Hmm, do you have port set for the records in the address table? I notice you print it in the log message...
Cheers, Daniel
On 18.05.21 11:15, Romain Untereiner wrote:
Hello Daniel,
Thanks for your quick answer!
I indeed need to identify the group ID too.
Here’s how I handle it (inspired from https://kamailio.org/docs/modules/5.5.x/modules/permissions.html#permissions... https://kamailio.org/docs/modules/5.5.x/modules/permissions.html#permissions.f.allow_source_address):
‘'' $var(group) = allow_source_address_group();
if ($var(group) != -1) { xlog("L_INFO", "$si : $sp is allowed through group: $var(group)\n"); [...] } else { xlog("L_INFO", "$si : $sp is not allowed - allow_source_address_group returned -1\n"); xlog("L_INFO", "Rejecting $ci with 403 'Forbidden'\n"); sl_send_reply("403", "Forbidden"); exit; } ‘''
Best regards,
*Romain Untereiner* Co founder at /Cantoo/ https://www.cantoo.co www.cantoo.co <www.cantoo.co> Le 18 mai 2021 à 08:44 +0200, Daniel-Constantin Mierla miconda@gmail.com, a écrit :
Hello,
On 17.05.21 12:11, Romain Untereiner wrote:
Hello all,
I am having some trouble with Permissions module of Kamailio, regarding the allow_source_address_group() function. In 99.9% of the cases the IP of our partner is allowed as expected, but randomly it can fail (returning -1 for the same IP address that was allowed for many other calls in the meantime).
I can’t understand why it fails and why only « sometimes » - I confirm this append on the same Kamailio box, with same IP and Port of the partner.
In my custom logs: « X.X.X.X:YYYY is allowed through group Z » —> as expected and sometimes (like 1% of the cases): « X.X.X.X:YYYY is not allowed - allow_source_address_group returned -1»
It is maybe to note that in the address table, this range is defined as /24 and not /32. Until now it never happened on /32 defined address but I don’t know if it can be correlated.
Would someone have a clue on this?
Versions:
- kamailio 5.5.0 (x86_64/linux) d4c1a1
- debian 9 stretch
- postgresql 11.7
how do you test the return code of the function? Paste here the snippet of the config where the function is used.
Then, do you really need the goup id of the address or just to match the address?
Cheers, Daniel
-- Daniel-Constantin Mierla -- www.asipto.com www.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio Advanced Training - Online May 17-20, 2021 (Europe Timezone) - June 7-10, 2021 (America Timezone)