[pjsip] Multiple transport listeners patch

Adrien Béraud

2015-01-15 19:16:14 UTC

Hello,

I sent this message a few months ago, but got no reply :-(

Could you please take a look ?

Thanks
Adrien

----- Mail original -----

De: "Adrien Béraud" <***@savoirfairelinux.com>
À: ***@lists.pjsip.org
Envoyé: Samedi 25 Octobre 2014 18:02:52
Objet: Multiple transport listeners patch

Hello,

We noticed PJSIP only supports a single transport listener (tpfactory) by transport type.
For instance, only a single TLS listener can be created for a given PJSIP endpoint (or two with IPv4 + IPv6).

This issue was reported multiple times over the years
(e.g https://trac.pjsip.org/repos/ticket/1019 https://trac.pjsip.org/repos/ticket/1083 etc.)

TLS was not heavily used before, but since last years it's kind of a big priority for many to be able to setup secure communications.
UDP is not affected because it's connectionless, so there is no "listener".

We looked at the sip_transport code and the fix was so simple that it looked too good to be true. Maybe it is ?

The patch is bellow, so please take a look and merge if you think it's good.
For security reasons, the patch forces providing an explicit listener to create a new TLS / encrypted transport, to avoid data being encrypted with the wrong keys if the listener/factory was selected automatically.

Cheers,

Adrien Béraud,
SFLphone developper ( sflphone.org )
Savoir-faire Linux Inc.

diff --git a/pjproject/pjsip/src/pjsip/sip_transport.c b/pjproject_new/pjsip/src/pjsip/sip_transport.c
index 4b2cc1a..22e3603 100644
--- a/pjsip/src/pjsip/sip_transport.c
+++ b/pjsip/src/pjsip/sip_transport.c
@@ -1179,22 +1179,22 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_register_tpfactory( pjsip_tpmgr *mgr,

pj_lock_acquire(mgr->lock);

- /* Check that no factory with the same type has been registered. */
+ /* Check that no factory with the same type and bound address has been registered. */
status = PJ_SUCCESS;
for (p=mgr->factory_list.next; p!=&mgr->factory_list; p=p->next) {
- if (p->type == tpf->type) {
- status = PJSIP_ETYPEEXISTS;
- break;
- }
- if (p == tpf) {
- status = PJ_EEXISTS;
- break;
- }
+ if (p->type == tpf->type && !pj_sockaddr_cmp(&tpf->local_addr, &p->local_addr)) {
+ status = PJSIP_ETYPEEXISTS;
+ break;
+ }
+ if (p == tpf) {
+ status = PJ_EEXISTS;
+ break;
+ }
}

if (status != PJ_SUCCESS) {
- pj_lock_release(mgr->lock);
- return status;
+ pj_lock_release(mgr->lock);
+ return status;
}

pj_list_insert_before(&mgr->factory_list, tpf);
@@ -1909,13 +1909,11 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr,
pj_memcpy(&key.rem_addr, remote, addr_len);

transport = (pjsip_transport*)
- pj_hash_get(mgr->table, &key, key_len, NULL);
-
+ pj_hash_get(mgr->table, &key, key_len, NULL);
+ unsigned flag = pjsip_transport_get_flag_from_type(type);
if (transport == NULL) {
- unsigned flag = pjsip_transport_get_flag_from_type(type);
const pj_sockaddr *remote_addr = (const pj_sockaddr*)remote;

-
/* Ignore address for loop transports. */
if (type == PJSIP_TRANSPORT_LOOP ||
type == PJSIP_TRANSPORT_LOOP_DGRAM)
@@ -1954,6 +1952,11 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr,
return PJ_SUCCESS;
}

+ if (flag & PJSIP_TRANSPORT_SECURE) {
+ TRACE_((THIS_FILE, "Can't create new TLS transport with no provided suitable TLS listener."));
+ return PJSIP_ETPNOTSUITABLE;
+ }
+
/*
* Transport not found!
* Find factory that can create such transport.

_______________________________________________
Visit our blog: http://blog.pjsip.org

pjsip mailing list
***@lists.pjsip.org
http://lists.pjsip.org/mailman/listinfo/pj