00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026 #include "asterisk.h"
00027
00028 ASTERISK_FILE_VERSION(__FILE__, "$Revision: 291758 $")
00029
00030 #include "asterisk/network.h"
00031
00032 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__Darwin__)
00033 #include <fcntl.h>
00034 #include <net/route.h>
00035 #endif
00036
00037 #if defined(SOLARIS)
00038 #include <sys/sockio.h>
00039 #include <net/if.h>
00040 #elif defined(HAVE_GETIFADDRS)
00041 #include <ifaddrs.h>
00042 #endif
00043
00044 #include "asterisk/acl.h"
00045 #include "asterisk/channel.h"
00046 #include "asterisk/utils.h"
00047 #include "asterisk/lock.h"
00048 #include "asterisk/srv.h"
00049
00050 #if (!defined(SOLARIS) && !defined(HAVE_GETIFADDRS))
00051 static int get_local_address(struct ast_sockaddr *ourip)
00052 {
00053 return -1;
00054 }
00055 #else
00056 static void score_address(const struct sockaddr_in *sin, struct in_addr *best_addr, int *best_score)
00057 {
00058 const char *address;
00059 int score;
00060
00061 address = ast_inet_ntoa(sin->sin_addr);
00062
00063
00064 if (address[0] == '0') {
00065 score = -25;
00066
00067 } else if (strncmp(address, "127", 3) == 0) {
00068 score = -20;
00069
00070 } else if (strncmp(address, "10.", 3) == 0) {
00071 score = -5;
00072
00073 } else if (strncmp(address, "172", 3) == 0) {
00074
00075 if (address[4] == '1' && address[5] >= '6' && address[6] == '.') {
00076 score = -5;
00077
00078 } else if (address[4] == '2' && address[6] == '.') {
00079 score = -5;
00080
00081 } else if (address[4] == '3' && (address[5] == '0' || address[5] == '1')) {
00082 score = -5;
00083
00084 } else {
00085 score = 0;
00086 }
00087
00088 } else if (strncmp(address, "198.1", 5) == 0 && address[5] >= '8' && address[6] == '.') {
00089 score = -10;
00090
00091 } else if (strncmp(address, "192.168", 7) == 0) {
00092 score = -5;
00093
00094 } else if (strncmp(address, "169.254", 7) == 0) {
00095
00096
00097
00098
00099
00100 score = -10;
00101
00102 } else if (strncmp(address, "192.0.2.", 8) == 0) {
00103 score = -15;
00104
00105 } else {
00106 score = 0;
00107 }
00108
00109 if (score > *best_score) {
00110 *best_score = score;
00111 memcpy(best_addr, &sin->sin_addr, sizeof(*best_addr));
00112 }
00113 }
00114
00115 static int get_local_address(struct ast_sockaddr *ourip)
00116 {
00117 int s, res = -1;
00118 #ifdef SOLARIS
00119 struct lifreq *ifr = NULL;
00120 struct lifnum ifn;
00121 struct lifconf ifc;
00122 struct sockaddr_in *sa;
00123 char *buf = NULL;
00124 int bufsz, x;
00125 #endif
00126 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__)
00127 struct ifaddrs *ifap, *ifaphead;
00128 int rtnerr;
00129 const struct sockaddr_in *sin;
00130 #endif
00131 struct in_addr best_addr;
00132 int best_score = -100;
00133 memset(&best_addr, 0, sizeof(best_addr));
00134
00135 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__)
00136 rtnerr = getifaddrs(&ifaphead);
00137 if (rtnerr) {
00138 perror(NULL);
00139 return -1;
00140 }
00141 #endif
00142
00143 s = socket(AF_INET, SOCK_STREAM, 0);
00144
00145 if (s > 0) {
00146 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__)
00147 for (ifap = ifaphead; ifap; ifap = ifap->ifa_next) {
00148
00149 if (ifap->ifa_addr && ifap->ifa_addr->sa_family == AF_INET) {
00150 sin = (const struct sockaddr_in *) ifap->ifa_addr;
00151 score_address(sin, &best_addr, &best_score);
00152 res = 0;
00153
00154 if (best_score == 0) {
00155 break;
00156 }
00157 }
00158 }
00159 #endif
00160
00161
00162 #ifdef SOLARIS
00163
00164 ifn.lifn_family = AF_INET;
00165 ifn.lifn_flags = 0;
00166 ifn.lifn_count = 0;
00167 if (ioctl(s, SIOCGLIFNUM, &ifn) < 0) {
00168 close(s);
00169 return -1;
00170 }
00171
00172 bufsz = ifn.lifn_count * sizeof(struct lifreq);
00173 if (!(buf = malloc(bufsz))) {
00174 close(s);
00175 return -1;
00176 }
00177 memset(buf, 0, bufsz);
00178
00179
00180 ifc.lifc_len = bufsz;
00181 ifc.lifc_buf = buf;
00182 ifc.lifc_family = AF_INET;
00183 ifc.lifc_flags = 0;
00184 if (ioctl(s, SIOCGLIFCONF, &ifc) < 0) {
00185 close(s);
00186 free(buf);
00187 return -1;
00188 }
00189
00190 for (ifr = ifc.lifc_req, x = 0; x < ifn.lifn_count; ifr++, x++) {
00191 sa = (struct sockaddr_in *)&(ifr->lifr_addr);
00192 score_address(sa, &best_addr, &best_score);
00193 res = 0;
00194
00195 if (best_score == 0) {
00196 break;
00197 }
00198 }
00199
00200 free(buf);
00201 #endif
00202
00203 close(s);
00204 }
00205 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__)
00206 freeifaddrs(ifaphead);
00207 #endif
00208
00209 if (res == 0 && ourip) {
00210 ast_sockaddr_setnull(ourip);
00211 ourip->ss.ss_family = AF_INET;
00212 ((struct sockaddr_in *)&ourip->ss)->sin_addr = best_addr;
00213 }
00214 return res;
00215 }
00216 #endif
00217
00218
00219 void ast_free_ha(struct ast_ha *ha)
00220 {
00221 struct ast_ha *hal;
00222 while (ha) {
00223 hal = ha;
00224 ha = ha->next;
00225 ast_free(hal);
00226 }
00227 }
00228
00229
00230 void ast_copy_ha(const struct ast_ha *from, struct ast_ha *to)
00231 {
00232 ast_sockaddr_copy(&to->addr, &from->addr);
00233 ast_sockaddr_copy(&to->netmask, &from->netmask);
00234 to->sense = from->sense;
00235 }
00236
00237
00238 static struct ast_ha *ast_duplicate_ha(struct ast_ha *original)
00239 {
00240 struct ast_ha *new_ha;
00241
00242 if ((new_ha = ast_calloc(1, sizeof(*new_ha)))) {
00243
00244 ast_copy_ha(original, new_ha);
00245 }
00246
00247 return new_ha;
00248 }
00249
00250
00251
00252 struct ast_ha *ast_duplicate_ha_list(struct ast_ha *original)
00253 {
00254 struct ast_ha *start = original;
00255 struct ast_ha *ret = NULL;
00256 struct ast_ha *current, *prev = NULL;
00257
00258 while (start) {
00259 current = ast_duplicate_ha(start);
00260 if (prev) {
00261 prev->next = current;
00262 }
00263
00264 if (!ret) {
00265 ret = current;
00266 }
00267
00268 start = start->next;
00269 prev = current;
00270 }
00271 return ret;
00272 }
00273
00274
00275
00276
00277
00278
00279
00280
00281
00282
00283
00284 #define V6_WORD(sin6, index) ((uint32_t *)&((sin6)->sin6_addr))[(index)]
00285
00286
00287
00288
00289
00290
00291
00292
00293
00294
00295
00296
00297
00298
00299
00300 static int apply_netmask(const struct ast_sockaddr *addr, const struct ast_sockaddr *netmask,
00301 struct ast_sockaddr *result)
00302 {
00303 int res = 0;
00304
00305 if (ast_sockaddr_is_ipv4(addr)) {
00306 struct sockaddr_in result4 = { 0, };
00307 struct sockaddr_in *addr4 = (struct sockaddr_in *) &addr->ss;
00308 struct sockaddr_in *mask4 = (struct sockaddr_in *) &netmask->ss;
00309 result4.sin_family = AF_INET;
00310 result4.sin_addr.s_addr = addr4->sin_addr.s_addr & mask4->sin_addr.s_addr;
00311 ast_sockaddr_from_sin(result, &result4);
00312 } else if (ast_sockaddr_is_ipv6(addr)) {
00313 struct sockaddr_in6 result6 = { 0, };
00314 struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) &addr->ss;
00315 struct sockaddr_in6 *mask6 = (struct sockaddr_in6 *) &netmask->ss;
00316 int i;
00317 result6.sin6_family = AF_INET6;
00318 for (i = 0; i < 4; ++i) {
00319 V6_WORD(&result6, i) = V6_WORD(addr6, i) & V6_WORD(mask6, i);
00320 }
00321 memcpy(&result->ss, &result6, sizeof(result6));
00322 result->len = sizeof(result6);
00323 } else {
00324
00325 res = -1;
00326 }
00327
00328 return res;
00329 }
00330
00331
00332
00333
00334
00335
00336
00337
00338
00339
00340
00341
00342
00343
00344
00345
00346
00347 static int parse_cidr_mask(struct ast_sockaddr *addr, int is_v4, const char *mask_str)
00348 {
00349 int mask;
00350
00351 if (sscanf(mask_str, "%30d", &mask) != 1) {
00352 return -1;
00353 }
00354
00355 if (is_v4) {
00356 struct sockaddr_in sin;
00357 if (mask < 0 || mask > 32) {
00358 return -1;
00359 }
00360 memset(&sin, 0, sizeof(sin));
00361 sin.sin_family = AF_INET;
00362
00363
00364
00365
00366 if (mask != 0) {
00367 sin.sin_addr.s_addr = htonl(0xFFFFFFFF << (32 - mask));
00368 }
00369 ast_sockaddr_from_sin(addr, &sin);
00370 } else {
00371 struct sockaddr_in6 sin6;
00372 int i;
00373 if (mask < 0 || mask > 128) {
00374 return -1;
00375 }
00376 memset(&sin6, 0, sizeof(sin6));
00377 sin6.sin6_family = AF_INET6;
00378 for (i = 0; i < 4; ++i) {
00379
00380
00381
00382
00383 if (mask > 0) {
00384 V6_WORD(&sin6, i) = htonl(0xFFFFFFFF << (mask < 32 ? (32 - mask) : 0));
00385 mask -= mask < 32 ? mask : 32;
00386 }
00387 }
00388 memcpy(&addr->ss, &sin6, sizeof(sin6));
00389 addr->len = sizeof(sin6);
00390 }
00391
00392 return 0;
00393 }
00394
00395 struct ast_ha *ast_append_ha(const char *sense, const char *stuff, struct ast_ha *path, int *error)
00396 {
00397 struct ast_ha *ha;
00398 struct ast_ha *prev = NULL;
00399 struct ast_ha *ret;
00400 char *tmp = ast_strdupa(stuff);
00401 char *address = NULL, *mask = NULL;
00402 int addr_is_v4;
00403
00404 ret = path;
00405 while (path) {
00406 prev = path;
00407 path = path->next;
00408 }
00409
00410 if (!(ha = ast_calloc(1, sizeof(*ha)))) {
00411 return ret;
00412 }
00413
00414 address = strsep(&tmp, "/");
00415 if (!address) {
00416 address = tmp;
00417 } else {
00418 mask = tmp;
00419 }
00420
00421 if (!ast_sockaddr_parse(&ha->addr, address, PARSE_PORT_FORBID)) {
00422 ast_log(LOG_WARNING, "Invalid IP address: %s\n", address);
00423 ast_free_ha(ha);
00424 *error = 1;
00425 return ret;
00426 }
00427
00428
00429
00430
00431 if (ast_sockaddr_ipv4_mapped(&ha->addr, &ha->addr)) {
00432 ast_log(LOG_NOTICE, "IPv4-mapped ACL network address specified. "
00433 "Converting to an IPv4 ACL network address.\n");
00434 }
00435
00436 addr_is_v4 = ast_sockaddr_is_ipv4(&ha->addr);
00437
00438 if (!mask) {
00439 parse_cidr_mask(&ha->netmask, addr_is_v4, addr_is_v4 ? "32" : "128");
00440 } else if (strchr(mask, ':') || strchr(mask, '.')) {
00441 int mask_is_v4;
00442
00443 if (!ast_sockaddr_parse(&ha->netmask, mask, PARSE_PORT_FORBID)) {
00444 ast_log(LOG_WARNING, "Invalid netmask: %s\n", mask);
00445 ast_free_ha(ha);
00446 *error = 1;
00447 return ret;
00448 }
00449
00450
00451
00452 if (ast_sockaddr_ipv4_mapped(&ha->netmask, &ha->netmask)) {
00453 ast_log(LOG_NOTICE, "IPv4-mapped ACL netmask specified. "
00454 "Converting to an IPv4 ACL netmask.\n");
00455 }
00456 mask_is_v4 = ast_sockaddr_is_ipv4(&ha->netmask);
00457 if (addr_is_v4 ^ mask_is_v4) {
00458 ast_log(LOG_WARNING, "Address and mask are not using same address scheme.\n");
00459 ast_free_ha(ha);
00460 *error = 1;
00461 return ret;
00462 }
00463 } else if (parse_cidr_mask(&ha->netmask, addr_is_v4, mask)) {
00464 ast_log(LOG_WARNING, "Invalid CIDR netmask: %s\n", mask);
00465 ast_free_ha(ha);
00466 *error = 1;
00467 return ret;
00468 }
00469
00470 if (apply_netmask(&ha->addr, &ha->netmask, &ha->addr)) {
00471
00472
00473
00474 char *failmask = ast_strdupa(ast_sockaddr_stringify(&ha->netmask));
00475 char *failaddr = ast_strdupa(ast_sockaddr_stringify(&ha->addr));
00476 ast_log(LOG_WARNING, "Unable to apply netmask %s to address %s\n", failmask, failaddr);
00477 ast_free_ha(ha);
00478 *error = 1;
00479 return ret;
00480 }
00481
00482 ha->sense = strncasecmp(sense, "p", 1) ? AST_SENSE_DENY : AST_SENSE_ALLOW;
00483
00484 ha->next = NULL;
00485 if (prev) {
00486 prev->next = ha;
00487 } else {
00488 ret = ha;
00489 }
00490
00491 {
00492 const char *addr = ast_strdupa(ast_sockaddr_stringify(&ha->addr));
00493 const char *mask = ast_strdupa(ast_sockaddr_stringify(&ha->netmask));
00494
00495 ast_debug(1, "%s/%s sense %d appended to acl for peer\n", addr, mask, ha->sense);
00496 }
00497
00498 return ret;
00499 }
00500
00501 int ast_apply_ha(const struct ast_ha *ha, const struct ast_sockaddr *addr)
00502 {
00503
00504 int res = AST_SENSE_ALLOW;
00505 const struct ast_ha *current_ha;
00506
00507 for (current_ha = ha; current_ha; current_ha = current_ha->next) {
00508 struct ast_sockaddr result;
00509 struct ast_sockaddr mapped_addr;
00510 const struct ast_sockaddr *addr_to_use;
00511 #if 0
00512 char iabuf[INET_ADDRSTRLEN];
00513 char iabuf2[INET_ADDRSTRLEN];
00514
00515 ast_copy_string(iabuf, ast_inet_ntoa(sin->sin_addr), sizeof(iabuf));
00516 ast_copy_string(iabuf2, ast_inet_ntoa(ha->netaddr), sizeof(iabuf2));
00517 ast_debug(1, "##### Testing %s with %s\n", iabuf, iabuf2);
00518 #endif
00519 if (ast_sockaddr_is_ipv4(&ha->addr)) {
00520 if (ast_sockaddr_is_ipv6(addr)) {
00521 if (ast_sockaddr_is_ipv4_mapped(addr)) {
00522
00523 ast_sockaddr_ipv4_mapped(addr, &mapped_addr);
00524 addr_to_use = &mapped_addr;
00525 } else {
00526
00527 continue;
00528 }
00529 } else {
00530
00531 addr_to_use = addr;
00532 }
00533 } else {
00534 if (ast_sockaddr_is_ipv6(addr) && !ast_sockaddr_is_ipv4_mapped(addr)) {
00535 addr_to_use = addr;
00536 } else {
00537
00538 continue;
00539 }
00540 }
00541
00542
00543
00544 if (apply_netmask(addr_to_use, ¤t_ha->netmask, &result)) {
00545
00546 continue;
00547 }
00548 if (!ast_sockaddr_cmp_addr(&result, ¤t_ha->addr)) {
00549 res = current_ha->sense;
00550 }
00551 }
00552 return res;
00553 }
00554
00555 static int resolve_first(struct ast_sockaddr *addr, const char *name, int flag,
00556 int family)
00557 {
00558 struct ast_sockaddr *addrs;
00559 int addrs_cnt;
00560
00561 addrs_cnt = ast_sockaddr_resolve(&addrs, name, flag, family);
00562 if (addrs_cnt > 0) {
00563 if (addrs_cnt > 1) {
00564 ast_debug(1, "Multiple addresses. Using the first only\n");
00565 }
00566 ast_sockaddr_copy(addr, &addrs[0]);
00567 ast_free(addrs);
00568 } else {
00569 ast_log(LOG_WARNING, "Unable to lookup '%s'\n", name);
00570 return -1;
00571 }
00572
00573 return 0;
00574 }
00575
00576 int ast_get_ip_or_srv(struct ast_sockaddr *addr, const char *value, const char *service)
00577 {
00578 char srv[256];
00579 char host[256];
00580 int srv_ret = 0;
00581 int tportno;
00582
00583 if (service) {
00584 snprintf(srv, sizeof(srv), "%s.%s", service, value);
00585 if ((srv_ret = ast_get_srv(NULL, host, sizeof(host), &tportno, srv)) > 0) {
00586 value = host;
00587 }
00588 }
00589
00590 if (resolve_first(addr, value, PARSE_PORT_FORBID, addr->ss.ss_family) != 0) {
00591 return -1;
00592 }
00593
00594 if (srv_ret > 0) {
00595 ast_sockaddr_set_port(addr, tportno);
00596 }
00597
00598 return 0;
00599 }
00600
00601 struct dscp_codepoint {
00602 char *name;
00603 unsigned int space;
00604 };
00605
00606
00607
00608 static const struct dscp_codepoint dscp_pool1[] = {
00609 { "CS0", 0x00 },
00610 { "CS1", 0x08 },
00611 { "CS2", 0x10 },
00612 { "CS3", 0x18 },
00613 { "CS4", 0x20 },
00614 { "CS5", 0x28 },
00615 { "CS6", 0x30 },
00616 { "CS7", 0x38 },
00617 { "AF11", 0x0A },
00618 { "AF12", 0x0C },
00619 { "AF13", 0x0E },
00620 { "AF21", 0x12 },
00621 { "AF22", 0x14 },
00622 { "AF23", 0x16 },
00623 { "AF31", 0x1A },
00624 { "AF32", 0x1C },
00625 { "AF33", 0x1E },
00626 { "AF41", 0x22 },
00627 { "AF42", 0x24 },
00628 { "AF43", 0x26 },
00629 { "EF", 0x2E },
00630 };
00631
00632 int ast_str2cos(const char *value, unsigned int *cos)
00633 {
00634 int fval;
00635
00636 if (sscanf(value, "%30d", &fval) == 1) {
00637 if (fval < 8) {
00638 *cos = fval;
00639 return 0;
00640 }
00641 }
00642
00643 return -1;
00644 }
00645
00646 int ast_str2tos(const char *value, unsigned int *tos)
00647 {
00648 int fval;
00649 unsigned int x;
00650
00651 if (sscanf(value, "%30i", &fval) == 1) {
00652 *tos = fval & 0xFF;
00653 return 0;
00654 }
00655
00656 for (x = 0; x < ARRAY_LEN(dscp_pool1); x++) {
00657 if (!strcasecmp(value, dscp_pool1[x].name)) {
00658 *tos = dscp_pool1[x].space << 2;
00659 return 0;
00660 }
00661 }
00662
00663 return -1;
00664 }
00665
00666 const char *ast_tos2str(unsigned int tos)
00667 {
00668 unsigned int x;
00669
00670 for (x = 0; x < ARRAY_LEN(dscp_pool1); x++) {
00671 if (dscp_pool1[x].space == (tos >> 2)) {
00672 return dscp_pool1[x].name;
00673 }
00674 }
00675
00676 return "unknown";
00677 }
00678
00679 int ast_get_ip(struct ast_sockaddr *addr, const char *value)
00680 {
00681 return ast_get_ip_or_srv(addr, value, NULL);
00682 }
00683
00684 int ast_ouraddrfor(const struct ast_sockaddr *them, struct ast_sockaddr *us)
00685 {
00686 int port;
00687 int s;
00688
00689 port = ast_sockaddr_port(us);
00690
00691 if ((s = socket(ast_sockaddr_is_ipv6(them) ? AF_INET6 : AF_INET,
00692 SOCK_DGRAM, 0)) < 0) {
00693 ast_log(LOG_ERROR, "Cannot create socket\n");
00694 return -1;
00695 }
00696
00697 if (ast_connect(s, them)) {
00698 ast_log(LOG_WARNING, "Cannot connect\n");
00699 close(s);
00700 return -1;
00701 }
00702 if (ast_getsockname(s, us)) {
00703
00704 ast_log(LOG_WARNING, "Cannot get socket name\n");
00705 close(s);
00706 return -1;
00707 }
00708 close(s);
00709
00710 {
00711 const char *them_addr = ast_strdupa(ast_sockaddr_stringify_addr(them));
00712 const char *us_addr = ast_strdupa(ast_sockaddr_stringify_addr(us));
00713
00714 ast_debug(3, "For destination '%s', our source address is '%s'.\n",
00715 them_addr, us_addr);
00716 }
00717
00718 ast_sockaddr_set_port(us, port);
00719
00720 return 0;
00721 }
00722
00723 int ast_find_ourip(struct ast_sockaddr *ourip, const struct ast_sockaddr *bindaddr, int family)
00724 {
00725 char ourhost[MAXHOSTNAMELEN] = "";
00726 struct ast_sockaddr root;
00727
00728
00729 if (!ast_sockaddr_is_any(bindaddr)) {
00730 ast_sockaddr_copy(ourip, bindaddr);
00731 ast_debug(3, "Attached to given IP address\n");
00732 return 0;
00733 }
00734
00735 if (gethostname(ourhost, sizeof(ourhost) - 1)) {
00736 ast_log(LOG_WARNING, "Unable to get hostname\n");
00737 } else {
00738 if (resolve_first(ourip, ourhost, PARSE_PORT_FORBID, family) == 0) {
00739 return 0;
00740 }
00741 }
00742 ast_debug(3, "Trying to check A.ROOT-SERVERS.NET and get our IP address for that connection\n");
00743
00744 if (!resolve_first(&root, "A.ROOT-SERVERS.NET", PARSE_PORT_FORBID, 0) &&
00745 !ast_ouraddrfor(&root, ourip)) {
00746 return 0;
00747 }
00748 return get_local_address(ourip);
00749 }
00750