[asterisk-dev] [Code Review] Make ACLs IPv6-capable, take 2.
Mark Michelson
mmichelson at digium.com
Fri Jul 16 16:32:44 CDT 2010
> On 2010-07-16 13:14:55, Simon Perreault wrote:
> > /trunk/configs/sip.conf.sample, line 1231
> > <https://reviewboard.asterisk.org/r/791/diff/2/?file=11633#file11633line1231>
> >
> > Try to use a global scope address instead of a link-local address. Since link-local addresses are usually seen with a scope ID (e.g. "%eth0" suffix), this example might be confusing.
> >
> > The prefix 2001:db8::/32 was reserved explicitly for this kind of usage. See RFC 3849.
Done! Thanks for the review.
- Mark
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/791/#review2412
-----------------------------------------------------------
On 2010-07-16 12:56:50, Mark Michelson wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/791/
> -----------------------------------------------------------
>
> (Updated 2010-07-16 12:56:50)
>
>
> Review request for Asterisk Developers.
>
>
> Summary
> -------
>
> This change allows for IPv6 ACLs to be used in Asterisk.
>
> ACLs are classified either as being IPv4 or IPv6 based on the network address in the ACL. The distinction means that if an ACL is created that specifies a rule regarding an IPv4 network, it will not be applied to an IPv6 address and vice-versa.
>
> If someone specifies an IPv4-mapped IPv6 address in an ACL, we will convert this to be an IPv4 address and issue a NOTICE alerting them of the change. In order to do such a conversion, I had to make the ast_sockaddr_ipv4_mapped() function in main/netsock2.c public.
>
>
> Diffs
> -----
>
> /trunk/channels/chan_iax2.c 276530
> /trunk/channels/chan_sip.c 276570
> /trunk/channels/chan_skinny.c 276530
> /trunk/configs/sip.conf.sample 276530
> /trunk/include/asterisk/acl.h 276530
> /trunk/include/asterisk/netsock2.h 276530
> /trunk/main/acl.c 276570
> /trunk/main/manager.c 276530
> /trunk/main/netsock2.c 276530
> /trunk/tests/test_acl.c 276530
>
> Diff: https://reviewboard.asterisk.org/r/791/diff
>
>
> Testing
> -------
>
> I have added tests to the invalid_acl and acl tests in tests/test_acl.c. They all pass as expected. I also ran the tests under valgrind and ensured there were no inappropriate memory accesses occurring.
>
>
> Thanks,
>
> Mark
>
>
More information about the asterisk-dev
mailing list