[asterisk-dev] [Code Review] Make ACLs IPv6-capable, take 2.

Simon Perreault simon.perreault at viagenie.ca
Fri Jul 16 13:14:55 CDT 2010


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/791/#review2412
-----------------------------------------------------------

Ship it!



/trunk/configs/sip.conf.sample
<https://reviewboard.asterisk.org/r/791/#comment5303>

    Try to use a global scope address instead of a link-local address. Since link-local addresses are usually seen with a scope ID (e.g. "%eth0" suffix), this example might be confusing.
    
    The prefix 2001:db8::/32 was reserved explicitly for this kind of usage. See RFC 3849.


- Simon


On 2010-07-16 12:56:50, Mark Michelson wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/791/
> -----------------------------------------------------------
> 
> (Updated 2010-07-16 12:56:50)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Summary
> -------
> 
> This change allows for IPv6 ACLs to be used in Asterisk.
> 
> ACLs are classified either as being IPv4 or IPv6 based on the network address in the ACL. The distinction means that if an ACL is created that specifies a rule regarding an IPv4 network, it will not be applied to an IPv6 address and vice-versa.
> 
> If someone specifies an IPv4-mapped IPv6 address in an ACL, we will convert this to be an IPv4 address and issue a NOTICE alerting them of the change. In order to do such a conversion, I had to make the ast_sockaddr_ipv4_mapped() function in main/netsock2.c public.
> 
> 
> Diffs
> -----
> 
>   /trunk/channels/chan_iax2.c 276530 
>   /trunk/channels/chan_sip.c 276570 
>   /trunk/channels/chan_skinny.c 276530 
>   /trunk/configs/sip.conf.sample 276530 
>   /trunk/include/asterisk/acl.h 276530 
>   /trunk/include/asterisk/netsock2.h 276530 
>   /trunk/main/acl.c 276570 
>   /trunk/main/manager.c 276530 
>   /trunk/main/netsock2.c 276530 
>   /trunk/tests/test_acl.c 276530 
> 
> Diff: https://reviewboard.asterisk.org/r/791/diff
> 
> 
> Testing
> -------
> 
> I have added tests to the invalid_acl and acl tests in tests/test_acl.c. They all pass as expected. I also ran the tests under valgrind and ensured there were no inappropriate memory accesses occurring.
> 
> 
> Thanks,
> 
> Mark
> 
>




More information about the asterisk-dev mailing list