19 May
2021
19 May
'21
9 p.m.
Hi to all,
I am interested in the implementation of IPsec module. When I run Kamailio, it is creating
processes based on the below formulate:
UDP children * IPSEC_MAX_CONN * interfaces (v4 and v6) + (TCP+UD) processes for each
interface.
For example:
children = 16tcp_children=16
IPSEC_MAX_CONN = 25and two interface : IPv6 and V4
Kamailio process count = (16 * 25 * 2 ) + 16 + 16 = 832
But why IPsec module is listening to UDP not TCP? this is an internal connection?
Thank you.
Regards,Hossein
1 Jun
1 Jun
5:48 a.m.
Hello,
not sure why you think that the ims_ipsec_pcscf module is listening only on UDP. It seems
to be also listening on TCP:
//add listen interfaces for IPv4
if(add_listen_iface(addr4, NULL, ipsec_client_port + i, PROTO_TCP,
0) != 0) {
LM_ERR("Error adding listen ipsec client TCP
interface for IPv4\n");
return -1;
}
if(add_listen_iface(addr4, NULL, ipsec_server_port + i, PROTO_TCP,
0) != 0) {
LM_ERR("Error adding listen ipsec server TCP
interface for IPv4\n");
return -1;
}
if(add_listen_iface(addr4, NULL, ipsec_client_port + i, PROTO_UDP,
0) != 0) {
LM_ERR("Error adding listen ipsec client UDP
interface for IPv4\n");
return -1;
}
if(add_listen_iface(addr4, NULL, ipsec_server_port + i, PROTO_UDP,
0) != 0) {
LM_ERR("Error adding listen ipsec server UDP
interface for IPv4\n");
return -1;
}
Cheers,
Henning
--
Henning Westerholt – https://skalatan.de/blog/
Kamailio services – https://gilawa.com<https://gilawa.com/>
From: sr-users <sr-users-bounces(a)lists.kamailio.org> On Behalf Of H Yavari
Sent: Thursday, May 20, 2021 3:01 AM
To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>
Subject: [SR-Users] IMS IPSec does use UDP socket?
Hi to all,
I am interested in the implementation of IPsec module. When I run Kamailio, it is creating
processes based on the below formulate:
UDP children * IPSEC_MAX_CONN * interfaces (v4 and v6) + (TCP+UD) processes for each
interface.
For example:
children = 16
tcp_children=16
IPSEC_MAX_CONN = 25
and two interface : IPv6 and V4
Kamailio process count = (16 * 25 * 2 ) + 16 + 16 = 832
But why IPsec module is listening to UDP not TCP? this is an internal connection?
Thank you.
Regards,
Hossein
2:58 p.m.
Yes, you are right.I just couldn't understand the relation between children and IPsec
port/spi ranges.
Regards,Hossein
On Tuesday, June 1, 2021, 02:48:07 AM PDT, Henning Westerholt <hw(a)skalatan.de>
wrote:
Hello,
not sure why you think that the ims_ipsec_pcscf module is listening only on UDP. It seems
to be also listening on TCP:
//add listen interfaces for IPv4
if(add_listen_iface(addr4, NULL, ipsec_client_port + i, PROTO_TCP,
0) != 0) {
LM_ERR("Error adding listen ipsec client TCP
interface for IPv4\n");
return -1;
}
if(add_listen_iface(addr4, NULL, ipsec_server_port + i, PROTO_TCP,
0) != 0) {
LM_ERR("Error adding listen ipsec server TCP
interface for IPv4\n");
return -1;
}
if(add_listen_iface(addr4, NULL, ipsec_client_port + i, PROTO_UDP,
0) != 0) {
LM_ERR("Error adding listen ipsec client UDP
interface for IPv4\n");
return -1;
}
if(add_listen_iface(addr4, NULL, ipsec_server_port + i, PROTO_UDP,
0) != 0) {
LM_ERR("Error adding listen ipsec server UDP
interface for IPv4\n");
return -1;
}
Cheers,
Henning
--
Henning Westerholt –https://skalatan.de/blog/
Kamailio services –https://gilawa.com
From: sr-users <sr-users-bounces(a)lists.kamailio.org>On Behalf Of H Yavari
Sent: Thursday, May 20, 2021 3:01 AM
To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>
Subject: [SR-Users] IMS IPSec does use UDP socket?
Hi to all,
I am interested in the implementation of IPsec module. When I run Kamailio, it is creating
processes based on the below formulate:
UDP children * IPSEC_MAX_CONN * interfaces (v4 and v6) + (TCP+UD) processes for each
interface.
For example:
children = 16
tcp_children=16
IPSEC_MAX_CONN = 25
and two interface : IPv6 and V4
Kamailio process count = (16 * 25 * 2 ) + 16 + 16 = 832
But why IPsec module is listening to UDP not TCP? this is an internal connection?
Thank you.
Regards,
Hossein
1204
days inactive
1216
days old
2 comments
2 participants
participants (2)
-
H Yavari -
Henning Westerholt