[OpenSIPS-Users] Where to place acc_aaa_request ?
Bogdan-Andrei Iancu
bogdan at opensips.org
Fri May 17 13:00:38 CEST 2013
That means you do it (from OpenSIPS perspective) via RADIUS, and the
configuration seems ok for that ; Could you confirm that OpenSIPS is
sending RADIUS packages to the RADIUS server ? The RARDIUS server is the
one responsible for writing in whatever file or DB the received data.
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 05/17/2013 10:34 AM, Michele Pinassi wrote:
> Via Radius using acc module, as you suggest before !
>
> Michele
>
> On 16/05/2013 16:13, Bogdan-Andrei Iancu wrote:
>> Well, do you want to do accouting via RADIUS (aaa) or via DB (in acc
>> table) ???
>>
>> Regards,
>>
>> Bogdan-Andrei Iancu
>> OpenSIPS Founder and Developer
>> http://www.opensips-solutions.com
>>
>>
>> On 05/16/2013 01:18 PM, Michele Pinassi wrote:
>>> Thanks Bodgan for your kindly reply but now accounting don't work:
>>> nothing will be added to acc table !
>>>
>>> Here's the full routing logic. Maybe there's something wrong:
>>>
>>> modparam("aaa_radius", "radius_config",
>>> "/etc/radiusclient-ng/radiusclient.conf")
>>>
>>>
>>> modparam("acc", "early_media", 0)
>>> modparam("acc", "report_cancels", 0)
>>> modparam("acc", "detect_direction", 0)
>>> modparam("acc", "log_level", 1)
>>> modparam("acc", "aaa_url", "radius:/etc/radiusclient-ng/radiusclient.conf")
>>> modparam("acc", "aaa_flag", 1)
>>> modparam("acc", "aaa_extra", "via=$hdr(Via[*]); \
>>> Digest-User-Name=$Au; \
>>> Calling-Station-Id=$from; \
>>> Called-Station-Id=$to; \
>>> Sip-Translated-Request-URI=$ru; \
>>> Sip-RPid=$avp(s:rpid); \
>>> Source-IP=$avp(s:source_ip); \
>>> Source-Port=$avp(s:source_port); \
>>> SIP-Proxy-IP=$avp(s:sip_proxy_ip); \
>>> Canonical-URI=$avp(s:can_uri); \
>>>
>>> Divert-Reason=$avp(s:divert_reason); \
>>> User-Agent=$hdr(user-agent); \
>>> Contact=$hdr(contact); \
>>> Event=$hdr(event) ;\
>>> ENUM-TLD=$avp(s:enum_tld)")
>>>
>>>
>>> ####### Routing Logic ########
>>>
>>> route{
>>> if (!mf_process_maxfwd_header("10")) {
>>> sl_send_reply("483","Too Many Hops");
>>> exit;
>>> }
>>>
>>> if (msg:len >= 2048 ) {
>>> sl_send_reply("513", "Message too big");
>>> exit;
>>> };
>>>
>>> if (check_address("4","$si","$sp","$proto")) {
>>> # xlog("L_INFO","IP $si Allowed");
>>> } else {
>>> xlog("L_INFO","IP $si Forbidden");
>>> sl_send_reply("403", "Forbidden");
>>> }
>>>
>>>
>>> if (has_totag()) {
>>> if (loose_route()) {
>>> if (is_method("BYE")) {
>>> setflag(1);
>>> } else if (is_method("INVITE")) {
>>> record_route();
>>> }
>>> route(1);
>>> } else {
>>> /* uncomment the following lines if you want to enable presence */
>>> if (is_method("SUBSCRIBE") && $rd == "voip.unisi.it") {
>>> route(2);
>>> exit;
>>> }
>>> if ( is_method("ACK") ) {
>>> if ( t_check_trans() ) {
>>> t_relay();
>>> exit;
>>> } else {
>>> exit;
>>> }
>>> }
>>> sl_send_reply("404","Not here");
>>> }
>>> exit;
>>> }
>>>
>>> if (is_method("CANCEL"))
>>> {
>>> if (t_check_trans())
>>> t_relay();
>>> exit;
>>> }
>>>
>>> if (is_method("INVITE")) {
>>> setflag(1);
>>> }
>>>
>>> t_check_trans();
>>>
>>> if (!(method=="REGISTER") && is_from_local())
>>> {
>>> if(!check_source_address("0")){
>>> if (!proxy_authorize("", "subscriber")) {
>>> proxy_challenge("", "0");
>>> exit;
>>> }
>>> if (!db_check_from()) {
>>> sl_send_reply("403","Forbidden auth ID");
>>> exit;
>>> }
>>>
>>> consume_credentials();
>>> # caller authenticated
>>> }
>>> }
>>>
>>> # preloaded route checking
>>> if (loose_route()) {
>>> xlog("L_ERR", "Attempt to route with preloaded Route's
>>> [$fu/$tu/$ru/$ci]");
>>> if (!is_method("ACK"))
>>> sl_send_reply("403","Preload Route denied");
>>> exit;
>>> }
>>>
>>> # record routing
>>> if (!is_method("REGISTER|MESSAGE"))
>>> record_route();
>>>
>>> if (!uri==myself) {
>>> append_hf("P-hint: outbound\r\n");
>>> route(1);
>>> }
>>>
>>> if( is_method("PUBLISH|SUBSCRIBE")) {
>>> route(2);
>>> }
>>>
>>>
>>> if (is_method("REGISTER")) {
>>> # authenticate the REGISTER requests (uncomment to enable auth)
>>> if (!www_authorize("", "subscriber"))
>>> {
>>> www_challenge("", "0");
>>> exit;
>>> }
>>>
>>> if (!db_check_to())
>>> {
>>> sl_send_reply("403","Forbidden auth ID");
>>> exit;
>>> }
>>>
>>> if (!save("location"))
>>> sl_reply_error();
>>>
>>> exit;
>>> }
>>>
>>> if ($rU==NULL) {
>>> # request with no Username in RURI
>>> sl_send_reply("484","Address Incomplete");
>>> exit;
>>> }
>>>
>>> # media service number? (digits starting with *)
>>> if($rU=~"^\*") {
>>> route(4);
>>> }
>>>
>>> # apply DB based aliases (uncomment to enable)
>>> alias_db_lookup("dbaliases");
>>>
>>> # do lookup with method filtering
>>> if (!lookup("location","m")) {
>>> switch ($retcode) {
>>> case -1: # Note here: check for blacklist numbers
>>> if (!check_blacklist("globalblacklist")) {
>>> sl_send_reply("403", "Forbidden");
>>> exit;
>>> }
>>> # Then route it !
>>> cr_user_carrier("$fU", "$fd", "$avp(carrier)");
>>> if($avp(carrier)==0) {
>>> xlog("L_INFO","Not here: default route [$fd/$fu/$rd/$ru/$si]\n");
>>>
>>> if($(rU{s.len}) < 4) {
>>> xlog("L_ERR", "Number incomplete/failure for $rU\n");
>>> prefix("FAIL_");
>>> route(4);
>>> }
>>>
>>> if(!cr_route("default", "$fd", "$rU", "$rU", "call_id",
>>> "$avp(host)")) {
>>> xlog("L_ERR", "Number not found for $rU\n");
>>> prefix("FAIL_");
>>> route(4);
>>> }
>>> } else {
>>> xlog("L_INFO","Not here: user route
>>> [$fd/$fu/$rd/$ru/$si/$avp(carrier)]\n");
>>> $avp(domain)="voip.unisi.it";
>>> if (!cr_route("$avp(carrier)", "$avp(domain)", "$rU",
>>> "$rU","call_id", "$avp(host)")) {
>>> sl_send_reply("404", "Not found");
>>> xlog("L_ERR", "cr_route failed\n");
>>> exit;
>>> }
>>> }
>>> t_on_failure("1");
>>> if (!t_relay()) {
>>> sl_reply_error();
>>> };
>>> exit;
>>> case -3: # internal error
>>> t_newtran();
>>> t_reply("404", "Not Found");
>>> exit;
>>> case -2: # method not supported
>>> sl_send_reply("405", "Method Not Allowed");
>>> exit;
>>> }
>>> }
>>>
>>> # when routing via usrloc, log the missed calls also
>>> # setflag(2);
>>>
>>> route(1);
>>> }
>>>
>>> route[1] {
>>> xlog("L_INFO","Route1 [$fd/$fu/$rd/$ru/$si/]\n");
>>>
>>>
>>> # for INVITEs enable some additional helper routes
>>> if (is_method("INVITE")) {
>>> t_on_branch("2");
>>> t_on_reply("2");
>>> t_on_failure("1");
>>> }
>>>
>>> if (!t_relay()) {
>>> sl_reply_error();
>>> };
>>> exit;
>>> }
>>>
>>>
>>> # Presence route
>>> route[2] {
>>> xlog("L_INFO","Route2 [$fd/$fu/$rd/$ru/$si/]\n");
>>>
>>> if (!t_newtran()) {
>>> sl_reply_error();
>>> exit;
>>> };
>>>
>>> if(is_method("PUBLISH")) {
>>> handle_publish();
>>> } else if( is_method("SUBSCRIBE")) {
>>> handle_subscribe();
>>> }
>>>
>>> exit;
>>> }
>>>
>>> route[4] {
>>> xlog("L_INFO","Route4 [$fd/$fu/$rd/$ru/$si/]\n");
>>>
>>> rewritehostport("172.20.1.5:5060");
>>> route(1);
>>> }
>>>
>>> branch_route[2] {
>>> xlog("L_INFO","Branch Route2 [$fd/$fu/$rd/$ru/$si/]\n");
>>> }
>>>
>>> onreply_route[1] {
>>> xlog("L_INFO","OnReply Route1 [$fd/$fu/$rd/$ru/$si/]\n");
>>>
>>> }
>>>
>>> onreply_route[2] {
>>> xlog("L_INFO","OnReply Route2 [$fd/$fu/$rd/$ru/$si/]\n");
>>>
>>> }
>>>
>>> failure_route[1] {
>>> xlog("L_INFO","Failure Route1 [$fd/$fu/$rd/$ru/$si/]\n");
>>>
>>> if (t_was_cancelled()) {
>>> exit;
>>> }
>>>
>>> if (t_check_status("408|5[0-9][0-9]")) {
>>> if(!cr_route("default", "$fd", "$rU", "$rU", "call_id",
>>> "$avp(host)")){
>>> t_reply("403", "Not allowed");
>>> } else {
>>> t_on_failure("2");
>>> t_relay();
>>> }
>>> }
>>> }
>>>
>>> failure_route[2] {
>>> xlog("L_INFO","Failure Route2 [$fd/$fu/$rd/$ru/$si/]\n");
>>>
>>> if (t_was_cancelled()) {
>>> exit;
>>> }
>>>
>>> revert_uri();
>>> prefix("FAILURE_");
>>> rewritehostport("172.20.1.5:5060");
>>> t_relay();
>>> }
>>>
>>>
>>> Thanks.
>>>
>>> Michele
>>>
>>>
>>> On 16/05/2013 10:35, Bogdan-Andrei Iancu wrote:
>>>> Hi Michele,
>>>>
>>>> The acc_aaa_request() function will generate a RADIUS acc request on the
>>>> spot, so it will happen for all your INVITEs disregarding if the calls
>>>> will establish or not in the future.
>>>>
>>>> If you want to account only established calls, do not use the
>>>> acc_aaa_request() function, but trigger the accounting via flags only.
>>>> Use the aaa_flag only (do not set aa_missed_flag) and it should do the
>>>> trick.
>>>>
>>>> Regards,
>>>>
>>>> Bogdan-Andrei Iancu
>>>> OpenSIPS Founder and Developer
>>>> http://www.opensips-solutions.com
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20130517/568d1e63/attachment-0001.htm>
More information about the Users
mailing list