Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / cc01dcbd26865addfe9eb5431f1f9dbc511515ba / . / net / ipv4 / netfilter / nf_nat_h323.c
blob: 2e4bdee92c4a81cabe642c2c40d32f4efb5cbaaa [file] [log] [blame]
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]1/*
2 * H.323 extension for NAT alteration.
3 *
4 * Copyright (c) 2006 Jing Min Zhao <zhaojingmin@users.sourceforge.net>
5 *
6 * This source code is licensed under General Public License version 2.
7 *
8 * Based on the 'brute force' H.323 NAT module by
9 * Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
10 */
11
12#include <linux/module.h>
13#include <linux/moduleparam.h>
14#include <linux/tcp.h>
15#include <net/tcp.h>
16
17#include <net/netfilter/nf_nat.h>
18#include <net/netfilter/nf_nat_helper.h>
19#include <net/netfilter/nf_nat_rule.h>
20#include <net/netfilter/nf_conntrack_helper.h>
21#include <net/netfilter/nf_conntrack_expect.h>
22#include <linux/netfilter/nf_conntrack_h323.h>
23
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]24/****************************************************************************/
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]25static int set_addr(struct sk_buff *skb,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]26 unsigned char **data, int dataoff,
27 unsigned int addroff, __be32 ip, __be16 port)
28{
29 enum ip_conntrack_info ctinfo;
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]30 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]31 struct {
32 __be32 ip;
33 __be16 port;
34 } __attribute__ ((__packed__)) buf;
35 struct tcphdr _tcph, *th;
36
37 buf.ip = ip;
38 buf.port = port;
39 addroff += dataoff;
40
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]41 if (ip_hdr(skb)->protocol == IPPROTO_TCP) {
42 if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]43 addroff, sizeof(buf),
44 (char *) &buf, sizeof(buf))) {
45 if (net_ratelimit())
46 printk("nf_nat_h323: nf_nat_mangle_tcp_packet"
47 " error\n");
48 return -1;
49 }
50
51 /* Relocate data pointer */
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]52 th = skb_header_pointer(skb, ip_hdrlen(skb),
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]53 sizeof(_tcph), &_tcph);
54 if (th == NULL)
55 return -1;
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]56 *data = skb->data + ip_hdrlen(skb) + th->doff * 4 + dataoff;
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]57 } else {
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]58 if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]59 addroff, sizeof(buf),
60 (char *) &buf, sizeof(buf))) {
61 if (net_ratelimit())
62 printk("nf_nat_h323: nf_nat_mangle_udp_packet"
63 " error\n");
64 return -1;
65 }
66 /* nf_nat_mangle_udp_packet uses skb_make_writable() to copy
67 * or pull everything in a linear buffer, so we can safely
68 * use the skb pointers now */
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]69 *data = skb->data + ip_hdrlen(skb) + sizeof(struct udphdr);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]70 }
71
72 return 0;
73}
74
75/****************************************************************************/
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]76static int set_h225_addr(struct sk_buff *skb,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]77 unsigned char **data, int dataoff,
78 TransportAddress *taddr,
79 union nf_conntrack_address *addr, __be16 port)
80{
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]81 return set_addr(skb, data, dataoff, taddr->ipAddress.ip,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]82 addr->ip, port);
83}
84
85/****************************************************************************/
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]86static int set_h245_addr(struct sk_buff *skb,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]87 unsigned char **data, int dataoff,
88 H245_TransportAddress *taddr,
89 union nf_conntrack_address *addr, __be16 port)
90{
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]91 return set_addr(skb, data, dataoff,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]92 taddr->unicastAddress.iPAddress.network,
93 addr->ip, port);
94}
95
96/****************************************************************************/
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]97static int set_sig_addr(struct sk_buff *skb, struct nf_conn *ct,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]98 enum ip_conntrack_info ctinfo,
99 unsigned char **data,
100 TransportAddress *taddr, int count)
101{
102 struct nf_ct_h323_master *info = &nfct_help(ct)->help.ct_h323_info;
103 int dir = CTINFO2DIR(ctinfo);
104 int i;
105 __be16 port;
106 union nf_conntrack_address addr;
107
108 for (i = 0; i < count; i++) {
109 if (get_h225_addr(ct, *data, &taddr[i], &addr, &port)) {
110 if (addr.ip == ct->tuplehash[dir].tuple.src.u3.ip &&
111 port == info->sig_port[dir]) {
112 /* GW->GK */
113
114 /* Fix for Gnomemeeting */
115 if (i > 0 &&
116 get_h225_addr(ct, *data, &taddr[0],
117 &addr, &port) &&
118 (ntohl(addr.ip) & 0xff000000) == 0x7f000000)
119 i = 0;
120
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]121 pr_debug("nf_nat_ras: set signal address "
122 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
123 NIPQUAD(addr.ip), port,
124 NIPQUAD(ct->tuplehash[!dir].tuple.dst.u3.ip),
125 info->sig_port[!dir]);
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]126 return set_h225_addr(skb, data, 0, &taddr[i],
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]127 &ct->tuplehash[!dir].
128 tuple.dst.u3,
129 info->sig_port[!dir]);
130 } else if (addr.ip == ct->tuplehash[dir].tuple.dst.u3.ip &&
131 port == info->sig_port[dir]) {
132 /* GK->GW */
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]133 pr_debug("nf_nat_ras: set signal address "
134 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
135 NIPQUAD(addr.ip), port,
136 NIPQUAD(ct->tuplehash[!dir].tuple.src.u3.ip),
137 info->sig_port[!dir]);
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]138 return set_h225_addr(skb, data, 0, &taddr[i],
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]139 &ct->tuplehash[!dir].
140 tuple.src.u3,
141 info->sig_port[!dir]);
142 }
143 }
144 }
145
146 return 0;
147}
148
149/****************************************************************************/
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]150static int set_ras_addr(struct sk_buff *skb, struct nf_conn *ct,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]151 enum ip_conntrack_info ctinfo,
152 unsigned char **data,
153 TransportAddress *taddr, int count)
154{
155 int dir = CTINFO2DIR(ctinfo);
156 int i;
157 __be16 port;
158 union nf_conntrack_address addr;
159
160 for (i = 0; i < count; i++) {
161 if (get_h225_addr(ct, *data, &taddr[i], &addr, &port) &&
162 addr.ip == ct->tuplehash[dir].tuple.src.u3.ip &&
163 port == ct->tuplehash[dir].tuple.src.u.udp.port) {
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]164 pr_debug("nf_nat_ras: set rasAddress "
165 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
166 NIPQUAD(addr.ip), ntohs(port),
167 NIPQUAD(ct->tuplehash[!dir].tuple.dst.u3.ip),
168 ntohs(ct->tuplehash[!dir].tuple.dst.u.udp.port));
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]169 return set_h225_addr(skb, data, 0, &taddr[i],
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]170 &ct->tuplehash[!dir].tuple.dst.u3,
171 ct->tuplehash[!dir].tuple.
172 dst.u.udp.port);
173 }
174 }
175
176 return 0;
177}
178
179/****************************************************************************/
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]180static int nat_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]181 enum ip_conntrack_info ctinfo,
182 unsigned char **data, int dataoff,
183 H245_TransportAddress *taddr,
184 __be16 port, __be16 rtp_port,
185 struct nf_conntrack_expect *rtp_exp,
186 struct nf_conntrack_expect *rtcp_exp)
187{
188 struct nf_ct_h323_master *info = &nfct_help(ct)->help.ct_h323_info;
189 int dir = CTINFO2DIR(ctinfo);
190 int i;
191 u_int16_t nated_port;
192
193 /* Set expectations for NAT */
194 rtp_exp->saved_proto.udp.port = rtp_exp->tuple.dst.u.udp.port;
195 rtp_exp->expectfn = nf_nat_follow_master;
196 rtp_exp->dir = !dir;
197 rtcp_exp->saved_proto.udp.port = rtcp_exp->tuple.dst.u.udp.port;
198 rtcp_exp->expectfn = nf_nat_follow_master;
199 rtcp_exp->dir = !dir;
200
201 /* Lookup existing expects */
202 for (i = 0; i < H323_RTP_CHANNEL_MAX; i++) {
203 if (info->rtp_port[i][dir] == rtp_port) {
204 /* Expected */
205
206 /* Use allocated ports first. This will refresh
207 * the expects */
208 rtp_exp->tuple.dst.u.udp.port = info->rtp_port[i][dir];
209 rtcp_exp->tuple.dst.u.udp.port =
210 htons(ntohs(info->rtp_port[i][dir]) + 1);
211 break;
212 } else if (info->rtp_port[i][dir] == 0) {
213 /* Not expected */
214 break;
215 }
216 }
217
218 /* Run out of expectations */
219 if (i >= H323_RTP_CHANNEL_MAX) {
220 if (net_ratelimit())
221 printk("nf_nat_h323: out of expectations\n");
222 return 0;
223 }
224
225 /* Try to get a pair of ports. */
226 for (nated_port = ntohs(rtp_exp->tuple.dst.u.udp.port);
227 nated_port != 0; nated_port += 2) {
228 rtp_exp->tuple.dst.u.udp.port = htons(nated_port);
Patrick McHardy68236452007-07-07 22:30:49 -0700[diff] [blame]229 if (nf_ct_expect_related(rtp_exp) == 0) {
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]230 rtcp_exp->tuple.dst.u.udp.port =
231 htons(nated_port + 1);
Patrick McHardy68236452007-07-07 22:30:49 -0700[diff] [blame]232 if (nf_ct_expect_related(rtcp_exp) == 0)
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]233 break;
Patrick McHardy68236452007-07-07 22:30:49 -0700[diff] [blame]234 nf_ct_unexpect_related(rtp_exp);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]235 }
236 }
237
238 if (nated_port == 0) { /* No port available */
239 if (net_ratelimit())
240 printk("nf_nat_h323: out of RTP ports\n");
241 return 0;
242 }
243
244 /* Modify signal */
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]245 if (set_h245_addr(skb, data, dataoff, taddr,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]246 &ct->tuplehash[!dir].tuple.dst.u3,
247 htons((port & htons(1)) ? nated_port + 1 :
YOSHIFUJI Hideakie905a9e2007-02-09 23:24:47 +0900[diff] [blame]248 nated_port)) == 0) {
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]249 /* Save ports */
250 info->rtp_port[i][dir] = rtp_port;
251 info->rtp_port[i][!dir] = htons(nated_port);
252 } else {
Patrick McHardy68236452007-07-07 22:30:49 -0700[diff] [blame]253 nf_ct_unexpect_related(rtp_exp);
254 nf_ct_unexpect_related(rtcp_exp);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]255 return -1;
256 }
257
258 /* Success */
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]259 pr_debug("nf_nat_h323: expect RTP %u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
260 NIPQUAD(rtp_exp->tuple.src.u3.ip),
261 ntohs(rtp_exp->tuple.src.u.udp.port),
262 NIPQUAD(rtp_exp->tuple.dst.u3.ip),
263 ntohs(rtp_exp->tuple.dst.u.udp.port));
264 pr_debug("nf_nat_h323: expect RTCP %u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
265 NIPQUAD(rtcp_exp->tuple.src.u3.ip),
266 ntohs(rtcp_exp->tuple.src.u.udp.port),
267 NIPQUAD(rtcp_exp->tuple.dst.u3.ip),
268 ntohs(rtcp_exp->tuple.dst.u.udp.port));
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]269
270 return 0;
271}
272
273/****************************************************************************/
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]274static int nat_t120(struct sk_buff *skb, struct nf_conn *ct,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]275 enum ip_conntrack_info ctinfo,
276 unsigned char **data, int dataoff,
277 H245_TransportAddress *taddr, __be16 port,
278 struct nf_conntrack_expect *exp)
279{
280 int dir = CTINFO2DIR(ctinfo);
281 u_int16_t nated_port = ntohs(port);
282
283 /* Set expectations for NAT */
284 exp->saved_proto.tcp.port = exp->tuple.dst.u.tcp.port;
285 exp->expectfn = nf_nat_follow_master;
286 exp->dir = !dir;
287
288 /* Try to get same port: if not, try to change it. */
289 for (; nated_port != 0; nated_port++) {
290 exp->tuple.dst.u.tcp.port = htons(nated_port);
Patrick McHardy68236452007-07-07 22:30:49 -0700[diff] [blame]291 if (nf_ct_expect_related(exp) == 0)
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]292 break;
293 }
294
295 if (nated_port == 0) { /* No port available */
296 if (net_ratelimit())
297 printk("nf_nat_h323: out of TCP ports\n");
298 return 0;
299 }
300
301 /* Modify signal */
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]302 if (set_h245_addr(skb, data, dataoff, taddr,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]303 &ct->tuplehash[!dir].tuple.dst.u3,
304 htons(nated_port)) < 0) {
Patrick McHardy68236452007-07-07 22:30:49 -0700[diff] [blame]305 nf_ct_unexpect_related(exp);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]306 return -1;
307 }
308
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]309 pr_debug("nf_nat_h323: expect T.120 %u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
310 NIPQUAD(exp->tuple.src.u3.ip),
311 ntohs(exp->tuple.src.u.tcp.port),
312 NIPQUAD(exp->tuple.dst.u3.ip),
313 ntohs(exp->tuple.dst.u.tcp.port));
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]314
315 return 0;
316}
317
318/****************************************************************************/
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]319static int nat_h245(struct sk_buff *skb, struct nf_conn *ct,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]320 enum ip_conntrack_info ctinfo,
321 unsigned char **data, int dataoff,
322 TransportAddress *taddr, __be16 port,
323 struct nf_conntrack_expect *exp)
324{
325 struct nf_ct_h323_master *info = &nfct_help(ct)->help.ct_h323_info;
326 int dir = CTINFO2DIR(ctinfo);
327 u_int16_t nated_port = ntohs(port);
328
329 /* Set expectations for NAT */
330 exp->saved_proto.tcp.port = exp->tuple.dst.u.tcp.port;
331 exp->expectfn = nf_nat_follow_master;
332 exp->dir = !dir;
333
334 /* Check existing expects */
335 if (info->sig_port[dir] == port)
336 nated_port = ntohs(info->sig_port[!dir]);
337
338 /* Try to get same port: if not, try to change it. */
339 for (; nated_port != 0; nated_port++) {
340 exp->tuple.dst.u.tcp.port = htons(nated_port);
Patrick McHardy68236452007-07-07 22:30:49 -0700[diff] [blame]341 if (nf_ct_expect_related(exp) == 0)
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]342 break;
343 }
344
345 if (nated_port == 0) { /* No port available */
346 if (net_ratelimit())
347 printk("nf_nat_q931: out of TCP ports\n");
348 return 0;
349 }
350
351 /* Modify signal */
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]352 if (set_h225_addr(skb, data, dataoff, taddr,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]353 &ct->tuplehash[!dir].tuple.dst.u3,
354 htons(nated_port)) == 0) {
355 /* Save ports */
356 info->sig_port[dir] = port;
357 info->sig_port[!dir] = htons(nated_port);
358 } else {
Patrick McHardy68236452007-07-07 22:30:49 -0700[diff] [blame]359 nf_ct_unexpect_related(exp);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]360 return -1;
361 }
362
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]363 pr_debug("nf_nat_q931: expect H.245 %u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
364 NIPQUAD(exp->tuple.src.u3.ip),
365 ntohs(exp->tuple.src.u.tcp.port),
366 NIPQUAD(exp->tuple.dst.u3.ip),
367 ntohs(exp->tuple.dst.u.tcp.port));
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]368
369 return 0;
370}
371
372/****************************************************************************
373 * This conntrack expect function replaces nf_conntrack_q931_expect()
374 * which was set by nf_conntrack_h323.c.
375 ****************************************************************************/
376static void ip_nat_q931_expect(struct nf_conn *new,
377 struct nf_conntrack_expect *this)
378{
Patrick McHardy587aa642007-03-14 16:37:25 -0700[diff] [blame]379 struct nf_nat_range range;
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]380
381 if (this->tuple.src.u3.ip != 0) { /* Only accept calls from GK */
382 nf_nat_follow_master(new, this);
383 return;
384 }
385
386 /* This must be a fresh one. */
387 BUG_ON(new->status & IPS_NAT_DONE_MASK);
388
389 /* Change src to where master sends to */
390 range.flags = IP_NAT_RANGE_MAP_IPS;
391 range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip;
Patrick McHardycc01dcb2007-12-17 22:38:20 -0800[diff] [blame^]392 nf_nat_setup_info(new, &range, IP_NAT_MANIP_SRC);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]393
394 /* For DST manip, map port here to where it's expected. */
395 range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
396 range.min = range.max = this->saved_proto;
397 range.min_ip = range.max_ip =
398 new->master->tuplehash[!this->dir].tuple.src.u3.ip;
Patrick McHardycc01dcb2007-12-17 22:38:20 -0800[diff] [blame^]399 nf_nat_setup_info(new, &range, IP_NAT_MANIP_DST);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]400}
401
402/****************************************************************************/
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]403static int nat_q931(struct sk_buff *skb, struct nf_conn *ct,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]404 enum ip_conntrack_info ctinfo,
405 unsigned char **data, TransportAddress *taddr, int idx,
406 __be16 port, struct nf_conntrack_expect *exp)
407{
408 struct nf_ct_h323_master *info = &nfct_help(ct)->help.ct_h323_info;
409 int dir = CTINFO2DIR(ctinfo);
410 u_int16_t nated_port = ntohs(port);
411 union nf_conntrack_address addr;
412
413 /* Set expectations for NAT */
414 exp->saved_proto.tcp.port = exp->tuple.dst.u.tcp.port;
415 exp->expectfn = ip_nat_q931_expect;
416 exp->dir = !dir;
417
418 /* Check existing expects */
419 if (info->sig_port[dir] == port)
420 nated_port = ntohs(info->sig_port[!dir]);
421
422 /* Try to get same port: if not, try to change it. */
423 for (; nated_port != 0; nated_port++) {
424 exp->tuple.dst.u.tcp.port = htons(nated_port);
Patrick McHardy68236452007-07-07 22:30:49 -0700[diff] [blame]425 if (nf_ct_expect_related(exp) == 0)
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]426 break;
427 }
428
429 if (nated_port == 0) { /* No port available */
430 if (net_ratelimit())
431 printk("nf_nat_ras: out of TCP ports\n");
432 return 0;
433 }
434
435 /* Modify signal */
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]436 if (set_h225_addr(skb, data, 0, &taddr[idx],
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]437 &ct->tuplehash[!dir].tuple.dst.u3,
438 htons(nated_port)) == 0) {
439 /* Save ports */
440 info->sig_port[dir] = port;
441 info->sig_port[!dir] = htons(nated_port);
442
443 /* Fix for Gnomemeeting */
444 if (idx > 0 &&
445 get_h225_addr(ct, *data, &taddr[0], &addr, &port) &&
446 (ntohl(addr.ip) & 0xff000000) == 0x7f000000) {
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]447 set_h225_addr(skb, data, 0, &taddr[0],
Jing Min Zhao1ff75ed2007-05-24 16:44:40 -0700[diff] [blame]448 &ct->tuplehash[!dir].tuple.dst.u3,
449 info->sig_port[!dir]);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]450 }
451 } else {
Patrick McHardy68236452007-07-07 22:30:49 -0700[diff] [blame]452 nf_ct_unexpect_related(exp);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]453 return -1;
454 }
455
456 /* Success */
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]457 pr_debug("nf_nat_ras: expect Q.931 %u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
458 NIPQUAD(exp->tuple.src.u3.ip),
459 ntohs(exp->tuple.src.u.tcp.port),
460 NIPQUAD(exp->tuple.dst.u3.ip),
461 ntohs(exp->tuple.dst.u.tcp.port));
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]462
463 return 0;
464}
465
466/****************************************************************************/
467static void ip_nat_callforwarding_expect(struct nf_conn *new,
468 struct nf_conntrack_expect *this)
469{
470 struct nf_nat_range range;
471
472 /* This must be a fresh one. */
473 BUG_ON(new->status & IPS_NAT_DONE_MASK);
474
475 /* Change src to where master sends to */
476 range.flags = IP_NAT_RANGE_MAP_IPS;
477 range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip;
Patrick McHardycc01dcb2007-12-17 22:38:20 -0800[diff] [blame^]478 nf_nat_setup_info(new, &range, IP_NAT_MANIP_SRC);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]479
480 /* For DST manip, map port here to where it's expected. */
481 range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
482 range.min = range.max = this->saved_proto;
483 range.min_ip = range.max_ip = this->saved_ip;
Patrick McHardycc01dcb2007-12-17 22:38:20 -0800[diff] [blame^]484 nf_nat_setup_info(new, &range, IP_NAT_MANIP_DST);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]485}
486
487/****************************************************************************/
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]488static int nat_callforwarding(struct sk_buff *skb, struct nf_conn *ct,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]489 enum ip_conntrack_info ctinfo,
490 unsigned char **data, int dataoff,
491 TransportAddress *taddr, __be16 port,
492 struct nf_conntrack_expect *exp)
493{
494 int dir = CTINFO2DIR(ctinfo);
495 u_int16_t nated_port;
496
497 /* Set expectations for NAT */
498 exp->saved_ip = exp->tuple.dst.u3.ip;
499 exp->tuple.dst.u3.ip = ct->tuplehash[!dir].tuple.dst.u3.ip;
500 exp->saved_proto.tcp.port = exp->tuple.dst.u.tcp.port;
501 exp->expectfn = ip_nat_callforwarding_expect;
502 exp->dir = !dir;
503
504 /* Try to get same port: if not, try to change it. */
505 for (nated_port = ntohs(port); nated_port != 0; nated_port++) {
506 exp->tuple.dst.u.tcp.port = htons(nated_port);
Patrick McHardy68236452007-07-07 22:30:49 -0700[diff] [blame]507 if (nf_ct_expect_related(exp) == 0)
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]508 break;
509 }
510
511 if (nated_port == 0) { /* No port available */
512 if (net_ratelimit())
513 printk("nf_nat_q931: out of TCP ports\n");
514 return 0;
515 }
516
517 /* Modify signal */
Herbert Xu3db05fe2007-10-15 00:53:15 -0700[diff] [blame]518 if (!set_h225_addr(skb, data, dataoff, taddr,
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]519 &ct->tuplehash[!dir].tuple.dst.u3,
520 htons(nated_port)) == 0) {
Patrick McHardy68236452007-07-07 22:30:49 -0700[diff] [blame]521 nf_ct_unexpect_related(exp);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]522 return -1;
523 }
524
525 /* Success */
Patrick McHardy0d537782007-07-07 22:39:38 -0700[diff] [blame]526 pr_debug("nf_nat_q931: expect Call Forwarding "
527 "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
528 NIPQUAD(exp->tuple.src.u3.ip),
529 ntohs(exp->tuple.src.u.tcp.port),
530 NIPQUAD(exp->tuple.dst.u3.ip),
531 ntohs(exp->tuple.dst.u.tcp.port));
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]532
533 return 0;
534}
535
536/****************************************************************************/
537static int __init init(void)
538{
Patrick McHardyd1332e02007-11-05 20:43:30 -0800[diff] [blame]539 BUG_ON(set_h245_addr_hook != NULL);
540 BUG_ON(set_h225_addr_hook != NULL);
541 BUG_ON(set_sig_addr_hook != NULL);
542 BUG_ON(set_ras_addr_hook != NULL);
543 BUG_ON(nat_rtp_rtcp_hook != NULL);
544 BUG_ON(nat_t120_hook != NULL);
545 BUG_ON(nat_h245_hook != NULL);
546 BUG_ON(nat_callforwarding_hook != NULL);
547 BUG_ON(nat_q931_hook != NULL);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]548
549 rcu_assign_pointer(set_h245_addr_hook, set_h245_addr);
550 rcu_assign_pointer(set_h225_addr_hook, set_h225_addr);
551 rcu_assign_pointer(set_sig_addr_hook, set_sig_addr);
552 rcu_assign_pointer(set_ras_addr_hook, set_ras_addr);
553 rcu_assign_pointer(nat_rtp_rtcp_hook, nat_rtp_rtcp);
554 rcu_assign_pointer(nat_t120_hook, nat_t120);
555 rcu_assign_pointer(nat_h245_hook, nat_h245);
556 rcu_assign_pointer(nat_callforwarding_hook, nat_callforwarding);
557 rcu_assign_pointer(nat_q931_hook, nat_q931);
Patrick McHardyf587de02006-12-02 22:08:46 -0800[diff] [blame]558 return 0;
559}
560
561/****************************************************************************/
562static void __exit fini(void)
563{
564 rcu_assign_pointer(set_h245_addr_hook, NULL);
565 rcu_assign_pointer(set_h225_addr_hook, NULL);
566 rcu_assign_pointer(set_sig_addr_hook, NULL);
567 rcu_assign_pointer(set_ras_addr_hook, NULL);
568 rcu_assign_pointer(nat_rtp_rtcp_hook, NULL);
569 rcu_assign_pointer(nat_t120_hook, NULL);
570 rcu_assign_pointer(nat_h245_hook, NULL);
571 rcu_assign_pointer(nat_callforwarding_hook, NULL);
572 rcu_assign_pointer(nat_q931_hook, NULL);
573 synchronize_rcu();
574}
575
576/****************************************************************************/
577module_init(init);
578module_exit(fini);
579
580MODULE_AUTHOR("Jing Min Zhao <zhaojingmin@users.sourceforge.net>");
581MODULE_DESCRIPTION("H.323 NAT helper");
582MODULE_LICENSE("GPL");
583MODULE_ALIAS("ip_nat_h323");