[OpenSIPS-Users] check_source_address not working in 1.9
Hi all, i am facing issue on using check_source_address Opensips v. : OpenSIPS (1.9.0-notls (i386/linux)) Database entries: mysql select * from address; ++-+---+--+--+---+-+--+ | id | grp | ip| mask | port | proto | pattern | context_info | ++-+---+--+--+---+-+--+ | 6 | 0 | 10.9.6.3 | 24 |0 | ANY | | | | 5 | 0 | 172.16.55.201 | 24 |0 | ANY | | | ++-+---+--+--+---+-+--+ Subnet Dump: root@opensips:./opensipsctl fifo subnet_dump 0 0, 10.9.6.0, 255.255.255.0, 0 1 0, 172.16.55.0, 255.255.255.0, 0 Address Relod log; Apr 10 10:50:44 opensips /usr/local/opensips_proxy_1.9.0/sbin/opensips[2812]: DBG:permissions:reload_address_table: number of rows in address table: 2 Apr 10 10:50:44 opensips /usr/local/opensips_proxy_1.9.0/sbin/opensips[2812]: DBG:permissions:reload_address_table: Tuple 10.9.6.3, 0, 24, 0 inserted into subnet table Apr 10 10:50:44 opensips /usr/local/opensips_proxy_1.9.0/sbin/opensips[2812]: DBG:permissions:reload_address_table: Tuple 172.16.55.201, 0, 24, 0 inserted into subnet table Apr 10 10:50:44 opensips /usr/local/opensips_proxy_1.9.0/sbin/opensips[2812]: DBG:permissions:reload_address_table: address table reloaded successfully. Call logs: Apr 10 10:52:00 opensips /usr/local/opensips_proxy_1.9.0/sbin/opensips[2819]: DBG:permissions:check_src_addr_3: Looking for : 0, 172.16.55.201, 53109, 2 in tables Apr 10 10:52:00 opensips /usr/local/opensips_proxy_1.9.0/sbin/opensips[2819]: DBG:permissions:hash_match: no match in the hash table Apr 10 10:52:00 opensips /usr/local/opensips_proxy_1.9.0/sbin/opensips[2819]: DBG:permissions:match_subnet_table: match found in the subnet table Snippet of code: if(!check_source_address(0)){ if (!proxy_authorize(, subscriber)) { proxy_challenge(, 0); exit; Any idea? Regards -- View this message in context: http://opensips-open-sip-server.1449251.n2.nabble.com/check-source-address-not-working-in-1-9-tp7585808.html Sent from the OpenSIPS - Users mailing list archive at Nabble.com. ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] check_source_address not working in 1.9
Hello, I see the logs saying : DBG:permissions:match_subnet_table: match found in the subnet table Have you checked the return code of the function, at script level ? it is true or false ? Regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer http://www.opensips-solutions.com On 04/12/2013 12:36 PM, spady wrote: Hi all, i am facing issue on using check_source_address Opensips v. : OpenSIPS (1.9.0-notls (i386/linux)) Database entries: mysql select * from address; ++-+---+--+--+---+-+--+ | id | grp | ip| mask | port | proto | pattern | context_info | ++-+---+--+--+---+-+--+ | 6 | 0 | 10.9.6.3 | 24 |0 | ANY | | | | 5 | 0 | 172.16.55.201 | 24 |0 | ANY | | | ++-+---+--+--+---+-+--+ Subnet Dump: root@opensips:./opensipsctl fifo subnet_dump 00, 10.9.6.0, 255.255.255.0, 0 10, 172.16.55.0, 255.255.255.0, 0 Address Relod log; Apr 10 10:50:44 opensips /usr/local/opensips_proxy_1.9.0/sbin/opensips[2812]: DBG:permissions:reload_address_table: number of rows in address table: 2 Apr 10 10:50:44 opensips /usr/local/opensips_proxy_1.9.0/sbin/opensips[2812]: DBG:permissions:reload_address_table: Tuple10.9.6.3, 0, 24, 0 inserted into subnet table Apr 10 10:50:44 opensips /usr/local/opensips_proxy_1.9.0/sbin/opensips[2812]: DBG:permissions:reload_address_table: Tuple172.16.55.201, 0, 24, 0 inserted into subnet table Apr 10 10:50:44 opensips /usr/local/opensips_proxy_1.9.0/sbin/opensips[2812]: DBG:permissions:reload_address_table: address table reloaded successfully. Call logs: Apr 10 10:52:00 opensips /usr/local/opensips_proxy_1.9.0/sbin/opensips[2819]: DBG:permissions:check_src_addr_3: Looking for :0, 172.16.55.201, 53109, 2 in tables Apr 10 10:52:00 opensips /usr/local/opensips_proxy_1.9.0/sbin/opensips[2819]: DBG:permissions:hash_match: no match in the hash table Apr 10 10:52:00 opensips /usr/local/opensips_proxy_1.9.0/sbin/opensips[2819]: DBG:permissions:match_subnet_table: match found in the subnet table Snippet of code: if(!check_source_address(0)){ if (!proxy_authorize(, subscriber)) { proxy_challenge(, 0); exit; Any idea? Regards -- View this message in context: http://opensips-open-sip-server.1449251.n2.nabble.com/check-source-address-not-working-in-1-9-tp7585808.html Sent from the OpenSIPS - Users mailing list archive at Nabble.com. ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] check_source_address not working in 1.9
Hi Bogdan, here snippet of used code: *if(!check_source_address(0)){ xlog(LOG: Controllo dell'IP sorgente!\n ); if (!proxy_authorize(, subscriber)) { proxy_challenge(, 0); exit; } } if (!db_check_from()) { sl_send_reply(403,Forbidden auth ID); exit; } consume_credentials(); * Using this i get *403 Forbidden auth ID* Using this: *if(check_source_address(0))*{ xlog(LOG: Controllo dell'IP sorgente!\n ); if (!proxy_authorize(, subscriber)) { proxy_challenge(, 0); exit; } } if (!db_check_from()) { sl_send_reply(403,Forbidden auth ID); exit; } consume_credentials(); i get: 407 Unauthorized!! -- View this message in context: http://opensips-open-sip-server.1449251.n2.nabble.com/check-source-address-not-working-in-1-9-tp7585808p7585810.html Sent from the OpenSIPS - Users mailing list archive at Nabble.com. ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] check_source_address not working in 1.9
Hello, I'm a bit confused, as what you are claiming is a bit of a nonces - you say that is with NOT or without, for the same src IP, you end up in the if() block all the time ?!?! Regards, Bogdan-Andrei Iancu OpenSIPS Founder and Developer http://www.opensips-solutions.com On 04/12/2013 03:41 PM, spady wrote: Hi Bogdan, here snippet of used code: *if(!check_source_address(0)){ xlog(LOG: Controllo dell'IP sorgente!\n ); if (!proxy_authorize(, subscriber)) { proxy_challenge(, 0); exit; } } if (!db_check_from()) { sl_send_reply(403,Forbidden auth ID); exit; } consume_credentials(); * Using this i get *403 Forbidden auth ID* Using this: *if(check_source_address(0))*{ xlog(LOG: Controllo dell'IP sorgente!\n ); if (!proxy_authorize(, subscriber)) { proxy_challenge(, 0); exit; } } if (!db_check_from()) { sl_send_reply(403,Forbidden auth ID); exit; } consume_credentials(); i get: 407 Unauthorized!! -- View this message in context: http://opensips-open-sip-server.1449251.n2.nabble.com/check-source-address-not-working-in-1-9-tp7585808p7585810.html Sent from the OpenSIPS - Users mailing list archive at Nabble.com. ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users