Re: [sr-dev] [kamailio/kamailio] Ipsec fix defects (#2023)
Merged #2023 into master. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/2023#event-2548327144___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] Ipsec tcp multiple conns (#2001)
I agree, no one should complain if commented out code gets removed at some point and you can look up old code in git. @alexyosifov could you please have a look at the commented out code and remove the unnecessary functions or add TODOs, as @henningw suggested? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/2001#issuecomment-511532968___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] Ipsec tcp multiple conns (#2001)
@henningw I've made a review on my own, before asking a second opinion. The patch remained open for more than 10 days, which I think is too much. I wasn't aware that you are still reviewing the patch. The whole mode is in "work in progress" state, so I am willing to accept commented out code blocks in this state. It's more important to have proper integration with the other IMS modules and working usecases for the IPSec module itself. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/2001#issuecomment-511529535___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] Ipsec tcp multiple conns (#2001)
Merged #2001 into master. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/2001#event-2483541165___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] Ipsec tcp multiple conns (#2001)
I'm merging this as it is waiting for too long time. If anyone has concerns about the code, we'll fix them later. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/2001#issuecomment-51145___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] Ipsec tcp multiple conns (#2001)
@miconda @ngvoice Could you please have a look at the third commit in ims_usrloc_pcscf? Seems reasonable to me but I'm not very familiar with the code in the module, so I'll appreciate another opinion. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/2001#issuecomment-509765044___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] Ipsec fix defects (#1982)
Merged #1982 into master. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/1982#event-2411628413___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] Ipsec tcp (#1974)
Merged #1974 into master. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/1974#event-2390261268___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] Ipsec tcp (#1974)
tdimitrov commented on this pull request. Great job! Only one remark - could you please address my comment about the hardcoded PROTO_UDP in ipsec_forward function? If it is not an error - I'll merge it. > @@ -562,6 +560,24 @@ int ipsec_forward(struct sip_msg* m, udomain_t* d) struct pcontact_info ci; pcontact_t* pcontact = NULL; int ret = IPSEC_CMD_FAIL; // FAIL by default +unsigned char dst_proto = PROTO_UDP; Is this hardcoded to PROTO_UDP on purpose? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/1974#pullrequestreview-245615615___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] ims_registrar_pcscf: parse security verify header (#1964)
@miconda @ngvoice , this seems reasonable. Should we merge it? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/1964#issuecomment-495720273___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
[sr-dev] git:master:5e4aada6: ims_ipsec_pcscf: TCP support
Module: kamailio Branch: master Commit: 5e4aada6f3b7509c8633d461b1eac005505ac0c7 URL: https://github.com/kamailio/kamailio/commit/5e4aada6f3b7509c8633d461b1eac005505ac0c7 Author: Tsvetomir Dimitrov Committer: Tsvetomir Dimitrov Date: 2019-02-26T11:14:07Z ims_ipsec_pcscf: TCP support Adds TCP support to the module. The client and server ports, specified in the configuration, are bound on TCP and UDP protocols. All xfrm related code is changed to work with both protocols. --- Modified: src/modules/ims_ipsec_pcscf/cmd.c Modified: src/modules/ims_ipsec_pcscf/ims_ipsec_pcscf_mod.c Modified: src/modules/ims_ipsec_pcscf/ipsec.c Modified: src/modules/ims_ipsec_pcscf/ipsec.h --- Diff: https://github.com/kamailio/kamailio/commit/5e4aada6f3b7509c8633d461b1eac005505ac0c7.diff Patch: https://github.com/kamailio/kamailio/commit/5e4aada6f3b7509c8633d461b1eac005505ac0c7.patch ___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
[sr-dev] git:master:44cd10a5: ims_ipsec_pcscf: IPv6 support
Module: kamailio Branch: master Commit: 44cd10a5fa5f51f079b0d47a544e8d0bf4eb43a5 URL: https://github.com/kamailio/kamailio/commit/44cd10a5fa5f51f079b0d47a544e8d0bf4eb43a5 Author: Tsvetomir Dimitrov Committer: Tsvetomir Dimitrov Date: 2019-02-26T11:14:08Z ims_ipsec_pcscf: IPv6 support The parameter ipsec_listen_addr of the module can be set to either IPv4 or IPv6 address. All xfrm related code is reworked to handle both type of addresses. Note: At the moment it is not possible to use both IPv4 and IPv6 at the same time for IPSec. The implementation allows it, but additional config parameters should be added in order to make this work. --- Modified: src/modules/ims_ipsec_pcscf/cmd.c Modified: src/modules/ims_ipsec_pcscf/ipsec.c Modified: src/modules/ims_ipsec_pcscf/ipsec.h --- Diff: https://github.com/kamailio/kamailio/commit/44cd10a5fa5f51f079b0d47a544e8d0bf4eb43a5.diff Patch: https://github.com/kamailio/kamailio/commit/44cd10a5fa5f51f079b0d47a544e8d0bf4eb43a5.patch ___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
[sr-dev] git:master:96aa7990: ims_ipsec_pcscf: Fix a memory leak in add_security_server_header()
Module: kamailio Branch: master Commit: 96aa799065d45a48e00a3efff252aa9bb473e355 URL: https://github.com/kamailio/kamailio/commit/96aa799065d45a48e00a3efff252aa9bb473e355 Author: Tsvetomir Dimitrov Committer: Tsvetomir Dimitrov Date: 2018-10-31T18:43:34+02:00 ims_ipsec_pcscf: Fix a memory leak in add_security_server_header() --- Modified: src/modules/ims_ipsec_pcscf/cmd.c --- Diff: https://github.com/kamailio/kamailio/commit/96aa799065d45a48e00a3efff252aa9bb473e355.diff Patch: https://github.com/kamailio/kamailio/commit/96aa799065d45a48e00a3efff252aa9bb473e355.patch --- diff --git a/src/modules/ims_ipsec_pcscf/cmd.c b/src/modules/ims_ipsec_pcscf/cmd.c index 17e6c7b000..a662f0c2e4 100644 --- a/src/modules/ims_ipsec_pcscf/cmd.c +++ b/src/modules/ims_ipsec_pcscf/cmd.c @@ -410,6 +410,8 @@ int add_security_server_header(struct sip_msg* m, ipsec_t* s) return -1; } +pkg_free(sec_header); + return 0; } ___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
[sr-dev] git:master:d6240426: ims_ipsec_pcscf: Fixes for some memory related issues
Module: kamailio Branch: master Commit: d6240426467ec9c76a105c961ebbd3e540afd78d URL: https://github.com/kamailio/kamailio/commit/d6240426467ec9c76a105c961ebbd3e540afd78d Author: Tsvetomir Dimitrov Committer: Tsvetomir Dimitrov Date: 2018-10-12T10:55:47Z ims_ipsec_pcscf: Fixes for some memory related issues --- Modified: src/modules/ims_ipsec_pcscf/cmd.c Modified: src/modules/ims_ipsec_pcscf/ipsec.c Modified: src/modules/ims_ipsec_pcscf/spi_list.c Modified: src/modules/ims_ipsec_pcscf/spi_list_tests.c --- Diff: https://github.com/kamailio/kamailio/commit/d6240426467ec9c76a105c961ebbd3e540afd78d.diff Patch: https://github.com/kamailio/kamailio/commit/d6240426467ec9c76a105c961ebbd3e540afd78d.patch ___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
[sr-dev] git:master:bae838eb: misc/examples/ims/pcscf: Add ifdef guards for ipsec_*() calls
Module: kamailio Branch: master Commit: bae838eb61f9852f6ef70b2c3f0dcaf71d880105 URL: https://github.com/kamailio/kamailio/commit/bae838eb61f9852f6ef70b2c3f0dcaf71d880105 Author: Tsvetomir Dimitrov Committer: Tsvetomir Dimitrov Date: 2018-08-31T09:58:24+03:00 misc/examples/ims/pcscf: Add ifdef guards for ipsec_*() calls --- Modified: misc/examples/ims/pcscf/route/mo.cfg Modified: misc/examples/ims/pcscf/route/register.cfg --- Diff: https://github.com/kamailio/kamailio/commit/bae838eb61f9852f6ef70b2c3f0dcaf71d880105.diff Patch: https://github.com/kamailio/kamailio/commit/bae838eb61f9852f6ef70b2c3f0dcaf71d880105.patch --- diff --git a/misc/examples/ims/pcscf/route/mo.cfg b/misc/examples/ims/pcscf/route/mo.cfg index 235b9f1275..e192249571 100644 --- a/misc/examples/ims/pcscf/route/mo.cfg +++ b/misc/examples/ims/pcscf/route/mo.cfg @@ -95,7 +95,9 @@ onreply_route[MO_reply] { remove_hf("C-Params"); append_hf("Contact: $ct;$hdr(C-Params)\r\n"); } +#!ifdef WITH_IPSEC ipsec_forward("location"); +#!endif # In case of 1xx and 2xx do NAT if(status=~"[12][0-9][0-9]") route(NATMANAGE); diff --git a/misc/examples/ims/pcscf/route/register.cfg b/misc/examples/ims/pcscf/route/register.cfg index b2d1f92638..c10979d84a 100644 --- a/misc/examples/ims/pcscf/route/register.cfg +++ b/misc/examples/ims/pcscf/route/register.cfg @@ -156,13 +156,15 @@ onreply_route[REGISTER_reply] xlog("L_DBG", "REGISTER SUCCESS[$ci] took $var(stat_add)ms\n"); update_stat("register_success", "+1"); update_stat("register_time", "$var(stat_add)"); - ipsec_forward("location"); +#!ifdef WITH_IPSEC +ipsec_forward("location"); } else { if (t_check_status("401")) { ipsec_create("location"); - } - } +} +#!endif +} exit; } ___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] smsops: Add support for concatenated SMS in decode_3gpp_sms() (#1617)
Hi @lasseo Sorry, but I haven't got a working SMSC routing script. I used dummy data only to fix the code. Tsvetomir -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/1617#issuecomment-416208874___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
[sr-dev] git:master:e2994b6a: ims_ipsec_pcscf: Fix memory leaks in cmd.c
Module: kamailio Branch: master Commit: e2994b6ac4846c869894a2783304782854f96f57 URL: https://github.com/kamailio/kamailio/commit/e2994b6ac4846c869894a2783304782854f96f57 Author: Tsvetomir Dimitrov Committer: Tsvetomir Dimitrov Date: 2018-08-23T10:57:44+03:00 ims_ipsec_pcscf: Fix memory leaks in cmd.c --- Modified: src/modules/ims_ipsec_pcscf/cmd.c --- Diff: https://github.com/kamailio/kamailio/commit/e2994b6ac4846c869894a2783304782854f96f57.diff Patch: https://github.com/kamailio/kamailio/commit/e2994b6ac4846c869894a2783304782854f96f57.patch --- diff --git a/src/modules/ims_ipsec_pcscf/cmd.c b/src/modules/ims_ipsec_pcscf/cmd.c index b5741e30d8..46056b9214 100644 --- a/src/modules/ims_ipsec_pcscf/cmd.c +++ b/src/modules/ims_ipsec_pcscf/cmd.c @@ -161,7 +161,7 @@ static int fill_contact(struct pcontact_info* ci, struct sip_msg* m) cb = cscf_parse_contacts(req); if (!cb || (!cb->contacts)) { LM_ERR("fill_contact(): No contact headers\n"); -return -3; +return -1; } // populate CI with bare minimum @@ -172,8 +172,11 @@ static int fill_contact(struct pcontact_info* ci, struct sip_msg* m) } -char* srcip; -srcip = pkg_malloc(50); +char* srcip = NULL; +if((srcip = pkg_malloc(50)) == NULL) { +LM_ERR("Error allocating memory for source IP address\n"); +return -1; +} ci->received_host.len = ip_addr2sbuf(>rcv.src_ip, srcip, 50); ci->received_host.s = srcip; @@ -386,6 +389,7 @@ int add_security_server_header(struct sip_msg* m, ipsec_t* s) // copy to the header and add if((sec_header->s = pkg_malloc(sec_header->len)) == NULL) { LM_ERR("Error allocating pkg memory for security header payload\n"); +pkg_free(sec_header); return -1; } memcpy(sec_header->s, sec_hdr_buf, sec_header->len); @@ -393,6 +397,8 @@ int add_security_server_header(struct sip_msg* m, ipsec_t* s) // add security-server header in reply if(cscf_add_header(m, sec_header, HDR_OTHER_T) != 1) { LM_ERR("Error adding security header to reply!\n"); +pkg_free(sec_header->s); +pkg_free(sec_header); return -1; } ___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
[sr-dev] git:master:8f5b70ca: misc/examples/ims/pcscf/route: Update the rest of the routing scripts for P-CSCF with IPSec support; Fix Rx_AAR() calls.
Module: kamailio Branch: master Commit: 8f5b70ca81e1d49c926a6174191ffe8d7097e3cc URL: https://github.com/kamailio/kamailio/commit/8f5b70ca81e1d49c926a6174191ffe8d7097e3cc Author: Tsvetomir Dimitrov Committer: Tsvetomir Dimitrov Date: 2018-08-22T16:03:24+03:00 misc/examples/ims/pcscf/route: Update the rest of the routing scripts for P-CSCF with IPSec support; Fix Rx_AAR() calls. --- Modified: misc/examples/ims/pcscf/route/mo.cfg Modified: misc/examples/ims/pcscf/route/mt.cfg Modified: misc/examples/ims/pcscf/route/register.cfg --- Diff: https://github.com/kamailio/kamailio/commit/8f5b70ca81e1d49c926a6174191ffe8d7097e3cc.diff Patch: https://github.com/kamailio/kamailio/commit/8f5b70ca81e1d49c926a6174191ffe8d7097e3cc.patch --- diff --git a/misc/examples/ims/pcscf/route/mo.cfg b/misc/examples/ims/pcscf/route/mo.cfg index f00aad61fc..235b9f1275 100644 --- a/misc/examples/ims/pcscf/route/mo.cfg +++ b/misc/examples/ims/pcscf/route/mo.cfg @@ -95,6 +95,7 @@ onreply_route[MO_reply] { remove_hf("C-Params"); append_hf("Contact: $ct;$hdr(C-Params)\r\n"); } + ipsec_forward("location"); # In case of 1xx and 2xx do NAT if(status=~"[12][0-9][0-9]") route(NATMANAGE); @@ -112,7 +113,7 @@ onreply_route[MO_reply] { $avp(TTAG_CUSTOM_AVP)=$tt; $avp(CALLID_CUSTOM_AVP)=$ci; - $var(aarret) = Rx_AAR("MO_aar_reply","orig"); + $var(aarret) = Rx_AAR("MO_aar_reply","orig","",-1); xlog("L_DBG", "AAR return code is $var(aarret)\n"); switch ($var(aarret)) { @@ -135,6 +136,7 @@ onreply_route[MO_reply] { } } +} route[MO_aar_reply] { @@ -184,7 +186,7 @@ onreply_route[MO_indialog_reply] { $avp(TTAG_CUSTOM_AVP)=$tt; $avp(CALLID_CUSTOM_AVP)=$ci; - $var(aarret) = Rx_AAR("MO_indialog_aar_reply","orig"); + $var(aarret) = Rx_AAR("MO_indialog_aar_reply","orig","",-1); xlog("L_DBG", "AAR return code is $var(aarret)\n"); switch ($var(aarret)) { diff --git a/misc/examples/ims/pcscf/route/mt.cfg b/misc/examples/ims/pcscf/route/mt.cfg index 3ee9d66c52..eab2c7c37e 100644 --- a/misc/examples/ims/pcscf/route/mt.cfg +++ b/misc/examples/ims/pcscf/route/mt.cfg @@ -30,7 +30,7 @@ onreply_route[MT_reply] { $avp(TTAG_CUSTOM_AVP)=$tt; $avp(CALLID_CUSTOM_AVP)=$ci; - $var(aarret) = Rx_AAR("MT_aar_reply","term"); + $var(aarret) = Rx_AAR("MT_aar_reply","term","",-1); xlog("L_DBG", "AAR return code is $var(aarret)\n"); switch ($var(aarret)) { @@ -104,7 +104,7 @@ onreply_route[MT_indialog_reply] { $avp(TTAG_CUSTOM_AVP)=$tt; $avp(CALLID_CUSTOM_AVP)=$ci; - $var(aarret) = Rx_AAR("MT_indialog_aar_reply","term"); + $var(aarret) = Rx_AAR("MT_indialog_aar_reply","term","",-1); xlog("L_DBG", "AAR return code is $var(aarret)\n"); switch ($var(aarret)) { diff --git a/misc/examples/ims/pcscf/route/register.cfg b/misc/examples/ims/pcscf/route/register.cfg index df7ddcd1cd..b2d1f92638 100644 --- a/misc/examples/ims/pcscf/route/register.cfg +++ b/misc/examples/ims/pcscf/route/register.cfg @@ -156,7 +156,13 @@ onreply_route[REGISTER_reply] xlog("L_DBG", "REGISTER SUCCESS[$ci] took $var(stat_add)ms\n"); update_stat("register_success", "+1"); update_stat("register_time", "$var(stat_add)"); + ipsec_forward("location"); } + else { + if (t_check_status("401")) { + ipsec_create("location"); + } + } exit; } ___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
[sr-dev] git:master:c4daee86: misc/examples/ims/pcscf: Add support for IPSec in the P-CSCF examples
Module: kamailio Branch: master Commit: c4daee863519b1795c605e3896506e5ec7e26a41 URL: https://github.com/kamailio/kamailio/commit/c4daee863519b1795c605e3896506e5ec7e26a41 Author: Tsvetomir Dimitrov Committer: Tsvetomir Dimitrov Date: 2018-08-22T15:28:11+03:00 misc/examples/ims/pcscf: Add support for IPSec in the P-CSCF examples --- Modified: misc/examples/ims/pcscf/kamailio.cfg Modified: misc/examples/ims/pcscf/pcscf.cfg.sample --- Diff: https://github.com/kamailio/kamailio/commit/c4daee863519b1795c605e3896506e5ec7e26a41.diff Patch: https://github.com/kamailio/kamailio/commit/c4daee863519b1795c605e3896506e5ec7e26a41.patch --- diff --git a/misc/examples/ims/pcscf/kamailio.cfg b/misc/examples/ims/pcscf/kamailio.cfg index 8502ce6dc0..0c3f65de77 100644 --- a/misc/examples/ims/pcscf/kamailio.cfg +++ b/misc/examples/ims/pcscf/kamailio.cfg @@ -162,6 +162,9 @@ loadmodule "statistics" loadmodule "ims_dialog" loadmodule "ims_usrloc_pcscf" loadmodule "ims_registrar_pcscf" +#!ifdef WITH_IPSEC +loadmodule "ims_ipsec_pcscf" +#!endif #!ifdef WITH_XMLRPC loadmodule "xmlrpc" @@ -366,6 +369,12 @@ modparam("ims_registrar_pcscf", "subscribe_to_reginfo", 0) modparam("ims_registrar_pcscf", "publish_reginfo", 0) #!endif +#!ifdef WITH_IPSEC +modparam("ims_ipsec_pcscf", "ipsec_listen_addr", IPSEC_LISTEN_ADDR) +modparam("ims_ipsec_pcscf", "ipsec_client_port", IPSEC_CLIENT_PORT) +modparam("ims_ipsec_pcscf", "ipsec_server_port", IPSEC_SERVER_PORT) +#!endif + #!ifdef WITH_RX # -- CDP params -- modparam("cdp","config_file","/etc/kamailio_pcscf/pcscf.xml") @@ -700,7 +709,11 @@ route[REQINIT] { send_reply("503", "Server shutting down"); exit; } - + + if (!is_method("REGISTER")) { +ipsec_forward("location"); +} + # Ignore Re-Transmits: if (t_lookup_request()) { exit; @@ -852,6 +865,7 @@ event_route[uac:reply] { } xlog(" Unregistering $uac_req(ruri);$var(alias)\n"); setdebug("9"); + ipsec_destroy("location"); pcscf_unregister("location", "$uac_req(ruri);$var(alias)", "$(uac_req(ouri){uri.host})", "$(uac_req(ouri){uri.port})"); resetdebug(); $sht(natping=>$uac_req(ouri)) = $null; diff --git a/misc/examples/ims/pcscf/pcscf.cfg.sample b/misc/examples/ims/pcscf/pcscf.cfg.sample index 5a89ee1020..6b7a7231ca 100644 --- a/misc/examples/ims/pcscf/pcscf.cfg.sample +++ b/misc/examples/ims/pcscf/pcscf.cfg.sample @@ -7,6 +7,11 @@ listen=udp:11.22.33.44:5060 # SIP / TCP/TLS #listen=tls:11.22.33.44:5061 +# IPSEC / UDP +#!define IPSEC_LISTEN_ADDR "11.22.33.44" +#!define IPSEC_CLIENT_PORT 5062 +#!define IPSEC_SERVER_PORT 5063 + alias=pcscf.mnc001.mcc001.3gppnetwork.org #!define MY_WS_PORT 80 @@ -104,4 +109,4 @@ alias=pcscf.mnc001.mcc001.3gppnetwork.org ##!define WITH_REGINFO ##!define WITH_RTPPING ##!define WITH_WEBSOCKET - +##!define WITH_IPSEC ___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
[sr-dev] git:master:4db1c7b4: ims_ipsec_pcscf: Clean ipsec SAs and policies on module init/deinit
Module: kamailio Branch: master Commit: 4db1c7b472a0ccc2307c9dfb6197fbf0cc20e8ef URL: https://github.com/kamailio/kamailio/commit/4db1c7b472a0ccc2307c9dfb6197fbf0cc20e8ef Author: Tsvetomir Dimitrov Committer: Tsvetomir Dimitrov Date: 2018-08-10T17:39:02+03:00 ims_ipsec_pcscf: Clean ipsec SAs and policies on module init/deinit --- Modified: src/modules/ims_ipsec_pcscf/cmd.c Modified: src/modules/ims_ipsec_pcscf/cmd.h Modified: src/modules/ims_ipsec_pcscf/doc/ims_ipsec_pcscf_admin.xml Modified: src/modules/ims_ipsec_pcscf/ims_ipsec_pcscf_mod.c Modified: src/modules/ims_ipsec_pcscf/ipsec.c Modified: src/modules/ims_ipsec_pcscf/ipsec.h --- Diff: https://github.com/kamailio/kamailio/commit/4db1c7b472a0ccc2307c9dfb6197fbf0cc20e8ef.diff Patch: https://github.com/kamailio/kamailio/commit/4db1c7b472a0ccc2307c9dfb6197fbf0cc20e8ef.patch ___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
[sr-dev] git:master:f1247ea2: smsops: Add support for concatenated SMS in decode_3gpp_sms()
Module: kamailio Branch: master Commit: f1247ea2652a96fd22052dcfc41f4d953624de5c URL: https://github.com/kamailio/kamailio/commit/f1247ea2652a96fd22052dcfc41f4d953624de5c Author: Tsvetomir Dimitrov Committer: Tsvetomir Dimitrov Date: 2018-08-07T22:15:00+03:00 smsops: Add support for concatenated SMS in decode_3gpp_sms() --- Modified: src/modules/smsops/smsops_impl.c --- Diff: https://github.com/kamailio/kamailio/commit/f1247ea2652a96fd22052dcfc41f4d953624de5c.diff Patch: https://github.com/kamailio/kamailio/commit/f1247ea2652a96fd22052dcfc41f4d953624de5c.patch ___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
[sr-dev] [kamailio/kamailio] smsops: Add support for concatenated SMS in decode_3gpp_sms() (#1617)
Pre-Submission Checklist - [ ] Commit message has the format required by CONTRIBUTING guide - [ ] Commits are split per component (core, individual modules, libs, utils, ...) - [ ] Each component has a single commit (if not, squash them into one commit) - [ ] No commits to README files for modules (changes must be done to docbook files in `doc/` subfolder, the README file is autogenerated) Type Of Change - [ ] Small bug fix (non-breaking change which fixes an issue) - [X] New feature (non-breaking change which adds new functionality) - [ ] Breaking change (fix or feature that would change existing functionality) Checklist: - [ ] PR should be backported to stable branches - [X] Tested changes locally - [ ] Related to issue # (replace with an open issue number) Description Support for concatenated SMS messages in smsops module. The current implementation doesn't handle correctly concatenated SMSes. The patch adds support for them in the smsops module, including dumping a concatenated message to the log and new PVs with SMS message parameters. There are also small fixes in the indentation - spaces are replaces with tabs, as this seeems to be the preferred approach in the file. You can view, comment on, or merge this pull request online at: https://github.com/kamailio/kamailio/pull/1617 -- Commit Summary -- * smsops: Add support for concatenated SMS in decode_3gpp_sms() -- File Changes -- M src/modules/smsops/smsops_impl.c (472) -- Patch Links -- https://github.com/kamailio/kamailio/pull/1617.patch https://github.com/kamailio/kamailio/pull/1617.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/1617 ___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] ims_ipsec_pcscf: sec-agree implementation for IMS (#1605)
@miconda @henningw Thank you! -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/1605#issuecomment-409886058___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
[sr-dev] git:master:ee5d2b54: ims_ipsec_pcscf: sec-agree implementation for IMS
Module: kamailio Branch: master Commit: ee5d2b54145d9869c1fa92bd9365fde83f0b02d6 URL: https://github.com/kamailio/kamailio/commit/ee5d2b54145d9869c1fa92bd9365fde83f0b02d6 Author: Tsvetomir Dimitrov Committer: Tsvetomir Dimitrov Date: 2018-07-30T10:59:16+03:00 ims_ipsec_pcscf: sec-agree implementation for IMS --- Added: src/modules/ims_ipsec_pcscf/Makefile Added: src/modules/ims_ipsec_pcscf/cmd.c Added: src/modules/ims_ipsec_pcscf/cmd.h Added: src/modules/ims_ipsec_pcscf/doc/Makefile Added: src/modules/ims_ipsec_pcscf/doc/ims_ipsec_pcscf.xml Added: src/modules/ims_ipsec_pcscf/doc/ims_ipsec_pcscf_admin.xml Added: src/modules/ims_ipsec_pcscf/ims_ipsec_pcscf_mod.c Added: src/modules/ims_ipsec_pcscf/ipsec.c Added: src/modules/ims_ipsec_pcscf/ipsec.h Added: src/modules/ims_ipsec_pcscf/run_spi_list_tests.sh Added: src/modules/ims_ipsec_pcscf/spi_gen.c Added: src/modules/ims_ipsec_pcscf/spi_gen.h Added: src/modules/ims_ipsec_pcscf/spi_list.c Added: src/modules/ims_ipsec_pcscf/spi_list.h Added: src/modules/ims_ipsec_pcscf/spi_list_tests.c --- Diff: https://github.com/kamailio/kamailio/commit/ee5d2b54145d9869c1fa92bd9365fde83f0b02d6.diff Patch: https://github.com/kamailio/kamailio/commit/ee5d2b54145d9869c1fa92bd9365fde83f0b02d6.patch ___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] ims_ipsec_pcscf: sec-agree implementation for IMS (#1605)
Hello Henning, Thanks for your comments. I've removed the README, however, the copyright/licensing part is a bit complicated for me. I have copied code from ims_registrar_pcscf for things like module structure and finding the contact in memory, etc. I've used the implementation in OpenIMS mainly as a reference - what functions they expose to the routing logic and how they use internal Kamailio structures to redirect SIP messages. The IPSec handling itself is written from scratch because they used shell scripts, instead of netlink sockets. For there reasons I copied the Copyright notice from ims_registrar_pcscf (which is actually the same as in OpenIMSCore) and put it in the sources, based on other's work. Everything else is in GPLv2. Do you feel this is correct or it's better to put OpenIMSCore's copyright everywhere? In general, all I want is to contribute the code back to the project and not to abuse the licensing. I don't care if my name will stay anywhere or not. Best regards, Tsvetomir -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/1605#issuecomment-408780215___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
[sr-dev] [kamailio/kamailio] ims_ipsec_pcscf: sec-agree implementation for IMS (#1605)
Pre-Submission Checklist - [X] Commit message has the format required by CONTRIBUTING guide - [X] Commits are split per component (core, individual modules, libs, utils, ...) - [X] Each component has a single commit (if not, squash them into one commit) - [X] No commits to README files for modules (changes must be done to docbook files in `doc/` subfolder, the README file is autogenerated) Type Of Change - [ ] Small bug fix (non-breaking change which fixes an issue) - [X] New feature (non-breaking change which adds new functionality) - [ ] Breaking change (fix or feature that would change existing functionality) Checklist: - [ ] PR should be backported to stable branches - [X] Tested changes locally - [ ] Related to issue # (replace with an open issue number) Description This is an implementation of sec-agree used in IMS with IPSec. It's not a complete sec-agree implementation, only the flows used by IMS. The code is usable, but needs a few improvements, which I plan to push in the near future. **My work is based on the implementation in OpenIMSCore.** For IPSec implementation the XFRM framework from the Linux kernel is used. Security association (SA) and Policies creation/removal is performed via netlink messages. For this reason the module depends on libmnl (a minimalistic netlink library). As XFRM is Linux specific, the code is not portable and can't be used on operating system different from Linux. The code will not compile on *BSDs too. However all platform specific code resides in ipsec.c so support for other OSes/IPSec implementations can be added relatively easy. The README file, which is commited is generated from docs dir with xsltproc. Issues I still work on: - Kamailio must be run as root in order to be able to send netlink messages and create XFRM SAs and Policies. - SAs and Policies are not deleted on Kamailio startup and shutdown. - According to the current contact implementation in the PCSCF modules (adn the 3GPP specs) the IPSec tunnel should be created on two steps. Initial parameters should be saved in security_tmp and on confirmation - in security. At the moment everything remains in security. As this is my first more serious contribution to the project, all kinds of feedback is highly appreciated :) You can view, comment on, or merge this pull request online at: https://github.com/kamailio/kamailio/pull/1605 -- Commit Summary -- * ims_ipsec_pcscf: sec-agree implementation for IMS -- File Changes -- A src/modules/ims_ipsec_pcscf/Makefile (20) A src/modules/ims_ipsec_pcscf/README (244) A src/modules/ims_ipsec_pcscf/cmd.c (585) A src/modules/ims_ipsec_pcscf/cmd.h (6) A src/modules/ims_ipsec_pcscf/doc/Makefile (4) A src/modules/ims_ipsec_pcscf/doc/ims_ipsec_pcscf.xml (88) A src/modules/ims_ipsec_pcscf/doc/ims_ipsec_pcscf_admin.xml (231) A src/modules/ims_ipsec_pcscf/ims_ipsec_pcscf_mod.c (227) A src/modules/ims_ipsec_pcscf/ipsec.c (386) A src/modules/ims_ipsec_pcscf/ipsec.h (24) A src/modules/ims_ipsec_pcscf/run_spi_list_tests.sh (4) A src/modules/ims_ipsec_pcscf/spi_gen.c (87) A src/modules/ims_ipsec_pcscf/spi_gen.h (16) A src/modules/ims_ipsec_pcscf/spi_list.c (123) A src/modules/ims_ipsec_pcscf/spi_list.h (29) A src/modules/ims_ipsec_pcscf/spi_list_tests.c (292) -- Patch Links -- https://github.com/kamailio/kamailio/pull/1605.patch https://github.com/kamailio/kamailio/pull/1605.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/1605 ___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
[sr-dev] git:master:18f7771a: ims_usrloc_pcscf: Update comment for free_security()
Module: kamailio Branch: master Commit: 18f7771a8ce74e03b942a41095c6325f43ddb32f URL: https://github.com/kamailio/kamailio/commit/18f7771a8ce74e03b942a41095c6325f43ddb32f Author: Tsvetomir Dimitrov Committer: Tsvetomir Dimitrov Date: 2018-06-11T17:19:22+03:00 ims_usrloc_pcscf: Update comment for free_security() --- Modified: src/modules/ims_usrloc_pcscf/pcontact.c --- Diff: https://github.com/kamailio/kamailio/commit/18f7771a8ce74e03b942a41095c6325f43ddb32f.diff Patch: https://github.com/kamailio/kamailio/commit/18f7771a8ce74e03b942a41095c6325f43ddb32f.patch --- diff --git a/src/modules/ims_usrloc_pcscf/pcontact.c b/src/modules/ims_usrloc_pcscf/pcontact.c index 60d6b28132..76297bf1d9 100644 --- a/src/modules/ims_usrloc_pcscf/pcontact.c +++ b/src/modules/ims_usrloc_pcscf/pcontact.c @@ -112,6 +112,11 @@ void free_ppublic(ppublic_t* _p) shm_free(_p); } + +// The same piece of code also lives in modules/ims_registrar_pcscf/sec_agree.c +// Function - parse_sec_agree() +// goto label - cleanup +// Keep them in sync! void free_security(security_t* _p) { if (!_p) @@ -137,8 +142,9 @@ void free_security(security_t* _p) case SECURITY_TLS: shm_free(_p->data.tls); break; - -default: // Nothing to deallocate + +case SECURITY_NONE: +//Nothing to deallocate break; } ___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
[sr-dev] git:master:2a0bef40: ims_registrar_pcscf: Updated security_t deallocation in sec_agree.c. Fix parsing of ealg parameter.
Module: kamailio Branch: master Commit: 2a0bef409ddd9d8e29963553bb3c4e2e77d36ffb URL: https://github.com/kamailio/kamailio/commit/2a0bef409ddd9d8e29963553bb3c4e2e77d36ffb Author: Tsvetomir Dimitrov Committer: Tsvetomir Dimitrov Date: 2018-06-11T17:08:42+03:00 ims_registrar_pcscf: Updated security_t deallocation in sec_agree.c. Fix parsing of ealg parameter. --- Modified: src/modules/ims_registrar_pcscf/sec_agree.c Modified: src/modules/ims_registrar_pcscf/sec_agree.h --- Diff: https://github.com/kamailio/kamailio/commit/2a0bef409ddd9d8e29963553bb3c4e2e77d36ffb.diff Patch: https://github.com/kamailio/kamailio/commit/2a0bef409ddd9d8e29963553bb3c4e2e77d36ffb.patch --- diff --git a/src/modules/ims_registrar_pcscf/sec_agree.c b/src/modules/ims_registrar_pcscf/sec_agree.c index bc72272189..099dbbfff3 100644 --- a/src/modules/ims_registrar_pcscf/sec_agree.c +++ b/src/modules/ims_registrar_pcscf/sec_agree.c @@ -69,7 +69,7 @@ static int process_sec_agree_param(str name, str value, ipsec_t *ret) SEC_COPY_STR_PARAM(ret->mod, value); } else if(strncasecmp(name.s, "ealg", name.len) == 0) { -SEC_COPY_STR_PARAM(ret->r_alg, value); +SEC_COPY_STR_PARAM(ret->r_ealg, value); } else if(strncasecmp(name.s, "spi-c", name.len) == 0) { ret->spi_uc = parse_digits(value); @@ -201,20 +201,27 @@ static security_t* parse_sec_agree(struct hdr_field* h) return params; cleanup: -if(params) { +// The same piece of code also lives in modules/ims_usrloc_pcscf/pcontact.c +// Function - free_security() +// Keep them in sync! +if (params) { shm_free(params->sec_header.s); -if(params->data.ipsec) { +if(params->type == SECURITY_IPSEC && params->data.ipsec) { +shm_free(params->data.ipsec->ealg.s); +shm_free(params->data.ipsec->r_ealg.s); +shm_free(params->data.ipsec->ck.s); +shm_free(params->data.ipsec->alg.s); shm_free(params->data.ipsec->r_alg.s); +shm_free(params->data.ipsec->ik.s); shm_free(params->data.ipsec->prot.s); shm_free(params->data.ipsec->mod.s); -shm_free(params->data.ipsec->ealg.s); - shm_free(params->data.ipsec); } shm_free(params); } + return NULL; } diff --git a/src/modules/ims_registrar_pcscf/sec_agree.h b/src/modules/ims_registrar_pcscf/sec_agree.h index 421f30075b..958a79ca3b 100644 --- a/src/modules/ims_registrar_pcscf/sec_agree.h +++ b/src/modules/ims_registrar_pcscf/sec_agree.h @@ -32,6 +32,4 @@ */ security_t* cscf_get_security(struct sip_msg *msg); -void free_security_t(security_t *params); - #endif // SEC_AGREE_H ___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
[sr-dev] [kamailio/kamailio] Proper deallocation for the ipsec parameters in contact for IMS PCSCF modules (#1561)
Pre-Submission Checklist - [X ] Commit message has the format required by CONTRIBUTING guide - [ X] Commits are split per component (core, individual modules, libs, utils, ...) - [ X] Each component has a single commit (if not, squash them into one commit) - [ X] No commits to README files for modules (changes must be done to docbook files in `doc/` subfolder, the README file is autogenerated) Type Of Change - [ X] Small bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds new functionality) - [ ] Breaking change (fix or feature that would change existing functionality) Checklist: - [ ] PR should be backported to stable branches - [ X] Tested changes locally - [ ] Related to issue # (replace with an open issue number) Description The patch contains two fixes for sec-agree parameters handling in: - module ims_registar_pcscf: ealg is read in wrong field of struct ipsec_t (was in r_alg, shoud be in r_ealg) - modules ims_registar_pcscf and ims_userloc_pcscf: struct ipsec_t is correctly deallocated from contact. You can view, comment on, or merge this pull request online at: https://github.com/kamailio/kamailio/pull/1561 -- Commit Summary -- * ims_registrar_pcscf: Updated security_t deallocation in sec_agree.c. Fix parsing of ealg parameter. * ims_usrloc_pcscf: Update comment for free_security() -- File Changes -- M src/modules/ims_registrar_pcscf/sec_agree.c (17) M src/modules/ims_registrar_pcscf/sec_agree.h (2) M src/modules/ims_usrloc_pcscf/pcontact.c (10) -- Patch Links -- https://github.com/kamailio/kamailio/pull/1561.patch https://github.com/kamailio/kamailio/pull/1561.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/1561 ___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
[sr-dev] git:master:0f8a879a: ims_registrar_pcscf: Update tmp security only if there are sec-agree params in the message
Module: kamailio Branch: master Commit: 0f8a879a212bd114aaa261a58e256f7fa51042c8 URL: https://github.com/kamailio/kamailio/commit/0f8a879a212bd114aaa261a58e256f7fa51042c8 Author: Tsvetomir Dimitrov <tsv.dimit...@gmail.com> Committer: Tsvetomir Dimitrov <tsv.dimit...@gmail.com> Date: 2018-05-09T10:12:58+03:00 ims_registrar_pcscf: Update tmp security only if there are sec-agree params in the message --- Modified: src/modules/ims_registrar_pcscf/save.c --- Diff: https://github.com/kamailio/kamailio/commit/0f8a879a212bd114aaa261a58e256f7fa51042c8.diff Patch: https://github.com/kamailio/kamailio/commit/0f8a879a212bd114aaa261a58e256f7fa51042c8.patch --- diff --git a/src/modules/ims_registrar_pcscf/save.c b/src/modules/ims_registrar_pcscf/save.c index 0edf7bd808..39dfe4d589 100644 --- a/src/modules/ims_registrar_pcscf/save.c +++ b/src/modules/ims_registrar_pcscf/save.c @@ -354,9 +354,11 @@ int save_pending(struct sip_msg* _m, udomain_t* _d) { } // Update security parameters -if(ul.update_temp_security(_d, sec_params->type, sec_params, pcontact) != 0) -{ -LM_ERR("Error updating temp security\n"); +if(sec_params) { +if(ul.update_temp_security(_d, sec_params->type, sec_params, pcontact) != 0) +{ +LM_ERR("Error updating temp security\n"); +} } ul.unlock_udomain(_d, _host, ci.via_port, ci.via_prot); ___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] Set arbitrary destination port for outgoing request/reply
Thank you! This sounds like exactly what I need. Best regards, Tsvetomir On Thu, May 17, 2018 at 9:23 AM Daniel-Constantin Mierla <mico...@gmail.com> wrote: > Hello, > > for sip request, just set the $du to the address you want to send, I guess > the port you know, doesn't really has to be randomly generated by Kamailio > -- however, if yes, then there is a variable that should help, iirc it is > named $RANDOM, but you can check the pv cookbook in the wiki or the > cfgutils module. > > For sip replies, try also with $du, although it might not work and then > something needs to be coded in the core to make it work -- I expect to be > something trivial to check if $du is set for the reply and use that for > sending out instead of via address. > > There is likely even now a chance to work with onsend_route enabled for > replies (see global parameters in the core cookbook) where you can use > send_data() function with the first parameter being the address where you > want to send it and the second $snd(buf), then do drop() not to let > response be sent again by core. > > Cheers, > Daniel > > On 10.05.18 21:08, Tsvetomir Dimitrov wrote: > > Hello, > > Is it possible to modify the destination UDP port number for outgoing SIP > request/response? > > I am working on a sec-agree extension implementation for Kamailio and > after negotiating the IPSec tunnel parameters I need to redirect the > messages to the new port number. I checked the code and looks like the > destination port is determined mainly by the VIA headers, which doesn't > work for me. Is it possible to achieve this without messing up with the > core? > > Best regards, > Tsvetomir > > > ___ > Kamailio (SER) - Development Mailing > Listsr-dev@lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev > > > -- > Daniel-Constantin Mierlawww.twitter.com/miconda -- www.linkedin.com/in/miconda > Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com > > ___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] [kamailio/kamailio] ims_registrar_pcscf: Update tmp security only if there are sec-agree … (#1527)
You are welcome @uts09 . Thank you for reporting this. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/1527#issuecomment-388154580___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
[sr-dev] Set arbitrary destination port for outgoing request/reply
Hello, Is it possible to modify the destination UDP port number for outgoing SIP request/response? I am working on a sec-agree extension implementation for Kamailio and after negotiating the IPSec tunnel parameters I need to redirect the messages to the new port number. I checked the code and looks like the destination port is determined mainly by the VIA headers, which doesn't work for me. Is it possible to achieve this without messing up with the core? Best regards, Tsvetomir ___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
[sr-dev] [kamailio/kamailio] ims_registrar_pcscf: Update tmp security only if there are sec-agree … (#1527)
…params in the message Pre-Submission Checklist - [ X] Commit message has the format required by CONTRIBUTING guide - [ X] Commits are split per component (core, individual modules, libs, utils, ...) - [ X] Each component has a single commit (if not, squash them into one commit) - [ X] No commits to README files for modules (changes must be done to docbook files in `doc/` subfolder, the README file is autogenerated) Type Of Change - [X ] Small bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds new functionality) - [ ] Breaking change (fix or feature that would change existing functionality) Checklist: - [X ] PR should be backported to stable branches - [X ] Tested changes locally - [X ] Related to issue #1526 Description If a register is received without sec-agree parameters, a NULL pointer is deferenced, which causes segfault. You can view, comment on, or merge this pull request online at: https://github.com/kamailio/kamailio/pull/1527 -- Commit Summary -- * ims_registrar_pcscf: Update tmp security only if there are sec-agree params in the message -- File Changes -- M src/modules/ims_registrar_pcscf/save.c (8) -- Patch Links -- https://github.com/kamailio/kamailio/pull/1527.patch https://github.com/kamailio/kamailio/pull/1527.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/1527 ___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] Contributing platform specific code to Kamailio
Hello Carsten, I promised to share the code with you. I wanted to push it in a better shape, but I've got some difficulties, which take me more time than expected. You can check it here: https://github.com/tdimitrov/kamailio/tree/ipsec-wip The code is far from production ready, but my main priority for now is to make it work with real phone. My issue in nutshell: when the UE sends IPSec protected REGISTER I can see the message reaching P-CSCF (in wireshark), but the REGISTER is not delivered to the kamailio process. The ipsec itself is initialised correctly (at least I see no errors). I think the issue is that the UDP checksum of the REGISTER is wrong due to a NAT. I see lots of lines like this in dmesg: [11782894.569952] UDP: bad checksum. From 192.168.178.61:6177 to 192.168.178.167:5061 ulen 1332 Currently I'm working on a fix for this. I think there is a socket option to disable UDP checksum validation, but I want to avoid this. If you have got experience with such issues, any help is highly appreciated :) Besides this there is some more work on the module, but nothing serious: - IPSec tunnels are not destroyed on deregister. - IPSec tunnels are not cleaned up in case of ungraceful kamailio shutdown. - Logic to allocate unique local IPSec ports to each UE is required. - Some hardcoded params should be replaced with module config options. I'll update this thread when I have got any significant progress. Best regards, Tsvetomir On Mon, Dec 11, 2017 at 5:15 PM, Tsvetomir Dimitrov <tsv.dimit...@gmail.com> wrote: > Hi Carsten, > > I'm working on this and I have got some progress, but unplanned two week > sick leave delayed my work a lot. What I have done so far: > - Fixed saving of security parameters in ims_usrloc_pcscf. My previous > patch didn't handle SHM allocation correctly. This is can be merged so I'll > open a pull request soon. > - New module which handles ipsec tunnel creation. For now the module > successfully registers SAs and policy via xfrm (no external bash scripts > involved) on incoming REGISTER. > > What needs to be done: > - Cleanup of ipsec SAs and policy on subscriber detach, PCSCF graceful > shut down and PCSCF not so graceful shutdown. > - Module parameters for everything - for now all params are hardcoded. > > The code is not very usable at the moment, mainly because there are a lot > of hardcoded parameters. I can share it if you wish. > > Best regards, > Tsvetomir > > > On Mon, Dec 11, 2017 at 3:25 PM, Carsten Bock <cars...@ng-voice.com> > wrote: > >> Hi Tsvetomir, >> >> any updates regarding this? I believe otherwise, I would assign >> ressources from our side for this in February/March next year. >> However, I would want to avoid double work. >> >> You can share it privately with me, if you don't want to publish it yet. >> >> Thanks, >> Carsten >> >> 2017-10-19 9:49 GMT+02:00 Tsvetomir Dimitrov <tsv.dimit...@gmail.com>: >> > Hi Carsten, >> > >> > Thanks for your responce and please excuse my late reply too. I'm still >> > working on the changes and will make a pull request as soon as I am >> ready. >> > It will be a separate module which handles the IPSec tunnel >> creation/tear >> > down, so that ims_register_pcscf won't be polluted with platform >> specific >> > functionality. You are right, that new module can be ifdef-ed and >> replaced >> > with something *BSD specific or whatever OS someone wants to use. >> > >> > Best regards, >> > Tsvetomir >> > >> > On Fri, Oct 13, 2017 at 6:21 AM, Carsten Bock <cars...@ng-voice.com> >> wrote: >> >> >> >> Hi Tsvetomir, >> >> >> >> sorry for the late reply. I assume this mail got lost a bit in the >> >> days of Astricon. I even asked Daniel about this mail during Astricon, >> >> but he hadn't seen it yet. Right now, I'm officially on holiday >> >> >> >> Can you please provide a Pull-Request for the changes? >> >> >> >> From my perspective, it is likely fine to have a Linux-Only module, it >> >> might not be the first one. If you can encapsulate your extensions >> >> with some IFDEF's, so the functionality can be disabled on non-Linux, >> >> then that would be fine with me. >> >> >> >> It would be great, if Daniel or anyone else from the Management-Group >> >> could answer or comment this one as well?? >> >> >> >> Thanks, >> >> Carsten >> >> >> >> 2017-10-04 10:14 GMT-04:00 Tsvetomir Dimitrov <tsv.dimit...@gmail.com >> >: >> >> > He
[sr-dev] git:master:790f7a32: ims_registrar_pcscf: Fix memory allocation for security_t parameters in contact
Module: kamailio Branch: master Commit: 790f7a3291f45ae03e5d54cfe6f300789f5c391b URL: https://github.com/kamailio/kamailio/commit/790f7a3291f45ae03e5d54cfe6f300789f5c391b Author: Tsvetomir Dimitrov <tsv.dimit...@gmail.com> Committer: Tsvetomir Dimitrov <tsv.dimit...@gmail.com> Date: 2017-12-11T15:26:42Z ims_registrar_pcscf: Fix memory allocation for security_t parameters in contact --- Modified: src/modules/ims_registrar_pcscf/save.c Modified: src/modules/ims_registrar_pcscf/sec_agree.c Modified: src/modules/ims_registrar_pcscf/sec_agree.h --- Diff: https://github.com/kamailio/kamailio/commit/790f7a3291f45ae03e5d54cfe6f300789f5c391b.diff Patch: https://github.com/kamailio/kamailio/commit/790f7a3291f45ae03e5d54cfe6f300789f5c391b.patch ___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
[sr-dev] git:master:99289bec: ims_usrloc_pcscf: Add new function free_security() which deallocates security_t parameter from a contact
Module: kamailio Branch: master Commit: 99289bec4bceb0db3eb992a36e0e6d8c8ae94db4 URL: https://github.com/kamailio/kamailio/commit/99289bec4bceb0db3eb992a36e0e6d8c8ae94db4 Author: Tsvetomir Dimitrov <tsv.dimit...@gmail.com> Committer: Tsvetomir Dimitrov <tsv.dimit...@gmail.com> Date: 2017-12-11T15:26:42Z ims_usrloc_pcscf: Add new function free_security() which deallocates security_t parameter from a contact --- Modified: src/modules/ims_usrloc_pcscf/pcontact.c --- Diff: https://github.com/kamailio/kamailio/commit/99289bec4bceb0db3eb992a36e0e6d8c8ae94db4.diff Patch: https://github.com/kamailio/kamailio/commit/99289bec4bceb0db3eb992a36e0e6d8c8ae94db4.patch --- diff --git a/src/modules/ims_usrloc_pcscf/pcontact.c b/src/modules/ims_usrloc_pcscf/pcontact.c index fec8be5f60..ff666f8103 100644 --- a/src/modules/ims_usrloc_pcscf/pcontact.c +++ b/src/modules/ims_usrloc_pcscf/pcontact.c @@ -112,6 +112,38 @@ void free_ppublic(ppublic_t* _p) shm_free(_p); } +void free_security(security_t* _p) +{ +if (!_p) +return; + +shm_free(_p->sec_header.s); + +switch (_p->type) +{ +case SECURITY_IPSEC: +shm_free(_p->data.ipsec->ealg.s); +shm_free(_p->data.ipsec->r_ealg.s); +shm_free(_p->data.ipsec->ck.s); +shm_free(_p->data.ipsec->alg.s); +shm_free(_p->data.ipsec->r_alg.s); +shm_free(_p->data.ipsec->ik.s); +shm_free(_p->data.ipsec->prot.s); +shm_free(_p->data.ipsec->mod.s); + +shm_free(_p->data.ipsec); +break; + +case SECURITY_TLS: +shm_free(_p->data.tls); +break; + +//default: Nothing to deallocate +} + +shm_free(_p); +} + int new_pcontact(struct udomain* _d, str* _contact, struct pcontact_info* _ci, struct pcontact** _c) { int i, has_rinstance=0; @@ -275,6 +307,10 @@ void free_pcontact(pcontact_t* _c) { _c->num_service_routes = 0; } +// free_security() checks for NULL ptr +free_security(_c->security_temp); +free_security(_c->security); + if (_c->rx_session_id.len > 0 && _c->rx_session_id.s) shm_free(_c->rx_session_id.s); shm_free(_c); ___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] Contributing platform specific code to Kamailio
Hi Carsten, I'm working on this and I have got some progress, but unplanned two week sick leave delayed my work a lot. What I have done so far: - Fixed saving of security parameters in ims_usrloc_pcscf. My previous patch didn't handle SHM allocation correctly. This is can be merged so I'll open a pull request soon. - New module which handles ipsec tunnel creation. For now the module successfully registers SAs and policy via xfrm (no external bash scripts involved) on incoming REGISTER. What needs to be done: - Cleanup of ipsec SAs and policy on subscriber detach, PCSCF graceful shut down and PCSCF not so graceful shutdown. - Module parameters for everything - for now all params are hardcoded. The code is not very usable at the moment, mainly because there are a lot of hardcoded parameters. I can share it if you wish. Best regards, Tsvetomir On Mon, Dec 11, 2017 at 3:25 PM, Carsten Bock <cars...@ng-voice.com> wrote: > Hi Tsvetomir, > > any updates regarding this? I believe otherwise, I would assign > ressources from our side for this in February/March next year. > However, I would want to avoid double work. > > You can share it privately with me, if you don't want to publish it yet. > > Thanks, > Carsten > > 2017-10-19 9:49 GMT+02:00 Tsvetomir Dimitrov <tsv.dimit...@gmail.com>: > > Hi Carsten, > > > > Thanks for your responce and please excuse my late reply too. I'm still > > working on the changes and will make a pull request as soon as I am > ready. > > It will be a separate module which handles the IPSec tunnel creation/tear > > down, so that ims_register_pcscf won't be polluted with platform specific > > functionality. You are right, that new module can be ifdef-ed and > replaced > > with something *BSD specific or whatever OS someone wants to use. > > > > Best regards, > > Tsvetomir > > > > On Fri, Oct 13, 2017 at 6:21 AM, Carsten Bock <cars...@ng-voice.com> > wrote: > >> > >> Hi Tsvetomir, > >> > >> sorry for the late reply. I assume this mail got lost a bit in the > >> days of Astricon. I even asked Daniel about this mail during Astricon, > >> but he hadn't seen it yet. Right now, I'm officially on holiday > >> > >> Can you please provide a Pull-Request for the changes? > >> > >> From my perspective, it is likely fine to have a Linux-Only module, it > >> might not be the first one. If you can encapsulate your extensions > >> with some IFDEF's, so the functionality can be disabled on non-Linux, > >> then that would be fine with me. > >> > >> It would be great, if Daniel or anyone else from the Management-Group > >> could answer or comment this one as well?? > >> > >> Thanks, > >> Carsten > >> > >> 2017-10-04 10:14 GMT-04:00 Tsvetomir Dimitrov <tsv.dimit...@gmail.com>: > >> > Hello, > >> > > >> > I am working on a functionality which handles ipsec tunel creation for > >> > VoLTE > >> > registration and I'd like to contribute it to the project. However the > >> > code > >> > is heavily Linux specific - uses xfrm framework, so it won't compile > on > >> > distribution with older kernels and definitely won't compile on *BSD. > >> > > >> > How problematic is this? How to handle this implementation so that it > >> > gets > >> > merged? > >> > > >> > Right now I can see two options: > >> > 1. Implement the functionality in ims_register_pcscf. > >> > 2. Implement separate ipsec module and handle the tunel creation/tear > >> > down > >> > from the configuration. > >> > > >> > The first solution is definitely the easiest one for implementation, > but > >> > after my patch the module won't be as portable as it is now and I'm > >> > afraid > >> > my patch will be rejected. > >> > > >> > The second one separates the platform specific code in separate module > >> > and > >> > won't affect ims_register_pcscf. However I need data from > >> > ims_usrloc_pcscf, > >> > which is not accessible from the configuration. Also, writing separate > >> > module for a limited IPSEC handling seems like a overkill for me. > >> > > >> > What's your opinion? > >> > > >> > Best regards, > >> > Tsvetomir > >> > > >> > ___ > >> > Kamailio (SER) - Development Mailing List > >> > sr-dev
Re: [sr-dev] Contributing platform specific code to Kamailio
Hi Carsten, Thanks for your responce and please excuse my late reply too. I'm still working on the changes and will make a pull request as soon as I am ready. It will be a separate module which handles the IPSec tunnel creation/tear down, so that ims_register_pcscf won't be polluted with platform specific functionality. You are right, that new module can be ifdef-ed and replaced with something *BSD specific or whatever OS someone wants to use. Best regards, Tsvetomir On Fri, Oct 13, 2017 at 6:21 AM, Carsten Bock <cars...@ng-voice.com> wrote: > Hi Tsvetomir, > > sorry for the late reply. I assume this mail got lost a bit in the > days of Astricon. I even asked Daniel about this mail during Astricon, > but he hadn't seen it yet. Right now, I'm officially on holiday > > Can you please provide a Pull-Request for the changes? > > From my perspective, it is likely fine to have a Linux-Only module, it > might not be the first one. If you can encapsulate your extensions > with some IFDEF's, so the functionality can be disabled on non-Linux, > then that would be fine with me. > > It would be great, if Daniel or anyone else from the Management-Group > could answer or comment this one as well?? > > Thanks, > Carsten > > 2017-10-04 10:14 GMT-04:00 Tsvetomir Dimitrov <tsv.dimit...@gmail.com>: > > Hello, > > > > I am working on a functionality which handles ipsec tunel creation for > VoLTE > > registration and I'd like to contribute it to the project. However the > code > > is heavily Linux specific - uses xfrm framework, so it won't compile on > > distribution with older kernels and definitely won't compile on *BSD. > > > > How problematic is this? How to handle this implementation so that it > gets > > merged? > > > > Right now I can see two options: > > 1. Implement the functionality in ims_register_pcscf. > > 2. Implement separate ipsec module and handle the tunel creation/tear > down > > from the configuration. > > > > The first solution is definitely the easiest one for implementation, but > > after my patch the module won't be as portable as it is now and I'm > afraid > > my patch will be rejected. > > > > The second one separates the platform specific code in separate module > and > > won't affect ims_register_pcscf. However I need data from > ims_usrloc_pcscf, > > which is not accessible from the configuration. Also, writing separate > > module for a limited IPSEC handling seems like a overkill for me. > > > > What's your opinion? > > > > Best regards, > > Tsvetomir > > > > ___ > > Kamailio (SER) - Development Mailing List > > sr-dev@lists.kamailio.org > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev > > > > > > -- > Carsten Bock > CEO (Geschäftsführer) > > ng-voice GmbH > Millerntorplatz 1 > 20359 Hamburg / Germany > > http://www.ng-voice.com > mailto:cars...@ng-voice.com > > Office +49 40 5247593-40 > Fax +49 40 5247593-99 > > Sitz der Gesellschaft: Hamburg > Registergericht: Amtsgericht Hamburg, HRB 120189 > Geschäftsführer: Carsten Bock > Ust-ID: DE279344284 > > Hier finden Sie unsere handelsrechtlichen Pflichtangaben: > http://www.ng-voice.com/imprint/ > > ___ > Kamailio (SER) - Development Mailing List > sr-dev@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev > ___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
[sr-dev] Contributing platform specific code to Kamailio
Hello, I am working on a functionality which handles ipsec tunel creation for VoLTE registration and I'd like to contribute it to the project. However the code is heavily Linux specific - uses xfrm framework, so it won't compile on distribution with older kernels and definitely won't compile on *BSD. How problematic is this? How to handle this implementation so that it gets merged? Right now I can see two options: 1. Implement the functionality in ims_register_pcscf. 2. Implement separate ipsec module and handle the tunel creation/tear down from the configuration. The first solution is definitely the easiest one for implementation, but after my patch the module won't be as portable as it is now and I'm afraid my patch will be rejected. The second one separates the platform specific code in separate module and won't affect ims_register_pcscf. However I need data from ims_usrloc_pcscf, which is not accessible from the configuration. Also, writing separate module for a limited IPSEC handling seems like a overkill for me. What's your opinion? Best regards, Tsvetomir ___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
Re: [sr-dev] ipsec with kamailio pcscf
Hi, I'm working on such implementation in my free time. I have got some progress but testing it is very hard for me. Can you share your usecase? How do you simulate a client which sends sec-agree headers? Best regards, Tsvetomir On Fri, Sep 1, 2017 at 11:44 AM, Angaroni Marcowrote: > Hello, > > > > in the following email (about one year ago) it was mentioned that kamailio > was close to having the capability to configure ipsec SAs dinamically by > interacting with the OS. > > This is needed in pcscf AKA authentication procedure. > > https://lists.kamailio.org/pipermail/sr-dev/2016-June/035627.html > > > > I’m interested in knowing the current status of this feature. > > In latest (5.0.2) kamailio sources I was not able to find any sign of > ipsec SA programming (setkey system()s, pfkey_*() calls, xfrm netlink > messages). > > Anyone has news about this ? > > > > Thanks > Internet Email Confidentiality Footer ** > > ** La presente > comunicazione, con le informazioni in essa contenute e ogni documento o > file allegato, e' rivolta unicamente alla/e persona/e cui e' indirizzata ed > alle altre da questa autorizzata/e a riceverla. Se non siete i > destinatari/autorizzati siete avvisati che qualsiasi azione, copia, > comunicazione, divulgazione o simili basate sul contenuto di tali > informazioni e' vietata e potrebbe essere contro la legge (art. 616 C.P., > D.Lgs n. 196/2003 Codice in materia di protezione dei dati personali). Se > avete ricevuto questa comunicazione per errore, vi preghiamo di darne > immediata notizia al mittente e di distruggere il messaggio originale e > ogni file allegato senza farne copia alcuna o riprodurne in alcun modo il > contenuto. * This e-mail and its attachments are intended > for the addressee(s) only and are confidential and/or may contain legally > privileged information. If you have received this message by mistake or are > not one of the addressees above, you may take no action based on it, and > you may not copy or show it to anyone; please reply to this e-mail and > point out the error which has occurred. ** > > ** > > ___ > Kamailio (SER) - Development Mailing List > sr-dev@lists.kamailio.org > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev > > ___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
[sr-dev] Sec agree support in P-CSCF modules
Hello! I am working on Kamailio based IMS setup. During testing I noticed that the UE sends unprotected register, challenge is returned but after that the UE doesn't attempt to send REGISTER with authentication data. I believe this happens due to the lack of support of sec-agree extension in Kamailio. After a short google search I found this thread: https://www.mail-archive.com/sr-users@lists.sip-router.org/msg29269.html After that I spoke with miconda in IRC, he confirmed that no one works on this and suggested to ask for help in this mail list. So in nutshell - I believe without this feature (correct me if I am wrong) a real UE can't attach to Kamailio based IMS setup. I am willing to work on it, but I need some guidance. Is there someone willing to help me with advice how to fit this feature in the whole project? At the moment my concerns are: - Is this feature really needed in real LTE network? - Is there a vision how this feature should be implemented in the Kamailo landscape? E. g. as separate module, as part of ims_usrloc_pcscf / ims_registrar_pcscf? What ipsec library to use? Best regards, Tsvetomir ___ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev