<p>Joshua Colp has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.asterisk.org/7225">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">pjsip / hep: Provide correct local address for Websockets.<br><br>Previously for PJSIP the local address of WebSocket connections<br>was set to the remote address. For logging purposes this is<br>not particularly useful.<br><br>The WebSocket API has been extended to allow the local<br>address to be queried and this is used in PJSIP to set the<br>local address to the correct value.<br><br>The PJSIP HEP support has also been tweaked so that reliable<br>transports always use the local address on the transport<br>and do not try to (wrongly) guess. As they are connection<br>based it is impossible for the source to be anything else.<br><br>ASTERISK-26758<br>ASTERISK-27363<br><br>Change-Id: Icd305fd038ad755e2682ab2786e381f6bf29e8ca<br>---<br>M include/asterisk/http_websocket.h<br>M res/res_hep_pjsip.c<br>M res/res_http_websocket.c<br>M res/res_pjsip_transport_websocket.c<br>4 files changed, 98 insertions(+), 63 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/25/7225/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">diff --git a/include/asterisk/http_websocket.h b/include/asterisk/http_websocket.h<br>index cd49dbe..2180ef4 100644<br>--- a/include/asterisk/http_websocket.h<br>+++ b/include/asterisk/http_websocket.h<br>@@ -345,6 +345,15 @@<br> AST_OPTIONAL_API(struct ast_sockaddr *, ast_websocket_remote_address, (struct ast_websocket *session), {return NULL;});<br> <br> /*!<br>+ * \brief Get the local address for a WebSocket connection session.<br>+ *<br>+ * \retval ast_sockaddr Local address<br>+ *<br>+ * \since 13.19.0<br>+ */<br>+AST_OPTIONAL_API(struct ast_sockaddr *, ast_websocket_local_address, (struct ast_websocket *session), {return NULL;});<br>+<br>+/*!<br>  * \brief Get whether the WebSocket session is using a secure transport or not.<br>  *<br>  * \retval 0 if unsecure<br>diff --git a/res/res_hep_pjsip.c b/res/res_hep_pjsip.c<br>index 13efbfa..b5be4a1 100644<br>--- a/res/res_hep_pjsip.c<br>+++ b/res/res_hep_pjsip.c<br>@@ -89,35 +89,44 @@<br>       pjsip_cid_hdr *cid_hdr;<br>       pjsip_from_hdr *from_hdr;<br>     pjsip_to_hdr *to_hdr;<br>-        pjsip_tpmgr_fla2_param prm;<br> <br>        capture_info = hepv3_create_capture_info(tdata->buf.start, (size_t)(tdata->buf.cur - tdata->buf.start));<br>     if (!capture_info) {<br>          return PJ_SUCCESS;<br>    }<br> <br>- /* Attempt to determine what IP address will we send this packet out of */<br>-   pjsip_tpmgr_fla2_param_default(&prm);<br>-    prm.tp_type = tdata->tp_info.transport->key.type;<br>-      pj_strset2(&prm.dst_host, tdata->tp_info.dst_name);<br>-   prm.local_if = PJ_TRUE;<br>+      if (!(tdata->tp_info.transport->flag & PJSIP_TRANSPORT_RELIABLE)) {<br>+                pjsip_tpmgr_fla2_param prm;<br> <br>-       /* If we can't get the local address use what we have already */<br>- if (pjsip_tpmgr_find_local_addr2(pjsip_endpt_get_tpmgr(ast_sip_get_pjsip_endpoint()), tdata->pool, &prm) != PJ_SUCCESS) {<br>-             pj_sockaddr_print(&tdata->tp_info.transport->local_addr, local_buf, sizeof(local_buf), 3);<br>- } else {<br>-             if (prm.tp_type & PJSIP_TRANSPORT_IPV6) {<br>-                        snprintf(local_buf, sizeof(local_buf), "[%.*s]:%hu",<br>-                               (int)pj_strlen(&prm.ret_addr),<br>-                           pj_strbuf(&prm.ret_addr),<br>-                                prm.ret_port);<br>+               /* Attempt to determine what IP address will we send this packet out of */<br>+           pjsip_tpmgr_fla2_param_default(&prm);<br>+            prm.tp_type = tdata->tp_info.transport->key.type;<br>+              pj_strset2(&prm.dst_host, tdata->tp_info.dst_name);<br>+           prm.local_if = PJ_TRUE;<br>+<br>+           /* If we can't get the local address use what we have already */<br>+         if (pjsip_tpmgr_find_local_addr2(pjsip_endpt_get_tpmgr(ast_sip_get_pjsip_endpoint()), tdata->pool, &prm) != PJ_SUCCESS) {<br>+                     pj_sockaddr_print(&tdata->tp_info.transport->local_addr, local_buf, sizeof(local_buf), 3);<br>          } else {<br>-                     snprintf(local_buf, sizeof(local_buf), "%.*s:%hu",<br>-                         (int)pj_strlen(&prm.ret_addr),<br>-                           pj_strbuf(&prm.ret_addr),<br>-                                prm.ret_port);<br>+                       if (prm.tp_type & PJSIP_TRANSPORT_IPV6) {<br>+                                snprintf(local_buf, sizeof(local_buf), "[%.*s]:%hu",<br>+                                       (int)pj_strlen(&prm.ret_addr),<br>+                                   pj_strbuf(&prm.ret_addr),<br>+                                        prm.ret_port);<br>+                       } else {<br>+                             snprintf(local_buf, sizeof(local_buf), "%.*s:%hu",<br>+                                 (int)pj_strlen(&prm.ret_addr),<br>+                                   pj_strbuf(&prm.ret_addr),<br>+                                        prm.ret_port);<br>+                       }<br>             }<br>+    } else {<br>+             /* For reliable transports they can only ever come from the transport<br>+                 * local address.<br>+             */<br>+          pj_sockaddr_print(&tdata->tp_info.transport->local_addr, local_buf, sizeof(local_buf), 3);<br>  }<br>+<br>  pj_sockaddr_print(&tdata->tp_info.dst_addr, remote_buf, sizeof(remote_buf), 3);<br> <br>     cid_hdr = PJSIP_MSG_CID_HDR(tdata->msg);<br>@@ -150,7 +159,6 @@<br>      char remote_buf[256];<br>         char *uuid;<br>   struct hepv3_capture_info *capture_info;<br>-     pjsip_tpmgr_fla2_param prm;<br> <br>        capture_info = hepv3_create_capture_info(&rdata->pkt_info.packet, rdata->pkt_info.len);<br>     if (!capture_info) {<br>@@ -162,27 +170,33 @@<br>   }<br>     pj_sockaddr_print(&rdata->pkt_info.src_addr, remote_buf, sizeof(remote_buf), 3);<br> <br>-   /* Attempt to determine what IP address we probably received this packet on */<br>-       pjsip_tpmgr_fla2_param_default(&prm);<br>-    prm.tp_type = rdata->tp_info.transport->key.type;<br>-      pj_strset2(&prm.dst_host, rdata->pkt_info.src_name);<br>-  prm.local_if = PJ_TRUE;<br>+      if (!(rdata->tp_info.transport->flag & PJSIP_TRANSPORT_RELIABLE)) {<br>+                pjsip_tpmgr_fla2_param prm;<br> <br>-       /* If we can't get the local address use what we have already */<br>- if (pjsip_tpmgr_find_local_addr2(pjsip_endpt_get_tpmgr(ast_sip_get_pjsip_endpoint()), rdata->tp_info.pool, &prm) != PJ_SUCCESS) {<br>-             pj_sockaddr_print(&rdata->tp_info.transport->local_addr, local_buf, sizeof(local_buf), 3);<br>- } else {<br>-             if (prm.tp_type & PJSIP_TRANSPORT_IPV6) {<br>-                        snprintf(local_buf, sizeof(local_buf), "[%.*s]:%hu",<br>-                               (int)pj_strlen(&prm.ret_addr),<br>-                           pj_strbuf(&prm.ret_addr),<br>-                                prm.ret_port);<br>+               /* Attempt to determine what IP address we probably received this packet on */<br>+               pjsip_tpmgr_fla2_param_default(&prm);<br>+            prm.tp_type = rdata->tp_info.transport->key.type;<br>+              pj_strset2(&prm.dst_host, rdata->pkt_info.src_name);<br>+          prm.local_if = PJ_TRUE;<br>+<br>+           /* If we can't get the local address use what we have already */<br>+         if (pjsip_tpmgr_find_local_addr2(pjsip_endpt_get_tpmgr(ast_sip_get_pjsip_endpoint()), rdata->tp_info.pool, &prm) != PJ_SUCCESS) {<br>+                     pj_sockaddr_print(&rdata->tp_info.transport->local_addr, local_buf, sizeof(local_buf), 3);<br>          } else {<br>-                     snprintf(local_buf, sizeof(local_buf), "%.*s:%hu",<br>-                         (int)pj_strlen(&prm.ret_addr),<br>-                           pj_strbuf(&prm.ret_addr),<br>-                                prm.ret_port);<br>+                       if (prm.tp_type & PJSIP_TRANSPORT_IPV6) {<br>+                                snprintf(local_buf, sizeof(local_buf), "[%.*s]:%hu",<br>+                                       (int)pj_strlen(&prm.ret_addr),<br>+                                   pj_strbuf(&prm.ret_addr),<br>+                                        prm.ret_port);<br>+                       } else {<br>+                             snprintf(local_buf, sizeof(local_buf), "%.*s:%hu",<br>+                                 (int)pj_strlen(&prm.ret_addr),<br>+                                   pj_strbuf(&prm.ret_addr),<br>+                                        prm.ret_port);<br>+                       }<br>             }<br>+    } else {<br>+             pj_sockaddr_print(&rdata->tp_info.transport->local_addr, local_buf, sizeof(local_buf), 3);<br>  }<br> <br>  uuid = assign_uuid(&rdata->msg_info.cid->id, &rdata->msg_info.to->tag, &rdata->msg_info.from->tag);<br>diff --git a/res/res_http_websocket.c b/res/res_http_websocket.c<br>index 8e9aae9..c1f9a29 100644<br>--- a/res/res_http_websocket.c<br>+++ b/res/res_http_websocket.c<br>@@ -86,18 +86,19 @@<br> <br> /*! \brief Structure definition for session */<br> struct ast_websocket {<br>- struct ast_iostream *stream;       /*!< iostream of the connection */<br>-     struct ast_sockaddr address;       /*!< Address of the remote client */<br>-   enum ast_websocket_opcode opcode;  /*!< Cached opcode for multi-frame messages */<br>- size_t payload_len;                /*!< Length of the payload */<br>-  char *payload;                     /*!< Pointer to the payload */<br>- size_t reconstruct;                /*!< Number of bytes before a reconstructed payload will be returned and a new one started */<br>-  int timeout;                       /*!< The timeout for operations on the socket */<br>-       unsigned int secure:1;             /*!< Bit to indicate that the transport is secure */<br>-   unsigned int closing:1;            /*!< Bit to indicate that the session is in the process of being closed */<br>-     unsigned int close_sent:1;         /*!< Bit to indicate that the session close opcode has been sent and no further data will be sent */<br>-   struct websocket_client *client;   /*!< Client object when connected as a client websocket */<br>-     char session_id[AST_UUID_STR_LEN]; /*!< The identifier for the websocket session */<br>+       struct ast_iostream *stream;        /*!< iostream of the connection */<br>+    struct ast_sockaddr remote_address; /*!< Address of the remote client */<br>+  struct ast_sockaddr local_address;  /*!< Our local address */<br>+     enum ast_websocket_opcode opcode;   /*!< Cached opcode for multi-frame messages */<br>+        size_t payload_len;                 /*!< Length of the payload */<br>+ char *payload;                      /*!< Pointer to the payload */<br>+        size_t reconstruct;                 /*!< Number of bytes before a reconstructed payload will be returned and a new one started */<br>+ int timeout;                        /*!< The timeout for operations on the socket */<br>+      unsigned int secure:1;              /*!< Bit to indicate that the transport is secure */<br>+  unsigned int closing:1;             /*!< Bit to indicate that the session is in the process of being closed */<br>+    unsigned int close_sent:1;          /*!< Bit to indicate that the session close opcode has been sent and no further data will be sent */<br>+  struct websocket_client *client;    /*!< Client object when connected as a client websocket */<br>+    char session_id[AST_UUID_STR_LEN];  /*!< The identifier for the websocket session */<br> };<br> <br> /*! \brief Hashing function for protocols */<br>@@ -183,7 +184,7 @@<br>                   ast_iostream_close(session->stream);<br>                       session->stream = NULL;<br>                    ast_verb(2, "WebSocket connection %s '%s' closed\n", session->client ? "to" : "from",<br>-                               ast_sockaddr_stringify(&session->address));<br>+                           ast_sockaddr_stringify(&session->remote_address));<br>             }<br>     }<br> <br>@@ -318,7 +319,7 @@<br>             ast_iostream_close(session->stream);<br>               session->stream = NULL;<br>            ast_verb(2, "WebSocket connection %s '%s' forcefully closed due to fatal write error\n",<br>-                   session->client ? "to" : "from", ast_sockaddr_stringify(&session->address));<br>+                   session->client ? "to" : "from", ast_sockaddr_stringify(&session->remote_address));<br>     }<br> <br>  ao2_unlock(session);<br>@@ -432,7 +433,12 @@<br> <br> struct ast_sockaddr * AST_OPTIONAL_API_NAME(ast_websocket_remote_address)(struct ast_websocket *session)<br> {<br>- return &session->address;<br>+     return &session->remote_address;<br>+}<br>+<br>+struct ast_sockaddr * AST_OPTIONAL_API_NAME(ast_websocket_local_address)(struct ast_websocket *session)<br>+{<br>+ return &session->local_address;<br> }<br> <br> int AST_OPTIONAL_API_NAME(ast_websocket_is_secure)(struct ast_websocket *session)<br>@@ -899,11 +905,21 @@<br>              return 0;<br>     }<br> <br>+ /* Get our local address for the connected socket */<br>+ if (ast_getsockname(ast_iostream_get_fd(ser->stream), &session->local_address)) {<br>+          ast_log(LOG_WARNING, "WebSocket connection from '%s' could not be accepted - failed to get local address\n",<br>+                       ast_sockaddr_stringify(&ser->remote_address));<br>+                websocket_bad_request(ser);<br>+          ao2_ref(session, -1);<br>+                ao2_ref(protocol_handler, -1);<br>+               return 0;<br>+    }<br>+<br>  ast_verb(2, "WebSocket connection from '%s' for protocol '%s' accepted using version '%d'\n", ast_sockaddr_stringify(&ser->remote_address), protocol ? : "", version);<br> <br>  /* Populate the session with all the needed details */<br>        session->stream = ser->stream;<br>- ast_sockaddr_copy(&session->address, &ser->remote_address);<br>+    ast_sockaddr_copy(&session->remote_address, &ser->remote_address);<br>      session->opcode = -1;<br>      session->reconstruct = DEFAULT_RECONSTRUCTION_CEILING;<br>     session->secure = ast_iostream_get_ssl(ser->stream) ? 1 : 0;<br>@@ -1357,7 +1373,7 @@<br>     ws->stream = ws->client->ser->stream;<br>     ws->secure = ast_iostream_get_ssl(ws->stream) ? 1 : 0;<br>  ws->client->ser->stream = NULL;<br>-     ast_sockaddr_copy(&ws->address, &ws->client->ser->remote_address);<br>+       ast_sockaddr_copy(&ws->remote_address, &ws->client->ser->remote_address);<br>         return WS_OK;<br> }<br> <br>diff --git a/res/res_pjsip_transport_websocket.c b/res/res_pjsip_transport_websocket.c<br>index 22ec195..b5b6a3e 100644<br>--- a/res/res_pjsip_transport_websocket.c<br>+++ b/res/res_pjsip_transport_websocket.c<br>@@ -206,20 +206,16 @@<br>      pj_sockaddr_parse(pj_AF_UNSPEC(), 0, pj_cstr(&buf, ws_addr_str), &newtransport->transport.key.rem_addr);<br>   if (newtransport->transport.key.rem_addr.addr.sa_family == pj_AF_INET6()) {<br>                newtransport->transport.key.type = transport_type_wss_ipv6;<br>-               newtransport->transport.local_name.host.ptr = (char *)pj_pool_alloc(pool, PJ_INET6_ADDRSTRLEN);<br>-           pj_sockaddr_print(&newtransport->transport.key.rem_addr, newtransport->transport.local_name.host.ptr, PJ_INET6_ADDRSTRLEN, 0);<br>      } else {<br>              newtransport->transport.key.type = transport_type_wss;<br>-            newtransport->transport.local_name.host.ptr = (char *)pj_pool_alloc(pool, PJ_INET_ADDRSTRLEN);<br>-            pj_sockaddr_print(&newtransport->transport.key.rem_addr, newtransport->transport.local_name.host.ptr, PJ_INET_ADDRSTRLEN, 0);<br>       }<br> <br>  newtransport->transport.addr_len = pj_sockaddr_get_len(&newtransport->transport.key.rem_addr);<br> <br>-  pj_sockaddr_cp(&newtransport->transport.local_addr, &newtransport->transport.key.rem_addr);<br>-<br>- newtransport->transport.local_name.host.slen = pj_ansi_strlen(newtransport->transport.local_name.host.ptr);<br>-    newtransport->transport.local_name.port = pj_sockaddr_get_port(&newtransport->transport.key.rem_addr);<br>+     ws_addr_str = ast_sockaddr_stringify(ast_websocket_local_address(newtransport->ws_session));<br>+      pj_sockaddr_parse(pj_AF_UNSPEC(), 0, pj_cstr(&buf, ws_addr_str), &newtransport->transport.local_addr);<br>+    pj_strdup2(pool, &newtransport->transport.local_name.host, ast_sockaddr_stringify_host(ast_websocket_local_address(newtransport->ws_session)));<br>+    newtransport->transport.local_name.port = ast_sockaddr_port(ast_websocket_local_address(newtransport->ws_session));<br> <br>  newtransport->transport.flag = pjsip_transport_get_flag_from_type((pjsip_transport_type_e)newtransport->transport.key.type);<br>    newtransport->transport.info = (char *)pj_pool_alloc(newtransport->transport.pool, 64);<br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/7225">change 7225</a>. To unsubscribe, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/7225"/><meta itemprop="name" content="View Change"/></div></div>

<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>
<div style="display:none"> Gerrit-Change-Id: Icd305fd038ad755e2682ab2786e381f6bf29e8ca </div>
<div style="display:none"> Gerrit-Change-Number: 7225 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Joshua Colp <jcolp@digium.com> </div>