <kaber@trash.net>
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]6 *
7 * This source code is licensed under General Public License version 2.
8 *
9 * Based on the 'brute force' H.323 NAT module by
10 * Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
11 */
12
13#include <linux/module.h>
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]14#include <linux/tcp.h>
15#include <net/tcp.h>
16
17#include <net/netfilter/nf_nat.h>
18#include <net/netfilter/nf_nat_helper.h>
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]19#include <net/netfilter/nf_conntrack_helper.h>
20#include <net/netfilter/nf_conntrack_expect.h>
21#include <linux/netfilter/nf_conntrack_h323.h>
22
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]23/****************************************************************************/
Patrick McHardy051966c2012-08-26 19:14:04 +0200[diff] [blame]24static int set_addr(struct sk_buff *skb, unsigned int protoff,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]25 unsigned char **data, int dataoff,
26 unsigned int addroff, __be32 ip, __be16 port)
27{
28 enum ip_conntrack_info ctinfo;
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]29 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]30 struct {
31 __be32 ip;
32 __be16 port;
33 } __attribute__ ((__packed__)) buf;
Jan Engelhardt905e3e82008-01-31 04:50:05 -0800[diff] [blame]34 const struct tcphdr *th;
35 struct tcphdr _tcph;
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]36
37 buf.ip = ip;
38 buf.port = port;
39 addroff += dataoff;
40
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]41 if (ip_hdr(skb)->protocol == IPPROTO_TCP) {
42 if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo,
Patrick McHardy051966c2012-08-26 19:14:04 +0200[diff] [blame]43 protoff, addroff, sizeof(buf),
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]44 (char *) &buf, sizeof(buf))) {
Joe Perchese87cc472012-05-13 21:56:26 +0000[diff] [blame]45 net_notice_ratelimited("nf_nat_h323: nf_nat_mangle_tcp_packet error\n");
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]46 return -1;
47 }
48
49 /* Relocate data pointer */
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]50 th = skb_header_pointer(skb, ip_hdrlen(skb),
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]51 sizeof(_tcph), &_tcph);
52 if (th == NULL)
53 return -1;
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]54 *data = skb->data + ip_hdrlen(skb) + th->doff * 4 + dataoff;
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]55 } else {
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]56 if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo,
Patrick McHardy051966c2012-08-26 19:14:04 +0200[diff] [blame]57 protoff, addroff, sizeof(buf),
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]58 (char *) &buf, sizeof(buf))) {
Joe Perchese87cc472012-05-13 21:56:26 +0000[diff] [blame]59 net_notice_ratelimited("nf_nat_h323: nf_nat_mangle_udp_packet error\n");
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]60 return -1;
61 }
62 /* nf_nat_mangle_udp_packet uses skb_make_writable() to copy
63 * or pull everything in a linear buffer, so we can safely
64 * use the skb pointers now */
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]65 *data = skb->data + ip_hdrlen(skb) + sizeof(struct udphdr);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]66 }
67
68 return 0;
69}
70
71/****************************************************************************/
Patrick McHardy051966c2012-08-26 19:14:04 +0200[diff] [blame]72static int set_h225_addr(struct sk_buff *skb, unsigned int protoff,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]73 unsigned char **data, int dataoff,
74 TransportAddress *taddr,
Jan Engelhardt643a2c12007-12-17 22:43:50 -0800[diff] [blame]75 union nf_inet_addr *addr, __be16 port)
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]76{
Patrick McHardy051966c2012-08-26 19:14:04 +0200[diff] [blame]77 return set_addr(skb, protoff, data, dataoff, taddr->ipAddress.ip,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]78 addr->ip, port);
79}
80
81/****************************************************************************/
Patrick McHardy051966c2012-08-26 19:14:04 +0200[diff] [blame]82static int set_h245_addr(struct sk_buff *skb, unsigned protoff,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]83 unsigned char **data, int dataoff,
84 H245_TransportAddress *taddr,
Jan Engelhardt643a2c12007-12-17 22:43:50 -0800[diff] [blame]85 union nf_inet_addr *addr, __be16 port)
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]86{
Patrick McHardy051966c2012-08-26 19:14:04 +0200[diff] [blame]87 return set_addr(skb, protoff, data, dataoff,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]88 taddr->unicastAddress.iPAddress.network,
89 addr->ip, port);
90}
91
92/****************************************************************************/
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]93static int set_sig_addr(struct sk_buff *skb, struct nf_conn *ct,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]94 enum ip_conntrack_info ctinfo,
Patrick McHardy051966c2012-08-26 19:14:04 +0200[diff] [blame]95 unsigned int protoff, unsigned char **data,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]96 TransportAddress *taddr, int count)
97{
Pablo Neira Ayuso1afc5672012-06-07 12:11:50 +0200[diff] [blame]98 const struct nf_ct_h323_master *info = nfct_help_data(ct);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]99 int dir = CTINFO2DIR(ctinfo);
100 int i;
101 __be16 port;
Jan Engelhardt643a2c12007-12-17 22:43:50 -0800[diff] [blame]102 union nf_inet_addr addr;
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]103
104 for (i = 0; i < count; i++) {
105 if (get_h225_addr(ct, *data, &taddr[i], &addr, &port)) {
106 if (addr.ip == ct->tuplehash[dir].tuple.src.u3.ip &&
107 port == info->sig_port[dir]) {
108 /* GW->GK */
109
110 /* Fix for Gnomemeeting */
111 if (i > 0 &&
112 get_h225_addr(ct, *data, &taddr[0],
113 &addr, &port) &&
114 (ntohl(addr.ip) & 0xff000000) == 0x7f000000)
115 i = 0;
116
Harvey Harrisoncffee382008-10-31 00:53:08 -0700[diff] [blame]117 pr_debug("nf_nat_ras: set signal address %pI4:%hu->%pI4:%hu\n",
118 &addr.ip, port,
119 &ct->tuplehash[!dir].tuple.dst.u3.ip,
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]120 info->sig_port[!dir]);
Patrick McHardy051966c2012-08-26 19:14:04 +0200[diff] [blame]121 return set_h225_addr(skb, protoff, data, 0,
122 &taddr[i],
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]123 &ct->tuplehash[!dir].
124 tuple.dst.u3,
125 info->sig_port[!dir]);
126 } else if (addr.ip == ct->tuplehash[dir].tuple.dst.u3.ip &&
127 port == info->sig_port[dir]) {
128 /* GK->GW */
Harvey Harrisoncffee382008-10-31 00:53:08 -0700[diff] [blame]129 pr_debug("nf_nat_ras: set signal address %pI4:%hu->%pI4:%hu\n",
130 &addr.ip, port,
131 &ct->tuplehash[!dir].tuple.src.u3.ip,
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]132 info->sig_port[!dir]);
Patrick McHardy051966c2012-08-26 19:14:04 +0200[diff] [blame]133 return set_h225_addr(skb, protoff, data, 0,
134 &taddr[i],
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]135 &ct->tuplehash[!dir].
136 tuple.src.u3,
137 info->sig_port[!dir]);
138 }
139 }
140 }
141
142 return 0;
143}
144
145/****************************************************************************/
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]146static int set_ras_addr(struct sk_buff *skb, struct nf_conn *ct,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]147 enum ip_conntrack_info ctinfo,
Patrick McHardy051966c2012-08-26 19:14:04 +0200[diff] [blame]148 unsigned int protoff, unsigned char **data,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]149 TransportAddress *taddr, int count)
150{
151 int dir = CTINFO2DIR(ctinfo);
152 int i;
153 __be16 port;
Jan Engelhardt643a2c12007-12-17 22:43:50 -0800[diff] [blame]154 union nf_inet_addr addr;
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]155
156 for (i = 0; i < count; i++) {
157 if (get_h225_addr(ct, *data, &taddr[i], &addr, &port) &&
158 addr.ip == ct->tuplehash[dir].tuple.src.u3.ip &&
159 port == ct->tuplehash[dir].tuple.src.u.udp.port) {
Harvey Harrisoncffee382008-10-31 00:53:08 -0700[diff] [blame]160 pr_debug("nf_nat_ras: set rasAddress %pI4:%hu->%pI4:%hu\n",
161 &addr.ip, ntohs(port),
162 &ct->tuplehash[!dir].tuple.dst.u3.ip,
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]163 ntohs(ct->tuplehash[!dir].tuple.dst.u.udp.port));
Patrick McHardy051966c2012-08-26 19:14:04 +0200[diff] [blame]164 return set_h225_addr(skb, protoff, data, 0, &taddr[i],
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]165 &ct->tuplehash[!dir].tuple.dst.u3,
166 ct->tuplehash[!dir].tuple.
167 dst.u.udp.port);
168 }
169 }
170
171 return 0;
172}
173
174/****************************************************************************/
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]175static int nat_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]176 enum ip_conntrack_info ctinfo,
Patrick McHardy051966c2012-08-26 19:14:04 +0200[diff] [blame]177 unsigned int protoff, unsigned char **data, int dataoff,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]178 H245_TransportAddress *taddr,
179 __be16 port, __be16 rtp_port,
180 struct nf_conntrack_expect *rtp_exp,
181 struct nf_conntrack_expect *rtcp_exp)
182{
Pablo Neira Ayuso1afc5672012-06-07 12:11:50 +0200[diff] [blame]183 struct nf_ct_h323_master *info = nfct_help_data(ct);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]184 int dir = CTINFO2DIR(ctinfo);
185 int i;
186 u_int16_t nated_port;
187
188 /* Set expectations for NAT */
189 rtp_exp->saved_proto.udp.port = rtp_exp->tuple.dst.u.udp.port;
190 rtp_exp->expectfn = nf_nat_follow_master;
191 rtp_exp->dir = !dir;
192 rtcp_exp->saved_proto.udp.port = rtcp_exp->tuple.dst.u.udp.port;
193 rtcp_exp->expectfn = nf_nat_follow_master;
194 rtcp_exp->dir = !dir;
195
196 /* Lookup existing expects */
197 for (i = 0; i < H323_RTP_CHANNEL_MAX; i++) {
198 if (info->rtp_port[i][dir] == rtp_port) {
199 /* Expected */
200
201 /* Use allocated ports first. This will refresh
202 * the expects */
203 rtp_exp->tuple.dst.u.udp.port = info->rtp_port[i][dir];
204 rtcp_exp->tuple.dst.u.udp.port =
205 htons(ntohs(info->rtp_port[i][dir]) + 1);
206 break;
207 } else if (info->rtp_port[i][dir] == 0) {
208 /* Not expected */
209 break;
210 }
211 }
212
213 /* Run out of expectations */
214 if (i >= H323_RTP_CHANNEL_MAX) {
Joe Perchese87cc472012-05-13 21:56:26 +0000[diff] [blame]215 net_notice_ratelimited("nf_nat_h323: out of expectations\n");
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]216 return 0;
217 }
218
219 /* Try to get a pair of ports. */
220 for (nated_port = ntohs(rtp_exp->tuple.dst.u.udp.port);
221 nated_port != 0; nated_port += 2) {
Pablo Neira Ayuso5b92b612010-09-22 08:34:12 +0200[diff] [blame]222 int ret;
223
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]224 rtp_exp->tuple.dst.u.udp.port = htons(nated_port);
Pablo Neira Ayuso5b92b612010-09-22 08:34:12 +0200[diff] [blame]225 ret = nf_ct_expect_related(rtp_exp);
226 if (ret == 0) {
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]227 rtcp_exp->tuple.dst.u.udp.port =
228 htons(nated_port + 1);
Pablo Neira Ayuso5b92b612010-09-22 08:34:12 +0200[diff] [blame]229 ret = nf_ct_expect_related(rtcp_exp);
230 if (ret == 0)
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]231 break;
Alexey Dobriyan829d9312014-02-03 13:07:24 +0100[diff] [blame]232 else if (ret == -EBUSY) {
233 nf_ct_unexpect_related(rtp_exp);
234 continue;
235 } else if (ret < 0) {
Pablo Neira Ayuso5b92b612010-09-22 08:34:12 +0200[diff] [blame]236 nf_ct_unexpect_related(rtp_exp);
237 nated_port = 0;
238 break;
239 }
240 } else if (ret != -EBUSY) {
241 nated_port = 0;
242 break;
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]243 }
244 }
245
246 if (nated_port == 0) { /* No port available */
Joe Perchese87cc472012-05-13 21:56:26 +0000[diff] [blame]247 net_notice_ratelimited("nf_nat_h323: out of RTP ports\n");
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]248 return 0;
249 }
250
251 /* Modify signal */
Patrick McHardy051966c2012-08-26 19:14:04 +0200[diff] [blame]252 if (set_h245_addr(skb, protoff, data, dataoff, taddr,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]253 &ct->tuplehash[!dir].tuple.dst.u3,
254 htons((port & htons(1)) ? nated_port + 1 :
YOSHIFUJI Hideakie905a9e2007-02-09 23:24:47 +0900[diff] [blame]255 nated_port)) == 0) {
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]256 /* Save ports */
257 info->rtp_port[i][dir] = rtp_port;
258 info->rtp_port[i][!dir] = htons(nated_port);
259 } else {
Patrick McHardy68236452007-07-07 22:30:49 -0700[diff] [blame]260 nf_ct_unexpect_related(rtp_exp);
261 nf_ct_unexpect_related(rtcp_exp);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]262 return -1;
263 }
264
265 /* Success */
Harvey Harrisoncffee382008-10-31 00:53:08 -0700[diff] [blame]266 pr_debug("nf_nat_h323: expect RTP %pI4:%hu->%pI4:%hu\n",
267 &rtp_exp->tuple.src.u3.ip,
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]268 ntohs(rtp_exp->tuple.src.u.udp.port),
Harvey Harrisoncffee382008-10-31 00:53:08 -0700[diff] [blame]269 &rtp_exp->tuple.dst.u3.ip,
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]270 ntohs(rtp_exp->tuple.dst.u.udp.port));
Harvey Harrisoncffee382008-10-31 00:53:08 -0700[diff] [blame]271 pr_debug("nf_nat_h323: expect RTCP %pI4:%hu->%pI4:%hu\n",
272 &rtcp_exp->tuple.src.u3.ip,
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]273 ntohs(rtcp_exp->tuple.src.u.udp.port),
Harvey Harrisoncffee382008-10-31 00:53:08 -0700[diff] [blame]274 &rtcp_exp->tuple.dst.u3.ip,
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]275 ntohs(rtcp_exp->tuple.dst.u.udp.port));
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]276
277 return 0;
278}
279
280/****************************************************************************/
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]281static int nat_t120(struct sk_buff *skb, struct nf_conn *ct,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]282 enum ip_conntrack_info ctinfo,
Patrick McHardy051966c2012-08-26 19:14:04 +0200[diff] [blame]283 unsigned int protoff, unsigned char **data, int dataoff,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]284 H245_TransportAddress *taddr, __be16 port,
285 struct nf_conntrack_expect *exp)
286{
287 int dir = CTINFO2DIR(ctinfo);
288 u_int16_t nated_port = ntohs(port);
289
290 /* Set expectations for NAT */
291 exp->saved_proto.tcp.port = exp->tuple.dst.u.tcp.port;
292 exp->expectfn = nf_nat_follow_master;
293 exp->dir = !dir;
294
295 /* Try to get same port: if not, try to change it. */
296 for (; nated_port != 0; nated_port++) {
Pablo Neira Ayuso5b92b612010-09-22 08:34:12 +0200[diff] [blame]297 int ret;
298
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]299 exp->tuple.dst.u.tcp.port = htons(nated_port);
Pablo Neira Ayuso5b92b612010-09-22 08:34:12 +0200[diff] [blame]300 ret = nf_ct_expect_related(exp);
301 if (ret == 0)
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]302 break;
Pablo Neira Ayuso5b92b612010-09-22 08:34:12 +0200[diff] [blame]303 else if (ret != -EBUSY) {
304 nated_port = 0;
305 break;
306 }
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]307 }
308
309 if (nated_port == 0) { /* No port available */
Joe Perchese87cc472012-05-13 21:56:26 +0000[diff] [blame]310 net_notice_ratelimited("nf_nat_h323: out of TCP ports\n");
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]311 return 0;
312 }
313
314 /* Modify signal */
Patrick McHardy051966c2012-08-26 19:14:04 +0200[diff] [blame]315 if (set_h245_addr(skb, protoff, data, dataoff, taddr,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]316 &ct->tuplehash[!dir].tuple.dst.u3,
317 htons(nated_port)) < 0) {
Patrick McHardy68236452007-07-07 22:30:49 -0700[diff] [blame]318 nf_ct_unexpect_related(exp);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]319 return -1;
320 }
321
Harvey Harrisoncffee382008-10-31 00:53:08 -0700[diff] [blame]322 pr_debug("nf_nat_h323: expect T.120 %pI4:%hu->%pI4:%hu\n",
323 &exp->tuple.src.u3.ip,
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]324 ntohs(exp->tuple.src.u.tcp.port),
Harvey Harrisoncffee382008-10-31 00:53:08 -0700[diff] [blame]325 &exp->tuple.dst.u3.ip,
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]326 ntohs(exp->tuple.dst.u.tcp.port));
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]327
328 return 0;
329}
330
331/****************************************************************************/
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]332static int nat_h245(struct sk_buff *skb, struct nf_conn *ct,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]333 enum ip_conntrack_info ctinfo,
Patrick McHardy051966c2012-08-26 19:14:04 +0200[diff] [blame]334 unsigned int protoff, unsigned char **data, int dataoff,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]335 TransportAddress *taddr, __be16 port,
336 struct nf_conntrack_expect *exp)
337{
Pablo Neira Ayuso1afc5672012-06-07 12:11:50 +0200[diff] [blame]338 struct nf_ct_h323_master *info = nfct_help_data(ct);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]339 int dir = CTINFO2DIR(ctinfo);
340 u_int16_t nated_port = ntohs(port);
341
342 /* Set expectations for NAT */
343 exp->saved_proto.tcp.port = exp->tuple.dst.u.tcp.port;
344 exp->expectfn = nf_nat_follow_master;
345 exp->dir = !dir;
346
347 /* Check existing expects */
348 if (info->sig_port[dir] == port)
349 nated_port = ntohs(info->sig_port[!dir]);
350
351 /* Try to get same port: if not, try to change it. */
352 for (; nated_port != 0; nated_port++) {
Pablo Neira Ayuso5b92b612010-09-22 08:34:12 +0200[diff] [blame]353 int ret;
354
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]355 exp->tuple.dst.u.tcp.port = htons(nated_port);
Pablo Neira Ayuso5b92b612010-09-22 08:34:12 +0200[diff] [blame]356 ret = nf_ct_expect_related(exp);
357 if (ret == 0)
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]358 break;
Pablo Neira Ayuso5b92b612010-09-22 08:34:12 +0200[diff] [blame]359 else if (ret != -EBUSY) {
360 nated_port = 0;
361 break;
362 }
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]363 }
364
365 if (nated_port == 0) { /* No port available */
Joe Perchese87cc472012-05-13 21:56:26 +0000[diff] [blame]366 net_notice_ratelimited("nf_nat_q931: out of TCP ports\n");
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]367 return 0;
368 }
369
370 /* Modify signal */
Patrick McHardy051966c2012-08-26 19:14:04 +0200[diff] [blame]371 if (set_h225_addr(skb, protoff, data, dataoff, taddr,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]372 &ct->tuplehash[!dir].tuple.dst.u3,
373 htons(nated_port)) == 0) {
374 /* Save ports */
375 info->sig_port[dir] = port;
376 info->sig_port[!dir] = htons(nated_port);
377 } else {
Patrick McHardy68236452007-07-07 22:30:49 -0700[diff] [blame]378 nf_ct_unexpect_related(exp);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]379 return -1;
380 }
381
Harvey Harrisoncffee382008-10-31 00:53:08 -0700[diff] [blame]382 pr_debug("nf_nat_q931: expect H.245 %pI4:%hu->%pI4:%hu\n",
383 &exp->tuple.src.u3.ip,
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]384 ntohs(exp->tuple.src.u.tcp.port),
Harvey Harrisoncffee382008-10-31 00:53:08 -0700[diff] [blame]385 &exp->tuple.dst.u3.ip,
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]386 ntohs(exp->tuple.dst.u.tcp.port));
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]387
388 return 0;
389}
390
391/****************************************************************************
392 * This conntrack expect function replaces nf_conntrack_q931_expect()
393 * which was set by nf_conntrack_h323.c.
394 ****************************************************************************/
395static void ip_nat_q931_expect(struct nf_conn *new,
396 struct nf_conntrack_expect *this)
397{
Patrick McHardyc7232c92012-08-26 19:14:06 +0200[diff] [blame]398 struct nf_nat_range range;
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]399
400 if (this->tuple.src.u3.ip != 0) { /* Only accept calls from GK */
401 nf_nat_follow_master(new, this);
402 return;
403 }
404
405 /* This must be a fresh one. */
406 BUG_ON(new->status & IPS_NAT_DONE_MASK);
407
408 /* Change src to where master sends to */
Patrick McHardycbc9f2f2011-12-23 13:59:49 +0100[diff] [blame]409 range.flags = NF_NAT_RANGE_MAP_IPS;
Patrick McHardyc7232c92012-08-26 19:14:06 +0200[diff] [blame]410 range.min_addr = range.max_addr =
411 new->tuplehash[!this->dir].tuple.src.u3;
Patrick McHardycbc9f2f2011-12-23 13:59:49 +0100[diff] [blame]412 nf_nat_setup_info(new, &range, NF_NAT_MANIP_SRC);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]413
414 /* For DST manip, map port here to where it's expected. */
Patrick McHardycbc9f2f2011-12-23 13:59:49 +0100[diff] [blame]415 range.flags = (NF_NAT_RANGE_MAP_IPS | NF_NAT_RANGE_PROTO_SPECIFIED);
Patrick McHardyc7232c92012-08-26 19:14:06 +0200[diff] [blame]416 range.min_proto = range.max_proto = this->saved_proto;
417 range.min_addr = range.max_addr =
418 new->master->tuplehash[!this->dir].tuple.src.u3;
Patrick McHardycbc9f2f2011-12-23 13:59:49 +0100[diff] [blame]419 nf_nat_setup_info(new, &range, NF_NAT_MANIP_DST);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]420}
421
422/****************************************************************************/
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]423static int nat_q931(struct sk_buff *skb, struct nf_conn *ct,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]424 enum ip_conntrack_info ctinfo,
Patrick McHardy051966c2012-08-26 19:14:04 +0200[diff] [blame]425 unsigned int protoff, unsigned char **data,
426 TransportAddress *taddr, int idx,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]427 __be16 port, struct nf_conntrack_expect *exp)
428{
Pablo Neira Ayuso1afc5672012-06-07 12:11:50 +0200[diff] [blame]429 struct nf_ct_h323_master *info = nfct_help_data(ct);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]430 int dir = CTINFO2DIR(ctinfo);
431 u_int16_t nated_port = ntohs(port);
Jan Engelhardt643a2c12007-12-17 22:43:50 -0800[diff] [blame]432 union nf_inet_addr addr;
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]433
434 /* Set expectations for NAT */
435 exp->saved_proto.tcp.port = exp->tuple.dst.u.tcp.port;
436 exp->expectfn = ip_nat_q931_expect;
437 exp->dir = !dir;
438
439 /* Check existing expects */
440 if (info->sig_port[dir] == port)
441 nated_port = ntohs(info->sig_port[!dir]);
442
443 /* Try to get same port: if not, try to change it. */
444 for (; nated_port != 0; nated_port++) {
Pablo Neira Ayuso5b92b612010-09-22 08:34:12 +0200[diff] [blame]445 int ret;
446
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]447 exp->tuple.dst.u.tcp.port = htons(nated_port);
Pablo Neira Ayuso5b92b612010-09-22 08:34:12 +0200[diff] [blame]448 ret = nf_ct_expect_related(exp);
449 if (ret == 0)
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]450 break;
Pablo Neira Ayuso5b92b612010-09-22 08:34:12 +0200[diff] [blame]451 else if (ret != -EBUSY) {
452 nated_port = 0;
453 break;
454 }
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]455 }
456
457 if (nated_port == 0) { /* No port available */
Joe Perchese87cc472012-05-13 21:56:26 +0000[diff] [blame]458 net_notice_ratelimited("nf_nat_ras: out of TCP ports\n");
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]459 return 0;
460 }
461
462 /* Modify signal */
Patrick McHardy051966c2012-08-26 19:14:04 +0200[diff] [blame]463 if (set_h225_addr(skb, protoff, data, 0, &taddr[idx],
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]464 &ct->tuplehash[!dir].tuple.dst.u3,
465 htons(nated_port)) == 0) {
466 /* Save ports */
467 info->sig_port[dir] = port;
468 info->sig_port[!dir] = htons(nated_port);
469
470 /* Fix for Gnomemeeting */
471 if (idx > 0 &&
472 get_h225_addr(ct, *data, &taddr[0], &addr, &port) &&
473 (ntohl(addr.ip) & 0xff000000) == 0x7f000000) {
Patrick McHardy051966c2012-08-26 19:14:04 +0200[diff] [blame]474 set_h225_addr(skb, protoff, data, 0, &taddr[0],
Jing Min Zhao1ff75ed2007-05-24 16:44:40 -0700[diff] [blame]475 &ct->tuplehash[!dir].tuple.dst.u3,
476 info->sig_port[!dir]);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]477 }
478 } else {
Patrick McHardy68236452007-07-07 22:30:49 -0700[diff] [blame]479 nf_ct_unexpect_related(exp);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]480 return -1;
481 }
482
483 /* Success */
Harvey Harrisoncffee382008-10-31 00:53:08 -0700[diff] [blame]484 pr_debug("nf_nat_ras: expect Q.931 %pI4:%hu->%pI4:%hu\n",
485 &exp->tuple.src.u3.ip,
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]486 ntohs(exp->tuple.src.u.tcp.port),
Harvey Harrisoncffee382008-10-31 00:53:08 -0700[diff] [blame]487 &exp->tuple.dst.u3.ip,
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]488 ntohs(exp->tuple.dst.u.tcp.port));
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]489
490 return 0;
491}
492
493/****************************************************************************/
494static void ip_nat_callforwarding_expect(struct nf_conn *new,
495 struct nf_conntrack_expect *this)
496{
Patrick McHardyc7232c92012-08-26 19:14:06 +0200[diff] [blame]497 struct nf_nat_range range;
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]498
499 /* This must be a fresh one. */
500 BUG_ON(new->status & IPS_NAT_DONE_MASK);
501
502 /* Change src to where master sends to */
Patrick McHardycbc9f2f2011-12-23 13:59:49 +0100[diff] [blame]503 range.flags = NF_NAT_RANGE_MAP_IPS;
Patrick McHardyc7232c92012-08-26 19:14:06 +0200[diff] [blame]504 range.min_addr = range.max_addr =
505 new->tuplehash[!this->dir].tuple.src.u3;
Patrick McHardycbc9f2f2011-12-23 13:59:49 +0100[diff] [blame]506 nf_nat_setup_info(new, &range, NF_NAT_MANIP_SRC);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]507
508 /* For DST manip, map port here to where it's expected. */
Patrick McHardycbc9f2f2011-12-23 13:59:49 +0100[diff] [blame]509 range.flags = (NF_NAT_RANGE_MAP_IPS | NF_NAT_RANGE_PROTO_SPECIFIED);
Patrick McHardyc7232c92012-08-26 19:14:06 +0200[diff] [blame]510 range.min_proto = range.max_proto = this->saved_proto;
511 range.min_addr = range.max_addr = this->saved_addr;
Patrick McHardycbc9f2f2011-12-23 13:59:49 +0100[diff] [blame]512 nf_nat_setup_info(new, &range, NF_NAT_MANIP_DST);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]513}
514
515/****************************************************************************/
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]516static int nat_callforwarding(struct sk_buff *skb, struct nf_conn *ct,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]517 enum ip_conntrack_info ctinfo,
Patrick McHardy051966c2012-08-26 19:14:04 +0200[diff] [blame]518 unsigned int protoff,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]519 unsigned char **data, int dataoff,
520 TransportAddress *taddr, __be16 port,
521 struct nf_conntrack_expect *exp)
522{
523 int dir = CTINFO2DIR(ctinfo);
524 u_int16_t nated_port;
525
526 /* Set expectations for NAT */
Patrick McHardyc7232c92012-08-26 19:14:06 +0200[diff] [blame]527 exp->saved_addr = exp->tuple.dst.u3;
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]528 exp->tuple.dst.u3.ip = ct->tuplehash[!dir].tuple.dst.u3.ip;
529 exp->saved_proto.tcp.port = exp->tuple.dst.u.tcp.port;
530 exp->expectfn = ip_nat_callforwarding_expect;
531 exp->dir = !dir;
532
533 /* Try to get same port: if not, try to change it. */
534 for (nated_port = ntohs(port); nated_port != 0; nated_port++) {
Pablo Neira Ayuso5b92b612010-09-22 08:34:12 +0200[diff] [blame]535 int ret;
536
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]537 exp->tuple.dst.u.tcp.port = htons(nated_port);
Pablo Neira Ayuso5b92b612010-09-22 08:34:12 +0200[diff] [blame]538 ret = nf_ct_expect_related(exp);
539 if (ret == 0)
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]540 break;
Pablo Neira Ayuso5b92b612010-09-22 08:34:12 +0200[diff] [blame]541 else if (ret != -EBUSY) {
542 nated_port = 0;
543 break;
544 }
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]545 }
546
547 if (nated_port == 0) { /* No port available */
Joe Perchese87cc472012-05-13 21:56:26 +0000[diff] [blame]548 net_notice_ratelimited("nf_nat_q931: out of TCP ports\n");
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]549 return 0;
550 }
551
552 /* Modify signal */
Patrick McHardy051966c2012-08-26 19:14:04 +0200[diff] [blame]553 if (!set_h225_addr(skb, protoff, data, dataoff, taddr,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]554 &ct->tuplehash[!dir].tuple.dst.u3,
555 htons(nated_port)) == 0) {
Patrick McHardy68236452007-07-07 22:30:49 -0700[diff] [blame]556 nf_ct_unexpect_related(exp);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]557 return -1;
558 }
559
560 /* Success */
Harvey Harrisoncffee382008-10-31 00:53:08 -0700[diff] [blame]561 pr_debug("nf_nat_q931: expect Call Forwarding %pI4:%hu->%pI4:%hu\n",
562 &exp->tuple.src.u3.ip,
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]563 ntohs(exp->tuple.src.u.tcp.port),
Harvey Harrisoncffee382008-10-31 00:53:08 -0700[diff] [blame]564 &exp->tuple.dst.u3.ip,
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]565 ntohs(exp->tuple.dst.u.tcp.port));
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]566
567 return 0;
568}
569
Pablo Neira Ayuso544d5c72012-02-05 03:44:51 +0100[diff] [blame]570static struct nf_ct_helper_expectfn q931_nat = {
571 .name = "Q.931",
572 .expectfn = ip_nat_q931_expect,
573};
574
575static struct nf_ct_helper_expectfn callforwarding_nat = {
576 .name = "callforwarding",
577 .expectfn = ip_nat_callforwarding_expect,
578};
579
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]580/****************************************************************************/
581static int __init init(void)
582{
Patrick McHardyd1332e02007-11-05 20:43:30 -0800[diff] [blame]583 BUG_ON(set_h245_addr_hook != NULL);
584 BUG_ON(set_h225_addr_hook != NULL);
585 BUG_ON(set_sig_addr_hook != NULL);
586 BUG_ON(set_ras_addr_hook != NULL);
587 BUG_ON(nat_rtp_rtcp_hook != NULL);
588 BUG_ON(nat_t120_hook != NULL);
589 BUG_ON(nat_h245_hook != NULL);
590 BUG_ON(nat_callforwarding_hook != NULL);
591 BUG_ON(nat_q931_hook != NULL);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]592
Stephen Hemmingera9b3cd72011-08-01 16:19:00 +0000[diff] [blame]593 RCU_INIT_POINTER(set_h245_addr_hook, set_h245_addr);
594 RCU_INIT_POINTER(set_h225_addr_hook, set_h225_addr);
595 RCU_INIT_POINTER(set_sig_addr_hook, set_sig_addr);
596 RCU_INIT_POINTER(set_ras_addr_hook, set_ras_addr);
597 RCU_INIT_POINTER(nat_rtp_rtcp_hook, nat_rtp_rtcp);
598 RCU_INIT_POINTER(nat_t120_hook, nat_t120);
599 RCU_INIT_POINTER(nat_h245_hook, nat_h245);
600 RCU_INIT_POINTER(nat_callforwarding_hook, nat_callforwarding);
601 RCU_INIT_POINTER(nat_q931_hook, nat_q931);
Pablo Neira Ayuso544d5c72012-02-05 03:44:51 +0100[diff] [blame]602 nf_ct_helper_expectfn_register(&q931_nat);
603 nf_ct_helper_expectfn_register(&callforwarding_nat);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]604 return 0;
605}
606
607/****************************************************************************/
608static void __exit fini(void)
609{
Stephen Hemmingera9b3cd72011-08-01 16:19:00 +0000[diff] [blame]610 RCU_INIT_POINTER(set_h245_addr_hook, NULL);
611 RCU_INIT_POINTER(set_h225_addr_hook, NULL);
612 RCU_INIT_POINTER(set_sig_addr_hook, NULL);
613 RCU_INIT_POINTER(set_ras_addr_hook, NULL);
614 RCU_INIT_POINTER(nat_rtp_rtcp_hook, NULL);
615 RCU_INIT_POINTER(nat_t120_hook, NULL);
616 RCU_INIT_POINTER(nat_h245_hook, NULL);
617 RCU_INIT_POINTER(nat_callforwarding_hook, NULL);
618 RCU_INIT_POINTER(nat_q931_hook, NULL);
Pablo Neira Ayuso544d5c72012-02-05 03:44:51 +0100[diff] [blame]619 nf_ct_helper_expectfn_unregister(&q931_nat);
620 nf_ct_helper_expectfn_unregister(&callforwarding_nat);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]621 synchronize_rcu();
622}
623
624/****************************************************************************/
625module_init(init);
626module_exit(fini);
627
628MODULE_AUTHOR("Jing Min Zhao <zhaojingmin@users.sourceforge.net>");
629MODULE_DESCRIPTION("H.323 NAT helper");
630MODULE_LICENSE("GPL");
631MODULE_ALIAS("ip_nat_h323");