mirror of
https://github.com/openwrt/telephony.git
synced 2025-12-22 01:44:35 +04:00
dec6316f2f
Patches taken from [1]. [1] https://github.com/wireapp/restund/pull/7 Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
53 lines
1.4 KiB
Diff
53 lines
1.4 KiB
Diff
From 955064fc220b5739010a2e207a8561ea44f974d3 Mon Sep 17 00:00:00 2001
|
|
From: Dusan Stevanovic <dule@wire.com>
|
|
Date: Thu, 11 Mar 2021 13:15:27 +0100
|
|
Subject: [PATCH] turn: block whole loopback range, also block broadcast
|
|
|
|
---
|
|
modules/turn/turn.c | 20 ++++++++++++++++++--
|
|
1 file changed, 18 insertions(+), 2 deletions(-)
|
|
|
|
--- a/modules/turn/turn.c
|
|
+++ b/modules/turn/turn.c
|
|
@@ -144,6 +144,22 @@ static bool request_handler(struct restu
|
|
return true;
|
|
}
|
|
|
|
+static inline bool is_loopback(const struct sa *sa)
|
|
+{
|
|
+ return (ntohl(sa->u.in.sin_addr.s_addr) & 0xffffff00) == 0x7f000000;
|
|
+}
|
|
+
|
|
+static inline bool is_broadcast(const struct sa *sa)
|
|
+{
|
|
+ return ntohl(sa->u.in.sin_addr.s_addr) == 0xffffffff;
|
|
+}
|
|
+
|
|
+static inline bool is_blocked(const struct sa *sa)
|
|
+{
|
|
+ return is_loopback(sa) || is_broadcast(sa)
|
|
+ || sa_is_any(sa) || sa_is_linklocal(sa);
|
|
+
|
|
+}
|
|
|
|
static bool indication_handler(struct restund_msgctx *ctx, int proto,
|
|
void *sock, const struct sa *src,
|
|
@@ -181,7 +197,7 @@ static bool indication_handler(struct re
|
|
return true;
|
|
}
|
|
|
|
- if (sa_is_loopback(psa) || sa_is_any(psa) || sa_is_linklocal(psa))
|
|
+ if (is_blocked(psa))
|
|
err = EPERM;
|
|
else
|
|
err = udp_send(al->rel_us, psa, &data->v.data);
|
|
@@ -234,7 +250,7 @@ static bool raw_handler(int proto, const
|
|
|
|
mb->end = mb->pos + len;
|
|
|
|
- if (sa_is_loopback(psa) || sa_is_any(psa) || sa_is_linklocal(psa))
|
|
+ if (is_blocked(psa))
|
|
err = EPERM;
|
|
else
|
|
err = udp_send(al->rel_us, psa, mb);
|