[Serusers] permission module

Miklos Tirpak miklos at iptel.org
Thu Mar 2 10:38:36 CET 2006 

Hi Hakan,

Does the From header really look like this???
From: "902247654321" ;tag=1c681629589

It is incorrect, and of course the To and Contact headers are also 
incorrect.

Miklos

Hakan YASTI wrote:
> Hi,
> I am trying to use permissions module. At configuration side everything 
> seems ok. when an invite comes to ser, gets the source ip of the invite 
> and select a query from the trusted table. But every time, when 
> correlates the from_pattern and proto, they mismatch ( I SUPPOSE ). Is 
> there any trick at from_pattern ? I have tried so many values like
> .* , sip:.*,empty,^sip:.* and etc. Here is my ser.cfg, logs.
> 
> Hakan.
> 
> loadmodule "/usr/local/lib/ser/modules/permissions.so"
> # -- permissions parameters -- #
> 
> modparam("permissions", "db_url", "postgres://xxxxx:xxxx@ip_address/xxxxx")
> modparam("permissions", "db_mode", 0)
> modparam("permissions", "trusted_table", "trusted")
> modparam("permissions", "source_col", "src_ip")
> modparam("permissions", "proto_col", "proto")
> modparam("permissions", "from_col", "from_pattern")
> 
> if (method=="INVITE") {
> if (!allow_trusted()) {
> log("THE IP ADDRESS IS NOT ALLOWED");
> sl_send_reply("403","ONLY REGISTERED USERS ALLOWED ");
> break;
> }
> 
> 
> 
> ########### SER LOG #############
> 
> 2(69289) SIP Request:
> 2(69289) method:
> 2(69289) uri:
> 2(69289) version:
> 2(69289) parse_headers: flags=1
> 2(69289) Found param type 232, = ; state=16
> 2(69289) end of header reached, state=5
> 2(69289) parse_headers: Via found, flags=1
> 2(69289) parse_headers: this is the first via
> 2(69289) After parse_msg...
> 2(69289) preparing to run routing scripts...
> 2(69289) parse_headers: flags=128
> 2(69289) DEBUG:maxfwd:is_maxfwd_present: value = 70
> 2(69289) DBG:maxfwd:process_maxfwd_header: value 70 decreased to 16
> 2(69289) parse_headers: flags=8
> 2(69289) DEBUG: add_param: tag=1c681629589
> 2(69289) end of header reached, state=29
> 2(69289) grep_sock_info - checking if host==us: 9==10 && [gi.com.tr] == 
> [84.51.32.8]
> 2(69289) grep_sock_info - checking if port 5060 matches port 5060
> 2(69289) grep_sock_info - checking if host==us: 9==9 && [gi.com.tr] == 
> [127.0.0.1]
> 2(69289) grep_sock_info - checking if port 5060 matches port 5060
> 2(69289) grep_sock_info - checking if host==us: 9==10 && [gi.com.tr] == 
> [84.51.32.8]
> 2(69289) grep_sock_info - checking if port 5060 matches port 5060
> 2(69289) grep_sock_info - checking if host==us: 9==9 && [gi.com.tr] == 
> [127.0.0.1]
> 2(69289) grep_sock_info - checking if port 5060 matches port 5060
> 2(69289) val2str(): converting 84.51.32.26, 11
> 2(69289) PG[217] str2valp got string udp
> 2(69289) PG[217] str2valp got string sip:90224765321 at gi.com.tr
> 2(69289) NOT TRUSTED IP 2(69289) parse_headers: flags=4
> 2(69289) end of header reached, state=9
> 2(69289) DEBUG: get_hdr_field: [40]; 
> uri=[sip:02124440111 at gi.com.tr;user=phone]
> 2(69289) DEBUG: to body [
> ]
> 2(69289) parse_headers: flags=-1
> 2(69289) get_hdr_field: cseq : <1>
> 2(69289) DEBUG: get_hdr_body : content_length=267
> 2(69289) found end of header
> 2(69289) check_via_address(84.51.32.26, 84.51.32.26, 1)
> 2(69289) DEBUG:destroy_avp_list: destroying list 0x0
> 2(69289) receive_msg: cleaning up
> 3(69290) SIP Request:
> 3(69290) method:
> 3(69290) uri:
> 3(69290) version:
> 3(69290) parse_headers: flags=1
> 3(69290) Found param type 232, = ; state=16
> 3(69290) end of header reached, state=5
> 3(69290) parse_headers: Via found, flags=1
> 3(69290) parse_headers: this is the first via
> 3(69290) After parse_msg...
> 3(69290) preparing to run routing scripts...
> 3(69290) parse_headers: flags=4
> 3(69290) DEBUG: add_param: tag=26a82380ee921ee699cdfa26683b3165.bcf6
> 3(69290) end of header reached, state=29
> 3(69290) DEBUG: get_hdr_field: [82]; 
> uri=[sip:02124440111 at gi.com.tr;user=phone]
> 3(69290) DEBUG: to body []
> 3(69290) DEBUG: sl_filter_ACK : local ACK found -> dropping it!
> 3(69290) DEBUG:destroy_avp_list: destroying list 0x0
> 3(69290) receive_msg: cleaning up
> 
> 
> 
> 
> ######### NGREP LOGS ################
> 
> U 84.51.32.26:5060 -> 84.51.32.8:5060
> INVITE sip:02124440111 at gi.com.tr;user=phone SIP/2.0.
> Via: SIP/2.0/UDP 84.51.32.26;branch=z9hG4bKaccQkWrLg.
> Max-Forwards: 70.
> From: "902247654321" ;tag=1c681629589.
> To: .
> Call-ID: *395527579dNhC at 84.51.32.26.* <mailto:395527579dNhC at 84.51.32.26.>
> CSeq: 1 INVITE.
> Contact: .
> Supported: em,100rel,timer,replaces,path.
> Allow: 
> REGISTER,OPTIONS,INVITE,ACK,CANCEL,BYE,NOTIFY,PRACK,REFER,INFO,SUBSCRIBE,UPDATE.
> Session-Expires: 3600.
> Min-SE: 90.
> User-Agent: Audiocodes-Sip-Gateway-MP-104 FXS/v.4.40.200.371.
> Content-Type: application/sdp.
> Content-Length: 267.
> .
> v=0.
> o=AudiocodesGW 440639 653740 IN IP4 84.51.32.26.
> s=Phone-Call.
> c=IN IP4 84.51.32.26.
> t=0 0.
> m=audio 4010 RTP/AVP 18 8 96.
> a=rtpmap:18 g729/8000.
> a=fmtp:18 annexb=no.
> a=rtpmap:8 pcma/8000.
> a=rtpmap:96 telephone-event/8000.
> a=fmtp:96 0-15.
> a=ptime:40.
> a=sendrecv.
> 
> #
> U 84.51.32.8:5060 -> 84.51.32.26:5060
> SIP/2.0 403 ONLY REGISTERED USERS.....
> Via: SIP/2.0/UDP 84.51.32.26;branch=z9hG4bKaccQkWrLg.
> From: "902247654321" ;tag=1c681629589.
> To: ;tag=26a82380ee921ee699cdfa26683b3165.bcf6.
> Call-ID: *395527579dNhC at 84.51.32.26.* <mailto:395527579dNhC at 84.51.32.26.>
> CSeq: 1 INVITE.
> Server: Sip EXpress router (0.9.3 (i386/freebsd)).
> Content-Length: 0.
> Warning: 392 84.51.32.8:5060 "Noisy feedback tells: pid=69289 
> req_src_ip=84.51.32.26 req_src_port=5060 
> in_uri=sip:02124440111 at gi.com.tr;user=phone 
> out_uri=sip:02124440111 at gi.com.tr;user=phone via_cnt==1".
> .
> 
> #
> U 84.51.32.26:5060 -> 84.51.32.8:5060
> ACK sip:02124440111 at gi.com.tr;user=phone SIP/2.0.
> Via: SIP/2.0/UDP 84.51.32.26;branch=z9hG4bKaccQkWrLg.
> Max-Forwards: 70.
> From: "902247654321" ;tag=1c681629589.
> To: ;tag=26a82380ee921ee699cdfa26683b3165.bcf6.
> Call-ID: *395527579dNhC at 84.51.32.26.* <mailto:395527579dNhC at 84.51.32.26.>
> CSeq: 1 ACK.
> Contact: .
> Supported: em,timer,replaces,path.
> Allow: 
> REGISTER,OPTIONS,INVITE,ACK,CANCEL,BYE,NOTIFY,PRACK,REFER,INFO,SUBSCRIBE,UPDATE.
> User-Agent: Audiocodes-Sip-Gateway-MP-104 FXS/v.4.40.200.371.
> Content-Length: 0.
> 
> #################################
> Tried another value for from_pattern...
> 
> 3(69290) val2str(): converting 84.51.32.26, 11
> 3(69290) PG[217] str2valp got string udp
> 3(69290) PG[217] str2valp got string "90224765321"
> 
> 
> 
> select * from trusted;
> src_ip | proto | from_pattern
> -------------+-------+---------------
> 84.51.32.25 | udp | "90224765321"
> 84.51.32.26 | udp | "90224765321"
> (2 rows)
> .
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers

More information about the sr-users mailing list