[asterisk-dev] acl.c - option to turn off logging

Jaco Kroon jaco at uls.co.za
Wed Dec 4 02:21:37 CST 2019


Hi All,

In ast_apply_acl (main/acl.c) there is two lines that's issuing a
LOG_WARNING when an ACL gets denied.

The first happens if the ACL is invalid.  I'm not too worried about this
specific one, it's probably a good thing if this gets logged always.

The latter, in the case of AST_SENSE_DENY is a bit problematic for me. 
I've submitted patches now to use ACLs in res_rtp_asterisk, and with
large number of rejects this can quickly spam the logs, and frankly,
confuse consumers.

As I see it, there are two possible solutions:

Solution 1:

1.  Add AST_SENSE_INVALID as a possible return.
2.  Rename the current function to ast_apply_acl_(silent|nolog), and
remove the logging.
3.  Add a replacement ast_apply_acl function which will generate the log
entries as per current.

Solution 2:

Simply don't log at all if the purpose argument is NULL.

Solution two is the simpler fix, but it's probably also the less ideal one.

The adding of the AST_SENSE_INVALID will also mean that the replacement
function will need to rewrite AST_SENSE_INVALID => AST_SENSE_DENY, or we
need to audit all consumers of the function (there fortunately isn't a
great many of these) and wherever ast_apply_acl(...) == AST_SENSE_DENY
is found, it should be rewritten as ast_apply_acl(...) != AST_SENSE_ALLOW.

Would dearly like some opinions on the matter.

PS:  The advantage for me on using ACL over HA is simply the named ACL
functionality, so in rtp.conf I can state ice_acl = named_acl instead of
having to embed the ACL into rtp.conf.


Kind Regards,
Jaco Kroon
C.E.O.

*T:* +27 (0)12 021 0000 | *F:* +27 86 648 8561 | *E:* jaco at iewc.co.za
*W:* iewc.co.za <https://www.iewc.co.za/> | *A:* Unit 201, Building 2B,
Sunwood Park, Queen's Crescent Lynnwood, Pretoria


  	

Facebook <https://www.facebook.com/Interexcel/> Twitter
<https://twitter.com/Interexcel/> Google+
<https://plus.google.com/+InterexcelCoZaPTA/posts> LinkedIn
<https://www.linkedin.com/company/interexcel-world-connection/>

IEWC <https://www.iewc.co.za/> ULS Group <http://www.uls.co.za/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20191204/c818f642/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ico-facebook.jpg
Type: image/jpeg
Size: 1302 bytes
Desc: not available
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20191204/c818f642/attachment-0005.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ico-twitter.jpg
Type: image/jpeg
Size: 1423 bytes
Desc: not available
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20191204/c818f642/attachment-0006.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ico-linkedin.jpg
Type: image/jpeg
Size: 1444 bytes
Desc: not available
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20191204/c818f642/attachment-0007.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ie.jpg
Type: image/jpeg
Size: 3906 bytes
Desc: not available
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20191204/c818f642/attachment-0008.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ulsgroup.jpg
Type: image/jpeg
Size: 10458 bytes
Desc: not available
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20191204/c818f642/attachment-0009.jpg>


More information about the asterisk-dev mailing list