Commit f587de0e authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller

[NETFILTER]: nf_conntrack/nf_nat: add H.323 helper port

Add IPv4 and IPv6 capable nf_conntrack port of the H.323 conntrack/NAT helper.
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 16958900
#ifndef _NF_CONNTRACK_H323_H
#define _NF_CONNTRACK_H323_H
#ifdef __KERNEL__
#include <linux/netfilter/nf_conntrack_h323_asn1.h>
#define RAS_PORT 1719
#define Q931_PORT 1720
#define H323_RTP_CHANNEL_MAX 4 /* Audio, video, FAX and other */
/* This structure exists only once per master */
struct nf_ct_h323_master {
/* Original and NATed Q.931 or H.245 signal ports */
__be16 sig_port[IP_CT_DIR_MAX];
/* Original and NATed RTP ports */
__be16 rtp_port[H323_RTP_CHANNEL_MAX][IP_CT_DIR_MAX];
union {
/* RAS connection timeout */
u_int32_t timeout;
/* Next TPKT length (for separate TPKT header and data) */
u_int16_t tpkt_len[IP_CT_DIR_MAX];
};
};
struct nf_conn;
extern int get_h225_addr(struct nf_conn *ct, unsigned char *data,
TransportAddress *taddr,
union nf_conntrack_address *addr, __be16 *port);
extern void nf_conntrack_h245_expect(struct nf_conn *new,
struct nf_conntrack_expect *this);
extern void nf_conntrack_q931_expect(struct nf_conn *new,
struct nf_conntrack_expect *this);
extern int (*set_h245_addr_hook) (struct sk_buff **pskb,
unsigned char **data, int dataoff,
H245_TransportAddress *taddr,
union nf_conntrack_address *addr,
__be16 port);
extern int (*set_h225_addr_hook) (struct sk_buff **pskb,
unsigned char **data, int dataoff,
TransportAddress *taddr,
union nf_conntrack_address *addr,
__be16 port);
extern int (*set_sig_addr_hook) (struct sk_buff **pskb,
struct nf_conn *ct,
enum ip_conntrack_info ctinfo,
unsigned char **data,
TransportAddress *taddr, int count);
extern int (*set_ras_addr_hook) (struct sk_buff **pskb,
struct nf_conn *ct,
enum ip_conntrack_info ctinfo,
unsigned char **data,
TransportAddress *taddr, int count);
extern int (*nat_rtp_rtcp_hook) (struct sk_buff **pskb,
struct nf_conn *ct,
enum ip_conntrack_info ctinfo,
unsigned char **data, int dataoff,
H245_TransportAddress *taddr,
__be16 port, __be16 rtp_port,
struct nf_conntrack_expect *rtp_exp,
struct nf_conntrack_expect *rtcp_exp);
extern int (*nat_t120_hook) (struct sk_buff **pskb, struct nf_conn *ct,
enum ip_conntrack_info ctinfo,
unsigned char **data, int dataoff,
H245_TransportAddress *taddr, __be16 port,
struct nf_conntrack_expect *exp);
extern int (*nat_h245_hook) (struct sk_buff **pskb, struct nf_conn *ct,
enum ip_conntrack_info ctinfo,
unsigned char **data, int dataoff,
TransportAddress *taddr, __be16 port,
struct nf_conntrack_expect *exp);
extern int (*nat_callforwarding_hook) (struct sk_buff **pskb,
struct nf_conn *ct,
enum ip_conntrack_info ctinfo,
unsigned char **data, int dataoff,
TransportAddress *taddr,
__be16 port,
struct nf_conntrack_expect *exp);
extern int (*nat_q931_hook) (struct sk_buff **pskb, struct nf_conn *ct,
enum ip_conntrack_info ctinfo,
unsigned char **data, TransportAddress *taddr,
int idx, __be16 port,
struct nf_conntrack_expect *exp);
#endif
#endif
/**************************************************************************** /****************************************************************************
* ip_conntrack_helper_h323_asn1.h - BER and PER decoding library for H.323 * ip_conntrack_h323_asn1.h - BER and PER decoding library for H.323
* conntrack/NAT module. * conntrack/NAT module.
* *
* Copyright (c) 2006 by Jing Min Zhao <zhaojingmin@users.sourceforge.net> * Copyright (c) 2006 by Jing Min Zhao <zhaojingmin@users.sourceforge.net>
* *
...@@ -34,13 +34,13 @@ ...@@ -34,13 +34,13 @@
* *
****************************************************************************/ ****************************************************************************/
#ifndef _IP_CONNTRACK_HELPER_H323_ASN1_H_ #ifndef _NF_CONNTRACK_HELPER_H323_ASN1_H_
#define _IP_CONNTRACK_HELPER_H323_ASN1_H_ #define _NF_CONNTRACK_HELPER_H323_ASN1_H_
/***************************************************************************** /*****************************************************************************
* H.323 Types * H.323 Types
****************************************************************************/ ****************************************************************************/
#include "ip_conntrack_helper_h323_types.h" #include "nf_conntrack_h323_types.h"
typedef struct { typedef struct {
enum { enum {
......
...@@ -10,6 +10,11 @@ typedef struct TransportAddress_ipAddress { /* SEQUENCE */ ...@@ -10,6 +10,11 @@ typedef struct TransportAddress_ipAddress { /* SEQUENCE */
unsigned ip; unsigned ip;
} TransportAddress_ipAddress; } TransportAddress_ipAddress;
typedef struct TransportAddress_ip6Address { /* SEQUENCE */
int options; /* No use */
unsigned ip6;
} TransportAddress_ip6Address;
typedef struct TransportAddress { /* CHOICE */ typedef struct TransportAddress { /* CHOICE */
enum { enum {
eTransportAddress_ipAddress, eTransportAddress_ipAddress,
...@@ -22,6 +27,7 @@ typedef struct TransportAddress { /* CHOICE */ ...@@ -22,6 +27,7 @@ typedef struct TransportAddress { /* CHOICE */
} choice; } choice;
union { union {
TransportAddress_ipAddress ipAddress; TransportAddress_ipAddress ipAddress;
TransportAddress_ip6Address ip6Address;
}; };
} TransportAddress; } TransportAddress;
...@@ -93,6 +99,11 @@ typedef struct UnicastAddress_iPAddress { /* SEQUENCE */ ...@@ -93,6 +99,11 @@ typedef struct UnicastAddress_iPAddress { /* SEQUENCE */
unsigned network; unsigned network;
} UnicastAddress_iPAddress; } UnicastAddress_iPAddress;
typedef struct UnicastAddress_iP6Address { /* SEQUENCE */
int options; /* No use */
unsigned network;
} UnicastAddress_iP6Address;
typedef struct UnicastAddress { /* CHOICE */ typedef struct UnicastAddress { /* CHOICE */
enum { enum {
eUnicastAddress_iPAddress, eUnicastAddress_iPAddress,
...@@ -105,6 +116,7 @@ typedef struct UnicastAddress { /* CHOICE */ ...@@ -105,6 +116,7 @@ typedef struct UnicastAddress { /* CHOICE */
} choice; } choice;
union { union {
UnicastAddress_iPAddress iPAddress; UnicastAddress_iPAddress iPAddress;
UnicastAddress_iP6Address iP6Address;
}; };
} UnicastAddress; } UnicastAddress;
......
header-y += ip_conntrack_helper.h header-y += ip_conntrack_helper.h
header-y += ip_conntrack_helper_h323_asn1.h
header-y += ip_conntrack_helper_h323_types.h
header-y += ip_conntrack_protocol.h header-y += ip_conntrack_protocol.h
header-y += ip_conntrack_sctp.h header-y += ip_conntrack_sctp.h
header-y += ip_conntrack_tcp.h header-y += ip_conntrack_tcp.h
......
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
#ifdef __KERNEL__ #ifdef __KERNEL__
#include <linux/netfilter_ipv4/ip_conntrack_helper_h323_asn1.h> #include <linux/netfilter/nf_conntrack_h323_asn1.h>
#define RAS_PORT 1719 #define RAS_PORT 1719
#define Q931_PORT 1720 #define Q931_PORT 1720
......
...@@ -41,11 +41,13 @@ union nf_conntrack_expect_proto { ...@@ -41,11 +41,13 @@ union nf_conntrack_expect_proto {
/* Add protocol helper include file here */ /* Add protocol helper include file here */
#include <linux/netfilter/nf_conntrack_ftp.h> #include <linux/netfilter/nf_conntrack_ftp.h>
#include <linux/netfilter/nf_conntrack_h323.h>
/* per conntrack: application helper private data */ /* per conntrack: application helper private data */
union nf_conntrack_help { union nf_conntrack_help {
/* insert conntrack helper private data (master) here */ /* insert conntrack helper private data (master) here */
struct nf_ct_ftp_master ct_ftp_info; struct nf_ct_ftp_master ct_ftp_info;
struct nf_ct_h323_master ct_h323_info;
}; };
#include <linux/types.h> #include <linux/types.h>
......
...@@ -41,6 +41,7 @@ struct nf_conntrack_expect ...@@ -41,6 +41,7 @@ struct nf_conntrack_expect
unsigned int flags; unsigned int flags;
#ifdef CONFIG_NF_NAT_NEEDED #ifdef CONFIG_NF_NAT_NEEDED
__be32 saved_ip;
/* This is the original per-proto part, used to map the /* This is the original per-proto part, used to map the
* expected connection the way the recipient expects. */ * expected connection the way the recipient expects. */
union nf_conntrack_man_proto saved_proto; union nf_conntrack_man_proto saved_proto;
......
...@@ -529,6 +529,11 @@ config IP_NF_NAT_H323 ...@@ -529,6 +529,11 @@ config IP_NF_NAT_H323
default IP_NF_NAT if IP_NF_H323=y default IP_NF_NAT if IP_NF_H323=y
default m if IP_NF_H323=m default m if IP_NF_H323=m
config NF_NAT_H323
tristate
depends on IP_NF_IPTABLES && NF_CONNTRACK && NF_NAT
default NF_NAT && NF_CONNTRACK_H323
config IP_NF_NAT_SIP config IP_NF_NAT_SIP
tristate tristate
depends on IP_NF_IPTABLES!=n && IP_NF_CONNTRACK!=n && IP_NF_NAT!=n depends on IP_NF_IPTABLES!=n && IP_NF_CONNTRACK!=n && IP_NF_NAT!=n
......
...@@ -15,7 +15,7 @@ endif ...@@ -15,7 +15,7 @@ endif
ip_conntrack_pptp-objs := ip_conntrack_helper_pptp.o ip_conntrack_proto_gre.o ip_conntrack_pptp-objs := ip_conntrack_helper_pptp.o ip_conntrack_proto_gre.o
ip_nat_pptp-objs := ip_nat_helper_pptp.o ip_nat_proto_gre.o ip_nat_pptp-objs := ip_nat_helper_pptp.o ip_nat_proto_gre.o
ip_conntrack_h323-objs := ip_conntrack_helper_h323.o ip_conntrack_helper_h323_asn1.o ip_conntrack_h323-objs := ip_conntrack_helper_h323.o ../../netfilter/nf_conntrack_h323_asn1.o
ip_nat_h323-objs := ip_nat_helper_h323.o ip_nat_h323-objs := ip_nat_helper_h323.o
# connection tracking # connection tracking
...@@ -52,6 +52,7 @@ obj-$(CONFIG_IP_NF_NAT_SIP) += ip_nat_sip.o ...@@ -52,6 +52,7 @@ obj-$(CONFIG_IP_NF_NAT_SIP) += ip_nat_sip.o
# NAT helpers (nf_conntrack) # NAT helpers (nf_conntrack)
obj-$(CONFIG_NF_NAT_AMANDA) += nf_nat_amanda.o obj-$(CONFIG_NF_NAT_AMANDA) += nf_nat_amanda.o
obj-$(CONFIG_NF_NAT_FTP) += nf_nat_ftp.o obj-$(CONFIG_NF_NAT_FTP) += nf_nat_ftp.o
obj-$(CONFIG_NF_NAT_H323) += nf_nat_h323.o
# generic IP tables # generic IP tables
obj-$(CONFIG_IP_NF_IPTABLES) += ip_tables.o obj-$(CONFIG_IP_NF_IPTABLES) += ip_tables.o
......
This diff is collapsed.
...@@ -160,6 +160,25 @@ config NF_CONNTRACK_FTP ...@@ -160,6 +160,25 @@ config NF_CONNTRACK_FTP
To compile it as a module, choose M here. If unsure, say N. To compile it as a module, choose M here. If unsure, say N.
config NF_CONNTRACK_H323
tristate "H.323 protocol support (EXPERIMENTAL)"
depends on EXPERIMENTAL && NF_CONNTRACK
help
H.323 is a VoIP signalling protocol from ITU-T. As one of the most
important VoIP protocols, it is widely used by voice hardware and
software including voice gateways, IP phones, Netmeeting, OpenPhone,
Gnomemeeting, etc.
With this module you can support H.323 on a connection tracking/NAT
firewall.
This module supports RAS, Fast Start, H.245 Tunnelling, Call
Forwarding, RTP/RTCP and T.120 based audio, video, fax, chat,
whiteboard, file transfer, etc. For more information, please
visit http://nath323.sourceforge.net/.
To compile it as a module, choose M here. If unsure, say N.
config NF_CT_NETLINK config NF_CT_NETLINK
tristate 'Connection tracking netlink interface (EXPERIMENTAL)' tristate 'Connection tracking netlink interface (EXPERIMENTAL)'
depends on EXPERIMENTAL && NF_CONNTRACK && NETFILTER_NETLINK depends on EXPERIMENTAL && NF_CONNTRACK && NETFILTER_NETLINK
......
...@@ -20,8 +20,11 @@ obj-$(CONFIG_NF_CT_PROTO_SCTP) += nf_conntrack_proto_sctp.o ...@@ -20,8 +20,11 @@ obj-$(CONFIG_NF_CT_PROTO_SCTP) += nf_conntrack_proto_sctp.o
obj-$(CONFIG_NF_CT_NETLINK) += nf_conntrack_netlink.o obj-$(CONFIG_NF_CT_NETLINK) += nf_conntrack_netlink.o
# connection tracking helpers # connection tracking helpers
nf_conntrack_h323-objs := nf_conntrack_h323_main.o nf_conntrack_h323_asn1.o
obj-$(CONFIG_NF_CONNTRACK_AMANDA) += nf_conntrack_amanda.o obj-$(CONFIG_NF_CONNTRACK_AMANDA) += nf_conntrack_amanda.o
obj-$(CONFIG_NF_CONNTRACK_FTP) += nf_conntrack_ftp.o obj-$(CONFIG_NF_CONNTRACK_FTP) += nf_conntrack_ftp.o
obj-$(CONFIG_NF_CONNTRACK_H323) += nf_conntrack_h323.o
# generic X tables # generic X tables
obj-$(CONFIG_NETFILTER_XTABLES) += x_tables.o xt_tcpudp.o obj-$(CONFIG_NETFILTER_XTABLES) += x_tables.o xt_tcpudp.o
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
#else #else
#include <stdio.h> #include <stdio.h>
#endif #endif
#include <linux/netfilter_ipv4/ip_conntrack_helper_h323_asn1.h> #include <linux/netfilter/nf_conntrack_h323_asn1.h>
/* Trace Flag */ /* Trace Flag */
#ifndef H323_TRACE #ifndef H323_TRACE
...@@ -144,7 +144,7 @@ static decoder_t Decoders[] = { ...@@ -144,7 +144,7 @@ static decoder_t Decoders[] = {
/**************************************************************************** /****************************************************************************
* H.323 Types * H.323 Types
****************************************************************************/ ****************************************************************************/
#include "ip_conntrack_helper_h323_types.c" #include "nf_conntrack_h323_types.c"
/**************************************************************************** /****************************************************************************
* Functions * Functions
......
This diff is collapsed.
...@@ -36,7 +36,8 @@ static field_t _TransportAddress_ipxAddress[] = { /* SEQUENCE */ ...@@ -36,7 +36,8 @@ static field_t _TransportAddress_ipxAddress[] = { /* SEQUENCE */
}; };
static field_t _TransportAddress_ip6Address[] = { /* SEQUENCE */ static field_t _TransportAddress_ip6Address[] = { /* SEQUENCE */
{FNAME("ip") OCTSTR, FIXD, 16, 0, SKIP, 0, NULL}, {FNAME("ip") OCTSTR, FIXD, 16, 0, DECODE,
offsetof(TransportAddress_ip6Address, ip6), NULL},
{FNAME("port") INT, WORD, 0, 0, SKIP, 0, NULL}, {FNAME("port") INT, WORD, 0, 0, SKIP, 0, NULL},
}; };
...@@ -65,8 +66,8 @@ static field_t _TransportAddress[] = { /* CHOICE */ ...@@ -65,8 +66,8 @@ static field_t _TransportAddress[] = { /* CHOICE */
_TransportAddress_ipSourceRoute}, _TransportAddress_ipSourceRoute},
{FNAME("ipxAddress") SEQ, 0, 3, 3, SKIP, 0, {FNAME("ipxAddress") SEQ, 0, 3, 3, SKIP, 0,
_TransportAddress_ipxAddress}, _TransportAddress_ipxAddress},
{FNAME("ip6Address") SEQ, 0, 2, 2, SKIP | EXT, 0, {FNAME("ip6Address") SEQ, 0, 2, 2, DECODE | EXT,
_TransportAddress_ip6Address}, offsetof(TransportAddress, ip6Address), _TransportAddress_ip6Address},
{FNAME("netBios") OCTSTR, FIXD, 16, 0, SKIP, 0, NULL}, {FNAME("netBios") OCTSTR, FIXD, 16, 0, SKIP, 0, NULL},
{FNAME("nsap") OCTSTR, 5, 1, 0, SKIP, 0, NULL}, {FNAME("nsap") OCTSTR, 5, 1, 0, SKIP, 0, NULL},
{FNAME("nonStandardAddress") SEQ, 0, 2, 2, SKIP, 0, {FNAME("nonStandardAddress") SEQ, 0, 2, 2, SKIP, 0,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment