permissions(k): support for ipv6 in address-related functions

modules_k/permissions/address.c

@@ -35,6 +35,7 @@
 #include "../../config.h"
 #include "../../lib/srdb1/db.h"
 #include "../../ip_addr.h"
+#include "../../resolve.h"
 #include "../../mem/shm_mem.h"
 #include "../../parser/msg_parser.h"
 #include "../../parser/parse_from.h"
@@ -43,7 +44,7 @@
 #include "../../ut.h"
 #include "../../resolve.h"
 
-#define TABLE_VERSION 4
+#define TABLE_VERSION 5
 
 struct addr_list ***addr_hash_table; /* Ptr to current hash table ptr */
 struct addr_list **addr_hash_table_1;     /* Pointer to hash table 1 */
@@ -56,6 +57,18 @@ struct subnet *subnet_table_2;       /* Ptr to subnet table 2 */
 static db1_con_t* db_handle = 0;
 static db_func_t perm_dbf;
 
+static inline ip_addr_t *strtoipX(str *ips)
+{
+	/* try to figure out INET class */
+	if(ips->s[0] == '[' || memchr(ips->s, ':', ips->len)!=NULL)
+	{
+		/* IPv6 */
+		return str2ip6(ips);
+	} else {
+		/* IPv4 */
+		return str2ip(ips);
+	}
+}
 
 /*
  * Reload addr table to new hash table and when done, make new hash table
@@ -63,115 +76,131 @@ static db_func_t perm_dbf;
  */
 int reload_address_table(void)
 {
-    db_key_t cols[5];
-    db1_res_t* res = NULL;
-    db_row_t* row;
-    db_val_t* val;
-
-    struct addr_list **new_hash_table;
-    struct subnet *new_subnet_table;
-    int i;
-    struct in_addr ip_addr;
+	db_key_t cols[5];
+	db1_res_t* res = NULL;
+	db_row_t* row;
+	db_val_t* val;
+
+	struct addr_list **new_hash_table;
+	struct subnet *new_subnet_table;
+	int i;
+	unsigned int gid;
+	unsigned int port;
+	unsigned int mask;
+	str ips;
+	ip_addr_t *ipa;
 	char *tagv;
 
-    cols[0] = &grp_col;
-    cols[1] = &ip_addr_col;
-    cols[2] = &mask_col;
-    cols[3] = &port_col;
-    cols[4] = &tag_col;
+	cols[0] = &grp_col;
+	cols[1] = &ip_addr_col;
+	cols[2] = &mask_col;
+	cols[3] = &port_col;
+	cols[4] = &tag_col;
 
-    if (perm_dbf.use_table(db_handle, &address_table) < 0) {
-	    LM_ERR("failed to use table\n");
+	if (perm_dbf.use_table(db_handle, &address_table) < 0) {
+		LM_ERR("failed to use table\n");
 		return -1;
-    }
+	}
 
-    if (perm_dbf.query(db_handle, NULL, 0, NULL, cols, 0, 5, 0, &res) < 0) {
-	    LM_ERR("failed to query database\n");
+	if (perm_dbf.query(db_handle, NULL, 0, NULL, cols, 0, 5, 0, &res) < 0) {
+		LM_ERR("failed to query database\n");
 		return -1;
-    }
+	}
 
-    /* Choose new hash table and free its old contents */
-    if (*addr_hash_table == addr_hash_table_1) {
+	/* Choose new hash table and free its old contents */
+	if (*addr_hash_table == addr_hash_table_1) {
 		empty_addr_hash_table(addr_hash_table_2);
 		new_hash_table = addr_hash_table_2;
-    } else {
+	} else {
 		empty_addr_hash_table(addr_hash_table_1);
 		new_hash_table = addr_hash_table_1;
-    }
+	}
 
-    /* Choose new subnet table */
-    if (*subnet_table == subnet_table_1) {
+	/* Choose new subnet table */
+	if (*subnet_table == subnet_table_1) {
 		empty_subnet_table(subnet_table_2);
 		new_subnet_table = subnet_table_2;
-    } else {
+	} else {
 		empty_subnet_table(subnet_table_1);
 		new_subnet_table = subnet_table_1;
-    }
-
-    row = RES_ROWS(res);
-
-    LM_DBG("Number of rows in address table: %d\n", RES_ROW_N(res));
-		
-    for (i = 0; i < RES_ROW_N(res); i++) {
-	val = ROW_VALUES(row + i);
-		if ((ROW_N(row + i) == 5) &&
-			    (VAL_TYPE(val) == DB1_INT) && !VAL_NULL(val) &&
-			    (VAL_INT(val) > 0) && 
-			    (VAL_TYPE(val + 1) == DB1_STRING) && !VAL_NULL(val + 1) &&
-			    inet_aton((char *)VAL_STRING(val + 1), &ip_addr) != 0 &&
-			    (VAL_TYPE(val + 2) == DB1_INT) && !VAL_NULL(val + 2) && 
-			    ((unsigned int)VAL_INT(val + 2) > 0) && 
-				((unsigned int)VAL_INT(val + 2) <= 32) &&
-			    (VAL_TYPE(val + 3) == DB1_INT) && !VAL_NULL(val + 3)) {
-				tagv = VAL_NULL(val + 4)?NULL:(char *)VAL_STRING(val + 4);
-		    if ((unsigned int)VAL_INT(val + 2) == 32) {
-				if (addr_hash_table_insert(new_hash_table,
-							(unsigned int)VAL_INT(val),
-							(unsigned int)ip_addr.s_addr,
-							(unsigned int)VAL_INT(val + 3),
-							tagv)
-							== -1) {
-					LM_ERR("hash table problem\n");
-					perm_dbf.free_result(db_handle, res);
-					return -1;
-				}
-				LM_DBG("Tuple <%u, %s, %u> inserted into address hash "
-						"table\n", (unsigned int)VAL_INT(val),
-						(char *)VAL_STRING(val + 1),
-						(unsigned int)VAL_INT(val + 2));
-		    } else {
-				if (subnet_table_insert(new_subnet_table,
-						(unsigned int)VAL_INT(val),
-						(unsigned int)ip_addr.s_addr,
-						(unsigned int)VAL_INT(val + 2),
-						(unsigned int)VAL_INT(val + 3),
-						tagv)
-						== -1) {
-					LM_ERR("subnet table problem\n");
-					perm_dbf.free_result(db_handle, res);
-					return -1;
-				}
-				LM_DBG("Tuple <%u, %s, %u, %u> inserted into subnet "
-						"table\n", (unsigned int)VAL_INT(val),
-						(char *)VAL_STRING(val + 1),
-						(unsigned int)VAL_INT(val + 2),
-						(unsigned int)VAL_INT(val + 3));
-		    }
+	}
+
+	row = RES_ROWS(res);
+
+	LM_DBG("Number of rows in address table: %d\n", RES_ROW_N(res));
+
+	for (i = 0; i < RES_ROW_N(res); i++) {
+		val = ROW_VALUES(row + i);
+		/* basic checks to db values */
+		if ((ROW_N(row + i) != 5)
+				|| (VAL_TYPE(val) != DB1_INT) || VAL_NULL(val)
+				|| (VAL_INT(val) <= 0)
+				|| (VAL_TYPE(val + 1) != DB1_STRING) || VAL_NULL(val + 1)
+				|| (VAL_TYPE(val + 2) != DB1_INT) || VAL_NULL(val + 2)
+				|| (VAL_TYPE(val + 3) != DB1_INT) || VAL_NULL(val + 3))
+		{
+			LM_DBG("failure during checks of db values\n");
+			goto dberror;
+		}
+		gid = VAL_UINT(val);
+		ips.s = (char *)VAL_STRING(val + 1);
+		ips.len = strlen(ips.s);
+		mask = VAL_UINT(val + 2);
+		port = VAL_UINT(val + 3);
+		tagv = VAL_NULL(val + 4)?NULL:(char *)VAL_STRING(val + 4);
+		ipa = strtoipX(&ips);
+		if(ipa==NULL)
+		{
+			LM_DBG("failure during IP address conversion\n");
+			goto dberror;
+		}
+		if(ipa->af == AF_INET6) {
+			if(mask<0 || mask>128) {
+				LM_DBG("failure during IP mask check for v6\n");
+				goto dberror;
+			}
+		} else {
+			if(mask<0 || mask>32) {
+				LM_DBG("failure during IP mask check for v4\n");
+				goto dberror;
+			}
+		}
+		if((ipa->af==AF_INET6 && mask==128) || (ipa->af==AF_INET && mask==32))
+		{
+			if (addr_hash_table_insert(new_hash_table, gid, ipa, port, tagv)
+					== -1) {
+				LM_ERR("hash table problem\n");
+				perm_dbf.free_result(db_handle, res);
+				return -1;
+			}
+			LM_DBG("Tuple <%u, %s, %u> inserted into address hash table\n",
+					gid, ips.s, port);
 		} else {
-		    LM_ERR("database problem - invalid record\n");
-		    perm_dbf.free_result(db_handle, res);
-		    return -1;
+			if (subnet_table_insert(new_subnet_table, gid, ipa, mask,
+							port, tagv)
+						== -1) {
+				LM_ERR("subnet table problem\n");
+				perm_dbf.free_result(db_handle, res);
+				return -1;
+			}
+			LM_DBG("Tuple <%u, %s, %u, %u> inserted into subnet table\n",
+					gid, ips.s, port, mask);
 		}
-    }
+	}
+
+	perm_dbf.free_result(db_handle, res);
 
-    perm_dbf.free_result(db_handle, res);
+	*addr_hash_table = new_hash_table;
+	*subnet_table = new_subnet_table;
 
-    *addr_hash_table = new_hash_table;
-    *subnet_table = new_subnet_table;
+	LM_DBG("address table reloaded successfully.\n");
 
-    LM_DBG("address table reloaded successfully.\n");
-	
-    return 1;
+	return 1;
+
+dberror:
+	LM_ERR("database problem - invalid record\n");
+	perm_dbf.free_result(db_handle, res);
+	return -1;
 }
 
 
@@ -180,104 +209,104 @@ int reload_address_table(void)
  */
 int init_addresses(void)
 {
-    if (!db_url.s) {
-	LM_INFO("db_url parameter of permissions module not set, "
-	    "disabling allow_address\n");
-	return 0;
-    } else {
-	if (db_bind_mod(&db_url, &perm_dbf) < 0) {
-	    LM_ERR("load a database support module\n");
-	    return -1;
-	}
+	if (!db_url.s) {
+		LM_INFO("db_url parameter of permissions module not set, "
+				"disabling allow_address\n");
+		return 0;
+	} else {
+		if (db_bind_mod(&db_url, &perm_dbf) < 0) {
+			LM_ERR("load a database support module\n");
+			return -1;
+		}
 
-	if (!DB_CAPABILITY(perm_dbf, DB_CAP_QUERY)) {
-	    LM_ERR("database module does not implement 'query' function\n");
-	    return -1;
+		if (!DB_CAPABILITY(perm_dbf, DB_CAP_QUERY)) {
+			LM_ERR("database module does not implement 'query' function\n");
+			return -1;
+		}
 	}
-    }
 
-    addr_hash_table_1 = addr_hash_table_2 = 0;
-    addr_hash_table = 0;
-	
-    db_handle = perm_dbf.init(&db_url);
-    if (!db_handle) {
+	addr_hash_table_1 = addr_hash_table_2 = 0;
+	addr_hash_table = 0;
+
+	db_handle = perm_dbf.init(&db_url);
+	if (!db_handle) {
 		LM_ERR("unable to connect database\n");
 		return -1;
-    }
+	}
 
-    if(db_check_table_version(&perm_dbf, db_handle, &address_table, TABLE_VERSION) < 0) {
+	if(db_check_table_version(&perm_dbf, db_handle, &address_table, TABLE_VERSION) < 0) {
 		LM_ERR("error during table version check.\n");
 		perm_dbf.close(db_handle);
 		return -1;
-    }
+	}
 
-    addr_hash_table_1 = new_addr_hash_table();
-    if (!addr_hash_table_1) return -1;
+	addr_hash_table_1 = new_addr_hash_table();
+	if (!addr_hash_table_1) return -1;
 
-    addr_hash_table_2  = new_addr_hash_table();
-    if (!addr_hash_table_2) goto error;
-		
-    addr_hash_table = (struct addr_list ***)shm_malloc
-	(sizeof(struct addr_list **));
-    if (!addr_hash_table) {
-	LM_ERR("no more shm memory for addr_hash_table\n");
-	goto error;
-    }
+	addr_hash_table_2  = new_addr_hash_table();
+	if (!addr_hash_table_2) goto error;
+
+	addr_hash_table = (struct addr_list ***)shm_malloc
+		(sizeof(struct addr_list **));
+	if (!addr_hash_table) {
+		LM_ERR("no more shm memory for addr_hash_table\n");
+		goto error;
+	}
 
-    *addr_hash_table = addr_hash_table_1;
+	*addr_hash_table = addr_hash_table_1;
 
-    subnet_table_1 = new_subnet_table();
-    if (!subnet_table_1) goto error;
+	subnet_table_1 = new_subnet_table();
+	if (!subnet_table_1) goto error;
 
-    subnet_table_2 = new_subnet_table();
-    if (!subnet_table_2) goto error;
+	subnet_table_2 = new_subnet_table();
+	if (!subnet_table_2) goto error;
 
-    subnet_table = (struct subnet **)shm_malloc(sizeof(struct subnet *));
-    if (!subnet_table) {
-	LM_ERR("no more shm memory for subnet_table\n");
-	goto error;
-    }
+	subnet_table = (struct subnet **)shm_malloc(sizeof(struct subnet *));
+	if (!subnet_table) {
+		LM_ERR("no more shm memory for subnet_table\n");
+		goto error;
+	}
 
-    *subnet_table = subnet_table_1;
+	*subnet_table = subnet_table_1;
 
-    if (reload_address_table() == -1) {
-	LM_CRIT("reload of address table failed\n");
-	goto error;
-    }
+	if (reload_address_table() == -1) {
+		LM_CRIT("reload of address table failed\n");
+		goto error;
+	}
 
-    perm_dbf.close(db_handle);
-    db_handle = 0;
+	perm_dbf.close(db_handle);
+	db_handle = 0;
 
-    return 0;
+	return 0;
 
 error:
-    if (addr_hash_table_1) {
-	free_addr_hash_table(addr_hash_table_1);
-	addr_hash_table_1 = 0;
-    }
-    if (addr_hash_table_2) {
-	free_addr_hash_table(addr_hash_table_2);
-	addr_hash_table_2 = 0;
-    }
-    if (addr_hash_table) {
-	shm_free(addr_hash_table);
-	addr_hash_table = 0;
-    }
-    if (subnet_table_1) {
-	free_subnet_table(subnet_table_1);
-	subnet_table_1 = 0;
-    }
-    if (subnet_table_2) {
-	free_subnet_table(subnet_table_2);
-	subnet_table_2 = 0;
-    }
-    if (subnet_table) {
-	shm_free(subnet_table);
-	subnet_table = 0;
-    }
-    perm_dbf.close(db_handle);
-    db_handle = 0;
-    return -1;
+	if (addr_hash_table_1) {
+		free_addr_hash_table(addr_hash_table_1);
+		addr_hash_table_1 = 0;
+	}
+	if (addr_hash_table_2) {
+		free_addr_hash_table(addr_hash_table_2);
+		addr_hash_table_2 = 0;
+	}
+	if (addr_hash_table) {
+		shm_free(addr_hash_table);
+		addr_hash_table = 0;
+	}
+	if (subnet_table_1) {
+		free_subnet_table(subnet_table_1);
+		subnet_table_1 = 0;
+	}
+	if (subnet_table_2) {
+		free_subnet_table(subnet_table_2);
+		subnet_table_2 = 0;
+	}
+	if (subnet_table) {
+		shm_free(subnet_table);
+		subnet_table = 0;
+	}
+	perm_dbf.close(db_handle);
+	db_handle = 0;
+	return -1;
 }
 
 
@@ -287,13 +316,13 @@ error:
  */
 int mi_init_addresses(void)
 {
-    if (!db_url.s) return 0;
-    db_handle = perm_dbf.init(&db_url);
-    if (!db_handle) {
-	LM_ERR("unable to connect database\n");
-	return -1;
-    }
-    return 0;
+	if (!db_url.s) return 0;
+	db_handle = perm_dbf.init(&db_url);
+	if (!db_handle) {
+		LM_ERR("unable to connect database\n");
+		return -1;
+	}
+	return 0;
 }
 
 
@@ -302,12 +331,12 @@ int mi_init_addresses(void)
  */
 void clean_addresses(void)
 {
-    if (addr_hash_table_1) free_addr_hash_table(addr_hash_table_1);
-    if (addr_hash_table_2) free_addr_hash_table(addr_hash_table_2);
-    if (addr_hash_table) shm_free(addr_hash_table);
-    if (subnet_table_1) free_subnet_table(subnet_table_1);
-    if (subnet_table_2) free_subnet_table(subnet_table_2);
-    if (subnet_table) shm_free(subnet_table);
+	if (addr_hash_table_1) free_addr_hash_table(addr_hash_table_1);
+	if (addr_hash_table_2) free_addr_hash_table(addr_hash_table_2);
+	if (addr_hash_table) shm_free(addr_hash_table);
+	if (subnet_table_1) free_subnet_table(subnet_table_1);
+	if (subnet_table_2) free_subnet_table(subnet_table_2);
+	if (subnet_table) shm_free(subnet_table);
 }
 
 
@@ -317,63 +346,38 @@ void clean_addresses(void)
  * 0 in cached address table matches any port.
  */
 int allow_address(struct sip_msg* _msg, char* _addr_group, char* _addr_sp,
-		  char* _port_sp)
+		char* _port_sp)
 {
-    pv_spec_t *addr_sp, *port_sp;
-    pv_value_t pv_val;
+	unsigned int port;
+	int addr_group;
+	str ips;
+	struct ip_addr *ipa;
 
-    unsigned int addr, port;
-    int addr_group;
-    struct ip_addr *ip;
-
-    addr_sp = (pv_spec_t *)_addr_sp;
-    port_sp = (pv_spec_t *)_port_sp;
+	if(fixup_get_ivalue(_msg, (gparam_p)_addr_group, &addr_group) !=0 ) {
+		LM_ERR("cannot get group value\n");
+		return -1;
+	}
 
-    if(fixup_get_ivalue(_msg, (gparam_p)_addr_group, &addr_group) !=0 ) {
-	LM_ERR("cannot get group value\n");
-	return -1;
-    }
-
-	if (addr_sp && (pv_get_spec_value(_msg, addr_sp, &pv_val) == 0)) {
-		if (pv_val.flags & PV_VAL_INT) {
-			addr = pv_val.ri;
-		} else if (pv_val.flags & PV_VAL_STR) {
-			if ( (ip=str2ip( &pv_val.rs)) == NULL) {
-				LM_ERR("failed to convert IP address string to in_addr\n");
-				return -1;
-			} else {
-				addr = ip->u.addr32[0];
-			}
-		} else {
-			LM_ERR("IP address PV empty value\n");
-			return -1;
-		}
-	} else {
+	if (_addr_sp==NULL
+			|| (fixup_get_svalue(_msg, (gparam_p)_addr_sp, &ips) < 0)) {
 		LM_ERR("cannot get value of address pvar\n");
-			return -1;
+		return -1;
+	}
+	if ( (ipa=strtoipX(&ips)) == NULL ) {
+		LM_ERR("failed to convert IP address string to in_addr\n");
+		return -1;
 	}
 
-    if (port_sp && (pv_get_spec_value(_msg, port_sp, &pv_val) == 0)) {
-	if (pv_val.flags & PV_VAL_INT) {
-	    port = pv_val.ri;
-	} else if (pv_val.flags & PV_VAL_STR) {
-	    if (str2int(&(pv_val.rs), &port) == -1) {
-		LM_ERR("failed to convert port string to int\n");
+	if (_port_sp==NULL
+			|| (fixup_get_ivalue(_msg, (gparam_p)_port_sp, (int*)&port) < 0)) {
+		LM_ERR("cannot get value of port pvar\n");
 		return -1;
-	    }
-	} else {
-	    LM_ERR("failed to convert port string to int\n");
-	    return -1;
 	}
-    } else {
-	LM_ERR("cannot get value of port pvar\n");
-	return -1;
-    }
 
-    if (match_addr_hash_table(*addr_hash_table, addr_group, addr, port) == 1)
-	return 1;
-    else
-	return match_subnet_table(*subnet_table, addr_group, addr, port);
+	if (match_addr_hash_table(*addr_hash_table, addr_group, ipa, port) == 1)
+		return 1;
+	else
+		return match_subnet_table(*subnet_table, addr_group, ipa, port);
 }
 
 
@@ -383,25 +387,25 @@ int allow_address(struct sip_msg* _msg, char* _addr_group, char* _addr_sp,
  */
 int allow_source_address(struct sip_msg* _msg, char* _addr_group, char* _str2) 
 {
-    int addr_group = 1;
+	int addr_group = 1;
 
-    if(_addr_group!=NULL
+	if(_addr_group!=NULL
 			&& fixup_get_ivalue(_msg, (gparam_p)_addr_group, &addr_group) !=0 ) {
-	LM_ERR("cannot get group value\n");
-	return -1;
-    }
-
-    LM_DBG("looking for <%u, %x, %u>\n",
-	addr_group, _msg->rcv.src_ip.u.addr32[0], _msg->rcv.src_port);
+		LM_ERR("cannot get group value\n");
+		return -1;
+	}
 
-    if (match_addr_hash_table(*addr_hash_table, addr_group,
-			      _msg->rcv.src_ip.u.addr32[0],
-			      _msg->rcv.src_port) == 1)
-	return 1;
-    else
-	return match_subnet_table(*subnet_table, addr_group,
-				  _msg->rcv.src_ip.u.addr32[0],
-				  _msg->rcv.src_port);
+	LM_DBG("looking for <%u, %x, %u>\n",
+			addr_group, _msg->rcv.src_ip.u.addr32[0], _msg->rcv.src_port);
+
+	if (match_addr_hash_table(*addr_hash_table, addr_group,
+				&_msg->rcv.src_ip,
+				_msg->rcv.src_port) == 1)
+		return 1;
+	else
+		return match_subnet_table(*subnet_table, addr_group,
+				&_msg->rcv.src_ip,
+				_msg->rcv.src_port);
 }
 
 
@@ -412,23 +416,23 @@ int allow_source_address(struct sip_msg* _msg, char* _addr_group, char* _str2)
  */
 int allow_source_address_group(struct sip_msg* _msg, char* _str1, char* _str2) 
 {
-    int group;
-
-    LM_DBG("looking for <%x, %u> in address table\n",
-	   _msg->rcv.src_ip.u.addr32[0], _msg->rcv.src_port);
-    group = find_group_in_addr_hash_table(*addr_hash_table,
-					  _msg->rcv.src_ip.u.addr32[0],
-					  _msg->rcv.src_port);
-    LM_DBG("Found <%d>\n", group);
-
-    if (group != -1) return group;
-
-    LM_DBG("looking for <%x, %u> in subnet table\n",
-	   _msg->rcv.src_ip.u.addr32[0], _msg->rcv.src_port);
-    group = find_group_in_subnet_table(*subnet_table,
-				       _msg->rcv.src_ip.u.addr32[0],
-				      _msg->rcv.src_port);
-    LM_DBG("Found <%d>\n", group);
-    return group;
-    
+	int group;
+
+	LM_DBG("looking for <%x, %u> in address table\n",
+			_msg->rcv.src_ip.u.addr32[0], _msg->rcv.src_port);
+	group = find_group_in_addr_hash_table(*addr_hash_table,
+			&_msg->rcv.src_ip,
+			_msg->rcv.src_port);
+	LM_DBG("Found <%d>\n", group);
+
+	if (group != -1) return group;
+
+	LM_DBG("looking for <%x, %u> in subnet table\n",
+			_msg->rcv.src_ip.u.addr32[0], _msg->rcv.src_port);
+	group = find_group_in_subnet_table(*subnet_table,
+			&_msg->rcv.src_ip,
+			_msg->rcv.src_port);
+	LM_DBG("Found <%d>\n", group);
+	return group;
+
 }

modules_k/permissions/hash.c

@@ -49,26 +49,26 @@ extern int peer_tag_mode;
  */
 int init_tag_avp(str *tag_avp_param)
 {
-    pv_spec_t avp_spec;
-    unsigned short avp_flags;
-
-    if (tag_avp_param->s && tag_avp_param->len > 0) {
-	if (pv_parse_spec(tag_avp_param, &avp_spec)==0
-	    || avp_spec.type != PVT_AVP) {
-	    LM_ERR("malformed or non "
-		"AVP %.*s peer_tag_avp definition\n", tag_avp_param->len, tag_avp_param->s);
-	    return -1;
-	}
-	if(pv_get_avp_name(0, &avp_spec.pvp, &tag_avp, &avp_flags)!=0) {
-	    LM_ERR("[%.*s]- invalid "
-		"peer_tag_avp AVP definition\n", tag_avp_param->len, tag_avp_param->s);
-	    return -1;
+	pv_spec_t avp_spec;
+	unsigned short avp_flags;
+
+	if (tag_avp_param->s && tag_avp_param->len > 0) {
+		if (pv_parse_spec(tag_avp_param, &avp_spec)==0
+				|| avp_spec.type != PVT_AVP) {
+			LM_ERR("malformed or non "
+					"AVP %.*s peer_tag_avp definition\n", tag_avp_param->len, tag_avp_param->s);
+			return -1;
+		}
+		if(pv_get_avp_name(0, &avp_spec.pvp, &tag_avp, &avp_flags)!=0) {
+			LM_ERR("[%.*s]- invalid "
+					"peer_tag_avp AVP definition\n", tag_avp_param->len, tag_avp_param->s);
+			return -1;
+		}
+		tag_avp_type = avp_flags;
+	} else {
+		tag_avp.n = 0;
 	}
-	tag_avp_type = avp_flags;
-    } else {
-	tag_avp.n = 0;
-    }
-    return 0;
+	return 0;
 }
 
 
@@ -120,7 +120,7 @@ void free_hash_table(struct trusted_list** table)
  * representation of string argument proto.
  */
 int hash_table_insert(struct trusted_list** table, char* src_ip, 
-		      char* proto, char* pattern, char* tag)
+		char* proto, char* pattern, char* tag)
 {
 	struct trusted_list *np;
 	unsigned int hash_val;
@@ -142,7 +142,7 @@ int hash_table_insert(struct trusted_list** table, char* src_ip,
 	} else if (strcasecmp(proto, "sctp") == 0) {
 		np->proto = PROTO_SCTP;
 	} else if (strcasecmp(proto, "none") == 0) {
-	        shm_free(np);
+		shm_free(np);
 		return 1;
 	} else {
 		LM_CRIT("unknown protocol\n");
@@ -162,32 +162,32 @@ int hash_table_insert(struct trusted_list** table, char* src_ip,
 	(void) strncpy(np->src_ip.s, src_ip, np->src_ip.len);
 
 	if (pattern) {
-	    np->pattern = (char *) shm_malloc(strlen(pattern)+1);
-	    if (np->pattern == NULL) {
-		LM_CRIT("cannot allocate shm memory for pattern string\n");
-		shm_free(np->src_ip.s);
-		shm_free(np);
-		return -1;
-	    }
-	    (void) strcpy(np->pattern, pattern);
+		np->pattern = (char *) shm_malloc(strlen(pattern)+1);
+		if (np->pattern == NULL) {
+			LM_CRIT("cannot allocate shm memory for pattern string\n");
+			shm_free(np->src_ip.s);
+			shm_free(np);
+			return -1;
+		}
+		(void) strcpy(np->pattern, pattern);
 	} else {
-	    np->pattern = 0;
+		np->pattern = 0;
 	}
 
 	if (tag) {
-	    np->tag.len = strlen(tag);
-	    np->tag.s = (char *) shm_malloc((np->tag.len) + 1);
-	    if (np->tag.s == NULL) {
-		LM_CRIT("cannot allocate shm memory for pattern string\n");
-		shm_free(np->src_ip.s);
-		shm_free(np->pattern);
-		shm_free(np);
-		return -1;
-	    }
-	    (void) strcpy(np->tag.s, tag);
+		np->tag.len = strlen(tag);
+		np->tag.s = (char *) shm_malloc((np->tag.len) + 1);
+		if (np->tag.s == NULL) {
+			LM_CRIT("cannot allocate shm memory for pattern string\n");
+			shm_free(np->src_ip.s);
+			shm_free(np->pattern);
+			shm_free(np);
+			return -1;
+		}
+		(void) strcpy(np->tag.s, tag);
 	} else {
-	    np->tag.len = 0;
-	    np->tag.s = 0;
+		np->tag.len = 0;
+		np->tag.s = 0;
 	}
 
 	hash_val = perm_hash(np->src_ip);
@@ -205,7 +205,7 @@ int hash_table_insert(struct trusted_list** table, char* src_ip,
  * Returns number of matches or -1 if none matched.
  */
 int match_hash_table(struct trusted_list** table, struct sip_msg* msg,
-		     char *src_ip_c_str, int proto)
+		char *src_ip_c_str, int proto)
 {
 	str uri;
 	char uri_string[MAX_URI_SIZE + 1];
@@ -229,8 +229,8 @@ int match_hash_table(struct trusted_list** table, struct sip_msg* msg,
 
 	for (np = table[perm_hash(src_ip)]; np != NULL; np = np->next) {
 		if ((np->src_ip.len == src_ip.len) && 
-		   (strncmp(np->src_ip.s, src_ip.s, src_ip.len) == 0) &&
-		   ((np->proto == PROTO_NONE) || (np->proto == proto))) {
+				(strncmp(np->src_ip.s, src_ip.s, src_ip.len) == 0) &&
+				((np->proto == PROTO_NONE) || (np->proto == proto))) {
 			if (np->pattern) {
 				if (regcomp(&preg, np->pattern, REG_NOSUB)) {
 					LM_ERR("invalid regular expression\n");
@@ -267,25 +267,25 @@ int match_hash_table(struct trusted_list** table, struct sip_msg* msg,
  */
 int hash_table_mi_print(struct trusted_list** table, struct mi_node* rpl)
 {
-    int i;
-    struct trusted_list *np;
-    
-    for (i = 0; i < PERM_HASH_SIZE; i++) {
-	np = table[i];
-	while (np) {
-	    if (addf_mi_node_child(rpl, 0, 0, 0,
-				   "%4d <%.*s, %d, %s, %s>",
-				   i,
-				   np->src_ip.len, ZSW(np->src_ip.s),
-				   np->proto,
-				   np->pattern?np->pattern:"NULL",
-				   np->tag.len?np->tag.s:"NULL") == 0) {
-		return -1;
-	    }
-	    np = np->next;
+	int i;
+	struct trusted_list *np;
+
+	for (i = 0; i < PERM_HASH_SIZE; i++) {
+		np = table[i];
+		while (np) {
+			if (addf_mi_node_child(rpl, 0, 0, 0,
+						"%4d <%.*s, %d, %s, %s>",
+						i,
+						np->src_ip.len, ZSW(np->src_ip.s),
+						np->proto,
+						np->pattern?np->pattern:"NULL",
+						np->tag.len?np->tag.s:"NULL") == 0) {
+				return -1;
+			}
+			np = np->next;
+		}
 	}
-    }
-    return 0;
+	return 0;
 }
 
 
@@ -295,21 +295,21 @@ int hash_table_mi_print(struct trusted_list** table, struct mi_node* rpl)
  */
 void empty_hash_table(struct trusted_list **table)
 {
-    int i;
-    struct trusted_list *np, *next;
-    
-    for (i = 0; i < PERM_HASH_SIZE; i++) {
-	np = table[i];
-	while (np) {
-	    if (np->src_ip.s) shm_free(np->src_ip.s);
-	    if (np->pattern) shm_free(np->pattern);
-	    if (np->tag.s) shm_free(np->tag.s);
-	    next = np->next;
-	    shm_free(np);
-	    np = next;
+	int i;
+	struct trusted_list *np, *next;
+
+	for (i = 0; i < PERM_HASH_SIZE; i++) {
+		np = table[i];
+		while (np) {
+			if (np->src_ip.s) shm_free(np->src_ip.s);
+			if (np->pattern) shm_free(np->pattern);
+			if (np->tag.s) shm_free(np->tag.s);
+			next = np->next;
+			shm_free(np);
+			np = next;
+		}
+		table[i] = 0;
 	}
-	table[i] = 0;
-    }
 }
 
 
@@ -318,18 +318,18 @@ void empty_hash_table(struct trusted_list **table)
  */
 struct addr_list** new_addr_hash_table(void)
 {
-    struct addr_list** ptr;
+	struct addr_list** ptr;
 
-    /* Initializing hash tables and hash table variable */
-    ptr = (struct addr_list **)shm_malloc
-	(sizeof(struct addr_list*) * PERM_HASH_SIZE);
-    if (!ptr) {
-	LM_ERR("no shm memory for hash table\n");
-	return 0;
-    }
+	/* Initializing hash tables and hash table variable */
+	ptr = (struct addr_list **)shm_malloc
+		(sizeof(struct addr_list*) * PERM_HASH_SIZE);
+	if (!ptr) {
+		LM_ERR("no shm memory for hash table\n");
+		return 0;
+	}
 
-    memset(ptr, 0, sizeof(struct addr_list*) * PERM_HASH_SIZE);
-    return ptr;
+	memset(ptr, 0, sizeof(struct addr_list*) * PERM_HASH_SIZE);
+	return ptr;
 }
 
 
@@ -338,11 +338,11 @@ struct addr_list** new_addr_hash_table(void)
  */
 void free_addr_hash_table(struct addr_list** table)
 {
-    if (!table)
-	return;
+	if (!table)
+		return;
 
-    empty_addr_hash_table(table);
-    shm_free(table);
+	empty_addr_hash_table(table);
+	shm_free(table);
 }
 
 
@@ -350,42 +350,42 @@ void free_addr_hash_table(struct addr_list** table)
  * Add <grp, ip_addr, port> into hash table
  */
 int addr_hash_table_insert(struct addr_list** table, unsigned int grp,
-			   unsigned int ip_addr, unsigned int port, char *tagv)
+		ip_addr_t *addr, unsigned int port, char *tagv)
 {
-    struct addr_list *np;
-    unsigned int hash_val;
-    str addr_str;
+	struct addr_list *np;
+	unsigned int hash_val;
+	str addr_str;
 	int len;
 
 	len = sizeof(struct addr_list);
 	if(tagv!=NULL)
 		len += strlen(tagv) + 1;
-	
-    np = (struct addr_list *) shm_malloc(len);
-    if (np == NULL) {
-	LM_ERR("no shm memory for table entry\n");
-	return -1;
-    }
+
+	np = (struct addr_list *) shm_malloc(len);
+	if (np == NULL) {
+		LM_ERR("no shm memory for table entry\n");
+		return -1;
+	}
 
 	memset(np, 0, len);
 
-    np->grp = grp;
-    np->ip_addr = ip_addr;
-    np->port = port;
+	np->grp = grp;
+	memcpy(&np->addr, addr, sizeof(ip_addr_t));
+	np->port = port;
 	if(tagv!=NULL)
 	{
 		np->tag.s = (char*)np + sizeof(struct addr_list);
 		np->tag.len = strlen(tagv);
 		strcpy(np->tag.s, tagv);
 	}
-    
-    addr_str.s = (char *)(&ip_addr);
-    addr_str.len = 4;
-    hash_val = perm_hash(addr_str);
-    np->next = table[hash_val];
-    table[hash_val] = np;
-
-    return 1;
+
+	addr_str.s = (char*)addr->u.addr;
+	addr_str.len = 4;
+	hash_val = perm_hash(addr_str);
+	np->next = table[hash_val];
+	table[hash_val] = np;
+
+	return 1;
 }
 
 
@@ -394,18 +394,19 @@ int addr_hash_table_insert(struct addr_list** table, unsigned int grp,
  * port.  Port 0 in hash table matches any port.
  */
 int match_addr_hash_table(struct addr_list** table, unsigned int group,
-			  unsigned int ip_addr, unsigned int port)
+		ip_addr_t *addr, unsigned int port)
 {
 	struct addr_list *np;
 	str addr_str;
 	avp_value_t val;
 
-	addr_str.s = (char *)(&ip_addr);
+	addr_str.s = (char*)addr->u.addr;
 	addr_str.len = 4;
 
 	for (np = table[perm_hash(addr_str)]; np != NULL; np = np->next) {
-	    if ((np->ip_addr == ip_addr) && (np->grp == group) &&
-		((np->port == 0) || (np->port == port))) {
+		if ( (np->grp == group)
+				&& ((np->port == 0) || (np->port == port))
+				&& ip_addr_cmp(&np->addr, addr)) {
 
 			if (tag_avp.n && np->tag.s) {
 				val.s = np->tag;
@@ -415,8 +416,8 @@ int match_addr_hash_table(struct addr_list** table, unsigned int group,
 				}
 			}
 
-		return 1;
-	    }
+			return 1;
+		}
 	}
 
 	return -1;
@@ -429,19 +430,19 @@ int match_addr_hash_table(struct addr_list** table, unsigned int group,
  * Port 0 in hash table matches any port. 
  */
 int find_group_in_addr_hash_table(struct addr_list** table,
-				  unsigned int ip_addr, unsigned int port)
+		ip_addr_t *addr, unsigned int port)
 {
 	struct addr_list *np;
 	str addr_str;
 
-	addr_str.s = (char *)(&ip_addr);
+	addr_str.s = (char*)addr->u.addr;
 	addr_str.len = 4;
 
 	for (np = table[perm_hash(addr_str)]; np != NULL; np = np->next) {
-	    if ((np->ip_addr == ip_addr) &&
-		((np->port == 0) || (np->port == port))) {
-		return np->grp;
-	    }
+		if (((np->port == 0) || (np->port == port))
+				&& ip_addr_cmp(&np->addr, addr)) {
+			return np->grp;
+		}
 	}
 
 	return -1;
@@ -453,25 +454,21 @@ int find_group_in_addr_hash_table(struct addr_list** table,
  */
 int addr_hash_table_mi_print(struct addr_list** table, struct mi_node* rpl)
 {
-    int i;
-    struct addr_list *np;
-    struct ip_addr addr;
-    
-    for (i = 0; i < PERM_HASH_SIZE; i++) {
-	np = table[i];
-	while (np) {
-	    addr.af = AF_INET;
-	    addr.len = 4;
-	    addr.u.addr32[0] = np->ip_addr;
-	    if (addf_mi_node_child(rpl, 0, 0, 0,
-				   "%4d <%u, %s, %u> [%s]",
-				   i, np->grp, ip_addr2a(&addr),
-				   np->port, (np->tag.s==NULL)?"":np->tag.s) == 0)
-		return -1;
-	    np = np->next;
+	int i;
+	struct addr_list *np;
+
+	for (i = 0; i < PERM_HASH_SIZE; i++) {
+		np = table[i];
+		while (np) {
+			if (addf_mi_node_child(rpl, 0, 0, 0,
+						"%4d <%u, %s, %u> [%s]",
+						i, np->grp, ip_addr2a(&np->addr),
+						np->port, (np->tag.s==NULL)?"":np->tag.s) == 0)
+				return -1;
+			np = np->next;
+		}
 	}
-    }
-    return 0;
+	return 0;
 }
 
 
@@ -481,18 +478,18 @@ int addr_hash_table_mi_print(struct addr_list** table, struct mi_node* rpl)
  */
 void empty_addr_hash_table(struct addr_list **table)
 {
-    int i;
-    struct addr_list *np, *next;
-
-    for (i = 0; i < PERM_HASH_SIZE; i++) {
-	np = table[i];
-	while (np) {
-	    next = np->next;
-	    shm_free(np);
-	    np = next;
+	int i;
+	struct addr_list *np, *next;
+
+	for (i = 0; i < PERM_HASH_SIZE; i++) {
+		np = table[i];
+		while (np) {
+			next = np->next;
+			shm_free(np);
+			np = next;
+		}
+		table[i] = 0;
 	}
-	table[i] = 0;
-    }
 }
 
 
@@ -501,39 +498,39 @@ void empty_addr_hash_table(struct addr_list **table)
  */
 struct subnet* new_subnet_table(void)
 {
-    struct subnet* ptr;
-
-    /* subnet record [PERM_MAX_SUBNETS] contains in its grp field 
-       the number of subnet records in the subnet table */
-    ptr = (struct subnet *)shm_malloc
-	(sizeof(struct subnet) * (PERM_MAX_SUBNETS + 1));
-    if (!ptr) {
-	LM_ERR("no shm memory for subnet table\n");
-	return 0;
-    }
+	struct subnet* ptr;
+
+	/* subnet record [PERM_MAX_SUBNETS] contains in its grp field 
+	   the number of subnet records in the subnet table */
+	ptr = (struct subnet *)shm_malloc
+		(sizeof(struct subnet) * (PERM_MAX_SUBNETS + 1));
+	if (!ptr) {
+		LM_ERR("no shm memory for subnet table\n");
+		return 0;
+	}
 	memset(ptr, 0, sizeof(struct subnet) * (PERM_MAX_SUBNETS + 1));
-    return ptr;
+	return ptr;
 }
 
-    
+
 /* 
  * Add <grp, subnet, mask, port, tag> into subnet table so that table is
  * kept in increasing ordered according to grp.
  */
 int subnet_table_insert(struct subnet* table, unsigned int grp,
-			unsigned int subnet, unsigned int mask,
-			unsigned int port, char *tagv)
+		ip_addr_t *subnet, unsigned int mask,
+		unsigned int port, char *tagv)
 {
-    int i;
-    unsigned int count;
+	int i;
+	unsigned int count;
 	str tags;
 
-    count = table[PERM_MAX_SUBNETS].grp;
+	count = table[PERM_MAX_SUBNETS].grp;
 
-    if (count == PERM_MAX_SUBNETS) {
-	LM_CRIT("subnet table is full\n");
-	return 0;
-    }
+	if (count == PERM_MAX_SUBNETS) {
+		LM_CRIT("subnet table is full\n");
+		return 0;
+	}
 
 	if(tagv==NULL)
 	{
@@ -550,25 +547,22 @@ int subnet_table_insert(struct subnet* table, unsigned int grp,
 		strcpy(tags.s, tagv);
 	}
 
-	mask = 32 - mask;
-    subnet = htonl(ntohl(subnet) >> mask); //subnet << mask;
+	i = count - 1;
 
-    i = count - 1;
+	while ((i >= 0) && (table[i].grp > grp)) {
+		table[i + 1] = table[i];
+		i--;
+	}
 
-    while ((i >= 0) && (table[i].grp > grp)) {
-	table[i + 1] = table[i];
-	i--;
-    }
-    
-    table[i + 1].grp = grp;
-    table[i + 1].subnet = subnet;
-    table[i + 1].port = port;
-    table[i + 1].mask = mask;
+	table[i + 1].grp = grp;
+	memcpy(&table[i + 1].subnet, subnet, sizeof(ip_addr_t));
+	table[i + 1].port = port;
+	table[i + 1].mask = mask;
 	table[i + 1].tag = tags;
 
-    table[PERM_MAX_SUBNETS].grp = count + 1;
+	table[PERM_MAX_SUBNETS].grp = count + 1;
 
-    return 1;
+	return 1;
 }
 
 
@@ -577,23 +571,22 @@ int subnet_table_insert(struct subnet* table, unsigned int grp,
  * and port.  Port 0 in subnet table matches any port.
  */
 int match_subnet_table(struct subnet* table, unsigned int grp,
-		       unsigned int ip_addr, unsigned int port)
+		ip_addr_t *addr, unsigned int port)
 {
-    unsigned int count, i, subnet;
+	unsigned int count, i;
 	avp_value_t val;
 
-    count = table[PERM_MAX_SUBNETS].grp;
+	count = table[PERM_MAX_SUBNETS].grp;
 
-    i = 0;
-    while ((i < count) && (table[i].grp < grp))
-	i++;
-    
-    if (i == count) return -1;
+	i = 0;
+	while ((i < count) && (table[i].grp < grp))
+		i++;
 
-    while ((i < count) && (table[i].grp == grp)) {
-	subnet = htonl(ntohl(ip_addr) >> table[i].mask); //ip_addr << table[i].mask;
-	if ((table[i].subnet == subnet) &&
-	    ((table[i].port == port) || (table[i].port == 0)))
+	if (i == count) return -1;
+
+	while ((i < count) && (table[i].grp == grp)) {
+		if (((table[i].port == port) || (table[i].port == 0))
+			&& (ip_addr_match_net(addr, &table[i].subnet, table[i].mask)==0))
 		{
 			if (tag_avp.n && table[i].tag.s) {
 				val.s = table[i].tag;
@@ -602,12 +595,12 @@ int match_subnet_table(struct subnet* table, unsigned int grp,
 					return -1;
 				}
 			}
-	    return 1;
+			return 1;
 		}
-	i++;
-    }
+		i++;
+	}
 
-    return -1;
+	return -1;
 }
 
 
@@ -617,22 +610,21 @@ int match_subnet_table(struct subnet* table, unsigned int grp,
  * first match or -1 if no match is found.
  */
 int find_group_in_subnet_table(struct subnet* table,
-			       unsigned int ip_addr, unsigned int port)
+		ip_addr_t *addr, unsigned int port)
 {
-    unsigned int count, i, subnet;
+	unsigned int count, i;
 
-    count = table[PERM_MAX_SUBNETS].grp;
+	count = table[PERM_MAX_SUBNETS].grp;
 
-    i = 0;
-    while (i < count) {
-	subnet = htonl(ntohl(ip_addr) >> table[i].mask);
-	if ((table[i].subnet == subnet) &&
-	    ((table[i].port == port) || (table[i].port == 0)))
-	    return table[i].grp;
-	i++;
-    }
+	i = 0;
+	while (i < count) {
+		if ( ((table[i].port == port) || (table[i].port == 0))
+			&& (ip_addr_match_net(addr, &table[i].subnet, table[i].mask)==0))
+			return table[i].grp;
+		i++;
+	}
 
-    return -1;
+	return -1;
 }
 
 
@@ -641,24 +633,20 @@ int find_group_in_subnet_table(struct subnet* table,
  */
 int subnet_table_mi_print(struct subnet* table, struct mi_node* rpl)
 {
-    unsigned int count, i;
-    struct ip_addr addr;
-    
-    count = table[PERM_MAX_SUBNETS].grp;
-
-    for (i = 0; i < count; i++) {
-	addr.af = AF_INET;
-	addr.len = 4;
-	addr.u.addr32[0] = htonl(ntohl(table[i].subnet) << table[i].mask); //table[i].subnet >> table[i].mask;
-	if (addf_mi_node_child(rpl, 0, 0, 0,
-			       "%4d <%u, %s, %u, %u> [%s]",
-			       i, table[i].grp, ip_addr2a(&addr),
-			       32 - table[i].mask, table[i].port,
-				   (table[i].tag.s==NULL)?"":table[i].tag.s) == 0) {
-	    return -1;
+	unsigned int count, i;
+
+	count = table[PERM_MAX_SUBNETS].grp;
+
+	for (i = 0; i < count; i++) {
+		if (addf_mi_node_child(rpl, 0, 0, 0,
+					"%4d <%u, %s, %u, %u> [%s]",
+					i, table[i].grp, ip_addr2a(&table[i].subnet),
+					table[i].mask, table[i].port,
+					(table[i].tag.s==NULL)?"":table[i].tag.s) == 0) {
+			return -1;
+		}
 	}
-    }
-    return 0;
+	return 0;
 }
 
 
@@ -668,7 +656,7 @@ int subnet_table_mi_print(struct subnet* table, struct mi_node* rpl)
 void empty_subnet_table(struct subnet *table)
 {
 	int i;
-    table[PERM_MAX_SUBNETS].grp = 0;
+	table[PERM_MAX_SUBNETS].grp = 0;
 	for(i=0; i<PERM_MAX_SUBNETS; i++)
 	{
 		if(table[i].tag.s!=NULL)
@@ -687,8 +675,8 @@ void empty_subnet_table(struct subnet *table)
 void free_subnet_table(struct subnet* table)
 {
 	int i;
-    if (!table)
-	return;
+	if (!table)
+		return;
 	for(i=0; i<PERM_MAX_SUBNETS; i++)
 	{
 		if(table[i].tag.s!=NULL)
@@ -699,5 +687,5 @@ void free_subnet_table(struct subnet* table)
 		}
 	}
 
-    shm_free(table);
+	shm_free(table);
 }

modules_k/permissions/hash.h

@@ -108,7 +108,7 @@ void empty_hash_table(struct trusted_list** hash_table);
  */
 struct addr_list {
     unsigned int grp;
-    unsigned int ip_addr;
+    ip_addr_t addr;
     unsigned int port;
 	str tag;
     struct addr_list *next;  /* Next element in the list */
@@ -137,7 +137,7 @@ void destroy_addr_hash_table(struct addr_list** table);
  * Add <group, ip_addr, port> into hash table
  */
 int addr_hash_table_insert(struct addr_list** hash_table, unsigned int grp,
-			   unsigned int ip_addr, unsigned int port, char *tagv);
+			    ip_addr_t *addr, unsigned int port, char *tagv);
 
 
 /* 
@@ -145,7 +145,7 @@ int addr_hash_table_insert(struct addr_list** hash_table, unsigned int grp,
  * port.  Port 0 in hash table matches any port.
  */
 int match_addr_hash_table(struct addr_list** table, unsigned int grp,
-			  unsigned int ip_addr, unsigned int port);
+			  ip_addr_t *addr, unsigned int port);
 
 
 /* 
@@ -154,7 +154,7 @@ int match_addr_hash_table(struct addr_list** table, unsigned int grp,
  * or -1 if no match is found.
  */
 int find_group_in_addr_hash_table(struct addr_list** table,
-				  unsigned int ip_addr, unsigned int port);
+				  ip_addr_t *addr, unsigned int port);
 
 
 /* 
@@ -179,7 +179,7 @@ void empty_addr_hash_table(struct addr_list** hash_table);
  */
 struct subnet {
     unsigned int grp;        /* address group, subnet count in last record */
-    unsigned int subnet;     /* IP subnet in host byte order with host bits shifted out */
+    ip_addr_t  subnet;       /* IP subnet in host byte order with host bits shifted out */
     unsigned int port;       /* port or 0 */
     unsigned int mask;       /* how many bits belong to network part */
 	str tag;
@@ -197,7 +197,7 @@ struct subnet* new_subnet_table(void);
  * and port.  Port 0 in subnet table matches any port.
  */
 int match_subnet_table(struct subnet* table, unsigned int group,
-		       unsigned int ip_addr, unsigned int port);
+		       ip_addr_t *addr, unsigned int port);
 
 
 /* 
@@ -206,7 +206,7 @@ int match_subnet_table(struct subnet* table, unsigned int group,
  * the first match or -1 if no match is found.
  */
 int find_group_in_subnet_table(struct subnet* table,
-			       unsigned int ip_addr, unsigned int port);
+			       ip_addr_t *addr, unsigned int port);
 
 /* 
  * Empty contents of subnet table
@@ -225,7 +225,7 @@ void free_subnet_table(struct subnet* table);
  * kept ordered according to subnet, port, grp.
  */
 int subnet_table_insert(struct subnet* table, unsigned int grp,
-			unsigned int subnet, unsigned int mask,
+			ip_addr_t *subnet, unsigned int mask,
 			unsigned int port, char *tagv);
 
 

modules_k/permissions/permissions.c

@@ -24,7 +24,7 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  *
  */
- 
+
 #include <stdio.h>
 #include "permissions.h"
 #include "parse_config.h"
@@ -102,6 +102,8 @@ static int single_fixup(void** param, int param_no);
  */
 static int double_fixup(void** param, int param_no);
 
+static int fixup_allow_address(void** param, int param_no);
+
 static int allow_routing_0(struct sip_msg* msg, char* str1, char* str2);
 static int allow_routing_1(struct sip_msg* msg, char* basename, char* str2);
 static int allow_routing_2(struct sip_msg* msg, char* allow_file, char* deny_file);
@@ -119,29 +121,29 @@ static int mi_addr_child_init();
 /* Exported functions */
 static cmd_export_t cmds[] = {
 	{"allow_routing",  (cmd_function)allow_routing_0,  0, 0, 0,
-		REQUEST_ROUTE | FAILURE_ROUTE|LOCAL_ROUTE},
+		ANY_ROUTE},
 	{"allow_routing",  (cmd_function)allow_routing_1,  1, single_fixup, 0,
-		REQUEST_ROUTE | FAILURE_ROUTE|LOCAL_ROUTE},
+		ANY_ROUTE},
 	{"allow_routing",  (cmd_function)allow_routing_2,  2, load_fixup, 0,
-		REQUEST_ROUTE | FAILURE_ROUTE|LOCAL_ROUTE},
+		ANY_ROUTE},
 	{"allow_register", (cmd_function)allow_register_1, 1, single_fixup, 0,
 		REQUEST_ROUTE | FAILURE_ROUTE},
 	{"allow_register", (cmd_function)allow_register_2, 2, load_fixup, 0,
 		REQUEST_ROUTE | FAILURE_ROUTE},
 	{"allow_trusted",  (cmd_function)allow_trusted_0,  0, 0, 0,
-		REQUEST_ROUTE | FAILURE_ROUTE},
+		ANY_ROUTE},
 	{"allow_trusted",  (cmd_function)allow_trusted_2,  2, fixup_spve_spve,
-	        fixup_free_spve_spve, REQUEST_ROUTE | FAILURE_ROUTE},
+		fixup_free_spve_spve, ANY_ROUTE},
 	{"allow_uri",      (cmd_function)allow_uri, 2, double_fixup, 0,
-		REQUEST_ROUTE | FAILURE_ROUTE|LOCAL_ROUTE},
-	{"allow_address",  (cmd_function)allow_address, 3, fixup_igp_pvar_pvar,
-	        fixup_free_igp_pvar_pvar, REQUEST_ROUTE|FAILURE_ROUTE|LOCAL_ROUTE},
-	{"allow_source_address", (cmd_function)allow_source_address, 1, fixup_igp_null, 0,
 		REQUEST_ROUTE | FAILURE_ROUTE},
+	{"allow_address",  (cmd_function)allow_address, 3, fixup_allow_address,
+		0, ANY_ROUTE},
+	{"allow_source_address", (cmd_function)allow_source_address, 1, fixup_igp_null, 0,
+		ANY_ROUTE},
 	{"allow_source_address", (cmd_function)allow_source_address, 0, 0, 0,
-		REQUEST_ROUTE | FAILURE_ROUTE},
+		ANY_ROUTE},
 	{"allow_source_address_group", (cmd_function)allow_source_address_group, 0, 0, 0,
-		REQUEST_ROUTE | FAILURE_ROUTE},
+		ANY_ROUTE},
 	{0, 0, 0, 0, 0, 0}
 };
 
@@ -174,10 +176,10 @@ static param_export_t params[] = {
  */
 static mi_export_t mi_cmds[] = {
 	{ MI_TRUSTED_RELOAD,  mi_trusted_reload,  MI_NO_INPUT_FLAG,  0,
-													mi_trusted_child_init },
+		mi_trusted_child_init },
 	{ MI_TRUSTED_DUMP,    mi_trusted_dump,    MI_NO_INPUT_FLAG,  0,  0 },
 	{ MI_ADDRESS_RELOAD,  mi_address_reload,  MI_NO_INPUT_FLAG,  0,
-													mi_addr_child_init },
+		mi_addr_child_init },
 	{ MI_ADDRESS_DUMP,    mi_address_dump,    MI_NO_INPUT_FLAG,  0,  0 },
 	{ MI_SUBNET_DUMP,     mi_subnet_dump,     MI_NO_INPUT_FLAG,  0,  0 },
 	{ MI_ALLOW_URI,       mi_allow_uri,       0,  0,  0 },
@@ -210,7 +212,7 @@ static int get_path(char* pathname)
 {
 	char* c;
 	if (!pathname) return 0;
-	
+
 	c = strrchr(pathname, '/');
 	if (!c) return 0;
 
@@ -227,7 +229,7 @@ static char* get_pathname(char* name)
 	int path_len, name_len;
 
 	if (!name) return 0;
-	
+
 	name_len = strlen(name);
 	if (strchr(name, '/')) {
 		buffer = (char*)pkg_malloc(name_len + 1);
@@ -244,7 +246,7 @@ static char* get_pathname(char* name)
 		return buffer;
 	}
 
- err:
+err:
 	LM_ERR("no pkg memory left\n");
 	return 0;
 }
@@ -285,7 +287,7 @@ static char* get_plain_uri(const str* uri)
 		LM_ERR("failed to parse URI\n");
 		return 0;
 	}
-	
+
 	if (puri.user.len) {
 		len = puri.user.len + puri.host.len + 5;
 	} else {
@@ -296,11 +298,11 @@ static char* get_plain_uri(const str* uri)
 		LM_ERR("Request-URI is too long: %d chars\n", len);
 		return 0;
 	}
-	
+
 	strcpy(buffer, "sip:");
 	if (puri.user.len) {
 		memcpy(buffer + 4, puri.user.s, puri.user.len);
-	        buffer[puri.user.len + 4] = '@';
+		buffer[puri.user.len + 4] = '@';
 		memcpy(buffer + puri.user.len + 5, puri.host.s, puri.host.len);
 	} else {
 		memcpy(buffer + 4, puri.host.s, puri.host.len);
@@ -332,59 +334,59 @@ static int check_routing(struct sip_msg* msg, int idx)
 		LM_DBG("no rules => allow any routing\n");
 		return 1;
 	}
-	
+
 	/* looking for FROM HF */
-        if ((!msg->from) && (parse_headers(msg, HDR_FROM_F, 0) == -1)) {
-                LM_ERR("failed to parse message\n");
-                return -1;
-        }
-	
+	if ((!msg->from) && (parse_headers(msg, HDR_FROM_F, 0) == -1)) {
+		LM_ERR("failed to parse message\n");
+		return -1;
+	}
+
 	if (!msg->from) {
 		LM_ERR("FROM header field not found\n");
 		return -1;
 	}
-	
+
 	/* we must call parse_from_header explicitly */
-        if ((!(msg->from)->parsed) && (parse_from_header(msg) < 0)) {
-                LM_ERR("failed to parse From body\n");
-                return -1;
-        }
-	
+	if ((!(msg->from)->parsed) && (parse_from_header(msg) < 0)) {
+		LM_ERR("failed to parse From body\n");
+		return -1;
+	}
+
 	from = msg->from;
 	len = ((struct to_body*)from->parsed)->uri.len;
 	if (len > EXPRESSION_LENGTH) {
-                LM_ERR("From header field is too long: %d chars\n", len);
-                return -1;
+		LM_ERR("From header field is too long: %d chars\n", len);
+		return -1;
 	}
 	strncpy(from_str, ((struct to_body*)from->parsed)->uri.s, len);
 	from_str[len] = '\0';
-	
+
 	/* looking for request URI */
 	if (parse_sip_msg_uri(msg) < 0) {
-	        LM_ERR("uri parsing failed\n");
-	        return -1;
+		LM_ERR("uri parsing failed\n");
+		return -1;
 	}
-	
+
 	len = msg->parsed_uri.user.len + msg->parsed_uri.host.len + 5;
 	if (len > EXPRESSION_LENGTH) {
-                LM_ERR("Request URI is too long: %d chars\n", len);
-                return -1;
+		LM_ERR("Request URI is too long: %d chars\n", len);
+		return -1;
 	}
-	
+
 	strcpy(ruri_str, "sip:");
 	memcpy(ruri_str + 4, msg->parsed_uri.user.s, msg->parsed_uri.user.len);
 	ruri_str[msg->parsed_uri.user.len + 4] = '@';
 	memcpy(ruri_str + msg->parsed_uri.user.len + 5, msg->parsed_uri.host.s, msg->parsed_uri.host.len);
 	ruri_str[len] = '\0';
-	
-        LM_DBG("looking for From: %s Request-URI: %s\n", from_str, ruri_str);
-	     /* rule exists in allow file */
+
+	LM_DBG("looking for From: %s Request-URI: %s\n", from_str, ruri_str);
+	/* rule exists in allow file */
 	if (search_rule(allow[idx].rules, from_str, ruri_str)) {
 		if (check_all_branches) goto check_branches;
-    		LM_DBG("allow rule found => routing is allowed\n");
+		LM_DBG("allow rule found => routing is allowed\n");
 		return 1;
 	}
-	
+
 	/* rule exists in deny file */
 	if (search_rule(deny[idx].rules, from_str, ruri_str)) {
 		LM_DBG("deny rule found => routing is denied\n");
@@ -396,27 +398,27 @@ static int check_routing(struct sip_msg* msg, int idx)
 		return 1;
 	}
 
- check_branches:
+check_branches:
 	for( br_idx=0 ; (branch.s=get_branch(br_idx,&branch.len,&q,0,0,0,0))!=0 ;
-	br_idx++ ) {
+			br_idx++ ) {
 		uri_str = get_plain_uri(&branch);
 		if (!uri_str) {
 			LM_ERR("failed to extract plain URI\n");
 			return -1;
 		}
 		LM_DBG("looking for From: %s Branch: %s\n", from_str, uri_str);
-		
+
 		if (search_rule(allow[idx].rules, from_str, uri_str)) {
 			continue;
 		}
-		
+
 		if (search_rule(deny[idx].rules, from_str, uri_str)) {
 			LM_DBG("deny rule found for one of branches => routing"
-			       "is denied\n");
+					"is denied\n");
 			return -1;
 		}
 	}
-	
+
 	LM_DBG("check of branches passed => routing is allowed\n");
 	return 1;
 }
@@ -441,7 +443,7 @@ static int load_fixup(void** param, int param_no)
 	idx = find_index(table, pathname);
 
 	if (idx == -1) {
-		     /* Not opened yet, open the file and parse it */
+		/* Not opened yet, open the file and parse it */
 		table[rules_num].filename = pathname;
 		table[rules_num].rules = parse_config_file(pathname);
 		if (table[rules_num].rules) {
@@ -452,7 +454,7 @@ static int load_fixup(void** param, int param_no)
 		*param = (void*)(long)rules_num;
 		if (param_no == 2) rules_num++;
 	} else {
-		     /* File already parsed, re-use it */
+		/* File already parsed, re-use it */
 		LM_DBG("file (%s) already loaded, re-using\n", pathname);
 		pkg_free(pathname);
 		*param = (void*)(long)idx;
@@ -515,56 +517,56 @@ static int double_fixup(void** param, int param_no)
 	str s;
 
 	if (param_no == 1) { /* basename */
-	    param_len = strlen((char*)*param);
-	    if (strlen(allow_suffix) > strlen(deny_suffix)) {
-		suffix_len = strlen(allow_suffix);
-	    } else {
-		suffix_len = strlen(deny_suffix);
-	    }
+		param_len = strlen((char*)*param);
+		if (strlen(allow_suffix) > strlen(deny_suffix)) {
+			suffix_len = strlen(allow_suffix);
+		} else {
+			suffix_len = strlen(deny_suffix);
+		}
 
-	    buffer = pkg_malloc(param_len + suffix_len + 1);
-	    if (!buffer) {
-		LM_ERR("no pkg memory left\n");
-		return -1;
-	    }
-	    
-	    strcpy(buffer, (char*)*param);
-	    strcat(buffer, allow_suffix);
-	    tmp = buffer; 
-	    ret = load_fixup(&tmp, 1);
+		buffer = pkg_malloc(param_len + suffix_len + 1);
+		if (!buffer) {
+			LM_ERR("no pkg memory left\n");
+			return -1;
+		}
 
-	    strcpy(buffer + param_len, deny_suffix);
-	    tmp = buffer;
-	    ret |= load_fixup(&tmp, 2);
+		strcpy(buffer, (char*)*param);
+		strcat(buffer, allow_suffix);
+		tmp = buffer; 
+		ret = load_fixup(&tmp, 1);
 
-	    *param = tmp;
-	    pkg_free(buffer);
+		strcpy(buffer + param_len, deny_suffix);
+		tmp = buffer;
+		ret |= load_fixup(&tmp, 2);
 
-	    return 0;
+		*param = tmp;
+		pkg_free(buffer);
+
+		return 0;
 
 	} else if (param_no == 2) { /* pseudo variable */
 
-	    sp = (pv_spec_t*)pkg_malloc(sizeof(pv_spec_t));
-	    if (sp == 0) {
-		LM_ERR("no pkg memory left\n");
-		return -1;
-	    }
+		sp = (pv_spec_t*)pkg_malloc(sizeof(pv_spec_t));
+		if (sp == 0) {
+			LM_ERR("no pkg memory left\n");
+			return -1;
+		}
 		s.s = (char*)*param; s.len = strlen(s.s);
-	    if (pv_parse_spec(&s, sp) == 0) {
-		LM_ERR("parsing of pseudo variable %s failed!\n", (char*)*param);
-		pkg_free(sp);
-		return -1;
-	    }
+		if (pv_parse_spec(&s, sp) == 0) {
+			LM_ERR("parsing of pseudo variable %s failed!\n", (char*)*param);
+			pkg_free(sp);
+			return -1;
+		}
 
-	    if (sp->type == PVT_NULL) {
-		LM_ERR("bad pseudo variable\n");
-		pkg_free(sp);
-		return -1;
-	    }
+		if (sp->type == PVT_NULL) {
+			LM_ERR("bad pseudo variable\n");
+			pkg_free(sp);
+			return -1;
+		}
 
-	    *param = (void*)sp;
+		*param = (void*)sp;
 
-	    return 0;
+		return 0;
 	}
 
 	*param = (void *)0;
@@ -605,7 +607,7 @@ static int mod_init(void)
 		LM_DBG("default allow file (%s) parsed\n", allow[0].filename);
 	} else {
 		LM_INFO("default allow file (%s) not found => empty rule set\n",
-			allow[0].filename);
+				allow[0].filename);
 	}
 
 	deny[0].filename = get_pathname(default_deny_file);
@@ -614,7 +616,7 @@ static int mod_init(void)
 		LM_DBG("default deny file (%s) parsed\n", deny[0].filename);
 	} else {
 		LM_INFO("default deny file (%s) not found => empty rule set\n",
-			deny[0].filename);
+				deny[0].filename);
 	}
 
 	if (init_trusted() != 0) {
@@ -633,10 +635,10 @@ static int mod_init(void)
 	}
 
 	if ((db_mode != DISABLE_CACHE) && (db_mode != ENABLE_CACHE)) {
-	        LM_ERR("invalid db_mode value: %d\n", db_mode);
+		LM_ERR("invalid db_mode value: %d\n", db_mode);
 		return -1;
 	}
-	    
+
 	rules_num = 1;
 	return 0;
 }
@@ -652,13 +654,13 @@ static int child_init(int rank)
 
 static int mi_trusted_child_init(void)
 {
-    return mi_init_trusted();
+	return mi_init_trusted();
 }
 
 
 static int mi_addr_child_init(void)
 {
-    return mi_init_addresses();
+	return mi_init_addresses();
 }
 
 
@@ -703,7 +705,7 @@ int allow_routing_1(struct sip_msg* msg, char* basename, char* s)
  */
 int allow_routing_2(struct sip_msg* msg, char* allow_file, char* deny_file)
 {
-	     /* Index converted by load_lookup */
+	/* Index converted by load_lookup */
 	return check_routing(msg, (int)(long)allow_file);
 }
 
@@ -722,18 +724,18 @@ static int check_register(struct sip_msg* msg, int idx)
 	char* contact_str;
 	contact_t* c;
 
-	     /* turn off control, allow any routing */
+	/* turn off control, allow any routing */
 	if ((!allow[idx].rules) && (!deny[idx].rules)) {
 		LM_DBG("no rules => allow any registration\n");
 		return 1;
 	}
 
-	     /*
-	      * Note: We do not parse the whole header field here although the message can
-	      * contain multiple Contact header fields. We try contacts one by one and if one
-	      * of them causes reject then we don't look at others, this could improve performance
-	      * a little bit in some situations
-	      */
+	/*
+	 * Note: We do not parse the whole header field here although the message can
+	 * contain multiple Contact header fields. We try contacts one by one and if one
+	 * of them causes reject then we don't look at others, this could improve performance
+	 * a little bit in some situations
+	 */
 	if (parse_headers(msg, HDR_TO_F | HDR_CONTACT_F, 0) == -1) {
 		LM_ERR("failed to parse headers\n");
 		return -1;
@@ -743,19 +745,19 @@ static int check_register(struct sip_msg* msg, int idx)
 		LM_ERR("To or Contact not found\n");
 		return -1;
 	}
-	
+
 	if (!msg->contact) {
-		     /* REGISTER messages that contain no Contact header field
-		      * are allowed. Such messages do not modify the contents of
-		      * the user location database anyway and thus are not harmful
-		      */
+		/* REGISTER messages that contain no Contact header field
+		 * are allowed. Such messages do not modify the contents of
+		 * the user location database anyway and thus are not harmful
+		 */
 		LM_DBG("no Contact found, allowing\n");
 		return 1;
 	}
 
-	     /* Check if the REGISTER message contains start Contact and if
-	      * so then allow it
-	      */
+	/* Check if the REGISTER message contains start Contact and if
+	 * so then allow it
+	 */
 	if (parse_contact(msg->contact) < 0) {
 		LM_ERR("failed to parse Contact HF\n");
 		return -1;
@@ -768,8 +770,8 @@ static int check_register(struct sip_msg* msg, int idx)
 
 	len = ((struct to_body*)msg->to->parsed)->uri.len;
 	if (len > EXPRESSION_LENGTH) {
-                LM_ERR("To header field is too long: %d chars\n", len);
-                return -1;
+		LM_ERR("To header field is too long: %d chars\n", len);
+		return -1;
 	}
 	strncpy(to_str, ((struct to_body*)msg->to->parsed)->uri.s, len);
 	to_str[len] = '\0';
@@ -787,18 +789,18 @@ static int check_register(struct sip_msg* msg, int idx)
 
 		LM_DBG("looking for To: %s Contact: %s\n", to_str, contact_str);
 
-		     /* rule exists in allow file */
+		/* rule exists in allow file */
 		if (search_rule(allow[idx].rules, to_str, contact_str)) {
 			if (check_all_branches) goto skip_deny;
 		}
-	
-		     /* rule exists in deny file */
+
+		/* rule exists in deny file */
 		if (search_rule(deny[idx].rules, to_str, contact_str)) {
 			LM_DBG("deny rule found => Register denied\n");
 			return -1;
 		}
 
-	skip_deny:
+skip_deny:
 		if (contact_iterator(&c, msg, c) < 0) {
 			return -1;
 		}
@@ -838,68 +840,68 @@ static int allow_uri(struct sip_msg* msg, char* _idx, char* _sp)
 
 	idx = (int)(long)_idx;
 	sp = (pv_spec_t *)_sp;
-	
+
 	/* turn off control, allow any uri */
 	if ((!allow[idx].rules) && (!deny[idx].rules)) {
 		LM_DBG("no rules => allow any uri\n");
 		return 1;
 	}
-	
+
 	/* looking for FROM HF */
-        if ((!msg->from) && (parse_headers(msg, HDR_FROM_F, 0) == -1)) {
-                LM_ERR("failed to parse message\n");
-                return -1;
-        }
-	
+	if ((!msg->from) && (parse_headers(msg, HDR_FROM_F, 0) == -1)) {
+		LM_ERR("failed to parse message\n");
+		return -1;
+	}
+
 	if (!msg->from) {
 		LM_ERR("FROM header field not found\n");
 		return -1;
 	}
-	
+
 	/* we must call parse_from_header explicitly */
-        if ((!(msg->from)->parsed) && (parse_from_header(msg) < 0)) {
-                LM_ERR("failed to parse From body\n");
-                return -1;
-        }
-	
+	if ((!(msg->from)->parsed) && (parse_from_header(msg) < 0)) {
+		LM_ERR("failed to parse From body\n");
+		return -1;
+	}
+
 	from = msg->from;
 	len = ((struct to_body*)from->parsed)->uri.len;
 	if (len > EXPRESSION_LENGTH) {
-               LM_ERR("From header field is too long: %d chars\n", len);
-                return -1;
+		LM_ERR("From header field is too long: %d chars\n", len);
+		return -1;
 	}
 	strncpy(from_str, ((struct to_body*)from->parsed)->uri.s, len);
 	from_str[len] = '\0';
 
 	if (sp && (pv_get_spec_value(msg, sp, &pv_val) == 0)) {
-	    if (pv_val.flags & PV_VAL_STR) {
-		if (pv_val.rs.len > EXPRESSION_LENGTH) {
-		    LM_ERR("pseudo variable value is too "
-					"long: %d chars\n", pv_val.rs.len);
-		    return -1;
+		if (pv_val.flags & PV_VAL_STR) {
+			if (pv_val.rs.len > EXPRESSION_LENGTH) {
+				LM_ERR("pseudo variable value is too "
+						"long: %d chars\n", pv_val.rs.len);
+				return -1;
+			}
+			strncpy(uri_str, pv_val.rs.s, pv_val.rs.len);
+			uri_str[pv_val.rs.len] = '\0';
+		} else {
+			LM_ERR("pseudo variable value is not string\n");
+			return -1;
 		}
-		strncpy(uri_str, pv_val.rs.s, pv_val.rs.len);
-		uri_str[pv_val.rs.len] = '\0';
-	    } else {
-		LM_ERR("pseudo variable value is not string\n");
-		return -1;
-	    }
 	} else {
-	    LM_ERR("cannot get pseudo variable value\n");
-	    return -1;
+		LM_ERR("cannot get pseudo variable value\n");
+		return -1;
 	}
 
-    LM_DBG("looking for From: %s URI: %s\n", from_str, uri_str);
-	     /* rule exists in allow file */
+	LM_DBG("looking for From: %s URI: %s\n", from_str, uri_str);
+	/* rule exists in allow file */
 	if (search_rule(allow[idx].rules, from_str, uri_str)) {
-    		LM_DBG("allow rule found => URI is allowed\n");
+		LM_DBG("allow rule found => URI is allowed\n");
 		return 1;
 	}
-	
+
 	/* rule exists in deny file */
 	if (search_rule(deny[idx].rules, from_str, uri_str)) {
-	    LM_DBG("deny rule found => URI is denied\n");
-	    return -1;
+		LM_DBG("deny rule found => URI is denied\n");
+		return -1;
 	}
 
 	LM_DBG("neither allow nor deny rule found => URI is allowed\n");
@@ -913,45 +915,59 @@ static int allow_uri(struct sip_msg* msg, char* _idx, char* _sp)
  */
 int allow_test(char *file, char *uri, char *contact)
 {
-    char *pathname;
-    int idx;
-    
-    pathname = get_pathname(file);
-    if (!pathname) {
-	LM_ERR("Cannot get pathname of <%s>\n", file);
-	return 0;
-    }
+	char *pathname;
+	int idx;
+
+	pathname = get_pathname(file);
+	if (!pathname) {
+		LM_ERR("Cannot get pathname of <%s>\n", file);
+		return 0;
+	}
+
+	idx = find_index(allow, pathname);
+	if (idx == -1) {
+		LM_ERR("File <%s> has not been loaded\n", pathname);
+		pkg_free(pathname);
+		return 0;
+	}
 
-    idx = find_index(allow, pathname);
-    if (idx == -1) {
-	LM_ERR("File <%s> has not been loaded\n", pathname);
 	pkg_free(pathname);
-	return 0;
-    }
 
-    pkg_free(pathname);
-	
-    /* turn off control, allow any routing */
-    if ((!allow[idx].rules) && (!deny[idx].rules)) {
-	LM_DBG("No rules => Allowed\n");
-	return 1;
-    }
-    
-    LM_DBG("Looking for URI: %s, Contact: %s\n", uri, contact);
+	/* turn off control, allow any routing */
+	if ((!allow[idx].rules) && (!deny[idx].rules)) {
+		LM_DBG("No rules => Allowed\n");
+		return 1;
+	}
+
+	LM_DBG("Looking for URI: %s, Contact: %s\n", uri, contact);
 
-    /* rule exists in allow file */
-    if (search_rule(allow[idx].rules, uri, contact)) {
-	LM_DBG("Allow rule found => Allowed\n");
+	/* rule exists in allow file */
+	if (search_rule(allow[idx].rules, uri, contact)) {
+		LM_DBG("Allow rule found => Allowed\n");
+		return 1;
+	}
+
+	/* rule exists in deny file */
+	if (search_rule(deny[idx].rules, uri, contact)) {
+		LM_DBG("Deny rule found => Denied\n");
+		return 0;
+	}
+
+	LM_DBG("Neither allow or deny rule found => Allowed\n");
 	return 1;
-    }
-	
-    /* rule exists in deny file */
-    if (search_rule(deny[idx].rules, uri, contact)) {
-	LM_DBG("Deny rule found => Denied\n");
-	return 0;
-    }
 
-    LM_DBG("Neither allow or deny rule found => Allowed\n");
-    return 1;
+}
 
+/**
+ *
+ */
+static int fixup_allow_address(void** param, int param_no)
+{
+	if(param_no==1)
+		return fixup_igp_null(param, 1);
+	if(param_no==2)
+		return fixup_spve_null(param, 1);
+	if(param_no==3)
+		return fixup_igp_null(param, 1);
+	return 0;
 }