

<h4>Pre-Submission Checklist</h4>


<ul class="contains-task-list">

<li class="task-list-item"><input type="checkbox" id="" disabled="" class="task-list-item-checkbox" checked=""> Commit message has the format required by CONTRIBUTING guide</li>

<li class="task-list-item"><input type="checkbox" id="" disabled="" class="task-list-item-checkbox" checked=""> Commits are split per component (core, individual modules, libs, utils, ...)</li>

<li class="task-list-item"><input type="checkbox" id="" disabled="" class="task-list-item-checkbox" checked=""> Each component has a single commit (if not, squash them into one commit)</li>

<li class="task-list-item"><input type="checkbox" id="" disabled="" class="task-list-item-checkbox" checked=""> No commits to README files for modules (changes must be done to docbook files<br>

in <code>doc/</code> subfolder, the README file is autogenerated)</li>

</ul>

<h4>Type Of Change</h4>

<ul class="contains-task-list">

<li class="task-list-item"><input type="checkbox" id="" disabled="" class="task-list-item-checkbox"> Small bug fix (non-breaking change which fixes an issue)</li>

<li class="task-list-item"><input type="checkbox" id="" disabled="" class="task-list-item-checkbox" checked=""> New feature (non-breaking change which adds new functionality)</li>

<li class="task-list-item"><input type="checkbox" id="" disabled="" class="task-list-item-checkbox"> Breaking change (fix or feature that would change existing functionality)</li>

</ul>

<h4>Checklist:</h4>


<ul class="contains-task-list">

<li class="task-list-item"><input type="checkbox" id="" disabled="" class="task-list-item-checkbox"> PR should be backported to stable branches</li>

<li class="task-list-item"><input type="checkbox" id="" disabled="" class="task-list-item-checkbox" checked=""> Tested changes locally</li>

<li class="task-list-item"><input type="checkbox" id="" disabled="" class="task-list-item-checkbox"> Related to issue #XXXX (replace XXXX with an open issue number)</li>

</ul>

<h4>Description</h4>


<p>This is an implementation of sec-agree used in IMS with IPSec. It's not a complete sec-agree implementation, only the flows used by IMS. The code is usable, but needs a few improvements, which I plan to push in the near future. <strong>My work is based on the implementation in OpenIMSCore.</strong></p>

<p>For IPSec implementation the XFRM framework from the Linux kernel is used. Security association (SA) and Policies creation/removal is performed via netlink messages. For this reason the module depends on libmnl (a minimalistic netlink library).</p>

<p>As XFRM is Linux specific, the code is not portable and can't be used on operating system different from Linux. The code will not compile on *BSDs too. However all platform specific code resides in ipsec.c so support for other OSes/IPSec implementations can be added relatively easy.</p>

<p>The README file, which is commited is generated from docs dir with xsltproc.</p>

<p>Issues I still work on:</p>

<ul>

<li>Kamailio must be run as root in order to be able to send netlink messages and create XFRM SAs and Policies.</li>

<li>SAs and Policies are not deleted on Kamailio startup and shutdown.</li>

<li>According to the current contact implementation in the PCSCF modules (adn the 3GPP specs) the IPSec tunnel should be created on two steps. Initial parameters should be saved in security_tmp and on confirmation - in security. At the moment everything remains in security.</li>

</ul>

<p>As this is my first more serious contribution to the project, all kinds of feedback is highly appreciated :)</p>


<hr>


<h4>You can view, comment on, or merge this pull request online at:</h4>

<p>  <a href='https://github.com/kamailio/kamailio/pull/1605'>https://github.com/kamailio/kamailio/pull/1605</a></p>


<h4>Commit Summary</h4>

<ul>

  <li>ims_ipsec_pcscf: sec-agree implementation for IMS</li>

</ul>


<h4>File Changes</h4>

<ul>

  <li>

    <strong>A</strong>

    <a href="https://github.com/kamailio/kamailio/pull/1605/files#diff-0">src/modules/ims_ipsec_pcscf/Makefile</a>

    (20)

  </li>

  <li>

    <strong>A</strong>

    <a href="https://github.com/kamailio/kamailio/pull/1605/files#diff-1">src/modules/ims_ipsec_pcscf/README</a>

    (244)

  </li>

  <li>

    <strong>A</strong>

    <a href="https://github.com/kamailio/kamailio/pull/1605/files#diff-2">src/modules/ims_ipsec_pcscf/cmd.c</a>

    (585)

  </li>

  <li>

    <strong>A</strong>

    <a href="https://github.com/kamailio/kamailio/pull/1605/files#diff-3">src/modules/ims_ipsec_pcscf/cmd.h</a>

    (6)

  </li>

  <li>

    <strong>A</strong>

    <a href="https://github.com/kamailio/kamailio/pull/1605/files#diff-4">src/modules/ims_ipsec_pcscf/doc/Makefile</a>

    (4)

  </li>

  <li>

    <strong>A</strong>

    <a href="https://github.com/kamailio/kamailio/pull/1605/files#diff-5">src/modules/ims_ipsec_pcscf/doc/ims_ipsec_pcscf.xml</a>

    (88)

  </li>

  <li>

    <strong>A</strong>

    <a href="https://github.com/kamailio/kamailio/pull/1605/files#diff-6">src/modules/ims_ipsec_pcscf/doc/ims_ipsec_pcscf_admin.xml</a>

    (231)

  </li>

  <li>

    <strong>A</strong>

    <a href="https://github.com/kamailio/kamailio/pull/1605/files#diff-7">src/modules/ims_ipsec_pcscf/ims_ipsec_pcscf_mod.c</a>

    (227)

  </li>

  <li>

    <strong>A</strong>

    <a href="https://github.com/kamailio/kamailio/pull/1605/files#diff-8">src/modules/ims_ipsec_pcscf/ipsec.c</a>

    (386)

  </li>

  <li>

    <strong>A</strong>

    <a href="https://github.com/kamailio/kamailio/pull/1605/files#diff-9">src/modules/ims_ipsec_pcscf/ipsec.h</a>

    (24)

  </li>

  <li>

    <strong>A</strong>

    <a href="https://github.com/kamailio/kamailio/pull/1605/files#diff-10">src/modules/ims_ipsec_pcscf/run_spi_list_tests.sh</a>

    (4)

  </li>

  <li>

    <strong>A</strong>

    <a href="https://github.com/kamailio/kamailio/pull/1605/files#diff-11">src/modules/ims_ipsec_pcscf/spi_gen.c</a>

    (87)

  </li>

  <li>

    <strong>A</strong>

    <a href="https://github.com/kamailio/kamailio/pull/1605/files#diff-12">src/modules/ims_ipsec_pcscf/spi_gen.h</a>

    (16)

  </li>

  <li>

    <strong>A</strong>

    <a href="https://github.com/kamailio/kamailio/pull/1605/files#diff-13">src/modules/ims_ipsec_pcscf/spi_list.c</a>

    (123)

  </li>

  <li>

    <strong>A</strong>

    <a href="https://github.com/kamailio/kamailio/pull/1605/files#diff-14">src/modules/ims_ipsec_pcscf/spi_list.h</a>

    (29)

  </li>

  <li>

    <strong>A</strong>

    <a href="https://github.com/kamailio/kamailio/pull/1605/files#diff-15">src/modules/ims_ipsec_pcscf/spi_list_tests.c</a>

    (292)

  </li>

</ul>


<h4>Patch Links:</h4>

<ul>

  <li><a href='https://github.com/kamailio/kamailio/pull/1605.patch'>https://github.com/kamailio/kamailio/pull/1605.patch</a></li>

  <li><a href='https://github.com/kamailio/kamailio/pull/1605.diff'>https://github.com/kamailio/kamailio/pull/1605.diff</a></li>

</ul>


<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/kamailio/kamailio/pull/1605">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AF36ZfmMenytUKVGZ31LJ1eYzamQjdgTks5uKv7YgaJpZM4VjXyg">mute the thread</a>.<img src="https://github.com/notifications/beacon/AF36ZXYnRmiTVmaCE3DZuBi2260Rnf9Pks5uKv7YgaJpZM4VjXyg.gif" height="1" width="1" alt="" /></p>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/kamailio/kamailio","title":"kamailio/kamailio","subtitle":"GitHub repository","main_image_url":"https://assets-cdn.github.com/images/email/message_cards/header.png","avatar_image_url":"https://assets-cdn.github.com/images/email/message_cards/avatar.png","action":{"name":"Open in GitHub","url":"https://github.com/kamailio/kamailio"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"ims_ipsec_pcscf: sec-agree implementation for IMS (#1605)"}],"action":{"name":"View Pull Request","url":"https://github.com/kamailio/kamailio/pull/1605"}}}</script>

<script type="application/ld+json">[

{

"@context": "http://schema.org",

"@type": "EmailMessage",

"potentialAction": {

"@type": "ViewAction",

"target": "https://github.com/kamailio/kamailio/pull/1605",

"url": "https://github.com/kamailio/kamailio/pull/1605",

"name": "View Pull Request"

},

"description": "View this Pull Request on GitHub",

"publisher": {

"@type": "Organization",

"name": "GitHub",

"url": "https://github.com"

}

},

{

"@type": "MessageCard",

"@context": "http://schema.org/extensions",

"hideOriginalBody": "false",

"originator": "AF6C5A86-E920-430C-9C59-A73278B5EFEB",

"title": "ims_ipsec_pcscf: sec-agree implementation for IMS (#1605)",

"sections": [

{

"text": "",

"activityTitle": "**Tsvetomir Dimitrov**",

"activityImage": "https://assets-cdn.github.com/images/email/message_cards/avatar.png",

"activitySubtitle": "@tdimitrov",

"facts": [


]

},

{

"title": "Commit Summary",

"facts": [

{

"name": "f887542",

"value": "ims_ipsec_pcscf: sec-agree implementation for IMS"

}

]

},

{

"title": "File Changes",

"facts": [

{

"name": "Added",

"value": "[src/modules/ims_ipsec_pcscf/Makefile](https://github.com/kamailio/kamailio/pull/1605/files#diff-0) (20 changes)"

},

{

"name": "Added",

"value": "[src/modules/ims_ipsec_pcscf/README](https://github.com/kamailio/kamailio/pull/1605/files#diff-1) (244 changes)"

},

{

"name": "Added",

"value": "[src/modules/ims_ipsec_pcscf/cmd.c](https://github.com/kamailio/kamailio/pull/1605/files#diff-2) (585 changes)"

},

{

"name": "Added",

"value": "[src/modules/ims_ipsec_pcscf/cmd.h](https://github.com/kamailio/kamailio/pull/1605/files#diff-3) (6 changes)"

},

{

"name": "Added",

"value": "[src/modules/ims_ipsec_pcscf/doc/Makefile](https://github.com/kamailio/kamailio/pull/1605/files#diff-4) (4 changes)"

},

{

"name": "Added",

"value": "[src/modules/ims_ipsec_pcscf/doc/ims_ipsec_pcscf.xml](https://github.com/kamailio/kamailio/pull/1605/files#diff-5) (88 changes)"

},

{

"name": "Added",

"value": "[src/modules/ims_ipsec_pcscf/doc/ims_ipsec_pcscf_admin.xml](https://github.com/kamailio/kamailio/pull/1605/files#diff-6) (231 changes)"

},

{

"name": "Added",

"value": "[src/modules/ims_ipsec_pcscf/ims_ipsec_pcscf_mod.c](https://github.com/kamailio/kamailio/pull/1605/files#diff-7) (227 changes)"

},

{

"name": "Added",

"value": "[src/modules/ims_ipsec_pcscf/ipsec.c](https://github.com/kamailio/kamailio/pull/1605/files#diff-8) (386 changes)"

},

{

"name": "Added",

"value": "[src/modules/ims_ipsec_pcscf/ipsec.h](https://github.com/kamailio/kamailio/pull/1605/files#diff-9) (24 changes)"

},

{

"name": "Added",

"value": "[src/modules/ims_ipsec_pcscf/run_spi_list_tests.sh](https://github.com/kamailio/kamailio/pull/1605/files#diff-10) (4 changes)"

},

{

"name": "Added",

"value": "[src/modules/ims_ipsec_pcscf/spi_gen.c](https://github.com/kamailio/kamailio/pull/1605/files#diff-11) (87 changes)"

},

{

"name": "Added",

"value": "[src/modules/ims_ipsec_pcscf/spi_gen.h](https://github.com/kamailio/kamailio/pull/1605/files#diff-12) (16 changes)"

},

{

"name": "Added",

"value": "[src/modules/ims_ipsec_pcscf/spi_list.c](https://github.com/kamailio/kamailio/pull/1605/files#diff-13) (123 changes)"

},

{

"name": "Added",

"value": "[src/modules/ims_ipsec_pcscf/spi_list.h](https://github.com/kamailio/kamailio/pull/1605/files#diff-14) (29 changes)"

},

{

"name": "Added",

"value": "[src/modules/ims_ipsec_pcscf/spi_list_tests.c](https://github.com/kamailio/kamailio/pull/1605/files#diff-15) (292 changes)"

}

]

}

],

"potentialAction": [

{

"name": "Add a comment",

"@type": "ActionCard",

"inputs": [

{

"isMultiLine": true,

"@type": "TextInput",

"id": "IssueComment",

"isRequired": false

}

],

"actions": [

{

"name": "Comment",

"@type": "HttpPOST",

"target": "https://api.github.com",

"body": "{\n\"commandName\": \"IssueComment\",\n\"repositoryFullName\": \"kamailio/kamailio\",\n\"issueId\": 1605,\n\"IssueComment\": \"{{IssueComment.value}}\"\n}"

}

]

},

{

"name": "Close pull request",

"@type": "HttpPOST",

"target": "https://api.github.com",

"body": "{\n\"commandName\": \"PullRequestClose\",\n\"repositoryFullName\": \"kamailio/kamailio\",\n\"pullRequestId\": 1605\n}"

},

{

"targets": [

{

"os": "default",

"uri": "https://github.com/kamailio/kamailio/pull/1605"

}

],

"@type": "OpenUri",

"name": "View on GitHub"

},

{

"targets": [

{

"os": "default",

"uri": "https://github.com/kamailio/kamailio/pull/1605.patch"

}

],

"@type": "OpenUri",

"name": "View patch"

},

{

"targets": [

{

"os": "default",

"uri": "https://github.com/kamailio/kamailio/pull/1605.diff"

}

],

"@type": "OpenUri",

"name": "View diff"

},

{

"name": "Unsubscribe",

"@type": "HttpPOST",

"target": "https://api.github.com",

"body": "{\n\"commandName\": \"MuteNotification\",\n\"threadId\": 361594016\n}"

}

],

"themeColor": "26292E"

}

]</script>