net/netfilter/nf_conntrack_h323_asn1.c

   1 // SPDX-License-Identifier: GPL-2.0-only
   2 /*
   3  * ip_conntrack_helper_h323_asn1.c - BER and PER decoding library for H.323
   4  *                                   conntrack/NAT module.
   5  *
   6  * Copyright (c) 2006 by Jing Min Zhao <zhaojingmin@users.sourceforge.net>
   7  *
   8  * See ip_conntrack_helper_h323_asn1.h for details.
   9  */
  10
  11 #ifdef __KERNEL__
  12 #include <linux/kernel.h>
  13 #else
  14 #include <stdio.h>
  15 #endif
  16 #include <linux/netfilter/nf_conntrack_h323_asn1.h>
  17
  18 /* Trace Flag */
  19 #ifndef H323_TRACE
  20 #define H323_TRACE 0
  21 #endif
  22
  23 #if H323_TRACE
  24 #define TAB_SIZE 4
  25 #define IFTHEN(cond, act) if(cond){act;}
  26 #ifdef __KERNEL__
  27 #define PRINT printk
  28 #else
  29 #define PRINT printf
  30 #endif
  31 #define FNAME(name) name,
  32 #else
  33 #define IFTHEN(cond, act)
  34 #define PRINT(fmt, args...)
  35 #define FNAME(name)
  36 #endif
  37
  38 /* ASN.1 Types */
  39 #define NUL 0
  40 #define BOOL 1
  41 #define OID 2
  42 #define INT 3
  43 #define ENUM 4
  44 #define BITSTR 5
  45 #define NUMSTR 6
  46 #define NUMDGT 6
  47 #define TBCDSTR 6
  48 #define OCTSTR 7
  49 #define PRTSTR 7
  50 #define IA5STR 7
  51 #define GENSTR 7
  52 #define BMPSTR 8
  53 #define SEQ 9
  54 #define SET 9
  55 #define SEQOF 10
  56 #define SETOF 10
  57 #define CHOICE 11
  58
  59 /* Constraint Types */
  60 #define FIXD 0
  61 /* #define BITS 1-8 */
  62 #define BYTE 9
  63 #define WORD 10
  64 #define CONS 11
  65 #define SEMI 12
  66 #define UNCO 13
  67
  68 /* ASN.1 Type Attributes */
  69 #define SKIP 0
  70 #define STOP 1
  71 #define DECODE 2
  72 #define EXT 4
  73 #define OPEN 8
  74 #define OPT 16
  75
  76
  77 /* ASN.1 Field Structure */
  78 typedef struct field_t {
  79 #if H323_TRACE
  80         char *name;
  81 #endif
  82         unsigned char type;
  83         unsigned char sz;
  84         unsigned char lb;
  85         unsigned char ub;
  86         unsigned short attr;
  87         unsigned short offset;
  88         const struct field_t *fields;
  89 } field_t;
  90
  91 /* Bit Stream */
  92 struct bitstr {
  93         unsigned char *buf;
  94         unsigned char *beg;
  95         unsigned char *end;
  96         unsigned char *cur;
  97         unsigned int bit;
  98 };
  99
 100 /* Tool Functions */
 101 #define INC_BIT(bs) if((++(bs)->bit)>7){(bs)->cur++;(bs)->bit=0;}
 102 #define INC_BITS(bs,b) if(((bs)->bit+=(b))>7){(bs)->cur+=(bs)->bit>>3;(bs)->bit&=7;}
 103 #define BYTE_ALIGN(bs) if((bs)->bit){(bs)->cur++;(bs)->bit=0;}
 104 static unsigned int get_len(struct bitstr *bs);
 105 static unsigned int get_bit(struct bitstr *bs);
 106 static unsigned int get_bits(struct bitstr *bs, unsigned int b);
 107 static unsigned int get_bitmap(struct bitstr *bs, unsigned int b);
 108 static unsigned int get_uint(struct bitstr *bs, int b);
 109
 110 /* Decoder Functions */
 111 static int decode_nul(struct bitstr *bs, const struct field_t *f, char *base, int level);
 112 static int decode_bool(struct bitstr *bs, const struct field_t *f, char *base, int level);
 113 static int decode_oid(struct bitstr *bs, const struct field_t *f, char *base, int level);
 114 static int decode_int(struct bitstr *bs, const struct field_t *f, char *base, int level);
 115 static int decode_enum(struct bitstr *bs, const struct field_t *f, char *base, int level);
 116 static int decode_bitstr(struct bitstr *bs, const struct field_t *f, char *base, int level);
 117 static int decode_numstr(struct bitstr *bs, const struct field_t *f, char *base, int level);
 118 static int decode_octstr(struct bitstr *bs, const struct field_t *f, char *base, int level);
 119 static int decode_bmpstr(struct bitstr *bs, const struct field_t *f, char *base, int level);
 120 static int decode_seq(struct bitstr *bs, const struct field_t *f, char *base, int level);
 121 static int decode_seqof(struct bitstr *bs, const struct field_t *f, char *base, int level);
 122 static int decode_choice(struct bitstr *bs, const struct field_t *f, char *base, int level);
 123
 124 /* Decoder Functions Vector */
 125 typedef int (*decoder_t)(struct bitstr *, const struct field_t *, char *, int);
 126 static const decoder_t Decoders[] = {
 127         decode_nul,
 128         decode_bool,
 129         decode_oid,
 130         decode_int,
 131         decode_enum,
 132         decode_bitstr,
 133         decode_numstr,
 134         decode_octstr,
 135         decode_bmpstr,
 136         decode_seq,
 137         decode_seqof,
 138         decode_choice,
 139 };
 140
 141 /*
 142  * H.323 Types
 143  */
 144 #include "nf_conntrack_h323_types.c"
 145
 146 /*
 147  * Functions
 148  */
 149
 150 /* Assume bs is aligned && v < 16384 */
 151 static unsigned int get_len(struct bitstr *bs)
 152 {
 153         unsigned int v;
 154
 155         v = *bs->cur++;
 156
 157         if (v & 0x80) {
 158                 v &= 0x3f;
 159                 v <<= 8;
 160                 v += *bs->cur++;
 161         }
 162
 163         return v;
 164 }
 165
 166 static int nf_h323_error_boundary(struct bitstr *bs, size_t bytes, size_t bits)
 167 {
 168         bits += bs->bit;
 169         bytes += bits / BITS_PER_BYTE;
 170         if (bits % BITS_PER_BYTE > 0)
 171                 bytes++;
 172
 173         if (bs->cur + bytes > bs->end)
 174                 return 1;
 175
 176         return 0;
 177 }
 178
 179 static unsigned int get_bit(struct bitstr *bs)
 180 {
 181         unsigned int b = (*bs->cur) & (0x80 >> bs->bit);
 182
 183         INC_BIT(bs);
 184
 185         return b;
 186 }
 187
 188 /* Assume b <= 8 */
 189 static unsigned int get_bits(struct bitstr *bs, unsigned int b)
 190 {
 191         unsigned int v, l;
 192
 193         v = (*bs->cur) & (0xffU >> bs->bit);
 194         l = b + bs->bit;
 195
 196         if (l < 8) {
 197                 v >>= 8 - l;
 198                 bs->bit = l;
 199         } else if (l == 8) {
 200                 bs->cur++;
 201                 bs->bit = 0;
 202         } else {                /* l > 8 */
 203
 204                 v <<= 8;
 205                 v += *(++bs->cur);
 206                 v >>= 16 - l;
 207                 bs->bit = l - 8;
 208         }
 209
 210         return v;
 211 }
 212
 213 /* Assume b <= 32 */
 214 static unsigned int get_bitmap(struct bitstr *bs, unsigned int b)
 215 {
 216         unsigned int v, l, shift, bytes;
 217
 218         if (!b)
 219                 return 0;
 220
 221         l = bs->bit + b;
 222
 223         if (l < 8) {
 224                 v = (unsigned int)(*bs->cur) << (bs->bit + 24);
 225                 bs->bit = l;
 226         } else if (l == 8) {
 227                 v = (unsigned int)(*bs->cur++) << (bs->bit + 24);
 228                 bs->bit = 0;
 229         } else {
 230                 for (bytes = l >> 3, shift = 24, v = 0; bytes;
 231                      bytes--, shift -= 8)
 232                         v |= (unsigned int)(*bs->cur++) << shift;
 233
 234                 if (l < 32) {
 235                         v |= (unsigned int)(*bs->cur) << shift;
 236                         v <<= bs->bit;
 237                 } else if (l > 32) {
 238                         v <<= bs->bit;
 239                         v |= (*bs->cur) >> (8 - bs->bit);
 240                 }
 241
 242                 bs->bit = l & 0x7;
 243         }
 244
 245         v &= 0xffffffff << (32 - b);
 246
 247         return v;
 248 }
 249
 250 /*
 251  * Assume bs is aligned and sizeof(unsigned int) == 4
 252  */
 253 static unsigned int get_uint(struct bitstr *bs, int b)
 254 {
 255         unsigned int v = 0;
 256
 257         switch (b) {
 258         case 4:
 259                 v |= *bs->cur++;
 260                 v <<= 8;
 261                 /* fall through */
 262         case 3:
 263                 v |= *bs->cur++;
 264                 v <<= 8;
 265                 /* fall through */
 266         case 2:
 267                 v |= *bs->cur++;
 268                 v <<= 8;
 269                 /* fall through */
 270         case 1:
 271                 v |= *bs->cur++;
 272                 break;
 273         }
 274         return v;
 275 }
 276
 277 static int decode_nul(struct bitstr *bs, const struct field_t *f,
 278                       char *base, int level)
 279 {
 280         PRINT("%*.s%s\n", level * TAB_SIZE, " ", f->name);
 281
 282         return H323_ERROR_NONE;
 283 }
 284
 285 static int decode_bool(struct bitstr *bs, const struct field_t *f,
 286                        char *base, int level)
 287 {
 288         PRINT("%*.s%s\n", level * TAB_SIZE, " ", f->name);
 289
 290         INC_BIT(bs);
 291         if (nf_h323_error_boundary(bs, 0, 0))
 292                 return H323_ERROR_BOUND;
 293         return H323_ERROR_NONE;
 294 }
 295
 296 static int decode_oid(struct bitstr *bs, const struct field_t *f,
 297                       char *base, int level)
 298 {
 299         int len;
 300
 301         PRINT("%*.s%s\n", level * TAB_SIZE, " ", f->name);
 302
 303         BYTE_ALIGN(bs);
 304         if (nf_h323_error_boundary(bs, 1, 0))
 305                 return H323_ERROR_BOUND;
 306
 307         len = *bs->cur++;
 308         bs->cur += len;
 309         if (nf_h323_error_boundary(bs, 0, 0))
 310                 return H323_ERROR_BOUND;
 311
 312         return H323_ERROR_NONE;
 313 }
 314
 315 static int decode_int(struct bitstr *bs, const struct field_t *f,
 316                       char *base, int level)
 317 {
 318         unsigned int len;
 319
 320         PRINT("%*.s%s", level * TAB_SIZE, " ", f->name);
 321
 322         switch (f->sz) {
 323         case BYTE:              /* Range == 256 */
 324                 BYTE_ALIGN(bs);
 325                 bs->cur++;
 326                 break;
 327         case WORD:              /* 257 <= Range <= 64K */
 328                 BYTE_ALIGN(bs);
 329                 bs->cur += 2;
 330                 break;
 331         case CONS:              /* 64K < Range < 4G */
 332                 if (nf_h323_error_boundary(bs, 0, 2))
 333                         return H323_ERROR_BOUND;
 334                 len = get_bits(bs, 2) + 1;
 335                 BYTE_ALIGN(bs);
 336                 if (base && (f->attr & DECODE)) {       /* timeToLive */
 337                         unsigned int v = get_uint(bs, len) + f->lb;
 338                         PRINT(" = %u", v);
 339                         *((unsigned int *)(base + f->offset)) = v;
 340                 }
 341                 bs->cur += len;
 342                 break;
 343         case UNCO:
 344                 BYTE_ALIGN(bs);
 345                 if (nf_h323_error_boundary(bs, 2, 0))
 346                         return H323_ERROR_BOUND;
 347                 len = get_len(bs);
 348                 bs->cur += len;
 349                 break;
 350         default:                /* 2 <= Range <= 255 */
 351                 INC_BITS(bs, f->sz);
 352                 break;
 353         }
 354
 355         PRINT("\n");
 356
 357         if (nf_h323_error_boundary(bs, 0, 0))
 358                 return H323_ERROR_BOUND;
 359         return H323_ERROR_NONE;
 360 }
 361
 362 static int decode_enum(struct bitstr *bs, const struct field_t *f,
 363                        char *base, int level)
 364 {
 365         PRINT("%*.s%s\n", level * TAB_SIZE, " ", f->name);
 366
 367         if ((f->attr & EXT) && get_bit(bs)) {
 368                 INC_BITS(bs, 7);
 369         } else {
 370                 INC_BITS(bs, f->sz);
 371         }
 372
 373         if (nf_h323_error_boundary(bs, 0, 0))
 374                 return H323_ERROR_BOUND;
 375         return H323_ERROR_NONE;
 376 }
 377
 378 static int decode_bitstr(struct bitstr *bs, const struct field_t *f,
 379                          char *base, int level)
 380 {
 381         unsigned int len;
 382
 383         PRINT("%*.s%s\n", level * TAB_SIZE, " ", f->name);
 384
 385         BYTE_ALIGN(bs);
 386         switch (f->sz) {
 387         case FIXD:              /* fixed length > 16 */
 388                 len = f->lb;
 389                 break;
 390         case WORD:              /* 2-byte length */
 391                 if (nf_h323_error_boundary(bs, 2, 0))
 392                         return H323_ERROR_BOUND;
 393                 len = (*bs->cur++) << 8;
 394                 len += (*bs->cur++) + f->lb;
 395                 break;
 396         case SEMI:
 397                 if (nf_h323_error_boundary(bs, 2, 0))
 398                         return H323_ERROR_BOUND;
 399                 len = get_len(bs);
 400                 break;
 401         default:
 402                 len = 0;
 403                 break;
 404         }
 405
 406         bs->cur += len >> 3;
 407         bs->bit = len & 7;
 408
 409         if (nf_h323_error_boundary(bs, 0, 0))
 410                 return H323_ERROR_BOUND;
 411         return H323_ERROR_NONE;
 412 }
 413
 414 static int decode_numstr(struct bitstr *bs, const struct field_t *f,
 415                          char *base, int level)
 416 {
 417         unsigned int len;
 418
 419         PRINT("%*.s%s\n", level * TAB_SIZE, " ", f->name);
 420
 421         /* 2 <= Range <= 255 */
 422         if (nf_h323_error_boundary(bs, 0, f->sz))
 423                 return H323_ERROR_BOUND;
 424         len = get_bits(bs, f->sz) + f->lb;
 425
 426         BYTE_ALIGN(bs);
 427         INC_BITS(bs, (len << 2));
 428
 429         if (nf_h323_error_boundary(bs, 0, 0))
 430                 return H323_ERROR_BOUND;
 431         return H323_ERROR_NONE;
 432 }
 433
 434 static int decode_octstr(struct bitstr *bs, const struct field_t *f,
 435                          char *base, int level)
 436 {
 437         unsigned int len;
 438
 439         PRINT("%*.s%s", level * TAB_SIZE, " ", f->name);
 440
 441         switch (f->sz) {
 442         case FIXD:              /* Range == 1 */
 443                 if (f->lb > 2) {
 444                         BYTE_ALIGN(bs);
 445                         if (base && (f->attr & DECODE)) {
 446                                 /* The IP Address */
 447                                 IFTHEN(f->lb == 4,
 448                                        PRINT(" = %d.%d.%d.%d:%d",
 449                                              bs->cur[0], bs->cur[1],
 450                                              bs->cur[2], bs->cur[3],
 451                                              bs->cur[4] * 256 + bs->cur[5]));
 452                                 *((unsigned int *)(base + f->offset)) =
 453                                     bs->cur - bs->buf;
 454                         }
 455                 }
 456                 len = f->lb;
 457                 break;
 458         case BYTE:              /* Range == 256 */
 459                 BYTE_ALIGN(bs);
 460                 if (nf_h323_error_boundary(bs, 1, 0))
 461                         return H323_ERROR_BOUND;
 462                 len = (*bs->cur++) + f->lb;
 463                 break;
 464         case SEMI:
 465                 BYTE_ALIGN(bs);
 466                 if (nf_h323_error_boundary(bs, 2, 0))
 467                         return H323_ERROR_BOUND;
 468                 len = get_len(bs) + f->lb;
 469                 break;
 470         default:                /* 2 <= Range <= 255 */
 471                 if (nf_h323_error_boundary(bs, 0, f->sz))
 472                         return H323_ERROR_BOUND;
 473                 len = get_bits(bs, f->sz) + f->lb;
 474                 BYTE_ALIGN(bs);
 475                 break;
 476         }
 477
 478         bs->cur += len;
 479
 480         PRINT("\n");
 481
 482         if (nf_h323_error_boundary(bs, 0, 0))
 483                 return H323_ERROR_BOUND;
 484         return H323_ERROR_NONE;
 485 }
 486
 487 static int decode_bmpstr(struct bitstr *bs, const struct field_t *f,
 488                          char *base, int level)
 489 {
 490         unsigned int len;
 491
 492         PRINT("%*.s%s\n", level * TAB_SIZE, " ", f->name);
 493
 494         switch (f->sz) {
 495         case BYTE:              /* Range == 256 */
 496                 BYTE_ALIGN(bs);
 497                 if (nf_h323_error_boundary(bs, 1, 0))
 498                         return H323_ERROR_BOUND;
 499                 len = (*bs->cur++) + f->lb;
 500                 break;
 501         default:                /* 2 <= Range <= 255 */
 502                 if (nf_h323_error_boundary(bs, 0, f->sz))
 503                         return H323_ERROR_BOUND;
 504                 len = get_bits(bs, f->sz) + f->lb;
 505                 BYTE_ALIGN(bs);
 506                 break;
 507         }
 508
 509         bs->cur += len << 1;
 510
 511         if (nf_h323_error_boundary(bs, 0, 0))
 512                 return H323_ERROR_BOUND;
 513         return H323_ERROR_NONE;
 514 }
 515
 516 static int decode_seq(struct bitstr *bs, const struct field_t *f,
 517                       char *base, int level)
 518 {
 519         unsigned int ext, bmp, i, opt, len = 0, bmp2, bmp2_len;
 520         int err;
 521         const struct field_t *son;
 522         unsigned char *beg = NULL;
 523
 524         PRINT("%*.s%s\n", level * TAB_SIZE, " ", f->name);
 525
 526         /* Decode? */
 527         base = (base && (f->attr & DECODE)) ? base + f->offset : NULL;
 528
 529         /* Extensible? */
 530         if (nf_h323_error_boundary(bs, 0, 1))
 531                 return H323_ERROR_BOUND;
 532         ext = (f->attr & EXT) ? get_bit(bs) : 0;
 533
 534         /* Get fields bitmap */
 535         if (nf_h323_error_boundary(bs, 0, f->sz))
 536                 return H323_ERROR_BOUND;
 537         bmp = get_bitmap(bs, f->sz);
 538         if (base)
 539                 *(unsigned int *)base = bmp;
 540
 541         /* Decode the root components */
 542         for (i = opt = 0, son = f->fields; i < f->lb; i++, son++) {
 543                 if (son->attr & STOP) {
 544                         PRINT("%*.s%s\n", (level + 1) * TAB_SIZE, " ",
 545                               son->name);
 546                         return H323_ERROR_STOP;
 547                 }
 548
 549                 if (son->attr & OPT) {  /* Optional component */
 550                         if (!((0x80000000U >> (opt++)) & bmp))  /* Not exist */
 551                                 continue;
 552                 }
 553
 554                 /* Decode */
 555                 if (son->attr & OPEN) { /* Open field */
 556                         if (nf_h323_error_boundary(bs, 2, 0))
 557                                 return H323_ERROR_BOUND;
 558                         len = get_len(bs);
 559                         if (nf_h323_error_boundary(bs, len, 0))
 560                                 return H323_ERROR_BOUND;
 561                         if (!base || !(son->attr & DECODE)) {
 562                                 PRINT("%*.s%s\n", (level + 1) * TAB_SIZE,
 563                                       " ", son->name);
 564                                 bs->cur += len;
 565                                 continue;
 566                         }
 567                         beg = bs->cur;
 568
 569                         /* Decode */
 570                         if ((err = (Decoders[son->type]) (bs, son, base,
 571                                                           level + 1)) <
 572                             H323_ERROR_NONE)
 573                                 return err;
 574
 575                         bs->cur = beg + len;
 576                         bs->bit = 0;
 577                 } else if ((err = (Decoders[son->type]) (bs, son, base,
 578                                                          level + 1)) <
 579                            H323_ERROR_NONE)
 580                         return err;
 581         }
 582
 583         /* No extension? */
 584         if (!ext)
 585                 return H323_ERROR_NONE;
 586
 587         /* Get the extension bitmap */
 588         if (nf_h323_error_boundary(bs, 0, 7))
 589                 return H323_ERROR_BOUND;
 590         bmp2_len = get_bits(bs, 7) + 1;
 591         if (nf_h323_error_boundary(bs, 0, bmp2_len))
 592                 return H323_ERROR_BOUND;
 593         bmp2 = get_bitmap(bs, bmp2_len);
 594         bmp |= bmp2 >> f->sz;
 595         if (base)
 596                 *(unsigned int *)base = bmp;
 597         BYTE_ALIGN(bs);
 598
 599         /* Decode the extension components */
 600         for (opt = 0; opt < bmp2_len; opt++, i++, son++) {
 601                 /* Check Range */
 602                 if (i >= f->ub) {       /* Newer Version? */
 603                         if (nf_h323_error_boundary(bs, 2, 0))
 604                                 return H323_ERROR_BOUND;
 605                         len = get_len(bs);
 606                         if (nf_h323_error_boundary(bs, len, 0))
 607                                 return H323_ERROR_BOUND;
 608                         bs->cur += len;
 609                         continue;
 610                 }
 611
 612                 if (son->attr & STOP) {
 613                         PRINT("%*.s%s\n", (level + 1) * TAB_SIZE, " ",
 614                               son->name);
 615                         return H323_ERROR_STOP;
 616                 }
 617
 618                 if (!((0x80000000 >> opt) & bmp2))      /* Not present */
 619                         continue;
 620
 621                 if (nf_h323_error_boundary(bs, 2, 0))
 622                         return H323_ERROR_BOUND;
 623                 len = get_len(bs);
 624                 if (nf_h323_error_boundary(bs, len, 0))
 625                         return H323_ERROR_BOUND;
 626                 if (!base || !(son->attr & DECODE)) {
 627                         PRINT("%*.s%s\n", (level + 1) * TAB_SIZE, " ",
 628                               son->name);
 629                         bs->cur += len;
 630                         continue;
 631                 }
 632                 beg = bs->cur;
 633
 634                 if ((err = (Decoders[son->type]) (bs, son, base,
 635                                                   level + 1)) <
 636                     H323_ERROR_NONE)
 637                         return err;
 638
 639                 bs->cur = beg + len;
 640                 bs->bit = 0;
 641         }
 642         return H323_ERROR_NONE;
 643 }
 644
 645 static int decode_seqof(struct bitstr *bs, const struct field_t *f,
 646                         char *base, int level)
 647 {
 648         unsigned int count, effective_count = 0, i, len = 0;
 649         int err;
 650         const struct field_t *son;
 651         unsigned char *beg = NULL;
 652
 653         PRINT("%*.s%s\n", level * TAB_SIZE, " ", f->name);
 654
 655         /* Decode? */
 656         base = (base && (f->attr & DECODE)) ? base + f->offset : NULL;
 657
 658         /* Decode item count */
 659         switch (f->sz) {
 660         case BYTE:
 661                 BYTE_ALIGN(bs);
 662                 if (nf_h323_error_boundary(bs, 1, 0))
 663                         return H323_ERROR_BOUND;
 664                 count = *bs->cur++;
 665                 break;
 666         case WORD:
 667                 BYTE_ALIGN(bs);
 668                 if (nf_h323_error_boundary(bs, 2, 0))
 669                         return H323_ERROR_BOUND;
 670                 count = *bs->cur++;
 671                 count <<= 8;
 672                 count += *bs->cur++;
 673                 break;
 674         case SEMI:
 675                 BYTE_ALIGN(bs);
 676                 if (nf_h323_error_boundary(bs, 2, 0))
 677                         return H323_ERROR_BOUND;
 678                 count = get_len(bs);
 679                 break;
 680         default:
 681                 if (nf_h323_error_boundary(bs, 0, f->sz))
 682                         return H323_ERROR_BOUND;
 683                 count = get_bits(bs, f->sz);
 684                 break;
 685         }
 686         count += f->lb;
 687
 688         /* Write Count */
 689         if (base) {
 690                 effective_count = count > f->ub ? f->ub : count;
 691                 *(unsigned int *)base = effective_count;
 692                 base += sizeof(unsigned int);
 693         }
 694
 695         /* Decode nested field */
 696         son = f->fields;
 697         if (base)
 698                 base -= son->offset;
 699         for (i = 0; i < count; i++) {
 700                 if (son->attr & OPEN) {
 701                         BYTE_ALIGN(bs);
 702                         if (nf_h323_error_boundary(bs, 2, 0))
 703                                 return H323_ERROR_BOUND;
 704                         len = get_len(bs);
 705                         if (nf_h323_error_boundary(bs, len, 0))
 706                                 return H323_ERROR_BOUND;
 707                         if (!base || !(son->attr & DECODE)) {
 708                                 PRINT("%*.s%s\n", (level + 1) * TAB_SIZE,
 709                                       " ", son->name);
 710                                 bs->cur += len;
 711                                 continue;
 712                         }
 713                         beg = bs->cur;
 714
 715                         if ((err = (Decoders[son->type]) (bs, son,
 716                                                           i <
 717                                                           effective_count ?
 718                                                           base : NULL,
 719                                                           level + 1)) <
 720                             H323_ERROR_NONE)
 721                                 return err;
 722
 723                         bs->cur = beg + len;
 724                         bs->bit = 0;
 725                 } else
 726                         if ((err = (Decoders[son->type]) (bs, son,
 727                                                           i <
 728                                                           effective_count ?
 729                                                           base : NULL,
 730                                                           level + 1)) <
 731                             H323_ERROR_NONE)
 732                                 return err;
 733
 734                 if (base)
 735                         base += son->offset;
 736         }
 737
 738         return H323_ERROR_NONE;
 739 }
 740
 741 static int decode_choice(struct bitstr *bs, const struct field_t *f,
 742                          char *base, int level)
 743 {
 744         unsigned int type, ext, len = 0;
 745         int err;
 746         const struct field_t *son;
 747         unsigned char *beg = NULL;
 748
 749         PRINT("%*.s%s\n", level * TAB_SIZE, " ", f->name);
 750
 751         /* Decode? */
 752         base = (base && (f->attr & DECODE)) ? base + f->offset : NULL;
 753
 754         /* Decode the choice index number */
 755         if (nf_h323_error_boundary(bs, 0, 1))
 756                 return H323_ERROR_BOUND;
 757         if ((f->attr & EXT) && get_bit(bs)) {
 758                 ext = 1;
 759                 if (nf_h323_error_boundary(bs, 0, 7))
 760                         return H323_ERROR_BOUND;
 761                 type = get_bits(bs, 7) + f->lb;
 762         } else {
 763                 ext = 0;
 764                 if (nf_h323_error_boundary(bs, 0, f->sz))
 765                         return H323_ERROR_BOUND;
 766                 type = get_bits(bs, f->sz);
 767                 if (type >= f->lb)
 768                         return H323_ERROR_RANGE;
 769         }
 770
 771         /* Write Type */
 772         if (base)
 773                 *(unsigned int *)base = type;
 774
 775         /* Check Range */
 776         if (type >= f->ub) {    /* Newer version? */
 777                 BYTE_ALIGN(bs);
 778                 if (nf_h323_error_boundary(bs, 2, 0))
 779                         return H323_ERROR_BOUND;
 780                 len = get_len(bs);
 781                 if (nf_h323_error_boundary(bs, len, 0))
 782                         return H323_ERROR_BOUND;
 783                 bs->cur += len;
 784                 return H323_ERROR_NONE;
 785         }
 786
 787         /* Transfer to son level */
 788         son = &f->fields[type];
 789         if (son->attr & STOP) {
 790                 PRINT("%*.s%s\n", (level + 1) * TAB_SIZE, " ", son->name);
 791                 return H323_ERROR_STOP;
 792         }
 793
 794         if (ext || (son->attr & OPEN)) {
 795                 BYTE_ALIGN(bs);
 796                 if (nf_h323_error_boundary(bs, len, 0))
 797                         return H323_ERROR_BOUND;
 798                 len = get_len(bs);
 799                 if (nf_h323_error_boundary(bs, len, 0))
 800                         return H323_ERROR_BOUND;
 801                 if (!base || !(son->attr & DECODE)) {
 802                         PRINT("%*.s%s\n", (level + 1) * TAB_SIZE, " ",
 803                               son->name);
 804                         bs->cur += len;
 805                         return H323_ERROR_NONE;
 806                 }
 807                 beg = bs->cur;
 808
 809                 if ((err = (Decoders[son->type]) (bs, son, base, level + 1)) <
 810                     H323_ERROR_NONE)
 811                         return err;
 812
 813                 bs->cur = beg + len;
 814                 bs->bit = 0;
 815         } else if ((err = (Decoders[son->type]) (bs, son, base, level + 1)) <
 816                    H323_ERROR_NONE)
 817                 return err;
 818
 819         return H323_ERROR_NONE;
 820 }
 821
 822 int DecodeRasMessage(unsigned char *buf, size_t sz, RasMessage *ras)
 823 {
 824         static const struct field_t ras_message = {
 825                 FNAME("RasMessage") CHOICE, 5, 24, 32, DECODE | EXT,
 826                 0, _RasMessage
 827         };
 828         struct bitstr bs;
 829
 830         bs.buf = bs.beg = bs.cur = buf;
 831         bs.end = buf + sz;
 832         bs.bit = 0;
 833
 834         return decode_choice(&bs, &ras_message, (char *) ras, 0);
 835 }
 836
 837 static int DecodeH323_UserInformation(unsigned char *buf, unsigned char *beg,
 838                                       size_t sz, H323_UserInformation *uuie)
 839 {
 840         static const struct field_t h323_userinformation = {
 841                 FNAME("H323-UserInformation") SEQ, 1, 2, 2, DECODE | EXT,
 842                 0, _H323_UserInformation
 843         };
 844         struct bitstr bs;
 845
 846         bs.buf = buf;
 847         bs.beg = bs.cur = beg;
 848         bs.end = beg + sz;
 849         bs.bit = 0;
 850
 851         return decode_seq(&bs, &h323_userinformation, (char *) uuie, 0);
 852 }
 853
 854 int DecodeMultimediaSystemControlMessage(unsigned char *buf, size_t sz,
 855                                          MultimediaSystemControlMessage *
 856                                          mscm)
 857 {
 858         static const struct field_t multimediasystemcontrolmessage = {
 859                 FNAME("MultimediaSystemControlMessage") CHOICE, 2, 4, 4,
 860                 DECODE | EXT, 0, _MultimediaSystemControlMessage
 861         };
 862         struct bitstr bs;
 863
 864         bs.buf = bs.beg = bs.cur = buf;
 865         bs.end = buf + sz;
 866         bs.bit = 0;
 867
 868         return decode_choice(&bs, &multimediasystemcontrolmessage,
 869                              (char *) mscm, 0);
 870 }
 871
 872 int DecodeQ931(unsigned char *buf, size_t sz, Q931 *q931)
 873 {
 874         unsigned char *p = buf;
 875         int len;
 876
 877         if (!p || sz < 1)
 878                 return H323_ERROR_BOUND;
 879
 880         /* Protocol Discriminator */
 881         if (*p != 0x08) {
 882                 PRINT("Unknown Protocol Discriminator\n");
 883                 return H323_ERROR_RANGE;
 884         }
 885         p++;
 886         sz--;
 887
 888         /* CallReferenceValue */
 889         if (sz < 1)
 890                 return H323_ERROR_BOUND;
 891         len = *p++;
 892         sz--;
 893         if (sz < len)
 894                 return H323_ERROR_BOUND;
 895         p += len;
 896         sz -= len;
 897
 898         /* Message Type */
 899         if (sz < 2)
 900                 return H323_ERROR_BOUND;
 901         q931->MessageType = *p++;
 902         sz--;
 903         PRINT("MessageType = %02X\n", q931->MessageType);
 904         if (*p & 0x80) {
 905                 p++;
 906                 sz--;
 907         }
 908
 909         /* Decode Information Elements */
 910         while (sz > 0) {
 911                 if (*p == 0x7e) {       /* UserUserIE */
 912                         if (sz < 3)
 913                                 break;
 914                         p++;
 915                         len = *p++ << 8;
 916                         len |= *p++;
 917                         sz -= 3;
 918                         if (sz < len)
 919                                 break;
 920                         p++;
 921                         len--;
 922                         return DecodeH323_UserInformation(buf, p, len,
 923                                                           &q931->UUIE);
 924                 }
 925                 p++;
 926                 sz--;
 927                 if (sz < 1)
 928                         break;
 929                 len = *p++;
 930                 sz--;
 931                 if (sz < len)
 932                         break;
 933                 p += len;
 934                 sz -= len;
 935         }
 936
 937         PRINT("Q.931 UUIE not found\n");
 938
 939         return H323_ERROR_BOUND;
 940 }