diff options
| author | Anders Svensson <[email protected]> | 2013-06-05 13:56:04 +0200 |
|---|---|---|
| committer | Anders Svensson <[email protected]> | 2013-06-10 11:40:51 +0200 |
| commit | 9bbf27eb94877dea7229223de62d28f0d0206709 (patch) | |
| tree | f9df823bc006d49a88bd543f0197b710d076cec9 /lib/diameter/src/transport/diameter_tcp.erl | |
| parent | 0e42bec7ace7a42e6dc7de08e15b468746f463b3 (diff) | |
| download | otp-9bbf27eb94877dea7229223de62d28f0d0206709.tar.gz otp-9bbf27eb94877dea7229223de62d28f0d0206709.tar.bz2 otp-9bbf27eb94877dea7229223de62d28f0d0206709.zip | |
Let diameter_{tcp,sctp} be configured with permissible remote addresses
Option 'accept' allows remote addresses to be configured as tuples or
regular expressions. The remote addresses for any incoming (aka
accepted) connection/association are matched against the configured
values, any non-matching address causing the connection/association to
be aborted.
Diffstat (limited to 'lib/diameter/src/transport/diameter_tcp.erl')
| -rw-r--r-- | lib/diameter/src/transport/diameter_tcp.erl | 32 |
1 files changed, 27 insertions, 5 deletions
diff --git a/lib/diameter/src/transport/diameter_tcp.erl b/lib/diameter/src/transport/diameter_tcp.erl index ce54effab6..4d1b8bec51 100644 --- a/lib/diameter/src/transport/diameter_tcp.erl +++ b/lib/diameter/src/transport/diameter_tcp.erl @@ -85,12 +85,16 @@ -type connect_option() :: {raddr, inet:ip_address()} | {rport, pos_integer()} - | option() | {ssl_options, true | [ssl:connect_option()]} + | option() | ssl:connect_option() | gen_tcp:connect_option(). --type listen_option() :: option() +-type match() :: inet:ip_address() + | string() + | [match()]. + +-type listen_option() :: {accept, match()} | {ssl_options, true | [ssl:listen_option()]} | ssl:listen_option() | gen_tcp:listen_option(). @@ -241,8 +245,8 @@ laddr([{ip, Addr}], _, _) -> Addr. own(Opts) -> - {Own, Rest} = proplists:split(Opts, [fragment_timer]), - {lists:append(Own), Rest}. + {[Own], Rest} = proplists:split(Opts, [fragment_timer]), + {Own, Rest}. ssl(Opts) -> {[SslOpts], Rest} = proplists:split(Opts, [ssl_options]), @@ -271,9 +275,11 @@ init(Type, Ref, Mod, Pid, _, Opts, Addrs) -> %% init/6 init(accept = T, Ref, Mod, Pid, Opts, Addrs) -> - {LAddr, LSock} = listener(Ref, {Mod, Opts, Addrs}), + {[Matches], Rest} = proplists:split(Opts, [accept]), + {LAddr, LSock} = listener(Ref, {Mod, Rest, Addrs}), proc_lib:init_ack({ok, self(), [LAddr]}), Sock = ok(accept(Mod, LSock)), + ok = accept_peer(Mod, Sock, accept(Matches)), publish(Mod, T, Ref, Sock), diameter_peer:up(Pid), Sock; @@ -312,6 +318,22 @@ ok(No) -> x(Reason) -> exit({shutdown, Reason}). +%% accept_peer/3 + +accept_peer(_Mod, _Sock, []) -> + ok; + +accept_peer(Mod, Sock, Matches) -> + {RAddr, _} = ok(peername(Mod, Sock)), + diameter_peer:match([RAddr], Matches) + orelse x({accept, RAddr, Matches}), + ok. + +%% accept/1 + +accept(Opts) -> + [[M] || {accept, M} <- Opts]. + %% listener/2 listener(LRef, T) -> |