[NETFILTER]: nf_conntrack/nf_nat: add H.323 helper port

Add IPv4 and IPv6 capable nf_conntrack port of the H.323 conntrack/NAT helper.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

7 files changed, 113 insertions, 8 deletions

diff --git a/include/linux/netfilter/nf_conntrack_h323.h b/include/linux/netfilter/nf_conntrack_h323.h
new file mode 100644
index 000000000000..08e2f4977c2e
--- /dev/null
+++ b/include/linux/netfilter/nf_conntrack_h323.h
@@ -0,0 +1,92 @@
+#ifndef _NF_CONNTRACK_H323_H
+#define _NF_CONNTRACK_H323_H
+
+#ifdef __KERNEL__
+
+#include <linux/netfilter/nf_conntrack_h323_asn1.h>
+
+#define RAS_PORT 1719
+#define Q931_PORT 1720
+#define H323_RTP_CHANNEL_MAX 4  /* Audio, video, FAX and other */
+
+/* This structure exists only once per master */
+struct nf_ct_h323_master {
+
+        /* Original and NATed Q.931 or H.245 signal ports */
+        __be16 sig_port[IP_CT_DIR_MAX];
+
+        /* Original and NATed RTP ports */
+        __be16 rtp_port[H323_RTP_CHANNEL_MAX][IP_CT_DIR_MAX];
+
+        union {
+                /* RAS connection timeout */
+                u_int32_t timeout;
+
+                /* Next TPKT length (for separate TPKT header and data) */
+                u_int16_t tpkt_len[IP_CT_DIR_MAX];
+        };
+};
+
+struct nf_conn;
+
+extern int get_h225_addr(struct nf_conn *ct, unsigned char *data,
+                         TransportAddress *taddr,
+                         union nf_conntrack_address *addr, __be16 *port);
+extern void nf_conntrack_h245_expect(struct nf_conn *new,
+                                     struct nf_conntrack_expect *this);
+extern void nf_conntrack_q931_expect(struct nf_conn *new,
+                                     struct nf_conntrack_expect *this);
+extern int (*set_h245_addr_hook) (struct sk_buff **pskb,
+                                  unsigned char **data, int dataoff,
+                                  H245_TransportAddress *taddr,
+                                  union nf_conntrack_address *addr,
+                                  __be16 port);
+extern int (*set_h225_addr_hook) (struct sk_buff **pskb,
+                                  unsigned char **data, int dataoff,
+                                  TransportAddress *taddr,
+                                  union nf_conntrack_address *addr,
+                                  __be16 port);
+extern int (*set_sig_addr_hook) (struct sk_buff **pskb,
+                                 struct nf_conn *ct,
+                                 enum ip_conntrack_info ctinfo,
+                                 unsigned char **data,
+                                 TransportAddress *taddr, int count);
+extern int (*set_ras_addr_hook) (struct sk_buff **pskb,
+                                 struct nf_conn *ct,
+                                 enum ip_conntrack_info ctinfo,
+                                 unsigned char **data,
+                                 TransportAddress *taddr, int count);
+extern int (*nat_rtp_rtcp_hook) (struct sk_buff **pskb,
+                                 struct nf_conn *ct,
+                                 enum ip_conntrack_info ctinfo,
+                                 unsigned char **data, int dataoff,
+                                 H245_TransportAddress *taddr,
+                                 __be16 port, __be16 rtp_port,
+                                 struct nf_conntrack_expect *rtp_exp,
+                                 struct nf_conntrack_expect *rtcp_exp);
+extern int (*nat_t120_hook) (struct sk_buff **pskb, struct nf_conn *ct,
+                             enum ip_conntrack_info ctinfo,
+                             unsigned char **data, int dataoff,
+                             H245_TransportAddress *taddr, __be16 port,
+                             struct nf_conntrack_expect *exp);
+extern int (*nat_h245_hook) (struct sk_buff **pskb, struct nf_conn *ct,
+                             enum ip_conntrack_info ctinfo,
+                             unsigned char **data, int dataoff,
+                             TransportAddress *taddr, __be16 port,
+                             struct nf_conntrack_expect *exp);
+extern int (*nat_callforwarding_hook) (struct sk_buff **pskb,
+                                       struct nf_conn *ct,
+                                       enum ip_conntrack_info ctinfo,
+                                       unsigned char **data, int dataoff,
+                                       TransportAddress *taddr,
+                                       __be16 port,
+                                       struct nf_conntrack_expect *exp);
+extern int (*nat_q931_hook) (struct sk_buff **pskb, struct nf_conn *ct,
+                             enum ip_conntrack_info ctinfo,
+                             unsigned char **data, TransportAddress *taddr,
+                             int idx, __be16 port,
+                             struct nf_conntrack_expect *exp);
+
+#endif
+
+#endif
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_helper_h323_asn1.h b/include/linux/netfilter/nf_conntrack_h323_asn1.h
index c6e9a0b6d30b..8dab5968fc7e 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack_helper_h323_asn1.h
+++ b/include/linux/netfilter/nf_conntrack_h323_asn1.h
@@ -1,6 +1,6 @@
 /****************************************************************************
- * ip_conntrack_helper_h323_asn1.h - BER and PER decoding library for H.323
- *                                   conntrack/NAT module.
+ * ip_conntrack_h323_asn1.h - BER and PER decoding library for H.323
+ *                            conntrack/NAT module.
  *
  * Copyright (c) 2006 by Jing Min Zhao <zhaojingmin@users.sourceforge.net>
  *
@@ -34,13 +34,13 @@
  *
  ****************************************************************************/
 
-#ifndef _IP_CONNTRACK_HELPER_H323_ASN1_H_
-#define _IP_CONNTRACK_HELPER_H323_ASN1_H_
+#ifndef _NF_CONNTRACK_HELPER_H323_ASN1_H_
+#define _NF_CONNTRACK_HELPER_H323_ASN1_H_
 
 /*****************************************************************************
  * H.323 Types
  ****************************************************************************/
-#include "ip_conntrack_helper_h323_types.h"
+#include "nf_conntrack_h323_types.h"
 
 typedef struct {
         enum {
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_helper_h323_types.h b/include/linux/netfilter/nf_conntrack_h323_types.h
index 3d4a773799fc..38d74d5c9700 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack_helper_h323_types.h
+++ b/include/linux/netfilter/nf_conntrack_h323_types.h
@@ -10,6 +10,11 @@ typedef struct TransportAddress_ipAddress {	/* SEQUENCE */
         unsigned ip;
 } TransportAddress_ipAddress;
 
+typedef struct TransportAddress_ip6Address {    /* SEQUENCE */
+        int options;            /* No use */
+        unsigned ip6;
+} TransportAddress_ip6Address;
+
 typedef struct TransportAddress {       /* CHOICE */
         enum {
                 eTransportAddress_ipAddress,
@@ -22,6 +27,7 @@ typedef struct TransportAddress {	/* CHOICE */
         } choice;
         union {
                 TransportAddress_ipAddress ipAddress;
+                TransportAddress_ip6Address ip6Address;
         };
 } TransportAddress;
 
@@ -93,6 +99,11 @@ typedef struct UnicastAddress_iPAddress {	/* SEQUENCE */
         unsigned network;
 } UnicastAddress_iPAddress;
 
+typedef struct UnicastAddress_iP6Address {      /* SEQUENCE */
+        int options;            /* No use */
+        unsigned network;
+} UnicastAddress_iP6Address;
+
 typedef struct UnicastAddress { /* CHOICE */
         enum {
                 eUnicastAddress_iPAddress,
@@ -105,6 +116,7 @@ typedef struct UnicastAddress {	/* CHOICE */
         } choice;
         union {
                 UnicastAddress_iPAddress iPAddress;
+                UnicastAddress_iP6Address iP6Address;
         };
 } UnicastAddress;
 
diff --git a/include/linux/netfilter_ipv4/Kbuild b/include/linux/netfilter_ipv4/Kbuild
index 591c1a809c00..180337801a86 100644
--- a/include/linux/netfilter_ipv4/Kbuild
+++ b/include/linux/netfilter_ipv4/Kbuild
@@ -1,6 +1,4 @@
 header-y += ip_conntrack_helper.h
-header-y += ip_conntrack_helper_h323_asn1.h
-header-y += ip_conntrack_helper_h323_types.h
 header-y += ip_conntrack_protocol.h
 header-y += ip_conntrack_sctp.h
 header-y += ip_conntrack_tcp.h
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_h323.h b/include/linux/netfilter_ipv4/ip_conntrack_h323.h
index 943cc6a4871d..18f769818f4e 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack_h323.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack_h323.h
@@ -3,7 +3,7 @@
 
 #ifdef __KERNEL__
 
-#include <linux/netfilter_ipv4/ip_conntrack_helper_h323_asn1.h>
+#include <linux/netfilter/nf_conntrack_h323_asn1.h>
 
 #define RAS_PORT 1719
 #define Q931_PORT 1720
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index 83694cfdfa8f..1646076933b1 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -41,11 +41,13 @@ union nf_conntrack_expect_proto {
 
 /* Add protocol helper include file here */
 #include <linux/netfilter/nf_conntrack_ftp.h>
+#include <linux/netfilter/nf_conntrack_h323.h>
 
 /* per conntrack: application helper private data */
 union nf_conntrack_help {
         /* insert conntrack helper private data (master) here */
         struct nf_ct_ftp_master ct_ftp_info;
+        struct nf_ct_h323_master ct_h323_info;
 };
 
 #include <linux/types.h>
diff --git a/include/net/netfilter/nf_conntrack_expect.h b/include/net/netfilter/nf_conntrack_expect.h
index 54a3d038beaa..cef3136e22a3 100644
--- a/include/net/netfilter/nf_conntrack_expect.h
+++ b/include/net/netfilter/nf_conntrack_expect.h
@@ -41,6 +41,7 @@ struct nf_conntrack_expect
         unsigned int flags;
 
 #ifdef CONFIG_NF_NAT_NEEDED
+        __be32 saved_ip;
         /* This is the original per-proto part, used to map the
          * expected connection the way the recipient expects. */
         union nf_conntrack_man_proto saved_proto;