[asterisk-commits] russell: branch 1.6.2 r216436 - in /branches/1.6.2: ./ channels/chan_sip.c
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Fri Sep 4 08:57:55 CDT 2009
Author: russell
Date: Fri Sep 4 08:57:52 2009
New Revision: 216436
URL: http://svn.asterisk.org/svn-view/asterisk?view=rev&rev=216436
Log:
Merged revisions 216368 via svnmerge from
https://origsvn.digium.com/svn/asterisk/trunk
........
r216368 | russell | 2009-09-04 08:14:25 -0500 (Fri, 04 Sep 2009) | 12 lines
Do not treat every SIP peer as if they were configured with insecure=port.
There was a problem in the function responsible for doing peer matching by
IP address and port number such that during the second pass for checking for
a peer configured with insecure=port, it would end up treating every peer as
if it had been configured that way. These changes fix the logic in the peer
IP and port comparison callback to handle insecure=port checking properly.
This problem was introduced when SIP peers were converted to astobj2. Many
thanks to dvossel for noticing this while working on another peer matching
issue.
........
Modified:
branches/1.6.2/ (props changed)
branches/1.6.2/channels/chan_sip.c
Propchange: branches/1.6.2/
------------------------------------------------------------------------------
Binary property 'trunk-merged' - no diff available.
Modified: branches/1.6.2/channels/chan_sip.c
URL: http://svn.asterisk.org/svn-view/asterisk/branches/1.6.2/channels/chan_sip.c?view=diff&rev=216436&r1=216435&r2=216436
==============================================================================
--- branches/1.6.2/channels/chan_sip.c (original)
+++ branches/1.6.2/channels/chan_sip.c Fri Sep 4 08:57:52 2009
@@ -2040,22 +2040,42 @@
}
/*!
+ * Match Peers by IP and Port number.
+ *
+ * This function has two modes.
+ * - If the peer arg does not have INSECURE_PORT set, then we will only return
+ * a match for a peer that matches both the IP and port.
+ * - If the peer arg does have the INSECURE_PORT flag set, then we will only
+ * return a match for a peer that matches the IP and has insecure=port
+ * in its configuration.
+ *
+ * This callback will be used twice when doing peer matching. There is a first
+ * pass for full IP+port matching, and a second pass in case there is a match
+ * that meets the insecure=port criteria.
+ *
* \note the peer's addr struct provides to fields combined to make a key: the sin_addr.s_addr and sin_port fields.
*/
static int peer_ipcmp_cb(void *obj, void *arg, int flags)
{
struct sip_peer *peer = obj, *peer2 = arg;
- if (peer->addr.sin_addr.s_addr != peer2->addr.sin_addr.s_addr)
+ if (peer->addr.sin_addr.s_addr != peer2->addr.sin_addr.s_addr) {
+ /* IP doesn't match */
return 0;
-
- if (!ast_test_flag(&peer->flags[0], SIP_INSECURE_PORT) && !ast_test_flag(&peer2->flags[0], SIP_INSECURE_PORT)) {
- if (peer->addr.sin_port == peer2->addr.sin_port)
- return CMP_MATCH | CMP_STOP;
- else
- return 0;
- }
- return CMP_MATCH | CMP_STOP;
+ }
+
+ /* We matched the IP, now check the port if appropriate. */
+
+ if (ast_test_flag(&peer2->flags[0], SIP_INSECURE_PORT)) {
+ /* We are allowing match without port for peers configured that
+ * way in this pass through the peers. */
+ return ast_test_flag(&peer->flags[0], SIP_INSECURE_PORT) ?
+ (CMP_MATCH | CMP_STOP) : 0;
+ }
+
+ /* Only return a match if the port matches, as well. */
+
+ return peer->addr.sin_port == peer2->addr.sin_port ? (CMP_MATCH | CMP_STOP) : 0;
}
/*!
More information about the asterisk-commits
mailing list