Re: [sr-dev] [kamailio/kamailio] Ipsec fix defects (#2023)

2019-08-10 Thread Tsvetomir Dimitrov 
Merged #2023 into master.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/2023#event-2548327144___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

Re: [sr-dev] [kamailio/kamailio] Ipsec tcp multiple conns (#2001)

2019-07-15 Thread Tsvetomir Dimitrov 
I agree, no one should complain if commented out code gets removed at some 
point and you can look up old code in git.

@alexyosifov could you please have a look at the commented out code and remove 
the unnecessary functions or add TODOs, as @henningw suggested?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/2001#issuecomment-511532968___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

Re: [sr-dev] [kamailio/kamailio] Ipsec tcp multiple conns (#2001)

2019-07-15 Thread Tsvetomir Dimitrov 
@henningw I've made a review on my own, before asking a second opinion. The 
patch remained open for more than 10 days, which I think is too much. I wasn't 
aware that you are still reviewing the patch.

The whole mode is in "work in progress" state, so I am willing to accept 
commented out code blocks in this state. It's more important to have proper 
integration with the other IMS modules and working usecases for the IPSec 
module itself.


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/2001#issuecomment-511529535___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

Re: [sr-dev] [kamailio/kamailio] Ipsec tcp multiple conns (#2001)

2019-07-15 Thread Tsvetomir Dimitrov 
Merged #2001 into master.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/2001#event-2483541165___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

Re: [sr-dev] [kamailio/kamailio] Ipsec tcp multiple conns (#2001)

2019-07-15 Thread Tsvetomir Dimitrov 
I'm merging this as it is waiting for too long time. If anyone has concerns 
about the code, we'll fix them later.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/2001#issuecomment-51145___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

Re: [sr-dev] [kamailio/kamailio] Ipsec tcp multiple conns (#2001)

2019-07-09 Thread Tsvetomir Dimitrov 
@miconda @ngvoice 

Could you please have a look at the third commit in ims_usrloc_pcscf? Seems 
reasonable to me but I'm not very familiar with the code in the module, so I'll 
appreciate another opinion.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/2001#issuecomment-509765044___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

Re: [sr-dev] [kamailio/kamailio] Ipsec fix defects (#1982)

2019-06-13 Thread Tsvetomir Dimitrov 
Merged #1982 into master.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/1982#event-2411628413___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

Re: [sr-dev] [kamailio/kamailio] Ipsec tcp (#1974)

2019-06-05 Thread Tsvetomir Dimitrov 
Merged #1974 into master.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/1974#event-2390261268___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

Re: [sr-dev] [kamailio/kamailio] Ipsec tcp (#1974)

2019-06-04 Thread Tsvetomir Dimitrov 
tdimitrov commented on this pull request.

Great job! 

Only one remark - could you please address my comment about the hardcoded 
PROTO_UDP in ipsec_forward function? If it is not an error - I'll merge it.

> @@ -562,6 +560,24 @@ int ipsec_forward(struct sip_msg* m, udomain_t* d)
 struct pcontact_info ci;
 pcontact_t* pcontact = NULL;
 int ret = IPSEC_CMD_FAIL; // FAIL by default
+unsigned char dst_proto = PROTO_UDP;

Is this hardcoded to PROTO_UDP on purpose?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/1974#pullrequestreview-245615615___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

Re: [sr-dev] [kamailio/kamailio] ims_registrar_pcscf: parse security verify header (#1964)

2019-05-24 Thread Tsvetomir Dimitrov 
@miconda @ngvoice , this seems reasonable. Should we merge it?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/1964#issuecomment-495720273___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

[sr-dev] git:master:5e4aada6: ims_ipsec_pcscf: TCP support

2019-02-26 Thread Tsvetomir Dimitrov 
Module: kamailio
Branch: master
Commit: 5e4aada6f3b7509c8633d461b1eac005505ac0c7
URL: 
https://github.com/kamailio/kamailio/commit/5e4aada6f3b7509c8633d461b1eac005505ac0c7

Author: Tsvetomir Dimitrov 
Committer: Tsvetomir Dimitrov 
Date: 2019-02-26T11:14:07Z

ims_ipsec_pcscf: TCP support

Adds TCP support to the module. The client and server ports, specified
in the configuration, are bound on TCP and UDP protocols. All xfrm
related code is changed to work with both protocols.

---

Modified: src/modules/ims_ipsec_pcscf/cmd.c
Modified: src/modules/ims_ipsec_pcscf/ims_ipsec_pcscf_mod.c
Modified: src/modules/ims_ipsec_pcscf/ipsec.c
Modified: src/modules/ims_ipsec_pcscf/ipsec.h

---

Diff:  
https://github.com/kamailio/kamailio/commit/5e4aada6f3b7509c8633d461b1eac005505ac0c7.diff
Patch: 
https://github.com/kamailio/kamailio/commit/5e4aada6f3b7509c8633d461b1eac005505ac0c7.patch


___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

[sr-dev] git:master:44cd10a5: ims_ipsec_pcscf: IPv6 support

2019-02-26 Thread Tsvetomir Dimitrov 
Module: kamailio
Branch: master
Commit: 44cd10a5fa5f51f079b0d47a544e8d0bf4eb43a5
URL: 
https://github.com/kamailio/kamailio/commit/44cd10a5fa5f51f079b0d47a544e8d0bf4eb43a5

Author: Tsvetomir Dimitrov 
Committer: Tsvetomir Dimitrov 
Date: 2019-02-26T11:14:08Z

ims_ipsec_pcscf: IPv6 support

The parameter ipsec_listen_addr of the module can be set to either IPv4
or IPv6 address. All xfrm related code is reworked to handle both type
of addresses.

Note: At the moment it is not possible to use both IPv4 and IPv6 at the
same time for IPSec. The implementation allows it, but additional config
parameters should be added in order to make this work.

---

Modified: src/modules/ims_ipsec_pcscf/cmd.c
Modified: src/modules/ims_ipsec_pcscf/ipsec.c
Modified: src/modules/ims_ipsec_pcscf/ipsec.h

---

Diff:  
https://github.com/kamailio/kamailio/commit/44cd10a5fa5f51f079b0d47a544e8d0bf4eb43a5.diff
Patch: 
https://github.com/kamailio/kamailio/commit/44cd10a5fa5f51f079b0d47a544e8d0bf4eb43a5.patch


___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

[sr-dev] git:master:96aa7990: ims_ipsec_pcscf: Fix a memory leak in add_security_server_header()

2018-10-31 Thread Tsvetomir Dimitrov 
Module: kamailio
Branch: master
Commit: 96aa799065d45a48e00a3efff252aa9bb473e355
URL: 
https://github.com/kamailio/kamailio/commit/96aa799065d45a48e00a3efff252aa9bb473e355

Author: Tsvetomir Dimitrov 
Committer: Tsvetomir Dimitrov 
Date: 2018-10-31T18:43:34+02:00

ims_ipsec_pcscf: Fix a memory leak in add_security_server_header()

---

Modified: src/modules/ims_ipsec_pcscf/cmd.c

---

Diff:  
https://github.com/kamailio/kamailio/commit/96aa799065d45a48e00a3efff252aa9bb473e355.diff
Patch: 
https://github.com/kamailio/kamailio/commit/96aa799065d45a48e00a3efff252aa9bb473e355.patch

---

diff --git a/src/modules/ims_ipsec_pcscf/cmd.c 
b/src/modules/ims_ipsec_pcscf/cmd.c
index 17e6c7b000..a662f0c2e4 100644
--- a/src/modules/ims_ipsec_pcscf/cmd.c
+++ b/src/modules/ims_ipsec_pcscf/cmd.c
@@ -410,6 +410,8 @@ int add_security_server_header(struct sip_msg* m, ipsec_t* 
s)
 return -1;
 }
 
+pkg_free(sec_header);
+
 return 0;
 }
 


___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

[sr-dev] git:master:d6240426: ims_ipsec_pcscf: Fixes for some memory related issues

2018-10-12 Thread Tsvetomir Dimitrov 
Module: kamailio
Branch: master
Commit: d6240426467ec9c76a105c961ebbd3e540afd78d
URL: 
https://github.com/kamailio/kamailio/commit/d6240426467ec9c76a105c961ebbd3e540afd78d

Author: Tsvetomir Dimitrov 
Committer: Tsvetomir Dimitrov 
Date: 2018-10-12T10:55:47Z

ims_ipsec_pcscf: Fixes for some memory related issues

---

Modified: src/modules/ims_ipsec_pcscf/cmd.c
Modified: src/modules/ims_ipsec_pcscf/ipsec.c
Modified: src/modules/ims_ipsec_pcscf/spi_list.c
Modified: src/modules/ims_ipsec_pcscf/spi_list_tests.c

---

Diff:  
https://github.com/kamailio/kamailio/commit/d6240426467ec9c76a105c961ebbd3e540afd78d.diff
Patch: 
https://github.com/kamailio/kamailio/commit/d6240426467ec9c76a105c961ebbd3e540afd78d.patch


___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

[sr-dev] git:master:bae838eb: misc/examples/ims/pcscf: Add ifdef guards for ipsec_*() calls

2018-08-31 Thread Tsvetomir Dimitrov 
Module: kamailio
Branch: master
Commit: bae838eb61f9852f6ef70b2c3f0dcaf71d880105
URL: 
https://github.com/kamailio/kamailio/commit/bae838eb61f9852f6ef70b2c3f0dcaf71d880105

Author: Tsvetomir Dimitrov 
Committer: Tsvetomir Dimitrov 
Date: 2018-08-31T09:58:24+03:00

misc/examples/ims/pcscf: Add ifdef guards for ipsec_*() calls

---

Modified: misc/examples/ims/pcscf/route/mo.cfg
Modified: misc/examples/ims/pcscf/route/register.cfg

---

Diff:  
https://github.com/kamailio/kamailio/commit/bae838eb61f9852f6ef70b2c3f0dcaf71d880105.diff
Patch: 
https://github.com/kamailio/kamailio/commit/bae838eb61f9852f6ef70b2c3f0dcaf71d880105.patch

---

diff --git a/misc/examples/ims/pcscf/route/mo.cfg 
b/misc/examples/ims/pcscf/route/mo.cfg
index 235b9f1275..e192249571 100644
--- a/misc/examples/ims/pcscf/route/mo.cfg
+++ b/misc/examples/ims/pcscf/route/mo.cfg
@@ -95,7 +95,9 @@ onreply_route[MO_reply] {
remove_hf("C-Params");  
append_hf("Contact: $ct;$hdr(C-Params)\r\n");
}
+#!ifdef WITH_IPSEC
ipsec_forward("location");
+#!endif
# In case of 1xx and 2xx do NAT
if(status=~"[12][0-9][0-9]")
route(NATMANAGE);
diff --git a/misc/examples/ims/pcscf/route/register.cfg 
b/misc/examples/ims/pcscf/route/register.cfg
index b2d1f92638..c10979d84a 100644
--- a/misc/examples/ims/pcscf/route/register.cfg
+++ b/misc/examples/ims/pcscf/route/register.cfg
@@ -156,13 +156,15 @@ onreply_route[REGISTER_reply]
xlog("L_DBG", "REGISTER SUCCESS[$ci] took $var(stat_add)ms\n"); 
update_stat("register_success", "+1");
update_stat("register_time", "$var(stat_add)");
-   ipsec_forward("location");
+#!ifdef WITH_IPSEC
+ipsec_forward("location");
}
else {  
if (t_check_status("401")) {
ipsec_create("location");
-   }
-   }
+}
+#!endif
+}
exit;
 }
 


___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

Re: [sr-dev] [kamailio/kamailio] smsops: Add support for concatenated SMS in decode_3gpp_sms() (#1617)

2018-08-27 Thread Tsvetomir Dimitrov 
Hi @lasseo 
Sorry, but I haven't got a working SMSC routing script. I used dummy data only 
to fix the code.

Tsvetomir

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/1617#issuecomment-416208874___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

[sr-dev] git:master:e2994b6a: ims_ipsec_pcscf: Fix memory leaks in cmd.c

2018-08-23 Thread Tsvetomir Dimitrov 
Module: kamailio
Branch: master
Commit: e2994b6ac4846c869894a2783304782854f96f57
URL: 
https://github.com/kamailio/kamailio/commit/e2994b6ac4846c869894a2783304782854f96f57

Author: Tsvetomir Dimitrov 
Committer: Tsvetomir Dimitrov 
Date: 2018-08-23T10:57:44+03:00

ims_ipsec_pcscf: Fix memory leaks in cmd.c

---

Modified: src/modules/ims_ipsec_pcscf/cmd.c

---

Diff:  
https://github.com/kamailio/kamailio/commit/e2994b6ac4846c869894a2783304782854f96f57.diff
Patch: 
https://github.com/kamailio/kamailio/commit/e2994b6ac4846c869894a2783304782854f96f57.patch

---

diff --git a/src/modules/ims_ipsec_pcscf/cmd.c 
b/src/modules/ims_ipsec_pcscf/cmd.c
index b5741e30d8..46056b9214 100644
--- a/src/modules/ims_ipsec_pcscf/cmd.c
+++ b/src/modules/ims_ipsec_pcscf/cmd.c
@@ -161,7 +161,7 @@ static int fill_contact(struct pcontact_info* ci, struct 
sip_msg* m)
 cb = cscf_parse_contacts(req);
 if (!cb || (!cb->contacts)) {
 LM_ERR("fill_contact(): No contact headers\n");
-return -3;
+return -1;
 }
 
 // populate CI with bare minimum
@@ -172,8 +172,11 @@ static int fill_contact(struct pcontact_info* ci, struct 
sip_msg* m)
 }
 
 
-char* srcip;
-srcip = pkg_malloc(50);
+char* srcip = NULL;
+if((srcip = pkg_malloc(50)) == NULL) {
+LM_ERR("Error allocating memory for source IP address\n");
+return -1;
+}
 
 ci->received_host.len = ip_addr2sbuf(>rcv.src_ip, srcip, 50);
 ci->received_host.s = srcip;
@@ -386,6 +389,7 @@ int add_security_server_header(struct sip_msg* m, ipsec_t* 
s)
 // copy to the header and add
 if((sec_header->s = pkg_malloc(sec_header->len)) == NULL) {
 LM_ERR("Error allocating pkg memory for security header payload\n");
+pkg_free(sec_header);
 return -1;
 }
 memcpy(sec_header->s, sec_hdr_buf, sec_header->len);
@@ -393,6 +397,8 @@ int add_security_server_header(struct sip_msg* m, ipsec_t* 
s)
 // add security-server header in reply
 if(cscf_add_header(m, sec_header, HDR_OTHER_T) != 1) {
 LM_ERR("Error adding security header to reply!\n");
+pkg_free(sec_header->s);
+pkg_free(sec_header);
 return -1;
 }
 


___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

[sr-dev] git:master:8f5b70ca: misc/examples/ims/pcscf/route: Update the rest of the routing scripts for P-CSCF with IPSec support; Fix Rx_AAR() calls.

2018-08-22 Thread Tsvetomir Dimitrov 
Module: kamailio
Branch: master
Commit: 8f5b70ca81e1d49c926a6174191ffe8d7097e3cc
URL: 
https://github.com/kamailio/kamailio/commit/8f5b70ca81e1d49c926a6174191ffe8d7097e3cc

Author: Tsvetomir Dimitrov 
Committer: Tsvetomir Dimitrov 
Date: 2018-08-22T16:03:24+03:00

misc/examples/ims/pcscf/route: Update the rest of the routing scripts for 
P-CSCF with IPSec support; Fix Rx_AAR() calls.

---

Modified: misc/examples/ims/pcscf/route/mo.cfg
Modified: misc/examples/ims/pcscf/route/mt.cfg
Modified: misc/examples/ims/pcscf/route/register.cfg

---

Diff:  
https://github.com/kamailio/kamailio/commit/8f5b70ca81e1d49c926a6174191ffe8d7097e3cc.diff
Patch: 
https://github.com/kamailio/kamailio/commit/8f5b70ca81e1d49c926a6174191ffe8d7097e3cc.patch

---

diff --git a/misc/examples/ims/pcscf/route/mo.cfg 
b/misc/examples/ims/pcscf/route/mo.cfg
index f00aad61fc..235b9f1275 100644
--- a/misc/examples/ims/pcscf/route/mo.cfg
+++ b/misc/examples/ims/pcscf/route/mo.cfg
@@ -95,6 +95,7 @@ onreply_route[MO_reply] {
remove_hf("C-Params");  
append_hf("Contact: $ct;$hdr(C-Params)\r\n");
}
+   ipsec_forward("location");
# In case of 1xx and 2xx do NAT
if(status=~"[12][0-9][0-9]")
route(NATMANAGE);
@@ -112,7 +113,7 @@ onreply_route[MO_reply] {
$avp(TTAG_CUSTOM_AVP)=$tt;
$avp(CALLID_CUSTOM_AVP)=$ci;
 
-   $var(aarret) = Rx_AAR("MO_aar_reply","orig");
+   $var(aarret) = Rx_AAR("MO_aar_reply","orig","",-1);
 xlog("L_DBG", "AAR return code is $var(aarret)\n");
 
switch ($var(aarret)) {
@@ -135,6 +136,7 @@ onreply_route[MO_reply] {
 
}
}
+}
 
 route[MO_aar_reply]
 {
@@ -184,7 +186,7 @@ onreply_route[MO_indialog_reply] {
$avp(TTAG_CUSTOM_AVP)=$tt;
$avp(CALLID_CUSTOM_AVP)=$ci;
 
-   $var(aarret) = Rx_AAR("MO_indialog_aar_reply","orig");
+   $var(aarret) = Rx_AAR("MO_indialog_aar_reply","orig","",-1);
xlog("L_DBG", "AAR return code is $var(aarret)\n");
 
switch ($var(aarret)) {
diff --git a/misc/examples/ims/pcscf/route/mt.cfg 
b/misc/examples/ims/pcscf/route/mt.cfg
index 3ee9d66c52..eab2c7c37e 100644
--- a/misc/examples/ims/pcscf/route/mt.cfg
+++ b/misc/examples/ims/pcscf/route/mt.cfg
@@ -30,7 +30,7 @@ onreply_route[MT_reply] {
$avp(TTAG_CUSTOM_AVP)=$tt;
$avp(CALLID_CUSTOM_AVP)=$ci;
 
-   $var(aarret) = Rx_AAR("MT_aar_reply","term");
+   $var(aarret) = Rx_AAR("MT_aar_reply","term","",-1);
xlog("L_DBG", "AAR return code is $var(aarret)\n");
 
 switch ($var(aarret)) {
@@ -104,7 +104,7 @@ onreply_route[MT_indialog_reply] {
$avp(TTAG_CUSTOM_AVP)=$tt;
$avp(CALLID_CUSTOM_AVP)=$ci;
 
-   $var(aarret) = Rx_AAR("MT_indialog_aar_reply","term");
+   $var(aarret) = Rx_AAR("MT_indialog_aar_reply","term","",-1);
xlog("L_DBG", "AAR return code is $var(aarret)\n");
 
switch ($var(aarret)) {
diff --git a/misc/examples/ims/pcscf/route/register.cfg 
b/misc/examples/ims/pcscf/route/register.cfg
index df7ddcd1cd..b2d1f92638 100644
--- a/misc/examples/ims/pcscf/route/register.cfg
+++ b/misc/examples/ims/pcscf/route/register.cfg
@@ -156,7 +156,13 @@ onreply_route[REGISTER_reply]
xlog("L_DBG", "REGISTER SUCCESS[$ci] took $var(stat_add)ms\n"); 
update_stat("register_success", "+1");
update_stat("register_time", "$var(stat_add)");
+   ipsec_forward("location");
}
+   else {  
+   if (t_check_status("401")) {
+   ipsec_create("location");
+   }
+   }
exit;
 }
 


___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

[sr-dev] git:master:c4daee86: misc/examples/ims/pcscf: Add support for IPSec in the P-CSCF examples

2018-08-22 Thread Tsvetomir Dimitrov 
Module: kamailio
Branch: master
Commit: c4daee863519b1795c605e3896506e5ec7e26a41
URL: 
https://github.com/kamailio/kamailio/commit/c4daee863519b1795c605e3896506e5ec7e26a41

Author: Tsvetomir Dimitrov 
Committer: Tsvetomir Dimitrov 
Date: 2018-08-22T15:28:11+03:00

misc/examples/ims/pcscf: Add support for IPSec in the P-CSCF examples

---

Modified: misc/examples/ims/pcscf/kamailio.cfg
Modified: misc/examples/ims/pcscf/pcscf.cfg.sample

---

Diff:  
https://github.com/kamailio/kamailio/commit/c4daee863519b1795c605e3896506e5ec7e26a41.diff
Patch: 
https://github.com/kamailio/kamailio/commit/c4daee863519b1795c605e3896506e5ec7e26a41.patch

---

diff --git a/misc/examples/ims/pcscf/kamailio.cfg 
b/misc/examples/ims/pcscf/kamailio.cfg
index 8502ce6dc0..0c3f65de77 100644
--- a/misc/examples/ims/pcscf/kamailio.cfg
+++ b/misc/examples/ims/pcscf/kamailio.cfg
@@ -162,6 +162,9 @@ loadmodule "statistics"
 loadmodule "ims_dialog"
 loadmodule "ims_usrloc_pcscf" 
 loadmodule "ims_registrar_pcscf"
+#!ifdef WITH_IPSEC
+loadmodule "ims_ipsec_pcscf"
+#!endif
 
 #!ifdef WITH_XMLRPC
 loadmodule "xmlrpc"
@@ -366,6 +369,12 @@ modparam("ims_registrar_pcscf", "subscribe_to_reginfo", 0)
 modparam("ims_registrar_pcscf", "publish_reginfo", 0)
 #!endif
 
+#!ifdef WITH_IPSEC
+modparam("ims_ipsec_pcscf", "ipsec_listen_addr", IPSEC_LISTEN_ADDR)
+modparam("ims_ipsec_pcscf", "ipsec_client_port", IPSEC_CLIENT_PORT)
+modparam("ims_ipsec_pcscf", "ipsec_server_port", IPSEC_SERVER_PORT)
+#!endif
+
 #!ifdef WITH_RX
 # -- CDP params --
 modparam("cdp","config_file","/etc/kamailio_pcscf/pcscf.xml")
@@ -700,7 +709,11 @@ route[REQINIT] {
send_reply("503", "Server shutting down");
exit;
}
-   
+
+   if (!is_method("REGISTER")) {
+ipsec_forward("location");
+}
+
# Ignore Re-Transmits:
if (t_lookup_request()) {
exit;
@@ -852,6 +865,7 @@ event_route[uac:reply] {
}
xlog("  Unregistering $uac_req(ruri);$var(alias)\n");
setdebug("9");
+   ipsec_destroy("location");
pcscf_unregister("location", 
"$uac_req(ruri);$var(alias)", "$(uac_req(ouri){uri.host})", 
"$(uac_req(ouri){uri.port})");
resetdebug();
$sht(natping=>$uac_req(ouri)) = $null;
diff --git a/misc/examples/ims/pcscf/pcscf.cfg.sample 
b/misc/examples/ims/pcscf/pcscf.cfg.sample
index 5a89ee1020..6b7a7231ca 100644
--- a/misc/examples/ims/pcscf/pcscf.cfg.sample
+++ b/misc/examples/ims/pcscf/pcscf.cfg.sample
@@ -7,6 +7,11 @@ listen=udp:11.22.33.44:5060
 # SIP / TCP/TLS
 #listen=tls:11.22.33.44:5061
 
+# IPSEC / UDP
+#!define IPSEC_LISTEN_ADDR "11.22.33.44"
+#!define IPSEC_CLIENT_PORT 5062
+#!define IPSEC_SERVER_PORT 5063
+
 alias=pcscf.mnc001.mcc001.3gppnetwork.org
 
 #!define MY_WS_PORT 80
@@ -104,4 +109,4 @@ alias=pcscf.mnc001.mcc001.3gppnetwork.org
 ##!define WITH_REGINFO
 ##!define WITH_RTPPING
 ##!define WITH_WEBSOCKET
-
+##!define WITH_IPSEC


___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

[sr-dev] git:master:4db1c7b4: ims_ipsec_pcscf: Clean ipsec SAs and policies on module init/deinit

2018-08-11 Thread Tsvetomir Dimitrov 
Module: kamailio
Branch: master
Commit: 4db1c7b472a0ccc2307c9dfb6197fbf0cc20e8ef
URL: 
https://github.com/kamailio/kamailio/commit/4db1c7b472a0ccc2307c9dfb6197fbf0cc20e8ef

Author: Tsvetomir Dimitrov 
Committer: Tsvetomir Dimitrov 
Date: 2018-08-10T17:39:02+03:00

ims_ipsec_pcscf: Clean ipsec SAs and policies on module init/deinit

---

Modified: src/modules/ims_ipsec_pcscf/cmd.c
Modified: src/modules/ims_ipsec_pcscf/cmd.h
Modified: src/modules/ims_ipsec_pcscf/doc/ims_ipsec_pcscf_admin.xml
Modified: src/modules/ims_ipsec_pcscf/ims_ipsec_pcscf_mod.c
Modified: src/modules/ims_ipsec_pcscf/ipsec.c
Modified: src/modules/ims_ipsec_pcscf/ipsec.h

---

Diff:  
https://github.com/kamailio/kamailio/commit/4db1c7b472a0ccc2307c9dfb6197fbf0cc20e8ef.diff
Patch: 
https://github.com/kamailio/kamailio/commit/4db1c7b472a0ccc2307c9dfb6197fbf0cc20e8ef.patch


___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

[sr-dev] git:master:f1247ea2: smsops: Add support for concatenated SMS in decode_3gpp_sms()

2018-08-08 Thread Tsvetomir Dimitrov 
Module: kamailio
Branch: master
Commit: f1247ea2652a96fd22052dcfc41f4d953624de5c
URL: 
https://github.com/kamailio/kamailio/commit/f1247ea2652a96fd22052dcfc41f4d953624de5c

Author: Tsvetomir Dimitrov 
Committer: Tsvetomir Dimitrov 
Date: 2018-08-07T22:15:00+03:00

smsops: Add support for concatenated SMS in decode_3gpp_sms()

---

Modified: src/modules/smsops/smsops_impl.c

---

Diff:  
https://github.com/kamailio/kamailio/commit/f1247ea2652a96fd22052dcfc41f4d953624de5c.diff
Patch: 
https://github.com/kamailio/kamailio/commit/f1247ea2652a96fd22052dcfc41f4d953624de5c.patch


___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

[sr-dev] [kamailio/kamailio] smsops: Add support for concatenated SMS in decode_3gpp_sms() (#1617)

2018-08-07 Thread Tsvetomir Dimitrov 




 Pre-Submission Checklist



- [ ] Commit message has the format required by CONTRIBUTING guide
- [ ] Commits are split per component (core, individual modules, libs, utils, 
...)
- [ ] Each component has a single commit (if not, squash them into one commit)
- [ ] No commits to README files for modules (changes must be done to docbook 
files
in `doc/` subfolder, the README file is autogenerated)

 Type Of Change
- [ ] Small bug fix (non-breaking change which fixes an issue)
- [X] New feature (non-breaking change which adds new functionality)
- [ ] Breaking change (fix or feature that would change existing functionality)

 Checklist:

- [ ] PR should be backported to stable branches
- [X] Tested changes locally
- [ ] Related to issue # (replace  with an open issue number)

 Description

Support for concatenated SMS messages in smsops module.

The current implementation doesn't handle correctly concatenated SMSes. The 
patch adds support for them in the smsops module, including dumping a 
concatenated message to the log and new PVs with SMS message parameters.

There are also small fixes in the indentation - spaces are replaces with tabs, 
as this seeems to be the preferred approach in the file.
You can view, comment on, or merge this pull request online at:

  https://github.com/kamailio/kamailio/pull/1617

-- Commit Summary --

  * smsops: Add support for concatenated SMS in decode_3gpp_sms()

-- File Changes --

M src/modules/smsops/smsops_impl.c (472)

-- Patch Links --

https://github.com/kamailio/kamailio/pull/1617.patch
https://github.com/kamailio/kamailio/pull/1617.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/1617
___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

Re: [sr-dev] [kamailio/kamailio] ims_ipsec_pcscf: sec-agree implementation for IMS (#1605)

2018-08-02 Thread Tsvetomir Dimitrov 
@miconda @henningw Thank you! 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/1605#issuecomment-409886058___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

[sr-dev] git:master:ee5d2b54: ims_ipsec_pcscf: sec-agree implementation for IMS

2018-08-02 Thread Tsvetomir Dimitrov 
Module: kamailio
Branch: master
Commit: ee5d2b54145d9869c1fa92bd9365fde83f0b02d6
URL: 
https://github.com/kamailio/kamailio/commit/ee5d2b54145d9869c1fa92bd9365fde83f0b02d6

Author: Tsvetomir Dimitrov 
Committer: Tsvetomir Dimitrov 
Date: 2018-07-30T10:59:16+03:00

ims_ipsec_pcscf: sec-agree implementation for IMS

---

Added: src/modules/ims_ipsec_pcscf/Makefile
Added: src/modules/ims_ipsec_pcscf/cmd.c
Added: src/modules/ims_ipsec_pcscf/cmd.h
Added: src/modules/ims_ipsec_pcscf/doc/Makefile
Added: src/modules/ims_ipsec_pcscf/doc/ims_ipsec_pcscf.xml
Added: src/modules/ims_ipsec_pcscf/doc/ims_ipsec_pcscf_admin.xml
Added: src/modules/ims_ipsec_pcscf/ims_ipsec_pcscf_mod.c
Added: src/modules/ims_ipsec_pcscf/ipsec.c
Added: src/modules/ims_ipsec_pcscf/ipsec.h
Added: src/modules/ims_ipsec_pcscf/run_spi_list_tests.sh
Added: src/modules/ims_ipsec_pcscf/spi_gen.c
Added: src/modules/ims_ipsec_pcscf/spi_gen.h
Added: src/modules/ims_ipsec_pcscf/spi_list.c
Added: src/modules/ims_ipsec_pcscf/spi_list.h
Added: src/modules/ims_ipsec_pcscf/spi_list_tests.c

---

Diff:  
https://github.com/kamailio/kamailio/commit/ee5d2b54145d9869c1fa92bd9365fde83f0b02d6.diff
Patch: 
https://github.com/kamailio/kamailio/commit/ee5d2b54145d9869c1fa92bd9365fde83f0b02d6.patch


___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

Re: [sr-dev] [kamailio/kamailio] ims_ipsec_pcscf: sec-agree implementation for IMS (#1605)

2018-07-30 Thread Tsvetomir Dimitrov 
Hello Henning,

Thanks for your comments. I've removed the README, however, the 
copyright/licensing part is a bit complicated for me.

I have copied code from ims_registrar_pcscf for things like module structure 
and finding the contact in memory, etc.
I've used the implementation in OpenIMS mainly as a reference - what functions 
they expose to the routing logic and how they use internal Kamailio structures 
to redirect SIP messages.
The IPSec handling itself is written from scratch because they used shell 
scripts, instead of netlink sockets.

For there reasons I copied the Copyright notice from ims_registrar_pcscf (which 
is actually the same as in OpenIMSCore) and put it in the sources, based on 
other's work. Everything else is in GPLv2.

Do you feel this is correct or it's better to put OpenIMSCore's copyright 
everywhere? 

In general, all I want is to contribute the code back to the project and not to 
abuse the licensing. I don't care if my name will stay anywhere or not.

Best regards,
Tsvetomir

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/1605#issuecomment-408780215___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

[sr-dev] [kamailio/kamailio] ims_ipsec_pcscf: sec-agree implementation for IMS (#1605)

2018-07-27 Thread Tsvetomir Dimitrov 




 Pre-Submission Checklist



- [X] Commit message has the format required by CONTRIBUTING guide
- [X] Commits are split per component (core, individual modules, libs, utils, 
...)
- [X] Each component has a single commit (if not, squash them into one commit)
- [X] No commits to README files for modules (changes must be done to docbook 
files
in `doc/` subfolder, the README file is autogenerated)

 Type Of Change
- [ ] Small bug fix (non-breaking change which fixes an issue)
- [X] New feature (non-breaking change which adds new functionality)
- [ ] Breaking change (fix or feature that would change existing functionality)

 Checklist:

- [ ] PR should be backported to stable branches
- [X] Tested changes locally
- [ ] Related to issue # (replace  with an open issue number)

 Description


This is an implementation of sec-agree used in IMS with IPSec. It's not a 
complete sec-agree implementation, only the flows used by IMS. The code is 
usable, but needs a few improvements, which I plan to push in the near future. 
**My work is based on the implementation in OpenIMSCore.**

For IPSec implementation the XFRM framework from the Linux kernel is used. 
Security association (SA) and Policies creation/removal is performed via 
netlink messages. For this reason the module depends on libmnl (a minimalistic 
netlink library).

As XFRM is Linux specific, the code is not portable and can't be used on 
operating system different from Linux. The code will not compile on *BSDs too. 
However all platform specific code resides in ipsec.c so support for other 
OSes/IPSec implementations can be added relatively easy.

The README file, which is commited is generated from docs dir with xsltproc.

Issues I still work on:
- Kamailio must be run as root in order to be able to send netlink messages and 
create XFRM SAs and Policies.
- SAs and Policies are not deleted on Kamailio startup and shutdown.
- According to the current contact implementation in the PCSCF modules (adn the 
3GPP specs) the IPSec tunnel should be created on two steps. Initial parameters 
should be saved in security_tmp and on confirmation - in security. At the 
moment everything remains in security.

As this is my first more serious contribution to the project, all kinds of 
feedback is highly appreciated :)
You can view, comment on, or merge this pull request online at:

  https://github.com/kamailio/kamailio/pull/1605

-- Commit Summary --

  * ims_ipsec_pcscf: sec-agree implementation for IMS

-- File Changes --

A src/modules/ims_ipsec_pcscf/Makefile (20)
A src/modules/ims_ipsec_pcscf/README (244)
A src/modules/ims_ipsec_pcscf/cmd.c (585)
A src/modules/ims_ipsec_pcscf/cmd.h (6)
A src/modules/ims_ipsec_pcscf/doc/Makefile (4)
A src/modules/ims_ipsec_pcscf/doc/ims_ipsec_pcscf.xml (88)
A src/modules/ims_ipsec_pcscf/doc/ims_ipsec_pcscf_admin.xml (231)
A src/modules/ims_ipsec_pcscf/ims_ipsec_pcscf_mod.c (227)
A src/modules/ims_ipsec_pcscf/ipsec.c (386)
A src/modules/ims_ipsec_pcscf/ipsec.h (24)
A src/modules/ims_ipsec_pcscf/run_spi_list_tests.sh (4)
A src/modules/ims_ipsec_pcscf/spi_gen.c (87)
A src/modules/ims_ipsec_pcscf/spi_gen.h (16)
A src/modules/ims_ipsec_pcscf/spi_list.c (123)
A src/modules/ims_ipsec_pcscf/spi_list.h (29)
A src/modules/ims_ipsec_pcscf/spi_list_tests.c (292)

-- Patch Links --

https://github.com/kamailio/kamailio/pull/1605.patch
https://github.com/kamailio/kamailio/pull/1605.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/1605
___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

[sr-dev] git:master:18f7771a: ims_usrloc_pcscf: Update comment for free_security()

2018-06-20 Thread Tsvetomir Dimitrov 
Module: kamailio
Branch: master
Commit: 18f7771a8ce74e03b942a41095c6325f43ddb32f
URL: 
https://github.com/kamailio/kamailio/commit/18f7771a8ce74e03b942a41095c6325f43ddb32f

Author: Tsvetomir Dimitrov 
Committer: Tsvetomir Dimitrov 
Date: 2018-06-11T17:19:22+03:00

ims_usrloc_pcscf: Update comment for free_security()

---

Modified: src/modules/ims_usrloc_pcscf/pcontact.c

---

Diff:  
https://github.com/kamailio/kamailio/commit/18f7771a8ce74e03b942a41095c6325f43ddb32f.diff
Patch: 
https://github.com/kamailio/kamailio/commit/18f7771a8ce74e03b942a41095c6325f43ddb32f.patch

---

diff --git a/src/modules/ims_usrloc_pcscf/pcontact.c 
b/src/modules/ims_usrloc_pcscf/pcontact.c
index 60d6b28132..76297bf1d9 100644
--- a/src/modules/ims_usrloc_pcscf/pcontact.c
+++ b/src/modules/ims_usrloc_pcscf/pcontact.c
@@ -112,6 +112,11 @@ void free_ppublic(ppublic_t* _p)
shm_free(_p);
 }
 
+
+// The same piece of code also lives in modules/ims_registrar_pcscf/sec_agree.c
+// Function - parse_sec_agree()
+// goto label - cleanup
+// Keep them in sync!
 void free_security(security_t* _p)
 {
 if (!_p)
@@ -137,8 +142,9 @@ void free_security(security_t* _p)
 case SECURITY_TLS:
 shm_free(_p->data.tls);
 break;
-
-default: // Nothing to deallocate
+
+case SECURITY_NONE:
+//Nothing to deallocate
 break;
 }
 


___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

[sr-dev] git:master:2a0bef40: ims_registrar_pcscf: Updated security_t deallocation in sec_agree.c. Fix parsing of ealg parameter.

2018-06-20 Thread Tsvetomir Dimitrov 
Module: kamailio
Branch: master
Commit: 2a0bef409ddd9d8e29963553bb3c4e2e77d36ffb
URL: 
https://github.com/kamailio/kamailio/commit/2a0bef409ddd9d8e29963553bb3c4e2e77d36ffb

Author: Tsvetomir Dimitrov 
Committer: Tsvetomir Dimitrov 
Date: 2018-06-11T17:08:42+03:00

ims_registrar_pcscf: Updated security_t deallocation in sec_agree.c. Fix 
parsing of ealg parameter.

---

Modified: src/modules/ims_registrar_pcscf/sec_agree.c
Modified: src/modules/ims_registrar_pcscf/sec_agree.h

---

Diff:  
https://github.com/kamailio/kamailio/commit/2a0bef409ddd9d8e29963553bb3c4e2e77d36ffb.diff
Patch: 
https://github.com/kamailio/kamailio/commit/2a0bef409ddd9d8e29963553bb3c4e2e77d36ffb.patch

---

diff --git a/src/modules/ims_registrar_pcscf/sec_agree.c 
b/src/modules/ims_registrar_pcscf/sec_agree.c
index bc72272189..099dbbfff3 100644
--- a/src/modules/ims_registrar_pcscf/sec_agree.c
+++ b/src/modules/ims_registrar_pcscf/sec_agree.c
@@ -69,7 +69,7 @@ static int process_sec_agree_param(str name, str value, 
ipsec_t *ret)
 SEC_COPY_STR_PARAM(ret->mod, value);
 }
 else if(strncasecmp(name.s, "ealg", name.len) == 0) {
-SEC_COPY_STR_PARAM(ret->r_alg, value);
+SEC_COPY_STR_PARAM(ret->r_ealg, value);
 }
 else if(strncasecmp(name.s, "spi-c", name.len) == 0) {
 ret->spi_uc = parse_digits(value);
@@ -201,20 +201,27 @@ static security_t* parse_sec_agree(struct hdr_field* h)
 return params;
 
 cleanup:
-if(params) {
+// The same piece of code also lives in modules/ims_usrloc_pcscf/pcontact.c
+// Function - free_security()
+// Keep them in sync!
+if (params) {
 shm_free(params->sec_header.s);
 
-if(params->data.ipsec) {
+if(params->type == SECURITY_IPSEC && params->data.ipsec) {
+shm_free(params->data.ipsec->ealg.s);
+shm_free(params->data.ipsec->r_ealg.s);
+shm_free(params->data.ipsec->ck.s);
+shm_free(params->data.ipsec->alg.s);
 shm_free(params->data.ipsec->r_alg.s);
+shm_free(params->data.ipsec->ik.s);
 shm_free(params->data.ipsec->prot.s);
 shm_free(params->data.ipsec->mod.s);
-shm_free(params->data.ipsec->ealg.s);
-
 shm_free(params->data.ipsec);
 }
 
 shm_free(params);
 }
+
 return NULL;
 }
 
diff --git a/src/modules/ims_registrar_pcscf/sec_agree.h 
b/src/modules/ims_registrar_pcscf/sec_agree.h
index 421f30075b..958a79ca3b 100644
--- a/src/modules/ims_registrar_pcscf/sec_agree.h
+++ b/src/modules/ims_registrar_pcscf/sec_agree.h
@@ -32,6 +32,4 @@
  */
 security_t* cscf_get_security(struct sip_msg *msg);
 
-void free_security_t(security_t *params);
-
 #endif // SEC_AGREE_H


___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

[sr-dev] [kamailio/kamailio] Proper deallocation for the ipsec parameters in contact for IMS PCSCF modules (#1561)

2018-06-12 Thread Tsvetomir Dimitrov 




 Pre-Submission Checklist



- [X ] Commit message has the format required by CONTRIBUTING guide
- [ X] Commits are split per component (core, individual modules, libs, utils, 
...)
- [ X] Each component has a single commit (if not, squash them into one commit)
- [ X] No commits to README files for modules (changes must be done to docbook 
files
in `doc/` subfolder, the README file is autogenerated)

 Type Of Change
- [ X] Small bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds new functionality)
- [ ] Breaking change (fix or feature that would change existing functionality)

 Checklist:

- [ ] PR should be backported to stable branches
- [ X] Tested changes locally
- [ ] Related to issue # (replace  with an open issue number)

 Description

The patch contains two fixes for sec-agree parameters handling in:
- module ims_registar_pcscf: ealg is read in wrong field of struct ipsec_t (was 
in r_alg, shoud be in r_ealg)
- modules ims_registar_pcscf and ims_userloc_pcscf: struct ipsec_t is correctly 
deallocated from contact.
You can view, comment on, or merge this pull request online at:

  https://github.com/kamailio/kamailio/pull/1561

-- Commit Summary --

  * ims_registrar_pcscf: Updated security_t deallocation in sec_agree.c. Fix 
parsing of ealg parameter.
  * ims_usrloc_pcscf: Update comment for free_security()

-- File Changes --

M src/modules/ims_registrar_pcscf/sec_agree.c (17)
M src/modules/ims_registrar_pcscf/sec_agree.h (2)
M src/modules/ims_usrloc_pcscf/pcontact.c (10)

-- Patch Links --

https://github.com/kamailio/kamailio/pull/1561.patch
https://github.com/kamailio/kamailio/pull/1561.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/1561
___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

[sr-dev] git:master:0f8a879a: ims_registrar_pcscf: Update tmp security only if there are sec-agree params in the message

2018-05-24 Thread Tsvetomir Dimitrov 
Module: kamailio
Branch: master
Commit: 0f8a879a212bd114aaa261a58e256f7fa51042c8
URL: 
https://github.com/kamailio/kamailio/commit/0f8a879a212bd114aaa261a58e256f7fa51042c8

Author: Tsvetomir Dimitrov <tsv.dimit...@gmail.com>
Committer: Tsvetomir Dimitrov <tsv.dimit...@gmail.com>
Date: 2018-05-09T10:12:58+03:00

ims_registrar_pcscf: Update tmp security only if there are sec-agree params in 
the message

---

Modified: src/modules/ims_registrar_pcscf/save.c

---

Diff:  
https://github.com/kamailio/kamailio/commit/0f8a879a212bd114aaa261a58e256f7fa51042c8.diff
Patch: 
https://github.com/kamailio/kamailio/commit/0f8a879a212bd114aaa261a58e256f7fa51042c8.patch

---

diff --git a/src/modules/ims_registrar_pcscf/save.c 
b/src/modules/ims_registrar_pcscf/save.c
index 0edf7bd808..39dfe4d589 100644
--- a/src/modules/ims_registrar_pcscf/save.c
+++ b/src/modules/ims_registrar_pcscf/save.c
@@ -354,9 +354,11 @@ int save_pending(struct sip_msg* _m, udomain_t* _d) {
}
 
 // Update security parameters
-if(ul.update_temp_security(_d, sec_params->type, sec_params, pcontact) != 
0)
-{
-LM_ERR("Error updating temp security\n");
+if(sec_params) {
+if(ul.update_temp_security(_d, sec_params->type, sec_params, pcontact) 
!= 0)
+{
+LM_ERR("Error updating temp security\n");
+}
 }
 
ul.unlock_udomain(_d, _host, ci.via_port, ci.via_prot);


___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

Re: [sr-dev] Set arbitrary destination port for outgoing request/reply

2018-05-21 Thread Tsvetomir Dimitrov 
Thank you! This sounds like exactly what I need.

Best regards,
Tsvetomir

On Thu, May 17, 2018 at 9:23 AM Daniel-Constantin Mierla <mico...@gmail.com>
wrote:

> Hello,
>
> for sip request, just set the $du to the address you want to send, I guess
> the port you know, doesn't really has to be randomly generated by Kamailio
> -- however, if yes, then there is a variable that should help, iirc it is
> named $RANDOM, but you can check the pv cookbook in the wiki or the
> cfgutils module.
>
> For sip replies, try also with $du, although it might not work and then
> something needs to be coded in the core to make it work -- I expect to be
> something trivial to check if $du is set for the reply and use that for
> sending out instead of via address.
>
> There is likely even now a chance to work with onsend_route enabled for
> replies (see global parameters in the core cookbook) where you can use
> send_data() function with the first parameter being the address where you
> want to send it and the second $snd(buf), then do drop() not to let
> response be sent again by core.
>
> Cheers,
> Daniel
>
> On 10.05.18 21:08, Tsvetomir Dimitrov wrote:
>
> Hello,
>
> Is it possible to modify the destination UDP port number for outgoing SIP
> request/response?
>
> I am working on a sec-agree extension implementation for Kamailio and
> after negotiating the IPSec tunnel parameters I need to redirect the
> messages to the new port number. I checked the code and looks like the
> destination port is determined mainly by the VIA headers, which doesn't
> work for me. Is it possible to achieve this without messing up with the
> core?
>
> Best regards,
> Tsvetomir
>
>
> ___
> Kamailio (SER) - Development Mailing 
> Listsr-dev@lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
>
>
> --
> Daniel-Constantin Mierlawww.twitter.com/miconda -- www.linkedin.com/in/miconda
> Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com
>
>
___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

Re: [sr-dev] [kamailio/kamailio] ims_registrar_pcscf: Update tmp security only if there are sec-agree … (#1527)

2018-05-10 Thread Tsvetomir Dimitrov 
You are welcome @uts09 . Thank you for reporting this.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/1527#issuecomment-388154580___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

[sr-dev] Set arbitrary destination port for outgoing request/reply

2018-05-10 Thread Tsvetomir Dimitrov 
Hello,

Is it possible to modify the destination UDP port number for outgoing SIP
request/response?

I am working on a sec-agree extension implementation for Kamailio and after
negotiating the IPSec tunnel parameters I need to redirect the messages to
the new port number. I checked the code and looks like the destination port
is determined mainly by the VIA headers, which doesn't work for me. Is it
possible to achieve this without messing up with the core?

Best regards,
Tsvetomir
___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

[sr-dev] [kamailio/kamailio] ims_registrar_pcscf: Update tmp security only if there are sec-agree … (#1527)

2018-05-09 Thread Tsvetomir Dimitrov 
…params in the message





 Pre-Submission Checklist



- [ X] Commit message has the format required by CONTRIBUTING guide
- [ X] Commits are split per component (core, individual modules, libs, utils, 
...)
- [ X] Each component has a single commit (if not, squash them into one commit)
- [ X] No commits to README files for modules (changes must be done to docbook 
files
in `doc/` subfolder, the README file is autogenerated)

 Type Of Change
- [X ] Small bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds new functionality)
- [ ] Breaking change (fix or feature that would change existing functionality)

 Checklist:

- [X ] PR should be backported to stable branches
- [X ] Tested changes locally
- [X ] Related to issue #1526 

 Description

If a register is received without sec-agree parameters, a NULL pointer is 
deferenced, which causes segfault.
You can view, comment on, or merge this pull request online at:

  https://github.com/kamailio/kamailio/pull/1527

-- Commit Summary --

  * ims_registrar_pcscf: Update tmp security only if there are sec-agree params 
in the message

-- File Changes --

M src/modules/ims_registrar_pcscf/save.c (8)

-- Patch Links --

https://github.com/kamailio/kamailio/pull/1527.patch
https://github.com/kamailio/kamailio/pull/1527.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/1527
___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

Re: [sr-dev] Contributing platform specific code to Kamailio

2018-01-22 Thread Tsvetomir Dimitrov 
Hello Carsten,

I promised to share the code with you. I wanted to push it in a better
shape, but I've got some difficulties, which take me more time than
expected. You can check it here:

https://github.com/tdimitrov/kamailio/tree/ipsec-wip

The code is far from production ready, but my main priority for now is to
make it work with real phone. My issue in nutshell: when the UE sends IPSec
protected REGISTER I can see the message reaching P-CSCF (in wireshark),
but the REGISTER is not delivered to the kamailio process. The ipsec itself
is initialised correctly (at least I see no errors). I think the issue is
that the UDP checksum of the REGISTER is wrong due to a NAT. I see lots of
lines like this in dmesg:

[11782894.569952] UDP: bad checksum. From 192.168.178.61:6177 to
192.168.178.167:5061 ulen 1332

Currently I'm working on a fix for this. I think there is a socket option
to disable UDP checksum validation, but I want to avoid this. If you have
got experience with such issues, any help is highly appreciated :)

Besides this there is some more work on the module, but nothing serious:
- IPSec tunnels are not destroyed on deregister.
- IPSec tunnels are not cleaned up in case of ungraceful kamailio shutdown.
- Logic to allocate unique local IPSec ports to each UE is required.
- Some hardcoded params should be replaced with module config options.

I'll update this thread when I have got any significant progress.

Best regards,
Tsvetomir

On Mon, Dec 11, 2017 at 5:15 PM, Tsvetomir Dimitrov <tsv.dimit...@gmail.com>
wrote:

> Hi Carsten,
>
> I'm working on this and I have got some progress, but unplanned two week
> sick leave delayed my work a lot. What I have done so far:
> - Fixed saving of security parameters in ims_usrloc_pcscf. My previous
> patch didn't handle SHM allocation correctly. This is can be merged so I'll
> open a pull request soon.
> - New module which handles ipsec tunnel creation. For now the module
> successfully registers SAs and policy via xfrm (no external bash scripts
> involved) on incoming REGISTER.
>
> What needs to be done:
> - Cleanup of ipsec SAs and policy on subscriber detach, PCSCF graceful
> shut down and PCSCF not so graceful shutdown.
> - Module parameters for everything - for now all params are hardcoded.
>
> The code is not very usable at the moment, mainly because there are a lot
> of hardcoded parameters. I can share it if you wish.
>
> Best regards,
> Tsvetomir
>
>
> On Mon, Dec 11, 2017 at 3:25 PM, Carsten Bock <cars...@ng-voice.com>
> wrote:
>
>> Hi Tsvetomir,
>>
>> any updates regarding this? I believe otherwise, I would assign
>> ressources from our side for this in February/March next year.
>> However, I would want to avoid double work.
>>
>> You can share it privately with me, if you don't want to publish it yet.
>>
>> Thanks,
>> Carsten
>>
>> 2017-10-19 9:49 GMT+02:00 Tsvetomir Dimitrov <tsv.dimit...@gmail.com>:
>> > Hi Carsten,
>> >
>> > Thanks for your responce and please excuse my late reply too. I'm still
>> > working on the changes and will make a pull request as soon as I am
>> ready.
>> > It will be a separate module which handles the IPSec tunnel
>> creation/tear
>> > down, so that ims_register_pcscf won't be polluted with platform
>> specific
>> > functionality. You are right, that new module can be ifdef-ed and
>> replaced
>> > with something *BSD specific or whatever OS someone wants to use.
>> >
>> > Best regards,
>> > Tsvetomir
>> >
>> > On Fri, Oct 13, 2017 at 6:21 AM, Carsten Bock <cars...@ng-voice.com>
>> wrote:
>> >>
>> >> Hi Tsvetomir,
>> >>
>> >> sorry for the late reply. I assume this mail got lost a bit in the
>> >> days of Astricon. I even asked Daniel about this mail during Astricon,
>> >> but he hadn't seen it yet. Right now, I'm officially on holiday
>> >>
>> >> Can you please provide a Pull-Request for the changes?
>> >>
>> >> From my perspective, it is likely fine to have a Linux-Only module, it
>> >> might not be the first one. If you can encapsulate your extensions
>> >> with some IFDEF's, so the functionality can be disabled on non-Linux,
>> >> then that would be fine with me.
>> >>
>> >> It would be great, if Daniel or anyone else from the Management-Group
>> >> could answer or comment this one as well??
>> >>
>> >> Thanks,
>> >> Carsten
>> >>
>> >> 2017-10-04 10:14 GMT-04:00 Tsvetomir Dimitrov <tsv.dimit...@gmail.com
>> >:
>> >> > He

[sr-dev] git:master:790f7a32: ims_registrar_pcscf: Fix memory allocation for security_t parameters in contact

2017-12-12 Thread Tsvetomir Dimitrov 
Module: kamailio
Branch: master
Commit: 790f7a3291f45ae03e5d54cfe6f300789f5c391b
URL: 
https://github.com/kamailio/kamailio/commit/790f7a3291f45ae03e5d54cfe6f300789f5c391b

Author: Tsvetomir Dimitrov <tsv.dimit...@gmail.com>
Committer: Tsvetomir Dimitrov <tsv.dimit...@gmail.com>
Date: 2017-12-11T15:26:42Z

ims_registrar_pcscf: Fix memory allocation for security_t parameters in contact

---

Modified: src/modules/ims_registrar_pcscf/save.c
Modified: src/modules/ims_registrar_pcscf/sec_agree.c
Modified: src/modules/ims_registrar_pcscf/sec_agree.h

---

Diff:  
https://github.com/kamailio/kamailio/commit/790f7a3291f45ae03e5d54cfe6f300789f5c391b.diff
Patch: 
https://github.com/kamailio/kamailio/commit/790f7a3291f45ae03e5d54cfe6f300789f5c391b.patch


___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

[sr-dev] git:master:99289bec: ims_usrloc_pcscf: Add new function free_security() which deallocates security_t parameter from a contact

2017-12-12 Thread Tsvetomir Dimitrov 
Module: kamailio
Branch: master
Commit: 99289bec4bceb0db3eb992a36e0e6d8c8ae94db4
URL: 
https://github.com/kamailio/kamailio/commit/99289bec4bceb0db3eb992a36e0e6d8c8ae94db4

Author: Tsvetomir Dimitrov <tsv.dimit...@gmail.com>
Committer: Tsvetomir Dimitrov <tsv.dimit...@gmail.com>
Date: 2017-12-11T15:26:42Z

ims_usrloc_pcscf: Add new function free_security() which deallocates security_t 
parameter from a contact

---

Modified: src/modules/ims_usrloc_pcscf/pcontact.c

---

Diff:  
https://github.com/kamailio/kamailio/commit/99289bec4bceb0db3eb992a36e0e6d8c8ae94db4.diff
Patch: 
https://github.com/kamailio/kamailio/commit/99289bec4bceb0db3eb992a36e0e6d8c8ae94db4.patch

---

diff --git a/src/modules/ims_usrloc_pcscf/pcontact.c 
b/src/modules/ims_usrloc_pcscf/pcontact.c
index fec8be5f60..ff666f8103 100644
--- a/src/modules/ims_usrloc_pcscf/pcontact.c
+++ b/src/modules/ims_usrloc_pcscf/pcontact.c
@@ -112,6 +112,38 @@ void free_ppublic(ppublic_t* _p)
shm_free(_p);
 }
 
+void free_security(security_t* _p)
+{
+if (!_p)
+return;
+
+shm_free(_p->sec_header.s);
+
+switch (_p->type)
+{
+case SECURITY_IPSEC:
+shm_free(_p->data.ipsec->ealg.s);
+shm_free(_p->data.ipsec->r_ealg.s);
+shm_free(_p->data.ipsec->ck.s);
+shm_free(_p->data.ipsec->alg.s);
+shm_free(_p->data.ipsec->r_alg.s);
+shm_free(_p->data.ipsec->ik.s);
+shm_free(_p->data.ipsec->prot.s);
+shm_free(_p->data.ipsec->mod.s);
+
+shm_free(_p->data.ipsec);
+break;
+
+case SECURITY_TLS:
+shm_free(_p->data.tls);
+break;
+
+//default: Nothing to deallocate
+}
+
+shm_free(_p);
+}
+
 int new_pcontact(struct udomain* _d, str* _contact, struct pcontact_info* _ci, 
struct pcontact** _c)
 {
int i, has_rinstance=0;
@@ -275,6 +307,10 @@ void free_pcontact(pcontact_t* _c) {
_c->num_service_routes = 0;
}
 
+// free_security() checks for NULL ptr
+free_security(_c->security_temp);
+free_security(_c->security);
+
if (_c->rx_session_id.len > 0 && _c->rx_session_id.s)
shm_free(_c->rx_session_id.s);
shm_free(_c);


___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

Re: [sr-dev] Contributing platform specific code to Kamailio

2017-12-11 Thread Tsvetomir Dimitrov 
Hi Carsten,

I'm working on this and I have got some progress, but unplanned two week
sick leave delayed my work a lot. What I have done so far:
- Fixed saving of security parameters in ims_usrloc_pcscf. My previous
patch didn't handle SHM allocation correctly. This is can be merged so I'll
open a pull request soon.
- New module which handles ipsec tunnel creation. For now the module
successfully registers SAs and policy via xfrm (no external bash scripts
involved) on incoming REGISTER.

What needs to be done:
- Cleanup of ipsec SAs and policy on subscriber detach, PCSCF graceful shut
down and PCSCF not so graceful shutdown.
- Module parameters for everything - for now all params are hardcoded.

The code is not very usable at the moment, mainly because there are a lot
of hardcoded parameters. I can share it if you wish.

Best regards,
Tsvetomir


On Mon, Dec 11, 2017 at 3:25 PM, Carsten Bock <cars...@ng-voice.com> wrote:

> Hi Tsvetomir,
>
> any updates regarding this? I believe otherwise, I would assign
> ressources from our side for this in February/March next year.
> However, I would want to avoid double work.
>
> You can share it privately with me, if you don't want to publish it yet.
>
> Thanks,
> Carsten
>
> 2017-10-19 9:49 GMT+02:00 Tsvetomir Dimitrov <tsv.dimit...@gmail.com>:
> > Hi Carsten,
> >
> > Thanks for your responce and please excuse my late reply too. I'm still
> > working on the changes and will make a pull request as soon as I am
> ready.
> > It will be a separate module which handles the IPSec tunnel creation/tear
> > down, so that ims_register_pcscf won't be polluted with platform specific
> > functionality. You are right, that new module can be ifdef-ed and
> replaced
> > with something *BSD specific or whatever OS someone wants to use.
> >
> > Best regards,
> > Tsvetomir
> >
> > On Fri, Oct 13, 2017 at 6:21 AM, Carsten Bock <cars...@ng-voice.com>
> wrote:
> >>
> >> Hi Tsvetomir,
> >>
> >> sorry for the late reply. I assume this mail got lost a bit in the
> >> days of Astricon. I even asked Daniel about this mail during Astricon,
> >> but he hadn't seen it yet. Right now, I'm officially on holiday
> >>
> >> Can you please provide a Pull-Request for the changes?
> >>
> >> From my perspective, it is likely fine to have a Linux-Only module, it
> >> might not be the first one. If you can encapsulate your extensions
> >> with some IFDEF's, so the functionality can be disabled on non-Linux,
> >> then that would be fine with me.
> >>
> >> It would be great, if Daniel or anyone else from the Management-Group
> >> could answer or comment this one as well??
> >>
> >> Thanks,
> >> Carsten
> >>
> >> 2017-10-04 10:14 GMT-04:00 Tsvetomir Dimitrov <tsv.dimit...@gmail.com>:
> >> > Hello,
> >> >
> >> > I am working on a functionality which handles ipsec tunel creation for
> >> > VoLTE
> >> > registration and I'd like to contribute it to the project. However the
> >> > code
> >> > is heavily Linux specific - uses xfrm framework, so it won't compile
> on
> >> > distribution with older kernels and definitely won't compile on *BSD.
> >> >
> >> > How problematic is this? How to handle this implementation so that it
> >> > gets
> >> > merged?
> >> >
> >> > Right now I can see two options:
> >> > 1. Implement the functionality in ims_register_pcscf.
> >> > 2. Implement separate ipsec module and handle the tunel creation/tear
> >> > down
> >> > from the configuration.
> >> >
> >> > The first solution is definitely the easiest one for implementation,
> but
> >> > after my patch the module won't be as portable as it is now and I'm
> >> > afraid
> >> > my patch will be rejected.
> >> >
> >> > The second one separates the platform specific code in separate module
> >> > and
> >> > won't affect ims_register_pcscf. However I need data from
> >> > ims_usrloc_pcscf,
> >> > which is not accessible from the configuration. Also, writing separate
> >> > module for a limited IPSEC handling seems like a overkill for me.
> >> >
> >> > What's your opinion?
> >> >
> >> > Best regards,
> >> > Tsvetomir
> >> >
> >> > ___
> >> > Kamailio (SER) - Development Mailing List
> >> > sr-dev

Re: [sr-dev] Contributing platform specific code to Kamailio

2017-10-19 Thread Tsvetomir Dimitrov 
Hi Carsten,

Thanks for your responce and please excuse my late reply too. I'm still
working on the changes and will make a pull request as soon as I am ready.
It will be a separate module which handles the IPSec tunnel creation/tear
down, so that ims_register_pcscf won't be polluted with platform specific
functionality. You are right, that new module can be ifdef-ed and replaced
with something *BSD specific or whatever OS someone wants to use.

Best regards,
Tsvetomir

On Fri, Oct 13, 2017 at 6:21 AM, Carsten Bock <cars...@ng-voice.com> wrote:

> Hi Tsvetomir,
>
> sorry for the late reply. I assume this mail got lost a bit in the
> days of Astricon. I even asked Daniel about this mail during Astricon,
> but he hadn't seen it yet. Right now, I'm officially on holiday
>
> Can you please provide a Pull-Request for the changes?
>
> From my perspective, it is likely fine to have a Linux-Only module, it
> might not be the first one. If you can encapsulate your extensions
> with some IFDEF's, so the functionality can be disabled on non-Linux,
> then that would be fine with me.
>
> It would be great, if Daniel or anyone else from the Management-Group
> could answer or comment this one as well??
>
> Thanks,
> Carsten
>
> 2017-10-04 10:14 GMT-04:00 Tsvetomir Dimitrov <tsv.dimit...@gmail.com>:
> > Hello,
> >
> > I am working on a functionality which handles ipsec tunel creation for
> VoLTE
> > registration and I'd like to contribute it to the project. However the
> code
> > is heavily Linux specific - uses xfrm framework, so it won't compile on
> > distribution with older kernels and definitely won't compile on *BSD.
> >
> > How problematic is this? How to handle this implementation so that it
> gets
> > merged?
> >
> > Right now I can see two options:
> > 1. Implement the functionality in ims_register_pcscf.
> > 2. Implement separate ipsec module and handle the tunel creation/tear
> down
> > from the configuration.
> >
> > The first solution is definitely the easiest one for implementation, but
> > after my patch the module won't be as portable as it is now and I'm
> afraid
> > my patch will be rejected.
> >
> > The second one separates the platform specific code in separate module
> and
> > won't affect ims_register_pcscf. However I need data from
> ims_usrloc_pcscf,
> > which is not accessible from the configuration. Also, writing separate
> > module for a limited IPSEC handling seems like a overkill for me.
> >
> > What's your opinion?
> >
> > Best regards,
> > Tsvetomir
> >
> > ___
> > Kamailio (SER) - Development Mailing List
> > sr-dev@lists.kamailio.org
> > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
> >
>
>
>
> --
> Carsten Bock
> CEO (Geschäftsführer)
>
> ng-voice GmbH
> Millerntorplatz 1
> 20359 Hamburg / Germany
>
> http://www.ng-voice.com
> mailto:cars...@ng-voice.com
>
> Office +49 40 5247593-40
> Fax +49 40 5247593-99
>
> Sitz der Gesellschaft: Hamburg
> Registergericht: Amtsgericht Hamburg, HRB 120189
> Geschäftsführer: Carsten Bock
> Ust-ID: DE279344284
>
> Hier finden Sie unsere handelsrechtlichen Pflichtangaben:
> http://www.ng-voice.com/imprint/
>
> ___
> Kamailio (SER) - Development Mailing List
> sr-dev@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
>
___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

[sr-dev] Contributing platform specific code to Kamailio

2017-10-04 Thread Tsvetomir Dimitrov 
Hello,

I am working on a functionality which handles ipsec tunel creation for
VoLTE registration and I'd like to contribute it to the project. However
the code is heavily Linux specific - uses xfrm framework, so it won't
compile on distribution with older kernels and definitely won't compile on
*BSD.

How problematic is this? How to handle this implementation so that it gets
merged?

Right now I can see two options:
1. Implement the functionality in ims_register_pcscf.
2. Implement separate ipsec module and handle the tunel creation/tear down
from the configuration.

The first solution is definitely the easiest one for implementation, but
after my patch the module won't be as portable as it is now and I'm afraid
my patch will be rejected.

The second one separates the platform specific code in separate module and
won't affect ims_register_pcscf. However I need data from ims_usrloc_pcscf,
which is not accessible from the configuration. Also, writing separate
module for a limited IPSEC handling seems like a overkill for me.

What's your opinion?

Best regards,
Tsvetomir
___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

Re: [sr-dev] ipsec with kamailio pcscf

2017-09-04 Thread Tsvetomir Dimitrov 
Hi,

I'm working on such implementation in my free time. I have got some
progress but testing it is very hard for me. Can you share your usecase?
How do you simulate a client which sends sec-agree headers?

Best regards,
Tsvetomir

On Fri, Sep 1, 2017 at 11:44 AM, Angaroni Marco 
wrote:

> Hello,
>
>
>
> in the following email (about one year ago) it was mentioned that kamailio
> was close to having the capability to configure ipsec SAs dinamically by
> interacting with the OS.
>
> This is needed in pcscf AKA authentication procedure.
>
> https://lists.kamailio.org/pipermail/sr-dev/2016-June/035627.html
>
>
>
> I’m interested in knowing the current status of this feature.
>
> In latest (5.0.2) kamailio sources I was not able to find any sign of
> ipsec SA programming (setkey system()s, pfkey_*() calls, xfrm netlink
> messages).
>
> Anyone has news about this ?
>
>
>
> Thanks
> Internet Email Confidentiality Footer **
> 
> ** La presente
> comunicazione, con le informazioni in essa contenute e ogni documento o
> file allegato, e' rivolta unicamente alla/e persona/e cui e' indirizzata ed
> alle altre da questa autorizzata/e a riceverla. Se non siete i
> destinatari/autorizzati siete avvisati che qualsiasi azione, copia,
> comunicazione, divulgazione o simili basate sul contenuto di tali
> informazioni e' vietata e potrebbe essere contro la legge (art. 616 C.P.,
> D.Lgs n. 196/2003 Codice in materia di protezione dei dati personali). Se
> avete ricevuto questa comunicazione per errore, vi preghiamo di darne
> immediata notizia al mittente e di distruggere il messaggio originale e
> ogni file allegato senza farne copia alcuna o riprodurne in alcun modo il
> contenuto. * This e-mail and its attachments are intended
> for the addressee(s) only and are confidential and/or may contain legally
> privileged information. If you have received this message by mistake or are
> not one of the addressees above, you may take no action based on it, and
> you may not copy or show it to anyone; please reply to this e-mail and
> point out the error which has occurred. **
> 
> **
>
> ___
> Kamailio (SER) - Development Mailing List
> sr-dev@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
>
>
___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

[sr-dev] Sec agree support in P-CSCF modules

2017-06-14 Thread Tsvetomir Dimitrov 
Hello!

I am working on Kamailio based IMS setup. During testing I noticed that the
UE sends unprotected register, challenge is returned but after that the UE
doesn't attempt to send REGISTER with authentication data.

I believe this happens due to the lack of support of sec-agree extension in
Kamailio. After a short google search I found this thread:

https://www.mail-archive.com/sr-users@lists.sip-router.org/msg29269.html

After that I spoke with miconda in IRC, he confirmed that no one works on
this and suggested to ask  for help in this mail list.

So in nutshell - I believe without this feature (correct me if I am wrong)
a real UE can't attach to Kamailio based IMS setup. I am willing to work on
it, but I need some guidance.

Is there someone willing to help me with advice how to fit this feature in
the whole project?

At the moment my concerns are:

- Is this feature really needed in real LTE network?
- Is there a vision how this feature should be implemented in the Kamailo
landscape? E. g. as separate module, as part of ims_usrloc_pcscf /
ims_registrar_pcscf? What ipsec library to use?

Best regards,
Tsvetomir
___
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev