diff options
author | Jenkins2 <jenkins2@gerrit.asterisk.org> | 2017-09-06 10:17:06 -0500 |
---|---|---|
committer | Gerrit Code Review <gerrit2@gerrit.digium.api> | 2017-09-06 10:17:06 -0500 |
commit | 23f22a36471075a7694b5ad2b917769e5aaba99e (patch) | |
tree | 5a4779a06a091c52c955d079aab162f9ab2cbb18 | |
parent | 3025b47e8f54169d8fe0bc26203a0b7ecaf4ff31 (diff) | |
parent | f856d9b42ba7471e7eb57dd9221f971e46a234ce (diff) |
Merge "res/res_pjsip: Standardize/fix localnet checks across pjsip."
-rw-r--r-- | include/asterisk/res_pjsip.h | 11 | ||||
-rw-r--r-- | main/acl.c | 4 | ||||
-rw-r--r-- | res/res_pjsip/config_transport.c | 4 | ||||
-rw-r--r-- | res/res_pjsip_nat.c | 2 | ||||
-rw-r--r-- | res/res_pjsip_sdp_rtp.c | 3 | ||||
-rw-r--r-- | res/res_pjsip_session.c | 3 | ||||
-rw-r--r-- | res/res_pjsip_t38.c | 3 |
7 files changed, 19 insertions, 11 deletions
diff --git a/include/asterisk/res_pjsip.h b/include/asterisk/res_pjsip.h index e2c487aa3..ad881382c 100644 --- a/include/asterisk/res_pjsip.h +++ b/include/asterisk/res_pjsip.h @@ -98,7 +98,10 @@ struct ast_sip_transport_state { */ pj_ssl_cipher ciphers[SIP_TLS_MAX_CIPHERS]; /*! - * Optional local network information, used for NAT purposes + * Optional local network information, used for NAT purposes. + * "deny" (set) means that it's in the local network. Use the + * ast_sip_transport_is_nonlocal and ast_sip_transport_is_local + * macro's. * \since 13.8.0 */ struct ast_ha *localnet; @@ -124,6 +127,12 @@ struct ast_sip_transport_state { struct ast_sockaddr external_media_address; }; +#define ast_sip_transport_is_nonlocal(transport_state, addr) \ + (!transport_state->localnet || ast_apply_ha(transport_state->localnet, addr) == AST_SENSE_ALLOW) + +#define ast_sip_transport_is_local(transport_state, addr) \ + (transport_state->localnet && ast_apply_ha(transport_state->localnet, addr) != AST_SENSE_ALLOW) + /* * \brief Transport to bind to */ diff --git a/main/acl.c b/main/acl.c index 31945676b..6868ea12e 100644 --- a/main/acl.c +++ b/main/acl.c @@ -737,8 +737,8 @@ enum ast_acl_sense ast_apply_ha(const struct ast_ha *ha, const struct ast_sockad char iabuf[INET_ADDRSTRLEN]; char iabuf2[INET_ADDRSTRLEN]; /* DEBUG */ - ast_copy_string(iabuf, ast_inet_ntoa(sin->sin_addr), sizeof(iabuf)); - ast_copy_string(iabuf2, ast_inet_ntoa(ha->netaddr), sizeof(iabuf2)); + ast_copy_string(iabuf, ast_sockaddr_stringify(addr), sizeof(iabuf)); + ast_copy_string(iabuf2, ast_sockaddr_stringify(¤t_ha->addr), sizeof(iabuf2)); ast_debug(1, "##### Testing %s with %s\n", iabuf, iabuf2); #endif if (ast_sockaddr_is_ipv4(¤t_ha->addr)) { diff --git a/res/res_pjsip/config_transport.c b/res/res_pjsip/config_transport.c index 5f7eafa1c..0c804b82a 100644 --- a/res/res_pjsip/config_transport.c +++ b/res/res_pjsip/config_transport.c @@ -1127,7 +1127,9 @@ static int transport_localnet_handler(const struct aco_option *opt, struct ast_v return 0; } - if (!(state->localnet = ast_append_ha("d", var->value, state->localnet, &error))) { + /* We use only the ast_apply_ha() which defaults to ALLOW + * ("permit"), so we add DENY rules. */ + if (!(state->localnet = ast_append_ha("deny", var->value, state->localnet, &error))) { return -1; } diff --git a/res/res_pjsip_nat.c b/res/res_pjsip_nat.c index 45b0d7ce6..e1d56e6af 100644 --- a/res/res_pjsip_nat.c +++ b/res/res_pjsip_nat.c @@ -267,7 +267,7 @@ static pj_status_t nat_on_tx_message(pjsip_tx_data *tdata) ast_sockaddr_set_port(&addr, tdata->tp_info.dst_port); /* See if where we are sending this request is local or not, and if not that we can get a Contact URI to modify */ - if (ast_apply_ha(transport_state->localnet, &addr) != AST_SENSE_ALLOW) { + if (ast_sip_transport_is_local(transport_state, &addr)) { ast_debug(5, "Request is being sent to local address, skipping NAT manipulation\n"); return PJ_SUCCESS; } diff --git a/res/res_pjsip_sdp_rtp.c b/res/res_pjsip_sdp_rtp.c index b082b1d89..9110a1c42 100644 --- a/res/res_pjsip_sdp_rtp.c +++ b/res/res_pjsip_sdp_rtp.c @@ -1818,8 +1818,7 @@ static void change_outgoing_sdp_stream_media_address(pjsip_tx_data *tdata, struc ast_sockaddr_parse(&addr, host, PARSE_PORT_FORBID); /* Is the address within the SDP inside the same network? */ - if (transport_state->localnet - && ast_apply_ha(transport_state->localnet, &addr) == AST_SENSE_ALLOW) { + if (ast_sip_transport_is_local(transport_state, &addr)) { return; } ast_debug(5, "Setting media address to %s\n", ast_sockaddr_stringify_host(&transport_state->external_media_address)); diff --git a/res/res_pjsip_session.c b/res/res_pjsip_session.c index f6b3b937a..545113f56 100644 --- a/res/res_pjsip_session.c +++ b/res/res_pjsip_session.c @@ -3968,8 +3968,7 @@ static void session_outgoing_nat_hook(pjsip_tx_data *tdata, struct ast_sip_trans ast_copy_pj_str(host, &sdp->conn->addr, sizeof(host)); ast_sockaddr_parse(&addr, host, PARSE_PORT_FORBID); - if (!transport_state->localnet - || ast_apply_ha(transport_state->localnet, &addr) != AST_SENSE_ALLOW) { + if (ast_sip_transport_is_nonlocal(transport_state, &addr)) { ast_debug(5, "Setting external media address to %s\n", ast_sockaddr_stringify_host(&transport_state->external_media_address)); pj_strdup2(tdata->pool, &sdp->conn->addr, ast_sockaddr_stringify_host(&transport_state->external_media_address)); } diff --git a/res/res_pjsip_t38.c b/res/res_pjsip_t38.c index ce914a1e8..6dec6ef5e 100644 --- a/res/res_pjsip_t38.c +++ b/res/res_pjsip_t38.c @@ -963,8 +963,7 @@ static void change_outgoing_sdp_stream_media_address(pjsip_tx_data *tdata, struc ast_sockaddr_parse(&addr, host, PARSE_PORT_FORBID); /* Is the address within the SDP inside the same network? */ - if (transport_state->localnet - && ast_apply_ha(transport_state->localnet, &addr) == AST_SENSE_ALLOW) { + if (ast_sip_transport_is_local(transport_state, &addr)) { return; } ast_debug(5, "Setting media address to %s\n", ast_sockaddr_stringify_host(&transport_state->external_media_address)); |