#include "asterisk.h"
#include "asterisk/network.h"
#include <ifaddrs.h>
#include "asterisk/acl.h"
#include "asterisk/channel.h"
#include "asterisk/utils.h"
#include "asterisk/lock.h"
#include "asterisk/srv.h"
Go to the source code of this file.
Data Structures | |
struct | dscp_codepoint |
Defines | |
#define | V6_WORD(sin6, index) ((uint32_t *)&((sin6)->sin6_addr))[(index)] |
Isolate a 32-bit section of an IPv6 address. | |
Functions | |
static int | apply_netmask (const struct ast_sockaddr *addr, const struct ast_sockaddr *netmask, struct ast_sockaddr *result) |
Apply a netmask to an address and store the result in a separate structure. | |
ast_ha * | ast_append_ha (const char *sense, const char *stuff, struct ast_ha *path, int *error) |
Add a new rule to a list of HAs. | |
int | ast_apply_ha (const struct ast_ha *ha, const struct ast_sockaddr *addr) |
Apply a set of rules to a given IP address. | |
void | ast_copy_ha (const struct ast_ha *from, struct ast_ha *to) |
Copy the contents of one HA to another. | |
static struct ast_ha * | ast_duplicate_ha (struct ast_ha *original) |
ast_ha * | ast_duplicate_ha_list (struct ast_ha *original) |
Duplicate the contents of a list of host access rules. | |
int | ast_find_ourip (struct ast_sockaddr *ourip, const struct ast_sockaddr *bindaddr, int family) |
Find our IP address. | |
void | ast_free_ha (struct ast_ha *ha) |
Free a list of HAs. | |
int | ast_get_ip (struct ast_sockaddr *addr, const char *hostname) |
Get the IP address given a hostname. | |
int | ast_get_ip_or_srv (struct ast_sockaddr *addr, const char *hostname, const char *service) |
Get the IP address given a hostname and optional service. | |
int | ast_ouraddrfor (const struct ast_sockaddr *them, struct ast_sockaddr *us) |
Get our local IP address when contacting a remote host. | |
int | ast_str2cos (const char *value, unsigned int *cos) |
Convert a string to the appropriate COS value. | |
int | ast_str2tos (const char *value, unsigned int *tos) |
Convert a string to the appropriate TOS value. | |
const char * | ast_tos2str (unsigned int tos) |
Convert a TOS value into its string representation. | |
static int | get_local_address (struct ast_sockaddr *ourip) |
static int | parse_cidr_mask (struct ast_sockaddr *addr, int is_v4, const char *mask_str) |
Parse a netmask in CIDR notation. | |
static int | resolve_first (struct ast_sockaddr *addr, const char *name, int flag, int family) |
static void | score_address (const struct sockaddr_in *sin, struct in_addr *best_addr, int *best_score) |
Variables | |
static struct dscp_codepoint | dscp_pool1 [] |
Definition in file acl.c.
#define V6_WORD | ( | sin6, | |||
index | ) | ((uint32_t *)&((sin6)->sin6_addr))[(index)] |
Isolate a 32-bit section of an IPv6 address.
An IPv6 address can be divided into 4 32-bit chunks. This gives easy access to one of these chunks.
sin6 | A pointer to a struct sockaddr_in6 | |
index | Which 32-bit chunk to operate on. Must be in the range 0-3. |
Definition at line 284 of file acl.c.
Referenced by apply_netmask(), and parse_cidr_mask().
static int apply_netmask | ( | const struct ast_sockaddr * | addr, | |
const struct ast_sockaddr * | netmask, | |||
struct ast_sockaddr * | result | |||
) | [static] |
Apply a netmask to an address and store the result in a separate structure.
When dealing with IPv6 addresses, one cannot apply a netmask with a simple logical and operation. Furthermore, the incoming address may be an IPv4 address and need to be mapped properly before attempting to apply a rule.
addr | The IP address to apply the mask to. | |
netmask | The netmask configured in the host access rule. | |
result | The resultant address after applying the netmask to the given address |
0 | Successfully applied netmask -1 Failed to apply netmask |
Definition at line 300 of file acl.c.
References ast_ha::addr, ast_sockaddr_from_sin, ast_sockaddr_is_ipv4(), ast_sockaddr_is_ipv6(), ast_sockaddr::len, ast_sockaddr::ss, and V6_WORD.
Referenced by ast_append_ha(), and ast_apply_ha().
00302 { 00303 int res = 0; 00304 00305 if (ast_sockaddr_is_ipv4(addr)) { 00306 struct sockaddr_in result4 = { 0, }; 00307 struct sockaddr_in *addr4 = (struct sockaddr_in *) &addr->ss; 00308 struct sockaddr_in *mask4 = (struct sockaddr_in *) &netmask->ss; 00309 result4.sin_family = AF_INET; 00310 result4.sin_addr.s_addr = addr4->sin_addr.s_addr & mask4->sin_addr.s_addr; 00311 ast_sockaddr_from_sin(result, &result4); 00312 } else if (ast_sockaddr_is_ipv6(addr)) { 00313 struct sockaddr_in6 result6 = { 0, }; 00314 struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) &addr->ss; 00315 struct sockaddr_in6 *mask6 = (struct sockaddr_in6 *) &netmask->ss; 00316 int i; 00317 result6.sin6_family = AF_INET6; 00318 for (i = 0; i < 4; ++i) { 00319 V6_WORD(&result6, i) = V6_WORD(addr6, i) & V6_WORD(mask6, i); 00320 } 00321 memcpy(&result->ss, &result6, sizeof(result6)); 00322 result->len = sizeof(result6); 00323 } else { 00324 /* Unsupported address scheme */ 00325 res = -1; 00326 } 00327 00328 return res; 00329 }
struct ast_ha* ast_append_ha | ( | const char * | sense, | |
const char * | stuff, | |||
struct ast_ha * | path, | |||
int * | error | |||
) |
Add a new rule to a list of HAs.
This adds the new host access rule to the end of the list whose head is specified by the path parameter. Rules are evaluated in a way such that if multiple rules apply to a single IP address/subnet mask, then the rule latest in the list will be used.
sense | Either "permit" or "deny" (Actually any 'p' word will result in permission, and any other word will result in denial) | |
stuff | The IP address and subnet mask, separated with a '/'. The subnet mask can either be in dotted-decimal format or in CIDR notation (i.e. 0-32). | |
path | The head of the HA list to which we wish to append our new rule. If NULL is passed, then the new rule will become the head of the list | |
[out] | error | The integer error points to will be set non-zero if an error occurs |
Definition at line 395 of file acl.c.
References ast_ha::addr, apply_netmask(), ast_calloc, ast_debug, ast_free_ha(), ast_log(), AST_SENSE_ALLOW, AST_SENSE_DENY, ast_sockaddr_ipv4_mapped(), ast_sockaddr_is_ipv4(), ast_sockaddr_parse(), ast_sockaddr_stringify(), ast_strdupa, LOG_NOTICE, LOG_WARNING, ast_ha::next, parse_cidr_mask(), PARSE_PORT_FORBID, ast_ha::sense, and strsep().
Referenced by add_calltoken_ignore(), build_callno_limits(), build_device(), build_peer(), build_user(), and config_parse_variables().
00396 { 00397 struct ast_ha *ha; 00398 struct ast_ha *prev = NULL; 00399 struct ast_ha *ret; 00400 char *tmp = ast_strdupa(stuff); 00401 char *address = NULL, *mask = NULL; 00402 int addr_is_v4; 00403 00404 ret = path; 00405 while (path) { 00406 prev = path; 00407 path = path->next; 00408 } 00409 00410 if (!(ha = ast_calloc(1, sizeof(*ha)))) { 00411 if (error) { 00412 *error = 1; 00413 } 00414 return ret; 00415 } 00416 00417 address = strsep(&tmp, "/"); 00418 if (!address) { 00419 address = tmp; 00420 } else { 00421 mask = tmp; 00422 } 00423 00424 if (!ast_sockaddr_parse(&ha->addr, address, PARSE_PORT_FORBID)) { 00425 ast_log(LOG_WARNING, "Invalid IP address: %s\n", address); 00426 ast_free_ha(ha); 00427 if (error) { 00428 *error = 1; 00429 } 00430 return ret; 00431 } 00432 00433 /* If someone specifies an IPv4-mapped IPv6 address, 00434 * we just convert this to an IPv4 ACL 00435 */ 00436 if (ast_sockaddr_ipv4_mapped(&ha->addr, &ha->addr)) { 00437 ast_log(LOG_NOTICE, "IPv4-mapped ACL network address specified. " 00438 "Converting to an IPv4 ACL network address.\n"); 00439 } 00440 00441 addr_is_v4 = ast_sockaddr_is_ipv4(&ha->addr); 00442 00443 if (!mask) { 00444 parse_cidr_mask(&ha->netmask, addr_is_v4, addr_is_v4 ? "32" : "128"); 00445 } else if (strchr(mask, ':') || strchr(mask, '.')) { 00446 int mask_is_v4; 00447 /* Mask is of x.x.x.x or x:x:x:x:x:x:x:x variety */ 00448 if (!ast_sockaddr_parse(&ha->netmask, mask, PARSE_PORT_FORBID)) { 00449 ast_log(LOG_WARNING, "Invalid netmask: %s\n", mask); 00450 ast_free_ha(ha); 00451 if (error) { 00452 *error = 1; 00453 } 00454 return ret; 00455 } 00456 /* If someone specifies an IPv4-mapped IPv6 netmask, 00457 * we just convert this to an IPv4 ACL 00458 */ 00459 if (ast_sockaddr_ipv4_mapped(&ha->netmask, &ha->netmask)) { 00460 ast_log(LOG_NOTICE, "IPv4-mapped ACL netmask specified. " 00461 "Converting to an IPv4 ACL netmask.\n"); 00462 } 00463 mask_is_v4 = ast_sockaddr_is_ipv4(&ha->netmask); 00464 if (addr_is_v4 ^ mask_is_v4) { 00465 ast_log(LOG_WARNING, "Address and mask are not using same address scheme.\n"); 00466 ast_free_ha(ha); 00467 if (error) { 00468 *error = 1; 00469 } 00470 return ret; 00471 } 00472 } else if (parse_cidr_mask(&ha->netmask, addr_is_v4, mask)) { 00473 ast_log(LOG_WARNING, "Invalid CIDR netmask: %s\n", mask); 00474 ast_free_ha(ha); 00475 if (error) { 00476 *error = 1; 00477 } 00478 return ret; 00479 } 00480 00481 if (apply_netmask(&ha->addr, &ha->netmask, &ha->addr)) { 00482 /* This shouldn't happen because ast_sockaddr_parse would 00483 * have failed much earlier on an unsupported address scheme 00484 */ 00485 char *failmask = ast_strdupa(ast_sockaddr_stringify(&ha->netmask)); 00486 char *failaddr = ast_strdupa(ast_sockaddr_stringify(&ha->addr)); 00487 ast_log(LOG_WARNING, "Unable to apply netmask %s to address %s\n", failmask, failaddr); 00488 ast_free_ha(ha); 00489 if (error) { 00490 *error = 1; 00491 } 00492 return ret; 00493 } 00494 00495 ha->sense = strncasecmp(sense, "p", 1) ? AST_SENSE_DENY : AST_SENSE_ALLOW; 00496 00497 ha->next = NULL; 00498 if (prev) { 00499 prev->next = ha; 00500 } else { 00501 ret = ha; 00502 } 00503 00504 { 00505 const char *addr = ast_strdupa(ast_sockaddr_stringify(&ha->addr)); 00506 const char *mask = ast_strdupa(ast_sockaddr_stringify(&ha->netmask)); 00507 00508 ast_debug(1, "%s/%s sense %d appended to acl for peer\n", addr, mask, ha->sense); 00509 } 00510 00511 return ret; 00512 }
int ast_apply_ha | ( | const struct ast_ha * | ha, | |
const struct ast_sockaddr * | addr | |||
) |
Apply a set of rules to a given IP address.
The list of host access rules is traversed, beginning with the input rule. If the IP address given matches a rule, the "sense" of that rule is used as the return value. Note that if an IP address matches multiple rules that the last one matched will be the one whose sense will be returned.
ha | The head of the list of host access rules to follow | |
addr | An ast_sockaddr whose address is considered when matching rules |
AST_SENSE_ALLOW | The IP address passes our ACL | |
AST_SENSE_DENY | The IP address fails our ACL |
Definition at line 514 of file acl.c.
References ast_ha::addr, apply_netmask(), ast_copy_string(), ast_debug, ast_inet_ntoa(), AST_SENSE_ALLOW, ast_sockaddr_cmp_addr(), ast_sockaddr_ipv4_mapped(), ast_sockaddr_is_ipv4(), ast_sockaddr_is_ipv4_mapped(), ast_sockaddr_is_ipv6(), ast_ha::netmask, ast_ha::next, and ast_ha::sense.
Referenced by apply_directmedia_ha(), ast_sip_ouraddrfor(), authenticate(), check_access(), check_peer_ok(), parse_register_contact(), register_verify(), and skinny_register().
00515 { 00516 /* Start optimistic */ 00517 int res = AST_SENSE_ALLOW; 00518 const struct ast_ha *current_ha; 00519 00520 for (current_ha = ha; current_ha; current_ha = current_ha->next) { 00521 struct ast_sockaddr result; 00522 struct ast_sockaddr mapped_addr; 00523 const struct ast_sockaddr *addr_to_use; 00524 #if 0 /* debugging code */ 00525 char iabuf[INET_ADDRSTRLEN]; 00526 char iabuf2[INET_ADDRSTRLEN]; 00527 /* DEBUG */ 00528 ast_copy_string(iabuf, ast_inet_ntoa(sin->sin_addr), sizeof(iabuf)); 00529 ast_copy_string(iabuf2, ast_inet_ntoa(ha->netaddr), sizeof(iabuf2)); 00530 ast_debug(1, "##### Testing %s with %s\n", iabuf, iabuf2); 00531 #endif 00532 if (ast_sockaddr_is_ipv4(&ha->addr)) { 00533 if (ast_sockaddr_is_ipv6(addr)) { 00534 if (ast_sockaddr_is_ipv4_mapped(addr)) { 00535 /* IPv4 ACLs apply to IPv4-mapped addresses */ 00536 ast_sockaddr_ipv4_mapped(addr, &mapped_addr); 00537 addr_to_use = &mapped_addr; 00538 } else { 00539 /* An IPv4 ACL does not apply to an IPv6 address */ 00540 continue; 00541 } 00542 } else { 00543 /* Address is IPv4 and ACL is IPv4. No biggie */ 00544 addr_to_use = addr; 00545 } 00546 } else { 00547 if (ast_sockaddr_is_ipv6(addr) && !ast_sockaddr_is_ipv4_mapped(addr)) { 00548 addr_to_use = addr; 00549 } else { 00550 /* Address is IPv4 or IPv4 mapped but ACL is IPv6. Skip */ 00551 continue; 00552 } 00553 } 00554 00555 /* For each rule, if this address and the netmask = the net address 00556 apply the current rule */ 00557 if (apply_netmask(addr_to_use, ¤t_ha->netmask, &result)) { 00558 /* Unlikely to happen since we know the address to be IPv4 or IPv6 */ 00559 continue; 00560 } 00561 if (!ast_sockaddr_cmp_addr(&result, ¤t_ha->addr)) { 00562 res = current_ha->sense; 00563 } 00564 } 00565 return res; 00566 }
Copy the contents of one HA to another.
This copies the internals of the 'from' HA to the 'to' HA. It is important that the 'to' HA has been allocated prior to calling this function
from | Source HA to copy | |
to | Destination HA to copy to |
void |
Definition at line 230 of file acl.c.
References ast_ha::addr, ast_sockaddr_copy(), ast_ha::netmask, and ast_ha::sense.
Referenced by add_calltoken_ignore(), ast_duplicate_ha(), and build_callno_limits().
00231 { 00232 ast_sockaddr_copy(&to->addr, &from->addr); 00233 ast_sockaddr_copy(&to->netmask, &from->netmask); 00234 to->sense = from->sense; 00235 }
Definition at line 238 of file acl.c.
References ast_calloc, and ast_copy_ha().
Referenced by ast_duplicate_ha_list().
00239 { 00240 struct ast_ha *new_ha; 00241 00242 if ((new_ha = ast_calloc(1, sizeof(*new_ha)))) { 00243 /* Copy from original to new object */ 00244 ast_copy_ha(original, new_ha); 00245 } 00246 00247 return new_ha; 00248 }
Duplicate the contents of a list of host access rules.
A deep copy of all ast_has in the list is made. The returned value is allocated on the heap and must be freed independently of the input parameter when finished.
original | The ast_ha to copy |
The | head of the list of duplicated ast_has |
Definition at line 252 of file acl.c.
References ast_duplicate_ha(), and ast_ha::next.
Referenced by create_addr_from_peer().
00253 { 00254 struct ast_ha *start = original; 00255 struct ast_ha *ret = NULL; 00256 struct ast_ha *current, *prev = NULL; 00257 00258 while (start) { 00259 current = ast_duplicate_ha(start); /* Create copy of this object */ 00260 if (prev) { 00261 prev->next = current; /* Link previous to this object */ 00262 } 00263 00264 if (!ret) { 00265 ret = current; /* Save starting point */ 00266 } 00267 00268 start = start->next; /* Go to next object */ 00269 prev = current; /* Save pointer to this object */ 00270 } 00271 return ret; /* Return start of list */ 00272 }
int ast_find_ourip | ( | struct ast_sockaddr * | ourip, | |
const struct ast_sockaddr * | bindaddr, | |||
int | family | |||
) |
Find our IP address.
This function goes through many iterations in an attempt to find our IP address. If any step along the way should fail, we move to the next item in the list. Here are the steps taken:
[out] | ourip | Our IP address is written here when it is found |
bindaddr | A hint used for finding our IP. See the steps above for more details | |
family | Only addresses of the given family will be returned. Use 0 or AST_SOCKADDR_UNSPEC to get addresses of all families. |
0 | Success | |
-1 | Failure |
Definition at line 736 of file acl.c.
References ast_debug, ast_log(), ast_ouraddrfor(), ast_sockaddr_copy(), ast_sockaddr_is_any(), ast_sockaddr_port, ast_sockaddr_set_port, bindaddr, get_local_address(), LOG_WARNING, MAXHOSTNAMELEN, ourhost, PARSE_PORT_FORBID, and resolve_first().
Referenced by __oh323_rtp_create(), gtalk_get_local_ip(), jingle_create_candidates(), and load_module().
00737 { 00738 char ourhost[MAXHOSTNAMELEN] = ""; 00739 struct ast_sockaddr root; 00740 int res, port = ast_sockaddr_port(ourip); 00741 00742 /* just use the bind address if it is nonzero */ 00743 if (!ast_sockaddr_is_any(bindaddr)) { 00744 ast_sockaddr_copy(ourip, bindaddr); 00745 ast_debug(3, "Attached to given IP address\n"); 00746 return 0; 00747 } 00748 /* try to use our hostname */ 00749 if (gethostname(ourhost, sizeof(ourhost) - 1)) { 00750 ast_log(LOG_WARNING, "Unable to get hostname\n"); 00751 } else { 00752 if (resolve_first(ourip, ourhost, PARSE_PORT_FORBID, family) == 0) { 00753 /* reset port since resolve_first wipes this out */ 00754 ast_sockaddr_set_port(ourip, port); 00755 return 0; 00756 } 00757 } 00758 ast_debug(3, "Trying to check A.ROOT-SERVERS.NET and get our IP address for that connection\n"); 00759 /* A.ROOT-SERVERS.NET. */ 00760 if (!resolve_first(&root, "A.ROOT-SERVERS.NET", PARSE_PORT_FORBID, 0) && 00761 !ast_ouraddrfor(&root, ourip)) { 00762 /* reset port since resolve_first wipes this out */ 00763 ast_sockaddr_set_port(ourip, port); 00764 return 0; 00765 } 00766 res = get_local_address(ourip); 00767 ast_sockaddr_set_port(ourip, port); 00768 return res; 00769 }
void ast_free_ha | ( | struct ast_ha * | ha | ) |
Free a list of HAs.
Given the head of a list of HAs, it and all appended HAs are freed
ha | The head of the list of HAs to free |
void |
Definition at line 219 of file acl.c.
References ast_free, and ast_ha::next.
Referenced by __sip_destroy(), add_calltoken_ignore(), ast_append_ha(), build_callno_limits(), build_peer(), build_user(), destroy_gateway(), oh323_destroy_peer(), oh323_destroy_user(), peer_destructor(), reload_config(), sip_destroy_peer(), unload_module(), and user_destructor().
00220 { 00221 struct ast_ha *hal; 00222 while (ha) { 00223 hal = ha; 00224 ha = ha->next; 00225 ast_free(hal); 00226 } 00227 }
int ast_get_ip | ( | struct ast_sockaddr * | addr, | |
const char * | hostname | |||
) |
Get the IP address given a hostname.
Similar in nature to ast_gethostbyname, except that instead of getting an entire hostent structure, you instead are given only the IP address inserted into a ast_sockaddr structure.
addr | The IP address found. The address family is used as an input parameter to filter the returned addresses. If it is 0, both IPv4 and IPv6 addresses can be returned. | |
hostname | The hostname to look up |
0 | Success | |
-1 | Failure |
Definition at line 692 of file acl.c.
References ast_get_ip_or_srv().
Referenced by build_peer(), build_user(), config_parse_variables(), peer_set_srcaddr(), setup_stunaddr(), and stun_monitor_request().
00693 { 00694 return ast_get_ip_or_srv(addr, hostname, NULL); 00695 }
int ast_get_ip_or_srv | ( | struct ast_sockaddr * | addr, | |
const char * | hostname, | |||
const char * | service | |||
) |
Get the IP address given a hostname and optional service.
If the service parameter is non-NULL, then an SRV lookup will be made by prepending the service to the hostname parameter, separated by a '.' For example, if hostname is "example.com" and service is "_sip._udp" then an SRV lookup will be done for "_sip._udp.example.com". If service is NULL, then this function acts exactly like a call to ast_get_ip.
addr | The IP address found. The address family is used as an input parameter to filter the returned addresses. If it is 0, both IPv4 and IPv6 addresses can be returned. | |
hostname | The hostname to look up | |
service | A specific service provided by the host. A NULL service results in an A-record lookup instead of an SRV lookup |
0 | Success | |
-1 | Failure |
Definition at line 589 of file acl.c.
References ast_get_srv(), ast_sockaddr_set_port, PARSE_PORT_FORBID, resolve_first(), and ast_sockaddr::ss.
Referenced by ast_get_ip(), create_addr(), dnsmgr_refresh(), internal_dnsmgr_lookup(), and proxy_update().
00590 { 00591 char srv[256]; 00592 char host[256]; 00593 int srv_ret = 0; 00594 int tportno; 00595 00596 if (service) { 00597 snprintf(srv, sizeof(srv), "%s.%s", service, hostname); 00598 if ((srv_ret = ast_get_srv(NULL, host, sizeof(host), &tportno, srv)) > 0) { 00599 hostname = host; 00600 } 00601 } 00602 00603 if (resolve_first(addr, hostname, PARSE_PORT_FORBID, addr->ss.ss_family) != 0) { 00604 return -1; 00605 } 00606 00607 if (srv_ret > 0) { 00608 ast_sockaddr_set_port(addr, tportno); 00609 } 00610 00611 return 0; 00612 }
int ast_ouraddrfor | ( | const struct ast_sockaddr * | them, | |
struct ast_sockaddr * | us | |||
) |
Get our local IP address when contacting a remote host.
This function will attempt to connect(2) to them over UDP using a source port of 5060. If the connect(2) call is successful, then we inspect the sockaddr_in output parameter of connect(2) to determine the IP address used to connect to them. This IP address is then copied into us.
them | The IP address to which we wish to attempt to connect | |
[out] | us | The source IP address used to connect to them |
-1 | Failure | |
0 | Success |
Definition at line 697 of file acl.c.
References ast_connect(), ast_debug, ast_getsockname(), ast_log(), ast_sockaddr_is_ipv6(), ast_sockaddr_port, ast_sockaddr_set_port, ast_sockaddr_stringify_addr(), ast_strdupa, LOG_ERROR, and LOG_WARNING.
Referenced by ast_find_ourip(), ast_sip_ouraddrfor(), find_subchannel_and_lock(), gtalk_get_local_ip(), and sip_acf_channel_read().
00698 { 00699 int port; 00700 int s; 00701 00702 port = ast_sockaddr_port(us); 00703 00704 if ((s = socket(ast_sockaddr_is_ipv6(them) ? AF_INET6 : AF_INET, 00705 SOCK_DGRAM, 0)) < 0) { 00706 ast_log(LOG_ERROR, "Cannot create socket\n"); 00707 return -1; 00708 } 00709 00710 if (ast_connect(s, them)) { 00711 ast_log(LOG_WARNING, "Cannot connect\n"); 00712 close(s); 00713 return -1; 00714 } 00715 if (ast_getsockname(s, us)) { 00716 00717 ast_log(LOG_WARNING, "Cannot get socket name\n"); 00718 close(s); 00719 return -1; 00720 } 00721 close(s); 00722 00723 { 00724 const char *them_addr = ast_strdupa(ast_sockaddr_stringify_addr(them)); 00725 const char *us_addr = ast_strdupa(ast_sockaddr_stringify_addr(us)); 00726 00727 ast_debug(3, "For destination '%s', our source address is '%s'.\n", 00728 them_addr, us_addr); 00729 } 00730 00731 ast_sockaddr_set_port(us, port); 00732 00733 return 0; 00734 }
int ast_str2cos | ( | const char * | value, | |
unsigned int * | cos | |||
) |
Convert a string to the appropriate COS value.
value | The COS string to convert | |
[out] | cos | The integer representation of that COS value |
-1 | Failure | |
0 | Success |
Definition at line 645 of file acl.c.
Referenced by config_parse_variables(), reload_config(), and set_config().
00646 { 00647 int fval; 00648 00649 if (sscanf(value, "%30d", &fval) == 1) { 00650 if (fval < 8) { 00651 *cos = fval; 00652 return 0; 00653 } 00654 } 00655 00656 return -1; 00657 }
int ast_str2tos | ( | const char * | value, | |
unsigned int * | tos | |||
) |
Convert a string to the appropriate TOS value.
value | The TOS string to convert | |
[out] | tos | The integer representation of that TOS value |
-1 | Failure | |
0 | Success |
Definition at line 659 of file acl.c.
References ARRAY_LEN, dscp_pool1, name, and dscp_codepoint::space.
Referenced by config_parse_variables(), iax_template_parse(), reload_config(), and set_config().
00660 { 00661 int fval; 00662 unsigned int x; 00663 00664 if (sscanf(value, "%30i", &fval) == 1) { 00665 *tos = fval & 0xFF; 00666 return 0; 00667 } 00668 00669 for (x = 0; x < ARRAY_LEN(dscp_pool1); x++) { 00670 if (!strcasecmp(value, dscp_pool1[x].name)) { 00671 *tos = dscp_pool1[x].space << 2; 00672 return 0; 00673 } 00674 } 00675 00676 return -1; 00677 }
const char* ast_tos2str | ( | unsigned int | tos | ) |
Convert a TOS value into its string representation.
tos | The TOS value to look up |
Definition at line 679 of file acl.c.
References ARRAY_LEN, dscp_pool1, dscp_codepoint::name, and dscp_codepoint::space.
Referenced by sip_show_settings().
00680 { 00681 unsigned int x; 00682 00683 for (x = 0; x < ARRAY_LEN(dscp_pool1); x++) { 00684 if (dscp_pool1[x].space == (tos >> 2)) { 00685 return dscp_pool1[x].name; 00686 } 00687 } 00688 00689 return "unknown"; 00690 }
static int get_local_address | ( | struct ast_sockaddr * | ourip | ) | [static] |
Definition at line 115 of file acl.c.
References free, malloc, and score_address().
Referenced by ast_find_ourip().
00116 { 00117 int s, res = -1; 00118 #ifdef SOLARIS 00119 struct lifreq *ifr = NULL; 00120 struct lifnum ifn; 00121 struct lifconf ifc; 00122 struct sockaddr_in *sa; 00123 char *buf = NULL; 00124 int bufsz, x; 00125 #endif /* SOLARIS */ 00126 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__) 00127 struct ifaddrs *ifap, *ifaphead; 00128 int rtnerr; 00129 const struct sockaddr_in *sin; 00130 #endif /* BSD_OR_LINUX */ 00131 struct in_addr best_addr; 00132 int best_score = -100; 00133 memset(&best_addr, 0, sizeof(best_addr)); 00134 00135 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__) 00136 rtnerr = getifaddrs(&ifaphead); 00137 if (rtnerr) { 00138 perror(NULL); 00139 return -1; 00140 } 00141 #endif /* BSD_OR_LINUX */ 00142 00143 s = socket(AF_INET, SOCK_STREAM, 0); 00144 00145 if (s > 0) { 00146 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__) 00147 for (ifap = ifaphead; ifap; ifap = ifap->ifa_next) { 00148 00149 if (ifap->ifa_addr && ifap->ifa_addr->sa_family == AF_INET) { 00150 sin = (const struct sockaddr_in *) ifap->ifa_addr; 00151 score_address(sin, &best_addr, &best_score); 00152 res = 0; 00153 00154 if (best_score == 0) { 00155 break; 00156 } 00157 } 00158 } 00159 #endif /* BSD_OR_LINUX */ 00160 00161 /* There is no reason whatsoever that this shouldn't work on Linux or BSD also. */ 00162 #ifdef SOLARIS 00163 /* Get a count of interfaces on the machine */ 00164 ifn.lifn_family = AF_INET; 00165 ifn.lifn_flags = 0; 00166 ifn.lifn_count = 0; 00167 if (ioctl(s, SIOCGLIFNUM, &ifn) < 0) { 00168 close(s); 00169 return -1; 00170 } 00171 00172 bufsz = ifn.lifn_count * sizeof(struct lifreq); 00173 if (!(buf = malloc(bufsz))) { 00174 close(s); 00175 return -1; 00176 } 00177 memset(buf, 0, bufsz); 00178 00179 /* Get a list of interfaces on the machine */ 00180 ifc.lifc_len = bufsz; 00181 ifc.lifc_buf = buf; 00182 ifc.lifc_family = AF_INET; 00183 ifc.lifc_flags = 0; 00184 if (ioctl(s, SIOCGLIFCONF, &ifc) < 0) { 00185 close(s); 00186 free(buf); 00187 return -1; 00188 } 00189 00190 for (ifr = ifc.lifc_req, x = 0; x < ifn.lifn_count; ifr++, x++) { 00191 sa = (struct sockaddr_in *)&(ifr->lifr_addr); 00192 score_address(sa, &best_addr, &best_score); 00193 res = 0; 00194 00195 if (best_score == 0) { 00196 break; 00197 } 00198 } 00199 00200 free(buf); 00201 #endif /* SOLARIS */ 00202 00203 close(s); 00204 } 00205 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__) 00206 freeifaddrs(ifaphead); 00207 #endif /* BSD_OR_LINUX */ 00208 00209 if (res == 0 && ourip) { 00210 ast_sockaddr_setnull(ourip); 00211 ourip->ss.ss_family = AF_INET; 00212 ((struct sockaddr_in *)&ourip->ss)->sin_addr = best_addr; 00213 } 00214 return res; 00215 }
static int parse_cidr_mask | ( | struct ast_sockaddr * | addr, | |
int | is_v4, | |||
const char * | mask_str | |||
) | [static] |
Parse a netmask in CIDR notation.
For a mask of an IPv4 address, this should be a number between 0 and 32. For a mask of an IPv6 address, this should be a number between 0 and 128. This function creates an IPv6 ast_sockaddr from the given netmask. For masks of IPv4 addresses, this is accomplished by adding 96 to the original netmask.
[out] | addr | The ast_sockaddr produced from the CIDR netmask |
is_v4 | Tells if the address we are masking is IPv4. | |
mask_str | The CIDR mask to convert |
-1 | Failure | |
0 | Success |
Definition at line 347 of file acl.c.
References ast_sockaddr_from_sin, ast_sockaddr::len, ast_sockaddr::ss, and V6_WORD.
Referenced by ast_append_ha().
00348 { 00349 int mask; 00350 00351 if (sscanf(mask_str, "%30d", &mask) != 1) { 00352 return -1; 00353 } 00354 00355 if (is_v4) { 00356 struct sockaddr_in sin; 00357 if (mask < 0 || mask > 32) { 00358 return -1; 00359 } 00360 memset(&sin, 0, sizeof(sin)); 00361 sin.sin_family = AF_INET; 00362 /* If mask is 0, then we already have the 00363 * appropriate all 0s address in sin from 00364 * the above memset. 00365 */ 00366 if (mask != 0) { 00367 sin.sin_addr.s_addr = htonl(0xFFFFFFFF << (32 - mask)); 00368 } 00369 ast_sockaddr_from_sin(addr, &sin); 00370 } else { 00371 struct sockaddr_in6 sin6; 00372 int i; 00373 if (mask < 0 || mask > 128) { 00374 return -1; 00375 } 00376 memset(&sin6, 0, sizeof(sin6)); 00377 sin6.sin6_family = AF_INET6; 00378 for (i = 0; i < 4; ++i) { 00379 /* Once mask reaches 0, we don't have 00380 * to explicitly set anything anymore 00381 * since sin6 was zeroed out already 00382 */ 00383 if (mask > 0) { 00384 V6_WORD(&sin6, i) = htonl(0xFFFFFFFF << (mask < 32 ? (32 - mask) : 0)); 00385 mask -= mask < 32 ? mask : 32; 00386 } 00387 } 00388 memcpy(&addr->ss, &sin6, sizeof(sin6)); 00389 addr->len = sizeof(sin6); 00390 } 00391 00392 return 0; 00393 }
static int resolve_first | ( | struct ast_sockaddr * | addr, | |
const char * | name, | |||
int | flag, | |||
int | family | |||
) | [static] |
Definition at line 568 of file acl.c.
References ast_debug, ast_free, ast_log(), ast_sockaddr_copy(), ast_sockaddr_resolve(), and LOG_WARNING.
Referenced by ast_find_ourip(), and ast_get_ip_or_srv().
00570 { 00571 struct ast_sockaddr *addrs; 00572 int addrs_cnt; 00573 00574 addrs_cnt = ast_sockaddr_resolve(&addrs, name, flag, family); 00575 if (addrs_cnt > 0) { 00576 if (addrs_cnt > 1) { 00577 ast_debug(1, "Multiple addresses. Using the first only\n"); 00578 } 00579 ast_sockaddr_copy(addr, &addrs[0]); 00580 ast_free(addrs); 00581 } else { 00582 ast_log(LOG_WARNING, "Unable to lookup '%s'\n", name); 00583 return -1; 00584 } 00585 00586 return 0; 00587 }
static void score_address | ( | const struct sockaddr_in * | sin, | |
struct in_addr * | best_addr, | |||
int * | best_score | |||
) | [static] |
Definition at line 56 of file acl.c.
References ast_inet_ntoa().
Referenced by get_local_address().
00057 { 00058 const char *address; 00059 int score; 00060 00061 address = ast_inet_ntoa(sin->sin_addr); 00062 00063 /* RFC 1700 alias for the local network */ 00064 if (address[0] == '0') { 00065 score = -25; 00066 /* RFC 1700 localnet */ 00067 } else if (strncmp(address, "127", 3) == 0) { 00068 score = -20; 00069 /* RFC 1918 non-public address space */ 00070 } else if (strncmp(address, "10.", 3) == 0) { 00071 score = -5; 00072 /* RFC 1918 non-public address space */ 00073 } else if (strncmp(address, "172", 3) == 0) { 00074 /* 172.16.0.0 - 172.19.255.255, but not 172.160.0.0 - 172.169.255.255 */ 00075 if (address[4] == '1' && address[5] >= '6' && address[6] == '.') { 00076 score = -5; 00077 /* 172.20.0.0 - 172.29.255.255, but not 172.200.0.0 - 172.255.255.255 nor 172.2.0.0 - 172.2.255.255 */ 00078 } else if (address[4] == '2' && address[6] == '.') { 00079 score = -5; 00080 /* 172.30.0.0 - 172.31.255.255, but not 172.3.0.0 - 172.3.255.255 */ 00081 } else if (address[4] == '3' && (address[5] == '0' || address[5] == '1')) { 00082 score = -5; 00083 /* All other 172 addresses are public */ 00084 } else { 00085 score = 0; 00086 } 00087 /* RFC 2544 Benchmark test range (198.18.0.0 - 198.19.255.255, but not 198.180.0.0 - 198.199.255.255) */ 00088 } else if (strncmp(address, "198.1", 5) == 0 && address[5] >= '8' && address[6] == '.') { 00089 score = -10; 00090 /* RFC 1918 non-public address space */ 00091 } else if (strncmp(address, "192.168", 7) == 0) { 00092 score = -5; 00093 /* RFC 3330 Zeroconf network */ 00094 } else if (strncmp(address, "169.254", 7) == 0) { 00095 /*!\note Better score than a test network, but not quite as good as RFC 1918 00096 * address space. The reason is that some Linux distributions automatically 00097 * configure a Zeroconf address before trying DHCP, so we want to prefer a 00098 * DHCP lease to a Zeroconf address. 00099 */ 00100 score = -10; 00101 /* RFC 3330 Test network */ 00102 } else if (strncmp(address, "192.0.2.", 8) == 0) { 00103 score = -15; 00104 /* Every other address should be publically routable */ 00105 } else { 00106 score = 0; 00107 } 00108 00109 if (score > *best_score) { 00110 *best_score = score; 00111 memcpy(best_addr, &sin->sin_addr, sizeof(*best_addr)); 00112 } 00113 }
struct dscp_codepoint dscp_pool1[] [static] |