00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026 #include "asterisk.h"
00027
00028 ASTERISK_FILE_VERSION(__FILE__, "$Revision: 357724 $")
00029
00030 #include "asterisk/network.h"
00031
00032 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__Darwin__)
00033 #include <fcntl.h>
00034 #include <net/route.h>
00035 #endif
00036
00037 #if defined(SOLARIS)
00038 #include <sys/sockio.h>
00039 #include <net/if.h>
00040 #elif defined(HAVE_GETIFADDRS)
00041 #include <ifaddrs.h>
00042 #endif
00043
00044 #include "asterisk/acl.h"
00045 #include "asterisk/channel.h"
00046 #include "asterisk/utils.h"
00047 #include "asterisk/lock.h"
00048 #include "asterisk/srv.h"
00049
00050 #if (!defined(SOLARIS) && !defined(HAVE_GETIFADDRS))
00051 static int get_local_address(struct ast_sockaddr *ourip)
00052 {
00053 return -1;
00054 }
00055 #else
00056 static void score_address(const struct sockaddr_in *sin, struct in_addr *best_addr, int *best_score)
00057 {
00058 const char *address;
00059 int score;
00060
00061 address = ast_inet_ntoa(sin->sin_addr);
00062
00063
00064 if (address[0] == '0') {
00065 score = -25;
00066
00067 } else if (strncmp(address, "127", 3) == 0) {
00068 score = -20;
00069
00070 } else if (strncmp(address, "10.", 3) == 0) {
00071 score = -5;
00072
00073 } else if (strncmp(address, "172", 3) == 0) {
00074
00075 if (address[4] == '1' && address[5] >= '6' && address[6] == '.') {
00076 score = -5;
00077
00078 } else if (address[4] == '2' && address[6] == '.') {
00079 score = -5;
00080
00081 } else if (address[4] == '3' && (address[5] == '0' || address[5] == '1')) {
00082 score = -5;
00083
00084 } else {
00085 score = 0;
00086 }
00087
00088 } else if (strncmp(address, "198.1", 5) == 0 && address[5] >= '8' && address[6] == '.') {
00089 score = -10;
00090
00091 } else if (strncmp(address, "192.168", 7) == 0) {
00092 score = -5;
00093
00094 } else if (strncmp(address, "169.254", 7) == 0) {
00095
00096
00097
00098
00099
00100 score = -10;
00101
00102 } else if (strncmp(address, "192.0.2.", 8) == 0) {
00103 score = -15;
00104
00105 } else {
00106 score = 0;
00107 }
00108
00109 if (score > *best_score) {
00110 *best_score = score;
00111 memcpy(best_addr, &sin->sin_addr, sizeof(*best_addr));
00112 }
00113 }
00114
00115 static int get_local_address(struct ast_sockaddr *ourip)
00116 {
00117 int s, res = -1;
00118 #ifdef SOLARIS
00119 struct lifreq *ifr = NULL;
00120 struct lifnum ifn;
00121 struct lifconf ifc;
00122 struct sockaddr_in *sa;
00123 char *buf = NULL;
00124 int bufsz, x;
00125 #endif
00126 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__)
00127 struct ifaddrs *ifap, *ifaphead;
00128 int rtnerr;
00129 const struct sockaddr_in *sin;
00130 #endif
00131 struct in_addr best_addr;
00132 int best_score = -100;
00133 memset(&best_addr, 0, sizeof(best_addr));
00134
00135 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__)
00136 rtnerr = getifaddrs(&ifaphead);
00137 if (rtnerr) {
00138 perror(NULL);
00139 return -1;
00140 }
00141 #endif
00142
00143 s = socket(AF_INET, SOCK_STREAM, 0);
00144
00145 if (s > 0) {
00146 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__)
00147 for (ifap = ifaphead; ifap; ifap = ifap->ifa_next) {
00148
00149 if (ifap->ifa_addr && ifap->ifa_addr->sa_family == AF_INET) {
00150 sin = (const struct sockaddr_in *) ifap->ifa_addr;
00151 score_address(sin, &best_addr, &best_score);
00152 res = 0;
00153
00154 if (best_score == 0) {
00155 break;
00156 }
00157 }
00158 }
00159 #endif
00160
00161
00162 #ifdef SOLARIS
00163
00164 ifn.lifn_family = AF_INET;
00165 ifn.lifn_flags = 0;
00166 ifn.lifn_count = 0;
00167 if (ioctl(s, SIOCGLIFNUM, &ifn) < 0) {
00168 close(s);
00169 return -1;
00170 }
00171
00172 bufsz = ifn.lifn_count * sizeof(struct lifreq);
00173 if (!(buf = malloc(bufsz))) {
00174 close(s);
00175 return -1;
00176 }
00177 memset(buf, 0, bufsz);
00178
00179
00180 ifc.lifc_len = bufsz;
00181 ifc.lifc_buf = buf;
00182 ifc.lifc_family = AF_INET;
00183 ifc.lifc_flags = 0;
00184 if (ioctl(s, SIOCGLIFCONF, &ifc) < 0) {
00185 close(s);
00186 free(buf);
00187 return -1;
00188 }
00189
00190 for (ifr = ifc.lifc_req, x = 0; x < ifn.lifn_count; ifr++, x++) {
00191 sa = (struct sockaddr_in *)&(ifr->lifr_addr);
00192 score_address(sa, &best_addr, &best_score);
00193 res = 0;
00194
00195 if (best_score == 0) {
00196 break;
00197 }
00198 }
00199
00200 free(buf);
00201 #endif
00202
00203 close(s);
00204 }
00205 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__)
00206 freeifaddrs(ifaphead);
00207 #endif
00208
00209 if (res == 0 && ourip) {
00210 ast_sockaddr_setnull(ourip);
00211 ourip->ss.ss_family = AF_INET;
00212 ((struct sockaddr_in *)&ourip->ss)->sin_addr = best_addr;
00213 }
00214 return res;
00215 }
00216 #endif
00217
00218
00219 void ast_free_ha(struct ast_ha *ha)
00220 {
00221 struct ast_ha *hal;
00222 while (ha) {
00223 hal = ha;
00224 ha = ha->next;
00225 ast_free(hal);
00226 }
00227 }
00228
00229
00230 void ast_copy_ha(const struct ast_ha *from, struct ast_ha *to)
00231 {
00232 ast_sockaddr_copy(&to->addr, &from->addr);
00233 ast_sockaddr_copy(&to->netmask, &from->netmask);
00234 to->sense = from->sense;
00235 }
00236
00237
00238 static struct ast_ha *ast_duplicate_ha(struct ast_ha *original)
00239 {
00240 struct ast_ha *new_ha;
00241
00242 if ((new_ha = ast_calloc(1, sizeof(*new_ha)))) {
00243
00244 ast_copy_ha(original, new_ha);
00245 }
00246
00247 return new_ha;
00248 }
00249
00250
00251
00252 struct ast_ha *ast_duplicate_ha_list(struct ast_ha *original)
00253 {
00254 struct ast_ha *start = original;
00255 struct ast_ha *ret = NULL;
00256 struct ast_ha *current, *prev = NULL;
00257
00258 while (start) {
00259 current = ast_duplicate_ha(start);
00260 if (prev) {
00261 prev->next = current;
00262 }
00263
00264 if (!ret) {
00265 ret = current;
00266 }
00267
00268 start = start->next;
00269 prev = current;
00270 }
00271 return ret;
00272 }
00273
00274
00275
00276
00277
00278
00279
00280
00281
00282
00283
00284 #define V6_WORD(sin6, index) ((uint32_t *)&((sin6)->sin6_addr))[(index)]
00285
00286
00287
00288
00289
00290
00291
00292
00293
00294
00295
00296
00297
00298
00299
00300 static int apply_netmask(const struct ast_sockaddr *addr, const struct ast_sockaddr *netmask,
00301 struct ast_sockaddr *result)
00302 {
00303 int res = 0;
00304
00305 if (ast_sockaddr_is_ipv4(addr)) {
00306 struct sockaddr_in result4 = { 0, };
00307 struct sockaddr_in *addr4 = (struct sockaddr_in *) &addr->ss;
00308 struct sockaddr_in *mask4 = (struct sockaddr_in *) &netmask->ss;
00309 result4.sin_family = AF_INET;
00310 result4.sin_addr.s_addr = addr4->sin_addr.s_addr & mask4->sin_addr.s_addr;
00311 ast_sockaddr_from_sin(result, &result4);
00312 } else if (ast_sockaddr_is_ipv6(addr)) {
00313 struct sockaddr_in6 result6 = { 0, };
00314 struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) &addr->ss;
00315 struct sockaddr_in6 *mask6 = (struct sockaddr_in6 *) &netmask->ss;
00316 int i;
00317 result6.sin6_family = AF_INET6;
00318 for (i = 0; i < 4; ++i) {
00319 V6_WORD(&result6, i) = V6_WORD(addr6, i) & V6_WORD(mask6, i);
00320 }
00321 memcpy(&result->ss, &result6, sizeof(result6));
00322 result->len = sizeof(result6);
00323 } else {
00324
00325 res = -1;
00326 }
00327
00328 return res;
00329 }
00330
00331
00332
00333
00334
00335
00336
00337
00338
00339
00340
00341
00342
00343
00344
00345
00346
00347 static int parse_cidr_mask(struct ast_sockaddr *addr, int is_v4, const char *mask_str)
00348 {
00349 int mask;
00350
00351 if (sscanf(mask_str, "%30d", &mask) != 1) {
00352 return -1;
00353 }
00354
00355 if (is_v4) {
00356 struct sockaddr_in sin;
00357 if (mask < 0 || mask > 32) {
00358 return -1;
00359 }
00360 memset(&sin, 0, sizeof(sin));
00361 sin.sin_family = AF_INET;
00362
00363
00364
00365
00366 if (mask != 0) {
00367 sin.sin_addr.s_addr = htonl(0xFFFFFFFF << (32 - mask));
00368 }
00369 ast_sockaddr_from_sin(addr, &sin);
00370 } else {
00371 struct sockaddr_in6 sin6;
00372 int i;
00373 if (mask < 0 || mask > 128) {
00374 return -1;
00375 }
00376 memset(&sin6, 0, sizeof(sin6));
00377 sin6.sin6_family = AF_INET6;
00378 for (i = 0; i < 4; ++i) {
00379
00380
00381
00382
00383 if (mask > 0) {
00384 V6_WORD(&sin6, i) = htonl(0xFFFFFFFF << (mask < 32 ? (32 - mask) : 0));
00385 mask -= mask < 32 ? mask : 32;
00386 }
00387 }
00388 memcpy(&addr->ss, &sin6, sizeof(sin6));
00389 addr->len = sizeof(sin6);
00390 }
00391
00392 return 0;
00393 }
00394
00395 struct ast_ha *ast_append_ha(const char *sense, const char *stuff, struct ast_ha *path, int *error)
00396 {
00397 struct ast_ha *ha;
00398 struct ast_ha *prev = NULL;
00399 struct ast_ha *ret;
00400 char *tmp = ast_strdupa(stuff);
00401 char *address = NULL, *mask = NULL;
00402 int addr_is_v4;
00403
00404 ret = path;
00405 while (path) {
00406 prev = path;
00407 path = path->next;
00408 }
00409
00410 if (!(ha = ast_calloc(1, sizeof(*ha)))) {
00411 if (error) {
00412 *error = 1;
00413 }
00414 return ret;
00415 }
00416
00417 address = strsep(&tmp, "/");
00418 if (!address) {
00419 address = tmp;
00420 } else {
00421 mask = tmp;
00422 }
00423
00424 if (!ast_sockaddr_parse(&ha->addr, address, PARSE_PORT_FORBID)) {
00425 ast_log(LOG_WARNING, "Invalid IP address: %s\n", address);
00426 ast_free_ha(ha);
00427 if (error) {
00428 *error = 1;
00429 }
00430 return ret;
00431 }
00432
00433
00434
00435
00436 if (ast_sockaddr_ipv4_mapped(&ha->addr, &ha->addr)) {
00437 ast_log(LOG_NOTICE, "IPv4-mapped ACL network address specified. "
00438 "Converting to an IPv4 ACL network address.\n");
00439 }
00440
00441 addr_is_v4 = ast_sockaddr_is_ipv4(&ha->addr);
00442
00443 if (!mask) {
00444 parse_cidr_mask(&ha->netmask, addr_is_v4, addr_is_v4 ? "32" : "128");
00445 } else if (strchr(mask, ':') || strchr(mask, '.')) {
00446 int mask_is_v4;
00447
00448 if (!ast_sockaddr_parse(&ha->netmask, mask, PARSE_PORT_FORBID)) {
00449 ast_log(LOG_WARNING, "Invalid netmask: %s\n", mask);
00450 ast_free_ha(ha);
00451 if (error) {
00452 *error = 1;
00453 }
00454 return ret;
00455 }
00456
00457
00458
00459 if (ast_sockaddr_ipv4_mapped(&ha->netmask, &ha->netmask)) {
00460 ast_log(LOG_NOTICE, "IPv4-mapped ACL netmask specified. "
00461 "Converting to an IPv4 ACL netmask.\n");
00462 }
00463 mask_is_v4 = ast_sockaddr_is_ipv4(&ha->netmask);
00464 if (addr_is_v4 ^ mask_is_v4) {
00465 ast_log(LOG_WARNING, "Address and mask are not using same address scheme.\n");
00466 ast_free_ha(ha);
00467 if (error) {
00468 *error = 1;
00469 }
00470 return ret;
00471 }
00472 } else if (parse_cidr_mask(&ha->netmask, addr_is_v4, mask)) {
00473 ast_log(LOG_WARNING, "Invalid CIDR netmask: %s\n", mask);
00474 ast_free_ha(ha);
00475 if (error) {
00476 *error = 1;
00477 }
00478 return ret;
00479 }
00480
00481 if (apply_netmask(&ha->addr, &ha->netmask, &ha->addr)) {
00482
00483
00484
00485 char *failmask = ast_strdupa(ast_sockaddr_stringify(&ha->netmask));
00486 char *failaddr = ast_strdupa(ast_sockaddr_stringify(&ha->addr));
00487 ast_log(LOG_WARNING, "Unable to apply netmask %s to address %s\n", failmask, failaddr);
00488 ast_free_ha(ha);
00489 if (error) {
00490 *error = 1;
00491 }
00492 return ret;
00493 }
00494
00495 ha->sense = strncasecmp(sense, "p", 1) ? AST_SENSE_DENY : AST_SENSE_ALLOW;
00496
00497 ha->next = NULL;
00498 if (prev) {
00499 prev->next = ha;
00500 } else {
00501 ret = ha;
00502 }
00503
00504 {
00505 const char *addr = ast_strdupa(ast_sockaddr_stringify(&ha->addr));
00506 const char *mask = ast_strdupa(ast_sockaddr_stringify(&ha->netmask));
00507
00508 ast_debug(1, "%s/%s sense %d appended to acl for peer\n", addr, mask, ha->sense);
00509 }
00510
00511 return ret;
00512 }
00513
00514 int ast_apply_ha(const struct ast_ha *ha, const struct ast_sockaddr *addr)
00515 {
00516
00517 int res = AST_SENSE_ALLOW;
00518 const struct ast_ha *current_ha;
00519
00520 for (current_ha = ha; current_ha; current_ha = current_ha->next) {
00521 struct ast_sockaddr result;
00522 struct ast_sockaddr mapped_addr;
00523 const struct ast_sockaddr *addr_to_use;
00524 #if 0
00525 char iabuf[INET_ADDRSTRLEN];
00526 char iabuf2[INET_ADDRSTRLEN];
00527
00528 ast_copy_string(iabuf, ast_inet_ntoa(sin->sin_addr), sizeof(iabuf));
00529 ast_copy_string(iabuf2, ast_inet_ntoa(ha->netaddr), sizeof(iabuf2));
00530 ast_debug(1, "##### Testing %s with %s\n", iabuf, iabuf2);
00531 #endif
00532 if (ast_sockaddr_is_ipv4(&ha->addr)) {
00533 if (ast_sockaddr_is_ipv6(addr)) {
00534 if (ast_sockaddr_is_ipv4_mapped(addr)) {
00535
00536 ast_sockaddr_ipv4_mapped(addr, &mapped_addr);
00537 addr_to_use = &mapped_addr;
00538 } else {
00539
00540 continue;
00541 }
00542 } else {
00543
00544 addr_to_use = addr;
00545 }
00546 } else {
00547 if (ast_sockaddr_is_ipv6(addr) && !ast_sockaddr_is_ipv4_mapped(addr)) {
00548 addr_to_use = addr;
00549 } else {
00550
00551 continue;
00552 }
00553 }
00554
00555
00556
00557 if (apply_netmask(addr_to_use, ¤t_ha->netmask, &result)) {
00558
00559 continue;
00560 }
00561 if (!ast_sockaddr_cmp_addr(&result, ¤t_ha->addr)) {
00562 res = current_ha->sense;
00563 }
00564 }
00565 return res;
00566 }
00567
00568 static int resolve_first(struct ast_sockaddr *addr, const char *name, int flag,
00569 int family)
00570 {
00571 struct ast_sockaddr *addrs;
00572 int addrs_cnt;
00573
00574 addrs_cnt = ast_sockaddr_resolve(&addrs, name, flag, family);
00575 if (addrs_cnt > 0) {
00576 if (addrs_cnt > 1) {
00577 ast_debug(1, "Multiple addresses. Using the first only\n");
00578 }
00579 ast_sockaddr_copy(addr, &addrs[0]);
00580 ast_free(addrs);
00581 } else {
00582 ast_log(LOG_WARNING, "Unable to lookup '%s'\n", name);
00583 return -1;
00584 }
00585
00586 return 0;
00587 }
00588
00589 int ast_get_ip_or_srv(struct ast_sockaddr *addr, const char *hostname, const char *service)
00590 {
00591 char srv[256];
00592 char host[256];
00593 int srv_ret = 0;
00594 int tportno;
00595
00596 if (service) {
00597 snprintf(srv, sizeof(srv), "%s.%s", service, hostname);
00598 if ((srv_ret = ast_get_srv(NULL, host, sizeof(host), &tportno, srv)) > 0) {
00599 hostname = host;
00600 }
00601 }
00602
00603 if (resolve_first(addr, hostname, PARSE_PORT_FORBID, addr->ss.ss_family) != 0) {
00604 return -1;
00605 }
00606
00607 if (srv_ret > 0) {
00608 ast_sockaddr_set_port(addr, tportno);
00609 }
00610
00611 return 0;
00612 }
00613
00614 struct dscp_codepoint {
00615 char *name;
00616 unsigned int space;
00617 };
00618
00619
00620
00621 static const struct dscp_codepoint dscp_pool1[] = {
00622 { "CS0", 0x00 },
00623 { "CS1", 0x08 },
00624 { "CS2", 0x10 },
00625 { "CS3", 0x18 },
00626 { "CS4", 0x20 },
00627 { "CS5", 0x28 },
00628 { "CS6", 0x30 },
00629 { "CS7", 0x38 },
00630 { "AF11", 0x0A },
00631 { "AF12", 0x0C },
00632 { "AF13", 0x0E },
00633 { "AF21", 0x12 },
00634 { "AF22", 0x14 },
00635 { "AF23", 0x16 },
00636 { "AF31", 0x1A },
00637 { "AF32", 0x1C },
00638 { "AF33", 0x1E },
00639 { "AF41", 0x22 },
00640 { "AF42", 0x24 },
00641 { "AF43", 0x26 },
00642 { "EF", 0x2E },
00643 };
00644
00645 int ast_str2cos(const char *value, unsigned int *cos)
00646 {
00647 int fval;
00648
00649 if (sscanf(value, "%30d", &fval) == 1) {
00650 if (fval < 8) {
00651 *cos = fval;
00652 return 0;
00653 }
00654 }
00655
00656 return -1;
00657 }
00658
00659 int ast_str2tos(const char *value, unsigned int *tos)
00660 {
00661 int fval;
00662 unsigned int x;
00663
00664 if (sscanf(value, "%30i", &fval) == 1) {
00665 *tos = fval & 0xFF;
00666 return 0;
00667 }
00668
00669 for (x = 0; x < ARRAY_LEN(dscp_pool1); x++) {
00670 if (!strcasecmp(value, dscp_pool1[x].name)) {
00671 *tos = dscp_pool1[x].space << 2;
00672 return 0;
00673 }
00674 }
00675
00676 return -1;
00677 }
00678
00679 const char *ast_tos2str(unsigned int tos)
00680 {
00681 unsigned int x;
00682
00683 for (x = 0; x < ARRAY_LEN(dscp_pool1); x++) {
00684 if (dscp_pool1[x].space == (tos >> 2)) {
00685 return dscp_pool1[x].name;
00686 }
00687 }
00688
00689 return "unknown";
00690 }
00691
00692 int ast_get_ip(struct ast_sockaddr *addr, const char *hostname)
00693 {
00694 return ast_get_ip_or_srv(addr, hostname, NULL);
00695 }
00696
00697 int ast_ouraddrfor(const struct ast_sockaddr *them, struct ast_sockaddr *us)
00698 {
00699 int port;
00700 int s;
00701
00702 port = ast_sockaddr_port(us);
00703
00704 if ((s = socket(ast_sockaddr_is_ipv6(them) ? AF_INET6 : AF_INET,
00705 SOCK_DGRAM, 0)) < 0) {
00706 ast_log(LOG_ERROR, "Cannot create socket\n");
00707 return -1;
00708 }
00709
00710 if (ast_connect(s, them)) {
00711 ast_log(LOG_WARNING, "Cannot connect\n");
00712 close(s);
00713 return -1;
00714 }
00715 if (ast_getsockname(s, us)) {
00716
00717 ast_log(LOG_WARNING, "Cannot get socket name\n");
00718 close(s);
00719 return -1;
00720 }
00721 close(s);
00722
00723 {
00724 const char *them_addr = ast_strdupa(ast_sockaddr_stringify_addr(them));
00725 const char *us_addr = ast_strdupa(ast_sockaddr_stringify_addr(us));
00726
00727 ast_debug(3, "For destination '%s', our source address is '%s'.\n",
00728 them_addr, us_addr);
00729 }
00730
00731 ast_sockaddr_set_port(us, port);
00732
00733 return 0;
00734 }
00735
00736 int ast_find_ourip(struct ast_sockaddr *ourip, const struct ast_sockaddr *bindaddr, int family)
00737 {
00738 char ourhost[MAXHOSTNAMELEN] = "";
00739 struct ast_sockaddr root;
00740 int res, port = ast_sockaddr_port(ourip);
00741
00742
00743 if (!ast_sockaddr_is_any(bindaddr)) {
00744 ast_sockaddr_copy(ourip, bindaddr);
00745 ast_debug(3, "Attached to given IP address\n");
00746 return 0;
00747 }
00748
00749 if (gethostname(ourhost, sizeof(ourhost) - 1)) {
00750 ast_log(LOG_WARNING, "Unable to get hostname\n");
00751 } else {
00752 if (resolve_first(ourip, ourhost, PARSE_PORT_FORBID, family) == 0) {
00753
00754 ast_sockaddr_set_port(ourip, port);
00755 return 0;
00756 }
00757 }
00758 ast_debug(3, "Trying to check A.ROOT-SERVERS.NET and get our IP address for that connection\n");
00759
00760 if (!resolve_first(&root, "A.ROOT-SERVERS.NET", PARSE_PORT_FORBID, 0) &&
00761 !ast_ouraddrfor(&root, ourip)) {
00762
00763 ast_sockaddr_set_port(ourip, port);
00764 return 0;
00765 }
00766 res = get_local_address(ourip);
00767 ast_sockaddr_set_port(ourip, port);
00768 return res;
00769 }
00770