TT#136601 lcr: source port check for from_any_gw() and from_gw()

A simple change, which allows to check, if a coming request matches not only by an IP address and a transport protocol, but also using the source port of a request. Improvements are done for the following functions of the lcr module: - from_any_gw() - from_gw() Back compatibility provided, hence it does not affect already existing behavior. Change-Id: Id0496fad75ce64f1abecaa4747b4a77ec6b87cbf
5 years ago · 672fc64db1
parent 788f229622
commit 672fc64db1
3 changed files with 388 additions and 0 deletions
--- a/debian/patches/series
+++ b/debian/patches/series
@ -38,6 +38,8 @@ sipwise/Revert-pua_dialoginfo-disable-publish-notifications-.patch
 ## upstream master
 upstream/pv_headers-fix-removal-of-all-values-on-when-using-P.patch
 upstream/pv_headers-pvh_set_header-remove-values-to-set-null-.patch
 upstream/lcr-source-port-check-for-from_any_gw-and-from_gw.patch
 upstream/lcr-remove-excessive-checks-for-the-src_port-accurac.patch
 ### relevant for upstream
 sipwise/pua_dialoginfo-refresh_pubruri_avps_flag.patch
 sipwise/pua_dialoginfo-local_identity_dlg_var.patch
--- a/debian/patches/upstream/lcr-remove-excessive-checks-for-the-src_port-accurac.patch
+++ b/debian/patches/upstream/lcr-remove-excessive-checks-for-the-src_port-accurac.patch
@ -0,0 +1,48 @@
 From 536736f2529f7554929f3aa6b74ac616c382bc6e Mon Sep 17 00:00:00 2001
 From: Donat Zenichev <dzenichev@sipwise.com>
 Date: Tue, 24 Aug 2021 18:50:16 +0300
 Subject: [PATCH 1/2] lcr: remove excessive checks for the 'src_port' accuracy
 Remove unneeded check for 'src_port' in:
 - ki_from_any_gw_addr()
 - ki_from_gw_addr()
 Which makes no sense because 'src_port' is of type 'unsigned int',
 and the check concerns whether it's less than 0 or not.
 ---
 src/modules/lcr/lcr_mod.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)
 diff --git a/src/modules/lcr/lcr_mod.c b/src/modules/lcr/lcr_mod.c
 index 858352f2c7..57b4021ac9 100644
 --- a/src/modules/lcr/lcr_mod.c
 +++ b/src/modules/lcr/lcr_mod.c
@@ -3093,9 +3093,9 @@ static int ki_from_gw_addr(
 		return -1;
 	}
 -	/* src_port set to 0 means we don't want to check it */
 -	if((src_port < 0) || (src_port > 65535)) {
 -		LM_ERR("invalid port parameter value %d\n", transport);
 +	/* src_port set to 0 is allowed and means we don't want to check it */
 +	if(src_port > 65535) {
 +		LM_ERR("invalid port parameter value %d\n", src_port);
 		return -1;
 	}
@@ -3215,9 +3215,9 @@ static int ki_from_any_gw_addr(sip_msg_t *_m, str *addr_str, int transport, unsi
 		return -1;
 	}
 -	/* src_port set to 0 means we don't want to check it */
 -	if((src_port < 0) || (src_port > 65535)) {
 -		LM_ERR("invalid port parameter value %d\n", transport);
 +	/* src_port set to 0 is allowed and means we don't want to check it */
 +	if(src_port > 65535) {
 +		LM_ERR("invalid port parameter value %d\n", src_port);
 		return -1;
 	}
 -- 
 2.25.1
--- a/debian/patches/upstream/lcr-source-port-check-for-from_any_gw-and-from_gw.patch
+++ b/debian/patches/upstream/lcr-source-port-check-for-from_any_gw-and-from_gw.patch
@ -0,0 +1,338 @@
 From 9115d74b33aefb0febad7c7fffe7d184e4066b77 Mon Sep 17 00:00:00 2001
 From: Donat Zenichev <dzenichev@sipwise.com>
 Date: Mon, 23 Aug 2021 21:50:50 +0300
 Subject: [PATCH 2/2] lcr: source port check for from_any_gw() and from_gw().
 A simple change, which allows to check, if a coming request matches
 not only by an IP address and a transport protocol,
 but also using the source port of a request.
 Improvements are done for the following functions of the lcr module:
 - from_any_gw()
 - from_gw()
 Back compatibility provided, hence it does not affect already existing behavior.
 ---
 src/modules/lcr/doc/lcr_admin.xml |  31 ++++----
 src/modules/lcr/lcr_mod.c         | 116 +++++++++++++++++++++++++-----
 2 files changed, 116 insertions(+), 31 deletions(-)
 diff --git a/src/modules/lcr/doc/lcr_admin.xml b/src/modules/lcr/doc/lcr_admin.xml
 index 2c5bfb0d85..f6461e1a24 100644
 --- a/src/modules/lcr/doc/lcr_admin.xml
 +++ b/src/modules/lcr/doc/lcr_admin.xml
@@ -1425,16 +1425,16 @@ defunct_gw(60);
 	<section id="lcr.f.from_gw">
 		<title>
 -		<function moreinfo="none">from_gw(lcr_id[, ip_addr, proto])</function>
 +		<function moreinfo="none">from_gw(lcr_id[, ip_addr, proto[, src_port]])</function>
 		</title>
 		<para>
 -		Checks if request comes from IP address and transport protocol
 +		Checks if request comes from IP address, transport protocol and source port
 		specified for a gateway in LCR instance lcr_id.
 		Fails if the LCR instance includes
 		one or more gateways without IP address.
 -		IP address and transport protocol to be checked are either
 -		taken from source IP address of the request or
 -		(if present) from ip_addr and proto arguments.
 +		IP address, transport protocol and source port to be checked are either
 +		taken from source IP address and port of the request or
 +		(if present) from ip_addr, proto and src_port arguments.
 		</para>
 		<para>
 		lcr_id can be an integer constant or a pseudo variable
@@ -1442,7 +1442,8 @@ defunct_gw(60);
 		variable holding a string value.  proto can be an integer
 		constant (0 = ANY, 1 = UDP, 2 = TCP,
 		3 = TLS, 4 = SCTP) or a pseudo variable holding such an
 -		integer value.
 +		integer value. src_port can be an integer or a pseudo variable
 +		holding such an integer value.
 		</para>
 		<para>
 		If request comes from a gateway, gateway's tag and flags are
@@ -1466,7 +1467,7 @@ defunct_gw(60);
 		<title><function>from_gw</function> usage</title>
 		<programlisting format="linespecific">
 ...
 -if (from_gw(1, $avp(real_source_addr), 2) {
 +if (from_gw(1, $avp(real_source_addr), 2, 5060) {
 	...
 };
 ...
@@ -1476,21 +1477,21 @@ if (from_gw(1, $avp(real_source_addr), 2) {
 	<section id="lcr.f.from_any_gw">
 		<title>
 -		<function moreinfo="none">from_any_gw([ip_addr, proto])</function>
 +		<function moreinfo="none">from_any_gw([ip_addr, proto[, src_port]])</function>
 		</title>
 		<para>
 -		Checks if request comes from IP address and transport
 -		protocol specified for any gateway.  Only LCR instances,
 +		Checks if request comes from IP address, transport protocol and source port
 +		specified for any gateway.  Only LCR instances,
 		where all gateways
 		have IP address, are included in the test.
 -		IP address and transport protocol to be checked are either
 -		taken from source IP address and transport protocol
 +		IP address, transport protocol and source port to be checked are either
 +		taken from source IP address, transport protocol and source port
 		of the request or
 -		(if present) from ip_addr and proto arguments.  See from_gw()
 +		(if present) from ip_addr, proto and src_port arguments.  See from_gw()
 		function for more info about the arguments.
 		</para>
 		<para>
 -		If any gateway has the IP address and transport protocol,
 +		If any gateway has the IP address, transport protocol and source port,
 		function returns LCR
 		identifier of the gateway.  Returns -1 on error or if
 		the request does not come from a gateway.
@@ -1515,7 +1516,7 @@ if (from_gw(1, $avp(real_source_addr), 2) {
 		<title><function>from_gw</function> usage</title>
 		<programlisting format="linespecific">
 ...
 -$var(lcr_id) = from_any_gw("192.168.1.1", 3);
 +$var(lcr_id) = from_any_gw("192.168.1.1", 3, 5061);
 ...
 </programlisting>
 		</example>
 diff --git a/src/modules/lcr/lcr_mod.c b/src/modules/lcr/lcr_mod.c
 index 579ec06d4d..858352f2c7 100644
 --- a/src/modules/lcr/lcr_mod.c
 +++ b/src/modules/lcr/lcr_mod.c
@@ -260,8 +260,10 @@ static int inactivate_gw(struct sip_msg *_m, char *_s1, char *_s2);
 static int defunct_gw(struct sip_msg *_m, char *_s1, char *_s2);
 static int from_gw_1(struct sip_msg *_m, char *_s1, char *_s2);
 static int from_gw_3(struct sip_msg *_m, char *_s1, char *_s2, char *_s3);
 +static int from_gw_4(struct sip_msg *_m, char *_s1, char *_s2, char *_s3, char *_s4);
 static int from_any_gw_0(struct sip_msg *_m, char *_s1, char *_s2);
 static int from_any_gw_2(struct sip_msg *_m, char *_s1, char *_s2);
 +static int from_any_gw_3(struct sip_msg *_m, char *_s1, char *_s2, char *_s3);
 static int to_gw_1(struct sip_msg *_m, char *_s1, char *_s2);
 static int to_gw_3(struct sip_msg *_m, char *_s1, char *_s2, char *_s3);
 static int to_any_gw_0(struct sip_msg *_m, char *_s1, char *_s2);
@@ -283,10 +285,14 @@ static cmd_export_t cmds[] = {
      REQUEST_ROUTE | FAILURE_ROUTE | ONREPLY_ROUTE},
     {"from_gw", (cmd_function)from_gw_3, 3, 0, 0,
      REQUEST_ROUTE | FAILURE_ROUTE | ONREPLY_ROUTE},
 +	{"from_gw", (cmd_function)from_gw_4, 4, 0, 0,
 +	 REQUEST_ROUTE | FAILURE_ROUTE | ONREPLY_ROUTE},
     {"from_any_gw", (cmd_function)from_any_gw_0, 0, 0, 0,
      REQUEST_ROUTE | FAILURE_ROUTE | ONREPLY_ROUTE},
     {"from_any_gw", (cmd_function)from_any_gw_2, 2, 0, 0,
      REQUEST_ROUTE | FAILURE_ROUTE | ONREPLY_ROUTE},
 +	{"from_any_gw", (cmd_function)from_any_gw_3, 3, 0, 0,
 +	 REQUEST_ROUTE | FAILURE_ROUTE | ONREPLY_ROUTE},
     {"to_gw", (cmd_function)to_gw_1, 1, 0, 0,
      REQUEST_ROUTE | FAILURE_ROUTE | ONREPLY_ROUTE},
     {"to_gw", (cmd_function)to_gw_3, 3, 0, 0,
@@ -2978,7 +2984,7 @@ static int next_gw(struct sip_msg *_m, char *_s1, char *_s2)
  * Checks if request comes from ip address of a gateway
  */
 static int do_from_gw(struct sip_msg *_m, unsigned int lcr_id,
 -		struct ip_addr *src_addr, uri_transport transport)
 +		struct ip_addr *src_addr, uri_transport transport, unsigned int src_port)
 {
 	struct gw_info *res, gw, *gws;
 	int_str val;
@@ -2997,9 +3003,10 @@ static int do_from_gw(struct sip_msg *_m, unsigned int lcr_id,
 			sizeof(struct gw_info), comp_gws);
 	/* Store tag and flags and return result */
 -	if((res != NULL) && ((transport == PROTO_NONE)
 -								|| (res->transport_code == transport))) {
 -		LM_DBG("request game from gw\n");
 +	if((res != NULL)
 +					&& ((transport == PROTO_NONE) || (res->transport_code == transport))
 +					&& ((src_port == 0) || (res->port == src_port))) {
 +		LM_DBG("request came from gw\n");
 		if(tag_avp_param) {
 			val.s.s = res->tag;
 			val.s.len = res->tag_len;
@@ -3021,22 +3028,24 @@ static int do_from_gw(struct sip_msg *_m, unsigned int lcr_id,
 /*
  * Checks if request comes from ip address of a gateway taking source
 - * address and transport protocol from request.
 + * address, transport protocol and source port from request.
  */
 static int ki_from_gw(sip_msg_t *_m, int lcr_id)
 {
 	uri_transport transport;
 +	unsigned int src_port;
 	if((lcr_id < 1) || (lcr_id > lcr_count_param)) {
 		LM_ERR("invalid lcr_id parameter value %d\n", lcr_id);
 		return -1;
 	}
 -	/* Get transport protocol */
 +	/* Get transport protocol and port */
 	transport = _m->rcv.proto;
 +	src_port = _m->rcv.src_port;
 	/* Do test */
 -	return do_from_gw(_m, lcr_id, &_m->rcv.src_ip, transport);
 +	return do_from_gw(_m, lcr_id, &_m->rcv.src_ip, transport, src_port);
 }
 static int from_gw_1(struct sip_msg *_m, char *_lcr_id, char *_s2)
@@ -3056,10 +3065,10 @@ static int from_gw_1(struct sip_msg *_m, char *_lcr_id, char *_s2)
 /*
  * Checks if request comes from ip address of a gateway taking source
 - * address and transport protocol from parameters
 + * address, transport protocol and source port from parameters.
  */
 static int ki_from_gw_addr(
 -		sip_msg_t *_m, int lcr_id, str *addr_str, int transport)
 +		sip_msg_t *_m, int lcr_id, str *addr_str, int transport, unsigned int src_port)
 {
 	struct ip_addr src_addr;
 	struct ip_addr *ip;
@@ -3084,8 +3093,14 @@ static int ki_from_gw_addr(
 		return -1;
 	}
 +	/* src_port set to 0 means we don't want to check it */
 +	if((src_port < 0) || (src_port > 65535)) {
 +		LM_ERR("invalid port parameter value %d\n", transport);
 +		return -1;
 +	}
 +
 	/* Do test */
 -	return do_from_gw(_m, lcr_id, &src_addr, transport);
 +	return do_from_gw(_m, lcr_id, &src_addr, transport, src_port);
 }
 static int from_gw_3(
@@ -3112,7 +3127,41 @@ static int from_gw_3(
 		return -1;
 	}
 -	return ki_from_gw_addr(_m, lcr_id, &addr_str, transport);
 +	return ki_from_gw_addr(_m, lcr_id, &addr_str, transport, 0);
 +}
 +
 +static int from_gw_4(
 +		struct sip_msg *_m, char *_lcr_id, char *_addr, char *_transport, char *_src_port)
 +{
 +	int lcr_id;
 +	str addr_str;
 +	char *tmp;
 +	uri_transport transport;
 +	unsigned int src_port;
 +
 +	/* Get and check parameter values */
 +	lcr_id = strtol(_lcr_id, &tmp, 10);
 +	if((tmp == 0) || (*tmp) || (tmp == _lcr_id)) {
 +		LM_ERR("invalid lcr_id parameter %s\n", _lcr_id);
 +		return -1;
 +	}
 +
 +	addr_str.s = _addr;
 +	addr_str.len = strlen(_addr);
 +
 +	transport = strtol(_transport, &tmp, 10);
 +	if((tmp == 0) || (*tmp) || (tmp == _transport)) {
 +		LM_ERR("invalid transport parameter %s\n", _lcr_id);
 +		return -1;
 +	}
 +	tmp=0;
 +	src_port = strtol(_src_port, &tmp, 10);
 +	if((tmp == 0) || (*tmp) || (tmp == _src_port)) {
 +		LM_ERR("invalid port parameter %s\n", _src_port);
 +		return -1;
 +	}
 +
 +	return ki_from_gw_addr(_m, lcr_id, &addr_str, transport, src_port);
 }
 /*
@@ -3123,11 +3172,14 @@ static int ki_from_any_gw(sip_msg_t *_m)
 {
 	unsigned int i;
 	uri_transport transport;
 +	unsigned int src_port;
 +	/* Get transport protocol and port */
 	transport = _m->rcv.proto;
 +	src_port = _m->rcv.src_port;
 	for(i = 1; i <= lcr_count_param; i++) {
 -		if(do_from_gw(_m, i, &_m->rcv.src_ip, transport) == 1) {
 +		if(do_from_gw(_m, i, &_m->rcv.src_ip, transport, src_port) == 1) {
 			return i;
 		}
 	}
@@ -3141,9 +3193,9 @@ static int from_any_gw_0(struct sip_msg *_m, char *_s1, char *_s2)
 /*
  * Checks if request comes from ip address of a a gateway taking source
 - * IP address and transport protocol from parameters.
 + * IP address, transport protocol and source port from parameters.
  */
 -static int ki_from_any_gw_addr(sip_msg_t *_m, str *addr_str, int transport)
 +static int ki_from_any_gw_addr(sip_msg_t *_m, str *addr_str, int transport, unsigned int src_port)
 {
 	unsigned int i;
 	struct ip_addr *ip, src_addr;
@@ -3163,9 +3215,15 @@ static int ki_from_any_gw_addr(sip_msg_t *_m, str *addr_str, int transport)
 		return -1;
 	}
 +	/* src_port set to 0 means we don't want to check it */
 +	if((src_port < 0) || (src_port > 65535)) {
 +		LM_ERR("invalid port parameter value %d\n", transport);
 +		return -1;
 +	}
 +
 	/* Do test */
 	for(i = 1; i <= lcr_count_param; i++) {
 -		if(do_from_gw(_m, i, &src_addr, transport) == 1) {
 +		if(do_from_gw(_m, i, &src_addr, transport, src_port) == 1) {
 			return i;
 		}
 	}
@@ -3188,7 +3246,33 @@ static int from_any_gw_2(struct sip_msg *_m, char *_addr, char *_transport)
 		return -1;
 	}
 -	return ki_from_any_gw_addr(_m, &addr_str, transport);
 +	return ki_from_any_gw_addr(_m, &addr_str, transport, 0);
 +}
 +
 +static int from_any_gw_3(struct sip_msg *_m, char *_addr, char *_transport, char *_src_port)
 +{
 +	str addr_str;
 +	uri_transport transport;
 +	unsigned int src_port;
 +	char *tmp;
 +
 +	/* Get and check parameter values */
 +	addr_str.s = _addr;
 +	addr_str.len = strlen(_addr);
 +
 +	transport = strtol(_transport, &tmp, 10);
 +	if((tmp == 0) || (*tmp) || (tmp == _transport)) {
 +		LM_ERR("invalid transport parameter %s\n", _transport);
 +		return -1;
 +	}
 +	tmp=0;
 +	src_port = strtol(_src_port, &tmp, 10);
 +	if((tmp == 0) || (*tmp) || (tmp == _src_port)) {
 +		LM_ERR("invalid port parameter %s\n", _src_port);
 +		return -1;
 +	}
 +
 +	return ki_from_any_gw_addr(_m, &addr_str, transport, src_port);
 }
 /*
 -- 
 2.25.1