ims-volte-vowifi
/
doubango
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

transport_ipsec: Create sockets _after_ IPsec SA is active 

the SA needs to be fully established before we can create the
new socket through that SA.  Otherwise the second REGISTER, or
at least the TCP SYN packet of the socket we want to use for it
is sent without ESP and hence gets rejected by the P-CSCF.
This commit is contained in:
Harald Welte 2022-03-04 20:20:08 +01:00
parent 2ef526015c
commit 2c45b360d8
1 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
tinySIP/src/transports/tsip_transport_ipsec.c
View File

@ -101,7 +101,6 @@ bail:
int tsip_transport_ipsec_ensureTempSAs(tsip_transport_ipsec_t* self, const tsip_response_t *r401_407, int64_t expires)
{
int ret = -1;
struct sockaddr_storage to;
tsk_size_t index;
const tsip_header_Security_Server_t *ssHdr;
double maxQ = -2.0; /* The Q value in the SIP header will be equal to -1 by default. */
@ -185,22 +184,13 @@ copy:
goto bail;
}
/* Connect Sockets: port_uc to port_ps*/
if((ret = tnet_sockaddr_init(self->asso_temporary->ip_remote, self->asso_temporary->ctx->port_ps, TSIP_TRANSPORT(self)->type, &to))) {
TSK_DEBUG_ERROR("Invalid HOST/PORT [%s/%u].", (const char*)self->asso_temporary->ctx->addr_remote, self->asso_temporary->ctx->port_ps);
goto bail;
}
if((ret = tnet_sockfd_connectto(self->asso_temporary->socket_uc->fd, &to))) {
TSK_DEBUG_ERROR("Failed to connect port_uc to port_ps.");
goto bail;
}
bail:
return ret;
}
int tsip_transport_ipsec_startSAs(tsip_transport_ipsec_t* self, const tipsec_key_t* ik, const tipsec_key_t* ck)
{
struct sockaddr_storage to;
int ret = -1;
if (!self) {
@ -223,6 +213,17 @@ int tsip_transport_ipsec_startSAs(tsip_transport_ipsec_t* self, const tipsec_key
ret = tipsec_ctx_start(self->asso_active->ctx);
}
/* Connect Sockets: port_uc to port_ps*/
if((ret = tnet_sockaddr_init(self->asso_active->ip_remote, self->asso_active->ctx->port_ps, TSIP_TRANSPORT(self)->type, &to))) {
TSK_DEBUG_ERROR("Invalid HOST/PORT [%s/%u].", (const char*)self->asso_active->ctx->addr_remote, self->asso_active->ctx->port_ps);
goto bail;
}
if((ret = tnet_sockfd_connectto(self->asso_active->socket_uc->fd, &to))) {
TSK_DEBUG_ERROR("Failed to connect port_uc to port_ps.");
goto bail;
}
bail:
return ret;
}