Pre-Submission Checklist

Commit message has the format required by CONTRIBUTING guide
Commits are split per component (core, individual modules, libs, utils, ...)
Each component has a single commit (if not, squash them into one commit)
No commits to README files for modules (changes must be done to docbook files
in doc/ subfolder, the README file is autogenerated)

Type Of Change

Small bug fix (non-breaking change which fixes an issue)
New feature (non-breaking change which adds new functionality)
Breaking change (fix or feature that would change existing functionality)

Checklist:

PR should be backported to stable branches
Tested changes locally
Related to PR #3891

Description

Normally, the IMS P-CSCF should identify the clients (UEs) by the received IP address and ports on Rx. The current code is using a mix of that, plus using Contact and Via headers, with arguable potential security issues.

This patch adds a new parameter to ims_registrar_pcscf and ims_qos modules, allowing for an optional outsource of the IPsec functionality to another element, which is also in charge of checking/enforcing correct UE Via header. The existing code is allowed to work as before, with the default value of the flag being towards that.

List of functional changes:

ims_qos
- added trust_bottom_via parameter
- used it on w_rx_aar_register()
ims_registrar_pcscf
- added trust_bottom_via parameter
- used it on update_contacts(), save_pending(), check_contact(), getContactP(), check_service_routes(), enforce_service_routes()
- made ims_ipsec_pcscf dependency optional, with checks when used
- skipped checks of port-uc in checkcontact() if the ims_ipsec_pcscf module was not loaded
- added ignore_contact_rxproto_check parameter - IMS devices open IPsec Security Associations just between IPs and ports, with both UDP and TCP protocols allowed. The default then was set here to always ignore protocol checks. Before, the ignore_contact_rxport_check was used to skip this and still make it work, but that seemed like a typo/mistake with hidden effects.

List of indirect changes:

core/ut.h: added a str2ushort() macro, since code was using some dangerous casting and macros with a larger type
ims_registrar_pcscf: added Route headers in SUBSCRIBE to reginfo, with values from Service-Routes, as per 3GPP specs.
ims_usrloc_pcscf: small log fixes

You can view, comment on, or merge this pull request online at:

https://github.com/kamailio/kamailio/pull/3901

Commit Summary

138c0c8 core: added str2ushort() to avoid some questionable casting in ims_qos
9d10bf4 lib/ims: fixed a typo in a log message
06b817b ims_usrloc_pcscf: small log fixes
cefa081 ims_qos: added trust_bottom_via parameter
2f24016 ims_registrar_pcscf: added trust_bottom_via parameter, added ignore_contact_rxproto_check, fixes for logging, fixes for SUBSCRIBE to reginfo for including Service-Route, allow use without ims_ipsec_pcscf

File Changes

(17 files)

M src/core/ut.h (8)
M src/lib/ims/ims_getters.c (2)
M src/modules/ims_qos/doc/ims_qos.xml (6)
M src/modules/ims_qos/doc/ims_qos_admin.xml (41)
M src/modules/ims_qos/ims_qos_mod.c (27)
M src/modules/ims_qos/rx_aar.h (4)
M src/modules/ims_qos/rx_authdata.h (2)
M src/modules/ims_qos/rx_avp.c (2)
M src/modules/ims_registrar_pcscf/doc/ims_registrar_pcscf.xml (6)
M src/modules/ims_registrar_pcscf/doc/ims_registrar_pcscf_admin.xml (73)
M src/modules/ims_registrar_pcscf/ims_registrar_pcscf_mod.c (26)
M src/modules/ims_registrar_pcscf/notify.c (2)
M src/modules/ims_registrar_pcscf/save.c (80)
M src/modules/ims_registrar_pcscf/service_routes.c (136)
M src/modules/ims_registrar_pcscf/subscribe.c (74)
M src/modules/ims_registrar_pcscf/subscribe.h (4)
M src/modules/ims_usrloc_pcscf/udomain.c (4)

Patch Links:

—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.