Re: [SR-Users] Permissions sometimes does not find group

Hello Daniel, Thanks for your quick answer!  I indeed need to identify the group ID too. Here’s how I handle it (inspired from https://kamailio.org/docs/modules/5.5.x/modules/permissions.html#permission… <https://kamailio.org/docs/modules/5.5.x/modules/permissions.html#permissions.f.allow_source_address>): ‘'' $var(group) = allow_source_address_group(); if ($var(group) != -1) {     xlog("L_INFO", "$si : $sp is allowed through group: $var(group)\n");     [...] } else {     xlog("L_INFO", "$si : $sp is not allowed - allow_source_address_group returned -1\n");     xlog("L_INFO", "Rejecting $ci with 403 'Forbidden'\n");     sl_send_reply("403", "Forbidden");     exit; } ‘'' Best regards, *Romain Untereiner* Co founder at /Cantoo/ <https://www.cantoo.co> www.cantoo.co <www.cantoo.co> Le 18 mai 2021 à 08:44 +0200, Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt;om>, a écrit : > Hello, > > On 17.05.21 12:11, Romain Untereiner wrote: >> Hello all, >> >> I am having some trouble with Permissions module of Kamailio, >> regarding the allow_source_address_group() function. In 99.9% of the >> cases the IP of our partner is allowed as expected, but randomly it >> can fail (returning -1 for the same IP address that was allowed for >> many other calls in the meantime).  >> >> I can’t understand why it fails and why only « sometimes » - I confirm >> this append on the same Kamailio box, with same IP and Port of the >> partner. >> >> In my custom logs: >> « X.X.X.X:YYYY is allowed through group Z » —> as expected >> and sometimes (like 1% of the cases): « X.X.X.X:YYYY is not allowed >> -  allow_source_address_group returned -1» >> >> It is maybe to note that in the address table, this range is defined >> as /24 and not /32. Until now it never happened on /32 defined address >> but I don’t know if it can be correlated. >> >> Would someone have a clue on this? >> >> Versions: >> - kamailio 5.5.0 (x86_64/linux) d4c1a1 >> - debian 9 stretch >> - postgresql 11.7 > > how do you test the return code of the function? Paste here the snippet > of the config where the function is used. > > Then, do you really need the goup id of the address or just to match the > address? > > Cheers, > Daniel > > -- > Daniel-Constantin Mierla -- www.asipto.com > www.twitter.com/miconda -- www.linkedin.com/in/miconda > Kamailio Advanced Training - Online > May 17-20, 2021 (Europe Timezone) - June 7-10, 2021 (America Timezone) > * https://www.asipto.com/sw/kamailio-advanced-training-online/ >