Security: Enable CIDR for allow/deny play/publish (#2914)

* protocol/utility: add srs_ipv4_to_num * protocol/utility: add srs_ipv4_within_mask * protocol/utility: add srs_get_cidr_mask and CIDR_VALUES static struct * protocol/utility: add srs_get_cidr_ipv4 * app/security: support cidr ip ranges in allow/deny rules * conf: update security example with cidr ranges * Security: Enable CIDR for allow/deny play/publish * Security: Enable CIDR for allow/deny play/publish * Security: Enable CIDR for allow/deny play/publish * fix compile error on centos6 Co-authored-by: Matheus Macabu <macabu.matheus@gmail.com>
2025-03-09 15:49:59 +00:00 · 2022-03-11 12:24:35 +08:00 · 2022-03-11 12:24:35 +08:00 · 67ccd589c1
commit 67ccd589c1
parent 451b01011c
6 changed files with 219 additions and 1 deletions
--- a/trunk/conf/full.conf
+++ b/trunk/conf/full.conf
@ -967,16 +967,20 @@ vhost security.srs.com {
        # default: off
        enabled         on;
        # the security list, each item format as:
-        #       allow|deny    publish|play    all|<ip>
+        #       allow|deny    publish|play    all|<ip or cidr>
        # for example:
        #       allow           publish     all;
        #       deny            publish     all;
        #       allow           publish     127.0.0.1;
        #       deny            publish     127.0.0.1;
+        #       allow           publish     10.0.0.0/8;
+        #       deny            publish     10.0.0.0/8;
        #       allow           play        all;
        #       deny            play        all;
        #       allow           play        127.0.0.1;
        #       deny            play        127.0.0.1;
+        #       allow           play        10.0.0.0/8;
+        #       deny            play        10.0.0.0/8;
        # SRS apply the following simple strategies one by one:
        #       1. allow all if security disabled.
        #       2. default to deny all when security enabled.