[asterisk-bugs] [JIRA] (ASTERISK-29359) res_pjsip: Allow to define a transport without listener

Michael Maier (JIRA) noreply at issues.asterisk.org
Fri Apr 30 01:30:09 CDT 2021 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-29359?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=254760#comment-254760 ] 

Michael Maier commented on ASTERISK-29359:
------------------------------------------

Well, the attached proposal doesn't really solve the problem - it just creates another random port for the listener. Therefore it's unrewarding. But I could prove, that a upstream trunk to an VoIP ISP doesn't need a listener at all, as all incoming and outgoing Requests to and from the ISP went through the connection opened by asterisk, which doesn't use the listener port at all. Additionally added portfilter policy prevented connects to this random listener anyway.

Therefore I looked around and found a solution, which really prevents creation of a listener: pjsip knows the compile time option [PJSIP_TLS_TRANSPORT_DONT_CREATE_LISTENER|https://pjsip.org/pjsip/docs/html/group__PJSIP__TRANSPORT__TLS.htm] or [PJSIP_TCP_TRANSPORT_DONT_CREATE_LISTENER|https://pjsip.org/pjsip/docs/html/group__PJSIP__TRANSPORT__TCP.htm] in conjunction with pjsip_tls_transport_lis_start() / pjsip_tcp_transport_lis_start(). If you're building now asterisk / pjsip using this compile time option and an additional added new nobind option to transport configuration, you really get client only transports w/o any listener.
As you don't like to have code I won't provide any proposal. If anyone is interested in the code - just drop me a mail.

> res_pjsip: Allow to define a transport without listener
> -------------------------------------------------------
>
>                 Key: ASTERISK-29359
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29359
>             Project: Asterisk
>          Issue Type: Improvement
>      Security Level: None
>          Components: Resources/res_pjsip
>    Affects Versions: 18.0.0
>            Reporter: Michael Maier
>            Assignee: Unassigned
>         Attachments: allow-port-0.diff.gz
>
>
> res_pjsip/config_transport.c:
> The pjsip architecture uses so called transports as the interface of each configured device, which provides the network connection for a device. Therefore Asterisk provides a interface to create this transport. At the moment, it is impossible to create a transport without a listener added (even the flow transport can't be used without an arbitrary existing transport containing the correct listener (sip / sips)). 
> Attached is a proposal, which enables Asterisk to configure transports without forcibly adding a listener. This is handy if you don't need a listener at all (and therefore increases security) - e.g. for a trunk device, which registers itself to a SIP provider and which is and should be never connected from outside. Pjsip itself supports this operation by adding port 0 to this transport.
> This proposal is tested on base of ASTERISK-29241.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list