git.ipfire.org Git - thirdparty/asterisk.git/commit

author	Jaco Kroon <jaco@uls.co.za>
	Wed, 27 Nov 2019 13:54:39 +0000 (15:54 +0200)
committer	Jaco Kroon <jaco@uls.co.za>
	Tue, 17 Mar 2020 17:26:58 +0000 (12:26 -0500)
commit	c7c52b8e7ab2c4e1e27bd06b7c35a9ba96711bf2
tree	1b6c74e75e9de52eea79a145d6cd444e8cd89bb3	tree
parent	af414ef015a6427b34c8f942f8e525dcda277347	commit \| diff

res_rtp_asterisk: implement ACL mechanism for ICE and STUN addresses.

A pure blacklist is not good enough, we need a whitelist mechanism as
well, and the simplest way to do that is to re-use existing ACL
infrastructure.

This makes it simpler to blacklist say an entire block (/24) except a
smaller block (eg, a /29 or even a /32). Normally you'd need to
recursively split the block, so if you want to blacklist a /24 except
for a /29 you'd end up with a blacklit for a /25, /26, /27 and /28. I
feel that having an ACL instead of a blacklist only is clearer.

Change-Id: Id57a8df51fcfd3bd85ea67c489c85c6c3ecd7b30
Signed-off-by: Jaco Kroon <jaco@uls.co.za>

configs/samples/rtp.conf.sample		diff \| blob \| blame \| history
doc/CHANGES-staging/res_rtp_asterisk_cli.txt	[new file with mode: 0644]	blob
res/res_rtp_asterisk.c		diff \| blob \| blame \| history