<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Hi everyone, can anyone tell me what's going wrong here please?<div>I'm having a problem with my switch statement in that  $retcode 1 ends up falling into the processing for -1, -2, -3<br></div><div><br></div><div><div># If the client is not already authenticated, check the return code and look for multiple failures</div><div>                www_authorize("", "subscriber");</div><div>                switch ($retcode)</div><div>                {</div><div>                        case 0: # false</div><div>                                xlog("CUSTOM_LOG: Client NOT authenticated");</div><div>                                break;</div><div>                        case 1: # true</div><div>                                xlog("CUSTOM_LOG: Client authenticated");</div><div>                                break;</div><div>                        case -3: # stale nonce</div><div>                        case -2: # invalid passwd</div><div>                        case -1: # no such user</div><div>                                xlog("CUSTOM_LOG: Failed Authentication Attempt (Return Code: $retcode) for $ru To: $tu - Checking for Dictionary attack");</div><div>                                # Is the attribute AuthFail_$si present in cache?</div><div>                                if ( cache_fetch("local","AuthFail_$si",$avp(failed_no)) ) {</div><div>                                        xlog("CUSTOM_LOG: Failure Attempts for $ru ($fU) is now $avp(failed_no) (Return Code: $retcode)");</div><div>                                        # If so, how many failures so far?</div><div>                                        if ( $(avp(failed_no){<a href="http://s.int">s.int</a>}) >= $var(max_auth_fail) ) {</div><div>                                                xlog("CUSTOM_LOG: SECURITY ALERT: $var(max_auth_fail) failed auth attempts for $fU from $si - Blocking IP Address");</div><div>                                                # Looks like bad people - Block the source IP</div><div>                                                exec("sudo /sbin/ipset add $var(ipset) $$SIP_SRCIP");</div><div>                                                xlog("CUSTOM_LOG: $si added to ipset $var(ipset))");</div><div>                                                exit;</div><div>                                        }</div><div>                                        # If authentication is failing, increment the value of AuthFail_$si by 1</div><div>                                        xlog("CUSTOM_LOG: Incrementing AuthFail_$si");</div><div>                                        cache_add("local","AuthFail_$si",1,60);</div><div>                                } else {</div><div>                                        # If the attribute AuthFail_$si is not present - add it</div><div>                                        xlog("CUSTOM_LOG: Adding Cache entry AuthFail_$si");</div><div>                                        cache_store("local","AuthFail_$si","1",60);</div><div>                                }</div><div>                                break;</div><div>                        default:</div><div>                                # If non of the above is true, try to authenticate the user</div><div>                                xlog("CUSTOM_LOG: No Subscriber in database for $ru ($fU) - Challenging");</div><div>                                www_challenge("", 0);</div><div>                }</div><div><br></div><div>--------------</div><div><br></div><div>From my logs:</div><div><br></div><div><div>CUSTOM_LOG: Failed Authentication Attempt (Return Code: 1) for sip:XXX.XXX.XXX.XXX To: sip:5003@XXX.XXX.XXX.XXX - Checking for Dictionary attack</div><div>CUSTOM_LOG: Failure Attempts for sip:XXX.XXX.XXX.XXX (5003) is now 1 (Return Code: 1)</div><div>CUSTOM_LOG: Incrementing AuthFail_XXX.XXX.XXX.XXX</div></div><div><br></div><div>Version info:</div><div><br></div><div><div>version: opensips 3.0.0 (x86_64/linux)</div><div>flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, HP_MALLOC, DBG_MALLOC, CC_O0, FAST_LOCK-ADAPTIVE_WAIT</div><div>ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535</div><div>poll method support: poll, epoll, sigio_rt, select.</div><div>git revision: 435890a06</div><div>main.c compiled on 13:19:25 Jun 21 2019 with gcc 7</div></div><div><br></div><div>Many thanks</div><div>Mark.</div><div><br></div><div dir="ltr" class="gmail_signature"></div></div></div></div></div></div></div></div>