~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/ipv4/netfilter/nf_nat_h323.c

Version: ~ [ linux-5.9.1 ] ~ [ linux-5.8.16 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.72 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.152 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.202 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.240 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.240 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.85 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  * H.323 extension for NAT alteration.
  3  *
  4  * Copyright (c) 2006 Jing Min Zhao <zhaojingmin@users.sourceforge.net>
  5  * Copyright (c) 2006-2012 Patrick McHardy <kaber@trash.net>
  6  *
  7  * This source code is licensed under General Public License version 2.
  8  *
  9  * Based on the 'brute force' H.323 NAT module by
 10  * Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
 11  */
 12 
 13 #include <linux/module.h>
 14 #include <linux/tcp.h>
 15 #include <net/tcp.h>
 16 
 17 #include <net/netfilter/nf_nat.h>
 18 #include <net/netfilter/nf_nat_helper.h>
 19 #include <net/netfilter/nf_conntrack_helper.h>
 20 #include <net/netfilter/nf_conntrack_expect.h>
 21 #include <linux/netfilter/nf_conntrack_h323.h>
 22 
 23 /****************************************************************************/
 24 static int set_addr(struct sk_buff *skb, unsigned int protoff,
 25                     unsigned char **data, int dataoff,
 26                     unsigned int addroff, __be32 ip, __be16 port)
 27 {
 28         enum ip_conntrack_info ctinfo;
 29         struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
 30         struct {
 31                 __be32 ip;
 32                 __be16 port;
 33         } __attribute__ ((__packed__)) buf;
 34         const struct tcphdr *th;
 35         struct tcphdr _tcph;
 36 
 37         buf.ip = ip;
 38         buf.port = port;
 39         addroff += dataoff;
 40 
 41         if (ip_hdr(skb)->protocol == IPPROTO_TCP) {
 42                 if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo,
 43                                               protoff, addroff, sizeof(buf),
 44                                               (char *) &buf, sizeof(buf))) {
 45                         net_notice_ratelimited("nf_nat_h323: nf_nat_mangle_tcp_packet error\n");
 46                         return -1;
 47                 }
 48 
 49                 /* Relocate data pointer */
 50                 th = skb_header_pointer(skb, ip_hdrlen(skb),
 51                                         sizeof(_tcph), &_tcph);
 52                 if (th == NULL)
 53                         return -1;
 54                 *data = skb->data + ip_hdrlen(skb) + th->doff * 4 + dataoff;
 55         } else {
 56                 if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo,
 57                                               protoff, addroff, sizeof(buf),
 58                                               (char *) &buf, sizeof(buf))) {
 59                         net_notice_ratelimited("nf_nat_h323: nf_nat_mangle_udp_packet error\n");
 60                         return -1;
 61                 }
 62                 /* nf_nat_mangle_udp_packet uses skb_make_writable() to copy
 63                  * or pull everything in a linear buffer, so we can safely
 64                  * use the skb pointers now */
 65                 *data = skb->data + ip_hdrlen(skb) + sizeof(struct udphdr);
 66         }
 67 
 68         return 0;
 69 }
 70 
 71 /****************************************************************************/
 72 static int set_h225_addr(struct sk_buff *skb, unsigned int protoff,
 73                          unsigned char **data, int dataoff,
 74                          TransportAddress *taddr,
 75                          union nf_inet_addr *addr, __be16 port)
 76 {
 77         return set_addr(skb, protoff, data, dataoff, taddr->ipAddress.ip,
 78                         addr->ip, port);
 79 }
 80 
 81 /****************************************************************************/
 82 static int set_h245_addr(struct sk_buff *skb, unsigned protoff,
 83                          unsigned char **data, int dataoff,
 84                          H245_TransportAddress *taddr,
 85                          union nf_inet_addr *addr, __be16 port)
 86 {
 87         return set_addr(skb, protoff, data, dataoff,
 88                         taddr->unicastAddress.iPAddress.network,
 89                         addr->ip, port);
 90 }
 91 
 92 /****************************************************************************/
 93 static int set_sig_addr(struct sk_buff *skb, struct nf_conn *ct,
 94                         enum ip_conntrack_info ctinfo,
 95                         unsigned int protoff, unsigned char **data,
 96                         TransportAddress *taddr, int count)
 97 {
 98         const struct nf_ct_h323_master *info = nfct_help_data(ct);
 99         int dir = CTINFO2DIR(ctinfo);
100         int i;
101         __be16 port;
102         union nf_inet_addr addr;
103 
104         for (i = 0; i < count; i++) {
105                 if (get_h225_addr(ct, *data, &taddr[i], &addr, &port)) {
106                         if (addr.ip == ct->tuplehash[dir].tuple.src.u3.ip &&
107                             port == info->sig_port[dir]) {
108                                 /* GW->GK */
109 
110                                 /* Fix for Gnomemeeting */
111                                 if (i > 0 &&
112                                     get_h225_addr(ct, *data, &taddr[0],
113                                                   &addr, &port) &&
114                                     (ntohl(addr.ip) & 0xff000000) == 0x7f000000)
115                                         i = 0;
116 
117                                 pr_debug("nf_nat_ras: set signal address %pI4:%hu->%pI4:%hu\n",
118                                          &addr.ip, port,
119                                          &ct->tuplehash[!dir].tuple.dst.u3.ip,
120                                          info->sig_port[!dir]);
121                                 return set_h225_addr(skb, protoff, data, 0,
122                                                      &taddr[i],
123                                                      &ct->tuplehash[!dir].
124                                                      tuple.dst.u3,
125                                                      info->sig_port[!dir]);
126                         } else if (addr.ip == ct->tuplehash[dir].tuple.dst.u3.ip &&
127                                    port == info->sig_port[dir]) {
128                                 /* GK->GW */
129                                 pr_debug("nf_nat_ras: set signal address %pI4:%hu->%pI4:%hu\n",
130                                          &addr.ip, port,
131                                          &ct->tuplehash[!dir].tuple.src.u3.ip,
132                                          info->sig_port[!dir]);
133                                 return set_h225_addr(skb, protoff, data, 0,
134                                                      &taddr[i],
135                                                      &ct->tuplehash[!dir].
136                                                      tuple.src.u3,
137                                                      info->sig_port[!dir]);
138                         }
139                 }
140         }
141 
142         return 0;
143 }
144 
145 /****************************************************************************/
146 static int set_ras_addr(struct sk_buff *skb, struct nf_conn *ct,
147                         enum ip_conntrack_info ctinfo,
148                         unsigned int protoff, unsigned char **data,
149                         TransportAddress *taddr, int count)
150 {
151         int dir = CTINFO2DIR(ctinfo);
152         int i;
153         __be16 port;
154         union nf_inet_addr addr;
155 
156         for (i = 0; i < count; i++) {
157                 if (get_h225_addr(ct, *data, &taddr[i], &addr, &port) &&
158                     addr.ip == ct->tuplehash[dir].tuple.src.u3.ip &&
159                     port == ct->tuplehash[dir].tuple.src.u.udp.port) {
160                         pr_debug("nf_nat_ras: set rasAddress %pI4:%hu->%pI4:%hu\n",
161                                  &addr.ip, ntohs(port),
162                                  &ct->tuplehash[!dir].tuple.dst.u3.ip,
163                                  ntohs(ct->tuplehash[!dir].tuple.dst.u.udp.port));
164                         return set_h225_addr(skb, protoff, data, 0, &taddr[i],
165                                              &ct->tuplehash[!dir].tuple.dst.u3,
166                                              ct->tuplehash[!dir].tuple.
167                                                                 dst.u.udp.port);
168                 }
169         }
170 
171         return 0;
172 }
173 
174 /****************************************************************************/
175 static int nat_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
176                         enum ip_conntrack_info ctinfo,
177                         unsigned int protoff, unsigned char **data, int dataoff,
178                         H245_TransportAddress *taddr,
179                         __be16 port, __be16 rtp_port,
180                         struct nf_conntrack_expect *rtp_exp,
181                         struct nf_conntrack_expect *rtcp_exp)
182 {
183         struct nf_ct_h323_master *info = nfct_help_data(ct);
184         int dir = CTINFO2DIR(ctinfo);
185         int i;
186         u_int16_t nated_port;
187 
188         /* Set expectations for NAT */
189         rtp_exp->saved_proto.udp.port = rtp_exp->tuple.dst.u.udp.port;
190         rtp_exp->expectfn = nf_nat_follow_master;
191         rtp_exp->dir = !dir;
192         rtcp_exp->saved_proto.udp.port = rtcp_exp->tuple.dst.u.udp.port;
193         rtcp_exp->expectfn = nf_nat_follow_master;
194         rtcp_exp->dir = !dir;
195 
196         /* Lookup existing expects */
197         for (i = 0; i < H323_RTP_CHANNEL_MAX; i++) {
198                 if (info->rtp_port[i][dir] == rtp_port) {
199                         /* Expected */
200 
201                         /* Use allocated ports first. This will refresh
202                          * the expects */
203                         rtp_exp->tuple.dst.u.udp.port = info->rtp_port[i][dir];
204                         rtcp_exp->tuple.dst.u.udp.port =
205                             htons(ntohs(info->rtp_port[i][dir]) + 1);
206                         break;
207                 } else if (info->rtp_port[i][dir] == 0) {
208                         /* Not expected */
209                         break;
210                 }
211         }
212 
213         /* Run out of expectations */
214         if (i >= H323_RTP_CHANNEL_MAX) {
215                 net_notice_ratelimited("nf_nat_h323: out of expectations\n");
216                 return 0;
217         }
218 
219         /* Try to get a pair of ports. */
220         for (nated_port = ntohs(rtp_exp->tuple.dst.u.udp.port);
221              nated_port != 0; nated_port += 2) {
222                 int ret;
223 
224                 rtp_exp->tuple.dst.u.udp.port = htons(nated_port);
225                 ret = nf_ct_expect_related(rtp_exp);
226                 if (ret == 0) {
227                         rtcp_exp->tuple.dst.u.udp.port =
228                             htons(nated_port + 1);
229                         ret = nf_ct_expect_related(rtcp_exp);
230                         if (ret == 0)
231                                 break;
232                         else if (ret == -EBUSY) {
233                                 nf_ct_unexpect_related(rtp_exp);
234                                 continue;
235                         } else if (ret < 0) {
236                                 nf_ct_unexpect_related(rtp_exp);
237                                 nated_port = 0;
238                                 break;
239                         }
240                 } else if (ret != -EBUSY) {
241                         nated_port = 0;
242                         break;
243                 }
244         }
245 
246         if (nated_port == 0) {  /* No port available */
247                 net_notice_ratelimited("nf_nat_h323: out of RTP ports\n");
248                 return 0;
249         }
250 
251         /* Modify signal */
252         if (set_h245_addr(skb, protoff, data, dataoff, taddr,
253                           &ct->tuplehash[!dir].tuple.dst.u3,
254                           htons((port & htons(1)) ? nated_port + 1 :
255                                                     nated_port)) == 0) {
256                 /* Save ports */
257                 info->rtp_port[i][dir] = rtp_port;
258                 info->rtp_port[i][!dir] = htons(nated_port);
259         } else {
260                 nf_ct_unexpect_related(rtp_exp);
261                 nf_ct_unexpect_related(rtcp_exp);
262                 return -1;
263         }
264 
265         /* Success */
266         pr_debug("nf_nat_h323: expect RTP %pI4:%hu->%pI4:%hu\n",
267                  &rtp_exp->tuple.src.u3.ip,
268                  ntohs(rtp_exp->tuple.src.u.udp.port),
269                  &rtp_exp->tuple.dst.u3.ip,
270                  ntohs(rtp_exp->tuple.dst.u.udp.port));
271         pr_debug("nf_nat_h323: expect RTCP %pI4:%hu->%pI4:%hu\n",
272                  &rtcp_exp->tuple.src.u3.ip,
273                  ntohs(rtcp_exp->tuple.src.u.udp.port),
274                  &rtcp_exp->tuple.dst.u3.ip,
275                  ntohs(rtcp_exp->tuple.dst.u.udp.port));
276 
277         return 0;
278 }
279 
280 /****************************************************************************/
281 static int nat_t120(struct sk_buff *skb, struct nf_conn *ct,
282                     enum ip_conntrack_info ctinfo,
283                     unsigned int protoff, unsigned char **data, int dataoff,
284                     H245_TransportAddress *taddr, __be16 port,
285                     struct nf_conntrack_expect *exp)
286 {
287         int dir = CTINFO2DIR(ctinfo);
288         u_int16_t nated_port = ntohs(port);
289 
290         /* Set expectations for NAT */
291         exp->saved_proto.tcp.port = exp->tuple.dst.u.tcp.port;
292         exp->expectfn = nf_nat_follow_master;
293         exp->dir = !dir;
294 
295         /* Try to get same port: if not, try to change it. */
296         for (; nated_port != 0; nated_port++) {
297                 int ret;
298 
299                 exp->tuple.dst.u.tcp.port = htons(nated_port);
300                 ret = nf_ct_expect_related(exp);
301                 if (ret == 0)
302                         break;
303                 else if (ret != -EBUSY) {
304                         nated_port = 0;
305                         break;
306                 }
307         }
308 
309         if (nated_port == 0) {  /* No port available */
310                 net_notice_ratelimited("nf_nat_h323: out of TCP ports\n");
311                 return 0;
312         }
313 
314         /* Modify signal */
315         if (set_h245_addr(skb, protoff, data, dataoff, taddr,
316                           &ct->tuplehash[!dir].tuple.dst.u3,
317                           htons(nated_port)) < 0) {
318                 nf_ct_unexpect_related(exp);
319                 return -1;
320         }
321 
322         pr_debug("nf_nat_h323: expect T.120 %pI4:%hu->%pI4:%hu\n",
323                  &exp->tuple.src.u3.ip,
324                  ntohs(exp->tuple.src.u.tcp.port),
325                  &exp->tuple.dst.u3.ip,
326                  ntohs(exp->tuple.dst.u.tcp.port));
327 
328         return 0;
329 }
330 
331 /****************************************************************************/
332 static int nat_h245(struct sk_buff *skb, struct nf_conn *ct,
333                     enum ip_conntrack_info ctinfo,
334                     unsigned int protoff, unsigned char **data, int dataoff,
335                     TransportAddress *taddr, __be16 port,
336                     struct nf_conntrack_expect *exp)
337 {
338         struct nf_ct_h323_master *info = nfct_help_data(ct);
339         int dir = CTINFO2DIR(ctinfo);
340         u_int16_t nated_port = ntohs(port);
341 
342         /* Set expectations for NAT */
343         exp->saved_proto.tcp.port = exp->tuple.dst.u.tcp.port;
344         exp->expectfn = nf_nat_follow_master;
345         exp->dir = !dir;
346 
347         /* Check existing expects */
348         if (info->sig_port[dir] == port)
349                 nated_port = ntohs(info->sig_port[!dir]);
350 
351         /* Try to get same port: if not, try to change it. */
352         for (; nated_port != 0; nated_port++) {
353                 int ret;
354 
355                 exp->tuple.dst.u.tcp.port = htons(nated_port);
356                 ret = nf_ct_expect_related(exp);
357                 if (ret == 0)
358                         break;
359                 else if (ret != -EBUSY) {
360                         nated_port = 0;
361                         break;
362                 }
363         }
364 
365         if (nated_port == 0) {  /* No port available */
366                 net_notice_ratelimited("nf_nat_q931: out of TCP ports\n");
367                 return 0;
368         }
369 
370         /* Modify signal */
371         if (set_h225_addr(skb, protoff, data, dataoff, taddr,
372                           &ct->tuplehash[!dir].tuple.dst.u3,
373                           htons(nated_port)) == 0) {
374                 /* Save ports */
375                 info->sig_port[dir] = port;
376                 info->sig_port[!dir] = htons(nated_port);
377         } else {
378                 nf_ct_unexpect_related(exp);
379                 return -1;
380         }
381 
382         pr_debug("nf_nat_q931: expect H.245 %pI4:%hu->%pI4:%hu\n",
383                  &exp->tuple.src.u3.ip,
384                  ntohs(exp->tuple.src.u.tcp.port),
385                  &exp->tuple.dst.u3.ip,
386                  ntohs(exp->tuple.dst.u.tcp.port));
387 
388         return 0;
389 }
390 
391 /****************************************************************************
392  * This conntrack expect function replaces nf_conntrack_q931_expect()
393  * which was set by nf_conntrack_h323.c.
394  ****************************************************************************/
395 static void ip_nat_q931_expect(struct nf_conn *new,
396                                struct nf_conntrack_expect *this)
397 {
398         struct nf_nat_range range;
399 
400         if (this->tuple.src.u3.ip != 0) {       /* Only accept calls from GK */
401                 nf_nat_follow_master(new, this);
402                 return;
403         }
404 
405         /* This must be a fresh one. */
406         BUG_ON(new->status & IPS_NAT_DONE_MASK);
407 
408         /* Change src to where master sends to */
409         range.flags = NF_NAT_RANGE_MAP_IPS;
410         range.min_addr = range.max_addr =
411             new->tuplehash[!this->dir].tuple.src.u3;
412         nf_nat_setup_info(new, &range, NF_NAT_MANIP_SRC);
413 
414         /* For DST manip, map port here to where it's expected. */
415         range.flags = (NF_NAT_RANGE_MAP_IPS | NF_NAT_RANGE_PROTO_SPECIFIED);
416         range.min_proto = range.max_proto = this->saved_proto;
417         range.min_addr = range.max_addr =
418             new->master->tuplehash[!this->dir].tuple.src.u3;
419         nf_nat_setup_info(new, &range, NF_NAT_MANIP_DST);
420 }
421 
422 /****************************************************************************/
423 static int nat_q931(struct sk_buff *skb, struct nf_conn *ct,
424                     enum ip_conntrack_info ctinfo,
425                     unsigned int protoff, unsigned char **data,
426                     TransportAddress *taddr, int idx,
427                     __be16 port, struct nf_conntrack_expect *exp)
428 {
429         struct nf_ct_h323_master *info = nfct_help_data(ct);
430         int dir = CTINFO2DIR(ctinfo);
431         u_int16_t nated_port = ntohs(port);
432         union nf_inet_addr addr;
433 
434         /* Set expectations for NAT */
435         exp->saved_proto.tcp.port = exp->tuple.dst.u.tcp.port;
436         exp->expectfn = ip_nat_q931_expect;
437         exp->dir = !dir;
438 
439         /* Check existing expects */
440         if (info->sig_port[dir] == port)
441                 nated_port = ntohs(info->sig_port[!dir]);
442 
443         /* Try to get same port: if not, try to change it. */
444         for (; nated_port != 0; nated_port++) {
445                 int ret;
446 
447                 exp->tuple.dst.u.tcp.port = htons(nated_port);
448                 ret = nf_ct_expect_related(exp);
449                 if (ret == 0)
450                         break;
451                 else if (ret != -EBUSY) {
452                         nated_port = 0;
453                         break;
454                 }
455         }
456 
457         if (nated_port == 0) {  /* No port available */
458                 net_notice_ratelimited("nf_nat_ras: out of TCP ports\n");
459                 return 0;
460         }
461 
462         /* Modify signal */
463         if (set_h225_addr(skb, protoff, data, 0, &taddr[idx],
464                           &ct->tuplehash[!dir].tuple.dst.u3,
465                           htons(nated_port)) == 0) {
466                 /* Save ports */
467                 info->sig_port[dir] = port;
468                 info->sig_port[!dir] = htons(nated_port);
469 
470                 /* Fix for Gnomemeeting */
471                 if (idx > 0 &&
472                     get_h225_addr(ct, *data, &taddr[0], &addr, &port) &&
473                     (ntohl(addr.ip) & 0xff000000) == 0x7f000000) {
474                         set_h225_addr(skb, protoff, data, 0, &taddr[0],
475                                       &ct->tuplehash[!dir].tuple.dst.u3,
476                                       info->sig_port[!dir]);
477                 }
478         } else {
479                 nf_ct_unexpect_related(exp);
480                 return -1;
481         }
482 
483         /* Success */
484         pr_debug("nf_nat_ras: expect Q.931 %pI4:%hu->%pI4:%hu\n",
485                  &exp->tuple.src.u3.ip,
486                  ntohs(exp->tuple.src.u.tcp.port),
487                  &exp->tuple.dst.u3.ip,
488                  ntohs(exp->tuple.dst.u.tcp.port));
489 
490         return 0;
491 }
492 
493 /****************************************************************************/
494 static void ip_nat_callforwarding_expect(struct nf_conn *new,
495                                          struct nf_conntrack_expect *this)
496 {
497         struct nf_nat_range range;
498 
499         /* This must be a fresh one. */
500         BUG_ON(new->status & IPS_NAT_DONE_MASK);
501 
502         /* Change src to where master sends to */
503         range.flags = NF_NAT_RANGE_MAP_IPS;
504         range.min_addr = range.max_addr =
505             new->tuplehash[!this->dir].tuple.src.u3;
506         nf_nat_setup_info(new, &range, NF_NAT_MANIP_SRC);
507 
508         /* For DST manip, map port here to where it's expected. */
509         range.flags = (NF_NAT_RANGE_MAP_IPS | NF_NAT_RANGE_PROTO_SPECIFIED);
510         range.min_proto = range.max_proto = this->saved_proto;
511         range.min_addr = range.max_addr = this->saved_addr;
512         nf_nat_setup_info(new, &range, NF_NAT_MANIP_DST);
513 }
514 
515 /****************************************************************************/
516 static int nat_callforwarding(struct sk_buff *skb, struct nf_conn *ct,
517                               enum ip_conntrack_info ctinfo,
518                               unsigned int protoff,
519                               unsigned char **data, int dataoff,
520                               TransportAddress *taddr, __be16 port,
521                               struct nf_conntrack_expect *exp)
522 {
523         int dir = CTINFO2DIR(ctinfo);
524         u_int16_t nated_port;
525 
526         /* Set expectations for NAT */
527         exp->saved_addr = exp->tuple.dst.u3;
528         exp->tuple.dst.u3.ip = ct->tuplehash[!dir].tuple.dst.u3.ip;
529         exp->saved_proto.tcp.port = exp->tuple.dst.u.tcp.port;
530         exp->expectfn = ip_nat_callforwarding_expect;
531         exp->dir = !dir;
532 
533         /* Try to get same port: if not, try to change it. */
534         for (nated_port = ntohs(port); nated_port != 0; nated_port++) {
535                 int ret;
536 
537                 exp->tuple.dst.u.tcp.port = htons(nated_port);
538                 ret = nf_ct_expect_related(exp);
539                 if (ret == 0)
540                         break;
541                 else if (ret != -EBUSY) {
542                         nated_port = 0;
543                         break;
544                 }
545         }
546 
547         if (nated_port == 0) {  /* No port available */
548                 net_notice_ratelimited("nf_nat_q931: out of TCP ports\n");
549                 return 0;
550         }
551 
552         /* Modify signal */
553         if (!set_h225_addr(skb, protoff, data, dataoff, taddr,
554                            &ct->tuplehash[!dir].tuple.dst.u3,
555                            htons(nated_port)) == 0) {
556                 nf_ct_unexpect_related(exp);
557                 return -1;
558         }
559 
560         /* Success */
561         pr_debug("nf_nat_q931: expect Call Forwarding %pI4:%hu->%pI4:%hu\n",
562                  &exp->tuple.src.u3.ip,
563                  ntohs(exp->tuple.src.u.tcp.port),
564                  &exp->tuple.dst.u3.ip,
565                  ntohs(exp->tuple.dst.u.tcp.port));
566 
567         return 0;
568 }
569 
570 static struct nf_ct_helper_expectfn q931_nat = {
571         .name           = "Q.931",
572         .expectfn       = ip_nat_q931_expect,
573 };
574 
575 static struct nf_ct_helper_expectfn callforwarding_nat = {
576         .name           = "callforwarding",
577         .expectfn       = ip_nat_callforwarding_expect,
578 };
579 
580 /****************************************************************************/
581 static int __init init(void)
582 {
583         BUG_ON(set_h245_addr_hook != NULL);
584         BUG_ON(set_h225_addr_hook != NULL);
585         BUG_ON(set_sig_addr_hook != NULL);
586         BUG_ON(set_ras_addr_hook != NULL);
587         BUG_ON(nat_rtp_rtcp_hook != NULL);
588         BUG_ON(nat_t120_hook != NULL);
589         BUG_ON(nat_h245_hook != NULL);
590         BUG_ON(nat_callforwarding_hook != NULL);
591         BUG_ON(nat_q931_hook != NULL);
592 
593         RCU_INIT_POINTER(set_h245_addr_hook, set_h245_addr);
594         RCU_INIT_POINTER(set_h225_addr_hook, set_h225_addr);
595         RCU_INIT_POINTER(set_sig_addr_hook, set_sig_addr);
596         RCU_INIT_POINTER(set_ras_addr_hook, set_ras_addr);
597         RCU_INIT_POINTER(nat_rtp_rtcp_hook, nat_rtp_rtcp);
598         RCU_INIT_POINTER(nat_t120_hook, nat_t120);
599         RCU_INIT_POINTER(nat_h245_hook, nat_h245);
600         RCU_INIT_POINTER(nat_callforwarding_hook, nat_callforwarding);
601         RCU_INIT_POINTER(nat_q931_hook, nat_q931);
602         nf_ct_helper_expectfn_register(&q931_nat);
603         nf_ct_helper_expectfn_register(&callforwarding_nat);
604         return 0;
605 }
606 
607 /****************************************************************************/
608 static void __exit fini(void)
609 {
610         RCU_INIT_POINTER(set_h245_addr_hook, NULL);
611         RCU_INIT_POINTER(set_h225_addr_hook, NULL);
612         RCU_INIT_POINTER(set_sig_addr_hook, NULL);
613         RCU_INIT_POINTER(set_ras_addr_hook, NULL);
614         RCU_INIT_POINTER(nat_rtp_rtcp_hook, NULL);
615         RCU_INIT_POINTER(nat_t120_hook, NULL);
616         RCU_INIT_POINTER(nat_h245_hook, NULL);
617         RCU_INIT_POINTER(nat_callforwarding_hook, NULL);
618         RCU_INIT_POINTER(nat_q931_hook, NULL);
619         nf_ct_helper_expectfn_unregister(&q931_nat);
620         nf_ct_helper_expectfn_unregister(&callforwarding_nat);
621         synchronize_rcu();
622 }
623 
624 /****************************************************************************/
625 module_init(init);
626 module_exit(fini);
627 
628 MODULE_AUTHOR("Jing Min Zhao <zhaojingmin@users.sourceforge.net>");
629 MODULE_DESCRIPTION("H.323 NAT helper");
630 MODULE_LICENSE("GPL");
631 MODULE_ALIAS("ip_nat_h323");
632 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp