[r10376]: branches / 1.8 / modules / peering / README Maximize Restore History

Download this file

README    210 lines (149 with data), 6.2 kB

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
Peering Module

Juha Heinanen

   <jh@tutpro.com>

Edited by

Juha Heinanen

   <jh@tutpro.com>

Edited by

Irina-Maria Stanescu

   <ironmissy@gmail.com>

   Copyright © 2008 Juha Heinanen
   Revision History
   Revision $Revision: 10376 $ $Date: 2013-12-03 11:00:29 +0000 (Tue, 03 Dec 2013) $
     __________________________________________________________

   Table of Contents

   1. Admin Guide

        1.1. Overview
        1.2. Dependencies

              1.2.1. OpenSIPS Modules

        1.3. Exported Parameters

              1.3.1. aaa_url (string)
              1.3.2. verify_destination_service_type (integer)
              1.3.3. verify_source_service_type (integer)

        1.4. Exported Functions

              1.4.1. verify_destination()
              1.4.2. verify_source()

   List of Examples

   1.1. Set aaa_url parameter
   1.2. verify_destination_service_type parameter usage
   1.3. verify_source_service_type parameter usage
   1.4. verify_destination() usage
   1.5. verify_source() usage

Chapter 1. Admin Guide

1.1. Overview

   Peering module allows SIP providers (operators or
   organizations) to verify from a broker if source or destination
   of a SIP request is a trusted peer.

   In order to participate in the trust community provided by a
   broker, each SIP provider registers with the broker the domains
   (host parts of SIP URIs) that they serve. When a SIP proxy of a
   provider needs to send a SIP request to a non-local domain, it
   can find out from the broker using verify_destination()
   function if the non-local domain is served by a trusted peer.
   If so, the provider receives from the broker a hash of the SIP
   request and a timestamp that it includes in the request to the
   non-local domain. When a SIP proxy of the non-local domain
   receives the SIP request, it, in turn, can verify from the
   broker using verify_source() function if the request came from
   a trusted peer.

   Verification functions communicate with the broker using an AAA
   protocol.

   Comments and suggestions for improvements are welcome.

1.2. Dependencies

1.2.1. OpenSIPS Modules

   The module depends on the following modules (in the other words
   the listed modules must be loaded before this module):
     * an AAA implementing module

1.3. Exported Parameters

1.3.1. aaa_url (string)

   This is the url representing the AAA protocol used and the
   location of the configuration file of this protocol.

   If the parameter is set to empty string, the AAA accounting
   support will be disabled (even if compiled).

   Default value is “NULL”.

   Example 1.1. Set aaa_url parameter
...
modparam("peering", "aaa_url", "radius:/etc/radiusclient-ng/radiusclient
.conf")
...

1.3.2. verify_destination_service_type (integer)

   This is the value of the Service-Type AAA attribute to be used,
   when sender of SIP Request verifies request's destination using
   verify_destination() function.

   Default value is dictionary value of “Sip-Verify-Destination”
   Service-Type.

   Example 1.2. verify_destination_service_type parameter usage
...
modparam("peering", "verify_destination_service_type", 21)
...

1.3.3. verify_source_service_type (integer)

   This is the value of the Service-Type AAA attribute to be used,
   when receiver of SIP Request verifies request's source using
   verify_source() function.

   Default value is dictionary value of “Sip-Verify-Source”
   Service-Type.

   Example 1.3. verify_source_service_type parameter usage
...
modparam("peering", "verify_source_service_type", 22)
...

1.4. Exported Functions

1.4.1. verify_destination()

   Function verify_destination() queries from broker's AAA server
   if domain (host part) of Request URI is served by a trusted
   peer. AAA request contains the following attributes/values:
     * User-Name - Request-URI host
     * SIP-URI-User - Request-URI user
     * SIP-From-Tag - From tag
     * SIP-Call-Id - Call id
     * Service-Type - verify_destination_service_type

   Function returns value 1 if domain of Request URI is served by
   a trusted peer and -1 otherwise. In case of positive result,
   AAA server returns a set of SIP-AVP reply attributes. Value of
   each SIP-AVP is of form:

   [#]name(:|#)value

   Value of each SIP-AVP reply attribute is mapped to an OpenSIPS
   AVP. Prefix # in front of name or value indicates a string name
   or string value, respectively.

   One of the SIP-AVP reply attributes contains a string that the
   source peer must include "as is" in a P-Request-Hash header
   when it sends the SIP request to the destination peer. The
   string value may, for example, be of form hash@timestamp, where
   hash contains a hash calculated by the broker based on the
   attributes of the query and some local information and
   timestamp is the time when the calculation was done.

   AVP names used in reply attributes are assigned by the broker.

   This function can be used from REQUEST_ROUTE and FAILURE_ROUTE.

   Example 1.4. verify_destination() usage
...
if (verify_destination()) {
   append_hf("P-Request-Hash: $avp(hash)\r\n");
}
...

1.4.2. verify_source()

   Function verify_source() queries from broker's AAA server if
   SIP request was received from a trusted peer. AAA request
   contains the following attributes/values:
     * User-Name - Request-URI host
     * SIP-URI-User - Request-URI user
     * SIP-From-Tag - From tag
     * SIP-Call-Id - Call id
     * SIP-Request-Hash - body of P-Request-Hash header
     * Service-Type - verify_source_service_type

   Function returns value 1 if SIP request was received from a
   trusted peer and -1 otherwise. In case of positive result, AAA
   server may return a set of SIP-AVP reply attributes. Value of
   each SIP-AVP is of form:

   [#]name(:|#)value

   Value of each SIP-AVP reply attribute is mapped to an OpenSIPS
   AVP. Prefix # in front of name or value indicates a string name
   or string value, respectively.

   AVP names used in reply attributes are assigned by the broker.

   This function can be used from REQUEST_ROUTE and FAILURE_ROUTE.

   Example 1.5. verify_source() usage
...
if (is_present_hf("P-Request-Hash")) {
   if (verify_source()) {
      xlog("L_INFO", "Request came from trusted peer\n")
   }
}
...