net/netfilter/nf_conntrack_h323_asn1.c

   1 // SPDX-License-Identifier: GPL-2.0-only
   2 /*
   3  * BER and PER decoding library for H.323 conntrack/NAT module.
   4  *
   5  * Copyright (c) 2006 by Jing Min Zhao <zhaojingmin@users.sourceforge.net>
   6  *
   7  * See nf_conntrack_helper_h323_asn1.h for details.
   8  */
   9
  10 #ifdef __KERNEL__
  11 #include <linux/kernel.h>
  12 #else
  13 #include <stdio.h>
  14 #endif
  15 #include <linux/netfilter/nf_conntrack_h323_asn1.h>
  16
  17 /* Trace Flag */
  18 #ifndef H323_TRACE
  19 #define H323_TRACE 0
  20 #endif
  21
  22 #if H323_TRACE
  23 #define TAB_SIZE 4
  24 #define IFTHEN(cond, act) if(cond){act;}
  25 #ifdef __KERNEL__
  26 #define PRINT printk
  27 #else
  28 #define PRINT printf
  29 #endif
  30 #define FNAME(name) name,
  31 #else
  32 #define IFTHEN(cond, act)
  33 #define PRINT(fmt, args...)
  34 #define FNAME(name)
  35 #endif
  36
  37 /* ASN.1 Types */
  38 #define NUL 0
  39 #define BOOL 1
  40 #define OID 2
  41 #define INT 3
  42 #define ENUM 4
  43 #define BITSTR 5
  44 #define NUMSTR 6
  45 #define NUMDGT 6
  46 #define TBCDSTR 6
  47 #define OCTSTR 7
  48 #define PRTSTR 7
  49 #define IA5STR 7
  50 #define GENSTR 7
  51 #define BMPSTR 8
  52 #define SEQ 9
  53 #define SET 9
  54 #define SEQOF 10
  55 #define SETOF 10
  56 #define CHOICE 11
  57
  58 /* Constraint Types */
  59 #define FIXD 0
  60 /* #define BITS 1-8 */
  61 #define BYTE 9
  62 #define WORD 10
  63 #define CONS 11
  64 #define SEMI 12
  65 #define UNCO 13
  66
  67 /* ASN.1 Type Attributes */
  68 #define SKIP 0
  69 #define STOP 1
  70 #define DECODE 2
  71 #define EXT 4
  72 #define OPEN 8
  73 #define OPT 16
  74
  75
  76 /* ASN.1 Field Structure */
  77 typedef struct field_t {
  78 #if H323_TRACE
  79         char *name;
  80 #endif
  81         unsigned char type;
  82         unsigned char sz;
  83         unsigned char lb;
  84         unsigned char ub;
  85         unsigned short attr;
  86         unsigned short offset;
  87         const struct field_t *fields;
  88 } field_t;
  89
  90 /* Bit Stream */
  91 struct bitstr {
  92         unsigned char *buf;
  93         unsigned char *beg;
  94         unsigned char *end;
  95         unsigned char *cur;
  96         unsigned int bit;
  97 };
  98
  99 /* Tool Functions */
 100 #define INC_BIT(bs) if((++(bs)->bit)>7){(bs)->cur++;(bs)->bit=0;}
 101 #define INC_BITS(bs,b) if(((bs)->bit+=(b))>7){(bs)->cur+=(bs)->bit>>3;(bs)->bit&=7;}
 102 #define BYTE_ALIGN(bs) if((bs)->bit){(bs)->cur++;(bs)->bit=0;}
 103 static unsigned int get_len(struct bitstr *bs);
 104 static unsigned int get_bit(struct bitstr *bs);
 105 static unsigned int get_bits(struct bitstr *bs, unsigned int b);
 106 static unsigned int get_bitmap(struct bitstr *bs, unsigned int b);
 107 static unsigned int get_uint(struct bitstr *bs, int b);
 108
 109 /* Decoder Functions */
 110 static int decode_nul(struct bitstr *bs, const struct field_t *f, char *base, int level);
 111 static int decode_bool(struct bitstr *bs, const struct field_t *f, char *base, int level);
 112 static int decode_oid(struct bitstr *bs, const struct field_t *f, char *base, int level);
 113 static int decode_int(struct bitstr *bs, const struct field_t *f, char *base, int level);
 114 static int decode_enum(struct bitstr *bs, const struct field_t *f, char *base, int level);
 115 static int decode_bitstr(struct bitstr *bs, const struct field_t *f, char *base, int level);
 116 static int decode_numstr(struct bitstr *bs, const struct field_t *f, char *base, int level);
 117 static int decode_octstr(struct bitstr *bs, const struct field_t *f, char *base, int level);
 118 static int decode_bmpstr(struct bitstr *bs, const struct field_t *f, char *base, int level);
 119 static int decode_seq(struct bitstr *bs, const struct field_t *f, char *base, int level);
 120 static int decode_seqof(struct bitstr *bs, const struct field_t *f, char *base, int level);
 121 static int decode_choice(struct bitstr *bs, const struct field_t *f, char *base, int level);
 122
 123 /* Decoder Functions Vector */
 124 typedef int (*decoder_t)(struct bitstr *, const struct field_t *, char *, int);
 125 static const decoder_t Decoders[] = {
 126         decode_nul,
 127         decode_bool,
 128         decode_oid,
 129         decode_int,
 130         decode_enum,
 131         decode_bitstr,
 132         decode_numstr,
 133         decode_octstr,
 134         decode_bmpstr,
 135         decode_seq,
 136         decode_seqof,
 137         decode_choice,
 138 };
 139
 140 /*
 141  * H.323 Types
 142  */
 143 #include "nf_conntrack_h323_types.c"
 144
 145 /*
 146  * Functions
 147  */
 148
 149 /* Assume bs is aligned && v < 16384 */
 150 static unsigned int get_len(struct bitstr *bs)
 151 {
 152         unsigned int v;
 153
 154         v = *bs->cur++;
 155
 156         if (v & 0x80) {
 157                 v &= 0x3f;
 158                 v <<= 8;
 159                 v += *bs->cur++;
 160         }
 161
 162         return v;
 163 }
 164
 165 static int nf_h323_error_boundary(struct bitstr *bs, size_t bytes, size_t bits)
 166 {
 167         bits += bs->bit;
 168         bytes += bits / BITS_PER_BYTE;
 169         if (bits % BITS_PER_BYTE > 0)
 170                 bytes++;
 171
 172         if (bs->cur + bytes > bs->end)
 173                 return 1;
 174
 175         return 0;
 176 }
 177
 178 static unsigned int get_bit(struct bitstr *bs)
 179 {
 180         unsigned int b = (*bs->cur) & (0x80 >> bs->bit);
 181
 182         INC_BIT(bs);
 183
 184         return b;
 185 }
 186
 187 /* Assume b <= 8 */
 188 static unsigned int get_bits(struct bitstr *bs, unsigned int b)
 189 {
 190         unsigned int v, l;
 191
 192         v = (*bs->cur) & (0xffU >> bs->bit);
 193         l = b + bs->bit;
 194
 195         if (l < 8) {
 196                 v >>= 8 - l;
 197                 bs->bit = l;
 198         } else if (l == 8) {
 199                 bs->cur++;
 200                 bs->bit = 0;
 201         } else {                /* l > 8 */
 202
 203                 v <<= 8;
 204                 v += *(++bs->cur);
 205                 v >>= 16 - l;
 206                 bs->bit = l - 8;
 207         }
 208
 209         return v;
 210 }
 211
 212 /* Assume b <= 32 */
 213 static unsigned int get_bitmap(struct bitstr *bs, unsigned int b)
 214 {
 215         unsigned int v, l, shift, bytes;
 216
 217         if (!b)
 218                 return 0;
 219
 220         l = bs->bit + b;
 221
 222         if (l < 8) {
 223                 v = (unsigned int)(*bs->cur) << (bs->bit + 24);
 224                 bs->bit = l;
 225         } else if (l == 8) {
 226                 v = (unsigned int)(*bs->cur++) << (bs->bit + 24);
 227                 bs->bit = 0;
 228         } else {
 229                 for (bytes = l >> 3, shift = 24, v = 0; bytes;
 230                      bytes--, shift -= 8)
 231                         v |= (unsigned int)(*bs->cur++) << shift;
 232
 233                 if (l < 32) {
 234                         v |= (unsigned int)(*bs->cur) << shift;
 235                         v <<= bs->bit;
 236                 } else if (l > 32) {
 237                         v <<= bs->bit;
 238                         v |= (*bs->cur) >> (8 - bs->bit);
 239                 }
 240
 241                 bs->bit = l & 0x7;
 242         }
 243
 244         v &= 0xffffffff << (32 - b);
 245
 246         return v;
 247 }
 248
 249 /*
 250  * Assume bs is aligned and sizeof(unsigned int) == 4
 251  */
 252 static unsigned int get_uint(struct bitstr *bs, int b)
 253 {
 254         unsigned int v = 0;
 255
 256         switch (b) {
 257         case 4:
 258                 v |= *bs->cur++;
 259                 v <<= 8;
 260                 fallthrough;
 261         case 3:
 262                 v |= *bs->cur++;
 263                 v <<= 8;
 264                 fallthrough;
 265         case 2:
 266                 v |= *bs->cur++;
 267                 v <<= 8;
 268                 fallthrough;
 269         case 1:
 270                 v |= *bs->cur++;
 271                 break;
 272         }
 273         return v;
 274 }
 275
 276 static int decode_nul(struct bitstr *bs, const struct field_t *f,
 277                       char *base, int level)
 278 {
 279         PRINT("%*.s%s\n", level * TAB_SIZE, " ", f->name);
 280
 281         return H323_ERROR_NONE;
 282 }
 283
 284 static int decode_bool(struct bitstr *bs, const struct field_t *f,
 285                        char *base, int level)
 286 {
 287         PRINT("%*.s%s\n", level * TAB_SIZE, " ", f->name);
 288
 289         INC_BIT(bs);
 290         if (nf_h323_error_boundary(bs, 0, 0))
 291                 return H323_ERROR_BOUND;
 292         return H323_ERROR_NONE;
 293 }
 294
 295 static int decode_oid(struct bitstr *bs, const struct field_t *f,
 296                       char *base, int level)
 297 {
 298         int len;
 299
 300         PRINT("%*.s%s\n", level * TAB_SIZE, " ", f->name);
 301
 302         BYTE_ALIGN(bs);
 303         if (nf_h323_error_boundary(bs, 1, 0))
 304                 return H323_ERROR_BOUND;
 305
 306         len = *bs->cur++;
 307         bs->cur += len;
 308         if (nf_h323_error_boundary(bs, 0, 0))
 309                 return H323_ERROR_BOUND;
 310
 311         return H323_ERROR_NONE;
 312 }
 313
 314 static int decode_int(struct bitstr *bs, const struct field_t *f,
 315                       char *base, int level)
 316 {
 317         unsigned int len;
 318
 319         PRINT("%*.s%s", level * TAB_SIZE, " ", f->name);
 320
 321         switch (f->sz) {
 322         case BYTE:              /* Range == 256 */
 323                 BYTE_ALIGN(bs);
 324                 bs->cur++;
 325                 break;
 326         case WORD:              /* 257 <= Range <= 64K */
 327                 BYTE_ALIGN(bs);
 328                 bs->cur += 2;
 329                 break;
 330         case CONS:              /* 64K < Range < 4G */
 331                 if (nf_h323_error_boundary(bs, 0, 2))
 332                         return H323_ERROR_BOUND;
 333                 len = get_bits(bs, 2) + 1;
 334                 BYTE_ALIGN(bs);
 335                 if (base && (f->attr & DECODE)) {       /* timeToLive */
 336                         unsigned int v = get_uint(bs, len) + f->lb;
 337                         PRINT(" = %u", v);
 338                         *((unsigned int *)(base + f->offset)) = v;
 339                 }
 340                 bs->cur += len;
 341                 break;
 342         case UNCO:
 343                 BYTE_ALIGN(bs);
 344                 if (nf_h323_error_boundary(bs, 2, 0))
 345                         return H323_ERROR_BOUND;
 346                 len = get_len(bs);
 347                 bs->cur += len;
 348                 break;
 349         default:                /* 2 <= Range <= 255 */
 350                 INC_BITS(bs, f->sz);
 351                 break;
 352         }
 353
 354         PRINT("\n");
 355
 356         if (nf_h323_error_boundary(bs, 0, 0))
 357                 return H323_ERROR_BOUND;
 358         return H323_ERROR_NONE;
 359 }
 360
 361 static int decode_enum(struct bitstr *bs, const struct field_t *f,
 362                        char *base, int level)
 363 {
 364         PRINT("%*.s%s\n", level * TAB_SIZE, " ", f->name);
 365
 366         if ((f->attr & EXT) && get_bit(bs)) {
 367                 INC_BITS(bs, 7);
 368         } else {
 369                 INC_BITS(bs, f->sz);
 370         }
 371
 372         if (nf_h323_error_boundary(bs, 0, 0))
 373                 return H323_ERROR_BOUND;
 374         return H323_ERROR_NONE;
 375 }
 376
 377 static int decode_bitstr(struct bitstr *bs, const struct field_t *f,
 378                          char *base, int level)
 379 {
 380         unsigned int len;
 381
 382         PRINT("%*.s%s\n", level * TAB_SIZE, " ", f->name);
 383
 384         BYTE_ALIGN(bs);
 385         switch (f->sz) {
 386         case FIXD:              /* fixed length > 16 */
 387                 len = f->lb;
 388                 break;
 389         case WORD:              /* 2-byte length */
 390                 if (nf_h323_error_boundary(bs, 2, 0))
 391                         return H323_ERROR_BOUND;
 392                 len = (*bs->cur++) << 8;
 393                 len += (*bs->cur++) + f->lb;
 394                 break;
 395         case SEMI:
 396                 if (nf_h323_error_boundary(bs, 2, 0))
 397                         return H323_ERROR_BOUND;
 398                 len = get_len(bs);
 399                 break;
 400         default:
 401                 len = 0;
 402                 break;
 403         }
 404
 405         bs->cur += len >> 3;
 406         bs->bit = len & 7;
 407
 408         if (nf_h323_error_boundary(bs, 0, 0))
 409                 return H323_ERROR_BOUND;
 410         return H323_ERROR_NONE;
 411 }
 412
 413 static int decode_numstr(struct bitstr *bs, const struct field_t *f,
 414                          char *base, int level)
 415 {
 416         unsigned int len;
 417
 418         PRINT("%*.s%s\n", level * TAB_SIZE, " ", f->name);
 419
 420         /* 2 <= Range <= 255 */
 421         if (nf_h323_error_boundary(bs, 0, f->sz))
 422                 return H323_ERROR_BOUND;
 423         len = get_bits(bs, f->sz) + f->lb;
 424
 425         BYTE_ALIGN(bs);
 426         INC_BITS(bs, (len << 2));
 427
 428         if (nf_h323_error_boundary(bs, 0, 0))
 429                 return H323_ERROR_BOUND;
 430         return H323_ERROR_NONE;
 431 }
 432
 433 static int decode_octstr(struct bitstr *bs, const struct field_t *f,
 434                          char *base, int level)
 435 {
 436         unsigned int len;
 437
 438         PRINT("%*.s%s", level * TAB_SIZE, " ", f->name);
 439
 440         switch (f->sz) {
 441         case FIXD:              /* Range == 1 */
 442                 if (f->lb > 2) {
 443                         BYTE_ALIGN(bs);
 444                         if (base && (f->attr & DECODE)) {
 445                                 /* The IP Address */
 446                                 IFTHEN(f->lb == 4,
 447                                        PRINT(" = %d.%d.%d.%d:%d",
 448                                              bs->cur[0], bs->cur[1],
 449                                              bs->cur[2], bs->cur[3],
 450                                              bs->cur[4] * 256 + bs->cur[5]));
 451                                 *((unsigned int *)(base + f->offset)) =
 452                                     bs->cur - bs->buf;
 453                         }
 454                 }
 455                 len = f->lb;
 456                 break;
 457         case BYTE:              /* Range == 256 */
 458                 BYTE_ALIGN(bs);
 459                 if (nf_h323_error_boundary(bs, 1, 0))
 460                         return H323_ERROR_BOUND;
 461                 len = (*bs->cur++) + f->lb;
 462                 break;
 463         case SEMI:
 464                 BYTE_ALIGN(bs);
 465                 if (nf_h323_error_boundary(bs, 2, 0))
 466                         return H323_ERROR_BOUND;
 467                 len = get_len(bs) + f->lb;
 468                 break;
 469         default:                /* 2 <= Range <= 255 */
 470                 if (nf_h323_error_boundary(bs, 0, f->sz))
 471                         return H323_ERROR_BOUND;
 472                 len = get_bits(bs, f->sz) + f->lb;
 473                 BYTE_ALIGN(bs);
 474                 break;
 475         }
 476
 477         bs->cur += len;
 478
 479         PRINT("\n");
 480
 481         if (nf_h323_error_boundary(bs, 0, 0))
 482                 return H323_ERROR_BOUND;
 483         return H323_ERROR_NONE;
 484 }
 485
 486 static int decode_bmpstr(struct bitstr *bs, const struct field_t *f,
 487                          char *base, int level)
 488 {
 489         unsigned int len;
 490
 491         PRINT("%*.s%s\n", level * TAB_SIZE, " ", f->name);
 492
 493         switch (f->sz) {
 494         case BYTE:              /* Range == 256 */
 495                 BYTE_ALIGN(bs);
 496                 if (nf_h323_error_boundary(bs, 1, 0))
 497                         return H323_ERROR_BOUND;
 498                 len = (*bs->cur++) + f->lb;
 499                 break;
 500         default:                /* 2 <= Range <= 255 */
 501                 if (nf_h323_error_boundary(bs, 0, f->sz))
 502                         return H323_ERROR_BOUND;
 503                 len = get_bits(bs, f->sz) + f->lb;
 504                 BYTE_ALIGN(bs);
 505                 break;
 506         }
 507
 508         bs->cur += len << 1;
 509
 510         if (nf_h323_error_boundary(bs, 0, 0))
 511                 return H323_ERROR_BOUND;
 512         return H323_ERROR_NONE;
 513 }
 514
 515 static int decode_seq(struct bitstr *bs, const struct field_t *f,
 516                       char *base, int level)
 517 {
 518         unsigned int ext, bmp, i, opt, len = 0, bmp2, bmp2_len;
 519         int err;
 520         const struct field_t *son;
 521         unsigned char *beg = NULL;
 522
 523         PRINT("%*.s%s\n", level * TAB_SIZE, " ", f->name);
 524
 525         /* Decode? */
 526         base = (base && (f->attr & DECODE)) ? base + f->offset : NULL;
 527
 528         /* Extensible? */
 529         if (nf_h323_error_boundary(bs, 0, 1))
 530                 return H323_ERROR_BOUND;
 531         ext = (f->attr & EXT) ? get_bit(bs) : 0;
 532
 533         /* Get fields bitmap */
 534         if (nf_h323_error_boundary(bs, 0, f->sz))
 535                 return H323_ERROR_BOUND;
 536         if (f->sz > 32)
 537                 return H323_ERROR_RANGE;
 538         bmp = get_bitmap(bs, f->sz);
 539         if (base)
 540                 *(unsigned int *)base = bmp;
 541
 542         /* Decode the root components */
 543         for (i = opt = 0, son = f->fields; i < f->lb; i++, son++) {
 544                 if (son->attr & STOP) {
 545                         PRINT("%*.s%s\n", (level + 1) * TAB_SIZE, " ",
 546                               son->name);
 547                         return H323_ERROR_STOP;
 548                 }
 549
 550                 if (son->attr & OPT) {  /* Optional component */
 551                         if (!((0x80000000U >> (opt++)) & bmp))  /* Not exist */
 552                                 continue;
 553                 }
 554
 555                 /* Decode */
 556                 if (son->attr & OPEN) { /* Open field */
 557                         if (nf_h323_error_boundary(bs, 2, 0))
 558                                 return H323_ERROR_BOUND;
 559                         len = get_len(bs);
 560                         if (nf_h323_error_boundary(bs, len, 0))
 561                                 return H323_ERROR_BOUND;
 562                         if (!base || !(son->attr & DECODE)) {
 563                                 PRINT("%*.s%s\n", (level + 1) * TAB_SIZE,
 564                                       " ", son->name);
 565                                 bs->cur += len;
 566                                 continue;
 567                         }
 568                         beg = bs->cur;
 569
 570                         /* Decode */
 571                         if ((err = (Decoders[son->type]) (bs, son, base,
 572                                                           level + 1)) <
 573                             H323_ERROR_NONE)
 574                                 return err;
 575
 576                         bs->cur = beg + len;
 577                         bs->bit = 0;
 578                 } else if ((err = (Decoders[son->type]) (bs, son, base,
 579                                                          level + 1)) <
 580                            H323_ERROR_NONE)
 581                         return err;
 582         }
 583
 584         /* No extension? */
 585         if (!ext)
 586                 return H323_ERROR_NONE;
 587
 588         /* Get the extension bitmap */
 589         if (nf_h323_error_boundary(bs, 0, 7))
 590                 return H323_ERROR_BOUND;
 591         bmp2_len = get_bits(bs, 7) + 1;
 592         if (nf_h323_error_boundary(bs, 0, bmp2_len))
 593                 return H323_ERROR_BOUND;
 594         if (bmp2_len > 32)
 595                 return H323_ERROR_RANGE;
 596         bmp2 = get_bitmap(bs, bmp2_len);
 597         bmp |= bmp2 >> f->sz;
 598         if (base)
 599                 *(unsigned int *)base = bmp;
 600         BYTE_ALIGN(bs);
 601
 602         /* Decode the extension components */
 603         for (opt = 0; opt < bmp2_len; opt++, i++, son++) {
 604                 /* Check Range */
 605                 if (i >= f->ub) {       /* Newer Version? */
 606                         if (nf_h323_error_boundary(bs, 2, 0))
 607                                 return H323_ERROR_BOUND;
 608                         len = get_len(bs);
 609                         if (nf_h323_error_boundary(bs, len, 0))
 610                                 return H323_ERROR_BOUND;
 611                         bs->cur += len;
 612                         continue;
 613                 }
 614
 615                 if (son->attr & STOP) {
 616                         PRINT("%*.s%s\n", (level + 1) * TAB_SIZE, " ",
 617                               son->name);
 618                         return H323_ERROR_STOP;
 619                 }
 620
 621                 if (!((0x80000000 >> opt) & bmp2))      /* Not present */
 622                         continue;
 623
 624                 if (nf_h323_error_boundary(bs, 2, 0))
 625                         return H323_ERROR_BOUND;
 626                 len = get_len(bs);
 627                 if (nf_h323_error_boundary(bs, len, 0))
 628                         return H323_ERROR_BOUND;
 629                 if (!base || !(son->attr & DECODE)) {
 630                         PRINT("%*.s%s\n", (level + 1) * TAB_SIZE, " ",
 631                               son->name);
 632                         bs->cur += len;
 633                         continue;
 634                 }
 635                 beg = bs->cur;
 636
 637                 if ((err = (Decoders[son->type]) (bs, son, base,
 638                                                   level + 1)) <
 639                     H323_ERROR_NONE)
 640                         return err;
 641
 642                 bs->cur = beg + len;
 643                 bs->bit = 0;
 644         }
 645         return H323_ERROR_NONE;
 646 }
 647
 648 static int decode_seqof(struct bitstr *bs, const struct field_t *f,
 649                         char *base, int level)
 650 {
 651         unsigned int count, effective_count = 0, i, len = 0;
 652         int err;
 653         const struct field_t *son;
 654         unsigned char *beg = NULL;
 655
 656         PRINT("%*.s%s\n", level * TAB_SIZE, " ", f->name);
 657
 658         /* Decode? */
 659         base = (base && (f->attr & DECODE)) ? base + f->offset : NULL;
 660
 661         /* Decode item count */
 662         switch (f->sz) {
 663         case BYTE:
 664                 BYTE_ALIGN(bs);
 665                 if (nf_h323_error_boundary(bs, 1, 0))
 666                         return H323_ERROR_BOUND;
 667                 count = *bs->cur++;
 668                 break;
 669         case WORD:
 670                 BYTE_ALIGN(bs);
 671                 if (nf_h323_error_boundary(bs, 2, 0))
 672                         return H323_ERROR_BOUND;
 673                 count = *bs->cur++;
 674                 count <<= 8;
 675                 count += *bs->cur++;
 676                 break;
 677         case SEMI:
 678                 BYTE_ALIGN(bs);
 679                 if (nf_h323_error_boundary(bs, 2, 0))
 680                         return H323_ERROR_BOUND;
 681                 count = get_len(bs);
 682                 break;
 683         default:
 684                 if (nf_h323_error_boundary(bs, 0, f->sz))
 685                         return H323_ERROR_BOUND;
 686                 count = get_bits(bs, f->sz);
 687                 break;
 688         }
 689         count += f->lb;
 690
 691         /* Write Count */
 692         if (base) {
 693                 effective_count = count > f->ub ? f->ub : count;
 694                 *(unsigned int *)base = effective_count;
 695                 base += sizeof(unsigned int);
 696         }
 697
 698         /* Decode nested field */
 699         son = f->fields;
 700         if (base)
 701                 base -= son->offset;
 702         for (i = 0; i < count; i++) {
 703                 if (son->attr & OPEN) {
 704                         BYTE_ALIGN(bs);
 705                         if (nf_h323_error_boundary(bs, 2, 0))
 706                                 return H323_ERROR_BOUND;
 707                         len = get_len(bs);
 708                         if (nf_h323_error_boundary(bs, len, 0))
 709                                 return H323_ERROR_BOUND;
 710                         if (!base || !(son->attr & DECODE)) {
 711                                 PRINT("%*.s%s\n", (level + 1) * TAB_SIZE,
 712                                       " ", son->name);
 713                                 bs->cur += len;
 714                                 continue;
 715                         }
 716                         beg = bs->cur;
 717
 718                         if ((err = (Decoders[son->type]) (bs, son,
 719                                                           i <
 720                                                           effective_count ?
 721                                                           base : NULL,
 722                                                           level + 1)) <
 723                             H323_ERROR_NONE)
 724                                 return err;
 725
 726                         bs->cur = beg + len;
 727                         bs->bit = 0;
 728                 } else
 729                         if ((err = (Decoders[son->type]) (bs, son,
 730                                                           i <
 731                                                           effective_count ?
 732                                                           base : NULL,
 733                                                           level + 1)) <
 734                             H323_ERROR_NONE)
 735                                 return err;
 736
 737                 if (base)
 738                         base += son->offset;
 739         }
 740
 741         return H323_ERROR_NONE;
 742 }
 743
 744 static int decode_choice(struct bitstr *bs, const struct field_t *f,
 745                          char *base, int level)
 746 {
 747         unsigned int type, ext, len = 0;
 748         int err;
 749         const struct field_t *son;
 750         unsigned char *beg = NULL;
 751
 752         PRINT("%*.s%s\n", level * TAB_SIZE, " ", f->name);
 753
 754         /* Decode? */
 755         base = (base && (f->attr & DECODE)) ? base + f->offset : NULL;
 756
 757         /* Decode the choice index number */
 758         if (nf_h323_error_boundary(bs, 0, 1))
 759                 return H323_ERROR_BOUND;
 760         if ((f->attr & EXT) && get_bit(bs)) {
 761                 ext = 1;
 762                 if (nf_h323_error_boundary(bs, 0, 7))
 763                         return H323_ERROR_BOUND;
 764                 type = get_bits(bs, 7) + f->lb;
 765         } else {
 766                 ext = 0;
 767                 if (nf_h323_error_boundary(bs, 0, f->sz))
 768                         return H323_ERROR_BOUND;
 769                 type = get_bits(bs, f->sz);
 770                 if (type >= f->lb)
 771                         return H323_ERROR_RANGE;
 772         }
 773
 774         /* Write Type */
 775         if (base)
 776                 *(unsigned int *)base = type;
 777
 778         /* Check Range */
 779         if (type >= f->ub) {    /* Newer version? */
 780                 BYTE_ALIGN(bs);
 781                 if (nf_h323_error_boundary(bs, 2, 0))
 782                         return H323_ERROR_BOUND;
 783                 len = get_len(bs);
 784                 if (nf_h323_error_boundary(bs, len, 0))
 785                         return H323_ERROR_BOUND;
 786                 bs->cur += len;
 787                 return H323_ERROR_NONE;
 788         }
 789
 790         /* Transfer to son level */
 791         son = &f->fields[type];
 792         if (son->attr & STOP) {
 793                 PRINT("%*.s%s\n", (level + 1) * TAB_SIZE, " ", son->name);
 794                 return H323_ERROR_STOP;
 795         }
 796
 797         if (ext || (son->attr & OPEN)) {
 798                 BYTE_ALIGN(bs);
 799                 if (nf_h323_error_boundary(bs, len, 0))
 800                         return H323_ERROR_BOUND;
 801                 len = get_len(bs);
 802                 if (nf_h323_error_boundary(bs, len, 0))
 803                         return H323_ERROR_BOUND;
 804                 if (!base || !(son->attr & DECODE)) {
 805                         PRINT("%*.s%s\n", (level + 1) * TAB_SIZE, " ",
 806                               son->name);
 807                         bs->cur += len;
 808                         return H323_ERROR_NONE;
 809                 }
 810                 beg = bs->cur;
 811
 812                 if ((err = (Decoders[son->type]) (bs, son, base, level + 1)) <
 813                     H323_ERROR_NONE)
 814                         return err;
 815
 816                 bs->cur = beg + len;
 817                 bs->bit = 0;
 818         } else if ((err = (Decoders[son->type]) (bs, son, base, level + 1)) <
 819                    H323_ERROR_NONE)
 820                 return err;
 821
 822         return H323_ERROR_NONE;
 823 }
 824
 825 int DecodeRasMessage(unsigned char *buf, size_t sz, RasMessage *ras)
 826 {
 827         static const struct field_t ras_message = {
 828                 FNAME("RasMessage") CHOICE, 5, 24, 32, DECODE | EXT,
 829                 0, _RasMessage
 830         };
 831         struct bitstr bs;
 832
 833         bs.buf = bs.beg = bs.cur = buf;
 834         bs.end = buf + sz;
 835         bs.bit = 0;
 836
 837         return decode_choice(&bs, &ras_message, (char *) ras, 0);
 838 }
 839
 840 static int DecodeH323_UserInformation(unsigned char *buf, unsigned char *beg,
 841                                       size_t sz, H323_UserInformation *uuie)
 842 {
 843         static const struct field_t h323_userinformation = {
 844                 FNAME("H323-UserInformation") SEQ, 1, 2, 2, DECODE | EXT,
 845                 0, _H323_UserInformation
 846         };
 847         struct bitstr bs;
 848
 849         bs.buf = buf;
 850         bs.beg = bs.cur = beg;
 851         bs.end = beg + sz;
 852         bs.bit = 0;
 853
 854         return decode_seq(&bs, &h323_userinformation, (char *) uuie, 0);
 855 }
 856
 857 int DecodeMultimediaSystemControlMessage(unsigned char *buf, size_t sz,
 858                                          MultimediaSystemControlMessage *
 859                                          mscm)
 860 {
 861         static const struct field_t multimediasystemcontrolmessage = {
 862                 FNAME("MultimediaSystemControlMessage") CHOICE, 2, 4, 4,
 863                 DECODE | EXT, 0, _MultimediaSystemControlMessage
 864         };
 865         struct bitstr bs;
 866
 867         bs.buf = bs.beg = bs.cur = buf;
 868         bs.end = buf + sz;
 869         bs.bit = 0;
 870
 871         return decode_choice(&bs, &multimediasystemcontrolmessage,
 872                              (char *) mscm, 0);
 873 }
 874
 875 int DecodeQ931(unsigned char *buf, size_t sz, Q931 *q931)
 876 {
 877         unsigned char *p = buf;
 878         int len;
 879
 880         if (!p || sz < 1)
 881                 return H323_ERROR_BOUND;
 882
 883         /* Protocol Discriminator */
 884         if (*p != 0x08) {
 885                 PRINT("Unknown Protocol Discriminator\n");
 886                 return H323_ERROR_RANGE;
 887         }
 888         p++;
 889         sz--;
 890
 891         /* CallReferenceValue */
 892         if (sz < 1)
 893                 return H323_ERROR_BOUND;
 894         len = *p++;
 895         sz--;
 896         if (sz < len)
 897                 return H323_ERROR_BOUND;
 898         p += len;
 899         sz -= len;
 900
 901         /* Message Type */
 902         if (sz < 2)
 903                 return H323_ERROR_BOUND;
 904         q931->MessageType = *p++;
 905         sz--;
 906         PRINT("MessageType = %02X\n", q931->MessageType);
 907         if (*p & 0x80) {
 908                 p++;
 909                 sz--;
 910         }
 911
 912         /* Decode Information Elements */
 913         while (sz > 0) {
 914                 if (*p == 0x7e) {       /* UserUserIE */
 915                         if (sz < 3)
 916                                 break;
 917                         p++;
 918                         len = *p++ << 8;
 919                         len |= *p++;
 920                         sz -= 3;
 921                         if (sz < len)
 922                                 break;
 923                         p++;
 924                         len--;
 925                         return DecodeH323_UserInformation(buf, p, len,
 926                                                           &q931->UUIE);
 927                 }
 928                 p++;
 929                 sz--;
 930                 if (sz < 1)
 931                         break;
 932                 len = *p++;
 933                 sz--;
 934                 if (sz < len)
 935                         break;
 936                 p += len;
 937                 sz -= len;
 938         }
 939
 940         PRINT("Q.931 UUIE not found\n");
 941
 942         return H323_ERROR_BOUND;
 943 }