[SR-Users] how can I use WITH_IPAUTH when the IP may be stored in the DB as a FQDN?
canuck15
canuck15 at hotmail.com
Wed Mar 11 19:13:38 CET 2015
After further investigation I am considering the ipops module
dns_query() command.
http://kamailio.org/docs/modules/4.3.x/modules/ipops.html
It needs to be fast to prevent a bottleneck so I have a few things I
need to verify.
Will it save to/check internal DNS resolver cache first and if so how
many dns_querys can this handle before it starts to affect performance
or use excessive amounts of memory etc?
If not what can I use that uses the DNS resolver cache?
For what I am doing it would need to scale to many hundreds of DNS
Authenticated SIP trunks. So perhaps hundreds of querys/sec I suppose.
Perhaps many thousands of SIP extensions using those trunks but not
directly using DNS authentication themselves.
On 3/9/2015 4:27 AM, Daniel-Constantin Mierla wrote:
> Hello,
>
>
> On 08/03/15 21:38, canuck15 wrote:
>> Here is is the relevant section of kamailio.cfg
>>
>> $var(tempfU) = $fU;
>> #!ifdef WITH_IPAUTH
>> if((!is_method("REGISTER")) && allow_source_address() && $au == "")
>> {
>> # Loading $fU from database using IP
>>
>> sql_pvquery("elxpbx", "SELECT name FROM sip WHERE host = '$si'
>> AND sippasswd IS NULL", "$var(tempfU)");
>>
>> # source IP allowed
>> return;
>> }
>>
>> The problem is that when host= somefqdn.com the above will fail since
>> $si will always be an IP address as far as I can tell. More often
>> than not host= is a fqdn and requiring it to always be an IP address
>> is not an option. Converting it to IP before storing it in the DB is
>> also not an option because it needs to be able to work of the IP
>> address changes.
>>
>> So how can the above be done to accomodate the possibility that host=
>> somefqdn.com or an IP address. Preferably in such a way that it can
>> scale to hundreds/thousands of rows in the database without slowing
>> things down or crashing.
> as first remark, note that permissions module can work with hostanmes in
> the address table.
>
> On the other hand, having what you want might not work. If you want to
> test if a request comes from xyz.com, doing a dns query on xyz.com can
> return a different IP than what was used for sending. If xyz.com has
> many IP addresses associated with and they do load balancing, they are
> usually returning just a subset of their IP addresses, not all of them.
>
> In this case, the best is to discover the subnet addresses used by
> xyz.com and store them in the address table, then use permissions in the
> config.
>
> Otherwise, you can try by doing a query and extract all hostnames from
> the database with sqlops and then loop through them and test with the
> functions from ipops module. You must have a fast dns server in order to
> not slow down the processing in the case you have lots of hostnames.
>
> Cheers,
> Daniel
>
More information about the sr-users
mailing list