[asterisk-dev] [Code Review] Make ACLs IPv6-capable
Olle E. Johansson
oej at edvina.net
Thu Jul 15 03:00:25 CDT 2010
>
> -------
>
> A recent change to Asterisk made Asterisk IPv6 ready and made SIP and RTP IPv6-capable. In order to have a more complete conversion to IPv6 in chan_sip, I felt that ACLs should be capable of handling IPv6 addresses, too. The main meat of this code is in main/acl.c. The rest of the changes are just to comply with the changed API in include/asterisk/acl.h.
>
> The approach taken here was to use only IPv6 addresses in ACLs. If an IPv6 ACL is specified in a config file, then it is translated into an IPv4-mapped IPv6 address. The main reason for doing this was to have a uniform approach for applying a netmask to a given address.
>
While this may be clever, it will be much harder separating IPv4 and IPv6 addresses. If I want to deny all IPv4 but not IPv6 the syntax will be hard to find out, even though it's possible for IPv4. I can't figure out how you deny all IPv6 addresses this way. We might want to explore adding prefixes just to make the configuration easier to handle and read.
deny=ipv4,0.0.0.0
deny=ipv6,0::0 ; Just deny all IPv6, but allow IPv4
/O
More information about the asterisk-dev
mailing list