LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Kernel page

Recent Features

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

LWN.net Weekly Edition for June 6, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

add ip_nat_h245()

From:  Max Kellermann <max@duempel.org>
To:  netfilter-devel@lists.netfilter.org
Subject:  [PATCH pom-ng 2/6] add ip_nat_h245()
Date:  Wed, 11 May 2005 00:51:54 +0200
Cc:  laforge@gnumonks.org
Archive-link:  Article, Thread 

h323-02-add_ip_nat_h245.patch
- add ip_nat_h245(), separate fro ip_nat_h225()


Tue Apr 19 22:45:33 CEST 2005  max@duempel.org
  * ip_nat_h245_hook has its own implementation, ip_nat_h245()
diff -rN -u old-h323-4/h323-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_nat_h323.c
new-h323-4/h323-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_nat_h323.c
--- old-h323-4/h323-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_nat_h323.c	2005-05-10
23:48:25.000000000 +0200
+++ new-h323-4/h323-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_nat_h323.c	2005-05-10
23:48:26.000000000 +0200
@@ -126,6 +126,54 @@
 	return NF_ACCEPT;
 }
 
+static int ip_nat_h245(struct sk_buff **pskb,
+		       enum ip_conntrack_info ctinfo,
+		       unsigned int offset,
+		       struct ip_conntrack_expect *exp)
+{
+	u_int16_t port;
+	struct {
+		u_int32_t ip;
+		u_int16_t port;
+	} __attribute__ ((__packed__)) newdata;
+	int dir = CTINFO2DIR(ctinfo);
+	struct ip_conntrack *ct = exp->master;
+	int ret;
+
+	/* Connection will come from wherever this packet goes, hence !dir */
+	newdata.ip = ct->tuplehash[!dir].tuple.dst.ip;
+	exp->saved_proto.tcp.port = exp->tuple.dst.u.tcp.port;
+	exp->dir = !dir;
+
+	/* When you see the packet, we need to NAT it the same as the
+	 * this one. */
+	exp->expectfn = ip_nat_follow_master;
+
+	/* Try to get same port: if not, try to change it. */
+	for (port = ntohs(exp->saved_proto.tcp.port); port != 0; port++) {
+		exp->tuple.dst.u.tcp.port = htons(port);
+		if (ip_conntrack_expect_related(exp) == 0)
+			break;
+	}
+
+	if (port == 0) {
+		ip_conntrack_expect_free(exp);
+		return NF_DROP;
+	}
+
+	newdata.port = htons(port);
+
+	/* now mangle packet */
+	ret = ip_nat_mangle_tcp_packet(pskb, ct, ctinfo,
+				       offset,
+				       sizeof(newdata),
+				       (const char*)&newdata, sizeof(newdata));
+	if (!ret)
+		return NF_DROP;
+
+	return NF_ACCEPT;
+}
+
 static int __init init(void)
 {
 	BUG_ON(ip_nat_h225_hook != NULL);
@@ -133,7 +181,7 @@
 
 	ip_nat_h225_hook = ip_nat_h225;
 	ip_nat_h225_signal_hook = ip_nat_h225_signal;
-	ip_nat_h245_hook = ip_nat_h225;
+	ip_nat_h245_hook = ip_nat_h245;
 
 	return 0;
 }

Copyright © 2005, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds