
<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

  </head>

  <body>

    <p>Hmm, do you have port set for the records in the address table? I

      notice you print it in the log message...</p>

    <p>Cheers,<br>

      Daniel<br>

    </p>

    <div class="moz-cite-prefix">On 18.05.21 11:15, Romain Untereiner

      wrote:<br>

    </div>

    <blockquote type="cite"

      cite="mid:045797a5-d71c-4a3b-afd0-d9b8301373fe@Spark">

      <meta http-equiv="content-type" content="text/html; charset=UTF-8">

      <title></title>

      <div name="messageBodySection">

        <div dir="auto">Hello Daniel,<br>

          <br>

          Thanks for your quick answer! <br>

          <br>

          I indeed need to identify the group ID too.<br>

          <br>

          Here’s how I handle it (inspired from <a

href="https://kamailio.org/docs/modules/5.5.x/modules/permissions.html#permissions.f.allow_source_address"

            target="_blank" moz-do-not-send="true">https://kamailio.org/docs/modules/5.5.x/modules/permissions.html#permissions.f.allow_source_address</a>):<br>

          <br>

          ‘''<br>

          $var(group) = allow_source_address_group();<br>

          <br>

          if ($var(group) != -1) {<br>

              xlog("L_INFO", "$si : $sp is allowed through group:

          $var(group)\n");<br>

              [...]<br>

          } else {<br>

              xlog("L_INFO", "$si : $sp is not allowed -

          allow_source_address_group returned -1\n");<br>

              xlog("L_INFO", "Rejecting $ci with 403 'Forbidden'\n");<br>

              sl_send_reply("403", "Forbidden");<br>

              exit;<br>

          }<br>

          ‘''<br>

          <br>

          Best regards,</div>

      </div>

      <div name="messageSignatureSection"><br>

        <div class="matchFont"><b>Romain Untereiner</b><br>

          Co founder at <a href="https://www.cantoo.co"

            moz-do-not-send="true"><i>Cantoo</i></a><br>

          <a href="www.cantoo.co" moz-do-not-send="true">www.cantoo.co</a></div>

      </div>

      <div name="messageReplySection">Le 18 mai 2021 à 08:44 +0200,

        Daniel-Constantin Mierla <a class="moz-txt-link-rfc2396E" href="mailto:miconda@gmail.com"><miconda@gmail.com></a>, a écrit :<br>

        <blockquote type="cite" style="border-left-color: grey;

          border-left-width: thin; border-left-style: solid; margin: 5px

          5px;padding-left: 10px;">Hello,<br>

          <br>

          On 17.05.21 12:11, Romain Untereiner wrote:<br>

          <blockquote type="cite">Hello all,<br>

            <br>

            I am having some trouble with Permissions module of

            Kamailio,<br>

            regarding the allow_source_address_group() function. In

            99.9% of the<br>

            cases the IP of our partner is allowed as expected, but

            randomly it<br>

            can fail (returning -1 for the same IP address that was

            allowed for<br>

            many other calls in the meantime). <br>

            <br>

            I can’t understand why it fails and why only « sometimes » -

            I confirm<br>

            this append on the same Kamailio box, with same IP and Port

            of the<br>

            partner.<br>

            <br>

            In my custom logs:<br>

            « X.X.X.X:YYYY is allowed through group Z » —> as

            expected<br>

            and sometimes (like 1% of the cases): « X.X.X.X:YYYY is not

            allowed<br>

            -  allow_source_address_group returned -1»<br>

            <br>

            It is maybe to note that in the address table, this range is

            defined<br>

            as /24 and not /32. Until now it never happened on /32

            defined address<br>

            but I don’t know if it can be correlated.<br>

            <br>

            Would someone have a clue on this?<br>

            <br>

            Versions:<br>

            - kamailio 5.5.0 (x86_64/linux) d4c1a1<br>

            - debian 9 stretch<br>

            - postgresql 11.7<br>

          </blockquote>

          <br>

          how do you test the return code of the function? Paste here

          the snippet<br>

          of the config where the function is used.<br>

          <br>

          Then, do you really need the goup id of the address or just to

          match the<br>

          address?<br>

          <br>

          Cheers,<br>

          Daniel<br>

          <br>

          --<br>

          Daniel-Constantin Mierla -- <a class="moz-txt-link-abbreviated" href="http://www.asipto.com">www.asipto.com</a><br>

          <a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a><br>

          Kamailio Advanced Training - Online<br>

          May 17-20, 2021 (Europe Timezone) - June 7-10, 2021 (America

          Timezone)<br>

          * <a class="moz-txt-link-freetext" href="https://www.asipto.com/sw/kamailio-advanced-training-online/">https://www.asipto.com/sw/kamailio-advanced-training-online/</a><br>

          <br>

        </blockquote>

      </div>

    </blockquote>

    <pre class="moz-signature" cols="72">-- 

Daniel-Constantin Mierla -- <a class="moz-txt-link-abbreviated" href="http://www.asipto.com">www.asipto.com</a>

<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a>

Kamailio Advanced Training - Online

May 17-20, 2021 (Europe Timezone) - June 7-10, 2021 (America Timezone)

  * <a class="moz-txt-link-freetext" href="https://www.asipto.com/sw/kamailio-advanced-training-online/">https://www.asipto.com/sw/kamailio-advanced-training-online/</a></pre>

  </body>

</html>