ims_ipsec_pcscf: support for multiple TCP connections

- spi list : fixed a bug with infinity loop. - port generator: added port generator based on SPI list. The port generator is used to generate free Client and Server ports for IPSEC UDP/TCP connections. - Added a method for parsing of the security parameters. Used for Re-registration process. - Remove SA/Policy: Fixed the methods for removing SA/Policy. Now created SA/Policy are removed properly based on their IPs, Ports, SPIs. - Added a configurable parameter for IPSEC maximum connections. It's necessary because all listen sockets should be initialized in mod_init(). - Changes in ipsec_create(): Register user callback only for initial Registration. For Re-registration through IPSEC, it's not needed to register a user callback for contact expire/delete. - Set search flag for contact depending of msg type - Request or Reply. - Added description of a new parameter used for the IPSec connections - ipsec_max_connections.
kamailio · Jul 4, 2019 · 3203c53 · 3203c53
1 parent f7f3222
commit 3203c53
Show file tree

Hide file tree

Showing 13 changed files with 992 additions and 220 deletions.
diff --git a/src/modules/ims_ipsec_pcscf/cmd.c b/src/modules/ims_ipsec_pcscf/cmd.c
diff --git a/src/modules/ims_ipsec_pcscf/cmd.h b/src/modules/ims_ipsec_pcscf/cmd.h
@@ -3,6 +3,7 @@
  *
  * Copyright (C) 2012 Smile Communications, jason.penton@smilecoms.com
  * Copyright (C) 2012 Smile Communications, richard.good@smilecoms.com
+
  *
  * The initial version of this code was written by Dragos Vingarzan
  * (dragos(dot)vingarzan(at)fokus(dot)fraunhofer(dot)de and the
@@ -46,12 +47,23 @@
 #ifndef IPSEC_CMD_H
 #define IPSEC_CMD_H
 
+typedef void (*contact_expired_t)(pcontact_t* c, int type, void* param);
+
+/*! ipsec pcscf API export structure */
+typedef struct ipsec_pcscf_api {
+    contact_expired_t ipsec_on_expire;
+} ipsec_pcscf_api_t;
+
+/*! ipsec pcscf API export bind function */
+typedef int (*bind_ipsec_pcscf_t)(ipsec_pcscf_api_t* api);
+
 struct sip_msg;
 struct udomain_t;
 
 int ipsec_create(struct sip_msg* m, udomain_t* d);
 int ipsec_forward(struct sip_msg* m, udomain_t* d);
 int ipsec_destroy(struct sip_msg* m, udomain_t* d);
 int ipsec_cleanall();
+void ipsec_on_expire(pcontact_t* c, int type, void* param);
 
 #endif /* IPSEC_CMD_H */
diff --git a/src/modules/ims_ipsec_pcscf/doc/ims_ipsec_pcscf_admin.xml b/src/modules/ims_ipsec_pcscf/doc/ims_ipsec_pcscf_admin.xml
@@ -82,9 +82,9 @@ modparam("ims_ipsec_pcscf", "ipsec_listen_addr6", "")
     <section>
       <title><varname>ipsec_client_port</varname> (int)</title>
 
-      <para>Port number which will be bound for incoming (server) IPSec traffic.</para>
+      <para>Start port number which will be bound for incoming (server) IPSec traffic.</para>
 
-      <para><emphasis>Default value is 5963.</emphasis></para>
+      <para><emphasis>Default value is 5062.</emphasis></para>
 
       <example>
         <title><varname>ipsec_client_port</varname> parameter usage</title>
@@ -100,7 +100,7 @@ modparam("ims_ipsec_pcscf", "ipsec_client_port", 5062)
     <section>
       <title><varname>ipsec_server_port</varname> (int)</title>
 
-      <para>Port number which will be bound for incoming (server) IPSec traffic.</para>
+      <para>Start port number which will be bound for incoming (server) IPSec traffic.</para>
 
       <para><emphasis>Default value is 5063.</emphasis></para>
 
@@ -115,6 +115,26 @@ modparam("ims_ipsec_pcscf", "ipsec_server_port", 5063)
       </example>
     </section>
 
+    <section>
+      <title><varname>ipsec_max_connections</varname> (int)</title>
+
+      <para>Maximum IPSec connections for the process. E.g. if ipsec_client_port=5100, ipsec_server_port=6100 and
+      ipsec_max_connections=10, all client ports between 5100 and 5109 and all server ports between 6100 and 6109
+      will be used for maximum to 10 IPSec connections.</para>
+
+      <para><emphasis>Default value is 2.</emphasis></para>
+
+      <example>
+        <title><varname>ipsec_max_connections</varname> parameter usage</title>
+
+        <programlisting format="linespecific">
+...
+modparam("ims_ipsec_pcscf", "ipsec_max_connections", 10)
+...
+        </programlisting>
+      </example>
+    </section>
+
     <section>
       <title><varname>ipsec_spi_id_start</varname> (int)</title>
 
@@ -227,7 +247,7 @@ ipsec_forward("location");
         </listitem>
 		  </itemizedlist>
       <example>
-        <title>ipsec_forward</title>
+        <title>ipsec_destroy</title>
 
         <programlisting format="linespecific">
 ...