Merge "res/res_pjsip: Standardize/fix localnet checks across pjsip." into 14

author: Jenkins2 <jenkins2@gerrit.asterisk.org> 2017-09-06 10:08:23 -0500
committer: Gerrit Code Review <gerrit2@gerrit.digium.api> 2017-09-06 10:08:23 -0500
commit: d742de0309993dfb821657a7e54f6dbe6989a264 (patch)
tree: faa4a8260a5d9b04427447d4af65ee5abc4517df
parent: 63102d9632219865300a60f343e9b08d6c72ef93 (diff)
parent: 632a1b442d6f1c37451d505ba30eacd7c48527e0 (diff)
7 files changed, 19 insertions, 11 deletions
diff --git a/include/asterisk/res_pjsip.h b/include/asterisk/res_pjsip.h
index efc0cd019..18661dffe 100644
--- a/include/asterisk/res_pjsip.h
+++ b/include/asterisk/res_pjsip.h
@@ -98,7 +98,10 @@ struct ast_sip_transport_state {
 	 */
 	pj_ssl_cipher ciphers[SIP_TLS_MAX_CIPHERS];
 	/*!
-	 * Optional local network information, used for NAT purposes
+	 * Optional local network information, used for NAT purposes.
+	 * "deny" (set) means that it's in the local network. Use the
+	 * ast_sip_transport_is_nonlocal and ast_sip_transport_is_local
+	 * macro's.
 	 * \since 13.8.0
 	 */
 	struct ast_ha *localnet;
@@ -124,6 +127,12 @@ struct ast_sip_transport_state {
 	struct ast_sockaddr external_media_address;
 };
 
+#define ast_sip_transport_is_nonlocal(transport_state, addr) \
+	(!transport_state->localnet || ast_apply_ha(transport_state->localnet, addr) == AST_SENSE_ALLOW)
+
+#define ast_sip_transport_is_local(transport_state, addr) \
+	(transport_state->localnet && ast_apply_ha(transport_state->localnet, addr) != AST_SENSE_ALLOW)
+
 /*
  * \brief Transport to bind to
  */
diff --git a/main/acl.c b/main/acl.c
index 6aeff403f..237d77d59 100644
--- a/main/acl.c
+++ b/main/acl.c
@@ -739,8 +739,8 @@ enum ast_acl_sense ast_apply_ha(const struct ast_ha *ha, const struct ast_sockad
 		char iabuf[INET_ADDRSTRLEN];
 		char iabuf2[INET_ADDRSTRLEN];
 		/* DEBUG */
-		ast_copy_string(iabuf, ast_inet_ntoa(sin->sin_addr), sizeof(iabuf));
-		ast_copy_string(iabuf2, ast_inet_ntoa(ha->netaddr), sizeof(iabuf2));
+		ast_copy_string(iabuf, ast_sockaddr_stringify(addr), sizeof(iabuf));
+		ast_copy_string(iabuf2, ast_sockaddr_stringify(&current_ha->addr), sizeof(iabuf2));
 		ast_debug(1, "##### Testing %s with %s\n", iabuf, iabuf2);
 #endif
 		if (ast_sockaddr_is_ipv4(&current_ha->addr)) {
diff --git a/res/res_pjsip/config_transport.c b/res/res_pjsip/config_transport.c
index 5f7eafa1c..0c804b82a 100644
--- a/res/res_pjsip/config_transport.c
+++ b/res/res_pjsip/config_transport.c
@@ -1127,7 +1127,9 @@ static int transport_localnet_handler(const struct aco_option *opt, struct ast_v
 		return 0;
 	}
 
-	if (!(state->localnet = ast_append_ha("d", var->value, state->localnet, &error))) {
+	/* We use only the ast_apply_ha() which defaults to ALLOW
+	 * ("permit"), so we add DENY rules. */
+	if (!(state->localnet = ast_append_ha("deny", var->value, state->localnet, &error))) {
 		return -1;
 	}
 
diff --git a/res/res_pjsip_nat.c b/res/res_pjsip_nat.c
index 45b0d7ce6..e1d56e6af 100644
--- a/res/res_pjsip_nat.c
+++ b/res/res_pjsip_nat.c
@@ -267,7 +267,7 @@ static pj_status_t nat_on_tx_message(pjsip_tx_data *tdata)
 		ast_sockaddr_set_port(&addr, tdata->tp_info.dst_port);
 
 		/* See if where we are sending this request is local or not, and if not that we can get a Contact URI to modify */
-		if (ast_apply_ha(transport_state->localnet, &addr) != AST_SENSE_ALLOW) {
+		if (ast_sip_transport_is_local(transport_state, &addr)) {
 			ast_debug(5, "Request is being sent to local address, skipping NAT manipulation\n");
 			return PJ_SUCCESS;
 		}
diff --git a/res/res_pjsip_sdp_rtp.c b/res/res_pjsip_sdp_rtp.c
index 850d04d9c..b77994bff 100644
--- a/res/res_pjsip_sdp_rtp.c
+++ b/res/res_pjsip_sdp_rtp.c
@@ -1535,8 +1535,7 @@ static void change_outgoing_sdp_stream_media_address(pjsip_tx_data *tdata, struc
 	ast_sockaddr_parse(&addr, host, PARSE_PORT_FORBID);
 
 	/* Is the address within the SDP inside the same network? */
-	if (transport_state->localnet
-		&& ast_apply_ha(transport_state->localnet, &addr) == AST_SENSE_ALLOW) {
+	if (ast_sip_transport_is_local(transport_state, &addr)) {
 		return;
 	}
 	ast_debug(5, "Setting media address to %s\n", ast_sockaddr_stringify_host(&transport_state->external_media_address));
diff --git a/res/res_pjsip_session.c b/res/res_pjsip_session.c
index 42d37fe0c..e7ee05538 100644
--- a/res/res_pjsip_session.c
+++ b/res/res_pjsip_session.c
@@ -3227,8 +3227,7 @@ static void session_outgoing_nat_hook(pjsip_tx_data *tdata, struct ast_sip_trans
 		ast_copy_pj_str(host, &sdp->conn->addr, sizeof(host));
 		ast_sockaddr_parse(&addr, host, PARSE_PORT_FORBID);
 
-		if (!transport_state->localnet
-			|| ast_apply_ha(transport_state->localnet, &addr) != AST_SENSE_ALLOW) {
+		if (ast_sip_transport_is_nonlocal(transport_state, &addr)) {
 			ast_debug(5, "Setting external media address to %s\n", ast_sockaddr_stringify_host(&transport_state->external_media_address));
 			pj_strdup2(tdata->pool, &sdp->conn->addr, ast_sockaddr_stringify_host(&transport_state->external_media_address));
 		}
diff --git a/res/res_pjsip_t38.c b/res/res_pjsip_t38.c
index 82b1c92b2..e3288587c 100644
--- a/res/res_pjsip_t38.c
+++ b/res/res_pjsip_t38.c
@@ -882,8 +882,7 @@ static void change_outgoing_sdp_stream_media_address(pjsip_tx_data *tdata, struc
 	ast_sockaddr_parse(&addr, host, PARSE_PORT_FORBID);
 
 	/* Is the address within the SDP inside the same network? */
-	if (transport_state->localnet
-		&& ast_apply_ha(transport_state->localnet, &addr) == AST_SENSE_ALLOW) {
+	if (ast_sip_transport_is_local(transport_state, &addr)) {
 		return;
 	}
 	ast_debug(5, "Setting media address to %s\n", ast_sockaddr_stringify_host(&transport_state->external_media_address));
author	Jenkins2 <jenkins2@gerrit.asterisk.org>	2017-09-06 10:08:23 -0500
committer	Gerrit Code Review <gerrit2@gerrit.digium.api>	2017-09-06 10:08:23 -0500
commit	d742de0309993dfb821657a7e54f6dbe6989a264 (patch)
tree	faa4a8260a5d9b04427447d4af65ee5abc4517df
parent	63102d9632219865300a60f343e9b08d6c72ef93 (diff)
parent	632a1b442d6f1c37451d505ba30eacd7c48527e0 (diff)