
<html>

  <head>


    <meta http-equiv="content-type" content="text/html; charset=UTF-8">

  </head>

  <body>

    <p>Hi All,</p>

    <p>In ast_apply_acl (main/acl.c) there is two lines that's issuing a

      LOG_WARNING when an ACL gets denied.</p>

    <p>The first happens if the ACL is invalid.  I'm not too worried

      about this specific one, it's probably a good thing if this gets

      logged always.</p>

    <p>The latter, in the case of AST_SENSE_DENY is a bit problematic

      for me.  I've submitted patches now to use ACLs in

      res_rtp_asterisk, and with large number of rejects this can

      quickly spam the logs, and frankly, confuse consumers.</p>

    <p>As I see it, there are two possible solutions:</p>

    <p>Solution 1:<br>

    </p>

    <p>1.  Add AST_SENSE_INVALID as a possible return.<br>

      2.  Rename the current function to ast_apply_acl_(silent|nolog),

      and remove the logging.<br>

      3.  Add a replacement ast_apply_acl function which will generate

      the log entries as per current.</p>

    <p>Solution 2:<br>

    </p>

    <p>Simply don't log at all if the purpose argument is NULL.</p>

    <p>Solution two is the simpler fix, but it's probably also the less

      ideal one.</p>

    <p>The adding of the AST_SENSE_INVALID will also mean that the

      replacement function will need to rewrite AST_SENSE_INVALID =>

      AST_SENSE_DENY, or we need to audit all consumers of the function

      (there fortunately isn't a great many of these) and wherever

      ast_apply_acl(...) == AST_SENSE_DENY is found, it should be

      rewritten as ast_apply_acl(...) != AST_SENSE_ALLOW.</p>

    <p>Would dearly like some opinions on the matter.<br>

    </p>

    <p>PS:  The advantage for me on using ACL over HA is simply the

      named ACL functionality, so in rtp.conf I can state ice_acl =

      named_acl instead of having to embed the ACL into rtp.conf.<br>

    </p>

    <p><br>

    </p>

    <div class="moz-signature">

      <style type="text/css">

* { padding: 0px; margin: 0px; }

body, html { font-family: Arial, San-Serif; font-size: small; color: black; padding-left: 10px; padding-top: 3px; }

a { text-decoration: none; color: #818285; }

h1 { font-size: large; }

table { font-size: 12px; }

p + p { padding-top: 1em; }

</style>

      <p>Kind Regards,<br>

        <span style="font-size: 24px;color: #8dc641">Jaco Kroon</span>

        <br>

        <span style="font-size: 16px">C.E.O.</span></p>

      <table width="540" cellspacing="0" cellpadding="0">

        <tbody>

          <tr>

            <td>

              <p><b>T:</b> +27 (0)12 021 0000 | <b>F:</b> +27 86 648

                8561 | <b>E:</b> <a class="moz-txt-link-abbreviated" href="mailto:jaco@iewc.co.za">jaco@iewc.co.za</a><br>

                <b>W:</b> <a href="https://www.iewc.co.za/">iewc.co.za</a>

                | <b>A:</b> Unit 201, Building 2B, Sunwood Park,

                Queen's Crescent Lynnwood, Pretoria</p>

            </td>

          </tr>

          <tr>

            <td style="" valign="middle" bgcolor="8dc641" align="left">

              <table style="font-size: 12px; font-family: Arial,

                sans-serif;" width="100%" cellspacing="0"

                cellpadding="0">

                <tbody>

                  <tr>

                    <td colspan="2" style="height: 5px;" height="5"><br>

                    </td>

                  </tr>

                  <tr>

                    <td width="10"> </td>

                    <td>

                      <p> <a style="display: inline-block;"

                          href="https://www.facebook.com/Interexcel/"><img

                            src="cid:part2.23C29BB6.8847505D@uls.co.za"

                            alt="Facebook"></a> <a style="display:

                          inline-block;"

                          href="https://twitter.com/Interexcel/"><img

                            src="cid:part4.B970C754.AD68C0FD@uls.co.za"

                            alt="Twitter"></a> <a style="display:

                          inline-block;"

                          href="https://plus.google.com/+InterexcelCoZaPTA/posts"><img

                            src="cid:part6.353476D5.F2855F72@uls.co.za"

                            alt="Google+"></a> <a style="display:

                          inline-block;"

                          href="https://www.linkedin.com/company/interexcel-world-connection/"><img

                            src="cid:part6.353476D5.F2855F72@uls.co.za"

                            alt="LinkedIn"></a> </p>

                    </td>

                  </tr>

                </tbody>

              </table>

            </td>

          </tr>

          <tr>

            <td colspan="3" valign="middle">

              <p><a href="https://www.iewc.co.za/"><img alt="IEWC"

                    src="cid:part10.FFF44E90.A67F186D@uls.co.za"

                    width="200" height="40"></a> <a

                  href="http://www.uls.co.za/" style="margin-left: 40px"><img

                    alt="ULS Group"

                    src="cid:part12.599518C1.EE077A6F@uls.co.za"

                    width="136" height="53"></a></p>

            </td>

          </tr>

          <!--       <tr>

                <td>

                        <p style="font-size: 10px">This email and all contents are subject to the following disclaimer: <a style='text-decoration: none; color: #8dc641;' href='https://www.iewc.co.za/email-disclaimer/'>View Disclaimer</a></p>

                </td>

        </tr> -->

        </tbody>

      </table>

    </div>

  </body>

</html>