Multiple transport listeners patch

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

I sent this message a few months ago, but got no reply :-(

Could you please take a look ?

Thanks
Adrien


----- Mail original ----- 

De: "Adrien B?raud" <adrien.beraud at savoirfairelinux.com> 
?: pjsip at lists.pjsip.org 
Envoy?: Samedi 25 Octobre 2014 18:02:52 
Objet: Multiple transport listeners patch 

Hello, 

We noticed PJSIP only supports a single transport listener (tpfactory) by transport type. 
For instance, only a single TLS listener can be created for a given PJSIP endpoint (or two with IPv4 + IPv6). 

This issue was reported multiple times over the years 
(e.g https://trac.pjsip.org/repos/ticket/1019 https://trac.pjsip.org/repos/ticket/1083 etc.) 

TLS was not heavily used before, but since last years it's kind of a big priority for many to be able to setup secure communications. 
UDP is not affected because it's connectionless, so there is no "listener". 

We looked at the sip_transport code and the fix was so simple that it looked too good to be true. Maybe it is ? 

The patch is bellow, so please take a look and merge if you think it's good. 
For security reasons, the patch forces providing an explicit listener to create a new TLS / encrypted transport, to avoid data being encrypted with the wrong keys if the listener/factory was selected automatically.

Cheers, 

Adrien B?raud, 
SFLphone developper ( sflphone.org ) 
Savoir-faire Linux Inc. 


diff --git a/pjproject/pjsip/src/pjsip/sip_transport.c b/pjproject_new/pjsip/src/pjsip/sip_transport.c
index 4b2cc1a..22e3603 100644
--- a/pjsip/src/pjsip/sip_transport.c
+++ b/pjsip/src/pjsip/sip_transport.c
@@ -1179,22 +1179,22 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_register_tpfactory( pjsip_tpmgr *mgr,
 
     pj_lock_acquire(mgr->lock);
 
-    /* Check that no factory with the same type has been registered. */
+    /* Check that no factory with the same type and bound address has been registered. */
     status = PJ_SUCCESS;
     for (p=mgr->factory_list.next; p!=&mgr->factory_list; p=p->next) {
-        if (p->type == tpf->type) {
-            status = PJSIP_ETYPEEXISTS;
-            break;
-        }
-        if (p == tpf) {
-            status = PJ_EEXISTS;
-            break;
-        }
+        if (p->type == tpf->type && !pj_sockaddr_cmp(&tpf->local_addr, &p->local_addr)) {
+            status = PJSIP_ETYPEEXISTS;
+            break;
+        }
+        if (p == tpf) {
+            status = PJ_EEXISTS;
+            break;
+        }
     }
 
     if (status != PJ_SUCCESS) {
-        pj_lock_release(mgr->lock);
-        return status;
+        pj_lock_release(mgr->lock);
+        return status;
     }
 
     pj_list_insert_before(&mgr->factory_list, tpf);
@@ -1909,13 +1909,11 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr,
         pj_memcpy(&key.rem_addr, remote, addr_len);
 
         transport = (pjsip_transport*)
-                    pj_hash_get(mgr->table, &key, key_len, NULL);
-
+    pj_hash_get(mgr->table, &key, key_len, NULL);
+    unsigned flag = pjsip_transport_get_flag_from_type(type);
         if (transport == NULL) {
-            unsigned flag = pjsip_transport_get_flag_from_type(type);
             const pj_sockaddr *remote_addr = (const pj_sockaddr*)remote;
 
-
             /* Ignore address for loop transports. */
             if (type == PJSIP_TRANSPORT_LOOP ||
                      type == PJSIP_TRANSPORT_LOOP_DGRAM)
@@ -1954,6 +1952,11 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr,
             return PJ_SUCCESS;
         }
 
+    if (flag & PJSIP_TRANSPORT_SECURE) {
+        TRACE_((THIS_FILE, "Can't create new TLS transport with no provided suitable TLS listener."));
+        return PJSIP_ETPNOTSUITABLE;
+    }
+
         /*
          * Transport not found!
          * Find factory that can create such transport.



[Index of Archives]     [Asterisk Users]     [Asterisk App Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [Linux API]
  Powered by Linux