From 9bbf27eb94877dea7229223de62d28f0d0206709 Mon Sep 17 00:00:00 2001
From: Anders Svensson
Date: Wed, 5 Jun 2013 13:56:04 +0200
Subject: Let diameter_{tcp,sctp} be configured with permissible remote
addresses
Option 'accept' allows remote addresses to be configured as tuples or
regular expressions. The remote addresses for any incoming (aka
accepted) connection/association are matched against the configured
values, any non-matching address causing the connection/association to
be aborted.
---
lib/diameter/doc/src/diameter_sctp.xml | 22 +++++++++++++++++++---
lib/diameter/doc/src/diameter_tcp.xml | 15 ++++++++++++++-
2 files changed, 33 insertions(+), 4 deletions(-)
(limited to 'lib/diameter/doc')
diff --git a/lib/diameter/doc/src/diameter_sctp.xml b/lib/diameter/doc/src/diameter_sctp.xml
index df140b16b9..5fe14b1ef6 100644
--- a/lib/diameter/doc/src/diameter_sctp.xml
+++ b/lib/diameter/doc/src/diameter_sctp.xml
@@ -70,10 +70,15 @@ and implements the behaviour documented in
Type = connect | accept
Ref = &mod_transport_ref;
Svc = #diameter_service{}
-Opt = {raddr, &ip_address;} | {rport, integer()} | term()
+Opt = OwnOpt | SctpOpt
Pid = pid()
LAddr = &ip_address;
Reason = term()
+OwnOpt = {raddr, &ip_address;}
+ | {rport, integer()}
+ | {accept, Match}
+SctpOpt = term()
+Match = &ip_address; | string() | [Match]
@@ -85,9 +90,20 @@ Options raddr and rport specify the remote address
and port for a connecting transport and not valid for a listening
transport: the former is required while latter defaults to 3868 if
unspecified.
-More than one raddr option can be specified, in which case the
+Mupltiple raddr options can be specified, in which case the
connecting transport in question attempts each in sequence until
-an association is established.
+an association is established.
+
+
+Option accept specifies remote addresses for a listening
+transport and is not valid for a connecting transport.
+If specified, a remote address that does not match one of the
+specified addresses causes the association to be aborted.
+Multiple accept options can be specified.
+A string-valued Match that does not parse as an address is
+interpreted as a regular expression.
+
+
Remaining options are any accepted by &gen_sctp_open1;, with the exception
of options mode, binary, list, active
and sctp_events.
diff --git a/lib/diameter/doc/src/diameter_tcp.xml b/lib/diameter/doc/src/diameter_tcp.xml
index 8e509aa829..ce4d6cfd0f 100644
--- a/lib/diameter/doc/src/diameter_tcp.xml
+++ b/lib/diameter/doc/src/diameter_tcp.xml
@@ -96,10 +96,12 @@ before configuring TLS capability on diameter transports.
Reason = term()
OwnOpt = {raddr, &ip_address;}
| {rport, integer()}
+ | {accept, Match}
| {port, integer()}
| {fragment_timer, infinity | 0..16#FFFFFFFF}
SslOpt = {ssl_options, true | list()}
TcpOpt = term()
+Match = &ip_address; | string() | [Match]
@@ -109,7 +111,18 @@ The start function required by &man_transport;.
Options raddr and rport specify the remote address
and port for a connecting transport and are not valid for a listening
-transport.
+transport.
+
+
+Option accept specifies remote addresses for a listening
+transport and is not valid for a connecting transport.
+If specified, a remote address that does not match one of the
+specified addresses causes the connection to be aborted.
+Multiple accept options can be specified.
+A string-valued Match that does not parse as an address is
+interpreted as a regular expression.
+
+
Option ssl_options must be specified for a transport
that should support TLS: a value of true results in a
TLS handshake immediately upon connection establishment while
--
cgit v1.2.3