git:master:bb35e0aa: ims_ipsec_pcscf: cope better with some broken In-Dialog routing - sr-dev

30 Nov 2023

Module: kamailio
Branch: master
Commit: bb35e0aa112f9c60779692c67f42b6ef2cb1b0c2
URL: https://github.com/kamailio/kamailio/commit/bb35e0aa112f9c60779692c67f42b6ef...
Author: Supreeth Herle herlesupreeth@gmail.com
Committer: Daniel-Constantin Mierla miconda@gmail.com
Date: 2023-11-30T10:18:47+01:00
ims_ipsec_pcscf: cope better with some broken In-Dialog routing
---
Modified: src/modules/ims_ipsec_pcscf/cmd.c
---
Diff:  https://github.com/kamailio/kamailio/commit/bb35e0aa112f9c60779692c67f42b6ef...
Patch: https://github.com/kamailio/kamailio/commit/bb35e0aa112f9c60779692c67f42b6ef...
---

diff --git a/src/modules/ims_ipsec_pcscf/cmd.c b/src/modules/ims_ipsec_pcscf/cmd.c
index dca5784c8a0..594d442710f 100644
--- a/src/modules/ims_ipsec_pcscf/cmd.c
+++ b/src/modules/ims_ipsec_pcscf/cmd.c
@@ -501,6 +501,35 @@ static int create_ipsec_tunnel(const struct ip_addr *remote_addr, ipsec_t *s)
    add_policy(sock, remote_addr, ipsec_addr, s->port_us, s->port_pc, s->spi_pc,
    		IPSEC_POLICY_DIRECTION_IN);
+	/* cope with some broken In-Dialog routing */
+	// SA5 UE client to P-CSCF client
+	//               src adrr     dst addr     src port    dst port
+	add_sa(sock, remote_addr, ipsec_addr, s->port_uc, s->port_pc, s->spi_ps,
+			s->ck, s->ik, s->r_alg, s->r_ealg);
+	add_policy(sock, remote_addr, ipsec_addr, s->port_uc, s->port_pc, s->spi_ps,
+			IPSEC_POLICY_DIRECTION_IN);
+
+	// SA6 P-CSCF client to UE client
+	//               src adrr     dst addr     src port    dst port
+	add_sa(sock, ipsec_addr, remote_addr, s->port_pc, s->port_uc, s->spi_us,
+			s->ck, s->ik, s->r_alg, s->r_ealg);
+	add_policy(sock, ipsec_addr, remote_addr, s->port_pc, s->port_uc, s->spi_us,
+			IPSEC_POLICY_DIRECTION_OUT);
+
+	// SA7 P-CSCF server to UE server
+	//               src adrr     dst addr     src port    dst port
+	add_sa(sock, ipsec_addr, remote_addr, s->port_ps, s->port_us, s->spi_uc,
+			s->ck, s->ik, s->r_alg, s->r_ealg);
+	add_policy(sock, ipsec_addr, remote_addr, s->port_ps, s->port_us, s->spi_uc,
+			IPSEC_POLICY_DIRECTION_OUT);
+
+	// SA8 UE server to P-CSCF server
+	//               src adrr     dst addr     src port    dst port
+	add_sa(sock, remote_addr, ipsec_addr, s->port_us, s->port_ps, s->spi_pc,
+			s->ck, s->ik, s->r_alg, s->r_ealg);
+	add_policy(sock, remote_addr, ipsec_addr, s->port_us, s->port_ps, s->spi_pc,
+			IPSEC_POLICY_DIRECTION_IN);
+
    close_mnl_socket(sock);
return 0;
@@ -562,6 +591,31 @@ static int destroy_ipsec_tunnel(
    remove_policy(sock, remote_addr, ipsec_addr, s->port_us, s->port_pc,
    		s->spi_pc, ip_addr.af, IPSEC_POLICY_DIRECTION_IN);
+	/* cope with some broken In-Dialog routing */
+	// SA5 UE client to P-CSCF client
+	remove_sa(sock, remote_addr, ipsec_addr, s->port_uc, s->port_pc, s->spi_ps,
+			ip_addr.af);
+	remove_policy(sock, remote_addr, ipsec_addr, s->port_uc, s->port_pc,
+			s->spi_ps, ip_addr.af, IPSEC_POLICY_DIRECTION_IN);
+
+	// SA6 P-CSCF client to UE client
+	remove_sa(sock, ipsec_addr, remote_addr, s->port_pc, s->port_uc, s->spi_us,
+			ip_addr.af);
+	remove_policy(sock, ipsec_addr, remote_addr, s->port_pc, s->port_uc,
+			s->spi_us, ip_addr.af, IPSEC_POLICY_DIRECTION_OUT);
+
+	// SA7 P-CSCF server to UE server
+	remove_sa(sock, ipsec_addr, remote_addr, s->port_ps, s->port_us, s->spi_uc,
+			ip_addr.af);
+	remove_policy(sock, ipsec_addr, remote_addr, s->port_ps, s->port_us,
+			s->spi_uc, ip_addr.af, IPSEC_POLICY_DIRECTION_OUT);
+
+	// SA8 UE server to P-CSCF server
+	remove_sa(sock, remote_addr, ipsec_addr, s->port_us, s->port_ps, s->spi_pc,
+			ip_addr.af);
+	remove_policy(sock, remote_addr, ipsec_addr, s->port_us, s->port_ps,
+			s->spi_pc, ip_addr.af, IPSEC_POLICY_DIRECTION_IN);
+
    // Release SPIs
    release_spi(s->spi_pc, s->spi_ps, s->port_pc, s->port_ps);

    