Lawful Interception with radius and ruby script

6. Advanced Routing
1

Hello,

We use radius for AAA and routing, and we need to fork the call to a law agency SIP NAP.

How can we configure lawful intercept to fork the call to a law agency NAP based on radius reply?

If not possible, how to configure a mix with radius and csv?

Do you have any ruby script example with radius AAA and lawful interception?

Thanks

David

2

Hi David,

On ProSBC (Toolpack 3.x), Lawful Intercept (LI) is supported, but it is not directly triggered by RADIUS reply attributes in the standard implementation.

Forking calls to a Law Enforcement SIP NAP

In ProSBC, call forking for LI is controlled by Toolpack Lawful Intercept configuration, not by RADIUS VSAs. When a call is selected for interception, ProSBC uses the configured Lawful Agency object to fork the call toward the LEA SIP NAP (for content) and to send call information (e.g., via FTP), according to the agency configuration.

RADIUS + LI mixed deployment (supported approach)

The typical and supported ProSBC deployment model is:

  • RADIUS is used for AAA and routing/profile selection.

  • Lawful Intercept targets are provisioned in Toolpack (Lawful Configurations, Agencies, and target CSV files).

  • A routing script enables LI using an after-filter, which evaluates the call identity (calling, called, private address, including remapped numbers) against the configured LI targets.

  • When a match is found, the script sets params[:bridge][:intercepted_targets], and ProSBC performs the interception and forks the call to the LEA NAP.

If “RADIUS-driven LI” behavior is required operationally, the usual method is that the same OSS/workflow which updates RADIUS policy also updates the Toolpack LI targets (CSV/DB) when a warrant is activated or deactivated. This keeps LI controlled, auditable, and compliant.

Ruby routing example (ProSBC Toolpack 3.x)

require ‘base_routing’
require ‘lawful_intercept’

class SimpleRouting < BaseRouting
  include LawfulIntercept

route_match :call_field_name => :called
route_match :call_field_name => :calling
route_match :call_field_name => :nap

after_filter :method => :enable_lawful_intercept
end

Where to find the base LI script in ProSBC

The built-in Lawful Intercept implementation is provided as a filter script in Toolpack. You can find it in the GUI under:

Routing Scripts → Filter Scripts → lawful_intercept.rb

This script:

  • Reads Lawful Agencies and target CSV files from the Toolpack configuration

  • Matches calling/called/private (and remapped) numbers

  • Builds the required JSON and sets

params[:bridge][:intercepted_targets]
  • ProSBC then handles media forking and call-information delivery based on the configured Lawful Agency.

Reference script

You can also refer to this example implementation of the Lawful Intercept routing filter:
Lawful Intercept ProSBC

Summary (ProSBC)

  • Forking calls to an LEA SIP NAP is supported via ProSBC Lawful Intercept.

  • LI is not normally enabled directly by RADIUS reply attributes.

  • The supported model is RADIUS for AAA/routing + Toolpack configuration (CSV/DB) for LI selection, with LI enabled in the routing layer.

Hope this helps clarify how LI is intended to be deployed on ProSBC.

-Support