Various sorts of access control. More...
#include "asterisk.h"
#include "asterisk/network.h"
#include <ifaddrs.h>
#include "asterisk/acl.h"
#include "asterisk/channel.h"
#include "asterisk/utils.h"
#include "asterisk/lock.h"
#include "asterisk/srv.h"
Go to the source code of this file.
Data Structures | |
struct | dscp_codepoint |
Defines | |
#define | V6_WORD(sin6, index) ((uint32_t *)&((sin6)->sin6_addr))[(index)] |
Isolate a 32-bit section of an IPv6 address. | |
Functions | |
static int | apply_netmask (const struct ast_sockaddr *addr, const struct ast_sockaddr *netmask, struct ast_sockaddr *result) |
Apply a netmask to an address and store the result in a separate structure. | |
struct ast_ha * | ast_append_ha (const char *sense, const char *stuff, struct ast_ha *path, int *error) |
Add a new rule to a list of HAs. | |
int | ast_apply_ha (const struct ast_ha *ha, const struct ast_sockaddr *addr) |
Apply a set of rules to a given IP address. | |
void | ast_copy_ha (const struct ast_ha *from, struct ast_ha *to) |
Copy the contents of one HA to another. | |
static struct ast_ha * | ast_duplicate_ha (struct ast_ha *original) |
struct ast_ha * | ast_duplicate_ha_list (struct ast_ha *original) |
Duplicate the contents of a list of host access rules. | |
int | ast_find_ourip (struct ast_sockaddr *ourip, const struct ast_sockaddr *bindaddr, int family) |
Find our IP address. | |
void | ast_free_ha (struct ast_ha *ha) |
Free a list of HAs. | |
int | ast_get_ip (struct ast_sockaddr *addr, const char *hostname) |
Get the IP address given a hostname. | |
int | ast_get_ip_or_srv (struct ast_sockaddr *addr, const char *hostname, const char *service) |
Get the IP address given a hostname and optional service. | |
int | ast_ouraddrfor (const struct ast_sockaddr *them, struct ast_sockaddr *us) |
Get our local IP address when contacting a remote host. | |
int | ast_str2cos (const char *value, unsigned int *cos) |
Convert a string to the appropriate COS value. | |
int | ast_str2tos (const char *value, unsigned int *tos) |
Convert a string to the appropriate TOS value. | |
const char * | ast_tos2str (unsigned int tos) |
Convert a TOS value into its string representation. | |
static int | get_local_address (struct ast_sockaddr *ourip) |
static int | parse_cidr_mask (struct ast_sockaddr *addr, int is_v4, const char *mask_str) |
Parse a netmask in CIDR notation. | |
static int | resolve_first (struct ast_sockaddr *addr, const char *name, int flag, int family) |
static void | score_address (const struct sockaddr_in *sin, struct in_addr *best_addr, int *best_score) |
Variables | |
static struct dscp_codepoint | dscp_pool1 [] |
Various sorts of access control.
Definition in file acl.c.
#define V6_WORD | ( | sin6, | |||
index | ) | ((uint32_t *)&((sin6)->sin6_addr))[(index)] |
Isolate a 32-bit section of an IPv6 address.
An IPv6 address can be divided into 4 32-bit chunks. This gives easy access to one of these chunks.
sin6 | A pointer to a struct sockaddr_in6 | |
index | Which 32-bit chunk to operate on. Must be in the range 0-3. |
Definition at line 288 of file acl.c.
Referenced by apply_netmask(), and parse_cidr_mask().
static int apply_netmask | ( | const struct ast_sockaddr * | addr, | |
const struct ast_sockaddr * | netmask, | |||
struct ast_sockaddr * | result | |||
) | [static] |
Apply a netmask to an address and store the result in a separate structure.
When dealing with IPv6 addresses, one cannot apply a netmask with a simple logical and operation. Furthermore, the incoming address may be an IPv4 address and need to be mapped properly before attempting to apply a rule.
addr | The IP address to apply the mask to. | |
netmask | The netmask configured in the host access rule. | |
result | The resultant address after applying the netmask to the given address |
0 | Successfully applied netmask -1 Failed to apply netmask |
Definition at line 304 of file acl.c.
References ast_sockaddr_from_sin, ast_sockaddr_is_ipv4(), ast_sockaddr_is_ipv6(), ast_sockaddr::len, ast_sockaddr::ss, and V6_WORD.
Referenced by ast_append_ha(), and ast_apply_ha().
00306 { 00307 int res = 0; 00308 00309 if (ast_sockaddr_is_ipv4(addr)) { 00310 struct sockaddr_in result4 = { 0, }; 00311 struct sockaddr_in *addr4 = (struct sockaddr_in *) &addr->ss; 00312 struct sockaddr_in *mask4 = (struct sockaddr_in *) &netmask->ss; 00313 result4.sin_family = AF_INET; 00314 result4.sin_addr.s_addr = addr4->sin_addr.s_addr & mask4->sin_addr.s_addr; 00315 ast_sockaddr_from_sin(result, &result4); 00316 } else if (ast_sockaddr_is_ipv6(addr)) { 00317 struct sockaddr_in6 result6 = { 0, }; 00318 struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) &addr->ss; 00319 struct sockaddr_in6 *mask6 = (struct sockaddr_in6 *) &netmask->ss; 00320 int i; 00321 result6.sin6_family = AF_INET6; 00322 for (i = 0; i < 4; ++i) { 00323 V6_WORD(&result6, i) = V6_WORD(addr6, i) & V6_WORD(mask6, i); 00324 } 00325 memcpy(&result->ss, &result6, sizeof(result6)); 00326 result->len = sizeof(result6); 00327 } else { 00328 /* Unsupported address scheme */ 00329 res = -1; 00330 } 00331 00332 return res; 00333 }
struct ast_ha* ast_append_ha | ( | const char * | sense, | |
const char * | stuff, | |||
struct ast_ha * | path, | |||
int * | error | |||
) | [read] |
Add a new rule to a list of HAs.
This adds the new host access rule to the end of the list whose head is specified by the path parameter. Rules are evaluated in a way such that if multiple rules apply to a single IP address/subnet mask, then the rule latest in the list will be used.
sense | Either "permit" or "deny" (Actually any 'p' word will result in permission, and any other word will result in denial) | |
stuff | The IP address and subnet mask, separated with a '/'. The subnet mask can either be in dotted-decimal format or in CIDR notation (i.e. 0-32). | |
path | The head of the HA list to which we wish to append our new rule. If NULL is passed, then the new rule will become the head of the list | |
[out] | error | The integer error points to will be set non-zero if an error occurs |
Definition at line 399 of file acl.c.
References ast_ha::addr, apply_netmask(), ast_calloc, ast_debug, ast_free_ha(), ast_log(), AST_SENSE_ALLOW, AST_SENSE_DENY, ast_sockaddr_ipv4_mapped(), ast_sockaddr_is_ipv4(), ast_sockaddr_parse(), ast_sockaddr_stringify(), ast_strdupa, LOG_NOTICE, LOG_WARNING, ast_ha::netmask, ast_ha::next, parse_cidr_mask(), PARSE_PORT_FORBID, and ast_ha::sense.
Referenced by __init_manager(), add_calltoken_ignore(), build_callno_limits(), build_device(), build_gateway(), build_peer(), build_user(), config_parse_variables(), and reload_config().
00400 { 00401 struct ast_ha *ha; 00402 struct ast_ha *prev = NULL; 00403 struct ast_ha *ret; 00404 char *tmp = ast_strdupa(stuff); 00405 char *address = NULL, *mask = NULL; 00406 int addr_is_v4; 00407 00408 ret = path; 00409 while (path) { 00410 prev = path; 00411 path = path->next; 00412 } 00413 00414 if (!(ha = ast_calloc(1, sizeof(*ha)))) { 00415 if (error) { 00416 *error = 1; 00417 } 00418 return ret; 00419 } 00420 00421 address = strsep(&tmp, "/"); 00422 if (!address) { 00423 address = tmp; 00424 } else { 00425 mask = tmp; 00426 } 00427 00428 if (!ast_sockaddr_parse(&ha->addr, address, PARSE_PORT_FORBID)) { 00429 ast_log(LOG_WARNING, "Invalid IP address: %s\n", address); 00430 ast_free_ha(ha); 00431 if (error) { 00432 *error = 1; 00433 } 00434 return ret; 00435 } 00436 00437 /* If someone specifies an IPv4-mapped IPv6 address, 00438 * we just convert this to an IPv4 ACL 00439 */ 00440 if (ast_sockaddr_ipv4_mapped(&ha->addr, &ha->addr)) { 00441 ast_log(LOG_NOTICE, "IPv4-mapped ACL network address specified. " 00442 "Converting to an IPv4 ACL network address.\n"); 00443 } 00444 00445 addr_is_v4 = ast_sockaddr_is_ipv4(&ha->addr); 00446 00447 if (!mask) { 00448 parse_cidr_mask(&ha->netmask, addr_is_v4, addr_is_v4 ? "32" : "128"); 00449 } else if (strchr(mask, ':') || strchr(mask, '.')) { 00450 int mask_is_v4; 00451 /* Mask is of x.x.x.x or x:x:x:x:x:x:x:x variety */ 00452 if (!ast_sockaddr_parse(&ha->netmask, mask, PARSE_PORT_FORBID)) { 00453 ast_log(LOG_WARNING, "Invalid netmask: %s\n", mask); 00454 ast_free_ha(ha); 00455 if (error) { 00456 *error = 1; 00457 } 00458 return ret; 00459 } 00460 /* If someone specifies an IPv4-mapped IPv6 netmask, 00461 * we just convert this to an IPv4 ACL 00462 */ 00463 if (ast_sockaddr_ipv4_mapped(&ha->netmask, &ha->netmask)) { 00464 ast_log(LOG_NOTICE, "IPv4-mapped ACL netmask specified. " 00465 "Converting to an IPv4 ACL netmask.\n"); 00466 } 00467 mask_is_v4 = ast_sockaddr_is_ipv4(&ha->netmask); 00468 if (addr_is_v4 ^ mask_is_v4) { 00469 ast_log(LOG_WARNING, "Address and mask are not using same address scheme.\n"); 00470 ast_free_ha(ha); 00471 if (error) { 00472 *error = 1; 00473 } 00474 return ret; 00475 } 00476 } else if (parse_cidr_mask(&ha->netmask, addr_is_v4, mask)) { 00477 ast_log(LOG_WARNING, "Invalid CIDR netmask: %s\n", mask); 00478 ast_free_ha(ha); 00479 if (error) { 00480 *error = 1; 00481 } 00482 return ret; 00483 } 00484 00485 if (apply_netmask(&ha->addr, &ha->netmask, &ha->addr)) { 00486 /* This shouldn't happen because ast_sockaddr_parse would 00487 * have failed much earlier on an unsupported address scheme 00488 */ 00489 char *failmask = ast_strdupa(ast_sockaddr_stringify(&ha->netmask)); 00490 char *failaddr = ast_strdupa(ast_sockaddr_stringify(&ha->addr)); 00491 ast_log(LOG_WARNING, "Unable to apply netmask %s to address %s\n", failmask, failaddr); 00492 ast_free_ha(ha); 00493 if (error) { 00494 *error = 1; 00495 } 00496 return ret; 00497 } 00498 00499 ha->sense = strncasecmp(sense, "p", 1) ? AST_SENSE_DENY : AST_SENSE_ALLOW; 00500 00501 ha->next = NULL; 00502 if (prev) { 00503 prev->next = ha; 00504 } else { 00505 ret = ha; 00506 } 00507 00508 { 00509 const char *addr = ast_strdupa(ast_sockaddr_stringify(&ha->addr)); 00510 const char *mask = ast_strdupa(ast_sockaddr_stringify(&ha->netmask)); 00511 00512 ast_debug(1, "%s/%s sense %d appended to acl for peer\n", addr, mask, ha->sense); 00513 } 00514 00515 return ret; 00516 }
int ast_apply_ha | ( | const struct ast_ha * | ha, | |
const struct ast_sockaddr * | addr | |||
) |
Apply a set of rules to a given IP address.
The list of host access rules is traversed, beginning with the input rule. If the IP address given matches a rule, the "sense" of that rule is used as the return value. Note that if an IP address matches multiple rules that the last one matched will be the one whose sense will be returned.
ha | The head of the list of host access rules to follow | |
addr | An ast_sockaddr whose address is considered when matching rules |
AST_SENSE_ALLOW | The IP address passes our ACL | |
AST_SENSE_DENY | The IP address fails our ACL |
Definition at line 518 of file acl.c.
References ast_ha::addr, apply_netmask(), ast_copy_string(), ast_debug, ast_inet_ntoa(), ast_log(), AST_SENSE_ALLOW, ast_sockaddr_cmp_addr(), ast_sockaddr_ipv4_mapped(), ast_sockaddr_is_ipv4(), ast_sockaddr_is_ipv4_mapped(), ast_sockaddr_is_ipv6(), ast_sockaddr_stringify(), LOG_ERROR, ast_ha::netmask, ast_ha::next, and ast_ha::sense.
Referenced by apply_directmedia_ha(), ast_sip_ouraddrfor(), auth_http_callback(), authenticate(), check_access(), check_peer_ok(), parse_register_contact(), register_verify(), and skinny_register().
00519 { 00520 /* Start optimistic */ 00521 int res = AST_SENSE_ALLOW; 00522 const struct ast_ha *current_ha; 00523 00524 for (current_ha = ha; current_ha; current_ha = current_ha->next) { 00525 struct ast_sockaddr result; 00526 struct ast_sockaddr mapped_addr; 00527 const struct ast_sockaddr *addr_to_use; 00528 #if 0 /* debugging code */ 00529 char iabuf[INET_ADDRSTRLEN]; 00530 char iabuf2[INET_ADDRSTRLEN]; 00531 /* DEBUG */ 00532 ast_copy_string(iabuf, ast_inet_ntoa(sin->sin_addr), sizeof(iabuf)); 00533 ast_copy_string(iabuf2, ast_inet_ntoa(ha->netaddr), sizeof(iabuf2)); 00534 ast_debug(1, "##### Testing %s with %s\n", iabuf, iabuf2); 00535 #endif 00536 if (ast_sockaddr_is_ipv4(¤t_ha->addr)) { 00537 if (ast_sockaddr_is_ipv6(addr)) { 00538 if (ast_sockaddr_is_ipv4_mapped(addr)) { 00539 /* IPv4 ACLs apply to IPv4-mapped addresses */ 00540 if (!ast_sockaddr_ipv4_mapped(addr, &mapped_addr)) { 00541 ast_log(LOG_ERROR, "%s provided to ast_sockaddr_ipv4_mapped could not be converted. That shouldn't be possible.\n", 00542 ast_sockaddr_stringify(addr)); 00543 continue; 00544 } 00545 addr_to_use = &mapped_addr; 00546 } else { 00547 /* An IPv4 ACL does not apply to an IPv6 address */ 00548 continue; 00549 } 00550 } else { 00551 /* Address is IPv4 and ACL is IPv4. No biggie */ 00552 addr_to_use = addr; 00553 } 00554 } else { 00555 if (ast_sockaddr_is_ipv6(addr) && !ast_sockaddr_is_ipv4_mapped(addr)) { 00556 addr_to_use = addr; 00557 } else { 00558 /* Address is IPv4 or IPv4 mapped but ACL is IPv6. Skip */ 00559 continue; 00560 } 00561 } 00562 00563 /* For each rule, if this address and the netmask = the net address 00564 apply the current rule */ 00565 if (apply_netmask(addr_to_use, ¤t_ha->netmask, &result)) { 00566 /* Unlikely to happen since we know the address to be IPv4 or IPv6 */ 00567 continue; 00568 } 00569 if (!ast_sockaddr_cmp_addr(&result, ¤t_ha->addr)) { 00570 res = current_ha->sense; 00571 } 00572 } 00573 return res; 00574 }
Copy the contents of one HA to another.
This copies the internals of the 'from' HA to the 'to' HA. It is important that the 'to' HA has been allocated prior to calling this function
from | Source HA to copy | |
to | Destination HA to copy to |
void |
Definition at line 234 of file acl.c.
References ast_ha::addr, ast_sockaddr_copy(), ast_ha::netmask, and ast_ha::sense.
Referenced by add_calltoken_ignore(), ast_duplicate_ha(), and build_callno_limits().
00235 { 00236 ast_sockaddr_copy(&to->addr, &from->addr); 00237 ast_sockaddr_copy(&to->netmask, &from->netmask); 00238 to->sense = from->sense; 00239 }
Definition at line 242 of file acl.c.
References ast_calloc, and ast_copy_ha().
Referenced by ast_duplicate_ha_list().
00243 { 00244 struct ast_ha *new_ha; 00245 00246 if ((new_ha = ast_calloc(1, sizeof(*new_ha)))) { 00247 /* Copy from original to new object */ 00248 ast_copy_ha(original, new_ha); 00249 } 00250 00251 return new_ha; 00252 }
Duplicate the contents of a list of host access rules.
A deep copy of all ast_has in the list is made. The returned value is allocated on the heap and must be freed independently of the input parameter when finished.
original | The ast_ha to copy |
The | head of the list of duplicated ast_has |
Definition at line 256 of file acl.c.
References ast_duplicate_ha(), and ast_ha::next.
Referenced by create_addr_from_peer().
00257 { 00258 struct ast_ha *start = original; 00259 struct ast_ha *ret = NULL; 00260 struct ast_ha *current, *prev = NULL; 00261 00262 while (start) { 00263 current = ast_duplicate_ha(start); /* Create copy of this object */ 00264 if (prev) { 00265 prev->next = current; /* Link previous to this object */ 00266 } 00267 00268 if (!ret) { 00269 ret = current; /* Save starting point */ 00270 } 00271 00272 start = start->next; /* Go to next object */ 00273 prev = current; /* Save pointer to this object */ 00274 } 00275 return ret; /* Return start of list */ 00276 }
int ast_find_ourip | ( | struct ast_sockaddr * | ourip, | |
const struct ast_sockaddr * | bindaddr, | |||
int | family | |||
) |
Find our IP address.
This function goes through many iterations in an attempt to find our IP address. If any step along the way should fail, we move to the next item in the list. Here are the steps taken:
[out] | ourip | Our IP address is written here when it is found |
bindaddr | A hint used for finding our IP. See the steps above for more details | |
family | Only addresses of the given family will be returned. Use 0 or AST_SOCKADDR_UNSPEC to get addresses of all families. |
0 | Success | |
-1 | Failure |
Definition at line 744 of file acl.c.
References ast_debug, ast_log(), ast_ouraddrfor(), ast_sockaddr_copy(), ast_sockaddr_is_any(), ast_sockaddr_port, ast_sockaddr_set_port, get_local_address(), LOG_WARNING, MAXHOSTNAMELEN, ourhost, PARSE_PORT_FORBID, and resolve_first().
Referenced by __oh323_rtp_create(), gtalk_get_local_ip(), jingle_create_candidates(), load_module(), and reload_config().
00745 { 00746 char ourhost[MAXHOSTNAMELEN] = ""; 00747 struct ast_sockaddr root; 00748 int res, port = ast_sockaddr_port(ourip); 00749 00750 /* just use the bind address if it is nonzero */ 00751 if (!ast_sockaddr_is_any(bindaddr)) { 00752 ast_sockaddr_copy(ourip, bindaddr); 00753 ast_debug(3, "Attached to given IP address\n"); 00754 return 0; 00755 } 00756 /* try to use our hostname */ 00757 if (gethostname(ourhost, sizeof(ourhost) - 1)) { 00758 ast_log(LOG_WARNING, "Unable to get hostname\n"); 00759 } else { 00760 if (resolve_first(ourip, ourhost, PARSE_PORT_FORBID, family) == 0) { 00761 /* reset port since resolve_first wipes this out */ 00762 ast_sockaddr_set_port(ourip, port); 00763 return 0; 00764 } 00765 } 00766 ast_debug(3, "Trying to check A.ROOT-SERVERS.NET and get our IP address for that connection\n"); 00767 /* A.ROOT-SERVERS.NET. */ 00768 if (!resolve_first(&root, "A.ROOT-SERVERS.NET", PARSE_PORT_FORBID, 0) && 00769 !ast_ouraddrfor(&root, ourip)) { 00770 /* reset port since resolve_first wipes this out */ 00771 ast_sockaddr_set_port(ourip, port); 00772 return 0; 00773 } 00774 res = get_local_address(ourip); 00775 ast_sockaddr_set_port(ourip, port); 00776 return res; 00777 }
void ast_free_ha | ( | struct ast_ha * | ha | ) |
Free a list of HAs.
Given the head of a list of HAs, it and all appended HAs are freed
ha | The head of the list of HAs to free |
void |
Definition at line 223 of file acl.c.
References ast_free, and ast_ha::next.
Referenced by __init_manager(), __sip_destroy(), add_calltoken_ignore(), ast_append_ha(), build_callno_limits(), build_peer(), build_user(), destroy_gateway(), manager_free_user(), oh323_destroy_peer(), oh323_destroy_user(), peer_destructor(), reload_config(), sip_destroy_peer(), unload_module(), and user_destructor().
int ast_get_ip | ( | struct ast_sockaddr * | addr, | |
const char * | hostname | |||
) |
Get the IP address given a hostname.
Similar in nature to ast_gethostbyname, except that instead of getting an entire hostent structure, you instead are given only the IP address inserted into a ast_sockaddr structure.
addr | The IP address found. The address family is used as an input parameter to filter the returned addresses. If it is 0, both IPv4 and IPv6 addresses can be returned. | |
hostname | The hostname to look up |
0 | Success | |
-1 | Failure |
Definition at line 700 of file acl.c.
References ast_get_ip_or_srv().
Referenced by build_gateway(), build_peer(), build_user(), config_parse_variables(), peer_set_srcaddr(), setup_stunaddr(), and stun_monitor_request().
00701 { 00702 return ast_get_ip_or_srv(addr, hostname, NULL); 00703 }
int ast_get_ip_or_srv | ( | struct ast_sockaddr * | addr, | |
const char * | hostname, | |||
const char * | service | |||
) |
Get the IP address given a hostname and optional service.
If the service parameter is non-NULL, then an SRV lookup will be made by prepending the service to the hostname parameter, separated by a '.' For example, if hostname is "example.com" and service is "_sip._udp" then an SRV lookup will be done for "_sip._udp.example.com". If service is NULL, then this function acts exactly like a call to ast_get_ip.
addr | The IP address found. The address family is used as an input parameter to filter the returned addresses. If it is 0, both IPv4 and IPv6 addresses can be returned. | |
hostname | The hostname to look up | |
service | A specific service provided by the host. A NULL service results in an A-record lookup instead of an SRV lookup |
0 | Success | |
-1 | Failure |
Definition at line 597 of file acl.c.
References ast_get_srv(), ast_sockaddr_set_port, PARSE_PORT_FORBID, resolve_first(), and ast_sockaddr::ss.
Referenced by ast_get_ip(), create_addr(), dnsmgr_refresh(), internal_dnsmgr_lookup(), and proxy_update().
00598 { 00599 char srv[256]; 00600 char host[256]; 00601 int srv_ret = 0; 00602 int tportno; 00603 00604 if (service) { 00605 snprintf(srv, sizeof(srv), "%s.%s", service, hostname); 00606 if ((srv_ret = ast_get_srv(NULL, host, sizeof(host), &tportno, srv)) > 0) { 00607 hostname = host; 00608 } 00609 } 00610 00611 if (resolve_first(addr, hostname, PARSE_PORT_FORBID, addr->ss.ss_family) != 0) { 00612 return -1; 00613 } 00614 00615 if (srv_ret > 0) { 00616 ast_sockaddr_set_port(addr, tportno); 00617 } 00618 00619 return 0; 00620 }
int ast_ouraddrfor | ( | const struct ast_sockaddr * | them, | |
struct ast_sockaddr * | us | |||
) |
Get our local IP address when contacting a remote host.
This function will attempt to connect(2) to them over UDP using a source port of 5060. If the connect(2) call is successful, then we inspect the sockaddr_in output parameter of connect(2) to determine the IP address used to connect to them. This IP address is then copied into us.
them | The IP address to which we wish to attempt to connect | |
[out] | us | The source IP address used to connect to them |
-1 | Failure | |
0 | Success |
Definition at line 705 of file acl.c.
References ast_connect(), ast_debug, ast_getsockname(), ast_log(), ast_sockaddr_is_ipv6(), ast_sockaddr_port, ast_sockaddr_set_port, ast_sockaddr_stringify_addr(), ast_strdupa, LOG_ERROR, and LOG_WARNING.
Referenced by ast_find_ourip(), ast_sip_ouraddrfor(), build_gateway(), find_subchannel_and_lock(), gtalk_get_local_ip(), and sip_acf_channel_read().
00706 { 00707 int port; 00708 int s; 00709 00710 port = ast_sockaddr_port(us); 00711 00712 if ((s = socket(ast_sockaddr_is_ipv6(them) ? AF_INET6 : AF_INET, 00713 SOCK_DGRAM, 0)) < 0) { 00714 ast_log(LOG_ERROR, "Cannot create socket\n"); 00715 return -1; 00716 } 00717 00718 if (ast_connect(s, them)) { 00719 ast_log(LOG_WARNING, "Cannot connect\n"); 00720 close(s); 00721 return -1; 00722 } 00723 if (ast_getsockname(s, us)) { 00724 00725 ast_log(LOG_WARNING, "Cannot get socket name\n"); 00726 close(s); 00727 return -1; 00728 } 00729 close(s); 00730 00731 { 00732 const char *them_addr = ast_strdupa(ast_sockaddr_stringify_addr(them)); 00733 const char *us_addr = ast_strdupa(ast_sockaddr_stringify_addr(us)); 00734 00735 ast_debug(3, "For destination '%s', our source address is '%s'.\n", 00736 them_addr, us_addr); 00737 } 00738 00739 ast_sockaddr_set_port(us, port); 00740 00741 return 0; 00742 }
int ast_str2cos | ( | const char * | value, | |
unsigned int * | cos | |||
) |
Convert a string to the appropriate COS value.
value | The COS string to convert | |
[out] | cos | The integer representation of that COS value |
-1 | Failure | |
0 | Success |
Definition at line 653 of file acl.c.
Referenced by config_parse_variables(), reload_config(), and set_config().
int ast_str2tos | ( | const char * | value, | |
unsigned int * | tos | |||
) |
Convert a string to the appropriate TOS value.
value | The TOS string to convert | |
[out] | tos | The integer representation of that TOS value |
-1 | Failure | |
0 | Success |
Definition at line 667 of file acl.c.
References ARRAY_LEN, name, and dscp_codepoint::space.
Referenced by config_parse_variables(), iax_template_parse(), reload_config(), and set_config().
00668 { 00669 int fval; 00670 unsigned int x; 00671 00672 if (sscanf(value, "%30i", &fval) == 1) { 00673 *tos = fval & 0xFF; 00674 return 0; 00675 } 00676 00677 for (x = 0; x < ARRAY_LEN(dscp_pool1); x++) { 00678 if (!strcasecmp(value, dscp_pool1[x].name)) { 00679 *tos = dscp_pool1[x].space << 2; 00680 return 0; 00681 } 00682 } 00683 00684 return -1; 00685 }
const char* ast_tos2str | ( | unsigned int | tos | ) |
Convert a TOS value into its string representation.
tos | The TOS value to look up |
Definition at line 687 of file acl.c.
References ARRAY_LEN, dscp_codepoint::name, and dscp_codepoint::space.
Referenced by sip_show_settings().
00688 { 00689 unsigned int x; 00690 00691 for (x = 0; x < ARRAY_LEN(dscp_pool1); x++) { 00692 if (dscp_pool1[x].space == (tos >> 2)) { 00693 return dscp_pool1[x].name; 00694 } 00695 } 00696 00697 return "unknown"; 00698 }
static int get_local_address | ( | struct ast_sockaddr * | ourip | ) | [static] |
Definition at line 119 of file acl.c.
References ast_sockaddr_setnull(), free, malloc, score_address(), and ast_sockaddr::ss.
Referenced by ast_find_ourip().
00120 { 00121 int s, res = -1; 00122 #ifdef SOLARIS 00123 struct lifreq *ifr = NULL; 00124 struct lifnum ifn; 00125 struct lifconf ifc; 00126 struct sockaddr_in *sa; 00127 char *buf = NULL; 00128 int bufsz, x; 00129 #endif /* SOLARIS */ 00130 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__) 00131 struct ifaddrs *ifap, *ifaphead; 00132 int rtnerr; 00133 const struct sockaddr_in *sin; 00134 #endif /* BSD_OR_LINUX */ 00135 struct in_addr best_addr; 00136 int best_score = -100; 00137 memset(&best_addr, 0, sizeof(best_addr)); 00138 00139 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__) 00140 rtnerr = getifaddrs(&ifaphead); 00141 if (rtnerr) { 00142 perror(NULL); 00143 return -1; 00144 } 00145 #endif /* BSD_OR_LINUX */ 00146 00147 s = socket(AF_INET, SOCK_STREAM, 0); 00148 00149 if (s > 0) { 00150 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__) 00151 for (ifap = ifaphead; ifap; ifap = ifap->ifa_next) { 00152 00153 if (ifap->ifa_addr && ifap->ifa_addr->sa_family == AF_INET) { 00154 sin = (const struct sockaddr_in *) ifap->ifa_addr; 00155 score_address(sin, &best_addr, &best_score); 00156 res = 0; 00157 00158 if (best_score == 0) { 00159 break; 00160 } 00161 } 00162 } 00163 #endif /* BSD_OR_LINUX */ 00164 00165 /* There is no reason whatsoever that this shouldn't work on Linux or BSD also. */ 00166 #ifdef SOLARIS 00167 /* Get a count of interfaces on the machine */ 00168 ifn.lifn_family = AF_INET; 00169 ifn.lifn_flags = 0; 00170 ifn.lifn_count = 0; 00171 if (ioctl(s, SIOCGLIFNUM, &ifn) < 0) { 00172 close(s); 00173 return -1; 00174 } 00175 00176 bufsz = ifn.lifn_count * sizeof(struct lifreq); 00177 if (!(buf = malloc(bufsz))) { 00178 close(s); 00179 return -1; 00180 } 00181 memset(buf, 0, bufsz); 00182 00183 /* Get a list of interfaces on the machine */ 00184 ifc.lifc_len = bufsz; 00185 ifc.lifc_buf = buf; 00186 ifc.lifc_family = AF_INET; 00187 ifc.lifc_flags = 0; 00188 if (ioctl(s, SIOCGLIFCONF, &ifc) < 0) { 00189 close(s); 00190 free(buf); 00191 return -1; 00192 } 00193 00194 for (ifr = ifc.lifc_req, x = 0; x < ifn.lifn_count; ifr++, x++) { 00195 sa = (struct sockaddr_in *)&(ifr->lifr_addr); 00196 score_address(sa, &best_addr, &best_score); 00197 res = 0; 00198 00199 if (best_score == 0) { 00200 break; 00201 } 00202 } 00203 00204 free(buf); 00205 #endif /* SOLARIS */ 00206 00207 close(s); 00208 } 00209 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__) 00210 freeifaddrs(ifaphead); 00211 #endif /* BSD_OR_LINUX */ 00212 00213 if (res == 0 && ourip) { 00214 ast_sockaddr_setnull(ourip); 00215 ourip->ss.ss_family = AF_INET; 00216 ((struct sockaddr_in *)&ourip->ss)->sin_addr = best_addr; 00217 } 00218 return res; 00219 }
static int parse_cidr_mask | ( | struct ast_sockaddr * | addr, | |
int | is_v4, | |||
const char * | mask_str | |||
) | [static] |
Parse a netmask in CIDR notation.
For a mask of an IPv4 address, this should be a number between 0 and 32. For a mask of an IPv6 address, this should be a number between 0 and 128. This function creates an IPv6 ast_sockaddr from the given netmask. For masks of IPv4 addresses, this is accomplished by adding 96 to the original netmask.
[out] | addr | The ast_sockaddr produced from the CIDR netmask |
is_v4 | Tells if the address we are masking is IPv4. | |
mask_str | The CIDR mask to convert |
-1 | Failure | |
0 | Success |
Definition at line 351 of file acl.c.
References ast_sockaddr_from_sin, ast_sockaddr::len, ast_sockaddr::ss, and V6_WORD.
Referenced by ast_append_ha().
00352 { 00353 int mask; 00354 00355 if (sscanf(mask_str, "%30d", &mask) != 1) { 00356 return -1; 00357 } 00358 00359 if (is_v4) { 00360 struct sockaddr_in sin; 00361 if (mask < 0 || mask > 32) { 00362 return -1; 00363 } 00364 memset(&sin, 0, sizeof(sin)); 00365 sin.sin_family = AF_INET; 00366 /* If mask is 0, then we already have the 00367 * appropriate all 0s address in sin from 00368 * the above memset. 00369 */ 00370 if (mask != 0) { 00371 sin.sin_addr.s_addr = htonl(0xFFFFFFFF << (32 - mask)); 00372 } 00373 ast_sockaddr_from_sin(addr, &sin); 00374 } else { 00375 struct sockaddr_in6 sin6; 00376 int i; 00377 if (mask < 0 || mask > 128) { 00378 return -1; 00379 } 00380 memset(&sin6, 0, sizeof(sin6)); 00381 sin6.sin6_family = AF_INET6; 00382 for (i = 0; i < 4; ++i) { 00383 /* Once mask reaches 0, we don't have 00384 * to explicitly set anything anymore 00385 * since sin6 was zeroed out already 00386 */ 00387 if (mask > 0) { 00388 V6_WORD(&sin6, i) = htonl(0xFFFFFFFF << (mask < 32 ? (32 - mask) : 0)); 00389 mask -= mask < 32 ? mask : 32; 00390 } 00391 } 00392 memcpy(&addr->ss, &sin6, sizeof(sin6)); 00393 addr->len = sizeof(sin6); 00394 } 00395 00396 return 0; 00397 }
static int resolve_first | ( | struct ast_sockaddr * | addr, | |
const char * | name, | |||
int | flag, | |||
int | family | |||
) | [static] |
Definition at line 576 of file acl.c.
References ast_debug, ast_free, ast_log(), ast_sockaddr_copy(), ast_sockaddr_resolve(), and LOG_WARNING.
Referenced by ast_find_ourip(), and ast_get_ip_or_srv().
00578 { 00579 struct ast_sockaddr *addrs; 00580 int addrs_cnt; 00581 00582 addrs_cnt = ast_sockaddr_resolve(&addrs, name, flag, family); 00583 if (addrs_cnt > 0) { 00584 if (addrs_cnt > 1) { 00585 ast_debug(1, "Multiple addresses. Using the first only\n"); 00586 } 00587 ast_sockaddr_copy(addr, &addrs[0]); 00588 ast_free(addrs); 00589 } else { 00590 ast_log(LOG_WARNING, "Unable to lookup '%s'\n", name); 00591 return -1; 00592 } 00593 00594 return 0; 00595 }
static void score_address | ( | const struct sockaddr_in * | sin, | |
struct in_addr * | best_addr, | |||
int * | best_score | |||
) | [static] |
Definition at line 60 of file acl.c.
References ast_inet_ntoa().
Referenced by get_local_address().
00061 { 00062 const char *address; 00063 int score; 00064 00065 address = ast_inet_ntoa(sin->sin_addr); 00066 00067 /* RFC 1700 alias for the local network */ 00068 if (address[0] == '0') { 00069 score = -25; 00070 /* RFC 1700 localnet */ 00071 } else if (strncmp(address, "127", 3) == 0) { 00072 score = -20; 00073 /* RFC 1918 non-public address space */ 00074 } else if (strncmp(address, "10.", 3) == 0) { 00075 score = -5; 00076 /* RFC 1918 non-public address space */ 00077 } else if (strncmp(address, "172", 3) == 0) { 00078 /* 172.16.0.0 - 172.19.255.255, but not 172.160.0.0 - 172.169.255.255 */ 00079 if (address[4] == '1' && address[5] >= '6' && address[6] == '.') { 00080 score = -5; 00081 /* 172.20.0.0 - 172.29.255.255, but not 172.200.0.0 - 172.255.255.255 nor 172.2.0.0 - 172.2.255.255 */ 00082 } else if (address[4] == '2' && address[6] == '.') { 00083 score = -5; 00084 /* 172.30.0.0 - 172.31.255.255, but not 172.3.0.0 - 172.3.255.255 */ 00085 } else if (address[4] == '3' && (address[5] == '0' || address[5] == '1')) { 00086 score = -5; 00087 /* All other 172 addresses are public */ 00088 } else { 00089 score = 0; 00090 } 00091 /* RFC 2544 Benchmark test range (198.18.0.0 - 198.19.255.255, but not 198.180.0.0 - 198.199.255.255) */ 00092 } else if (strncmp(address, "198.1", 5) == 0 && address[5] >= '8' && address[6] == '.') { 00093 score = -10; 00094 /* RFC 1918 non-public address space */ 00095 } else if (strncmp(address, "192.168", 7) == 0) { 00096 score = -5; 00097 /* RFC 3330 Zeroconf network */ 00098 } else if (strncmp(address, "169.254", 7) == 0) { 00099 /*!\note Better score than a test network, but not quite as good as RFC 1918 00100 * address space. The reason is that some Linux distributions automatically 00101 * configure a Zeroconf address before trying DHCP, so we want to prefer a 00102 * DHCP lease to a Zeroconf address. 00103 */ 00104 score = -10; 00105 /* RFC 3330 Test network */ 00106 } else if (strncmp(address, "192.0.2.", 8) == 0) { 00107 score = -15; 00108 /* Every other address should be publically routable */ 00109 } else { 00110 score = 0; 00111 } 00112 00113 if (score > *best_score) { 00114 *best_score = score; 00115 memcpy(best_addr, &sin->sin_addr, sizeof(*best_addr)); 00116 } 00117 }
struct dscp_codepoint dscp_pool1[] [static] |