diff options
| author | Walter Doekes <walter+asterisk@wjd.nu> | 2017-09-05 16:16:01 +0200 |
|---|---|---|
| committer | Walter Doekes <walter+asterisk@wjd.nu> | 2017-09-05 09:17:32 -0500 |
| commit | f856d9b42ba7471e7eb57dd9221f971e46a234ce (patch) | |
| tree | 349c986cd541edbdac05b3a35493031e7f15539c /res | |
| parent | f556c31aea25e189b1f6dfae0a541e3575a8a9f5 (diff) | |
res/res_pjsip: Standardize/fix localnet checks across pjsip.
In 2dee95cc (ASTERISK-27024) and 776ffd77 (ASTERISK-26879) there was
confusion about whether the transport_state->localnet ACL has ALLOW or
DENY semantics.
For the record: the localnet has DENY semantics, meaning that "not in
the list" means ALLOW, and the local nets are in the list.
Therefore, checks like this look wrong, but are right:
/* See if where we are sending this request is local or not, and if
not that we can get a Contact URI to modify */
if (ast_apply_ha(transport_state->localnet, &addr) != AST_SENSE_ALLOW) {
ast_debug(5, "Request is being sent to local address, "
"skipping NAT manipulation\n");
(In the list == localnet == DENY == skip NAT manipulation.)
And conversely, other checks that looked right, were wrong.
This change adds two macro's to reduce the confusion and uses those
instead:
ast_sip_transport_is_nonlocal(transport_state, addr)
ast_sip_transport_is_local(transport_state, addr)
ASTERISK-27248 #close
Change-Id: Ie7767519eb5a822c4848e531a53c0fd054fae934
Diffstat (limited to 'res')
| -rw-r--r-- | res/res_pjsip/config_transport.c | 4 | ||||
| -rw-r--r-- | res/res_pjsip_nat.c | 2 | ||||
| -rw-r--r-- | res/res_pjsip_sdp_rtp.c | 3 | ||||
| -rw-r--r-- | res/res_pjsip_session.c | 3 | ||||
| -rw-r--r-- | res/res_pjsip_t38.c | 3 |
5 files changed, 7 insertions, 8 deletions
diff --git a/res/res_pjsip/config_transport.c b/res/res_pjsip/config_transport.c index 5f7eafa1c..0c804b82a 100644 --- a/res/res_pjsip/config_transport.c +++ b/res/res_pjsip/config_transport.c @@ -1127,7 +1127,9 @@ static int transport_localnet_handler(const struct aco_option *opt, struct ast_v return 0; } - if (!(state->localnet = ast_append_ha("d", var->value, state->localnet, &error))) { + /* We use only the ast_apply_ha() which defaults to ALLOW + * ("permit"), so we add DENY rules. */ + if (!(state->localnet = ast_append_ha("deny", var->value, state->localnet, &error))) { return -1; } diff --git a/res/res_pjsip_nat.c b/res/res_pjsip_nat.c index 45b0d7ce6..e1d56e6af 100644 --- a/res/res_pjsip_nat.c +++ b/res/res_pjsip_nat.c @@ -267,7 +267,7 @@ static pj_status_t nat_on_tx_message(pjsip_tx_data *tdata) ast_sockaddr_set_port(&addr, tdata->tp_info.dst_port); /* See if where we are sending this request is local or not, and if not that we can get a Contact URI to modify */ - if (ast_apply_ha(transport_state->localnet, &addr) != AST_SENSE_ALLOW) { + if (ast_sip_transport_is_local(transport_state, &addr)) { ast_debug(5, "Request is being sent to local address, skipping NAT manipulation\n"); return PJ_SUCCESS; } diff --git a/res/res_pjsip_sdp_rtp.c b/res/res_pjsip_sdp_rtp.c index b082b1d89..9110a1c42 100644 --- a/res/res_pjsip_sdp_rtp.c +++ b/res/res_pjsip_sdp_rtp.c @@ -1818,8 +1818,7 @@ static void change_outgoing_sdp_stream_media_address(pjsip_tx_data *tdata, struc ast_sockaddr_parse(&addr, host, PARSE_PORT_FORBID); /* Is the address within the SDP inside the same network? */ - if (transport_state->localnet - && ast_apply_ha(transport_state->localnet, &addr) == AST_SENSE_ALLOW) { + if (ast_sip_transport_is_local(transport_state, &addr)) { return; } ast_debug(5, "Setting media address to %s\n", ast_sockaddr_stringify_host(&transport_state->external_media_address)); diff --git a/res/res_pjsip_session.c b/res/res_pjsip_session.c index f6b3b937a..545113f56 100644 --- a/res/res_pjsip_session.c +++ b/res/res_pjsip_session.c @@ -3968,8 +3968,7 @@ static void session_outgoing_nat_hook(pjsip_tx_data *tdata, struct ast_sip_trans ast_copy_pj_str(host, &sdp->conn->addr, sizeof(host)); ast_sockaddr_parse(&addr, host, PARSE_PORT_FORBID); - if (!transport_state->localnet - || ast_apply_ha(transport_state->localnet, &addr) != AST_SENSE_ALLOW) { + if (ast_sip_transport_is_nonlocal(transport_state, &addr)) { ast_debug(5, "Setting external media address to %s\n", ast_sockaddr_stringify_host(&transport_state->external_media_address)); pj_strdup2(tdata->pool, &sdp->conn->addr, ast_sockaddr_stringify_host(&transport_state->external_media_address)); } diff --git a/res/res_pjsip_t38.c b/res/res_pjsip_t38.c index 27eff424a..2e6049341 100644 --- a/res/res_pjsip_t38.c +++ b/res/res_pjsip_t38.c @@ -963,8 +963,7 @@ static void change_outgoing_sdp_stream_media_address(pjsip_tx_data *tdata, struc ast_sockaddr_parse(&addr, host, PARSE_PORT_FORBID); /* Is the address within the SDP inside the same network? */ - if (transport_state->localnet - && ast_apply_ha(transport_state->localnet, &addr) == AST_SENSE_ALLOW) { + if (ast_sip_transport_is_local(transport_state, &addr)) { return; } ast_debug(5, "Setting media address to %s\n", ast_sockaddr_stringify_host(&transport_state->external_media_address)); |