[asterisk-dev] [Code Review] Make ACLs IPv6-capable, take 2.
Simon Perreault
simon.perreault at viagenie.ca
Fri Jul 16 13:14:55 CDT 2010
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/791/#review2412
-----------------------------------------------------------
Ship it!
/trunk/configs/sip.conf.sample
<https://reviewboard.asterisk.org/r/791/#comment5303>
Try to use a global scope address instead of a link-local address. Since link-local addresses are usually seen with a scope ID (e.g. "%eth0" suffix), this example might be confusing.
The prefix 2001:db8::/32 was reserved explicitly for this kind of usage. See RFC 3849.
- Simon
On 2010-07-16 12:56:50, Mark Michelson wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/791/
> -----------------------------------------------------------
>
> (Updated 2010-07-16 12:56:50)
>
>
> Review request for Asterisk Developers.
>
>
> Summary
> -------
>
> This change allows for IPv6 ACLs to be used in Asterisk.
>
> ACLs are classified either as being IPv4 or IPv6 based on the network address in the ACL. The distinction means that if an ACL is created that specifies a rule regarding an IPv4 network, it will not be applied to an IPv6 address and vice-versa.
>
> If someone specifies an IPv4-mapped IPv6 address in an ACL, we will convert this to be an IPv4 address and issue a NOTICE alerting them of the change. In order to do such a conversion, I had to make the ast_sockaddr_ipv4_mapped() function in main/netsock2.c public.
>
>
> Diffs
> -----
>
> /trunk/channels/chan_iax2.c 276530
> /trunk/channels/chan_sip.c 276570
> /trunk/channels/chan_skinny.c 276530
> /trunk/configs/sip.conf.sample 276530
> /trunk/include/asterisk/acl.h 276530
> /trunk/include/asterisk/netsock2.h 276530
> /trunk/main/acl.c 276570
> /trunk/main/manager.c 276530
> /trunk/main/netsock2.c 276530
> /trunk/tests/test_acl.c 276530
>
> Diff: https://reviewboard.asterisk.org/r/791/diff
>
>
> Testing
> -------
>
> I have added tests to the invalid_acl and acl tests in tests/test_acl.c. They all pass as expected. I also ran the tests under valgrind and ensured there were no inappropriate memory accesses occurring.
>
>
> Thanks,
>
> Mark
>
>
More information about the asterisk-dev
mailing list