[OpenSIPS-Users] check if ip address belongs to ip and subnet subscriber
Stefano Pisani
stefano.pisani at omnianet.it
Thu Jan 30 12:32:45 CET 2014
Hi,
use module permission.
s
Il 30/01/2014 12.21, Edwin Haselhoff ha scritto:
> Hi all,
>
> For security reasons I want to check if the $si ip is part of ip and
> subnet of a subscriber so added '$(avp(sourceip)' and
> '$(avp(sourceip_mask)' to the subscriber table.
> (I know I can use permissions module, but this is in cache and we like
> to make changes real time without haveing to reload the table in cache)
>
> I tried something like this where sourceip_net and sourceip_mask is
> the ip subnet belonging to the subscriber:
>
> $si = 10.100.5.42 (00001010000101000001111000101010)
> $avp(sourceip_net) = 10.20.30.40; (00001010000101000001111000101000)
> $avp(sourceip_mask) = 29;
>
> if($si{ip.isip} && $(si{ip.pton}{s.substr,0,$avp(sourceip_mask)}) ==
> $(avp(sourceip_net){ip.pton}{s.substr,0,$avp(sourceip_mask)}))
> {
> xlog("L_INFO", " ip $si belongs to $au\n");
> }
> else
> {
> xlog("L_INFO", " ip $si does not belong to $au\n");
> sl_send_reply("403", "Forbidden");
> exit;
> }
>
>
> So I expect the ip is valid and the comparison is true
> (00001010000101000001111000101 = 00001010000101000001111000101) but it
> doesn't seem to work like I expect.
>
> It's difficult to output ip.pton to xlog (unreadable). Does it output
> a binary format like I expect?
>
> Any ideas how to accomplish this?
>
> Thanks,
>
> Edwin
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20140130/308c0a45/attachment.htm>
More information about the Users
mailing list