[OpenSIPS-Users] check if ip address belongs to ip and subnet subscriber

Stefano Pisani stefano.pisani at omnianet.it
Thu Jan 30 20:30:26 CET 2014


You can create an external perl script that to the job.

Il 30/01/2014 12.38, Edwin Haselhoff ha scritto:
> Stefano,
>
> I tested the permission module but changes to the table are not 'real 
> time', I have to reload the table every time (or did I miss something?).
>
>
>
> Stefano Pisani schreef op 30-1-2014 12:32:
>> Hi,
>> use module permission.
>>
>> s
>>
>> Il 30/01/2014 12.21, Edwin Haselhoff ha scritto:
>>> Hi all,
>>>
>>> For security reasons I want to check if the $si ip is part of ip and 
>>> subnet of a subscriber so added '$(avp(sourceip)' and 
>>> '$(avp(sourceip_mask)' to the subscriber table.
>>> (I know I can use permissions module, but this is in cache and we 
>>> like to make changes real time without haveing to reload the table 
>>> in cache)
>>>
>>> I tried something like this where sourceip_net and sourceip_mask is 
>>> the ip subnet belonging to the subscriber:
>>>
>>> $si = 10.100.5.42 (00001010000101000001111000101010)
>>> $avp(sourceip_net) = 10.20.30.40; (00001010000101000001111000101000)
>>> $avp(sourceip_mask) = 29;
>>>
>>> if($si{ip.isip} && $(si{ip.pton}{s.substr,0,$avp(sourceip_mask)}) == 
>>> $(avp(sourceip_net){ip.pton}{s.substr,0,$avp(sourceip_mask)}))
>>> {
>>>     xlog("L_INFO", " ip $si belongs to $au\n");
>>> }
>>> else
>>> {
>>>     xlog("L_INFO", " ip $si does not belong to $au\n");
>>>     sl_send_reply("403", "Forbidden");
>>>     exit;
>>> }
>>>
>>>
>>> So I expect the ip is valid and the comparison is true 
>>> (00001010000101000001111000101 = 00001010000101000001111000101) but 
>>> it doesn't seem to work like I expect.
>>>
>>> It's difficult to output ip.pton to xlog (unreadable). Does it 
>>> output a binary format like I expect?
>>>
>>> Any ideas how to accomplish this?
>>>
>>> Thanks,
>>>
>>> Edwin
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20140130/c84e92d4/attachment.htm>


More information about the Users mailing list