kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-22 05:06:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

res/res_pjsip: Standardize/fix localnet checks across pjsip.

Browse Source 
In 2dee95cc (ASTERISK-27024) and 776ffd77 (ASTERISK-26879) there was
confusion about whether the transport_state->localnet ACL has ALLOW or
DENY semantics.

For the record: the localnet has DENY semantics, meaning that "not in
the list" means ALLOW, and the local nets are in the list.

Therefore, checks like this look wrong, but are right:

    /* See if where we are sending this request is local or not, and if
       not that we can get a Contact URI to modify */
    if (ast_apply_ha(transport_state->localnet, &addr) != AST_SENSE_ALLOW) {
        ast_debug(5, "Request is being sent to local address, "
                     "skipping NAT manipulation\n");

(In the list == localnet == DENY == skip NAT manipulation.)

And conversely, other checks that looked right, were wrong.

This change adds two macro's to reduce the confusion and uses those
instead:

    ast_sip_transport_is_nonlocal(transport_state, addr)
    ast_sip_transport_is_local(transport_state, addr)

ASTERISK-27248 #close

Change-Id: Ie7767519eb5a822c4848e531a53c0fd054fae934
This commit is contained in:
Walter Doekes
2017-09-05 16:16:01 +02:00
parent 7b240d1734
commit 45744fc53d
7 changed files with 19 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
include/asterisk/res_pjsip.h
View File

@@ -98,7 +98,10 @@ struct ast_sip_transport_state {
*/ */
pj_ssl_cipher ciphers[SIP_TLS_MAX_CIPHERS]; pj_ssl_cipher ciphers[SIP_TLS_MAX_CIPHERS];
/*! /*!
* Optional local network information, used for NAT purposes * Optional local network information, used for NAT purposes.
* "deny" (set) means that it's in the local network. Use the
* ast_sip_transport_is_nonlocal and ast_sip_transport_is_local
* macro's.
* \since 13.8.0 * \since 13.8.0
*/ */
struct ast_ha *localnet; struct ast_ha *localnet;
@@ -124,6 +127,12 @@ struct ast_sip_transport_state {
struct ast_sockaddr external_media_address; struct ast_sockaddr external_media_address;
}; };
#define ast_sip_transport_is_nonlocal(transport_state, addr) \
(!transport_state->localnet || ast_apply_ha(transport_state->localnet, addr) == AST_SENSE_ALLOW)
#define ast_sip_transport_is_local(transport_state, addr) \
(transport_state->localnet && ast_apply_ha(transport_state->localnet, addr) != AST_SENSE_ALLOW)
/* /*
* \brief Transport to bind to * \brief Transport to bind to
*/ */

4
main/acl.c
View File

@@ -739,8 +739,8 @@ enum ast_acl_sense ast_apply_ha(const struct ast_ha *ha, const struct ast_sockad
char iabuf[INET_ADDRSTRLEN]; char iabuf[INET_ADDRSTRLEN];
char iabuf2[INET_ADDRSTRLEN]; char iabuf2[INET_ADDRSTRLEN];
/* DEBUG */ /* DEBUG */
ast_copy_string(iabuf, ast_inet_ntoa(sin->sin_addr), sizeof(iabuf)); ast_copy_string(iabuf, ast_sockaddr_stringify(addr), sizeof(iabuf));
ast_copy_string(iabuf2, ast_inet_ntoa(ha->netaddr), sizeof(iabuf2)); ast_copy_string(iabuf2, ast_sockaddr_stringify(&current_ha->addr), sizeof(iabuf2));
ast_debug(1, "##### Testing %s with %s\n", iabuf, iabuf2); ast_debug(1, "##### Testing %s with %s\n", iabuf, iabuf2);
#endif #endif
if (ast_sockaddr_is_ipv4(&current_ha->addr)) { if (ast_sockaddr_is_ipv4(&current_ha->addr)) {

4
res/res_pjsip/config_transport.c
View File

@@ -1127,7 +1127,9 @@ static int transport_localnet_handler(const struct aco_option *opt, struct ast_v
return 0; return 0;
} }
if (!(state->localnet = ast_append_ha("d", var->value, state->localnet, &error))) { /* We use only the ast_apply_ha() which defaults to ALLOW
* ("permit"), so we add DENY rules. */
if (!(state->localnet = ast_append_ha("deny", var->value, state->localnet, &error))) {
return -1; return -1;
} }

2
res/res_pjsip_nat.c
View File

@@ -267,7 +267,7 @@ static pj_status_t nat_on_tx_message(pjsip_tx_data *tdata)
ast_sockaddr_set_port(&addr, tdata->tp_info.dst_port); ast_sockaddr_set_port(&addr, tdata->tp_info.dst_port);
/* See if where we are sending this request is local or not, and if not that we can get a Contact URI to modify */ /* See if where we are sending this request is local or not, and if not that we can get a Contact URI to modify */
if (ast_apply_ha(transport_state->localnet, &addr) != AST_SENSE_ALLOW) { if (ast_sip_transport_is_local(transport_state, &addr)) {
ast_debug(5, "Request is being sent to local address, skipping NAT manipulation\n"); ast_debug(5, "Request is being sent to local address, skipping NAT manipulation\n");
return PJ_SUCCESS; return PJ_SUCCESS;
} }

3
res/res_pjsip_sdp_rtp.c
View File

@@ -1517,8 +1517,7 @@ static void change_outgoing_sdp_stream_media_address(pjsip_tx_data *tdata, struc
ast_sockaddr_parse(&addr, host, PARSE_PORT_FORBID); ast_sockaddr_parse(&addr, host, PARSE_PORT_FORBID);
/* Is the address within the SDP inside the same network? */ /* Is the address within the SDP inside the same network? */
if (transport_state->localnet if (ast_sip_transport_is_local(transport_state, &addr)) {
&& ast_apply_ha(transport_state->localnet, &addr) == AST_SENSE_ALLOW) {
return; return;
} }
ast_debug(5, "Setting media address to %s\n", ast_sockaddr_stringify_host(&transport_state->external_media_address)); ast_debug(5, "Setting media address to %s\n", ast_sockaddr_stringify_host(&transport_state->external_media_address));

3
res/res_pjsip_session.c
View File

@@ -3195,8 +3195,7 @@ static void session_outgoing_nat_hook(pjsip_tx_data *tdata, struct ast_sip_trans
ast_copy_pj_str(host, &sdp->conn->addr, sizeof(host)); ast_copy_pj_str(host, &sdp->conn->addr, sizeof(host));
ast_sockaddr_parse(&addr, host, PARSE_PORT_FORBID); ast_sockaddr_parse(&addr, host, PARSE_PORT_FORBID);
if (!transport_state->localnet if (ast_sip_transport_is_nonlocal(transport_state, &addr)) {
|| ast_apply_ha(transport_state->localnet, &addr) != AST_SENSE_ALLOW) {
ast_debug(5, "Setting external media address to %s\n", ast_sockaddr_stringify_host(&transport_state->external_media_address)); ast_debug(5, "Setting external media address to %s\n", ast_sockaddr_stringify_host(&transport_state->external_media_address));
pj_strdup2(tdata->pool, &sdp->conn->addr, ast_sockaddr_stringify_host(&transport_state->external_media_address)); pj_strdup2(tdata->pool, &sdp->conn->addr, ast_sockaddr_stringify_host(&transport_state->external_media_address));
} }

3
res/res_pjsip_t38.c
View File

@@ -881,8 +881,7 @@ static void change_outgoing_sdp_stream_media_address(pjsip_tx_data *tdata, struc
ast_sockaddr_parse(&addr, host, PARSE_PORT_FORBID); ast_sockaddr_parse(&addr, host, PARSE_PORT_FORBID);
/* Is the address within the SDP inside the same network? */ /* Is the address within the SDP inside the same network? */
if (transport_state->localnet if (ast_sip_transport_is_local(transport_state, &addr)) {
&& ast_apply_ha(transport_state->localnet, &addr) == AST_SENSE_ALLOW) {
return; return;
} }
ast_debug(5, "Setting media address to %s\n", ast_sockaddr_stringify_host(&transport_state->external_media_address)); ast_debug(5, "Setting media address to %s\n", ast_sockaddr_stringify_host(&transport_state->external_media_address));