Hi,
use module permission.
s
Il 30/01/2014 12.21, Edwin Haselhoff ha scritto:
Hi all,
For security reasons I want to check if the $si ip is part of ip and
subnet of a subscriber so added '$(avp(sourceip)' and
'$(avp(sourceip_mask)' to the subscriber table.
(I know I can use permissions module, but this is in cache and we like
to make changes real time without haveing to reload the table in cache)
I tried something like this where sourceip_net and sourceip_mask is
the ip subnet belonging to the subscriber:
$si = 10.100.5.42 (00001010000101000001111000101010)
$avp(sourceip_net) = 10.20.30.40; (00001010000101000001111000101000)
$avp(sourceip_mask) = 29;
if($si{ip.isip} && $(si{ip.pton}{s.substr,0,$avp(sourceip_mask)}) ==
$(avp(sourceip_net){ip.pton}{s.substr,0,$avp(sourceip_mask)}))
{
xlog("L_INFO", " ip $si belongs to $au\n");
}
else
{
xlog("L_INFO", " ip $si does not belong to $au\n");
sl_send_reply("403", "Forbidden");
exit;
}
So I expect the ip is valid and the comparison is true
(00001010000101000001111000101 = 00001010000101000001111000101) but it
doesn't seem to work like I expect.
It's difficult to output ip.pton to xlog (unreadable). Does it output
a binary format like I expect?
Any ideas how to accomplish this?
Thanks,
Edwin
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
