[asterisk-commits] may: branch may/ooh323_ipv6 r294120 - in /team/may/ooh323_ipv6/addons: ./ ooh...
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Sat Nov 6 13:43:39 CDT 2010
Author: may
Date: Sat Nov 6 13:43:34 2010
New Revision: 294120
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=294120
Log:
Multihomed support for both ipv4 and ipv6
Fix potential security hole for different signalling
and connection ip
Modified:
team/may/ooh323_ipv6/addons/chan_ooh323.c
team/may/ooh323_ipv6/addons/ooh323c/src/ooSocket.c
team/may/ooh323_ipv6/addons/ooh323c/src/ooSocket.h
team/may/ooh323_ipv6/addons/ooh323c/src/oochannels.c
team/may/ooh323_ipv6/addons/ooh323c/src/ooh323.c
team/may/ooh323_ipv6/addons/ooh323c/src/ooq931.c
Modified: team/may/ooh323_ipv6/addons/chan_ooh323.c
URL: http://svnview.digium.com/svn/asterisk/team/may/ooh323_ipv6/addons/chan_ooh323.c?view=diff&rev=294120&r1=294119&r2=294120
==============================================================================
--- team/may/ooh323_ipv6/addons/chan_ooh323.c (original)
+++ team/may/ooh323_ipv6/addons/chan_ooh323.c Sat Nov 6 13:43:34 2010
@@ -464,7 +464,7 @@
static struct ooh323_pvt *ooh323_alloc(int callref, char *callToken)
{
struct ooh323_pvt *pvt = NULL;
- struct ast_sockaddr tmp;
+ /* struct ast_sockaddr tmp; */
if (gH323Debug)
ast_verbose("--- ooh323_alloc\n");
@@ -476,7 +476,7 @@
ast_mutex_init(&pvt->lock);
ast_mutex_lock(&pvt->lock);
- ast_sockaddr_copy(&tmp, &bindaddr);
+ /* ast_sockaddr_copy(&tmp, &bindaddr);
if (!(pvt->rtp = ast_rtp_instance_new("asterisk", sched, &tmp, NULL))) {
ast_log(LOG_WARNING, "Unable to create RTP session: %s\n",
strerror(errno));
@@ -495,9 +495,9 @@
ast_mutex_destroy(&pvt->lock);
ast_free(pvt);
return NULL;
- }
-
- ast_udptl_set_error_correction_scheme(pvt->udptl, UDPTL_ERROR_CORRECTION_NONE);
+ }
+
+ ast_udptl_set_error_correction_scheme(pvt->udptl, UDPTL_ERROR_CORRECTION_NONE); */
pvt->faxmode = 0;
pvt->t38support = gT38Support;
pvt->rtptimeout = gRTPTimeout;
@@ -1799,7 +1799,11 @@
ooh323c_set_capability_for_call(call, &p->prefs, p->capability, p->dtmfmode, p->dtmfcodec,
p->t38support);
- configure_local_rtp(p, call);
+ if (!configure_local_rtp(p, call)) {
+ ast_mutex_unlock(&p->lock);
+ ast_log(LOG_ERROR, "Couldn't create rtp structure\n");
+ return -1;
+ }
/* Incoming call */
c = ooh323_new(p, AST_STATE_RING, p->username, 0, NULL);
@@ -1807,7 +1811,7 @@
ast_mutex_unlock(&p->lock);
ast_log(LOG_ERROR, "Could not create ast_channel\n");
return -1;
- }
+ }
ast_mutex_unlock(&p->lock);
if (gH323Debug)
@@ -1878,6 +1882,10 @@
ast_copy_string(call->rtpMaskStr, p->rtpmaskstr, sizeof(call->rtpMaskStr));
}
+ if (!configure_local_rtp(p, call)) {
+ return OO_FAILED;
+ }
+
ast_mutex_unlock(&p->lock);
}
@@ -1967,7 +1975,7 @@
ooh323c_set_capability_for_call(call, &p->prefs, p->capability,
p->dtmfmode, p->dtmfcodec, p->t38support);
- configure_local_rtp(p, call);
+ /* configure_local_rtp(p, call); */
ast_mutex_unlock(&p->lock);
}
@@ -3899,6 +3907,25 @@
if (gH323Debug)
ast_verbose("--- configure_local_rtp\n");
+
+ if (ast_parse_arg(call->localIP, PARSE_ADDR, &tmp)) {
+ ast_sockaddr_copy(&tmp, &bindaddr);
+ }
+ if (!(p->rtp = ast_rtp_instance_new("asterisk", sched, &tmp, NULL))) {
+ ast_log(LOG_WARNING, "Unable to create RTP session: %s\n",
+ strerror(errno));
+ return 0;
+ }
+
+ ast_rtp_instance_set_qos(p->rtp, gTOS, 0, "ooh323-rtp");
+
+ if (!(p->udptl = ast_udptl_new_with_bindaddr(sched, io, 0, &tmp))) {
+ ast_log(LOG_WARNING, "Unable to create UDPTL session: %s\n",
+ strerror(errno));
+ return 0;
+ }
+
+
if (p->rtp) {
ast_rtp_codecs_packetization_set(ast_rtp_instance_get_codecs(p->rtp), p->rtp, &p->prefs);
if (p->dtmfmode & H323_DTMF_RFC2833 && p->dtmfcodec) {
@@ -3960,15 +3987,15 @@
ast_udptl_get_us(p->udptl, &tmp);
strncpy(lhost, ast_sockaddr_stringify_addr(&tmp), sizeof(lhost));
lport = ast_sockaddr_stringify_port(&tmp);
- }
- ast_copy_string(mediaInfo.lMediaIP, lhost, sizeof(mediaInfo.lMediaIP));
- mediaInfo.lMediaPort = atoi(lport);
- mediaInfo.lMediaCntrlPort = mediaInfo.lMediaPort +1;
- mediaInfo.cap = OO_T38;
- strcpy(mediaInfo.dir, "transmit");
- ooAddMediaInfo(call, mediaInfo);
- strcpy(mediaInfo.dir, "receive");
- ooAddMediaInfo(call, mediaInfo);
+ ast_copy_string(mediaInfo.lMediaIP, lhost, sizeof(mediaInfo.lMediaIP));
+ mediaInfo.lMediaPort = atoi(lport);
+ mediaInfo.lMediaCntrlPort = mediaInfo.lMediaPort +1;
+ mediaInfo.cap = OO_T38;
+ strcpy(mediaInfo.dir, "transmit");
+ ooAddMediaInfo(call, mediaInfo);
+ strcpy(mediaInfo.dir, "receive");
+ ooAddMediaInfo(call, mediaInfo);
+ }
if (gH323Debug)
ast_verbose("+++ configure_local_rtp\n");
Modified: team/may/ooh323_ipv6/addons/ooh323c/src/ooSocket.c
URL: http://svnview.digium.com/svn/asterisk/team/may/ooh323_ipv6/addons/ooh323c/src/ooSocket.c?view=diff&rev=294120&r1=294119&r2=294120
==============================================================================
--- team/may/ooh323_ipv6/addons/ooh323c/src/ooSocket.c (original)
+++ team/may/ooh323_ipv6/addons/ooh323c/src/ooSocket.c Sat Nov 6 13:43:34 2010
@@ -330,7 +330,7 @@
if(ret != 0)
return ASN_E_INVSOCKET;
- host = ast_sockaddr_stringify_host(&addr);
+ host = ast_sockaddr_stringify_addr(&addr);
if(host && strlen(host) < (unsigned)len)
strcpy(ip, host);
@@ -355,9 +355,10 @@
}
int ooSocketAccept (OOSOCKET socket, OOSOCKET *pNewSocket,
- OOIPADDR* destAddr, int* destPort)
+ char* destAddr, int* destPort)
{
struct ast_sockaddr addr;
+ char* host = NULL;
if (socket == OOSOCKET_INVALID) return ASN_E_INVSOCKET;
if (pNewSocket == 0) return ASN_E_INVPARAM;
@@ -365,8 +366,10 @@
*pNewSocket = ast_accept (socket, &addr);
if (*pNewSocket <= 0) return ASN_E_INVSOCKET;
- if (destAddr != 0)
- *destAddr = addr;
+ if (destAddr != 0) {
+ if ((host = ast_sockaddr_stringify_addr(&addr)) != NULL);
+ strncpy(destAddr, host, strlen(host));
+ }
if (destPort != 0)
*destPort = ast_sockaddr_port(&addr);
Modified: team/may/ooh323_ipv6/addons/ooh323c/src/ooSocket.h
URL: http://svnview.digium.com/svn/asterisk/team/may/ooh323_ipv6/addons/ooh323c/src/ooSocket.h?view=diff&rev=294120&r1=294119&r2=294120
==============================================================================
--- team/may/ooh323_ipv6/addons/ooh323c/src/ooSocket.h (original)
+++ team/may/ooh323_ipv6/addons/ooh323c/src/ooSocket.h Sat Nov 6 13:43:34 2010
@@ -116,7 +116,7 @@
* negative return value is error.
*/
EXTERN int ooSocketAccept (OOSOCKET socket, OOSOCKET *pNewSocket,
- OOIPADDR* destAddr, int* destPort);
+ char* destAddr, int* destPort);
/**
* This function converts an IP address to its string representation.
Modified: team/may/ooh323_ipv6/addons/ooh323c/src/oochannels.c
URL: http://svnview.digium.com/svn/asterisk/team/may/ooh323_ipv6/addons/ooh323c/src/oochannels.c?view=diff&rev=294120&r1=294119&r2=294120
==============================================================================
--- team/may/ooh323_ipv6/addons/ooh323c/src/oochannels.c (original)
+++ team/may/ooh323_ipv6/addons/ooh323c/src/oochannels.c Sat Nov 6 13:43:34 2010
@@ -308,12 +308,12 @@
"(%s, %s)\n", call->callType, call->callToken);
/* If multihomed, get ip from socket */
- if(!strcmp(call->localIP, "0.0.0.0"))
+ if(!strcmp(call->localIP, "0.0.0.0") || !strcmp(call->localIP, "::"))
{
OOTRACEDBGA3("Determining IP address for outgoing call in "
"multihomed mode. (%s, %s)\n", call->callType,
call->callToken);
- ret = ooSocketGetIpAndPort(channelSocket, call->localIP, 20,
+ ret = ooSocketGetIpAndPort(channelSocket, call->localIP, 2+8*4+7,
&call->pH225Channel->port);
if(ret != ASN_OK)
{
@@ -407,9 +407,12 @@
OOH323CallData * call;
int ret;
char callToken[20];
+ char remoteIP[2+8*4+7];
OOSOCKET h225Channel=0;
+
+ memset(remoteIP, 0, sizeof(remoteIP));
ret = ooSocketAccept (*(gH323ep.listener), &h225Channel,
- NULL, NULL);
+ remoteIP, NULL);
if(ret != ASN_OK)
{
OOTRACEERR1("Error:Accepting h225 connection\n");
@@ -431,12 +434,12 @@
call->pH225Channel->sock = h225Channel;
/* If multihomed, get ip from socket */
- if(!strcmp(call->localIP, "0.0.0.0"))
+ if(!strcmp(call->localIP, "0.0.0.0") || !strcmp(call->localIP,"::"))
{
OOTRACEDBGA3("Determining IP address for incoming call in multihomed "
"mode (%s, %s)\n", call->callType, call->callToken);
- ret = ooSocketGetIpAndPort(h225Channel, call->localIP, 20,
+ ret = ooSocketGetIpAndPort(h225Channel, call->localIP, 2+8*4+7,
&call->pH225Channel->port);
if(ret != ASN_OK)
{
@@ -454,6 +457,10 @@
OOTRACEDBGA4("Using Local IP address %s for incoming call in multihomed "
"mode. (%s, %s)\n", call->localIP, call->callType,
call->callToken);
+ }
+
+ if (remoteIP[0]) {
+ strncpy(call->remoteIP, remoteIP, strlen(remoteIP));
}
ast_mutex_unlock(&call->Lock);
Modified: team/may/ooh323_ipv6/addons/ooh323c/src/ooh323.c
URL: http://svnview.digium.com/svn/asterisk/team/may/ooh323_ipv6/addons/ooh323c/src/ooh323.c?view=diff&rev=294120&r1=294119&r2=294120
==============================================================================
--- team/may/ooh323_ipv6/addons/ooh323c/src/ooh323.c (original)
+++ team/may/ooh323_ipv6/addons/ooh323c/src/ooh323.c Sat Nov 6 13:43:34 2010
@@ -357,6 +357,7 @@
H225TransportAddress_ip6Address_ip *ip6 = NULL;
Q931InformationElement* pDisplayIE=NULL;
OOAliases *pAlias=NULL;
+ char remoteIP[2+8*4+7];
call->callReference = q931Msg->callReference;
@@ -502,7 +503,7 @@
}
ip6 = &setup->sourceCallSignalAddress.u.ip6Address->ip;
- inet_ntop(AF_INET6, ip6->data, call->remoteIP, INET6_ADDRSTRLEN);
+ inet_ntop(AF_INET6, ip6->data, remoteIP, INET6_ADDRSTRLEN);
call->remotePort = setup->sourceCallSignalAddress.u.ip6Address->port;
} else {
if(setup->sourceCallSignalAddress.t != T_H225TransportAddress_ipAddress)
@@ -513,10 +514,16 @@
}
ip = &setup->sourceCallSignalAddress.u.ipAddress->ip;
- sprintf(call->remoteIP, "%d.%d.%d.%d", ip->data[0], ip->data[1],
+ sprintf(remoteIP, "%d.%d.%d.%d", ip->data[0], ip->data[1],
ip->data[2], ip->data[3]);
call->remotePort = setup->sourceCallSignalAddress.u.ipAddress->port;
}
+ }
+
+ if (strncmp(remoteIP, call->remoteIP, strlen(remoteIP))) {
+ OOTRACEERR5("ERROR: Security denial remote IP isn't a socket ip, %s not %s "
+ "(%s, %s)\n", remoteIP, call->remoteIP, call->callType,
+ call->callToken);
}
/* check for fast start */
Modified: team/may/ooh323_ipv6/addons/ooh323c/src/ooq931.c
URL: http://svnview.digium.com/svn/asterisk/team/may/ooh323_ipv6/addons/ooh323c/src/ooq931.c?view=diff&rev=294120&r1=294119&r2=294120
==============================================================================
--- team/may/ooh323_ipv6/addons/ooh323c/src/ooq931.c (original)
+++ team/may/ooh323_ipv6/addons/ooh323c/src/ooq931.c Sat Nov 6 13:43:34 2010
@@ -2304,7 +2304,16 @@
if(gH323ep.h323Callbacks.onOutgoingCall) {
/* Outgoing call callback function */
- gH323ep.h323Callbacks.onOutgoingCall(call);
+ if (gH323ep.h323Callbacks.onOutgoingCall(call) != OO_OK) {
+ OOTRACEERR3("ERROR:Failed to setup media to (%s,%d)\n",
+ call->callType, call->callToken);
+ if(call->callState< OO_CALL_CLEAR)
+ {
+ call->callState = OO_CALL_CLEAR;
+ call->callEndReason = OO_REASON_UNKNOWN;
+ }
+ return OO_FAILED;
+ }
}
ret = ooH323MakeCall_helper(call);
More information about the asterisk-commits
mailing list