<p></p>
<p><b>@alexyosifov</b> approved this pull request.</p>
<hr>
<p>In <a href="https://github.com/kamailio/kamailio/pull/2731#discussion_r629307760">src/modules/ims_ipsec_pcscf/cmd.c</a>:</p>
<pre style='color:#555'>> - // for Reply and TCP sends from P-CSCF server port, for Reply and UDP sends from P-CSCF client port
- src_port = dst_proto == PROTO_TCP ? s->port_ps : s->port_pc;
+ // Check send socket
+ struct socket_info * client_sock = grep_sock_info(via_host.af == AF_INET ? &ipsec_listen_addr : &ipsec_listen_addr6, src_port, dst_proto);
+ if(client_sock) {
+ // for Reply and TCP sends from P-CSCF server port, for Reply and UDP sends from P-CSCF client port
+ src_port = dst_proto == PROTO_TCP ? s->port_ps : s->port_pc;
- // for Reply and TCP sends to UE client port, for Reply and UDP sends to UE server port
- dst_port = dst_proto == PROTO_TCP ? s->port_uc : s->port_us;
+ // for Reply and TCP sends to UE client port, for Reply and UDP sends to UE server port
+ dst_port = dst_proto == PROTO_TCP ? s->port_uc : s->port_us;
+ }
+ else
+ {
+ src_port = s->port_pc;
+ dst_port = s->port_us;
+ }
</pre>
<p>Why you have to check "send socket" here? You perform the check with zero src_port and dst_proto.<br>
The "send socket" always is present. If you scroll down at row 877 there is the same check and if "send socket" is not present the function returns an error.<br>
I do not see value from this change and I am not sure this will work properly.<br>
Correct me if I am wrong.</p>
<hr>
<p>In <a href="https://github.com/kamailio/kamailio/pull/2731#discussion_r629308227">src/modules/ims_ipsec_pcscf/ipsec.c</a>:</p>
<pre style='color:#555'>> + // cipher_null, des, des3_ede, aes
strcpy(l_enc_algo->alg_name,"cipher_null");
+ if (strncasecmp(r_ealg.s,"aes-cbc",r_ealg.len) == 0) {
+ LM_DBG("Creating security associations: AES\n");
+ strcpy(l_enc_algo->alg_name,"aes");
+ l_enc_algo->alg_key_len = ck.len * 4;
+ string_to_key(l_enc_algo->alg_key, ck);
+ }
+ else if (strncasecmp(r_ealg.s,"des-ede3-cbc",r_ealg.len) == 0) {
+ LM_DBG("Creating security associations: DES, ck.len=%d\n",ck.len);
+ strcpy(l_enc_algo->alg_name,"des3_ede");
+ str ck1;
+ ck1.s = pkg_malloc (128);
+ strncpy(ck1.s,ck.s,32);
+ strncat(ck1.s,ck.s,16);
+ ck1.len=32+16;
+
+ l_enc_algo->alg_key_len = ck1.len * 4;
+ string_to_key(l_enc_algo->alg_key, ck1);
+
+ pkg_free(ck1.s);
+ }
</pre>
<p>Is it a good idea cipher algorithm to be optional? Just add a new value in _cflags parameter in int ipsec_create(struct sip_msg* m, udomain_t* d, int _cflags) method.</p>
<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/kamailio/kamailio/pull/2731#pullrequestreview-655573226">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/ABO7UZMIQESDYBQRVVJRDBLTM7FABANCNFSM44PQXWGQ">unsubscribe</a>.<img src="https://github.com/notifications/beacon/ABO7UZO7GKCPVMXBW5LFIOTTM7FABA5CNFSM44PQXWG2YY3PNVWWK3TUL52HS4DFWFIHK3DMKJSXC5LFON2FEZLWNFSXPKTDN5WW2ZLOORPWSZGOE4JUB2Q.gif" height="1" width="1" alt="" /></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/kamailio/kamailio/pull/2731#pullrequestreview-655573226",
"url": "https://github.com/kamailio/kamailio/pull/2731#pullrequestreview-655573226",
"name": "View Pull Request"
},
"description": "View this Pull Request on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>