[OpenSIPS-Users] check if ip address belongs to ip and subnet subscriber

Edwin Haselhoff eahaselhoff at gmail.com
Thu Jan 30 12:21:36 CET 2014


Hi all,

For security reasons I want to check if the $si ip is part of ip and 
subnet of a subscriber so added '$(avp(sourceip)' and 
'$(avp(sourceip_mask)' to the subscriber table.
(I know I can use permissions module, but this is in cache and we like 
to make changes real time without haveing to reload the table in cache)

I tried something like this where sourceip_net and sourceip_mask is the 
ip subnet belonging to the subscriber:

$si = 10.100.5.42 (00001010000101000001111000101010)
$avp(sourceip_net) = 10.20.30.40; (00001010000101000001111000101000)
$avp(sourceip_mask) = 29;

if($si{ip.isip} && $(si{ip.pton}{s.substr,0,$avp(sourceip_mask)}) == 
$(avp(sourceip_net){ip.pton}{s.substr,0,$avp(sourceip_mask)}))
{
     xlog("L_INFO", " ip $si belongs to $au\n");
}
else
{
     xlog("L_INFO", " ip $si does not belong to $au\n");
     sl_send_reply("403", "Forbidden");
     exit;
}


So I expect the ip is valid and the comparison is true 
(00001010000101000001111000101 = 00001010000101000001111000101) but it 
doesn't seem to work like I expect.

It's difficult to output ip.pton to xlog (unreadable). Does it output a 
binary format like I expect?

Any ideas how to accomplish this?

Thanks,

Edwin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20140130/08a5bb78/attachment.htm>


More information about the Users mailing list