topology_hiding Module

Vlad Paiu

   <vladpaiu@opensips.org>

Edited by

Vlad Paiu

   <vladpaiu@opensips.org>

   Copyright © 2015 OpenSIPs Foundation
   Revision History
   Revision $Revision: 1 $ $Date$
     __________________________________________________________

   Table of Contents

   1. Admin Guide

        1.1. Overview
        1.2. Dependencies

              1.2.1. OpenSIPS Modules
              1.2.2. External Libraries or Applications

        1.3. Exported Parameters

              1.3.1. th_callid_passwd (string)
              1.3.2. th_callid_prefix (string)
              1.3.3. th_passed_contact_uri_params (string)
              1.3.4. th_passed_contact_params (string)
              1.3.5. force_dialog (int)
              1.3.6. th_contact_encode_passwd (string)
              1.3.7. th_contact_encode_param (string)

        1.4. Exported Functions

              1.4.1. topology_hiding()
              1.4.2. topology_hiding_match()

        1.5. Exported pseudo-variables

              1.5.1. $TH_callee_callid

   List of Examples

   1.1. Set th_callid_passwd parameter
   1.2. Set th_callid_prefix parameter
   1.3. Set th_passed_contact_uri_params parameter
   1.4. Set th_passed_contact_params parameter
   1.5. Set force_dialog parameter
   1.6. Set th_callid_passwd parameter
   1.7. Set th_callid_passwd parameter
   1.8. topology_hiding usage
   1.9. Calling topology_hiding_match() function for topology
          hiding sequential requests

   1.10. topology_hiding_match_dialog() usage

Chapter 1. Admin Guide

1.1. Overview

   This is a module which provides topology hiding capabilities.
   The module can work on top of the dialog module, or as a
   standalone module ( thus alowing topology hiding for all types
   of requests )

1.2. Dependencies

1.2.1. OpenSIPS Modules

   The following modules must be loaded before this module:
     * TM - Transaction Module.
     * Dialog Module, if “force_dialog” module parameter is
       enabled, or a dialog is created from the configuration
       script.

1.2.2. External Libraries or Applications

   The following libraries or applications must be installed
   before running OpenSIPS with this module loaded:
     * None

1.3. Exported Parameters

1.3.1. th_callid_passwd (string)

   The string password that will be used for encoding/decoding the
   callid in case of topology_hiding with callid mangling.

   Default value is “"OpenSIPS"”

   Example 1.1. Set th_callid_passwd parameter
...
modparam("topology_hiding", "th_callid_passwd", "my_topo_hiding_secret")
...

1.3.2. th_callid_prefix (string)

   The prefix that will be used for detecting callids which have
   been encoded by the dialog topology hiding. Make sure to change
   this value in case your SIP path contains multiple OpenSIPS
   boxes with topology hiding.

   Default value is “"DLGCH_"”

   Example 1.2. Set th_callid_prefix parameter
...
modparam("topology_hiding", "th_callid_prefix", "MYCALLIDPREFIX_")
...

1.3.3. th_passed_contact_uri_params (string)

   List of semicolon-separated Contact URI parameters that will be
   passed from one side to the other for topology hiding calls. To
   be used when end-to-end functionality uses such Contact URI
   parameters.

   Default value is “empty” - do not pass any parameters

   Example 1.3. Set th_passed_contact_uri_params parameter
...
modparam("topology_hiding", "th_passed_contact_uri_params", "paramname1;
myparam;custom_param")
...

1.3.4. th_passed_contact_params (string)

   List of semicolon-separated Contact header parameters that will
   be passed from one side to the other for topology hiding calls.
   To be used when end-to-end functionality uses such Contact
   header parameters.

   Default value is “empty” - do not pass any parameters

   Example 1.4. Set th_passed_contact_params parameter
...
modparam("topology_hiding", "th_passed_contact_params", "paramname1;mypa
ram;custom_param")
...

1.3.5. force_dialog (int)

   If set to 1, the module will internally create the dialog ( if
   not already created ). This will only work for INVITE based
   dialogs, and the dialog module must be loaded.

   Default value is “0”

   Example 1.5. Set force_dialog parameter
...
modparam("topology_hiding", "force_dialog", 1)
...

1.3.6. th_contact_encode_passwd (string)

   When not relying on the dialog module ( due to script writer
   preference or simply when doing topo hiding for non INVITE
   dialogs ), the module will store the needed information in a
   Contact URI param. The parameter configures the string password
   that will be used for encoding/decoding that specific param .

   Default value is “"ToPoCtPaSS"”

   Example 1.6. Set th_callid_passwd parameter
...
modparam("topology_hiding", "th_contact_encode_passwd", "my_topoh_passwd
")
...

1.3.7. th_contact_encode_param (string)

   When not relying on the dialog module ( due to script writer
   preference or simply when doing topo hiding for non INVITE
   dialogs ), the module will store the needed information in a
   Contact URI param. The parameter configures the respective
   parameter name.

   Default value is “"thinfo"”

   Example 1.7. Set th_callid_passwd parameter
...
modparam("topology_hiding", "th_contact_encode_param", "customparam")
...

1.4. Exported Functions

1.4.1.  topology_hiding()

   By calling this function on an initial request, the modules
   will hide the topology, meaning that it will strip and restore
   all the Via, Record-Route and Route headers and it will replace
   the contact with the IP address of the interface where the
   request was received.

   You must note however, that the detection of the future
   in-dialog requests(BYE, reInvite, etc.) for these dialogs on
   which topology hiding is applied, is not done automatically.
   Without topology hiding and only normal dialog, the detection
   was done when loose_route was called. But now, for this dialogs
   where topology hiding is applied, the in dialog requests
   reaching OpenSIPS won't have any Route headers and the RURI
   will point to OpenSIPS machine. So, to be able to match the
   in-dialog requests to the corresponding dialog, a script
   function must be called. It's name is topology_hiding_match and
   you can read it's description above. The in-dialog topology
   requests are requests with a to tag, RURI pointing to opensips
   and with a method specific to a Invite dialog. For this kind of
   requests you should call topology_hiding_match() function. If
   the request is successfully matched and fixed as according to
   the topology hiding logic,the function returns success.

   Optionally,the function also receives a string parameter, which
   holds string flags. Current options for the string flags are :
     * U - Propagate the Username in the Contact header URI
     * C - Encode the callid header
       There are many cases where propagating the callid towards
       the callee side is not a good idea, since sometimes the
       callid contains the IP of the actual caller side, thus
       revealing part of the network topology.
       When using the "C" flag, the callid will be automatically
       encoded / decoded, transparent for the script writer -
       inside OpenSIPS (script,MI functions, etc ) all the
       variables related to the callid will represent the callid
       value for the caller side. If the callid for the callee
       side is needed, refer to the $TH_callee_callid pvar.

   Example 1.8. topology_hiding usage
...
if(!has_totag() && is_method("INVITE")) {
        topology_hiding();
}
...
...
if(!has_totag() && is_method("INVITE")) {
        topology_hiding("U");
}
...

   Example 1.9. Calling topology_hiding_match() function for
   topology hiding sequential requests
...
if (has_totag())
        if(topology_hiding_match())
        {
                xlog("Found a request $rm belonging to an existing topol
ogy hiding dialog\n");
                route(relay);
                exit;
        }
}
...

1.4.2.  topology_hiding_match()

   This function is to be used to match and fix a sequential
   request belong to an existing topology hiding dialog.

   The function returns true if a topology hiding dialog exists
   for the request and the request has been successfully fixed.

   This function can be used from REQUEST_ROUTE.

   Example 1.10. topology_hiding_match_dialog() usage
...
    if (has_totag()) {
        if (!topology_hiding_match() ) {
            xlog(" cannot match request to a dialog \n");
            send_reply("404","Not found");
        } else
                route(RELAY);
    }
...

1.5. Exported pseudo-variables

1.5.1. $TH_callee_callid

   Read only variable that will contain the callid as it is
   propagated towards the callee side, in case
   topology_hiding("C") is called.

   NULL will be returned if there is no topology hiding dialog for
   the request or if topology_hiding with callid encoding was not
   used for the current dialog.
