1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * H.323 connection tracking helper 4 * 5 * Copyright (c) 2006 Jing Min Zhao <zhaojingmin@users.sourceforge.net> 6 * Copyright (c) 2006-2012 Patrick McHardy <kaber@trash.net> 7 * 8 * Based on the 'brute force' H.323 connection tracking module by 9 * Jozsef Kadlecsik <kadlec@netfilter.org> 10 * 11 * For more information, please see http://nath323.sourceforge.net/ 12 */ 13 14 #include <linux/module.h> 15 #include <linux/moduleparam.h> 16 #include <linux/ctype.h> 17 #include <linux/inet.h> 18 #include <linux/in.h> 19 #include <linux/ip.h> 20 #include <linux/slab.h> 21 #include <linux/udp.h> 22 #include <linux/tcp.h> 23 #include <linux/skbuff.h> 24 #include <net/route.h> 25 #include <net/ip6_route.h> 26 #include <linux/netfilter_ipv4.h> 27 #include <linux/netfilter_ipv6.h> 28 29 #include <net/netfilter/nf_conntrack.h> 30 #include <net/netfilter/nf_conntrack_core.h> 31 #include <net/netfilter/nf_conntrack_tuple.h> 32 #include <net/netfilter/nf_conntrack_expect.h> 33 #include <net/netfilter/nf_conntrack_ecache.h> 34 #include <net/netfilter/nf_conntrack_helper.h> 35 #include <net/netfilter/nf_conntrack_zones.h> 36 #include <linux/netfilter/nf_conntrack_h323.h> 37 38 #define H323_MAX_SIZE 65535 39 40 /* Parameters */ 41 static unsigned int default_rrq_ttl __read_mostly = 300; 42 module_param(default_rrq_ttl, uint, 0600); 43 MODULE_PARM_DESC(default_rrq_ttl, "use this TTL if it's missing in RRQ"); 44 45 static int gkrouted_only __read_mostly = 1; 46 module_param(gkrouted_only, int, 0600); 47 MODULE_PARM_DESC(gkrouted_only, "only accept calls from gatekeeper"); 48 49 static bool callforward_filter __read_mostly = true; 50 module_param(callforward_filter, bool, 0600); 51 MODULE_PARM_DESC(callforward_filter, "only create call forwarding expectations " 52 "if both endpoints are on different sides " 53 "(determined by routing information)"); 54 55 const struct nfct_h323_nat_hooks __rcu *nfct_h323_nat_hook __read_mostly; 56 EXPORT_SYMBOL_GPL(nfct_h323_nat_hook); 57 58 static DEFINE_SPINLOCK(nf_h323_lock); 59 static char *h323_buffer; 60 61 static struct nf_conntrack_helper nf_conntrack_helper_h245; 62 static struct nf_conntrack_helper nf_conntrack_helper_q931[]; 63 static struct nf_conntrack_helper nf_conntrack_helper_ras[]; 64 65 static int get_tpkt_data(struct sk_buff *skb, unsigned int protoff, 66 struct nf_conn *ct, enum ip_conntrack_info ctinfo, 67 unsigned char **data, int *datalen, int *dataoff) 68 { 69 struct nf_ct_h323_master *info = nfct_help_data(ct); 70 int dir = CTINFO2DIR(ctinfo); 71 const struct tcphdr *th; 72 struct tcphdr _tcph; 73 int tcpdatalen; 74 int tcpdataoff; 75 unsigned char *tpkt; 76 int tpktlen; 77 int tpktoff; 78 79 /* Get TCP header */ 80 th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph); 81 if (th == NULL) 82 return 0; 83 84 /* Get TCP data offset */ 85 tcpdataoff = protoff + th->doff * 4; 86 87 /* Get TCP data length */ 88 tcpdatalen = skb->len - tcpdataoff; 89 if (tcpdatalen <= 0) /* No TCP data */ 90 goto clear_out; 91 92 if (tcpdatalen > H323_MAX_SIZE) 93 tcpdatalen = H323_MAX_SIZE; 94 95 if (*data == NULL) { /* first TPKT */ 96 /* Get first TPKT pointer */ 97 tpkt = skb_header_pointer(skb, tcpdataoff, tcpdatalen, 98 h323_buffer); 99 if (!tpkt) 100 goto clear_out; 101 102 /* Validate TPKT identifier */ 103 if (tcpdatalen < 4 || tpkt[0] != 0x03 || tpkt[1] != 0) { 104 /* Netmeeting sends TPKT header and data separately */ 105 if (info->tpkt_len[dir] > 0) { 106 pr_debug("nf_ct_h323: previous packet " 107 "indicated separate TPKT data of %hu " 108 "bytes\n", info->tpkt_len[dir]); 109 if (info->tpkt_len[dir] <= tcpdatalen) { 110 /* Yes, there was a TPKT header 111 * received */ 112 *data = tpkt; 113 *datalen = info->tpkt_len[dir]; 114 *dataoff = 0; 115 goto out; 116 } 117 118 /* Fragmented TPKT */ 119 pr_debug("nf_ct_h323: fragmented TPKT\n"); 120 goto clear_out; 121 } 122 123 /* It is not even a TPKT */ 124 return 0; 125 } 126 tpktoff = 0; 127 } else { /* Next TPKT */ 128 tpktoff = *dataoff + *datalen; 129 tcpdatalen -= tpktoff; 130 if (tcpdatalen <= 4) /* No more TPKT */ 131 goto clear_out; 132 tpkt = *data + *datalen; 133 134 /* Validate TPKT identifier */ 135 if (tpkt[0] != 0x03 || tpkt[1] != 0) 136 goto clear_out; 137 } 138 139 /* Validate TPKT length */ 140 tpktlen = tpkt[2] * 256 + tpkt[3]; 141 if (tpktlen < 4) 142 goto clear_out; 143 if (tpktlen > tcpdatalen) { 144 if (tcpdatalen == 4) { /* Separate TPKT header */ 145 /* Netmeeting sends TPKT header and data separately */ 146 pr_debug("nf_ct_h323: separate TPKT header indicates " 147 "there will be TPKT data of %d bytes\n", 148 tpktlen - 4); 149 info->tpkt_len[dir] = tpktlen - 4; 150 return 0; 151 } 152 153 pr_debug("nf_ct_h323: incomplete TPKT (fragmented?)\n"); 154 goto clear_out; 155 } 156 157 /* This is the encapsulated data */ 158 *data = tpkt + 4; 159 *datalen = tpktlen - 4; 160 *dataoff = tpktoff + 4; 161 162 out: 163 /* Clear TPKT length */ 164 info->tpkt_len[dir] = 0; 165 return 1; 166 167 clear_out: 168 info->tpkt_len[dir] = 0; 169 return 0; 170 } 171 172 static int get_h245_addr(struct nf_conn *ct, const unsigned char *data, 173 H245_TransportAddress *taddr, 174 union nf_inet_addr *addr, __be16 *port) 175 { 176 const unsigned char *p; 177 int len; 178 179 if (taddr->choice != eH245_TransportAddress_unicastAddress) 180 return 0; 181 182 switch (taddr->unicastAddress.choice) { 183 case eUnicastAddress_iPAddress: 184 if (nf_ct_l3num(ct) != AF_INET) 185 return 0; 186 p = data + taddr->unicastAddress.iPAddress.network; 187 len = 4; 188 break; 189 case eUnicastAddress_iP6Address: 190 if (nf_ct_l3num(ct) != AF_INET6) 191 return 0; 192 p = data + taddr->unicastAddress.iP6Address.network; 193 len = 16; 194 break; 195 default: 196 return 0; 197 } 198 199 memcpy(addr, p, len); 200 memset((void *)addr + len, 0, sizeof(*addr) - len); 201 memcpy(port, p + len, sizeof(__be16)); 202 203 return 1; 204 } 205 206 static int expect_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct, 207 enum ip_conntrack_info ctinfo, 208 unsigned int protoff, 209 unsigned char **data, int dataoff, 210 H245_TransportAddress *taddr) 211 { 212 const struct nfct_h323_nat_hooks *nathook; 213 int dir = CTINFO2DIR(ctinfo); 214 int ret = 0; 215 __be16 port; 216 __be16 rtp_port, rtcp_port; 217 union nf_inet_addr addr; 218 struct nf_conntrack_expect *rtp_exp; 219 struct nf_conntrack_expect *rtcp_exp; 220 221 /* Read RTP or RTCP address */ 222 if (!get_h245_addr(ct, *data, taddr, &addr, &port) || 223 memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) || 224 port == 0) 225 return 0; 226 227 /* RTP port is even */ 228 rtp_port = port & ~htons(1); 229 rtcp_port = port | htons(1); 230 231 /* Create expect for RTP */ 232 if ((rtp_exp = nf_ct_expect_alloc(ct)) == NULL) 233 return -1; 234 nf_ct_expect_init(rtp_exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct), 235 &ct->tuplehash[!dir].tuple.src.u3, 236 &ct->tuplehash[!dir].tuple.dst.u3, 237 IPPROTO_UDP, NULL, &rtp_port); 238 239 /* Create expect for RTCP */ 240 if ((rtcp_exp = nf_ct_expect_alloc(ct)) == NULL) { 241 nf_ct_expect_put(rtp_exp); 242 return -1; 243 } 244 nf_ct_expect_init(rtcp_exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct), 245 &ct->tuplehash[!dir].tuple.src.u3, 246 &ct->tuplehash[!dir].tuple.dst.u3, 247 IPPROTO_UDP, NULL, &rtcp_port); 248 249 nathook = rcu_dereference(nfct_h323_nat_hook); 250 if (memcmp(&ct->tuplehash[dir].tuple.src.u3, 251 &ct->tuplehash[!dir].tuple.dst.u3, 252 sizeof(ct->tuplehash[dir].tuple.src.u3)) && 253 nathook && 254 nf_ct_l3num(ct) == NFPROTO_IPV4 && 255 ct->status & IPS_NAT_MASK) { 256 /* NAT needed */ 257 ret = nathook->nat_rtp_rtcp(skb, ct, ctinfo, protoff, data, dataoff, 258 taddr, port, rtp_port, rtp_exp, rtcp_exp); 259 } else { /* Conntrack only */ 260 if (nf_ct_expect_related(rtp_exp, 0) == 0) { 261 if (nf_ct_expect_related(rtcp_exp, 0) == 0) { 262 pr_debug("nf_ct_h323: expect RTP "); 263 nf_ct_dump_tuple(&rtp_exp->tuple); 264 pr_debug("nf_ct_h323: expect RTCP "); 265 nf_ct_dump_tuple(&rtcp_exp->tuple); 266 } else { 267 nf_ct_unexpect_related(rtp_exp); 268 ret = -1; 269 } 270 } else 271 ret = -1; 272 } 273 274 nf_ct_expect_put(rtp_exp); 275 nf_ct_expect_put(rtcp_exp); 276 277 return ret; 278 } 279 280 static int expect_t120(struct sk_buff *skb, 281 struct nf_conn *ct, 282 enum ip_conntrack_info ctinfo, 283 unsigned int protoff, 284 unsigned char **data, int dataoff, 285 H245_TransportAddress *taddr) 286 { 287 const struct nfct_h323_nat_hooks *nathook; 288 int dir = CTINFO2DIR(ctinfo); 289 int ret = 0; 290 __be16 port; 291 union nf_inet_addr addr; 292 struct nf_conntrack_expect *exp; 293 294 /* Read T.120 address */ 295 if (!get_h245_addr(ct, *data, taddr, &addr, &port) || 296 memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) || 297 port == 0) 298 return 0; 299 300 /* Create expect for T.120 connections */ 301 if ((exp = nf_ct_expect_alloc(ct)) == NULL) 302 return -1; 303 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct), 304 &ct->tuplehash[!dir].tuple.src.u3, 305 &ct->tuplehash[!dir].tuple.dst.u3, 306 IPPROTO_TCP, NULL, &port); 307 exp->flags = NF_CT_EXPECT_PERMANENT; /* Accept multiple channels */ 308 309 nathook = rcu_dereference(nfct_h323_nat_hook); 310 if (memcmp(&ct->tuplehash[dir].tuple.src.u3, 311 &ct->tuplehash[!dir].tuple.dst.u3, 312 sizeof(ct->tuplehash[dir].tuple.src.u3)) && 313 nathook && 314 nf_ct_l3num(ct) == NFPROTO_IPV4 && 315 ct->status & IPS_NAT_MASK) { 316 /* NAT needed */ 317 ret = nathook->nat_t120(skb, ct, ctinfo, protoff, data, 318 dataoff, taddr, port, exp); 319 } else { /* Conntrack only */ 320 if (nf_ct_expect_related(exp, 0) == 0) { 321 pr_debug("nf_ct_h323: expect T.120 "); 322 nf_ct_dump_tuple(&exp->tuple); 323 } else 324 ret = -1; 325 } 326 327 nf_ct_expect_put(exp); 328 329 return ret; 330 } 331 332 static int process_h245_channel(struct sk_buff *skb, 333 struct nf_conn *ct, 334 enum ip_conntrack_info ctinfo, 335 unsigned int protoff, 336 unsigned char **data, int dataoff, 337 H2250LogicalChannelParameters *channel) 338 { 339 int ret; 340 341 if (channel->options & eH2250LogicalChannelParameters_mediaChannel) { 342 /* RTP */ 343 ret = expect_rtp_rtcp(skb, ct, ctinfo, protoff, data, dataoff, 344 &channel->mediaChannel); 345 if (ret < 0) 346 return -1; 347 } 348 349 if (channel-> 350 options & eH2250LogicalChannelParameters_mediaControlChannel) { 351 /* RTCP */ 352 ret = expect_rtp_rtcp(skb, ct, ctinfo, protoff, data, dataoff, 353 &channel->mediaControlChannel); 354 if (ret < 0) 355 return -1; 356 } 357 358 return 0; 359 } 360 361 static int process_olc(struct sk_buff *skb, struct nf_conn *ct, 362 enum ip_conntrack_info ctinfo, 363 unsigned int protoff, 364 unsigned char **data, int dataoff, 365 OpenLogicalChannel *olc) 366 { 367 int ret; 368 369 pr_debug("nf_ct_h323: OpenLogicalChannel\n"); 370 371 if (olc->forwardLogicalChannelParameters.multiplexParameters.choice == 372 eOpenLogicalChannel_forwardLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters) 373 { 374 ret = process_h245_channel(skb, ct, ctinfo, 375 protoff, data, dataoff, 376 &olc-> 377 forwardLogicalChannelParameters. 378 multiplexParameters. 379 h2250LogicalChannelParameters); 380 if (ret < 0) 381 return -1; 382 } 383 384 if ((olc->options & 385 eOpenLogicalChannel_reverseLogicalChannelParameters) && 386 (olc->reverseLogicalChannelParameters.options & 387 eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters) 388 && (olc->reverseLogicalChannelParameters.multiplexParameters. 389 choice == 390 eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)) 391 { 392 ret = 393 process_h245_channel(skb, ct, ctinfo, 394 protoff, data, dataoff, 395 &olc-> 396 reverseLogicalChannelParameters. 397 multiplexParameters. 398 h2250LogicalChannelParameters); 399 if (ret < 0) 400 return -1; 401 } 402 403 if ((olc->options & eOpenLogicalChannel_separateStack) && 404 olc->forwardLogicalChannelParameters.dataType.choice == 405 eDataType_data && 406 olc->forwardLogicalChannelParameters.dataType.data.application. 407 choice == eDataApplicationCapability_application_t120 && 408 olc->forwardLogicalChannelParameters.dataType.data.application. 409 t120.choice == eDataProtocolCapability_separateLANStack && 410 olc->separateStack.networkAddress.choice == 411 eNetworkAccessParameters_networkAddress_localAreaAddress) { 412 ret = expect_t120(skb, ct, ctinfo, protoff, data, dataoff, 413 &olc->separateStack.networkAddress. 414 localAreaAddress); 415 if (ret < 0) 416 return -1; 417 } 418 419 return 0; 420 } 421 422 static int process_olca(struct sk_buff *skb, struct nf_conn *ct, 423 enum ip_conntrack_info ctinfo, 424 unsigned int protoff, unsigned char **data, int dataoff, 425 OpenLogicalChannelAck *olca) 426 { 427 H2250LogicalChannelAckParameters *ack; 428 int ret; 429 430 pr_debug("nf_ct_h323: OpenLogicalChannelAck\n"); 431 432 if ((olca->options & 433 eOpenLogicalChannelAck_reverseLogicalChannelParameters) && 434 (olca->reverseLogicalChannelParameters.options & 435 eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters) 436 && (olca->reverseLogicalChannelParameters.multiplexParameters. 437 choice == 438 eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)) 439 { 440 ret = process_h245_channel(skb, ct, ctinfo, 441 protoff, data, dataoff, 442 &olca-> 443 reverseLogicalChannelParameters. 444 multiplexParameters. 445 h2250LogicalChannelParameters); 446 if (ret < 0) 447 return -1; 448 } 449 450 if ((olca->options & 451 eOpenLogicalChannelAck_forwardMultiplexAckParameters) && 452 (olca->forwardMultiplexAckParameters.choice == 453 eOpenLogicalChannelAck_forwardMultiplexAckParameters_h2250LogicalChannelAckParameters)) 454 { 455 ack = &olca->forwardMultiplexAckParameters. 456 h2250LogicalChannelAckParameters; 457 if (ack->options & 458 eH2250LogicalChannelAckParameters_mediaChannel) { 459 /* RTP */ 460 ret = expect_rtp_rtcp(skb, ct, ctinfo, 461 protoff, data, dataoff, 462 &ack->mediaChannel); 463 if (ret < 0) 464 return -1; 465 } 466 467 if (ack->options & 468 eH2250LogicalChannelAckParameters_mediaControlChannel) { 469 /* RTCP */ 470 ret = expect_rtp_rtcp(skb, ct, ctinfo, 471 protoff, data, dataoff, 472 &ack->mediaControlChannel); 473 if (ret < 0) 474 return -1; 475 } 476 } 477 478 if ((olca->options & eOpenLogicalChannelAck_separateStack) && 479 olca->separateStack.networkAddress.choice == 480 eNetworkAccessParameters_networkAddress_localAreaAddress) { 481 ret = expect_t120(skb, ct, ctinfo, protoff, data, dataoff, 482 &olca->separateStack.networkAddress. 483 localAreaAddress); 484 if (ret < 0) 485 return -1; 486 } 487 488 return 0; 489 } 490 491 static int process_h245(struct sk_buff *skb, struct nf_conn *ct, 492 enum ip_conntrack_info ctinfo, 493 unsigned int protoff, unsigned char **data, int dataoff, 494 MultimediaSystemControlMessage *mscm) 495 { 496 switch (mscm->choice) { 497 case eMultimediaSystemControlMessage_request: 498 if (mscm->request.choice == 499 eRequestMessage_openLogicalChannel) { 500 return process_olc(skb, ct, ctinfo, 501 protoff, data, dataoff, 502 &mscm->request.openLogicalChannel); 503 } 504 pr_debug("nf_ct_h323: H.245 Request %d\n", 505 mscm->request.choice); 506 break; 507 case eMultimediaSystemControlMessage_response: 508 if (mscm->response.choice == 509 eResponseMessage_openLogicalChannelAck) { 510 return process_olca(skb, ct, ctinfo, 511 protoff, data, dataoff, 512 &mscm->response. 513 openLogicalChannelAck); 514 } 515 pr_debug("nf_ct_h323: H.245 Response %d\n", 516 mscm->response.choice); 517 break; 518 default: 519 pr_debug("nf_ct_h323: H.245 signal %d\n", mscm->choice); 520 break; 521 } 522 523 return 0; 524 } 525 526 static int h245_help(struct sk_buff *skb, unsigned int protoff, 527 struct nf_conn *ct, enum ip_conntrack_info ctinfo) 528 { 529 static MultimediaSystemControlMessage mscm; 530 unsigned char *data = NULL; 531 int datalen; 532 int dataoff; 533 int ret; 534 535 /* Until there's been traffic both ways, don't look in packets. */ 536 if (ctinfo != IP_CT_ESTABLISHED && ctinfo != IP_CT_ESTABLISHED_REPLY) 537 return NF_ACCEPT; 538 539 pr_debug("nf_ct_h245: skblen = %u\n", skb->len); 540 541 spin_lock_bh(&nf_h323_lock); 542 543 /* Process each TPKT */ 544 while (get_tpkt_data(skb, protoff, ct, ctinfo, 545 &data, &datalen, &dataoff)) { 546 pr_debug("nf_ct_h245: TPKT len=%d ", datalen); 547 nf_ct_dump_tuple(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple); 548 549 /* Decode H.245 signal */ 550 ret = DecodeMultimediaSystemControlMessage(data, datalen, 551 &mscm); 552 if (ret < 0) { 553 pr_debug("nf_ct_h245: decoding error: %s\n", 554 ret == H323_ERROR_BOUND ? 555 "out of bound" : "out of range"); 556 /* We don't drop when decoding error */ 557 break; 558 } 559 560 /* Process H.245 signal */ 561 if (process_h245(skb, ct, ctinfo, protoff, 562 &data, dataoff, &mscm) < 0) 563 goto drop; 564 } 565 566 spin_unlock_bh(&nf_h323_lock); 567 return NF_ACCEPT; 568 569 drop: 570 spin_unlock_bh(&nf_h323_lock); 571 nf_ct_helper_log(skb, ct, "cannot process H.245 message"); 572 return NF_DROP; 573 } 574 575 static const struct nf_conntrack_expect_policy h245_exp_policy = { 576 .max_expected = H323_RTP_CHANNEL_MAX * 4 + 2 /* T.120 */, 577 .timeout = 240, 578 }; 579 580 static struct nf_conntrack_helper nf_conntrack_helper_h245 __read_mostly = { 581 .name = "H.245", 582 .me = THIS_MODULE, 583 .tuple.src.l3num = AF_UNSPEC, 584 .tuple.dst.protonum = IPPROTO_UDP, 585 .help = h245_help, 586 .expect_policy = &h245_exp_policy, 587 }; 588 589 int get_h225_addr(struct nf_conn *ct, unsigned char *data, 590 TransportAddress *taddr, 591 union nf_inet_addr *addr, __be16 *port) 592 { 593 const unsigned char *p; 594 int len; 595 596 switch (taddr->choice) { 597 case eTransportAddress_ipAddress: 598 if (nf_ct_l3num(ct) != AF_INET) 599 return 0; 600 p = data + taddr->ipAddress.ip; 601 len = 4; 602 break; 603 case eTransportAddress_ip6Address: 604 if (nf_ct_l3num(ct) != AF_INET6) 605 return 0; 606 p = data + taddr->ip6Address.ip; 607 len = 16; 608 break; 609 default: 610 return 0; 611 } 612 613 memcpy(addr, p, len); 614 memset((void *)addr + len, 0, sizeof(*addr) - len); 615 memcpy(port, p + len, sizeof(__be16)); 616 617 return 1; 618 } 619 EXPORT_SYMBOL_GPL(get_h225_addr); 620 621 static int expect_h245(struct sk_buff *skb, struct nf_conn *ct, 622 enum ip_conntrack_info ctinfo, 623 unsigned int protoff, unsigned char **data, int dataoff, 624 TransportAddress *taddr) 625 { 626 const struct nfct_h323_nat_hooks *nathook; 627 int dir = CTINFO2DIR(ctinfo); 628 int ret = 0; 629 __be16 port; 630 union nf_inet_addr addr; 631 struct nf_conntrack_expect *exp; 632 633 /* Read h245Address */ 634 if (!get_h225_addr(ct, *data, taddr, &addr, &port) || 635 memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) || 636 port == 0) 637 return 0; 638 639 /* Create expect for h245 connection */ 640 if ((exp = nf_ct_expect_alloc(ct)) == NULL) 641 return -1; 642 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct), 643 &ct->tuplehash[!dir].tuple.src.u3, 644 &ct->tuplehash[!dir].tuple.dst.u3, 645 IPPROTO_TCP, NULL, &port); 646 rcu_assign_pointer(exp->helper, &nf_conntrack_helper_h245); 647 648 nathook = rcu_dereference(nfct_h323_nat_hook); 649 if (memcmp(&ct->tuplehash[dir].tuple.src.u3, 650 &ct->tuplehash[!dir].tuple.dst.u3, 651 sizeof(ct->tuplehash[dir].tuple.src.u3)) && 652 nathook && 653 nf_ct_l3num(ct) == NFPROTO_IPV4 && 654 ct->status & IPS_NAT_MASK) { 655 /* NAT needed */ 656 ret = nathook->nat_h245(skb, ct, ctinfo, protoff, data, 657 dataoff, taddr, port, exp); 658 } else { /* Conntrack only */ 659 if (nf_ct_expect_related(exp, 0) == 0) { 660 pr_debug("nf_ct_q931: expect H.245 "); 661 nf_ct_dump_tuple(&exp->tuple); 662 } else 663 ret = -1; 664 } 665 666 nf_ct_expect_put(exp); 667 668 return ret; 669 } 670 671 /* If the calling party is on the same side of the forward-to party, 672 * we don't need to track the second call 673 */ 674 static int callforward_do_filter(struct net *net, 675 const union nf_inet_addr *src, 676 const union nf_inet_addr *dst, 677 u_int8_t family) 678 { 679 int ret = 0; 680 681 switch (family) { 682 case AF_INET: { 683 struct flowi4 fl1, fl2; 684 struct rtable *rt1, *rt2; 685 686 memset(&fl1, 0, sizeof(fl1)); 687 fl1.daddr = src->ip; 688 689 memset(&fl2, 0, sizeof(fl2)); 690 fl2.daddr = dst->ip; 691 if (!nf_ip_route(net, (struct dst_entry **)&rt1, 692 flowi4_to_flowi(&fl1), false)) { 693 if (!nf_ip_route(net, (struct dst_entry **)&rt2, 694 flowi4_to_flowi(&fl2), false)) { 695 if (rt_nexthop(rt1, fl1.daddr) == 696 rt_nexthop(rt2, fl2.daddr) && 697 rt1->dst.dev == rt2->dst.dev) 698 ret = 1; 699 dst_release(&rt2->dst); 700 } 701 dst_release(&rt1->dst); 702 } 703 break; 704 } 705 #if IS_ENABLED(CONFIG_IPV6) 706 case AF_INET6: { 707 struct rt6_info *rt1, *rt2; 708 struct flowi6 fl1, fl2; 709 710 memset(&fl1, 0, sizeof(fl1)); 711 fl1.daddr = src->in6; 712 713 memset(&fl2, 0, sizeof(fl2)); 714 fl2.daddr = dst->in6; 715 if (!nf_ip6_route(net, (struct dst_entry **)&rt1, 716 flowi6_to_flowi(&fl1), false)) { 717 if (!nf_ip6_route(net, (struct dst_entry **)&rt2, 718 flowi6_to_flowi(&fl2), false)) { 719 if (ipv6_addr_equal(rt6_nexthop(rt1, &fl1.daddr), 720 rt6_nexthop(rt2, &fl2.daddr)) && 721 rt1->dst.dev == rt2->dst.dev) 722 ret = 1; 723 dst_release(&rt2->dst); 724 } 725 dst_release(&rt1->dst); 726 } 727 break; 728 } 729 #endif 730 } 731 return ret; 732 733 } 734 735 static int expect_callforwarding(struct sk_buff *skb, 736 struct nf_conn *ct, 737 enum ip_conntrack_info ctinfo, 738 unsigned int protoff, 739 unsigned char **data, int dataoff, 740 TransportAddress *taddr) 741 { 742 const struct nfct_h323_nat_hooks *nathook; 743 int dir = CTINFO2DIR(ctinfo); 744 int ret = 0; 745 __be16 port; 746 union nf_inet_addr addr; 747 struct nf_conntrack_expect *exp; 748 struct net *net = nf_ct_net(ct); 749 750 /* Read alternativeAddress */ 751 if (!get_h225_addr(ct, *data, taddr, &addr, &port) || port == 0) 752 return 0; 753 754 /* If the calling party is on the same side of the forward-to party, 755 * we don't need to track the second call 756 */ 757 if (callforward_filter && 758 callforward_do_filter(net, &addr, &ct->tuplehash[!dir].tuple.src.u3, 759 nf_ct_l3num(ct))) { 760 pr_debug("nf_ct_q931: Call Forwarding not tracked\n"); 761 return 0; 762 } 763 764 /* Create expect for the second call leg */ 765 if ((exp = nf_ct_expect_alloc(ct)) == NULL) 766 return -1; 767 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct), 768 &ct->tuplehash[!dir].tuple.src.u3, &addr, 769 IPPROTO_TCP, NULL, &port); 770 rcu_assign_pointer(exp->helper, nf_conntrack_helper_q931); 771 772 nathook = rcu_dereference(nfct_h323_nat_hook); 773 if (memcmp(&ct->tuplehash[dir].tuple.src.u3, 774 &ct->tuplehash[!dir].tuple.dst.u3, 775 sizeof(ct->tuplehash[dir].tuple.src.u3)) && 776 nathook && 777 nf_ct_l3num(ct) == NFPROTO_IPV4 && 778 ct->status & IPS_NAT_MASK) { 779 /* Need NAT */ 780 ret = nathook->nat_callforwarding(skb, ct, ctinfo, 781 protoff, data, dataoff, 782 taddr, port, exp); 783 } else { /* Conntrack only */ 784 if (nf_ct_expect_related(exp, 0) == 0) { 785 pr_debug("nf_ct_q931: expect Call Forwarding "); 786 nf_ct_dump_tuple(&exp->tuple); 787 } else 788 ret = -1; 789 } 790 791 nf_ct_expect_put(exp); 792 793 return ret; 794 } 795 796 static int process_setup(struct sk_buff *skb, struct nf_conn *ct, 797 enum ip_conntrack_info ctinfo, 798 unsigned int protoff, 799 unsigned char **data, int dataoff, 800 Setup_UUIE *setup) 801 { 802 const struct nfct_h323_nat_hooks *nathook; 803 int dir = CTINFO2DIR(ctinfo); 804 int ret; 805 int i; 806 __be16 port; 807 union nf_inet_addr addr; 808 809 pr_debug("nf_ct_q931: Setup\n"); 810 811 if (setup->options & eSetup_UUIE_h245Address) { 812 ret = expect_h245(skb, ct, ctinfo, protoff, data, dataoff, 813 &setup->h245Address); 814 if (ret < 0) 815 return -1; 816 } 817 818 nathook = rcu_dereference(nfct_h323_nat_hook); 819 if ((setup->options & eSetup_UUIE_destCallSignalAddress) && 820 nathook && nf_ct_l3num(ct) == NFPROTO_IPV4 && 821 ct->status & IPS_NAT_MASK && 822 get_h225_addr(ct, *data, &setup->destCallSignalAddress, 823 &addr, &port) && 824 memcmp(&addr, &ct->tuplehash[!dir].tuple.src.u3, sizeof(addr))) { 825 pr_debug("nf_ct_q931: set destCallSignalAddress %pI6:%hu->%pI6:%hu\n", 826 &addr, ntohs(port), &ct->tuplehash[!dir].tuple.src.u3, 827 ntohs(ct->tuplehash[!dir].tuple.src.u.tcp.port)); 828 ret = nathook->set_h225_addr(skb, protoff, data, dataoff, 829 &setup->destCallSignalAddress, 830 &ct->tuplehash[!dir].tuple.src.u3, 831 ct->tuplehash[!dir].tuple.src.u.tcp.port); 832 if (ret < 0) 833 return -1; 834 } 835 836 if ((setup->options & eSetup_UUIE_sourceCallSignalAddress) && 837 nathook && nf_ct_l3num(ct) == NFPROTO_IPV4 && 838 ct->status & IPS_NAT_MASK && 839 get_h225_addr(ct, *data, &setup->sourceCallSignalAddress, 840 &addr, &port) && 841 memcmp(&addr, &ct->tuplehash[!dir].tuple.dst.u3, sizeof(addr))) { 842 pr_debug("nf_ct_q931: set sourceCallSignalAddress %pI6:%hu->%pI6:%hu\n", 843 &addr, ntohs(port), &ct->tuplehash[!dir].tuple.dst.u3, 844 ntohs(ct->tuplehash[!dir].tuple.dst.u.tcp.port)); 845 ret = nathook->set_h225_addr(skb, protoff, data, dataoff, 846 &setup->sourceCallSignalAddress, 847 &ct->tuplehash[!dir].tuple.dst.u3, 848 ct->tuplehash[!dir].tuple.dst.u.tcp.port); 849 if (ret < 0) 850 return -1; 851 } 852 853 if (setup->options & eSetup_UUIE_fastStart) { 854 for (i = 0; i < setup->fastStart.count; i++) { 855 ret = process_olc(skb, ct, ctinfo, 856 protoff, data, dataoff, 857 &setup->fastStart.item[i]); 858 if (ret < 0) 859 return -1; 860 } 861 } 862 863 return 0; 864 } 865 866 static int process_callproceeding(struct sk_buff *skb, 867 struct nf_conn *ct, 868 enum ip_conntrack_info ctinfo, 869 unsigned int protoff, 870 unsigned char **data, int dataoff, 871 CallProceeding_UUIE *callproc) 872 { 873 int ret; 874 int i; 875 876 pr_debug("nf_ct_q931: CallProceeding\n"); 877 878 if (callproc->options & eCallProceeding_UUIE_h245Address) { 879 ret = expect_h245(skb, ct, ctinfo, protoff, data, dataoff, 880 &callproc->h245Address); 881 if (ret < 0) 882 return -1; 883 } 884 885 if (callproc->options & eCallProceeding_UUIE_fastStart) { 886 for (i = 0; i < callproc->fastStart.count; i++) { 887 ret = process_olc(skb, ct, ctinfo, 888 protoff, data, dataoff, 889 &callproc->fastStart.item[i]); 890 if (ret < 0) 891 return -1; 892 } 893 } 894 895 return 0; 896 } 897 898 static int process_connect(struct sk_buff *skb, struct nf_conn *ct, 899 enum ip_conntrack_info ctinfo, 900 unsigned int protoff, 901 unsigned char **data, int dataoff, 902 Connect_UUIE *connect) 903 { 904 int ret; 905 int i; 906 907 pr_debug("nf_ct_q931: Connect\n"); 908 909 if (connect->options & eConnect_UUIE_h245Address) { 910 ret = expect_h245(skb, ct, ctinfo, protoff, data, dataoff, 911 &connect->h245Address); 912 if (ret < 0) 913 return -1; 914 } 915 916 if (connect->options & eConnect_UUIE_fastStart) { 917 for (i = 0; i < connect->fastStart.count; i++) { 918 ret = process_olc(skb, ct, ctinfo, 919 protoff, data, dataoff, 920 &connect->fastStart.item[i]); 921 if (ret < 0) 922 return -1; 923 } 924 } 925 926 return 0; 927 } 928 929 static int process_alerting(struct sk_buff *skb, struct nf_conn *ct, 930 enum ip_conntrack_info ctinfo, 931 unsigned int protoff, 932 unsigned char **data, int dataoff, 933 Alerting_UUIE *alert) 934 { 935 int ret; 936 int i; 937 938 pr_debug("nf_ct_q931: Alerting\n"); 939 940 if (alert->options & eAlerting_UUIE_h245Address) { 941 ret = expect_h245(skb, ct, ctinfo, protoff, data, dataoff, 942 &alert->h245Address); 943 if (ret < 0) 944 return -1; 945 } 946 947 if (alert->options & eAlerting_UUIE_fastStart) { 948 for (i = 0; i < alert->fastStart.count; i++) { 949 ret = process_olc(skb, ct, ctinfo, 950 protoff, data, dataoff, 951 &alert->fastStart.item[i]); 952 if (ret < 0) 953 return -1; 954 } 955 } 956 957 return 0; 958 } 959 960 static int process_facility(struct sk_buff *skb, struct nf_conn *ct, 961 enum ip_conntrack_info ctinfo, 962 unsigned int protoff, 963 unsigned char **data, int dataoff, 964 Facility_UUIE *facility) 965 { 966 int ret; 967 int i; 968 969 pr_debug("nf_ct_q931: Facility\n"); 970 971 if (facility->reason.choice == eFacilityReason_callForwarded) { 972 if (facility->options & eFacility_UUIE_alternativeAddress) 973 return expect_callforwarding(skb, ct, ctinfo, 974 protoff, data, dataoff, 975 &facility-> 976 alternativeAddress); 977 return 0; 978 } 979 980 if (facility->options & eFacility_UUIE_h245Address) { 981 ret = expect_h245(skb, ct, ctinfo, protoff, data, dataoff, 982 &facility->h245Address); 983 if (ret < 0) 984 return -1; 985 } 986 987 if (facility->options & eFacility_UUIE_fastStart) { 988 for (i = 0; i < facility->fastStart.count; i++) { 989 ret = process_olc(skb, ct, ctinfo, 990 protoff, data, dataoff, 991 &facility->fastStart.item[i]); 992 if (ret < 0) 993 return -1; 994 } 995 } 996 997 return 0; 998 } 999 1000 static int process_progress(struct sk_buff *skb, struct nf_conn *ct, 1001 enum ip_conntrack_info ctinfo, 1002 unsigned int protoff, 1003 unsigned char **data, int dataoff, 1004 Progress_UUIE *progress) 1005 { 1006 int ret; 1007 int i; 1008 1009 pr_debug("nf_ct_q931: Progress\n"); 1010 1011 if (progress->options & eProgress_UUIE_h245Address) { 1012 ret = expect_h245(skb, ct, ctinfo, protoff, data, dataoff, 1013 &progress->h245Address); 1014 if (ret < 0) 1015 return -1; 1016 } 1017 1018 if (progress->options & eProgress_UUIE_fastStart) { 1019 for (i = 0; i < progress->fastStart.count; i++) { 1020 ret = process_olc(skb, ct, ctinfo, 1021 protoff, data, dataoff, 1022 &progress->fastStart.item[i]); 1023 if (ret < 0) 1024 return -1; 1025 } 1026 } 1027 1028 return 0; 1029 } 1030 1031 static int process_q931(struct sk_buff *skb, struct nf_conn *ct, 1032 enum ip_conntrack_info ctinfo, 1033 unsigned int protoff, unsigned char **data, int dataoff, 1034 Q931 *q931) 1035 { 1036 H323_UU_PDU *pdu = &q931->UUIE.h323_uu_pdu; 1037 int i; 1038 int ret = 0; 1039 1040 switch (pdu->h323_message_body.choice) { 1041 case eH323_UU_PDU_h323_message_body_setup: 1042 ret = process_setup(skb, ct, ctinfo, protoff, data, dataoff, 1043 &pdu->h323_message_body.setup); 1044 break; 1045 case eH323_UU_PDU_h323_message_body_callProceeding: 1046 ret = process_callproceeding(skb, ct, ctinfo, 1047 protoff, data, dataoff, 1048 &pdu->h323_message_body. 1049 callProceeding); 1050 break; 1051 case eH323_UU_PDU_h323_message_body_connect: 1052 ret = process_connect(skb, ct, ctinfo, protoff, data, dataoff, 1053 &pdu->h323_message_body.connect); 1054 break; 1055 case eH323_UU_PDU_h323_message_body_alerting: 1056 ret = process_alerting(skb, ct, ctinfo, protoff, data, dataoff, 1057 &pdu->h323_message_body.alerting); 1058 break; 1059 case eH323_UU_PDU_h323_message_body_facility: 1060 ret = process_facility(skb, ct, ctinfo, protoff, data, dataoff, 1061 &pdu->h323_message_body.facility); 1062 break; 1063 case eH323_UU_PDU_h323_message_body_progress: 1064 ret = process_progress(skb, ct, ctinfo, protoff, data, dataoff, 1065 &pdu->h323_message_body.progress); 1066 break; 1067 default: 1068 pr_debug("nf_ct_q931: Q.931 signal %d\n", 1069 pdu->h323_message_body.choice); 1070 break; 1071 } 1072 1073 if (ret < 0) 1074 return -1; 1075 1076 if (pdu->options & eH323_UU_PDU_h245Control) { 1077 for (i = 0; i < pdu->h245Control.count; i++) { 1078 ret = process_h245(skb, ct, ctinfo, 1079 protoff, data, dataoff, 1080 &pdu->h245Control.item[i]); 1081 if (ret < 0) 1082 return -1; 1083 } 1084 } 1085 1086 return 0; 1087 } 1088 1089 static int q931_help(struct sk_buff *skb, unsigned int protoff, 1090 struct nf_conn *ct, enum ip_conntrack_info ctinfo) 1091 { 1092 static Q931 q931; 1093 unsigned char *data = NULL; 1094 int datalen; 1095 int dataoff; 1096 int ret; 1097 1098 /* Until there's been traffic both ways, don't look in packets. */ 1099 if (ctinfo != IP_CT_ESTABLISHED && ctinfo != IP_CT_ESTABLISHED_REPLY) 1100 return NF_ACCEPT; 1101 1102 pr_debug("nf_ct_q931: skblen = %u\n", skb->len); 1103 1104 spin_lock_bh(&nf_h323_lock); 1105 1106 /* Process each TPKT */ 1107 while (get_tpkt_data(skb, protoff, ct, ctinfo, 1108 &data, &datalen, &dataoff)) { 1109 pr_debug("nf_ct_q931: TPKT len=%d ", datalen); 1110 nf_ct_dump_tuple(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple); 1111 1112 /* Decode Q.931 signal */ 1113 ret = DecodeQ931(data, datalen, &q931); 1114 if (ret < 0) { 1115 pr_debug("nf_ct_q931: decoding error: %s\n", 1116 ret == H323_ERROR_BOUND ? 1117 "out of bound" : "out of range"); 1118 /* We don't drop when decoding error */ 1119 break; 1120 } 1121 1122 /* Process Q.931 signal */ 1123 if (process_q931(skb, ct, ctinfo, protoff, 1124 &data, dataoff, &q931) < 0) 1125 goto drop; 1126 } 1127 1128 spin_unlock_bh(&nf_h323_lock); 1129 return NF_ACCEPT; 1130 1131 drop: 1132 spin_unlock_bh(&nf_h323_lock); 1133 nf_ct_helper_log(skb, ct, "cannot process Q.931 message"); 1134 return NF_DROP; 1135 } 1136 1137 static const struct nf_conntrack_expect_policy q931_exp_policy = { 1138 /* T.120 and H.245 */ 1139 .max_expected = H323_RTP_CHANNEL_MAX * 4 + 4, 1140 .timeout = 240, 1141 }; 1142 1143 static struct nf_conntrack_helper nf_conntrack_helper_q931[] __read_mostly = { 1144 { 1145 .name = "Q.931", 1146 .me = THIS_MODULE, 1147 .tuple.src.l3num = AF_INET, 1148 .tuple.src.u.tcp.port = cpu_to_be16(Q931_PORT), 1149 .tuple.dst.protonum = IPPROTO_TCP, 1150 .help = q931_help, 1151 .expect_policy = &q931_exp_policy, 1152 }, 1153 { 1154 .name = "Q.931", 1155 .me = THIS_MODULE, 1156 .tuple.src.l3num = AF_INET6, 1157 .tuple.src.u.tcp.port = cpu_to_be16(Q931_PORT), 1158 .tuple.dst.protonum = IPPROTO_TCP, 1159 .help = q931_help, 1160 .expect_policy = &q931_exp_policy, 1161 }, 1162 }; 1163 1164 static unsigned char *get_udp_data(struct sk_buff *skb, unsigned int protoff, 1165 int *datalen) 1166 { 1167 const struct udphdr *uh; 1168 struct udphdr _uh; 1169 int dataoff; 1170 1171 uh = skb_header_pointer(skb, protoff, sizeof(_uh), &_uh); 1172 if (uh == NULL) 1173 return NULL; 1174 dataoff = protoff + sizeof(_uh); 1175 if (dataoff >= skb->len) 1176 return NULL; 1177 *datalen = skb->len - dataoff; 1178 if (*datalen > H323_MAX_SIZE) 1179 *datalen = H323_MAX_SIZE; 1180 1181 return skb_header_pointer(skb, dataoff, *datalen, h323_buffer); 1182 } 1183 1184 static struct nf_conntrack_expect *find_expect(struct nf_conn *ct, 1185 union nf_inet_addr *addr, 1186 __be16 port) 1187 { 1188 struct net *net = nf_ct_net(ct); 1189 struct nf_conntrack_expect *exp; 1190 struct nf_conntrack_tuple tuple = { 1191 .src.l3num = nf_ct_l3num(ct), 1192 .dst.protonum = IPPROTO_TCP, 1193 .dst.u.tcp.port = port, 1194 }; 1195 1196 memcpy(&tuple.dst.u3, addr, sizeof(tuple.dst.u3)); 1197 1198 exp = __nf_ct_expect_find(net, nf_ct_zone(ct), &tuple); 1199 if (exp && exp->master == ct) 1200 return exp; 1201 return NULL; 1202 } 1203 1204 static int expect_q931(struct sk_buff *skb, struct nf_conn *ct, 1205 enum ip_conntrack_info ctinfo, 1206 unsigned int protoff, unsigned char **data, 1207 TransportAddress *taddr, int count) 1208 { 1209 struct nf_ct_h323_master *info = nfct_help_data(ct); 1210 const struct nfct_h323_nat_hooks *nathook; 1211 int dir = CTINFO2DIR(ctinfo); 1212 int ret = 0; 1213 int i; 1214 __be16 port; 1215 union nf_inet_addr addr; 1216 struct nf_conntrack_expect *exp; 1217 1218 /* Look for the first related address */ 1219 for (i = 0; i < count; i++) { 1220 if (get_h225_addr(ct, *data, &taddr[i], &addr, &port) && 1221 memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, 1222 sizeof(addr)) == 0 && port != 0) 1223 break; 1224 } 1225 1226 if (i >= count) /* Not found */ 1227 return 0; 1228 1229 /* Create expect for Q.931 */ 1230 if ((exp = nf_ct_expect_alloc(ct)) == NULL) 1231 return -1; 1232 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct), 1233 gkrouted_only ? /* only accept calls from GK? */ 1234 &ct->tuplehash[!dir].tuple.src.u3 : NULL, 1235 &ct->tuplehash[!dir].tuple.dst.u3, 1236 IPPROTO_TCP, NULL, &port); 1237 rcu_assign_pointer(exp->helper, nf_conntrack_helper_q931); 1238 exp->flags = NF_CT_EXPECT_PERMANENT; /* Accept multiple calls */ 1239 1240 nathook = rcu_dereference(nfct_h323_nat_hook); 1241 if (nathook && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1242 ct->status & IPS_NAT_MASK) { /* Need NAT */ 1243 ret = nathook->nat_q931(skb, ct, ctinfo, protoff, data, 1244 taddr, i, port, exp); 1245 } else { /* Conntrack only */ 1246 if (nf_ct_expect_related(exp, 0) == 0) { 1247 pr_debug("nf_ct_ras: expect Q.931 "); 1248 nf_ct_dump_tuple(&exp->tuple); 1249 1250 /* Save port for looking up expect in processing RCF */ 1251 info->sig_port[dir] = port; 1252 } else 1253 ret = -1; 1254 } 1255 1256 nf_ct_expect_put(exp); 1257 1258 return ret; 1259 } 1260 1261 static int process_grq(struct sk_buff *skb, struct nf_conn *ct, 1262 enum ip_conntrack_info ctinfo, 1263 unsigned int protoff, 1264 unsigned char **data, GatekeeperRequest *grq) 1265 { 1266 const struct nfct_h323_nat_hooks *nathook; 1267 1268 pr_debug("nf_ct_ras: GRQ\n"); 1269 1270 nathook = rcu_dereference(nfct_h323_nat_hook); 1271 if (nathook && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1272 ct->status & IPS_NAT_MASK) /* NATed */ 1273 return nathook->set_ras_addr(skb, ct, ctinfo, protoff, data, 1274 &grq->rasAddress, 1); 1275 return 0; 1276 } 1277 1278 static int process_gcf(struct sk_buff *skb, struct nf_conn *ct, 1279 enum ip_conntrack_info ctinfo, 1280 unsigned int protoff, 1281 unsigned char **data, GatekeeperConfirm *gcf) 1282 { 1283 int dir = CTINFO2DIR(ctinfo); 1284 int ret = 0; 1285 __be16 port; 1286 union nf_inet_addr addr; 1287 struct nf_conntrack_expect *exp; 1288 1289 pr_debug("nf_ct_ras: GCF\n"); 1290 1291 if (!get_h225_addr(ct, *data, &gcf->rasAddress, &addr, &port)) 1292 return 0; 1293 1294 /* Registration port is the same as discovery port */ 1295 if (!memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) && 1296 port == ct->tuplehash[dir].tuple.src.u.udp.port) 1297 return 0; 1298 1299 /* Avoid RAS expectation loops. A GCF is never expected. */ 1300 if (test_bit(IPS_EXPECTED_BIT, &ct->status)) 1301 return 0; 1302 1303 /* Need new expect */ 1304 if ((exp = nf_ct_expect_alloc(ct)) == NULL) 1305 return -1; 1306 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct), 1307 &ct->tuplehash[!dir].tuple.src.u3, &addr, 1308 IPPROTO_UDP, NULL, &port); 1309 rcu_assign_pointer(exp->helper, nf_conntrack_helper_ras); 1310 1311 if (nf_ct_expect_related(exp, 0) == 0) { 1312 pr_debug("nf_ct_ras: expect RAS "); 1313 nf_ct_dump_tuple(&exp->tuple); 1314 } else 1315 ret = -1; 1316 1317 nf_ct_expect_put(exp); 1318 1319 return ret; 1320 } 1321 1322 static int process_rrq(struct sk_buff *skb, struct nf_conn *ct, 1323 enum ip_conntrack_info ctinfo, 1324 unsigned int protoff, 1325 unsigned char **data, RegistrationRequest *rrq) 1326 { 1327 struct nf_ct_h323_master *info = nfct_help_data(ct); 1328 const struct nfct_h323_nat_hooks *nathook; 1329 int ret; 1330 1331 pr_debug("nf_ct_ras: RRQ\n"); 1332 1333 ret = expect_q931(skb, ct, ctinfo, protoff, data, 1334 rrq->callSignalAddress.item, 1335 rrq->callSignalAddress.count); 1336 if (ret < 0) 1337 return -1; 1338 1339 nathook = rcu_dereference(nfct_h323_nat_hook); 1340 if (nathook && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1341 ct->status & IPS_NAT_MASK) { 1342 ret = nathook->set_ras_addr(skb, ct, ctinfo, protoff, data, 1343 rrq->rasAddress.item, 1344 rrq->rasAddress.count); 1345 if (ret < 0) 1346 return -1; 1347 } 1348 1349 if (rrq->options & eRegistrationRequest_timeToLive) { 1350 pr_debug("nf_ct_ras: RRQ TTL = %u seconds\n", rrq->timeToLive); 1351 info->timeout = rrq->timeToLive; 1352 } else 1353 info->timeout = default_rrq_ttl; 1354 1355 return 0; 1356 } 1357 1358 static int process_rcf(struct sk_buff *skb, struct nf_conn *ct, 1359 enum ip_conntrack_info ctinfo, 1360 unsigned int protoff, 1361 unsigned char **data, RegistrationConfirm *rcf) 1362 { 1363 struct nf_ct_h323_master *info = nfct_help_data(ct); 1364 const struct nfct_h323_nat_hooks *nathook; 1365 int dir = CTINFO2DIR(ctinfo); 1366 int ret; 1367 struct nf_conntrack_expect *exp; 1368 1369 pr_debug("nf_ct_ras: RCF\n"); 1370 1371 nathook = rcu_dereference(nfct_h323_nat_hook); 1372 if (nathook && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1373 ct->status & IPS_NAT_MASK) { 1374 ret = nathook->set_sig_addr(skb, ct, ctinfo, protoff, data, 1375 rcf->callSignalAddress.item, 1376 rcf->callSignalAddress.count); 1377 if (ret < 0) 1378 return -1; 1379 } 1380 1381 if (rcf->options & eRegistrationConfirm_timeToLive) { 1382 pr_debug("nf_ct_ras: RCF TTL = %u seconds\n", rcf->timeToLive); 1383 info->timeout = rcf->timeToLive; 1384 } 1385 1386 if (info->timeout > 0) { 1387 pr_debug("nf_ct_ras: set RAS connection timeout to " 1388 "%u seconds\n", info->timeout); 1389 nf_ct_refresh(ct, info->timeout * HZ); 1390 1391 /* Set expect timeout */ 1392 spin_lock_bh(&nf_conntrack_expect_lock); 1393 exp = find_expect(ct, &ct->tuplehash[dir].tuple.dst.u3, 1394 info->sig_port[!dir]); 1395 if (exp) { 1396 pr_debug("nf_ct_ras: set Q.931 expect " 1397 "timeout to %u seconds for", 1398 info->timeout); 1399 nf_ct_dump_tuple(&exp->tuple); 1400 mod_timer_pending(&exp->timeout, 1401 jiffies + info->timeout * HZ); 1402 } 1403 spin_unlock_bh(&nf_conntrack_expect_lock); 1404 } 1405 1406 return 0; 1407 } 1408 1409 static int process_urq(struct sk_buff *skb, struct nf_conn *ct, 1410 enum ip_conntrack_info ctinfo, 1411 unsigned int protoff, 1412 unsigned char **data, UnregistrationRequest *urq) 1413 { 1414 struct nf_ct_h323_master *info = nfct_help_data(ct); 1415 const struct nfct_h323_nat_hooks *nathook; 1416 int dir = CTINFO2DIR(ctinfo); 1417 int ret; 1418 1419 pr_debug("nf_ct_ras: URQ\n"); 1420 1421 nathook = rcu_dereference(nfct_h323_nat_hook); 1422 if (nathook && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1423 ct->status & IPS_NAT_MASK) { 1424 ret = nathook->set_sig_addr(skb, ct, ctinfo, protoff, data, 1425 urq->callSignalAddress.item, 1426 urq->callSignalAddress.count); 1427 if (ret < 0) 1428 return -1; 1429 } 1430 1431 /* Clear old expect */ 1432 nf_ct_remove_expectations(ct); 1433 info->sig_port[dir] = 0; 1434 info->sig_port[!dir] = 0; 1435 1436 /* Give it 30 seconds for UCF or URJ */ 1437 nf_ct_refresh(ct, 30 * HZ); 1438 1439 return 0; 1440 } 1441 1442 static int process_arq(struct sk_buff *skb, struct nf_conn *ct, 1443 enum ip_conntrack_info ctinfo, 1444 unsigned int protoff, 1445 unsigned char **data, AdmissionRequest *arq) 1446 { 1447 const struct nf_ct_h323_master *info = nfct_help_data(ct); 1448 const struct nfct_h323_nat_hooks *nathook; 1449 int dir = CTINFO2DIR(ctinfo); 1450 __be16 port; 1451 union nf_inet_addr addr; 1452 1453 pr_debug("nf_ct_ras: ARQ\n"); 1454 1455 nathook = rcu_dereference(nfct_h323_nat_hook); 1456 if (!nathook) 1457 return 0; 1458 1459 if ((arq->options & eAdmissionRequest_destCallSignalAddress) && 1460 get_h225_addr(ct, *data, &arq->destCallSignalAddress, 1461 &addr, &port) && 1462 !memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) && 1463 port == info->sig_port[dir] && 1464 nf_ct_l3num(ct) == NFPROTO_IPV4 && 1465 ct->status & IPS_NAT_MASK) { 1466 /* Answering ARQ */ 1467 return nathook->set_h225_addr(skb, protoff, data, 0, 1468 &arq->destCallSignalAddress, 1469 &ct->tuplehash[!dir].tuple.dst.u3, 1470 info->sig_port[!dir]); 1471 } 1472 1473 if ((arq->options & eAdmissionRequest_srcCallSignalAddress) && 1474 get_h225_addr(ct, *data, &arq->srcCallSignalAddress, 1475 &addr, &port) && 1476 !memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) && 1477 nf_ct_l3num(ct) == NFPROTO_IPV4 && 1478 ct->status & IPS_NAT_MASK) { 1479 /* Calling ARQ */ 1480 return nathook->set_h225_addr(skb, protoff, data, 0, 1481 &arq->srcCallSignalAddress, 1482 &ct->tuplehash[!dir].tuple.dst.u3, 1483 port); 1484 } 1485 1486 return 0; 1487 } 1488 1489 static int process_acf(struct sk_buff *skb, struct nf_conn *ct, 1490 enum ip_conntrack_info ctinfo, 1491 unsigned int protoff, 1492 unsigned char **data, AdmissionConfirm *acf) 1493 { 1494 int dir = CTINFO2DIR(ctinfo); 1495 int ret = 0; 1496 __be16 port; 1497 union nf_inet_addr addr; 1498 struct nf_conntrack_expect *exp; 1499 1500 pr_debug("nf_ct_ras: ACF\n"); 1501 1502 if (!get_h225_addr(ct, *data, &acf->destCallSignalAddress, 1503 &addr, &port)) 1504 return 0; 1505 1506 if (!memcmp(&addr, &ct->tuplehash[dir].tuple.dst.u3, sizeof(addr))) { 1507 const struct nfct_h323_nat_hooks *nathook; 1508 1509 /* Answering ACF */ 1510 nathook = rcu_dereference(nfct_h323_nat_hook); 1511 if (nathook && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1512 ct->status & IPS_NAT_MASK) 1513 return nathook->set_sig_addr(skb, ct, ctinfo, protoff, 1514 data, 1515 &acf->destCallSignalAddress, 1); 1516 return 0; 1517 } 1518 1519 /* Need new expect */ 1520 if ((exp = nf_ct_expect_alloc(ct)) == NULL) 1521 return -1; 1522 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct), 1523 &ct->tuplehash[!dir].tuple.src.u3, &addr, 1524 IPPROTO_TCP, NULL, &port); 1525 exp->flags = NF_CT_EXPECT_PERMANENT; 1526 rcu_assign_pointer(exp->helper, nf_conntrack_helper_q931); 1527 1528 if (nf_ct_expect_related(exp, 0) == 0) { 1529 pr_debug("nf_ct_ras: expect Q.931 "); 1530 nf_ct_dump_tuple(&exp->tuple); 1531 } else 1532 ret = -1; 1533 1534 nf_ct_expect_put(exp); 1535 1536 return ret; 1537 } 1538 1539 static int process_lrq(struct sk_buff *skb, struct nf_conn *ct, 1540 enum ip_conntrack_info ctinfo, 1541 unsigned int protoff, 1542 unsigned char **data, LocationRequest *lrq) 1543 { 1544 const struct nfct_h323_nat_hooks *nathook; 1545 1546 pr_debug("nf_ct_ras: LRQ\n"); 1547 1548 nathook = rcu_dereference(nfct_h323_nat_hook); 1549 if (nathook && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1550 ct->status & IPS_NAT_MASK) 1551 return nathook->set_ras_addr(skb, ct, ctinfo, protoff, data, 1552 &lrq->replyAddress, 1); 1553 return 0; 1554 } 1555 1556 static int process_lcf(struct sk_buff *skb, struct nf_conn *ct, 1557 enum ip_conntrack_info ctinfo, 1558 unsigned int protoff, 1559 unsigned char **data, LocationConfirm *lcf) 1560 { 1561 int dir = CTINFO2DIR(ctinfo); 1562 int ret = 0; 1563 __be16 port; 1564 union nf_inet_addr addr; 1565 struct nf_conntrack_expect *exp; 1566 1567 pr_debug("nf_ct_ras: LCF\n"); 1568 1569 if (!get_h225_addr(ct, *data, &lcf->callSignalAddress, 1570 &addr, &port)) 1571 return 0; 1572 1573 /* Need new expect for call signal */ 1574 if ((exp = nf_ct_expect_alloc(ct)) == NULL) 1575 return -1; 1576 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct), 1577 &ct->tuplehash[!dir].tuple.src.u3, &addr, 1578 IPPROTO_TCP, NULL, &port); 1579 exp->flags = NF_CT_EXPECT_PERMANENT; 1580 rcu_assign_pointer(exp->helper, nf_conntrack_helper_q931); 1581 1582 if (nf_ct_expect_related(exp, 0) == 0) { 1583 pr_debug("nf_ct_ras: expect Q.931 "); 1584 nf_ct_dump_tuple(&exp->tuple); 1585 } else 1586 ret = -1; 1587 1588 nf_ct_expect_put(exp); 1589 1590 /* Ignore rasAddress */ 1591 1592 return ret; 1593 } 1594 1595 static int process_irr(struct sk_buff *skb, struct nf_conn *ct, 1596 enum ip_conntrack_info ctinfo, 1597 unsigned int protoff, 1598 unsigned char **data, InfoRequestResponse *irr) 1599 { 1600 const struct nfct_h323_nat_hooks *nathook; 1601 int ret; 1602 1603 pr_debug("nf_ct_ras: IRR\n"); 1604 1605 nathook = rcu_dereference(nfct_h323_nat_hook); 1606 if (nathook && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1607 ct->status & IPS_NAT_MASK) { 1608 ret = nathook->set_ras_addr(skb, ct, ctinfo, protoff, data, 1609 &irr->rasAddress, 1); 1610 if (ret < 0) 1611 return -1; 1612 1613 ret = nathook->set_sig_addr(skb, ct, ctinfo, protoff, data, 1614 irr->callSignalAddress.item, 1615 irr->callSignalAddress.count); 1616 if (ret < 0) 1617 return -1; 1618 } 1619 1620 return 0; 1621 } 1622 1623 static int process_ras(struct sk_buff *skb, struct nf_conn *ct, 1624 enum ip_conntrack_info ctinfo, 1625 unsigned int protoff, 1626 unsigned char **data, RasMessage *ras) 1627 { 1628 switch (ras->choice) { 1629 case eRasMessage_gatekeeperRequest: 1630 return process_grq(skb, ct, ctinfo, protoff, data, 1631 &ras->gatekeeperRequest); 1632 case eRasMessage_gatekeeperConfirm: 1633 return process_gcf(skb, ct, ctinfo, protoff, data, 1634 &ras->gatekeeperConfirm); 1635 case eRasMessage_registrationRequest: 1636 return process_rrq(skb, ct, ctinfo, protoff, data, 1637 &ras->registrationRequest); 1638 case eRasMessage_registrationConfirm: 1639 return process_rcf(skb, ct, ctinfo, protoff, data, 1640 &ras->registrationConfirm); 1641 case eRasMessage_unregistrationRequest: 1642 return process_urq(skb, ct, ctinfo, protoff, data, 1643 &ras->unregistrationRequest); 1644 case eRasMessage_admissionRequest: 1645 return process_arq(skb, ct, ctinfo, protoff, data, 1646 &ras->admissionRequest); 1647 case eRasMessage_admissionConfirm: 1648 return process_acf(skb, ct, ctinfo, protoff, data, 1649 &ras->admissionConfirm); 1650 case eRasMessage_locationRequest: 1651 return process_lrq(skb, ct, ctinfo, protoff, data, 1652 &ras->locationRequest); 1653 case eRasMessage_locationConfirm: 1654 return process_lcf(skb, ct, ctinfo, protoff, data, 1655 &ras->locationConfirm); 1656 case eRasMessage_infoRequestResponse: 1657 return process_irr(skb, ct, ctinfo, protoff, data, 1658 &ras->infoRequestResponse); 1659 default: 1660 pr_debug("nf_ct_ras: RAS message %d\n", ras->choice); 1661 break; 1662 } 1663 1664 return 0; 1665 } 1666 1667 static int ras_help(struct sk_buff *skb, unsigned int protoff, 1668 struct nf_conn *ct, enum ip_conntrack_info ctinfo) 1669 { 1670 static RasMessage ras; 1671 unsigned char *data; 1672 int datalen = 0; 1673 int ret; 1674 1675 pr_debug("nf_ct_ras: skblen = %u\n", skb->len); 1676 1677 spin_lock_bh(&nf_h323_lock); 1678 1679 /* Get UDP data */ 1680 data = get_udp_data(skb, protoff, &datalen); 1681 if (data == NULL) 1682 goto accept; 1683 pr_debug("nf_ct_ras: RAS message len=%d ", datalen); 1684 nf_ct_dump_tuple(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple); 1685 1686 /* Decode RAS message */ 1687 ret = DecodeRasMessage(data, datalen, &ras); 1688 if (ret < 0) { 1689 pr_debug("nf_ct_ras: decoding error: %s\n", 1690 ret == H323_ERROR_BOUND ? 1691 "out of bound" : "out of range"); 1692 goto accept; 1693 } 1694 1695 /* Process RAS message */ 1696 if (process_ras(skb, ct, ctinfo, protoff, &data, &ras) < 0) 1697 goto drop; 1698 1699 accept: 1700 spin_unlock_bh(&nf_h323_lock); 1701 return NF_ACCEPT; 1702 1703 drop: 1704 spin_unlock_bh(&nf_h323_lock); 1705 nf_ct_helper_log(skb, ct, "cannot process RAS message"); 1706 return NF_DROP; 1707 } 1708 1709 static const struct nf_conntrack_expect_policy ras_exp_policy = { 1710 .max_expected = 32, 1711 .timeout = 240, 1712 }; 1713 1714 static struct nf_conntrack_helper nf_conntrack_helper_ras[] __read_mostly = { 1715 { 1716 .name = "RAS", 1717 .me = THIS_MODULE, 1718 .tuple.src.l3num = AF_INET, 1719 .tuple.src.u.udp.port = cpu_to_be16(RAS_PORT), 1720 .tuple.dst.protonum = IPPROTO_UDP, 1721 .help = ras_help, 1722 .expect_policy = &ras_exp_policy, 1723 }, 1724 { 1725 .name = "RAS", 1726 .me = THIS_MODULE, 1727 .tuple.src.l3num = AF_INET6, 1728 .tuple.src.u.udp.port = cpu_to_be16(RAS_PORT), 1729 .tuple.dst.protonum = IPPROTO_UDP, 1730 .help = ras_help, 1731 .expect_policy = &ras_exp_policy, 1732 }, 1733 }; 1734 1735 static int __init h323_helper_init(void) 1736 { 1737 int ret; 1738 1739 ret = nf_conntrack_helper_register(&nf_conntrack_helper_h245); 1740 if (ret < 0) 1741 return ret; 1742 ret = nf_conntrack_helpers_register(nf_conntrack_helper_q931, 1743 ARRAY_SIZE(nf_conntrack_helper_q931)); 1744 if (ret < 0) 1745 goto err1; 1746 ret = nf_conntrack_helpers_register(nf_conntrack_helper_ras, 1747 ARRAY_SIZE(nf_conntrack_helper_ras)); 1748 if (ret < 0) 1749 goto err2; 1750 1751 return 0; 1752 err2: 1753 nf_conntrack_helpers_unregister(nf_conntrack_helper_q931, 1754 ARRAY_SIZE(nf_conntrack_helper_q931)); 1755 err1: 1756 nf_conntrack_helper_unregister(&nf_conntrack_helper_h245); 1757 return ret; 1758 } 1759 1760 static void __exit h323_helper_exit(void) 1761 { 1762 nf_conntrack_helpers_unregister(nf_conntrack_helper_ras, 1763 ARRAY_SIZE(nf_conntrack_helper_ras)); 1764 nf_conntrack_helpers_unregister(nf_conntrack_helper_q931, 1765 ARRAY_SIZE(nf_conntrack_helper_q931)); 1766 nf_conntrack_helper_unregister(&nf_conntrack_helper_h245); 1767 } 1768 1769 static void __exit nf_conntrack_h323_fini(void) 1770 { 1771 h323_helper_exit(); 1772 kfree(h323_buffer); 1773 pr_debug("nf_ct_h323: fini\n"); 1774 } 1775 1776 static int __init nf_conntrack_h323_init(void) 1777 { 1778 int ret; 1779 1780 NF_CT_HELPER_BUILD_BUG_ON(sizeof(struct nf_ct_h323_master)); 1781 1782 h323_buffer = kmalloc(H323_MAX_SIZE + 1, GFP_KERNEL); 1783 if (!h323_buffer) 1784 return -ENOMEM; 1785 ret = h323_helper_init(); 1786 if (ret < 0) 1787 goto err1; 1788 pr_debug("nf_ct_h323: init success\n"); 1789 return 0; 1790 err1: 1791 kfree(h323_buffer); 1792 return ret; 1793 } 1794 1795 module_init(nf_conntrack_h323_init); 1796 module_exit(nf_conntrack_h323_fini); 1797 1798 MODULE_AUTHOR("Jing Min Zhao <zhaojingmin@users.sourceforge.net>"); 1799 MODULE_DESCRIPTION("H.323 connection tracking helper"); 1800 MODULE_LICENSE("GPL"); 1801 MODULE_ALIAS("ip_conntrack_h323"); 1802 MODULE_ALIAS_NFCT_HELPER("RAS"); 1803 MODULE_ALIAS_NFCT_HELPER("Q.931"); 1804 MODULE_ALIAS_NFCT_HELPER("H.245"); 1805