[SR-Users] subnet match

Daniel-Constantin Mierla miconda at gmail.com
Tue Apr 3 09:33:46 CEST 2018 

To conclude this discussion, I just pushed a commit to master branch
that masks also the value of the subnet address parameter. There was
also a github enhancement request in the tracker related to the same topic.

Cheers,
Daniel


On 14.03.18 16:56, Daniel-Constantin Mierla wrote:
>
> Hi Hugh,
>
> thanks for digging into it. I guess it would be safe to change the
> condition into:
>
> if ((ip->s_addr & ipv4_mask) == (net_addr.s_addr & ipv4_mask))
>
> to be more flexible in matching by providing full ip and its netmask.
> It should not break existing matching with masked subnet address.
>
> Anyone having a different opinion on this?
>
> Cheers,
> Daniel
>
> On 14.03.18 15:57, Hugh Waite wrote:
>> Hi,
>> It looks from the code that the subnet IP address must be masked.
>> https://github.com/kamailio/kamailio/blob/master/src/modules/ipops/ipops_mod.c#L393
>>
>> if ((ip->s_addr & ipv4_mask) == net_addr.s_addr)
>> return 1;
>> return 0;
>>
>> So 10.1.1.0/24 <http://10.1.1.0/24> will match 10.1.1.241
>> but 10.1.1.128/24 <http://10.1.1.128/24> will NOT match 10.1.1.241
>>
>> Regards,
>> Hugh
>>
>> On 14 March 2018 at 12:39, Daniel-Constantin Mierla
>> <miconda at gmail.com <mailto:miconda at gmail.com>> wrote:
>>
>>     Hello,
>>
>>     maybe it is what Hugh said in his response, respectively that the
>>     subnet
>>     needs to have the lowest bits masked.
>>
>>     Can you run with debug=3? Maybe ipops module writes more debug
>>     message
>>     to track it.
>>
>>     Cheers,
>>     Daniel
>>
>>
>>     On 14.03.18 13:33, volga629 at networklab.ca
>>     <mailto:volga629 at networklab.ca> wrote:
>>     > Hello Daniel,
>>     > I adjusted var to $dd and still not match
>>     >
>>     >        if(is_method("INVITE")) {
>>     >                #$avp(destIP)=$(du{s.select,1,:});
>>     >                #$avp(subnet) = $avp(destIP) + "/16";
>>     >                #xlog("L_INFO", "Initial Request: [$rm]
>>     destination ip
>>     > [$avp(destIP)] and sourceip [$si]\n");
>>     >                xlog("L_INFO", "Initial Request: [$rm]
>>     destination ip
>>     > [$dd] and sourceip [$si]\n");
>>     >                if(!is_in_subnet("$si", "$dd/16")) {
>>     >                        xlog("L_INFO", "Subnets not match processing
>>     > rtp...destination ip [$dd] and source ip [$si]\n");
>>     >                        route(RTP_MANAGE);
>>     >                }
>>     >        }
>>     >
>>     >
>>     > Mar 14 13:21:06 sbc00 /usr/sbin/kamailio[1104]: {1 2 INVITE
>>     > Edz14KmQgLQpO5L323Wodw..} INFO: <script>: Initial Request: [INVITE]
>>     > destination ip [10.0.1.241] and sourceip [10.0.1.242]
>>     > Mar 14 13:21:06 sbc00 /usr/sbin/kamailio[1104]: {1 2 INVITE
>>     > Edz14KmQgLQpO5L323Wodw..} INFO: <script>: Subnets not match
>>     processing
>>     > rtp...destination ip [10.0.1.241/16 <http://10.0.1.241/16>] and
>>     source ip [10.0.1.242]
>>     >
>>     >
>>     > Slava
>>     >
>>     > On Wed, Mar 14, 2018 at 6:19 AM, Daniel-Constantin Mierla
>>     > <miconda at gmail.com <mailto:miconda at gmail.com>> wrote:
>>     >> Hello,
>>     >>
>>     >>
>>     >> On 14.03.18 00:19, volga629 at networklab.ca
>>     <mailto:volga629 at networklab.ca> wrote:
>>     >>>  Hello Everyone,
>>     >>>  Not sure what I am missing, but can't match ip address to subnet
>>     >>>
>>     >>>  Log says
>>     >>>
>>     >>>   INFO: <script>: Subnets not match processing
>>     rtp...destination ip
>>     >>>  [10.0.1.242] and sourceip [10.0.1.241]
>>     >>>
>>     >>>
>>     >>>         if(is_method("INVITE")) {
>>     >>>                 $avp(destip)=$(du{s.select,1,:});
>>     >>>                 $avp(subnet) = $avp(destip) + "/16";
>>     >> if you want to get the host part (ip) of the $du, then just
>>     use $dd.
>>     >>
>>     >>>                 xlog("L_INFO", "Initial Request: [$rm]
>>     destination ip
>>     >>>  [$avp(destip)] and sourceip [$si]\n");
>>     >>>                 if(!is_in_subnet("$si", "$avp(subnet)")) {
>>     >>
>>     >> So instead of the above if, get rid of the avps and you can
>>     just use:
>>     >>
>>     >>                if(!is_in_subnet("$si", "$dd/16")) {
>>     >>
>>     >> Cheers,
>>     >> Daniel
>>     >>>                         xlog("L_INFO", "Subnets not match
>>     processing
>>     >>>  rtp...destination ip [$avp(subnet)] and source ip [$si]\n");
>>     >>>                         route(RTP_MANAGE);
>>     >>>                 }
>>     >>>         }
>>     >>>
>>     >>>
>>     >>>
>>     >>>  [root at prx00 ~]# rpm -qa | grep kamailio
>>     >>>  kamailio-mysql-5.1.2-2.git4c840b7e9.fc27.x86_64
>>     >>>  kamailio-5.1.2-2.git4c840b7e9.fc27.x86_64
>>     >>>
>>     >>>
>>     >>>  Slava.
>>     >>>
>>     >>>
>>     >>>  _______________________________________________
>>     >>>  Kamailio (SER) - Users Mailing List
>>     >>>  sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
>>     >>>  https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>     <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
>>     >>
>>     >> --
>>     >> Daniel-Constantin Mierla
>>     >> www.twitter.com/miconda <http://www.twitter.com/miconda> --
>>     www.linkedin.com/in/miconda <http://www.linkedin.com/in/miconda>
>>     >> Kamailio Advanced Training - April 16-18, 2018, Berlin -
>>     www.asipto.com <http://www.asipto.com>
>>     >> Kamailio World Conference - May 14-16, 2018 -
>>     www.kamailioworld.com <http://www.kamailioworld.com>
>>     >>
>>     >>
>>     >
>>
>>     --
>>     Daniel-Constantin Mierla
>>     www.twitter.com/miconda <http://www.twitter.com/miconda> --
>>     www.linkedin.com/in/miconda <http://www.linkedin.com/in/miconda>
>>     Kamailio Advanced Training - April 16-18, 2018, Berlin -
>>     www.asipto.com <http://www.asipto.com>
>>     Kamailio World Conference - May 14-16, 2018 -
>>     www.kamailioworld.com <http://www.kamailioworld.com>
>>
>>
>>     _______________________________________________
>>     Kamailio (SER) - Users Mailing List
>>     sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
>>     https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>     <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
>>
>>
>>
>>
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
> -- 
> Daniel-Constantin Mierla
> www.twitter.com/miconda -- www.linkedin.com/in/miconda
> Kamailio Advanced Training - April 16-18, 2018, Berlin - www.asipto.com
> Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com

-- 
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - April 16-18, 2018, Berlin - www.asipto.com
Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20180403/10626a5d/attachment.html>

More information about the sr-users mailing list