Hi everyone.
I read in the manual that by adding the followind lines to the
configuration
09=deny alias:^188884.*
ALL=allow ipv4:0/0|allow ipv6:::/0
will end up in "endpoints having an alias beginning with 188884 are
not allowed to call prefix 09"
So I expected that by adding the following lines to my configuration,
I would have prevented endpoint 3194 from calling the endpoint 8501
(which is an MCU ad hoc room actually)
[Gatekeeper::Auth]
PrefixAuth=required;ARQ
[PrefixAuth]
8501=deny alias:^3194.*
ALL=allow ipv4:0/0
But this does not work; I also try setting the rule to 8501=deny
alias:^3194 to no avail.
So I dug into logs and what I see is perplexing me: because it says that
*GKAUTH PrefixAuth rule matched and could not reject or accept
destination prefix '8501' for alias '8501'*
i.e. the alias for the caller and the callee is the same; this is the
actual output (where ip address has been blanked out)
2016/03/11 12:38:07.515 3 RasSrv.cxx(251) RAS
admissionRequest {
requestSeqNum = 8596
callType = pointToPoint <<null>>
callModel = gatekeeperRouted <<null>>
endpointIdentifier = 9 characters {
0037 0038 0038 0036 005f 0065 006e 0064 7886_end
0070 p
}
destinationInfo = 2 entries {
[0]=dialedDigits "8501"
[1]=dialedDigits "8501"
}
srcInfo = 2 entries {
[0]=h323_ID 10 characters {
0044 0043 0020 0050 0045 0052 0053 0020 DC PERS
0053 0049 SI
}
[1]=dialedDigits "3194"
}
srcCallSignalAddress = ipAddress {
ip = 4 octets {
xx xx xx xx ....
}
port = 60008
}
bandWidth = 15360
callReferenceValue = 2331
conferenceID = 16 octets {
02 87 73 31 e2 b2 03 14 1d a9 56 34 34 34 34 ef ..s1......V4444.
}
activeMC = false
answerCall = false
canMapAlias = false
callIdentifier = {
guid = 16 octets {
02 87 73 31 e2 b2 03 14 1d a8 56 34 34 34 34 ef ..s1......V4444.
}
}
gatekeeperIdentifier = 5 characters {
0047 006e 0075 0047 006b GnuGk
}
willSupplyUUIEs = false
}
2016/03/11 12:38:07.531 5 job.cxx(338) JOB Worker threads:
15
total - 15 busy, 0 idle
2016/03/11 12:38:07.531 5 job.cxx(180) JOB Starting Job ARQ
at Worker thread 364
2016/03/11 12:38:07.531 1 RasSrv.cxx(382) RAS ARQ Received
from
xx.xx.xx.xx:1719*2016/03/11 12:38:07.531 4
gkauth.cxx(1941) GKAUTH PrefixAuth rule matched and could not reject
or accept destination prefix '8501' for alias '8501'*
2016/03/11 12:38:07.531 5 gkauth.cxx(1735) GKAUTH Prefix auth
rule 'allow ip(32):0/0' matched
2016/03/11 12:38:07.531 4 gkauth.cxx(1926) GKAUTH PrefixAuth
rule matched and accepted destination prefix 'ALL' for alias '8501'
2016/03/11 12:38:07.531 3 gkauth.cxx(795) GKAUTH PrefixAuth ARQ
check ok
The output is the same even when the calling endpoint is a different
one from 3194.
What am I not understading?
My Gnugk Version is Gatekeeper(GNU) Version(3.4.0)
Ext(pthreads=0,radius=1,mysql=1,pgsql=1,firebird=1,odbc=1,sqlite=1,large_fdset=0,crypto/ssl=1,h46018=1,h46023=1,ldap=1,ssh=0,ipv6=1,h235media=1,lua=0,h46017=1,snmp=1,h46026=0)
H323Plus(1.25.3) PTLib(2.10.1) Build(Sep 19 2013, 19:57:17) Sys(Server
2003 i586 (Model=1 Stepping=2) v5.2.3790)
Thank you very much. Pierlu
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140
_______________________________________________________
Posting: mailto:Openh323gk-users@lists.sourceforge.net
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/
