Difference between revisions of "P-Asserted-Identity"
(43 intermediate revisions by 6 users not shown) | |||
Line 1: | Line 1: | ||
<mkmeta>Explanation how P-Asserted-Identity header works in MOR Class 5 Softswitch</mkmeta> | |||
= Description = | = Description = | ||
Line 10: | Line 9: | ||
Source: http://www.z9hg4bk.org/sip/hf/p-asserted-identity.html | Source: http://www.z9hg4bk.org/sip/hf/p-asserted-identity.html | ||
<br><br> | |||
= How P-Asserted-Identity (PAI) is handled in MOR = | |||
<!---This functionality is available from MOR 11---> | |||
* If caller sends PAI, MOR reads it and resends to the calee automatically. | |||
* If caller sends PAI and CallerID Number is 'Anonymous', MOR changes CallerID Number to the value from the PAI. | |||
** NOTE: CallerID Name is not changed! Only CallerID Number. | |||
* If caller sends PAI and some Provider has '''P-Asserted-Identity usage''' enabled in it's Edit window, MOR ignores this setting, because it resends original PAI | |||
* If caller is NOT sending PAI and some Provider has '''P-Asserted-Identity usage''' enabled in it's Edit window, MOR constructs PAI from CallerID, Server IP (from [[mor.conf]] file) and SIP Port (from sip.conf file). | |||
** NOTE: Provider CallerID rules are applied to every PAI sent to that Provider | |||
In order to pass PAI from Caller to Callee automatically, set '''pass_pai''' = 1 [[mor.conf]] | |||
<br><br> | <br><br> | ||
[[File:mor_pai.png|1100px|alt="mor"]] | |||
<br><br> | |||
= Configuration for Provider to send PAI if it is not present from the Caller = | |||
<!---This functionality is available from MOR 9---> | |||
Enable it per Provider basis in its Settings: | |||
<br><br> | |||
[[Image:pai.png|alt="mor"|link=]] | |||
<br><br> | |||
* Make sure correct external IP address is set in [[mor.conf]] in variable '''server_ip'''. | |||
* SIP port will be taken from sip.conf, if not found, default one (5060) will be used. | |||
<br><br> | |||
= How P-Asserted-Identity (PAI) is handled in MOR X11 and later versions = | |||
MOR internal logic for PAI sending is controlled by three variables: | |||
* If Caller sends PAI or not. | |||
* '''pass_pai''' - pass_pai value in [[mor.conf]] configuration file. If pass_pai is not defined, default value is 0. | |||
* '''Pass PAI''' - Pass PAI check-box value in [[Providers|Provider Settings]] and [[Device settings]] page. This setting can overwrite global '''pass_pai''' variable for specific Provider/Device. Available options are ''''Global'''' (same as pass_pai value in mor.conf), ''''Yes'''' and ''''No''''. Please check table bellow to see how MOR checks if Pass PAI is active or not for specific Device/Provider combination. | |||
* '''P-Asserted-Identity usage''' - P-Asserted-Identity check-box value in [[Providers|Provider Settings]] page. | |||
Pass PAI is controlled by global pass_pai option in mor.conf which can be overwritten for specific provider/device. Please follow table bellow to determine if pass PAI will be active or not. | |||
<br><br> | |||
{| border="1" cellpadding="5" cellspacing="0" | |||
| '''pass_pai in mor.conf''' || '''Pass PAI in Device settings'''|| '''Pass PAI in Provider settings''' || '''pass PAI active?''' | |||
|- | |||
| 1 || Global || Global || Yes | |||
|- | |||
| 1 || Global || Yes || Yes | |||
|- | |||
| 1 || Global || No || No | |||
|- | |||
| 1 || Yes || Global || Yes | |||
|- | |||
| 1 || Yes || Yes || Yes | |||
|- | |||
| 1 || Yes || No || No | |||
|- | |||
| 1 || No || Global || No | |||
|- | |||
| 1 || No || Yes || No | |||
|- | |||
| 1 || No || No || No | |||
|- | |||
| 0 || Global || Global || No | |||
|- | |||
| 0 || Global || Yes || Yes | |||
|- | |||
| 0 || Global || No || No | |||
|- | |||
| 0 || Yes || Global || Yes | |||
|- | |||
| 0 || Yes || Yes || Yes | |||
|- | |||
| 0 || Yes || No || No | |||
|- | |||
| 0 || No || Global || No | |||
|- | |||
| 0 || No || Yes || No | |||
|- | |||
| 0 || No || No || No | |||
|- | |||
|} | |||
If callflow is DID provider -> End Device, then DID provider will act as Device and End Device as Provider in PAI active calculation table above. | |||
<br><br> | <br><br> | ||
PAI sending behaviour can be summarised by these rules: | |||
* If caller sends PAI, pass PAI is active, then '''P-Asserted-Identity usage''' setting does not matter, MOR resends received PAI to the callee automatically. | |||
* If caller does not send PAI (or caller sends PAI but pass PAI is '''not''' active) and '''P-Asserted-Identity usage''' is '''enabled''', MOR '''always constructs new PAI'''. New PAI is constructed from CallerID, Server IP (defined in server_ip variable from [[mor.conf]] file) and SIP Port (from /etc/asterisk/sip.conf file). | |||
* If caller does not send PAI (or caller sends PAI but pass PAI is '''not''' active) and '''P-Asserted-Identity usage''' is '''disabled''', PAI is not sent by MOR. | |||
All available options are described in table bellow. | |||
{| border="1" cellpadding="5" cellspacing="0" | |||
| '''Caller Sends PAI''' || '''pass PAI is active'''|| '''P-Asserted-Identity usage'''|| '''MOR Action?''' | |||
|- | |||
| Yes || Yes || Yes || Resends received PAI to the callee automatically | |||
|- | |||
| Yes || Yes || No || Resends received PAI to the callee automatically | |||
|- | |||
| Yes || No || Yes || Constructs new PAI | |||
|- | |||
| Yes || No || No || PAI is not sent | |||
|- | |||
| No || Yes || Yes || Constructs new PAI | |||
|- | |||
| No || No || Yes || Constructs new PAI | |||
|- | |||
| No || Yes || No || PAI is not sent | |||
|- | |||
| No || No || No || PAI is not sent | |||
|- | |||
|} | |||
<br><br> | |||
== P-Asserted-Identity and CallerID == | |||
P-Asserted-Identity header can overwrite CallerID headers, depending on options in [[Device settings]] and/or [[Providers |Provider Settings]] pages and settings in [[mor.conf|/etc/asterisk/mor.conf]] configuration file. | |||
* If '''Trustrpid''' is enabled in device settings (if call originates from device) or provider settings (if call originates from DID provider), Asterisk will replace CallerID headers with values from P-Asserted-Identity headers. | |||
* '''anonymous_callerid_by_rpidpai''' and '''use_callerid_from_pai''' variables defined in /etc/asterisk/mor.conf file can overwrite CallerID headers with P-Asserted-Identity headers. Their usage is described [[mor.conf|here]]. | |||
<br><br> | |||
= Provider see my Calls with CallerID and name details as Anonymous (anonymous@anonymous.invalid) = | |||
In such case, check these details: | |||
* If in Device of User which sends Calls '''Trustpid''' is enabled; | |||
* If in Provider settings, to which Calls are being sent with PAI re-send, '''PAI''' is disabled; | |||
* If '''pass_pai''' is enabled in [[mor.conf]]; | |||
* If Trustpid is enabled on Provider side; | |||
<br><br> | |||
== Asterisk CLI example == | |||
<br><br> | |||
[[Image:pai_cli_example.png|400px|alt="mor"]] | |||
<br><br> | |||
= Configuration Examples = | |||
== Sending anonymous call with original callerid in PAI header == | |||
The client wants to send calls anonymously by including the Privacy: id header. | |||
INVITE sip:37068311111@xx.xx.xx.xx;transport=UDP SIP/2.0 | |||
... | |||
To: <sip:37068311111@192.168.56.104;transport=UDP> | |||
From: <sip:123456789@192.168.56.104;transport=UDP>;tag=efa8f069 | |||
Privacy: id | |||
... | |||
Provider expects From header anonymous, but original callerid in PAI header. | |||
INVITE sip:37068311111@yy.yy.yy.yy:5060 SIP/2.0 | |||
... | |||
From: "anonymous" <sip:anonymous@anonymous.invalid>;tag=as00bf2b78 | |||
To: <sip:37068311111@yy.yy.yy.yy:5060> | |||
... | |||
P-Asserted-Identity: <sip:+123456789@xx.xx.xx.xx:5060> | |||
Privacy: id | |||
... | |||
Configuration In Provider Settings: | |||
* '''P-Asserted-Identity usage:''' set to yes | |||
* '''Privacy CallerID:''' set to 'anonymous' | |||
* ''' Privacy From Domain:''' set to 'anonymous.invalid' | |||
<br><br> | |||
[[Image:paI_anoymous_cli_settings.png]] | |||
<br><br> |
Latest revision as of 10:39, 26 April 2022
Description
The P-Asserted-Identity header field can be used to convey the proven identity of the originator of a request within a trusted network. Since the From header field is populated by the originating UA it may not necessarly contain the actual identity. It usually is established by means of authentication between the originating UA and its outgoing proxy. The outgoing proxy then adds a P-Asserted-Identity header field to assert the identity of the originator to other proxies.
This header field has only meaning within what is called a trusted network by mutual aggreement on the requirements for its use by the parties involved.
The P-Asserted-Identity header field is defined in RFC 3325.
Source: http://www.z9hg4bk.org/sip/hf/p-asserted-identity.html
How P-Asserted-Identity (PAI) is handled in MOR
- If caller sends PAI, MOR reads it and resends to the calee automatically.
- If caller sends PAI and CallerID Number is 'Anonymous', MOR changes CallerID Number to the value from the PAI.
- NOTE: CallerID Name is not changed! Only CallerID Number.
- If caller sends PAI and some Provider has P-Asserted-Identity usage enabled in it's Edit window, MOR ignores this setting, because it resends original PAI
- If caller is NOT sending PAI and some Provider has P-Asserted-Identity usage enabled in it's Edit window, MOR constructs PAI from CallerID, Server IP (from mor.conf file) and SIP Port (from sip.conf file).
- NOTE: Provider CallerID rules are applied to every PAI sent to that Provider
In order to pass PAI from Caller to Callee automatically, set pass_pai = 1 mor.conf
Configuration for Provider to send PAI if it is not present from the Caller
Enable it per Provider basis in its Settings:
- Make sure correct external IP address is set in mor.conf in variable server_ip.
- SIP port will be taken from sip.conf, if not found, default one (5060) will be used.
How P-Asserted-Identity (PAI) is handled in MOR X11 and later versions
MOR internal logic for PAI sending is controlled by three variables:
- If Caller sends PAI or not.
- pass_pai - pass_pai value in mor.conf configuration file. If pass_pai is not defined, default value is 0.
- Pass PAI - Pass PAI check-box value in Provider Settings and Device settings page. This setting can overwrite global pass_pai variable for specific Provider/Device. Available options are 'Global' (same as pass_pai value in mor.conf), 'Yes' and 'No'. Please check table bellow to see how MOR checks if Pass PAI is active or not for specific Device/Provider combination.
- P-Asserted-Identity usage - P-Asserted-Identity check-box value in Provider Settings page.
Pass PAI is controlled by global pass_pai option in mor.conf which can be overwritten for specific provider/device. Please follow table bellow to determine if pass PAI will be active or not.
pass_pai in mor.conf | Pass PAI in Device settings | Pass PAI in Provider settings | pass PAI active? |
1 | Global | Global | Yes |
1 | Global | Yes | Yes |
1 | Global | No | No |
1 | Yes | Global | Yes |
1 | Yes | Yes | Yes |
1 | Yes | No | No |
1 | No | Global | No |
1 | No | Yes | No |
1 | No | No | No |
0 | Global | Global | No |
0 | Global | Yes | Yes |
0 | Global | No | No |
0 | Yes | Global | Yes |
0 | Yes | Yes | Yes |
0 | Yes | No | No |
0 | No | Global | No |
0 | No | Yes | No |
0 | No | No | No |
If callflow is DID provider -> End Device, then DID provider will act as Device and End Device as Provider in PAI active calculation table above.
PAI sending behaviour can be summarised by these rules:
- If caller sends PAI, pass PAI is active, then P-Asserted-Identity usage setting does not matter, MOR resends received PAI to the callee automatically.
- If caller does not send PAI (or caller sends PAI but pass PAI is not active) and P-Asserted-Identity usage is enabled, MOR always constructs new PAI. New PAI is constructed from CallerID, Server IP (defined in server_ip variable from mor.conf file) and SIP Port (from /etc/asterisk/sip.conf file).
- If caller does not send PAI (or caller sends PAI but pass PAI is not active) and P-Asserted-Identity usage is disabled, PAI is not sent by MOR.
All available options are described in table bellow.
Caller Sends PAI | pass PAI is active | P-Asserted-Identity usage | MOR Action? |
Yes | Yes | Yes | Resends received PAI to the callee automatically |
Yes | Yes | No | Resends received PAI to the callee automatically |
Yes | No | Yes | Constructs new PAI |
Yes | No | No | PAI is not sent |
No | Yes | Yes | Constructs new PAI |
No | No | Yes | Constructs new PAI |
No | Yes | No | PAI is not sent |
No | No | No | PAI is not sent |
P-Asserted-Identity and CallerID
P-Asserted-Identity header can overwrite CallerID headers, depending on options in Device settings and/or Provider Settings pages and settings in /etc/asterisk/mor.conf configuration file.
- If Trustrpid is enabled in device settings (if call originates from device) or provider settings (if call originates from DID provider), Asterisk will replace CallerID headers with values from P-Asserted-Identity headers.
- anonymous_callerid_by_rpidpai and use_callerid_from_pai variables defined in /etc/asterisk/mor.conf file can overwrite CallerID headers with P-Asserted-Identity headers. Their usage is described here.
Provider see my Calls with CallerID and name details as Anonymous (anonymous@anonymous.invalid)
In such case, check these details:
- If in Device of User which sends Calls Trustpid is enabled;
- If in Provider settings, to which Calls are being sent with PAI re-send, PAI is disabled;
- If pass_pai is enabled in mor.conf;
- If Trustpid is enabled on Provider side;
Asterisk CLI example
Configuration Examples
Sending anonymous call with original callerid in PAI header
The client wants to send calls anonymously by including the Privacy: id header.
INVITE sip:37068311111@xx.xx.xx.xx;transport=UDP SIP/2.0 ... To: <sip:37068311111@192.168.56.104;transport=UDP> From: <sip:123456789@192.168.56.104;transport=UDP>;tag=efa8f069 Privacy: id ...
Provider expects From header anonymous, but original callerid in PAI header.
INVITE sip:37068311111@yy.yy.yy.yy:5060 SIP/2.0 ... From: "anonymous" <sip:anonymous@anonymous.invalid>;tag=as00bf2b78 To: <sip:37068311111@yy.yy.yy.yy:5060> ... P-Asserted-Identity: <sip:+123456789@xx.xx.xx.xx:5060> Privacy: id ...
Configuration In Provider Settings:
- P-Asserted-Identity usage: set to yes
- Privacy CallerID: set to 'anonymous'
- Privacy From Domain: set to 'anonymous.invalid'