Re: [sr-dev] [kamailio/kamailio] ims_ipsec_pcscf: more algorithms, SA improvements (#2731)

@alexyosifov approved this pull request. Added some comments // for Reply get the dest proto from the received request dst_proto = req->rcv.proto; - // for Reply and TCP sends from P-CSCF server port, for Reply and UDP sends from P-CSCF client port - src_port = dst_proto == PROTO_TCP ? s->port_ps : s->port_pc; + // Check send socket Why you have to check "send socket" here? You perform the check with zero src_port and dst_proto. The "send socket" always is present. If you scroll down at row 877 there is the same check and if "send socket" is not present the function returns an error. I do not see value from this change and I am not sure this will work properly. Correct me if I am wrong. + if (strncasecmp(r_ealg.s,"aes-cbc",r_ealg.len) == 0) { Is it a good idea cipher algorithm to be optional? Just add a new value in _cflags parameter in int ipsec_create(struct sip_msg* m, udomain_t* d, int _cflags) method. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/2731#pullrequestreview-655554158