Re: [sr-dev] git:master: ipops: new cfg function dns_nc_match_ip(hostname, ipaddr)

Hi Daniel!

Does it both, A and AAAA lookups and can it handle multiple answer RRs?

regards Klaus

On 12.07.2013 13:34, Daniel-Constantin Mierla wrote:

Module: sip-router Branch: master Commit: ccebf9e536d7d5ea8fc824ea089d501e888b37c8 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=ccebf9e5...

Author: Daniel-Constantin Mierla miconda@gmail.com Committer: Daniel-Constantin Mierla miconda@gmail.com Date: Fri Jul 12 13:31:12 2013 +0200

ipops: new cfg function dns_nc_match_ip(hostname, ipaddr)

• do dns query for the hostname and compare the result to see if is a match with ipaddr

---

modules/ipops/README | 24 ++++++++++ modules/ipops/doc/ipops_admin.xml | 45 ++++++++++++++++++++ modules/ipops/ipops_mod.c | 84 +++++++++++++++++++++++++++++++++++++ 3 files changed, 153 insertions(+), 0 deletions(-)

diff --git a/modules/ipops/README b/modules/ipops/README index bd79553..901535a 100644 --- a/modules/ipops/README +++ b/modules/ipops/README @@ -36,6 +36,7 @@ I 4.8. compare_pure_ips (ip1, ip2) 4.9. is_ip_rfc1918 (ip) 4.10. is_in_subnet (ip, subnet)

•          4.11. dns_nc_match_ip(hostname, ipaddr)
  
  

  List of Examples

@@ -49,6 +50,7 @@ I 1.8. compare_pure_ips usage 1.9. is_ip_rfc1918 usage 1.10. is_in_subnet usage

• 1.11. dns_nc_match_ip usage

  Chapter 1. Admin Guide

@@ -73,6 +75,7 @@ Chapter 1. Admin Guide 4.8. compare_pure_ips (ip1, ip2) 4.9. is_ip_rfc1918 (ip) 4.10. is_in_subnet (ip, subnet)

•    4.11. dns_nc_match_ip(hostname, ipaddr)
  
  

  1. Overview

@@ -124,6 +127,7 @@ Chapter 1. Admin Guide 4.8. compare_pure_ips (ip1, ip2) 4.9. is_ip_rfc1918 (ip) 4.10. is_in_subnet (ip, subnet)

• 4.11. dns_nc_match_ip(hostname, ipaddr)

  4.1. is_ip (ip)

@@ -329,3 +333,23 @@ if (is_in_subnet("10.0.123.123", "10.0.123.1/24")) { xlog("L_INFO", "it's in the subnet\n"); } ...

+4.11. dns_nc_match_ip(hostname, ipaddr)

• Returns TRUE if ipaddr is associated by DNS to hostname. FALSE
• otherwise. It does not use the internal DNS cache, but directly
• getaddrinfo(...).
• Parameters:

• * ipaddr - string or pseudo-variable containing the ip address.
  

• * hostname - string or pseudo-variable containing the hostname. The
  

•   resulting IP addresses from DNS query are compared with ipaddress.
  

• This function can be used from ANY_ROUTE.
• Example 1.11. dns_nc_match_ip usage

+... +if (!dns_nc_match_ip("myhost.com", "1.2.3.4")) {

• xdbg("ip address not associated with hostname\n");

+} +... diff --git a/modules/ipops/doc/ipops_admin.xml b/modules/ipops/doc/ipops_admin.xml index c7ce810..afb03d8 100644 --- a/modules/ipops/doc/ipops_admin.xml +++ b/modules/ipops/doc/ipops_admin.xml @@ -529,6 +529,51 @@ if (is_in_subnet("10.0.123.123", "10.0.123.1/24")) {

  </section>

• <section id="ipops.f.dns_nc_match_ip">

•  <title>
  

•    <function moreinfo="none">dns_nc_match_ip(hostname, ipaddr)</function>
  

•  </title>
  

•  <para>
  

•   Returns TRUE if ipaddr is associated by DNS to hostname. FALSE otherwise. It
  

•   does not use the internal DNS cache, but directly getaddrinfo(...).
  

•  </para>
  

•  <para>Parameters:</para>
  

•  <itemizedlist>
  

•    <listitem>
  

•      <para>
  

•        <emphasis>ipaddr</emphasis> - string or pseudo-variable containing the ip address.
  

•      </para>
  

•    </listitem>
  

•    <listitem>
  

•      <para>
  

• 	  <emphasis>hostname</emphasis> - string or pseudo-variable containing the hostname.
  

• 	  The resulting IP addresses from DNS query are compared with ipaddress.
  

•      </para>
  

•    </listitem>
  

•  </itemizedlist>
  

•  <para>
  

•    This function can be used from ANY_ROUTE.
  

•  </para>
  

•  <example>
  

•    <title>
  

•      <function>dns_nc_match_ip</function> usage
  

•    </title>
  

•    <programlisting format="linespecific">
  

+... +if (!dns_nc_match_ip("myhost.com", "1.2.3.4")) {

• xdbg("ip address not associated with hostname\n");

+} +...

•    </programlisting>
  

•  </example>
  

• </section>

• </section>

  </chapter>

diff --git a/modules/ipops/ipops_mod.c b/modules/ipops/ipops_mod.c index 164177b..d21546c 100644 --- a/modules/ipops/ipops_mod.c +++ b/modules/ipops/ipops_mod.c @@ -40,12 +40,16 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netdb.h> #include <arpa/inet.h> #include "../../sr_module.h" #include "../../dprint.h" #include "../../str.h" #include "../../mod_fix.h" #include "../../pvar.h" +#include "../../resolve.h" #include "api.h" #include "ip_parser.h" #include "rfc1918_parser.h" @@ -83,6 +87,7 @@ static int w_compare_ips(struct sip_msg*, char*, char*); static int w_compare_pure_ips(struct sip_msg*, char*, char*); static int w_is_ip_rfc1918(struct sip_msg*, char*); static int w_ip_is_in_subnet(struct sip_msg*, char*, char*); +static int w_dns_nc_match_ip(sip_msg_t*, char*, char*);

/* @@ -110,6 +115,8 @@ static cmd_export_t cmds[] = REQUEST_ROUTE|FAILURE_ROUTE|ONREPLY_ROUTE|BRANCH_ROUTE|LOCAL_ROUTE }, { "is_in_subnet", (cmd_function)w_ip_is_in_subnet, 2, fixup_spve_spve, 0, REQUEST_ROUTE|FAILURE_ROUTE|ONREPLY_ROUTE|BRANCH_ROUTE|LOCAL_ROUTE },

• { "dns_nc_match_ip", (cmd_function)w_dns_nc_match_ip, 2, fixup_spve_spve, 0,
• ANY_ROUTE }, { "bind_ipops", (cmd_function)bind_ipops, 0, 0, 0, 0}, { 0, 0, 0, 0, 0, 0 } };

@@ -596,3 +603,80 @@ static int w_is_ip_rfc1918(struct sip_msg* _msg, char* _s) else return -1; }

+static inline ip_addr_t *strtoipX(str *ips) +{

• /* try to figure out INET class */
• if(ips->s[0] == '[' || memchr(ips->s, ':', ips->len)!=NULL)
• {

• /* IPv6 */
  

• return str2ip6(ips);
  

• } else {

• /* IPv4 */
  

• return str2ip(ips);
  

• }

+}

+static int w_dns_nc_match_ip(sip_msg_t *msg, char *hnp, char *ipp) +{

• struct addrinfo hints, *res, *p;
• int status;
• ip_addr_t *ipa;
• void *addr;
• str hns;
• str ips;
• struct sockaddr_in *ipv4;
• struct sockaddr_in6 *ipv6;
• if (fixup_get_svalue(msg, (gparam_p)hnp, &hns))
• {

• LM_ERR("cannot evaluate hostname parameter\n");
  

• return -2;
  

• }
• if (fixup_get_svalue(msg, (gparam_p)ipp, &ips))
• {

• LM_ERR("cannot evaluate ip address parameter\n");
  

• return -2;
  

• }
• ipa = strtoipX(&ips);
• if(ipa==NULL)
• {

• LM_ERR("invalid ip address: %.*s\n", ips.len, ips.s);
  

• return -3;
  

• }
• memset(&hints, 0, sizeof(hints));
• hints.ai_family = AF_UNSPEC; /* allow any of AF_INET or AF_INET6 */
• if ((status = getaddrinfo(hns.s, NULL, &hints, &res)) != 0)
• {

•    LM_ERR("getaddrinfo: %s\n", gai_strerror(status));
  

•    return -2;
  

• }
• for(p = res;p != NULL; p = p->ai_next)
• {

• if(p->ai_family==ipa->af)
  

• {
  

• 	if (p->ai_family==AF_INET)
  

• 	{
  

• 		ipv4 = (struct sockaddr_in *)p->ai_addr;
  

• 		addr = &(ipv4->sin_addr);
  

• 	} else {
  

• 		ipv6 = (struct sockaddr_in6 *)p->ai_addr;
  

• 		addr = &(ipv6->sin6_addr);
  

• 	}
  

• 	if(memcmp(ipa->u.addr, addr, ipa->len)==0)
  

• 	{
  

• 		/* matched IP */
  

• 		freeaddrinfo(res);
  

• 		return 1;
  

• 	}
  

• }
  

• }
• freeaddrinfo(res);
• return -1;

+}

---

sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev