FS-7638 properly match ACL with IPv4 mapped IPv6 addresses
This commit is contained in:
parent
67ed8f4260
commit
2815994647
|
@ -1,10 +1,10 @@
|
|||
<configuration name="event_socket.conf" description="Socket Client">
|
||||
<settings>
|
||||
<param name="nat-map" value="false"/>
|
||||
<param name="listen-ip" value="127.0.0.1"/>
|
||||
<param name="listen-ip" value="::"/>
|
||||
<param name="listen-port" value="8021"/>
|
||||
<param name="password" value="ClueCon"/>
|
||||
<!--<param name="apply-inbound-acl" value="lan"/>-->
|
||||
<!--<param name="apply-inbound-acl" value="loopback.auto"/>-->
|
||||
<!--<param name="stop-on-bind-error" value="true"/>-->
|
||||
</settings>
|
||||
</configuration>
|
||||
|
|
|
@ -1122,7 +1122,7 @@ SWITCH_DECLARE(switch_status_t) switch_network_list_create(switch_network_list_t
|
|||
SWITCH_DECLARE(switch_status_t) switch_network_list_add_cidr_token(switch_network_list_t *list, const char *cidr_str, switch_bool_t ok, const char *token);
|
||||
#define switch_network_list_add_cidr(_list, _cidr_str, _ok) switch_network_list_add_cidr_token(_list, _cidr_str, _ok, NULL)
|
||||
|
||||
|
||||
SWITCH_DECLARE(char *) switch_network_ipv4_mapped_ipv6_addr(const char* ip_str);
|
||||
SWITCH_DECLARE(switch_status_t) switch_network_list_add_host_mask(switch_network_list_t *list, const char *host, const char *mask_str, switch_bool_t ok);
|
||||
SWITCH_DECLARE(switch_bool_t) switch_network_list_validate_ip_token(switch_network_list_t *list, uint32_t ip, const char **token);
|
||||
SWITCH_DECLARE(switch_bool_t) switch_network_list_validate_ip6_token(switch_network_list_t *list, ip_t ip, const char **token);
|
||||
|
|
|
@ -2844,6 +2844,10 @@ static int config(void)
|
|||
prefs.nat_map = 0;
|
||||
}
|
||||
|
||||
if (!prefs.acl_count) {
|
||||
prefs.acl[prefs.acl_count++] = strdup("loopback.auto");
|
||||
}
|
||||
|
||||
if (prefs.nat_map) {
|
||||
prefs.nat_map = 0;
|
||||
}
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
|
||||
/*
|
||||
* FreeSWITCH Modular Media Switching Software Library / Soft-Switch Application
|
||||
* Copyright (C) 2005-2014, Anthony Minessale II <anthm@freeswitch.org>
|
||||
|
@ -1290,6 +1289,12 @@ SWITCH_DECLARE(switch_bool_t) switch_check_network_list_ip_token(const char *ip_
|
|||
uint32_t bits;
|
||||
char *ipv6 = strchr(ip_str,':');
|
||||
switch_bool_t ok = SWITCH_FALSE;
|
||||
char *ipv4 = NULL;
|
||||
|
||||
if ((ipv4 = switch_network_ipv4_mapped_ipv6_addr(ip_str))) {
|
||||
ip_str = ipv4;
|
||||
ipv6 = NULL;
|
||||
}
|
||||
|
||||
switch_mutex_lock(runtime.global_mutex);
|
||||
if (ipv6) {
|
||||
|
@ -1339,6 +1344,8 @@ SWITCH_DECLARE(switch_bool_t) switch_check_network_list_ip_token(const char *ip_
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
switch_safe_free(ipv4);
|
||||
switch_mutex_unlock(runtime.global_mutex);
|
||||
|
||||
return ok;
|
||||
|
@ -1450,6 +1457,7 @@ SWITCH_DECLARE(void) switch_load_network_lists(switch_bool_t reload)
|
|||
switch_network_list_create(&rfc_list, tmp_name, SWITCH_FALSE, IP_LIST.pool);
|
||||
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_NOTICE, "Created ip list %s default (deny)\n", tmp_name);
|
||||
switch_network_list_add_cidr(rfc_list, "127.0.0.0/8", SWITCH_TRUE);
|
||||
switch_network_list_add_cidr(rfc_list, "::1/128", SWITCH_TRUE);
|
||||
switch_core_hash_insert(IP_LIST.hash, tmp_name, rfc_list);
|
||||
|
||||
tmp_name = "localnet.auto";
|
||||
|
@ -1556,17 +1564,9 @@ SWITCH_DECLARE(void) switch_load_network_lists(switch_bool_t reload)
|
|||
|
||||
switch_xml_free(xml_root);
|
||||
} else if (cidr) {
|
||||
if (switch_network_list_add_cidr(list, cidr, ok) == SWITCH_STATUS_SUCCESS) {
|
||||
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_NOTICE, "Adding %s (%s) to list %s\n", cidr, ok ? "allow" : "deny", name);
|
||||
} else {
|
||||
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR,
|
||||
"Error Adding %s (%s) to list %s\n", cidr, ok ? "allow" : "deny", name);
|
||||
}
|
||||
switch_network_list_add_cidr(list, cidr, ok);
|
||||
} else if (host && mask) {
|
||||
if (switch_network_list_add_host_mask(list, host, mask, ok) == SWITCH_STATUS_SUCCESS) {
|
||||
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_NOTICE,
|
||||
"Adding %s/%s (%s) to list %s\n", host, mask, ok ? "allow" : "deny", name);
|
||||
}
|
||||
switch_network_list_add_host_mask(list, host, mask, ok);
|
||||
}
|
||||
|
||||
switch_core_hash_insert(IP_LIST.hash, name, list);
|
||||
|
|
|
@ -476,16 +476,33 @@ SWITCH_DECLARE(switch_bool_t) switch_network_list_validate_ip_token(switch_netwo
|
|||
return ok;
|
||||
}
|
||||
|
||||
SWITCH_DECLARE(char *) switch_network_ipv4_mapped_ipv6_addr(const char* ip_str)
|
||||
{
|
||||
/* ipv4 mapped ipv6 address */
|
||||
|
||||
if (strncasecmp(ip_str, "::ffff:", 7)) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return strdup(ip_str + 7);
|
||||
}
|
||||
|
||||
SWITCH_DECLARE(switch_status_t) switch_network_list_perform_add_cidr_token(switch_network_list_t *list, const char *cidr_str, switch_bool_t ok,
|
||||
const char *token)
|
||||
{
|
||||
ip_t ip, mask;
|
||||
uint32_t bits;
|
||||
switch_network_node_t *node;
|
||||
char *ipv4 = NULL;
|
||||
|
||||
if ((ipv4 = switch_network_ipv4_mapped_ipv6_addr(cidr_str))) {
|
||||
cidr_str = ipv4;
|
||||
}
|
||||
|
||||
if (switch_parse_cidr(cidr_str, &ip, &mask, &bits)) {
|
||||
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Error Adding %s (%s) [%s] to list %s\n",
|
||||
cidr_str, ok ? "allow" : "deny", switch_str_nil(token), list->name);
|
||||
switch_safe_free(ipv4);
|
||||
return SWITCH_STATUS_GENERR;
|
||||
}
|
||||
|
||||
|
@ -513,6 +530,7 @@ SWITCH_DECLARE(switch_status_t) switch_network_list_perform_add_cidr_token(switc
|
|||
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_NOTICE, "Adding %s (%s) [%s] to list %s\n",
|
||||
cidr_str, ok ? "allow" : "deny", switch_str_nil(token), list->name);
|
||||
|
||||
switch_safe_free(ipv4);
|
||||
return SWITCH_STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue