Hi Dan,
To test the functionality of SIP-AVP, I am trying to get theses avp's in
the registration block, shown below. Basically on sucessful registration
the radius server returns the following attributes in acces-accpet
Attributes:
SIP-AVP = "return-code=0"
cisco-h323-credit-amount = "h323-credit-amount=4206"
so after registration I am trying to get the return code value. The
registration block is shown below
route[2] {
# -----------------------------------------------------------------
# REGISTER Message Handler
# ----------------------------------------------------------------
xlog("L_NOTICE","Danish: Entering route[2]\n");
xlog("L_NOTICE","Danish: Register message IPsrcaddr [$si],
RecvdIPaddr[$Ri]\n");
if (!search("^Contact:[ ]*\*") && nat_uac_test("2")) {
xlog("L_NOTICE","Danish: In route[2] Found Nated contact\n");
setflag(6);
setbflag(6);
# if you want OPTIONS natpings uncomment next
setbflag(7);
fix_nated_register();
force_rport();
};
sl_send_reply("100", "Trying");
if (!radius_www_authorize("192.168.0.99")) {
www_challenge("192.168.0.99", "1");
};
consume_credentials();
#avp_print();
xlog("L_NOTICE","Danish: Before is set check\n");
if(is_avp_set("$avp(s:return-code)")){
xlog("L_NOTICE","Danish: return code is set \n");
};
xlog("L_NOTICE","Danish: After is set check\n");
if(avp_check("$avp(s:return-code)", "eq/i:0/g"))
{
xlog("L_NOTICE","Danish: return code 0 received \n");
};
if (!save("location")) {
sl_reply_error();
};
}
In my logs I see
058) DEBUG:auth_radius:generate_avps: getting SIP AVPs from avpair 225
4(11058) Danish: Before is set check
4(11058) Danish: After is set check
4(11058) DEBUG:avpops:ops_check_avp: no src avp found
so both conditional avp checks fail and the last debug line is a bit worrying
I traced the first debug line above to sterman.c->generate_avps()
so just under this debug line I added this piece of code
vp=rc_avpair_get(vp,attrs[A_SIP_AVP].v,0);
if (vp != NULL)
{
DBG("DEBUG:auth_radius:generate_avps: strvalue %s\n",
vp->strvalue);
}
else
DBG("DEBUG:auth_radius:generate_avps: vp is null\n");
and this is what I got
4(11058) DEBUG:auth_radius:generate_avps: getting SIP AVPs from avpair 225
4(11058) DEBUG:auth_radius:generate_avps: vp is null
hence openser is not loading the SIP-avp in $avp(s:return-code). I think
either I am missing something in the openser script or the way I am
returning the attribute.
all relevant definitions in the cfg are given below:
loadmodule "/usr/local/lib/openser/modules/auth_radius.so"
loadmodule "/usr/local/lib/openser/modules/uri_radius.so"
loadmodule "/usr/local/lib/openser/modules/avp_radius.so"
loadmodule "/usr/local/lib/openser/modules/avpops.so"
modparam("auth_radius|uri_radius|avp_radius", "radius_config",
"/usr/local/etc/radiusclient-ng/radiusclient.conf")
modparam("mi_fifo", "fifo_name", "/tmp/openser_fifo")
modparam("uri_db|usrloc", "db_url",
"mysql://openser:[EMAIL PROTECTED]/openser")
modparam("nathelper", "natping_interval", 20)
modparam("nathelper", "ping_nated_only", 1)
modparam("nathelper", "rtpproxy_sock", "unix:/var/run/rtpproxy.sock")
modparam("nathelper", "received_avp", "$avp(i:42)")
modparam("nathelper", "sipping_bflag", 7)
modparam("nathelper", "sipping_from", "sip:[EMAIL PROTECTED]")
modparam("registrar", "received_avp", "$avp(i:42)")
modparam("usrloc", "db_mode", 2)
modparam("usrloc", "nat_bflag", 6)
Hope this explains everything and you would be in a better position to help.
Regards,
Danish
ps: isnt there any sample script I can refer to for sip-avp radius
configurations.
> Hi Danish,
>
> can u post the full block where you are doing these checks?
>
> DanB
>
> On 8/29/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> wrote:
>> Hi Dan,
>> Thanks for the explanation, things are more clear now. Now I am
>> returning
>> a SIP-AVP from radius (for authentication), this is what I see in the
>> logs
>>
>> Attributes:
>> SIP-AVP = "return-code=0"
>> .......
>>
>> In my script I do
>> avp_print();
>> if(is_avp_set("$avp(s:return-code)")){
>> xlog("L_NOTICE","return code is set \n");
>> };
>> if(avp_check("$avp(s:return-code)", "eq/0/g"))
>> {
>> xlog("L_NOTICE","return code 0 received \n");
>> };
>>
>> none of the checks pass and nothing is printed from avp_print. In
>> openser
>> logs I see this line
>>
>> 1(32550) DEBUG:auth_radius:generate_avps: getting SIP AVPs from avpair
>> 225
>>
>> am I missing some pre-requisites or what am I doing wrong.
>>
>> Regards,
>> Danish
>>
>>
>> > Hi Danish,
>> >
>> > for the moment you cannot process attributes other than SIP-AVP inside
>> > openser script. This one is automatically converted into avp.
>> > EG. A SIP-AVP attribute in the form of: "reason='No Credit'" should
>> > automatically create an AVP named reason with value "No Credit".
>> >
>> > Hope that helps,
>> > DanB
>> >
>> >
>> > On 8/29/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]>
>> > wrote:
>> >> Hi Dan,
>> >>
>> >> Thanks for your reply.
>> >>
>> >> Actually I am currently returning an integer status value in
>> >> cisco-h323-return-code (a vendor specific attribute). So basically
>> how
>> >> can
>> >> I extract the value returned in this attribute, compare it and then
>> send
>> >> and sl reply.
>> >>
>> >> Probably there is a way of loading this attr value in an avp and
>> >> comparing
>> >> it?
>> >>
>> >> Regards,
>> >> Danish
>> >>
>> >> > Hello Danish,
>> >> >
>> >> > a solution would be returning a SIP-AVP, containing the reason for
>> >> > failure, and then forward this to the client using sl.
>> >> > Another one would be completely rewriting R-URI again from your
>> >> > SIP-AVP and then send the request to an announcement server (eg:
>> >> > ann:[EMAIL PROTECTED] - which should play Payment
>> Required
>> >> > annoucement).
>> >> >
>> >> > Cheers,
>> >> > DanB
>> >> >
>> >> > On 8/29/07, [EMAIL PROTECTED]
>> <[EMAIL PROTECTED]>
>> >> > wrote:
>> >> >> Hi,
>> >> >>
>> >> >> I have configured openser-1.2 with a (commercial) third party
>> radius
>> >> >> server and it is working great. Now I have a requirement where I
>> need
>> >> to
>> >> >> check a radius return attribute in case an access reject is
>> received
>> >> in
>> >> >> response to an authorization request. Is there some way I can do
>> >> this
>> >> >> in
>> >> >> the openser script.
>> >> >>
>> >> >> Basically I want to send a 402 payment required message to a sip
>> >> client
>> >> >> in
>> >> >> case the call is rejected due low balance. In such cases radius
>> >> returns
>> >> >> a
>> >> >> status response code with access reject.
>> >> >>
>> >> >>
>> >> >> Thanks,
>> >> >> Danish
>> >> >>
>> >> >> _______________________________________________
>> >> >> Users mailing list
>> >> >> Users@openser.org
>> >> >> http://openser.org/cgi-bin/mailman/listinfo/users
>> >> >>
>> >> >
>> >>
>> >>
>> >
>>
>>
>
_______________________________________________
Users mailing list
Users@openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
