ruhnet
/
kazoo-configs-kamailio
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 183 Wiki Activity
Browse Source

check User-Agent header for device

3.20
SIPLABS, LLC 11 years ago
parent
840b7fc459
commit
bcd1c26d50
1 changed files with 24 additions and 14 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +24
    -14
      kamailio/acl-role.cfg

+ 24
- 14
kamailio/acl-role.cfg View File

@ -89,7 +89,6 @@ route[ACL_CHECK] {
kazoo_json($var(acl-response), "Realm.Order", "$var(acl-realm-order)"); kazoo_json($var(acl-response), "Realm.Order", "$var(acl-realm-order)");
kazoo_json($var(acl-response), "Realm.CIDR", "$var(acl-realm-cidr)"); kazoo_json($var(acl-response), "Realm.CIDR", "$var(acl-realm-cidr)");
kazoo_json($var(acl-response), "Realm.CIDR.length", "$var(acl-realm-cidr-len)"); kazoo_json($var(acl-response), "Realm.CIDR.length", "$var(acl-realm-cidr-len)");
kazoo_json($var(acl-response), "Realm.User-Agent", "$var(acl-realm-ua)");
kazoo_json($var(acl-response), "Device.Order", "$var(acl-device-order)"); kazoo_json($var(acl-response), "Device.Order", "$var(acl-device-order)");
kazoo_json($var(acl-response), "Device.CIDR", "$var(acl-device-cidr)"); kazoo_json($var(acl-response), "Device.CIDR", "$var(acl-device-cidr)");
kazoo_json($var(acl-response), "Device.CIDR.length","$var(acl-device-cidr-len)"); kazoo_json($var(acl-response), "Device.CIDR.length","$var(acl-device-cidr-len)");
@ -193,21 +192,23 @@ route[ACL_CHECK_DEVICE] {
} }
route[ACL_CHECK_DEVICE_ALLOW] { route[ACL_CHECK_DEVICE_ALLOW] {
if (not_empty("$var(acl-device-cidr)")) {
$var(i) = 0;
xlog("L_INFO", "$ci |ACL-realm| checking $var(acl-device-cidr-len) record(s)");
while($var(i) < $var(acl-device-cidr-len)) {
kazoo_json($var(acl-device-cidr), "[$var(i)]", "$var(record)");
xlog("L_INFO", "$ci |ACL-realm| checking if $si is in $var(record)");
if (($var(record) == ACL_IP_ADDR_ANY) || is_in_subnet("$si", $var(record))) {
$sht(acl=>$var(device)/$si) = 1;
xlog("L_INFO", "$ci |ACL| $var(sip-packet) from $si is permitted by ACL for $var(device)\n");
return;
if (!not_empty("$var(acl-device-ua)") || (not_empty("$var(acl-device-ua)") && $ua =~ $var(acl-device-ua))) {
if (not_empty("$var(acl-device-cidr)")) {
$var(i) = 0;
xlog("L_INFO", "$ci |ACL-realm| checking $var(acl-device-cidr-len) record(s)");
while($var(i) < $var(acl-device-cidr-len)) {
kazoo_json($var(acl-device-cidr), "[$var(i)]", "$var(record)");
xlog("L_INFO", "$ci |ACL-realm| checking if $si is in $var(record)");
if (($var(record) == ACL_IP_ADDR_ANY) || is_in_subnet("$si", $var(record))) {
$sht(acl=>$var(device)/$si) = 1;
xlog("L_INFO", "$ci |ACL| $var(sip-packet) from $si is permitted by ACL for $var(device)\n");
return;
}
$var(i) = $var(i) + 1;
} }
$var(i) = $var(i) + 1;
} else {
xlog("L_INFO", "$ci |ACL-realm| undefined CIDR in response for $var(device)");
} }
} else {
xlog("L_INFO", "$ci |ACL-realm| undefined CIDR in response for $var(device)");
} }
# Remember in CACHE and DENY # Remember in CACHE and DENY
$sht(acl=>$var(device)/$si) = 0; $sht(acl=>$var(device)/$si) = 0;
@ -219,6 +220,15 @@ route[ACL_CHECK_DEVICE_ALLOW] {
} }
route[ACL_CHECK_DEVICE_DENY] { route[ACL_CHECK_DEVICE_DENY] {
if (not_empty("$var(acl-device-ua)") && !($ua =~ $var(acl-device-ua))) {
$sht(acl=>$var(device)/$si) = 0;
if (!isflagset(FLAG_IS_REPLY)) {
sl_send_reply(ACL_CODE_DENY, ACL_MESSAGE_DENY);
}
xlog("L_INFO", "$ci |ACL| $var(sip-packet) from $si is rejected by ACL for $var(device)\n");
exit;
}
if (not_empty("$var(acl-device-cidr)")) { if (not_empty("$var(acl-device-cidr)")) {
$var(i) = 0; $var(i) = 0;
xlog("L_INFO", "$ci |ACL-device| checking $var(acl-device-cidr-len) record(s)"); xlog("L_INFO", "$ci |ACL-device| checking $var(acl-device-cidr-len) record(s)");


Write Preview
Loading…
Cancel
Save