Hello,
On 03/27/08 19:37, Josh Mahonin wrote:
Hi,
I got the solution you recommended working, Daniel.
great.
I'll look into cfgutils when I get some free time. Here is a snippet for doing range checking in-script for anyone who is interested. This checks if the IP lies in 172.20.62.0 / 24
# Calculate decimal representation of our test range $var(tO1) = 172 * 16777216; # 256^3 $var(tO2) = 20 * 65536; # 256^2 $var(tO3) = 62 * 256; $var(tO4) = 0; $var(range1) = $var(tO1) + $var(tO2) + $var(tO3) + $var(tO4);
# Create the net mask $var(net_mask1) = 255 * 16777216; $var(net_mask2) = 255 * 65536; $var(net_mask3) = 255 * 256; $var(net_mask) = $var(net_mask1) + $var(net_mask2) + $var(net_mask3);
# Calculate the decimal value of each octet in $rd $var(cO1) = $(rd{s.select,0,.}{s.int}) * 16777216; $var(cO2) = $(rd{s.select,1,.}{s.int}) * 65536; $var(cO3) = $(rd{s.select,2,.}{s.int}) * 256; $var(cO4) = $(rd{s.select,3,.}{s.int});
$var(remoteIP) = $var(cO1) + $var(cO2) + $var(cO3) + $var(cO4);
# Calculate the network address of $rd by bitwise ANDing the remote IP and the net mask $var(net_addr) = $var(remoteIP) & $var(net_mask);
$var(check1) = $var(net_addr) == $var(range1);
A word to the wise, if you want to optimize this code and use precomputed values for range1 and netmask, don't do what I did and just use your calculator, then assign a variable to that value. If you assign a variable to a value greater than 2^32/2 (MAXINT), it will just be set to MAXINT, it will not rollover into the negatives and you will spend hours pulling your hair out wondering what's going on. You will actually need to log what value SER calculates and use that instead. (range1 = -1407959552 and netmask = -256 in my case).
right. It is a signed int in openser configuration file. Your solution to log the value is a way to add some optimization.
Cheers, Daniel
Regards,
Josh
Daniel-Constantin Mierla wrote:
Hello,
On 03/25/08 16:06, Josh Mahonin wrote:
Hi,
I tried responding over the weekend, but I think my mail server ate the message, apologies if you receive duplicates.
Thank you both Sergio and Daniel-Constantin, I was hoping someone else had encountered a similar problem! I like the idea of transforming and netmasking - I'm new to OpenSER, but don't mind contributing back to the community - if I was to create some sort of check_netmask / check_iprange function, is there a particular module, or core source file that this function would fit well in?
for going in a module, cfgutils can be a candidate.
Cheers, Daniel
Regards,
Josh
Daniel-Constantin Mierla wrote:
Hello,
it is another way, a bit more complex in the config file, but does not require to execute external scripts.
All you need is to play with transformations and arithmetic operations in the config file. The idea is to convert to integer the IP addresses apply bitmask and compare. Transformations that help:
http://www.openser.org/dokuwiki/doku.php/transformations:devel#s.select_inde...
For example: $rd = 23.34.56.78
To get second number (34) as integer $(rd{s.select,1,.}{s.int})
You transform the four parts in numbers, multiply each with the proper value, make the sum and apply the bitwise 'and' operation with the mask.
Should get what you need.
Cheers, Daniel
On 03/21/08 03:41, Sergio Gutierrez wrote:
Hi Josh.
An approach we used is execute an external script through function exec_msg; the script receives as argument the source ip address, and by external means, it checks whether it belongs to a particular subnet, defined on a table in database or a file; we used PHP and a table in MySQL with the reference subnets.
The script should return 0 or 1; when returns 0, exec_msg returns true, and when it returns 1; exec_msg returns false, so you can check it into an if statement.
Hope it helps.
Best regards.
Sergio GutiƩrrez.
On Thu, Mar 20, 2008 at 4:34 PM, Josh Mahonin <jmahonin@cbnco.com mailto:jmahonin@cbnco.com> wrote:
Hi folks, In my setup, I've got two disjoint subnets (call then A and B)that cannot communicate directly to each other, but devices on each can both communicate to my OpenSER server and Asterisk box (both on their own subnet, C). There is no NAT involved, so I only want to use rtpproxy when it's the case that device from subnet A attempts to call a device on subnet B, or vice-versa.
I would ideally not like to use rtp proxy for communication between A-C and A-B (this will enable RTP media between both subnets, but that solution will not scale very well...) I'm attempting do something like this: if (src_ip == a.b.c.d/24 && dst_ip == w.x.y.z/24) use rtp proxy But unfortunately, on an INVITE, after a lookup, dst_ip is set tothe OpenSER server. The pseudovariable $rd is set to the value I'd like to check against, but it complains loudly when I attempt to substitute dst_ip for $rd.
Is there any way to use avp_check() or the like to verify that the value in $rd lies in a given subnet? I don't want to match just one IP, but a whole range. I found a similar question on the SER mailing listasked several years ago, with no response.
Thanks, Josh _______________________________________________ Users mailing list Users@lists.openser.org <mailto:Users@lists.openser.org> http://lists.openser.org/cgi-bin/mailman/listinfo/users
Users mailing list Users@lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/users