[SR-Users] is_in_subnet & Multiple CIDR subnets
jay binks
jaybinks at gmail.com
Wed Jan 15 03:25:18 CET 2014
While I could to this as you said, my DB Server does not have inet_aton ...
( Im using db_cassandra )
My DB simply returns a single string with a list of comma separated values.
I then used s.select and while to achieve what I wanted.
$var(i) = 0;
while ( $(avp(i:2){s.select,$var(i),,}) != '' ) {
if (is_in_subnet( $si , $(avp(i:2){s.select,$var(i),,}) )) {
<< DO SOMETHING >>
break;
};
$var(i) = $var(i) + 1;
}
sorry for any confusion....
avp(i:2) looks like 192.168.1.0/24,172.16.1.0/24
this should be fine for now, but how good would it be if ipops module could
handle this in a single function call ?
On 14 January 2014 20:17, Daniel Tryba <daniel at pocos.nl> wrote:
> On Monday 13 January 2014 13:06:56 jay binks wrote:
> > So Im looking at a way of implementing IP Network ACL's in kamailio..
> >
> > block all except specific subnets etc..
> >
> [multiple cidrs]
> >
> > is there a benevolent kamailio developer on the list who is able to add
> > this simple feature for me ?
>
> I'm using mysql to do this, but a little math makes it work from any
> source.
> usr_preference contains stuff like 0.0.0.0/0 or something stricter,
> implicit
> denies for users without acl records.
>
> route[ACL]
> {
> if(!avp_db_query("select value from usr_preferences where
> username='$au' and attribute='acl' and
> inet_aton(substring_index(value,'/',1))&(1 << 32) - 1 & ~((1 << (32 -
> substring_index(value,'/',-1))) - 1)=inet_aton('$si')&(1 << 32) - 1 & ~((1
> <<
> (32 - substring_index(value,'/',-1))) - 1)"))
> {
> sl_send_reply("403", "Not Allowed by ACL");
> exit;
> }
>
> return;
> }
>
>
> --
>
> POCOS B.V. - Croy 9c - 5653 LC Eindhoven
> Telefoon: 040 293 8661 - Fax: 040 293 8658
> http://www.pocos.nl/ - http://www.sipo.nl/
> K.v.K. Eindhoven 17097024
>
--
Sincerely
Jay
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20140115/04a0c8e5/attachment.html>
More information about the sr-users
mailing list