From 1b777d8946d324ea14ae42b42688d5581a3aad06 Mon Sep 17 00:00:00 2001 From: Rusty Newton Date: Thu, 12 Sep 2013 23:23:12 +0000 Subject: [PATCH] Documentation fix and improvements to XML configuration help res_pjsip_acl * One bug fix. Made the synopsis for "type" to accurate. * changing the usage of "IP-domains" to "IP addresses" * clarifying the usage for the options, by adding a relevant description for each * modified other areas of the XML help for clarity, such as the module description and a few synopsis changes here and there. See the patch. (issue ASTERISK-22458) (closes issue ASTERISK-22458) Reported By: Rusty Newton Review: https://reviewboard.asterisk.org/r/2823/ ........ Merged revisions 399017 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@399018 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- res/res_pjsip_acl.c | 62 +++++++++++++++++++++++++++++++++------------ 1 file changed, 46 insertions(+), 16 deletions(-) diff --git a/res/res_pjsip_acl.c b/res/res_pjsip_acl.c index c44704cf5c..7046cde5de 100644 --- a/res/res_pjsip_acl.c +++ b/res/res_pjsip_acl.c @@ -37,47 +37,77 @@ SIP ACL module ACL - - The ACL module used by res_pjsip. This module is + + The ACL module used by res_pjsip. This module is independent of endpoints and operates on all inbound SIP communication using res_pjsip. - It should be noted that this module can also reference ACLs from - acl.conf. + There are two main ways of defining your ACL with the options + provided. You can use the permit and deny options + which act on IP addresses, or the contactpermit + and contactdeny options which act on Contact header + addresses in incoming REGISTER requests. You can combine the various options to + create a mixed ACL. - There are two main ways of creating an access list: IP-Domain - and Contact Header. It is possible to create a combined ACL using - both IP and Contact. + Additionally, instead of defining an ACL with options, you can reference IP or + Contact header ACLs from the file acl.conf by using the acl + or contactacl options. Access Control List - Name of IP ACL + List of IP ACL section names in acl.conf - This matches sections configured in acl.conf + This matches sections configured in acl.conf. The value is + defined as a list of comma-delimited section names. - Name of Contact ACL + List of Contact ACL section names in acl.conf - This matches sections configured in acl.conf + This matches sections configured in acl.conf. The value is + defined as a list of comma-delimited section names. - List of Contact Header addresses to Deny + List of Contact header addresses to deny + + The value is a comma-delimited list of IP addresses. IP addresses may + have a subnet mask appended. The subnet mask may be written in either + CIDR or dotted-decimal notation. Separate the IP address and subnet + mask with a slash ('/') + - List of Contact Header addresses to Permit + List of Contact header addresses to permit + + The value is a comma-delimited list of IP addresses. IP addresses may + have a subnet mask appended. The subnet mask may be written in either + CIDR or dotted-decimal notation. Separate the IP address and subnet + mask with a slash ('/') + - List of IP-domains to deny access from + List of IP addresses to deny access from + + The value is a comma-delimited list of IP addresses. IP addresses may + have a subnet mask appended. The subnet mask may be written in either + CIDR or dotted-decimal notation. Separate the IP address and subnet + mask with a slash ('/') + - List of IP-domains to allow access from + List of IP addresses to permit access from + + The value is a comma-delimited list of IP addresses. IP addresses may + have a subnet mask appended. The subnet mask may be written in either + CIDR or dotted-decimal notation. Separate the IP address and subnet + mask with a slash ('/') + - Must be of type 'security'. + Must be of type 'acl'.