Hi All, In ast_apply_acl (main/acl.c) there is two lines that's issuing a LOG_WARNING when an ACL gets denied.
The first happens if the ACL is invalid. I'm not too worried about this specific one, it's probably a good thing if this gets logged always. The latter, in the case of AST_SENSE_DENY is a bit problematic for me. I've submitted patches now to use ACLs in res_rtp_asterisk, and with large number of rejects this can quickly spam the logs, and frankly, confuse consumers. As I see it, there are two possible solutions: Solution 1: 1. Add AST_SENSE_INVALID as a possible return. 2. Rename the current function to ast_apply_acl_(silent|nolog), and remove the logging. 3. Add a replacement ast_apply_acl function which will generate the log entries as per current. Solution 2: Simply don't log at all if the purpose argument is NULL. Solution two is the simpler fix, but it's probably also the less ideal one. The adding of the AST_SENSE_INVALID will also mean that the replacement function will need to rewrite AST_SENSE_INVALID => AST_SENSE_DENY, or we need to audit all consumers of the function (there fortunately isn't a great many of these) and wherever ast_apply_acl(...) == AST_SENSE_DENY is found, it should be rewritten as ast_apply_acl(...) != AST_SENSE_ALLOW. Would dearly like some opinions on the matter. PS: The advantage for me on using ACL over HA is simply the named ACL functionality, so in rtp.conf I can state ice_acl = named_acl instead of having to embed the ACL into rtp.conf. Kind Regards, Jaco Kroon C.E.O. *T:* +27 (0)12 021 0000 | *F:* +27 86 648 8561 | *E:* j...@iewc.co.za *W:* iewc.co.za <https://www.iewc.co.za/> | *A:* Unit 201, Building 2B, Sunwood Park, Queen's Crescent Lynnwood, Pretoria Facebook <https://www.facebook.com/Interexcel/> Twitter <https://twitter.com/Interexcel/> Google+ <https://plus.google.com/+InterexcelCoZaPTA/posts> LinkedIn <https://www.linkedin.com/company/interexcel-world-connection/> IEWC <https://www.iewc.co.za/> ULS Group <http://www.uls.co.za/>
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
