<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div>Hello,</div><div><br></div><div>Also you can use REDIS or HASH to mark IP as allowed on register.</div><br><div><div>On 12 Dec 2016, at 19:27, Schneur Rosenberg <<a href="mailto:rosenberg11219@gmail.com">rosenberg11219@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div dir="ltr">Thanks Razvan, I had no choice and I did it the non lazy way, we have lots of carriers for incoming DID's, until now I did not want to have the headache of constantly updating my carriers IP's used for incoming traffic, so I allowed unauthenticated DID calls to come in from any IP address, but it was really not smart, I needed to do extra database queries, and my database even crashed once when someone brute forced my server and by the time the firewall script kicked in to block him my database has crashed because it was doing a MYSQL query for each invite.<br><br>So now I use the permission module to load all did providers IP addresses and therefore I don't need to do extra tests and queries on every single INVITE and all my problems have been solved :-)<br><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Dec 5, 2016 at 11:03 AM, Răzvan Crainea <span dir="ltr"><<a href="mailto:razvan@opensips.org" target="_blank">razvan@opensips.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<tt>Hi, Schneur!<br>
<br>
The second parameter of the </tt><tt>is_ip_registered()
function[1] should be the AOR of the caller, in the </tt><tt><a href="sip:SIP_USER@SIP_DOMAIN">sip:SIP_USER@SIP_DOMAIN</a>
format. The source IP is only checked against the contacts of
that specific subscriber.<br>
</tt><tt><tt><tt><tt>However, if I understand
correctly, your problem is determining what is the correct
AOR to use, because the From username and domain might be
different between REGISTER and INVITE, right?</tt></tt></tt>
If that's the case, you don't have that many choices: either you
search through all registered IPs (but there is no OpenSIPS
function to do that, so you'll need someting external as you've
already done), or you create some sort of mappings between the
REGISTER and INVITE users/formats. Or you impose your customers to
comply with a specific format, that can help you figure out the
mapping.<br>
<br>
[1]
<a class="gmail-m_5473655347615813839moz-txt-link-freetext" href="http://www.opensips.org/html/docs/modules/2.2.x/registrar.html#id294953" target="_blank">http://www.opensips.org/html/<wbr>docs/modules/2.2.x/registrar.<wbr>html#id294953</a><br>
<br>
Best regards,<br>
</tt>
<pre class="gmail-m_5473655347615813839moz-signature" cols="72">Răzvan Crainea
OpenSIPS Solutions
<a class="gmail-m_5473655347615813839moz-txt-link-abbreviated" href="http://www.opensips-solutions.com/" target="_blank">www.opensips-solutions.com</a></pre><div><div class="gmail-h5">
<div class="gmail-m_5473655347615813839moz-cite-prefix">On 12/04/2016 01:20 PM, Schneur
Rosenberg wrote:<br>
</div>
</div></div><blockquote type="cite"><div><div class="gmail-h5">
<div dir="ltr">Hi, I would like to check during the initial
invite if the request comes from a IP that is registered (I
don't care about the user credentials at this time), I use it to
know if the invite is from a registered user or if it is from a
unauthenticated source (DID's or hacking attempt) I can't use
is_contact_registered() because not all clients send the user
name in the initial invite, and they only send it in the
authentication username which is absent in the initial invite,
therefore I want to use is_ip_registered() but I'm having issues
and I don't understand exactly what the second parameter is for,
I want to check for the ip in the $si variable if it is
registered (either in the contact field or in the received
field).
<div><br>
</div>
<div>When leaving blank the AOR field, some devices work well
but some don't.<br>
<br>
Due to NAT some devices register the IP in the contact field,
and some in the received field, I want to try to match to
either one, and it should parse the contact field that it
should ignore the username from the contact field.<br>
</div>
<div><br>
</div>
<div>I was doing a avp_db_query() until now, but it had 2 major
issues.<br>
<br>
1) It runs a MYSQL query on each REQUEST which reduces
performance, I couldn't use memcache because IP's are dynamic
in nature. <br>
2) I use db_mode 2 on usrloc and it takes about a minute for
the registration to appear in the DB and the user can't call
out during that minute, and even worse if he tries multiple
times and it gets rejected my iptables will block his IP.</div>
<div><br>
</div>
<div>thank you</div>
<div>S. Rosenberg</div>
</div>
<br>
<fieldset class="gmail-m_5473655347615813839mimeAttachmentHeader"></fieldset>
<br>
</div></div><pre>______________________________<wbr>_________________
Users mailing list
<a class="gmail-m_5473655347615813839moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a>
<a class="gmail-m_5473655347615813839moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-<wbr>bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</div>
<br>______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-<wbr>bin/mailman/listinfo/users</a><br>
<br></blockquote></div><br></div></div>
_______________________________________________<br>Users mailing list<br><a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>http://lists.opensips.org/cgi-bin/mailman/listinfo/users<br></blockquote></div><br><div>
<div>-- </div><div>Serge S. Yuriev</div><div><br></div><br class="Apple-interchange-newline">
</div>
<br></body></html>