IWF Privacy Caller Privacy on Unsecure Networks
This feature enables bi-directional SIP/H.323 IWF support for CPID hiding by using the presentation indicators in the Calling Party Number information element for H.323 signaling, and RFC 3325-based privacy support for SIP signaling. It lets the Oracle® Enterprise Session Border Controller insert the P-Asserted-Identity and the Privacy header in the INVITE when the presentation indicator is set to restricted.
The presence, or absence, of P-Asserted-Identity and Privacy headers in the SIP INVITE informs the remote SIP proxy or endpoint to either block or advertise the CPID.
About the Presentation Indicator
When address information represents a telephone number, the relevant information can appear in the Calling Party Number information element (IE). This IE contains the caller’s number, information about the number, and presentation and screening indicators found in octet 3a. In order to prevent a calling party number to be passed through, the presentation indicator parameter (octet 3a) in the Calling Party IE must be set to a value other than 00.
In a H.323 to SIP IWF call, octet 3a in the Q.931 message indicates the caller’s preference for CPID restriction. If bits 7 and 6 are set to (0 1), the presentation is restricted and the outbound SIP INVITE from the IWF stack must be constructed as such.
H.323 to SIP IWF Call
When the presentation indicator in the calling party IE is set to restricted, the INVITE’s From and Contact headers sent from to sipd will be modified according to RFC 3325. When the Oracle® Enterprise Session Border Controller receives calls initiated as H.323, it will recognize the caller’s presentation bits as defined in Q.931 and use that information to construct a SIP INVITE in accordance with the user’s indicated preference.
- Inclusion of a P-Asserted-Identity header in the INVITE, containing the calling party’s CPID and the Oracle® Enterprise Session Border Controller’s IP address, constructed as a SIP URI (same mechanism used to construct the From-URI today).
- Addition of a Privacy header with its value set to id. This addition indicates to the upstream proxies and gateways that the caller address is to be hidden.
The sipd will either proxy or strip these headers according to RFC 3325, depending on the SIP interface and SIP session agent configurations.
Example 1 SETUP Sent from h323d to Remote H.323 Endpoints
Q.931 Protocol discriminator: Q.931 Call reference value length: 2 Call reference flag: Message sent from originating side Call reference value: 2F62 Message type: SETUP (0x05) Bearer capability Information element: Bearer capability Length: 3 ...0 1000 = Information transfer capability: Unrestricted digital information (0x08) .00. .... = Coding standard: ITU-T standardized coding (0x00) 1... .... = Extension indicator: last octet ...1 0011 = Information transfer rate: 384 kbit/s (0x13) .00. .... = Transfer mode: Circuit mode (0x00) 1... .... = Extension indicator: last octet ...0 0101 = User information layer 1 protocol: Recommendation H.221 and H.242 (0x05) 1... .... = Extension indicator: last octet Display 'jdoe\000' Information element: Display Length: 9 Display information: jdoe\000 Calling party number Information element: Calling party number Length: 2 .... 0000 = Numbering plan: Unknown (0x00) .000 .... = Number type: Unknown (0x00) 0... .... = Extension indicator: information continues through the next octet .... ..00 = Screening indicator: User-provided, not screened (0x00) .01. .... = Presentation indicator: Presentation restricted (0x01) 1... .... = Extension indicator: last octet
Example 2 INVITE from h323d to sipd
The two new headers will be stripped by the sipd when the INVITE is sent to a untrusted SIP proxy or endpoint and will be proxied over to a trusted SIP proxy or end point.
INVITE sip:780@192.168.200.6:5060;acme_realm=internal SIP/2.0 Via: SIP/2.0/UDP 127.0.0.1:5070;branch=z9hG4bKIWF00000510d031s9kou5c0;acme_irealm=external Contact: "Anonymous"<sip:anonymous@127.0.0.1:5070 GenericID: 7400000@000825010100 Supported: 100rel From: "Anonymous"<sip:anonymous@anonymous.invalid>;tag=0000004a000d8cc0 To: <sip:780@192.168.200.6:5060 Call-ID: 7f00000113ce0000004a000d88d8@127.0.0.1 CSeq: 2 INVITE P-Asserted-Identity: "jdoe"<sip:42343@192.168.200.68:5060> Privacy: id Content-Length: 175 Content-Type: application/sdp v=0 o=IWF 3 3 IN IP4 192.168.1.6 s=H323 Call c=IN IP4 192.168.1.6 t=0 0 m=audio 5666 RTP/AVP 0 101 18 a=rtpmap:0 PCMU/8000/1 a=rtpmap:101 telephone-event/8000/1 a=fmtp:101 0-15 a=rtpmap:18 G729/8000/1 a=fmtp:18 annexb=no m=video 5668 RTP/AVP 31 a=rtpmap:31 H261/9000/1
SIP to H.323
For a SIP to H.323 call, the Oracle® Enterprise Session Border Controller must recognize the caller’s Privacy request and set the presentation bits accordingly when constructing the outbound RAS/SETUP message. It must check SIP calls for the Privacy header (with value set to id). If this header is present, the SETUP’s octet 3a’s presentation bits must be set to restricted.
The Oracle® Enterprise Session Border Controller does not support any other value for the Privacy header. For those calls, the SETUP will not include a presentation indicator.
Example INVITE from SIP End Point to sipd
Apr 21 08:50:38.786 On [0:0]192.168.200.68:5060 received from 192.168.200.6:5062 INVITE sip:800@192.168.200.68:5060 SIP/2.0 Via: SIP/2.0/UDP 192.168.200.6:5062 From: anonymous <sip:anonymous@192.168.200.6:5062>;tag=1 To: sut <sip:800@192.168.200.68:5060 P-Asserted-Identity: sipp <sip:7789@192.168.200.6:5062 Privacy: id Call-ID: 1.1688.192.168.200.6@sipp.call.id Cseq: 1 INVITE Contact: sip:anonymous@192.168.200.6:5062 Max-Forwards: 70 Subject: Performance Test Content-Type: application/sdp Content-Length: 136 v=0 o=user1 53655765 2353687637 IN IP4 127.0.0.1 s=- t=0 0 c=IN IP4 127.0.0.1 m=audio 10000 RTP/AVP 0 a=rtpmap:0 PCMU/8000 Sample INVITE from sipd to h323d Apr 21 08:50:38.807 On 127.0.0.1:5070 received from 127.0.0.1:5060 INVITE sip:800@127.0.0.1:5070;acme_sag=sag1;acme_irealm=internal SIP/2.0 Via: SIP/2.0/UDP 127.0.0.1:5060;branch=z9hG4bK0804o700c0f0t9gpj0g0.1 From: anonymous <sip:anonymous@192.168.200.6:5062>;tag=SDm8kvc01-1 To: sut <sip:800@192.168.200.68:5060 P-Asserted-Identity: sipp <sip:7789@192.168.200.6:5062 Privacy: id Call-ID: SDm8kvc01-083221d8c0fa33f71ae85dd6ed0e4ea4-06ahc21 Cseq: 1 INVITE Contact: <sip:anonymous@192.168.200.68:5060;transport=udp Max-Forwards: 69 Subject: Performance Test Content-Type: application/sdp Content-Length: 136 GenericID: 9883100005@000825010100 v=0 o=user1 53655765 2353687637 IN IP4 127.0.0.1 s=- t=0 0 c=IN IP4 127.0.0.1 m=audio 10000 RTP/AVP 0 a=rtpmap:0 PCMU/8000 Sample SETUP sent from h323d to remote H323 EP Q.931 Protocol discriminator: Q.931 Call reference value length: 2 Call reference flag: Message sent from originating side Call reference value: 664D Message type: SETUP (0x05) Bearer capability Information element: Bearer capability Length: 3 ...1 0000 = Information transfer capability: 3.1 kHz audio (0x10) .00. .... = Coding standard: ITU-T standardized coding (0x00) 1... .... = Extension indicator: last octet ...1 0000 = Information transfer rate: 64 kbit/s (0x10) .00. .... = Transfer mode: Circuit mode (0x00) 1... .... = Extension indicator: last octet ...0 0011 = User information layer 1 protocol: Recommendation G.711 A-law (0x03) 1... .... = Extension indicator: last octet Display 'anonymous' Information element: Display Length: 9 Display information: anonymous Calling party number Information element: Calling party number Length: 2 .... 0000 = Numbering plan: Unknown (0x00) .000 .... = Number type: Unknown (0x00) 0... .... = Extension indicator: information continues through the next octet .... ..00 = Screening indicator: User-provided, not screened (0x00) .01. .... = Presentation indicator: Presentation restricted (0x01) 1... .... = Extension indicator: last octet
