00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030 #include "asterisk.h"
00031
00032 ASTERISK_FILE_VERSION(__FILE__, "$Revision: 369001 $")
00033
00034 #include "asterisk/network.h"
00035
00036 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__Darwin__)
00037 #include <fcntl.h>
00038 #include <net/route.h>
00039 #endif
00040
00041 #if defined(SOLARIS)
00042 #include <sys/sockio.h>
00043 #include <net/if.h>
00044 #elif defined(HAVE_GETIFADDRS)
00045 #include <ifaddrs.h>
00046 #endif
00047
00048 #include "asterisk/acl.h"
00049 #include "asterisk/channel.h"
00050 #include "asterisk/utils.h"
00051 #include "asterisk/lock.h"
00052 #include "asterisk/srv.h"
00053
00054 #if (!defined(SOLARIS) && !defined(HAVE_GETIFADDRS))
00055 static int get_local_address(struct ast_sockaddr *ourip)
00056 {
00057 return -1;
00058 }
00059 #else
00060 static void score_address(const struct sockaddr_in *sin, struct in_addr *best_addr, int *best_score)
00061 {
00062 const char *address;
00063 int score;
00064
00065 address = ast_inet_ntoa(sin->sin_addr);
00066
00067
00068 if (address[0] == '0') {
00069 score = -25;
00070
00071 } else if (strncmp(address, "127", 3) == 0) {
00072 score = -20;
00073
00074 } else if (strncmp(address, "10.", 3) == 0) {
00075 score = -5;
00076
00077 } else if (strncmp(address, "172", 3) == 0) {
00078
00079 if (address[4] == '1' && address[5] >= '6' && address[6] == '.') {
00080 score = -5;
00081
00082 } else if (address[4] == '2' && address[6] == '.') {
00083 score = -5;
00084
00085 } else if (address[4] == '3' && (address[5] == '0' || address[5] == '1')) {
00086 score = -5;
00087
00088 } else {
00089 score = 0;
00090 }
00091
00092 } else if (strncmp(address, "198.1", 5) == 0 && address[5] >= '8' && address[6] == '.') {
00093 score = -10;
00094
00095 } else if (strncmp(address, "192.168", 7) == 0) {
00096 score = -5;
00097
00098 } else if (strncmp(address, "169.254", 7) == 0) {
00099
00100
00101
00102
00103
00104 score = -10;
00105
00106 } else if (strncmp(address, "192.0.2.", 8) == 0) {
00107 score = -15;
00108
00109 } else {
00110 score = 0;
00111 }
00112
00113 if (score > *best_score) {
00114 *best_score = score;
00115 memcpy(best_addr, &sin->sin_addr, sizeof(*best_addr));
00116 }
00117 }
00118
00119 static int get_local_address(struct ast_sockaddr *ourip)
00120 {
00121 int s, res = -1;
00122 #ifdef SOLARIS
00123 struct lifreq *ifr = NULL;
00124 struct lifnum ifn;
00125 struct lifconf ifc;
00126 struct sockaddr_in *sa;
00127 char *buf = NULL;
00128 int bufsz, x;
00129 #endif
00130 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__)
00131 struct ifaddrs *ifap, *ifaphead;
00132 int rtnerr;
00133 const struct sockaddr_in *sin;
00134 #endif
00135 struct in_addr best_addr;
00136 int best_score = -100;
00137 memset(&best_addr, 0, sizeof(best_addr));
00138
00139 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__)
00140 rtnerr = getifaddrs(&ifaphead);
00141 if (rtnerr) {
00142 perror(NULL);
00143 return -1;
00144 }
00145 #endif
00146
00147 s = socket(AF_INET, SOCK_STREAM, 0);
00148
00149 if (s > 0) {
00150 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__)
00151 for (ifap = ifaphead; ifap; ifap = ifap->ifa_next) {
00152
00153 if (ifap->ifa_addr && ifap->ifa_addr->sa_family == AF_INET) {
00154 sin = (const struct sockaddr_in *) ifap->ifa_addr;
00155 score_address(sin, &best_addr, &best_score);
00156 res = 0;
00157
00158 if (best_score == 0) {
00159 break;
00160 }
00161 }
00162 }
00163 #endif
00164
00165
00166 #ifdef SOLARIS
00167
00168 ifn.lifn_family = AF_INET;
00169 ifn.lifn_flags = 0;
00170 ifn.lifn_count = 0;
00171 if (ioctl(s, SIOCGLIFNUM, &ifn) < 0) {
00172 close(s);
00173 return -1;
00174 }
00175
00176 bufsz = ifn.lifn_count * sizeof(struct lifreq);
00177 if (!(buf = malloc(bufsz))) {
00178 close(s);
00179 return -1;
00180 }
00181 memset(buf, 0, bufsz);
00182
00183
00184 ifc.lifc_len = bufsz;
00185 ifc.lifc_buf = buf;
00186 ifc.lifc_family = AF_INET;
00187 ifc.lifc_flags = 0;
00188 if (ioctl(s, SIOCGLIFCONF, &ifc) < 0) {
00189 close(s);
00190 free(buf);
00191 return -1;
00192 }
00193
00194 for (ifr = ifc.lifc_req, x = 0; x < ifn.lifn_count; ifr++, x++) {
00195 sa = (struct sockaddr_in *)&(ifr->lifr_addr);
00196 score_address(sa, &best_addr, &best_score);
00197 res = 0;
00198
00199 if (best_score == 0) {
00200 break;
00201 }
00202 }
00203
00204 free(buf);
00205 #endif
00206
00207 close(s);
00208 }
00209 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__)
00210 freeifaddrs(ifaphead);
00211 #endif
00212
00213 if (res == 0 && ourip) {
00214 ast_sockaddr_setnull(ourip);
00215 ourip->ss.ss_family = AF_INET;
00216 ((struct sockaddr_in *)&ourip->ss)->sin_addr = best_addr;
00217 }
00218 return res;
00219 }
00220 #endif
00221
00222
00223 void ast_free_ha(struct ast_ha *ha)
00224 {
00225 struct ast_ha *hal;
00226 while (ha) {
00227 hal = ha;
00228 ha = ha->next;
00229 ast_free(hal);
00230 }
00231 }
00232
00233
00234 void ast_copy_ha(const struct ast_ha *from, struct ast_ha *to)
00235 {
00236 ast_sockaddr_copy(&to->addr, &from->addr);
00237 ast_sockaddr_copy(&to->netmask, &from->netmask);
00238 to->sense = from->sense;
00239 }
00240
00241
00242 static struct ast_ha *ast_duplicate_ha(struct ast_ha *original)
00243 {
00244 struct ast_ha *new_ha;
00245
00246 if ((new_ha = ast_calloc(1, sizeof(*new_ha)))) {
00247
00248 ast_copy_ha(original, new_ha);
00249 }
00250
00251 return new_ha;
00252 }
00253
00254
00255
00256 struct ast_ha *ast_duplicate_ha_list(struct ast_ha *original)
00257 {
00258 struct ast_ha *start = original;
00259 struct ast_ha *ret = NULL;
00260 struct ast_ha *current, *prev = NULL;
00261
00262 while (start) {
00263 current = ast_duplicate_ha(start);
00264 if (prev) {
00265 prev->next = current;
00266 }
00267
00268 if (!ret) {
00269 ret = current;
00270 }
00271
00272 start = start->next;
00273 prev = current;
00274 }
00275 return ret;
00276 }
00277
00278
00279
00280
00281
00282
00283
00284
00285
00286
00287
00288 #define V6_WORD(sin6, index) ((uint32_t *)&((sin6)->sin6_addr))[(index)]
00289
00290
00291
00292
00293
00294
00295
00296
00297
00298
00299
00300
00301
00302
00303
00304 static int apply_netmask(const struct ast_sockaddr *addr, const struct ast_sockaddr *netmask,
00305 struct ast_sockaddr *result)
00306 {
00307 int res = 0;
00308
00309 if (ast_sockaddr_is_ipv4(addr)) {
00310 struct sockaddr_in result4 = { 0, };
00311 struct sockaddr_in *addr4 = (struct sockaddr_in *) &addr->ss;
00312 struct sockaddr_in *mask4 = (struct sockaddr_in *) &netmask->ss;
00313 result4.sin_family = AF_INET;
00314 result4.sin_addr.s_addr = addr4->sin_addr.s_addr & mask4->sin_addr.s_addr;
00315 ast_sockaddr_from_sin(result, &result4);
00316 } else if (ast_sockaddr_is_ipv6(addr)) {
00317 struct sockaddr_in6 result6 = { 0, };
00318 struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) &addr->ss;
00319 struct sockaddr_in6 *mask6 = (struct sockaddr_in6 *) &netmask->ss;
00320 int i;
00321 result6.sin6_family = AF_INET6;
00322 for (i = 0; i < 4; ++i) {
00323 V6_WORD(&result6, i) = V6_WORD(addr6, i) & V6_WORD(mask6, i);
00324 }
00325 memcpy(&result->ss, &result6, sizeof(result6));
00326 result->len = sizeof(result6);
00327 } else {
00328
00329 res = -1;
00330 }
00331
00332 return res;
00333 }
00334
00335
00336
00337
00338
00339
00340
00341
00342
00343
00344
00345
00346
00347
00348
00349
00350
00351 static int parse_cidr_mask(struct ast_sockaddr *addr, int is_v4, const char *mask_str)
00352 {
00353 int mask;
00354
00355 if (sscanf(mask_str, "%30d", &mask) != 1) {
00356 return -1;
00357 }
00358
00359 if (is_v4) {
00360 struct sockaddr_in sin;
00361 if (mask < 0 || mask > 32) {
00362 return -1;
00363 }
00364 memset(&sin, 0, sizeof(sin));
00365 sin.sin_family = AF_INET;
00366
00367
00368
00369
00370 if (mask != 0) {
00371 sin.sin_addr.s_addr = htonl(0xFFFFFFFF << (32 - mask));
00372 }
00373 ast_sockaddr_from_sin(addr, &sin);
00374 } else {
00375 struct sockaddr_in6 sin6;
00376 int i;
00377 if (mask < 0 || mask > 128) {
00378 return -1;
00379 }
00380 memset(&sin6, 0, sizeof(sin6));
00381 sin6.sin6_family = AF_INET6;
00382 for (i = 0; i < 4; ++i) {
00383
00384
00385
00386
00387 if (mask > 0) {
00388 V6_WORD(&sin6, i) = htonl(0xFFFFFFFF << (mask < 32 ? (32 - mask) : 0));
00389 mask -= mask < 32 ? mask : 32;
00390 }
00391 }
00392 memcpy(&addr->ss, &sin6, sizeof(sin6));
00393 addr->len = sizeof(sin6);
00394 }
00395
00396 return 0;
00397 }
00398
00399 struct ast_ha *ast_append_ha(const char *sense, const char *stuff, struct ast_ha *path, int *error)
00400 {
00401 struct ast_ha *ha;
00402 struct ast_ha *prev = NULL;
00403 struct ast_ha *ret;
00404 char *tmp = ast_strdupa(stuff);
00405 char *address = NULL, *mask = NULL;
00406 int addr_is_v4;
00407
00408 ret = path;
00409 while (path) {
00410 prev = path;
00411 path = path->next;
00412 }
00413
00414 if (!(ha = ast_calloc(1, sizeof(*ha)))) {
00415 if (error) {
00416 *error = 1;
00417 }
00418 return ret;
00419 }
00420
00421 address = strsep(&tmp, "/");
00422 if (!address) {
00423 address = tmp;
00424 } else {
00425 mask = tmp;
00426 }
00427
00428 if (!ast_sockaddr_parse(&ha->addr, address, PARSE_PORT_FORBID)) {
00429 ast_log(LOG_WARNING, "Invalid IP address: %s\n", address);
00430 ast_free_ha(ha);
00431 if (error) {
00432 *error = 1;
00433 }
00434 return ret;
00435 }
00436
00437
00438
00439
00440 if (ast_sockaddr_ipv4_mapped(&ha->addr, &ha->addr)) {
00441 ast_log(LOG_NOTICE, "IPv4-mapped ACL network address specified. "
00442 "Converting to an IPv4 ACL network address.\n");
00443 }
00444
00445 addr_is_v4 = ast_sockaddr_is_ipv4(&ha->addr);
00446
00447 if (!mask) {
00448 parse_cidr_mask(&ha->netmask, addr_is_v4, addr_is_v4 ? "32" : "128");
00449 } else if (strchr(mask, ':') || strchr(mask, '.')) {
00450 int mask_is_v4;
00451
00452 if (!ast_sockaddr_parse(&ha->netmask, mask, PARSE_PORT_FORBID)) {
00453 ast_log(LOG_WARNING, "Invalid netmask: %s\n", mask);
00454 ast_free_ha(ha);
00455 if (error) {
00456 *error = 1;
00457 }
00458 return ret;
00459 }
00460
00461
00462
00463 if (ast_sockaddr_ipv4_mapped(&ha->netmask, &ha->netmask)) {
00464 ast_log(LOG_NOTICE, "IPv4-mapped ACL netmask specified. "
00465 "Converting to an IPv4 ACL netmask.\n");
00466 }
00467 mask_is_v4 = ast_sockaddr_is_ipv4(&ha->netmask);
00468 if (addr_is_v4 ^ mask_is_v4) {
00469 ast_log(LOG_WARNING, "Address and mask are not using same address scheme.\n");
00470 ast_free_ha(ha);
00471 if (error) {
00472 *error = 1;
00473 }
00474 return ret;
00475 }
00476 } else if (parse_cidr_mask(&ha->netmask, addr_is_v4, mask)) {
00477 ast_log(LOG_WARNING, "Invalid CIDR netmask: %s\n", mask);
00478 ast_free_ha(ha);
00479 if (error) {
00480 *error = 1;
00481 }
00482 return ret;
00483 }
00484
00485 if (apply_netmask(&ha->addr, &ha->netmask, &ha->addr)) {
00486
00487
00488
00489 char *failmask = ast_strdupa(ast_sockaddr_stringify(&ha->netmask));
00490 char *failaddr = ast_strdupa(ast_sockaddr_stringify(&ha->addr));
00491 ast_log(LOG_WARNING, "Unable to apply netmask %s to address %s\n", failmask, failaddr);
00492 ast_free_ha(ha);
00493 if (error) {
00494 *error = 1;
00495 }
00496 return ret;
00497 }
00498
00499 ha->sense = strncasecmp(sense, "p", 1) ? AST_SENSE_DENY : AST_SENSE_ALLOW;
00500
00501 ha->next = NULL;
00502 if (prev) {
00503 prev->next = ha;
00504 } else {
00505 ret = ha;
00506 }
00507
00508 {
00509 const char *addr = ast_strdupa(ast_sockaddr_stringify(&ha->addr));
00510 const char *mask = ast_strdupa(ast_sockaddr_stringify(&ha->netmask));
00511
00512 ast_debug(1, "%s/%s sense %d appended to acl for peer\n", addr, mask, ha->sense);
00513 }
00514
00515 return ret;
00516 }
00517
00518 int ast_apply_ha(const struct ast_ha *ha, const struct ast_sockaddr *addr)
00519 {
00520
00521 int res = AST_SENSE_ALLOW;
00522 const struct ast_ha *current_ha;
00523
00524 for (current_ha = ha; current_ha; current_ha = current_ha->next) {
00525 struct ast_sockaddr result;
00526 struct ast_sockaddr mapped_addr;
00527 const struct ast_sockaddr *addr_to_use;
00528 #if 0
00529 char iabuf[INET_ADDRSTRLEN];
00530 char iabuf2[INET_ADDRSTRLEN];
00531
00532 ast_copy_string(iabuf, ast_inet_ntoa(sin->sin_addr), sizeof(iabuf));
00533 ast_copy_string(iabuf2, ast_inet_ntoa(ha->netaddr), sizeof(iabuf2));
00534 ast_debug(1, "##### Testing %s with %s\n", iabuf, iabuf2);
00535 #endif
00536 if (ast_sockaddr_is_ipv4(&ha->addr)) {
00537 if (ast_sockaddr_is_ipv6(addr)) {
00538 if (ast_sockaddr_is_ipv4_mapped(addr)) {
00539
00540 if (!ast_sockaddr_ipv4_mapped(addr, &mapped_addr)) {
00541 ast_log(LOG_ERROR, "%s provided to ast_sockaddr_ipv4_mapped could not be converted. That shouldn't be possible.\n",
00542 ast_sockaddr_stringify(addr));
00543 continue;
00544 }
00545 addr_to_use = &mapped_addr;
00546 } else {
00547
00548 continue;
00549 }
00550 } else {
00551
00552 addr_to_use = addr;
00553 }
00554 } else {
00555 if (ast_sockaddr_is_ipv6(addr) && !ast_sockaddr_is_ipv4_mapped(addr)) {
00556 addr_to_use = addr;
00557 } else {
00558
00559 continue;
00560 }
00561 }
00562
00563
00564
00565 if (apply_netmask(addr_to_use, ¤t_ha->netmask, &result)) {
00566
00567 continue;
00568 }
00569 if (!ast_sockaddr_cmp_addr(&result, ¤t_ha->addr)) {
00570 res = current_ha->sense;
00571 }
00572 }
00573 return res;
00574 }
00575
00576 static int resolve_first(struct ast_sockaddr *addr, const char *name, int flag,
00577 int family)
00578 {
00579 struct ast_sockaddr *addrs;
00580 int addrs_cnt;
00581
00582 addrs_cnt = ast_sockaddr_resolve(&addrs, name, flag, family);
00583 if (addrs_cnt > 0) {
00584 if (addrs_cnt > 1) {
00585 ast_debug(1, "Multiple addresses. Using the first only\n");
00586 }
00587 ast_sockaddr_copy(addr, &addrs[0]);
00588 ast_free(addrs);
00589 } else {
00590 ast_log(LOG_WARNING, "Unable to lookup '%s'\n", name);
00591 return -1;
00592 }
00593
00594 return 0;
00595 }
00596
00597 int ast_get_ip_or_srv(struct ast_sockaddr *addr, const char *hostname, const char *service)
00598 {
00599 char srv[256];
00600 char host[256];
00601 int srv_ret = 0;
00602 int tportno;
00603
00604 if (service) {
00605 snprintf(srv, sizeof(srv), "%s.%s", service, hostname);
00606 if ((srv_ret = ast_get_srv(NULL, host, sizeof(host), &tportno, srv)) > 0) {
00607 hostname = host;
00608 }
00609 }
00610
00611 if (resolve_first(addr, hostname, PARSE_PORT_FORBID, addr->ss.ss_family) != 0) {
00612 return -1;
00613 }
00614
00615 if (srv_ret > 0) {
00616 ast_sockaddr_set_port(addr, tportno);
00617 }
00618
00619 return 0;
00620 }
00621
00622 struct dscp_codepoint {
00623 char *name;
00624 unsigned int space;
00625 };
00626
00627
00628
00629 static const struct dscp_codepoint dscp_pool1[] = {
00630 { "CS0", 0x00 },
00631 { "CS1", 0x08 },
00632 { "CS2", 0x10 },
00633 { "CS3", 0x18 },
00634 { "CS4", 0x20 },
00635 { "CS5", 0x28 },
00636 { "CS6", 0x30 },
00637 { "CS7", 0x38 },
00638 { "AF11", 0x0A },
00639 { "AF12", 0x0C },
00640 { "AF13", 0x0E },
00641 { "AF21", 0x12 },
00642 { "AF22", 0x14 },
00643 { "AF23", 0x16 },
00644 { "AF31", 0x1A },
00645 { "AF32", 0x1C },
00646 { "AF33", 0x1E },
00647 { "AF41", 0x22 },
00648 { "AF42", 0x24 },
00649 { "AF43", 0x26 },
00650 { "EF", 0x2E },
00651 };
00652
00653 int ast_str2cos(const char *value, unsigned int *cos)
00654 {
00655 int fval;
00656
00657 if (sscanf(value, "%30d", &fval) == 1) {
00658 if (fval < 8) {
00659 *cos = fval;
00660 return 0;
00661 }
00662 }
00663
00664 return -1;
00665 }
00666
00667 int ast_str2tos(const char *value, unsigned int *tos)
00668 {
00669 int fval;
00670 unsigned int x;
00671
00672 if (sscanf(value, "%30i", &fval) == 1) {
00673 *tos = fval & 0xFF;
00674 return 0;
00675 }
00676
00677 for (x = 0; x < ARRAY_LEN(dscp_pool1); x++) {
00678 if (!strcasecmp(value, dscp_pool1[x].name)) {
00679 *tos = dscp_pool1[x].space << 2;
00680 return 0;
00681 }
00682 }
00683
00684 return -1;
00685 }
00686
00687 const char *ast_tos2str(unsigned int tos)
00688 {
00689 unsigned int x;
00690
00691 for (x = 0; x < ARRAY_LEN(dscp_pool1); x++) {
00692 if (dscp_pool1[x].space == (tos >> 2)) {
00693 return dscp_pool1[x].name;
00694 }
00695 }
00696
00697 return "unknown";
00698 }
00699
00700 int ast_get_ip(struct ast_sockaddr *addr, const char *hostname)
00701 {
00702 return ast_get_ip_or_srv(addr, hostname, NULL);
00703 }
00704
00705 int ast_ouraddrfor(const struct ast_sockaddr *them, struct ast_sockaddr *us)
00706 {
00707 int port;
00708 int s;
00709
00710 port = ast_sockaddr_port(us);
00711
00712 if ((s = socket(ast_sockaddr_is_ipv6(them) ? AF_INET6 : AF_INET,
00713 SOCK_DGRAM, 0)) < 0) {
00714 ast_log(LOG_ERROR, "Cannot create socket\n");
00715 return -1;
00716 }
00717
00718 if (ast_connect(s, them)) {
00719 ast_log(LOG_WARNING, "Cannot connect\n");
00720 close(s);
00721 return -1;
00722 }
00723 if (ast_getsockname(s, us)) {
00724
00725 ast_log(LOG_WARNING, "Cannot get socket name\n");
00726 close(s);
00727 return -1;
00728 }
00729 close(s);
00730
00731 {
00732 const char *them_addr = ast_strdupa(ast_sockaddr_stringify_addr(them));
00733 const char *us_addr = ast_strdupa(ast_sockaddr_stringify_addr(us));
00734
00735 ast_debug(3, "For destination '%s', our source address is '%s'.\n",
00736 them_addr, us_addr);
00737 }
00738
00739 ast_sockaddr_set_port(us, port);
00740
00741 return 0;
00742 }
00743
00744 int ast_find_ourip(struct ast_sockaddr *ourip, const struct ast_sockaddr *bindaddr, int family)
00745 {
00746 char ourhost[MAXHOSTNAMELEN] = "";
00747 struct ast_sockaddr root;
00748 int res, port = ast_sockaddr_port(ourip);
00749
00750
00751 if (!ast_sockaddr_is_any(bindaddr)) {
00752 ast_sockaddr_copy(ourip, bindaddr);
00753 ast_debug(3, "Attached to given IP address\n");
00754 return 0;
00755 }
00756
00757 if (gethostname(ourhost, sizeof(ourhost) - 1)) {
00758 ast_log(LOG_WARNING, "Unable to get hostname\n");
00759 } else {
00760 if (resolve_first(ourip, ourhost, PARSE_PORT_FORBID, family) == 0) {
00761
00762 ast_sockaddr_set_port(ourip, port);
00763 return 0;
00764 }
00765 }
00766 ast_debug(3, "Trying to check A.ROOT-SERVERS.NET and get our IP address for that connection\n");
00767
00768 if (!resolve_first(&root, "A.ROOT-SERVERS.NET", PARSE_PORT_FORBID, 0) &&
00769 !ast_ouraddrfor(&root, ourip)) {
00770
00771 ast_sockaddr_set_port(ourip, port);
00772 return 0;
00773 }
00774 res = get_local_address(ourip);
00775 ast_sockaddr_set_port(ourip, port);
00776 return res;
00777 }
00778