Inaugural #FridayFun at tangopbx forums
We had a recent request in support to filter out calls based on Stir/Shaken attestation level. The customer wanted A and B calls delivered to their reception queues, but lower levels and most importantly unsigned calls would just get refused.
Some SIP providers will share the attestation level in a header in the SIP INVITE, such as the way ClearyIP Trunking does. One you enable ‘Enhanced Verification Status’ for your CIP trunks, you have access to the S/S attestation level in the SIP Header. Here’s an example inbound call from sngrep
So the header is enabled, how to do we use it? If you already have a PJSIP trunk setup and working on your system, then you just need to start with a block of custom dialplan in extensions_custom.conf. Something like this:
[from-pstn-check-ss]
exten => _.,1,Noop(Entering user defined context from-pstn-check-ss in extensions_custom.conf)
; get the value of P-Attestation-Indicator where CIP stores the s/s attestation and store in CDR. If your provider uses a different header, edit to suit.
exten => _.,n,Set(CALL_ATTESTATION=${PJSIP_HEADER(read,P-Attestation-Indicator)})
exten => _.,n,NoOp(S/S Attestation Level: ${CALL_ATTESTATION})
exten => _.,n,ExecIf($["${CALL_ATTESTATION}"!=""]?Set(CDR(userfield)=S/S Level ${CALL_ATTESTATION}):Set(CDR(userfield)=S/S Level Unsigned))
; Branch call based on s/s attestation value
exten => _.,n,GotoIf($["${CALL_ATTESTATION}"="A" || "${CALL_ATTESTATION}"="a"]?inroute)
exten => _.,n,GotoIf($["${CALL_ATTESTATION}"="B" || "${CALL_ATTESTATION}"="b"]?inroute)
exten => _.,n,GotoIf($["${CALL_ATTESTATION}"="C" || "${CALL_ATTESTATION}"="c"]?intercept)
exten => _.,n,GotoIf($["${CALL_ATTESTATION}"=""]?intercept) ; unsigned call
; any other values go to inbound routes
exten => _.,n(inroute),Goto(from-pstn,${EXTEN},1)
; automatically hangup
exten => _.,n(intercept),NoOp(Call is being rejected)
exten => _.,n,PJSIPHangup(404) ; brand new Asterisk application, remove this line if things break for you
exten => _.,n,Goto(app-blackhole,no-service,1)
With the above in place, you can then edit your PJSIP trunks in the GUI to use the context from-pstn-check-ss. Save, apply config and start making some calls.
Eagle eyed readers will note that the attestation level is stored in the channel variable CALL_ATTESTATION, so you could use that value later in the call flow such as in a Dynamic Route by referencing ${CALL_ATTESTATION}.
You will also note that the attestation level is recorded in the CDR userfield for all calls, so any calls that don’t make it through will still show up in the CDR with their attestation.
Edit - there’s some good points raised in this thread for anyone thinking that they would like to put the diaplan as written above into production.