diff options
author | russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> | 2009-09-04 13:56:09 +0000 |
---|---|---|
committer | russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> | 2009-09-04 13:56:09 +0000 |
commit | 3664c3d63e45d1f3ad18b4ba5c08d2ef65fd3f85 (patch) | |
tree | abb9232fc5e2257ce1dac8719bb75d3fd1e3c5de /channels | |
parent | 37138a3f30eb1d96c8e102fc3d0200ebdf23a80e (diff) |
Merged revisions 216368 via svnmerge from
https://origsvn.digium.com/svn/asterisk/trunk
........
r216368 | russell | 2009-09-04 08:14:25 -0500 (Fri, 04 Sep 2009) | 12 lines
Do not treat every SIP peer as if they were configured with insecure=port.
There was a problem in the function responsible for doing peer matching by
IP address and port number such that during the second pass for checking for
a peer configured with insecure=port, it would end up treating every peer as
if it had been configured that way. These changes fix the logic in the peer
IP and port comparison callback to handle insecure=port checking properly.
This problem was introduced when SIP peers were converted to astobj2. Many
thanks to dvossel for noticing this while working on another peer matching
issue.
........
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.6.1@216434 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'channels')
-rw-r--r-- | channels/chan_sip.c | 33 |
1 files changed, 25 insertions, 8 deletions
diff --git a/channels/chan_sip.c b/channels/chan_sip.c index c03477466..418336d19 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -1699,6 +1699,19 @@ static int peer_iphash_cb(const void *obj, const int flags) } /*! + * Match Peers by IP and Port number. + * + * This function has two modes. + * - If the peer arg does not have INSECURE_PORT set, then we will only return + * a match for a peer that matches both the IP and port. + * - If the peer arg does have the INSECURE_PORT flag set, then we will only + * return a match for a peer that matches the IP and has insecure=port + * in its configuration. + * + * This callback will be used twice when doing peer matching. There is a first + * pass for full IP+port matching, and a second pass in case there is a match + * that meets the insecure=port criteria. + * * \note the peer's addr struct provides to fields combined to make a key: the sin_addr.s_addr and sin_port fields. */ static int peer_ipcmp_cb(void *obj, void *arg, int flags) @@ -1706,18 +1719,22 @@ static int peer_ipcmp_cb(void *obj, void *arg, int flags) struct sip_peer *peer = obj, *peer2 = arg; if (peer->addr.sin_addr.s_addr != peer2->addr.sin_addr.s_addr) { + /* IP doesn't match */ return 0; } - - if (!ast_test_flag(&peer->flags[0], SIP_INSECURE_PORT) && !ast_test_flag(&peer2->flags[0], SIP_INSECURE_PORT)) { - if (peer->addr.sin_port == peer2->addr.sin_port) { - return CMP_MATCH | CMP_STOP; - } else { - return 0; - } + + /* We matched the IP, now check the port if appropriate. */ + + if (ast_test_flag(&peer2->flags[0], SIP_INSECURE_PORT)) { + /* We are allowing match without port for peers configured that + * way in this pass through the peers. */ + return ast_test_flag(&peer->flags[0], SIP_INSECURE_PORT) ? + (CMP_MATCH | CMP_STOP) : 0; } - return CMP_MATCH | CMP_STOP; + /* Only return a match if the port matches, as well. */ + + return peer->addr.sin_port == peer2->addr.sin_port ? (CMP_MATCH | CMP_STOP) : 0; } /*! |