Module: kamailio Branch: master Commit: 79bb2b1c4e5a446a333d837d4ccb1038303340e5 URL: https://github.com/kamailio/kamailio/commit/79bb2b1c4e5a446a333d837d4ccb1038...

Author: Rikyz xxxxxx@xxxxxx Committer: Daniel-Constantin Mierla miconda@gmail.com Date: 2022-03-11T10:27:26+01:00

ims_ipsec_pcscf: fix sha1 algorithm and tcp connections for SIP Replies over TCP

---

Modified: src/modules/ims_ipsec_pcscf/cmd.c Modified: src/modules/ims_ipsec_pcscf/ipsec.c

---

Diff: https://github.com/kamailio/kamailio/commit/79bb2b1c4e5a446a333d837d4ccb1038... Patch: https://github.com/kamailio/kamailio/commit/79bb2b1c4e5a446a333d837d4ccb1038...

---

diff --git a/src/modules/ims_ipsec_pcscf/cmd.c b/src/modules/ims_ipsec_pcscf/cmd.c index 82099367ba..f8672a592a 100644 --- a/src/modules/ims_ipsec_pcscf/cmd.c +++ b/src/modules/ims_ipsec_pcscf/cmd.c @@ -846,17 +846,15 @@ int ipsec_forward(struct sip_msg* m, udomain_t* d, int _cflags) // for Reply get the dest proto from the received request dst_proto = req->rcv.proto;

+ // for Reply and TCP sends from P-CSCF server port, for Reply and UDP sends from P-CSCF client port + src_port = dst_proto == PROTO_TCP ? s->port_ps : s->port_pc; + + // for Reply and TCP sends to UE client port, for Reply and UDP sends to UE server port + dst_port = dst_proto == PROTO_TCP ? s->port_uc : s->port_us; + // Check send socket struct socket_info * client_sock = grep_sock_info(via_host.af == AF_INET ? &ipsec_listen_addr : &ipsec_listen_addr6, src_port, dst_proto); - if(client_sock) { - // for Reply and TCP sends from P-CSCF server port, for Reply and UDP sends from P-CSCF client port - src_port = dst_proto == PROTO_TCP ? s->port_ps : s->port_pc; - - // for Reply and TCP sends to UE client port, for Reply and UDP sends to UE server port - dst_port = dst_proto == PROTO_TCP ? s->port_uc : s->port_us; - } - else - { + if(!client_sock) { src_port = s->port_pc; dst_port = s->port_us; } diff --git a/src/modules/ims_ipsec_pcscf/ipsec.c b/src/modules/ims_ipsec_pcscf/ipsec.c index e874abaa34..16dda61b8c 100644 --- a/src/modules/ims_ipsec_pcscf/ipsec.c +++ b/src/modules/ims_ipsec_pcscf/ipsec.c @@ -184,7 +184,7 @@ int add_sa(struct mnl_socket* nl_sock, const struct ip_addr *src_addr_param, con if(strncasecmp(r_alg.s, "hmac-md5-96", r_alg.len) == 0) { strcpy(l_auth_algo->alg_name,"md5"); } - else if(strncasecmp(r_alg.s, "hmac-sha1-96", r_alg.len) == 0) { + else if(strncasecmp(r_alg.s, "hmac-sha-1-96", r_alg.len) == 0) { strcpy(l_auth_algo->alg_name,"sha1"); } else { // set default algorithm to sha1