Re: [sr-dev] git:master: ipops: new cfg function dns_nc_match_ip(hostname, ipaddr)

Module: sip-router Branch: master Commit: ccebf9e536d7d5ea8fc824ea089d501e888b37c8 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=ccebf9e… Author: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Committer: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Date: Fri Jul 12 13:31:12 2013 +0200 ipops: new cfg function dns_nc_match_ip(hostname, ipaddr) - do dns query for the hostname and compare the result to see if is a match with ipaddr --- modules/ipops/README | 24 ++++++++++ modules/ipops/doc/ipops_admin.xml | 45 ++++++++++++++++++++ modules/ipops/ipops_mod.c | 84 +++++++++++++++++++++++++++++++++++++ 3 files changed, 153 insertions(+), 0 deletions(-) diff --git a/modules/ipops/README b/modules/ipops/README index bd79553..901535a 100644 --- a/modules/ipops/README +++ b/modules/ipops/README @@ -36,6 +36,7 @@ I 4.8. compare_pure_ips (ip1, ip2) 4.9. is_ip_rfc1918 (ip) 4.10. is_in_subnet (ip, subnet) + 4.11. dns_nc_match_ip(hostname, ipaddr) List of Examples @@ -49,6 +50,7 @@ I 1.8. compare_pure_ips usage 1.9. is_ip_rfc1918 usage 1.10. is_in_subnet usage + 1.11. dns_nc_match_ip usage Chapter 1. Admin Guide @@ -73,6 +75,7 @@ Chapter 1. Admin Guide 4.8. compare_pure_ips (ip1, ip2) 4.9. is_ip_rfc1918 (ip) 4.10. is_in_subnet (ip, subnet) + 4.11. dns_nc_match_ip(hostname, ipaddr) 1. Overview @@ -124,6 +127,7 @@ Chapter 1. Admin Guide 4.8. compare_pure_ips (ip1, ip2) 4.9. is_ip_rfc1918 (ip) 4.10. is_in_subnet (ip, subnet) + 4.11. dns_nc_match_ip(hostname, ipaddr) 4.1. is_ip (ip) @@ -329,3 +333,23 @@ if (is_in_subnet("10.0.123.123", "10.0.123.1/24")) { xlog("L_INFO", "it's in the subnet\n"); } ... + +4.11. dns_nc_match_ip(hostname, ipaddr) + + Returns TRUE if ipaddr is associated by DNS to hostname. FALSE + otherwise. It does not use the internal DNS cache, but directly + getaddrinfo(...). + + Parameters: + * ipaddr - string or pseudo-variable containing the ip address. + * hostname - string or pseudo-variable containing the hostname. The + resulting IP addresses from DNS query are compared with ipaddress. + + This function can be used from ANY_ROUTE. + + Example 1.11. dns_nc_match_ip usage +... +if (!dns_nc_match_ip("myhost.com", "1.2.3.4")) { + xdbg("ip address not associated with hostname\n"); +} +... diff --git a/modules/ipops/doc/ipops_admin.xml b/modules/ipops/doc/ipops_admin.xml index c7ce810..afb03d8 100644 --- a/modules/ipops/doc/ipops_admin.xml +++ b/modules/ipops/doc/ipops_admin.xml @@ -529,6 +529,51 @@ if (is_in_subnet("10.0.123.123", "10.0.123.1/24")) { </section> + <section id="ipops.f.dns_nc_match_ip"> + <title> + <function moreinfo="none">dns_nc_match_ip(hostname, ipaddr)</function> + </title> + + <para> + Returns TRUE if ipaddr is associated by DNS to hostname. FALSE otherwise. It + does not use the internal DNS cache, but directly getaddrinfo(...). + </para> + + <para>Parameters:</para> + + <itemizedlist> + <listitem> + <para> + <emphasis>ipaddr</emphasis> - string or pseudo-variable containing the ip address. + </para> + </listitem> + <listitem> + <para> + <emphasis>hostname</emphasis> - string or pseudo-variable containing the hostname. + The resulting IP addresses from DNS query are compared with ipaddress. + </para> + </listitem> + </itemizedlist> + + <para> + This function can be used from ANY_ROUTE. + </para> + + <example> + <title> + <function>dns_nc_match_ip</function> usage + </title> + <programlisting format="linespecific"> +... +if (!dns_nc_match_ip("myhost.com", "1.2.3.4")) { + xdbg("ip address not associated with hostname\n"); +} +... + </programlisting> + </example> + + </section> + </section> </chapter> diff --git a/modules/ipops/ipops_mod.c b/modules/ipops/ipops_mod.c index 164177b..d21546c 100644 --- a/modules/ipops/ipops_mod.c +++ b/modules/ipops/ipops_mod.c @@ -40,12 +40,16 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netdb.h> #include <arpa/inet.h> #include "../../sr_module.h" #include "../../dprint.h" #include "../../str.h" #include "../../mod_fix.h" #include "../../pvar.h" +#include "../../resolve.h" #include "api.h" #include "ip_parser.h" #include "rfc1918_parser.h" @@ -83,6 +87,7 @@ static int w_compare_ips(struct sip_msg*, char*, char*); static int w_compare_pure_ips(struct sip_msg*, char*, char*); static int w_is_ip_rfc1918(struct sip_msg*, char*); static int w_ip_is_in_subnet(struct sip_msg*, char*, char*); +static int w_dns_nc_match_ip(sip_msg_t*, char*, char*); /* @@ -110,6 +115,8 @@ static cmd_export_t cmds[] = REQUEST_ROUTE|FAILURE_ROUTE|ONREPLY_ROUTE|BRANCH_ROUTE|LOCAL_ROUTE }, { "is_in_subnet", (cmd_function)w_ip_is_in_subnet, 2, fixup_spve_spve, 0, REQUEST_ROUTE|FAILURE_ROUTE|ONREPLY_ROUTE|BRANCH_ROUTE|LOCAL_ROUTE }, + { "dns_nc_match_ip", (cmd_function)w_dns_nc_match_ip, 2, fixup_spve_spve, 0, + ANY_ROUTE }, { "bind_ipops", (cmd_function)bind_ipops, 0, 0, 0, 0}, { 0, 0, 0, 0, 0, 0 } }; @@ -596,3 +603,80 @@ static int w_is_ip_rfc1918(struct sip_msg* _msg, char* _s) else return -1; } + +static inline ip_addr_t *strtoipX(str *ips) +{ + /* try to figure out INET class */ + if(ips->s[0] == '[' || memchr(ips->s, ':', ips->len)!=NULL) + { + /* IPv6 */ + return str2ip6(ips); + } else { + /* IPv4 */ + return str2ip(ips); + } +} + +static int w_dns_nc_match_ip(sip_msg_t *msg, char *hnp, char *ipp) +{ + struct addrinfo hints, *res, *p; + int status; + ip_addr_t *ipa; + void *addr; + str hns; + str ips; + struct sockaddr_in *ipv4; + struct sockaddr_in6 *ipv6; + + if (fixup_get_svalue(msg, (gparam_p)hnp, &hns)) + { + LM_ERR("cannot evaluate hostname parameter\n"); + return -2; + } + + if (fixup_get_svalue(msg, (gparam_p)ipp, &ips)) + { + LM_ERR("cannot evaluate ip address parameter\n"); + return -2; + } + + ipa = strtoipX(&ips); + if(ipa==NULL) + { + LM_ERR("invalid ip address: %.*s\n", ips.len, ips.s); + return -3; + } + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = AF_UNSPEC; /* allow any of AF_INET or AF_INET6 */ + + if ((status = getaddrinfo(hns.s, NULL, &hints, &res)) != 0) + { + LM_ERR("getaddrinfo: %s\n", gai_strerror(status)); + return -2; + } + + for(p = res;p != NULL; p = p->ai_next) + { + if(p->ai_family==ipa->af) + { + if (p->ai_family==AF_INET) + { + ipv4 = (struct sockaddr_in *)p->ai_addr; + addr = &(ipv4->sin_addr); + } else { + ipv6 = (struct sockaddr_in6 *)p->ai_addr; + addr = &(ipv6->sin6_addr); + } + if(memcmp(ipa->u.addr, addr, ipa->len)==0) + { + /* matched IP */ + freeaddrinfo(res); + return 1; + } + } + } + freeaddrinfo(res); + + return -1; +} _______________________________________________ sr-dev mailing list sr-dev(a)lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev