Hi Dan, To test the functionality of SIP-AVP, I am trying to get theses avp's in the registration block, shown below. Basically on sucessful registration the radius server returns the following attributes in acces-accpet
Attributes: SIP-AVP = "return-code=0" cisco-h323-credit-amount = "h323-credit-amount=4206"
so after registration I am trying to get the return code value. The registration block is shown below
route[2] { # ----------------------------------------------------------------- # REGISTER Message Handler # ---------------------------------------------------------------- xlog("L_NOTICE","Danish: Entering route[2]\n"); xlog("L_NOTICE","Danish: Register message IPsrcaddr [$si], RecvdIPaddr[$Ri]\n"); if (!search("^Contact:[ ]**") && nat_uac_test("2")) { xlog("L_NOTICE","Danish: In route[2] Found Nated contact\n"); setflag(6); setbflag(6); # if you want OPTIONS natpings uncomment next setbflag(7); fix_nated_register(); force_rport(); };
sl_send_reply("100", "Trying"); if (!radius_www_authorize("192.168.0.99")) { www_challenge("192.168.0.99", "1"); }; consume_credentials();
#avp_print(); xlog("L_NOTICE","Danish: Before is set check\n"); if(is_avp_set("$avp(s:return-code)")){ xlog("L_NOTICE","Danish: return code is set \n"); }; xlog("L_NOTICE","Danish: After is set check\n"); if(avp_check("$avp(s:return-code)", "eq/i:0/g")) { xlog("L_NOTICE","Danish: return code 0 received \n"); };
if (!save("location")) { sl_reply_error(); };
}
In my logs I see
058) DEBUG:auth_radius:generate_avps: getting SIP AVPs from avpair 225 4(11058) Danish: Before is set check 4(11058) Danish: After is set check 4(11058) DEBUG:avpops:ops_check_avp: no src avp found
so both conditional avp checks fail and the last debug line is a bit worrying I traced the first debug line above to sterman.c->generate_avps() so just under this debug line I added this piece of code
vp=rc_avpair_get(vp,attrs[A_SIP_AVP].v,0); if (vp != NULL) { DBG("DEBUG:auth_radius:generate_avps: strvalue %s\n", vp->strvalue); } else DBG("DEBUG:auth_radius:generate_avps: vp is null\n");
and this is what I got
4(11058) DEBUG:auth_radius:generate_avps: getting SIP AVPs from avpair 225 4(11058) DEBUG:auth_radius:generate_avps: vp is null
hence openser is not loading the SIP-avp in $avp(s:return-code). I think either I am missing something in the openser script or the way I am returning the attribute.
all relevant definitions in the cfg are given below:
loadmodule "/usr/local/lib/openser/modules/auth_radius.so" loadmodule "/usr/local/lib/openser/modules/uri_radius.so" loadmodule "/usr/local/lib/openser/modules/avp_radius.so" loadmodule "/usr/local/lib/openser/modules/avpops.so"
modparam("auth_radius|uri_radius|avp_radius", "radius_config", "/usr/local/etc/radiusclient-ng/radiusclient.conf") modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")
modparam("uri_db|usrloc", "db_url", "mysql://openser:openserrw@localhost/openser")
modparam("nathelper", "natping_interval", 20) modparam("nathelper", "ping_nated_only", 1) modparam("nathelper", "rtpproxy_sock", "unix:/var/run/rtpproxy.sock") modparam("nathelper", "received_avp", "$avp(i:42)") modparam("nathelper", "sipping_bflag", 7) modparam("nathelper", "sipping_from", "sip:pinger@abc.org")
modparam("registrar", "received_avp", "$avp(i:42)") modparam("usrloc", "db_mode", 2) modparam("usrloc", "nat_bflag", 6)
Hope this explains everything and you would be in a better position to help.
Regards, Danish ps: isnt there any sample script I can refer to for sip-avp radius configurations.
Hi Danish,
can u post the full block where you are doing these checks?
DanB
On 8/29/07, danish.samad@vocalseeds.com danish.samad@vocalseeds.com wrote:
Hi Dan, Thanks for the explanation, things are more clear now. Now I am returning a SIP-AVP from radius (for authentication), this is what I see in the logs
Attributes: SIP-AVP = "return-code=0" .......
In my script I do avp_print(); if(is_avp_set("$avp(s:return-code)")){ xlog("L_NOTICE","return code is set \n"); }; if(avp_check("$avp(s:return-code)", "eq/0/g")) { xlog("L_NOTICE","return code 0 received \n"); };
none of the checks pass and nothing is printed from avp_print. In openser logs I see this line
1(32550) DEBUG:auth_radius:generate_avps: getting SIP AVPs from avpair 225
am I missing some pre-requisites or what am I doing wrong.
Regards, Danish
Hi Danish,
for the moment you cannot process attributes other than SIP-AVP inside openser script. This one is automatically converted into avp. EG. A SIP-AVP attribute in the form of: "reason='No Credit'" should automatically create an AVP named reason with value "No Credit".
Hope that helps, DanB
On 8/29/07, danish.samad@vocalseeds.com danish.samad@vocalseeds.com wrote:
Hi Dan,
Thanks for your reply.
Actually I am currently returning an integer status value in cisco-h323-return-code (a vendor specific attribute). So basically
how
can I extract the value returned in this attribute, compare it and then
send
and sl reply.
Probably there is a way of loading this attr value in an avp and comparing it?
Regards, Danish
Hello Danish,
a solution would be returning a SIP-AVP, containing the reason for failure, and then forward this to the client using sl. Another one would be completely rewriting R-URI again from your SIP-AVP and then send the request to an announcement server (eg: ann:paymentrequired@your.server - which should play Payment
Required
annoucement).
Cheers, DanB
On 8/29/07, danish.samad@vocalseeds.com
wrote:
Hi,
I have configured openser-1.2 with a (commercial) third party
radius
server and it is working great. Now I have a requirement where I
need
to
check a radius return attribute in case an access reject is
received
in
response to an authorization request. Is there some way I can do
this
in the openser script.
Basically I want to send a 402 payment required message to a sip
client
in case the call is rejected due low balance. In such cases radius
returns
a status response code with access reject.
Thanks, Danish
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users