00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026 #include "asterisk.h"
00027
00028 ASTERISK_FILE_VERSION(__FILE__, "$Revision: 304638 $")
00029
00030 #include "asterisk/network.h"
00031
00032 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__Darwin__)
00033 #include <fcntl.h>
00034 #include <net/route.h>
00035 #endif
00036
00037 #if defined(SOLARIS)
00038 #include <sys/sockio.h>
00039 #include <net/if.h>
00040 #elif defined(HAVE_GETIFADDRS)
00041 #include <ifaddrs.h>
00042 #endif
00043
00044 #include "asterisk/acl.h"
00045 #include "asterisk/channel.h"
00046 #include "asterisk/utils.h"
00047 #include "asterisk/lock.h"
00048 #include "asterisk/srv.h"
00049
00050 #if (!defined(SOLARIS) && !defined(HAVE_GETIFADDRS))
00051 static int get_local_address(struct ast_sockaddr *ourip)
00052 {
00053 return -1;
00054 }
00055 #else
00056 static void score_address(const struct sockaddr_in *sin, struct in_addr *best_addr, int *best_score)
00057 {
00058 const char *address;
00059 int score;
00060
00061 address = ast_inet_ntoa(sin->sin_addr);
00062
00063
00064 if (address[0] == '0') {
00065 score = -25;
00066
00067 } else if (strncmp(address, "127", 3) == 0) {
00068 score = -20;
00069
00070 } else if (strncmp(address, "10.", 3) == 0) {
00071 score = -5;
00072
00073 } else if (strncmp(address, "172", 3) == 0) {
00074
00075 if (address[4] == '1' && address[5] >= '6' && address[6] == '.') {
00076 score = -5;
00077
00078 } else if (address[4] == '2' && address[6] == '.') {
00079 score = -5;
00080
00081 } else if (address[4] == '3' && (address[5] == '0' || address[5] == '1')) {
00082 score = -5;
00083
00084 } else {
00085 score = 0;
00086 }
00087
00088 } else if (strncmp(address, "198.1", 5) == 0 && address[5] >= '8' && address[6] == '.') {
00089 score = -10;
00090
00091 } else if (strncmp(address, "192.168", 7) == 0) {
00092 score = -5;
00093
00094 } else if (strncmp(address, "169.254", 7) == 0) {
00095
00096
00097
00098
00099
00100 score = -10;
00101
00102 } else if (strncmp(address, "192.0.2.", 8) == 0) {
00103 score = -15;
00104
00105 } else {
00106 score = 0;
00107 }
00108
00109 if (score > *best_score) {
00110 *best_score = score;
00111 memcpy(best_addr, &sin->sin_addr, sizeof(*best_addr));
00112 }
00113 }
00114
00115 static int get_local_address(struct ast_sockaddr *ourip)
00116 {
00117 int s, res = -1;
00118 #ifdef SOLARIS
00119 struct lifreq *ifr = NULL;
00120 struct lifnum ifn;
00121 struct lifconf ifc;
00122 struct sockaddr_in *sa;
00123 char *buf = NULL;
00124 int bufsz, x;
00125 #endif
00126 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__)
00127 struct ifaddrs *ifap, *ifaphead;
00128 int rtnerr;
00129 const struct sockaddr_in *sin;
00130 #endif
00131 struct in_addr best_addr;
00132 int best_score = -100;
00133 memset(&best_addr, 0, sizeof(best_addr));
00134
00135 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__)
00136 rtnerr = getifaddrs(&ifaphead);
00137 if (rtnerr) {
00138 perror(NULL);
00139 return -1;
00140 }
00141 #endif
00142
00143 s = socket(AF_INET, SOCK_STREAM, 0);
00144
00145 if (s > 0) {
00146 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__)
00147 for (ifap = ifaphead; ifap; ifap = ifap->ifa_next) {
00148
00149 if (ifap->ifa_addr && ifap->ifa_addr->sa_family == AF_INET) {
00150 sin = (const struct sockaddr_in *) ifap->ifa_addr;
00151 score_address(sin, &best_addr, &best_score);
00152 res = 0;
00153
00154 if (best_score == 0) {
00155 break;
00156 }
00157 }
00158 }
00159 #endif
00160
00161
00162 #ifdef SOLARIS
00163
00164 ifn.lifn_family = AF_INET;
00165 ifn.lifn_flags = 0;
00166 ifn.lifn_count = 0;
00167 if (ioctl(s, SIOCGLIFNUM, &ifn) < 0) {
00168 close(s);
00169 return -1;
00170 }
00171
00172 bufsz = ifn.lifn_count * sizeof(struct lifreq);
00173 if (!(buf = malloc(bufsz))) {
00174 close(s);
00175 return -1;
00176 }
00177 memset(buf, 0, bufsz);
00178
00179
00180 ifc.lifc_len = bufsz;
00181 ifc.lifc_buf = buf;
00182 ifc.lifc_family = AF_INET;
00183 ifc.lifc_flags = 0;
00184 if (ioctl(s, SIOCGLIFCONF, &ifc) < 0) {
00185 close(s);
00186 free(buf);
00187 return -1;
00188 }
00189
00190 for (ifr = ifc.lifc_req, x = 0; x < ifn.lifn_count; ifr++, x++) {
00191 sa = (struct sockaddr_in *)&(ifr->lifr_addr);
00192 score_address(sa, &best_addr, &best_score);
00193 res = 0;
00194
00195 if (best_score == 0) {
00196 break;
00197 }
00198 }
00199
00200 free(buf);
00201 #endif
00202
00203 close(s);
00204 }
00205 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__)
00206 freeifaddrs(ifaphead);
00207 #endif
00208
00209 if (res == 0 && ourip) {
00210 ast_sockaddr_setnull(ourip);
00211 ourip->ss.ss_family = AF_INET;
00212 ((struct sockaddr_in *)&ourip->ss)->sin_addr = best_addr;
00213 }
00214 return res;
00215 }
00216 #endif
00217
00218
00219 void ast_free_ha(struct ast_ha *ha)
00220 {
00221 struct ast_ha *hal;
00222 while (ha) {
00223 hal = ha;
00224 ha = ha->next;
00225 ast_free(hal);
00226 }
00227 }
00228
00229
00230 void ast_copy_ha(const struct ast_ha *from, struct ast_ha *to)
00231 {
00232 ast_sockaddr_copy(&to->addr, &from->addr);
00233 ast_sockaddr_copy(&to->netmask, &from->netmask);
00234 to->sense = from->sense;
00235 }
00236
00237
00238 static struct ast_ha *ast_duplicate_ha(struct ast_ha *original)
00239 {
00240 struct ast_ha *new_ha;
00241
00242 if ((new_ha = ast_calloc(1, sizeof(*new_ha)))) {
00243
00244 ast_copy_ha(original, new_ha);
00245 }
00246
00247 return new_ha;
00248 }
00249
00250
00251
00252 struct ast_ha *ast_duplicate_ha_list(struct ast_ha *original)
00253 {
00254 struct ast_ha *start = original;
00255 struct ast_ha *ret = NULL;
00256 struct ast_ha *current, *prev = NULL;
00257
00258 while (start) {
00259 current = ast_duplicate_ha(start);
00260 if (prev) {
00261 prev->next = current;
00262 }
00263
00264 if (!ret) {
00265 ret = current;
00266 }
00267
00268 start = start->next;
00269 prev = current;
00270 }
00271 return ret;
00272 }
00273
00274
00275
00276
00277
00278
00279
00280
00281
00282
00283
00284 #define V6_WORD(sin6, index) ((uint32_t *)&((sin6)->sin6_addr))[(index)]
00285
00286
00287
00288
00289
00290
00291
00292
00293
00294
00295
00296
00297
00298
00299
00300 static int apply_netmask(const struct ast_sockaddr *addr, const struct ast_sockaddr *netmask,
00301 struct ast_sockaddr *result)
00302 {
00303 int res = 0;
00304
00305 if (ast_sockaddr_is_ipv4(addr)) {
00306 struct sockaddr_in result4 = { 0, };
00307 struct sockaddr_in *addr4 = (struct sockaddr_in *) &addr->ss;
00308 struct sockaddr_in *mask4 = (struct sockaddr_in *) &netmask->ss;
00309 result4.sin_family = AF_INET;
00310 result4.sin_addr.s_addr = addr4->sin_addr.s_addr & mask4->sin_addr.s_addr;
00311 ast_sockaddr_from_sin(result, &result4);
00312 } else if (ast_sockaddr_is_ipv6(addr)) {
00313 struct sockaddr_in6 result6 = { 0, };
00314 struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) &addr->ss;
00315 struct sockaddr_in6 *mask6 = (struct sockaddr_in6 *) &netmask->ss;
00316 int i;
00317 result6.sin6_family = AF_INET6;
00318 for (i = 0; i < 4; ++i) {
00319 V6_WORD(&result6, i) = V6_WORD(addr6, i) & V6_WORD(mask6, i);
00320 }
00321 memcpy(&result->ss, &result6, sizeof(result6));
00322 result->len = sizeof(result6);
00323 } else {
00324
00325 res = -1;
00326 }
00327
00328 return res;
00329 }
00330
00331
00332
00333
00334
00335
00336
00337
00338
00339
00340
00341
00342
00343
00344
00345
00346
00347 static int parse_cidr_mask(struct ast_sockaddr *addr, int is_v4, const char *mask_str)
00348 {
00349 int mask;
00350
00351 if (sscanf(mask_str, "%30d", &mask) != 1) {
00352 return -1;
00353 }
00354
00355 if (is_v4) {
00356 struct sockaddr_in sin;
00357 if (mask < 0 || mask > 32) {
00358 return -1;
00359 }
00360 memset(&sin, 0, sizeof(sin));
00361 sin.sin_family = AF_INET;
00362
00363
00364
00365
00366 if (mask != 0) {
00367 sin.sin_addr.s_addr = htonl(0xFFFFFFFF << (32 - mask));
00368 }
00369 ast_sockaddr_from_sin(addr, &sin);
00370 } else {
00371 struct sockaddr_in6 sin6;
00372 int i;
00373 if (mask < 0 || mask > 128) {
00374 return -1;
00375 }
00376 memset(&sin6, 0, sizeof(sin6));
00377 sin6.sin6_family = AF_INET6;
00378 for (i = 0; i < 4; ++i) {
00379
00380
00381
00382
00383 if (mask > 0) {
00384 V6_WORD(&sin6, i) = htonl(0xFFFFFFFF << (mask < 32 ? (32 - mask) : 0));
00385 mask -= mask < 32 ? mask : 32;
00386 }
00387 }
00388 memcpy(&addr->ss, &sin6, sizeof(sin6));
00389 addr->len = sizeof(sin6);
00390 }
00391
00392 return 0;
00393 }
00394
00395 struct ast_ha *ast_append_ha(const char *sense, const char *stuff, struct ast_ha *path, int *error)
00396 {
00397 struct ast_ha *ha;
00398 struct ast_ha *prev = NULL;
00399 struct ast_ha *ret;
00400 char *tmp = ast_strdupa(stuff);
00401 char *address = NULL, *mask = NULL;
00402 int addr_is_v4;
00403
00404 ret = path;
00405 while (path) {
00406 prev = path;
00407 path = path->next;
00408 }
00409
00410 if (!(ha = ast_calloc(1, sizeof(*ha)))) {
00411 return ret;
00412 }
00413
00414 address = strsep(&tmp, "/");
00415 if (!address) {
00416 address = tmp;
00417 } else {
00418 mask = tmp;
00419 }
00420
00421 if (!ast_sockaddr_parse(&ha->addr, address, PARSE_PORT_FORBID)) {
00422 ast_log(LOG_WARNING, "Invalid IP address: %s\n", address);
00423 ast_free_ha(ha);
00424 if (error) {
00425 *error = 1;
00426 }
00427 return ret;
00428 }
00429
00430
00431
00432
00433 if (ast_sockaddr_ipv4_mapped(&ha->addr, &ha->addr)) {
00434 ast_log(LOG_NOTICE, "IPv4-mapped ACL network address specified. "
00435 "Converting to an IPv4 ACL network address.\n");
00436 }
00437
00438 addr_is_v4 = ast_sockaddr_is_ipv4(&ha->addr);
00439
00440 if (!mask) {
00441 parse_cidr_mask(&ha->netmask, addr_is_v4, addr_is_v4 ? "32" : "128");
00442 } else if (strchr(mask, ':') || strchr(mask, '.')) {
00443 int mask_is_v4;
00444
00445 if (!ast_sockaddr_parse(&ha->netmask, mask, PARSE_PORT_FORBID)) {
00446 ast_log(LOG_WARNING, "Invalid netmask: %s\n", mask);
00447 ast_free_ha(ha);
00448 if (error) {
00449 *error = 1;
00450 }
00451 return ret;
00452 }
00453
00454
00455
00456 if (ast_sockaddr_ipv4_mapped(&ha->netmask, &ha->netmask)) {
00457 ast_log(LOG_NOTICE, "IPv4-mapped ACL netmask specified. "
00458 "Converting to an IPv4 ACL netmask.\n");
00459 }
00460 mask_is_v4 = ast_sockaddr_is_ipv4(&ha->netmask);
00461 if (addr_is_v4 ^ mask_is_v4) {
00462 ast_log(LOG_WARNING, "Address and mask are not using same address scheme.\n");
00463 ast_free_ha(ha);
00464 if (error) {
00465 *error = 1;
00466 }
00467 return ret;
00468 }
00469 } else if (parse_cidr_mask(&ha->netmask, addr_is_v4, mask)) {
00470 ast_log(LOG_WARNING, "Invalid CIDR netmask: %s\n", mask);
00471 ast_free_ha(ha);
00472 if (error) {
00473 *error = 1;
00474 }
00475 return ret;
00476 }
00477
00478 if (apply_netmask(&ha->addr, &ha->netmask, &ha->addr)) {
00479
00480
00481
00482 char *failmask = ast_strdupa(ast_sockaddr_stringify(&ha->netmask));
00483 char *failaddr = ast_strdupa(ast_sockaddr_stringify(&ha->addr));
00484 ast_log(LOG_WARNING, "Unable to apply netmask %s to address %s\n", failmask, failaddr);
00485 ast_free_ha(ha);
00486 if (error) {
00487 *error = 1;
00488 }
00489 return ret;
00490 }
00491
00492 ha->sense = strncasecmp(sense, "p", 1) ? AST_SENSE_DENY : AST_SENSE_ALLOW;
00493
00494 ha->next = NULL;
00495 if (prev) {
00496 prev->next = ha;
00497 } else {
00498 ret = ha;
00499 }
00500
00501 {
00502 const char *addr = ast_strdupa(ast_sockaddr_stringify(&ha->addr));
00503 const char *mask = ast_strdupa(ast_sockaddr_stringify(&ha->netmask));
00504
00505 ast_debug(1, "%s/%s sense %d appended to acl for peer\n", addr, mask, ha->sense);
00506 }
00507
00508 return ret;
00509 }
00510
00511 int ast_apply_ha(const struct ast_ha *ha, const struct ast_sockaddr *addr)
00512 {
00513
00514 int res = AST_SENSE_ALLOW;
00515 const struct ast_ha *current_ha;
00516
00517 for (current_ha = ha; current_ha; current_ha = current_ha->next) {
00518 struct ast_sockaddr result;
00519 struct ast_sockaddr mapped_addr;
00520 const struct ast_sockaddr *addr_to_use;
00521 #if 0
00522 char iabuf[INET_ADDRSTRLEN];
00523 char iabuf2[INET_ADDRSTRLEN];
00524
00525 ast_copy_string(iabuf, ast_inet_ntoa(sin->sin_addr), sizeof(iabuf));
00526 ast_copy_string(iabuf2, ast_inet_ntoa(ha->netaddr), sizeof(iabuf2));
00527 ast_debug(1, "##### Testing %s with %s\n", iabuf, iabuf2);
00528 #endif
00529 if (ast_sockaddr_is_ipv4(&ha->addr)) {
00530 if (ast_sockaddr_is_ipv6(addr)) {
00531 if (ast_sockaddr_is_ipv4_mapped(addr)) {
00532
00533 ast_sockaddr_ipv4_mapped(addr, &mapped_addr);
00534 addr_to_use = &mapped_addr;
00535 } else {
00536
00537 continue;
00538 }
00539 } else {
00540
00541 addr_to_use = addr;
00542 }
00543 } else {
00544 if (ast_sockaddr_is_ipv6(addr) && !ast_sockaddr_is_ipv4_mapped(addr)) {
00545 addr_to_use = addr;
00546 } else {
00547
00548 continue;
00549 }
00550 }
00551
00552
00553
00554 if (apply_netmask(addr_to_use, ¤t_ha->netmask, &result)) {
00555
00556 continue;
00557 }
00558 if (!ast_sockaddr_cmp_addr(&result, ¤t_ha->addr)) {
00559 res = current_ha->sense;
00560 }
00561 }
00562 return res;
00563 }
00564
00565 static int resolve_first(struct ast_sockaddr *addr, const char *name, int flag,
00566 int family)
00567 {
00568 struct ast_sockaddr *addrs;
00569 int addrs_cnt;
00570
00571 addrs_cnt = ast_sockaddr_resolve(&addrs, name, flag, family);
00572 if (addrs_cnt > 0) {
00573 if (addrs_cnt > 1) {
00574 ast_debug(1, "Multiple addresses. Using the first only\n");
00575 }
00576 ast_sockaddr_copy(addr, &addrs[0]);
00577 ast_free(addrs);
00578 } else {
00579 ast_log(LOG_WARNING, "Unable to lookup '%s'\n", name);
00580 return -1;
00581 }
00582
00583 return 0;
00584 }
00585
00586 int ast_get_ip_or_srv(struct ast_sockaddr *addr, const char *value, const char *service)
00587 {
00588 char srv[256];
00589 char host[256];
00590 int srv_ret = 0;
00591 int tportno;
00592
00593 if (service) {
00594 snprintf(srv, sizeof(srv), "%s.%s", service, value);
00595 if ((srv_ret = ast_get_srv(NULL, host, sizeof(host), &tportno, srv)) > 0) {
00596 value = host;
00597 }
00598 }
00599
00600 if (resolve_first(addr, value, PARSE_PORT_FORBID, addr->ss.ss_family) != 0) {
00601 return -1;
00602 }
00603
00604 if (srv_ret > 0) {
00605 ast_sockaddr_set_port(addr, tportno);
00606 }
00607
00608 return 0;
00609 }
00610
00611 struct dscp_codepoint {
00612 char *name;
00613 unsigned int space;
00614 };
00615
00616
00617
00618 static const struct dscp_codepoint dscp_pool1[] = {
00619 { "CS0", 0x00 },
00620 { "CS1", 0x08 },
00621 { "CS2", 0x10 },
00622 { "CS3", 0x18 },
00623 { "CS4", 0x20 },
00624 { "CS5", 0x28 },
00625 { "CS6", 0x30 },
00626 { "CS7", 0x38 },
00627 { "AF11", 0x0A },
00628 { "AF12", 0x0C },
00629 { "AF13", 0x0E },
00630 { "AF21", 0x12 },
00631 { "AF22", 0x14 },
00632 { "AF23", 0x16 },
00633 { "AF31", 0x1A },
00634 { "AF32", 0x1C },
00635 { "AF33", 0x1E },
00636 { "AF41", 0x22 },
00637 { "AF42", 0x24 },
00638 { "AF43", 0x26 },
00639 { "EF", 0x2E },
00640 };
00641
00642 int ast_str2cos(const char *value, unsigned int *cos)
00643 {
00644 int fval;
00645
00646 if (sscanf(value, "%30d", &fval) == 1) {
00647 if (fval < 8) {
00648 *cos = fval;
00649 return 0;
00650 }
00651 }
00652
00653 return -1;
00654 }
00655
00656 int ast_str2tos(const char *value, unsigned int *tos)
00657 {
00658 int fval;
00659 unsigned int x;
00660
00661 if (sscanf(value, "%30i", &fval) == 1) {
00662 *tos = fval & 0xFF;
00663 return 0;
00664 }
00665
00666 for (x = 0; x < ARRAY_LEN(dscp_pool1); x++) {
00667 if (!strcasecmp(value, dscp_pool1[x].name)) {
00668 *tos = dscp_pool1[x].space << 2;
00669 return 0;
00670 }
00671 }
00672
00673 return -1;
00674 }
00675
00676 const char *ast_tos2str(unsigned int tos)
00677 {
00678 unsigned int x;
00679
00680 for (x = 0; x < ARRAY_LEN(dscp_pool1); x++) {
00681 if (dscp_pool1[x].space == (tos >> 2)) {
00682 return dscp_pool1[x].name;
00683 }
00684 }
00685
00686 return "unknown";
00687 }
00688
00689 int ast_get_ip(struct ast_sockaddr *addr, const char *value)
00690 {
00691 return ast_get_ip_or_srv(addr, value, NULL);
00692 }
00693
00694 int ast_ouraddrfor(const struct ast_sockaddr *them, struct ast_sockaddr *us)
00695 {
00696 int port;
00697 int s;
00698
00699 port = ast_sockaddr_port(us);
00700
00701 if ((s = socket(ast_sockaddr_is_ipv6(them) ? AF_INET6 : AF_INET,
00702 SOCK_DGRAM, 0)) < 0) {
00703 ast_log(LOG_ERROR, "Cannot create socket\n");
00704 return -1;
00705 }
00706
00707 if (ast_connect(s, them)) {
00708 ast_log(LOG_WARNING, "Cannot connect\n");
00709 close(s);
00710 return -1;
00711 }
00712 if (ast_getsockname(s, us)) {
00713
00714 ast_log(LOG_WARNING, "Cannot get socket name\n");
00715 close(s);
00716 return -1;
00717 }
00718 close(s);
00719
00720 {
00721 const char *them_addr = ast_strdupa(ast_sockaddr_stringify_addr(them));
00722 const char *us_addr = ast_strdupa(ast_sockaddr_stringify_addr(us));
00723
00724 ast_debug(3, "For destination '%s', our source address is '%s'.\n",
00725 them_addr, us_addr);
00726 }
00727
00728 ast_sockaddr_set_port(us, port);
00729
00730 return 0;
00731 }
00732
00733 int ast_find_ourip(struct ast_sockaddr *ourip, const struct ast_sockaddr *bindaddr, int family)
00734 {
00735 char ourhost[MAXHOSTNAMELEN] = "";
00736 struct ast_sockaddr root;
00737
00738
00739 if (!ast_sockaddr_is_any(bindaddr)) {
00740 ast_sockaddr_copy(ourip, bindaddr);
00741 ast_debug(3, "Attached to given IP address\n");
00742 return 0;
00743 }
00744
00745 if (gethostname(ourhost, sizeof(ourhost) - 1)) {
00746 ast_log(LOG_WARNING, "Unable to get hostname\n");
00747 } else {
00748 if (resolve_first(ourip, ourhost, PARSE_PORT_FORBID, family) == 0) {
00749 return 0;
00750 }
00751 }
00752 ast_debug(3, "Trying to check A.ROOT-SERVERS.NET and get our IP address for that connection\n");
00753
00754 if (!resolve_first(&root, "A.ROOT-SERVERS.NET", PARSE_PORT_FORBID, 0) &&
00755 !ast_ouraddrfor(&root, ourip)) {
00756 return 0;
00757 }
00758 return get_local_address(ourip);
00759 }
00760