Hi Jai, As you suggested, i added the id of the entry to the debug info for ignored entries .
Also, i committed a fix for the other problem you had with check_source_address. Please update from SVN and let me know if you find any other issues. Regards, Irina Stanescu Jai Rangi wrote: > Excellent, I owe you one. > > As always users always want more and more ;) > I got this in the logs when I try to > Dec 10 13:55:02 [11176] DBG:permissions:reload_address_table: invalid > ip field in address table, ignoring entry 0 > Dec 10 13:55:02 [11176] DBG:permissions:reload_address_table: invalid > ip field in address table, ignoring entry 1 > > Here ID or IPAddress will be more useful for debugging purpose. > > Here is the trace for the failing call form same IP. > > Dec 10 14:03:09 [11772] DBG:core:parse_via: end of header reached, state=5 > Dec 10 14:03:09 [11772] DBG:core:parse_headers: via found, flags=200 > Dec 10 14:03:09 [11772] DBG:core:get_hdr_field: content_length=235 > Dec 10 14:03:09 [11772] DBG:core:get_hdr_field: found end of header > Dec 10 14:03:09 [11772] DBG:rr:find_first_route: No Route headers found > Dec 10 14:03:09 [11772] DBG:rr:loose_route: There is no Route HF > source ip is 65.211.120.237 and protocol is udp avp is <null> > Dec 10 14:03:09 [11772] DBG:permissions:check_src_addr_3: Looking for > : <0, 65.211.120.237, 5060, 1> in tables > Dec 10 14:03:09 [11772] DBG:permissions:hash_match: no match in the > hash table > Dec 10 14:03:09 [11772] DBG:permissions:match_subnet_table: subnet > table is empty > Monitor Request not from trusted source from > sip:[email protected]:5060;user=phone to > sip:[email protected]:5060;user=phone;transport=UDP from IP > 65.211.120.237 Dec 10 14:03:09 [11772] DBG:core:parse_headers: > flags=ffffffffffffffff > Dec 10 14:03:09 [11772] DBG:core:parse_headers: flags=ffffffffffffffff > Dec 10 14:03:09 [11772] DBG:core:check_ip_address: params > 65.211.120.237, 65.211.120.237, 0 > Dec 10 14:03:09 [11772] DBG:core:destroy_avp_list: destroying list (nil) > Dec 10 14:03:09 [11772] DBG:core:receive_msg: cleaning up > Dec 10 14:03:09 [11771] DBG:core:parse_msg: SIP Request: > > Dump from address cache > ../../sbin/opensipsctl fifo address_dump | grep "65.211.120.237" > 12 <65.211.120.237,0, 0, 0, ^sip:.*$, NULL> > > Code in cfg file > xlog(" source ip is $si and protocol is $proto avp is $avp(i:9)"); > if (check_source_address("0","$avp(i:9)")) { > > Same Call from other IP works juts IP > > Dec 10 14:08:16 [11776] DBG:rr:loose_route: There is no Route HF > source ip is 65.217.40.210 and protocol is udp avp is <null> > Dec 10 14:08:16 [11776] DBG:permissions:check_src_addr_3: Looking for > : <0, 65.217.40.210, 5060, 1> in tables > Dec 10 14:08:16 [11776] DBG:permissions:hash_match: match found in the > hash table > > ../../sbin/opensipsctl fifo address_dump | grep "65.217.40.210" > 9 <65.217.40.210,0, 0, 0, ^sip:.*$, NULL> > > Best, > > -Jai > > On Thu, Dec 10, 2009 at 8:19 AM, Irina Stanescu > <[email protected] <mailto:[email protected]>> wrote: > > Hi Jai, > > I modified the permissions module so that now any invalid db entry > from > the address table is skipped. > I committed the change on trunk and also on the 1.6 branch. > > About the other issue you have found, what does the log say? > > > > Regards, > Irina Stanescu > > > Jai Rangi wrote: > > Bogda, > > Wow that was quick. Thank you, > > > > I found one more issue, > > I have this entry in address table > > 944 0 65.211.120.237 32 0 any ^sip:.*$ > /NULL/ 0 some > > descriptiond > > > > > > Here is a check in my route block > > if (check_source_address("0","$avp(i:9)")) { > > t_rely(); > > } else { > > xlog("Monitor Request not from trusted source from $fu to $ru from > > IP $si "); > > sl_send_reply("403", "Forbidden, we dont trust you"); > > } > > > > ../../sbin/opensipsctl fifo address_dump | grep "65.211.120.237" > > > > 12 <65.211.120.237,0, 0, 0, ^sip:.*$, NULL> > > > > I always get 403. > > Is there a limit in address table. > > > > -Jai > > > > > > On Thu, Dec 10, 2009 at 12:24 AM, Bogdan-Andrei Iancu > > <[email protected] <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]>>> > wrote: > > > > Hi Jai, > > > > I think you are correct - the permission table should also > be more > > permissive when comes to the errors and skip bogus entries. > I will ask > > the maintainer (Irina) to fix this problem. > > > > Thanks for the report, > > Bogdan > > > > Jai Rangi wrote: > > > Not sure if this this the right place for this post. May > be I should > > > post it on developers mailing list. Please suggest. > > > > > > Just installed opensip1.6 with Mysql, drouting and permissions > > module. > > > Did not take long to get it configure and get it going. > > Documentations > > > is wonderful. > > > While testing I noticed that, > > > > > > 1. If there is any invalid entry in dr_routing tables, and > I reload > > > the dr_routing it spit the error for the mistyped/wrong > entry and > > > loads rest of the valid entries. Same thing with startup. > > Opensip will > > > start up just fine even if there are some invalid rules in > the table > > > and throws the error with ruleid. > > > > > > 2. On the other hand address table does not work that way. If > > there is > > > any space (Typo) in the IP address, opensip wont start and > wont > > reload > > > the address table. > > > I have to put the valid IP address, there is not option > for dynamic > > > domain names. (For people who does not have static IP). > Not only > > that > > > it does not even tell which IP has a problem that makes it > even > > harder > > > to debug when you have thousands of IPs in the trusted tables. > > > > > > I was wondering if there is a work around for this. I > would like > > > opensip to startup (or successful address_reload) with all > the valid > > > entries and throw an error for invalid entries. Also > having the > > > ability to add an domain would be nice. > > > > > > Any thoughts?? > > > > > > -Jai > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > _______________________________________________ > > > Users mailing list > > > [email protected] <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]>> > > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > > > > > > > -- > > Bogdan-Andrei Iancu > > www.voice-system.ro <http://www.voice-system.ro> > <http://www.voice-system.ro> > > > > > > _______________________________________________ > > Users mailing list > > [email protected] <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]>> > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Users mailing list > > [email protected] <mailto:[email protected]> > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > > > _______________________________________________ > Users mailing list > [email protected] <mailto:[email protected]> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > ------------------------------------------------------------------------ > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
