File: peering_admin.xml

package info (click to toggle)
kamailio 4.2.0-2
  • links: PTS, VCS
  • area: main
  • in suites: jessie-kfreebsd
  • size: 56,100 kB
  • sloc: ansic: 552,832; xml: 166,484; sh: 8,659; makefile: 7,676; sql: 6,235; perl: 3,487; yacc: 3,428; python: 1,457; cpp: 1,219; php: 1,047; java: 449; pascal: 194; cs: 40; awk: 27
file content (277 lines) | stat: -rw-r--r-- 8,324 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
 
<?xml version="1.0" encoding='ISO-8859-1'?>
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [

<!-- Include general documentation entities -->
<!ENTITY % docentities SYSTEM "../../../docbook/entities.xml">
%docentities;

]>

<!-- Peering Module User's Guide -->

<chapter>
	
	<title>&adminguide;</title>

	<section>
	<title>Overview</title>
	<para>The peering module allows SIP providers (operators or organizations) 
	to verify from a broker if source or destination of a SIP request is a trusted peer.
        </para>
        <para>
	In order to participate in the trust community provided by a
	broker, each SIP provider registers the domains (host parts of SIP URIs) 
	that they serve with the broker.  When a SIP proxy of a
	provider needs to send a SIP request to a non-local domain, it
	can find out from the broker using verify_destination() function
	if the non-local domain is served by a trusted peer.  If so, the
	provider receives from the broker a hash of the SIP request and
	a timestamp that it includes in the request to the non-local
	domain.  When a SIP proxy of the non-local domain receives the SIP request, it, in
	turn, can verify from the broker using verify_source() function
	if the request came from a trusted peer.
        </para>
        <para>
        Verification functions communicate with the broker using Radius
        protocol.  Sample FreeRADIUS configuration files for broker's
	Radius server are available from http://www.wirlab.net/tsi/.
        </para>

        <para>
        Comments and suggestions for improvements are welcome.
        </para>

	</section>

	<section>
	<title>Dependencies</title>
		<section>
		<title>&kamailio; Modules</title>
			<para>
			The module depends on the following modules
			(in the other words 
			the listed modules must be loaded before this module):
			<itemizedlist>
				<listitem>
				<para><emphasis>none</emphasis></para>
				</listitem>
			</itemizedlist>
			</para>
		</section>
		<section>
			<title>External Libraries or Applications</title>
			<para>
			The following libraries or applications must be installed 
			before compilling &kamailio; with this module
				loaded:
			</para>
			<itemizedlist>
				<listitem>
				<para><emphasis>radiusclient-ng</emphasis>
				0.5.0 or higher -- 
				library and development files. See <ulink 
				url='http://developer.berlios.de/projects/radiusclient-ng/'>
				http://developer.berlios.de/projects/radiusclient-ng/</ulink>.
				</para>
				</listitem>
			</itemizedlist>
		</section>
	</section>

	<section>
	<title>Parameters</title>
	<section>
		<title><varname>radius_config</varname> (string)</title>
		<para>
		This is the location of the configuration file of Radius client 
		libraries.
		</para>
		<para>
		Default value is 
			<quote>/usr/local/etc/radiusclient-ng/radiusclient.conf</quote>.
		</para>
		<example>
		<title><varname>radius_config</varname> parameter usage</title>
		<programlisting format="linespecific">
modparam("peering", "radius_config", "/etc/broker/radiusclient.conf")
</programlisting>
		</example>
	</section>
	<section>
		<title><varname>verify_destination_service_type</varname> (integer)</title>
		<para>
		This is the value of the Service-Type Radius attribute to be
		used, when sender of SIP Request verifies the request's
		destination using verify_destination() function.
		</para>
		<para>
		Default value is the dictionary value of <quote>Sip-Verify-Destination</quote>
		Service-Type.
		</para>
		<example>
		<title><varname>verify_destination_service_type</varname> parameter usage</title>
		<programlisting format="linespecific">
modparam("peering", "verify_destination_service_type", 21)
</programlisting>
		</example>
	</section>
	<section>
		<title><varname>verify_source_service_type</varname> (integer)</title>
		<para>
		This is the value of the Service-Type Radius attribute to be
		used, when receiver of SIP Request verifies the request's
		source using verify_source() function.
		</para>
		<para>
		Default value is the dictionary value of <quote>Sip-Verify-Source</quote>
		Service-Type.
		</para>
		<example>
		<title><varname>verify_source_service_type</varname> parameter usage</title>
		<programlisting format="linespecific">
modparam("peering", "verify_source_service_type", 22)
</programlisting>
		</example>
	</section>
	</section>

	<section>
	<title>Functions</title>
	<section>
		<title><function moreinfo="none">verify_destination()</function></title>
		<para>
		Function verify_destination() queries from
		broker's Radius server if domain (host part) of Request
		URI is served by a trusted peer.  Radius request contains the
		following attributes/values:
		</para>
		<itemizedlist>
		<listitem>
			<para>User-Name - Request-URI host</para>
		</listitem>
		<listitem>
			<para>SIP-URI-User - Request-URI user</para>
		</listitem>
		<listitem>
			<para>SIP-From-Tag - From tag</para>
		</listitem>
		<listitem>
			<para>SIP-Call-Id - Call id</para>
		</listitem>
		<listitem>
			<para>Service-Type - verify_destination_service_type</para>
		</listitem>
		</itemizedlist>
		<para>
		Function returns value 1 if domain of Request URI is
		served by a trusted peer and -1 otherwise.  In case of positive
		result, the Radius server returns a set of SIP-AVP reply attributes.
		The value of each SIP-AVP is of form:
		 </para>
		 <para>
		 [#]name(:|#)value
		 </para>
		 <para>
		 Value of each SIP-AVP reply attribute is mapped to an
		 &kamailio; AVP.  Prefix # in front of name or value indicates a
		 string name or string value, respectively.
		 </para>
		 <para>
		 One of the SIP-AVP reply attributes contains a string
		 that the source peer must include "as is" in a 
		 <emphasis>P-Request-Hash:</emphasis> header when it sends the SIP request to
		 the destination peer.  The string value may, for
		 example, be of form hash@timestamp, where hash contains
		 a hash calculated by the broker based on the attributes
		 of the query and some local information and timestamp
		 is the time when the calculation was done.
		 </para>
		 <para>
		 AVP names used in reply attributes are assigned by the
		 broker.
		 </para>
		<para>
		This function can be used from REQUEST_ROUTE and
		FAILURE_ROUTE.
		</para>
		<example>
		<title><function
	moreinfo="none">verify_destination()</function> usage</title> 
		<programlisting format="linespecific">
...
if (verify_destination()) {
   append_hf("P-Request-Hash: $avp(i:200)\r\n");
}
...
</programlisting>
		</example>
	</section>
	<section>
		<title><function moreinfo="none">verify_source()</function></title>
		<para>
		Function verify_source() queries the
		broker's Radius server whether the SIP request was received from
		a trusted peer.  The Radius request contains the
		following attributes/values:
		</para>
		<itemizedlist>
		<listitem>
			<para>User-Name - Request-URI host</para>
		</listitem>
		<listitem>
			<para>SIP-URI-User - Request-URI user</para>
		</listitem>
		<listitem>
			<para>SIP-From-Tag - From tag</para>
		</listitem>
		<listitem>
			<para>SIP-Call-Id - Call id</para>
		</listitem>
		<listitem>
			<para>SIP-Request-Hash - body of P-Request-Hash header</para>
		</listitem>
		<listitem>
			<para>Service-Type - verify_source_service_type</para>
		</listitem>
		</itemizedlist>
		<para>
		Function returns value 1 if SIP request was received
		from a trusted peer and -1 otherwise.  In case of positive
		result, Radius server may return a set of SIP-AVP reply
		attributes.  Value of each SIP-AVP is of form:
		 </para>
		 <para>
		 [#]name(:|#)value
		 </para>
		 <para>
		 Value of each SIP-AVP reply attribute is mapped to an
		 &kamailio; 
		 AVP.  Prefix # in front of name or value indicates a
		string name or string value, respectively.
		 </para>
		 <para>
		 AVP names used in reply attributes are
		 assigned by the broker.
		 </para>
		<para>
		This function can be used from REQUEST_ROUTE and
		FAILURE_ROUTE.
		</para>
		<example>
		<title><function
	moreinfo="none">verify_source()</function> usage</title>  
		<programlisting format="linespecific">
...
if (is_present_hf("P-Request-Hash")) {
   if (verify_source()) {
      xlog("L_INFO", "Request came from trusted peer\n")
   }
}
...
</programlisting>
		</example>
	</section>

	</section>
</chapter>