El Lunes, 6 de Julio de 2009, Uriel Rozenbaum escribió:
Hi Guys,
I was wondering how can I implement a proxy with Kamailio that can manage privacy and normalization of the calling party.
In an INVITE message I can get the calling party name (or number) in several places:
- From Header
- Remote-Party ID
- P-Asserted-Identity
- P-Preferred-Identity
How should I act in order to normalize or block the Calling Party to be passed to subsequent hops?
AFAIK I can change the From Header as long as the tag isn't modified. Is this really true? What about RPID or PAI? Should I Change the aliases there as well?
Forget RPID, it's a expired draft (even if it's widely extended).
If you receive a call from an user (not from a gw or proxy) the only important field is the From header (however P-Asserted-Identity could be useful when the user desires anonimous call, so the From is "sip:anonymous@XXXX").
P-Asserted-Identity only makes sense when you receive a call from a trusted node, this is, a node for which you don't ask authentication, this usually is a PSTN gateway, other proxy...
So, if an user sends PAI remove it in the proxy. You can also add it with the value YOU want (in the proxy). If you deliver the call to an user, remove the PAI (and PPI) since this info must not be displayed to an untrusted user.
Example A:
- User sip:alice@domain.org sends a call to PSTN number +12345678.
- The call arrives to the proxy which adds the user PSTN CLI: P-Asserted-Identity: tel:+3494123434
- The proxy routes the INVITE to the PSTN gw.
- The gw makes use of PAI header (preference over From header) and uses it as CLI in the PSTN side.
Example B:
- A PSTN gw sends to the proxy an INVITE with this data: INVITE sip:+003494123434@proxy_ip SIP/2.0 To: sip:+003494123434@proxy_ip From: sip:anonymous@invalid;tag=asdasdasd P-Asserted-Identity: tel:+4400998877 Privacy: id
- The caller ask for privace (Privacy: id) so the proxy removes the PAI header, locates the local user for that destination (alice) and sends the INVITE: INVITE sip:alice@IP SIP/2.0 To: sip:+003494123434@proxy_ip From: sip:anonymous@invalid;tag=asdasdasd
- So Alice receives an anonymous call. Note that the CLI is just hidden to the *last* destination. The CLI info is shared between telcos.
Example C:
- Alice wants to call to a PSTN number with hidden CLI, so she sends: INVITE sip:+0066444333@proxy_ip SIP/2.0 To: sip:+0066444333@proxy_ip From: sip:anonymous@invalid;tag=asdasdasd P-Preferred-Identity: sip:alice@domain.org Privacy: id
- The proxy must authenticate the user, but cannot do it based on From header (anonymous) but based on the PPI header. So the proxy generates a 407 with credentials for username=alice and realm=domain.org.
- After authentication, the proxy realizes that Alice is asking for privacy (Privacy: id). It adds PAI with Alice's associated PSTN CLI, and sends this INVITE to the gw: INVITE sip:+0066444333@proxy_ip SIP/2.0 To: sip:+0066444333@proxy_ip From: sip:anonymous@invalid;tag=asdasdasd P-Asserted-Identity: tel:+3494123434 Privacy: id
- The gw uses the PAI value as CLI, but asks for privacy since "Privacy: id" is present. It routes the call to the destination telco.
- The destination telco removes the PAI and sends the call to the final user (hidden CLI).
Hope it helps, but please, read carefully the RFC 3325.