conditional on secfilter seems does not work or how to do it

List overview All Threads
Download

newer

older

Segfault starting kamailio,...

Kamailio drop call with Teams

PICCORO McKAY Lenz

11 Aug 2020 11 Aug '20

7:42 p.m.

I implemented secfilter in a simple way, in first step routing put that conditional for black list check that already works:

``` secf_check_ip(); if ($? == -2) { xlog("L_ALERT", "$rm from $si is blacklisted"); drop(); } ```

BUT NOW i want to change to whitelick checks, so i reviewed the docs and "2" is resulting for whitelist, so then i said "if not whitelisted so block" using "!= 2" as on https://www.kamailio.org/wiki/cookbooks/5.3.x/core#operators BUT SEEMS DOES NOT WORK: that is the code:

``` secf_check_ip(); if ($? != 2) { xlog("L_ALERT", "$rm from $si is not in whitelist, block"); drop(); } ```

when i tested all the calls passed not matter if are in the table or not as whitelist!

I want able to call only if are present and whitelisted the ip address.. so i also tested with:

``` secf_check_ip(); if ($? == 0) { xlog("L_ALERT", "$rm from $si is not present, so block"); drop(); } ```

to check if the ip address are presented in the table but call also passed and must not cos i not put never a entry in the table!

Lenz McKAY Gerardo (PICCORO) http://qgqlochekone.blogspot.com

Attachments:

attachment.html (text/html — 9.8 KB)

Show replies by date

Pepelux

12 Aug 12 Aug

2:30 p.m.

Hi there

It must work fine. I've just tested it:

kamailio.cfg xinfo("Checking source IP $si"); secf_check_ip(); xinfo("Result of sec_check_ip: $?");

kamailio.log Aug 12 16:17:38 pepelux /usr/local/sbin/kamailio[23304]: INFO: <script>: Checking source IP 85.XXX.YYY.54 Aug 12 16:17:38 pepelux /usr/local/sbin/kamailio[23304]: INFO: <script>: Result of sec_check_ip: 2

# kamcmd secfilter.print ip IP Address ========== [+] Blacklisted -----------

[+] Whitelisted ----------- 0001 -> 85.XXX.YYY.54

Are you sure that the secf_check_ip() function is executed? Could you put a log before or after to verify it?

On the other hand, 0 is not a possible return value. If the IP address is not found, the return value will be 1:

[image: image.png]

Regards

On Tue, 11 Aug 2020 at 21:47, PICCORO McKAY Lenz mckaygerhard@gmail.com wrote:

...

I implemented secfilter in a simple way, in first step routing put that conditional for black list check that already works:
        secf_check_ip();
        if ($? == -2) {
                xlog("L_ALERT", "$rm from $si is blacklisted");
                drop();
        }
BUT NOW i want to change to whitelick checks, so i reviewed the docs and "2" is resulting for whitelist, so then i said "if not whitelisted so block" using "!= 2" as on https://www.kamailio.org/wiki/cookbooks/5.3.x/core#operators BUT SEEMS DOES NOT WORK: that is the code:
        secf_check_ip();
        if ($? != 2) {
                xlog("L_ALERT", "$rm from $si is not in whitelist, block");
                drop();
        }
when i tested all the calls passed not matter if are in the table or not as whitelist!

I want able to call only if are present and whitelisted the ip address.. so i also tested with:
        secf_check_ip();
        if ($? == 0) {
                xlog("L_ALERT", "$rm from $si is not present, so block");
                drop();
        }
to check if the ip address are presented in the table but call also passed and must not cos i not put never a entry in the table!

Lenz McKAY Gerardo (PICCORO) http://qgqlochekone.blogspot.com _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

PICCORO McKAY Lenz

13 Aug 13 Aug

12:47 a.m.

El mié., 12 de ago. de 2020 a la(s) 10:30, Pepelux (pepeluxx@gmail.com) escribió:

...

Hi there

It must work fine. I've just tested it:

no! i found the problem.. i forgot to say that we updated the table dynamically and later noted in the documentation this: there's no sense in having a table if we cannot load and use data in real-time!

-> "All data will be loaded into memory when the module is started. There is an RPC reload command to update all the data from database."

https://www.kamailio.org/docs/modules/devel/modules/secfilter.html#idm19 so stupid.. htable logic is better, cos runs dynamically..

puff this module are so inflexible!

...

kamailio.cfg xinfo("Checking source IP $si"); secf_check_ip(); xinfo("Result of sec_check_ip: $?");

kamailio.log Aug 12 16:17:38 pepelux /usr/local/sbin/kamailio[23304]: INFO:

<script>: Checking source IP 85.XXX.YYY.54 Aug 12 16:17:38 pepelux /usr/local/sbin/kamailio[23304]: INFO: <script>: Result of sec_check_ip: 2 # kamcmd secfilter.print ip IP Address ========== [+] Blacklisted ----------- [+] Whitelisted ----------- 0001 -> 85.XXX.YYY.54 Are you sure that the secf_check_ip() function is executed? Could you put a log before or after to verify it? On the other hand, 0 is not a possible return value. If the IP address is not found, the return value will be 1: [image: image.png] Regards On Tue, 11 Aug 2020 at 21:47, PICCORO McKAY Lenz <mckaygerhard@gmail.com> wrote: > > I implemented secfilter in a simple way, in first step routing put that > conditional for black list check that already works: > > ``` > secf_check_ip(); > if ($? == -2) { > xlog("L_ALERT", "$rm from $si is blacklisted"); > drop(); > } > ``` > > > > BUT NOW i want to change to whitelick checks, so i reviewed the docs and > "2" is resulting for whitelist, so then i said "if not whitelisted so > block" using "!= 2" as on > https://www.kamailio.org/wiki/cookbooks/5.3.x/core#operators BUT SEEMS > DOES NOT WORK: that is the code: > > ``` > secf_check_ip(); > if ($? != 2) { > xlog("L_ALERT", "$rm from $si is not in whitelist, block"); > drop(); > } > ``` > > > > when i tested all the calls passed not matter if are in the table or not > as whitelist! > > I want able to call only if are present and whitelisted the ip address.. > so i also tested with: > > ``` > secf_check_ip(); > if ($? == 0) { > xlog("L_ALERT", "$rm from $si is not present, so block"); > drop(); > } > ``` > > > > to check if the ip address are presented in the table but call also > passed and must not cos i not put never a entry in the table! > > > Lenz McKAY Gerardo (PICCORO) > http://qgqlochekone.blogspot.com > _______________________________________________ > Kamailio (SER) - Users Mailing List > sr-users@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Victor Seva

14 Aug 14 Aug

6:26 a.m.

El jue., 13 ago. 2020 3:06, PICCORO McKAY Lenz mckaygerhard@gmail.com escribió:

...

El mié., 12 de ago. de 2020 a la(s) 10:30, Pepelux (pepeluxx@gmail.com) escribió:

...
Hi there

It must work fine. I've just tested it:

no! i found the problem.. i forgot to say that we updated the table dynamically and later noted in the documentation this: there's no sense in having a table if we cannot load and use data in real-time!

-> "All data will be loaded into memory when the module is started. There is an RPC reload command to update all the data from database."

https://www.kamailio.org/docs/modules/devel/modules/secfilter.html#idm19 so stupid.. htable logic is better, cos runs dynamically..

puff this module are so inflexible

Another example of your toxic behaviour. Every time, you know better, things are stupid, etc...

I'm already tired of this.

...

1654

Age (days ago)

1657

Last active (days ago)

sr-users@lists.kamailio.org

3 comments

3 participants

tags (0)

participants (3)

Pepelux
PICCORO McKAY Lenz
Victor Seva