[Asterisk-code-review] res pjsip endpoint identifier ip: Add an option to match req... (asterisk[master])

Joshua Colp asteriskteam at digium.com
Wed Mar 15 08:51:36 CDT 2017 

Joshua Colp has uploaded a new change for review. ( https://gerrit.asterisk.org/5215 )

Change subject: res_pjsip_endpoint_identifier_ip: Add an option to match requests by header
......................................................................

res_pjsip_endpoint_identifier_ip: Add an option to match requests by header

This patch adds a new features to the endpoint identifier module,
'match_header'. When set, inbound requests are matched by a provided SIP
header: value pair. This option works in conjunction with the existing
'match' configuration option, such that if any 'match*' attribute
matches an inbound request, the request is associated with the specified
endpoint.

Since this module now identifies by more than just IP address,
appropriate renaming of the module and/or variables can be done in a
non-release branch.

ASTERISK-26863 #close

Change-Id: Icfc14835c962f92e35e67bbdb235cf0589de5453
(cherry picked from commit 30f52d79d7fc9ab0b628bef2b61ea515413795a2)
---
M CHANGES
A contrib/ast-db-manage/config/versions/465e70e8c337_add_match_header_attribute_to_identify.py
M res/res_pjsip_endpoint_identifier_ip.c
3 files changed, 128 insertions(+), 9 deletions(-)


  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/15/5215/1

diff --git a/CHANGES b/CHANGES
index 7de7066..03b2f78 100644
--- a/CHANGES
+++ b/CHANGES
@@ -89,6 +89,14 @@
 --- Functionality changes from Asterisk 14.3.0 to Asterisk 14.4.0 ------------
 ------------------------------------------------------------------------------
 
+AMI
+------------------
+ * The 'PJSIPShowEndpoint' command's respone event of 'IdentifyDetail' now
+   contains a new optional parameter, 'MatchHeader', mapping to the new
+   configuration option 'match_header' for the corresponding 'identify' object.
+   It should be noted that since 'match_header' takes in a key: value pair, the
+   event parameter will contain a ':' as well.
+
 app_record
 ------------------
  * Added new 'u' option to Record() application which prevents Asterisk from
@@ -118,6 +126,20 @@
    when Asterisk attempts to send SIP requests to do something like initiate
    call hangup.
 
+res_pjsip_endpoint_identifier_ip
+------------------
+ * A new option has been added to the 'identify' configuration object,
+   'match_header'. The 'match_header' attribute should contain a SIP
+   header: value pair that, When set, will cause inbound requests that contain
+   the matching SIP header/value pair to be associated with the corresponding
+   endpoint. This option is cumulative with the 'match' option, so that if
+   either option matches the request, the request is associated with the
+   endpoint.
+
+   In a future release, this module will be renamed to something more
+   appropriate, as it now matches inbound requests on more than just IP
+   address.
+
 ------------------------------------------------------------------------------
 --- Functionality changes from Asterisk 14.2.0 to Asterisk 14.3.0 ------------
 ------------------------------------------------------------------------------
diff --git a/contrib/ast-db-manage/config/versions/465e70e8c337_add_match_header_attribute_to_identify.py b/contrib/ast-db-manage/config/versions/465e70e8c337_add_match_header_attribute_to_identify.py
new file mode 100644
index 0000000..343b5cb
--- /dev/null
+++ b/contrib/ast-db-manage/config/versions/465e70e8c337_add_match_header_attribute_to_identify.py
@@ -0,0 +1,21 @@
+"""Add match_header attribute to identify
+
+Revision ID: 465e70e8c337
+Revises: 28ab27a7826d
+Create Date: 2017-03-14 08:13:53.986681
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '465e70e8c337'
+down_revision = '28ab27a7826d'
+
+from alembic import op
+import sqlalchemy as sa
+
+
+def upgrade():
+    op.add_column('ps_endpoint_id_ips', sa.Column('match_header', sa.String(255)))
+
+def downgrade():
+    op.drop_column('ps_endpoint_id_ips', 'match_header')
diff --git a/res/res_pjsip_endpoint_identifier_ip.c b/res/res_pjsip_endpoint_identifier_ip.c
index a732384..262bdc5 100644
--- a/res/res_pjsip_endpoint_identifier_ip.c
+++ b/res/res_pjsip_endpoint_identifier_ip.c
@@ -35,20 +35,33 @@
 
 /*** DOCUMENTATION
 	<configInfo name="res_pjsip_endpoint_identifier_ip" language="en_US">
-		<synopsis>Module that identifies endpoints via source IP address</synopsis>
+		<synopsis>Module that identifies endpoints</synopsis>
 		<configFile name="pjsip.conf">
 			<configObject name="identify">
-				<synopsis>Identifies endpoints via source IP address</synopsis>
+				<synopsis>Identifies endpoints via some criteria.</synopsis>
+				<description>
+					<para>This module provides alternatives to matching inbound requests to
+					a configured endpoint. At least one of the matching mechanisms
+					must be provided, or the object configuration will be invalid.</para>
+					<para>If multiple criteria are provided, an inbound request will
+					be matched if it matches <emphasis>any</emphasis> of the criteria.</para>
+					<para>The matching mechanisms are provided by the following
+					configuration options:</para>
+					<enumlist>
+						<enum name="match"><para>Match by source IP address.</para></enum>
+						<enum name="match_header"><para>Match by SIP header.</para></enum>
+					</enumlist>
+				</description>
 				<configOption name="endpoint">
 					<synopsis>Name of Endpoint</synopsis>
 				</configOption>
 				<configOption name="match">
-					<synopsis>IP addresses or networks to match against</synopsis>
+					<synopsis>IP addresses or networks to match against.</synopsis>
 					<description><para>
 						The value is a comma-delimited list of IP addresses. IP addresses may
 						have a subnet mask appended. The subnet mask may be written in either
 						CIDR or dot-decimal notation. Separate the IP address and subnet
-						mask with a slash ('/')
+						mask with a slash ('/').
 					</para></description>
 				</configOption>
 				<configOption name="srv_lookups" default="yes">
@@ -56,6 +69,14 @@
 					<description><para>When enabled, <replaceable>srv_lookups</replaceable> will
 					perform SRV lookups for _sip._udp, _sip._tcp, and _sips._tcp of the given
 					hostnames to determine additional addresses that traffic may originate from.
+					</para></description>
+				</configOption>
+				<configOption name="match_header">
+					<synopsis>Header/value pair to match against.</synopsis>
+					<description><para>A SIP header who value is used to match against. SIP
+					requests containing the header, along with the specified value, will be
+					mapped to the specified endpoint. The header must be specified with a
+					<literal>:</literal>, as in <literal>match_header = SIPHeader: value</literal>.
 					</para></description>
 				</configOption>
 				<configOption name="type">
@@ -77,6 +98,8 @@
 	AST_DECLARE_STRING_FIELDS(
 		/*! The name of the endpoint */
 		AST_STRING_FIELD(endpoint_name);
+		/*! If matching by header, the header/value to match against */
+		AST_STRING_FIELD(match_header);
 	);
 	/*! \brief Networks or addresses that should match this */
 	struct ast_ha *matches;
@@ -109,7 +132,48 @@
 	return identify;
 }
 
-/*! \brief Comparator function for a matching object */
+/*! \brief Comparator function for matching an object by header */
+static int header_identify_match_check(void *obj, void *arg, int flags)
+{
+	struct ip_identify_match *identify = obj;
+	struct pjsip_rx_data *rdata = arg;
+	pjsip_generic_string_hdr *header;
+	pj_str_t pj_header_name;
+	pj_str_t pj_header_value;
+	char *c_header = ast_strdupa(identify->match_header);
+	char *c_value;
+
+	c_value = strchr(c_header, ':');
+	if (!c_value) {
+		ast_log(LOG_WARNING, "Identify '%s' has invalid header_match: No ':' separator found!\n",
+			ast_sorcery_object_get_id(identify));
+		return 0;
+	}
+	*c_value = '\0';
+	c_value++;
+	c_value = ast_strip(c_value);
+
+	pj_header_name = pj_str(c_header);
+	header = pjsip_msg_find_hdr_by_name(rdata->msg_info.msg, &pj_header_name, NULL);
+	if (!header) {
+		ast_debug(3, "SIP message does not contain header '%s'\n", c_header);
+		return 0;
+	}
+
+	pj_header_value = pj_str(c_value);
+	if (pj_strcmp(&pj_header_value, &header->hvalue)) {
+		ast_debug(3, "SIP message contains header '%s' but value '%.*s' does not match value '%s' for endpoint '%s'\n",
+			c_header,
+			(int) pj_strlen(&header->hvalue), pj_strbuf(&header->hvalue),
+			c_value,
+			identify->endpoint_name);
+		return 0;
+	}
+
+	return CMP_MATCH | CMP_STOP;
+}
+
+/*! \brief Comparator function for matching an object by IP address */
 static int ip_identify_match_check(void *obj, void *arg, int flags)
 {
 	struct ip_identify_match *identify = obj;
@@ -147,10 +211,14 @@
 	ast_sockaddr_parse(&addr, rdata->pkt_info.src_name, PARSE_PORT_FORBID);
 	ast_sockaddr_set_port(&addr, rdata->pkt_info.src_port);
 
-	if (!(match = ao2_callback(candidates, 0, ip_identify_match_check, &addr))) {
-		ast_debug(3, "'%s' did not match any identify section rules\n",
+	match = ao2_callback(candidates, 0, ip_identify_match_check, &addr);
+	if (!match) {
+		ast_debug(3, "Identify checks by IP address failed to find match: '%s' did not match any identify section rules\n",
 				ast_sockaddr_stringify(&addr));
-		return NULL;
+		match = ao2_callback(candidates, 0, header_identify_match_check, rdata);
+		if (!match) {
+			return NULL;
+		}
 	}
 
 	endpoint = ast_sorcery_retrieve_by_id(ast_sip_get_sorcery(), "endpoint", match->endpoint_name);
@@ -495,7 +563,7 @@
 		filler = CLI_LAST_TABSTOP - indent - 24;
 
 		ast_str_append(&context->output_buffer, 0,
-			"%*s:  <ip/cidr%*.*s>\n",
+			"%*s:  <criteria%*.*s>\n",
 			indent, "Match", filler, filler, CLI_HEADER_FILLER);
 
 		context->indent_level--;
@@ -530,6 +598,13 @@
 				"Match",
 				match->sense == AST_SENSE_ALLOW ? "!" : "",
 				addr, ast_sockaddr_cidr_bits(&match->netmask));
+		}
+
+		if (!ast_strlen_zero(ident->match_header)) {
+			ast_str_append(&context->output_buffer, 0, "%*s: %s\n",
+				indent,
+				"Match",
+				ident->match_header);
 		}
 
 		context->indent_level--;
@@ -592,6 +667,7 @@
 	ast_sorcery_object_field_register(ast_sip_get_sorcery(), "identify", "type", "", OPT_NOOP_T, 0, 0);
 	ast_sorcery_object_field_register(ast_sip_get_sorcery(), "identify", "endpoint", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ip_identify_match, endpoint_name));
 	ast_sorcery_object_field_register_custom(ast_sip_get_sorcery(), "identify", "match", "", ip_identify_match_handler, match_to_str, match_to_var_list, 0, 0);
+	ast_sorcery_object_field_register(ast_sip_get_sorcery(), "identify", "match_header", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ip_identify_match, match_header));
 	ast_sorcery_object_field_register(ast_sip_get_sorcery(), "identify", "srv_lookups", "yes", OPT_BOOL_T, 1, FLDSET(struct ip_identify_match, srv_lookups));
 	ast_sorcery_load_object(ast_sip_get_sorcery(), "identify");
 

-- 
To view, visit https://gerrit.asterisk.org/5215
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Icfc14835c962f92e35e67bbdb235cf0589de5453
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Owner: Joshua Colp <jcolp at digium.com>

More information about the asterisk-code-review mailing list