H.323 helper

From kadlec@blackhole.kfki.hu Mon Sep 17 11:19:02 2001
Date: Thu, 6 Sep 2001 10:26:13 +0200 (CEST)
From: Jozsef Kadlecsik 
To: netfilter-devel@lists.samba.org
Subject: [PATCH] H.323/netmeeting conntrack/NAT helpers

Hello,

The attached patch adds CONFIG_IP_NF_H323: H.323/netmeeting support module
for netfilter connection tracking and NAT.  H.323 uses/relies on the
following data streams:

	Port		Description
	389 		Internet Locator Server (TCP)
	522		User Location Server (TCP)
	1503 		T.120 Protocol (TCP)
	1720		H.323 (H.225 call setup, TCP)
	1731		Audio call control (TCP)
	Dynamic		H.245 call control (TCP)
	Dynamic		RTCP/RTP streaming (UDP)

The H.323 conntrack/NAT modules support the connection tracking/NATing of
the data streams requested on the dynamic ports. The helpers use the
search/replace hack from the ip_masq_h323.c module for the 2.2 kernel
series.

At the very minimum, H.323/netmeeting (video/audio) is functional by letting
trough the 1720 port and loading these H.323 module(s).

The modules depend on the newnat code I posted on the netfilter-devel list
on Tue, 28 Aug 2001. The order of applying the patches:

- apply the newnat patch
- apply the h323-conntrack-nat.patch.plus patch, which fixes a bug
  in the newnat patch plus adds a required new functionality to the core
  (expectfn called in ip_conntrack_alter_reply too)
- apply the H.323 patch using patch-o-matic

Beware! At the moment patch-o-matic supports only *one* helper module:
you can cleanly apply either the IRC, or the talk, or the H.323 patch
by using p-o-m.

Beware! Because the H.323 helpers depend on the newnat code and too much
new functionality is built on each other, internally the debugging is
switched on. Expect *a lot* of kernel message.