> Would it take a massive rewrite to improve the way > permissions are handled or is it something that just isn't > high on the priority list?
I think that the way to deal with this situation wouldn't be to add fixes on top of the existing authorization function but rather to re-design it - would be kinda hard to fix that one with the scheme in place. A re-design of anything is usually not trivial work but I would not say it is massive either. > > For now I'll work with FQDNs to get sipX to do what I want it to do. > > On 06/10/2010 08:35 AM, JOLY, ROBERT (ROBERT) wrote: > > > > > > > >> -----Original Message----- > >> From: [email protected] > >> [mailto:[email protected]] On Behalf Of Josh > >> Patten > >> Sent: Wednesday, June 09, 2010 4:51 PM > >> To: [email protected] > >> Subject: [sipx-users] Use one IP address for multiple gateways in > >> sipX? > >> > >> I remember a while back when someone tried to set up multiple > >> unmanaged gateways with the same IP address in sipX it didn't work > >> correctly or permissions didn't work properly (I don't > remember what > >> the problem was exactly I just remember it didn't work) > >> > >> I have run into a call routing situation where, due to the way sipX > >> (poorly) handles permissions on dial plans, I need to either set > >> multiple IP addresses on my FXO gateway or create multiple > unmanaged > >> gateways pointing to the same IP within sipX with different > >> permissions on each. I haven't been able to make my audiocodes > >> gateway assume multiple IP addresses so I'm hoping that the issue > >> with multiple gateways pointing to the same IP address has been > >> fixed. Can someone point me in the right direction? > >> > > I acknbowledge that the way permissions are applied to > dialplans could be improved... Basically, the sipXecs > determines which permissions to apply by evaluating the > output of the dialplan transformation but if two dialplans > are setup to produce identical outputs, the authorization > stage responsible for checking permissions cannot tell the > two dialplans appart and therefore cannot apply the right > permission checks in many cases. This is confusing but here > is an example. If I have two dialplans: > > > > DP #1: > > REQUIRES: LongDistance perm > > INPUT: 9 followed by "any digits"; > > OUTPUT: send "any digits" to gateway XYZ > > > > DP #2: > > REQUIRES: LocalDialing perm > > INPUT: 6 followed by "any digits"; > > OUTPUT: send "any digits" to gateway XYZ > > > > Remember that the permissions are applied based on the > output of a dialplan but in this case DP1 and DP2 cannot be > told appart because they produce the exact same output, i.e. > "send "any digits" to gateway XYZ". That means that the > permission requirements of DP1 are always applied for calls > of "any digits to gateway XYZ". > > > > So, the work around is to make the two dialplans' outputs > unambiguous. When possible, a way to do this is to have the > two dialplans match different dial string lengths. For > example, the following would yield the unambiguous outputs > and proper permissions could ba applied: > > DP #1: > > REQUIRES: LongDistance perm > > INPUT: 9 followed by "10 digits"; > > OUTPUT: send "any digits" to gateway XYZ > > > > DP #2: > > REQUIRES: LocalDialing perm > > INPUT: 6 followed by "7 digits"; > > OUTPUT: send "any digits" to gateway XYZ > > > > I think that refering to the gateway by IP address in one > DP and by its FQDN in another way to make DP outputs > unambiguous but I haven't tried it. > > > > Another way would the add a dummy prefix to the DP output > that the gateway is configured to throw out. You could then > make DP outputs unamnbiguous by preprending unique prefixes > in each DP output. > > _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
