Module: kamailio Branch: master Commit: 9e0402e9b1d9d789211bfb3c13fc11ab6d5fa320 URL: https://github.com/kamailio/kamailio/commit/9e0402e9b1d9d789211bfb3c13fc11ab6d5fa320
Author: Xenofon Karamanos <x...@gilawa.com> Committer: Henning Westerholt <h...@gilawa.com> Date: 2025-07-14T15:42:47+02:00 permissions: doc: Add note related to LPM search - allow_address() and 3 more related function now perform LPM search - allow_source_address() - allow_source_address_group() - allow_address_group --- Modified: src/modules/permissions/doc/permissions_admin.xml --- Diff: https://github.com/kamailio/kamailio/commit/9e0402e9b1d9d789211bfb3c13fc11ab6d5fa320.diff Patch: https://github.com/kamailio/kamailio/commit/9e0402e9b1d9d789211bfb3c13fc11ab6d5fa320.patch --- diff --git a/src/modules/permissions/doc/permissions_admin.xml b/src/modules/permissions/doc/permissions_admin.xml index 494a7ecc0fb..f893a3e4eb7 100644 --- a/src/modules/permissions/doc/permissions_admin.xml +++ b/src/modules/permissions/doc/permissions_admin.xml @@ -221,6 +221,25 @@ (see tag_col module parameter) is added as value to peer_tag AVP if peer_tag_avp module parameter has been defined. </para> + <note> + <para> + Starting with Kamailio version 6.1.x, the <function>allow_address()</function> + function and its related functions use the Longest Prefix Match (LPM) method to + find matching entries. + </para> + <para> + This means the <function>_group</function> variants will now return the most specific + (longest) subnet match, instead of the first match (which was previously the entry with + the lowest group ID). + This LPM behavior is now consistent across the following functions: + </para> + <itemizedlist> + <listitem><para><function>allow_address()</function></para></listitem> + <listitem><para><function>allow_source_address()</function></para></listitem> + <listitem><para><function>allow_source_address_group()</function></para></listitem> + <listitem><para><function>allow_address_group()</function></para></listitem> + </itemizedlist> + </note> </section> <section id="sec-trusted-requests"> <title>Trusted Requests</title> @@ -1259,6 +1278,9 @@ if (allow_uri("basename", "$avp(i:705)") { // Check URI stored in $avp(i:705) matches any port. The <quote>group_id</quote> argument can be an integer string or a pseudo variable. </para> + <note> + See <link linkend="sec-address-permissions"> Address permissions </link> for more details. + </note> <para> This function can be used from REQUEST_ROUTE, FAILURE_ROUTE. </para> @@ -1289,6 +1311,9 @@ if (!allow_address("2", "$avp(dst_adr)", "$avp(dst_port)") { Equal to <quote>allow_address(group_id, "$si", "$sp")</quote>. If 'group_id' is missing, the function is equal to allow_address("1", "$si", "$sp"). </para> + <note> + See <link linkend="sec-address-permissions"> Address permissions </link> for more details. + </note> <para> This function can be used from REQUEST_ROUTE, FAILURE_ROUTE. </para> @@ -1315,6 +1340,10 @@ if (!allow_source_address("1")) { If not returns -1. Port value 0 in cached address and group table matches any port. </para> + <note> + See <link linkend="sec-address-permissions"> Address permissions </link> + for more details on how searching is implemented. + </note> <para> This function can be used from REQUEST_ROUTE, FAILURE_ROUTE. </para> @@ -1341,6 +1370,10 @@ if ($var(group) != -1) { If not returns -1. Port value 0 in cached address and group table matches any port. The parameters can be pseudo-variables. </para> + <note> + See <link linkend="sec-address-permissions"> Address permissions </link> + for more details on how searching is implemented. + </note> <para> This function can be used from ANY_ROUTE. </para> _______________________________________________ Kamailio - Development Mailing List -- sr-dev@lists.kamailio.org To unsubscribe send an email to sr-dev-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
