[Freeswitch-users] how to identify caller based on CIDR for billing

Muhammad Naseer Bhatti nbhatti at gmail.com
Mon Feb 27 14:37:22 MSK 2012


Ok, this is not as easy as it looks. If we use the ACL system, we block
unauthenticated users to come in and reduce some extra load on the
DP/LUA/MySQL to reject the call. While ACL implemented, FS will reject the
call.

*Rejected by acl "default". Falling back to Digest auth

*Before moving forward, the only way to reach dialplan now is Digest
authentication. Which now makes things easy, as we can grab accountcode
from the username etc.

Now if we don't apply ACL, and let caller reach the directory to look for
credentials, that is allow acl on directory, directory wont return anything
if user is not matched. Correct me if I am wrong, can we query the
directory for both user or cidr or one of them?

-Goni


On Mon, Feb 27, 2012 at 12:10 PM, Avi Marcus <avi at avimarcus.net> wrote:

> If you want to do it in SQL.. I think you're using mysql? (I'm sure PG has
> similar functions. As does PHP, ip2long)
> MySQL has two IP functions.. the storage is easy:
> http://dev.mysql.com/doc/refman/5.0/en/miscellaneous-functions.html#function_inet-aton
>
> The cidr /24 part is hard. This site seems to show you how but I don't
> quite understand it all:
> http://www.finnie.org/2007/12/05/mysql-and-cidr-selection/
>
> -Avi
>
>
> On Mon, Feb 27, 2012 at 10:57 AM, Muhammad Naseer Bhatti <
> nbhatti at gmail.com> wrote:
>
>>
>> You are manually matching the CIDR to an account-code, by looking it up?
>>>
>> Yes. SELECT * from acl_node where caller_ip = blah; and I get the
>> accountcode.
>>
>>
>>> But FS already matched it and set a channel variable for the accountcode
>>> (if you set one in the directory file). (This is as long as you have the
>>> CIDR in the directory and not using the ACL system.)
>>>
>> I got your point. I am using ACL system not the CIDR in user directory.
>> Let me try setting it up in the directory and see if I get the chan var.
>>
>> Goni
>>
>>
>>>
>>> -Avi
>>>
>>>
>>> On Mon, Feb 27, 2012 at 10:24 AM, Muhammad Naseer Bhatti <
>>> nbhatti at gmail.com> wrote:
>>>
>>>>
>>>> A  node have a CIDR, for example, 192.168.10.0/24. So anything in
>>>> between 192.168.10.1 and 192.168.10.254 will be processed and passed to the
>>>> DP, by FreeSWITCH, in this case. Everything is ok till here. (I am using
>>>> xml_curl to service acl config) Now the call is sent to the dialplan for
>>>> processing. LUA scripts in my case. The IP address seen in the channel
>>>> variables is in IP format, 192.168.10.20 without the subnet or cidr
>>>> information.  Single IP address matches perfect and I get the accountcode
>>>> associated with the IP from the database, but when I have CIDR
>>>> 192.168.10.0/24 in the DB and the IP is 192.168.10.20, how can I match
>>>> it? Or I would have to expand the cidr range and set them all in the
>>>> database?
>>>>
>>>> Goni
>>>>
>>>>
>>>> . CIDR will be saved in cidr format. My question was, the ip address
>>>> will be seen in the channel variables, but to match is against the
>>>>
>>>> On Mon, Feb 27, 2012 at 1:00 AM, Avi Marcus <avi at avimarcus.net> wrote:
>>>>
>>>>> How do you set several CIDR for one user?
>>>>>
>>>>> OK, so if you have it matching on an account - use something like the
>>>>> variable accountcode. What more do you need for your billing..?
>>>>>  -Avi
>>>>>
>>>>>
>>>>> On Sun, Feb 26, 2012 at 11:46 PM, Muhammad Naseer Bhatti <
>>>>> nbhatti at gmail.com> wrote:
>>>>>
>>>>>>
>>>>>> This is not a problem. I can set several CIDR(s) for a single user.
>>>>>> If an IP address exists in the DB, the system will not allow any other user
>>>>>> to enter that IP address for him. This is different. I match the account
>>>>>> with incoming network_addr of the caller. Since I am saving currently
>>>>>> everything as /32 and static match the IP address from the DB, so I get the
>>>>>> account code no problem. FS accepts the range happily. /24 or whatever,
>>>>>> issue is only how to process that information when it hits the dialplan and
>>>>>> later mangled by the scripts to parse.
>>>>>>
>>>>>>
>>>>>> On Mon, Feb 27, 2012 at 12:36 AM, Avi Marcus <avi at avimarcus.net>wrote:
>>>>>>
>>>>>>> I suppose the issue is that each extensions seems to only have one
>>>>>>> CIDR option per directory-extension.
>>>>>>> I use the variable accountcode for billing.. so a hack would be to
>>>>>>> create users e.g. 1234-a, 1234-b, 1234-c each with their own CIDR and the
>>>>>>> same accountcode of 1234.
>>>>>>>
>>>>>>> Does someone else have a recommendation of how to enter several
>>>>>>> ranges of IPs for ACL for a particular user?
>>>>>>> -Avi
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Sun, Feb 26, 2012 at 10:55 PM, Muhammad Naseer Bhatti <
>>>>>>> nbhatti at gmail.com> wrote:
>>>>>>>
>>>>>>>> Hello,
>>>>>>>> In order to allow ACL authentication, ACL is defined for FreeSWITCH
>>>>>>>> and IP address is entered in CIDR format. A /32 will have only 1 IP and /24
>>>>>>>> will have 254 IP address range. Now, FS will allow the call if the IP
>>>>>>>> address falls under the subnet. For example, caller IP address is
>>>>>>>> 192.168.10.24 while the ACL node is defined as 192.168.10.0/24.
>>>>>>>> This works fine, but when it come to identify the incoming call for billing
>>>>>>>> purpose, how can we identify the IP address matches to which customer? Or
>>>>>>>> which ACL node for FreeSWITCH. One possible solution is to expand the CIDR
>>>>>>>> used by FS, and then match the caller IP address, but I guess this will
>>>>>>>> take too much resources. Am I missing something here? Or restrict the user
>>>>>>>> to enter only 1 IP address per account?
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Goni
>>>>>>>>
>>>>>>>>
>>>>>>>> _________________________________________________________________________
>>>>>>>> Professional FreeSWITCH Consulting Services:
>>>>>>>> consulting at freeswitch.org
>>>>>>>> http://www.freeswitchsolutions.com
>>>>>>>>
>>>>>>>> 
>>>>>>>> 
>>>>>>>>
>>>>>>>> Official FreeSWITCH Sites
>>>>>>>> http://www.freeswitch.org
>>>>>>>> http://wiki.freeswitch.org
>>>>>>>> http://www.cluecon.com
>>>>>>>>
>>>>>>>> FreeSWITCH-users mailing list
>>>>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>>>> UNSUBSCRIBE:
>>>>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>>>> http://www.freeswitch.org
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _________________________________________________________________________
>>>>>>> Professional FreeSWITCH Consulting Services:
>>>>>>> consulting at freeswitch.org
>>>>>>> http://www.freeswitchsolutions.com
>>>>>>>
>>>>>>> 
>>>>>>> 
>>>>>>>
>>>>>>> Official FreeSWITCH Sites
>>>>>>> http://www.freeswitch.org
>>>>>>> http://wiki.freeswitch.org
>>>>>>> http://www.cluecon.com
>>>>>>>
>>>>>>> FreeSWITCH-users mailing list
>>>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>>> UNSUBSCRIBE:
>>>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>>> http://www.freeswitch.org
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> _________________________________________________________________________
>>>>>> Professional FreeSWITCH Consulting Services:
>>>>>> consulting at freeswitch.org
>>>>>> http://www.freeswitchsolutions.com
>>>>>>
>>>>>> 
>>>>>> 
>>>>>>
>>>>>> Official FreeSWITCH Sites
>>>>>> http://www.freeswitch.org
>>>>>> http://wiki.freeswitch.org
>>>>>> http://www.cluecon.com
>>>>>>
>>>>>> FreeSWITCH-users mailing list
>>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>> UNSUBSCRIBE:
>>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>> http://www.freeswitch.org
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> _________________________________________________________________________
>>>>> Professional FreeSWITCH Consulting Services:
>>>>> consulting at freeswitch.org
>>>>> http://www.freeswitchsolutions.com
>>>>>
>>>>> 
>>>>> 
>>>>>
>>>>> Official FreeSWITCH Sites
>>>>> http://www.freeswitch.org
>>>>> http://wiki.freeswitch.org
>>>>> http://www.cluecon.com
>>>>>
>>>>> FreeSWITCH-users mailing list
>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> UNSUBSCRIBE:
>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>> http://www.freeswitch.org
>>>>>
>>>>>
>>>>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> 
>>>> 
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://wiki.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:
>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>>
>>>>
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> 
>>> 
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20120227/4acd5c75/attachment-0001.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list