Hi everyone.
I read in the manual that by adding the followind lines to the configuration
09=deny alias:^188884.* ALL=allow ipv4:0/0|allow ipv6:::/0
will end up in "endpoints having an alias beginning with 188884 are not allowed to call prefix 09"
So I expected that by adding the following lines to my configuration, I would have prevented endpoint 3194 from calling the endpoint 8501 (which is an MCU ad hoc room actually)
[Gatekeeper::Auth]
PrefixAuth=required;ARQ
[PrefixAuth]
8501=deny alias:^3194.*
ALL=allow ipv4:0/0
But this does not work; I also try setting the rule to 8501=deny alias:^3194 to no avail.
So I dug into logs and what I see is perplexing me: because it says that
GKAUTH PrefixAuth rule matched and could not reject or accept destination prefix '8501' for alias '8501'i.e. the alias for the caller and the callee is the same; this is the actual output (where ip address has been blanked out)2016/03/11 12:38:07.515 3 RasSrv.cxx(251) RAS
admissionRequest {
requestSeqNum = 8596
callType = pointToPoint <<null>>
callModel = gatekeeperRouted <<null>>
endpointIdentifier = 9 characters {
0037 0038 0038 0036 005f 0065 006e 0064 7886_end
0070 p
}
destinationInfo = 2 entries {
[0]=dialedDigits "8501"
[1]=dialedDigits "8501"
}
srcInfo = 2 entries {
[0]=h323_ID 10 characters {
0044 0043 0020 0050 0045 0052 0053 0020 DC PERS
0053 0049 SI
}
[1]=dialedDigits "3194"
}
srcCallSignalAddress = ipAddress {
ip = 4 octets {
xx xx xx xx ....
}
port = 60008
}
bandWidth = 15360
callReferenceValue = 2331
conferenceID = 16 octets {
02 87 73 31 e2 b2 03 14 1d a9 56 34 34 34 34 ef ..s1......V4444.
}
activeMC = false
answerCall = false
canMapAlias = false
callIdentifier = {
guid = 16 octets {
02 87 73 31 e2 b2 03 14 1d a8 56 34 34 34 34 ef ..s1......V4444.
}
}
gatekeeperIdentifier = 5 characters {
0047 006e 0075 0047 006b GnuGk
}
willSupplyUUIEs = false
}
2016/03/11 12:38:07.531 5 job.cxx(338) JOB Worker threads: 15 total - 15 busy, 0 idle
2016/03/11 12:38:07.531 5 job.cxx(180) JOB Starting Job ARQ at Worker thread 364
2016/03/11 12:38:07.531 1 RasSrv.cxx(382) RAS ARQ Received from xx.xx.xx.xx:1719
2016/03/11 12:38:07.531 4 gkauth.cxx(1941) GKAUTH PrefixAuth rule matched and could not reject or accept destination prefix '8501' for alias '8501'
2016/03/11 12:38:07.531 5 gkauth.cxx(1735) GKAUTH Prefix auth rule 'allow ip(32):0/0' matched
2016/03/11 12:38:07.531 4 gkauth.cxx(1926) GKAUTH PrefixAuth rule matched and accepted destination prefix 'ALL' for alias '8501'
2016/03/11 12:38:07.531 3 gkauth.cxx(795) GKAUTH PrefixAuth ARQ check ok
The output is the same even when the calling endpoint is a different one from 3194.What am I not understading?My Gnugk Version is Gatekeeper(GNU) Version(3.4.0) Ext(pthreads=0,radius=1,mysql=1,pgsql=1,firebird=1,odbc=1,sqlite=1,large_fdset=0,crypto/ssl=1,h46018=1,h46023=1,ldap=1,ssh=0,ipv6=1,h235media=1,lua=0,h46017=1,snmp=1,h46026=0) H323Plus(1.25.3) PTLib(2.10.1) Build(Sep 19 2013, 19:57:17) Sys(Server 2003 i586 (Model=1 Stepping=2) v5.2.3790)
Thank you very much. Pierlu ------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140
_______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
