aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/linux/netfilter/nf_conntrack_amanda.h1
-rw-r--r--include/linux/netfilter/nf_conntrack_ftp.h1
-rw-r--r--include/linux/netfilter/nf_conntrack_h323.h15
-rw-r--r--include/linux/netfilter/nf_conntrack_irc.h1
-rw-r--r--include/linux/netfilter/nf_conntrack_pptp.h2
-rw-r--r--include/linux/netfilter/nf_conntrack_sip.h12
-rw-r--r--include/net/netfilter/nf_nat_helper.h11
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c6
-rw-r--r--net/ipv4/netfilter/nf_nat_amanda.c3
-rw-r--r--net/ipv4/netfilter/nf_nat_ftp.c3
-rw-r--r--net/ipv4/netfilter/nf_nat_h323.c48
-rw-r--r--net/ipv4/netfilter/nf_nat_helper.c9
-rw-r--r--net/ipv4/netfilter/nf_nat_irc.c3
-rw-r--r--net/ipv4/netfilter/nf_nat_pptp.c6
-rw-r--r--net/ipv4/netfilter/nf_nat_sip.c96
-rw-r--r--net/netfilter/ipvs/ip_vs_ftp.c1
-rw-r--r--net/netfilter/nf_conntrack_amanda.c5
-rw-r--r--net/netfilter/nf_conntrack_ftp.c3
-rw-r--r--net/netfilter/nf_conntrack_h323_main.c191
-rw-r--r--net/netfilter/nf_conntrack_irc.c3
-rw-r--r--net/netfilter/nf_conntrack_pptp.c18
-rw-r--r--net/netfilter/nf_conntrack_sip.c95
22 files changed, 328 insertions, 205 deletions
diff --git a/include/linux/netfilter/nf_conntrack_amanda.h b/include/linux/netfilter/nf_conntrack_amanda.h
index 0bb5a6976bf3..4b59a1584959 100644
--- a/include/linux/netfilter/nf_conntrack_amanda.h
+++ b/include/linux/netfilter/nf_conntrack_amanda.h
@@ -4,6 +4,7 @@
4 4
5extern unsigned int (*nf_nat_amanda_hook)(struct sk_buff *skb, 5extern unsigned int (*nf_nat_amanda_hook)(struct sk_buff *skb,
6 enum ip_conntrack_info ctinfo, 6 enum ip_conntrack_info ctinfo,
7 unsigned int protoff,
7 unsigned int matchoff, 8 unsigned int matchoff,
8 unsigned int matchlen, 9 unsigned int matchlen,
9 struct nf_conntrack_expect *exp); 10 struct nf_conntrack_expect *exp);
diff --git a/include/linux/netfilter/nf_conntrack_ftp.h b/include/linux/netfilter/nf_conntrack_ftp.h
index 3e3aa08980c3..28f18df36525 100644
--- a/include/linux/netfilter/nf_conntrack_ftp.h
+++ b/include/linux/netfilter/nf_conntrack_ftp.h
@@ -34,6 +34,7 @@ struct nf_conntrack_expect;
34extern unsigned int (*nf_nat_ftp_hook)(struct sk_buff *skb, 34extern unsigned int (*nf_nat_ftp_hook)(struct sk_buff *skb,
35 enum ip_conntrack_info ctinfo, 35 enum ip_conntrack_info ctinfo,
36 enum nf_ct_ftp_type type, 36 enum nf_ct_ftp_type type,
37 unsigned int protoff,
37 unsigned int matchoff, 38 unsigned int matchoff,
38 unsigned int matchlen, 39 unsigned int matchlen,
39 struct nf_conntrack_expect *exp); 40 struct nf_conntrack_expect *exp);
diff --git a/include/linux/netfilter/nf_conntrack_h323.h b/include/linux/netfilter/nf_conntrack_h323.h
index 26f9226ea72b..f381020eee92 100644
--- a/include/linux/netfilter/nf_conntrack_h323.h
+++ b/include/linux/netfilter/nf_conntrack_h323.h
@@ -36,12 +36,12 @@ extern void nf_conntrack_h245_expect(struct nf_conn *new,
36 struct nf_conntrack_expect *this); 36 struct nf_conntrack_expect *this);
37extern void nf_conntrack_q931_expect(struct nf_conn *new, 37extern void nf_conntrack_q931_expect(struct nf_conn *new,
38 struct nf_conntrack_expect *this); 38 struct nf_conntrack_expect *this);
39extern int (*set_h245_addr_hook) (struct sk_buff *skb, 39extern int (*set_h245_addr_hook) (struct sk_buff *skb, unsigned int protoff,
40 unsigned char **data, int dataoff, 40 unsigned char **data, int dataoff,
41 H245_TransportAddress *taddr, 41 H245_TransportAddress *taddr,
42 union nf_inet_addr *addr, 42 union nf_inet_addr *addr,
43 __be16 port); 43 __be16 port);
44extern int (*set_h225_addr_hook) (struct sk_buff *skb, 44extern int (*set_h225_addr_hook) (struct sk_buff *skb, unsigned int protoff,
45 unsigned char **data, int dataoff, 45 unsigned char **data, int dataoff,
46 TransportAddress *taddr, 46 TransportAddress *taddr,
47 union nf_inet_addr *addr, 47 union nf_inet_addr *addr,
@@ -49,40 +49,45 @@ extern int (*set_h225_addr_hook) (struct sk_buff *skb,
49extern int (*set_sig_addr_hook) (struct sk_buff *skb, 49extern int (*set_sig_addr_hook) (struct sk_buff *skb,
50 struct nf_conn *ct, 50 struct nf_conn *ct,
51 enum ip_conntrack_info ctinfo, 51 enum ip_conntrack_info ctinfo,
52 unsigned char **data, 52 unsigned int protoff, unsigned char **data,
53 TransportAddress *taddr, int count); 53 TransportAddress *taddr, int count);
54extern int (*set_ras_addr_hook) (struct sk_buff *skb, 54extern int (*set_ras_addr_hook) (struct sk_buff *skb,
55 struct nf_conn *ct, 55 struct nf_conn *ct,
56 enum ip_conntrack_info ctinfo, 56 enum ip_conntrack_info ctinfo,
57 unsigned char **data, 57 unsigned int protoff, unsigned char **data,
58 TransportAddress *taddr, int count); 58 TransportAddress *taddr, int count);
59extern int (*nat_rtp_rtcp_hook) (struct sk_buff *skb, 59extern int (*nat_rtp_rtcp_hook) (struct sk_buff *skb,
60 struct nf_conn *ct, 60 struct nf_conn *ct,
61 enum ip_conntrack_info ctinfo, 61 enum ip_conntrack_info ctinfo,
62 unsigned char **data, int dataoff, 62 unsigned int protoff, unsigned char **data,
63 int dataoff,
63 H245_TransportAddress *taddr, 64 H245_TransportAddress *taddr,
64 __be16 port, __be16 rtp_port, 65 __be16 port, __be16 rtp_port,
65 struct nf_conntrack_expect *rtp_exp, 66 struct nf_conntrack_expect *rtp_exp,
66 struct nf_conntrack_expect *rtcp_exp); 67 struct nf_conntrack_expect *rtcp_exp);
67extern int (*nat_t120_hook) (struct sk_buff *skb, struct nf_conn *ct, 68extern int (*nat_t120_hook) (struct sk_buff *skb, struct nf_conn *ct,
68 enum ip_conntrack_info ctinfo, 69 enum ip_conntrack_info ctinfo,
70 unsigned int protoff,
69 unsigned char **data, int dataoff, 71 unsigned char **data, int dataoff,
70 H245_TransportAddress *taddr, __be16 port, 72 H245_TransportAddress *taddr, __be16 port,
71 struct nf_conntrack_expect *exp); 73 struct nf_conntrack_expect *exp);
72extern int (*nat_h245_hook) (struct sk_buff *skb, struct nf_conn *ct, 74extern int (*nat_h245_hook) (struct sk_buff *skb, struct nf_conn *ct,
73 enum ip_conntrack_info ctinfo, 75 enum ip_conntrack_info ctinfo,
76 unsigned int protoff,
74 unsigned char **data, int dataoff, 77 unsigned char **data, int dataoff,
75 TransportAddress *taddr, __be16 port, 78 TransportAddress *taddr, __be16 port,
76 struct nf_conntrack_expect *exp); 79 struct nf_conntrack_expect *exp);
77extern int (*nat_callforwarding_hook) (struct sk_buff *skb, 80extern int (*nat_callforwarding_hook) (struct sk_buff *skb,
78 struct nf_conn *ct, 81 struct nf_conn *ct,
79 enum ip_conntrack_info ctinfo, 82 enum ip_conntrack_info ctinfo,
83 unsigned int protoff,
80 unsigned char **data, int dataoff, 84 unsigned char **data, int dataoff,
81 TransportAddress *taddr, 85 TransportAddress *taddr,
82 __be16 port, 86 __be16 port,
83 struct nf_conntrack_expect *exp); 87 struct nf_conntrack_expect *exp);
84extern int (*nat_q931_hook) (struct sk_buff *skb, struct nf_conn *ct, 88extern int (*nat_q931_hook) (struct sk_buff *skb, struct nf_conn *ct,
85 enum ip_conntrack_info ctinfo, 89 enum ip_conntrack_info ctinfo,
90 unsigned int protoff,
86 unsigned char **data, TransportAddress *taddr, 91 unsigned char **data, TransportAddress *taddr,
87 int idx, __be16 port, 92 int idx, __be16 port,
88 struct nf_conntrack_expect *exp); 93 struct nf_conntrack_expect *exp);
diff --git a/include/linux/netfilter/nf_conntrack_irc.h b/include/linux/netfilter/nf_conntrack_irc.h
index 36282bf71b63..4bb9bae67176 100644
--- a/include/linux/netfilter/nf_conntrack_irc.h
+++ b/include/linux/netfilter/nf_conntrack_irc.h
@@ -7,6 +7,7 @@
7 7
8extern unsigned int (*nf_nat_irc_hook)(struct sk_buff *skb, 8extern unsigned int (*nf_nat_irc_hook)(struct sk_buff *skb,
9 enum ip_conntrack_info ctinfo, 9 enum ip_conntrack_info ctinfo,
10 unsigned int protoff,
10 unsigned int matchoff, 11 unsigned int matchoff,
11 unsigned int matchlen, 12 unsigned int matchlen,
12 struct nf_conntrack_expect *exp); 13 struct nf_conntrack_expect *exp);
diff --git a/include/linux/netfilter/nf_conntrack_pptp.h b/include/linux/netfilter/nf_conntrack_pptp.h
index 3bbde0c3a8a6..2ab2830316b7 100644
--- a/include/linux/netfilter/nf_conntrack_pptp.h
+++ b/include/linux/netfilter/nf_conntrack_pptp.h
@@ -303,12 +303,14 @@ struct nf_conntrack_expect;
303extern int 303extern int
304(*nf_nat_pptp_hook_outbound)(struct sk_buff *skb, 304(*nf_nat_pptp_hook_outbound)(struct sk_buff *skb,
305 struct nf_conn *ct, enum ip_conntrack_info ctinfo, 305 struct nf_conn *ct, enum ip_conntrack_info ctinfo,
306 unsigned int protoff,
306 struct PptpControlHeader *ctlh, 307 struct PptpControlHeader *ctlh,
307 union pptp_ctrl_union *pptpReq); 308 union pptp_ctrl_union *pptpReq);
308 309
309extern int 310extern int
310(*nf_nat_pptp_hook_inbound)(struct sk_buff *skb, 311(*nf_nat_pptp_hook_inbound)(struct sk_buff *skb,
311 struct nf_conn *ct, enum ip_conntrack_info ctinfo, 312 struct nf_conn *ct, enum ip_conntrack_info ctinfo,
313 unsigned int protoff,
312 struct PptpControlHeader *ctlh, 314 struct PptpControlHeader *ctlh,
313 union pptp_ctrl_union *pptpReq); 315 union pptp_ctrl_union *pptpReq);
314 316
diff --git a/include/linux/netfilter/nf_conntrack_sip.h b/include/linux/netfilter/nf_conntrack_sip.h
index 89f2a627f3f0..1afc669a393e 100644
--- a/include/linux/netfilter/nf_conntrack_sip.h
+++ b/include/linux/netfilter/nf_conntrack_sip.h
@@ -37,10 +37,12 @@ struct sdp_media_type {
37struct sip_handler { 37struct sip_handler {
38 const char *method; 38 const char *method;
39 unsigned int len; 39 unsigned int len;
40 int (*request)(struct sk_buff *skb, unsigned int dataoff, 40 int (*request)(struct sk_buff *skb, unsigned int protoff,
41 unsigned int dataoff,
41 const char **dptr, unsigned int *datalen, 42 const char **dptr, unsigned int *datalen,
42 unsigned int cseq); 43 unsigned int cseq);
43 int (*response)(struct sk_buff *skb, unsigned int dataoff, 44 int (*response)(struct sk_buff *skb, unsigned int protoff,
45 unsigned int dataoff,
44 const char **dptr, unsigned int *datalen, 46 const char **dptr, unsigned int *datalen,
45 unsigned int cseq, unsigned int code); 47 unsigned int cseq, unsigned int code);
46}; 48};
@@ -105,11 +107,13 @@ enum sdp_header_types {
105}; 107};
106 108
107extern unsigned int (*nf_nat_sip_hook)(struct sk_buff *skb, 109extern unsigned int (*nf_nat_sip_hook)(struct sk_buff *skb,
110 unsigned int protoff,
108 unsigned int dataoff, 111 unsigned int dataoff,
109 const char **dptr, 112 const char **dptr,
110 unsigned int *datalen); 113 unsigned int *datalen);
111extern void (*nf_nat_sip_seq_adjust_hook)(struct sk_buff *skb, s16 off); 114extern void (*nf_nat_sip_seq_adjust_hook)(struct sk_buff *skb, s16 off);
112extern unsigned int (*nf_nat_sip_expect_hook)(struct sk_buff *skb, 115extern unsigned int (*nf_nat_sip_expect_hook)(struct sk_buff *skb,
116 unsigned int protoff,
113 unsigned int dataoff, 117 unsigned int dataoff,
114 const char **dptr, 118 const char **dptr,
115 unsigned int *datalen, 119 unsigned int *datalen,
@@ -117,6 +121,7 @@ extern unsigned int (*nf_nat_sip_expect_hook)(struct sk_buff *skb,
117 unsigned int matchoff, 121 unsigned int matchoff,
118 unsigned int matchlen); 122 unsigned int matchlen);
119extern unsigned int (*nf_nat_sdp_addr_hook)(struct sk_buff *skb, 123extern unsigned int (*nf_nat_sdp_addr_hook)(struct sk_buff *skb,
124 unsigned int protoff,
120 unsigned int dataoff, 125 unsigned int dataoff,
121 const char **dptr, 126 const char **dptr,
122 unsigned int *datalen, 127 unsigned int *datalen,
@@ -125,6 +130,7 @@ extern unsigned int (*nf_nat_sdp_addr_hook)(struct sk_buff *skb,
125 enum sdp_header_types term, 130 enum sdp_header_types term,
126 const union nf_inet_addr *addr); 131 const union nf_inet_addr *addr);
127extern unsigned int (*nf_nat_sdp_port_hook)(struct sk_buff *skb, 132extern unsigned int (*nf_nat_sdp_port_hook)(struct sk_buff *skb,
133 unsigned int protoff,
128 unsigned int dataoff, 134 unsigned int dataoff,
129 const char **dptr, 135 const char **dptr,
130 unsigned int *datalen, 136 unsigned int *datalen,
@@ -132,12 +138,14 @@ extern unsigned int (*nf_nat_sdp_port_hook)(struct sk_buff *skb,
132 unsigned int matchlen, 138 unsigned int matchlen,
133 u_int16_t port); 139 u_int16_t port);
134extern unsigned int (*nf_nat_sdp_session_hook)(struct sk_buff *skb, 140extern unsigned int (*nf_nat_sdp_session_hook)(struct sk_buff *skb,
141 unsigned int protoff,
135 unsigned int dataoff, 142 unsigned int dataoff,
136 const char **dptr, 143 const char **dptr,
137 unsigned int *datalen, 144 unsigned int *datalen,
138 unsigned int sdpoff, 145 unsigned int sdpoff,
139 const union nf_inet_addr *addr); 146 const union nf_inet_addr *addr);
140extern unsigned int (*nf_nat_sdp_media_hook)(struct sk_buff *skb, 147extern unsigned int (*nf_nat_sdp_media_hook)(struct sk_buff *skb,
148 unsigned int protoff,
141 unsigned int dataoff, 149 unsigned int dataoff,
142 const char **dptr, 150 const char **dptr,
143 unsigned int *datalen, 151 unsigned int *datalen,
diff --git a/include/net/netfilter/nf_nat_helper.h b/include/net/netfilter/nf_nat_helper.h
index 7d8fb7b46c44..b4d6bfc2af03 100644
--- a/include/net/netfilter/nf_nat_helper.h
+++ b/include/net/netfilter/nf_nat_helper.h
@@ -10,6 +10,7 @@ struct sk_buff;
10extern int __nf_nat_mangle_tcp_packet(struct sk_buff *skb, 10extern int __nf_nat_mangle_tcp_packet(struct sk_buff *skb,
11 struct nf_conn *ct, 11 struct nf_conn *ct,
12 enum ip_conntrack_info ctinfo, 12 enum ip_conntrack_info ctinfo,
13 unsigned int protoff,
13 unsigned int match_offset, 14 unsigned int match_offset,
14 unsigned int match_len, 15 unsigned int match_len,
15 const char *rep_buffer, 16 const char *rep_buffer,
@@ -18,12 +19,13 @@ extern int __nf_nat_mangle_tcp_packet(struct sk_buff *skb,
18static inline int nf_nat_mangle_tcp_packet(struct sk_buff *skb, 19static inline int nf_nat_mangle_tcp_packet(struct sk_buff *skb,
19 struct nf_conn *ct, 20 struct nf_conn *ct,
20 enum ip_conntrack_info ctinfo, 21 enum ip_conntrack_info ctinfo,
22 unsigned int protoff,
21 unsigned int match_offset, 23 unsigned int match_offset,
22 unsigned int match_len, 24 unsigned int match_len,
23 const char *rep_buffer, 25 const char *rep_buffer,
24 unsigned int rep_len) 26 unsigned int rep_len)
25{ 27{
26 return __nf_nat_mangle_tcp_packet(skb, ct, ctinfo, 28 return __nf_nat_mangle_tcp_packet(skb, ct, ctinfo, protoff,
27 match_offset, match_len, 29 match_offset, match_len,
28 rep_buffer, rep_len, true); 30 rep_buffer, rep_len, true);
29} 31}
@@ -31,6 +33,7 @@ static inline int nf_nat_mangle_tcp_packet(struct sk_buff *skb,
31extern int nf_nat_mangle_udp_packet(struct sk_buff *skb, 33extern int nf_nat_mangle_udp_packet(struct sk_buff *skb,
32 struct nf_conn *ct, 34 struct nf_conn *ct,
33 enum ip_conntrack_info ctinfo, 35 enum ip_conntrack_info ctinfo,
36 unsigned int protoff,
34 unsigned int match_offset, 37 unsigned int match_offset,
35 unsigned int match_len, 38 unsigned int match_len,
36 const char *rep_buffer, 39 const char *rep_buffer,
@@ -41,10 +44,12 @@ extern void nf_nat_set_seq_adjust(struct nf_conn *ct,
41 __be32 seq, s16 off); 44 __be32 seq, s16 off);
42extern int nf_nat_seq_adjust(struct sk_buff *skb, 45extern int nf_nat_seq_adjust(struct sk_buff *skb,
43 struct nf_conn *ct, 46 struct nf_conn *ct,
44 enum ip_conntrack_info ctinfo); 47 enum ip_conntrack_info ctinfo,
48 unsigned int protoff);
45extern int (*nf_nat_seq_adjust_hook)(struct sk_buff *skb, 49extern int (*nf_nat_seq_adjust_hook)(struct sk_buff *skb,
46 struct nf_conn *ct, 50 struct nf_conn *ct,
47 enum ip_conntrack_info ctinfo); 51 enum ip_conntrack_info ctinfo,
52 unsigned int protoff);
48 53
49/* Setup NAT on this expected conntrack so it follows master, but goes 54/* Setup NAT on this expected conntrack so it follows master, but goes
50 * to port ct->master->saved_proto. */ 55 * to port ct->master->saved_proto. */
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index e7ff2dcab6ce..4ada3295d9a7 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -31,7 +31,8 @@
31 31
32int (*nf_nat_seq_adjust_hook)(struct sk_buff *skb, 32int (*nf_nat_seq_adjust_hook)(struct sk_buff *skb,
33 struct nf_conn *ct, 33 struct nf_conn *ct,
34 enum ip_conntrack_info ctinfo); 34 enum ip_conntrack_info ctinfo,
35 unsigned int protoff);
35EXPORT_SYMBOL_GPL(nf_nat_seq_adjust_hook); 36EXPORT_SYMBOL_GPL(nf_nat_seq_adjust_hook);
36 37
37static bool ipv4_pkt_to_tuple(const struct sk_buff *skb, unsigned int nhoff, 38static bool ipv4_pkt_to_tuple(const struct sk_buff *skb, unsigned int nhoff,
@@ -149,7 +150,8 @@ static unsigned int ipv4_confirm(unsigned int hooknum,
149 typeof(nf_nat_seq_adjust_hook) seq_adjust; 150 typeof(nf_nat_seq_adjust_hook) seq_adjust;
150 151
151 seq_adjust = rcu_dereference(nf_nat_seq_adjust_hook); 152 seq_adjust = rcu_dereference(nf_nat_seq_adjust_hook);
152 if (!seq_adjust || !seq_adjust(skb, ct, ctinfo)) { 153 if (!seq_adjust ||
154 !seq_adjust(skb, ct, ctinfo, ip_hdrlen(skb))) {
153 NF_CT_STAT_INC_ATOMIC(nf_ct_net(ct), drop); 155 NF_CT_STAT_INC_ATOMIC(nf_ct_net(ct), drop);
154 return NF_DROP; 156 return NF_DROP;
155 } 157 }
diff --git a/net/ipv4/netfilter/nf_nat_amanda.c b/net/ipv4/netfilter/nf_nat_amanda.c
index 3c04d24e2976..75464b62f5f2 100644
--- a/net/ipv4/netfilter/nf_nat_amanda.c
+++ b/net/ipv4/netfilter/nf_nat_amanda.c
@@ -26,6 +26,7 @@ MODULE_ALIAS("ip_nat_amanda");
26 26
27static unsigned int help(struct sk_buff *skb, 27static unsigned int help(struct sk_buff *skb,
28 enum ip_conntrack_info ctinfo, 28 enum ip_conntrack_info ctinfo,
29 unsigned int protoff,
29 unsigned int matchoff, 30 unsigned int matchoff,
30 unsigned int matchlen, 31 unsigned int matchlen,
31 struct nf_conntrack_expect *exp) 32 struct nf_conntrack_expect *exp)
@@ -61,7 +62,7 @@ static unsigned int help(struct sk_buff *skb,
61 62
62 sprintf(buffer, "%u", port); 63 sprintf(buffer, "%u", port);
63 ret = nf_nat_mangle_udp_packet(skb, exp->master, ctinfo, 64 ret = nf_nat_mangle_udp_packet(skb, exp->master, ctinfo,
64 matchoff, matchlen, 65 protoff, matchoff, matchlen,
65 buffer, strlen(buffer)); 66 buffer, strlen(buffer));
66 if (ret != NF_ACCEPT) 67 if (ret != NF_ACCEPT)
67 nf_ct_unexpect_related(exp); 68 nf_ct_unexpect_related(exp);
diff --git a/net/ipv4/netfilter/nf_nat_ftp.c b/net/ipv4/netfilter/nf_nat_ftp.c
index e462a957d080..5589f3af4a8e 100644
--- a/net/ipv4/netfilter/nf_nat_ftp.c
+++ b/net/ipv4/netfilter/nf_nat_ftp.c
@@ -55,6 +55,7 @@ static int nf_nat_ftp_fmt_cmd(enum nf_ct_ftp_type type,
55static unsigned int nf_nat_ftp(struct sk_buff *skb, 55static unsigned int nf_nat_ftp(struct sk_buff *skb,
56 enum ip_conntrack_info ctinfo, 56 enum ip_conntrack_info ctinfo,
57 enum nf_ct_ftp_type type, 57 enum nf_ct_ftp_type type,
58 unsigned int protoff,
58 unsigned int matchoff, 59 unsigned int matchoff,
59 unsigned int matchlen, 60 unsigned int matchlen,
60 struct nf_conntrack_expect *exp) 61 struct nf_conntrack_expect *exp)
@@ -100,7 +101,7 @@ static unsigned int nf_nat_ftp(struct sk_buff *skb,
100 101
101 pr_debug("calling nf_nat_mangle_tcp_packet\n"); 102 pr_debug("calling nf_nat_mangle_tcp_packet\n");
102 103
103 if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff, 104 if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo, protoff, matchoff,
104 matchlen, buffer, buflen)) 105 matchlen, buffer, buflen))
105 goto out; 106 goto out;
106 107
diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c
index c6784a18c1c4..d2c228db38b5 100644
--- a/net/ipv4/netfilter/nf_nat_h323.c
+++ b/net/ipv4/netfilter/nf_nat_h323.c
@@ -21,7 +21,7 @@
21#include <linux/netfilter/nf_conntrack_h323.h> 21#include <linux/netfilter/nf_conntrack_h323.h>
22 22
23/****************************************************************************/ 23/****************************************************************************/
24static int set_addr(struct sk_buff *skb, 24static int set_addr(struct sk_buff *skb, unsigned int protoff,
25 unsigned char **data, int dataoff, 25 unsigned char **data, int dataoff,
26 unsigned int addroff, __be32 ip, __be16 port) 26 unsigned int addroff, __be32 ip, __be16 port)
27{ 27{
@@ -40,7 +40,7 @@ static int set_addr(struct sk_buff *skb,
40 40
41 if (ip_hdr(skb)->protocol == IPPROTO_TCP) { 41 if (ip_hdr(skb)->protocol == IPPROTO_TCP) {
42 if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo, 42 if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo,
43 addroff, sizeof(buf), 43 protoff, addroff, sizeof(buf),
44 (char *) &buf, sizeof(buf))) { 44 (char *) &buf, sizeof(buf))) {
45 net_notice_ratelimited("nf_nat_h323: nf_nat_mangle_tcp_packet error\n"); 45 net_notice_ratelimited("nf_nat_h323: nf_nat_mangle_tcp_packet error\n");
46 return -1; 46 return -1;
@@ -54,7 +54,7 @@ static int set_addr(struct sk_buff *skb,
54 *data = skb->data + ip_hdrlen(skb) + th->doff * 4 + dataoff; 54 *data = skb->data + ip_hdrlen(skb) + th->doff * 4 + dataoff;
55 } else { 55 } else {
56 if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo, 56 if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo,
57 addroff, sizeof(buf), 57 protoff, addroff, sizeof(buf),
58 (char *) &buf, sizeof(buf))) { 58 (char *) &buf, sizeof(buf))) {
59 net_notice_ratelimited("nf_nat_h323: nf_nat_mangle_udp_packet error\n"); 59 net_notice_ratelimited("nf_nat_h323: nf_nat_mangle_udp_packet error\n");
60 return -1; 60 return -1;
@@ -69,22 +69,22 @@ static int set_addr(struct sk_buff *skb,
69} 69}
70 70
71/****************************************************************************/ 71/****************************************************************************/
72static int set_h225_addr(struct sk_buff *skb, 72static int set_h225_addr(struct sk_buff *skb, unsigned int protoff,
73 unsigned char **data, int dataoff, 73 unsigned char **data, int dataoff,
74 TransportAddress *taddr, 74 TransportAddress *taddr,
75 union nf_inet_addr *addr, __be16 port) 75 union nf_inet_addr *addr, __be16 port)
76{ 76{
77 return set_addr(skb, data, dataoff, taddr->ipAddress.ip, 77 return set_addr(skb, protoff, data, dataoff, taddr->ipAddress.ip,
78 addr->ip, port); 78 addr->ip, port);
79} 79}
80 80
81/****************************************************************************/ 81/****************************************************************************/
82static int set_h245_addr(struct sk_buff *skb, 82static int set_h245_addr(struct sk_buff *skb, unsigned protoff,
83 unsigned char **data, int dataoff, 83 unsigned char **data, int dataoff,
84 H245_TransportAddress *taddr, 84 H245_TransportAddress *taddr,
85 union nf_inet_addr *addr, __be16 port) 85 union nf_inet_addr *addr, __be16 port)
86{ 86{
87 return set_addr(skb, data, dataoff, 87 return set_addr(skb, protoff, data, dataoff,
88 taddr->unicastAddress.iPAddress.network, 88 taddr->unicastAddress.iPAddress.network,
89 addr->ip, port); 89 addr->ip, port);
90} 90}
@@ -92,7 +92,7 @@ static int set_h245_addr(struct sk_buff *skb,
92/****************************************************************************/ 92/****************************************************************************/
93static int set_sig_addr(struct sk_buff *skb, struct nf_conn *ct, 93static int set_sig_addr(struct sk_buff *skb, struct nf_conn *ct,
94 enum ip_conntrack_info ctinfo, 94 enum ip_conntrack_info ctinfo,
95 unsigned char **data, 95 unsigned int protoff, unsigned char **data,
96 TransportAddress *taddr, int count) 96 TransportAddress *taddr, int count)
97{ 97{
98 const struct nf_ct_h323_master *info = nfct_help_data(ct); 98 const struct nf_ct_h323_master *info = nfct_help_data(ct);
@@ -118,7 +118,8 @@ static int set_sig_addr(struct sk_buff *skb, struct nf_conn *ct,
118 &addr.ip, port, 118 &addr.ip, port,
119 &ct->tuplehash[!dir].tuple.dst.u3.ip, 119 &ct->tuplehash[!dir].tuple.dst.u3.ip,
120 info->sig_port[!dir]); 120 info->sig_port[!dir]);
121 return set_h225_addr(skb, data, 0, &taddr[i], 121 return set_h225_addr(skb, protoff, data, 0,
122 &taddr[i],
122 &ct->tuplehash[!dir]. 123 &ct->tuplehash[!dir].
123 tuple.dst.u3, 124 tuple.dst.u3,
124 info->sig_port[!dir]); 125 info->sig_port[!dir]);
@@ -129,7 +130,8 @@ static int set_sig_addr(struct sk_buff *skb, struct nf_conn *ct,
129 &addr.ip, port, 130 &addr.ip, port,
130 &ct->tuplehash[!dir].tuple.src.u3.ip, 131 &ct->tuplehash[!dir].tuple.src.u3.ip,
131 info->sig_port[!dir]); 132 info->sig_port[!dir]);
132 return set_h225_addr(skb, data, 0, &taddr[i], 133 return set_h225_addr(skb, protoff, data, 0,
134 &taddr[i],
133 &ct->tuplehash[!dir]. 135 &ct->tuplehash[!dir].
134 tuple.src.u3, 136 tuple.src.u3,
135 info->sig_port[!dir]); 137 info->sig_port[!dir]);
@@ -143,7 +145,7 @@ static int set_sig_addr(struct sk_buff *skb, struct nf_conn *ct,
143/****************************************************************************/ 145/****************************************************************************/
144static int set_ras_addr(struct sk_buff *skb, struct nf_conn *ct, 146static int set_ras_addr(struct sk_buff *skb, struct nf_conn *ct,
145 enum ip_conntrack_info ctinfo, 147 enum ip_conntrack_info ctinfo,
146 unsigned char **data, 148 unsigned int protoff, unsigned char **data,
147 TransportAddress *taddr, int count) 149 TransportAddress *taddr, int count)
148{ 150{
149 int dir = CTINFO2DIR(ctinfo); 151 int dir = CTINFO2DIR(ctinfo);
@@ -159,7 +161,7 @@ static int set_ras_addr(struct sk_buff *skb, struct nf_conn *ct,
159 &addr.ip, ntohs(port), 161 &addr.ip, ntohs(port),
160 &ct->tuplehash[!dir].tuple.dst.u3.ip, 162 &ct->tuplehash[!dir].tuple.dst.u3.ip,
161 ntohs(ct->tuplehash[!dir].tuple.dst.u.udp.port)); 163 ntohs(ct->tuplehash[!dir].tuple.dst.u.udp.port));
162 return set_h225_addr(skb, data, 0, &taddr[i], 164 return set_h225_addr(skb, protoff, data, 0, &taddr[i],
163 &ct->tuplehash[!dir].tuple.dst.u3, 165 &ct->tuplehash[!dir].tuple.dst.u3,
164 ct->tuplehash[!dir].tuple. 166 ct->tuplehash[!dir].tuple.
165 dst.u.udp.port); 167 dst.u.udp.port);
@@ -172,7 +174,7 @@ static int set_ras_addr(struct sk_buff *skb, struct nf_conn *ct,
172/****************************************************************************/ 174/****************************************************************************/
173static int nat_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct, 175static int nat_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
174 enum ip_conntrack_info ctinfo, 176 enum ip_conntrack_info ctinfo,
175 unsigned char **data, int dataoff, 177 unsigned int protoff, unsigned char **data, int dataoff,
176 H245_TransportAddress *taddr, 178 H245_TransportAddress *taddr,
177 __be16 port, __be16 rtp_port, 179 __be16 port, __be16 rtp_port,
178 struct nf_conntrack_expect *rtp_exp, 180 struct nf_conntrack_expect *rtp_exp,
@@ -244,7 +246,7 @@ static int nat_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
244 } 246 }
245 247
246 /* Modify signal */ 248 /* Modify signal */
247 if (set_h245_addr(skb, data, dataoff, taddr, 249 if (set_h245_addr(skb, protoff, data, dataoff, taddr,
248 &ct->tuplehash[!dir].tuple.dst.u3, 250 &ct->tuplehash[!dir].tuple.dst.u3,
249 htons((port & htons(1)) ? nated_port + 1 : 251 htons((port & htons(1)) ? nated_port + 1 :
250 nated_port)) == 0) { 252 nated_port)) == 0) {
@@ -275,7 +277,7 @@ static int nat_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
275/****************************************************************************/ 277/****************************************************************************/
276static int nat_t120(struct sk_buff *skb, struct nf_conn *ct, 278static int nat_t120(struct sk_buff *skb, struct nf_conn *ct,
277 enum ip_conntrack_info ctinfo, 279 enum ip_conntrack_info ctinfo,
278 unsigned char **data, int dataoff, 280 unsigned int protoff, unsigned char **data, int dataoff,
279 H245_TransportAddress *taddr, __be16 port, 281 H245_TransportAddress *taddr, __be16 port,
280 struct nf_conntrack_expect *exp) 282 struct nf_conntrack_expect *exp)
281{ 283{
@@ -307,7 +309,7 @@ static int nat_t120(struct sk_buff *skb, struct nf_conn *ct,
307 } 309 }
308 310
309 /* Modify signal */ 311 /* Modify signal */
310 if (set_h245_addr(skb, data, dataoff, taddr, 312 if (set_h245_addr(skb, protoff, data, dataoff, taddr,
311 &ct->tuplehash[!dir].tuple.dst.u3, 313 &ct->tuplehash[!dir].tuple.dst.u3,
312 htons(nated_port)) < 0) { 314 htons(nated_port)) < 0) {
313 nf_ct_unexpect_related(exp); 315 nf_ct_unexpect_related(exp);
@@ -326,7 +328,7 @@ static int nat_t120(struct sk_buff *skb, struct nf_conn *ct,
326/****************************************************************************/ 328/****************************************************************************/
327static int nat_h245(struct sk_buff *skb, struct nf_conn *ct, 329static int nat_h245(struct sk_buff *skb, struct nf_conn *ct,
328 enum ip_conntrack_info ctinfo, 330 enum ip_conntrack_info ctinfo,
329 unsigned char **data, int dataoff, 331 unsigned int protoff, unsigned char **data, int dataoff,
330 TransportAddress *taddr, __be16 port, 332 TransportAddress *taddr, __be16 port,
331 struct nf_conntrack_expect *exp) 333 struct nf_conntrack_expect *exp)
332{ 334{
@@ -363,7 +365,7 @@ static int nat_h245(struct sk_buff *skb, struct nf_conn *ct,
363 } 365 }
364 366
365 /* Modify signal */ 367 /* Modify signal */
366 if (set_h225_addr(skb, data, dataoff, taddr, 368 if (set_h225_addr(skb, protoff, data, dataoff, taddr,
367 &ct->tuplehash[!dir].tuple.dst.u3, 369 &ct->tuplehash[!dir].tuple.dst.u3,
368 htons(nated_port)) == 0) { 370 htons(nated_port)) == 0) {
369 /* Save ports */ 371 /* Save ports */
@@ -416,7 +418,8 @@ static void ip_nat_q931_expect(struct nf_conn *new,
416/****************************************************************************/ 418/****************************************************************************/
417static int nat_q931(struct sk_buff *skb, struct nf_conn *ct, 419static int nat_q931(struct sk_buff *skb, struct nf_conn *ct,
418 enum ip_conntrack_info ctinfo, 420 enum ip_conntrack_info ctinfo,
419 unsigned char **data, TransportAddress *taddr, int idx, 421 unsigned int protoff, unsigned char **data,
422 TransportAddress *taddr, int idx,
420 __be16 port, struct nf_conntrack_expect *exp) 423 __be16 port, struct nf_conntrack_expect *exp)
421{ 424{
422 struct nf_ct_h323_master *info = nfct_help_data(ct); 425 struct nf_ct_h323_master *info = nfct_help_data(ct);
@@ -453,7 +456,7 @@ static int nat_q931(struct sk_buff *skb, struct nf_conn *ct,
453 } 456 }
454 457
455 /* Modify signal */ 458 /* Modify signal */
456 if (set_h225_addr(skb, data, 0, &taddr[idx], 459 if (set_h225_addr(skb, protoff, data, 0, &taddr[idx],
457 &ct->tuplehash[!dir].tuple.dst.u3, 460 &ct->tuplehash[!dir].tuple.dst.u3,
458 htons(nated_port)) == 0) { 461 htons(nated_port)) == 0) {
459 /* Save ports */ 462 /* Save ports */
@@ -464,7 +467,7 @@ static int nat_q931(struct sk_buff *skb, struct nf_conn *ct,
464 if (idx > 0 && 467 if (idx > 0 &&
465 get_h225_addr(ct, *data, &taddr[0], &addr, &port) && 468 get_h225_addr(ct, *data, &taddr[0], &addr, &port) &&
466 (ntohl(addr.ip) & 0xff000000) == 0x7f000000) { 469 (ntohl(addr.ip) & 0xff000000) == 0x7f000000) {
467 set_h225_addr(skb, data, 0, &taddr[0], 470 set_h225_addr(skb, protoff, data, 0, &taddr[0],
468 &ct->tuplehash[!dir].tuple.dst.u3, 471 &ct->tuplehash[!dir].tuple.dst.u3,
469 info->sig_port[!dir]); 472 info->sig_port[!dir]);
470 } 473 }
@@ -507,6 +510,7 @@ static void ip_nat_callforwarding_expect(struct nf_conn *new,
507/****************************************************************************/ 510/****************************************************************************/
508static int nat_callforwarding(struct sk_buff *skb, struct nf_conn *ct, 511static int nat_callforwarding(struct sk_buff *skb, struct nf_conn *ct,
509 enum ip_conntrack_info ctinfo, 512 enum ip_conntrack_info ctinfo,
513 unsigned int protoff,
510 unsigned char **data, int dataoff, 514 unsigned char **data, int dataoff,
511 TransportAddress *taddr, __be16 port, 515 TransportAddress *taddr, __be16 port,
512 struct nf_conntrack_expect *exp) 516 struct nf_conntrack_expect *exp)
@@ -541,7 +545,7 @@ static int nat_callforwarding(struct sk_buff *skb, struct nf_conn *ct,
541 } 545 }
542 546
543 /* Modify signal */ 547 /* Modify signal */
544 if (!set_h225_addr(skb, data, dataoff, taddr, 548 if (!set_h225_addr(skb, protoff, data, dataoff, taddr,
545 &ct->tuplehash[!dir].tuple.dst.u3, 549 &ct->tuplehash[!dir].tuple.dst.u3,
546 htons(nated_port)) == 0) { 550 htons(nated_port)) == 0) {
547 nf_ct_unexpect_related(exp); 551 nf_ct_unexpect_related(exp);
diff --git a/net/ipv4/netfilter/nf_nat_helper.c b/net/ipv4/netfilter/nf_nat_helper.c
index 2e59ad0b90ca..2fefec5e757c 100644
--- a/net/ipv4/netfilter/nf_nat_helper.c
+++ b/net/ipv4/netfilter/nf_nat_helper.c
@@ -206,6 +206,7 @@ static void nf_nat_csum(struct sk_buff *skb, const struct iphdr *iph, void *data
206int __nf_nat_mangle_tcp_packet(struct sk_buff *skb, 206int __nf_nat_mangle_tcp_packet(struct sk_buff *skb,
207 struct nf_conn *ct, 207 struct nf_conn *ct,
208 enum ip_conntrack_info ctinfo, 208 enum ip_conntrack_info ctinfo,
209 unsigned int protoff,
209 unsigned int match_offset, 210 unsigned int match_offset,
210 unsigned int match_len, 211 unsigned int match_len,
211 const char *rep_buffer, 212 const char *rep_buffer,
@@ -257,6 +258,7 @@ int
257nf_nat_mangle_udp_packet(struct sk_buff *skb, 258nf_nat_mangle_udp_packet(struct sk_buff *skb,
258 struct nf_conn *ct, 259 struct nf_conn *ct,
259 enum ip_conntrack_info ctinfo, 260 enum ip_conntrack_info ctinfo,
261 unsigned int protoff,
260 unsigned int match_offset, 262 unsigned int match_offset,
261 unsigned int match_len, 263 unsigned int match_len,
262 const char *rep_buffer, 264 const char *rep_buffer,
@@ -387,7 +389,8 @@ nf_nat_sack_adjust(struct sk_buff *skb,
387int 389int
388nf_nat_seq_adjust(struct sk_buff *skb, 390nf_nat_seq_adjust(struct sk_buff *skb,
389 struct nf_conn *ct, 391 struct nf_conn *ct,
390 enum ip_conntrack_info ctinfo) 392 enum ip_conntrack_info ctinfo,
393 unsigned int protoff)
391{ 394{
392 struct tcphdr *tcph; 395 struct tcphdr *tcph;
393 int dir; 396 int dir;
@@ -401,10 +404,10 @@ nf_nat_seq_adjust(struct sk_buff *skb,
401 this_way = &nat->seq[dir]; 404 this_way = &nat->seq[dir];
402 other_way = &nat->seq[!dir]; 405 other_way = &nat->seq[!dir];
403 406
404 if (!skb_make_writable(skb, ip_hdrlen(skb) + sizeof(*tcph))) 407 if (!skb_make_writable(skb, protoff + sizeof(*tcph)))
405 return 0; 408 return 0;
406 409
407 tcph = (void *)skb->data + ip_hdrlen(skb); 410 tcph = (void *)skb->data + protoff;
408 if (after(ntohl(tcph->seq), this_way->correction_pos)) 411 if (after(ntohl(tcph->seq), this_way->correction_pos))
409 seqoff = this_way->offset_after; 412 seqoff = this_way->offset_after;
410 else 413 else
diff --git a/net/ipv4/netfilter/nf_nat_irc.c b/net/ipv4/netfilter/nf_nat_irc.c
index 979ae165f4ef..5b0c20a1f08d 100644
--- a/net/ipv4/netfilter/nf_nat_irc.c
+++ b/net/ipv4/netfilter/nf_nat_irc.c
@@ -29,6 +29,7 @@ MODULE_ALIAS("ip_nat_irc");
29 29
30static unsigned int help(struct sk_buff *skb, 30static unsigned int help(struct sk_buff *skb,
31 enum ip_conntrack_info ctinfo, 31 enum ip_conntrack_info ctinfo,
32 unsigned int protoff,
32 unsigned int matchoff, 33 unsigned int matchoff,
33 unsigned int matchlen, 34 unsigned int matchlen,
34 struct nf_conntrack_expect *exp) 35 struct nf_conntrack_expect *exp)
@@ -66,7 +67,7 @@ static unsigned int help(struct sk_buff *skb,
66 buffer, &ip, port); 67 buffer, &ip, port);
67 68
68 ret = nf_nat_mangle_tcp_packet(skb, exp->master, ctinfo, 69 ret = nf_nat_mangle_tcp_packet(skb, exp->master, ctinfo,
69 matchoff, matchlen, buffer, 70 protoff, matchoff, matchlen, buffer,
70 strlen(buffer)); 71 strlen(buffer));
71 if (ret != NF_ACCEPT) 72 if (ret != NF_ACCEPT)
72 nf_ct_unexpect_related(exp); 73 nf_ct_unexpect_related(exp);
diff --git a/net/ipv4/netfilter/nf_nat_pptp.c b/net/ipv4/netfilter/nf_nat_pptp.c
index 388140881ebe..31ef890d894b 100644
--- a/net/ipv4/netfilter/nf_nat_pptp.c
+++ b/net/ipv4/netfilter/nf_nat_pptp.c
@@ -113,6 +113,7 @@ static int
113pptp_outbound_pkt(struct sk_buff *skb, 113pptp_outbound_pkt(struct sk_buff *skb,
114 struct nf_conn *ct, 114 struct nf_conn *ct,
115 enum ip_conntrack_info ctinfo, 115 enum ip_conntrack_info ctinfo,
116 unsigned int protoff,
116 struct PptpControlHeader *ctlh, 117 struct PptpControlHeader *ctlh,
117 union pptp_ctrl_union *pptpReq) 118 union pptp_ctrl_union *pptpReq)
118 119
@@ -175,7 +176,7 @@ pptp_outbound_pkt(struct sk_buff *skb,
175 ntohs(REQ_CID(pptpReq, cid_off)), ntohs(new_callid)); 176 ntohs(REQ_CID(pptpReq, cid_off)), ntohs(new_callid));
176 177
177 /* mangle packet */ 178 /* mangle packet */
178 if (nf_nat_mangle_tcp_packet(skb, ct, ctinfo, 179 if (nf_nat_mangle_tcp_packet(skb, ct, ctinfo, protoff,
179 cid_off + sizeof(struct pptp_pkt_hdr) + 180 cid_off + sizeof(struct pptp_pkt_hdr) +
180 sizeof(struct PptpControlHeader), 181 sizeof(struct PptpControlHeader),
181 sizeof(new_callid), (char *)&new_callid, 182 sizeof(new_callid), (char *)&new_callid,
@@ -216,6 +217,7 @@ static int
216pptp_inbound_pkt(struct sk_buff *skb, 217pptp_inbound_pkt(struct sk_buff *skb,
217 struct nf_conn *ct, 218 struct nf_conn *ct,
218 enum ip_conntrack_info ctinfo, 219 enum ip_conntrack_info ctinfo,
220 unsigned int protoff,
219 struct PptpControlHeader *ctlh, 221 struct PptpControlHeader *ctlh,
220 union pptp_ctrl_union *pptpReq) 222 union pptp_ctrl_union *pptpReq)
221{ 223{
@@ -268,7 +270,7 @@ pptp_inbound_pkt(struct sk_buff *skb,
268 pr_debug("altering peer call id from 0x%04x to 0x%04x\n", 270 pr_debug("altering peer call id from 0x%04x to 0x%04x\n",
269 ntohs(REQ_CID(pptpReq, pcid_off)), ntohs(new_pcid)); 271 ntohs(REQ_CID(pptpReq, pcid_off)), ntohs(new_pcid));
270 272
271 if (nf_nat_mangle_tcp_packet(skb, ct, ctinfo, 273 if (nf_nat_mangle_tcp_packet(skb, ct, ctinfo, protoff,
272 pcid_off + sizeof(struct pptp_pkt_hdr) + 274 pcid_off + sizeof(struct pptp_pkt_hdr) +
273 sizeof(struct PptpControlHeader), 275 sizeof(struct PptpControlHeader),
274 sizeof(new_pcid), (char *)&new_pcid, 276 sizeof(new_pcid), (char *)&new_pcid,
diff --git a/net/ipv4/netfilter/nf_nat_sip.c b/net/ipv4/netfilter/nf_nat_sip.c
index 4ad9cf173992..df626af8413c 100644
--- a/net/ipv4/netfilter/nf_nat_sip.c
+++ b/net/ipv4/netfilter/nf_nat_sip.c
@@ -30,7 +30,8 @@ MODULE_DESCRIPTION("SIP NAT helper");
30MODULE_ALIAS("ip_nat_sip"); 30MODULE_ALIAS("ip_nat_sip");
31 31
32 32
33static unsigned int mangle_packet(struct sk_buff *skb, unsigned int dataoff, 33static unsigned int mangle_packet(struct sk_buff *skb, unsigned int protoff,
34 unsigned int dataoff,
34 const char **dptr, unsigned int *datalen, 35 const char **dptr, unsigned int *datalen,
35 unsigned int matchoff, unsigned int matchlen, 36 unsigned int matchoff, unsigned int matchlen,
36 const char *buffer, unsigned int buflen) 37 const char *buffer, unsigned int buflen)
@@ -46,7 +47,7 @@ static unsigned int mangle_packet(struct sk_buff *skb, unsigned int dataoff,
46 matchoff += dataoff - baseoff; 47 matchoff += dataoff - baseoff;
47 48
48 if (!__nf_nat_mangle_tcp_packet(skb, ct, ctinfo, 49 if (!__nf_nat_mangle_tcp_packet(skb, ct, ctinfo,
49 matchoff, matchlen, 50 protoff, matchoff, matchlen,
50 buffer, buflen, false)) 51 buffer, buflen, false))
51 return 0; 52 return 0;
52 } else { 53 } else {
@@ -54,7 +55,7 @@ static unsigned int mangle_packet(struct sk_buff *skb, unsigned int dataoff,
54 matchoff += dataoff - baseoff; 55 matchoff += dataoff - baseoff;
55 56
56 if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo, 57 if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo,
57 matchoff, matchlen, 58 protoff, matchoff, matchlen,
58 buffer, buflen)) 59 buffer, buflen))
59 return 0; 60 return 0;
60 } 61 }
@@ -65,7 +66,8 @@ static unsigned int mangle_packet(struct sk_buff *skb, unsigned int dataoff,
65 return 1; 66 return 1;
66} 67}
67 68
68static int map_addr(struct sk_buff *skb, unsigned int dataoff, 69static int map_addr(struct sk_buff *skb, unsigned int protoff,
70 unsigned int dataoff,
69 const char **dptr, unsigned int *datalen, 71 const char **dptr, unsigned int *datalen,
70 unsigned int matchoff, unsigned int matchlen, 72 unsigned int matchoff, unsigned int matchlen,
71 union nf_inet_addr *addr, __be16 port) 73 union nf_inet_addr *addr, __be16 port)
@@ -94,11 +96,12 @@ static int map_addr(struct sk_buff *skb, unsigned int dataoff,
94 96
95 buflen = sprintf(buffer, "%pI4:%u", &newaddr, ntohs(newport)); 97 buflen = sprintf(buffer, "%pI4:%u", &newaddr, ntohs(newport));
96 98
97 return mangle_packet(skb, dataoff, dptr, datalen, matchoff, matchlen, 99 return mangle_packet(skb, protoff, dataoff, dptr, datalen,
98 buffer, buflen); 100 matchoff, matchlen, buffer, buflen);
99} 101}
100 102
101static int map_sip_addr(struct sk_buff *skb, unsigned int dataoff, 103static int map_sip_addr(struct sk_buff *skb, unsigned int protoff,
104 unsigned int dataoff,
102 const char **dptr, unsigned int *datalen, 105 const char **dptr, unsigned int *datalen,
103 enum sip_header_types type) 106 enum sip_header_types type)
104{ 107{
@@ -111,11 +114,12 @@ static int map_sip_addr(struct sk_buff *skb, unsigned int dataoff,
111 if (ct_sip_parse_header_uri(ct, *dptr, NULL, *datalen, type, NULL, 114 if (ct_sip_parse_header_uri(ct, *dptr, NULL, *datalen, type, NULL,
112 &matchoff, &matchlen, &addr, &port) <= 0) 115 &matchoff, &matchlen, &addr, &port) <= 0)
113 return 1; 116 return 1;
114 return map_addr(skb, dataoff, dptr, datalen, matchoff, matchlen, 117 return map_addr(skb, protoff, dataoff, dptr, datalen,
115 &addr, port); 118 matchoff, matchlen, &addr, port);
116} 119}
117 120
118static unsigned int ip_nat_sip(struct sk_buff *skb, unsigned int dataoff, 121static unsigned int ip_nat_sip(struct sk_buff *skb, unsigned int protoff,
122 unsigned int dataoff,
119 const char **dptr, unsigned int *datalen) 123 const char **dptr, unsigned int *datalen)
120{ 124{
121 enum ip_conntrack_info ctinfo; 125 enum ip_conntrack_info ctinfo;
@@ -132,8 +136,8 @@ static unsigned int ip_nat_sip(struct sk_buff *skb, unsigned int dataoff,
132 if (ct_sip_parse_request(ct, *dptr, *datalen, 136 if (ct_sip_parse_request(ct, *dptr, *datalen,
133 &matchoff, &matchlen, 137 &matchoff, &matchlen,
134 &addr, &port) > 0 && 138 &addr, &port) > 0 &&
135 !map_addr(skb, dataoff, dptr, datalen, matchoff, matchlen, 139 !map_addr(skb, protoff, dataoff, dptr, datalen,
136 &addr, port)) 140 matchoff, matchlen, &addr, port))
137 return NF_DROP; 141 return NF_DROP;
138 request = 1; 142 request = 1;
139 } else 143 } else
@@ -164,8 +168,8 @@ static unsigned int ip_nat_sip(struct sk_buff *skb, unsigned int dataoff,
164 } 168 }
165 169
166 olen = *datalen; 170 olen = *datalen;
167 if (!map_addr(skb, dataoff, dptr, datalen, matchoff, matchlen, 171 if (!map_addr(skb, protoff, dataoff, dptr, datalen,
168 &addr, port)) 172 matchoff, matchlen, &addr, port))
169 return NF_DROP; 173 return NF_DROP;
170 174
171 matchend = matchoff + matchlen + *datalen - olen; 175 matchend = matchoff + matchlen + *datalen - olen;
@@ -179,7 +183,7 @@ static unsigned int ip_nat_sip(struct sk_buff *skb, unsigned int dataoff,
179 addr.ip != ct->tuplehash[!dir].tuple.dst.u3.ip) { 183 addr.ip != ct->tuplehash[!dir].tuple.dst.u3.ip) {
180 buflen = sprintf(buffer, "%pI4", 184 buflen = sprintf(buffer, "%pI4",
181 &ct->tuplehash[!dir].tuple.dst.u3.ip); 185 &ct->tuplehash[!dir].tuple.dst.u3.ip);
182 if (!mangle_packet(skb, dataoff, dptr, datalen, 186 if (!mangle_packet(skb, protoff, dataoff, dptr, datalen,
183 poff, plen, buffer, buflen)) 187 poff, plen, buffer, buflen))
184 return NF_DROP; 188 return NF_DROP;
185 } 189 }
@@ -193,7 +197,7 @@ static unsigned int ip_nat_sip(struct sk_buff *skb, unsigned int dataoff,
193 addr.ip != ct->tuplehash[!dir].tuple.src.u3.ip) { 197 addr.ip != ct->tuplehash[!dir].tuple.src.u3.ip) {
194 buflen = sprintf(buffer, "%pI4", 198 buflen = sprintf(buffer, "%pI4",
195 &ct->tuplehash[!dir].tuple.src.u3.ip); 199 &ct->tuplehash[!dir].tuple.src.u3.ip);
196 if (!mangle_packet(skb, dataoff, dptr, datalen, 200 if (!mangle_packet(skb, protoff, dataoff, dptr, datalen,
197 poff, plen, buffer, buflen)) 201 poff, plen, buffer, buflen))
198 return NF_DROP; 202 return NF_DROP;
199 } 203 }
@@ -207,7 +211,7 @@ static unsigned int ip_nat_sip(struct sk_buff *skb, unsigned int dataoff,
207 htons(n) != ct->tuplehash[!dir].tuple.src.u.udp.port) { 211 htons(n) != ct->tuplehash[!dir].tuple.src.u.udp.port) {
208 __be16 p = ct->tuplehash[!dir].tuple.src.u.udp.port; 212 __be16 p = ct->tuplehash[!dir].tuple.src.u.udp.port;
209 buflen = sprintf(buffer, "%u", ntohs(p)); 213 buflen = sprintf(buffer, "%u", ntohs(p));
210 if (!mangle_packet(skb, dataoff, dptr, datalen, 214 if (!mangle_packet(skb, protoff, dataoff, dptr, datalen,
211 poff, plen, buffer, buflen)) 215 poff, plen, buffer, buflen))
212 return NF_DROP; 216 return NF_DROP;
213 } 217 }
@@ -221,13 +225,14 @@ next:
221 SIP_HDR_CONTACT, &in_header, 225 SIP_HDR_CONTACT, &in_header,
222 &matchoff, &matchlen, 226 &matchoff, &matchlen,
223 &addr, &port) > 0) { 227 &addr, &port) > 0) {
224 if (!map_addr(skb, dataoff, dptr, datalen, matchoff, matchlen, 228 if (!map_addr(skb, protoff, dataoff, dptr, datalen,
229 matchoff, matchlen,
225 &addr, port)) 230 &addr, port))
226 return NF_DROP; 231 return NF_DROP;
227 } 232 }
228 233
229 if (!map_sip_addr(skb, dataoff, dptr, datalen, SIP_HDR_FROM) || 234 if (!map_sip_addr(skb, protoff, dataoff, dptr, datalen, SIP_HDR_FROM) ||
230 !map_sip_addr(skb, dataoff, dptr, datalen, SIP_HDR_TO)) 235 !map_sip_addr(skb, protoff, dataoff, dptr, datalen, SIP_HDR_TO))
231 return NF_DROP; 236 return NF_DROP;
232 237
233 return NF_ACCEPT; 238 return NF_ACCEPT;
@@ -272,7 +277,8 @@ static void ip_nat_sip_expected(struct nf_conn *ct,
272 } 277 }
273} 278}
274 279
275static unsigned int ip_nat_sip_expect(struct sk_buff *skb, unsigned int dataoff, 280static unsigned int ip_nat_sip_expect(struct sk_buff *skb, unsigned int protoff,
281 unsigned int dataoff,
276 const char **dptr, unsigned int *datalen, 282 const char **dptr, unsigned int *datalen,
277 struct nf_conntrack_expect *exp, 283 struct nf_conntrack_expect *exp,
278 unsigned int matchoff, 284 unsigned int matchoff,
@@ -326,7 +332,7 @@ static unsigned int ip_nat_sip_expect(struct sk_buff *skb, unsigned int dataoff,
326 if (exp->tuple.dst.u3.ip != exp->saved_ip || 332 if (exp->tuple.dst.u3.ip != exp->saved_ip ||
327 exp->tuple.dst.u.udp.port != exp->saved_proto.udp.port) { 333 exp->tuple.dst.u.udp.port != exp->saved_proto.udp.port) {
328 buflen = sprintf(buffer, "%pI4:%u", &newip, port); 334 buflen = sprintf(buffer, "%pI4:%u", &newip, port);
329 if (!mangle_packet(skb, dataoff, dptr, datalen, 335 if (!mangle_packet(skb, protoff, dataoff, dptr, datalen,
330 matchoff, matchlen, buffer, buflen)) 336 matchoff, matchlen, buffer, buflen))
331 goto err; 337 goto err;
332 } 338 }
@@ -337,7 +343,8 @@ err:
337 return NF_DROP; 343 return NF_DROP;
338} 344}
339 345
340static int mangle_content_len(struct sk_buff *skb, unsigned int dataoff, 346static int mangle_content_len(struct sk_buff *skb, unsigned int protoff,
347 unsigned int dataoff,
341 const char **dptr, unsigned int *datalen) 348 const char **dptr, unsigned int *datalen)
342{ 349{
343 enum ip_conntrack_info ctinfo; 350 enum ip_conntrack_info ctinfo;
@@ -359,11 +366,12 @@ static int mangle_content_len(struct sk_buff *skb, unsigned int dataoff,
359 return 0; 366 return 0;
360 367
361 buflen = sprintf(buffer, "%u", c_len); 368 buflen = sprintf(buffer, "%u", c_len);
362 return mangle_packet(skb, dataoff, dptr, datalen, matchoff, matchlen, 369 return mangle_packet(skb, protoff, dataoff, dptr, datalen,
363 buffer, buflen); 370 matchoff, matchlen, buffer, buflen);
364} 371}
365 372
366static int mangle_sdp_packet(struct sk_buff *skb, unsigned int dataoff, 373static int mangle_sdp_packet(struct sk_buff *skb, unsigned int protoff,
374 unsigned int dataoff,
367 const char **dptr, unsigned int *datalen, 375 const char **dptr, unsigned int *datalen,
368 unsigned int sdpoff, 376 unsigned int sdpoff,
369 enum sdp_header_types type, 377 enum sdp_header_types type,
@@ -377,11 +385,12 @@ static int mangle_sdp_packet(struct sk_buff *skb, unsigned int dataoff,
377 if (ct_sip_get_sdp_header(ct, *dptr, sdpoff, *datalen, type, term, 385 if (ct_sip_get_sdp_header(ct, *dptr, sdpoff, *datalen, type, term,
378 &matchoff, &matchlen) <= 0) 386 &matchoff, &matchlen) <= 0)
379 return -ENOENT; 387 return -ENOENT;
380 return mangle_packet(skb, dataoff, dptr, datalen, matchoff, matchlen, 388 return mangle_packet(skb, protoff, dataoff, dptr, datalen,
381 buffer, buflen) ? 0 : -EINVAL; 389 matchoff, matchlen, buffer, buflen) ? 0 : -EINVAL;
382} 390}
383 391
384static unsigned int ip_nat_sdp_addr(struct sk_buff *skb, unsigned int dataoff, 392static unsigned int ip_nat_sdp_addr(struct sk_buff *skb, unsigned int protoff,
393 unsigned int dataoff,
385 const char **dptr, unsigned int *datalen, 394 const char **dptr, unsigned int *datalen,
386 unsigned int sdpoff, 395 unsigned int sdpoff,
387 enum sdp_header_types type, 396 enum sdp_header_types type,
@@ -392,14 +401,15 @@ static unsigned int ip_nat_sdp_addr(struct sk_buff *skb, unsigned int dataoff,
392 unsigned int buflen; 401 unsigned int buflen;
393 402
394 buflen = sprintf(buffer, "%pI4", &addr->ip); 403 buflen = sprintf(buffer, "%pI4", &addr->ip);
395 if (mangle_sdp_packet(skb, dataoff, dptr, datalen, sdpoff, type, term, 404 if (mangle_sdp_packet(skb, protoff, dataoff, dptr, datalen,
396 buffer, buflen)) 405 sdpoff, type, term, buffer, buflen))
397 return 0; 406 return 0;
398 407
399 return mangle_content_len(skb, dataoff, dptr, datalen); 408 return mangle_content_len(skb, protoff, dataoff, dptr, datalen);
400} 409}
401 410
402static unsigned int ip_nat_sdp_port(struct sk_buff *skb, unsigned int dataoff, 411static unsigned int ip_nat_sdp_port(struct sk_buff *skb, unsigned int protoff,
412 unsigned int dataoff,
403 const char **dptr, unsigned int *datalen, 413 const char **dptr, unsigned int *datalen,
404 unsigned int matchoff, 414 unsigned int matchoff,
405 unsigned int matchlen, 415 unsigned int matchlen,
@@ -409,14 +419,15 @@ static unsigned int ip_nat_sdp_port(struct sk_buff *skb, unsigned int dataoff,
409 unsigned int buflen; 419 unsigned int buflen;
410 420
411 buflen = sprintf(buffer, "%u", port); 421 buflen = sprintf(buffer, "%u", port);
412 if (!mangle_packet(skb, dataoff, dptr, datalen, matchoff, matchlen, 422 if (!mangle_packet(skb, protoff, dataoff, dptr, datalen,
413 buffer, buflen)) 423 matchoff, matchlen, buffer, buflen))
414 return 0; 424 return 0;
415 425
416 return mangle_content_len(skb, dataoff, dptr, datalen); 426 return mangle_content_len(skb, protoff, dataoff, dptr, datalen);
417} 427}
418 428
419static unsigned int ip_nat_sdp_session(struct sk_buff *skb, unsigned int dataoff, 429static unsigned int ip_nat_sdp_session(struct sk_buff *skb, unsigned int protoff,
430 unsigned int dataoff,
420 const char **dptr, unsigned int *datalen, 431 const char **dptr, unsigned int *datalen,
421 unsigned int sdpoff, 432 unsigned int sdpoff,
422 const union nf_inet_addr *addr) 433 const union nf_inet_addr *addr)
@@ -426,12 +437,12 @@ static unsigned int ip_nat_sdp_session(struct sk_buff *skb, unsigned int dataoff
426 437
427 /* Mangle session description owner and contact addresses */ 438 /* Mangle session description owner and contact addresses */
428 buflen = sprintf(buffer, "%pI4", &addr->ip); 439 buflen = sprintf(buffer, "%pI4", &addr->ip);
429 if (mangle_sdp_packet(skb, dataoff, dptr, datalen, sdpoff, 440 if (mangle_sdp_packet(skb, protoff, dataoff, dptr, datalen, sdpoff,
430 SDP_HDR_OWNER_IP4, SDP_HDR_MEDIA, 441 SDP_HDR_OWNER_IP4, SDP_HDR_MEDIA,
431 buffer, buflen)) 442 buffer, buflen))
432 return 0; 443 return 0;
433 444
434 switch (mangle_sdp_packet(skb, dataoff, dptr, datalen, sdpoff, 445 switch (mangle_sdp_packet(skb, protoff, dataoff, dptr, datalen, sdpoff,
435 SDP_HDR_CONNECTION_IP4, SDP_HDR_MEDIA, 446 SDP_HDR_CONNECTION_IP4, SDP_HDR_MEDIA,
436 buffer, buflen)) { 447 buffer, buflen)) {
437 case 0: 448 case 0:
@@ -448,12 +459,13 @@ static unsigned int ip_nat_sdp_session(struct sk_buff *skb, unsigned int dataoff
448 return 0; 459 return 0;
449 } 460 }
450 461
451 return mangle_content_len(skb, dataoff, dptr, datalen); 462 return mangle_content_len(skb, protoff, dataoff, dptr, datalen);
452} 463}
453 464
454/* So, this packet has hit the connection tracking matching code. 465/* So, this packet has hit the connection tracking matching code.
455 Mangle it, and change the expectation to match the new version. */ 466 Mangle it, and change the expectation to match the new version. */
456static unsigned int ip_nat_sdp_media(struct sk_buff *skb, unsigned int dataoff, 467static unsigned int ip_nat_sdp_media(struct sk_buff *skb, unsigned int protoff,
468 unsigned int dataoff,
457 const char **dptr, unsigned int *datalen, 469 const char **dptr, unsigned int *datalen,
458 struct nf_conntrack_expect *rtp_exp, 470 struct nf_conntrack_expect *rtp_exp,
459 struct nf_conntrack_expect *rtcp_exp, 471 struct nf_conntrack_expect *rtcp_exp,
@@ -514,7 +526,7 @@ static unsigned int ip_nat_sdp_media(struct sk_buff *skb, unsigned int dataoff,
514 526
515 /* Update media port. */ 527 /* Update media port. */
516 if (rtp_exp->tuple.dst.u.udp.port != rtp_exp->saved_proto.udp.port && 528 if (rtp_exp->tuple.dst.u.udp.port != rtp_exp->saved_proto.udp.port &&
517 !ip_nat_sdp_port(skb, dataoff, dptr, datalen, 529 !ip_nat_sdp_port(skb, protoff, dataoff, dptr, datalen,
518 mediaoff, medialen, port)) 530 mediaoff, medialen, port))
519 goto err2; 531 goto err2;
520 532
diff --git a/net/netfilter/ipvs/ip_vs_ftp.c b/net/netfilter/ipvs/ip_vs_ftp.c
index ad70b7e4ac4a..4f53a5f04437 100644
--- a/net/netfilter/ipvs/ip_vs_ftp.c
+++ b/net/netfilter/ipvs/ip_vs_ftp.c
@@ -268,6 +268,7 @@ static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp,
268 * packet. 268 * packet.
269 */ 269 */
270 ret = nf_nat_mangle_tcp_packet(skb, ct, ctinfo, 270 ret = nf_nat_mangle_tcp_packet(skb, ct, ctinfo,
271 iph->ihl * 4,
271 start-data, end-start, 272 start-data, end-start,
272 buf, buf_len); 273 buf, buf_len);
273 if (ret) { 274 if (ret) {
diff --git a/net/netfilter/nf_conntrack_amanda.c b/net/netfilter/nf_conntrack_amanda.c
index 184c0dc6e437..e0212b5494b1 100644
--- a/net/netfilter/nf_conntrack_amanda.c
+++ b/net/netfilter/nf_conntrack_amanda.c
@@ -40,6 +40,7 @@ MODULE_PARM_DESC(ts_algo, "textsearch algorithm to use (default kmp)");
40 40
41unsigned int (*nf_nat_amanda_hook)(struct sk_buff *skb, 41unsigned int (*nf_nat_amanda_hook)(struct sk_buff *skb,
42 enum ip_conntrack_info ctinfo, 42 enum ip_conntrack_info ctinfo,
43 unsigned int protoff,
43 unsigned int matchoff, 44 unsigned int matchoff,
44 unsigned int matchlen, 45 unsigned int matchlen,
45 struct nf_conntrack_expect *exp) 46 struct nf_conntrack_expect *exp)
@@ -156,8 +157,8 @@ static int amanda_help(struct sk_buff *skb,
156 nf_nat_amanda = rcu_dereference(nf_nat_amanda_hook); 157 nf_nat_amanda = rcu_dereference(nf_nat_amanda_hook);
157 if (nf_nat_amanda && nf_ct_l3num(ct) == NFPROTO_IPV4 && 158 if (nf_nat_amanda && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
158 ct->status & IPS_NAT_MASK) 159 ct->status & IPS_NAT_MASK)
159 ret = nf_nat_amanda(skb, ctinfo, off - dataoff, 160 ret = nf_nat_amanda(skb, ctinfo, protoff,
160 len, exp); 161 off - dataoff, len, exp);
161 else if (nf_ct_expect_related(exp) != 0) 162 else if (nf_ct_expect_related(exp) != 0)
162 ret = NF_DROP; 163 ret = NF_DROP;
163 nf_ct_expect_put(exp); 164 nf_ct_expect_put(exp);
diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_conntrack_ftp.c
index 3e1587e63c03..c0f4a5ba9016 100644
--- a/net/netfilter/nf_conntrack_ftp.c
+++ b/net/netfilter/nf_conntrack_ftp.c
@@ -48,6 +48,7 @@ module_param(loose, bool, 0600);
48unsigned int (*nf_nat_ftp_hook)(struct sk_buff *skb, 48unsigned int (*nf_nat_ftp_hook)(struct sk_buff *skb,
49 enum ip_conntrack_info ctinfo, 49 enum ip_conntrack_info ctinfo,
50 enum nf_ct_ftp_type type, 50 enum nf_ct_ftp_type type,
51 unsigned int protoff,
51 unsigned int matchoff, 52 unsigned int matchoff,
52 unsigned int matchlen, 53 unsigned int matchlen,
53 struct nf_conntrack_expect *exp); 54 struct nf_conntrack_expect *exp);
@@ -490,7 +491,7 @@ static int help(struct sk_buff *skb,
490 if (nf_nat_ftp && nf_ct_l3num(ct) == NFPROTO_IPV4 && 491 if (nf_nat_ftp && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
491 ct->status & IPS_NAT_MASK) 492 ct->status & IPS_NAT_MASK)
492 ret = nf_nat_ftp(skb, ctinfo, search[dir][i].ftptype, 493 ret = nf_nat_ftp(skb, ctinfo, search[dir][i].ftptype,
493 matchoff, matchlen, exp); 494 protoff, matchoff, matchlen, exp);
494 else { 495 else {
495 /* Can't expect this? Best to drop packet now. */ 496 /* Can't expect this? Best to drop packet now. */
496 if (nf_ct_expect_related(exp) != 0) 497 if (nf_ct_expect_related(exp) != 0)
diff --git a/net/netfilter/nf_conntrack_h323_main.c b/net/netfilter/nf_conntrack_h323_main.c
index 517c5e3fe7c6..1b30b0dee708 100644
--- a/net/netfilter/nf_conntrack_h323_main.c
+++ b/net/netfilter/nf_conntrack_h323_main.c
@@ -49,12 +49,12 @@ MODULE_PARM_DESC(callforward_filter, "only create call forwarding expectations "
49 "(determined by routing information)"); 49 "(determined by routing information)");
50 50
51/* Hooks for NAT */ 51/* Hooks for NAT */
52int (*set_h245_addr_hook) (struct sk_buff *skb, 52int (*set_h245_addr_hook) (struct sk_buff *skb, unsigned int protoff,
53 unsigned char **data, int dataoff, 53 unsigned char **data, int dataoff,
54 H245_TransportAddress *taddr, 54 H245_TransportAddress *taddr,
55 union nf_inet_addr *addr, __be16 port) 55 union nf_inet_addr *addr, __be16 port)
56 __read_mostly; 56 __read_mostly;
57int (*set_h225_addr_hook) (struct sk_buff *skb, 57int (*set_h225_addr_hook) (struct sk_buff *skb, unsigned int protoff,
58 unsigned char **data, int dataoff, 58 unsigned char **data, int dataoff,
59 TransportAddress *taddr, 59 TransportAddress *taddr,
60 union nf_inet_addr *addr, __be16 port) 60 union nf_inet_addr *addr, __be16 port)
@@ -62,16 +62,17 @@ int (*set_h225_addr_hook) (struct sk_buff *skb,
62int (*set_sig_addr_hook) (struct sk_buff *skb, 62int (*set_sig_addr_hook) (struct sk_buff *skb,
63 struct nf_conn *ct, 63 struct nf_conn *ct,
64 enum ip_conntrack_info ctinfo, 64 enum ip_conntrack_info ctinfo,
65 unsigned char **data, 65 unsigned int protoff, unsigned char **data,
66 TransportAddress *taddr, int count) __read_mostly; 66 TransportAddress *taddr, int count) __read_mostly;
67int (*set_ras_addr_hook) (struct sk_buff *skb, 67int (*set_ras_addr_hook) (struct sk_buff *skb,
68 struct nf_conn *ct, 68 struct nf_conn *ct,
69 enum ip_conntrack_info ctinfo, 69 enum ip_conntrack_info ctinfo,
70 unsigned char **data, 70 unsigned int protoff, unsigned char **data,
71 TransportAddress *taddr, int count) __read_mostly; 71 TransportAddress *taddr, int count) __read_mostly;
72int (*nat_rtp_rtcp_hook) (struct sk_buff *skb, 72int (*nat_rtp_rtcp_hook) (struct sk_buff *skb,
73 struct nf_conn *ct, 73 struct nf_conn *ct,
74 enum ip_conntrack_info ctinfo, 74 enum ip_conntrack_info ctinfo,
75 unsigned int protoff,
75 unsigned char **data, int dataoff, 76 unsigned char **data, int dataoff,
76 H245_TransportAddress *taddr, 77 H245_TransportAddress *taddr,
77 __be16 port, __be16 rtp_port, 78 __be16 port, __be16 rtp_port,
@@ -80,24 +81,28 @@ int (*nat_rtp_rtcp_hook) (struct sk_buff *skb,
80int (*nat_t120_hook) (struct sk_buff *skb, 81int (*nat_t120_hook) (struct sk_buff *skb,
81 struct nf_conn *ct, 82 struct nf_conn *ct,
82 enum ip_conntrack_info ctinfo, 83 enum ip_conntrack_info ctinfo,
84 unsigned int protoff,
83 unsigned char **data, int dataoff, 85 unsigned char **data, int dataoff,
84 H245_TransportAddress *taddr, __be16 port, 86 H245_TransportAddress *taddr, __be16 port,
85 struct nf_conntrack_expect *exp) __read_mostly; 87 struct nf_conntrack_expect *exp) __read_mostly;
86int (*nat_h245_hook) (struct sk_buff *skb, 88int (*nat_h245_hook) (struct sk_buff *skb,
87 struct nf_conn *ct, 89 struct nf_conn *ct,
88 enum ip_conntrack_info ctinfo, 90 enum ip_conntrack_info ctinfo,
91 unsigned int protoff,
89 unsigned char **data, int dataoff, 92 unsigned char **data, int dataoff,
90 TransportAddress *taddr, __be16 port, 93 TransportAddress *taddr, __be16 port,
91 struct nf_conntrack_expect *exp) __read_mostly; 94 struct nf_conntrack_expect *exp) __read_mostly;
92int (*nat_callforwarding_hook) (struct sk_buff *skb, 95int (*nat_callforwarding_hook) (struct sk_buff *skb,
93 struct nf_conn *ct, 96 struct nf_conn *ct,
94 enum ip_conntrack_info ctinfo, 97 enum ip_conntrack_info ctinfo,
98 unsigned int protoff,
95 unsigned char **data, int dataoff, 99 unsigned char **data, int dataoff,
96 TransportAddress *taddr, __be16 port, 100 TransportAddress *taddr, __be16 port,
97 struct nf_conntrack_expect *exp) __read_mostly; 101 struct nf_conntrack_expect *exp) __read_mostly;
98int (*nat_q931_hook) (struct sk_buff *skb, 102int (*nat_q931_hook) (struct sk_buff *skb,
99 struct nf_conn *ct, 103 struct nf_conn *ct,
100 enum ip_conntrack_info ctinfo, 104 enum ip_conntrack_info ctinfo,
105 unsigned int protoff,
101 unsigned char **data, TransportAddress *taddr, int idx, 106 unsigned char **data, TransportAddress *taddr, int idx,
102 __be16 port, struct nf_conntrack_expect *exp) 107 __be16 port, struct nf_conntrack_expect *exp)
103 __read_mostly; 108 __read_mostly;
@@ -251,6 +256,7 @@ static int get_h245_addr(struct nf_conn *ct, const unsigned char *data,
251/****************************************************************************/ 256/****************************************************************************/
252static int expect_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct, 257static int expect_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
253 enum ip_conntrack_info ctinfo, 258 enum ip_conntrack_info ctinfo,
259 unsigned int protoff,
254 unsigned char **data, int dataoff, 260 unsigned char **data, int dataoff,
255 H245_TransportAddress *taddr) 261 H245_TransportAddress *taddr)
256{ 262{
@@ -298,7 +304,7 @@ static int expect_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
298 nf_ct_l3num(ct) == NFPROTO_IPV4 && 304 nf_ct_l3num(ct) == NFPROTO_IPV4 &&
299 ct->status & IPS_NAT_MASK) { 305 ct->status & IPS_NAT_MASK) {
300 /* NAT needed */ 306 /* NAT needed */
301 ret = nat_rtp_rtcp(skb, ct, ctinfo, data, dataoff, 307 ret = nat_rtp_rtcp(skb, ct, ctinfo, protoff, data, dataoff,
302 taddr, port, rtp_port, rtp_exp, rtcp_exp); 308 taddr, port, rtp_port, rtp_exp, rtcp_exp);
303 } else { /* Conntrack only */ 309 } else { /* Conntrack only */
304 if (nf_ct_expect_related(rtp_exp) == 0) { 310 if (nf_ct_expect_related(rtp_exp) == 0) {
@@ -325,6 +331,7 @@ static int expect_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
325static int expect_t120(struct sk_buff *skb, 331static int expect_t120(struct sk_buff *skb,
326 struct nf_conn *ct, 332 struct nf_conn *ct,
327 enum ip_conntrack_info ctinfo, 333 enum ip_conntrack_info ctinfo,
334 unsigned int protoff,
328 unsigned char **data, int dataoff, 335 unsigned char **data, int dataoff,
329 H245_TransportAddress *taddr) 336 H245_TransportAddress *taddr)
330{ 337{
@@ -357,7 +364,7 @@ static int expect_t120(struct sk_buff *skb,
357 nf_ct_l3num(ct) == NFPROTO_IPV4 && 364 nf_ct_l3num(ct) == NFPROTO_IPV4 &&
358 ct->status & IPS_NAT_MASK) { 365 ct->status & IPS_NAT_MASK) {
359 /* NAT needed */ 366 /* NAT needed */
360 ret = nat_t120(skb, ct, ctinfo, data, dataoff, taddr, 367 ret = nat_t120(skb, ct, ctinfo, protoff, data, dataoff, taddr,
361 port, exp); 368 port, exp);
362 } else { /* Conntrack only */ 369 } else { /* Conntrack only */
363 if (nf_ct_expect_related(exp) == 0) { 370 if (nf_ct_expect_related(exp) == 0) {
@@ -376,6 +383,7 @@ static int expect_t120(struct sk_buff *skb,
376static int process_h245_channel(struct sk_buff *skb, 383static int process_h245_channel(struct sk_buff *skb,
377 struct nf_conn *ct, 384 struct nf_conn *ct,
378 enum ip_conntrack_info ctinfo, 385 enum ip_conntrack_info ctinfo,
386 unsigned int protoff,
379 unsigned char **data, int dataoff, 387 unsigned char **data, int dataoff,
380 H2250LogicalChannelParameters *channel) 388 H2250LogicalChannelParameters *channel)
381{ 389{
@@ -383,7 +391,7 @@ static int process_h245_channel(struct sk_buff *skb,
383 391
384 if (channel->options & eH2250LogicalChannelParameters_mediaChannel) { 392 if (channel->options & eH2250LogicalChannelParameters_mediaChannel) {
385 /* RTP */ 393 /* RTP */
386 ret = expect_rtp_rtcp(skb, ct, ctinfo, data, dataoff, 394 ret = expect_rtp_rtcp(skb, ct, ctinfo, protoff, data, dataoff,
387 &channel->mediaChannel); 395 &channel->mediaChannel);
388 if (ret < 0) 396 if (ret < 0)
389 return -1; 397 return -1;
@@ -392,7 +400,7 @@ static int process_h245_channel(struct sk_buff *skb,
392 if (channel-> 400 if (channel->
393 options & eH2250LogicalChannelParameters_mediaControlChannel) { 401 options & eH2250LogicalChannelParameters_mediaControlChannel) {
394 /* RTCP */ 402 /* RTCP */
395 ret = expect_rtp_rtcp(skb, ct, ctinfo, data, dataoff, 403 ret = expect_rtp_rtcp(skb, ct, ctinfo, protoff, data, dataoff,
396 &channel->mediaControlChannel); 404 &channel->mediaControlChannel);
397 if (ret < 0) 405 if (ret < 0)
398 return -1; 406 return -1;
@@ -404,6 +412,7 @@ static int process_h245_channel(struct sk_buff *skb,
404/****************************************************************************/ 412/****************************************************************************/
405static int process_olc(struct sk_buff *skb, struct nf_conn *ct, 413static int process_olc(struct sk_buff *skb, struct nf_conn *ct,
406 enum ip_conntrack_info ctinfo, 414 enum ip_conntrack_info ctinfo,
415 unsigned int protoff,
407 unsigned char **data, int dataoff, 416 unsigned char **data, int dataoff,
408 OpenLogicalChannel *olc) 417 OpenLogicalChannel *olc)
409{ 418{
@@ -414,7 +423,8 @@ static int process_olc(struct sk_buff *skb, struct nf_conn *ct,
414 if (olc->forwardLogicalChannelParameters.multiplexParameters.choice == 423 if (olc->forwardLogicalChannelParameters.multiplexParameters.choice ==
415 eOpenLogicalChannel_forwardLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters) 424 eOpenLogicalChannel_forwardLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)
416 { 425 {
417 ret = process_h245_channel(skb, ct, ctinfo, data, dataoff, 426 ret = process_h245_channel(skb, ct, ctinfo,
427 protoff, data, dataoff,
418 &olc-> 428 &olc->
419 forwardLogicalChannelParameters. 429 forwardLogicalChannelParameters.
420 multiplexParameters. 430 multiplexParameters.
@@ -432,7 +442,8 @@ static int process_olc(struct sk_buff *skb, struct nf_conn *ct,
432 eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)) 442 eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters))
433 { 443 {
434 ret = 444 ret =
435 process_h245_channel(skb, ct, ctinfo, data, dataoff, 445 process_h245_channel(skb, ct, ctinfo,
446 protoff, data, dataoff,
436 &olc-> 447 &olc->
437 reverseLogicalChannelParameters. 448 reverseLogicalChannelParameters.
438 multiplexParameters. 449 multiplexParameters.
@@ -450,7 +461,7 @@ static int process_olc(struct sk_buff *skb, struct nf_conn *ct,
450 t120.choice == eDataProtocolCapability_separateLANStack && 461 t120.choice == eDataProtocolCapability_separateLANStack &&
451 olc->separateStack.networkAddress.choice == 462 olc->separateStack.networkAddress.choice ==
452 eNetworkAccessParameters_networkAddress_localAreaAddress) { 463 eNetworkAccessParameters_networkAddress_localAreaAddress) {
453 ret = expect_t120(skb, ct, ctinfo, data, dataoff, 464 ret = expect_t120(skb, ct, ctinfo, protoff, data, dataoff,
454 &olc->separateStack.networkAddress. 465 &olc->separateStack.networkAddress.
455 localAreaAddress); 466 localAreaAddress);
456 if (ret < 0) 467 if (ret < 0)
@@ -463,7 +474,7 @@ static int process_olc(struct sk_buff *skb, struct nf_conn *ct,
463/****************************************************************************/ 474/****************************************************************************/
464static int process_olca(struct sk_buff *skb, struct nf_conn *ct, 475static int process_olca(struct sk_buff *skb, struct nf_conn *ct,
465 enum ip_conntrack_info ctinfo, 476 enum ip_conntrack_info ctinfo,
466 unsigned char **data, int dataoff, 477 unsigned int protoff, unsigned char **data, int dataoff,
467 OpenLogicalChannelAck *olca) 478 OpenLogicalChannelAck *olca)
468{ 479{
469 H2250LogicalChannelAckParameters *ack; 480 H2250LogicalChannelAckParameters *ack;
@@ -479,7 +490,8 @@ static int process_olca(struct sk_buff *skb, struct nf_conn *ct,
479 choice == 490 choice ==
480 eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)) 491 eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters))
481 { 492 {
482 ret = process_h245_channel(skb, ct, ctinfo, data, dataoff, 493 ret = process_h245_channel(skb, ct, ctinfo,
494 protoff, data, dataoff,
483 &olca-> 495 &olca->
484 reverseLogicalChannelParameters. 496 reverseLogicalChannelParameters.
485 multiplexParameters. 497 multiplexParameters.
@@ -498,7 +510,8 @@ static int process_olca(struct sk_buff *skb, struct nf_conn *ct,
498 if (ack->options & 510 if (ack->options &
499 eH2250LogicalChannelAckParameters_mediaChannel) { 511 eH2250LogicalChannelAckParameters_mediaChannel) {
500 /* RTP */ 512 /* RTP */
501 ret = expect_rtp_rtcp(skb, ct, ctinfo, data, dataoff, 513 ret = expect_rtp_rtcp(skb, ct, ctinfo,
514 protoff, data, dataoff,
502 &ack->mediaChannel); 515 &ack->mediaChannel);
503 if (ret < 0) 516 if (ret < 0)
504 return -1; 517 return -1;
@@ -507,7 +520,8 @@ static int process_olca(struct sk_buff *skb, struct nf_conn *ct,
507 if (ack->options & 520 if (ack->options &
508 eH2250LogicalChannelAckParameters_mediaControlChannel) { 521 eH2250LogicalChannelAckParameters_mediaControlChannel) {
509 /* RTCP */ 522 /* RTCP */
510 ret = expect_rtp_rtcp(skb, ct, ctinfo, data, dataoff, 523 ret = expect_rtp_rtcp(skb, ct, ctinfo,
524 protoff, data, dataoff,
511 &ack->mediaControlChannel); 525 &ack->mediaControlChannel);
512 if (ret < 0) 526 if (ret < 0)
513 return -1; 527 return -1;
@@ -517,7 +531,7 @@ static int process_olca(struct sk_buff *skb, struct nf_conn *ct,
517 if ((olca->options & eOpenLogicalChannelAck_separateStack) && 531 if ((olca->options & eOpenLogicalChannelAck_separateStack) &&
518 olca->separateStack.networkAddress.choice == 532 olca->separateStack.networkAddress.choice ==
519 eNetworkAccessParameters_networkAddress_localAreaAddress) { 533 eNetworkAccessParameters_networkAddress_localAreaAddress) {
520 ret = expect_t120(skb, ct, ctinfo, data, dataoff, 534 ret = expect_t120(skb, ct, ctinfo, protoff, data, dataoff,
521 &olca->separateStack.networkAddress. 535 &olca->separateStack.networkAddress.
522 localAreaAddress); 536 localAreaAddress);
523 if (ret < 0) 537 if (ret < 0)
@@ -530,14 +544,15 @@ static int process_olca(struct sk_buff *skb, struct nf_conn *ct,
530/****************************************************************************/ 544/****************************************************************************/
531static int process_h245(struct sk_buff *skb, struct nf_conn *ct, 545static int process_h245(struct sk_buff *skb, struct nf_conn *ct,
532 enum ip_conntrack_info ctinfo, 546 enum ip_conntrack_info ctinfo,
533 unsigned char **data, int dataoff, 547 unsigned int protoff, unsigned char **data, int dataoff,
534 MultimediaSystemControlMessage *mscm) 548 MultimediaSystemControlMessage *mscm)
535{ 549{
536 switch (mscm->choice) { 550 switch (mscm->choice) {
537 case eMultimediaSystemControlMessage_request: 551 case eMultimediaSystemControlMessage_request:
538 if (mscm->request.choice == 552 if (mscm->request.choice ==
539 eRequestMessage_openLogicalChannel) { 553 eRequestMessage_openLogicalChannel) {
540 return process_olc(skb, ct, ctinfo, data, dataoff, 554 return process_olc(skb, ct, ctinfo,
555 protoff, data, dataoff,
541 &mscm->request.openLogicalChannel); 556 &mscm->request.openLogicalChannel);
542 } 557 }
543 pr_debug("nf_ct_h323: H.245 Request %d\n", 558 pr_debug("nf_ct_h323: H.245 Request %d\n",
@@ -546,7 +561,8 @@ static int process_h245(struct sk_buff *skb, struct nf_conn *ct,
546 case eMultimediaSystemControlMessage_response: 561 case eMultimediaSystemControlMessage_response:
547 if (mscm->response.choice == 562 if (mscm->response.choice ==
548 eResponseMessage_openLogicalChannelAck) { 563 eResponseMessage_openLogicalChannelAck) {
549 return process_olca(skb, ct, ctinfo, data, dataoff, 564 return process_olca(skb, ct, ctinfo,
565 protoff, data, dataoff,
550 &mscm->response. 566 &mscm->response.
551 openLogicalChannelAck); 567 openLogicalChannelAck);
552 } 568 }
@@ -597,7 +613,8 @@ static int h245_help(struct sk_buff *skb, unsigned int protoff,
597 } 613 }
598 614
599 /* Process H.245 signal */ 615 /* Process H.245 signal */
600 if (process_h245(skb, ct, ctinfo, &data, dataoff, &mscm) < 0) 616 if (process_h245(skb, ct, ctinfo, protoff,
617 &data, dataoff, &mscm) < 0)
601 goto drop; 618 goto drop;
602 } 619 }
603 620
@@ -661,7 +678,7 @@ int get_h225_addr(struct nf_conn *ct, unsigned char *data,
661/****************************************************************************/ 678/****************************************************************************/
662static int expect_h245(struct sk_buff *skb, struct nf_conn *ct, 679static int expect_h245(struct sk_buff *skb, struct nf_conn *ct,
663 enum ip_conntrack_info ctinfo, 680 enum ip_conntrack_info ctinfo,
664 unsigned char **data, int dataoff, 681 unsigned int protoff, unsigned char **data, int dataoff,
665 TransportAddress *taddr) 682 TransportAddress *taddr)
666{ 683{
667 int dir = CTINFO2DIR(ctinfo); 684 int dir = CTINFO2DIR(ctinfo);
@@ -693,7 +710,7 @@ static int expect_h245(struct sk_buff *skb, struct nf_conn *ct,
693 nf_ct_l3num(ct) == NFPROTO_IPV4 && 710 nf_ct_l3num(ct) == NFPROTO_IPV4 &&
694 ct->status & IPS_NAT_MASK) { 711 ct->status & IPS_NAT_MASK) {
695 /* NAT needed */ 712 /* NAT needed */
696 ret = nat_h245(skb, ct, ctinfo, data, dataoff, taddr, 713 ret = nat_h245(skb, ct, ctinfo, protoff, data, dataoff, taddr,
697 port, exp); 714 port, exp);
698 } else { /* Conntrack only */ 715 } else { /* Conntrack only */
699 if (nf_ct_expect_related(exp) == 0) { 716 if (nf_ct_expect_related(exp) == 0) {
@@ -779,6 +796,7 @@ static int callforward_do_filter(const union nf_inet_addr *src,
779static int expect_callforwarding(struct sk_buff *skb, 796static int expect_callforwarding(struct sk_buff *skb,
780 struct nf_conn *ct, 797 struct nf_conn *ct,
781 enum ip_conntrack_info ctinfo, 798 enum ip_conntrack_info ctinfo,
799 unsigned int protoff,
782 unsigned char **data, int dataoff, 800 unsigned char **data, int dataoff,
783 TransportAddress *taddr) 801 TransportAddress *taddr)
784{ 802{
@@ -817,7 +835,8 @@ static int expect_callforwarding(struct sk_buff *skb,
817 nf_ct_l3num(ct) == NFPROTO_IPV4 && 835 nf_ct_l3num(ct) == NFPROTO_IPV4 &&
818 ct->status & IPS_NAT_MASK) { 836 ct->status & IPS_NAT_MASK) {
819 /* Need NAT */ 837 /* Need NAT */
820 ret = nat_callforwarding(skb, ct, ctinfo, data, dataoff, 838 ret = nat_callforwarding(skb, ct, ctinfo,
839 protoff, data, dataoff,
821 taddr, port, exp); 840 taddr, port, exp);
822 } else { /* Conntrack only */ 841 } else { /* Conntrack only */
823 if (nf_ct_expect_related(exp) == 0) { 842 if (nf_ct_expect_related(exp) == 0) {
@@ -835,6 +854,7 @@ static int expect_callforwarding(struct sk_buff *skb,
835/****************************************************************************/ 854/****************************************************************************/
836static int process_setup(struct sk_buff *skb, struct nf_conn *ct, 855static int process_setup(struct sk_buff *skb, struct nf_conn *ct,
837 enum ip_conntrack_info ctinfo, 856 enum ip_conntrack_info ctinfo,
857 unsigned int protoff,
838 unsigned char **data, int dataoff, 858 unsigned char **data, int dataoff,
839 Setup_UUIE *setup) 859 Setup_UUIE *setup)
840{ 860{
@@ -848,7 +868,7 @@ static int process_setup(struct sk_buff *skb, struct nf_conn *ct,
848 pr_debug("nf_ct_q931: Setup\n"); 868 pr_debug("nf_ct_q931: Setup\n");
849 869
850 if (setup->options & eSetup_UUIE_h245Address) { 870 if (setup->options & eSetup_UUIE_h245Address) {
851 ret = expect_h245(skb, ct, ctinfo, data, dataoff, 871 ret = expect_h245(skb, ct, ctinfo, protoff, data, dataoff,
852 &setup->h245Address); 872 &setup->h245Address);
853 if (ret < 0) 873 if (ret < 0)
854 return -1; 874 return -1;
@@ -864,7 +884,7 @@ static int process_setup(struct sk_buff *skb, struct nf_conn *ct,
864 pr_debug("nf_ct_q931: set destCallSignalAddress %pI6:%hu->%pI6:%hu\n", 884 pr_debug("nf_ct_q931: set destCallSignalAddress %pI6:%hu->%pI6:%hu\n",
865 &addr, ntohs(port), &ct->tuplehash[!dir].tuple.src.u3, 885 &addr, ntohs(port), &ct->tuplehash[!dir].tuple.src.u3,
866 ntohs(ct->tuplehash[!dir].tuple.src.u.tcp.port)); 886 ntohs(ct->tuplehash[!dir].tuple.src.u.tcp.port));
867 ret = set_h225_addr(skb, data, dataoff, 887 ret = set_h225_addr(skb, protoff, data, dataoff,
868 &setup->destCallSignalAddress, 888 &setup->destCallSignalAddress,
869 &ct->tuplehash[!dir].tuple.src.u3, 889 &ct->tuplehash[!dir].tuple.src.u3,
870 ct->tuplehash[!dir].tuple.src.u.tcp.port); 890 ct->tuplehash[!dir].tuple.src.u.tcp.port);
@@ -881,7 +901,7 @@ static int process_setup(struct sk_buff *skb, struct nf_conn *ct,
881 pr_debug("nf_ct_q931: set sourceCallSignalAddress %pI6:%hu->%pI6:%hu\n", 901 pr_debug("nf_ct_q931: set sourceCallSignalAddress %pI6:%hu->%pI6:%hu\n",
882 &addr, ntohs(port), &ct->tuplehash[!dir].tuple.dst.u3, 902 &addr, ntohs(port), &ct->tuplehash[!dir].tuple.dst.u3,
883 ntohs(ct->tuplehash[!dir].tuple.dst.u.tcp.port)); 903 ntohs(ct->tuplehash[!dir].tuple.dst.u.tcp.port));
884 ret = set_h225_addr(skb, data, dataoff, 904 ret = set_h225_addr(skb, protoff, data, dataoff,
885 &setup->sourceCallSignalAddress, 905 &setup->sourceCallSignalAddress,
886 &ct->tuplehash[!dir].tuple.dst.u3, 906 &ct->tuplehash[!dir].tuple.dst.u3,
887 ct->tuplehash[!dir].tuple.dst.u.tcp.port); 907 ct->tuplehash[!dir].tuple.dst.u.tcp.port);
@@ -891,7 +911,8 @@ static int process_setup(struct sk_buff *skb, struct nf_conn *ct,
891 911
892 if (setup->options & eSetup_UUIE_fastStart) { 912 if (setup->options & eSetup_UUIE_fastStart) {
893 for (i = 0; i < setup->fastStart.count; i++) { 913 for (i = 0; i < setup->fastStart.count; i++) {
894 ret = process_olc(skb, ct, ctinfo, data, dataoff, 914 ret = process_olc(skb, ct, ctinfo,
915 protoff, data, dataoff,
895 &setup->fastStart.item[i]); 916 &setup->fastStart.item[i]);
896 if (ret < 0) 917 if (ret < 0)
897 return -1; 918 return -1;
@@ -905,6 +926,7 @@ static int process_setup(struct sk_buff *skb, struct nf_conn *ct,
905static int process_callproceeding(struct sk_buff *skb, 926static int process_callproceeding(struct sk_buff *skb,
906 struct nf_conn *ct, 927 struct nf_conn *ct,
907 enum ip_conntrack_info ctinfo, 928 enum ip_conntrack_info ctinfo,
929 unsigned int protoff,
908 unsigned char **data, int dataoff, 930 unsigned char **data, int dataoff,
909 CallProceeding_UUIE *callproc) 931 CallProceeding_UUIE *callproc)
910{ 932{
@@ -914,7 +936,7 @@ static int process_callproceeding(struct sk_buff *skb,
914 pr_debug("nf_ct_q931: CallProceeding\n"); 936 pr_debug("nf_ct_q931: CallProceeding\n");
915 937
916 if (callproc->options & eCallProceeding_UUIE_h245Address) { 938 if (callproc->options & eCallProceeding_UUIE_h245Address) {
917 ret = expect_h245(skb, ct, ctinfo, data, dataoff, 939 ret = expect_h245(skb, ct, ctinfo, protoff, data, dataoff,
918 &callproc->h245Address); 940 &callproc->h245Address);
919 if (ret < 0) 941 if (ret < 0)
920 return -1; 942 return -1;
@@ -922,7 +944,8 @@ static int process_callproceeding(struct sk_buff *skb,
922 944
923 if (callproc->options & eCallProceeding_UUIE_fastStart) { 945 if (callproc->options & eCallProceeding_UUIE_fastStart) {
924 for (i = 0; i < callproc->fastStart.count; i++) { 946 for (i = 0; i < callproc->fastStart.count; i++) {
925 ret = process_olc(skb, ct, ctinfo, data, dataoff, 947 ret = process_olc(skb, ct, ctinfo,
948 protoff, data, dataoff,
926 &callproc->fastStart.item[i]); 949 &callproc->fastStart.item[i]);
927 if (ret < 0) 950 if (ret < 0)
928 return -1; 951 return -1;
@@ -935,6 +958,7 @@ static int process_callproceeding(struct sk_buff *skb,
935/****************************************************************************/ 958/****************************************************************************/
936static int process_connect(struct sk_buff *skb, struct nf_conn *ct, 959static int process_connect(struct sk_buff *skb, struct nf_conn *ct,
937 enum ip_conntrack_info ctinfo, 960 enum ip_conntrack_info ctinfo,
961 unsigned int protoff,
938 unsigned char **data, int dataoff, 962 unsigned char **data, int dataoff,
939 Connect_UUIE *connect) 963 Connect_UUIE *connect)
940{ 964{
@@ -944,7 +968,7 @@ static int process_connect(struct sk_buff *skb, struct nf_conn *ct,
944 pr_debug("nf_ct_q931: Connect\n"); 968 pr_debug("nf_ct_q931: Connect\n");
945 969
946 if (connect->options & eConnect_UUIE_h245Address) { 970 if (connect->options & eConnect_UUIE_h245Address) {
947 ret = expect_h245(skb, ct, ctinfo, data, dataoff, 971 ret = expect_h245(skb, ct, ctinfo, protoff, data, dataoff,
948 &connect->h245Address); 972 &connect->h245Address);
949 if (ret < 0) 973 if (ret < 0)
950 return -1; 974 return -1;
@@ -952,7 +976,8 @@ static int process_connect(struct sk_buff *skb, struct nf_conn *ct,
952 976
953 if (connect->options & eConnect_UUIE_fastStart) { 977 if (connect->options & eConnect_UUIE_fastStart) {
954 for (i = 0; i < connect->fastStart.count; i++) { 978 for (i = 0; i < connect->fastStart.count; i++) {
955 ret = process_olc(skb, ct, ctinfo, data, dataoff, 979 ret = process_olc(skb, ct, ctinfo,
980 protoff, data, dataoff,
956 &connect->fastStart.item[i]); 981 &connect->fastStart.item[i]);
957 if (ret < 0) 982 if (ret < 0)
958 return -1; 983 return -1;
@@ -965,6 +990,7 @@ static int process_connect(struct sk_buff *skb, struct nf_conn *ct,
965/****************************************************************************/ 990/****************************************************************************/
966static int process_alerting(struct sk_buff *skb, struct nf_conn *ct, 991static int process_alerting(struct sk_buff *skb, struct nf_conn *ct,
967 enum ip_conntrack_info ctinfo, 992 enum ip_conntrack_info ctinfo,
993 unsigned int protoff,
968 unsigned char **data, int dataoff, 994 unsigned char **data, int dataoff,
969 Alerting_UUIE *alert) 995 Alerting_UUIE *alert)
970{ 996{
@@ -974,7 +1000,7 @@ static int process_alerting(struct sk_buff *skb, struct nf_conn *ct,
974 pr_debug("nf_ct_q931: Alerting\n"); 1000 pr_debug("nf_ct_q931: Alerting\n");
975 1001
976 if (alert->options & eAlerting_UUIE_h245Address) { 1002 if (alert->options & eAlerting_UUIE_h245Address) {
977 ret = expect_h245(skb, ct, ctinfo, data, dataoff, 1003 ret = expect_h245(skb, ct, ctinfo, protoff, data, dataoff,
978 &alert->h245Address); 1004 &alert->h245Address);
979 if (ret < 0) 1005 if (ret < 0)
980 return -1; 1006 return -1;
@@ -982,7 +1008,8 @@ static int process_alerting(struct sk_buff *skb, struct nf_conn *ct,
982 1008
983 if (alert->options & eAlerting_UUIE_fastStart) { 1009 if (alert->options & eAlerting_UUIE_fastStart) {
984 for (i = 0; i < alert->fastStart.count; i++) { 1010 for (i = 0; i < alert->fastStart.count; i++) {
985 ret = process_olc(skb, ct, ctinfo, data, dataoff, 1011 ret = process_olc(skb, ct, ctinfo,
1012 protoff, data, dataoff,
986 &alert->fastStart.item[i]); 1013 &alert->fastStart.item[i]);
987 if (ret < 0) 1014 if (ret < 0)
988 return -1; 1015 return -1;
@@ -995,6 +1022,7 @@ static int process_alerting(struct sk_buff *skb, struct nf_conn *ct,
995/****************************************************************************/ 1022/****************************************************************************/
996static int process_facility(struct sk_buff *skb, struct nf_conn *ct, 1023static int process_facility(struct sk_buff *skb, struct nf_conn *ct,
997 enum ip_conntrack_info ctinfo, 1024 enum ip_conntrack_info ctinfo,
1025 unsigned int protoff,
998 unsigned char **data, int dataoff, 1026 unsigned char **data, int dataoff,
999 Facility_UUIE *facility) 1027 Facility_UUIE *facility)
1000{ 1028{
@@ -1005,15 +1033,15 @@ static int process_facility(struct sk_buff *skb, struct nf_conn *ct,
1005 1033
1006 if (facility->reason.choice == eFacilityReason_callForwarded) { 1034 if (facility->reason.choice == eFacilityReason_callForwarded) {
1007 if (facility->options & eFacility_UUIE_alternativeAddress) 1035 if (facility->options & eFacility_UUIE_alternativeAddress)
1008 return expect_callforwarding(skb, ct, ctinfo, data, 1036 return expect_callforwarding(skb, ct, ctinfo,
1009 dataoff, 1037 protoff, data, dataoff,
1010 &facility-> 1038 &facility->
1011 alternativeAddress); 1039 alternativeAddress);
1012 return 0; 1040 return 0;
1013 } 1041 }
1014 1042
1015 if (facility->options & eFacility_UUIE_h245Address) { 1043 if (facility->options & eFacility_UUIE_h245Address) {
1016 ret = expect_h245(skb, ct, ctinfo, data, dataoff, 1044 ret = expect_h245(skb, ct, ctinfo, protoff, data, dataoff,
1017 &facility->h245Address); 1045 &facility->h245Address);
1018 if (ret < 0) 1046 if (ret < 0)
1019 return -1; 1047 return -1;
@@ -1021,7 +1049,8 @@ static int process_facility(struct sk_buff *skb, struct nf_conn *ct,
1021 1049
1022 if (facility->options & eFacility_UUIE_fastStart) { 1050 if (facility->options & eFacility_UUIE_fastStart) {
1023 for (i = 0; i < facility->fastStart.count; i++) { 1051 for (i = 0; i < facility->fastStart.count; i++) {
1024 ret = process_olc(skb, ct, ctinfo, data, dataoff, 1052 ret = process_olc(skb, ct, ctinfo,
1053 protoff, data, dataoff,
1025 &facility->fastStart.item[i]); 1054 &facility->fastStart.item[i]);
1026 if (ret < 0) 1055 if (ret < 0)
1027 return -1; 1056 return -1;
@@ -1034,6 +1063,7 @@ static int process_facility(struct sk_buff *skb, struct nf_conn *ct,
1034/****************************************************************************/ 1063/****************************************************************************/
1035static int process_progress(struct sk_buff *skb, struct nf_conn *ct, 1064static int process_progress(struct sk_buff *skb, struct nf_conn *ct,
1036 enum ip_conntrack_info ctinfo, 1065 enum ip_conntrack_info ctinfo,
1066 unsigned int protoff,
1037 unsigned char **data, int dataoff, 1067 unsigned char **data, int dataoff,
1038 Progress_UUIE *progress) 1068 Progress_UUIE *progress)
1039{ 1069{
@@ -1043,7 +1073,7 @@ static int process_progress(struct sk_buff *skb, struct nf_conn *ct,
1043 pr_debug("nf_ct_q931: Progress\n"); 1073 pr_debug("nf_ct_q931: Progress\n");
1044 1074
1045 if (progress->options & eProgress_UUIE_h245Address) { 1075 if (progress->options & eProgress_UUIE_h245Address) {
1046 ret = expect_h245(skb, ct, ctinfo, data, dataoff, 1076 ret = expect_h245(skb, ct, ctinfo, protoff, data, dataoff,
1047 &progress->h245Address); 1077 &progress->h245Address);
1048 if (ret < 0) 1078 if (ret < 0)
1049 return -1; 1079 return -1;
@@ -1051,7 +1081,8 @@ static int process_progress(struct sk_buff *skb, struct nf_conn *ct,
1051 1081
1052 if (progress->options & eProgress_UUIE_fastStart) { 1082 if (progress->options & eProgress_UUIE_fastStart) {
1053 for (i = 0; i < progress->fastStart.count; i++) { 1083 for (i = 0; i < progress->fastStart.count; i++) {
1054 ret = process_olc(skb, ct, ctinfo, data, dataoff, 1084 ret = process_olc(skb, ct, ctinfo,
1085 protoff, data, dataoff,
1055 &progress->fastStart.item[i]); 1086 &progress->fastStart.item[i]);
1056 if (ret < 0) 1087 if (ret < 0)
1057 return -1; 1088 return -1;
@@ -1064,7 +1095,8 @@ static int process_progress(struct sk_buff *skb, struct nf_conn *ct,
1064/****************************************************************************/ 1095/****************************************************************************/
1065static int process_q931(struct sk_buff *skb, struct nf_conn *ct, 1096static int process_q931(struct sk_buff *skb, struct nf_conn *ct,
1066 enum ip_conntrack_info ctinfo, 1097 enum ip_conntrack_info ctinfo,
1067 unsigned char **data, int dataoff, Q931 *q931) 1098 unsigned int protoff, unsigned char **data, int dataoff,
1099 Q931 *q931)
1068{ 1100{
1069 H323_UU_PDU *pdu = &q931->UUIE.h323_uu_pdu; 1101 H323_UU_PDU *pdu = &q931->UUIE.h323_uu_pdu;
1070 int i; 1102 int i;
@@ -1072,28 +1104,29 @@ static int process_q931(struct sk_buff *skb, struct nf_conn *ct,
1072 1104
1073 switch (pdu->h323_message_body.choice) { 1105 switch (pdu->h323_message_body.choice) {
1074 case eH323_UU_PDU_h323_message_body_setup: 1106 case eH323_UU_PDU_h323_message_body_setup:
1075 ret = process_setup(skb, ct, ctinfo, data, dataoff, 1107 ret = process_setup(skb, ct, ctinfo, protoff, data, dataoff,
1076 &pdu->h323_message_body.setup); 1108 &pdu->h323_message_body.setup);
1077 break; 1109 break;
1078 case eH323_UU_PDU_h323_message_body_callProceeding: 1110 case eH323_UU_PDU_h323_message_body_callProceeding:
1079 ret = process_callproceeding(skb, ct, ctinfo, data, dataoff, 1111 ret = process_callproceeding(skb, ct, ctinfo,
1112 protoff, data, dataoff,
1080 &pdu->h323_message_body. 1113 &pdu->h323_message_body.
1081 callProceeding); 1114 callProceeding);
1082 break; 1115 break;
1083 case eH323_UU_PDU_h323_message_body_connect: 1116 case eH323_UU_PDU_h323_message_body_connect:
1084 ret = process_connect(skb, ct, ctinfo, data, dataoff, 1117 ret = process_connect(skb, ct, ctinfo, protoff, data, dataoff,
1085 &pdu->h323_message_body.connect); 1118 &pdu->h323_message_body.connect);
1086 break; 1119 break;
1087 case eH323_UU_PDU_h323_message_body_alerting: 1120 case eH323_UU_PDU_h323_message_body_alerting:
1088 ret = process_alerting(skb, ct, ctinfo, data, dataoff, 1121 ret = process_alerting(skb, ct, ctinfo, protoff, data, dataoff,
1089 &pdu->h323_message_body.alerting); 1122 &pdu->h323_message_body.alerting);
1090 break; 1123 break;
1091 case eH323_UU_PDU_h323_message_body_facility: 1124 case eH323_UU_PDU_h323_message_body_facility:
1092 ret = process_facility(skb, ct, ctinfo, data, dataoff, 1125 ret = process_facility(skb, ct, ctinfo, protoff, data, dataoff,
1093 &pdu->h323_message_body.facility); 1126 &pdu->h323_message_body.facility);
1094 break; 1127 break;
1095 case eH323_UU_PDU_h323_message_body_progress: 1128 case eH323_UU_PDU_h323_message_body_progress:
1096 ret = process_progress(skb, ct, ctinfo, data, dataoff, 1129 ret = process_progress(skb, ct, ctinfo, protoff, data, dataoff,
1097 &pdu->h323_message_body.progress); 1130 &pdu->h323_message_body.progress);
1098 break; 1131 break;
1099 default: 1132 default:
@@ -1107,7 +1140,8 @@ static int process_q931(struct sk_buff *skb, struct nf_conn *ct,
1107 1140
1108 if (pdu->options & eH323_UU_PDU_h245Control) { 1141 if (pdu->options & eH323_UU_PDU_h245Control) {
1109 for (i = 0; i < pdu->h245Control.count; i++) { 1142 for (i = 0; i < pdu->h245Control.count; i++) {
1110 ret = process_h245(skb, ct, ctinfo, data, dataoff, 1143 ret = process_h245(skb, ct, ctinfo,
1144 protoff, data, dataoff,
1111 &pdu->h245Control.item[i]); 1145 &pdu->h245Control.item[i]);
1112 if (ret < 0) 1146 if (ret < 0)
1113 return -1; 1147 return -1;
@@ -1152,7 +1186,8 @@ static int q931_help(struct sk_buff *skb, unsigned int protoff,
1152 } 1186 }
1153 1187
1154 /* Process Q.931 signal */ 1188 /* Process Q.931 signal */
1155 if (process_q931(skb, ct, ctinfo, &data, dataoff, &q931) < 0) 1189 if (process_q931(skb, ct, ctinfo, protoff,
1190 &data, dataoff, &q931) < 0)
1156 goto drop; 1191 goto drop;
1157 } 1192 }
1158 1193
@@ -1249,7 +1284,7 @@ static int set_expect_timeout(struct nf_conntrack_expect *exp,
1249/****************************************************************************/ 1284/****************************************************************************/
1250static int expect_q931(struct sk_buff *skb, struct nf_conn *ct, 1285static int expect_q931(struct sk_buff *skb, struct nf_conn *ct,
1251 enum ip_conntrack_info ctinfo, 1286 enum ip_conntrack_info ctinfo,
1252 unsigned char **data, 1287 unsigned int protoff, unsigned char **data,
1253 TransportAddress *taddr, int count) 1288 TransportAddress *taddr, int count)
1254{ 1289{
1255 struct nf_ct_h323_master *info = nfct_help_data(ct); 1290 struct nf_ct_h323_master *info = nfct_help_data(ct);
@@ -1286,7 +1321,8 @@ static int expect_q931(struct sk_buff *skb, struct nf_conn *ct,
1286 nat_q931 = rcu_dereference(nat_q931_hook); 1321 nat_q931 = rcu_dereference(nat_q931_hook);
1287 if (nat_q931 && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1322 if (nat_q931 && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
1288 ct->status & IPS_NAT_MASK) { /* Need NAT */ 1323 ct->status & IPS_NAT_MASK) { /* Need NAT */
1289 ret = nat_q931(skb, ct, ctinfo, data, taddr, i, port, exp); 1324 ret = nat_q931(skb, ct, ctinfo, protoff, data,
1325 taddr, i, port, exp);
1290 } else { /* Conntrack only */ 1326 } else { /* Conntrack only */
1291 if (nf_ct_expect_related(exp) == 0) { 1327 if (nf_ct_expect_related(exp) == 0) {
1292 pr_debug("nf_ct_ras: expect Q.931 "); 1328 pr_debug("nf_ct_ras: expect Q.931 ");
@@ -1306,6 +1342,7 @@ static int expect_q931(struct sk_buff *skb, struct nf_conn *ct,
1306/****************************************************************************/ 1342/****************************************************************************/
1307static int process_grq(struct sk_buff *skb, struct nf_conn *ct, 1343static int process_grq(struct sk_buff *skb, struct nf_conn *ct,
1308 enum ip_conntrack_info ctinfo, 1344 enum ip_conntrack_info ctinfo,
1345 unsigned int protoff,
1309 unsigned char **data, GatekeeperRequest *grq) 1346 unsigned char **data, GatekeeperRequest *grq)
1310{ 1347{
1311 typeof(set_ras_addr_hook) set_ras_addr; 1348 typeof(set_ras_addr_hook) set_ras_addr;
@@ -1315,7 +1352,7 @@ static int process_grq(struct sk_buff *skb, struct nf_conn *ct,
1315 set_ras_addr = rcu_dereference(set_ras_addr_hook); 1352 set_ras_addr = rcu_dereference(set_ras_addr_hook);
1316 if (set_ras_addr && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1353 if (set_ras_addr && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
1317 ct->status & IPS_NAT_MASK) /* NATed */ 1354 ct->status & IPS_NAT_MASK) /* NATed */
1318 return set_ras_addr(skb, ct, ctinfo, data, 1355 return set_ras_addr(skb, ct, ctinfo, protoff, data,
1319 &grq->rasAddress, 1); 1356 &grq->rasAddress, 1);
1320 return 0; 1357 return 0;
1321} 1358}
@@ -1323,6 +1360,7 @@ static int process_grq(struct sk_buff *skb, struct nf_conn *ct,
1323/****************************************************************************/ 1360/****************************************************************************/
1324static int process_gcf(struct sk_buff *skb, struct nf_conn *ct, 1361static int process_gcf(struct sk_buff *skb, struct nf_conn *ct,
1325 enum ip_conntrack_info ctinfo, 1362 enum ip_conntrack_info ctinfo,
1363 unsigned int protoff,
1326 unsigned char **data, GatekeeperConfirm *gcf) 1364 unsigned char **data, GatekeeperConfirm *gcf)
1327{ 1365{
1328 int dir = CTINFO2DIR(ctinfo); 1366 int dir = CTINFO2DIR(ctinfo);
@@ -1367,6 +1405,7 @@ static int process_gcf(struct sk_buff *skb, struct nf_conn *ct,
1367/****************************************************************************/ 1405/****************************************************************************/
1368static int process_rrq(struct sk_buff *skb, struct nf_conn *ct, 1406static int process_rrq(struct sk_buff *skb, struct nf_conn *ct,
1369 enum ip_conntrack_info ctinfo, 1407 enum ip_conntrack_info ctinfo,
1408 unsigned int protoff,
1370 unsigned char **data, RegistrationRequest *rrq) 1409 unsigned char **data, RegistrationRequest *rrq)
1371{ 1410{
1372 struct nf_ct_h323_master *info = nfct_help_data(ct); 1411 struct nf_ct_h323_master *info = nfct_help_data(ct);
@@ -1375,7 +1414,7 @@ static int process_rrq(struct sk_buff *skb, struct nf_conn *ct,
1375 1414
1376 pr_debug("nf_ct_ras: RRQ\n"); 1415 pr_debug("nf_ct_ras: RRQ\n");
1377 1416
1378 ret = expect_q931(skb, ct, ctinfo, data, 1417 ret = expect_q931(skb, ct, ctinfo, protoff, data,
1379 rrq->callSignalAddress.item, 1418 rrq->callSignalAddress.item,
1380 rrq->callSignalAddress.count); 1419 rrq->callSignalAddress.count);
1381 if (ret < 0) 1420 if (ret < 0)
@@ -1384,7 +1423,7 @@ static int process_rrq(struct sk_buff *skb, struct nf_conn *ct,
1384 set_ras_addr = rcu_dereference(set_ras_addr_hook); 1423 set_ras_addr = rcu_dereference(set_ras_addr_hook);
1385 if (set_ras_addr && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1424 if (set_ras_addr && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
1386 ct->status & IPS_NAT_MASK) { 1425 ct->status & IPS_NAT_MASK) {
1387 ret = set_ras_addr(skb, ct, ctinfo, data, 1426 ret = set_ras_addr(skb, ct, ctinfo, protoff, data,
1388 rrq->rasAddress.item, 1427 rrq->rasAddress.item,
1389 rrq->rasAddress.count); 1428 rrq->rasAddress.count);
1390 if (ret < 0) 1429 if (ret < 0)
@@ -1403,6 +1442,7 @@ static int process_rrq(struct sk_buff *skb, struct nf_conn *ct,
1403/****************************************************************************/ 1442/****************************************************************************/
1404static int process_rcf(struct sk_buff *skb, struct nf_conn *ct, 1443static int process_rcf(struct sk_buff *skb, struct nf_conn *ct,
1405 enum ip_conntrack_info ctinfo, 1444 enum ip_conntrack_info ctinfo,
1445 unsigned int protoff,
1406 unsigned char **data, RegistrationConfirm *rcf) 1446 unsigned char **data, RegistrationConfirm *rcf)
1407{ 1447{
1408 struct nf_ct_h323_master *info = nfct_help_data(ct); 1448 struct nf_ct_h323_master *info = nfct_help_data(ct);
@@ -1416,7 +1456,7 @@ static int process_rcf(struct sk_buff *skb, struct nf_conn *ct,
1416 set_sig_addr = rcu_dereference(set_sig_addr_hook); 1456 set_sig_addr = rcu_dereference(set_sig_addr_hook);
1417 if (set_sig_addr && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1457 if (set_sig_addr && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
1418 ct->status & IPS_NAT_MASK) { 1458 ct->status & IPS_NAT_MASK) {
1419 ret = set_sig_addr(skb, ct, ctinfo, data, 1459 ret = set_sig_addr(skb, ct, ctinfo, protoff, data,
1420 rcf->callSignalAddress.item, 1460 rcf->callSignalAddress.item,
1421 rcf->callSignalAddress.count); 1461 rcf->callSignalAddress.count);
1422 if (ret < 0) 1462 if (ret < 0)
@@ -1453,6 +1493,7 @@ static int process_rcf(struct sk_buff *skb, struct nf_conn *ct,
1453/****************************************************************************/ 1493/****************************************************************************/
1454static int process_urq(struct sk_buff *skb, struct nf_conn *ct, 1494static int process_urq(struct sk_buff *skb, struct nf_conn *ct,
1455 enum ip_conntrack_info ctinfo, 1495 enum ip_conntrack_info ctinfo,
1496 unsigned int protoff,
1456 unsigned char **data, UnregistrationRequest *urq) 1497 unsigned char **data, UnregistrationRequest *urq)
1457{ 1498{
1458 struct nf_ct_h323_master *info = nfct_help_data(ct); 1499 struct nf_ct_h323_master *info = nfct_help_data(ct);
@@ -1465,7 +1506,7 @@ static int process_urq(struct sk_buff *skb, struct nf_conn *ct,
1465 set_sig_addr = rcu_dereference(set_sig_addr_hook); 1506 set_sig_addr = rcu_dereference(set_sig_addr_hook);
1466 if (set_sig_addr && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1507 if (set_sig_addr && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
1467 ct->status & IPS_NAT_MASK) { 1508 ct->status & IPS_NAT_MASK) {
1468 ret = set_sig_addr(skb, ct, ctinfo, data, 1509 ret = set_sig_addr(skb, ct, ctinfo, protoff, data,
1469 urq->callSignalAddress.item, 1510 urq->callSignalAddress.item,
1470 urq->callSignalAddress.count); 1511 urq->callSignalAddress.count);
1471 if (ret < 0) 1512 if (ret < 0)
@@ -1486,6 +1527,7 @@ static int process_urq(struct sk_buff *skb, struct nf_conn *ct,
1486/****************************************************************************/ 1527/****************************************************************************/
1487static int process_arq(struct sk_buff *skb, struct nf_conn *ct, 1528static int process_arq(struct sk_buff *skb, struct nf_conn *ct,
1488 enum ip_conntrack_info ctinfo, 1529 enum ip_conntrack_info ctinfo,
1530 unsigned int protoff,
1489 unsigned char **data, AdmissionRequest *arq) 1531 unsigned char **data, AdmissionRequest *arq)
1490{ 1532{
1491 const struct nf_ct_h323_master *info = nfct_help_data(ct); 1533 const struct nf_ct_h323_master *info = nfct_help_data(ct);
@@ -1505,7 +1547,7 @@ static int process_arq(struct sk_buff *skb, struct nf_conn *ct,
1505 nf_ct_l3num(ct) == NFPROTO_IPV4 && 1547 nf_ct_l3num(ct) == NFPROTO_IPV4 &&
1506 set_h225_addr && ct->status & IPS_NAT_MASK) { 1548 set_h225_addr && ct->status & IPS_NAT_MASK) {
1507 /* Answering ARQ */ 1549 /* Answering ARQ */
1508 return set_h225_addr(skb, data, 0, 1550 return set_h225_addr(skb, protoff, data, 0,
1509 &arq->destCallSignalAddress, 1551 &arq->destCallSignalAddress,
1510 &ct->tuplehash[!dir].tuple.dst.u3, 1552 &ct->tuplehash[!dir].tuple.dst.u3,
1511 info->sig_port[!dir]); 1553 info->sig_port[!dir]);
@@ -1518,7 +1560,7 @@ static int process_arq(struct sk_buff *skb, struct nf_conn *ct,
1518 set_h225_addr && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1560 set_h225_addr && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
1519 ct->status & IPS_NAT_MASK) { 1561 ct->status & IPS_NAT_MASK) {
1520 /* Calling ARQ */ 1562 /* Calling ARQ */
1521 return set_h225_addr(skb, data, 0, 1563 return set_h225_addr(skb, protoff, data, 0,
1522 &arq->srcCallSignalAddress, 1564 &arq->srcCallSignalAddress,
1523 &ct->tuplehash[!dir].tuple.dst.u3, 1565 &ct->tuplehash[!dir].tuple.dst.u3,
1524 port); 1566 port);
@@ -1530,6 +1572,7 @@ static int process_arq(struct sk_buff *skb, struct nf_conn *ct,
1530/****************************************************************************/ 1572/****************************************************************************/
1531static int process_acf(struct sk_buff *skb, struct nf_conn *ct, 1573static int process_acf(struct sk_buff *skb, struct nf_conn *ct,
1532 enum ip_conntrack_info ctinfo, 1574 enum ip_conntrack_info ctinfo,
1575 unsigned int protoff,
1533 unsigned char **data, AdmissionConfirm *acf) 1576 unsigned char **data, AdmissionConfirm *acf)
1534{ 1577{
1535 int dir = CTINFO2DIR(ctinfo); 1578 int dir = CTINFO2DIR(ctinfo);
@@ -1550,7 +1593,7 @@ static int process_acf(struct sk_buff *skb, struct nf_conn *ct,
1550 set_sig_addr = rcu_dereference(set_sig_addr_hook); 1593 set_sig_addr = rcu_dereference(set_sig_addr_hook);
1551 if (set_sig_addr && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1594 if (set_sig_addr && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
1552 ct->status & IPS_NAT_MASK) 1595 ct->status & IPS_NAT_MASK)
1553 return set_sig_addr(skb, ct, ctinfo, data, 1596 return set_sig_addr(skb, ct, ctinfo, protoff, data,
1554 &acf->destCallSignalAddress, 1); 1597 &acf->destCallSignalAddress, 1);
1555 return 0; 1598 return 0;
1556 } 1599 }
@@ -1578,6 +1621,7 @@ static int process_acf(struct sk_buff *skb, struct nf_conn *ct,
1578/****************************************************************************/ 1621/****************************************************************************/
1579static int process_lrq(struct sk_buff *skb, struct nf_conn *ct, 1622static int process_lrq(struct sk_buff *skb, struct nf_conn *ct,
1580 enum ip_conntrack_info ctinfo, 1623 enum ip_conntrack_info ctinfo,
1624 unsigned int protoff,
1581 unsigned char **data, LocationRequest *lrq) 1625 unsigned char **data, LocationRequest *lrq)
1582{ 1626{
1583 typeof(set_ras_addr_hook) set_ras_addr; 1627 typeof(set_ras_addr_hook) set_ras_addr;
@@ -1587,7 +1631,7 @@ static int process_lrq(struct sk_buff *skb, struct nf_conn *ct,
1587 set_ras_addr = rcu_dereference(set_ras_addr_hook); 1631 set_ras_addr = rcu_dereference(set_ras_addr_hook);
1588 if (set_ras_addr && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1632 if (set_ras_addr && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
1589 ct->status & IPS_NAT_MASK) 1633 ct->status & IPS_NAT_MASK)
1590 return set_ras_addr(skb, ct, ctinfo, data, 1634 return set_ras_addr(skb, ct, ctinfo, protoff, data,
1591 &lrq->replyAddress, 1); 1635 &lrq->replyAddress, 1);
1592 return 0; 1636 return 0;
1593} 1637}
@@ -1595,6 +1639,7 @@ static int process_lrq(struct sk_buff *skb, struct nf_conn *ct,
1595/****************************************************************************/ 1639/****************************************************************************/
1596static int process_lcf(struct sk_buff *skb, struct nf_conn *ct, 1640static int process_lcf(struct sk_buff *skb, struct nf_conn *ct,
1597 enum ip_conntrack_info ctinfo, 1641 enum ip_conntrack_info ctinfo,
1642 unsigned int protoff,
1598 unsigned char **data, LocationConfirm *lcf) 1643 unsigned char **data, LocationConfirm *lcf)
1599{ 1644{
1600 int dir = CTINFO2DIR(ctinfo); 1645 int dir = CTINFO2DIR(ctinfo);
@@ -1634,6 +1679,7 @@ static int process_lcf(struct sk_buff *skb, struct nf_conn *ct,
1634/****************************************************************************/ 1679/****************************************************************************/
1635static int process_irr(struct sk_buff *skb, struct nf_conn *ct, 1680static int process_irr(struct sk_buff *skb, struct nf_conn *ct,
1636 enum ip_conntrack_info ctinfo, 1681 enum ip_conntrack_info ctinfo,
1682 unsigned int protoff,
1637 unsigned char **data, InfoRequestResponse *irr) 1683 unsigned char **data, InfoRequestResponse *irr)
1638{ 1684{
1639 int ret; 1685 int ret;
@@ -1645,7 +1691,7 @@ static int process_irr(struct sk_buff *skb, struct nf_conn *ct,
1645 set_ras_addr = rcu_dereference(set_ras_addr_hook); 1691 set_ras_addr = rcu_dereference(set_ras_addr_hook);
1646 if (set_ras_addr && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1692 if (set_ras_addr && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
1647 ct->status & IPS_NAT_MASK) { 1693 ct->status & IPS_NAT_MASK) {
1648 ret = set_ras_addr(skb, ct, ctinfo, data, 1694 ret = set_ras_addr(skb, ct, ctinfo, protoff, data,
1649 &irr->rasAddress, 1); 1695 &irr->rasAddress, 1);
1650 if (ret < 0) 1696 if (ret < 0)
1651 return -1; 1697 return -1;
@@ -1654,7 +1700,7 @@ static int process_irr(struct sk_buff *skb, struct nf_conn *ct,
1654 set_sig_addr = rcu_dereference(set_sig_addr_hook); 1700 set_sig_addr = rcu_dereference(set_sig_addr_hook);
1655 if (set_sig_addr && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1701 if (set_sig_addr && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
1656 ct->status & IPS_NAT_MASK) { 1702 ct->status & IPS_NAT_MASK) {
1657 ret = set_sig_addr(skb, ct, ctinfo, data, 1703 ret = set_sig_addr(skb, ct, ctinfo, protoff, data,
1658 irr->callSignalAddress.item, 1704 irr->callSignalAddress.item,
1659 irr->callSignalAddress.count); 1705 irr->callSignalAddress.count);
1660 if (ret < 0) 1706 if (ret < 0)
@@ -1667,38 +1713,39 @@ static int process_irr(struct sk_buff *skb, struct nf_conn *ct,
1667/****************************************************************************/ 1713/****************************************************************************/
1668static int process_ras(struct sk_buff *skb, struct nf_conn *ct, 1714static int process_ras(struct sk_buff *skb, struct nf_conn *ct,
1669 enum ip_conntrack_info ctinfo, 1715 enum ip_conntrack_info ctinfo,
1716 unsigned int protoff,
1670 unsigned char **data, RasMessage *ras) 1717 unsigned char **data, RasMessage *ras)
1671{ 1718{
1672 switch (ras->choice) { 1719 switch (ras->choice) {
1673 case eRasMessage_gatekeeperRequest: 1720 case eRasMessage_gatekeeperRequest:
1674 return process_grq(skb, ct, ctinfo, data, 1721 return process_grq(skb, ct, ctinfo, protoff, data,
1675 &ras->gatekeeperRequest); 1722 &ras->gatekeeperRequest);
1676 case eRasMessage_gatekeeperConfirm: 1723 case eRasMessage_gatekeeperConfirm:
1677 return process_gcf(skb, ct, ctinfo, data, 1724 return process_gcf(skb, ct, ctinfo, protoff, data,
1678 &ras->gatekeeperConfirm); 1725 &ras->gatekeeperConfirm);
1679 case eRasMessage_registrationRequest: 1726 case eRasMessage_registrationRequest:
1680 return process_rrq(skb, ct, ctinfo, data, 1727 return process_rrq(skb, ct, ctinfo, protoff, data,
1681 &ras->registrationRequest); 1728 &ras->registrationRequest);
1682 case eRasMessage_registrationConfirm: 1729 case eRasMessage_registrationConfirm:
1683 return process_rcf(skb, ct, ctinfo, data, 1730 return process_rcf(skb, ct, ctinfo, protoff, data,
1684 &ras->registrationConfirm); 1731 &ras->registrationConfirm);
1685 case eRasMessage_unregistrationRequest: 1732 case eRasMessage_unregistrationRequest:
1686 return process_urq(skb, ct, ctinfo, data, 1733 return process_urq(skb, ct, ctinfo, protoff, data,
1687 &ras->unregistrationRequest); 1734 &ras->unregistrationRequest);
1688 case eRasMessage_admissionRequest: 1735 case eRasMessage_admissionRequest:
1689 return process_arq(skb, ct, ctinfo, data, 1736 return process_arq(skb, ct, ctinfo, protoff, data,
1690 &ras->admissionRequest); 1737 &ras->admissionRequest);
1691 case eRasMessage_admissionConfirm: 1738 case eRasMessage_admissionConfirm:
1692 return process_acf(skb, ct, ctinfo, data, 1739 return process_acf(skb, ct, ctinfo, protoff, data,
1693 &ras->admissionConfirm); 1740 &ras->admissionConfirm);
1694 case eRasMessage_locationRequest: 1741 case eRasMessage_locationRequest:
1695 return process_lrq(skb, ct, ctinfo, data, 1742 return process_lrq(skb, ct, ctinfo, protoff, data,
1696 &ras->locationRequest); 1743 &ras->locationRequest);
1697 case eRasMessage_locationConfirm: 1744 case eRasMessage_locationConfirm:
1698 return process_lcf(skb, ct, ctinfo, data, 1745 return process_lcf(skb, ct, ctinfo, protoff, data,
1699 &ras->locationConfirm); 1746 &ras->locationConfirm);
1700 case eRasMessage_infoRequestResponse: 1747 case eRasMessage_infoRequestResponse:
1701 return process_irr(skb, ct, ctinfo, data, 1748 return process_irr(skb, ct, ctinfo, protoff, data,
1702 &ras->infoRequestResponse); 1749 &ras->infoRequestResponse);
1703 default: 1750 default:
1704 pr_debug("nf_ct_ras: RAS message %d\n", ras->choice); 1751 pr_debug("nf_ct_ras: RAS message %d\n", ras->choice);
@@ -1738,7 +1785,7 @@ static int ras_help(struct sk_buff *skb, unsigned int protoff,
1738 } 1785 }
1739 1786
1740 /* Process RAS message */ 1787 /* Process RAS message */
1741 if (process_ras(skb, ct, ctinfo, &data, &ras) < 0) 1788 if (process_ras(skb, ct, ctinfo, protoff, &data, &ras) < 0)
1742 goto drop; 1789 goto drop;
1743 1790
1744 accept: 1791 accept:
diff --git a/net/netfilter/nf_conntrack_irc.c b/net/netfilter/nf_conntrack_irc.c
index e06dc2fab19f..95d097cdb202 100644
--- a/net/netfilter/nf_conntrack_irc.c
+++ b/net/netfilter/nf_conntrack_irc.c
@@ -33,6 +33,7 @@ static DEFINE_SPINLOCK(irc_buffer_lock);
33 33
34unsigned int (*nf_nat_irc_hook)(struct sk_buff *skb, 34unsigned int (*nf_nat_irc_hook)(struct sk_buff *skb,
35 enum ip_conntrack_info ctinfo, 35 enum ip_conntrack_info ctinfo,
36 unsigned int protoff,
36 unsigned int matchoff, 37 unsigned int matchoff,
37 unsigned int matchlen, 38 unsigned int matchlen,
38 struct nf_conntrack_expect *exp) __read_mostly; 39 struct nf_conntrack_expect *exp) __read_mostly;
@@ -206,7 +207,7 @@ static int help(struct sk_buff *skb, unsigned int protoff,
206 nf_nat_irc = rcu_dereference(nf_nat_irc_hook); 207 nf_nat_irc = rcu_dereference(nf_nat_irc_hook);
207 if (nf_nat_irc && nf_ct_l3num(ct) == NFPROTO_IPV4 && 208 if (nf_nat_irc && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
208 ct->status & IPS_NAT_MASK) 209 ct->status & IPS_NAT_MASK)
209 ret = nf_nat_irc(skb, ctinfo, 210 ret = nf_nat_irc(skb, ctinfo, protoff,
210 addr_beg_p - ib_ptr, 211 addr_beg_p - ib_ptr,
211 addr_end_p - addr_beg_p, 212 addr_end_p - addr_beg_p,
212 exp); 213 exp);
diff --git a/net/netfilter/nf_conntrack_pptp.c b/net/netfilter/nf_conntrack_pptp.c
index 6fed9ec35248..cc7669ef0b95 100644
--- a/net/netfilter/nf_conntrack_pptp.c
+++ b/net/netfilter/nf_conntrack_pptp.c
@@ -45,14 +45,14 @@ static DEFINE_SPINLOCK(nf_pptp_lock);
45int 45int
46(*nf_nat_pptp_hook_outbound)(struct sk_buff *skb, 46(*nf_nat_pptp_hook_outbound)(struct sk_buff *skb,
47 struct nf_conn *ct, enum ip_conntrack_info ctinfo, 47 struct nf_conn *ct, enum ip_conntrack_info ctinfo,
48 struct PptpControlHeader *ctlh, 48 unsigned int protoff, struct PptpControlHeader *ctlh,
49 union pptp_ctrl_union *pptpReq) __read_mostly; 49 union pptp_ctrl_union *pptpReq) __read_mostly;
50EXPORT_SYMBOL_GPL(nf_nat_pptp_hook_outbound); 50EXPORT_SYMBOL_GPL(nf_nat_pptp_hook_outbound);
51 51
52int 52int
53(*nf_nat_pptp_hook_inbound)(struct sk_buff *skb, 53(*nf_nat_pptp_hook_inbound)(struct sk_buff *skb,
54 struct nf_conn *ct, enum ip_conntrack_info ctinfo, 54 struct nf_conn *ct, enum ip_conntrack_info ctinfo,
55 struct PptpControlHeader *ctlh, 55 unsigned int protoff, struct PptpControlHeader *ctlh,
56 union pptp_ctrl_union *pptpReq) __read_mostly; 56 union pptp_ctrl_union *pptpReq) __read_mostly;
57EXPORT_SYMBOL_GPL(nf_nat_pptp_hook_inbound); 57EXPORT_SYMBOL_GPL(nf_nat_pptp_hook_inbound);
58 58
@@ -262,7 +262,7 @@ out_unexpect_orig:
262} 262}
263 263
264static inline int 264static inline int
265pptp_inbound_pkt(struct sk_buff *skb, 265pptp_inbound_pkt(struct sk_buff *skb, unsigned int protoff,
266 struct PptpControlHeader *ctlh, 266 struct PptpControlHeader *ctlh,
267 union pptp_ctrl_union *pptpReq, 267 union pptp_ctrl_union *pptpReq,
268 unsigned int reqlen, 268 unsigned int reqlen,
@@ -376,7 +376,8 @@ pptp_inbound_pkt(struct sk_buff *skb,
376 376
377 nf_nat_pptp_inbound = rcu_dereference(nf_nat_pptp_hook_inbound); 377 nf_nat_pptp_inbound = rcu_dereference(nf_nat_pptp_hook_inbound);
378 if (nf_nat_pptp_inbound && ct->status & IPS_NAT_MASK) 378 if (nf_nat_pptp_inbound && ct->status & IPS_NAT_MASK)
379 return nf_nat_pptp_inbound(skb, ct, ctinfo, ctlh, pptpReq); 379 return nf_nat_pptp_inbound(skb, ct, ctinfo,
380 protoff, ctlh, pptpReq);
380 return NF_ACCEPT; 381 return NF_ACCEPT;
381 382
382invalid: 383invalid:
@@ -389,7 +390,7 @@ invalid:
389} 390}
390 391
391static inline int 392static inline int
392pptp_outbound_pkt(struct sk_buff *skb, 393pptp_outbound_pkt(struct sk_buff *skb, unsigned int protoff,
393 struct PptpControlHeader *ctlh, 394 struct PptpControlHeader *ctlh,
394 union pptp_ctrl_union *pptpReq, 395 union pptp_ctrl_union *pptpReq,
395 unsigned int reqlen, 396 unsigned int reqlen,
@@ -471,7 +472,8 @@ pptp_outbound_pkt(struct sk_buff *skb,
471 472
472 nf_nat_pptp_outbound = rcu_dereference(nf_nat_pptp_hook_outbound); 473 nf_nat_pptp_outbound = rcu_dereference(nf_nat_pptp_hook_outbound);
473 if (nf_nat_pptp_outbound && ct->status & IPS_NAT_MASK) 474 if (nf_nat_pptp_outbound && ct->status & IPS_NAT_MASK)
474 return nf_nat_pptp_outbound(skb, ct, ctinfo, ctlh, pptpReq); 475 return nf_nat_pptp_outbound(skb, ct, ctinfo,
476 protoff, ctlh, pptpReq);
475 return NF_ACCEPT; 477 return NF_ACCEPT;
476 478
477invalid: 479invalid:
@@ -570,11 +572,11 @@ conntrack_pptp_help(struct sk_buff *skb, unsigned int protoff,
570 * established from PNS->PAC. However, RFC makes no guarantee */ 572 * established from PNS->PAC. However, RFC makes no guarantee */
571 if (dir == IP_CT_DIR_ORIGINAL) 573 if (dir == IP_CT_DIR_ORIGINAL)
572 /* client -> server (PNS -> PAC) */ 574 /* client -> server (PNS -> PAC) */
573 ret = pptp_outbound_pkt(skb, ctlh, pptpReq, reqlen, ct, 575 ret = pptp_outbound_pkt(skb, protoff, ctlh, pptpReq, reqlen, ct,
574 ctinfo); 576 ctinfo);
575 else 577 else
576 /* server -> client (PAC -> PNS) */ 578 /* server -> client (PAC -> PNS) */
577 ret = pptp_inbound_pkt(skb, ctlh, pptpReq, reqlen, ct, 579 ret = pptp_inbound_pkt(skb, protoff, ctlh, pptpReq, reqlen, ct,
578 ctinfo); 580 ctinfo);
579 pr_debug("sstate: %d->%d, cstate: %d->%d\n", 581 pr_debug("sstate: %d->%d, cstate: %d->%d\n",
580 oldsstate, info->sstate, oldcstate, info->cstate); 582 oldsstate, info->sstate, oldcstate, info->cstate);
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c
index d08e0baf4640..590f0abaab8c 100644
--- a/net/netfilter/nf_conntrack_sip.c
+++ b/net/netfilter/nf_conntrack_sip.c
@@ -52,8 +52,8 @@ module_param(sip_direct_media, int, 0600);
52MODULE_PARM_DESC(sip_direct_media, "Expect Media streams between signalling " 52MODULE_PARM_DESC(sip_direct_media, "Expect Media streams between signalling "
53 "endpoints only (default 1)"); 53 "endpoints only (default 1)");
54 54
55unsigned int (*nf_nat_sip_hook)(struct sk_buff *skb, unsigned int dataoff, 55unsigned int (*nf_nat_sip_hook)(struct sk_buff *skb, unsigned int protoff,
56 const char **dptr, 56 unsigned int dataoff, const char **dptr,
57 unsigned int *datalen) __read_mostly; 57 unsigned int *datalen) __read_mostly;
58EXPORT_SYMBOL_GPL(nf_nat_sip_hook); 58EXPORT_SYMBOL_GPL(nf_nat_sip_hook);
59 59
@@ -61,6 +61,7 @@ void (*nf_nat_sip_seq_adjust_hook)(struct sk_buff *skb, s16 off) __read_mostly;
61EXPORT_SYMBOL_GPL(nf_nat_sip_seq_adjust_hook); 61EXPORT_SYMBOL_GPL(nf_nat_sip_seq_adjust_hook);
62 62
63unsigned int (*nf_nat_sip_expect_hook)(struct sk_buff *skb, 63unsigned int (*nf_nat_sip_expect_hook)(struct sk_buff *skb,
64 unsigned int protoff,
64 unsigned int dataoff, 65 unsigned int dataoff,
65 const char **dptr, 66 const char **dptr,
66 unsigned int *datalen, 67 unsigned int *datalen,
@@ -69,7 +70,8 @@ unsigned int (*nf_nat_sip_expect_hook)(struct sk_buff *skb,
69 unsigned int matchlen) __read_mostly; 70 unsigned int matchlen) __read_mostly;
70EXPORT_SYMBOL_GPL(nf_nat_sip_expect_hook); 71EXPORT_SYMBOL_GPL(nf_nat_sip_expect_hook);
71 72
72unsigned int (*nf_nat_sdp_addr_hook)(struct sk_buff *skb, unsigned int dataoff, 73unsigned int (*nf_nat_sdp_addr_hook)(struct sk_buff *skb, unsigned int protoff,
74 unsigned int dataoff,
73 const char **dptr, 75 const char **dptr,
74 unsigned int *datalen, 76 unsigned int *datalen,
75 unsigned int sdpoff, 77 unsigned int sdpoff,
@@ -79,7 +81,8 @@ unsigned int (*nf_nat_sdp_addr_hook)(struct sk_buff *skb, unsigned int dataoff,
79 __read_mostly; 81 __read_mostly;
80EXPORT_SYMBOL_GPL(nf_nat_sdp_addr_hook); 82EXPORT_SYMBOL_GPL(nf_nat_sdp_addr_hook);
81 83
82unsigned int (*nf_nat_sdp_port_hook)(struct sk_buff *skb, unsigned int dataoff, 84unsigned int (*nf_nat_sdp_port_hook)(struct sk_buff *skb, unsigned int protoff,
85 unsigned int dataoff,
83 const char **dptr, 86 const char **dptr,
84 unsigned int *datalen, 87 unsigned int *datalen,
85 unsigned int matchoff, 88 unsigned int matchoff,
@@ -88,6 +91,7 @@ unsigned int (*nf_nat_sdp_port_hook)(struct sk_buff *skb, unsigned int dataoff,
88EXPORT_SYMBOL_GPL(nf_nat_sdp_port_hook); 91EXPORT_SYMBOL_GPL(nf_nat_sdp_port_hook);
89 92
90unsigned int (*nf_nat_sdp_session_hook)(struct sk_buff *skb, 93unsigned int (*nf_nat_sdp_session_hook)(struct sk_buff *skb,
94 unsigned int protoff,
91 unsigned int dataoff, 95 unsigned int dataoff,
92 const char **dptr, 96 const char **dptr,
93 unsigned int *datalen, 97 unsigned int *datalen,
@@ -96,7 +100,8 @@ unsigned int (*nf_nat_sdp_session_hook)(struct sk_buff *skb,
96 __read_mostly; 100 __read_mostly;
97EXPORT_SYMBOL_GPL(nf_nat_sdp_session_hook); 101EXPORT_SYMBOL_GPL(nf_nat_sdp_session_hook);
98 102
99unsigned int (*nf_nat_sdp_media_hook)(struct sk_buff *skb, unsigned int dataoff, 103unsigned int (*nf_nat_sdp_media_hook)(struct sk_buff *skb, unsigned int protoff,
104 unsigned int dataoff,
100 const char **dptr, 105 const char **dptr,
101 unsigned int *datalen, 106 unsigned int *datalen,
102 struct nf_conntrack_expect *rtp_exp, 107 struct nf_conntrack_expect *rtp_exp,
@@ -883,7 +888,8 @@ static void flush_expectations(struct nf_conn *ct, bool media)
883 spin_unlock_bh(&nf_conntrack_lock); 888 spin_unlock_bh(&nf_conntrack_lock);
884} 889}
885 890
886static int set_expected_rtp_rtcp(struct sk_buff *skb, unsigned int dataoff, 891static int set_expected_rtp_rtcp(struct sk_buff *skb, unsigned int protoff,
892 unsigned int dataoff,
887 const char **dptr, unsigned int *datalen, 893 const char **dptr, unsigned int *datalen,
888 union nf_inet_addr *daddr, __be16 port, 894 union nf_inet_addr *daddr, __be16 port,
889 enum sip_expectation_classes class, 895 enum sip_expectation_classes class,
@@ -960,7 +966,7 @@ static int set_expected_rtp_rtcp(struct sk_buff *skb, unsigned int dataoff,
960 if (direct_rtp) { 966 if (direct_rtp) {
961 nf_nat_sdp_port = rcu_dereference(nf_nat_sdp_port_hook); 967 nf_nat_sdp_port = rcu_dereference(nf_nat_sdp_port_hook);
962 if (nf_nat_sdp_port && 968 if (nf_nat_sdp_port &&
963 !nf_nat_sdp_port(skb, dataoff, dptr, datalen, 969 !nf_nat_sdp_port(skb, protoff, dataoff, dptr, datalen,
964 mediaoff, medialen, ntohs(rtp_port))) 970 mediaoff, medialen, ntohs(rtp_port)))
965 goto err1; 971 goto err1;
966 } 972 }
@@ -983,7 +989,7 @@ static int set_expected_rtp_rtcp(struct sk_buff *skb, unsigned int dataoff,
983 nf_nat_sdp_media = rcu_dereference(nf_nat_sdp_media_hook); 989 nf_nat_sdp_media = rcu_dereference(nf_nat_sdp_media_hook);
984 if (nf_nat_sdp_media && nf_ct_l3num(ct) == NFPROTO_IPV4 && 990 if (nf_nat_sdp_media && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
985 ct->status & IPS_NAT_MASK && !direct_rtp) 991 ct->status & IPS_NAT_MASK && !direct_rtp)
986 ret = nf_nat_sdp_media(skb, dataoff, dptr, datalen, 992 ret = nf_nat_sdp_media(skb, protoff, dataoff, dptr, datalen,
987 rtp_exp, rtcp_exp, 993 rtp_exp, rtcp_exp,
988 mediaoff, medialen, daddr); 994 mediaoff, medialen, daddr);
989 else { 995 else {
@@ -1024,7 +1030,8 @@ static const struct sdp_media_type *sdp_media_type(const char *dptr,
1024 return NULL; 1030 return NULL;
1025} 1031}
1026 1032
1027static int process_sdp(struct sk_buff *skb, unsigned int dataoff, 1033static int process_sdp(struct sk_buff *skb, unsigned int protoff,
1034 unsigned int dataoff,
1028 const char **dptr, unsigned int *datalen, 1035 const char **dptr, unsigned int *datalen,
1029 unsigned int cseq) 1036 unsigned int cseq)
1030{ 1037{
@@ -1098,7 +1105,8 @@ static int process_sdp(struct sk_buff *skb, unsigned int dataoff,
1098 else 1105 else
1099 return NF_DROP; 1106 return NF_DROP;
1100 1107
1101 ret = set_expected_rtp_rtcp(skb, dataoff, dptr, datalen, 1108 ret = set_expected_rtp_rtcp(skb, protoff, dataoff,
1109 dptr, datalen,
1102 &rtp_addr, htons(port), t->class, 1110 &rtp_addr, htons(port), t->class,
1103 mediaoff, medialen); 1111 mediaoff, medialen);
1104 if (ret != NF_ACCEPT) 1112 if (ret != NF_ACCEPT)
@@ -1107,7 +1115,8 @@ static int process_sdp(struct sk_buff *skb, unsigned int dataoff,
1107 /* Update media connection address if present */ 1115 /* Update media connection address if present */
1108 if (maddr_len && nf_nat_sdp_addr && 1116 if (maddr_len && nf_nat_sdp_addr &&
1109 nf_ct_l3num(ct) == NFPROTO_IPV4 && ct->status & IPS_NAT_MASK) { 1117 nf_ct_l3num(ct) == NFPROTO_IPV4 && ct->status & IPS_NAT_MASK) {
1110 ret = nf_nat_sdp_addr(skb, dataoff, dptr, datalen, 1118 ret = nf_nat_sdp_addr(skb, protoff, dataoff,
1119 dptr, datalen,
1111 mediaoff, c_hdr, SDP_HDR_MEDIA, 1120 mediaoff, c_hdr, SDP_HDR_MEDIA,
1112 &rtp_addr); 1121 &rtp_addr);
1113 if (ret != NF_ACCEPT) 1122 if (ret != NF_ACCEPT)
@@ -1120,12 +1129,13 @@ static int process_sdp(struct sk_buff *skb, unsigned int dataoff,
1120 nf_nat_sdp_session = rcu_dereference(nf_nat_sdp_session_hook); 1129 nf_nat_sdp_session = rcu_dereference(nf_nat_sdp_session_hook);
1121 if (nf_nat_sdp_session && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1130 if (nf_nat_sdp_session && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
1122 ct->status & IPS_NAT_MASK) 1131 ct->status & IPS_NAT_MASK)
1123 ret = nf_nat_sdp_session(skb, dataoff, dptr, datalen, sdpoff, 1132 ret = nf_nat_sdp_session(skb, protoff, dataoff,
1124 &rtp_addr); 1133 dptr, datalen, sdpoff, &rtp_addr);
1125 1134
1126 return ret; 1135 return ret;
1127} 1136}
1128static int process_invite_response(struct sk_buff *skb, unsigned int dataoff, 1137static int process_invite_response(struct sk_buff *skb, unsigned int protoff,
1138 unsigned int dataoff,
1129 const char **dptr, unsigned int *datalen, 1139 const char **dptr, unsigned int *datalen,
1130 unsigned int cseq, unsigned int code) 1140 unsigned int cseq, unsigned int code)
1131{ 1141{
@@ -1135,13 +1145,14 @@ static int process_invite_response(struct sk_buff *skb, unsigned int dataoff,
1135 1145
1136 if ((code >= 100 && code <= 199) || 1146 if ((code >= 100 && code <= 199) ||
1137 (code >= 200 && code <= 299)) 1147 (code >= 200 && code <= 299))
1138 return process_sdp(skb, dataoff, dptr, datalen, cseq); 1148 return process_sdp(skb, protoff, dataoff, dptr, datalen, cseq);
1139 else if (ct_sip_info->invite_cseq == cseq) 1149 else if (ct_sip_info->invite_cseq == cseq)
1140 flush_expectations(ct, true); 1150 flush_expectations(ct, true);
1141 return NF_ACCEPT; 1151 return NF_ACCEPT;
1142} 1152}
1143 1153
1144static int process_update_response(struct sk_buff *skb, unsigned int dataoff, 1154static int process_update_response(struct sk_buff *skb, unsigned int protoff,
1155 unsigned int dataoff,
1145 const char **dptr, unsigned int *datalen, 1156 const char **dptr, unsigned int *datalen,
1146 unsigned int cseq, unsigned int code) 1157 unsigned int cseq, unsigned int code)
1147{ 1158{
@@ -1151,13 +1162,14 @@ static int process_update_response(struct sk_buff *skb, unsigned int dataoff,
1151 1162
1152 if ((code >= 100 && code <= 199) || 1163 if ((code >= 100 && code <= 199) ||
1153 (code >= 200 && code <= 299)) 1164 (code >= 200 && code <= 299))
1154 return process_sdp(skb, dataoff, dptr, datalen, cseq); 1165 return process_sdp(skb, protoff, dataoff, dptr, datalen, cseq);
1155 else if (ct_sip_info->invite_cseq == cseq) 1166 else if (ct_sip_info->invite_cseq == cseq)
1156 flush_expectations(ct, true); 1167 flush_expectations(ct, true);
1157 return NF_ACCEPT; 1168 return NF_ACCEPT;
1158} 1169}
1159 1170
1160static int process_prack_response(struct sk_buff *skb, unsigned int dataoff, 1171static int process_prack_response(struct sk_buff *skb, unsigned int protoff,
1172 unsigned int dataoff,
1161 const char **dptr, unsigned int *datalen, 1173 const char **dptr, unsigned int *datalen,
1162 unsigned int cseq, unsigned int code) 1174 unsigned int cseq, unsigned int code)
1163{ 1175{
@@ -1167,13 +1179,14 @@ static int process_prack_response(struct sk_buff *skb, unsigned int dataoff,
1167 1179
1168 if ((code >= 100 && code <= 199) || 1180 if ((code >= 100 && code <= 199) ||
1169 (code >= 200 && code <= 299)) 1181 (code >= 200 && code <= 299))
1170 return process_sdp(skb, dataoff, dptr, datalen, cseq); 1182 return process_sdp(skb, protoff, dataoff, dptr, datalen, cseq);
1171 else if (ct_sip_info->invite_cseq == cseq) 1183 else if (ct_sip_info->invite_cseq == cseq)
1172 flush_expectations(ct, true); 1184 flush_expectations(ct, true);
1173 return NF_ACCEPT; 1185 return NF_ACCEPT;
1174} 1186}
1175 1187
1176static int process_invite_request(struct sk_buff *skb, unsigned int dataoff, 1188static int process_invite_request(struct sk_buff *skb, unsigned int protoff,
1189 unsigned int dataoff,
1177 const char **dptr, unsigned int *datalen, 1190 const char **dptr, unsigned int *datalen,
1178 unsigned int cseq) 1191 unsigned int cseq)
1179{ 1192{
@@ -1183,13 +1196,14 @@ static int process_invite_request(struct sk_buff *skb, unsigned int dataoff,
1183 unsigned int ret; 1196 unsigned int ret;
1184 1197
1185 flush_expectations(ct, true); 1198 flush_expectations(ct, true);
1186 ret = process_sdp(skb, dataoff, dptr, datalen, cseq); 1199 ret = process_sdp(skb, protoff, dataoff, dptr, datalen, cseq);
1187 if (ret == NF_ACCEPT) 1200 if (ret == NF_ACCEPT)
1188 ct_sip_info->invite_cseq = cseq; 1201 ct_sip_info->invite_cseq = cseq;
1189 return ret; 1202 return ret;
1190} 1203}
1191 1204
1192static int process_bye_request(struct sk_buff *skb, unsigned int dataoff, 1205static int process_bye_request(struct sk_buff *skb, unsigned int protoff,
1206 unsigned int dataoff,
1193 const char **dptr, unsigned int *datalen, 1207 const char **dptr, unsigned int *datalen,
1194 unsigned int cseq) 1208 unsigned int cseq)
1195{ 1209{
@@ -1204,7 +1218,8 @@ static int process_bye_request(struct sk_buff *skb, unsigned int dataoff,
1204 * signalling connections. The expectation is marked inactive and is activated 1218 * signalling connections. The expectation is marked inactive and is activated
1205 * when receiving a response indicating success from the registrar. 1219 * when receiving a response indicating success from the registrar.
1206 */ 1220 */
1207static int process_register_request(struct sk_buff *skb, unsigned int dataoff, 1221static int process_register_request(struct sk_buff *skb, unsigned int protoff,
1222 unsigned int dataoff,
1208 const char **dptr, unsigned int *datalen, 1223 const char **dptr, unsigned int *datalen,
1209 unsigned int cseq) 1224 unsigned int cseq)
1210{ 1225{
@@ -1280,8 +1295,8 @@ static int process_register_request(struct sk_buff *skb, unsigned int dataoff,
1280 nf_nat_sip_expect = rcu_dereference(nf_nat_sip_expect_hook); 1295 nf_nat_sip_expect = rcu_dereference(nf_nat_sip_expect_hook);
1281 if (nf_nat_sip_expect && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1296 if (nf_nat_sip_expect && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
1282 ct->status & IPS_NAT_MASK) 1297 ct->status & IPS_NAT_MASK)
1283 ret = nf_nat_sip_expect(skb, dataoff, dptr, datalen, exp, 1298 ret = nf_nat_sip_expect(skb, protoff, dataoff, dptr, datalen,
1284 matchoff, matchlen); 1299 exp, matchoff, matchlen);
1285 else { 1300 else {
1286 if (nf_ct_expect_related(exp) != 0) 1301 if (nf_ct_expect_related(exp) != 0)
1287 ret = NF_DROP; 1302 ret = NF_DROP;
@@ -1296,7 +1311,8 @@ store_cseq:
1296 return ret; 1311 return ret;
1297} 1312}
1298 1313
1299static int process_register_response(struct sk_buff *skb, unsigned int dataoff, 1314static int process_register_response(struct sk_buff *skb, unsigned int protoff,
1315 unsigned int dataoff,
1300 const char **dptr, unsigned int *datalen, 1316 const char **dptr, unsigned int *datalen,
1301 unsigned int cseq, unsigned int code) 1317 unsigned int cseq, unsigned int code)
1302{ 1318{
@@ -1378,7 +1394,8 @@ static const struct sip_handler sip_handlers[] = {
1378 SIP_HANDLER("REGISTER", process_register_request, process_register_response), 1394 SIP_HANDLER("REGISTER", process_register_request, process_register_response),
1379}; 1395};
1380 1396
1381static int process_sip_response(struct sk_buff *skb, unsigned int dataoff, 1397static int process_sip_response(struct sk_buff *skb, unsigned int protoff,
1398 unsigned int dataoff,
1382 const char **dptr, unsigned int *datalen) 1399 const char **dptr, unsigned int *datalen)
1383{ 1400{
1384 enum ip_conntrack_info ctinfo; 1401 enum ip_conntrack_info ctinfo;
@@ -1409,13 +1426,14 @@ static int process_sip_response(struct sk_buff *skb, unsigned int dataoff,
1409 if (*datalen < matchend + handler->len || 1426 if (*datalen < matchend + handler->len ||
1410 strnicmp(*dptr + matchend, handler->method, handler->len)) 1427 strnicmp(*dptr + matchend, handler->method, handler->len))
1411 continue; 1428 continue;
1412 return handler->response(skb, dataoff, dptr, datalen, 1429 return handler->response(skb, protoff, dataoff, dptr, datalen,
1413 cseq, code); 1430 cseq, code);
1414 } 1431 }
1415 return NF_ACCEPT; 1432 return NF_ACCEPT;
1416} 1433}
1417 1434
1418static int process_sip_request(struct sk_buff *skb, unsigned int dataoff, 1435static int process_sip_request(struct sk_buff *skb, unsigned int protoff,
1436 unsigned int dataoff,
1419 const char **dptr, unsigned int *datalen) 1437 const char **dptr, unsigned int *datalen)
1420{ 1438{
1421 enum ip_conntrack_info ctinfo; 1439 enum ip_conntrack_info ctinfo;
@@ -1440,27 +1458,29 @@ static int process_sip_request(struct sk_buff *skb, unsigned int dataoff,
1440 if (!cseq) 1458 if (!cseq)
1441 return NF_DROP; 1459 return NF_DROP;
1442 1460
1443 return handler->request(skb, dataoff, dptr, datalen, cseq); 1461 return handler->request(skb, protoff, dataoff, dptr, datalen,
1462 cseq);
1444 } 1463 }
1445 return NF_ACCEPT; 1464 return NF_ACCEPT;
1446} 1465}
1447 1466
1448static int process_sip_msg(struct sk_buff *skb, struct nf_conn *ct, 1467static int process_sip_msg(struct sk_buff *skb, struct nf_conn *ct,
1449 unsigned int dataoff, const char **dptr, 1468 unsigned int protoff, unsigned int dataoff,
1450 unsigned int *datalen) 1469 const char **dptr, unsigned int *datalen)
1451{ 1470{
1452 typeof(nf_nat_sip_hook) nf_nat_sip; 1471 typeof(nf_nat_sip_hook) nf_nat_sip;
1453 int ret; 1472 int ret;
1454 1473
1455 if (strnicmp(*dptr, "SIP/2.0 ", strlen("SIP/2.0 ")) != 0) 1474 if (strnicmp(*dptr, "SIP/2.0 ", strlen("SIP/2.0 ")) != 0)
1456 ret = process_sip_request(skb, dataoff, dptr, datalen); 1475 ret = process_sip_request(skb, protoff, dataoff, dptr, datalen);
1457 else 1476 else
1458 ret = process_sip_response(skb, dataoff, dptr, datalen); 1477 ret = process_sip_response(skb, protoff, dataoff, dptr, datalen);
1459 1478
1460 if (ret == NF_ACCEPT && nf_ct_l3num(ct) == NFPROTO_IPV4 && 1479 if (ret == NF_ACCEPT && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
1461 ct->status & IPS_NAT_MASK) { 1480 ct->status & IPS_NAT_MASK) {
1462 nf_nat_sip = rcu_dereference(nf_nat_sip_hook); 1481 nf_nat_sip = rcu_dereference(nf_nat_sip_hook);
1463 if (nf_nat_sip && !nf_nat_sip(skb, dataoff, dptr, datalen)) 1482 if (nf_nat_sip && !nf_nat_sip(skb, protoff, dataoff,
1483 dptr, datalen))
1464 ret = NF_DROP; 1484 ret = NF_DROP;
1465 } 1485 }
1466 1486
@@ -1528,7 +1548,8 @@ static int sip_help_tcp(struct sk_buff *skb, unsigned int protoff,
1528 if (msglen > datalen) 1548 if (msglen > datalen)
1529 return NF_DROP; 1549 return NF_DROP;
1530 1550
1531 ret = process_sip_msg(skb, ct, dataoff, &dptr, &msglen); 1551 ret = process_sip_msg(skb, ct, protoff, dataoff,
1552 &dptr, &msglen);
1532 if (ret != NF_ACCEPT) 1553 if (ret != NF_ACCEPT)
1533 break; 1554 break;
1534 diff = msglen - origlen; 1555 diff = msglen - origlen;
@@ -1570,7 +1591,7 @@ static int sip_help_udp(struct sk_buff *skb, unsigned int protoff,
1570 if (datalen < strlen("SIP/2.0 200")) 1591 if (datalen < strlen("SIP/2.0 200"))
1571 return NF_ACCEPT; 1592 return NF_ACCEPT;
1572 1593
1573 return process_sip_msg(skb, ct, dataoff, &dptr, &datalen); 1594 return process_sip_msg(skb, ct, protoff, dataoff, &dptr, &datalen);
1574} 1595}
1575 1596
1576static struct nf_conntrack_helper sip[MAX_PORTS][4] __read_mostly; 1597static struct nf_conntrack_helper sip[MAX_PORTS][4] __read_mostly;
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-27 16:36:45 -0500