From b2c4e8660a9c89d07041271371151779b7ec75f6 Mon Sep 17 00:00:00 2001 From: Alexander Traud Date: Mon, 4 Dec 2017 12:27:02 +0100 Subject: chan_sip: Peers with distinct source ports don't match, regardless of transport. Previously, peers connected via TCP (or TLS) were matched by ignoring their source port. One cannot say anything when protocol:IP:port match, yes (see ). However, when the ports do not match, the peers do not match as well. This change allows two peers connected to an Asterisk server via TCP (or TLS) behind a NAT (= same source IP address) to be differentiated via their port as well. ASTERISK-27457 Reported by: Stephane Chazelas Change-Id: Id190428bf1d931f2dbfd4b293f53ff8f20d98efa --- channels/chan_sip.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/channels/chan_sip.c b/channels/chan_sip.c index a829e2039..72436dfa1 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -34392,10 +34392,9 @@ static int peer_ipcmp_cb_full(void *obj, void *arg, void *data, int flags) } /* We matched the IP, check to see if we need to match by port as well. */ - if ((peer->transports & peer2->transports) & (AST_TRANSPORT_TLS | AST_TRANSPORT_TCP)) { - /* peer matching on port is not possible with TCP/TLS */ - return CMP_MATCH | CMP_STOP; - } else if (ast_test_flag(&peer2->flags[0], SIP_INSECURE_PORT)) { + if (((peer->transports & peer2->transports) & + (AST_TRANSPORT_UDP | AST_TRANSPORT_WS | AST_TRANSPORT_WSS)) && + ast_test_flag(&peer2->flags[0], SIP_INSECURE_PORT)) { /* We are allowing match without port for peers configured that * way in this pass through the peers. */ return ast_test_flag(&peer->flags[0], SIP_INSECURE_PORT) ? -- cgit v1.2.3