[SR-Users] allow_trusted and ipv6 addresses
Daniel-Constantin Mierla
miconda at gmail.com
Tue Feb 24 12:35:54 CET 2015
On 24/02/15 00:05, Anthony Messina wrote:
> On Monday, February 23, 2015 09:53:08 AM Daniel-Constantin Mierla wrote:
>> trusted does string comparison for the address field, it is not
>> considered an ip address.
>>
>> You should use address table instead if you just need matching on any ip
>> address or subnet.
> That's interesting. Is there a reason for the string comparison? Reading the
> README, trusted and address functions look incredibly similar, except trusted
> can match proto, and the address commands can match ports. What would be the
> advantage or use case of using either trusted or address?
I am not the developer of that function and haven't used it for a while.
IIRC, it was added like 2003-2004 and kept being so. I use address table
as it has more features in matching subnets and does pre-compilation of
ip addresses, thus is fast.
If someone provides a patch for doing ip-based comparison for trusted
table, it will be accepted. The C helper functions are available, so the
patch should not be big (ipops module can be used as example of C code
for comparing ip addresses).
Cheers,
Daniel
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio World Conference, May 27-29, 2015
Berlin, Germany - http://www.kamailioworld.com
More information about the sr-users
mailing list