Hi, some time ago I asked if allow_source_address_group() gives preference to the entries in 'address' table with lowest mask. I was replied that such case is not analyzed.
But the fact is that in my tests it just works:
Entry 1: - grp = 1 - ip_addr = 9.9.9.9 - mask = 32
Entry 2: - grp = 2 - ip_addr = 9.9.9.0 - mask = 24
I send a request from IP 9.9.9.9 and the function allow_source_address_group() always returns "1", it doesn't matter if the entry 1 appears before or after the entry 2, neither their "id" value. So it works as I expected (even if it's not explained in the documentation).
However after checking the module code it seems that there are just two cases: - IP addresses (mask = 32). - Subnets (mask != 32).
So first the source address is always matched against he address hash, and if it doesn't match then it is matched against the subnet hash, but in this last case it is not taken into account any kind of priority based on mask value, am I right?
Could somebody confirm it please? Thanks.
Iñaki Baz Castillo writes:
However after checking the module code it seems that there are just two cases:
- IP addresses (mask = 32).
- Subnets (mask != 32).
So first the source address is always matched against he address hash, and if it doesn't match then it is matched against the subnet hash, but in this last case it is not taken into account any kind of priority based on mask value, am I right?
yes, if address does not match exactly, the any address/mask that matches results in success.
-- juha
Iñaki,
Maybe you can try with 2 masks that are not 32. example:
Entry 1: - grp = 1 - ip_addr = 9.9.9.128 - mask = 25
Entry 2: - grp = 2 - ip_addr = 9.9.9.0 - mask = 24
And then verify if the order or id matters. But as per Juha's comment, the result can be unpredictable. Maybe we an develop an exported function that can take into account the mask to get the most exact entry.
Cheers, Uriel
On Wed, Apr 28, 2010 at 2:13 PM, Juha Heinanen jh@tutpro.com wrote:
Iñaki Baz Castillo writes:
However after checking the module code it seems that there are just two cases:
- IP addresses (mask = 32).
- Subnets (mask != 32).
So first the source address is always matched against he address hash, and if it doesn't match then it is matched against the subnet hash, but in this last case it is not taken into account any kind of priority based on mask value, am I right?
yes, if address does not match exactly, the any address/mask that matches results in success.
-- juha
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
2010/4/28 Uriel Rozenbaum uriel.rozenbaum@gmail.com:
Iñaki,
Maybe you can try with 2 masks that are not 32. example:
Entry 1:
- grp = 1
- ip_addr = 9.9.9.128
- mask = 25
Entry 2:
- grp = 2
- ip_addr = 9.9.9.0
- mask = 24
And then verify if the order or id matters. But as per Juha's comment, the result can be unpredictable.
Yes, it's also clear from the code. The subnets are matched until one matches, and that's all.
Maybe we can develop an exported function that can take into account the mask to get the most exact entry.
IMHO it shouldn't be an opcional parameter or a different exported function, but just the default behavior as it really makes sense (IMHO).
Regards.
-
Iñaki Baz Castillo -
Juha Heinanen -
Uriel Rozenbaum