Fri Aug 17 00:17:20 2018

Asterisk developer's documentation


acl.c File Reference

Various sorts of access control. More...

#include "asterisk.h"
#include "asterisk/network.h"
#include <ifaddrs.h>
#include "asterisk/acl.h"
#include "asterisk/channel.h"
#include "asterisk/utils.h"
#include "asterisk/lock.h"
#include "asterisk/srv.h"

Go to the source code of this file.

Data Structures

struct  dscp_codepoint

Defines

#define V6_WORD(sin6, index)   ((uint32_t *)&((sin6)->sin6_addr))[(index)]
 Isolate a 32-bit section of an IPv6 address.

Functions

static int apply_netmask (const struct ast_sockaddr *addr, const struct ast_sockaddr *netmask, struct ast_sockaddr *result)
 Apply a netmask to an address and store the result in a separate structure.
struct ast_haast_append_ha (const char *sense, const char *stuff, struct ast_ha *path, int *error)
 Add a new rule to a list of HAs.
int ast_apply_ha (const struct ast_ha *ha, const struct ast_sockaddr *addr)
 Apply a set of rules to a given IP address.
void ast_copy_ha (const struct ast_ha *from, struct ast_ha *to)
 Copy the contents of one HA to another.
static struct ast_haast_duplicate_ha (struct ast_ha *original)
struct ast_haast_duplicate_ha_list (struct ast_ha *original)
 Duplicate the contents of a list of host access rules.
int ast_find_ourip (struct ast_sockaddr *ourip, const struct ast_sockaddr *bindaddr, int family)
 Find our IP address.
void ast_free_ha (struct ast_ha *ha)
 Free a list of HAs.
int ast_get_ip (struct ast_sockaddr *addr, const char *hostname)
 Get the IP address given a hostname.
int ast_get_ip_or_srv (struct ast_sockaddr *addr, const char *hostname, const char *service)
 Get the IP address given a hostname and optional service.
int ast_ouraddrfor (const struct ast_sockaddr *them, struct ast_sockaddr *us)
 Get our local IP address when contacting a remote host.
int ast_str2cos (const char *value, unsigned int *cos)
 Convert a string to the appropriate COS value.
int ast_str2tos (const char *value, unsigned int *tos)
 Convert a string to the appropriate TOS value.
const char * ast_tos2str (unsigned int tos)
 Convert a TOS value into its string representation.
static int get_local_address (struct ast_sockaddr *ourip)
static int parse_cidr_mask (struct ast_sockaddr *addr, int is_v4, const char *mask_str)
 Parse a netmask in CIDR notation.
static int resolve_first (struct ast_sockaddr *addr, const char *name, int flag, int family)
static void score_address (const struct sockaddr_in *sin, struct in_addr *best_addr, int *best_score)

Variables

static struct dscp_codepoint dscp_pool1 []

Detailed Description

Various sorts of access control.

Author:
Mark Spencer <markster@digium.com>

Definition in file acl.c.


Define Documentation

#define V6_WORD ( sin6,
index   )     ((uint32_t *)&((sin6)->sin6_addr))[(index)]

Isolate a 32-bit section of an IPv6 address.

An IPv6 address can be divided into 4 32-bit chunks. This gives easy access to one of these chunks.

Parameters:
sin6 A pointer to a struct sockaddr_in6
index Which 32-bit chunk to operate on. Must be in the range 0-3.

Definition at line 288 of file acl.c.

Referenced by apply_netmask(), and parse_cidr_mask().


Function Documentation

static int apply_netmask ( const struct ast_sockaddr addr,
const struct ast_sockaddr netmask,
struct ast_sockaddr result 
) [static]

Apply a netmask to an address and store the result in a separate structure.

When dealing with IPv6 addresses, one cannot apply a netmask with a simple logical and operation. Furthermore, the incoming address may be an IPv4 address and need to be mapped properly before attempting to apply a rule.

Parameters:
addr The IP address to apply the mask to.
netmask The netmask configured in the host access rule.
result The resultant address after applying the netmask to the given address
Return values:
0 Successfully applied netmask -1 Failed to apply netmask

Definition at line 304 of file acl.c.

References ast_sockaddr_from_sin, ast_sockaddr_is_ipv4(), ast_sockaddr_is_ipv6(), ast_sockaddr::len, ast_sockaddr::ss, and V6_WORD.

Referenced by ast_append_ha(), and ast_apply_ha().

00306 {
00307    int res = 0;
00308 
00309    if (ast_sockaddr_is_ipv4(addr)) {
00310       struct sockaddr_in result4 = { 0, };
00311       struct sockaddr_in *addr4 = (struct sockaddr_in *) &addr->ss;
00312       struct sockaddr_in *mask4 = (struct sockaddr_in *) &netmask->ss;
00313       result4.sin_family = AF_INET;
00314       result4.sin_addr.s_addr = addr4->sin_addr.s_addr & mask4->sin_addr.s_addr;
00315       ast_sockaddr_from_sin(result, &result4);
00316    } else if (ast_sockaddr_is_ipv6(addr)) {
00317       struct sockaddr_in6 result6 = { 0, };
00318       struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) &addr->ss;
00319       struct sockaddr_in6 *mask6 = (struct sockaddr_in6 *) &netmask->ss;
00320       int i;
00321       result6.sin6_family = AF_INET6;
00322       for (i = 0; i < 4; ++i) {
00323          V6_WORD(&result6, i) = V6_WORD(addr6, i) & V6_WORD(mask6, i);
00324       }
00325       memcpy(&result->ss, &result6, sizeof(result6));
00326       result->len = sizeof(result6);
00327    } else {
00328       /* Unsupported address scheme */
00329       res = -1;
00330    }
00331 
00332    return res;
00333 }

struct ast_ha* ast_append_ha ( const char *  sense,
const char *  stuff,
struct ast_ha path,
int *  error 
) [read]

Add a new rule to a list of HAs.

This adds the new host access rule to the end of the list whose head is specified by the path parameter. Rules are evaluated in a way such that if multiple rules apply to a single IP address/subnet mask, then the rule latest in the list will be used.

Parameters:
sense Either "permit" or "deny" (Actually any 'p' word will result in permission, and any other word will result in denial)
stuff The IP address and subnet mask, separated with a '/'. The subnet mask can either be in dotted-decimal format or in CIDR notation (i.e. 0-32).
path The head of the HA list to which we wish to append our new rule. If NULL is passed, then the new rule will become the head of the list
[out] error The integer error points to will be set non-zero if an error occurs
Returns:
The head of the HA list

Definition at line 399 of file acl.c.

References ast_ha::addr, apply_netmask(), ast_calloc, ast_debug, ast_free_ha(), ast_log(), AST_SENSE_ALLOW, AST_SENSE_DENY, ast_sockaddr_ipv4_mapped(), ast_sockaddr_is_ipv4(), ast_sockaddr_parse(), ast_sockaddr_stringify(), ast_strdupa, LOG_NOTICE, LOG_WARNING, ast_ha::netmask, ast_ha::next, parse_cidr_mask(), PARSE_PORT_FORBID, and ast_ha::sense.

Referenced by __init_manager(), add_calltoken_ignore(), build_callno_limits(), build_device(), build_gateway(), build_peer(), build_user(), config_parse_variables(), and reload_config().

00400 {
00401    struct ast_ha *ha;
00402    struct ast_ha *prev = NULL;
00403    struct ast_ha *ret;
00404    char *tmp = ast_strdupa(stuff);
00405    char *address = NULL, *mask = NULL;
00406    int addr_is_v4;
00407 
00408    ret = path;
00409    while (path) {
00410       prev = path;
00411       path = path->next;
00412    }
00413 
00414    if (!(ha = ast_calloc(1, sizeof(*ha)))) {
00415       if (error) {
00416          *error = 1;
00417       }
00418       return ret;
00419    }
00420 
00421    address = strsep(&tmp, "/");
00422    if (!address) {
00423       address = tmp;
00424    } else {
00425       mask = tmp;
00426    }
00427 
00428    if (!ast_sockaddr_parse(&ha->addr, address, PARSE_PORT_FORBID)) {
00429       ast_log(LOG_WARNING, "Invalid IP address: %s\n", address);
00430       ast_free_ha(ha);
00431       if (error) {
00432          *error = 1;
00433       }
00434       return ret;
00435    }
00436 
00437    /* If someone specifies an IPv4-mapped IPv6 address,
00438     * we just convert this to an IPv4 ACL
00439     */
00440    if (ast_sockaddr_ipv4_mapped(&ha->addr, &ha->addr)) {
00441       ast_log(LOG_NOTICE, "IPv4-mapped ACL network address specified. "
00442             "Converting to an IPv4 ACL network address.\n");
00443    }
00444 
00445    addr_is_v4 = ast_sockaddr_is_ipv4(&ha->addr);
00446 
00447    if (!mask) {
00448       parse_cidr_mask(&ha->netmask, addr_is_v4, addr_is_v4 ? "32" : "128");
00449    } else if (strchr(mask, ':') || strchr(mask, '.')) {
00450       int mask_is_v4;
00451       /* Mask is of x.x.x.x or x:x:x:x:x:x:x:x variety */
00452       if (!ast_sockaddr_parse(&ha->netmask, mask, PARSE_PORT_FORBID)) {
00453          ast_log(LOG_WARNING, "Invalid netmask: %s\n", mask);
00454          ast_free_ha(ha);
00455          if (error) {
00456             *error = 1;
00457          }
00458          return ret;
00459       }
00460       /* If someone specifies an IPv4-mapped IPv6 netmask,
00461        * we just convert this to an IPv4 ACL
00462        */
00463       if (ast_sockaddr_ipv4_mapped(&ha->netmask, &ha->netmask)) {
00464          ast_log(LOG_NOTICE, "IPv4-mapped ACL netmask specified. "
00465                "Converting to an IPv4 ACL netmask.\n");
00466       }
00467       mask_is_v4 = ast_sockaddr_is_ipv4(&ha->netmask);
00468       if (addr_is_v4 ^ mask_is_v4) {
00469          ast_log(LOG_WARNING, "Address and mask are not using same address scheme.\n");
00470          ast_free_ha(ha);
00471          if (error) {
00472             *error = 1;
00473          }
00474          return ret;
00475       }
00476    } else if (parse_cidr_mask(&ha->netmask, addr_is_v4, mask)) {
00477       ast_log(LOG_WARNING, "Invalid CIDR netmask: %s\n", mask);
00478       ast_free_ha(ha);
00479       if (error) {
00480          *error = 1;
00481       }
00482       return ret;
00483    }
00484 
00485    if (apply_netmask(&ha->addr, &ha->netmask, &ha->addr)) {
00486       /* This shouldn't happen because ast_sockaddr_parse would
00487        * have failed much earlier on an unsupported address scheme
00488        */
00489       char *failmask = ast_strdupa(ast_sockaddr_stringify(&ha->netmask));
00490       char *failaddr = ast_strdupa(ast_sockaddr_stringify(&ha->addr));
00491       ast_log(LOG_WARNING, "Unable to apply netmask %s to address %s\n", failmask, failaddr);
00492       ast_free_ha(ha);
00493       if (error) {
00494          *error = 1;
00495       }
00496       return ret;
00497    }
00498 
00499    ha->sense = strncasecmp(sense, "p", 1) ? AST_SENSE_DENY : AST_SENSE_ALLOW;
00500 
00501    ha->next = NULL;
00502    if (prev) {
00503       prev->next = ha;
00504    } else {
00505       ret = ha;
00506    }
00507 
00508    {
00509       const char *addr = ast_strdupa(ast_sockaddr_stringify(&ha->addr));
00510       const char *mask = ast_strdupa(ast_sockaddr_stringify(&ha->netmask));
00511 
00512       ast_debug(1, "%s/%s sense %d appended to acl for peer\n", addr, mask, ha->sense);
00513    }
00514 
00515    return ret;
00516 }

int ast_apply_ha ( const struct ast_ha ha,
const struct ast_sockaddr addr 
)

Apply a set of rules to a given IP address.

The list of host access rules is traversed, beginning with the input rule. If the IP address given matches a rule, the "sense" of that rule is used as the return value. Note that if an IP address matches multiple rules that the last one matched will be the one whose sense will be returned.

Parameters:
ha The head of the list of host access rules to follow
addr An ast_sockaddr whose address is considered when matching rules
Return values:
AST_SENSE_ALLOW The IP address passes our ACL
AST_SENSE_DENY The IP address fails our ACL

Definition at line 518 of file acl.c.

References ast_ha::addr, apply_netmask(), ast_copy_string(), ast_debug, ast_inet_ntoa(), ast_log(), AST_SENSE_ALLOW, ast_sockaddr_cmp_addr(), ast_sockaddr_ipv4_mapped(), ast_sockaddr_is_ipv4(), ast_sockaddr_is_ipv4_mapped(), ast_sockaddr_is_ipv6(), ast_sockaddr_stringify(), LOG_ERROR, ast_ha::netmask, ast_ha::next, and ast_ha::sense.

Referenced by apply_directmedia_ha(), ast_sip_ouraddrfor(), auth_http_callback(), authenticate(), check_access(), check_peer_ok(), parse_register_contact(), register_verify(), and skinny_register().

00519 {
00520    /* Start optimistic */
00521    int res = AST_SENSE_ALLOW;
00522    const struct ast_ha *current_ha;
00523 
00524    for (current_ha = ha; current_ha; current_ha = current_ha->next) {
00525       struct ast_sockaddr result;
00526       struct ast_sockaddr mapped_addr;
00527       const struct ast_sockaddr *addr_to_use;
00528 #if 0 /* debugging code */
00529       char iabuf[INET_ADDRSTRLEN];
00530       char iabuf2[INET_ADDRSTRLEN];
00531       /* DEBUG */
00532       ast_copy_string(iabuf, ast_inet_ntoa(sin->sin_addr), sizeof(iabuf));
00533       ast_copy_string(iabuf2, ast_inet_ntoa(ha->netaddr), sizeof(iabuf2));
00534       ast_debug(1, "##### Testing %s with %s\n", iabuf, iabuf2);
00535 #endif
00536       if (ast_sockaddr_is_ipv4(&current_ha->addr)) {
00537          if (ast_sockaddr_is_ipv6(addr)) {
00538             if (ast_sockaddr_is_ipv4_mapped(addr)) {
00539                /* IPv4 ACLs apply to IPv4-mapped addresses */
00540                if (!ast_sockaddr_ipv4_mapped(addr, &mapped_addr)) {
00541                   ast_log(LOG_ERROR, "%s provided to ast_sockaddr_ipv4_mapped could not be converted. That shouldn't be possible.\n",
00542                      ast_sockaddr_stringify(addr));
00543                   continue;
00544                }
00545                addr_to_use = &mapped_addr;
00546             } else {
00547                /* An IPv4 ACL does not apply to an IPv6 address */
00548                continue;
00549             }
00550          } else {
00551             /* Address is IPv4 and ACL is IPv4. No biggie */
00552             addr_to_use = addr;
00553          }
00554       } else {
00555          if (ast_sockaddr_is_ipv6(addr) && !ast_sockaddr_is_ipv4_mapped(addr)) {
00556             addr_to_use = addr;
00557          } else {
00558             /* Address is IPv4 or IPv4 mapped but ACL is IPv6. Skip */
00559             continue;
00560          }
00561       }
00562 
00563       /* For each rule, if this address and the netmask = the net address
00564          apply the current rule */
00565       if (apply_netmask(addr_to_use, &current_ha->netmask, &result)) {
00566          /* Unlikely to happen since we know the address to be IPv4 or IPv6 */
00567          continue;
00568       }
00569       if (!ast_sockaddr_cmp_addr(&result, &current_ha->addr)) {
00570          res = current_ha->sense;
00571       }
00572    }
00573    return res;
00574 }

void ast_copy_ha ( const struct ast_ha from,
struct ast_ha to 
)

Copy the contents of one HA to another.

This copies the internals of the 'from' HA to the 'to' HA. It is important that the 'to' HA has been allocated prior to calling this function

Parameters:
from Source HA to copy
to Destination HA to copy to
Return values:
void 

Definition at line 234 of file acl.c.

References ast_ha::addr, ast_sockaddr_copy(), ast_ha::netmask, and ast_ha::sense.

Referenced by add_calltoken_ignore(), ast_duplicate_ha(), and build_callno_limits().

00235 {
00236    ast_sockaddr_copy(&to->addr, &from->addr);
00237    ast_sockaddr_copy(&to->netmask, &from->netmask);
00238    to->sense = from->sense;
00239 }

static struct ast_ha* ast_duplicate_ha ( struct ast_ha original  )  [static, read]

Definition at line 242 of file acl.c.

References ast_calloc, and ast_copy_ha().

Referenced by ast_duplicate_ha_list().

00243 {
00244    struct ast_ha *new_ha;
00245 
00246    if ((new_ha = ast_calloc(1, sizeof(*new_ha)))) {
00247       /* Copy from original to new object */
00248       ast_copy_ha(original, new_ha);
00249    }
00250 
00251    return new_ha;
00252 }

struct ast_ha* ast_duplicate_ha_list ( struct ast_ha original  )  [read]

Duplicate the contents of a list of host access rules.

A deep copy of all ast_has in the list is made. The returned value is allocated on the heap and must be freed independently of the input parameter when finished.

Note:
This function is not actually used anywhere.
Parameters:
original The ast_ha to copy
Return values:
The head of the list of duplicated ast_has

Definition at line 256 of file acl.c.

References ast_duplicate_ha(), and ast_ha::next.

Referenced by create_addr_from_peer().

00257 {
00258    struct ast_ha *start = original;
00259    struct ast_ha *ret = NULL;
00260    struct ast_ha *current, *prev = NULL;
00261 
00262    while (start) {
00263       current = ast_duplicate_ha(start);  /* Create copy of this object */
00264       if (prev) {
00265          prev->next = current;           /* Link previous to this object */
00266       }
00267 
00268       if (!ret) {
00269          ret = current;                  /* Save starting point */
00270       }
00271 
00272       start = start->next;                /* Go to next object */
00273       prev = current;                     /* Save pointer to this object */
00274    }
00275    return ret;                             /* Return start of list */
00276 }

int ast_find_ourip ( struct ast_sockaddr ourip,
const struct ast_sockaddr bindaddr,
int  family 
)

Find our IP address.

This function goes through many iterations in an attempt to find our IP address. If any step along the way should fail, we move to the next item in the list. Here are the steps taken:

  • If bindaddr has a non-zero IP address, that is copied into ourip
  • We use a combination of gethostname and ast_gethostbyname to find our IP address.
  • We use ast_ouraddrfor with 198.41.0.4 as the destination IP address
  • We try some platform-specific socket operations to find the IP address
Parameters:
[out] ourip Our IP address is written here when it is found
bindaddr A hint used for finding our IP. See the steps above for more details
family Only addresses of the given family will be returned. Use 0 or AST_SOCKADDR_UNSPEC to get addresses of all families.
Return values:
0 Success
-1 Failure

Definition at line 744 of file acl.c.

References ast_debug, ast_log(), ast_ouraddrfor(), ast_sockaddr_copy(), ast_sockaddr_is_any(), ast_sockaddr_port, ast_sockaddr_set_port, get_local_address(), LOG_WARNING, MAXHOSTNAMELEN, ourhost, PARSE_PORT_FORBID, and resolve_first().

Referenced by __oh323_rtp_create(), gtalk_get_local_ip(), jingle_create_candidates(), load_module(), and reload_config().

00745 {
00746    char ourhost[MAXHOSTNAMELEN] = "";
00747    struct ast_sockaddr root;
00748    int res, port = ast_sockaddr_port(ourip);
00749 
00750    /* just use the bind address if it is nonzero */
00751    if (!ast_sockaddr_is_any(bindaddr)) {
00752       ast_sockaddr_copy(ourip, bindaddr);
00753       ast_debug(3, "Attached to given IP address\n");
00754       return 0;
00755    }
00756    /* try to use our hostname */
00757    if (gethostname(ourhost, sizeof(ourhost) - 1)) {
00758       ast_log(LOG_WARNING, "Unable to get hostname\n");
00759    } else {
00760       if (resolve_first(ourip, ourhost, PARSE_PORT_FORBID, family) == 0) {
00761          /* reset port since resolve_first wipes this out */
00762          ast_sockaddr_set_port(ourip, port);
00763          return 0;
00764       }
00765    }
00766    ast_debug(3, "Trying to check A.ROOT-SERVERS.NET and get our IP address for that connection\n");
00767    /* A.ROOT-SERVERS.NET. */
00768    if (!resolve_first(&root, "A.ROOT-SERVERS.NET", PARSE_PORT_FORBID, 0) &&
00769        !ast_ouraddrfor(&root, ourip)) {
00770       /* reset port since resolve_first wipes this out */
00771       ast_sockaddr_set_port(ourip, port);
00772       return 0;
00773    }
00774    res = get_local_address(ourip);
00775    ast_sockaddr_set_port(ourip, port);
00776    return res;
00777 }

void ast_free_ha ( struct ast_ha ha  ) 

Free a list of HAs.

Given the head of a list of HAs, it and all appended HAs are freed

Parameters:
ha The head of the list of HAs to free
Return values:
void 

Definition at line 223 of file acl.c.

References ast_free, and ast_ha::next.

Referenced by __init_manager(), __sip_destroy(), add_calltoken_ignore(), ast_append_ha(), build_callno_limits(), build_peer(), build_user(), destroy_gateway(), manager_free_user(), oh323_destroy_peer(), oh323_destroy_user(), peer_destructor(), reload_config(), sip_destroy_peer(), unload_module(), and user_destructor().

00224 {
00225    struct ast_ha *hal;
00226    while (ha) {
00227       hal = ha;
00228       ha = ha->next;
00229       ast_free(hal);
00230    }
00231 }

int ast_get_ip ( struct ast_sockaddr addr,
const char *  hostname 
)

Get the IP address given a hostname.

Similar in nature to ast_gethostbyname, except that instead of getting an entire hostent structure, you instead are given only the IP address inserted into a ast_sockaddr structure.

Parameters:
addr The IP address found. The address family is used as an input parameter to filter the returned addresses. If it is 0, both IPv4 and IPv6 addresses can be returned.
hostname The hostname to look up
Return values:
0 Success
-1 Failure

Definition at line 700 of file acl.c.

References ast_get_ip_or_srv().

Referenced by build_gateway(), build_peer(), build_user(), config_parse_variables(), peer_set_srcaddr(), setup_stunaddr(), and stun_monitor_request().

00701 {
00702    return ast_get_ip_or_srv(addr, hostname, NULL);
00703 }

int ast_get_ip_or_srv ( struct ast_sockaddr addr,
const char *  hostname,
const char *  service 
)

Get the IP address given a hostname and optional service.

If the service parameter is non-NULL, then an SRV lookup will be made by prepending the service to the hostname parameter, separated by a '.' For example, if hostname is "example.com" and service is "_sip._udp" then an SRV lookup will be done for "_sip._udp.example.com". If service is NULL, then this function acts exactly like a call to ast_get_ip.

Parameters:
addr The IP address found. The address family is used as an input parameter to filter the returned addresses. If it is 0, both IPv4 and IPv6 addresses can be returned.
hostname The hostname to look up
service A specific service provided by the host. A NULL service results in an A-record lookup instead of an SRV lookup
Return values:
0 Success
-1 Failure

Definition at line 597 of file acl.c.

References ast_get_srv(), ast_sockaddr_set_port, PARSE_PORT_FORBID, resolve_first(), and ast_sockaddr::ss.

Referenced by ast_get_ip(), create_addr(), dnsmgr_refresh(), internal_dnsmgr_lookup(), and proxy_update().

00598 {
00599    char srv[256];
00600    char host[256];
00601    int srv_ret = 0;
00602    int tportno;
00603 
00604    if (service) {
00605       snprintf(srv, sizeof(srv), "%s.%s", service, hostname);
00606       if ((srv_ret = ast_get_srv(NULL, host, sizeof(host), &tportno, srv)) > 0) {
00607          hostname = host;
00608       }
00609    }
00610 
00611    if (resolve_first(addr, hostname, PARSE_PORT_FORBID, addr->ss.ss_family) != 0) {
00612       return -1;
00613    }
00614 
00615    if (srv_ret > 0) {
00616       ast_sockaddr_set_port(addr, tportno);
00617    }
00618 
00619    return 0;
00620 }

int ast_ouraddrfor ( const struct ast_sockaddr them,
struct ast_sockaddr us 
)

Get our local IP address when contacting a remote host.

This function will attempt to connect(2) to them over UDP using a source port of 5060. If the connect(2) call is successful, then we inspect the sockaddr_in output parameter of connect(2) to determine the IP address used to connect to them. This IP address is then copied into us.

Parameters:
them The IP address to which we wish to attempt to connect
[out] us The source IP address used to connect to them
Return values:
-1 Failure
0 Success

Definition at line 705 of file acl.c.

References ast_connect(), ast_debug, ast_getsockname(), ast_log(), ast_sockaddr_is_ipv6(), ast_sockaddr_port, ast_sockaddr_set_port, ast_sockaddr_stringify_addr(), ast_strdupa, LOG_ERROR, and LOG_WARNING.

Referenced by ast_find_ourip(), ast_sip_ouraddrfor(), build_gateway(), find_subchannel_and_lock(), gtalk_get_local_ip(), and sip_acf_channel_read().

00706 {
00707    int port;
00708    int s;
00709 
00710    port = ast_sockaddr_port(us);
00711 
00712    if ((s = socket(ast_sockaddr_is_ipv6(them) ? AF_INET6 : AF_INET,
00713          SOCK_DGRAM, 0)) < 0) {
00714       ast_log(LOG_ERROR, "Cannot create socket\n");
00715       return -1;
00716    }
00717 
00718    if (ast_connect(s, them)) {
00719       ast_log(LOG_WARNING, "Cannot connect\n");
00720       close(s);
00721       return -1;
00722    }
00723    if (ast_getsockname(s, us)) {
00724 
00725       ast_log(LOG_WARNING, "Cannot get socket name\n");
00726       close(s);
00727       return -1;
00728    }
00729    close(s);
00730 
00731    {
00732       const char *them_addr = ast_strdupa(ast_sockaddr_stringify_addr(them));
00733       const char *us_addr = ast_strdupa(ast_sockaddr_stringify_addr(us));
00734 
00735       ast_debug(3, "For destination '%s', our source address is '%s'.\n",
00736             them_addr, us_addr);
00737    }
00738 
00739    ast_sockaddr_set_port(us, port);
00740 
00741    return 0;
00742 }

int ast_str2cos ( const char *  value,
unsigned int *  cos 
)

Convert a string to the appropriate COS value.

Parameters:
value The COS string to convert
[out] cos The integer representation of that COS value
Return values:
-1 Failure
0 Success

Definition at line 653 of file acl.c.

Referenced by config_parse_variables(), reload_config(), and set_config().

00654 {
00655    int fval;
00656 
00657    if (sscanf(value, "%30d", &fval) == 1) {
00658       if (fval < 8) {
00659           *cos = fval;
00660           return 0;
00661       }
00662    }
00663 
00664    return -1;
00665 }

int ast_str2tos ( const char *  value,
unsigned int *  tos 
)

Convert a string to the appropriate TOS value.

Parameters:
value The TOS string to convert
[out] tos The integer representation of that TOS value
Return values:
-1 Failure
0 Success

Definition at line 667 of file acl.c.

References ARRAY_LEN, name, and dscp_codepoint::space.

Referenced by config_parse_variables(), iax_template_parse(), reload_config(), and set_config().

00668 {
00669    int fval;
00670    unsigned int x;
00671 
00672    if (sscanf(value, "%30i", &fval) == 1) {
00673       *tos = fval & 0xFF;
00674       return 0;
00675    }
00676 
00677    for (x = 0; x < ARRAY_LEN(dscp_pool1); x++) {
00678       if (!strcasecmp(value, dscp_pool1[x].name)) {
00679          *tos = dscp_pool1[x].space << 2;
00680          return 0;
00681       }
00682    }
00683 
00684    return -1;
00685 }

const char* ast_tos2str ( unsigned int  tos  ) 

Convert a TOS value into its string representation.

Parameters:
tos The TOS value to look up
Returns:
The string equivalent of the TOS value

Definition at line 687 of file acl.c.

References ARRAY_LEN, dscp_codepoint::name, and dscp_codepoint::space.

Referenced by sip_show_settings().

00688 {
00689    unsigned int x;
00690 
00691    for (x = 0; x < ARRAY_LEN(dscp_pool1); x++) {
00692       if (dscp_pool1[x].space == (tos >> 2)) {
00693          return dscp_pool1[x].name;
00694       }
00695    }
00696 
00697    return "unknown";
00698 }

static int get_local_address ( struct ast_sockaddr ourip  )  [static]

Definition at line 119 of file acl.c.

References ast_sockaddr_setnull(), free, malloc, score_address(), and ast_sockaddr::ss.

Referenced by ast_find_ourip().

00120 {
00121    int s, res = -1;
00122 #ifdef SOLARIS
00123    struct lifreq *ifr = NULL;
00124    struct lifnum ifn;
00125    struct lifconf ifc;
00126    struct sockaddr_in *sa;
00127    char *buf = NULL;
00128    int bufsz, x;
00129 #endif /* SOLARIS */
00130 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__)
00131    struct ifaddrs *ifap, *ifaphead;
00132    int rtnerr;
00133    const struct sockaddr_in *sin;
00134 #endif /* BSD_OR_LINUX */
00135    struct in_addr best_addr;
00136    int best_score = -100;
00137    memset(&best_addr, 0, sizeof(best_addr));
00138 
00139 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__)
00140    rtnerr = getifaddrs(&ifaphead);
00141    if (rtnerr) {
00142       perror(NULL);
00143       return -1;
00144    }
00145 #endif /* BSD_OR_LINUX */
00146 
00147    s = socket(AF_INET, SOCK_STREAM, 0);
00148 
00149    if (s > 0) {
00150 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__)
00151       for (ifap = ifaphead; ifap; ifap = ifap->ifa_next) {
00152 
00153          if (ifap->ifa_addr && ifap->ifa_addr->sa_family == AF_INET) {
00154             sin = (const struct sockaddr_in *) ifap->ifa_addr;
00155             score_address(sin, &best_addr, &best_score);
00156             res = 0;
00157 
00158             if (best_score == 0) {
00159                break;
00160             }
00161          }
00162       }
00163 #endif /* BSD_OR_LINUX */
00164 
00165       /* There is no reason whatsoever that this shouldn't work on Linux or BSD also. */
00166 #ifdef SOLARIS
00167       /* Get a count of interfaces on the machine */
00168       ifn.lifn_family = AF_INET;
00169       ifn.lifn_flags = 0;
00170       ifn.lifn_count = 0;
00171       if (ioctl(s, SIOCGLIFNUM, &ifn) < 0) {
00172          close(s);
00173          return -1;
00174       }
00175 
00176       bufsz = ifn.lifn_count * sizeof(struct lifreq);
00177       if (!(buf = malloc(bufsz))) {
00178          close(s);
00179          return -1;
00180       }
00181       memset(buf, 0, bufsz);
00182 
00183       /* Get a list of interfaces on the machine */
00184       ifc.lifc_len = bufsz;
00185       ifc.lifc_buf = buf;
00186       ifc.lifc_family = AF_INET;
00187       ifc.lifc_flags = 0;
00188       if (ioctl(s, SIOCGLIFCONF, &ifc) < 0) {
00189          close(s);
00190          free(buf);
00191          return -1;
00192       }
00193 
00194       for (ifr = ifc.lifc_req, x = 0; x < ifn.lifn_count; ifr++, x++) {
00195          sa = (struct sockaddr_in *)&(ifr->lifr_addr);
00196          score_address(sa, &best_addr, &best_score);
00197          res = 0;
00198 
00199          if (best_score == 0) {
00200             break;
00201          }
00202       }
00203 
00204       free(buf);
00205 #endif /* SOLARIS */
00206 
00207       close(s);
00208    }
00209 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__)
00210    freeifaddrs(ifaphead);
00211 #endif /* BSD_OR_LINUX */
00212 
00213    if (res == 0 && ourip) {
00214       ast_sockaddr_setnull(ourip);
00215       ourip->ss.ss_family = AF_INET;
00216       ((struct sockaddr_in *)&ourip->ss)->sin_addr = best_addr;
00217    }
00218    return res;
00219 }

static int parse_cidr_mask ( struct ast_sockaddr addr,
int  is_v4,
const char *  mask_str 
) [static]

Parse a netmask in CIDR notation.

For a mask of an IPv4 address, this should be a number between 0 and 32. For a mask of an IPv6 address, this should be a number between 0 and 128. This function creates an IPv6 ast_sockaddr from the given netmask. For masks of IPv4 addresses, this is accomplished by adding 96 to the original netmask.

Parameters:
[out] addr The ast_sockaddr produced from the CIDR netmask
is_v4 Tells if the address we are masking is IPv4.
mask_str The CIDR mask to convert
Return values:
-1 Failure
0 Success

Definition at line 351 of file acl.c.

References ast_sockaddr_from_sin, ast_sockaddr::len, ast_sockaddr::ss, and V6_WORD.

Referenced by ast_append_ha().

00352 {
00353    int mask;
00354 
00355    if (sscanf(mask_str, "%30d", &mask) != 1) {
00356       return -1;
00357    }
00358 
00359    if (is_v4) {
00360       struct sockaddr_in sin;
00361       if (mask < 0 || mask > 32) {
00362          return -1;
00363       }
00364       memset(&sin, 0, sizeof(sin));
00365       sin.sin_family = AF_INET;
00366       /* If mask is 0, then we already have the
00367        * appropriate all 0s address in sin from
00368        * the above memset.
00369        */
00370       if (mask != 0) {
00371          sin.sin_addr.s_addr = htonl(0xFFFFFFFF << (32 - mask));
00372       }
00373       ast_sockaddr_from_sin(addr, &sin);
00374    } else {
00375       struct sockaddr_in6 sin6;
00376       int i;
00377       if (mask < 0 || mask > 128) {
00378          return -1;
00379       }
00380       memset(&sin6, 0, sizeof(sin6));
00381       sin6.sin6_family = AF_INET6;
00382       for (i = 0; i < 4; ++i) {
00383          /* Once mask reaches 0, we don't have
00384           * to explicitly set anything anymore
00385           * since sin6 was zeroed out already
00386           */
00387          if (mask > 0) {
00388             V6_WORD(&sin6, i) = htonl(0xFFFFFFFF << (mask < 32 ? (32 - mask) : 0));
00389             mask -= mask < 32 ? mask : 32;
00390          }
00391       }
00392       memcpy(&addr->ss, &sin6, sizeof(sin6));
00393       addr->len = sizeof(sin6);
00394    }
00395 
00396    return 0;
00397 }

static int resolve_first ( struct ast_sockaddr addr,
const char *  name,
int  flag,
int  family 
) [static]

Definition at line 576 of file acl.c.

References ast_debug, ast_free, ast_log(), ast_sockaddr_copy(), ast_sockaddr_resolve(), and LOG_WARNING.

Referenced by ast_find_ourip(), and ast_get_ip_or_srv().

00578 {
00579    struct ast_sockaddr *addrs;
00580    int addrs_cnt;
00581 
00582    addrs_cnt = ast_sockaddr_resolve(&addrs, name, flag, family);
00583    if (addrs_cnt > 0) {
00584       if (addrs_cnt > 1) {
00585          ast_debug(1, "Multiple addresses. Using the first only\n");
00586       }
00587       ast_sockaddr_copy(addr, &addrs[0]);
00588       ast_free(addrs);
00589    } else {
00590       ast_log(LOG_WARNING, "Unable to lookup '%s'\n", name);
00591       return -1;
00592    }
00593 
00594    return 0;
00595 }

static void score_address ( const struct sockaddr_in *  sin,
struct in_addr *  best_addr,
int *  best_score 
) [static]

Note:
Better score than a test network, but not quite as good as RFC 1918 address space. The reason is that some Linux distributions automatically configure a Zeroconf address before trying DHCP, so we want to prefer a DHCP lease to a Zeroconf address.

Definition at line 60 of file acl.c.

References ast_inet_ntoa().

Referenced by get_local_address().

00061 {
00062    const char *address;
00063    int score;
00064 
00065    address = ast_inet_ntoa(sin->sin_addr);
00066 
00067    /* RFC 1700 alias for the local network */
00068    if (address[0] == '0') {
00069       score = -25;
00070    /* RFC 1700 localnet */
00071    } else if (strncmp(address, "127", 3) == 0) {
00072       score = -20;
00073    /* RFC 1918 non-public address space */
00074    } else if (strncmp(address, "10.", 3) == 0) {
00075       score = -5;
00076    /* RFC 1918 non-public address space */
00077    } else if (strncmp(address, "172", 3) == 0) {
00078       /* 172.16.0.0 - 172.19.255.255, but not 172.160.0.0 - 172.169.255.255 */
00079       if (address[4] == '1' && address[5] >= '6' && address[6] == '.') {
00080          score = -5;
00081       /* 172.20.0.0 - 172.29.255.255, but not 172.200.0.0 - 172.255.255.255 nor 172.2.0.0 - 172.2.255.255 */
00082       } else if (address[4] == '2' && address[6] == '.') {
00083          score = -5;
00084       /* 172.30.0.0 - 172.31.255.255, but not 172.3.0.0 - 172.3.255.255 */
00085       } else if (address[4] == '3' && (address[5] == '0' || address[5] == '1')) {
00086          score = -5;
00087       /* All other 172 addresses are public */
00088       } else {
00089          score = 0;
00090       }
00091    /* RFC 2544 Benchmark test range (198.18.0.0 - 198.19.255.255, but not 198.180.0.0 - 198.199.255.255) */
00092    } else if (strncmp(address, "198.1", 5) == 0 && address[5] >= '8' && address[6] == '.') {
00093       score = -10;
00094    /* RFC 1918 non-public address space */
00095    } else if (strncmp(address, "192.168", 7) == 0) {
00096       score = -5;
00097    /* RFC 3330 Zeroconf network */
00098    } else if (strncmp(address, "169.254", 7) == 0) {
00099       /*!\note Better score than a test network, but not quite as good as RFC 1918
00100        * address space.  The reason is that some Linux distributions automatically
00101        * configure a Zeroconf address before trying DHCP, so we want to prefer a
00102        * DHCP lease to a Zeroconf address.
00103        */
00104       score = -10;
00105    /* RFC 3330 Test network */
00106    } else if (strncmp(address, "192.0.2.", 8) == 0) {
00107       score = -15;
00108    /* Every other address should be publically routable */
00109    } else {
00110       score = 0;
00111    }
00112 
00113    if (score > *best_score) {
00114       *best_score = score;
00115       memcpy(best_addr, &sin->sin_addr, sizeof(*best_addr));
00116    }
00117 }


Variable Documentation

struct dscp_codepoint dscp_pool1[] [static]

Definition at line 629 of file acl.c.


Generated on 17 Aug 2018 for Asterisk - The Open Source Telephony Project by  doxygen 1.6.1