[Serusers] Implementing a black list.
Evan Borgström
evan.borgstrom at ca.mci.com
Wed Jul 12 16:16:06 CEST 2006
To get the fm style matching you need to apply the attached patch
before building the avpops module (it also adds the ability to check
dst_ip, an unrelated but useful addition). Then in your usr_preferences
table add a new item like so:
INSERT INTO usr_preferences (uuid, attribute, value) VALUES
('prefix_list', 'deny', '00355*');
Next add the following modparam to the avpops module:
modparam("avpops", "avp_aliases", "plval=i:100;plfm=i:101")
If you already have other aliases simply append these new ones to your
existing list, finally when you want to check if you should block the
call do the following:
if (avp_db_load("prefix_list", "s:deny")) {
avp_write("$ruri/username", "$plval");
avp_copy("s:deny", "$plfm");
if (avp_check("$plval", "fm/$plfm/g")) {
sl_send_reply("488", "Call Denied By Prefix List");
break;
};
};
Writing $ruri/username & copying s:deny into aliases is the trick here
and what took me the most time digging through the avp_check code to
figure out. Once they're copied into aliases avp_check gladly checks
them where as it spits out errors if you try to use either of the values
as-is.
-Evan
Robert Zorop wrote:
> Hi, please can someone post how the avp module could help with this?.
>
> Christian, i think your idea works as well, but my problem is how to get
> diferent destinations blocked depending on the user, or IP the call is
> from.
>
>
>
> 2006/7/11, Greger V. Teigre <greger at teigre.com>:
>>
>> Please note that current ser 0.9.x does not have the fm style matching.
>> This was a small mod that was done to openser 0.9.4 (was it?) right
>> before
>> releasing (and that was never commited to ser).
>> However, the ser 0.9.x avpops module can be replaced with the openser
>> 0.9.4 avpops version.
>> g-)
>>
>>
>> Evan Borgström wrote:
>>
>> You can do it with the avpops module and a little crafty-ness. I did
>> something similar using this general logic.
>>
>> Store patterns in the database that will satisfy the fm style
>> matching
>> of the avpops module (ie. "sip:00355*"), then load them with avp_db_load
>> and then run over it with avp_check on $ruri/username using the fm
>> operator and the g flag to check them all. If the avp_check succeeds
>> then you block the call, if not let the call through.
>>
>> -Evan
>>
>> Robert Zorop wrote:
>>
>> Hi, thanks for the response. The problem i have is a lot of this
>> destinations to block. Does someone knows a scalable method to do it? . I
>> think that writing a hundred of this entry should be slow at lookup
>> time?..
>>
>>
>> 2006/7/10, CM0002 at aol.com <CM0002 at aol.com> <CM0002 at aol.com>:
>>
>> try this:
>>
>> # block expensive area codes
>> if (uri=~"^sip:00355[0-9].*@.*" <%5Esip:00355%5B0-9%5D.*@.*> |
>> uri=~"^sip:00358830[0-9].*@.*" <%5Esip:00358830%5B0-9%5D.*@.*> |
>> uri=~"^sip:001670.*@.*" <%5Esip:001670.*@.*> |
>> uri=~"^sip:001671.*@.*" <%5Esip:001671.*@.*> |
>> uri=~"^sip:00247[0-9].*@.*" <%5Esip:00247%5B0-9%5D.*@.*>
>> ) {
>> sl_send_reply("409", "Country not in plan");
>> break;
>> };
>>
>> regards Christian
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Serusers mailing list
>> Serusers at lists.iptel.orghttp://lists.iptel.org/mailman/listinfo/serusers
>>
>> _______________________________________________
>> Serusers mailing list
>> Serusers at lists.iptel.orghttp://lists.iptel.org/mailman/listinfo/serusers
>>
>>
>>
>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ser-mci-0.9.6-avpops_CVSHEAD.patch
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20060712/e075365c/attachment.asc>
More information about the sr-users
mailing list