Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
[sfrench/cifs-2.6.git] / net / ipv4 / netfilter / ip_conntrack_helper_h323.c
1 /*
2  * H.323 connection tracking helper
3  *
4  * Copyright (c) 2006 Jing Min Zhao <zhaojingmin@users.sourceforge.net>
5  *
6  * This source code is licensed under General Public License version 2.
7  *
8  * Based on the 'brute force' H.323 connection tracking module by
9  * Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
10  *
11  * For more information, please see http://nath323.sourceforge.net/
12  */
13
14 #include <linux/module.h>
15 #include <linux/netfilter.h>
16 #include <linux/ip.h>
17 #include <net/tcp.h>
18 #include <linux/netfilter_ipv4/ip_conntrack.h>
19 #include <linux/netfilter_ipv4/ip_conntrack_core.h>
20 #include <linux/netfilter_ipv4/ip_conntrack_helper.h>
21 #include <linux/netfilter_ipv4/ip_conntrack_tuple.h>
22 #include <linux/netfilter_ipv4/ip_conntrack_h323.h>
23 #include <linux/moduleparam.h>
24 #include <linux/ctype.h>
25 #include <linux/inet.h>
26
27 #if 0
28 #define DEBUGP printk
29 #else
30 #define DEBUGP(format, args...)
31 #endif
32
33 /* Parameters */
34 static unsigned int default_rrq_ttl = 300;
35 module_param(default_rrq_ttl, uint, 0600);
36 MODULE_PARM_DESC(default_rrq_ttl, "use this TTL if it's missing in RRQ");
37
38 static int gkrouted_only = 1;
39 module_param(gkrouted_only, int, 0600);
40 MODULE_PARM_DESC(gkrouted_only, "only accept calls from gatekeeper");
41
42 static int callforward_filter = 1;
43 module_param(callforward_filter, bool, 0600);
44 MODULE_PARM_DESC(callforward_filter, "only create call forwarding expectations "
45                                      "if both endpoints are on different sides "
46                                      "(determined by routing information)");
47
48 /* Hooks for NAT */
49 int (*set_h245_addr_hook) (struct sk_buff ** pskb,
50                            unsigned char **data, int dataoff,
51                            H245_TransportAddress * addr,
52                            __be32 ip, u_int16_t port);
53 int (*set_h225_addr_hook) (struct sk_buff ** pskb,
54                            unsigned char **data, int dataoff,
55                            TransportAddress * addr,
56                            __be32 ip, u_int16_t port);
57 int (*set_sig_addr_hook) (struct sk_buff ** pskb,
58                           struct ip_conntrack * ct,
59                           enum ip_conntrack_info ctinfo,
60                           unsigned char **data,
61                           TransportAddress * addr, int count);
62 int (*set_ras_addr_hook) (struct sk_buff ** pskb,
63                           struct ip_conntrack * ct,
64                           enum ip_conntrack_info ctinfo,
65                           unsigned char **data,
66                           TransportAddress * addr, int count);
67 int (*nat_rtp_rtcp_hook) (struct sk_buff ** pskb,
68                           struct ip_conntrack * ct,
69                           enum ip_conntrack_info ctinfo,
70                           unsigned char **data, int dataoff,
71                           H245_TransportAddress * addr,
72                           u_int16_t port, u_int16_t rtp_port,
73                           struct ip_conntrack_expect * rtp_exp,
74                           struct ip_conntrack_expect * rtcp_exp);
75 int (*nat_t120_hook) (struct sk_buff ** pskb,
76                       struct ip_conntrack * ct,
77                       enum ip_conntrack_info ctinfo,
78                       unsigned char **data, int dataoff,
79                       H245_TransportAddress * addr, u_int16_t port,
80                       struct ip_conntrack_expect * exp);
81 int (*nat_h245_hook) (struct sk_buff ** pskb,
82                       struct ip_conntrack * ct,
83                       enum ip_conntrack_info ctinfo,
84                       unsigned char **data, int dataoff,
85                       TransportAddress * addr, u_int16_t port,
86                       struct ip_conntrack_expect * exp);
87 int (*nat_callforwarding_hook) (struct sk_buff ** pskb,
88                                 struct ip_conntrack * ct,
89                                 enum ip_conntrack_info ctinfo,
90                                 unsigned char **data, int dataoff,
91                                 TransportAddress * addr, u_int16_t port,
92                                 struct ip_conntrack_expect * exp);
93 int (*nat_q931_hook) (struct sk_buff ** pskb,
94                       struct ip_conntrack * ct,
95                       enum ip_conntrack_info ctinfo,
96                       unsigned char **data, TransportAddress * addr, int idx,
97                       u_int16_t port, struct ip_conntrack_expect * exp);
98
99
100 static DEFINE_SPINLOCK(ip_h323_lock);
101 static char *h323_buffer;
102
103 /****************************************************************************/
104 static int get_tpkt_data(struct sk_buff **pskb, struct ip_conntrack *ct,
105                          enum ip_conntrack_info ctinfo,
106                          unsigned char **data, int *datalen, int *dataoff)
107 {
108         struct ip_ct_h323_master *info = &ct->help.ct_h323_info;
109         int dir = CTINFO2DIR(ctinfo);
110         struct tcphdr _tcph, *th;
111         int tcpdatalen;
112         int tcpdataoff;
113         unsigned char *tpkt;
114         int tpktlen;
115         int tpktoff;
116
117         /* Get TCP header */
118         th = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl * 4,
119                                 sizeof(_tcph), &_tcph);
120         if (th == NULL)
121                 return 0;
122
123         /* Get TCP data offset */
124         tcpdataoff = (*pskb)->nh.iph->ihl * 4 + th->doff * 4;
125
126         /* Get TCP data length */
127         tcpdatalen = (*pskb)->len - tcpdataoff;
128         if (tcpdatalen <= 0)    /* No TCP data */
129                 goto clear_out;
130
131         if (*data == NULL) {    /* first TPKT */
132                 /* Get first TPKT pointer */
133                 tpkt = skb_header_pointer(*pskb, tcpdataoff, tcpdatalen,
134                                           h323_buffer);
135                 BUG_ON(tpkt == NULL);
136
137                 /* Validate TPKT identifier */
138                 if (tcpdatalen < 4 || tpkt[0] != 0x03 || tpkt[1] != 0) {
139                         /* Netmeeting sends TPKT header and data separately */
140                         if (info->tpkt_len[dir] > 0) {
141                                 DEBUGP("ip_ct_h323: previous packet "
142                                        "indicated separate TPKT data of %hu "
143                                        "bytes\n", info->tpkt_len[dir]);
144                                 if (info->tpkt_len[dir] <= tcpdatalen) {
145                                         /* Yes, there was a TPKT header
146                                          * received */
147                                         *data = tpkt;
148                                         *datalen = info->tpkt_len[dir];
149                                         *dataoff = 0;
150                                         goto out;
151                                 }
152
153                                 /* Fragmented TPKT */
154                                 if (net_ratelimit())
155                                         printk("ip_ct_h323: "
156                                                "fragmented TPKT\n");
157                                 goto clear_out;
158                         }
159
160                         /* It is not even a TPKT */
161                         return 0;
162                 }
163                 tpktoff = 0;
164         } else {                /* Next TPKT */
165                 tpktoff = *dataoff + *datalen;
166                 tcpdatalen -= tpktoff;
167                 if (tcpdatalen <= 4)    /* No more TPKT */
168                         goto clear_out;
169                 tpkt = *data + *datalen;
170
171                 /* Validate TPKT identifier */
172                 if (tpkt[0] != 0x03 || tpkt[1] != 0)
173                         goto clear_out;
174         }
175
176         /* Validate TPKT length */
177         tpktlen = tpkt[2] * 256 + tpkt[3];
178         if (tpktlen < 4)
179                 goto clear_out;
180         if (tpktlen > tcpdatalen) {
181                 if (tcpdatalen == 4) {  /* Separate TPKT header */
182                         /* Netmeeting sends TPKT header and data separately */
183                         DEBUGP("ip_ct_h323: separate TPKT header indicates "
184                                "there will be TPKT data of %hu bytes\n",
185                                tpktlen - 4);
186                         info->tpkt_len[dir] = tpktlen - 4;
187                         return 0;
188                 }
189
190                 if (net_ratelimit())
191                         printk("ip_ct_h323: incomplete TPKT (fragmented?)\n");
192                 goto clear_out;
193         }
194
195         /* This is the encapsulated data */
196         *data = tpkt + 4;
197         *datalen = tpktlen - 4;
198         *dataoff = tpktoff + 4;
199
200       out:
201         /* Clear TPKT length */
202         info->tpkt_len[dir] = 0;
203         return 1;
204
205       clear_out:
206         info->tpkt_len[dir] = 0;
207         return 0;
208 }
209
210 /****************************************************************************/
211 static int get_h245_addr(unsigned char *data, H245_TransportAddress * addr,
212                          __be32 * ip, u_int16_t * port)
213 {
214         unsigned char *p;
215
216         if (addr->choice != eH245_TransportAddress_unicastAddress ||
217             addr->unicastAddress.choice != eUnicastAddress_iPAddress)
218                 return 0;
219
220         p = data + addr->unicastAddress.iPAddress.network;
221         *ip = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | (p[3]));
222         *port = (p[4] << 8) | (p[5]);
223
224         return 1;
225 }
226
227 /****************************************************************************/
228 static int expect_rtp_rtcp(struct sk_buff **pskb, struct ip_conntrack *ct,
229                            enum ip_conntrack_info ctinfo,
230                            unsigned char **data, int dataoff,
231                            H245_TransportAddress * addr)
232 {
233         int dir = CTINFO2DIR(ctinfo);
234         int ret = 0;
235         __be32 ip;
236         u_int16_t port;
237         u_int16_t rtp_port;
238         struct ip_conntrack_expect *rtp_exp;
239         struct ip_conntrack_expect *rtcp_exp;
240
241         /* Read RTP or RTCP address */
242         if (!get_h245_addr(*data, addr, &ip, &port) ||
243             ip != ct->tuplehash[dir].tuple.src.ip || port == 0)
244                 return 0;
245
246         /* RTP port is even */
247         rtp_port = port & (~1);
248
249         /* Create expect for RTP */
250         if ((rtp_exp = ip_conntrack_expect_alloc(ct)) == NULL)
251                 return -1;
252         rtp_exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
253         rtp_exp->tuple.src.u.udp.port = 0;
254         rtp_exp->tuple.dst.ip = ct->tuplehash[!dir].tuple.dst.ip;
255         rtp_exp->tuple.dst.u.udp.port = htons(rtp_port);
256         rtp_exp->tuple.dst.protonum = IPPROTO_UDP;
257         rtp_exp->mask.src.ip = htonl(0xFFFFFFFF);
258         rtp_exp->mask.src.u.udp.port = 0;
259         rtp_exp->mask.dst.ip = htonl(0xFFFFFFFF);
260         rtp_exp->mask.dst.u.udp.port = htons(0xFFFF);
261         rtp_exp->mask.dst.protonum = 0xFF;
262         rtp_exp->flags = 0;
263
264         /* Create expect for RTCP */
265         if ((rtcp_exp = ip_conntrack_expect_alloc(ct)) == NULL) {
266                 ip_conntrack_expect_put(rtp_exp);
267                 return -1;
268         }
269         rtcp_exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
270         rtcp_exp->tuple.src.u.udp.port = 0;
271         rtcp_exp->tuple.dst.ip = ct->tuplehash[!dir].tuple.dst.ip;
272         rtcp_exp->tuple.dst.u.udp.port = htons(rtp_port + 1);
273         rtcp_exp->tuple.dst.protonum = IPPROTO_UDP;
274         rtcp_exp->mask.src.ip = htonl(0xFFFFFFFF);
275         rtcp_exp->mask.src.u.udp.port = 0;
276         rtcp_exp->mask.dst.ip = htonl(0xFFFFFFFF);
277         rtcp_exp->mask.dst.u.udp.port = htons(0xFFFF);
278         rtcp_exp->mask.dst.protonum = 0xFF;
279         rtcp_exp->flags = 0;
280
281         if (ct->tuplehash[dir].tuple.src.ip !=
282             ct->tuplehash[!dir].tuple.dst.ip && nat_rtp_rtcp_hook) {
283                 /* NAT needed */
284                 ret = nat_rtp_rtcp_hook(pskb, ct, ctinfo, data, dataoff,
285                                         addr, port, rtp_port, rtp_exp,
286                                         rtcp_exp);
287         } else {                /* Conntrack only */
288                 rtp_exp->expectfn = NULL;
289                 rtcp_exp->expectfn = NULL;
290
291                 if (ip_conntrack_expect_related(rtp_exp) == 0) {
292                         if (ip_conntrack_expect_related(rtcp_exp) == 0) {
293                                 DEBUGP("ip_ct_h323: expect RTP "
294                                        "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
295                                        NIPQUAD(rtp_exp->tuple.src.ip),
296                                        ntohs(rtp_exp->tuple.src.u.udp.port),
297                                        NIPQUAD(rtp_exp->tuple.dst.ip),
298                                        ntohs(rtp_exp->tuple.dst.u.udp.port));
299                                 DEBUGP("ip_ct_h323: expect RTCP "
300                                        "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
301                                        NIPQUAD(rtcp_exp->tuple.src.ip),
302                                        ntohs(rtcp_exp->tuple.src.u.udp.port),
303                                        NIPQUAD(rtcp_exp->tuple.dst.ip),
304                                        ntohs(rtcp_exp->tuple.dst.u.udp.port));
305                         } else {
306                                 ip_conntrack_unexpect_related(rtp_exp);
307                                 ret = -1;
308                         }
309                 } else
310                         ret = -1;
311         }
312
313         ip_conntrack_expect_put(rtp_exp);
314         ip_conntrack_expect_put(rtcp_exp);
315
316         return ret;
317 }
318
319 /****************************************************************************/
320 static int expect_t120(struct sk_buff **pskb,
321                        struct ip_conntrack *ct,
322                        enum ip_conntrack_info ctinfo,
323                        unsigned char **data, int dataoff,
324                        H245_TransportAddress * addr)
325 {
326         int dir = CTINFO2DIR(ctinfo);
327         int ret = 0;
328         __be32 ip;
329         u_int16_t port;
330         struct ip_conntrack_expect *exp = NULL;
331
332         /* Read T.120 address */
333         if (!get_h245_addr(*data, addr, &ip, &port) ||
334             ip != ct->tuplehash[dir].tuple.src.ip || port == 0)
335                 return 0;
336
337         /* Create expect for T.120 connections */
338         if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
339                 return -1;
340         exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
341         exp->tuple.src.u.tcp.port = 0;
342         exp->tuple.dst.ip = ct->tuplehash[!dir].tuple.dst.ip;
343         exp->tuple.dst.u.tcp.port = htons(port);
344         exp->tuple.dst.protonum = IPPROTO_TCP;
345         exp->mask.src.ip = htonl(0xFFFFFFFF);
346         exp->mask.src.u.tcp.port = 0;
347         exp->mask.dst.ip = htonl(0xFFFFFFFF);
348         exp->mask.dst.u.tcp.port = htons(0xFFFF);
349         exp->mask.dst.protonum = 0xFF;
350         exp->flags = IP_CT_EXPECT_PERMANENT;    /* Accept multiple channels */
351
352         if (ct->tuplehash[dir].tuple.src.ip !=
353             ct->tuplehash[!dir].tuple.dst.ip && nat_t120_hook) {
354                 /* NAT needed */
355                 ret = nat_t120_hook(pskb, ct, ctinfo, data, dataoff, addr,
356                                     port, exp);
357         } else {                /* Conntrack only */
358                 exp->expectfn = NULL;
359                 if (ip_conntrack_expect_related(exp) == 0) {
360                         DEBUGP("ip_ct_h323: expect T.120 "
361                                "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
362                                NIPQUAD(exp->tuple.src.ip),
363                                ntohs(exp->tuple.src.u.tcp.port),
364                                NIPQUAD(exp->tuple.dst.ip),
365                                ntohs(exp->tuple.dst.u.tcp.port));
366                 } else
367                         ret = -1;
368         }
369
370         ip_conntrack_expect_put(exp);
371
372         return ret;
373 }
374
375 /****************************************************************************/
376 static int process_h245_channel(struct sk_buff **pskb,
377                                 struct ip_conntrack *ct,
378                                 enum ip_conntrack_info ctinfo,
379                                 unsigned char **data, int dataoff,
380                                 H2250LogicalChannelParameters * channel)
381 {
382         int ret;
383
384         if (channel->options & eH2250LogicalChannelParameters_mediaChannel) {
385                 /* RTP */
386                 ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff,
387                                       &channel->mediaChannel);
388                 if (ret < 0)
389                         return -1;
390         }
391
392         if (channel->
393             options & eH2250LogicalChannelParameters_mediaControlChannel) {
394                 /* RTCP */
395                 ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff,
396                                       &channel->mediaControlChannel);
397                 if (ret < 0)
398                         return -1;
399         }
400
401         return 0;
402 }
403
404 /****************************************************************************/
405 static int process_olc(struct sk_buff **pskb, struct ip_conntrack *ct,
406                        enum ip_conntrack_info ctinfo,
407                        unsigned char **data, int dataoff,
408                        OpenLogicalChannel * olc)
409 {
410         int ret;
411
412         DEBUGP("ip_ct_h323: OpenLogicalChannel\n");
413
414         if (olc->forwardLogicalChannelParameters.multiplexParameters.choice ==
415             eOpenLogicalChannel_forwardLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)
416         {
417                 ret = process_h245_channel(pskb, ct, ctinfo, data, dataoff,
418                                            &olc->
419                                            forwardLogicalChannelParameters.
420                                            multiplexParameters.
421                                            h2250LogicalChannelParameters);
422                 if (ret < 0)
423                         return -1;
424         }
425
426         if ((olc->options &
427              eOpenLogicalChannel_reverseLogicalChannelParameters) &&
428             (olc->reverseLogicalChannelParameters.options &
429              eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters)
430             && (olc->reverseLogicalChannelParameters.multiplexParameters.
431                 choice ==
432                 eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters))
433         {
434                 ret =
435                     process_h245_channel(pskb, ct, ctinfo, data, dataoff,
436                                          &olc->
437                                          reverseLogicalChannelParameters.
438                                          multiplexParameters.
439                                          h2250LogicalChannelParameters);
440                 if (ret < 0)
441                         return -1;
442         }
443
444         if ((olc->options & eOpenLogicalChannel_separateStack) &&
445             olc->forwardLogicalChannelParameters.dataType.choice ==
446             eDataType_data &&
447             olc->forwardLogicalChannelParameters.dataType.data.application.
448             choice == eDataApplicationCapability_application_t120 &&
449             olc->forwardLogicalChannelParameters.dataType.data.application.
450             t120.choice == eDataProtocolCapability_separateLANStack &&
451             olc->separateStack.networkAddress.choice ==
452             eNetworkAccessParameters_networkAddress_localAreaAddress) {
453                 ret = expect_t120(pskb, ct, ctinfo, data, dataoff,
454                                   &olc->separateStack.networkAddress.
455                                   localAreaAddress);
456                 if (ret < 0)
457                         return -1;
458         }
459
460         return 0;
461 }
462
463 /****************************************************************************/
464 static int process_olca(struct sk_buff **pskb, struct ip_conntrack *ct,
465                         enum ip_conntrack_info ctinfo,
466                         unsigned char **data, int dataoff,
467                         OpenLogicalChannelAck * olca)
468 {
469         H2250LogicalChannelAckParameters *ack;
470         int ret;
471
472         DEBUGP("ip_ct_h323: OpenLogicalChannelAck\n");
473
474         if ((olca->options &
475              eOpenLogicalChannelAck_reverseLogicalChannelParameters) &&
476             (olca->reverseLogicalChannelParameters.options &
477              eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters)
478             && (olca->reverseLogicalChannelParameters.multiplexParameters.
479                 choice ==
480                 eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters))
481         {
482                 ret = process_h245_channel(pskb, ct, ctinfo, data, dataoff,
483                                            &olca->
484                                            reverseLogicalChannelParameters.
485                                            multiplexParameters.
486                                            h2250LogicalChannelParameters);
487                 if (ret < 0)
488                         return -1;
489         }
490
491         if ((olca->options &
492              eOpenLogicalChannelAck_forwardMultiplexAckParameters) &&
493             (olca->forwardMultiplexAckParameters.choice ==
494              eOpenLogicalChannelAck_forwardMultiplexAckParameters_h2250LogicalChannelAckParameters))
495         {
496                 ack = &olca->forwardMultiplexAckParameters.
497                     h2250LogicalChannelAckParameters;
498                 if (ack->options &
499                     eH2250LogicalChannelAckParameters_mediaChannel) {
500                         /* RTP */
501                         ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff,
502                                               &ack->mediaChannel);
503                         if (ret < 0)
504                                 return -1;
505                 }
506
507                 if (ack->options &
508                     eH2250LogicalChannelAckParameters_mediaControlChannel) {
509                         /* RTCP */
510                         ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff,
511                                               &ack->mediaControlChannel);
512                         if (ret < 0)
513                                 return -1;
514                 }
515         }
516
517         return 0;
518 }
519
520 /****************************************************************************/
521 static int process_h245(struct sk_buff **pskb, struct ip_conntrack *ct,
522                         enum ip_conntrack_info ctinfo,
523                         unsigned char **data, int dataoff,
524                         MultimediaSystemControlMessage * mscm)
525 {
526         switch (mscm->choice) {
527         case eMultimediaSystemControlMessage_request:
528                 if (mscm->request.choice ==
529                     eRequestMessage_openLogicalChannel) {
530                         return process_olc(pskb, ct, ctinfo, data, dataoff,
531                                            &mscm->request.openLogicalChannel);
532                 }
533                 DEBUGP("ip_ct_h323: H.245 Request %d\n",
534                        mscm->request.choice);
535                 break;
536         case eMultimediaSystemControlMessage_response:
537                 if (mscm->response.choice ==
538                     eResponseMessage_openLogicalChannelAck) {
539                         return process_olca(pskb, ct, ctinfo, data, dataoff,
540                                             &mscm->response.
541                                             openLogicalChannelAck);
542                 }
543                 DEBUGP("ip_ct_h323: H.245 Response %d\n",
544                        mscm->response.choice);
545                 break;
546         default:
547                 DEBUGP("ip_ct_h323: H.245 signal %d\n", mscm->choice);
548                 break;
549         }
550
551         return 0;
552 }
553
554 /****************************************************************************/
555 static int h245_help(struct sk_buff **pskb, struct ip_conntrack *ct,
556                      enum ip_conntrack_info ctinfo)
557 {
558         static MultimediaSystemControlMessage mscm;
559         unsigned char *data = NULL;
560         int datalen;
561         int dataoff;
562         int ret;
563
564         /* Until there's been traffic both ways, don't look in packets. */
565         if (ctinfo != IP_CT_ESTABLISHED
566             && ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) {
567                 return NF_ACCEPT;
568         }
569         DEBUGP("ip_ct_h245: skblen = %u\n", (*pskb)->len);
570
571         spin_lock_bh(&ip_h323_lock);
572
573         /* Process each TPKT */
574         while (get_tpkt_data(pskb, ct, ctinfo, &data, &datalen, &dataoff)) {
575                 DEBUGP("ip_ct_h245: TPKT %u.%u.%u.%u->%u.%u.%u.%u, len=%d\n",
576                        NIPQUAD((*pskb)->nh.iph->saddr),
577                        NIPQUAD((*pskb)->nh.iph->daddr), datalen);
578
579                 /* Decode H.245 signal */
580                 ret = DecodeMultimediaSystemControlMessage(data, datalen,
581                                                            &mscm);
582                 if (ret < 0) {
583                         if (net_ratelimit())
584                                 printk("ip_ct_h245: decoding error: %s\n",
585                                        ret == H323_ERROR_BOUND ?
586                                        "out of bound" : "out of range");
587                         /* We don't drop when decoding error */
588                         break;
589                 }
590
591                 /* Process H.245 signal */
592                 if (process_h245(pskb, ct, ctinfo, &data, dataoff, &mscm) < 0)
593                         goto drop;
594         }
595
596         spin_unlock_bh(&ip_h323_lock);
597         return NF_ACCEPT;
598
599       drop:
600         spin_unlock_bh(&ip_h323_lock);
601         if (net_ratelimit())
602                 printk("ip_ct_h245: packet dropped\n");
603         return NF_DROP;
604 }
605
606 /****************************************************************************/
607 static struct ip_conntrack_helper ip_conntrack_helper_h245 = {
608         .name = "H.245",
609         .me = THIS_MODULE,
610         .max_expected = H323_RTP_CHANNEL_MAX * 4 + 2 /* T.120 */ ,
611         .timeout = 240,
612         .tuple = {.dst = {.protonum = IPPROTO_TCP}},
613         .mask = {.src = {.u = {0xFFFF}},
614                  .dst = {.protonum = 0xFF}},
615         .help = h245_help
616 };
617
618 /****************************************************************************/
619 void ip_conntrack_h245_expect(struct ip_conntrack *new,
620                               struct ip_conntrack_expect *this)
621 {
622         write_lock_bh(&ip_conntrack_lock);
623         new->helper = &ip_conntrack_helper_h245;
624         write_unlock_bh(&ip_conntrack_lock);
625 }
626
627 /****************************************************************************/
628 int get_h225_addr(unsigned char *data, TransportAddress * addr,
629                   __be32 * ip, u_int16_t * port)
630 {
631         unsigned char *p;
632
633         if (addr->choice != eTransportAddress_ipAddress)
634                 return 0;
635
636         p = data + addr->ipAddress.ip;
637         *ip = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | (p[3]));
638         *port = (p[4] << 8) | (p[5]);
639
640         return 1;
641 }
642
643 /****************************************************************************/
644 static int expect_h245(struct sk_buff **pskb, struct ip_conntrack *ct,
645                        enum ip_conntrack_info ctinfo,
646                        unsigned char **data, int dataoff,
647                        TransportAddress * addr)
648 {
649         int dir = CTINFO2DIR(ctinfo);
650         int ret = 0;
651         __be32 ip;
652         u_int16_t port;
653         struct ip_conntrack_expect *exp = NULL;
654
655         /* Read h245Address */
656         if (!get_h225_addr(*data, addr, &ip, &port) ||
657             ip != ct->tuplehash[dir].tuple.src.ip || port == 0)
658                 return 0;
659
660         /* Create expect for h245 connection */
661         if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
662                 return -1;
663         exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
664         exp->tuple.src.u.tcp.port = 0;
665         exp->tuple.dst.ip = ct->tuplehash[!dir].tuple.dst.ip;
666         exp->tuple.dst.u.tcp.port = htons(port);
667         exp->tuple.dst.protonum = IPPROTO_TCP;
668         exp->mask.src.ip = htonl(0xFFFFFFFF);
669         exp->mask.src.u.tcp.port = 0;
670         exp->mask.dst.ip = htonl(0xFFFFFFFF);
671         exp->mask.dst.u.tcp.port = htons(0xFFFF);
672         exp->mask.dst.protonum = 0xFF;
673         exp->flags = 0;
674
675         if (ct->tuplehash[dir].tuple.src.ip !=
676             ct->tuplehash[!dir].tuple.dst.ip && nat_h245_hook) {
677                 /* NAT needed */
678                 ret = nat_h245_hook(pskb, ct, ctinfo, data, dataoff, addr,
679                                     port, exp);
680         } else {                /* Conntrack only */
681                 exp->expectfn = ip_conntrack_h245_expect;
682
683                 if (ip_conntrack_expect_related(exp) == 0) {
684                         DEBUGP("ip_ct_q931: expect H.245 "
685                                "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
686                                NIPQUAD(exp->tuple.src.ip),
687                                ntohs(exp->tuple.src.u.tcp.port),
688                                NIPQUAD(exp->tuple.dst.ip),
689                                ntohs(exp->tuple.dst.u.tcp.port));
690                 } else
691                         ret = -1;
692         }
693
694         ip_conntrack_expect_put(exp);
695
696         return ret;
697 }
698
699 /* Forwarding declaration */
700 void ip_conntrack_q931_expect(struct ip_conntrack *new,
701                               struct ip_conntrack_expect *this);
702
703 /****************************************************************************/
704 static int expect_callforwarding(struct sk_buff **pskb,
705                                  struct ip_conntrack *ct,
706                                  enum ip_conntrack_info ctinfo,
707                                  unsigned char **data, int dataoff,
708                                  TransportAddress * addr)
709 {
710         int dir = CTINFO2DIR(ctinfo);
711         int ret = 0;
712         __be32 ip;
713         u_int16_t port;
714         struct ip_conntrack_expect *exp = NULL;
715
716         /* Read alternativeAddress */
717         if (!get_h225_addr(*data, addr, &ip, &port) || port == 0)
718                 return 0;
719
720         /* If the calling party is on the same side of the forward-to party,
721          * we don't need to track the second call */
722         if (callforward_filter) {
723                 struct rtable *rt1, *rt2;
724                 struct flowi fl1 = {
725                         .fl4_dst = ip,
726                 };
727                 struct flowi fl2 = {
728                         .fl4_dst = ct->tuplehash[!dir].tuple.src.ip,
729                 };
730
731                 if (ip_route_output_key(&rt1, &fl1) == 0) {
732                         if (ip_route_output_key(&rt2, &fl2) == 0) {
733                                 if (rt1->rt_gateway == rt2->rt_gateway &&
734                                     rt1->u.dst.dev  == rt2->u.dst.dev)
735                                         ret = 1;
736                                 dst_release(&rt2->u.dst);
737                         }
738                         dst_release(&rt1->u.dst);
739                 }
740                 if (ret) {
741                         DEBUGP("ip_ct_q931: Call Forwarding not tracked\n");
742                         return 0;
743                 }
744         }
745
746         /* Create expect for the second call leg */
747         if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
748                 return -1;
749         exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
750         exp->tuple.src.u.tcp.port = 0;
751         exp->tuple.dst.ip = ip;
752         exp->tuple.dst.u.tcp.port = htons(port);
753         exp->tuple.dst.protonum = IPPROTO_TCP;
754         exp->mask.src.ip = htonl(0xFFFFFFFF);
755         exp->mask.src.u.tcp.port = 0;
756         exp->mask.dst.ip = htonl(0xFFFFFFFF);
757         exp->mask.dst.u.tcp.port = htons(0xFFFF);
758         exp->mask.dst.protonum = 0xFF;
759         exp->flags = 0;
760
761         if (ct->tuplehash[dir].tuple.src.ip !=
762             ct->tuplehash[!dir].tuple.dst.ip && nat_callforwarding_hook) {
763                 /* Need NAT */
764                 ret = nat_callforwarding_hook(pskb, ct, ctinfo, data, dataoff,
765                                               addr, port, exp);
766         } else {                /* Conntrack only */
767                 exp->expectfn = ip_conntrack_q931_expect;
768
769                 if (ip_conntrack_expect_related(exp) == 0) {
770                         DEBUGP("ip_ct_q931: expect Call Forwarding "
771                                "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
772                                NIPQUAD(exp->tuple.src.ip),
773                                ntohs(exp->tuple.src.u.tcp.port),
774                                NIPQUAD(exp->tuple.dst.ip),
775                                ntohs(exp->tuple.dst.u.tcp.port));
776                 } else
777                         ret = -1;
778         }
779
780         ip_conntrack_expect_put(exp);
781
782         return ret;
783 }
784
785 /****************************************************************************/
786 static int process_setup(struct sk_buff **pskb, struct ip_conntrack *ct,
787                          enum ip_conntrack_info ctinfo,
788                          unsigned char **data, int dataoff,
789                          Setup_UUIE * setup)
790 {
791         int dir = CTINFO2DIR(ctinfo);
792         int ret;
793         int i;
794         __be32 ip;
795         u_int16_t port;
796
797         DEBUGP("ip_ct_q931: Setup\n");
798
799         if (setup->options & eSetup_UUIE_h245Address) {
800                 ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
801                                   &setup->h245Address);
802                 if (ret < 0)
803                         return -1;
804         }
805
806         if ((setup->options & eSetup_UUIE_destCallSignalAddress) &&
807             (set_h225_addr_hook) &&
808             get_h225_addr(*data, &setup->destCallSignalAddress, &ip, &port) &&
809             ip != ct->tuplehash[!dir].tuple.src.ip) {
810                 DEBUGP("ip_ct_q931: set destCallSignalAddress "
811                        "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
812                        NIPQUAD(ip), port,
813                        NIPQUAD(ct->tuplehash[!dir].tuple.src.ip),
814                        ntohs(ct->tuplehash[!dir].tuple.src.u.tcp.port));
815                 ret = set_h225_addr_hook(pskb, data, dataoff,
816                                          &setup->destCallSignalAddress,
817                                          ct->tuplehash[!dir].tuple.src.ip,
818                                          ntohs(ct->tuplehash[!dir].tuple.src.
819                                                u.tcp.port));
820                 if (ret < 0)
821                         return -1;
822         }
823
824         if ((setup->options & eSetup_UUIE_sourceCallSignalAddress) &&
825             (set_h225_addr_hook) &&
826             get_h225_addr(*data, &setup->sourceCallSignalAddress, &ip, &port)
827             && ip != ct->tuplehash[!dir].tuple.dst.ip) {
828                 DEBUGP("ip_ct_q931: set sourceCallSignalAddress "
829                        "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
830                        NIPQUAD(ip), port,
831                        NIPQUAD(ct->tuplehash[!dir].tuple.dst.ip),
832                        ntohs(ct->tuplehash[!dir].tuple.dst.u.tcp.port));
833                 ret = set_h225_addr_hook(pskb, data, dataoff,
834                                          &setup->sourceCallSignalAddress,
835                                          ct->tuplehash[!dir].tuple.dst.ip,
836                                          ntohs(ct->tuplehash[!dir].tuple.dst.
837                                                u.tcp.port));
838                 if (ret < 0)
839                         return -1;
840         }
841
842         if (setup->options & eSetup_UUIE_fastStart) {
843                 for (i = 0; i < setup->fastStart.count; i++) {
844                         ret = process_olc(pskb, ct, ctinfo, data, dataoff,
845                                           &setup->fastStart.item[i]);
846                         if (ret < 0)
847                                 return -1;
848                 }
849         }
850
851         return 0;
852 }
853
854 /****************************************************************************/
855 static int process_callproceeding(struct sk_buff **pskb,
856                                   struct ip_conntrack *ct,
857                                   enum ip_conntrack_info ctinfo,
858                                   unsigned char **data, int dataoff,
859                                   CallProceeding_UUIE * callproc)
860 {
861         int ret;
862         int i;
863
864         DEBUGP("ip_ct_q931: CallProceeding\n");
865
866         if (callproc->options & eCallProceeding_UUIE_h245Address) {
867                 ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
868                                   &callproc->h245Address);
869                 if (ret < 0)
870                         return -1;
871         }
872
873         if (callproc->options & eCallProceeding_UUIE_fastStart) {
874                 for (i = 0; i < callproc->fastStart.count; i++) {
875                         ret = process_olc(pskb, ct, ctinfo, data, dataoff,
876                                           &callproc->fastStart.item[i]);
877                         if (ret < 0)
878                                 return -1;
879                 }
880         }
881
882         return 0;
883 }
884
885 /****************************************************************************/
886 static int process_connect(struct sk_buff **pskb, struct ip_conntrack *ct,
887                            enum ip_conntrack_info ctinfo,
888                            unsigned char **data, int dataoff,
889                            Connect_UUIE * connect)
890 {
891         int ret;
892         int i;
893
894         DEBUGP("ip_ct_q931: Connect\n");
895
896         if (connect->options & eConnect_UUIE_h245Address) {
897                 ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
898                                   &connect->h245Address);
899                 if (ret < 0)
900                         return -1;
901         }
902
903         if (connect->options & eConnect_UUIE_fastStart) {
904                 for (i = 0; i < connect->fastStart.count; i++) {
905                         ret = process_olc(pskb, ct, ctinfo, data, dataoff,
906                                           &connect->fastStart.item[i]);
907                         if (ret < 0)
908                                 return -1;
909                 }
910         }
911
912         return 0;
913 }
914
915 /****************************************************************************/
916 static int process_alerting(struct sk_buff **pskb, struct ip_conntrack *ct,
917                             enum ip_conntrack_info ctinfo,
918                             unsigned char **data, int dataoff,
919                             Alerting_UUIE * alert)
920 {
921         int ret;
922         int i;
923
924         DEBUGP("ip_ct_q931: Alerting\n");
925
926         if (alert->options & eAlerting_UUIE_h245Address) {
927                 ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
928                                   &alert->h245Address);
929                 if (ret < 0)
930                         return -1;
931         }
932
933         if (alert->options & eAlerting_UUIE_fastStart) {
934                 for (i = 0; i < alert->fastStart.count; i++) {
935                         ret = process_olc(pskb, ct, ctinfo, data, dataoff,
936                                           &alert->fastStart.item[i]);
937                         if (ret < 0)
938                                 return -1;
939                 }
940         }
941
942         return 0;
943 }
944
945 /****************************************************************************/
946 static int process_information(struct sk_buff **pskb,
947                                struct ip_conntrack *ct,
948                                enum ip_conntrack_info ctinfo,
949                                unsigned char **data, int dataoff,
950                                Information_UUIE * info)
951 {
952         int ret;
953         int i;
954
955         DEBUGP("ip_ct_q931: Information\n");
956
957         if (info->options & eInformation_UUIE_fastStart) {
958                 for (i = 0; i < info->fastStart.count; i++) {
959                         ret = process_olc(pskb, ct, ctinfo, data, dataoff,
960                                           &info->fastStart.item[i]);
961                         if (ret < 0)
962                                 return -1;
963                 }
964         }
965
966         return 0;
967 }
968
969 /****************************************************************************/
970 static int process_facility(struct sk_buff **pskb, struct ip_conntrack *ct,
971                             enum ip_conntrack_info ctinfo,
972                             unsigned char **data, int dataoff,
973                             Facility_UUIE * facility)
974 {
975         int ret;
976         int i;
977
978         DEBUGP("ip_ct_q931: Facility\n");
979
980         if (facility->reason.choice == eFacilityReason_callForwarded) {
981                 if (facility->options & eFacility_UUIE_alternativeAddress)
982                         return expect_callforwarding(pskb, ct, ctinfo, data,
983                                                      dataoff,
984                                                      &facility->
985                                                      alternativeAddress);
986                 return 0;
987         }
988
989         if (facility->options & eFacility_UUIE_h245Address) {
990                 ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
991                                   &facility->h245Address);
992                 if (ret < 0)
993                         return -1;
994         }
995
996         if (facility->options & eFacility_UUIE_fastStart) {
997                 for (i = 0; i < facility->fastStart.count; i++) {
998                         ret = process_olc(pskb, ct, ctinfo, data, dataoff,
999                                           &facility->fastStart.item[i]);
1000                         if (ret < 0)
1001                                 return -1;
1002                 }
1003         }
1004
1005         return 0;
1006 }
1007
1008 /****************************************************************************/
1009 static int process_progress(struct sk_buff **pskb, struct ip_conntrack *ct,
1010                             enum ip_conntrack_info ctinfo,
1011                             unsigned char **data, int dataoff,
1012                             Progress_UUIE * progress)
1013 {
1014         int ret;
1015         int i;
1016
1017         DEBUGP("ip_ct_q931: Progress\n");
1018
1019         if (progress->options & eProgress_UUIE_h245Address) {
1020                 ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
1021                                   &progress->h245Address);
1022                 if (ret < 0)
1023                         return -1;
1024         }
1025
1026         if (progress->options & eProgress_UUIE_fastStart) {
1027                 for (i = 0; i < progress->fastStart.count; i++) {
1028                         ret = process_olc(pskb, ct, ctinfo, data, dataoff,
1029                                           &progress->fastStart.item[i]);
1030                         if (ret < 0)
1031                                 return -1;
1032                 }
1033         }
1034
1035         return 0;
1036 }
1037
1038 /****************************************************************************/
1039 static int process_q931(struct sk_buff **pskb, struct ip_conntrack *ct,
1040                         enum ip_conntrack_info ctinfo,
1041                         unsigned char **data, int dataoff, Q931 * q931)
1042 {
1043         H323_UU_PDU *pdu = &q931->UUIE.h323_uu_pdu;
1044         int i;
1045         int ret = 0;
1046
1047         switch (pdu->h323_message_body.choice) {
1048         case eH323_UU_PDU_h323_message_body_setup:
1049                 ret = process_setup(pskb, ct, ctinfo, data, dataoff,
1050                                     &pdu->h323_message_body.setup);
1051                 break;
1052         case eH323_UU_PDU_h323_message_body_callProceeding:
1053                 ret = process_callproceeding(pskb, ct, ctinfo, data, dataoff,
1054                                              &pdu->h323_message_body.
1055                                              callProceeding);
1056                 break;
1057         case eH323_UU_PDU_h323_message_body_connect:
1058                 ret = process_connect(pskb, ct, ctinfo, data, dataoff,
1059                                       &pdu->h323_message_body.connect);
1060                 break;
1061         case eH323_UU_PDU_h323_message_body_alerting:
1062                 ret = process_alerting(pskb, ct, ctinfo, data, dataoff,
1063                                        &pdu->h323_message_body.alerting);
1064                 break;
1065         case eH323_UU_PDU_h323_message_body_information:
1066                 ret = process_information(pskb, ct, ctinfo, data, dataoff,
1067                                           &pdu->h323_message_body.
1068                                           information);
1069                 break;
1070         case eH323_UU_PDU_h323_message_body_facility:
1071                 ret = process_facility(pskb, ct, ctinfo, data, dataoff,
1072                                        &pdu->h323_message_body.facility);
1073                 break;
1074         case eH323_UU_PDU_h323_message_body_progress:
1075                 ret = process_progress(pskb, ct, ctinfo, data, dataoff,
1076                                        &pdu->h323_message_body.progress);
1077                 break;
1078         default:
1079                 DEBUGP("ip_ct_q931: Q.931 signal %d\n",
1080                        pdu->h323_message_body.choice);
1081                 break;
1082         }
1083
1084         if (ret < 0)
1085                 return -1;
1086
1087         if (pdu->options & eH323_UU_PDU_h245Control) {
1088                 for (i = 0; i < pdu->h245Control.count; i++) {
1089                         ret = process_h245(pskb, ct, ctinfo, data, dataoff,
1090                                            &pdu->h245Control.item[i]);
1091                         if (ret < 0)
1092                                 return -1;
1093                 }
1094         }
1095
1096         return 0;
1097 }
1098
1099 /****************************************************************************/
1100 static int q931_help(struct sk_buff **pskb, struct ip_conntrack *ct,
1101                      enum ip_conntrack_info ctinfo)
1102 {
1103         static Q931 q931;
1104         unsigned char *data = NULL;
1105         int datalen;
1106         int dataoff;
1107         int ret;
1108
1109         /* Until there's been traffic both ways, don't look in packets. */
1110         if (ctinfo != IP_CT_ESTABLISHED
1111             && ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) {
1112                 return NF_ACCEPT;
1113         }
1114         DEBUGP("ip_ct_q931: skblen = %u\n", (*pskb)->len);
1115
1116         spin_lock_bh(&ip_h323_lock);
1117
1118         /* Process each TPKT */
1119         while (get_tpkt_data(pskb, ct, ctinfo, &data, &datalen, &dataoff)) {
1120                 DEBUGP("ip_ct_q931: TPKT %u.%u.%u.%u->%u.%u.%u.%u, len=%d\n",
1121                        NIPQUAD((*pskb)->nh.iph->saddr),
1122                        NIPQUAD((*pskb)->nh.iph->daddr), datalen);
1123
1124                 /* Decode Q.931 signal */
1125                 ret = DecodeQ931(data, datalen, &q931);
1126                 if (ret < 0) {
1127                         if (net_ratelimit())
1128                                 printk("ip_ct_q931: decoding error: %s\n",
1129                                        ret == H323_ERROR_BOUND ?
1130                                        "out of bound" : "out of range");
1131                         /* We don't drop when decoding error */
1132                         break;
1133                 }
1134
1135                 /* Process Q.931 signal */
1136                 if (process_q931(pskb, ct, ctinfo, &data, dataoff, &q931) < 0)
1137                         goto drop;
1138         }
1139
1140         spin_unlock_bh(&ip_h323_lock);
1141         return NF_ACCEPT;
1142
1143       drop:
1144         spin_unlock_bh(&ip_h323_lock);
1145         if (net_ratelimit())
1146                 printk("ip_ct_q931: packet dropped\n");
1147         return NF_DROP;
1148 }
1149
1150 /****************************************************************************/
1151 static struct ip_conntrack_helper ip_conntrack_helper_q931 = {
1152         .name = "Q.931",
1153         .me = THIS_MODULE,
1154         .max_expected = H323_RTP_CHANNEL_MAX * 4 + 4 /* T.120 and H.245 */ ,
1155         .timeout = 240,
1156         .tuple = {.src = {.u = {__constant_htons(Q931_PORT)}},
1157                   .dst = {.protonum = IPPROTO_TCP}},
1158         .mask = {.src = {.u = {0xFFFF}},
1159                  .dst = {.protonum = 0xFF}},
1160         .help = q931_help
1161 };
1162
1163 /****************************************************************************/
1164 void ip_conntrack_q931_expect(struct ip_conntrack *new,
1165                               struct ip_conntrack_expect *this)
1166 {
1167         write_lock_bh(&ip_conntrack_lock);
1168         new->helper = &ip_conntrack_helper_q931;
1169         write_unlock_bh(&ip_conntrack_lock);
1170 }
1171
1172 /****************************************************************************/
1173 static unsigned char *get_udp_data(struct sk_buff **pskb, int *datalen)
1174 {
1175         struct udphdr _uh, *uh;
1176         int dataoff;
1177
1178         uh = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl * 4, sizeof(_uh),
1179                                 &_uh);
1180         if (uh == NULL)
1181                 return NULL;
1182         dataoff = (*pskb)->nh.iph->ihl * 4 + sizeof(_uh);
1183         if (dataoff >= (*pskb)->len)
1184                 return NULL;
1185         *datalen = (*pskb)->len - dataoff;
1186         return skb_header_pointer(*pskb, dataoff, *datalen, h323_buffer);
1187 }
1188
1189 /****************************************************************************/
1190 static struct ip_conntrack_expect *find_expect(struct ip_conntrack *ct,
1191                                                __be32 ip, u_int16_t port)
1192 {
1193         struct ip_conntrack_expect *exp;
1194         struct ip_conntrack_tuple tuple;
1195
1196         tuple.src.ip = 0;
1197         tuple.src.u.tcp.port = 0;
1198         tuple.dst.ip = ip;
1199         tuple.dst.u.tcp.port = htons(port);
1200         tuple.dst.protonum = IPPROTO_TCP;
1201
1202         exp = __ip_conntrack_expect_find(&tuple);
1203         if (exp && exp->master == ct)
1204                 return exp;
1205         return NULL;
1206 }
1207
1208 /****************************************************************************/
1209 static int set_expect_timeout(struct ip_conntrack_expect *exp,
1210                               unsigned timeout)
1211 {
1212         if (!exp || !del_timer(&exp->timeout))
1213                 return 0;
1214
1215         exp->timeout.expires = jiffies + timeout * HZ;
1216         add_timer(&exp->timeout);
1217
1218         return 1;
1219 }
1220
1221 /****************************************************************************/
1222 static int expect_q931(struct sk_buff **pskb, struct ip_conntrack *ct,
1223                        enum ip_conntrack_info ctinfo,
1224                        unsigned char **data,
1225                        TransportAddress * addr, int count)
1226 {
1227         struct ip_ct_h323_master *info = &ct->help.ct_h323_info;
1228         int dir = CTINFO2DIR(ctinfo);
1229         int ret = 0;
1230         int i;
1231         __be32 ip;
1232         u_int16_t port;
1233         struct ip_conntrack_expect *exp;
1234
1235         /* Look for the first related address */
1236         for (i = 0; i < count; i++) {
1237                 if (get_h225_addr(*data, &addr[i], &ip, &port) &&
1238                     ip == ct->tuplehash[dir].tuple.src.ip && port != 0)
1239                         break;
1240         }
1241
1242         if (i >= count)         /* Not found */
1243                 return 0;
1244
1245         /* Create expect for Q.931 */
1246         if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
1247                 return -1;
1248         exp->tuple.src.ip = gkrouted_only ?     /* only accept calls from GK? */
1249             ct->tuplehash[!dir].tuple.src.ip : 0;
1250         exp->tuple.src.u.tcp.port = 0;
1251         exp->tuple.dst.ip = ct->tuplehash[!dir].tuple.dst.ip;
1252         exp->tuple.dst.u.tcp.port = htons(port);
1253         exp->tuple.dst.protonum = IPPROTO_TCP;
1254         exp->mask.src.ip = gkrouted_only ? htonl(0xFFFFFFFF) : 0;
1255         exp->mask.src.u.tcp.port = 0;
1256         exp->mask.dst.ip = htonl(0xFFFFFFFF);
1257         exp->mask.dst.u.tcp.port = htons(0xFFFF);
1258         exp->mask.dst.protonum = 0xFF;
1259         exp->flags = IP_CT_EXPECT_PERMANENT;    /* Accept multiple calls */
1260
1261         if (nat_q931_hook) {    /* Need NAT */
1262                 ret = nat_q931_hook(pskb, ct, ctinfo, data, addr, i,
1263                                     port, exp);
1264         } else {                /* Conntrack only */
1265                 exp->expectfn = ip_conntrack_q931_expect;
1266
1267                 if (ip_conntrack_expect_related(exp) == 0) {
1268                         DEBUGP("ip_ct_ras: expect Q.931 "
1269                                "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
1270                                NIPQUAD(exp->tuple.src.ip),
1271                                ntohs(exp->tuple.src.u.tcp.port),
1272                                NIPQUAD(exp->tuple.dst.ip),
1273                                ntohs(exp->tuple.dst.u.tcp.port));
1274
1275                         /* Save port for looking up expect in processing RCF */
1276                         info->sig_port[dir] = port;
1277                 } else
1278                         ret = -1;
1279         }
1280
1281         ip_conntrack_expect_put(exp);
1282
1283         return ret;
1284 }
1285
1286 /****************************************************************************/
1287 static int process_grq(struct sk_buff **pskb, struct ip_conntrack *ct,
1288                        enum ip_conntrack_info ctinfo,
1289                        unsigned char **data, GatekeeperRequest * grq)
1290 {
1291         DEBUGP("ip_ct_ras: GRQ\n");
1292
1293         if (set_ras_addr_hook)  /* NATed */
1294                 return set_ras_addr_hook(pskb, ct, ctinfo, data,
1295                                          &grq->rasAddress, 1);
1296         return 0;
1297 }
1298
1299 /* Declare before using */
1300 static void ip_conntrack_ras_expect(struct ip_conntrack *new,
1301                                     struct ip_conntrack_expect *this);
1302
1303 /****************************************************************************/
1304 static int process_gcf(struct sk_buff **pskb, struct ip_conntrack *ct,
1305                        enum ip_conntrack_info ctinfo,
1306                        unsigned char **data, GatekeeperConfirm * gcf)
1307 {
1308         int dir = CTINFO2DIR(ctinfo);
1309         int ret = 0;
1310         __be32 ip;
1311         u_int16_t port;
1312         struct ip_conntrack_expect *exp;
1313
1314         DEBUGP("ip_ct_ras: GCF\n");
1315
1316         if (!get_h225_addr(*data, &gcf->rasAddress, &ip, &port))
1317                 return 0;
1318
1319         /* Registration port is the same as discovery port */
1320         if (ip == ct->tuplehash[dir].tuple.src.ip &&
1321             port == ntohs(ct->tuplehash[dir].tuple.src.u.udp.port))
1322                 return 0;
1323
1324         /* Avoid RAS expectation loops. A GCF is never expected. */
1325         if (test_bit(IPS_EXPECTED_BIT, &ct->status))
1326                 return 0;
1327
1328         /* Need new expect */
1329         if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
1330                 return -1;
1331         exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
1332         exp->tuple.src.u.tcp.port = 0;
1333         exp->tuple.dst.ip = ip;
1334         exp->tuple.dst.u.tcp.port = htons(port);
1335         exp->tuple.dst.protonum = IPPROTO_UDP;
1336         exp->mask.src.ip = htonl(0xFFFFFFFF);
1337         exp->mask.src.u.tcp.port = 0;
1338         exp->mask.dst.ip = htonl(0xFFFFFFFF);
1339         exp->mask.dst.u.tcp.port = htons(0xFFFF);
1340         exp->mask.dst.protonum = 0xFF;
1341         exp->flags = 0;
1342         exp->expectfn = ip_conntrack_ras_expect;
1343         if (ip_conntrack_expect_related(exp) == 0) {
1344                 DEBUGP("ip_ct_ras: expect RAS "
1345                        "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
1346                        NIPQUAD(exp->tuple.src.ip),
1347                        ntohs(exp->tuple.src.u.tcp.port),
1348                        NIPQUAD(exp->tuple.dst.ip),
1349                        ntohs(exp->tuple.dst.u.tcp.port));
1350         } else
1351                 ret = -1;
1352
1353         ip_conntrack_expect_put(exp);
1354
1355         return ret;
1356 }
1357
1358 /****************************************************************************/
1359 static int process_rrq(struct sk_buff **pskb, struct ip_conntrack *ct,
1360                        enum ip_conntrack_info ctinfo,
1361                        unsigned char **data, RegistrationRequest * rrq)
1362 {
1363         struct ip_ct_h323_master *info = &ct->help.ct_h323_info;
1364         int ret;
1365
1366         DEBUGP("ip_ct_ras: RRQ\n");
1367
1368         ret = expect_q931(pskb, ct, ctinfo, data,
1369                           rrq->callSignalAddress.item,
1370                           rrq->callSignalAddress.count);
1371         if (ret < 0)
1372                 return -1;
1373
1374         if (set_ras_addr_hook) {
1375                 ret = set_ras_addr_hook(pskb, ct, ctinfo, data,
1376                                         rrq->rasAddress.item,
1377                                         rrq->rasAddress.count);
1378                 if (ret < 0)
1379                         return -1;
1380         }
1381
1382         if (rrq->options & eRegistrationRequest_timeToLive) {
1383                 DEBUGP("ip_ct_ras: RRQ TTL = %u seconds\n", rrq->timeToLive);
1384                 info->timeout = rrq->timeToLive;
1385         } else
1386                 info->timeout = default_rrq_ttl;
1387
1388         return 0;
1389 }
1390
1391 /****************************************************************************/
1392 static int process_rcf(struct sk_buff **pskb, struct ip_conntrack *ct,
1393                        enum ip_conntrack_info ctinfo,
1394                        unsigned char **data, RegistrationConfirm * rcf)
1395 {
1396         struct ip_ct_h323_master *info = &ct->help.ct_h323_info;
1397         int dir = CTINFO2DIR(ctinfo);
1398         int ret;
1399         struct ip_conntrack_expect *exp;
1400
1401         DEBUGP("ip_ct_ras: RCF\n");
1402
1403         if (set_sig_addr_hook) {
1404                 ret = set_sig_addr_hook(pskb, ct, ctinfo, data,
1405                                         rcf->callSignalAddress.item,
1406                                         rcf->callSignalAddress.count);
1407                 if (ret < 0)
1408                         return -1;
1409         }
1410
1411         if (rcf->options & eRegistrationConfirm_timeToLive) {
1412                 DEBUGP("ip_ct_ras: RCF TTL = %u seconds\n", rcf->timeToLive);
1413                 info->timeout = rcf->timeToLive;
1414         }
1415
1416         if (info->timeout > 0) {
1417                 DEBUGP
1418                     ("ip_ct_ras: set RAS connection timeout to %u seconds\n",
1419                      info->timeout);
1420                 ip_ct_refresh(ct, *pskb, info->timeout * HZ);
1421
1422                 /* Set expect timeout */
1423                 read_lock_bh(&ip_conntrack_lock);
1424                 exp = find_expect(ct, ct->tuplehash[dir].tuple.dst.ip,
1425                                   info->sig_port[!dir]);
1426                 if (exp) {
1427                         DEBUGP("ip_ct_ras: set Q.931 expect "
1428                                "(%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu) "
1429                                "timeout to %u seconds\n",
1430                                NIPQUAD(exp->tuple.src.ip),
1431                                ntohs(exp->tuple.src.u.tcp.port),
1432                                NIPQUAD(exp->tuple.dst.ip),
1433                                ntohs(exp->tuple.dst.u.tcp.port),
1434                                info->timeout);
1435                         set_expect_timeout(exp, info->timeout);
1436                 }
1437                 read_unlock_bh(&ip_conntrack_lock);
1438         }
1439
1440         return 0;
1441 }
1442
1443 /****************************************************************************/
1444 static int process_urq(struct sk_buff **pskb, struct ip_conntrack *ct,
1445                        enum ip_conntrack_info ctinfo,
1446                        unsigned char **data, UnregistrationRequest * urq)
1447 {
1448         struct ip_ct_h323_master *info = &ct->help.ct_h323_info;
1449         int dir = CTINFO2DIR(ctinfo);
1450         int ret;
1451
1452         DEBUGP("ip_ct_ras: URQ\n");
1453
1454         if (set_sig_addr_hook) {
1455                 ret = set_sig_addr_hook(pskb, ct, ctinfo, data,
1456                                         urq->callSignalAddress.item,
1457                                         urq->callSignalAddress.count);
1458                 if (ret < 0)
1459                         return -1;
1460         }
1461
1462         /* Clear old expect */
1463         ip_ct_remove_expectations(ct);
1464         info->sig_port[dir] = 0;
1465         info->sig_port[!dir] = 0;
1466
1467         /* Give it 30 seconds for UCF or URJ */
1468         ip_ct_refresh(ct, *pskb, 30 * HZ);
1469
1470         return 0;
1471 }
1472
1473 /****************************************************************************/
1474 static int process_arq(struct sk_buff **pskb, struct ip_conntrack *ct,
1475                        enum ip_conntrack_info ctinfo,
1476                        unsigned char **data, AdmissionRequest * arq)
1477 {
1478         struct ip_ct_h323_master *info = &ct->help.ct_h323_info;
1479         int dir = CTINFO2DIR(ctinfo);
1480         __be32 ip;
1481         u_int16_t port;
1482
1483         DEBUGP("ip_ct_ras: ARQ\n");
1484
1485         if ((arq->options & eAdmissionRequest_destCallSignalAddress) &&
1486             get_h225_addr(*data, &arq->destCallSignalAddress, &ip, &port) &&
1487             ip == ct->tuplehash[dir].tuple.src.ip &&
1488             port == info->sig_port[dir] && set_h225_addr_hook) {
1489                 /* Answering ARQ */
1490                 return set_h225_addr_hook(pskb, data, 0,
1491                                           &arq->destCallSignalAddress,
1492                                           ct->tuplehash[!dir].tuple.dst.ip,
1493                                           info->sig_port[!dir]);
1494         }
1495
1496         if ((arq->options & eAdmissionRequest_srcCallSignalAddress) &&
1497             get_h225_addr(*data, &arq->srcCallSignalAddress, &ip, &port) &&
1498             ip == ct->tuplehash[dir].tuple.src.ip && set_h225_addr_hook) {
1499                 /* Calling ARQ */
1500                 return set_h225_addr_hook(pskb, data, 0,
1501                                           &arq->srcCallSignalAddress,
1502                                           ct->tuplehash[!dir].tuple.dst.ip,
1503                                           port);
1504         }
1505
1506         return 0;
1507 }
1508
1509 /****************************************************************************/
1510 static int process_acf(struct sk_buff **pskb, struct ip_conntrack *ct,
1511                        enum ip_conntrack_info ctinfo,
1512                        unsigned char **data, AdmissionConfirm * acf)
1513 {
1514         int dir = CTINFO2DIR(ctinfo);
1515         int ret = 0;
1516         __be32 ip;
1517         u_int16_t port;
1518         struct ip_conntrack_expect *exp;
1519
1520         DEBUGP("ip_ct_ras: ACF\n");
1521
1522         if (!get_h225_addr(*data, &acf->destCallSignalAddress, &ip, &port))
1523                 return 0;
1524
1525         if (ip == ct->tuplehash[dir].tuple.dst.ip) {    /* Answering ACF */
1526                 if (set_sig_addr_hook)
1527                         return set_sig_addr_hook(pskb, ct, ctinfo, data,
1528                                                  &acf->destCallSignalAddress,
1529                                                  1);
1530                 return 0;
1531         }
1532
1533         /* Need new expect */
1534         if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
1535                 return -1;
1536         exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
1537         exp->tuple.src.u.tcp.port = 0;
1538         exp->tuple.dst.ip = ip;
1539         exp->tuple.dst.u.tcp.port = htons(port);
1540         exp->tuple.dst.protonum = IPPROTO_TCP;
1541         exp->mask.src.ip = htonl(0xFFFFFFFF);
1542         exp->mask.src.u.tcp.port = 0;
1543         exp->mask.dst.ip = htonl(0xFFFFFFFF);
1544         exp->mask.dst.u.tcp.port = htons(0xFFFF);
1545         exp->mask.dst.protonum = 0xFF;
1546         exp->flags = IP_CT_EXPECT_PERMANENT;
1547         exp->expectfn = ip_conntrack_q931_expect;
1548
1549         if (ip_conntrack_expect_related(exp) == 0) {
1550                 DEBUGP("ip_ct_ras: expect Q.931 "
1551                        "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
1552                        NIPQUAD(exp->tuple.src.ip),
1553                        ntohs(exp->tuple.src.u.tcp.port),
1554                        NIPQUAD(exp->tuple.dst.ip),
1555                        ntohs(exp->tuple.dst.u.tcp.port));
1556         } else
1557                 ret = -1;
1558
1559         ip_conntrack_expect_put(exp);
1560
1561         return ret;
1562 }
1563
1564 /****************************************************************************/
1565 static int process_lrq(struct sk_buff **pskb, struct ip_conntrack *ct,
1566                        enum ip_conntrack_info ctinfo,
1567                        unsigned char **data, LocationRequest * lrq)
1568 {
1569         DEBUGP("ip_ct_ras: LRQ\n");
1570
1571         if (set_ras_addr_hook)
1572                 return set_ras_addr_hook(pskb, ct, ctinfo, data,
1573                                          &lrq->replyAddress, 1);
1574         return 0;
1575 }
1576
1577 /****************************************************************************/
1578 static int process_lcf(struct sk_buff **pskb, struct ip_conntrack *ct,
1579                        enum ip_conntrack_info ctinfo,
1580                        unsigned char **data, LocationConfirm * lcf)
1581 {
1582         int dir = CTINFO2DIR(ctinfo);
1583         int ret = 0;
1584         __be32 ip;
1585         u_int16_t port;
1586         struct ip_conntrack_expect *exp = NULL;
1587
1588         DEBUGP("ip_ct_ras: LCF\n");
1589
1590         if (!get_h225_addr(*data, &lcf->callSignalAddress, &ip, &port))
1591                 return 0;
1592
1593         /* Need new expect for call signal */
1594         if ((exp = ip_conntrack_expect_alloc(ct)) == NULL)
1595                 return -1;
1596         exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
1597         exp->tuple.src.u.tcp.port = 0;
1598         exp->tuple.dst.ip = ip;
1599         exp->tuple.dst.u.tcp.port = htons(port);
1600         exp->tuple.dst.protonum = IPPROTO_TCP;
1601         exp->mask.src.ip = htonl(0xFFFFFFFF);
1602         exp->mask.src.u.tcp.port = 0;
1603         exp->mask.dst.ip = htonl(0xFFFFFFFF);
1604         exp->mask.dst.u.tcp.port = htons(0xFFFF);
1605         exp->mask.dst.protonum = 0xFF;
1606         exp->flags = IP_CT_EXPECT_PERMANENT;
1607         exp->expectfn = ip_conntrack_q931_expect;
1608
1609         if (ip_conntrack_expect_related(exp) == 0) {
1610                 DEBUGP("ip_ct_ras: expect Q.931 "
1611                        "%u.%u.%u.%u:%hu->%u.%u.%u.%u:%hu\n",
1612                        NIPQUAD(exp->tuple.src.ip),
1613                        ntohs(exp->tuple.src.u.tcp.port),
1614                        NIPQUAD(exp->tuple.dst.ip),
1615                        ntohs(exp->tuple.dst.u.tcp.port));
1616         } else
1617                 ret = -1;
1618
1619         ip_conntrack_expect_put(exp);
1620
1621         /* Ignore rasAddress */
1622
1623         return ret;
1624 }
1625
1626 /****************************************************************************/
1627 static int process_irr(struct sk_buff **pskb, struct ip_conntrack *ct,
1628                        enum ip_conntrack_info ctinfo,
1629                        unsigned char **data, InfoRequestResponse * irr)
1630 {
1631         int ret;
1632
1633         DEBUGP("ip_ct_ras: IRR\n");
1634
1635         if (set_ras_addr_hook) {
1636                 ret = set_ras_addr_hook(pskb, ct, ctinfo, data,
1637                                         &irr->rasAddress, 1);
1638                 if (ret < 0)
1639                         return -1;
1640         }
1641
1642         if (set_sig_addr_hook) {
1643                 ret = set_sig_addr_hook(pskb, ct, ctinfo, data,
1644                                         irr->callSignalAddress.item,
1645                                         irr->callSignalAddress.count);
1646                 if (ret < 0)
1647                         return -1;
1648         }
1649
1650         return 0;
1651 }
1652
1653 /****************************************************************************/
1654 static int process_ras(struct sk_buff **pskb, struct ip_conntrack *ct,
1655                        enum ip_conntrack_info ctinfo,
1656                        unsigned char **data, RasMessage * ras)
1657 {
1658         switch (ras->choice) {
1659         case eRasMessage_gatekeeperRequest:
1660                 return process_grq(pskb, ct, ctinfo, data,
1661                                    &ras->gatekeeperRequest);
1662         case eRasMessage_gatekeeperConfirm:
1663                 return process_gcf(pskb, ct, ctinfo, data,
1664                                    &ras->gatekeeperConfirm);
1665         case eRasMessage_registrationRequest:
1666                 return process_rrq(pskb, ct, ctinfo, data,
1667                                    &ras->registrationRequest);
1668         case eRasMessage_registrationConfirm:
1669                 return process_rcf(pskb, ct, ctinfo, data,
1670                                    &ras->registrationConfirm);
1671         case eRasMessage_unregistrationRequest:
1672                 return process_urq(pskb, ct, ctinfo, data,
1673                                    &ras->unregistrationRequest);
1674         case eRasMessage_admissionRequest:
1675                 return process_arq(pskb, ct, ctinfo, data,
1676                                    &ras->admissionRequest);
1677         case eRasMessage_admissionConfirm:
1678                 return process_acf(pskb, ct, ctinfo, data,
1679                                    &ras->admissionConfirm);
1680         case eRasMessage_locationRequest:
1681                 return process_lrq(pskb, ct, ctinfo, data,
1682                                    &ras->locationRequest);
1683         case eRasMessage_locationConfirm:
1684                 return process_lcf(pskb, ct, ctinfo, data,
1685                                    &ras->locationConfirm);
1686         case eRasMessage_infoRequestResponse:
1687                 return process_irr(pskb, ct, ctinfo, data,
1688                                    &ras->infoRequestResponse);
1689         default:
1690                 DEBUGP("ip_ct_ras: RAS message %d\n", ras->choice);
1691                 break;
1692         }
1693
1694         return 0;
1695 }
1696
1697 /****************************************************************************/
1698 static int ras_help(struct sk_buff **pskb, struct ip_conntrack *ct,
1699                     enum ip_conntrack_info ctinfo)
1700 {
1701         static RasMessage ras;
1702         unsigned char *data;
1703         int datalen = 0;
1704         int ret;
1705
1706         DEBUGP("ip_ct_ras: skblen = %u\n", (*pskb)->len);
1707
1708         spin_lock_bh(&ip_h323_lock);
1709
1710         /* Get UDP data */
1711         data = get_udp_data(pskb, &datalen);
1712         if (data == NULL)
1713                 goto accept;
1714         DEBUGP("ip_ct_ras: RAS message %u.%u.%u.%u->%u.%u.%u.%u, len=%d\n",
1715                NIPQUAD((*pskb)->nh.iph->saddr),
1716                NIPQUAD((*pskb)->nh.iph->daddr), datalen);
1717
1718         /* Decode RAS message */
1719         ret = DecodeRasMessage(data, datalen, &ras);
1720         if (ret < 0) {
1721                 if (net_ratelimit())
1722                         printk("ip_ct_ras: decoding error: %s\n",
1723                                ret == H323_ERROR_BOUND ?
1724                                "out of bound" : "out of range");
1725                 goto accept;
1726         }
1727
1728         /* Process RAS message */
1729         if (process_ras(pskb, ct, ctinfo, &data, &ras) < 0)
1730                 goto drop;
1731
1732       accept:
1733         spin_unlock_bh(&ip_h323_lock);
1734         return NF_ACCEPT;
1735
1736       drop:
1737         spin_unlock_bh(&ip_h323_lock);
1738         if (net_ratelimit())
1739                 printk("ip_ct_ras: packet dropped\n");
1740         return NF_DROP;
1741 }
1742
1743 /****************************************************************************/
1744 static struct ip_conntrack_helper ip_conntrack_helper_ras = {
1745         .name = "RAS",
1746         .me = THIS_MODULE,
1747         .max_expected = 32,
1748         .timeout = 240,
1749         .tuple = {.src = {.u = {__constant_htons(RAS_PORT)}},
1750                   .dst = {.protonum = IPPROTO_UDP}},
1751         .mask = {.src = {.u = {0xFFFE}},
1752                  .dst = {.protonum = 0xFF}},
1753         .help = ras_help,
1754 };
1755
1756 /****************************************************************************/
1757 static void ip_conntrack_ras_expect(struct ip_conntrack *new,
1758                                     struct ip_conntrack_expect *this)
1759 {
1760         write_lock_bh(&ip_conntrack_lock);
1761         new->helper = &ip_conntrack_helper_ras;
1762         write_unlock_bh(&ip_conntrack_lock);
1763 }
1764
1765 /****************************************************************************/
1766 /* Not __exit - called from init() */
1767 static void fini(void)
1768 {
1769         ip_conntrack_helper_unregister(&ip_conntrack_helper_ras);
1770         ip_conntrack_helper_unregister(&ip_conntrack_helper_q931);
1771         kfree(h323_buffer);
1772         DEBUGP("ip_ct_h323: fini\n");
1773 }
1774
1775 /****************************************************************************/
1776 static int __init init(void)
1777 {
1778         int ret;
1779
1780         h323_buffer = kmalloc(65536, GFP_KERNEL);
1781         if (!h323_buffer)
1782                 return -ENOMEM;
1783         if ((ret = ip_conntrack_helper_register(&ip_conntrack_helper_q931)) ||
1784             (ret = ip_conntrack_helper_register(&ip_conntrack_helper_ras))) {
1785                 fini();
1786                 return ret;
1787         }
1788         DEBUGP("ip_ct_h323: init success\n");
1789         return 0;
1790 }
1791
1792 /****************************************************************************/
1793 module_init(init);
1794 module_exit(fini);
1795
1796 EXPORT_SYMBOL_GPL(get_h225_addr);
1797 EXPORT_SYMBOL_GPL(ip_conntrack_h245_expect);
1798 EXPORT_SYMBOL_GPL(ip_conntrack_q931_expect);
1799 EXPORT_SYMBOL_GPL(set_h245_addr_hook);
1800 EXPORT_SYMBOL_GPL(set_h225_addr_hook);
1801 EXPORT_SYMBOL_GPL(set_sig_addr_hook);
1802 EXPORT_SYMBOL_GPL(set_ras_addr_hook);
1803 EXPORT_SYMBOL_GPL(nat_rtp_rtcp_hook);
1804 EXPORT_SYMBOL_GPL(nat_t120_hook);
1805 EXPORT_SYMBOL_GPL(nat_h245_hook);
1806 EXPORT_SYMBOL_GPL(nat_callforwarding_hook);
1807 EXPORT_SYMBOL_GPL(nat_q931_hook);
1808
1809 MODULE_AUTHOR("Jing Min Zhao <zhaojingmin@users.sourceforge.net>");
1810 MODULE_DESCRIPTION("H.323 connection tracking helper");
1811 MODULE_LICENSE("GPL");