Hi to all, I am interested in the implementation of IPsec module. When I run Kamailio, it is creating processes based on the below formulate: UDP children * IPSEC_MAX_CONN * interfaces (v4 and v6) + (TCP+UD) processes for each interface. For example: children = 16tcp_children=16 IPSEC_MAX_CONN = 25and two interface : IPv6 and V4 Kamailio process count = (16 * 25 * 2 ) + 16 + 16 = 832 But why IPsec module is listening to UDP not TCP? this is an internal connection?
Thank you. Regards,Hossein
Hello,
not sure why you think that the ims_ipsec_pcscf module is listening only on UDP. It seems to be also listening on TCP:
//add listen interfaces for IPv4 if(add_listen_iface(addr4, NULL, ipsec_client_port + i, PROTO_TCP, 0) != 0) { LM_ERR("Error adding listen ipsec client TCP interface for IPv4\n"); return -1; }
if(add_listen_iface(addr4, NULL, ipsec_server_port + i, PROTO_TCP, 0) != 0) { LM_ERR("Error adding listen ipsec server TCP interface for IPv4\n"); return -1; }
if(add_listen_iface(addr4, NULL, ipsec_client_port + i, PROTO_UDP, 0) != 0) { LM_ERR("Error adding listen ipsec client UDP interface for IPv4\n"); return -1; }
if(add_listen_iface(addr4, NULL, ipsec_server_port + i, PROTO_UDP, 0) != 0) { LM_ERR("Error adding listen ipsec server UDP interface for IPv4\n"); return -1; }
Cheers,
Henning
-- Henning Westerholt – https://skalatan.de/blog/ Kamailio services – https://gilawa.comhttps://gilawa.com/
From: sr-users sr-users-bounces@lists.kamailio.org On Behalf Of H Yavari Sent: Thursday, May 20, 2021 3:01 AM To: Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org Subject: [SR-Users] IMS IPSec does use UDP socket?
Hi to all,
I am interested in the implementation of IPsec module. When I run Kamailio, it is creating processes based on the below formulate:
UDP children * IPSEC_MAX_CONN * interfaces (v4 and v6) + (TCP+UD) processes for each interface.
For example:
children = 16 tcp_children=16 IPSEC_MAX_CONN = 25 and two interface : IPv6 and V4
Kamailio process count = (16 * 25 * 2 ) + 16 + 16 = 832
But why IPsec module is listening to UDP not TCP? this is an internal connection?
Thank you.
Regards, Hossein
Yes, you are right.I just couldn't understand the relation between children and IPsec port/spi ranges. Regards,Hossein On Tuesday, June 1, 2021, 02:48:07 AM PDT, Henning Westerholt hw@skalatan.de wrote:
Hello,
not sure why you think that the ims_ipsec_pcscf module is listening only on UDP. It seems to be also listening on TCP:
//add listen interfaces for IPv4
if(add_listen_iface(addr4, NULL, ipsec_client_port + i, PROTO_TCP, 0) != 0) {
LM_ERR("Error adding listen ipsec client TCP interface for IPv4\n");
return -1;
}
if(add_listen_iface(addr4, NULL, ipsec_server_port + i, PROTO_TCP, 0) != 0) {
LM_ERR("Error adding listen ipsec server TCP interface for IPv4\n");
return -1;
}
if(add_listen_iface(addr4, NULL, ipsec_client_port + i, PROTO_UDP, 0) != 0) {
LM_ERR("Error adding listen ipsec client UDP interface for IPv4\n");
return -1;
}
if(add_listen_iface(addr4, NULL, ipsec_server_port + i, PROTO_UDP, 0) != 0) {
LM_ERR("Error adding listen ipsec server UDP interface for IPv4\n");
return -1;
}
Cheers,
Henning
-
H Yavari -
Henning Westerholt