一、第三方呼叫控制及会话传递
1、第三方呼叫控制
有时,某个用户想在另外两个用户之间建立一个会话,而自己不参与进去,这就需要第 三方呼叫控制扩展来完成。
如图3-5所示,控制器发送一个无任何会话描述符的INVITE, A按照通常的SIP处理过 程向控制器含会话描述符的200 0K做出应答。控制器接着使用此会话描述符来邀请B, B将 向A发送音频流。
二、会话传递
在第三方控制信令中,媒体在其他实体之间进行交换。如果第三方自己不想再控制信令, 而想借助其他实体进行控制,就需要使用SIP会话传递技术。
如图3-6所示,A本来和B在通信,如果A此时有事情外出,而让其他人(如C)和B 通信,就向B发送REFER原语,REFER Refer-To标题头中含有C的URL, Referred-By标题 头包含B的URL- B收到后,将Referred-By标题头复制到新的INVITE中,向Refer-To标题 中包含的SIP URL发送。当C收到INVITE后,知道是A转接的结果,因为Referred-By标题 中含有A的SIP URL。当INVITE完成后,B发送一个NOTIFY指明转接的结果。
二、 SIP 计费
SIP-AAA接口应支持发现功能、SIP服务器更新、用户信息更新、认证、可靠性、安全等 功能。一个典型的SIP AAA流程如图3-7所示。
1. Device-Reboot-Indication AVP 扩展
DIAMETER SIP 使用 Extension Id 6。
2. DIAMETER-Command AVP 扩展
DIAMETER命令AVP扩展如表3-4所示。
其中:
<Admission Control Request> ::= <DIAMETER HeaderxCommand AVP><Host-IP-Address> <SIP-SequencexSIP-CaU-n)xSIP-ToxSIP-From> [<SIP-Entire-Msg>]<[nnestan4)AVP> <Initialization-Vector AVP> {<Integrity-Check-Vector AVP> ll<Digital-Signature AVP> }
<Admission Control Response> ::= <DIAMETER HeaderxCommand AVP><Host-IP-Address> <Result-Code> [<Eiror-Code>]<SIP-SequencexSIP-Call-ID> [<SIP-To>] [<SIP-From>]<Timestamp AVPxInitialization-Vector AVP>{<Integrity-Check-Vector AVP> II <Digital-Signature AVP> }
<Accounting Request> <DIAMETER Header> <Command AVPxHost-IP-Address> <TimestampxSIP-Sequence> <SIP-Call-IDxSIP-To> <SIP-Froin> [<SIP-Entire-Msg>] <Timestamp AVPxInitialization-Vector AVP> {<Integrity-Check-Vector AVP> IkDigital-Signature AVP> }
<Accounting Response> ::= <DIAMETER Header> <Command AVP> <Host-IP-Address> <SIP-Sequence> <Result-Code> [<dEnor<k)de>]<SIP-Call-ID> [<SIP-Tb>] [<SIP-From>]<niinestanp AVP>dnitialization-Vector AVP> {<Integrity-Check-Vector AVR> ll<Digital-Signature AVR> }
<Termination Request> ::= <DIAMETER Header> <Command AVP><Host-IP-Address> <SIP-Sequence><SIP-Call-ID><SIP-To><SIP-From> <Timestamp AVPxInitialization-Vector AVP> {<Integrity-Check-Vector AVP> ll<Digital-S电nature AVP> }
<Termination Response> ::= <DIAMETER Header> <Command AVP><Host-IP-Address> <Result-Code> [<Error-Code>]<SIP-SequencexSIP-Cali-n)> [<SIP-To>] [<SIP-From>]<Timestamp AVPxInitialization-Vector AVP>{<Integrity-Check-Vector AVP> IkDigital-Signature AVP> }
命令名 命令代码
SIP-Admission-Request 600
SIP-Admission-Response 601
SIP-Accounting-Request 602
SIP-Accounting-Response 603
SIP-Tbrmination-Request 604
SIP-Tennination-Response 605
3. DIAMETER错误代码AVP扩展
DIAMETER错误代码含义如表3-5所示。
4. SIP特定的AVP
SIP特定的AVP属性名及其代码对应关系如表3-6所示。
3 12 SIP安全
SIP 雯全有很多措施,如 SIP Digest Authentication, S/MIME, SDP & RTP security (增加 了 —个属性 k=encryption key)等。
3.12.1 AKA 机制
AKA (Authentication and Key Agreement)机制,其流程图见图 3-8所示。
1. Initial request
消息如下:
REGISTER siprhome.mobile.biz SIP/2.0
2. Response containing a challenge 消息如下:
SIP/2.0 401 Unauthorized
WWW -Authenticate: Digest realm=HRoamingUsers@mobile.bizn, nonce="CjPk9niRqNuT25eRkajM09uT19nM09uT19nMz5OX25PZz==,f, qop=n auth,auth-int", opaque="5ccc069c403ebaf9f0171e9517f40e41n, algorithm=AKAv 1-MD5
3. Request containing credentials
消息如下:
REGISTER sip:home.mobile.biz SIP/2.0
Authorization: Digest
usemame="jon.dough@mobile.biz", realm=nRoamingUsers@mobile.biz", noiice=“CjPk9mRqNuT25eRk哥 M09uT19nM09uT19nMz5OX25PZz=』,
uri=,'sip:home.mobile.biz",
qop=auth-int,
nc=00000001,
cnonce="0a4fll3b", response=,'6629fae49393a05397450978507c4eflH, Opaque=n5ccc069c403ebaf9f0171e9517f40e4r,
4. Successful response 消息如下:
SIP/2.0 200 OK
Authentication-Info:
qop=auth-int, rspauth=n6629fae49393a05397450978507c4efr', cnonce="0a4fl 13b",
nc=00000001
3.12.2 SIP私密性
1. 扩展头及使用范围
扩展头及其使用范围见表3-7、表3-8和表3-9所示。
2. 实例
本例中,proxy.company.com利用从SIP摘要认证消息中发现的身份创建P-Asserted-Identity 头,然后转发给可信代理,再转发给可信的网关。
1) useragentcompany.com -> proxy.company.com
消息如下:
INVITE sip:+14085551212@comppy.com5IP/2.0;发起请求
Via: SIP/2.0/TCP useragent.company.com;branch=z9hG4bK-123
To: <sip:+14085551212@company.com>;收端
From: **Anonymous" <sip:anonymous@anonymous.invalid>;tag=980274& 发端
Call-ID: 245780247857024504;呼叫 ID
CSeq: 1 INVITE
Max-Forwards: 70
Privacy: id
2) proxy.company.com -> useragent.company.com
消息如下:
SIP/2.0 407 Proxy Authorization
Via: SIP/2.0/TCP useragent.company.com;branch=z9hG4bK-123
To: <sip:+14085551212@company.com>;tag=123456;收端
From: "Anonymous" <sip:anonymous@anonymous.invalid>;tag=980274& 发端
Call-ID: 245780247857024504;呼叫 ID
CSeq: 1 INVITE
Proxy-Authenticate:.... realm="sip.company.com,'
3) useragentxompany.com -> proxy.company.com
消息如下: .
INVITE sip:+14085551212@company.con)SIP/2.0
Via: SIP/2.0/TCP useragent.company.com;branch=z9hG4bK-124
To: <sip:+14085551212@company.com>;收端
From: "Anonymous" <sip:anonymous @ anonymous.invalid>;tag=9802748 ; 发端
Call-ID: 245780247857024504;呼叫 ID
CSeq: 2 INVITE
Max-Forwards: 70;最大转发次数
Privacy: id
Proxy-Authorization: .... realm="sip.company.com" user="fluffy"
4) proxy.company.com -> proxy.pstn.net (trusted)
消息如下:
INVITE sip:+14085551212@proxy.pstn.net SIP/2.0
Via: SIP/2.0/TCP useragent.company.com;branch=z9hG4bK-124
Via: SIP/2.0/TCP proxy.company.com;branch=z9hG4bK-abc
To: <sip:+14085551212@company.com>;收端
From: "Anonymous" <sip:anonymous@anonymous.invalid>;tag=9802748;发端 ' Call-ID: 245780247857024504;呼叫 ID
CSeq: 2 INVITE
Max-Forwards: 69;最大转发次数
P-Asserted-Identity: "Cullen Jennings" <sip:fluffy@company.com>
P-Asserted-Identity: tel:+14085264000
Privacy: id
5) proxy.pstn.net -> gw.pstn.net (trusted)
消息如下:
INVITE sip:+14085551212@gw.pstn.net SIP/2.0
Via: SIP/2.0/TCP useragent.company.com;branch=z9hG4bK-124
Via: SIP/2.0/TCP proxy.company.com;branch=z9hG4bK-abc
Via: SIP/2.0/TCP proxy.pstn.net;branch=z9hG4bK-alb2
To: <sip:+14085551212@company.com>;收端
From: "Anonymous" <sip:anonymous@anonymous.invalid>;tag=9802748;发端
Call-ID: 245780247857024504;呼叫 ID
CSeq: 2 INVITE
Max-Forwards: 68;最大转发次数
P-Asserted-Identity: "Cullen Jennings" <sip:fluffy@company.com>
P-Asserted-Identity: tel:+14085264000
Privacy: id