[netfilter-cvslog] r3842 - in
trunk/patch-o-matic-ng/h323-conntrack-nat/linux-2.6.11:
include/linux/netfilter_ipv4 net/ipv4/netfilter
laforge at netfilter.org
laforge at netfilter.org
Sun Apr 10 20:49:19 CEST 2005
Author: laforge at netfilter.org
Date: 2005-04-10 20:49:18 +0200 (Sun, 10 Apr 2005)
New Revision: 3842
Removed:
trunk/patch-o-matic-ng/h323-conntrack-nat/linux-2.6.11/include/linux/netfilter_ipv4/ip_conntrack.h.ladd_3
Modified:
trunk/patch-o-matic-ng/h323-conntrack-nat/linux-2.6.11/include/linux/netfilter_ipv4/ip_conntrack_h323.h
trunk/patch-o-matic-ng/h323-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_h323.c
trunk/patch-o-matic-ng/h323-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_nat_h323.c
Log:
incomplete 2.6.11 port. Compiles, but is definitely non-functional, at least
for the NAT case.
TODO:
- add second hook for non-expect packets to conntrack helpers
- call h323_signal_address_fixup() from new conntrack hook
- correctly call ct and nat expectfn's
Deleted: trunk/patch-o-matic-ng/h323-conntrack-nat/linux-2.6.11/include/linux/netfilter_ipv4/ip_conntrack.h.ladd_3
===================================================================
--- trunk/patch-o-matic-ng/h323-conntrack-nat/linux-2.6.11/include/linux/netfilter_ipv4/ip_conntrack.h.ladd_3 2005-04-10 18:25:34 UTC (rev 3841)
+++ trunk/patch-o-matic-ng/h323-conntrack-nat/linux-2.6.11/include/linux/netfilter_ipv4/ip_conntrack.h.ladd_3 2005-04-10 18:49:18 UTC (rev 3842)
@@ -1,2 +0,0 @@
- /* insert conntrack helper private data (expect) here */
- struct ip_ct_h225_expect exp_h225_info;
Modified: trunk/patch-o-matic-ng/h323-conntrack-nat/linux-2.6.11/include/linux/netfilter_ipv4/ip_conntrack_h323.h
===================================================================
--- trunk/patch-o-matic-ng/h323-conntrack-nat/linux-2.6.11/include/linux/netfilter_ipv4/ip_conntrack_h323.h 2005-04-10 18:25:34 UTC (rev 3841)
+++ trunk/patch-o-matic-ng/h323-conntrack-nat/linux-2.6.11/include/linux/netfilter_ipv4/ip_conntrack_h323.h 2005-04-10 18:49:18 UTC (rev 3842)
@@ -28,4 +28,12 @@
#endif
};
+struct ip_conntrack;
+struct ip_conntrack_expect;
+extern unsigned int (*ip_nat_h225_exp_hook)(struct ip_conntrack *ct,
+ struct sk_buff **pskb,
+ enum ip_conntrack_info ctinfo,
+ struct ip_ct_h225_expect *exp_info,
+ struct ip_conntrack_expect *exp);
+
#endif /* _IP_CONNTRACK_H323_H */
Modified: trunk/patch-o-matic-ng/h323-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_h323.c
===================================================================
--- trunk/patch-o-matic-ng/h323-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_h323.c 2005-04-10 18:25:34 UTC (rev 3841)
+++ trunk/patch-o-matic-ng/h323-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_h323.c 2005-04-10 18:49:18 UTC (rev 3842)
@@ -2,6 +2,7 @@
* H.323 'brute force' extension for H.323 connection tracking.
* Jozsef Kadlecsik <kadlec at blackhole.kfki.hu>
* (c) 2005 Max Kellermann <max at duempel.org>
+ * (c) 2005 Harald Welte <laforge at netfilter.org>
*
* Based on ip_masq_h323.c for 2.2 kernels from CoRiTel, Sofia project.
* (http://www.coritel.it/projects/sofia/nat/)
@@ -31,9 +32,13 @@
static char h323_buffer[65536];
static DECLARE_LOCK(h323_buffer_lock);
-DECLARE_LOCK(ip_h323_lock);
struct module *ip_conntrack_h323 = THIS_MODULE;
+static unsigned int (*ip_nat_h225_exp_hook)(struct ip_conntrack *ct,
+ struct sk_buff **pskb,
+ enum ip_conntrack_info ctinfo,
+ struct ip_ct_h225_expect *exp_info,
+ struct ip_conntrack_expect *exp);
#if 0
#define DEBUGP printk
#else
@@ -41,11 +46,11 @@
#endif
/* FIXME: This should be in userspace. Later. */
-static int h245_help(struct sk_buff *skb,
+static int h245_help(struct sk_buff **pskb,
struct ip_conntrack *ct,
enum ip_conntrack_info ctinfo)
{
- struct iphdr *iph = skb->nh.iph;
+ struct iphdr *iph = (*pskb)->nh.iph;
struct tcphdr _tcph, *tcph;
unsigned char *data;
unsigned char *data_limit;
@@ -53,7 +58,7 @@
int dir = CTINFO2DIR(ctinfo);
struct ip_ct_h225_master *info = &ct->help.ct_h225_info;
struct ip_conntrack_expect *exp;
- struct ip_ct_h225_expect *exp_info;
+ struct ip_ct_h225_expect _h225e, *exp_info = &_h225e;
u_int16_t data_port;
u_int32_t data_ip;
unsigned int i;
@@ -66,7 +71,7 @@
return NF_ACCEPT;
}
- tcph = skb_header_pointer(skb, skb->nh.iph->ihl*4,
+ tcph = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl*4,
sizeof(_tcph), &_tcph);
if (tcph == NULL)
return NF_ACCEPT;
@@ -75,16 +80,16 @@
NIPQUAD(iph->saddr), ntohs(tcph->source),
NIPQUAD(iph->daddr), ntohs(tcph->dest));
- dataoff = skb->nh.iph->ihl*4 + tcph->doff*4;
+ dataoff = (*pskb)->nh.iph->ihl*4 + tcph->doff*4;
/* No data? */
- if (dataoff >= skb->len) {
- DEBUGP("ct_h245_help: skblen = %u\n", skb->len);
+ if (dataoff >= (*pskb)->len) {
+ DEBUGP("ct_h245_help: skblen = %u\n", (*pskb)->len);
return NF_ACCEPT;
}
- datalen = skb->len - dataoff;
+ datalen = (*pskb)->len - dataoff;
LOCK_BH(&h323_buffer_lock);
- data = skb_header_pointer(skb, dataoff,
+ data = skb_header_pointer(*pskb, dataoff,
datalen, h323_buffer);
BUG_ON(data == NULL);
@@ -107,16 +112,11 @@
goto out;
}
- exp_info = &exp->help.exp_h225_info;
-
- LOCK_BH(&ip_h323_lock);
info->is_h225 = H225_PORT + 1;
exp_info->port = data_port;
exp_info->dir = dir;
exp_info->offset = i;
- exp->seq = ntohl(tcph->seq) + i;
-
exp->tuple = ((struct ip_conntrack_tuple)
{ { ct->tuplehash[!dir].tuple.src.ip,
{ 0 } },
@@ -125,14 +125,23 @@
IPPROTO_UDP }});
exp->mask = ((struct ip_conntrack_tuple)
{ { 0xFFFFFFFF, { 0 } },
- { 0xFFFFFFFF, { .tcp = { 0xFFFF } }, 0xFFFF }});
+ { 0xFFFFFFFF, { .tcp = { 0xFFFF } }, 0xFF }});
exp->expectfn = NULL;
- /* Ignore failure; should only happen with NAT */
- ip_conntrack_expect_related(exp, ct);
+ if (ip_nat_h225_exp_hook)
+ ret = ip_nat_h225_exp_hook(ct, pskb,
+ ctinfo, exp_info, exp);
+ else {
+ if (ip_conntrack_expect_related(exp)) {
+ ip_conntrack_expect_free(exp);
+ ret = NF_DROP;
+ } else {
+ ret = NF_ACCEPT;
- UNLOCK_BH(&ip_h323_lock);
+ DEBUGP("ct_h225_help: new H.245 requested %u.%u.%u.%u->%u.%u.%u.%u:%u\n", NIPQUAD(ct->tuplehash[!dir].tuple.src.ip), NIPQUAD(iph->saddr), ntohs(data_port));
+ }
+ }
}
}
@@ -145,31 +154,29 @@
/* H.245 helper is not registered! */
static struct ip_conntrack_helper h245 = {
.name = "H.245",
- .flags = IP_CT_HELPER_F_REUSE_EXPECT,
.max_expected = 8,
.timeout = 240,
.tuple = { .dst = { .protonum = IPPROTO_TCP } },
.mask = { .src = { .u = { 0xFFFF } },
- .dst = { .protonum = 0xFFFF } },
+ .dst = { .protonum = 0xFF } },
.help = h245_help
};
-static int h225_expect(struct ip_conntrack *ct)
+static void h225_expect(struct ip_conntrack *ct,
+ struct ip_conntrack_expect *exp)
{
WRITE_LOCK(&ip_conntrack_lock);
ct->helper = &h245;
DEBUGP("h225_expect: helper for %p added\n", ct);
WRITE_UNLOCK(&ip_conntrack_lock);
-
- return NF_ACCEPT; /* unused */
}
/* FIXME: This should be in userspace. Later. */
-static int h225_help(struct sk_buff *skb,
+static int h225_help(struct sk_buff **pskb,
struct ip_conntrack *ct,
enum ip_conntrack_info ctinfo)
{
- struct iphdr *iph = skb->nh.iph;
+ struct iphdr *iph = (*pskb)->nh.iph;
struct tcphdr _tcph, *tcph;
unsigned char *data;
unsigned char *data_limit;
@@ -177,7 +184,7 @@
int dir = CTINFO2DIR(ctinfo);
struct ip_ct_h225_master *info = &ct->help.ct_h225_info;
struct ip_conntrack_expect *exp;
- struct ip_ct_h225_expect *exp_info;
+ struct ip_ct_h225_expect _h225e, *exp_info = &_h225e;
u_int16_t data_port;
u_int32_t data_ip;
unsigned int i;
@@ -190,7 +197,7 @@
return NF_ACCEPT;
}
- tcph = skb_header_pointer(skb, skb->nh.iph->ihl*4,
+ tcph = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl*4,
sizeof(_tcph), &_tcph);
if (tcph == NULL)
return NF_ACCEPT;
@@ -199,16 +206,16 @@
NIPQUAD(iph->saddr), ntohs(tcph->source),
NIPQUAD(iph->daddr), ntohs(tcph->dest));
- dataoff = skb->nh.iph->ihl*4 + tcph->doff*4;
+ dataoff = (*pskb)->nh.iph->ihl*4 + tcph->doff*4;
/* No data? */
- if (dataoff >= skb->len) {
- DEBUGP("ct_h225_help: skblen = %u\n", skb->len);
+ if (dataoff >= (*pskb)->len) {
+ DEBUGP("ct_h225_help: skblen = %u\n", (*pskb)->len);
return NF_ACCEPT;
}
- datalen = skb->len - dataoff;
+ datalen = (*pskb)->len - dataoff;
LOCK_BH(&h323_buffer_lock);
- data = skb_header_pointer(skb, dataoff,
+ data = skb_header_pointer(*pskb, dataoff,
datalen, h323_buffer);
BUG_ON(data == NULL);
@@ -223,14 +230,13 @@
/* Signal address */
DEBUGP("ct_h225_help: sourceCallSignalAddress from %u.%u.%u.%u\n",
NIPQUAD(iph->saddr));
- /* Update the H.225 info so that NAT can mangle the address/port
- even when we have no expected connection! */
+ /* Update the H.225 info so that NAT can mangle
+ * the address/port even when we have no
+ * expected connection! */
#ifdef CONFIG_IP_NF_NAT_NEEDED
- LOCK_BH(&ip_h323_lock);
info->dir = dir;
info->seq[IP_CT_DIR_ORIGINAL] = ntohl(tcph->seq) + i;
info->offset[IP_CT_DIR_ORIGINAL] = i;
- UNLOCK_BH(&ip_h323_lock);
#endif
} else {
/* update the H.225 info */
@@ -240,16 +246,11 @@
goto out;
}
- exp_info = &exp->help.exp_h225_info;
-
- LOCK_BH(&ip_h323_lock);
info->is_h225 = H225_PORT;
exp_info->port = data_port;
exp_info->dir = dir;
exp_info->offset = i;
- exp->seq = ntohl(tcph->seq) + i;
-
exp->tuple = ((struct ip_conntrack_tuple)
{ { ct->tuplehash[!dir].tuple.src.ip,
{ 0 } },
@@ -258,18 +259,23 @@
IPPROTO_TCP }});
exp->mask = ((struct ip_conntrack_tuple)
{ { 0xFFFFFFFF, { 0 } },
- { 0xFFFFFFFF, { .tcp = { 0xFFFF } }, 0xFFFF }});
+ { 0xFFFFFFFF, { .tcp = { 0xFFFF } }, 0xFF }});
exp->expectfn = h225_expect;
- /* Ignore failure */
- ip_conntrack_expect_related(exp, ct);
+ if (ip_nat_h225_exp_hook)
+ ret = ip_nat_h225_exp_hook(ct, pskb,
+ ctinfo, exp_info, exp);
+ else {
+ if (ip_conntrack_expect_related(exp)) {
+ ip_conntrack_expect_free(exp);
+ ret = NF_DROP;
+ } else {
+ ret = NF_ACCEPT;
- DEBUGP("ct_h225_help: new H.245 requested %u.%u.%u.%u->%u.%u.%u.%u:%u\n",
- NIPQUAD(ct->tuplehash[!dir].tuple.src.ip),
- NIPQUAD(iph->saddr), ntohs(data_port));
-
- UNLOCK_BH(&ip_h323_lock);
+ DEBUGP("ct_h225_help: new H.245 requested %u.%u.%u.%u->%u.%u.%u.%u:%u\n", NIPQUAD(ct->tuplehash[!dir].tuple.src.ip), NIPQUAD(iph->saddr), ntohs(data_port));
+ }
+ }
}
#ifdef CONFIG_IP_NF_NAT_NEEDED
} else if (data_ip == iph->daddr) {
@@ -278,13 +284,12 @@
/* Signal address */
DEBUGP("ct_h225_help: destCallSignalAddress %u.%u.%u.%u\n",
NIPQUAD(iph->daddr));
- /* Update the H.225 info so that NAT can mangle the address/port
- even when we have no expected connection! */
- LOCK_BH(&ip_h323_lock);
+ /* Update the H.225 info so that NAT can mangle
+ * the address/port even when we have no
+ * expected connection! */
info->dir = dir;
info->seq[IP_CT_DIR_REPLY] = ntohl(tcph->seq) + i;
info->offset[IP_CT_DIR_REPLY] = i;
- UNLOCK_BH(&ip_h323_lock);
}
#endif
}
@@ -298,14 +303,13 @@
static struct ip_conntrack_helper h225 = {
.name = "H.225",
- .flags = IP_CT_HELPER_F_REUSE_EXPECT,
.me = THIS_MODULE,
.max_expected = 2,
.timeout = 240,
.tuple = { .src = { .u = { __constant_htons(H225_PORT) } },
.dst = { .protonum = IPPROTO_TCP } },
.mask = { .src = { .u = { 0xFFFF } },
- .dst = { .protonum = 0xFFFF } },
+ .dst = { .protonum = 0xFF } },
.help = h225_help
};
@@ -320,9 +324,5 @@
ip_conntrack_helper_unregister(&h225);
}
-EXPORT_SYMBOL(ip_h323_lock);
-
-PROVIDES_CONNTRACK(h225);
-PROVIDES_CONNTRACK(h245);
module_init(init);
module_exit(fini);
Modified: trunk/patch-o-matic-ng/h323-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_nat_h323.c
===================================================================
--- trunk/patch-o-matic-ng/h323-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_nat_h323.c 2005-04-10 18:25:34 UTC (rev 3841)
+++ trunk/patch-o-matic-ng/h323-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_nat_h323.c 2005-04-10 18:49:18 UTC (rev 3842)
@@ -28,8 +28,6 @@
MODULE_DESCRIPTION("H.323 'brute force' connection tracking module");
MODULE_LICENSE("GPL");
-DECLARE_LOCK_EXTERN(ip_h323_lock);
-struct module *ip_nat_h323 = THIS_MODULE;
#if 0
#define DEBUGP printk
@@ -52,19 +50,6 @@
unsigned int hooknum,
struct sk_buff **pskb);
-static struct ip_nat_helper h245 = {
- .list = { NULL, NULL },
- .name = "H.245",
- .flags = 0,
- .me = THIS_MODULE,
- .tuple = { { 0, { 0 } },
- { 0, { 0 }, IPPROTO_TCP } },
- .mask = { { 0, { 0xFFFF } },
- { 0, { 0 }, 0xFFFF } },
- .help = h225_nat_help,
- .expect = h225_nat_expected
-};
-
static unsigned int
h225_nat_expected(struct sk_buff **pskb,
unsigned int hooknum,
@@ -85,10 +70,9 @@
IP_NF_ASSERT(!(info->initialized & (1<<HOOK2MANIP(hooknum))));
DEBUGP("h225_nat_expected: We have a connection!\n");
- master_info = &ct->master->expectant->help.ct_h225_info;
- exp_info = &ct->master->help.exp_h225_info;
+ master_info = &ct->master->help.ct_h225_info;
+ //exp_info = &ct->master->help.exp_h225_info;
- LOCK_BH(&ip_h323_lock);
DEBUGP("master: ");
DUMP_TUPLE(&master->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
@@ -110,7 +94,6 @@
}
port = exp_info->port;
is_h225 = master_info->is_h225 == H225_PORT;
- UNLOCK_BH(&ip_h323_lock);
if (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC)
newip = newsrcip;
@@ -137,7 +120,7 @@
if (is_h225) {
DEBUGP("h225_nat_expected: H.225, setting NAT helper for %p\n", ct);
/* NAT expectfn called with ip_nat_lock write-locked */
- info->helper = &h245;
+ // FIXME: info->helper = &h245;
}
return ret;
}
@@ -164,8 +147,6 @@
tcplen = (*pskb)->len - iph->ihl * 4;
datalen = tcplen - tcph->doff * 4;
- MUST_BE_LOCKED(&ip_h323_lock);
-
DEBUGP("h323_signal_address_fixup: %s %s\n",
between(info->seq[IP_CT_DIR_ORIGINAL], ntohl(tcph->seq), ntohl(tcph->seq) + datalen)
? "yes" : "no",
@@ -223,10 +204,10 @@
return 1;
}
-static int h323_data_fixup(struct ip_ct_h225_expect *info,
- struct ip_conntrack *ct,
+static unsigned int h323_data_fixup(struct ip_conntrack *ct,
struct sk_buff **pskb,
enum ip_conntrack_info ctinfo,
+ struct ip_ct_h225_expect *info,
struct ip_conntrack_expect *expect)
{
struct {
@@ -247,23 +228,10 @@
tcplen = (*pskb)->len - iph->ihl * 4;
- MUST_BE_LOCKED(&ip_h323_lock);
DEBUGP("h323_data_fixup: offset %u + 6 in %u\n", info->offset, tcplen);
DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_REPLY].tuple);
- if (!between(expect->seq + 6, ntohl(tcph->seq),
- ntohl(tcph->seq) + tcplen - tcph->doff * 4)) {
- /* Partial retransmisison. It's a cracker being funky. */
- if (net_ratelimit()) {
- printk("H.323_NAT: partial packet %u/6 in %u/%u\n",
- expect->seq,
- ntohl(tcph->seq),
- ntohl(tcph->seq) + tcplen - tcph->doff * 4);
- }
- return 0;
- }
-
/* Change address inside packet to match way we're mapping
this connection. */
if (info->dir == IP_CT_DIR_REPLY) {
@@ -291,114 +259,72 @@
}
/* Try to get same port: if not, try to change it. */
- for (newdata.port = ntohs(info->port); newdata.port != 0; newdata.port++) {
+ for (newdata.port = ntohs(info->port); newdata.port != 0;
+ newdata.port++) {
if (is_h225)
- newtuple.dst.u.tcp.port = htons(newdata.port);
+ expect->tuple.dst.u.tcp.port = htons(newdata.port);
else
- newtuple.dst.u.udp.port = htons(newdata.port);
+ expect->tuple.dst.u.udp.port = htons(newdata.port);
- if (ip_conntrack_change_expect(expect, &newtuple) == 0)
+ if (ip_conntrack_expect_related(expect) == 0)
break;
}
if (newdata.port == 0) {
DEBUGP("h323_data_fixup: no free port found!\n");
- return 0;
+ ip_conntrack_expect_free(expect);
+ return NF_DROP;
}
newdata.port = htons(newdata.port);
/* Modify the packet */
ret = ip_nat_mangle_tcp_packet(pskb, ct, ctinfo,
- expect->seq - ntohl(tcph->seq),
+ info->offset,
sizeof(newdata),
(const char*)&newdata, sizeof(newdata));
- if (!ret)
- return 0;
+ if (!ret) {
+ ip_conntrack_unexpect_related(expect);
+ return NF_DROP;
+ }
- return 1;
+ return NF_ACCEPT;
}
+#if 0
static unsigned int h225_nat_help(struct ip_conntrack *ct,
+ struct sk_buff **pskb,
struct ip_conntrack_expect *exp,
- struct ip_nat_info *info,
- enum ip_conntrack_info ctinfo,
- unsigned int hooknum,
- struct sk_buff **pskb)
+ struct ip_ct_h225_expect *exp_info,
+ enum ip_conntrack_info ctinfo)
+
{
- int dir;
- struct ip_ct_h225_expect *exp_info;
-
- /* Only mangle things once: original direction in POST_ROUTING
- and reply direction on PRE_ROUTING. */
- dir = CTINFO2DIR(ctinfo);
- DEBUGP("nat_h323: dir %s at hook %s\n",
- dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY",
- hooknum == NF_IP_POST_ROUTING ? "POSTROUTING"
- : hooknum == NF_IP_PRE_ROUTING ? "PREROUTING"
- : hooknum == NF_IP_LOCAL_OUT ? "OUTPUT" : "???");
- if (!((hooknum == NF_IP_POST_ROUTING && dir == IP_CT_DIR_ORIGINAL)
- || (hooknum == NF_IP_PRE_ROUTING && dir == IP_CT_DIR_REPLY))) {
- DEBUGP("nat_h323: Not touching dir %s at hook %s\n",
- dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY",
- hooknum == NF_IP_POST_ROUTING ? "POSTROUTING"
- : hooknum == NF_IP_PRE_ROUTING ? "PREROUTING"
- : hooknum == NF_IP_LOCAL_OUT ? "OUTPUT" : "???");
- return NF_ACCEPT;
- }
-
if (!exp) {
- LOCK_BH(&ip_h323_lock);
if (!h323_signal_address_fixup(ct, pskb, ctinfo)) {
- UNLOCK_BH(&ip_h323_lock);
return NF_DROP;
}
- UNLOCK_BH(&ip_h323_lock);
return NF_ACCEPT;
}
- exp_info = &exp->help.exp_h225_info;
-
- LOCK_BH(&ip_h323_lock);
if (!h323_data_fixup(exp_info, ct, pskb, ctinfo, exp)) {
- UNLOCK_BH(&ip_h323_lock);
return NF_DROP;
}
- UNLOCK_BH(&ip_h323_lock);
return NF_ACCEPT;
}
+#endif
-static struct ip_nat_helper h225 = {
- .list = { NULL, NULL },
- .name = "H.225",
- .flags = IP_NAT_HELPER_F_ALWAYS,
- .me = THIS_MODULE,
- .tuple = { { 0, { .tcp = { __constant_htons(H225_PORT) } } },
- { 0, { 0 }, IPPROTO_TCP } },
- .mask = { { 0, { .tcp = { 0xFFFF } } },
- { 0, { 0 }, 0xFFFF } },
- .help = h225_nat_help,
- .expect = h225_nat_expected
-};
-
static int __init init(void)
{
- int ret;
+ BUG_ON(ip_nat_h225_exp_hook);
+ ip_nat_h225_exp_hook = &h323_data_fixup;
- ret = ip_nat_helper_register(&h225);
-
- if (ret != 0)
- printk("ip_nat_h323: cannot initialize the module!\n");
-
- return ret;
+ return 0;
}
static void __exit fini(void)
{
- ip_nat_helper_unregister(&h225);
+ ip_nat_h225_exp_hook = NULL;
}
-NEEDS_CONNTRACK(h225);
-NEEDS_CONNTRACK(h245);
module_init(init);
module_exit(fini);
More information about the netfilter-cvslog
mailing list