Yes, Now I am not getting that issue any more. The change in hash table fixed the issue. Thanks a lot.
For printing warning I changed this LM_DBG("invalid ip field in address table, ignoring entry %d, %s\n", i, str_src_ip.s); to LM_WARN("invalid ip field in address table, ignoring entry %d, %s\n", i, str_src_ip.s); I like the fact that this will spit the warning in log file even I am not running in debug more. Will do some more testing. Again thank you so much. -Jai On Fri, Dec 11, 2009 at 1:46 AM, Irina Stanescu <istane...@opensips.org>wrote: > Hi Jai, > > As you suggested, i added the id of the entry to the debug info for > ignored entries . > > Also, i committed a fix for the other problem you had with > check_source_address. Please update from SVN and let me know if you find > any other issues. > > > Regards, > Irina Stanescu > > > Jai Rangi wrote: > > Excellent, I owe you one. > > > > As always users always want more and more ;) > > I got this in the logs when I try to > > Dec 10 13:55:02 [11176] DBG:permissions:reload_address_table: invalid > > ip field in address table, ignoring entry 0 > > Dec 10 13:55:02 [11176] DBG:permissions:reload_address_table: invalid > > ip field in address table, ignoring entry 1 > > > > Here ID or IPAddress will be more useful for debugging purpose. > > > > Here is the trace for the failing call form same IP. > > > > Dec 10 14:03:09 [11772] DBG:core:parse_via: end of header reached, > state=5 > > Dec 10 14:03:09 [11772] DBG:core:parse_headers: via found, flags=200 > > Dec 10 14:03:09 [11772] DBG:core:get_hdr_field: content_length=235 > > Dec 10 14:03:09 [11772] DBG:core:get_hdr_field: found end of header > > Dec 10 14:03:09 [11772] DBG:rr:find_first_route: No Route headers found > > Dec 10 14:03:09 [11772] DBG:rr:loose_route: There is no Route HF > > source ip is 65.211.120.237 and protocol is udp avp is <null> > > Dec 10 14:03:09 [11772] DBG:permissions:check_src_addr_3: Looking for > > : <0, 65.211.120.237, 5060, 1> in tables > > Dec 10 14:03:09 [11772] DBG:permissions:hash_match: no match in the > > hash table > > Dec 10 14:03:09 [11772] DBG:permissions:match_subnet_table: subnet > > table is empty > > Monitor Request not from trusted source from > > sip:+19496794...@199.173.94.144:5060;user=phone to > > sip:+19493334...@209.216.2.213:5060;user=phone;transport=UDP from IP > > 65.211.120.237 Dec 10 14:03:09 [11772] DBG:core:parse_headers: > > flags=ffffffffffffffff > > Dec 10 14:03:09 [11772] DBG:core:parse_headers: flags=ffffffffffffffff > > Dec 10 14:03:09 [11772] DBG:core:check_ip_address: params > > 65.211.120.237, 65.211.120.237, 0 > > Dec 10 14:03:09 [11772] DBG:core:destroy_avp_list: destroying list (nil) > > Dec 10 14:03:09 [11772] DBG:core:receive_msg: cleaning up > > Dec 10 14:03:09 [11771] DBG:core:parse_msg: SIP Request: > > > > Dump from address cache > > ../../sbin/opensipsctl fifo address_dump | grep "65.211.120.237" > > 12 <65.211.120.237,0, 0, 0, ^sip:.*$, NULL> > > > > Code in cfg file > > xlog(" source ip is $si and protocol is $proto avp is $avp(i:9)"); > > if (check_source_address("0","$avp(i:9)")) { > > > > Same Call from other IP works juts IP > > > > Dec 10 14:08:16 [11776] DBG:rr:loose_route: There is no Route HF > > source ip is 65.217.40.210 and protocol is udp avp is <null> > > Dec 10 14:08:16 [11776] DBG:permissions:check_src_addr_3: Looking for > > : <0, 65.217.40.210, 5060, 1> in tables > > Dec 10 14:08:16 [11776] DBG:permissions:hash_match: match found in the > > hash table > > > > ../../sbin/opensipsctl fifo address_dump | grep "65.217.40.210" > > 9 <65.217.40.210,0, 0, 0, ^sip:.*$, NULL> > > > > Best, > > > > -Jai > > > > On Thu, Dec 10, 2009 at 8:19 AM, Irina Stanescu > > <istane...@opensips.org <mailto:istane...@opensips.org>> wrote: > > > > Hi Jai, > > > > I modified the permissions module so that now any invalid db entry > > from > > the address table is skipped. > > I committed the change on trunk and also on the 1.6 branch. > > > > About the other issue you have found, what does the log say? > > > > > > > > Regards, > > Irina Stanescu > > > > > > Jai Rangi wrote: > > > Bogda, > > > Wow that was quick. Thank you, > > > > > > I found one more issue, > > > I have this entry in address table > > > 944 0 65.211.120.237 32 0 any ^sip:.*$ > > /NULL/ 0 some > > > descriptiond > > > > > > > > > Here is a check in my route block > > > if (check_source_address("0","$avp(i:9)")) { > > > t_rely(); > > > } else { > > > xlog("Monitor Request not from trusted source from $fu to $ru > from > > > IP $si "); > > > sl_send_reply("403", "Forbidden, we dont trust you"); > > > } > > > > > > ../../sbin/opensipsctl fifo address_dump | grep "65.211.120.237" > > > > > > 12 <65.211.120.237,0, 0, 0, ^sip:.*$, NULL> > > > > > > I always get 403. > > > Is there a limit in address table. > > > > > > -Jai > > > > > > > > > On Thu, Dec 10, 2009 at 12:24 AM, Bogdan-Andrei Iancu > > > <bog...@voice-system.ro <mailto:bog...@voice-system.ro> > > <mailto:bog...@voice-system.ro <mailto:bog...@voice-system.ro>>> > > wrote: > > > > > > Hi Jai, > > > > > > I think you are correct - the permission table should also > > be more > > > permissive when comes to the errors and skip bogus entries. > > I will ask > > > the maintainer (Irina) to fix this problem. > > > > > > Thanks for the report, > > > Bogdan > > > > > > Jai Rangi wrote: > > > > Not sure if this this the right place for this post. May > > be I should > > > > post it on developers mailing list. Please suggest. > > > > > > > > Just installed opensip1.6 with Mysql, drouting and > permissions > > > module. > > > > Did not take long to get it configure and get it going. > > > Documentations > > > > is wonderful. > > > > While testing I noticed that, > > > > > > > > 1. If there is any invalid entry in dr_routing tables, and > > I reload > > > > the dr_routing it spit the error for the mistyped/wrong > > entry and > > > > loads rest of the valid entries. Same thing with startup. > > > Opensip will > > > > start up just fine even if there are some invalid rules in > > the table > > > > and throws the error with ruleid. > > > > > > > > 2. On the other hand address table does not work that way. If > > > there is > > > > any space (Typo) in the IP address, opensip wont start and > > wont > > > reload > > > > the address table. > > > > I have to put the valid IP address, there is not option > > for dynamic > > > > domain names. (For people who does not have static IP). > > Not only > > > that > > > > it does not even tell which IP has a problem that makes it > > even > > > harder > > > > to debug when you have thousands of IPs in the trusted > tables. > > > > > > > > I was wondering if there is a work around for this. I > > would like > > > > opensip to startup (or successful address_reload) with all > > the valid > > > > entries and throw an error for invalid entries. Also > > having the > > > > ability to add an domain would be nice. > > > > > > > > Any thoughts?? > > > > > > > > -Jai > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > _______________________________________________ > > > > Users mailing list > > > > Users@lists.opensips.org <mailto:Users@lists.opensips.org> > > <mailto:Users@lists.opensips.org <mailto:Users@lists.opensips.org>> > > > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > > > > > > > > > > > -- > > > Bogdan-Andrei Iancu > > > www.voice-system.ro <http://www.voice-system.ro> > > <http://www.voice-system.ro> > > > > > > > > > _______________________________________________ > > > Users mailing list > > > Users@lists.opensips.org <mailto:Users@lists.opensips.org> > > <mailto:Users@lists.opensips.org <mailto:Users@lists.opensips.org>> > > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > _______________________________________________ > > > Users mailing list > > > Users@lists.opensips.org <mailto:Users@lists.opensips.org> > > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > > > > > > > _______________________________________________ > > Users mailing list > > Users@lists.opensips.org <mailto:Users@lists.opensips.org> > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Users mailing list > > Users@lists.opensips.org > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > > > _______________________________________________ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users >
_______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users