1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * H.323 connection tracking helper 4 * 5 * Copyright (c) 2006 Jing Min Zhao <zhaojingmin@users.sourceforge.net> 6 * Copyright (c) 2006-2012 Patrick McHardy <kaber@trash.net> 7 * 8 * Based on the 'brute force' H.323 connection tracking module by 9 * Jozsef Kadlecsik <kadlec@netfilter.org> 10 * 11 * For more information, please see http://nath323.sourceforge.net/ 12 */ 13 14 #include <linux/module.h> 15 #include <linux/moduleparam.h> 16 #include <linux/ctype.h> 17 #include <linux/inet.h> 18 #include <linux/in.h> 19 #include <linux/ip.h> 20 #include <linux/slab.h> 21 #include <linux/udp.h> 22 #include <linux/tcp.h> 23 #include <linux/skbuff.h> 24 #include <net/route.h> 25 #include <net/ip6_route.h> 26 #include <linux/netfilter_ipv4.h> 27 #include <linux/netfilter_ipv6.h> 28 29 #include <net/netfilter/nf_conntrack.h> 30 #include <net/netfilter/nf_conntrack_core.h> 31 #include <net/netfilter/nf_conntrack_tuple.h> 32 #include <net/netfilter/nf_conntrack_expect.h> 33 #include <net/netfilter/nf_conntrack_ecache.h> 34 #include <net/netfilter/nf_conntrack_helper.h> 35 #include <net/netfilter/nf_conntrack_zones.h> 36 #include <linux/netfilter/nf_conntrack_h323.h> 37 38 #define H323_MAX_SIZE 65535 39 40 /* Parameters */ 41 static unsigned int default_rrq_ttl __read_mostly = 300; 42 module_param(default_rrq_ttl, uint, 0600); 43 MODULE_PARM_DESC(default_rrq_ttl, "use this TTL if it's missing in RRQ"); 44 45 static int gkrouted_only __read_mostly = 1; 46 module_param(gkrouted_only, int, 0600); 47 MODULE_PARM_DESC(gkrouted_only, "only accept calls from gatekeeper"); 48 49 static bool callforward_filter __read_mostly = true; 50 module_param(callforward_filter, bool, 0600); 51 MODULE_PARM_DESC(callforward_filter, "only create call forwarding expectations " 52 "if both endpoints are on different sides " 53 "(determined by routing information)"); 54 55 const struct nfct_h323_nat_hooks __rcu *nfct_h323_nat_hook __read_mostly; 56 EXPORT_SYMBOL_GPL(nfct_h323_nat_hook); 57 58 static DEFINE_SPINLOCK(nf_h323_lock); 59 static char *h323_buffer; 60 61 static struct nf_conntrack_helper nf_conntrack_helper_h245; 62 static struct nf_conntrack_helper nf_conntrack_helper_q931[]; 63 static struct nf_conntrack_helper nf_conntrack_helper_ras[]; 64 65 static int get_tpkt_data(struct sk_buff *skb, unsigned int protoff, 66 struct nf_conn *ct, enum ip_conntrack_info ctinfo, 67 unsigned char **data, int *datalen, int *dataoff) 68 { 69 struct nf_ct_h323_master *info = nfct_help_data(ct); 70 int dir = CTINFO2DIR(ctinfo); 71 const struct tcphdr *th; 72 struct tcphdr _tcph; 73 int tcpdatalen; 74 int tcpdataoff; 75 unsigned char *tpkt; 76 int tpktlen; 77 int tpktoff; 78 79 if (!info) 80 return 0; 81 82 /* Get TCP header */ 83 th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph); 84 if (th == NULL) 85 return 0; 86 87 /* Get TCP data offset */ 88 tcpdataoff = protoff + th->doff * 4; 89 90 /* Get TCP data length */ 91 tcpdatalen = skb->len - tcpdataoff; 92 if (tcpdatalen <= 0) /* No TCP data */ 93 goto clear_out; 94 95 if (tcpdatalen > H323_MAX_SIZE) 96 tcpdatalen = H323_MAX_SIZE; 97 98 if (*data == NULL) { /* first TPKT */ 99 /* Get first TPKT pointer */ 100 tpkt = skb_header_pointer(skb, tcpdataoff, tcpdatalen, 101 h323_buffer); 102 if (!tpkt) 103 goto clear_out; 104 105 /* Validate TPKT identifier */ 106 if (tcpdatalen < 4 || tpkt[0] != 0x03 || tpkt[1] != 0) { 107 /* Netmeeting sends TPKT header and data separately */ 108 if (info->tpkt_len[dir] > 0) { 109 pr_debug("nf_ct_h323: previous packet " 110 "indicated separate TPKT data of %hu " 111 "bytes\n", info->tpkt_len[dir]); 112 if (info->tpkt_len[dir] <= tcpdatalen) { 113 /* Yes, there was a TPKT header 114 * received */ 115 *data = tpkt; 116 *datalen = info->tpkt_len[dir]; 117 *dataoff = 0; 118 goto out; 119 } 120 121 /* Fragmented TPKT */ 122 pr_debug("nf_ct_h323: fragmented TPKT\n"); 123 goto clear_out; 124 } 125 126 /* It is not even a TPKT */ 127 return 0; 128 } 129 tpktoff = 0; 130 } else { /* Next TPKT */ 131 tpktoff = *dataoff + *datalen; 132 tcpdatalen -= tpktoff; 133 if (tcpdatalen <= 4) /* No more TPKT */ 134 goto clear_out; 135 tpkt = *data + *datalen; 136 137 /* Validate TPKT identifier */ 138 if (tpkt[0] != 0x03 || tpkt[1] != 0) 139 goto clear_out; 140 } 141 142 /* Validate TPKT length */ 143 tpktlen = tpkt[2] * 256 + tpkt[3]; 144 if (tpktlen < 4) 145 goto clear_out; 146 if (tpktlen > tcpdatalen) { 147 if (tcpdatalen == 4) { /* Separate TPKT header */ 148 /* Netmeeting sends TPKT header and data separately */ 149 pr_debug("nf_ct_h323: separate TPKT header indicates " 150 "there will be TPKT data of %d bytes\n", 151 tpktlen - 4); 152 info->tpkt_len[dir] = tpktlen - 4; 153 return 0; 154 } 155 156 pr_debug("nf_ct_h323: incomplete TPKT (fragmented?)\n"); 157 goto clear_out; 158 } 159 160 /* This is the encapsulated data */ 161 *data = tpkt + 4; 162 *datalen = tpktlen - 4; 163 *dataoff = tpktoff + 4; 164 165 out: 166 /* Clear TPKT length */ 167 info->tpkt_len[dir] = 0; 168 return 1; 169 170 clear_out: 171 info->tpkt_len[dir] = 0; 172 return 0; 173 } 174 175 static int get_h245_addr(struct nf_conn *ct, const unsigned char *data, 176 H245_TransportAddress *taddr, 177 union nf_inet_addr *addr, __be16 *port) 178 { 179 const unsigned char *p; 180 int len; 181 182 if (taddr->choice != eH245_TransportAddress_unicastAddress) 183 return 0; 184 185 switch (taddr->unicastAddress.choice) { 186 case eUnicastAddress_iPAddress: 187 if (nf_ct_l3num(ct) != AF_INET) 188 return 0; 189 p = data + taddr->unicastAddress.iPAddress.network; 190 len = 4; 191 break; 192 case eUnicastAddress_iP6Address: 193 if (nf_ct_l3num(ct) != AF_INET6) 194 return 0; 195 p = data + taddr->unicastAddress.iP6Address.network; 196 len = 16; 197 break; 198 default: 199 return 0; 200 } 201 202 memcpy(addr, p, len); 203 memset((void *)addr + len, 0, sizeof(*addr) - len); 204 memcpy(port, p + len, sizeof(__be16)); 205 206 return 1; 207 } 208 209 static int expect_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct, 210 enum ip_conntrack_info ctinfo, 211 unsigned int protoff, 212 unsigned char **data, int dataoff, 213 H245_TransportAddress *taddr) 214 { 215 const struct nfct_h323_nat_hooks *nathook; 216 int dir = CTINFO2DIR(ctinfo); 217 int ret = 0; 218 __be16 port; 219 __be16 rtp_port, rtcp_port; 220 union nf_inet_addr addr; 221 struct nf_conntrack_expect *rtp_exp; 222 struct nf_conntrack_expect *rtcp_exp; 223 224 /* Read RTP or RTCP address */ 225 if (!get_h245_addr(ct, *data, taddr, &addr, &port) || 226 memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) || 227 port == 0) 228 return 0; 229 230 /* RTP port is even */ 231 rtp_port = port & ~htons(1); 232 rtcp_port = port | htons(1); 233 234 /* Create expect for RTP */ 235 if ((rtp_exp = nf_ct_expect_alloc(ct)) == NULL) 236 return -1; 237 nf_ct_expect_init(rtp_exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct), 238 &ct->tuplehash[!dir].tuple.src.u3, 239 &ct->tuplehash[!dir].tuple.dst.u3, 240 IPPROTO_UDP, NULL, &rtp_port); 241 242 /* Create expect for RTCP */ 243 if ((rtcp_exp = nf_ct_expect_alloc(ct)) == NULL) { 244 nf_ct_expect_put(rtp_exp); 245 return -1; 246 } 247 nf_ct_expect_init(rtcp_exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct), 248 &ct->tuplehash[!dir].tuple.src.u3, 249 &ct->tuplehash[!dir].tuple.dst.u3, 250 IPPROTO_UDP, NULL, &rtcp_port); 251 252 nathook = rcu_dereference(nfct_h323_nat_hook); 253 if (memcmp(&ct->tuplehash[dir].tuple.src.u3, 254 &ct->tuplehash[!dir].tuple.dst.u3, 255 sizeof(ct->tuplehash[dir].tuple.src.u3)) && 256 nathook && 257 nf_ct_l3num(ct) == NFPROTO_IPV4 && 258 ct->status & IPS_NAT_MASK) { 259 /* NAT needed */ 260 ret = nathook->nat_rtp_rtcp(skb, ct, ctinfo, protoff, data, dataoff, 261 taddr, port, rtp_port, rtp_exp, rtcp_exp); 262 } else { /* Conntrack only */ 263 if (nf_ct_expect_related(rtp_exp, 0) == 0) { 264 if (nf_ct_expect_related(rtcp_exp, 0) == 0) { 265 pr_debug("nf_ct_h323: expect RTP "); 266 nf_ct_dump_tuple(&rtp_exp->tuple); 267 pr_debug("nf_ct_h323: expect RTCP "); 268 nf_ct_dump_tuple(&rtcp_exp->tuple); 269 } else { 270 nf_ct_unexpect_related(rtp_exp); 271 ret = -1; 272 } 273 } else 274 ret = -1; 275 } 276 277 nf_ct_expect_put(rtp_exp); 278 nf_ct_expect_put(rtcp_exp); 279 280 return ret; 281 } 282 283 static int expect_t120(struct sk_buff *skb, 284 struct nf_conn *ct, 285 enum ip_conntrack_info ctinfo, 286 unsigned int protoff, 287 unsigned char **data, int dataoff, 288 H245_TransportAddress *taddr) 289 { 290 const struct nfct_h323_nat_hooks *nathook; 291 int dir = CTINFO2DIR(ctinfo); 292 int ret = 0; 293 __be16 port; 294 union nf_inet_addr addr; 295 struct nf_conntrack_expect *exp; 296 297 /* Read T.120 address */ 298 if (!get_h245_addr(ct, *data, taddr, &addr, &port) || 299 memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) || 300 port == 0) 301 return 0; 302 303 /* Create expect for T.120 connections */ 304 if ((exp = nf_ct_expect_alloc(ct)) == NULL) 305 return -1; 306 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct), 307 &ct->tuplehash[!dir].tuple.src.u3, 308 &ct->tuplehash[!dir].tuple.dst.u3, 309 IPPROTO_TCP, NULL, &port); 310 exp->flags = NF_CT_EXPECT_PERMANENT; /* Accept multiple channels */ 311 312 nathook = rcu_dereference(nfct_h323_nat_hook); 313 if (memcmp(&ct->tuplehash[dir].tuple.src.u3, 314 &ct->tuplehash[!dir].tuple.dst.u3, 315 sizeof(ct->tuplehash[dir].tuple.src.u3)) && 316 nathook && 317 nf_ct_l3num(ct) == NFPROTO_IPV4 && 318 ct->status & IPS_NAT_MASK) { 319 /* NAT needed */ 320 ret = nathook->nat_t120(skb, ct, ctinfo, protoff, data, 321 dataoff, taddr, port, exp); 322 } else { /* Conntrack only */ 323 if (nf_ct_expect_related(exp, 0) == 0) { 324 pr_debug("nf_ct_h323: expect T.120 "); 325 nf_ct_dump_tuple(&exp->tuple); 326 } else 327 ret = -1; 328 } 329 330 nf_ct_expect_put(exp); 331 332 return ret; 333 } 334 335 static int process_h245_channel(struct sk_buff *skb, 336 struct nf_conn *ct, 337 enum ip_conntrack_info ctinfo, 338 unsigned int protoff, 339 unsigned char **data, int dataoff, 340 H2250LogicalChannelParameters *channel) 341 { 342 int ret; 343 344 if (channel->options & eH2250LogicalChannelParameters_mediaChannel) { 345 /* RTP */ 346 ret = expect_rtp_rtcp(skb, ct, ctinfo, protoff, data, dataoff, 347 &channel->mediaChannel); 348 if (ret < 0) 349 return -1; 350 } 351 352 if (channel-> 353 options & eH2250LogicalChannelParameters_mediaControlChannel) { 354 /* RTCP */ 355 ret = expect_rtp_rtcp(skb, ct, ctinfo, protoff, data, dataoff, 356 &channel->mediaControlChannel); 357 if (ret < 0) 358 return -1; 359 } 360 361 return 0; 362 } 363 364 static int process_olc(struct sk_buff *skb, struct nf_conn *ct, 365 enum ip_conntrack_info ctinfo, 366 unsigned int protoff, 367 unsigned char **data, int dataoff, 368 OpenLogicalChannel *olc) 369 { 370 int ret; 371 372 pr_debug("nf_ct_h323: OpenLogicalChannel\n"); 373 374 if (olc->forwardLogicalChannelParameters.multiplexParameters.choice == 375 eOpenLogicalChannel_forwardLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters) 376 { 377 ret = process_h245_channel(skb, ct, ctinfo, 378 protoff, data, dataoff, 379 &olc-> 380 forwardLogicalChannelParameters. 381 multiplexParameters. 382 h2250LogicalChannelParameters); 383 if (ret < 0) 384 return -1; 385 } 386 387 if ((olc->options & 388 eOpenLogicalChannel_reverseLogicalChannelParameters) && 389 (olc->reverseLogicalChannelParameters.options & 390 eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters) 391 && (olc->reverseLogicalChannelParameters.multiplexParameters. 392 choice == 393 eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)) 394 { 395 ret = 396 process_h245_channel(skb, ct, ctinfo, 397 protoff, data, dataoff, 398 &olc-> 399 reverseLogicalChannelParameters. 400 multiplexParameters. 401 h2250LogicalChannelParameters); 402 if (ret < 0) 403 return -1; 404 } 405 406 if ((olc->options & eOpenLogicalChannel_separateStack) && 407 olc->forwardLogicalChannelParameters.dataType.choice == 408 eDataType_data && 409 olc->forwardLogicalChannelParameters.dataType.data.application. 410 choice == eDataApplicationCapability_application_t120 && 411 olc->forwardLogicalChannelParameters.dataType.data.application. 412 t120.choice == eDataProtocolCapability_separateLANStack && 413 olc->separateStack.networkAddress.choice == 414 eNetworkAccessParameters_networkAddress_localAreaAddress) { 415 ret = expect_t120(skb, ct, ctinfo, protoff, data, dataoff, 416 &olc->separateStack.networkAddress. 417 localAreaAddress); 418 if (ret < 0) 419 return -1; 420 } 421 422 return 0; 423 } 424 425 static int process_olca(struct sk_buff *skb, struct nf_conn *ct, 426 enum ip_conntrack_info ctinfo, 427 unsigned int protoff, unsigned char **data, int dataoff, 428 OpenLogicalChannelAck *olca) 429 { 430 H2250LogicalChannelAckParameters *ack; 431 int ret; 432 433 pr_debug("nf_ct_h323: OpenLogicalChannelAck\n"); 434 435 if ((olca->options & 436 eOpenLogicalChannelAck_reverseLogicalChannelParameters) && 437 (olca->reverseLogicalChannelParameters.options & 438 eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters) 439 && (olca->reverseLogicalChannelParameters.multiplexParameters. 440 choice == 441 eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)) 442 { 443 ret = process_h245_channel(skb, ct, ctinfo, 444 protoff, data, dataoff, 445 &olca-> 446 reverseLogicalChannelParameters. 447 multiplexParameters. 448 h2250LogicalChannelParameters); 449 if (ret < 0) 450 return -1; 451 } 452 453 if ((olca->options & 454 eOpenLogicalChannelAck_forwardMultiplexAckParameters) && 455 (olca->forwardMultiplexAckParameters.choice == 456 eOpenLogicalChannelAck_forwardMultiplexAckParameters_h2250LogicalChannelAckParameters)) 457 { 458 ack = &olca->forwardMultiplexAckParameters. 459 h2250LogicalChannelAckParameters; 460 if (ack->options & 461 eH2250LogicalChannelAckParameters_mediaChannel) { 462 /* RTP */ 463 ret = expect_rtp_rtcp(skb, ct, ctinfo, 464 protoff, data, dataoff, 465 &ack->mediaChannel); 466 if (ret < 0) 467 return -1; 468 } 469 470 if (ack->options & 471 eH2250LogicalChannelAckParameters_mediaControlChannel) { 472 /* RTCP */ 473 ret = expect_rtp_rtcp(skb, ct, ctinfo, 474 protoff, data, dataoff, 475 &ack->mediaControlChannel); 476 if (ret < 0) 477 return -1; 478 } 479 } 480 481 if ((olca->options & eOpenLogicalChannelAck_separateStack) && 482 olca->separateStack.networkAddress.choice == 483 eNetworkAccessParameters_networkAddress_localAreaAddress) { 484 ret = expect_t120(skb, ct, ctinfo, protoff, data, dataoff, 485 &olca->separateStack.networkAddress. 486 localAreaAddress); 487 if (ret < 0) 488 return -1; 489 } 490 491 return 0; 492 } 493 494 static int process_h245(struct sk_buff *skb, struct nf_conn *ct, 495 enum ip_conntrack_info ctinfo, 496 unsigned int protoff, unsigned char **data, int dataoff, 497 MultimediaSystemControlMessage *mscm) 498 { 499 switch (mscm->choice) { 500 case eMultimediaSystemControlMessage_request: 501 if (mscm->request.choice == 502 eRequestMessage_openLogicalChannel) { 503 return process_olc(skb, ct, ctinfo, 504 protoff, data, dataoff, 505 &mscm->request.openLogicalChannel); 506 } 507 pr_debug("nf_ct_h323: H.245 Request %d\n", 508 mscm->request.choice); 509 break; 510 case eMultimediaSystemControlMessage_response: 511 if (mscm->response.choice == 512 eResponseMessage_openLogicalChannelAck) { 513 return process_olca(skb, ct, ctinfo, 514 protoff, data, dataoff, 515 &mscm->response. 516 openLogicalChannelAck); 517 } 518 pr_debug("nf_ct_h323: H.245 Response %d\n", 519 mscm->response.choice); 520 break; 521 default: 522 pr_debug("nf_ct_h323: H.245 signal %d\n", mscm->choice); 523 break; 524 } 525 526 return 0; 527 } 528 529 static int h245_help(struct sk_buff *skb, unsigned int protoff, 530 struct nf_conn *ct, enum ip_conntrack_info ctinfo) 531 { 532 static MultimediaSystemControlMessage mscm; 533 unsigned char *data = NULL; 534 int datalen; 535 int dataoff; 536 int ret; 537 538 /* Until there's been traffic both ways, don't look in packets. */ 539 if (ctinfo != IP_CT_ESTABLISHED && ctinfo != IP_CT_ESTABLISHED_REPLY) 540 return NF_ACCEPT; 541 542 pr_debug("nf_ct_h245: skblen = %u\n", skb->len); 543 544 spin_lock_bh(&nf_h323_lock); 545 546 /* Process each TPKT */ 547 while (get_tpkt_data(skb, protoff, ct, ctinfo, 548 &data, &datalen, &dataoff)) { 549 pr_debug("nf_ct_h245: TPKT len=%d ", datalen); 550 nf_ct_dump_tuple(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple); 551 552 /* Decode H.245 signal */ 553 ret = DecodeMultimediaSystemControlMessage(data, datalen, 554 &mscm); 555 if (ret < 0) { 556 pr_debug("nf_ct_h245: decoding error: %s\n", 557 ret == H323_ERROR_BOUND ? 558 "out of bound" : "out of range"); 559 /* We don't drop when decoding error */ 560 break; 561 } 562 563 /* Process H.245 signal */ 564 if (process_h245(skb, ct, ctinfo, protoff, 565 &data, dataoff, &mscm) < 0) 566 goto drop; 567 } 568 569 spin_unlock_bh(&nf_h323_lock); 570 return NF_ACCEPT; 571 572 drop: 573 spin_unlock_bh(&nf_h323_lock); 574 nf_ct_helper_log(skb, ct, "cannot process H.245 message"); 575 return NF_DROP; 576 } 577 578 static const struct nf_conntrack_expect_policy h245_exp_policy = { 579 .max_expected = H323_RTP_CHANNEL_MAX * 4 + 2 /* T.120 */, 580 .timeout = 240, 581 }; 582 583 static struct nf_conntrack_helper nf_conntrack_helper_h245 __read_mostly; 584 static struct nf_conntrack_helper *nf_conntrack_helper_h245_ptr __read_mostly; 585 586 int get_h225_addr(struct nf_conn *ct, unsigned char *data, 587 TransportAddress *taddr, 588 union nf_inet_addr *addr, __be16 *port) 589 { 590 const unsigned char *p; 591 int len; 592 593 switch (taddr->choice) { 594 case eTransportAddress_ipAddress: 595 if (nf_ct_l3num(ct) != AF_INET) 596 return 0; 597 p = data + taddr->ipAddress.ip; 598 len = 4; 599 break; 600 case eTransportAddress_ip6Address: 601 if (nf_ct_l3num(ct) != AF_INET6) 602 return 0; 603 p = data + taddr->ip6Address.ip; 604 len = 16; 605 break; 606 default: 607 return 0; 608 } 609 610 memcpy(addr, p, len); 611 memset((void *)addr + len, 0, sizeof(*addr) - len); 612 memcpy(port, p + len, sizeof(__be16)); 613 614 return 1; 615 } 616 EXPORT_SYMBOL_GPL(get_h225_addr); 617 618 static int expect_h245(struct sk_buff *skb, struct nf_conn *ct, 619 enum ip_conntrack_info ctinfo, 620 unsigned int protoff, unsigned char **data, int dataoff, 621 TransportAddress *taddr) 622 { 623 const struct nfct_h323_nat_hooks *nathook; 624 int dir = CTINFO2DIR(ctinfo); 625 int ret = 0; 626 __be16 port; 627 union nf_inet_addr addr; 628 struct nf_conntrack_expect *exp; 629 630 /* Read h245Address */ 631 if (!get_h225_addr(ct, *data, taddr, &addr, &port) || 632 memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) || 633 port == 0) 634 return 0; 635 636 /* Create expect for h245 connection */ 637 if ((exp = nf_ct_expect_alloc(ct)) == NULL) 638 return -1; 639 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct), 640 &ct->tuplehash[!dir].tuple.src.u3, 641 &ct->tuplehash[!dir].tuple.dst.u3, 642 IPPROTO_TCP, NULL, &port); 643 rcu_assign_pointer(exp->assign_helper, nf_conntrack_helper_h245_ptr); 644 645 nathook = rcu_dereference(nfct_h323_nat_hook); 646 if (memcmp(&ct->tuplehash[dir].tuple.src.u3, 647 &ct->tuplehash[!dir].tuple.dst.u3, 648 sizeof(ct->tuplehash[dir].tuple.src.u3)) && 649 nathook && 650 nf_ct_l3num(ct) == NFPROTO_IPV4 && 651 ct->status & IPS_NAT_MASK) { 652 /* NAT needed */ 653 ret = nathook->nat_h245(skb, ct, ctinfo, protoff, data, 654 dataoff, taddr, port, exp); 655 } else { /* Conntrack only */ 656 if (nf_ct_expect_related(exp, 0) == 0) { 657 pr_debug("nf_ct_q931: expect H.245 "); 658 nf_ct_dump_tuple(&exp->tuple); 659 } else 660 ret = -1; 661 } 662 663 nf_ct_expect_put(exp); 664 665 return ret; 666 } 667 668 /* If the calling party is on the same side of the forward-to party, 669 * we don't need to track the second call 670 */ 671 static int callforward_do_filter(struct net *net, 672 const union nf_inet_addr *src, 673 const union nf_inet_addr *dst, 674 u_int8_t family) 675 { 676 int ret = 0; 677 678 switch (family) { 679 case AF_INET: { 680 struct flowi4 fl1, fl2; 681 struct rtable *rt1, *rt2; 682 683 memset(&fl1, 0, sizeof(fl1)); 684 fl1.daddr = src->ip; 685 686 memset(&fl2, 0, sizeof(fl2)); 687 fl2.daddr = dst->ip; 688 if (!nf_ip_route(net, (struct dst_entry **)&rt1, 689 flowi4_to_flowi(&fl1), false)) { 690 if (!nf_ip_route(net, (struct dst_entry **)&rt2, 691 flowi4_to_flowi(&fl2), false)) { 692 if (rt_nexthop(rt1, fl1.daddr) == 693 rt_nexthop(rt2, fl2.daddr) && 694 rt1->dst.dev == rt2->dst.dev) 695 ret = 1; 696 dst_release(&rt2->dst); 697 } 698 dst_release(&rt1->dst); 699 } 700 break; 701 } 702 #if IS_ENABLED(CONFIG_IPV6) 703 case AF_INET6: { 704 struct rt6_info *rt1, *rt2; 705 struct flowi6 fl1, fl2; 706 707 memset(&fl1, 0, sizeof(fl1)); 708 fl1.daddr = src->in6; 709 710 memset(&fl2, 0, sizeof(fl2)); 711 fl2.daddr = dst->in6; 712 if (!nf_ip6_route(net, (struct dst_entry **)&rt1, 713 flowi6_to_flowi(&fl1), false)) { 714 if (!nf_ip6_route(net, (struct dst_entry **)&rt2, 715 flowi6_to_flowi(&fl2), false)) { 716 if (ipv6_addr_equal(rt6_nexthop(rt1, &fl1.daddr), 717 rt6_nexthop(rt2, &fl2.daddr)) && 718 rt1->dst.dev == rt2->dst.dev) 719 ret = 1; 720 dst_release(&rt2->dst); 721 } 722 dst_release(&rt1->dst); 723 } 724 break; 725 } 726 #endif 727 } 728 return ret; 729 730 } 731 732 static struct nf_conntrack_helper nf_conntrack_helper_q931[2] __read_mostly; 733 static struct nf_conntrack_helper *nf_conntrack_helper_q931_ptr[2] __read_mostly; 734 735 static int expect_callforwarding(struct sk_buff *skb, 736 struct nf_conn *ct, 737 enum ip_conntrack_info ctinfo, 738 unsigned int protoff, 739 unsigned char **data, int dataoff, 740 TransportAddress *taddr) 741 { 742 const struct nfct_h323_nat_hooks *nathook; 743 int dir = CTINFO2DIR(ctinfo); 744 int ret = 0; 745 __be16 port; 746 union nf_inet_addr addr; 747 struct nf_conntrack_expect *exp; 748 struct net *net = nf_ct_net(ct); 749 750 /* Read alternativeAddress */ 751 if (!get_h225_addr(ct, *data, taddr, &addr, &port) || port == 0) 752 return 0; 753 754 /* If the calling party is on the same side of the forward-to party, 755 * we don't need to track the second call 756 */ 757 if (callforward_filter && 758 callforward_do_filter(net, &addr, &ct->tuplehash[!dir].tuple.src.u3, 759 nf_ct_l3num(ct))) { 760 pr_debug("nf_ct_q931: Call Forwarding not tracked\n"); 761 return 0; 762 } 763 764 /* Create expect for the second call leg */ 765 if ((exp = nf_ct_expect_alloc(ct)) == NULL) 766 return -1; 767 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct), 768 &ct->tuplehash[!dir].tuple.src.u3, &addr, 769 IPPROTO_TCP, NULL, &port); 770 rcu_assign_pointer(exp->assign_helper, nf_conntrack_helper_q931_ptr[0]); 771 772 nathook = rcu_dereference(nfct_h323_nat_hook); 773 if (memcmp(&ct->tuplehash[dir].tuple.src.u3, 774 &ct->tuplehash[!dir].tuple.dst.u3, 775 sizeof(ct->tuplehash[dir].tuple.src.u3)) && 776 nathook && 777 nf_ct_l3num(ct) == NFPROTO_IPV4 && 778 ct->status & IPS_NAT_MASK) { 779 /* Need NAT */ 780 ret = nathook->nat_callforwarding(skb, ct, ctinfo, 781 protoff, data, dataoff, 782 taddr, port, exp); 783 } else { /* Conntrack only */ 784 if (nf_ct_expect_related(exp, 0) == 0) { 785 pr_debug("nf_ct_q931: expect Call Forwarding "); 786 nf_ct_dump_tuple(&exp->tuple); 787 } else 788 ret = -1; 789 } 790 791 nf_ct_expect_put(exp); 792 793 return ret; 794 } 795 796 static int process_setup(struct sk_buff *skb, struct nf_conn *ct, 797 enum ip_conntrack_info ctinfo, 798 unsigned int protoff, 799 unsigned char **data, int dataoff, 800 Setup_UUIE *setup) 801 { 802 const struct nfct_h323_nat_hooks *nathook; 803 int dir = CTINFO2DIR(ctinfo); 804 int ret; 805 int i; 806 __be16 port; 807 union nf_inet_addr addr; 808 809 pr_debug("nf_ct_q931: Setup\n"); 810 811 if (setup->options & eSetup_UUIE_h245Address) { 812 ret = expect_h245(skb, ct, ctinfo, protoff, data, dataoff, 813 &setup->h245Address); 814 if (ret < 0) 815 return -1; 816 } 817 818 nathook = rcu_dereference(nfct_h323_nat_hook); 819 if ((setup->options & eSetup_UUIE_destCallSignalAddress) && 820 nathook && nf_ct_l3num(ct) == NFPROTO_IPV4 && 821 ct->status & IPS_NAT_MASK && 822 get_h225_addr(ct, *data, &setup->destCallSignalAddress, 823 &addr, &port) && 824 memcmp(&addr, &ct->tuplehash[!dir].tuple.src.u3, sizeof(addr))) { 825 pr_debug("nf_ct_q931: set destCallSignalAddress %pI6:%hu->%pI6:%hu\n", 826 &addr, ntohs(port), &ct->tuplehash[!dir].tuple.src.u3, 827 ntohs(ct->tuplehash[!dir].tuple.src.u.tcp.port)); 828 ret = nathook->set_h225_addr(skb, protoff, data, dataoff, 829 &setup->destCallSignalAddress, 830 &ct->tuplehash[!dir].tuple.src.u3, 831 ct->tuplehash[!dir].tuple.src.u.tcp.port); 832 if (ret < 0) 833 return -1; 834 } 835 836 if ((setup->options & eSetup_UUIE_sourceCallSignalAddress) && 837 nathook && nf_ct_l3num(ct) == NFPROTO_IPV4 && 838 ct->status & IPS_NAT_MASK && 839 get_h225_addr(ct, *data, &setup->sourceCallSignalAddress, 840 &addr, &port) && 841 memcmp(&addr, &ct->tuplehash[!dir].tuple.dst.u3, sizeof(addr))) { 842 pr_debug("nf_ct_q931: set sourceCallSignalAddress %pI6:%hu->%pI6:%hu\n", 843 &addr, ntohs(port), &ct->tuplehash[!dir].tuple.dst.u3, 844 ntohs(ct->tuplehash[!dir].tuple.dst.u.tcp.port)); 845 ret = nathook->set_h225_addr(skb, protoff, data, dataoff, 846 &setup->sourceCallSignalAddress, 847 &ct->tuplehash[!dir].tuple.dst.u3, 848 ct->tuplehash[!dir].tuple.dst.u.tcp.port); 849 if (ret < 0) 850 return -1; 851 } 852 853 if (setup->options & eSetup_UUIE_fastStart) { 854 for (i = 0; i < setup->fastStart.count; i++) { 855 ret = process_olc(skb, ct, ctinfo, 856 protoff, data, dataoff, 857 &setup->fastStart.item[i]); 858 if (ret < 0) 859 return -1; 860 } 861 } 862 863 return 0; 864 } 865 866 static int process_callproceeding(struct sk_buff *skb, 867 struct nf_conn *ct, 868 enum ip_conntrack_info ctinfo, 869 unsigned int protoff, 870 unsigned char **data, int dataoff, 871 CallProceeding_UUIE *callproc) 872 { 873 int ret; 874 int i; 875 876 pr_debug("nf_ct_q931: CallProceeding\n"); 877 878 if (callproc->options & eCallProceeding_UUIE_h245Address) { 879 ret = expect_h245(skb, ct, ctinfo, protoff, data, dataoff, 880 &callproc->h245Address); 881 if (ret < 0) 882 return -1; 883 } 884 885 if (callproc->options & eCallProceeding_UUIE_fastStart) { 886 for (i = 0; i < callproc->fastStart.count; i++) { 887 ret = process_olc(skb, ct, ctinfo, 888 protoff, data, dataoff, 889 &callproc->fastStart.item[i]); 890 if (ret < 0) 891 return -1; 892 } 893 } 894 895 return 0; 896 } 897 898 static int process_connect(struct sk_buff *skb, struct nf_conn *ct, 899 enum ip_conntrack_info ctinfo, 900 unsigned int protoff, 901 unsigned char **data, int dataoff, 902 Connect_UUIE *connect) 903 { 904 int ret; 905 int i; 906 907 pr_debug("nf_ct_q931: Connect\n"); 908 909 if (connect->options & eConnect_UUIE_h245Address) { 910 ret = expect_h245(skb, ct, ctinfo, protoff, data, dataoff, 911 &connect->h245Address); 912 if (ret < 0) 913 return -1; 914 } 915 916 if (connect->options & eConnect_UUIE_fastStart) { 917 for (i = 0; i < connect->fastStart.count; i++) { 918 ret = process_olc(skb, ct, ctinfo, 919 protoff, data, dataoff, 920 &connect->fastStart.item[i]); 921 if (ret < 0) 922 return -1; 923 } 924 } 925 926 return 0; 927 } 928 929 static int process_alerting(struct sk_buff *skb, struct nf_conn *ct, 930 enum ip_conntrack_info ctinfo, 931 unsigned int protoff, 932 unsigned char **data, int dataoff, 933 Alerting_UUIE *alert) 934 { 935 int ret; 936 int i; 937 938 pr_debug("nf_ct_q931: Alerting\n"); 939 940 if (alert->options & eAlerting_UUIE_h245Address) { 941 ret = expect_h245(skb, ct, ctinfo, protoff, data, dataoff, 942 &alert->h245Address); 943 if (ret < 0) 944 return -1; 945 } 946 947 if (alert->options & eAlerting_UUIE_fastStart) { 948 for (i = 0; i < alert->fastStart.count; i++) { 949 ret = process_olc(skb, ct, ctinfo, 950 protoff, data, dataoff, 951 &alert->fastStart.item[i]); 952 if (ret < 0) 953 return -1; 954 } 955 } 956 957 return 0; 958 } 959 960 static int process_facility(struct sk_buff *skb, struct nf_conn *ct, 961 enum ip_conntrack_info ctinfo, 962 unsigned int protoff, 963 unsigned char **data, int dataoff, 964 Facility_UUIE *facility) 965 { 966 int ret; 967 int i; 968 969 pr_debug("nf_ct_q931: Facility\n"); 970 971 if (facility->reason.choice == eFacilityReason_callForwarded) { 972 if (facility->options & eFacility_UUIE_alternativeAddress) 973 return expect_callforwarding(skb, ct, ctinfo, 974 protoff, data, dataoff, 975 &facility-> 976 alternativeAddress); 977 return 0; 978 } 979 980 if (facility->options & eFacility_UUIE_h245Address) { 981 ret = expect_h245(skb, ct, ctinfo, protoff, data, dataoff, 982 &facility->h245Address); 983 if (ret < 0) 984 return -1; 985 } 986 987 if (facility->options & eFacility_UUIE_fastStart) { 988 for (i = 0; i < facility->fastStart.count; i++) { 989 ret = process_olc(skb, ct, ctinfo, 990 protoff, data, dataoff, 991 &facility->fastStart.item[i]); 992 if (ret < 0) 993 return -1; 994 } 995 } 996 997 return 0; 998 } 999 1000 static int process_progress(struct sk_buff *skb, struct nf_conn *ct, 1001 enum ip_conntrack_info ctinfo, 1002 unsigned int protoff, 1003 unsigned char **data, int dataoff, 1004 Progress_UUIE *progress) 1005 { 1006 int ret; 1007 int i; 1008 1009 pr_debug("nf_ct_q931: Progress\n"); 1010 1011 if (progress->options & eProgress_UUIE_h245Address) { 1012 ret = expect_h245(skb, ct, ctinfo, protoff, data, dataoff, 1013 &progress->h245Address); 1014 if (ret < 0) 1015 return -1; 1016 } 1017 1018 if (progress->options & eProgress_UUIE_fastStart) { 1019 for (i = 0; i < progress->fastStart.count; i++) { 1020 ret = process_olc(skb, ct, ctinfo, 1021 protoff, data, dataoff, 1022 &progress->fastStart.item[i]); 1023 if (ret < 0) 1024 return -1; 1025 } 1026 } 1027 1028 return 0; 1029 } 1030 1031 static int process_q931(struct sk_buff *skb, struct nf_conn *ct, 1032 enum ip_conntrack_info ctinfo, 1033 unsigned int protoff, unsigned char **data, int dataoff, 1034 Q931 *q931) 1035 { 1036 H323_UU_PDU *pdu = &q931->UUIE.h323_uu_pdu; 1037 int i; 1038 int ret = 0; 1039 1040 switch (pdu->h323_message_body.choice) { 1041 case eH323_UU_PDU_h323_message_body_setup: 1042 ret = process_setup(skb, ct, ctinfo, protoff, data, dataoff, 1043 &pdu->h323_message_body.setup); 1044 break; 1045 case eH323_UU_PDU_h323_message_body_callProceeding: 1046 ret = process_callproceeding(skb, ct, ctinfo, 1047 protoff, data, dataoff, 1048 &pdu->h323_message_body. 1049 callProceeding); 1050 break; 1051 case eH323_UU_PDU_h323_message_body_connect: 1052 ret = process_connect(skb, ct, ctinfo, protoff, data, dataoff, 1053 &pdu->h323_message_body.connect); 1054 break; 1055 case eH323_UU_PDU_h323_message_body_alerting: 1056 ret = process_alerting(skb, ct, ctinfo, protoff, data, dataoff, 1057 &pdu->h323_message_body.alerting); 1058 break; 1059 case eH323_UU_PDU_h323_message_body_facility: 1060 ret = process_facility(skb, ct, ctinfo, protoff, data, dataoff, 1061 &pdu->h323_message_body.facility); 1062 break; 1063 case eH323_UU_PDU_h323_message_body_progress: 1064 ret = process_progress(skb, ct, ctinfo, protoff, data, dataoff, 1065 &pdu->h323_message_body.progress); 1066 break; 1067 default: 1068 pr_debug("nf_ct_q931: Q.931 signal %d\n", 1069 pdu->h323_message_body.choice); 1070 break; 1071 } 1072 1073 if (ret < 0) 1074 return -1; 1075 1076 if (pdu->options & eH323_UU_PDU_h245Control) { 1077 for (i = 0; i < pdu->h245Control.count; i++) { 1078 ret = process_h245(skb, ct, ctinfo, 1079 protoff, data, dataoff, 1080 &pdu->h245Control.item[i]); 1081 if (ret < 0) 1082 return -1; 1083 } 1084 } 1085 1086 return 0; 1087 } 1088 1089 static int q931_help(struct sk_buff *skb, unsigned int protoff, 1090 struct nf_conn *ct, enum ip_conntrack_info ctinfo) 1091 { 1092 static Q931 q931; 1093 unsigned char *data = NULL; 1094 int datalen; 1095 int dataoff; 1096 int ret; 1097 1098 /* Until there's been traffic both ways, don't look in packets. */ 1099 if (ctinfo != IP_CT_ESTABLISHED && ctinfo != IP_CT_ESTABLISHED_REPLY) 1100 return NF_ACCEPT; 1101 1102 pr_debug("nf_ct_q931: skblen = %u\n", skb->len); 1103 1104 spin_lock_bh(&nf_h323_lock); 1105 1106 /* Process each TPKT */ 1107 while (get_tpkt_data(skb, protoff, ct, ctinfo, 1108 &data, &datalen, &dataoff)) { 1109 pr_debug("nf_ct_q931: TPKT len=%d ", datalen); 1110 nf_ct_dump_tuple(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple); 1111 1112 /* Decode Q.931 signal */ 1113 ret = DecodeQ931(data, datalen, &q931); 1114 if (ret < 0) { 1115 pr_debug("nf_ct_q931: decoding error: %s\n", 1116 ret == H323_ERROR_BOUND ? 1117 "out of bound" : "out of range"); 1118 /* We don't drop when decoding error */ 1119 break; 1120 } 1121 1122 /* Process Q.931 signal */ 1123 if (process_q931(skb, ct, ctinfo, protoff, 1124 &data, dataoff, &q931) < 0) 1125 goto drop; 1126 } 1127 1128 spin_unlock_bh(&nf_h323_lock); 1129 return NF_ACCEPT; 1130 1131 drop: 1132 spin_unlock_bh(&nf_h323_lock); 1133 nf_ct_helper_log(skb, ct, "cannot process Q.931 message"); 1134 return NF_DROP; 1135 } 1136 1137 static const struct nf_conntrack_expect_policy q931_exp_policy = { 1138 /* T.120 and H.245 */ 1139 .max_expected = H323_RTP_CHANNEL_MAX * 4 + 4, 1140 .timeout = 240, 1141 }; 1142 1143 static unsigned char *get_udp_data(struct sk_buff *skb, unsigned int protoff, 1144 int *datalen) 1145 { 1146 const struct udphdr *uh; 1147 struct udphdr _uh; 1148 int dataoff; 1149 1150 uh = skb_header_pointer(skb, protoff, sizeof(_uh), &_uh); 1151 if (uh == NULL) 1152 return NULL; 1153 dataoff = protoff + sizeof(_uh); 1154 if (dataoff >= skb->len) 1155 return NULL; 1156 *datalen = skb->len - dataoff; 1157 if (*datalen > H323_MAX_SIZE) 1158 *datalen = H323_MAX_SIZE; 1159 1160 return skb_header_pointer(skb, dataoff, *datalen, h323_buffer); 1161 } 1162 1163 static struct nf_conntrack_expect *find_expect(struct nf_conn *ct, 1164 union nf_inet_addr *addr, 1165 __be16 port) 1166 { 1167 struct net *net = nf_ct_net(ct); 1168 struct nf_conntrack_expect *exp; 1169 struct nf_conntrack_tuple tuple = { 1170 .src.l3num = nf_ct_l3num(ct), 1171 .dst.protonum = IPPROTO_TCP, 1172 .dst.u.tcp.port = port, 1173 }; 1174 1175 memcpy(&tuple.dst.u3, addr, sizeof(tuple.dst.u3)); 1176 1177 exp = __nf_ct_expect_find(net, nf_ct_zone(ct), &tuple); 1178 if (exp && exp->master == ct) 1179 return exp; 1180 return NULL; 1181 } 1182 1183 static int expect_q931(struct sk_buff *skb, struct nf_conn *ct, 1184 enum ip_conntrack_info ctinfo, 1185 unsigned int protoff, unsigned char **data, 1186 TransportAddress *taddr, int count) 1187 { 1188 struct nf_ct_h323_master *info = nfct_help_data(ct); 1189 const struct nfct_h323_nat_hooks *nathook; 1190 int dir = CTINFO2DIR(ctinfo); 1191 int ret = 0; 1192 int i; 1193 __be16 port; 1194 union nf_inet_addr addr; 1195 struct nf_conntrack_expect *exp; 1196 1197 if (!info) 1198 return -1; 1199 1200 /* Look for the first related address */ 1201 for (i = 0; i < count; i++) { 1202 if (get_h225_addr(ct, *data, &taddr[i], &addr, &port) && 1203 memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, 1204 sizeof(addr)) == 0 && port != 0) 1205 break; 1206 } 1207 1208 if (i >= count) /* Not found */ 1209 return 0; 1210 1211 /* Create expect for Q.931 */ 1212 if ((exp = nf_ct_expect_alloc(ct)) == NULL) 1213 return -1; 1214 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct), 1215 gkrouted_only ? /* only accept calls from GK? */ 1216 &ct->tuplehash[!dir].tuple.src.u3 : NULL, 1217 &ct->tuplehash[!dir].tuple.dst.u3, 1218 IPPROTO_TCP, NULL, &port); 1219 rcu_assign_pointer(exp->assign_helper, nf_conntrack_helper_q931_ptr[0]); 1220 exp->flags = NF_CT_EXPECT_PERMANENT; /* Accept multiple calls */ 1221 1222 nathook = rcu_dereference(nfct_h323_nat_hook); 1223 if (nathook && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1224 ct->status & IPS_NAT_MASK) { /* Need NAT */ 1225 ret = nathook->nat_q931(skb, ct, ctinfo, protoff, data, 1226 taddr, i, port, exp); 1227 } else { /* Conntrack only */ 1228 if (nf_ct_expect_related(exp, 0) == 0) { 1229 pr_debug("nf_ct_ras: expect Q.931 "); 1230 nf_ct_dump_tuple(&exp->tuple); 1231 1232 /* Save port for looking up expect in processing RCF */ 1233 info->sig_port[dir] = port; 1234 } else 1235 ret = -1; 1236 } 1237 1238 nf_ct_expect_put(exp); 1239 1240 return ret; 1241 } 1242 1243 static int process_grq(struct sk_buff *skb, struct nf_conn *ct, 1244 enum ip_conntrack_info ctinfo, 1245 unsigned int protoff, 1246 unsigned char **data, GatekeeperRequest *grq) 1247 { 1248 const struct nfct_h323_nat_hooks *nathook; 1249 1250 pr_debug("nf_ct_ras: GRQ\n"); 1251 1252 nathook = rcu_dereference(nfct_h323_nat_hook); 1253 if (nathook && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1254 ct->status & IPS_NAT_MASK) /* NATed */ 1255 return nathook->set_ras_addr(skb, ct, ctinfo, protoff, data, 1256 &grq->rasAddress, 1); 1257 return 0; 1258 } 1259 1260 static struct nf_conntrack_helper nf_conntrack_helper_ras[2] __read_mostly; 1261 static struct nf_conntrack_helper *nf_conntrack_helper_ras_ptr[2] __read_mostly; 1262 1263 static int process_gcf(struct sk_buff *skb, struct nf_conn *ct, 1264 enum ip_conntrack_info ctinfo, 1265 unsigned int protoff, 1266 unsigned char **data, GatekeeperConfirm *gcf) 1267 { 1268 int dir = CTINFO2DIR(ctinfo); 1269 int ret = 0; 1270 __be16 port; 1271 union nf_inet_addr addr; 1272 struct nf_conntrack_expect *exp; 1273 1274 pr_debug("nf_ct_ras: GCF\n"); 1275 1276 if (!get_h225_addr(ct, *data, &gcf->rasAddress, &addr, &port)) 1277 return 0; 1278 1279 /* Registration port is the same as discovery port */ 1280 if (!memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) && 1281 port == ct->tuplehash[dir].tuple.src.u.udp.port) 1282 return 0; 1283 1284 /* Avoid RAS expectation loops. A GCF is never expected. */ 1285 if (test_bit(IPS_EXPECTED_BIT, &ct->status)) 1286 return 0; 1287 1288 /* Need new expect */ 1289 if ((exp = nf_ct_expect_alloc(ct)) == NULL) 1290 return -1; 1291 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct), 1292 &ct->tuplehash[!dir].tuple.src.u3, &addr, 1293 IPPROTO_UDP, NULL, &port); 1294 rcu_assign_pointer(exp->assign_helper, nf_conntrack_helper_ras_ptr[0]); 1295 1296 if (nf_ct_expect_related(exp, 0) == 0) { 1297 pr_debug("nf_ct_ras: expect RAS "); 1298 nf_ct_dump_tuple(&exp->tuple); 1299 } else 1300 ret = -1; 1301 1302 nf_ct_expect_put(exp); 1303 1304 return ret; 1305 } 1306 1307 static int process_rrq(struct sk_buff *skb, struct nf_conn *ct, 1308 enum ip_conntrack_info ctinfo, 1309 unsigned int protoff, 1310 unsigned char **data, RegistrationRequest *rrq) 1311 { 1312 struct nf_ct_h323_master *info = nfct_help_data(ct); 1313 const struct nfct_h323_nat_hooks *nathook; 1314 int ret; 1315 1316 if (!info) 1317 return -1; 1318 1319 pr_debug("nf_ct_ras: RRQ\n"); 1320 1321 ret = expect_q931(skb, ct, ctinfo, protoff, data, 1322 rrq->callSignalAddress.item, 1323 rrq->callSignalAddress.count); 1324 if (ret < 0) 1325 return -1; 1326 1327 nathook = rcu_dereference(nfct_h323_nat_hook); 1328 if (nathook && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1329 ct->status & IPS_NAT_MASK) { 1330 ret = nathook->set_ras_addr(skb, ct, ctinfo, protoff, data, 1331 rrq->rasAddress.item, 1332 rrq->rasAddress.count); 1333 if (ret < 0) 1334 return -1; 1335 } 1336 1337 if (rrq->options & eRegistrationRequest_timeToLive) { 1338 pr_debug("nf_ct_ras: RRQ TTL = %u seconds\n", rrq->timeToLive); 1339 info->timeout = rrq->timeToLive; 1340 } else 1341 info->timeout = default_rrq_ttl; 1342 1343 return 0; 1344 } 1345 1346 static int process_rcf(struct sk_buff *skb, struct nf_conn *ct, 1347 enum ip_conntrack_info ctinfo, 1348 unsigned int protoff, 1349 unsigned char **data, RegistrationConfirm *rcf) 1350 { 1351 struct nf_ct_h323_master *info = nfct_help_data(ct); 1352 const struct nfct_h323_nat_hooks *nathook; 1353 int dir = CTINFO2DIR(ctinfo); 1354 int ret; 1355 struct nf_conntrack_expect *exp; 1356 1357 if (!info) 1358 return -1; 1359 1360 pr_debug("nf_ct_ras: RCF\n"); 1361 1362 nathook = rcu_dereference(nfct_h323_nat_hook); 1363 if (nathook && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1364 ct->status & IPS_NAT_MASK) { 1365 ret = nathook->set_sig_addr(skb, ct, ctinfo, protoff, data, 1366 rcf->callSignalAddress.item, 1367 rcf->callSignalAddress.count); 1368 if (ret < 0) 1369 return -1; 1370 } 1371 1372 if (rcf->options & eRegistrationConfirm_timeToLive) { 1373 pr_debug("nf_ct_ras: RCF TTL = %u seconds\n", rcf->timeToLive); 1374 info->timeout = rcf->timeToLive; 1375 } 1376 1377 if (info->timeout > 0) { 1378 pr_debug("nf_ct_ras: set RAS connection timeout to " 1379 "%u seconds\n", info->timeout); 1380 nf_ct_refresh(ct, info->timeout * HZ); 1381 1382 /* Set expect timeout */ 1383 spin_lock_bh(&nf_conntrack_expect_lock); 1384 exp = find_expect(ct, &ct->tuplehash[dir].tuple.dst.u3, 1385 info->sig_port[!dir]); 1386 if (exp) { 1387 pr_debug("nf_ct_ras: set Q.931 expect " 1388 "timeout to %u seconds for", 1389 info->timeout); 1390 nf_ct_dump_tuple(&exp->tuple); 1391 WRITE_ONCE(exp->timeout, 1392 nfct_time_stamp + (info->timeout * HZ)); 1393 } 1394 spin_unlock_bh(&nf_conntrack_expect_lock); 1395 } 1396 1397 return 0; 1398 } 1399 1400 static int process_urq(struct sk_buff *skb, struct nf_conn *ct, 1401 enum ip_conntrack_info ctinfo, 1402 unsigned int protoff, 1403 unsigned char **data, UnregistrationRequest *urq) 1404 { 1405 struct nf_ct_h323_master *info = nfct_help_data(ct); 1406 const struct nfct_h323_nat_hooks *nathook; 1407 int dir = CTINFO2DIR(ctinfo); 1408 int ret; 1409 1410 if (!info) 1411 return -1; 1412 1413 pr_debug("nf_ct_ras: URQ\n"); 1414 1415 nathook = rcu_dereference(nfct_h323_nat_hook); 1416 if (nathook && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1417 ct->status & IPS_NAT_MASK) { 1418 ret = nathook->set_sig_addr(skb, ct, ctinfo, protoff, data, 1419 urq->callSignalAddress.item, 1420 urq->callSignalAddress.count); 1421 if (ret < 0) 1422 return -1; 1423 } 1424 1425 /* Clear old expect */ 1426 nf_ct_remove_expectations(ct); 1427 info->sig_port[dir] = 0; 1428 info->sig_port[!dir] = 0; 1429 1430 /* Give it 30 seconds for UCF or URJ */ 1431 nf_ct_refresh(ct, 30 * HZ); 1432 1433 return 0; 1434 } 1435 1436 static int process_arq(struct sk_buff *skb, struct nf_conn *ct, 1437 enum ip_conntrack_info ctinfo, 1438 unsigned int protoff, 1439 unsigned char **data, AdmissionRequest *arq) 1440 { 1441 const struct nf_ct_h323_master *info = nfct_help_data(ct); 1442 const struct nfct_h323_nat_hooks *nathook; 1443 int dir = CTINFO2DIR(ctinfo); 1444 __be16 port; 1445 union nf_inet_addr addr; 1446 1447 if (!info) 1448 return 0; 1449 1450 pr_debug("nf_ct_ras: ARQ\n"); 1451 1452 nathook = rcu_dereference(nfct_h323_nat_hook); 1453 if (!nathook) 1454 return 0; 1455 1456 if ((arq->options & eAdmissionRequest_destCallSignalAddress) && 1457 get_h225_addr(ct, *data, &arq->destCallSignalAddress, 1458 &addr, &port) && 1459 !memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) && 1460 port == info->sig_port[dir] && 1461 nf_ct_l3num(ct) == NFPROTO_IPV4 && 1462 ct->status & IPS_NAT_MASK) { 1463 /* Answering ARQ */ 1464 return nathook->set_h225_addr(skb, protoff, data, 0, 1465 &arq->destCallSignalAddress, 1466 &ct->tuplehash[!dir].tuple.dst.u3, 1467 info->sig_port[!dir]); 1468 } 1469 1470 if ((arq->options & eAdmissionRequest_srcCallSignalAddress) && 1471 get_h225_addr(ct, *data, &arq->srcCallSignalAddress, 1472 &addr, &port) && 1473 !memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) && 1474 nf_ct_l3num(ct) == NFPROTO_IPV4 && 1475 ct->status & IPS_NAT_MASK) { 1476 /* Calling ARQ */ 1477 return nathook->set_h225_addr(skb, protoff, data, 0, 1478 &arq->srcCallSignalAddress, 1479 &ct->tuplehash[!dir].tuple.dst.u3, 1480 port); 1481 } 1482 1483 return 0; 1484 } 1485 1486 static int process_acf(struct sk_buff *skb, struct nf_conn *ct, 1487 enum ip_conntrack_info ctinfo, 1488 unsigned int protoff, 1489 unsigned char **data, AdmissionConfirm *acf) 1490 { 1491 int dir = CTINFO2DIR(ctinfo); 1492 int ret = 0; 1493 __be16 port; 1494 union nf_inet_addr addr; 1495 struct nf_conntrack_expect *exp; 1496 1497 pr_debug("nf_ct_ras: ACF\n"); 1498 1499 if (!get_h225_addr(ct, *data, &acf->destCallSignalAddress, 1500 &addr, &port)) 1501 return 0; 1502 1503 if (!memcmp(&addr, &ct->tuplehash[dir].tuple.dst.u3, sizeof(addr))) { 1504 const struct nfct_h323_nat_hooks *nathook; 1505 1506 /* Answering ACF */ 1507 nathook = rcu_dereference(nfct_h323_nat_hook); 1508 if (nathook && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1509 ct->status & IPS_NAT_MASK) 1510 return nathook->set_sig_addr(skb, ct, ctinfo, protoff, 1511 data, 1512 &acf->destCallSignalAddress, 1); 1513 return 0; 1514 } 1515 1516 /* Need new expect */ 1517 if ((exp = nf_ct_expect_alloc(ct)) == NULL) 1518 return -1; 1519 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct), 1520 &ct->tuplehash[!dir].tuple.src.u3, &addr, 1521 IPPROTO_TCP, NULL, &port); 1522 exp->flags = NF_CT_EXPECT_PERMANENT; 1523 rcu_assign_pointer(exp->assign_helper, nf_conntrack_helper_q931_ptr[0]); 1524 1525 if (nf_ct_expect_related(exp, 0) == 0) { 1526 pr_debug("nf_ct_ras: expect Q.931 "); 1527 nf_ct_dump_tuple(&exp->tuple); 1528 } else 1529 ret = -1; 1530 1531 nf_ct_expect_put(exp); 1532 1533 return ret; 1534 } 1535 1536 static int process_lrq(struct sk_buff *skb, struct nf_conn *ct, 1537 enum ip_conntrack_info ctinfo, 1538 unsigned int protoff, 1539 unsigned char **data, LocationRequest *lrq) 1540 { 1541 const struct nfct_h323_nat_hooks *nathook; 1542 1543 pr_debug("nf_ct_ras: LRQ\n"); 1544 1545 nathook = rcu_dereference(nfct_h323_nat_hook); 1546 if (nathook && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1547 ct->status & IPS_NAT_MASK) 1548 return nathook->set_ras_addr(skb, ct, ctinfo, protoff, data, 1549 &lrq->replyAddress, 1); 1550 return 0; 1551 } 1552 1553 static int process_lcf(struct sk_buff *skb, struct nf_conn *ct, 1554 enum ip_conntrack_info ctinfo, 1555 unsigned int protoff, 1556 unsigned char **data, LocationConfirm *lcf) 1557 { 1558 int dir = CTINFO2DIR(ctinfo); 1559 int ret = 0; 1560 __be16 port; 1561 union nf_inet_addr addr; 1562 struct nf_conntrack_expect *exp; 1563 1564 pr_debug("nf_ct_ras: LCF\n"); 1565 1566 if (!get_h225_addr(ct, *data, &lcf->callSignalAddress, 1567 &addr, &port)) 1568 return 0; 1569 1570 /* Need new expect for call signal */ 1571 if ((exp = nf_ct_expect_alloc(ct)) == NULL) 1572 return -1; 1573 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct), 1574 &ct->tuplehash[!dir].tuple.src.u3, &addr, 1575 IPPROTO_TCP, NULL, &port); 1576 exp->flags = NF_CT_EXPECT_PERMANENT; 1577 rcu_assign_pointer(exp->assign_helper, nf_conntrack_helper_q931_ptr[0]); 1578 1579 if (nf_ct_expect_related(exp, 0) == 0) { 1580 pr_debug("nf_ct_ras: expect Q.931 "); 1581 nf_ct_dump_tuple(&exp->tuple); 1582 } else 1583 ret = -1; 1584 1585 nf_ct_expect_put(exp); 1586 1587 /* Ignore rasAddress */ 1588 1589 return ret; 1590 } 1591 1592 static int process_irr(struct sk_buff *skb, struct nf_conn *ct, 1593 enum ip_conntrack_info ctinfo, 1594 unsigned int protoff, 1595 unsigned char **data, InfoRequestResponse *irr) 1596 { 1597 const struct nfct_h323_nat_hooks *nathook; 1598 int ret; 1599 1600 pr_debug("nf_ct_ras: IRR\n"); 1601 1602 nathook = rcu_dereference(nfct_h323_nat_hook); 1603 if (nathook && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1604 ct->status & IPS_NAT_MASK) { 1605 ret = nathook->set_ras_addr(skb, ct, ctinfo, protoff, data, 1606 &irr->rasAddress, 1); 1607 if (ret < 0) 1608 return -1; 1609 1610 ret = nathook->set_sig_addr(skb, ct, ctinfo, protoff, data, 1611 irr->callSignalAddress.item, 1612 irr->callSignalAddress.count); 1613 if (ret < 0) 1614 return -1; 1615 } 1616 1617 return 0; 1618 } 1619 1620 static int process_ras(struct sk_buff *skb, struct nf_conn *ct, 1621 enum ip_conntrack_info ctinfo, 1622 unsigned int protoff, 1623 unsigned char **data, RasMessage *ras) 1624 { 1625 switch (ras->choice) { 1626 case eRasMessage_gatekeeperRequest: 1627 return process_grq(skb, ct, ctinfo, protoff, data, 1628 &ras->gatekeeperRequest); 1629 case eRasMessage_gatekeeperConfirm: 1630 return process_gcf(skb, ct, ctinfo, protoff, data, 1631 &ras->gatekeeperConfirm); 1632 case eRasMessage_registrationRequest: 1633 return process_rrq(skb, ct, ctinfo, protoff, data, 1634 &ras->registrationRequest); 1635 case eRasMessage_registrationConfirm: 1636 return process_rcf(skb, ct, ctinfo, protoff, data, 1637 &ras->registrationConfirm); 1638 case eRasMessage_unregistrationRequest: 1639 return process_urq(skb, ct, ctinfo, protoff, data, 1640 &ras->unregistrationRequest); 1641 case eRasMessage_admissionRequest: 1642 return process_arq(skb, ct, ctinfo, protoff, data, 1643 &ras->admissionRequest); 1644 case eRasMessage_admissionConfirm: 1645 return process_acf(skb, ct, ctinfo, protoff, data, 1646 &ras->admissionConfirm); 1647 case eRasMessage_locationRequest: 1648 return process_lrq(skb, ct, ctinfo, protoff, data, 1649 &ras->locationRequest); 1650 case eRasMessage_locationConfirm: 1651 return process_lcf(skb, ct, ctinfo, protoff, data, 1652 &ras->locationConfirm); 1653 case eRasMessage_infoRequestResponse: 1654 return process_irr(skb, ct, ctinfo, protoff, data, 1655 &ras->infoRequestResponse); 1656 default: 1657 pr_debug("nf_ct_ras: RAS message %d\n", ras->choice); 1658 break; 1659 } 1660 1661 return 0; 1662 } 1663 1664 static int ras_help(struct sk_buff *skb, unsigned int protoff, 1665 struct nf_conn *ct, enum ip_conntrack_info ctinfo) 1666 { 1667 static RasMessage ras; 1668 unsigned char *data; 1669 int datalen = 0; 1670 int ret; 1671 1672 pr_debug("nf_ct_ras: skblen = %u\n", skb->len); 1673 1674 spin_lock_bh(&nf_h323_lock); 1675 1676 /* Get UDP data */ 1677 data = get_udp_data(skb, protoff, &datalen); 1678 if (data == NULL) 1679 goto accept; 1680 pr_debug("nf_ct_ras: RAS message len=%d ", datalen); 1681 nf_ct_dump_tuple(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple); 1682 1683 /* Decode RAS message */ 1684 ret = DecodeRasMessage(data, datalen, &ras); 1685 if (ret < 0) { 1686 pr_debug("nf_ct_ras: decoding error: %s\n", 1687 ret == H323_ERROR_BOUND ? 1688 "out of bound" : "out of range"); 1689 goto accept; 1690 } 1691 1692 /* Process RAS message */ 1693 if (process_ras(skb, ct, ctinfo, protoff, &data, &ras) < 0) 1694 goto drop; 1695 1696 accept: 1697 spin_unlock_bh(&nf_h323_lock); 1698 return NF_ACCEPT; 1699 1700 drop: 1701 spin_unlock_bh(&nf_h323_lock); 1702 nf_ct_helper_log(skb, ct, "cannot process RAS message"); 1703 return NF_DROP; 1704 } 1705 1706 static const struct nf_conntrack_expect_policy ras_exp_policy = { 1707 .max_expected = 32, 1708 .timeout = 240, 1709 }; 1710 1711 static int __init h323_helper_init(void) 1712 { 1713 int ret; 1714 1715 nf_ct_helper_init(&nf_conntrack_helper_ras[0], AF_INET, IPPROTO_UDP, 1716 "RAS", RAS_PORT, RAS_PORT, RAS_PORT, 1717 &ras_exp_policy, 0, ras_help, NULL, THIS_MODULE); 1718 nf_ct_helper_init(&nf_conntrack_helper_ras[1], AF_INET6, IPPROTO_UDP, 1719 "RAS", RAS_PORT, RAS_PORT, RAS_PORT, 1720 &ras_exp_policy, 0, ras_help, NULL, THIS_MODULE); 1721 nf_ct_helper_init(&nf_conntrack_helper_h245, AF_UNSPEC, IPPROTO_UDP, 1722 "H.245", 0, 0, 0, 1723 &h245_exp_policy, 0, h245_help, NULL, THIS_MODULE); 1724 nf_ct_helper_init(&nf_conntrack_helper_q931[0], AF_INET, IPPROTO_TCP, 1725 "Q.931", Q931_PORT, Q931_PORT, Q931_PORT, 1726 &q931_exp_policy, 0, q931_help, NULL, THIS_MODULE); 1727 nf_ct_helper_init(&nf_conntrack_helper_q931[1], AF_INET6, IPPROTO_TCP, 1728 "Q.931", Q931_PORT, Q931_PORT, Q931_PORT, 1729 &q931_exp_policy, 0, q931_help, NULL, THIS_MODULE); 1730 1731 ret = nf_conntrack_helper_register(&nf_conntrack_helper_h245, 1732 &nf_conntrack_helper_h245_ptr); 1733 if (ret < 0) 1734 return ret; 1735 ret = nf_conntrack_helpers_register(nf_conntrack_helper_q931, 1736 ARRAY_SIZE(nf_conntrack_helper_q931), 1737 nf_conntrack_helper_q931_ptr); 1738 if (ret < 0) 1739 goto err1; 1740 ret = nf_conntrack_helpers_register(nf_conntrack_helper_ras, 1741 ARRAY_SIZE(nf_conntrack_helper_ras), 1742 nf_conntrack_helper_ras_ptr); 1743 if (ret < 0) 1744 goto err2; 1745 1746 return 0; 1747 err2: 1748 nf_conntrack_helpers_unregister(nf_conntrack_helper_q931_ptr, 1749 ARRAY_SIZE(nf_conntrack_helper_q931_ptr)); 1750 err1: 1751 nf_conntrack_helper_unregister(nf_conntrack_helper_h245_ptr); 1752 return ret; 1753 } 1754 1755 static void __exit h323_helper_exit(void) 1756 { 1757 nf_conntrack_helpers_unregister(nf_conntrack_helper_ras_ptr, 1758 ARRAY_SIZE(nf_conntrack_helper_ras)); 1759 nf_conntrack_helpers_unregister(nf_conntrack_helper_q931_ptr, 1760 ARRAY_SIZE(nf_conntrack_helper_q931)); 1761 nf_conntrack_helper_unregister(nf_conntrack_helper_h245_ptr); 1762 } 1763 1764 static void __exit nf_conntrack_h323_fini(void) 1765 { 1766 h323_helper_exit(); 1767 kfree(h323_buffer); 1768 pr_debug("nf_ct_h323: fini\n"); 1769 } 1770 1771 static int __init nf_conntrack_h323_init(void) 1772 { 1773 int ret; 1774 1775 NF_CT_HELPER_BUILD_BUG_ON(sizeof(struct nf_ct_h323_master)); 1776 1777 h323_buffer = kmalloc(H323_MAX_SIZE + 1, GFP_KERNEL); 1778 if (!h323_buffer) 1779 return -ENOMEM; 1780 ret = h323_helper_init(); 1781 if (ret < 0) 1782 goto err1; 1783 pr_debug("nf_ct_h323: init success\n"); 1784 return 0; 1785 err1: 1786 kfree(h323_buffer); 1787 return ret; 1788 } 1789 1790 module_init(nf_conntrack_h323_init); 1791 module_exit(nf_conntrack_h323_fini); 1792 1793 MODULE_AUTHOR("Jing Min Zhao <zhaojingmin@users.sourceforge.net>"); 1794 MODULE_DESCRIPTION("H.323 connection tracking helper"); 1795 MODULE_LICENSE("GPL"); 1796 MODULE_ALIAS("ip_conntrack_h323"); 1797 MODULE_ALIAS_NFCT_HELPER("RAS"); 1798 MODULE_ALIAS_NFCT_HELPER("Q.931"); 1799 MODULE_ALIAS_NFCT_HELPER("H.245"); 1800