#465 check_source_address broken in latest trunk

trunk
closed
nobody
modules (454)
5
2012-02-03
2012-02-02
Duane Larson
No

I downloaded the latest trunk (version 8506) and it appears that check_source_address from the "Permissions" module isn't working like it used to. Before I upgraded it worked fine. Here is a link to my original post

http://opensips-open-sip-server.1449251.n2.nabble.com/check-source-address-not-working-with-upgrade-td7247511.html

After talking offline with Ovidiu Sas via email he told me to go ahead and open a ticket.

Here is what I have in my OpenSIPS config
**********************************************************
modparam("permissions","db_url","mysql://opensips:aether1234@108.X.X.144/opensips")
if (check_source_address("2") || check_source_address("3") || check_source_address("4")) {
**********************************************************

Here is what I have in my Address table
**********************************************************
Proxy01:/var/log# opensipsctl db show address
+-----+-----+----------------+------+------+-------+---------+--------------+
| id | grp | ip | mask | port | proto | pattern | context_info |
+-----+-----+----------------+------+------+-------+---------+--------------+
| 3 | 2 | 216.82.224.202 | 32 | 5060 | any | NULL | NULL |
| 258 | 4 | 64.2.142.15 | 32 | 5060 | any | NULL | NULL |
| 1 | 10 | 173.XX.XXX.63 | 32 | 5060 | any | NULL | NULL |
| 2 | 10 | 173.XXX.XX.10 | 32 | 5060 | any | NULL | NULL |
| 257 | 3 | 173.XXX.XX.107 | 32 | 5060 | udp | NULL | NULL |
| 4 | 2 | 216.82.225.202 | 32 | 5060 | any | NULL | NULL |
+-----+-----+----------------+------+------+-------+---------+--------------+
**********************************************************

Here is a address_dump
**********************************************************
Proxy01:/var/log# opensipsctl fifo address_dump
15 <173.XXX.XXX.107,3, 5060, 1, NULL, NULL>
20 <216.82.224.202,2, 5060, 0, NULL, NULL>
34 <64.2.142.15,4, 5060, 0, NULL, NULL>
50 <216.82.225.202,2, 5060, 0, NULL, NULL>
63 <173.XXX.XXX.63,10, 5060, 0, NULL, NULL>
85 <173.XXX.XXX.10,10, 5060, 0, NULL, NULL>
**********************************************************

Here is a Syslog debug
**********************************************************
Feb 2 12:37:58 proxy01 /usr/local/sbin/opensips[14590]: DBG:permissions:check_src_addr_3: Looking for : <2, 173.XXX.XXX.107, 5060, 1> in tables
Feb 2 12:37:58 proxy01 /usr/local/sbin/opensips[14590]: DBG:permissions:hash_match: specified group does not exist in hash table
Feb 2 12:37:58 proxy01 /usr/local/sbin/opensips[14590]: DBG:permissions:match_subnet_table: subnet table is empty
Feb 2 12:37:58 proxy01 /usr/local/sbin/opensips[14590]: DBG:permissions:check_src_addr_3: Looking for : <3, 173.XXX.XXX.107, 5060, 1> in tables
Feb 2 12:37:58 proxy01 /usr/local/sbin/opensips[14590]: DBG:permissions:hash_match: specified group does not exist in hash table
Feb 2 12:37:58 proxy01 /usr/local/sbin/opensips[14590]: DBG:permissions:match_subnet_table: subnet table is empty
Feb 2 12:37:58 proxy01 /usr/local/sbin/opensips[14590]: DBG:permissions:check_src_addr_3: Looking for : <4, 173.XXX.XXX.107, 5060, 1> in tables
Feb 2 12:37:58 proxy01 /usr/local/sbin/opensips[14590]: DBG:permissions:hash_match: specified group does not exist in hash table
Feb 2 12:37:58 proxy01 /usr/local/sbin/opensips[14590]: DBG:permissions:match_subnet_table: subnet table is empty
**********************************************************

Here is the INVITE that isn't working
**********************************************************
U 2012/02/02 10:59:26.662245 173.XXX.XXX.107:5060 -> 173.XXX.XXX.88:5060
INVITE sip:+19012138263@64.136.174.30:5060 SIP/2.0.
Record-Route: <sip:173.XXX.XXX.107;lr;ftag=e0c63799;did=ff.7fe069a2>.
Call-ID: f2fb50ec813f5a81bfd3911e3a90b10c@0:0:0:0:0:0:0:0.
CSeq: 2 INVITE.
From: "9012732005" <sip:9012732005@coolbeans.com>;tag=e0c63799.
To: <sip:92138263@coolbeans.com>.
Max-Forwards: 69.
Contact: "9012732005" <sip:9012732005@216.12.249.203:63358;transport=udp;registering_acc=coolbeans_com>.
User-Agent: Jitsi1.0-beta1-nightly.build.3820Windows 7.
Content-Type: application/sdp.
Via: SIP/2.0/UDP 173.XXX.XXX.107;branch=z9hG4bK331.288021c4.0.
Via: SIP/2.0/UDP 216.12.249.203:63358;branch=z9hG4bK-343338-2d82f6ca926e34dcc1fec01af646028c.
Content-Length: 509.
P-hint: inbound->outbound .
P-hint: Route[6]: mediaproxy .
.
v=0.
o=9012732005 0 0 IN IP4 216.12.249.203.
s=-.
c=IN IP4 173.XXX.XXX.111.
t=0 0.
m=audio 10890 RTP/AVP 0.
a=rtpmap:0 PCMU/8000.
a=extmap:1 urn:ietf:params:rtp-hdrext:csrc-audio-level.
m=video 10894 RTP/AVP 96 99.
a=recvonly.
a=rtpmap:96 H264/90000.
a=fmtp:96 profile-level-id=4DE01f;packetization-mode=1.
a=imageattr:96 send [x=[0-640],y=[0-480]] recv [x=[0-1680],y=[0-1050]].
a=rtpmap:99 H264/90000.
a=fmtp:99 profile-level-id=4DE01f.
a=imageattr:99 send [x=[0-640],y=[0-480]] recv [x=[0-1680],y=[0-1050]].
**********************************************************

Once again this worked before I upgraded. I think I have provided all the info you need in order to look at the issue. If I am missing anything let me know.

Discussion

  • Razvan Crainea
    Razvan Crainea
    2012-02-03

    • status: open --> closed
     
  • Razvan Crainea
    Razvan Crainea
    2012-02-03

    Hi, Duane!

    There was indeed a bug that I missed with the last commit. It should be fixed now in the latest svn version on trunk.
    Thank you for reporting it!

    Regards,
    Răzvan Crainea