Hello,
On 03/25/08 16:06, Josh Mahonin wrote:
Hi,
I tried responding over the weekend, but I think my mail server ate the message, apologies if you receive duplicates.
Thank you both Sergio and Daniel-Constantin, I was hoping someone else had encountered a similar problem! I like the idea of transforming and netmasking - I'm new to OpenSER, but don't mind contributing back to the community - if I was to create some sort of check_netmask / check_iprange function, is there a particular module, or core source file that this function would fit well in?
for going in a module, cfgutils can be a candidate.
Cheers, Daniel
Regards,
Josh
Daniel-Constantin Mierla wrote:
Hello,
it is another way, a bit more complex in the config file, but does not require to execute external scripts.
All you need is to play with transformations and arithmetic operations in the config file. The idea is to convert to integer the IP addresses apply bitmask and compare. Transformations that help:
http://www.openser.org/dokuwiki/doku.php/transformations:devel#s.select_inde...
For example: $rd = 23.34.56.78
To get second number (34) as integer $(rd{s.select,1,.}{s.int})
You transform the four parts in numbers, multiply each with the proper value, make the sum and apply the bitwise 'and' operation with the mask.
Should get what you need.
Cheers, Daniel
On 03/21/08 03:41, Sergio Gutierrez wrote:
Hi Josh.
An approach we used is execute an external script through function exec_msg; the script receives as argument the source ip address, and by external means, it checks whether it belongs to a particular subnet, defined on a table in database or a file; we used PHP and a table in MySQL with the reference subnets.
The script should return 0 or 1; when returns 0, exec_msg returns true, and when it returns 1; exec_msg returns false, so you can check it into an if statement.
Hope it helps.
Best regards.
Sergio GutiƩrrez.
On Thu, Mar 20, 2008 at 4:34 PM, Josh Mahonin <jmahonin@cbnco.com mailto:jmahonin@cbnco.com> wrote:
Hi folks, In my setup, I've got two disjoint subnets (call then A and B) that cannot communicate directly to each other, but devices on each can both communicate to my OpenSER server and Asterisk box (both on their own subnet, C). There is no NAT involved, so I only want to usertpproxy when it's the case that device from subnet A attempts to call a device on subnet B, or vice-versa.
I would ideally not like to use rtp proxy for communication between A-C and A-B (this will enable RTP media between both subnets, but that solution will not scale very well...) I'm attempting do something like this: if (src_ip == a.b.c.d/24 && dst_ip == w.x.y.z/24) use rtp proxy But unfortunately, on an INVITE, after a lookup, dst_ip is set tothe OpenSER server. The pseudovariable $rd is set to the value I'd like to check against, but it complains loudly when I attempt to substitute dst_ip for $rd.
Is there any way to use avp_check() or the like to verify that the value in $rd lies in a given subnet? I don't want to match just one IP, but a whole range. I found a similar question on the SER mailing listasked several years ago, with no response.
Thanks, Josh _______________________________________________ Users mailing list Users@lists.openser.org <mailto:Users@lists.openser.org> http://lists.openser.org/cgi-bin/mailman/listinfo/users
Users mailing list Users@lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/users