Monthly Archive for October, 2017

OpenBSD: lack of RAM, reordering libraries at boot time and pkg_add errors

Freshly installed (in VirtualBox) OpenBSD 6.2 spent too much time during boot, on the ‘reordering libraries’ step. Several minutes, not less.
I havent’ seen such a behavior in prior releases.

As usual, thanks to guys from
And here are some explanations from Theo de Raadt:

But the problem was in lack of free memory: the VM had only 64 mb (default value in VirtualBox setting for OBSD) and it was not enough.

After adding more memory the boot process became quicker.

pkg_add(1) and pkg_info(1) havent’ worked properly either, until I added extra memory to the configuration.

Lighttpd: mod_access

lighttpd_logo I faced a problem when it was needed to allow access to certain url (x.x.x.x/zabbix/) for 2 fixed IP-addresses and one /16 subnet, and deny to anybody else.

The old examples from the official documentation worked not so perfect as I wanted
But the users helped me in the same topic.

This is how it’s done:

$HTTP["url"] =~ "^/zabbix/" {
    $HTTP["remoteip"] == "" {
    else $HTTP["remoteip"] == "" {
    else $HTTP["remoteip"] == "" {
    else $HTTP["remoteip"] != "" {  # (dummy match everything)
        url.access-deny = ( "" )

Now anybody accessing /zabbix/ will get “403” error except , and

OpenSIPS battle: REGISTER requests vs permissions module

Sutuation: you have to check the source address of REGISTER messages, going to your OpenSIPS server and decide wether to allow them or to deny.

Use permissions module for this.

You can use it in two variants:

1. with OpenSIPS’ text config files register.allow and register.deny (similar to Unix hosts.allow and hosts.deny).
In this case you should use module’s function ‘allow_register

Example of blocking REGISTERs from IP address:

register.deny file:

ALL : "^sip:.*10\.145\.13\.49"
ALL : "^sip:.*0*10\.145\.0*13\.0*49"   # this is to prevent bypassing
                                       # by the insertion of one or more '0' in the IP address

register.allow file is empty (allow everything except those in .deny file).

OpenSIPS script snippet:

	if ( is_method("REGISTER") ) {
		if (allow_register("register")) {
		} else {
			sl_send_reply("403", "Forbidden registration from your IP v2");

But this method has one big disadvantage – you need to restart OpenSIPS each time you edit register.allow/register.deny.
OpenSIPS ‘permissions’ module has a MI function ‘address_reload‘ but it reloads the table (see below), not the allow/deny files.
So, it’s more cool to use the second variant, go on reading!..

2. with DB table ‘address‘.
In this case you should use modules’ function ‘check_address

– register.allow and register.deny files are empty.
– add entries to ‘address’ table. In our case we’re using not real SQL DB but dbtext. So, this is how ‘/etc/opensips/dbtext/address’ file looks like:

voip-pbx-sbc ~ # cat /etc/opensips/dbtext/address 
id(int,auto) grp(int) ip(string) mask(int) port(int) proto(string) pattern(string,null) context_info(string,null)

WARNING: every time you add any new txt table (not sure about real SQL, but sure in case of using dbtext), do not forget to add it’s version to another txt-table ‘version’ (I think in case of real SQL it is done automatically, but with dbtext we have to do it manually):

voip-pbx-sbc ~ # cat /etc/opensips/dbtext/version 
table_name(string) table_version(int) 

Firstly, I haven’t done it, and that’s why OpenSIPS could not start and I had this message in the system log:

ERROR:core:db_check_table_version: invalid version 0 for table address found, expected 5

So, the script snippet with the ‘check_address’ function:

	if ( is_method("REGISTER") ) {

		if(check_address("0","$si","0","any")) {
		} else {
			sl_send_reply("403", "Forbidden registration from your IP v2");


And here’s the magic! You may add IP-addresses or subnets to your DB or dbtext file and then run a MI command ‘address_reload‘ without restarting your high-loaded OpenSIPS.

Now the policy is “if address is in the table – allow it, otherwise block”. Look at the images below.

IP is not in the table – REGISTER is forbidden:

IP has been added to dbtext table and table reloaded – registrations passed successfully:

You can also look the table’s contents with MI commands ‘opensipsctl fifo address_dump‘ and ‘opensipsctl fifo subnet_dump‘.

UPD: OpenSIPS core developer’s answer to my question .

Asterisk: count active calls on certain peers

Let’s imagine that you have a number of peers – both internal users and trunks with VoIP providers.
And you need to count active calls on trunks only. Or even on trunks with some concrete provider, but not the total ‘core show calls’. As an example, you may need to pass that integer to Zabbix.

root@pbx:~# asterisk -C /etc/asterisk/asterisk.conf -rx 'sip show inuse' 
Setting max files open to 1000
* Peer name               In use          Limit           
104                       0/0/0           10              
107                       0/0/0           10              
100                       0/0/0           10                            
voip-isp-london1          1/0/0           6      
voip-isp-london2          2/1/0           6      

In fact, all magic is done with grep and especially awk tool. Firstly, you need to grep ‘voip-isp’, then extract the second column (is done with awk ‘{print $2}’ ) and then extract the first digit from three ones (e.g. 2 from 2/1/0).
At this point, you’ll get a list of integers, one per line, corresponding to number of active calls on each grepped trunk.
Now it’s time to summarize them, and the best way to do it is also awk! (is done with awk -F\/ ‘{sum += $1} END {print sum}’ )

root@pbx:~# asterisk -C /etc/asterisk/asterisk.conf -rx 'sip show inuse' | grep voip | awk '{print $2}' | awk -F\/ '{sum += $1} END {print sum}'