FS-7587 Add ipv6 support to Verto / Websockets

3b2d00f3 · Anthony Minessale · 55a95578 · 3b2d00f3 · 3b2d00f3 · 3b2d00f3
--- a/conf/vanilla/autoload_configs/verto.conf.xml
+++ b/conf/vanilla/autoload_configs/verto.conf.xml
@@ -5,9 +5,9 @@
  </settings>
  <profiles>
-    <profile name="mine">
+    <profile name="default-v4">
-      <param name="bind-local" value="0.0.0.0:8081"/>
+      <param name="bind-local" value="$${local_ip_v4}:8081"/>
-      <param name="bind-local" value="0.0.0.0:8082" secure="true"/>
+      <param name="bind-local" value="$${local_ip_v4}:8082" secure="true"/>
      <param name="force-register-domain" value="$${domain}"/>
      <param name="secure-combined" value="$${certs_dir}/wss.pem"/>
      <param name="secure-chain" value="$${certs_dir}/wss.pem"/>
@@ -21,7 +21,28 @@
      <param name="local-network" value="localnet.auto"/>
      <param name="outbound-codec-string" value="opus,vp8"/>
      <param name="inbound-codec-string" value="opus,vp8"/>
-      <param name="apply-candidate-acl" value="wan.auto"/>
+      <param name="apply-candidate-acl" value="wan_v4.auto"/>
+      <param name="timer-name" value="soft"/>
+    </profile>
+    <profile name="default-v6">
+      <param name="bind-local" value="[$${local_ip_v6}]:8081"/>
+      <param name="bind-local" value="[$${local_ip_v6}]:8082" secure="true"/>
+      <param name="force-register-domain" value="$${domain}"/>
+      <param name="secure-combined" value="$${certs_dir}/wss.pem"/>
+      <param name="secure-chain" value="$${certs_dir}/wss.pem"/>
+      <param name="userauth" value="true"/>
+      <!-- setting this to true will allow anyone to register even with no account so use with care -->
+      <param name="blind-reg" value="false"/>
+      <param name="mcast-ip" value="ff02::1"/>
+      <param name="mcast-port" value="1337"/>
+      <param name="rtp-ip" value="$${local_ip_v6}"/>
+      <!--  <param name="ext-rtp-ip" value=""/> -->
+      <param name="local-network" value="localnet.auto"/>
+      <param name="outbound-codec-string" value="opus,vp8"/>
+      <param name="inbound-codec-string" value="opus,vp8"/>
+      <param name="apply-candidate-acl" value="wan_v6.auto"/>
      <param name="timer-name" value="soft"/>
    </profile>

--- a/src/include/switch_core_media.h
+++ b/src/include/switch_core_media.h
@@ -125,6 +125,9 @@ typedef struct switch_core_media_params_s {
 	char *extrtpip;
 	char *rtpip;
+	char *rtpip4;
+	char *rtpip6;
 	char *remote_ip;
 	int remote_port;

--- a/src/include/switch_rtp.h
+++ b/src/include/switch_rtp.h
@@ -105,6 +105,7 @@ typedef struct ice_s {
 	icand_t cands[MAX_CAND][2];
 	int cand_idx;
 	int chosen[2];
+	int is_chosen[2];
 	char *ufrag;
 	char *pwd;
 	char *options;

--- a/src/mod/endpoints/mod_verto/mcast/mcast.c
+++ b/src/mod/endpoints/mod_verto/mcast/mcast.c
@@ -58,16 +58,29 @@
 int mcast_socket_create(const char *host, int16_t port, mcast_handle_t *handle, mcast_flag_t flags)
 {
 	uint32_t one = 1;
+	int family = AF_INET;
 	memset(handle, 0, sizeof(*handle));
-	if ((!(flags & MCAST_SEND) && !(flags & MCAST_RECV)) || (handle->sock = socket(AF_INET, SOCK_DGRAM, 0)) <= 0 ) {
+	if (strchr(host, ':')) { 
+		family = AF_INET6;
+	}
+	if ((!(flags & MCAST_SEND) && !(flags & MCAST_RECV)) || (handle->sock = socket(family, SOCK_DGRAM, 0)) <= 0 ) {
 		return -1;
 	}
+	if (family == AF_INET6) {
+		handle->send_addr6.sin6_family = AF_INET6;
+		handle->send_addr6.sin6_port = htons(port);
+		inet_pton(AF_INET6, host, &(handle->send_addr6.sin6_addr));
+		handle->family = AF_INET6;
+	} else {
 		handle->send_addr.sin_family = AF_INET;
 		handle->send_addr.sin_addr.s_addr = inet_addr(host);
 		handle->send_addr.sin_port = htons(port);
+		handle->family = AF_INET;
+	}
 	if ( setsockopt(handle->sock, SOL_SOCKET, SO_REUSEADDR, (void *)&one, sizeof(one)) != 0 ) {
 		close(handle->sock);
@@ -76,6 +89,7 @@ int mcast_socket_create(const char *host, int16_t port, mcast_handle_t *handle,
 	if ((flags & MCAST_RECV)) {
+		if (handle->family == AF_INET) {
 			struct ip_mreq mreq;
 			handle->recv_addr.sin_family = AF_INET;
@@ -97,7 +111,39 @@ int mcast_socket_create(const char *host, int16_t port, mcast_handle_t *handle,
 				return -1;
 			}
+		} else {
+			struct ipv6_mreq mreq;
+			struct addrinfo addr_criteria;
+			struct addrinfo *mcast_addr;
+			char service[80] = "";
+			memset(&addr_criteria, 0, sizeof(addr_criteria));
+			addr_criteria.ai_family = AF_UNSPEC;
+			addr_criteria.ai_socktype = SOCK_DGRAM;
+			addr_criteria.ai_protocol = IPPROTO_UDP;
+			addr_criteria.ai_flags |= AI_NUMERICHOST;
+			snprintf(service, sizeof(service), "%d", port);
+			getaddrinfo(host, service, &addr_criteria, &mcast_addr);
+			memset(&handle->recv_addr6, 0, sizeof(handle->recv_addr6));
+			handle->recv_addr6.sin6_family = AF_INET6;
+			handle->recv_addr6.sin6_port = htons(port);
+			inet_pton(AF_INET6, "::0", &(handle->recv_addr6.sin6_addr));
+			memcpy(&mreq.ipv6mr_multiaddr, &((struct sockaddr_in6 *)mcast_addr->ai_addr)->sin6_addr,  sizeof(struct in6_addr));
+			mreq.ipv6mr_interface = 0;
+			setsockopt(handle->sock, IPPROTO_IPV6, IPV6_JOIN_GROUP, &mreq, sizeof(mreq));
+			if (bind(handle->sock, (struct sockaddr *) &handle->recv_addr6, sizeof(handle->recv_addr6)) < 0) {
+				printf("FUCK (%s) %s\n", host, strerror(errno));
+				close(handle->sock);
+				handle->sock = -1;
+				return -1;
+			}
+		}
 	}
 	handle->ttl = 1;
@@ -155,7 +201,11 @@ ssize_t mcast_socket_send(mcast_handle_t *handle, void *data, size_t datalen)
 		datalen = sizeof(handle->buffer);
 	}
+	if (handle->family == AF_INET6) {
+		return sendto(handle->sock, data, datalen, 0, (struct sockaddr *) &handle->send_addr6, sizeof(handle->send_addr6));
+	} else {
 		return sendto(handle->sock, data, datalen, 0, (struct sockaddr *) &handle->send_addr, sizeof(handle->send_addr));
+	}
 }
 ssize_t mcast_socket_recv(mcast_handle_t *handle, void *data, size_t datalen, int ms)
@@ -175,6 +225,9 @@ ssize_t mcast_socket_recv(mcast_handle_t *handle, void *data, size_t datalen, in
 		}
 	}
+	if (handle->family == AF_INET6) {
+		return recvfrom(handle->sock, data, datalen, 0, (struct sockaddr *) &handle->recv_addr6, &addrlen);
+	} else {
 		return recvfrom(handle->sock, data, datalen, 0, (struct sockaddr *) &handle->recv_addr, &addrlen);
+	}
 }
--- a/src/mod/endpoints/mod_verto/mcast/mcast.h
+++ b/src/mod/endpoints/mod_verto/mcast/mcast.h
@@ -71,6 +71,9 @@ typedef struct {
 	unsigned char ttl;
 	struct sockaddr_in send_addr;
 	struct sockaddr_in recv_addr;
+	struct sockaddr_in6 send_addr6;
+	struct sockaddr_in6 recv_addr6;
+	int family;
 	unsigned char buffer[65536];
 	int ready;
 } mcast_handle_t;

--- a/src/mod/endpoints/mod_verto/mod_verto.c
+++ b/src/mod/endpoints/mod_verto/mod_verto.c
--- a/src/mod/endpoints/mod_verto/mod_verto.h
+++ b/src/mod/endpoints/mod_verto/mod_verto.h
@@ -106,9 +106,8 @@ struct jsock_s {
 	unsigned char buf[65535];
 	char *name;
 	jsock_type_t ptype;
-	struct sockaddr_in local_addr;
 	struct sockaddr_in remote_addr;
-	struct sockaddr_in send_addr;
+	struct sockaddr_in6 remote_addr6;
 #ifndef WIN32
 	struct passwd pw;
 #endif
@@ -132,6 +131,11 @@ struct jsock_s {
 	char *dialplan;
 	char *context;
+	char remote_host[256];
+	int remote_port;
+	int family;
 	struct verto_profile_s *profile;
 	switch_thread_rwlock_t *rwlock;
@@ -155,12 +159,12 @@ typedef struct jsock_s jsock_t;
 #define MAX_BIND 25
 #define MAX_RTPIP 25
-struct ips {
+typedef struct ips {
 	char local_ip[256];
-	in_addr_t local_ip_addr;
 	uint16_t local_port;
 	int secure;
-};
+	int family;
+} ips_t;
 typedef enum {
 	TFLAG_SENT_MEDIA = (1 << 0),
@@ -240,6 +244,10 @@ struct verto_profile_s {
 	int rtpip_index;
 	int rtpip_cur;
+	char *rtpip6[MAX_RTPIP];
+	int rtpip_index6;
+	int rtpip_cur6;
 	char *cand_acl[SWITCH_MAX_CAND_ACL];
 	uint32_t cand_acl_count;

--- a/src/mod/endpoints/mod_verto/ws.c
+++ b/src/mod/endpoints/mod_verto/ws.c
@@ -691,6 +691,7 @@ ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data)
 	ssize_t need = 2;
 	char *maskp;
 	int ll = 0;
+	int frag = 0;
 again:
 	need = 2;
@@ -741,9 +742,17 @@ ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data)
 	case WSOC_PING:
 	case WSOC_PONG:
 		{
-			//int fin = (wsh->buffer[0] >> 7) & 1;
+			int fin = (wsh->buffer[0] >> 7) & 1;
 			int mask = (wsh->buffer[1] >> 7) & 1;
+			if (fin) {
+				if (*oc == WSOC_CONTINUATION) {
+					frag = 1;
+				} else {
+					frag = 0;
+				}
+			}
 			if (mask) {
 				need += 4;
@@ -838,6 +847,10 @@ ssize_t ws_read_frame(wsh_t *wsh, ws_opcode_t *oc, uint8_t **data)
 				goto again;
 			}
+			if (frag) {
+				goto again;
+			}
 			*(wsh->payload+wsh->rplen) = '\0';
 			*data = (uint8_t *)wsh->payload;

--- a/src/switch_core.c
+++ b/src/switch_core.c
@@ -1331,9 +1331,14 @@ SWITCH_DECLARE(switch_bool_t) switch_check_network_list_ip_token(const char *ip_
 			free(list_name_dup);
 		} else {
 			switch_parse_cidr(list_name, &net, &mask, &bits);
+			if (ipv6) {
+				ok = switch_testv6_subnet(ip, net, mask);
+			} else {
 				ok = switch_test_subnet(ip.v4, net.v4, mask.v4);
 			}
 		}
+	}
 	switch_mutex_unlock(runtime.global_mutex);
 	return ok;
@@ -1395,6 +1400,26 @@ SWITCH_DECLARE(void) switch_load_network_lists(switch_bool_t reload)
 	switch_network_list_add_cidr(rfc_list, "fe80::/10", SWITCH_FALSE);
 	switch_core_hash_insert(IP_LIST.hash, tmp_name, rfc_list);
+	tmp_name = "wan_v6.auto";
+	switch_network_list_create(&rfc_list, tmp_name, SWITCH_TRUE, IP_LIST.pool);
+	switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_NOTICE, "Created ip list %s default (allow)\n", tmp_name);
+	switch_network_list_add_cidr(rfc_list, "0.0.0.0/0", SWITCH_FALSE);
+	switch_network_list_add_cidr(rfc_list, "fe80::/10", SWITCH_FALSE);
+	switch_core_hash_insert(IP_LIST.hash, tmp_name, rfc_list);
+	tmp_name = "wan_v4.auto";
+	switch_network_list_create(&rfc_list, tmp_name, SWITCH_TRUE, IP_LIST.pool);
+	switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_NOTICE, "Created ip list %s default (allow)\n", tmp_name);
+	switch_network_list_add_cidr(rfc_list, "0.0.0.0/8", SWITCH_FALSE);
+	switch_network_list_add_cidr(rfc_list, "10.0.0.0/8", SWITCH_FALSE);
+	switch_network_list_add_cidr(rfc_list, "172.16.0.0/12", SWITCH_FALSE);
+	switch_network_list_add_cidr(rfc_list, "192.168.0.0/16", SWITCH_FALSE);
+	switch_network_list_add_cidr(rfc_list, "169.254.0.0/16", SWITCH_FALSE);
+	switch_network_list_add_cidr(rfc_list, "::/0", SWITCH_FALSE);
+	switch_core_hash_insert(IP_LIST.hash, tmp_name, rfc_list);
 	tmp_name = "nat.auto";
 	switch_network_list_create(&rfc_list, tmp_name, SWITCH_FALSE, IP_LIST.pool);
 	switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_NOTICE, "Created ip list %s default (deny)\n", tmp_name);

--- a/src/switch_core_media.c
+++ b/src/switch_core_media.c
--- a/src/switch_utils.c
+++ b/src/switch_utils.c
@@ -431,7 +431,8 @@ SWITCH_DECLARE(switch_bool_t) switch_network_list_validate_ip6_token(switch_netw
 	for (node = list->node_head; node; node = node->next) {
 		if (node->family == AF_INET) continue;
-		if (node->bits > bits && switch_testv6_subnet(ip, node->ip, node->mask)) {
+		if (node->bits >= bits && switch_testv6_subnet(ip, node->ip, node->mask)) {
 			if (node->ok) {
 				ok = SWITCH_TRUE;
 			} else {
@@ -457,7 +458,7 @@ SWITCH_DECLARE(switch_bool_t) switch_network_list_validate_ip_token(switch_netwo
 	for (node = list->node_head; node; node = node->next) {
 		if (node->family == AF_INET6) continue; /* want AF_INET */
-		if (node->bits > bits && switch_test_subnet(ip, node->ip.v4, node->mask.v4)) {
+		if (node->bits >= bits && switch_test_subnet(ip, node->ip.v4, node->mask.v4)) {
 			if (node->ok) {
 				ok = SWITCH_TRUE;
 			} else {