diff options
| author | Alexei Gradinari <alex2grad@gmail.com> | 2016-05-13 12:46:52 -0400 |
|---|---|---|
| committer | Alexei Gradinari <alex2grad@gmail.com> | 2016-05-13 12:46:52 -0400 |
| commit | 69a85a519f0f5acc11d167a500b99806530ff822 (patch) | |
| tree | 08aea51d3ba0c35c79a891f611a26eef3807a408 /res/res_pjsip.c | |
| parent | 7643dc44b2879964e895b63ea1b15ed00d201738 (diff) | |
res_pjsip: Endpoint IP Access Controls
With the old SIP module we can use IP access controls per peer.
PJSIP module missing this feature.
This patch added next configuration Endpoint options:
"acl" - list of IP ACL section names in acl.conf
"deny" - List of IP addresses to deny access from
"permit" - List of IP addresses to permit access from
"contact_acl" - List of Contact ACL section names in acl.conf
"contact_deny" - List of Contact header addresses to deny
"contact_permit" - List of Contact header addresses to permit
This patch also better logging failed request:
add custom message instead of "No matching endpoint found"
add SIP method to logging
ASTERISK-25900
Change-Id: I456dea3909d929d413864fb347d28578415ebf02
Diffstat (limited to 'res/res_pjsip.c')
| -rw-r--r-- | res/res_pjsip.c | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/res/res_pjsip.c b/res/res_pjsip.c index a3b2d081d..c06b67ecf 100644 --- a/res/res_pjsip.c +++ b/res/res_pjsip.c @@ -849,6 +849,56 @@ channel is hung up. By default this option is set to 0, which means do not check. </para></description> </configOption> + <configOption name="acl"> + <synopsis>List of IP ACL section names in acl.conf</synopsis> + <description><para> + This matches sections configured in <literal>acl.conf</literal>. The value is + defined as a list of comma-delimited section names. + </para></description> + </configOption> + <configOption name="deny"> + <synopsis>List of IP addresses to deny access from</synopsis> + <description><para> + The value is a comma-delimited list of IP addresses. IP addresses may + have a subnet mask appended. The subnet mask may be written in either + CIDR or dotted-decimal notation. Separate the IP address and subnet + mask with a slash ('/') + </para></description> + </configOption> + <configOption name="permit"> + <synopsis>List of IP addresses to permit access from</synopsis> + <description><para> + The value is a comma-delimited list of IP addresses. IP addresses may + have a subnet mask appended. The subnet mask may be written in either + CIDR or dotted-decimal notation. Separate the IP address and subnet + mask with a slash ('/') + </para></description> + </configOption> + <configOption name="contact_acl"> + <synopsis>List of Contact ACL section names in acl.conf</synopsis> + <description><para> + This matches sections configured in <literal>acl.conf</literal>. The value is + defined as a list of comma-delimited section names. + </para></description> + </configOption> + <configOption name="contact_deny"> + <synopsis>List of Contact header addresses to deny</synopsis> + <description><para> + The value is a comma-delimited list of IP addresses. IP addresses may + have a subnet mask appended. The subnet mask may be written in either + CIDR or dotted-decimal notation. Separate the IP address and subnet + mask with a slash ('/') + </para></description> + </configOption> + <configOption name="contact_permit"> + <synopsis>List of Contact header addresses to permit</synopsis> + <description><para> + The value is a comma-delimited list of IP addresses. IP addresses may + have a subnet mask appended. The subnet mask may be written in either + CIDR or dotted-decimal notation. Separate the IP address and subnet + mask with a slash ('/') + </para></description> + </configOption> </configObject> <configObject name="auth"> <synopsis>Authentication type</synopsis> |