[asterisk-commits] dvossel: branch 1.6.0 r217913 - /branches/1.6.0/channels/chan_sip.c

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Thu Sep 10 17:31:25 CDT 2009 

Author: dvossel
Date: Thu Sep 10 17:31:20 2009
New Revision: 217913

URL: http://svn.asterisk.org/svn-view/asterisk?view=rev&rev=217913
Log:
sip peer matching by address only with TCP/TLS

This patch removes the contact header matching logic and
adds logic to match all tcp/tls connections by ip only.
Thanks to oej for finding the issue and suggesting solutions.

Review: https://reviewboard.asterisk.org/r/355/


Modified:
    branches/1.6.0/channels/chan_sip.c

Modified: branches/1.6.0/channels/chan_sip.c
URL: http://svn.asterisk.org/svn-view/asterisk/branches/1.6.0/channels/chan_sip.c?view=diff&rev=217913&r1=217912&r2=217913
==============================================================================
--- branches/1.6.0/channels/chan_sip.c (original)
+++ branches/1.6.0/channels/chan_sip.c Thu Sep 10 17:31:20 2009
@@ -1832,7 +1832,7 @@
 static int expire_register(const void *data);
 static void *do_monitor(void *data);
 static int restart_monitor(void);
-static int sip_addrcmp(char *name, struct sockaddr_in *sin);	/* Support for peer matching */
+static int sip_addrcmp(char *name, struct sip_peer *p2);     /* Support for peer matching */
 static int sip_refer_allocate(struct sip_pvt *p);
 static void ast_quiet_chan(struct ast_channel *chan);
 static int attempt_transfer(struct sip_dual *transferer, struct sip_dual *target);
@@ -1951,7 +1951,7 @@
 static void set_peer_defaults(struct sip_peer *peer);
 static struct sip_peer *temp_peer(const char *name);
 static void register_peer_exten(struct sip_peer *peer, int onoff);
-static struct sip_peer *find_peer(const char *peer, struct sockaddr_in *sin, int realtime, int devstate_only);
+static struct sip_peer *find_peer(const char *peer, struct sockaddr_in *sin, int realtime, int devstate_only, int transport);
 static struct sip_user *find_user(const char *name, int realtime);
 static int sip_poke_peer_s(const void *data);
 static enum parse_register_result parse_register_contact(struct sip_pvt *pvt, struct sip_peer *p, struct sip_request *req);
@@ -4041,13 +4041,21 @@
 }
 
 /*! \brief Support routine for find_peer */
-static int sip_addrcmp(char *name, struct sockaddr_in *sin)
+static int sip_addrcmp(char *name, struct sip_peer *p2)
 {
 	/* We know name is the first field, so we can cast */
 	struct sip_peer *p = (struct sip_peer *) name;
-	return 	!(!inaddrcmp(&p->addr, sin) || 
-					(ast_test_flag(&p->flags[0], SIP_INSECURE_PORT) &&
-					(p->addr.sin_addr.s_addr == sin->sin_addr.s_addr)));
+	char tcptls = (p->transports & p2->transports) & (SIP_TRANSPORT_TLS | SIP_TRANSPORT_TCP);
+
+	/* first check to see if it is a perfect ip port match.
+	 * if not, check to see if it valid for the peer to be matched only by ip */
+	if (!inaddrcmp(&p->addr, &p2->addr)) {
+		return 0;
+	} else if ((tcptls || ast_test_flag(&p->flags[0], SIP_INSECURE_PORT)) && (p->addr.sin_addr.s_addr == p2->addr.sin_addr.s_addr)) {
+		return 0;
+	}
+
+	return 1;
 }
 
 /*! \brief Locate peer by name or ip address 
@@ -4056,14 +4064,21 @@
 	\note Avoid using this function in new functions if there's a way to avoid it, i
 	since it causes a database lookup or a traversal of the in-memory peer list.
 */
-static struct sip_peer *find_peer(const char *peer, struct sockaddr_in *sin, int realtime, int devstate_only)
+static struct sip_peer *find_peer(const char *peer, struct sockaddr_in *sin, int realtime, int devstate_only, int transport)
 {
 	struct sip_peer *p = NULL;
-
-	if (peer)
+	struct sip_peer tmp_peer;
+
+	if (peer) {
 		p = ASTOBJ_CONTAINER_FIND(&peerl, peer);
-	else
-		p = ASTOBJ_CONTAINER_FIND_FULL(&peerl, sin, name, sip_addr_hashfunc, 1, sip_addrcmp);
+	} else {
+		tmp_peer.addr.sin_addr.s_addr = sin->sin_addr.s_addr;
+		tmp_peer.addr.sin_port = sin->sin_port;
+		tmp_peer.flags[0].flags = 0;
+		tmp_peer.transports = transport;
+
+		p = ASTOBJ_CONTAINER_FIND_FULL(&peerl, &tmp_peer, name, sip_addr_hashfunc, 1, sip_addrcmp);
+	}
 
 	if (!p && realtime)
 		p = realtime_peer(peer, sin, devstate_only);
@@ -4386,7 +4401,7 @@
 	dialog->sa.sin_family = AF_INET;
 	dialog->timer_t1 = global_t1; /* Default SIP retransmission timer T1 (RFC 3261) */
 	dialog->timer_b = global_timer_b; /* Default SIP transaction timer B (RFC 3261) */
-	peer = find_peer(peername, NULL, 1, 0);
+	peer = find_peer(peername, NULL, 1, 0, 0);
 
 	if (peer) {
 		int res;
@@ -4732,7 +4747,7 @@
 		call_limit = &u->call_limit;
 		inringing = NULL;
 		pu_lock = &u->_lock;
-	} else if ( (p = find_peer(ast_strlen_zero(fup->peername) ? name : fup->peername, NULL, 1, 0) ) ) { /* Try to find peer */
+	} else if ( (p = find_peer(ast_strlen_zero(fup->peername) ? name : fup->peername, NULL, 1, 0, 0) ) ) { /* Try to find peer */
 		inuse = &p->inUse;
 		call_limit = &p->call_limit;
 		inringing = &p->inRinging;
@@ -9918,7 +9933,7 @@
 			append_history(p, "RegistryInit", "Account: %s@%s", r->username, r->hostname);
 
 		if (!ast_strlen_zero(r->peername)) {
-			if (!(peer = find_peer(r->peername, NULL, 1, 0))) {
+			if (!(peer = find_peer(r->peername, NULL, 1, 0, 0))) {
 				ast_log(LOG_WARNING, "Could not find peer %s in transmit_register\n", r->peername);
 			}
 		}
@@ -10974,7 +10989,7 @@
 /*! \brief Change onhold state of a peer using a pvt structure */
 static void sip_peer_hold(struct sip_pvt *p, int hold)
 {
-	struct sip_peer *peer = find_peer(p->peername, NULL, 1, 0);
+	struct sip_peer *peer = find_peer(p->peername, NULL, 1, 0, 0);
 
 	if (!peer)
 		return;
@@ -11208,7 +11223,7 @@
 
 	ast_string_field_set(p, exten, name);
 	build_contact(p);
-	peer = find_peer(name, NULL, 1, 0);
+	peer = find_peer(name, NULL, 1, 0, 0);
 	if (!(peer && ast_apply_ha(peer->ha, sin))) {
 		/* Peer fails ACL check */
 		if (peer) {
@@ -12200,23 +12215,8 @@
 	/* For subscribes, match on peer name only; for other methods,
 	 * match on IP address-port of the incoming request.
 	 */
-	peer = (sipmethod == SIP_SUBSCRIBE) ? find_peer(of, NULL, 1, 0) : find_peer(NULL, &p->recv, 1, 0);
-
-	/* If the peer is still not found, try the address and port from the
-	 * contact header.  If the transport type is TCP or TLS it is not possible
-	 * to find the peer using p->recv. Because of the way TCP works, the received
-	 * packet's destination port will not match the one the peer table is
-	 * built with. */
-	if (!peer && (p->socket.type != SIP_TRANSPORT_UDP)) {
-		struct sockaddr_in tmpsin;
-		char contact[SIPBUFSIZE];
-		char *tmp;
-		memcpy(&tmpsin, &p->recv, sizeof(tmpsin));
-		ast_copy_string(contact, get_header(req, "Contact"), sizeof(contact));
-		tmp = get_in_brackets(contact);
-		__set_address_from_contact(tmp, &tmpsin, 1);
-		peer = find_peer(NULL, &tmpsin, 1, 0);
-	}
+	peer = (sipmethod == SIP_SUBSCRIBE) ? find_peer(of, NULL, 1, 0, 0) : find_peer(NULL, &p->recv, 1, 0, p->socket.type);
+
 	if (!peer) {
 		if (debug)
 			ast_verbose("No matching peer for '%s' from '%s:%d'\n",
@@ -13431,7 +13431,7 @@
 		return CLI_SHOWUSAGE;
 
 	load_realtime = (argc == 5 && !strcmp(argv[4], "load")) ? TRUE : FALSE;
-	peer = find_peer(argv[3], NULL, load_realtime, 0);
+	peer = find_peer(argv[3], NULL, load_realtime, 0, 0);
 	if (s) { 	/* Manager */
 		if (peer) {
 			const char *id = astman_get_header(m, "ActionID");
@@ -13786,7 +13786,7 @@
 	if (a->argc != 3)
 		return CLI_SHOWUSAGE;
 	
-	if ((peer = find_peer(a->argv[2], NULL, load_realtime, 0))) {
+	if ((peer = find_peer(a->argv[2], NULL, load_realtime, 0, 0))) {
 		if (peer->expire > 0) {
 			AST_SCHED_DEL(sched, peer->expire);
 			expire_register(peer);
@@ -14674,7 +14674,7 @@
 /*! \brief  Turn on SIP debugging for a given peer */
 static char *sip_do_debug_peer(int fd, char *arg)
 {
-	struct sip_peer *peer = find_peer(arg, NULL, 1, 0);
+	struct sip_peer *peer = find_peer(arg, NULL, 1, 0, 0);
 	if (!peer)
 		ast_cli(fd, "No such peer '%s'\n", arg);
 	else if (peer->addr.sin_addr.s_addr == 0)
@@ -15173,7 +15173,7 @@
 	else
 		colname = "ip";
 
-	if (!(peer = find_peer(data, NULL, 1, 0)))
+	if (!(peer = find_peer(data, NULL, 1, 0, 0)))
 		return -1;
 
 	if (!strcasecmp(colname, "ip")) {
@@ -20227,7 +20227,7 @@
 				}
 			} 
 			if (p->peername) {
-				struct sip_peer *pp = find_peer(p->peername, NULL, 1, 0);
+				struct sip_peer *pp = find_peer(p->peername, NULL, 1, 0, 0);
 				if (pp) {
 					p->stimer->st_cached_max_se = pp->stimer.st_max_se;
 					unref_peer(pp);
@@ -20250,7 +20250,7 @@
 				}
 			} 
 			if (p->peername) {
-				struct sip_peer *pp = find_peer(p->peername, NULL, 1, 0);
+				struct sip_peer *pp = find_peer(p->peername, NULL, 1, 0, 0);
 				if (pp) {
 					p->stimer->st_cached_min_se = pp->stimer.st_min_se;
 					unref_peer(pp);
@@ -20281,7 +20281,7 @@
 	} 
 
 	if (p->peername) {
-		struct sip_peer *pp = find_peer(p->peername, NULL, 1, 0);
+		struct sip_peer *pp = find_peer(p->peername, NULL, 1, 0, 0);
 		if (pp) {
 			p->stimer->st_cached_ref = pp->stimer.st_ref;
 			return pp->stimer.st_ref;
@@ -20313,7 +20313,7 @@
 		}
 	} 
 	if (p->peername) {
-		struct sip_peer *pp = find_peer(p->peername, NULL, 1, 0);
+		struct sip_peer *pp = find_peer(p->peername, NULL, 1, 0, 0);
 		if (pp) {
 			p->stimer->st_cached_mode = pp->stimer.st_mode_oper;
 			unref_peer(pp);
@@ -20474,7 +20474,7 @@
 	 * load it BACK into memory, thus defeating the point of trying to clear dead
 	 * hosts out of memory.
 	 */
-	if ((p = find_peer(host, NULL, 0, 1))) {
+	if ((p = find_peer(host, NULL, 0, 1, 0))) {
 		if (p->addr.sin_addr.s_addr || p->defaddr.sin_addr.s_addr) {
 			/* we have an address for the peer */

More information about the asterisk-commits mailing list