armbian/linux-cix
0
0
Fork 0
mirror of https://github.com/armbian/linux-cix.git synced 2026-01-06 12:30:45 -08:00
Code Issues Packages Projects Releases Wiki Activity

[NETFILTER]: nf_conntrack/nf_nat: add H.323 helper port

Browse Source 
Add IPv4 and IPv6 capable nf_conntrack port of the H.323 conntrack/NAT helper.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Patrick McHardy
2006-12-02 22:08:46 -08:00
committed by David S. Miller
parent 1695890057
commit f587de0e2f
15 changed files with 2600 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
include/linux/netfilter/nf_conntrack_h323.h Normal file
View File

@@ -0,0 +1,92 @@
#ifndef _NF_CONNTRACK_H323_H
#define _NF_CONNTRACK_H323_H
#ifdef __KERNEL__
#include <linux/netfilter/nf_conntrack_h323_asn1.h>
#define RAS_PORT 1719
#define Q931_PORT 1720
#define H323_RTP_CHANNEL_MAX 4 /* Audio, video, FAX and other */
/* This structure exists only once per master */
struct nf_ct_h323_master {
/* Original and NATed Q.931 or H.245 signal ports */
__be16 sig_port[IP_CT_DIR_MAX];
/* Original and NATed RTP ports */
__be16 rtp_port[H323_RTP_CHANNEL_MAX][IP_CT_DIR_MAX];
union {
/* RAS connection timeout */
u_int32_t timeout;
/* Next TPKT length (for separate TPKT header and data) */
u_int16_t tpkt_len[IP_CT_DIR_MAX];
};
};
struct nf_conn;
extern int get_h225_addr(struct nf_conn *ct, unsigned char *data,
TransportAddress *taddr,
union nf_conntrack_address *addr, __be16 *port);
extern void nf_conntrack_h245_expect(struct nf_conn *new,
struct nf_conntrack_expect *this);
extern void nf_conntrack_q931_expect(struct nf_conn *new,
struct nf_conntrack_expect *this);
extern int (*set_h245_addr_hook) (struct sk_buff **pskb,
unsigned char **data, int dataoff,
H245_TransportAddress *taddr,
union nf_conntrack_address *addr,
__be16 port);
extern int (*set_h225_addr_hook) (struct sk_buff **pskb,
unsigned char **data, int dataoff,
TransportAddress *taddr,
union nf_conntrack_address *addr,
__be16 port);
extern int (*set_sig_addr_hook) (struct sk_buff **pskb,
struct nf_conn *ct,
enum ip_conntrack_info ctinfo,
unsigned char **data,
TransportAddress *taddr, int count);
extern int (*set_ras_addr_hook) (struct sk_buff **pskb,
struct nf_conn *ct,
enum ip_conntrack_info ctinfo,
unsigned char **data,
TransportAddress *taddr, int count);
extern int (*nat_rtp_rtcp_hook) (struct sk_buff **pskb,
struct nf_conn *ct,
enum ip_conntrack_info ctinfo,
unsigned char **data, int dataoff,
H245_TransportAddress *taddr,
__be16 port, __be16 rtp_port,
struct nf_conntrack_expect *rtp_exp,
struct nf_conntrack_expect *rtcp_exp);
extern int (*nat_t120_hook) (struct sk_buff **pskb, struct nf_conn *ct,
enum ip_conntrack_info ctinfo,
unsigned char **data, int dataoff,
H245_TransportAddress *taddr, __be16 port,
struct nf_conntrack_expect *exp);
extern int (*nat_h245_hook) (struct sk_buff **pskb, struct nf_conn *ct,
enum ip_conntrack_info ctinfo,
unsigned char **data, int dataoff,
TransportAddress *taddr, __be16 port,
struct nf_conntrack_expect *exp);
extern int (*nat_callforwarding_hook) (struct sk_buff **pskb,
struct nf_conn *ct,
enum ip_conntrack_info ctinfo,
unsigned char **data, int dataoff,
TransportAddress *taddr,
__be16 port,
struct nf_conntrack_expect *exp);
extern int (*nat_q931_hook) (struct sk_buff **pskb, struct nf_conn *ct,
enum ip_conntrack_info ctinfo,
unsigned char **data, TransportAddress *taddr,
int idx, __be16 port,
struct nf_conntrack_expect *exp);
#endif
#endif

10
include/linux/netfilter_ipv4/ip_conntrack_helper_h323_asn1.h → include/linux/netfilter/nf_conntrack_h323_asn1.h
View File

@@ -1,6 +1,6 @@
/****************************************************************************
* ip_conntrack_helper_h323_asn1.h - BER and PER decoding library for H.323
* conntrack/NAT module.
* ip_conntrack_h323_asn1.h - BER and PER decoding library for H.323
* conntrack/NAT module.
*
* Copyright (c) 2006 by Jing Min Zhao <zhaojingmin@users.sourceforge.net>
*
@@ -34,13 +34,13 @@
*
****************************************************************************/
#ifndef _IP_CONNTRACK_HELPER_H323_ASN1_H_
#define _IP_CONNTRACK_HELPER_H323_ASN1_H_
#ifndef _NF_CONNTRACK_HELPER_H323_ASN1_H_
#define _NF_CONNTRACK_HELPER_H323_ASN1_H_
/*****************************************************************************
* H.323 Types
****************************************************************************/
#include "ip_conntrack_helper_h323_types.h"
#include "nf_conntrack_h323_types.h"
typedef struct {
enum {

12
include/linux/netfilter_ipv4/ip_conntrack_helper_h323_types.h → include/linux/netfilter/nf_conntrack_h323_types.h
View File

@@ -10,6 +10,11 @@ typedef struct TransportAddress_ipAddress { /* SEQUENCE */
unsigned ip;
} TransportAddress_ipAddress;
typedef struct TransportAddress_ip6Address { /* SEQUENCE */
int options; /* No use */
unsigned ip6;
} TransportAddress_ip6Address;
typedef struct TransportAddress { /* CHOICE */
enum {
eTransportAddress_ipAddress,
@@ -22,6 +27,7 @@ typedef struct TransportAddress { /* CHOICE */
} choice;
union {
TransportAddress_ipAddress ipAddress;
TransportAddress_ip6Address ip6Address;
};
} TransportAddress;
@@ -93,6 +99,11 @@ typedef struct UnicastAddress_iPAddress { /* SEQUENCE */
unsigned network;
} UnicastAddress_iPAddress;
typedef struct UnicastAddress_iP6Address { /* SEQUENCE */
int options; /* No use */
unsigned network;
} UnicastAddress_iP6Address;
typedef struct UnicastAddress { /* CHOICE */
enum {
eUnicastAddress_iPAddress,
@@ -105,6 +116,7 @@ typedef struct UnicastAddress { /* CHOICE */
} choice;
union {
UnicastAddress_iPAddress iPAddress;
UnicastAddress_iP6Address iP6Address;
};
} UnicastAddress;

2
include/linux/netfilter_ipv4/Kbuild
View File

@@ -1,6 +1,4 @@
header-y += ip_conntrack_helper.h
header-y += ip_conntrack_helper_h323_asn1.h
header-y += ip_conntrack_helper_h323_types.h
header-y += ip_conntrack_protocol.h
header-y += ip_conntrack_sctp.h
header-y += ip_conntrack_tcp.h

2
include/linux/netfilter_ipv4/ip_conntrack_h323.h
View File

@@ -3,7 +3,7 @@
#ifdef __KERNEL__
#include <linux/netfilter_ipv4/ip_conntrack_helper_h323_asn1.h>
#include <linux/netfilter/nf_conntrack_h323_asn1.h>
#define RAS_PORT 1719
#define Q931_PORT 1720

2
include/net/netfilter/nf_conntrack.h
View File

@@ -41,11 +41,13 @@ union nf_conntrack_expect_proto {
/* Add protocol helper include file here */
#include <linux/netfilter/nf_conntrack_ftp.h>
#include <linux/netfilter/nf_conntrack_h323.h>
/* per conntrack: application helper private data */
union nf_conntrack_help {
/* insert conntrack helper private data (master) here */
struct nf_ct_ftp_master ct_ftp_info;
struct nf_ct_h323_master ct_h323_info;
};
#include <linux/types.h>

1
include/net/netfilter/nf_conntrack_expect.h
View File

@@ -41,6 +41,7 @@ struct nf_conntrack_expect
unsigned int flags;
#ifdef CONFIG_NF_NAT_NEEDED
__be32 saved_ip;
/* This is the original per-proto part, used to map the
* expected connection the way the recipient expects. */
union nf_conntrack_man_proto saved_proto;

5
net/ipv4/netfilter/Kconfig
View File

@@ -529,6 +529,11 @@ config IP_NF_NAT_H323
default IP_NF_NAT if IP_NF_H323=y
default m if IP_NF_H323=m
config NF_NAT_H323
tristate
depends on IP_NF_IPTABLES && NF_CONNTRACK && NF_NAT
default NF_NAT && NF_CONNTRACK_H323
config IP_NF_NAT_SIP
tristate
depends on IP_NF_IPTABLES!=n && IP_NF_CONNTRACK!=n && IP_NF_NAT!=n

3
net/ipv4/netfilter/Makefile
View File

@@ -15,7 +15,7 @@ endif
ip_conntrack_pptp-objs := ip_conntrack_helper_pptp.o ip_conntrack_proto_gre.o
ip_nat_pptp-objs := ip_nat_helper_pptp.o ip_nat_proto_gre.o
ip_conntrack_h323-objs := ip_conntrack_helper_h323.o ip_conntrack_helper_h323_asn1.o
ip_conntrack_h323-objs := ip_conntrack_helper_h323.o ../../netfilter/nf_conntrack_h323_asn1.o
ip_nat_h323-objs := ip_nat_helper_h323.o
# connection tracking
@@ -52,6 +52,7 @@ obj-$(CONFIG_IP_NF_NAT_SIP) += ip_nat_sip.o
# NAT helpers (nf_conntrack)
obj-$(CONFIG_NF_NAT_AMANDA) += nf_nat_amanda.o
obj-$(CONFIG_NF_NAT_FTP) += nf_nat_ftp.o
obj-$(CONFIG_NF_NAT_H323) += nf_nat_h323.o
# generic IP tables
obj-$(CONFIG_IP_NF_IPTABLES) += ip_tables.o

596
net/ipv4/netfilter/nf_nat_h323.c Normal file
View File

File diff suppressed because it is too large Load Diff

19
net/netfilter/Kconfig
View File

@@ -160,6 +160,25 @@ config NF_CONNTRACK_FTP
To compile it as a module, choose M here. If unsure, say N.
config NF_CONNTRACK_H323
tristate "H.323 protocol support (EXPERIMENTAL)"
depends on EXPERIMENTAL && NF_CONNTRACK
help
H.323 is a VoIP signalling protocol from ITU-T. As one of the most
important VoIP protocols, it is widely used by voice hardware and
software including voice gateways, IP phones, Netmeeting, OpenPhone,
Gnomemeeting, etc.
With this module you can support H.323 on a connection tracking/NAT
firewall.
This module supports RAS, Fast Start, H.245 Tunnelling, Call
Forwarding, RTP/RTCP and T.120 based audio, video, fax, chat,
whiteboard, file transfer, etc. For more information, please
visit http://nath323.sourceforge.net/.
To compile it as a module, choose M here. If unsure, say N.
config NF_CT_NETLINK
tristate 'Connection tracking netlink interface (EXPERIMENTAL)'
depends on EXPERIMENTAL && NF_CONNTRACK && NETFILTER_NETLINK

3
net/netfilter/Makefile
View File

@@ -20,8 +20,11 @@ obj-$(CONFIG_NF_CT_PROTO_SCTP) += nf_conntrack_proto_sctp.o
obj-$(CONFIG_NF_CT_NETLINK) += nf_conntrack_netlink.o
# connection tracking helpers
nf_conntrack_h323-objs := nf_conntrack_h323_main.o nf_conntrack_h323_asn1.o
obj-$(CONFIG_NF_CONNTRACK_AMANDA) += nf_conntrack_amanda.o
obj-$(CONFIG_NF_CONNTRACK_FTP) += nf_conntrack_ftp.o
obj-$(CONFIG_NF_CONNTRACK_H323) += nf_conntrack_h323.o
# generic X tables
obj-$(CONFIG_NETFILTER_XTABLES) += x_tables.o xt_tcpudp.o

4
net/ipv4/netfilter/ip_conntrack_helper_h323_asn1.c → net/netfilter/nf_conntrack_h323_asn1.c
View File

@@ -15,7 +15,7 @@
#else
#include <stdio.h>
#endif
#include <linux/netfilter_ipv4/ip_conntrack_helper_h323_asn1.h>
#include <linux/netfilter/nf_conntrack_h323_asn1.h>
/* Trace Flag */
#ifndef H323_TRACE
@@ -144,7 +144,7 @@ static decoder_t Decoders[] = {
/****************************************************************************
* H.323 Types
****************************************************************************/
#include "ip_conntrack_helper_h323_types.c"
#include "nf_conntrack_h323_types.c"
/****************************************************************************
* Functions

1856
net/netfilter/nf_conntrack_h323_main.c Normal file
View File

File diff suppressed because it is too large Load Diff

7
net/ipv4/netfilter/ip_conntrack_helper_h323_types.c → net/netfilter/nf_conntrack_h323_types.c
View File

@@ -36,7 +36,8 @@ static field_t _TransportAddress_ipxAddress[] = { /* SEQUENCE */
};
static field_t _TransportAddress_ip6Address[] = { /* SEQUENCE */
{FNAME("ip") OCTSTR, FIXD, 16, 0, SKIP, 0, NULL},
{FNAME("ip") OCTSTR, FIXD, 16, 0, DECODE,
offsetof(TransportAddress_ip6Address, ip6), NULL},
{FNAME("port") INT, WORD, 0, 0, SKIP, 0, NULL},
};
@@ -65,8 +66,8 @@ static field_t _TransportAddress[] = { /* CHOICE */
_TransportAddress_ipSourceRoute},
{FNAME("ipxAddress") SEQ, 0, 3, 3, SKIP, 0,
_TransportAddress_ipxAddress},
{FNAME("ip6Address") SEQ, 0, 2, 2, SKIP | EXT, 0,
_TransportAddress_ip6Address},
{FNAME("ip6Address") SEQ, 0, 2, 2, DECODE | EXT,
offsetof(TransportAddress, ip6Address), _TransportAddress_ip6Address},
{FNAME("netBios") OCTSTR, FIXD, 16, 0, SKIP, 0, NULL},
{FNAME("nsap") OCTSTR, 5, 1, 0, SKIP, 0, NULL},
{FNAME("nonStandardAddress") SEQ, 0, 2, 2, SKIP, 0,