ims_ipsec_pcscf: new parameter in ipsec_forward()

- added a new optional parameter in ipsec_forward() to set or not 'send force socket' for request messages. Useful for ipsec and tcp connections. If set to 1 - send requests through existing ipsec tunnel when tcp is used. In combination with tcp_reuse_port=yes.
kamailio · Dec 19, 2019 · 6048a96 · 6048a96
1 parent e99bfd2
commit 6048a96
Show file tree

Hide file tree

Showing 4 changed files with 61 additions and 7 deletions.
diff --git a/src/modules/ims_ipsec_pcscf/cmd.c b/src/modules/ims_ipsec_pcscf/cmd.c
@@ -76,6 +76,8 @@ const int IPSEC_CMD_SUCCESS = 1;
 extern usrloc_api_t ul;
 extern struct tm_binds tmb;
 
+#define IPSEC_SEND_FORCE_SOCKET		0x01 /* if set - set send force socket for request messages */
+
 int bind_ipsec_pcscf(ipsec_pcscf_api_t* api) {
 	if(!api){
 		LM_ERR("invalid parameter value\n");
@@ -658,7 +660,7 @@ int ipsec_create(struct sip_msg* m, udomain_t* d)
 }
 
 
-int ipsec_forward(struct sip_msg* m, udomain_t* d)
+int ipsec_forward(struct sip_msg* m, udomain_t* d, int _cflags)
 {
     struct pcontact_info ci;
     pcontact_t* pcontact = NULL;
@@ -773,6 +775,10 @@ int ipsec_forward(struct sip_msg* m, udomain_t* d)
    // Set destination info
     struct dest_info dst_info;
     dst_info.send_sock = client_sock;
+	if(m->first_line.type == SIP_REQUEST && (_cflags & IPSEC_SEND_FORCE_SOCKET)){
+		dst_info.send_flags.f |= SND_F_FORCE_SOCKET;
+		m->fwd_send_flags.f |= SND_F_FORCE_SOCKET;
+	}
 #ifdef USE_DNS_FAILOVER
     if (!uri2dst(NULL, &dst_info, m, &m->dst_uri, dst_proto)) {
 #else

diff --git a/src/modules/ims_ipsec_pcscf/cmd.h b/src/modules/ims_ipsec_pcscf/cmd.h
@@ -63,7 +63,7 @@ struct sip_msg;
 struct udomain_t;
 
 int ipsec_create(struct sip_msg* m, udomain_t* d);
-int ipsec_forward(struct sip_msg* m, udomain_t* d);
+int ipsec_forward(struct sip_msg* m, udomain_t* d, int _cflags);
 int ipsec_destroy(struct sip_msg* m, udomain_t* d);
 int ipsec_cleanall();
 int ipsec_reconfig();

diff --git a/src/modules/ims_ipsec_pcscf/doc/ims_ipsec_pcscf_admin.xml b/src/modules/ims_ipsec_pcscf/doc/ims_ipsec_pcscf_admin.xml
@@ -209,7 +209,7 @@ ipsec_create("location");
     </section>
 
     <section>
-      <title><function moreinfo="none">ipsec_forward(domain)</function></title>
+      <title><function moreinfo="none">ipsec_forward(domain, flags)</function></title>
       <para>The function processes redirects outgoing message via the IPSec tunnel
       initiated with ipsec_create().</para>
 		  <para>Meaning of the parameters is as follows:</para>
@@ -220,14 +220,19 @@ ipsec_create("location");
           If a database is used then this must be name of the table which
           stores the contacts.
           </para>
+          <para>
+          <emphasis>flags</emphasis> - Set send force socket for request messages.
+          If 1 - set force socket for request messages. Useful for ipsec and TCP.
+          An optional parameter. Default value - 0.
+          </para>
         </listitem>
       </itemizedlist>
       <example>
         <title>ipsec_forward</title>
 
         <programlisting format="linespecific">
 ...
-ipsec_forward("location");
+ipsec_forward("location"); or ipsec_forward("location", "1");
 ...
         </programlisting>
       </example>

diff --git a/src/modules/ims_ipsec_pcscf/ims_ipsec_pcscf_mod.c b/src/modules/ims_ipsec_pcscf/ims_ipsec_pcscf_mod.c
@@ -57,6 +57,7 @@ static int w_destroy(struct sip_msg* _m, char* _d, char* _cflags);
 /*! \brief Fixup functions */
 static int domain_fixup(void** param, int param_no);
 static int save_fixup2(void** param, int param_no);
+static int free_uint_fixup(void** param, int param_no);
 
 extern int bind_ipsec_pcscf(usrloc_api_t* api);
 
@@ -68,8 +69,9 @@ int init_flag = 0;
 static cmd_export_t cmds[] = {
 	{"ipsec_create",  (cmd_function)w_create,  1, save_fixup2, 0, ONREPLY_ROUTE },
 	{"ipsec_forward", (cmd_function)w_forward, 1, save_fixup2, 0, REQUEST_ROUTE | ONREPLY_ROUTE },
+	{"ipsec_forward", (cmd_function)w_forward, 2, save_fixup2, free_uint_fixup, REQUEST_ROUTE | ONREPLY_ROUTE },
 	{"ipsec_destroy", (cmd_function)w_destroy, 1, save_fixup2, 0, REQUEST_ROUTE | ONREPLY_ROUTE },
-    {"bind_ims_ipsec_pcscf", (cmd_function)bind_ipsec_pcscf, 1, 0, 0, 0},
+	{"bind_ims_ipsec_pcscf", (cmd_function)bind_ipsec_pcscf, 1, 0, 0, 0},
 	{0, 0, 0, 0, 0, 0}
 };
 
@@ -330,15 +332,53 @@ static int domain_fixup(void** param, int param_no)
 	return 0;
 }
 
+static int unit_fixup(void** param, int param_no)
+{
+	str s;
+	unsigned int* num;
+
+	if(*param){
+		num = (unsigned int*)pkg_malloc(sizeof(unsigned int));
+		*num = 0;
+
+		s.s = *param;
+		s.len = strlen(s.s);
+
+		if (likely(str2int(&s, num) == 0)) {
+			*param = (void*)(long)num;
+		}else{
+			LM_ERR("failed to convert to int\n");
+			pkg_free(num);
+			return E_UNSPEC;
+		}
+	}else{
+		return E_UNSPEC;
+	}
+
+	return 0;
+}
+
+static int free_uint_fixup(void** param, int param_no)
+{
+	if(*param && param_no == 2){
+		pkg_free(*param);
+		*param = 0;
+	}
+	return 0;
+}
+
 /*! \brief
  * Fixup for "save" function - both domain and flags
  */
 static int save_fixup2(void** param, int param_no)
 {
 	if (param_no == 1) {
 		return domain_fixup(param,param_no);
+	}else if(param_no == 2){
+		return unit_fixup(param, param_no);
 	}
-        return 0;
+
+	return 0;
 }
 
 
@@ -352,7 +392,10 @@ static int w_create(struct sip_msg* _m, char* _d, char* _cflags)
 
 static int w_forward(struct sip_msg* _m, char* _d, char* _cflags)
 {
-	return ipsec_forward(_m, (udomain_t*)_d);
+	if(_cflags){
+		return ipsec_forward(_m, (udomain_t*)_d, ((int)(*_cflags)));
+	}
+	return ipsec_forward(_m, (udomain_t*)_d, 0);
 }
 
 static int w_destroy(struct sip_msg* _m, char* _d, char* _cflags)