292
292
1.4. Address Permissions
294
The module can be used to determine if an address (IP address and port)
295
matches any of the IP subnets stored in cached Kamailio database table.
296
Port 0 in cached database table matches any port. IP address and port
297
to be matched can be either taken from the request
294
The module can be used to determine if an address (IP address and port
295
or DNS domain name) matches any of the addresses stored in cached
296
Kamailio database table. IP addresses in the database table can be
297
subnet addresses. Port 0 in cached database table matches any port. The
298
address and port to be matched can be either taken from the request
298
299
(allow_source_address) or given as pvar arguments (allow_address).
300
Addresses stored in cached database table can be grouped together into
301
one or more groups specified by a group identifier (positive integer
302
value, i.e., equal or greater than 1). Group identifier is given as
303
argument to allow_address and allow_source_address functions.
301
Addresses stored in database table can be grouped together into one or
302
more groups specified by a group identifier (positive integer value,
303
i.e., equal or greater than 1). Group identifier is given as argument
304
to allow_address and allow_source_address functions. One group can
305
contain all of the three types of addresses: exact IP address, subnet
306
IP address or DNS domain name.
308
When matching is done if the argument is an IP, it is tried to be
309
matched with the records from that group that are of type exact IP or
310
subnet. If the argument is not an IP it is tried to be matched with the
311
records that are DNS domain names. No DNS lookup is performed, only
305
314
As a side effect of matching the address, non-NULL tag (see tag_col
306
315
module parameter) is added as value to peer_tag AVP if peer_tag_avp
465
474
3.7. address_table (string)
467
Name of database table containing IP subnet information used by
468
allow_address and allow_source_address functions.
476
Name of database table containing IP subnets and DNS domain names used
477
by allow_address and allow_source_address functions.
470
479
Default value is "address".
612
621
Tag mode for allow_trusted(). 0 sets only the tag of the first match. 1
613
622
adds the tags of all matches to the avp. In addition the return value
614
of allow_trusted() is the number of matches.
623
of allow_trusted() is the number of matches. This parameter is not used
624
for address table matching functions.
616
626
Default value is "0".
786
796
4.7. allow_address(group_id, ip_addr_pvar, port_pvar)
788
Returns true if IP address and port given as values of pvar arguments
789
belonging to a group given as group_id argument matches an IP subnet
790
found in cached address table. Cached address table entry containing
791
port value 0 matches any port. group_id argument can be an integer
792
string or a pseudo variable.
798
Returns true if address and port given as values of pvar arguments
799
belonging to a group given as group_id argument matches an IP subnet or
800
a DNS domain name found in cached address table. When matching is done
801
if the argument is an IP, it is tried to be matched with the records
802
from that group that are of type exact IP or subnet. If the argument is
803
not an IP it is tried to be matched with the records that are DNS
804
domain names. No DNS lookup is performed, only strict matching. Cached
805
address table entry containing port value 0 matches any port. group_id
806
argument can be an integer string or a pseudo variable.
794
808
This function can be used from REQUEST_ROUTE, FAILURE_ROUTE.
800
814
if (!allow_address("1", "$si", "$sp")) {
801
815
sl_send_reply("403", "Forbidden");
803
// Check IP address/port stored in AVPs i:704/i:705 is in group 2
804
if (!allow_address("2", "$avp(i:704)", "$avp(i:705)") {
817
// Check address/port stored in AVPs src_adr/src_port is in group 2
818
$avp(dst_adr) = "sipdomain.com";
819
$avp(dst_port) = "0";
820
if (!allow_address("2", "$avp(dst_adr)", "$avp(dst_port)") {
805
821
sl_send_reply("403", "Forbidden");
870
886
Source address and transport protocol given in pvar arguments must be
871
887
in string format. Valid transport protocol values are (ignoring case)
872
"any", "udp, "tcp", "tls", and "sctp".
888
"any", "udp, "tcp", "tls", "ws", "wss" and "sctp".
874
890
This function can be used from REQUEST_ROUTE, FAILURE_ROUTE.