1.1. Call Routing 1.2. Registration Permissions 1.3. URI Permissions 1.4. Address Permissions 1.5. Trusted Requests The Permissions module provides functions for handling IP based access control lists (ACL) in a number of ways. * Call Routing * Registration permissions * URI permissions * Address permissions * Trusted Requests The Address permissions and Trusted request handling supports using a database to load ACLs into RAM for fast processing. 1.1. Call Routing The module can be used to determine if a call has appropriate permission to be established. Permission rules are stored in plaintext configuration files similar to hosts.allow and hosts.deny files used by tcpd. When allow_routing function is called it tries to find a rule that matches selected fields of the message. Kamailio is a forking proxy and therefore a single message can be sent to different destinations simultaneously. When checking permissions all the destinations must be checked and if one of them fails, the forwarding will fail. The matching algorithm is as follows, first match wins: * Create a set of pairs of form (From, R-URI of branch 1), (From, R-URI of branch 2), etc. * Routing will be allowed when all pairs match an entry in the allow file. * Otherwise routing will be denied when one of pairs matches an entry in the deny file. * Otherwise, routing will be allowed. A non-existing permission control file is treated as if it were an empty file. Thus, permission control can be turned off by providing no
| Parámetro | Tipo | Descripción |
|---|---|---|
| default_allow_file | string | 3.2. default_deny_file (string) 3.3. check_all_branches (integer) 3.4. allow_suffix (string) 3.5. deny_suffix (string) 3.6. address_file (string) 3.7. db_url (string) 3.8. address_table (string) 3.9. |
| default_deny_file | string | 3.3. check_all_branches (integer) 3.4. allow_suffix (string) 3.5. deny_suffix (string) 3.6. address_file (string) 3.7. db_url (string) 3.8. address_table (string) 3.9. grp_col (string) 3.10. ip_addr_c |
| check_all_branches | integer | 3.4. allow_suffix (string) 3.5. deny_suffix (string) 3.6. address_file (string) 3.7. db_url (string) 3.8. address_table (string) 3.9. grp_col (string) 3.10. ip_addr_col (string) 3.11. mask_col (string |
| allow_suffix | string | 3.5. deny_suffix (string) 3.6. address_file (string) 3.7. db_url (string) 3.8. address_table (string) 3.9. grp_col (string) 3.10. ip_addr_col (string) 3.11. mask_col (string) 3.12. port_col (string) 3 |
| deny_suffix | string | 3.6. address_file (string) 3.7. db_url (string) 3.8. address_table (string) 3.9. grp_col (string) 3.10. ip_addr_col (string) 3.11. mask_col (string) 3.12. port_col (string) 3.13. db_mode (integer) 3.1 |
| address_file | string | 3.7. db_url (string) 3.8. address_table (string) 3.9. grp_col (string) 3.10. ip_addr_col (string) 3.11. mask_col (string) 3.12. port_col (string) 3.13. db_mode (integer) 3.14. trusted_table (string) 3 |
| db_url | string | 3.8. address_table (string) 3.9. grp_col (string) 3.10. ip_addr_col (string) 3.11. mask_col (string) 3.12. port_col (string) 3.13. db_mode (integer) 3.14. trusted_table (string) 3.15. source_col (stri |
| address_table | string | 3.9. grp_col (string) 3.10. ip_addr_col (string) 3.11. mask_col (string) 3.12. port_col (string) 3.13. db_mode (integer) 3.14. trusted_table (string) 3.15. source_col (string) 3.16. proto_col (string) |
| grp_col | string | 3.10. ip_addr_col (string) 3.11. mask_col (string) 3.12. port_col (string) 3.13. db_mode (integer) 3.14. trusted_table (string) 3.15. source_col (string) 3.16. proto_col (string) 3.17. from_col (strin |
| ip_addr_col | string | 3.11. mask_col (string) 3.12. port_col (string) 3.13. db_mode (integer) 3.14. trusted_table (string) 3.15. source_col (string) 3.16. proto_col (string) 3.17. from_col (string) 3.18. ruri_col (string) |
| mask_col | string | 3.12. port_col (string) 3.13. db_mode (integer) 3.14. trusted_table (string) 3.15. source_col (string) 3.16. proto_col (string) 3.17. from_col (string) 3.18. ruri_col (string) 3.19. tag_col (string) 3 |
| port_col | string | 3.13. db_mode (integer) 3.14. trusted_table (string) 3.15. source_col (string) 3.16. proto_col (string) 3.17. from_col (string) 3.18. ruri_col (string) 3.19. tag_col (string) 3.20. priority_col (strin |
| db_mode | integer | 3.14. trusted_table (string) 3.15. source_col (string) 3.16. proto_col (string) 3.17. from_col (string) 3.18. ruri_col (string) 3.19. tag_col (string) 3.20. priority_col (string) 3.21. peer_tag_avp (A |
| trusted_table | string | 3.15. source_col (string) 3.16. proto_col (string) 3.17. from_col (string) 3.18. ruri_col (string) 3.19. tag_col (string) 3.20. priority_col (string) 3.21. peer_tag_avp (AVP string) 3.22. peer_tag_mod |
| source_col | string | 3.16. proto_col (string) 3.17. from_col (string) 3.18. ruri_col (string) 3.19. tag_col (string) 3.20. priority_col (string) 3.21. peer_tag_avp (AVP string) 3.22. peer_tag_mode (integer) 3.23. max_subn |
| proto_col | string | 3.17. from_col (string) 3.18. ruri_col (string) 3.19. tag_col (string) 3.20. priority_col (string) 3.21. peer_tag_avp (AVP string) 3.22. peer_tag_mode (integer) 3.23. max_subnets (int) 3.24. subnet_ma |
| from_col | string | 3.18. ruri_col (string) 3.19. tag_col (string) 3.20. priority_col (string) 3.21. peer_tag_avp (AVP string) 3.22. peer_tag_mode (integer) 3.23. max_subnets (int) 3.24. subnet_match_mode (int) 3.25. loa |
| ruri_col | string | 3.19. tag_col (string) 3.20. priority_col (string) 3.21. peer_tag_avp (AVP string) 3.22. peer_tag_mode (integer) 3.23. max_subnets (int) 3.24. subnet_match_mode (int) 3.25. load_backends (int) 3.26. r |
| tag_col | string | 3.20. priority_col (string) 3.21. peer_tag_avp (AVP string) 3.22. peer_tag_mode (integer) 3.23. max_subnets (int) 3.24. subnet_match_mode (int) 3.25. load_backends (int) 3.26. reload_delta (int) 3.27. |
| priority_col | string | 3.21. peer_tag_avp (AVP string) 3.22. peer_tag_mode (integer) 3.23. max_subnets (int) 3.24. subnet_match_mode (int) 3.25. load_backends (int) 3.26. reload_delta (int) 3.27. trusted_cleanup_interval (i |
| peer_tag_mode | integer | 3.23. max_subnets (int) 3.24. subnet_match_mode (int) 3.25. load_backends (int) 3.26. reload_delta (int) 3.27. trusted_cleanup_interval (int) |
| max_subnets | int | 3.24. subnet_match_mode (int) 3.25. load_backends (int) 3.26. reload_delta (int) 3.27. trusted_cleanup_interval (int) |
| subnet_match_mode | int | 3.25. load_backends (int) 3.26. reload_delta (int) 3.27. trusted_cleanup_interval (int) |
| load_backends | int | 3.26. reload_delta (int) 3.27. trusted_cleanup_interval (int) |
| reload_delta | int | 3.27. trusted_cleanup_interval (int) |
| trusted_cleanup_interval | int | 3.1. default_allow_file (string) |
| default_allow_file | string | Default allow file used by the functions with no parameters. If you don't specify a full pathname then the directory in which the main config file is located will be used. |
| default_deny_file | string | Default file containing deny rules. The file is used by functions with no parameters. If you don't specify a full pathname then the directory in which the main config file is located will be used. |
| check_all_branches | integer | If set then allow_routing functions will check Request-URI of all branches (default). If disabled then only Request-URI of the first branch will be checked. |
| allow_suffix | string | Suffix to be appended to basename to create filename of the allow file when version with one parameter of either allow_routing or allow_register_include_port or allow_register is used. |
4.2. allow_routing(basename) 4.3. allow_routing(allow_file, deny_file) 4.4. allow_register(basename) 4.5. allow_register(allow_file, deny_file) 4.6. allow_register_include_port(basename) 4.7. allow_register_include_port(allow_file, deny_file) 4.8. al
4.3. allow_routing(allow_file, deny_file) 4.4. allow_register(basename) 4.5. allow_register(allow_file, deny_file) 4.6. allow_register_include_port(basename) 4.7. allow_register_include_port(allow_file, deny_file) 4.8. allow_uri(basename, pvar) 4.9.
4.4. allow_register(basename) 4.5. allow_register(allow_file, deny_file) 4.6. allow_register_include_port(basename) 4.7. allow_register_include_port(allow_file, deny_file) 4.8. allow_uri(basename, pvar) 4.9. allow_address(group_id, ip_addr_pvar, port
4.5. allow_register(allow_file, deny_file) 4.6. allow_register_include_port(basename) 4.7. allow_register_include_port(allow_file, deny_file) 4.8. allow_uri(basename, pvar) 4.9. allow_address(group_id, ip_addr_pvar, port_pvar) 4.10. allow_source_addr
4.6. allow_register_include_port(basename) 4.7. allow_register_include_port(allow_file, deny_file) 4.8. allow_uri(basename, pvar) 4.9. allow_address(group_id, ip_addr_pvar, port_pvar) 4.10. allow_source_address([group_id]) 4.11. allow_source_address_
4.7. allow_register_include_port(allow_file, deny_file) 4.8. allow_uri(basename, pvar) 4.9. allow_address(group_id, ip_addr_pvar, port_pvar) 4.10. allow_source_address([group_id]) 4.11. allow_source_address_group() 4.12. allow_address_group(addr, por
4.8. allow_uri(basename, pvar) 4.9. allow_address(group_id, ip_addr_pvar, port_pvar) 4.10. allow_source_address([group_id]) 4.11. allow_source_address_group() 4.12. allow_address_group(addr, port) 4.13. allow_trusted([src_ip_pvar, proto_pvar, furi_pv
4.9. allow_address(group_id, ip_addr_pvar, port_pvar) 4.10. allow_source_address([group_id]) 4.11. allow_source_address_group() 4.12. allow_address_group(addr, port) 4.13. allow_trusted([src_ip_pvar, proto_pvar, furi_pvar])
4.10. allow_source_address([group_id]) 4.11. allow_source_address_group() 4.12. allow_address_group(addr, port) 4.13. allow_trusted([src_ip_pvar, proto_pvar, furi_pvar])
4.11. allow_source_address_group() 4.12. allow_address_group(addr, port) 4.13. allow_trusted([src_ip_pvar, proto_pvar, furi_pvar])
4.12. allow_address_group(addr, port) 4.13. allow_trusted([src_ip_pvar, proto_pvar, furi_pvar])
4.13. allow_trusted([src_ip_pvar, proto_pvar, furi_pvar])
4.1. allow_routing()
Returns true if all pairs constructed as described in Section 1.1, “Call Routing” have appropriate permissions according to the configuration files. This function uses default configuration files specified in default_allow_file and default_deny_file.
Returns true if all pairs constructed as described in Section 1.1, “Call Routing” have appropriate permissions according to the configuration files given as parameters.
usage ... if (allow_routing("basename")) { t_relay(); }; ...
Returns true if all pairs constructed as described in Section 1.1, “Call Routing” have appropriate permissions according to the configuration files given as parameters.
usage ... if (allow_routing("rules.allow", "rules.deny")) { t_relay(); }; ...
The function returns true if all pairs constructed as described in Section 1.2, “Registration Permissions” have appropriate permissions according to the configuration files given as parameters.
usage ... if (method=="REGISTER") { if (allow_register("register")) { save("location"); exit; } else { sl_send_reply("403", "Forbidden"); }; }; ...
The function returns true if all pairs constructed as described in Section 1.2, “Registration Permissions” have appropriate permissions according to the configuration files given as parameters.
usage ... if (method=="REGISTER") { if (allow_register("register.allow", "register.deny")) { save("location"); exit; } else { sl_send_reply("403", "Forbidden"); }; }; ...
The function does exacty the same thing as allow_register(basename) apart that it tells the module to include the port value of Contact into the check. No additional function parameters required.
usage ... if (method=="REGISTER") { if (allow_register_include_port("register")) { save("location"); exit; } else { sl_send_reply("403", "Forbidden"); }; }; ...
The function does exacty the same thing as allow_register(allow_file, deny_file) apart that it tells the module to include the port value of Contact into the check. No additional function parameters required.
Copyright © 2003 Miklos Tirpak
Copyright © 2006-2008 Juha Heinanen
Copyright © 2025 Tyler Moore, dOpenSource
