[OpenSIPS-Users] Where to place acc_aaa_request ?

Michele Pinassi michele.pinassi at unisi.it
Fri May 17 15:31:18 CEST 2013


Yes, the radius server receive the packets.

I saw them in the text log of freeradius server. Here's an entry example:

Fri May 17 13:54:11 2013
	Acct-Status-Type = Stop
	Service-Type = Sip-Session
	Sip-Response-Code = 200
	Sip-Method = Bye
	Event-Timestamp = "May 17 2013 13:54:11 CEST"
	Sip-From-Tag = "da61bce06d"
	Sip-To-Tag = "6a3c0aa1e36e0c87i0"
	Acct-Session-Id = "9f4987d21afa6fc9"
	Digest-Attributes = 0x0a143530303540766f69702e756e6973692e6974
	Calling-Station-Id = "sip:5005 at voip.unisi.it"
	Called-Station-Id = "sip:2233 at 172.20.1.4"
	Sip-Translated-Request-URI = "sip:2233 at 172.20.1.4:5060"
	User-Agent = "Cisco/SPA502G-7.4.8a"
	NAS-Port = 5060
	Acct-Delay-Time = 0
	NAS-IP-Address = 127.0.0.1
	Acct-Unique-Session-Id = "de5f87e909fa9a63"
	Timestamp = 1368791651


But in the 'radacc' mysql table i have all calls (missed too).

Michele


On 17/05/2013 13:00, Bogdan-Andrei Iancu wrote:
> That means you do it (from OpenSIPS perspective) via RADIUS, and the
> configuration seems ok for that ; Could you confirm that OpenSIPS is
> sending RADIUS packages to the RADIUS server ? The RARDIUS server is the
> one responsible for writing in whatever file or DB the received data.
> 
> Regards,
> 
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developer
> http://www.opensips-solutions.com
> 
> 
> On 05/17/2013 10:34 AM, Michele Pinassi wrote:
>> Via Radius using acc module, as you suggest before !
>>
>> Michele
>>
>> On 16/05/2013 16:13, Bogdan-Andrei Iancu wrote:
>>> Well, do you want to do accouting via RADIUS (aaa) or via DB (in acc
>>> table) ???
>>>
>>> Regards,
>>>
>>> Bogdan-Andrei Iancu
>>> OpenSIPS Founder and Developer
>>> http://www.opensips-solutions.com
>>>
>>>
>>> On 05/16/2013 01:18 PM, Michele Pinassi wrote:
>>>> Thanks Bodgan for your kindly reply but now accounting don't work:
>>>> nothing will be added to acc table !
>>>>
>>>> Here's the full routing logic. Maybe there's something wrong:
>>>>
>>>> modparam("aaa_radius", "radius_config",
>>>> "/etc/radiusclient-ng/radiusclient.conf")
>>>>
>>>>
>>>> modparam("acc", "early_media", 0)
>>>> modparam("acc", "report_cancels", 0)
>>>> modparam("acc", "detect_direction", 0)
>>>> modparam("acc", "log_level", 1)
>>>> modparam("acc", "aaa_url", "radius:/etc/radiusclient-ng/radiusclient.conf")
>>>> modparam("acc", "aaa_flag", 1)
>>>> modparam("acc", "aaa_extra",          "via=$hdr(Via[*]); \
>>>>                                        Digest-User-Name=$Au; \
>>>>                                        Calling-Station-Id=$from; \
>>>>                                        Called-Station-Id=$to; \
>>>>                                        Sip-Translated-Request-URI=$ru; \
>>>>                                        Sip-RPid=$avp(s:rpid); \
>>>>                                        Source-IP=$avp(s:source_ip); \
>>>>                                        Source-Port=$avp(s:source_port); \
>>>>                                        SIP-Proxy-IP=$avp(s:sip_proxy_ip); \
>>>>                                        Canonical-URI=$avp(s:can_uri); \
>>>>
>>>> Divert-Reason=$avp(s:divert_reason); \
>>>>                                        User-Agent=$hdr(user-agent); \
>>>>                                        Contact=$hdr(contact); \
>>>>                                        Event=$hdr(event) ;\
>>>>                                        ENUM-TLD=$avp(s:enum_tld)")
>>>>
>>>>
>>>> ####### Routing Logic ########
>>>>
>>>> route{
>>>> 	if (!mf_process_maxfwd_header("10")) {
>>>> 	    sl_send_reply("483","Too Many Hops");
>>>> 	    exit;
>>>> 	}
>>>> 	
>>>> 	if (msg:len >= 2048 ) {
>>>> 	    sl_send_reply("513", "Message too big");
>>>> 	    exit;
>>>> 	};
>>>> 	
>>>> 	if (check_address("4","$si","$sp","$proto")) {
>>>> # 	    xlog("L_INFO","IP $si Allowed");
>>>> 	} else {
>>>> 	    xlog("L_INFO","IP $si Forbidden");
>>>> 	    sl_send_reply("403", "Forbidden");
>>>> 	}
>>>> 	
>>>> 	
>>>> 	if (has_totag()) {
>>>> 		if (loose_route()) {
>>>> 			if (is_method("BYE")) {
>>>> 				setflag(1);
>>>> 			} else if (is_method("INVITE")) {
>>>> 				record_route();
>>>> 			}
>>>>     			route(1);
>>>> 		} else {
>>>> 			/* uncomment the following lines if you want to enable presence */
>>>> 			if (is_method("SUBSCRIBE") && $rd == "voip.unisi.it") {
>>>> 				route(2);
>>>> 				exit;
>>>> 			}
>>>> 			if ( is_method("ACK") ) {
>>>> 				if ( t_check_trans() ) {
>>>> 					t_relay();
>>>> 					exit;
>>>> 				} else {
>>>> 					exit;
>>>> 				}
>>>> 			}
>>>> 			sl_send_reply("404","Not here");
>>>> 		}
>>>> 		exit;
>>>> 	}
>>>>
>>>> 	if (is_method("CANCEL"))
>>>> 	{
>>>> 		if (t_check_trans())
>>>> 			t_relay();
>>>> 		exit;
>>>> 	}
>>>>
>>>> 	if (is_method("INVITE")) {
>>>> 	    setflag(1);
>>>> 	}
>>>>
>>>> 	t_check_trans();
>>>>
>>>> 	if (!(method=="REGISTER") && is_from_local())
>>>> 	{
>>>> 		if(!check_source_address("0")){
>>>> 		    if (!proxy_authorize("", "subscriber")) {
>>>> 			proxy_challenge("", "0");
>>>> 			exit;
>>>> 		    }
>>>> 		    if (!db_check_from()) {
>>>> 			sl_send_reply("403","Forbidden auth ID");
>>>> 			exit;
>>>> 		    }
>>>> 	
>>>> 		    consume_credentials();
>>>> 		    # caller authenticated
>>>> 		}
>>>> 	}
>>>>
>>>> 	# preloaded route checking
>>>> 	if (loose_route()) {
>>>> 		xlog("L_ERR", "Attempt to route with preloaded Route's
>>>> [$fu/$tu/$ru/$ci]");
>>>> 		if (!is_method("ACK"))
>>>> 			sl_send_reply("403","Preload Route denied");
>>>> 		exit;
>>>> 	}
>>>>
>>>> 	# record routing
>>>> 	if (!is_method("REGISTER|MESSAGE"))
>>>> 		record_route();
>>>>
>>>> 	if (!uri==myself) {
>>>> 		append_hf("P-hint: outbound\r\n");
>>>> 		route(1);
>>>> 	}
>>>>
>>>> 	if( is_method("PUBLISH|SUBSCRIBE")) {
>>>> 	    route(2);
>>>> 	}
>>>> 	
>>>> 	
>>>> 	if (is_method("REGISTER")) {
>>>> 		# authenticate the REGISTER requests (uncomment to enable auth)
>>>> 		if (!www_authorize("", "subscriber"))
>>>> 		{
>>>> 			www_challenge("", "0");
>>>> 			exit;
>>>> 		}
>>>> 		
>>>> 		if (!db_check_to())
>>>> 		{
>>>> 			sl_send_reply("403","Forbidden auth ID");
>>>> 			exit;
>>>> 		}
>>>>
>>>> 		if (!save("location"))
>>>> 			sl_reply_error();
>>>>
>>>> 		exit;
>>>> 	}
>>>>
>>>> 	if ($rU==NULL) {
>>>> 		# request with no Username in RURI
>>>> 		sl_send_reply("484","Address Incomplete");
>>>> 		exit;
>>>> 	}
>>>>
>>>> 	# media service number? (digits starting with *)
>>>> 	if($rU=~"^\*") {
>>>> 	    route(4);
>>>> 	}
>>>> 	
>>>> 	# apply DB based aliases (uncomment to enable)
>>>> 	alias_db_lookup("dbaliases");
>>>>
>>>> 	# do lookup with method filtering
>>>> 	if (!lookup("location","m")) {
>>>> 		switch ($retcode) {
>>>> 			case -1: # Note here: check for blacklist numbers
>>>> 				if (!check_blacklist("globalblacklist")) {
>>>> 				    sl_send_reply("403", "Forbidden");
>>>> 				    exit;
>>>> 				}
>>>> 				# Then route it !
>>>> 				cr_user_carrier("$fU", "$fd", "$avp(carrier)");
>>>> 				if($avp(carrier)==0) {
>>>> 				    xlog("L_INFO","Not here: default route [$fd/$fu/$rd/$ru/$si]\n");
>>>> 				
>>>> 				    if($(rU{s.len}) < 4) {
>>>> 					xlog("L_ERR", "Number incomplete/failure for $rU\n");
>>>> 					prefix("FAIL_");
>>>> 					route(4);
>>>> 				    }
>>>> 				
>>>> 				    if(!cr_route("default", "$fd", "$rU", "$rU", "call_id",
>>>> "$avp(host)")) {
>>>> 					xlog("L_ERR", "Number not found for $rU\n");
>>>> 					prefix("FAIL_");
>>>> 					route(4);
>>>> 				    }
>>>> 				} else {
>>>> 				    xlog("L_INFO","Not here: user route
>>>> [$fd/$fu/$rd/$ru/$si/$avp(carrier)]\n");
>>>> 				    $avp(domain)="voip.unisi.it";
>>>> 				    if (!cr_route("$avp(carrier)", "$avp(domain)", "$rU",
>>>> "$rU","call_id", "$avp(host)")) {
>>>> 					sl_send_reply("404", "Not found");
>>>> 					xlog("L_ERR", "cr_route failed\n");
>>>> 					exit;
>>>> 				    }
>>>> 				}
>>>> 				t_on_failure("1");
>>>> 				if (!t_relay()) {
>>>> 				    sl_reply_error();
>>>> 				};
>>>> 				exit;
>>>> 			case -3: # internal error
>>>> 				t_newtran();
>>>> 				t_reply("404", "Not Found");
>>>> 				exit;
>>>> 			case -2: # method not supported
>>>> 				sl_send_reply("405", "Method Not Allowed");
>>>> 				exit;
>>>> 		}
>>>> 	}
>>>>
>>>> 	# when routing via usrloc, log the missed calls also
>>>> 	# setflag(2);
>>>> 	
>>>> 	route(1);
>>>> }
>>>>
>>>> route[1] {
>>>> 	xlog("L_INFO","Route1  [$fd/$fu/$rd/$ru/$si/]\n");
>>>>
>>>>
>>>> 	# for INVITEs enable some additional helper routes
>>>> 	if (is_method("INVITE")) {
>>>> 		t_on_branch("2");
>>>> 		t_on_reply("2");
>>>> 		t_on_failure("1");
>>>> 	}
>>>>
>>>> 	if (!t_relay()) {
>>>> 		sl_reply_error();
>>>> 	};
>>>> 	exit;
>>>> }
>>>>
>>>>
>>>> # Presence route
>>>> route[2] {
>>>>     xlog("L_INFO","Route2  [$fd/$fu/$rd/$ru/$si/]\n");
>>>>
>>>>     if (!t_newtran())	{
>>>> 	sl_reply_error();
>>>> 	exit;
>>>>     };
>>>>
>>>>     if(is_method("PUBLISH")) {
>>>> 	handle_publish();
>>>>     } else if( is_method("SUBSCRIBE")) {
>>>> 	handle_subscribe();
>>>>     }
>>>>
>>>>     exit;
>>>> }
>>>>
>>>> route[4] {
>>>>     xlog("L_INFO","Route4  [$fd/$fu/$rd/$ru/$si/]\n");
>>>>
>>>>     rewritehostport("172.20.1.5:5060");
>>>>     route(1);
>>>> }
>>>>
>>>> branch_route[2] {
>>>>     xlog("L_INFO","Branch Route2  [$fd/$fu/$rd/$ru/$si/]\n");
>>>> }
>>>>
>>>> onreply_route[1] {
>>>>     xlog("L_INFO","OnReply Route1  [$fd/$fu/$rd/$ru/$si/]\n");
>>>>
>>>> }
>>>>
>>>> onreply_route[2] {
>>>>     xlog("L_INFO","OnReply Route2  [$fd/$fu/$rd/$ru/$si/]\n");
>>>>
>>>> }
>>>>
>>>> failure_route[1] {
>>>>     xlog("L_INFO","Failure Route1  [$fd/$fu/$rd/$ru/$si/]\n");
>>>>
>>>>     if (t_was_cancelled()) {
>>>>     	exit;
>>>>     }
>>>>
>>>>     if (t_check_status("408|5[0-9][0-9]")) {
>>>>         if(!cr_route("default", "$fd", "$rU", "$rU", "call_id",
>>>> "$avp(host)")){
>>>>     	    t_reply("403", "Not allowed");
>>>> 	} else {
>>>> 	    t_on_failure("2");
>>>> 	    t_relay();
>>>> 	}
>>>>     }
>>>> }
>>>>
>>>> failure_route[2] {
>>>>     xlog("L_INFO","Failure Route2  [$fd/$fu/$rd/$ru/$si/]\n");
>>>>
>>>>     if (t_was_cancelled()) {
>>>>     	exit;
>>>>     }
>>>>
>>>>     revert_uri();
>>>>     prefix("FAILURE_");
>>>>     rewritehostport("172.20.1.5:5060");
>>>>     t_relay();
>>>> }
>>>>
>>>>
>>>> Thanks.
>>>>
>>>> Michele
>>>>
>>>>
>>>> On 16/05/2013 10:35, Bogdan-Andrei Iancu wrote:
>>>>> Hi Michele,
>>>>>
>>>>> The acc_aaa_request() function will generate a RADIUS acc request on the
>>>>> spot, so it will happen for all your INVITEs disregarding if the calls
>>>>> will establish or not in the future.
>>>>>
>>>>> If you want to account only established calls, do not use the
>>>>> acc_aaa_request() function, but trigger the accounting via flags only.
>>>>> Use the aaa_flag only (do not set aa_missed_flag) and it should do the
>>>>> trick.
>>>>>
>>>>> Regards,
>>>>>
>>>>> Bogdan-Andrei Iancu
>>>>> OpenSIPS Founder and Developer
>>>>> http://www.opensips-solutions.com
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at lists.opensips.org
>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

-- 
Michele Pinassi
Responsabile Telefonia di Ateneo
Servizio Reti, Sistemi e Sicurezza Informatica - Università degli Studi
di Siena
tel: 0577.(23)2169 - fax: 0577.(23)2053

Per trovare una soluzione rapida ai tuoi problemi tecnici
consulta le FAQ di Ateneo, http://www.faq.unisi.it

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opensips.org/pipermail/users/attachments/20130517/e167c086/attachment-0001.pgp>


More information about the Users mailing list