[OpenSIPS-Users] Where to place acc_aaa_request ?
Michele Pinassi
michele.pinassi at unisi.it
Fri May 17 15:31:18 CEST 2013
Yes, the radius server receive the packets.
I saw them in the text log of freeradius server. Here's an entry example:
Fri May 17 13:54:11 2013
Acct-Status-Type = Stop
Service-Type = Sip-Session
Sip-Response-Code = 200
Sip-Method = Bye
Event-Timestamp = "May 17 2013 13:54:11 CEST"
Sip-From-Tag = "da61bce06d"
Sip-To-Tag = "6a3c0aa1e36e0c87i0"
Acct-Session-Id = "9f4987d21afa6fc9"
Digest-Attributes = 0x0a143530303540766f69702e756e6973692e6974
Calling-Station-Id = "sip:5005 at voip.unisi.it"
Called-Station-Id = "sip:2233 at 172.20.1.4"
Sip-Translated-Request-URI = "sip:2233 at 172.20.1.4:5060"
User-Agent = "Cisco/SPA502G-7.4.8a"
NAS-Port = 5060
Acct-Delay-Time = 0
NAS-IP-Address = 127.0.0.1
Acct-Unique-Session-Id = "de5f87e909fa9a63"
Timestamp = 1368791651
But in the 'radacc' mysql table i have all calls (missed too).
Michele
On 17/05/2013 13:00, Bogdan-Andrei Iancu wrote:
> That means you do it (from OpenSIPS perspective) via RADIUS, and the
> configuration seems ok for that ; Could you confirm that OpenSIPS is
> sending RADIUS packages to the RADIUS server ? The RARDIUS server is the
> one responsible for writing in whatever file or DB the received data.
>
> Regards,
>
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developer
> http://www.opensips-solutions.com
>
>
> On 05/17/2013 10:34 AM, Michele Pinassi wrote:
>> Via Radius using acc module, as you suggest before !
>>
>> Michele
>>
>> On 16/05/2013 16:13, Bogdan-Andrei Iancu wrote:
>>> Well, do you want to do accouting via RADIUS (aaa) or via DB (in acc
>>> table) ???
>>>
>>> Regards,
>>>
>>> Bogdan-Andrei Iancu
>>> OpenSIPS Founder and Developer
>>> http://www.opensips-solutions.com
>>>
>>>
>>> On 05/16/2013 01:18 PM, Michele Pinassi wrote:
>>>> Thanks Bodgan for your kindly reply but now accounting don't work:
>>>> nothing will be added to acc table !
>>>>
>>>> Here's the full routing logic. Maybe there's something wrong:
>>>>
>>>> modparam("aaa_radius", "radius_config",
>>>> "/etc/radiusclient-ng/radiusclient.conf")
>>>>
>>>>
>>>> modparam("acc", "early_media", 0)
>>>> modparam("acc", "report_cancels", 0)
>>>> modparam("acc", "detect_direction", 0)
>>>> modparam("acc", "log_level", 1)
>>>> modparam("acc", "aaa_url", "radius:/etc/radiusclient-ng/radiusclient.conf")
>>>> modparam("acc", "aaa_flag", 1)
>>>> modparam("acc", "aaa_extra", "via=$hdr(Via[*]); \
>>>> Digest-User-Name=$Au; \
>>>> Calling-Station-Id=$from; \
>>>> Called-Station-Id=$to; \
>>>> Sip-Translated-Request-URI=$ru; \
>>>> Sip-RPid=$avp(s:rpid); \
>>>> Source-IP=$avp(s:source_ip); \
>>>> Source-Port=$avp(s:source_port); \
>>>> SIP-Proxy-IP=$avp(s:sip_proxy_ip); \
>>>> Canonical-URI=$avp(s:can_uri); \
>>>>
>>>> Divert-Reason=$avp(s:divert_reason); \
>>>> User-Agent=$hdr(user-agent); \
>>>> Contact=$hdr(contact); \
>>>> Event=$hdr(event) ;\
>>>> ENUM-TLD=$avp(s:enum_tld)")
>>>>
>>>>
>>>> ####### Routing Logic ########
>>>>
>>>> route{
>>>> if (!mf_process_maxfwd_header("10")) {
>>>> sl_send_reply("483","Too Many Hops");
>>>> exit;
>>>> }
>>>>
>>>> if (msg:len >= 2048 ) {
>>>> sl_send_reply("513", "Message too big");
>>>> exit;
>>>> };
>>>>
>>>> if (check_address("4","$si","$sp","$proto")) {
>>>> # xlog("L_INFO","IP $si Allowed");
>>>> } else {
>>>> xlog("L_INFO","IP $si Forbidden");
>>>> sl_send_reply("403", "Forbidden");
>>>> }
>>>>
>>>>
>>>> if (has_totag()) {
>>>> if (loose_route()) {
>>>> if (is_method("BYE")) {
>>>> setflag(1);
>>>> } else if (is_method("INVITE")) {
>>>> record_route();
>>>> }
>>>> route(1);
>>>> } else {
>>>> /* uncomment the following lines if you want to enable presence */
>>>> if (is_method("SUBSCRIBE") && $rd == "voip.unisi.it") {
>>>> route(2);
>>>> exit;
>>>> }
>>>> if ( is_method("ACK") ) {
>>>> if ( t_check_trans() ) {
>>>> t_relay();
>>>> exit;
>>>> } else {
>>>> exit;
>>>> }
>>>> }
>>>> sl_send_reply("404","Not here");
>>>> }
>>>> exit;
>>>> }
>>>>
>>>> if (is_method("CANCEL"))
>>>> {
>>>> if (t_check_trans())
>>>> t_relay();
>>>> exit;
>>>> }
>>>>
>>>> if (is_method("INVITE")) {
>>>> setflag(1);
>>>> }
>>>>
>>>> t_check_trans();
>>>>
>>>> if (!(method=="REGISTER") && is_from_local())
>>>> {
>>>> if(!check_source_address("0")){
>>>> if (!proxy_authorize("", "subscriber")) {
>>>> proxy_challenge("", "0");
>>>> exit;
>>>> }
>>>> if (!db_check_from()) {
>>>> sl_send_reply("403","Forbidden auth ID");
>>>> exit;
>>>> }
>>>>
>>>> consume_credentials();
>>>> # caller authenticated
>>>> }
>>>> }
>>>>
>>>> # preloaded route checking
>>>> if (loose_route()) {
>>>> xlog("L_ERR", "Attempt to route with preloaded Route's
>>>> [$fu/$tu/$ru/$ci]");
>>>> if (!is_method("ACK"))
>>>> sl_send_reply("403","Preload Route denied");
>>>> exit;
>>>> }
>>>>
>>>> # record routing
>>>> if (!is_method("REGISTER|MESSAGE"))
>>>> record_route();
>>>>
>>>> if (!uri==myself) {
>>>> append_hf("P-hint: outbound\r\n");
>>>> route(1);
>>>> }
>>>>
>>>> if( is_method("PUBLISH|SUBSCRIBE")) {
>>>> route(2);
>>>> }
>>>>
>>>>
>>>> if (is_method("REGISTER")) {
>>>> # authenticate the REGISTER requests (uncomment to enable auth)
>>>> if (!www_authorize("", "subscriber"))
>>>> {
>>>> www_challenge("", "0");
>>>> exit;
>>>> }
>>>>
>>>> if (!db_check_to())
>>>> {
>>>> sl_send_reply("403","Forbidden auth ID");
>>>> exit;
>>>> }
>>>>
>>>> if (!save("location"))
>>>> sl_reply_error();
>>>>
>>>> exit;
>>>> }
>>>>
>>>> if ($rU==NULL) {
>>>> # request with no Username in RURI
>>>> sl_send_reply("484","Address Incomplete");
>>>> exit;
>>>> }
>>>>
>>>> # media service number? (digits starting with *)
>>>> if($rU=~"^\*") {
>>>> route(4);
>>>> }
>>>>
>>>> # apply DB based aliases (uncomment to enable)
>>>> alias_db_lookup("dbaliases");
>>>>
>>>> # do lookup with method filtering
>>>> if (!lookup("location","m")) {
>>>> switch ($retcode) {
>>>> case -1: # Note here: check for blacklist numbers
>>>> if (!check_blacklist("globalblacklist")) {
>>>> sl_send_reply("403", "Forbidden");
>>>> exit;
>>>> }
>>>> # Then route it !
>>>> cr_user_carrier("$fU", "$fd", "$avp(carrier)");
>>>> if($avp(carrier)==0) {
>>>> xlog("L_INFO","Not here: default route [$fd/$fu/$rd/$ru/$si]\n");
>>>>
>>>> if($(rU{s.len}) < 4) {
>>>> xlog("L_ERR", "Number incomplete/failure for $rU\n");
>>>> prefix("FAIL_");
>>>> route(4);
>>>> }
>>>>
>>>> if(!cr_route("default", "$fd", "$rU", "$rU", "call_id",
>>>> "$avp(host)")) {
>>>> xlog("L_ERR", "Number not found for $rU\n");
>>>> prefix("FAIL_");
>>>> route(4);
>>>> }
>>>> } else {
>>>> xlog("L_INFO","Not here: user route
>>>> [$fd/$fu/$rd/$ru/$si/$avp(carrier)]\n");
>>>> $avp(domain)="voip.unisi.it";
>>>> if (!cr_route("$avp(carrier)", "$avp(domain)", "$rU",
>>>> "$rU","call_id", "$avp(host)")) {
>>>> sl_send_reply("404", "Not found");
>>>> xlog("L_ERR", "cr_route failed\n");
>>>> exit;
>>>> }
>>>> }
>>>> t_on_failure("1");
>>>> if (!t_relay()) {
>>>> sl_reply_error();
>>>> };
>>>> exit;
>>>> case -3: # internal error
>>>> t_newtran();
>>>> t_reply("404", "Not Found");
>>>> exit;
>>>> case -2: # method not supported
>>>> sl_send_reply("405", "Method Not Allowed");
>>>> exit;
>>>> }
>>>> }
>>>>
>>>> # when routing via usrloc, log the missed calls also
>>>> # setflag(2);
>>>>
>>>> route(1);
>>>> }
>>>>
>>>> route[1] {
>>>> xlog("L_INFO","Route1 [$fd/$fu/$rd/$ru/$si/]\n");
>>>>
>>>>
>>>> # for INVITEs enable some additional helper routes
>>>> if (is_method("INVITE")) {
>>>> t_on_branch("2");
>>>> t_on_reply("2");
>>>> t_on_failure("1");
>>>> }
>>>>
>>>> if (!t_relay()) {
>>>> sl_reply_error();
>>>> };
>>>> exit;
>>>> }
>>>>
>>>>
>>>> # Presence route
>>>> route[2] {
>>>> xlog("L_INFO","Route2 [$fd/$fu/$rd/$ru/$si/]\n");
>>>>
>>>> if (!t_newtran()) {
>>>> sl_reply_error();
>>>> exit;
>>>> };
>>>>
>>>> if(is_method("PUBLISH")) {
>>>> handle_publish();
>>>> } else if( is_method("SUBSCRIBE")) {
>>>> handle_subscribe();
>>>> }
>>>>
>>>> exit;
>>>> }
>>>>
>>>> route[4] {
>>>> xlog("L_INFO","Route4 [$fd/$fu/$rd/$ru/$si/]\n");
>>>>
>>>> rewritehostport("172.20.1.5:5060");
>>>> route(1);
>>>> }
>>>>
>>>> branch_route[2] {
>>>> xlog("L_INFO","Branch Route2 [$fd/$fu/$rd/$ru/$si/]\n");
>>>> }
>>>>
>>>> onreply_route[1] {
>>>> xlog("L_INFO","OnReply Route1 [$fd/$fu/$rd/$ru/$si/]\n");
>>>>
>>>> }
>>>>
>>>> onreply_route[2] {
>>>> xlog("L_INFO","OnReply Route2 [$fd/$fu/$rd/$ru/$si/]\n");
>>>>
>>>> }
>>>>
>>>> failure_route[1] {
>>>> xlog("L_INFO","Failure Route1 [$fd/$fu/$rd/$ru/$si/]\n");
>>>>
>>>> if (t_was_cancelled()) {
>>>> exit;
>>>> }
>>>>
>>>> if (t_check_status("408|5[0-9][0-9]")) {
>>>> if(!cr_route("default", "$fd", "$rU", "$rU", "call_id",
>>>> "$avp(host)")){
>>>> t_reply("403", "Not allowed");
>>>> } else {
>>>> t_on_failure("2");
>>>> t_relay();
>>>> }
>>>> }
>>>> }
>>>>
>>>> failure_route[2] {
>>>> xlog("L_INFO","Failure Route2 [$fd/$fu/$rd/$ru/$si/]\n");
>>>>
>>>> if (t_was_cancelled()) {
>>>> exit;
>>>> }
>>>>
>>>> revert_uri();
>>>> prefix("FAILURE_");
>>>> rewritehostport("172.20.1.5:5060");
>>>> t_relay();
>>>> }
>>>>
>>>>
>>>> Thanks.
>>>>
>>>> Michele
>>>>
>>>>
>>>> On 16/05/2013 10:35, Bogdan-Andrei Iancu wrote:
>>>>> Hi Michele,
>>>>>
>>>>> The acc_aaa_request() function will generate a RADIUS acc request on the
>>>>> spot, so it will happen for all your INVITEs disregarding if the calls
>>>>> will establish or not in the future.
>>>>>
>>>>> If you want to account only established calls, do not use the
>>>>> acc_aaa_request() function, but trigger the accounting via flags only.
>>>>> Use the aaa_flag only (do not set aa_missed_flag) and it should do the
>>>>> trick.
>>>>>
>>>>> Regards,
>>>>>
>>>>> Bogdan-Andrei Iancu
>>>>> OpenSIPS Founder and Developer
>>>>> http://www.opensips-solutions.com
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at lists.opensips.org
>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
--
Michele Pinassi
Responsabile Telefonia di Ateneo
Servizio Reti, Sistemi e Sicurezza Informatica - Università degli Studi
di Siena
tel: 0577.(23)2169 - fax: 0577.(23)2053
Per trovare una soluzione rapida ai tuoi problemi tecnici
consulta le FAQ di Ateneo, http://www.faq.unisi.it
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opensips.org/pipermail/users/attachments/20130517/e167c086/attachment-0001.pgp>
More information about the Users
mailing list