Module: kamailio Branch: master Commit: bb35e0aa112f9c60779692c67f42b6ef2cb1b0c2 URL: https://github.com/kamailio/kamailio/commit/bb35e0aa112f9c60779692c67f42b6e… Author: Supreeth Herle <herlesupreeth(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2023-11-30T10:18:47+01:00 ims_ipsec_pcscf: cope better with some broken In-Dialog routing --- Modified: src/modules/ims_ipsec_pcscf/cmd.c --- Diff: https://github.com/kamailio/kamailio/commit/bb35e0aa112f9c60779692c67f42b6e… Patch: https://github.com/kamailio/kamailio/commit/bb35e0aa112f9c60779692c67f42b6e… --- diff --git a/src/modules/ims_ipsec_pcscf/cmd.c b/src/modules/ims_ipsec_pcscf/cmd.c index dca5784c8a0..594d442710f 100644 --- a/src/modules/ims_ipsec_pcscf/cmd.c +++ b/src/modules/ims_ipsec_pcscf/cmd.c @@ -501,6 +501,35 @@ static int create_ipsec_tunnel(const struct ip_addr *remote_addr, ipsec_t *s) add_policy(sock, remote_addr, ipsec_addr, s->port_us, s->port_pc, s->spi_pc, IPSEC_POLICY_DIRECTION_IN); + /* cope with some broken In-Dialog routing */ + // SA5 UE client to P-CSCF client + // src adrr dst addr src port dst port + add_sa(sock, remote_addr, ipsec_addr, s->port_uc, s->port_pc, s->spi_ps, + s->ck, s->ik, s->r_alg, s->r_ealg); + add_policy(sock, remote_addr, ipsec_addr, s->port_uc, s->port_pc, s->spi_ps, + IPSEC_POLICY_DIRECTION_IN); + + // SA6 P-CSCF client to UE client + // src adrr dst addr src port dst port + add_sa(sock, ipsec_addr, remote_addr, s->port_pc, s->port_uc, s->spi_us, + s->ck, s->ik, s->r_alg, s->r_ealg); + add_policy(sock, ipsec_addr, remote_addr, s->port_pc, s->port_uc, s->spi_us, + IPSEC_POLICY_DIRECTION_OUT); + + // SA7 P-CSCF server to UE server + // src adrr dst addr src port dst port + add_sa(sock, ipsec_addr, remote_addr, s->port_ps, s->port_us, s->spi_uc, + s->ck, s->ik, s->r_alg, s->r_ealg); + add_policy(sock, ipsec_addr, remote_addr, s->port_ps, s->port_us, s->spi_uc, + IPSEC_POLICY_DIRECTION_OUT); + + // SA8 UE server to P-CSCF server + // src adrr dst addr src port dst port + add_sa(sock, remote_addr, ipsec_addr, s->port_us, s->port_ps, s->spi_pc, + s->ck, s->ik, s->r_alg, s->r_ealg); + add_policy(sock, remote_addr, ipsec_addr, s->port_us, s->port_ps, s->spi_pc, + IPSEC_POLICY_DIRECTION_IN); + close_mnl_socket(sock); return 0; @@ -562,6 +591,31 @@ static int destroy_ipsec_tunnel( remove_policy(sock, remote_addr, ipsec_addr, s->port_us, s->port_pc, s->spi_pc, ip_addr.af, IPSEC_POLICY_DIRECTION_IN); + /* cope with some broken In-Dialog routing */ + // SA5 UE client to P-CSCF client + remove_sa(sock, remote_addr, ipsec_addr, s->port_uc, s->port_pc, s->spi_ps, + ip_addr.af); + remove_policy(sock, remote_addr, ipsec_addr, s->port_uc, s->port_pc, + s->spi_ps, ip_addr.af, IPSEC_POLICY_DIRECTION_IN); + + // SA6 P-CSCF client to UE client + remove_sa(sock, ipsec_addr, remote_addr, s->port_pc, s->port_uc, s->spi_us, + ip_addr.af); + remove_policy(sock, ipsec_addr, remote_addr, s->port_pc, s->port_uc, + s->spi_us, ip_addr.af, IPSEC_POLICY_DIRECTION_OUT); + + // SA7 P-CSCF server to UE server + remove_sa(sock, ipsec_addr, remote_addr, s->port_ps, s->port_us, s->spi_uc, + ip_addr.af); + remove_policy(sock, ipsec_addr, remote_addr, s->port_ps, s->port_us, + s->spi_uc, ip_addr.af, IPSEC_POLICY_DIRECTION_OUT); + + // SA8 UE server to P-CSCF server + remove_sa(sock, remote_addr, ipsec_addr, s->port_us, s->port_ps, s->spi_pc, + ip_addr.af); + remove_policy(sock, remote_addr, ipsec_addr, s->port_us, s->port_ps, + s->spi_pc, ip_addr.af, IPSEC_POLICY_DIRECTION_IN); + // Release SPIs release_spi(s->spi_pc, s->spi_ps, s->port_pc, s->port_ps);