Permission doesn't match

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Permission doesn't match

Julian Santer
Hi guys,

I have some question to the permission module. We are using Opensips 2.2.6.
The permissions are load from the address table located in a MySQL DB.

My config looks like:

...
else if (check_address("52", "$si", "$sp", "$proto", "$avp(ctx)", "$ua"))
{
     xlog("L_INFO", "Entered here due permission 52 - LF_BASE");
}
else if (check_address("54", "$si", "$sp", "$proto", "$avp(ctx)", "$ua"))
{
     xlog("L_INFO", "Entered here due permission 54 - LF_BASE");
}
...

address table:
id    grp    ip             mask    port    proto    pattern    context_info
41    52     192.168.1.0    24      0       any      AVM*.06.*  test
648   54     192.168.1.0    24      0       any      AVM*.07.*  test

This line is matching:
Nov  8 17:10:59 M=REGISTER RURI=sip:test.com F=sip:[hidden email] T=sip:[hidden email] SRC=192.168.1.46:5060 UAC=AVM FRITZ!Box Fon WLAN 7390 84.06.85 (Sep
10 2018) ID=9A0B1C90057A9126@192.168.1.46 B=<null>
Nov  8 17:10:59 Entered here due permission 52 - M=REGISTER RURI=sip:test.com F=sip:[hidden email] T=sip:[hidden email] SRC=192.168.1.46:5060 UAC=AVM
FRITZ!Box Fon WLAN 7390 84.06.85 (Sep 10 2018) ID=9A0B1C90057A9126@192.168.146 B=<null>

But this line is not matching:
Nov  8 17:35:19 M=REGISTER RURI=sip:test.com F=sip:[hidden email] T=sip:[hidden email] SRC=192.168.1.215:5060 UAC=AVM FRITZ!Box 7490 113.07.01 (Sep 11
2018) ID=5DC1E7DC326043BA@192.168.1.215 B=<null>

I already did a opensipsctl address reload and several times restarted the whole opensips service.
Have you maybe some hint for me?

Kind regards,
Julian Santer


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Permission doesn't match

Bogdan-Andrei Iancu-2
Hi Julian,

If you do a "subnet_dump" (see
http://www.opensips.org/html/docs/modules/2.4.x/permissions.html#mi_subnet_dump),
do you see both records ?

Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
   http://www.opensips-solutions.com
OpenSIPS Bootcamp 2018
   http://opensips.org/training/OpenSIPS_Bootcamp_2018/

On 11/08/2018 06:52 PM, Julian Santer wrote:

> Hi guys,
>
> I have some question to the permission module. We are using Opensips
> 2.2.6.
> The permissions are load from the address table located in a MySQL DB.
>
> My config looks like:
>
> ...
> else if (check_address("52", "$si", "$sp", "$proto", "$avp(ctx)", "$ua"))
> {
>     xlog("L_INFO", "Entered here due permission 52 - LF_BASE");
> }
> else if (check_address("54", "$si", "$sp", "$proto", "$avp(ctx)", "$ua"))
> {
>     xlog("L_INFO", "Entered here due permission 54 - LF_BASE");
> }
> ...
>
> address table:
> id    grp    ip             mask    port    proto    pattern context_info
> 41    52     192.168.1.0    24      0       any      AVM*.06.* test
> 648   54     192.168.1.0    24      0       any      AVM*.07.* test
>
> This line is matching:
> Nov  8 17:10:59 M=REGISTER RURI=sip:test.com F=sip:[hidden email]
> T=sip:[hidden email] SRC=192.168.1.46:5060 UAC=AVM FRITZ!Box Fon WLAN
> 7390 84.06.85 (Sep 10 2018) ID=9A0B1C90057A9126@192.168.1.46 B=<null>
> Nov  8 17:10:59 Entered here due permission 52 - M=REGISTER
> RURI=sip:test.com F=sip:[hidden email] T=sip:[hidden email]
> SRC=192.168.1.46:5060 UAC=AVM FRITZ!Box Fon WLAN 7390 84.06.85 (Sep 10
> 2018) ID=9A0B1C90057A9126@192.168.146 B=<null>
>
> But this line is not matching:
> Nov  8 17:35:19 M=REGISTER RURI=sip:test.com F=sip:[hidden email]
> T=sip:[hidden email] SRC=192.168.1.215:5060 UAC=AVM FRITZ!Box 7490
> 113.07.01 (Sep 11 2018) ID=5DC1E7DC326043BA@192.168.1.215 B=<null>
>
> I already did a opensipsctl address reload and several times restarted
> the whole opensips service.
> Have you maybe some hint for me?
>
> Kind regards,
> Julian Santer
>
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Permission doesn't match

Julian Santer
Hi Bogdan,

if I exec "subnet_dump", I receive the records in grp "52", but the records in grp "54" are missing.

Kind regards,
Julian Santer

Am 14.11.18 um 15:20 schrieb Bogdan-Andrei Iancu:

> Hi Julian,
>
> If you do a "subnet_dump" (see http://www.opensips.org/html/docs/modules/2.4.x/permissions.html#mi_subnet_dump), do you see both records ?
>
> Regards,
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
>    http://www.opensips-solutions.com
> OpenSIPS Bootcamp 2018
>    http://opensips.org/training/OpenSIPS_Bootcamp_2018/
>
> On 11/08/2018 06:52 PM, Julian Santer wrote:
>> Hi guys,
>>
>> I have some question to the permission module. We are using Opensips 2.2.6.
>> The permissions are load from the address table located in a MySQL DB.
>>
>> My config looks like:
>>
>> ...
>> else if (check_address("52", "$si", "$sp", "$proto", "$avp(ctx)", "$ua"))
>> {
>>     xlog("L_INFO", "Entered here due permission 52 - LF_BASE");
>> }
>> else if (check_address("54", "$si", "$sp", "$proto", "$avp(ctx)", "$ua"))
>> {
>>     xlog("L_INFO", "Entered here due permission 54 - LF_BASE");
>> }
>> ...
>>
>> address table:
>> id    grp    ip             mask    port    proto    pattern context_info
>> 41    52     192.168.1.0    24      0       any      AVM*.06.* test
>> 648   54     192.168.1.0    24      0       any      AVM*.07.* test
>>
>> This line is matching:
>> Nov  8 17:10:59 M=REGISTER RURI=sip:test.com F=sip:[hidden email] T=sip:[hidden email] SRC=192.168.1.46:5060 UAC=AVM FRITZ!Box Fon WLAN 7390 84.06.85
>> (Sep 10 2018) ID=9A0B1C90057A9126@192.168.1.46 B=<null>
>> Nov  8 17:10:59 Entered here due permission 52 - M=REGISTER RURI=sip:test.com F=sip:[hidden email] T=sip:[hidden email] SRC=192.168.1.46:5060 UAC=AVM
>> FRITZ!Box Fon WLAN 7390 84.06.85 (Sep 10 2018) ID=9A0B1C90057A9126@192.168.146 B=<null>
>>
>> But this line is not matching:
>> Nov  8 17:35:19 M=REGISTER RURI=sip:test.com F=sip:[hidden email] T=sip:[hidden email] SRC=192.168.1.215:5060 UAC=AVM FRITZ!Box 7490 113.07.01 (Sep 11
>> 2018) ID=5DC1E7DC326043BA@192.168.1.215 B=<null>
>>
>> I already did a opensipsctl address reload and several times restarted the whole opensips service.
>> Have you maybe some hint for me?
>>
>> Kind regards,
>> Julian Santer
>>
>>
>> _______________________________________________
>> Users mailing list
>> [hidden email]
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Permission doesn't match

Bogdan-Andrei Iancu-2
Hi Julian,

When you perform a "address_reload", do you see any errors or warnings
in the opensips logs ?

Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
   http://www.opensips-solutions.com
OpenSIPS Bootcamp 2018
   http://opensips.org/training/OpenSIPS_Bootcamp_2018/

On 11/16/2018 03:06 PM, Julian Santer wrote:

> Hi Bogdan,
>
> if I exec "subnet_dump", I receive the records in grp "52", but the
> records in grp "54" are missing.
>
> Kind regards,
> Julian Santer
>
> Am 14.11.18 um 15:20 schrieb Bogdan-Andrei Iancu:
>> Hi Julian,
>>
>> If you do a "subnet_dump" (see
>> http://www.opensips.org/html/docs/modules/2.4.x/permissions.html#mi_subnet_dump),
>> do you see both records ?
>>
>> Regards,
>>
>> Bogdan-Andrei Iancu
>>
>> OpenSIPS Founder and Developer
>>    http://www.opensips-solutions.com
>> OpenSIPS Bootcamp 2018
>>    http://opensips.org/training/OpenSIPS_Bootcamp_2018/
>>
>> On 11/08/2018 06:52 PM, Julian Santer wrote:
>>> Hi guys,
>>>
>>> I have some question to the permission module. We are using Opensips
>>> 2.2.6.
>>> The permissions are load from the address table located in a MySQL DB.
>>>
>>> My config looks like:
>>>
>>> ...
>>> else if (check_address("52", "$si", "$sp", "$proto", "$avp(ctx)",
>>> "$ua"))
>>> {
>>>     xlog("L_INFO", "Entered here due permission 52 - LF_BASE");
>>> }
>>> else if (check_address("54", "$si", "$sp", "$proto", "$avp(ctx)",
>>> "$ua"))
>>> {
>>>     xlog("L_INFO", "Entered here due permission 54 - LF_BASE");
>>> }
>>> ...
>>>
>>> address table:
>>> id    grp    ip             mask    port    proto    pattern
>>> context_info
>>> 41    52     192.168.1.0    24      0       any      AVM*.06.* test
>>> 648   54     192.168.1.0    24      0       any      AVM*.07.* test
>>>
>>> This line is matching:
>>> Nov  8 17:10:59 M=REGISTER RURI=sip:test.com F=sip:[hidden email]
>>> T=sip:[hidden email] SRC=192.168.1.46:5060 UAC=AVM FRITZ!Box Fon WLAN
>>> 7390 84.06.85 (Sep 10 2018) ID=9A0B1C90057A9126@192.168.1.46 B=<null>
>>> Nov  8 17:10:59 Entered here due permission 52 - M=REGISTER
>>> RURI=sip:test.com F=sip:[hidden email] T=sip:[hidden email]
>>> SRC=192.168.1.46:5060 UAC=AVM FRITZ!Box Fon WLAN 7390 84.06.85 (Sep
>>> 10 2018) ID=9A0B1C90057A9126@192.168.146 B=<null>
>>>
>>> But this line is not matching:
>>> Nov  8 17:35:19 M=REGISTER RURI=sip:test.com F=sip:[hidden email]
>>> T=sip:[hidden email] SRC=192.168.1.215:5060 UAC=AVM FRITZ!Box 7490
>>> 113.07.01 (Sep 11 2018) ID=5DC1E7DC326043BA@192.168.1.215 B=<null>
>>>
>>> I already did a opensipsctl address reload and several times
>>> restarted the whole opensips service.
>>> Have you maybe some hint for me?
>>>
>>> Kind regards,
>>> Julian Santer
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> [hidden email]
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>> _______________________________________________
>> Users mailing list
>> [hidden email]
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Permission doesn't match

Julian Santer
Hi Bogdan,

yes we got the following critical errors:
CRITICAL:permissions:subnet_table_insert: subnet table is full

How many records could be stored and is there a way to increase the limit?

Kind regards,
Julian Santer

Am 16.11.18 um 17:12 schrieb Bogdan-Andrei Iancu:

> Hi Julian,
>
> When you perform a "address_reload", do you see any errors or warnings in the opensips logs ?
>
> Regards,
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
>   http://www.opensips-solutions.com
> OpenSIPS Bootcamp 2018
>   http://opensips.org/training/OpenSIPS_Bootcamp_2018/
>
> On 11/16/2018 03:06 PM, Julian Santer wrote:
>> Hi Bogdan,
>>
>> if I exec "subnet_dump", I receive the records in grp "52", but the records in grp "54" are missing.
>>
>> Kind regards,
>> Julian Santer
>>
>> Am 14.11.18 um 15:20 schrieb Bogdan-Andrei Iancu:
>>> Hi Julian,
>>>
>>> If you do a "subnet_dump" (see http://www.opensips.org/html/docs/modules/2.4.x/permissions.html#mi_subnet_dump), do you see both records ?
>>>
>>> Regards,
>>>
>>> Bogdan-Andrei Iancu
>>>
>>> OpenSIPS Founder and Developer
>>>    http://www.opensips-solutions.com
>>> OpenSIPS Bootcamp 2018
>>>    http://opensips.org/training/OpenSIPS_Bootcamp_2018/
>>>
>>> On 11/08/2018 06:52 PM, Julian Santer wrote:
>>>> Hi guys,
>>>>
>>>> I have some question to the permission module. We are using Opensips 2.2.6.
>>>> The permissions are load from the address table located in a MySQL DB.
>>>>
>>>> My config looks like:
>>>>
>>>> ...
>>>> else if (check_address("52", "$si", "$sp", "$proto", "$avp(ctx)", "$ua"))
>>>> {
>>>>     xlog("L_INFO", "Entered here due permission 52 - LF_BASE");
>>>> }
>>>> else if (check_address("54", "$si", "$sp", "$proto", "$avp(ctx)", "$ua"))
>>>> {
>>>>     xlog("L_INFO", "Entered here due permission 54 - LF_BASE");
>>>> }
>>>> ...
>>>>
>>>> address table:
>>>> id    grp    ip             mask    port    proto    pattern context_info
>>>> 41    52     192.168.1.0    24      0       any AVM*.06.* test
>>>> 648   54     192.168.1.0    24      0       any AVM*.07.* test
>>>>
>>>> This line is matching:
>>>> Nov  8 17:10:59 M=REGISTER RURI=sip:test.com F=sip:[hidden email] T=sip:[hidden email] SRC=192.168.1.46:5060 UAC=AVM FRITZ!Box Fon WLAN 7390 84.06.85
>>>> (Sep 10 2018) ID=9A0B1C90057A9126@192.168.1.46 B=<null>
>>>> Nov  8 17:10:59 Entered here due permission 52 - M=REGISTER RURI=sip:test.com F=sip:[hidden email] T=sip:[hidden email] SRC=192.168.1.46:5060 UAC=AVM
>>>> FRITZ!Box Fon WLAN 7390 84.06.85 (Sep 10 2018) ID=9A0B1C90057A9126@192.168.146 B=<null>
>>>>
>>>> But this line is not matching:
>>>> Nov  8 17:35:19 M=REGISTER RURI=sip:test.com F=sip:[hidden email] T=sip:[hidden email] SRC=192.168.1.215:5060 UAC=AVM FRITZ!Box 7490 113.07.01 (Sep
>>>> 11 2018) ID=5DC1E7DC326043BA@192.168.1.215 B=<null>
>>>>
>>>> I already did a opensipsctl address reload and several times restarted the whole opensips service.
>>>> Have you maybe some hint for me?
>>>>
>>>> Kind regards,
>>>> Julian Santer
>>>>
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> [hidden email]
>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> [hidden email]
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> [hidden email]
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Permission doesn't match

Bogdan-Andrei Iancu-2
Hi Julian,

And you have *only* those 2 subnet records in the address table ??

You should get that error only if you use more than 128 subnet records.

Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
   http://www.opensips-solutions.com
OpenSIPS Bootcamp 2018
   http://opensips.org/training/OpenSIPS_Bootcamp_2018/

On 11/16/2018 06:30 PM, Julian Santer wrote:

> Hi Bogdan,
>
> yes we got the following critical errors:
> CRITICAL:permissions:subnet_table_insert: subnet table is full
>
> How many records could be stored and is there a way to increase the
> limit?
>
> Kind regards,
> Julian Santer
>
> Am 16.11.18 um 17:12 schrieb Bogdan-Andrei Iancu:
>> Hi Julian,
>>
>> When you perform a "address_reload", do you see any errors or
>> warnings in the opensips logs ?
>>
>> Regards,
>>
>> Bogdan-Andrei Iancu
>>
>> OpenSIPS Founder and Developer
>>   http://www.opensips-solutions.com
>> OpenSIPS Bootcamp 2018
>>   http://opensips.org/training/OpenSIPS_Bootcamp_2018/
>>
>> On 11/16/2018 03:06 PM, Julian Santer wrote:
>>> Hi Bogdan,
>>>
>>> if I exec "subnet_dump", I receive the records in grp "52", but the
>>> records in grp "54" are missing.
>>>
>>> Kind regards,
>>> Julian Santer
>>>
>>> Am 14.11.18 um 15:20 schrieb Bogdan-Andrei Iancu:
>>>> Hi Julian,
>>>>
>>>> If you do a "subnet_dump" (see
>>>> http://www.opensips.org/html/docs/modules/2.4.x/permissions.html#mi_subnet_dump),
>>>> do you see both records ?
>>>>
>>>> Regards,
>>>>
>>>> Bogdan-Andrei Iancu
>>>>
>>>> OpenSIPS Founder and Developer
>>>>    http://www.opensips-solutions.com
>>>> OpenSIPS Bootcamp 2018
>>>>    http://opensips.org/training/OpenSIPS_Bootcamp_2018/
>>>>
>>>> On 11/08/2018 06:52 PM, Julian Santer wrote:
>>>>> Hi guys,
>>>>>
>>>>> I have some question to the permission module. We are using
>>>>> Opensips 2.2.6.
>>>>> The permissions are load from the address table located in a MySQL
>>>>> DB.
>>>>>
>>>>> My config looks like:
>>>>>
>>>>> ...
>>>>> else if (check_address("52", "$si", "$sp", "$proto", "$avp(ctx)",
>>>>> "$ua"))
>>>>> {
>>>>>     xlog("L_INFO", "Entered here due permission 52 - LF_BASE");
>>>>> }
>>>>> else if (check_address("54", "$si", "$sp", "$proto", "$avp(ctx)",
>>>>> "$ua"))
>>>>> {
>>>>>     xlog("L_INFO", "Entered here due permission 54 - LF_BASE");
>>>>> }
>>>>> ...
>>>>>
>>>>> address table:
>>>>> id    grp    ip             mask    port    proto pattern
>>>>> context_info
>>>>> 41    52     192.168.1.0    24      0       any AVM*.06.* test
>>>>> 648   54     192.168.1.0    24      0       any AVM*.07.* test
>>>>>
>>>>> This line is matching:
>>>>> Nov  8 17:10:59 M=REGISTER RURI=sip:test.com F=sip:[hidden email]
>>>>> T=sip:[hidden email] SRC=192.168.1.46:5060 UAC=AVM FRITZ!Box Fon
>>>>> WLAN 7390 84.06.85 (Sep 10 2018) ID=9A0B1C90057A9126@192.168.1.46
>>>>> B=<null>
>>>>> Nov  8 17:10:59 Entered here due permission 52 - M=REGISTER
>>>>> RURI=sip:test.com F=sip:[hidden email] T=sip:[hidden email]
>>>>> SRC=192.168.1.46:5060 UAC=AVM FRITZ!Box Fon WLAN 7390 84.06.85
>>>>> (Sep 10 2018) ID=9A0B1C90057A9126@192.168.146 B=<null>
>>>>>
>>>>> But this line is not matching:
>>>>> Nov  8 17:35:19 M=REGISTER RURI=sip:test.com F=sip:[hidden email]
>>>>> T=sip:[hidden email] SRC=192.168.1.215:5060 UAC=AVM FRITZ!Box 7490
>>>>> 113.07.01 (Sep 11 2018) ID=5DC1E7DC326043BA@192.168.1.215 B=<null>
>>>>>
>>>>> I already did a opensipsctl address reload and several times
>>>>> restarted the whole opensips service.
>>>>> Have you maybe some hint for me?


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users