Module: kamailio
Branch: master
Commit: 68da5e0b1a8507efc03730e5c76d10079d5bc24d
URL: https://github.com/kamailio/kamailio/commit/68da5e0b1a8507efc03730e5c76d100…
Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
Committer: Daniel-Constantin Mierla <miconda(a)gmail.com>
Date: 2025-07-15T10:16:18+02:00
permissions: docs for subnet_match_mode param
- updated notes about subnet matching
---
Modified: src/modules/permissions/doc/permissions_admin.xml
---
Diff: https://github.com/kamailio/kamailio/commit/68da5e0b1a8507efc03730e5c76d100…
Patch: https://github.com/kamailio/kamailio/commit/68da5e0b1a8507efc03730e5c76d100…
---
diff --git a/src/modules/permissions/doc/permissions_admin.xml b/src/modules/permissions/doc/permissions_admin.xml
index f893a3e4eb7..1e5e022902e 100644
--- a/src/modules/permissions/doc/permissions_admin.xml
+++ b/src/modules/permissions/doc/permissions_admin.xml
@@ -224,14 +224,16 @@
<note>
<para>
Starting with Kamailio version 6.1.x, the <function>allow_address()</function>
- function and its related functions use the Longest Prefix Match (LPM) method to
- find matching entries.
+ its related functions can do First Prefix Match (FPM) or the
+ Longest Prefix Match (LPM) methods to find the subnet matching record,
+ which can set the tag variable. The matching method is controled by
+ the parameter subnet_match_mode.
</para>
<para>
- This means the <function>_group</function> variants will now return the most specific
- (longest) subnet match, instead of the first match (which was previously the entry with
- the lowest group ID).
- This LPM behavior is now consistent across the following functions:
+ Th LPM means the <function>_group</function> variants will now return
+ the most specific (longest) subnet match, instead of the first match
+ (which was previously the entry with the lowest group ID).
+ The FPM/LPM behavior is now consistent across the following functions:
</para>
<itemizedlist>
<listitem><para><function>allow_address()</function></para></listitem>
@@ -842,6 +844,28 @@ modparam("permissions", "peer_tag_mode", 1)
...
modparam("permissions", "max_subnets", 1024)
...
+</programlisting>
+ </example>
+ </section>
+ <section id ="permissions.p.subnet_match_mode">
+ <title><varname>subnet_match_mode</varname> (int)</title>
+ <para>
+ Control how subnet addresses are matched: 0 - return on the first
+ prefix match; 1 - return on the longest prefix match. It impacts
+ functions like allow_source_address(), allow_address(),
+ allow_source_address_group() or allow_address_group().
+ </para>
+ <para>
+ <emphasis>
+ Default value is <quote>0</quote>.
+ </emphasis>
+ </para>
+ <example>
+ <title>Set <varname>subnet_match_mode</varname> parameter</title>
+ <programlisting format="linespecific">
+...
+modparam("permissions", "subnet_match_mode", 1)
+...
</programlisting>
</example>
</section>
Module: kamailio
Branch: master
Commit: c57dfd9869b32b1901fd4b76b7f5a50239f9bce0
URL: https://github.com/kamailio/kamailio/commit/c57dfd9869b32b1901fd4b76b7f5a50…
Author: Kamailio Dev <kamailio.dev(a)kamailio.org>
Committer: Kamailio Dev <kamailio.dev(a)kamailio.org>
Date: 2025-07-14T15:46:10+02:00
modules: readme files regenerated - permissions ... [skip ci]
---
Modified: src/modules/permissions/README
---
Diff: https://github.com/kamailio/kamailio/commit/c57dfd9869b32b1901fd4b76b7f5a50…
Patch: https://github.com/kamailio/kamailio/commit/c57dfd9869b32b1901fd4b76b7f5a50…
---
diff --git a/src/modules/permissions/README b/src/modules/permissions/README
index 39d6435b153..144e36f9471 100644
--- a/src/modules/permissions/README
+++ b/src/modules/permissions/README
@@ -348,6 +348,21 @@ Chapter 1. Admin Guide
module parameter) is added as value to peer_tag AVP if peer_tag_avp
module parameter has been defined.
+Note
+
+ Starting with Kamailio version 6.1.x, the allow_address() function and
+ its related functions use the Longest Prefix Match (LPM) method to find
+ matching entries.
+
+ This means the _group variants will now return the most specific
+ (longest) subnet match, instead of the first match (which was
+ previously the entry with the lowest group ID). This LPM behavior is
+ now consistent across the following functions:
+ * allow_address()
+ * allow_source_address()
+ * allow_source_address_group()
+ * allow_address_group()
+
1.5. Trusted Requests
The module can be used to determine if an incoming request can be
@@ -1013,6 +1028,10 @@ if (allow_uri("basename", "$avp(i:705)") { // Check URI stored in $avp(i:705)
any port. The “group_id” argument can be an integer string or a pseudo
variable.
+Note
+
+ See Address permissions for more details.
+
This function can be used from REQUEST_ROUTE, FAILURE_ROUTE.
Example 1.35. allow_address() usage
@@ -1035,6 +1054,10 @@ if (!allow_address("2", "$avp(dst_adr)", "$avp(dst_port)") {
Equal to “allow_address(group_id, "$si", "$sp")”. If 'group_id' is
missing, the function is equal to allow_address("1", "$si", "$sp").
+Note
+
+ See Address permissions for more details.
+
This function can be used from REQUEST_ROUTE, FAILURE_ROUTE.
Example 1.36. allow_source_address(group_id) usage
@@ -1052,6 +1075,11 @@ if (!allow_source_address("1")) {
table in any group. If yes, returns that group. If not returns -1. Port
value 0 in cached address and group table matches any port.
+Note
+
+ See Address permissions for more details on how searching is
+ implemented.
+
This function can be used from REQUEST_ROUTE, FAILURE_ROUTE.
Example 1.37. allow_source_address_group() usage
@@ -1070,6 +1098,11 @@ if ($var(group) != -1) {
in cached address and group table matches any port. The parameters can
be pseudo-variables.
+Note
+
+ See Address permissions for more details on how searching is
+ implemented.
+
This function can be used from ANY_ROUTE.
Example 1.38. allow_source_address_group() usage
Module: kamailio
Branch: master
Commit: 9e0402e9b1d9d789211bfb3c13fc11ab6d5fa320
URL: https://github.com/kamailio/kamailio/commit/9e0402e9b1d9d789211bfb3c13fc11a…
Author: Xenofon Karamanos <xk(a)gilawa.com>
Committer: Henning Westerholt <hw(a)gilawa.com>
Date: 2025-07-14T15:42:47+02:00
permissions: doc: Add note related to LPM search
- allow_address() and 3 more related function now perform LPM search
- allow_source_address()
- allow_source_address_group()
- allow_address_group
---
Modified: src/modules/permissions/doc/permissions_admin.xml
---
Diff: https://github.com/kamailio/kamailio/commit/9e0402e9b1d9d789211bfb3c13fc11a…
Patch: https://github.com/kamailio/kamailio/commit/9e0402e9b1d9d789211bfb3c13fc11a…
---
diff --git a/src/modules/permissions/doc/permissions_admin.xml b/src/modules/permissions/doc/permissions_admin.xml
index 494a7ecc0fb..f893a3e4eb7 100644
--- a/src/modules/permissions/doc/permissions_admin.xml
+++ b/src/modules/permissions/doc/permissions_admin.xml
@@ -221,6 +221,25 @@
(see tag_col module parameter) is added as value to
peer_tag AVP if peer_tag_avp module parameter has been defined.
</para>
+ <note>
+ <para>
+ Starting with Kamailio version 6.1.x, the <function>allow_address()</function>
+ function and its related functions use the Longest Prefix Match (LPM) method to
+ find matching entries.
+ </para>
+ <para>
+ This means the <function>_group</function> variants will now return the most specific
+ (longest) subnet match, instead of the first match (which was previously the entry with
+ the lowest group ID).
+ This LPM behavior is now consistent across the following functions:
+ </para>
+ <itemizedlist>
+ <listitem><para><function>allow_address()</function></para></listitem>
+ <listitem><para><function>allow_source_address()</function></para></listitem>
+ <listitem><para><function>allow_source_address_group()</function></para></listitem>
+ <listitem><para><function>allow_address_group()</function></para></listitem>
+ </itemizedlist>
+ </note>
</section>
<section id="sec-trusted-requests">
<title>Trusted Requests</title>
@@ -1259,6 +1278,9 @@ if (allow_uri("basename", "$avp(i:705)") { // Check URI stored in $avp(i:705)
matches any port. The <quote>group_id</quote> argument can be an integer
string or a pseudo variable.
</para>
+ <note>
+ See <link linkend="sec-address-permissions"> Address permissions </link> for more details.
+ </note>
<para>
This function can be used from REQUEST_ROUTE, FAILURE_ROUTE.
</para>
@@ -1289,6 +1311,9 @@ if (!allow_address("2", "$avp(dst_adr)", "$avp(dst_port)") {
Equal to <quote>allow_address(group_id, "$si", "$sp")</quote>. If 'group_id' is
missing, the function is equal to allow_address("1", "$si", "$sp").
</para>
+ <note>
+ See <link linkend="sec-address-permissions"> Address permissions </link> for more details.
+ </note>
<para>
This function can be used from REQUEST_ROUTE, FAILURE_ROUTE.
</para>
@@ -1315,6 +1340,10 @@ if (!allow_source_address("1")) {
If not returns -1. Port value 0 in cached address and
group table matches any port.
</para>
+ <note>
+ See <link linkend="sec-address-permissions"> Address permissions </link>
+ for more details on how searching is implemented.
+ </note>
<para>
This function can be used from REQUEST_ROUTE, FAILURE_ROUTE.
</para>
@@ -1341,6 +1370,10 @@ if ($var(group) != -1) {
If not returns -1. Port value 0 in cached address and
group table matches any port. The parameters can be pseudo-variables.
</para>
+ <note>
+ See <link linkend="sec-address-permissions"> Address permissions </link>
+ for more details on how searching is implemented.
+ </note>
<para>
This function can be used from ANY_ROUTE.
</para>
kurtyks created an issue (kamailio/kamailio#4316)
<!--
Kamailio Project uses GitHub Issues only for bugs in the code or feature requests. Please use this template only for feature requests.
If you have questions about using Kamailio or related to its configuration file, ask on sr-users mailing list:
* https://lists.kamailio.org/mailman3/postorius/lists/sr-users.lists.kamailio…
If you have questions about developing extensions to Kamailio or its existing C code, ask on sr-dev mailing list:
* https://lists.kamailio.org/mailman3/postorius/lists/sr-dev.lists.kamailio.o…
Please try to fill this template as much as possible for any issue. It helps the developers to troubleshoot the issue.
If you submit a feature request (or enhancement) add the description of what you would like to be added.
If there is no content to be filled in a section, the entire section can be removed.
Note that a feature request may be closed automatically after about 2 months
if there is no interest from developers or community users to implement it, being
considered expired. In such case can be reopened by writing a comment that includes
the token `/notexpired`. About two weeks before considered expired, the item is
marked with the label `stale`, trying to notify the submitter and everyone else
that might be interested in it. To remove the label `stale`, write a comment that
includes the token `/notstale`. Also, any comment postpone the `expire` timeline,
being considered that there is interest in the proposed feature request.
You can delete the comments from the template sections when filling.
You can delete next line and everything above before submitting (it is a comment).
-->
### Description
<!--
Explain what you did, what you expected to happen, and what actually happened.
-->
### Expected behavior
#### Actual observed behavior
#### Debugging Data
```
(paste your debugging data here)
```
#### Log Messages
<!--
Check the syslog file and if there are relevant log messages printed by Kamailio, add them next, or attach to issue, or provide a link to download them (e.g., to a pastebin site).
-->
```
(paste your log messages here)
```
#### SIP Traffic
<!--
If the issue is exposed by processing specific SIP messages, grab them with ngrep or save in a pcap file, then add them next, or attach to issue, or provide a link to download them (e.g., to a pastebin site).
-->
```
(paste your sip traffic here)
```
Rn. UAC module allows only global setting of Contact header, while sending REGISTER to UAS. It is done by setting param reg_contact_addr (string).
This is edge case, but sometimes for diffrent itsp’s i need to pass diffrent contact value, while for example one is on public internet, other is behind vpn.
It d be nice just to extend uacreg table + contact_addr, contact_port, contact_user or just by adding contact field with URI to be sent in register.
### Possible Solutions
<!--
If you found a solution or workaround for the issue, describe it. Ideally, provide a pull request with a improvement.
-->
### Additional Information
* **Kamailio Version** - output of `kamailio -v`
```
(paste your output here)
```
* **Operating System**:
<!--
Details about the operating system, the type: Linux (e.g.,: Debian 8.4, Ubuntu 16.04, CentOS 7.1, ...), MacOS, xBSD, Solaris, ...;
Kernel details (output of `uname -a`)
-->
```
(paste your output here)
```
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/4316
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/4316(a)github.com>