Summary: | ASTERISK-23806: Classical ACL not working with sippeers in realtime | ||
Reporter: | Benoit Duverger (bduverger) | Labels: | realtime |
Date Opened: | 2014-05-29 11:40:45 | Date Closed: | 2014-06-04 11:00:39 |
Priority: | Minor | Regression? | No |
Status: | Closed/Complete | Components: | Channels/chan_sip/Registration |
Versions: | 11.8.1 11.9.0 | Frequency of Occurrence | Constant |
Related Issues: | |||
Environment: | sippeers is in realtime in a mysql 5.5.x on ubuntu 12.04 | Attachments: | ( 0) myDebugLog |
Description: | Asterisk does not apply permit data fields in realtime.
So, if I have "0.0.0.0/0.0.0.0" in "deny" and an IP like "1.2.3.4" in "permit" for my sip account, but my sip peer can't register. If I have the same settings in sip.conf, it works. This is working in realtime on my others asterisk servers in "1.8.25" CREATE TABLE IF NOT EXISTS `sipusers` ( `id` int(11) NOT NULL AUTO_INCREMENT, `name` varchar(80) NOT NULL, `ipaddr` varchar(45) DEFAULT NULL, . . . . `permit` varchar(40) DEFAULT NULL, `deny` varchar(40) DEFAULT NULL, `secret` varchar(40) DEFAULT NULL, `md5secret` varchar(40) DEFAULT NULL, PRIMARY KEY (`id`), UNIQUE KEY `name` (`name`), KEY `ipaddr` (`ipaddr`,`port`), KEY `host` (`host`,`port`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1; | ||
Comments: | By: Michael L. Young (elguero) 2014-05-29 13:11:25.949-0500 We require a complete debug log to help triage the issue. This document will provide instructions on how to collect debugging logs from an Asterisk machine for the purpose of helping bug marshals troubleshoot an issue: https://wiki.asterisk.org/wiki/display/AST/Collecting+Debug+Information By: Benoit Duverger (bduverger) 2014-05-30 10:19:24.722-0500 Debug log with one peer and ACL By: Benoit Duverger (bduverger) 2014-05-30 10:23:31.034-0500 Sorry, it's the first issue wich I post. If you need anything else, ask me. By: Walter Doekes (wdoekes) 2014-06-04 04:10:04.499-0500 Ok, this is easy if you know where the problem lies. {quote} So, if I have "0.0.0.0/0.0.0.0" in "deny" and an IP like "1.2.3.4" in "permit" for my sip account, but my sip peer can't register. {quote} and {quote} ... `permit` varchar(40) DEFAULT NULL, `deny` varchar(40) DEFAULT NULL, ... {quote} The realtime columns are loaded in the DB-specified order. That means that you first get a permit line of 1.2.3.4 and then a deny line of 0.0.0.0/0. Asterisk uses that order, and that results in the denial of all. The fix is to - invert the column order in the CREATE TABLE statement See also: https://issues.asterisk.org/jira/browse/ASTERISK-4180 <-- for codecs this is implemented in asterisk 11 and higher, but not for acls (note that it is badly documented) By: Benoit Duverger (bduverger) 2014-06-04 10:45:15.907-0500 It works, thank you very much! |