[Spce-user] Avoid 302 response

Andreas Granig agranig at sipwise.com
Tue Mar 12 06:28:55 EDT 2013 

Hi,
On 03/12/2013 10:48 AM, Mario Contreras wrote:
> if(t_check_status("301|302"))
> {
>      xlog("L_ERROR", "Failed to fetch contact '$ct' from 301/302 - [%
> logreq -%]\n");
>      acc_db_request("480", "acc");
>      $var(announce_handle) = "callee_tmp_unavailable";
>      $var(announce_set) = $avp(s:callee_sound_set);
>      $(avp(s:announce_code)[*]) = 403;
>      $(avp(s:announce_reason)[*]) = "Forbidden";
>      route(ROUTE_EARLY_REJECT);
> }

Could work fine at first sight. Best is to try it out :)

> Anyway, my spce treats the calls like they were incoming. Is that
> normal? Here I show an entry from cdr table:
>
> *************************** 1. row ***************************
>                                  id: 285697
>                         update_time: 2013-03-10 05:09:27
>                      source_user_id: 0
>                  source_provider_id: 3
>       source_external_subscriber_id:
>         source_external_contract_id:
>                   source_account_id: 0
>                         source_user: myuser
>                       source_domain: example.com
>                          source_cli: CCCCCCCCCC
>                         source_clir: 1
>                 destination_user_id: 0
>             destination_provider_id: 3
> destination_external_subscriber_id:
>    destination_external_contract_id:
>              destination_account_id: 0
>                    destination_user: XXXXXXXXXX
>                  destination_domain: 1.1.1.1
>             destination_user_dialed: XXXXXXXXXX
>                 destination_user_in: XXXXXXXXXX
>               destination_domain_in: example.com
>                      peer_auth_user:
>                     peer_auth_realm:
>                           call_type: cfb

As you can see, the SPCE treats such call deflection as call-forward 
(call_type set to "cfb" instead of "call"). This is what you usually 
want, because if your subscriber configures his device to do a 
call-forward, you want this subscriber to pay for this call-forward, 
instead of charging it to the caller, because the caller doesn't know 
about this redirect.

It's the responsibility of the owner of the end device (if it's a 
bring-your-own-device service) or the platform operator (if you manage 
the devices of your customers) to keep it secure and not allow attackers 
to set it to arbitrary numbers.

Andreas

More information about the Spce-user mailing list