Home Explore Help
Sign In
Kamailio
/
kamailio
mirror of https://github.com/kamailio/kamailio.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

- ipset initialization when declaring ipset using modparam()
e.g. modparam("permissions", "declare_ipset", "A=127.0.0.1/24");

Tomas Mandys 17 years ago
parent
cbba2c20c1
commit
a8679aa426
4 changed files with 29 additions and 10 deletions
Split View Show Diff Stats
  1. 1 1
      modules_s/permissions/doc/functions.xml
  2. 4 1
      modules_s/permissions/doc/params.xml
  3. 14 2
      modules_s/permissions/ip_set_rpc.c
  4. 10 6
      modules_s/permissions/permissions.c

+ 1 - 1
modules_s/permissions/doc/functions.xml
View File 

@@ -475,7 +475,7 @@ onsend_route[0] {
 
 	    <title><function>ip_is_trusted</function> usage</title>
 
 	    <programlisting>
 
 modparam("permissions", "declare_ipset", "my_ipset1");
 
-modparam("permissions", "declare_ipset", "my_ipset2");
 
+modparam("permissions", "declare_ipset", "my_ipset2=127.0.0.0/24;10.0.0.0/255.255.255.0");
 
 	
 route[TT2] {
 
 	if (ip_is_trusted("$net", "$ip")) {

+ 4 - 1
modules_s/permissions/doc/params.xml
View File 

@@ -192,7 +192,10 @@ modparam("permissions", "deny_suffix", ".deny")
 
 	<para>
 
 		Declares name of ip set which can be manipulated via RPC commands and 
 		tested using <function>ip_is_trusted</function>.
 
-		Identifier must start with letter or underscore.
 
+		Identifier must start with letter or underscore.		
+	</para>
 
+	<para>
 
+		IP mask may follow equal sign to initialize ipset on startup.
 
 	</para>
 
     </section>
 
 </section>

+ 14 - 2
modules_s/permissions/ip_set_rpc.c
View File 

@@ -43,7 +43,7 @@ static struct ip_set_list_item *ip_set_list = NULL;
 
 static int ip_set_list_count = 0;
 
 
 int ip_set_list_malloc(int num, str* names) {
 
-	int i;
 
+	int i, j;
 
 	if (num) {
 
 		ip_set_list = shm_malloc(num*sizeof(*ip_set_list));
 
 		if (!ip_set_list) return -1;
 
@@ -55,6 +55,17 @@ int ip_set_list_malloc(int num, str* names) {
 
 			lock_init(&ip_set_list[i].write_lock);
 
 			ip_set_list[i].ip_set = NULL;
 
 			ip_set_init(&ip_set_list[i].ip_set_pending, 1);
 
+			for (j=0; j<ip_set_list[i].name.len; j++) {
 
+				if (ip_set_list[i].name.s[j]=='=') {
 
+					str s;
 
+					s.s = ip_set_list[i].name.s + j + 1;
 
+					s.len = ip_set_list[i].name.len - j - 1;
 
+					ip_set_list[i].name.len = j;
 
+					ip_set_list[i].ip_set =  shm_malloc(sizeof(*ip_set_list[i].ip_set));
 
+					if (!ip_set_list[i].ip_set) return -1;
 
+					ip_set_add_list(&ip_set_list[i].ip_set->ip_set, s); /* allow pass even in case of error */
 
+				}
 
+			}
 
 		}
 
 	}
 
 	return 0;
 
@@ -165,7 +176,7 @@ void rpc_ip_set_commit(rpc_t* rpc, void* ctx) {
 
 	new_ip_set = shm_malloc(sizeof(*new_ip_set));
 
 	if (!new_ip_set) {
 
 		rpc->fault(ctx, 500, "Not enough memory");
 
-		return;
 
+		goto err;
 
 	}
 
 	
 	if (p->ip_set) {
 
@@ -179,6 +190,7 @@ void rpc_ip_set_commit(rpc_t* rpc, void* ctx) {
 
 	p->ip_set = new_ip_set;
 
 	
 	ip_set_init(&p->ip_set_pending, 1);
 
+err:	
 	lock_release(&p->read_lock);
 
 	lock_release(&p->write_lock);
 
 }

+ 10 - 6
modules_s/permissions/permissions.c
View File 

@@ -87,7 +87,7 @@ db_ctx_t	*db_conn = NULL;
 
 
 static str *ip_set_list_names = NULL;    /* declared names */
 
 static struct ip_set_ref **ip_set_list_local = NULL;  /* local copy of ip set in shared memory */
 
-static int ip_set_list_count = 0;  /* number of delared names */
 
+static int ip_set_list_count = 0;  /* number of declared names */
 
 
 /* fixup function prototypes */
 
 static int fixup_files_1(void** param, int param_no);
 
@@ -588,18 +588,22 @@ static int fixup_param_declare_ip_set( modparam_t type, void* val) {
 
 	str *p;
 
 	int i;
 
 	str s;
 
+	s.s = val;
 
+	s.len = strlen(s.s);
 
+	for (i=0; i<s.len && s.s[i]!='='; i++);
 
+	s.len = i;
 
+	
 	for (i=0; i<ip_set_list_count; i++) {
 
-		if (strcmp(val, ip_set_list_names[i].s) == 0) {
 
-			ERR(MODULE_NAME": declare_ip_set: ip set '%s' already exists\n", (char*)val);
 
+		if (ip_set_list_names[i].len>=s.len && memcmp(val, ip_set_list_names[i].s, s.len) == 0) {
 
+			ERR(MODULE_NAME": declare_ip_set: ip set '%.*s' already exists\n", s.len, s.s);
 
 			return E_CFG;
 
 		}
 
 	}
 
-	s.s = val;
 
-	s.len = strlen(s.s);
 
 	if (!is_ip_set_name(&s)) {
 
-		ERR(MODULE_NAME": declare_ip_set: ip set '%s' is not correct identifier\n", (char*)val);
 
+		ERR(MODULE_NAME": declare_ip_set: ip set '%.*s' is not correct identifier\n", s.len, s.s);
 
 		return E_CFG;
 
 	}
 
+	s.len = strlen(s.s);
 
 	p = pkg_realloc(ip_set_list_names, sizeof(*p)*(ip_set_list_count+1));
 
 	if (!p) return E_OUT_OF_MEM;
 
 	p[ip_set_list_count] = s;