[OpenSIPS-Users] AAA_diameter usage

Carsten Bock carsten.bock.private at gmail.com
Tue Jul 9 11:18:08 UTC 2024 

Hi,

I've been playing around with the latest aaa_diameter module from OpenSIPS
master. I am currently sending authentications using Diameter (MAR), which
works just fine, and I have also tried to extend this to send a SAR request.

>From my config:
loadmodule "aaa_diameter.so"
modparam("aaa_diameter", "realm", "ims.mnc001.mcc001.3gppnetwork.org")
modparam("aaa_diameter", "peer_identity", "
scscf-1-dev.mnc001.mcc001.3gppnetwork.org")
modparam("aaa_diameter", "fd_log_level", 0)
# modparam("aaa_diameter", "aaa_url",
"diameter:/etc/opensips/freeDiameter.conf;extra-avps-file:/etc/opensips/aka_av_diameter.dictionary")

loadmodule "auth.so"
loadmodule "auth_aka.so"
modparam("auth_aka", "default_av_mgm", "diameter")
modparam("auth_aka", "default_qop", "auth,auth-int")
modparam("auth_aka", "default_algorithm", "AKAv1-MD5")

loadmodule "aka_av_diameter.so"
modparam("aka_av_diameter", "aaa_url",
"diameter:/etc/opensips/freeDiameter.conf;extra-avps-file:/etc/opensips/aka_av_diameter.dictionary"
)
modparam("aka_av_diameter", "realm", "ims.mnc001.mcc001.3gppnetwork.org")

The first thing I've noticed is that the current master crashes if I define
two different "aaa_url"s, e.g., in "aka_av_diameter" for MAR and
"aaa_diameter" for all other Diameter requests. However, if I only define
the "aaa_url" for the "aka_av_diameter" module, OpenSIPS seems fine.

My Diameter Config is limited to only basic stack configuration and a
single peer (the HSS).

For sending a SAR request, I've extended the dictionary accordingly:
ATTRIBUTE Server-Assignment-Type              614 integer  10415
ATTRIBUTE User-Data-Already-Available         624 integer  10415
ATTRIBUTE Cx-User-Data  606 string 10415

(TS 29.229 17.2 mentions "Server-Assignment-Type" and
"User-Data-Already-Available" types should be an Enumeration, however
looking at "app_opensips/avps.c" from the aaa_diameter module indicates
that enums are internally handled as integers, so I used integers instead)

When adding these attributes to the SAR request, OpenSIPS fails to start,
with meaningless errors.

REQUEST 301 Server-Assignment Request
{
Session-Id | REQUIRED | 1
Origin-Host | REQUIRED | 1
Origin-Realm | REQUIRED | 1
Destination-Realm | REQUIRED | 1
Auth-Session-State | REQUIRED | 1
User-Name | REQUIRED | 1
User-Data-Already-Available | REQUIRED | 1
Server-Assignment-Type | REQUIRED | 1
Public-Identity | REQUIRED | 1
Server-Name | REQUIRED | 1
}

The definition itself seems to be fine: If I rename the
"Server-Assignment-Type" to "SAT" and "User-Data-Already-Available" to
"UDA-Available", OpenSIPS starts. However, if I follow the examples (e.g.
module docs for aaa_diameter and here
https://www.opensips.org/Documentation/Tutorials-Diameter-Client-Server), I
fail to send the Diameter-Request:

11:10:14  ERROR  ERROR: Invalid parameter '(((avp) && (((struct
msg_avp_chain *)(avp))->type == MSG_AVP) && (((struct avp
*)(avp))->avp_eyec == (0x11355467))) && pdata)', 22

Am I missing something? Can someone share some example code for sending a
SAR request? Is the documentation missing something?

Thanks,
Carsten
--
Schöne Grüße aus Hamburg, dem Tor zur Welt,
Carsten Bock

T +49 179 2021244 I carsten at bock.info
LinkedIn: https://www.linkedin.com/in/carstenbock/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20240709/47a2aab9/attachment.html>

More information about the Users mailing list