[SR-Users] Permissions sometimes does not find group
Daniel-Constantin Mierla
miconda at gmail.com
Tue May 18 12:18:04 CEST 2021
Hmm, do you have port set for the records in the address table? I notice
you print it in the log message...
Cheers,
Daniel
On 18.05.21 11:15, Romain Untereiner wrote:
> Hello Daniel,
>
> Thanks for your quick answer!
>
> I indeed need to identify the group ID too.
>
> Here’s how I handle it (inspired
> from https://kamailio.org/docs/modules/5.5.x/modules/permissions.html#permissions.f.allow_source_address
> <https://kamailio.org/docs/modules/5.5.x/modules/permissions.html#permissions.f.allow_source_address>):
>
> ‘''
> $var(group) = allow_source_address_group();
>
> if ($var(group) != -1) {
> xlog("L_INFO", "$si : $sp is allowed through group: $var(group)\n");
> [...]
> } else {
> xlog("L_INFO", "$si : $sp is not allowed -
> allow_source_address_group returned -1\n");
> xlog("L_INFO", "Rejecting $ci with 403 'Forbidden'\n");
> sl_send_reply("403", "Forbidden");
> exit;
> }
> ‘''
>
> Best regards,
>
> *Romain Untereiner*
> Co founder at /Cantoo/ <https://www.cantoo.co>
> www.cantoo.co <www.cantoo.co>
> Le 18 mai 2021 à 08:44 +0200, Daniel-Constantin Mierla
> <miconda at gmail.com>, a écrit :
>> Hello,
>>
>> On 17.05.21 12:11, Romain Untereiner wrote:
>>> Hello all,
>>>
>>> I am having some trouble with Permissions module of Kamailio,
>>> regarding the allow_source_address_group() function. In 99.9% of the
>>> cases the IP of our partner is allowed as expected, but randomly it
>>> can fail (returning -1 for the same IP address that was allowed for
>>> many other calls in the meantime).
>>>
>>> I can’t understand why it fails and why only « sometimes » - I confirm
>>> this append on the same Kamailio box, with same IP and Port of the
>>> partner.
>>>
>>> In my custom logs:
>>> « X.X.X.X:YYYY is allowed through group Z » —> as expected
>>> and sometimes (like 1% of the cases): « X.X.X.X:YYYY is not allowed
>>> - allow_source_address_group returned -1»
>>>
>>> It is maybe to note that in the address table, this range is defined
>>> as /24 and not /32. Until now it never happened on /32 defined address
>>> but I don’t know if it can be correlated.
>>>
>>> Would someone have a clue on this?
>>>
>>> Versions:
>>> - kamailio 5.5.0 (x86_64/linux) d4c1a1
>>> - debian 9 stretch
>>> - postgresql 11.7
>>
>> how do you test the return code of the function? Paste here the snippet
>> of the config where the function is used.
>>
>> Then, do you really need the goup id of the address or just to match the
>> address?
>>
>> Cheers,
>> Daniel
>>
>> --
>> Daniel-Constantin Mierla -- www.asipto.com
>> www.twitter.com/miconda -- www.linkedin.com/in/miconda
>> Kamailio Advanced Training - Online
>> May 17-20, 2021 (Europe Timezone) - June 7-10, 2021 (America Timezone)
>> * https://www.asipto.com/sw/kamailio-advanced-training-online/
>>
--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - Online
May 17-20, 2021 (Europe Timezone) - June 7-10, 2021 (America Timezone)
* https://www.asipto.com/sw/kamailio-advanced-training-online/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20210518/0d151569/attachment.htm>
More information about the sr-users
mailing list