Asterisk - The Open Source Telephony Project  21.4.1
acl.c
Go to the documentation of this file.
1 /*
2  * Asterisk -- An open source telephony toolkit.
3  *
4  * Copyright (C) 1999 - 2012, Digium, Inc.
5  *
6  * Mark Spencer <markster@digium.com>
7  *
8  * See http://www.asterisk.org for more information about
9  * the Asterisk project. Please do not directly contact
10  * any of the maintainers of this project for assistance;
11  * the project provides a web site, mailing lists and IRC
12  * channels for your use.
13  *
14  * This program is free software, distributed under the terms of
15  * the GNU General Public License Version 2. See the LICENSE file
16  * at the top of the source tree.
17  */
18 
19 /*! \file
20  *
21  * \brief Various sorts of access control
22  *
23  * \author Mark Spencer <markster@digium.com>
24  */
25 
26 /*** MODULEINFO
27  <support_level>core</support_level>
28  ***/
29 
30 #include "asterisk.h"
31 
32 #include "asterisk/network.h"
33 
34 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__Darwin__)
35 #include <fcntl.h>
36 #include <net/route.h>
37 #endif
38 
39 #if defined(SOLARIS)
40 #include <sys/sockio.h>
41 #include <net/if.h>
42 #elif defined(HAVE_GETIFADDRS)
43 #include <ifaddrs.h>
44 #endif
45 
46 #include "asterisk/acl.h"
47 #include "asterisk/channel.h"
48 #include "asterisk/utils.h"
49 #include "asterisk/lock.h"
50 #include "asterisk/srv.h"
51 #include "asterisk/cli.h"
52 
53 #if (!defined(SOLARIS) && !defined(HAVE_GETIFADDRS))
54 static int get_local_address(struct ast_sockaddr *ourip)
55 {
56  return -1;
57 }
58 #else
59 static void score_address(const struct sockaddr_in *sin, struct in_addr *best_addr, int *best_score)
60 {
61  const char *address;
62  int score;
63 
64  address = ast_inet_ntoa(sin->sin_addr);
65 
66  /* RFC 1700 alias for the local network */
67  if (address[0] == '0') {
68  score = -25;
69  /* RFC 1700 localnet */
70  } else if (strncmp(address, "127", 3) == 0) {
71  score = -20;
72  /* RFC 1918 non-public address space */
73  } else if (strncmp(address, "10.", 3) == 0) {
74  score = -5;
75  /* RFC 1918 non-public address space */
76  } else if (strncmp(address, "172", 3) == 0) {
77  /* 172.16.0.0 - 172.19.255.255, but not 172.160.0.0 - 172.169.255.255 */
78  if (address[4] == '1' && address[5] >= '6' && address[6] == '.') {
79  score = -5;
80  /* 172.20.0.0 - 172.29.255.255, but not 172.200.0.0 - 172.255.255.255 nor 172.2.0.0 - 172.2.255.255 */
81  } else if (address[4] == '2' && address[6] == '.') {
82  score = -5;
83  /* 172.30.0.0 - 172.31.255.255, but not 172.3.0.0 - 172.3.255.255 */
84  } else if (address[4] == '3' && (address[5] == '0' || address[5] == '1')) {
85  score = -5;
86  /* All other 172 addresses are public */
87  } else {
88  score = 0;
89  }
90  /* RFC 2544 Benchmark test range (198.18.0.0 - 198.19.255.255, but not 198.180.0.0 - 198.199.255.255) */
91  } else if (strncmp(address, "198.1", 5) == 0 && address[5] >= '8' && address[6] == '.') {
92  score = -10;
93  /* RFC 1918 non-public address space */
94  } else if (strncmp(address, "192.168", 7) == 0) {
95  score = -5;
96  /* RFC 3330 Zeroconf network */
97  } else if (strncmp(address, "169.254", 7) == 0) {
98  /*!\note Better score than a test network, but not quite as good as RFC 1918
99  * address space. The reason is that some Linux distributions automatically
100  * configure a Zeroconf address before trying DHCP, so we want to prefer a
101  * DHCP lease to a Zeroconf address.
102  */
103  score = -10;
104  /* RFC 3330 Test network */
105  } else if (strncmp(address, "192.0.2.", 8) == 0) {
106  score = -15;
107  /* Every other address should be publically routable */
108  } else {
109  score = 0;
110  }
111 
112  if (score > *best_score) {
113  *best_score = score;
114  memcpy(best_addr, &sin->sin_addr, sizeof(*best_addr));
115  }
116 }
117 
118 static int get_local_address(struct ast_sockaddr *ourip)
119 {
120  int s, res = -1;
121 #ifdef SOLARIS
122  struct lifreq *ifr = NULL;
123  struct lifnum ifn;
124  struct lifconf ifc;
125  struct sockaddr_in *sa;
126  char *buf = NULL;
127  int bufsz, x;
128 #endif /* SOLARIS */
129 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__) || defined(__GLIBC__)
130  struct ifaddrs *ifap, *ifaphead;
131  int rtnerr;
132  const struct sockaddr_in *sin;
133 #endif /* BSD_OR_LINUX */
134  struct in_addr best_addr;
135  int best_score = -100;
136  memset(&best_addr, 0, sizeof(best_addr));
137 
138 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__) || defined(__GLIBC__)
139  rtnerr = getifaddrs(&ifaphead);
140  if (rtnerr) {
141  perror(NULL);
142  return -1;
143  }
144 #endif /* BSD_OR_LINUX */
145 
146  s = socket(AF_INET, SOCK_STREAM, 0);
147 
148  if (s > 0) {
149 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__) || defined(__GLIBC__)
150  for (ifap = ifaphead; ifap; ifap = ifap->ifa_next) {
151 
152  if (ifap->ifa_addr && ifap->ifa_addr->sa_family == AF_INET) {
153  sin = (const struct sockaddr_in *) ifap->ifa_addr;
154  score_address(sin, &best_addr, &best_score);
155  res = 0;
156 
157  if (best_score == 0) {
158  break;
159  }
160  }
161  }
162 #endif /* BSD_OR_LINUX */
163 
164  /* There is no reason whatsoever that this shouldn't work on Linux or BSD also. */
165 #ifdef SOLARIS
166  /* Get a count of interfaces on the machine */
167  ifn.lifn_family = AF_INET;
168  ifn.lifn_flags = 0;
169  ifn.lifn_count = 0;
170  if (ioctl(s, SIOCGLIFNUM, &ifn) < 0) {
171  close(s);
172  return -1;
173  }
174 
175  bufsz = ifn.lifn_count * sizeof(struct lifreq);
176  if (!(buf = ast_malloc(bufsz))) {
177  close(s);
178  return -1;
179  }
180  memset(buf, 0, bufsz);
181 
182  /* Get a list of interfaces on the machine */
183  ifc.lifc_len = bufsz;
184  ifc.lifc_buf = buf;
185  ifc.lifc_family = AF_INET;
186  ifc.lifc_flags = 0;
187  if (ioctl(s, SIOCGLIFCONF, &ifc) < 0) {
188  close(s);
189  ast_free(buf);
190  return -1;
191  }
192 
193  for (ifr = ifc.lifc_req, x = 0; x < ifn.lifn_count; ifr++, x++) {
194  sa = (struct sockaddr_in *)&(ifr->lifr_addr);
195  score_address(sa, &best_addr, &best_score);
196  res = 0;
197 
198  if (best_score == 0) {
199  break;
200  }
201  }
202 
203  ast_free(buf);
204 #endif /* SOLARIS */
205 
206  close(s);
207  }
208 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__)
209  freeifaddrs(ifaphead);
210 #endif /* BSD_OR_LINUX */
211 
212  if (res == 0 && ourip) {
213  ast_sockaddr_setnull(ourip);
214  ourip->ss.ss_family = AF_INET;
215  ((struct sockaddr_in *)&ourip->ss)->sin_addr = best_addr;
216  }
217  return res;
218 }
219 #endif /* HAVE_GETIFADDRS */
220 
221 /* Free HA structure */
222 void ast_free_ha(struct ast_ha *ha)
223 {
224  struct ast_ha *hal;
225  while (ha) {
226  hal = ha;
227  ha = ha->next;
228  ast_free(hal);
229  }
230 }
231 
232 /* Free ACL list structure */
233 struct ast_acl_list *ast_free_acl_list(struct ast_acl_list *acl_list)
234 {
235  struct ast_acl *current;
236 
237  if (!acl_list) {
238  return NULL;
239  }
240 
241  AST_LIST_LOCK(acl_list);
242  while ((current = AST_LIST_REMOVE_HEAD(acl_list, list))) {
243  ast_free_ha(current->acl);
244  ast_free(current);
245  }
246  AST_LIST_UNLOCK(acl_list);
247 
248  AST_LIST_HEAD_DESTROY(acl_list);
249  ast_free(acl_list);
250 
251  return NULL;
252 }
253 
254 /* Copy HA structure */
255 void ast_copy_ha(const struct ast_ha *from, struct ast_ha *to)
256 {
257  ast_sockaddr_copy(&to->addr, &from->addr);
258  ast_sockaddr_copy(&to->netmask, &from->netmask);
259  to->sense = from->sense;
260 }
261 
262 /* Create duplicate of ha structure */
263 static struct ast_ha *ast_duplicate_ha(struct ast_ha *original)
264 {
265  struct ast_ha *new_ha;
266 
267  if ((new_ha = ast_calloc(1, sizeof(*new_ha)))) {
268  /* Copy from original to new object */
269  ast_copy_ha(original, new_ha);
270  }
271 
272  return new_ha;
273 }
274 
275 /* Create duplicate HA link list */
276 struct ast_ha *ast_duplicate_ha_list(struct ast_ha *original)
277 {
278  struct ast_ha *start = original;
279  struct ast_ha *ret = NULL;
280  struct ast_ha *current, *prev = NULL;
281 
282  while (start) {
283  current = ast_duplicate_ha(start); /* Create copy of this object */
284  if (!current) {
285  ast_free_ha(ret);
286 
287  return NULL;
288  }
289 
290  if (prev) {
291  prev->next = current; /* Link previous to this object */
292  }
293 
294  if (!ret) {
295  ret = current; /* Save starting point */
296  }
297 
298  start = start->next; /* Go to next object */
299  prev = current; /* Save pointer to this object */
300  }
301  return ret; /* Return start of list */
302 }
303 
304 static int acl_new(struct ast_acl **pointer, const char *name) {
305  struct ast_acl *acl;
306  if (!(acl = ast_calloc(1, sizeof(*acl)))) {
307  return 1;
308  }
309 
310  *pointer = acl;
311  ast_copy_string(acl->name, name, ACL_NAME_LENGTH);
312  return 0;
313 }
314 
316 {
317  struct ast_acl_list *clone;
318  struct ast_acl *current_cursor;
319  struct ast_acl *current_clone;
320 
321  /* Early return if we receive a duplication request for a NULL original. */
322  if (!original) {
323  return NULL;
324  }
325 
326  if (!(clone = ast_calloc(1, sizeof(*clone)))) {
327  ast_log(LOG_ERROR, "Failed to allocate ast_acl_list struct while cloning an ACL\n");
328  return NULL;
329  }
330  AST_LIST_HEAD_INIT(clone);
331 
332  AST_LIST_LOCK(original);
333 
334  AST_LIST_TRAVERSE(original, current_cursor, list) {
335  if ((acl_new(&current_clone, current_cursor->name))) {
336  ast_log(LOG_ERROR, "Failed to allocate ast_acl struct while cloning an ACL.\n");
337  ast_free_acl_list(clone);
338  clone = NULL;
339  break;
340  }
341 
342  /* Copy data from original ACL to clone ACL */
343  current_clone->acl = ast_duplicate_ha_list(current_cursor->acl);
344 
345  current_clone->is_invalid = current_cursor->is_invalid;
346  current_clone->is_realtime = current_cursor->is_realtime;
347 
348  AST_LIST_INSERT_TAIL(clone, current_clone, list);
349 
350  if (current_cursor->acl && !current_clone->acl) {
351  /* Deal with failure after adding to clone so we don't have to free
352  * current_clone separately. */
353  ast_log(LOG_ERROR, "Failed to duplicate HA list while cloning ACL.\n");
354  ast_free_acl_list(clone);
355  clone = NULL;
356  break;
357  }
358  }
359 
360  AST_LIST_UNLOCK(original);
361 
362  return clone;
363 }
364 
365 /*!
366  * \brief
367  * Parse a netmask in CIDR notation
368  *
369  * \details
370  * For a mask of an IPv4 address, this should be a number between 0 and 32. For
371  * a mask of an IPv6 address, this should be a number between 0 and 128. This
372  * function creates an IPv6 ast_sockaddr from the given netmask. For masks of
373  * IPv4 addresses, this is accomplished by adding 96 to the original netmask.
374  *
375  * \param[out] addr The ast_sockaddr produced from the CIDR netmask
376  * \param is_v4 Tells if the address we are masking is IPv4.
377  * \param mask_str The CIDR mask to convert
378  * \retval -1 Failure
379  * \retval 0 Success
380  */
381 static int parse_cidr_mask(struct ast_sockaddr *addr, int is_v4, const char *mask_str)
382 {
383  int mask;
384 
385  if (sscanf(mask_str, "%30d", &mask) != 1) {
386  return -1;
387  }
388 
389  if (is_v4) {
390  struct sockaddr_in sin;
391  if (mask < 0 || mask > 32) {
392  return -1;
393  }
394  memset(&sin, 0, sizeof(sin));
395  sin.sin_family = AF_INET;
396  /* If mask is 0, then we already have the
397  * appropriate all 0s address in sin from
398  * the above memset.
399  */
400  if (mask != 0) {
401  sin.sin_addr.s_addr = htonl(0xFFFFFFFF << (32 - mask));
402  }
403  ast_sockaddr_from_sin(addr, &sin);
404  } else {
405  struct sockaddr_in6 sin6;
406  int i;
407  if (mask < 0 || mask > 128) {
408  return -1;
409  }
410  memset(&sin6, 0, sizeof(sin6));
411  sin6.sin6_family = AF_INET6;
412  for (i = 0; i < 4; ++i) {
413  /* Once mask reaches 0, we don't have
414  * to explicitly set anything anymore
415  * since sin6 was zeroed out already
416  */
417  if (mask > 0) {
418  V6_WORD(&sin6, i) = htonl(0xFFFFFFFF << (mask < 32 ? (32 - mask) : 0));
419  mask -= mask < 32 ? mask : 32;
420  }
421  }
422  memcpy(&addr->ss, &sin6, sizeof(sin6));
423  addr->len = sizeof(sin6);
424  }
425 
426  return 0;
427 }
428 
429 void ast_append_acl(const char *sense, const char *stuff, struct ast_acl_list **path, int *error, int *named_acl_flag)
430 {
431  struct ast_acl *acl = NULL;
432  struct ast_acl *current;
433  struct ast_acl_list *working_list;
434 
435  char *tmp, *list;
436 
437  /* If the ACL list is currently uninitialized, it must be initialized. */
438  if (*path == NULL) {
439  struct ast_acl_list *list;
440  list = ast_calloc(1, sizeof(*list));
441  if (!list) {
442  /* Allocation Error */
443  if (error) {
444  *error = 1;
445  }
446  return;
447  }
448 
449  AST_LIST_HEAD_INIT(list);
450  *path = list;
451  }
452 
453  working_list = *path;
454 
455  AST_LIST_LOCK(working_list);
456 
457  /* First we need to determine if we will need to add a new ACL node or if we can use an existing one. */
458  if (strncasecmp(sense, "a", 1)) {
459  /* The first element in the path should be the unnamed, base ACL. If that's the case, we use it. If not,
460  * we have to make one and link it up appropriately. */
461  current = AST_LIST_FIRST(working_list);
462 
463  if (!current || !ast_strlen_zero(current->name)) {
464  if (acl_new(&acl, "")) {
465  if (error) {
466  *error = 1;
467  }
468  AST_LIST_UNLOCK(working_list);
469  return;
470  }
471  // Need to INSERT the ACL at the head here.
472  AST_LIST_INSERT_HEAD(working_list, acl, list);
473  } else {
474  /* If the first element was already the unnamed base ACL, we just use that one. */
475  acl = current;
476  }
477 
478  /* With the proper ACL set for modification, we can just pass this off to the ast_ha append function. */
479  acl->acl = ast_append_ha(sense, stuff, acl->acl, error);
480 
481  AST_LIST_UNLOCK(working_list);
482  return;
483  }
484 
485  /* We are in ACL append mode, so we know we'll be adding one or more named ACLs. */
486  list = ast_strdupa(stuff);
487 
488  while ((tmp = strsep(&list, ","))) {
489  struct ast_ha *named_ha;
490  int already_included = 0;
491 
492  /* Remove leading whitespace from the string in case the user put spaces between items */
493  tmp = ast_skip_blanks(tmp);
494 
495  /* The first step is to check for a duplicate */
496  AST_LIST_TRAVERSE(working_list, current, list) {
497  if (!strcasecmp(current->name, tmp)) { /* ACL= */
498  /* Inclusion of the same ACL multiple times isn't a catastrophic error, but it will raise the error flag and skip the entry. */
499  ast_log(LOG_ERROR, "Named ACL '%s' occurs multiple times in ACL definition. "
500  "Please update your ACL configuration.\n", tmp);
501  if (error) {
502  *error = 1;
503  }
504  already_included = 1;
505  break;
506  }
507  }
508 
509  if (already_included) {
510  continue;
511  }
512 
513  if (acl_new(&acl, tmp)) {
514  /* This is a catastrophic allocation error and we'll return immediately if this happens. */
515  if (error) {
516  *error = 1;
517  }
518  AST_LIST_UNLOCK(working_list);
519  return;
520  }
521 
522  /* Attempt to grab the Named ACL we are looking for. */
523  named_ha = ast_named_acl_find(tmp, &acl->is_realtime, &acl->is_invalid);
524 
525  /* Set the ACL's ast_ha to the duplicated named ACL retrieved above. */
526  acl->acl = named_ha;
527 
528  /* Raise the named_acl_flag since we are adding a named ACL to the ACL container. */
529  if (named_acl_flag) {
530  *named_acl_flag = 1;
531  }
532 
533  /* Now insert the new ACL at the end of the list. */
534  AST_LIST_INSERT_TAIL(working_list, acl, list);
535  }
536 
537  AST_LIST_UNLOCK(working_list);
538 }
539 
540 int ast_acl_list_is_empty(struct ast_acl_list *acl_list)
541 {
542  struct ast_acl *head;
543 
544  if (!acl_list) {
545  return 1;
546  }
547 
548  AST_LIST_LOCK(acl_list);
549  head = AST_LIST_FIRST(acl_list);
550  AST_LIST_UNLOCK(acl_list);
551 
552  if (head) {
553  return 0;
554  }
555 
556  return 1;
557 }
558 
559 /*!
560  * \internal
561  * \brief Used by ast_append_ha to avoid ast_strdupa in a loop.
562  *
563  * \note This function is only called at debug level 3 and higher.
564  */
565 static void debug_ha_sense_appended(struct ast_ha *ha)
566 {
567  const char *parsed_mask = ast_strdupa(ast_sockaddr_stringify(&ha->netmask));
568 
569  ast_log(LOG_DEBUG, "%s/%s sense %u appended to ACL\n",
570  ast_sockaddr_stringify(&ha->addr),
571  parsed_mask,
572  ha->sense);
573 }
574 
575 static struct ast_ha *append_ha_core(const char *sense, const char *stuff, struct ast_ha *path, int *error, int port_flags)
576 {
577  struct ast_ha *ha;
578  struct ast_ha *prev = NULL;
579  struct ast_ha *ret;
580  char *tmp, *list = ast_strdupa(stuff ?: "");
581  char *address = NULL, *mask = NULL;
582  int addr_is_v4;
583  int allowing = strncasecmp(sense, "p", 1) ? AST_SENSE_DENY : AST_SENSE_ALLOW;
584 
585  ret = path;
586  while (path) {
587  prev = path;
588  path = path->next;
589  }
590 
591  while ((tmp = strsep(&list, ","))) {
592  uint16_t save_port;
593 
594  if (!(ha = ast_calloc(1, sizeof(*ha)))) {
595  if (error) {
596  *error = 1;
597  }
598  return ret;
599  }
600 
601  address = strsep(&tmp, "/");
602  if (!address) {
603  address = tmp;
604  } else {
605  mask = tmp;
606  }
607 
608  if (*address == '!') {
609  ha->sense = (allowing == AST_SENSE_DENY) ? AST_SENSE_ALLOW : AST_SENSE_DENY;
610  address++;
611  } else {
612  ha->sense = allowing;
613  }
614 
615  if (!ast_sockaddr_parse(&ha->addr, address, port_flags)) {
616  ast_log(LOG_WARNING, "Invalid IP address: %s\n", address);
617  ast_free_ha(ha);
618  if (error) {
619  *error = 1;
620  }
621  return ret;
622  }
623 
624  /* Be pedantic and zero out the port if we don't want it */
625  if ((port_flags & PARSE_PORT_MASK) == PARSE_PORT_FORBID) {
626  ast_sockaddr_set_port(&ha->addr, 0);
627  }
628 
629  /* If someone specifies an IPv4-mapped IPv6 address,
630  * we just convert this to an IPv4 ACL
631  */
632  if (ast_sockaddr_ipv4_mapped(&ha->addr, &ha->addr)) {
633  ast_log(LOG_NOTICE, "IPv4-mapped ACL network address specified. "
634  "Converting to an IPv4 ACL network address.\n");
635  }
636 
637  addr_is_v4 = ast_sockaddr_is_ipv4(&ha->addr);
638 
639  if (!mask) {
640  parse_cidr_mask(&ha->netmask, addr_is_v4, addr_is_v4 ? "32" : "128");
641  } else if (strchr(mask, ':') || strchr(mask, '.')) {
642  int mask_is_v4;
643  /* Mask is of x.x.x.x or x:x:x:x:x:x:x:x variety */
644  if (!ast_sockaddr_parse(&ha->netmask, mask, PARSE_PORT_FORBID)) {
645  ast_log(LOG_WARNING, "Invalid netmask: %s\n", mask);
646  ast_free_ha(ha);
647  if (error) {
648  *error = 1;
649  }
650  return ret;
651  }
652  /* If someone specifies an IPv4-mapped IPv6 netmask,
653  * we just convert this to an IPv4 ACL
654  */
655  if (ast_sockaddr_ipv4_mapped(&ha->netmask, &ha->netmask)) {
656  ast_log(LOG_NOTICE, "IPv4-mapped ACL netmask specified. "
657  "Converting to an IPv4 ACL netmask.\n");
658  }
659  mask_is_v4 = ast_sockaddr_is_ipv4(&ha->netmask);
660  if (addr_is_v4 ^ mask_is_v4) {
661  ast_log(LOG_WARNING, "Address and mask are not using same address scheme.\n");
662  ast_free_ha(ha);
663  if (error) {
664  *error = 1;
665  }
666  return ret;
667  }
668  } else if (parse_cidr_mask(&ha->netmask, addr_is_v4, mask)) {
669  ast_log(LOG_WARNING, "Invalid CIDR netmask: %s\n", mask);
670  ast_free_ha(ha);
671  if (error) {
672  *error = 1;
673  }
674  return ret;
675  }
676 
677  /* ast_sockaddr_apply_netmask() does not preserve the port, so we need to save and
678  * restore it */
679  save_port = ast_sockaddr_port(&ha->addr);
680 
681  if (ast_sockaddr_apply_netmask(&ha->addr, &ha->netmask, &ha->addr)) {
682  /* This shouldn't happen because ast_sockaddr_parse would
683  * have failed much earlier on an unsupported address scheme
684  */
685  char *failmask = ast_strdupa(ast_sockaddr_stringify(&ha->netmask));
686  char *failaddr = ast_strdupa(ast_sockaddr_stringify(&ha->addr));
687  ast_log(LOG_WARNING, "Unable to apply netmask %s to address %s\n", failmask, failaddr);
688  ast_free_ha(ha);
689  if (error) {
690  *error = 1;
691  }
692  return ret;
693  }
694 
695  ast_sockaddr_set_port(&ha->addr, save_port);
696 
697  if (prev) {
698  prev->next = ha;
699  } else {
700  ret = ha;
701  }
702  prev = ha;
703 
704  if (DEBUG_ATLEAST(3)) {
705  debug_ha_sense_appended(ha);
706  }
707  }
708 
709  return ret;
710 }
711 
712 struct ast_ha *ast_append_ha(const char *sense, const char *stuff, struct ast_ha *path, int *error)
713 {
714  return append_ha_core(sense, stuff, path, error, PARSE_PORT_FORBID);
715 }
716 
717 struct ast_ha *ast_append_ha_with_port(const char *sense, const char *stuff, struct ast_ha *path, int *error)
718 {
719  return append_ha_core(sense, stuff, path, error, 0);
720 }
721 
722 void ast_ha_join(const struct ast_ha *ha, struct ast_str **buf)
723 {
724  for (; ha; ha = ha->next) {
725  const char *addr;
726 
727  if (ast_sockaddr_port(&ha->addr)) {
728  addr = ast_sockaddr_stringify(&ha->addr);
729  } else {
730  addr = ast_sockaddr_stringify_addr(&ha->addr);
731  }
732 
733  ast_str_append(buf, 0, "%s%s/",
734  ha->sense == AST_SENSE_ALLOW ? "!" : "",
735  addr);
736  /* Separated to avoid duplicating stringified addresses. */
737  ast_str_append(buf, 0, "%s", ast_sockaddr_stringify_addr(&ha->netmask));
738  if (ha->next) {
739  ast_str_append(buf, 0, ",");
740  }
741  }
742 }
743 
744 void ast_ha_join_cidr(const struct ast_ha *ha, struct ast_str **buf)
745 {
746  for (; ha; ha = ha->next) {
747  const char *addr = ast_sockaddr_stringify_addr(&ha->addr);
748  ast_str_append(buf, 0, "%s%s/%d",
749  ha->sense == AST_SENSE_ALLOW ? "!" : "",
750  addr, ast_sockaddr_cidr_bits(&ha->netmask));
751  if (ha->next) {
752  ast_str_append(buf, 0, ",");
753  }
754  }
755 }
756 
757 static enum ast_acl_sense ast_apply_acl_internal(struct ast_acl_list *acl_list, const struct ast_sockaddr *addr, const char *log_prefix)
758 {
759  struct ast_acl *acl;
760 
761  /* If the list is NULL, there are no rules, so we'll allow automatically. */
762  if (!acl_list) {
763  return AST_SENSE_ALLOW;
764  }
765 
766  AST_LIST_LOCK(acl_list);
767 
768  AST_LIST_TRAVERSE(acl_list, acl, list) {
769  if (acl->is_invalid) {
770  /* In this case, the baseline ACL shouldn't ever trigger this, but if that somehow happens, it'll still be shown. */
771  if (log_prefix) {
772  ast_log(LOG_WARNING, "%sRejecting '%s' due to use of an invalid ACL '%s'.\n",
773  log_prefix, ast_sockaddr_stringify_addr(addr),
774  ast_strlen_zero(acl->name) ? "(BASELINE)" : acl->name);
775  }
776  AST_LIST_UNLOCK(acl_list);
777  return AST_SENSE_DENY;
778  }
779 
780  if (acl->acl) {
781  if (ast_apply_ha(acl->acl, addr) == AST_SENSE_DENY) {
782  if (log_prefix) {
783  ast_log(LOG_NOTICE, "%sRejecting '%s' due to a failure to pass ACL '%s'\n",
784  log_prefix, ast_sockaddr_stringify_addr(addr),
785  ast_strlen_zero(acl->name) ? "(BASELINE)" : acl->name);
786  }
787  AST_LIST_UNLOCK(acl_list);
788  return AST_SENSE_DENY;
789  }
790  }
791  }
792 
793  AST_LIST_UNLOCK(acl_list);
794 
795  return AST_SENSE_ALLOW;
796 }
797 
798 
799 enum ast_acl_sense ast_apply_acl(struct ast_acl_list *acl_list, const struct ast_sockaddr *addr, const char *purpose) {
800  return ast_apply_acl_internal(acl_list, addr, purpose ?: "");
801 }
802 
803 enum ast_acl_sense ast_apply_acl_nolog(struct ast_acl_list *acl_list, const struct ast_sockaddr *addr) {
804  return ast_apply_acl_internal(acl_list, addr, NULL);
805 }
806 
807 enum ast_acl_sense ast_apply_ha(const struct ast_ha *ha, const struct ast_sockaddr *addr)
808 {
809  /* Start optimistic */
810  enum ast_acl_sense res = AST_SENSE_ALLOW;
811  const struct ast_ha *current_ha;
812 
813  for (current_ha = ha; current_ha; current_ha = current_ha->next) {
814  struct ast_sockaddr result;
815  struct ast_sockaddr mapped_addr;
816  const struct ast_sockaddr *addr_to_use;
817  uint16_t save_port;
818 #if 0 /* debugging code */
819  char iabuf[INET_ADDRSTRLEN];
820  char iabuf2[INET_ADDRSTRLEN];
821  /* DEBUG */
822  ast_copy_string(iabuf, ast_sockaddr_stringify(addr), sizeof(iabuf));
823  ast_copy_string(iabuf2, ast_sockaddr_stringify(&current_ha->addr), sizeof(iabuf2));
824  ast_debug(1, "##### Testing %s with %s\n", iabuf, iabuf2);
825 #endif
826  if (ast_sockaddr_is_ipv4(&current_ha->addr)) {
827  if (ast_sockaddr_is_ipv6(addr)) {
828  if (ast_sockaddr_is_ipv4_mapped(addr)) {
829  /* IPv4 ACLs apply to IPv4-mapped addresses */
830  if (!ast_sockaddr_ipv4_mapped(addr, &mapped_addr)) {
831  ast_log(LOG_ERROR, "%s provided to ast_sockaddr_ipv4_mapped could not be converted. That shouldn't be possible.\n",
832  ast_sockaddr_stringify(addr));
833  continue;
834  }
835  addr_to_use = &mapped_addr;
836  } else {
837  /* An IPv4 ACL does not apply to an IPv6 address */
838  continue;
839  }
840  } else {
841  /* Address is IPv4 and ACL is IPv4. No biggie */
842  addr_to_use = addr;
843  }
844  } else {
846  addr_to_use = addr;
847  } else {
848  /* Address is IPv4 or IPv4 mapped but ACL is IPv6. Skip */
849  continue;
850  }
851  }
852 
853  /* ast_sockaddr_apply_netmask() does not preserve the port, so we need to save and
854  * restore it */
855  save_port = ast_sockaddr_port(addr_to_use);
856 
857  /* For each rule, if this address and the netmask = the net address
858  apply the current rule */
859  if (ast_sockaddr_apply_netmask(addr_to_use, &current_ha->netmask, &result)) {
860  /* Unlikely to happen since we know the address to be IPv4 or IPv6 */
861  continue;
862  }
863 
864  ast_sockaddr_set_port(&result, save_port);
865 
866  if (!ast_sockaddr_cmp_addr(&result, &current_ha->addr)
867  && (!ast_sockaddr_port(&current_ha->addr)
868  || ast_sockaddr_port(&current_ha->addr) == ast_sockaddr_port(&result))) {
869  res = current_ha->sense;
870  }
871  }
872  return res;
873 }
874 
875 static int resolve_first(struct ast_sockaddr *addr, const char *name, int flag,
876  int family)
877 {
878  struct ast_sockaddr *addrs;
879  int addrs_cnt;
880 
881  addrs_cnt = ast_sockaddr_resolve(&addrs, name, flag, family);
882  if (addrs_cnt > 0) {
883  if (addrs_cnt > 1) {
884  ast_debug(1, "Multiple addresses. Using the first only\n");
885  }
886  ast_sockaddr_copy(addr, &addrs[0]);
887  ast_free(addrs);
888  } else {
889  ast_log(LOG_WARNING, "Unable to lookup '%s'\n", name);
890  return -1;
891  }
892 
893  return 0;
894 }
895 
896 int ast_get_ip_or_srv(struct ast_sockaddr *addr, const char *hostname, const char *service)
897 {
898  char srv[256];
899  char host[256];
900  int srv_ret = 0;
901  int tportno;
902 
903  if (service) {
904  snprintf(srv, sizeof(srv), "%s.%s", service, hostname);
905  if ((srv_ret = ast_get_srv(NULL, host, sizeof(host), &tportno, srv)) > 0) {
906  hostname = host;
907  }
908  }
909 
910  if (resolve_first(addr, hostname, PARSE_PORT_FORBID, addr->ss.ss_family) != 0) {
911  return -1;
912  }
913 
914  if (srv_ret > 0) {
915  ast_sockaddr_set_port(addr, tportno);
916  }
917 
918  return 0;
919 }
920 
922  char *name;
923  unsigned int space;
924 };
925 
926 /* IANA registered DSCP codepoints */
927 
928 static const struct dscp_codepoint dscp_pool1[] = {
929  { "CS0", 0x00 },
930  { "CS1", 0x08 },
931  { "CS2", 0x10 },
932  { "CS3", 0x18 },
933  { "CS4", 0x20 },
934  { "CS5", 0x28 },
935  { "CS6", 0x30 },
936  { "CS7", 0x38 },
937  { "AF11", 0x0A },
938  { "AF12", 0x0C },
939  { "AF13", 0x0E },
940  { "AF21", 0x12 },
941  { "AF22", 0x14 },
942  { "AF23", 0x16 },
943  { "AF31", 0x1A },
944  { "AF32", 0x1C },
945  { "AF33", 0x1E },
946  { "AF41", 0x22 },
947  { "AF42", 0x24 },
948  { "AF43", 0x26 },
949  { "EF", 0x2E },
950 };
951 
952 int ast_str2cos(const char *value, unsigned int *cos)
953 {
954  int fval;
955 
956  if (sscanf(value, "%30d", &fval) == 1) {
957  if (fval < 8) {
958  *cos = fval;
959  return 0;
960  }
961  }
962 
963  return -1;
964 }
965 
966 int ast_str2tos(const char *value, unsigned int *tos)
967 {
968  int fval;
969  unsigned int x;
970 
971  if (sscanf(value, "%30i", &fval) == 1) {
972  *tos = fval & 0xFF;
973  return 0;
974  }
975 
976  for (x = 0; x < ARRAY_LEN(dscp_pool1); x++) {
977  if (!strcasecmp(value, dscp_pool1[x].name)) {
978  *tos = dscp_pool1[x].space << 2;
979  return 0;
980  }
981  }
982 
983  return -1;
984 }
985 
986 const char *ast_tos2str(unsigned int tos)
987 {
988  unsigned int x;
989 
990  for (x = 0; x < ARRAY_LEN(dscp_pool1); x++) {
991  if (dscp_pool1[x].space == (tos >> 2)) {
992  return dscp_pool1[x].name;
993  }
994  }
995 
996  return "unknown";
997 }
998 
999 int ast_get_ip(struct ast_sockaddr *addr, const char *hostname)
1000 {
1001  return ast_get_ip_or_srv(addr, hostname, NULL);
1002 }
1003 
1004 int ast_ouraddrfor(const struct ast_sockaddr *them, struct ast_sockaddr *us)
1005 {
1006  /*
1007  * We must create the errno string before creating the address
1008  * string because it could wipe out errno on the error return
1009  * paths.
1010  */
1011  const char *sock_err;
1012  int port;
1013  int s;
1014 
1015  /* Preserve our original address port */
1016  port = ast_sockaddr_port(us);
1017 
1018  s = socket(ast_sockaddr_is_ipv6(them) ? AF_INET6 : AF_INET, SOCK_DGRAM, 0);
1019  if (s < 0) {
1020  sock_err = ast_strdupa(strerror(errno));
1021  ast_log(LOG_ERROR, "Cannot create socket to %s: %s\n",
1022  ast_sockaddr_stringify_addr(them), sock_err);
1023  return -1;
1024  }
1025 
1026  if (ast_connect(s, them)) {
1027  sock_err = ast_strdupa(strerror(errno));
1028  ast_log(LOG_WARNING, "Cannot connect to %s: %s\n",
1029  ast_sockaddr_stringify_addr(them), sock_err);
1030  close(s);
1031  return -1;
1032  }
1033  if (ast_getsockname(s, us)) {
1034  sock_err = ast_strdupa(strerror(errno));
1035  ast_log(LOG_WARNING, "Cannot get socket name for connection to %s: %s\n",
1036  ast_sockaddr_stringify_addr(them), sock_err);
1037  close(s);
1038  return -1;
1039  }
1040  close(s);
1041 
1042  ast_sockaddr_set_port(us, port);
1043 
1044  ast_debug(3, "For destination '%s', our source address is '%s'.\n",
1047 
1048  return 0;
1049 }
1050 
1051 int ast_find_ourip(struct ast_sockaddr *ourip, const struct ast_sockaddr *bindaddr, int family)
1052 {
1053  char ourhost[MAXHOSTNAMELEN] = "";
1054  struct ast_sockaddr root;
1055  int res, port = ast_sockaddr_port(ourip);
1056 
1057  /* just use the bind address if it is nonzero */
1058  if (!ast_sockaddr_is_any(bindaddr)) {
1059  ast_sockaddr_copy(ourip, bindaddr);
1060  ast_debug(3, "Attached to given IP address\n");
1061  return 0;
1062  }
1063  /* try to use our hostname */
1064  if (gethostname(ourhost, sizeof(ourhost) - 1)) {
1065  ast_log(LOG_WARNING, "Unable to get hostname\n");
1066  } else {
1067  if (resolve_first(ourip, ourhost, PARSE_PORT_FORBID, family) == 0) {
1068  /* reset port since resolve_first wipes this out */
1069  ast_sockaddr_set_port(ourip, port);
1070  return 0;
1071  }
1072  }
1073  ast_debug(3, "Trying to check A.ROOT-SERVERS.NET and get our IP address for that connection\n");
1074  /* A.ROOT-SERVERS.NET. */
1075  if (!resolve_first(&root, "A.ROOT-SERVERS.NET", PARSE_PORT_FORBID, 0) &&
1076  !ast_ouraddrfor(&root, ourip)) {
1077  /* reset port since resolve_first wipes this out */
1078  ast_sockaddr_set_port(ourip, port);
1079  return 0;
1080  }
1081  res = get_local_address(ourip);
1082  ast_sockaddr_set_port(ourip, port);
1083  return res;
1084 }
1085 
1086 void ast_ha_output(int fd, const struct ast_ha *ha, const char *prefix)
1087 {
1088  char addr[AST_SOCKADDR_BUFLEN];
1089  char *mask;
1090  int index = 0;
1091  for (; ha; ha = ha->next, ++index) {
1092  strcpy(addr, ast_sockaddr_stringify_addr(&ha->addr));
1093  mask = ast_sockaddr_stringify_addr(&ha->netmask);
1094  ast_cli(fd, "%s%3d: %s - %s/%s\n", prefix ?: "", index, ha->sense == AST_SENSE_ALLOW ? "allow" : " deny", addr, mask);
1095  }
1096 }
1097 
1098 void ast_acl_output(int fd, struct ast_acl_list *acl_list, const char *prefix)
1099 {
1100  struct ast_acl *acl;
1101 
1102  AST_LIST_LOCK(acl_list);
1103  AST_LIST_TRAVERSE(acl_list, acl, list) {
1104  ast_cli(fd, "%sACL: %s%s\n---------------------------------------------\n",
1105  prefix ?: "", ast_strlen_zero(acl->name) ? "(unnamed)" : acl->name,
1106  acl->is_realtime ? " (realtime)" : "");
1107 
1108  ast_ha_output(fd, acl->acl, prefix);
1109  }
1110  AST_LIST_UNLOCK(acl_list);
1111 
1112 }
static char * ast_sockaddr_stringify_addr(const struct ast_sockaddr *addr)
Wrapper around ast_sockaddr_stringify_fmt() to return an address only.
Definition: netsock2.h:286
struct ast_acl_list * ast_duplicate_acl_list(struct ast_acl_list *original)
Duplicates the contests of a list of lists of host access rules.
Definition: acl.c:315
void ast_acl_output(int fd, struct ast_acl_list *acl_list, const char *prefix)
output an ACL to the provided fd
Definition: acl.c:1098
#define AST_LIST_LOCK(head)
Locks a list.
Definition: linkedlists.h:40
Asterisk locking-related definitions:
int ast_get_ip(struct ast_sockaddr *addr, const char *hostname)
Get the IP address given a hostname.
Definition: acl.c:999
Asterisk main include file. File version handling, generic pbx functions.
#define AST_LIST_FIRST(head)
Returns the first entry contained in a list.
Definition: linkedlists.h:421
void ast_ha_join(const struct ast_ha *ha, struct ast_str **buf)
Convert HAs to a comma separated string value.
Definition: acl.c:722
int ast_sockaddr_parse(struct ast_sockaddr *addr, const char *str, int flags)
Parse an IPv4 or IPv6 address string.
Definition: netsock2.c:230
enum ast_acl_sense ast_apply_acl(struct ast_acl_list *acl_list, const struct ast_sockaddr *addr, const char *purpose)
Apply a set of rules to a given IP address.
Definition: acl.c:799
static void ast_sockaddr_copy(struct ast_sockaddr *dst, const struct ast_sockaddr *src)
Copies the data from one ast_sockaddr to another.
Definition: netsock2.h:167
int ast_get_ip_or_srv(struct ast_sockaddr *addr, const char *hostname, const char *service)
Get the IP address given a hostname and optional service.
Definition: acl.c:896
#define AST_LIST_UNLOCK(head)
Attempts to unlock a list.
Definition: linkedlists.h:140
Support for DNS SRV records, used in to locate SIP services.
int ast_sockaddr_ipv4_mapped(const struct ast_sockaddr *addr, struct ast_sockaddr *ast_mapped)
Convert an IPv4-mapped IPv6 address into an IPv4 address.
Definition: netsock2.c:37
char name[ACL_NAME_LENGTH]
Definition: acl.h:71
struct ast_ha * ast_append_ha_with_port(const char *sense, const char *stuff, struct ast_ha *path, int *error)
Add a new rule with optional port to a list of HAs.
Definition: acl.c:717
struct ast_acl_list * ast_free_acl_list(struct ast_acl_list *acl_list)
Free a list of ACLs.
Definition: acl.c:233
static struct ast_sockaddr address
Address for UDPTL.
Definition: res_pjsip_t38.c:56
void ast_append_acl(const char *sense, const char *stuff, struct ast_acl_list **path, int *error, int *named_acl_flag)
Add a rule to an ACL struct.
Definition: acl.c:429
int ast_str_append(struct ast_str **buf, ssize_t max_len, const char *fmt,...)
Append to a thread local dynamic string.
Definition: strings.h:1139
struct ast_ha * ast_append_ha(const char *sense, const char *stuff, struct ast_ha *path, int *error)
Add a new rule to a list of HAs.
Definition: acl.c:712
Wrapper for an ast_acl linked list.
Definition: acl.h:76
static int parse_cidr_mask(struct ast_sockaddr *addr, int is_v4, const char *mask_str)
Parse a netmask in CIDR notation.
Definition: acl.c:381
Socket address structure.
Definition: netsock2.h:97
int ast_sockaddr_cmp_addr(const struct ast_sockaddr *a, const struct ast_sockaddr *b)
Compares the addresses of two ast_sockaddr structures.
Definition: netsock2.c:413
void ast_free_ha(struct ast_ha *ha)
Free a list of HAs.
Definition: acl.c:222
Utility functions.
static void ast_sockaddr_setnull(struct ast_sockaddr *addr)
Sets address addr to null.
Definition: netsock2.h:138
#define AST_LIST_HEAD_DESTROY(head)
Destroys a list head structure.
Definition: linkedlists.h:653
#define ast_sockaddr_port(addr)
Get the port number of a socket address.
Definition: netsock2.h:517
internal representation of ACL entries In principle user applications would have no need for this...
Definition: acl.h:51
void ast_copy_ha(const struct ast_ha *from, struct ast_ha *to)
Copy the contents of one HA to another.
Definition: acl.c:255
int is_realtime
Definition: acl.h:69
int ast_sockaddr_is_any(const struct ast_sockaddr *addr)
Determine if the address type is unspecified, or "any" address.
Definition: netsock2.c:534
int ast_get_srv(struct ast_channel *chan, char *host, int hostlen, int *port, const char *service)
Lookup entry in SRV records Returns 1 if found, 0 if not found, -1 on hangup.
Definition: srv.c:260
General Asterisk PBX channel definitions.
#define ast_sockaddr_from_sin(addr, sin)
Converts a struct sockaddr_in to a struct ast_sockaddr.
Definition: netsock2.h:778
#define ast_strdupa(s)
duplicate a string in memory from the stack
Definition: astmm.h:298
Access Control of various sorts.
int ast_str2cos(const char *value, unsigned int *cos)
Convert a string to the appropriate COS value.
Definition: acl.c:952
static void score_address(const struct sockaddr_in *sin, struct in_addr *best_addr, int *best_score)
Definition: acl.c:59
int is_invalid
Definition: acl.h:70
void ast_ha_join_cidr(const struct ast_ha *ha, struct ast_str **buf)
Convert HAs to a comma separated string value using CIDR notation.
Definition: acl.c:744
struct ast_ha * acl
Definition: acl.h:68
#define ast_malloc(len)
A wrapper for malloc()
Definition: astmm.h:191
#define ast_debug(level,...)
Log a DEBUG message.
an ast_acl is a linked list node of ast_ha structs which may have names.
Definition: acl.h:67
#define AST_LIST_REMOVE_HEAD(head, field)
Removes and returns the head entry from a list.
Definition: linkedlists.h:833
const char * ast_tos2str(unsigned int tos)
Convert a TOS value into its string representation.
Definition: acl.c:986
int ast_sockaddr_apply_netmask(const struct ast_sockaddr *addr, const struct ast_sockaddr *netmask, struct ast_sockaddr *result)
Apply a netmask to an address and store the result in a separate structure.
Definition: netsock2.c:357
Wrapper for network related headers, masking differences between various operating systems...
#define AST_LIST_INSERT_TAIL(head, elm, field)
Appends a list entry to the tail of a list.
Definition: linkedlists.h:731
Support for dynamic strings.
Definition: strings.h:623
void ast_ha_output(int fd, const struct ast_ha *ha, const char *prefix)
output an HA to the provided fd
Definition: acl.c:1086
#define ast_sockaddr_set_port(addr, port)
Sets the port number of a socket address.
Definition: netsock2.h:532
static char * ast_sockaddr_stringify(const struct ast_sockaddr *addr)
Wrapper around ast_sockaddr_stringify_fmt() with default format.
Definition: netsock2.h:256
int ast_ouraddrfor(const struct ast_sockaddr *them, struct ast_sockaddr *us)
Get our local IP address when contacting a remote host.
Definition: acl.c:1004
char * ast_skip_blanks(const char *str)
Gets a pointer to the first non-whitespace character in a string.
Definition: strings.h:161
#define AST_LIST_TRAVERSE(head, var, field)
Loops over (traverses) the entries in a list.
Definition: linkedlists.h:491
#define AST_LIST_INSERT_HEAD(head, elm, field)
Inserts a list entry at the head of a list.
Definition: linkedlists.h:711
const char * ast_inet_ntoa(struct in_addr ia)
thread-safe replacement for inet_ntoa().
Definition: utils.c:928
#define AST_LIST_HEAD_INIT(head)
Initializes a list head structure.
Definition: linkedlists.h:626
#define ast_calloc(num, len)
A wrapper for calloc()
Definition: astmm.h:202
int ast_str2tos(const char *value, unsigned int *tos)
Convert a string to the appropriate TOS value.
Definition: acl.c:966
int ast_find_ourip(struct ast_sockaddr *ourip, const struct ast_sockaddr *bindaddr, int family)
Find our IP address.
Definition: acl.c:1051
int ast_sockaddr_is_ipv4_mapped(const struct ast_sockaddr *addr)
Determine if this is an IPv4-mapped IPv6 address.
Definition: netsock2.c:507
int ast_sockaddr_cidr_bits(const struct ast_sockaddr *sa)
Count the 1 bits in a netmask.
Definition: netsock2.c:130
struct ast_ha * ast_named_acl_find(const char *name, int *is_realtime, int *is_undefined)
Retrieve a named ACL.
Definition: named_acl.c:293
int ast_acl_list_is_empty(struct ast_acl_list *acl_list)
Determines if an ACL is empty or if it contains entries.
Definition: acl.c:540
struct ast_ha * ast_duplicate_ha_list(struct ast_ha *original)
Duplicate the contents of a list of host access rules.
Definition: acl.c:276
Standard Command Line Interface.
void ast_copy_string(char *dst, const char *src, size_t size)
Size-limited null-terminating string copy.
Definition: strings.h:425
enum ast_acl_sense ast_apply_ha(const struct ast_ha *ha, const struct ast_sockaddr *addr)
Apply a set of rules to a given IP address.
Definition: acl.c:807
int ast_sockaddr_is_ipv4(const struct ast_sockaddr *addr)
Determine if the address is an IPv4 address.
Definition: netsock2.c:497
int ast_getsockname(int sockfd, struct ast_sockaddr *addr)
Wrapper around getsockname(2) that uses struct ast_sockaddr.
Definition: netsock2.c:600
enum ast_acl_sense ast_apply_acl_nolog(struct ast_acl_list *acl_list, const struct ast_sockaddr *addr)
Apply a set of rules to a given IP address, don't log failure.
Definition: acl.c:803
int ast_sockaddr_is_ipv6(const struct ast_sockaddr *addr)
Determine if this is an IPv6 address.
Definition: netsock2.c:524
int ast_connect(int sockfd, const struct ast_sockaddr *addr)
Wrapper around connect(2) that uses struct ast_sockaddr.
Definition: netsock2.c:595
#define V6_WORD(sin6, index)
Isolate a 32-bit section of an IPv6 address.
Definition: netsock2.h:77
int ast_sockaddr_resolve(struct ast_sockaddr **addrs, const char *str, int flags, int family)
Parses a string with an IPv4 or IPv6 address and place results into an array.
Definition: netsock2.c:280