git:master:9e0402e9: permissions: doc: Add note related to LPM search - sr-dev

14 Jul 2025

Module: kamailio
Branch: master
Commit: 9e0402e9b1d9d789211bfb3c13fc11ab6d5fa320
URL: https://github.com/kamailio/kamailio/commit/9e0402e9b1d9d789211bfb3c13fc11ab...
Author: Xenofon Karamanos xk@gilawa.com
Committer: Henning Westerholt hw@gilawa.com
Date: 2025-07-14T15:42:47+02:00
permissions: doc: Add note related to LPM search
- allow_address() and 3 more related function now perform LPM search
- allow_source_address()
- allow_source_address_group()
- allow_address_group
---
Modified: src/modules/permissions/doc/permissions_admin.xml
---
Diff:  https://github.com/kamailio/kamailio/commit/9e0402e9b1d9d789211bfb3c13fc11ab...
Patch: https://github.com/kamailio/kamailio/commit/9e0402e9b1d9d789211bfb3c13fc11ab...
---

diff --git a/src/modules/permissions/doc/permissions_admin.xml b/src/modules/permissions/doc/permissions_admin.xml
index 494a7ecc0fb..f893a3e4eb7 100644
--- a/src/modules/permissions/doc/permissions_admin.xml
+++ b/src/modules/permissions/doc/permissions_admin.xml
@@ -221,6 +221,25 @@
    	(see tag_col module parameter) is added as value to
    	peer_tag AVP if peer_tag_avp module parameter has been defined.
    	</para>
+		<note>
+		<para>
+			Starting with Kamailio version 6.1.x, the <function>allow_address()</function>
+			function and its related functions use the Longest Prefix Match (LPM) method to
+			find matching entries.
+		</para>
+		<para>
+			This means the <function>_group</function> variants will now return the most specific
+			(longest) subnet match, instead of the first match (which was previously the entry with
+			the lowest group ID).
+			This LPM behavior is now consistent across the following functions:
+		</para>
+		<itemizedlist>
+			<listitem><para><function>allow_address()</function></para></listitem>
+			<listitem><para><function>allow_source_address()</function></para></listitem>
+			<listitem><para><function>allow_source_address_group()</function></para></listitem>
+			<listitem><para><function>allow_address_group()</function></para></listitem>
+		</itemizedlist>
+		</note>
    </section>
    <section id="sec-trusted-requests">
    	<title>Trusted Requests</title>
@@ -1259,6 +1278,9 @@ if (allow_uri("basename", "$avp(i:705)") {  // Check URI stored in $avp(i:705)
    	matches any port. The <quote>group_id</quote> argument can be an integer
    	string or a pseudo variable.
    	</para>
+		<note>
+		See <link linkend="sec-address-permissions"> Address permissions </link> for more details.
+		</note>
    	<para>
    	This function can be used from REQUEST_ROUTE, FAILURE_ROUTE.
    	</para>
@@ -1289,6 +1311,9 @@ if (!allow_address("2", "$avp(dst_adr)", "$avp(dst_port)") {
    	Equal to <quote>allow_address(group_id, "$si", "$sp")</quote>. If 'group_id' is
    	missing, the function is equal to allow_address("1", "$si", "$sp").
    	</para>
+		<note>
+		See <link linkend="sec-address-permissions"> Address permissions </link> for more details.
+		</note>
    	<para>
    	This function can be used from REQUEST_ROUTE, FAILURE_ROUTE.
    	</para>
@@ -1315,6 +1340,10 @@ if (!allow_source_address("1")) {
    	If not returns -1.  Port value 0 in cached address and
    	group table matches any port.
    	</para>
+		<note>
+		See <link linkend="sec-address-permissions"> Address permissions </link>
+		for more details on how searching is implemented.
+		</note>
    	<para>
    	This function can be used from REQUEST_ROUTE, FAILURE_ROUTE.
    	</para>
@@ -1341,6 +1370,10 @@ if ($var(group) != -1) {
    	If not returns -1.  Port value 0 in cached address and
    	group table matches any port. The parameters can be pseudo-variables.
    	</para>
+		<note>
+		See <link linkend="sec-address-permissions"> Address permissions </link>
+		for more details on how searching is implemented.
+		</note>
    	<para>
    	This function can be used from ANY_ROUTE.
    	</para>

    