[OpenSIPS-Users] Where to place acc_aaa_request ?

Michele Pinassi michele.pinassi at unisi.it
Fri May 17 09:34:21 CEST 2013


Via Radius using acc module, as you suggest before !

Michele

On 16/05/2013 16:13, Bogdan-Andrei Iancu wrote:
> Well, do you want to do accouting via RADIUS (aaa) or via DB (in acc
> table) ???
> 
> Regards,
> 
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developer
> http://www.opensips-solutions.com
> 
> 
> On 05/16/2013 01:18 PM, Michele Pinassi wrote:
>> Thanks Bodgan for your kindly reply but now accounting don't work:
>> nothing will be added to acc table !
>>
>> Here's the full routing logic. Maybe there's something wrong:
>>
>> modparam("aaa_radius", "radius_config",
>> "/etc/radiusclient-ng/radiusclient.conf")
>>
>>
>> modparam("acc", "early_media", 0)
>> modparam("acc", "report_cancels", 0)
>> modparam("acc", "detect_direction", 0)
>> modparam("acc", "log_level", 1)
>> modparam("acc", "aaa_url", "radius:/etc/radiusclient-ng/radiusclient.conf")
>> modparam("acc", "aaa_flag", 1)
>> modparam("acc", "aaa_extra",          "via=$hdr(Via[*]); \
>>                                        Digest-User-Name=$Au; \
>>                                        Calling-Station-Id=$from; \
>>                                        Called-Station-Id=$to; \
>>                                        Sip-Translated-Request-URI=$ru; \
>>                                        Sip-RPid=$avp(s:rpid); \
>>                                        Source-IP=$avp(s:source_ip); \
>>                                        Source-Port=$avp(s:source_port); \
>>                                        SIP-Proxy-IP=$avp(s:sip_proxy_ip); \
>>                                        Canonical-URI=$avp(s:can_uri); \
>>
>> Divert-Reason=$avp(s:divert_reason); \
>>                                        User-Agent=$hdr(user-agent); \
>>                                        Contact=$hdr(contact); \
>>                                        Event=$hdr(event) ;\
>>                                        ENUM-TLD=$avp(s:enum_tld)")
>>
>>
>> ####### Routing Logic ########
>>
>> route{
>> 	if (!mf_process_maxfwd_header("10")) {
>> 	    sl_send_reply("483","Too Many Hops");
>> 	    exit;
>> 	}
>> 	
>> 	if (msg:len >= 2048 ) {
>> 	    sl_send_reply("513", "Message too big");
>> 	    exit;
>> 	};
>> 	
>> 	if (check_address("4","$si","$sp","$proto")) {
>> # 	    xlog("L_INFO","IP $si Allowed");
>> 	} else {
>> 	    xlog("L_INFO","IP $si Forbidden");
>> 	    sl_send_reply("403", "Forbidden");
>> 	}
>> 	
>> 	
>> 	if (has_totag()) {
>> 		if (loose_route()) {
>> 			if (is_method("BYE")) {
>> 				setflag(1);
>> 			} else if (is_method("INVITE")) {
>> 				record_route();
>> 			}
>>     			route(1);
>> 		} else {
>> 			/* uncomment the following lines if you want to enable presence */
>> 			if (is_method("SUBSCRIBE") && $rd == "voip.unisi.it") {
>> 				route(2);
>> 				exit;
>> 			}
>> 			if ( is_method("ACK") ) {
>> 				if ( t_check_trans() ) {
>> 					t_relay();
>> 					exit;
>> 				} else {
>> 					exit;
>> 				}
>> 			}
>> 			sl_send_reply("404","Not here");
>> 		}
>> 		exit;
>> 	}
>>
>> 	if (is_method("CANCEL"))
>> 	{
>> 		if (t_check_trans())
>> 			t_relay();
>> 		exit;
>> 	}
>>
>> 	if (is_method("INVITE")) {
>> 	    setflag(1);
>> 	}
>>
>> 	t_check_trans();
>>
>> 	if (!(method=="REGISTER") && is_from_local())
>> 	{
>> 		if(!check_source_address("0")){
>> 		    if (!proxy_authorize("", "subscriber")) {
>> 			proxy_challenge("", "0");
>> 			exit;
>> 		    }
>> 		    if (!db_check_from()) {
>> 			sl_send_reply("403","Forbidden auth ID");
>> 			exit;
>> 		    }
>> 	
>> 		    consume_credentials();
>> 		    # caller authenticated
>> 		}
>> 	}
>>
>> 	# preloaded route checking
>> 	if (loose_route()) {
>> 		xlog("L_ERR", "Attempt to route with preloaded Route's
>> [$fu/$tu/$ru/$ci]");
>> 		if (!is_method("ACK"))
>> 			sl_send_reply("403","Preload Route denied");
>> 		exit;
>> 	}
>>
>> 	# record routing
>> 	if (!is_method("REGISTER|MESSAGE"))
>> 		record_route();
>>
>> 	if (!uri==myself) {
>> 		append_hf("P-hint: outbound\r\n");
>> 		route(1);
>> 	}
>>
>> 	if( is_method("PUBLISH|SUBSCRIBE")) {
>> 	    route(2);
>> 	}
>> 	
>> 	
>> 	if (is_method("REGISTER")) {
>> 		# authenticate the REGISTER requests (uncomment to enable auth)
>> 		if (!www_authorize("", "subscriber"))
>> 		{
>> 			www_challenge("", "0");
>> 			exit;
>> 		}
>> 		
>> 		if (!db_check_to())
>> 		{
>> 			sl_send_reply("403","Forbidden auth ID");
>> 			exit;
>> 		}
>>
>> 		if (!save("location"))
>> 			sl_reply_error();
>>
>> 		exit;
>> 	}
>>
>> 	if ($rU==NULL) {
>> 		# request with no Username in RURI
>> 		sl_send_reply("484","Address Incomplete");
>> 		exit;
>> 	}
>>
>> 	# media service number? (digits starting with *)
>> 	if($rU=~"^\*") {
>> 	    route(4);
>> 	}
>> 	
>> 	# apply DB based aliases (uncomment to enable)
>> 	alias_db_lookup("dbaliases");
>>
>> 	# do lookup with method filtering
>> 	if (!lookup("location","m")) {
>> 		switch ($retcode) {
>> 			case -1: # Note here: check for blacklist numbers
>> 				if (!check_blacklist("globalblacklist")) {
>> 				    sl_send_reply("403", "Forbidden");
>> 				    exit;
>> 				}
>> 				# Then route it !
>> 				cr_user_carrier("$fU", "$fd", "$avp(carrier)");
>> 				if($avp(carrier)==0) {
>> 				    xlog("L_INFO","Not here: default route [$fd/$fu/$rd/$ru/$si]\n");
>> 				
>> 				    if($(rU{s.len}) < 4) {
>> 					xlog("L_ERR", "Number incomplete/failure for $rU\n");
>> 					prefix("FAIL_");
>> 					route(4);
>> 				    }
>> 				
>> 				    if(!cr_route("default", "$fd", "$rU", "$rU", "call_id",
>> "$avp(host)")) {
>> 					xlog("L_ERR", "Number not found for $rU\n");
>> 					prefix("FAIL_");
>> 					route(4);
>> 				    }
>> 				} else {
>> 				    xlog("L_INFO","Not here: user route
>> [$fd/$fu/$rd/$ru/$si/$avp(carrier)]\n");
>> 				    $avp(domain)="voip.unisi.it";
>> 				    if (!cr_route("$avp(carrier)", "$avp(domain)", "$rU",
>> "$rU","call_id", "$avp(host)")) {
>> 					sl_send_reply("404", "Not found");
>> 					xlog("L_ERR", "cr_route failed\n");
>> 					exit;
>> 				    }
>> 				}
>> 				t_on_failure("1");
>> 				if (!t_relay()) {
>> 				    sl_reply_error();
>> 				};
>> 				exit;
>> 			case -3: # internal error
>> 				t_newtran();
>> 				t_reply("404", "Not Found");
>> 				exit;
>> 			case -2: # method not supported
>> 				sl_send_reply("405", "Method Not Allowed");
>> 				exit;
>> 		}
>> 	}
>>
>> 	# when routing via usrloc, log the missed calls also
>> 	# setflag(2);
>> 	
>> 	route(1);
>> }
>>
>> route[1] {
>> 	xlog("L_INFO","Route1  [$fd/$fu/$rd/$ru/$si/]\n");
>>
>>
>> 	# for INVITEs enable some additional helper routes
>> 	if (is_method("INVITE")) {
>> 		t_on_branch("2");
>> 		t_on_reply("2");
>> 		t_on_failure("1");
>> 	}
>>
>> 	if (!t_relay()) {
>> 		sl_reply_error();
>> 	};
>> 	exit;
>> }
>>
>>
>> # Presence route
>> route[2] {
>>     xlog("L_INFO","Route2  [$fd/$fu/$rd/$ru/$si/]\n");
>>
>>     if (!t_newtran())	{
>> 	sl_reply_error();
>> 	exit;
>>     };
>>
>>     if(is_method("PUBLISH")) {
>> 	handle_publish();
>>     } else if( is_method("SUBSCRIBE")) {
>> 	handle_subscribe();
>>     }
>>
>>     exit;
>> }
>>
>> route[4] {
>>     xlog("L_INFO","Route4  [$fd/$fu/$rd/$ru/$si/]\n");
>>
>>     rewritehostport("172.20.1.5:5060");
>>     route(1);
>> }
>>
>> branch_route[2] {
>>     xlog("L_INFO","Branch Route2  [$fd/$fu/$rd/$ru/$si/]\n");
>> }
>>
>> onreply_route[1] {
>>     xlog("L_INFO","OnReply Route1  [$fd/$fu/$rd/$ru/$si/]\n");
>>
>> }
>>
>> onreply_route[2] {
>>     xlog("L_INFO","OnReply Route2  [$fd/$fu/$rd/$ru/$si/]\n");
>>
>> }
>>
>> failure_route[1] {
>>     xlog("L_INFO","Failure Route1  [$fd/$fu/$rd/$ru/$si/]\n");
>>
>>     if (t_was_cancelled()) {
>>     	exit;
>>     }
>>
>>     if (t_check_status("408|5[0-9][0-9]")) {
>>         if(!cr_route("default", "$fd", "$rU", "$rU", "call_id",
>> "$avp(host)")){
>>     	    t_reply("403", "Not allowed");
>> 	} else {
>> 	    t_on_failure("2");
>> 	    t_relay();
>> 	}
>>     }
>> }
>>
>> failure_route[2] {
>>     xlog("L_INFO","Failure Route2  [$fd/$fu/$rd/$ru/$si/]\n");
>>
>>     if (t_was_cancelled()) {
>>     	exit;
>>     }
>>
>>     revert_uri();
>>     prefix("FAILURE_");
>>     rewritehostport("172.20.1.5:5060");
>>     t_relay();
>> }
>>
>>
>> Thanks.
>>
>> Michele
>>
>>
>> On 16/05/2013 10:35, Bogdan-Andrei Iancu wrote:
>>> Hi Michele,
>>>
>>> The acc_aaa_request() function will generate a RADIUS acc request on the
>>> spot, so it will happen for all your INVITEs disregarding if the calls
>>> will establish or not in the future.
>>>
>>> If you want to account only established calls, do not use the
>>> acc_aaa_request() function, but trigger the accounting via flags only.
>>> Use the aaa_flag only (do not set aa_missed_flag) and it should do the
>>> trick.
>>>
>>> Regards,
>>>
>>> Bogdan-Andrei Iancu
>>> OpenSIPS Founder and Developer
>>> http://www.opensips-solutions.com
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

-- 
Michele Pinassi
Responsabile Telefonia di Ateneo
Servizio Reti, Sistemi e Sicurezza Informatica - Università degli Studi
di Siena
tel: 0577.(23)2169 - fax: 0577.(23)2053

Per trovare una soluzione rapida ai tuoi problemi tecnici
consulta le FAQ di Ateneo, http://www.faq.unisi.it

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opensips.org/pipermail/users/attachments/20130517/7ce8bb8c/attachment.pgp>


More information about the Users mailing list