6 Jul
2009
6 Jul
'09
3:25 p.m.
Hi Guys,
I was wondering how can I implement a proxy with Kamailio that can manage
privacy and normalization of the calling party.
In an INVITE message I can get the calling party name (or number) in several
places:
1. From Header
2. Remote-Party ID
3. P-Asserted-Identity
4. P-Preferred-Identity
How should I act in order to normalize or block the Calling Party to be
passed to subsequent hops?
AFAIK I can change the From Header as long as the tag isn't modified. Is
this really true?
What about RPID or PAI? Should I Change the aliases there as well?
Thanks in advance to all!
Uriel
6 Jul
6 Jul
3:45 p.m.
El Lunes, 6 de Julio de 2009, Uriel Rozenbaum escribió:
Hi Guys,
I was wondering how can I implement a proxy with Kamailio that can manage
privacy and normalization of the calling party.
In an INVITE message I can get the calling party name (or number) in
several places:
1. From Header
2. Remote-Party ID
3. P-Asserted-Identity
4. P-Preferred-Identity
How should I act in order to normalize or block the Calling Party to be
passed to subsequent hops?
AFAIK I can change the From Header as long as the tag isn't modified. Is
this really true?
What about RPID or PAI? Should I Change the aliases there as well?
Forget RPID, it's a expired draft (even if it's widely extended).
If you receive a call from an user (not from a gw or proxy) the only important
field is the From header (however P-Asserted-Identity could be useful when the
user desires anonimous call, so the From is "sip:anonymous@XXXX").
P-Asserted-Identity only makes sense when you receive a call from a trusted
node, this is, a node for which you don't ask authentication, this usually is
a PSTN gateway, other proxy...
So, if an user sends PAI remove it in the proxy. You can also add it with the
value YOU want (in the proxy).
If you deliver the call to an user, remove the PAI (and PPI) since this info
must not be displayed to an untrusted user.
Example A:
- User sip:alice@domain.org sends a call to PSTN number +12345678.
- The call arrives to the proxy which adds the user PSTN CLI:
P-Asserted-Identity: tel:+3494123434
- The proxy routes the INVITE to the PSTN gw.
- The gw makes use of PAI header (preference over From header) and uses it as
CLI in the PSTN side.
Example B:
- A PSTN gw sends to the proxy an INVITE with this data:
INVITE sip:+003494123434@proxy_ip SIP/2.0
To: <sip:+003494123434@proxy_ip>
From: <sip:anonymous@invalid>;tag=asdasdasd
P-Asserted-Identity: tel:+4400998877
Privacy: id
- The caller ask for privace (Privacy: id) so the proxy removes the PAI
header, locates the local user for that destination (alice) and sends the
INVITE:
INVITE sip:alice@IP SIP/2.0
To: <sip:+003494123434@proxy_ip>
From: <sip:anonymous@invalid>;tag=asdasdasd
- So Alice receives an anonymous call. Note that the CLI is just hidden to the
*last* destination. The CLI info is shared between telcos.
Example C:
- Alice wants to call to a PSTN number with hidden CLI, so she sends:
INVITE sip:+0066444333@proxy_ip SIP/2.0
To: <sip:+0066444333@proxy_ip>
From: <sip:anonymous@invalid>;tag=asdasdasd
P-Preferred-Identity: <sip:alice@domain.org>
Privacy: id
- The proxy must authenticate the user, but cannot do it based on From header
(anonymous) but based on the PPI header. So the proxy generates a 407 with
credentials for username=alice and realm=domain.org.
- After authentication, the proxy realizes that Alice is asking for privacy
(Privacy: id). It adds PAI with Alice's associated PSTN CLI, and sends this
INVITE to the gw:
INVITE sip:+0066444333@proxy_ip SIP/2.0
To: <sip:+0066444333@proxy_ip>
From: <sip:anonymous@invalid>;tag=asdasdasd
P-Asserted-Identity: tel:+3494123434
Privacy: id
- The gw uses the PAI value as CLI, but asks for privacy since "Privacy: id"
is present. It routes the call to the destination telco.
- The destination telco removes the PAI and sends the call to the final user
(hidden CLI).
Hope it helps, but please, read carefully the RFC 3325.
--
Iñaki Baz Castillo <ibc(a)aliax.net>
7 Jul
7 Jul
6:29 a.m.
Hello,
On 07/06/2009 09:25 PM, Uriel Rozenbaum wrote:
Hi Guys,
I was wondering how can I implement a proxy with Kamailio that can
manage privacy and normalization of the calling party.
In an INVITE message I can get the calling party name (or number) in
several places:
1. From Header
2. Remote-Party ID
3. P-Asserted-Identity
4. P-Preferred-Identity
How should I act in order to normalize or block the Calling Party to
be passed to subsequent hops?
AFAIK I can change the From Header as long as the tag isn't modified.
Is this really true?
according to dialog matching in RFC3261, this should be ok,
but
somewhere is a mention about backward compatibility with rfc2453, where
the from should not be changed.
However, if you have only rfc3261 endpoints, then you are safe to change
the From, if not, try uac module, as it does automatic replacement and
recovery.
Cheers,
Daniel
--
Daniel-Constantin Mierla
http://www.asipto.com/
5666
days inactive
5667
days old
2 comments
3 participants
participants (3)
-
Daniel-Constantin Mierla -
Iñaki Baz Castillo -
Uriel Rozenbaum