int ooSocketGetIpAndPort(OOSOCKET socket, char *ip, int len, int *port, int *family)
{
int ret=ASN_OK;
struct ast_sockaddr addr;
const char *host=NULL;
ret = ast_getsockname(socket, &addr);
if(ret != 0)
return ASN_E_INVSOCKET;
host = ast_sockaddr_stringify_addr(&addr);
if(host && strlen(host) < (unsigned)len)
strcpy(ip, host);
else{
OOTRACEERR1("Error:Insufficient buffer for ip address - "
"ooSocketGetIpAndPort\n");
return -1;
}
*port = ast_sockaddr_port(&addr);
if (family) {
if (ast_sockaddr_is_ipv6(&addr) && !ast_sockaddr_is_ipv4_mapped(&addr))
*family = 6;
else
*family = 4;
}
return ASN_OK;
}
struct ast_tcptls_session_instance *ast_tcptls_client_create(struct ast_tcptls_session_args *desc)
{
int x = 1;
struct ast_tcptls_session_instance *tcptls_session = NULL;
/* Do nothing if nothing has changed */
if (!ast_sockaddr_cmp(&desc->old_address, &desc->remote_address)) {
ast_debug(1, "Nothing changed in %s\n", desc->name);
return NULL;
}
/* If we return early, there is no connection */
ast_sockaddr_setnull(&desc->old_address);
if (desc->accept_fd != -1)
close(desc->accept_fd);
desc->accept_fd = socket(ast_sockaddr_is_ipv6(&desc->remote_address) ?
AF_INET6 : AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (desc->accept_fd < 0) {
ast_log(LOG_WARNING, "Unable to allocate socket for %s: %s\n",
desc->name, strerror(errno));
return NULL;
}
/* if a local address was specified, bind to it so the connection will
originate from the desired address */
if (!ast_sockaddr_isnull(&desc->local_address)) {
setsockopt(desc->accept_fd, SOL_SOCKET, SO_REUSEADDR, &x, sizeof(x));
if (ast_bind(desc->accept_fd, &desc->local_address)) {
ast_log(LOG_ERROR, "Unable to bind %s to %s: %s\n",
desc->name,
ast_sockaddr_stringify(&desc->local_address),
strerror(errno));
goto error;
}
}
if (!(tcptls_session = ao2_alloc(sizeof(*tcptls_session), session_instance_destructor)))
goto error;
ast_mutex_init(&tcptls_session->lock);
tcptls_session->client = 1;
tcptls_session->fd = desc->accept_fd;
tcptls_session->parent = desc;
tcptls_session->parent->worker_fn = NULL;
ast_sockaddr_copy(&tcptls_session->remote_address,
&desc->remote_address);
/* Set current info */
ast_sockaddr_copy(&desc->old_address, &desc->remote_address);
return tcptls_session;
error:
close(desc->accept_fd);
desc->accept_fd = -1;
if (tcptls_session)
ao2_ref(tcptls_session, -1);
return NULL;
}
int ast_set_qos(int sockfd, int tos, int cos, const char *desc)
{
int res = 0;
int set_tos;
int set_tclass;
struct ast_sockaddr addr;
/* If the sock address is IPv6, the TCLASS field must be set. */
set_tclass = !ast_getsockname(sockfd, &addr) && ast_sockaddr_is_ipv6(&addr) ? 1 : 0;
/* If the the sock address is IPv4 or (IPv6 set to any address [::]) set TOS bits */
set_tos = (!set_tclass || (set_tclass && ast_sockaddr_is_any(&addr))) ? 1 : 0;
if (set_tos) {
if ((res = setsockopt(sockfd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos)))) {
ast_log(LOG_WARNING, "Unable to set %s DSCP TOS value to %d (may be you have no "
"root privileges): %s\n", desc, tos, strerror(errno));
} else if (tos) {
ast_verb(2, "Using %s TOS bits %d\n", desc, tos);
}
}
#if defined(IPV6_TCLASS) && defined(IPPROTO_IPV6)
if (set_tclass) {
if (!ast_getsockname(sockfd, &addr) && ast_sockaddr_is_ipv6(&addr)) {
if ((res = setsockopt(sockfd, IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos)))) {
ast_log(LOG_WARNING, "Unable to set %s DSCP TCLASS field to %d (may be you have no "
"root privileges): %s\n", desc, tos, strerror(errno));
} else if (tos) {
ast_verb(2, "Using %s TOS bits %d in TCLASS field.\n", desc, tos);
}
}
}
#endif
#ifdef linux
if (setsockopt(sockfd, SOL_SOCKET, SO_PRIORITY, &cos, sizeof(cos))) {
ast_log(LOG_WARNING, "Unable to set %s CoS to %d: %s\n", desc, cos,
strerror(errno));
} else if (cos) {
ast_verb(2, "Using %s CoS mark %d\n", desc, cos);
}
#endif
return res;
}
/*! \brief Function which negotiates an incoming media stream */
static int negotiate_incoming_sdp_stream(struct ast_sip_session *session, struct ast_sip_session_media *session_media,
const struct pjmedia_sdp_session *sdp, const struct pjmedia_sdp_media *stream)
{
char host[NI_MAXHOST];
RAII_VAR(struct ast_sockaddr *, addrs, NULL, ast_free_ptr);
enum ast_format_type media_type = stream_to_media_type(session_media->stream_type);
/* If no type formats have been configured reject this stream */
if (!ast_format_cap_has_type(session->endpoint->media.codecs, media_type)) {
return 0;
}
/* Ensure incoming transport is compatible with the endpoint's configuration */
if (!session->endpoint->media.rtp.use_received_transport &&
check_endpoint_media_transport(session->endpoint, stream) == AST_SIP_MEDIA_TRANSPORT_INVALID) {
return -1;
}
ast_copy_pj_str(host, stream->conn ? &stream->conn->addr : &sdp->conn->addr, sizeof(host));
/* Ensure that the address provided is valid */
if (ast_sockaddr_resolve(&addrs, host, PARSE_PORT_FORBID, AST_AF_UNSPEC) <= 0) {
/* The provided host was actually invalid so we error out this negotiation */
return -1;
}
/* Using the connection information create an appropriate RTP instance */
if (!session_media->rtp && create_rtp(session, session_media, ast_sockaddr_is_ipv6(addrs))) {
return -1;
}
if (session->endpoint->media.rtp.use_received_transport) {
pj_strdup(session->inv_session->pool, &session_media->transport, &stream->desc.transport);
}
if (setup_media_encryption(session, session_media, stream)) {
return -1;
}
if (set_caps(session, session_media, stream)) {
return -1;
}
if (media_type == AST_FORMAT_TYPE_AUDIO) {
apply_packetization(session, session_media, stream);
}
return 1;
}
/*! \brief Function which negotiates an incoming media stream */
static int negotiate_incoming_sdp_stream(struct ast_sip_session *session, struct ast_sip_session_media *session_media,
const struct pjmedia_sdp_session *sdp, const struct pjmedia_sdp_media *stream)
{
struct t38_state *state;
char host[NI_MAXHOST];
RAII_VAR(struct ast_sockaddr *, addrs, NULL, ast_free);
if (!session->endpoint->media.t38.enabled) {
ast_debug(3, "Declining; T.38 not enabled on session\n");
return -1;
}
if (!(state = t38_state_get_or_alloc(session))) {
return -1;
}
if ((session->t38state == T38_REJECTED) || (session->t38state == T38_DISABLED)) {
ast_debug(3, "Declining; T.38 state is rejected or declined\n");
t38_change_state(session, session_media, state, T38_DISABLED);
return -1;
}
ast_copy_pj_str(host, stream->conn ? &stream->conn->addr : &sdp->conn->addr, sizeof(host));
/* Ensure that the address provided is valid */
if (ast_sockaddr_resolve(&addrs, host, PARSE_PORT_FORBID, AST_AF_INET) <= 0) {
/* The provided host was actually invalid so we error out this negotiation */
ast_debug(3, "Declining; provided host is invalid\n");
return -1;
}
/* Check the address family to make sure it matches configured */
if ((ast_sockaddr_is_ipv6(addrs) && !session->endpoint->media.t38.ipv6) ||
(ast_sockaddr_is_ipv4(addrs) && session->endpoint->media.t38.ipv6)) {
/* The address does not match configured */
ast_debug(3, "Declining, provided host does not match configured address family\n");
return -1;
}
return 1;
}
int ast_sockaddr_is_any(const struct ast_sockaddr *addr)
{
union {
struct sockaddr_storage ss;
struct sockaddr_in sin;
struct sockaddr_in6 sin6;
} tmp_addr = {
.ss = addr->ss,
};
return (ast_sockaddr_is_ipv4(addr) && (tmp_addr.sin.sin_addr.s_addr == INADDR_ANY)) ||
(ast_sockaddr_is_ipv6(addr) && IN6_IS_ADDR_UNSPECIFIED(&tmp_addr.sin6.sin6_addr));
}
int ast_sockaddr_hash(const struct ast_sockaddr *addr)
{
/*
* For IPv4, return the IP address as-is. For IPv6, return the last 32
* bits.
*/
switch (addr->ss.ss_family) {
case AF_INET:
return ((const struct sockaddr_in *)&addr->ss)->sin_addr.s_addr;
case AF_INET6:
return ((uint32_t *)&((const struct sockaddr_in6 *)&addr->ss)->sin6_addr)[3];
default:
ast_log(LOG_ERROR, "Unknown address family '%d'.\n",
addr->ss.ss_family);
return 0;
}
}
int ast_accept(int sockfd, struct ast_sockaddr *addr)
{
addr->len = sizeof(addr->ss);
return accept(sockfd, (struct sockaddr *)&addr->ss, &addr->len);
}
int ast_sockaddr_ipv4_mapped(const struct ast_sockaddr *addr, struct ast_sockaddr *ast_mapped)
{
const struct sockaddr_in6 *sin6;
struct sockaddr_in sin4;
if (!ast_sockaddr_is_ipv6(addr)) {
return 0;
}
if (!ast_sockaddr_is_ipv4_mapped(addr)) {
return 0;
}
sin6 = (const struct sockaddr_in6*)&addr->ss;
memset(&sin4, 0, sizeof(sin4));
sin4.sin_family = AF_INET;
sin4.sin_port = sin6->sin6_port;
sin4.sin_addr.s_addr = ((uint32_t *)&sin6->sin6_addr)[3];
ast_sockaddr_from_sin(ast_mapped, &sin4);
return 1;
}
/*! \brief Function which negotiates an incoming media stream */
static int negotiate_incoming_sdp_stream(struct ast_sip_session *session, struct ast_sip_session_media *session_media,
const struct pjmedia_sdp_session *sdp, const struct pjmedia_sdp_media *stream)
{
char host[NI_MAXHOST];
RAII_VAR(struct ast_sockaddr *, addrs, NULL, ast_free);
enum ast_media_type media_type = stream_to_media_type(session_media->stream_type);
enum ast_sip_session_media_encryption encryption = AST_SIP_MEDIA_ENCRYPT_NONE;
int res;
/* If port is 0, ignore this media stream */
if (!stream->desc.port) {
ast_debug(3, "Media stream '%s' is already declined\n", session_media->stream_type);
return 0;
}
/* If no type formats have been configured reject this stream */
if (!ast_format_cap_has_type(session->endpoint->media.codecs, media_type)) {
ast_debug(3, "Endpoint has no codecs for media type '%s', declining stream\n", session_media->stream_type);
return 0;
}
/* Ensure incoming transport is compatible with the endpoint's configuration */
if (!session->endpoint->media.rtp.use_received_transport) {
encryption = check_endpoint_media_transport(session->endpoint, stream);
if (encryption == AST_SIP_MEDIA_TRANSPORT_INVALID) {
return -1;
}
}
ast_copy_pj_str(host, stream->conn ? &stream->conn->addr : &sdp->conn->addr, sizeof(host));
/* Ensure that the address provided is valid */
if (ast_sockaddr_resolve(&addrs, host, PARSE_PORT_FORBID, AST_AF_UNSPEC) <= 0) {
/* The provided host was actually invalid so we error out this negotiation */
return -1;
}
/* Using the connection information create an appropriate RTP instance */
if (!session_media->rtp && create_rtp(session, session_media, ast_sockaddr_is_ipv6(addrs))) {
return -1;
}
res = setup_media_encryption(session, session_media, sdp, stream);
if (res) {
if (!session->endpoint->media.rtp.encryption_optimistic) {
/* If optimistic encryption is disabled and crypto should have been enabled
* but was not this session must fail.
*/
return -1;
}
/* There is no encryption, sad. */
session_media->encryption = AST_SIP_MEDIA_ENCRYPT_NONE;
}
/* If we've been explicitly configured to use the received transport OR if
* encryption is on and crypto is present use the received transport.
* This is done in case of optimistic because it may come in as RTP/AVP or RTP/SAVP depending
* on the configuration of the remote endpoint (optimistic themselves or mandatory).
*/
if ((session->endpoint->media.rtp.use_received_transport) ||
((encryption == AST_SIP_MEDIA_ENCRYPT_SDES) && !res)) {
pj_strdup(session->inv_session->pool, &session_media->transport, &stream->desc.transport);
}
if (set_caps(session, session_media, stream)) {
return 0;
}
return 1;
}
void ast_tcptls_server_start(struct ast_tcptls_session_args *desc)
{
int flags;
int x = 1;
/* Do nothing if nothing has changed */
if (!ast_sockaddr_cmp(&desc->old_address, &desc->local_address)) {
ast_debug(1, "Nothing changed in %s\n", desc->name);
return;
}
/* If we return early, there is no one listening */
ast_sockaddr_setnull(&desc->old_address);
/* Shutdown a running server if there is one */
if (desc->master != AST_PTHREADT_NULL) {
pthread_cancel(desc->master);
pthread_kill(desc->master, SIGURG);
pthread_join(desc->master, NULL);
}
if (desc->accept_fd != -1) {
close(desc->accept_fd);
}
/* If there's no new server, stop here */
if (ast_sockaddr_isnull(&desc->local_address)) {
ast_debug(2, "Server disabled: %s\n", desc->name);
return;
}
desc->accept_fd = socket(ast_sockaddr_is_ipv6(&desc->local_address) ?
AF_INET6 : AF_INET, SOCK_STREAM, 0);
if (desc->accept_fd < 0) {
ast_log(LOG_ERROR, "Unable to allocate socket for %s: %s\n", desc->name, strerror(errno));
return;
}
setsockopt(desc->accept_fd, SOL_SOCKET, SO_REUSEADDR, &x, sizeof(x));
if (ast_bind(desc->accept_fd, &desc->local_address)) {
ast_log(LOG_ERROR, "Unable to bind %s to %s: %s\n",
desc->name,
ast_sockaddr_stringify(&desc->local_address),
strerror(errno));
goto error;
}
if (listen(desc->accept_fd, 10)) {
ast_log(LOG_ERROR, "Unable to listen for %s!\n", desc->name);
goto error;
}
flags = fcntl(desc->accept_fd, F_GETFL);
fcntl(desc->accept_fd, F_SETFL, flags | O_NONBLOCK);
if (ast_pthread_create_background(&desc->master, NULL, desc->accept_fn, desc)) {
ast_log(LOG_ERROR, "Unable to launch thread for %s on %s: %s\n",
desc->name,
ast_sockaddr_stringify(&desc->local_address),
strerror(errno));
goto error;
}
/* Set current info */
ast_sockaddr_copy(&desc->old_address, &desc->local_address);
return;
error:
close(desc->accept_fd);
desc->accept_fd = -1;
}
int ast_sockaddr_is_ipv6_link_local(const struct ast_sockaddr *addr)
{
const struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&addr->ss;
return ast_sockaddr_is_ipv6(addr) && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr);
}
void ast_tcptls_server_start(struct ast_tcptls_session_args *desc)
{
int flags;
int x = 1;
int tls_changed = 0;
if (desc->tls_cfg) {
char hash[41];
char *str = NULL;
struct stat st;
/* Store the hashes of the TLS certificate etc. */
if (stat(desc->tls_cfg->certfile, &st) || NULL == (str = ast_read_textfile(desc->tls_cfg->certfile))) {
memset(hash, 0, 41);
} else {
ast_sha1_hash(hash, str);
}
ast_free(str);
str = NULL;
memcpy(desc->tls_cfg->certhash, hash, 41);
if (stat(desc->tls_cfg->pvtfile, &st) || NULL == (str = ast_read_textfile(desc->tls_cfg->pvtfile))) {
memset(hash, 0, 41);
} else {
ast_sha1_hash(hash, str);
}
ast_free(str);
str = NULL;
memcpy(desc->tls_cfg->pvthash, hash, 41);
if (stat(desc->tls_cfg->cafile, &st) || NULL == (str = ast_read_textfile(desc->tls_cfg->cafile))) {
memset(hash, 0, 41);
} else {
ast_sha1_hash(hash, str);
}
ast_free(str);
str = NULL;
memcpy(desc->tls_cfg->cahash, hash, 41);
/* Check whether TLS configuration has changed */
if (!desc->old_tls_cfg) { /* No previous configuration */
tls_changed = 1;
desc->old_tls_cfg = ast_calloc(1, sizeof(*desc->old_tls_cfg));
} else if (memcmp(desc->tls_cfg->certhash, desc->old_tls_cfg->certhash, 41)) {
tls_changed = 1;
} else if (memcmp(desc->tls_cfg->pvthash, desc->old_tls_cfg->pvthash, 41)) {
tls_changed = 1;
} else if (strcmp(desc->tls_cfg->cipher, desc->old_tls_cfg->cipher)) {
tls_changed = 1;
} else if (memcmp(desc->tls_cfg->cahash, desc->old_tls_cfg->cahash, 41)) {
tls_changed = 1;
} else if (strcmp(desc->tls_cfg->capath, desc->old_tls_cfg->capath)) {
tls_changed = 1;
} else if (memcmp(&desc->tls_cfg->flags, &desc->old_tls_cfg->flags, sizeof(desc->tls_cfg->flags))) {
tls_changed = 1;
}
if (tls_changed) {
ast_debug(1, "Changed parameters for %s found\n", desc->name);
}
}
/* Do nothing if nothing has changed */
if (!tls_changed && !ast_sockaddr_cmp(&desc->old_address, &desc->local_address)) {
ast_debug(1, "Nothing changed in %s\n", desc->name);
return;
}
/* If we return early, there is no one listening */
ast_sockaddr_setnull(&desc->old_address);
/* Shutdown a running server if there is one */
if (desc->master != AST_PTHREADT_NULL) {
pthread_cancel(desc->master);
pthread_kill(desc->master, SIGURG);
pthread_join(desc->master, NULL);
}
if (desc->accept_fd != -1) {
close(desc->accept_fd);
}
/* If there's no new server, stop here */
if (ast_sockaddr_isnull(&desc->local_address)) {
ast_debug(2, "Server disabled: %s\n", desc->name);
return;
}
desc->accept_fd = socket(ast_sockaddr_is_ipv6(&desc->local_address) ?
AF_INET6 : AF_INET, SOCK_STREAM, 0);
if (desc->accept_fd < 0) {
ast_log(LOG_ERROR, "Unable to allocate socket for %s: %s\n", desc->name, strerror(errno));
return;
}
setsockopt(desc->accept_fd, SOL_SOCKET, SO_REUSEADDR, &x, sizeof(x));
if (ast_bind(desc->accept_fd, &desc->local_address)) {
ast_log(LOG_ERROR, "Unable to bind %s to %s: %s\n",
desc->name,
ast_sockaddr_stringify(&desc->local_address),
strerror(errno));
goto error;
}
if (listen(desc->accept_fd, 10)) {
ast_log(LOG_ERROR, "Unable to listen for %s!\n", desc->name);
goto error;
}
flags = fcntl(desc->accept_fd, F_GETFL);
fcntl(desc->accept_fd, F_SETFL, flags | O_NONBLOCK);
if (ast_pthread_create_background(&desc->master, NULL, desc->accept_fn, desc)) {
ast_log(LOG_ERROR, "Unable to launch thread for %s on %s: %s\n",
desc->name,
ast_sockaddr_stringify(&desc->local_address),
strerror(errno));
goto error;
}
/* Set current info */
ast_sockaddr_copy(&desc->old_address, &desc->local_address);
if (desc->old_tls_cfg) {
ast_free(desc->old_tls_cfg->certfile);
ast_free(desc->old_tls_cfg->pvtfile);
ast_free(desc->old_tls_cfg->cipher);
ast_free(desc->old_tls_cfg->cafile);
ast_free(desc->old_tls_cfg->capath);
desc->old_tls_cfg->certfile = ast_strdup(desc->tls_cfg->certfile);
desc->old_tls_cfg->pvtfile = ast_strdup(desc->tls_cfg->pvtfile);
desc->old_tls_cfg->cipher = ast_strdup(desc->tls_cfg->cipher);
desc->old_tls_cfg->cafile = ast_strdup(desc->tls_cfg->cafile);
desc->old_tls_cfg->capath = ast_strdup(desc->tls_cfg->capath);
memcpy(desc->old_tls_cfg->certhash, desc->tls_cfg->certhash, 41);
memcpy(desc->old_tls_cfg->pvthash, desc->tls_cfg->pvthash, 41);
memcpy(desc->old_tls_cfg->cahash, desc->tls_cfg->cahash, 41);
memcpy(&desc->old_tls_cfg->flags, &desc->tls_cfg->flags, sizeof(desc->old_tls_cfg->flags));
}
return;
error:
close(desc->accept_fd);
desc->accept_fd = -1;
}
