Hello,
On 03/27/08 19:37, Josh Mahonin wrote:
> Hi,
>
> I got the solution you recommended working, Daniel.
great.
> I'll look into
> cfgutils when I get some free time. Here is a snippet for doing range
> checking in-script for anyone who is interested. This checks if the IP
> lies in 172.20.62.0 / 24
>
> ---
> # Calculate decimal representation of our test range
> $var(tO1) = 172 * 16777216; # 256^3
> $var(tO2) = 20 * 65536; # 256^2
> $var(tO3) = 62 * 256;
> $var(tO4) = 0;
> $var(range1) = $var(tO1) + $var(tO2) + $var(tO3) + $var(tO4);
>
> # Create the net mask
> $var(net_mask1) = 255 * 16777216;
> $var(net_mask2) = 255 * 65536;
> $var(net_mask3) = 255 * 256;
> $var(net_mask) = $var(net_mask1) + $var(net_mask2) + $var(net_mask3);
>
> # Calculate the decimal value of each octet in $rd
> $var(cO1) = $(rd{s.select,0,.}{s.int}) * 16777216;
> $var(cO2) = $(rd{s.select,1,.}{s.int}) * 65536;
> $var(cO3) = $(rd{s.select,2,.}{s.int}) * 256;
> $var(cO4) = $(rd{s.select,3,.}{s.int});
>
> $var(remoteIP) = $var(cO1) + $var(cO2) + $var(cO3) + $var(cO4);
>
> # Calculate the network address of $rd by bitwise ANDing the remote IP
> and the net mask
> $var(net_addr) = $var(remoteIP) & $var(net_mask);
>
> $var(check1) = $var(net_addr) == $var(range1);
> ---
>
> A word to the wise, if you want to optimize this code and use
> precomputed values for range1 and netmask, don't do what I did and just
> use your calculator, then assign a variable to that value. If you
> assign a variable to a value greater than 2^32/2 (MAXINT), it will just
> be set to MAXINT, it will not rollover into the negatives and you will
> spend hours pulling your hair out wondering what's going on. You will
> actually need to log what value SER calculates and use that instead.
> (range1 = -1407959552 and netmask = -256 in my case).
>
right. It is a signed int in openser configuration file. Your solution
to log the value is a way to add some optimization.
Cheers,
Daniel
> Regards,
>
> Josh
>
> Daniel-Constantin Mierla wrote:
>
>> Hello,
>>
>> On 03/25/08 16:06, Josh Mahonin wrote:
>>
>>> Hi,
>>>
>>> I tried responding over the weekend, but I think my mail server ate the
>>> message, apologies if you receive duplicates.
>>>
>>> Thank you both Sergio and Daniel-Constantin, I was hoping someone else
>>> had encountered a similar problem! I like the idea of transforming and
>>> netmasking - I'm new to OpenSER, but don't mind contributing back to the
>>> community - if I was to create some sort of check_netmask /
>>> check_iprange function, is there a particular module, or core source
>>> file that this function would fit well in?
>>>
>>>
>> for going in a module, cfgutils can be a candidate.
>>
>> Cheers,
>> Daniel
>>
>>
>>> Regards,
>>>
>>> Josh
>>>
>>> Daniel-Constantin Mierla wrote:
>>>
>>>
>>>> Hello,
>>>>
>>>> it is another way, a bit more complex in the config file, but does not
>>>> require to execute external scripts.
>>>>
>>>> All you need is to play with transformations and arithmetic operations
>>>> in the config file. The idea is to convert to integer the IP addresses
>>>> apply bitmask and compare. Transformations that help:
>>>> - http://www.openser.org/dokuwiki/doku.php/transformations:devel#s.int
>>>> -
>>>> http://www.openser.org/dokuwiki/doku.php/transformations:devel#s.select_index_separator
>>>>
>>>>
>>>>
>>>> For example:
>>>> $rd = 23.34.56.78
>>>>
>>>> To get second number (34) as integer $(rd{s.select,1,.}{s.int})
>>>>
>>>> You transform the four parts in numbers, multiply each with the proper
>>>> value, make the sum and apply the bitwise 'and' operation with the
>>>> mask.
>>>>
>>>> Should get what you need.
>>>>
>>>> Cheers,
>>>> Daniel
>>>>
>>>>
>>>> On 03/21/08 03:41, Sergio Gutierrez wrote:
>>>>
>>>>
>>>>> Hi Josh.
>>>>>
>>>>> An approach we used is execute an external script through function
>>>>> exec_msg; the script receives as argument the source ip address, and
>>>>> by external means, it checks whether it belongs to a particular
>>>>> subnet, defined on a table in database or a file; we used PHP and a
>>>>> table in MySQL with the reference subnets.
>>>>>
>>>>> The script should return 0 or 1; when returns 0, exec_msg returns
>>>>> true, and when it returns 1; exec_msg returns false, so you can check
>>>>> it into an if statement.
>>>>>
>>>>> Hope it helps.
>>>>>
>>>>> Best regards.
>>>>>
>>>>> Sergio GutiƩrrez.
>>>>>
>>>>> On Thu, Mar 20, 2008 at 4:34 PM, Josh Mahonin <[EMAIL PROTECTED]
>>>>> <mailto:[EMAIL PROTECTED]>> wrote:
>>>>>
>>>>> Hi folks,
>>>>>
>>>>> In my setup, I've got two disjoint subnets (call then A and B)
>>>>> that
>>>>> cannot communicate directly to each other, but devices on each can
>>>>> both
>>>>> communicate to my OpenSER server and Asterisk box (both on
>>>>> their own
>>>>> subnet, C). There is no NAT involved, so I only want to use
>>>>> rtpproxy
>>>>> when it's the case that device from subnet A attempts to call a
>>>>> device
>>>>> on subnet B, or vice-versa.
>>>>>
>>>>> I would ideally not like to use rtp proxy for communication
>>>>> between A-C
>>>>> and A-B (this will enable RTP media between both subnets, but that
>>>>> solution will not scale very well...)
>>>>>
>>>>> I'm attempting do something like this:
>>>>>
>>>>> if (src_ip == a.b.c.d/24 && dst_ip == w.x.y.z/24)
>>>>> use rtp proxy
>>>>>
>>>>> But unfortunately, on an INVITE, after a lookup, dst_ip is set to
>>>>> the
>>>>> OpenSER server. The pseudovariable $rd is set to the value I'd
>>>>> like to
>>>>> check against, but it complains loudly when I attempt to
>>>>> substitute
>>>>> dst_ip for $rd.
>>>>>
>>>>> Is there any way to use avp_check() or the like to verify that the
>>>>> value
>>>>> in $rd lies in a given subnet? I don't want to match just one IP,
>>>>> but a
>>>>> whole range. I found a similar question on the SER mailing list
>>>>> asked
>>>>> several years ago, with no response.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Josh
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users@lists.openser.org <mailto:Users@lists.openser.org>
>>>>> http://lists.openser.org/cgi-bin/mailman/listinfo/users
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users@lists.openser.org
>>>>> http://lists.openser.org/cgi-bin/mailman/listinfo/users
>>>>>
>>>>>
>>>
>>>
>
>
_______________________________________________
Users mailing list
Users@lists.openser.org
http://lists.openser.org/cgi-bin/mailman/listinfo/users
