[sr-dev] [kamailio/kamailio] ims_registrar_pcscf,ims_qos: added a parameter for trusting the bottom Via header on requests (PR #3891)

Mon, 24 Jun 2024 02:33:45 -0700 

<!-- Kamailio Pull Request Template -->

<!--
IMPORTANT:
  - for detailed contributing guidelines, read:
    https://github.com/kamailio/kamailio/blob/master/.github/CONTRIBUTING.md
  - pull requests must be done to master branch, unless they are backports
    of fixes from master branch to a stable branch
  - backports to stable branches must be done with 'git cherry-pick -x 
...'
  - code is contributed under BSD for core and main components (tm, sl, auth, 
tls)
  - code is contributed GPLv2 or a compatible license for the other components
  - GPL code is contributed with OpenSSL licensing exception
-->

#### Pre-Submission Checklist
<!-- Go over all points below, and after creating the PR, tick all the 
checkboxes that apply -->
<!-- All points should be verified, otherwise, read the CONTRIBUTING 
guidelines from above-->
<!-- If you're unsure about any of these, don't hesitate to ask on 
sr-dev mailing list -->
- [ ] Commit message has the format required by CONTRIBUTING guide
- [ ] Commits are split per component (core, individual modules, libs, utils, 
...)
  - Not yet - first let's see if the work is valid, then I'll recompose 
the whole work to satisfy this. Otherwise... if I need to fix something, 
it's too hard to work like this...
- [ ] Each component has a single commit (if not, squash them into one commit)
  - ditto
- [x] No commits to README files for modules (changes must be done to docbook 
files
in `doc/` subfolder, the README file is autogenerated)

#### Type Of Change
- [ ] Small bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds new functionality)
- [ ] Breaking change (fix or feature that would change existing functionality)

#### Checklist:
<!-- Go over all points below, and after creating the PR, tick the 
checkboxes that apply -->
- [ ] PR should be backported to stable branches
- [x] Tested changes locally
- [ ] Related to issue #XXXX (replace XXXX with an open issue number)

#### Description
<!-- Describe your changes in detail -->

Normally, the IMS P-CSCF should identify the clients (UEs) by the received IP 
address and ports on Rx. The current code is using a mix of that, plus using 
Contact and Via headers, with arguable potential security issues.

This patch adds a new parameter to `ims_registrar_pcscf` and `ims_qos` modules, 
allowing for an optional outsource of the IPsec functionality to another 
element, which is also in charge of checking/enforcing correct UE Via header. 
The existing code is allowed to work as before, with the default value of the 
flag being towards that.

List of functional changes:
- `ims_qos`
  -  added `trust_bottom_via` parameter
  - 

List of indirect changes:
- default I-CSCF config example contained a questionable line which adds a `+` 
as a prefix in Request-URI. After way too much time wasted to figure out why 
the Diameter LIR has bogus SIP or TEL URI values in UserName AVP, I have 
discovered this. Seems like someone had just tel-URIs in their network, but 
otherwise the blind addition of this prefix makes no sense to me.
- added a `str2ushort()` macro, since code was using some dangerous casting and 
macros with a larger type
- 

List of non-functional fixes:
- spelling in comments
- comments at the end of line moved above the line they refer to; with just 80 
columns code-formatting, commenting on the same line provides for some super 
weird and hard to read code, so IMHO should not be allowed (or ... much harder 
now... increase to 120 columns)
- 



You can view, comment on, or merge this pull request online at:

  https://github.com/kamailio/kamailio/pull/3891

-- Commit Summary --

  * squashed work

-- File Changes --

    M misc/examples/ims/icscf/kamailio.cfg (4)
    M src/core/ut.h (36)
    M src/lib/ims/ims_getters.c (2)
    M src/modules/ims_icscf/location.c (10)
    M src/modules/ims_qos/ims_qos_mod.c (27)
    M src/modules/ims_qos/ims_qos_mod.h (1)
    M src/modules/ims_qos/rx_aar.h (4)
    M src/modules/ims_qos/rx_authdata.h (2)
    M src/modules/ims_qos/rx_avp.c (2)
    M src/modules/ims_qos/rx_avp.h (1)
    M src/modules/ims_registrar_pcscf/doc/ims_registrar_pcscf_admin.xml (39)
    M src/modules/ims_registrar_pcscf/ims_registrar_pcscf_mod.c (18)
    M src/modules/ims_registrar_pcscf/notify.c (2)
    M src/modules/ims_registrar_pcscf/save.c (78)
    M src/modules/ims_registrar_pcscf/service_routes.c (125)
    M src/modules/ims_registrar_pcscf/subscribe.c (75)
    M src/modules/ims_registrar_pcscf/subscribe.h (4)
    M src/modules/ims_usrloc_pcscf/udomain.c (4)

-- Patch Links --

https://github.com/kamailio/kamailio/pull/3891.patch
https://github.com/kamailio/kamailio/pull/3891.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/3891
You are receiving this because you are subscribed to this thread.

Message ID: <kamailio/kamailio/pull/3...@github.com>

_______________________________________________
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org

Reply via email to