For some reason I cannot get allow_trusted() to evaluate to true for a matching URI.
Relevant sections of the config (OpenSER 1.1): modparam("auth_db|permissions|uri_db|usrloc|domain", "db_url", "mysql://username:password@localhost/ser") modparam("permissions", "db_mode", 0) modparam("permissions", "trusted_table", "trusted") route { if (!allow_trusted()) { xlog("!allow_trusted. rs $rs si $si rm $rm ru $ru tu $tu fu $fu rr $rr"); }; }
The trusted table contains the following: +----------------+-------+--------------+------+ | src_ip | proto | from_pattern | tag | +----------------+-------+--------------+------+ | 202.200.20.200 | any | NULL | NULL | +----------------+-------+--------------+------+ 1 row in set (0.00 sec)
I can see that the following query is being executed: select proto,from_pattern,tag from trusted where src_ip='202.200.20.200'
But no match is made because the log file shows: Dec 17 15:37:56 beta /usr/local/sbin/openser[7209]: !allow_trusted. rs <null> si 147.200.20.200 rm INVITE ru sip:5551234@147.200.20.200 tu sip:5551234@147.200.20.200 fu sip:021446202@202.200.20.200 rr <null>
Could anyone provide any suggestions on what I'm doing wrong?
Regards
Cameron
CSB writes:
Could anyone provide any suggestions on what I'm doing wrong?
looks like what you do is correct and also by looking at the code i didn't find anything obviously wrong. have you tried using db_mode = 1? i don't myself have a 1.1 proxy to test.
-- juha
Could anyone provide any suggestions on what I'm doing wrong?
looks like what you do is correct and also by looking at the code i didn't find anything obviously wrong. have you tried using db_mode = 1? i don't myself have a 1.1 proxy to test.
Thanks for the suggestion. Have just tried that - no difference.
Cameron
CSB writes:
Thanks for the suggestion. Have just tried that - no difference.
try the same query you see on your db log manually to see if it really returns something. if any is returned for proto field and null for from pattern, then allow_trusted should return true.
in db_mode=1, you should also be able to dump the contents of in-memory trusted table.
-- juha
Thanks for the suggestion. Have just tried that - no difference.
try the same query you see on your db log manually to see if it really returns something. if any is returned for proto field and null for from pattern, then allow_trusted should return true.
Prior to setting db_mode=1 I had done this.
select proto,from_pattern,tag from trusted where src_ip='202.200.20.200' +-------+--------------+------+ | proto | from_pattern | tag | +-------+--------------+------+ | any | NULL | NULL | +-------+--------------+------+ 1 row in set (0.00 sec)
in db_mode=1, you should also be able to dump the contents of in-memory trusted table.
openserctl fifo trusted_dump database engine 'MYSQL' loaded Control engine 'FIFO' loaded entering fifo_cmd trusted_dump 61 <202.200.20.200, 0, NULL, NULL>
I am curious why the second field is 0 and not any. Is that expected?
Cameron
CSB writes:
I am curious why the second field is 0 and not any. Is that expected?
in db_mode = 1, proto field is coded when the in-memory table is filled and any is coded to 0.
sorry that i cannot find why allow_trusted fails for you. i guess your only choice is to all some LOG statements to the function and try to find out that way, why your query does not work.
-- juha
-
CSB -
jh@tutpro.com