[SR-Users] allow_trusted and ipv6 addresses
Anthony Messina
amessina at messinet.com
Tue Feb 24 13:01:31 CET 2015
On Tuesday, February 24, 2015 12:35:54 Daniel-Constantin Mierla wrote:
> On 24/02/15 00:05, Anthony Messina wrote:
> > On Monday, February 23, 2015 09:53:08 AM Daniel-Constantin Mierla wrote:
> >> trusted does string comparison for the address field, it is not
> >> considered an ip address.
> >>
> >> You should use address table instead if you just need matching on any ip
> >> address or subnet.
> >
> > That's interesting. Is there a reason for the string comparison? Reading
> > the README, trusted and address functions look incredibly similar,
> > except trusted can match proto, and the address commands can match
> > ports. What would be the advantage or use case of using either trusted
> > or address?
>
> I am not the developer of that function and haven't used it for a while.
> IIRC, it was added like 2003-2004 and kept being so. I use address table
> as it has more features in matching subnets and does pre-compilation of
> ip addresses, thus is fast.
>
> If someone provides a patch for doing ip-based comparison for trusted
> table, it will be accepted. The C helper functions are available, so the
> patch should not be big (ipops module can be used as example of C code
> for comparing ip addresses).
> Cheers,
> Daniel
Understood. I am using the address table as well for that very reason. I
just didn't know if it was an *intentional* difference. Thanks. -A
--
Anthony - https://messinet.com/ - https://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20150224/387b331e/attachment.sig>
More information about the sr-users
mailing list