From 2c45b360d8d43c03328fdf712b80e87b2d0a4e86 Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Fri, 4 Mar 2022 20:20:08 +0100 Subject: [PATCH] transport_ipsec: Create sockets _after_ IPsec SA is active the SA needs to be fully established before we can create the new socket through that SA. Otherwise the second REGISTER, or at least the TCP SYN packet of the socket we want to use for it is sent without ESP and hence gets rejected by the P-CSCF. --- tinySIP/src/transports/tsip_transport_ipsec.c | 23 ++++++++++--------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/tinySIP/src/transports/tsip_transport_ipsec.c b/tinySIP/src/transports/tsip_transport_ipsec.c index 9e4ce95e..2afb2b04 100755 --- a/tinySIP/src/transports/tsip_transport_ipsec.c +++ b/tinySIP/src/transports/tsip_transport_ipsec.c @@ -101,7 +101,6 @@ bail: int tsip_transport_ipsec_ensureTempSAs(tsip_transport_ipsec_t* self, const tsip_response_t *r401_407, int64_t expires) { int ret = -1; - struct sockaddr_storage to; tsk_size_t index; const tsip_header_Security_Server_t *ssHdr; double maxQ = -2.0; /* The Q value in the SIP header will be equal to -1 by default. */ @@ -185,22 +184,13 @@ copy: goto bail; } - /* Connect Sockets: port_uc to port_ps*/ - if((ret = tnet_sockaddr_init(self->asso_temporary->ip_remote, self->asso_temporary->ctx->port_ps, TSIP_TRANSPORT(self)->type, &to))) { - TSK_DEBUG_ERROR("Invalid HOST/PORT [%s/%u].", (const char*)self->asso_temporary->ctx->addr_remote, self->asso_temporary->ctx->port_ps); - goto bail; - } - if((ret = tnet_sockfd_connectto(self->asso_temporary->socket_uc->fd, &to))) { - TSK_DEBUG_ERROR("Failed to connect port_uc to port_ps."); - goto bail; - } - bail: return ret; } int tsip_transport_ipsec_startSAs(tsip_transport_ipsec_t* self, const tipsec_key_t* ik, const tipsec_key_t* ck) { + struct sockaddr_storage to; int ret = -1; if (!self) { @@ -223,6 +213,17 @@ int tsip_transport_ipsec_startSAs(tsip_transport_ipsec_t* self, const tipsec_key ret = tipsec_ctx_start(self->asso_active->ctx); } + /* Connect Sockets: port_uc to port_ps*/ + if((ret = tnet_sockaddr_init(self->asso_active->ip_remote, self->asso_active->ctx->port_ps, TSIP_TRANSPORT(self)->type, &to))) { + TSK_DEBUG_ERROR("Invalid HOST/PORT [%s/%u].", (const char*)self->asso_active->ctx->addr_remote, self->asso_active->ctx->port_ps); + goto bail; + } + if((ret = tnet_sockfd_connectto(self->asso_active->socket_uc->fd, &to))) { + TSK_DEBUG_ERROR("Failed to connect port_uc to port_ps."); + goto bail; + } + + bail: return ret; }