[Serusers] permission module
Hakan YASTI
hakanyasti at gmail.com
Thu Mar 2 10:12:30 CET 2006
Hi,
I am trying to use permissions module. At configuration side everything seems ok. when an invite comes to ser, gets the source ip of the invite and select a query from the trusted table. But every time, when correlates the from_pattern and proto, they mismatch ( I SUPPOSE ). Is there any trick at from_pattern ? I have tried so many values like
.* , sip:.*,empty,^sip:.* and etc. Here is my ser.cfg, logs.
Hakan.
loadmodule "/usr/local/lib/ser/modules/permissions.so"
# -- permissions parameters -- #
modparam("permissions", "db_url", "postgres://xxxxx:xxxx@ip_address/xxxxx")
modparam("permissions", "db_mode", 0)
modparam("permissions", "trusted_table", "trusted")
modparam("permissions", "source_col", "src_ip")
modparam("permissions", "proto_col", "proto")
modparam("permissions", "from_col", "from_pattern")
if (method=="INVITE") {
if (!allow_trusted()) {
log("THE IP ADDRESS IS NOT ALLOWED");
sl_send_reply("403","ONLY REGISTERED USERS ALLOWED ");
break;
}
########### SER LOG #############
2(69289) SIP Request:
2(69289) method:
2(69289) uri:
2(69289) version:
2(69289) parse_headers: flags=1
2(69289) Found param type 232, = ; state=16
2(69289) end of header reached, state=5
2(69289) parse_headers: Via found, flags=1
2(69289) parse_headers: this is the first via
2(69289) After parse_msg...
2(69289) preparing to run routing scripts...
2(69289) parse_headers: flags=128
2(69289) DEBUG:maxfwd:is_maxfwd_present: value = 70
2(69289) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
2(69289) parse_headers: flags=8
2(69289) DEBUG: add_param: tag=1c681629589
2(69289) end of header reached, state=29
2(69289) grep_sock_info - checking if host==us: 9==10 && [gi.com.tr] == [84.51.32.8]
2(69289) grep_sock_info - checking if port 5060 matches port 5060
2(69289) grep_sock_info - checking if host==us: 9==9 && [gi.com.tr] == [127.0.0.1]
2(69289) grep_sock_info - checking if port 5060 matches port 5060
2(69289) grep_sock_info - checking if host==us: 9==10 && [gi.com.tr] == [84.51.32.8]
2(69289) grep_sock_info - checking if port 5060 matches port 5060
2(69289) grep_sock_info - checking if host==us: 9==9 && [gi.com.tr] == [127.0.0.1]
2(69289) grep_sock_info - checking if port 5060 matches port 5060
2(69289) val2str(): converting 84.51.32.26, 11
2(69289) PG[217] str2valp got string udp
2(69289) PG[217] str2valp got string sip:90224765321 at gi.com.tr
2(69289) NOT TRUSTED IP 2(69289) parse_headers: flags=4
2(69289) end of header reached, state=9
2(69289) DEBUG: get_hdr_field: [40]; uri=[sip:02124440111 at gi.com.tr;user=phone]
2(69289) DEBUG: to body [
]
2(69289) parse_headers: flags=-1
2(69289) get_hdr_field: cseq : <1>
2(69289) DEBUG: get_hdr_body : content_length=267
2(69289) found end of header
2(69289) check_via_address(84.51.32.26, 84.51.32.26, 1)
2(69289) DEBUG:destroy_avp_list: destroying list 0x0
2(69289) receive_msg: cleaning up
3(69290) SIP Request:
3(69290) method:
3(69290) uri:
3(69290) version:
3(69290) parse_headers: flags=1
3(69290) Found param type 232, = ; state=16
3(69290) end of header reached, state=5
3(69290) parse_headers: Via found, flags=1
3(69290) parse_headers: this is the first via
3(69290) After parse_msg...
3(69290) preparing to run routing scripts...
3(69290) parse_headers: flags=4
3(69290) DEBUG: add_param: tag=26a82380ee921ee699cdfa26683b3165.bcf6
3(69290) end of header reached, state=29
3(69290) DEBUG: get_hdr_field: [82]; uri=[sip:02124440111 at gi.com.tr;user=phone]
3(69290) DEBUG: to body []
3(69290) DEBUG: sl_filter_ACK : local ACK found -> dropping it!
3(69290) DEBUG:destroy_avp_list: destroying list 0x0
3(69290) receive_msg: cleaning up
######### NGREP LOGS ################
U 84.51.32.26:5060 -> 84.51.32.8:5060
INVITE sip:02124440111 at gi.com.tr;user=phone SIP/2.0.
Via: SIP/2.0/UDP 84.51.32.26;branch=z9hG4bKaccQkWrLg.
Max-Forwards: 70.
From: "902247654321" ;tag=1c681629589.
To: .
Call-ID: 395527579dNhC at 84.51.32.26.
CSeq: 1 INVITE.
Contact: .
Supported: em,100rel,timer,replaces,path.
Allow: REGISTER,OPTIONS,INVITE,ACK,CANCEL,BYE,NOTIFY,PRACK,REFER,INFO,SUBSCRIBE,UPDATE.
Session-Expires: 3600.
Min-SE: 90.
User-Agent: Audiocodes-Sip-Gateway-MP-104 FXS/v.4.40.200.371.
Content-Type: application/sdp.
Content-Length: 267.
.
v=0.
o=AudiocodesGW 440639 653740 IN IP4 84.51.32.26.
s=Phone-Call.
c=IN IP4 84.51.32.26.
t=0 0.
m=audio 4010 RTP/AVP 18 8 96.
a=rtpmap:18 g729/8000.
a=fmtp:18 annexb=no.
a=rtpmap:8 pcma/8000.
a=rtpmap:96 telephone-event/8000.
a=fmtp:96 0-15.
a=ptime:40.
a=sendrecv.
#
U 84.51.32.8:5060 -> 84.51.32.26:5060
SIP/2.0 403 ONLY REGISTERED USERS.....
Via: SIP/2.0/UDP 84.51.32.26;branch=z9hG4bKaccQkWrLg.
From: "902247654321" ;tag=1c681629589.
To: ;tag=26a82380ee921ee699cdfa26683b3165.bcf6.
Call-ID: 395527579dNhC at 84.51.32.26.
CSeq: 1 INVITE.
Server: Sip EXpress router (0.9.3 (i386/freebsd)).
Content-Length: 0.
Warning: 392 84.51.32.8:5060 "Noisy feedback tells: pid=69289 req_src_ip=84.51.32.26 req_src_port=5060 in_uri=sip:02124440111 at gi.com.tr;user=phone out_uri=sip:02124440111 at gi.com.tr;user=phone via_cnt==1".
.
#
U 84.51.32.26:5060 -> 84.51.32.8:5060
ACK sip:02124440111 at gi.com.tr;user=phone SIP/2.0.
Via: SIP/2.0/UDP 84.51.32.26;branch=z9hG4bKaccQkWrLg.
Max-Forwards: 70.
From: "902247654321" ;tag=1c681629589.
To: ;tag=26a82380ee921ee699cdfa26683b3165.bcf6.
Call-ID: 395527579dNhC at 84.51.32.26.
CSeq: 1 ACK.
Contact: .
Supported: em,timer,replaces,path.
Allow: REGISTER,OPTIONS,INVITE,ACK,CANCEL,BYE,NOTIFY,PRACK,REFER,INFO,SUBSCRIBE,UPDATE.
User-Agent: Audiocodes-Sip-Gateway-MP-104 FXS/v.4.40.200.371.
Content-Length: 0.
#################################
Tried another value for from_pattern...
3(69290) val2str(): converting 84.51.32.26, 11
3(69290) PG[217] str2valp got string udp
3(69290) PG[217] str2valp got string "90224765321"
select * from trusted;
src_ip | proto | from_pattern
-------------+-------+---------------
84.51.32.25 | udp | "90224765321"
84.51.32.26 | udp | "90224765321"
(2 rows)
.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20060302/5bf155c8/attachment.htm>
More information about the sr-users
mailing list