From 2815994647ef03fda488685899262450eb4b935c Mon Sep 17 00:00:00 2001 From: Brian Date: Thu, 11 Jun 2015 08:24:31 -0500 Subject: [PATCH] FS-7638 properly match ACL with IPv4 mapped IPv6 addresses --- .../autoload_configs/event_socket.conf.xml | 4 ++-- src/include/switch_utils.h | 2 +- .../mod_event_socket/mod_event_socket.c | 4 ++++ src/switch_core.c | 22 +++++++++---------- src/switch_utils.c | 18 +++++++++++++++ 5 files changed, 36 insertions(+), 14 deletions(-) diff --git a/conf/vanilla/autoload_configs/event_socket.conf.xml b/conf/vanilla/autoload_configs/event_socket.conf.xml index 28e0f46837..d62dd34dc7 100644 --- a/conf/vanilla/autoload_configs/event_socket.conf.xml +++ b/conf/vanilla/autoload_configs/event_socket.conf.xml @@ -1,10 +1,10 @@ - + - + diff --git a/src/include/switch_utils.h b/src/include/switch_utils.h index c6768d5860..6142d0c0fa 100644 --- a/src/include/switch_utils.h +++ b/src/include/switch_utils.h @@ -1122,7 +1122,7 @@ SWITCH_DECLARE(switch_status_t) switch_network_list_create(switch_network_list_t SWITCH_DECLARE(switch_status_t) switch_network_list_add_cidr_token(switch_network_list_t *list, const char *cidr_str, switch_bool_t ok, const char *token); #define switch_network_list_add_cidr(_list, _cidr_str, _ok) switch_network_list_add_cidr_token(_list, _cidr_str, _ok, NULL) - +SWITCH_DECLARE(char *) switch_network_ipv4_mapped_ipv6_addr(const char* ip_str); SWITCH_DECLARE(switch_status_t) switch_network_list_add_host_mask(switch_network_list_t *list, const char *host, const char *mask_str, switch_bool_t ok); SWITCH_DECLARE(switch_bool_t) switch_network_list_validate_ip_token(switch_network_list_t *list, uint32_t ip, const char **token); SWITCH_DECLARE(switch_bool_t) switch_network_list_validate_ip6_token(switch_network_list_t *list, ip_t ip, const char **token); diff --git a/src/mod/event_handlers/mod_event_socket/mod_event_socket.c b/src/mod/event_handlers/mod_event_socket/mod_event_socket.c index b845cfd7c3..3c8683ed4c 100644 --- a/src/mod/event_handlers/mod_event_socket/mod_event_socket.c +++ b/src/mod/event_handlers/mod_event_socket/mod_event_socket.c @@ -2844,6 +2844,10 @@ static int config(void) prefs.nat_map = 0; } + if (!prefs.acl_count) { + prefs.acl[prefs.acl_count++] = strdup("loopback.auto"); + } + if (prefs.nat_map) { prefs.nat_map = 0; } diff --git a/src/switch_core.c b/src/switch_core.c index 3c6c3a38cb..e0c800e2bf 100644 --- a/src/switch_core.c +++ b/src/switch_core.c @@ -1,4 +1,3 @@ - /* * FreeSWITCH Modular Media Switching Software Library / Soft-Switch Application * Copyright (C) 2005-2014, Anthony Minessale II @@ -1290,6 +1289,12 @@ SWITCH_DECLARE(switch_bool_t) switch_check_network_list_ip_token(const char *ip_ uint32_t bits; char *ipv6 = strchr(ip_str,':'); switch_bool_t ok = SWITCH_FALSE; + char *ipv4 = NULL; + + if ((ipv4 = switch_network_ipv4_mapped_ipv6_addr(ip_str))) { + ip_str = ipv4; + ipv6 = NULL; + } switch_mutex_lock(runtime.global_mutex); if (ipv6) { @@ -1339,6 +1344,8 @@ SWITCH_DECLARE(switch_bool_t) switch_check_network_list_ip_token(const char *ip_ } } } + + switch_safe_free(ipv4); switch_mutex_unlock(runtime.global_mutex); return ok; @@ -1450,6 +1457,7 @@ SWITCH_DECLARE(void) switch_load_network_lists(switch_bool_t reload) switch_network_list_create(&rfc_list, tmp_name, SWITCH_FALSE, IP_LIST.pool); switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_NOTICE, "Created ip list %s default (deny)\n", tmp_name); switch_network_list_add_cidr(rfc_list, "127.0.0.0/8", SWITCH_TRUE); + switch_network_list_add_cidr(rfc_list, "::1/128", SWITCH_TRUE); switch_core_hash_insert(IP_LIST.hash, tmp_name, rfc_list); tmp_name = "localnet.auto"; @@ -1556,17 +1564,9 @@ SWITCH_DECLARE(void) switch_load_network_lists(switch_bool_t reload) switch_xml_free(xml_root); } else if (cidr) { - if (switch_network_list_add_cidr(list, cidr, ok) == SWITCH_STATUS_SUCCESS) { - switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_NOTICE, "Adding %s (%s) to list %s\n", cidr, ok ? "allow" : "deny", name); - } else { - switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, - "Error Adding %s (%s) to list %s\n", cidr, ok ? "allow" : "deny", name); - } + switch_network_list_add_cidr(list, cidr, ok); } else if (host && mask) { - if (switch_network_list_add_host_mask(list, host, mask, ok) == SWITCH_STATUS_SUCCESS) { - switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_NOTICE, - "Adding %s/%s (%s) to list %s\n", host, mask, ok ? "allow" : "deny", name); - } + switch_network_list_add_host_mask(list, host, mask, ok); } switch_core_hash_insert(IP_LIST.hash, name, list); diff --git a/src/switch_utils.c b/src/switch_utils.c index 0b415492dc..4c05351c10 100644 --- a/src/switch_utils.c +++ b/src/switch_utils.c @@ -476,16 +476,33 @@ SWITCH_DECLARE(switch_bool_t) switch_network_list_validate_ip_token(switch_netwo return ok; } +SWITCH_DECLARE(char *) switch_network_ipv4_mapped_ipv6_addr(const char* ip_str) +{ + /* ipv4 mapped ipv6 address */ + + if (strncasecmp(ip_str, "::ffff:", 7)) { + return NULL; + } + + return strdup(ip_str + 7); +} + SWITCH_DECLARE(switch_status_t) switch_network_list_perform_add_cidr_token(switch_network_list_t *list, const char *cidr_str, switch_bool_t ok, const char *token) { ip_t ip, mask; uint32_t bits; switch_network_node_t *node; + char *ipv4 = NULL; + + if ((ipv4 = switch_network_ipv4_mapped_ipv6_addr(cidr_str))) { + cidr_str = ipv4; + } if (switch_parse_cidr(cidr_str, &ip, &mask, &bits)) { switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Error Adding %s (%s) [%s] to list %s\n", cidr_str, ok ? "allow" : "deny", switch_str_nil(token), list->name); + switch_safe_free(ipv4); return SWITCH_STATUS_GENERR; } @@ -513,6 +530,7 @@ SWITCH_DECLARE(switch_status_t) switch_network_list_perform_add_cidr_token(switc switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_NOTICE, "Adding %s (%s) [%s] to list %s\n", cidr_str, ok ? "allow" : "deny", switch_str_nil(token), list->name); + switch_safe_free(ipv4); return SWITCH_STATUS_SUCCESS; }