[OpenSER-Users] How to check if $rd lies in an IP range
Josh Mahonin
jmahonin at cbnco.com
Thu Mar 27 18:37:53 CET 2008
Hi,
I got the solution you recommended working, Daniel. I'll look into
cfgutils when I get some free time. Here is a snippet for doing range
checking in-script for anyone who is interested. This checks if the IP
lies in 172.20.62.0 / 24
---
# Calculate decimal representation of our test range
$var(tO1) = 172 * 16777216; # 256^3
$var(tO2) = 20 * 65536; # 256^2
$var(tO3) = 62 * 256;
$var(tO4) = 0;
$var(range1) = $var(tO1) + $var(tO2) + $var(tO3) + $var(tO4);
# Create the net mask
$var(net_mask1) = 255 * 16777216;
$var(net_mask2) = 255 * 65536;
$var(net_mask3) = 255 * 256;
$var(net_mask) = $var(net_mask1) + $var(net_mask2) + $var(net_mask3);
# Calculate the decimal value of each octet in $rd
$var(cO1) = $(rd{s.select,0,.}{s.int}) * 16777216;
$var(cO2) = $(rd{s.select,1,.}{s.int}) * 65536;
$var(cO3) = $(rd{s.select,2,.}{s.int}) * 256;
$var(cO4) = $(rd{s.select,3,.}{s.int});
$var(remoteIP) = $var(cO1) + $var(cO2) + $var(cO3) + $var(cO4);
# Calculate the network address of $rd by bitwise ANDing the remote IP
and the net mask
$var(net_addr) = $var(remoteIP) & $var(net_mask);
$var(check1) = $var(net_addr) == $var(range1);
---
A word to the wise, if you want to optimize this code and use
precomputed values for range1 and netmask, don't do what I did and just
use your calculator, then assign a variable to that value. If you
assign a variable to a value greater than 2^32/2 (MAXINT), it will just
be set to MAXINT, it will not rollover into the negatives and you will
spend hours pulling your hair out wondering what's going on. You will
actually need to log what value SER calculates and use that instead.
(range1 = -1407959552 and netmask = -256 in my case).
Regards,
Josh
Daniel-Constantin Mierla wrote:
> Hello,
>
> On 03/25/08 16:06, Josh Mahonin wrote:
>> Hi,
>>
>> I tried responding over the weekend, but I think my mail server ate the
>> message, apologies if you receive duplicates.
>>
>> Thank you both Sergio and Daniel-Constantin, I was hoping someone else
>> had encountered a similar problem! I like the idea of transforming and
>> netmasking - I'm new to OpenSER, but don't mind contributing back to the
>> community - if I was to create some sort of check_netmask /
>> check_iprange function, is there a particular module, or core source
>> file that this function would fit well in?
>>
> for going in a module, cfgutils can be a candidate.
>
> Cheers,
> Daniel
>
>> Regards,
>>
>> Josh
>>
>> Daniel-Constantin Mierla wrote:
>>
>>> Hello,
>>>
>>> it is another way, a bit more complex in the config file, but does not
>>> require to execute external scripts.
>>>
>>> All you need is to play with transformations and arithmetic operations
>>> in the config file. The idea is to convert to integer the IP addresses
>>> apply bitmask and compare. Transformations that help:
>>> - http://www.openser.org/dokuwiki/doku.php/transformations:devel#s.int
>>> -
>>> http://www.openser.org/dokuwiki/doku.php/transformations:devel#s.select_index_separator
>>>
>>>
>>>
>>> For example:
>>> $rd = 23.34.56.78
>>>
>>> To get second number (34) as integer $(rd{s.select,1,.}{s.int})
>>>
>>> You transform the four parts in numbers, multiply each with the proper
>>> value, make the sum and apply the bitwise 'and' operation with the
>>> mask.
>>>
>>> Should get what you need.
>>>
>>> Cheers,
>>> Daniel
>>>
>>>
>>> On 03/21/08 03:41, Sergio Gutierrez wrote:
>>>
>>>> Hi Josh.
>>>>
>>>> An approach we used is execute an external script through function
>>>> exec_msg; the script receives as argument the source ip address, and
>>>> by external means, it checks whether it belongs to a particular
>>>> subnet, defined on a table in database or a file; we used PHP and a
>>>> table in MySQL with the reference subnets.
>>>>
>>>> The script should return 0 or 1; when returns 0, exec_msg returns
>>>> true, and when it returns 1; exec_msg returns false, so you can check
>>>> it into an if statement.
>>>>
>>>> Hope it helps.
>>>>
>>>> Best regards.
>>>>
>>>> Sergio Gutiérrez.
>>>>
>>>> On Thu, Mar 20, 2008 at 4:34 PM, Josh Mahonin <jmahonin at cbnco.com
>>>> <mailto:jmahonin at cbnco.com>> wrote:
>>>>
>>>> Hi folks,
>>>>
>>>> In my setup, I've got two disjoint subnets (call then A and B)
>>>> that
>>>> cannot communicate directly to each other, but devices on each can
>>>> both
>>>> communicate to my OpenSER server and Asterisk box (both on
>>>> their own
>>>> subnet, C). There is no NAT involved, so I only want to use
>>>> rtpproxy
>>>> when it's the case that device from subnet A attempts to call a
>>>> device
>>>> on subnet B, or vice-versa.
>>>>
>>>> I would ideally not like to use rtp proxy for communication
>>>> between A-C
>>>> and A-B (this will enable RTP media between both subnets, but that
>>>> solution will not scale very well...)
>>>>
>>>> I'm attempting do something like this:
>>>>
>>>> if (src_ip == a.b.c.d/24 && dst_ip == w.x.y.z/24)
>>>> use rtp proxy
>>>>
>>>> But unfortunately, on an INVITE, after a lookup, dst_ip is set to
>>>> the
>>>> OpenSER server. The pseudovariable $rd is set to the value I'd
>>>> like to
>>>> check against, but it complains loudly when I attempt to
>>>> substitute
>>>> dst_ip for $rd.
>>>>
>>>> Is there any way to use avp_check() or the like to verify that the
>>>> value
>>>> in $rd lies in a given subnet? I don't want to match just one IP,
>>>> but a
>>>> whole range. I found a similar question on the SER mailing list
>>>> asked
>>>> several years ago, with no response.
>>>>
>>>> Thanks,
>>>>
>>>> Josh
>>>>
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at lists.openser.org <mailto:Users at lists.openser.org>
>>>> http://lists.openser.org/cgi-bin/mailman/listinfo/users
>>>>
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at lists.openser.org
>>>> http://lists.openser.org/cgi-bin/mailman/listinfo/users
>>>>
>>
>>
More information about the Users
mailing list