check_source_address not working in 1.9

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

check_source_address not working in 1.9

Spady#7
Hi all, i am facing issue on using "check_source_address"

Opensips v. : OpenSIPS (1.9.0-notls (i386/linux))

Database entries:

mysql> select * from address;
+----+-----+---------------+------+------+-------+---------+--------------+
| id | grp | ip            | mask | port | proto | pattern | context_info |
+----+-----+---------------+------+------+-------+---------+--------------+
|  6 |   0 | 10.9.6.3      |   24 |    0 | ANY   |         |              |
|  5 |   0 | 172.16.55.201 |   24 |    0 | ANY   |         |              |
+----+-----+---------------+------+------+-------+---------+--------------+


Subnet Dump:

root@opensips:./opensipsctl fifo subnet_dump
   0 <0, 10.9.6.0, 255.255.255.0, 0>
   1 <0, 172.16.55.0, 255.255.255.0, 0>      

Address Relod log;

Apr 10 10:50:44 opensips /usr/local/opensips_proxy_1.9.0/sbin/opensips[2812]: DBG:permissions:reload_address_table: number of rows in address table: 2
Apr 10 10:50:44 opensips /usr/local/opensips_proxy_1.9.0/sbin/opensips[2812]: DBG:permissions:reload_address_table: Tuple <10.9.6.3, 0, 24, 0> inserted into subnet table
Apr 10 10:50:44 opensips /usr/local/opensips_proxy_1.9.0/sbin/opensips[2812]: DBG:permissions:reload_address_table: Tuple <172.16.55.201, 0, 24, 0> inserted into subnet table
Apr 10 10:50:44 opensips /usr/local/opensips_proxy_1.9.0/sbin/opensips[2812]: DBG:permissions:reload_address_table: address table reloaded successfully.



Call logs:


Apr 10 10:52:00 opensips /usr/local/opensips_proxy_1.9.0/sbin/opensips[2819]: DBG:permissions:check_src_addr_3: Looking for : <0, 172.16.55.201, 53109, 2> in tables
Apr 10 10:52:00 opensips /usr/local/opensips_proxy_1.9.0/sbin/opensips[2819]: DBG:permissions:hash_match: no match in the hash table
Apr 10 10:52:00 opensips /usr/local/opensips_proxy_1.9.0/sbin/opensips[2819]: DBG:permissions:match_subnet_table: match found in the subnet table
   


Snippet of code:

if(!check_source_address("0")){
                        if (!proxy_authorize("", "subscriber")) {
                                proxy_challenge("", "0");
                                exit;


Any idea?

Regards
Reply | Threaded
Open this post in threaded view
|

Re: check_source_address not working in 1.9

Bogdan-Andrei Iancu-2
Hello,

I see the logs saying :
DBG:permissions:match_subnet_table: match found in the subnet table

Have you checked the return code of the function, at script level ? it
is true or false ?

Regards,

Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com


On 04/12/2013 12:36 PM, spady wrote:

> Hi all, i am facing issue on using "check_source_address"
>
> Opensips v. : OpenSIPS (1.9.0-notls (i386/linux))
>
> Database entries:
>
> mysql>  select * from address;
> +----+-----+---------------+------+------+-------+---------+--------------+
> | id | grp | ip            | mask | port | proto | pattern | context_info |
> +----+-----+---------------+------+------+-------+---------+--------------+
> |  6 |   0 | 10.9.6.3      |   24 |    0 | ANY   |         |              |
> |  5 |   0 | 172.16.55.201 |   24 |    0 | ANY   |         |              |
> +----+-----+---------------+------+------+-------+---------+--------------+
>
>
> Subnet Dump:
>
> root@opensips:./opensipsctl fifo subnet_dump
>     0<0, 10.9.6.0, 255.255.255.0, 0>
>     1<0, 172.16.55.0, 255.255.255.0, 0>
>
> Address Relod log;
>
> Apr 10 10:50:44 opensips
> /usr/local/opensips_proxy_1.9.0/sbin/opensips[2812]:
> DBG:permissions:reload_address_table: number of rows in address table: 2
> Apr 10 10:50:44 opensips
> /usr/local/opensips_proxy_1.9.0/sbin/opensips[2812]:
> DBG:permissions:reload_address_table: Tuple<10.9.6.3, 0, 24, 0>  inserted
> into subnet table
> Apr 10 10:50:44 opensips
> /usr/local/opensips_proxy_1.9.0/sbin/opensips[2812]:
> DBG:permissions:reload_address_table: Tuple<172.16.55.201, 0, 24, 0>
> inserted into subnet table
> Apr 10 10:50:44 opensips
> /usr/local/opensips_proxy_1.9.0/sbin/opensips[2812]:
> DBG:permissions:reload_address_table: address table reloaded successfully.
>
>
>
> Call logs:
>
>
> Apr 10 10:52:00 opensips
> /usr/local/opensips_proxy_1.9.0/sbin/opensips[2819]:
> DBG:permissions:check_src_addr_3: Looking for :<0, 172.16.55.201, 53109, 2>
> in tables
> Apr 10 10:52:00 opensips
> /usr/local/opensips_proxy_1.9.0/sbin/opensips[2819]:
> DBG:permissions:hash_match: no match in the hash table
> Apr 10 10:52:00 opensips
> /usr/local/opensips_proxy_1.9.0/sbin/opensips[2819]:
> DBG:permissions:match_subnet_table: match found in the subnet table
>
>
>
> Snippet of code:
>
> if(!check_source_address("0")){
>                          if (!proxy_authorize("", "subscriber")) {
>                                  proxy_challenge("", "0");
>                                  exit;
>
>
> Any idea?
>
> Regards
>
>
>
> --
> View this message in context: http://opensips-open-sip-server.1449251.n2.nabble.com/check-source-address-not-working-in-1-9-tp7585808.html
> Sent from the OpenSIPS - Users mailing list archive at Nabble.com.
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: check_source_address not working in 1.9

Spady#7
Hi Bogdan, here snippet of used code:

if(!check_source_address("0")){
                        xlog("########LOG: Controllo dell'IP sorgente!!!!!\n" );
                        if (!proxy_authorize("", "subscriber")) {
                                proxy_challenge("", "0");
                                exit;
                        }
                }
                        if (!db_check_from()) {
                                sl_send_reply("403","Forbidden auth ID");
                                exit;
                        }
               
                        consume_credentials();


Using this i get 403 Forbidden auth ID


Using this:

if(check_source_address("0")){
                        xlog("########LOG: Controllo dell'IP sorgente!!!!!\n" );
                        if (!proxy_authorize("", "subscriber")) {
                                proxy_challenge("", "0");
                                exit;
                        }
                }
                        if (!db_check_from()) {
                                sl_send_reply("403","Forbidden auth ID");
                                exit;
                        }
               
                        consume_credentials();

i get:

407 Unauthorized!!


Reply | Threaded
Open this post in threaded view
|

Re: check_source_address not working in 1.9

Bogdan-Andrei Iancu-2
Hello,

I'm a bit confused, as what you are claiming is a bit of a nonces - you
say that is with NOT or without, for the same src IP, you end up in the
if() block all the time ?!?!

Regards,

Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com


On 04/12/2013 03:41 PM, spady wrote:

> Hi Bogdan, here snippet of used code:
>
> *if(!check_source_address("0")){
> xlog("########LOG: Controllo dell'IP sorgente!!!!!\n" );
> if (!proxy_authorize("", "subscriber")) {
> proxy_challenge("", "0");
> exit;
> }
> }
> if (!db_check_from()) {
> sl_send_reply("403","Forbidden auth ID");
> exit;
> }
>
> consume_credentials();
> *
>
> Using this i get *403 Forbidden auth ID*
>
>
> Using this:
>
> *if(check_source_address("0"))*{
> xlog("########LOG: Controllo dell'IP sorgente!!!!!\n" );
> if (!proxy_authorize("", "subscriber")) {
> proxy_challenge("", "0");
> exit;
> }
> }
> if (!db_check_from()) {
> sl_send_reply("403","Forbidden auth ID");
> exit;
> }
>
> consume_credentials();
>
> i get:
>
> 407 Unauthorized!!
>
>
>
>
>
>
> --
> View this message in context: http://opensips-open-sip-server.1449251.n2.nabble.com/check-source-address-not-working-in-1-9-tp7585808p7585810.html
> Sent from the OpenSIPS - Users mailing list archive at Nabble.com.
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users