[OpenSIPS-Users] Issue with permission module in opensip 1.6

Jai Rangi jprangi at gmail.com
Fri Dec 11 11:49:50 CET 2009


Yes, Now I am not getting that issue any more. The change in hash table
fixed the issue.
Thanks a lot.

For  printing warning I changed this
LM_DBG("invalid ip field in address table, ignoring entry %d, %s\n", i,
str_src_ip.s);
to
LM_WARN("invalid ip field in address table, ignoring entry %d, %s\n", i,
str_src_ip.s);

I like the fact that this will spit the warning in log file even I am not
running in debug more.

Will do some more testing.

Again thank you so much.

-Jai



On Fri, Dec 11, 2009 at 1:46 AM, Irina Stanescu <istanescu at opensips.org>wrote:

> Hi Jai,
>
> As you suggested, i added the id of the entry to the debug info for
> ignored entries .
>
> Also, i committed a fix for the other problem you had with
> check_source_address. Please update from SVN and let me know if you find
> any other issues.
>
>
> Regards,
> Irina Stanescu
>
>
> Jai Rangi wrote:
> > Excellent, I owe you one.
> >
> > As always users always want more and more ;)
> > I got this in the logs when I try to
> > Dec 10 13:55:02 [11176] DBG:permissions:reload_address_table: invalid
> > ip field in address table, ignoring entry 0
> > Dec 10 13:55:02 [11176] DBG:permissions:reload_address_table: invalid
> > ip field in address table, ignoring entry 1
> >
> > Here ID or IPAddress will be more useful for debugging purpose.
> >
> > Here is the trace for the failing call form same IP.
> >
> > Dec 10 14:03:09 [11772] DBG:core:parse_via: end of header reached,
> state=5
> > Dec 10 14:03:09 [11772] DBG:core:parse_headers: via found, flags=200
> > Dec 10 14:03:09 [11772] DBG:core:get_hdr_field: content_length=235
> > Dec 10 14:03:09 [11772] DBG:core:get_hdr_field: found end of header
> > Dec 10 14:03:09 [11772] DBG:rr:find_first_route: No Route headers found
> > Dec 10 14:03:09 [11772] DBG:rr:loose_route: There is no Route HF
> >  source ip is 65.211.120.237 and protocol is udp avp is <null>
> > Dec 10 14:03:09 [11772] DBG:permissions:check_src_addr_3: Looking for
> > : <0, 65.211.120.237, 5060, 1> in tables
> > Dec 10 14:03:09 [11772] DBG:permissions:hash_match: no match in the
> > hash table
> > Dec 10 14:03:09 [11772] DBG:permissions:match_subnet_table: subnet
> > table is empty
> > Monitor Request not from trusted source from
> > sip:+19496794816 at 199.173.94.144:5060;user=phone to
> > sip:+19493334879 at 209.216.2.213:5060;user=phone;transport=UDP from IP
> > 65.211.120.237 Dec 10 14:03:09 [11772] DBG:core:parse_headers:
> > flags=ffffffffffffffff
> > Dec 10 14:03:09 [11772] DBG:core:parse_headers: flags=ffffffffffffffff
> > Dec 10 14:03:09 [11772] DBG:core:check_ip_address: params
> > 65.211.120.237, 65.211.120.237, 0
> > Dec 10 14:03:09 [11772] DBG:core:destroy_avp_list: destroying list (nil)
> > Dec 10 14:03:09 [11772] DBG:core:receive_msg: cleaning up
> > Dec 10 14:03:09 [11771] DBG:core:parse_msg: SIP Request:
> >
> > Dump from address cache
> >  ../../sbin/opensipsctl fifo address_dump | grep "65.211.120.237"
> >   12 <65.211.120.237,0, 0, 0, ^sip:.*$, NULL>
> >
> > Code in cfg file
> >  xlog(" source ip is $si and protocol is $proto avp is $avp(i:9)");
> >  if (check_source_address("0","$avp(i:9)")) {
> >
> > Same Call from other IP works juts IP
> >
> > Dec 10 14:08:16 [11776] DBG:rr:loose_route: There is no Route HF
> >  source ip is 65.217.40.210 and protocol is udp avp is <null>
> > Dec 10 14:08:16 [11776] DBG:permissions:check_src_addr_3: Looking for
> > : <0, 65.217.40.210, 5060, 1> in tables
> > Dec 10 14:08:16 [11776] DBG:permissions:hash_match: match found in the
> > hash table
> >
> > ../../sbin/opensipsctl fifo address_dump | grep "65.217.40.210"
> >    9 <65.217.40.210,0, 0, 0, ^sip:.*$, NULL>
> >
> > Best,
> >
> > -Jai
> >
> > On Thu, Dec 10, 2009 at 8:19 AM, Irina Stanescu
> > <istanescu at opensips.org <mailto:istanescu at opensips.org>> wrote:
> >
> >     Hi Jai,
> >
> >     I modified the permissions module so that now any invalid db entry
> >     from
> >     the address table is skipped.
> >     I committed the change on trunk and also on the 1.6 branch.
> >
> >     About the other issue you have found, what does the log say?
> >
> >
> >
> >     Regards,
> >     Irina Stanescu
> >
> >
> >     Jai Rangi wrote:
> >     > Bogda,
> >     > Wow that was quick. Thank you,
> >     >
> >     > I found one more issue,
> >     > I have this entry in address table
> >     > 944   0       65.211.120.237  32      0       any     ^sip:.*$
> >          /NULL/  0       some
> >     > descriptiond
> >     >
> >     >
> >     > Here is a check in my route block
> >     >  if (check_source_address("0","$avp(i:9)")) {
> >     >    t_rely();
> >     > } else {
> >     >   xlog("Monitor Request not from trusted source from $fu to $ru
> from
> >     > IP $si ");
> >     >    sl_send_reply("403", "Forbidden, we dont trust you");
> >     > }
> >     >
> >     > ../../sbin/opensipsctl fifo address_dump | grep "65.211.120.237"
> >     >
> >     > 12 <65.211.120.237,0, 0, 0, ^sip:.*$, NULL>
> >     >
> >     > I always get 403.
> >     > Is there a limit in address table.
> >     >
> >     > -Jai
> >     >
> >     >
> >     > On Thu, Dec 10, 2009 at 12:24 AM, Bogdan-Andrei Iancu
> >     > <bogdan at voice-system.ro <mailto:bogdan at voice-system.ro>
> >     <mailto:bogdan at voice-system.ro <mailto:bogdan at voice-system.ro>>>
> >     wrote:
> >     >
> >     >     Hi Jai,
> >     >
> >     >     I think you are correct - the permission table should also
> >     be more
> >     >     permissive when comes to the errors and skip bogus entries.
> >     I will ask
> >     >     the maintainer (Irina) to fix this problem.
> >     >
> >     >     Thanks for the report,
> >     >     Bogdan
> >     >
> >     >     Jai Rangi wrote:
> >     >     > Not sure if this this the right place for this post. May
> >     be I should
> >     >     > post it on developers mailing list.  Please suggest.
> >     >     >
> >     >     > Just installed opensip1.6 with Mysql, drouting and
> permissions
> >     >     module.
> >     >     > Did not take long to get it configure and get it going.
> >     >     Documentations
> >     >     > is wonderful.
> >     >     > While testing I noticed that,
> >     >     >
> >     >     > 1. If there is any invalid entry in dr_routing tables, and
> >     I reload
> >     >     > the dr_routing it spit the error for the mistyped/wrong
> >     entry and
> >     >     > loads rest of the valid entries. Same thing with startup.
> >     >     Opensip will
> >     >     > start up just fine even if there are some invalid rules in
> >     the table
> >     >     > and throws the error with ruleid.
> >     >     >
> >     >     > 2. On the other hand address table does not work that way. If
> >     >     there is
> >     >     > any space (Typo) in the IP address, opensip wont start and
> >     wont
> >     >     reload
> >     >     > the address table.
> >     >     > I have to put the valid IP address, there is not option
> >     for dynamic
> >     >     > domain names. (For people who does not have static IP).
> >     Not only
> >     >     that
> >     >     > it does not even tell which IP has a problem that makes it
> >     even
> >     >     harder
> >     >     > to debug when you have thousands of IPs in the trusted
> tables.
> >     >     >
> >     >     > I was wondering if there is a work around for this. I
> >     would like
> >     >     > opensip to startup (or successful address_reload) with all
> >     the valid
> >     >     > entries and throw an error for invalid entries. Also
> >     having the
> >     >     > ability to add an domain would be nice.
> >     >     >
> >     >     > Any thoughts??
> >     >     >
> >     >     > -Jai
> >     >     >
> >     >     >
> >     >     >
> >     >     >
> >     >     >
> >     >     >
> >     >     >
> >     >
> >
> ------------------------------------------------------------------------
> >     >     >
> >     >     > _______________________________________________
> >     >     > Users mailing list
> >     >     > Users at lists.opensips.org <mailto:Users at lists.opensips.org>
> >     <mailto:Users at lists.opensips.org <mailto:Users at lists.opensips.org>>
> >     >     > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >     >     >
> >     >
> >     >
> >     >     --
> >     >     Bogdan-Andrei Iancu
> >     >     www.voice-system.ro <http://www.voice-system.ro>
> >     <http://www.voice-system.ro>
> >     >
> >     >
> >     >     _______________________________________________
> >     >     Users mailing list
> >     >     Users at lists.opensips.org <mailto:Users at lists.opensips.org>
> >     <mailto:Users at lists.opensips.org <mailto:Users at lists.opensips.org>>
> >     >     http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >     >
> >     >
> >     >
> >
> ------------------------------------------------------------------------
> >     >
> >     > _______________________________________________
> >     > Users mailing list
> >     > Users at lists.opensips.org <mailto:Users at lists.opensips.org>
> >     > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >     >
> >
> >
> >     _______________________________________________
> >     Users mailing list
> >     Users at lists.opensips.org <mailto:Users at lists.opensips.org>
> >     http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.opensips.org
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20091211/d49e2fdc/attachment-0001.htm 


More information about the Users mailing list