[asterisk-dev] [Code Review] Make ACLs IPv6-capable, take 2.

Simon Perreault simon.perreault at viagenie.ca
Fri Jul 16 07:32:44 CDT 2010 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/791/#review2407
-----------------------------------------------------------


Overall, the design is exactly what I would expect. Good job! Only thing that prevents me from ticking the "Ship it" checkbox is the presence of the "is_ipv4" member.


/trunk/include/asterisk/acl.h
<https://reviewboard.asterisk.org/r/791/#comment5292>

    Why do you need the "is_ipv4" member? Can't you just call ast_sockaddr_is_ipv4(&ha->addr)?



/trunk/include/asterisk/acl.h
<https://reviewboard.asterisk.org/r/791/#comment5293>

    While we are here, couldn't both of these parameters be made const?



/trunk/main/acl.c
<https://reviewboard.asterisk.org/r/791/#comment5294>

    Couldn't addr and netmask be made const?



/trunk/main/acl.c
<https://reviewboard.asterisk.org/r/791/#comment5295>

    Do not assume that it's IPv6 if it's not IPv4. Check, and also add an else clause.



/trunk/main/acl.c
<https://reviewboard.asterisk.org/r/791/#comment5296>

    For bonus points, use a single 128-bit SSE2 operation. ;)


- Simon


On 2010-07-15 16:31:07, Mark Michelson wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/791/
> -----------------------------------------------------------
> 
> (Updated 2010-07-15 16:31:07)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Summary
> -------
> 
> This change allows for IPv6 ACLs to be used in Asterisk.
> 
> ACLs are classified either as being IPv4 or IPv6 based on the network address in the ACL. The distinction means that if an ACL is created that specifies a rule regarding an IPv4 network, it will not be applied to an IPv6 address and vice-versa.
> 
> If someone specifies an IPv4-mapped IPv6 address in an ACL, we will convert this to be an IPv4 address and issue a NOTICE alerting them of the change. In order to do such a conversion, I had to make the ast_sockaddr_ipv4_mapped() function in main/netsock2.c public.
> 
> 
> Diffs
> -----
> 
>   /trunk/channels/chan_iax2.c 276530 
>   /trunk/channels/chan_sip.c 276570 
>   /trunk/channels/chan_skinny.c 276530 
>   /trunk/include/asterisk/acl.h 276530 
>   /trunk/include/asterisk/netsock2.h 276530 
>   /trunk/main/acl.c 276570 
>   /trunk/main/manager.c 276530 
>   /trunk/main/netsock2.c 276530 
>   /trunk/tests/test_acl.c 276530 
> 
> Diff: https://reviewboard.asterisk.org/r/791/diff
> 
> 
> Testing
> -------
> 
> I have added tests to the invalid_acl and acl tests in tests/test_acl.c. They all pass as expected. I also ran the tests under valgrind and ensured there were no inappropriate memory accesses occurring.
> 
> 
> Thanks,
> 
> Mark
> 
>

More information about the asterisk-dev mailing list